projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
reject zero length point format list or supported curves extensions
[openssl.git]
/
ssl
/
ssltest.c
diff --git
a/ssl/ssltest.c
b/ssl/ssltest.c
index 977e12b87800d8c46d33a6ec5a8368b435f60b43..faffbca42cd07d5049eac22be6d8196da2362550 100644
(file)
--- a/
ssl/ssltest.c
+++ b/
ssl/ssltest.c
@@
-266,12
+266,6
@@
static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
return BUF_strdup((char *)srp_client_arg->srppassin);
}
return BUF_strdup((char *)srp_client_arg->srppassin);
}
-static char * MS_CALLBACK missing_srp_username_callback(SSL *s, void *arg)
- {
- SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
- return BUF_strdup(srp_client_arg->srplogin);
- }
-
/* SRP server */
/* This is a context that we pass to SRP server callbacks */
typedef struct srp_server_arg_st
/* SRP server */
/* This is a context that we pass to SRP server callbacks */
typedef struct srp_server_arg_st
@@
-395,6
+389,9
@@
static void sv_usage(void)
{
fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n");
{
fprintf(stderr,"usage: ssltest [args ...]\n");
fprintf(stderr,"\n");
+#ifdef OPENSSL_FIPS
+ fprintf(stderr,"-F - run test in FIPS mode\n");
+#endif
fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
fprintf(stderr," -server_auth - check server certificate\n");
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
@@
-614,7
+611,6
@@
int main(int argc, char *argv[])
#endif
#ifndef OPENSSL_NO_SRP
/* client */
#endif
#ifndef OPENSSL_NO_SRP
/* client */
- int srp_lateuser = 0;
SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
/* server */
SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
/* server */
SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
@@
-630,6
+626,9
@@
int main(int argc, char *argv[])
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
#endif
int test_cipherlist = 0;
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
#endif
int test_cipherlist = 0;
+#ifdef OPENSSL_FIPS
+ int fips_mode=0;
+#endif
verbose = 0;
debug = 0;
verbose = 0;
debug = 0;
@@
-661,7
+660,16
@@
int main(int argc, char *argv[])
while (argc >= 1)
{
while (argc >= 1)
{
- if (strcmp(*argv,"-server_auth") == 0)
+ if(!strcmp(*argv,"-F"))
+ {
+#ifdef OPENSSL_FIPS
+ fips_mode=1;
+#else
+ fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
+ EXIT(0);
+#endif
+ }
+ else if (strcmp(*argv,"-server_auth") == 0)
server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1;
server_auth=1;
else if (strcmp(*argv,"-client_auth") == 0)
client_auth=1;
@@
-885,6
+893,20
@@
bad:
EXIT(1);
}
EXIT(1);
}
+#ifdef OPENSSL_FIPS
+ if(fips_mode)
+ {
+ if(!FIPS_mode_set(1))
+ {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+ else
+ fprintf(stderr,"*** IN FIPS MODE ***\n");
+ }
+#endif
+
if (print_time)
{
if (!bio_pair)
if (print_time)
{
if (!bio_pair)
@@
-1118,9
+1140,7
@@
bad:
#ifndef OPENSSL_NO_SRP
if (srp_client_arg.srplogin)
{
#ifndef OPENSSL_NO_SRP
if (srp_client_arg.srplogin)
{
- if (srp_lateuser)
- SSL_CTX_set_srp_missing_srp_username_callback(c_ctx,missing_srp_username_callback);
- else if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
+ if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;
{
BIO_printf(bio_err,"Unable to set SRP username\n");
goto end;