#include <openssl/bio.h>
#include <openssl/x509_vfy.h>
#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_SRP
+#include <openssl/srp.h>
+#endif
#include "handshake_helper.h"
#include "testutil.h"
OPENSSL_free(result->server_npn_negotiated);
OPENSSL_free(result->client_alpn_negotiated);
OPENSSL_free(result->server_alpn_negotiated);
+ sk_X509_NAME_pop_free(result->server_ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(result->client_ca_names, X509_NAME_free);
OPENSSL_free(result);
}
size_t npn_protocols_len;
unsigned char *alpn_protocols;
size_t alpn_protocols_len;
+ char *srp_user;
+ char *srp_password;
} CTX_DATA;
/* |ctx_data| itself is stack-allocated. */
ctx_data->npn_protocols = NULL;
OPENSSL_free(ctx_data->alpn_protocols);
ctx_data->alpn_protocols = NULL;
+ OPENSSL_free(ctx_data->srp_user);
+ ctx_data->srp_user = NULL;
+ OPENSSL_free(ctx_data->srp_password);
+ ctx_data->srp_password = NULL;
}
static int ex_data_idx;
*out = tmp_out;
/* Unlike NPN, we don't tolerate a mismatch. */
return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
- : SSL_TLSEXT_ERR_NOACK;
+ : SSL_TLSEXT_ERR_ALERT_FATAL;
+}
+
+#ifndef OPENSSL_NO_SRP
+static char *client_srp_cb(SSL *s, void *arg)
+{
+ CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+ return OPENSSL_strdup(ctx_data->srp_password);
+}
+
+static int server_srp_cb(SSL *s, int *ad, void *arg)
+{
+ CTX_DATA *ctx_data = (CTX_DATA*)(arg);
+ if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0)
+ return SSL3_AL_FATAL;
+ if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user,
+ ctx_data->srp_password,
+ "2048" /* known group */) < 0) {
+ *ad = SSL_AD_INTERNAL_ERROR;
+ return SSL3_AL_FATAL;
+ }
+ return SSL_ERROR_NONE;
}
+#endif /* !OPENSSL_NO_SRP */
/*
* Configure callbacks and other properties that can't be set directly
break;
}
#endif
+#ifndef OPENSSL_NO_SRP
+ if (extra->server.srp_user != NULL) {
+ SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb);
+ server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user);
+ server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password);
+ SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data);
+ }
+ if (extra->server2.srp_user != NULL) {
+ TEST_check(server2_ctx != NULL);
+ SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb);
+ server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user);
+ server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password);
+ SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data);
+ }
+ if (extra->client.srp_user != NULL) {
+ TEST_check(SSL_CTX_set_srp_username(client_ctx, extra->client.srp_user));
+ SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb);
+ client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password);
+ SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data);
+ }
+#endif /* !OPENSSL_NO_SRP */
}
/* Configure per-SSL callbacks and other properties. */
/* API dictates unsigned int rather than size_t. */
unsigned int proto_len = 0;
EVP_PKEY *tmp_key;
+ const STACK_OF(X509_NAME) *names;
memset(&server_ctx_data, 0, sizeof(server_ctx_data));
memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type);
SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type);
+ names = SSL_get0_peer_CA_list(client.ssl);
+ if (names == NULL)
+ ret->client_ca_names = NULL;
+ else
+ ret->client_ca_names = SSL_dup_CA_list(names);
+
+ names = SSL_get0_peer_CA_list(server.ssl);
+ if (names == NULL)
+ ret->server_ca_names = NULL;
+ else
+ ret->server_ca_names = SSL_dup_CA_list(names);
+
ret->server_cert_type = peer_pkey_type(client.ssl);
ret->client_cert_type = peer_pkey_type(server.ssl);
projects / openssl.git / blobdiff