+ SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_rejects_npn,
+ NULL);
+ }
+#endif
+
+ if (serverinfo_sct) {
+ if (!SSL_CTX_add_client_custom_ext(c_ctx,
+ TLSEXT_TYPE_signed_certificate_timestamp,
+ NULL, NULL, NULL,
+ serverinfo_cli_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Error adding SCT extension\n");
+ goto end;
+ }
+ }
+ if (serverinfo_tack) {
+ if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
+ NULL, NULL, NULL,
+ serverinfo_cli_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Error adding TACK extension\n");
+ goto end;
+ }
+ }
+ if (serverinfo_file)
+ if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
+ !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
+ BIO_printf(bio_err, "missing serverinfo file\n");
+ goto end;
+ }
+
+ if (custom_ext) {
+ if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
+ custom_ext_0_cli_add_cb,
+ NULL, NULL,
+ custom_ext_0_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_1_cli_add_cb,
+ NULL, NULL,
+ custom_ext_1_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_2_cli_add_cb,
+ NULL, NULL,
+ custom_ext_2_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_3_cli_add_cb,
+ NULL, NULL,
+ custom_ext_3_cli_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
+ custom_ext_0_srv_add_cb,
+ NULL, NULL,
+ custom_ext_0_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
+ custom_ext_0_srv_add_cb,
+ NULL, NULL,
+ custom_ext_0_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_1_srv_add_cb,
+ NULL, NULL,
+ custom_ext_1_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
+ custom_ext_1_srv_add_cb,
+ NULL, NULL,
+ custom_ext_1_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_2_srv_add_cb,
+ NULL, NULL,
+ custom_ext_2_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
+ custom_ext_2_srv_add_cb,
+ NULL, NULL,
+ custom_ext_2_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_3_srv_add_cb,
+ NULL, NULL,
+ custom_ext_3_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
+ custom_ext_3_srv_add_cb,
+ NULL, NULL,
+ custom_ext_3_srv_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Error setting custom extensions\n");
+ goto end;
+ }
+ }
+
+ if (alpn_server)
+ SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
+ if (alpn_server2)
+ SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
+
+ if (alpn_client) {
+ size_t alpn_len;
+ unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
+
+ if (alpn == NULL) {
+ BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
+ goto end;
+ }
+ /* Returns 0 on success!! */
+ if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
+ BIO_printf(bio_err, "Error setting ALPN\n");
+ OPENSSL_free(alpn);
+ goto end;
+ }
+ OPENSSL_free(alpn);
+ }
+
+ if (sn_server1 != NULL || sn_server2 != NULL)
+ SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
+
+ c_ssl = SSL_new(c_ctx);
+ s_ssl = SSL_new(s_ctx);
+
+ if (sn_client)
+ SSL_set_tlsext_host_name(c_ssl, sn_client);
+
+ if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
+ goto end;
+
+ BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
+ for (i = 0; i < number; i++) {
+ if (!reuse) {
+ if (!SSL_set_session(c_ssl, NULL)) {
+ BIO_printf(bio_err, "Failed to set session\n");
+ goto end;
+ }
+ }
+ switch (bio_type) {
+ case BIO_MEM:
+ ret = doit(s_ssl, c_ssl, bytes);
+ break;
+ case BIO_PAIR:
+ ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
+ break;
+ case BIO_IPV4:
+ ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
+ bytes, &s_time, &c_time);
+ break;
+ case BIO_IPV6:
+ ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
+ bytes, &s_time, &c_time);
+ break;
+ }
+ if (ret) break;