int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
clock_t *c_time);
int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
-static int do_test_cipherlist(void);
static void sv_usage(void)
{
fprintf(stderr,
" -time - measure processor time used by client and server\n");
fprintf(stderr, " -zlib - use zlib compression\n");
- fprintf(stderr,
- " -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
- " When this option is requested, the cipherlist\n"
- " tests are run instead of handshake tests.\n");
#ifndef OPENSSL_NO_NEXTPROTONEG
fprintf(stderr, " -npn_client - have client side offer NPN\n");
fprintf(stderr, " -npn_server - have server side offer NPN\n");
COMP_METHOD *cm = NULL;
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
#endif
- int test_cipherlist = 0;
#ifdef OPENSSL_FIPS
int fips_mode = 0;
#endif
app_verify_arg.app_verify = 1;
} else if (strcmp(*argv, "-proxy") == 0) {
app_verify_arg.allow_proxy_certs = 1;
- } else if (strcmp(*argv, "-test_cipherlist") == 0) {
- test_cipherlist = 1;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
- else if (strcmp(*argv, "-npn_client") == 0) {
+ else if (strcmp(*argv, "-npn_client") == 0) {
npn_client = 1;
} else if (strcmp(*argv, "-npn_server") == 0) {
npn_server = 1;
goto end;
}
- /*
- * test_cipherlist prevails over protocol switch: we test the cipherlist
- * for all enabled protocols.
- */
- if (test_cipherlist == 1) {
- /*
- * ensure that the cipher list are correctly sorted and exit
- */
- fprintf(stdout, "Testing cipherlist order only. Ignoring all "
- "other options.\n");
- if (do_test_cipherlist() == 0)
- EXIT(1);
- ret = 0;
- goto end;
- }
-
if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
"be requested.\n");
{
char *s, buf[256];
- s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
- sizeof buf);
+ s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
+ buf, sizeof buf);
if (s != NULL) {
if (ok)
- printf("depth=%d %s\n", ctx->error_depth, buf);
+ printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
else {
fprintf(stderr, "depth=%d error=%d %s\n",
- ctx->error_depth, ctx->error, buf);
+ X509_STORE_CTX_get_error_depth(ctx),
+ X509_STORE_CTX_get_error(ctx), buf);
}
}
if (ok == 0) {
- switch (ctx->error) {
+ int i = X509_STORE_CTX_get_error(ctx);
+
+ switch (i) {
default:
fprintf(stderr, "Error string: %s\n",
- X509_verify_cert_error_string(ctx->error));
+ X509_verify_cert_error_string(i));
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
ok = 1;
+ break;
}
}
if (ok == 1) {
- X509 *xs = ctx->current_cert;
+ X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
get_proxy_auth_ex_data_idx
if (cb_arg->app_verify) {
char *s = NULL, buf[256];
+ X509 *c = X509_STORE_CTX_get0_cert(ctx);
printf("In app_verify_callback, allowing cert. ");
printf("Arg is: %s\n", cb_arg->string);
printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
- (void *)ctx, (void *)ctx->cert);
- if (ctx->cert)
- s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
+ (void *)ctx, (void *)c);
+ if (c)
+ s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
if (s != NULL) {
- printf("cert depth=%d %s\n", ctx->error_depth, buf);
+ printf("cert depth=%d %s\n",
+ X509_STORE_CTX_get_error_depth(ctx), buf);
}
return (1);
}
return psk_len;
}
#endif
-
-static int do_test_cipherlist(void)
-{
-#ifndef OPENSSL_NO_TLS
- int i = 0;
- const SSL_METHOD *meth;
- const SSL_CIPHER *ci, *tci = NULL;
-
- /*
- * This is required because ssltest "cheats" and uses internal headers to
- * call functions, thus avoiding auto-init
- */
- OPENSSL_init_crypto(0, NULL);
- OPENSSL_init_ssl(0, NULL);
-
- meth = TLS_method();
- tci = NULL;
- while ((ci = meth->get_cipher(i++)) != NULL) {
- if (tci != NULL)
- if (ci->id >= tci->id) {
- fprintf(stderr, "testing SSLv3 cipher list order: ");
- fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
- return 0;
- }
- tci = ci;
- }
-#endif
-
- return 1;
-}
projects / openssl.git / blobdiff