diff options
| author | jsing <> | 2017-08-12 21:04:33 +0000 |
|---|---|---|
| committer | jsing <> | 2017-08-12 21:04:33 +0000 |
| commit | 5378b10f3fbd644d16966a5c43da9325d98d8c64 (patch) | |
| tree | e7e569fbc06330207e7d1e07039bce149208989a /src/usr.bin/openssl/s_client.c | |
| parent | 2933ce973ab8f64db8a4d2b31603d9b007df1d25 (diff) | |
| download | openbsd-5378b10f3fbd644d16966a5c43da9325d98d8c64.tar.gz openbsd-5378b10f3fbd644d16966a5c43da9325d98d8c64.tar.bz2 openbsd-5378b10f3fbd644d16966a5c43da9325d98d8c64.zip | |
Remove NPN support - the -nextprotoneg options now become no-ops.
ok bcook@ beck@ doug@
Diffstat (limited to '')
| -rw-r--r-- | src/usr.bin/openssl/s_client.c | 61 |
1 files changed, 4 insertions, 57 deletions
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index aa1c5764bd..f81d1a61bb 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_client.c,v 1.32 2017/04/18 02:15:50 deraadt Exp $ */ | 1 | /* $OpenBSD: s_client.c,v 1.33 2017/08/12 21:04:33 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -243,7 +243,6 @@ sc_usage(void) | |||
| 243 | BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); | 243 | BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
| 244 | BIO_printf(bio_err, " -status - request certificate status from server\n"); | 244 | BIO_printf(bio_err, " -status - request certificate status from server\n"); |
| 245 | BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); | 245 | BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
| 246 | BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); | ||
| 247 | BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); | 246 | BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); |
| 248 | BIO_printf(bio_err, " -groups arg - specify EC curve groups (colon-separated list)\n"); | 247 | BIO_printf(bio_err, " -groups arg - specify EC curve groups (colon-separated list)\n"); |
| 249 | #ifndef OPENSSL_NO_SRTP | 248 | #ifndef OPENSSL_NO_SRTP |
| @@ -278,36 +277,6 @@ ssl_servername_cb(SSL * s, int *ad, void *arg) | |||
| 278 | char *srtp_profiles = NULL; | 277 | char *srtp_profiles = NULL; |
| 279 | #endif | 278 | #endif |
| 280 | 279 | ||
| 281 | /* This the context that we pass to next_proto_cb */ | ||
| 282 | typedef struct tlsextnextprotoctx_st { | ||
| 283 | unsigned char *data; | ||
| 284 | unsigned short len; | ||
| 285 | int status; | ||
| 286 | } tlsextnextprotoctx; | ||
| 287 | |||
| 288 | static tlsextnextprotoctx next_proto; | ||
| 289 | |||
| 290 | static int | ||
| 291 | next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) | ||
| 292 | { | ||
| 293 | tlsextnextprotoctx *ctx = arg; | ||
| 294 | |||
| 295 | if (!c_quiet) { | ||
| 296 | /* We can assume that |in| is syntactically valid. */ | ||
| 297 | unsigned i; | ||
| 298 | BIO_printf(bio_c_out, "Protocols advertised by server: "); | ||
| 299 | for (i = 0; i < inlen;) { | ||
| 300 | if (i) | ||
| 301 | BIO_write(bio_c_out, ", ", 2); | ||
| 302 | BIO_write(bio_c_out, &in[i + 1], in[i]); | ||
| 303 | i += in[i] + 1; | ||
| 304 | } | ||
| 305 | BIO_write(bio_c_out, "\n", 1); | ||
| 306 | } | ||
| 307 | ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); | ||
| 308 | return SSL_TLSEXT_ERR_OK; | ||
| 309 | } | ||
| 310 | |||
| 311 | enum { | 280 | enum { |
| 312 | PROTO_OFF = 0, | 281 | PROTO_OFF = 0, |
| 313 | PROTO_SMTP, | 282 | PROTO_SMTP, |
| @@ -354,9 +323,7 @@ s_client_main(int argc, char **argv) | |||
| 354 | struct timeval timeout; | 323 | struct timeval timeout; |
| 355 | const char *errstr = NULL; | 324 | const char *errstr = NULL; |
| 356 | char *servername = NULL; | 325 | char *servername = NULL; |
| 357 | tlsextctx tlsextcbp = | 326 | tlsextctx tlsextcbp = {NULL, 0}; |
| 358 | {NULL, 0}; | ||
| 359 | const char *next_proto_neg_in = NULL; | ||
| 360 | const char *alpn_in = NULL; | 327 | const char *alpn_in = NULL; |
| 361 | const char *groups_in = NULL; | 328 | const char *groups_in = NULL; |
| 362 | char *sess_in = NULL; | 329 | char *sess_in = NULL; |
| @@ -532,9 +499,10 @@ s_client_main(int argc, char **argv) | |||
| 532 | } else if (strcmp(*argv, "-no_ticket") == 0) { | 499 | } else if (strcmp(*argv, "-no_ticket") == 0) { |
| 533 | off |= SSL_OP_NO_TICKET; | 500 | off |= SSL_OP_NO_TICKET; |
| 534 | } else if (strcmp(*argv, "-nextprotoneg") == 0) { | 501 | } else if (strcmp(*argv, "-nextprotoneg") == 0) { |
| 502 | /* Ignored. */ | ||
| 535 | if (--argc < 1) | 503 | if (--argc < 1) |
| 536 | goto bad; | 504 | goto bad; |
| 537 | next_proto_neg_in = *(++argv); | 505 | ++argv; |
| 538 | } else if (strcmp(*argv, "-alpn") == 0) { | 506 | } else if (strcmp(*argv, "-alpn") == 0) { |
| 539 | if (--argc < 1) | 507 | if (--argc < 1) |
| 540 | goto bad; | 508 | goto bad; |
| @@ -633,16 +601,6 @@ bad: | |||
| 633 | goto end; | 601 | goto end; |
| 634 | } | 602 | } |
| 635 | 603 | ||
| 636 | next_proto.status = -1; | ||
| 637 | if (next_proto_neg_in) { | ||
| 638 | next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in); | ||
| 639 | if (next_proto.data == NULL) { | ||
| 640 | BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); | ||
| 641 | goto end; | ||
| 642 | } | ||
| 643 | } else | ||
| 644 | next_proto.data = NULL; | ||
| 645 | |||
| 646 | if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { | 604 | if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { |
| 647 | BIO_printf(bio_err, "Error getting password\n"); | 605 | BIO_printf(bio_err, "Error getting password\n"); |
| 648 | goto end; | 606 | goto end; |
| @@ -704,8 +662,6 @@ bad: | |||
| 704 | if (socket_type == SOCK_DGRAM) | 662 | if (socket_type == SOCK_DGRAM) |
| 705 | SSL_CTX_set_read_ahead(ctx, 1); | 663 | SSL_CTX_set_read_ahead(ctx, 1); |
| 706 | 664 | ||
| 707 | if (next_proto.data) | ||
| 708 | SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); | ||
| 709 | if (alpn_in) { | 665 | if (alpn_in) { |
| 710 | unsigned short alpn_len; | 666 | unsigned short alpn_len; |
| 711 | unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in); | 667 | unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in); |
| @@ -1256,7 +1212,6 @@ end: | |||
| 1256 | print_stuff(bio_c_out, con, 1); | 1212 | print_stuff(bio_c_out, con, 1); |
| 1257 | SSL_free(con); | 1213 | SSL_free(con); |
| 1258 | } | 1214 | } |
| 1259 | free(next_proto.data); | ||
| 1260 | if (ctx != NULL) | 1215 | if (ctx != NULL) |
| 1261 | SSL_CTX_free(ctx); | 1216 | SSL_CTX_free(ctx); |
| 1262 | if (cert) | 1217 | if (cert) |
| @@ -1404,14 +1359,6 @@ print_stuff(BIO * bio, SSL * s, int full) | |||
| 1404 | } | 1359 | } |
| 1405 | #endif | 1360 | #endif |
| 1406 | 1361 | ||
| 1407 | if (next_proto.status != -1) { | ||
| 1408 | const unsigned char *proto; | ||
| 1409 | unsigned int proto_len; | ||
| 1410 | SSL_get0_next_proto_negotiated(s, &proto, &proto_len); | ||
| 1411 | BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); | ||
| 1412 | BIO_write(bio, proto, proto_len); | ||
| 1413 | BIO_write(bio, "\n", 1); | ||
| 1414 | } | ||
| 1415 | { | 1362 | { |
| 1416 | const unsigned char *proto; | 1363 | const unsigned char *proto; |
| 1417 | unsigned int proto_len; | 1364 | unsigned int proto_len; |