Remove NPN support - the -nextprotoneg options now become no-ops.

ok bcook@ beck@ doug@
author: jsing <> 2017-08-12 21:04:33 +0000
committer: jsing <> 2017-08-12 21:04:33 +0000
commit: 5378b10f3fbd644d16966a5c43da9325d98d8c64 (patch)
tree: e7e569fbc06330207e7d1e07039bce149208989a /src/usr.bin/openssl/s_server.c
parent: 2933ce973ab8f64db8a4d2b31603d9b007df1d25 (diff)
download: openbsd-5378b10f3fbd644d16966a5c43da9325d98d8c64.tar.gz
openbsd-5378b10f3fbd644d16966a5c43da9325d98d8c64.tar.bz2
openbsd-5378b10f3fbd644d16966a5c43da9325d98d8c64.zip
1 files changed, 5 insertions, 47 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 493dc26264..7254109fba 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_server.c,v 1.26 2017/04/18 02:15:50 deraadt Exp $ */
+/* $OpenBSD: s_server.c,v 1.27 2017/08/12 21:04:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -333,7 +333,6 @@ sv_usage(void)
        BIO_printf(bio_err, "                 not specified (default is %s)\n", TEST_CERT2);
        BIO_printf(bio_err, " -tlsextdebug  - hex dump of all TLS extensions received\n");
        BIO_printf(bio_err, " -no_ticket    - disable use of RFC4507bis session tickets\n");
-        BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
        BIO_printf(bio_err," -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
 #ifndef OPENSSL_NO_SRTP
        BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
@@ -509,24 +508,6 @@ err:
        goto done;
 }
-/* This is the context that we pass to next_proto_cb */
-typedef struct tlsextnextprotoctx_st {
-        unsigned char *data;
-        unsigned int len;
-} tlsextnextprotoctx;
-static int
-next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg)
-{
-        tlsextnextprotoctx *next_proto = arg;
-        *data = next_proto->data;
-        *len = next_proto->len;
-        return SSL_TLSEXT_ERR_OK;
-}
 /* This the context that we pass to alpn_cb */
 typedef struct tlsextalpnctx_st {
        unsigned char *data;
@@ -599,8 +580,6 @@ s_server_main(int argc, char *argv[])
        EVP_PKEY *s_key2 = NULL;
        X509 *s_cert2 = NULL;
        tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
-        const char *next_proto_neg_in = NULL;
-        tlsextnextprotoctx next_proto = { NULL, 0 };
        const char *alpn_in = NULL;
        tlsextalpnctx alpn_ctx = { NULL, 0 };
@@ -843,13 +822,12 @@ s_server_main(int argc, char *argv[])
                        if (--argc < 1)
                                goto bad;
                        s_key_file2 = *(++argv);
-                }
+                } else if (strcmp(*argv, "-nextprotoneg") == 0) {
-                else if (strcmp(*argv, "-nextprotoneg") == 0) {
+                        /* Ignored. */
                        if (--argc < 1)
                                goto bad;
-                        next_proto_neg_in = *(++argv);
+                        ++argv;
-                }
+                } else if (strcmp(*argv,"-alpn") == 0) {
-                else if (strcmp(*argv,"-alpn") == 0) {
                        if (--argc < 1)
                                goto bad;
                        alpn_in = *(++argv);
@@ -928,15 +906,6 @@ bad:
                        }
                }
        }
-        if (next_proto_neg_in) {
-                unsigned short len;
-                next_proto.data = next_protos_parse(&len, next_proto_neg_in);
-                if (next_proto.data == NULL)
-                        goto end;
-                next_proto.len = len;
-        } else {
-                next_proto.data = NULL;
-        }
        alpn_ctx.data = NULL;
        if (alpn_in) {
                unsigned short len;
@@ -1083,8 +1052,6 @@ bad:
                if (vpm)
                        SSL_CTX_set1_param(ctx2, vpm);
        }
-        if (next_proto.data)
-                SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
        if (alpn_ctx.data)
                SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
@@ -1255,7 +1222,6 @@ end:
                X509_free(s_cert2);
        if (s_key2)
                EVP_PKEY_free(s_key2);
-        free(next_proto.data);
        free(alpn_ctx.data);
        if (bio_s_out != NULL) {
                BIO_free(bio_s_out);
@@ -1614,8 +1580,6 @@ init_ssl_connection(SSL * con)
        X509 *peer;
        long verify_error;
        char buf[BUFSIZ];
-        const unsigned char *next_proto_neg;
-        unsigned next_proto_neg_len;
        unsigned char *exportedkeymat;
        i = SSL_accept(con);
@@ -1650,12 +1614,6 @@ init_ssl_connection(SSL * con)
        str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
        BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
-        SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
-        if (next_proto_neg) {
-                BIO_printf(bio_s_out, "NEXTPROTO is ");
-                BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
-                BIO_printf(bio_s_out, "\n");
-        }
 #ifndef OPENSSL_NO_SRTP
        {
                SRTP_PROTECTION_PROFILE *srtp_profile
author	jsing <>	2017-08-12 21:04:33 +0000
committer	jsing <>	2017-08-12 21:04:33 +0000
commit	5378b10f3fbd644d16966a5c43da9325d98d8c64 (patch)
tree	e7e569fbc06330207e7d1e07039bce149208989a /src/usr.bin/openssl/s_server.c
parent	2933ce973ab8f64db8a4d2b31603d9b007df1d25 (diff)
download	openbsd-5378b10f3fbd644d16966a5c43da9325d98d8c64.tar.gz openbsd-5378b10f3fbd644d16966a5c43da9325d98d8c64.tar.bz2 openbsd-5378b10f3fbd644d16966a5c43da9325d98d8c64.zip