diff options
Diffstat (limited to 'src/lib/libssl/src/apps/s_server.c')
| -rw-r--r-- | src/lib/libssl/src/apps/s_server.c | 63 |
1 files changed, 43 insertions, 20 deletions
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c index 3f9b3704c6..8198d7f065 100644 --- a/src/lib/libssl/src/apps/s_server.c +++ b/src/lib/libssl/src/apps/s_server.c | |||
| @@ -556,7 +556,9 @@ static void sv_usage(void) | |||
| 556 | # ifndef OPENSSL_NO_NEXTPROTONEG | 556 | # ifndef OPENSSL_NO_NEXTPROTONEG |
| 557 | BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); | 557 | BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); |
| 558 | # endif | 558 | # endif |
| 559 | # ifndef OPENSSL_NO_SRTP | ||
| 559 | BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); | 560 | BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
| 561 | # endif | ||
| 560 | #endif | 562 | #endif |
| 561 | BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); | 563 | BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); |
| 562 | BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); | 564 | BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); |
| @@ -923,7 +925,9 @@ static char *jpake_secret = NULL; | |||
| 923 | #ifndef OPENSSL_NO_SRP | 925 | #ifndef OPENSSL_NO_SRP |
| 924 | static srpsrvparm srp_callback_parm; | 926 | static srpsrvparm srp_callback_parm; |
| 925 | #endif | 927 | #endif |
| 928 | #ifndef OPENSSL_NO_SRTP | ||
| 926 | static char *srtp_profiles = NULL; | 929 | static char *srtp_profiles = NULL; |
| 930 | #endif | ||
| 927 | 931 | ||
| 928 | int MAIN(int argc, char *argv[]) | 932 | int MAIN(int argc, char *argv[]) |
| 929 | { | 933 | { |
| @@ -1206,13 +1210,13 @@ int MAIN(int argc, char *argv[]) | |||
| 1206 | { | 1210 | { |
| 1207 | if (--argc < 1) goto bad; | 1211 | if (--argc < 1) goto bad; |
| 1208 | srp_verifier_file = *(++argv); | 1212 | srp_verifier_file = *(++argv); |
| 1209 | meth=TLSv1_server_method(); | 1213 | meth = TLSv1_server_method(); |
| 1210 | } | 1214 | } |
| 1211 | else if (strcmp(*argv, "-srpuserseed") == 0) | 1215 | else if (strcmp(*argv, "-srpuserseed") == 0) |
| 1212 | { | 1216 | { |
| 1213 | if (--argc < 1) goto bad; | 1217 | if (--argc < 1) goto bad; |
| 1214 | srpuserseed = *(++argv); | 1218 | srpuserseed = *(++argv); |
| 1215 | meth=TLSv1_server_method(); | 1219 | meth = TLSv1_server_method(); |
| 1216 | } | 1220 | } |
| 1217 | #endif | 1221 | #endif |
| 1218 | else if (strcmp(*argv,"-www") == 0) | 1222 | else if (strcmp(*argv,"-www") == 0) |
| @@ -1319,11 +1323,13 @@ int MAIN(int argc, char *argv[]) | |||
| 1319 | jpake_secret = *(++argv); | 1323 | jpake_secret = *(++argv); |
| 1320 | } | 1324 | } |
| 1321 | #endif | 1325 | #endif |
| 1326 | #ifndef OPENSSL_NO_SRTP | ||
| 1322 | else if (strcmp(*argv,"-use_srtp") == 0) | 1327 | else if (strcmp(*argv,"-use_srtp") == 0) |
| 1323 | { | 1328 | { |
| 1324 | if (--argc < 1) goto bad; | 1329 | if (--argc < 1) goto bad; |
| 1325 | srtp_profiles = *(++argv); | 1330 | srtp_profiles = *(++argv); |
| 1326 | } | 1331 | } |
| 1332 | #endif | ||
| 1327 | else if (strcmp(*argv,"-keymatexport") == 0) | 1333 | else if (strcmp(*argv,"-keymatexport") == 0) |
| 1328 | { | 1334 | { |
| 1329 | if (--argc < 1) goto bad; | 1335 | if (--argc < 1) goto bad; |
| @@ -1431,25 +1437,24 @@ bad: | |||
| 1431 | goto end; | 1437 | goto end; |
| 1432 | } | 1438 | } |
| 1433 | } | 1439 | } |
| 1434 | |||
| 1435 | # ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 1436 | if (next_proto_neg_in) | ||
| 1437 | { | ||
| 1438 | unsigned short len; | ||
| 1439 | next_proto.data = next_protos_parse(&len, | ||
| 1440 | next_proto_neg_in); | ||
| 1441 | if (next_proto.data == NULL) | ||
| 1442 | goto end; | ||
| 1443 | next_proto.len = len; | ||
| 1444 | } | ||
| 1445 | else | ||
| 1446 | { | ||
| 1447 | next_proto.data = NULL; | ||
| 1448 | } | ||
| 1449 | # endif | ||
| 1450 | #endif | 1440 | #endif |
| 1451 | } | 1441 | } |
| 1452 | 1442 | ||
| 1443 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | ||
| 1444 | if (next_proto_neg_in) | ||
| 1445 | { | ||
| 1446 | unsigned short len; | ||
| 1447 | next_proto.data = next_protos_parse(&len, next_proto_neg_in); | ||
| 1448 | if (next_proto.data == NULL) | ||
| 1449 | goto end; | ||
| 1450 | next_proto.len = len; | ||
| 1451 | } | ||
| 1452 | else | ||
| 1453 | { | ||
| 1454 | next_proto.data = NULL; | ||
| 1455 | } | ||
| 1456 | #endif | ||
| 1457 | |||
| 1453 | 1458 | ||
| 1454 | if (s_dcert_file) | 1459 | if (s_dcert_file) |
| 1455 | { | 1460 | { |
| @@ -1550,8 +1555,10 @@ bad: | |||
| 1550 | else | 1555 | else |
| 1551 | SSL_CTX_sess_set_cache_size(ctx,128); | 1556 | SSL_CTX_sess_set_cache_size(ctx,128); |
| 1552 | 1557 | ||
| 1558 | #ifndef OPENSSL_NO_SRTP | ||
| 1553 | if (srtp_profiles != NULL) | 1559 | if (srtp_profiles != NULL) |
| 1554 | SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); | 1560 | SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); |
| 1561 | #endif | ||
| 1555 | 1562 | ||
| 1556 | #if 0 | 1563 | #if 0 |
| 1557 | if (cipher == NULL) cipher=getenv("SSL_CIPHER"); | 1564 | if (cipher == NULL) cipher=getenv("SSL_CIPHER"); |
| @@ -1730,7 +1737,7 @@ bad: | |||
| 1730 | } | 1737 | } |
| 1731 | #endif | 1738 | #endif |
| 1732 | 1739 | ||
| 1733 | if (!set_cert_key_stuff(ctx,s_cert,s_key)) | 1740 | if (!set_cert_key_stuff(ctx, s_cert, s_key)) |
| 1734 | goto end; | 1741 | goto end; |
| 1735 | #ifndef OPENSSL_NO_TLSEXT | 1742 | #ifndef OPENSSL_NO_TLSEXT |
| 1736 | if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) | 1743 | if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) |
| @@ -1738,7 +1745,7 @@ bad: | |||
| 1738 | #endif | 1745 | #endif |
| 1739 | if (s_dcert != NULL) | 1746 | if (s_dcert != NULL) |
| 1740 | { | 1747 | { |
| 1741 | if (!set_cert_key_stuff(ctx,s_dcert,s_dkey)) | 1748 | if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) |
| 1742 | goto end; | 1749 | goto end; |
| 1743 | } | 1750 | } |
| 1744 | 1751 | ||
| @@ -1893,7 +1900,15 @@ end: | |||
| 1893 | OPENSSL_free(pass); | 1900 | OPENSSL_free(pass); |
| 1894 | if (dpass) | 1901 | if (dpass) |
| 1895 | OPENSSL_free(dpass); | 1902 | OPENSSL_free(dpass); |
| 1903 | if (vpm) | ||
| 1904 | X509_VERIFY_PARAM_free(vpm); | ||
| 1896 | #ifndef OPENSSL_NO_TLSEXT | 1905 | #ifndef OPENSSL_NO_TLSEXT |
| 1906 | if (tlscstatp.host) | ||
| 1907 | OPENSSL_free(tlscstatp.host); | ||
| 1908 | if (tlscstatp.port) | ||
| 1909 | OPENSSL_free(tlscstatp.port); | ||
| 1910 | if (tlscstatp.path) | ||
| 1911 | OPENSSL_free(tlscstatp.path); | ||
| 1897 | if (ctx2 != NULL) SSL_CTX_free(ctx2); | 1912 | if (ctx2 != NULL) SSL_CTX_free(ctx2); |
| 1898 | if (s_cert2) | 1913 | if (s_cert2) |
| 1899 | X509_free(s_cert2); | 1914 | X509_free(s_cert2); |
| @@ -2433,6 +2448,7 @@ static int init_ssl_connection(SSL *con) | |||
| 2433 | BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); | 2448 | BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); |
| 2434 | str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); | 2449 | str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); |
| 2435 | BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); | 2450 | BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); |
| 2451 | |||
| 2436 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | 2452 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 2437 | SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); | 2453 | SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); |
| 2438 | if (next_proto_neg) | 2454 | if (next_proto_neg) |
| @@ -2442,6 +2458,7 @@ static int init_ssl_connection(SSL *con) | |||
| 2442 | BIO_printf(bio_s_out, "\n"); | 2458 | BIO_printf(bio_s_out, "\n"); |
| 2443 | } | 2459 | } |
| 2444 | #endif | 2460 | #endif |
| 2461 | #ifndef OPENSSL_NO_SRTP | ||
| 2445 | { | 2462 | { |
| 2446 | SRTP_PROTECTION_PROFILE *srtp_profile | 2463 | SRTP_PROTECTION_PROFILE *srtp_profile |
| 2447 | = SSL_get_selected_srtp_profile(con); | 2464 | = SSL_get_selected_srtp_profile(con); |
| @@ -2450,6 +2467,7 @@ static int init_ssl_connection(SSL *con) | |||
| 2450 | BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", | 2467 | BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", |
| 2451 | srtp_profile->name); | 2468 | srtp_profile->name); |
| 2452 | } | 2469 | } |
| 2470 | #endif | ||
| 2453 | if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); | 2471 | if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); |
| 2454 | if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & | 2472 | if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & |
| 2455 | TLS1_FLAGS_TLS_PADDING_BUG) | 2473 | TLS1_FLAGS_TLS_PADDING_BUG) |
| @@ -2701,6 +2719,11 @@ static int www_body(char *hostname, int s, unsigned char *context) | |||
| 2701 | } | 2719 | } |
| 2702 | BIO_puts(io,"\n"); | 2720 | BIO_puts(io,"\n"); |
| 2703 | 2721 | ||
| 2722 | BIO_printf(io, | ||
| 2723 | "Secure Renegotiation IS%s supported\n", | ||
| 2724 | SSL_get_secure_renegotiation_support(con) ? | ||
| 2725 | "" : " NOT"); | ||
| 2726 | |||
| 2704 | /* The following is evil and should not really | 2727 | /* The following is evil and should not really |
| 2705 | * be done */ | 2728 | * be done */ |
| 2706 | BIO_printf(io,"Ciphers supported in s_server binary\n"); | 2729 | BIO_printf(io,"Ciphers supported in s_server binary\n"); |