diff options
Diffstat (limited to 'src/usr.bin/openssl/s_server.c')
| -rw-r--r-- | src/usr.bin/openssl/s_server.c | 18 |
1 files changed, 1 insertions, 17 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index 35ed6d169c..fdd93977e8 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_server.c,v 1.8 2014/12/10 15:24:01 jsing Exp $ */ | 1 | /* $OpenBSD: s_server.c,v 1.9 2014/12/14 14:42:06 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -348,9 +348,7 @@ sv_usage(void) | |||
| 348 | BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); | 348 | BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); |
| 349 | BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); | 349 | BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
| 350 | BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); | 350 | BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
| 351 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 352 | BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); | 351 | BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); |
| 353 | #endif | ||
| 354 | BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); | 352 | BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); |
| 355 | #ifndef OPENSSL_NO_SRTP | 353 | #ifndef OPENSSL_NO_SRTP |
| 356 | BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); | 354 | BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
| @@ -526,7 +524,6 @@ err: | |||
| 526 | goto done; | 524 | goto done; |
| 527 | } | 525 | } |
| 528 | 526 | ||
| 529 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 530 | /* This is the context that we pass to next_proto_cb */ | 527 | /* This is the context that we pass to next_proto_cb */ |
| 531 | typedef struct tlsextnextprotoctx_st { | 528 | typedef struct tlsextnextprotoctx_st { |
| 532 | unsigned char *data; | 529 | unsigned char *data; |
| @@ -543,7 +540,6 @@ next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg) | |||
| 543 | 540 | ||
| 544 | return SSL_TLSEXT_ERR_OK; | 541 | return SSL_TLSEXT_ERR_OK; |
| 545 | } | 542 | } |
| 546 | #endif /* ndef OPENSSL_NO_NEXTPROTONEG */ | ||
| 547 | 543 | ||
| 548 | 544 | ||
| 549 | /* This the context that we pass to alpn_cb */ | 545 | /* This the context that we pass to alpn_cb */ |
| @@ -621,10 +617,8 @@ s_server_main(int argc, char *argv[]) | |||
| 621 | EVP_PKEY *s_key2 = NULL; | 617 | EVP_PKEY *s_key2 = NULL; |
| 622 | X509 *s_cert2 = NULL; | 618 | X509 *s_cert2 = NULL; |
| 623 | tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; | 619 | tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; |
| 624 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 625 | const char *next_proto_neg_in = NULL; | 620 | const char *next_proto_neg_in = NULL; |
| 626 | tlsextnextprotoctx next_proto = { NULL, 0 }; | 621 | tlsextnextprotoctx next_proto = { NULL, 0 }; |
| 627 | #endif | ||
| 628 | const char *alpn_in = NULL; | 622 | const char *alpn_in = NULL; |
| 629 | tlsextalpnctx alpn_ctx = { NULL, 0 }; | 623 | tlsextalpnctx alpn_ctx = { NULL, 0 }; |
| 630 | meth = SSLv23_server_method(); | 624 | meth = SSLv23_server_method(); |
| @@ -873,13 +867,11 @@ s_server_main(int argc, char *argv[]) | |||
| 873 | goto bad; | 867 | goto bad; |
| 874 | s_key_file2 = *(++argv); | 868 | s_key_file2 = *(++argv); |
| 875 | } | 869 | } |
| 876 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 877 | else if (strcmp(*argv, "-nextprotoneg") == 0) { | 870 | else if (strcmp(*argv, "-nextprotoneg") == 0) { |
| 878 | if (--argc < 1) | 871 | if (--argc < 1) |
| 879 | goto bad; | 872 | goto bad; |
| 880 | next_proto_neg_in = *(++argv); | 873 | next_proto_neg_in = *(++argv); |
| 881 | } | 874 | } |
| 882 | #endif | ||
| 883 | else if (strcmp(*argv,"-alpn") == 0) { | 875 | else if (strcmp(*argv,"-alpn") == 0) { |
| 884 | if (--argc < 1) | 876 | if (--argc < 1) |
| 885 | goto bad; | 877 | goto bad; |
| @@ -963,7 +955,6 @@ bad: | |||
| 963 | } | 955 | } |
| 964 | } | 956 | } |
| 965 | } | 957 | } |
| 966 | #if !defined(OPENSSL_NO_NEXTPROTONEG) | ||
| 967 | if (next_proto_neg_in) { | 958 | if (next_proto_neg_in) { |
| 968 | unsigned short len; | 959 | unsigned short len; |
| 969 | next_proto.data = next_protos_parse(&len, next_proto_neg_in); | 960 | next_proto.data = next_protos_parse(&len, next_proto_neg_in); |
| @@ -973,7 +964,6 @@ bad: | |||
| 973 | } else { | 964 | } else { |
| 974 | next_proto.data = NULL; | 965 | next_proto.data = NULL; |
| 975 | } | 966 | } |
| 976 | #endif | ||
| 977 | alpn_ctx.data = NULL; | 967 | alpn_ctx.data = NULL; |
| 978 | if (alpn_in) { | 968 | if (alpn_in) { |
| 979 | unsigned short len; | 969 | unsigned short len; |
| @@ -1125,10 +1115,8 @@ bad: | |||
| 1125 | if (vpm) | 1115 | if (vpm) |
| 1126 | SSL_CTX_set1_param(ctx2, vpm); | 1116 | SSL_CTX_set1_param(ctx2, vpm); |
| 1127 | } | 1117 | } |
| 1128 | #ifndef OPENSSL_NO_NEXTPROTONEG | ||
| 1129 | if (next_proto.data) | 1118 | if (next_proto.data) |
| 1130 | SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); | 1119 | SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); |
| 1131 | #endif | ||
| 1132 | if (alpn_ctx.data) | 1120 | if (alpn_ctx.data) |
| 1133 | SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); | 1121 | SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); |
| 1134 | 1122 | ||
| @@ -1660,10 +1648,8 @@ init_ssl_connection(SSL * con) | |||
| 1660 | X509 *peer; | 1648 | X509 *peer; |
| 1661 | long verify_error; | 1649 | long verify_error; |
| 1662 | char buf[BUFSIZ]; | 1650 | char buf[BUFSIZ]; |
| 1663 | #if !defined(OPENSSL_NO_NEXTPROTONEG) | ||
| 1664 | const unsigned char *next_proto_neg; | 1651 | const unsigned char *next_proto_neg; |
| 1665 | unsigned next_proto_neg_len; | 1652 | unsigned next_proto_neg_len; |
| 1666 | #endif | ||
| 1667 | unsigned char *exportedkeymat; | 1653 | unsigned char *exportedkeymat; |
| 1668 | 1654 | ||
| 1669 | i = SSL_accept(con); | 1655 | i = SSL_accept(con); |
| @@ -1698,14 +1684,12 @@ init_ssl_connection(SSL * con) | |||
| 1698 | str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); | 1684 | str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); |
| 1699 | BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); | 1685 | BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); |
| 1700 | 1686 | ||
| 1701 | #if !defined(OPENSSL_NO_NEXTPROTONEG) | ||
| 1702 | SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); | 1687 | SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); |
| 1703 | if (next_proto_neg) { | 1688 | if (next_proto_neg) { |
| 1704 | BIO_printf(bio_s_out, "NEXTPROTO is "); | 1689 | BIO_printf(bio_s_out, "NEXTPROTO is "); |
| 1705 | BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); | 1690 | BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); |
| 1706 | BIO_printf(bio_s_out, "\n"); | 1691 | BIO_printf(bio_s_out, "\n"); |
| 1707 | } | 1692 | } |
| 1708 | #endif | ||
| 1709 | #ifndef OPENSSL_NO_SRTP | 1693 | #ifndef OPENSSL_NO_SRTP |
| 1710 | { | 1694 | { |
| 1711 | SRTP_PROTECTION_PROFILE *srtp_profile | 1695 | SRTP_PROTECTION_PROFILE *srtp_profile |