diff options
Diffstat (limited to 'src/usr.bin/openssl/s_server.c')
| -rw-r--r-- | src/usr.bin/openssl/s_server.c | 52 |
1 files changed, 5 insertions, 47 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index 493dc26264..7254109fba 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_server.c,v 1.26 2017/04/18 02:15:50 deraadt Exp $ */ | 1 | /* $OpenBSD: s_server.c,v 1.27 2017/08/12 21:04:33 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -333,7 +333,6 @@ sv_usage(void) | |||
| 333 | BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); | 333 | BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); |
| 334 | BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); | 334 | BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
| 335 | BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); | 335 | BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
| 336 | BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); | ||
| 337 | BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); | 336 | BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); |
| 338 | #ifndef OPENSSL_NO_SRTP | 337 | #ifndef OPENSSL_NO_SRTP |
| 339 | BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); | 338 | BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
| @@ -509,24 +508,6 @@ err: | |||
| 509 | goto done; | 508 | goto done; |
| 510 | } | 509 | } |
| 511 | 510 | ||
| 512 | /* This is the context that we pass to next_proto_cb */ | ||
| 513 | typedef struct tlsextnextprotoctx_st { | ||
| 514 | unsigned char *data; | ||
| 515 | unsigned int len; | ||
| 516 | } tlsextnextprotoctx; | ||
| 517 | |||
| 518 | static int | ||
| 519 | next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg) | ||
| 520 | { | ||
| 521 | tlsextnextprotoctx *next_proto = arg; | ||
| 522 | |||
| 523 | *data = next_proto->data; | ||
| 524 | *len = next_proto->len; | ||
| 525 | |||
| 526 | return SSL_TLSEXT_ERR_OK; | ||
| 527 | } | ||
| 528 | |||
| 529 | |||
| 530 | /* This the context that we pass to alpn_cb */ | 511 | /* This the context that we pass to alpn_cb */ |
| 531 | typedef struct tlsextalpnctx_st { | 512 | typedef struct tlsextalpnctx_st { |
| 532 | unsigned char *data; | 513 | unsigned char *data; |
| @@ -599,8 +580,6 @@ s_server_main(int argc, char *argv[]) | |||
| 599 | EVP_PKEY *s_key2 = NULL; | 580 | EVP_PKEY *s_key2 = NULL; |
| 600 | X509 *s_cert2 = NULL; | 581 | X509 *s_cert2 = NULL; |
| 601 | tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; | 582 | tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; |
| 602 | const char *next_proto_neg_in = NULL; | ||
| 603 | tlsextnextprotoctx next_proto = { NULL, 0 }; | ||
| 604 | const char *alpn_in = NULL; | 583 | const char *alpn_in = NULL; |
| 605 | tlsextalpnctx alpn_ctx = { NULL, 0 }; | 584 | tlsextalpnctx alpn_ctx = { NULL, 0 }; |
| 606 | 585 | ||
| @@ -843,13 +822,12 @@ s_server_main(int argc, char *argv[]) | |||
| 843 | if (--argc < 1) | 822 | if (--argc < 1) |
| 844 | goto bad; | 823 | goto bad; |
| 845 | s_key_file2 = *(++argv); | 824 | s_key_file2 = *(++argv); |
| 846 | } | 825 | } else if (strcmp(*argv, "-nextprotoneg") == 0) { |
| 847 | else if (strcmp(*argv, "-nextprotoneg") == 0) { | 826 | /* Ignored. */ |
| 848 | if (--argc < 1) | 827 | if (--argc < 1) |
| 849 | goto bad; | 828 | goto bad; |
| 850 | next_proto_neg_in = *(++argv); | 829 | ++argv; |
| 851 | } | 830 | } else if (strcmp(*argv,"-alpn") == 0) { |
| 852 | else if (strcmp(*argv,"-alpn") == 0) { | ||
| 853 | if (--argc < 1) | 831 | if (--argc < 1) |
| 854 | goto bad; | 832 | goto bad; |
| 855 | alpn_in = *(++argv); | 833 | alpn_in = *(++argv); |
| @@ -928,15 +906,6 @@ bad: | |||
| 928 | } | 906 | } |
| 929 | } | 907 | } |
| 930 | } | 908 | } |
| 931 | if (next_proto_neg_in) { | ||
| 932 | unsigned short len; | ||
| 933 | next_proto.data = next_protos_parse(&len, next_proto_neg_in); | ||
| 934 | if (next_proto.data == NULL) | ||
| 935 | goto end; | ||
| 936 | next_proto.len = len; | ||
| 937 | } else { | ||
| 938 | next_proto.data = NULL; | ||
| 939 | } | ||
| 940 | alpn_ctx.data = NULL; | 909 | alpn_ctx.data = NULL; |
| 941 | if (alpn_in) { | 910 | if (alpn_in) { |
| 942 | unsigned short len; | 911 | unsigned short len; |
| @@ -1083,8 +1052,6 @@ bad: | |||
| 1083 | if (vpm) | 1052 | if (vpm) |
| 1084 | SSL_CTX_set1_param(ctx2, vpm); | 1053 | SSL_CTX_set1_param(ctx2, vpm); |
| 1085 | } | 1054 | } |
| 1086 | if (next_proto.data) | ||
| 1087 | SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); | ||
| 1088 | if (alpn_ctx.data) | 1055 | if (alpn_ctx.data) |
| 1089 | SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); | 1056 | SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); |
| 1090 | 1057 | ||
| @@ -1255,7 +1222,6 @@ end: | |||
| 1255 | X509_free(s_cert2); | 1222 | X509_free(s_cert2); |
| 1256 | if (s_key2) | 1223 | if (s_key2) |
| 1257 | EVP_PKEY_free(s_key2); | 1224 | EVP_PKEY_free(s_key2); |
| 1258 | free(next_proto.data); | ||
| 1259 | free(alpn_ctx.data); | 1225 | free(alpn_ctx.data); |
| 1260 | if (bio_s_out != NULL) { | 1226 | if (bio_s_out != NULL) { |
| 1261 | BIO_free(bio_s_out); | 1227 | BIO_free(bio_s_out); |
| @@ -1614,8 +1580,6 @@ init_ssl_connection(SSL * con) | |||
| 1614 | X509 *peer; | 1580 | X509 *peer; |
| 1615 | long verify_error; | 1581 | long verify_error; |
| 1616 | char buf[BUFSIZ]; | 1582 | char buf[BUFSIZ]; |
| 1617 | const unsigned char *next_proto_neg; | ||
| 1618 | unsigned next_proto_neg_len; | ||
| 1619 | unsigned char *exportedkeymat; | 1583 | unsigned char *exportedkeymat; |
| 1620 | 1584 | ||
| 1621 | i = SSL_accept(con); | 1585 | i = SSL_accept(con); |
| @@ -1650,12 +1614,6 @@ init_ssl_connection(SSL * con) | |||
| 1650 | str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); | 1614 | str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); |
| 1651 | BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); | 1615 | BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); |
| 1652 | 1616 | ||
| 1653 | SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); | ||
| 1654 | if (next_proto_neg) { | ||
| 1655 | BIO_printf(bio_s_out, "NEXTPROTO is "); | ||
| 1656 | BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); | ||
| 1657 | BIO_printf(bio_s_out, "\n"); | ||
| 1658 | } | ||
| 1659 | #ifndef OPENSSL_NO_SRTP | 1617 | #ifndef OPENSSL_NO_SRTP |
| 1660 | { | 1618 | { |
| 1661 | SRTP_PROTECTION_PROFILE *srtp_profile | 1619 | SRTP_PROTECTION_PROFILE *srtp_profile |