summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/s_client.c26
-rw-r--r--src/usr.bin/openssl/s_server.c52
2 files changed, 2 insertions, 76 deletions
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 25d4c0c5dd..12c9bd2c2d 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_client.c,v 1.5 2014/10/22 13:51:31 jsing Exp $ */ 1/* $OpenBSD: s_client.c,v 1.6 2014/11/06 14:50:12 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -179,10 +179,8 @@ extern int verify_return_error;
179static int c_nbio = 0; 179static int c_nbio = 0;
180static int c_Pause = 0; 180static int c_Pause = 0;
181static int c_debug = 0; 181static int c_debug = 0;
182#ifndef OPENSSL_NO_TLSEXT
183static int c_tlsextdebug = 0; 182static int c_tlsextdebug = 0;
184static int c_status_req = 0; 183static int c_status_req = 0;
185#endif
186static int c_msg = 0; 184static int c_msg = 0;
187static int c_showcerts = 0; 185static int c_showcerts = 0;
188 186
@@ -191,9 +189,7 @@ static int keymatexportlen = 20;
191 189
192static void sc_usage(void); 190static void sc_usage(void);
193static void print_stuff(BIO * berr, SSL * con, int full); 191static void print_stuff(BIO * berr, SSL * con, int full);
194#ifndef OPENSSL_NO_TLSEXT
195static int ocsp_resp_cb(SSL * s, void *arg); 192static int ocsp_resp_cb(SSL * s, void *arg);
196#endif
197static BIO *bio_c_out = NULL; 193static BIO *bio_c_out = NULL;
198static int c_quiet = 0; 194static int c_quiet = 0;
199static int c_ign_eof = 0; 195static int c_ign_eof = 0;
@@ -251,7 +247,6 @@ sc_usage(void)
251#endif 247#endif
252 BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); 248 BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n");
253 BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); 249 BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n");
254#ifndef OPENSSL_NO_TLSEXT
255 BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n"); 250 BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n");
256 BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); 251 BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n");
257 BIO_printf(bio_err, " -status - request certificate status from server\n"); 252 BIO_printf(bio_err, " -status - request certificate status from server\n");
@@ -259,7 +254,6 @@ sc_usage(void)
259#ifndef OPENSSL_NO_NEXTPROTONEG 254#ifndef OPENSSL_NO_NEXTPROTONEG
260 BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); 255 BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
261#endif 256#endif
262#endif
263#ifndef OPENSSL_NO_SRTP 257#ifndef OPENSSL_NO_SRTP
264 BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 258 BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
265#endif 259#endif
@@ -267,7 +261,6 @@ sc_usage(void)
267 BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 261 BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n");
268} 262}
269 263
270#ifndef OPENSSL_NO_TLSEXT
271 264
272/* This is a context that we pass to callbacks */ 265/* This is a context that we pass to callbacks */
273typedef struct tlsextctx_st { 266typedef struct tlsextctx_st {
@@ -324,7 +317,6 @@ next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigne
324 return SSL_TLSEXT_ERR_OK; 317 return SSL_TLSEXT_ERR_OK;
325} 318}
326#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 319#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
327#endif
328 320
329enum { 321enum {
330 PROTO_OFF = 0, 322 PROTO_OFF = 0,
@@ -378,14 +370,12 @@ s_client_main(int argc, char **argv)
378 ENGINE *ssl_client_engine = NULL; 370 ENGINE *ssl_client_engine = NULL;
379#endif 371#endif
380 ENGINE *e = NULL; 372 ENGINE *e = NULL;
381#ifndef OPENSSL_NO_TLSEXT
382 char *servername = NULL; 373 char *servername = NULL;
383 tlsextctx tlsextcbp = 374 tlsextctx tlsextcbp =
384 {NULL, 0}; 375 {NULL, 0};
385#ifndef OPENSSL_NO_NEXTPROTONEG 376#ifndef OPENSSL_NO_NEXTPROTONEG
386 const char *next_proto_neg_in = NULL; 377 const char *next_proto_neg_in = NULL;
387#endif 378#endif
388#endif
389 char *sess_in = NULL; 379 char *sess_in = NULL;
390 char *sess_out = NULL; 380 char *sess_out = NULL;
391 struct sockaddr peer; 381 struct sockaddr peer;
@@ -475,12 +465,10 @@ s_client_main(int argc, char **argv)
475 c_Pause = 1; 465 c_Pause = 1;
476 else if (strcmp(*argv, "-debug") == 0) 466 else if (strcmp(*argv, "-debug") == 0)
477 c_debug = 1; 467 c_debug = 1;
478#ifndef OPENSSL_NO_TLSEXT
479 else if (strcmp(*argv, "-tlsextdebug") == 0) 468 else if (strcmp(*argv, "-tlsextdebug") == 0)
480 c_tlsextdebug = 1; 469 c_tlsextdebug = 1;
481 else if (strcmp(*argv, "-status") == 0) 470 else if (strcmp(*argv, "-status") == 0)
482 c_status_req = 1; 471 c_status_req = 1;
483#endif
484 else if (strcmp(*argv, "-msg") == 0) 472 else if (strcmp(*argv, "-msg") == 0)
485 c_msg = 1; 473 c_msg = 1;
486 else if (strcmp(*argv, "-showcerts") == 0) 474 else if (strcmp(*argv, "-showcerts") == 0)
@@ -548,7 +536,6 @@ s_client_main(int argc, char **argv)
548 else if (strcmp(*argv, "-no_comp") == 0) { 536 else if (strcmp(*argv, "-no_comp") == 0) {
549 off |= SSL_OP_NO_COMPRESSION; 537 off |= SSL_OP_NO_COMPRESSION;
550 } 538 }
551#ifndef OPENSSL_NO_TLSEXT
552 else if (strcmp(*argv, "-no_ticket") == 0) { 539 else if (strcmp(*argv, "-no_ticket") == 0) {
553 off |= SSL_OP_NO_TICKET; 540 off |= SSL_OP_NO_TICKET;
554 } 541 }
@@ -559,7 +546,6 @@ s_client_main(int argc, char **argv)
559 next_proto_neg_in = *(++argv); 546 next_proto_neg_in = *(++argv);
560 } 547 }
561#endif 548#endif
562#endif
563 else if (strcmp(*argv, "-serverpref") == 0) 549 else if (strcmp(*argv, "-serverpref") == 0)
564 off |= SSL_OP_CIPHER_SERVER_PREFERENCE; 550 off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
565 else if (strcmp(*argv, "-legacy_renegotiation") == 0) 551 else if (strcmp(*argv, "-legacy_renegotiation") == 0)
@@ -611,14 +597,12 @@ s_client_main(int argc, char **argv)
611 } else if (strcmp(*argv, "-6") == 0) { 597 } else if (strcmp(*argv, "-6") == 0) {
612 af = AF_INET6; 598 af = AF_INET6;
613 } 599 }
614#ifndef OPENSSL_NO_TLSEXT
615 else if (strcmp(*argv, "-servername") == 0) { 600 else if (strcmp(*argv, "-servername") == 0) {
616 if (--argc < 1) 601 if (--argc < 1)
617 goto bad; 602 goto bad;
618 servername = *(++argv); 603 servername = *(++argv);
619 /* meth=TLSv1_client_method(); */ 604 /* meth=TLSv1_client_method(); */
620 } 605 }
621#endif
622#ifndef OPENSSL_NO_SRTP 606#ifndef OPENSSL_NO_SRTP
623 else if (strcmp(*argv, "-use_srtp") == 0) { 607 else if (strcmp(*argv, "-use_srtp") == 0) {
624 if (--argc < 1) 608 if (--argc < 1)
@@ -777,13 +761,11 @@ bad:
777 ERR_print_errors(bio_err); 761 ERR_print_errors(bio_err);
778 /* goto end; */ 762 /* goto end; */
779 } 763 }
780#ifndef OPENSSL_NO_TLSEXT
781 if (servername != NULL) { 764 if (servername != NULL) {
782 tlsextcbp.biodebug = bio_err; 765 tlsextcbp.biodebug = bio_err;
783 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 766 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
784 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 767 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
785 } 768 }
786#endif
787 769
788 con = SSL_new(ctx); 770 con = SSL_new(ctx);
789 if (sess_in) { 771 if (sess_in) {
@@ -806,7 +788,6 @@ bad:
806 SSL_set_session(con, sess); 788 SSL_set_session(con, sess);
807 SSL_SESSION_free(sess); 789 SSL_SESSION_free(sess);
808 } 790 }
809#ifndef OPENSSL_NO_TLSEXT
810 if (servername != NULL) { 791 if (servername != NULL) {
811 if (!SSL_set_tlsext_host_name(con, servername)) { 792 if (!SSL_set_tlsext_host_name(con, servername)) {
812 BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); 793 BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
@@ -814,7 +795,6 @@ bad:
814 goto end; 795 goto end;
815 } 796 }
816 } 797 }
817#endif
818/* SSL_set_cipher_list(con,"RC4-MD5"); */ 798/* SSL_set_cipher_list(con,"RC4-MD5"); */
819 799
820re_start: 800re_start:
@@ -881,7 +861,6 @@ re_start:
881 SSL_set_msg_callback(con, msg_cb); 861 SSL_set_msg_callback(con, msg_cb);
882 SSL_set_msg_callback_arg(con, bio_c_out); 862 SSL_set_msg_callback_arg(con, bio_c_out);
883 } 863 }
884#ifndef OPENSSL_NO_TLSEXT
885 if (c_tlsextdebug) { 864 if (c_tlsextdebug) {
886 SSL_set_tlsext_debug_callback(con, tlsext_cb); 865 SSL_set_tlsext_debug_callback(con, tlsext_cb);
887 SSL_set_tlsext_debug_arg(con, bio_c_out); 866 SSL_set_tlsext_debug_arg(con, bio_c_out);
@@ -891,7 +870,6 @@ re_start:
891 SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); 870 SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
892 SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); 871 SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
893 } 872 }
894#endif
895 873
896 SSL_set_bio(con, sbio, sbio); 874 SSL_set_bio(con, sbio, sbio);
897 SSL_set_connect_state(con); 875 SSL_set_connect_state(con);
@@ -1472,7 +1450,6 @@ print_stuff(BIO * bio, SSL * s, int full)
1472 (void) BIO_flush(bio); 1450 (void) BIO_flush(bio);
1473} 1451}
1474 1452
1475#ifndef OPENSSL_NO_TLSEXT
1476 1453
1477static int 1454static int
1478ocsp_resp_cb(SSL * s, void *arg) 1455ocsp_resp_cb(SSL * s, void *arg)
@@ -1499,4 +1476,3 @@ ocsp_resp_cb(SSL * s, void *arg)
1499 return 1; 1476 return 1;
1500} 1477}
1501 1478
1502#endif
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 30a926c411..1e6f85f9fb 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.5 2014/10/31 16:59:00 jsing Exp $ */ 1/* $OpenBSD: s_server.c,v 1.6 2014/11/06 14:50:12 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -200,9 +200,7 @@ static int bufsize = BUFSIZZ;
200static int accept_socket = -1; 200static int accept_socket = -1;
201 201
202#define TEST_CERT "server.pem" 202#define TEST_CERT "server.pem"
203#ifndef OPENSSL_NO_TLSEXT
204#define TEST_CERT2 "server2.pem" 203#define TEST_CERT2 "server2.pem"
205#endif
206 204
207extern int verify_depth, verify_return_error; 205extern int verify_depth, verify_return_error;
208 206
@@ -210,26 +208,20 @@ static char *cipher = NULL;
210static int s_server_verify = SSL_VERIFY_NONE; 208static int s_server_verify = SSL_VERIFY_NONE;
211static int s_server_session_id_context = 1; /* anything will do */ 209static int s_server_session_id_context = 1; /* anything will do */
212static const char *s_cert_file = TEST_CERT, *s_key_file = NULL; 210static const char *s_cert_file = TEST_CERT, *s_key_file = NULL;
213#ifndef OPENSSL_NO_TLSEXT
214static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; 211static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
215#endif
216static char *s_dcert_file = NULL, *s_dkey_file = NULL; 212static char *s_dcert_file = NULL, *s_dkey_file = NULL;
217static int s_nbio = 0; 213static int s_nbio = 0;
218static int s_nbio_test = 0; 214static int s_nbio_test = 0;
219int s_crlf = 0; 215int s_crlf = 0;
220static SSL_CTX *ctx = NULL; 216static SSL_CTX *ctx = NULL;
221#ifndef OPENSSL_NO_TLSEXT
222static SSL_CTX *ctx2 = NULL; 217static SSL_CTX *ctx2 = NULL;
223#endif
224static int www = 0; 218static int www = 0;
225 219
226static BIO *bio_s_out = NULL; 220static BIO *bio_s_out = NULL;
227static int s_debug = 0; 221static int s_debug = 0;
228#ifndef OPENSSL_NO_TLSEXT
229static int s_tlsextdebug = 0; 222static int s_tlsextdebug = 0;
230static int s_tlsextstatus = 0; 223static int s_tlsextstatus = 0;
231static int cert_status_cb(SSL * s, void *arg); 224static int cert_status_cb(SSL * s, void *arg);
232#endif
233static int s_msg = 0; 225static int s_msg = 0;
234static int s_quiet = 0; 226static int s_quiet = 0;
235 227
@@ -261,11 +253,9 @@ s_server_init(void)
261 s_dkey_file = NULL; 253 s_dkey_file = NULL;
262 s_cert_file = TEST_CERT; 254 s_cert_file = TEST_CERT;
263 s_key_file = NULL; 255 s_key_file = NULL;
264#ifndef OPENSSL_NO_TLSEXT
265 s_cert_file2 = TEST_CERT2; 256 s_cert_file2 = TEST_CERT2;
266 s_key_file2 = NULL; 257 s_key_file2 = NULL;
267 ctx2 = NULL; 258 ctx2 = NULL;
268#endif
269 s_nbio = 0; 259 s_nbio = 0;
270 s_nbio_test = 0; 260 s_nbio_test = 0;
271 ctx = NULL; 261 ctx = NULL;
@@ -350,7 +340,6 @@ sv_usage(void)
350 BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n"); 340 BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n");
351#endif 341#endif
352 BIO_printf(bio_err, " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); 342 BIO_printf(bio_err, " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
353#ifndef OPENSSL_NO_TLSEXT
354 BIO_printf(bio_err, " -servername host - servername for HostName TLS extension\n"); 343 BIO_printf(bio_err, " -servername host - servername for HostName TLS extension\n");
355 BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); 344 BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
356 BIO_printf(bio_err, " -cert2 arg - certificate file to use for servername\n"); 345 BIO_printf(bio_err, " -cert2 arg - certificate file to use for servername\n");
@@ -365,7 +354,6 @@ sv_usage(void)
365#ifndef OPENSSL_NO_SRTP 354#ifndef OPENSSL_NO_SRTP
366 BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 355 BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
367#endif 356#endif
368#endif
369 BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n"); 357 BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n");
370 BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 358 BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n");
371} 359}
@@ -373,7 +361,6 @@ sv_usage(void)
373static int local_argc = 0; 361static int local_argc = 0;
374static char **local_argv; 362static char **local_argv;
375 363
376#ifndef OPENSSL_NO_TLSEXT
377 364
378/* This is a context that we pass to callbacks */ 365/* This is a context that we pass to callbacks */
379typedef struct tlsextctx_st { 366typedef struct tlsextctx_st {
@@ -558,7 +545,6 @@ next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg)
558#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 545#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
559 546
560 547
561#endif
562 548
563int s_server_main(int, char **); 549int s_server_main(int, char **);
564 550
@@ -592,7 +578,6 @@ s_server_main(int argc, char *argv[])
592 EVP_PKEY *s_key = NULL, *s_dkey = NULL; 578 EVP_PKEY *s_key = NULL, *s_dkey = NULL;
593 int no_cache = 0; 579 int no_cache = 0;
594 const char *errstr = NULL; 580 const char *errstr = NULL;
595#ifndef OPENSSL_NO_TLSEXT
596 EVP_PKEY *s_key2 = NULL; 581 EVP_PKEY *s_key2 = NULL;
597 X509 *s_cert2 = NULL; 582 X509 *s_cert2 = NULL;
598 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; 583 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
@@ -600,7 +585,6 @@ s_server_main(int argc, char *argv[])
600 const char *next_proto_neg_in = NULL; 585 const char *next_proto_neg_in = NULL;
601 tlsextnextprotoctx next_proto; 586 tlsextnextprotoctx next_proto;
602#endif 587#endif
603#endif
604 meth = SSLv23_server_method(); 588 meth = SSLv23_server_method();
605 589
606 local_argc = argc; 590 local_argc = argc;
@@ -729,7 +713,6 @@ s_server_main(int argc, char *argv[])
729 } else if (strcmp(*argv, "-debug") == 0) { 713 } else if (strcmp(*argv, "-debug") == 0) {
730 s_debug = 1; 714 s_debug = 1;
731 } 715 }
732#ifndef OPENSSL_NO_TLSEXT
733 else if (strcmp(*argv, "-tlsextdebug") == 0) 716 else if (strcmp(*argv, "-tlsextdebug") == 0)
734 s_tlsextdebug = 1; 717 s_tlsextdebug = 1;
735 else if (strcmp(*argv, "-status") == 0) 718 else if (strcmp(*argv, "-status") == 0)
@@ -757,7 +740,6 @@ s_server_main(int argc, char *argv[])
757 goto bad; 740 goto bad;
758 } 741 }
759 } 742 }
760#endif
761 else if (strcmp(*argv, "-msg") == 0) { 743 else if (strcmp(*argv, "-msg") == 0) {
762 s_msg = 1; 744 s_msg = 1;
763 } else if (strcmp(*argv, "-hack") == 0) { 745 } else if (strcmp(*argv, "-hack") == 0) {
@@ -795,11 +777,9 @@ s_server_main(int argc, char *argv[])
795 } else if (strcmp(*argv, "-no_comp") == 0) { 777 } else if (strcmp(*argv, "-no_comp") == 0) {
796 off |= SSL_OP_NO_COMPRESSION; 778 off |= SSL_OP_NO_COMPRESSION;
797 } 779 }
798#ifndef OPENSSL_NO_TLSEXT
799 else if (strcmp(*argv, "-no_ticket") == 0) { 780 else if (strcmp(*argv, "-no_ticket") == 0) {
800 off |= SSL_OP_NO_TICKET; 781 off |= SSL_OP_NO_TICKET;
801 } 782 }
802#endif
803 else if (strcmp(*argv, "-ssl3") == 0) { 783 else if (strcmp(*argv, "-ssl3") == 0) {
804 meth = SSLv3_server_method(); 784 meth = SSLv3_server_method();
805 } else if (strcmp(*argv, "-tls1") == 0) { 785 } else if (strcmp(*argv, "-tls1") == 0) {
@@ -836,7 +816,6 @@ s_server_main(int argc, char *argv[])
836 engine_id = *(++argv); 816 engine_id = *(++argv);
837 } 817 }
838#endif 818#endif
839#ifndef OPENSSL_NO_TLSEXT
840 else if (strcmp(*argv, "-servername") == 0) { 819 else if (strcmp(*argv, "-servername") == 0) {
841 if (--argc < 1) 820 if (--argc < 1)
842 goto bad; 821 goto bad;
@@ -859,7 +838,6 @@ s_server_main(int argc, char *argv[])
859 next_proto_neg_in = *(++argv); 838 next_proto_neg_in = *(++argv);
860 } 839 }
861#endif 840#endif
862#endif
863#ifndef OPENSSL_NO_SRTP 841#ifndef OPENSSL_NO_SRTP
864 else if (strcmp(*argv, "-use_srtp") == 0) { 842 else if (strcmp(*argv, "-use_srtp") == 0) {
865 if (--argc < 1) 843 if (--argc < 1)
@@ -905,10 +883,8 @@ bad:
905 } 883 }
906 if (s_key_file == NULL) 884 if (s_key_file == NULL)
907 s_key_file = s_cert_file; 885 s_key_file = s_cert_file;
908#ifndef OPENSSL_NO_TLSEXT
909 if (s_key_file2 == NULL) 886 if (s_key_file2 == NULL)
910 s_key_file2 = s_cert_file2; 887 s_key_file2 = s_cert_file2;
911#endif
912 888
913 if (nocert == 0) { 889 if (nocert == 0) {
914 s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e, 890 s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
@@ -924,7 +900,6 @@ bad:
924 ERR_print_errors(bio_err); 900 ERR_print_errors(bio_err);
925 goto end; 901 goto end;
926 } 902 }
927#ifndef OPENSSL_NO_TLSEXT
928 if (tlsextcbp.servername) { 903 if (tlsextcbp.servername) {
929 s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e, 904 s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
930 "second server certificate private key file"); 905 "second server certificate private key file");
@@ -940,7 +915,6 @@ bad:
940 goto end; 915 goto end;
941 } 916 }
942 } 917 }
943#endif
944 } 918 }
945#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 919#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
946 if (next_proto_neg_in) { 920 if (next_proto_neg_in) {
@@ -989,10 +963,8 @@ bad:
989 s_key_file = NULL; 963 s_key_file = NULL;
990 s_dcert_file = NULL; 964 s_dcert_file = NULL;
991 s_dkey_file = NULL; 965 s_dkey_file = NULL;
992#ifndef OPENSSL_NO_TLSEXT
993 s_cert_file2 = NULL; 966 s_cert_file2 = NULL;
994 s_key_file2 = NULL; 967 s_key_file2 = NULL;
995#endif
996 } 968 }
997 ctx = SSL_CTX_new(meth); 969 ctx = SSL_CTX_new(meth);
998 if (ctx == NULL) { 970 if (ctx == NULL) {
@@ -1048,7 +1020,6 @@ bad:
1048 if (vpm) 1020 if (vpm)
1049 SSL_CTX_set1_param(ctx, vpm); 1021 SSL_CTX_set1_param(ctx, vpm);
1050 1022
1051#ifndef OPENSSL_NO_TLSEXT
1052 if (s_cert2) { 1023 if (s_cert2) {
1053 ctx2 = SSL_CTX_new(meth); 1024 ctx2 = SSL_CTX_new(meth);
1054 if (ctx2 == NULL) { 1025 if (ctx2 == NULL) {
@@ -1105,7 +1076,6 @@ bad:
1105 if (next_proto.data) 1076 if (next_proto.data)
1106 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); 1077 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
1107#endif 1078#endif
1108#endif
1109 1079
1110#ifndef OPENSSL_NO_DH 1080#ifndef OPENSSL_NO_DH
1111 if (!no_dhe) { 1081 if (!no_dhe) {
@@ -1132,7 +1102,6 @@ bad:
1132 goto end; 1102 goto end;
1133 } 1103 }
1134 1104
1135#ifndef OPENSSL_NO_TLSEXT
1136 if (ctx2) { 1105 if (ctx2) {
1137 if (!dhfile) { 1106 if (!dhfile) {
1138 DH *dh2 = load_dh_param(s_cert_file2); 1107 DH *dh2 = load_dh_param(s_cert_file2);
@@ -1154,7 +1123,6 @@ bad:
1154 goto end; 1123 goto end;
1155 } 1124 }
1156 } 1125 }
1157#endif
1158 DH_free(dh); 1126 DH_free(dh);
1159 } 1127 }
1160#endif 1128#endif
@@ -1190,19 +1158,15 @@ bad:
1190 (void) BIO_flush(bio_s_out); 1158 (void) BIO_flush(bio_s_out);
1191 1159
1192 SSL_CTX_set_tmp_ecdh(ctx, ecdh); 1160 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
1193#ifndef OPENSSL_NO_TLSEXT
1194 if (ctx2) 1161 if (ctx2)
1195 SSL_CTX_set_tmp_ecdh(ctx2, ecdh); 1162 SSL_CTX_set_tmp_ecdh(ctx2, ecdh);
1196#endif
1197 EC_KEY_free(ecdh); 1163 EC_KEY_free(ecdh);
1198 } 1164 }
1199 1165
1200 if (!set_cert_key_stuff(ctx, s_cert, s_key)) 1166 if (!set_cert_key_stuff(ctx, s_cert, s_key))
1201 goto end; 1167 goto end;
1202#ifndef OPENSSL_NO_TLSEXT
1203 if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2)) 1168 if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2))
1204 goto end; 1169 goto end;
1205#endif
1206 if (s_dcert != NULL) { 1170 if (s_dcert != NULL) {
1207 if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) 1171 if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
1208 goto end; 1172 goto end;
@@ -1214,13 +1178,11 @@ bad:
1214 ERR_print_errors(bio_err); 1178 ERR_print_errors(bio_err);
1215 goto end; 1179 goto end;
1216 } 1180 }
1217#ifndef OPENSSL_NO_TLSEXT
1218 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) { 1181 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) {
1219 BIO_printf(bio_err, "error setting cipher list\n"); 1182 BIO_printf(bio_err, "error setting cipher list\n");
1220 ERR_print_errors(bio_err); 1183 ERR_print_errors(bio_err);
1221 goto end; 1184 goto end;
1222 } 1185 }
1223#endif
1224 } 1186 }
1225 SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); 1187 SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
1226 SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context, 1188 SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context,
@@ -1230,7 +1192,6 @@ bad:
1230 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); 1192 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
1231 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); 1193 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
1232 1194
1233#ifndef OPENSSL_NO_TLSEXT
1234 if (ctx2) { 1195 if (ctx2) {
1235 SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); 1196 SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
1236 SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context, 1197 SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context,
@@ -1242,14 +1203,11 @@ bad:
1242 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1203 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1243 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1204 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1244 } 1205 }
1245#endif
1246 1206
1247 if (CAfile != NULL) { 1207 if (CAfile != NULL) {
1248 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); 1208 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
1249#ifndef OPENSSL_NO_TLSEXT
1250 if (ctx2) 1209 if (ctx2)
1251 SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile)); 1210 SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
1252#endif
1253 } 1211 }
1254 BIO_printf(bio_s_out, "ACCEPT\n"); 1212 BIO_printf(bio_s_out, "ACCEPT\n");
1255 (void) BIO_flush(bio_s_out); 1213 (void) BIO_flush(bio_s_out);
@@ -1274,7 +1232,6 @@ end:
1274 free(dpass); 1232 free(dpass);
1275 if (vpm) 1233 if (vpm)
1276 X509_VERIFY_PARAM_free(vpm); 1234 X509_VERIFY_PARAM_free(vpm);
1277#ifndef OPENSSL_NO_TLSEXT
1278 free(tlscstatp.host); 1235 free(tlscstatp.host);
1279 free(tlscstatp.port); 1236 free(tlscstatp.port);
1280 free(tlscstatp.path); 1237 free(tlscstatp.path);
@@ -1284,7 +1241,6 @@ end:
1284 X509_free(s_cert2); 1241 X509_free(s_cert2);
1285 if (s_key2) 1242 if (s_key2)
1286 EVP_PKEY_free(s_key2); 1243 EVP_PKEY_free(s_key2);
1287#endif
1288 if (bio_s_out != NULL) { 1244 if (bio_s_out != NULL) {
1289 BIO_free(bio_s_out); 1245 BIO_free(bio_s_out);
1290 bio_s_out = NULL; 1246 bio_s_out = NULL;
@@ -1345,7 +1301,6 @@ sv_body(char *hostname, int s, unsigned char *context)
1345 1301
1346 if (con == NULL) { 1302 if (con == NULL) {
1347 con = SSL_new(ctx); 1303 con = SSL_new(ctx);
1348#ifndef OPENSSL_NO_TLSEXT
1349 if (s_tlsextdebug) { 1304 if (s_tlsextdebug) {
1350 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1305 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1351 SSL_set_tlsext_debug_arg(con, bio_s_out); 1306 SSL_set_tlsext_debug_arg(con, bio_s_out);
@@ -1355,7 +1310,6 @@ sv_body(char *hostname, int s, unsigned char *context)
1355 tlscstatp.err = bio_err; 1310 tlscstatp.err = bio_err;
1356 SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); 1311 SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
1357 } 1312 }
1358#endif
1359 if (context) 1313 if (context)
1360 SSL_set_session_id_context(con, context, 1314 SSL_set_session_id_context(con, context,
1361 strlen((char *) context)); 1315 strlen((char *) context));
@@ -1407,12 +1361,10 @@ sv_body(char *hostname, int s, unsigned char *context)
1407 SSL_set_msg_callback(con, msg_cb); 1361 SSL_set_msg_callback(con, msg_cb);
1408 SSL_set_msg_callback_arg(con, bio_s_out); 1362 SSL_set_msg_callback_arg(con, bio_s_out);
1409 } 1363 }
1410#ifndef OPENSSL_NO_TLSEXT
1411 if (s_tlsextdebug) { 1364 if (s_tlsextdebug) {
1412 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1365 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1413 SSL_set_tlsext_debug_arg(con, bio_s_out); 1366 SSL_set_tlsext_debug_arg(con, bio_s_out);
1414 } 1367 }
1415#endif
1416 1368
1417 width = s + 1; 1369 width = s + 1;
1418 for (;;) { 1370 for (;;) {
@@ -1781,12 +1733,10 @@ www_body(char *hostname, int s, unsigned char *context)
1781 1733
1782 if ((con = SSL_new(ctx)) == NULL) 1734 if ((con = SSL_new(ctx)) == NULL)
1783 goto err; 1735 goto err;
1784#ifndef OPENSSL_NO_TLSEXT
1785 if (s_tlsextdebug) { 1736 if (s_tlsextdebug) {
1786 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1737 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1787 SSL_set_tlsext_debug_arg(con, bio_s_out); 1738 SSL_set_tlsext_debug_arg(con, bio_s_out);
1788 } 1739 }
1789#endif
1790 if (context) 1740 if (context)
1791 SSL_set_session_id_context(con, context, 1741 SSL_set_session_id_context(con, context,
1792 strlen((char *) context)); 1742 strlen((char *) context));
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-29 15:07:12 +0000