-/* $OpenBSD: apps.c,v 1.13 2014/12/03 22:16:02 bcook Exp $ */
+/* $OpenBSD: apps.c,v 1.14 2014/12/14 14:42:06 jsing Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
BIO_free(out);
}
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
/* next_protos_parse parses a comma separated list of strings into a string
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
* outlen: (output) set to the length of the resulting buffer on success.
*outlen = len + 1;
return out;
}
-#endif
-/* !OPENSSL_NO_NEXTPROTONEG */
int
app_isdir(const char *name)
-/* $OpenBSD: apps.h,v 1.8 2014/11/07 14:16:48 jsing Exp $ */
+/* $OpenBSD: apps.h,v 1.9 2014/12/14 14:42:06 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
-#endif /* !OPENSSL_NO_NEXTPROTONEG */
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
-/* $OpenBSD: s_client.c,v 1.10 2014/12/10 15:24:01 jsing Exp $ */
+/* $OpenBSD: s_client.c,v 1.11 2014/12/14 14:42:06 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n");
BIO_printf(bio_err, " -status - request certificate status from server\n");
BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n");
-#ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
-#endif
BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
#ifndef OPENSSL_NO_SRTP
BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
char *srtp_profiles = NULL;
#endif
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* This the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
unsigned char *data;
ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
return SSL_TLSEXT_ERR_OK;
}
-#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
enum {
PROTO_OFF = 0,
char *servername = NULL;
tlsextctx tlsextcbp =
{NULL, 0};
-#ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
-#endif
const char *alpn_in = NULL;
char *sess_in = NULL;
char *sess_out = NULL;
else if (strcmp(*argv, "-no_ticket") == 0) {
off |= SSL_OP_NO_TICKET;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
else if (strcmp(*argv, "-nextprotoneg") == 0) {
if (--argc < 1)
goto bad;
next_proto_neg_in = *(++argv);
}
-#endif
else if (strcmp(*argv, "-alpn") == 0) {
if (--argc < 1)
goto bad;
goto end;
}
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
next_proto.status = -1;
if (next_proto_neg_in) {
next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
}
} else
next_proto.data = NULL;
-#endif
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
if (socket_type == SOCK_DGRAM)
SSL_CTX_set_read_ahead(ctx, 1);
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto.data)
SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
-#endif
if (alpn_in) {
unsigned short alpn_len;
unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
print_stuff(bio_c_out, con, 1);
SSL_free(con);
}
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
free(next_proto.data);
-#endif
if (ctx != NULL)
SSL_CTX_free(ctx);
if (cert)
}
#endif
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto.status != -1) {
const unsigned char *proto;
unsigned int proto_len;
BIO_write(bio, proto, proto_len);
BIO_write(bio, "\n", 1);
}
-#endif
{
const unsigned char *proto;
unsigned int proto_len;
-/* $OpenBSD: s_server.c,v 1.8 2014/12/10 15:24:01 jsing Exp $ */
+/* $OpenBSD: s_server.c,v 1.9 2014/12/14 14:42:06 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2);
BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n");
BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n");
-#ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
-#endif
BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
#ifndef OPENSSL_NO_SRTP
BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
goto done;
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
/* This is the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
unsigned char *data;
return SSL_TLSEXT_ERR_OK;
}
-#endif /* ndef OPENSSL_NO_NEXTPROTONEG */
/* This the context that we pass to alpn_cb */
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
-#ifndef OPENSSL_NO_NEXTPROTONEG
const char *next_proto_neg_in = NULL;
tlsextnextprotoctx next_proto = { NULL, 0 };
-#endif
const char *alpn_in = NULL;
tlsextalpnctx alpn_ctx = { NULL, 0 };
meth = SSLv23_server_method();
goto bad;
s_key_file2 = *(++argv);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
else if (strcmp(*argv, "-nextprotoneg") == 0) {
if (--argc < 1)
goto bad;
next_proto_neg_in = *(++argv);
}
-#endif
else if (strcmp(*argv,"-alpn") == 0) {
if (--argc < 1)
goto bad;
}
}
}
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
if (next_proto_neg_in) {
unsigned short len;
next_proto.data = next_protos_parse(&len, next_proto_neg_in);
} else {
next_proto.data = NULL;
}
-#endif
alpn_ctx.data = NULL;
if (alpn_in) {
unsigned short len;
if (vpm)
SSL_CTX_set1_param(ctx2, vpm);
}
-#ifndef OPENSSL_NO_NEXTPROTONEG
if (next_proto.data)
SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
-#endif
if (alpn_ctx.data)
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
X509 *peer;
long verify_error;
char buf[BUFSIZ];
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
const unsigned char *next_proto_neg;
unsigned next_proto_neg_len;
-#endif
unsigned char *exportedkeymat;
i = SSL_accept(con);
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
-#if !defined(OPENSSL_NO_NEXTPROTONEG)
SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
if (next_proto_neg) {
BIO_printf(bio_s_out, "NEXTPROTO is ");
BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
BIO_printf(bio_s_out, "\n");
}
-#endif
#ifndef OPENSSL_NO_SRTP
{
SRTP_PROTECTION_PROFILE *srtp_profile
projects / openbsd / commitdiff