+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_ENGINE, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
+ OPT_VERIFY, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL,
+ OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM,
+ OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT,
+ OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT,
+ OPT_CAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE,
+ OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
+ OPT_BUILD_CHAIN, OPT_CAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE,
+ OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF, OPT_DEBUG,
+ OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, OPT_STATUS_TIMEOUT,
+ OPT_STATUS_URL, OPT_MSG, OPT_MSGFILE, OPT_TRACE, OPT_SECURITY_DEBUG,
+ OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF, OPT_QUIET,
+ OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
+ OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
+ OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP,
+#ifndef OPENSSL_NO_SSL3
+ OPT_SSL3,
+#endif
+ OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+ OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN,
+ OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
+ OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_JPAKE,
+ OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
+ OPT_S_ENUM,
+ OPT_V_ENUM,
+ OPT_X_ENUM,
+ OPT_KRB5SVC, OPT_KRBTAB
+} OPTION_CHOICE;
+
+OPTIONS s_server_options[] = {
+ {"help", OPT_HELP, '-', "Display this summary"},
+
+ {"port", OPT_PORT, 'p'},
+ {"accept", OPT_PORT, 'p',
+ "TCP/IP port to accept on (default is " PORT_STR ")"},
+ {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"},
+ {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"},
+ {"context", OPT_CONTEXT, 's', "Set session ID context"},
+ {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"},
+ {"Verify", OPT_UPPER_V_VERIFY, 'n',
+ "Turn on peer certificate verification, must have a cert"},
+ {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
+ {"naccept", OPT_NACCEPT, 'p', "Terminate after pnum connections"},
+#ifndef OPENSSL_NO_TLSEXT
+ {"serverinfo", OPT_SERVERINFO, 's',
+ "PEM serverinfo file for certificate"},
+#endif
+ {"certform", OPT_CERTFORM, 'F',
+ "Certificate format (PEM or DER) PEM default"},
+ {"key", OPT_KEY, '<',
+ "Private Key if not in -cert; default is " TEST_CERT},
+ {"keyform", OPT_KEYFORM, 'f',
+ "Key format (PEM, DER or ENGINE) PEM default"},
+ {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
+ {"dcert", OPT_DCERT, '<',
+ "Second certificate file to use (usually for DSA)"},
+ {"dcertform", OPT_DCERTFORM, 'F',
+ "Second certificate format (PEM or DER) PEM default"},
+ {"dkey", OPT_DKEY, '<',
+ "Second private key file to use (usually for DSA)"},
+ {"dkeyform", OPT_DKEYFORM, 'F',
+ "Second key format (PEM, DER or ENGINE) PEM default"},
+ {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
+#ifdef FIONBIO
+ {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+#endif
+ {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
+ {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
+ {"debug", OPT_DEBUG, '-', "Print more output"},
+ {"msg", OPT_MSG, '-', "Show protocol messages"},
+ {"msgfile", OPT_MSGFILE, '>'},
+ {"state", OPT_STATE, '-', "Print the SSL states"},
+ {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
+ {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
+ {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
+ {"quiet", OPT_QUIET, '-', "No server output"},
+ {"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"},
+#ifndef OPENSSL_NO_PSK
+ {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
+ {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
+# ifndef OPENSSL_NO_JPAKE
+ {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
+# endif
+#endif
+ {"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"},
+ {"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"},
+#ifndef OPENSSL_NO_SRP
+ {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
+ {"srpuserseed", OPT_SRPUSERSEED, 's',
+ "A seed string for a default user salt"},
+#endif
+#ifndef OPENSSL_NO_SSL3
+ {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
+#endif
+ {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
+ {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
+ {"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
+#ifndef OPENSSL_NO_DTLS1
+ {"dtls", OPT_DTLS, '-'},
+ {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
+ {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
+ {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
+ {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
+ {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
+#endif
+#ifndef OPENSSL_NO_DH
+ {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
+#endif
+#ifndef OPENSSL_NO_EC
+ {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
+#endif
+ {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
+ "Disable caching and tickets if ephemeral (EC)DH is used"},
+ {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
+ {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
+ {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
+ {"id_prefix", OPT_ID_PREFIX, 's',
+ "Generate SSL/TLS session IDs prefixed by arg"},
+ {"rand", OPT_RAND, 's',
+ "Load the file(s) into the random number generator"},