+static char *jpake_secret = NULL;
+#ifndef OPENSSL_NO_SRP
+static srpsrvparm srp_callback_parm;
+#endif
+#ifndef OPENSSL_NO_SRTP
+static char *srtp_profiles = NULL;
+#endif
+
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_ENGINE, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
+ OPT_VERIFY, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL,
+ OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM,
+ OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT,
+ OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT,
+ OPT_CAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE,
+ OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
+ OPT_BUILD_CHAIN, OPT_CAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE,
+ OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF, OPT_DEBUG,
+ OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, OPT_STATUS_TIMEOUT,
+ OPT_STATUS_URL, OPT_MSG, OPT_MSGFILE, OPT_TRACE, OPT_SECURITY_DEBUG,
+ OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF, OPT_QUIET,
+ OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
+ OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
+ OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP,
+#ifndef OPENSSL_NO_SSL3
+ OPT_SSL3,
+#endif
+ OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+ OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN,
+ OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
+ OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_JPAKE,
+ OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
+ OPT_S_ENUM,
+ OPT_V_ENUM,
+ OPT_X_ENUM,
+ OPT_KRB5SVC, OPT_KRBTAB
+} OPTION_CHOICE;
+
+OPTIONS s_server_options[] = {
+ {"help", OPT_HELP, '-', "Display this summary"},
+
+ {"port", OPT_PORT, 'p'},
+ {"accept", OPT_PORT, 'p',
+ "TCP/IP port to accept on (default is " PORT_STR ")"},
+ {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"},
+ {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"},
+ {"context", OPT_CONTEXT, 's', "Set session ID context"},
+ {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"},
+ {"Verify", OPT_UPPER_V_VERIFY, 'n',
+ "Turn on peer certificate verification, must have a cert"},
+ {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
+ {"naccept", OPT_NACCEPT, 'p', "Terminate after pnum connections"},
+#ifndef OPENSSL_NO_TLSEXT
+ {"serverinfo", OPT_SERVERINFO, 's',
+ "PEM serverinfo file for certificate"},
+#endif
+ {"certform", OPT_CERTFORM, 'F',
+ "Certificate format (PEM or DER) PEM default"},
+ {"key", OPT_KEY, '<',
+ "Private Key if not in -cert; default is " TEST_CERT},
+ {"keyform", OPT_KEYFORM, 'f',
+ "Key format (PEM, DER or ENGINE) PEM default"},
+ {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
+ {"dcert", OPT_DCERT, '<',
+ "Second certificate file to use (usually for DSA)"},
+ {"dcertform", OPT_DCERTFORM, 'F',
+ "Second certificate format (PEM or DER) PEM default"},
+ {"dkey", OPT_DKEY, '<',
+ "Second private key file to use (usually for DSA)"},
+ {"dkeyform", OPT_DKEYFORM, 'F',
+ "Second key format (PEM, DER or ENGINE) PEM default"},
+ {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},