#include <stdio.h>
#include <stdlib.h>
+#include <string.h> /* for memcpy() and strcmp() */
#define USE_SOCKETS
#define NON_MAIN
#include "apps.h"
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
{
if (cert_file != NULL) {
- /*-
- SSL *ssl;
- X509 *x509;
- */
+ /*-
+ SSL *ssl;
+ X509 *x509;
+ */
if (SSL_CTX_use_certificate_file(ctx, cert_file,
SSL_FILETYPE_PEM) <= 0) {
return (0);
}
- /*-
- In theory this is no longer needed
- ssl=SSL_new(ctx);
- x509=SSL_get_certificate(ssl);
-
- if (x509 != NULL) {
- EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(x509);
- EVP_PKEY_copy_parameters(pktmp,
- SSL_get_privatekey(ssl));
- EVP_PKEY_free(pktmp);
- }
- SSL_free(ssl);
- */
+ /*-
+ In theory this is no longer needed
+ ssl=SSL_new(ctx);
+ x509=SSL_get_certificate(ssl);
+
+ if (x509 != NULL) {
+ EVP_PKEY *pktmp;
+ pktmp = X509_get_pubkey(x509);
+ EVP_PKEY_copy_parameters(pktmp,
+ SSL_get_privatekey(ssl));
+ EVP_PKEY_free(pktmp);
+ }
+ SSL_free(ssl);
+ */
/*
* If we are using DSA, we can copy the parameters from the private
if (ncurves <= 0)
return 1;
curves = OPENSSL_malloc(ncurves * sizeof(int));
+ if (!curves) {
+ BIO_puts(out, "Malloc error getting supported curves\n");
+ return 0;
+ }
SSL_get1_curves(s, curves);
+
BIO_puts(out, "Supported Elliptic Curves: ");
for (i = 0; i < ncurves; i++) {
if (i)
if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
- (void *)bio, argp, (unsigned long)argi, ret, ret);
+ (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
BIO_dump(out, argp, (int)ret);
return (ret);
} else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
- (void *)bio, argp, (unsigned long)argi, ret, ret);
+ (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
BIO_dump(out, argp, (int)ret);
}
return (ret);
extname = "next protocol";
break;
#endif
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ case TLSEXT_TYPE_application_layer_protocol_negotiation:
+ extname = "application layer protocol negotiation";
+ break;
+#endif
case TLSEXT_TYPE_padding:
extname = "TLS padding";
/* Initialize a random secret */
if (!cookie_initialized) {
- if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
+ if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
BIO_printf(bio_err, "error setting random cookie secret\n");
return 0;
}
}
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
- int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)
+ int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr,
+ int *no_prot_opt)
{
char *arg = **pargs, *argn = (*pargs)[1];
int rv;
+ if (strcmp(arg, "-no_ssl2") == 0 || strcmp(arg, "-no_ssl3") == 0
+ || strcmp(arg, "-no_tls1") == 0 || strcmp(arg, "-no_tls1_1") == 0
+ || strcmp(arg, "-no_tls1_2") == 0) {
+ *no_prot_opt = 1;
+ }
+
/* Attempt to run SSL configuration command */
rv = SSL_CONF_cmd_argv(cctx, pargc, pargs);
/* If parameter not recognised just return */