#ifndef OPENSSL_NO_TLSEXT
static BIO *authz_in = NULL;
static const char *s_authz_file = NULL;
-static unsigned char *authz = NULL;
-static size_t authz_length;
#endif
#ifndef OPENSSL_NO_PSK
{
if (--argc < 1) goto bad;
srp_verifier_file = *(++argv);
- meth=TLSv1_server_method();
+ meth = TLSv1_server_method();
}
else if (strcmp(*argv, "-srpuserseed") == 0)
{
if (--argc < 1) goto bad;
srpuserseed = *(++argv);
- meth=TLSv1_server_method();
+ meth = TLSv1_server_method();
}
#endif
else if (strcmp(*argv,"-www") == 0)
goto end;
}
}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
- if (next_proto_neg_in)
- {
- unsigned short len;
- next_proto.data = next_protos_parse(&len,
- next_proto_neg_in);
- if (next_proto.data == NULL)
- goto end;
- next_proto.len = len;
- }
- else
- {
- next_proto.data = NULL;
- }
-# endif
- if (s_authz_file != NULL)
- {
- /* Allow authzs up to 64KB bytes. */
- static const size_t authz_limit = 65536;
-
- authz_in = BIO_new(BIO_s_file_internal());
- if (authz_in == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (BIO_read_filename(authz_in, s_authz_file) <= 0)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- authz = OPENSSL_malloc(authz_limit);
- authz_length = BIO_read(authz_in, authz, authz_limit);
- if (authz_length == authz_limit || authz_length <= 0)
- {
- BIO_printf(bio_err, "authz too large\n");
- goto end;
- }
- BIO_free(authz_in);
- authz_in = NULL;
- }
#endif /* OPENSSL_NO_TLSEXT */
}
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ if (next_proto_neg_in)
+ {
+ unsigned short len;
+ next_proto.data = next_protos_parse(&len, next_proto_neg_in);
+ if (next_proto.data == NULL)
+ goto end;
+ next_proto.len = len;
+ }
+ else
+ {
+ next_proto.data = NULL;
+ }
+#endif
+
if (s_dcert_file)
{
if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain))
goto end;
#ifndef OPENSSL_NO_TLSEXT
- if (authz != NULL && !SSL_CTX_use_authz(ctx, authz, authz_length))
+ if (s_authz_file != NULL && !SSL_CTX_use_authz_file(ctx, s_authz_file))
goto end;
#endif
#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY_free(s_key);
if (s_dkey)
EVP_PKEY_free(s_dkey);
+ if (s_chain)
+ sk_X509_pop_free(s_chain, X509_free);
+ if (s_dchain)
+ sk_X509_pop_free(s_dchain, X509_free);
if (pass)
OPENSSL_free(pass);
if (dpass)
OPENSSL_free(dpass);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
#ifndef OPENSSL_NO_TLSEXT
+ if (tlscstatp.host)
+ OPENSSL_free(tlscstatp.host);
+ if (tlscstatp.port)
+ OPENSSL_free(tlscstatp.port);
+ if (tlscstatp.path)
+ OPENSSL_free(tlscstatp.path);
if (ctx2 != NULL) SSL_CTX_free(ctx2);
if (s_cert2)
X509_free(s_cert2);
if (s_key2)
EVP_PKEY_free(s_key2);
- if (authz != NULL)
- OPENSSL_free(authz);
if (authz_in != NULL)
BIO_free(authz_in);
#endif
}
BIO_puts(io,"\n");
+ BIO_printf(io,
+ "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(con) ?
+ "" : " NOT");
+
/* The following is evil and should not really
* be done */
BIO_printf(io,"Ciphers supported in s_server binary\n");