Add prototypes for new OCSP functions.

[oweals/openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index b5932832569a693eb6db6e883d33226ea8214eb9..383e2304d7ac7ff28060a3ec6f39c4db3725c81c 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -83,6 +83,7 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
+#include <openssl/engine.h>
 #include "s_apps.h"
 
 #ifdef WINDOWS
@@ -176,6 +177,7 @@ static int s_debug=0;
 static int s_quiet=0;
 
 static int hack=0;
+static char *engine_id=NULL;
 
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -198,6 +200,7 @@ static void s_server_init(void)
        s_debug=0;
        s_quiet=0;
        hack=0;
+       engine_id=NULL;
        }
 #endif
 
@@ -242,6 +245,7 @@ static void sv_usage(void)
        BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
        BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
        BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+       BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
        }
 
 static int local_argc=0;
@@ -411,9 +415,7 @@ int MAIN(int argc, char *argv[])
        int no_tmp_rsa=0,no_dhe=0,nocert=0;
        int state=0;
        SSL_METHOD *meth=NULL;
-#ifndef NO_DH
-       DH *dh=NULL;
-#endif
+       ENGINE *e=NULL;
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
        meth=SSLv23_server_method();
@@ -565,6 +567,11 @@ int MAIN(int argc, char *argv[])
                else if (strcmp(*argv,"-tls1") == 0)
                        { meth=TLSv1_server_method(); }
 #endif
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine_id= *(++argv);
+                       }
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -609,6 +616,29 @@ bad:
        SSL_load_error_strings();
        OpenSSL_add_ssl_algorithms();
 
+       if (engine_id != NULL)
+               {
+               if((e = ENGINE_by_id(engine_id)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               if (s_debug)
+                       {
+                       ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+                               0, bio_err, 0);
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+               ENGINE_free(e);
+               }
+
        ctx=SSL_CTX_new(meth);
        if (ctx == NULL)
                {
@@ -649,7 +679,13 @@ bad:
 #ifndef NO_DH
        if (!no_dhe)
                {
-               dh=load_dh_param(dhfile ? dhfile : s_cert_file);
+               DH *dh=NULL;
+
+               if (dhfile)
+                       dh = load_dh_param(dhfile);
+               else if (s_cert_file)
+                       dh = load_dh_param(s_cert_file);
+
                if (dh != NULL)
                        {
                        BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -785,6 +821,13 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 
        if (con == NULL) {
                con=SSL_new(ctx);
+#ifndef NO_KRB5
+               if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+                        {
+                        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+                        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+                        }
+#endif /* NO_KRB5 */
                if(context)
                      SSL_set_session_id_context(con, context,
                                                 strlen((char *)context));