OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
}
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) && !defined(OPENSSL_NO_DEPRECATED)
void ENGINE_setup_bsd_cryptodev(void)
{
static int bsd_cryptodev_default_loaded = 0;
static ASN1_ITEM_EXP *item_type[] = {
ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
ASN1_ITEM_ref(ASIdentifierChoice),
ASN1_ITEM_ref(ASIdentifiers),
ASN1_ITEM_ref(ASIdOrRange),
+#endif
ASN1_ITEM_ref(ASN1_ANY),
ASN1_ITEM_ref(ASN1_BIT_STRING),
ASN1_ITEM_ref(ASN1_BMPSTRING),
ASN1_ITEM_ref(ASN1_UTCTIME),
ASN1_ITEM_ref(ASN1_UTF8STRING),
ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
ASN1_ITEM_ref(ASRange),
+#endif
ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
ASN1_ITEM_ref(AUTHORITY_KEYID),
ASN1_ITEM_ref(BASIC_CONSTRAINTS),
ASN1_ITEM_ref(BIGNUM),
ASN1_ITEM_ref(CBIGNUM),
ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
ASN1_ITEM_ref(CMS_ContentInfo),
ASN1_ITEM_ref(CMS_ReceiptRequest),
ASN1_ITEM_ref(CRL_DIST_POINTS),
+#endif
+#ifndef OPENSSL_NO_DH
ASN1_ITEM_ref(DHparams),
+#endif
ASN1_ITEM_ref(DIRECTORYSTRING),
ASN1_ITEM_ref(DISPLAYTEXT),
ASN1_ITEM_ref(DIST_POINT),
ASN1_ITEM_ref(GENERAL_NAME),
ASN1_ITEM_ref(GENERAL_NAMES),
ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
ASN1_ITEM_ref(IPAddressChoice),
ASN1_ITEM_ref(IPAddressFamily),
ASN1_ITEM_ref(IPAddressOrRange),
ASN1_ITEM_ref(IPAddressRange),
+#endif
ASN1_ITEM_ref(ISSUING_DIST_POINT),
ASN1_ITEM_ref(LONG),
ASN1_ITEM_ref(NAME_CONSTRAINTS),
ASN1_ITEM_ref(NETSCAPE_SPKAC),
ASN1_ITEM_ref(NETSCAPE_SPKI),
ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
ASN1_ITEM_ref(OCSP_BASICRESP),
ASN1_ITEM_ref(OCSP_CERTID),
ASN1_ITEM_ref(OCSP_CERTSTATUS),
ASN1_ITEM_ref(OCSP_SERVICELOC),
ASN1_ITEM_ref(OCSP_SIGNATURE),
ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
ASN1_ITEM_ref(OTHERNAME),
ASN1_ITEM_ref(PBE2PARAM),
ASN1_ITEM_ref(PBEPARAM),
return 0;
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* Parse the comma-separated list into TLS format. */
static void parse_protos(const char *protos, unsigned char **out, size_t *outlen)
{
return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
: SSL_TLSEXT_ERR_NOACK;
}
-
+#endif
/*
* Configure callbacks and other properties that can't be set directly
if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_BROKEN) {
SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb);
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (test_ctx->server_npn_protocols != NULL) {
parse_protos(test_ctx->server_npn_protocols,
&server_ctx_data->npn_protocols,
alpn_protos_len) == 0);
OPENSSL_free(alpn_protos);
}
+#endif
/*
* Use fixed session ticket keys so that we can decrypt a ticket created with
* one CTX in another CTX. Don't address server2 for the moment.
return INTERNAL_ERROR;
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
static char *dup_str(const unsigned char *in, size_t len)
{
OPENSSL_assert(ret != NULL);
return ret;
}
+#endif
static HANDSHAKE_RESULT *do_handshake_internal(
SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
unsigned char* tick = NULL;
size_t tick_len = 0;
SSL_SESSION* sess = NULL;
+#ifndef OPENSSL_NO_NEXTPROTONEG
const unsigned char *proto = NULL;
/* API dictates unsigned int rather than size_t. */
unsigned int proto_len = 0;
+#endif
memset(&server_ctx_data, 0, sizeof(server_ctx_data));
memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
+#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(client, &proto, &proto_len);
ret->client_npn_negotiated = dup_str(proto, proto_len);
SSL_get0_alpn_selected(server, &proto, &proto_len);
ret->server_alpn_negotiated = dup_str(proto, proto_len);
+#endif
ret->client_resumed = SSL_session_reused(client);
ret->server_resumed = SSL_session_reused(server);
return 1;
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
{
int ret = 1;
result->client_alpn_negotiated);
return ret;
}
+#endif
static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
{
ret &= check_servername(result, test_ctx);
ret &= check_session_ticket(result, test_ctx);
ret &= (result->session_ticket_do_not_call == 0);
+#ifndef OPENSSL_NO_NEXTPROTONEG
ret &= check_npn(result, test_ctx);
ret &= check_alpn(result, test_ctx);
+#endif
ret &= check_resumption(result, test_ctx);
}
return ret;
/* NPN and ALPN options */
/************************************/
+#ifndef OPENSSL_NO_NEXTPROTONEG
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(client_npn_protocols)
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_npn_protocols)
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_npn_protocols)
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server_alpn_protocols)
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(server2_alpn_protocols)
IMPLEMENT_SSL_TEST_CTX_STRING_OPTION(expected_alpn_protocol)
+#endif
/***********************/
/* Handshake mode */
{ "ServerNameCallback", &parse_servername_callback },
{ "SessionTicketExpected", &parse_session_ticket },
{ "Method", &parse_test_method },
+#ifndef OPENSSL_NO_NEXTPROTONEG
{ "ClientNPNProtocols", &parse_client_npn_protocols },
{ "ServerNPNProtocols", &parse_server_npn_protocols },
{ "Server2NPNProtocols", &parse_server2_npn_protocols },
{ "ServerALPNProtocols", &parse_server_alpn_protocols },
{ "Server2ALPNProtocols", &parse_server2_alpn_protocols },
{ "ExpectedALPNProtocol", &parse_expected_alpn_protocol },
+#endif
{ "HandshakeMode", &parse_handshake_mode },
{ "ResumptionExpected", &parse_resumption_expected },
};
void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
{
+#ifndef OPENSSL_NO_NEXTPROTONEG
OPENSSL_free(ctx->client_npn_protocols);
OPENSSL_free(ctx->server_npn_protocols);
OPENSSL_free(ctx->server2_npn_protocols);
OPENSSL_free(ctx->server2_alpn_protocols);
OPENSSL_free(ctx->expected_npn_protocol);
OPENSSL_free(ctx->expected_alpn_protocol);
+#endif
OPENSSL_free(ctx);
}
ssl_session_ticket_t session_ticket_expected;
/* Whether the server/client CTX should use DTLS or TLS. */
ssl_test_method_t method;
+#ifndef OPENSSL_NO_NEXTPROTONEG
/*
* NPN and ALPN protocols supported by the client, server, and second
* (SNI) server. A comma-separated list.
char *server_alpn_protocols;
char *server2_alpn_protocols;
char *expected_alpn_protocol;
+#endif
/* Whether to test a resumed/renegotiated handshake. */
ssl_handshake_mode_t handshake_mode;
/* Whether the second handshake is resumed or a full handshake (boolean). */
ssl_session_ticket_name(ctx2->session_ticket_expected));
return 0;
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (!strings_equal("ClientNPNProtocols", ctx->client_npn_protocols,
ctx2->client_npn_protocols))
return 0;
if (!strings_equal("ExpectedALPNProtocol", ctx->expected_alpn_protocol,
ctx2->expected_alpn_protocol))
return 0;
+#endif
if (ctx->handshake_mode != ctx2->handshake_mode) {
fprintf(stderr, "HandshakeMode mismatch: %s vs %s.\n",
ssl_handshake_mode_name(ctx->handshake_mode),
SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
fixture.expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES;
fixture.expected_ctx->method = SSL_TEST_METHOD_DTLS;
+#ifndef OPENSSL_NO_NEXTPROTONEG
fixture.expected_ctx->client_npn_protocols = OPENSSL_strdup("foo,bar");
fixture.expected_ctx->server2_alpn_protocols = OPENSSL_strdup("baz");
OPENSSL_assert(fixture.expected_ctx->client_npn_protocols != NULL);
OPENSSL_assert(fixture.expected_ctx->server2_alpn_protocols != NULL);
+#endif
fixture.expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME;
fixture.expected_ctx->resumption_expected = 1;
EXECUTE_SSL_TEST_CTX_TEST();
projects / oweals / openssl.git / commitdiff