Reverting 1.0.2-only changes supporting the prior authz RFC5878-based tests from...
authorScott Deboy <sdeboy@secondstryke.com>
Sun, 9 Feb 2014 15:49:44 +0000 (07:49 -0800)
committerScott Deboy <sdeboy@secondstryke.com>
Sun, 9 Feb 2014 15:49:44 +0000 (07:49 -0800)
ssl/ssltest.c

index 47a8189bf7b1a606f73e81d49370b7bdde0f8e14..1cba422ea942c53d29da99091a394b2670de242f 100644 (file)
@@ -836,11 +836,6 @@ static void sv_usage(void)
                       "                 (default is sect163r2).\n");
 #endif
        fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
-#ifndef OPENSSL_NO_TLSEXT
-       fprintf(stderr," -server_authz arg - binary authz file for certificate\n");
-       fprintf(stderr," -c_support_proof  - indicate client support for server_authz audit proofs\n");
-       fprintf(stderr," -c_require_proof  - fail if no audit proof is sent\n");
-#endif
        fprintf(stderr," -serverinfo_file file - have server use this file\n");
        fprintf(stderr," -serverinfo_sct  - have client offer and expect SCT\n");
        fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n");
@@ -978,56 +973,6 @@ int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
        }
 #endif
 
-#ifndef OPENSSL_NO_TLSEXT
-struct audit_proof_cb_arg_st
-       {
-       unsigned char *expected_proof;
-       size_t expected_proof_length;
-       int require;
-       };
-
-struct audit_proof_cb_arg_st c_expected = { NULL, 0, 0 };
-
-static int audit_proof_cb(SSL *s, void *arg)
-       {
-       const unsigned char *proof;
-       size_t proof_len;
-       SSL_SESSION *sess = SSL_get_session(s);
-       struct audit_proof_cb_arg_st *cb_arg = (struct audit_proof_cb_arg_st*)arg;
-
-       proof = SSL_SESSION_get_tlsext_authz_server_audit_proof(sess,
-               &proof_len);
-       if (proof != NULL)
-               {
-               if (proof_len == cb_arg->expected_proof_length &&
-                       cb_arg->expected_proof != NULL &&
-                       memcmp(proof, cb_arg->expected_proof, proof_len) == 0)
-                       {
-                       BIO_printf(bio_stdout, "Audit proof OK (%lu bytes).\n",
-                                  (long)proof_len);
-                       return 1;
-                       }
-               else
-                       {
-                       BIO_printf(bio_stdout, "Audit proof mismatch.\n");
-                       /* Cause handshake failure. */
-                       return 0;
-                       }
-               }
-
-       else /* proof == NULL */
-               {
-               BIO_printf(bio_stdout, "No audit proof found.\n");
-               if (cb_arg->require)
-                       {
-                       /* Cause handshake failure. */
-                       return 0;
-                       }
-               return 1;
-               }
-       }
-#endif
-
 int main(int argc, char *argv[])
        {
        char *CApath=NULL,*CAfile=NULL;
@@ -1079,11 +1024,6 @@ int main(int argc, char *argv[])
 #ifdef OPENSSL_FIPS
        int fips_mode=0;
 #endif
-#ifndef OPENSSL_NO_TLSEXT
-       char *s_authz_file = NULL;
-       int c_support_proof = 0;
-       int c_require_proof = 0;
-#endif
 
        verbose = 0;
        debug = 0;
@@ -1302,24 +1242,6 @@ int main(int argc, char *argv[])
                        {
                        test_cipherlist = 1;
                        }
-#ifndef OPENSSL_NO_TLSEXT
-               else if(strcmp(*argv,"-server_authz") == 0)
-                       {
-                       if (--argc < 1) goto bad;
-                       s_authz_file = *(++argv);
-                       tls1 = 1;
-                       }
-               else if (strcmp(*argv,"-c_support_proof") == 0)
-                       {
-                       c_support_proof = 1;
-                       tls1 = 1;
-                       }
-               else if (strcmp(*argv,"-c_require_proof") == 0)
-                       {
-                       c_require_proof = 1;
-                       tls1 = 1;
-                       }
-#endif
                else if (strcmp(*argv,"-serverinfo_sct") == 0)
                        {
                        serverinfo_sct = 1;
@@ -1389,15 +1311,6 @@ bad:
                        "to avoid protocol mismatch.\n");
                EXIT(1);
                }
-       if (c_require_proof && s_authz_file == NULL && !force)
-               {
-               fprintf(stderr, "This case cannot work. -c_require_proof "
-                       "requires an audit proof, but none was supplied. "
-                       "Use -f to perform the test anyway (and\n-d to see "
-                       "what happens), or use -server_authz to supply an "
-                       "audit proof.\n");
-               EXIT(1);
-               }
 
 #ifdef OPENSSL_FIPS
        if(fips_mode)
@@ -1669,34 +1582,6 @@ bad:
                SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
                }
 #endif
-#ifndef OPENSSL_NO_TLSEXT
-       if (s_authz_file != NULL)
-               {
-               if(!SSL_CTX_use_authz_file(s_ctx, s_authz_file))
-                       {
-                       BIO_printf(bio_err, "Unable to set authz data\n");
-                       goto end;
-                       }
-               }
-       if (c_support_proof || c_require_proof)
-               {
-               size_t proof_length;
-               const unsigned char *proof = SSL_CTX_get_authz_data(s_ctx,
-                       TLSEXT_AUTHZDATAFORMAT_audit_proof, &proof_length);
-               if (proof != NULL)
-                       {
-                       /* Store a local copy. */
-                       c_expected.expected_proof = OPENSSL_malloc(proof_length);
-                       c_expected.expected_proof_length = proof_length;
-                       memcpy(c_expected.expected_proof, proof, proof_length);
-                       }
-               c_expected.require = c_require_proof;
-               SSL_CTX_set_tlsext_authz_server_audit_proof_cb(c_ctx,
-                       audit_proof_cb);
-               SSL_CTX_set_tlsext_authz_server_audit_proof_cb_arg(c_ctx,
-                       &c_expected);
-               }
-#endif
 
        if (serverinfo_sct)
                SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL, 
@@ -1849,10 +1734,6 @@ end:
 #endif
 #ifndef OPENSSL_NO_ENGINE
        ENGINE_cleanup();
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-       if (c_expected.expected_proof != NULL)
-               OPENSSL_free(c_expected.expected_proof);
 #endif
        CRYPTO_cleanup_all_ex_data();
        ERR_free_strings();