From 287d0b948d184dbba782de15a9895189c5e34854 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 8 Jul 2015 23:09:52 +0100 Subject: [PATCH] Add ssl configuration support to s_server and s_client Reviewed-by: Richard Levitte --- apps/openssl.c | 1 + apps/s_client.c | 16 +++++++++++++++- apps/s_server.c | 16 +++++++++++++++- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/apps/openssl.c b/apps/openssl.c index 5ce04ceaf3..f2c7ccf0c4 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -176,6 +176,7 @@ static int apps_startup() ERR_load_SSL_strings(); OPENSSL_load_builtin_modules(); + SSL_add_ssl_module(); #ifndef OPENSSL_NO_ENGINE ENGINE_load_builtin_engines(); #endif diff --git a/apps/s_client.c b/apps/s_client.c index dbeb770f59..2f989660cd 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -466,7 +466,7 @@ typedef enum OPTION_choice { OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE, OPT_PSK_IDENTITY, OPT_PSK, OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, - OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, OPT_SSL3, + OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, OPT_SSL3, OPT_SSL_CONFIG, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, @@ -561,6 +561,7 @@ OPTIONS s_client_options[] = { {"alpn", OPT_ALPN, 's', "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, {"async", OPT_ASYNC, '-', "Support asynchronous operation"}, + {"ssl_config", OPT_SSL_CONFIG, 's'}, OPT_S_OPTIONS, OPT_V_OPTIONS, OPT_X_OPTIONS, @@ -686,6 +687,7 @@ int s_client_main(int argc, char **argv) char *servername = NULL; const char *alpn_in = NULL; tlsextctx tlsextcbp = { NULL, 0 }; + const char *ssl_config = NULL; #define MAX_SI_TYPES 100 unsigned short serverinfo_types[MAX_SI_TYPES]; int serverinfo_count = 0, start = 0, len; @@ -940,6 +942,9 @@ int s_client_main(int argc, char **argv) case OPT_SRP_MOREGROUPS: break; #endif + case OPT_SSL_CONFIG: + ssl_config = opt_arg(); + break; case OPT_SSL3: #ifndef OPENSSL_NO_SSL3 meth = SSLv3_client_method(); @@ -1200,6 +1205,15 @@ int s_client_main(int argc, char **argv) if (sdebug) ssl_ctx_security_debug(ctx, sdebug); + if (ssl_config) { + if (SSL_CTX_config(ctx, ssl_config) == 0) { + BIO_printf(bio_err, "Error using configuration \"%s\"\n", + ssl_config); + ERR_print_errors(bio_err); + goto end; + } + } + if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { BIO_printf(bio_err, "Error setting verify params\n"); ERR_print_errors(bio_err); diff --git a/apps/s_server.c b/apps/s_server.c index de9644522e..e0eac553f8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -807,7 +807,7 @@ typedef enum OPTION_choice { OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, - OPT_SSL3, + OPT_SSL_CONFIG, OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN, OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, @@ -915,6 +915,7 @@ OPTIONS s_server_options[] = { {"brief", OPT_BRIEF, '-'}, {"rev", OPT_REV, '-'}, {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"}, + {"ssl_config", OPT_SSL_CONFIG, 's'}, OPT_S_OPTIONS, OPT_V_OPTIONS, OPT_X_OPTIONS, @@ -1009,6 +1010,7 @@ int s_server_main(int argc, char *argv[]) EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING }; + const char *ssl_config = NULL; #ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; tlsextnextprotoctx next_proto = { NULL, 0 }; @@ -1336,6 +1338,9 @@ int s_server_main(int argc, char *argv[]) case OPT_HTTP: www = 3; break; + case OPT_SSL_CONFIG: + ssl_config = opt_arg(); + break; case OPT_SSL3: #ifndef OPENSSL_NO_SSL3 meth = SSLv3_server_method(); @@ -1613,6 +1618,15 @@ int s_server_main(int argc, char *argv[]) ERR_print_errors(bio_err); goto end; } + if (ssl_config) { + if (SSL_CTX_config(ctx, ssl_config) == 0) { + BIO_printf(bio_err, "Error using configuration \"%s\"\n", + ssl_config); + ERR_print_errors(bio_err); + goto end; + } + } + if (session_id_prefix) { if (strlen(session_id_prefix) >= 32) BIO_printf(bio_err, -- 2.25.1