generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove Kerberos support from apps

Browse Source 
Remove Kerberos related options from the apps to prepare for the
subsequent commits which will remove libcrypto and libssl support for
Kerberos.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2015-05-12 10:35:51 +01:00
parent a0bd649336
commit 5561419a60
3 changed files with 5 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/Makefile
View File

@ -5,14 +5,11 @@
DIR= apps
TOP= ..
CC= cc
INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
INCLUDES= -I$(TOP) -I../include
CFLAG= -g -static -Wswitch
MAKEFILE= Makefile
PERL= perl
RM= rm -f
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
PEX_LIBS=
EX_LIBS=
@ -149,7 +146,7 @@ $(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL)
shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \
fi; \
LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
LIBRARIES="$(LIBSSL) $(LIBCRYPTO)" ; \
$(MAKE) -f $(TOP)/Makefile.shared -e \
APPNAME=$(EXE) OBJECTS="$(EXE_OBJ)" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \

22
apps/s_client.c
View File

@ -474,7 +474,7 @@ typedef enum OPTION_choice {
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
OPT_CERT_CHAIN, OPT_CAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_KRB5SVC,
OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE,
OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_JPAKE,
OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST,
@ -551,9 +551,6 @@ OPTIONS s_client_options[] = {
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
#ifndef OPENSSL_NO_KRB5
{"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"},
#endif
#ifndef OPENSSL_NO_SRP
{"srpuser", OPT_SRPUSER, 's', "SRP authentification for 'user'"},
{"srppass", OPT_SRPPASS, 's', "Password for 'user'"},
@ -666,10 +663,6 @@ int s_client_main(int argc, char **argv)
long socket_mtu = 0, randamt = 0;
unsigned short port = PORT;
OPTION_CHOICE o;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
const char *krb5svc = NULL;
#endif
#ifndef OPENSSL_NO_ENGINE
ENGINE *ssl_client_engine = NULL;
#endif
@ -829,11 +822,6 @@ int s_client_main(int argc, char **argv)
case OPT_NOCMDS:
cmdletters = 0;
break;
case OPT_KRB5SVC:
#ifndef OPENSSL_NO_KRB5
krb5svc = opt_arg();
#endif
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 1);
break;
@ -1333,14 +1321,6 @@ int s_client_main(int argc, char **argv)
}
}
#endif
#ifndef OPENSSL_NO_KRB5
if (con && (kctx = kssl_ctx_new()) != NULL) {
SSL_set0_kssl_ctx(con, kctx);
kssl_ctx_setstring(kctx, KSSL_SERVER, host);
if (krb5svc)
kssl_ctx_setstring(kctx, KSSL_SERVICE, krb5svc);
}
#endif /* OPENSSL_NO_KRB5 */
re_start:
#ifdef NO_SYS_UN_H

54
apps/s_server.c
View File

@ -228,8 +228,7 @@ static int s_server_verify = SSL_VERIFY_NONE;
static int s_server_session_id_context = 1; /* anything will do */
static const char *s_cert_file = TEST_CERT, *s_key_file =
NULL, *s_chain_file = NULL;
static const char *krb5svc = NULL;
static const char *krb5tab = NULL;
#ifndef OPENSSL_NO_TLSEXT
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
#endif
@ -833,8 +832,7 @@ typedef enum OPTION_choice {
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_S_ENUM,
OPT_V_ENUM,
OPT_X_ENUM,
OPT_KRB5SVC, OPT_KRBTAB
OPT_X_ENUM
} OPTION_CHOICE;
OPTIONS s_server_options[] = {
@ -892,8 +890,6 @@ OPTIONS s_server_options[] = {
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
{"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"},
{"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"},
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
{"srpuserseed", OPT_SRPUSERSEED, 's',
@ -1410,12 +1406,6 @@ int s_server_main(int argc, char *argv[])
case OPT_JPAKE:
goto opthelp;
#endif
case OPT_KRB5SVC:
krb5svc = opt_arg();
break;
case OPT_KRBTAB:
krb5tab = opt_arg();
break;
case OPT_SRTP_PROFILES:
srtp_profiles = opt_arg();
break;
@ -1988,9 +1978,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
unsigned long l;
SSL *con = NULL;
BIO *sbio;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
#endif
struct timeval timeout;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
@ -2022,15 +2009,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
}
#endif
#ifndef OPENSSL_NO_KRB5
if ((kctx = kssl_ctx_new()) != NULL) {
SSL_set0_kssl_ctx(con, kctx);
kssl_ctx_setstring(kctx, KSSL_SERVICE,
krb5svc ? krb5svc : KRB5SVC);
if (krb5tab)
kssl_ctx_setstring(kctx, KSSL_KEYTAB, krb5tab);
}
#endif /* OPENSSL_NO_KRB5 */
if (context
&& !SSL_set_session_id_context(con,
context, strlen((char *)context))) {
@ -2400,9 +2378,6 @@ static int init_ssl_connection(SSL *con)
X509 *peer;
long verify_error;
char buf[BUFSIZ];
#ifndef OPENSSL_NO_KRB5
char *client_princ;
#endif
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
const unsigned char *next_proto_neg;
unsigned next_proto_neg_len;
@ -2503,13 +2478,6 @@ static int init_ssl_connection(SSL *con)
if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
#ifndef OPENSSL_NO_KRB5
client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
if (client_princ != NULL) {
BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
client_princ);
}
#endif /* OPENSSL_NO_KRB5 */
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
if (keymatexportlabel != NULL) {
@ -2558,9 +2526,6 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
SSL *con;
const SSL_CIPHER *c;
BIO *io, *ssl_bio, *sbio;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
#endif
#ifdef RENEG
int total_bytes = 0;
#endif
@ -2594,12 +2559,6 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
#endif
#ifndef OPENSSL_NO_KRB5
if ((kctx = kssl_ctx_new()) != NULL) {
kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context)))
goto err;
@ -2927,9 +2886,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
int ret = 1;
SSL *con;
BIO *io, *ssl_bio, *sbio;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
#endif
buf = app_malloc(bufsize, "server rev buffer");
io = BIO_new(BIO_f_buffer());
@ -2949,12 +2905,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
SSL_set_tlsext_debug_arg(con, bio_s_out);
}
#endif
#ifndef OPENSSL_NO_KRB5
if ((kctx = kssl_ctx_new()) != NULL) {
kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
if (context && !SSL_set_session_id_context(con, context,
strlen((char *)context))) {
ERR_print_errors(bio_err);