generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add SSL_CONF support to ssltest.

Browse Source 
Add command line support for SSL_CONF: server side arguments are
prefixed by -s_ (e.g. -s_no_ssl3) and client side with -c_.
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2014-10-27 14:07:12 +00:00
parent 55f7fb8848
commit de94222dba
1 changed files with 98 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
ssl/ssltest.c
View File

@ -996,6 +996,10 @@ int main(int argc, char *argv[])
#endif #endif
int no_protocol = 0; int no_protocol = 0;
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
const char *arg = NULL, *argn = NULL;
verbose = 0; verbose = 0;
debug = 0; debug = 0;
cipher = 0; cipher = 0;
@ -1021,6 +1025,31 @@ int main(int argc, char *argv[])
bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT); bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT);
s_cctx = SSL_CONF_CTX_new();
c_cctx = SSL_CONF_CTX_new();
if (!s_cctx || !c_cctx)
{
ERR_print_errors(bio_err);
goto end;
}
SSL_CONF_CTX_set_flags(s_cctx,
SSL_CONF_FLAG_CMDLINE|SSL_CONF_FLAG_SERVER);
if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_"))
{
ERR_print_errors(bio_err);
goto end;
}
SSL_CONF_CTX_set_flags(c_cctx,
SSL_CONF_FLAG_CMDLINE|SSL_CONF_FLAG_CLIENT);
if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_"))
{
ERR_print_errors(bio_err);
goto end;
}
argc--; argc--;
argv++; argv++;
@ -1276,8 +1305,40 @@ int main(int argc, char *argv[])
} }
else else
{ {
fprintf(stderr,"unknown option %s\n",*argv); int rv;
badop=1; arg = argv[0];
argn = argv[1];
/* Try to process command using SSL_CONF */
rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
/* If not processed try server */
if (rv == 0)
rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
/* Recognised: store it for later use */
if (rv > 0)
{
if (rv == 1)
argn = NULL;
if (!conf_args)
{
conf_args = sk_OPENSSL_STRING_new_null();
if (!conf_args)
goto end;
}
if (!sk_OPENSSL_STRING_push(conf_args, arg))
goto end;
if (!sk_OPENSSL_STRING_push(conf_args, argn))
goto end;
continue;
}
if (rv == -3)
BIO_printf(bio_err, "Missing argument for %s\n",
arg);
else if (rv < 0)
BIO_printf(bio_err, "Error with command %s\n",
arg);
else if (rv == 0)
BIO_printf(bio_err,"unknown option %s\n", arg);
badop = 1;
break; break;
} }
argc--; argc--;
@ -1442,6 +1503,35 @@ bad:
SSL_CTX_set_cipher_list(s_ctx,cipher); SSL_CTX_set_cipher_list(s_ctx,cipher);
} }
/* Process SSL_CONF arguments */
SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2)
{
int rv;
arg = sk_OPENSSL_STRING_value(conf_args, i);
argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
rv = SSL_CONF_cmd(c_cctx, arg, argn);
/* If not recognised use server context */
if (rv == -2)
rv = SSL_CONF_cmd(s_cctx, arg, argn);
if (rv <= 0)
{
BIO_printf(bio_err, "Error processing %s %s\n",
arg, argn ? argn : "");
ERR_print_errors(bio_err);
goto end;
}
}
if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx))
{
BIO_puts(bio_err, "Error finishing context\n");
ERR_print_errors(bio_err);
goto end;
}
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
if (!no_dhe) if (!no_dhe)
{ {
@ -1762,6 +1852,12 @@ end:
if (s_ctx != NULL) SSL_CTX_free(s_ctx); if (s_ctx != NULL) SSL_CTX_free(s_ctx);
if (c_ctx != NULL) SSL_CTX_free(c_ctx); if (c_ctx != NULL) SSL_CTX_free(c_ctx);
if (s_cctx)
SSL_CONF_CTX_free(s_cctx);
if (c_cctx)
SSL_CONF_CTX_free(c_cctx);
sk_OPENSSL_STRING_free(conf_args);
if (bio_stdout != NULL) BIO_free(bio_stdout); if (bio_stdout != NULL) BIO_free(bio_stdout);
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA