version 1.26, 2017/04/18 02:15:50 |
version 1.27, 2017/08/12 21:04:33 |
|
|
BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); |
BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); |
BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); |
|
BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); |
BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); |
#ifndef OPENSSL_NO_SRTP |
#ifndef OPENSSL_NO_SRTP |
BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
|
|
goto done; |
goto done; |
} |
} |
|
|
/* This is the context that we pass to next_proto_cb */ |
|
typedef struct tlsextnextprotoctx_st { |
|
unsigned char *data; |
|
unsigned int len; |
|
} tlsextnextprotoctx; |
|
|
|
static int |
|
next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg) |
|
{ |
|
tlsextnextprotoctx *next_proto = arg; |
|
|
|
*data = next_proto->data; |
|
*len = next_proto->len; |
|
|
|
return SSL_TLSEXT_ERR_OK; |
|
} |
|
|
|
|
|
/* This the context that we pass to alpn_cb */ |
/* This the context that we pass to alpn_cb */ |
typedef struct tlsextalpnctx_st { |
typedef struct tlsextalpnctx_st { |
unsigned char *data; |
unsigned char *data; |
|
|
EVP_PKEY *s_key2 = NULL; |
EVP_PKEY *s_key2 = NULL; |
X509 *s_cert2 = NULL; |
X509 *s_cert2 = NULL; |
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; |
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; |
const char *next_proto_neg_in = NULL; |
|
tlsextnextprotoctx next_proto = { NULL, 0 }; |
|
const char *alpn_in = NULL; |
const char *alpn_in = NULL; |
tlsextalpnctx alpn_ctx = { NULL, 0 }; |
tlsextalpnctx alpn_ctx = { NULL, 0 }; |
|
|
|
|
if (--argc < 1) |
if (--argc < 1) |
goto bad; |
goto bad; |
s_key_file2 = *(++argv); |
s_key_file2 = *(++argv); |
} |
} else if (strcmp(*argv, "-nextprotoneg") == 0) { |
else if (strcmp(*argv, "-nextprotoneg") == 0) { |
/* Ignored. */ |
if (--argc < 1) |
if (--argc < 1) |
goto bad; |
goto bad; |
next_proto_neg_in = *(++argv); |
++argv; |
} |
} else if (strcmp(*argv,"-alpn") == 0) { |
else if (strcmp(*argv,"-alpn") == 0) { |
|
if (--argc < 1) |
if (--argc < 1) |
goto bad; |
goto bad; |
alpn_in = *(++argv); |
alpn_in = *(++argv); |
|
|
} |
} |
} |
} |
} |
} |
if (next_proto_neg_in) { |
|
unsigned short len; |
|
next_proto.data = next_protos_parse(&len, next_proto_neg_in); |
|
if (next_proto.data == NULL) |
|
goto end; |
|
next_proto.len = len; |
|
} else { |
|
next_proto.data = NULL; |
|
} |
|
alpn_ctx.data = NULL; |
alpn_ctx.data = NULL; |
if (alpn_in) { |
if (alpn_in) { |
unsigned short len; |
unsigned short len; |
|
|
if (vpm) |
if (vpm) |
SSL_CTX_set1_param(ctx2, vpm); |
SSL_CTX_set1_param(ctx2, vpm); |
} |
} |
if (next_proto.data) |
|
SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); |
|
if (alpn_ctx.data) |
if (alpn_ctx.data) |
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); |
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); |
|
|
|
|
X509_free(s_cert2); |
X509_free(s_cert2); |
if (s_key2) |
if (s_key2) |
EVP_PKEY_free(s_key2); |
EVP_PKEY_free(s_key2); |
free(next_proto.data); |
|
free(alpn_ctx.data); |
free(alpn_ctx.data); |
if (bio_s_out != NULL) { |
if (bio_s_out != NULL) { |
BIO_free(bio_s_out); |
BIO_free(bio_s_out); |
|
|
X509 *peer; |
X509 *peer; |
long verify_error; |
long verify_error; |
char buf[BUFSIZ]; |
char buf[BUFSIZ]; |
const unsigned char *next_proto_neg; |
|
unsigned next_proto_neg_len; |
|
unsigned char *exportedkeymat; |
unsigned char *exportedkeymat; |
|
|
i = SSL_accept(con); |
i = SSL_accept(con); |
|
|
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); |
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); |
BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); |
BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); |
|
|
SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); |
|
if (next_proto_neg) { |
|
BIO_printf(bio_s_out, "NEXTPROTO is "); |
|
BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); |
|
BIO_printf(bio_s_out, "\n"); |
|
} |
|
#ifndef OPENSSL_NO_SRTP |
#ifndef OPENSSL_NO_SRTP |
{ |
{ |
SRTP_PROTECTION_PROFILE *srtp_profile |
SRTP_PROTECTION_PROFILE *srtp_profile |