| version 1.26, 2017/04/18 02:15:50 |
version 1.27, 2017/08/12 21:04:33 |
|
|
| BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); |
BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); |
| BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
| BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
| BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); |
|
| BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); |
BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); |
| #ifndef OPENSSL_NO_SRTP |
#ifndef OPENSSL_NO_SRTP |
| BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
|
|
| goto done; |
goto done; |
| } |
} |
| |
|
| /* This is the context that we pass to next_proto_cb */ |
|
| typedef struct tlsextnextprotoctx_st { |
|
| unsigned char *data; |
|
| unsigned int len; |
|
| } tlsextnextprotoctx; |
|
| |
|
| static int |
|
| next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg) |
|
| { |
|
| tlsextnextprotoctx *next_proto = arg; |
|
| |
|
| *data = next_proto->data; |
|
| *len = next_proto->len; |
|
| |
|
| return SSL_TLSEXT_ERR_OK; |
|
| } |
|
| |
|
| |
|
| /* This the context that we pass to alpn_cb */ |
/* This the context that we pass to alpn_cb */ |
| typedef struct tlsextalpnctx_st { |
typedef struct tlsextalpnctx_st { |
| unsigned char *data; |
unsigned char *data; |
|
|
| EVP_PKEY *s_key2 = NULL; |
EVP_PKEY *s_key2 = NULL; |
| X509 *s_cert2 = NULL; |
X509 *s_cert2 = NULL; |
| tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; |
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; |
| const char *next_proto_neg_in = NULL; |
|
| tlsextnextprotoctx next_proto = { NULL, 0 }; |
|
| const char *alpn_in = NULL; |
const char *alpn_in = NULL; |
| tlsextalpnctx alpn_ctx = { NULL, 0 }; |
tlsextalpnctx alpn_ctx = { NULL, 0 }; |
| |
|
|
|
| if (--argc < 1) |
if (--argc < 1) |
| goto bad; |
goto bad; |
| s_key_file2 = *(++argv); |
s_key_file2 = *(++argv); |
| } |
} else if (strcmp(*argv, "-nextprotoneg") == 0) { |
| else if (strcmp(*argv, "-nextprotoneg") == 0) { |
/* Ignored. */ |
| if (--argc < 1) |
if (--argc < 1) |
| goto bad; |
goto bad; |
| next_proto_neg_in = *(++argv); |
++argv; |
| } |
} else if (strcmp(*argv,"-alpn") == 0) { |
| else if (strcmp(*argv,"-alpn") == 0) { |
|
| if (--argc < 1) |
if (--argc < 1) |
| goto bad; |
goto bad; |
| alpn_in = *(++argv); |
alpn_in = *(++argv); |
|
|
| } |
} |
| } |
} |
| } |
} |
| if (next_proto_neg_in) { |
|
| unsigned short len; |
|
| next_proto.data = next_protos_parse(&len, next_proto_neg_in); |
|
| if (next_proto.data == NULL) |
|
| goto end; |
|
| next_proto.len = len; |
|
| } else { |
|
| next_proto.data = NULL; |
|
| } |
|
| alpn_ctx.data = NULL; |
alpn_ctx.data = NULL; |
| if (alpn_in) { |
if (alpn_in) { |
| unsigned short len; |
unsigned short len; |
|
|
| if (vpm) |
if (vpm) |
| SSL_CTX_set1_param(ctx2, vpm); |
SSL_CTX_set1_param(ctx2, vpm); |
| } |
} |
| if (next_proto.data) |
|
| SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); |
|
| if (alpn_ctx.data) |
if (alpn_ctx.data) |
| SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); |
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); |
| |
|
|
|
| X509_free(s_cert2); |
X509_free(s_cert2); |
| if (s_key2) |
if (s_key2) |
| EVP_PKEY_free(s_key2); |
EVP_PKEY_free(s_key2); |
| free(next_proto.data); |
|
| free(alpn_ctx.data); |
free(alpn_ctx.data); |
| if (bio_s_out != NULL) { |
if (bio_s_out != NULL) { |
| BIO_free(bio_s_out); |
BIO_free(bio_s_out); |
|
|
| X509 *peer; |
X509 *peer; |
| long verify_error; |
long verify_error; |
| char buf[BUFSIZ]; |
char buf[BUFSIZ]; |
| const unsigned char *next_proto_neg; |
|
| unsigned next_proto_neg_len; |
|
| unsigned char *exportedkeymat; |
unsigned char *exportedkeymat; |
| |
|
| i = SSL_accept(con); |
i = SSL_accept(con); |
|
|
| str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); |
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); |
| BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); |
BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); |
| |
|
| SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); |
|
| if (next_proto_neg) { |
|
| BIO_printf(bio_s_out, "NEXTPROTO is "); |
|
| BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); |
|
| BIO_printf(bio_s_out, "\n"); |
|
| } |
|
| #ifndef OPENSSL_NO_SRTP |
#ifndef OPENSSL_NO_SRTP |
| { |
{ |
| SRTP_PROTECTION_PROFILE *srtp_profile |
SRTP_PROTECTION_PROFILE *srtp_profile |
![[BACK]](/icons/back.gif){kind=icon}
Return to s_server.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl