version 1.32, 2019/10/04 09:47:34 |
version 1.33, 2020/04/19 17:05:55 |
|
|
BIO_printf(bio_err, " -dpass arg - second private key file pass phrase source\n"); |
BIO_printf(bio_err, " -dpass arg - second private key file pass phrase source\n"); |
BIO_printf(bio_err, " -dhparam arg - DH parameter file to use, in cert file if not specified\n"); |
BIO_printf(bio_err, " -dhparam arg - DH parameter file to use, in cert file if not specified\n"); |
BIO_printf(bio_err, " or a default set of parameters is used\n"); |
BIO_printf(bio_err, " or a default set of parameters is used\n"); |
BIO_printf(bio_err, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ |
|
" Use \"openssl ecparam -list_curves\" for all names\n" \ |
|
" (default is nistp256).\n"); |
|
BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); |
BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); |
BIO_printf(bio_err, " -nbio_test - test with the non-blocking test bio\n"); |
BIO_printf(bio_err, " -nbio_test - test with the non-blocking test bio\n"); |
BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n"); |
BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n"); |
|
|
BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); |
BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); |
BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); |
BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); |
BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); |
BIO_printf(bio_err, " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); |
|
BIO_printf(bio_err, " -groups arg - specify EC groups (colon-separated list)\n"); |
#ifndef OPENSSL_NO_SRTP |
#ifndef OPENSSL_NO_SRTP |
BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
#endif |
#endif |
|
|
X509 *s_cert2 = NULL; |
X509 *s_cert2 = NULL; |
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; |
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; |
const char *alpn_in = NULL; |
const char *alpn_in = NULL; |
|
const char *groups_in = NULL; |
tlsextalpnctx alpn_ctx = { NULL, 0 }; |
tlsextalpnctx alpn_ctx = { NULL, 0 }; |
|
|
if (single_execution) { |
if (single_execution) { |
|
|
if (--argc < 1) |
if (--argc < 1) |
goto bad; |
goto bad; |
dhfile = *(++argv); |
dhfile = *(++argv); |
} |
} else if (strcmp(*argv, "-named_curve") == 0) { |
else if (strcmp(*argv, "-named_curve") == 0) { |
|
if (--argc < 1) |
if (--argc < 1) |
goto bad; |
goto bad; |
named_curve = *(++argv); |
named_curve = *(++argv); |
} |
} else if (strcmp(*argv, "-dcertform") == 0) { |
else if (strcmp(*argv, "-dcertform") == 0) { |
|
if (--argc < 1) |
if (--argc < 1) |
goto bad; |
goto bad; |
s_dcert_format = str2fmt(*(++argv)); |
s_dcert_format = str2fmt(*(++argv)); |
|
|
if (--argc < 1) |
if (--argc < 1) |
goto bad; |
goto bad; |
alpn_in = *(++argv); |
alpn_in = *(++argv); |
|
} else if (strcmp(*argv, "-groups") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
groups_in = *(++argv); |
} |
} |
#ifndef OPENSSL_NO_SRTP |
#ifndef OPENSSL_NO_SRTP |
else if (strcmp(*argv, "-use_srtp") == 0) { |
else if (strcmp(*argv, "-use_srtp") == 0) { |
|
|
if (alpn_ctx.data) |
if (alpn_ctx.data) |
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); |
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); |
|
|
|
if (groups_in != NULL) { |
|
if (SSL_CTX_set1_groups_list(ctx, groups_in) != 1) { |
|
BIO_printf(bio_err, "Failed to set groups '%s'\n", |
|
groups_in); |
|
goto end; |
|
} |
|
} |
|
|
#ifndef OPENSSL_NO_DH |
#ifndef OPENSSL_NO_DH |
if (!no_dhe) { |
if (!no_dhe) { |
DH *dh = NULL; |
DH *dh = NULL; |
|
|
} |
} |
#endif |
#endif |
|
|
if (!no_ecdhe) { |
if (!no_ecdhe && named_curve != NULL) { |
EC_KEY *ecdh = NULL; |
EC_KEY *ecdh = NULL; |
|
int nid; |
|
|
if (named_curve) { |
if ((nid = OBJ_sn2nid(named_curve)) == 0) { |
int nid = OBJ_sn2nid(named_curve); |
BIO_printf(bio_err, "unknown curve name (%s)\n", |
|
named_curve); |
if (nid == 0) { |
goto end; |
BIO_printf(bio_err, "unknown curve name (%s)\n", |
|
named_curve); |
|
goto end; |
|
} |
|
ecdh = EC_KEY_new_by_curve_name(nid); |
|
if (ecdh == NULL) { |
|
BIO_printf(bio_err, "unable to create curve (%s)\n", |
|
named_curve); |
|
goto end; |
|
} |
|
} |
} |
if (ecdh != NULL) { |
if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) { |
BIO_printf(bio_s_out, "Setting temp ECDH parameters\n"); |
BIO_printf(bio_err, "unable to create curve (%s)\n", |
} else { |
named_curve); |
BIO_printf(bio_s_out, "Using default temp ECDH parameters\n"); |
goto end; |
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
|
if (ecdh == NULL) { |
|
BIO_printf(bio_err, "unable to create curve (nistp256)\n"); |
|
goto end; |
|
} |
|
} |
} |
|
BIO_printf(bio_s_out, "Setting temp ECDH parameters\n"); |
(void) BIO_flush(bio_s_out); |
(void) BIO_flush(bio_s_out); |
|
|
SSL_CTX_set_tmp_ecdh(ctx, ecdh); |
SSL_CTX_set_tmp_ecdh(ctx, ecdh); |