aboutsummaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
Diffstat (limited to 'apps')
-rw-r--r--apps/Makefile2
-rw-r--r--apps/app_rand.c3
-rw-r--r--apps/apps.c9
-rw-r--r--apps/asn1pars.c4
-rw-r--r--apps/ca.c14
-rw-r--r--apps/ecparam.c7
-rw-r--r--apps/engine.c5
-rw-r--r--apps/ocsp.c4
-rw-r--r--apps/pkcs12.c14
-rw-r--r--apps/s_cb.c5
-rw-r--r--apps/s_client.c11
-rw-r--r--apps/s_server.c51
12 files changed, 92 insertions, 37 deletions
diff --git a/apps/Makefile b/apps/Makefile
index cafe55458ddc..8c3297ea6724 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend
depend: local_depend
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
local_depend:
- @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+ @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/apps/app_rand.c b/apps/app_rand.c
index 595fc7821c85..7f40bba76468 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -124,10 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
char buffer[200];
#ifdef OPENSSL_SYS_WINDOWS
- BIO_printf(bio_e, "Loading 'screen' into random state -");
- BIO_flush(bio_e);
RAND_screen();
- BIO_printf(bio_e, " done\n");
#endif
if (file == NULL)
diff --git a/apps/apps.c b/apps/apps.c
index 7478fc379a55..2e778054ca8f 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -119,9 +119,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && !defined(NETWARE_CLIB)
-# include <strings.h>
-#endif
#include <sys/types.h>
#include <ctype.h>
#include <errno.h>
@@ -1352,7 +1349,11 @@ int set_name_ex(unsigned long *flags, const char *arg)
{"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
{NULL, 0, 0}
};
- return set_multi_opts(flags, arg, ex_tbl);
+ if (set_multi_opts(flags, arg, ex_tbl) == 0)
+ return 0;
+ if ((*flags & XN_FLAG_SEP_MASK) == 0)
+ *flags |= XN_FLAG_SEP_CPLUS_SPC;
+ return 1;
}
int set_ext_copy(int *copy_type, const char *arg)
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 11b07875943b..0a6b990b503d 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -313,9 +313,9 @@ int MAIN(int argc, char **argv)
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
+ || (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
- BIO_printf(bio_err, "Can't parse %s type\n",
- typ == V_ASN1_NULL ? "NULL" : "OBJECT");
+ BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;
}
diff --git a/apps/ca.c b/apps/ca.c
index 3b7336c0466e..0b66095b83b6 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -99,25 +99,19 @@
#undef PROG
#define PROG ca_main
-#define BASE_SECTION "ca"
-#define CONFIG_FILE "openssl.cnf"
+#define BASE_SECTION "ca"
+#define CONFIG_FILE "openssl.cnf"
#define ENV_DEFAULT_CA "default_ca"
-#define STRING_MASK "string_mask"
+#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
-#define ENV_DIR "dir"
-#define ENV_CERTS "certs"
-#define ENV_CRL_DIR "crl_dir"
-#define ENV_CA_DB "CA_DB"
#define ENV_NEW_CERTS_DIR "new_certs_dir"
#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
-#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
-#define ENV_RANDFILE "RANDFILE"
#define ENV_DEFAULT_DAYS "default_days"
#define ENV_DEFAULT_STARTDATE "default_startdate"
#define ENV_DEFAULT_ENDDATE "default_enddate"
@@ -2538,6 +2532,8 @@ static int do_updatedb(CA_DB *db)
char **rrow, *a_tm_s;
a_tm = ASN1_UTCTIME_new();
+ if (a_tm == NULL)
+ return -1;
/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 06ac77b838a3..71b67f435cfd 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -416,14 +416,13 @@ int MAIN(int argc, char **argv)
}
if (check) {
- if (group == NULL)
- BIO_printf(bio_err, "no elliptic curve parameters\n");
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
- } else
- BIO_printf(bio_err, "ok\n");
+ goto end;
+ }
+ BIO_printf(bio_err, "ok\n");
}
diff --git a/apps/engine.c b/apps/engine.c
index 3d70cac416d6..460ec60cb14c 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -99,8 +99,6 @@ static void identity(char *ptr)
static int append_buf(char **buf, const char *s, int *size, int step)
{
- int l = strlen(s);
-
if (*buf == NULL) {
*size = step;
*buf = OPENSSL_malloc(*size);
@@ -109,9 +107,6 @@ static int append_buf(char **buf, const char *s, int *size, int step)
**buf = '\0';
}
- if (**buf != '\0')
- l += 2; /* ", " */
-
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
*size += step;
*buf = OPENSSL_realloc(*buf, *size);
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 926083dd1b5c..6ed255d4b563 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1261,8 +1261,8 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, const char *path,
return NULL;
}
- if (BIO_get_fd(cbio, &fd) <= 0) {
- BIO_puts(err, "Can't get connection fd\n");
+ if (BIO_get_fd(cbio, &fd) < 0) {
+ BIO_puts(bio_err, "Can't get connection fd\n");
goto err;
}
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 4ff64495a956..e41b445a50b0 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -134,13 +134,6 @@ int MAIN(int argc, char **argv)
apps_startup();
-# ifdef OPENSSL_FIPS
- if (FIPS_mode())
- cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- else
-# endif
- cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
enc = EVP_des_ede3_cbc();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -148,6 +141,13 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
+# ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+# endif
+ cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
args = argv + 1;
while (*args) {
diff --git a/apps/s_cb.c b/apps/s_cb.c
index dd3aa74e02af..5b5e711bf2eb 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -981,6 +981,11 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
extname = "next protocol";
break;
#endif
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ case TLSEXT_TYPE_application_layer_protocol_negotiation:
+ extname = "application layer protocol negotiation";
+ break;
+#endif
case TLSEXT_TYPE_padding:
extname = "TLS padding";
diff --git a/apps/s_client.c b/apps/s_client.c
index e55f2c5abc88..f80711fd5e58 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -424,6 +424,14 @@ static void sc_usage(void)
" -no_ticket - disable use of RFC4507bis session tickets\n");
BIO_printf(bio_err,
" -serverinfo types - send empty ClientHello extensions (comma-separated numbers)\n");
+ BIO_printf(bio_err,
+ " -curves arg - Elliptic curves to advertise (colon-separated list)\n");
+ BIO_printf(bio_err,
+ " -sigalgs arg - Signature algorithms to support (colon-separated list)\n");
+ BIO_printf(bio_err,
+ " -client_sigalgs arg - Signature algorithms to support for client\n");
+ BIO_printf(bio_err,
+ " certificate authentication (colon-separated list)\n");
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err,
@@ -2065,6 +2073,9 @@ int MAIN(int argc, char **argv)
sk_X509_pop_free(chain, X509_free);
if (pass)
OPENSSL_free(pass);
+#ifndef OPENSSL_NO_SRP
+ OPENSSL_free(srp_arg.srppassin);
+#endif
if (vpm)
X509_VERIFY_PARAM_free(vpm);
ssl_excert_free(exc);
diff --git a/apps/s_server.c b/apps/s_server.c
index acef382c2c4b..f19532b75fab 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -652,6 +652,12 @@ static void sv_usage(void)
" -no_ticket - disable use of RFC4507bis session tickets\n");
BIO_printf(bio_err,
" -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+ BIO_printf(bio_err,
+ " -sigalgs arg - Signature algorithms to support (colon-separated list)\n");
+ BIO_printf(bio_err,
+ " -client_sigalgs arg - Signature algorithms to support for client \n");
+ BIO_printf(bio_err,
+ " certificate authentication (colon-separated list)\n");
# ifndef OPENSSL_NO_NEXTPROTONEG
BIO_printf(bio_err,
" -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
@@ -2881,6 +2887,21 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
goto err;
} else {
BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+ if (BIO_should_io_special(io)
+ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ srp_callback_parm.user =
+ SRP_VBASE_get_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ continue;
+ }
+#endif
#if defined(OPENSSL_SYS_NETWARE)
delay(1000);
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
@@ -3211,6 +3232,21 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
ERR_print_errors(bio_err);
goto end;
}
+#ifndef OPENSSL_NO_SRP
+ if (BIO_should_io_special(io)
+ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during accept\n");
+ srp_callback_parm.user =
+ SRP_VBASE_get_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ continue;
+ }
+#endif
}
BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
print_ssl_summary(bio_err, con);
@@ -3224,6 +3260,21 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context)
goto err;
} else {
BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+ if (BIO_should_io_special(io)
+ && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+ BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ srp_callback_parm.user =
+ SRP_VBASE_get_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
+ if (srp_callback_parm.user)
+ BIO_printf(bio_s_out, "LOOKUP done %s\n",
+ srp_callback_parm.user->info);
+ else
+ BIO_printf(bio_s_out, "LOOKUP not successful\n");
+ continue;
+ }
+#endif
#if defined(OPENSSL_SYS_NETWARE)
delay(1000);
#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)