summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libssl/src/apps/s_client.c35
-rw-r--r--lib/libssl/src/apps/s_server.c87
2 files changed, 3 insertions, 119 deletions
diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c
index 7c96443a110..b0225c93247 100644
--- a/lib/libssl/src/apps/s_client.c
+++ b/lib/libssl/src/apps/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.62 2014/06/28 04:39:41 deraadt Exp $ */
+/* $OpenBSD: s_client.c,v 1.63 2014/07/09 20:59:41 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -865,10 +865,6 @@ bad:
ERR_print_errors(bio_err);
goto end;
}
-#if 0
- else
- SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));
-#endif
SSL_CTX_set_verify(ctx, verify, verify_callback);
if (!set_cert_key_stuff(ctx, cert, key))
@@ -998,17 +994,6 @@ re_start:
SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
-#if 0
- {
- STACK_OF(OCSP_RESPID) * ids = sk_OCSP_RESPID_new_null();
- OCSP_RESPID *id = OCSP_RESPID_new();
- id->value.byKey = ASN1_OCTET_STRING_new();
- id->type = V_OCSP_RESPID_KEY;
- ASN1_STRING_set(id->value.byKey, "Hello World", -1);
- sk_OCSP_RESPID_push(ids, id);
- SSL_set_tlsext_status_ids(con, ids);
- }
-#endif
}
#endif
@@ -1149,15 +1134,6 @@ re_start:
tty_on = 1;
if (in_init) {
in_init = 0;
-#if 0
- /* This test doesn't really work as intended
- * (needs to be fixed) */
-#ifndef OPENSSL_NO_TLSEXT
- if (servername != NULL && !SSL_session_reused(con)) {
- BIO_printf(bio_c_out, "Server did %sacknowledge servername extension.\n", tlsextcbp.ack ? "" : "not ");
- }
-#endif
-#endif
if (sess_out) {
BIO *stmp = BIO_new_file(sess_out, "w");
if (stmp) {
@@ -1299,16 +1275,7 @@ re_start:
}
}
#endif
-#if 1
k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
-#else
-/* Demo for pending and peek :-) */
- k = SSL_read(con, sbuf, 16);
- {
- char zbuf[10240];
- printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con), SSL_peek(con, zbuf, 10240));
- }
-#endif
switch (SSL_get_error(con, k)) {
case SSL_ERROR_NONE:
diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c
index 61eb667c388..1f80a8f7d9b 100644
--- a/lib/libssl/src/apps/s_server.c
+++ b/lib/libssl/src/apps/s_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_server.c,v 1.54 2014/06/28 04:39:41 deraadt Exp $ */
+/* $OpenBSD: s_server.c,v 1.55 2014/07/09 20:59:41 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -554,11 +554,7 @@ cert_status_cb(SSL * s, void *arg)
STACK_OF(X509_EXTENSION) * exts;
int ret = SSL_TLSEXT_ERR_NOACK;
int i;
-#if 0
- STACK_OF(OCSP_RESPID) * ids;
- SSL_get_tlsext_status_ids(s, &ids);
- BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
-#endif
+
if (srctx->verbose)
BIO_puts(err, "cert_status: callback called\n");
/* Build up OCSP query from server certificate */
@@ -1184,17 +1180,6 @@ bad:
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif
-#if 0
- if (cipher == NULL)
- cipher = getenv("SSL_CIPHER");
-#endif
-
-#if 0
- if (s_cert_file == NULL) {
- BIO_printf(bio_err, "You must specify a certificate file for the server to use\n");
- goto end;
- }
-#endif
if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx))) {
@@ -1352,7 +1337,6 @@ bad:
goto end;
}
#ifndef OPENSSL_NO_RSA
-#if 1
if (!no_tmp_rsa) {
SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
#ifndef OPENSSL_NO_TLSEXT
@@ -1360,31 +1344,6 @@ bad:
SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
#endif
}
-#else
- if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) {
- RSA *rsa;
-
- BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key...");
- BIO_flush(bio_s_out);
-
- rsa = RSA_generate_key(512, RSA_F4, NULL);
-
- if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
- ERR_print_errors(bio_err);
- goto end;
- }
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2) {
- if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-#endif
- RSA_free(rsa);
- BIO_printf(bio_s_out, "\n");
- }
-#endif
#endif
#ifndef OPENSSL_NO_PSK
@@ -1795,11 +1754,7 @@ sv_body(char *hostname, int s, unsigned char *context)
err:
if (con != NULL) {
BIO_printf(bio_s_out, "shutting down SSL\n");
-#if 1
SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-#else
- SSL_shutdown(con);
-#endif
SSL_free(con);
}
BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
@@ -1938,28 +1893,6 @@ err:
}
#endif
-#if 0
-static int
-load_CA(SSL_CTX * ctx, char *file)
-{
- FILE *in;
- X509 *x = NULL;
-
- if ((in = fopen(file, "r")) == NULL)
- return (0);
-
- for (;;) {
- if (PEM_read_X509(in, &x, NULL) == NULL)
- break;
- SSL_CTX_add_client_CA(ctx, x);
- }
- if (x != NULL)
- X509_free(x);
- fclose(in);
- return (1);
-}
-#endif
-
static int
www_body(char *hostname, int s, unsigned char *context)
{
@@ -2188,21 +2121,11 @@ www_body(char *hostname, int s, unsigned char *context)
BIO_printf(io, "'%s' is an invalid path\r\n", p);
break;
}
-#if 0
- /* append if a directory lookup */
- if (e[-1] == '/')
- strcat(p, "index.html");
-#endif
-
/* if a directory, do the index thang */
if (app_isdir(p) > 0) {
-#if 0 /* must check buffer size */
- strcat(p, "/index.html");
-#else
BIO_puts(io, text);
BIO_printf(io, "'%s' is a directory\r\n", p);
break;
-#endif
}
if ((file = BIO_new_file(p, "r")) == NULL) {
BIO_puts(io, text);
@@ -2274,14 +2197,8 @@ www_body(char *hostname, int s, unsigned char *context)
break;
}
end:
-#if 1
/* make sure we re-use sessions */
SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-#else
- /* This kills performance */
-/* SSL_shutdown(con); A shutdown gets sent in the
- * BIO_free_all(io) procession */
-#endif
err: