diff options
-rw-r--r-- | lib/libssl/src/apps/s_client.c | 35 | ||||
-rw-r--r-- | lib/libssl/src/apps/s_server.c | 87 |
2 files changed, 3 insertions, 119 deletions
diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c index 7c96443a110..b0225c93247 100644 --- a/lib/libssl/src/apps/s_client.c +++ b/lib/libssl/src/apps/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.62 2014/06/28 04:39:41 deraadt Exp $ */ +/* $OpenBSD: s_client.c,v 1.63 2014/07/09 20:59:41 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -865,10 +865,6 @@ bad: ERR_print_errors(bio_err); goto end; } -#if 0 - else - SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER")); -#endif SSL_CTX_set_verify(ctx, verify, verify_callback); if (!set_cert_key_stuff(ctx, cert, key)) @@ -998,17 +994,6 @@ re_start: SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); -#if 0 - { - STACK_OF(OCSP_RESPID) * ids = sk_OCSP_RESPID_new_null(); - OCSP_RESPID *id = OCSP_RESPID_new(); - id->value.byKey = ASN1_OCTET_STRING_new(); - id->type = V_OCSP_RESPID_KEY; - ASN1_STRING_set(id->value.byKey, "Hello World", -1); - sk_OCSP_RESPID_push(ids, id); - SSL_set_tlsext_status_ids(con, ids); - } -#endif } #endif @@ -1149,15 +1134,6 @@ re_start: tty_on = 1; if (in_init) { in_init = 0; -#if 0 - /* This test doesn't really work as intended - * (needs to be fixed) */ -#ifndef OPENSSL_NO_TLSEXT - if (servername != NULL && !SSL_session_reused(con)) { - BIO_printf(bio_c_out, "Server did %sacknowledge servername extension.\n", tlsextcbp.ack ? "" : "not "); - } -#endif -#endif if (sess_out) { BIO *stmp = BIO_new_file(sess_out, "w"); if (stmp) { @@ -1299,16 +1275,7 @@ re_start: } } #endif -#if 1 k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ ); -#else -/* Demo for pending and peek :-) */ - k = SSL_read(con, sbuf, 16); - { - char zbuf[10240]; - printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con), SSL_peek(con, zbuf, 10240)); - } -#endif switch (SSL_get_error(con, k)) { case SSL_ERROR_NONE: diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c index 61eb667c388..1f80a8f7d9b 100644 --- a/lib/libssl/src/apps/s_server.c +++ b/lib/libssl/src/apps/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.54 2014/06/28 04:39:41 deraadt Exp $ */ +/* $OpenBSD: s_server.c,v 1.55 2014/07/09 20:59:41 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -554,11 +554,7 @@ cert_status_cb(SSL * s, void *arg) STACK_OF(X509_EXTENSION) * exts; int ret = SSL_TLSEXT_ERR_NOACK; int i; -#if 0 - STACK_OF(OCSP_RESPID) * ids; - SSL_get_tlsext_status_ids(s, &ids); - BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); -#endif + if (srctx->verbose) BIO_puts(err, "cert_status: callback called\n"); /* Build up OCSP query from server certificate */ @@ -1184,17 +1180,6 @@ bad: SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); #endif -#if 0 - if (cipher == NULL) - cipher = getenv("SSL_CIPHER"); -#endif - -#if 0 - if (s_cert_file == NULL) { - BIO_printf(bio_err, "You must specify a certificate file for the server to use\n"); - goto end; - } -#endif if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || (!SSL_CTX_set_default_verify_paths(ctx))) { @@ -1352,7 +1337,6 @@ bad: goto end; } #ifndef OPENSSL_NO_RSA -#if 1 if (!no_tmp_rsa) { SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); #ifndef OPENSSL_NO_TLSEXT @@ -1360,31 +1344,6 @@ bad: SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb); #endif } -#else - if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) { - RSA *rsa; - - BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key..."); - BIO_flush(bio_s_out); - - rsa = RSA_generate_key(512, RSA_F4, NULL); - - if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) { - ERR_print_errors(bio_err); - goto end; - } -#ifndef OPENSSL_NO_TLSEXT - if (ctx2) { - if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) { - ERR_print_errors(bio_err); - goto end; - } - } -#endif - RSA_free(rsa); - BIO_printf(bio_s_out, "\n"); - } -#endif #endif #ifndef OPENSSL_NO_PSK @@ -1795,11 +1754,7 @@ sv_body(char *hostname, int s, unsigned char *context) err: if (con != NULL) { BIO_printf(bio_s_out, "shutting down SSL\n"); -#if 1 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else - SSL_shutdown(con); -#endif SSL_free(con); } BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); @@ -1938,28 +1893,6 @@ err: } #endif -#if 0 -static int -load_CA(SSL_CTX * ctx, char *file) -{ - FILE *in; - X509 *x = NULL; - - if ((in = fopen(file, "r")) == NULL) - return (0); - - for (;;) { - if (PEM_read_X509(in, &x, NULL) == NULL) - break; - SSL_CTX_add_client_CA(ctx, x); - } - if (x != NULL) - X509_free(x); - fclose(in); - return (1); -} -#endif - static int www_body(char *hostname, int s, unsigned char *context) { @@ -2188,21 +2121,11 @@ www_body(char *hostname, int s, unsigned char *context) BIO_printf(io, "'%s' is an invalid path\r\n", p); break; } -#if 0 - /* append if a directory lookup */ - if (e[-1] == '/') - strcat(p, "index.html"); -#endif - /* if a directory, do the index thang */ if (app_isdir(p) > 0) { -#if 0 /* must check buffer size */ - strcat(p, "/index.html"); -#else BIO_puts(io, text); BIO_printf(io, "'%s' is a directory\r\n", p); break; -#endif } if ((file = BIO_new_file(p, "r")) == NULL) { BIO_puts(io, text); @@ -2274,14 +2197,8 @@ www_body(char *hostname, int s, unsigned char *context) break; } end: -#if 1 /* make sure we re-use sessions */ SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else - /* This kills performance */ -/* SSL_shutdown(con); A shutdown gets sent in the - * BIO_free_all(io) procession */ -#endif err: |