diff options
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 130 |
1 files changed, 0 insertions, 130 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 6dabdf4f40..a2fa469f06 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -224,20 +224,6 @@ static DH *load_dh_param(const char *dhfile); static void s_server_init(void); #endif -#ifndef OPENSSL_NO_TLSEXT - -static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp}; - -static unsigned char *generated_supp_data = NULL; - -static const unsigned char *most_recent_supplemental_data = NULL; -static size_t most_recent_supplemental_data_length = 0; - -static int client_provided_server_authz = 0; -static int client_provided_client_authz = 0; - -#endif - /* static int load_CA(SSL_CTX *ctx, char *file);*/ #undef BUFSIZZ @@ -302,29 +288,9 @@ static int cert_chain = 0; #endif #ifndef OPENSSL_NO_TLSEXT -static int suppdata_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); - -static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); - -static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg); - -static int authz_tlsext_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); - static BIO *serverinfo_in = NULL; static const char *s_serverinfo_file = NULL; -static int c_auth = 0; -static int c_auth_require_reneg = 0; #endif #ifndef OPENSSL_NO_PSK @@ -490,8 +456,6 @@ static void sv_usage(void) BIO_printf(bio_err," -naccept arg - terminate after 'arg' connections\n"); #ifndef OPENSSL_NO_TLSEXT BIO_printf(bio_err," -serverinfo arg - PEM serverinfo file for certificate\n"); - BIO_printf(bio_err," -auth - send and receive RFC 5878 TLS auth extensions and supplemental data\n"); - BIO_printf(bio_err," -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n"); #endif BIO_printf(bio_err," -no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag\n"); BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ @@ -1178,15 +1142,7 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_serverinfo_file = *(++argv); } - else if (strcmp(*argv,"-auth") == 0) - { - c_auth = 1; - } #endif - else if (strcmp(*argv,"-auth_require_reneg") == 0) - { - c_auth_require_reneg = 1; - } else if (strcmp(*argv,"-certform") == 0) { if (--argc < 1) goto bad; @@ -1997,12 +1953,6 @@ bad: ERR_print_errors(bio_err); goto end; } - if (c_auth) - { - SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err); - SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_server_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err); - SSL_CTX_set_srv_supp_data(ctx, TLSEXT_SUPPLEMENTALDATATYPE_authz_data, auth_suppdata_generate_cb, suppdata_cb, bio_err); - } #endif #ifndef OPENSSL_NO_TLSEXT if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2, NULL, build_chain)) @@ -2722,12 +2672,6 @@ static int init_ssl_connection(SSL *con) i=SSL_accept(con); } #endif - /*handshake is complete - free the generated supp data allocated in the callback */ - if (generated_supp_data) - { - OPENSSL_free(generated_supp_data); - generated_supp_data = NULL; - } if (i <= 0) { @@ -3615,77 +3559,3 @@ static void free_sessions(void) } first = NULL; } - -#ifndef OPENSSL_NO_TLSEXT -static int authz_tlsext_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) - { - if (TLSEXT_TYPE_server_authz == ext_type) - client_provided_server_authz - = memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL; - - if (TLSEXT_TYPE_client_authz == ext_type) - client_provided_client_authz - = memchr(in, TLSEXT_AUTHZDATAFORMAT_dtcp, inlen) != NULL; - - return 1; - } - -static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, - const unsigned char **out, unsigned short *outlen, - int *al, void *arg) - { - if (c_auth && client_provided_client_authz && client_provided_server_authz) - { - /*if auth_require_reneg flag is set, only send extensions if - renegotiation has occurred */ - if (!c_auth_require_reneg - || (c_auth_require_reneg && SSL_num_renegotiations(s))) - { - *out = auth_ext_data; - *outlen = 1; - return 1; - } - } - /* no auth extension to send */ - return -1; - } - -static int suppdata_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) - { - if (supp_data_type == TLSEXT_SUPPLEMENTALDATATYPE_authz_data) - { - most_recent_supplemental_data = in; - most_recent_supplemental_data_length = inlen; - } - return 1; - } - -static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg) - { - if (c_auth && client_provided_client_authz && client_provided_server_authz) - { - /*if auth_require_reneg flag is set, only send supplemental data if - renegotiation has occurred */ - if (!c_auth_require_reneg - || (c_auth_require_reneg && SSL_num_renegotiations(s))) - { - generated_supp_data = OPENSSL_malloc(10); - memcpy(generated_supp_data, "1234512345", 10); - *out = generated_supp_data; - *outlen = 10; - return 1; - } - } - /* no supplemental data to send */ - return -1; - } -#endif - |