aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/ssltest.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2015-06-15 20:18:50 +0200
committerMike DePaulo <mikedep333@gmail.com>2015-06-22 01:39:02 -0400
commit76d3cb65aed1b2e454d129eb1e187e896f5e3a2a (patch)
treebca8e882abc81afce4770da47751e08f1bbeecec /openssl/ssl/ssltest.c
parentdf30d2b2322d7940e83be76b63ce6f5a5a77f5b3 (diff)
downloadvcxsrv-76d3cb65aed1b2e454d129eb1e187e896f5e3a2a.tar.gz
vcxsrv-76d3cb65aed1b2e454d129eb1e187e896f5e3a2a.tar.bz2
vcxsrv-76d3cb65aed1b2e454d129eb1e187e896f5e3a2a.zip
Update to openssl-1.0.2c
Conflicts: openssl/Makefile
Diffstat (limited to 'openssl/ssl/ssltest.c')
-rw-r--r--openssl/ssl/ssltest.c58
1 files changed, 39 insertions, 19 deletions
diff --git a/openssl/ssl/ssltest.c b/openssl/ssl/ssltest.c
index 9f5d58624..6737adf23 100644
--- a/openssl/ssl/ssltest.c
+++ b/openssl/ssl/ssltest.c
@@ -692,7 +692,9 @@ static void sv_usage(void)
" -bytes <val> - number of bytes to swap between client/server\n");
#ifndef OPENSSL_NO_DH
fprintf(stderr,
- " -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
+ " -dhe512 - use 512 bit key for DHE (to test failure)\n");
+ fprintf(stderr,
+ " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
fprintf(stderr,
" -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
fprintf(stderr, " -no_dhe - disable DHE\n");
@@ -716,6 +718,10 @@ static void sv_usage(void)
#ifndef OPENSSL_NO_TLS1
fprintf(stderr, " -tls1 - use TLSv1\n");
#endif
+#ifndef OPENSSL_NO_DTLS
+ fprintf(stderr, " -dtls1 - use DTLSv1\n");
+ fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
+#endif
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
fprintf(stderr, " -cert arg - Server certificate file\n");
@@ -877,7 +883,7 @@ int main(int argc, char *argv[])
int badop = 0;
int bio_pair = 0;
int force = 0;
- int tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1;
+ int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1;
int client_auth = 0;
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
@@ -897,7 +903,7 @@ int main(int argc, char *argv[])
long bytes = 256L;
#ifndef OPENSSL_NO_DH
DH *dh;
- int dhe1024 = 0, dhe1024dsa = 0;
+ int dhe512 = 0, dhe1024dsa = 0;
#endif
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh = NULL;
@@ -977,19 +983,19 @@ int main(int argc, char *argv[])
debug = 1;
else if (strcmp(*argv, "-reuse") == 0)
reuse = 1;
- else if (strcmp(*argv, "-dhe1024") == 0) {
+ else if (strcmp(*argv, "-dhe512") == 0) {
#ifndef OPENSSL_NO_DH
- dhe1024 = 1;
+ dhe512 = 1;
#else
fprintf(stderr,
- "ignoring -dhe1024, since I'm compiled without DH\n");
+ "ignoring -dhe512, since I'm compiled without DH\n");
#endif
} else if (strcmp(*argv, "-dhe1024dsa") == 0) {
#ifndef OPENSSL_NO_DH
dhe1024dsa = 1;
#else
fprintf(stderr,
- "ignoring -dhe1024, since I'm compiled without DH\n");
+ "ignoring -dhe1024dsa, since I'm compiled without DH\n");
#endif
} else if (strcmp(*argv, "-no_dhe") == 0)
no_dhe = 1;
@@ -1037,6 +1043,16 @@ int main(int argc, char *argv[])
no_protocol = 1;
#endif
ssl3 = 1;
+ } else if (strcmp(*argv, "-dtls1") == 0) {
+#ifdef OPENSSL_NO_DTLS
+ no_protocol = 1;
+#endif
+ dtls1 = 1;
+ } else if (strcmp(*argv, "-dtls12") == 0) {
+#ifdef OPENSSL_NO_DTLS
+ no_protocol = 1;
+#endif
+ dtls12 = 1;
} else if (strncmp(*argv, "-num", 4) == 0) {
if (--argc < 1)
goto bad;
@@ -1172,8 +1188,8 @@ int main(int argc, char *argv[])
goto end;
}
- if (ssl2 + ssl3 + tls1 > 1) {
- fprintf(stderr, "At most one of -ssl2, -ssl3, or -tls1 should "
+ if (ssl2 + ssl3 + tls1 + dtls1 + dtls12 > 1) {
+ fprintf(stderr, "At most one of -ssl2, -ssl3, -tls1, -dtls1 or -dtls12 should "
"be requested.\n");
EXIT(1);
}
@@ -1190,10 +1206,10 @@ int main(int argc, char *argv[])
goto end;
}
- if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) {
+ if (!ssl2 && !ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
fprintf(stderr, "This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
- "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+ "or add one of ssl2, -ssl3, -tls1, -dtls1, -dtls12, -reuse\n"
"to avoid protocol mismatch.\n");
EXIT(1);
}
@@ -1271,6 +1287,13 @@ int main(int argc, char *argv[])
meth = SSLv3_method();
else
#endif
+#ifndef OPENSSL_NO_DTLS
+ if (dtls1)
+ meth = DTLSv1_method();
+ else if (dtls12)
+ meth = DTLSv1_2_method();
+ else
+#endif
#ifndef OPENSSL_NO_TLS1
if (tls1)
meth = TLSv1_method();
@@ -1297,10 +1320,10 @@ int main(int argc, char *argv[])
*/
SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
dh = get_dh1024dsa();
- } else if (dhe1024)
- dh = get_dh1024();
- else
+ } else if (dhe512)
dh = get_dh512();
+ else
+ dh = get_dh1024();
SSL_CTX_set_tmp_dh(s_ctx, dh);
DH_free(dh);
}
@@ -1318,12 +1341,9 @@ int main(int argc, char *argv[])
BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
goto end;
}
- } else
-# ifdef OPENSSL_NO_EC2M
+ } else {
nid = NID_X9_62_prime256v1;
-# else
- nid = NID_sect163r2;
-# endif
+ }
ecdh = EC_KEY_new_by_curve_name(nid);
if (ecdh == NULL) {