Add ssl configuration support to s_server and s_client

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-08 23:09:52 +01:00 · 2015-07-08 23:09:52 +01:00 · 287d0b948d
parent f33bad3321
commit 287d0b948d
3 changed files with 31 additions and 2 deletions
--- a/apps/openssl.c
+++ b/apps/openssl.c
@ -176,6 +176,7 @@ static int apps_startup()
    ERR_load_SSL_strings();

    OPENSSL_load_builtin_modules();
+    SSL_add_ssl_module();
 #ifndef OPENSSL_NO_ENGINE
    ENGINE_load_builtin_engines();
 #endif
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -466,7 +466,7 @@ typedef enum OPTION_choice {
    OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
    OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
    OPT_PSK_IDENTITY, OPT_PSK, OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH,
-    OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, OPT_SSL3,
+    OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, OPT_SSL3, OPT_SSL_CONFIG,
    OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
    OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
    OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
@ -561,6 +561,7 @@ OPTIONS s_client_options[] = {
    {"alpn", OPT_ALPN, 's',
     "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
    {"async", OPT_ASYNC, '-', "Support asynchronous operation"},
+    {"ssl_config", OPT_SSL_CONFIG, 's'},
    OPT_S_OPTIONS,
    OPT_V_OPTIONS,
    OPT_X_OPTIONS,
@ -686,6 +687,7 @@ int s_client_main(int argc, char **argv)
    char *servername = NULL;
    const char *alpn_in = NULL;
    tlsextctx tlsextcbp = { NULL, 0 };
+    const char *ssl_config = NULL;
 #define MAX_SI_TYPES 100
    unsigned short serverinfo_types[MAX_SI_TYPES];
    int serverinfo_count = 0, start = 0, len;
@ -940,6 +942,9 @@ int s_client_main(int argc, char **argv)
        case OPT_SRP_MOREGROUPS:
            break;
 #endif
+        case OPT_SSL_CONFIG:
+            ssl_config = opt_arg();
+            break;
        case OPT_SSL3:
 #ifndef OPENSSL_NO_SSL3
            meth = SSLv3_client_method();
@ -1200,6 +1205,15 @@ int s_client_main(int argc, char **argv)
    if (sdebug)
        ssl_ctx_security_debug(ctx, sdebug);

+    if (ssl_config) {
+        if (SSL_CTX_config(ctx, ssl_config) == 0) {
+            BIO_printf(bio_err, "Error using configuration \"%s\"\n",
+                       ssl_config);
+        ERR_print_errors(bio_err);
+        goto end;
+        }
+    }
+
    if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
        BIO_printf(bio_err, "Error setting verify params\n");
        ERR_print_errors(bio_err);
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -807,7 +807,7 @@ typedef enum OPTION_choice {
    OPT_QUIET, OPT_BRIEF, OPT_NO_DHE,
    OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
    OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
-    OPT_SSL3,
+    OPT_SSL_CONFIG, OPT_SSL3,
    OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
    OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN,
    OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
@ -915,6 +915,7 @@ OPTIONS s_server_options[] = {
    {"brief", OPT_BRIEF, '-'},
    {"rev", OPT_REV, '-'},
    {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"},
+    {"ssl_config", OPT_SSL_CONFIG, 's'},
    OPT_S_OPTIONS,
    OPT_V_OPTIONS,
    OPT_X_OPTIONS,
@ -1009,6 +1010,7 @@ int s_server_main(int argc, char *argv[])
    EVP_PKEY *s_key2 = NULL;
    X509 *s_cert2 = NULL;
    tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
+    const char *ssl_config = NULL;
 #ifndef OPENSSL_NO_NEXTPROTONEG
    const char *next_proto_neg_in = NULL;
    tlsextnextprotoctx next_proto = { NULL, 0 };
@ -1336,6 +1338,9 @@ int s_server_main(int argc, char *argv[])
        case OPT_HTTP:
            www = 3;
            break;
+        case OPT_SSL_CONFIG:
+            ssl_config = opt_arg();
+            break;
        case OPT_SSL3:
 #ifndef OPENSSL_NO_SSL3
            meth = SSLv3_server_method();
@ -1613,6 +1618,15 @@ int s_server_main(int argc, char *argv[])
        ERR_print_errors(bio_err);
        goto end;
    }
+    if (ssl_config) {
+        if (SSL_CTX_config(ctx, ssl_config) == 0) {
+            BIO_printf(bio_err, "Error using configuration \"%s\"\n",
+                       ssl_config);
+        ERR_print_errors(bio_err);
+        goto end;
+        }
+    }
+
    if (session_id_prefix) {
        if (strlen(session_id_prefix) >= 32)
            BIO_printf(bio_err,