diff options
| author |   tedu <tedu@openbsd.org> | 2014-05-05 15:03:22 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-05-05 15:03:22 +0000 |
| commit | 8a8f3f13dd1fd3d25edeb39c5f7566180cd105f8 (patch) | |
| tree | bcf94eb93f2a60e72350cf5ac63be771a19d7b94 /lib/libssl/src/ssl/ssltest.c | |
| parent | A couple of malloc()+memset(0) -> calloc. (diff) | |
| download | wireguard-openbsd-8a8f3f13dd1fd3d25edeb39c5f7566180cd105f8.tar.xz wireguard-openbsd-8a8f3f13dd1fd3d25edeb39c5f7566180cd105f8.zip | |
Remove SRP and Kerberos support from libssl. These are complex protocols
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.
Diffstat (limited to 'lib/libssl/src/ssl/ssltest.c')
| -rw-r--r-- | lib/libssl/src/ssl/ssltest.c | 98 |
1 files changed, 0 insertions, 98 deletions
diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c index 1f5014baf38..879bf4b3eda 100644 --- a/lib/libssl/src/ssl/ssltest.c +++ b/lib/libssl/src/ssl/ssltest.c @@ -178,9 +178,6 @@ #ifndef OPENSSL_NO_DH #include <openssl/dh.h> #endif -#ifndef OPENSSL_NO_SRP -#include <openssl/srp.h> -#endif #include <openssl/bn.h> #define _XOPEN_SOURCE_EXTENDED 1 @@ -227,46 +224,6 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len); #endif -#ifndef OPENSSL_NO_SRP -/* SRP client */ -/* This is a context that we pass to all callbacks */ -typedef struct srp_client_arg_st { - char *srppassin; - char *srplogin; -} SRP_CLIENT_ARG; - -#define PWD_STRLEN 1024 - -static char * -ssl_give_srp_client_pwd_cb(SSL *s, void *arg) -{ - SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; - return BUF_strdup((char *)srp_client_arg->srppassin); -} - -/* SRP server */ -/* This is a context that we pass to SRP server callbacks */ -typedef struct srp_server_arg_st { - char *expected_user; - char *pass; -} SRP_SERVER_ARG; - -static int -ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) -{ - SRP_SERVER_ARG *p = (SRP_SERVER_ARG *) arg; - - if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) { - fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s)); - return SSL3_AL_FATAL; - } - if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) { - *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; - } - return SSL_ERROR_NONE; -} -#endif static BIO *bio_err = NULL; static BIO *bio_stdout = NULL; @@ -311,10 +268,6 @@ sv_usage(void) #ifndef OPENSSL_NO_PSK fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); #endif -#ifndef OPENSSL_NO_SRP - fprintf(stderr, " -srpuser user - SRP username to use\n"); - fprintf(stderr, " -srppass arg - password for 'user'\n"); -#endif fprintf(stderr, " -ssl3 - use SSLv3\n"); fprintf(stderr, " -tls1 - use TLSv1\n"); fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); @@ -484,12 +437,6 @@ main(int argc, char *argv[]) #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh = NULL; #endif -#ifndef OPENSSL_NO_SRP - /* client */ - SRP_CLIENT_ARG srp_client_arg = {NULL, NULL}; - /* server */ - SRP_SERVER_ARG srp_server_arg = {NULL, NULL}; -#endif int no_dhe = 0; int no_ecdhe = 0; int no_psk = 0; @@ -577,19 +524,6 @@ main(int argc, char *argv[]) no_psk = 1; #endif } -#ifndef OPENSSL_NO_SRP - else if (strcmp(*argv, "-srpuser") == 0) { - if (--argc < 1) - goto bad; - srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv); - tls1 = 1; - } else if (strcmp(*argv, "-srppass") == 0) { - if (--argc < 1) - goto bad; - srp_server_arg.pass = srp_client_arg.srppassin= *(++argv); - tls1 = 1; - } -#endif else if (strcmp(*argv, "-ssl2") == 0) ssl2 = 1; else if (strcmp(*argv, "-tls1") == 0) @@ -895,42 +829,10 @@ bad: } #endif } -#ifndef OPENSSL_NO_SRP - if (srp_client_arg.srplogin) { - if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) { - BIO_printf(bio_err, "Unable to set SRP username\n"); - goto end; - } - SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg); - SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb); - /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/ - } - - if (srp_server_arg.expected_user != NULL) { - SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback); - SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg); - SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb); - } -#endif c_ssl = SSL_new(c_ctx); s_ssl = SSL_new(s_ctx); -#ifndef OPENSSL_NO_KRB5 - if (c_ssl && c_ssl->kssl_ctx) { - char localhost[MAXHOSTNAMELEN + 2]; - - if (gethostname(localhost, sizeof localhost - 1) == 0) { - localhost[sizeof localhost - 1] = '\0'; - if (strlen(localhost) == sizeof localhost - 1) { - BIO_printf(bio_err, "localhost name too long\n"); - goto end; - } - kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, - localhost); - } - } -#endif /* OPENSSL_NO_KRB5 */ for (i = 0; i < number; i++) { if (!reuse) |