typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-#ifndef OPENSSL_NO_SSL_TRACE
OPT_STDNAME,
-#endif
-#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
-#endif
OPT_TLS1,
OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE;
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
{"V", OPT_UPPER_V, '-', "Even more verbose"},
{"s", OPT_S, '-', "Only supported ciphers"},
+ {"tls1", OPT_TLS1, '-', "TLS1 mode"},
#ifndef OPENSSL_NO_SSL_TRACE
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#endif
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
#endif
- {"tls1", OPT_TLS1, '-', "TLS1 mode"},
{NULL}
};
case OPT_S:
use_supported = 1;
break;
-#ifndef OPENSSL_NO_SSL_TRACE
case OPT_STDNAME:
+#ifndef OPENSSL_NO_SSL_TRACE
stdname = verbose = 1;
- break;
#endif
-#ifndef OPENSSL_NO_SSL3
+ break;
case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
- break;
#endif
+ break;
case OPT_TLS1:
meth = TLSv1_client_method();
break;
{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
{"receipt_request_from", OPT_RR_FROM, 's'},
{"receipt_request_to", OPT_RR_TO, 's'},
+ {"", OPT_CIPHER, '-', "Any supported cipher"},
+ OPT_V_OPTIONS,
# ifndef OPENSSL_NO_AES
{"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
{"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
- {"", OPT_CIPHER, '-', "Any supported cipher"},
- OPT_V_OPTIONS,
- {NULL},
+ {NULL}
};
int cms_main(int argc, char **argv)
goto end;
vpmtouched++;
break;
-# ifndef OPENSSL_NO_DES
case OPT_3DES_WRAP:
+# ifndef OPENSSL_NO_DES
wrap_cipher = EVP_des_ede3_wrap();
- break;
# endif
+ break;
# ifndef OPENSSL_NO_AES
case OPT_AES128_WRAP:
wrap_cipher = EVP_aes_128_wrap();
case OPT_AES256_WRAP:
wrap_cipher = EVP_aes_256_wrap();
break;
+# else
+ case OPT_AES128_WRAP:
+ case OPT_AES192_WRAP:
+ case OPT_AES256_WRAP:
+ break;
# endif
}
}
{"verify", OPT_VERIFY, '-'},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
+ {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+ {"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5
{"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
#endif
- {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
- {"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
- int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
- 0, text = 0;
+ int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
- int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber =
- 0, i, do_ver = 0;
+ int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
+ int text = 0, do_ver = 0;
+ int i;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
CAfile = opt_arg();
do_ver = 1;
break;
-#ifndef OPENSSL_NO_MD5
case OPT_HASH_OLD:
+#ifndef OPENSSL_NO_MD5
hash_old = ++num;
- break;
#endif
+ break;
case OPT_VERIFY:
do_ver = 1;
break;
{"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
{"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
+ {"", OPT_DIGEST, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-'},
#endif
- {"", OPT_DIGEST, '-', "Any supported digest"},
{NULL}
};
{"C", OPT_C, '-', "Print C code"},
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
-# ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
# ifndef OPENSSL_NO_DSA
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"},
{"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"},
-# ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
- {"pvk-strong", OPT_PVK_STRONG, '-'},
- {"pvk-weak", OPT_PVK_WEAK, '-'},
- {"pvk-none", OPT_PVK_NONE, '-'},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_RC4
+ {"pvk-strong", OPT_PVK_STRONG, '-'},
+ {"pvk-weak", OPT_PVK_WEAK, '-'},
+ {"pvk-none", OPT_PVK_NONE, '-'},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
{NULL}
};
switch (o) {
case OPT_EOF:
case OPT_ERR:
-#ifdef OPENSSL_NO_RC4
- case OPT_PVK_STRONG:
- case OPT_PVK_WEAK:
- case OPT_PVK_NONE:
-#endif
opthelp:
ret = 0;
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
case OPT_PVK_NONE:
pvk_encr = 0;
break;
+#else
+ case OPT_PVK_STRONG:
+ case OPT_PVK_WEAK:
+ case OPT_PVK_NONE:
+ break;
#endif
case OPT_NOOUT:
noout = 1;
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
{"rand", OPT_RAND, 's', "Files to use for random number input"},
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
-# ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
# ifdef GENCB_TEST
{"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
-# ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key"},
{"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
"Specifies the way the ec parameters are encoded"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
{NULL}
};
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pass", OPT_PASS, 's', "Passphrase source"},
-#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-#endif
{"e", OPT_E, '-', "Encrypt"},
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
{"A", OPT_UPPER_A, '-'},
{"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"},
{"base64", OPT_A, '-', "Base64 output as a single line"},
-#ifdef ZLIB
- {"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
-#endif
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
{"k", OPT_K, 's', "Passphrase"},
{"kfile", OPT_KFILE, '<', "Fead passphrase from file"},
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
{"none", OPT_NONE, '-', "Don't encrypt"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
+#ifdef ZLIB
+ {"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
{NULL}
};
{"passout", OPT_PASSOUT, 's'},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
+ {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
- {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
{NULL}
};
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
+ /* This is deliberately last. */
{OPT_HELP_STR, 1, 1,
"Order of options may be important! See the documentation.\n"},
{NULL}
{"quiet", OPT_QUIET, '-', "No warnings"},
{"table", OPT_TABLE, '-', "Format output as table"},
{"reverse", OPT_REVERSE, '-', "Switch table columns"},
+ {"salt", OPT_SALT, 's', "Use provided salt"},
+ {"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
# ifndef NO_MD5CRYPT_1
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
# ifndef OPENSSL_NO_DES
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
# endif
- {"salt", OPT_SALT, 's', "Use provided salt"},
- {"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
{NULL}
};
{"password", OPT_PASSWORD, 's', "Set import/export password source"},
{"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
{"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
+ {"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
- {"", OPT_CIPHER, '-', "Any supported cipher"},
{NULL}
};
"Cert extension section (override value in config file)"},
{"reqexts", OPT_REQEXTS, 's',
"Request extension section (override value in config file)"},
+ {"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"keygen_engine", OPT_KEYGEN_ENGINE, 's'},
#endif
- {"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
{"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
- {"pvk-strong", OPT_PVK_STRONG, '-'},
- {"pvk-weak", OPT_PVK_WEAK, '-'},
- {"pvk-none", OPT_PVK_NONE, '-'},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
{"check", OPT_CHECK, '-', "Verify key consistency"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifdef OPENSSL_NO_RC4
+ {"pvk-strong", OPT_PVK_STRONG, '-'},
+ {"pvk-weak", OPT_PVK_WEAK, '-'},
+ {"pvk-none", OPT_PVK_NONE, '-'},
+# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
switch (o) {
case OPT_EOF:
case OPT_ERR:
-#ifdef OPENSSL_NO_RC4
- case OPT_PVK_STRONG:
- case OPT_PVK_WEAK:
- case OPT_PVK_NONE:
-#endif
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_PVK_NONE:
pvk_encr = 0;
break;
+#else
+ case OPT_PVK_STRONG:
+ case OPT_PVK_WEAK:
+ case OPT_PVK_NONE:
+ break;
#endif
case OPT_NOOUT:
noout = 1;
{"quiet", OPT_QUIET, '-', "No s_client output"},
{"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
{"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
-#ifndef OPENSSL_NO_SSL3
- {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
-#endif
{"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
{"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
{"tls1", OPT_TLS1, '-', "Just use TLSv1"},
- {"dtls", OPT_DTLS, '-'},
- {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
- {"dtls1_2", OPT_DTLS1_2, '-'},
- {"timeout", OPT_TIMEOUT, '-'},
- {"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
{"starttls", OPT_STARTTLS, 's',
"Use the STARTTLS command before starting TLS"},
{"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
"Export len bytes of keying material (default 20)"},
{"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
+ {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
+ {"CRL", OPT_CRL, '<'},
+ {"crl_download", OPT_CRL_DOWNLOAD, '-'},
+ {"CRLform", OPT_CRLFORM, 'F'},
+ {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
+ {"verify_quiet", OPT_VERIFY_QUIET, '-'},
+ {"brief", OPT_BRIEF, '-'},
+ {"prexit", OPT_PREXIT, '-'},
+ {"security_debug", OPT_SECURITY_DEBUG, '-'},
+ {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
+ {"cert_chain", OPT_CERT_CHAIN, '<'},
+ {"chainCApath", OPT_CHAINCAPATH, '/'},
+ {"verifyCApath", OPT_VERIFYCAPATH, '/'},
+ {"build_chain", OPT_BUILD_CHAIN, '-'},
+ {"chainCAfile", OPT_CHAINCAFILE, '<'},
+ {"verifyCAfile", OPT_VERIFYCAFILE, '<'},
+ {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
+ {"servername", OPT_SERVERNAME, 's',
+ "Set TLS extension servername in ClientHello"},
+ {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
+ "Hex dump of all TLS extensions received"},
+ {"status", OPT_STATUS, '-', "Request certificate status from server"},
+ {"serverinfo", OPT_SERVERINFO, 's',
+ "types Send empty ClientHello extensions (comma-separated numbers)"},
+ {"alpn", OPT_ALPN, 's',
+ "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
+ OPT_S_OPTIONS,
+ OPT_V_OPTIONS,
+ OPT_X_OPTIONS,
+#ifndef OPENSSL_NO_SSL3
+ {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+ {"dtls", OPT_DTLS, '-'},
+ {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
+ {"dtls1_2", OPT_DTLS1_2, '-'},
+ {"timeout", OPT_TIMEOUT, '-'},
+ {"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+ {"trace", OPT_TRACE, '-'},
+#endif
#ifdef WATT32
{"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
#endif
"Tolerate other than the known g N values."},
{"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"},
#endif
- {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
- {"servername", OPT_SERVERNAME, 's',
- "Set TLS extension servername in ClientHello"},
- {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
- "Hex dump of all TLS extensions received"},
- {"status", OPT_STATUS, '-', "Request certificate status from server"},
- {"serverinfo", OPT_SERVERINFO, 's',
- "types Send empty ClientHello extensions (comma-separated numbers)"},
- {"alpn", OPT_ALPN, 's',
- "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
#ifndef OPENSSL_NO_NEXTPROTONEG
{"nextprotoneg", OPT_NEXTPROTONEG, 's',
"Enable NPN extension, considering named protocols supported (comma-separated list)"},
#endif
- {"CRL", OPT_CRL, '<'},
- {"crl_download", OPT_CRL_DOWNLOAD, '-'},
- {"CRLform", OPT_CRLFORM, 'F'},
- {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
- {"verify_quiet", OPT_VERIFY_QUIET, '-'},
- {"brief", OPT_BRIEF, '-'},
- {"prexit", OPT_PREXIT, '-'},
- {"trace", OPT_TRACE, '-'},
- {"security_debug", OPT_SECURITY_DEBUG, '-'},
- {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
- {"cert_chain", OPT_CERT_CHAIN, '<'},
- {"chainCApath", OPT_CHAINCAPATH, '/'},
- {"verifyCApath", OPT_VERIFYCAPATH, '/'},
- {"build_chain", OPT_BUILD_CHAIN, '-'},
- {"chainCAfile", OPT_CHAINCAFILE, '<'},
- {"verifyCAfile", OPT_VERIFYCAFILE, '<'},
- {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'},
#endif
- OPT_S_OPTIONS,
- OPT_V_OPTIONS,
- OPT_X_OPTIONS,
{NULL}
};
prog = opt_init(argc, argv, s_client_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
-#ifndef WATT32
- case OPT_WDEBUG:
-#endif
-#ifdef OPENSSL_NO_JPAKE
- case OPT_JPAKE:
-#endif
-#ifdef OPENSSL_NO_SSL_TRACE
- case OPT_TRACE:
-#endif
-#ifdef OPENSSL_NO_PSK
- case OPT_PSK_IDENTITY:
- case OPT_PSK:
-#endif
-#ifdef OPENSSL_NO_SSL3
- case OPT_SSL3:
-#endif
-#ifdef OPENSSL_NO_DTLS1
- case OPT_DTLS:
- case OPT_DTLS1:
- case OPT_DTLS1_2:
- case OPT_TIMEOUT:
- case OPT_MTU:
-#endif
case OPT_EOF:
case OPT_ERR:
opthelp:
case OPT_STATUS:
c_status_req = 1;
break;
-#ifdef WATT32
case OPT_WDEBUG:
+#ifdef WATT32
dbug_init();
- break;
#endif
+ break;
case OPT_MSG:
c_msg = 1;
break;
case OPT_MSGFILE:
bio_c_msg = BIO_new_file(opt_arg(), "w");
break;
-#ifndef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
c_msg = 2;
- break;
#endif
+ break;
case OPT_SECURITY_DEBUG:
sdebug = 1;
break;
BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
goto end;
}
+#else
+ case OPT_PSK_IDENTITY:
+ case OPT_PSK:
break;
#endif
#ifndef OPENSSL_NO_SRP
case OPT_SRP_MOREGROUPS:
break;
#endif
-#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
- break;
#endif
+ break;
case OPT_TLS1_2:
meth = TLSv1_2_client_method();
break;
case OPT_MTU:
socket_mtu = atol(opt_arg());
break;
+#else
+ case OPT_DTLS:
+ case OPT_DTLS1:
+ case OPT_DTLS1_2:
+ case OPT_TIMEOUT:
+ case OPT_MTU:
+ break;
#endif
case OPT_FALLBACKSCSV:
fallback_scsv = 1;
goto end;
case OPT_SERVERNAME:
servername = opt_arg();
- /* meth=TLSv1_client_method(); */
break;
-#ifndef OPENSSL_NO_JPAKE
case OPT_JPAKE:
+#ifndef OPENSSL_NO_JPAKE
jpake_secret = opt_arg();
- break;
#endif
+ break;
case OPT_USE_SRTP:
srtp_profiles = opt_arg();
break;
OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP,
-#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
-#endif
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN,
OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
OPTIONS s_server_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
-
{"port", OPT_PORT, 'p'},
{"accept", OPT_PORT, 'p',
"TCP/IP port to accept on (default is " PORT_STR ")"},
{"dkeyform", OPT_DKEYFORM, 'F',
"Second key format (PEM, DER or ENGINE) PEM default"},
{"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
-#ifdef FIONBIO
- {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
-#endif
{"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
{"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
{"debug", OPT_DEBUG, '-', "Print more output"},
{"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
{"quiet", OPT_QUIET, '-', "No server output"},
{"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"},
-#ifndef OPENSSL_NO_PSK
- {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
- {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
-# ifndef OPENSSL_NO_JPAKE
- {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
-# endif
-#endif
-#ifndef OPENSSL_NO_SRP
- {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
- {"srpuserseed", OPT_SRPUSERSEED, 's',
- "A seed string for a default user salt"},
-#endif
-#ifndef OPENSSL_NO_SSL3
- {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
-#endif
{"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
{"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
{"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
-#ifndef OPENSSL_NO_DTLS1
- {"dtls", OPT_DTLS, '-'},
- {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
- {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
- {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
- {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
- {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
-#endif
-#ifndef OPENSSL_NO_DH
- {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
-#endif
-#ifndef OPENSSL_NO_EC
- {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
-#endif
{"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
"Disable caching and tickets if ephemeral (EC)DH is used"},
{"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
{"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
- {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
- {"id_prefix", OPT_ID_PREFIX, 's',
- "Generate SSL/TLS session IDs prefixed by arg"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
{"servername", OPT_SERVERNAME, 's',
"Servername for HostName TLS extension"},
{"servername_fatal", OPT_SERVERNAME_FATAL, '-',
"-Private Key file to use for servername if not in -cert2"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
-#ifndef OPENSSL_NO_NEXTPROTONEG
- {"nextprotoneg", OPT_NEXTPROTONEG, 's',
- "Set the advertised protocols for the NPN extension (comma-separated list)"},
-#endif
- {"use_srtp", OPT_SRTP_PROFILES, '<',
- "Offer SRTP key management with a colon-separated profile list"},
- {"alpn", OPT_ALPN, 's',
- "Set the advertised protocols for the ALPN extension (comma-separated list)"},
+ {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
+ {"id_prefix", OPT_ID_PREFIX, 's',
+ "Generate SSL/TLS session IDs prefixed by arg"},
+ {"rand", OPT_RAND, 's',
+ "Load the file(s) into the random number generator"},
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
{"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
{"brief", OPT_BRIEF, '-'},
{"rev", OPT_REV, '-'},
-#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's'},
-#endif
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
+#ifdef FIONBIO
+ {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+#endif
+#ifndef OPENSSL_NO_PSK
+ {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
+ {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
+# ifndef OPENSSL_NO_JPAKE
+ {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
+# endif
+#endif
+#ifndef OPENSSL_NO_SRP
+ {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
+ {"srpuserseed", OPT_SRPUSERSEED, 's',
+ "A seed string for a default user salt"},
+#endif
+#ifndef OPENSSL_NO_SSL3
+ {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+ {"dtls", OPT_DTLS, '-'},
+ {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
+ {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
+ {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
+ {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
+ {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
+#endif
+#ifndef OPENSSL_NO_DH
+ {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
+#endif
+#ifndef OPENSSL_NO_EC
+ {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ {"nextprotoneg", OPT_NEXTPROTONEG, 's',
+ "Set the advertised protocols for the NPN extension (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_SRTP
+ {"use_srtp", OPT_SRTP_PROFILES, '<',
+ "Offer SRTP key management with a colon-separated profile list"},
+ {"alpn", OPT_ALPN, 's',
+ "Set the advertised protocols for the ALPN extension (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's'},
+#endif
{NULL}
};
case OPT_MSGFILE:
bio_s_msg = BIO_new_file(opt_arg(), "w");
break;
-#ifndef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
s_msg = 2;
- break;
#else
- case OPT_TRACE:
- goto opthelp;
+ break;
#endif
case OPT_SECURITY_DEBUG:
sdebug = 1;
goto end;
}
break;
+#else
+ case OPT_PSK_HINT:
+ case OPT_PSK:
+ break;
#endif
#ifndef OPENSSL_NO_SRP
case OPT_SRPVFILE:
case OPT_HTTP:
www = 3;
break;
-#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
meth = SSLv3_server_method();
- break;
#endif
+ break;
case OPT_TLS1_2:
meth = TLSv1_2_server_method();
break;
case OPT_CHAIN:
cert_chain = 1;
break;
+#else
+ case OPT_DTLS:
+ case OPT_DTLS1:
+ case OPT_DTLS1_2:
+ case OPT_TIMEOUT:
+ case OPT_MTU:
+ case OPT_CHAIN:
+ break;
#endif
case OPT_ID_PREFIX:
session_id_prefix = opt_arg();
case OPT_KEY2:
s_key_file2 = opt_arg();
break;
-#ifndef OPENSSL_NO_NEXTPROTONEG
case OPT_NEXTPROTONEG:
+# ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_in = opt_arg();
- break;
#endif
+ break;
case OPT_ALPN:
alpn_in = opt_arg();
break;
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME,
-#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
-#endif
OPT_WWW
} OPTION_CHOICE;
goto end;
}
break;
-#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
- break;
#endif
+ break;
}
}
argc = opt_num_rest();
{OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
+ {"evp", OPT_EVP, 's', "Use specified EVP cipher"},
+ {"decrypt", OPT_DECRYPT, '-',
+ "Time decryption instead of encryption (only EVP)"},
+ {"mr", OPT_MR, '-', "Produce machine readable output"},
+ {"mb", OPT_MB, '-'},
+ {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
#if defined(TIMES) || defined(USE_TOD)
{"elapsed", OPT_ELAPSED, '-',
"Measure time in real time instead of CPU user time"},
#endif
- {"evp", OPT_EVP, 's', "Use specified EVP cipher"},
- {"decrypt", OPT_DECRYPT, '-',
- "Time decryption instead of encryption (only EVP)"},
#ifndef NO_FORK
{"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
#endif
- {"mr", OPT_MR, '-', "Produce machine readable output"},
- {"mb", OPT_MB, '-'},
- {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
case OPT_ENGINE:
(void)setup_engine(opt_arg(), 0);
break;
-#ifndef NO_FORK
case OPT_MULTI:
+#ifndef NO_FORK
multi = atoi(opt_arg());
- break;
#endif
+ break;
case OPT_MISALIGN:
if (!opt_int(opt_arg(), &misalign))
goto end;
{"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
{"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
{"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
+ {"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
- {"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
{"CRLfile", OPT_CRLFILE, '<'},
{"crl_download", OPT_CRL_DOWNLOAD, '-'},
{"show_chain", OPT_SHOW_CHAIN, '-'},
+ OPT_V_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
- OPT_V_OPTIONS,
{NULL}
};
OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST,
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
-#ifndef OPENSSL_NO_MD5
OPT_SUBJECT_HASH_OLD,
OPT_ISSUER_HASH_OLD,
-#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
OPT_FORCE_VERSION,
-#endif
OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT
} OPTION_CHOICE;
{"serial", OPT_SERIAL, '-', "Print serial number value"},
{"subject_hash", OPT_HASH, '-', "Print subject hash value"},
{"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
-#ifndef OPENSSL_NO_MD5
- {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
- "Print old-style (MD5) issuer hash value"},
- {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
- "Print old-style (MD5) subject hash value"},
-#endif
{"hash", OPT_HASH, '-', "Synonym for -subject_hash"},
{"subject", OPT_SUBJECT, '-', "Print subject DN"},
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
{"clrreject", OPT_CLRREJECT, '-'},
{"badsig", OPT_BADSIG, '-'},
{"", OPT_MD, '-', "Any supported digest"},
-#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#ifndef OPENSSL_NO_MD5
+ {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
+ "Print old-style (MD5) issuer hash value"},
+ {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
+ "Print old-style (MD5) subject hash value"},
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
{"force_version", OPT_FORCE_VERSION, 'p'},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
case OPT_FORCE_VERSION:
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
force_version = atoi(opt_arg()) - 1;
- break;
#endif
+ break;
case OPT_DAYS:
days = atoi(opt_arg());
break;
case OPT_ISSUER_HASH_OLD:
issuer_hash_old = ++num;
break;
+#else
+ case OPT_SUBJECT_HASH_OLD:
+ case OPT_ISSUER_HASH_OLD:
+ break;
#endif
case OPT_DATES:
startdate = ++num;