From c32ebefaa891b60a5dd23a039a2da5982d25ae26 Mon Sep 17 00:00:00 2001
From: Scott Deboy <sdeboy@secondstryke.com>
Date: Sun, 9 Feb 2014 07:49:44 -0800
Subject: [PATCH] Reverting 1.0.2-only changes supporting the prior authz
 RFC5878-based tests from commit 835d104f46c4448a27844a9309de456c7972a943

---
 ssl/ssltest.c | 119 --------------------------------------------------
 1 file changed, 119 deletions(-)

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 47a8189bf7..1cba422ea9 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -836,11 +836,6 @@ static void sv_usage(void)
 	               "                 (default is sect163r2).\n");
 #endif
 	fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
-#ifndef OPENSSL_NO_TLSEXT
-	fprintf(stderr," -server_authz arg - binary authz file for certificate\n");
-	fprintf(stderr," -c_support_proof  - indicate client support for server_authz audit proofs\n");
-	fprintf(stderr," -c_require_proof  - fail if no audit proof is sent\n");
-#endif
 	fprintf(stderr," -serverinfo_file file - have server use this file\n");
 	fprintf(stderr," -serverinfo_sct  - have client offer and expect SCT\n");
 	fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n");
@@ -978,56 +973,6 @@ int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
 	}
 #endif
 
-#ifndef OPENSSL_NO_TLSEXT
-struct audit_proof_cb_arg_st
-	{
-	unsigned char *expected_proof;
-	size_t expected_proof_length;
-	int require;
-	};
-
-struct audit_proof_cb_arg_st c_expected = { NULL, 0, 0 };
-
-static int audit_proof_cb(SSL *s, void *arg)
-	{
-	const unsigned char *proof;
-	size_t proof_len;
-	SSL_SESSION *sess = SSL_get_session(s);
-	struct audit_proof_cb_arg_st *cb_arg = (struct audit_proof_cb_arg_st*)arg;
-
-	proof = SSL_SESSION_get_tlsext_authz_server_audit_proof(sess,
-		&proof_len);
-	if (proof != NULL)
-		{
-		if (proof_len == cb_arg->expected_proof_length &&
-			cb_arg->expected_proof != NULL &&
-			memcmp(proof, cb_arg->expected_proof, proof_len) == 0)
-			{
-			BIO_printf(bio_stdout, "Audit proof OK (%lu bytes).\n",
-				   (long)proof_len);
-			return 1;
-			}
-		else
-			{
-			BIO_printf(bio_stdout, "Audit proof mismatch.\n");
-			/* Cause handshake failure. */
-			return 0;
-			}
-		}
-
-	else /* proof == NULL */
-		{
-		BIO_printf(bio_stdout, "No audit proof found.\n");
-		if (cb_arg->require)
-			{
-			/* Cause handshake failure. */
-			return 0;
-			}
-		return 1;
-		}
-	}
-#endif
-
 int main(int argc, char *argv[])
 	{
 	char *CApath=NULL,*CAfile=NULL;
@@ -1079,11 +1024,6 @@ int main(int argc, char *argv[])
 #ifdef OPENSSL_FIPS
 	int fips_mode=0;
 #endif
-#ifndef OPENSSL_NO_TLSEXT
-	char *s_authz_file = NULL;
-	int c_support_proof = 0;
-	int c_require_proof = 0;
-#endif
 
 	verbose = 0;
 	debug = 0;
@@ -1302,24 +1242,6 @@ int main(int argc, char *argv[])
 			{
 			test_cipherlist = 1;
 			}
-#ifndef OPENSSL_NO_TLSEXT
-		else if(strcmp(*argv,"-server_authz") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_authz_file = *(++argv);
-			tls1 = 1;
-			}
-		else if (strcmp(*argv,"-c_support_proof") == 0)
-			{
-			c_support_proof = 1;
-			tls1 = 1;
-			}
-		else if (strcmp(*argv,"-c_require_proof") == 0)
-			{
-			c_require_proof = 1;
-			tls1 = 1;
-			}
-#endif
 		else if (strcmp(*argv,"-serverinfo_sct") == 0)
 			{
 			serverinfo_sct = 1;
@@ -1389,15 +1311,6 @@ bad:
 			"to avoid protocol mismatch.\n");
 		EXIT(1);
 		}
-	if (c_require_proof && s_authz_file == NULL && !force)
-		{
-		fprintf(stderr, "This case cannot work. -c_require_proof "
-			"requires an audit proof, but none was supplied. "
-			"Use -f to perform the test anyway (and\n-d to see "
-			"what happens), or use -server_authz to supply an "
-			"audit proof.\n");
-		EXIT(1);
-		}
 
 #ifdef OPENSSL_FIPS
 	if(fips_mode)
@@ -1669,34 +1582,6 @@ bad:
 		SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
 		}
 #endif
-#ifndef OPENSSL_NO_TLSEXT
-	if (s_authz_file != NULL)
-		{
-		if(!SSL_CTX_use_authz_file(s_ctx, s_authz_file))
-			{
-			BIO_printf(bio_err, "Unable to set authz data\n");
-			goto end;
-			}
-		}
-	if (c_support_proof || c_require_proof)
-		{
-		size_t proof_length;
-		const unsigned char *proof = SSL_CTX_get_authz_data(s_ctx,
-			TLSEXT_AUTHZDATAFORMAT_audit_proof, &proof_length);
-		if (proof != NULL)
-			{
-			/* Store a local copy. */
-			c_expected.expected_proof = OPENSSL_malloc(proof_length);
-			c_expected.expected_proof_length = proof_length;
-			memcpy(c_expected.expected_proof, proof, proof_length);
-			}
-		c_expected.require = c_require_proof;
-		SSL_CTX_set_tlsext_authz_server_audit_proof_cb(c_ctx,
-			audit_proof_cb);
-		SSL_CTX_set_tlsext_authz_server_audit_proof_cb_arg(c_ctx,
-			&c_expected);
-		}
-#endif
 
 	if (serverinfo_sct)
 		SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL, 
@@ -1849,10 +1734,6 @@ end:
 #endif
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE_cleanup();
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-	if (c_expected.expected_proof != NULL)
-		OPENSSL_free(c_expected.expected_proof);
 #endif
 	CRYPTO_cleanup_all_ex_data();
 	ERR_free_strings();
-- 
2.40.0