Remove Kerberos support from apps (5561419a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/Makefile

+2 −5

Original line number	Diff line number	Diff line
		@@ -5,14 +5,11 @@
		DIR= apps
		TOP= ..
		CC= cc
		INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
		INCLUDES= -I$(TOP) -I../include
		CFLAG= -g -static -Wswitch
		MAKEFILE= Makefile
		PERL= perl
		RM= rm -f
		# KRB5 stuff
		KRB5_INCLUDES=
		LIBKRB5=

		PEX_LIBS=
		EX_LIBS=
		@@ -149,7 +146,7 @@ $(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL)
		shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
		shlib_target="$(SHLIB_TARGET)"; \
		fi; \
		LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
		LIBRARIES="$(LIBSSL) $(LIBCRYPTO)" ; \
		$(MAKE) -f $(TOP)/Makefile.shared -e \
		APPNAME=$(EXE) OBJECTS="$(EXE_OBJ)" \
		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \

apps/s_client.c

+1 −21

Original line number	Diff line number	Diff line
		@@ -474,7 +474,7 @@ typedef enum OPTION_choice {
		OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
		OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
		OPT_CERT_CHAIN, OPT_CAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
		OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_KRB5SVC,
		OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE,
		OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
		OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_JPAKE,
		OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST,
		@@ -551,9 +551,6 @@ OPTIONS s_client_options[] = {
		{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
		# endif
		#endif
		#ifndef OPENSSL_NO_KRB5
		{"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"},
		#endif
		#ifndef OPENSSL_NO_SRP
		{"srpuser", OPT_SRPUSER, 's', "SRP authentification for 'user'"},
		{"srppass", OPT_SRPPASS, 's', "Password for 'user'"},
		@@ -666,10 +663,6 @@ int s_client_main(int argc, char **argv)
		long socket_mtu = 0, randamt = 0;
		unsigned short port = PORT;
		OPTION_CHOICE o;
		#ifndef OPENSSL_NO_KRB5
		KSSL_CTX *kctx;
		const char *krb5svc = NULL;
		#endif
		#ifndef OPENSSL_NO_ENGINE
		ENGINE *ssl_client_engine = NULL;
		#endif
		@@ -829,11 +822,6 @@ int s_client_main(int argc, char **argv)
		case OPT_NOCMDS:
		cmdletters = 0;
		break;
		case OPT_KRB5SVC:
		#ifndef OPENSSL_NO_KRB5
		krb5svc = opt_arg();
		#endif
		break;
		case OPT_ENGINE:
		e = setup_engine(opt_arg(), 1);
		break;
		@@ -1333,14 +1321,6 @@ int s_client_main(int argc, char **argv)
		}
		}
		#endif
		#ifndef OPENSSL_NO_KRB5
		if (con && (kctx = kssl_ctx_new()) != NULL) {
		SSL_set0_kssl_ctx(con, kctx);
		kssl_ctx_setstring(kctx, KSSL_SERVER, host);
		if (krb5svc)
		kssl_ctx_setstring(kctx, KSSL_SERVICE, krb5svc);
		}
		#endif /* OPENSSL_NO_KRB5 */

		re_start:
		#ifdef NO_SYS_UN_H

apps/s_server.c

+2 −52

Original line number	Diff line number	Diff line
		@@ -228,8 +228,7 @@ static int s_server_verify = SSL_VERIFY_NONE;
		static int s_server_session_id_context = 1; /* anything will do */
		static const char s_cert_file = TEST_CERT, s_key_file =
		NULL, *s_chain_file = NULL;
		static const char *krb5svc = NULL;
		static const char *krb5tab = NULL;

		#ifndef OPENSSL_NO_TLSEXT
		static const char s_cert_file2 = TEST_CERT2, s_key_file2 = NULL;
		#endif
		@@ -833,8 +832,7 @@ typedef enum OPTION_choice {
		OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
		OPT_S_ENUM,
		OPT_V_ENUM,
		OPT_X_ENUM,
		OPT_KRB5SVC, OPT_KRBTAB
		OPT_X_ENUM
		} OPTION_CHOICE;

		OPTIONS s_server_options[] = {
		@@ -892,8 +890,6 @@ OPTIONS s_server_options[] = {
		{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
		# endif
		#endif
		{"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"},
		{"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"},
		#ifndef OPENSSL_NO_SRP
		{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
		{"srpuserseed", OPT_SRPUSERSEED, 's',
		@@ -1410,12 +1406,6 @@ int s_server_main(int argc, char *argv[])
		case OPT_JPAKE:
		goto opthelp;
		#endif
		case OPT_KRB5SVC:
		krb5svc = opt_arg();
		break;
		case OPT_KRBTAB:
		krb5tab = opt_arg();
		break;
		case OPT_SRTP_PROFILES:
		srtp_profiles = opt_arg();
		break;
		@@ -1988,9 +1978,6 @@ static int sv_body(char hostname, int s, int stype, unsigned char context)
		unsigned long l;
		SSL *con = NULL;
		BIO *sbio;
		#ifndef OPENSSL_NO_KRB5
		KSSL_CTX *kctx;
		#endif
		struct timeval timeout;
		#if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSSL_SYS_NETWARE)
		struct timeval tv;
		@@ -2022,15 +2009,6 @@ static int sv_body(char hostname, int s, int stype, unsigned char context)
		SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
		}
		#endif
		#ifndef OPENSSL_NO_KRB5
		if ((kctx = kssl_ctx_new()) != NULL) {
		SSL_set0_kssl_ctx(con, kctx);
		kssl_ctx_setstring(kctx, KSSL_SERVICE,
		krb5svc ? krb5svc : KRB5SVC);
		if (krb5tab)
		kssl_ctx_setstring(kctx, KSSL_KEYTAB, krb5tab);
		}
		#endif /* OPENSSL_NO_KRB5 */
		if (context
		&& !SSL_set_session_id_context(con,
		context, strlen((char *)context))) {
		@@ -2400,9 +2378,6 @@ static int init_ssl_connection(SSL *con)
		X509 *peer;
		long verify_error;
		char buf[BUFSIZ];
		#ifndef OPENSSL_NO_KRB5
		char *client_princ;
		#endif
		#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
		const unsigned char *next_proto_neg;
		unsigned next_proto_neg_len;
		@@ -2503,13 +2478,6 @@ static int init_ssl_connection(SSL *con)
		if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
		TLS1_FLAGS_TLS_PADDING_BUG)
		BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
		#ifndef OPENSSL_NO_KRB5
		client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
		if (client_princ != NULL) {
		BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
		client_princ);
		}
		#endif /* OPENSSL_NO_KRB5 */
		BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
		SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
		if (keymatexportlabel != NULL) {
		@@ -2558,9 +2526,6 @@ static int www_body(char hostname, int s, int stype, unsigned char context)
		SSL *con;
		const SSL_CIPHER *c;
		BIO io, ssl_bio, *sbio;
		#ifndef OPENSSL_NO_KRB5
		KSSL_CTX *kctx;
		#endif
		#ifdef RENEG
		int total_bytes = 0;
		#endif
		@@ -2594,12 +2559,6 @@ static int www_body(char hostname, int s, int stype, unsigned char context)
		SSL_set_tlsext_debug_arg(con, bio_s_out);
		}
		#endif
		#ifndef OPENSSL_NO_KRB5
		if ((kctx = kssl_ctx_new()) != NULL) {
		kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
		kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
		}
		#endif /* OPENSSL_NO_KRB5 */
		if (context && !SSL_set_session_id_context(con, context,
		strlen((char *)context)))
		goto err;
		@@ -2927,9 +2886,6 @@ static int rev_body(char hostname, int s, int stype, unsigned char context)
		int ret = 1;
		SSL *con;
		BIO io, ssl_bio, *sbio;
		#ifndef OPENSSL_NO_KRB5
		KSSL_CTX *kctx;
		#endif

		buf = app_malloc(bufsize, "server rev buffer");
		io = BIO_new(BIO_f_buffer());
		@@ -2949,12 +2905,6 @@ static int rev_body(char hostname, int s, int stype, unsigned char context)
		SSL_set_tlsext_debug_arg(con, bio_s_out);
		}
		#endif
		#ifndef OPENSSL_NO_KRB5
		if ((kctx = kssl_ctx_new()) != NULL) {
		kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
		kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
		}
		#endif /* OPENSSL_NO_KRB5 */
		if (context && !SSL_set_session_id_context(con, context,
		strlen((char *)context))) {
		ERR_print_errors(bio_err);