Commit c32ebefa authored by Scott Deboy's avatar Scott Deboy
Browse files

Reverting 1.0.2-only changes supporting the prior authz RFC5878-based tests... 

Reverting 1.0.2-only changes supporting the prior authz RFC5878-based tests from commit 835d104f
parent 5a32dd89

ssl/ssltest.c

+0 −119
Original line number Diff line number Diff line
@@ -836,11 +836,6 @@ static void sv_usage(void) 
	               "                 (default is sect163r2).\n");

#endif

	fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");

#ifndef OPENSSL_NO_TLSEXT

	fprintf(stderr," -server_authz arg - binary authz file for certificate\n");

	fprintf(stderr," -c_support_proof  - indicate client support for server_authz audit proofs\n");

	fprintf(stderr," -c_require_proof  - fail if no audit proof is sent\n");

#endif

	fprintf(stderr," -serverinfo_file file - have server use this file\n");

	fprintf(stderr," -serverinfo_sct  - have client offer and expect SCT\n");

	fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n");
@@ -978,56 +973,6 @@ int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_) 
	}

#endif



#ifndef OPENSSL_NO_TLSEXT

struct audit_proof_cb_arg_st

	{

	unsigned char *expected_proof;

	size_t expected_proof_length;

	int require;

	};



struct audit_proof_cb_arg_st c_expected = { NULL, 0, 0 };



static int audit_proof_cb(SSL *s, void *arg)

	{

	const unsigned char *proof;

	size_t proof_len;

	SSL_SESSION *sess = SSL_get_session(s);

	struct audit_proof_cb_arg_st *cb_arg = (struct audit_proof_cb_arg_st*)arg;



	proof = SSL_SESSION_get_tlsext_authz_server_audit_proof(sess,

		&proof_len);

	if (proof != NULL)

		{

		if (proof_len == cb_arg->expected_proof_length &&

			cb_arg->expected_proof != NULL &&

			memcmp(proof, cb_arg->expected_proof, proof_len) == 0)

			{

			BIO_printf(bio_stdout, "Audit proof OK (%lu bytes).\n",

				   (long)proof_len);

			return 1;

			}

		else

			{

			BIO_printf(bio_stdout, "Audit proof mismatch.\n");

			/* Cause handshake failure. */

			return 0;

			}

		}



	else /* proof == NULL */

		{

		BIO_printf(bio_stdout, "No audit proof found.\n");

		if (cb_arg->require)

			{

			/* Cause handshake failure. */

			return 0;

			}

		return 1;

		}

	}

#endif



int main(int argc, char *argv[])

	{

	char *CApath=NULL,*CAfile=NULL;
@@ -1079,11 +1024,6 @@ int main(int argc, char *argv[]) 
#ifdef OPENSSL_FIPS

	int fips_mode=0;

#endif

#ifndef OPENSSL_NO_TLSEXT

	char *s_authz_file = NULL;

	int c_support_proof = 0;

	int c_require_proof = 0;

#endif



	verbose = 0;

	debug = 0;
@@ -1302,24 +1242,6 @@ int main(int argc, char *argv[]) 
			{

			test_cipherlist = 1;

			}

#ifndef OPENSSL_NO_TLSEXT

		else if(strcmp(*argv,"-server_authz") == 0)

			{

			if (--argc < 1) goto bad;

			s_authz_file = *(++argv);

			tls1 = 1;

			}

		else if (strcmp(*argv,"-c_support_proof") == 0)

			{

			c_support_proof = 1;

			tls1 = 1;

			}

		else if (strcmp(*argv,"-c_require_proof") == 0)

			{

			c_require_proof = 1;

			tls1 = 1;

			}

#endif

		else if (strcmp(*argv,"-serverinfo_sct") == 0)

			{

			serverinfo_sct = 1;
@@ -1389,15 +1311,6 @@ bad: 
			"to avoid protocol mismatch.\n");

		EXIT(1);

		}

	if (c_require_proof && s_authz_file == NULL && !force)

		{

		fprintf(stderr, "This case cannot work. -c_require_proof "

			"requires an audit proof, but none was supplied. "

			"Use -f to perform the test anyway (and\n-d to see "

			"what happens), or use -server_authz to supply an "

			"audit proof.\n");

		EXIT(1);

		}



#ifdef OPENSSL_FIPS

	if(fips_mode)
@@ -1669,34 +1582,6 @@ bad: 
		SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);

		}

#endif

#ifndef OPENSSL_NO_TLSEXT

	if (s_authz_file != NULL)

		{

		if(!SSL_CTX_use_authz_file(s_ctx, s_authz_file))

			{

			BIO_printf(bio_err, "Unable to set authz data\n");

			goto end;

			}

		}

	if (c_support_proof || c_require_proof)

		{

		size_t proof_length;

		const unsigned char *proof = SSL_CTX_get_authz_data(s_ctx,

			TLSEXT_AUTHZDATAFORMAT_audit_proof, &proof_length);

		if (proof != NULL)

			{

			/* Store a local copy. */

			c_expected.expected_proof = OPENSSL_malloc(proof_length);

			c_expected.expected_proof_length = proof_length;

			memcpy(c_expected.expected_proof, proof, proof_length);

			}

		c_expected.require = c_require_proof;

		SSL_CTX_set_tlsext_authz_server_audit_proof_cb(c_ctx,

			audit_proof_cb);

		SSL_CTX_set_tlsext_authz_server_audit_proof_cb_arg(c_ctx,

			&c_expected);

		}

#endif



	if (serverinfo_sct)

		SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL,
@@ -1849,10 +1734,6 @@ end: 
#endif

#ifndef OPENSSL_NO_ENGINE

	ENGINE_cleanup();

#endif

#ifndef OPENSSL_NO_TLSEXT

	if (c_expected.expected_proof != NULL)

		OPENSSL_free(c_expected.expected_proof);

#endif

	CRYPTO_cleanup_all_ex_data();

	ERR_free_strings();