summaryrefslogtreecommitdiff
path: root/ics-openvpn-stripped/main/openssl/apps
diff options
context:
space:
mode:
Diffstat (limited to 'ics-openvpn-stripped/main/openssl/apps')
-rw-r--r--ics-openvpn-stripped/main/openssl/apps/apps.c4
-rw-r--r--ics-openvpn-stripped/main/openssl/apps/ca.c5
-rw-r--r--ics-openvpn-stripped/main/openssl/apps/ciphers.c6
-rw-r--r--ics-openvpn-stripped/main/openssl/apps/crl2p7.c8
-rw-r--r--ics-openvpn-stripped/main/openssl/apps/enc.c8
-rw-r--r--ics-openvpn-stripped/main/openssl/apps/ocsp.c2
-rw-r--r--ics-openvpn-stripped/main/openssl/apps/progs.h8
-rw-r--r--ics-openvpn-stripped/main/openssl/apps/progs.pl2
-rw-r--r--ics-openvpn-stripped/main/openssl/apps/s_client.c2
-rw-r--r--ics-openvpn-stripped/main/openssl/apps/s_server.c16
10 files changed, 47 insertions, 14 deletions
diff --git a/ics-openvpn-stripped/main/openssl/apps/apps.c b/ics-openvpn-stripped/main/openssl/apps/apps.c
index b76db10a..3e18289a 100644
--- a/ics-openvpn-stripped/main/openssl/apps/apps.c
+++ b/ics-openvpn-stripped/main/openssl/apps/apps.c
@@ -390,6 +390,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
{
arg->count=20;
arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+ if (arg->data == NULL)
+ return 0;
}
for (i=0; i<arg->count; i++)
arg->data[i]=NULL;
@@ -1542,6 +1544,8 @@ char *make_config_name()
len=strlen(t)+strlen(OPENSSL_CONF)+2;
p=OPENSSL_malloc(len);
+ if (p == NULL)
+ return NULL;
BUF_strlcpy(p,t,len);
#ifndef OPENSSL_SYS_VMS
BUF_strlcat(p,"/",len);
diff --git a/ics-openvpn-stripped/main/openssl/apps/ca.c b/ics-openvpn-stripped/main/openssl/apps/ca.c
index 1cf50e00..9c25026a 100644
--- a/ics-openvpn-stripped/main/openssl/apps/ca.c
+++ b/ics-openvpn-stripped/main/openssl/apps/ca.c
@@ -1620,12 +1620,14 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
{
ok=0;
BIO_printf(bio_err,"Signature verification problems....\n");
+ ERR_print_errors(bio_err);
goto err;
}
if (i == 0)
{
ok=0;
BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ ERR_print_errors(bio_err);
goto err;
}
else
@@ -2777,6 +2779,9 @@ char *make_revocation_str(int rev_type, char *rev_arg)
revtm = X509_gmtime_adj(NULL, 0);
+ if (!revtm)
+ return NULL;
+
i = revtm->length + 1;
if (reason) i += strlen(reason) + 1;
diff --git a/ics-openvpn-stripped/main/openssl/apps/ciphers.c b/ics-openvpn-stripped/main/openssl/apps/ciphers.c
index 5f2b7397..93dce1c4 100644
--- a/ics-openvpn-stripped/main/openssl/apps/ciphers.c
+++ b/ics-openvpn-stripped/main/openssl/apps/ciphers.c
@@ -96,13 +96,7 @@ int MAIN(int argc, char **argv)
char buf[512];
BIO *STDout=NULL;
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
- meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
- meth=SSLv2_server_method();
-#endif
apps_startup();
diff --git a/ics-openvpn-stripped/main/openssl/apps/crl2p7.c b/ics-openvpn-stripped/main/openssl/apps/crl2p7.c
index bbc83774..42c6886b 100644
--- a/ics-openvpn-stripped/main/openssl/apps/crl2p7.c
+++ b/ics-openvpn-stripped/main/openssl/apps/crl2p7.c
@@ -141,7 +141,13 @@ int MAIN(int argc, char **argv)
{
if (--argc < 1) goto bad;
if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
- sk_OPENSSL_STRING_push(certflst,*(++argv));
+ if (!certflst)
+ goto end;
+ if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
+ {
+ sk_OPENSSL_STRING_free(certflst);
+ goto end;
+ }
}
else
{
diff --git a/ics-openvpn-stripped/main/openssl/apps/enc.c b/ics-openvpn-stripped/main/openssl/apps/enc.c
index 19ea3df9..c8cb0212 100644
--- a/ics-openvpn-stripped/main/openssl/apps/enc.c
+++ b/ics-openvpn-stripped/main/openssl/apps/enc.c
@@ -67,7 +67,9 @@
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/pem.h>
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
+#endif
#include <ctype.h>
int set_hex(char *in,unsigned char *out,int size);
@@ -337,6 +339,12 @@ bad:
goto end;
}
+ if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE))
+ {
+ BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n");
+ goto end;
+ }
+
if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
{
BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
diff --git a/ics-openvpn-stripped/main/openssl/apps/ocsp.c b/ics-openvpn-stripped/main/openssl/apps/ocsp.c
index 767f12c6..04263ffd 100644
--- a/ics-openvpn-stripped/main/openssl/apps/ocsp.c
+++ b/ics-openvpn-stripped/main/openssl/apps/ocsp.c
@@ -1419,7 +1419,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
}
resp = query_responder(err, cbio, path, headers, req, req_timeout);
if (!resp)
- BIO_printf(bio_err, "Error querying OCSP responsder\n");
+ BIO_printf(bio_err, "Error querying OCSP responder\n");
end:
if (cbio)
BIO_free_all(cbio);
diff --git a/ics-openvpn-stripped/main/openssl/apps/progs.h b/ics-openvpn-stripped/main/openssl/apps/progs.h
index dd2298b5..b162055d 100644
--- a/ics-openvpn-stripped/main/openssl/apps/progs.h
+++ b/ics-openvpn-stripped/main/openssl/apps/progs.h
@@ -107,16 +107,16 @@ FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
#endif
{FUNC_TYPE_GENERAL,"genpkey",genpkey_main},
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL,"s_server",s_server_main},
#endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL,"s_client",s_client_main},
#endif
#ifndef OPENSSL_NO_SPEED
{FUNC_TYPE_GENERAL,"speed",speed_main},
#endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL,"s_time",s_time_main},
#endif
{FUNC_TYPE_GENERAL,"version",version_main},
@@ -126,7 +126,7 @@ FUNCTION functions[] = {
#endif
{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+#if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
#endif
{FUNC_TYPE_GENERAL,"nseq",nseq_main},
diff --git a/ics-openvpn-stripped/main/openssl/apps/progs.pl b/ics-openvpn-stripped/main/openssl/apps/progs.pl
index 39ca8f71..fa6258cf 100644
--- a/ics-openvpn-stripped/main/openssl/apps/progs.pl
+++ b/ics-openvpn-stripped/main/openssl/apps/progs.pl
@@ -32,7 +32,7 @@ foreach (@ARGV)
push(@files,$_);
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
- { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; }
+ { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; }
elsif ( ($_ =~ /^speed$/))
{ print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
elsif ( ($_ =~ /^engine$/))
diff --git a/ics-openvpn-stripped/main/openssl/apps/s_client.c b/ics-openvpn-stripped/main/openssl/apps/s_client.c
index 299facdc..dfe2de1f 100644
--- a/ics-openvpn-stripped/main/openssl/apps/s_client.c
+++ b/ics-openvpn-stripped/main/openssl/apps/s_client.c
@@ -290,6 +290,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
+ BIO_printf(bio_err," -verify_return_error - return verification errors\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
@@ -300,6 +301,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
+ BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
BIO_printf(bio_err," -debug - extra output\n");
#ifdef WATT32
diff --git a/ics-openvpn-stripped/main/openssl/apps/s_server.c b/ics-openvpn-stripped/main/openssl/apps/s_server.c
index 8198d7f0..fe7ad882 100644
--- a/ics-openvpn-stripped/main/openssl/apps/s_server.c
+++ b/ics-openvpn-stripped/main/openssl/apps/s_server.c
@@ -463,6 +463,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -context arg - set session ID context\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
+ BIO_printf(bio_err," -verify_return_error - return verification errors\n");
BIO_printf(bio_err," -cert arg - certificate file to use\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \
@@ -534,6 +535,7 @@ static void sv_usage(void)
BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
#endif
BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
+ BIO_printf(bio_err," -hack - workaround for early Netscape code\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
@@ -562,6 +564,10 @@ static void sv_usage(void)
#endif
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
+ BIO_printf(bio_err," -status - respond to certificate status requests\n");
+ BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n");
+ BIO_printf(bio_err," -status_timeout n - status request responder timeout\n");
+ BIO_printf(bio_err," -status_url URL - status request fallback URL\n");
}
static int local_argc=0;
@@ -739,7 +745,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
if (servername)
{
- if (strcmp(servername,p->servername))
+ if (strcasecmp(servername,p->servername))
return p->extension_error;
if (ctx2)
{
@@ -1356,6 +1362,14 @@ bad:
sv_usage();
goto end;
}
+#ifndef OPENSSL_NO_DTLS1
+ if (www && socket_type == SOCK_DGRAM)
+ {
+ BIO_printf(bio_err,
+ "Can't use -HTTP, -www or -WWW with DTLS\n");
+ goto end;
+ }
+#endif
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
if (jpake_secret)