mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add -srp option to ciphers command.

Browse Source 
RT#4224

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2016-05-10 22:13:03 +01:00
parent bfcdd4d098
commit 1480b8a9ec
2 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
apps/ciphers.c
View File

@ -70,6 +70,7 @@ typedef enum OPTION_choice {
OPT_TLS1_1,
OPT_TLS1_2,
OPT_PSK,
OPT_SRP,
OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE;
@ -95,6 +96,9 @@ OPTIONS ciphers_options[] = {
#endif
#ifndef OPENSSL_NO_PSK
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
#endif
#ifndef OPENSSL_NO_SRP
{"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
#endif
{NULL}
};
@ -108,6 +112,12 @@ static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
return 0;
}
#endif
#ifndef OPENSSL_NO_SRP
static char *dummy_srp(SSL *ssl, void *arg)
{
return "";
}
#endif
int ciphers_main(int argc, char **argv)
{
@ -121,6 +131,9 @@ int ciphers_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_PSK
int psk = 0;
#endif
#ifndef OPENSSL_NO_SRP
int srp = 0;
#endif
const char *p;
char *ciphers = NULL, *prog;
@ -173,6 +186,10 @@ int ciphers_main(int argc, char **argv)
case OPT_PSK:
#ifndef OPENSSL_NO_PSK
psk = 1;
#endif
case OPT_SRP:
#ifndef OPENSSL_NO_SRP
srp = 1;
#endif
break;
}
@ -196,6 +213,10 @@ int ciphers_main(int argc, char **argv)
#ifndef OPENSSL_NO_PSK
if (psk)
SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
#endif
#ifndef OPENSSL_NO_SRP
if (srp)
SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
#endif
if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {

16
doc/apps/ciphers.pod
View File

@ -17,6 +17,7 @@ B<openssl> B<ciphers>
[B<-tls1_2>]
[B<-s>]
[B<-psk>]
[B<-srp>]
[B<-stdname>]
[B<cipherlist>]
@ -37,13 +38,12 @@ Print a usage message.
=item B<-s>
Only list supported ciphers: those consistent with the security level, and
minimum and maximum protocol version.
This is closer to the actual cipher list an application will support.
minimum and maximum protocol version. This is closer to the actual cipher list
an application will support.
PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp>
to enable them.
This program does not set up support for SRP and so SRP based ciphers will
always be excluded when using this option.
PSK ciphers are not enabled by default and it requires the B<-psk> to enable
them.
It also does not change the default list of supported signature algorithms.
On a server the list of supported ciphers might also exclude other ciphers
@ -56,6 +56,10 @@ listed.
When combined with B<-s> includes cipher suites which require PSK.
=item B<-srp>
When combined with B<-s> includes cipher suites which require SRP.
=item B<-v>
Verbose output: For each ciphersuite, list details as provided by