mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
720b6cbe4a
openssl/apps
History
Daniel Kahn Gillmor 720b6cbe4a Avoid failing s_server when client's psk_identity is unexpected 
s_server has traditionally been very brittle in PSK mode.  If the
client offered any PSK identity other than "Client_identity" s_server
would simply abort.

This is breakage for breakage's sake, and unlike most other parts of
s_server, which tend to allow more flexible connections.

This change accomplishes two things:

 * when the client's psk_identity does *not* match the identity
   expected by the server, just warn, don't fail.

 * allow the server to expect instead a different psk_identity from
   the client besides "Client_identity"

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3605)
2017-06-05 13:54:10 -04:00
..
demoSRP
app_rand.c
apps.c Remove unnecessary if condition from apps.c 2017-06-01 16:28:31 -04:00
apps.h Add the -groups option to s_server/s_client 2017-05-03 16:39:32 +01:00
asn1pars.c
build.info
ca-cert.srl
ca-key.pem
ca-req.pem
ca.c Switch command-line utils to new nameopt API. 2017-04-25 12:37:17 -04:00
CA.pl.in
cert.pem
ciphers.c
client.pem
cms.c
crl2p7.c
crl.c Switch command-line utils to new nameopt API. 2017-04-25 12:37:17 -04:00
ct_log_list.cnf
dgst.c
dh1024.pem
dh2048.pem
dh4096.pem
dhparam.c Ensure dhparams can handle X9.42 params in DER 2017-04-03 20:04:06 +01:00
dsa512.pem
dsa1024.pem
dsa-ca.pem
dsa-pca.pem
dsa.c
dsap.pem
dsaparam.c
ec.c
ecparam.c
enc.c openssl enc: Don't unbuffer stdin 2017-04-25 15:03:11 +02:00
engine.c Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
errstr.c
gendsa.c
genpkey.c
genrsa.c
nseq.c
ocsp.c OCSP Updates: error codes and multiple certificates 2017-04-12 14:41:10 -04:00
openssl-vms.cnf Added support for ESSCertIDv2 2017-05-03 09:04:23 +02:00
openssl.c
openssl.cnf Added support for ESSCertIDv2 2017-05-03 09:04:23 +02:00
opt.c
passwd.c Fix coding style in apps/passwd file 2017-05-31 16:59:59 +02:00
pca-cert.srl
pca-key.pem
pca-req.pem
pkcs7.c Switch command-line utils to new nameopt API. 2017-04-25 12:37:17 -04:00
pkcs8.c Increase the password buffer size to APP_PASS_LEN. 2017-03-07 10:12:05 +10:00
pkcs12.c -inkey can be an identifier, not just a file 2017-05-21 17:20:31 -04:00
pkey.c
pkeyparam.c
pkeyutl.c
prime.c
privkey.pem
progs.h
progs.pl
rand.c
rehash.c Convert uses of snprintf to BIO_snprintf 2017-05-02 12:29:35 -04:00
req.c Fix regression in openssl req -x509 behaviour. 2017-05-11 17:18:16 +02:00
req.pem
rsa8192.pem
rsa.c
rsautl.c
s512-key.pem
s512-req.pem
s1024key.pem
s1024req.pem
s_apps.h Switch command-line utils to new nameopt API. 2017-04-25 12:37:17 -04:00
s_cb.c Switch command-line utils to new nameopt API. 2017-04-25 12:37:17 -04:00
s_client.c Added mysql as starttls protocol. 2017-06-01 16:32:50 -04:00
s_server.c Avoid failing s_server when client's psk_identity is unexpected 2017-06-05 13:54:10 -04:00
s_socket.c Fix some variable references in init_client 2017-04-25 11:13:39 +01:00
s_time.c
server2.pem
server.pem
server.srl
sess_id.c
smime.c -inkey can be an identifier, not just a file 2017-05-21 17:20:31 -04:00
speed.c Make default_method mostly compile-time 2017-04-07 12:19:46 -04:00
spkac.c
srp.c Fix srp app missing NULL termination with password callback 2017-05-22 10:29:16 +02:00
testCA.pem
testdsa.h
testrsa.h
timeouts.h
ts.c -inkey can be an identifier, not just a file 2017-05-21 17:20:31 -04:00
tsget.in
verify.c Fix gcc-7 warnings. 2017-05-11 19:39:38 +02:00
version.c
vms_decc_init.c
vms_term_sock.c
vms_term_sock.h
win32_init.c
x509.c Switch command-line utils to new nameopt API. 2017-04-25 12:37:17 -04:00