static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
const char *server_section)
{
STACK_OF(CONF_VALUE) *sk_conf;
int i;
size_t j;
sk_conf = NCONF_get_section(conf, server_section);
TEST_check(sk_conf != NULL);
for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
int found = 0;
const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
if (!ssl_test_server_options[j].parse(server, option->value)) {
fprintf(stderr, "Bad value %s for option %s\n",
option->value, option->name);
return 0;
}
found = 1;
break;
}
}
if (!found) {
fprintf(stderr, "Unknown test option: %s\n", option->name);
return 0;
}
}
return 1;
}
static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
{
STACK_OF(CONF_VALUE) *elist;
CONF_VALUE *cval;
int i;
#ifdef ENGINE_CONF_DEBUG
fprintf(stderr, "Called engine module: name %s, value %s\n",
CONF_imodule_get_name(md), CONF_imodule_get_value(md));
#endif
/* Value is a section containing ENGINEs to configure */
elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
if (!elist)
{
ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
return 0;
}
for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
{
cval = sk_CONF_VALUE_value(elist, i);
if (!int_engine_configure(cval->name, cval->value, cnf))
return 0;
}
return 1;
}
/* char *value: Value */
static X509_EXTENSION *
do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
{
const X509V3_EXT_METHOD *method;
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
void *ext_struc;
if (ext_nid == NID_undef) {
X509V3err(X509V3_F_DO_EXT_NCONF,
X509V3_R_UNKNOWN_EXTENSION_NAME);
return NULL;
}
if (!(method = X509V3_EXT_get_nid(ext_nid))) {
X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
return NULL;
}
/* Now get internal extension representation based on type */
if (method->v2i) {
if (*value == '@')
nval = NCONF_get_section(conf, value + 1);
else
nval = X509V3_parse_list(value);
if (sk_CONF_VALUE_num(nval) <= 0) {
X509V3err(X509V3_F_DO_EXT_NCONF,
X509V3_R_INVALID_EXTENSION_STRING);
ERR_asprintf_error_data("name=%s,section=%s",
OBJ_nid2sn(ext_nid), value);
return NULL;
}
ext_struc = method->v2i(method, ctx, nval);
if (*value != '@')
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
if (!ext_struc)
return NULL;
} else if (method->s2i) {
if (!(ext_struc = method->s2i(method, ctx, value)))
return NULL;
} else if (method->r2i) {
if (!ctx->db || !ctx->db_meth) {
X509V3err(X509V3_F_DO_EXT_NCONF,
X509V3_R_NO_CONFIG_DATABASE);
return NULL;
}
if (!(ext_struc = method->r2i(method, ctx, value)))
return NULL;
} else {
X509V3err(X509V3_F_DO_EXT_NCONF,
X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
ERR_asprintf_error_data("name=%s", OBJ_nid2sn(ext_nid));
return NULL;
}
ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
if (method->it)
ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
else
method->ext_free(ext_struc);
return ext;
}
STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
{
if (conf == NULL)
{
return NULL;
}
else
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return NCONF_get_section(&ctmp, section);
}
}
static int alg_module_init (CONF_IMODULE * md, const CONF * cnf)
{
int i;
const char *oid_section;
STACK_OF (CONF_VALUE) * sktmp;
CONF_VALUE *oval;
oid_section = CONF_imodule_get_value (md);
if (!(sktmp = NCONF_get_section (cnf, oid_section)))
{
EVPerr (EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
return 0;
}
for (i = 0; i < sk_CONF_VALUE_num (sktmp); i++)
{
oval = sk_CONF_VALUE_value (sktmp, i);
if (!strcmp (oval->name, "fips_mode"))
{
int m;
if (!X509V3_get_value_bool (oval, &m))
{
EVPerr (EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
return 0;
}
if (m > 0)
{
#ifdef OPENSSL_FIPS
if (!FIPS_mode () && !FIPS_mode_set (1))
{
EVPerr (EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_SETTING_FIPS_MODE);
return 0;
}
#else
EVPerr (EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
return 0;
#endif
}
}
else
{
EVPerr (EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
ERR_add_error_data (4, "name=", oval->name, ", value=", oval->value);
}
}
return 1;
}
static gboolean
ConfigX509CertReq(X509_REQ *req, // OUT
CONF *config) // IN
{
int idx;
X509_NAME *subject;
gboolean ret = FALSE;
const char *dname;
gchar *err = NULL;
if (!X509_REQ_set_version(req, 0L)) {
Error("Failed to set the certificate request version: %s.\n",
GetSSLError(&err));
goto exit;
}
subject = X509_REQ_get_subject_name(req);
if (!subject) {
Error("Failed to get the certificate request subject name: %s.\n",
GetSSLError(&err));
goto exit;
}
dname = NCONF_get_string(config, "req", "distinguished_name");
if (dname) {
STACK_OF(CONF_VALUE) *dn_sk = NCONF_get_section(config, dname);
if (!dn_sk) {
Error("Failed to get section %s: %s.\n",
dname, GetSSLError(&err));
goto exit;
}
for (idx = 0; idx < sk_CONF_VALUE_num(dn_sk); idx++) {
CONF_VALUE *v = sk_CONF_VALUE_value(dn_sk, idx);
if (!X509_NAME_add_entry_by_txt(subject, v->name, MBSTRING_ASC,
v->value, -1, -1, 0)) {
Error("Failed to set certificate request pair %s/%s: %s.\n",
v->name, v->value, GetSSLError(&err));
goto exit;
}
}
}
ret = TRUE;
exit:
g_free(err);
return ret;
}
/* TODO(3.0): the config module functions should be passed a library context */
static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
{
int i;
const char *oid_section;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *oval;
OSSL_TRACE2(CONF, "Loading EVP module: name %s, value %s\n",
CONF_imodule_get_name(md), CONF_imodule_get_value(md));
oid_section = CONF_imodule_get_value(md);
if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
return 0;
}
for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
oval = sk_CONF_VALUE_value(sktmp, i);
if (strcmp(oval->name, "fips_mode") == 0) {
int m;
if (!X509V3_get_value_bool(oval, &m)) {
EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
return 0;
}
/*
* fips_mode is deprecated and should not be used in new
* configurations. Old configurations are likely to ONLY
* have this, so we assume that no default properties have
* been set before this.
*/
if (m > 0)
EVP_set_default_properties(NULL, "fips=yes");
} else if (strcmp(oval->name, "default_properties") == 0) {
EVP_set_default_properties(NULL, oval->value);
} else {
EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
ERR_add_error_data(4, "name=", oval->name,
", value=", oval->value);
return 0;
}
}
return 1;
}
static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
{
int i;
const char *oid_section;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *oval;
oid_section = CONF_imodule_get_value(md);
if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
return 0;
}
for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
oval = sk_CONF_VALUE_value(sktmp, i);
if (!do_create(oval->value, oval->name)) {
ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
return 0;
}
}
return 1;
}
SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
{
STACK_OF(CONF_VALUE) *sk_conf;
SSL_TEST_CTX *ctx;
int i;
size_t j;
sk_conf = NCONF_get_section(conf, test_section);
OPENSSL_assert(sk_conf != NULL);
ctx = SSL_TEST_CTX_new();
OPENSSL_assert(ctx != NULL);
for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
int found = 0;
const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
fprintf(stderr, "Bad value %s for option %s\n",
option->value, option->name);
goto err;
}
found = 1;
break;
}
}
if (!found) {
fprintf(stderr, "Unknown test option: %s\n", option->name);
goto err;
}
}
goto done;
err:
SSL_TEST_CTX_free(ctx);
ctx = NULL;
done:
return ctx;
}
static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf)
{
int i;
const char *stbl_section;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *mval;
stbl_section = CONF_imodule_get_value(md);
if ((sktmp = NCONF_get_section(cnf, stbl_section)) == NULL) {
ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
return 0;
}
for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
mval = sk_CONF_VALUE_value(sktmp, i);
if (!do_tcreate(mval->value, mval->name)) {
ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_INVALID_VALUE);
return 0;
}
}
return 1;
}
int main(int argc, char **argv)
{
BIO *sbio = NULL, *out = NULL;
int i, len, rv;
char tmpbuf[1024];
SSL_CTX *ctx = NULL;
SSL_CONF_CTX *cctx = NULL;
SSL *ssl = NULL;
CONF *conf = NULL;
STACK_OF(CONF_VALUE) *sect = NULL;
CONF_VALUE *cnf;
const char *connect_str = "localhost:4433";
long errline = -1;
ERR_load_crypto_strings();
ERR_load_SSL_strings();
SSL_library_init();
conf = NCONF_new(NULL);
if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
if (errline <= 0)
fprintf(stderr, "Error processing config file\n");
else
fprintf(stderr, "Error on line %ld\n", errline);
goto end;
}
sect = NCONF_get_section(conf, "default");
if (sect == NULL) {
fprintf(stderr, "Error retrieving default section\n");
goto end;
}
ctx = SSL_CTX_new(SSLv3_client_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
cnf = sk_CONF_VALUE_value(sect, i);
rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value);
if (rv > 0)
continue;
if (rv != -2) {
fprintf(stderr, "Error processing %s = %s\n",
cnf->name, cnf->value);
ERR_print_errors_fp(stderr);
goto end;
}
if (!strcmp(cnf->name, "Connect")) {
connect_str = cnf->value;
} else {
fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
goto end;
}
}
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
goto err;
}
/*
* We'd normally set some stuff like the verify paths and * mode here
* because as things stand this will connect to * any server whose
* certificate is signed by any CA.
*/
sbio = BIO_new_ssl_connect(ctx);
BIO_get_ssl(sbio, &ssl);
if (!ssl) {
fprintf(stderr, "Can't locate SSL pointer\n");
goto end;
}
/* Don't want any retries */
SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
/* We might want to do other things with ssl here */
BIO_set_conn_hostname(sbio, connect_str);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
if (BIO_do_connect(sbio) <= 0) {
fprintf(stderr, "Error connecting to server\n");
ERR_print_errors_fp(stderr);
goto end;
}
if (BIO_do_handshake(sbio) <= 0) {
fprintf(stderr, "Error establishing SSL connection\n");
ERR_print_errors_fp(stderr);
goto end;
}
/* Could examine ssl here to get connection info */
BIO_puts(sbio, "GET / HTTP/1.0\n\n");
for (;;) {
len = BIO_read(sbio, tmpbuf, 1024);
if (len <= 0)
break;
BIO_write(out, tmpbuf, len);
}
end:
SSL_CONF_CTX_free(cctx);
BIO_free_all(sbio);
BIO_free(out);
NCONF_free(conf);
return 0;
}
int main(int argc, char *argv[])
{
char *port = "*:4433";
BIO *in = NULL;
BIO *ssl_bio, *tmp;
SSL_CTX *ctx;
SSL_CONF_CTX *cctx = NULL;
CONF *conf = NULL;
STACK_OF(CONF_VALUE) *sect = NULL;
CONF_VALUE *cnf;
long errline = -1;
char buf[512];
int ret = EXIT_FAILURE, i;
ctx = SSL_CTX_new(TLS_server_method());
conf = NCONF_new(NULL);
if (NCONF_load(conf, "accept.cnf", &errline) <= 0) {
if (errline <= 0)
fprintf(stderr, "Error processing config file\n");
else
fprintf(stderr, "Error on line %ld\n", errline);
goto err;
}
sect = NCONF_get_section(conf, "default");
if (sect == NULL) {
fprintf(stderr, "Error retrieving default section\n");
goto err;
}
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
int rv;
cnf = sk_CONF_VALUE_value(sect, i);
rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value);
if (rv > 0)
continue;
if (rv != -2) {
fprintf(stderr, "Error processing %s = %s\n",
cnf->name, cnf->value);
ERR_print_errors_fp(stderr);
goto err;
}
if (strcmp(cnf->name, "Port") == 0) {
port = cnf->value;
} else {
fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
goto err;
}
}
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
goto err;
}
/* Setup server side SSL bio */
ssl_bio = BIO_new_ssl(ctx, 0);
if ((in = BIO_new_accept(port)) == NULL)
goto err;
/*
* This means that when a new connection is accepted on 'in', The ssl_bio
* will be 'duplicated' and have the new socket BIO push into it.
* Basically it means the SSL BIO will be automatically setup
*/
BIO_set_accept_bios(in, ssl_bio);
again:
/*
* The first call will setup the accept socket, and the second will get a
* socket. In this loop, the first actual accept will occur in the
* BIO_read() function.
*/
if (BIO_do_accept(in) <= 0)
goto err;
for (;;) {
i = BIO_read(in, buf, 512);
if (i == 0) {
/*
* If we have finished, remove the underlying BIO stack so the
* next time we call any function for this BIO, it will attempt
* to do an accept
*/
printf("Done\n");
tmp = BIO_pop(in);
BIO_free_all(tmp);
goto again;
}
if (i < 0) {
if (BIO_should_retry(in))
continue;
goto err;
}
fwrite(buf, 1, i, stdout);
fflush(stdout);
}
ret = EXIT_SUCCESS;
err:
if (ret != EXIT_SUCCESS)
ERR_print_errors_fp(stderr);
BIO_free(in);
return ret;
}
static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
{
size_t i, j, cnt;
int rv = 0;
const char *ssl_conf_section;
STACK_OF(CONF_VALUE) *cmd_lists;
ssl_conf_section = CONF_imodule_get_value(md);
cmd_lists = NCONF_get_section(cnf, ssl_conf_section);
if (sk_CONF_VALUE_num(cmd_lists) <= 0) {
if (cmd_lists == NULL)
CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND);
else
CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY);
ERR_add_error_data(2, "section=", ssl_conf_section);
goto err;
}
cnt = sk_CONF_VALUE_num(cmd_lists);
ssl_module_free(md);
ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
if (ssl_names == NULL)
goto err;
ssl_names_count = cnt;
for (i = 0; i < ssl_names_count; i++) {
struct ssl_conf_name_st *ssl_name = ssl_names + i;
CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i);
STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
if (sk_CONF_VALUE_num(cmds) <= 0) {
if (cmds == NULL)
CONFerr(CONF_F_SSL_MODULE_INIT,
CONF_R_SSL_COMMAND_SECTION_NOT_FOUND);
else
CONFerr(CONF_F_SSL_MODULE_INIT,
CONF_R_SSL_COMMAND_SECTION_EMPTY);
ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value);
goto err;
}
ssl_name->name = OPENSSL_strdup(sect->name);
if (ssl_name->name == NULL)
goto err;
cnt = sk_CONF_VALUE_num(cmds);
ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st));
if (ssl_name->cmds == NULL)
goto err;
ssl_name->cmd_count = cnt;
for (j = 0; j < cnt; j++) {
const char *name;
CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j);
struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j;
/* Skip any initial dot in name */
name = strchr(cmd_conf->name, '.');
if (name != NULL)
name++;
else
name = cmd_conf->name;
cmd->cmd = OPENSSL_strdup(name);
cmd->arg = OPENSSL_strdup(cmd_conf->value);
if (cmd->cmd == NULL || cmd->arg == NULL)
goto err;
}
}
rv = 1;
err:
if (rv == 0)
ssl_module_free(md);
return rv;
}
static int int_engine_configure(char *name, char *value, const CONF *cnf)
{
int i;
int ret = 0;
long do_init = -1;
STACK_OF(CONF_VALUE) *ecmds;
CONF_VALUE *ecmd;
char *ctrlname, *ctrlvalue;
ENGINE *e = NULL;
name = skip_dot(name);
#ifdef ENGINE_CONF_DEBUG
fprintf(stderr, "Configuring engine %s\n", name);
#endif
/* Value is a section containing ENGINE commands */
ecmds = NCONF_get_section(cnf, value);
if (!ecmds)
{
ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
return 0;
}
for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
{
ecmd = sk_CONF_VALUE_value(ecmds, i);
ctrlname = skip_dot(ecmd->name);
ctrlvalue = ecmd->value;
#ifdef ENGINE_CONF_DEBUG
fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
#endif
/* First handle some special pseudo ctrls */
/* Override engine name to use */
if (!strcmp(ctrlname, "engine_id"))
name = ctrlvalue;
/* Load a dynamic ENGINE */
else if (!strcmp(ctrlname, "dynamic_path"))
{
e = ENGINE_by_id("dynamic");
if (!e)
goto err;
if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
goto err;
if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
goto err;
if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
goto err;
}
/* ... add other pseudos here ... */
else
{
/* At this point we need an ENGINE structural reference
* if we don't already have one.
*/
if (!e)
{
e = ENGINE_by_id(name);
if (!e)
return 0;
}
/* Allow "EMPTY" to mean no value: this allows a valid
* "value" to be passed to ctrls of type NO_INPUT
*/
if (!strcmp(ctrlvalue, "EMPTY"))
ctrlvalue = NULL;
if (!strcmp(ctrlname, "init"))
{
if (!NCONF_get_number_e(cnf, value, "init", &do_init))
goto err;
if (do_init == 1)
{
if (!int_engine_init(e))
goto err;
}
else if (do_init != 0)
{
ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
goto err;
}
}
else if (!strcmp(ctrlname, "default_algorithms"))
{
if (!ENGINE_set_default_string(e, ctrlvalue))
goto err;
}
else if (!ENGINE_ctrl_cmd_string(e,
ctrlname, ctrlvalue, 0))
return 0;
}
}
if (e && (do_init == -1) && !int_engine_init(e))
goto err;
ret = 1;
err:
if (e)
ENGINE_free(e);
return ret;
}
int main(int argc, char *argv[])
{
int i;
long i_val, err = 0;
char *key, *s_val;
STACK_OF(CONF_VALUE) *sec;
CONF_VALUE *item;
CONF *conf;
conf = NCONF_new(NCONF_default( ));
if (!NCONF_load(conf, CONFFILE, &err))
{
if (err == 0)
int_error("Error opening configuration file");
else
{
fprintf(stderr, "Error in %s on line %li\n", CONFFILE, err);
int_error("Errors parsing configuration file");
}
}
if (!(s_val = NCONF_get_string(conf, NULL, GLOB_VAR)))
{
fprintf(stderr, "Error finding \"%s\" in [%s]\n", GLOB_VAR, NULL);
int_error("Error finding string");
}
printf("Sec: %s, Key: %s, Val: %s\n", NULL, GLOB_VAR, s_val);
#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
if (!(err = NCONF_get_number_e(conf, NULL, GLOB_NUM, &i_val)))
{
fprintf(stderr, "Error finding \"%s\" in [%s]\n", GLOB_NUM, NULL);
int_error("Error finding number");
}
#else
if (!(s_val = NCONF_get_string(conf, NULL, GLOB_NUM)))
{
fprintf(stderr, "Error finding \"%s\" in [%s]\n", GLOB_VAR, NULL);
int_error("Error finding number");
}
i_val = atoi(s_val);
#endif
printf("Sec: %s, Key: %s, Val: %i\n", NULL, GLOB_VAR, i_val);
if (!(key = NCONF_get_string(conf, PARAMS, SEC_NAME)))
{
fprintf(stderr, "Error finding \"%s\" in [%s]\n", SEC_NAME, PARAMS);
int_error("Error finding string");
}
printf("Sec: %s, Key: %s, Val: %s\n", PARAMS, SEC_NAME, key);
if (!(sec = NCONF_get_section(conf, key)))
{
fprintf(stderr, "Error finding [%s]\n", key);
int_error("Error finding string");
}
for (i = 0; i < sk_CONF_VALUE_num(sec); i++)
{
item = sk_CONF_VALUE_value(sec, i);
printf("Sec: %s, Key: %s, Val: %s\n",
item->section, item->name, item->value);
}
NCONF_free(conf);
return 0;
}
SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
{
STACK_OF(CONF_VALUE) *sk_conf;
SSL_TEST_CTX *ctx;
int i;
size_t j;
sk_conf = NCONF_get_section(conf, test_section);
TEST_check(sk_conf != NULL);
ctx = SSL_TEST_CTX_new();
TEST_check(ctx != NULL);
for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
int found = 0;
const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
/* Subsections */
if (strcmp(option->name, "client") == 0) {
if (!parse_client_options(&ctx->extra.client, conf,
option->value))
goto err;
} else if (strcmp(option->name, "server") == 0) {
if (!parse_server_options(&ctx->extra.server, conf,
option->value))
goto err;
} else if (strcmp(option->name, "server2") == 0) {
if (!parse_server_options(&ctx->extra.server2, conf,
option->value))
goto err;
} else if (strcmp(option->name, "resume-client") == 0) {
if (!parse_client_options(&ctx->resume_extra.client, conf,
option->value))
goto err;
} else if (strcmp(option->name, "resume-server") == 0) {
if (!parse_server_options(&ctx->resume_extra.server, conf,
option->value))
goto err;
} else if (strcmp(option->name, "resume-server2") == 0) {
if (!parse_server_options(&ctx->resume_extra.server2, conf,
option->value))
goto err;
} else {
for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
fprintf(stderr, "Bad value %s for option %s\n",
option->value, option->name);
goto err;
}
found = 1;
break;
}
}
if (!found) {
fprintf(stderr, "Unknown test option: %s\n", option->name);
goto err;
}
}
}
goto done;
err:
SSL_TEST_CTX_free(ctx);
ctx = NULL;
done:
return ctx;
}
