Recent discussions on comp.os.vms of problems with apps/s_client.c on
VMS systems led me to poke around a little. Bearing in mind that I
know approximately nothing about how apps/s_client.c should work, I seem
to get the following complaint for no apparently good reason, whenever I
try to specify a cipher:
JPAKE sets cipher to PSK
The relevant code in apps/s_client.c seems to be the following:
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
if (jpake_secret)
{
if (psk_key)
{
BIO_printf(bio_err,
"Can't use JPAKE and PSK together\n");
goto end;
}
psk_identity = "JPAKE";
}
if (cipher)
{
BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
goto end;
}
cipher = "PSK";
#endif
That is, as I read it, if JPAKE and PSK have not been disabled, _any_
attempt to specify a cipher will triger the "JPAKE sets cipher to PSK"
(fatal) error. Knowing nothing, I'd guess that the code beginning at
"if (cipher)" should be inside the "if (jpake_secret)" block, not
outside it. (Whether the victim should suffer if "cipher" has already
been set to "PSK" is another question. A little strcmp() action there
might be nice before getting all rude and stuff.)
Note that the VMS builders currently enable JPAKE unconditionally,
so, if that's only an option elsewhere, then normal folks may not
typically run into this problem.
So, am I tired and emotional, or is this code hosed, or what?
VMS is, by the way, another one of those systems where select() is
good only on sockets, not on files, so a bunch of the
Windows/MSDOS/et-al. conditionality in this and nearby modules probably
needs to be extended to include VMS.
------------------------------------------------------------------------
Steven M. Schweda sms@antinode-info
382 South Warwick Street (+1) 651-699-9818
Saint Paul MN 55105-2547
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
