Re: 1.0.0h apps/s_client.c mystery

Wed, 14 Mar 2012 04:12:50 -0700 

In message <12031323361474_20200...@antinode.info> on Tue, 13 Mar 2012 23:36:14 
-0500 (CDT), "Steven M. Schweda" <s...@antinode.info> said:

sms>    Recent discussions on comp.os.vms of problems with apps/s_client.c on
sms> VMS systems led me to poke around a little.  Bearing in mind that I
sms> know approximately nothing about how apps/s_client.c should work, I seem
sms> to get the following complaint for no apparently good reason, whenever I
sms> try to specify a cipher:
sms> 
sms> JPAKE sets cipher to PSK
sms> 
sms>    The relevant code in apps/s_client.c seems to be the following:
sms> 
sms> #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
sms>    if (jpake_secret)
sms>            {
sms>            if (psk_key)
sms>                    {
sms>                    BIO_printf(bio_err,
sms>                               "Can't use JPAKE and PSK together\n");
sms>                    goto end;
sms>                    }
sms>            psk_identity = "JPAKE";
sms>            }
sms> 
sms>    if (cipher)
sms>            {
sms>            BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
sms>            goto end;
sms>            }
sms>    cipher = "PSK";
sms> #endif

You're right, that code looks quite odd, the following should do
better, wouldn't you say?

#if !defined(OPENSSL_NO_JPAKE)
        if (jpake_secret)
                {
# if !defined(OPENSSL_NO_PSK)
                if (psk_key)
                        {
                        BIO_printf(bio_err,
                                   "Can't use JPAKE and PSK together\n");
                        goto end;
                        }
                psk_identity = "JPAKE";
# endif
                if (cipher)
                        {
                        BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
                        goto end;
                        }
                cipher = "PSK";
                }
#endif

sms>    Note that the VMS builders currently enable JPAKE unconditionally,

Try this before building, should make a difference:

$ define OPENSSL_NO_JPAKE yes

sms>    VMS is, by the way, another one of those systems where select() is
sms> good only on sockets, not on files, so a bunch of the
sms> Windows/MSDOS/et-al. conditionality in this and nearby modules probably
sms> needs to be extended to include VMS.

Good point.

Cheers,
Richard

-- 
Richard Levitte                         rich...@levitte.org
                                        http://richard.levitte.org/

"Life is a tremendous celebration - and I'm invited!"
-- from a friend's blog, translated from Swedish
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to