[openssl-dev] [openssl.org #4152] [PATCH] SRP code clean-up s_client and s_server

Tianjie Mao via RT rt at openssl.org
Sun Nov 22 20:46:31 UTC 2015 

Hello,

SRP is a secure password authentication / key exchange protocol. When
the original SRP patches for OpenSSL were created by the EdelKey
project back in 2000s, the highest version of TLS standard remained
1.0. Some code, however, if left unchanged, would by default restrict
communications to TLSv1 while refusing to negotiate later versions of
security. It would also interfere with command line switches such as
-tls1_1 and -tls1_2. These lines were from old patches and need to be
cleaned up.

The following diff was made against OpenSSL_1_0_2-stable.

--- apps/s_server.c.orig     2015-11-23 03:36:01.445020272 +0800
+++ apps/s_server.c  2015-11-23 03:41:29.579617191 +0800
@@ -1424,12 +1424,10 @@
             if (--argc < 1)
                 goto bad;
             srp_verifier_file = *(++argv);
-            meth = TLSv1_server_method();
         } else if (strcmp(*argv, "-srpuserseed") == 0) {
             if (--argc < 1)
                 goto bad;
             srpuserseed = *(++argv);
-            meth = TLSv1_server_method();
         }
 #endif
         else if (strcmp(*argv, "-rev") == 0) {
--- apps/s_client.c.orig     2015-11-23 03:36:01.441020388 +0800
+++ apps/s_client.c  2015-11-23 04:01:58.272199415 +0800
@@ -922,25 +922,20 @@
             if (--argc < 1)
                 goto bad;
             srp_arg.srplogin = *(++argv);
-            meth = TLSv1_client_method();
         } else if (strcmp(*argv, "-srppass") == 0) {
             if (--argc < 1)
                 goto bad;
             srppass = *(++argv);
-            meth = TLSv1_client_method();
         } else if (strcmp(*argv, "-srp_strength") == 0) {
             if (--argc < 1)
                 goto bad;
             srp_arg.strength = atoi(*(++argv));
             BIO_printf(bio_err, "SRP minimal length for N is %d\n",
                        srp_arg.strength);
-            meth = TLSv1_client_method();
         } else if (strcmp(*argv, "-srp_lateuser") == 0) {
             srp_lateuser = 1;
-            meth = TLSv1_client_method();
         } else if (strcmp(*argv, "-srp_moregroups") == 0) {
             srp_arg.amp = 1;
-            meth = TLSv1_client_method();
         }
 #endif
 #ifndef OPENSSL_NO_SSL2
@@ -1101,7 +1096,6 @@
             if (--argc < 1)
                 goto bad;
             servername = *(++argv);
-            /* meth=TLSv1_client_method(); */
         }
 #endif
 #ifndef OPENSSL_NO_JPAKE

_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

More information about the openssl-dev mailing list