diff --git a/httpd/awhttpd.patch b/httpd/awhttpd.patch index 634b8b47d..59eb7eb81 100644 --- a/httpd/awhttpd.patch +++ b/httpd/awhttpd.patch @@ -1,6 +1,6 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h --- awhttpd/aw3.h 2005-01-23 13:17:14.000000000 +1000 -+++ axTLS/httpd/awhttpd/aw3.h 2006-08-12 19:16:59.687500000 +1000 ++++ axTLS/httpd/awhttpd/aw3.h 2006-11-15 15:09:14.196258200 +1000 @@ -7,17 +7,16 @@ */ @@ -192,7 +192,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h +void initlists(void); diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c --- awhttpd/cgi.c 2005-06-04 14:09:52.000000000 +1000 -+++ axTLS/httpd/awhttpd/cgi.c 2006-08-12 19:17:29.171875000 +1000 ++++ axTLS/httpd/awhttpd/cgi.c 2006-11-15 15:09:14.211883700 +1000 @@ -7,93 +7,46 @@ */ @@ -654,7 +654,7 @@ diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c -} diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c --- awhttpd/conn.c 2004-12-07 16:11:02.000000000 +1000 -+++ axTLS/httpd/awhttpd/conn.c 2006-08-12 19:16:59.687500000 +1000 ++++ axTLS/httpd/awhttpd/conn.c 2006-11-15 15:09:14.243134700 +1000 @@ -9,26 +9,16 @@ #include @@ -761,7 +761,7 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c } diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c --- awhttpd/errors.c 2005-01-23 06:49:29.000000000 +1000 -+++ axTLS/httpd/awhttpd/errors.c 2006-08-12 19:16:59.687500000 +1000 ++++ axTLS/httpd/awhttpd/errors.c 2006-11-15 15:09:14.258760200 +1000 @@ -8,7 +8,6 @@ @@ -804,7 +804,7 @@ diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c --- awhttpd/index.c 2005-06-04 14:09:52.000000000 +1000 -+++ axTLS/httpd/awhttpd/index.c 2006-08-12 19:16:59.687500000 +1000 ++++ axTLS/httpd/awhttpd/index.c 2006-11-15 15:09:14.258760200 +1000 @@ -11,7 +11,6 @@ #include #include @@ -851,7 +851,7 @@ diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH); diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c --- awhttpd/main.c 2005-06-04 14:09:52.000000000 +1000 -+++ axTLS/httpd/awhttpd/main.c 2006-08-12 19:16:59.687500000 +1000 ++++ axTLS/httpd/awhttpd/main.c 2006-11-21 16:30:37.093363800 +1000 @@ -11,7 +11,6 @@ #include #include @@ -903,7 +903,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c void initlists() { int i; -@@ -33,108 +64,119 @@ +@@ -33,108 +64,118 @@ servers = NULL; usedconns = NULL; freeconns = NULL; @@ -1040,7 +1040,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c pid = fork(); if(pid > 0) { - status(); +- status(); exit(0); } else if(pid == -1) { +#ifdef CONFIG_HTTP_VERBOSE @@ -1085,7 +1085,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c return 0; diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c --- awhttpd/mime_types.c 2004-01-26 01:08:47.000000000 +1000 -+++ axTLS/httpd/awhttpd/mime_types.c 2006-08-12 19:16:59.703125000 +1000 ++++ axTLS/httpd/awhttpd/mime_types.c 2006-11-15 15:09:14.305636700 +1000 @@ -7,28 +7,21 @@ */ @@ -1170,7 +1170,7 @@ diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c + diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c --- awhttpd/misc.c 2005-01-23 12:59:09.000000000 +1000 -+++ axTLS/httpd/awhttpd/misc.c 2006-08-12 19:16:59.703125000 +1000 ++++ axTLS/httpd/awhttpd/misc.c 2006-11-15 15:09:14.321262200 +1000 @@ -7,33 +7,33 @@ */ @@ -1487,7 +1487,7 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c +#endif diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c --- awhttpd/net.c 2005-06-04 14:09:52.000000000 +1000 -+++ axTLS/httpd/awhttpd/net.c 2006-08-12 19:16:59.703125000 +1000 ++++ axTLS/httpd/awhttpd/net.c 2006-11-15 15:09:14.352513200 +1000 @@ -8,9 +8,7 @@ @@ -1598,7 +1598,7 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c --- awhttpd/permcheck.c 2005-01-23 06:49:29.000000000 +1000 -+++ axTLS/httpd/awhttpd/permcheck.c 2006-08-12 19:16:59.703125000 +1000 ++++ axTLS/httpd/awhttpd/permcheck.c 2006-11-15 15:09:14.368138700 +1000 @@ -7,21 +7,23 @@ */ @@ -1689,7 +1689,7 @@ diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c +#endif /* CONFIG_HTTP_PERM_CHECK */ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c --- awhttpd/proc.c 2005-01-23 10:59:41.000000000 +1000 -+++ axTLS/httpd/awhttpd/proc.c 2006-08-12 19:16:59.703125000 +1000 ++++ axTLS/httpd/awhttpd/proc.c 2006-11-15 15:09:14.399389700 +1000 @@ -13,91 +13,92 @@ #include #include @@ -2229,7 +2229,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c } diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c --- awhttpd/socket.c 2004-04-25 13:03:05.000000000 +1000 -+++ axTLS/httpd/awhttpd/socket.c 2006-08-12 19:16:59.718750000 +1000 ++++ axTLS/httpd/awhttpd/socket.c 2006-11-15 15:09:14.415015200 +1000 @@ -8,61 +8,17 @@ @@ -2350,7 +2350,7 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c memset(&(my_addr.sin_zero), 0, 8); // zero the rest of the struct diff -Naur awhttpd/urlencode.c axTLS/httpd/awhttpd/urlencode.c --- awhttpd/urlencode.c 2004-05-14 10:53:47.000000000 +1000 -+++ axTLS/httpd/awhttpd/urlencode.c 2006-08-12 19:16:59.718750000 +1000 ++++ axTLS/httpd/awhttpd/urlencode.c 2006-11-15 15:09:14.430640700 +1000 @@ -13,7 +13,7 @@ #include diff --git a/samples/c/Makefile b/samples/c/Makefile index 95a3381cf..c941f781d 100644 --- a/samples/c/Makefile +++ b/samples/c/Makefile @@ -46,7 +46,7 @@ include ../../config/makefile.post ifndef CONFIG_PLATFORM_WIN32 -$(TARGET): $(OBJ) +$(TARGET): $(OBJ) $(LIBS)/libaxtls.a $(LD) $(LDFLAGS) -o $@ $< -L$(LIBS) -laxtls ifndef CONFIG_DEBUG ifndef CONFIG_PLATFORM_SOLARIS diff --git a/ssl/asn1.c b/ssl/asn1.c index 6e67d3c7d..487d848fb 100644 --- a/ssl/asn1.c +++ b/ssl/asn1.c @@ -42,7 +42,7 @@ static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = }; /* CN, O, OU */ -static uint8_t g_dn_types[] = { 3, 10, 11 }; +static const uint8_t g_dn_types[] = { 3, 10, 11 }; static int get_asn1_length(const uint8_t *buf, int *offset) { @@ -152,8 +152,7 @@ int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx) dQ_len = asn1_get_int(buf, &offset, &dQ); qInv_len = asn1_get_int(buf, &offset, &qInv); - if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || - dQ_len <= 0 || qInv_len <= 0) + if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0) return X509_INVALID_PRIV_KEY; RSA_priv_key_new(rsa_ctx, @@ -191,6 +190,7 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t) memset(&tm, 0, sizeof(struct tm)); tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0'); + if (tm.tm_year <= 50) /* 1951-2050 thing */ { tm.tm_year += 100; @@ -228,8 +228,8 @@ end_version: static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx) { return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 || - asn1_get_utc_time(cert, offset, &x509_ctx->not_before) || - asn1_get_utc_time(cert, offset, &x509_ctx->not_after)); + asn1_get_utc_time(cert, offset, &x509_ctx->not_before) || + asn1_get_utc_time(cert, offset, &x509_ctx->not_after)); } /** @@ -259,15 +259,13 @@ end_oid: /** * Obtain an ASN.1 printable string type. */ -static int asn1_get_printable_str(const uint8_t *buf, - int *offset, char **str) +static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str) { int len = X509_NOT_OK; /* some certs have this awful crud in them for some reason */ if (buf[*offset] != ASN1_PRINTABLE_STR && - buf[*offset] != ASN1_TELETEX_STR && - buf[*offset] != ASN1_IA5_STR) + buf[*offset] != ASN1_TELETEX_STR && buf[*offset] != ASN1_IA5_STR) goto end_pnt_str; (*offset)++; @@ -334,8 +332,7 @@ end_name: /** * Read the modulus and public exponent of a certificate. */ -static int asn1_public_key(const uint8_t *cert, int *offset, - X509_CTX *x509_ctx) +static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx) { int ret = X509_NOT_OK, mod_len, pub_len; uint8_t *modulus, *pub_exp; @@ -353,8 +350,7 @@ static int asn1_public_key(const uint8_t *cert, int *offset, mod_len = asn1_get_int(cert, offset, &modulus); pub_len = asn1_get_int(cert, offset, &pub_exp); - RSA_pub_key_new(&x509_ctx->rsa_ctx, - modulus, mod_len, pub_exp, pub_len); + RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len); free(modulus); free(pub_exp); diff --git a/ssl/p12.c b/ssl/p12.c index 218950998..a74bdbf28 100644 --- a/ssl/p12.c +++ b/ssl/p12.c @@ -57,9 +57,14 @@ #ifdef CONFIG_SSL_USE_PKCS12 #define BLOCK_SIZE 64 +#define PKCS12_KEY_ID 1 +#define PKCS12_IV_ID 2 +#define PKCS12_MAC_ID 3 -static int p8_decrypt(const char *password, const uint8_t *salt, int iter, - uint8_t *priv_key, int priv_key_len); +static char *make_uni_pass(const char *password, int *uni_pass_len); +static int p8_decrypt(const char *uni_pass, int uni_pass_len, + const uint8_t *salt, int iter, + uint8_t *priv_key, int priv_key_len, int id); static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key); static int get_pbe_params(uint8_t *buf, int *offset, const uint8_t **salt, int *iterations); @@ -76,6 +81,8 @@ int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) uint8_t *version = NULL; const uint8_t *salt; uint8_t *priv_key; + int uni_pass_len; + char *uni_pass = make_uni_pass(password, &uni_pass_len); if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0) { @@ -100,11 +107,13 @@ int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) priv_key = &buf[offset]; - p8_decrypt(password, salt, iterations, priv_key, len); + p8_decrypt(uni_pass, uni_pass_len, salt, + iterations, priv_key, len, PKCS12_KEY_ID); ret = p8_add_key(ssl_ctx, priv_key); error: free(version); + free(uni_pass); return ret; } @@ -132,20 +141,12 @@ error: } /* - * Decrypt a pkcs8 block. + * Create the unicode password */ -static int p8_decrypt(const char *password, const uint8_t *salt, int iter, - uint8_t *priv_key, int priv_key_len) +static char *make_uni_pass(const char *password, int *uni_pass_len) { - uint8_t p[BLOCK_SIZE*2]; - uint8_t d[BLOCK_SIZE]; - uint8_t Ai[SHA1_SIZE]; - SHA1_CTX sha_ctx; - RC4_CTX rc4_ctx; - uint8_t *uni_pass = NULL; - int i; - int uni_pass_len = 0; - int id = 1; /* key id */ + int pass_len = 0, i; + char *uni_pass; if (password == NULL) { @@ -157,12 +158,29 @@ static int p8_decrypt(const char *password, const uint8_t *salt, int iter, /* modify the password into a unicode version */ for (i = 0; i < (int)strlen(password); i++) { - uni_pass[uni_pass_len++] = 0; - uni_pass[uni_pass_len++] = password[i]; + uni_pass[pass_len++] = 0; + uni_pass[pass_len++] = password[i]; } - uni_pass[uni_pass_len++] = 0; /* null terminate */ - uni_pass[uni_pass_len++] = 0; + uni_pass[pass_len++] = 0; /* null terminate */ + uni_pass[pass_len++] = 0; + *uni_pass_len = pass_len; + return uni_pass; +} + +/* + * Decrypt a pkcs8 block. + */ +static int p8_decrypt(const char *uni_pass, int uni_pass_len, + const uint8_t *salt, int iter, + uint8_t *priv_key, int priv_key_len, int id) +{ + uint8_t p[BLOCK_SIZE*2]; + uint8_t d[BLOCK_SIZE]; + uint8_t Ai[SHA1_SIZE]; + SHA1_CTX sha_ctx; + RC4_CTX rc4_ctx; + int i; for (i = 0; i < BLOCK_SIZE; i++) { @@ -185,9 +203,14 @@ static int p8_decrypt(const char *password, const uint8_t *salt, int iter, } /* do the decryption */ - RC4_setup(&rc4_ctx, Ai, 16); - RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len); - free(uni_pass); + if (id == PKCS12_KEY_ID) + { + RC4_setup(&rc4_ctx, Ai, 16); + RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len); + } + else /* MAC */ + memcpy(priv_key, Ai, SHA1_SIZE); + return 0; } @@ -198,13 +221,16 @@ static int p8_decrypt(const char *password, const uint8_t *salt, int iter, int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) { uint8_t *buf = ssl_obj->buf; - int all_ok = 0, len, iterations, key_offset, offset = 0; + int all_ok = 0, len, iterations, auth_safes_start, + auth_safes_end, auth_safes_len, key_offset, offset = 0; int all_certs = 0; - uint8_t *version = NULL, *cert, *mac; - SHA1_CTX sha_ctx; - char sha[SHA1_SIZE]; + uint8_t *version = NULL, *auth_safes = NULL, *cert, *orig_mac; + char key[SHA1_SIZE]; + char mac[SHA1_SIZE]; const uint8_t *salt; - int ret; + int uni_pass_len, ret; + int error_code = SSL_ERROR_NOT_SUPPORTED; + char *uni_pass = make_uni_pass(password, &uni_pass_len); static const uint8_t pkcs_data[] = /* pkc7 data */ { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 }; static const uint8_t pkcs_encrypted[] = /* pkc7 encrypted */ @@ -221,14 +247,10 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) } if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3) + { + error_code = SSL_ERROR_INVALID_VERSION; goto error; - - /* work out the MAC of this bit */ - key_offset = offset; - asn1_skip_obj(buf, &key_offset, ASN1_SEQUENCE); - SHA1Init(&sha_ctx); - SHA1Update(&sha_ctx, &buf[offset], key_offset-offset); - SHA1Final(&sha_ctx, sha); + } /* remove all the boring pcks7 bits */ if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || @@ -240,8 +262,18 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) offset += len; if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 || - asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 || - asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || + asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0) + goto error; + + /* work out the MAC start/end points (done on AuthSafes) */ + auth_safes_start = offset; + auth_safes_end = offset; + asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE); + auth_safes_len = auth_safes_end - auth_safes_start; + auth_safes = malloc(auth_safes_len); + memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len); + + if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 || (len != sizeof(pkcs_encrypted) || @@ -268,7 +300,8 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) /* decrypt the certificate */ cert = &buf[offset]; - if ((ret = p8_decrypt(password, salt, iterations, cert, len)) < 0) + if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, + len, PKCS12_KEY_ID)) < 0) goto error; offset += len; @@ -327,7 +360,8 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) /* decrypt the private key */ cert = &buf[offset]; - if ((ret = p8_decrypt(password, salt, iterations, cert, len)) < 0) + if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, + len, PKCS12_KEY_ID)) < 0) goto error; offset += len; @@ -348,28 +382,34 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password) len != SHA1_SIZE) goto error; - mac = &buf[offset]; + orig_mac = &buf[offset]; offset += len; /* get the salt */ - if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || - len != 8) + if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || len != 8) goto error; salt = &buf[offset]; /* work out what the mac should be */ - if ((ret = p8_decrypt(password, salt, iterations, mac, SHA1_SIZE)) < 0) + if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, + key, SHA1_SIZE, PKCS12_MAC_ID)) < 0) goto error; - /* TODO: actually memcmp the MAC - there is something wrong at the moment */ - /* print_blob("MAC orig", sha, SHA1_SIZE); */ - /* print_blob("MAC calc", mac, SHA1_SIZE); */ + hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac); + + if (memcmp(mac, orig_mac, SHA1_SIZE)) + { + error_code = SSL_ERROR_INVALID_HMAC; + goto error; + } all_ok = 1; error: free(version); - return all_ok ? SSL_OK : SSL_ERROR_NOT_SUPPORTED; + free(uni_pass); + free(auth_safes); + return all_ok ? SSL_OK : error_code; } /* diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c index 21cb63c13..c1ac2f1fc 100644 --- a/ssl/test/ssltest.c +++ b/ssl/test/ssltest.c @@ -1083,34 +1083,34 @@ int SSL_server_tests(void) TTY_FLUSH(); /* - * PKCS 8 key (encrypted) + * PKCS#8 key (encrypted) */ - if ((ret = SSL_server_test(NULL, "pkcs 8 encrypted", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", NULL, "abcd", - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * PKCS 8 key (unencrypted) - */ - if ((ret = SSL_server_test(NULL, "pkcs 8 unencrypted", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", NULL, NULL, - DEFAULT_SVR_OPTION))) - goto cleanup; - - /* - * PKCS 12 key/certificate - */ - if ((ret = SSL_server_test(NULL, "pkcs 12 no CA", "-cipher RC4-SHA", - DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", + if ((ret = SSL_server_test(NULL, "pkcs#8 encrypted", "-cipher RC4-SHA", + DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", NULL, "abcd", DEFAULT_SVR_OPTION))) goto cleanup; - if ((ret = SSL_server_test(NULL, "pkcs 12 with CA", "-cipher RC4-SHA", + /* + * PKCS#8 key (unencrypted) + */ + if ((ret = SSL_server_test(NULL, "pkcs#8 unencrypted", "-cipher RC4-SHA", + DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", + NULL, NULL, DEFAULT_SVR_OPTION))) + goto cleanup; + + /* + * PKCS#12 key/certificate + */ + if ((ret = SSL_server_test(NULL, "pkcs#12 with CA", "-cipher RC4-SHA", NULL, NULL, "../ssl/test/axTLS.withCA.p12", NULL, "abcd", DEFAULT_SVR_OPTION))) goto cleanup; + if ((ret = SSL_server_test(NULL, "pkcs#12 no CA", "-cipher RC4-SHA", + DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", + NULL, "abcd", DEFAULT_SVR_OPTION))) + goto cleanup; + ret = 0; cleanup: