Add -srp option to ciphers command.

RT#4224

Reviewed-by: Richard Levitte <levitte@openssl.org>
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 924c015..44f4216 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -70,6 +70,7 @@
     OPT_TLS1_1,
     OPT_TLS1_2,
     OPT_PSK,
+    OPT_SRP,
     OPT_V, OPT_UPPER_V, OPT_S
 } OPTION_CHOICE;
 
@@ -96,6 +97,9 @@
 #ifndef OPENSSL_NO_PSK
     {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
 #endif
+#ifndef OPENSSL_NO_SRP
+    {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
+#endif
     {NULL}
 };
 
@@ -108,6 +112,12 @@
     return 0;
 }
 #endif
+#ifndef OPENSSL_NO_SRP
+static char *dummy_srp(SSL *ssl, void *arg)
+{
+    return "";
+}
+#endif
 
 int ciphers_main(int argc, char **argv)
 {
@@ -122,6 +132,9 @@
 #ifndef OPENSSL_NO_PSK
     int psk = 0;
 #endif
+#ifndef OPENSSL_NO_SRP
+    int srp = 0;
+#endif
     const char *p;
     char *ciphers = NULL, *prog;
     char buf[512];
@@ -174,6 +187,10 @@
 #ifndef OPENSSL_NO_PSK
             psk = 1;
 #endif
+        case OPT_SRP:
+#ifndef OPENSSL_NO_SRP
+            srp = 1;
+#endif
             break;
         }
     }
@@ -197,6 +214,10 @@
     if (psk)
         SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
 #endif
+#ifndef OPENSSL_NO_SRP
+    if (srp)
+        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
+#endif
     if (ciphers != NULL) {
         if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
             BIO_printf(bio_err, "Error in cipher list\n");
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 9788fa3..f1d0656 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -17,6 +17,7 @@
 [B<-tls1_2>]
 [B<-s>]
 [B<-psk>]
+[B<-srp>]
 [B<-stdname>]
 [B<cipherlist>]
 
@@ -37,13 +38,12 @@
 =item B<-s>
 
 Only list supported ciphers: those consistent with the security level, and
-minimum and maximum protocol version.
-This is closer to the actual cipher list an application will support.
+minimum and maximum protocol version.  This is closer to the actual cipher list
+an application will support.
 
-This program does not set up support for SRP and so SRP based ciphers will
-always be excluded when using this option.
-PSK ciphers are not enabled by default and it requires the B<-psk> to enable
-them.
+PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp>
+to enable them.
+
 It also does not change the default list of supported signature algorithms.
 
 On a server the list of supported ciphers might also exclude other ciphers
@@ -56,6 +56,10 @@
 
 When combined with B<-s> includes cipher suites which require PSK.
 
+=item B<-srp>
+
+When combined with B<-s> includes cipher suites which require SRP.
+
 =item B<-v>
 
 Verbose output: For each ciphersuite, list details as provided by