OLD | NEW |
1 /* apps/s_server.c */ | 1 /* apps/s_server.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 /* ==================================================================== | 58 /* ==================================================================== |
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
60 * | 60 * |
61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
63 * are met: | 63 * are met: |
64 * | 64 * |
65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
67 * | 67 * |
68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 * This product includes cryptographic software written by Eric Young | 106 * This product includes cryptographic software written by Eric Young |
107 * (eay@cryptsoft.com). This product includes software written by Tim | 107 * (eay@cryptsoft.com). This product includes software written by Tim |
108 * Hudson (tjh@cryptsoft.com). | 108 * Hudson (tjh@cryptsoft.com). |
109 * | 109 * |
110 */ | 110 */ |
111 /* ==================================================================== | 111 /* ==================================================================== |
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
113 * ECC cipher suite support in OpenSSL originally developed by | 113 * ECC cipher suite support in OpenSSL originally developed by |
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. |
115 */ | 115 */ |
| 116 /* ==================================================================== |
| 117 * Copyright 2005 Nokia. All rights reserved. |
| 118 * |
| 119 * The portions of the attached software ("Contribution") is developed by |
| 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 121 * license. |
| 122 * |
| 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 125 * support (see RFC 4279) to OpenSSL. |
| 126 * |
| 127 * No patent licenses or other rights except those expressly stated in |
| 128 * the OpenSSL open source license shall be deemed granted or received |
| 129 * expressly, by implication, estoppel, or otherwise. |
| 130 * |
| 131 * No assurances are provided by Nokia that the Contribution does not |
| 132 * infringe the patent or other intellectual property rights of any third |
| 133 * party or that the license provides you with all the necessary rights |
| 134 * to make use of the Contribution. |
| 135 * |
| 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 140 * OTHERWISE. |
| 141 */ |
116 | 142 |
117 /* Until the key-gen callbacks are modified to use newer prototypes, we allow | 143 /* Until the key-gen callbacks are modified to use newer prototypes, we allow |
118 * deprecated functions for openssl-internal code */ | 144 * deprecated functions for openssl-internal code */ |
119 #ifdef OPENSSL_NO_DEPRECATED | 145 #ifdef OPENSSL_NO_DEPRECATED |
120 #undef OPENSSL_NO_DEPRECATED | 146 #undef OPENSSL_NO_DEPRECATED |
121 #endif | 147 #endif |
122 | 148 |
123 #include <assert.h> | 149 #include <assert.h> |
| 150 #include <ctype.h> |
124 #include <stdio.h> | 151 #include <stdio.h> |
125 #include <stdlib.h> | 152 #include <stdlib.h> |
126 #include <string.h> | 153 #include <string.h> |
127 | 154 |
128 #include <sys/stat.h> | |
129 #include <openssl/e_os2.h> | 155 #include <openssl/e_os2.h> |
130 #ifdef OPENSSL_NO_STDIO | 156 #ifdef OPENSSL_NO_STDIO |
131 #define APPS_WIN16 | 157 #define APPS_WIN16 |
132 #endif | 158 #endif |
133 | 159 |
134 #if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware *
/ | 160 #if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware *
/ |
135 #include <sys/types.h> | 161 #include <sys/types.h> |
136 #endif | 162 #endif |
137 | 163 |
138 /* With IPv6, it looks like Digital has mixed up the proper order of | 164 /* With IPv6, it looks like Digital has mixed up the proper order of |
(...skipping 17 matching lines...) Expand all Loading... |
156 #include <openssl/ocsp.h> | 182 #include <openssl/ocsp.h> |
157 #ifndef OPENSSL_NO_DH | 183 #ifndef OPENSSL_NO_DH |
158 #include <openssl/dh.h> | 184 #include <openssl/dh.h> |
159 #endif | 185 #endif |
160 #ifndef OPENSSL_NO_RSA | 186 #ifndef OPENSSL_NO_RSA |
161 #include <openssl/rsa.h> | 187 #include <openssl/rsa.h> |
162 #endif | 188 #endif |
163 #include "s_apps.h" | 189 #include "s_apps.h" |
164 #include "timeouts.h" | 190 #include "timeouts.h" |
165 | 191 |
166 #ifdef OPENSSL_SYS_WINCE | |
167 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problem
s below... */ | |
168 #ifdef fileno | |
169 #undef fileno | |
170 #endif | |
171 #define fileno(a) (int)_fileno(a) | |
172 #endif | |
173 | |
174 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) | 192 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) |
175 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ | 193 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ |
176 #undef FIONBIO | 194 #undef FIONBIO |
177 #endif | 195 #endif |
178 | 196 |
| 197 #if defined(OPENSSL_SYS_BEOS_R5) |
| 198 #include <fcntl.h> |
| 199 #endif |
| 200 |
179 #ifndef OPENSSL_NO_RSA | 201 #ifndef OPENSSL_NO_RSA |
180 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); | 202 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); |
181 #endif | 203 #endif |
182 static int sv_body(char *hostname, int s, unsigned char *context); | 204 static int sv_body(char *hostname, int s, unsigned char *context); |
183 static int www_body(char *hostname, int s, unsigned char *context); | 205 static int www_body(char *hostname, int s, unsigned char *context); |
184 static void close_accept_socket(void ); | 206 static void close_accept_socket(void ); |
185 static void sv_usage(void); | 207 static void sv_usage(void); |
186 static int init_ssl_connection(SSL *s); | 208 static int init_ssl_connection(SSL *s); |
187 static void print_stats(BIO *bp,SSL_CTX *ctx); | 209 static void print_stats(BIO *bp,SSL_CTX *ctx); |
188 static int generate_session_id(const SSL *ssl, unsigned char *id, | 210 static int generate_session_id(const SSL *ssl, unsigned char *id, |
189 unsigned int *id_len); | 211 unsigned int *id_len); |
190 #ifndef OPENSSL_NO_DH | 212 #ifndef OPENSSL_NO_DH |
191 static DH *load_dh_param(const char *dhfile); | 213 static DH *load_dh_param(const char *dhfile); |
192 static DH *get_dh512(void); | 214 static DH *get_dh512(void); |
193 #endif | 215 #endif |
194 | 216 |
195 #ifdef MONOLITH | 217 #ifdef MONOLITH |
196 static void s_server_init(void); | 218 static void s_server_init(void); |
197 #endif | 219 #endif |
198 | 220 |
199 #ifndef S_ISDIR | |
200 # if defined(_S_IFMT) && defined(_S_IFDIR) | |
201 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) | |
202 # else | |
203 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) | |
204 # endif | |
205 #endif | |
206 | |
207 #ifndef OPENSSL_NO_DH | 221 #ifndef OPENSSL_NO_DH |
208 static unsigned char dh512_p[]={ | 222 static unsigned char dh512_p[]={ |
209 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, | 223 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, |
210 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, | 224 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, |
211 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, | 225 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, |
212 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, | 226 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, |
213 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, | 227 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, |
214 0x47,0x74,0xE8,0x33, | 228 0x47,0x74,0xE8,0x33, |
215 }; | 229 }; |
216 static unsigned char dh512_g[]={ | 230 static unsigned char dh512_g[]={ |
(...skipping 21 matching lines...) Expand all Loading... |
238 static int bufsize=BUFSIZZ; | 252 static int bufsize=BUFSIZZ; |
239 static int accept_socket= -1; | 253 static int accept_socket= -1; |
240 | 254 |
241 #define TEST_CERT "server.pem" | 255 #define TEST_CERT "server.pem" |
242 #ifndef OPENSSL_NO_TLSEXT | 256 #ifndef OPENSSL_NO_TLSEXT |
243 #define TEST_CERT2 "server2.pem" | 257 #define TEST_CERT2 "server2.pem" |
244 #endif | 258 #endif |
245 #undef PROG | 259 #undef PROG |
246 #define PROG s_server_main | 260 #define PROG s_server_main |
247 | 261 |
248 extern int verify_depth; | 262 extern int verify_depth, verify_return_error; |
249 | 263 |
250 static char *cipher=NULL; | 264 static char *cipher=NULL; |
251 static int s_server_verify=SSL_VERIFY_NONE; | 265 static int s_server_verify=SSL_VERIFY_NONE; |
252 static int s_server_session_id_context = 1; /* anything will do */ | 266 static int s_server_session_id_context = 1; /* anything will do */ |
253 static const char *s_cert_file=TEST_CERT,*s_key_file=NULL; | 267 static const char *s_cert_file=TEST_CERT,*s_key_file=NULL; |
254 #ifndef OPENSSL_NO_TLSEXT | 268 #ifndef OPENSSL_NO_TLSEXT |
255 static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; | 269 static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; |
256 #endif | 270 #endif |
257 static char *s_dcert_file=NULL,*s_dkey_file=NULL; | 271 static char *s_dcert_file=NULL,*s_dkey_file=NULL; |
258 #ifdef FIONBIO | 272 #ifdef FIONBIO |
(...skipping 22 matching lines...) Expand all Loading... |
281 static char *engine_id=NULL; | 295 static char *engine_id=NULL; |
282 #endif | 296 #endif |
283 static const char *session_id_prefix=NULL; | 297 static const char *session_id_prefix=NULL; |
284 | 298 |
285 static int enable_timeouts = 0; | 299 static int enable_timeouts = 0; |
286 static long socket_mtu; | 300 static long socket_mtu; |
287 #ifndef OPENSSL_NO_DTLS1 | 301 #ifndef OPENSSL_NO_DTLS1 |
288 static int cert_chain = 0; | 302 static int cert_chain = 0; |
289 #endif | 303 #endif |
290 | 304 |
| 305 #ifndef OPENSSL_NO_PSK |
| 306 static char *psk_identity="Client_identity"; |
| 307 char *psk_key=NULL; /* by default PSK is not used */ |
| 308 |
| 309 static unsigned int psk_server_cb(SSL *ssl, const char *identity, |
| 310 unsigned char *psk, unsigned int max_psk_len) |
| 311 { |
| 312 unsigned int psk_len = 0; |
| 313 int ret; |
| 314 BIGNUM *bn = NULL; |
| 315 |
| 316 if (s_debug) |
| 317 BIO_printf(bio_s_out,"psk_server_cb\n"); |
| 318 if (!identity) |
| 319 { |
| 320 BIO_printf(bio_err,"Error: client did not send PSK identity\n"); |
| 321 goto out_err; |
| 322 } |
| 323 if (s_debug) |
| 324 BIO_printf(bio_s_out,"identity_len=%d identity=%s\n", |
| 325 identity ? (int)strlen(identity) : 0, identity); |
| 326 |
| 327 /* here we could lookup the given identity e.g. from a database */ |
| 328 if (strcmp(identity, psk_identity) != 0) |
| 329 { |
| 330 BIO_printf(bio_s_out, "PSK error: client identity not found" |
| 331 " (got '%s' expected '%s')\n", identity, |
| 332 psk_identity); |
| 333 goto out_err; |
| 334 } |
| 335 if (s_debug) |
| 336 BIO_printf(bio_s_out, "PSK client identity found\n"); |
| 337 |
| 338 /* convert the PSK key to binary */ |
| 339 ret = BN_hex2bn(&bn, psk_key); |
| 340 if (!ret) |
| 341 { |
| 342 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n",
psk_key); |
| 343 if (bn) |
| 344 BN_free(bn); |
| 345 return 0; |
| 346 } |
| 347 if (BN_num_bytes(bn) > (int)max_psk_len) |
| 348 { |
| 349 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for
key (%d)\n", |
| 350 max_psk_len, BN_num_bytes(bn)); |
| 351 BN_free(bn); |
| 352 return 0; |
| 353 } |
| 354 |
| 355 ret = BN_bn2bin(bn, psk); |
| 356 BN_free(bn); |
| 357 |
| 358 if (ret < 0) |
| 359 goto out_err; |
| 360 psk_len = (unsigned int)ret; |
| 361 |
| 362 if (s_debug) |
| 363 BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); |
| 364 return psk_len; |
| 365 out_err: |
| 366 if (s_debug) |
| 367 BIO_printf(bio_err, "Error in PSK server callback\n"); |
| 368 return 0; |
| 369 } |
| 370 #endif |
291 | 371 |
292 #ifdef MONOLITH | 372 #ifdef MONOLITH |
293 static void s_server_init(void) | 373 static void s_server_init(void) |
294 { | 374 { |
295 accept_socket=-1; | 375 accept_socket=-1; |
296 cipher=NULL; | 376 cipher=NULL; |
297 s_server_verify=SSL_VERIFY_NONE; | 377 s_server_verify=SSL_VERIFY_NONE; |
298 s_dcert_file=NULL; | 378 s_dcert_file=NULL; |
299 s_dkey_file=NULL; | 379 s_dkey_file=NULL; |
300 s_cert_file=TEST_CERT; | 380 s_cert_file=TEST_CERT; |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
345 BIO_printf(bio_err," -dcert arg - second certificate file to use (usu
ally for DSA)\n"); | 425 BIO_printf(bio_err," -dcert arg - second certificate file to use (usu
ally for DSA)\n"); |
346 BIO_printf(bio_err," -dcertform x - second certificate format (PEM or D
ER) PEM default\n"); | 426 BIO_printf(bio_err," -dcertform x - second certificate format (PEM or D
ER) PEM default\n"); |
347 BIO_printf(bio_err," -dkey arg - second private key file to use (usu
ally for DSA)\n"); | 427 BIO_printf(bio_err," -dkey arg - second private key file to use (usu
ally for DSA)\n"); |
348 BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGI
NE) PEM default\n"); | 428 BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGI
NE) PEM default\n"); |
349 BIO_printf(bio_err," -dpass arg - second private key file pass phrase
source\n"); | 429 BIO_printf(bio_err," -dpass arg - second private key file pass phrase
source\n"); |
350 BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert f
ile if not specified\n"); | 430 BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert f
ile if not specified\n"); |
351 BIO_printf(bio_err," or a default set of parameters is u
sed\n"); | 431 BIO_printf(bio_err," or a default set of parameters is u
sed\n"); |
352 #ifndef OPENSSL_NO_ECDH | 432 #ifndef OPENSSL_NO_ECDH |
353 BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for
ephemeral ECDH keys.\n" \ | 433 BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for
ephemeral ECDH keys.\n" \ |
354 " Use \"openssl ecparam -list_curves\
" for all names\n" \ | 434 " Use \"openssl ecparam -list_curves\
" for all names\n" \ |
355 » " (default is sect163r2).\n"); | 435 » " (default is nistp256).\n"); |
356 #endif | 436 #endif |
357 #ifdef FIONBIO | 437 #ifdef FIONBIO |
358 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); | 438 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); |
359 #endif | 439 #endif |
360 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio
\n"); | 440 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio
\n"); |
361 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\
n"); | 441 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\
n"); |
362 BIO_printf(bio_err," -debug - Print more output\n"); | 442 BIO_printf(bio_err," -debug - Print more output\n"); |
363 BIO_printf(bio_err," -msg - Show protocol messages\n"); | 443 BIO_printf(bio_err," -msg - Show protocol messages\n"); |
364 BIO_printf(bio_err," -state - Print the SSL states\n"); | 444 BIO_printf(bio_err," -state - Print the SSL states\n"); |
365 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); | 445 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); |
366 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); | 446 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); |
367 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH
)\n"); | 447 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH
)\n"); |
368 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see
what goes here\n"); | 448 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see
what goes here\n"); |
369 BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n")
; | 449 BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n")
; |
370 BIO_printf(bio_err," -quiet - No server output\n"); | 450 BIO_printf(bio_err," -quiet - No server output\n"); |
371 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); | 451 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); |
| 452 #ifndef OPENSSL_NO_PSK |
| 453 BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n"); |
| 454 BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); |
| 455 # ifndef OPENSSL_NO_JPAKE |
| 456 BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); |
| 457 # endif |
| 458 #endif |
372 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); | 459 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); |
373 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); | 460 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); |
374 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); | 461 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); |
375 BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); | 462 BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); |
376 BIO_printf(bio_err," -timeout - Enable timeouts\n"); | 463 BIO_printf(bio_err," -timeout - Enable timeouts\n"); |
377 BIO_printf(bio_err," -mtu - Set link layer MTU\n"); | 464 BIO_printf(bio_err," -mtu - Set link layer MTU\n"); |
378 BIO_printf(bio_err," -chain - Read a certificate chain\n"); | 465 BIO_printf(bio_err," -chain - Read a certificate chain\n"); |
379 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); | 466 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); |
380 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); | 467 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); |
381 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); | 468 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); |
(...skipping 16 matching lines...) Expand all Loading... |
398 #ifndef OPENSSL_NO_TLSEXT | 485 #ifndef OPENSSL_NO_TLSEXT |
399 BIO_printf(bio_err," -servername host - servername for HostName TLS exte
nsion\n"); | 486 BIO_printf(bio_err," -servername host - servername for HostName TLS exte
nsion\n"); |
400 BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (d
efault warning alert)\n"); | 487 BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (d
efault warning alert)\n"); |
401 BIO_printf(bio_err," -cert2 arg - certificate file to use for servern
ame\n"); | 488 BIO_printf(bio_err," -cert2 arg - certificate file to use for servern
ame\n"); |
402 BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); | 489 BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); |
403 BIO_printf(bio_err," -key2 arg - Private Key file to use for servern
ame, in cert file if\n"); | 490 BIO_printf(bio_err," -key2 arg - Private Key file to use for servern
ame, in cert file if\n"); |
404 BIO_printf(bio_err," not specified (default is %s)\n",TE
ST_CERT2); | 491 BIO_printf(bio_err," not specified (default is %s)\n",TE
ST_CERT2); |
405 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions rece
ived\n"); | 492 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions rece
ived\n"); |
406 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session t
ickets\n"); | 493 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session t
ickets\n"); |
407 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego
tiation (dangerous)\n"); | 494 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego
tiation (dangerous)\n"); |
| 495 # ifndef OPENSSL_NO_NEXTPROTONEG |
408 BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols fo
r the NPN extension (comma-separated list)\n"); | 496 BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols fo
r the NPN extension (comma-separated list)\n"); |
| 497 # endif |
409 #endif | 498 #endif |
410 } | 499 } |
411 | 500 |
412 static int local_argc=0; | 501 static int local_argc=0; |
413 static char **local_argv; | 502 static char **local_argv; |
414 | 503 |
415 #ifdef CHARSET_EBCDIC | 504 #ifdef CHARSET_EBCDIC |
416 static int ebcdic_new(BIO *bi); | 505 static int ebcdic_new(BIO *bi); |
417 static int ebcdic_free(BIO *a); | 506 static int ebcdic_free(BIO *a); |
418 static int ebcdic_read(BIO *b, char *out, int outl); | 507 static int ebcdic_read(BIO *b, char *out, int outl); |
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
581 | 670 |
582 if (!p->servername) | 671 if (!p->servername) |
583 return SSL_TLSEXT_ERR_NOACK; | 672 return SSL_TLSEXT_ERR_NOACK; |
584 | 673 |
585 if (servername) | 674 if (servername) |
586 { | 675 { |
587 if (strcmp(servername,p->servername)) | 676 if (strcmp(servername,p->servername)) |
588 return p->extension_error; | 677 return p->extension_error; |
589 if (ctx2) | 678 if (ctx2) |
590 { | 679 { |
591 » » » BIO_printf(p->biodebug,"Swiching server context.\n"); | 680 » » » BIO_printf(p->biodebug,"Switching server context.\n"); |
592 SSL_set_SSL_CTX(s,ctx2); | 681 SSL_set_SSL_CTX(s,ctx2); |
593 } | 682 } |
594 } | 683 } |
595 return SSL_TLSEXT_ERR_OK; | 684 return SSL_TLSEXT_ERR_OK; |
596 } | 685 } |
597 | 686 |
598 /* Structure passed to cert status callback */ | 687 /* Structure passed to cert status callback */ |
599 | 688 |
600 typedef struct tlsextstatusctx_st { | 689 typedef struct tlsextstatusctx_st { |
601 /* Default responder to use */ | 690 /* Default responder to use */ |
(...skipping 18 matching lines...) Expand all Loading... |
620 */ | 709 */ |
621 | 710 |
622 static int cert_status_cb(SSL *s, void *arg) | 711 static int cert_status_cb(SSL *s, void *arg) |
623 { | 712 { |
624 tlsextstatusctx *srctx = arg; | 713 tlsextstatusctx *srctx = arg; |
625 BIO *err = srctx->err; | 714 BIO *err = srctx->err; |
626 char *host, *port, *path; | 715 char *host, *port, *path; |
627 int use_ssl; | 716 int use_ssl; |
628 unsigned char *rspder = NULL; | 717 unsigned char *rspder = NULL; |
629 int rspderlen; | 718 int rspderlen; |
630 » STACK *aia = NULL; | 719 » STACK_OF(OPENSSL_STRING) *aia = NULL; |
631 X509 *x = NULL; | 720 X509 *x = NULL; |
632 X509_STORE_CTX inctx; | 721 X509_STORE_CTX inctx; |
633 X509_OBJECT obj; | 722 X509_OBJECT obj; |
634 OCSP_REQUEST *req = NULL; | 723 OCSP_REQUEST *req = NULL; |
635 OCSP_RESPONSE *resp = NULL; | 724 OCSP_RESPONSE *resp = NULL; |
636 OCSP_CERTID *id = NULL; | 725 OCSP_CERTID *id = NULL; |
637 STACK_OF(X509_EXTENSION) *exts; | 726 STACK_OF(X509_EXTENSION) *exts; |
638 int ret = SSL_TLSEXT_ERR_NOACK; | 727 int ret = SSL_TLSEXT_ERR_NOACK; |
639 int i; | 728 int i; |
640 #if 0 | 729 #if 0 |
641 STACK_OF(OCSP_RESPID) *ids; | 730 STACK_OF(OCSP_RESPID) *ids; |
642 SSL_get_tlsext_status_ids(s, &ids); | 731 SSL_get_tlsext_status_ids(s, &ids); |
643 BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); | 732 BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); |
644 #endif | 733 #endif |
645 if (srctx->verbose) | 734 if (srctx->verbose) |
646 BIO_puts(err, "cert_status: callback called\n"); | 735 BIO_puts(err, "cert_status: callback called\n"); |
647 /* Build up OCSP query from server certificate */ | 736 /* Build up OCSP query from server certificate */ |
648 x = SSL_get_certificate(s); | 737 x = SSL_get_certificate(s); |
649 aia = X509_get1_ocsp(x); | 738 aia = X509_get1_ocsp(x); |
650 if (aia) | 739 if (aia) |
651 { | 740 { |
652 » » if (!OCSP_parse_url(sk_value(aia, 0), | 741 » » if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), |
653 &host, &port, &path, &use_ssl)) | 742 &host, &port, &path, &use_ssl)) |
654 { | 743 { |
655 BIO_puts(err, "cert_status: can't parse AIA URL\n"); | 744 BIO_puts(err, "cert_status: can't parse AIA URL\n"); |
656 goto err; | 745 goto err; |
657 } | 746 } |
658 if (srctx->verbose) | 747 if (srctx->verbose) |
659 BIO_printf(err, "cert_status: AIA URL: %s\n", | 748 BIO_printf(err, "cert_status: AIA URL: %s\n", |
660 » » » » » sk_value(aia, 0)); | 749 » » » » » sk_OPENSSL_STRING_value(aia, 0)); |
661 } | 750 } |
662 else | 751 else |
663 { | 752 { |
664 if (!srctx->host) | 753 if (!srctx->host) |
665 { | 754 { |
666 BIO_puts(srctx->err, "cert_status: no AIA and no default
responder URL\n"); | 755 BIO_puts(srctx->err, "cert_status: no AIA and no default
responder URL\n"); |
667 goto done; | 756 goto done; |
668 } | 757 } |
669 host = srctx->host; | 758 host = srctx->host; |
670 path = srctx->path; | 759 path = srctx->path; |
(...skipping 24 matching lines...) Expand all Loading... |
695 goto err; | 784 goto err; |
696 id = NULL; | 785 id = NULL; |
697 /* Add any extensions to the request */ | 786 /* Add any extensions to the request */ |
698 SSL_get_tlsext_status_exts(s, &exts); | 787 SSL_get_tlsext_status_exts(s, &exts); |
699 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) | 788 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) |
700 { | 789 { |
701 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); | 790 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); |
702 if (!OCSP_REQUEST_add_ext(req, ext, -1)) | 791 if (!OCSP_REQUEST_add_ext(req, ext, -1)) |
703 goto err; | 792 goto err; |
704 } | 793 } |
705 » resp = process_responder(err, req, host, path, port, use_ssl, | 794 » resp = process_responder(err, req, host, path, port, use_ssl, NULL, |
706 srctx->timeout); | 795 srctx->timeout); |
707 if (!resp) | 796 if (!resp) |
708 { | 797 { |
709 BIO_puts(err, "cert_status: error querying responder\n"); | 798 BIO_puts(err, "cert_status: error querying responder\n"); |
710 goto done; | 799 goto done; |
711 } | 800 } |
712 rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); | 801 rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); |
713 if (rspderlen <= 0) | 802 if (rspderlen <= 0) |
714 goto err; | 803 goto err; |
715 SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); | 804 SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); |
(...skipping 17 matching lines...) Expand all Loading... |
733 OCSP_CERTID_free(id); | 822 OCSP_CERTID_free(id); |
734 if (req) | 823 if (req) |
735 OCSP_REQUEST_free(req); | 824 OCSP_REQUEST_free(req); |
736 if (resp) | 825 if (resp) |
737 OCSP_RESPONSE_free(resp); | 826 OCSP_RESPONSE_free(resp); |
738 return ret; | 827 return ret; |
739 err: | 828 err: |
740 ret = SSL_TLSEXT_ERR_ALERT_FATAL; | 829 ret = SSL_TLSEXT_ERR_ALERT_FATAL; |
741 goto done; | 830 goto done; |
742 } | 831 } |
743 #endif | |
744 | 832 |
745 | 833 # ifndef OPENSSL_NO_NEXTPROTONEG |
746 /* This the context that we pass to next_proto_cb */ | 834 /* This is the context that we pass to next_proto_cb */ |
747 typedef struct tlsextnextprotoctx_st { | 835 typedef struct tlsextnextprotoctx_st { |
748 unsigned char *data; | 836 unsigned char *data; |
749 unsigned int len; | 837 unsigned int len; |
750 } tlsextnextprotoctx; | 838 } tlsextnextprotoctx; |
751 | 839 |
752 | |
753 static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len,
void *arg) | 840 static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len,
void *arg) |
754 { | 841 { |
755 tlsextnextprotoctx *next_proto = arg; | 842 tlsextnextprotoctx *next_proto = arg; |
756 | 843 |
757 *data = next_proto->data; | 844 *data = next_proto->data; |
758 *len = next_proto->len; | 845 *len = next_proto->len; |
759 | 846 |
760 return SSL_TLSEXT_ERR_OK; | 847 return SSL_TLSEXT_ERR_OK; |
761 } | 848 } |
762 | 849 # endif /* ndef OPENSSL_NO_NPN */ |
| 850 #endif |
763 | 851 |
764 int MAIN(int, char **); | 852 int MAIN(int, char **); |
765 | 853 |
766 #ifndef OPENSSL_NO_JPAKE | 854 #ifndef OPENSSL_NO_JPAKE |
767 static char *jpake_secret = NULL; | 855 static char *jpake_secret = NULL; |
768 #endif | 856 #endif |
769 | 857 |
770 int MAIN(int argc, char *argv[]) | 858 int MAIN(int argc, char *argv[]) |
771 { | 859 { |
772 » X509_STORE *store = NULL; | 860 » X509_VERIFY_PARAM *vpm = NULL; |
773 » int vflags = 0; | 861 » int badarg = 0; |
774 short port=PORT; | 862 short port=PORT; |
775 char *CApath=NULL,*CAfile=NULL; | 863 char *CApath=NULL,*CAfile=NULL; |
776 unsigned char *context = NULL; | 864 unsigned char *context = NULL; |
777 char *dhfile = NULL; | 865 char *dhfile = NULL; |
778 #ifndef OPENSSL_NO_ECDH | 866 #ifndef OPENSSL_NO_ECDH |
779 char *named_curve = NULL; | 867 char *named_curve = NULL; |
780 #endif | 868 #endif |
781 int badop=0,bugs=0; | 869 int badop=0,bugs=0; |
782 int ret=1; | 870 int ret=1; |
783 int off=0; | 871 int off=0; |
784 int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; | 872 int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; |
785 int state=0; | 873 int state=0; |
786 » SSL_METHOD *meth=NULL; | 874 » const SSL_METHOD *meth=NULL; |
787 int socket_type=SOCK_STREAM; | 875 » int socket_type=SOCK_STREAM; |
788 ENGINE *e=NULL; | 876 ENGINE *e=NULL; |
789 char *inrand=NULL; | 877 char *inrand=NULL; |
790 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; | 878 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; |
791 char *passarg = NULL, *pass = NULL; | 879 char *passarg = NULL, *pass = NULL; |
792 char *dpassarg = NULL, *dpass = NULL; | 880 char *dpassarg = NULL, *dpass = NULL; |
793 int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; | 881 int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; |
794 X509 *s_cert = NULL, *s_dcert = NULL; | 882 X509 *s_cert = NULL, *s_dcert = NULL; |
795 EVP_PKEY *s_key = NULL, *s_dkey = NULL; | 883 EVP_PKEY *s_key = NULL, *s_dkey = NULL; |
796 int no_cache = 0; | 884 int no_cache = 0; |
797 #ifndef OPENSSL_NO_TLSEXT | 885 #ifndef OPENSSL_NO_TLSEXT |
798 EVP_PKEY *s_key2 = NULL; | 886 EVP_PKEY *s_key2 = NULL; |
799 X509 *s_cert2 = NULL; | 887 X509 *s_cert2 = NULL; |
800 #endif | 888 #endif |
801 #ifndef OPENSSL_NO_TLSEXT | 889 #ifndef OPENSSL_NO_TLSEXT |
802 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; | 890 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; |
| 891 # ifndef OPENSSL_NO_NEXTPROTONEG |
803 const char *next_proto_neg_in = NULL; | 892 const char *next_proto_neg_in = NULL; |
804 tlsextnextprotoctx next_proto; | 893 tlsextnextprotoctx next_proto; |
805 » char snapstart = 0; | 894 # endif |
806 #endif | 895 #endif |
807 | 896 #ifndef OPENSSL_NO_PSK |
| 897 » /* by default do not send a PSK identity hint */ |
| 898 » static char *psk_identity_hint=NULL; |
| 899 #endif |
808 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 900 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
809 meth=SSLv23_server_method(); | 901 meth=SSLv23_server_method(); |
810 #elif !defined(OPENSSL_NO_SSL3) | 902 #elif !defined(OPENSSL_NO_SSL3) |
811 meth=SSLv3_server_method(); | 903 meth=SSLv3_server_method(); |
812 #elif !defined(OPENSSL_NO_SSL2) | 904 #elif !defined(OPENSSL_NO_SSL2) |
813 meth=SSLv2_server_method(); | 905 meth=SSLv2_server_method(); |
814 #endif | 906 #endif |
815 | 907 |
816 local_argc=argc; | 908 local_argc=argc; |
817 local_argv=argv; | 909 local_argv=argv; |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
931 { | 1023 { |
932 nocert=1; | 1024 nocert=1; |
933 } | 1025 } |
934 else if (strcmp(*argv,"-CApath") == 0) | 1026 else if (strcmp(*argv,"-CApath") == 0) |
935 { | 1027 { |
936 if (--argc < 1) goto bad; | 1028 if (--argc < 1) goto bad; |
937 CApath= *(++argv); | 1029 CApath= *(++argv); |
938 } | 1030 } |
939 else if (strcmp(*argv,"-no_cache") == 0) | 1031 else if (strcmp(*argv,"-no_cache") == 0) |
940 no_cache = 1; | 1032 no_cache = 1; |
941 » » else if (strcmp(*argv,"-crl_check") == 0) | 1033 » » else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) |
942 { | 1034 { |
943 » » » vflags |= X509_V_FLAG_CRL_CHECK; | 1035 » » » if (badarg) |
| 1036 » » » » goto bad; |
| 1037 » » » continue; |
944 } | 1038 } |
945 » » else if (strcmp(*argv,"-crl_check_all") == 0) | 1039 » » else if (strcmp(*argv,"-verify_return_error") == 0) |
946 » » » { | 1040 » » » verify_return_error = 1; |
947 » » » vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_AL
L; | |
948 » » » } | |
949 else if (strcmp(*argv,"-serverpref") == 0) | 1041 else if (strcmp(*argv,"-serverpref") == 0) |
950 { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } | 1042 { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } |
951 else if (strcmp(*argv,"-legacy_renegotiation") == 0) | 1043 else if (strcmp(*argv,"-legacy_renegotiation") == 0) |
952 off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; | 1044 off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; |
953 else if (strcmp(*argv,"-cipher") == 0) | 1045 else if (strcmp(*argv,"-cipher") == 0) |
954 { | 1046 { |
955 if (--argc < 1) goto bad; | 1047 if (--argc < 1) goto bad; |
956 cipher= *(++argv); | 1048 cipher= *(++argv); |
957 } | 1049 } |
958 else if (strcmp(*argv,"-CAfile") == 0) | 1050 else if (strcmp(*argv,"-CAfile") == 0) |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1015 else if (strcmp(*argv,"-quiet") == 0) | 1107 else if (strcmp(*argv,"-quiet") == 0) |
1016 { s_quiet=1; } | 1108 { s_quiet=1; } |
1017 else if (strcmp(*argv,"-bugs") == 0) | 1109 else if (strcmp(*argv,"-bugs") == 0) |
1018 { bugs=1; } | 1110 { bugs=1; } |
1019 else if (strcmp(*argv,"-no_tmp_rsa") == 0) | 1111 else if (strcmp(*argv,"-no_tmp_rsa") == 0) |
1020 { no_tmp_rsa=1; } | 1112 { no_tmp_rsa=1; } |
1021 else if (strcmp(*argv,"-no_dhe") == 0) | 1113 else if (strcmp(*argv,"-no_dhe") == 0) |
1022 { no_dhe=1; } | 1114 { no_dhe=1; } |
1023 else if (strcmp(*argv,"-no_ecdhe") == 0) | 1115 else if (strcmp(*argv,"-no_ecdhe") == 0) |
1024 { no_ecdhe=1; } | 1116 { no_ecdhe=1; } |
| 1117 #ifndef OPENSSL_NO_PSK |
| 1118 else if (strcmp(*argv,"-psk_hint") == 0) |
| 1119 { |
| 1120 if (--argc < 1) goto bad; |
| 1121 psk_identity_hint= *(++argv); |
| 1122 } |
| 1123 else if (strcmp(*argv,"-psk") == 0) |
| 1124 { |
| 1125 size_t i; |
| 1126 |
| 1127 if (--argc < 1) goto bad; |
| 1128 psk_key=*(++argv); |
| 1129 for (i=0; i<strlen(psk_key); i++) |
| 1130 { |
| 1131 if (isxdigit((int)psk_key[i])) |
| 1132 continue; |
| 1133 BIO_printf(bio_err,"Not a hex number '%s'\n",*ar
gv); |
| 1134 goto bad; |
| 1135 } |
| 1136 } |
| 1137 #endif |
1025 else if (strcmp(*argv,"-www") == 0) | 1138 else if (strcmp(*argv,"-www") == 0) |
1026 { www=1; } | 1139 { www=1; } |
1027 else if (strcmp(*argv,"-WWW") == 0) | 1140 else if (strcmp(*argv,"-WWW") == 0) |
1028 { www=2; } | 1141 { www=2; } |
1029 else if (strcmp(*argv,"-HTTP") == 0) | 1142 else if (strcmp(*argv,"-HTTP") == 0) |
1030 { www=3; } | 1143 { www=3; } |
1031 else if (strcmp(*argv,"-no_ssl2") == 0) | 1144 else if (strcmp(*argv,"-no_ssl2") == 0) |
1032 { off|=SSL_OP_NO_SSLv2; } | 1145 { off|=SSL_OP_NO_SSLv2; } |
1033 else if (strcmp(*argv,"-no_ssl3") == 0) | 1146 else if (strcmp(*argv,"-no_ssl3") == 0) |
1034 { off|=SSL_OP_NO_SSLv3; } | 1147 { off|=SSL_OP_NO_SSLv3; } |
1035 else if (strcmp(*argv,"-no_tls1") == 0) | 1148 else if (strcmp(*argv,"-no_tls1") == 0) |
1036 { off|=SSL_OP_NO_TLSv1; } | 1149 { off|=SSL_OP_NO_TLSv1; } |
| 1150 else if (strcmp(*argv,"-no_comp") == 0) |
| 1151 { off|=SSL_OP_NO_COMPRESSION; } |
1037 #ifndef OPENSSL_NO_TLSEXT | 1152 #ifndef OPENSSL_NO_TLSEXT |
1038 else if (strcmp(*argv,"-no_ticket") == 0) | 1153 else if (strcmp(*argv,"-no_ticket") == 0) |
1039 { off|=SSL_OP_NO_TICKET; } | 1154 { off|=SSL_OP_NO_TICKET; } |
1040 #endif | 1155 #endif |
1041 #ifndef OPENSSL_NO_SSL2 | 1156 #ifndef OPENSSL_NO_SSL2 |
1042 else if (strcmp(*argv,"-ssl2") == 0) | 1157 else if (strcmp(*argv,"-ssl2") == 0) |
1043 { meth=SSLv2_server_method(); } | 1158 { meth=SSLv2_server_method(); } |
1044 #endif | 1159 #endif |
1045 #ifndef OPENSSL_NO_SSL3 | 1160 #ifndef OPENSSL_NO_SSL3 |
1046 else if (strcmp(*argv,"-ssl3") == 0) | 1161 else if (strcmp(*argv,"-ssl3") == 0) |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1094 else if (strcmp(*argv,"-cert2") == 0) | 1209 else if (strcmp(*argv,"-cert2") == 0) |
1095 { | 1210 { |
1096 if (--argc < 1) goto bad; | 1211 if (--argc < 1) goto bad; |
1097 s_cert_file2= *(++argv); | 1212 s_cert_file2= *(++argv); |
1098 } | 1213 } |
1099 else if (strcmp(*argv,"-key2") == 0) | 1214 else if (strcmp(*argv,"-key2") == 0) |
1100 { | 1215 { |
1101 if (--argc < 1) goto bad; | 1216 if (--argc < 1) goto bad; |
1102 s_key_file2= *(++argv); | 1217 s_key_file2= *(++argv); |
1103 } | 1218 } |
| 1219 # ifndef OPENSSL_NO_NEXTPROTONEG |
1104 else if (strcmp(*argv,"-nextprotoneg") == 0) | 1220 else if (strcmp(*argv,"-nextprotoneg") == 0) |
1105 { | 1221 { |
1106 if (--argc < 1) goto bad; | 1222 if (--argc < 1) goto bad; |
1107 next_proto_neg_in = *(++argv); | 1223 next_proto_neg_in = *(++argv); |
1108 } | 1224 } |
1109 » » else if»(strcmp(*argv,"-snapstart") == 0) | 1225 # endif |
1110 » » » { | |
1111 » » » snapstart = 1; | |
1112 » » » } | |
1113 #endif | 1226 #endif |
1114 #ifndef OPENSSL_NO_JPAKE | 1227 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) |
1115 else if (strcmp(*argv,"-jpake") == 0) | 1228 else if (strcmp(*argv,"-jpake") == 0) |
1116 { | 1229 { |
1117 if (--argc < 1) goto bad; | 1230 if (--argc < 1) goto bad; |
1118 jpake_secret = *(++argv); | 1231 jpake_secret = *(++argv); |
1119 } | 1232 } |
1120 #endif | 1233 #endif |
1121 else | 1234 else |
1122 { | 1235 { |
1123 BIO_printf(bio_err,"unknown option %s\n",*argv); | 1236 BIO_printf(bio_err,"unknown option %s\n",*argv); |
1124 badop=1; | 1237 badop=1; |
1125 break; | 1238 break; |
1126 } | 1239 } |
1127 argc--; | 1240 argc--; |
1128 argv++; | 1241 argv++; |
1129 } | 1242 } |
1130 if (badop) | 1243 if (badop) |
1131 { | 1244 { |
1132 bad: | 1245 bad: |
1133 sv_usage(); | 1246 sv_usage(); |
1134 goto end; | 1247 goto end; |
1135 } | 1248 } |
1136 | 1249 |
| 1250 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) |
| 1251 if (jpake_secret) |
| 1252 { |
| 1253 if (psk_key) |
| 1254 { |
| 1255 BIO_printf(bio_err, |
| 1256 "Can't use JPAKE and PSK together\n"); |
| 1257 goto end; |
| 1258 } |
| 1259 psk_identity = "JPAKE"; |
| 1260 if (cipher) |
| 1261 { |
| 1262 BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); |
| 1263 goto end; |
| 1264 } |
| 1265 cipher = "PSK"; |
| 1266 } |
| 1267 |
| 1268 #endif |
| 1269 |
1137 SSL_load_error_strings(); | 1270 SSL_load_error_strings(); |
1138 OpenSSL_add_ssl_algorithms(); | 1271 OpenSSL_add_ssl_algorithms(); |
1139 | 1272 |
1140 #ifndef OPENSSL_NO_ENGINE | 1273 #ifndef OPENSSL_NO_ENGINE |
1141 e = setup_engine(bio_err, engine_id, 1); | 1274 e = setup_engine(bio_err, engine_id, 1); |
1142 #endif | 1275 #endif |
1143 | 1276 |
1144 if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) | 1277 if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) |
1145 { | 1278 { |
1146 BIO_printf(bio_err, "Error getting password\n"); | 1279 BIO_printf(bio_err, "Error getting password\n"); |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1187 | 1320 |
1188 s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format, | 1321 s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format, |
1189 NULL, e, "second server certificate file"); | 1322 NULL, e, "second server certificate file"); |
1190 | 1323 |
1191 if (!s_cert2) | 1324 if (!s_cert2) |
1192 { | 1325 { |
1193 ERR_print_errors(bio_err); | 1326 ERR_print_errors(bio_err); |
1194 goto end; | 1327 goto end; |
1195 } | 1328 } |
1196 } | 1329 } |
1197 | |
1198 if (next_proto_neg_in) | |
1199 { | |
1200 unsigned short len; | |
1201 next_proto.data = next_protos_parse(&len, | |
1202 next_proto_neg_in); | |
1203 if (next_proto.data == NULL) | |
1204 goto end; | |
1205 next_proto.len = len; | |
1206 } | |
1207 else | |
1208 { | |
1209 next_proto.data = NULL; | |
1210 } | |
1211 #endif | 1330 #endif |
1212 } | 1331 } |
| 1332 |
| 1333 |
1213 if (s_dcert_file) | 1334 if (s_dcert_file) |
1214 { | 1335 { |
1215 | 1336 |
1216 if (s_dkey_file == NULL) | 1337 if (s_dkey_file == NULL) |
1217 s_dkey_file = s_dcert_file; | 1338 s_dkey_file = s_dcert_file; |
1218 | 1339 |
1219 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, | 1340 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, |
1220 0, dpass, e, | 1341 0, dpass, e, |
1221 "second certificate private key file"); | 1342 "second certificate private key file"); |
1222 if (!s_dkey) | 1343 if (!s_dkey) |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1321 } | 1442 } |
1322 #endif | 1443 #endif |
1323 | 1444 |
1324 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || | 1445 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || |
1325 (!SSL_CTX_set_default_verify_paths(ctx))) | 1446 (!SSL_CTX_set_default_verify_paths(ctx))) |
1326 { | 1447 { |
1327 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ | 1448 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ |
1328 ERR_print_errors(bio_err); | 1449 ERR_print_errors(bio_err); |
1329 /* goto end; */ | 1450 /* goto end; */ |
1330 } | 1451 } |
1331 » store = SSL_CTX_get_cert_store(ctx); | 1452 » if (vpm) |
1332 » X509_STORE_set_flags(store, vflags); | 1453 » » SSL_CTX_set1_param(ctx, vpm); |
| 1454 |
1333 #ifndef OPENSSL_NO_TLSEXT | 1455 #ifndef OPENSSL_NO_TLSEXT |
1334 if (s_cert2) | 1456 if (s_cert2) |
1335 { | 1457 { |
1336 ctx2=SSL_CTX_new(meth); | 1458 ctx2=SSL_CTX_new(meth); |
1337 if (ctx2 == NULL) | 1459 if (ctx2 == NULL) |
1338 { | 1460 { |
1339 ERR_print_errors(bio_err); | 1461 ERR_print_errors(bio_err); |
1340 goto end; | 1462 goto end; |
1341 } | 1463 } |
1342 } | 1464 } |
(...skipping 15 matching lines...) Expand all Loading... |
1358 BIO_printf(bio_err,"error setting 'id_prefix'\n"
); | 1480 BIO_printf(bio_err,"error setting 'id_prefix'\n"
); |
1359 ERR_print_errors(bio_err); | 1481 ERR_print_errors(bio_err); |
1360 goto end; | 1482 goto end; |
1361 } | 1483 } |
1362 BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_p
refix); | 1484 BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_p
refix); |
1363 } | 1485 } |
1364 SSL_CTX_set_quiet_shutdown(ctx2,1); | 1486 SSL_CTX_set_quiet_shutdown(ctx2,1); |
1365 if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL); | 1487 if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL); |
1366 if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_C
HANGE_BUG); | 1488 if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_C
HANGE_BUG); |
1367 SSL_CTX_set_options(ctx2,off); | 1489 SSL_CTX_set_options(ctx2,off); |
1368 | |
1369 /* DTLS: partial reads end up discarding unread UDP bytes :-( | 1490 /* DTLS: partial reads end up discarding unread UDP bytes :-( |
1370 * Setting read ahead solves this problem. | 1491 * Setting read ahead solves this problem. |
1371 */ | 1492 */ |
1372 if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1); | 1493 if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1); |
1373 | 1494 |
1374 | |
1375 if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback
); | 1495 if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback
); |
1376 | 1496 |
1377 if (no_cache) | 1497 if (no_cache) |
1378 SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF); | 1498 SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF); |
1379 else | 1499 else |
1380 SSL_CTX_sess_set_cache_size(ctx2,128); | 1500 SSL_CTX_sess_set_cache_size(ctx2,128); |
1381 | 1501 |
1382 if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || | 1502 if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || |
1383 (!SSL_CTX_set_default_verify_paths(ctx2))) | 1503 (!SSL_CTX_set_default_verify_paths(ctx2))) |
1384 { | 1504 { |
1385 ERR_print_errors(bio_err); | 1505 ERR_print_errors(bio_err); |
1386 } | 1506 } |
1387 » » store = SSL_CTX_get_cert_store(ctx2); | 1507 » » if (vpm) |
1388 » » X509_STORE_set_flags(store, vflags); | 1508 » » » SSL_CTX_set1_param(ctx2, vpm); |
1389 } | 1509 } |
1390 | 1510 |
| 1511 # ifndef OPENSSL_NO_NEXTPROTONEG |
1391 if (next_proto.data) | 1512 if (next_proto.data) |
1392 { | |
1393 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_
proto); | 1513 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_
proto); |
1394 » » } | 1514 # endif |
1395 #endif | 1515 #endif |
1396 | 1516 |
1397 if (snapstart) | |
1398 { | |
1399 static const unsigned char orbit[8] = {1, 2, 3, 4, 5, 6, 7, 8}; | |
1400 SSL_CTX_set_snap_start_orbit(ctx, orbit); | |
1401 } | |
1402 | |
1403 #ifndef OPENSSL_NO_DH | 1517 #ifndef OPENSSL_NO_DH |
1404 if (!no_dhe) | 1518 if (!no_dhe) |
1405 { | 1519 { |
1406 DH *dh=NULL; | 1520 DH *dh=NULL; |
1407 | 1521 |
1408 if (dhfile) | 1522 if (dhfile) |
1409 dh = load_dh_param(dhfile); | 1523 dh = load_dh_param(dhfile); |
1410 else if (s_cert_file) | 1524 else if (s_cert_file) |
1411 dh = load_dh_param(s_cert_file); | 1525 dh = load_dh_param(s_cert_file); |
1412 | 1526 |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1468 } | 1582 } |
1469 } | 1583 } |
1470 | 1584 |
1471 if (ecdh != NULL) | 1585 if (ecdh != NULL) |
1472 { | 1586 { |
1473 BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); | 1587 BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); |
1474 } | 1588 } |
1475 else | 1589 else |
1476 { | 1590 { |
1477 BIO_printf(bio_s_out,"Using default temp ECDH parameters
\n"); | 1591 BIO_printf(bio_s_out,"Using default temp ECDH parameters
\n"); |
1478 » » » ecdh = EC_KEY_new_by_curve_name(NID_sect163r2); | 1592 » » » ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
1479 if (ecdh == NULL) | 1593 if (ecdh == NULL) |
1480 { | 1594 { |
1481 » » » » BIO_printf(bio_err, "unable to create curve (sec
t163r2)\n"); | 1595 » » » » BIO_printf(bio_err, "unable to create curve (nis
tp256)\n"); |
1482 goto end; | 1596 goto end; |
1483 } | 1597 } |
1484 } | 1598 } |
1485 (void)BIO_flush(bio_s_out); | 1599 (void)BIO_flush(bio_s_out); |
1486 | 1600 |
1487 SSL_CTX_set_tmp_ecdh(ctx,ecdh); | 1601 SSL_CTX_set_tmp_ecdh(ctx,ecdh); |
1488 #ifndef OPENSSL_NO_TLSEXT | 1602 #ifndef OPENSSL_NO_TLSEXT |
1489 if (ctx2) | 1603 if (ctx2) |
1490 SSL_CTX_set_tmp_ecdh(ctx2,ecdh); | 1604 SSL_CTX_set_tmp_ecdh(ctx2,ecdh); |
1491 #endif | 1605 #endif |
(...skipping 14 matching lines...) Expand all Loading... |
1506 } | 1620 } |
1507 | 1621 |
1508 #ifndef OPENSSL_NO_RSA | 1622 #ifndef OPENSSL_NO_RSA |
1509 #if 1 | 1623 #if 1 |
1510 if (!no_tmp_rsa) | 1624 if (!no_tmp_rsa) |
1511 { | 1625 { |
1512 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); | 1626 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); |
1513 #ifndef OPENSSL_NO_TLSEXT | 1627 #ifndef OPENSSL_NO_TLSEXT |
1514 if (ctx2) | 1628 if (ctx2) |
1515 SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); | 1629 SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); |
1516 #endif» | 1630 #endif» » |
1517 } | 1631 } |
1518 #else | 1632 #else |
1519 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) | 1633 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) |
1520 { | 1634 { |
1521 RSA *rsa; | 1635 RSA *rsa; |
1522 | 1636 |
1523 BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); | 1637 BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); |
1524 BIO_flush(bio_s_out); | 1638 BIO_flush(bio_s_out); |
1525 | 1639 |
1526 rsa=RSA_generate_key(512,RSA_F4,NULL); | 1640 rsa=RSA_generate_key(512,RSA_F4,NULL); |
1527 | 1641 |
1528 if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) | 1642 if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) |
1529 { | 1643 { |
1530 ERR_print_errors(bio_err); | 1644 ERR_print_errors(bio_err); |
1531 goto end; | 1645 goto end; |
1532 } | 1646 } |
1533 #ifndef OPENSSL_NO_TLSEXT | 1647 #ifndef OPENSSL_NO_TLSEXT |
1534 if (ctx2) | 1648 if (ctx2) |
1535 { | 1649 { |
1536 if (!SSL_CTX_set_tmp_rsa(ctx2,rsa)) | 1650 if (!SSL_CTX_set_tmp_rsa(ctx2,rsa)) |
1537 { | 1651 { |
1538 ERR_print_errors(bio_err); | 1652 ERR_print_errors(bio_err); |
1539 goto end; | 1653 goto end; |
1540 } | 1654 } |
1541 } | 1655 } |
| 1656 # ifndef OPENSSL_NO_NEXTPROTONEG |
| 1657 if (next_proto_neg_in) |
| 1658 { |
| 1659 unsigned short len; |
| 1660 next_proto.data = next_protos_parse(&len, |
| 1661 next_proto_neg_in); |
| 1662 if (next_proto.data == NULL) |
| 1663 goto end; |
| 1664 next_proto.len = len; |
| 1665 } |
| 1666 else |
| 1667 { |
| 1668 next_proto.data = NULL; |
| 1669 } |
| 1670 # endif |
1542 #endif | 1671 #endif |
1543 RSA_free(rsa); | 1672 RSA_free(rsa); |
1544 BIO_printf(bio_s_out,"\n"); | 1673 BIO_printf(bio_s_out,"\n"); |
1545 } | 1674 } |
1546 #endif | 1675 #endif |
1547 #endif | 1676 #endif |
1548 | 1677 |
1549 » if (cipher != NULL) | 1678 #ifndef OPENSSL_NO_PSK |
1550 » » if(!SSL_CTX_set_cipher_list(ctx,cipher)) { | 1679 #ifdef OPENSSL_NO_JPAKE |
1551 » » BIO_printf(bio_err,"error setting cipher list\n"); | 1680 » if (psk_key != NULL) |
| 1681 #else |
| 1682 » if (psk_key != NULL || jpake_secret) |
| 1683 #endif |
| 1684 » » { |
| 1685 » » if (s_debug) |
| 1686 » » » BIO_printf(bio_s_out, "PSK key given or JPAKE in use, se
tting server callback\n"); |
| 1687 » » SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); |
| 1688 » » } |
| 1689 |
| 1690 » if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) |
| 1691 » » { |
| 1692 » » BIO_printf(bio_err,"error setting PSK identity hint to context\n
"); |
1552 ERR_print_errors(bio_err); | 1693 ERR_print_errors(bio_err); |
1553 goto end; | 1694 goto end; |
| 1695 } |
| 1696 #endif |
| 1697 |
| 1698 if (cipher != NULL) |
| 1699 { |
| 1700 if(!SSL_CTX_set_cipher_list(ctx,cipher)) |
| 1701 { |
| 1702 BIO_printf(bio_err,"error setting cipher list\n"); |
| 1703 ERR_print_errors(bio_err); |
| 1704 goto end; |
| 1705 } |
1554 #ifndef OPENSSL_NO_TLSEXT | 1706 #ifndef OPENSSL_NO_TLSEXT |
1555 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher)) | 1707 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher)) |
1556 { | 1708 { |
1557 BIO_printf(bio_err,"error setting cipher list\n"); | 1709 BIO_printf(bio_err,"error setting cipher list\n"); |
1558 ERR_print_errors(bio_err); | 1710 ERR_print_errors(bio_err); |
1559 goto end; | 1711 goto end; |
1560 } | 1712 } |
1561 #endif | 1713 #endif |
1562 » } | 1714 » » } |
1563 SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); | 1715 SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); |
1564 SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, | 1716 SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, |
1565 sizeof s_server_session_id_context); | 1717 sizeof s_server_session_id_context); |
1566 | 1718 |
1567 /* Set DTLS cookie generation and verification callbacks */ | 1719 /* Set DTLS cookie generation and verification callbacks */ |
1568 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); | 1720 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); |
1569 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); | 1721 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); |
1570 | 1722 |
1571 #ifndef OPENSSL_NO_TLSEXT | 1723 #ifndef OPENSSL_NO_TLSEXT |
1572 if (ctx2) | 1724 if (ctx2) |
1573 { | 1725 { |
1574 SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback); | 1726 SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback); |
1575 SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_
context, | 1727 SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_
context, |
1576 sizeof s_server_session_id_context); | 1728 sizeof s_server_session_id_context); |
1577 | 1729 |
1578 tlsextcbp.biodebug = bio_s_out; | 1730 tlsextcbp.biodebug = bio_s_out; |
1579 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); | 1731 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); |
1580 SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); | 1732 SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); |
1581 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); | 1733 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
1582 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); | 1734 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); |
1583 } | 1735 } |
1584 #endif | 1736 #endif |
| 1737 |
1585 if (CAfile != NULL) | 1738 if (CAfile != NULL) |
1586 { | 1739 { |
1587 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); | 1740 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); |
1588 #ifndef OPENSSL_NO_TLSEXT | 1741 #ifndef OPENSSL_NO_TLSEXT |
1589 if (ctx2) | 1742 if (ctx2) |
1590 SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(
CAfile)); | 1743 SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(
CAfile)); |
1591 #endif | 1744 #endif |
1592 } | 1745 } |
| 1746 |
1593 BIO_printf(bio_s_out,"ACCEPT\n"); | 1747 BIO_printf(bio_s_out,"ACCEPT\n"); |
| 1748 (void)BIO_flush(bio_s_out); |
1594 if (www) | 1749 if (www) |
1595 do_server(port,socket_type,&accept_socket,www_body, context); | 1750 do_server(port,socket_type,&accept_socket,www_body, context); |
1596 else | 1751 else |
1597 do_server(port,socket_type,&accept_socket,sv_body, context); | 1752 do_server(port,socket_type,&accept_socket,sv_body, context); |
1598 print_stats(bio_s_out,ctx); | 1753 print_stats(bio_s_out,ctx); |
1599 ret=0; | 1754 ret=0; |
1600 end: | 1755 end: |
1601 if (ctx != NULL) SSL_CTX_free(ctx); | 1756 if (ctx != NULL) SSL_CTX_free(ctx); |
1602 if (s_cert) | 1757 if (s_cert) |
1603 X509_free(s_cert); | 1758 X509_free(s_cert); |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1655 static int sv_body(char *hostname, int s, unsigned char *context) | 1810 static int sv_body(char *hostname, int s, unsigned char *context) |
1656 { | 1811 { |
1657 char *buf=NULL; | 1812 char *buf=NULL; |
1658 fd_set readfds; | 1813 fd_set readfds; |
1659 int ret=1,width; | 1814 int ret=1,width; |
1660 int k,i; | 1815 int k,i; |
1661 unsigned long l; | 1816 unsigned long l; |
1662 SSL *con=NULL; | 1817 SSL *con=NULL; |
1663 BIO *sbio; | 1818 BIO *sbio; |
1664 struct timeval timeout; | 1819 struct timeval timeout; |
1665 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) | 1820 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) |
1666 struct timeval tv; | 1821 struct timeval tv; |
1667 #else | 1822 #else |
1668 struct timeval *timeoutp; | 1823 struct timeval *timeoutp; |
1669 #endif | 1824 #endif |
1670 | 1825 |
1671 if ((buf=OPENSSL_malloc(bufsize)) == NULL) | 1826 if ((buf=OPENSSL_malloc(bufsize)) == NULL) |
1672 { | 1827 { |
1673 BIO_printf(bio_err,"out of memory\n"); | 1828 BIO_printf(bio_err,"out of memory\n"); |
1674 goto err; | 1829 goto err; |
1675 } | 1830 } |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1707 KRB5SVC); | 1862 KRB5SVC); |
1708 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, | 1863 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, |
1709 KRB5KEYTAB); | 1864 KRB5KEYTAB); |
1710 } | 1865 } |
1711 #endif /* OPENSSL_NO_KRB5 */ | 1866 #endif /* OPENSSL_NO_KRB5 */ |
1712 if(context) | 1867 if(context) |
1713 SSL_set_session_id_context(con, context, | 1868 SSL_set_session_id_context(con, context, |
1714 strlen((char *)context)); | 1869 strlen((char *)context)); |
1715 } | 1870 } |
1716 SSL_clear(con); | 1871 SSL_clear(con); |
| 1872 #if 0 |
| 1873 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 1874 SSL_set_tlsext_opaque_prf_input(con, "Test server", 11); |
| 1875 #endif |
| 1876 #endif |
1717 | 1877 |
1718 if (SSL_version(con) == DTLS1_VERSION) | 1878 if (SSL_version(con) == DTLS1_VERSION) |
1719 { | 1879 { |
1720 | 1880 |
1721 sbio=BIO_new_dgram(s,BIO_NOCLOSE); | 1881 sbio=BIO_new_dgram(s,BIO_NOCLOSE); |
1722 | 1882 |
1723 » » if ( enable_timeouts) | 1883 » » if (enable_timeouts) |
1724 { | 1884 { |
1725 timeout.tv_sec = 0; | 1885 timeout.tv_sec = 0; |
1726 timeout.tv_usec = DGRAM_RCV_TIMEOUT; | 1886 timeout.tv_usec = DGRAM_RCV_TIMEOUT; |
1727 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &time
out); | 1887 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &time
out); |
1728 | 1888 |
1729 timeout.tv_sec = 0; | 1889 timeout.tv_sec = 0; |
1730 timeout.tv_usec = DGRAM_SND_TIMEOUT; | 1890 timeout.tv_usec = DGRAM_SND_TIMEOUT; |
1731 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &time
out); | 1891 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &time
out); |
1732 } | 1892 } |
1733 | 1893 |
1734 | |
1735 if (socket_mtu > 28) | 1894 if (socket_mtu > 28) |
1736 { | 1895 { |
1737 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); | 1896 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); |
1738 SSL_set_mtu(con, socket_mtu - 28); | 1897 SSL_set_mtu(con, socket_mtu - 28); |
1739 } | 1898 } |
1740 else | 1899 else |
1741 /* want to do MTU discovery */ | 1900 /* want to do MTU discovery */ |
1742 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); | 1901 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); |
1743 | 1902 |
1744 /* turn on cookie exchange */ | 1903 /* turn on cookie exchange */ |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1787 { | 1946 { |
1788 int read_from_terminal; | 1947 int read_from_terminal; |
1789 int read_from_sslcon; | 1948 int read_from_sslcon; |
1790 | 1949 |
1791 read_from_terminal = 0; | 1950 read_from_terminal = 0; |
1792 read_from_sslcon = SSL_pending(con); | 1951 read_from_sslcon = SSL_pending(con); |
1793 | 1952 |
1794 if (!read_from_sslcon) | 1953 if (!read_from_sslcon) |
1795 { | 1954 { |
1796 FD_ZERO(&readfds); | 1955 FD_ZERO(&readfds); |
1797 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPE
NSSL_SYS_NETWARE) | 1956 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPE
NSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5) |
1798 » » » FD_SET(fileno(stdin),&readfds); | 1957 » » » openssl_fdset(fileno(stdin),&readfds); |
1799 #endif | 1958 #endif |
1800 » » » FD_SET(s,&readfds); | 1959 » » » openssl_fdset(s,&readfds); |
1801 /* Note: under VMS with SOCKETSHR the second parameter i
s | 1960 /* Note: under VMS with SOCKETSHR the second parameter i
s |
1802 * currently of type (int *) whereas under other systems | 1961 * currently of type (int *) whereas under other systems |
1803 * it is (void *) if you don't have a cast it will choke | 1962 * it is (void *) if you don't have a cast it will choke |
1804 * the compiler: if you do have a cast then you can eith
er | 1963 * the compiler: if you do have a cast then you can eith
er |
1805 * go for (int *) or (void *). | 1964 * go for (int *) or (void *). |
1806 */ | 1965 */ |
1807 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) | 1966 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSS
L_SYS_NETWARE) |
1808 /* Under DOS (non-djgpp) and Windows we can't select on
stdin: only | 1967 /* Under DOS (non-djgpp) and Windows we can't select on
stdin: only |
1809 * on sockets. As a workaround we timeout the select eve
ry | 1968 * on sockets. As a workaround we timeout the select eve
ry |
1810 * second and check for any keypress. In a proper Window
s | 1969 * second and check for any keypress. In a proper Window
s |
1811 * application we wouldn't do this because it is ineffic
ient. | 1970 * application we wouldn't do this because it is ineffic
ient. |
1812 */ | 1971 */ |
1813 tv.tv_sec = 1; | 1972 tv.tv_sec = 1; |
1814 tv.tv_usec = 0; | 1973 tv.tv_usec = 0; |
1815 i=select(width,(void *)&readfds,NULL,NULL,&tv); | 1974 i=select(width,(void *)&readfds,NULL,NULL,&tv); |
1816 if((i < 0) || (!i && !_kbhit() ) )continue; | 1975 if((i < 0) || (!i && !_kbhit() ) )continue; |
1817 if(_kbhit()) | 1976 if(_kbhit()) |
1818 read_from_terminal = 1; | 1977 read_from_terminal = 1; |
| 1978 #elif defined(OPENSSL_SYS_BEOS_R5) |
| 1979 /* Under BeOS-R5 the situation is similar to DOS */ |
| 1980 tv.tv_sec = 1; |
| 1981 tv.tv_usec = 0; |
| 1982 (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); |
| 1983 i=select(width,(void *)&readfds,NULL,NULL,&tv); |
| 1984 if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0)) |
| 1985 continue; |
| 1986 if (read(fileno(stdin), buf, 0) >= 0) |
| 1987 read_from_terminal = 1; |
| 1988 (void)fcntl(fileno(stdin), F_SETFL, 0); |
1819 #else | 1989 #else |
1820 if ((SSL_version(con) == DTLS1_VERSION) && | 1990 if ((SSL_version(con) == DTLS1_VERSION) && |
1821 DTLSv1_get_timeout(con, &timeout)) | 1991 DTLSv1_get_timeout(con, &timeout)) |
1822 timeoutp = &timeout; | 1992 timeoutp = &timeout; |
1823 else | 1993 else |
1824 timeoutp = NULL; | 1994 timeoutp = NULL; |
1825 | 1995 |
1826 i=select(width,(void *)&readfds,NULL,NULL,timeoutp); | 1996 i=select(width,(void *)&readfds,NULL,NULL,timeoutp); |
1827 | 1997 |
1828 if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle
_timeout(con) > 0) | 1998 if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle
_timeout(con) > 0) |
1829 { | 1999 { |
1830 BIO_printf(bio_err,"TIMEOUT occured\n"); | 2000 BIO_printf(bio_err,"TIMEOUT occured\n"); |
1831 } | 2001 } |
1832 | 2002 |
1833 if (i <= 0) continue; | 2003 if (i <= 0) continue; |
1834 if (FD_ISSET(fileno(stdin),&readfds)) | 2004 if (FD_ISSET(fileno(stdin),&readfds)) |
1835 read_from_terminal = 1; | 2005 read_from_terminal = 1; |
1836 #endif | 2006 #endif |
1837 if (FD_ISSET(s,&readfds)) | 2007 if (FD_ISSET(s,&readfds)) |
1838 read_from_sslcon = 1; | 2008 read_from_sslcon = 1; |
1839 } | 2009 } |
1840 if (read_from_terminal) | 2010 if (read_from_terminal) |
1841 { | 2011 { |
1842 if (s_crlf) | 2012 if (s_crlf) |
1843 { | 2013 { |
1844 int j, lf_num; | 2014 int j, lf_num; |
1845 | 2015 |
1846 » » » » i=read(fileno(stdin), buf, bufsize/2); | 2016 » » » » i=raw_read_stdin(buf, bufsize/2); |
1847 lf_num = 0; | 2017 lf_num = 0; |
1848 /* both loops are skipped when i <= 0 */ | 2018 /* both loops are skipped when i <= 0 */ |
1849 for (j = 0; j < i; j++) | 2019 for (j = 0; j < i; j++) |
1850 if (buf[j] == '\n') | 2020 if (buf[j] == '\n') |
1851 lf_num++; | 2021 lf_num++; |
1852 for (j = i-1; j >= 0; j--) | 2022 for (j = i-1; j >= 0; j--) |
1853 { | 2023 { |
1854 buf[j+lf_num] = buf[j]; | 2024 buf[j+lf_num] = buf[j]; |
1855 if (buf[j] == '\n') | 2025 if (buf[j] == '\n') |
1856 { | 2026 { |
1857 lf_num--; | 2027 lf_num--; |
1858 i++; | 2028 i++; |
1859 buf[j+lf_num] = '\r'; | 2029 buf[j+lf_num] = '\r'; |
1860 } | 2030 } |
1861 } | 2031 } |
1862 assert(lf_num == 0); | 2032 assert(lf_num == 0); |
1863 } | 2033 } |
1864 else | 2034 else |
1865 » » » » i=read(fileno(stdin),buf,bufsize); | 2035 » » » » i=raw_read_stdin(buf,bufsize); |
1866 if (!s_quiet) | 2036 if (!s_quiet) |
1867 { | 2037 { |
1868 if ((i <= 0) || (buf[0] == 'Q')) | 2038 if ((i <= 0) || (buf[0] == 'Q')) |
1869 { | 2039 { |
1870 BIO_printf(bio_s_out,"DONE\n"); | 2040 BIO_printf(bio_s_out,"DONE\n"); |
1871 SHUTDOWN(s); | 2041 SHUTDOWN(s); |
1872 close_accept_socket(); | 2042 close_accept_socket(); |
1873 ret= -11; | 2043 ret= -11; |
1874 goto err; | 2044 goto err; |
1875 } | 2045 } |
1876 if ((i <= 0) || (buf[0] == 'q')) | 2046 if ((i <= 0) || (buf[0] == 'q')) |
1877 { | 2047 { |
1878 BIO_printf(bio_s_out,"DONE\n"); | 2048 BIO_printf(bio_s_out,"DONE\n"); |
1879 if (SSL_version(con) != DTLS1_VERSION) | 2049 if (SSL_version(con) != DTLS1_VERSION) |
1880 SHUTDOWN(s); | 2050 SHUTDOWN(s); |
1881 /* close_accept_socket(); | 2051 /* close_accept_socket(); |
1882 ret= -11;*/ | 2052 ret= -11;*/ |
1883 goto err; | 2053 goto err; |
1884 } | 2054 } |
| 2055 |
1885 if ((buf[0] == 'r') && | 2056 if ((buf[0] == 'r') && |
1886 ((buf[1] == '\n') || (buf[1] == '\r'))) | 2057 ((buf[1] == '\n') || (buf[1] == '\r'))) |
1887 { | 2058 { |
1888 SSL_renegotiate(con); | 2059 SSL_renegotiate(con); |
1889 i=SSL_do_handshake(con); | 2060 i=SSL_do_handshake(con); |
1890 printf("SSL_do_handshake -> %d\n",i); | 2061 printf("SSL_do_handshake -> %d\n",i); |
1891 i=0; /*13; */ | 2062 i=0; /*13; */ |
1892 continue; | 2063 continue; |
1893 /* strcpy(buf,"server side RE-NEGOTIATE\
n"); */ | 2064 /* strcpy(buf,"server side RE-NEGOTIATE\
n"); */ |
1894 } | 2065 } |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1971 else | 2142 else |
1972 { | 2143 { |
1973 again: | 2144 again: |
1974 i=SSL_read(con,(char *)buf,bufsize); | 2145 i=SSL_read(con,(char *)buf,bufsize); |
1975 switch (SSL_get_error(con,i)) | 2146 switch (SSL_get_error(con,i)) |
1976 { | 2147 { |
1977 case SSL_ERROR_NONE: | 2148 case SSL_ERROR_NONE: |
1978 #ifdef CHARSET_EBCDIC | 2149 #ifdef CHARSET_EBCDIC |
1979 ascii2ebcdic(buf,buf,i); | 2150 ascii2ebcdic(buf,buf,i); |
1980 #endif | 2151 #endif |
1981 » » » » » write(fileno(stdout),buf, | 2152 » » » » » raw_write_stdout(buf, |
1982 (unsigned int)i); | 2153 (unsigned int)i); |
1983 if (SSL_pending(con)) goto again; | 2154 if (SSL_pending(con)) goto again; |
1984 break; | 2155 break; |
1985 case SSL_ERROR_WANT_WRITE: | 2156 case SSL_ERROR_WANT_WRITE: |
1986 case SSL_ERROR_WANT_READ: | 2157 case SSL_ERROR_WANT_READ: |
1987 case SSL_ERROR_WANT_X509_LOOKUP: | 2158 case SSL_ERROR_WANT_X509_LOOKUP: |
1988 BIO_printf(bio_s_out,"Read BLOCK\n"); | 2159 BIO_printf(bio_s_out,"Read BLOCK\n"); |
1989 break; | 2160 break; |
1990 case SSL_ERROR_SYSCALL: | 2161 case SSL_ERROR_SYSCALL: |
1991 case SSL_ERROR_SSL: | 2162 case SSL_ERROR_SSL: |
1992 BIO_printf(bio_s_out,"ERROR\n"); | 2163 BIO_printf(bio_s_out,"ERROR\n"); |
1993 ERR_print_errors(bio_err); | 2164 ERR_print_errors(bio_err); |
1994 ret=1; | 2165 ret=1; |
1995 goto err; | 2166 goto err; |
1996 case SSL_ERROR_ZERO_RETURN: | 2167 case SSL_ERROR_ZERO_RETURN: |
1997 BIO_printf(bio_s_out,"DONE\n"); | 2168 BIO_printf(bio_s_out,"DONE\n"); |
1998 ret=1; | 2169 ret=1; |
1999 goto err; | 2170 goto err; |
2000 } | 2171 } |
2001 } | 2172 } |
2002 } | 2173 } |
2003 } | 2174 } |
2004 err: | 2175 err: |
2005 » BIO_printf(bio_s_out,"shutting down SSL\n"); | 2176 » if (con != NULL) |
| 2177 » » { |
| 2178 » » BIO_printf(bio_s_out,"shutting down SSL\n"); |
2006 #if 1 | 2179 #if 1 |
2007 » SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); | 2180 » » SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); |
2008 #else | 2181 #else |
2009 » SSL_shutdown(con); | 2182 » » SSL_shutdown(con); |
2010 #endif | 2183 #endif |
2011 » if (con != NULL) SSL_free(con); | 2184 » » SSL_free(con); |
| 2185 » » } |
2012 BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); | 2186 BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); |
2013 if (buf != NULL) | 2187 if (buf != NULL) |
2014 { | 2188 { |
2015 OPENSSL_cleanse(buf,bufsize); | 2189 OPENSSL_cleanse(buf,bufsize); |
2016 OPENSSL_free(buf); | 2190 OPENSSL_free(buf); |
2017 } | 2191 } |
2018 if (ret >= 0) | 2192 if (ret >= 0) |
2019 BIO_printf(bio_s_out,"ACCEPT\n"); | 2193 BIO_printf(bio_s_out,"ACCEPT\n"); |
2020 return(ret); | 2194 return(ret); |
2021 } | 2195 } |
2022 | 2196 |
2023 static void close_accept_socket(void) | 2197 static void close_accept_socket(void) |
2024 { | 2198 { |
2025 BIO_printf(bio_err,"shutdown accept socket\n"); | 2199 BIO_printf(bio_err,"shutdown accept socket\n"); |
2026 if (accept_socket >= 0) | 2200 if (accept_socket >= 0) |
2027 { | 2201 { |
2028 SHUTDOWN2(accept_socket); | 2202 SHUTDOWN2(accept_socket); |
2029 } | 2203 } |
2030 } | 2204 } |
2031 | 2205 |
2032 static int init_ssl_connection(SSL *con) | 2206 static int init_ssl_connection(SSL *con) |
2033 { | 2207 { |
2034 int i; | 2208 int i; |
2035 const char *str; | 2209 const char *str; |
2036 X509 *peer; | 2210 X509 *peer; |
2037 long verify_error; | 2211 long verify_error; |
2038 MS_STATIC char buf[BUFSIZ]; | 2212 MS_STATIC char buf[BUFSIZ]; |
2039 #ifndef OPENSSL_NO_TLSEXT | 2213 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
2040 const unsigned char *next_proto_neg; | 2214 const unsigned char *next_proto_neg; |
2041 unsigned next_proto_neg_len; | 2215 unsigned next_proto_neg_len; |
2042 #endif | 2216 #endif |
2043 | 2217 |
2044 again: | |
2045 if ((i=SSL_accept(con)) <= 0) | 2218 if ((i=SSL_accept(con)) <= 0) |
2046 { | 2219 { |
2047 if (BIO_sock_should_retry(i)) | 2220 if (BIO_sock_should_retry(i)) |
2048 { | 2221 { |
2049 BIO_printf(bio_s_out,"DELAY\n"); | 2222 BIO_printf(bio_s_out,"DELAY\n"); |
2050 return(1); | 2223 return(1); |
2051 } | 2224 } |
2052 | 2225 |
2053 if (SSL_get_error(con, i) == SSL_ERROR_SERVER_RANDOM_VALIDATION_
PENDING) | |
2054 { | |
2055 SSL_set_suggested_server_random_validity(con, 1); | |
2056 goto again; | |
2057 } | |
2058 | |
2059 BIO_printf(bio_err,"ERROR\n"); | 2226 BIO_printf(bio_err,"ERROR\n"); |
2060 verify_error=SSL_get_verify_result(con); | 2227 verify_error=SSL_get_verify_result(con); |
2061 if (verify_error != X509_V_OK) | 2228 if (verify_error != X509_V_OK) |
2062 { | 2229 { |
2063 BIO_printf(bio_err,"verify error:%s\n", | 2230 BIO_printf(bio_err,"verify error:%s\n", |
2064 X509_verify_cert_error_string(verify_error)); | 2231 X509_verify_cert_error_string(verify_error)); |
2065 } | 2232 } |
2066 else | 2233 else |
2067 ERR_print_errors(bio_err); | 2234 ERR_print_errors(bio_err); |
2068 return(0); | 2235 return(0); |
(...skipping 10 matching lines...) Expand all Loading... |
2079 BIO_printf(bio_s_out,"subject=%s\n",buf); | 2246 BIO_printf(bio_s_out,"subject=%s\n",buf); |
2080 X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); | 2247 X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); |
2081 BIO_printf(bio_s_out,"issuer=%s\n",buf); | 2248 BIO_printf(bio_s_out,"issuer=%s\n",buf); |
2082 X509_free(peer); | 2249 X509_free(peer); |
2083 } | 2250 } |
2084 | 2251 |
2085 if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) | 2252 if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) |
2086 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); | 2253 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); |
2087 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); | 2254 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); |
2088 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); | 2255 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); |
2089 #ifndef OPENSSL_NO_TLSEXT | 2256 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
2090 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len
); | 2257 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len
); |
2091 » if (next_proto_neg) { | 2258 » if (next_proto_neg) |
| 2259 » » { |
2092 BIO_printf(bio_s_out,"NEXTPROTO is "); | 2260 BIO_printf(bio_s_out,"NEXTPROTO is "); |
2093 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); | 2261 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); |
2094 BIO_printf(bio_s_out, "\n"); | 2262 BIO_printf(bio_s_out, "\n"); |
2095 » } | 2263 » » } |
2096 #endif | 2264 #endif |
2097 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); | 2265 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); |
2098 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & | 2266 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & |
2099 TLS1_FLAGS_TLS_PADDING_BUG) | 2267 TLS1_FLAGS_TLS_PADDING_BUG) |
2100 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n")
; | 2268 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n")
; |
2101 #ifndef OPENSSL_NO_KRB5 | 2269 #ifndef OPENSSL_NO_KRB5 |
2102 if (con->kssl_ctx->client_princ != NULL) | 2270 if (con->kssl_ctx->client_princ != NULL) |
2103 { | 2271 { |
2104 BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", | 2272 BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", |
2105 con->kssl_ctx->client_princ); | 2273 con->kssl_ctx->client_princ); |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2143 if (x != NULL) X509_free(x); | 2311 if (x != NULL) X509_free(x); |
2144 fclose(in); | 2312 fclose(in); |
2145 return(1); | 2313 return(1); |
2146 } | 2314 } |
2147 #endif | 2315 #endif |
2148 | 2316 |
2149 static int www_body(char *hostname, int s, unsigned char *context) | 2317 static int www_body(char *hostname, int s, unsigned char *context) |
2150 { | 2318 { |
2151 char *buf=NULL; | 2319 char *buf=NULL; |
2152 int ret=1; | 2320 int ret=1; |
2153 » int i,j,k,blank,dot; | 2321 » int i,j,k,dot; |
2154 » struct stat st_buf; | |
2155 SSL *con; | 2322 SSL *con; |
2156 » SSL_CIPHER *c; | 2323 » const SSL_CIPHER *c; |
2157 BIO *io,*ssl_bio,*sbio; | 2324 BIO *io,*ssl_bio,*sbio; |
2158 long total_bytes; | |
2159 | 2325 |
2160 buf=OPENSSL_malloc(bufsize); | 2326 buf=OPENSSL_malloc(bufsize); |
2161 if (buf == NULL) return(0); | 2327 if (buf == NULL) return(0); |
2162 io=BIO_new(BIO_f_buffer()); | 2328 io=BIO_new(BIO_f_buffer()); |
2163 ssl_bio=BIO_new(BIO_f_ssl()); | 2329 ssl_bio=BIO_new(BIO_f_ssl()); |
2164 if ((io == NULL) || (ssl_bio == NULL)) goto err; | 2330 if ((io == NULL) || (ssl_bio == NULL)) goto err; |
2165 | 2331 |
2166 #ifdef FIONBIO | 2332 #ifdef FIONBIO |
2167 if (s_nbio) | 2333 if (s_nbio) |
2168 { | 2334 { |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2219 con->debug=1; | 2385 con->debug=1; |
2220 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); | 2386 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); |
2221 BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); | 2387 BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); |
2222 } | 2388 } |
2223 if (s_msg) | 2389 if (s_msg) |
2224 { | 2390 { |
2225 SSL_set_msg_callback(con, msg_cb); | 2391 SSL_set_msg_callback(con, msg_cb); |
2226 SSL_set_msg_callback_arg(con, bio_s_out); | 2392 SSL_set_msg_callback_arg(con, bio_s_out); |
2227 } | 2393 } |
2228 | 2394 |
2229 blank=0; | |
2230 for (;;) | 2395 for (;;) |
2231 { | 2396 { |
2232 if (hack) | 2397 if (hack) |
2233 { | 2398 { |
2234 i=SSL_accept(con); | 2399 i=SSL_accept(con); |
2235 | 2400 |
2236 switch (SSL_get_error(con,i)) | 2401 switch (SSL_get_error(con,i)) |
2237 { | 2402 { |
2238 case SSL_ERROR_NONE: | 2403 case SSL_ERROR_NONE: |
2239 break; | 2404 break; |
2240 case SSL_ERROR_WANT_WRITE: | 2405 case SSL_ERROR_WANT_WRITE: |
2241 case SSL_ERROR_WANT_READ: | 2406 case SSL_ERROR_WANT_READ: |
2242 case SSL_ERROR_WANT_X509_LOOKUP: | 2407 case SSL_ERROR_WANT_X509_LOOKUP: |
2243 continue; | 2408 continue; |
2244 case SSL_ERROR_SERVER_RANDOM_VALIDATION_PENDING: | |
2245 SSL_set_suggested_server_random_validity(con, 1)
; | |
2246 continue; | |
2247 case SSL_ERROR_SYSCALL: | 2409 case SSL_ERROR_SYSCALL: |
2248 case SSL_ERROR_SSL: | 2410 case SSL_ERROR_SSL: |
2249 case SSL_ERROR_ZERO_RETURN: | 2411 case SSL_ERROR_ZERO_RETURN: |
2250 ret=1; | 2412 ret=1; |
2251 goto err; | 2413 goto err; |
2252 /* break; */ | 2414 /* break; */ |
2253 } | 2415 } |
2254 | 2416 |
2255 SSL_renegotiate(con); | 2417 SSL_renegotiate(con); |
2256 SSL_write(con,NULL,0); | 2418 SSL_write(con,NULL,0); |
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2419 break; | 2581 break; |
2420 } | 2582 } |
2421 | 2583 |
2422 #if 0 | 2584 #if 0 |
2423 /* append if a directory lookup */ | 2585 /* append if a directory lookup */ |
2424 if (e[-1] == '/') | 2586 if (e[-1] == '/') |
2425 strcat(p,"index.html"); | 2587 strcat(p,"index.html"); |
2426 #endif | 2588 #endif |
2427 | 2589 |
2428 /* if a directory, do the index thang */ | 2590 /* if a directory, do the index thang */ |
2429 » » » if (stat(p,&st_buf) < 0) | 2591 » » » if (app_isdir(p)>0) |
2430 » » » » { | |
2431 » » » » BIO_puts(io,text); | |
2432 » » » » BIO_printf(io,"Error accessing '%s'\r\n",p); | |
2433 » » » » ERR_print_errors(io); | |
2434 » » » » break; | |
2435 » » » » } | |
2436 » » » if (S_ISDIR(st_buf.st_mode)) | |
2437 { | 2592 { |
2438 #if 0 /* must check buffer size */ | 2593 #if 0 /* must check buffer size */ |
2439 strcat(p,"/index.html"); | 2594 strcat(p,"/index.html"); |
2440 #else | 2595 #else |
2441 BIO_puts(io,text); | 2596 BIO_puts(io,text); |
2442 BIO_printf(io,"'%s' is a directory\r\n",p); | 2597 BIO_printf(io,"'%s' is a directory\r\n",p); |
2443 break; | 2598 break; |
2444 #endif | 2599 #endif |
2445 } | 2600 } |
2446 | 2601 |
(...skipping 12 matching lines...) Expand all Loading... |
2459 { | 2614 { |
2460 i=strlen(p); | 2615 i=strlen(p); |
2461 if ( ((i > 5) && (strcmp(&(p[i-5]),".html") =
= 0)) || | 2616 if ( ((i > 5) && (strcmp(&(p[i-5]),".html") =
= 0)) || |
2462 ((i > 4) && (strcmp(&(p[i-4]),".php") ==
0)) || | 2617 ((i > 4) && (strcmp(&(p[i-4]),".php") ==
0)) || |
2463 ((i > 4) && (strcmp(&(p[i-4]),".htm") ==
0))) | 2618 ((i > 4) && (strcmp(&(p[i-4]),".htm") ==
0))) |
2464 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-
type: text/html\r\n\r\n"); | 2619 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-
type: text/html\r\n\r\n"); |
2465 else | 2620 else |
2466 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-
type: text/plain\r\n\r\n"); | 2621 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-
type: text/plain\r\n\r\n"); |
2467 } | 2622 } |
2468 /* send the file */ | 2623 /* send the file */ |
2469 total_bytes=0; | |
2470 for (;;) | 2624 for (;;) |
2471 { | 2625 { |
2472 i=BIO_read(file,buf,bufsize); | 2626 i=BIO_read(file,buf,bufsize); |
2473 if (i <= 0) break; | 2627 if (i <= 0) break; |
2474 | 2628 |
2475 #ifdef RENEG | 2629 #ifdef RENEG |
2476 total_bytes+=i; | 2630 total_bytes+=i; |
2477 fprintf(stderr,"%d\n",i); | 2631 fprintf(stderr,"%d\n",i); |
2478 if (total_bytes > 3*1024) | 2632 if (total_bytes > 3*1024) |
2479 { | 2633 { |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2589 memcpy(id, session_id_prefix, | 2743 memcpy(id, session_id_prefix, |
2590 (strlen(session_id_prefix) < *id_len) ? | 2744 (strlen(session_id_prefix) < *id_len) ? |
2591 strlen(session_id_prefix) : *id_len); | 2745 strlen(session_id_prefix) : *id_len); |
2592 } | 2746 } |
2593 while(SSL_has_matching_session_id(ssl, id, *id_len) && | 2747 while(SSL_has_matching_session_id(ssl, id, *id_len) && |
2594 (++count < MAX_SESSION_ID_ATTEMPTS)); | 2748 (++count < MAX_SESSION_ID_ATTEMPTS)); |
2595 if(count >= MAX_SESSION_ID_ATTEMPTS) | 2749 if(count >= MAX_SESSION_ID_ATTEMPTS) |
2596 return 0; | 2750 return 0; |
2597 return 1; | 2751 return 1; |
2598 } | 2752 } |
OLD | NEW |