openssl/apps/s_server.c - Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with.

Side by Side Diff: openssl/apps/s_server.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/

Patch Set: '' Created 8 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 /* apps/s_server.c */	1 /* apps/s_server.c */

2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

3 * All rights reserved.	3 * All rights reserved.

4 *	4 *

5 * This package is an SSL implementation written	5 * This package is an SSL implementation written

6 * by Eric Young (eay@cryptsoft.com).	6 * by Eric Young (eay@cryptsoft.com).

7 * The implementation was written so as to conform with Netscapes SSL.	7 * The implementation was written so as to conform with Netscapes SSL.

8 *	8 *

9 * This library is free for commercial and non-commercial use as long as	9 * This library is free for commercial and non-commercial use as long as

10 * the following conditions are aheared to. The following conditions	10 * the following conditions are aheared to. The following conditions

(...skipping 38 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY	49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

51 * SUCH DAMAGE.	51 * SUCH DAMAGE.

52 *	52 *

53 * The licence and distribution terms for any publically available version or	53 * The licence and distribution terms for any publically available version or

54 * derivative of this code cannot be changed. i.e. this code cannot simply be	54 * derivative of this code cannot be changed. i.e. this code cannot simply be

55 * copied and put under another distribution licence	55 * copied and put under another distribution licence

56 * [including the GNU Public Licence.]	56 * [including the GNU Public Licence.]

57 */	57 */

58 /* ====================================================================	58 /* ====================================================================

59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.	59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.

60 *	60 *

61 * Redistribution and use in source and binary forms, with or without	61 * Redistribution and use in source and binary forms, with or without

62 * modification, are permitted provided that the following conditions	62 * modification, are permitted provided that the following conditions

63 * are met:	63 * are met:

64 *	64 *

65 * 1. Redistributions of source code must retain the above copyright	65 * 1. Redistributions of source code must retain the above copyright

66 * notice, this list of conditions and the following disclaimer.	66 * notice, this list of conditions and the following disclaimer.

67 *	67 *

68 * 2. Redistributions in binary form must reproduce the above copyright	68 * 2. Redistributions in binary form must reproduce the above copyright

69 * notice, this list of conditions and the following disclaimer in	69 * notice, this list of conditions and the following disclaimer in

(...skipping 36 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
106 * This product includes cryptographic software written by Eric Young	106 * This product includes cryptographic software written by Eric Young

107 * (eay@cryptsoft.com). This product includes software written by Tim	107 * (eay@cryptsoft.com). This product includes software written by Tim

108 * Hudson (tjh@cryptsoft.com).	108 * Hudson (tjh@cryptsoft.com).

109 *	109 *

110 */	110 */

111 /* ====================================================================	111 /* ====================================================================

112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.	112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

113 * ECC cipher suite support in OpenSSL originally developed by	113 * ECC cipher suite support in OpenSSL originally developed by

114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.	114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

115 */	115 */

	116 /* ====================================================================

	117 * Copyright 2005 Nokia. All rights reserved.

	118 *

	119 * The portions of the attached software ("Contribution") is developed by

	120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source

	121 * license.

	122 *

	123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of

	124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites

	125 * support (see RFC 4279) to OpenSSL.

	126 *

	127 * No patent licenses or other rights except those expressly stated in

	128 * the OpenSSL open source license shall be deemed granted or received

	129 * expressly, by implication, estoppel, or otherwise.

	130 *

	131 * No assurances are provided by Nokia that the Contribution does not

	132 * infringe the patent or other intellectual property rights of any third

	133 * party or that the license provides you with all the necessary rights

	134 * to make use of the Contribution.

	135 *

	136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN

	137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA

	138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY

	139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR

	140 * OTHERWISE.

	141 */

116	142

117 /* Until the key-gen callbacks are modified to use newer prototypes, we allow	143 /* Until the key-gen callbacks are modified to use newer prototypes, we allow

118 * deprecated functions for openssl-internal code */	144 * deprecated functions for openssl-internal code */

119 #ifdef OPENSSL_NO_DEPRECATED	145 #ifdef OPENSSL_NO_DEPRECATED

120 #undef OPENSSL_NO_DEPRECATED	146 #undef OPENSSL_NO_DEPRECATED

121 #endif	147 #endif

122	148

123 #include <assert.h>	149 #include <assert.h>

	150 #include <ctype.h>

124 #include <stdio.h>	151 #include <stdio.h>

125 #include <stdlib.h>	152 #include <stdlib.h>

126 #include <string.h>	153 #include <string.h>

127	154

128 #include <sys/stat.h>

129 #include <openssl/e_os2.h>	155 #include <openssl/e_os2.h>

130 #ifdef OPENSSL_NO_STDIO	156 #ifdef OPENSSL_NO_STDIO

131 #define APPS_WIN16	157 #define APPS_WIN16

132 #endif	158 #endif

133	159

134 #if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware * /	160 #if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware * /

135 #include <sys/types.h>	161 #include <sys/types.h>

136 #endif	162 #endif

137	163

138 /* With IPv6, it looks like Digital has mixed up the proper order of	164 /* With IPv6, it looks like Digital has mixed up the proper order of

(...skipping 17 matching lines...) Expand all Loading...
156 #include <openssl/ocsp.h>	182 #include <openssl/ocsp.h>

157 #ifndef OPENSSL_NO_DH	183 #ifndef OPENSSL_NO_DH

158 #include <openssl/dh.h>	184 #include <openssl/dh.h>

159 #endif	185 #endif

160 #ifndef OPENSSL_NO_RSA	186 #ifndef OPENSSL_NO_RSA

161 #include <openssl/rsa.h>	187 #include <openssl/rsa.h>

162 #endif	188 #endif

163 #include "s_apps.h"	189 #include "s_apps.h"

164 #include "timeouts.h"	190 #include "timeouts.h"

165	191

166 #ifdef OPENSSL_SYS_WINCE

167 /* Windows CE incorrectly defines fileno as returning void, so to avoid problem s below... /

168 #ifdef fileno

169 #undef fileno

170 #endif

171 #define fileno(a) (int)_fileno(a)

172 #endif

173

174 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)	192 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)

175 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */	193 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */

176 #undef FIONBIO	194 #undef FIONBIO

177 #endif	195 #endif

178	196

	197 #if defined(OPENSSL_SYS_BEOS_R5)

	198 #include <fcntl.h>

	199 #endif

	200

179 #ifndef OPENSSL_NO_RSA	201 #ifndef OPENSSL_NO_RSA

180 static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export, int keylength);	202 static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export, int keylength);

181 #endif	203 #endif

182 static int sv_body(char hostname, int s, unsigned char context);	204 static int sv_body(char hostname, int s, unsigned char context);

183 static int www_body(char hostname, int s, unsigned char context);	205 static int www_body(char hostname, int s, unsigned char context);

184 static void close_accept_socket(void );	206 static void close_accept_socket(void );

185 static void sv_usage(void);	207 static void sv_usage(void);

186 static int init_ssl_connection(SSL *s);	208 static int init_ssl_connection(SSL *s);

187 static void print_stats(BIO bp,SSL_CTX ctx);	209 static void print_stats(BIO bp,SSL_CTX ctx);

188 static int generate_session_id(const SSL ssl, unsigned char id,	210 static int generate_session_id(const SSL ssl, unsigned char id,

189 unsigned int *id_len);	211 unsigned int *id_len);

190 #ifndef OPENSSL_NO_DH	212 #ifndef OPENSSL_NO_DH

191 static DH load_dh_param(const char dhfile);	213 static DH load_dh_param(const char dhfile);

192 static DH *get_dh512(void);	214 static DH *get_dh512(void);

193 #endif	215 #endif

194	216

195 #ifdef MONOLITH	217 #ifdef MONOLITH

196 static void s_server_init(void);	218 static void s_server_init(void);

197 #endif	219 #endif

198	220

199 #ifndef S_ISDIR

200 # if defined(_S_IFMT) && defined(_S_IFDIR)

201 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)

202 # else

203 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)

204 # endif

205 #endif

206

207 #ifndef OPENSSL_NO_DH	221 #ifndef OPENSSL_NO_DH

208 static unsigned char dh512_p[]={	222 static unsigned char dh512_p[]={

209 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,	223 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,

210 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,	224 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,

211 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,	225 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,

212 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,	226 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,

213 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,	227 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,

214 0x47,0x74,0xE8,0x33,	228 0x47,0x74,0xE8,0x33,

215 };	229 };

216 static unsigned char dh512_g[]={	230 static unsigned char dh512_g[]={

(...skipping 21 matching lines...) Expand all Loading...
238 static int bufsize=BUFSIZZ;	252 static int bufsize=BUFSIZZ;

239 static int accept_socket= -1;	253 static int accept_socket= -1;

240	254

241 #define TEST_CERT "server.pem"	255 #define TEST_CERT "server.pem"

242 #ifndef OPENSSL_NO_TLSEXT	256 #ifndef OPENSSL_NO_TLSEXT

243 #define TEST_CERT2 "server2.pem"	257 #define TEST_CERT2 "server2.pem"

244 #endif	258 #endif

245 #undef PROG	259 #undef PROG

246 #define PROG s_server_main	260 #define PROG s_server_main

247	261

248 extern int verify_depth;	262 extern int verify_depth, verify_return_error;

249	263

250 static char *cipher=NULL;	264 static char *cipher=NULL;

251 static int s_server_verify=SSL_VERIFY_NONE;	265 static int s_server_verify=SSL_VERIFY_NONE;

252 static int s_server_session_id_context = 1; /* anything will do */	266 static int s_server_session_id_context = 1; /* anything will do */

253 static const char s_cert_file=TEST_CERT,s_key_file=NULL;	267 static const char s_cert_file=TEST_CERT,s_key_file=NULL;

254 #ifndef OPENSSL_NO_TLSEXT	268 #ifndef OPENSSL_NO_TLSEXT

255 static const char s_cert_file2=TEST_CERT2,s_key_file2=NULL;	269 static const char s_cert_file2=TEST_CERT2,s_key_file2=NULL;

256 #endif	270 #endif

257 static char s_dcert_file=NULL,s_dkey_file=NULL;	271 static char s_dcert_file=NULL,s_dkey_file=NULL;

258 #ifdef FIONBIO	272 #ifdef FIONBIO

(...skipping 22 matching lines...) Expand all Loading...
281 static char *engine_id=NULL;	295 static char *engine_id=NULL;

282 #endif	296 #endif

283 static const char *session_id_prefix=NULL;	297 static const char *session_id_prefix=NULL;

284	298

285 static int enable_timeouts = 0;	299 static int enable_timeouts = 0;

286 static long socket_mtu;	300 static long socket_mtu;

287 #ifndef OPENSSL_NO_DTLS1	301 #ifndef OPENSSL_NO_DTLS1

288 static int cert_chain = 0;	302 static int cert_chain = 0;

289 #endif	303 #endif

290	304

	305 #ifndef OPENSSL_NO_PSK

	306 static char *psk_identity="Client_identity";

	307 char psk_key=NULL; / by default PSK is not used */

	308

	309 static unsigned int psk_server_cb(SSL ssl, const char identity,

	310 unsigned char *psk, unsigned int max_psk_len)

	311 {

	312 unsigned int psk_len = 0;

	313 int ret;

	314 BIGNUM *bn = NULL;

	315

	316 if (s_debug)

	317 BIO_printf(bio_s_out,"psk_server_cb\n");

	318 if (!identity)

	319 {

	320 BIO_printf(bio_err,"Error: client did not send PSK identity\n");

	321 goto out_err;

	322 }

	323 if (s_debug)

	324 BIO_printf(bio_s_out,"identity_len=%d identity=%s\n",

	325 identity ? (int)strlen(identity) : 0, identity);

	326

	327 /* here we could lookup the given identity e.g. from a database */

	328 if (strcmp(identity, psk_identity) != 0)

	329 {

	330 BIO_printf(bio_s_out, "PSK error: client identity not found"

	331 " (got '%s' expected '%s')\n", identity,

	332 psk_identity);

	333 goto out_err;

	334 }

	335 if (s_debug)

	336 BIO_printf(bio_s_out, "PSK client identity found\n");

	337

	338 /* convert the PSK key to binary */

	339 ret = BN_hex2bn(&bn, psk_key);

	340 if (!ret)

	341 {

	342 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);

	343 if (bn)

	344 BN_free(bn);

	345 return 0;

	346 }

	347 if (BN_num_bytes(bn) > (int)max_psk_len)

	348 {

	349 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",

	350 max_psk_len, BN_num_bytes(bn));

	351 BN_free(bn);

	352 return 0;

	353 }

	354

	355 ret = BN_bn2bin(bn, psk);

	356 BN_free(bn);

	357

	358 if (ret < 0)

	359 goto out_err;

	360 psk_len = (unsigned int)ret;

	361

	362 if (s_debug)

	363 BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);

	364 return psk_len;

	365 out_err:

	366 if (s_debug)

	367 BIO_printf(bio_err, "Error in PSK server callback\n");

	368 return 0;

	369 }

	370 #endif

291	371

292 #ifdef MONOLITH	372 #ifdef MONOLITH

293 static void s_server_init(void)	373 static void s_server_init(void)

294 {	374 {

295 accept_socket=-1;	375 accept_socket=-1;

296 cipher=NULL;	376 cipher=NULL;

297 s_server_verify=SSL_VERIFY_NONE;	377 s_server_verify=SSL_VERIFY_NONE;

298 s_dcert_file=NULL;	378 s_dcert_file=NULL;

299 s_dkey_file=NULL;	379 s_dkey_file=NULL;

300 s_cert_file=TEST_CERT;	380 s_cert_file=TEST_CERT;

(...skipping 44 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
345 BIO_printf(bio_err," -dcert arg - second certificate file to use (usu ally for DSA)\n");	425 BIO_printf(bio_err," -dcert arg - second certificate file to use (usu ally for DSA)\n");

346 BIO_printf(bio_err," -dcertform x - second certificate format (PEM or D ER) PEM default\n");	426 BIO_printf(bio_err," -dcertform x - second certificate format (PEM or D ER) PEM default\n");

347 BIO_printf(bio_err," -dkey arg - second private key file to use (usu ally for DSA)\n");	427 BIO_printf(bio_err," -dkey arg - second private key file to use (usu ally for DSA)\n");

348 BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGI NE) PEM default\n");	428 BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGI NE) PEM default\n");

349 BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n");	429 BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n");

350 BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert f ile if not specified\n");	430 BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert f ile if not specified\n");

351 BIO_printf(bio_err," or a default set of parameters is u sed\n");	431 BIO_printf(bio_err," or a default set of parameters is u sed\n");

352 #ifndef OPENSSL_NO_ECDH	432 #ifndef OPENSSL_NO_ECDH

353 BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \	433 BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \

354 " Use \"openssl ecparam -list_curves\ " for all names\n" \	434 " Use \"openssl ecparam -list_curves\ " for all names\n" \

355 » " (default is sect163r2).\n");	435 » " (default is nistp256).\n");

356 #endif	436 #endif

357 #ifdef FIONBIO	437 #ifdef FIONBIO

358 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");	438 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");

359 #endif	439 #endif

360 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio \n");	440 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio \n");

361 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\ n");	441 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\ n");

362 BIO_printf(bio_err," -debug - Print more output\n");	442 BIO_printf(bio_err," -debug - Print more output\n");

363 BIO_printf(bio_err," -msg - Show protocol messages\n");	443 BIO_printf(bio_err," -msg - Show protocol messages\n");

364 BIO_printf(bio_err," -state - Print the SSL states\n");	444 BIO_printf(bio_err," -state - Print the SSL states\n");

365 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");	445 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");

366 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");	446 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");

367 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH )\n");	447 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH )\n");

368 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");	448 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");

369 BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n") ;	449 BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n") ;

370 BIO_printf(bio_err," -quiet - No server output\n");	450 BIO_printf(bio_err," -quiet - No server output\n");

371 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");	451 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");

	452 #ifndef OPENSSL_NO_PSK

	453 BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");

	454 BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n");

	455 # ifndef OPENSSL_NO_JPAKE

	456 BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");

	457 # endif

	458 #endif

372 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");	459 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");

373 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");	460 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");

374 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");	461 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");

375 BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");	462 BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");

376 BIO_printf(bio_err," -timeout - Enable timeouts\n");	463 BIO_printf(bio_err," -timeout - Enable timeouts\n");

377 BIO_printf(bio_err," -mtu - Set link layer MTU\n");	464 BIO_printf(bio_err," -mtu - Set link layer MTU\n");

378 BIO_printf(bio_err," -chain - Read a certificate chain\n");	465 BIO_printf(bio_err," -chain - Read a certificate chain\n");

379 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");	466 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");

380 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");	467 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");

381 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");	468 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");

(...skipping 16 matching lines...) Expand all Loading...
398 #ifndef OPENSSL_NO_TLSEXT	485 #ifndef OPENSSL_NO_TLSEXT

399 BIO_printf(bio_err," -servername host - servername for HostName TLS exte nsion\n");	486 BIO_printf(bio_err," -servername host - servername for HostName TLS exte nsion\n");

400 BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (d efault warning alert)\n");	487 BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (d efault warning alert)\n");

401 BIO_printf(bio_err," -cert2 arg - certificate file to use for servern ame\n");	488 BIO_printf(bio_err," -cert2 arg - certificate file to use for servern ame\n");

402 BIO_printf(bio_err," (default is %s)\n",TEST_CERT2);	489 BIO_printf(bio_err," (default is %s)\n",TEST_CERT2);

403 BIO_printf(bio_err," -key2 arg - Private Key file to use for servern ame, in cert file if\n");	490 BIO_printf(bio_err," -key2 arg - Private Key file to use for servern ame, in cert file if\n");

404 BIO_printf(bio_err," not specified (default is %s)\n",TE ST_CERT2);	491 BIO_printf(bio_err," not specified (default is %s)\n",TE ST_CERT2);

405 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions rece ived\n");	492 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions rece ived\n");

406 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session t ickets\n");	493 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session t ickets\n");

407 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego tiation (dangerous)\n");	494 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego tiation (dangerous)\n");

	495 # ifndef OPENSSL_NO_NEXTPROTONEG

408 BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols fo r the NPN extension (comma-separated list)\n");	496 BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols fo r the NPN extension (comma-separated list)\n");

	497 # endif

409 #endif	498 #endif

410 }	499 }

411	500

412 static int local_argc=0;	501 static int local_argc=0;

413 static char **local_argv;	502 static char **local_argv;

414	503

415 #ifdef CHARSET_EBCDIC	504 #ifdef CHARSET_EBCDIC

416 static int ebcdic_new(BIO *bi);	505 static int ebcdic_new(BIO *bi);

417 static int ebcdic_free(BIO *a);	506 static int ebcdic_free(BIO *a);

418 static int ebcdic_read(BIO b, char out, int outl);	507 static int ebcdic_read(BIO b, char out, int outl);

(...skipping 162 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
581	670

582 if (!p->servername)	671 if (!p->servername)

583 return SSL_TLSEXT_ERR_NOACK;	672 return SSL_TLSEXT_ERR_NOACK;

584	673

585 if (servername)	674 if (servername)

586 {	675 {

587 if (strcmp(servername,p->servername))	676 if (strcmp(servername,p->servername))

588 return p->extension_error;	677 return p->extension_error;

589 if (ctx2)	678 if (ctx2)

590 {	679 {

591 » » » BIO_printf(p->biodebug,"Swiching server context.\n");	680 » » » BIO_printf(p->biodebug,"Switching server context.\n");

592 SSL_set_SSL_CTX(s,ctx2);	681 SSL_set_SSL_CTX(s,ctx2);

593 }	682 }

594 }	683 }

595 return SSL_TLSEXT_ERR_OK;	684 return SSL_TLSEXT_ERR_OK;

596 }	685 }

597	686

598 /* Structure passed to cert status callback */	687 /* Structure passed to cert status callback */

599	688

600 typedef struct tlsextstatusctx_st {	689 typedef struct tlsextstatusctx_st {

601 /* Default responder to use */	690 /* Default responder to use */

(...skipping 18 matching lines...) Expand all Loading...
620 */	709 */

621	710

622 static int cert_status_cb(SSL s, void arg)	711 static int cert_status_cb(SSL s, void arg)

623 {	712 {

624 tlsextstatusctx *srctx = arg;	713 tlsextstatusctx *srctx = arg;

625 BIO *err = srctx->err;	714 BIO *err = srctx->err;

626 char host, port, *path;	715 char host, port, *path;

627 int use_ssl;	716 int use_ssl;

628 unsigned char *rspder = NULL;	717 unsigned char *rspder = NULL;

629 int rspderlen;	718 int rspderlen;

630 » STACK *aia = NULL;	719 » STACK_OF(OPENSSL_STRING) *aia = NULL;

631 X509 *x = NULL;	720 X509 *x = NULL;

632 X509_STORE_CTX inctx;	721 X509_STORE_CTX inctx;

633 X509_OBJECT obj;	722 X509_OBJECT obj;

634 OCSP_REQUEST *req = NULL;	723 OCSP_REQUEST *req = NULL;

635 OCSP_RESPONSE *resp = NULL;	724 OCSP_RESPONSE *resp = NULL;

636 OCSP_CERTID *id = NULL;	725 OCSP_CERTID *id = NULL;

637 STACK_OF(X509_EXTENSION) *exts;	726 STACK_OF(X509_EXTENSION) *exts;

638 int ret = SSL_TLSEXT_ERR_NOACK;	727 int ret = SSL_TLSEXT_ERR_NOACK;

639 int i;	728 int i;

640 #if 0	729 #if 0

641 STACK_OF(OCSP_RESPID) *ids;	730 STACK_OF(OCSP_RESPID) *ids;

642 SSL_get_tlsext_status_ids(s, &ids);	731 SSL_get_tlsext_status_ids(s, &ids);

643 BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));	732 BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));

644 #endif	733 #endif

645 if (srctx->verbose)	734 if (srctx->verbose)

646 BIO_puts(err, "cert_status: callback called\n");	735 BIO_puts(err, "cert_status: callback called\n");

647 /* Build up OCSP query from server certificate */	736 /* Build up OCSP query from server certificate */

648 x = SSL_get_certificate(s);	737 x = SSL_get_certificate(s);

649 aia = X509_get1_ocsp(x);	738 aia = X509_get1_ocsp(x);

650 if (aia)	739 if (aia)

651 {	740 {

652 » » if (!OCSP_parse_url(sk_value(aia, 0),	741 » » if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),

653 &host, &port, &path, &use_ssl))	742 &host, &port, &path, &use_ssl))

654 {	743 {

655 BIO_puts(err, "cert_status: can't parse AIA URL\n");	744 BIO_puts(err, "cert_status: can't parse AIA URL\n");

656 goto err;	745 goto err;

657 }	746 }

658 if (srctx->verbose)	747 if (srctx->verbose)

659 BIO_printf(err, "cert_status: AIA URL: %s\n",	748 BIO_printf(err, "cert_status: AIA URL: %s\n",

660 » » » » » sk_value(aia, 0));	749 » » » » » sk_OPENSSL_STRING_value(aia, 0));

661 }	750 }

662 else	751 else

663 {	752 {

664 if (!srctx->host)	753 if (!srctx->host)

665 {	754 {

666 BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");	755 BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");

667 goto done;	756 goto done;

668 }	757 }

669 host = srctx->host;	758 host = srctx->host;

670 path = srctx->path;	759 path = srctx->path;

(...skipping 24 matching lines...) Expand all Loading...
695 goto err;	784 goto err;

696 id = NULL;	785 id = NULL;

697 /* Add any extensions to the request */	786 /* Add any extensions to the request */

698 SSL_get_tlsext_status_exts(s, &exts);	787 SSL_get_tlsext_status_exts(s, &exts);

699 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)	788 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)

700 {	789 {

701 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);	790 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);

702 if (!OCSP_REQUEST_add_ext(req, ext, -1))	791 if (!OCSP_REQUEST_add_ext(req, ext, -1))

703 goto err;	792 goto err;

704 }	793 }

705 » resp = process_responder(err, req, host, path, port, use_ssl,	794 » resp = process_responder(err, req, host, path, port, use_ssl, NULL,

706 srctx->timeout);	795 srctx->timeout);

707 if (!resp)	796 if (!resp)

708 {	797 {

709 BIO_puts(err, "cert_status: error querying responder\n");	798 BIO_puts(err, "cert_status: error querying responder\n");

710 goto done;	799 goto done;

711 }	800 }

712 rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);	801 rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);

713 if (rspderlen <= 0)	802 if (rspderlen <= 0)

714 goto err;	803 goto err;

715 SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);	804 SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);

(...skipping 17 matching lines...) Expand all Loading...
733 OCSP_CERTID_free(id);	822 OCSP_CERTID_free(id);

734 if (req)	823 if (req)

735 OCSP_REQUEST_free(req);	824 OCSP_REQUEST_free(req);

736 if (resp)	825 if (resp)

737 OCSP_RESPONSE_free(resp);	826 OCSP_RESPONSE_free(resp);

738 return ret;	827 return ret;

739 err:	828 err:

740 ret = SSL_TLSEXT_ERR_ALERT_FATAL;	829 ret = SSL_TLSEXT_ERR_ALERT_FATAL;

741 goto done;	830 goto done;

742 }	831 }

743 #endif

744	832

745	833 # ifndef OPENSSL_NO_NEXTPROTONEG

746 /* This the context that we pass to next_proto_cb */	834 /* This is the context that we pass to next_proto_cb */

747 typedef struct tlsextnextprotoctx_st {	835 typedef struct tlsextnextprotoctx_st {

748 unsigned char *data;	836 unsigned char *data;

749 unsigned int len;	837 unsigned int len;

750 } tlsextnextprotoctx;	838 } tlsextnextprotoctx;

751	839

752

753 static int next_proto_cb(SSL s, const unsigned char data, unsigned int len, void *arg)	840 static int next_proto_cb(SSL s, const unsigned char data, unsigned int len, void *arg)

754 {	841 {

755 tlsextnextprotoctx *next_proto = arg;	842 tlsextnextprotoctx *next_proto = arg;

756	843

757 *data = next_proto->data;	844 *data = next_proto->data;

758 *len = next_proto->len;	845 *len = next_proto->len;

759	846

760 return SSL_TLSEXT_ERR_OK;	847 return SSL_TLSEXT_ERR_OK;

761 }	848 }

762	849 # endif /* ndef OPENSSL_NO_NPN */

	850 #endif

763	851

764 int MAIN(int, char **);	852 int MAIN(int, char **);

765	853

766 #ifndef OPENSSL_NO_JPAKE	854 #ifndef OPENSSL_NO_JPAKE

767 static char *jpake_secret = NULL;	855 static char *jpake_secret = NULL;

768 #endif	856 #endif

769	857

770 int MAIN(int argc, char *argv[])	858 int MAIN(int argc, char *argv[])

771 {	859 {

772 » X509_STORE *store = NULL;	860 » X509_VERIFY_PARAM *vpm = NULL;

773 » int vflags = 0;	861 » int badarg = 0;

774 short port=PORT;	862 short port=PORT;

775 char CApath=NULL,CAfile=NULL;	863 char CApath=NULL,CAfile=NULL;

776 unsigned char *context = NULL;	864 unsigned char *context = NULL;

777 char *dhfile = NULL;	865 char *dhfile = NULL;

778 #ifndef OPENSSL_NO_ECDH	866 #ifndef OPENSSL_NO_ECDH

779 char *named_curve = NULL;	867 char *named_curve = NULL;

780 #endif	868 #endif

781 int badop=0,bugs=0;	869 int badop=0,bugs=0;

782 int ret=1;	870 int ret=1;

783 int off=0;	871 int off=0;

784 int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;	872 int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;

785 int state=0;	873 int state=0;

786 » SSL_METHOD *meth=NULL;	874 » const SSL_METHOD *meth=NULL;

787 int socket_type=SOCK_STREAM;	875 » int socket_type=SOCK_STREAM;

788 ENGINE *e=NULL;	876 ENGINE *e=NULL;

789 char *inrand=NULL;	877 char *inrand=NULL;

790 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;	878 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;

791 char passarg = NULL, pass = NULL;	879 char passarg = NULL, pass = NULL;

792 char dpassarg = NULL, dpass = NULL;	880 char dpassarg = NULL, dpass = NULL;

793 int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;	881 int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;

794 X509 s_cert = NULL, s_dcert = NULL;	882 X509 s_cert = NULL, s_dcert = NULL;

795 EVP_PKEY s_key = NULL, s_dkey = NULL;	883 EVP_PKEY s_key = NULL, s_dkey = NULL;

796 int no_cache = 0;	884 int no_cache = 0;

797 #ifndef OPENSSL_NO_TLSEXT	885 #ifndef OPENSSL_NO_TLSEXT

798 EVP_PKEY *s_key2 = NULL;	886 EVP_PKEY *s_key2 = NULL;

799 X509 *s_cert2 = NULL;	887 X509 *s_cert2 = NULL;

800 #endif	888 #endif

801 #ifndef OPENSSL_NO_TLSEXT	889 #ifndef OPENSSL_NO_TLSEXT

802 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};	890 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};

	891 # ifndef OPENSSL_NO_NEXTPROTONEG

803 const char *next_proto_neg_in = NULL;	892 const char *next_proto_neg_in = NULL;

804 tlsextnextprotoctx next_proto;	893 tlsextnextprotoctx next_proto;

805 » char snapstart = 0;	894 # endif

806 #endif	895 #endif

807	896 #ifndef OPENSSL_NO_PSK

	897 » /* by default do not send a PSK identity hint */

	898 » static char *psk_identity_hint=NULL;

	899 #endif

808 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)	900 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)

809 meth=SSLv23_server_method();	901 meth=SSLv23_server_method();

810 #elif !defined(OPENSSL_NO_SSL3)	902 #elif !defined(OPENSSL_NO_SSL3)

811 meth=SSLv3_server_method();	903 meth=SSLv3_server_method();

812 #elif !defined(OPENSSL_NO_SSL2)	904 #elif !defined(OPENSSL_NO_SSL2)

813 meth=SSLv2_server_method();	905 meth=SSLv2_server_method();

814 #endif	906 #endif

815	907

816 local_argc=argc;	908 local_argc=argc;

817 local_argv=argv;	909 local_argv=argv;

(...skipping 113 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
931 {	1023 {

932 nocert=1;	1024 nocert=1;

933 }	1025 }

934 else if (strcmp(*argv,"-CApath") == 0)	1026 else if (strcmp(*argv,"-CApath") == 0)

935 {	1027 {

936 if (--argc < 1) goto bad;	1028 if (--argc < 1) goto bad;

937 CApath= *(++argv);	1029 CApath= *(++argv);

938 }	1030 }

939 else if (strcmp(*argv,"-no_cache") == 0)	1031 else if (strcmp(*argv,"-no_cache") == 0)

940 no_cache = 1;	1032 no_cache = 1;

941 » » else if (strcmp(*argv,"-crl_check") == 0)	1033 » » else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))

942 {	1034 {

943 » » » vflags \|= X509_V_FLAG_CRL_CHECK;	1035 » » » if (badarg)

	1036 » » » » goto bad;

	1037 » » » continue;

944 }	1038 }

945 » » else if (strcmp(*argv,"-crl_check_all") == 0)	1039 » » else if (strcmp(*argv,"-verify_return_error") == 0)

946 » » » {	1040 » » » verify_return_error = 1;

947 » » » vflags \|= X509_V_FLAG_CRL_CHECK\|X509_V_FLAG_CRL_CHECK_AL L;

948 » » » }

949 else if (strcmp(*argv,"-serverpref") == 0)	1041 else if (strcmp(*argv,"-serverpref") == 0)

950 { off\|=SSL_OP_CIPHER_SERVER_PREFERENCE; }	1042 { off\|=SSL_OP_CIPHER_SERVER_PREFERENCE; }

951 else if (strcmp(*argv,"-legacy_renegotiation") == 0)	1043 else if (strcmp(*argv,"-legacy_renegotiation") == 0)

952 off\|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;	1044 off\|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;

953 else if (strcmp(*argv,"-cipher") == 0)	1045 else if (strcmp(*argv,"-cipher") == 0)

954 {	1046 {

955 if (--argc < 1) goto bad;	1047 if (--argc < 1) goto bad;

956 cipher= *(++argv);	1048 cipher= *(++argv);

957 }	1049 }

958 else if (strcmp(*argv,"-CAfile") == 0)	1050 else if (strcmp(*argv,"-CAfile") == 0)

(...skipping 56 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1015 else if (strcmp(*argv,"-quiet") == 0)	1107 else if (strcmp(*argv,"-quiet") == 0)

1016 { s_quiet=1; }	1108 { s_quiet=1; }

1017 else if (strcmp(*argv,"-bugs") == 0)	1109 else if (strcmp(*argv,"-bugs") == 0)

1018 { bugs=1; }	1110 { bugs=1; }

1019 else if (strcmp(*argv,"-no_tmp_rsa") == 0)	1111 else if (strcmp(*argv,"-no_tmp_rsa") == 0)

1020 { no_tmp_rsa=1; }	1112 { no_tmp_rsa=1; }

1021 else if (strcmp(*argv,"-no_dhe") == 0)	1113 else if (strcmp(*argv,"-no_dhe") == 0)

1022 { no_dhe=1; }	1114 { no_dhe=1; }

1023 else if (strcmp(*argv,"-no_ecdhe") == 0)	1115 else if (strcmp(*argv,"-no_ecdhe") == 0)

1024 { no_ecdhe=1; }	1116 { no_ecdhe=1; }

	1117 #ifndef OPENSSL_NO_PSK

	1118 else if (strcmp(*argv,"-psk_hint") == 0)

	1119 {

	1120 if (--argc < 1) goto bad;

	1121 psk_identity_hint= *(++argv);

	1122 }

	1123 else if (strcmp(*argv,"-psk") == 0)

	1124 {

	1125 size_t i;

	1126

	1127 if (--argc < 1) goto bad;

	1128 psk_key=*(++argv);

	1129 for (i=0; i<strlen(psk_key); i++)

	1130 {

	1131 if (isxdigit((int)psk_key[i]))

	1132 continue;

	1133 BIO_printf(bio_err,"Not a hex number '%s'\n",*ar gv);

	1134 goto bad;

	1135 }

	1136 }

	1137 #endif

1025 else if (strcmp(*argv,"-www") == 0)	1138 else if (strcmp(*argv,"-www") == 0)

1026 { www=1; }	1139 { www=1; }

1027 else if (strcmp(*argv,"-WWW") == 0)	1140 else if (strcmp(*argv,"-WWW") == 0)

1028 { www=2; }	1141 { www=2; }

1029 else if (strcmp(*argv,"-HTTP") == 0)	1142 else if (strcmp(*argv,"-HTTP") == 0)

1030 { www=3; }	1143 { www=3; }

1031 else if (strcmp(*argv,"-no_ssl2") == 0)	1144 else if (strcmp(*argv,"-no_ssl2") == 0)

1032 { off\|=SSL_OP_NO_SSLv2; }	1145 { off\|=SSL_OP_NO_SSLv2; }

1033 else if (strcmp(*argv,"-no_ssl3") == 0)	1146 else if (strcmp(*argv,"-no_ssl3") == 0)

1034 { off\|=SSL_OP_NO_SSLv3; }	1147 { off\|=SSL_OP_NO_SSLv3; }

1035 else if (strcmp(*argv,"-no_tls1") == 0)	1148 else if (strcmp(*argv,"-no_tls1") == 0)

1036 { off\|=SSL_OP_NO_TLSv1; }	1149 { off\|=SSL_OP_NO_TLSv1; }

	1150 else if (strcmp(*argv,"-no_comp") == 0)

	1151 { off\|=SSL_OP_NO_COMPRESSION; }

1037 #ifndef OPENSSL_NO_TLSEXT	1152 #ifndef OPENSSL_NO_TLSEXT

1038 else if (strcmp(*argv,"-no_ticket") == 0)	1153 else if (strcmp(*argv,"-no_ticket") == 0)

1039 { off\|=SSL_OP_NO_TICKET; }	1154 { off\|=SSL_OP_NO_TICKET; }

1040 #endif	1155 #endif

1041 #ifndef OPENSSL_NO_SSL2	1156 #ifndef OPENSSL_NO_SSL2

1042 else if (strcmp(*argv,"-ssl2") == 0)	1157 else if (strcmp(*argv,"-ssl2") == 0)

1043 { meth=SSLv2_server_method(); }	1158 { meth=SSLv2_server_method(); }

1044 #endif	1159 #endif

1045 #ifndef OPENSSL_NO_SSL3	1160 #ifndef OPENSSL_NO_SSL3

1046 else if (strcmp(*argv,"-ssl3") == 0)	1161 else if (strcmp(*argv,"-ssl3") == 0)

(...skipping 47 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1094 else if (strcmp(*argv,"-cert2") == 0)	1209 else if (strcmp(*argv,"-cert2") == 0)

1095 {	1210 {

1096 if (--argc < 1) goto bad;	1211 if (--argc < 1) goto bad;

1097 s_cert_file2= *(++argv);	1212 s_cert_file2= *(++argv);

1098 }	1213 }

1099 else if (strcmp(*argv,"-key2") == 0)	1214 else if (strcmp(*argv,"-key2") == 0)

1100 {	1215 {

1101 if (--argc < 1) goto bad;	1216 if (--argc < 1) goto bad;

1102 s_key_file2= *(++argv);	1217 s_key_file2= *(++argv);

1103 }	1218 }

	1219 # ifndef OPENSSL_NO_NEXTPROTONEG

1104 else if (strcmp(*argv,"-nextprotoneg") == 0)	1220 else if (strcmp(*argv,"-nextprotoneg") == 0)

1105 {	1221 {

1106 if (--argc < 1) goto bad;	1222 if (--argc < 1) goto bad;

1107 next_proto_neg_in = *(++argv);	1223 next_proto_neg_in = *(++argv);

1108 }	1224 }

1109 » » else if»(strcmp(*argv,"-snapstart") == 0)	1225 # endif

1110 » » » {

1111 » » » snapstart = 1;

1112 » » » }

1113 #endif	1226 #endif

1114 #ifndef OPENSSL_NO_JPAKE	1227 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)

1115 else if (strcmp(*argv,"-jpake") == 0)	1228 else if (strcmp(*argv,"-jpake") == 0)

1116 {	1229 {

1117 if (--argc < 1) goto bad;	1230 if (--argc < 1) goto bad;

1118 jpake_secret = *(++argv);	1231 jpake_secret = *(++argv);

1119 }	1232 }

1120 #endif	1233 #endif

1121 else	1234 else

1122 {	1235 {

1123 BIO_printf(bio_err,"unknown option %s\n",*argv);	1236 BIO_printf(bio_err,"unknown option %s\n",*argv);

1124 badop=1;	1237 badop=1;

1125 break;	1238 break;

1126 }	1239 }

1127 argc--;	1240 argc--;

1128 argv++;	1241 argv++;

1129 }	1242 }

1130 if (badop)	1243 if (badop)

1131 {	1244 {

1132 bad:	1245 bad:

1133 sv_usage();	1246 sv_usage();

1134 goto end;	1247 goto end;

1135 }	1248 }

1136	1249

	1250 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)

	1251 if (jpake_secret)

	1252 {

	1253 if (psk_key)

	1254 {

	1255 BIO_printf(bio_err,

	1256 "Can't use JPAKE and PSK together\n");

	1257 goto end;

	1258 }

	1259 psk_identity = "JPAKE";

	1260 if (cipher)

	1261 {

	1262 BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");

	1263 goto end;

	1264 }

	1265 cipher = "PSK";

	1266 }

	1267

	1268 #endif

	1269

1137 SSL_load_error_strings();	1270 SSL_load_error_strings();

1138 OpenSSL_add_ssl_algorithms();	1271 OpenSSL_add_ssl_algorithms();

1139	1272

1140 #ifndef OPENSSL_NO_ENGINE	1273 #ifndef OPENSSL_NO_ENGINE

1141 e = setup_engine(bio_err, engine_id, 1);	1274 e = setup_engine(bio_err, engine_id, 1);

1142 #endif	1275 #endif

1143	1276

1144 if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))	1277 if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))

1145 {	1278 {

1146 BIO_printf(bio_err, "Error getting password\n");	1279 BIO_printf(bio_err, "Error getting password\n");

(...skipping 40 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1187	1320

1188 s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format,	1321 s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format,

1189 NULL, e, "second server certificate file");	1322 NULL, e, "second server certificate file");

1190	1323

1191 if (!s_cert2)	1324 if (!s_cert2)

1192 {	1325 {

1193 ERR_print_errors(bio_err);	1326 ERR_print_errors(bio_err);

1194 goto end;	1327 goto end;

1195 }	1328 }

1196 }	1329 }

1197

1198 if (next_proto_neg_in)

1199 {

1200 unsigned short len;

1201 next_proto.data = next_protos_parse(&len,

1202 next_proto_neg_in);

1203 if (next_proto.data == NULL)

1204 goto end;

1205 next_proto.len = len;

1206 }

1207 else

1208 {

1209 next_proto.data = NULL;

1210 }

1211 #endif	1330 #endif

1212 }	1331 }

	1332

	1333

1213 if (s_dcert_file)	1334 if (s_dcert_file)

1214 {	1335 {

1215	1336

1216 if (s_dkey_file == NULL)	1337 if (s_dkey_file == NULL)

1217 s_dkey_file = s_dcert_file;	1338 s_dkey_file = s_dcert_file;

1218	1339

1219 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,	1340 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,

1220 0, dpass, e,	1341 0, dpass, e,

1221 "second certificate private key file");	1342 "second certificate private key file");

1222 if (!s_dkey)	1343 if (!s_dkey)

(...skipping 98 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1321 }	1442 }

1322 #endif	1443 #endif

1323	1444

1324 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) \|\|	1445 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) \|\|

1325 (!SSL_CTX_set_default_verify_paths(ctx)))	1446 (!SSL_CTX_set_default_verify_paths(ctx)))

1326 {	1447 {

1327 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */	1448 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */

1328 ERR_print_errors(bio_err);	1449 ERR_print_errors(bio_err);

1329 /* goto end; */	1450 /* goto end; */

1330 }	1451 }

1331 » store = SSL_CTX_get_cert_store(ctx);	1452 » if (vpm)

1332 » X509_STORE_set_flags(store, vflags);	1453 » » SSL_CTX_set1_param(ctx, vpm);

	1454

1333 #ifndef OPENSSL_NO_TLSEXT	1455 #ifndef OPENSSL_NO_TLSEXT

1334 if (s_cert2)	1456 if (s_cert2)

1335 {	1457 {

1336 ctx2=SSL_CTX_new(meth);	1458 ctx2=SSL_CTX_new(meth);

1337 if (ctx2 == NULL)	1459 if (ctx2 == NULL)

1338 {	1460 {

1339 ERR_print_errors(bio_err);	1461 ERR_print_errors(bio_err);

1340 goto end;	1462 goto end;

1341 }	1463 }

1342 }	1464 }

(...skipping 15 matching lines...) Expand all Loading...
1358 BIO_printf(bio_err,"error setting 'id_prefix'\n" );	1480 BIO_printf(bio_err,"error setting 'id_prefix'\n" );

1359 ERR_print_errors(bio_err);	1481 ERR_print_errors(bio_err);

1360 goto end;	1482 goto end;

1361 }	1483 }

1362 BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_p refix);	1484 BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_p refix);

1363 }	1485 }

1364 SSL_CTX_set_quiet_shutdown(ctx2,1);	1486 SSL_CTX_set_quiet_shutdown(ctx2,1);

1365 if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);	1487 if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);

1366 if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_C HANGE_BUG);	1488 if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_C HANGE_BUG);

1367 SSL_CTX_set_options(ctx2,off);	1489 SSL_CTX_set_options(ctx2,off);

1368

1369 /* DTLS: partial reads end up discarding unread UDP bytes :-(	1490 /* DTLS: partial reads end up discarding unread UDP bytes :-(

1370 * Setting read ahead solves this problem.	1491 * Setting read ahead solves this problem.

1371 */	1492 */

1372 if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);	1493 if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);

1373	1494

1374

1375 if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback );	1495 if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback );

1376	1496

1377 if (no_cache)	1497 if (no_cache)

1378 SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);	1498 SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);

1379 else	1499 else

1380 SSL_CTX_sess_set_cache_size(ctx2,128);	1500 SSL_CTX_sess_set_cache_size(ctx2,128);

1381	1501

1382 if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) \|\|	1502 if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) \|\|

1383 (!SSL_CTX_set_default_verify_paths(ctx2)))	1503 (!SSL_CTX_set_default_verify_paths(ctx2)))

1384 {	1504 {

1385 ERR_print_errors(bio_err);	1505 ERR_print_errors(bio_err);

1386 }	1506 }

1387 » » store = SSL_CTX_get_cert_store(ctx2);	1507 » » if (vpm)

1388 » » X509_STORE_set_flags(store, vflags);	1508 » » » SSL_CTX_set1_param(ctx2, vpm);

1389 }	1509 }

1390	1510

	1511 # ifndef OPENSSL_NO_NEXTPROTONEG

1391 if (next_proto.data)	1512 if (next_proto.data)

1392 {

1393 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_ proto);	1513 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_ proto);

1394 » » }	1514 # endif

1395 #endif	1515 #endif

1396	1516

1397 if (snapstart)

1398 {

1399 static const unsigned char orbit[8] = {1, 2, 3, 4, 5, 6, 7, 8};

1400 SSL_CTX_set_snap_start_orbit(ctx, orbit);

1401 }

1402

1403 #ifndef OPENSSL_NO_DH	1517 #ifndef OPENSSL_NO_DH

1404 if (!no_dhe)	1518 if (!no_dhe)

1405 {	1519 {

1406 DH *dh=NULL;	1520 DH *dh=NULL;

1407	1521

1408 if (dhfile)	1522 if (dhfile)

1409 dh = load_dh_param(dhfile);	1523 dh = load_dh_param(dhfile);

1410 else if (s_cert_file)	1524 else if (s_cert_file)

1411 dh = load_dh_param(s_cert_file);	1525 dh = load_dh_param(s_cert_file);

1412	1526

(...skipping 55 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1468 }	1582 }

1469 }	1583 }

1470	1584

1471 if (ecdh != NULL)	1585 if (ecdh != NULL)

1472 {	1586 {

1473 BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");	1587 BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");

1474 }	1588 }

1475 else	1589 else

1476 {	1590 {

1477 BIO_printf(bio_s_out,"Using default temp ECDH parameters \n");	1591 BIO_printf(bio_s_out,"Using default temp ECDH parameters \n");

1478 » » » ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);	1592 » » » ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);

1479 if (ecdh == NULL)	1593 if (ecdh == NULL)

1480 {	1594 {

1481 » » » » BIO_printf(bio_err, "unable to create curve (sec t163r2)\n");	1595 » » » » BIO_printf(bio_err, "unable to create curve (nis tp256)\n");

1482 goto end;	1596 goto end;

1483 }	1597 }

1484 }	1598 }

1485 (void)BIO_flush(bio_s_out);	1599 (void)BIO_flush(bio_s_out);

1486	1600

1487 SSL_CTX_set_tmp_ecdh(ctx,ecdh);	1601 SSL_CTX_set_tmp_ecdh(ctx,ecdh);

1488 #ifndef OPENSSL_NO_TLSEXT	1602 #ifndef OPENSSL_NO_TLSEXT

1489 if (ctx2)	1603 if (ctx2)

1490 SSL_CTX_set_tmp_ecdh(ctx2,ecdh);	1604 SSL_CTX_set_tmp_ecdh(ctx2,ecdh);

1491 #endif	1605 #endif

(...skipping 14 matching lines...) Expand all Loading...
1506 }	1620 }

1507	1621

1508 #ifndef OPENSSL_NO_RSA	1622 #ifndef OPENSSL_NO_RSA

1509 #if 1	1623 #if 1

1510 if (!no_tmp_rsa)	1624 if (!no_tmp_rsa)

1511 {	1625 {

1512 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);	1626 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);

1513 #ifndef OPENSSL_NO_TLSEXT	1627 #ifndef OPENSSL_NO_TLSEXT

1514 if (ctx2)	1628 if (ctx2)

1515 SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);	1629 SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);

1516 #endif»	1630 #endif» »

1517 }	1631 }

1518 #else	1632 #else

1519 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))	1633 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))

1520 {	1634 {

1521 RSA *rsa;	1635 RSA *rsa;

1522	1636

1523 BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");	1637 BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");

1524 BIO_flush(bio_s_out);	1638 BIO_flush(bio_s_out);

1525	1639

1526 rsa=RSA_generate_key(512,RSA_F4,NULL);	1640 rsa=RSA_generate_key(512,RSA_F4,NULL);

1527	1641

1528 if (!SSL_CTX_set_tmp_rsa(ctx,rsa))	1642 if (!SSL_CTX_set_tmp_rsa(ctx,rsa))

1529 {	1643 {

1530 ERR_print_errors(bio_err);	1644 ERR_print_errors(bio_err);

1531 goto end;	1645 goto end;

1532 }	1646 }

1533 #ifndef OPENSSL_NO_TLSEXT	1647 #ifndef OPENSSL_NO_TLSEXT

1534 if (ctx2)	1648 if (ctx2)

1535 {	1649 {

1536 if (!SSL_CTX_set_tmp_rsa(ctx2,rsa))	1650 if (!SSL_CTX_set_tmp_rsa(ctx2,rsa))

1537 {	1651 {

1538 ERR_print_errors(bio_err);	1652 ERR_print_errors(bio_err);

1539 goto end;	1653 goto end;

1540 }	1654 }

1541 }	1655 }

	1656 # ifndef OPENSSL_NO_NEXTPROTONEG

	1657 if (next_proto_neg_in)

	1658 {

	1659 unsigned short len;

	1660 next_proto.data = next_protos_parse(&len,

	1661 next_proto_neg_in);

	1662 if (next_proto.data == NULL)

	1663 goto end;

	1664 next_proto.len = len;

	1665 }

	1666 else

	1667 {

	1668 next_proto.data = NULL;

	1669 }

	1670 # endif

1542 #endif	1671 #endif

1543 RSA_free(rsa);	1672 RSA_free(rsa);

1544 BIO_printf(bio_s_out,"\n");	1673 BIO_printf(bio_s_out,"\n");

1545 }	1674 }

1546 #endif	1675 #endif

1547 #endif	1676 #endif

1548	1677

1549 » if (cipher != NULL)	1678 #ifndef OPENSSL_NO_PSK

1550 » » if(!SSL_CTX_set_cipher_list(ctx,cipher)) {	1679 #ifdef OPENSSL_NO_JPAKE

1551 » » BIO_printf(bio_err,"error setting cipher list\n");	1680 » if (psk_key != NULL)

	1681 #else

	1682 » if (psk_key != NULL \|\| jpake_secret)

	1683 #endif

	1684 » » {

	1685 » » if (s_debug)

	1686 » » » BIO_printf(bio_s_out, "PSK key given or JPAKE in use, se tting server callback\n");

	1687 » » SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);

	1688 » » }

	1689

	1690 » if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint))

	1691 » » {

	1692 » » BIO_printf(bio_err,"error setting PSK identity hint to context\n ");

1552 ERR_print_errors(bio_err);	1693 ERR_print_errors(bio_err);

1553 goto end;	1694 goto end;

	1695 }

	1696 #endif

	1697

	1698 if (cipher != NULL)

	1699 {

	1700 if(!SSL_CTX_set_cipher_list(ctx,cipher))

	1701 {

	1702 BIO_printf(bio_err,"error setting cipher list\n");

	1703 ERR_print_errors(bio_err);

	1704 goto end;

	1705 }

1554 #ifndef OPENSSL_NO_TLSEXT	1706 #ifndef OPENSSL_NO_TLSEXT

1555 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))	1707 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))

1556 {	1708 {

1557 BIO_printf(bio_err,"error setting cipher list\n");	1709 BIO_printf(bio_err,"error setting cipher list\n");

1558 ERR_print_errors(bio_err);	1710 ERR_print_errors(bio_err);

1559 goto end;	1711 goto end;

1560 }	1712 }

1561 #endif	1713 #endif

1562 » }	1714 » » }

1563 SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);	1715 SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);

1564 SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,	1716 SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,

1565 sizeof s_server_session_id_context);	1717 sizeof s_server_session_id_context);

1566	1718

1567 /* Set DTLS cookie generation and verification callbacks */	1719 /* Set DTLS cookie generation and verification callbacks */

1568 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);	1720 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);

1569 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);	1721 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);

1570	1722

1571 #ifndef OPENSSL_NO_TLSEXT	1723 #ifndef OPENSSL_NO_TLSEXT

1572 if (ctx2)	1724 if (ctx2)

1573 {	1725 {

1574 SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback);	1726 SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback);

1575 SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_ context,	1727 SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_ context,

1576 sizeof s_server_session_id_context);	1728 sizeof s_server_session_id_context);

1577	1729

1578 tlsextcbp.biodebug = bio_s_out;	1730 tlsextcbp.biodebug = bio_s_out;

1579 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);	1731 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);

1580 SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);	1732 SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);

1581 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);	1733 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);

1582 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);	1734 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);

1583 }	1735 }

1584 #endif	1736 #endif

	1737

1585 if (CAfile != NULL)	1738 if (CAfile != NULL)

1586 {	1739 {

1587 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));	1740 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));

1588 #ifndef OPENSSL_NO_TLSEXT	1741 #ifndef OPENSSL_NO_TLSEXT

1589 if (ctx2)	1742 if (ctx2)

1590 SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file( CAfile));	1743 SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file( CAfile));

1591 #endif	1744 #endif

1592 }	1745 }

	1746

1593 BIO_printf(bio_s_out,"ACCEPT\n");	1747 BIO_printf(bio_s_out,"ACCEPT\n");

	1748 (void)BIO_flush(bio_s_out);

1594 if (www)	1749 if (www)

1595 do_server(port,socket_type,&accept_socket,www_body, context);	1750 do_server(port,socket_type,&accept_socket,www_body, context);

1596 else	1751 else

1597 do_server(port,socket_type,&accept_socket,sv_body, context);	1752 do_server(port,socket_type,&accept_socket,sv_body, context);

1598 print_stats(bio_s_out,ctx);	1753 print_stats(bio_s_out,ctx);

1599 ret=0;	1754 ret=0;

1600 end:	1755 end:

1601 if (ctx != NULL) SSL_CTX_free(ctx);	1756 if (ctx != NULL) SSL_CTX_free(ctx);

1602 if (s_cert)	1757 if (s_cert)

1603 X509_free(s_cert);	1758 X509_free(s_cert);

(...skipping 51 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1655 static int sv_body(char hostname, int s, unsigned char context)	1810 static int sv_body(char hostname, int s, unsigned char context)

1656 {	1811 {

1657 char *buf=NULL;	1812 char *buf=NULL;

1658 fd_set readfds;	1813 fd_set readfds;

1659 int ret=1,width;	1814 int ret=1,width;

1660 int k,i;	1815 int k,i;

1661 unsigned long l;	1816 unsigned long l;

1662 SSL *con=NULL;	1817 SSL *con=NULL;

1663 BIO *sbio;	1818 BIO *sbio;

1664 struct timeval timeout;	1819 struct timeval timeout;

1665 #if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSS L_SYS_NETWARE)	1820 #if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSS L_SYS_NETWARE) \|\| defined(OPENSSL_SYS_BEOS_R5)

1666 struct timeval tv;	1821 struct timeval tv;

1667 #else	1822 #else

1668 struct timeval *timeoutp;	1823 struct timeval *timeoutp;

1669 #endif	1824 #endif

1670	1825

1671 if ((buf=OPENSSL_malloc(bufsize)) == NULL)	1826 if ((buf=OPENSSL_malloc(bufsize)) == NULL)

1672 {	1827 {

1673 BIO_printf(bio_err,"out of memory\n");	1828 BIO_printf(bio_err,"out of memory\n");

1674 goto err;	1829 goto err;

1675 }	1830 }

(...skipping 31 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1707 KRB5SVC);	1862 KRB5SVC);

1708 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,	1863 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,

1709 KRB5KEYTAB);	1864 KRB5KEYTAB);

1710 }	1865 }

1711 #endif /* OPENSSL_NO_KRB5 */	1866 #endif /* OPENSSL_NO_KRB5 */

1712 if(context)	1867 if(context)

1713 SSL_set_session_id_context(con, context,	1868 SSL_set_session_id_context(con, context,

1714 strlen((char *)context));	1869 strlen((char *)context));

1715 }	1870 }

1716 SSL_clear(con);	1871 SSL_clear(con);

	1872 #if 0

	1873 #ifdef TLSEXT_TYPE_opaque_prf_input

	1874 SSL_set_tlsext_opaque_prf_input(con, "Test server", 11);

	1875 #endif

	1876 #endif

1717	1877

1718 if (SSL_version(con) == DTLS1_VERSION)	1878 if (SSL_version(con) == DTLS1_VERSION)

1719 {	1879 {

1720	1880

1721 sbio=BIO_new_dgram(s,BIO_NOCLOSE);	1881 sbio=BIO_new_dgram(s,BIO_NOCLOSE);

1722	1882

1723 » » if ( enable_timeouts)	1883 » » if (enable_timeouts)

1724 {	1884 {

1725 timeout.tv_sec = 0;	1885 timeout.tv_sec = 0;

1726 timeout.tv_usec = DGRAM_RCV_TIMEOUT;	1886 timeout.tv_usec = DGRAM_RCV_TIMEOUT;

1727 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &time out);	1887 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &time out);

1728	1888

1729 timeout.tv_sec = 0;	1889 timeout.tv_sec = 0;

1730 timeout.tv_usec = DGRAM_SND_TIMEOUT;	1890 timeout.tv_usec = DGRAM_SND_TIMEOUT;

1731 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &time out);	1891 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &time out);

1732 }	1892 }

1733	1893

1734

1735 if (socket_mtu > 28)	1894 if (socket_mtu > 28)

1736 {	1895 {

1737 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);	1896 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);

1738 SSL_set_mtu(con, socket_mtu - 28);	1897 SSL_set_mtu(con, socket_mtu - 28);

1739 }	1898 }

1740 else	1899 else

1741 /* want to do MTU discovery */	1900 /* want to do MTU discovery */

1742 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);	1901 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);

1743	1902

1744 /* turn on cookie exchange */	1903 /* turn on cookie exchange */

(...skipping 42 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1787 {	1946 {

1788 int read_from_terminal;	1947 int read_from_terminal;

1789 int read_from_sslcon;	1948 int read_from_sslcon;

1790	1949

1791 read_from_terminal = 0;	1950 read_from_terminal = 0;

1792 read_from_sslcon = SSL_pending(con);	1951 read_from_sslcon = SSL_pending(con);

1793	1952

1794 if (!read_from_sslcon)	1953 if (!read_from_sslcon)

1795 {	1954 {

1796 FD_ZERO(&readfds);	1955 FD_ZERO(&readfds);

1797 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPE NSSL_SYS_NETWARE)	1956 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPE NSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5)

1798 » » » FD_SET(fileno(stdin),&readfds);	1957 » » » openssl_fdset(fileno(stdin),&readfds);

1799 #endif	1958 #endif

1800 » » » FD_SET(s,&readfds);	1959 » » » openssl_fdset(s,&readfds);

1801 /* Note: under VMS with SOCKETSHR the second parameter i s	1960 /* Note: under VMS with SOCKETSHR the second parameter i s

1802 * currently of type (int *) whereas under other systems	1961 * currently of type (int *) whereas under other systems

1803 * it is (void *) if you don't have a cast it will choke	1962 * it is (void *) if you don't have a cast it will choke

1804 * the compiler: if you do have a cast then you can eith er	1963 * the compiler: if you do have a cast then you can eith er

1805 * go for (int ) or (void ).	1964 * go for (int ) or (void ).

1806 */	1965 */

1807 #if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSS L_SYS_NETWARE)	1966 #if defined(OPENSSL_SYS_WINDOWS) \|\| defined(OPENSSL_SYS_MSDOS) \|\| defined(OPENSS L_SYS_NETWARE)

1808 /* Under DOS (non-djgpp) and Windows we can't select on stdin: only	1967 /* Under DOS (non-djgpp) and Windows we can't select on stdin: only

1809 * on sockets. As a workaround we timeout the select eve ry	1968 * on sockets. As a workaround we timeout the select eve ry

1810 * second and check for any keypress. In a proper Window s	1969 * second and check for any keypress. In a proper Window s

1811 * application we wouldn't do this because it is ineffic ient.	1970 * application we wouldn't do this because it is ineffic ient.

1812 */	1971 */

1813 tv.tv_sec = 1;	1972 tv.tv_sec = 1;

1814 tv.tv_usec = 0;	1973 tv.tv_usec = 0;

1815 i=select(width,(void *)&readfds,NULL,NULL,&tv);	1974 i=select(width,(void *)&readfds,NULL,NULL,&tv);

1816 if((i < 0) \|\| (!i && !_kbhit() ) )continue;	1975 if((i < 0) \|\| (!i && !_kbhit() ) )continue;

1817 if(_kbhit())	1976 if(_kbhit())

1818 read_from_terminal = 1;	1977 read_from_terminal = 1;

	1978 #elif defined(OPENSSL_SYS_BEOS_R5)

	1979 /* Under BeOS-R5 the situation is similar to DOS */

	1980 tv.tv_sec = 1;

	1981 tv.tv_usec = 0;

	1982 (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);

	1983 i=select(width,(void *)&readfds,NULL,NULL,&tv);

	1984 if ((i < 0) \|\| (!i && read(fileno(stdin), buf, 0) < 0))

	1985 continue;

	1986 if (read(fileno(stdin), buf, 0) >= 0)

	1987 read_from_terminal = 1;

	1988 (void)fcntl(fileno(stdin), F_SETFL, 0);

1819 #else	1989 #else

1820 if ((SSL_version(con) == DTLS1_VERSION) &&	1990 if ((SSL_version(con) == DTLS1_VERSION) &&

1821 DTLSv1_get_timeout(con, &timeout))	1991 DTLSv1_get_timeout(con, &timeout))

1822 timeoutp = &timeout;	1992 timeoutp = &timeout;

1823 else	1993 else

1824 timeoutp = NULL;	1994 timeoutp = NULL;

1825	1995

1826 i=select(width,(void *)&readfds,NULL,NULL,timeoutp);	1996 i=select(width,(void *)&readfds,NULL,NULL,timeoutp);

1827	1997

1828 if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle _timeout(con) > 0)	1998 if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle _timeout(con) > 0)

1829 {	1999 {

1830 BIO_printf(bio_err,"TIMEOUT occured\n");	2000 BIO_printf(bio_err,"TIMEOUT occured\n");

1831 }	2001 }

1832	2002

1833 if (i <= 0) continue;	2003 if (i <= 0) continue;

1834 if (FD_ISSET(fileno(stdin),&readfds))	2004 if (FD_ISSET(fileno(stdin),&readfds))

1835 read_from_terminal = 1;	2005 read_from_terminal = 1;

1836 #endif	2006 #endif

1837 if (FD_ISSET(s,&readfds))	2007 if (FD_ISSET(s,&readfds))

1838 read_from_sslcon = 1;	2008 read_from_sslcon = 1;

1839 }	2009 }

1840 if (read_from_terminal)	2010 if (read_from_terminal)

1841 {	2011 {

1842 if (s_crlf)	2012 if (s_crlf)

1843 {	2013 {

1844 int j, lf_num;	2014 int j, lf_num;

1845	2015

1846 » » » » i=read(fileno(stdin), buf, bufsize/2);	2016 » » » » i=raw_read_stdin(buf, bufsize/2);

1847 lf_num = 0;	2017 lf_num = 0;

1848 /* both loops are skipped when i <= 0 */	2018 /* both loops are skipped when i <= 0 */

1849 for (j = 0; j < i; j++)	2019 for (j = 0; j < i; j++)

1850 if (buf[j] == '\n')	2020 if (buf[j] == '\n')

1851 lf_num++;	2021 lf_num++;

1852 for (j = i-1; j >= 0; j--)	2022 for (j = i-1; j >= 0; j--)

1853 {	2023 {

1854 buf[j+lf_num] = buf[j];	2024 buf[j+lf_num] = buf[j];

1855 if (buf[j] == '\n')	2025 if (buf[j] == '\n')

1856 {	2026 {

1857 lf_num--;	2027 lf_num--;

1858 i++;	2028 i++;

1859 buf[j+lf_num] = '\r';	2029 buf[j+lf_num] = '\r';

1860 }	2030 }

1861 }	2031 }

1862 assert(lf_num == 0);	2032 assert(lf_num == 0);

1863 }	2033 }

1864 else	2034 else

1865 » » » » i=read(fileno(stdin),buf,bufsize);	2035 » » » » i=raw_read_stdin(buf,bufsize);

1866 if (!s_quiet)	2036 if (!s_quiet)

1867 {	2037 {

1868 if ((i <= 0) \|\| (buf[0] == 'Q'))	2038 if ((i <= 0) \|\| (buf[0] == 'Q'))

1869 {	2039 {

1870 BIO_printf(bio_s_out,"DONE\n");	2040 BIO_printf(bio_s_out,"DONE\n");

1871 SHUTDOWN(s);	2041 SHUTDOWN(s);

1872 close_accept_socket();	2042 close_accept_socket();

1873 ret= -11;	2043 ret= -11;

1874 goto err;	2044 goto err;

1875 }	2045 }

1876 if ((i <= 0) \|\| (buf[0] == 'q'))	2046 if ((i <= 0) \|\| (buf[0] == 'q'))

1877 {	2047 {

1878 BIO_printf(bio_s_out,"DONE\n");	2048 BIO_printf(bio_s_out,"DONE\n");

1879 if (SSL_version(con) != DTLS1_VERSION)	2049 if (SSL_version(con) != DTLS1_VERSION)

1880 SHUTDOWN(s);	2050 SHUTDOWN(s);

1881 /* close_accept_socket();	2051 /* close_accept_socket();

1882 ret= -11;*/	2052 ret= -11;*/

1883 goto err;	2053 goto err;

1884 }	2054 }

	2055

1885 if ((buf[0] == 'r') &&	2056 if ((buf[0] == 'r') &&

1886 ((buf[1] == '\n') \|\| (buf[1] == '\r')))	2057 ((buf[1] == '\n') \|\| (buf[1] == '\r')))

1887 {	2058 {

1888 SSL_renegotiate(con);	2059 SSL_renegotiate(con);

1889 i=SSL_do_handshake(con);	2060 i=SSL_do_handshake(con);

1890 printf("SSL_do_handshake -> %d\n",i);	2061 printf("SSL_do_handshake -> %d\n",i);

1891 i=0; /13; /	2062 i=0; /13; /

1892 continue;	2063 continue;

1893 /* strcpy(buf,"server side RE-NEGOTIATE\ n"); */	2064 /* strcpy(buf,"server side RE-NEGOTIATE\ n"); */

1894 }	2065 }

(...skipping 76 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1971 else	2142 else

1972 {	2143 {

1973 again:	2144 again:

1974 i=SSL_read(con,(char *)buf,bufsize);	2145 i=SSL_read(con,(char *)buf,bufsize);

1975 switch (SSL_get_error(con,i))	2146 switch (SSL_get_error(con,i))

1976 {	2147 {

1977 case SSL_ERROR_NONE:	2148 case SSL_ERROR_NONE:

1978 #ifdef CHARSET_EBCDIC	2149 #ifdef CHARSET_EBCDIC

1979 ascii2ebcdic(buf,buf,i);	2150 ascii2ebcdic(buf,buf,i);

1980 #endif	2151 #endif

1981 » » » » » write(fileno(stdout),buf,	2152 » » » » » raw_write_stdout(buf,

1982 (unsigned int)i);	2153 (unsigned int)i);

1983 if (SSL_pending(con)) goto again;	2154 if (SSL_pending(con)) goto again;

1984 break;	2155 break;

1985 case SSL_ERROR_WANT_WRITE:	2156 case SSL_ERROR_WANT_WRITE:

1986 case SSL_ERROR_WANT_READ:	2157 case SSL_ERROR_WANT_READ:

1987 case SSL_ERROR_WANT_X509_LOOKUP:	2158 case SSL_ERROR_WANT_X509_LOOKUP:

1988 BIO_printf(bio_s_out,"Read BLOCK\n");	2159 BIO_printf(bio_s_out,"Read BLOCK\n");

1989 break;	2160 break;

1990 case SSL_ERROR_SYSCALL:	2161 case SSL_ERROR_SYSCALL:

1991 case SSL_ERROR_SSL:	2162 case SSL_ERROR_SSL:

1992 BIO_printf(bio_s_out,"ERROR\n");	2163 BIO_printf(bio_s_out,"ERROR\n");

1993 ERR_print_errors(bio_err);	2164 ERR_print_errors(bio_err);

1994 ret=1;	2165 ret=1;

1995 goto err;	2166 goto err;

1996 case SSL_ERROR_ZERO_RETURN:	2167 case SSL_ERROR_ZERO_RETURN:

1997 BIO_printf(bio_s_out,"DONE\n");	2168 BIO_printf(bio_s_out,"DONE\n");

1998 ret=1;	2169 ret=1;

1999 goto err;	2170 goto err;

2000 }	2171 }

2001 }	2172 }

2002 }	2173 }

2003 }	2174 }

2004 err:	2175 err:

2005 » BIO_printf(bio_s_out,"shutting down SSL\n");	2176 » if (con != NULL)

	2177 » » {

	2178 » » BIO_printf(bio_s_out,"shutting down SSL\n");

2006 #if 1	2179 #if 1

2007 » SSL_set_shutdown(con,SSL_SENT_SHUTDOWN\|SSL_RECEIVED_SHUTDOWN);	2180 » » SSL_set_shutdown(con,SSL_SENT_SHUTDOWN\|SSL_RECEIVED_SHUTDOWN);

2008 #else	2181 #else

2009 » SSL_shutdown(con);	2182 » » SSL_shutdown(con);

2010 #endif	2183 #endif

2011 » if (con != NULL) SSL_free(con);	2184 » » SSL_free(con);

	2185 » » }

2012 BIO_printf(bio_s_out,"CONNECTION CLOSED\n");	2186 BIO_printf(bio_s_out,"CONNECTION CLOSED\n");

2013 if (buf != NULL)	2187 if (buf != NULL)

2014 {	2188 {

2015 OPENSSL_cleanse(buf,bufsize);	2189 OPENSSL_cleanse(buf,bufsize);

2016 OPENSSL_free(buf);	2190 OPENSSL_free(buf);

2017 }	2191 }

2018 if (ret >= 0)	2192 if (ret >= 0)

2019 BIO_printf(bio_s_out,"ACCEPT\n");	2193 BIO_printf(bio_s_out,"ACCEPT\n");

2020 return(ret);	2194 return(ret);

2021 }	2195 }

2022	2196

2023 static void close_accept_socket(void)	2197 static void close_accept_socket(void)

2024 {	2198 {

2025 BIO_printf(bio_err,"shutdown accept socket\n");	2199 BIO_printf(bio_err,"shutdown accept socket\n");

2026 if (accept_socket >= 0)	2200 if (accept_socket >= 0)

2027 {	2201 {

2028 SHUTDOWN2(accept_socket);	2202 SHUTDOWN2(accept_socket);

2029 }	2203 }

2030 }	2204 }

2031	2205

2032 static int init_ssl_connection(SSL *con)	2206 static int init_ssl_connection(SSL *con)

2033 {	2207 {

2034 int i;	2208 int i;

2035 const char *str;	2209 const char *str;

2036 X509 *peer;	2210 X509 *peer;

2037 long verify_error;	2211 long verify_error;

2038 MS_STATIC char buf[BUFSIZ];	2212 MS_STATIC char buf[BUFSIZ];

2039 #ifndef OPENSSL_NO_TLSEXT	2213 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

2040 const unsigned char *next_proto_neg;	2214 const unsigned char *next_proto_neg;

2041 unsigned next_proto_neg_len;	2215 unsigned next_proto_neg_len;

2042 #endif	2216 #endif

2043	2217

2044 again:

2045 if ((i=SSL_accept(con)) <= 0)	2218 if ((i=SSL_accept(con)) <= 0)

2046 {	2219 {

2047 if (BIO_sock_should_retry(i))	2220 if (BIO_sock_should_retry(i))

2048 {	2221 {

2049 BIO_printf(bio_s_out,"DELAY\n");	2222 BIO_printf(bio_s_out,"DELAY\n");

2050 return(1);	2223 return(1);

2051 }	2224 }

2052	2225

2053 if (SSL_get_error(con, i) == SSL_ERROR_SERVER_RANDOM_VALIDATION_ PENDING)

2054 {

2055 SSL_set_suggested_server_random_validity(con, 1);

2056 goto again;

2057 }

2058

2059 BIO_printf(bio_err,"ERROR\n");	2226 BIO_printf(bio_err,"ERROR\n");

2060 verify_error=SSL_get_verify_result(con);	2227 verify_error=SSL_get_verify_result(con);

2061 if (verify_error != X509_V_OK)	2228 if (verify_error != X509_V_OK)

2062 {	2229 {

2063 BIO_printf(bio_err,"verify error:%s\n",	2230 BIO_printf(bio_err,"verify error:%s\n",

2064 X509_verify_cert_error_string(verify_error));	2231 X509_verify_cert_error_string(verify_error));

2065 }	2232 }

2066 else	2233 else

2067 ERR_print_errors(bio_err);	2234 ERR_print_errors(bio_err);

2068 return(0);	2235 return(0);

(...skipping 10 matching lines...) Expand all Loading...
2079 BIO_printf(bio_s_out,"subject=%s\n",buf);	2246 BIO_printf(bio_s_out,"subject=%s\n",buf);

2080 X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);	2247 X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);

2081 BIO_printf(bio_s_out,"issuer=%s\n",buf);	2248 BIO_printf(bio_s_out,"issuer=%s\n",buf);

2082 X509_free(peer);	2249 X509_free(peer);

2083 }	2250 }

2084	2251

2085 if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)	2252 if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)

2086 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);	2253 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);

2087 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));	2254 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));

2088 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");	2255 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");

2089 #ifndef OPENSSL_NO_TLSEXT	2256 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

2090 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len );	2257 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len );

2091 » if (next_proto_neg) {	2258 » if (next_proto_neg)

	2259 » » {

2092 BIO_printf(bio_s_out,"NEXTPROTO is ");	2260 BIO_printf(bio_s_out,"NEXTPROTO is ");

2093 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);	2261 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);

2094 BIO_printf(bio_s_out, "\n");	2262 BIO_printf(bio_s_out, "\n");

2095 » }	2263 » » }

2096 #endif	2264 #endif

2097 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");	2265 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");

2098 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &	2266 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &

2099 TLS1_FLAGS_TLS_PADDING_BUG)	2267 TLS1_FLAGS_TLS_PADDING_BUG)

2100 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n") ;	2268 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n") ;

2101 #ifndef OPENSSL_NO_KRB5	2269 #ifndef OPENSSL_NO_KRB5

2102 if (con->kssl_ctx->client_princ != NULL)	2270 if (con->kssl_ctx->client_princ != NULL)

2103 {	2271 {

2104 BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",	2272 BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",

2105 con->kssl_ctx->client_princ);	2273 con->kssl_ctx->client_princ);

(...skipping 37 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2143 if (x != NULL) X509_free(x);	2311 if (x != NULL) X509_free(x);

2144 fclose(in);	2312 fclose(in);

2145 return(1);	2313 return(1);

2146 }	2314 }

2147 #endif	2315 #endif

2148	2316

2149 static int www_body(char hostname, int s, unsigned char context)	2317 static int www_body(char hostname, int s, unsigned char context)

2150 {	2318 {

2151 char *buf=NULL;	2319 char *buf=NULL;

2152 int ret=1;	2320 int ret=1;

2153 » int i,j,k,blank,dot;	2321 » int i,j,k,dot;

2154 » struct stat st_buf;

2155 SSL *con;	2322 SSL *con;

2156 » SSL_CIPHER *c;	2323 » const SSL_CIPHER *c;

2157 BIO io,ssl_bio,*sbio;	2324 BIO io,ssl_bio,*sbio;

2158 long total_bytes;

2159	2325

2160 buf=OPENSSL_malloc(bufsize);	2326 buf=OPENSSL_malloc(bufsize);

2161 if (buf == NULL) return(0);	2327 if (buf == NULL) return(0);

2162 io=BIO_new(BIO_f_buffer());	2328 io=BIO_new(BIO_f_buffer());

2163 ssl_bio=BIO_new(BIO_f_ssl());	2329 ssl_bio=BIO_new(BIO_f_ssl());

2164 if ((io == NULL) \|\| (ssl_bio == NULL)) goto err;	2330 if ((io == NULL) \|\| (ssl_bio == NULL)) goto err;

2165	2331

2166 #ifdef FIONBIO	2332 #ifdef FIONBIO

2167 if (s_nbio)	2333 if (s_nbio)

2168 {	2334 {

(...skipping 50 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2219 con->debug=1;	2385 con->debug=1;

2220 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);	2386 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);

2221 BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);	2387 BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);

2222 }	2388 }

2223 if (s_msg)	2389 if (s_msg)

2224 {	2390 {

2225 SSL_set_msg_callback(con, msg_cb);	2391 SSL_set_msg_callback(con, msg_cb);

2226 SSL_set_msg_callback_arg(con, bio_s_out);	2392 SSL_set_msg_callback_arg(con, bio_s_out);

2227 }	2393 }

2228	2394

2229 blank=0;

2230 for (;;)	2395 for (;;)

2231 {	2396 {

2232 if (hack)	2397 if (hack)

2233 {	2398 {

2234 i=SSL_accept(con);	2399 i=SSL_accept(con);

2235	2400

2236 switch (SSL_get_error(con,i))	2401 switch (SSL_get_error(con,i))

2237 {	2402 {

2238 case SSL_ERROR_NONE:	2403 case SSL_ERROR_NONE:

2239 break;	2404 break;

2240 case SSL_ERROR_WANT_WRITE:	2405 case SSL_ERROR_WANT_WRITE:

2241 case SSL_ERROR_WANT_READ:	2406 case SSL_ERROR_WANT_READ:

2242 case SSL_ERROR_WANT_X509_LOOKUP:	2407 case SSL_ERROR_WANT_X509_LOOKUP:

2243 continue;	2408 continue;

2244 case SSL_ERROR_SERVER_RANDOM_VALIDATION_PENDING:

2245 SSL_set_suggested_server_random_validity(con, 1) ;

2246 continue;

2247 case SSL_ERROR_SYSCALL:	2409 case SSL_ERROR_SYSCALL:

2248 case SSL_ERROR_SSL:	2410 case SSL_ERROR_SSL:

2249 case SSL_ERROR_ZERO_RETURN:	2411 case SSL_ERROR_ZERO_RETURN:

2250 ret=1;	2412 ret=1;

2251 goto err;	2413 goto err;

2252 /* break; */	2414 /* break; */

2253 }	2415 }

2254	2416

2255 SSL_renegotiate(con);	2417 SSL_renegotiate(con);

2256 SSL_write(con,NULL,0);	2418 SSL_write(con,NULL,0);

(...skipping 162 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2419 break;	2581 break;

2420 }	2582 }

2421	2583

2422 #if 0	2584 #if 0

2423 /* append if a directory lookup */	2585 /* append if a directory lookup */

2424 if (e[-1] == '/')	2586 if (e[-1] == '/')

2425 strcat(p,"index.html");	2587 strcat(p,"index.html");

2426 #endif	2588 #endif

2427	2589

2428 /* if a directory, do the index thang */	2590 /* if a directory, do the index thang */

2429 » » » if (stat(p,&st_buf) < 0)	2591 » » » if (app_isdir(p)>0)

2430 » » » » {

2431 » » » » BIO_puts(io,text);

2432 » » » » BIO_printf(io,"Error accessing '%s'\r\n",p);

2433 » » » » ERR_print_errors(io);

2434 » » » » break;

2435 » » » » }

2436 » » » if (S_ISDIR(st_buf.st_mode))

2437 {	2592 {

2438 #if 0 /* must check buffer size */	2593 #if 0 /* must check buffer size */

2439 strcat(p,"/index.html");	2594 strcat(p,"/index.html");

2440 #else	2595 #else

2441 BIO_puts(io,text);	2596 BIO_puts(io,text);

2442 BIO_printf(io,"'%s' is a directory\r\n",p);	2597 BIO_printf(io,"'%s' is a directory\r\n",p);

2443 break;	2598 break;

2444 #endif	2599 #endif

2445 }	2600 }

2446	2601

(...skipping 12 matching lines...) Expand all Loading...
2459 {	2614 {

2460 i=strlen(p);	2615 i=strlen(p);

2461 if ( ((i > 5) && (strcmp(&(p[i-5]),".html") = = 0)) \|\|	2616 if ( ((i > 5) && (strcmp(&(p[i-5]),".html") = = 0)) \|\|

2462 ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) \|\|	2617 ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) \|\|

2463 ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))	2618 ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))

2464 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent- type: text/html\r\n\r\n");	2619 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent- type: text/html\r\n\r\n");

2465 else	2620 else

2466 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent- type: text/plain\r\n\r\n");	2621 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent- type: text/plain\r\n\r\n");

2467 }	2622 }

2468 /* send the file */	2623 /* send the file */

2469 total_bytes=0;

2470 for (;;)	2624 for (;;)

2471 {	2625 {

2472 i=BIO_read(file,buf,bufsize);	2626 i=BIO_read(file,buf,bufsize);

2473 if (i <= 0) break;	2627 if (i <= 0) break;

2474	2628

2475 #ifdef RENEG	2629 #ifdef RENEG

2476 total_bytes+=i;	2630 total_bytes+=i;

2477 fprintf(stderr,"%d\n",i);	2631 fprintf(stderr,"%d\n",i);

2478 if (total_bytes > 3*1024)	2632 if (total_bytes > 3*1024)

2479 {	2633 {

(...skipping 109 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2589 memcpy(id, session_id_prefix,	2743 memcpy(id, session_id_prefix,

2590 (strlen(session_id_prefix) < *id_len) ?	2744 (strlen(session_id_prefix) < *id_len) ?

2591 strlen(session_id_prefix) : *id_len);	2745 strlen(session_id_prefix) : *id_len);

2592 }	2746 }

2593 while(SSL_has_matching_session_id(ssl, id, *id_len) &&	2747 while(SSL_has_matching_session_id(ssl, id, *id_len) &&

2594 (++count < MAX_SESSION_ID_ATTEMPTS));	2748 (++count < MAX_SESSION_ID_ATTEMPTS));

2595 if(count >= MAX_SESSION_ID_ATTEMPTS)	2749 if(count >= MAX_SESSION_ID_ATTEMPTS)

2596 return 0;	2750 return 0;

2597 return 1;	2751 return 1;

2598 }	2752 }

OLD	NEW

« no previous file with comments | « openssl/apps/s_client.c ('k') | openssl/apps/s_socket.c » ('j') | no next file with comments »