174664626SKris Kennaway /* apps/s_server.c */ 274664626SKris Kennaway /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 374664626SKris Kennaway * All rights reserved. 474664626SKris Kennaway * 574664626SKris Kennaway * This package is an SSL implementation written 674664626SKris Kennaway * by Eric Young (eay@cryptsoft.com). 774664626SKris Kennaway * The implementation was written so as to conform with Netscapes SSL. 874664626SKris Kennaway * 974664626SKris Kennaway * This library is free for commercial and non-commercial use as long as 1074664626SKris Kennaway * the following conditions are aheared to. The following conditions 1174664626SKris Kennaway * apply to all code found in this distribution, be it the RC4, RSA, 1274664626SKris Kennaway * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1374664626SKris Kennaway * included with this distribution is covered by the same copyright terms 1474664626SKris Kennaway * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1574664626SKris Kennaway * 1674664626SKris Kennaway * Copyright remains Eric Young's, and as such any Copyright notices in 1774664626SKris Kennaway * the code are not to be removed. 1874664626SKris Kennaway * If this package is used in a product, Eric Young should be given attribution 1974664626SKris Kennaway * as the author of the parts of the library used. 2074664626SKris Kennaway * This can be in the form of a textual message at program startup or 2174664626SKris Kennaway * in documentation (online or textual) provided with the package. 2274664626SKris Kennaway * 2374664626SKris Kennaway * Redistribution and use in source and binary forms, with or without 2474664626SKris Kennaway * modification, are permitted provided that the following conditions 2574664626SKris Kennaway * are met: 2674664626SKris Kennaway * 1. Redistributions of source code must retain the copyright 2774664626SKris Kennaway * notice, this list of conditions and the following disclaimer. 2874664626SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 2974664626SKris Kennaway * notice, this list of conditions and the following disclaimer in the 3074664626SKris Kennaway * documentation and/or other materials provided with the distribution. 3174664626SKris Kennaway * 3. All advertising materials mentioning features or use of this software 3274664626SKris Kennaway * must display the following acknowledgement: 3374664626SKris Kennaway * "This product includes cryptographic software written by 3474664626SKris Kennaway * Eric Young (eay@cryptsoft.com)" 3574664626SKris Kennaway * The word 'cryptographic' can be left out if the rouines from the library 3674664626SKris Kennaway * being used are not cryptographic related :-). 3774664626SKris Kennaway * 4. If you include any Windows specific code (or a derivative thereof) from 3874664626SKris Kennaway * the apps directory (application code) you must include an acknowledgement: 3974664626SKris Kennaway * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4074664626SKris Kennaway * 4174664626SKris Kennaway * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4274664626SKris Kennaway * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4374664626SKris Kennaway * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4474664626SKris Kennaway * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4574664626SKris Kennaway * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4674664626SKris Kennaway * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4774664626SKris Kennaway * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4874664626SKris Kennaway * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4974664626SKris Kennaway * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5074664626SKris Kennaway * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5174664626SKris Kennaway * SUCH DAMAGE. 5274664626SKris Kennaway * 5374664626SKris Kennaway * The licence and distribution terms for any publically available version or 5474664626SKris Kennaway * derivative of this code cannot be changed. i.e. this code cannot simply be 5574664626SKris Kennaway * copied and put under another distribution licence 5674664626SKris Kennaway * [including the GNU Public Licence.] 5774664626SKris Kennaway */ 585c87c606SMark Murray /* ==================================================================== 591f13597dSJung-uk Kim * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 605c87c606SMark Murray * 615c87c606SMark Murray * Redistribution and use in source and binary forms, with or without 625c87c606SMark Murray * modification, are permitted provided that the following conditions 635c87c606SMark Murray * are met: 645c87c606SMark Murray * 655c87c606SMark Murray * 1. Redistributions of source code must retain the above copyright 665c87c606SMark Murray * notice, this list of conditions and the following disclaimer. 675c87c606SMark Murray * 685c87c606SMark Murray * 2. Redistributions in binary form must reproduce the above copyright 695c87c606SMark Murray * notice, this list of conditions and the following disclaimer in 705c87c606SMark Murray * the documentation and/or other materials provided with the 715c87c606SMark Murray * distribution. 725c87c606SMark Murray * 735c87c606SMark Murray * 3. All advertising materials mentioning features or use of this 745c87c606SMark Murray * software must display the following acknowledgment: 755c87c606SMark Murray * "This product includes software developed by the OpenSSL Project 765c87c606SMark Murray * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 775c87c606SMark Murray * 785c87c606SMark Murray * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 795c87c606SMark Murray * endorse or promote products derived from this software without 805c87c606SMark Murray * prior written permission. For written permission, please contact 815c87c606SMark Murray * openssl-core@openssl.org. 825c87c606SMark Murray * 835c87c606SMark Murray * 5. Products derived from this software may not be called "OpenSSL" 845c87c606SMark Murray * nor may "OpenSSL" appear in their names without prior written 855c87c606SMark Murray * permission of the OpenSSL Project. 865c87c606SMark Murray * 875c87c606SMark Murray * 6. Redistributions of any form whatsoever must retain the following 885c87c606SMark Murray * acknowledgment: 895c87c606SMark Murray * "This product includes software developed by the OpenSSL Project 905c87c606SMark Murray * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 915c87c606SMark Murray * 925c87c606SMark Murray * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 935c87c606SMark Murray * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 945c87c606SMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 955c87c606SMark Murray * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 965c87c606SMark Murray * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 975c87c606SMark Murray * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 985c87c606SMark Murray * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 995c87c606SMark Murray * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1005c87c606SMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 1015c87c606SMark Murray * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 1025c87c606SMark Murray * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 1035c87c606SMark Murray * OF THE POSSIBILITY OF SUCH DAMAGE. 1045c87c606SMark Murray * ==================================================================== 1055c87c606SMark Murray * 1065c87c606SMark Murray * This product includes cryptographic software written by Eric Young 1075c87c606SMark Murray * (eay@cryptsoft.com). This product includes software written by Tim 1085c87c606SMark Murray * Hudson (tjh@cryptsoft.com). 1095c87c606SMark Murray * 1105c87c606SMark Murray */ 1113b4e3dcbSSimon L. B. Nielsen /* ==================================================================== 1123b4e3dcbSSimon L. B. Nielsen * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 1133b4e3dcbSSimon L. B. Nielsen * ECC cipher suite support in OpenSSL originally developed by 1143b4e3dcbSSimon L. B. Nielsen * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 1153b4e3dcbSSimon L. B. Nielsen */ 1161f13597dSJung-uk Kim /* ==================================================================== 1171f13597dSJung-uk Kim * Copyright 2005 Nokia. All rights reserved. 1181f13597dSJung-uk Kim * 1191f13597dSJung-uk Kim * The portions of the attached software ("Contribution") is developed by 1201f13597dSJung-uk Kim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 1211f13597dSJung-uk Kim * license. 1221f13597dSJung-uk Kim * 1231f13597dSJung-uk Kim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 1241f13597dSJung-uk Kim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 1251f13597dSJung-uk Kim * support (see RFC 4279) to OpenSSL. 1261f13597dSJung-uk Kim * 1271f13597dSJung-uk Kim * No patent licenses or other rights except those expressly stated in 1281f13597dSJung-uk Kim * the OpenSSL open source license shall be deemed granted or received 1291f13597dSJung-uk Kim * expressly, by implication, estoppel, or otherwise. 1301f13597dSJung-uk Kim * 1311f13597dSJung-uk Kim * No assurances are provided by Nokia that the Contribution does not 1321f13597dSJung-uk Kim * infringe the patent or other intellectual property rights of any third 1331f13597dSJung-uk Kim * party or that the license provides you with all the necessary rights 1341f13597dSJung-uk Kim * to make use of the Contribution. 1351f13597dSJung-uk Kim * 1361f13597dSJung-uk Kim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 1371f13597dSJung-uk Kim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 1381f13597dSJung-uk Kim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 1391f13597dSJung-uk Kim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 1401f13597dSJung-uk Kim * OTHERWISE. 1411f13597dSJung-uk Kim */ 1423b4e3dcbSSimon L. B. Nielsen 1433b4e3dcbSSimon L. B. Nielsen /* Until the key-gen callbacks are modified to use newer prototypes, we allow 1443b4e3dcbSSimon L. B. Nielsen * deprecated functions for openssl-internal code */ 1453b4e3dcbSSimon L. B. Nielsen #ifdef OPENSSL_NO_DEPRECATED 1463b4e3dcbSSimon L. B. Nielsen #undef OPENSSL_NO_DEPRECATED 1473b4e3dcbSSimon L. B. Nielsen #endif 14874664626SKris Kennaway 14974664626SKris Kennaway #include <assert.h> 1501f13597dSJung-uk Kim #include <ctype.h> 15174664626SKris Kennaway #include <stdio.h> 15274664626SKris Kennaway #include <stdlib.h> 15374664626SKris Kennaway #include <string.h> 1543b4e3dcbSSimon L. B. Nielsen 1555c87c606SMark Murray #include <openssl/e_os2.h> 1565c87c606SMark Murray #ifdef OPENSSL_NO_STDIO 15774664626SKris Kennaway #define APPS_WIN16 15874664626SKris Kennaway #endif 15974664626SKris Kennaway 1603b4e3dcbSSimon L. B. Nielsen #if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ 1613b4e3dcbSSimon L. B. Nielsen #include <sys/types.h> 1623b4e3dcbSSimon L. B. Nielsen #endif 1633b4e3dcbSSimon L. B. Nielsen 16474664626SKris Kennaway /* With IPv6, it looks like Digital has mixed up the proper order of 16574664626SKris Kennaway recursive header file inclusion, resulting in the compiler complaining 16674664626SKris Kennaway that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which 16774664626SKris Kennaway is needed to have fileno() declared correctly... So let's define u_int */ 1685c87c606SMark Murray #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) 16974664626SKris Kennaway #define __U_INT 17074664626SKris Kennaway typedef unsigned int u_int; 17174664626SKris Kennaway #endif 17274664626SKris Kennaway 17374664626SKris Kennaway #include <openssl/lhash.h> 17474664626SKris Kennaway #include <openssl/bn.h> 17574664626SKris Kennaway #define USE_SOCKETS 17674664626SKris Kennaway #include "apps.h" 17774664626SKris Kennaway #include <openssl/err.h> 17874664626SKris Kennaway #include <openssl/pem.h> 17974664626SKris Kennaway #include <openssl/x509.h> 18074664626SKris Kennaway #include <openssl/ssl.h> 1815740a5e3SKris Kennaway #include <openssl/rand.h> 182db522d3aSSimon L. B. Nielsen #include <openssl/ocsp.h> 1833b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_DH 1843b4e3dcbSSimon L. B. Nielsen #include <openssl/dh.h> 1853b4e3dcbSSimon L. B. Nielsen #endif 1863b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_RSA 1873b4e3dcbSSimon L. B. Nielsen #include <openssl/rsa.h> 1883b4e3dcbSSimon L. B. Nielsen #endif 1891f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 1901f13597dSJung-uk Kim #include <openssl/srp.h> 1911f13597dSJung-uk Kim #endif 19274664626SKris Kennaway #include "s_apps.h" 1933b4e3dcbSSimon L. B. Nielsen #include "timeouts.h" 19474664626SKris Kennaway 1955c87c606SMark Murray #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) 19674664626SKris Kennaway /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ 19774664626SKris Kennaway #undef FIONBIO 19874664626SKris Kennaway #endif 19974664626SKris Kennaway 2001f13597dSJung-uk Kim #if defined(OPENSSL_SYS_BEOS_R5) 2011f13597dSJung-uk Kim #include <fcntl.h> 2021f13597dSJung-uk Kim #endif 2031f13597dSJung-uk Kim 2045c87c606SMark Murray #ifndef OPENSSL_NO_RSA 20574664626SKris Kennaway static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); 20674664626SKris Kennaway #endif 20774664626SKris Kennaway static int sv_body(char *hostname, int s, unsigned char *context); 20874664626SKris Kennaway static int www_body(char *hostname, int s, unsigned char *context); 20974664626SKris Kennaway static void close_accept_socket(void ); 21074664626SKris Kennaway static void sv_usage(void); 21174664626SKris Kennaway static int init_ssl_connection(SSL *s); 21274664626SKris Kennaway static void print_stats(BIO *bp,SSL_CTX *ctx); 2135c87c606SMark Murray static int generate_session_id(const SSL *ssl, unsigned char *id, 2145c87c606SMark Murray unsigned int *id_len); 2155c87c606SMark Murray #ifndef OPENSSL_NO_DH 2163b4e3dcbSSimon L. B. Nielsen static DH *load_dh_param(const char *dhfile); 21774664626SKris Kennaway static DH *get_dh512(void); 21874664626SKris Kennaway #endif 2193b4e3dcbSSimon L. B. Nielsen 220f579bf8eSKris Kennaway #ifdef MONOLITH 221f579bf8eSKris Kennaway static void s_server_init(void); 222f579bf8eSKris Kennaway #endif 22374664626SKris Kennaway 2245c87c606SMark Murray #ifndef OPENSSL_NO_DH 22574664626SKris Kennaway static unsigned char dh512_p[]={ 22674664626SKris Kennaway 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 22774664626SKris Kennaway 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 22874664626SKris Kennaway 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, 22974664626SKris Kennaway 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, 23074664626SKris Kennaway 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, 23174664626SKris Kennaway 0x47,0x74,0xE8,0x33, 23274664626SKris Kennaway }; 23374664626SKris Kennaway static unsigned char dh512_g[]={ 23474664626SKris Kennaway 0x02, 23574664626SKris Kennaway }; 23674664626SKris Kennaway 23774664626SKris Kennaway static DH *get_dh512(void) 23874664626SKris Kennaway { 23974664626SKris Kennaway DH *dh=NULL; 24074664626SKris Kennaway 24174664626SKris Kennaway if ((dh=DH_new()) == NULL) return(NULL); 24274664626SKris Kennaway dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); 24374664626SKris Kennaway dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); 24474664626SKris Kennaway if ((dh->p == NULL) || (dh->g == NULL)) 24574664626SKris Kennaway return(NULL); 24674664626SKris Kennaway return(dh); 24774664626SKris Kennaway } 24874664626SKris Kennaway #endif 24974664626SKris Kennaway 2503b4e3dcbSSimon L. B. Nielsen 25174664626SKris Kennaway /* static int load_CA(SSL_CTX *ctx, char *file);*/ 25274664626SKris Kennaway 25374664626SKris Kennaway #undef BUFSIZZ 25474664626SKris Kennaway #define BUFSIZZ 16*1024 255f579bf8eSKris Kennaway static int bufsize=BUFSIZZ; 25674664626SKris Kennaway static int accept_socket= -1; 25774664626SKris Kennaway 25874664626SKris Kennaway #define TEST_CERT "server.pem" 259db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 260db522d3aSSimon L. B. Nielsen #define TEST_CERT2 "server2.pem" 261db522d3aSSimon L. B. Nielsen #endif 26274664626SKris Kennaway #undef PROG 26374664626SKris Kennaway #define PROG s_server_main 26474664626SKris Kennaway 2651f13597dSJung-uk Kim extern int verify_depth, verify_return_error; 26674664626SKris Kennaway 26774664626SKris Kennaway static char *cipher=NULL; 26874664626SKris Kennaway static int s_server_verify=SSL_VERIFY_NONE; 26974664626SKris Kennaway static int s_server_session_id_context = 1; /* anything will do */ 2703b4e3dcbSSimon L. B. Nielsen static const char *s_cert_file=TEST_CERT,*s_key_file=NULL; 271db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 272db522d3aSSimon L. B. Nielsen static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; 273db522d3aSSimon L. B. Nielsen #endif 27474664626SKris Kennaway static char *s_dcert_file=NULL,*s_dkey_file=NULL; 27574664626SKris Kennaway #ifdef FIONBIO 27674664626SKris Kennaway static int s_nbio=0; 27774664626SKris Kennaway #endif 27874664626SKris Kennaway static int s_nbio_test=0; 27974664626SKris Kennaway int s_crlf=0; 28074664626SKris Kennaway static SSL_CTX *ctx=NULL; 281db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 282db522d3aSSimon L. B. Nielsen static SSL_CTX *ctx2=NULL; 283db522d3aSSimon L. B. Nielsen #endif 28474664626SKris Kennaway static int www=0; 28574664626SKris Kennaway 28674664626SKris Kennaway static BIO *bio_s_out=NULL; 28774664626SKris Kennaway static int s_debug=0; 288db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 289db522d3aSSimon L. B. Nielsen static int s_tlsextdebug=0; 290db522d3aSSimon L. B. Nielsen static int s_tlsextstatus=0; 291db522d3aSSimon L. B. Nielsen static int cert_status_cb(SSL *s, void *arg); 292db522d3aSSimon L. B. Nielsen #endif 2935c87c606SMark Murray static int s_msg=0; 29474664626SKris Kennaway static int s_quiet=0; 29574664626SKris Kennaway 2961f13597dSJung-uk Kim static char *keymatexportlabel=NULL; 2971f13597dSJung-uk Kim static int keymatexportlen=20; 2981f13597dSJung-uk Kim 299f579bf8eSKris Kennaway static int hack=0; 300fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 3015c87c606SMark Murray static char *engine_id=NULL; 302fceca8a3SJacques Vidrine #endif 3035c87c606SMark Murray static const char *session_id_prefix=NULL; 304f579bf8eSKris Kennaway 3053b4e3dcbSSimon L. B. Nielsen static int enable_timeouts = 0; 3066a599222SSimon L. B. Nielsen static long socket_mtu; 3076a599222SSimon L. B. Nielsen #ifndef OPENSSL_NO_DTLS1 3083b4e3dcbSSimon L. B. Nielsen static int cert_chain = 0; 3096a599222SSimon L. B. Nielsen #endif 3103b4e3dcbSSimon L. B. Nielsen 3113b4e3dcbSSimon L. B. Nielsen 3121f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 3131f13597dSJung-uk Kim static char *psk_identity="Client_identity"; 3141f13597dSJung-uk Kim char *psk_key=NULL; /* by default PSK is not used */ 3151f13597dSJung-uk Kim 3161f13597dSJung-uk Kim static unsigned int psk_server_cb(SSL *ssl, const char *identity, 3171f13597dSJung-uk Kim unsigned char *psk, unsigned int max_psk_len) 3181f13597dSJung-uk Kim { 3191f13597dSJung-uk Kim unsigned int psk_len = 0; 3201f13597dSJung-uk Kim int ret; 3211f13597dSJung-uk Kim BIGNUM *bn = NULL; 3221f13597dSJung-uk Kim 3231f13597dSJung-uk Kim if (s_debug) 3241f13597dSJung-uk Kim BIO_printf(bio_s_out,"psk_server_cb\n"); 3251f13597dSJung-uk Kim if (!identity) 3261f13597dSJung-uk Kim { 3271f13597dSJung-uk Kim BIO_printf(bio_err,"Error: client did not send PSK identity\n"); 3281f13597dSJung-uk Kim goto out_err; 3291f13597dSJung-uk Kim } 3301f13597dSJung-uk Kim if (s_debug) 3311f13597dSJung-uk Kim BIO_printf(bio_s_out,"identity_len=%d identity=%s\n", 3321f13597dSJung-uk Kim identity ? (int)strlen(identity) : 0, identity); 3331f13597dSJung-uk Kim 3341f13597dSJung-uk Kim /* here we could lookup the given identity e.g. from a database */ 3351f13597dSJung-uk Kim if (strcmp(identity, psk_identity) != 0) 3361f13597dSJung-uk Kim { 3371f13597dSJung-uk Kim BIO_printf(bio_s_out, "PSK error: client identity not found" 3381f13597dSJung-uk Kim " (got '%s' expected '%s')\n", identity, 3391f13597dSJung-uk Kim psk_identity); 3401f13597dSJung-uk Kim goto out_err; 3411f13597dSJung-uk Kim } 3421f13597dSJung-uk Kim if (s_debug) 3431f13597dSJung-uk Kim BIO_printf(bio_s_out, "PSK client identity found\n"); 3441f13597dSJung-uk Kim 3451f13597dSJung-uk Kim /* convert the PSK key to binary */ 3461f13597dSJung-uk Kim ret = BN_hex2bn(&bn, psk_key); 3471f13597dSJung-uk Kim if (!ret) 3481f13597dSJung-uk Kim { 3491f13597dSJung-uk Kim BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key); 3501f13597dSJung-uk Kim if (bn) 3511f13597dSJung-uk Kim BN_free(bn); 3521f13597dSJung-uk Kim return 0; 3531f13597dSJung-uk Kim } 3541f13597dSJung-uk Kim if (BN_num_bytes(bn) > (int)max_psk_len) 3551f13597dSJung-uk Kim { 3561f13597dSJung-uk Kim BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", 3571f13597dSJung-uk Kim max_psk_len, BN_num_bytes(bn)); 3581f13597dSJung-uk Kim BN_free(bn); 3591f13597dSJung-uk Kim return 0; 3601f13597dSJung-uk Kim } 3611f13597dSJung-uk Kim 3621f13597dSJung-uk Kim ret = BN_bn2bin(bn, psk); 3631f13597dSJung-uk Kim BN_free(bn); 3641f13597dSJung-uk Kim 3651f13597dSJung-uk Kim if (ret < 0) 3661f13597dSJung-uk Kim goto out_err; 3671f13597dSJung-uk Kim psk_len = (unsigned int)ret; 3681f13597dSJung-uk Kim 3691f13597dSJung-uk Kim if (s_debug) 3701f13597dSJung-uk Kim BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); 3711f13597dSJung-uk Kim return psk_len; 3721f13597dSJung-uk Kim out_err: 3731f13597dSJung-uk Kim if (s_debug) 3741f13597dSJung-uk Kim BIO_printf(bio_err, "Error in PSK server callback\n"); 3751f13597dSJung-uk Kim return 0; 3761f13597dSJung-uk Kim } 3771f13597dSJung-uk Kim #endif 3781f13597dSJung-uk Kim 3791f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 3801f13597dSJung-uk Kim /* This is a context that we pass to callbacks */ 3811f13597dSJung-uk Kim typedef struct srpsrvparm_st 3821f13597dSJung-uk Kim { 3831f13597dSJung-uk Kim char *login; 3841f13597dSJung-uk Kim SRP_VBASE *vb; 3851f13597dSJung-uk Kim SRP_user_pwd *user; 3861f13597dSJung-uk Kim } srpsrvparm; 3871f13597dSJung-uk Kim 3881f13597dSJung-uk Kim /* This callback pretends to require some asynchronous logic in order to obtain 3891f13597dSJung-uk Kim a verifier. When the callback is called for a new connection we return 3901f13597dSJung-uk Kim with a negative value. This will provoke the accept etc to return with 3911f13597dSJung-uk Kim an LOOKUP_X509. The main logic of the reinvokes the suspended call 3921f13597dSJung-uk Kim (which would normally occur after a worker has finished) and we 3931f13597dSJung-uk Kim set the user parameters. 3941f13597dSJung-uk Kim */ 3951f13597dSJung-uk Kim static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) 3961f13597dSJung-uk Kim { 3971f13597dSJung-uk Kim srpsrvparm *p = (srpsrvparm *)arg; 3981f13597dSJung-uk Kim if (p->login == NULL && p->user == NULL ) 3991f13597dSJung-uk Kim { 4001f13597dSJung-uk Kim p->login = SSL_get_srp_username(s); 4011f13597dSJung-uk Kim BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); 4021f13597dSJung-uk Kim return (-1) ; 4031f13597dSJung-uk Kim } 4041f13597dSJung-uk Kim 4051f13597dSJung-uk Kim if (p->user == NULL) 4061f13597dSJung-uk Kim { 4071f13597dSJung-uk Kim BIO_printf(bio_err, "User %s doesn't exist\n", p->login); 4081f13597dSJung-uk Kim return SSL3_AL_FATAL; 4091f13597dSJung-uk Kim } 4101f13597dSJung-uk Kim if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v, 4111f13597dSJung-uk Kim p->user->info) < 0) 4121f13597dSJung-uk Kim { 4131f13597dSJung-uk Kim *ad = SSL_AD_INTERNAL_ERROR; 4141f13597dSJung-uk Kim return SSL3_AL_FATAL; 4151f13597dSJung-uk Kim } 4161f13597dSJung-uk Kim BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login,p->user->info); 4171f13597dSJung-uk Kim /* need to check whether there are memory leaks */ 4181f13597dSJung-uk Kim p->user = NULL; 4191f13597dSJung-uk Kim p->login = NULL; 4201f13597dSJung-uk Kim return SSL_ERROR_NONE; 4211f13597dSJung-uk Kim } 4221f13597dSJung-uk Kim 4231f13597dSJung-uk Kim #endif 4241f13597dSJung-uk Kim 425f579bf8eSKris Kennaway #ifdef MONOLITH 42674664626SKris Kennaway static void s_server_init(void) 42774664626SKris Kennaway { 428f579bf8eSKris Kennaway accept_socket=-1; 42974664626SKris Kennaway cipher=NULL; 43074664626SKris Kennaway s_server_verify=SSL_VERIFY_NONE; 43174664626SKris Kennaway s_dcert_file=NULL; 43274664626SKris Kennaway s_dkey_file=NULL; 43374664626SKris Kennaway s_cert_file=TEST_CERT; 43474664626SKris Kennaway s_key_file=NULL; 435db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 436db522d3aSSimon L. B. Nielsen s_cert_file2=TEST_CERT2; 437db522d3aSSimon L. B. Nielsen s_key_file2=NULL; 438db522d3aSSimon L. B. Nielsen ctx2=NULL; 439db522d3aSSimon L. B. Nielsen #endif 44074664626SKris Kennaway #ifdef FIONBIO 44174664626SKris Kennaway s_nbio=0; 44274664626SKris Kennaway #endif 44374664626SKris Kennaway s_nbio_test=0; 44474664626SKris Kennaway ctx=NULL; 44574664626SKris Kennaway www=0; 44674664626SKris Kennaway 44774664626SKris Kennaway bio_s_out=NULL; 44874664626SKris Kennaway s_debug=0; 4495c87c606SMark Murray s_msg=0; 45074664626SKris Kennaway s_quiet=0; 451f579bf8eSKris Kennaway hack=0; 452fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 4535c87c606SMark Murray engine_id=NULL; 454fceca8a3SJacques Vidrine #endif 45574664626SKris Kennaway } 45674664626SKris Kennaway #endif 45774664626SKris Kennaway 45874664626SKris Kennaway static void sv_usage(void) 45974664626SKris Kennaway { 46074664626SKris Kennaway BIO_printf(bio_err,"usage: s_server [args ...]\n"); 46174664626SKris Kennaway BIO_printf(bio_err,"\n"); 46274664626SKris Kennaway BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); 46374664626SKris Kennaway BIO_printf(bio_err," -context arg - set session ID context\n"); 46474664626SKris Kennaway BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); 46574664626SKris Kennaway BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); 466a93cbc2bSJung-uk Kim BIO_printf(bio_err," -verify_return_error - return verification errors\n"); 4673b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -cert arg - certificate file to use\n"); 46874664626SKris Kennaway BIO_printf(bio_err," (default is %s)\n",TEST_CERT); 469db522d3aSSimon L. B. Nielsen BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ 470db522d3aSSimon L. B. Nielsen " The CRL(s) are appended to the certificate file\n"); 471db522d3aSSimon L. B. Nielsen BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ 472db522d3aSSimon L. B. Nielsen " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ 473db522d3aSSimon L. B. Nielsen " the certificate file.\n"); 4743b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); 4753b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); 47674664626SKris Kennaway BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); 4773b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); 4783b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); 47974664626SKris Kennaway BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); 4803b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n"); 48174664626SKris Kennaway BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); 4823b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); 4833b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n"); 484f579bf8eSKris Kennaway BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); 485f579bf8eSKris Kennaway BIO_printf(bio_err," or a default set of parameters is used\n"); 4863b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_ECDH 4873b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ 4883b4e3dcbSSimon L. B. Nielsen " Use \"openssl ecparam -list_curves\" for all names\n" \ 4891f13597dSJung-uk Kim " (default is nistp256).\n"); 4903b4e3dcbSSimon L. B. Nielsen #endif 49174664626SKris Kennaway #ifdef FIONBIO 49274664626SKris Kennaway BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); 49374664626SKris Kennaway #endif 49474664626SKris Kennaway BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); 49574664626SKris Kennaway BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); 49674664626SKris Kennaway BIO_printf(bio_err," -debug - Print more output\n"); 4975c87c606SMark Murray BIO_printf(bio_err," -msg - Show protocol messages\n"); 49874664626SKris Kennaway BIO_printf(bio_err," -state - Print the SSL states\n"); 49974664626SKris Kennaway BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); 50074664626SKris Kennaway BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); 50174664626SKris Kennaway BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); 50274664626SKris Kennaway BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); 5035c87c606SMark Murray BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); 50474664626SKris Kennaway BIO_printf(bio_err," -quiet - No server output\n"); 50574664626SKris Kennaway BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); 5061f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 5071f13597dSJung-uk Kim BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n"); 5081f13597dSJung-uk Kim BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); 5091f13597dSJung-uk Kim # ifndef OPENSSL_NO_JPAKE 5101f13597dSJung-uk Kim BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); 5111f13597dSJung-uk Kim # endif 5121f13597dSJung-uk Kim #endif 5131f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 5141f13597dSJung-uk Kim BIO_printf(bio_err," -srpvfile file - The verifier file for SRP\n"); 5151f13597dSJung-uk Kim BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n"); 5161f13597dSJung-uk Kim #endif 51774664626SKris Kennaway BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); 518*751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD 51974664626SKris Kennaway BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); 520*751d2991SJung-uk Kim #endif 5211f13597dSJung-uk Kim BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n"); 5221f13597dSJung-uk Kim BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n"); 52374664626SKris Kennaway BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); 5243b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); 5253b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -timeout - Enable timeouts\n"); 5266a599222SSimon L. B. Nielsen BIO_printf(bio_err," -mtu - Set link layer MTU\n"); 5273b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -chain - Read a certificate chain\n"); 52874664626SKris Kennaway BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); 52974664626SKris Kennaway BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); 53074664626SKris Kennaway BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); 5311f13597dSJung-uk Kim BIO_printf(bio_err," -no_tls1_1 - Just disable TLSv1.1\n"); 5321f13597dSJung-uk Kim BIO_printf(bio_err," -no_tls1_2 - Just disable TLSv1.2\n"); 5335c87c606SMark Murray #ifndef OPENSSL_NO_DH 53474664626SKris Kennaway BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); 53574664626SKris Kennaway #endif 5363b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_ECDH 5373b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); 5383b4e3dcbSSimon L. B. Nielsen #endif 539f579bf8eSKris Kennaway BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); 540a93cbc2bSJung-uk Kim BIO_printf(bio_err," -hack - workaround for early Netscape code\n"); 54174664626SKris Kennaway BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); 54274664626SKris Kennaway BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 5435c87c606SMark Murray BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 5445c87c606SMark Murray BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); 545fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 5465c87c606SMark Murray BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); 547fceca8a3SJacques Vidrine #endif 5485c87c606SMark Murray BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); 5495740a5e3SKris Kennaway BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 550db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 551db522d3aSSimon L. B. Nielsen BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n"); 552db522d3aSSimon L. B. Nielsen BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); 553db522d3aSSimon L. B. Nielsen BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n"); 554db522d3aSSimon L. B. Nielsen BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); 555db522d3aSSimon L. B. Nielsen BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n"); 556db522d3aSSimon L. B. Nielsen BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); 557db522d3aSSimon L. B. Nielsen BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); 558db522d3aSSimon L. B. Nielsen BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); 5596a599222SSimon L. B. Nielsen BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); 5601f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 5611f13597dSJung-uk Kim BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); 562db522d3aSSimon L. B. Nielsen # endif 56309286989SJung-uk Kim # ifndef OPENSSL_NO_SRTP 5641f13597dSJung-uk Kim BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 5651f13597dSJung-uk Kim # endif 56609286989SJung-uk Kim #endif 5671f13597dSJung-uk Kim BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); 5681f13597dSJung-uk Kim BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 569a93cbc2bSJung-uk Kim BIO_printf(bio_err," -status - respond to certificate status requests\n"); 570a93cbc2bSJung-uk Kim BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n"); 571a93cbc2bSJung-uk Kim BIO_printf(bio_err," -status_timeout n - status request responder timeout\n"); 572a93cbc2bSJung-uk Kim BIO_printf(bio_err," -status_url URL - status request fallback URL\n"); 57374664626SKris Kennaway } 57474664626SKris Kennaway 57574664626SKris Kennaway static int local_argc=0; 57674664626SKris Kennaway static char **local_argv; 57774664626SKris Kennaway 57874664626SKris Kennaway #ifdef CHARSET_EBCDIC 57974664626SKris Kennaway static int ebcdic_new(BIO *bi); 58074664626SKris Kennaway static int ebcdic_free(BIO *a); 58174664626SKris Kennaway static int ebcdic_read(BIO *b, char *out, int outl); 5825c87c606SMark Murray static int ebcdic_write(BIO *b, const char *in, int inl); 5835c87c606SMark Murray static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr); 58474664626SKris Kennaway static int ebcdic_gets(BIO *bp, char *buf, int size); 5855c87c606SMark Murray static int ebcdic_puts(BIO *bp, const char *str); 58674664626SKris Kennaway 58774664626SKris Kennaway #define BIO_TYPE_EBCDIC_FILTER (18|0x0200) 58874664626SKris Kennaway static BIO_METHOD methods_ebcdic= 58974664626SKris Kennaway { 59074664626SKris Kennaway BIO_TYPE_EBCDIC_FILTER, 59174664626SKris Kennaway "EBCDIC/ASCII filter", 59274664626SKris Kennaway ebcdic_write, 59374664626SKris Kennaway ebcdic_read, 59474664626SKris Kennaway ebcdic_puts, 59574664626SKris Kennaway ebcdic_gets, 59674664626SKris Kennaway ebcdic_ctrl, 59774664626SKris Kennaway ebcdic_new, 59874664626SKris Kennaway ebcdic_free, 59974664626SKris Kennaway }; 60074664626SKris Kennaway 60174664626SKris Kennaway typedef struct 60274664626SKris Kennaway { 60374664626SKris Kennaway size_t alloced; 60474664626SKris Kennaway char buff[1]; 60574664626SKris Kennaway } EBCDIC_OUTBUFF; 60674664626SKris Kennaway 60774664626SKris Kennaway BIO_METHOD *BIO_f_ebcdic_filter() 60874664626SKris Kennaway { 60974664626SKris Kennaway return(&methods_ebcdic); 61074664626SKris Kennaway } 61174664626SKris Kennaway 61274664626SKris Kennaway static int ebcdic_new(BIO *bi) 61374664626SKris Kennaway { 61474664626SKris Kennaway EBCDIC_OUTBUFF *wbuf; 61574664626SKris Kennaway 616ddd58736SKris Kennaway wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); 61774664626SKris Kennaway wbuf->alloced = 1024; 61874664626SKris Kennaway wbuf->buff[0] = '\0'; 61974664626SKris Kennaway 62074664626SKris Kennaway bi->ptr=(char *)wbuf; 62174664626SKris Kennaway bi->init=1; 62274664626SKris Kennaway bi->flags=0; 62374664626SKris Kennaway return(1); 62474664626SKris Kennaway } 62574664626SKris Kennaway 62674664626SKris Kennaway static int ebcdic_free(BIO *a) 62774664626SKris Kennaway { 62874664626SKris Kennaway if (a == NULL) return(0); 62974664626SKris Kennaway if (a->ptr != NULL) 630ddd58736SKris Kennaway OPENSSL_free(a->ptr); 63174664626SKris Kennaway a->ptr=NULL; 63274664626SKris Kennaway a->init=0; 63374664626SKris Kennaway a->flags=0; 63474664626SKris Kennaway return(1); 63574664626SKris Kennaway } 63674664626SKris Kennaway 63774664626SKris Kennaway static int ebcdic_read(BIO *b, char *out, int outl) 63874664626SKris Kennaway { 63974664626SKris Kennaway int ret=0; 64074664626SKris Kennaway 64174664626SKris Kennaway if (out == NULL || outl == 0) return(0); 64274664626SKris Kennaway if (b->next_bio == NULL) return(0); 64374664626SKris Kennaway 64474664626SKris Kennaway ret=BIO_read(b->next_bio,out,outl); 64574664626SKris Kennaway if (ret > 0) 64674664626SKris Kennaway ascii2ebcdic(out,out,ret); 64774664626SKris Kennaway return(ret); 64874664626SKris Kennaway } 64974664626SKris Kennaway 6505c87c606SMark Murray static int ebcdic_write(BIO *b, const char *in, int inl) 65174664626SKris Kennaway { 65274664626SKris Kennaway EBCDIC_OUTBUFF *wbuf; 65374664626SKris Kennaway int ret=0; 65474664626SKris Kennaway int num; 65574664626SKris Kennaway unsigned char n; 65674664626SKris Kennaway 65774664626SKris Kennaway if ((in == NULL) || (inl <= 0)) return(0); 65874664626SKris Kennaway if (b->next_bio == NULL) return(0); 65974664626SKris Kennaway 66074664626SKris Kennaway wbuf=(EBCDIC_OUTBUFF *)b->ptr; 66174664626SKris Kennaway 66274664626SKris Kennaway if (inl > (num = wbuf->alloced)) 66374664626SKris Kennaway { 66474664626SKris Kennaway num = num + num; /* double the size */ 66574664626SKris Kennaway if (num < inl) 66674664626SKris Kennaway num = inl; 667ddd58736SKris Kennaway OPENSSL_free(wbuf); 668ddd58736SKris Kennaway wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); 66974664626SKris Kennaway 67074664626SKris Kennaway wbuf->alloced = num; 67174664626SKris Kennaway wbuf->buff[0] = '\0'; 67274664626SKris Kennaway 67374664626SKris Kennaway b->ptr=(char *)wbuf; 67474664626SKris Kennaway } 67574664626SKris Kennaway 67674664626SKris Kennaway ebcdic2ascii(wbuf->buff, in, inl); 67774664626SKris Kennaway 67874664626SKris Kennaway ret=BIO_write(b->next_bio, wbuf->buff, inl); 67974664626SKris Kennaway 68074664626SKris Kennaway return(ret); 68174664626SKris Kennaway } 68274664626SKris Kennaway 6835c87c606SMark Murray static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) 68474664626SKris Kennaway { 68574664626SKris Kennaway long ret; 68674664626SKris Kennaway 68774664626SKris Kennaway if (b->next_bio == NULL) return(0); 68874664626SKris Kennaway switch (cmd) 68974664626SKris Kennaway { 69074664626SKris Kennaway case BIO_CTRL_DUP: 69174664626SKris Kennaway ret=0L; 69274664626SKris Kennaway break; 69374664626SKris Kennaway default: 69474664626SKris Kennaway ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 69574664626SKris Kennaway break; 69674664626SKris Kennaway } 69774664626SKris Kennaway return(ret); 69874664626SKris Kennaway } 69974664626SKris Kennaway 70074664626SKris Kennaway static int ebcdic_gets(BIO *bp, char *buf, int size) 70174664626SKris Kennaway { 7025c87c606SMark Murray int i, ret=0; 70374664626SKris Kennaway if (bp->next_bio == NULL) return(0); 70474664626SKris Kennaway /* return(BIO_gets(bp->next_bio,buf,size));*/ 70574664626SKris Kennaway for (i=0; i<size-1; ++i) 70674664626SKris Kennaway { 70774664626SKris Kennaway ret = ebcdic_read(bp,&buf[i],1); 70874664626SKris Kennaway if (ret <= 0) 70974664626SKris Kennaway break; 71074664626SKris Kennaway else if (buf[i] == '\n') 71174664626SKris Kennaway { 71274664626SKris Kennaway ++i; 71374664626SKris Kennaway break; 71474664626SKris Kennaway } 71574664626SKris Kennaway } 71674664626SKris Kennaway if (i < size) 71774664626SKris Kennaway buf[i] = '\0'; 71874664626SKris Kennaway return (ret < 0 && i == 0) ? ret : i; 71974664626SKris Kennaway } 72074664626SKris Kennaway 7215c87c606SMark Murray static int ebcdic_puts(BIO *bp, const char *str) 72274664626SKris Kennaway { 72374664626SKris Kennaway if (bp->next_bio == NULL) return(0); 72474664626SKris Kennaway return ebcdic_write(bp, str, strlen(str)); 72574664626SKris Kennaway } 72674664626SKris Kennaway #endif 72774664626SKris Kennaway 728db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 729db522d3aSSimon L. B. Nielsen 730db522d3aSSimon L. B. Nielsen /* This is a context that we pass to callbacks */ 731db522d3aSSimon L. B. Nielsen typedef struct tlsextctx_st { 732db522d3aSSimon L. B. Nielsen char * servername; 733db522d3aSSimon L. B. Nielsen BIO * biodebug; 734db522d3aSSimon L. B. Nielsen int extension_error; 735db522d3aSSimon L. B. Nielsen } tlsextctx; 736db522d3aSSimon L. B. Nielsen 737db522d3aSSimon L. B. Nielsen 738db522d3aSSimon L. B. Nielsen static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) 739db522d3aSSimon L. B. Nielsen { 740db522d3aSSimon L. B. Nielsen tlsextctx * p = (tlsextctx *) arg; 741db522d3aSSimon L. B. Nielsen const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 742db522d3aSSimon L. B. Nielsen if (servername && p->biodebug) 743db522d3aSSimon L. B. Nielsen BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername); 744db522d3aSSimon L. B. Nielsen 745db522d3aSSimon L. B. Nielsen if (!p->servername) 746db522d3aSSimon L. B. Nielsen return SSL_TLSEXT_ERR_NOACK; 747db522d3aSSimon L. B. Nielsen 748db522d3aSSimon L. B. Nielsen if (servername) 749db522d3aSSimon L. B. Nielsen { 750a93cbc2bSJung-uk Kim if (strcasecmp(servername,p->servername)) 751db522d3aSSimon L. B. Nielsen return p->extension_error; 752db522d3aSSimon L. B. Nielsen if (ctx2) 753db522d3aSSimon L. B. Nielsen { 7541f13597dSJung-uk Kim BIO_printf(p->biodebug,"Switching server context.\n"); 755db522d3aSSimon L. B. Nielsen SSL_set_SSL_CTX(s,ctx2); 756db522d3aSSimon L. B. Nielsen } 757db522d3aSSimon L. B. Nielsen } 758db522d3aSSimon L. B. Nielsen return SSL_TLSEXT_ERR_OK; 759db522d3aSSimon L. B. Nielsen } 760db522d3aSSimon L. B. Nielsen 761db522d3aSSimon L. B. Nielsen /* Structure passed to cert status callback */ 762db522d3aSSimon L. B. Nielsen 763db522d3aSSimon L. B. Nielsen typedef struct tlsextstatusctx_st { 764db522d3aSSimon L. B. Nielsen /* Default responder to use */ 765db522d3aSSimon L. B. Nielsen char *host, *path, *port; 766db522d3aSSimon L. B. Nielsen int use_ssl; 767db522d3aSSimon L. B. Nielsen int timeout; 768db522d3aSSimon L. B. Nielsen BIO *err; 769db522d3aSSimon L. B. Nielsen int verbose; 770db522d3aSSimon L. B. Nielsen } tlsextstatusctx; 771db522d3aSSimon L. B. Nielsen 772db522d3aSSimon L. B. Nielsen static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0}; 773db522d3aSSimon L. B. Nielsen 774db522d3aSSimon L. B. Nielsen /* Certificate Status callback. This is called when a client includes a 775db522d3aSSimon L. B. Nielsen * certificate status request extension. 776db522d3aSSimon L. B. Nielsen * 777db522d3aSSimon L. B. Nielsen * This is a simplified version. It examines certificates each time and 778db522d3aSSimon L. B. Nielsen * makes one OCSP responder query for each request. 779db522d3aSSimon L. B. Nielsen * 780db522d3aSSimon L. B. Nielsen * A full version would store details such as the OCSP certificate IDs and 781db522d3aSSimon L. B. Nielsen * minimise the number of OCSP responses by caching them until they were 782db522d3aSSimon L. B. Nielsen * considered "expired". 783db522d3aSSimon L. B. Nielsen */ 784db522d3aSSimon L. B. Nielsen 785db522d3aSSimon L. B. Nielsen static int cert_status_cb(SSL *s, void *arg) 786db522d3aSSimon L. B. Nielsen { 787db522d3aSSimon L. B. Nielsen tlsextstatusctx *srctx = arg; 788db522d3aSSimon L. B. Nielsen BIO *err = srctx->err; 789db522d3aSSimon L. B. Nielsen char *host, *port, *path; 790db522d3aSSimon L. B. Nielsen int use_ssl; 791db522d3aSSimon L. B. Nielsen unsigned char *rspder = NULL; 792db522d3aSSimon L. B. Nielsen int rspderlen; 7931f13597dSJung-uk Kim STACK_OF(OPENSSL_STRING) *aia = NULL; 794db522d3aSSimon L. B. Nielsen X509 *x = NULL; 795db522d3aSSimon L. B. Nielsen X509_STORE_CTX inctx; 796db522d3aSSimon L. B. Nielsen X509_OBJECT obj; 797db522d3aSSimon L. B. Nielsen OCSP_REQUEST *req = NULL; 798db522d3aSSimon L. B. Nielsen OCSP_RESPONSE *resp = NULL; 799db522d3aSSimon L. B. Nielsen OCSP_CERTID *id = NULL; 800db522d3aSSimon L. B. Nielsen STACK_OF(X509_EXTENSION) *exts; 801db522d3aSSimon L. B. Nielsen int ret = SSL_TLSEXT_ERR_NOACK; 802db522d3aSSimon L. B. Nielsen int i; 803db522d3aSSimon L. B. Nielsen #if 0 804db522d3aSSimon L. B. Nielsen STACK_OF(OCSP_RESPID) *ids; 805db522d3aSSimon L. B. Nielsen SSL_get_tlsext_status_ids(s, &ids); 806db522d3aSSimon L. B. Nielsen BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); 807db522d3aSSimon L. B. Nielsen #endif 808db522d3aSSimon L. B. Nielsen if (srctx->verbose) 809db522d3aSSimon L. B. Nielsen BIO_puts(err, "cert_status: callback called\n"); 810db522d3aSSimon L. B. Nielsen /* Build up OCSP query from server certificate */ 811db522d3aSSimon L. B. Nielsen x = SSL_get_certificate(s); 812db522d3aSSimon L. B. Nielsen aia = X509_get1_ocsp(x); 813db522d3aSSimon L. B. Nielsen if (aia) 814db522d3aSSimon L. B. Nielsen { 8151f13597dSJung-uk Kim if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), 816db522d3aSSimon L. B. Nielsen &host, &port, &path, &use_ssl)) 817db522d3aSSimon L. B. Nielsen { 818db522d3aSSimon L. B. Nielsen BIO_puts(err, "cert_status: can't parse AIA URL\n"); 819db522d3aSSimon L. B. Nielsen goto err; 820db522d3aSSimon L. B. Nielsen } 821db522d3aSSimon L. B. Nielsen if (srctx->verbose) 822db522d3aSSimon L. B. Nielsen BIO_printf(err, "cert_status: AIA URL: %s\n", 8231f13597dSJung-uk Kim sk_OPENSSL_STRING_value(aia, 0)); 824db522d3aSSimon L. B. Nielsen } 825db522d3aSSimon L. B. Nielsen else 826db522d3aSSimon L. B. Nielsen { 827db522d3aSSimon L. B. Nielsen if (!srctx->host) 828db522d3aSSimon L. B. Nielsen { 829db522d3aSSimon L. B. Nielsen BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n"); 830db522d3aSSimon L. B. Nielsen goto done; 831db522d3aSSimon L. B. Nielsen } 832db522d3aSSimon L. B. Nielsen host = srctx->host; 833db522d3aSSimon L. B. Nielsen path = srctx->path; 834db522d3aSSimon L. B. Nielsen port = srctx->port; 835db522d3aSSimon L. B. Nielsen use_ssl = srctx->use_ssl; 836db522d3aSSimon L. B. Nielsen } 837db522d3aSSimon L. B. Nielsen 838db522d3aSSimon L. B. Nielsen if (!X509_STORE_CTX_init(&inctx, 839db522d3aSSimon L. B. Nielsen SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), 840db522d3aSSimon L. B. Nielsen NULL, NULL)) 841db522d3aSSimon L. B. Nielsen goto err; 842db522d3aSSimon L. B. Nielsen if (X509_STORE_get_by_subject(&inctx,X509_LU_X509, 843db522d3aSSimon L. B. Nielsen X509_get_issuer_name(x),&obj) <= 0) 844db522d3aSSimon L. B. Nielsen { 845db522d3aSSimon L. B. Nielsen BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); 846db522d3aSSimon L. B. Nielsen X509_STORE_CTX_cleanup(&inctx); 847db522d3aSSimon L. B. Nielsen goto done; 848db522d3aSSimon L. B. Nielsen } 849db522d3aSSimon L. B. Nielsen req = OCSP_REQUEST_new(); 850db522d3aSSimon L. B. Nielsen if (!req) 851db522d3aSSimon L. B. Nielsen goto err; 852db522d3aSSimon L. B. Nielsen id = OCSP_cert_to_id(NULL, x, obj.data.x509); 853db522d3aSSimon L. B. Nielsen X509_free(obj.data.x509); 854db522d3aSSimon L. B. Nielsen X509_STORE_CTX_cleanup(&inctx); 855db522d3aSSimon L. B. Nielsen if (!id) 856db522d3aSSimon L. B. Nielsen goto err; 857db522d3aSSimon L. B. Nielsen if (!OCSP_request_add0_id(req, id)) 858db522d3aSSimon L. B. Nielsen goto err; 859db522d3aSSimon L. B. Nielsen id = NULL; 860db522d3aSSimon L. B. Nielsen /* Add any extensions to the request */ 861db522d3aSSimon L. B. Nielsen SSL_get_tlsext_status_exts(s, &exts); 862db522d3aSSimon L. B. Nielsen for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) 863db522d3aSSimon L. B. Nielsen { 864db522d3aSSimon L. B. Nielsen X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); 865db522d3aSSimon L. B. Nielsen if (!OCSP_REQUEST_add_ext(req, ext, -1)) 866db522d3aSSimon L. B. Nielsen goto err; 867db522d3aSSimon L. B. Nielsen } 8681f13597dSJung-uk Kim resp = process_responder(err, req, host, path, port, use_ssl, NULL, 869db522d3aSSimon L. B. Nielsen srctx->timeout); 870db522d3aSSimon L. B. Nielsen if (!resp) 871db522d3aSSimon L. B. Nielsen { 872db522d3aSSimon L. B. Nielsen BIO_puts(err, "cert_status: error querying responder\n"); 873db522d3aSSimon L. B. Nielsen goto done; 874db522d3aSSimon L. B. Nielsen } 875db522d3aSSimon L. B. Nielsen rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); 876db522d3aSSimon L. B. Nielsen if (rspderlen <= 0) 877db522d3aSSimon L. B. Nielsen goto err; 878db522d3aSSimon L. B. Nielsen SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); 879db522d3aSSimon L. B. Nielsen if (srctx->verbose) 880db522d3aSSimon L. B. Nielsen { 881db522d3aSSimon L. B. Nielsen BIO_puts(err, "cert_status: ocsp response sent:\n"); 882db522d3aSSimon L. B. Nielsen OCSP_RESPONSE_print(err, resp, 2); 883db522d3aSSimon L. B. Nielsen } 884db522d3aSSimon L. B. Nielsen ret = SSL_TLSEXT_ERR_OK; 885db522d3aSSimon L. B. Nielsen done: 886db522d3aSSimon L. B. Nielsen if (ret != SSL_TLSEXT_ERR_OK) 887db522d3aSSimon L. B. Nielsen ERR_print_errors(err); 888db522d3aSSimon L. B. Nielsen if (aia) 889db522d3aSSimon L. B. Nielsen { 890db522d3aSSimon L. B. Nielsen OPENSSL_free(host); 891db522d3aSSimon L. B. Nielsen OPENSSL_free(path); 892db522d3aSSimon L. B. Nielsen OPENSSL_free(port); 893db522d3aSSimon L. B. Nielsen X509_email_free(aia); 894db522d3aSSimon L. B. Nielsen } 895db522d3aSSimon L. B. Nielsen if (id) 896db522d3aSSimon L. B. Nielsen OCSP_CERTID_free(id); 897db522d3aSSimon L. B. Nielsen if (req) 898db522d3aSSimon L. B. Nielsen OCSP_REQUEST_free(req); 899db522d3aSSimon L. B. Nielsen if (resp) 900db522d3aSSimon L. B. Nielsen OCSP_RESPONSE_free(resp); 901db522d3aSSimon L. B. Nielsen return ret; 902db522d3aSSimon L. B. Nielsen err: 903db522d3aSSimon L. B. Nielsen ret = SSL_TLSEXT_ERR_ALERT_FATAL; 904db522d3aSSimon L. B. Nielsen goto done; 905db522d3aSSimon L. B. Nielsen } 9061f13597dSJung-uk Kim 9071f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 9081f13597dSJung-uk Kim /* This is the context that we pass to next_proto_cb */ 9091f13597dSJung-uk Kim typedef struct tlsextnextprotoctx_st { 9101f13597dSJung-uk Kim unsigned char *data; 9111f13597dSJung-uk Kim unsigned int len; 9121f13597dSJung-uk Kim } tlsextnextprotoctx; 9131f13597dSJung-uk Kim 9141f13597dSJung-uk Kim static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg) 9151f13597dSJung-uk Kim { 9161f13597dSJung-uk Kim tlsextnextprotoctx *next_proto = arg; 9171f13597dSJung-uk Kim 9181f13597dSJung-uk Kim *data = next_proto->data; 9191f13597dSJung-uk Kim *len = next_proto->len; 9201f13597dSJung-uk Kim 9211f13597dSJung-uk Kim return SSL_TLSEXT_ERR_OK; 9221f13597dSJung-uk Kim } 9231f13597dSJung-uk Kim # endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 9241f13597dSJung-uk Kim 9251f13597dSJung-uk Kim 926db522d3aSSimon L. B. Nielsen #endif 9271f13597dSJung-uk Kim 928f579bf8eSKris Kennaway int MAIN(int, char **); 929f579bf8eSKris Kennaway 930db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 931db522d3aSSimon L. B. Nielsen static char *jpake_secret = NULL; 932db522d3aSSimon L. B. Nielsen #endif 9331f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 9341f13597dSJung-uk Kim static srpsrvparm srp_callback_parm; 9351f13597dSJung-uk Kim #endif 93609286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 9371f13597dSJung-uk Kim static char *srtp_profiles = NULL; 93809286989SJung-uk Kim #endif 939db522d3aSSimon L. B. Nielsen 94074664626SKris Kennaway int MAIN(int argc, char *argv[]) 94174664626SKris Kennaway { 9421f13597dSJung-uk Kim X509_VERIFY_PARAM *vpm = NULL; 9431f13597dSJung-uk Kim int badarg = 0; 94474664626SKris Kennaway short port=PORT; 94574664626SKris Kennaway char *CApath=NULL,*CAfile=NULL; 9463b4e3dcbSSimon L. B. Nielsen unsigned char *context = NULL; 947f579bf8eSKris Kennaway char *dhfile = NULL; 9483b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_ECDH 9493b4e3dcbSSimon L. B. Nielsen char *named_curve = NULL; 9503b4e3dcbSSimon L. B. Nielsen #endif 95174664626SKris Kennaway int badop=0,bugs=0; 95274664626SKris Kennaway int ret=1; 95374664626SKris Kennaway int off=0; 9543b4e3dcbSSimon L. B. Nielsen int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; 95574664626SKris Kennaway int state=0; 9561f13597dSJung-uk Kim const SSL_METHOD *meth=NULL; 957db522d3aSSimon L. B. Nielsen int socket_type=SOCK_STREAM; 9585c87c606SMark Murray ENGINE *e=NULL; 9595740a5e3SKris Kennaway char *inrand=NULL; 9603b4e3dcbSSimon L. B. Nielsen int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; 9613b4e3dcbSSimon L. B. Nielsen char *passarg = NULL, *pass = NULL; 9623b4e3dcbSSimon L. B. Nielsen char *dpassarg = NULL, *dpass = NULL; 9633b4e3dcbSSimon L. B. Nielsen int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; 9643b4e3dcbSSimon L. B. Nielsen X509 *s_cert = NULL, *s_dcert = NULL; 9653b4e3dcbSSimon L. B. Nielsen EVP_PKEY *s_key = NULL, *s_dkey = NULL; 9666a599222SSimon L. B. Nielsen int no_cache = 0; 967db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 968db522d3aSSimon L. B. Nielsen EVP_PKEY *s_key2 = NULL; 969db522d3aSSimon L. B. Nielsen X509 *s_cert2 = NULL; 970db522d3aSSimon L. B. Nielsen tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; 9711f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 9721f13597dSJung-uk Kim const char *next_proto_neg_in = NULL; 9731f13597dSJung-uk Kim tlsextnextprotoctx next_proto; 974db522d3aSSimon L. B. Nielsen # endif 9751f13597dSJung-uk Kim #endif 9761f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 9771f13597dSJung-uk Kim /* by default do not send a PSK identity hint */ 9781f13597dSJung-uk Kim static char *psk_identity_hint=NULL; 9791f13597dSJung-uk Kim #endif 9801f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 9811f13597dSJung-uk Kim char *srpuserseed = NULL; 9821f13597dSJung-uk Kim char *srp_verifier_file = NULL; 9831f13597dSJung-uk Kim #endif 98474664626SKris Kennaway meth=SSLv23_server_method(); 98574664626SKris Kennaway 98674664626SKris Kennaway local_argc=argc; 98774664626SKris Kennaway local_argv=argv; 98874664626SKris Kennaway 98974664626SKris Kennaway apps_startup(); 990f579bf8eSKris Kennaway #ifdef MONOLITH 991f579bf8eSKris Kennaway s_server_init(); 992f579bf8eSKris Kennaway #endif 99374664626SKris Kennaway 99474664626SKris Kennaway if (bio_err == NULL) 99574664626SKris Kennaway bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 99674664626SKris Kennaway 9975c87c606SMark Murray if (!load_config(bio_err, NULL)) 9985c87c606SMark Murray goto end; 9995c87c606SMark Murray 100074664626SKris Kennaway verify_depth=0; 100174664626SKris Kennaway #ifdef FIONBIO 100274664626SKris Kennaway s_nbio=0; 100374664626SKris Kennaway #endif 100474664626SKris Kennaway s_nbio_test=0; 100574664626SKris Kennaway 100674664626SKris Kennaway argc--; 100774664626SKris Kennaway argv++; 100874664626SKris Kennaway 100974664626SKris Kennaway while (argc >= 1) 101074664626SKris Kennaway { 101174664626SKris Kennaway if ((strcmp(*argv,"-port") == 0) || 101274664626SKris Kennaway (strcmp(*argv,"-accept") == 0)) 101374664626SKris Kennaway { 101474664626SKris Kennaway if (--argc < 1) goto bad; 101574664626SKris Kennaway if (!extract_port(*(++argv),&port)) 101674664626SKris Kennaway goto bad; 101774664626SKris Kennaway } 101874664626SKris Kennaway else if (strcmp(*argv,"-verify") == 0) 101974664626SKris Kennaway { 102074664626SKris Kennaway s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; 102174664626SKris Kennaway if (--argc < 1) goto bad; 102274664626SKris Kennaway verify_depth=atoi(*(++argv)); 102374664626SKris Kennaway BIO_printf(bio_err,"verify depth is %d\n",verify_depth); 102474664626SKris Kennaway } 102574664626SKris Kennaway else if (strcmp(*argv,"-Verify") == 0) 102674664626SKris Kennaway { 102774664626SKris Kennaway s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT| 102874664626SKris Kennaway SSL_VERIFY_CLIENT_ONCE; 102974664626SKris Kennaway if (--argc < 1) goto bad; 103074664626SKris Kennaway verify_depth=atoi(*(++argv)); 103174664626SKris Kennaway BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth); 103274664626SKris Kennaway } 103374664626SKris Kennaway else if (strcmp(*argv,"-context") == 0) 103474664626SKris Kennaway { 103574664626SKris Kennaway if (--argc < 1) goto bad; 10363b4e3dcbSSimon L. B. Nielsen context= (unsigned char *)*(++argv); 103774664626SKris Kennaway } 103874664626SKris Kennaway else if (strcmp(*argv,"-cert") == 0) 103974664626SKris Kennaway { 104074664626SKris Kennaway if (--argc < 1) goto bad; 104174664626SKris Kennaway s_cert_file= *(++argv); 104274664626SKris Kennaway } 10433b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-certform") == 0) 10443b4e3dcbSSimon L. B. Nielsen { 10453b4e3dcbSSimon L. B. Nielsen if (--argc < 1) goto bad; 10463b4e3dcbSSimon L. B. Nielsen s_cert_format = str2fmt(*(++argv)); 10473b4e3dcbSSimon L. B. Nielsen } 104874664626SKris Kennaway else if (strcmp(*argv,"-key") == 0) 104974664626SKris Kennaway { 105074664626SKris Kennaway if (--argc < 1) goto bad; 105174664626SKris Kennaway s_key_file= *(++argv); 105274664626SKris Kennaway } 10533b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-keyform") == 0) 10543b4e3dcbSSimon L. B. Nielsen { 10553b4e3dcbSSimon L. B. Nielsen if (--argc < 1) goto bad; 10563b4e3dcbSSimon L. B. Nielsen s_key_format = str2fmt(*(++argv)); 10573b4e3dcbSSimon L. B. Nielsen } 10583b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-pass") == 0) 10593b4e3dcbSSimon L. B. Nielsen { 10603b4e3dcbSSimon L. B. Nielsen if (--argc < 1) goto bad; 10613b4e3dcbSSimon L. B. Nielsen passarg = *(++argv); 10623b4e3dcbSSimon L. B. Nielsen } 1063f579bf8eSKris Kennaway else if (strcmp(*argv,"-dhparam") == 0) 1064f579bf8eSKris Kennaway { 1065f579bf8eSKris Kennaway if (--argc < 1) goto bad; 1066f579bf8eSKris Kennaway dhfile = *(++argv); 1067f579bf8eSKris Kennaway } 10683b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_ECDH 10693b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-named_curve") == 0) 10703b4e3dcbSSimon L. B. Nielsen { 10713b4e3dcbSSimon L. B. Nielsen if (--argc < 1) goto bad; 10723b4e3dcbSSimon L. B. Nielsen named_curve = *(++argv); 10733b4e3dcbSSimon L. B. Nielsen } 10743b4e3dcbSSimon L. B. Nielsen #endif 10753b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-dcertform") == 0) 10763b4e3dcbSSimon L. B. Nielsen { 10773b4e3dcbSSimon L. B. Nielsen if (--argc < 1) goto bad; 10783b4e3dcbSSimon L. B. Nielsen s_dcert_format = str2fmt(*(++argv)); 10793b4e3dcbSSimon L. B. Nielsen } 108074664626SKris Kennaway else if (strcmp(*argv,"-dcert") == 0) 108174664626SKris Kennaway { 108274664626SKris Kennaway if (--argc < 1) goto bad; 108374664626SKris Kennaway s_dcert_file= *(++argv); 108474664626SKris Kennaway } 10853b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-dkeyform") == 0) 10863b4e3dcbSSimon L. B. Nielsen { 10873b4e3dcbSSimon L. B. Nielsen if (--argc < 1) goto bad; 10883b4e3dcbSSimon L. B. Nielsen s_dkey_format = str2fmt(*(++argv)); 10893b4e3dcbSSimon L. B. Nielsen } 10903b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-dpass") == 0) 10913b4e3dcbSSimon L. B. Nielsen { 10923b4e3dcbSSimon L. B. Nielsen if (--argc < 1) goto bad; 10933b4e3dcbSSimon L. B. Nielsen dpassarg = *(++argv); 10943b4e3dcbSSimon L. B. Nielsen } 109574664626SKris Kennaway else if (strcmp(*argv,"-dkey") == 0) 109674664626SKris Kennaway { 109774664626SKris Kennaway if (--argc < 1) goto bad; 109874664626SKris Kennaway s_dkey_file= *(++argv); 109974664626SKris Kennaway } 110074664626SKris Kennaway else if (strcmp(*argv,"-nocert") == 0) 110174664626SKris Kennaway { 110274664626SKris Kennaway nocert=1; 110374664626SKris Kennaway } 110474664626SKris Kennaway else if (strcmp(*argv,"-CApath") == 0) 110574664626SKris Kennaway { 110674664626SKris Kennaway if (--argc < 1) goto bad; 110774664626SKris Kennaway CApath= *(++argv); 110874664626SKris Kennaway } 11096a599222SSimon L. B. Nielsen else if (strcmp(*argv,"-no_cache") == 0) 11106a599222SSimon L. B. Nielsen no_cache = 1; 11111f13597dSJung-uk Kim else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) 11125c87c606SMark Murray { 11131f13597dSJung-uk Kim if (badarg) 11141f13597dSJung-uk Kim goto bad; 11151f13597dSJung-uk Kim continue; 11165c87c606SMark Murray } 11171f13597dSJung-uk Kim else if (strcmp(*argv,"-verify_return_error") == 0) 11181f13597dSJung-uk Kim verify_return_error = 1; 11195c87c606SMark Murray else if (strcmp(*argv,"-serverpref") == 0) 11205c87c606SMark Murray { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } 11216a599222SSimon L. B. Nielsen else if (strcmp(*argv,"-legacy_renegotiation") == 0) 11226a599222SSimon L. B. Nielsen off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; 112374664626SKris Kennaway else if (strcmp(*argv,"-cipher") == 0) 112474664626SKris Kennaway { 112574664626SKris Kennaway if (--argc < 1) goto bad; 112674664626SKris Kennaway cipher= *(++argv); 112774664626SKris Kennaway } 112874664626SKris Kennaway else if (strcmp(*argv,"-CAfile") == 0) 112974664626SKris Kennaway { 113074664626SKris Kennaway if (--argc < 1) goto bad; 113174664626SKris Kennaway CAfile= *(++argv); 113274664626SKris Kennaway } 113374664626SKris Kennaway #ifdef FIONBIO 113474664626SKris Kennaway else if (strcmp(*argv,"-nbio") == 0) 113574664626SKris Kennaway { s_nbio=1; } 113674664626SKris Kennaway #endif 113774664626SKris Kennaway else if (strcmp(*argv,"-nbio_test") == 0) 113874664626SKris Kennaway { 113974664626SKris Kennaway #ifdef FIONBIO 114074664626SKris Kennaway s_nbio=1; 114174664626SKris Kennaway #endif 114274664626SKris Kennaway s_nbio_test=1; 114374664626SKris Kennaway } 114474664626SKris Kennaway else if (strcmp(*argv,"-debug") == 0) 114574664626SKris Kennaway { s_debug=1; } 1146db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1147db522d3aSSimon L. B. Nielsen else if (strcmp(*argv,"-tlsextdebug") == 0) 1148db522d3aSSimon L. B. Nielsen s_tlsextdebug=1; 1149db522d3aSSimon L. B. Nielsen else if (strcmp(*argv,"-status") == 0) 1150db522d3aSSimon L. B. Nielsen s_tlsextstatus=1; 1151db522d3aSSimon L. B. Nielsen else if (strcmp(*argv,"-status_verbose") == 0) 1152db522d3aSSimon L. B. Nielsen { 1153db522d3aSSimon L. B. Nielsen s_tlsextstatus=1; 1154db522d3aSSimon L. B. Nielsen tlscstatp.verbose = 1; 1155db522d3aSSimon L. B. Nielsen } 1156db522d3aSSimon L. B. Nielsen else if (!strcmp(*argv, "-status_timeout")) 1157db522d3aSSimon L. B. Nielsen { 1158db522d3aSSimon L. B. Nielsen s_tlsextstatus=1; 1159db522d3aSSimon L. B. Nielsen if (--argc < 1) goto bad; 1160db522d3aSSimon L. B. Nielsen tlscstatp.timeout = atoi(*(++argv)); 1161db522d3aSSimon L. B. Nielsen } 1162db522d3aSSimon L. B. Nielsen else if (!strcmp(*argv, "-status_url")) 1163db522d3aSSimon L. B. Nielsen { 1164db522d3aSSimon L. B. Nielsen s_tlsextstatus=1; 1165db522d3aSSimon L. B. Nielsen if (--argc < 1) goto bad; 1166db522d3aSSimon L. B. Nielsen if (!OCSP_parse_url(*(++argv), 1167db522d3aSSimon L. B. Nielsen &tlscstatp.host, 1168db522d3aSSimon L. B. Nielsen &tlscstatp.port, 1169db522d3aSSimon L. B. Nielsen &tlscstatp.path, 1170db522d3aSSimon L. B. Nielsen &tlscstatp.use_ssl)) 1171db522d3aSSimon L. B. Nielsen { 1172db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, "Error parsing URL\n"); 1173db522d3aSSimon L. B. Nielsen goto bad; 1174db522d3aSSimon L. B. Nielsen } 1175db522d3aSSimon L. B. Nielsen } 1176db522d3aSSimon L. B. Nielsen #endif 11775c87c606SMark Murray else if (strcmp(*argv,"-msg") == 0) 11785c87c606SMark Murray { s_msg=1; } 117974664626SKris Kennaway else if (strcmp(*argv,"-hack") == 0) 118074664626SKris Kennaway { hack=1; } 118174664626SKris Kennaway else if (strcmp(*argv,"-state") == 0) 118274664626SKris Kennaway { state=1; } 118374664626SKris Kennaway else if (strcmp(*argv,"-crlf") == 0) 118474664626SKris Kennaway { s_crlf=1; } 118574664626SKris Kennaway else if (strcmp(*argv,"-quiet") == 0) 118674664626SKris Kennaway { s_quiet=1; } 118774664626SKris Kennaway else if (strcmp(*argv,"-bugs") == 0) 118874664626SKris Kennaway { bugs=1; } 118974664626SKris Kennaway else if (strcmp(*argv,"-no_tmp_rsa") == 0) 119074664626SKris Kennaway { no_tmp_rsa=1; } 119174664626SKris Kennaway else if (strcmp(*argv,"-no_dhe") == 0) 119274664626SKris Kennaway { no_dhe=1; } 11933b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-no_ecdhe") == 0) 11943b4e3dcbSSimon L. B. Nielsen { no_ecdhe=1; } 11951f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 11961f13597dSJung-uk Kim else if (strcmp(*argv,"-psk_hint") == 0) 11971f13597dSJung-uk Kim { 11981f13597dSJung-uk Kim if (--argc < 1) goto bad; 11991f13597dSJung-uk Kim psk_identity_hint= *(++argv); 12001f13597dSJung-uk Kim } 12011f13597dSJung-uk Kim else if (strcmp(*argv,"-psk") == 0) 12021f13597dSJung-uk Kim { 12031f13597dSJung-uk Kim size_t i; 12041f13597dSJung-uk Kim 12051f13597dSJung-uk Kim if (--argc < 1) goto bad; 12061f13597dSJung-uk Kim psk_key=*(++argv); 12071f13597dSJung-uk Kim for (i=0; i<strlen(psk_key); i++) 12081f13597dSJung-uk Kim { 12091f13597dSJung-uk Kim if (isxdigit((unsigned char)psk_key[i])) 12101f13597dSJung-uk Kim continue; 12111f13597dSJung-uk Kim BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); 12121f13597dSJung-uk Kim goto bad; 12131f13597dSJung-uk Kim } 12141f13597dSJung-uk Kim } 12151f13597dSJung-uk Kim #endif 12161f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 12171f13597dSJung-uk Kim else if (strcmp(*argv, "-srpvfile") == 0) 12181f13597dSJung-uk Kim { 12191f13597dSJung-uk Kim if (--argc < 1) goto bad; 12201f13597dSJung-uk Kim srp_verifier_file = *(++argv); 12211f13597dSJung-uk Kim meth = TLSv1_server_method(); 12221f13597dSJung-uk Kim } 12231f13597dSJung-uk Kim else if (strcmp(*argv, "-srpuserseed") == 0) 12241f13597dSJung-uk Kim { 12251f13597dSJung-uk Kim if (--argc < 1) goto bad; 12261f13597dSJung-uk Kim srpuserseed = *(++argv); 12271f13597dSJung-uk Kim meth = TLSv1_server_method(); 12281f13597dSJung-uk Kim } 12291f13597dSJung-uk Kim #endif 123074664626SKris Kennaway else if (strcmp(*argv,"-www") == 0) 123174664626SKris Kennaway { www=1; } 123274664626SKris Kennaway else if (strcmp(*argv,"-WWW") == 0) 123374664626SKris Kennaway { www=2; } 12345c87c606SMark Murray else if (strcmp(*argv,"-HTTP") == 0) 12355c87c606SMark Murray { www=3; } 123674664626SKris Kennaway else if (strcmp(*argv,"-no_ssl2") == 0) 123774664626SKris Kennaway { off|=SSL_OP_NO_SSLv2; } 123874664626SKris Kennaway else if (strcmp(*argv,"-no_ssl3") == 0) 123974664626SKris Kennaway { off|=SSL_OP_NO_SSLv3; } 124074664626SKris Kennaway else if (strcmp(*argv,"-no_tls1") == 0) 124174664626SKris Kennaway { off|=SSL_OP_NO_TLSv1; } 12421f13597dSJung-uk Kim else if (strcmp(*argv,"-no_tls1_1") == 0) 12431f13597dSJung-uk Kim { off|=SSL_OP_NO_TLSv1_1; } 12441f13597dSJung-uk Kim else if (strcmp(*argv,"-no_tls1_2") == 0) 12451f13597dSJung-uk Kim { off|=SSL_OP_NO_TLSv1_2; } 12461f13597dSJung-uk Kim else if (strcmp(*argv,"-no_comp") == 0) 12471f13597dSJung-uk Kim { off|=SSL_OP_NO_COMPRESSION; } 1248db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1249db522d3aSSimon L. B. Nielsen else if (strcmp(*argv,"-no_ticket") == 0) 1250db522d3aSSimon L. B. Nielsen { off|=SSL_OP_NO_TICKET; } 1251db522d3aSSimon L. B. Nielsen #endif 12525c87c606SMark Murray #ifndef OPENSSL_NO_SSL2 125374664626SKris Kennaway else if (strcmp(*argv,"-ssl2") == 0) 125474664626SKris Kennaway { meth=SSLv2_server_method(); } 125574664626SKris Kennaway #endif 1256*751d2991SJung-uk Kim #ifndef OPENSSL_NO_SSL3_METHOD 125774664626SKris Kennaway else if (strcmp(*argv,"-ssl3") == 0) 125874664626SKris Kennaway { meth=SSLv3_server_method(); } 125974664626SKris Kennaway #endif 12605c87c606SMark Murray #ifndef OPENSSL_NO_TLS1 126174664626SKris Kennaway else if (strcmp(*argv,"-tls1") == 0) 126274664626SKris Kennaway { meth=TLSv1_server_method(); } 12631f13597dSJung-uk Kim else if (strcmp(*argv,"-tls1_1") == 0) 12641f13597dSJung-uk Kim { meth=TLSv1_1_server_method(); } 12651f13597dSJung-uk Kim else if (strcmp(*argv,"-tls1_2") == 0) 12661f13597dSJung-uk Kim { meth=TLSv1_2_server_method(); } 126774664626SKris Kennaway #endif 12683b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_DTLS1 12693b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-dtls1") == 0) 12703b4e3dcbSSimon L. B. Nielsen { 12713b4e3dcbSSimon L. B. Nielsen meth=DTLSv1_server_method(); 1272db522d3aSSimon L. B. Nielsen socket_type = SOCK_DGRAM; 12733b4e3dcbSSimon L. B. Nielsen } 12743b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-timeout") == 0) 12753b4e3dcbSSimon L. B. Nielsen enable_timeouts = 1; 12763b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv,"-mtu") == 0) 12773b4e3dcbSSimon L. B. Nielsen { 12783b4e3dcbSSimon L. B. Nielsen if (--argc < 1) goto bad; 12796a599222SSimon L. B. Nielsen socket_mtu = atol(*(++argv)); 12803b4e3dcbSSimon L. B. Nielsen } 12813b4e3dcbSSimon L. B. Nielsen else if (strcmp(*argv, "-chain") == 0) 12823b4e3dcbSSimon L. B. Nielsen cert_chain = 1; 12833b4e3dcbSSimon L. B. Nielsen #endif 12845c87c606SMark Murray else if (strcmp(*argv, "-id_prefix") == 0) 12855c87c606SMark Murray { 12865c87c606SMark Murray if (--argc < 1) goto bad; 12875c87c606SMark Murray session_id_prefix = *(++argv); 12885c87c606SMark Murray } 1289fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 12905c87c606SMark Murray else if (strcmp(*argv,"-engine") == 0) 12915c87c606SMark Murray { 12925c87c606SMark Murray if (--argc < 1) goto bad; 12935c87c606SMark Murray engine_id= *(++argv); 12945c87c606SMark Murray } 1295fceca8a3SJacques Vidrine #endif 12965740a5e3SKris Kennaway else if (strcmp(*argv,"-rand") == 0) 12975740a5e3SKris Kennaway { 12985740a5e3SKris Kennaway if (--argc < 1) goto bad; 12995740a5e3SKris Kennaway inrand= *(++argv); 13005740a5e3SKris Kennaway } 1301db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1302db522d3aSSimon L. B. Nielsen else if (strcmp(*argv,"-servername") == 0) 1303db522d3aSSimon L. B. Nielsen { 1304db522d3aSSimon L. B. Nielsen if (--argc < 1) goto bad; 1305db522d3aSSimon L. B. Nielsen tlsextcbp.servername= *(++argv); 1306db522d3aSSimon L. B. Nielsen } 1307db522d3aSSimon L. B. Nielsen else if (strcmp(*argv,"-servername_fatal") == 0) 1308db522d3aSSimon L. B. Nielsen { tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; } 1309db522d3aSSimon L. B. Nielsen else if (strcmp(*argv,"-cert2") == 0) 1310db522d3aSSimon L. B. Nielsen { 1311db522d3aSSimon L. B. Nielsen if (--argc < 1) goto bad; 1312db522d3aSSimon L. B. Nielsen s_cert_file2= *(++argv); 1313db522d3aSSimon L. B. Nielsen } 1314db522d3aSSimon L. B. Nielsen else if (strcmp(*argv,"-key2") == 0) 1315db522d3aSSimon L. B. Nielsen { 1316db522d3aSSimon L. B. Nielsen if (--argc < 1) goto bad; 1317db522d3aSSimon L. B. Nielsen s_key_file2= *(++argv); 1318db522d3aSSimon L. B. Nielsen } 13191f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 13201f13597dSJung-uk Kim else if (strcmp(*argv,"-nextprotoneg") == 0) 13211f13597dSJung-uk Kim { 13221f13597dSJung-uk Kim if (--argc < 1) goto bad; 13231f13597dSJung-uk Kim next_proto_neg_in = *(++argv); 13241f13597dSJung-uk Kim } 1325db522d3aSSimon L. B. Nielsen # endif 13261f13597dSJung-uk Kim #endif 13271f13597dSJung-uk Kim #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 1328db522d3aSSimon L. B. Nielsen else if (strcmp(*argv,"-jpake") == 0) 1329db522d3aSSimon L. B. Nielsen { 1330db522d3aSSimon L. B. Nielsen if (--argc < 1) goto bad; 1331db522d3aSSimon L. B. Nielsen jpake_secret = *(++argv); 1332db522d3aSSimon L. B. Nielsen } 1333db522d3aSSimon L. B. Nielsen #endif 133409286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 13351f13597dSJung-uk Kim else if (strcmp(*argv,"-use_srtp") == 0) 13361f13597dSJung-uk Kim { 13371f13597dSJung-uk Kim if (--argc < 1) goto bad; 13381f13597dSJung-uk Kim srtp_profiles = *(++argv); 13391f13597dSJung-uk Kim } 134009286989SJung-uk Kim #endif 13411f13597dSJung-uk Kim else if (strcmp(*argv,"-keymatexport") == 0) 13421f13597dSJung-uk Kim { 13431f13597dSJung-uk Kim if (--argc < 1) goto bad; 13441f13597dSJung-uk Kim keymatexportlabel= *(++argv); 13451f13597dSJung-uk Kim } 13461f13597dSJung-uk Kim else if (strcmp(*argv,"-keymatexportlen") == 0) 13471f13597dSJung-uk Kim { 13481f13597dSJung-uk Kim if (--argc < 1) goto bad; 13491f13597dSJung-uk Kim keymatexportlen=atoi(*(++argv)); 13501f13597dSJung-uk Kim if (keymatexportlen == 0) goto bad; 13511f13597dSJung-uk Kim } 135274664626SKris Kennaway else 135374664626SKris Kennaway { 135474664626SKris Kennaway BIO_printf(bio_err,"unknown option %s\n",*argv); 135574664626SKris Kennaway badop=1; 135674664626SKris Kennaway break; 135774664626SKris Kennaway } 135874664626SKris Kennaway argc--; 135974664626SKris Kennaway argv++; 136074664626SKris Kennaway } 136174664626SKris Kennaway if (badop) 136274664626SKris Kennaway { 136374664626SKris Kennaway bad: 136474664626SKris Kennaway sv_usage(); 136574664626SKris Kennaway goto end; 136674664626SKris Kennaway } 1367a93cbc2bSJung-uk Kim #ifndef OPENSSL_NO_DTLS1 1368a93cbc2bSJung-uk Kim if (www && socket_type == SOCK_DGRAM) 1369a93cbc2bSJung-uk Kim { 1370a93cbc2bSJung-uk Kim BIO_printf(bio_err, 1371a93cbc2bSJung-uk Kim "Can't use -HTTP, -www or -WWW with DTLS\n"); 1372a93cbc2bSJung-uk Kim goto end; 1373a93cbc2bSJung-uk Kim } 1374a93cbc2bSJung-uk Kim #endif 137574664626SKris Kennaway 13761f13597dSJung-uk Kim #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 13771f13597dSJung-uk Kim if (jpake_secret) 13781f13597dSJung-uk Kim { 13791f13597dSJung-uk Kim if (psk_key) 13801f13597dSJung-uk Kim { 13811f13597dSJung-uk Kim BIO_printf(bio_err, 13821f13597dSJung-uk Kim "Can't use JPAKE and PSK together\n"); 13831f13597dSJung-uk Kim goto end; 13841f13597dSJung-uk Kim } 13851f13597dSJung-uk Kim psk_identity = "JPAKE"; 13861f13597dSJung-uk Kim if (cipher) 13871f13597dSJung-uk Kim { 13881f13597dSJung-uk Kim BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); 13891f13597dSJung-uk Kim goto end; 13901f13597dSJung-uk Kim } 13911f13597dSJung-uk Kim cipher = "PSK"; 13921f13597dSJung-uk Kim } 13931f13597dSJung-uk Kim 13941f13597dSJung-uk Kim #endif 13951f13597dSJung-uk Kim 13965c87c606SMark Murray SSL_load_error_strings(); 13975c87c606SMark Murray OpenSSL_add_ssl_algorithms(); 13985c87c606SMark Murray 1399fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 14005c87c606SMark Murray e = setup_engine(bio_err, engine_id, 1); 1401fceca8a3SJacques Vidrine #endif 14025c87c606SMark Murray 14033b4e3dcbSSimon L. B. Nielsen if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) 14043b4e3dcbSSimon L. B. Nielsen { 14053b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "Error getting password\n"); 14063b4e3dcbSSimon L. B. Nielsen goto end; 14073b4e3dcbSSimon L. B. Nielsen } 14083b4e3dcbSSimon L. B. Nielsen 14093b4e3dcbSSimon L. B. Nielsen 14103b4e3dcbSSimon L. B. Nielsen if (s_key_file == NULL) 14113b4e3dcbSSimon L. B. Nielsen s_key_file = s_cert_file; 1412db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1413db522d3aSSimon L. B. Nielsen if (s_key_file2 == NULL) 1414db522d3aSSimon L. B. Nielsen s_key_file2 = s_cert_file2; 1415db522d3aSSimon L. B. Nielsen #endif 14163b4e3dcbSSimon L. B. Nielsen 14173b4e3dcbSSimon L. B. Nielsen if (nocert == 0) 14183b4e3dcbSSimon L. B. Nielsen { 14193b4e3dcbSSimon L. B. Nielsen s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e, 14203b4e3dcbSSimon L. B. Nielsen "server certificate private key file"); 14213b4e3dcbSSimon L. B. Nielsen if (!s_key) 14223b4e3dcbSSimon L. B. Nielsen { 14233b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 14243b4e3dcbSSimon L. B. Nielsen goto end; 14253b4e3dcbSSimon L. B. Nielsen } 14263b4e3dcbSSimon L. B. Nielsen 14273b4e3dcbSSimon L. B. Nielsen s_cert = load_cert(bio_err,s_cert_file,s_cert_format, 14283b4e3dcbSSimon L. B. Nielsen NULL, e, "server certificate file"); 14293b4e3dcbSSimon L. B. Nielsen 14303b4e3dcbSSimon L. B. Nielsen if (!s_cert) 14313b4e3dcbSSimon L. B. Nielsen { 14323b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 14333b4e3dcbSSimon L. B. Nielsen goto end; 14343b4e3dcbSSimon L. B. Nielsen } 1435db522d3aSSimon L. B. Nielsen 1436db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1437db522d3aSSimon L. B. Nielsen if (tlsextcbp.servername) 1438db522d3aSSimon L. B. Nielsen { 1439db522d3aSSimon L. B. Nielsen s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e, 1440db522d3aSSimon L. B. Nielsen "second server certificate private key file"); 1441db522d3aSSimon L. B. Nielsen if (!s_key2) 1442db522d3aSSimon L. B. Nielsen { 1443db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1444db522d3aSSimon L. B. Nielsen goto end; 14453b4e3dcbSSimon L. B. Nielsen } 14463b4e3dcbSSimon L. B. Nielsen 1447db522d3aSSimon L. B. Nielsen s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format, 1448db522d3aSSimon L. B. Nielsen NULL, e, "second server certificate file"); 1449db522d3aSSimon L. B. Nielsen 1450db522d3aSSimon L. B. Nielsen if (!s_cert2) 1451db522d3aSSimon L. B. Nielsen { 1452db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1453db522d3aSSimon L. B. Nielsen goto end; 1454db522d3aSSimon L. B. Nielsen } 1455db522d3aSSimon L. B. Nielsen } 145609286989SJung-uk Kim #endif 145709286989SJung-uk Kim } 14581f13597dSJung-uk Kim 145909286989SJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 14601f13597dSJung-uk Kim if (next_proto_neg_in) 14611f13597dSJung-uk Kim { 14621f13597dSJung-uk Kim unsigned short len; 146309286989SJung-uk Kim next_proto.data = next_protos_parse(&len, next_proto_neg_in); 14641f13597dSJung-uk Kim if (next_proto.data == NULL) 14651f13597dSJung-uk Kim goto end; 14661f13597dSJung-uk Kim next_proto.len = len; 14671f13597dSJung-uk Kim } 14681f13597dSJung-uk Kim else 14691f13597dSJung-uk Kim { 14701f13597dSJung-uk Kim next_proto.data = NULL; 14711f13597dSJung-uk Kim } 14721f13597dSJung-uk Kim #endif 14731f13597dSJung-uk Kim 14741f13597dSJung-uk Kim 14753b4e3dcbSSimon L. B. Nielsen if (s_dcert_file) 14763b4e3dcbSSimon L. B. Nielsen { 14773b4e3dcbSSimon L. B. Nielsen 14783b4e3dcbSSimon L. B. Nielsen if (s_dkey_file == NULL) 14793b4e3dcbSSimon L. B. Nielsen s_dkey_file = s_dcert_file; 14803b4e3dcbSSimon L. B. Nielsen 14813b4e3dcbSSimon L. B. Nielsen s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, 14823b4e3dcbSSimon L. B. Nielsen 0, dpass, e, 14833b4e3dcbSSimon L. B. Nielsen "second certificate private key file"); 14843b4e3dcbSSimon L. B. Nielsen if (!s_dkey) 14853b4e3dcbSSimon L. B. Nielsen { 14863b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 14873b4e3dcbSSimon L. B. Nielsen goto end; 14883b4e3dcbSSimon L. B. Nielsen } 14893b4e3dcbSSimon L. B. Nielsen 14903b4e3dcbSSimon L. B. Nielsen s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format, 14913b4e3dcbSSimon L. B. Nielsen NULL, e, "second server certificate file"); 14923b4e3dcbSSimon L. B. Nielsen 14933b4e3dcbSSimon L. B. Nielsen if (!s_dcert) 14943b4e3dcbSSimon L. B. Nielsen { 14953b4e3dcbSSimon L. B. Nielsen ERR_print_errors(bio_err); 14963b4e3dcbSSimon L. B. Nielsen goto end; 14973b4e3dcbSSimon L. B. Nielsen } 14983b4e3dcbSSimon L. B. Nielsen 14993b4e3dcbSSimon L. B. Nielsen } 15003b4e3dcbSSimon L. B. Nielsen 15015740a5e3SKris Kennaway if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL 15025740a5e3SKris Kennaway && !RAND_status()) 15035740a5e3SKris Kennaway { 15045740a5e3SKris Kennaway BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); 15055740a5e3SKris Kennaway } 15065740a5e3SKris Kennaway if (inrand != NULL) 15075740a5e3SKris Kennaway BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 15085740a5e3SKris Kennaway app_RAND_load_files(inrand)); 1509f579bf8eSKris Kennaway 151074664626SKris Kennaway if (bio_s_out == NULL) 151174664626SKris Kennaway { 15125c87c606SMark Murray if (s_quiet && !s_debug && !s_msg) 151374664626SKris Kennaway { 151474664626SKris Kennaway bio_s_out=BIO_new(BIO_s_null()); 151574664626SKris Kennaway } 151674664626SKris Kennaway else 151774664626SKris Kennaway { 151874664626SKris Kennaway if (bio_s_out == NULL) 151974664626SKris Kennaway bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE); 152074664626SKris Kennaway } 152174664626SKris Kennaway } 152274664626SKris Kennaway 15233b4e3dcbSSimon L. B. Nielsen #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) 152474664626SKris Kennaway if (nocert) 152574664626SKris Kennaway #endif 152674664626SKris Kennaway { 152774664626SKris Kennaway s_cert_file=NULL; 152874664626SKris Kennaway s_key_file=NULL; 152974664626SKris Kennaway s_dcert_file=NULL; 153074664626SKris Kennaway s_dkey_file=NULL; 1531db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1532db522d3aSSimon L. B. Nielsen s_cert_file2=NULL; 1533db522d3aSSimon L. B. Nielsen s_key_file2=NULL; 1534db522d3aSSimon L. B. Nielsen #endif 153574664626SKris Kennaway } 153674664626SKris Kennaway 153774664626SKris Kennaway ctx=SSL_CTX_new(meth); 153874664626SKris Kennaway if (ctx == NULL) 153974664626SKris Kennaway { 154074664626SKris Kennaway ERR_print_errors(bio_err); 154174664626SKris Kennaway goto end; 154274664626SKris Kennaway } 15435c87c606SMark Murray if (session_id_prefix) 15445c87c606SMark Murray { 15455c87c606SMark Murray if(strlen(session_id_prefix) >= 32) 15465c87c606SMark Murray BIO_printf(bio_err, 15475c87c606SMark Murray "warning: id_prefix is too long, only one new session will be possible\n"); 15485c87c606SMark Murray else if(strlen(session_id_prefix) >= 16) 15495c87c606SMark Murray BIO_printf(bio_err, 15505c87c606SMark Murray "warning: id_prefix is too long if you use SSLv2\n"); 15515c87c606SMark Murray if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) 15525c87c606SMark Murray { 15535c87c606SMark Murray BIO_printf(bio_err,"error setting 'id_prefix'\n"); 15545c87c606SMark Murray ERR_print_errors(bio_err); 15555c87c606SMark Murray goto end; 15565c87c606SMark Murray } 15575c87c606SMark Murray BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix); 15585c87c606SMark Murray } 155974664626SKris Kennaway SSL_CTX_set_quiet_shutdown(ctx,1); 156074664626SKris Kennaway if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); 156174664626SKris Kennaway if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); 156274664626SKris Kennaway SSL_CTX_set_options(ctx,off); 15633b4e3dcbSSimon L. B. Nielsen /* DTLS: partial reads end up discarding unread UDP bytes :-( 15643b4e3dcbSSimon L. B. Nielsen * Setting read ahead solves this problem. 15653b4e3dcbSSimon L. B. Nielsen */ 1566db522d3aSSimon L. B. Nielsen if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); 156774664626SKris Kennaway 156874664626SKris Kennaway if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); 15696a599222SSimon L. B. Nielsen if (no_cache) 15706a599222SSimon L. B. Nielsen SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 15716a599222SSimon L. B. Nielsen else 157274664626SKris Kennaway SSL_CTX_sess_set_cache_size(ctx,128); 157374664626SKris Kennaway 157409286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 15751f13597dSJung-uk Kim if (srtp_profiles != NULL) 15761f13597dSJung-uk Kim SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); 157709286989SJung-uk Kim #endif 15781f13597dSJung-uk Kim 157974664626SKris Kennaway #if 0 158074664626SKris Kennaway if (cipher == NULL) cipher=getenv("SSL_CIPHER"); 158174664626SKris Kennaway #endif 158274664626SKris Kennaway 158374664626SKris Kennaway #if 0 158474664626SKris Kennaway if (s_cert_file == NULL) 158574664626SKris Kennaway { 158674664626SKris Kennaway BIO_printf(bio_err,"You must specify a certificate file for the server to use\n"); 158774664626SKris Kennaway goto end; 158874664626SKris Kennaway } 158974664626SKris Kennaway #endif 159074664626SKris Kennaway 159174664626SKris Kennaway if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || 159274664626SKris Kennaway (!SSL_CTX_set_default_verify_paths(ctx))) 159374664626SKris Kennaway { 159474664626SKris Kennaway /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ 159574664626SKris Kennaway ERR_print_errors(bio_err); 159674664626SKris Kennaway /* goto end; */ 159774664626SKris Kennaway } 15981f13597dSJung-uk Kim if (vpm) 15991f13597dSJung-uk Kim SSL_CTX_set1_param(ctx, vpm); 16001f13597dSJung-uk Kim 1601db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1602db522d3aSSimon L. B. Nielsen if (s_cert2) 1603db522d3aSSimon L. B. Nielsen { 1604db522d3aSSimon L. B. Nielsen ctx2=SSL_CTX_new(meth); 1605db522d3aSSimon L. B. Nielsen if (ctx2 == NULL) 1606db522d3aSSimon L. B. Nielsen { 1607db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1608db522d3aSSimon L. B. Nielsen goto end; 1609db522d3aSSimon L. B. Nielsen } 1610db522d3aSSimon L. B. Nielsen } 1611db522d3aSSimon L. B. Nielsen 1612db522d3aSSimon L. B. Nielsen if (ctx2) 1613db522d3aSSimon L. B. Nielsen { 1614db522d3aSSimon L. B. Nielsen BIO_printf(bio_s_out,"Setting secondary ctx parameters\n"); 1615db522d3aSSimon L. B. Nielsen 1616db522d3aSSimon L. B. Nielsen if (session_id_prefix) 1617db522d3aSSimon L. B. Nielsen { 1618db522d3aSSimon L. B. Nielsen if(strlen(session_id_prefix) >= 32) 1619db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, 1620db522d3aSSimon L. B. Nielsen "warning: id_prefix is too long, only one new session will be possible\n"); 1621db522d3aSSimon L. B. Nielsen else if(strlen(session_id_prefix) >= 16) 1622db522d3aSSimon L. B. Nielsen BIO_printf(bio_err, 1623db522d3aSSimon L. B. Nielsen "warning: id_prefix is too long if you use SSLv2\n"); 1624db522d3aSSimon L. B. Nielsen if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) 1625db522d3aSSimon L. B. Nielsen { 1626db522d3aSSimon L. B. Nielsen BIO_printf(bio_err,"error setting 'id_prefix'\n"); 1627db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1628db522d3aSSimon L. B. Nielsen goto end; 1629db522d3aSSimon L. B. Nielsen } 1630db522d3aSSimon L. B. Nielsen BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix); 1631db522d3aSSimon L. B. Nielsen } 1632db522d3aSSimon L. B. Nielsen SSL_CTX_set_quiet_shutdown(ctx2,1); 1633db522d3aSSimon L. B. Nielsen if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL); 1634db522d3aSSimon L. B. Nielsen if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); 1635db522d3aSSimon L. B. Nielsen SSL_CTX_set_options(ctx2,off); 1636db522d3aSSimon L. B. Nielsen /* DTLS: partial reads end up discarding unread UDP bytes :-( 1637db522d3aSSimon L. B. Nielsen * Setting read ahead solves this problem. 1638db522d3aSSimon L. B. Nielsen */ 1639db522d3aSSimon L. B. Nielsen if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1); 1640db522d3aSSimon L. B. Nielsen 1641db522d3aSSimon L. B. Nielsen if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback); 1642db522d3aSSimon L. B. Nielsen 16436a599222SSimon L. B. Nielsen if (no_cache) 16446a599222SSimon L. B. Nielsen SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF); 16456a599222SSimon L. B. Nielsen else 1646db522d3aSSimon L. B. Nielsen SSL_CTX_sess_set_cache_size(ctx2,128); 1647db522d3aSSimon L. B. Nielsen 1648db522d3aSSimon L. B. Nielsen if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || 1649db522d3aSSimon L. B. Nielsen (!SSL_CTX_set_default_verify_paths(ctx2))) 1650db522d3aSSimon L. B. Nielsen { 1651db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1652db522d3aSSimon L. B. Nielsen } 16531f13597dSJung-uk Kim if (vpm) 16541f13597dSJung-uk Kim SSL_CTX_set1_param(ctx2, vpm); 1655db522d3aSSimon L. B. Nielsen } 1656db522d3aSSimon L. B. Nielsen 16571f13597dSJung-uk Kim # ifndef OPENSSL_NO_NEXTPROTONEG 16581f13597dSJung-uk Kim if (next_proto.data) 16591f13597dSJung-uk Kim SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); 16601f13597dSJung-uk Kim # endif 16611f13597dSJung-uk Kim #endif 166274664626SKris Kennaway 16635c87c606SMark Murray #ifndef OPENSSL_NO_DH 166474664626SKris Kennaway if (!no_dhe) 166574664626SKris Kennaway { 16665c87c606SMark Murray DH *dh=NULL; 16675c87c606SMark Murray 16685c87c606SMark Murray if (dhfile) 16695c87c606SMark Murray dh = load_dh_param(dhfile); 16705c87c606SMark Murray else if (s_cert_file) 16715c87c606SMark Murray dh = load_dh_param(s_cert_file); 16725c87c606SMark Murray 167374664626SKris Kennaway if (dh != NULL) 167474664626SKris Kennaway { 167574664626SKris Kennaway BIO_printf(bio_s_out,"Setting temp DH parameters\n"); 167674664626SKris Kennaway } 167774664626SKris Kennaway else 167874664626SKris Kennaway { 167974664626SKris Kennaway BIO_printf(bio_s_out,"Using default temp DH parameters\n"); 168074664626SKris Kennaway dh=get_dh512(); 168174664626SKris Kennaway } 168274664626SKris Kennaway (void)BIO_flush(bio_s_out); 168374664626SKris Kennaway 168474664626SKris Kennaway SSL_CTX_set_tmp_dh(ctx,dh); 1685db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1686db522d3aSSimon L. B. Nielsen if (ctx2) 1687db522d3aSSimon L. B. Nielsen { 1688db522d3aSSimon L. B. Nielsen if (!dhfile) 1689db522d3aSSimon L. B. Nielsen { 1690db522d3aSSimon L. B. Nielsen DH *dh2=load_dh_param(s_cert_file2); 1691db522d3aSSimon L. B. Nielsen if (dh2 != NULL) 1692db522d3aSSimon L. B. Nielsen { 1693db522d3aSSimon L. B. Nielsen BIO_printf(bio_s_out,"Setting temp DH parameters\n"); 1694db522d3aSSimon L. B. Nielsen (void)BIO_flush(bio_s_out); 1695db522d3aSSimon L. B. Nielsen 1696db522d3aSSimon L. B. Nielsen DH_free(dh); 1697db522d3aSSimon L. B. Nielsen dh = dh2; 1698db522d3aSSimon L. B. Nielsen } 1699db522d3aSSimon L. B. Nielsen } 1700db522d3aSSimon L. B. Nielsen SSL_CTX_set_tmp_dh(ctx2,dh); 1701db522d3aSSimon L. B. Nielsen } 1702db522d3aSSimon L. B. Nielsen #endif 170374664626SKris Kennaway DH_free(dh); 170474664626SKris Kennaway } 170574664626SKris Kennaway #endif 170674664626SKris Kennaway 17073b4e3dcbSSimon L. B. Nielsen #ifndef OPENSSL_NO_ECDH 17083b4e3dcbSSimon L. B. Nielsen if (!no_ecdhe) 170974664626SKris Kennaway { 17103b4e3dcbSSimon L. B. Nielsen EC_KEY *ecdh=NULL; 17113b4e3dcbSSimon L. B. Nielsen 17123b4e3dcbSSimon L. B. Nielsen if (named_curve) 17133b4e3dcbSSimon L. B. Nielsen { 17143b4e3dcbSSimon L. B. Nielsen int nid = OBJ_sn2nid(named_curve); 17153b4e3dcbSSimon L. B. Nielsen 17163b4e3dcbSSimon L. B. Nielsen if (nid == 0) 17173b4e3dcbSSimon L. B. Nielsen { 17183b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "unknown curve name (%s)\n", 17193b4e3dcbSSimon L. B. Nielsen named_curve); 17203b4e3dcbSSimon L. B. Nielsen goto end; 17213b4e3dcbSSimon L. B. Nielsen } 17223b4e3dcbSSimon L. B. Nielsen ecdh = EC_KEY_new_by_curve_name(nid); 17233b4e3dcbSSimon L. B. Nielsen if (ecdh == NULL) 17243b4e3dcbSSimon L. B. Nielsen { 17253b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "unable to create curve (%s)\n", 17263b4e3dcbSSimon L. B. Nielsen named_curve); 17273b4e3dcbSSimon L. B. Nielsen goto end; 17283b4e3dcbSSimon L. B. Nielsen } 17293b4e3dcbSSimon L. B. Nielsen } 17303b4e3dcbSSimon L. B. Nielsen 17313b4e3dcbSSimon L. B. Nielsen if (ecdh != NULL) 17323b4e3dcbSSimon L. B. Nielsen { 17333b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); 17343b4e3dcbSSimon L. B. Nielsen } 17353b4e3dcbSSimon L. B. Nielsen else 17363b4e3dcbSSimon L. B. Nielsen { 17373b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_s_out,"Using default temp ECDH parameters\n"); 17381f13597dSJung-uk Kim ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 17393b4e3dcbSSimon L. B. Nielsen if (ecdh == NULL) 17403b4e3dcbSSimon L. B. Nielsen { 17411f13597dSJung-uk Kim BIO_printf(bio_err, "unable to create curve (nistp256)\n"); 17423b4e3dcbSSimon L. B. Nielsen goto end; 17433b4e3dcbSSimon L. B. Nielsen } 17443b4e3dcbSSimon L. B. Nielsen } 17453b4e3dcbSSimon L. B. Nielsen (void)BIO_flush(bio_s_out); 17463b4e3dcbSSimon L. B. Nielsen 17473b4e3dcbSSimon L. B. Nielsen SSL_CTX_set_tmp_ecdh(ctx,ecdh); 1748db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1749db522d3aSSimon L. B. Nielsen if (ctx2) 1750db522d3aSSimon L. B. Nielsen SSL_CTX_set_tmp_ecdh(ctx2,ecdh); 1751db522d3aSSimon L. B. Nielsen #endif 17523b4e3dcbSSimon L. B. Nielsen EC_KEY_free(ecdh); 17533b4e3dcbSSimon L. B. Nielsen } 17543b4e3dcbSSimon L. B. Nielsen #endif 17553b4e3dcbSSimon L. B. Nielsen 17563b4e3dcbSSimon L. B. Nielsen if (!set_cert_key_stuff(ctx, s_cert, s_key)) 17573b4e3dcbSSimon L. B. Nielsen goto end; 1758db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1759db522d3aSSimon L. B. Nielsen if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) 1760db522d3aSSimon L. B. Nielsen goto end; 1761db522d3aSSimon L. B. Nielsen #endif 17623b4e3dcbSSimon L. B. Nielsen if (s_dcert != NULL) 17633b4e3dcbSSimon L. B. Nielsen { 17643b4e3dcbSSimon L. B. Nielsen if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) 176574664626SKris Kennaway goto end; 176674664626SKris Kennaway } 176774664626SKris Kennaway 17685c87c606SMark Murray #ifndef OPENSSL_NO_RSA 176974664626SKris Kennaway #if 1 17705740a5e3SKris Kennaway if (!no_tmp_rsa) 1771db522d3aSSimon L. B. Nielsen { 177274664626SKris Kennaway SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); 1773db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1774db522d3aSSimon L. B. Nielsen if (ctx2) 1775db522d3aSSimon L. B. Nielsen SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); 1776db522d3aSSimon L. B. Nielsen #endif 1777db522d3aSSimon L. B. Nielsen } 177874664626SKris Kennaway #else 177974664626SKris Kennaway if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) 178074664626SKris Kennaway { 178174664626SKris Kennaway RSA *rsa; 178274664626SKris Kennaway 178374664626SKris Kennaway BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); 178474664626SKris Kennaway BIO_flush(bio_s_out); 178574664626SKris Kennaway 178674664626SKris Kennaway rsa=RSA_generate_key(512,RSA_F4,NULL); 178774664626SKris Kennaway 178874664626SKris Kennaway if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) 178974664626SKris Kennaway { 179074664626SKris Kennaway ERR_print_errors(bio_err); 179174664626SKris Kennaway goto end; 179274664626SKris Kennaway } 1793db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1794db522d3aSSimon L. B. Nielsen if (ctx2) 1795db522d3aSSimon L. B. Nielsen { 1796db522d3aSSimon L. B. Nielsen if (!SSL_CTX_set_tmp_rsa(ctx2,rsa)) 1797db522d3aSSimon L. B. Nielsen { 1798db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1799db522d3aSSimon L. B. Nielsen goto end; 1800db522d3aSSimon L. B. Nielsen } 1801db522d3aSSimon L. B. Nielsen } 1802db522d3aSSimon L. B. Nielsen #endif 180374664626SKris Kennaway RSA_free(rsa); 180474664626SKris Kennaway BIO_printf(bio_s_out,"\n"); 180574664626SKris Kennaway } 180674664626SKris Kennaway #endif 180774664626SKris Kennaway #endif 180874664626SKris Kennaway 18091f13597dSJung-uk Kim #ifndef OPENSSL_NO_PSK 18101f13597dSJung-uk Kim #ifdef OPENSSL_NO_JPAKE 18111f13597dSJung-uk Kim if (psk_key != NULL) 18121f13597dSJung-uk Kim #else 18131f13597dSJung-uk Kim if (psk_key != NULL || jpake_secret) 18141f13597dSJung-uk Kim #endif 18151f13597dSJung-uk Kim { 18161f13597dSJung-uk Kim if (s_debug) 18171f13597dSJung-uk Kim BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n"); 18181f13597dSJung-uk Kim SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); 18191f13597dSJung-uk Kim } 18201f13597dSJung-uk Kim 18211f13597dSJung-uk Kim if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) 18221f13597dSJung-uk Kim { 18231f13597dSJung-uk Kim BIO_printf(bio_err,"error setting PSK identity hint to context\n"); 18241f13597dSJung-uk Kim ERR_print_errors(bio_err); 18251f13597dSJung-uk Kim goto end; 18261f13597dSJung-uk Kim } 18271f13597dSJung-uk Kim #endif 18281f13597dSJung-uk Kim 182974664626SKris Kennaway if (cipher != NULL) 18301f13597dSJung-uk Kim { 18311f13597dSJung-uk Kim if(!SSL_CTX_set_cipher_list(ctx,cipher)) 18321f13597dSJung-uk Kim { 1833f579bf8eSKris Kennaway BIO_printf(bio_err,"error setting cipher list\n"); 1834f579bf8eSKris Kennaway ERR_print_errors(bio_err); 1835f579bf8eSKris Kennaway goto end; 18361f13597dSJung-uk Kim } 1837db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1838db522d3aSSimon L. B. Nielsen if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher)) 1839db522d3aSSimon L. B. Nielsen { 1840db522d3aSSimon L. B. Nielsen BIO_printf(bio_err,"error setting cipher list\n"); 1841db522d3aSSimon L. B. Nielsen ERR_print_errors(bio_err); 1842db522d3aSSimon L. B. Nielsen goto end; 1843db522d3aSSimon L. B. Nielsen } 1844db522d3aSSimon L. B. Nielsen #endif 1845f579bf8eSKris Kennaway } 184674664626SKris Kennaway SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); 184774664626SKris Kennaway SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, 184874664626SKris Kennaway sizeof s_server_session_id_context); 184974664626SKris Kennaway 18506a599222SSimon L. B. Nielsen /* Set DTLS cookie generation and verification callbacks */ 18516a599222SSimon L. B. Nielsen SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); 18526a599222SSimon L. B. Nielsen SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); 18536a599222SSimon L. B. Nielsen 1854db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1855db522d3aSSimon L. B. Nielsen if (ctx2) 1856db522d3aSSimon L. B. Nielsen { 1857db522d3aSSimon L. B. Nielsen SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback); 1858db522d3aSSimon L. B. Nielsen SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context, 1859db522d3aSSimon L. B. Nielsen sizeof s_server_session_id_context); 186074664626SKris Kennaway 1861db522d3aSSimon L. B. Nielsen tlsextcbp.biodebug = bio_s_out; 1862db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); 1863db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); 1864db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1865db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1866db522d3aSSimon L. B. Nielsen } 1867db522d3aSSimon L. B. Nielsen #endif 18681f13597dSJung-uk Kim 18691f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 18701f13597dSJung-uk Kim if (srp_verifier_file != NULL) 18711f13597dSJung-uk Kim { 18721f13597dSJung-uk Kim srp_callback_parm.vb = SRP_VBASE_new(srpuserseed); 18731f13597dSJung-uk Kim srp_callback_parm.user = NULL; 18741f13597dSJung-uk Kim srp_callback_parm.login = NULL; 18751f13597dSJung-uk Kim if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) 18761f13597dSJung-uk Kim { 18771f13597dSJung-uk Kim BIO_printf(bio_err, 18781f13597dSJung-uk Kim "Cannot initialize SRP verifier file \"%s\":ret=%d\n", 18791f13597dSJung-uk Kim srp_verifier_file, ret); 18801f13597dSJung-uk Kim goto end; 18811f13597dSJung-uk Kim } 18821f13597dSJung-uk Kim SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,verify_callback); 18831f13597dSJung-uk Kim SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm); 18841f13597dSJung-uk Kim SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb); 18851f13597dSJung-uk Kim } 18861f13597dSJung-uk Kim else 18871f13597dSJung-uk Kim #endif 1888db522d3aSSimon L. B. Nielsen if (CAfile != NULL) 1889db522d3aSSimon L. B. Nielsen { 1890db522d3aSSimon L. B. Nielsen SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); 1891db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 1892db522d3aSSimon L. B. Nielsen if (ctx2) 1893db522d3aSSimon L. B. Nielsen SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile)); 1894db522d3aSSimon L. B. Nielsen #endif 1895db522d3aSSimon L. B. Nielsen } 18961f13597dSJung-uk Kim 189774664626SKris Kennaway BIO_printf(bio_s_out,"ACCEPT\n"); 18981f13597dSJung-uk Kim (void)BIO_flush(bio_s_out); 189974664626SKris Kennaway if (www) 1900db522d3aSSimon L. B. Nielsen do_server(port,socket_type,&accept_socket,www_body, context); 190174664626SKris Kennaway else 1902db522d3aSSimon L. B. Nielsen do_server(port,socket_type,&accept_socket,sv_body, context); 190374664626SKris Kennaway print_stats(bio_s_out,ctx); 190474664626SKris Kennaway ret=0; 190574664626SKris Kennaway end: 190674664626SKris Kennaway if (ctx != NULL) SSL_CTX_free(ctx); 19073b4e3dcbSSimon L. B. Nielsen if (s_cert) 19083b4e3dcbSSimon L. B. Nielsen X509_free(s_cert); 19093b4e3dcbSSimon L. B. Nielsen if (s_dcert) 19103b4e3dcbSSimon L. B. Nielsen X509_free(s_dcert); 19113b4e3dcbSSimon L. B. Nielsen if (s_key) 19123b4e3dcbSSimon L. B. Nielsen EVP_PKEY_free(s_key); 19133b4e3dcbSSimon L. B. Nielsen if (s_dkey) 19143b4e3dcbSSimon L. B. Nielsen EVP_PKEY_free(s_dkey); 19153b4e3dcbSSimon L. B. Nielsen if (pass) 19163b4e3dcbSSimon L. B. Nielsen OPENSSL_free(pass); 19173b4e3dcbSSimon L. B. Nielsen if (dpass) 19183b4e3dcbSSimon L. B. Nielsen OPENSSL_free(dpass); 191909286989SJung-uk Kim if (vpm) 192009286989SJung-uk Kim X509_VERIFY_PARAM_free(vpm); 1921db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 192209286989SJung-uk Kim if (tlscstatp.host) 192309286989SJung-uk Kim OPENSSL_free(tlscstatp.host); 192409286989SJung-uk Kim if (tlscstatp.port) 192509286989SJung-uk Kim OPENSSL_free(tlscstatp.port); 192609286989SJung-uk Kim if (tlscstatp.path) 192709286989SJung-uk Kim OPENSSL_free(tlscstatp.path); 1928db522d3aSSimon L. B. Nielsen if (ctx2 != NULL) SSL_CTX_free(ctx2); 1929db522d3aSSimon L. B. Nielsen if (s_cert2) 1930db522d3aSSimon L. B. Nielsen X509_free(s_cert2); 1931db522d3aSSimon L. B. Nielsen if (s_key2) 1932db522d3aSSimon L. B. Nielsen EVP_PKEY_free(s_key2); 1933db522d3aSSimon L. B. Nielsen #endif 193474664626SKris Kennaway if (bio_s_out != NULL) 193574664626SKris Kennaway { 193674664626SKris Kennaway BIO_free(bio_s_out); 193774664626SKris Kennaway bio_s_out=NULL; 193874664626SKris Kennaway } 19395c87c606SMark Murray apps_shutdown(); 19405c87c606SMark Murray OPENSSL_EXIT(ret); 194174664626SKris Kennaway } 194274664626SKris Kennaway 194374664626SKris Kennaway static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) 194474664626SKris Kennaway { 194574664626SKris Kennaway BIO_printf(bio,"%4ld items in the session cache\n", 194674664626SKris Kennaway SSL_CTX_sess_number(ssl_ctx)); 19473b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld client connects (SSL_connect())\n", 194874664626SKris Kennaway SSL_CTX_sess_connect(ssl_ctx)); 19493b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n", 195074664626SKris Kennaway SSL_CTX_sess_connect_renegotiate(ssl_ctx)); 19513b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld client connects that finished\n", 195274664626SKris Kennaway SSL_CTX_sess_connect_good(ssl_ctx)); 19533b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld server accepts (SSL_accept())\n", 195474664626SKris Kennaway SSL_CTX_sess_accept(ssl_ctx)); 19553b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n", 195674664626SKris Kennaway SSL_CTX_sess_accept_renegotiate(ssl_ctx)); 19573b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld server accepts that finished\n", 195874664626SKris Kennaway SSL_CTX_sess_accept_good(ssl_ctx)); 19593b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); 19603b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); 19613b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); 19623b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); 19633b4e3dcbSSimon L. B. Nielsen BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n", 196474664626SKris Kennaway SSL_CTX_sess_cache_full(ssl_ctx), 196574664626SKris Kennaway SSL_CTX_sess_get_cache_size(ssl_ctx)); 196674664626SKris Kennaway } 196774664626SKris Kennaway 196874664626SKris Kennaway static int sv_body(char *hostname, int s, unsigned char *context) 196974664626SKris Kennaway { 197074664626SKris Kennaway char *buf=NULL; 197174664626SKris Kennaway fd_set readfds; 197274664626SKris Kennaway int ret=1,width; 197374664626SKris Kennaway int k,i; 197474664626SKris Kennaway unsigned long l; 197574664626SKris Kennaway SSL *con=NULL; 197674664626SKris Kennaway BIO *sbio; 19771f13597dSJung-uk Kim #ifndef OPENSSL_NO_KRB5 19781f13597dSJung-uk Kim KSSL_CTX *kctx; 19791f13597dSJung-uk Kim #endif 19806a599222SSimon L. B. Nielsen struct timeval timeout; 19811f13597dSJung-uk Kim #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) 1982f579bf8eSKris Kennaway struct timeval tv; 19836a599222SSimon L. B. Nielsen #else 19846a599222SSimon L. B. Nielsen struct timeval *timeoutp; 1985f579bf8eSKris Kennaway #endif 198674664626SKris Kennaway 1987ddd58736SKris Kennaway if ((buf=OPENSSL_malloc(bufsize)) == NULL) 198874664626SKris Kennaway { 198974664626SKris Kennaway BIO_printf(bio_err,"out of memory\n"); 199074664626SKris Kennaway goto err; 199174664626SKris Kennaway } 199274664626SKris Kennaway #ifdef FIONBIO 199374664626SKris Kennaway if (s_nbio) 199474664626SKris Kennaway { 199574664626SKris Kennaway unsigned long sl=1; 199674664626SKris Kennaway 199774664626SKris Kennaway if (!s_quiet) 199874664626SKris Kennaway BIO_printf(bio_err,"turning on non blocking io\n"); 199974664626SKris Kennaway if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 200074664626SKris Kennaway ERR_print_errors(bio_err); 200174664626SKris Kennaway } 200274664626SKris Kennaway #endif 200374664626SKris Kennaway 200474664626SKris Kennaway if (con == NULL) { 2005f579bf8eSKris Kennaway con=SSL_new(ctx); 2006db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 2007db522d3aSSimon L. B. Nielsen if (s_tlsextdebug) 2008db522d3aSSimon L. B. Nielsen { 2009db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_callback(con, tlsext_cb); 2010db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_arg(con, bio_s_out); 2011db522d3aSSimon L. B. Nielsen } 2012db522d3aSSimon L. B. Nielsen if (s_tlsextstatus) 2013db522d3aSSimon L. B. Nielsen { 2014db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); 2015db522d3aSSimon L. B. Nielsen tlscstatp.err = bio_err; 2016db522d3aSSimon L. B. Nielsen SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); 2017db522d3aSSimon L. B. Nielsen } 2018db522d3aSSimon L. B. Nielsen #endif 20195c87c606SMark Murray #ifndef OPENSSL_NO_KRB5 20201f13597dSJung-uk Kim if ((kctx = kssl_ctx_new()) != NULL) 20215c87c606SMark Murray { 20221f13597dSJung-uk Kim SSL_set0_kssl_ctx(con, kctx); 20231f13597dSJung-uk Kim kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); 20241f13597dSJung-uk Kim kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); 20255c87c606SMark Murray } 20265c87c606SMark Murray #endif /* OPENSSL_NO_KRB5 */ 202774664626SKris Kennaway if(context) 202874664626SKris Kennaway SSL_set_session_id_context(con, context, 202974664626SKris Kennaway strlen((char *)context)); 203074664626SKris Kennaway } 203174664626SKris Kennaway SSL_clear(con); 20321f13597dSJung-uk Kim #if 0 20331f13597dSJung-uk Kim #ifdef TLSEXT_TYPE_opaque_prf_input 20341f13597dSJung-uk Kim SSL_set_tlsext_opaque_prf_input(con, "Test server", 11); 20351f13597dSJung-uk Kim #endif 20361f13597dSJung-uk Kim #endif 203774664626SKris Kennaway 20383b4e3dcbSSimon L. B. Nielsen if (SSL_version(con) == DTLS1_VERSION) 20393b4e3dcbSSimon L. B. Nielsen { 20403b4e3dcbSSimon L. B. Nielsen 20413b4e3dcbSSimon L. B. Nielsen sbio=BIO_new_dgram(s,BIO_NOCLOSE); 20423b4e3dcbSSimon L. B. Nielsen 20433b4e3dcbSSimon L. B. Nielsen if (enable_timeouts) 20443b4e3dcbSSimon L. B. Nielsen { 20453b4e3dcbSSimon L. B. Nielsen timeout.tv_sec = 0; 20463b4e3dcbSSimon L. B. Nielsen timeout.tv_usec = DGRAM_RCV_TIMEOUT; 20473b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 20483b4e3dcbSSimon L. B. Nielsen 20493b4e3dcbSSimon L. B. Nielsen timeout.tv_sec = 0; 20503b4e3dcbSSimon L. B. Nielsen timeout.tv_usec = DGRAM_SND_TIMEOUT; 20513b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 20523b4e3dcbSSimon L. B. Nielsen } 20533b4e3dcbSSimon L. B. Nielsen 2054*751d2991SJung-uk Kim if (socket_mtu) 20553b4e3dcbSSimon L. B. Nielsen { 2056*751d2991SJung-uk Kim if(socket_mtu < DTLS_get_link_min_mtu(con)) 2057*751d2991SJung-uk Kim { 2058*751d2991SJung-uk Kim BIO_printf(bio_err,"MTU too small. Must be at least %ld\n", 2059*751d2991SJung-uk Kim DTLS_get_link_min_mtu(con)); 2060*751d2991SJung-uk Kim ret = -1; 2061*751d2991SJung-uk Kim BIO_free(sbio); 2062*751d2991SJung-uk Kim goto err; 2063*751d2991SJung-uk Kim } 20643b4e3dcbSSimon L. B. Nielsen SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 2065*751d2991SJung-uk Kim if(!DTLS_set_link_mtu(con, socket_mtu)) 2066*751d2991SJung-uk Kim { 2067*751d2991SJung-uk Kim BIO_printf(bio_err, "Failed to set MTU\n"); 2068*751d2991SJung-uk Kim ret = -1; 2069*751d2991SJung-uk Kim BIO_free(sbio); 2070*751d2991SJung-uk Kim goto err; 2071*751d2991SJung-uk Kim } 20723b4e3dcbSSimon L. B. Nielsen } 20733b4e3dcbSSimon L. B. Nielsen else 20743b4e3dcbSSimon L. B. Nielsen /* want to do MTU discovery */ 20753b4e3dcbSSimon L. B. Nielsen BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 20763b4e3dcbSSimon L. B. Nielsen 20773b4e3dcbSSimon L. B. Nielsen /* turn on cookie exchange */ 20783b4e3dcbSSimon L. B. Nielsen SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); 20793b4e3dcbSSimon L. B. Nielsen } 20803b4e3dcbSSimon L. B. Nielsen else 208174664626SKris Kennaway sbio=BIO_new_socket(s,BIO_NOCLOSE); 20823b4e3dcbSSimon L. B. Nielsen 208374664626SKris Kennaway if (s_nbio_test) 208474664626SKris Kennaway { 208574664626SKris Kennaway BIO *test; 208674664626SKris Kennaway 208774664626SKris Kennaway test=BIO_new(BIO_f_nbio_test()); 208874664626SKris Kennaway sbio=BIO_push(test,sbio); 208974664626SKris Kennaway } 2090db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_JPAKE 2091db522d3aSSimon L. B. Nielsen if(jpake_secret) 2092db522d3aSSimon L. B. Nielsen jpake_server_auth(bio_s_out, sbio, jpake_secret); 2093db522d3aSSimon L. B. Nielsen #endif 2094db522d3aSSimon L. B. Nielsen 209574664626SKris Kennaway SSL_set_bio(con,sbio,sbio); 209674664626SKris Kennaway SSL_set_accept_state(con); 209774664626SKris Kennaway /* SSL_set_fd(con,s); */ 209874664626SKris Kennaway 209974664626SKris Kennaway if (s_debug) 210074664626SKris Kennaway { 21011f13597dSJung-uk Kim SSL_set_debug(con, 1); 21023b4e3dcbSSimon L. B. Nielsen BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); 21035471f83eSSimon L. B. Nielsen BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); 210474664626SKris Kennaway } 21055c87c606SMark Murray if (s_msg) 21065c87c606SMark Murray { 21075c87c606SMark Murray SSL_set_msg_callback(con, msg_cb); 21085c87c606SMark Murray SSL_set_msg_callback_arg(con, bio_s_out); 21095c87c606SMark Murray } 2110db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 2111db522d3aSSimon L. B. Nielsen if (s_tlsextdebug) 2112db522d3aSSimon L. B. Nielsen { 2113db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_callback(con, tlsext_cb); 2114db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_arg(con, bio_s_out); 2115db522d3aSSimon L. B. Nielsen } 2116db522d3aSSimon L. B. Nielsen #endif 211774664626SKris Kennaway 211874664626SKris Kennaway width=s+1; 211974664626SKris Kennaway for (;;) 212074664626SKris Kennaway { 2121f579bf8eSKris Kennaway int read_from_terminal; 2122f579bf8eSKris Kennaway int read_from_sslcon; 2123f579bf8eSKris Kennaway 2124f579bf8eSKris Kennaway read_from_terminal = 0; 2125f579bf8eSKris Kennaway read_from_sslcon = SSL_pending(con); 2126f579bf8eSKris Kennaway 2127f579bf8eSKris Kennaway if (!read_from_sslcon) 2128f579bf8eSKris Kennaway { 212974664626SKris Kennaway FD_ZERO(&readfds); 21301f13597dSJung-uk Kim #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5) 21311f13597dSJung-uk Kim openssl_fdset(fileno(stdin),&readfds); 213274664626SKris Kennaway #endif 21331f13597dSJung-uk Kim openssl_fdset(s,&readfds); 213474664626SKris Kennaway /* Note: under VMS with SOCKETSHR the second parameter is 213574664626SKris Kennaway * currently of type (int *) whereas under other systems 213674664626SKris Kennaway * it is (void *) if you don't have a cast it will choke 213774664626SKris Kennaway * the compiler: if you do have a cast then you can either 213874664626SKris Kennaway * go for (int *) or (void *). 213974664626SKris Kennaway */ 21403b4e3dcbSSimon L. B. Nielsen #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) 214150ef0093SJacques Vidrine /* Under DOS (non-djgpp) and Windows we can't select on stdin: only 2142f579bf8eSKris Kennaway * on sockets. As a workaround we timeout the select every 2143f579bf8eSKris Kennaway * second and check for any keypress. In a proper Windows 2144f579bf8eSKris Kennaway * application we wouldn't do this because it is inefficient. 2145f579bf8eSKris Kennaway */ 2146f579bf8eSKris Kennaway tv.tv_sec = 1; 2147f579bf8eSKris Kennaway tv.tv_usec = 0; 2148f579bf8eSKris Kennaway i=select(width,(void *)&readfds,NULL,NULL,&tv); 2149f579bf8eSKris Kennaway if((i < 0) || (!i && !_kbhit() ) )continue; 2150f579bf8eSKris Kennaway if(_kbhit()) 2151f579bf8eSKris Kennaway read_from_terminal = 1; 21521f13597dSJung-uk Kim #elif defined(OPENSSL_SYS_BEOS_R5) 21531f13597dSJung-uk Kim /* Under BeOS-R5 the situation is similar to DOS */ 21541f13597dSJung-uk Kim tv.tv_sec = 1; 21551f13597dSJung-uk Kim tv.tv_usec = 0; 21561f13597dSJung-uk Kim (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); 21571f13597dSJung-uk Kim i=select(width,(void *)&readfds,NULL,NULL,&tv); 21581f13597dSJung-uk Kim if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0)) 21591f13597dSJung-uk Kim continue; 21601f13597dSJung-uk Kim if (read(fileno(stdin), buf, 0) >= 0) 21611f13597dSJung-uk Kim read_from_terminal = 1; 21621f13597dSJung-uk Kim (void)fcntl(fileno(stdin), F_SETFL, 0); 2163f579bf8eSKris Kennaway #else 21646a599222SSimon L. B. Nielsen if ((SSL_version(con) == DTLS1_VERSION) && 21656a599222SSimon L. B. Nielsen DTLSv1_get_timeout(con, &timeout)) 21666a599222SSimon L. B. Nielsen timeoutp = &timeout; 21676a599222SSimon L. B. Nielsen else 21686a599222SSimon L. B. Nielsen timeoutp = NULL; 21696a599222SSimon L. B. Nielsen 21706a599222SSimon L. B. Nielsen i=select(width,(void *)&readfds,NULL,NULL,timeoutp); 21716a599222SSimon L. B. Nielsen 21726a599222SSimon L. B. Nielsen if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) 21736a599222SSimon L. B. Nielsen { 21746a599222SSimon L. B. Nielsen BIO_printf(bio_err,"TIMEOUT occured\n"); 21756a599222SSimon L. B. Nielsen } 21766a599222SSimon L. B. Nielsen 217774664626SKris Kennaway if (i <= 0) continue; 217874664626SKris Kennaway if (FD_ISSET(fileno(stdin),&readfds)) 2179f579bf8eSKris Kennaway read_from_terminal = 1; 2180f579bf8eSKris Kennaway #endif 2181f579bf8eSKris Kennaway if (FD_ISSET(s,&readfds)) 2182f579bf8eSKris Kennaway read_from_sslcon = 1; 2183f579bf8eSKris Kennaway } 2184f579bf8eSKris Kennaway if (read_from_terminal) 218574664626SKris Kennaway { 218674664626SKris Kennaway if (s_crlf) 218774664626SKris Kennaway { 218874664626SKris Kennaway int j, lf_num; 218974664626SKris Kennaway 21901f13597dSJung-uk Kim i=raw_read_stdin(buf, bufsize/2); 219174664626SKris Kennaway lf_num = 0; 219274664626SKris Kennaway /* both loops are skipped when i <= 0 */ 219374664626SKris Kennaway for (j = 0; j < i; j++) 219474664626SKris Kennaway if (buf[j] == '\n') 219574664626SKris Kennaway lf_num++; 219674664626SKris Kennaway for (j = i-1; j >= 0; j--) 219774664626SKris Kennaway { 219874664626SKris Kennaway buf[j+lf_num] = buf[j]; 219974664626SKris Kennaway if (buf[j] == '\n') 220074664626SKris Kennaway { 220174664626SKris Kennaway lf_num--; 220274664626SKris Kennaway i++; 220374664626SKris Kennaway buf[j+lf_num] = '\r'; 220474664626SKris Kennaway } 220574664626SKris Kennaway } 220674664626SKris Kennaway assert(lf_num == 0); 220774664626SKris Kennaway } 220874664626SKris Kennaway else 22091f13597dSJung-uk Kim i=raw_read_stdin(buf,bufsize); 221074664626SKris Kennaway if (!s_quiet) 221174664626SKris Kennaway { 221274664626SKris Kennaway if ((i <= 0) || (buf[0] == 'Q')) 221374664626SKris Kennaway { 221474664626SKris Kennaway BIO_printf(bio_s_out,"DONE\n"); 221574664626SKris Kennaway SHUTDOWN(s); 221674664626SKris Kennaway close_accept_socket(); 221774664626SKris Kennaway ret= -11; 221874664626SKris Kennaway goto err; 221974664626SKris Kennaway } 222074664626SKris Kennaway if ((i <= 0) || (buf[0] == 'q')) 222174664626SKris Kennaway { 222274664626SKris Kennaway BIO_printf(bio_s_out,"DONE\n"); 22233b4e3dcbSSimon L. B. Nielsen if (SSL_version(con) != DTLS1_VERSION) 222474664626SKris Kennaway SHUTDOWN(s); 222574664626SKris Kennaway /* close_accept_socket(); 222674664626SKris Kennaway ret= -11;*/ 222774664626SKris Kennaway goto err; 222874664626SKris Kennaway } 22291f13597dSJung-uk Kim 22301f13597dSJung-uk Kim #ifndef OPENSSL_NO_HEARTBEATS 22311f13597dSJung-uk Kim if ((buf[0] == 'B') && 22321f13597dSJung-uk Kim ((buf[1] == '\n') || (buf[1] == '\r'))) 22331f13597dSJung-uk Kim { 22341f13597dSJung-uk Kim BIO_printf(bio_err,"HEARTBEATING\n"); 22351f13597dSJung-uk Kim SSL_heartbeat(con); 22361f13597dSJung-uk Kim i=0; 22371f13597dSJung-uk Kim continue; 22381f13597dSJung-uk Kim } 22391f13597dSJung-uk Kim #endif 224074664626SKris Kennaway if ((buf[0] == 'r') && 224174664626SKris Kennaway ((buf[1] == '\n') || (buf[1] == '\r'))) 224274664626SKris Kennaway { 224374664626SKris Kennaway SSL_renegotiate(con); 224474664626SKris Kennaway i=SSL_do_handshake(con); 224574664626SKris Kennaway printf("SSL_do_handshake -> %d\n",i); 224674664626SKris Kennaway i=0; /*13; */ 224774664626SKris Kennaway continue; 224874664626SKris Kennaway /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ 224974664626SKris Kennaway } 225074664626SKris Kennaway if ((buf[0] == 'R') && 225174664626SKris Kennaway ((buf[1] == '\n') || (buf[1] == '\r'))) 225274664626SKris Kennaway { 225374664626SKris Kennaway SSL_set_verify(con, 225474664626SKris Kennaway SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); 225574664626SKris Kennaway SSL_renegotiate(con); 225674664626SKris Kennaway i=SSL_do_handshake(con); 225774664626SKris Kennaway printf("SSL_do_handshake -> %d\n",i); 225874664626SKris Kennaway i=0; /* 13; */ 225974664626SKris Kennaway continue; 226074664626SKris Kennaway /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ 226174664626SKris Kennaway } 226274664626SKris Kennaway if (buf[0] == 'P') 226374664626SKris Kennaway { 22643b4e3dcbSSimon L. B. Nielsen static const char *str="Lets print some clear text\n"; 226574664626SKris Kennaway BIO_write(SSL_get_wbio(con),str,strlen(str)); 226674664626SKris Kennaway } 226774664626SKris Kennaway if (buf[0] == 'S') 226874664626SKris Kennaway { 226974664626SKris Kennaway print_stats(bio_s_out,SSL_get_SSL_CTX(con)); 227074664626SKris Kennaway } 227174664626SKris Kennaway } 227274664626SKris Kennaway #ifdef CHARSET_EBCDIC 227374664626SKris Kennaway ebcdic2ascii(buf,buf,i); 227474664626SKris Kennaway #endif 227574664626SKris Kennaway l=k=0; 227674664626SKris Kennaway for (;;) 227774664626SKris Kennaway { 227874664626SKris Kennaway /* should do a select for the write */ 227974664626SKris Kennaway #ifdef RENEG 228074664626SKris Kennaway { static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } } 228174664626SKris Kennaway #endif 228274664626SKris Kennaway k=SSL_write(con,&(buf[l]),(unsigned int)i); 22831f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 22841f13597dSJung-uk Kim while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP) 22851f13597dSJung-uk Kim { 22861f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP renego during write\n"); 22871f13597dSJung-uk Kim srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 22881f13597dSJung-uk Kim if (srp_callback_parm.user) 22891f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 22901f13597dSJung-uk Kim else 22911f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP not successful\n"); 22921f13597dSJung-uk Kim k=SSL_write(con,&(buf[l]),(unsigned int)i); 22931f13597dSJung-uk Kim } 22941f13597dSJung-uk Kim #endif 229574664626SKris Kennaway switch (SSL_get_error(con,k)) 229674664626SKris Kennaway { 229774664626SKris Kennaway case SSL_ERROR_NONE: 229874664626SKris Kennaway break; 229974664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 230074664626SKris Kennaway case SSL_ERROR_WANT_READ: 230174664626SKris Kennaway case SSL_ERROR_WANT_X509_LOOKUP: 230274664626SKris Kennaway BIO_printf(bio_s_out,"Write BLOCK\n"); 230374664626SKris Kennaway break; 230474664626SKris Kennaway case SSL_ERROR_SYSCALL: 230574664626SKris Kennaway case SSL_ERROR_SSL: 230674664626SKris Kennaway BIO_printf(bio_s_out,"ERROR\n"); 230774664626SKris Kennaway ERR_print_errors(bio_err); 230874664626SKris Kennaway ret=1; 230974664626SKris Kennaway goto err; 231074664626SKris Kennaway /* break; */ 231174664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 231274664626SKris Kennaway BIO_printf(bio_s_out,"DONE\n"); 231374664626SKris Kennaway ret=1; 231474664626SKris Kennaway goto err; 231574664626SKris Kennaway } 231674664626SKris Kennaway l+=k; 231774664626SKris Kennaway i-=k; 231874664626SKris Kennaway if (i <= 0) break; 231974664626SKris Kennaway } 232074664626SKris Kennaway } 2321f579bf8eSKris Kennaway if (read_from_sslcon) 232274664626SKris Kennaway { 232374664626SKris Kennaway if (!SSL_is_init_finished(con)) 232474664626SKris Kennaway { 232574664626SKris Kennaway i=init_ssl_connection(con); 232674664626SKris Kennaway 232774664626SKris Kennaway if (i < 0) 232874664626SKris Kennaway { 232974664626SKris Kennaway ret=0; 233074664626SKris Kennaway goto err; 233174664626SKris Kennaway } 233274664626SKris Kennaway else if (i == 0) 233374664626SKris Kennaway { 233474664626SKris Kennaway ret=1; 233574664626SKris Kennaway goto err; 233674664626SKris Kennaway } 233774664626SKris Kennaway } 233874664626SKris Kennaway else 233974664626SKris Kennaway { 234074664626SKris Kennaway again: 234174664626SKris Kennaway i=SSL_read(con,(char *)buf,bufsize); 23421f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 23431f13597dSJung-uk Kim while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 23441f13597dSJung-uk Kim { 23451f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP renego during read\n"); 23461f13597dSJung-uk Kim srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 23471f13597dSJung-uk Kim if (srp_callback_parm.user) 23481f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 23491f13597dSJung-uk Kim else 23501f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP not successful\n"); 23511f13597dSJung-uk Kim i=SSL_read(con,(char *)buf,bufsize); 23521f13597dSJung-uk Kim } 23531f13597dSJung-uk Kim #endif 235474664626SKris Kennaway switch (SSL_get_error(con,i)) 235574664626SKris Kennaway { 235674664626SKris Kennaway case SSL_ERROR_NONE: 235774664626SKris Kennaway #ifdef CHARSET_EBCDIC 235874664626SKris Kennaway ascii2ebcdic(buf,buf,i); 235974664626SKris Kennaway #endif 23601f13597dSJung-uk Kim raw_write_stdout(buf, 236174664626SKris Kennaway (unsigned int)i); 236274664626SKris Kennaway if (SSL_pending(con)) goto again; 236374664626SKris Kennaway break; 236474664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 236574664626SKris Kennaway case SSL_ERROR_WANT_READ: 236674664626SKris Kennaway BIO_printf(bio_s_out,"Read BLOCK\n"); 236774664626SKris Kennaway break; 236874664626SKris Kennaway case SSL_ERROR_SYSCALL: 236974664626SKris Kennaway case SSL_ERROR_SSL: 237074664626SKris Kennaway BIO_printf(bio_s_out,"ERROR\n"); 237174664626SKris Kennaway ERR_print_errors(bio_err); 237274664626SKris Kennaway ret=1; 237374664626SKris Kennaway goto err; 237474664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 237574664626SKris Kennaway BIO_printf(bio_s_out,"DONE\n"); 237674664626SKris Kennaway ret=1; 237774664626SKris Kennaway goto err; 237874664626SKris Kennaway } 237974664626SKris Kennaway } 238074664626SKris Kennaway } 238174664626SKris Kennaway } 238274664626SKris Kennaway err: 23831f13597dSJung-uk Kim if (con != NULL) 23841f13597dSJung-uk Kim { 238574664626SKris Kennaway BIO_printf(bio_s_out,"shutting down SSL\n"); 238674664626SKris Kennaway #if 1 238774664626SKris Kennaway SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 238874664626SKris Kennaway #else 238974664626SKris Kennaway SSL_shutdown(con); 239074664626SKris Kennaway #endif 23911f13597dSJung-uk Kim SSL_free(con); 23921f13597dSJung-uk Kim } 239374664626SKris Kennaway BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); 239474664626SKris Kennaway if (buf != NULL) 239574664626SKris Kennaway { 23965c87c606SMark Murray OPENSSL_cleanse(buf,bufsize); 2397ddd58736SKris Kennaway OPENSSL_free(buf); 239874664626SKris Kennaway } 239974664626SKris Kennaway if (ret >= 0) 240074664626SKris Kennaway BIO_printf(bio_s_out,"ACCEPT\n"); 240174664626SKris Kennaway return(ret); 240274664626SKris Kennaway } 240374664626SKris Kennaway 240474664626SKris Kennaway static void close_accept_socket(void) 240574664626SKris Kennaway { 240674664626SKris Kennaway BIO_printf(bio_err,"shutdown accept socket\n"); 240774664626SKris Kennaway if (accept_socket >= 0) 240874664626SKris Kennaway { 240974664626SKris Kennaway SHUTDOWN2(accept_socket); 241074664626SKris Kennaway } 241174664626SKris Kennaway } 241274664626SKris Kennaway 241374664626SKris Kennaway static int init_ssl_connection(SSL *con) 241474664626SKris Kennaway { 241574664626SKris Kennaway int i; 241674664626SKris Kennaway const char *str; 241774664626SKris Kennaway X509 *peer; 241874664626SKris Kennaway long verify_error; 241974664626SKris Kennaway MS_STATIC char buf[BUFSIZ]; 24201f13597dSJung-uk Kim #ifndef OPENSSL_NO_KRB5 24211f13597dSJung-uk Kim char *client_princ; 24221f13597dSJung-uk Kim #endif 24231f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 24241f13597dSJung-uk Kim const unsigned char *next_proto_neg; 24251f13597dSJung-uk Kim unsigned next_proto_neg_len; 24261f13597dSJung-uk Kim #endif 24271f13597dSJung-uk Kim unsigned char *exportedkeymat; 242874664626SKris Kennaway 24291f13597dSJung-uk Kim 24301f13597dSJung-uk Kim i=SSL_accept(con); 24311f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 24321f13597dSJung-uk Kim while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 24331f13597dSJung-uk Kim { 24341f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login); 24351f13597dSJung-uk Kim srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 24361f13597dSJung-uk Kim if (srp_callback_parm.user) 24371f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 24381f13597dSJung-uk Kim else 24391f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP not successful\n"); 24401f13597dSJung-uk Kim i=SSL_accept(con); 24411f13597dSJung-uk Kim } 24421f13597dSJung-uk Kim #endif 24431f13597dSJung-uk Kim if (i <= 0) 244474664626SKris Kennaway { 244574664626SKris Kennaway if (BIO_sock_should_retry(i)) 244674664626SKris Kennaway { 244774664626SKris Kennaway BIO_printf(bio_s_out,"DELAY\n"); 244874664626SKris Kennaway return(1); 244974664626SKris Kennaway } 245074664626SKris Kennaway 245174664626SKris Kennaway BIO_printf(bio_err,"ERROR\n"); 245274664626SKris Kennaway verify_error=SSL_get_verify_result(con); 245374664626SKris Kennaway if (verify_error != X509_V_OK) 245474664626SKris Kennaway { 245574664626SKris Kennaway BIO_printf(bio_err,"verify error:%s\n", 245674664626SKris Kennaway X509_verify_cert_error_string(verify_error)); 245774664626SKris Kennaway } 245874664626SKris Kennaway else 245974664626SKris Kennaway ERR_print_errors(bio_err); 246074664626SKris Kennaway return(0); 246174664626SKris Kennaway } 246274664626SKris Kennaway 246374664626SKris Kennaway PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con)); 246474664626SKris Kennaway 246574664626SKris Kennaway peer=SSL_get_peer_certificate(con); 246674664626SKris Kennaway if (peer != NULL) 246774664626SKris Kennaway { 246874664626SKris Kennaway BIO_printf(bio_s_out,"Client certificate\n"); 246974664626SKris Kennaway PEM_write_bio_X509(bio_s_out,peer); 24705c87c606SMark Murray X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); 247174664626SKris Kennaway BIO_printf(bio_s_out,"subject=%s\n",buf); 24725c87c606SMark Murray X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); 247374664626SKris Kennaway BIO_printf(bio_s_out,"issuer=%s\n",buf); 247474664626SKris Kennaway X509_free(peer); 247574664626SKris Kennaway } 247674664626SKris Kennaway 24775c87c606SMark Murray if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) 247874664626SKris Kennaway BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); 247974664626SKris Kennaway str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 248074664626SKris Kennaway BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); 248109286989SJung-uk Kim 24821f13597dSJung-uk Kim #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 24831f13597dSJung-uk Kim SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); 24841f13597dSJung-uk Kim if (next_proto_neg) 24851f13597dSJung-uk Kim { 24861f13597dSJung-uk Kim BIO_printf(bio_s_out,"NEXTPROTO is "); 24871f13597dSJung-uk Kim BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); 24881f13597dSJung-uk Kim BIO_printf(bio_s_out, "\n"); 24891f13597dSJung-uk Kim } 24901f13597dSJung-uk Kim #endif 249109286989SJung-uk Kim #ifndef OPENSSL_NO_SRTP 24921f13597dSJung-uk Kim { 24931f13597dSJung-uk Kim SRTP_PROTECTION_PROFILE *srtp_profile 24941f13597dSJung-uk Kim = SSL_get_selected_srtp_profile(con); 24951f13597dSJung-uk Kim 24961f13597dSJung-uk Kim if(srtp_profile) 24971f13597dSJung-uk Kim BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", 24981f13597dSJung-uk Kim srtp_profile->name); 24991f13597dSJung-uk Kim } 250009286989SJung-uk Kim #endif 25011f13597dSJung-uk Kim if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); 250274664626SKris Kennaway if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & 250374664626SKris Kennaway TLS1_FLAGS_TLS_PADDING_BUG) 25041f13597dSJung-uk Kim BIO_printf(bio_s_out, 25051f13597dSJung-uk Kim "Peer has incorrect TLSv1 block padding\n"); 250650ef0093SJacques Vidrine #ifndef OPENSSL_NO_KRB5 25071f13597dSJung-uk Kim client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con)); 25081f13597dSJung-uk Kim if (client_princ != NULL) 250950ef0093SJacques Vidrine { 251050ef0093SJacques Vidrine BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", 25111f13597dSJung-uk Kim client_princ); 251250ef0093SJacques Vidrine } 251350ef0093SJacques Vidrine #endif /* OPENSSL_NO_KRB5 */ 25146a599222SSimon L. B. Nielsen BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", 25156a599222SSimon L. B. Nielsen SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); 25161f13597dSJung-uk Kim if (keymatexportlabel != NULL) 25171f13597dSJung-uk Kim { 25181f13597dSJung-uk Kim BIO_printf(bio_s_out, "Keying material exporter:\n"); 25191f13597dSJung-uk Kim BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); 25201f13597dSJung-uk Kim BIO_printf(bio_s_out, " Length: %i bytes\n", 25211f13597dSJung-uk Kim keymatexportlen); 25221f13597dSJung-uk Kim exportedkeymat = OPENSSL_malloc(keymatexportlen); 25231f13597dSJung-uk Kim if (exportedkeymat != NULL) 25241f13597dSJung-uk Kim { 25251f13597dSJung-uk Kim if (!SSL_export_keying_material(con, exportedkeymat, 25261f13597dSJung-uk Kim keymatexportlen, 25271f13597dSJung-uk Kim keymatexportlabel, 25281f13597dSJung-uk Kim strlen(keymatexportlabel), 25291f13597dSJung-uk Kim NULL, 0, 0)) 25301f13597dSJung-uk Kim { 25311f13597dSJung-uk Kim BIO_printf(bio_s_out, " Error\n"); 25321f13597dSJung-uk Kim } 25331f13597dSJung-uk Kim else 25341f13597dSJung-uk Kim { 25351f13597dSJung-uk Kim BIO_printf(bio_s_out, " Keying material: "); 25361f13597dSJung-uk Kim for (i=0; i<keymatexportlen; i++) 25371f13597dSJung-uk Kim BIO_printf(bio_s_out, "%02X", 25381f13597dSJung-uk Kim exportedkeymat[i]); 25391f13597dSJung-uk Kim BIO_printf(bio_s_out, "\n"); 25401f13597dSJung-uk Kim } 25411f13597dSJung-uk Kim OPENSSL_free(exportedkeymat); 25421f13597dSJung-uk Kim } 25431f13597dSJung-uk Kim } 25441f13597dSJung-uk Kim 254574664626SKris Kennaway return(1); 254674664626SKris Kennaway } 254774664626SKris Kennaway 25485c87c606SMark Murray #ifndef OPENSSL_NO_DH 25493b4e3dcbSSimon L. B. Nielsen static DH *load_dh_param(const char *dhfile) 255074664626SKris Kennaway { 255174664626SKris Kennaway DH *ret=NULL; 255274664626SKris Kennaway BIO *bio; 255374664626SKris Kennaway 2554f579bf8eSKris Kennaway if ((bio=BIO_new_file(dhfile,"r")) == NULL) 255574664626SKris Kennaway goto err; 255674664626SKris Kennaway ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); 255774664626SKris Kennaway err: 255874664626SKris Kennaway if (bio != NULL) BIO_free(bio); 255974664626SKris Kennaway return(ret); 256074664626SKris Kennaway } 256174664626SKris Kennaway #endif 25621f13597dSJung-uk Kim #ifndef OPENSSL_NO_KRB5 25631f13597dSJung-uk Kim char *client_princ; 25641f13597dSJung-uk Kim #endif 256574664626SKris Kennaway 256674664626SKris Kennaway #if 0 256774664626SKris Kennaway static int load_CA(SSL_CTX *ctx, char *file) 256874664626SKris Kennaway { 256974664626SKris Kennaway FILE *in; 257074664626SKris Kennaway X509 *x=NULL; 257174664626SKris Kennaway 257274664626SKris Kennaway if ((in=fopen(file,"r")) == NULL) 257374664626SKris Kennaway return(0); 257474664626SKris Kennaway 257574664626SKris Kennaway for (;;) 257674664626SKris Kennaway { 257774664626SKris Kennaway if (PEM_read_X509(in,&x,NULL) == NULL) 257874664626SKris Kennaway break; 257974664626SKris Kennaway SSL_CTX_add_client_CA(ctx,x); 258074664626SKris Kennaway } 258174664626SKris Kennaway if (x != NULL) X509_free(x); 258274664626SKris Kennaway fclose(in); 258374664626SKris Kennaway return(1); 258474664626SKris Kennaway } 258574664626SKris Kennaway #endif 258674664626SKris Kennaway 258774664626SKris Kennaway static int www_body(char *hostname, int s, unsigned char *context) 258874664626SKris Kennaway { 258974664626SKris Kennaway char *buf=NULL; 259074664626SKris Kennaway int ret=1; 2591a3ddd25aSSimon L. B. Nielsen int i,j,k,dot; 259274664626SKris Kennaway SSL *con; 25931f13597dSJung-uk Kim const SSL_CIPHER *c; 259474664626SKris Kennaway BIO *io,*ssl_bio,*sbio; 25951f13597dSJung-uk Kim #ifndef OPENSSL_NO_KRB5 25961f13597dSJung-uk Kim KSSL_CTX *kctx; 2597a3ddd25aSSimon L. B. Nielsen #endif 259874664626SKris Kennaway 2599ddd58736SKris Kennaway buf=OPENSSL_malloc(bufsize); 260074664626SKris Kennaway if (buf == NULL) return(0); 260174664626SKris Kennaway io=BIO_new(BIO_f_buffer()); 260274664626SKris Kennaway ssl_bio=BIO_new(BIO_f_ssl()); 260374664626SKris Kennaway if ((io == NULL) || (ssl_bio == NULL)) goto err; 260474664626SKris Kennaway 260574664626SKris Kennaway #ifdef FIONBIO 260674664626SKris Kennaway if (s_nbio) 260774664626SKris Kennaway { 260874664626SKris Kennaway unsigned long sl=1; 260974664626SKris Kennaway 261074664626SKris Kennaway if (!s_quiet) 261174664626SKris Kennaway BIO_printf(bio_err,"turning on non blocking io\n"); 261274664626SKris Kennaway if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 261374664626SKris Kennaway ERR_print_errors(bio_err); 261474664626SKris Kennaway } 261574664626SKris Kennaway #endif 261674664626SKris Kennaway 261774664626SKris Kennaway /* lets make the output buffer a reasonable size */ 261874664626SKris Kennaway if (!BIO_set_write_buffer_size(io,bufsize)) goto err; 261974664626SKris Kennaway 2620f579bf8eSKris Kennaway if ((con=SSL_new(ctx)) == NULL) goto err; 2621db522d3aSSimon L. B. Nielsen #ifndef OPENSSL_NO_TLSEXT 2622db522d3aSSimon L. B. Nielsen if (s_tlsextdebug) 2623db522d3aSSimon L. B. Nielsen { 2624db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_callback(con, tlsext_cb); 2625db522d3aSSimon L. B. Nielsen SSL_set_tlsext_debug_arg(con, bio_s_out); 2626db522d3aSSimon L. B. Nielsen } 2627db522d3aSSimon L. B. Nielsen #endif 26285c87c606SMark Murray #ifndef OPENSSL_NO_KRB5 26291f13597dSJung-uk Kim if ((kctx = kssl_ctx_new()) != NULL) 26305c87c606SMark Murray { 26311f13597dSJung-uk Kim kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); 26321f13597dSJung-uk Kim kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); 26335c87c606SMark Murray } 26345c87c606SMark Murray #endif /* OPENSSL_NO_KRB5 */ 263574664626SKris Kennaway if(context) SSL_set_session_id_context(con, context, 263674664626SKris Kennaway strlen((char *)context)); 263774664626SKris Kennaway 263874664626SKris Kennaway sbio=BIO_new_socket(s,BIO_NOCLOSE); 263974664626SKris Kennaway if (s_nbio_test) 264074664626SKris Kennaway { 264174664626SKris Kennaway BIO *test; 264274664626SKris Kennaway 264374664626SKris Kennaway test=BIO_new(BIO_f_nbio_test()); 264474664626SKris Kennaway sbio=BIO_push(test,sbio); 264574664626SKris Kennaway } 264674664626SKris Kennaway SSL_set_bio(con,sbio,sbio); 264774664626SKris Kennaway SSL_set_accept_state(con); 264874664626SKris Kennaway 264974664626SKris Kennaway /* SSL_set_fd(con,s); */ 265074664626SKris Kennaway BIO_set_ssl(ssl_bio,con,BIO_CLOSE); 265174664626SKris Kennaway BIO_push(io,ssl_bio); 265274664626SKris Kennaway #ifdef CHARSET_EBCDIC 265374664626SKris Kennaway io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io); 265474664626SKris Kennaway #endif 265574664626SKris Kennaway 265674664626SKris Kennaway if (s_debug) 265774664626SKris Kennaway { 26581f13597dSJung-uk Kim SSL_set_debug(con, 1); 26593b4e3dcbSSimon L. B. Nielsen BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); 26605471f83eSSimon L. B. Nielsen BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); 266174664626SKris Kennaway } 26625c87c606SMark Murray if (s_msg) 26635c87c606SMark Murray { 26645c87c606SMark Murray SSL_set_msg_callback(con, msg_cb); 26655c87c606SMark Murray SSL_set_msg_callback_arg(con, bio_s_out); 26665c87c606SMark Murray } 266774664626SKris Kennaway 266874664626SKris Kennaway for (;;) 266974664626SKris Kennaway { 267074664626SKris Kennaway if (hack) 267174664626SKris Kennaway { 267274664626SKris Kennaway i=SSL_accept(con); 26731f13597dSJung-uk Kim #ifndef OPENSSL_NO_SRP 26741f13597dSJung-uk Kim while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 26751f13597dSJung-uk Kim { 26761f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login); 26771f13597dSJung-uk Kim srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 26781f13597dSJung-uk Kim if (srp_callback_parm.user) 26791f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 26801f13597dSJung-uk Kim else 26811f13597dSJung-uk Kim BIO_printf(bio_s_out,"LOOKUP not successful\n"); 26821f13597dSJung-uk Kim i=SSL_accept(con); 26831f13597dSJung-uk Kim } 26841f13597dSJung-uk Kim #endif 268574664626SKris Kennaway switch (SSL_get_error(con,i)) 268674664626SKris Kennaway { 268774664626SKris Kennaway case SSL_ERROR_NONE: 268874664626SKris Kennaway break; 268974664626SKris Kennaway case SSL_ERROR_WANT_WRITE: 269074664626SKris Kennaway case SSL_ERROR_WANT_READ: 269174664626SKris Kennaway case SSL_ERROR_WANT_X509_LOOKUP: 269274664626SKris Kennaway continue; 269374664626SKris Kennaway case SSL_ERROR_SYSCALL: 269474664626SKris Kennaway case SSL_ERROR_SSL: 269574664626SKris Kennaway case SSL_ERROR_ZERO_RETURN: 269674664626SKris Kennaway ret=1; 269774664626SKris Kennaway goto err; 269874664626SKris Kennaway /* break; */ 269974664626SKris Kennaway } 270074664626SKris Kennaway 270174664626SKris Kennaway SSL_renegotiate(con); 270274664626SKris Kennaway SSL_write(con,NULL,0); 270374664626SKris Kennaway } 270474664626SKris Kennaway 270574664626SKris Kennaway i=BIO_gets(io,buf,bufsize-1); 270674664626SKris Kennaway if (i < 0) /* error */ 270774664626SKris Kennaway { 270874664626SKris Kennaway if (!BIO_should_retry(io)) 270974664626SKris Kennaway { 271074664626SKris Kennaway if (!s_quiet) 271174664626SKris Kennaway ERR_print_errors(bio_err); 271274664626SKris Kennaway goto err; 271374664626SKris Kennaway } 271474664626SKris Kennaway else 271574664626SKris Kennaway { 271674664626SKris Kennaway BIO_printf(bio_s_out,"read R BLOCK\n"); 27173b4e3dcbSSimon L. B. Nielsen #if defined(OPENSSL_SYS_NETWARE) 27183b4e3dcbSSimon L. B. Nielsen delay(1000); 27193b4e3dcbSSimon L. B. Nielsen #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) 272074664626SKris Kennaway sleep(1); 272174664626SKris Kennaway #endif 272274664626SKris Kennaway continue; 272374664626SKris Kennaway } 272474664626SKris Kennaway } 272574664626SKris Kennaway else if (i == 0) /* end of input */ 272674664626SKris Kennaway { 272774664626SKris Kennaway ret=1; 272874664626SKris Kennaway goto end; 272974664626SKris Kennaway } 273074664626SKris Kennaway 273174664626SKris Kennaway /* else we have data */ 273274664626SKris Kennaway if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) || 273374664626SKris Kennaway ((www == 2) && (strncmp("GET /stats ",buf,10) == 0))) 273474664626SKris Kennaway { 273574664626SKris Kennaway char *p; 273674664626SKris Kennaway X509 *peer; 273774664626SKris Kennaway STACK_OF(SSL_CIPHER) *sk; 27383b4e3dcbSSimon L. B. Nielsen static const char *space=" "; 273974664626SKris Kennaway 274074664626SKris Kennaway BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 274174664626SKris Kennaway BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); 274274664626SKris Kennaway BIO_puts(io,"<pre>\n"); 274374664626SKris Kennaway /* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/ 274474664626SKris Kennaway BIO_puts(io,"\n"); 274574664626SKris Kennaway for (i=0; i<local_argc; i++) 274674664626SKris Kennaway { 274774664626SKris Kennaway BIO_puts(io,local_argv[i]); 274874664626SKris Kennaway BIO_write(io," ",1); 274974664626SKris Kennaway } 275074664626SKris Kennaway BIO_puts(io,"\n"); 275174664626SKris Kennaway 275209286989SJung-uk Kim BIO_printf(io, 275309286989SJung-uk Kim "Secure Renegotiation IS%s supported\n", 275409286989SJung-uk Kim SSL_get_secure_renegotiation_support(con) ? 275509286989SJung-uk Kim "" : " NOT"); 275609286989SJung-uk Kim 275774664626SKris Kennaway /* The following is evil and should not really 275874664626SKris Kennaway * be done */ 275974664626SKris Kennaway BIO_printf(io,"Ciphers supported in s_server binary\n"); 276074664626SKris Kennaway sk=SSL_get_ciphers(con); 276174664626SKris Kennaway j=sk_SSL_CIPHER_num(sk); 276274664626SKris Kennaway for (i=0; i<j; i++) 276374664626SKris Kennaway { 276474664626SKris Kennaway c=sk_SSL_CIPHER_value(sk,i); 276574664626SKris Kennaway BIO_printf(io,"%-11s:%-25s", 276674664626SKris Kennaway SSL_CIPHER_get_version(c), 276774664626SKris Kennaway SSL_CIPHER_get_name(c)); 276874664626SKris Kennaway if ((((i+1)%2) == 0) && (i+1 != j)) 276974664626SKris Kennaway BIO_puts(io,"\n"); 277074664626SKris Kennaway } 277174664626SKris Kennaway BIO_puts(io,"\n"); 277274664626SKris Kennaway p=SSL_get_shared_ciphers(con,buf,bufsize); 277374664626SKris Kennaway if (p != NULL) 277474664626SKris Kennaway { 277574664626SKris Kennaway BIO_printf(io,"---\nCiphers common between both SSL end points:\n"); 277674664626SKris Kennaway j=i=0; 277774664626SKris Kennaway while (*p) 277874664626SKris Kennaway { 277974664626SKris Kennaway if (*p == ':') 278074664626SKris Kennaway { 278174664626SKris Kennaway BIO_write(io,space,26-j); 278274664626SKris Kennaway i++; 278374664626SKris Kennaway j=0; 278474664626SKris Kennaway BIO_write(io,((i%3)?" ":"\n"),1); 278574664626SKris Kennaway } 278674664626SKris Kennaway else 278774664626SKris Kennaway { 278874664626SKris Kennaway BIO_write(io,p,1); 278974664626SKris Kennaway j++; 279074664626SKris Kennaway } 279174664626SKris Kennaway p++; 279274664626SKris Kennaway } 279374664626SKris Kennaway BIO_puts(io,"\n"); 279474664626SKris Kennaway } 27951f13597dSJung-uk Kim BIO_printf(io,(SSL_cache_hit(con) 279674664626SKris Kennaway ?"---\nReused, " 279774664626SKris Kennaway :"---\nNew, ")); 279874664626SKris Kennaway c=SSL_get_current_cipher(con); 279974664626SKris Kennaway BIO_printf(io,"%s, Cipher is %s\n", 280074664626SKris Kennaway SSL_CIPHER_get_version(c), 280174664626SKris Kennaway SSL_CIPHER_get_name(c)); 280274664626SKris Kennaway SSL_SESSION_print(io,SSL_get_session(con)); 280374664626SKris Kennaway BIO_printf(io,"---\n"); 280474664626SKris Kennaway print_stats(io,SSL_get_SSL_CTX(con)); 280574664626SKris Kennaway BIO_printf(io,"---\n"); 280674664626SKris Kennaway peer=SSL_get_peer_certificate(con); 280774664626SKris Kennaway if (peer != NULL) 280874664626SKris Kennaway { 280974664626SKris Kennaway BIO_printf(io,"Client certificate\n"); 281074664626SKris Kennaway X509_print(io,peer); 281174664626SKris Kennaway PEM_write_bio_X509(io,peer); 281274664626SKris Kennaway } 281374664626SKris Kennaway else 281474664626SKris Kennaway BIO_puts(io,"no client certificate available\n"); 281574664626SKris Kennaway BIO_puts(io,"</BODY></HTML>\r\n\r\n"); 281674664626SKris Kennaway break; 281774664626SKris Kennaway } 28185c87c606SMark Murray else if ((www == 2 || www == 3) 28195c87c606SMark Murray && (strncmp("GET /",buf,5) == 0)) 282074664626SKris Kennaway { 282174664626SKris Kennaway BIO *file; 282274664626SKris Kennaway char *p,*e; 28233b4e3dcbSSimon L. B. Nielsen static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; 282474664626SKris Kennaway 282574664626SKris Kennaway /* skip the '/' */ 282674664626SKris Kennaway p= &(buf[5]); 28275740a5e3SKris Kennaway 28285740a5e3SKris Kennaway dot = 1; 282974664626SKris Kennaway for (e=p; *e != '\0'; e++) 283074664626SKris Kennaway { 28315740a5e3SKris Kennaway if (e[0] == ' ') 28325740a5e3SKris Kennaway break; 283374664626SKris Kennaway 28345740a5e3SKris Kennaway switch (dot) 28355740a5e3SKris Kennaway { 28365740a5e3SKris Kennaway case 1: 28375740a5e3SKris Kennaway dot = (e[0] == '.') ? 2 : 0; 28385740a5e3SKris Kennaway break; 28395740a5e3SKris Kennaway case 2: 28405740a5e3SKris Kennaway dot = (e[0] == '.') ? 3 : 0; 28415740a5e3SKris Kennaway break; 28425740a5e3SKris Kennaway case 3: 28435740a5e3SKris Kennaway dot = (e[0] == '/') ? -1 : 0; 28445740a5e3SKris Kennaway break; 28455740a5e3SKris Kennaway } 28465740a5e3SKris Kennaway if (dot == 0) 28475740a5e3SKris Kennaway dot = (e[0] == '/') ? 1 : 0; 28485740a5e3SKris Kennaway } 28495740a5e3SKris Kennaway dot = (dot == 3) || (dot == -1); /* filename contains ".." component */ 285074664626SKris Kennaway 285174664626SKris Kennaway if (*e == '\0') 285274664626SKris Kennaway { 285374664626SKris Kennaway BIO_puts(io,text); 285474664626SKris Kennaway BIO_printf(io,"'%s' is an invalid file name\r\n",p); 285574664626SKris Kennaway break; 285674664626SKris Kennaway } 285774664626SKris Kennaway *e='\0'; 285874664626SKris Kennaway 285974664626SKris Kennaway if (dot) 286074664626SKris Kennaway { 286174664626SKris Kennaway BIO_puts(io,text); 286274664626SKris Kennaway BIO_printf(io,"'%s' contains '..' reference\r\n",p); 286374664626SKris Kennaway break; 286474664626SKris Kennaway } 286574664626SKris Kennaway 286674664626SKris Kennaway if (*p == '/') 286774664626SKris Kennaway { 286874664626SKris Kennaway BIO_puts(io,text); 286974664626SKris Kennaway BIO_printf(io,"'%s' is an invalid path\r\n",p); 287074664626SKris Kennaway break; 287174664626SKris Kennaway } 287274664626SKris Kennaway 28735740a5e3SKris Kennaway #if 0 287474664626SKris Kennaway /* append if a directory lookup */ 287574664626SKris Kennaway if (e[-1] == '/') 287674664626SKris Kennaway strcat(p,"index.html"); 28775740a5e3SKris Kennaway #endif 287874664626SKris Kennaway 287974664626SKris Kennaway /* if a directory, do the index thang */ 28801f13597dSJung-uk Kim if (app_isdir(p)>0) 288174664626SKris Kennaway { 28825740a5e3SKris Kennaway #if 0 /* must check buffer size */ 288374664626SKris Kennaway strcat(p,"/index.html"); 28845740a5e3SKris Kennaway #else 28855740a5e3SKris Kennaway BIO_puts(io,text); 28865740a5e3SKris Kennaway BIO_printf(io,"'%s' is a directory\r\n",p); 28875740a5e3SKris Kennaway break; 28885740a5e3SKris Kennaway #endif 288974664626SKris Kennaway } 289074664626SKris Kennaway 289174664626SKris Kennaway if ((file=BIO_new_file(p,"r")) == NULL) 289274664626SKris Kennaway { 289374664626SKris Kennaway BIO_puts(io,text); 289474664626SKris Kennaway BIO_printf(io,"Error opening '%s'\r\n",p); 289574664626SKris Kennaway ERR_print_errors(io); 289674664626SKris Kennaway break; 289774664626SKris Kennaway } 289874664626SKris Kennaway 289974664626SKris Kennaway if (!s_quiet) 290074664626SKris Kennaway BIO_printf(bio_err,"FILE:%s\n",p); 290174664626SKris Kennaway 29025c87c606SMark Murray if (www == 2) 29035c87c606SMark Murray { 290474664626SKris Kennaway i=strlen(p); 290574664626SKris Kennaway if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || 290674664626SKris Kennaway ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || 290774664626SKris Kennaway ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) 290874664626SKris Kennaway BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 290974664626SKris Kennaway else 291074664626SKris Kennaway BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); 29115c87c606SMark Murray } 291274664626SKris Kennaway /* send the file */ 291374664626SKris Kennaway for (;;) 291474664626SKris Kennaway { 291574664626SKris Kennaway i=BIO_read(file,buf,bufsize); 291674664626SKris Kennaway if (i <= 0) break; 291774664626SKris Kennaway 291874664626SKris Kennaway #ifdef RENEG 291974664626SKris Kennaway total_bytes+=i; 292074664626SKris Kennaway fprintf(stderr,"%d\n",i); 292174664626SKris Kennaway if (total_bytes > 3*1024) 292274664626SKris Kennaway { 292374664626SKris Kennaway total_bytes=0; 292474664626SKris Kennaway fprintf(stderr,"RENEGOTIATE\n"); 292574664626SKris Kennaway SSL_renegotiate(con); 292674664626SKris Kennaway } 292774664626SKris Kennaway #endif 292874664626SKris Kennaway 292974664626SKris Kennaway for (j=0; j<i; ) 293074664626SKris Kennaway { 293174664626SKris Kennaway #ifdef RENEG 293274664626SKris Kennaway { static count=0; if (++count == 13) { SSL_renegotiate(con); } } 293374664626SKris Kennaway #endif 293474664626SKris Kennaway k=BIO_write(io,&(buf[j]),i-j); 293574664626SKris Kennaway if (k <= 0) 293674664626SKris Kennaway { 293774664626SKris Kennaway if (!BIO_should_retry(io)) 293874664626SKris Kennaway goto write_error; 293974664626SKris Kennaway else 294074664626SKris Kennaway { 294174664626SKris Kennaway BIO_printf(bio_s_out,"rwrite W BLOCK\n"); 294274664626SKris Kennaway } 294374664626SKris Kennaway } 294474664626SKris Kennaway else 294574664626SKris Kennaway { 294674664626SKris Kennaway j+=k; 294774664626SKris Kennaway } 294874664626SKris Kennaway } 294974664626SKris Kennaway } 295074664626SKris Kennaway write_error: 295174664626SKris Kennaway BIO_free(file); 295274664626SKris Kennaway break; 295374664626SKris Kennaway } 295474664626SKris Kennaway } 295574664626SKris Kennaway 295674664626SKris Kennaway for (;;) 295774664626SKris Kennaway { 295874664626SKris Kennaway i=(int)BIO_flush(io); 295974664626SKris Kennaway if (i <= 0) 296074664626SKris Kennaway { 296174664626SKris Kennaway if (!BIO_should_retry(io)) 296274664626SKris Kennaway break; 296374664626SKris Kennaway } 296474664626SKris Kennaway else 296574664626SKris Kennaway break; 296674664626SKris Kennaway } 296774664626SKris Kennaway end: 296874664626SKris Kennaway #if 1 296974664626SKris Kennaway /* make sure we re-use sessions */ 297074664626SKris Kennaway SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 297174664626SKris Kennaway #else 2972f579bf8eSKris Kennaway /* This kills performance */ 297374664626SKris Kennaway /* SSL_shutdown(con); A shutdown gets sent in the 297474664626SKris Kennaway * BIO_free_all(io) procession */ 297574664626SKris Kennaway #endif 297674664626SKris Kennaway 297774664626SKris Kennaway err: 297874664626SKris Kennaway 297974664626SKris Kennaway if (ret >= 0) 298074664626SKris Kennaway BIO_printf(bio_s_out,"ACCEPT\n"); 298174664626SKris Kennaway 2982ddd58736SKris Kennaway if (buf != NULL) OPENSSL_free(buf); 298374664626SKris Kennaway if (io != NULL) BIO_free_all(io); 298474664626SKris Kennaway /* if (ssl_bio != NULL) BIO_free(ssl_bio);*/ 298574664626SKris Kennaway return(ret); 298674664626SKris Kennaway } 298774664626SKris Kennaway 29885c87c606SMark Murray #ifndef OPENSSL_NO_RSA 298974664626SKris Kennaway static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) 299074664626SKris Kennaway { 29913b4e3dcbSSimon L. B. Nielsen BIGNUM *bn = NULL; 299274664626SKris Kennaway static RSA *rsa_tmp=NULL; 299374664626SKris Kennaway 29943b4e3dcbSSimon L. B. Nielsen if (!rsa_tmp && ((bn = BN_new()) == NULL)) 29953b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err,"Allocation error in generating RSA key\n"); 29963b4e3dcbSSimon L. B. Nielsen if (!rsa_tmp && bn) 299774664626SKris Kennaway { 299874664626SKris Kennaway if (!s_quiet) 299974664626SKris Kennaway { 300074664626SKris Kennaway BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 300174664626SKris Kennaway (void)BIO_flush(bio_err); 300274664626SKris Kennaway } 30033b4e3dcbSSimon L. B. Nielsen if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || 30043b4e3dcbSSimon L. B. Nielsen !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) 30053b4e3dcbSSimon L. B. Nielsen { 30063b4e3dcbSSimon L. B. Nielsen if(rsa_tmp) RSA_free(rsa_tmp); 30073b4e3dcbSSimon L. B. Nielsen rsa_tmp = NULL; 30083b4e3dcbSSimon L. B. Nielsen } 300974664626SKris Kennaway if (!s_quiet) 301074664626SKris Kennaway { 301174664626SKris Kennaway BIO_printf(bio_err,"\n"); 301274664626SKris Kennaway (void)BIO_flush(bio_err); 301374664626SKris Kennaway } 30143b4e3dcbSSimon L. B. Nielsen BN_free(bn); 301574664626SKris Kennaway } 301674664626SKris Kennaway return(rsa_tmp); 301774664626SKris Kennaway } 301874664626SKris Kennaway #endif 30195c87c606SMark Murray 30205c87c606SMark Murray #define MAX_SESSION_ID_ATTEMPTS 10 30215c87c606SMark Murray static int generate_session_id(const SSL *ssl, unsigned char *id, 30225c87c606SMark Murray unsigned int *id_len) 30235c87c606SMark Murray { 30245c87c606SMark Murray unsigned int count = 0; 30255c87c606SMark Murray do { 30265c87c606SMark Murray RAND_pseudo_bytes(id, *id_len); 30275c87c606SMark Murray /* Prefix the session_id with the required prefix. NB: If our 30285c87c606SMark Murray * prefix is too long, clip it - but there will be worse effects 30295c87c606SMark Murray * anyway, eg. the server could only possibly create 1 session 30305c87c606SMark Murray * ID (ie. the prefix!) so all future session negotiations will 30315c87c606SMark Murray * fail due to conflicts. */ 30325c87c606SMark Murray memcpy(id, session_id_prefix, 30335c87c606SMark Murray (strlen(session_id_prefix) < *id_len) ? 30345c87c606SMark Murray strlen(session_id_prefix) : *id_len); 30355c87c606SMark Murray } 30365c87c606SMark Murray while(SSL_has_matching_session_id(ssl, id, *id_len) && 30375c87c606SMark Murray (++count < MAX_SESSION_ID_ATTEMPTS)); 30385c87c606SMark Murray if(count >= MAX_SESSION_ID_ATTEMPTS) 30395c87c606SMark Murray return 0; 30405c87c606SMark Murray return 1; 30415c87c606SMark Murray } 3042