1 /* apps/s_server.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <assert.h> 60 #include <stdio.h> 61 #include <stdlib.h> 62 #include <string.h> 63 #include <sys/types.h> 64 #include <sys/stat.h> 65 #ifdef NO_STDIO 66 #define APPS_WIN16 67 #endif 68 69 /* With IPv6, it looks like Digital has mixed up the proper order of 70 recursive header file inclusion, resulting in the compiler complaining 71 that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which 72 is needed to have fileno() declared correctly... So let's define u_int */ 73 #if defined(VMS) && defined(__DECC) && !defined(__U_INT) 74 #define __U_INT 75 typedef unsigned int u_int; 76 #endif 77 78 #include <openssl/lhash.h> 79 #include <openssl/bn.h> 80 #define USE_SOCKETS 81 #include "apps.h" 82 #include <openssl/err.h> 83 #include <openssl/pem.h> 84 #include <openssl/x509.h> 85 #include <openssl/ssl.h> 86 #include <openssl/rand.h> 87 #include "s_apps.h" 88 89 #ifdef WINDOWS 90 #include <conio.h> 91 #endif 92 93 #if (defined(VMS) && __VMS_VER < 70000000) 94 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ 95 #undef FIONBIO 96 #endif 97 98 #ifndef NO_RSA 99 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); 100 #endif 101 static int sv_body(char *hostname, int s, unsigned char *context); 102 static int www_body(char *hostname, int s, unsigned char *context); 103 static void close_accept_socket(void ); 104 static void sv_usage(void); 105 static int init_ssl_connection(SSL *s); 106 static void print_stats(BIO *bp,SSL_CTX *ctx); 107 #ifndef NO_DH 108 static DH *load_dh_param(char *dhfile); 109 static DH *get_dh512(void); 110 #endif 111 #ifdef MONOLITH 112 static void s_server_init(void); 113 #endif 114 115 #ifndef S_ISDIR 116 # if defined(_S_IFMT) && defined(_S_IFDIR) 117 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) 118 # else 119 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) 120 # endif 121 #endif 122 123 #ifndef NO_DH 124 static unsigned char dh512_p[]={ 125 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 126 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 127 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, 128 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, 129 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, 130 0x47,0x74,0xE8,0x33, 131 }; 132 static unsigned char dh512_g[]={ 133 0x02, 134 }; 135 136 static DH *get_dh512(void) 137 { 138 DH *dh=NULL; 139 140 if ((dh=DH_new()) == NULL) return(NULL); 141 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); 142 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); 143 if ((dh->p == NULL) || (dh->g == NULL)) 144 return(NULL); 145 return(dh); 146 } 147 #endif 148 149 /* static int load_CA(SSL_CTX *ctx, char *file);*/ 150 151 #undef BUFSIZZ 152 #define BUFSIZZ 16*1024 153 static int bufsize=BUFSIZZ; 154 static int accept_socket= -1; 155 156 #define TEST_CERT "server.pem" 157 #undef PROG 158 #define PROG s_server_main 159 160 extern int verify_depth; 161 162 static char *cipher=NULL; 163 static int s_server_verify=SSL_VERIFY_NONE; 164 static int s_server_session_id_context = 1; /* anything will do */ 165 static char *s_cert_file=TEST_CERT,*s_key_file=NULL; 166 static char *s_dcert_file=NULL,*s_dkey_file=NULL; 167 #ifdef FIONBIO 168 static int s_nbio=0; 169 #endif 170 static int s_nbio_test=0; 171 int s_crlf=0; 172 static SSL_CTX *ctx=NULL; 173 static int www=0; 174 175 static BIO *bio_s_out=NULL; 176 static int s_debug=0; 177 static int s_quiet=0; 178 179 static int hack=0; 180 181 #ifdef MONOLITH 182 static void s_server_init(void) 183 { 184 accept_socket=-1; 185 cipher=NULL; 186 s_server_verify=SSL_VERIFY_NONE; 187 s_dcert_file=NULL; 188 s_dkey_file=NULL; 189 s_cert_file=TEST_CERT; 190 s_key_file=NULL; 191 #ifdef FIONBIO 192 s_nbio=0; 193 #endif 194 s_nbio_test=0; 195 ctx=NULL; 196 www=0; 197 198 bio_s_out=NULL; 199 s_debug=0; 200 s_quiet=0; 201 hack=0; 202 } 203 #endif 204 205 static void sv_usage(void) 206 { 207 BIO_printf(bio_err,"usage: s_server [args ...]\n"); 208 BIO_printf(bio_err,"\n"); 209 BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); 210 BIO_printf(bio_err," -context arg - set session ID context\n"); 211 BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); 212 BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); 213 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); 214 BIO_printf(bio_err," (default is %s)\n",TEST_CERT); 215 BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n"); 216 BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); 217 BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); 218 BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); 219 BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); 220 BIO_printf(bio_err," or a default set of parameters is used\n"); 221 #ifdef FIONBIO 222 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); 223 #endif 224 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); 225 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); 226 BIO_printf(bio_err," -debug - Print more output\n"); 227 BIO_printf(bio_err," -state - Print the SSL states\n"); 228 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); 229 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); 230 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); 231 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); 232 BIO_printf(bio_err," -quiet - No server output\n"); 233 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); 234 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); 235 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); 236 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); 237 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); 238 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); 239 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); 240 #ifndef NO_DH 241 BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); 242 #endif 243 BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); 244 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); 245 BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 246 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 247 } 248 249 static int local_argc=0; 250 static char **local_argv; 251 252 #ifdef CHARSET_EBCDIC 253 static int ebcdic_new(BIO *bi); 254 static int ebcdic_free(BIO *a); 255 static int ebcdic_read(BIO *b, char *out, int outl); 256 static int ebcdic_write(BIO *b, char *in, int inl); 257 static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr); 258 static int ebcdic_gets(BIO *bp, char *buf, int size); 259 static int ebcdic_puts(BIO *bp, char *str); 260 261 #define BIO_TYPE_EBCDIC_FILTER (18|0x0200) 262 static BIO_METHOD methods_ebcdic= 263 { 264 BIO_TYPE_EBCDIC_FILTER, 265 "EBCDIC/ASCII filter", 266 ebcdic_write, 267 ebcdic_read, 268 ebcdic_puts, 269 ebcdic_gets, 270 ebcdic_ctrl, 271 ebcdic_new, 272 ebcdic_free, 273 }; 274 275 typedef struct 276 { 277 size_t alloced; 278 char buff[1]; 279 } EBCDIC_OUTBUFF; 280 281 BIO_METHOD *BIO_f_ebcdic_filter() 282 { 283 return(&methods_ebcdic); 284 } 285 286 static int ebcdic_new(BIO *bi) 287 { 288 EBCDIC_OUTBUFF *wbuf; 289 290 wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); 291 wbuf->alloced = 1024; 292 wbuf->buff[0] = '\0'; 293 294 bi->ptr=(char *)wbuf; 295 bi->init=1; 296 bi->flags=0; 297 return(1); 298 } 299 300 static int ebcdic_free(BIO *a) 301 { 302 if (a == NULL) return(0); 303 if (a->ptr != NULL) 304 OPENSSL_free(a->ptr); 305 a->ptr=NULL; 306 a->init=0; 307 a->flags=0; 308 return(1); 309 } 310 311 static int ebcdic_read(BIO *b, char *out, int outl) 312 { 313 int ret=0; 314 315 if (out == NULL || outl == 0) return(0); 316 if (b->next_bio == NULL) return(0); 317 318 ret=BIO_read(b->next_bio,out,outl); 319 if (ret > 0) 320 ascii2ebcdic(out,out,ret); 321 return(ret); 322 } 323 324 static int ebcdic_write(BIO *b, char *in, int inl) 325 { 326 EBCDIC_OUTBUFF *wbuf; 327 int ret=0; 328 int num; 329 unsigned char n; 330 331 if ((in == NULL) || (inl <= 0)) return(0); 332 if (b->next_bio == NULL) return(0); 333 334 wbuf=(EBCDIC_OUTBUFF *)b->ptr; 335 336 if (inl > (num = wbuf->alloced)) 337 { 338 num = num + num; /* double the size */ 339 if (num < inl) 340 num = inl; 341 OPENSSL_free(wbuf); 342 wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); 343 344 wbuf->alloced = num; 345 wbuf->buff[0] = '\0'; 346 347 b->ptr=(char *)wbuf; 348 } 349 350 ebcdic2ascii(wbuf->buff, in, inl); 351 352 ret=BIO_write(b->next_bio, wbuf->buff, inl); 353 354 return(ret); 355 } 356 357 static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) 358 { 359 long ret; 360 361 if (b->next_bio == NULL) return(0); 362 switch (cmd) 363 { 364 case BIO_CTRL_DUP: 365 ret=0L; 366 break; 367 default: 368 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 369 break; 370 } 371 return(ret); 372 } 373 374 static int ebcdic_gets(BIO *bp, char *buf, int size) 375 { 376 int i, ret; 377 if (bp->next_bio == NULL) return(0); 378 /* return(BIO_gets(bp->next_bio,buf,size));*/ 379 for (i=0; i<size-1; ++i) 380 { 381 ret = ebcdic_read(bp,&buf[i],1); 382 if (ret <= 0) 383 break; 384 else if (buf[i] == '\n') 385 { 386 ++i; 387 break; 388 } 389 } 390 if (i < size) 391 buf[i] = '\0'; 392 return (ret < 0 && i == 0) ? ret : i; 393 } 394 395 static int ebcdic_puts(BIO *bp, char *str) 396 { 397 if (bp->next_bio == NULL) return(0); 398 return ebcdic_write(bp, str, strlen(str)); 399 } 400 #endif 401 402 int MAIN(int, char **); 403 404 int MAIN(int argc, char *argv[]) 405 { 406 short port=PORT; 407 char *CApath=NULL,*CAfile=NULL; 408 char *context = NULL; 409 char *dhfile = NULL; 410 int badop=0,bugs=0; 411 int ret=1; 412 int off=0; 413 int no_tmp_rsa=0,no_dhe=0,nocert=0; 414 int state=0; 415 SSL_METHOD *meth=NULL; 416 char *inrand=NULL; 417 #ifndef NO_DH 418 DH *dh=NULL; 419 #endif 420 421 #if !defined(NO_SSL2) && !defined(NO_SSL3) 422 meth=SSLv23_server_method(); 423 #elif !defined(NO_SSL3) 424 meth=SSLv3_server_method(); 425 #elif !defined(NO_SSL2) 426 meth=SSLv2_server_method(); 427 #endif 428 429 local_argc=argc; 430 local_argv=argv; 431 432 apps_startup(); 433 #ifdef MONOLITH 434 s_server_init(); 435 #endif 436 437 if (bio_err == NULL) 438 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 439 440 verify_depth=0; 441 #ifdef FIONBIO 442 s_nbio=0; 443 #endif 444 s_nbio_test=0; 445 446 argc--; 447 argv++; 448 449 while (argc >= 1) 450 { 451 if ((strcmp(*argv,"-port") == 0) || 452 (strcmp(*argv,"-accept") == 0)) 453 { 454 if (--argc < 1) goto bad; 455 if (!extract_port(*(++argv),&port)) 456 goto bad; 457 } 458 else if (strcmp(*argv,"-verify") == 0) 459 { 460 s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; 461 if (--argc < 1) goto bad; 462 verify_depth=atoi(*(++argv)); 463 BIO_printf(bio_err,"verify depth is %d\n",verify_depth); 464 } 465 else if (strcmp(*argv,"-Verify") == 0) 466 { 467 s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT| 468 SSL_VERIFY_CLIENT_ONCE; 469 if (--argc < 1) goto bad; 470 verify_depth=atoi(*(++argv)); 471 BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth); 472 } 473 else if (strcmp(*argv,"-context") == 0) 474 { 475 if (--argc < 1) goto bad; 476 context= *(++argv); 477 } 478 else if (strcmp(*argv,"-cert") == 0) 479 { 480 if (--argc < 1) goto bad; 481 s_cert_file= *(++argv); 482 } 483 else if (strcmp(*argv,"-key") == 0) 484 { 485 if (--argc < 1) goto bad; 486 s_key_file= *(++argv); 487 } 488 else if (strcmp(*argv,"-dhparam") == 0) 489 { 490 if (--argc < 1) goto bad; 491 dhfile = *(++argv); 492 } 493 else if (strcmp(*argv,"-dcert") == 0) 494 { 495 if (--argc < 1) goto bad; 496 s_dcert_file= *(++argv); 497 } 498 else if (strcmp(*argv,"-dkey") == 0) 499 { 500 if (--argc < 1) goto bad; 501 s_dkey_file= *(++argv); 502 } 503 else if (strcmp(*argv,"-nocert") == 0) 504 { 505 nocert=1; 506 } 507 else if (strcmp(*argv,"-CApath") == 0) 508 { 509 if (--argc < 1) goto bad; 510 CApath= *(++argv); 511 } 512 else if (strcmp(*argv,"-cipher") == 0) 513 { 514 if (--argc < 1) goto bad; 515 cipher= *(++argv); 516 } 517 else if (strcmp(*argv,"-CAfile") == 0) 518 { 519 if (--argc < 1) goto bad; 520 CAfile= *(++argv); 521 } 522 #ifdef FIONBIO 523 else if (strcmp(*argv,"-nbio") == 0) 524 { s_nbio=1; } 525 #endif 526 else if (strcmp(*argv,"-nbio_test") == 0) 527 { 528 #ifdef FIONBIO 529 s_nbio=1; 530 #endif 531 s_nbio_test=1; 532 } 533 else if (strcmp(*argv,"-debug") == 0) 534 { s_debug=1; } 535 else if (strcmp(*argv,"-hack") == 0) 536 { hack=1; } 537 else if (strcmp(*argv,"-state") == 0) 538 { state=1; } 539 else if (strcmp(*argv,"-crlf") == 0) 540 { s_crlf=1; } 541 else if (strcmp(*argv,"-quiet") == 0) 542 { s_quiet=1; } 543 else if (strcmp(*argv,"-bugs") == 0) 544 { bugs=1; } 545 else if (strcmp(*argv,"-no_tmp_rsa") == 0) 546 { no_tmp_rsa=1; } 547 else if (strcmp(*argv,"-no_dhe") == 0) 548 { no_dhe=1; } 549 else if (strcmp(*argv,"-www") == 0) 550 { www=1; } 551 else if (strcmp(*argv,"-WWW") == 0) 552 { www=2; } 553 else if (strcmp(*argv,"-no_ssl2") == 0) 554 { off|=SSL_OP_NO_SSLv2; } 555 else if (strcmp(*argv,"-no_ssl3") == 0) 556 { off|=SSL_OP_NO_SSLv3; } 557 else if (strcmp(*argv,"-no_tls1") == 0) 558 { off|=SSL_OP_NO_TLSv1; } 559 #ifndef NO_SSL2 560 else if (strcmp(*argv,"-ssl2") == 0) 561 { meth=SSLv2_server_method(); } 562 #endif 563 #ifndef NO_SSL3 564 else if (strcmp(*argv,"-ssl3") == 0) 565 { meth=SSLv3_server_method(); } 566 #endif 567 #ifndef NO_TLS1 568 else if (strcmp(*argv,"-tls1") == 0) 569 { meth=TLSv1_server_method(); } 570 #endif 571 else if (strcmp(*argv,"-rand") == 0) 572 { 573 if (--argc < 1) goto bad; 574 inrand= *(++argv); 575 } 576 else 577 { 578 BIO_printf(bio_err,"unknown option %s\n",*argv); 579 badop=1; 580 break; 581 } 582 argc--; 583 argv++; 584 } 585 if (badop) 586 { 587 bad: 588 sv_usage(); 589 goto end; 590 } 591 592 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL 593 && !RAND_status()) 594 { 595 BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); 596 } 597 if (inrand != NULL) 598 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 599 app_RAND_load_files(inrand)); 600 601 if (bio_s_out == NULL) 602 { 603 if (s_quiet && !s_debug) 604 { 605 bio_s_out=BIO_new(BIO_s_null()); 606 } 607 else 608 { 609 if (bio_s_out == NULL) 610 bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE); 611 } 612 } 613 614 #if !defined(NO_RSA) || !defined(NO_DSA) 615 if (nocert) 616 #endif 617 { 618 s_cert_file=NULL; 619 s_key_file=NULL; 620 s_dcert_file=NULL; 621 s_dkey_file=NULL; 622 } 623 624 SSL_load_error_strings(); 625 OpenSSL_add_ssl_algorithms(); 626 627 ctx=SSL_CTX_new(meth); 628 if (ctx == NULL) 629 { 630 ERR_print_errors(bio_err); 631 goto end; 632 } 633 634 SSL_CTX_set_quiet_shutdown(ctx,1); 635 if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); 636 if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); 637 SSL_CTX_set_options(ctx,off); 638 if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST); 639 640 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); 641 642 SSL_CTX_sess_set_cache_size(ctx,128); 643 644 #if 0 645 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); 646 #endif 647 648 #if 0 649 if (s_cert_file == NULL) 650 { 651 BIO_printf(bio_err,"You must specify a certificate file for the server to use\n"); 652 goto end; 653 } 654 #endif 655 656 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || 657 (!SSL_CTX_set_default_verify_paths(ctx))) 658 { 659 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ 660 ERR_print_errors(bio_err); 661 /* goto end; */ 662 } 663 664 #ifndef NO_DH 665 if (!no_dhe) 666 { 667 dh=load_dh_param(dhfile ? dhfile : s_cert_file); 668 if (dh != NULL) 669 { 670 BIO_printf(bio_s_out,"Setting temp DH parameters\n"); 671 } 672 else 673 { 674 BIO_printf(bio_s_out,"Using default temp DH parameters\n"); 675 dh=get_dh512(); 676 } 677 (void)BIO_flush(bio_s_out); 678 679 SSL_CTX_set_tmp_dh(ctx,dh); 680 DH_free(dh); 681 } 682 #endif 683 684 if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) 685 goto end; 686 if (s_dcert_file != NULL) 687 { 688 if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file)) 689 goto end; 690 } 691 692 #ifndef NO_RSA 693 #if 1 694 if (!no_tmp_rsa) 695 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); 696 #else 697 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) 698 { 699 RSA *rsa; 700 701 BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); 702 BIO_flush(bio_s_out); 703 704 rsa=RSA_generate_key(512,RSA_F4,NULL); 705 706 if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) 707 { 708 ERR_print_errors(bio_err); 709 goto end; 710 } 711 RSA_free(rsa); 712 BIO_printf(bio_s_out,"\n"); 713 } 714 #endif 715 #endif 716 717 if (cipher != NULL) 718 if(!SSL_CTX_set_cipher_list(ctx,cipher)) { 719 BIO_printf(bio_err,"error setting cipher list\n"); 720 ERR_print_errors(bio_err); 721 goto end; 722 } 723 SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); 724 SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, 725 sizeof s_server_session_id_context); 726 727 if (CAfile != NULL) 728 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); 729 730 BIO_printf(bio_s_out,"ACCEPT\n"); 731 if (www) 732 do_server(port,&accept_socket,www_body, context); 733 else 734 do_server(port,&accept_socket,sv_body, context); 735 print_stats(bio_s_out,ctx); 736 ret=0; 737 end: 738 if (ctx != NULL) SSL_CTX_free(ctx); 739 if (bio_s_out != NULL) 740 { 741 BIO_free(bio_s_out); 742 bio_s_out=NULL; 743 } 744 EXIT(ret); 745 } 746 747 static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) 748 { 749 BIO_printf(bio,"%4ld items in the session cache\n", 750 SSL_CTX_sess_number(ssl_ctx)); 751 BIO_printf(bio,"%4d client connects (SSL_connect())\n", 752 SSL_CTX_sess_connect(ssl_ctx)); 753 BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n", 754 SSL_CTX_sess_connect_renegotiate(ssl_ctx)); 755 BIO_printf(bio,"%4d client connects that finished\n", 756 SSL_CTX_sess_connect_good(ssl_ctx)); 757 BIO_printf(bio,"%4d server accepts (SSL_accept())\n", 758 SSL_CTX_sess_accept(ssl_ctx)); 759 BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n", 760 SSL_CTX_sess_accept_renegotiate(ssl_ctx)); 761 BIO_printf(bio,"%4d server accepts that finished\n", 762 SSL_CTX_sess_accept_good(ssl_ctx)); 763 BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); 764 BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); 765 BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); 766 BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); 767 BIO_printf(bio,"%4d cache full overflows (%d allowed)\n", 768 SSL_CTX_sess_cache_full(ssl_ctx), 769 SSL_CTX_sess_get_cache_size(ssl_ctx)); 770 } 771 772 static int sv_body(char *hostname, int s, unsigned char *context) 773 { 774 char *buf=NULL; 775 fd_set readfds; 776 int ret=1,width; 777 int k,i; 778 unsigned long l; 779 SSL *con=NULL; 780 BIO *sbio; 781 #ifdef WINDOWS 782 struct timeval tv; 783 #endif 784 785 if ((buf=OPENSSL_malloc(bufsize)) == NULL) 786 { 787 BIO_printf(bio_err,"out of memory\n"); 788 goto err; 789 } 790 #ifdef FIONBIO 791 if (s_nbio) 792 { 793 unsigned long sl=1; 794 795 if (!s_quiet) 796 BIO_printf(bio_err,"turning on non blocking io\n"); 797 if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 798 ERR_print_errors(bio_err); 799 } 800 #endif 801 802 if (con == NULL) { 803 con=SSL_new(ctx); 804 if(context) 805 SSL_set_session_id_context(con, context, 806 strlen((char *)context)); 807 } 808 SSL_clear(con); 809 810 sbio=BIO_new_socket(s,BIO_NOCLOSE); 811 if (s_nbio_test) 812 { 813 BIO *test; 814 815 test=BIO_new(BIO_f_nbio_test()); 816 sbio=BIO_push(test,sbio); 817 } 818 SSL_set_bio(con,sbio,sbio); 819 SSL_set_accept_state(con); 820 /* SSL_set_fd(con,s); */ 821 822 if (s_debug) 823 { 824 con->debug=1; 825 BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); 826 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); 827 } 828 829 width=s+1; 830 for (;;) 831 { 832 int read_from_terminal; 833 int read_from_sslcon; 834 835 read_from_terminal = 0; 836 read_from_sslcon = SSL_pending(con); 837 838 if (!read_from_sslcon) 839 { 840 FD_ZERO(&readfds); 841 #ifndef WINDOWS 842 FD_SET(fileno(stdin),&readfds); 843 #endif 844 FD_SET(s,&readfds); 845 /* Note: under VMS with SOCKETSHR the second parameter is 846 * currently of type (int *) whereas under other systems 847 * it is (void *) if you don't have a cast it will choke 848 * the compiler: if you do have a cast then you can either 849 * go for (int *) or (void *). 850 */ 851 #ifdef WINDOWS 852 /* Under Windows we can't select on stdin: only 853 * on sockets. As a workaround we timeout the select every 854 * second and check for any keypress. In a proper Windows 855 * application we wouldn't do this because it is inefficient. 856 */ 857 tv.tv_sec = 1; 858 tv.tv_usec = 0; 859 i=select(width,(void *)&readfds,NULL,NULL,&tv); 860 if((i < 0) || (!i && !_kbhit() ) )continue; 861 if(_kbhit()) 862 read_from_terminal = 1; 863 #else 864 i=select(width,(void *)&readfds,NULL,NULL,NULL); 865 if (i <= 0) continue; 866 if (FD_ISSET(fileno(stdin),&readfds)) 867 read_from_terminal = 1; 868 #endif 869 if (FD_ISSET(s,&readfds)) 870 read_from_sslcon = 1; 871 } 872 if (read_from_terminal) 873 { 874 if (s_crlf) 875 { 876 int j, lf_num; 877 878 i=read(fileno(stdin), buf, bufsize/2); 879 lf_num = 0; 880 /* both loops are skipped when i <= 0 */ 881 for (j = 0; j < i; j++) 882 if (buf[j] == '\n') 883 lf_num++; 884 for (j = i-1; j >= 0; j--) 885 { 886 buf[j+lf_num] = buf[j]; 887 if (buf[j] == '\n') 888 { 889 lf_num--; 890 i++; 891 buf[j+lf_num] = '\r'; 892 } 893 } 894 assert(lf_num == 0); 895 } 896 else 897 i=read(fileno(stdin),buf,bufsize); 898 if (!s_quiet) 899 { 900 if ((i <= 0) || (buf[0] == 'Q')) 901 { 902 BIO_printf(bio_s_out,"DONE\n"); 903 SHUTDOWN(s); 904 close_accept_socket(); 905 ret= -11; 906 goto err; 907 } 908 if ((i <= 0) || (buf[0] == 'q')) 909 { 910 BIO_printf(bio_s_out,"DONE\n"); 911 SHUTDOWN(s); 912 /* close_accept_socket(); 913 ret= -11;*/ 914 goto err; 915 } 916 if ((buf[0] == 'r') && 917 ((buf[1] == '\n') || (buf[1] == '\r'))) 918 { 919 SSL_renegotiate(con); 920 i=SSL_do_handshake(con); 921 printf("SSL_do_handshake -> %d\n",i); 922 i=0; /*13; */ 923 continue; 924 /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ 925 } 926 if ((buf[0] == 'R') && 927 ((buf[1] == '\n') || (buf[1] == '\r'))) 928 { 929 SSL_set_verify(con, 930 SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); 931 SSL_renegotiate(con); 932 i=SSL_do_handshake(con); 933 printf("SSL_do_handshake -> %d\n",i); 934 i=0; /* 13; */ 935 continue; 936 /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ 937 } 938 if (buf[0] == 'P') 939 { 940 static char *str="Lets print some clear text\n"; 941 BIO_write(SSL_get_wbio(con),str,strlen(str)); 942 } 943 if (buf[0] == 'S') 944 { 945 print_stats(bio_s_out,SSL_get_SSL_CTX(con)); 946 } 947 } 948 #ifdef CHARSET_EBCDIC 949 ebcdic2ascii(buf,buf,i); 950 #endif 951 l=k=0; 952 for (;;) 953 { 954 /* should do a select for the write */ 955 #ifdef RENEG 956 { static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } } 957 #endif 958 k=SSL_write(con,&(buf[l]),(unsigned int)i); 959 switch (SSL_get_error(con,k)) 960 { 961 case SSL_ERROR_NONE: 962 break; 963 case SSL_ERROR_WANT_WRITE: 964 case SSL_ERROR_WANT_READ: 965 case SSL_ERROR_WANT_X509_LOOKUP: 966 BIO_printf(bio_s_out,"Write BLOCK\n"); 967 break; 968 case SSL_ERROR_SYSCALL: 969 case SSL_ERROR_SSL: 970 BIO_printf(bio_s_out,"ERROR\n"); 971 ERR_print_errors(bio_err); 972 ret=1; 973 goto err; 974 /* break; */ 975 case SSL_ERROR_ZERO_RETURN: 976 BIO_printf(bio_s_out,"DONE\n"); 977 ret=1; 978 goto err; 979 } 980 l+=k; 981 i-=k; 982 if (i <= 0) break; 983 } 984 } 985 if (read_from_sslcon) 986 { 987 if (!SSL_is_init_finished(con)) 988 { 989 i=init_ssl_connection(con); 990 991 if (i < 0) 992 { 993 ret=0; 994 goto err; 995 } 996 else if (i == 0) 997 { 998 ret=1; 999 goto err; 1000 } 1001 } 1002 else 1003 { 1004 again: 1005 i=SSL_read(con,(char *)buf,bufsize); 1006 switch (SSL_get_error(con,i)) 1007 { 1008 case SSL_ERROR_NONE: 1009 #ifdef CHARSET_EBCDIC 1010 ascii2ebcdic(buf,buf,i); 1011 #endif 1012 write(fileno(stdout),buf, 1013 (unsigned int)i); 1014 if (SSL_pending(con)) goto again; 1015 break; 1016 case SSL_ERROR_WANT_WRITE: 1017 case SSL_ERROR_WANT_READ: 1018 case SSL_ERROR_WANT_X509_LOOKUP: 1019 BIO_printf(bio_s_out,"Read BLOCK\n"); 1020 break; 1021 case SSL_ERROR_SYSCALL: 1022 case SSL_ERROR_SSL: 1023 BIO_printf(bio_s_out,"ERROR\n"); 1024 ERR_print_errors(bio_err); 1025 ret=1; 1026 goto err; 1027 case SSL_ERROR_ZERO_RETURN: 1028 BIO_printf(bio_s_out,"DONE\n"); 1029 ret=1; 1030 goto err; 1031 } 1032 } 1033 } 1034 } 1035 err: 1036 BIO_printf(bio_s_out,"shutting down SSL\n"); 1037 #if 1 1038 SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 1039 #else 1040 SSL_shutdown(con); 1041 #endif 1042 if (con != NULL) SSL_free(con); 1043 BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); 1044 if (buf != NULL) 1045 { 1046 memset(buf,0,bufsize); 1047 OPENSSL_free(buf); 1048 } 1049 if (ret >= 0) 1050 BIO_printf(bio_s_out,"ACCEPT\n"); 1051 return(ret); 1052 } 1053 1054 static void close_accept_socket(void) 1055 { 1056 BIO_printf(bio_err,"shutdown accept socket\n"); 1057 if (accept_socket >= 0) 1058 { 1059 SHUTDOWN2(accept_socket); 1060 } 1061 } 1062 1063 static int init_ssl_connection(SSL *con) 1064 { 1065 int i; 1066 const char *str; 1067 X509 *peer; 1068 long verify_error; 1069 MS_STATIC char buf[BUFSIZ]; 1070 1071 if ((i=SSL_accept(con)) <= 0) 1072 { 1073 if (BIO_sock_should_retry(i)) 1074 { 1075 BIO_printf(bio_s_out,"DELAY\n"); 1076 return(1); 1077 } 1078 1079 BIO_printf(bio_err,"ERROR\n"); 1080 verify_error=SSL_get_verify_result(con); 1081 if (verify_error != X509_V_OK) 1082 { 1083 BIO_printf(bio_err,"verify error:%s\n", 1084 X509_verify_cert_error_string(verify_error)); 1085 } 1086 else 1087 ERR_print_errors(bio_err); 1088 return(0); 1089 } 1090 1091 PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con)); 1092 1093 peer=SSL_get_peer_certificate(con); 1094 if (peer != NULL) 1095 { 1096 BIO_printf(bio_s_out,"Client certificate\n"); 1097 PEM_write_bio_X509(bio_s_out,peer); 1098 X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ); 1099 BIO_printf(bio_s_out,"subject=%s\n",buf); 1100 X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ); 1101 BIO_printf(bio_s_out,"issuer=%s\n",buf); 1102 X509_free(peer); 1103 } 1104 1105 if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL) 1106 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); 1107 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 1108 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); 1109 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); 1110 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & 1111 TLS1_FLAGS_TLS_PADDING_BUG) 1112 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); 1113 1114 return(1); 1115 } 1116 1117 #ifndef NO_DH 1118 static DH *load_dh_param(char *dhfile) 1119 { 1120 DH *ret=NULL; 1121 BIO *bio; 1122 1123 if ((bio=BIO_new_file(dhfile,"r")) == NULL) 1124 goto err; 1125 ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); 1126 err: 1127 if (bio != NULL) BIO_free(bio); 1128 return(ret); 1129 } 1130 #endif 1131 1132 #if 0 1133 static int load_CA(SSL_CTX *ctx, char *file) 1134 { 1135 FILE *in; 1136 X509 *x=NULL; 1137 1138 if ((in=fopen(file,"r")) == NULL) 1139 return(0); 1140 1141 for (;;) 1142 { 1143 if (PEM_read_X509(in,&x,NULL) == NULL) 1144 break; 1145 SSL_CTX_add_client_CA(ctx,x); 1146 } 1147 if (x != NULL) X509_free(x); 1148 fclose(in); 1149 return(1); 1150 } 1151 #endif 1152 1153 static int www_body(char *hostname, int s, unsigned char *context) 1154 { 1155 char *buf=NULL; 1156 int ret=1; 1157 int i,j,k,blank,dot; 1158 struct stat st_buf; 1159 SSL *con; 1160 SSL_CIPHER *c; 1161 BIO *io,*ssl_bio,*sbio; 1162 long total_bytes; 1163 1164 buf=OPENSSL_malloc(bufsize); 1165 if (buf == NULL) return(0); 1166 io=BIO_new(BIO_f_buffer()); 1167 ssl_bio=BIO_new(BIO_f_ssl()); 1168 if ((io == NULL) || (ssl_bio == NULL)) goto err; 1169 1170 #ifdef FIONBIO 1171 if (s_nbio) 1172 { 1173 unsigned long sl=1; 1174 1175 if (!s_quiet) 1176 BIO_printf(bio_err,"turning on non blocking io\n"); 1177 if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 1178 ERR_print_errors(bio_err); 1179 } 1180 #endif 1181 1182 /* lets make the output buffer a reasonable size */ 1183 if (!BIO_set_write_buffer_size(io,bufsize)) goto err; 1184 1185 if ((con=SSL_new(ctx)) == NULL) goto err; 1186 if(context) SSL_set_session_id_context(con, context, 1187 strlen((char *)context)); 1188 1189 sbio=BIO_new_socket(s,BIO_NOCLOSE); 1190 if (s_nbio_test) 1191 { 1192 BIO *test; 1193 1194 test=BIO_new(BIO_f_nbio_test()); 1195 sbio=BIO_push(test,sbio); 1196 } 1197 SSL_set_bio(con,sbio,sbio); 1198 SSL_set_accept_state(con); 1199 1200 /* SSL_set_fd(con,s); */ 1201 BIO_set_ssl(ssl_bio,con,BIO_CLOSE); 1202 BIO_push(io,ssl_bio); 1203 #ifdef CHARSET_EBCDIC 1204 io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io); 1205 #endif 1206 1207 if (s_debug) 1208 { 1209 con->debug=1; 1210 BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); 1211 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); 1212 } 1213 1214 blank=0; 1215 for (;;) 1216 { 1217 if (hack) 1218 { 1219 i=SSL_accept(con); 1220 1221 switch (SSL_get_error(con,i)) 1222 { 1223 case SSL_ERROR_NONE: 1224 break; 1225 case SSL_ERROR_WANT_WRITE: 1226 case SSL_ERROR_WANT_READ: 1227 case SSL_ERROR_WANT_X509_LOOKUP: 1228 continue; 1229 case SSL_ERROR_SYSCALL: 1230 case SSL_ERROR_SSL: 1231 case SSL_ERROR_ZERO_RETURN: 1232 ret=1; 1233 goto err; 1234 /* break; */ 1235 } 1236 1237 SSL_renegotiate(con); 1238 SSL_write(con,NULL,0); 1239 } 1240 1241 i=BIO_gets(io,buf,bufsize-1); 1242 if (i < 0) /* error */ 1243 { 1244 if (!BIO_should_retry(io)) 1245 { 1246 if (!s_quiet) 1247 ERR_print_errors(bio_err); 1248 goto err; 1249 } 1250 else 1251 { 1252 BIO_printf(bio_s_out,"read R BLOCK\n"); 1253 #ifndef MSDOS 1254 sleep(1); 1255 #endif 1256 continue; 1257 } 1258 } 1259 else if (i == 0) /* end of input */ 1260 { 1261 ret=1; 1262 goto end; 1263 } 1264 1265 /* else we have data */ 1266 if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) || 1267 ((www == 2) && (strncmp("GET /stats ",buf,10) == 0))) 1268 { 1269 char *p; 1270 X509 *peer; 1271 STACK_OF(SSL_CIPHER) *sk; 1272 static char *space=" "; 1273 1274 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 1275 BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); 1276 BIO_puts(io,"<pre>\n"); 1277 /* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/ 1278 BIO_puts(io,"\n"); 1279 for (i=0; i<local_argc; i++) 1280 { 1281 BIO_puts(io,local_argv[i]); 1282 BIO_write(io," ",1); 1283 } 1284 BIO_puts(io,"\n"); 1285 1286 /* The following is evil and should not really 1287 * be done */ 1288 BIO_printf(io,"Ciphers supported in s_server binary\n"); 1289 sk=SSL_get_ciphers(con); 1290 j=sk_SSL_CIPHER_num(sk); 1291 for (i=0; i<j; i++) 1292 { 1293 c=sk_SSL_CIPHER_value(sk,i); 1294 BIO_printf(io,"%-11s:%-25s", 1295 SSL_CIPHER_get_version(c), 1296 SSL_CIPHER_get_name(c)); 1297 if ((((i+1)%2) == 0) && (i+1 != j)) 1298 BIO_puts(io,"\n"); 1299 } 1300 BIO_puts(io,"\n"); 1301 p=SSL_get_shared_ciphers(con,buf,bufsize); 1302 if (p != NULL) 1303 { 1304 BIO_printf(io,"---\nCiphers common between both SSL end points:\n"); 1305 j=i=0; 1306 while (*p) 1307 { 1308 if (*p == ':') 1309 { 1310 BIO_write(io,space,26-j); 1311 i++; 1312 j=0; 1313 BIO_write(io,((i%3)?" ":"\n"),1); 1314 } 1315 else 1316 { 1317 BIO_write(io,p,1); 1318 j++; 1319 } 1320 p++; 1321 } 1322 BIO_puts(io,"\n"); 1323 } 1324 BIO_printf(io,((con->hit) 1325 ?"---\nReused, " 1326 :"---\nNew, ")); 1327 c=SSL_get_current_cipher(con); 1328 BIO_printf(io,"%s, Cipher is %s\n", 1329 SSL_CIPHER_get_version(c), 1330 SSL_CIPHER_get_name(c)); 1331 SSL_SESSION_print(io,SSL_get_session(con)); 1332 BIO_printf(io,"---\n"); 1333 print_stats(io,SSL_get_SSL_CTX(con)); 1334 BIO_printf(io,"---\n"); 1335 peer=SSL_get_peer_certificate(con); 1336 if (peer != NULL) 1337 { 1338 BIO_printf(io,"Client certificate\n"); 1339 X509_print(io,peer); 1340 PEM_write_bio_X509(io,peer); 1341 } 1342 else 1343 BIO_puts(io,"no client certificate available\n"); 1344 BIO_puts(io,"</BODY></HTML>\r\n\r\n"); 1345 break; 1346 } 1347 else if ((www == 2) && (strncmp("GET /",buf,5) == 0)) 1348 { 1349 BIO *file; 1350 char *p,*e; 1351 static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; 1352 1353 /* skip the '/' */ 1354 p= &(buf[5]); 1355 1356 dot = 1; 1357 for (e=p; *e != '\0'; e++) 1358 { 1359 if (e[0] == ' ') 1360 break; 1361 1362 switch (dot) 1363 { 1364 case 1: 1365 dot = (e[0] == '.') ? 2 : 0; 1366 break; 1367 case 2: 1368 dot = (e[0] == '.') ? 3 : 0; 1369 break; 1370 case 3: 1371 dot = (e[0] == '/') ? -1 : 0; 1372 break; 1373 } 1374 if (dot == 0) 1375 dot = (e[0] == '/') ? 1 : 0; 1376 } 1377 dot = (dot == 3) || (dot == -1); /* filename contains ".." component */ 1378 1379 if (*e == '\0') 1380 { 1381 BIO_puts(io,text); 1382 BIO_printf(io,"'%s' is an invalid file name\r\n",p); 1383 break; 1384 } 1385 *e='\0'; 1386 1387 if (dot) 1388 { 1389 BIO_puts(io,text); 1390 BIO_printf(io,"'%s' contains '..' reference\r\n",p); 1391 break; 1392 } 1393 1394 if (*p == '/') 1395 { 1396 BIO_puts(io,text); 1397 BIO_printf(io,"'%s' is an invalid path\r\n",p); 1398 break; 1399 } 1400 1401 #if 0 1402 /* append if a directory lookup */ 1403 if (e[-1] == '/') 1404 strcat(p,"index.html"); 1405 #endif 1406 1407 /* if a directory, do the index thang */ 1408 if (stat(p,&st_buf) < 0) 1409 { 1410 BIO_puts(io,text); 1411 BIO_printf(io,"Error accessing '%s'\r\n",p); 1412 ERR_print_errors(io); 1413 break; 1414 } 1415 if (S_ISDIR(st_buf.st_mode)) 1416 { 1417 #if 0 /* must check buffer size */ 1418 strcat(p,"/index.html"); 1419 #else 1420 BIO_puts(io,text); 1421 BIO_printf(io,"'%s' is a directory\r\n",p); 1422 break; 1423 #endif 1424 } 1425 1426 if ((file=BIO_new_file(p,"r")) == NULL) 1427 { 1428 BIO_puts(io,text); 1429 BIO_printf(io,"Error opening '%s'\r\n",p); 1430 ERR_print_errors(io); 1431 break; 1432 } 1433 1434 if (!s_quiet) 1435 BIO_printf(bio_err,"FILE:%s\n",p); 1436 1437 i=strlen(p); 1438 if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || 1439 ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || 1440 ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) 1441 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 1442 else 1443 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); 1444 /* send the file */ 1445 total_bytes=0; 1446 for (;;) 1447 { 1448 i=BIO_read(file,buf,bufsize); 1449 if (i <= 0) break; 1450 1451 #ifdef RENEG 1452 total_bytes+=i; 1453 fprintf(stderr,"%d\n",i); 1454 if (total_bytes > 3*1024) 1455 { 1456 total_bytes=0; 1457 fprintf(stderr,"RENEGOTIATE\n"); 1458 SSL_renegotiate(con); 1459 } 1460 #endif 1461 1462 for (j=0; j<i; ) 1463 { 1464 #ifdef RENEG 1465 { static count=0; if (++count == 13) { SSL_renegotiate(con); } } 1466 #endif 1467 k=BIO_write(io,&(buf[j]),i-j); 1468 if (k <= 0) 1469 { 1470 if (!BIO_should_retry(io)) 1471 goto write_error; 1472 else 1473 { 1474 BIO_printf(bio_s_out,"rwrite W BLOCK\n"); 1475 } 1476 } 1477 else 1478 { 1479 j+=k; 1480 } 1481 } 1482 } 1483 write_error: 1484 BIO_free(file); 1485 break; 1486 } 1487 } 1488 1489 for (;;) 1490 { 1491 i=(int)BIO_flush(io); 1492 if (i <= 0) 1493 { 1494 if (!BIO_should_retry(io)) 1495 break; 1496 } 1497 else 1498 break; 1499 } 1500 end: 1501 #if 1 1502 /* make sure we re-use sessions */ 1503 SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 1504 #else 1505 /* This kills performance */ 1506 /* SSL_shutdown(con); A shutdown gets sent in the 1507 * BIO_free_all(io) procession */ 1508 #endif 1509 1510 err: 1511 1512 if (ret >= 0) 1513 BIO_printf(bio_s_out,"ACCEPT\n"); 1514 1515 if (buf != NULL) OPENSSL_free(buf); 1516 if (io != NULL) BIO_free_all(io); 1517 /* if (ssl_bio != NULL) BIO_free(ssl_bio);*/ 1518 return(ret); 1519 } 1520 1521 #ifndef NO_RSA 1522 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) 1523 { 1524 static RSA *rsa_tmp=NULL; 1525 1526 if (rsa_tmp == NULL) 1527 { 1528 if (!s_quiet) 1529 { 1530 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 1531 (void)BIO_flush(bio_err); 1532 } 1533 rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); 1534 if (!s_quiet) 1535 { 1536 BIO_printf(bio_err,"\n"); 1537 (void)BIO_flush(bio_err); 1538 } 1539 } 1540 return(rsa_tmp); 1541 } 1542 #endif 1543