1 /* apps/s_server.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <assert.h> 60 #include <stdio.h> 61 #include <stdlib.h> 62 #include <string.h> 63 #include <sys/types.h> 64 #include <sys/stat.h> 65 #ifdef NO_STDIO 66 #define APPS_WIN16 67 #endif 68 69 /* With IPv6, it looks like Digital has mixed up the proper order of 70 recursive header file inclusion, resulting in the compiler complaining 71 that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which 72 is needed to have fileno() declared correctly... So let's define u_int */ 73 #if defined(VMS) && defined(__DECC) && !defined(__U_INT) 74 #define __U_INT 75 typedef unsigned int u_int; 76 #endif 77 78 #include <openssl/lhash.h> 79 #include <openssl/bn.h> 80 #define USE_SOCKETS 81 #include "apps.h" 82 #include <openssl/err.h> 83 #include <openssl/pem.h> 84 #include <openssl/x509.h> 85 #include <openssl/ssl.h> 86 #include "s_apps.h" 87 88 #ifdef WINDOWS 89 #include <conio.h> 90 #endif 91 92 #if (defined(VMS) && __VMS_VER < 70000000) 93 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ 94 #undef FIONBIO 95 #endif 96 97 #ifndef NO_RSA 98 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); 99 #endif 100 static int sv_body(char *hostname, int s, unsigned char *context); 101 static int www_body(char *hostname, int s, unsigned char *context); 102 static void close_accept_socket(void ); 103 static void sv_usage(void); 104 static int init_ssl_connection(SSL *s); 105 static void print_stats(BIO *bp,SSL_CTX *ctx); 106 #ifndef NO_DH 107 static DH *load_dh_param(char *dhfile); 108 static DH *get_dh512(void); 109 #endif 110 #ifdef MONOLITH 111 static void s_server_init(void); 112 #endif 113 114 #ifndef S_ISDIR 115 # if defined(_S_IFMT) && defined(_S_IFDIR) 116 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) 117 # else 118 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) 119 # endif 120 #endif 121 122 #ifndef NO_DH 123 static unsigned char dh512_p[]={ 124 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 125 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 126 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, 127 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, 128 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, 129 0x47,0x74,0xE8,0x33, 130 }; 131 static unsigned char dh512_g[]={ 132 0x02, 133 }; 134 135 static DH *get_dh512(void) 136 { 137 DH *dh=NULL; 138 139 if ((dh=DH_new()) == NULL) return(NULL); 140 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); 141 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); 142 if ((dh->p == NULL) || (dh->g == NULL)) 143 return(NULL); 144 return(dh); 145 } 146 #endif 147 148 /* static int load_CA(SSL_CTX *ctx, char *file);*/ 149 150 #undef BUFSIZZ 151 #define BUFSIZZ 16*1024 152 static int bufsize=BUFSIZZ; 153 static int accept_socket= -1; 154 155 #define TEST_CERT "server.pem" 156 #undef PROG 157 #define PROG s_server_main 158 159 extern int verify_depth; 160 161 static char *cipher=NULL; 162 static int s_server_verify=SSL_VERIFY_NONE; 163 static int s_server_session_id_context = 1; /* anything will do */ 164 static char *s_cert_file=TEST_CERT,*s_key_file=NULL; 165 static char *s_dcert_file=NULL,*s_dkey_file=NULL; 166 #ifdef FIONBIO 167 static int s_nbio=0; 168 #endif 169 static int s_nbio_test=0; 170 int s_crlf=0; 171 static SSL_CTX *ctx=NULL; 172 static int www=0; 173 174 static BIO *bio_s_out=NULL; 175 static int s_debug=0; 176 static int s_quiet=0; 177 178 static int hack=0; 179 180 #ifdef MONOLITH 181 static void s_server_init(void) 182 { 183 accept_socket=-1; 184 cipher=NULL; 185 s_server_verify=SSL_VERIFY_NONE; 186 s_dcert_file=NULL; 187 s_dkey_file=NULL; 188 s_cert_file=TEST_CERT; 189 s_key_file=NULL; 190 #ifdef FIONBIO 191 s_nbio=0; 192 #endif 193 s_nbio_test=0; 194 ctx=NULL; 195 www=0; 196 197 bio_s_out=NULL; 198 s_debug=0; 199 s_quiet=0; 200 hack=0; 201 } 202 #endif 203 204 static void sv_usage(void) 205 { 206 BIO_printf(bio_err,"usage: s_server [args ...]\n"); 207 BIO_printf(bio_err,"\n"); 208 BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); 209 BIO_printf(bio_err," -context arg - set session ID context\n"); 210 BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); 211 BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); 212 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); 213 BIO_printf(bio_err," (default is %s)\n",TEST_CERT); 214 BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n"); 215 BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); 216 BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); 217 BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); 218 BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); 219 BIO_printf(bio_err," or a default set of parameters is used\n"); 220 #ifdef FIONBIO 221 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); 222 #endif 223 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); 224 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); 225 BIO_printf(bio_err," -debug - Print more output\n"); 226 BIO_printf(bio_err," -state - Print the SSL states\n"); 227 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); 228 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); 229 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); 230 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); 231 BIO_printf(bio_err," -quiet - No server output\n"); 232 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); 233 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); 234 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); 235 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); 236 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); 237 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); 238 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); 239 #ifndef NO_DH 240 BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); 241 #endif 242 BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); 243 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); 244 BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 245 } 246 247 static int local_argc=0; 248 static char **local_argv; 249 250 #ifdef CHARSET_EBCDIC 251 static int ebcdic_new(BIO *bi); 252 static int ebcdic_free(BIO *a); 253 static int ebcdic_read(BIO *b, char *out, int outl); 254 static int ebcdic_write(BIO *b, char *in, int inl); 255 static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr); 256 static int ebcdic_gets(BIO *bp, char *buf, int size); 257 static int ebcdic_puts(BIO *bp, char *str); 258 259 #define BIO_TYPE_EBCDIC_FILTER (18|0x0200) 260 static BIO_METHOD methods_ebcdic= 261 { 262 BIO_TYPE_EBCDIC_FILTER, 263 "EBCDIC/ASCII filter", 264 ebcdic_write, 265 ebcdic_read, 266 ebcdic_puts, 267 ebcdic_gets, 268 ebcdic_ctrl, 269 ebcdic_new, 270 ebcdic_free, 271 }; 272 273 typedef struct 274 { 275 size_t alloced; 276 char buff[1]; 277 } EBCDIC_OUTBUFF; 278 279 BIO_METHOD *BIO_f_ebcdic_filter() 280 { 281 return(&methods_ebcdic); 282 } 283 284 static int ebcdic_new(BIO *bi) 285 { 286 EBCDIC_OUTBUFF *wbuf; 287 288 wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); 289 wbuf->alloced = 1024; 290 wbuf->buff[0] = '\0'; 291 292 bi->ptr=(char *)wbuf; 293 bi->init=1; 294 bi->flags=0; 295 return(1); 296 } 297 298 static int ebcdic_free(BIO *a) 299 { 300 if (a == NULL) return(0); 301 if (a->ptr != NULL) 302 OPENSSL_free(a->ptr); 303 a->ptr=NULL; 304 a->init=0; 305 a->flags=0; 306 return(1); 307 } 308 309 static int ebcdic_read(BIO *b, char *out, int outl) 310 { 311 int ret=0; 312 313 if (out == NULL || outl == 0) return(0); 314 if (b->next_bio == NULL) return(0); 315 316 ret=BIO_read(b->next_bio,out,outl); 317 if (ret > 0) 318 ascii2ebcdic(out,out,ret); 319 return(ret); 320 } 321 322 static int ebcdic_write(BIO *b, char *in, int inl) 323 { 324 EBCDIC_OUTBUFF *wbuf; 325 int ret=0; 326 int num; 327 unsigned char n; 328 329 if ((in == NULL) || (inl <= 0)) return(0); 330 if (b->next_bio == NULL) return(0); 331 332 wbuf=(EBCDIC_OUTBUFF *)b->ptr; 333 334 if (inl > (num = wbuf->alloced)) 335 { 336 num = num + num; /* double the size */ 337 if (num < inl) 338 num = inl; 339 OPENSSL_free(wbuf); 340 wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); 341 342 wbuf->alloced = num; 343 wbuf->buff[0] = '\0'; 344 345 b->ptr=(char *)wbuf; 346 } 347 348 ebcdic2ascii(wbuf->buff, in, inl); 349 350 ret=BIO_write(b->next_bio, wbuf->buff, inl); 351 352 return(ret); 353 } 354 355 static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr) 356 { 357 long ret; 358 359 if (b->next_bio == NULL) return(0); 360 switch (cmd) 361 { 362 case BIO_CTRL_DUP: 363 ret=0L; 364 break; 365 default: 366 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 367 break; 368 } 369 return(ret); 370 } 371 372 static int ebcdic_gets(BIO *bp, char *buf, int size) 373 { 374 int i, ret; 375 if (bp->next_bio == NULL) return(0); 376 /* return(BIO_gets(bp->next_bio,buf,size));*/ 377 for (i=0; i<size-1; ++i) 378 { 379 ret = ebcdic_read(bp,&buf[i],1); 380 if (ret <= 0) 381 break; 382 else if (buf[i] == '\n') 383 { 384 ++i; 385 break; 386 } 387 } 388 if (i < size) 389 buf[i] = '\0'; 390 return (ret < 0 && i == 0) ? ret : i; 391 } 392 393 static int ebcdic_puts(BIO *bp, char *str) 394 { 395 if (bp->next_bio == NULL) return(0); 396 return ebcdic_write(bp, str, strlen(str)); 397 } 398 #endif 399 400 int MAIN(int, char **); 401 402 int MAIN(int argc, char *argv[]) 403 { 404 short port=PORT; 405 char *CApath=NULL,*CAfile=NULL; 406 char *context = NULL; 407 char *dhfile = NULL; 408 int badop=0,bugs=0; 409 int ret=1; 410 int off=0; 411 int no_tmp_rsa=0,no_dhe=0,nocert=0; 412 int state=0; 413 SSL_METHOD *meth=NULL; 414 #ifndef NO_DH 415 DH *dh=NULL; 416 #endif 417 418 #if !defined(NO_SSL2) && !defined(NO_SSL3) 419 meth=SSLv23_server_method(); 420 #elif !defined(NO_SSL3) 421 meth=SSLv3_server_method(); 422 #elif !defined(NO_SSL2) 423 meth=SSLv2_server_method(); 424 #endif 425 426 local_argc=argc; 427 local_argv=argv; 428 429 apps_startup(); 430 #ifdef MONOLITH 431 s_server_init(); 432 #endif 433 434 if (bio_err == NULL) 435 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 436 437 verify_depth=0; 438 #ifdef FIONBIO 439 s_nbio=0; 440 #endif 441 s_nbio_test=0; 442 443 argc--; 444 argv++; 445 446 while (argc >= 1) 447 { 448 if ((strcmp(*argv,"-port") == 0) || 449 (strcmp(*argv,"-accept") == 0)) 450 { 451 if (--argc < 1) goto bad; 452 if (!extract_port(*(++argv),&port)) 453 goto bad; 454 } 455 else if (strcmp(*argv,"-verify") == 0) 456 { 457 s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; 458 if (--argc < 1) goto bad; 459 verify_depth=atoi(*(++argv)); 460 BIO_printf(bio_err,"verify depth is %d\n",verify_depth); 461 } 462 else if (strcmp(*argv,"-Verify") == 0) 463 { 464 s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT| 465 SSL_VERIFY_CLIENT_ONCE; 466 if (--argc < 1) goto bad; 467 verify_depth=atoi(*(++argv)); 468 BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth); 469 } 470 else if (strcmp(*argv,"-context") == 0) 471 { 472 if (--argc < 1) goto bad; 473 context= *(++argv); 474 } 475 else if (strcmp(*argv,"-cert") == 0) 476 { 477 if (--argc < 1) goto bad; 478 s_cert_file= *(++argv); 479 } 480 else if (strcmp(*argv,"-key") == 0) 481 { 482 if (--argc < 1) goto bad; 483 s_key_file= *(++argv); 484 } 485 else if (strcmp(*argv,"-dhparam") == 0) 486 { 487 if (--argc < 1) goto bad; 488 dhfile = *(++argv); 489 } 490 else if (strcmp(*argv,"-dcert") == 0) 491 { 492 if (--argc < 1) goto bad; 493 s_dcert_file= *(++argv); 494 } 495 else if (strcmp(*argv,"-dkey") == 0) 496 { 497 if (--argc < 1) goto bad; 498 s_dkey_file= *(++argv); 499 } 500 else if (strcmp(*argv,"-nocert") == 0) 501 { 502 nocert=1; 503 } 504 else if (strcmp(*argv,"-CApath") == 0) 505 { 506 if (--argc < 1) goto bad; 507 CApath= *(++argv); 508 } 509 else if (strcmp(*argv,"-cipher") == 0) 510 { 511 if (--argc < 1) goto bad; 512 cipher= *(++argv); 513 } 514 else if (strcmp(*argv,"-CAfile") == 0) 515 { 516 if (--argc < 1) goto bad; 517 CAfile= *(++argv); 518 } 519 #ifdef FIONBIO 520 else if (strcmp(*argv,"-nbio") == 0) 521 { s_nbio=1; } 522 #endif 523 else if (strcmp(*argv,"-nbio_test") == 0) 524 { 525 #ifdef FIONBIO 526 s_nbio=1; 527 #endif 528 s_nbio_test=1; 529 } 530 else if (strcmp(*argv,"-debug") == 0) 531 { s_debug=1; } 532 else if (strcmp(*argv,"-hack") == 0) 533 { hack=1; } 534 else if (strcmp(*argv,"-state") == 0) 535 { state=1; } 536 else if (strcmp(*argv,"-crlf") == 0) 537 { s_crlf=1; } 538 else if (strcmp(*argv,"-quiet") == 0) 539 { s_quiet=1; } 540 else if (strcmp(*argv,"-bugs") == 0) 541 { bugs=1; } 542 else if (strcmp(*argv,"-no_tmp_rsa") == 0) 543 { no_tmp_rsa=1; } 544 else if (strcmp(*argv,"-no_dhe") == 0) 545 { no_dhe=1; } 546 else if (strcmp(*argv,"-www") == 0) 547 { www=1; } 548 else if (strcmp(*argv,"-WWW") == 0) 549 { www=2; } 550 else if (strcmp(*argv,"-no_ssl2") == 0) 551 { off|=SSL_OP_NO_SSLv2; } 552 else if (strcmp(*argv,"-no_ssl3") == 0) 553 { off|=SSL_OP_NO_SSLv3; } 554 else if (strcmp(*argv,"-no_tls1") == 0) 555 { off|=SSL_OP_NO_TLSv1; } 556 #ifndef NO_SSL2 557 else if (strcmp(*argv,"-ssl2") == 0) 558 { meth=SSLv2_server_method(); } 559 #endif 560 #ifndef NO_SSL3 561 else if (strcmp(*argv,"-ssl3") == 0) 562 { meth=SSLv3_server_method(); } 563 #endif 564 #ifndef NO_TLS1 565 else if (strcmp(*argv,"-tls1") == 0) 566 { meth=TLSv1_server_method(); } 567 #endif 568 else 569 { 570 BIO_printf(bio_err,"unknown option %s\n",*argv); 571 badop=1; 572 break; 573 } 574 argc--; 575 argv++; 576 } 577 if (badop) 578 { 579 bad: 580 sv_usage(); 581 goto end; 582 } 583 584 app_RAND_load_file(NULL, bio_err, 0); 585 586 if (bio_s_out == NULL) 587 { 588 if (s_quiet && !s_debug) 589 { 590 bio_s_out=BIO_new(BIO_s_null()); 591 } 592 else 593 { 594 if (bio_s_out == NULL) 595 bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE); 596 } 597 } 598 599 #if !defined(NO_RSA) || !defined(NO_DSA) 600 if (nocert) 601 #endif 602 { 603 s_cert_file=NULL; 604 s_key_file=NULL; 605 s_dcert_file=NULL; 606 s_dkey_file=NULL; 607 } 608 609 SSL_load_error_strings(); 610 OpenSSL_add_ssl_algorithms(); 611 612 ctx=SSL_CTX_new(meth); 613 if (ctx == NULL) 614 { 615 ERR_print_errors(bio_err); 616 goto end; 617 } 618 619 SSL_CTX_set_quiet_shutdown(ctx,1); 620 if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); 621 if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); 622 SSL_CTX_set_options(ctx,off); 623 if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST); 624 625 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); 626 627 SSL_CTX_sess_set_cache_size(ctx,128); 628 629 #if 0 630 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); 631 #endif 632 633 #if 0 634 if (s_cert_file == NULL) 635 { 636 BIO_printf(bio_err,"You must specify a certificate file for the server to use\n"); 637 goto end; 638 } 639 #endif 640 641 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || 642 (!SSL_CTX_set_default_verify_paths(ctx))) 643 { 644 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ 645 ERR_print_errors(bio_err); 646 /* goto end; */ 647 } 648 649 #ifndef NO_DH 650 if (!no_dhe) 651 { 652 dh=load_dh_param(dhfile ? dhfile : s_cert_file); 653 if (dh != NULL) 654 { 655 BIO_printf(bio_s_out,"Setting temp DH parameters\n"); 656 } 657 else 658 { 659 BIO_printf(bio_s_out,"Using default temp DH parameters\n"); 660 dh=get_dh512(); 661 } 662 (void)BIO_flush(bio_s_out); 663 664 SSL_CTX_set_tmp_dh(ctx,dh); 665 DH_free(dh); 666 } 667 #endif 668 669 if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) 670 goto end; 671 if (s_dcert_file != NULL) 672 { 673 if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file)) 674 goto end; 675 } 676 677 #ifndef NO_RSA 678 #if 1 679 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); 680 #else 681 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) 682 { 683 RSA *rsa; 684 685 BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); 686 BIO_flush(bio_s_out); 687 688 rsa=RSA_generate_key(512,RSA_F4,NULL); 689 690 if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) 691 { 692 ERR_print_errors(bio_err); 693 goto end; 694 } 695 RSA_free(rsa); 696 BIO_printf(bio_s_out,"\n"); 697 } 698 #endif 699 #endif 700 701 if (cipher != NULL) 702 if(!SSL_CTX_set_cipher_list(ctx,cipher)) { 703 BIO_printf(bio_err,"error setting cipher list\n"); 704 ERR_print_errors(bio_err); 705 goto end; 706 } 707 SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); 708 SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, 709 sizeof s_server_session_id_context); 710 711 if (CAfile != NULL) 712 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); 713 714 BIO_printf(bio_s_out,"ACCEPT\n"); 715 if (www) 716 do_server(port,&accept_socket,www_body, context); 717 else 718 do_server(port,&accept_socket,sv_body, context); 719 print_stats(bio_s_out,ctx); 720 ret=0; 721 end: 722 if (ctx != NULL) SSL_CTX_free(ctx); 723 if (bio_s_out != NULL) 724 { 725 BIO_free(bio_s_out); 726 bio_s_out=NULL; 727 } 728 EXIT(ret); 729 } 730 731 static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) 732 { 733 BIO_printf(bio,"%4ld items in the session cache\n", 734 SSL_CTX_sess_number(ssl_ctx)); 735 BIO_printf(bio,"%4d client connects (SSL_connect())\n", 736 SSL_CTX_sess_connect(ssl_ctx)); 737 BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n", 738 SSL_CTX_sess_connect_renegotiate(ssl_ctx)); 739 BIO_printf(bio,"%4d client connects that finished\n", 740 SSL_CTX_sess_connect_good(ssl_ctx)); 741 BIO_printf(bio,"%4d server accepts (SSL_accept())\n", 742 SSL_CTX_sess_accept(ssl_ctx)); 743 BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n", 744 SSL_CTX_sess_accept_renegotiate(ssl_ctx)); 745 BIO_printf(bio,"%4d server accepts that finished\n", 746 SSL_CTX_sess_accept_good(ssl_ctx)); 747 BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); 748 BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); 749 BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); 750 BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); 751 BIO_printf(bio,"%4d cache full overflows (%d allowed)\n", 752 SSL_CTX_sess_cache_full(ssl_ctx), 753 SSL_CTX_sess_get_cache_size(ssl_ctx)); 754 } 755 756 static int sv_body(char *hostname, int s, unsigned char *context) 757 { 758 char *buf=NULL; 759 fd_set readfds; 760 int ret=1,width; 761 int k,i; 762 unsigned long l; 763 SSL *con=NULL; 764 BIO *sbio; 765 #ifdef WINDOWS 766 struct timeval tv; 767 #endif 768 769 if ((buf=OPENSSL_malloc(bufsize)) == NULL) 770 { 771 BIO_printf(bio_err,"out of memory\n"); 772 goto err; 773 } 774 #ifdef FIONBIO 775 if (s_nbio) 776 { 777 unsigned long sl=1; 778 779 if (!s_quiet) 780 BIO_printf(bio_err,"turning on non blocking io\n"); 781 if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 782 ERR_print_errors(bio_err); 783 } 784 #endif 785 786 if (con == NULL) { 787 con=SSL_new(ctx); 788 if(context) 789 SSL_set_session_id_context(con, context, 790 strlen((char *)context)); 791 } 792 SSL_clear(con); 793 794 sbio=BIO_new_socket(s,BIO_NOCLOSE); 795 if (s_nbio_test) 796 { 797 BIO *test; 798 799 test=BIO_new(BIO_f_nbio_test()); 800 sbio=BIO_push(test,sbio); 801 } 802 SSL_set_bio(con,sbio,sbio); 803 SSL_set_accept_state(con); 804 /* SSL_set_fd(con,s); */ 805 806 if (s_debug) 807 { 808 con->debug=1; 809 BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); 810 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); 811 } 812 813 width=s+1; 814 for (;;) 815 { 816 int read_from_terminal; 817 int read_from_sslcon; 818 819 read_from_terminal = 0; 820 read_from_sslcon = SSL_pending(con); 821 822 if (!read_from_sslcon) 823 { 824 FD_ZERO(&readfds); 825 #ifndef WINDOWS 826 FD_SET(fileno(stdin),&readfds); 827 #endif 828 FD_SET(s,&readfds); 829 /* Note: under VMS with SOCKETSHR the second parameter is 830 * currently of type (int *) whereas under other systems 831 * it is (void *) if you don't have a cast it will choke 832 * the compiler: if you do have a cast then you can either 833 * go for (int *) or (void *). 834 */ 835 #ifdef WINDOWS 836 /* Under Windows we can't select on stdin: only 837 * on sockets. As a workaround we timeout the select every 838 * second and check for any keypress. In a proper Windows 839 * application we wouldn't do this because it is inefficient. 840 */ 841 tv.tv_sec = 1; 842 tv.tv_usec = 0; 843 i=select(width,(void *)&readfds,NULL,NULL,&tv); 844 if((i < 0) || (!i && !_kbhit() ) )continue; 845 if(_kbhit()) 846 read_from_terminal = 1; 847 #else 848 i=select(width,(void *)&readfds,NULL,NULL,NULL); 849 if (i <= 0) continue; 850 if (FD_ISSET(fileno(stdin),&readfds)) 851 read_from_terminal = 1; 852 #endif 853 if (FD_ISSET(s,&readfds)) 854 read_from_sslcon = 1; 855 } 856 if (read_from_terminal) 857 { 858 if (s_crlf) 859 { 860 int j, lf_num; 861 862 i=read(fileno(stdin), buf, bufsize/2); 863 lf_num = 0; 864 /* both loops are skipped when i <= 0 */ 865 for (j = 0; j < i; j++) 866 if (buf[j] == '\n') 867 lf_num++; 868 for (j = i-1; j >= 0; j--) 869 { 870 buf[j+lf_num] = buf[j]; 871 if (buf[j] == '\n') 872 { 873 lf_num--; 874 i++; 875 buf[j+lf_num] = '\r'; 876 } 877 } 878 assert(lf_num == 0); 879 } 880 else 881 i=read(fileno(stdin),buf,bufsize); 882 if (!s_quiet) 883 { 884 if ((i <= 0) || (buf[0] == 'Q')) 885 { 886 BIO_printf(bio_s_out,"DONE\n"); 887 SHUTDOWN(s); 888 close_accept_socket(); 889 ret= -11; 890 goto err; 891 } 892 if ((i <= 0) || (buf[0] == 'q')) 893 { 894 BIO_printf(bio_s_out,"DONE\n"); 895 SHUTDOWN(s); 896 /* close_accept_socket(); 897 ret= -11;*/ 898 goto err; 899 } 900 if ((buf[0] == 'r') && 901 ((buf[1] == '\n') || (buf[1] == '\r'))) 902 { 903 SSL_renegotiate(con); 904 i=SSL_do_handshake(con); 905 printf("SSL_do_handshake -> %d\n",i); 906 i=0; /*13; */ 907 continue; 908 /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ 909 } 910 if ((buf[0] == 'R') && 911 ((buf[1] == '\n') || (buf[1] == '\r'))) 912 { 913 SSL_set_verify(con, 914 SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); 915 SSL_renegotiate(con); 916 i=SSL_do_handshake(con); 917 printf("SSL_do_handshake -> %d\n",i); 918 i=0; /* 13; */ 919 continue; 920 /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ 921 } 922 if (buf[0] == 'P') 923 { 924 static char *str="Lets print some clear text\n"; 925 BIO_write(SSL_get_wbio(con),str,strlen(str)); 926 } 927 if (buf[0] == 'S') 928 { 929 print_stats(bio_s_out,SSL_get_SSL_CTX(con)); 930 } 931 } 932 #ifdef CHARSET_EBCDIC 933 ebcdic2ascii(buf,buf,i); 934 #endif 935 l=k=0; 936 for (;;) 937 { 938 /* should do a select for the write */ 939 #ifdef RENEG 940 { static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } } 941 #endif 942 k=SSL_write(con,&(buf[l]),(unsigned int)i); 943 switch (SSL_get_error(con,k)) 944 { 945 case SSL_ERROR_NONE: 946 break; 947 case SSL_ERROR_WANT_WRITE: 948 case SSL_ERROR_WANT_READ: 949 case SSL_ERROR_WANT_X509_LOOKUP: 950 BIO_printf(bio_s_out,"Write BLOCK\n"); 951 break; 952 case SSL_ERROR_SYSCALL: 953 case SSL_ERROR_SSL: 954 BIO_printf(bio_s_out,"ERROR\n"); 955 ERR_print_errors(bio_err); 956 ret=1; 957 goto err; 958 /* break; */ 959 case SSL_ERROR_ZERO_RETURN: 960 BIO_printf(bio_s_out,"DONE\n"); 961 ret=1; 962 goto err; 963 } 964 l+=k; 965 i-=k; 966 if (i <= 0) break; 967 } 968 } 969 if (read_from_sslcon) 970 { 971 if (!SSL_is_init_finished(con)) 972 { 973 i=init_ssl_connection(con); 974 975 if (i < 0) 976 { 977 ret=0; 978 goto err; 979 } 980 else if (i == 0) 981 { 982 ret=1; 983 goto err; 984 } 985 } 986 else 987 { 988 again: 989 i=SSL_read(con,(char *)buf,bufsize); 990 switch (SSL_get_error(con,i)) 991 { 992 case SSL_ERROR_NONE: 993 #ifdef CHARSET_EBCDIC 994 ascii2ebcdic(buf,buf,i); 995 #endif 996 write(fileno(stdout),buf, 997 (unsigned int)i); 998 if (SSL_pending(con)) goto again; 999 break; 1000 case SSL_ERROR_WANT_WRITE: 1001 case SSL_ERROR_WANT_READ: 1002 case SSL_ERROR_WANT_X509_LOOKUP: 1003 BIO_printf(bio_s_out,"Read BLOCK\n"); 1004 break; 1005 case SSL_ERROR_SYSCALL: 1006 case SSL_ERROR_SSL: 1007 BIO_printf(bio_s_out,"ERROR\n"); 1008 ERR_print_errors(bio_err); 1009 ret=1; 1010 goto err; 1011 case SSL_ERROR_ZERO_RETURN: 1012 BIO_printf(bio_s_out,"DONE\n"); 1013 ret=1; 1014 goto err; 1015 } 1016 } 1017 } 1018 } 1019 err: 1020 BIO_printf(bio_s_out,"shutting down SSL\n"); 1021 #if 1 1022 SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 1023 #else 1024 SSL_shutdown(con); 1025 #endif 1026 if (con != NULL) SSL_free(con); 1027 BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); 1028 if (buf != NULL) 1029 { 1030 memset(buf,0,bufsize); 1031 OPENSSL_free(buf); 1032 } 1033 if (ret >= 0) 1034 BIO_printf(bio_s_out,"ACCEPT\n"); 1035 return(ret); 1036 } 1037 1038 static void close_accept_socket(void) 1039 { 1040 BIO_printf(bio_err,"shutdown accept socket\n"); 1041 if (accept_socket >= 0) 1042 { 1043 SHUTDOWN2(accept_socket); 1044 } 1045 } 1046 1047 static int init_ssl_connection(SSL *con) 1048 { 1049 int i; 1050 const char *str; 1051 X509 *peer; 1052 long verify_error; 1053 MS_STATIC char buf[BUFSIZ]; 1054 1055 if ((i=SSL_accept(con)) <= 0) 1056 { 1057 if (BIO_sock_should_retry(i)) 1058 { 1059 BIO_printf(bio_s_out,"DELAY\n"); 1060 return(1); 1061 } 1062 1063 BIO_printf(bio_err,"ERROR\n"); 1064 verify_error=SSL_get_verify_result(con); 1065 if (verify_error != X509_V_OK) 1066 { 1067 BIO_printf(bio_err,"verify error:%s\n", 1068 X509_verify_cert_error_string(verify_error)); 1069 } 1070 else 1071 ERR_print_errors(bio_err); 1072 return(0); 1073 } 1074 1075 PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con)); 1076 1077 peer=SSL_get_peer_certificate(con); 1078 if (peer != NULL) 1079 { 1080 BIO_printf(bio_s_out,"Client certificate\n"); 1081 PEM_write_bio_X509(bio_s_out,peer); 1082 X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ); 1083 BIO_printf(bio_s_out,"subject=%s\n",buf); 1084 X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ); 1085 BIO_printf(bio_s_out,"issuer=%s\n",buf); 1086 X509_free(peer); 1087 } 1088 1089 if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL) 1090 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); 1091 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 1092 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); 1093 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); 1094 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & 1095 TLS1_FLAGS_TLS_PADDING_BUG) 1096 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); 1097 1098 return(1); 1099 } 1100 1101 #ifndef NO_DH 1102 static DH *load_dh_param(char *dhfile) 1103 { 1104 DH *ret=NULL; 1105 BIO *bio; 1106 1107 if ((bio=BIO_new_file(dhfile,"r")) == NULL) 1108 goto err; 1109 ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); 1110 err: 1111 if (bio != NULL) BIO_free(bio); 1112 return(ret); 1113 } 1114 #endif 1115 1116 #if 0 1117 static int load_CA(SSL_CTX *ctx, char *file) 1118 { 1119 FILE *in; 1120 X509 *x=NULL; 1121 1122 if ((in=fopen(file,"r")) == NULL) 1123 return(0); 1124 1125 for (;;) 1126 { 1127 if (PEM_read_X509(in,&x,NULL) == NULL) 1128 break; 1129 SSL_CTX_add_client_CA(ctx,x); 1130 } 1131 if (x != NULL) X509_free(x); 1132 fclose(in); 1133 return(1); 1134 } 1135 #endif 1136 1137 static int www_body(char *hostname, int s, unsigned char *context) 1138 { 1139 char *buf=NULL; 1140 int ret=1; 1141 int i,j,k,blank,dot; 1142 struct stat st_buf; 1143 SSL *con; 1144 SSL_CIPHER *c; 1145 BIO *io,*ssl_bio,*sbio; 1146 long total_bytes; 1147 1148 buf=OPENSSL_malloc(bufsize); 1149 if (buf == NULL) return(0); 1150 io=BIO_new(BIO_f_buffer()); 1151 ssl_bio=BIO_new(BIO_f_ssl()); 1152 if ((io == NULL) || (ssl_bio == NULL)) goto err; 1153 1154 #ifdef FIONBIO 1155 if (s_nbio) 1156 { 1157 unsigned long sl=1; 1158 1159 if (!s_quiet) 1160 BIO_printf(bio_err,"turning on non blocking io\n"); 1161 if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 1162 ERR_print_errors(bio_err); 1163 } 1164 #endif 1165 1166 /* lets make the output buffer a reasonable size */ 1167 if (!BIO_set_write_buffer_size(io,bufsize)) goto err; 1168 1169 if ((con=SSL_new(ctx)) == NULL) goto err; 1170 if(context) SSL_set_session_id_context(con, context, 1171 strlen((char *)context)); 1172 1173 sbio=BIO_new_socket(s,BIO_NOCLOSE); 1174 if (s_nbio_test) 1175 { 1176 BIO *test; 1177 1178 test=BIO_new(BIO_f_nbio_test()); 1179 sbio=BIO_push(test,sbio); 1180 } 1181 SSL_set_bio(con,sbio,sbio); 1182 SSL_set_accept_state(con); 1183 1184 /* SSL_set_fd(con,s); */ 1185 BIO_set_ssl(ssl_bio,con,BIO_CLOSE); 1186 BIO_push(io,ssl_bio); 1187 #ifdef CHARSET_EBCDIC 1188 io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io); 1189 #endif 1190 1191 if (s_debug) 1192 { 1193 con->debug=1; 1194 BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); 1195 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); 1196 } 1197 1198 blank=0; 1199 for (;;) 1200 { 1201 if (hack) 1202 { 1203 i=SSL_accept(con); 1204 1205 switch (SSL_get_error(con,i)) 1206 { 1207 case SSL_ERROR_NONE: 1208 break; 1209 case SSL_ERROR_WANT_WRITE: 1210 case SSL_ERROR_WANT_READ: 1211 case SSL_ERROR_WANT_X509_LOOKUP: 1212 continue; 1213 case SSL_ERROR_SYSCALL: 1214 case SSL_ERROR_SSL: 1215 case SSL_ERROR_ZERO_RETURN: 1216 ret=1; 1217 goto err; 1218 /* break; */ 1219 } 1220 1221 SSL_renegotiate(con); 1222 SSL_write(con,NULL,0); 1223 } 1224 1225 i=BIO_gets(io,buf,bufsize-1); 1226 if (i < 0) /* error */ 1227 { 1228 if (!BIO_should_retry(io)) 1229 { 1230 if (!s_quiet) 1231 ERR_print_errors(bio_err); 1232 goto err; 1233 } 1234 else 1235 { 1236 BIO_printf(bio_s_out,"read R BLOCK\n"); 1237 #ifndef MSDOS 1238 sleep(1); 1239 #endif 1240 continue; 1241 } 1242 } 1243 else if (i == 0) /* end of input */ 1244 { 1245 ret=1; 1246 goto end; 1247 } 1248 1249 /* else we have data */ 1250 if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) || 1251 ((www == 2) && (strncmp("GET /stats ",buf,10) == 0))) 1252 { 1253 char *p; 1254 X509 *peer; 1255 STACK_OF(SSL_CIPHER) *sk; 1256 static char *space=" "; 1257 1258 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 1259 BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); 1260 BIO_puts(io,"<pre>\n"); 1261 /* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/ 1262 BIO_puts(io,"\n"); 1263 for (i=0; i<local_argc; i++) 1264 { 1265 BIO_puts(io,local_argv[i]); 1266 BIO_write(io," ",1); 1267 } 1268 BIO_puts(io,"\n"); 1269 1270 /* The following is evil and should not really 1271 * be done */ 1272 BIO_printf(io,"Ciphers supported in s_server binary\n"); 1273 sk=SSL_get_ciphers(con); 1274 j=sk_SSL_CIPHER_num(sk); 1275 for (i=0; i<j; i++) 1276 { 1277 c=sk_SSL_CIPHER_value(sk,i); 1278 BIO_printf(io,"%-11s:%-25s", 1279 SSL_CIPHER_get_version(c), 1280 SSL_CIPHER_get_name(c)); 1281 if ((((i+1)%2) == 0) && (i+1 != j)) 1282 BIO_puts(io,"\n"); 1283 } 1284 BIO_puts(io,"\n"); 1285 p=SSL_get_shared_ciphers(con,buf,bufsize); 1286 if (p != NULL) 1287 { 1288 BIO_printf(io,"---\nCiphers common between both SSL end points:\n"); 1289 j=i=0; 1290 while (*p) 1291 { 1292 if (*p == ':') 1293 { 1294 BIO_write(io,space,26-j); 1295 i++; 1296 j=0; 1297 BIO_write(io,((i%3)?" ":"\n"),1); 1298 } 1299 else 1300 { 1301 BIO_write(io,p,1); 1302 j++; 1303 } 1304 p++; 1305 } 1306 BIO_puts(io,"\n"); 1307 } 1308 BIO_printf(io,((con->hit) 1309 ?"---\nReused, " 1310 :"---\nNew, ")); 1311 c=SSL_get_current_cipher(con); 1312 BIO_printf(io,"%s, Cipher is %s\n", 1313 SSL_CIPHER_get_version(c), 1314 SSL_CIPHER_get_name(c)); 1315 SSL_SESSION_print(io,SSL_get_session(con)); 1316 BIO_printf(io,"---\n"); 1317 print_stats(io,SSL_get_SSL_CTX(con)); 1318 BIO_printf(io,"---\n"); 1319 peer=SSL_get_peer_certificate(con); 1320 if (peer != NULL) 1321 { 1322 BIO_printf(io,"Client certificate\n"); 1323 X509_print(io,peer); 1324 PEM_write_bio_X509(io,peer); 1325 } 1326 else 1327 BIO_puts(io,"no client certificate available\n"); 1328 BIO_puts(io,"</BODY></HTML>\r\n\r\n"); 1329 break; 1330 } 1331 else if ((www == 2) && (strncmp("GET /",buf,5) == 0)) 1332 { 1333 BIO *file; 1334 char *p,*e; 1335 static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; 1336 1337 /* skip the '/' */ 1338 p= &(buf[5]); 1339 dot=0; 1340 for (e=p; *e != '\0'; e++) 1341 { 1342 if (e[0] == ' ') break; 1343 if ( (e[0] == '.') && 1344 (strncmp(&(e[-1]),"/../",4) == 0)) 1345 dot=1; 1346 } 1347 1348 1349 if (*e == '\0') 1350 { 1351 BIO_puts(io,text); 1352 BIO_printf(io,"'%s' is an invalid file name\r\n",p); 1353 break; 1354 } 1355 *e='\0'; 1356 1357 if (dot) 1358 { 1359 BIO_puts(io,text); 1360 BIO_printf(io,"'%s' contains '..' reference\r\n",p); 1361 break; 1362 } 1363 1364 if (*p == '/') 1365 { 1366 BIO_puts(io,text); 1367 BIO_printf(io,"'%s' is an invalid path\r\n",p); 1368 break; 1369 } 1370 1371 /* append if a directory lookup */ 1372 if (e[-1] == '/') 1373 strcat(p,"index.html"); 1374 1375 /* if a directory, do the index thang */ 1376 if (stat(p,&st_buf) < 0) 1377 { 1378 BIO_puts(io,text); 1379 BIO_printf(io,"Error accessing '%s'\r\n",p); 1380 ERR_print_errors(io); 1381 break; 1382 } 1383 if (S_ISDIR(st_buf.st_mode)) 1384 { 1385 strcat(p,"/index.html"); 1386 } 1387 1388 if ((file=BIO_new_file(p,"r")) == NULL) 1389 { 1390 BIO_puts(io,text); 1391 BIO_printf(io,"Error opening '%s'\r\n",p); 1392 ERR_print_errors(io); 1393 break; 1394 } 1395 1396 if (!s_quiet) 1397 BIO_printf(bio_err,"FILE:%s\n",p); 1398 1399 i=strlen(p); 1400 if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || 1401 ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || 1402 ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) 1403 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 1404 else 1405 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); 1406 /* send the file */ 1407 total_bytes=0; 1408 for (;;) 1409 { 1410 i=BIO_read(file,buf,bufsize); 1411 if (i <= 0) break; 1412 1413 #ifdef RENEG 1414 total_bytes+=i; 1415 fprintf(stderr,"%d\n",i); 1416 if (total_bytes > 3*1024) 1417 { 1418 total_bytes=0; 1419 fprintf(stderr,"RENEGOTIATE\n"); 1420 SSL_renegotiate(con); 1421 } 1422 #endif 1423 1424 for (j=0; j<i; ) 1425 { 1426 #ifdef RENEG 1427 { static count=0; if (++count == 13) { SSL_renegotiate(con); } } 1428 #endif 1429 k=BIO_write(io,&(buf[j]),i-j); 1430 if (k <= 0) 1431 { 1432 if (!BIO_should_retry(io)) 1433 goto write_error; 1434 else 1435 { 1436 BIO_printf(bio_s_out,"rwrite W BLOCK\n"); 1437 } 1438 } 1439 else 1440 { 1441 j+=k; 1442 } 1443 } 1444 } 1445 write_error: 1446 BIO_free(file); 1447 break; 1448 } 1449 } 1450 1451 for (;;) 1452 { 1453 i=(int)BIO_flush(io); 1454 if (i <= 0) 1455 { 1456 if (!BIO_should_retry(io)) 1457 break; 1458 } 1459 else 1460 break; 1461 } 1462 end: 1463 #if 1 1464 /* make sure we re-use sessions */ 1465 SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 1466 #else 1467 /* This kills performance */ 1468 /* SSL_shutdown(con); A shutdown gets sent in the 1469 * BIO_free_all(io) procession */ 1470 #endif 1471 1472 err: 1473 1474 if (ret >= 0) 1475 BIO_printf(bio_s_out,"ACCEPT\n"); 1476 1477 if (buf != NULL) OPENSSL_free(buf); 1478 if (io != NULL) BIO_free_all(io); 1479 /* if (ssl_bio != NULL) BIO_free(ssl_bio);*/ 1480 return(ret); 1481 } 1482 1483 #ifndef NO_RSA 1484 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) 1485 { 1486 static RSA *rsa_tmp=NULL; 1487 1488 if (rsa_tmp == NULL) 1489 { 1490 if (!s_quiet) 1491 { 1492 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 1493 (void)BIO_flush(bio_err); 1494 } 1495 rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); 1496 if (!s_quiet) 1497 { 1498 BIO_printf(bio_err,"\n"); 1499 (void)BIO_flush(bio_err); 1500 } 1501 } 1502 return(rsa_tmp); 1503 } 1504 #endif 1505