xref: /freebsd/crypto/openssl/apps/s_server.c (revision 907b59d76938e654f0d040a888e8dfca3de1e222)
1 /* apps/s_server.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  * ECC cipher suite support in OpenSSL originally developed by
114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115  */
116 /* ====================================================================
117  * Copyright 2005 Nokia. All rights reserved.
118  *
119  * The portions of the attached software ("Contribution") is developed by
120  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121  * license.
122  *
123  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125  * support (see RFC 4279) to OpenSSL.
126  *
127  * No patent licenses or other rights except those expressly stated in
128  * the OpenSSL open source license shall be deemed granted or received
129  * expressly, by implication, estoppel, or otherwise.
130  *
131  * No assurances are provided by Nokia that the Contribution does not
132  * infringe the patent or other intellectual property rights of any third
133  * party or that the license provides you with all the necessary rights
134  * to make use of the Contribution.
135  *
136  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140  * OTHERWISE.
141  */
142 
143 /*
144  * Until the key-gen callbacks are modified to use newer prototypes, we allow
145  * deprecated functions for openssl-internal code
146  */
147 #ifdef OPENSSL_NO_DEPRECATED
148 # undef OPENSSL_NO_DEPRECATED
149 #endif
150 
151 #include <assert.h>
152 #include <ctype.h>
153 #include <stdio.h>
154 #include <stdlib.h>
155 #include <string.h>
156 
157 #include <openssl/e_os2.h>
158 #ifdef OPENSSL_NO_STDIO
159 # define APPS_WIN16
160 #endif
161 
162 /* conflicts with winsock2 stuff on netware */
163 #if !defined(OPENSSL_SYS_NETWARE)
164 # include <sys/types.h>
165 #endif
166 
167 /*
168  * With IPv6, it looks like Digital has mixed up the proper order of
169  * recursive header file inclusion, resulting in the compiler complaining
170  * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
171  * needed to have fileno() declared correctly...  So let's define u_int
172  */
173 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
174 # define __U_INT
175 typedef unsigned int u_int;
176 #endif
177 
178 #include <openssl/lhash.h>
179 #include <openssl/bn.h>
180 #define USE_SOCKETS
181 #include "apps.h"
182 #include <openssl/err.h>
183 #include <openssl/pem.h>
184 #include <openssl/x509.h>
185 #include <openssl/ssl.h>
186 #include <openssl/rand.h>
187 #include <openssl/ocsp.h>
188 #ifndef OPENSSL_NO_DH
189 # include <openssl/dh.h>
190 #endif
191 #ifndef OPENSSL_NO_RSA
192 # include <openssl/rsa.h>
193 #endif
194 #ifndef OPENSSL_NO_SRP
195 # include <openssl/srp.h>
196 #endif
197 #include "s_apps.h"
198 #include "timeouts.h"
199 
200 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
201 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
202 # undef FIONBIO
203 #endif
204 
205 #if defined(OPENSSL_SYS_BEOS_R5)
206 # include <fcntl.h>
207 #endif
208 
209 #ifndef OPENSSL_NO_RSA
210 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
211 #endif
212 static int sv_body(char *hostname, int s, int stype, unsigned char *context);
213 static int www_body(char *hostname, int s, int stype, unsigned char *context);
214 static int rev_body(char *hostname, int s, int stype, unsigned char *context);
215 static void close_accept_socket(void);
216 static void sv_usage(void);
217 static int init_ssl_connection(SSL *s);
218 static void print_stats(BIO *bp, SSL_CTX *ctx);
219 static int generate_session_id(const SSL *ssl, unsigned char *id,
220                                unsigned int *id_len);
221 static void init_session_cache_ctx(SSL_CTX *sctx);
222 static void free_sessions(void);
223 #ifndef OPENSSL_NO_DH
224 static DH *load_dh_param(const char *dhfile);
225 static DH *get_dh2048(void);
226 #endif
227 
228 #ifdef MONOLITH
229 static void s_server_init(void);
230 #endif
231 
232 #ifndef OPENSSL_NO_DH
233 static unsigned char dh2048_p[] = {
234     0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
235     0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
236     0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
237     0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
238     0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
239     0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
240     0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
241     0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
242     0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
243     0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
244     0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
245     0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
246     0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
247     0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
248     0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
249     0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
250     0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
251     0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
252     0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
253     0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
254     0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
255     0xE9,0x32,0x0B,0x3B,
256 };
257 
258 static unsigned char dh2048_g[] = {
259     0x02,
260 };
261 
262 DH *get_dh2048()
263 {
264     DH *dh;
265 
266     if ((dh = DH_new()) == NULL)
267         return NULL;
268     dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
269     dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
270     if (dh->p == NULL || dh->g == NULL) {
271         DH_free(dh);
272         return NULL;
273     }
274     return dh;
275 }
276 #endif
277 
278 /* static int load_CA(SSL_CTX *ctx, char *file);*/
279 
280 #undef BUFSIZZ
281 #define BUFSIZZ 16*1024
282 static int bufsize = BUFSIZZ;
283 static int accept_socket = -1;
284 
285 #define TEST_CERT       "server.pem"
286 #ifndef OPENSSL_NO_TLSEXT
287 # define TEST_CERT2      "server2.pem"
288 #endif
289 #undef PROG
290 #define PROG            s_server_main
291 
292 extern int verify_depth, verify_return_error, verify_quiet;
293 
294 static int s_server_verify = SSL_VERIFY_NONE;
295 static int s_server_session_id_context = 1; /* anything will do */
296 static const char *s_cert_file = TEST_CERT, *s_key_file =
297     NULL, *s_chain_file = NULL;
298 #ifndef OPENSSL_NO_TLSEXT
299 static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
300 #endif
301 static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
302 #ifdef FIONBIO
303 static int s_nbio = 0;
304 #endif
305 static int s_nbio_test = 0;
306 int s_crlf = 0;
307 static SSL_CTX *ctx = NULL;
308 #ifndef OPENSSL_NO_TLSEXT
309 static SSL_CTX *ctx2 = NULL;
310 #endif
311 static int www = 0;
312 
313 static BIO *bio_s_out = NULL;
314 static BIO *bio_s_msg = NULL;
315 static int s_debug = 0;
316 #ifndef OPENSSL_NO_TLSEXT
317 static int s_tlsextdebug = 0;
318 static int s_tlsextstatus = 0;
319 static int cert_status_cb(SSL *s, void *arg);
320 #endif
321 static int no_resume_ephemeral = 0;
322 static int s_msg = 0;
323 static int s_quiet = 0;
324 static int s_ign_eof = 0;
325 static int s_brief = 0;
326 
327 static char *keymatexportlabel = NULL;
328 static int keymatexportlen = 20;
329 
330 static int hack = 0;
331 #ifndef OPENSSL_NO_ENGINE
332 static char *engine_id = NULL;
333 #endif
334 static const char *session_id_prefix = NULL;
335 
336 static int enable_timeouts = 0;
337 static long socket_mtu;
338 #ifndef OPENSSL_NO_DTLS1
339 static int cert_chain = 0;
340 #endif
341 
342 #ifndef OPENSSL_NO_TLSEXT
343 static BIO *serverinfo_in = NULL;
344 static const char *s_serverinfo_file = NULL;
345 
346 #endif
347 
348 #ifndef OPENSSL_NO_PSK
349 static char *psk_identity = "Client_identity";
350 char *psk_key = NULL;           /* by default PSK is not used */
351 
352 static unsigned int psk_server_cb(SSL *ssl, const char *identity,
353                                   unsigned char *psk,
354                                   unsigned int max_psk_len)
355 {
356     unsigned int psk_len = 0;
357     int ret;
358     BIGNUM *bn = NULL;
359 
360     if (s_debug)
361         BIO_printf(bio_s_out, "psk_server_cb\n");
362     if (!identity) {
363         BIO_printf(bio_err, "Error: client did not send PSK identity\n");
364         goto out_err;
365     }
366     if (s_debug)
367         BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
368                    (int)strlen(identity), identity);
369 
370     /* here we could lookup the given identity e.g. from a database */
371     if (strcmp(identity, psk_identity) != 0) {
372         BIO_printf(bio_s_out, "PSK error: client identity not found"
373                    " (got '%s' expected '%s')\n", identity, psk_identity);
374         goto out_err;
375     }
376     if (s_debug)
377         BIO_printf(bio_s_out, "PSK client identity found\n");
378 
379     /* convert the PSK key to binary */
380     ret = BN_hex2bn(&bn, psk_key);
381     if (!ret) {
382         BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
383                    psk_key);
384         if (bn)
385             BN_free(bn);
386         return 0;
387     }
388     if (BN_num_bytes(bn) > (int)max_psk_len) {
389         BIO_printf(bio_err,
390                    "psk buffer of callback is too small (%d) for key (%d)\n",
391                    max_psk_len, BN_num_bytes(bn));
392         BN_free(bn);
393         return 0;
394     }
395 
396     ret = BN_bn2bin(bn, psk);
397     BN_free(bn);
398 
399     if (ret < 0)
400         goto out_err;
401     psk_len = (unsigned int)ret;
402 
403     if (s_debug)
404         BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
405     return psk_len;
406  out_err:
407     if (s_debug)
408         BIO_printf(bio_err, "Error in PSK server callback\n");
409     return 0;
410 }
411 #endif
412 
413 #ifndef OPENSSL_NO_SRP
414 /* This is a context that we pass to callbacks */
415 typedef struct srpsrvparm_st {
416     char *login;
417     SRP_VBASE *vb;
418     SRP_user_pwd *user;
419 } srpsrvparm;
420 
421 /*
422  * This callback pretends to require some asynchronous logic in order to
423  * obtain a verifier. When the callback is called for a new connection we
424  * return with a negative value. This will provoke the accept etc to return
425  * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
426  * (which would normally occur after a worker has finished) and we set the
427  * user parameters.
428  */
429 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
430 {
431     srpsrvparm *p = (srpsrvparm *) arg;
432     int ret = SSL3_AL_FATAL;
433 
434     if (p->login == NULL && p->user == NULL) {
435         p->login = SSL_get_srp_username(s);
436         BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
437         return (-1);
438     }
439 
440     if (p->user == NULL) {
441         BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
442         goto err;
443     }
444 
445     if (SSL_set_srp_server_param
446         (s, p->user->N, p->user->g, p->user->s, p->user->v,
447          p->user->info) < 0) {
448         *ad = SSL_AD_INTERNAL_ERROR;
449         goto err;
450     }
451     BIO_printf(bio_err,
452                "SRP parameters set: username = \"%s\" info=\"%s\" \n",
453                p->login, p->user->info);
454     ret = SSL_ERROR_NONE;
455 
456 err:
457     SRP_user_pwd_free(p->user);
458     p->user = NULL;
459     p->login = NULL;
460     return ret;
461 }
462 
463 #endif
464 
465 #ifdef MONOLITH
466 static void s_server_init(void)
467 {
468     accept_socket = -1;
469     s_server_verify = SSL_VERIFY_NONE;
470     s_dcert_file = NULL;
471     s_dkey_file = NULL;
472     s_dchain_file = NULL;
473     s_cert_file = TEST_CERT;
474     s_key_file = NULL;
475     s_chain_file = NULL;
476 # ifndef OPENSSL_NO_TLSEXT
477     s_cert_file2 = TEST_CERT2;
478     s_key_file2 = NULL;
479     ctx2 = NULL;
480 # endif
481 # ifdef FIONBIO
482     s_nbio = 0;
483 # endif
484     s_nbio_test = 0;
485     ctx = NULL;
486     www = 0;
487 
488     bio_s_out = NULL;
489     s_debug = 0;
490     s_msg = 0;
491     s_quiet = 0;
492     s_brief = 0;
493     hack = 0;
494 # ifndef OPENSSL_NO_ENGINE
495     engine_id = NULL;
496 # endif
497 }
498 #endif
499 
500 static void sv_usage(void)
501 {
502     BIO_printf(bio_err, "usage: s_server [args ...]\n");
503     BIO_printf(bio_err, "\n");
504     BIO_printf(bio_err,
505                " -accept arg   - port to accept on (default is %d)\n", PORT);
506     BIO_printf(bio_err,
507                " -verify_hostname host - check peer certificate matches \"host\"\n");
508     BIO_printf(bio_err,
509                " -verify_email email - check peer certificate matches \"email\"\n");
510     BIO_printf(bio_err,
511                " -verify_ip ipaddr - check peer certificate matches \"ipaddr\"\n");
512     BIO_printf(bio_err, " -context arg  - set session ID context\n");
513     BIO_printf(bio_err,
514                " -verify arg   - turn on peer certificate verification\n");
515     BIO_printf(bio_err,
516                " -Verify arg   - turn on peer certificate verification, must have a cert.\n");
517     BIO_printf(bio_err,
518                " -verify_return_error - return verification errors\n");
519     BIO_printf(bio_err, " -cert arg     - certificate file to use\n");
520     BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT);
521 #ifndef OPENSSL_NO_TLSEXT
522     BIO_printf(bio_err,
523                " -serverinfo arg - PEM serverinfo file for certificate\n");
524     BIO_printf(bio_err,
525                " -auth               - send and receive RFC 5878 TLS auth extensions and supplemental data\n");
526     BIO_printf(bio_err,
527                " -auth_require_reneg - Do not send TLS auth extensions until renegotiation\n");
528 #endif
529     BIO_printf(bio_err,
530                " -no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag\n");
531     BIO_printf(bio_err,
532                " -crl_check    - check the peer certificate has not been revoked by its CA.\n"
533                "                 The CRL(s) are appended to the certificate file\n");
534     BIO_printf(bio_err,
535                " -crl_check_all - check the peer certificate has not been revoked by its CA\n"
536                "                 or any other CRL in the CA chain. CRL(s) are appened to the\n"
537                "                 the certificate file.\n");
538     BIO_printf(bio_err,
539                " -certform arg - certificate format (PEM or DER) PEM default\n");
540     BIO_printf(bio_err,
541                " -key arg      - Private Key file to use, in cert file if\n");
542     BIO_printf(bio_err, "                 not specified (default is %s)\n",
543                TEST_CERT);
544     BIO_printf(bio_err,
545                " -keyform arg  - key format (PEM, DER or ENGINE) PEM default\n");
546     BIO_printf(bio_err,
547                " -pass arg     - private key file pass phrase source\n");
548     BIO_printf(bio_err,
549                " -dcert arg    - second certificate file to use (usually for DSA)\n");
550     BIO_printf(bio_err,
551                " -dcertform x  - second certificate format (PEM or DER) PEM default\n");
552     BIO_printf(bio_err,
553                " -dkey arg     - second private key file to use (usually for DSA)\n");
554     BIO_printf(bio_err,
555                " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
556     BIO_printf(bio_err,
557                " -dpass arg    - second private key file pass phrase source\n");
558     BIO_printf(bio_err,
559                " -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
560     BIO_printf(bio_err,
561                "                 or a default set of parameters is used\n");
562 #ifndef OPENSSL_NO_ECDH
563     BIO_printf(bio_err,
564                " -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n"
565                "                 Use \"openssl ecparam -list_curves\" for all names\n"
566                "                 (default is nistp256).\n");
567 #endif
568 #ifdef FIONBIO
569     BIO_printf(bio_err, " -nbio         - Run with non-blocking IO\n");
570 #endif
571     BIO_printf(bio_err,
572                " -nbio_test    - test with the non-blocking test bio\n");
573     BIO_printf(bio_err,
574                " -crlf         - convert LF from terminal into CRLF\n");
575     BIO_printf(bio_err, " -debug        - Print more output\n");
576     BIO_printf(bio_err, " -msg          - Show protocol messages\n");
577     BIO_printf(bio_err, " -state        - Print the SSL states\n");
578     BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
579     BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
580     BIO_printf(bio_err,
581                " -no_alt_chains - only ever use the first certificate chain found\n");
582     BIO_printf(bio_err,
583                " -nocert       - Don't use any certificates (Anon-DH)\n");
584     BIO_printf(bio_err,
585                " -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
586     BIO_printf(bio_err, " -serverpref   - Use server's cipher preferences\n");
587     BIO_printf(bio_err, " -quiet        - No server output\n");
588     BIO_printf(bio_err, " -no_tmp_rsa   - Do not generate a tmp RSA key\n");
589 #ifndef OPENSSL_NO_PSK
590     BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
591     BIO_printf(bio_err, " -psk arg      - PSK in hex (without 0x)\n");
592 # ifndef OPENSSL_NO_JPAKE
593     BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
594 # endif
595 #endif
596 #ifndef OPENSSL_NO_SRP
597     BIO_printf(bio_err, " -srpvfile file      - The verifier file for SRP\n");
598     BIO_printf(bio_err,
599                " -srpuserseed string - A seed string for a default user salt.\n");
600 #endif
601     BIO_printf(bio_err, " -ssl2         - Just talk SSLv2\n");
602 #ifndef OPENSSL_NO_SSL3_METHOD
603     BIO_printf(bio_err, " -ssl3         - Just talk SSLv3\n");
604 #endif
605     BIO_printf(bio_err, " -tls1_2       - Just talk TLSv1.2\n");
606     BIO_printf(bio_err, " -tls1_1       - Just talk TLSv1.1\n");
607     BIO_printf(bio_err, " -tls1         - Just talk TLSv1\n");
608     BIO_printf(bio_err, " -dtls1        - Just talk DTLSv1\n");
609     BIO_printf(bio_err, " -dtls1_2      - Just talk DTLSv1.2\n");
610     BIO_printf(bio_err, " -timeout      - Enable timeouts\n");
611     BIO_printf(bio_err, " -mtu          - Set link layer MTU\n");
612     BIO_printf(bio_err, " -chain        - Read a certificate chain\n");
613     BIO_printf(bio_err, " -no_ssl2      - Just disable SSLv2\n");
614     BIO_printf(bio_err, " -no_ssl3      - Just disable SSLv3\n");
615     BIO_printf(bio_err, " -no_tls1      - Just disable TLSv1\n");
616     BIO_printf(bio_err, " -no_tls1_1    - Just disable TLSv1.1\n");
617     BIO_printf(bio_err, " -no_tls1_2    - Just disable TLSv1.2\n");
618 #ifndef OPENSSL_NO_DH
619     BIO_printf(bio_err, " -no_dhe       - Disable ephemeral DH\n");
620 #endif
621 #ifndef OPENSSL_NO_ECDH
622     BIO_printf(bio_err, " -no_ecdhe     - Disable ephemeral ECDH\n");
623 #endif
624     BIO_printf(bio_err, " -bugs         - Turn on SSL bug compatibility\n");
625     BIO_printf(bio_err,
626                " -hack         - workaround for early Netscape code\n");
627     BIO_printf(bio_err,
628                " -www          - Respond to a 'GET /' with a status page\n");
629     BIO_printf(bio_err,
630                " -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
631     BIO_printf(bio_err,
632                " -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
633     BIO_printf(bio_err,
634                "                 with the assumption it contains a complete HTTP response.\n");
635 #ifndef OPENSSL_NO_ENGINE
636     BIO_printf(bio_err,
637                " -engine id    - Initialise and use the specified engine\n");
638 #endif
639     BIO_printf(bio_err,
640                " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
641     BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
642                LIST_SEPARATOR_CHAR);
643 #ifndef OPENSSL_NO_TLSEXT
644     BIO_printf(bio_err,
645                " -servername host - servername for HostName TLS extension\n");
646     BIO_printf(bio_err,
647                " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
648     BIO_printf(bio_err,
649                " -cert2 arg    - certificate file to use for servername\n");
650     BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT2);
651     BIO_printf(bio_err,
652                " -key2 arg     - Private Key file to use for servername, in cert file if\n");
653     BIO_printf(bio_err, "                 not specified (default is %s)\n",
654                TEST_CERT2);
655     BIO_printf(bio_err,
656                " -tlsextdebug  - hex dump of all TLS extensions received\n");
657     BIO_printf(bio_err,
658                " -no_ticket    - disable use of RFC4507bis session tickets\n");
659     BIO_printf(bio_err,
660                " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
661     BIO_printf(bio_err,
662                " -sigalgs arg      - Signature algorithms to support (colon-separated list)\n");
663     BIO_printf(bio_err,
664                " -client_sigalgs arg  - Signature algorithms to support for client \n");
665     BIO_printf(bio_err,
666                "                        certificate authentication (colon-separated list)\n");
667 # ifndef OPENSSL_NO_NEXTPROTONEG
668     BIO_printf(bio_err,
669                " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
670 # endif
671 # ifndef OPENSSL_NO_SRTP
672     BIO_printf(bio_err,
673                " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
674 # endif
675     BIO_printf(bio_err,
676                " -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
677 #endif
678     BIO_printf(bio_err,
679                " -keymatexport label   - Export keying material using label\n");
680     BIO_printf(bio_err,
681                " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
682     BIO_printf(bio_err,
683                " -status           - respond to certificate status requests\n");
684     BIO_printf(bio_err,
685                " -status_verbose   - enable status request verbose printout\n");
686     BIO_printf(bio_err,
687                " -status_timeout n - status request responder timeout\n");
688     BIO_printf(bio_err, " -status_url URL   - status request fallback URL\n");
689 }
690 
691 static int local_argc = 0;
692 static char **local_argv;
693 
694 #ifdef CHARSET_EBCDIC
695 static int ebcdic_new(BIO *bi);
696 static int ebcdic_free(BIO *a);
697 static int ebcdic_read(BIO *b, char *out, int outl);
698 static int ebcdic_write(BIO *b, const char *in, int inl);
699 static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
700 static int ebcdic_gets(BIO *bp, char *buf, int size);
701 static int ebcdic_puts(BIO *bp, const char *str);
702 
703 # define BIO_TYPE_EBCDIC_FILTER  (18|0x0200)
704 static BIO_METHOD methods_ebcdic = {
705     BIO_TYPE_EBCDIC_FILTER,
706     "EBCDIC/ASCII filter",
707     ebcdic_write,
708     ebcdic_read,
709     ebcdic_puts,
710     ebcdic_gets,
711     ebcdic_ctrl,
712     ebcdic_new,
713     ebcdic_free,
714 };
715 
716 typedef struct {
717     size_t alloced;
718     char buff[1];
719 } EBCDIC_OUTBUFF;
720 
721 BIO_METHOD *BIO_f_ebcdic_filter()
722 {
723     return (&methods_ebcdic);
724 }
725 
726 static int ebcdic_new(BIO *bi)
727 {
728     EBCDIC_OUTBUFF *wbuf;
729 
730     wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
731     if (!wbuf)
732         return 0;
733     wbuf->alloced = 1024;
734     wbuf->buff[0] = '\0';
735 
736     bi->ptr = (char *)wbuf;
737     bi->init = 1;
738     bi->flags = 0;
739     return (1);
740 }
741 
742 static int ebcdic_free(BIO *a)
743 {
744     if (a == NULL)
745         return (0);
746     if (a->ptr != NULL)
747         OPENSSL_free(a->ptr);
748     a->ptr = NULL;
749     a->init = 0;
750     a->flags = 0;
751     return (1);
752 }
753 
754 static int ebcdic_read(BIO *b, char *out, int outl)
755 {
756     int ret = 0;
757 
758     if (out == NULL || outl == 0)
759         return (0);
760     if (b->next_bio == NULL)
761         return (0);
762 
763     ret = BIO_read(b->next_bio, out, outl);
764     if (ret > 0)
765         ascii2ebcdic(out, out, ret);
766     return (ret);
767 }
768 
769 static int ebcdic_write(BIO *b, const char *in, int inl)
770 {
771     EBCDIC_OUTBUFF *wbuf;
772     int ret = 0;
773     int num;
774     unsigned char n;
775 
776     if ((in == NULL) || (inl <= 0))
777         return (0);
778     if (b->next_bio == NULL)
779         return (0);
780 
781     wbuf = (EBCDIC_OUTBUFF *) b->ptr;
782 
783     if (inl > (num = wbuf->alloced)) {
784         num = num + num;        /* double the size */
785         if (num < inl)
786             num = inl;
787         wbuf =
788             (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
789         if (!wbuf)
790             return 0;
791         OPENSSL_free(b->ptr);
792 
793         wbuf->alloced = num;
794         wbuf->buff[0] = '\0';
795 
796         b->ptr = (char *)wbuf;
797     }
798 
799     ebcdic2ascii(wbuf->buff, in, inl);
800 
801     ret = BIO_write(b->next_bio, wbuf->buff, inl);
802 
803     return (ret);
804 }
805 
806 static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
807 {
808     long ret;
809 
810     if (b->next_bio == NULL)
811         return (0);
812     switch (cmd) {
813     case BIO_CTRL_DUP:
814         ret = 0L;
815         break;
816     default:
817         ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
818         break;
819     }
820     return (ret);
821 }
822 
823 static int ebcdic_gets(BIO *bp, char *buf, int size)
824 {
825     int i, ret = 0;
826     if (bp->next_bio == NULL)
827         return (0);
828 /*      return(BIO_gets(bp->next_bio,buf,size));*/
829     for (i = 0; i < size - 1; ++i) {
830         ret = ebcdic_read(bp, &buf[i], 1);
831         if (ret <= 0)
832             break;
833         else if (buf[i] == '\n') {
834             ++i;
835             break;
836         }
837     }
838     if (i < size)
839         buf[i] = '\0';
840     return (ret < 0 && i == 0) ? ret : i;
841 }
842 
843 static int ebcdic_puts(BIO *bp, const char *str)
844 {
845     if (bp->next_bio == NULL)
846         return (0);
847     return ebcdic_write(bp, str, strlen(str));
848 }
849 #endif
850 
851 #ifndef OPENSSL_NO_TLSEXT
852 
853 /* This is a context that we pass to callbacks */
854 typedef struct tlsextctx_st {
855     char *servername;
856     BIO *biodebug;
857     int extension_error;
858 } tlsextctx;
859 
860 static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
861 {
862     tlsextctx *p = (tlsextctx *) arg;
863     const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
864     if (servername && p->biodebug)
865         BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
866                    servername);
867 
868     if (!p->servername)
869         return SSL_TLSEXT_ERR_NOACK;
870 
871     if (servername) {
872         if (strcasecmp(servername, p->servername))
873             return p->extension_error;
874         if (ctx2) {
875             BIO_printf(p->biodebug, "Switching server context.\n");
876             SSL_set_SSL_CTX(s, ctx2);
877         }
878     }
879     return SSL_TLSEXT_ERR_OK;
880 }
881 
882 /* Structure passed to cert status callback */
883 
884 typedef struct tlsextstatusctx_st {
885     /* Default responder to use */
886     char *host, *path, *port;
887     int use_ssl;
888     int timeout;
889     BIO *err;
890     int verbose;
891 } tlsextstatusctx;
892 
893 static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, NULL, 0 };
894 
895 /*
896  * Certificate Status callback. This is called when a client includes a
897  * certificate status request extension. This is a simplified version. It
898  * examines certificates each time and makes one OCSP responder query for
899  * each request. A full version would store details such as the OCSP
900  * certificate IDs and minimise the number of OCSP responses by caching them
901  * until they were considered "expired".
902  */
903 
904 static int cert_status_cb(SSL *s, void *arg)
905 {
906     tlsextstatusctx *srctx = arg;
907     BIO *err = srctx->err;
908     char *host, *port, *path;
909     int use_ssl;
910     unsigned char *rspder = NULL;
911     int rspderlen;
912     STACK_OF(OPENSSL_STRING) *aia = NULL;
913     X509 *x = NULL;
914     X509_STORE_CTX inctx;
915     X509_OBJECT obj;
916     OCSP_REQUEST *req = NULL;
917     OCSP_RESPONSE *resp = NULL;
918     OCSP_CERTID *id = NULL;
919     STACK_OF(X509_EXTENSION) *exts;
920     int ret = SSL_TLSEXT_ERR_NOACK;
921     int i;
922 # if 0
923     STACK_OF(OCSP_RESPID) *ids;
924     SSL_get_tlsext_status_ids(s, &ids);
925     BIO_printf(err, "cert_status: received %d ids\n",
926                sk_OCSP_RESPID_num(ids));
927 # endif
928     if (srctx->verbose)
929         BIO_puts(err, "cert_status: callback called\n");
930     /* Build up OCSP query from server certificate */
931     x = SSL_get_certificate(s);
932     aia = X509_get1_ocsp(x);
933     if (aia) {
934         if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
935                             &host, &port, &path, &use_ssl)) {
936             BIO_puts(err, "cert_status: can't parse AIA URL\n");
937             goto err;
938         }
939         if (srctx->verbose)
940             BIO_printf(err, "cert_status: AIA URL: %s\n",
941                        sk_OPENSSL_STRING_value(aia, 0));
942     } else {
943         if (!srctx->host) {
944             BIO_puts(srctx->err,
945                      "cert_status: no AIA and no default responder URL\n");
946             goto done;
947         }
948         host = srctx->host;
949         path = srctx->path;
950         port = srctx->port;
951         use_ssl = srctx->use_ssl;
952     }
953 
954     if (!X509_STORE_CTX_init(&inctx,
955                              SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
956                              NULL, NULL))
957         goto err;
958     if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
959                                   X509_get_issuer_name(x), &obj) <= 0) {
960         BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
961         X509_STORE_CTX_cleanup(&inctx);
962         goto done;
963     }
964     req = OCSP_REQUEST_new();
965     if (!req)
966         goto err;
967     id = OCSP_cert_to_id(NULL, x, obj.data.x509);
968     X509_free(obj.data.x509);
969     X509_STORE_CTX_cleanup(&inctx);
970     if (!id)
971         goto err;
972     if (!OCSP_request_add0_id(req, id))
973         goto err;
974     id = NULL;
975     /* Add any extensions to the request */
976     SSL_get_tlsext_status_exts(s, &exts);
977     for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
978         X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
979         if (!OCSP_REQUEST_add_ext(req, ext, -1))
980             goto err;
981     }
982     resp = process_responder(err, req, host, path, port, use_ssl, NULL,
983                              srctx->timeout);
984     if (!resp) {
985         BIO_puts(err, "cert_status: error querying responder\n");
986         goto done;
987     }
988     rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
989     if (rspderlen <= 0)
990         goto err;
991     SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
992     if (srctx->verbose) {
993         BIO_puts(err, "cert_status: ocsp response sent:\n");
994         OCSP_RESPONSE_print(err, resp, 2);
995     }
996     ret = SSL_TLSEXT_ERR_OK;
997  done:
998     if (ret != SSL_TLSEXT_ERR_OK)
999         ERR_print_errors(err);
1000     if (aia) {
1001         OPENSSL_free(host);
1002         OPENSSL_free(path);
1003         OPENSSL_free(port);
1004         X509_email_free(aia);
1005     }
1006     if (id)
1007         OCSP_CERTID_free(id);
1008     if (req)
1009         OCSP_REQUEST_free(req);
1010     if (resp)
1011         OCSP_RESPONSE_free(resp);
1012     return ret;
1013  err:
1014     ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1015     goto done;
1016 }
1017 
1018 # ifndef OPENSSL_NO_NEXTPROTONEG
1019 /* This is the context that we pass to next_proto_cb */
1020 typedef struct tlsextnextprotoctx_st {
1021     unsigned char *data;
1022     unsigned int len;
1023 } tlsextnextprotoctx;
1024 
1025 static int next_proto_cb(SSL *s, const unsigned char **data,
1026                          unsigned int *len, void *arg)
1027 {
1028     tlsextnextprotoctx *next_proto = arg;
1029 
1030     *data = next_proto->data;
1031     *len = next_proto->len;
1032 
1033     return SSL_TLSEXT_ERR_OK;
1034 }
1035 # endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
1036 
1037 /* This the context that we pass to alpn_cb */
1038 typedef struct tlsextalpnctx_st {
1039     unsigned char *data;
1040     unsigned short len;
1041 } tlsextalpnctx;
1042 
1043 static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
1044                    const unsigned char *in, unsigned int inlen, void *arg)
1045 {
1046     tlsextalpnctx *alpn_ctx = arg;
1047 
1048     if (!s_quiet) {
1049         /* We can assume that |in| is syntactically valid. */
1050         unsigned i;
1051         BIO_printf(bio_s_out, "ALPN protocols advertised by the client: ");
1052         for (i = 0; i < inlen;) {
1053             if (i)
1054                 BIO_write(bio_s_out, ", ", 2);
1055             BIO_write(bio_s_out, &in[i + 1], in[i]);
1056             i += in[i] + 1;
1057         }
1058         BIO_write(bio_s_out, "\n", 1);
1059     }
1060 
1061     if (SSL_select_next_proto
1062         ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
1063          inlen) != OPENSSL_NPN_NEGOTIATED) {
1064         return SSL_TLSEXT_ERR_NOACK;
1065     }
1066 
1067     if (!s_quiet) {
1068         BIO_printf(bio_s_out, "ALPN protocols selected: ");
1069         BIO_write(bio_s_out, *out, *outlen);
1070         BIO_write(bio_s_out, "\n", 1);
1071     }
1072 
1073     return SSL_TLSEXT_ERR_OK;
1074 }
1075 #endif                          /* ndef OPENSSL_NO_TLSEXT */
1076 
1077 int MAIN(int, char **);
1078 
1079 #ifndef OPENSSL_NO_JPAKE
1080 static char *jpake_secret = NULL;
1081 # define no_jpake !jpake_secret
1082 #else
1083 # define no_jpake 1
1084 #endif
1085 #ifndef OPENSSL_NO_SRP
1086 static srpsrvparm srp_callback_parm;
1087 #endif
1088 #ifndef OPENSSL_NO_SRTP
1089 static char *srtp_profiles = NULL;
1090 #endif
1091 
1092 int MAIN(int argc, char *argv[])
1093 {
1094     X509_VERIFY_PARAM *vpm = NULL;
1095     int badarg = 0;
1096     short port = PORT;
1097     char *CApath = NULL, *CAfile = NULL;
1098     char *chCApath = NULL, *chCAfile = NULL;
1099     char *vfyCApath = NULL, *vfyCAfile = NULL;
1100     unsigned char *context = NULL;
1101     char *dhfile = NULL;
1102     int badop = 0;
1103     int ret = 1;
1104     int build_chain = 0;
1105     int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
1106     int state = 0;
1107     const SSL_METHOD *meth = NULL;
1108     int socket_type = SOCK_STREAM;
1109     ENGINE *e = NULL;
1110     char *inrand = NULL;
1111     int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
1112     char *passarg = NULL, *pass = NULL;
1113     char *dpassarg = NULL, *dpass = NULL;
1114     int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
1115     X509 *s_cert = NULL, *s_dcert = NULL;
1116     STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;
1117     EVP_PKEY *s_key = NULL, *s_dkey = NULL;
1118     int no_cache = 0, ext_cache = 0;
1119     int rev = 0, naccept = -1;
1120 #ifndef OPENSSL_NO_TLSEXT
1121     EVP_PKEY *s_key2 = NULL;
1122     X509 *s_cert2 = NULL;
1123     tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
1124 # ifndef OPENSSL_NO_NEXTPROTONEG
1125     const char *next_proto_neg_in = NULL;
1126     tlsextnextprotoctx next_proto = { NULL, 0 };
1127 # endif
1128     const char *alpn_in = NULL;
1129     tlsextalpnctx alpn_ctx = { NULL, 0 };
1130 #endif
1131 #ifndef OPENSSL_NO_PSK
1132     /* by default do not send a PSK identity hint */
1133     static char *psk_identity_hint = NULL;
1134 #endif
1135 #ifndef OPENSSL_NO_SRP
1136     char *srpuserseed = NULL;
1137     char *srp_verifier_file = NULL;
1138 #endif
1139     SSL_EXCERT *exc = NULL;
1140     SSL_CONF_CTX *cctx = NULL;
1141     STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
1142 
1143     char *crl_file = NULL;
1144     int crl_format = FORMAT_PEM;
1145     int crl_download = 0;
1146     STACK_OF(X509_CRL) *crls = NULL;
1147 
1148     meth = SSLv23_server_method();
1149 
1150     local_argc = argc;
1151     local_argv = argv;
1152 
1153     apps_startup();
1154 #ifdef MONOLITH
1155     s_server_init();
1156 #endif
1157 
1158     if (bio_err == NULL)
1159         bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
1160 
1161     if (!load_config(bio_err, NULL))
1162         goto end;
1163 
1164     cctx = SSL_CONF_CTX_new();
1165     if (!cctx)
1166         goto end;
1167     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
1168     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CMDLINE);
1169 
1170     verify_depth = 0;
1171 #ifdef FIONBIO
1172     s_nbio = 0;
1173 #endif
1174     s_nbio_test = 0;
1175 
1176     argc--;
1177     argv++;
1178 
1179     while (argc >= 1) {
1180         if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
1181             if (--argc < 1)
1182                 goto bad;
1183             if (!extract_port(*(++argv), &port))
1184                 goto bad;
1185         } else if (strcmp(*argv, "-naccept") == 0) {
1186             if (--argc < 1)
1187                 goto bad;
1188             naccept = atol(*(++argv));
1189             if (naccept <= 0) {
1190                 BIO_printf(bio_err, "bad accept value %s\n", *argv);
1191                 goto bad;
1192             }
1193         } else if (strcmp(*argv, "-verify") == 0) {
1194             s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
1195             if (--argc < 1)
1196                 goto bad;
1197             verify_depth = atoi(*(++argv));
1198             if (!s_quiet)
1199                 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
1200         } else if (strcmp(*argv, "-Verify") == 0) {
1201             s_server_verify =
1202                 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
1203                 SSL_VERIFY_CLIENT_ONCE;
1204             if (--argc < 1)
1205                 goto bad;
1206             verify_depth = atoi(*(++argv));
1207             if (!s_quiet)
1208                 BIO_printf(bio_err,
1209                            "verify depth is %d, must return a certificate\n",
1210                            verify_depth);
1211         } else if (strcmp(*argv, "-context") == 0) {
1212             if (--argc < 1)
1213                 goto bad;
1214             context = (unsigned char *)*(++argv);
1215         } else if (strcmp(*argv, "-cert") == 0) {
1216             if (--argc < 1)
1217                 goto bad;
1218             s_cert_file = *(++argv);
1219         } else if (strcmp(*argv, "-CRL") == 0) {
1220             if (--argc < 1)
1221                 goto bad;
1222             crl_file = *(++argv);
1223         } else if (strcmp(*argv, "-crl_download") == 0)
1224             crl_download = 1;
1225 #ifndef OPENSSL_NO_TLSEXT
1226         else if (strcmp(*argv, "-serverinfo") == 0) {
1227             if (--argc < 1)
1228                 goto bad;
1229             s_serverinfo_file = *(++argv);
1230         }
1231 #endif
1232         else if (strcmp(*argv, "-certform") == 0) {
1233             if (--argc < 1)
1234                 goto bad;
1235             s_cert_format = str2fmt(*(++argv));
1236         } else if (strcmp(*argv, "-key") == 0) {
1237             if (--argc < 1)
1238                 goto bad;
1239             s_key_file = *(++argv);
1240         } else if (strcmp(*argv, "-keyform") == 0) {
1241             if (--argc < 1)
1242                 goto bad;
1243             s_key_format = str2fmt(*(++argv));
1244         } else if (strcmp(*argv, "-pass") == 0) {
1245             if (--argc < 1)
1246                 goto bad;
1247             passarg = *(++argv);
1248         } else if (strcmp(*argv, "-cert_chain") == 0) {
1249             if (--argc < 1)
1250                 goto bad;
1251             s_chain_file = *(++argv);
1252         } else if (strcmp(*argv, "-dhparam") == 0) {
1253             if (--argc < 1)
1254                 goto bad;
1255             dhfile = *(++argv);
1256         } else if (strcmp(*argv, "-dcertform") == 0) {
1257             if (--argc < 1)
1258                 goto bad;
1259             s_dcert_format = str2fmt(*(++argv));
1260         } else if (strcmp(*argv, "-dcert") == 0) {
1261             if (--argc < 1)
1262                 goto bad;
1263             s_dcert_file = *(++argv);
1264         } else if (strcmp(*argv, "-dkeyform") == 0) {
1265             if (--argc < 1)
1266                 goto bad;
1267             s_dkey_format = str2fmt(*(++argv));
1268         } else if (strcmp(*argv, "-dpass") == 0) {
1269             if (--argc < 1)
1270                 goto bad;
1271             dpassarg = *(++argv);
1272         } else if (strcmp(*argv, "-dkey") == 0) {
1273             if (--argc < 1)
1274                 goto bad;
1275             s_dkey_file = *(++argv);
1276         } else if (strcmp(*argv, "-dcert_chain") == 0) {
1277             if (--argc < 1)
1278                 goto bad;
1279             s_dchain_file = *(++argv);
1280         } else if (strcmp(*argv, "-nocert") == 0) {
1281             nocert = 1;
1282         } else if (strcmp(*argv, "-CApath") == 0) {
1283             if (--argc < 1)
1284                 goto bad;
1285             CApath = *(++argv);
1286         } else if (strcmp(*argv, "-chainCApath") == 0) {
1287             if (--argc < 1)
1288                 goto bad;
1289             chCApath = *(++argv);
1290         } else if (strcmp(*argv, "-verifyCApath") == 0) {
1291             if (--argc < 1)
1292                 goto bad;
1293             vfyCApath = *(++argv);
1294         } else if (strcmp(*argv, "-no_cache") == 0)
1295             no_cache = 1;
1296         else if (strcmp(*argv, "-ext_cache") == 0)
1297             ext_cache = 1;
1298         else if (strcmp(*argv, "-CRLform") == 0) {
1299             if (--argc < 1)
1300                 goto bad;
1301             crl_format = str2fmt(*(++argv));
1302         } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
1303             if (badarg)
1304                 goto bad;
1305             continue;
1306         } else if (args_excert(&argv, &argc, &badarg, bio_err, &exc)) {
1307             if (badarg)
1308                 goto bad;
1309             continue;
1310         } else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args)) {
1311             if (badarg)
1312                 goto bad;
1313             continue;
1314         } else if (strcmp(*argv, "-verify_return_error") == 0)
1315             verify_return_error = 1;
1316         else if (strcmp(*argv, "-verify_quiet") == 0)
1317             verify_quiet = 1;
1318         else if (strcmp(*argv, "-build_chain") == 0)
1319             build_chain = 1;
1320         else if (strcmp(*argv, "-CAfile") == 0) {
1321             if (--argc < 1)
1322                 goto bad;
1323             CAfile = *(++argv);
1324         } else if (strcmp(*argv, "-chainCAfile") == 0) {
1325             if (--argc < 1)
1326                 goto bad;
1327             chCAfile = *(++argv);
1328         } else if (strcmp(*argv, "-verifyCAfile") == 0) {
1329             if (--argc < 1)
1330                 goto bad;
1331             vfyCAfile = *(++argv);
1332         }
1333 #ifdef FIONBIO
1334         else if (strcmp(*argv, "-nbio") == 0) {
1335             s_nbio = 1;
1336         }
1337 #endif
1338         else if (strcmp(*argv, "-nbio_test") == 0) {
1339 #ifdef FIONBIO
1340             s_nbio = 1;
1341 #endif
1342             s_nbio_test = 1;
1343         } else if (strcmp(*argv, "-ign_eof") == 0)
1344             s_ign_eof = 1;
1345         else if (strcmp(*argv, "-no_ign_eof") == 0)
1346             s_ign_eof = 0;
1347         else if (strcmp(*argv, "-debug") == 0) {
1348             s_debug = 1;
1349         }
1350 #ifndef OPENSSL_NO_TLSEXT
1351         else if (strcmp(*argv, "-tlsextdebug") == 0)
1352             s_tlsextdebug = 1;
1353         else if (strcmp(*argv, "-status") == 0)
1354             s_tlsextstatus = 1;
1355         else if (strcmp(*argv, "-status_verbose") == 0) {
1356             s_tlsextstatus = 1;
1357             tlscstatp.verbose = 1;
1358         } else if (!strcmp(*argv, "-status_timeout")) {
1359             s_tlsextstatus = 1;
1360             if (--argc < 1)
1361                 goto bad;
1362             tlscstatp.timeout = atoi(*(++argv));
1363         } else if (!strcmp(*argv, "-status_url")) {
1364             s_tlsextstatus = 1;
1365             if (--argc < 1)
1366                 goto bad;
1367             if (!OCSP_parse_url(*(++argv),
1368                                 &tlscstatp.host,
1369                                 &tlscstatp.port,
1370                                 &tlscstatp.path, &tlscstatp.use_ssl)) {
1371                 BIO_printf(bio_err, "Error parsing URL\n");
1372                 goto bad;
1373             }
1374         }
1375 #endif
1376         else if (strcmp(*argv, "-msg") == 0) {
1377             s_msg = 1;
1378         } else if (strcmp(*argv, "-msgfile") == 0) {
1379             if (--argc < 1)
1380                 goto bad;
1381             bio_s_msg = BIO_new_file(*(++argv), "w");
1382         }
1383 #ifndef OPENSSL_NO_SSL_TRACE
1384         else if (strcmp(*argv, "-trace") == 0) {
1385             s_msg = 2;
1386         }
1387 #endif
1388         else if (strcmp(*argv, "-hack") == 0) {
1389             hack = 1;
1390         } else if (strcmp(*argv, "-state") == 0) {
1391             state = 1;
1392         } else if (strcmp(*argv, "-crlf") == 0) {
1393             s_crlf = 1;
1394         } else if (strcmp(*argv, "-quiet") == 0) {
1395             s_quiet = 1;
1396         } else if (strcmp(*argv, "-brief") == 0) {
1397             s_quiet = 1;
1398             s_brief = 1;
1399             verify_quiet = 1;
1400         } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
1401             no_tmp_rsa = 1;
1402         } else if (strcmp(*argv, "-no_dhe") == 0) {
1403             no_dhe = 1;
1404         } else if (strcmp(*argv, "-no_ecdhe") == 0) {
1405             no_ecdhe = 1;
1406         } else if (strcmp(*argv, "-no_resume_ephemeral") == 0) {
1407             no_resume_ephemeral = 1;
1408         }
1409 #ifndef OPENSSL_NO_PSK
1410         else if (strcmp(*argv, "-psk_hint") == 0) {
1411             if (--argc < 1)
1412                 goto bad;
1413             psk_identity_hint = *(++argv);
1414         } else if (strcmp(*argv, "-psk") == 0) {
1415             size_t i;
1416 
1417             if (--argc < 1)
1418                 goto bad;
1419             psk_key = *(++argv);
1420             for (i = 0; i < strlen(psk_key); i++) {
1421                 if (isxdigit((unsigned char)psk_key[i]))
1422                     continue;
1423                 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1424                 goto bad;
1425             }
1426         }
1427 #endif
1428 #ifndef OPENSSL_NO_SRP
1429         else if (strcmp(*argv, "-srpvfile") == 0) {
1430             if (--argc < 1)
1431                 goto bad;
1432             srp_verifier_file = *(++argv);
1433             meth = TLSv1_server_method();
1434         } else if (strcmp(*argv, "-srpuserseed") == 0) {
1435             if (--argc < 1)
1436                 goto bad;
1437             srpuserseed = *(++argv);
1438             meth = TLSv1_server_method();
1439         }
1440 #endif
1441         else if (strcmp(*argv, "-rev") == 0) {
1442             rev = 1;
1443         } else if (strcmp(*argv, "-www") == 0) {
1444             www = 1;
1445         } else if (strcmp(*argv, "-WWW") == 0) {
1446             www = 2;
1447         } else if (strcmp(*argv, "-HTTP") == 0) {
1448             www = 3;
1449         }
1450 #ifndef OPENSSL_NO_SSL2
1451         else if (strcmp(*argv, "-ssl2") == 0) {
1452             no_ecdhe = 1;
1453             meth = SSLv2_server_method();
1454         }
1455 #endif
1456 #ifndef OPENSSL_NO_SSL3_METHOD
1457         else if (strcmp(*argv, "-ssl3") == 0) {
1458             meth = SSLv3_server_method();
1459         }
1460 #endif
1461 #ifndef OPENSSL_NO_TLS1
1462         else if (strcmp(*argv, "-tls1") == 0) {
1463             meth = TLSv1_server_method();
1464         } else if (strcmp(*argv, "-tls1_1") == 0) {
1465             meth = TLSv1_1_server_method();
1466         } else if (strcmp(*argv, "-tls1_2") == 0) {
1467             meth = TLSv1_2_server_method();
1468         }
1469 #endif
1470 #ifndef OPENSSL_NO_DTLS1
1471         else if (strcmp(*argv, "-dtls") == 0) {
1472             meth = DTLS_server_method();
1473             socket_type = SOCK_DGRAM;
1474         } else if (strcmp(*argv, "-dtls1") == 0) {
1475             meth = DTLSv1_server_method();
1476             socket_type = SOCK_DGRAM;
1477         } else if (strcmp(*argv, "-dtls1_2") == 0) {
1478             meth = DTLSv1_2_server_method();
1479             socket_type = SOCK_DGRAM;
1480         } else if (strcmp(*argv, "-timeout") == 0)
1481             enable_timeouts = 1;
1482         else if (strcmp(*argv, "-mtu") == 0) {
1483             if (--argc < 1)
1484                 goto bad;
1485             socket_mtu = atol(*(++argv));
1486         } else if (strcmp(*argv, "-chain") == 0)
1487             cert_chain = 1;
1488 #endif
1489         else if (strcmp(*argv, "-id_prefix") == 0) {
1490             if (--argc < 1)
1491                 goto bad;
1492             session_id_prefix = *(++argv);
1493         }
1494 #ifndef OPENSSL_NO_ENGINE
1495         else if (strcmp(*argv, "-engine") == 0) {
1496             if (--argc < 1)
1497                 goto bad;
1498             engine_id = *(++argv);
1499         }
1500 #endif
1501         else if (strcmp(*argv, "-rand") == 0) {
1502             if (--argc < 1)
1503                 goto bad;
1504             inrand = *(++argv);
1505         }
1506 #ifndef OPENSSL_NO_TLSEXT
1507         else if (strcmp(*argv, "-servername") == 0) {
1508             if (--argc < 1)
1509                 goto bad;
1510             tlsextcbp.servername = *(++argv);
1511         } else if (strcmp(*argv, "-servername_fatal") == 0) {
1512             tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
1513         } else if (strcmp(*argv, "-cert2") == 0) {
1514             if (--argc < 1)
1515                 goto bad;
1516             s_cert_file2 = *(++argv);
1517         } else if (strcmp(*argv, "-key2") == 0) {
1518             if (--argc < 1)
1519                 goto bad;
1520             s_key_file2 = *(++argv);
1521         }
1522 # ifndef OPENSSL_NO_NEXTPROTONEG
1523         else if (strcmp(*argv, "-nextprotoneg") == 0) {
1524             if (--argc < 1)
1525                 goto bad;
1526             next_proto_neg_in = *(++argv);
1527         }
1528 # endif
1529         else if (strcmp(*argv, "-alpn") == 0) {
1530             if (--argc < 1)
1531                 goto bad;
1532             alpn_in = *(++argv);
1533         }
1534 #endif
1535 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1536         else if (strcmp(*argv, "-jpake") == 0) {
1537             if (--argc < 1)
1538                 goto bad;
1539             jpake_secret = *(++argv);
1540         }
1541 #endif
1542 #ifndef OPENSSL_NO_SRTP
1543         else if (strcmp(*argv, "-use_srtp") == 0) {
1544             if (--argc < 1)
1545                 goto bad;
1546             srtp_profiles = *(++argv);
1547         }
1548 #endif
1549         else if (strcmp(*argv, "-keymatexport") == 0) {
1550             if (--argc < 1)
1551                 goto bad;
1552             keymatexportlabel = *(++argv);
1553         } else if (strcmp(*argv, "-keymatexportlen") == 0) {
1554             if (--argc < 1)
1555                 goto bad;
1556             keymatexportlen = atoi(*(++argv));
1557             if (keymatexportlen == 0)
1558                 goto bad;
1559         } else {
1560             BIO_printf(bio_err, "unknown option %s\n", *argv);
1561             badop = 1;
1562             break;
1563         }
1564         argc--;
1565         argv++;
1566     }
1567     if (badop) {
1568  bad:
1569         sv_usage();
1570         goto end;
1571     }
1572 #ifndef OPENSSL_NO_DTLS1
1573     if (www && socket_type == SOCK_DGRAM) {
1574         BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n");
1575         goto end;
1576     }
1577 #endif
1578 
1579 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1580     if (jpake_secret) {
1581         if (psk_key) {
1582             BIO_printf(bio_err, "Can't use JPAKE and PSK together\n");
1583             goto end;
1584         }
1585         psk_identity = "JPAKE";
1586     }
1587 #endif
1588 
1589     SSL_load_error_strings();
1590     OpenSSL_add_ssl_algorithms();
1591 
1592 #ifndef OPENSSL_NO_ENGINE
1593     e = setup_engine(bio_err, engine_id, 1);
1594 #endif
1595 
1596     if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
1597         BIO_printf(bio_err, "Error getting password\n");
1598         goto end;
1599     }
1600 
1601     if (s_key_file == NULL)
1602         s_key_file = s_cert_file;
1603 #ifndef OPENSSL_NO_TLSEXT
1604     if (s_key_file2 == NULL)
1605         s_key_file2 = s_cert_file2;
1606 #endif
1607 
1608     if (!load_excert(&exc, bio_err))
1609         goto end;
1610 
1611     if (nocert == 0) {
1612         s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
1613                          "server certificate private key file");
1614         if (!s_key) {
1615             ERR_print_errors(bio_err);
1616             goto end;
1617         }
1618 
1619         s_cert = load_cert(bio_err, s_cert_file, s_cert_format,
1620                            NULL, e, "server certificate file");
1621 
1622         if (!s_cert) {
1623             ERR_print_errors(bio_err);
1624             goto end;
1625         }
1626         if (s_chain_file) {
1627             s_chain = load_certs(bio_err, s_chain_file, FORMAT_PEM,
1628                                  NULL, e, "server certificate chain");
1629             if (!s_chain)
1630                 goto end;
1631         }
1632 #ifndef OPENSSL_NO_TLSEXT
1633         if (tlsextcbp.servername) {
1634             s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
1635                               "second server certificate private key file");
1636             if (!s_key2) {
1637                 ERR_print_errors(bio_err);
1638                 goto end;
1639             }
1640 
1641             s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format,
1642                                 NULL, e, "second server certificate file");
1643 
1644             if (!s_cert2) {
1645                 ERR_print_errors(bio_err);
1646                 goto end;
1647             }
1648         }
1649 #endif                          /* OPENSSL_NO_TLSEXT */
1650     }
1651 #if !defined(OPENSSL_NO_TLSEXT)
1652 # if !defined(OPENSSL_NO_NEXTPROTONEG)
1653     if (next_proto_neg_in) {
1654         unsigned short len;
1655         next_proto.data = next_protos_parse(&len, next_proto_neg_in);
1656         if (next_proto.data == NULL)
1657             goto end;
1658         next_proto.len = len;
1659     } else {
1660         next_proto.data = NULL;
1661     }
1662 # endif
1663     alpn_ctx.data = NULL;
1664     if (alpn_in) {
1665         unsigned short len;
1666         alpn_ctx.data = next_protos_parse(&len, alpn_in);
1667         if (alpn_ctx.data == NULL)
1668             goto end;
1669         alpn_ctx.len = len;
1670     }
1671 #endif
1672 
1673     if (crl_file) {
1674         X509_CRL *crl;
1675         crl = load_crl(crl_file, crl_format);
1676         if (!crl) {
1677             BIO_puts(bio_err, "Error loading CRL\n");
1678             ERR_print_errors(bio_err);
1679             goto end;
1680         }
1681         crls = sk_X509_CRL_new_null();
1682         if (!crls || !sk_X509_CRL_push(crls, crl)) {
1683             BIO_puts(bio_err, "Error adding CRL\n");
1684             ERR_print_errors(bio_err);
1685             X509_CRL_free(crl);
1686             goto end;
1687         }
1688     }
1689 
1690     if (s_dcert_file) {
1691 
1692         if (s_dkey_file == NULL)
1693             s_dkey_file = s_dcert_file;
1694 
1695         s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
1696                           0, dpass, e, "second certificate private key file");
1697         if (!s_dkey) {
1698             ERR_print_errors(bio_err);
1699             goto end;
1700         }
1701 
1702         s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format,
1703                             NULL, e, "second server certificate file");
1704 
1705         if (!s_dcert) {
1706             ERR_print_errors(bio_err);
1707             goto end;
1708         }
1709         if (s_dchain_file) {
1710             s_dchain = load_certs(bio_err, s_dchain_file, FORMAT_PEM,
1711                                   NULL, e, "second server certificate chain");
1712             if (!s_dchain)
1713                 goto end;
1714         }
1715 
1716     }
1717 
1718     if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1719         && !RAND_status()) {
1720         BIO_printf(bio_err,
1721                    "warning, not much extra random data, consider using the -rand option\n");
1722     }
1723     if (inrand != NULL)
1724         BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
1725                    app_RAND_load_files(inrand));
1726 
1727     if (bio_s_out == NULL) {
1728         if (s_quiet && !s_debug) {
1729             bio_s_out = BIO_new(BIO_s_null());
1730             if (s_msg && !bio_s_msg)
1731                 bio_s_msg = BIO_new_fp(stdout, BIO_NOCLOSE);
1732         } else {
1733             if (bio_s_out == NULL)
1734                 bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
1735         }
1736     }
1737 #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1738     if (nocert)
1739 #endif
1740     {
1741         s_cert_file = NULL;
1742         s_key_file = NULL;
1743         s_dcert_file = NULL;
1744         s_dkey_file = NULL;
1745 #ifndef OPENSSL_NO_TLSEXT
1746         s_cert_file2 = NULL;
1747         s_key_file2 = NULL;
1748 #endif
1749     }
1750 
1751     ctx = SSL_CTX_new(meth);
1752     if (ctx == NULL) {
1753         ERR_print_errors(bio_err);
1754         goto end;
1755     }
1756     if (session_id_prefix) {
1757         if (strlen(session_id_prefix) >= 32)
1758             BIO_printf(bio_err,
1759                        "warning: id_prefix is too long, only one new session will be possible\n");
1760         else if (strlen(session_id_prefix) >= 16)
1761             BIO_printf(bio_err,
1762                        "warning: id_prefix is too long if you use SSLv2\n");
1763         if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
1764             BIO_printf(bio_err, "error setting 'id_prefix'\n");
1765             ERR_print_errors(bio_err);
1766             goto end;
1767         }
1768         BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
1769     }
1770     SSL_CTX_set_quiet_shutdown(ctx, 1);
1771     if (hack)
1772         SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1773     if (exc)
1774         ssl_ctx_set_excert(ctx, exc);
1775 
1776     if (state)
1777         SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
1778     if (no_cache)
1779         SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
1780     else if (ext_cache)
1781         init_session_cache_ctx(ctx);
1782     else
1783         SSL_CTX_sess_set_cache_size(ctx, 128);
1784 
1785 #ifndef OPENSSL_NO_SRTP
1786     if (srtp_profiles != NULL)
1787         SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
1788 #endif
1789 
1790 #if 0
1791     if (cipher == NULL)
1792         cipher = getenv("SSL_CIPHER");
1793 #endif
1794 
1795 #if 0
1796     if (s_cert_file == NULL) {
1797         BIO_printf(bio_err,
1798                    "You must specify a certificate file for the server to use\n");
1799         goto end;
1800     }
1801 #endif
1802 
1803     if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
1804         (!SSL_CTX_set_default_verify_paths(ctx))) {
1805         /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
1806         ERR_print_errors(bio_err);
1807         /* goto end; */
1808     }
1809     if (vpm)
1810         SSL_CTX_set1_param(ctx, vpm);
1811 
1812     ssl_ctx_add_crls(ctx, crls, 0);
1813 
1814     if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
1815         goto end;
1816 
1817     if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
1818                          crls, crl_download)) {
1819         BIO_printf(bio_err, "Error loading store locations\n");
1820         ERR_print_errors(bio_err);
1821         goto end;
1822     }
1823 #ifndef OPENSSL_NO_TLSEXT
1824     if (s_cert2) {
1825         ctx2 = SSL_CTX_new(meth);
1826         if (ctx2 == NULL) {
1827             ERR_print_errors(bio_err);
1828             goto end;
1829         }
1830     }
1831 
1832     if (ctx2) {
1833         BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
1834 
1835         if (session_id_prefix) {
1836             if (strlen(session_id_prefix) >= 32)
1837                 BIO_printf(bio_err,
1838                            "warning: id_prefix is too long, only one new session will be possible\n");
1839             else if (strlen(session_id_prefix) >= 16)
1840                 BIO_printf(bio_err,
1841                            "warning: id_prefix is too long if you use SSLv2\n");
1842             if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
1843                 BIO_printf(bio_err, "error setting 'id_prefix'\n");
1844                 ERR_print_errors(bio_err);
1845                 goto end;
1846             }
1847             BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
1848         }
1849         SSL_CTX_set_quiet_shutdown(ctx2, 1);
1850         if (hack)
1851             SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1852         if (exc)
1853             ssl_ctx_set_excert(ctx2, exc);
1854 
1855         if (state)
1856             SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
1857 
1858         if (no_cache)
1859             SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
1860         else if (ext_cache)
1861             init_session_cache_ctx(ctx2);
1862         else
1863             SSL_CTX_sess_set_cache_size(ctx2, 128);
1864 
1865         if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
1866             (!SSL_CTX_set_default_verify_paths(ctx2))) {
1867             ERR_print_errors(bio_err);
1868         }
1869         if (vpm)
1870             SSL_CTX_set1_param(ctx2, vpm);
1871 
1872         ssl_ctx_add_crls(ctx2, crls, 0);
1873 
1874         if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
1875             goto end;
1876 
1877     }
1878 # ifndef OPENSSL_NO_NEXTPROTONEG
1879     if (next_proto.data)
1880         SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
1881                                               &next_proto);
1882 # endif
1883     if (alpn_ctx.data)
1884         SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
1885 #endif
1886 
1887 #ifndef OPENSSL_NO_DH
1888     if (!no_dhe) {
1889         DH *dh = NULL;
1890 
1891         if (dhfile)
1892             dh = load_dh_param(dhfile);
1893         else if (s_cert_file)
1894             dh = load_dh_param(s_cert_file);
1895 
1896         if (dh != NULL) {
1897             BIO_printf(bio_s_out, "Setting temp DH parameters\n");
1898         } else {
1899             BIO_printf(bio_s_out, "Using default temp DH parameters\n");
1900             dh = get_dh2048();
1901             if (dh == NULL) {
1902                 ERR_print_errors(bio_err);
1903                 goto end;
1904             }
1905         }
1906         (void)BIO_flush(bio_s_out);
1907 
1908         SSL_CTX_set_tmp_dh(ctx, dh);
1909 # ifndef OPENSSL_NO_TLSEXT
1910         if (ctx2) {
1911             if (!dhfile) {
1912                 DH *dh2 = load_dh_param(s_cert_file2);
1913                 if (dh2 != NULL) {
1914                     BIO_printf(bio_s_out, "Setting temp DH parameters\n");
1915                     (void)BIO_flush(bio_s_out);
1916 
1917                     DH_free(dh);
1918                     dh = dh2;
1919                 }
1920             }
1921             SSL_CTX_set_tmp_dh(ctx2, dh);
1922         }
1923 # endif
1924         DH_free(dh);
1925     }
1926 #endif
1927 
1928     if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
1929         goto end;
1930 #ifndef OPENSSL_NO_TLSEXT
1931     if (s_serverinfo_file != NULL
1932         && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) {
1933         ERR_print_errors(bio_err);
1934         goto end;
1935     }
1936 #endif
1937 #ifndef OPENSSL_NO_TLSEXT
1938     if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain))
1939         goto end;
1940 #endif
1941     if (s_dcert != NULL) {
1942         if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain))
1943             goto end;
1944     }
1945 #ifndef OPENSSL_NO_RSA
1946 # if 1
1947     if (!no_tmp_rsa) {
1948         SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
1949 #  ifndef OPENSSL_NO_TLSEXT
1950         if (ctx2)
1951             SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
1952 #  endif
1953     }
1954 # else
1955     if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) {
1956         RSA *rsa;
1957 
1958         BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key...");
1959         BIO_flush(bio_s_out);
1960 
1961         rsa = RSA_generate_key(512, RSA_F4, NULL);
1962 
1963         if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
1964             ERR_print_errors(bio_err);
1965             goto end;
1966         }
1967 #  ifndef OPENSSL_NO_TLSEXT
1968         if (ctx2) {
1969             if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) {
1970                 ERR_print_errors(bio_err);
1971                 goto end;
1972             }
1973         }
1974 #  endif
1975         RSA_free(rsa);
1976         BIO_printf(bio_s_out, "\n");
1977     }
1978 # endif
1979 #endif
1980 
1981 #ifndef OPENSSL_NO_PSK
1982 # ifdef OPENSSL_NO_JPAKE
1983     if (psk_key != NULL)
1984 # else
1985     if (psk_key != NULL || jpake_secret)
1986 # endif
1987     {
1988         if (s_debug)
1989             BIO_printf(bio_s_out,
1990                        "PSK key given or JPAKE in use, setting server callback\n");
1991         SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
1992     }
1993 
1994     if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
1995         BIO_printf(bio_err, "error setting PSK identity hint to context\n");
1996         ERR_print_errors(bio_err);
1997         goto end;
1998     }
1999 #endif
2000 
2001     SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
2002     SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
2003                                    sizeof s_server_session_id_context);
2004 
2005     /* Set DTLS cookie generation and verification callbacks */
2006     SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
2007     SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
2008 
2009 #ifndef OPENSSL_NO_TLSEXT
2010     if (ctx2) {
2011         SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
2012         SSL_CTX_set_session_id_context(ctx2,
2013                                        (void *)&s_server_session_id_context,
2014                                        sizeof s_server_session_id_context);
2015 
2016         tlsextcbp.biodebug = bio_s_out;
2017         SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
2018         SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
2019         SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
2020         SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
2021     }
2022 #endif
2023 
2024 #ifndef OPENSSL_NO_SRP
2025     if (srp_verifier_file != NULL) {
2026         srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
2027         srp_callback_parm.user = NULL;
2028         srp_callback_parm.login = NULL;
2029         if ((ret =
2030              SRP_VBASE_init(srp_callback_parm.vb,
2031                             srp_verifier_file)) != SRP_NO_ERROR) {
2032             BIO_printf(bio_err,
2033                        "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
2034                        srp_verifier_file, ret);
2035             goto end;
2036         }
2037         SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
2038         SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
2039         SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
2040     } else
2041 #endif
2042     if (CAfile != NULL) {
2043         SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
2044 #ifndef OPENSSL_NO_TLSEXT
2045         if (ctx2)
2046             SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
2047 #endif
2048     }
2049 
2050     BIO_printf(bio_s_out, "ACCEPT\n");
2051     (void)BIO_flush(bio_s_out);
2052     if (rev)
2053         do_server(port, socket_type, &accept_socket, rev_body, context,
2054                   naccept);
2055     else if (www)
2056         do_server(port, socket_type, &accept_socket, www_body, context,
2057                   naccept);
2058     else
2059         do_server(port, socket_type, &accept_socket, sv_body, context,
2060                   naccept);
2061     print_stats(bio_s_out, ctx);
2062     ret = 0;
2063  end:
2064     if (ctx != NULL)
2065         SSL_CTX_free(ctx);
2066     if (s_cert)
2067         X509_free(s_cert);
2068     if (crls)
2069         sk_X509_CRL_pop_free(crls, X509_CRL_free);
2070     if (s_dcert)
2071         X509_free(s_dcert);
2072     if (s_key)
2073         EVP_PKEY_free(s_key);
2074     if (s_dkey)
2075         EVP_PKEY_free(s_dkey);
2076     if (s_chain)
2077         sk_X509_pop_free(s_chain, X509_free);
2078     if (s_dchain)
2079         sk_X509_pop_free(s_dchain, X509_free);
2080     if (pass)
2081         OPENSSL_free(pass);
2082     if (dpass)
2083         OPENSSL_free(dpass);
2084     if (vpm)
2085         X509_VERIFY_PARAM_free(vpm);
2086     free_sessions();
2087 #ifndef OPENSSL_NO_TLSEXT
2088     if (tlscstatp.host)
2089         OPENSSL_free(tlscstatp.host);
2090     if (tlscstatp.port)
2091         OPENSSL_free(tlscstatp.port);
2092     if (tlscstatp.path)
2093         OPENSSL_free(tlscstatp.path);
2094     if (ctx2 != NULL)
2095         SSL_CTX_free(ctx2);
2096     if (s_cert2)
2097         X509_free(s_cert2);
2098     if (s_key2)
2099         EVP_PKEY_free(s_key2);
2100     if (serverinfo_in != NULL)
2101         BIO_free(serverinfo_in);
2102 # ifndef OPENSSL_NO_NEXTPROTONEG
2103     if (next_proto.data)
2104         OPENSSL_free(next_proto.data);
2105 # endif
2106     if (alpn_ctx.data)
2107         OPENSSL_free(alpn_ctx.data);
2108 #endif
2109     ssl_excert_free(exc);
2110     if (ssl_args)
2111         sk_OPENSSL_STRING_free(ssl_args);
2112     if (cctx)
2113         SSL_CONF_CTX_free(cctx);
2114 #ifndef OPENSSL_NO_JPAKE
2115     if (jpake_secret && psk_key)
2116         OPENSSL_free(psk_key);
2117 #endif
2118     if (bio_s_out != NULL) {
2119         BIO_free(bio_s_out);
2120         bio_s_out = NULL;
2121     }
2122     if (bio_s_msg != NULL) {
2123         BIO_free(bio_s_msg);
2124         bio_s_msg = NULL;
2125     }
2126     apps_shutdown();
2127     OPENSSL_EXIT(ret);
2128 }
2129 
2130 static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
2131 {
2132     BIO_printf(bio, "%4ld items in the session cache\n",
2133                SSL_CTX_sess_number(ssl_ctx));
2134     BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
2135                SSL_CTX_sess_connect(ssl_ctx));
2136     BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
2137                SSL_CTX_sess_connect_renegotiate(ssl_ctx));
2138     BIO_printf(bio, "%4ld client connects that finished\n",
2139                SSL_CTX_sess_connect_good(ssl_ctx));
2140     BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
2141                SSL_CTX_sess_accept(ssl_ctx));
2142     BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
2143                SSL_CTX_sess_accept_renegotiate(ssl_ctx));
2144     BIO_printf(bio, "%4ld server accepts that finished\n",
2145                SSL_CTX_sess_accept_good(ssl_ctx));
2146     BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
2147     BIO_printf(bio, "%4ld session cache misses\n",
2148                SSL_CTX_sess_misses(ssl_ctx));
2149     BIO_printf(bio, "%4ld session cache timeouts\n",
2150                SSL_CTX_sess_timeouts(ssl_ctx));
2151     BIO_printf(bio, "%4ld callback cache hits\n",
2152                SSL_CTX_sess_cb_hits(ssl_ctx));
2153     BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
2154                SSL_CTX_sess_cache_full(ssl_ctx),
2155                SSL_CTX_sess_get_cache_size(ssl_ctx));
2156 }
2157 
2158 static int sv_body(char *hostname, int s, int stype, unsigned char *context)
2159 {
2160     char *buf = NULL;
2161     fd_set readfds;
2162     int ret = 1, width;
2163     int k, i;
2164     unsigned long l;
2165     SSL *con = NULL;
2166     BIO *sbio;
2167 #ifndef OPENSSL_NO_KRB5
2168     KSSL_CTX *kctx;
2169 #endif
2170     struct timeval timeout;
2171 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
2172     struct timeval tv;
2173 #else
2174     struct timeval *timeoutp;
2175 #endif
2176 
2177     if ((buf = OPENSSL_malloc(bufsize)) == NULL) {
2178         BIO_printf(bio_err, "out of memory\n");
2179         goto err;
2180     }
2181 #ifdef FIONBIO
2182     if (s_nbio) {
2183         unsigned long sl = 1;
2184 
2185         if (!s_quiet)
2186             BIO_printf(bio_err, "turning on non blocking io\n");
2187         if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
2188             ERR_print_errors(bio_err);
2189     }
2190 #endif
2191 
2192     if (con == NULL) {
2193         con = SSL_new(ctx);
2194 #ifndef OPENSSL_NO_TLSEXT
2195         if (s_tlsextdebug) {
2196             SSL_set_tlsext_debug_callback(con, tlsext_cb);
2197             SSL_set_tlsext_debug_arg(con, bio_s_out);
2198         }
2199         if (s_tlsextstatus) {
2200             SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
2201             tlscstatp.err = bio_err;
2202             SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
2203         }
2204 #endif
2205 #ifndef OPENSSL_NO_KRB5
2206         if ((kctx = kssl_ctx_new()) != NULL) {
2207             SSL_set0_kssl_ctx(con, kctx);
2208             kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
2209             kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
2210         }
2211 #endif                          /* OPENSSL_NO_KRB5 */
2212         if (context)
2213             SSL_set_session_id_context(con, context, strlen((char *)context));
2214     }
2215     SSL_clear(con);
2216 #if 0
2217 # ifdef TLSEXT_TYPE_opaque_prf_input
2218     SSL_set_tlsext_opaque_prf_input(con, "Test server", 11);
2219 # endif
2220 #endif
2221 
2222     if (stype == SOCK_DGRAM) {
2223 
2224         sbio = BIO_new_dgram(s, BIO_NOCLOSE);
2225 
2226         if (enable_timeouts) {
2227             timeout.tv_sec = 0;
2228             timeout.tv_usec = DGRAM_RCV_TIMEOUT;
2229             BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
2230 
2231             timeout.tv_sec = 0;
2232             timeout.tv_usec = DGRAM_SND_TIMEOUT;
2233             BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
2234         }
2235 
2236         if (socket_mtu) {
2237             if (socket_mtu < DTLS_get_link_min_mtu(con)) {
2238                 BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
2239                            DTLS_get_link_min_mtu(con));
2240                 ret = -1;
2241                 BIO_free(sbio);
2242                 goto err;
2243             }
2244             SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
2245             if (!DTLS_set_link_mtu(con, socket_mtu)) {
2246                 BIO_printf(bio_err, "Failed to set MTU\n");
2247                 ret = -1;
2248                 BIO_free(sbio);
2249                 goto err;
2250             }
2251         } else
2252             /* want to do MTU discovery */
2253             BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
2254 
2255         /* turn on cookie exchange */
2256         SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
2257     } else
2258         sbio = BIO_new_socket(s, BIO_NOCLOSE);
2259 
2260     if (s_nbio_test) {
2261         BIO *test;
2262 
2263         test = BIO_new(BIO_f_nbio_test());
2264         sbio = BIO_push(test, sbio);
2265     }
2266 #ifndef OPENSSL_NO_JPAKE
2267     if (jpake_secret)
2268         jpake_server_auth(bio_s_out, sbio, jpake_secret);
2269 #endif
2270 
2271     SSL_set_bio(con, sbio, sbio);
2272     SSL_set_accept_state(con);
2273     /* SSL_set_fd(con,s); */
2274 
2275     if (s_debug) {
2276         SSL_set_debug(con, 1);
2277         BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
2278         BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
2279     }
2280     if (s_msg) {
2281 #ifndef OPENSSL_NO_SSL_TRACE
2282         if (s_msg == 2)
2283             SSL_set_msg_callback(con, SSL_trace);
2284         else
2285 #endif
2286             SSL_set_msg_callback(con, msg_cb);
2287         SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
2288     }
2289 #ifndef OPENSSL_NO_TLSEXT
2290     if (s_tlsextdebug) {
2291         SSL_set_tlsext_debug_callback(con, tlsext_cb);
2292         SSL_set_tlsext_debug_arg(con, bio_s_out);
2293     }
2294 #endif
2295 
2296     width = s + 1;
2297     for (;;) {
2298         int read_from_terminal;
2299         int read_from_sslcon;
2300 
2301         read_from_terminal = 0;
2302         read_from_sslcon = SSL_pending(con);
2303 
2304         if (!read_from_sslcon) {
2305             FD_ZERO(&readfds);
2306 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5)
2307             openssl_fdset(fileno(stdin), &readfds);
2308 #endif
2309             openssl_fdset(s, &readfds);
2310             /*
2311              * Note: under VMS with SOCKETSHR the second parameter is
2312              * currently of type (int *) whereas under other systems it is
2313              * (void *) if you don't have a cast it will choke the compiler:
2314              * if you do have a cast then you can either go for (int *) or
2315              * (void *).
2316              */
2317 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
2318             /*
2319              * Under DOS (non-djgpp) and Windows we can't select on stdin:
2320              * only on sockets. As a workaround we timeout the select every
2321              * second and check for any keypress. In a proper Windows
2322              * application we wouldn't do this because it is inefficient.
2323              */
2324             tv.tv_sec = 1;
2325             tv.tv_usec = 0;
2326             i = select(width, (void *)&readfds, NULL, NULL, &tv);
2327             if ((i < 0) || (!i && !_kbhit()))
2328                 continue;
2329             if (_kbhit())
2330                 read_from_terminal = 1;
2331 #elif defined(OPENSSL_SYS_BEOS_R5)
2332             /* Under BeOS-R5 the situation is similar to DOS */
2333             tv.tv_sec = 1;
2334             tv.tv_usec = 0;
2335             (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
2336             i = select(width, (void *)&readfds, NULL, NULL, &tv);
2337             if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0))
2338                 continue;
2339             if (read(fileno(stdin), buf, 0) >= 0)
2340                 read_from_terminal = 1;
2341             (void)fcntl(fileno(stdin), F_SETFL, 0);
2342 #else
2343             if ((SSL_version(con) == DTLS1_VERSION) &&
2344                 DTLSv1_get_timeout(con, &timeout))
2345                 timeoutp = &timeout;
2346             else
2347                 timeoutp = NULL;
2348 
2349             i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
2350 
2351             if ((SSL_version(con) == DTLS1_VERSION)
2352                 && DTLSv1_handle_timeout(con) > 0) {
2353                 BIO_printf(bio_err, "TIMEOUT occured\n");
2354             }
2355 
2356             if (i <= 0)
2357                 continue;
2358             if (FD_ISSET(fileno(stdin), &readfds))
2359                 read_from_terminal = 1;
2360 #endif
2361             if (FD_ISSET(s, &readfds))
2362                 read_from_sslcon = 1;
2363         }
2364         if (read_from_terminal) {
2365             if (s_crlf) {
2366                 int j, lf_num;
2367 
2368                 i = raw_read_stdin(buf, bufsize / 2);
2369                 lf_num = 0;
2370                 /* both loops are skipped when i <= 0 */
2371                 for (j = 0; j < i; j++)
2372                     if (buf[j] == '\n')
2373                         lf_num++;
2374                 for (j = i - 1; j >= 0; j--) {
2375                     buf[j + lf_num] = buf[j];
2376                     if (buf[j] == '\n') {
2377                         lf_num--;
2378                         i++;
2379                         buf[j + lf_num] = '\r';
2380                     }
2381                 }
2382                 assert(lf_num == 0);
2383             } else
2384                 i = raw_read_stdin(buf, bufsize);
2385             if (!s_quiet && !s_brief) {
2386                 if ((i <= 0) || (buf[0] == 'Q')) {
2387                     BIO_printf(bio_s_out, "DONE\n");
2388                     SHUTDOWN(s);
2389                     close_accept_socket();
2390                     ret = -11;
2391                     goto err;
2392                 }
2393                 if ((i <= 0) || (buf[0] == 'q')) {
2394                     BIO_printf(bio_s_out, "DONE\n");
2395                     if (SSL_version(con) != DTLS1_VERSION)
2396                         SHUTDOWN(s);
2397                     /*
2398                      * close_accept_socket(); ret= -11;
2399                      */
2400                     goto err;
2401                 }
2402 #ifndef OPENSSL_NO_HEARTBEATS
2403                 if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
2404                     BIO_printf(bio_err, "HEARTBEATING\n");
2405                     SSL_heartbeat(con);
2406                     i = 0;
2407                     continue;
2408                 }
2409 #endif
2410                 if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
2411                     SSL_renegotiate(con);
2412                     i = SSL_do_handshake(con);
2413                     printf("SSL_do_handshake -> %d\n", i);
2414                     i = 0;      /* 13; */
2415                     continue;
2416                     /*
2417                      * strcpy(buf,"server side RE-NEGOTIATE\n");
2418                      */
2419                 }
2420                 if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
2421                     SSL_set_verify(con,
2422                                    SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
2423                                    NULL);
2424                     SSL_renegotiate(con);
2425                     i = SSL_do_handshake(con);
2426                     printf("SSL_do_handshake -> %d\n", i);
2427                     i = 0;      /* 13; */
2428                     continue;
2429                     /*
2430                      * strcpy(buf,"server side RE-NEGOTIATE asking for client
2431                      * cert\n");
2432                      */
2433                 }
2434                 if (buf[0] == 'P') {
2435                     static const char *str = "Lets print some clear text\n";
2436                     BIO_write(SSL_get_wbio(con), str, strlen(str));
2437                 }
2438                 if (buf[0] == 'S') {
2439                     print_stats(bio_s_out, SSL_get_SSL_CTX(con));
2440                 }
2441             }
2442 #ifdef CHARSET_EBCDIC
2443             ebcdic2ascii(buf, buf, i);
2444 #endif
2445             l = k = 0;
2446             for (;;) {
2447                 /* should do a select for the write */
2448 #ifdef RENEG
2449                 {
2450                     static count = 0;
2451                     if (++count == 100) {
2452                         count = 0;
2453                         SSL_renegotiate(con);
2454                     }
2455                 }
2456 #endif
2457                 k = SSL_write(con, &(buf[l]), (unsigned int)i);
2458 #ifndef OPENSSL_NO_SRP
2459                 while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
2460                     BIO_printf(bio_s_out, "LOOKUP renego during write\n");
2461                     SRP_user_pwd_free(srp_callback_parm.user);
2462                     srp_callback_parm.user =
2463                         SRP_VBASE_get1_by_user(srp_callback_parm.vb,
2464                                                srp_callback_parm.login);
2465                     if (srp_callback_parm.user)
2466                         BIO_printf(bio_s_out, "LOOKUP done %s\n",
2467                                    srp_callback_parm.user->info);
2468                     else
2469                         BIO_printf(bio_s_out, "LOOKUP not successful\n");
2470                     k = SSL_write(con, &(buf[l]), (unsigned int)i);
2471                 }
2472 #endif
2473                 switch (SSL_get_error(con, k)) {
2474                 case SSL_ERROR_NONE:
2475                     break;
2476                 case SSL_ERROR_WANT_WRITE:
2477                 case SSL_ERROR_WANT_READ:
2478                 case SSL_ERROR_WANT_X509_LOOKUP:
2479                     BIO_printf(bio_s_out, "Write BLOCK\n");
2480                     break;
2481                 case SSL_ERROR_SYSCALL:
2482                 case SSL_ERROR_SSL:
2483                     BIO_printf(bio_s_out, "ERROR\n");
2484                     ERR_print_errors(bio_err);
2485                     ret = 1;
2486                     goto err;
2487                     /* break; */
2488                 case SSL_ERROR_ZERO_RETURN:
2489                     BIO_printf(bio_s_out, "DONE\n");
2490                     ret = 1;
2491                     goto err;
2492                 }
2493                 if (k > 0) {
2494                     l += k;
2495                     i -= k;
2496                 }
2497                 if (i <= 0)
2498                     break;
2499             }
2500         }
2501         if (read_from_sslcon) {
2502             if (!SSL_is_init_finished(con)) {
2503                 i = init_ssl_connection(con);
2504 
2505                 if (i < 0) {
2506                     ret = 0;
2507                     goto err;
2508                 } else if (i == 0) {
2509                     ret = 1;
2510                     goto err;
2511                 }
2512             } else {
2513  again:
2514                 i = SSL_read(con, (char *)buf, bufsize);
2515 #ifndef OPENSSL_NO_SRP
2516                 while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2517                     BIO_printf(bio_s_out, "LOOKUP renego during read\n");
2518                     SRP_user_pwd_free(srp_callback_parm.user);
2519                     srp_callback_parm.user =
2520                         SRP_VBASE_get1_by_user(srp_callback_parm.vb,
2521                                                srp_callback_parm.login);
2522                     if (srp_callback_parm.user)
2523                         BIO_printf(bio_s_out, "LOOKUP done %s\n",
2524                                    srp_callback_parm.user->info);
2525                     else
2526                         BIO_printf(bio_s_out, "LOOKUP not successful\n");
2527                     i = SSL_read(con, (char *)buf, bufsize);
2528                 }
2529 #endif
2530                 switch (SSL_get_error(con, i)) {
2531                 case SSL_ERROR_NONE:
2532 #ifdef CHARSET_EBCDIC
2533                     ascii2ebcdic(buf, buf, i);
2534 #endif
2535                     raw_write_stdout(buf, (unsigned int)i);
2536                     if (SSL_pending(con))
2537                         goto again;
2538                     break;
2539                 case SSL_ERROR_WANT_WRITE:
2540                 case SSL_ERROR_WANT_READ:
2541                     BIO_printf(bio_s_out, "Read BLOCK\n");
2542                     break;
2543                 case SSL_ERROR_SYSCALL:
2544                 case SSL_ERROR_SSL:
2545                     BIO_printf(bio_s_out, "ERROR\n");
2546                     ERR_print_errors(bio_err);
2547                     ret = 1;
2548                     goto err;
2549                 case SSL_ERROR_ZERO_RETURN:
2550                     BIO_printf(bio_s_out, "DONE\n");
2551                     ret = 1;
2552                     goto err;
2553                 }
2554             }
2555         }
2556     }
2557  err:
2558     if (con != NULL) {
2559         BIO_printf(bio_s_out, "shutting down SSL\n");
2560 #if 1
2561         SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2562 #else
2563         SSL_shutdown(con);
2564 #endif
2565         SSL_free(con);
2566     }
2567     BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
2568     if (buf != NULL) {
2569         OPENSSL_cleanse(buf, bufsize);
2570         OPENSSL_free(buf);
2571     }
2572     if (ret >= 0)
2573         BIO_printf(bio_s_out, "ACCEPT\n");
2574     return (ret);
2575 }
2576 
2577 static void close_accept_socket(void)
2578 {
2579     BIO_printf(bio_err, "shutdown accept socket\n");
2580     if (accept_socket >= 0) {
2581         SHUTDOWN2(accept_socket);
2582     }
2583 }
2584 
2585 static int init_ssl_connection(SSL *con)
2586 {
2587     int i;
2588     const char *str;
2589     X509 *peer;
2590     long verify_error;
2591     MS_STATIC char buf[BUFSIZ];
2592 #ifndef OPENSSL_NO_KRB5
2593     char *client_princ;
2594 #endif
2595 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2596     const unsigned char *next_proto_neg;
2597     unsigned next_proto_neg_len;
2598 #endif
2599     unsigned char *exportedkeymat;
2600 
2601     i = SSL_accept(con);
2602 #ifdef CERT_CB_TEST_RETRY
2603     {
2604         while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
2605                && SSL_state(con) == SSL3_ST_SR_CLNT_HELLO_C) {
2606             fprintf(stderr,
2607                     "LOOKUP from certificate callback during accept\n");
2608             i = SSL_accept(con);
2609         }
2610     }
2611 #endif
2612 #ifndef OPENSSL_NO_SRP
2613     while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2614         BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
2615                    srp_callback_parm.login);
2616         SRP_user_pwd_free(srp_callback_parm.user);
2617         srp_callback_parm.user =
2618             SRP_VBASE_get1_by_user(srp_callback_parm.vb,
2619                                    srp_callback_parm.login);
2620         if (srp_callback_parm.user)
2621             BIO_printf(bio_s_out, "LOOKUP done %s\n",
2622                        srp_callback_parm.user->info);
2623         else
2624             BIO_printf(bio_s_out, "LOOKUP not successful\n");
2625         i = SSL_accept(con);
2626     }
2627 #endif
2628 
2629     if (i <= 0) {
2630         if (BIO_sock_should_retry(i)) {
2631             BIO_printf(bio_s_out, "DELAY\n");
2632             return (1);
2633         }
2634 
2635         BIO_printf(bio_err, "ERROR\n");
2636         verify_error = SSL_get_verify_result(con);
2637         if (verify_error != X509_V_OK) {
2638             BIO_printf(bio_err, "verify error:%s\n",
2639                        X509_verify_cert_error_string(verify_error));
2640         }
2641         /* Always print any error messages */
2642         ERR_print_errors(bio_err);
2643         return (0);
2644     }
2645 
2646     if (s_brief)
2647         print_ssl_summary(bio_err, con);
2648 
2649     PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
2650 
2651     peer = SSL_get_peer_certificate(con);
2652     if (peer != NULL) {
2653         BIO_printf(bio_s_out, "Client certificate\n");
2654         PEM_write_bio_X509(bio_s_out, peer);
2655         X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
2656         BIO_printf(bio_s_out, "subject=%s\n", buf);
2657         X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
2658         BIO_printf(bio_s_out, "issuer=%s\n", buf);
2659         X509_free(peer);
2660     }
2661 
2662     if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
2663         BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
2664     str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
2665     ssl_print_sigalgs(bio_s_out, con);
2666 #ifndef OPENSSL_NO_EC
2667     ssl_print_point_formats(bio_s_out, con);
2668     ssl_print_curves(bio_s_out, con, 0);
2669 #endif
2670     BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
2671 
2672 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2673     SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
2674     if (next_proto_neg) {
2675         BIO_printf(bio_s_out, "NEXTPROTO is ");
2676         BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
2677         BIO_printf(bio_s_out, "\n");
2678     }
2679 #endif
2680 #ifndef OPENSSL_NO_SRTP
2681     {
2682         SRTP_PROTECTION_PROFILE *srtp_profile
2683             = SSL_get_selected_srtp_profile(con);
2684 
2685         if (srtp_profile)
2686             BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
2687                        srtp_profile->name);
2688     }
2689 #endif
2690     if (SSL_cache_hit(con))
2691         BIO_printf(bio_s_out, "Reused session-id\n");
2692     if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
2693         TLS1_FLAGS_TLS_PADDING_BUG)
2694         BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
2695 #ifndef OPENSSL_NO_KRB5
2696     client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
2697     if (client_princ != NULL) {
2698         BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
2699                    client_princ);
2700     }
2701 #endif                          /* OPENSSL_NO_KRB5 */
2702     BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
2703                SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
2704     if (keymatexportlabel != NULL) {
2705         BIO_printf(bio_s_out, "Keying material exporter:\n");
2706         BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
2707         BIO_printf(bio_s_out, "    Length: %i bytes\n", keymatexportlen);
2708         exportedkeymat = OPENSSL_malloc(keymatexportlen);
2709         if (exportedkeymat != NULL) {
2710             if (!SSL_export_keying_material(con, exportedkeymat,
2711                                             keymatexportlen,
2712                                             keymatexportlabel,
2713                                             strlen(keymatexportlabel),
2714                                             NULL, 0, 0)) {
2715                 BIO_printf(bio_s_out, "    Error\n");
2716             } else {
2717                 BIO_printf(bio_s_out, "    Keying material: ");
2718                 for (i = 0; i < keymatexportlen; i++)
2719                     BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
2720                 BIO_printf(bio_s_out, "\n");
2721             }
2722             OPENSSL_free(exportedkeymat);
2723         }
2724     }
2725 
2726     return (1);
2727 }
2728 
2729 #ifndef OPENSSL_NO_DH
2730 static DH *load_dh_param(const char *dhfile)
2731 {
2732     DH *ret = NULL;
2733     BIO *bio;
2734 
2735     if ((bio = BIO_new_file(dhfile, "r")) == NULL)
2736         goto err;
2737     ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
2738  err:
2739     if (bio != NULL)
2740         BIO_free(bio);
2741     return (ret);
2742 }
2743 #endif
2744 #ifndef OPENSSL_NO_KRB5
2745 char *client_princ;
2746 #endif
2747 
2748 #if 0
2749 static int load_CA(SSL_CTX *ctx, char *file)
2750 {
2751     FILE *in;
2752     X509 *x = NULL;
2753 
2754     if ((in = fopen(file, "r")) == NULL)
2755         return (0);
2756 
2757     for (;;) {
2758         if (PEM_read_X509(in, &x, NULL) == NULL)
2759             break;
2760         SSL_CTX_add_client_CA(ctx, x);
2761     }
2762     if (x != NULL)
2763         X509_free(x);
2764     fclose(in);
2765     return (1);
2766 }
2767 #endif
2768 
2769 static int www_body(char *hostname, int s, int stype, unsigned char *context)
2770 {
2771     char *buf = NULL;
2772     int ret = 1;
2773     int i, j, k, dot;
2774     SSL *con;
2775     const SSL_CIPHER *c;
2776     BIO *io, *ssl_bio, *sbio;
2777 #ifndef OPENSSL_NO_KRB5
2778     KSSL_CTX *kctx;
2779 #endif
2780 
2781     buf = OPENSSL_malloc(bufsize);
2782     if (buf == NULL)
2783         return (0);
2784     io = BIO_new(BIO_f_buffer());
2785     ssl_bio = BIO_new(BIO_f_ssl());
2786     if ((io == NULL) || (ssl_bio == NULL))
2787         goto err;
2788 
2789 #ifdef FIONBIO
2790     if (s_nbio) {
2791         unsigned long sl = 1;
2792 
2793         if (!s_quiet)
2794             BIO_printf(bio_err, "turning on non blocking io\n");
2795         if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
2796             ERR_print_errors(bio_err);
2797     }
2798 #endif
2799 
2800     /* lets make the output buffer a reasonable size */
2801     if (!BIO_set_write_buffer_size(io, bufsize))
2802         goto err;
2803 
2804     if ((con = SSL_new(ctx)) == NULL)
2805         goto err;
2806 #ifndef OPENSSL_NO_TLSEXT
2807     if (s_tlsextdebug) {
2808         SSL_set_tlsext_debug_callback(con, tlsext_cb);
2809         SSL_set_tlsext_debug_arg(con, bio_s_out);
2810     }
2811 #endif
2812 #ifndef OPENSSL_NO_KRB5
2813     if ((kctx = kssl_ctx_new()) != NULL) {
2814         kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
2815         kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
2816     }
2817 #endif                          /* OPENSSL_NO_KRB5 */
2818     if (context)
2819         SSL_set_session_id_context(con, context, strlen((char *)context));
2820 
2821     sbio = BIO_new_socket(s, BIO_NOCLOSE);
2822     if (s_nbio_test) {
2823         BIO *test;
2824 
2825         test = BIO_new(BIO_f_nbio_test());
2826         sbio = BIO_push(test, sbio);
2827     }
2828     SSL_set_bio(con, sbio, sbio);
2829     SSL_set_accept_state(con);
2830 
2831     /* SSL_set_fd(con,s); */
2832     BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
2833     BIO_push(io, ssl_bio);
2834 #ifdef CHARSET_EBCDIC
2835     io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
2836 #endif
2837 
2838     if (s_debug) {
2839         SSL_set_debug(con, 1);
2840         BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
2841         BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
2842     }
2843     if (s_msg) {
2844 #ifndef OPENSSL_NO_SSL_TRACE
2845         if (s_msg == 2)
2846             SSL_set_msg_callback(con, SSL_trace);
2847         else
2848 #endif
2849             SSL_set_msg_callback(con, msg_cb);
2850         SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
2851     }
2852 
2853     for (;;) {
2854         if (hack) {
2855             i = SSL_accept(con);
2856 #ifndef OPENSSL_NO_SRP
2857             while (i <= 0
2858                    && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2859                 BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
2860                            srp_callback_parm.login);
2861                 SRP_user_pwd_free(srp_callback_parm.user);
2862                 srp_callback_parm.user =
2863                     SRP_VBASE_get1_by_user(srp_callback_parm.vb,
2864                                            srp_callback_parm.login);
2865                 if (srp_callback_parm.user)
2866                     BIO_printf(bio_s_out, "LOOKUP done %s\n",
2867                                srp_callback_parm.user->info);
2868                 else
2869                     BIO_printf(bio_s_out, "LOOKUP not successful\n");
2870                 i = SSL_accept(con);
2871             }
2872 #endif
2873             switch (SSL_get_error(con, i)) {
2874             case SSL_ERROR_NONE:
2875                 break;
2876             case SSL_ERROR_WANT_WRITE:
2877             case SSL_ERROR_WANT_READ:
2878             case SSL_ERROR_WANT_X509_LOOKUP:
2879                 continue;
2880             case SSL_ERROR_SYSCALL:
2881             case SSL_ERROR_SSL:
2882             case SSL_ERROR_ZERO_RETURN:
2883                 ret = 1;
2884                 goto err;
2885                 /* break; */
2886             }
2887 
2888             SSL_renegotiate(con);
2889             SSL_write(con, NULL, 0);
2890         }
2891 
2892         i = BIO_gets(io, buf, bufsize - 1);
2893         if (i < 0) {            /* error */
2894             if (!BIO_should_retry(io)) {
2895                 if (!s_quiet)
2896                     ERR_print_errors(bio_err);
2897                 goto err;
2898             } else {
2899                 BIO_printf(bio_s_out, "read R BLOCK\n");
2900 #ifndef OPENSSL_NO_SRP
2901                 if (BIO_should_io_special(io)
2902                     && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
2903                     BIO_printf(bio_s_out, "LOOKUP renego during read\n");
2904                     SRP_user_pwd_free(srp_callback_parm.user);
2905                     srp_callback_parm.user =
2906                         SRP_VBASE_get1_by_user(srp_callback_parm.vb,
2907                                                srp_callback_parm.login);
2908                     if (srp_callback_parm.user)
2909                         BIO_printf(bio_s_out, "LOOKUP done %s\n",
2910                                    srp_callback_parm.user->info);
2911                     else
2912                         BIO_printf(bio_s_out, "LOOKUP not successful\n");
2913                     continue;
2914                 }
2915 #endif
2916 #if defined(OPENSSL_SYS_NETWARE)
2917                 delay(1000);
2918 #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
2919                 sleep(1);
2920 #endif
2921                 continue;
2922             }
2923         } else if (i == 0) {    /* end of input */
2924             ret = 1;
2925             goto end;
2926         }
2927 
2928         /* else we have data */
2929         if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
2930             ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
2931             char *p;
2932             X509 *peer;
2933             STACK_OF(SSL_CIPHER) *sk;
2934             static const char *space = "                          ";
2935 
2936             BIO_puts(io,
2937                      "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
2938             BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
2939             BIO_puts(io, "<pre>\n");
2940 /*                      BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
2941             BIO_puts(io, "\n");
2942             for (i = 0; i < local_argc; i++) {
2943                 BIO_puts(io, local_argv[i]);
2944                 BIO_write(io, " ", 1);
2945             }
2946             BIO_puts(io, "\n");
2947 
2948             BIO_printf(io,
2949                        "Secure Renegotiation IS%s supported\n",
2950                        SSL_get_secure_renegotiation_support(con) ?
2951                        "" : " NOT");
2952 
2953             /*
2954              * The following is evil and should not really be done
2955              */
2956             BIO_printf(io, "Ciphers supported in s_server binary\n");
2957             sk = SSL_get_ciphers(con);
2958             j = sk_SSL_CIPHER_num(sk);
2959             for (i = 0; i < j; i++) {
2960                 c = sk_SSL_CIPHER_value(sk, i);
2961                 BIO_printf(io, "%-11s:%-25s",
2962                            SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
2963                 if ((((i + 1) % 2) == 0) && (i + 1 != j))
2964                     BIO_puts(io, "\n");
2965             }
2966             BIO_puts(io, "\n");
2967             p = SSL_get_shared_ciphers(con, buf, bufsize);
2968             if (p != NULL) {
2969                 BIO_printf(io,
2970                            "---\nCiphers common between both SSL end points:\n");
2971                 j = i = 0;
2972                 while (*p) {
2973                     if (*p == ':') {
2974                         BIO_write(io, space, 26 - j);
2975                         i++;
2976                         j = 0;
2977                         BIO_write(io, ((i % 3) ? " " : "\n"), 1);
2978                     } else {
2979                         BIO_write(io, p, 1);
2980                         j++;
2981                     }
2982                     p++;
2983                 }
2984                 BIO_puts(io, "\n");
2985             }
2986             ssl_print_sigalgs(io, con);
2987 #ifndef OPENSSL_NO_EC
2988             ssl_print_curves(io, con, 0);
2989 #endif
2990             BIO_printf(io, (SSL_cache_hit(con)
2991                             ? "---\nReused, " : "---\nNew, "));
2992             c = SSL_get_current_cipher(con);
2993             BIO_printf(io, "%s, Cipher is %s\n",
2994                        SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
2995             SSL_SESSION_print(io, SSL_get_session(con));
2996             BIO_printf(io, "---\n");
2997             print_stats(io, SSL_get_SSL_CTX(con));
2998             BIO_printf(io, "---\n");
2999             peer = SSL_get_peer_certificate(con);
3000             if (peer != NULL) {
3001                 BIO_printf(io, "Client certificate\n");
3002                 X509_print(io, peer);
3003                 PEM_write_bio_X509(io, peer);
3004             } else
3005                 BIO_puts(io, "no client certificate available\n");
3006             BIO_puts(io, "</BODY></HTML>\r\n\r\n");
3007             break;
3008         } else if ((www == 2 || www == 3)
3009                    && (strncmp("GET /", buf, 5) == 0)) {
3010             BIO *file;
3011             char *p, *e;
3012             static const char *text =
3013                 "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
3014 
3015             /* skip the '/' */
3016             p = &(buf[5]);
3017 
3018             dot = 1;
3019             for (e = p; *e != '\0'; e++) {
3020                 if (e[0] == ' ')
3021                     break;
3022 
3023                 switch (dot) {
3024                 case 1:
3025                     dot = (e[0] == '.') ? 2 : 0;
3026                     break;
3027                 case 2:
3028                     dot = (e[0] == '.') ? 3 : 0;
3029                     break;
3030                 case 3:
3031                     dot = (e[0] == '/') ? -1 : 0;
3032                     break;
3033                 }
3034                 if (dot == 0)
3035                     dot = (e[0] == '/') ? 1 : 0;
3036             }
3037             dot = (dot == 3) || (dot == -1); /* filename contains ".."
3038                                               * component */
3039 
3040             if (*e == '\0') {
3041                 BIO_puts(io, text);
3042                 BIO_printf(io, "'%s' is an invalid file name\r\n", p);
3043                 break;
3044             }
3045             *e = '\0';
3046 
3047             if (dot) {
3048                 BIO_puts(io, text);
3049                 BIO_printf(io, "'%s' contains '..' reference\r\n", p);
3050                 break;
3051             }
3052 
3053             if (*p == '/') {
3054                 BIO_puts(io, text);
3055                 BIO_printf(io, "'%s' is an invalid path\r\n", p);
3056                 break;
3057             }
3058 #if 0
3059             /* append if a directory lookup */
3060             if (e[-1] == '/')
3061                 strcat(p, "index.html");
3062 #endif
3063 
3064             /* if a directory, do the index thang */
3065             if (app_isdir(p) > 0) {
3066 #if 0                           /* must check buffer size */
3067                 strcat(p, "/index.html");
3068 #else
3069                 BIO_puts(io, text);
3070                 BIO_printf(io, "'%s' is a directory\r\n", p);
3071                 break;
3072 #endif
3073             }
3074 
3075             if ((file = BIO_new_file(p, "r")) == NULL) {
3076                 BIO_puts(io, text);
3077                 BIO_printf(io, "Error opening '%s'\r\n", p);
3078                 ERR_print_errors(io);
3079                 break;
3080             }
3081 
3082             if (!s_quiet)
3083                 BIO_printf(bio_err, "FILE:%s\n", p);
3084 
3085             if (www == 2) {
3086                 i = strlen(p);
3087                 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
3088                     ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
3089                     ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
3090                     BIO_puts(io,
3091                              "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
3092                 else
3093                     BIO_puts(io,
3094                              "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
3095             }
3096             /* send the file */
3097             for (;;) {
3098                 i = BIO_read(file, buf, bufsize);
3099                 if (i <= 0)
3100                     break;
3101 
3102 #ifdef RENEG
3103                 total_bytes += i;
3104                 fprintf(stderr, "%d\n", i);
3105                 if (total_bytes > 3 * 1024) {
3106                     total_bytes = 0;
3107                     fprintf(stderr, "RENEGOTIATE\n");
3108                     SSL_renegotiate(con);
3109                 }
3110 #endif
3111 
3112                 for (j = 0; j < i;) {
3113 #ifdef RENEG
3114                     {
3115                         static count = 0;
3116                         if (++count == 13) {
3117                             SSL_renegotiate(con);
3118                         }
3119                     }
3120 #endif
3121                     k = BIO_write(io, &(buf[j]), i - j);
3122                     if (k <= 0) {
3123                         if (!BIO_should_retry(io))
3124                             goto write_error;
3125                         else {
3126                             BIO_printf(bio_s_out, "rwrite W BLOCK\n");
3127                         }
3128                     } else {
3129                         j += k;
3130                     }
3131                 }
3132             }
3133  write_error:
3134             BIO_free(file);
3135             break;
3136         }
3137     }
3138 
3139     for (;;) {
3140         i = (int)BIO_flush(io);
3141         if (i <= 0) {
3142             if (!BIO_should_retry(io))
3143                 break;
3144         } else
3145             break;
3146     }
3147  end:
3148 #if 1
3149     /* make sure we re-use sessions */
3150     SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3151 #else
3152     /* This kills performance */
3153     /*
3154      * SSL_shutdown(con); A shutdown gets sent in the BIO_free_all(io)
3155      * procession
3156      */
3157 #endif
3158 
3159  err:
3160 
3161     if (ret >= 0)
3162         BIO_printf(bio_s_out, "ACCEPT\n");
3163 
3164     if (buf != NULL)
3165         OPENSSL_free(buf);
3166     if (io != NULL)
3167         BIO_free_all(io);
3168 /*      if (ssl_bio != NULL) BIO_free(ssl_bio);*/
3169     return (ret);
3170 }
3171 
3172 static int rev_body(char *hostname, int s, int stype, unsigned char *context)
3173 {
3174     char *buf = NULL;
3175     int i;
3176     int ret = 1;
3177     SSL *con;
3178     BIO *io, *ssl_bio, *sbio;
3179 #ifndef OPENSSL_NO_KRB5
3180     KSSL_CTX *kctx;
3181 #endif
3182 
3183     buf = OPENSSL_malloc(bufsize);
3184     if (buf == NULL)
3185         return (0);
3186     io = BIO_new(BIO_f_buffer());
3187     ssl_bio = BIO_new(BIO_f_ssl());
3188     if ((io == NULL) || (ssl_bio == NULL))
3189         goto err;
3190 
3191     /* lets make the output buffer a reasonable size */
3192     if (!BIO_set_write_buffer_size(io, bufsize))
3193         goto err;
3194 
3195     if ((con = SSL_new(ctx)) == NULL)
3196         goto err;
3197 #ifndef OPENSSL_NO_TLSEXT
3198     if (s_tlsextdebug) {
3199         SSL_set_tlsext_debug_callback(con, tlsext_cb);
3200         SSL_set_tlsext_debug_arg(con, bio_s_out);
3201     }
3202 #endif
3203 #ifndef OPENSSL_NO_KRB5
3204     if ((kctx = kssl_ctx_new()) != NULL) {
3205         kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
3206         kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
3207     }
3208 #endif                          /* OPENSSL_NO_KRB5 */
3209     if (context)
3210         SSL_set_session_id_context(con, context, strlen((char *)context));
3211 
3212     sbio = BIO_new_socket(s, BIO_NOCLOSE);
3213     SSL_set_bio(con, sbio, sbio);
3214     SSL_set_accept_state(con);
3215 
3216     BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
3217     BIO_push(io, ssl_bio);
3218 #ifdef CHARSET_EBCDIC
3219     io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
3220 #endif
3221 
3222     if (s_debug) {
3223         SSL_set_debug(con, 1);
3224         BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
3225         BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
3226     }
3227     if (s_msg) {
3228 #ifndef OPENSSL_NO_SSL_TRACE
3229         if (s_msg == 2)
3230             SSL_set_msg_callback(con, SSL_trace);
3231         else
3232 #endif
3233             SSL_set_msg_callback(con, msg_cb);
3234         SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
3235     }
3236 
3237     for (;;) {
3238         i = BIO_do_handshake(io);
3239         if (i > 0)
3240             break;
3241         if (!BIO_should_retry(io)) {
3242             BIO_puts(bio_err, "CONNECTION FAILURE\n");
3243             ERR_print_errors(bio_err);
3244             goto end;
3245         }
3246 #ifndef OPENSSL_NO_SRP
3247         if (BIO_should_io_special(io)
3248             && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
3249             BIO_printf(bio_s_out, "LOOKUP renego during accept\n");
3250             SRP_user_pwd_free(srp_callback_parm.user);
3251             srp_callback_parm.user =
3252                 SRP_VBASE_get1_by_user(srp_callback_parm.vb,
3253                                        srp_callback_parm.login);
3254             if (srp_callback_parm.user)
3255                 BIO_printf(bio_s_out, "LOOKUP done %s\n",
3256                            srp_callback_parm.user->info);
3257             else
3258                 BIO_printf(bio_s_out, "LOOKUP not successful\n");
3259             continue;
3260         }
3261 #endif
3262     }
3263     BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
3264     print_ssl_summary(bio_err, con);
3265 
3266     for (;;) {
3267         i = BIO_gets(io, buf, bufsize - 1);
3268         if (i < 0) {            /* error */
3269             if (!BIO_should_retry(io)) {
3270                 if (!s_quiet)
3271                     ERR_print_errors(bio_err);
3272                 goto err;
3273             } else {
3274                 BIO_printf(bio_s_out, "read R BLOCK\n");
3275 #ifndef OPENSSL_NO_SRP
3276                 if (BIO_should_io_special(io)
3277                     && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
3278                     BIO_printf(bio_s_out, "LOOKUP renego during read\n");
3279                     SRP_user_pwd_free(srp_callback_parm.user);
3280                     srp_callback_parm.user =
3281                         SRP_VBASE_get1_by_user(srp_callback_parm.vb,
3282                                                srp_callback_parm.login);
3283                     if (srp_callback_parm.user)
3284                         BIO_printf(bio_s_out, "LOOKUP done %s\n",
3285                                    srp_callback_parm.user->info);
3286                     else
3287                         BIO_printf(bio_s_out, "LOOKUP not successful\n");
3288                     continue;
3289                 }
3290 #endif
3291 #if defined(OPENSSL_SYS_NETWARE)
3292                 delay(1000);
3293 #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
3294                 sleep(1);
3295 #endif
3296                 continue;
3297             }
3298         } else if (i == 0) {    /* end of input */
3299             ret = 1;
3300             BIO_printf(bio_err, "CONNECTION CLOSED\n");
3301             goto end;
3302         } else {
3303             char *p = buf + i - 1;
3304             while (i && (*p == '\n' || *p == '\r')) {
3305                 p--;
3306                 i--;
3307             }
3308             if (!s_ign_eof && i == 5 && !strncmp(buf, "CLOSE", 5)) {
3309                 ret = 1;
3310                 BIO_printf(bio_err, "CONNECTION CLOSED\n");
3311                 goto end;
3312             }
3313             BUF_reverse((unsigned char *)buf, NULL, i);
3314             buf[i] = '\n';
3315             BIO_write(io, buf, i + 1);
3316             for (;;) {
3317                 i = BIO_flush(io);
3318                 if (i > 0)
3319                     break;
3320                 if (!BIO_should_retry(io))
3321                     goto end;
3322             }
3323         }
3324     }
3325  end:
3326     /* make sure we re-use sessions */
3327     SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
3328 
3329  err:
3330 
3331     if (buf != NULL)
3332         OPENSSL_free(buf);
3333     if (io != NULL)
3334         BIO_free_all(io);
3335     return (ret);
3336 }
3337 
3338 #ifndef OPENSSL_NO_RSA
3339 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
3340 {
3341     BIGNUM *bn = NULL;
3342     static RSA *rsa_tmp = NULL;
3343 
3344     if (!rsa_tmp && ((bn = BN_new()) == NULL))
3345         BIO_printf(bio_err, "Allocation error in generating RSA key\n");
3346     if (!rsa_tmp && bn) {
3347         if (!s_quiet) {
3348             BIO_printf(bio_err, "Generating temp (%d bit) RSA key...",
3349                        keylength);
3350             (void)BIO_flush(bio_err);
3351         }
3352         if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
3353             !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
3354             if (rsa_tmp)
3355                 RSA_free(rsa_tmp);
3356             rsa_tmp = NULL;
3357         }
3358         if (!s_quiet) {
3359             BIO_printf(bio_err, "\n");
3360             (void)BIO_flush(bio_err);
3361         }
3362         BN_free(bn);
3363     }
3364     return (rsa_tmp);
3365 }
3366 #endif
3367 
3368 #define MAX_SESSION_ID_ATTEMPTS 10
3369 static int generate_session_id(const SSL *ssl, unsigned char *id,
3370                                unsigned int *id_len)
3371 {
3372     unsigned int count = 0;
3373     do {
3374         if (RAND_pseudo_bytes(id, *id_len) < 0)
3375             return 0;
3376         /*
3377          * Prefix the session_id with the required prefix. NB: If our prefix
3378          * is too long, clip it - but there will be worse effects anyway, eg.
3379          * the server could only possibly create 1 session ID (ie. the
3380          * prefix!) so all future session negotiations will fail due to
3381          * conflicts.
3382          */
3383         memcpy(id, session_id_prefix,
3384                (strlen(session_id_prefix) < *id_len) ?
3385                strlen(session_id_prefix) : *id_len);
3386     }
3387     while (SSL_has_matching_session_id(ssl, id, *id_len) &&
3388            (++count < MAX_SESSION_ID_ATTEMPTS));
3389     if (count >= MAX_SESSION_ID_ATTEMPTS)
3390         return 0;
3391     return 1;
3392 }
3393 
3394 /*
3395  * By default s_server uses an in-memory cache which caches SSL_SESSION
3396  * structures without any serialisation. This hides some bugs which only
3397  * become apparent in deployed servers. By implementing a basic external
3398  * session cache some issues can be debugged using s_server.
3399  */
3400 
3401 typedef struct simple_ssl_session_st {
3402     unsigned char *id;
3403     unsigned int idlen;
3404     unsigned char *der;
3405     int derlen;
3406     struct simple_ssl_session_st *next;
3407 } simple_ssl_session;
3408 
3409 static simple_ssl_session *first = NULL;
3410 
3411 static int add_session(SSL *ssl, SSL_SESSION *session)
3412 {
3413     simple_ssl_session *sess;
3414     unsigned char *p;
3415 
3416     sess = OPENSSL_malloc(sizeof(simple_ssl_session));
3417     if (!sess) {
3418         BIO_printf(bio_err, "Out of memory adding session to external cache\n");
3419         return 0;
3420     }
3421 
3422     SSL_SESSION_get_id(session, &sess->idlen);
3423     sess->derlen = i2d_SSL_SESSION(session, NULL);
3424 
3425     sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
3426 
3427     sess->der = OPENSSL_malloc(sess->derlen);
3428     if (!sess->id || !sess->der) {
3429         BIO_printf(bio_err, "Out of memory adding session to external cache\n");
3430 
3431         if (sess->id)
3432             OPENSSL_free(sess->id);
3433         if (sess->der)
3434             OPENSSL_free(sess->der);
3435         OPENSSL_free(sess);
3436         return 0;
3437     }
3438     p = sess->der;
3439     i2d_SSL_SESSION(session, &p);
3440 
3441     sess->next = first;
3442     first = sess;
3443     BIO_printf(bio_err, "New session added to external cache\n");
3444     return 0;
3445 }
3446 
3447 static SSL_SESSION *get_session(SSL *ssl, unsigned char *id, int idlen,
3448                                 int *do_copy)
3449 {
3450     simple_ssl_session *sess;
3451     *do_copy = 0;
3452     for (sess = first; sess; sess = sess->next) {
3453         if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen)) {
3454             const unsigned char *p = sess->der;
3455             BIO_printf(bio_err, "Lookup session: cache hit\n");
3456             return d2i_SSL_SESSION(NULL, &p, sess->derlen);
3457         }
3458     }
3459     BIO_printf(bio_err, "Lookup session: cache miss\n");
3460     return NULL;
3461 }
3462 
3463 static void del_session(SSL_CTX *sctx, SSL_SESSION *session)
3464 {
3465     simple_ssl_session *sess, *prev = NULL;
3466     const unsigned char *id;
3467     unsigned int idlen;
3468     id = SSL_SESSION_get_id(session, &idlen);
3469     for (sess = first; sess; sess = sess->next) {
3470         if (idlen == sess->idlen && !memcmp(sess->id, id, idlen)) {
3471             if (prev)
3472                 prev->next = sess->next;
3473             else
3474                 first = sess->next;
3475             OPENSSL_free(sess->id);
3476             OPENSSL_free(sess->der);
3477             OPENSSL_free(sess);
3478             return;
3479         }
3480         prev = sess;
3481     }
3482 }
3483 
3484 static void init_session_cache_ctx(SSL_CTX *sctx)
3485 {
3486     SSL_CTX_set_session_cache_mode(sctx,
3487                                    SSL_SESS_CACHE_NO_INTERNAL |
3488                                    SSL_SESS_CACHE_SERVER);
3489     SSL_CTX_sess_set_new_cb(sctx, add_session);
3490     SSL_CTX_sess_set_get_cb(sctx, get_session);
3491     SSL_CTX_sess_set_remove_cb(sctx, del_session);
3492 }
3493 
3494 static void free_sessions(void)
3495 {
3496     simple_ssl_session *sess, *tsess;
3497     for (sess = first; sess;) {
3498         OPENSSL_free(sess->id);
3499         OPENSSL_free(sess->der);
3500         tsess = sess;
3501         sess = sess->next;
3502         OPENSSL_free(tsess);
3503     }
3504     first = NULL;
3505 }
3506