1 /* 2 * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * A minimal program to serve an SSL connection. It uses blocking. It uses 12 * the SSL_CONF API with a configuration file. cc -I../../include saccept.c 13 * -L../.. -lssl -lcrypto -ldl 14 */ 15 16 #include <stdio.h> 17 #include <string.h> 18 #include <signal.h> 19 #include <stdlib.h> 20 #include <openssl/err.h> 21 #include <openssl/ssl.h> 22 #include <openssl/conf.h> 23 24 int main(int argc, char *argv[]) 25 { 26 char *port = "*:4433"; 27 BIO *in = NULL; 28 BIO *ssl_bio = NULL; 29 BIO *tmp; 30 SSL_CTX *ctx; 31 SSL_CONF_CTX *cctx = NULL; 32 CONF *conf = NULL; 33 STACK_OF(CONF_VALUE) *sect = NULL; 34 CONF_VALUE *cnf; 35 long errline = -1; 36 char buf[512]; 37 int ret = EXIT_FAILURE, i; 38 39 ctx = SSL_CTX_new(TLS_server_method()); 40 41 conf = NCONF_new(NULL); 42 43 if (NCONF_load(conf, "accept.cnf", &errline) <= 0) { 44 if (errline <= 0) 45 fprintf(stderr, "Error processing config file\n"); 46 else 47 fprintf(stderr, "Error on line %ld\n", errline); 48 goto err; 49 } 50 51 sect = NCONF_get_section(conf, "default"); 52 53 if (sect == NULL) { 54 fprintf(stderr, "Error retrieving default section\n"); 55 goto err; 56 } 57 58 cctx = SSL_CONF_CTX_new(); 59 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); 60 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); 61 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); 62 SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); 63 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { 64 int rv; 65 cnf = sk_CONF_VALUE_value(sect, i); 66 rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value); 67 if (rv > 0) 68 continue; 69 if (rv != -2) { 70 fprintf(stderr, "Error processing %s = %s\n", 71 cnf->name, cnf->value); 72 ERR_print_errors_fp(stderr); 73 goto err; 74 } 75 if (strcmp(cnf->name, "Port") == 0) { 76 port = cnf->value; 77 } else { 78 fprintf(stderr, "Unknown configuration option %s\n", cnf->name); 79 goto err; 80 } 81 } 82 83 if (!SSL_CONF_CTX_finish(cctx)) { 84 fprintf(stderr, "Finish error\n"); 85 ERR_print_errors_fp(stderr); 86 goto err; 87 } 88 89 /* Setup server side SSL bio */ 90 ssl_bio = BIO_new_ssl(ctx, 0); 91 92 if ((in = BIO_new_accept(port)) == NULL) 93 goto err; 94 95 /* 96 * This means that when a new connection is accepted on 'in', The ssl_bio 97 * will be 'duplicated' and have the new socket BIO push into it. 98 * Basically it means the SSL BIO will be automatically setup 99 */ 100 BIO_set_accept_bios(in, ssl_bio); 101 ssl_bio = NULL; 102 103 again: 104 /* 105 * The first call will setup the accept socket, and the second will get a 106 * socket. In this loop, the first actual accept will occur in the 107 * BIO_read() function. 108 */ 109 110 if (BIO_do_accept(in) <= 0) 111 goto err; 112 113 for (;;) { 114 i = BIO_read(in, buf, 512); 115 if (i == 0) { 116 /* 117 * If we have finished, remove the underlying BIO stack so the 118 * next time we call any function for this BIO, it will attempt 119 * to do an accept 120 */ 121 printf("Done\n"); 122 tmp = BIO_pop(in); 123 BIO_free_all(tmp); 124 goto again; 125 } 126 if (i < 0) { 127 if (BIO_should_retry(in)) 128 continue; 129 goto err; 130 } 131 fwrite(buf, 1, i, stdout); 132 fflush(stdout); 133 } 134 135 ret = EXIT_SUCCESS; 136 err: 137 if (ret != EXIT_SUCCESS) 138 ERR_print_errors_fp(stderr); 139 BIO_free(in); 140 BIO_free_all(ssl_bio); 141 return ret; 142 } 143