1 /* 2 * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * A minimal program to serve an SSL connection. It uses blocking. It uses 12 * the SSL_CONF API with a configuration file. cc -I../../include saccept.c 13 * -L../.. -lssl -lcrypto -ldl 14 */ 15 16 #include <stdio.h> 17 #include <string.h> 18 #include <signal.h> 19 #include <stdlib.h> 20 #include <openssl/err.h> 21 #include <openssl/ssl.h> 22 #include <openssl/conf.h> 23 24 int main(int argc, char *argv[]) 25 { 26 char *port = "*:4433"; 27 BIO *in = NULL; 28 BIO *ssl_bio, *tmp; 29 SSL_CTX *ctx; 30 SSL_CONF_CTX *cctx = NULL; 31 CONF *conf = NULL; 32 STACK_OF(CONF_VALUE) *sect = NULL; 33 CONF_VALUE *cnf; 34 long errline = -1; 35 char buf[512]; 36 int ret = EXIT_FAILURE, i; 37 38 ctx = SSL_CTX_new(TLS_server_method()); 39 40 conf = NCONF_new(NULL); 41 42 if (NCONF_load(conf, "accept.cnf", &errline) <= 0) { 43 if (errline <= 0) 44 fprintf(stderr, "Error processing config file\n"); 45 else 46 fprintf(stderr, "Error on line %ld\n", errline); 47 goto err; 48 } 49 50 sect = NCONF_get_section(conf, "default"); 51 52 if (sect == NULL) { 53 fprintf(stderr, "Error retrieving default section\n"); 54 goto err; 55 } 56 57 cctx = SSL_CONF_CTX_new(); 58 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); 59 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); 60 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); 61 SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); 62 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { 63 int rv; 64 cnf = sk_CONF_VALUE_value(sect, i); 65 rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value); 66 if (rv > 0) 67 continue; 68 if (rv != -2) { 69 fprintf(stderr, "Error processing %s = %s\n", 70 cnf->name, cnf->value); 71 ERR_print_errors_fp(stderr); 72 goto err; 73 } 74 if (strcmp(cnf->name, "Port") == 0) { 75 port = cnf->value; 76 } else { 77 fprintf(stderr, "Unknown configuration option %s\n", cnf->name); 78 goto err; 79 } 80 } 81 82 if (!SSL_CONF_CTX_finish(cctx)) { 83 fprintf(stderr, "Finish error\n"); 84 ERR_print_errors_fp(stderr); 85 goto err; 86 } 87 88 /* Setup server side SSL bio */ 89 ssl_bio = BIO_new_ssl(ctx, 0); 90 91 if ((in = BIO_new_accept(port)) == NULL) 92 goto err; 93 94 /* 95 * This means that when a new connection is accepted on 'in', The ssl_bio 96 * will be 'duplicated' and have the new socket BIO push into it. 97 * Basically it means the SSL BIO will be automatically setup 98 */ 99 BIO_set_accept_bios(in, ssl_bio); 100 101 again: 102 /* 103 * The first call will setup the accept socket, and the second will get a 104 * socket. In this loop, the first actual accept will occur in the 105 * BIO_read() function. 106 */ 107 108 if (BIO_do_accept(in) <= 0) 109 goto err; 110 111 for (;;) { 112 i = BIO_read(in, buf, 512); 113 if (i == 0) { 114 /* 115 * If we have finished, remove the underlying BIO stack so the 116 * next time we call any function for this BIO, it will attempt 117 * to do an accept 118 */ 119 printf("Done\n"); 120 tmp = BIO_pop(in); 121 BIO_free_all(tmp); 122 goto again; 123 } 124 if (i < 0) { 125 if (BIO_should_retry(in)) 126 continue; 127 goto err; 128 } 129 fwrite(buf, 1, i, stdout); 130 fflush(stdout); 131 } 132 133 ret = EXIT_SUCCESS; 134 err: 135 if (ret != EXIT_SUCCESS) 136 ERR_print_errors_fp(stderr); 137 BIO_free(in); 138 return ret; 139 } 140