1 /* 2 * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /** 11 * @file quic-hq-interop-server.c 12 * @brief Minimal QUIC HTTP/0.9 server implementation. 13 * 14 * This file implements a lightweight QUIC server supporting the HTTP/0.9 15 * protocol for interoperability testing. It includes functions for setting 16 * up a secure QUIC connection, handling ALPN negotiation, and serving client 17 * requests. Intended for use with the quic-interop-runner 18 * available at https://interop.seemann.io 19 * 20 * Key functionalities: 21 * - Setting up SSL_CTX with QUIC support. 22 * - Negotiating ALPN strings during the TLS handshake. 23 * - Listening and accepting incoming QUIC connections. 24 * - Handling client requests via HTTP/0.9 protocol. 25 * 26 * Usage: 27 * <port> <server.crt> <server.key> 28 * The server binds to the specified port and serves files using the given 29 * certificate and private key. 30 * 31 * Environment variables: 32 * - FILEPREFIX: Specifies the directory containing files to serve. 33 * Defaults to "./downloads" if not set. 34 * - SSLKEYLOGFILE: specifies that keylogging should be preformed on the server 35 * should be set to a file name to record keylog data to 36 * - NO_ADDR_VALIDATE: Disables server address validation of clients 37 * 38 */ 39 40 #include <string.h> 41 42 /* Include the appropriate header file for SOCK_STREAM */ 43 #ifdef _WIN32 44 # include <stdarg.h> 45 # include <winsock2.h> 46 # include <ws2tcpip.h> 47 #else 48 # include <sys/socket.h> 49 # include <netinet/in.h> 50 # include <unistd.h> 51 #endif 52 53 #include <openssl/bio.h> 54 #include <openssl/ssl.h> 55 #include <openssl/err.h> 56 #include <openssl/quic.h> 57 58 #define BUF_SIZE 4096 59 60 /** 61 * @brief ALPN (Application-Layer Protocol Negotiation) identifier for QUIC. 62 * 63 * This constant defines the ALPN string used during the TLS handshake 64 * to negotiate the application-layer protocol between the client and 65 * the server. It specifies "hq-interop" as the supported protocol. 66 * 67 * Format: 68 * - The first byte represents the length of the ALPN string. 69 * - Subsequent bytes represent the ASCII characters of the protocol name. 70 * 71 * Value: 72 * - Protocol: "hq-interop" 73 * - Length: 10 bytes 74 * 75 * Usage: 76 * This is passed to the ALPN callback function to validate and 77 * negotiate the desired protocol during the TLS handshake. 78 */ 79 static const unsigned char alpn_ossltest[] = { 80 10, 'h', 'q', '-', 'i', 'n', 't', 'e', 'r', 'o', 'p', 81 }; 82 83 /** 84 * @brief Directory prefix for serving requested files. 85 * 86 * This variable specifies the directory path used as the base location 87 * for serving files in response to client requests. It is used to construct 88 * the full file path for requested resources. 89 * 90 * Default: 91 * - If not set via the FILEPREFIX environment variable, it defaults to 92 * "./downloads". 93 * 94 * Usage: 95 * - Updated at runtime based on the FILEPREFIX environment variable. 96 * - Used to locate and serve files during incoming requests. 97 */ 98 static char *fileprefix = NULL; 99 100 /** 101 * @brief Callback for ALPN (Application-Layer Protocol Negotiation) selection. 102 * 103 * This function is invoked during the TLS handshake on the server side to 104 * validate and negotiate the desired ALPN (Application-Layer Protocol 105 * Negotiation) protocol with the client. It ensures that the negotiated 106 * protocol matches the predefined "hq-interop" string. 107 * 108 * @param ssl Pointer to the SSL connection object. 109 * @param[out] out Pointer to the negotiated ALPN protocol string. 110 * @param[out] out_len Length of the negotiated ALPN protocol string. 111 * @param in Pointer to the client-provided ALPN protocol list. 112 * @param in_len Length of the client-provided ALPN protocol list. 113 * @param arg Optional user-defined argument (unused in this context). 114 * 115 * @return SSL_TLSEXT_ERR_OK on successful ALPN negotiation, 116 * SSL_TLSEXT_ERR_ALERT_FATAL otherwise. 117 * 118 * Usage: 119 * - This function is set as the ALPN selection callback in the SSL_CTX 120 * using `SSL_CTX_set_alpn_select_cb`. 121 * - Ensures that only the predefined ALPN protocol is accepted. 122 * 123 * Note: 124 * - The predefined protocol is specified in the `alpn_ossltest` array. 125 */ 126 static int select_alpn(SSL *ssl, const unsigned char **out, 127 unsigned char *out_len, const unsigned char *in, 128 unsigned int in_len, void *arg) 129 { 130 /* 131 * Use the next_proto helper function here. 132 * This scans the list of alpns we support and matches against 133 * what the client is requesting 134 */ 135 if (SSL_select_next_proto((unsigned char **)out, out_len, alpn_ossltest, 136 sizeof(alpn_ossltest), in, 137 in_len) == OPENSSL_NPN_NEGOTIATED) 138 return SSL_TLSEXT_ERR_OK; 139 return SSL_TLSEXT_ERR_ALERT_FATAL; 140 } 141 142 /** 143 * @brief Creates and configures an SSL_CTX for a QUIC server. 144 * 145 * This function initializes an SSL_CTX object with the QUIC server method 146 * and configures it using the provided certificate and private key. The 147 * context is prepared for handling secure QUIC connections and performing 148 * ALPN (Application-Layer Protocol Negotiation). 149 * 150 * @param cert_path Path to the server's certificate chain file in PEM format. 151 * The chain file must include the server's leaf certificate 152 * followed by intermediate CA certificates. 153 * @param key_path Path to the server's private key file in PEM format. The 154 * private key must correspond to the leaf certificate in 155 * the chain file. 156 * 157 * @return Pointer to the initialized SSL_CTX on success, or NULL on failure. 158 * 159 * Configuration: 160 * - Loads the certificate chain and private key into the context. 161 * - Disables client certificate verification (no mutual TLS). 162 * - Sets up the ALPN selection callback for protocol negotiation. 163 * 164 * Error Handling: 165 * - If any step fails (e.g., loading the certificate or key), the function 166 * frees the SSL_CTX and returns NULL. 167 * 168 * Usage: 169 * - Call this function to create an SSL_CTX before starting the QUIC server. 170 * - Ensure valid paths for the certificate and private key are provided. 171 * 172 * Note: 173 * - The ALPN callback only supports the predefined protocol defined in 174 * `alpn_ossltest`. 175 */ 176 static SSL_CTX *create_ctx(const char *cert_path, const char *key_path) 177 { 178 SSL_CTX *ctx; 179 180 /* 181 * An SSL_CTX holds shared configuration information for multiple 182 * subsequent per-client connections. We specifically load a QUIC 183 * server method here. 184 */ 185 ctx = SSL_CTX_new(OSSL_QUIC_server_method()); 186 if (ctx == NULL) 187 goto err; 188 189 /* 190 * Load the server's certificate *chain* file (PEM format), which includes 191 * not only the leaf (end-entity) server certificate, but also any 192 * intermediate issuer-CA certificates. The leaf certificate must be the 193 * first certificate in the file. 194 * 195 * In advanced use-cases this can be called multiple times, once per public 196 * key algorithm for which the server has a corresponding certificate. 197 * However, the corresponding private key (see below) must be loaded first, 198 * *before* moving on to the next chain file. 199 * 200 * The requisite files "chain.pem" and "pkey.pem" can be generated by running 201 * "make chain" in this directory. If the server will be executed from some 202 * other directory, move or copy the files there. 203 */ 204 if (SSL_CTX_use_certificate_chain_file(ctx, cert_path) <= 0) { 205 fprintf(stderr, "couldn't load certificate file: %s\n", cert_path); 206 goto err; 207 } 208 209 /* 210 * Load the corresponding private key, this also checks that the private 211 * key matches the just loaded end-entity certificate. It does not check 212 * whether the certificate chain is valid, the certificates could be 213 * expired, or may otherwise fail to form a chain that a client can validate. 214 */ 215 if (SSL_CTX_use_PrivateKey_file(ctx, key_path, SSL_FILETYPE_PEM) <= 0) { 216 fprintf(stderr, "couldn't load key file: %s\n", key_path); 217 goto err; 218 } 219 220 /* 221 * Since we're not soliciting or processing client certificates, we don't 222 * need to configure a trusted-certificate store, so no call to 223 * SSL_CTX_set_default_verify_paths() is needed. The server's own 224 * certificate chain is assumed valid. 225 */ 226 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); 227 228 /* Setup ALPN negotiation callback to decide which ALPN is accepted. */ 229 SSL_CTX_set_alpn_select_cb(ctx, select_alpn, NULL); 230 231 return ctx; 232 233 err: 234 SSL_CTX_free(ctx); 235 return NULL; 236 } 237 238 /** 239 * @brief Creates and binds a UDP socket to the specified port. 240 * 241 * This function initializes a new UDP socket, binds it to the specified 242 * port on the local host, and returns the socket file descriptor for 243 * further use. 244 * 245 * @param port The port number to which the UDP socket should be bound. 246 * 247 * @return On success, returns the BIO of the created socket. 248 * On failure, returns NULL. 249 * 250 * Steps: 251 * - Creates a new UDP socket using the `socket` system call. 252 * - Configures the socket address structure to bind to the specified port 253 * on the local host. 254 * - Binds the socket to the port using the `bind` system call. 255 * 256 * Error Handling: 257 * - If socket creation or binding fails, an error message is printed to 258 * `stderr`, the socket (if created) is closed, and -1 is returned. 259 * 260 * Usage: 261 * - Call this function to set up a socket for handling incoming QUIC 262 * connections. 263 * 264 * Notes: 265 * - This function assumes UDP (`SOCK_DGRAM`). 266 * - This function accepts on both IPv4 and IPv6. 267 * - The specified port is converted to network byte order using `htons`. 268 */ 269 static BIO *create_socket(uint16_t port) 270 { 271 int fd = -1; 272 BIO *sock = NULL; 273 BIO_ADDR *addr = NULL; 274 int opt = 0; 275 #ifdef _WIN32 276 struct in6_addr in6addr_any; 277 278 memset(&in6addr_any, 0, sizeof(in6addr_any)); 279 #endif 280 281 /* Retrieve the file descriptor for a new UDP socket */ 282 if ((fd = BIO_socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP, 0)) < 0) { 283 fprintf(stderr, "cannot create socket"); 284 goto err; 285 } 286 287 /* 288 * IPv6_V6ONLY is only available on some platforms. If it is defined, 289 * disable it to accept both IPv4 and IPv6 connections. Otherwise, the 290 * server will only accept IPv6 connections. 291 */ 292 #ifdef IPV6_V6ONLY 293 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &opt, sizeof(opt)) < 0) { 294 fprintf(stderr, "setsockopt IPV6_V6ONLY failed"); 295 goto err; 296 } 297 #endif 298 299 /* 300 * Create a new BIO_ADDR 301 */ 302 addr = BIO_ADDR_new(); 303 if (addr == NULL) { 304 fprintf(stderr, "Unable to create BIO_ADDR\n"); 305 goto err; 306 } 307 308 /* 309 * Build an INADDR_ANY BIO_ADDR 310 */ 311 if (!BIO_ADDR_rawmake(addr, AF_INET6, &in6addr_any, sizeof(in6addr_any), htons(port))) { 312 fprintf(stderr, "unable to bind to port %d\n", port); 313 goto err; 314 } 315 316 /* Bind to the new UDP socket */ 317 if (!BIO_bind(fd, addr, 0)) { 318 fprintf(stderr, "cannot bind to %u\n", port); 319 goto err; 320 } 321 322 /* 323 * Create a new datagram socket 324 */ 325 sock = BIO_new(BIO_s_datagram()); 326 if (sock == NULL) { 327 fprintf(stderr, "cannot create dgram bio\n"); 328 goto err; 329 } 330 331 /* 332 * associate the underlying socket with the dgram BIO 333 */ 334 if (!BIO_set_fd(sock, fd, BIO_CLOSE)) { 335 fprintf(stderr, "Unable to set fd of dgram sock\n"); 336 goto err; 337 } 338 339 /* 340 * Free our allocated addr 341 */ 342 BIO_ADDR_free(addr); 343 return sock; 344 345 err: 346 BIO_ADDR_free(addr); 347 BIO_free(sock); 348 BIO_closesocket(fd); 349 return NULL; 350 } 351 352 /** 353 * @brief Handles I/O failures on an SSL stream based on the result code. 354 * 355 * This function processes the result of an SSL I/O operation and handles 356 * different types of errors that may occur during the operation. It takes 357 * appropriate actions such as retrying the operation, reporting errors, or 358 * returning specific status codes based on the error type. 359 * 360 * @param ssl A pointer to the SSL object representing the stream. 361 * @param res The result code from the SSL I/O operation. 362 * @return An integer indicating the outcome: 363 * - 0: EOF, indicating the stream has been closed. 364 * - -1: A fatal error occurred or the stream has been reset. 365 * 366 * 367 * @note If the failure is due to an SSL verification error, additional 368 * information will be logged to stderr. 369 */ 370 static int handle_io_failure(SSL *ssl, int res) 371 { 372 switch (SSL_get_error(ssl, res)) { 373 case SSL_ERROR_ZERO_RETURN: 374 /* EOF */ 375 return 0; 376 377 case SSL_ERROR_SYSCALL: 378 return -1; 379 380 case SSL_ERROR_SSL: 381 /* 382 * Some stream fatal error occurred. This could be because of a 383 * stream reset - or some failure occurred on the underlying 384 * connection. 385 */ 386 switch (SSL_get_stream_read_state(ssl)) { 387 case SSL_STREAM_STATE_RESET_REMOTE: 388 fprintf(stderr, "Stream reset occurred\n"); 389 /* 390 * The stream has been reset but the connection is still 391 * healthy. 392 */ 393 break; 394 395 case SSL_STREAM_STATE_CONN_CLOSED: 396 fprintf(stderr, "Connection closed\n"); 397 /* Connection is already closed. */ 398 break; 399 400 default: 401 fprintf(stderr, "Unknown stream failure\n"); 402 break; 403 } 404 /* 405 * If the failure is due to a verification error we can get more 406 * information about it from SSL_get_verify_result(). 407 */ 408 if (SSL_get_verify_result(ssl) != X509_V_OK) 409 fprintf(stderr, "Verify error: %s\n", 410 X509_verify_cert_error_string(SSL_get_verify_result(ssl))); 411 return -1; 412 413 default: 414 return -1; 415 } 416 } 417 418 /** 419 * @brief Processes a new incoming QUIC stream for an HTTP/0.9 GET request. 420 * 421 * This function reads an HTTP/0.9 GET request from the provided QUIC stream, 422 * retrieves the requested file from the server's file system, and sends the 423 * file contents back to the client over the stream. 424 * 425 * @param Pointer to the SSL object representing the QUIC stream. 426 * 427 * Operation: 428 * - Reads the HTTP/0.9 GET request from the client. 429 * - Parses the request to extract the requested file name. 430 * - Constructs the file path using the `fileprefix` directory. 431 * - Reads the requested file in chunks and sends it to the client. 432 * - Concludes the QUIC stream once the file is fully sent. 433 * 434 * Error Handling: 435 * - If the request is invalid or the file cannot be opened, appropriate 436 * error messages are logged, and the function exits without sending data. 437 * - Errors during file reading or writing to the stream are handled, with 438 * retries for buffer-related issues (e.g., full send buffer). 439 * 440 * Notes: 441 * - The request is expected to be a valid HTTP/0.9 GET request. 442 * - File paths are sanitized to prevent path traversal vulnerabilities. 443 * - The function uses blocking operations for reading and writing data. 444 * 445 * Usage: 446 * - Called for each accepted QUIC stream to handle client requests. 447 */ 448 static void process_new_stream(SSL *stream) 449 { 450 unsigned char buf[BUF_SIZE]; 451 char path[BUF_SIZE]; 452 char *req = (char *)buf; 453 char *reqname; 454 char *creturn; 455 size_t nread; 456 BIO *readbio; 457 size_t bytes_read = 0; 458 size_t bytes_written = 0; 459 size_t offset = 0; 460 int rc; 461 int ret; 462 size_t total_read = 0; 463 464 memset(buf, 0, BUF_SIZE); 465 for (;;) { 466 nread = 0; 467 ret = SSL_read_ex(stream, &buf[total_read], 468 sizeof(buf) - total_read - 1, &nread); 469 total_read += nread; 470 if (ret <= 0) { 471 ret = handle_io_failure(stream, ret); 472 if (ret == 0) { 473 /* EOF condition, fin bit set, we got the whole request */ 474 break; 475 } else { 476 /* permanent failure, abort */ 477 fprintf(stderr, "Failure on stream\n"); 478 return; 479 } 480 } 481 } 482 483 /* We should have a valid http 0.9 GET request here */ 484 fprintf(stderr, "Request is %s\n", req); 485 486 /* Look for the last '/' char in the request */ 487 reqname = strrchr(req, '/'); 488 if (reqname == NULL) 489 return; 490 reqname++; 491 492 /* Requests have a trailing \r\n, eliminate them */ 493 creturn = strchr(reqname, '\r'); 494 if (creturn != NULL) 495 *creturn = '\0'; 496 497 snprintf(path, BUF_SIZE, "%s/%s", fileprefix, reqname); 498 499 fprintf(stderr, "Serving %s\n", path); 500 readbio = BIO_new_file(path, "r"); 501 if (readbio == NULL) { 502 fprintf(stderr, "Unable to open %s\n", path); 503 ERR_print_errors_fp(stderr); 504 goto done; 505 } 506 507 /* Read the readbio file into a buffer, and just send it to the requestor */ 508 while (BIO_eof(readbio) <= 0) { 509 bytes_read = 0; 510 if (!BIO_read_ex(readbio, buf, BUF_SIZE, &bytes_read)) { 511 if (BIO_eof(readbio) <= 0) { 512 fprintf(stderr, "Failed to read from %s\n", path); 513 ERR_print_errors_fp(stderr); 514 goto out; 515 } else { 516 break; 517 } 518 } 519 520 offset = 0; 521 for (;;) { 522 bytes_written = 0; 523 rc = SSL_write_ex(stream, &buf[offset], bytes_read, &bytes_written); 524 if (rc <= 0) { 525 rc = SSL_get_error(stream, rc); 526 switch (rc) { 527 case SSL_ERROR_WANT_WRITE: 528 fprintf(stderr, "Send buffer full, retrying\n"); 529 continue; 530 break; 531 default: 532 fprintf(stderr, "Unhandled error cause %d\n", rc); 533 goto done; 534 break; 535 } 536 } 537 bytes_read -= bytes_written; 538 offset += bytes_written; 539 bytes_written = 0; 540 if (bytes_read == 0) 541 break; 542 } 543 } 544 545 done: 546 if (!SSL_stream_conclude(stream, 0)) 547 fprintf(stderr, "Failed to conclude stream\n"); 548 549 out: 550 BIO_free(readbio); 551 return; 552 } 553 554 /** 555 * @brief Runs the QUIC server to accept and handle client connections. 556 * 557 * This function initializes a QUIC listener, binds it to the provided UDP 558 * socket, and enters a loop to accept client connections and process incoming 559 * QUIC streams. Each connection is handled until termination, and streams are 560 * processed individually using the `process_new_stream` function. 561 * 562 * @param ctx Pointer to the SSL_CTX object configured for QUIC. 563 * @param sock BIO of the bound UDP socket. 564 * 565 * @return Returns 0 on error; otherwise, the server runs indefinitely. 566 * 567 * Operation: 568 * - Creates a QUIC listener using the provided SSL_CTX and associates it 569 * with the specified UDP socket. 570 * - Waits for incoming QUIC connections and accepts them. 571 * - For each connection: 572 * - Accepts incoming streams. 573 * - Processes each stream using `process_new_stream`. 574 * - Shuts down the connection upon completion. 575 * 576 * Error Handling: 577 * - If listener creation or connection acceptance fails, the function logs 578 * an error message and exits the loop. 579 * - Cleans up allocated resources (e.g., listener, connection) on failure. 580 * 581 * Usage: 582 * - Call this function in the main server loop after setting up the 583 * SSL_CTX and binding a UDP socket. 584 * 585 * Notes: 586 * - Uses blocking operations for listener, connection, and stream handling. 587 * - Incoming streams are processed based on the configured stream policy. 588 * - The server runs in an infinite loop unless a fatal error occurs. 589 */ 590 static int run_quic_server(SSL_CTX *ctx, BIO *sock) 591 { 592 int ok = 0; 593 SSL *listener, *conn, *stream; 594 unsigned long errcode; 595 uint64_t flags = 0; 596 597 /* 598 * If NO_ADDR_VALIDATE exists in our environment 599 * then disable address validation on our listener 600 */ 601 if (getenv("NO_ADDR_VALIDATE") != NULL) 602 flags |= SSL_LISTENER_FLAG_NO_VALIDATE; 603 604 /* 605 * Create a new QUIC listener. Listeners, and other QUIC objects, default 606 * to operating in blocking mode. The configured behaviour is inherited by 607 * child objects. 608 */ 609 if ((listener = SSL_new_listener(ctx, flags)) == NULL) 610 goto err; 611 612 /* Provide the listener with our UDP socket. */ 613 SSL_set_bio(listener, sock, sock); 614 615 /* Begin listening. */ 616 if (!SSL_listen(listener)) 617 goto err; 618 619 /* 620 * Begin an infinite loop of listening for connections. We will only 621 * exit this loop if we encounter an error. 622 */ 623 for (;;) { 624 /* Pristine error stack for each new connection */ 625 ERR_clear_error(); 626 627 /* Block while waiting for a client connection */ 628 printf("Waiting for connection\n"); 629 conn = SSL_accept_connection(listener, 0); 630 if (conn == NULL) { 631 fprintf(stderr, "error while accepting connection\n"); 632 goto err; 633 } 634 printf("Accepted new connection\n"); 635 636 /* 637 * QUIC requires that we inform the connection that 638 * we always want to accept new streams, rather than reject them 639 * Additionally, while we don't make an explicit call here, we 640 * are using the default stream mode, as would be specified by 641 * a call to SSL_set_default_stream_mode 642 */ 643 if (!SSL_set_incoming_stream_policy(conn, 644 SSL_INCOMING_STREAM_POLICY_ACCEPT, 645 0)) { 646 fprintf(stderr, "Failed to set incomming stream policy\n"); 647 goto close_conn; 648 } 649 650 /* 651 * Until the connection is closed, accept incomming stream 652 * requests and serve them 653 */ 654 for (;;) { 655 /* 656 * Note that SSL_accept_stream is blocking here, as the 657 * conn SSL object inherited the deafult blocking property 658 * from its parent, the listener SSL object. As such there 659 * is no need to handle retry failures here. 660 */ 661 stream = SSL_accept_stream(conn, 0); 662 if (stream == NULL) { 663 /* 664 * If we don't get a stream, either we 665 * Hit a legitimate error, and should bail out 666 * or 667 * The Client closed the connection, and there are no 668 * more incomming streams expected 669 * 670 * Filter on the shutdown error, and only print an error 671 * message if the cause is not SHUTDOWN 672 */ 673 ERR_print_errors_fp(stderr); 674 errcode = ERR_get_error(); 675 if (ERR_GET_REASON(errcode) != SSL_R_PROTOCOL_IS_SHUTDOWN) 676 fprintf(stderr, "Failure in accept stream, error %s\n", 677 ERR_reason_error_string(errcode)); 678 break; 679 } 680 process_new_stream(stream); 681 SSL_free(stream); 682 } 683 684 /* 685 * Shut down the connection. We may need to call this multiple times 686 * to ensure the connection is shutdown completely. 687 */ 688 close_conn: 689 while (SSL_shutdown(conn) != 1) 690 continue; 691 692 SSL_free(conn); 693 } 694 695 err: 696 SSL_free(listener); 697 return ok; 698 } 699 700 /** 701 * @brief Entry point for the minimal QUIC HTTP/0.9 server. 702 * 703 * This function initializes the server, sets up a QUIC context, binds a UDP 704 * socket to the specified port, and starts the main QUIC server loop to handle 705 * client connections and requests. 706 * 707 * @param argc Number of command-line arguments. 708 * @param argv Array of command-line arguments: 709 * - argv[0]: Program name. 710 * - argv[1]: Port number to bind the server. 711 * - argv[2]: Path to the server's certificate file (PEM format). 712 * - argv[3]: Path to the server's private key file (PEM format). 713 * 714 * @return Returns EXIT_SUCCESS on successful execution, or EXIT_FAILURE 715 * on error. 716 * 717 * Operation: 718 * - Validates the command-line arguments. 719 * - Reads the FILEPREFIX environment variable to set the file prefix for 720 * serving files (default is "./downloads"). 721 * - Creates an SSL_CTX with QUIC support using the provided certificate and 722 * key files. 723 * - Parses and validates the port number. 724 * - Creates and binds a UDP socket to the specified port. 725 * - Starts the server loop using `run_quic_server` to accept and process 726 * client connections. 727 * 728 * Error Handling: 729 * - If any initialization step fails (e.g., invalid arguments, socket 730 * creation, context setup), appropriate error messages are logged, and 731 * the program exits with EXIT_FAILURE. 732 * 733 * Usage: 734 * - Run the program with the required arguments to start the server: 735 * `./server <port> <server.crt> <server.key>` 736 * 737 * Notes: 738 * - Ensure that the certificate and key files exist and are valid. 739 * - The server serves files from the directory specified by FILEPREFIX. 740 */ 741 int main(int argc, char *argv[]) 742 { 743 int res = EXIT_FAILURE; 744 SSL_CTX *ctx = NULL; 745 BIO *sock = NULL; 746 unsigned long port; 747 748 if (argc != 4) { 749 fprintf(stderr, "usage: %s <port> <server.crt> <server.key>\n", argv[0]); 750 goto out; 751 } 752 753 fileprefix = getenv("FILEPREFIX"); 754 if (fileprefix == NULL) 755 fileprefix = "./downloads"; 756 757 fprintf(stderr, "Fileprefix is %s\n", fileprefix); 758 759 /* Create SSL_CTX that supports QUIC. */ 760 if ((ctx = create_ctx(argv[2], argv[3])) == NULL) { 761 ERR_print_errors_fp(stderr); 762 fprintf(stderr, "Failed to create context\n"); 763 goto out; 764 } 765 766 /* Parse port number from command line arguments. */ 767 port = strtoul(argv[1], NULL, 0); 768 if (port == 0 || port > UINT16_MAX) { 769 fprintf(stderr, "Failed to parse port number\n"); 770 goto out; 771 } 772 fprintf(stderr, "Binding to port %lu\n", port); 773 774 /* Create and bind a UDP socket. */ 775 if ((sock = create_socket((uint16_t)port)) == NULL) { 776 ERR_print_errors_fp(stderr); 777 fprintf(stderr, "Failed to create socket\n"); 778 goto out; 779 } 780 781 /* QUIC server connection acceptance loop. */ 782 if (!run_quic_server(ctx, sock)) { 783 ERR_print_errors_fp(stderr); 784 fprintf(stderr, "Failed to run quic server\n"); 785 goto out; 786 } 787 788 res = EXIT_SUCCESS; 789 out: 790 /* Free resources. */ 791 SSL_CTX_free(ctx); 792 BIO_free(sock); 793 return res; 794 } 795