]> git.ipfire.org Git - thirdparty/openssl.git/blame - apps/s_server.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
[thirdparty/openssl.git] / apps / s_server.c
CommitLineData
d02b48c6 1/* apps/s_server.c */
58964a49 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6
RE		 3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <sys/types.h>
63#include <sys/stat.h>
58964a49 64#ifdef NO_STDIO
d02b48c6
RE		 65#define APPS_WIN16
66#endif
67#include "lhash.h"
68#include "bn.h"
69#define USE_SOCKETS
70#include "apps.h"
71#include "err.h"
72#include "pem.h"
73#include "x509.h"
74#include "ssl.h"
75#include "s_apps.h"
76
77#ifndef NOPROTO
78static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
79static int sv_body(char *hostname, int s);
80static int www_body(char *hostname, int s);
81static void close_accept_socket(void );
82static void sv_usage(void);
83static int init_ssl_connection(SSL *s);
84static void print_stats(BIO *bp,SSL_CTX *ctx);
58964a49 85#ifndef NO_DH
d02b48c6
RE		 86static DH *load_dh_param(void );
87static DH *get_dh512(void);
58964a49
RE		 88#endif
89/* static void s_server_init(void);*/
d02b48c6
RE		 90#else
91static RSA MS_CALLBACK *tmp_rsa_cb();
92static int sv_body();
93static int www_body();
94static void close_accept_socket();
95static void sv_usage();
96static int init_ssl_connection();
97static void print_stats();
58964a49 98#ifndef NO_DH
d02b48c6
RE		 99static DH *load_dh_param();
100static DH *get_dh512();
101#endif
58964a49
RE		 102/* static void s_server_init(); */
103#endif
d02b48c6
RE		 104
105
106#ifndef S_ISDIR
107#define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
108#endif
109
58964a49 110#ifndef NO_DH
d02b48c6
RE		 111static unsigned char dh512_p[]={
112 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
113 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
114 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
115 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
116 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
117 0x47,0x74,0xE8,0x33,
118 };
119static unsigned char dh512_g[]={
120 0x02,
121 };
122
123static DH *get_dh512()
124 {
125 DH *dh=NULL;
126
d02b48c6
RE		 127 if ((dh=DH_new()) == NULL) return(NULL);
128 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
129 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
130 if ((dh->p == NULL) || (dh->g == NULL))
131 return(NULL);
d02b48c6
RE		 132 return(dh);
133 }
58964a49 134#endif
d02b48c6
RE		 135
136/* static int load_CA(SSL_CTX *ctx, char *file);*/
137
138#undef BUFSIZZ
dfeab068
RE		 139#define BUFSIZZ 16*1024
140static int bufsize=32;
d02b48c6
RE		 141static int accept_socket= -1;
142
143#define TEST_CERT "server.pem"
144#undef PROG
145#define PROG s_server_main
146
147#define DH_PARAM "server.pem"
148
149extern int verify_depth;
150
151static char *cipher=NULL;
58964a49
RE		 152static int s_server_verify=SSL_VERIFY_NONE;
153static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
154static char *s_dcert_file=NULL,*s_dkey_file=NULL;
d02b48c6
RE		 155#ifdef FIONBIO
156static int s_nbio=0;
157#endif
158static int s_nbio_test=0;
159static SSL_CTX *ctx=NULL;
160static int www=0;
161
162static BIO *bio_s_out=NULL;
163static int s_debug=0;
164static int s_quiet=0;
165
58964a49
RE		 166#if 0
167static void s_server_init()
168 {
169 cipher=NULL;
170 s_server_verify=SSL_VERIFY_NONE;
171 s_dcert_file=NULL;
172 s_dkey_file=NULL;
173 s_cert_file=TEST_CERT;
174 s_key_file=NULL;
175#ifdef FIONBIO
176 s_nbio=0;
177#endif
178 s_nbio_test=0;
179 ctx=NULL;
180 www=0;
181
182 bio_s_out=NULL;
183 s_debug=0;
184 s_quiet=0;
185 }
186#endif
187
d02b48c6
RE		 188static void sv_usage()
189 {
190 BIO_printf(bio_err,"usage: s_server [args ...]\n");
191 BIO_printf(bio_err,"\n");
58964a49 192 BIO_printf(bio_err," -accept arg - port to accept on (default is %d\n",PORT);
d02b48c6
RE		 193 BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
194 BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
195 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
196 BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
197 BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n");
198 BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
199#ifdef FIONBIO
200 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
201#endif
202 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
203 BIO_printf(bio_err," -debug - Print more output\n");
204 BIO_printf(bio_err," -state - Print the SSL states\n");
205 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
206 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
207 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
208 BIO_printf(bio_err," -cipher arg - play with 'ssleay ciphers' to see what goes here\n");
209 BIO_printf(bio_err," -quiet - No server output\n");
210 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
211 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
212 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
58964a49
RE		 213 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
214 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
215 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
216 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
d02b48c6
RE		 217 BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n");
218 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
219 BIO_printf(bio_err," -WWW - Returns requested page from to a 'GET <path> HTTP/1.0'\n");
220 }
221
58964a49 222static int local_argc=0;
d02b48c6 223static char **local_argv;
58964a49 224static int hack=0;
d02b48c6
RE		 225
226int MAIN(argc, argv)
227int argc;
228char *argv[];
229 {
230 short port=PORT;
231 char *CApath=NULL,*CAfile=NULL;
232 int badop=0,bugs=0;
233 int ret=1;
58964a49 234 int off=0;
d02b48c6
RE		 235 int no_tmp_rsa=0,nocert=0;
236 int state=0;
237 SSL_METHOD *meth=NULL;
58964a49 238#ifndef NO_DH
d02b48c6 239 DH *dh=NULL;
58964a49 240#endif
d02b48c6
RE		 241
242#if !defined(NO_SSL2) && !defined(NO_SSL3)
243 meth=SSLv23_server_method();
244#elif !defined(NO_SSL3)
245 meth=SSLv3_server_method();
246#elif !defined(NO_SSL2)
247 meth=SSLv2_server_method();
248#endif
249
250 local_argc=argc;
251 local_argv=argv;
252
253 apps_startup();
254 s_quiet=0;
255 s_debug=0;
256
257 if (bio_err == NULL)
258 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
259
260 verify_depth=0;
261#ifdef FIONBIO
262 s_nbio=0;
263#endif
264 s_nbio_test=0;
265
266 argc--;
267 argv++;
268
269 while (argc >= 1)
270 {
271 if ((strcmp(*argv,"-port") == 0) ||
272 (strcmp(*argv,"-accept") == 0))
273 {
274 if (--argc < 1) goto bad;
275 if (!extract_port(*(++argv),&port))
276 goto bad;
277 }
278 else if (strcmp(*argv,"-verify") == 0)
279 {
58964a49 280 s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
d02b48c6
RE		 281 if (--argc < 1) goto bad;
282 verify_depth=atoi(*(++argv));
283 BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
284 }
285 else if (strcmp(*argv,"-Verify") == 0)
286 {
58964a49 287 s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
d02b48c6
RE		 288 SSL_VERIFY_CLIENT_ONCE;
289 if (--argc < 1) goto bad;
290 verify_depth=atoi(*(++argv));
291 BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
292 }
293 else if (strcmp(*argv,"-cert") == 0)
294 {
295 if (--argc < 1) goto bad;
296 s_cert_file= *(++argv);
297 }
298 else if (strcmp(*argv,"-key") == 0)
299 {
300 if (--argc < 1) goto bad;
301 s_key_file= *(++argv);
302 }
58964a49
RE		 303 else if (strcmp(*argv,"-dcert") == 0)
304 {
305 if (--argc < 1) goto bad;
306 s_dcert_file= *(++argv);
307 }
308 else if (strcmp(*argv,"-dkey") == 0)
309 {
310 if (--argc < 1) goto bad;
311 s_dkey_file= *(++argv);
312 }
d02b48c6
RE		 313 else if (strcmp(*argv,"-nocert") == 0)
314 {
315 nocert=1;
316 }
317 else if (strcmp(*argv,"-CApath") == 0)
318 {
319 if (--argc < 1) goto bad;
320 CApath= *(++argv);
321 }
322 else if (strcmp(*argv,"-cipher") == 0)
323 {
324 if (--argc < 1) goto bad;
325 cipher= *(++argv);
326 }
327 else if (strcmp(*argv,"-CAfile") == 0)
328 {
329 if (--argc < 1) goto bad;
330 CAfile= *(++argv);
331 }
332#ifdef FIONBIO
333 else if (strcmp(*argv,"-nbio") == 0)
334 { s_nbio=1; }
335#endif
336 else if (strcmp(*argv,"-nbio_test") == 0)
337 {
338#ifdef FIONBIO
339 s_nbio=1;
340#endif
341 s_nbio_test=1;
342 }
343 else if (strcmp(*argv,"-debug") == 0)
344 { s_debug=1; }
345 else if (strcmp(*argv,"-hack") == 0)
346 { hack=1; }
347 else if (strcmp(*argv,"-state") == 0)
348 { state=1; }
349 else if (strcmp(*argv,"-quiet") == 0)
350 { s_quiet=1; }
351 else if (strcmp(*argv,"-bugs") == 0)
352 { bugs=1; }
353 else if (strcmp(*argv,"-no_tmp_rsa") == 0)
354 { no_tmp_rsa=1; }
355 else if (strcmp(*argv,"-www") == 0)
356 { www=1; }
357 else if (strcmp(*argv,"-WWW") == 0)
358 { www=2; }
58964a49
RE		 359 else if (strcmp(*argv,"-no_ssl2") == 0)
360 { off|=SSL_OP_NO_SSLv2; }
361 else if (strcmp(*argv,"-no_ssl3") == 0)
362 { off|=SSL_OP_NO_SSLv3; }
363 else if (strcmp(*argv,"-no_tls1") == 0)
364 { off|=SSL_OP_NO_TLSv1; }
d02b48c6
RE		 365#ifndef NO_SSL2
366 else if (strcmp(*argv,"-ssl2") == 0)
367 { meth=SSLv2_server_method(); }
368#endif
369#ifndef NO_SSL3
370 else if (strcmp(*argv,"-ssl3") == 0)
371 { meth=SSLv3_server_method(); }
58964a49
RE		 372#endif
373#ifndef NO_TLS1
374 else if (strcmp(*argv,"-tls1") == 0)
375 { meth=TLSv1_server_method(); }
d02b48c6
RE		 376#endif
377 else
378 {
379 BIO_printf(bio_err,"unknown option %s\n",*argv);
380 badop=1;
381 break;
382 }
383 argc--;
384 argv++;
385 }
386 if (badop)
387 {
388bad:
389 sv_usage();
390 goto end;
391 }
392
393 if (bio_s_out == NULL)
394 {
395 if (s_quiet && !s_debug)
396 {
397 bio_s_out=BIO_new(BIO_s_null());
398 }
399 else
400 {
401 if (bio_s_out == NULL)
402 bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE);
403 }
404 }
405
406#if !defined(NO_RSA) || !defined(NO_DSA)
407 if (nocert)
408#endif
409 {
410 s_cert_file=NULL;
411 s_key_file=NULL;
58964a49
RE		 412 s_dcert_file=NULL;
413 s_dkey_file=NULL;
d02b48c6
RE		 414 }
415
416 SSL_load_error_strings();
417 SSLeay_add_ssl_algorithms();
418
419 ctx=SSL_CTX_new(meth);
420 if (ctx == NULL)
421 {
422 ERR_print_errors(bio_err);
423 goto end;
424 }
425
58964a49 426 SSL_CTX_set_quiet_shutdown(ctx,1);
d02b48c6
RE		 427 if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
428 if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
58964a49 429 SSL_CTX_set_options(ctx,off);
d02b48c6
RE		 430 if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
431
432 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
433
58964a49
RE		 434 SSL_CTX_sess_set_cache_size(ctx,128);
435
d02b48c6
RE		 436#if 0
437 if (cipher == NULL) cipher=getenv("SSL_CIPHER");
438#endif
439
440#if 0
441 if (s_cert_file == NULL)
442 {
443 BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");
444 goto end;
445 }
446#endif
447
448 if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
449 (!SSL_CTX_set_default_verify_paths(ctx)))
450 {
58964a49 451 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
d02b48c6 452 ERR_print_errors(bio_err);
58964a49 453 /* goto end; */
d02b48c6
RE		 454 }
455
456#ifndef NO_DH
457 /* EAY EAY EAY evil hack */
458 dh=load_dh_param();
459 if (dh != NULL)
460 {
461 BIO_printf(bio_s_out,"Setting temp DH parameters\n");
462 }
463 else
464 {
465 BIO_printf(bio_s_out,"Using default temp DH parameters\n");
466 dh=get_dh512();
467 }
468 BIO_flush(bio_s_out);
469
470 SSL_CTX_set_tmp_dh(ctx,dh);
471 DH_free(dh);
472#endif
473
474 if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
475 goto end;
58964a49
RE		 476 if (s_dcert_file != NULL)
477 {
478 if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file))
479 goto end;
480 }
d02b48c6
RE		 481
482#if 1
483 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
484#else
485 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
486 {
487 RSA *rsa;
488
489 BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");
490 BIO_flush(bio_s_out);
491
492 rsa=RSA_generate_key(512,RSA_F4,NULL);
493
494 if (!SSL_CTX_set_tmp_rsa(ctx,rsa))
495 {
496 ERR_print_errors(bio_err);
497 goto end;
498 }
499 RSA_free(rsa);
500 BIO_printf(bio_s_out,"\n");
501 }
502#endif
503
504 if (cipher != NULL)
505 SSL_CTX_set_cipher_list(ctx,cipher);
58964a49 506 SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
d02b48c6
RE		 507
508 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
509
510 BIO_printf(bio_s_out,"ACCEPT\n");
511 if (www)
512 do_server(port,&accept_socket,www_body);
513 else
514 do_server(port,&accept_socket,sv_body);
515 print_stats(bio_s_out,ctx);
516 ret=0;
517end:
518 if (ctx != NULL) SSL_CTX_free(ctx);
519 if (bio_s_out != NULL)
520 {
521 BIO_free(bio_s_out);
522 bio_s_out=NULL;
523 }
524 EXIT(ret);
525 }
526
527static void print_stats(bio,ssl_ctx)
528BIO *bio;
529SSL_CTX *ssl_ctx;
530 {
531 BIO_printf(bio,"%4ld items in the session cache\n",
532 SSL_CTX_sess_number(ssl_ctx));
533 BIO_printf(bio,"%4d client connects (SSL_connect())\n",
534 SSL_CTX_sess_connect(ssl_ctx));
58964a49
RE		 535 BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n",
536 SSL_CTX_sess_connect_renegotiate(ssl_ctx));
d02b48c6
RE		 537 BIO_printf(bio,"%4d client connects that finished\n",
538 SSL_CTX_sess_connect_good(ssl_ctx));
539 BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
540 SSL_CTX_sess_accept(ssl_ctx));
58964a49
RE		 541 BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n",
542 SSL_CTX_sess_accept_renegotiate(ssl_ctx));
d02b48c6
RE		 543 BIO_printf(bio,"%4d server accepts that finished\n",
544 SSL_CTX_sess_accept_good(ssl_ctx));
545 BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
546 BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
547 BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
548 BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
58964a49
RE		 549 BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
550 SSL_CTX_sess_cache_full(ssl_ctx),
551 SSL_CTX_sess_get_cache_size(ssl_ctx));
d02b48c6
RE		 552 }
553
554static int sv_body(hostname, s)
555char *hostname;
556int s;
557 {
558 char *buf=NULL;
559 fd_set readfds;
560 int ret=1,width;
561 int k,i;
562 unsigned long l;
563 SSL *con=NULL;
564 BIO *sbio;
565
dfeab068 566 if ((buf=Malloc(bufsize)) == NULL)
d02b48c6
RE		 567 {
568 BIO_printf(bio_err,"out of memory\n");
569 goto err;
570 }
571#ifdef FIONBIO
572 if (s_nbio)
573 {
574 unsigned long sl=1;
575
576 if (!s_quiet)
577 BIO_printf(bio_err,"turning on non blocking io\n");
58964a49
RE		 578 if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
579 ERR_print_errors(bio_err);
d02b48c6
RE		 580 }
581#endif
582
583 if (con == NULL)
584 con=(SSL *)SSL_new(ctx);
585 SSL_clear(con);
586
587 sbio=BIO_new_socket(s,BIO_NOCLOSE);
588 if (s_nbio_test)
589 {
590 BIO *test;
591
592 test=BIO_new(BIO_f_nbio_test());
593 sbio=BIO_push(test,sbio);
594 }
595 SSL_set_bio(con,sbio,sbio);
596 SSL_set_accept_state(con);
597 /* SSL_set_fd(con,s); */
598
599 if (s_debug)
600 {
601 con->debug=1;
602 BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
603 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
604 }
605
606 width=s+1;
607 for (;;)
608 {
609 FD_ZERO(&readfds);
610#ifndef WINDOWS
611 FD_SET(fileno(stdin),&readfds);
612#endif
613 FD_SET(s,&readfds);
614 i=select(width,&readfds,NULL,NULL,NULL);
615 if (i <= 0) continue;
616 if (FD_ISSET(fileno(stdin),&readfds))
617 {
dfeab068 618 i=read(fileno(stdin),buf,bufsize);
d02b48c6
RE		 619 if (!s_quiet)
620 {
621 if ((i <= 0) || (buf[0] == 'Q'))
622 {
623 BIO_printf(bio_s_out,"DONE\n");
624 SHUTDOWN(s);
625 close_accept_socket();
626 ret= -11;
627 goto err;
628 }
629 if ((i <= 0) || (buf[0] == 'q'))
630 {
631 BIO_printf(bio_s_out,"DONE\n");
632 SHUTDOWN(s);
633 /* close_accept_socket();
634 ret= -11;*/
635 goto err;
636 }
58964a49
RE		 637 if ((buf[0] == 'r') &&
638 ((buf[1] == '\n') || (buf[1] == '\r')))
d02b48c6
RE		 639 {
640 SSL_renegotiate(con);
58964a49
RE		 641 i=SSL_do_handshake(con);
642 printf("SSL_do_handshake -> %d\n",i);
d02b48c6
RE		 643 i=0; /*13; */
644 continue;
dfeab068 645 /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
d02b48c6 646 }
58964a49
RE		 647 if ((buf[0] == 'R') &&
648 ((buf[1] == '\0') || (buf[1] == '\r')))
d02b48c6
RE		 649 {
650 SSL_set_verify(con,
651 SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
652 SSL_renegotiate(con);
58964a49
RE		 653 i=SSL_do_handshake(con);
654 printf("SSL_do_handshake -> %d\n",i);
d02b48c6
RE		 655 i=0; /* 13; */
656 continue;
dfeab068 657 /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
d02b48c6
RE		 658 }
659 if (buf[0] == 'P')
660 {
661 static char *str="Lets print some clear text\n";
662 BIO_write(SSL_get_wbio(con),str,strlen(str));
663 }
664 if (buf[0] == 'S')
665 {
666 print_stats(bio_s_out,SSL_get_SSL_CTX(con));
667 }
668 }
669 l=k=0;
670 for (;;)
671 {
672 /* should do a select for the write */
58964a49
RE		 673#ifdef RENEG
674{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
d02b48c6 675#endif
58964a49
RE		 676 k=SSL_write(con,&(buf[l]),(unsigned int)i);
677 switch (SSL_get_error(con,k))
d02b48c6 678 {
58964a49
RE		 679 case SSL_ERROR_NONE:
680 break;
681 case SSL_ERROR_WANT_WRITE:
682 case SSL_ERROR_WANT_READ:
683 case SSL_ERROR_WANT_X509_LOOKUP:
d02b48c6 684 BIO_printf(bio_s_out,"Write BLOCK\n");
58964a49
RE		 685 break;
686 case SSL_ERROR_SYSCALL:
687 case SSL_ERROR_SSL:
688 BIO_printf(bio_s_out,"ERROR\n");
d02b48c6 689 ERR_print_errors(bio_err);
58964a49
RE		 690 ret=1;
691 goto err;
dfeab068 692 /* break; */
58964a49 693 case SSL_ERROR_ZERO_RETURN:
d02b48c6
RE		 694 BIO_printf(bio_s_out,"DONE\n");
695 ret=1;
696 goto err;
697 }
698 l+=k;
699 i-=k;
700 if (i <= 0) break;
701 }
702 }
703 if (FD_ISSET(s,&readfds))
704 {
705 if (!SSL_is_init_finished(con))
706 {
707 i=init_ssl_connection(con);
708
709 if (i < 0)
710 {
711 ret=0;
712 goto err;
713 }
714 else if (i == 0)
715 {
716 ret=1;
717 goto err;
718 }
719 }
720 else
721 {
dfeab068
RE		 722again:
723 i=SSL_read(con,(char *)buf,bufsize);
58964a49 724 switch (SSL_get_error(con,i))
d02b48c6 725 {
58964a49
RE		 726 case SSL_ERROR_NONE:
727 write(fileno(stdout),buf,
728 (unsigned int)i);
dfeab068 729 if (SSL_pending(con)) goto again;
58964a49
RE		 730 break;
731 case SSL_ERROR_WANT_WRITE:
732 case SSL_ERROR_WANT_READ:
733 case SSL_ERROR_WANT_X509_LOOKUP:
d02b48c6 734 BIO_printf(bio_s_out,"Read BLOCK\n");
58964a49
RE		 735 break;
736 case SSL_ERROR_SYSCALL:
737 case SSL_ERROR_SSL:
738 BIO_printf(bio_s_out,"ERROR\n");
d02b48c6 739 ERR_print_errors(bio_err);
58964a49
RE		 740 ret=1;
741 goto err;
742 case SSL_ERROR_ZERO_RETURN:
d02b48c6
RE		 743 BIO_printf(bio_s_out,"DONE\n");
744 ret=1;
745 goto err;
746 }
d02b48c6
RE		 747 }
748 }
749 }
750err:
751 BIO_printf(bio_s_out,"shutting down SSL\n");
752#if 1
753 SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
754#else
755 SSL_shutdown(con);
756#endif
757 if (con != NULL) SSL_free(con);
758 BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
759 if (buf != NULL)
760 {
dfeab068 761 memset(buf,0,bufsize);
d02b48c6
RE		 762 Free(buf);
763 }
764 if (ret >= 0)
765 BIO_printf(bio_s_out,"ACCEPT\n");
766 return(ret);
767 }
768
769static void close_accept_socket()
770 {
771 BIO_printf(bio_err,"shutdown accept socket\n");
772 if (accept_socket >= 0)
773 {
774 SHUTDOWN2(accept_socket);
775 }
776 }
777
778static int init_ssl_connection(con)
779SSL *con;
780 {
781 int i;
782 char *str;
783 X509 *peer;
58964a49 784 long verify_error;
d02b48c6
RE		 785 MS_STATIC char buf[BUFSIZ];
786
787 if ((i=SSL_accept(con)) <= 0)
788 {
789 if (BIO_sock_should_retry(i))
790 {
791 BIO_printf(bio_s_out,"DELAY\n");
792 return(1);
793 }
794
795 BIO_printf(bio_err,"ERROR\n");
796 verify_error=SSL_get_verify_result(con);
797 if (verify_error != X509_V_OK)
798 {
799 BIO_printf(bio_err,"verify error:%s\n",
800 X509_verify_cert_error_string(verify_error));
801 }
802 else
803 ERR_print_errors(bio_err);
804 return(0);
805 }
806
807 PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
808
809 peer=SSL_get_peer_certificate(con);
810 if (peer != NULL)
811 {
812 BIO_printf(bio_s_out,"Client certificate\n");
813 PEM_write_bio_X509(bio_s_out,peer);
814 X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
815 BIO_printf(bio_s_out,"subject=%s\n",buf);
816 X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
817 BIO_printf(bio_s_out,"issuer=%s\n",buf);
818 X509_free(peer);
819 }
820
821 if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
822 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
823 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
824 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
825 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
dfeab068
RE		 826 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
827 TLS1_FLAGS_TLS_PADDING_BUG)
828 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
829
d02b48c6
RE		 830 return(1);
831 }
832
58964a49 833#ifndef NO_DH
d02b48c6
RE		 834static DH *load_dh_param()
835 {
836 DH *ret=NULL;
837 BIO *bio;
838
d02b48c6
RE		 839 if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
840 goto err;
841 ret=PEM_read_bio_DHparams(bio,NULL,NULL);
842err:
843 if (bio != NULL) BIO_free(bio);
d02b48c6
RE		 844 return(ret);
845 }
58964a49 846#endif
d02b48c6
RE		 847
848#if 0
849static int load_CA(ctx,file)
850SSL_CTX *ctx;
851char *file;
852 {
853 FILE *in;
854 X509 *x=NULL;
855
856 if ((in=fopen(file,"r")) == NULL)
857 return(0);
858
859 for (;;)
860 {
861 if (PEM_read_X509(in,&x,NULL) == NULL)
862 break;
863 SSL_CTX_add_client_CA(ctx,x);
864 }
865 if (x != NULL) X509_free(x);
866 fclose(in);
867 return(1);
868 }
869#endif
870
871static int www_body(hostname, s)
872char *hostname;
873int s;
874 {
dfeab068 875 char *buf=NULL;
d02b48c6
RE		 876 int ret=1;
877 int i,j,k,blank,dot;
878 struct stat st_buf;
879 SSL *con;
880 SSL_CIPHER *c;
881 BIO *io,*ssl_bio,*sbio;
58964a49 882 long total_bytes;
d02b48c6 883
dfeab068
RE		 884 buf=Malloc(bufsize);
885 if (buf == NULL) return(0);
d02b48c6
RE		 886 io=BIO_new(BIO_f_buffer());
887 ssl_bio=BIO_new(BIO_f_ssl());
888 if ((io == NULL) || (ssl_bio == NULL)) goto err;
889
890#ifdef FIONBIO
891 if (s_nbio)
892 {
58964a49 893 unsigned long sl=1;
d02b48c6
RE		 894
895 if (!s_quiet)
896 BIO_printf(bio_err,"turning on non blocking io\n");
58964a49
RE		 897 if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
898 ERR_print_errors(bio_err);
d02b48c6
RE		 899 }
900#endif
901
902 /* lets make the output buffer a reasonable size */
dfeab068 903 if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
d02b48c6
RE		 904
905 if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
906
907 sbio=BIO_new_socket(s,BIO_NOCLOSE);
908 if (s_nbio_test)
909 {
910 BIO *test;
911
912 test=BIO_new(BIO_f_nbio_test());
913 sbio=BIO_push(test,sbio);
914 }
915 SSL_set_bio(con,sbio,sbio);
916 SSL_set_accept_state(con);
917
918 /* SSL_set_fd(con,s); */
919 BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
920 BIO_push(io,ssl_bio);
921
922 if (s_debug)
923 {
924 con->debug=1;
925 BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
926 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
927 }
928
929 blank=0;
930 for (;;)
931 {
932 if (hack)
933 {
934 i=SSL_accept(con);
935
936 switch (SSL_get_error(con,i))
937 {
938 case SSL_ERROR_NONE:
939 break;
940 case SSL_ERROR_WANT_WRITE:
941 case SSL_ERROR_WANT_READ:
942 case SSL_ERROR_WANT_X509_LOOKUP:
943 continue;
944 case SSL_ERROR_SYSCALL:
945 case SSL_ERROR_SSL:
946 case SSL_ERROR_ZERO_RETURN:
947 ret=1;
948 goto err;
dfeab068 949 /* break; */
d02b48c6
RE		 950 }
951
952 SSL_renegotiate(con);
953 SSL_write(con,NULL,0);
954 }
955
dfeab068 956 i=BIO_gets(io,buf,bufsize-1);
d02b48c6
RE		 957 if (i < 0) /* error */
958 {
959 if (!BIO_should_retry(io))
960 {
961 if (!s_quiet)
962 ERR_print_errors(bio_err);
963 goto err;
964 }
965 else
966 {
967 BIO_printf(bio_s_out,"read R BLOCK\n");
968#ifndef MSDOS
969 sleep(1);
970#endif
971 continue;
972 }
973 }
974 else if (i == 0) /* end of input */
975 {
976 ret=1;
977 goto end;
978 }
979
980 /* else we have data */
981 if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
58964a49 982 ((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
d02b48c6
RE		 983 {
984 char *p;
985 X509 *peer;
986 STACK *sk;
58964a49 987 static char *space=" ";
d02b48c6
RE		 988
989 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
58964a49 990 BIO_puts(io,"<HTML><BODY BGCOLOR=ffffff>\n");
d02b48c6
RE		 991 BIO_puts(io,"<pre>\n");
992/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
993 BIO_puts(io,"\n");
994 for (i=0; i<local_argc; i++)
995 {
996 BIO_puts(io,local_argv[i]);
997 BIO_write(io," ",1);
998 }
999 BIO_puts(io,"\n");
1000
1001 /* The following is evil and should not really
1002 * be done */
1003 BIO_printf(io,"Ciphers supported in s_server binary\n");
1004 sk=SSL_get_ciphers(con);
1005 j=sk_num(sk);
1006 for (i=0; i<j; i++)
1007 {
1008 c=(SSL_CIPHER *)sk_value(sk,i);
58964a49 1009 BIO_printf(io,"%-11s:%-25s",
d02b48c6
RE		 1010 SSL_CIPHER_get_version(c),
1011 SSL_CIPHER_get_name(c));
58964a49 1012 if ((((i+1)%2) == 0) && (i+1 != j))
d02b48c6
RE		 1013 BIO_puts(io,"\n");
1014 }
1015 BIO_puts(io,"\n");
dfeab068 1016 p=SSL_get_shared_ciphers(con,buf,bufsize);
d02b48c6
RE		 1017 if (p != NULL)
1018 {
1019 BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
1020 j=i=0;
1021 while (*p)
1022 {
1023 if (*p == ':')
1024 {
58964a49 1025 BIO_write(io,space,26-j);
d02b48c6
RE		 1026 i++;
1027 j=0;
1028 BIO_write(io,((i%3)?" ":"\n"),1);
1029 }
1030 else
1031 {
1032 BIO_write(io,p,1);
1033 j++;
1034 }
1035 p++;
1036 }
1037 BIO_puts(io,"\n");
1038 }
1039 BIO_printf(io,((con->hit)
1040 ?"---\nReused, "
1041 :"---\nNew, "));
1042 c=SSL_get_current_cipher(con);
58964a49 1043 BIO_printf(io,"%s, Cipher is %s\n",
d02b48c6
RE		 1044 SSL_CIPHER_get_version(c),
1045 SSL_CIPHER_get_name(c));
1046 SSL_SESSION_print(io,SSL_get_session(con));
1047 BIO_printf(io,"---\n");
1048 print_stats(io,SSL_get_SSL_CTX(con));
1049 BIO_printf(io,"---\n");
1050 peer=SSL_get_peer_certificate(con);
1051 if (peer != NULL)
1052 {
1053 BIO_printf(io,"Client certificate\n");
1054 X509_print(io,peer);
1055 PEM_write_bio_X509(io,peer);
1056 }
1057 else
1058 BIO_puts(io,"no client certificate available\n");
58964a49 1059 BIO_puts(io,"</BODY></HTML>\r\n\r\n");
d02b48c6
RE		 1060 break;
1061 }
1062 else if ((www == 2) && (strncmp("GET ",buf,4) == 0))
1063 {
1064 BIO *file;
1065 char *p,*e;
1066 static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
1067
1068 /* skip the '/' */
1069 p= &(buf[5]);
1070 dot=0;
1071 for (e=p; *e != '\0'; e++)
1072 {
1073 if (e[0] == ' ') break;
1074 if ( (e[0] == '.') &&
1075 (strncmp(&(e[-1]),"/../",4) == 0))
1076 dot=1;
1077 }
58964a49 1078
d02b48c6
RE		 1079
1080 if (*e == '\0')
1081 {
1082 BIO_puts(io,text);
1083 BIO_printf(io,"'%s' is an invalid file name\r\n",p);
1084 break;
1085 }
1086 *e='\0';
1087
1088 if (dot)
1089 {
1090 BIO_puts(io,text);
1091 BIO_printf(io,"'%s' contains '..' reference\r\n",p);
1092 break;
1093 }
1094
1095 if (*p == '/')
1096 {
1097 BIO_puts(io,text);
1098 BIO_printf(io,"'%s' is an invalid path\r\n",p);
1099 break;
1100 }
1101
1102 /* append if a directory lookup */
1103 if (e[-1] == '/')
1104 strcat(p,"index.html");
1105
1106 /* if a directory, do the index thang */
1107 if (stat(p,&st_buf) < 0)
1108 {
1109 BIO_puts(io,text);
1110 BIO_printf(io,"Error accessing '%s'\r\n",p);
1111 ERR_print_errors(io);
1112 break;
1113 }
1114 if (S_ISDIR(st_buf.st_mode))
1115 {
1116 strcat(p,"/index.html");
1117 }
1118
1119 if ((file=BIO_new_file(p,"r")) == NULL)
1120 {
1121 BIO_puts(io,text);
1122 BIO_printf(io,"Error opening '%s'\r\n",p);
1123 ERR_print_errors(io);
1124 break;
1125 }
1126
1127 if (!s_quiet)
1128 BIO_printf(bio_err,"FILE:%s\n",p);
1129
1130 i=strlen(p);
1131 if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
1132 ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
1133 ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
1134 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
1135 else
1136 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
1137 /* send the file */
58964a49 1138 total_bytes=0;
d02b48c6
RE		 1139 for (;;)
1140 {
dfeab068 1141 i=BIO_read(file,buf,bufsize);
d02b48c6
RE		 1142 if (i <= 0) break;
1143
dfeab068 1144#ifdef RENEG
58964a49
RE		 1145 total_bytes+=i;
1146 fprintf(stderr,"%d\n",i);
1147 if (total_bytes > 3*1024)
1148 {
1149 total_bytes=0;
1150 fprintf(stderr,"RENEGOTIATE\n");
1151 SSL_renegotiate(con);
1152 }
dfeab068 1153#endif
58964a49 1154
d02b48c6
RE		 1155 for (j=0; j<i; )
1156 {
58964a49
RE		 1157#ifdef RENEG
1158{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
1159#endif
d02b48c6
RE		 1160 k=BIO_write(io,&(buf[j]),i-j);
1161 if (k <= 0)
1162 {
1163 if (!BIO_should_retry(io))
58964a49 1164 goto write_error;
d02b48c6
RE		 1165 else
1166 {
1167 BIO_printf(bio_s_out,"rwrite W BLOCK\n");
1168 }
1169 }
1170 else
1171 {
1172 j+=k;
1173 }
1174 }
1175 }
58964a49 1176write_error:
d02b48c6
RE		 1177 BIO_free(file);
1178 break;
1179 }
1180 }
1181
1182 for (;;)
1183 {
1184 i=(int)BIO_flush(io);
1185 if (i <= 0)
1186 {
1187 if (!BIO_should_retry(io))
1188 break;
1189 }
1190 else
1191 break;
1192 }
1193end:
58964a49 1194#if 1
d02b48c6
RE		 1195 /* make sure we re-use sessions */
1196 SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
1197#else
1198 /* This kills performace */
58964a49
RE		 1199/* SSL_shutdown(con); A shutdown gets sent in the
1200 * BIO_free_all(io) procession */
d02b48c6
RE		 1201#endif
1202
1203err:
1204
1205 if (ret >= 0)
1206 BIO_printf(bio_s_out,"ACCEPT\n");
1207
dfeab068 1208 if (buf != NULL) Free(buf);
d02b48c6 1209 if (io != NULL) BIO_free_all(io);
58964a49 1210/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
d02b48c6
RE		 1211 return(ret);
1212 }
1213
1214static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
1215SSL *s;
1216int export;
1217 {
1218 static RSA *rsa_tmp=NULL;
1219
1220 if (rsa_tmp == NULL)
1221 {
1222 if (!s_quiet)
1223 {
1224 BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
1225 BIO_flush(bio_err);
1226 }
1227#ifndef NO_RSA
58964a49 1228 rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
d02b48c6
RE		 1229#endif
1230 if (!s_quiet)
1231 {
1232 BIO_printf(bio_err,"\n");
1233 BIO_flush(bio_err);
1234 }
1235 }
1236 return(rsa_tmp);
1237 }
A mirror of the official openssl repository