From: Dr. David von Oheimb Date: Tue, 13 Jul 2021 08:20:38 +0000 (+0200) Subject: Fix HTTP server port output and allow dynamic verbosity setting X-Git-Tag: openssl-3.2.0-alpha1~3303 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4599ea9fe31953c0c50738ed4b91ade76a693356;p=thirdparty%2Fopenssl.git Fix HTTP server port output and allow dynamic verbosity setting Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16061) --- diff --git a/apps/cmp.c b/apps/cmp.c index 589cce12665..f646e3f7bc2 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -2568,7 +2568,7 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) { int retry = 1; int ret = 1; - if ((acbio = http_server_init_bio(prog, opt_port)) == NULL) + if ((acbio = http_server_init(prog, opt_port, opt_verbosity)) == NULL) return 0; while (opt_max_msgs <= 0 || msgs < opt_max_msgs) { char *path = NULL; @@ -2578,7 +2578,7 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) { ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG), (ASN1_VALUE **)&req, &path, &cbio, acbio, &keep_alive, - prog, opt_port, 0, 0); + prog, 0, 0); if (ret == 0) { /* no request yet */ if (retry) { ossl_sleep(1000); diff --git a/apps/include/http_server.h b/apps/include/http_server.h index 8c339660a65..3a81cbb1400 100644 --- a/apps/include/http_server.h +++ b/apps/include/http_server.h @@ -34,17 +34,19 @@ # include # include # define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ -# else -# undef LOG_DEBUG -# undef LOG_INFO -# undef LOG_WARNING -# undef LOG_ERR -# define LOG_DEBUG 7 -# define LOG_INFO 6 -# define LOG_WARNING 4 -# define LOG_ERR 3 # endif +# undef LOG_TRACE +# undef LOG_DEBUG +# undef LOG_INFO +# undef LOG_WARNING +# undef LOG_ERR +# define LOG_TRACE 8 +# define LOG_DEBUG 7 +# define LOG_INFO 6 +# define LOG_WARNING 4 +# define LOG_ERR 3 + /*- * Log a message to syslog if multi-threaded HTTP_DAEMON, else to bio_err * prog: the name of the current app @@ -56,12 +58,13 @@ void log_message(const char *prog, int level, const char *fmt, ...); # ifndef OPENSSL_NO_SOCK /*- - * Initialize an HTTP server by setting up its listening BIO + * Initialize an HTTP server, setting up its listening BIO * prog: the name of the current app * port: the port to listen on + * verbosity: the level of verbosity to use, or -1 for default: LOG_INFO * returns a BIO for accepting requests, NULL on error */ -BIO *http_server_init_bio(const char *prog, const char *port); +BIO *http_server_init(const char *prog, const char *port, int verbosity); /*- * Accept an ASN.1-formatted HTTP request @@ -72,7 +75,6 @@ BIO *http_server_init_bio(const char *prog, const char *port); * acbio: the listening bio (typically as returned by http_server_init_bio()) * found_keep_alive: for returning flag if client requests persistent connection * prog: the name of the current app, for diagnostics only - * port: the local port listening to, for diagnostics only * accept_get: whether to accept GET requests (in addition to POST requests) * timeout: connection timeout (in seconds), or 0 for none/infinite * returns 0 in case caller should retry, then *preq == *ppath == *pcbio == NULL @@ -86,8 +88,7 @@ BIO *http_server_init_bio(const char *prog, const char *port); int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, char **ppath, BIO **pcbio, BIO *acbio, int *found_keep_alive, - const char *prog, const char *port, - int accept_get, int timeout); + const char *prog, int accept_get, int timeout); /*- * Send an ASN.1-formatted HTTP response diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index 194ea746ed4..5b188b9892a 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -19,6 +19,7 @@ (SSL_is_dtls(s) || (SSL_version(s) < TLS1_3_VERSION)) typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); +void get_sock_info_address(int asock, char **hostname, char **service); int report_server_accept(BIO *out, int asock, int with_address, int with_pid); int do_server(int *accept_sock, const char *host, const char *port, int family, int type, int protocol, do_server_cb cb, diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c index 8f654660b40..e531201d17b 100644 --- a/apps/lib/http_server.c +++ b/apps/lib/http_server.c @@ -216,18 +216,27 @@ void spawn_loop(const char *prog) #endif #ifndef OPENSSL_NO_SOCK -BIO *http_server_init_bio(const char *prog, const char *port) +BIO *http_server_init(const char *prog, const char *port, int verb) { BIO *acbio = NULL, *bufbio; int asock; + int port_num; + if (verb >= 0) { + if (verb > LOG_TRACE) { + log_message(prog, LOG_ERR, + "Logging verbosity level %d too high", verb); + return NULL; + } + verbosity = verb; + } bufbio = BIO_new(BIO_f_buffer()); if (bufbio == NULL) goto err; acbio = BIO_new(BIO_s_accept()); if (acbio == NULL || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0 - || BIO_set_accept_port(acbio, port) < 0) { + || BIO_set_accept_port(acbio, port /* may be "0" */) < 0) { log_message(prog, LOG_ERR, "Error setting up accept BIO"); goto err; } @@ -241,7 +250,8 @@ BIO *http_server_init_bio(const char *prog, const char *port) /* Report back what address and port are used */ BIO_get_fd(acbio, &asock); - if (!report_server_accept(bio_out, asock, 1, 1)) { + port_num = report_server_accept(bio_out, asock, 1, 1); + if (port_num == 0) { log_message(prog, LOG_ERR, "Error printing ACCEPT string"); goto err; } @@ -283,8 +293,7 @@ static int urldecode(char *p) int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, char **ppath, BIO **pcbio, BIO *acbio, int *found_keep_alive, - const char *prog, const char *port, - int accept_get, int timeout) + const char *prog, int accept_get, int timeout) { BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL; int len; @@ -298,15 +307,24 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, *ppath = NULL; if (cbio == NULL) { + char *port; + + get_sock_info_address(BIO_get_fd(acbio, NULL), NULL, &port); + if (port == NULL) { + log_message(prog, LOG_ERR, "Cannot get port listening on"); + goto fatal; + } log_message(prog, LOG_DEBUG, - "Awaiting new connection on port %s...", port); + "Awaiting new connection on port %s ...", port); + OPENSSL_free(port); + if (BIO_do_accept(acbio) <= 0) /* Connection loss before accept() is routine, ignore silently */ return ret; *pcbio = cbio = BIO_pop(acbio); } else { - log_message(prog, LOG_DEBUG, "Awaiting next request..."); + log_message(prog, LOG_DEBUG, "Awaiting next request ..."); } if (cbio == NULL) { /* Cannot call http_server_send_status(cbio, ...) */ diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index 805a1f0f3df..0751d460e8c 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -207,6 +207,25 @@ out: return ret; } +void get_sock_info_address(int asock, char **hostname, char **service) +{ + union BIO_sock_info_u info; + + if (hostname != NULL) + *hostname = NULL; + if (service != NULL) + *service = NULL; + + if ((info.addr = BIO_ADDR_new()) != NULL + && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)) { + if (hostname != NULL) + *hostname = BIO_ADDR_hostname_string(info.addr, 1); + if (service != NULL) + *service = BIO_ADDR_service_string(info.addr, 1); + } + BIO_ADDR_free(info.addr); +} + int report_server_accept(BIO *out, int asock, int with_address, int with_pid) { int success = 1; @@ -214,30 +233,24 @@ int report_server_accept(BIO *out, int asock, int with_address, int with_pid) if (BIO_printf(out, "ACCEPT") <= 0) return 0; if (with_address) { - union BIO_sock_info_u info; - char *hostname = NULL; - char *service = NULL; + char *hostname, *service; - if ((info.addr = BIO_ADDR_new()) != NULL - && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info) - && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL - && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL) { + get_sock_info_address(asock, &hostname, &service); + success = hostname != NULL && service != NULL; + if (success) success = BIO_printf(out, strchr(hostname, ':') == NULL ? /* IPv4 */ " %s:%s" : /* IPv6 */ " [%s]:%s", hostname, service) > 0; - } else { + else (void)BIO_printf(out, "unknown:error\n"); - success = 0; - } OPENSSL_free(hostname); OPENSSL_free(service); - BIO_ADDR_free(info.addr); } if (with_pid) - success = success && BIO_printf(out, " PID=%d", getpid()) > 0; - success = success && BIO_printf(out, "\n") > 0; + success *= BIO_printf(out, " PID=%d", getpid()) > 0; + success *= BIO_printf(out, "\n") > 0; (void)BIO_flush(out); return success; diff --git a/apps/ocsp.c b/apps/ocsp.c index 8f0eacad2b7..841b5f7b814 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -76,7 +76,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, - const char *port, int timeout); + int timeout); static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp); static char *prog; @@ -576,7 +576,7 @@ int ocsp_main(int argc, char **argv) if (req == NULL && port != NULL) { #ifndef OPENSSL_NO_SOCK - acbio = http_server_init_bio(prog, port); + acbio = http_server_init(prog, port, -1); if (acbio == NULL) goto end; #else @@ -657,7 +657,7 @@ redo_accept: #endif req = NULL; - res = do_responder(&req, &cbio, acbio, port, req_timeout); + res = do_responder(&req, &cbio, acbio, req_timeout); if (res == 0) goto redo_accept; @@ -1188,13 +1188,13 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) } static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, - const char *port, int timeout) + int timeout) { #ifndef OPENSSL_NO_SOCK return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE **)preq, NULL, pcbio, acbio, NULL /* found_keep_alive */, - prog, port, 1 /* accept_get */, timeout); + prog, 1 /* accept_get */, timeout); #else BIO_printf(bio_err, "Error getting OCSP request - sockets not supported\n");