This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414

author: cvs2svn <admin@example.com> 2025-04-14 17:32:06 +0000
committer: cvs2svn <admin@example.com> 2025-04-14 17:32:06 +0000
commit: eb8dd9dca1228af0cd132f515509051ecfabf6f6 (patch)
tree: edb6da6af7e865d488dc1a29309f1e1ec226e603 /src/regress/lib/libssl/interop/server.c
parent: 247f0352e0ed72a4f476db9dc91f4d982bc83eb2 (diff)
download: openbsd-tb_20250414.tar.gz
openbsd-tb_20250414.tar.bz2
openbsd-tb_20250414.zip
1 files changed, 0 insertions, 321 deletions
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c
deleted file mode 100644
index a634adb43b..0000000000
--- a/src/regress/lib/libssl/interop/server.c
+++ /dev/null
@@ -1,321 +0,0 @@
-/*      $OpenBSD: server.c,v 1.12 2023/02/01 14:39:09 tb Exp $  */
-/*
- * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <err.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include "util.h"
-void __dead usage(void);
-void __dead
-usage(void)
-{
-        fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
-            "[-l ciphers] [-p dhparam] [-V version] [host port]\n");
-        exit(2);
-}
-int
-main(int argc, char *argv[])
-{
-        const SSL_METHOD *method;
-        SSL_CTX *ctx;
-        SSL *ssl;
-        BIO *abio, *cbio;
-        SSL_SESSION *session;
-        int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
-        int version = 0;
-        char buf[256], *dhparam = NULL;
-        char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
-        char *host_port, *host = "127.0.0.1", *port = "0";
-        while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
-                switch (ch) {
-                case 'C':
-                        ca = optarg;
-                        break;
-                case 'c':
-                        crt = optarg;
-                        break;
-                case 'k':
-                        key = optarg;
-                        break;
-                case 'L':
-                        listciphers = 1;
-                        break;
-                case 'l':
-                        ciphers = optarg;
-                        break;
-                case 'p':
-                        dhparam = optarg;
-                        break;
-                case 's':
-                        /* multiple reueses are possible */
-                        sessionreuse++;
-                        break;
-                case 'V':
-                        if (strcmp(optarg, "TLS1") == 0) {
-                                version = TLS1_VERSION;
-                        } else if (strcmp(optarg, "TLS1_1") == 0) {
-                                version = TLS1_1_VERSION;
-                        } else if (strcmp(optarg, "TLS1_2") == 0) {
-                                version = TLS1_2_VERSION;
-                        } else if (strcmp(optarg, "TLS1_3") == 0) {
-                                version = TLS1_3_VERSION;
-                        } else {
-                                errx(1, "unknown protocol version: %s", optarg);
-                        }
-                        break;
-                case 'v':
-                        /* use twice to force client cert */
-                        verify++;
-                        break;
-                default:
-                        usage();
-                }
-        }
-        argc -= optind;
-        argv += optind;
-        if (argc == 2) {
-                host = argv[0];
-                port = argv[1];
-        } else if (argc != 0 && !listciphers) {
-                usage();
-        }
-        if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
-            host, port) == -1)
-                err(1, "asprintf host port");
-        if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
-                errx(1, "certificate and private key must be used together");
-        if (crt == NULL && asprintf(&crt, "%s.crt", host) == -1)
-                err(1, "asprintf crt");
-        if (key == NULL && asprintf(&key, "%s.key", host) == -1)
-                err(1, "asprintf key");
-        SSL_library_init();
-        SSL_load_error_strings();
-        print_version();
-        /* setup method and context */
-#if OPENSSL_VERSION_NUMBER >= 0x1010000f
-        method = TLS_server_method();
-        if (method == NULL)
-                err_ssl(1, "TLS_server_method");
-#else
-        switch (version) {
-        case TLS1_VERSION:
-                method = TLSv1_server_method();
-                break;
-        case TLS1_1_VERSION:
-                method = TLSv1_1_server_method();
-                break;
-        case TLS1_2_VERSION:
-                method = TLSv1_2_server_method();
-                break;
-#ifdef TLS1_3_VERSION
-        case TLS1_3_VERSION:
-                err(1, "TLS1_3 not supported");
-#endif
-        default:
-                method = SSLv23_server_method();
-                break;
-        }
-        if (method == NULL)
-                err_ssl(1, "SSLv23_server_method");
-#endif
-        ctx = SSL_CTX_new(method);
-        if (ctx == NULL)
-                err_ssl(1, "SSL_CTX_new");
-#if OPENSSL_VERSION_NUMBER >= 0x1010000f
-        if (version) {
-                if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
-                        err_ssl(1, "SSL_CTX_set_min_proto_version");
-                if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
-                        err_ssl(1, "SSL_CTX_set_max_proto_version");
-        }
-#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
-        /* needed to use DHE cipher with libressl */
-        if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)
-                err_ssl(1, "SSL_CTX_set_dh_auto");
-#endif
-        /* needed to use ADH, EDH, DHE cipher with openssl */
-        if (dhparam != NULL) {
-                DH *dh;
-                FILE *file;
-                file = fopen(dhparam, "r");
-                if (file == NULL)
-                        err(1, "fopen %s", dhparam);
-                dh = PEM_read_DHparams(file, NULL, NULL, NULL);
-                if (dh == NULL)
-                        err_ssl(1, "PEM_read_DHparams");
-                if (SSL_CTX_set_tmp_dh(ctx, dh) <= 0)
-                        err_ssl(1, "SSL_CTX_set_tmp_dh");
-                fclose(file);
-        }
-        /* load server certificate */
-        if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
-                err_ssl(1, "SSL_CTX_use_certificate_file");
-        if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
-                err_ssl(1, "SSL_CTX_use_PrivateKey_file");
-        if (SSL_CTX_check_private_key(ctx) <= 0)
-                err_ssl(1, "SSL_CTX_check_private_key");
-        /* request client certificate and verify it */
-        if (ca != NULL) {
-                STACK_OF(X509_NAME) *x509stack;
-                x509stack = SSL_load_client_CA_file(ca);
-                if (x509stack == NULL)
-                        err_ssl(1, "SSL_load_client_CA_file");
-                SSL_CTX_set_client_CA_list(ctx, x509stack);
-                if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
-                        err_ssl(1, "SSL_CTX_load_verify_locations");
-        }
-        SSL_CTX_set_verify(ctx,
-            verify == 0 ?  SSL_VERIFY_NONE :
-            verify == 1 ?  SSL_VERIFY_PEER :
-            SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-            verify_callback);
-        if (sessionreuse) {
-                uint32_t context;
-                SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
-                context = arc4random();
-                if (SSL_CTX_set_session_id_context(ctx,
-                    (unsigned char *)&context, sizeof(context)) <= 0)
-                        err_ssl(1, "SSL_CTX_set_session_id_context");
-        }
-        if (ciphers) {
-                if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
-                        err_ssl(1, "SSL_CTX_set_cipher_list");
-        }
-        if (listciphers) {
-                STACK_OF(SSL_CIPHER) *supported_ciphers;
-                ssl = SSL_new(ctx);
-                if (ssl == NULL)
-                        err_ssl(1, "SSL_new");
-                supported_ciphers = SSL_get1_supported_ciphers(ssl);
-                if (supported_ciphers == NULL)
-                        err_ssl(1, "SSL_get1_supported_ciphers");
-                print_ciphers(supported_ciphers);
-                sk_SSL_CIPHER_free(supported_ciphers);
-                return 0;
-        }
-        /* setup bio for socket operations */
-        abio = BIO_new_accept(host_port);
-        if (abio == NULL)
-                err_ssl(1, "BIO_new_accept");
-        /* bind, listen */
-        if (BIO_do_accept(abio) <= 0)
-                err_ssl(1, "BIO_do_accept setup");
-        printf("listen ");
-        print_sockname(abio);
-        /* fork to background and set timeout */
-        if (daemon(1, 1) == -1)
-                err(1, "daemon");
-        alarm(10);
-        do {
-                /* accept connection */
-                if (BIO_do_accept(abio) <= 0)
-                        err_ssl(1, "BIO_do_accept wait");
-                cbio = BIO_pop(abio);
-                printf("accept ");
-                print_sockname(cbio);
-                printf("accept ");
-                print_peername(cbio);
-                /* do ssl server handshake */
-                ssl = SSL_new(ctx);
-                if (ssl == NULL)
-                        err_ssl(1, "SSL_new");
-                SSL_set_bio(ssl, cbio, cbio);
-                if ((error = SSL_accept(ssl)) <= 0)
-                        err_ssl(1, "SSL_accept %d", error);
-                printf("session %d: %s\n", sessionreuse,
-                    SSL_session_reused(ssl) ? "reuse" : "new");
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                /* print session statistics */
-                session = SSL_get_session(ssl);
-                if (session == NULL)
-                        err_ssl(1, "SSL_get_session");
-                if (SSL_SESSION_print_fp(stdout, session) <= 0)
-                        err_ssl(1, "SSL_SESSION_print_fp");
-                /* write server greeting and read client hello over TLS */
-                strlcpy(buf, "greeting\n", sizeof(buf));
-                printf(">>> %s", buf);
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                if ((error = SSL_write(ssl, buf, 9)) <= 0)
-                        err_ssl(1, "SSL_write %d", error);
-                if (error != 9)
-                        errx(1, "write not 9 bytes greeting: %d", error);
-                if ((error = SSL_read(ssl, buf, 6)) <= 0)
-                        err_ssl(1, "SSL_read %d", error);
-                if (error != 6)
-                        errx(1, "read not 6 bytes hello: %d", error);
-                buf[6] = '\0';
-                printf("<<< %s", buf);
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                /* shutdown connection */
-                if ((error = SSL_shutdown(ssl)) < 0)
-                        err_ssl(1, "SSL_shutdown unidirectional %d", error);
-                if (error <= 0) {
-                        if ((error = SSL_shutdown(ssl)) <= 0)
-                                err_ssl(1, "SSL_shutdown bidirectional %d",
-                                    error);
-                }
-                SSL_free(ssl);
-        } while (sessionreuse--);
-        SSL_CTX_free(ctx);
-        printf("success\n");
-        return 0;
-}
author	cvs2svn <admin@example.com>	2025-04-14 17:32:06 +0000
committer	cvs2svn <admin@example.com>	2025-04-14 17:32:06 +0000
commit	eb8dd9dca1228af0cd132f515509051ecfabf6f6 (patch)
tree	edb6da6af7e865d488dc1a29309f1e1ec226e603 /src/regress/lib/libssl/interop/server.c
parent	247f0352e0ed72a4f476db9dc91f4d982bc83eb2 (diff)
download	openbsd-tb_20250414.tar.gz openbsd-tb_20250414.tar.bz2 openbsd-tb_20250414.zip

diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c deleted file mode 100644 index a634adb43b..0000000000 --- a/src/regress/lib/libssl/interop/server.c +++ /dev/null
@@ -1,321 +0,0 @@
1	/* $OpenBSD: server.c,v 1.12 2023/02/01 14:39:09 tb Exp $ */
2	/*
3	* Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <sys/types.h>
19	#include <sys/socket.h>
20
21	#include <err.h>
22	#include <netdb.h>
23	#include <stdio.h>
24	#include <stdlib.h>
25	#include <string.h>
26	#include <unistd.h>
27
28	#include <openssl/err.h>
29	#include <openssl/ssl.h>
30
31	#include "util.h"
32
33	void __dead usage(void);
34
35	void __dead
36	usage(void)
37	{
38	fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
39	"[-l ciphers] [-p dhparam] [-V version] [host port]\n");
40	exit(2);
41	}
42
43	int
44	main(int argc, char *argv[])
45	{
46	const SSL_METHOD *method;
47	SSL_CTX *ctx;
48	SSL *ssl;
49	BIO abio, cbio;
50	SSL_SESSION *session;
51	int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
52	int version = 0;
53	char buf[256], *dhparam = NULL;
54	char ca = NULL, crt = NULL, key = NULL, ciphers = NULL;
55	char host_port, host = "127.0.0.1", *port = "0";
56
57	while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
58	switch (ch) {
59	case 'C':
60	ca = optarg;
61	break;
62	case 'c':
63	crt = optarg;
64	break;
65	case 'k':
66	key = optarg;
67	break;
68	case 'L':
69	listciphers = 1;
70	break;
71	case 'l':
72	ciphers = optarg;
73	break;
74	case 'p':
75	dhparam = optarg;
76	break;
77	case 's':
78	/* multiple reueses are possible */
79	sessionreuse++;
80	break;
81	case 'V':
82	if (strcmp(optarg, "TLS1") == 0) {
83	version = TLS1_VERSION;
84	} else if (strcmp(optarg, "TLS1_1") == 0) {
85	version = TLS1_1_VERSION;
86	} else if (strcmp(optarg, "TLS1_2") == 0) {
87	version = TLS1_2_VERSION;
88	} else if (strcmp(optarg, "TLS1_3") == 0) {
89	version = TLS1_3_VERSION;
90	} else {
91	errx(1, "unknown protocol version: %s", optarg);
92	}
93	break;
94	case 'v':
95	/* use twice to force client cert */
96	verify++;
97	break;
98	default:
99	usage();
100	}
101	}
102	argc -= optind;
103	argv += optind;
104	if (argc == 2) {
105	host = argv[0];
106	port = argv[1];
107	} else if (argc != 0 && !listciphers) {
108	usage();
109	}
110	if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
111	host, port) == -1)
112	err(1, "asprintf host port");
113	if ((crt == NULL && key != NULL) \|\| (crt != NULL && key == NULL))
114	errx(1, "certificate and private key must be used together");
115	if (crt == NULL && asprintf(&crt, "%s.crt", host) == -1)
116	err(1, "asprintf crt");
117	if (key == NULL && asprintf(&key, "%s.key", host) == -1)
118	err(1, "asprintf key");
119
120	SSL_library_init();
121	SSL_load_error_strings();
122	print_version();
123
124	/* setup method and context */
125	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
126	method = TLS_server_method();
127	if (method == NULL)
128	err_ssl(1, "TLS_server_method");
129	#else
130	switch (version) {
131	case TLS1_VERSION:
132	method = TLSv1_server_method();
133	break;
134	case TLS1_1_VERSION:
135	method = TLSv1_1_server_method();
136	break;
137	case TLS1_2_VERSION:
138	method = TLSv1_2_server_method();
139	break;
140	#ifdef TLS1_3_VERSION
141	case TLS1_3_VERSION:
142	err(1, "TLS1_3 not supported");
143	#endif
144	default:
145	method = SSLv23_server_method();
146	break;
147	}
148	if (method == NULL)
149	err_ssl(1, "SSLv23_server_method");
150	#endif
151	ctx = SSL_CTX_new(method);
152	if (ctx == NULL)
153	err_ssl(1, "SSL_CTX_new");
154
155	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
156	if (version) {
157	if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
158	err_ssl(1, "SSL_CTX_set_min_proto_version");
159	if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
160	err_ssl(1, "SSL_CTX_set_max_proto_version");
161	}
162	#endif
163
164	#if OPENSSL_VERSION_NUMBER >= 0x10100000
165	/* needed to use DHE cipher with libressl */
166	if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)
167	err_ssl(1, "SSL_CTX_set_dh_auto");
168	#endif
169	/* needed to use ADH, EDH, DHE cipher with openssl */
170	if (dhparam != NULL) {
171	DH *dh;
172	FILE *file;
173
174	file = fopen(dhparam, "r");
175	if (file == NULL)
176	err(1, "fopen %s", dhparam);
177	dh = PEM_read_DHparams(file, NULL, NULL, NULL);
178	if (dh == NULL)
179	err_ssl(1, "PEM_read_DHparams");
180	if (SSL_CTX_set_tmp_dh(ctx, dh) <= 0)
181	err_ssl(1, "SSL_CTX_set_tmp_dh");
182	fclose(file);
183	}
184
185	/* load server certificate */
186	if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
187	err_ssl(1, "SSL_CTX_use_certificate_file");
188	if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
189	err_ssl(1, "SSL_CTX_use_PrivateKey_file");
190	if (SSL_CTX_check_private_key(ctx) <= 0)
191	err_ssl(1, "SSL_CTX_check_private_key");
192
193	/* request client certificate and verify it */
194	if (ca != NULL) {
195	STACK_OF(X509_NAME) *x509stack;
196
197	x509stack = SSL_load_client_CA_file(ca);
198	if (x509stack == NULL)
199	err_ssl(1, "SSL_load_client_CA_file");
200	SSL_CTX_set_client_CA_list(ctx, x509stack);
201	if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
202	err_ssl(1, "SSL_CTX_load_verify_locations");
203	}
204	SSL_CTX_set_verify(ctx,
205	verify == 0 ? SSL_VERIFY_NONE :
206	verify == 1 ? SSL_VERIFY_PEER :
207	SSL_VERIFY_PEER \| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
208	verify_callback);
209
210	if (sessionreuse) {
211	uint32_t context;
212
213	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
214	context = arc4random();
215	if (SSL_CTX_set_session_id_context(ctx,
216	(unsigned char *)&context, sizeof(context)) <= 0)
217	err_ssl(1, "SSL_CTX_set_session_id_context");
218	}
219
220	if (ciphers) {
221	if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
222	err_ssl(1, "SSL_CTX_set_cipher_list");
223	}
224
225	if (listciphers) {
226	STACK_OF(SSL_CIPHER) *supported_ciphers;
227
228	ssl = SSL_new(ctx);
229	if (ssl == NULL)
230	err_ssl(1, "SSL_new");
231	supported_ciphers = SSL_get1_supported_ciphers(ssl);
232	if (supported_ciphers == NULL)
233	err_ssl(1, "SSL_get1_supported_ciphers");
234	print_ciphers(supported_ciphers);
235
236	sk_SSL_CIPHER_free(supported_ciphers);
237	return 0;
238	}
239
240	/* setup bio for socket operations */
241	abio = BIO_new_accept(host_port);
242	if (abio == NULL)
243	err_ssl(1, "BIO_new_accept");
244
245	/* bind, listen */
246	if (BIO_do_accept(abio) <= 0)
247	err_ssl(1, "BIO_do_accept setup");
248	printf("listen ");
249	print_sockname(abio);
250
251	/* fork to background and set timeout */
252	if (daemon(1, 1) == -1)
253	err(1, "daemon");
254	alarm(10);
255
256	do {
257	/* accept connection */
258	if (BIO_do_accept(abio) <= 0)
259	err_ssl(1, "BIO_do_accept wait");
260	cbio = BIO_pop(abio);
261	printf("accept ");
262	print_sockname(cbio);
263	printf("accept ");
264	print_peername(cbio);
265
266	/* do ssl server handshake */
267	ssl = SSL_new(ctx);
268	if (ssl == NULL)
269	err_ssl(1, "SSL_new");
270	SSL_set_bio(ssl, cbio, cbio);
271	if ((error = SSL_accept(ssl)) <= 0)
272	err_ssl(1, "SSL_accept %d", error);
273	printf("session %d: %s\n", sessionreuse,
274	SSL_session_reused(ssl) ? "reuse" : "new");
275	if (fflush(stdout) != 0)
276	err(1, "fflush stdout");
277
278
279	/* print session statistics */
280	session = SSL_get_session(ssl);
281	if (session == NULL)
282	err_ssl(1, "SSL_get_session");
283	if (SSL_SESSION_print_fp(stdout, session) <= 0)
284	err_ssl(1, "SSL_SESSION_print_fp");
285
286	/* write server greeting and read client hello over TLS */
287	strlcpy(buf, "greeting\n", sizeof(buf));
288	printf(">>> %s", buf);
289	if (fflush(stdout) != 0)
290	err(1, "fflush stdout");
291	if ((error = SSL_write(ssl, buf, 9)) <= 0)
292	err_ssl(1, "SSL_write %d", error);
293	if (error != 9)
294	errx(1, "write not 9 bytes greeting: %d", error);
295	if ((error = SSL_read(ssl, buf, 6)) <= 0)
296	err_ssl(1, "SSL_read %d", error);
297	if (error != 6)
298	errx(1, "read not 6 bytes hello: %d", error);
299	buf[6] = '\0';
300	printf("<<< %s", buf);
301	if (fflush(stdout) != 0)
302	err(1, "fflush stdout");
303
304	/* shutdown connection */
305	if ((error = SSL_shutdown(ssl)) < 0)
306	err_ssl(1, "SSL_shutdown unidirectional %d", error);
307	if (error <= 0) {
308	if ((error = SSL_shutdown(ssl)) <= 0)
309	err_ssl(1, "SSL_shutdown bidirectional %d",
310	error);
311	}
312
313	SSL_free(ssl);
314	} while (sessionreuse--);
315
316	SSL_CTX_free(ctx);
317
318	printf("success\n");
319
320	return 0;
321	}