summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/s_server.c
diff options
context:
space:
mode:
authortb <>2023-03-06 14:32:06 +0000
committertb <>2023-03-06 14:32:06 +0000
commit6c965e26b1a93da63948edae6b68564be1ded507 (patch)
treebbe07d6e06b695cebe22802551f2db0a61354d7c /src/usr.bin/openssl/s_server.c
parent48e828ea26ee91710242131cd75cd9d1d20b773c (diff)
downloadopenbsd-6c965e26b1a93da63948edae6b68564be1ded507.tar.gz
openbsd-6c965e26b1a93da63948edae6b68564be1ded507.tar.bz2
openbsd-6c965e26b1a93da63948edae6b68564be1ded507.zip
Rename struct ${app}_config to plain cfg
All the structs are static and we need to reach into them many times. Having a shorter name is more concise and results in less visual clutter. It also avoids many overlong lines and we will be able to get rid of some unfortunate line wrapping down the road. Discussed with jsing
Diffstat (limited to 'src/usr.bin/openssl/s_server.c')
-rw-r--r--src/usr.bin/openssl/s_server.c560
1 files changed, 280 insertions, 280 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index adf98451ec..a7f6146c4c 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.55 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: s_server.c,v 1.56 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -294,23 +294,23 @@ static struct {
294 int tlsextstatus; 294 int tlsextstatus;
295 X509_VERIFY_PARAM *vpm; 295 X509_VERIFY_PARAM *vpm;
296 int www; 296 int www;
297} s_server_config; 297} cfg;
298 298
299static int 299static int
300s_server_opt_context(char *arg) 300s_server_opt_context(char *arg)
301{ 301{
302 s_server_config.context = (unsigned char *) arg; 302 cfg.context = (unsigned char *) arg;
303 return (0); 303 return (0);
304} 304}
305 305
306static int 306static int
307s_server_opt_keymatexportlen(char *arg) 307s_server_opt_keymatexportlen(char *arg)
308{ 308{
309 s_server_config.keymatexportlen = strtonum(arg, 1, INT_MAX, 309 cfg.keymatexportlen = strtonum(arg, 1, INT_MAX,
310 &s_server_config.errstr); 310 &cfg.errstr);
311 if (s_server_config.errstr != NULL) { 311 if (cfg.errstr != NULL) {
312 BIO_printf(bio_err, "invalid argument %s: %s\n", 312 BIO_printf(bio_err, "invalid argument %s: %s\n",
313 arg, s_server_config.errstr); 313 arg, cfg.errstr);
314 return (1); 314 return (1);
315 } 315 }
316 return (0); 316 return (0);
@@ -320,11 +320,11 @@ s_server_opt_keymatexportlen(char *arg)
320static int 320static int
321s_server_opt_mtu(char *arg) 321s_server_opt_mtu(char *arg)
322{ 322{
323 s_server_config.socket_mtu = strtonum(arg, 0, LONG_MAX, 323 cfg.socket_mtu = strtonum(arg, 0, LONG_MAX,
324 &s_server_config.errstr); 324 &cfg.errstr);
325 if (s_server_config.errstr != NULL) { 325 if (cfg.errstr != NULL) {
326 BIO_printf(bio_err, "invalid argument %s: %s\n", 326 BIO_printf(bio_err, "invalid argument %s: %s\n",
327 arg, s_server_config.errstr); 327 arg, cfg.errstr);
328 return (1); 328 return (1);
329 } 329 }
330 return (0); 330 return (0);
@@ -335,8 +335,8 @@ s_server_opt_mtu(char *arg)
335static int 335static int
336s_server_opt_protocol_version_dtls(void) 336s_server_opt_protocol_version_dtls(void)
337{ 337{
338 s_server_config.meth = DTLS_server_method(); 338 cfg.meth = DTLS_server_method();
339 s_server_config.socket_type = SOCK_DGRAM; 339 cfg.socket_type = SOCK_DGRAM;
340 return (0); 340 return (0);
341} 341}
342#endif 342#endif
@@ -345,10 +345,10 @@ s_server_opt_protocol_version_dtls(void)
345static int 345static int
346s_server_opt_protocol_version_dtls1(void) 346s_server_opt_protocol_version_dtls1(void)
347{ 347{
348 s_server_config.meth = DTLS_server_method(); 348 cfg.meth = DTLS_server_method();
349 s_server_config.min_version = DTLS1_VERSION; 349 cfg.min_version = DTLS1_VERSION;
350 s_server_config.max_version = DTLS1_VERSION; 350 cfg.max_version = DTLS1_VERSION;
351 s_server_config.socket_type = SOCK_DGRAM; 351 cfg.socket_type = SOCK_DGRAM;
352 return (0); 352 return (0);
353} 353}
354#endif 354#endif
@@ -357,10 +357,10 @@ s_server_opt_protocol_version_dtls1(void)
357static int 357static int
358s_server_opt_protocol_version_dtls1_2(void) 358s_server_opt_protocol_version_dtls1_2(void)
359{ 359{
360 s_server_config.meth = DTLS_server_method(); 360 cfg.meth = DTLS_server_method();
361 s_server_config.min_version = DTLS1_2_VERSION; 361 cfg.min_version = DTLS1_2_VERSION;
362 s_server_config.max_version = DTLS1_2_VERSION; 362 cfg.max_version = DTLS1_2_VERSION;
363 s_server_config.socket_type = SOCK_DGRAM; 363 cfg.socket_type = SOCK_DGRAM;
364 return (0); 364 return (0);
365} 365}
366#endif 366#endif
@@ -368,47 +368,47 @@ s_server_opt_protocol_version_dtls1_2(void)
368static int 368static int
369s_server_opt_protocol_version_tls1(void) 369s_server_opt_protocol_version_tls1(void)
370{ 370{
371 s_server_config.min_version = TLS1_VERSION; 371 cfg.min_version = TLS1_VERSION;
372 s_server_config.max_version = TLS1_VERSION; 372 cfg.max_version = TLS1_VERSION;
373 return (0); 373 return (0);
374} 374}
375 375
376static int 376static int
377s_server_opt_protocol_version_tls1_1(void) 377s_server_opt_protocol_version_tls1_1(void)
378{ 378{
379 s_server_config.min_version = TLS1_1_VERSION; 379 cfg.min_version = TLS1_1_VERSION;
380 s_server_config.max_version = TLS1_1_VERSION; 380 cfg.max_version = TLS1_1_VERSION;
381 return (0); 381 return (0);
382} 382}
383 383
384static int 384static int
385s_server_opt_protocol_version_tls1_2(void) 385s_server_opt_protocol_version_tls1_2(void)
386{ 386{
387 s_server_config.min_version = TLS1_2_VERSION; 387 cfg.min_version = TLS1_2_VERSION;
388 s_server_config.max_version = TLS1_2_VERSION; 388 cfg.max_version = TLS1_2_VERSION;
389 return (0); 389 return (0);
390} 390}
391 391
392static int 392static int
393s_server_opt_protocol_version_tls1_3(void) 393s_server_opt_protocol_version_tls1_3(void)
394{ 394{
395 s_server_config.min_version = TLS1_3_VERSION; 395 cfg.min_version = TLS1_3_VERSION;
396 s_server_config.max_version = TLS1_3_VERSION; 396 cfg.max_version = TLS1_3_VERSION;
397 return (0); 397 return (0);
398} 398}
399 399
400static int 400static int
401s_server_opt_nbio_test(void) 401s_server_opt_nbio_test(void)
402{ 402{
403 s_server_config.nbio = 1; 403 cfg.nbio = 1;
404 s_server_config.nbio_test = 1; 404 cfg.nbio_test = 1;
405 return (0); 405 return (0);
406} 406}
407 407
408static int 408static int
409s_server_opt_port(char *arg) 409s_server_opt_port(char *arg)
410{ 410{
411 if (!extract_port(arg, &s_server_config.port)) 411 if (!extract_port(arg, &cfg.port))
412 return (1); 412 return (1);
413 return (0); 413 return (0);
414} 414}
@@ -416,12 +416,12 @@ s_server_opt_port(char *arg)
416static int 416static int
417s_server_opt_status_timeout(char *arg) 417s_server_opt_status_timeout(char *arg)
418{ 418{
419 s_server_config.tlsextstatus = 1; 419 cfg.tlsextstatus = 1;
420 s_server_config.tlscstatp.timeout = strtonum(arg, 0, INT_MAX, 420 cfg.tlscstatp.timeout = strtonum(arg, 0, INT_MAX,
421 &s_server_config.errstr); 421 &cfg.errstr);
422 if (s_server_config.errstr != NULL) { 422 if (cfg.errstr != NULL) {
423 BIO_printf(bio_err, "invalid argument %s: %s\n", 423 BIO_printf(bio_err, "invalid argument %s: %s\n",
424 arg, s_server_config.errstr); 424 arg, cfg.errstr);
425 return (1); 425 return (1);
426 } 426 }
427 return (0); 427 return (0);
@@ -430,10 +430,10 @@ s_server_opt_status_timeout(char *arg)
430static int 430static int
431s_server_opt_status_url(char *arg) 431s_server_opt_status_url(char *arg)
432{ 432{
433 s_server_config.tlsextstatus = 1; 433 cfg.tlsextstatus = 1;
434 if (!OCSP_parse_url(arg, &s_server_config.tlscstatp.host, 434 if (!OCSP_parse_url(arg, &cfg.tlscstatp.host,
435 &s_server_config.tlscstatp.port, &s_server_config.tlscstatp.path, 435 &cfg.tlscstatp.port, &cfg.tlscstatp.path,
436 &s_server_config.tlscstatp.use_ssl)) { 436 &cfg.tlscstatp.use_ssl)) {
437 BIO_printf(bio_err, "Error parsing URL\n"); 437 BIO_printf(bio_err, "Error parsing URL\n");
438 return (1); 438 return (1);
439 } 439 }
@@ -443,20 +443,20 @@ s_server_opt_status_url(char *arg)
443static int 443static int
444s_server_opt_status_verbose(void) 444s_server_opt_status_verbose(void)
445{ 445{
446 s_server_config.tlsextstatus = 1; 446 cfg.tlsextstatus = 1;
447 s_server_config.tlscstatp.verbose = 1; 447 cfg.tlscstatp.verbose = 1;
448 return (0); 448 return (0);
449} 449}
450 450
451static int 451static int
452s_server_opt_verify(char *arg) 452s_server_opt_verify(char *arg)
453{ 453{
454 s_server_config.server_verify = SSL_VERIFY_PEER | 454 cfg.server_verify = SSL_VERIFY_PEER |
455 SSL_VERIFY_CLIENT_ONCE; 455 SSL_VERIFY_CLIENT_ONCE;
456 verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr); 456 verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
457 if (s_server_config.errstr != NULL) { 457 if (cfg.errstr != NULL) {
458 BIO_printf(bio_err, "invalid argument %s: %s\n", 458 BIO_printf(bio_err, "invalid argument %s: %s\n",
459 arg, s_server_config.errstr); 459 arg, cfg.errstr);
460 return (1); 460 return (1);
461 } 461 }
462 BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 462 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
@@ -466,12 +466,12 @@ s_server_opt_verify(char *arg)
466static int 466static int
467s_server_opt_verify_fail(char *arg) 467s_server_opt_verify_fail(char *arg)
468{ 468{
469 s_server_config.server_verify = SSL_VERIFY_PEER | 469 cfg.server_verify = SSL_VERIFY_PEER |
470 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE; 470 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE;
471 verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr); 471 verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
472 if (s_server_config.errstr != NULL) { 472 if (cfg.errstr != NULL) {
473 BIO_printf(bio_err, "invalid argument %s: %s\n", 473 BIO_printf(bio_err, "invalid argument %s: %s\n",
474 arg, s_server_config.errstr); 474 arg, cfg.errstr);
475 return (1); 475 return (1);
476 } 476 }
477 BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", 477 BIO_printf(bio_err, "verify depth is %d, must return a certificate\n",
@@ -487,7 +487,7 @@ s_server_opt_verify_param(int argc, char **argv, int *argsused)
487 int badarg = 0; 487 int badarg = 0;
488 488
489 if (!args_verify(&pargs, &pargc, &badarg, bio_err, 489 if (!args_verify(&pargs, &pargc, &badarg, bio_err,
490 &s_server_config.vpm)) { 490 &cfg.vpm)) {
491 BIO_printf(bio_err, "unknown option %s\n", *argv); 491 BIO_printf(bio_err, "unknown option %s\n", *argv);
492 return (1); 492 return (1);
493 } 493 }
@@ -520,27 +520,27 @@ static const struct option s_server_options[] = {
520 .desc = "Set the advertised protocols for the ALPN extension" 520 .desc = "Set the advertised protocols for the ALPN extension"
521 " (comma-separated list)", 521 " (comma-separated list)",
522 .type = OPTION_ARG, 522 .type = OPTION_ARG,
523 .opt.arg = &s_server_config.alpn_in, 523 .opt.arg = &cfg.alpn_in,
524 }, 524 },
525 { 525 {
526 .name = "bugs", 526 .name = "bugs",
527 .desc = "Turn on SSL bug compatibility", 527 .desc = "Turn on SSL bug compatibility",
528 .type = OPTION_FLAG, 528 .type = OPTION_FLAG,
529 .opt.flag = &s_server_config.bugs, 529 .opt.flag = &cfg.bugs,
530 }, 530 },
531 { 531 {
532 .name = "CAfile", 532 .name = "CAfile",
533 .argname = "file", 533 .argname = "file",
534 .desc = "PEM format file of CA certificates", 534 .desc = "PEM format file of CA certificates",
535 .type = OPTION_ARG, 535 .type = OPTION_ARG,
536 .opt.arg = &s_server_config.CAfile, 536 .opt.arg = &cfg.CAfile,
537 }, 537 },
538 { 538 {
539 .name = "CApath", 539 .name = "CApath",
540 .argname = "directory", 540 .argname = "directory",
541 .desc = "PEM format directory of CA certificates", 541 .desc = "PEM format directory of CA certificates",
542 .type = OPTION_ARG, 542 .type = OPTION_ARG,
543 .opt.arg = &s_server_config.CApath, 543 .opt.arg = &cfg.CApath,
544 }, 544 },
545 { 545 {
546 .name = "cert", 546 .name = "cert",
@@ -548,7 +548,7 @@ static const struct option s_server_options[] = {
548 .desc = "Certificate file to use\n" 548 .desc = "Certificate file to use\n"
549 "(default is " TEST_CERT ")", 549 "(default is " TEST_CERT ")",
550 .type = OPTION_ARG, 550 .type = OPTION_ARG,
551 .opt.arg = &s_server_config.cert_file, 551 .opt.arg = &cfg.cert_file,
552 }, 552 },
553 { 553 {
554 .name = "cert2", 554 .name = "cert2",
@@ -556,20 +556,20 @@ static const struct option s_server_options[] = {
556 .desc = "Certificate file to use for servername\n" 556 .desc = "Certificate file to use for servername\n"
557 "(default is " TEST_CERT2 ")", 557 "(default is " TEST_CERT2 ")",
558 .type = OPTION_ARG, 558 .type = OPTION_ARG,
559 .opt.arg = &s_server_config.cert_file2, 559 .opt.arg = &cfg.cert_file2,
560 }, 560 },
561 { 561 {
562 .name = "certform", 562 .name = "certform",
563 .argname = "fmt", 563 .argname = "fmt",
564 .desc = "Certificate format (PEM or DER) PEM default", 564 .desc = "Certificate format (PEM or DER) PEM default",
565 .type = OPTION_ARG_FORMAT, 565 .type = OPTION_ARG_FORMAT,
566 .opt.value = &s_server_config.cert_format, 566 .opt.value = &cfg.cert_format,
567 }, 567 },
568#ifndef OPENSSL_NO_DTLS 568#ifndef OPENSSL_NO_DTLS
569 { 569 {
570 .name = "chain", 570 .name = "chain",
571 .type = OPTION_FLAG, 571 .type = OPTION_FLAG,
572 .opt.flag = &s_server_config.cert_chain, 572 .opt.flag = &cfg.cert_chain,
573 }, 573 },
574#endif 574#endif
575 { 575 {
@@ -577,7 +577,7 @@ static const struct option s_server_options[] = {
577 .argname = "list", 577 .argname = "list",
578 .desc = "List of ciphers to enable (see `openssl ciphers`)", 578 .desc = "List of ciphers to enable (see `openssl ciphers`)",
579 .type = OPTION_ARG, 579 .type = OPTION_ARG,
580 .opt.arg = &s_server_config.cipher, 580 .opt.arg = &cfg.cipher,
581 }, 581 },
582 { 582 {
583 .name = "context", 583 .name = "context",
@@ -590,55 +590,55 @@ static const struct option s_server_options[] = {
590 .name = "crlf", 590 .name = "crlf",
591 .desc = "Convert LF from terminal into CRLF", 591 .desc = "Convert LF from terminal into CRLF",
592 .type = OPTION_FLAG, 592 .type = OPTION_FLAG,
593 .opt.flag = &s_server_config.crlf, 593 .opt.flag = &cfg.crlf,
594 }, 594 },
595 { 595 {
596 .name = "dcert", 596 .name = "dcert",
597 .argname = "file", 597 .argname = "file",
598 .desc = "Second certificate file to use (usually for DSA)", 598 .desc = "Second certificate file to use (usually for DSA)",
599 .type = OPTION_ARG, 599 .type = OPTION_ARG,
600 .opt.arg = &s_server_config.dcert_file, 600 .opt.arg = &cfg.dcert_file,
601 }, 601 },
602 { 602 {
603 .name = "dcertform", 603 .name = "dcertform",
604 .argname = "fmt", 604 .argname = "fmt",
605 .desc = "Second certificate format (PEM or DER) PEM default", 605 .desc = "Second certificate format (PEM or DER) PEM default",
606 .type = OPTION_ARG_FORMAT, 606 .type = OPTION_ARG_FORMAT,
607 .opt.value = &s_server_config.dcert_format, 607 .opt.value = &cfg.dcert_format,
608 }, 608 },
609 { 609 {
610 .name = "debug", 610 .name = "debug",
611 .desc = "Print more output", 611 .desc = "Print more output",
612 .type = OPTION_FLAG, 612 .type = OPTION_FLAG,
613 .opt.flag = &s_server_config.debug, 613 .opt.flag = &cfg.debug,
614 }, 614 },
615 { 615 {
616 .name = "dhparam", 616 .name = "dhparam",
617 .argname = "file", 617 .argname = "file",
618 .desc = "DH parameter file to use, in cert file if not specified", 618 .desc = "DH parameter file to use, in cert file if not specified",
619 .type = OPTION_ARG, 619 .type = OPTION_ARG,
620 .opt.arg = &s_server_config.dhfile, 620 .opt.arg = &cfg.dhfile,
621 }, 621 },
622 { 622 {
623 .name = "dkey", 623 .name = "dkey",
624 .argname = "file", 624 .argname = "file",
625 .desc = "Second private key file to use (usually for DSA)", 625 .desc = "Second private key file to use (usually for DSA)",
626 .type = OPTION_ARG, 626 .type = OPTION_ARG,
627 .opt.arg = &s_server_config.dkey_file, 627 .opt.arg = &cfg.dkey_file,
628 }, 628 },
629 { 629 {
630 .name = "dkeyform", 630 .name = "dkeyform",
631 .argname = "fmt", 631 .argname = "fmt",
632 .desc = "Second key format (PEM or DER) PEM default", 632 .desc = "Second key format (PEM or DER) PEM default",
633 .type = OPTION_ARG_FORMAT, 633 .type = OPTION_ARG_FORMAT,
634 .opt.value = &s_server_config.dkey_format, 634 .opt.value = &cfg.dkey_format,
635 }, 635 },
636 { 636 {
637 .name = "dpass", 637 .name = "dpass",
638 .argname = "arg", 638 .argname = "arg",
639 .desc = "Second private key file pass phrase source", 639 .desc = "Second private key file pass phrase source",
640 .type = OPTION_ARG, 640 .type = OPTION_ARG,
641 .opt.arg = &s_server_config.dpassarg, 641 .opt.arg = &cfg.dpassarg,
642 }, 642 },
643#ifndef OPENSSL_NO_DTLS 643#ifndef OPENSSL_NO_DTLS
644 { 644 {
@@ -669,13 +669,13 @@ static const struct option s_server_options[] = {
669 .argname = "list", 669 .argname = "list",
670 .desc = "Specify EC groups (colon-separated list)", 670 .desc = "Specify EC groups (colon-separated list)",
671 .type = OPTION_ARG, 671 .type = OPTION_ARG,
672 .opt.arg = &s_server_config.groups_in, 672 .opt.arg = &cfg.groups_in,
673 }, 673 },
674 { 674 {
675 .name = "HTTP", 675 .name = "HTTP",
676 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", 676 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>",
677 .type = OPTION_VALUE, 677 .type = OPTION_VALUE,
678 .opt.value = &s_server_config.www, 678 .opt.value = &cfg.www,
679 .value = 3, 679 .value = 3,
680 }, 680 },
681 { 681 {
@@ -683,7 +683,7 @@ static const struct option s_server_options[] = {
683 .argname = "arg", 683 .argname = "arg",
684 .desc = "Generate SSL/TLS session IDs prefixed by 'arg'", 684 .desc = "Generate SSL/TLS session IDs prefixed by 'arg'",
685 .type = OPTION_ARG, 685 .type = OPTION_ARG,
686 .opt.arg = &s_server_config.session_id_prefix, 686 .opt.arg = &cfg.session_id_prefix,
687 }, 687 },
688 { 688 {
689 .name = "key", 689 .name = "key",
@@ -691,7 +691,7 @@ static const struct option s_server_options[] = {
691 .desc = "Private Key file to use, in cert file if\n" 691 .desc = "Private Key file to use, in cert file if\n"
692 "not specified (default is " TEST_CERT ")", 692 "not specified (default is " TEST_CERT ")",
693 .type = OPTION_ARG, 693 .type = OPTION_ARG,
694 .opt.arg = &s_server_config.key_file, 694 .opt.arg = &cfg.key_file,
695 }, 695 },
696 { 696 {
697 .name = "key2", 697 .name = "key2",
@@ -699,21 +699,21 @@ static const struct option s_server_options[] = {
699 .desc = "Private Key file to use for servername, in cert file if\n" 699 .desc = "Private Key file to use for servername, in cert file if\n"
700 "not specified (default is " TEST_CERT2 ")", 700 "not specified (default is " TEST_CERT2 ")",
701 .type = OPTION_ARG, 701 .type = OPTION_ARG,
702 .opt.arg = &s_server_config.key_file2, 702 .opt.arg = &cfg.key_file2,
703 }, 703 },
704 { 704 {
705 .name = "keyform", 705 .name = "keyform",
706 .argname = "fmt", 706 .argname = "fmt",
707 .desc = "Key format (PEM or DER) PEM default", 707 .desc = "Key format (PEM or DER) PEM default",
708 .type = OPTION_ARG_FORMAT, 708 .type = OPTION_ARG_FORMAT,
709 .opt.value = &s_server_config.key_format, 709 .opt.value = &cfg.key_format,
710 }, 710 },
711 { 711 {
712 .name = "keymatexport", 712 .name = "keymatexport",
713 .argname = "label", 713 .argname = "label",
714 .desc = "Export keying material using label", 714 .desc = "Export keying material using label",
715 .type = OPTION_ARG, 715 .type = OPTION_ARG,
716 .opt.arg = &s_server_config.keymatexportlabel, 716 .opt.arg = &cfg.keymatexportlabel,
717 }, 717 },
718 { 718 {
719 .name = "keymatexportlen", 719 .name = "keymatexportlen",
@@ -730,7 +730,7 @@ static const struct option s_server_options[] = {
730 .name = "msg", 730 .name = "msg",
731 .desc = "Show protocol messages", 731 .desc = "Show protocol messages",
732 .type = OPTION_FLAG, 732 .type = OPTION_FLAG,
733 .opt.flag = &s_server_config.msg, 733 .opt.flag = &cfg.msg,
734 }, 734 },
735#ifndef OPENSSL_NO_DTLS 735#ifndef OPENSSL_NO_DTLS
736 { 736 {
@@ -746,19 +746,19 @@ static const struct option s_server_options[] = {
746 .argname = "num", 746 .argname = "num",
747 .desc = "Terminate after num connections", 747 .desc = "Terminate after num connections",
748 .type = OPTION_ARG_INT, 748 .type = OPTION_ARG_INT,
749 .opt.value = &s_server_config.naccept 749 .opt.value = &cfg.naccept
750 }, 750 },
751 { 751 {
752 .name = "named_curve", 752 .name = "named_curve",
753 .argname = "arg", 753 .argname = "arg",
754 .type = OPTION_ARG, 754 .type = OPTION_ARG,
755 .opt.arg = &s_server_config.named_curve, 755 .opt.arg = &cfg.named_curve,
756 }, 756 },
757 { 757 {
758 .name = "nbio", 758 .name = "nbio",
759 .desc = "Run with non-blocking I/O", 759 .desc = "Run with non-blocking I/O",
760 .type = OPTION_FLAG, 760 .type = OPTION_FLAG,
761 .opt.flag = &s_server_config.nbio, 761 .opt.flag = &cfg.nbio,
762 }, 762 },
763 { 763 {
764 .name = "nbio_test", 764 .name = "nbio_test",
@@ -770,78 +770,78 @@ static const struct option s_server_options[] = {
770 .name = "nextprotoneg", 770 .name = "nextprotoneg",
771 .argname = "arg", 771 .argname = "arg",
772 .type = OPTION_ARG, 772 .type = OPTION_ARG,
773 .opt.arg = &s_server_config.npn_in, /* Ignored. */ 773 .opt.arg = &cfg.npn_in, /* Ignored. */
774 }, 774 },
775 { 775 {
776 .name = "no_cache", 776 .name = "no_cache",
777 .desc = "Disable session cache", 777 .desc = "Disable session cache",
778 .type = OPTION_FLAG, 778 .type = OPTION_FLAG,
779 .opt.flag = &s_server_config.no_cache, 779 .opt.flag = &cfg.no_cache,
780 }, 780 },
781 { 781 {
782 .name = "no_comp", 782 .name = "no_comp",
783 .desc = "Disable SSL/TLS compression", 783 .desc = "Disable SSL/TLS compression",
784 .type = OPTION_VALUE_OR, 784 .type = OPTION_VALUE_OR,
785 .opt.value = &s_server_config.off, 785 .opt.value = &cfg.off,
786 .value = SSL_OP_NO_COMPRESSION, 786 .value = SSL_OP_NO_COMPRESSION,
787 }, 787 },
788 { 788 {
789 .name = "no_dhe", 789 .name = "no_dhe",
790 .desc = "Disable ephemeral DH", 790 .desc = "Disable ephemeral DH",
791 .type = OPTION_FLAG, 791 .type = OPTION_FLAG,
792 .opt.flag = &s_server_config.no_dhe, 792 .opt.flag = &cfg.no_dhe,
793 }, 793 },
794 { 794 {
795 .name = "no_ecdhe", 795 .name = "no_ecdhe",
796 .desc = "Disable ephemeral ECDH", 796 .desc = "Disable ephemeral ECDH",
797 .type = OPTION_FLAG, 797 .type = OPTION_FLAG,
798 .opt.flag = &s_server_config.no_ecdhe, 798 .opt.flag = &cfg.no_ecdhe,
799 }, 799 },
800 { 800 {
801 .name = "no_ticket", 801 .name = "no_ticket",
802 .desc = "Disable use of RFC4507bis session tickets", 802 .desc = "Disable use of RFC4507bis session tickets",
803 .type = OPTION_VALUE_OR, 803 .type = OPTION_VALUE_OR,
804 .opt.value = &s_server_config.off, 804 .opt.value = &cfg.off,
805 .value = SSL_OP_NO_TICKET, 805 .value = SSL_OP_NO_TICKET,
806 }, 806 },
807 { 807 {
808 .name = "no_ssl2", 808 .name = "no_ssl2",
809 .type = OPTION_VALUE_OR, 809 .type = OPTION_VALUE_OR,
810 .opt.value = &s_server_config.off, 810 .opt.value = &cfg.off,
811 .value = SSL_OP_NO_SSLv2, 811 .value = SSL_OP_NO_SSLv2,
812 }, 812 },
813 { 813 {
814 .name = "no_ssl3", 814 .name = "no_ssl3",
815 .type = OPTION_VALUE_OR, 815 .type = OPTION_VALUE_OR,
816 .opt.value = &s_server_config.off, 816 .opt.value = &cfg.off,
817 .value = SSL_OP_NO_SSLv3, 817 .value = SSL_OP_NO_SSLv3,
818 }, 818 },
819 { 819 {
820 .name = "no_tls1", 820 .name = "no_tls1",
821 .desc = "Just disable TLSv1", 821 .desc = "Just disable TLSv1",
822 .type = OPTION_VALUE_OR, 822 .type = OPTION_VALUE_OR,
823 .opt.value = &s_server_config.off, 823 .opt.value = &cfg.off,
824 .value = SSL_OP_NO_TLSv1, 824 .value = SSL_OP_NO_TLSv1,
825 }, 825 },
826 { 826 {
827 .name = "no_tls1_1", 827 .name = "no_tls1_1",
828 .desc = "Just disable TLSv1.1", 828 .desc = "Just disable TLSv1.1",
829 .type = OPTION_VALUE_OR, 829 .type = OPTION_VALUE_OR,
830 .opt.value = &s_server_config.off, 830 .opt.value = &cfg.off,
831 .value = SSL_OP_NO_TLSv1_1, 831 .value = SSL_OP_NO_TLSv1_1,
832 }, 832 },
833 { 833 {
834 .name = "no_tls1_2", 834 .name = "no_tls1_2",
835 .desc = "Just disable TLSv1.2", 835 .desc = "Just disable TLSv1.2",
836 .type = OPTION_VALUE_OR, 836 .type = OPTION_VALUE_OR,
837 .opt.value = &s_server_config.off, 837 .opt.value = &cfg.off,
838 .value = SSL_OP_NO_TLSv1_2, 838 .value = SSL_OP_NO_TLSv1_2,
839 }, 839 },
840 { 840 {
841 .name = "no_tls1_3", 841 .name = "no_tls1_3",
842 .desc = "Just disable TLSv1.3", 842 .desc = "Just disable TLSv1.3",
843 .type = OPTION_VALUE_OR, 843 .type = OPTION_VALUE_OR,
844 .opt.value = &s_server_config.off, 844 .opt.value = &cfg.off,
845 .value = SSL_OP_NO_TLSv1_3, 845 .value = SSL_OP_NO_TLSv1_3,
846 }, 846 },
847 { 847 {
@@ -852,14 +852,14 @@ static const struct option s_server_options[] = {
852 .name = "nocert", 852 .name = "nocert",
853 .desc = "Don't use any certificates (Anon-DH)", 853 .desc = "Don't use any certificates (Anon-DH)",
854 .type = OPTION_FLAG, 854 .type = OPTION_FLAG,
855 .opt.flag = &s_server_config.nocert, 855 .opt.flag = &cfg.nocert,
856 }, 856 },
857 { 857 {
858 .name = "pass", 858 .name = "pass",
859 .argname = "arg", 859 .argname = "arg",
860 .desc = "Private key file pass phrase source", 860 .desc = "Private key file pass phrase source",
861 .type = OPTION_ARG, 861 .type = OPTION_ARG,
862 .opt.arg = &s_server_config.passarg, 862 .opt.arg = &cfg.passarg,
863 }, 863 },
864 { 864 {
865 .name = "port", 865 .name = "port",
@@ -871,40 +871,40 @@ static const struct option s_server_options[] = {
871 .name = "quiet", 871 .name = "quiet",
872 .desc = "Inhibit printing of session and certificate information", 872 .desc = "Inhibit printing of session and certificate information",
873 .type = OPTION_FLAG, 873 .type = OPTION_FLAG,
874 .opt.flag = &s_server_config.quiet, 874 .opt.flag = &cfg.quiet,
875 }, 875 },
876 { 876 {
877 .name = "servername", 877 .name = "servername",
878 .argname = "name", 878 .argname = "name",
879 .desc = "Servername for HostName TLS extension", 879 .desc = "Servername for HostName TLS extension",
880 .type = OPTION_ARG, 880 .type = OPTION_ARG,
881 .opt.arg = &s_server_config.tlsextcbp.servername, 881 .opt.arg = &cfg.tlsextcbp.servername,
882 }, 882 },
883 { 883 {
884 .name = "servername_fatal", 884 .name = "servername_fatal",
885 .desc = "On mismatch send fatal alert (default warning alert)", 885 .desc = "On mismatch send fatal alert (default warning alert)",
886 .type = OPTION_VALUE, 886 .type = OPTION_VALUE,
887 .opt.value = &s_server_config.tlsextcbp.extension_error, 887 .opt.value = &cfg.tlsextcbp.extension_error,
888 .value = SSL_TLSEXT_ERR_ALERT_FATAL, 888 .value = SSL_TLSEXT_ERR_ALERT_FATAL,
889 }, 889 },
890 { 890 {
891 .name = "serverpref", 891 .name = "serverpref",
892 .desc = "Use server's cipher preferences", 892 .desc = "Use server's cipher preferences",
893 .type = OPTION_VALUE_OR, 893 .type = OPTION_VALUE_OR,
894 .opt.value = &s_server_config.off, 894 .opt.value = &cfg.off,
895 .value = SSL_OP_CIPHER_SERVER_PREFERENCE, 895 .value = SSL_OP_CIPHER_SERVER_PREFERENCE,
896 }, 896 },
897 { 897 {
898 .name = "state", 898 .name = "state",
899 .desc = "Print the SSL states", 899 .desc = "Print the SSL states",
900 .type = OPTION_FLAG, 900 .type = OPTION_FLAG,
901 .opt.flag = &s_server_config.state, 901 .opt.flag = &cfg.state,
902 }, 902 },
903 { 903 {
904 .name = "status", 904 .name = "status",
905 .desc = "Respond to certificate status requests", 905 .desc = "Respond to certificate status requests",
906 .type = OPTION_FLAG, 906 .type = OPTION_FLAG,
907 .opt.flag = &s_server_config.tlsextstatus, 907 .opt.flag = &cfg.tlsextstatus,
908 }, 908 },
909 { 909 {
910 .name = "status_timeout", 910 .name = "status_timeout",
@@ -931,7 +931,7 @@ static const struct option s_server_options[] = {
931 .name = "timeout", 931 .name = "timeout",
932 .desc = "Enable timeouts", 932 .desc = "Enable timeouts",
933 .type = OPTION_FLAG, 933 .type = OPTION_FLAG,
934 .opt.flag = &s_server_config.enable_timeouts, 934 .opt.flag = &cfg.enable_timeouts,
935 }, 935 },
936#endif 936#endif
937 { 937 {
@@ -962,7 +962,7 @@ static const struct option s_server_options[] = {
962 .name = "tlsextdebug", 962 .name = "tlsextdebug",
963 .desc = "Hex dump of all TLS extensions received", 963 .desc = "Hex dump of all TLS extensions received",
964 .type = OPTION_FLAG, 964 .type = OPTION_FLAG,
965 .opt.flag = &s_server_config.tlsextdebug, 965 .opt.flag = &cfg.tlsextdebug,
966 }, 966 },
967#ifndef OPENSSL_NO_SRTP 967#ifndef OPENSSL_NO_SRTP
968 { 968 {
@@ -970,7 +970,7 @@ static const struct option s_server_options[] = {
970 .argname = "profiles", 970 .argname = "profiles",
971 .desc = "Offer SRTP key management with a colon-separated profile list", 971 .desc = "Offer SRTP key management with a colon-separated profile list",
972 .type = OPTION_ARG, 972 .type = OPTION_ARG,
973 .opt.arg = &s_server_config.srtp_profiles, 973 .opt.arg = &cfg.srtp_profiles,
974 }, 974 },
975#endif 975#endif
976 { 976 {
@@ -997,14 +997,14 @@ static const struct option s_server_options[] = {
997 .name = "WWW", 997 .name = "WWW",
998 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", 998 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>",
999 .type = OPTION_VALUE, 999 .type = OPTION_VALUE,
1000 .opt.value = &s_server_config.www, 1000 .opt.value = &cfg.www,
1001 .value = 2, 1001 .value = 2,
1002 }, 1002 },
1003 { 1003 {
1004 .name = "www", 1004 .name = "www",
1005 .desc = "Respond to a 'GET /' with a status page", 1005 .desc = "Respond to a 'GET /' with a status page",
1006 .type = OPTION_VALUE, 1006 .type = OPTION_VALUE,
1007 .opt.value = &s_server_config.www, 1007 .opt.value = &cfg.www,
1008 .value = 1, 1008 .value = 1,
1009 }, 1009 },
1010 { 1010 {
@@ -1020,24 +1020,24 @@ static void
1020s_server_init(void) 1020s_server_init(void)
1021{ 1021{
1022 accept_socket = -1; 1022 accept_socket = -1;
1023 s_server_config.cipher = NULL; 1023 cfg.cipher = NULL;
1024 s_server_config.server_verify = SSL_VERIFY_NONE; 1024 cfg.server_verify = SSL_VERIFY_NONE;
1025 s_server_config.dcert_file = NULL; 1025 cfg.dcert_file = NULL;
1026 s_server_config.dkey_file = NULL; 1026 cfg.dkey_file = NULL;
1027 s_server_config.cert_file = TEST_CERT; 1027 cfg.cert_file = TEST_CERT;
1028 s_server_config.key_file = NULL; 1028 cfg.key_file = NULL;
1029 s_server_config.cert_file2 = TEST_CERT2; 1029 cfg.cert_file2 = TEST_CERT2;
1030 s_server_config.key_file2 = NULL; 1030 cfg.key_file2 = NULL;
1031 ctx2 = NULL; 1031 ctx2 = NULL;
1032 s_server_config.nbio = 0; 1032 cfg.nbio = 0;
1033 s_server_config.nbio_test = 0; 1033 cfg.nbio_test = 0;
1034 ctx = NULL; 1034 ctx = NULL;
1035 s_server_config.www = 0; 1035 cfg.www = 0;
1036 1036
1037 bio_s_out = NULL; 1037 bio_s_out = NULL;
1038 s_server_config.debug = 0; 1038 cfg.debug = 0;
1039 s_server_config.msg = 0; 1039 cfg.msg = 0;
1040 s_server_config.quiet = 0; 1040 cfg.quiet = 0;
1041} 1041}
1042 1042
1043static void 1043static void
@@ -1086,21 +1086,21 @@ s_server_main(int argc, char *argv[])
1086 exit(1); 1086 exit(1);
1087 } 1087 }
1088 1088
1089 memset(&s_server_config, 0, sizeof(s_server_config)); 1089 memset(&cfg, 0, sizeof(cfg));
1090 s_server_config.keymatexportlen = 20; 1090 cfg.keymatexportlen = 20;
1091 s_server_config.meth = TLS_server_method(); 1091 cfg.meth = TLS_server_method();
1092 s_server_config.naccept = -1; 1092 cfg.naccept = -1;
1093 s_server_config.port = PORT; 1093 cfg.port = PORT;
1094 s_server_config.cert_file = TEST_CERT; 1094 cfg.cert_file = TEST_CERT;
1095 s_server_config.cert_file2 = TEST_CERT2; 1095 cfg.cert_file2 = TEST_CERT2;
1096 s_server_config.cert_format = FORMAT_PEM; 1096 cfg.cert_format = FORMAT_PEM;
1097 s_server_config.dcert_format = FORMAT_PEM; 1097 cfg.dcert_format = FORMAT_PEM;
1098 s_server_config.dkey_format = FORMAT_PEM; 1098 cfg.dkey_format = FORMAT_PEM;
1099 s_server_config.key_format = FORMAT_PEM; 1099 cfg.key_format = FORMAT_PEM;
1100 s_server_config.server_verify = SSL_VERIFY_NONE; 1100 cfg.server_verify = SSL_VERIFY_NONE;
1101 s_server_config.socket_type = SOCK_STREAM; 1101 cfg.socket_type = SOCK_STREAM;
1102 s_server_config.tlscstatp.timeout = -1; 1102 cfg.tlscstatp.timeout = -1;
1103 s_server_config.tlsextcbp.extension_error = 1103 cfg.tlsextcbp.extension_error =
1104 SSL_TLSEXT_ERR_ALERT_WARNING; 1104 SSL_TLSEXT_ERR_ALERT_WARNING;
1105 1105
1106 local_argc = argc; 1106 local_argc = argc;
@@ -1111,47 +1111,47 @@ s_server_main(int argc, char *argv[])
1111 verify_depth = 0; 1111 verify_depth = 0;
1112 1112
1113 if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) { 1113 if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) {
1114 if (s_server_config.errstr == NULL) 1114 if (cfg.errstr == NULL)
1115 sv_usage(); 1115 sv_usage();
1116 goto end; 1116 goto end;
1117 } 1117 }
1118 1118
1119 if (!app_passwd(bio_err, s_server_config.passarg, 1119 if (!app_passwd(bio_err, cfg.passarg,
1120 s_server_config.dpassarg, &pass, &dpass)) { 1120 cfg.dpassarg, &pass, &dpass)) {
1121 BIO_printf(bio_err, "Error getting password\n"); 1121 BIO_printf(bio_err, "Error getting password\n");
1122 goto end; 1122 goto end;
1123 } 1123 }
1124 if (s_server_config.key_file == NULL) 1124 if (cfg.key_file == NULL)
1125 s_server_config.key_file = s_server_config.cert_file; 1125 cfg.key_file = cfg.cert_file;
1126 if (s_server_config.key_file2 == NULL) 1126 if (cfg.key_file2 == NULL)
1127 s_server_config.key_file2 = s_server_config.cert_file2; 1127 cfg.key_file2 = cfg.cert_file2;
1128 1128
1129 if (s_server_config.nocert == 0) { 1129 if (cfg.nocert == 0) {
1130 s_key = load_key(bio_err, s_server_config.key_file, 1130 s_key = load_key(bio_err, cfg.key_file,
1131 s_server_config.key_format, 0, pass, 1131 cfg.key_format, 0, pass,
1132 "server certificate private key file"); 1132 "server certificate private key file");
1133 if (!s_key) { 1133 if (!s_key) {
1134 ERR_print_errors(bio_err); 1134 ERR_print_errors(bio_err);
1135 goto end; 1135 goto end;
1136 } 1136 }
1137 s_cert = load_cert(bio_err, s_server_config.cert_file, 1137 s_cert = load_cert(bio_err, cfg.cert_file,
1138 s_server_config.cert_format, 1138 cfg.cert_format,
1139 NULL, "server certificate file"); 1139 NULL, "server certificate file");
1140 1140
1141 if (!s_cert) { 1141 if (!s_cert) {
1142 ERR_print_errors(bio_err); 1142 ERR_print_errors(bio_err);
1143 goto end; 1143 goto end;
1144 } 1144 }
1145 if (s_server_config.tlsextcbp.servername) { 1145 if (cfg.tlsextcbp.servername) {
1146 s_key2 = load_key(bio_err, s_server_config.key_file2, 1146 s_key2 = load_key(bio_err, cfg.key_file2,
1147 s_server_config.key_format, 0, pass, 1147 cfg.key_format, 0, pass,
1148 "second server certificate private key file"); 1148 "second server certificate private key file");
1149 if (!s_key2) { 1149 if (!s_key2) {
1150 ERR_print_errors(bio_err); 1150 ERR_print_errors(bio_err);
1151 goto end; 1151 goto end;
1152 } 1152 }
1153 s_cert2 = load_cert(bio_err, s_server_config.cert_file2, 1153 s_cert2 = load_cert(bio_err, cfg.cert_file2,
1154 s_server_config.cert_format, 1154 cfg.cert_format,
1155 NULL, "second server certificate file"); 1155 NULL, "second server certificate file");
1156 1156
1157 if (!s_cert2) { 1157 if (!s_cert2) {
@@ -1161,29 +1161,29 @@ s_server_main(int argc, char *argv[])
1161 } 1161 }
1162 } 1162 }
1163 alpn_ctx.data = NULL; 1163 alpn_ctx.data = NULL;
1164 if (s_server_config.alpn_in) { 1164 if (cfg.alpn_in) {
1165 unsigned short len; 1165 unsigned short len;
1166 alpn_ctx.data = next_protos_parse(&len, 1166 alpn_ctx.data = next_protos_parse(&len,
1167 s_server_config.alpn_in); 1167 cfg.alpn_in);
1168 if (alpn_ctx.data == NULL) 1168 if (alpn_ctx.data == NULL)
1169 goto end; 1169 goto end;
1170 alpn_ctx.len = len; 1170 alpn_ctx.len = len;
1171 } 1171 }
1172 1172
1173 if (s_server_config.dcert_file) { 1173 if (cfg.dcert_file) {
1174 1174
1175 if (s_server_config.dkey_file == NULL) 1175 if (cfg.dkey_file == NULL)
1176 s_server_config.dkey_file = s_server_config.dcert_file; 1176 cfg.dkey_file = cfg.dcert_file;
1177 1177
1178 s_dkey = load_key(bio_err, s_server_config.dkey_file, 1178 s_dkey = load_key(bio_err, cfg.dkey_file,
1179 s_server_config.dkey_format, 1179 cfg.dkey_format,
1180 0, dpass, "second certificate private key file"); 1180 0, dpass, "second certificate private key file");
1181 if (!s_dkey) { 1181 if (!s_dkey) {
1182 ERR_print_errors(bio_err); 1182 ERR_print_errors(bio_err);
1183 goto end; 1183 goto end;
1184 } 1184 }
1185 s_dcert = load_cert(bio_err, s_server_config.dcert_file, 1185 s_dcert = load_cert(bio_err, cfg.dcert_file,
1186 s_server_config.dcert_format, 1186 cfg.dcert_format,
1187 NULL, "second server certificate file"); 1187 NULL, "second server certificate file");
1188 1188
1189 if (!s_dcert) { 1189 if (!s_dcert) {
@@ -1192,23 +1192,23 @@ s_server_main(int argc, char *argv[])
1192 } 1192 }
1193 } 1193 }
1194 if (bio_s_out == NULL) { 1194 if (bio_s_out == NULL) {
1195 if (s_server_config.quiet && !s_server_config.debug && 1195 if (cfg.quiet && !cfg.debug &&
1196 !s_server_config.msg) { 1196 !cfg.msg) {
1197 bio_s_out = BIO_new(BIO_s_null()); 1197 bio_s_out = BIO_new(BIO_s_null());
1198 } else { 1198 } else {
1199 if (bio_s_out == NULL) 1199 if (bio_s_out == NULL)
1200 bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE); 1200 bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
1201 } 1201 }
1202 } 1202 }
1203 if (s_server_config.nocert) { 1203 if (cfg.nocert) {
1204 s_server_config.cert_file = NULL; 1204 cfg.cert_file = NULL;
1205 s_server_config.key_file = NULL; 1205 cfg.key_file = NULL;
1206 s_server_config.dcert_file = NULL; 1206 cfg.dcert_file = NULL;
1207 s_server_config.dkey_file = NULL; 1207 cfg.dkey_file = NULL;
1208 s_server_config.cert_file2 = NULL; 1208 cfg.cert_file2 = NULL;
1209 s_server_config.key_file2 = NULL; 1209 cfg.key_file2 = NULL;
1210 } 1210 }
1211 ctx = SSL_CTX_new(s_server_config.meth); 1211 ctx = SSL_CTX_new(cfg.meth);
1212 if (ctx == NULL) { 1212 if (ctx == NULL) {
1213 ERR_print_errors(bio_err); 1213 ERR_print_errors(bio_err);
1214 goto end; 1214 goto end;
@@ -1216,16 +1216,16 @@ s_server_main(int argc, char *argv[])
1216 1216
1217 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); 1217 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
1218 1218
1219 if (!SSL_CTX_set_min_proto_version(ctx, s_server_config.min_version)) 1219 if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version))
1220 goto end; 1220 goto end;
1221 if (!SSL_CTX_set_max_proto_version(ctx, s_server_config.max_version)) 1221 if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version))
1222 goto end; 1222 goto end;
1223 1223
1224 if (s_server_config.session_id_prefix) { 1224 if (cfg.session_id_prefix) {
1225 if (strlen(s_server_config.session_id_prefix) >= 32) 1225 if (strlen(cfg.session_id_prefix) >= 32)
1226 BIO_printf(bio_err, 1226 BIO_printf(bio_err,
1227 "warning: id_prefix is too long, only one new session will be possible\n"); 1227 "warning: id_prefix is too long, only one new session will be possible\n");
1228 else if (strlen(s_server_config.session_id_prefix) >= 16) 1228 else if (strlen(cfg.session_id_prefix) >= 16)
1229 BIO_printf(bio_err, 1229 BIO_printf(bio_err,
1230 "warning: id_prefix is too long if you use SSLv2\n"); 1230 "warning: id_prefix is too long if you use SSLv2\n");
1231 if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { 1231 if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
@@ -1234,58 +1234,58 @@ s_server_main(int argc, char *argv[])
1234 goto end; 1234 goto end;
1235 } 1235 }
1236 BIO_printf(bio_err, "id_prefix '%s' set.\n", 1236 BIO_printf(bio_err, "id_prefix '%s' set.\n",
1237 s_server_config.session_id_prefix); 1237 cfg.session_id_prefix);
1238 } 1238 }
1239 SSL_CTX_set_quiet_shutdown(ctx, 1); 1239 SSL_CTX_set_quiet_shutdown(ctx, 1);
1240 if (s_server_config.bugs) 1240 if (cfg.bugs)
1241 SSL_CTX_set_options(ctx, SSL_OP_ALL); 1241 SSL_CTX_set_options(ctx, SSL_OP_ALL);
1242 SSL_CTX_set_options(ctx, s_server_config.off); 1242 SSL_CTX_set_options(ctx, cfg.off);
1243 1243
1244 if (s_server_config.state) 1244 if (cfg.state)
1245 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 1245 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
1246 if (s_server_config.no_cache) 1246 if (cfg.no_cache)
1247 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 1247 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
1248 else 1248 else
1249 SSL_CTX_sess_set_cache_size(ctx, 128); 1249 SSL_CTX_sess_set_cache_size(ctx, 128);
1250 1250
1251#ifndef OPENSSL_NO_SRTP 1251#ifndef OPENSSL_NO_SRTP
1252 if (s_server_config.srtp_profiles != NULL) 1252 if (cfg.srtp_profiles != NULL)
1253 SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); 1253 SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles);
1254#endif 1254#endif
1255 1255
1256 if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, 1256 if ((!SSL_CTX_load_verify_locations(ctx, cfg.CAfile,
1257 s_server_config.CApath)) || 1257 cfg.CApath)) ||
1258 (!SSL_CTX_set_default_verify_paths(ctx))) { 1258 (!SSL_CTX_set_default_verify_paths(ctx))) {
1259 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ 1259 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
1260 ERR_print_errors(bio_err); 1260 ERR_print_errors(bio_err);
1261 /* goto end; */ 1261 /* goto end; */
1262 } 1262 }
1263 if (s_server_config.vpm) 1263 if (cfg.vpm)
1264 SSL_CTX_set1_param(ctx, s_server_config.vpm); 1264 SSL_CTX_set1_param(ctx, cfg.vpm);
1265 1265
1266 if (s_cert2) { 1266 if (s_cert2) {
1267 ctx2 = SSL_CTX_new(s_server_config.meth); 1267 ctx2 = SSL_CTX_new(cfg.meth);
1268 if (ctx2 == NULL) { 1268 if (ctx2 == NULL) {
1269 ERR_print_errors(bio_err); 1269 ERR_print_errors(bio_err);
1270 goto end; 1270 goto end;
1271 } 1271 }
1272 1272
1273 if (!SSL_CTX_set_min_proto_version(ctx2, 1273 if (!SSL_CTX_set_min_proto_version(ctx2,
1274 s_server_config.min_version)) 1274 cfg.min_version))
1275 goto end; 1275 goto end;
1276 if (!SSL_CTX_set_max_proto_version(ctx2, 1276 if (!SSL_CTX_set_max_proto_version(ctx2,
1277 s_server_config.max_version)) 1277 cfg.max_version))
1278 goto end; 1278 goto end;
1279 SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); 1279 SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY);
1280 } 1280 }
1281 if (ctx2) { 1281 if (ctx2) {
1282 BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); 1282 BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
1283 1283
1284 if (s_server_config.session_id_prefix) { 1284 if (cfg.session_id_prefix) {
1285 if (strlen(s_server_config.session_id_prefix) >= 32) 1285 if (strlen(cfg.session_id_prefix) >= 32)
1286 BIO_printf(bio_err, 1286 BIO_printf(bio_err,
1287 "warning: id_prefix is too long, only one new session will be possible\n"); 1287 "warning: id_prefix is too long, only one new session will be possible\n");
1288 else if (strlen(s_server_config.session_id_prefix) >= 16) 1288 else if (strlen(cfg.session_id_prefix) >= 16)
1289 BIO_printf(bio_err, 1289 BIO_printf(bio_err,
1290 "warning: id_prefix is too long if you use SSLv2\n"); 1290 "warning: id_prefix is too long if you use SSLv2\n");
1291 if (!SSL_CTX_set_generate_session_id(ctx2, 1291 if (!SSL_CTX_set_generate_session_id(ctx2,
@@ -1296,48 +1296,48 @@ s_server_main(int argc, char *argv[])
1296 goto end; 1296 goto end;
1297 } 1297 }
1298 BIO_printf(bio_err, "id_prefix '%s' set.\n", 1298 BIO_printf(bio_err, "id_prefix '%s' set.\n",
1299 s_server_config.session_id_prefix); 1299 cfg.session_id_prefix);
1300 } 1300 }
1301 SSL_CTX_set_quiet_shutdown(ctx2, 1); 1301 SSL_CTX_set_quiet_shutdown(ctx2, 1);
1302 if (s_server_config.bugs) 1302 if (cfg.bugs)
1303 SSL_CTX_set_options(ctx2, SSL_OP_ALL); 1303 SSL_CTX_set_options(ctx2, SSL_OP_ALL);
1304 SSL_CTX_set_options(ctx2, s_server_config.off); 1304 SSL_CTX_set_options(ctx2, cfg.off);
1305 1305
1306 if (s_server_config.state) 1306 if (cfg.state)
1307 SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); 1307 SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
1308 1308
1309 if (s_server_config.no_cache) 1309 if (cfg.no_cache)
1310 SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF); 1310 SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
1311 else 1311 else
1312 SSL_CTX_sess_set_cache_size(ctx2, 128); 1312 SSL_CTX_sess_set_cache_size(ctx2, 128);
1313 1313
1314 if ((!SSL_CTX_load_verify_locations(ctx2, 1314 if ((!SSL_CTX_load_verify_locations(ctx2,
1315 s_server_config.CAfile, s_server_config.CApath)) || 1315 cfg.CAfile, cfg.CApath)) ||
1316 (!SSL_CTX_set_default_verify_paths(ctx2))) { 1316 (!SSL_CTX_set_default_verify_paths(ctx2))) {
1317 ERR_print_errors(bio_err); 1317 ERR_print_errors(bio_err);
1318 } 1318 }
1319 if (s_server_config.vpm) 1319 if (cfg.vpm)
1320 SSL_CTX_set1_param(ctx2, s_server_config.vpm); 1320 SSL_CTX_set1_param(ctx2, cfg.vpm);
1321 } 1321 }
1322 if (alpn_ctx.data) 1322 if (alpn_ctx.data)
1323 SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); 1323 SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
1324 1324
1325 if (s_server_config.groups_in != NULL) { 1325 if (cfg.groups_in != NULL) {
1326 if (SSL_CTX_set1_groups_list(ctx, s_server_config.groups_in) != 1) { 1326 if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) {
1327 BIO_printf(bio_err, "Failed to set groups '%s'\n", 1327 BIO_printf(bio_err, "Failed to set groups '%s'\n",
1328 s_server_config.groups_in); 1328 cfg.groups_in);
1329 goto end; 1329 goto end;
1330 } 1330 }
1331 } 1331 }
1332 1332
1333#ifndef OPENSSL_NO_DH 1333#ifndef OPENSSL_NO_DH
1334 if (!s_server_config.no_dhe) { 1334 if (!cfg.no_dhe) {
1335 DH *dh = NULL; 1335 DH *dh = NULL;
1336 1336
1337 if (s_server_config.dhfile) 1337 if (cfg.dhfile)
1338 dh = load_dh_param(s_server_config.dhfile); 1338 dh = load_dh_param(cfg.dhfile);
1339 else if (s_server_config.cert_file) 1339 else if (cfg.cert_file)
1340 dh = load_dh_param(s_server_config.cert_file); 1340 dh = load_dh_param(cfg.cert_file);
1341 1341
1342 if (dh != NULL) 1342 if (dh != NULL)
1343 BIO_printf(bio_s_out, "Setting temp DH parameters\n"); 1343 BIO_printf(bio_s_out, "Setting temp DH parameters\n");
@@ -1356,12 +1356,12 @@ s_server_main(int argc, char *argv[])
1356 } 1356 }
1357 1357
1358 if (ctx2) { 1358 if (ctx2) {
1359 if (!s_server_config.dhfile) { 1359 if (!cfg.dhfile) {
1360 DH *dh2 = NULL; 1360 DH *dh2 = NULL;
1361 1361
1362 if (s_server_config.cert_file2 != NULL) 1362 if (cfg.cert_file2 != NULL)
1363 dh2 = load_dh_param( 1363 dh2 = load_dh_param(
1364 s_server_config.cert_file2); 1364 cfg.cert_file2);
1365 if (dh2 != NULL) { 1365 if (dh2 != NULL) {
1366 BIO_printf(bio_s_out, 1366 BIO_printf(bio_s_out,
1367 "Setting temp DH parameters\n"); 1367 "Setting temp DH parameters\n");
@@ -1385,18 +1385,18 @@ s_server_main(int argc, char *argv[])
1385 } 1385 }
1386#endif 1386#endif
1387 1387
1388 if (!s_server_config.no_ecdhe && s_server_config.named_curve != NULL) { 1388 if (!cfg.no_ecdhe && cfg.named_curve != NULL) {
1389 EC_KEY *ecdh = NULL; 1389 EC_KEY *ecdh = NULL;
1390 int nid; 1390 int nid;
1391 1391
1392 if ((nid = OBJ_sn2nid(s_server_config.named_curve)) == 0) { 1392 if ((nid = OBJ_sn2nid(cfg.named_curve)) == 0) {
1393 BIO_printf(bio_err, "unknown curve name (%s)\n", 1393 BIO_printf(bio_err, "unknown curve name (%s)\n",
1394 s_server_config.named_curve); 1394 cfg.named_curve);
1395 goto end; 1395 goto end;
1396 } 1396 }
1397 if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) { 1397 if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) {
1398 BIO_printf(bio_err, "unable to create curve (%s)\n", 1398 BIO_printf(bio_err, "unable to create curve (%s)\n",
1399 s_server_config.named_curve); 1399 cfg.named_curve);
1400 goto end; 1400 goto end;
1401 } 1401 }
1402 BIO_printf(bio_s_out, "Setting temp ECDH parameters\n"); 1402 BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
@@ -1417,20 +1417,20 @@ s_server_main(int argc, char *argv[])
1417 goto end; 1417 goto end;
1418 } 1418 }
1419 1419
1420 if (s_server_config.cipher != NULL) { 1420 if (cfg.cipher != NULL) {
1421 if (!SSL_CTX_set_cipher_list(ctx, s_server_config.cipher)) { 1421 if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) {
1422 BIO_printf(bio_err, "error setting cipher list\n"); 1422 BIO_printf(bio_err, "error setting cipher list\n");
1423 ERR_print_errors(bio_err); 1423 ERR_print_errors(bio_err);
1424 goto end; 1424 goto end;
1425 } 1425 }
1426 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, 1426 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,
1427 s_server_config.cipher)) { 1427 cfg.cipher)) {
1428 BIO_printf(bio_err, "error setting cipher list\n"); 1428 BIO_printf(bio_err, "error setting cipher list\n");
1429 ERR_print_errors(bio_err); 1429 ERR_print_errors(bio_err);
1430 goto end; 1430 goto end;
1431 } 1431 }
1432 } 1432 }
1433 SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); 1433 SSL_CTX_set_verify(ctx, cfg.server_verify, verify_callback);
1434 SSL_CTX_set_session_id_context(ctx, 1434 SSL_CTX_set_session_id_context(ctx,
1435 (void *) &s_server_session_id_context, 1435 (void *) &s_server_session_id_context,
1436 sizeof s_server_session_id_context); 1436 sizeof s_server_session_id_context);
@@ -1440,38 +1440,38 @@ s_server_main(int argc, char *argv[])
1440 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); 1440 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
1441 1441
1442 if (ctx2) { 1442 if (ctx2) {
1443 SSL_CTX_set_verify(ctx2, s_server_config.server_verify, 1443 SSL_CTX_set_verify(ctx2, cfg.server_verify,
1444 verify_callback); 1444 verify_callback);
1445 SSL_CTX_set_session_id_context(ctx2, 1445 SSL_CTX_set_session_id_context(ctx2,
1446 (void *) &s_server_session_id_context, 1446 (void *) &s_server_session_id_context,
1447 sizeof s_server_session_id_context); 1447 sizeof s_server_session_id_context);
1448 1448
1449 s_server_config.tlsextcbp.biodebug = bio_s_out; 1449 cfg.tlsextcbp.biodebug = bio_s_out;
1450 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); 1450 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
1451 SSL_CTX_set_tlsext_servername_arg(ctx2, 1451 SSL_CTX_set_tlsext_servername_arg(ctx2,
1452 &s_server_config.tlsextcbp); 1452 &cfg.tlsextcbp);
1453 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1453 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1454 SSL_CTX_set_tlsext_servername_arg(ctx, 1454 SSL_CTX_set_tlsext_servername_arg(ctx,
1455 &s_server_config.tlsextcbp); 1455 &cfg.tlsextcbp);
1456 } 1456 }
1457 1457
1458 if (s_server_config.CAfile != NULL) { 1458 if (cfg.CAfile != NULL) {
1459 SSL_CTX_set_client_CA_list(ctx, 1459 SSL_CTX_set_client_CA_list(ctx,
1460 SSL_load_client_CA_file(s_server_config.CAfile)); 1460 SSL_load_client_CA_file(cfg.CAfile));
1461 if (ctx2) 1461 if (ctx2)
1462 SSL_CTX_set_client_CA_list(ctx2, 1462 SSL_CTX_set_client_CA_list(ctx2,
1463 SSL_load_client_CA_file(s_server_config.CAfile)); 1463 SSL_load_client_CA_file(cfg.CAfile));
1464 } 1464 }
1465 BIO_printf(bio_s_out, "ACCEPT\n"); 1465 BIO_printf(bio_s_out, "ACCEPT\n");
1466 (void) BIO_flush(bio_s_out); 1466 (void) BIO_flush(bio_s_out);
1467 if (s_server_config.www) 1467 if (cfg.www)
1468 do_server(s_server_config.port, s_server_config.socket_type, 1468 do_server(cfg.port, cfg.socket_type,
1469 &accept_socket, www_body, s_server_config.context, 1469 &accept_socket, www_body, cfg.context,
1470 s_server_config.naccept); 1470 cfg.naccept);
1471 else 1471 else
1472 do_server(s_server_config.port, s_server_config.socket_type, 1472 do_server(cfg.port, cfg.socket_type,
1473 &accept_socket, sv_body, s_server_config.context, 1473 &accept_socket, sv_body, cfg.context,
1474 s_server_config.naccept); 1474 cfg.naccept);
1475 print_stats(bio_s_out, ctx); 1475 print_stats(bio_s_out, ctx);
1476 ret = 0; 1476 ret = 0;
1477 end: 1477 end:
@@ -1482,10 +1482,10 @@ s_server_main(int argc, char *argv[])
1482 EVP_PKEY_free(s_dkey); 1482 EVP_PKEY_free(s_dkey);
1483 free(pass); 1483 free(pass);
1484 free(dpass); 1484 free(dpass);
1485 X509_VERIFY_PARAM_free(s_server_config.vpm); 1485 X509_VERIFY_PARAM_free(cfg.vpm);
1486 free(s_server_config.tlscstatp.host); 1486 free(cfg.tlscstatp.host);
1487 free(s_server_config.tlscstatp.port); 1487 free(cfg.tlscstatp.port);
1488 free(s_server_config.tlscstatp.path); 1488 free(cfg.tlscstatp.path);
1489 SSL_CTX_free(ctx2); 1489 SSL_CTX_free(ctx2);
1490 X509_free(s_cert2); 1490 X509_free(s_cert2);
1491 EVP_PKEY_free(s_key2); 1491 EVP_PKEY_free(s_key2);
@@ -1543,8 +1543,8 @@ sv_body(int s, unsigned char *context)
1543 BIO_printf(bio_err, "out of memory\n"); 1543 BIO_printf(bio_err, "out of memory\n");
1544 goto err; 1544 goto err;
1545 } 1545 }
1546 if (s_server_config.nbio) { 1546 if (cfg.nbio) {
1547 if (!s_server_config.quiet) 1547 if (!cfg.quiet)
1548 BIO_printf(bio_err, "turning on non blocking io\n"); 1548 BIO_printf(bio_err, "turning on non blocking io\n");
1549 if (!BIO_socket_nbio(s, 1)) 1549 if (!BIO_socket_nbio(s, 1))
1550 ERR_print_errors(bio_err); 1550 ERR_print_errors(bio_err);
@@ -1552,15 +1552,15 @@ sv_body(int s, unsigned char *context)
1552 1552
1553 if (con == NULL) { 1553 if (con == NULL) {
1554 con = SSL_new(ctx); 1554 con = SSL_new(ctx);
1555 if (s_server_config.tlsextdebug) { 1555 if (cfg.tlsextdebug) {
1556 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1556 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1557 SSL_set_tlsext_debug_arg(con, bio_s_out); 1557 SSL_set_tlsext_debug_arg(con, bio_s_out);
1558 } 1558 }
1559 if (s_server_config.tlsextstatus) { 1559 if (cfg.tlsextstatus) {
1560 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); 1560 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
1561 s_server_config.tlscstatp.err = bio_err; 1561 cfg.tlscstatp.err = bio_err;
1562 SSL_CTX_set_tlsext_status_arg(ctx, 1562 SSL_CTX_set_tlsext_status_arg(ctx,
1563 &s_server_config.tlscstatp); 1563 &cfg.tlscstatp);
1564 } 1564 }
1565 if (context) 1565 if (context)
1566 SSL_set_session_id_context(con, context, 1566 SSL_set_session_id_context(con, context,
@@ -1571,7 +1571,7 @@ sv_body(int s, unsigned char *context)
1571 if (SSL_is_dtls(con)) { 1571 if (SSL_is_dtls(con)) {
1572 sbio = BIO_new_dgram(s, BIO_NOCLOSE); 1572 sbio = BIO_new_dgram(s, BIO_NOCLOSE);
1573 1573
1574 if (s_server_config.enable_timeouts) { 1574 if (cfg.enable_timeouts) {
1575 timeout.tv_sec = 0; 1575 timeout.tv_sec = 0;
1576 timeout.tv_usec = DGRAM_RCV_TIMEOUT; 1576 timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1577 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, 1577 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0,
@@ -1582,9 +1582,9 @@ sv_body(int s, unsigned char *context)
1582 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, 1582 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0,
1583 &timeout); 1583 &timeout);
1584 } 1584 }
1585 if (s_server_config.socket_mtu > 28) { 1585 if (cfg.socket_mtu > 28) {
1586 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 1586 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1587 SSL_set_mtu(con, s_server_config.socket_mtu - 28); 1587 SSL_set_mtu(con, cfg.socket_mtu - 28);
1588 } else 1588 } else
1589 /* want to do MTU discovery */ 1589 /* want to do MTU discovery */
1590 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 1590 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
@@ -1594,7 +1594,7 @@ sv_body(int s, unsigned char *context)
1594 } else 1594 } else
1595 sbio = BIO_new_socket(s, BIO_NOCLOSE); 1595 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1596 1596
1597 if (s_server_config.nbio_test) { 1597 if (cfg.nbio_test) {
1598 BIO *test; 1598 BIO *test;
1599 1599
1600 test = BIO_new(BIO_f_nbio_test()); 1600 test = BIO_new(BIO_f_nbio_test());
@@ -1605,16 +1605,16 @@ sv_body(int s, unsigned char *context)
1605 SSL_set_accept_state(con); 1605 SSL_set_accept_state(con);
1606 /* SSL_set_fd(con,s); */ 1606 /* SSL_set_fd(con,s); */
1607 1607
1608 if (s_server_config.debug) { 1608 if (cfg.debug) {
1609 SSL_set_debug(con, 1); 1609 SSL_set_debug(con, 1);
1610 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 1610 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
1611 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); 1611 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
1612 } 1612 }
1613 if (s_server_config.msg) { 1613 if (cfg.msg) {
1614 SSL_set_msg_callback(con, msg_cb); 1614 SSL_set_msg_callback(con, msg_cb);
1615 SSL_set_msg_callback_arg(con, bio_s_out); 1615 SSL_set_msg_callback_arg(con, bio_s_out);
1616 } 1616 }
1617 if (s_server_config.tlsextdebug) { 1617 if (cfg.tlsextdebug) {
1618 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1618 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1619 SSL_set_tlsext_debug_arg(con, bio_s_out); 1619 SSL_set_tlsext_debug_arg(con, bio_s_out);
1620 } 1620 }
@@ -1660,7 +1660,7 @@ sv_body(int s, unsigned char *context)
1660 } 1660 }
1661 } 1661 }
1662 if (read_from_terminal) { 1662 if (read_from_terminal) {
1663 if (s_server_config.crlf) { 1663 if (cfg.crlf) {
1664 int j, lf_num; 1664 int j, lf_num;
1665 1665
1666 i = read(fileno(stdin), buf, bufsize / 2); 1666 i = read(fileno(stdin), buf, bufsize / 2);
@@ -1680,7 +1680,7 @@ sv_body(int s, unsigned char *context)
1680 assert(lf_num == 0); 1680 assert(lf_num == 0);
1681 } else 1681 } else
1682 i = read(fileno(stdin), buf, bufsize); 1682 i = read(fileno(stdin), buf, bufsize);
1683 if (!s_server_config.quiet) { 1683 if (!cfg.quiet) {
1684 if ((i <= 0) || (buf[0] == 'Q')) { 1684 if ((i <= 0) || (buf[0] == 'Q')) {
1685 BIO_printf(bio_s_out, "DONE\n"); 1685 BIO_printf(bio_s_out, "DONE\n");
1686 shutdown(s, SHUT_RD); 1686 shutdown(s, SHUT_RD);
@@ -1910,23 +1910,23 @@ init_ssl_connection(SSL *con)
1910 BIO_printf(bio_s_out, "Reused session-id\n"); 1910 BIO_printf(bio_s_out, "Reused session-id\n");
1911 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", 1911 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
1912 SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); 1912 SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
1913 if (s_server_config.keymatexportlabel != NULL) { 1913 if (cfg.keymatexportlabel != NULL) {
1914 BIO_printf(bio_s_out, "Keying material exporter:\n"); 1914 BIO_printf(bio_s_out, "Keying material exporter:\n");
1915 BIO_printf(bio_s_out, " Label: '%s'\n", 1915 BIO_printf(bio_s_out, " Label: '%s'\n",
1916 s_server_config.keymatexportlabel); 1916 cfg.keymatexportlabel);
1917 BIO_printf(bio_s_out, " Length: %i bytes\n", 1917 BIO_printf(bio_s_out, " Length: %i bytes\n",
1918 s_server_config.keymatexportlen); 1918 cfg.keymatexportlen);
1919 exportedkeymat = malloc(s_server_config.keymatexportlen); 1919 exportedkeymat = malloc(cfg.keymatexportlen);
1920 if (exportedkeymat != NULL) { 1920 if (exportedkeymat != NULL) {
1921 if (!SSL_export_keying_material(con, exportedkeymat, 1921 if (!SSL_export_keying_material(con, exportedkeymat,
1922 s_server_config.keymatexportlen, 1922 cfg.keymatexportlen,
1923 s_server_config.keymatexportlabel, 1923 cfg.keymatexportlabel,
1924 strlen(s_server_config.keymatexportlabel), 1924 strlen(cfg.keymatexportlabel),
1925 NULL, 0, 0)) { 1925 NULL, 0, 0)) {
1926 BIO_printf(bio_s_out, " Error\n"); 1926 BIO_printf(bio_s_out, " Error\n");
1927 } else { 1927 } else {
1928 BIO_printf(bio_s_out, " Keying material: "); 1928 BIO_printf(bio_s_out, " Keying material: ");
1929 for (i = 0; i < s_server_config.keymatexportlen; i++) 1929 for (i = 0; i < cfg.keymatexportlen; i++)
1930 BIO_printf(bio_s_out, "%02X", 1930 BIO_printf(bio_s_out, "%02X",
1931 exportedkeymat[i]); 1931 exportedkeymat[i]);
1932 BIO_printf(bio_s_out, "\n"); 1932 BIO_printf(bio_s_out, "\n");
@@ -1971,8 +1971,8 @@ www_body(int s, unsigned char *context)
1971 if ((io == NULL) || (ssl_bio == NULL)) 1971 if ((io == NULL) || (ssl_bio == NULL))
1972 goto err; 1972 goto err;
1973 1973
1974 if (s_server_config.nbio) { 1974 if (cfg.nbio) {
1975 if (!s_server_config.quiet) 1975 if (!cfg.quiet)
1976 BIO_printf(bio_err, "turning on non blocking io\n"); 1976 BIO_printf(bio_err, "turning on non blocking io\n");
1977 if (!BIO_socket_nbio(s, 1)) 1977 if (!BIO_socket_nbio(s, 1))
1978 ERR_print_errors(bio_err); 1978 ERR_print_errors(bio_err);
@@ -1984,7 +1984,7 @@ www_body(int s, unsigned char *context)
1984 1984
1985 if ((con = SSL_new(ctx)) == NULL) 1985 if ((con = SSL_new(ctx)) == NULL)
1986 goto err; 1986 goto err;
1987 if (s_server_config.tlsextdebug) { 1987 if (cfg.tlsextdebug) {
1988 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1988 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1989 SSL_set_tlsext_debug_arg(con, bio_s_out); 1989 SSL_set_tlsext_debug_arg(con, bio_s_out);
1990 } 1990 }
@@ -1993,7 +1993,7 @@ www_body(int s, unsigned char *context)
1993 strlen((char *) context)); 1993 strlen((char *) context));
1994 1994
1995 sbio = BIO_new_socket(s, BIO_NOCLOSE); 1995 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1996 if (s_server_config.nbio_test) { 1996 if (cfg.nbio_test) {
1997 BIO *test; 1997 BIO *test;
1998 1998
1999 test = BIO_new(BIO_f_nbio_test()); 1999 test = BIO_new(BIO_f_nbio_test());
@@ -2006,12 +2006,12 @@ www_body(int s, unsigned char *context)
2006 BIO_set_ssl(ssl_bio, con, BIO_CLOSE); 2006 BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
2007 BIO_push(io, ssl_bio); 2007 BIO_push(io, ssl_bio);
2008 2008
2009 if (s_server_config.debug) { 2009 if (cfg.debug) {
2010 SSL_set_debug(con, 1); 2010 SSL_set_debug(con, 1);
2011 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 2011 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
2012 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); 2012 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
2013 } 2013 }
2014 if (s_server_config.msg) { 2014 if (cfg.msg) {
2015 SSL_set_msg_callback(con, msg_cb); 2015 SSL_set_msg_callback(con, msg_cb);
2016 SSL_set_msg_callback_arg(con, bio_s_out); 2016 SSL_set_msg_callback_arg(con, bio_s_out);
2017 } 2017 }
@@ -2019,11 +2019,11 @@ www_body(int s, unsigned char *context)
2019 i = BIO_gets(io, buf, bufsize - 1); 2019 i = BIO_gets(io, buf, bufsize - 1);
2020 if (i < 0) { /* error */ 2020 if (i < 0) { /* error */
2021 if (!BIO_should_retry(io)) { 2021 if (!BIO_should_retry(io)) {
2022 if (!s_server_config.quiet) 2022 if (!cfg.quiet)
2023 ERR_print_errors(bio_err); 2023 ERR_print_errors(bio_err);
2024 goto err; 2024 goto err;
2025 } else { 2025 } else {
2026 if (s_server_config.debug) { 2026 if (cfg.debug) {
2027 BIO_printf(bio_s_out, "read R BLOCK\n"); 2027 BIO_printf(bio_s_out, "read R BLOCK\n");
2028 sleep(1); 2028 sleep(1);
2029 } 2029 }
@@ -2034,9 +2034,9 @@ www_body(int s, unsigned char *context)
2034 goto end; 2034 goto end;
2035 } 2035 }
2036 /* else we have data */ 2036 /* else we have data */
2037 if (((s_server_config.www == 1) && 2037 if (((cfg.www == 1) &&
2038 (strncmp("GET ", buf, 4) == 0)) || 2038 (strncmp("GET ", buf, 4) == 0)) ||
2039 ((s_server_config.www == 2) && 2039 ((cfg.www == 2) &&
2040 (strncmp("GET /stats ", buf, 11) == 0))) { 2040 (strncmp("GET /stats ", buf, 11) == 0))) {
2041 char *p; 2041 char *p;
2042 X509 *peer; 2042 X509 *peer;
@@ -2117,8 +2117,8 @@ www_body(int s, unsigned char *context)
2117 "no client certificate available\n"); 2117 "no client certificate available\n");
2118 BIO_puts(io, "</BODY></HTML>\r\n\r\n"); 2118 BIO_puts(io, "</BODY></HTML>\r\n\r\n");
2119 break; 2119 break;
2120 } else if ((s_server_config.www == 2 || 2120 } else if ((cfg.www == 2 ||
2121 s_server_config.www == 3) && 2121 cfg.www == 3) &&
2122 (strncmp("GET /", buf, 5) == 0)) { 2122 (strncmp("GET /", buf, 5) == 0)) {
2123 BIO *file; 2123 BIO *file;
2124 char *p, *e; 2124 char *p, *e;
@@ -2183,10 +2183,10 @@ www_body(int s, unsigned char *context)
2183 ERR_print_errors(io); 2183 ERR_print_errors(io);
2184 break; 2184 break;
2185 } 2185 }
2186 if (!s_server_config.quiet) 2186 if (!cfg.quiet)
2187 BIO_printf(bio_err, "FILE:%s\n", p); 2187 BIO_printf(bio_err, "FILE:%s\n", p);
2188 2188
2189 if (s_server_config.www == 2) { 2189 if (cfg.www == 2) {
2190 i = strlen(p); 2190 i = strlen(p);
2191 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || 2191 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
2192 ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || 2192 ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
@@ -2276,9 +2276,9 @@ generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len)
2276 * 1 session ID (ie. the prefix!) so all future session 2276 * 1 session ID (ie. the prefix!) so all future session
2277 * negotiations will fail due to conflicts. 2277 * negotiations will fail due to conflicts.
2278 */ 2278 */
2279 memcpy(id, s_server_config.session_id_prefix, 2279 memcpy(id, cfg.session_id_prefix,
2280 (strlen(s_server_config.session_id_prefix) < *id_len) ? 2280 (strlen(cfg.session_id_prefix) < *id_len) ?
2281 strlen(s_server_config.session_id_prefix) : *id_len); 2281 strlen(cfg.session_id_prefix) : *id_len);
2282 } 2282 }
2283 while (SSL_has_matching_session_id(ssl, id, *id_len) && 2283 while (SSL_has_matching_session_id(ssl, id, *id_len) &&
2284 (++count < MAX_SESSION_ID_ATTEMPTS)); 2284 (++count < MAX_SESSION_ID_ATTEMPTS));
@@ -2449,7 +2449,7 @@ alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
2449{ 2449{
2450 tlsextalpnctx *alpn_ctx = arg; 2450 tlsextalpnctx *alpn_ctx = arg;
2451 2451
2452 if (!s_server_config.quiet) { 2452 if (!cfg.quiet) {
2453 /* We can assume that in is syntactically valid. */ 2453 /* We can assume that in is syntactically valid. */
2454 unsigned i; 2454 unsigned i;
2455 2455
@@ -2468,7 +2468,7 @@ alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
2468 alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED) 2468 alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED)
2469 return (SSL_TLSEXT_ERR_NOACK); 2469 return (SSL_TLSEXT_ERR_NOACK);
2470 2470
2471 if (!s_server_config.quiet) { 2471 if (!cfg.quiet) {
2472 BIO_printf(bio_s_out, "ALPN protocols selected: "); 2472 BIO_printf(bio_s_out, "ALPN protocols selected: ");
2473 BIO_write(bio_s_out, *out, *outlen); 2473 BIO_write(bio_s_out, *out, *outlen);
2474 BIO_write(bio_s_out, "\n", 1); 2474 BIO_write(bio_s_out, "\n", 1);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 13:04:54 +0000