diff options
| author | inoguchi <> | 2020-07-27 13:46:48 +0000 |
|---|---|---|
| committer | inoguchi <> | 2020-07-27 13:46:48 +0000 |
| commit | aac53677fa701dbcea49076f866c4ffbc99edfad (patch) | |
| tree | 073d203172dbd755767924ae40e22b048b4b7c6a /src | |
| parent | 76210d29c8ce23ac6f0db2610a1cef027179c7a0 (diff) | |
| download | openbsd-aac53677fa701dbcea49076f866c4ffbc99edfad.tar.gz openbsd-aac53677fa701dbcea49076f866c4ffbc99edfad.tar.bz2 openbsd-aac53677fa701dbcea49076f866c4ffbc99edfad.zip | |
Wrap long lines s_server.c
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr.bin/openssl/s_server.c | 197 |
1 files changed, 130 insertions, 67 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index eb5f62ed56..95e96429ce 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_server.c,v 1.42 2020/07/27 13:06:13 inoguchi Exp $ */ | 1 | /* $OpenBSD: s_server.c,v 1.43 2020/07/27 13:46:48 inoguchi Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1044,7 +1044,8 @@ s_server_main(int argc, char *argv[]) | |||
| 1044 | s_server_config.server_verify = SSL_VERIFY_NONE; | 1044 | s_server_config.server_verify = SSL_VERIFY_NONE; |
| 1045 | s_server_config.socket_type = SOCK_STREAM; | 1045 | s_server_config.socket_type = SOCK_STREAM; |
| 1046 | s_server_config.tlscstatp.timeout = -1; | 1046 | s_server_config.tlscstatp.timeout = -1; |
| 1047 | s_server_config.tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_WARNING; | 1047 | s_server_config.tlsextcbp.extension_error = |
| 1048 | SSL_TLSEXT_ERR_ALERT_WARNING; | ||
| 1048 | 1049 | ||
| 1049 | local_argc = argc; | 1050 | local_argc = argc; |
| 1050 | local_argv = argv; | 1051 | local_argv = argv; |
| @@ -1064,7 +1065,8 @@ s_server_main(int argc, char *argv[]) | |||
| 1064 | goto end; | 1065 | goto end; |
| 1065 | } | 1066 | } |
| 1066 | 1067 | ||
| 1067 | if (!app_passwd(bio_err, s_server_config.passarg, s_server_config.dpassarg, &pass, &dpass)) { | 1068 | if (!app_passwd(bio_err, s_server_config.passarg, |
| 1069 | s_server_config.dpassarg, &pass, &dpass)) { | ||
| 1068 | BIO_printf(bio_err, "Error getting password\n"); | 1070 | BIO_printf(bio_err, "Error getting password\n"); |
| 1069 | goto end; | 1071 | goto end; |
| 1070 | } | 1072 | } |
| @@ -1074,13 +1076,15 @@ s_server_main(int argc, char *argv[]) | |||
| 1074 | s_server_config.key_file2 = s_server_config.cert_file2; | 1076 | s_server_config.key_file2 = s_server_config.cert_file2; |
| 1075 | 1077 | ||
| 1076 | if (s_server_config.nocert == 0) { | 1078 | if (s_server_config.nocert == 0) { |
| 1077 | s_key = load_key(bio_err, s_server_config.key_file, s_server_config.key_format, 0, pass, | 1079 | s_key = load_key(bio_err, s_server_config.key_file, |
| 1080 | s_server_config.key_format, 0, pass, | ||
| 1078 | "server certificate private key file"); | 1081 | "server certificate private key file"); |
| 1079 | if (!s_key) { | 1082 | if (!s_key) { |
| 1080 | ERR_print_errors(bio_err); | 1083 | ERR_print_errors(bio_err); |
| 1081 | goto end; | 1084 | goto end; |
| 1082 | } | 1085 | } |
| 1083 | s_cert = load_cert(bio_err, s_server_config.cert_file, s_server_config.cert_format, | 1086 | s_cert = load_cert(bio_err, s_server_config.cert_file, |
| 1087 | s_server_config.cert_format, | ||
| 1084 | NULL, "server certificate file"); | 1088 | NULL, "server certificate file"); |
| 1085 | 1089 | ||
| 1086 | if (!s_cert) { | 1090 | if (!s_cert) { |
| @@ -1088,13 +1092,15 @@ s_server_main(int argc, char *argv[]) | |||
| 1088 | goto end; | 1092 | goto end; |
| 1089 | } | 1093 | } |
| 1090 | if (s_server_config.tlsextcbp.servername) { | 1094 | if (s_server_config.tlsextcbp.servername) { |
| 1091 | s_key2 = load_key(bio_err, s_server_config.key_file2, s_server_config.key_format, 0, pass, | 1095 | s_key2 = load_key(bio_err, s_server_config.key_file2, |
| 1096 | s_server_config.key_format, 0, pass, | ||
| 1092 | "second server certificate private key file"); | 1097 | "second server certificate private key file"); |
| 1093 | if (!s_key2) { | 1098 | if (!s_key2) { |
| 1094 | ERR_print_errors(bio_err); | 1099 | ERR_print_errors(bio_err); |
| 1095 | goto end; | 1100 | goto end; |
| 1096 | } | 1101 | } |
| 1097 | s_cert2 = load_cert(bio_err, s_server_config.cert_file2, s_server_config.cert_format, | 1102 | s_cert2 = load_cert(bio_err, s_server_config.cert_file2, |
| 1103 | s_server_config.cert_format, | ||
| 1098 | NULL, "second server certificate file"); | 1104 | NULL, "second server certificate file"); |
| 1099 | 1105 | ||
| 1100 | if (!s_cert2) { | 1106 | if (!s_cert2) { |
| @@ -1106,7 +1112,8 @@ s_server_main(int argc, char *argv[]) | |||
| 1106 | alpn_ctx.data = NULL; | 1112 | alpn_ctx.data = NULL; |
| 1107 | if (s_server_config.alpn_in) { | 1113 | if (s_server_config.alpn_in) { |
| 1108 | unsigned short len; | 1114 | unsigned short len; |
| 1109 | alpn_ctx.data = next_protos_parse(&len, s_server_config.alpn_in); | 1115 | alpn_ctx.data = next_protos_parse(&len, |
| 1116 | s_server_config.alpn_in); | ||
| 1110 | if (alpn_ctx.data == NULL) | 1117 | if (alpn_ctx.data == NULL) |
| 1111 | goto end; | 1118 | goto end; |
| 1112 | alpn_ctx.len = len; | 1119 | alpn_ctx.len = len; |
| @@ -1117,13 +1124,15 @@ s_server_main(int argc, char *argv[]) | |||
| 1117 | if (s_server_config.dkey_file == NULL) | 1124 | if (s_server_config.dkey_file == NULL) |
| 1118 | s_server_config.dkey_file = s_server_config.dcert_file; | 1125 | s_server_config.dkey_file = s_server_config.dcert_file; |
| 1119 | 1126 | ||
| 1120 | s_dkey = load_key(bio_err, s_server_config.dkey_file, s_server_config.dkey_format, | 1127 | s_dkey = load_key(bio_err, s_server_config.dkey_file, |
| 1128 | s_server_config.dkey_format, | ||
| 1121 | 0, dpass, "second certificate private key file"); | 1129 | 0, dpass, "second certificate private key file"); |
| 1122 | if (!s_dkey) { | 1130 | if (!s_dkey) { |
| 1123 | ERR_print_errors(bio_err); | 1131 | ERR_print_errors(bio_err); |
| 1124 | goto end; | 1132 | goto end; |
| 1125 | } | 1133 | } |
| 1126 | s_dcert = load_cert(bio_err, s_server_config.dcert_file, s_server_config.dcert_format, | 1134 | s_dcert = load_cert(bio_err, s_server_config.dcert_file, |
| 1135 | s_server_config.dcert_format, | ||
| 1127 | NULL, "second server certificate file"); | 1136 | NULL, "second server certificate file"); |
| 1128 | 1137 | ||
| 1129 | if (!s_dcert) { | 1138 | if (!s_dcert) { |
| @@ -1132,7 +1141,8 @@ s_server_main(int argc, char *argv[]) | |||
| 1132 | } | 1141 | } |
| 1133 | } | 1142 | } |
| 1134 | if (bio_s_out == NULL) { | 1143 | if (bio_s_out == NULL) { |
| 1135 | if (s_server_config.quiet && !s_server_config.debug && !s_server_config.msg) { | 1144 | if (s_server_config.quiet && !s_server_config.debug && |
| 1145 | !s_server_config.msg) { | ||
| 1136 | bio_s_out = BIO_new(BIO_s_null()); | 1146 | bio_s_out = BIO_new(BIO_s_null()); |
| 1137 | } else { | 1147 | } else { |
| 1138 | if (bio_s_out == NULL) | 1148 | if (bio_s_out == NULL) |
| @@ -1172,7 +1182,8 @@ s_server_main(int argc, char *argv[]) | |||
| 1172 | ERR_print_errors(bio_err); | 1182 | ERR_print_errors(bio_err); |
| 1173 | goto end; | 1183 | goto end; |
| 1174 | } | 1184 | } |
| 1175 | BIO_printf(bio_err, "id_prefix '%s' set.\n", s_server_config.session_id_prefix); | 1185 | BIO_printf(bio_err, "id_prefix '%s' set.\n", |
| 1186 | s_server_config.session_id_prefix); | ||
| 1176 | } | 1187 | } |
| 1177 | SSL_CTX_set_quiet_shutdown(ctx, 1); | 1188 | SSL_CTX_set_quiet_shutdown(ctx, 1); |
| 1178 | if (s_server_config.bugs) | 1189 | if (s_server_config.bugs) |
| @@ -1197,8 +1208,8 @@ s_server_main(int argc, char *argv[]) | |||
| 1197 | SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); | 1208 | SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); |
| 1198 | #endif | 1209 | #endif |
| 1199 | 1210 | ||
| 1200 | 1211 | if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, | |
| 1201 | if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, s_server_config.CApath)) || | 1212 | s_server_config.CApath)) || |
| 1202 | (!SSL_CTX_set_default_verify_paths(ctx))) { | 1213 | (!SSL_CTX_set_default_verify_paths(ctx))) { |
| 1203 | /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ | 1214 | /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ |
| 1204 | ERR_print_errors(bio_err); | 1215 | ERR_print_errors(bio_err); |
| @@ -1214,9 +1225,11 @@ s_server_main(int argc, char *argv[]) | |||
| 1214 | goto end; | 1225 | goto end; |
| 1215 | } | 1226 | } |
| 1216 | 1227 | ||
| 1217 | if (!SSL_CTX_set_min_proto_version(ctx2, s_server_config.min_version)) | 1228 | if (!SSL_CTX_set_min_proto_version(ctx2, |
| 1229 | s_server_config.min_version)) | ||
| 1218 | goto end; | 1230 | goto end; |
| 1219 | if (!SSL_CTX_set_max_proto_version(ctx2, s_server_config.max_version)) | 1231 | if (!SSL_CTX_set_max_proto_version(ctx2, |
| 1232 | s_server_config.max_version)) | ||
| 1220 | goto end; | 1233 | goto end; |
| 1221 | SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); | 1234 | SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); |
| 1222 | } | 1235 | } |
| @@ -1230,12 +1243,15 @@ s_server_main(int argc, char *argv[]) | |||
| 1230 | else if (strlen(s_server_config.session_id_prefix) >= 16) | 1243 | else if (strlen(s_server_config.session_id_prefix) >= 16) |
| 1231 | BIO_printf(bio_err, | 1244 | BIO_printf(bio_err, |
| 1232 | "warning: id_prefix is too long if you use SSLv2\n"); | 1245 | "warning: id_prefix is too long if you use SSLv2\n"); |
| 1233 | if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) { | 1246 | if (!SSL_CTX_set_generate_session_id(ctx2, |
| 1234 | BIO_printf(bio_err, "error setting 'id_prefix'\n"); | 1247 | generate_session_id)) { |
| 1248 | BIO_printf(bio_err, | ||
| 1249 | "error setting 'id_prefix'\n"); | ||
| 1235 | ERR_print_errors(bio_err); | 1250 | ERR_print_errors(bio_err); |
| 1236 | goto end; | 1251 | goto end; |
| 1237 | } | 1252 | } |
| 1238 | BIO_printf(bio_err, "id_prefix '%s' set.\n", s_server_config.session_id_prefix); | 1253 | BIO_printf(bio_err, "id_prefix '%s' set.\n", |
| 1254 | s_server_config.session_id_prefix); | ||
| 1239 | } | 1255 | } |
| 1240 | SSL_CTX_set_quiet_shutdown(ctx2, 1); | 1256 | SSL_CTX_set_quiet_shutdown(ctx2, 1); |
| 1241 | if (s_server_config.bugs) | 1257 | if (s_server_config.bugs) |
| @@ -1256,7 +1272,8 @@ s_server_main(int argc, char *argv[]) | |||
| 1256 | else | 1272 | else |
| 1257 | SSL_CTX_sess_set_cache_size(ctx2, 128); | 1273 | SSL_CTX_sess_set_cache_size(ctx2, 128); |
| 1258 | 1274 | ||
| 1259 | if ((!SSL_CTX_load_verify_locations(ctx2, s_server_config.CAfile, s_server_config.CApath)) || | 1275 | if ((!SSL_CTX_load_verify_locations(ctx2, |
| 1276 | s_server_config.CAfile, s_server_config.CApath)) || | ||
| 1260 | (!SSL_CTX_set_default_verify_paths(ctx2))) { | 1277 | (!SSL_CTX_set_default_verify_paths(ctx2))) { |
| 1261 | ERR_print_errors(bio_err); | 1278 | ERR_print_errors(bio_err); |
| 1262 | } | 1279 | } |
| @@ -1304,9 +1321,11 @@ s_server_main(int argc, char *argv[]) | |||
| 1304 | DH *dh2 = NULL; | 1321 | DH *dh2 = NULL; |
| 1305 | 1322 | ||
| 1306 | if (s_server_config.cert_file2 != NULL) | 1323 | if (s_server_config.cert_file2 != NULL) |
| 1307 | dh2 = load_dh_param(s_server_config.cert_file2); | 1324 | dh2 = load_dh_param( |
| 1325 | s_server_config.cert_file2); | ||
| 1308 | if (dh2 != NULL) { | 1326 | if (dh2 != NULL) { |
| 1309 | BIO_printf(bio_s_out, "Setting temp DH parameters\n"); | 1327 | BIO_printf(bio_s_out, |
| 1328 | "Setting temp DH parameters\n"); | ||
| 1310 | (void) BIO_flush(bio_s_out); | 1329 | (void) BIO_flush(bio_s_out); |
| 1311 | 1330 | ||
| 1312 | DH_free(dh); | 1331 | DH_free(dh); |
| @@ -1365,14 +1384,16 @@ s_server_main(int argc, char *argv[]) | |||
| 1365 | ERR_print_errors(bio_err); | 1384 | ERR_print_errors(bio_err); |
| 1366 | goto end; | 1385 | goto end; |
| 1367 | } | 1386 | } |
| 1368 | if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, s_server_config.cipher)) { | 1387 | if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, |
| 1388 | s_server_config.cipher)) { | ||
| 1369 | BIO_printf(bio_err, "error setting cipher list\n"); | 1389 | BIO_printf(bio_err, "error setting cipher list\n"); |
| 1370 | ERR_print_errors(bio_err); | 1390 | ERR_print_errors(bio_err); |
| 1371 | goto end; | 1391 | goto end; |
| 1372 | } | 1392 | } |
| 1373 | } | 1393 | } |
| 1374 | SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); | 1394 | SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); |
| 1375 | SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context, | 1395 | SSL_CTX_set_session_id_context(ctx, |
| 1396 | (void *) &s_server_session_id_context, | ||
| 1376 | sizeof s_server_session_id_context); | 1397 | sizeof s_server_session_id_context); |
| 1377 | 1398 | ||
| 1378 | /* Set DTLS cookie generation and verification callbacks */ | 1399 | /* Set DTLS cookie generation and verification callbacks */ |
| @@ -1380,28 +1401,36 @@ s_server_main(int argc, char *argv[]) | |||
| 1380 | SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); | 1401 | SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); |
| 1381 | 1402 | ||
| 1382 | if (ctx2) { | 1403 | if (ctx2) { |
| 1383 | SSL_CTX_set_verify(ctx2, s_server_config.server_verify, verify_callback); | 1404 | SSL_CTX_set_verify(ctx2, s_server_config.server_verify, |
| 1384 | SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context, | 1405 | verify_callback); |
| 1406 | SSL_CTX_set_session_id_context(ctx2, | ||
| 1407 | (void *) &s_server_session_id_context, | ||
| 1385 | sizeof s_server_session_id_context); | 1408 | sizeof s_server_session_id_context); |
| 1386 | 1409 | ||
| 1387 | s_server_config.tlsextcbp.biodebug = bio_s_out; | 1410 | s_server_config.tlsextcbp.biodebug = bio_s_out; |
| 1388 | SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); | 1411 | SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); |
| 1389 | SSL_CTX_set_tlsext_servername_arg(ctx2, &s_server_config.tlsextcbp); | 1412 | SSL_CTX_set_tlsext_servername_arg(ctx2, |
| 1413 | &s_server_config.tlsextcbp); | ||
| 1390 | SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); | 1414 | SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
| 1391 | SSL_CTX_set_tlsext_servername_arg(ctx, &s_server_config.tlsextcbp); | 1415 | SSL_CTX_set_tlsext_servername_arg(ctx, |
| 1416 | &s_server_config.tlsextcbp); | ||
| 1392 | } | 1417 | } |
| 1393 | 1418 | ||
| 1394 | if (s_server_config.CAfile != NULL) { | 1419 | if (s_server_config.CAfile != NULL) { |
| 1395 | SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(s_server_config.CAfile)); | 1420 | SSL_CTX_set_client_CA_list(ctx, |
| 1421 | SSL_load_client_CA_file(s_server_config.CAfile)); | ||
| 1396 | if (ctx2) | 1422 | if (ctx2) |
| 1397 | SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(s_server_config.CAfile)); | 1423 | SSL_CTX_set_client_CA_list(ctx2, |
| 1424 | SSL_load_client_CA_file(s_server_config.CAfile)); | ||
| 1398 | } | 1425 | } |
| 1399 | BIO_printf(bio_s_out, "ACCEPT\n"); | 1426 | BIO_printf(bio_s_out, "ACCEPT\n"); |
| 1400 | (void) BIO_flush(bio_s_out); | 1427 | (void) BIO_flush(bio_s_out); |
| 1401 | if (s_server_config.www) | 1428 | if (s_server_config.www) |
| 1402 | do_server(s_server_config.port, s_server_config.socket_type, &accept_socket, www_body, s_server_config.context); | 1429 | do_server(s_server_config.port, s_server_config.socket_type, |
| 1430 | &accept_socket, www_body, s_server_config.context); | ||
| 1403 | else | 1431 | else |
| 1404 | do_server(s_server_config.port, s_server_config.socket_type, &accept_socket, sv_body, s_server_config.context); | 1432 | do_server(s_server_config.port, s_server_config.socket_type, |
| 1433 | &accept_socket, sv_body, s_server_config.context); | ||
| 1405 | print_stats(bio_s_out, ctx); | 1434 | print_stats(bio_s_out, ctx); |
| 1406 | ret = 0; | 1435 | ret = 0; |
| 1407 | end: | 1436 | end: |
| @@ -1445,10 +1474,14 @@ print_stats(BIO *bio, SSL_CTX *ssl_ctx) | |||
| 1445 | SSL_CTX_sess_accept_renegotiate(ssl_ctx)); | 1474 | SSL_CTX_sess_accept_renegotiate(ssl_ctx)); |
| 1446 | BIO_printf(bio, "%4ld server accepts that finished\n", | 1475 | BIO_printf(bio, "%4ld server accepts that finished\n", |
| 1447 | SSL_CTX_sess_accept_good(ssl_ctx)); | 1476 | SSL_CTX_sess_accept_good(ssl_ctx)); |
| 1448 | BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx)); | 1477 | BIO_printf(bio, "%4ld session cache hits\n", |
| 1449 | BIO_printf(bio, "%4ld session cache misses\n", SSL_CTX_sess_misses(ssl_ctx)); | 1478 | SSL_CTX_sess_hits(ssl_ctx)); |
| 1450 | BIO_printf(bio, "%4ld session cache timeouts\n", SSL_CTX_sess_timeouts(ssl_ctx)); | 1479 | BIO_printf(bio, "%4ld session cache misses\n", |
| 1451 | BIO_printf(bio, "%4ld callback cache hits\n", SSL_CTX_sess_cb_hits(ssl_ctx)); | 1480 | SSL_CTX_sess_misses(ssl_ctx)); |
| 1481 | BIO_printf(bio, "%4ld session cache timeouts\n", | ||
| 1482 | SSL_CTX_sess_timeouts(ssl_ctx)); | ||
| 1483 | BIO_printf(bio, "%4ld callback cache hits\n", | ||
| 1484 | SSL_CTX_sess_cb_hits(ssl_ctx)); | ||
| 1452 | BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", | 1485 | BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", |
| 1453 | SSL_CTX_sess_cache_full(ssl_ctx), | 1486 | SSL_CTX_sess_cache_full(ssl_ctx), |
| 1454 | SSL_CTX_sess_get_cache_size(ssl_ctx)); | 1487 | SSL_CTX_sess_get_cache_size(ssl_ctx)); |
| @@ -1485,7 +1518,8 @@ sv_body(char *hostname, int s, unsigned char *context) | |||
| 1485 | if (s_server_config.tlsextstatus) { | 1518 | if (s_server_config.tlsextstatus) { |
| 1486 | SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); | 1519 | SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); |
| 1487 | s_server_config.tlscstatp.err = bio_err; | 1520 | s_server_config.tlscstatp.err = bio_err; |
| 1488 | SSL_CTX_set_tlsext_status_arg(ctx, &s_server_config.tlscstatp); | 1521 | SSL_CTX_set_tlsext_status_arg(ctx, |
| 1522 | &s_server_config.tlscstatp); | ||
| 1489 | } | 1523 | } |
| 1490 | if (context) | 1524 | if (context) |
| 1491 | SSL_set_session_id_context(con, context, | 1525 | SSL_set_session_id_context(con, context, |
| @@ -1500,11 +1534,13 @@ sv_body(char *hostname, int s, unsigned char *context) | |||
| 1500 | if (s_server_config.enable_timeouts) { | 1534 | if (s_server_config.enable_timeouts) { |
| 1501 | timeout.tv_sec = 0; | 1535 | timeout.tv_sec = 0; |
| 1502 | timeout.tv_usec = DGRAM_RCV_TIMEOUT; | 1536 | timeout.tv_usec = DGRAM_RCV_TIMEOUT; |
| 1503 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); | 1537 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, |
| 1538 | &timeout); | ||
| 1504 | 1539 | ||
| 1505 | timeout.tv_sec = 0; | 1540 | timeout.tv_sec = 0; |
| 1506 | timeout.tv_usec = DGRAM_SND_TIMEOUT; | 1541 | timeout.tv_usec = DGRAM_SND_TIMEOUT; |
| 1507 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); | 1542 | BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, |
| 1543 | &timeout); | ||
| 1508 | } | 1544 | } |
| 1509 | if (s_server_config.socket_mtu > 28) { | 1545 | if (s_server_config.socket_mtu > 28) { |
| 1510 | SSL_set_options(con, SSL_OP_NO_QUERY_MTU); | 1546 | SSL_set_options(con, SSL_OP_NO_QUERY_MTU); |
| @@ -1567,7 +1603,8 @@ sv_body(char *hostname, int s, unsigned char *context) | |||
| 1567 | 1603 | ||
| 1568 | i = poll(pfd, 2, ptimeout); | 1604 | i = poll(pfd, 2, ptimeout); |
| 1569 | 1605 | ||
| 1570 | if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) { | 1606 | if ((SSL_version(con) == DTLS1_VERSION) && |
| 1607 | DTLSv1_handle_timeout(con) > 0) { | ||
| 1571 | BIO_printf(bio_err, "TIMEOUT occured\n"); | 1608 | BIO_printf(bio_err, "TIMEOUT occured\n"); |
| 1572 | } | 1609 | } |
| 1573 | if (i <= 0) | 1610 | if (i <= 0) |
| @@ -1638,7 +1675,9 @@ sv_body(char *hostname, int s, unsigned char *context) | |||
| 1638 | if ((buf[0] == 'R') && | 1675 | if ((buf[0] == 'R') && |
| 1639 | ((buf[1] == '\n') || (buf[1] == '\r'))) { | 1676 | ((buf[1] == '\n') || (buf[1] == '\r'))) { |
| 1640 | SSL_set_verify(con, | 1677 | SSL_set_verify(con, |
| 1641 | SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, NULL); | 1678 | SSL_VERIFY_PEER | |
| 1679 | SSL_VERIFY_CLIENT_ONCE, | ||
| 1680 | NULL); | ||
| 1642 | SSL_renegotiate(con); | 1681 | SSL_renegotiate(con); |
| 1643 | i = SSL_do_handshake(con); | 1682 | i = SSL_do_handshake(con); |
| 1644 | printf("SSL_do_handshake -> %d\n", i); | 1683 | printf("SSL_do_handshake -> %d\n", i); |
| @@ -1650,11 +1689,14 @@ sv_body(char *hostname, int s, unsigned char *context) | |||
| 1650 | */ | 1689 | */ |
| 1651 | } | 1690 | } |
| 1652 | if (buf[0] == 'P') { | 1691 | if (buf[0] == 'P') { |
| 1653 | static const char *str = "Lets print some clear text\n"; | 1692 | static const char *str = |
| 1654 | BIO_write(SSL_get_wbio(con), str, strlen(str)); | 1693 | "Lets print some clear text\n"; |
| 1694 | BIO_write(SSL_get_wbio(con), str, | ||
| 1695 | strlen(str)); | ||
| 1655 | } | 1696 | } |
| 1656 | if (buf[0] == 'S') { | 1697 | if (buf[0] == 'S') { |
| 1657 | print_stats(bio_s_out, SSL_get_SSL_CTX(con)); | 1698 | print_stats(bio_s_out, |
| 1699 | SSL_get_SSL_CTX(con)); | ||
| 1658 | } | 1700 | } |
| 1659 | } | 1701 | } |
| 1660 | l = k = 0; | 1702 | l = k = 0; |
| @@ -1751,7 +1793,8 @@ sv_body(char *hostname, int s, unsigned char *context) | |||
| 1751 | err: | 1793 | err: |
| 1752 | if (con != NULL) { | 1794 | if (con != NULL) { |
| 1753 | BIO_printf(bio_s_out, "shutting down SSL\n"); | 1795 | BIO_printf(bio_s_out, "shutting down SSL\n"); |
| 1754 | SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); | 1796 | SSL_set_shutdown(con, |
| 1797 | SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); | ||
| 1755 | SSL_free(con); | 1798 | SSL_free(con); |
| 1756 | } | 1799 | } |
| 1757 | BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); | 1800 | BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); |
| @@ -1819,7 +1862,8 @@ init_ssl_connection(SSL *con) | |||
| 1819 | = SSL_get_selected_srtp_profile(con); | 1862 | = SSL_get_selected_srtp_profile(con); |
| 1820 | 1863 | ||
| 1821 | if (srtp_profile) | 1864 | if (srtp_profile) |
| 1822 | BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n", | 1865 | BIO_printf(bio_s_out, |
| 1866 | "SRTP Extension negotiated, profile=%s\n", | ||
| 1823 | srtp_profile->name); | 1867 | srtp_profile->name); |
| 1824 | } | 1868 | } |
| 1825 | #endif | 1869 | #endif |
| @@ -1829,7 +1873,8 @@ init_ssl_connection(SSL *con) | |||
| 1829 | SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); | 1873 | SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); |
| 1830 | if (s_server_config.keymatexportlabel != NULL) { | 1874 | if (s_server_config.keymatexportlabel != NULL) { |
| 1831 | BIO_printf(bio_s_out, "Keying material exporter:\n"); | 1875 | BIO_printf(bio_s_out, "Keying material exporter:\n"); |
| 1832 | BIO_printf(bio_s_out, " Label: '%s'\n", s_server_config.keymatexportlabel); | 1876 | BIO_printf(bio_s_out, " Label: '%s'\n", |
| 1877 | s_server_config.keymatexportlabel); | ||
| 1833 | BIO_printf(bio_s_out, " Length: %i bytes\n", | 1878 | BIO_printf(bio_s_out, " Length: %i bytes\n", |
| 1834 | s_server_config.keymatexportlen); | 1879 | s_server_config.keymatexportlen); |
| 1835 | exportedkeymat = malloc(s_server_config.keymatexportlen); | 1880 | exportedkeymat = malloc(s_server_config.keymatexportlen); |
| @@ -1950,8 +1995,10 @@ www_body(char *hostname, int s, unsigned char *context) | |||
| 1950 | goto end; | 1995 | goto end; |
| 1951 | } | 1996 | } |
| 1952 | /* else we have data */ | 1997 | /* else we have data */ |
| 1953 | if (((s_server_config.www == 1) && (strncmp("GET ", buf, 4) == 0)) || | 1998 | if (((s_server_config.www == 1) && |
| 1954 | ((s_server_config.www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { | 1999 | (strncmp("GET ", buf, 4) == 0)) || |
| 2000 | ((s_server_config.www == 2) && | ||
| 2001 | (strncmp("GET /stats ", buf, 11) == 0))) { | ||
| 1955 | char *p; | 2002 | char *p; |
| 1956 | X509 *peer; | 2003 | X509 *peer; |
| 1957 | STACK_OF(SSL_CIPHER) *sk; | 2004 | STACK_OF(SSL_CIPHER) *sk; |
| @@ -1977,7 +2024,8 @@ www_body(char *hostname, int s, unsigned char *context) | |||
| 1977 | * The following is evil and should not really be | 2024 | * The following is evil and should not really be |
| 1978 | * done | 2025 | * done |
| 1979 | */ | 2026 | */ |
| 1980 | BIO_printf(io, "Ciphers supported in s_server binary\n"); | 2027 | BIO_printf(io, |
| 2028 | "Ciphers supported in s_server binary\n"); | ||
| 1981 | sk = SSL_get_ciphers(con); | 2029 | sk = SSL_get_ciphers(con); |
| 1982 | j = sk_SSL_CIPHER_num(sk); | 2030 | j = sk_SSL_CIPHER_num(sk); |
| 1983 | for (i = 0; i < j; i++) { | 2031 | for (i = 0; i < j; i++) { |
| @@ -1991,14 +2039,16 @@ www_body(char *hostname, int s, unsigned char *context) | |||
| 1991 | BIO_puts(io, "\n"); | 2039 | BIO_puts(io, "\n"); |
| 1992 | p = SSL_get_shared_ciphers(con, buf, bufsize); | 2040 | p = SSL_get_shared_ciphers(con, buf, bufsize); |
| 1993 | if (p != NULL) { | 2041 | if (p != NULL) { |
| 1994 | BIO_printf(io, "---\nCiphers common between both SSL end points:\n"); | 2042 | BIO_printf(io, |
| 2043 | "---\nCiphers common between both SSL end points:\n"); | ||
| 1995 | j = i = 0; | 2044 | j = i = 0; |
| 1996 | while (*p) { | 2045 | while (*p) { |
| 1997 | if (*p == ':') { | 2046 | if (*p == ':') { |
| 1998 | BIO_write(io, space, 26 - j); | 2047 | BIO_write(io, space, 26 - j); |
| 1999 | i++; | 2048 | i++; |
| 2000 | j = 0; | 2049 | j = 0; |
| 2001 | BIO_write(io, ((i % 3) ? " " : "\n"), 1); | 2050 | BIO_write(io, |
| 2051 | ((i % 3) ? " " : "\n"), 1); | ||
| 2002 | } else { | 2052 | } else { |
| 2003 | BIO_write(io, p, 1); | 2053 | BIO_write(io, p, 1); |
| 2004 | j++; | 2054 | j++; |
| @@ -2024,11 +2074,13 @@ www_body(char *hostname, int s, unsigned char *context) | |||
| 2024 | X509_print(io, peer); | 2074 | X509_print(io, peer); |
| 2025 | PEM_write_bio_X509(io, peer); | 2075 | PEM_write_bio_X509(io, peer); |
| 2026 | } else | 2076 | } else |
| 2027 | BIO_puts(io, "no client certificate available\n"); | 2077 | BIO_puts(io, |
| 2078 | "no client certificate available\n"); | ||
| 2028 | BIO_puts(io, "</BODY></HTML>\r\n\r\n"); | 2079 | BIO_puts(io, "</BODY></HTML>\r\n\r\n"); |
| 2029 | break; | 2080 | break; |
| 2030 | } else if ((s_server_config.www == 2 || s_server_config.www == 3) | 2081 | } else if ((s_server_config.www == 2 || |
| 2031 | && (strncmp("GET /", buf, 5) == 0)) { | 2082 | s_server_config.www == 3) && |
| 2083 | (strncmp("GET /", buf, 5) == 0)) { | ||
| 2032 | BIO *file; | 2084 | BIO *file; |
| 2033 | char *p, *e; | 2085 | char *p, *e; |
| 2034 | static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; | 2086 | static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; |
| @@ -2049,30 +2101,35 @@ www_body(char *hostname, int s, unsigned char *context) | |||
| 2049 | dot = (e[0] == '.') ? 3 : 0; | 2101 | dot = (e[0] == '.') ? 3 : 0; |
| 2050 | break; | 2102 | break; |
| 2051 | case 3: | 2103 | case 3: |
| 2052 | dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0; | 2104 | dot = (e[0] == '/' || e[0] == '\\') ? |
| 2105 | -1 : 0; | ||
| 2053 | break; | 2106 | break; |
| 2054 | } | 2107 | } |
| 2055 | if (dot == 0) | 2108 | if (dot == 0) |
| 2056 | dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0; | 2109 | dot = (e[0] == '/' || e[0] == '\\') ? |
| 2110 | 1 : 0; | ||
| 2057 | } | 2111 | } |
| 2058 | dot = (dot == 3) || (dot == -1); /* filename contains | 2112 | dot = (dot == 3) || (dot == -1); /* filename contains |
| 2059 | * ".." component */ | 2113 | * ".." component */ |
| 2060 | 2114 | ||
| 2061 | if (*e == '\0') { | 2115 | if (*e == '\0') { |
| 2062 | BIO_puts(io, text); | 2116 | BIO_puts(io, text); |
| 2063 | BIO_printf(io, "'%s' is an invalid file name\r\n", p); | 2117 | BIO_printf(io, |
| 2118 | "'%s' is an invalid file name\r\n", p); | ||
| 2064 | break; | 2119 | break; |
| 2065 | } | 2120 | } |
| 2066 | *e = '\0'; | 2121 | *e = '\0'; |
| 2067 | 2122 | ||
| 2068 | if (dot) { | 2123 | if (dot) { |
| 2069 | BIO_puts(io, text); | 2124 | BIO_puts(io, text); |
| 2070 | BIO_printf(io, "'%s' contains '..' reference\r\n", p); | 2125 | BIO_printf(io, |
| 2126 | "'%s' contains '..' reference\r\n", p); | ||
| 2071 | break; | 2127 | break; |
| 2072 | } | 2128 | } |
| 2073 | if (*p == '/') { | 2129 | if (*p == '/') { |
| 2074 | BIO_puts(io, text); | 2130 | BIO_puts(io, text); |
| 2075 | BIO_printf(io, "'%s' is an invalid path\r\n", p); | 2131 | BIO_printf(io, |
| 2132 | "'%s' is an invalid path\r\n", p); | ||
| 2076 | break; | 2133 | break; |
| 2077 | } | 2134 | } |
| 2078 | /* if a directory, do the index thang */ | 2135 | /* if a directory, do the index thang */ |
| @@ -2129,7 +2186,8 @@ www_body(char *hostname, int s, unsigned char *context) | |||
| 2129 | if (!BIO_should_retry(io)) | 2186 | if (!BIO_should_retry(io)) |
| 2130 | goto write_error; | 2187 | goto write_error; |
| 2131 | else { | 2188 | else { |
| 2132 | BIO_printf(bio_s_out, "rwrite W BLOCK\n"); | 2189 | BIO_printf(bio_s_out, |
| 2190 | "rwrite W BLOCK\n"); | ||
| 2133 | } | 2191 | } |
| 2134 | } else { | 2192 | } else { |
| 2135 | j += k; | 2193 | j += k; |
| @@ -2194,9 +2252,12 @@ static int | |||
| 2194 | ssl_servername_cb(SSL *s, int *ad, void *arg) | 2252 | ssl_servername_cb(SSL *s, int *ad, void *arg) |
| 2195 | { | 2253 | { |
| 2196 | tlsextctx *p = (tlsextctx *) arg; | 2254 | tlsextctx *p = (tlsextctx *) arg; |
| 2197 | const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); | 2255 | const char *servername = SSL_get_servername(s, |
| 2256 | TLSEXT_NAMETYPE_host_name); | ||
| 2257 | |||
| 2198 | if (servername && p->biodebug) | 2258 | if (servername && p->biodebug) |
| 2199 | BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", servername); | 2259 | BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", |
| 2260 | servername); | ||
| 2200 | 2261 | ||
| 2201 | if (!p->servername) | 2262 | if (!p->servername) |
| 2202 | return SSL_TLSEXT_ERR_NOACK; | 2263 | return SSL_TLSEXT_ERR_NOACK; |
| @@ -2259,7 +2320,8 @@ cert_status_cb(SSL *s, void *arg) | |||
| 2259 | sk_OPENSSL_STRING_value(aia, 0)); | 2320 | sk_OPENSSL_STRING_value(aia, 0)); |
| 2260 | } else { | 2321 | } else { |
| 2261 | if (!srctx->host) { | 2322 | if (!srctx->host) { |
| 2262 | BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n"); | 2323 | BIO_puts(srctx->err, |
| 2324 | "cert_status: no AIA and no default responder URL\n"); | ||
| 2263 | goto done; | 2325 | goto done; |
| 2264 | } | 2326 | } |
| 2265 | host = srctx->host; | 2327 | host = srctx->host; |
| @@ -2274,7 +2336,8 @@ cert_status_cb(SSL *s, void *arg) | |||
| 2274 | goto err; | 2336 | goto err; |
| 2275 | if (X509_STORE_get_by_subject(&inctx, X509_LU_X509, | 2337 | if (X509_STORE_get_by_subject(&inctx, X509_LU_X509, |
| 2276 | X509_get_issuer_name(x), &obj) <= 0) { | 2338 | X509_get_issuer_name(x), &obj) <= 0) { |
| 2277 | BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); | 2339 | BIO_puts(err, |
| 2340 | "cert_status: Can't retrieve issuer certificate.\n"); | ||
| 2278 | X509_STORE_CTX_cleanup(&inctx); | 2341 | X509_STORE_CTX_cleanup(&inctx); |
| 2279 | goto done; | 2342 | goto done; |
| 2280 | } | 2343 | } |