summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/apps/s_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/apps/s_server.c')
-rw-r--r--src/lib/libssl/src/apps/s_server.c356
1 files changed, 28 insertions, 328 deletions
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 3f9b3704c6..8a0c34cf0f 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -186,9 +186,6 @@ typedef unsigned int u_int;
186#ifndef OPENSSL_NO_RSA 186#ifndef OPENSSL_NO_RSA
187#include <openssl/rsa.h> 187#include <openssl/rsa.h>
188#endif 188#endif
189#ifndef OPENSSL_NO_SRP
190#include <openssl/srp.h>
191#endif
192#include "s_apps.h" 189#include "s_apps.h"
193#include "timeouts.h" 190#include "timeouts.h"
194 191
@@ -293,9 +290,6 @@ static int cert_status_cb(SSL *s, void *arg);
293static int s_msg=0; 290static int s_msg=0;
294static int s_quiet=0; 291static int s_quiet=0;
295 292
296static char *keymatexportlabel=NULL;
297static int keymatexportlen=20;
298
299static int hack=0; 293static int hack=0;
300#ifndef OPENSSL_NO_ENGINE 294#ifndef OPENSSL_NO_ENGINE
301static char *engine_id=NULL; 295static char *engine_id=NULL;
@@ -308,7 +302,6 @@ static long socket_mtu;
308static int cert_chain = 0; 302static int cert_chain = 0;
309#endif 303#endif
310 304
311
312#ifndef OPENSSL_NO_PSK 305#ifndef OPENSSL_NO_PSK
313static char *psk_identity="Client_identity"; 306static char *psk_identity="Client_identity";
314char *psk_key=NULL; /* by default PSK is not used */ 307char *psk_key=NULL; /* by default PSK is not used */
@@ -376,52 +369,6 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
376 } 369 }
377#endif 370#endif
378 371
379#ifndef OPENSSL_NO_SRP
380/* This is a context that we pass to callbacks */
381typedef struct srpsrvparm_st
382 {
383 char *login;
384 SRP_VBASE *vb;
385 SRP_user_pwd *user;
386 } srpsrvparm;
387
388/* This callback pretends to require some asynchronous logic in order to obtain
389 a verifier. When the callback is called for a new connection we return
390 with a negative value. This will provoke the accept etc to return with
391 an LOOKUP_X509. The main logic of the reinvokes the suspended call
392 (which would normally occur after a worker has finished) and we
393 set the user parameters.
394*/
395static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
396 {
397 srpsrvparm *p = (srpsrvparm *)arg;
398 if (p->login == NULL && p->user == NULL )
399 {
400 p->login = SSL_get_srp_username(s);
401 BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
402 return (-1) ;
403 }
404
405 if (p->user == NULL)
406 {
407 BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
408 return SSL3_AL_FATAL;
409 }
410 if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v,
411 p->user->info) < 0)
412 {
413 *ad = SSL_AD_INTERNAL_ERROR;
414 return SSL3_AL_FATAL;
415 }
416 BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login,p->user->info);
417 /* need to check whether there are memory leaks */
418 p->user = NULL;
419 p->login = NULL;
420 return SSL_ERROR_NONE;
421 }
422
423#endif
424
425#ifdef MONOLITH 372#ifdef MONOLITH
426static void s_server_init(void) 373static void s_server_init(void)
427 { 374 {
@@ -509,14 +456,8 @@ static void sv_usage(void)
509 BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); 456 BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
510# endif 457# endif
511#endif 458#endif
512#ifndef OPENSSL_NO_SRP
513 BIO_printf(bio_err," -srpvfile file - The verifier file for SRP\n");
514 BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");
515#endif
516 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); 459 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
517 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); 460 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
518 BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n");
519 BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n");
520 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); 461 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
521 BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); 462 BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
522 BIO_printf(bio_err," -timeout - Enable timeouts\n"); 463 BIO_printf(bio_err," -timeout - Enable timeouts\n");
@@ -525,8 +466,6 @@ static void sv_usage(void)
525 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); 466 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
526 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); 467 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
527 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); 468 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
528 BIO_printf(bio_err," -no_tls1_1 - Just disable TLSv1.1\n");
529 BIO_printf(bio_err," -no_tls1_2 - Just disable TLSv1.2\n");
530#ifndef OPENSSL_NO_DH 469#ifndef OPENSSL_NO_DH
531 BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); 470 BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
532#endif 471#endif
@@ -553,13 +492,7 @@ static void sv_usage(void)
553 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); 492 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
554 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); 493 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
555 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); 494 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
556# ifndef OPENSSL_NO_NEXTPROTONEG
557 BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
558# endif
559 BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
560#endif 495#endif
561 BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
562 BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
563 } 496 }
564 497
565static int local_argc=0; 498static int local_argc=0;
@@ -893,26 +826,6 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
893 ret = SSL_TLSEXT_ERR_ALERT_FATAL; 826 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
894 goto done; 827 goto done;
895 } 828 }
896
897# ifndef OPENSSL_NO_NEXTPROTONEG
898/* This is the context that we pass to next_proto_cb */
899typedef struct tlsextnextprotoctx_st {
900 unsigned char *data;
901 unsigned int len;
902} tlsextnextprotoctx;
903
904static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
905 {
906 tlsextnextprotoctx *next_proto = arg;
907
908 *data = next_proto->data;
909 *len = next_proto->len;
910
911 return SSL_TLSEXT_ERR_OK;
912 }
913# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
914
915
916#endif 829#endif
917 830
918int MAIN(int, char **); 831int MAIN(int, char **);
@@ -920,10 +833,6 @@ int MAIN(int, char **);
920#ifndef OPENSSL_NO_JPAKE 833#ifndef OPENSSL_NO_JPAKE
921static char *jpake_secret = NULL; 834static char *jpake_secret = NULL;
922#endif 835#endif
923#ifndef OPENSSL_NO_SRP
924 static srpsrvparm srp_callback_parm;
925#endif
926static char *srtp_profiles = NULL;
927 836
928int MAIN(int argc, char *argv[]) 837int MAIN(int argc, char *argv[])
929 { 838 {
@@ -955,21 +864,21 @@ int MAIN(int argc, char *argv[])
955#ifndef OPENSSL_NO_TLSEXT 864#ifndef OPENSSL_NO_TLSEXT
956 EVP_PKEY *s_key2 = NULL; 865 EVP_PKEY *s_key2 = NULL;
957 X509 *s_cert2 = NULL; 866 X509 *s_cert2 = NULL;
867#endif
868#ifndef OPENSSL_NO_TLSEXT
958 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; 869 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
959# ifndef OPENSSL_NO_NEXTPROTONEG
960 const char *next_proto_neg_in = NULL;
961 tlsextnextprotoctx next_proto;
962# endif
963#endif 870#endif
964#ifndef OPENSSL_NO_PSK 871#ifndef OPENSSL_NO_PSK
965 /* by default do not send a PSK identity hint */ 872 /* by default do not send a PSK identity hint */
966 static char *psk_identity_hint=NULL; 873 static char *psk_identity_hint=NULL;
967#endif 874#endif
968#ifndef OPENSSL_NO_SRP 875#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
969 char *srpuserseed = NULL;
970 char *srp_verifier_file = NULL;
971#endif
972 meth=SSLv23_server_method(); 876 meth=SSLv23_server_method();
877#elif !defined(OPENSSL_NO_SSL3)
878 meth=SSLv3_server_method();
879#elif !defined(OPENSSL_NO_SSL2)
880 meth=SSLv2_server_method();
881#endif
973 882
974 local_argc=argc; 883 local_argc=argc;
975 local_argv=argv; 884 local_argv=argv;
@@ -1194,27 +1103,13 @@ int MAIN(int argc, char *argv[])
1194 psk_key=*(++argv); 1103 psk_key=*(++argv);
1195 for (i=0; i<strlen(psk_key); i++) 1104 for (i=0; i<strlen(psk_key); i++)
1196 { 1105 {
1197 if (isxdigit((unsigned char)psk_key[i])) 1106 if (isxdigit((int)psk_key[i]))
1198 continue; 1107 continue;
1199 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); 1108 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
1200 goto bad; 1109 goto bad;
1201 } 1110 }
1202 } 1111 }
1203#endif 1112#endif
1204#ifndef OPENSSL_NO_SRP
1205 else if (strcmp(*argv, "-srpvfile") == 0)
1206 {
1207 if (--argc < 1) goto bad;
1208 srp_verifier_file = *(++argv);
1209 meth=TLSv1_server_method();
1210 }
1211 else if (strcmp(*argv, "-srpuserseed") == 0)
1212 {
1213 if (--argc < 1) goto bad;
1214 srpuserseed = *(++argv);
1215 meth=TLSv1_server_method();
1216 }
1217#endif
1218 else if (strcmp(*argv,"-www") == 0) 1113 else if (strcmp(*argv,"-www") == 0)
1219 { www=1; } 1114 { www=1; }
1220 else if (strcmp(*argv,"-WWW") == 0) 1115 else if (strcmp(*argv,"-WWW") == 0)
@@ -1227,10 +1122,6 @@ int MAIN(int argc, char *argv[])
1227 { off|=SSL_OP_NO_SSLv3; } 1122 { off|=SSL_OP_NO_SSLv3; }
1228 else if (strcmp(*argv,"-no_tls1") == 0) 1123 else if (strcmp(*argv,"-no_tls1") == 0)
1229 { off|=SSL_OP_NO_TLSv1; } 1124 { off|=SSL_OP_NO_TLSv1; }
1230 else if (strcmp(*argv,"-no_tls1_1") == 0)
1231 { off|=SSL_OP_NO_TLSv1_1; }
1232 else if (strcmp(*argv,"-no_tls1_2") == 0)
1233 { off|=SSL_OP_NO_TLSv1_2; }
1234 else if (strcmp(*argv,"-no_comp") == 0) 1125 else if (strcmp(*argv,"-no_comp") == 0)
1235 { off|=SSL_OP_NO_COMPRESSION; } 1126 { off|=SSL_OP_NO_COMPRESSION; }
1236#ifndef OPENSSL_NO_TLSEXT 1127#ifndef OPENSSL_NO_TLSEXT
@@ -1248,10 +1139,6 @@ int MAIN(int argc, char *argv[])
1248#ifndef OPENSSL_NO_TLS1 1139#ifndef OPENSSL_NO_TLS1
1249 else if (strcmp(*argv,"-tls1") == 0) 1140 else if (strcmp(*argv,"-tls1") == 0)
1250 { meth=TLSv1_server_method(); } 1141 { meth=TLSv1_server_method(); }
1251 else if (strcmp(*argv,"-tls1_1") == 0)
1252 { meth=TLSv1_1_server_method(); }
1253 else if (strcmp(*argv,"-tls1_2") == 0)
1254 { meth=TLSv1_2_server_method(); }
1255#endif 1142#endif
1256#ifndef OPENSSL_NO_DTLS1 1143#ifndef OPENSSL_NO_DTLS1
1257 else if (strcmp(*argv,"-dtls1") == 0) 1144 else if (strcmp(*argv,"-dtls1") == 0)
@@ -1304,13 +1191,7 @@ int MAIN(int argc, char *argv[])
1304 if (--argc < 1) goto bad; 1191 if (--argc < 1) goto bad;
1305 s_key_file2= *(++argv); 1192 s_key_file2= *(++argv);
1306 } 1193 }
1307# ifndef OPENSSL_NO_NEXTPROTONEG 1194
1308 else if (strcmp(*argv,"-nextprotoneg") == 0)
1309 {
1310 if (--argc < 1) goto bad;
1311 next_proto_neg_in = *(++argv);
1312 }
1313# endif
1314#endif 1195#endif
1315#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 1196#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1316 else if (strcmp(*argv,"-jpake") == 0) 1197 else if (strcmp(*argv,"-jpake") == 0)
@@ -1319,22 +1200,6 @@ int MAIN(int argc, char *argv[])
1319 jpake_secret = *(++argv); 1200 jpake_secret = *(++argv);
1320 } 1201 }
1321#endif 1202#endif
1322 else if (strcmp(*argv,"-use_srtp") == 0)
1323 {
1324 if (--argc < 1) goto bad;
1325 srtp_profiles = *(++argv);
1326 }
1327 else if (strcmp(*argv,"-keymatexport") == 0)
1328 {
1329 if (--argc < 1) goto bad;
1330 keymatexportlabel= *(++argv);
1331 }
1332 else if (strcmp(*argv,"-keymatexportlen") == 0)
1333 {
1334 if (--argc < 1) goto bad;
1335 keymatexportlen=atoi(*(++argv));
1336 if (keymatexportlen == 0) goto bad;
1337 }
1338 else 1203 else
1339 { 1204 {
1340 BIO_printf(bio_err,"unknown option %s\n",*argv); 1205 BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -1431,22 +1296,6 @@ bad:
1431 goto end; 1296 goto end;
1432 } 1297 }
1433 } 1298 }
1434
1435# ifndef OPENSSL_NO_NEXTPROTONEG
1436 if (next_proto_neg_in)
1437 {
1438 unsigned short len;
1439 next_proto.data = next_protos_parse(&len,
1440 next_proto_neg_in);
1441 if (next_proto.data == NULL)
1442 goto end;
1443 next_proto.len = len;
1444 }
1445 else
1446 {
1447 next_proto.data = NULL;
1448 }
1449# endif
1450#endif 1299#endif
1451 } 1300 }
1452 1301
@@ -1550,9 +1399,6 @@ bad:
1550 else 1399 else
1551 SSL_CTX_sess_set_cache_size(ctx,128); 1400 SSL_CTX_sess_set_cache_size(ctx,128);
1552 1401
1553 if (srtp_profiles != NULL)
1554 SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
1555
1556#if 0 1402#if 0
1557 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); 1403 if (cipher == NULL) cipher=getenv("SSL_CIPHER");
1558#endif 1404#endif
@@ -1630,11 +1476,6 @@ bad:
1630 if (vpm) 1476 if (vpm)
1631 SSL_CTX_set1_param(ctx2, vpm); 1477 SSL_CTX_set1_param(ctx2, vpm);
1632 } 1478 }
1633
1634# ifndef OPENSSL_NO_NEXTPROTONEG
1635 if (next_proto.data)
1636 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
1637# endif
1638#endif 1479#endif
1639 1480
1640#ifndef OPENSSL_NO_DH 1481#ifndef OPENSSL_NO_DH
@@ -1843,25 +1684,6 @@ bad:
1843 } 1684 }
1844#endif 1685#endif
1845 1686
1846#ifndef OPENSSL_NO_SRP
1847 if (srp_verifier_file != NULL)
1848 {
1849 srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
1850 srp_callback_parm.user = NULL;
1851 srp_callback_parm.login = NULL;
1852 if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR)
1853 {
1854 BIO_printf(bio_err,
1855 "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
1856 srp_verifier_file, ret);
1857 goto end;
1858 }
1859 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,verify_callback);
1860 SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
1861 SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
1862 }
1863 else
1864#endif
1865 if (CAfile != NULL) 1687 if (CAfile != NULL)
1866 { 1688 {
1867 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); 1689 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
@@ -1943,9 +1765,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
1943 unsigned long l; 1765 unsigned long l;
1944 SSL *con=NULL; 1766 SSL *con=NULL;
1945 BIO *sbio; 1767 BIO *sbio;
1946#ifndef OPENSSL_NO_KRB5
1947 KSSL_CTX *kctx;
1948#endif
1949 struct timeval timeout; 1768 struct timeval timeout;
1950#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) 1769#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
1951 struct timeval tv; 1770 struct timeval tv;
@@ -1986,11 +1805,12 @@ static int sv_body(char *hostname, int s, unsigned char *context)
1986 } 1805 }
1987#endif 1806#endif
1988#ifndef OPENSSL_NO_KRB5 1807#ifndef OPENSSL_NO_KRB5
1989 if ((kctx = kssl_ctx_new()) != NULL) 1808 if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
1990 { 1809 {
1991 SSL_set0_kssl_ctx(con, kctx); 1810 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
1992 kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); 1811 KRB5SVC);
1993 kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); 1812 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
1813 KRB5KEYTAB);
1994 } 1814 }
1995#endif /* OPENSSL_NO_KRB5 */ 1815#endif /* OPENSSL_NO_KRB5 */
1996 if(context) 1816 if(context)
@@ -2053,7 +1873,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
2053 1873
2054 if (s_debug) 1874 if (s_debug)
2055 { 1875 {
2056 SSL_set_debug(con, 1); 1876 con->debug=1;
2057 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); 1877 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
2058 BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); 1878 BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
2059 } 1879 }
@@ -2182,16 +2002,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
2182 goto err; 2002 goto err;
2183 } 2003 }
2184 2004
2185#ifndef OPENSSL_NO_HEARTBEATS
2186 if ((buf[0] == 'B') &&
2187 ((buf[1] == '\n') || (buf[1] == '\r')))
2188 {
2189 BIO_printf(bio_err,"HEARTBEATING\n");
2190 SSL_heartbeat(con);
2191 i=0;
2192 continue;
2193 }
2194#endif
2195 if ((buf[0] == 'r') && 2005 if ((buf[0] == 'r') &&
2196 ((buf[1] == '\n') || (buf[1] == '\r'))) 2006 ((buf[1] == '\n') || (buf[1] == '\r')))
2197 { 2007 {
@@ -2235,18 +2045,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
2235{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } } 2045{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
2236#endif 2046#endif
2237 k=SSL_write(con,&(buf[l]),(unsigned int)i); 2047 k=SSL_write(con,&(buf[l]),(unsigned int)i);
2238#ifndef OPENSSL_NO_SRP
2239 while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP)
2240 {
2241 BIO_printf(bio_s_out,"LOOKUP renego during write\n");
2242 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2243 if (srp_callback_parm.user)
2244 BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
2245 else
2246 BIO_printf(bio_s_out,"LOOKUP not successful\n");
2247 k=SSL_write(con,&(buf[l]),(unsigned int)i);
2248 }
2249#endif
2250 switch (SSL_get_error(con,k)) 2048 switch (SSL_get_error(con,k))
2251 { 2049 {
2252 case SSL_ERROR_NONE: 2050 case SSL_ERROR_NONE:
@@ -2294,18 +2092,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
2294 { 2092 {
2295again: 2093again:
2296 i=SSL_read(con,(char *)buf,bufsize); 2094 i=SSL_read(con,(char *)buf,bufsize);
2297#ifndef OPENSSL_NO_SRP
2298 while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
2299 {
2300 BIO_printf(bio_s_out,"LOOKUP renego during read\n");
2301 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2302 if (srp_callback_parm.user)
2303 BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
2304 else
2305 BIO_printf(bio_s_out,"LOOKUP not successful\n");
2306 i=SSL_read(con,(char *)buf,bufsize);
2307 }
2308#endif
2309 switch (SSL_get_error(con,i)) 2095 switch (SSL_get_error(con,i))
2310 { 2096 {
2311 case SSL_ERROR_NONE: 2097 case SSL_ERROR_NONE:
@@ -2318,6 +2104,7 @@ again:
2318 break; 2104 break;
2319 case SSL_ERROR_WANT_WRITE: 2105 case SSL_ERROR_WANT_WRITE:
2320 case SSL_ERROR_WANT_READ: 2106 case SSL_ERROR_WANT_READ:
2107 case SSL_ERROR_WANT_X509_LOOKUP:
2321 BIO_printf(bio_s_out,"Read BLOCK\n"); 2108 BIO_printf(bio_s_out,"Read BLOCK\n");
2322 break; 2109 break;
2323 case SSL_ERROR_SYSCALL: 2110 case SSL_ERROR_SYSCALL:
@@ -2372,30 +2159,8 @@ static int init_ssl_connection(SSL *con)
2372 X509 *peer; 2159 X509 *peer;
2373 long verify_error; 2160 long verify_error;
2374 MS_STATIC char buf[BUFSIZ]; 2161 MS_STATIC char buf[BUFSIZ];
2375#ifndef OPENSSL_NO_KRB5
2376 char *client_princ;
2377#endif
2378#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2379 const unsigned char *next_proto_neg;
2380 unsigned next_proto_neg_len;
2381#endif
2382 unsigned char *exportedkeymat;
2383 2162
2384 2163 if ((i=SSL_accept(con)) <= 0)
2385 i=SSL_accept(con);
2386#ifndef OPENSSL_NO_SRP
2387 while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
2388 {
2389 BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
2390 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2391 if (srp_callback_parm.user)
2392 BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
2393 else
2394 BIO_printf(bio_s_out,"LOOKUP not successful\n");
2395 i=SSL_accept(con);
2396 }
2397#endif
2398 if (i <= 0)
2399 { 2164 {
2400 if (BIO_sock_should_retry(i)) 2165 if (BIO_sock_should_retry(i))
2401 { 2166 {
@@ -2433,67 +2198,19 @@ static int init_ssl_connection(SSL *con)
2433 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); 2198 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
2434 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 2199 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
2435 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); 2200 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
2436#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 2201 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
2437 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
2438 if (next_proto_neg)
2439 {
2440 BIO_printf(bio_s_out,"NEXTPROTO is ");
2441 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
2442 BIO_printf(bio_s_out, "\n");
2443 }
2444#endif
2445 {
2446 SRTP_PROTECTION_PROFILE *srtp_profile
2447 = SSL_get_selected_srtp_profile(con);
2448
2449 if(srtp_profile)
2450 BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n",
2451 srtp_profile->name);
2452 }
2453 if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
2454 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & 2202 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
2455 TLS1_FLAGS_TLS_PADDING_BUG) 2203 TLS1_FLAGS_TLS_PADDING_BUG)
2456 BIO_printf(bio_s_out, 2204 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
2457 "Peer has incorrect TLSv1 block padding\n");
2458#ifndef OPENSSL_NO_KRB5 2205#ifndef OPENSSL_NO_KRB5
2459 client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con)); 2206 if (con->kssl_ctx->client_princ != NULL)
2460 if (client_princ != NULL)
2461 { 2207 {
2462 BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", 2208 BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
2463 client_princ); 2209 con->kssl_ctx->client_princ);
2464 } 2210 }
2465#endif /* OPENSSL_NO_KRB5 */ 2211#endif /* OPENSSL_NO_KRB5 */
2466 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", 2212 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
2467 SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); 2213 SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
2468 if (keymatexportlabel != NULL)
2469 {
2470 BIO_printf(bio_s_out, "Keying material exporter:\n");
2471 BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
2472 BIO_printf(bio_s_out, " Length: %i bytes\n",
2473 keymatexportlen);
2474 exportedkeymat = OPENSSL_malloc(keymatexportlen);
2475 if (exportedkeymat != NULL)
2476 {
2477 if (!SSL_export_keying_material(con, exportedkeymat,
2478 keymatexportlen,
2479 keymatexportlabel,
2480 strlen(keymatexportlabel),
2481 NULL, 0, 0))
2482 {
2483 BIO_printf(bio_s_out, " Error\n");
2484 }
2485 else
2486 {
2487 BIO_printf(bio_s_out, " Keying material: ");
2488 for (i=0; i<keymatexportlen; i++)
2489 BIO_printf(bio_s_out, "%02X",
2490 exportedkeymat[i]);
2491 BIO_printf(bio_s_out, "\n");
2492 }
2493 OPENSSL_free(exportedkeymat);
2494 }
2495 }
2496
2497 return(1); 2214 return(1);
2498 } 2215 }
2499 2216
@@ -2511,9 +2228,6 @@ err:
2511 return(ret); 2228 return(ret);
2512 } 2229 }
2513#endif 2230#endif
2514#ifndef OPENSSL_NO_KRB5
2515 char *client_princ;
2516#endif
2517 2231
2518#if 0 2232#if 0
2519static int load_CA(SSL_CTX *ctx, char *file) 2233static int load_CA(SSL_CTX *ctx, char *file)
@@ -2544,9 +2258,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
2544 SSL *con; 2258 SSL *con;
2545 const SSL_CIPHER *c; 2259 const SSL_CIPHER *c;
2546 BIO *io,*ssl_bio,*sbio; 2260 BIO *io,*ssl_bio,*sbio;
2547#ifndef OPENSSL_NO_KRB5
2548 KSSL_CTX *kctx;
2549#endif
2550 2261
2551 buf=OPENSSL_malloc(bufsize); 2262 buf=OPENSSL_malloc(bufsize);
2552 if (buf == NULL) return(0); 2263 if (buf == NULL) return(0);
@@ -2578,10 +2289,10 @@ static int www_body(char *hostname, int s, unsigned char *context)
2578 } 2289 }
2579#endif 2290#endif
2580#ifndef OPENSSL_NO_KRB5 2291#ifndef OPENSSL_NO_KRB5
2581 if ((kctx = kssl_ctx_new()) != NULL) 2292 if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
2582 { 2293 {
2583 kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); 2294 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
2584 kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); 2295 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
2585 } 2296 }
2586#endif /* OPENSSL_NO_KRB5 */ 2297#endif /* OPENSSL_NO_KRB5 */
2587 if(context) SSL_set_session_id_context(con, context, 2298 if(context) SSL_set_session_id_context(con, context,
@@ -2607,7 +2318,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
2607 2318
2608 if (s_debug) 2319 if (s_debug)
2609 { 2320 {
2610 SSL_set_debug(con, 1); 2321 con->debug=1;
2611 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); 2322 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
2612 BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); 2323 BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
2613 } 2324 }
@@ -2622,18 +2333,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
2622 if (hack) 2333 if (hack)
2623 { 2334 {
2624 i=SSL_accept(con); 2335 i=SSL_accept(con);
2625#ifndef OPENSSL_NO_SRP 2336
2626 while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
2627 {
2628 BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
2629 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2630 if (srp_callback_parm.user)
2631 BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
2632 else
2633 BIO_printf(bio_s_out,"LOOKUP not successful\n");
2634 i=SSL_accept(con);
2635 }
2636#endif
2637 switch (SSL_get_error(con,i)) 2337 switch (SSL_get_error(con,i))
2638 { 2338 {
2639 case SSL_ERROR_NONE: 2339 case SSL_ERROR_NONE:
@@ -2739,7 +2439,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
2739 } 2439 }
2740 BIO_puts(io,"\n"); 2440 BIO_puts(io,"\n");
2741 } 2441 }
2742 BIO_printf(io,(SSL_cache_hit(con) 2442 BIO_printf(io,((con->hit)
2743 ?"---\nReused, " 2443 ?"---\nReused, "
2744 :"---\nNew, ")); 2444 :"---\nNew, "));
2745 c=SSL_get_current_cipher(con); 2445 c=SSL_get_current_cipher(con);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 22:42:09 +0000