diff options
Diffstat (limited to 'src/lib/libssl/src/apps/s_server.c')
| -rw-r--r-- | src/lib/libssl/src/apps/s_server.c | 140 |
1 files changed, 90 insertions, 50 deletions
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c index 9a81418cda..af19b89227 100644 --- a/src/lib/libssl/src/apps/s_server.c +++ b/src/lib/libssl/src/apps/s_server.c | |||
| @@ -56,9 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifdef APPS_CRLF | 59 | #include <assert.h> |
| 60 | # include <assert.h> | ||
| 61 | #endif | ||
| 62 | #include <stdio.h> | 60 | #include <stdio.h> |
| 63 | #include <stdlib.h> | 61 | #include <stdlib.h> |
| 64 | #include <string.h> | 62 | #include <string.h> |
| @@ -87,15 +85,15 @@ typedef unsigned int u_int; | |||
| 87 | #include <openssl/ssl.h> | 85 | #include <openssl/ssl.h> |
| 88 | #include "s_apps.h" | 86 | #include "s_apps.h" |
| 89 | 87 | ||
| 88 | #ifdef WINDOWS | ||
| 89 | #include <conio.h> | ||
| 90 | #endif | ||
| 91 | |||
| 90 | #if (defined(VMS) && __VMS_VER < 70000000) | 92 | #if (defined(VMS) && __VMS_VER < 70000000) |
| 91 | /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ | 93 | /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ |
| 92 | #undef FIONBIO | 94 | #undef FIONBIO |
| 93 | #endif | 95 | #endif |
| 94 | 96 | ||
| 95 | #if defined(NO_RSA) && !defined(NO_SSL2) | ||
| 96 | #define NO_SSL2 | ||
| 97 | #endif | ||
| 98 | |||
| 99 | #ifndef NO_RSA | 97 | #ifndef NO_RSA |
| 100 | static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); | 98 | static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); |
| 101 | #endif | 99 | #endif |
| @@ -106,10 +104,12 @@ static void sv_usage(void); | |||
| 106 | static int init_ssl_connection(SSL *s); | 104 | static int init_ssl_connection(SSL *s); |
| 107 | static void print_stats(BIO *bp,SSL_CTX *ctx); | 105 | static void print_stats(BIO *bp,SSL_CTX *ctx); |
| 108 | #ifndef NO_DH | 106 | #ifndef NO_DH |
| 109 | static DH *load_dh_param(void ); | 107 | static DH *load_dh_param(char *dhfile); |
| 110 | static DH *get_dh512(void); | 108 | static DH *get_dh512(void); |
| 111 | #endif | 109 | #endif |
| 112 | /* static void s_server_init(void);*/ | 110 | #ifdef MONOLITH |
| 111 | static void s_server_init(void); | ||
| 112 | #endif | ||
| 113 | 113 | ||
| 114 | #ifndef S_ISDIR | 114 | #ifndef S_ISDIR |
| 115 | # if defined(_S_IFMT) && defined(_S_IFDIR) | 115 | # if defined(_S_IFMT) && defined(_S_IFDIR) |
| @@ -149,15 +149,13 @@ static DH *get_dh512(void) | |||
| 149 | 149 | ||
| 150 | #undef BUFSIZZ | 150 | #undef BUFSIZZ |
| 151 | #define BUFSIZZ 16*1024 | 151 | #define BUFSIZZ 16*1024 |
| 152 | static int bufsize=32; | 152 | static int bufsize=BUFSIZZ; |
| 153 | static int accept_socket= -1; | 153 | static int accept_socket= -1; |
| 154 | 154 | ||
| 155 | #define TEST_CERT "server.pem" | 155 | #define TEST_CERT "server.pem" |
| 156 | #undef PROG | 156 | #undef PROG |
| 157 | #define PROG s_server_main | 157 | #define PROG s_server_main |
| 158 | 158 | ||
| 159 | #define DH_PARAM "server.pem" | ||
| 160 | |||
| 161 | extern int verify_depth; | 159 | extern int verify_depth; |
| 162 | 160 | ||
| 163 | static char *cipher=NULL; | 161 | static char *cipher=NULL; |
| @@ -169,9 +167,7 @@ static char *s_dcert_file=NULL,*s_dkey_file=NULL; | |||
| 169 | static int s_nbio=0; | 167 | static int s_nbio=0; |
| 170 | #endif | 168 | #endif |
| 171 | static int s_nbio_test=0; | 169 | static int s_nbio_test=0; |
| 172 | #ifdef APPS_CRLF /* won't be #ifdef'd in next release */ | ||
| 173 | int s_crlf=0; | 170 | int s_crlf=0; |
| 174 | #endif | ||
| 175 | static SSL_CTX *ctx=NULL; | 171 | static SSL_CTX *ctx=NULL; |
| 176 | static int www=0; | 172 | static int www=0; |
| 177 | 173 | ||
| @@ -179,9 +175,12 @@ static BIO *bio_s_out=NULL; | |||
| 179 | static int s_debug=0; | 175 | static int s_debug=0; |
| 180 | static int s_quiet=0; | 176 | static int s_quiet=0; |
| 181 | 177 | ||
| 182 | #if 0 | 178 | static int hack=0; |
| 179 | |||
| 180 | #ifdef MONOLITH | ||
| 183 | static void s_server_init(void) | 181 | static void s_server_init(void) |
| 184 | { | 182 | { |
| 183 | accept_socket=-1; | ||
| 185 | cipher=NULL; | 184 | cipher=NULL; |
| 186 | s_server_verify=SSL_VERIFY_NONE; | 185 | s_server_verify=SSL_VERIFY_NONE; |
| 187 | s_dcert_file=NULL; | 186 | s_dcert_file=NULL; |
| @@ -198,6 +197,7 @@ static void s_server_init(void) | |||
| 198 | bio_s_out=NULL; | 197 | bio_s_out=NULL; |
| 199 | s_debug=0; | 198 | s_debug=0; |
| 200 | s_quiet=0; | 199 | s_quiet=0; |
| 200 | hack=0; | ||
| 201 | } | 201 | } |
| 202 | #endif | 202 | #endif |
| 203 | 203 | ||
| @@ -211,17 +211,17 @@ static void sv_usage(void) | |||
| 211 | BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); | 211 | BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); |
| 212 | BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); | 212 | BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); |
| 213 | BIO_printf(bio_err," (default is %s)\n",TEST_CERT); | 213 | BIO_printf(bio_err," (default is %s)\n",TEST_CERT); |
| 214 | BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n"); | 214 | BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n"); |
| 215 | BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); | 215 | BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); |
| 216 | BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); | 216 | BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); |
| 217 | BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); | 217 | BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); |
| 218 | BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); | ||
| 219 | BIO_printf(bio_err," or a default set of parameters is used\n"); | ||
| 218 | #ifdef FIONBIO | 220 | #ifdef FIONBIO |
| 219 | BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); | 221 | BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); |
| 220 | #endif | 222 | #endif |
| 221 | BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); | 223 | BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); |
| 222 | #ifdef APPS_CRLF | ||
| 223 | BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); | 224 | BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); |
| 224 | #endif | ||
| 225 | BIO_printf(bio_err," -debug - Print more output\n"); | 225 | BIO_printf(bio_err," -debug - Print more output\n"); |
| 226 | BIO_printf(bio_err," -state - Print the SSL states\n"); | 226 | BIO_printf(bio_err," -state - Print the SSL states\n"); |
| 227 | BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); | 227 | BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); |
| @@ -239,14 +239,13 @@ static void sv_usage(void) | |||
| 239 | #ifndef NO_DH | 239 | #ifndef NO_DH |
| 240 | BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); | 240 | BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); |
| 241 | #endif | 241 | #endif |
| 242 | BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n"); | 242 | BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); |
| 243 | BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); | 243 | BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); |
| 244 | BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); | 244 | BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); |
| 245 | } | 245 | } |
| 246 | 246 | ||
| 247 | static int local_argc=0; | 247 | static int local_argc=0; |
| 248 | static char **local_argv; | 248 | static char **local_argv; |
| 249 | static int hack=0; | ||
| 250 | 249 | ||
| 251 | #ifdef CHARSET_EBCDIC | 250 | #ifdef CHARSET_EBCDIC |
| 252 | static int ebcdic_new(BIO *bi); | 251 | static int ebcdic_new(BIO *bi); |
| @@ -337,7 +336,7 @@ static int ebcdic_write(BIO *b, char *in, int inl) | |||
| 337 | num = num + num; /* double the size */ | 336 | num = num + num; /* double the size */ |
| 338 | if (num < inl) | 337 | if (num < inl) |
| 339 | num = inl; | 338 | num = inl; |
| 340 | Free((char*)wbuf); | 339 | Free(wbuf); |
| 341 | wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num); | 340 | wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num); |
| 342 | 341 | ||
| 343 | wbuf->alloced = num; | 342 | wbuf->alloced = num; |
| @@ -398,11 +397,14 @@ static int ebcdic_puts(BIO *bp, char *str) | |||
| 398 | } | 397 | } |
| 399 | #endif | 398 | #endif |
| 400 | 399 | ||
| 400 | int MAIN(int, char **); | ||
| 401 | |||
| 401 | int MAIN(int argc, char *argv[]) | 402 | int MAIN(int argc, char *argv[]) |
| 402 | { | 403 | { |
| 403 | short port=PORT; | 404 | short port=PORT; |
| 404 | char *CApath=NULL,*CAfile=NULL; | 405 | char *CApath=NULL,*CAfile=NULL; |
| 405 | char *context = NULL; | 406 | char *context = NULL; |
| 407 | char *dhfile = NULL; | ||
| 406 | int badop=0,bugs=0; | 408 | int badop=0,bugs=0; |
| 407 | int ret=1; | 409 | int ret=1; |
| 408 | int off=0; | 410 | int off=0; |
| @@ -425,8 +427,9 @@ int MAIN(int argc, char *argv[]) | |||
| 425 | local_argv=argv; | 427 | local_argv=argv; |
| 426 | 428 | ||
| 427 | apps_startup(); | 429 | apps_startup(); |
| 428 | s_quiet=0; | 430 | #ifdef MONOLITH |
| 429 | s_debug=0; | 431 | s_server_init(); |
| 432 | #endif | ||
| 430 | 433 | ||
| 431 | if (bio_err == NULL) | 434 | if (bio_err == NULL) |
| 432 | bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); | 435 | bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); |
| @@ -479,6 +482,11 @@ int MAIN(int argc, char *argv[]) | |||
| 479 | if (--argc < 1) goto bad; | 482 | if (--argc < 1) goto bad; |
| 480 | s_key_file= *(++argv); | 483 | s_key_file= *(++argv); |
| 481 | } | 484 | } |
| 485 | else if (strcmp(*argv,"-dhparam") == 0) | ||
| 486 | { | ||
| 487 | if (--argc < 1) goto bad; | ||
| 488 | dhfile = *(++argv); | ||
| 489 | } | ||
| 482 | else if (strcmp(*argv,"-dcert") == 0) | 490 | else if (strcmp(*argv,"-dcert") == 0) |
| 483 | { | 491 | { |
| 484 | if (--argc < 1) goto bad; | 492 | if (--argc < 1) goto bad; |
| @@ -525,10 +533,8 @@ int MAIN(int argc, char *argv[]) | |||
| 525 | { hack=1; } | 533 | { hack=1; } |
| 526 | else if (strcmp(*argv,"-state") == 0) | 534 | else if (strcmp(*argv,"-state") == 0) |
| 527 | { state=1; } | 535 | { state=1; } |
| 528 | #ifdef APPS_CRLF | ||
| 529 | else if (strcmp(*argv,"-crlf") == 0) | 536 | else if (strcmp(*argv,"-crlf") == 0) |
| 530 | { s_crlf=1; } | 537 | { s_crlf=1; } |
| 531 | #endif | ||
| 532 | else if (strcmp(*argv,"-quiet") == 0) | 538 | else if (strcmp(*argv,"-quiet") == 0) |
| 533 | { s_quiet=1; } | 539 | { s_quiet=1; } |
| 534 | else if (strcmp(*argv,"-bugs") == 0) | 540 | else if (strcmp(*argv,"-bugs") == 0) |
| @@ -575,6 +581,8 @@ bad: | |||
| 575 | goto end; | 581 | goto end; |
| 576 | } | 582 | } |
| 577 | 583 | ||
| 584 | app_RAND_load_file(NULL, bio_err, 0); | ||
| 585 | |||
| 578 | if (bio_s_out == NULL) | 586 | if (bio_s_out == NULL) |
| 579 | { | 587 | { |
| 580 | if (s_quiet && !s_debug) | 588 | if (s_quiet && !s_debug) |
| @@ -599,7 +607,7 @@ bad: | |||
| 599 | } | 607 | } |
| 600 | 608 | ||
| 601 | SSL_load_error_strings(); | 609 | SSL_load_error_strings(); |
| 602 | SSLeay_add_ssl_algorithms(); | 610 | OpenSSL_add_ssl_algorithms(); |
| 603 | 611 | ||
| 604 | ctx=SSL_CTX_new(meth); | 612 | ctx=SSL_CTX_new(meth); |
| 605 | if (ctx == NULL) | 613 | if (ctx == NULL) |
| @@ -641,8 +649,7 @@ bad: | |||
| 641 | #ifndef NO_DH | 649 | #ifndef NO_DH |
| 642 | if (!no_dhe) | 650 | if (!no_dhe) |
| 643 | { | 651 | { |
| 644 | /* EAY EAY EAY evil hack */ | 652 | dh=load_dh_param(dhfile ? dhfile : s_cert_file); |
| 645 | dh=load_dh_param(); | ||
| 646 | if (dh != NULL) | 653 | if (dh != NULL) |
| 647 | { | 654 | { |
| 648 | BIO_printf(bio_s_out,"Setting temp DH parameters\n"); | 655 | BIO_printf(bio_s_out,"Setting temp DH parameters\n"); |
| @@ -692,12 +699,17 @@ bad: | |||
| 692 | #endif | 699 | #endif |
| 693 | 700 | ||
| 694 | if (cipher != NULL) | 701 | if (cipher != NULL) |
| 695 | SSL_CTX_set_cipher_list(ctx,cipher); | 702 | if(!SSL_CTX_set_cipher_list(ctx,cipher)) { |
| 703 | BIO_printf(bio_err,"error setting cipher list\n"); | ||
| 704 | ERR_print_errors(bio_err); | ||
| 705 | goto end; | ||
| 706 | } | ||
| 696 | SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); | 707 | SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); |
| 697 | SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, | 708 | SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, |
| 698 | sizeof s_server_session_id_context); | 709 | sizeof s_server_session_id_context); |
| 699 | 710 | ||
| 700 | SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); | 711 | if (CAfile != NULL) |
| 712 | SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); | ||
| 701 | 713 | ||
| 702 | BIO_printf(bio_s_out,"ACCEPT\n"); | 714 | BIO_printf(bio_s_out,"ACCEPT\n"); |
| 703 | if (www) | 715 | if (www) |
| @@ -750,6 +762,9 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 750 | unsigned long l; | 762 | unsigned long l; |
| 751 | SSL *con=NULL; | 763 | SSL *con=NULL; |
| 752 | BIO *sbio; | 764 | BIO *sbio; |
| 765 | #ifdef WINDOWS | ||
| 766 | struct timeval tv; | ||
| 767 | #endif | ||
| 753 | 768 | ||
| 754 | if ((buf=Malloc(bufsize)) == NULL) | 769 | if ((buf=Malloc(bufsize)) == NULL) |
| 755 | { | 770 | { |
| @@ -769,7 +784,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 769 | #endif | 784 | #endif |
| 770 | 785 | ||
| 771 | if (con == NULL) { | 786 | if (con == NULL) { |
| 772 | con=(SSL *)SSL_new(ctx); | 787 | con=SSL_new(ctx); |
| 773 | if(context) | 788 | if(context) |
| 774 | SSL_set_session_id_context(con, context, | 789 | SSL_set_session_id_context(con, context, |
| 775 | strlen((char *)context)); | 790 | strlen((char *)context)); |
| @@ -798,22 +813,48 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 798 | width=s+1; | 813 | width=s+1; |
| 799 | for (;;) | 814 | for (;;) |
| 800 | { | 815 | { |
| 801 | FD_ZERO(&readfds); | 816 | int read_from_terminal; |
| 817 | int read_from_sslcon; | ||
| 818 | |||
| 819 | read_from_terminal = 0; | ||
| 820 | read_from_sslcon = SSL_pending(con); | ||
| 821 | |||
| 822 | if (!read_from_sslcon) | ||
| 823 | { | ||
| 824 | FD_ZERO(&readfds); | ||
| 802 | #ifndef WINDOWS | 825 | #ifndef WINDOWS |
| 803 | FD_SET(fileno(stdin),&readfds); | 826 | FD_SET(fileno(stdin),&readfds); |
| 804 | #endif | 827 | #endif |
| 805 | FD_SET(s,&readfds); | 828 | FD_SET(s,&readfds); |
| 806 | /* Note: under VMS with SOCKETSHR the second parameter is | 829 | /* Note: under VMS with SOCKETSHR the second parameter is |
| 807 | * currently of type (int *) whereas under other systems | 830 | * currently of type (int *) whereas under other systems |
| 808 | * it is (void *) if you don't have a cast it will choke | 831 | * it is (void *) if you don't have a cast it will choke |
| 809 | * the compiler: if you do have a cast then you can either | 832 | * the compiler: if you do have a cast then you can either |
| 810 | * go for (int *) or (void *). | 833 | * go for (int *) or (void *). |
| 811 | */ | 834 | */ |
| 812 | i=select(width,(void *)&readfds,NULL,NULL,NULL); | 835 | #ifdef WINDOWS |
| 813 | if (i <= 0) continue; | 836 | /* Under Windows we can't select on stdin: only |
| 814 | if (FD_ISSET(fileno(stdin),&readfds)) | 837 | * on sockets. As a workaround we timeout the select every |
| 838 | * second and check for any keypress. In a proper Windows | ||
| 839 | * application we wouldn't do this because it is inefficient. | ||
| 840 | */ | ||
| 841 | tv.tv_sec = 1; | ||
| 842 | tv.tv_usec = 0; | ||
| 843 | i=select(width,(void *)&readfds,NULL,NULL,&tv); | ||
| 844 | if((i < 0) || (!i && !_kbhit() ) )continue; | ||
| 845 | if(_kbhit()) | ||
| 846 | read_from_terminal = 1; | ||
| 847 | #else | ||
| 848 | i=select(width,(void *)&readfds,NULL,NULL,NULL); | ||
| 849 | if (i <= 0) continue; | ||
| 850 | if (FD_ISSET(fileno(stdin),&readfds)) | ||
| 851 | read_from_terminal = 1; | ||
| 852 | #endif | ||
| 853 | if (FD_ISSET(s,&readfds)) | ||
| 854 | read_from_sslcon = 1; | ||
| 855 | } | ||
| 856 | if (read_from_terminal) | ||
| 815 | { | 857 | { |
| 816 | #ifdef APPS_CRLF | ||
| 817 | if (s_crlf) | 858 | if (s_crlf) |
| 818 | { | 859 | { |
| 819 | int j, lf_num; | 860 | int j, lf_num; |
| @@ -837,7 +878,6 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 837 | assert(lf_num == 0); | 878 | assert(lf_num == 0); |
| 838 | } | 879 | } |
| 839 | else | 880 | else |
| 840 | #endif | ||
| 841 | i=read(fileno(stdin),buf,bufsize); | 881 | i=read(fileno(stdin),buf,bufsize); |
| 842 | if (!s_quiet) | 882 | if (!s_quiet) |
| 843 | { | 883 | { |
| @@ -926,7 +966,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) | |||
| 926 | if (i <= 0) break; | 966 | if (i <= 0) break; |
| 927 | } | 967 | } |
| 928 | } | 968 | } |
| 929 | if (FD_ISSET(s,&readfds)) | 969 | if (read_from_sslcon) |
| 930 | { | 970 | { |
| 931 | if (!SSL_is_init_finished(con)) | 971 | if (!SSL_is_init_finished(con)) |
| 932 | { | 972 | { |
| @@ -1059,12 +1099,12 @@ static int init_ssl_connection(SSL *con) | |||
| 1059 | } | 1099 | } |
| 1060 | 1100 | ||
| 1061 | #ifndef NO_DH | 1101 | #ifndef NO_DH |
| 1062 | static DH *load_dh_param(void) | 1102 | static DH *load_dh_param(char *dhfile) |
| 1063 | { | 1103 | { |
| 1064 | DH *ret=NULL; | 1104 | DH *ret=NULL; |
| 1065 | BIO *bio; | 1105 | BIO *bio; |
| 1066 | 1106 | ||
| 1067 | if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL) | 1107 | if ((bio=BIO_new_file(dhfile,"r")) == NULL) |
| 1068 | goto err; | 1108 | goto err; |
| 1069 | ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); | 1109 | ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); |
| 1070 | err: | 1110 | err: |
| @@ -1126,7 +1166,7 @@ static int www_body(char *hostname, int s, unsigned char *context) | |||
| 1126 | /* lets make the output buffer a reasonable size */ | 1166 | /* lets make the output buffer a reasonable size */ |
| 1127 | if (!BIO_set_write_buffer_size(io,bufsize)) goto err; | 1167 | if (!BIO_set_write_buffer_size(io,bufsize)) goto err; |
| 1128 | 1168 | ||
| 1129 | if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err; | 1169 | if ((con=SSL_new(ctx)) == NULL) goto err; |
| 1130 | if(context) SSL_set_session_id_context(con, context, | 1170 | if(context) SSL_set_session_id_context(con, context, |
| 1131 | strlen((char *)context)); | 1171 | strlen((char *)context)); |
| 1132 | 1172 | ||
| @@ -1424,7 +1464,7 @@ end: | |||
| 1424 | /* make sure we re-use sessions */ | 1464 | /* make sure we re-use sessions */ |
| 1425 | SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); | 1465 | SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); |
| 1426 | #else | 1466 | #else |
| 1427 | /* This kills performace */ | 1467 | /* This kills performance */ |
| 1428 | /* SSL_shutdown(con); A shutdown gets sent in the | 1468 | /* SSL_shutdown(con); A shutdown gets sent in the |
| 1429 | * BIO_free_all(io) procession */ | 1469 | * BIO_free_all(io) procession */ |
| 1430 | #endif | 1470 | #endif |