summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/apps/s_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/apps/s_server.c')
-rw-r--r--src/lib/libssl/src/apps/s_server.c270
1 files changed, 204 insertions, 66 deletions
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index a107b8c14a..78d90fad55 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <assert.h> 112#include <assert.h>
60#include <stdio.h> 113#include <stdio.h>
@@ -62,7 +115,8 @@
62#include <string.h> 115#include <string.h>
63#include <sys/types.h> 116#include <sys/types.h>
64#include <sys/stat.h> 117#include <sys/stat.h>
65#ifdef NO_STDIO 118#include <openssl/e_os2.h>
119#ifdef OPENSSL_NO_STDIO
66#define APPS_WIN16 120#define APPS_WIN16
67#endif 121#endif
68 122
@@ -70,7 +124,7 @@
70 recursive header file inclusion, resulting in the compiler complaining 124 recursive header file inclusion, resulting in the compiler complaining
71 that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which 125 that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
72 is needed to have fileno() declared correctly... So let's define u_int */ 126 is needed to have fileno() declared correctly... So let's define u_int */
73#if defined(VMS) && defined(__DECC) && !defined(__U_INT) 127#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
74#define __U_INT 128#define __U_INT
75typedef unsigned int u_int; 129typedef unsigned int u_int;
76#endif 130#endif
@@ -84,19 +138,18 @@ typedef unsigned int u_int;
84#include <openssl/x509.h> 138#include <openssl/x509.h>
85#include <openssl/ssl.h> 139#include <openssl/ssl.h>
86#include <openssl/rand.h> 140#include <openssl/rand.h>
87#include <openssl/engine.h>
88#include "s_apps.h" 141#include "s_apps.h"
89 142
90#ifdef WINDOWS 143#ifdef OPENSSL_SYS_WINDOWS
91#include <conio.h> 144#include <conio.h>
92#endif 145#endif
93 146
94#if (defined(VMS) && __VMS_VER < 70000000) 147#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
95/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ 148/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
96#undef FIONBIO 149#undef FIONBIO
97#endif 150#endif
98 151
99#ifndef NO_RSA 152#ifndef OPENSSL_NO_RSA
100static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); 153static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
101#endif 154#endif
102static int sv_body(char *hostname, int s, unsigned char *context); 155static int sv_body(char *hostname, int s, unsigned char *context);
@@ -105,7 +158,9 @@ static void close_accept_socket(void );
105static void sv_usage(void); 158static void sv_usage(void);
106static int init_ssl_connection(SSL *s); 159static int init_ssl_connection(SSL *s);
107static void print_stats(BIO *bp,SSL_CTX *ctx); 160static void print_stats(BIO *bp,SSL_CTX *ctx);
108#ifndef NO_DH 161static int generate_session_id(const SSL *ssl, unsigned char *id,
162 unsigned int *id_len);
163#ifndef OPENSSL_NO_DH
109static DH *load_dh_param(char *dhfile); 164static DH *load_dh_param(char *dhfile);
110static DH *get_dh512(void); 165static DH *get_dh512(void);
111#endif 166#endif
@@ -121,7 +176,7 @@ static void s_server_init(void);
121# endif 176# endif
122#endif 177#endif
123 178
124#ifndef NO_DH 179#ifndef OPENSSL_NO_DH
125static unsigned char dh512_p[]={ 180static unsigned char dh512_p[]={
126 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 181 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
127 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 182 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
@@ -175,10 +230,12 @@ static int www=0;
175 230
176static BIO *bio_s_out=NULL; 231static BIO *bio_s_out=NULL;
177static int s_debug=0; 232static int s_debug=0;
233static int s_msg=0;
178static int s_quiet=0; 234static int s_quiet=0;
179 235
180static int hack=0; 236static int hack=0;
181static char *engine_id=NULL; 237static char *engine_id=NULL;
238static const char *session_id_prefix=NULL;
182 239
183#ifdef MONOLITH 240#ifdef MONOLITH
184static void s_server_init(void) 241static void s_server_init(void)
@@ -199,6 +256,7 @@ static void s_server_init(void)
199 256
200 bio_s_out=NULL; 257 bio_s_out=NULL;
201 s_debug=0; 258 s_debug=0;
259 s_msg=0;
202 s_quiet=0; 260 s_quiet=0;
203 hack=0; 261 hack=0;
204 engine_id=NULL; 262 engine_id=NULL;
@@ -227,11 +285,13 @@ static void sv_usage(void)
227 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); 285 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
228 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); 286 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
229 BIO_printf(bio_err," -debug - Print more output\n"); 287 BIO_printf(bio_err," -debug - Print more output\n");
288 BIO_printf(bio_err," -msg - Show protocol messages\n");
230 BIO_printf(bio_err," -state - Print the SSL states\n"); 289 BIO_printf(bio_err," -state - Print the SSL states\n");
231 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); 290 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
232 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); 291 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
233 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); 292 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
234 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); 293 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
294 BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
235 BIO_printf(bio_err," -quiet - No server output\n"); 295 BIO_printf(bio_err," -quiet - No server output\n");
236 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); 296 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
237 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); 297 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
@@ -240,14 +300,17 @@ static void sv_usage(void)
240 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); 300 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
241 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); 301 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
242 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); 302 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
243#ifndef NO_DH 303#ifndef OPENSSL_NO_DH
244 BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); 304 BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
245#endif 305#endif
246 BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); 306 BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
247 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); 307 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
248 BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 308 BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
249 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 309 BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
310 BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
250 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); 311 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
312 BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
313 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
251 } 314 }
252 315
253static int local_argc=0; 316static int local_argc=0;
@@ -407,6 +470,8 @@ int MAIN(int, char **);
407 470
408int MAIN(int argc, char *argv[]) 471int MAIN(int argc, char *argv[])
409 { 472 {
473 X509_STORE *store = NULL;
474 int vflags = 0;
410 short port=PORT; 475 short port=PORT;
411 char *CApath=NULL,*CAfile=NULL; 476 char *CApath=NULL,*CAfile=NULL;
412 char *context = NULL; 477 char *context = NULL;
@@ -417,18 +482,14 @@ int MAIN(int argc, char *argv[])
417 int no_tmp_rsa=0,no_dhe=0,nocert=0; 482 int no_tmp_rsa=0,no_dhe=0,nocert=0;
418 int state=0; 483 int state=0;
419 SSL_METHOD *meth=NULL; 484 SSL_METHOD *meth=NULL;
420 char *inrand=NULL;
421 char *engine_id=NULL;
422 ENGINE *e=NULL; 485 ENGINE *e=NULL;
423#ifndef NO_DH 486 char *inrand=NULL;
424 DH *dh=NULL;
425#endif
426 487
427#if !defined(NO_SSL2) && !defined(NO_SSL3) 488#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
428 meth=SSLv23_server_method(); 489 meth=SSLv23_server_method();
429#elif !defined(NO_SSL3) 490#elif !defined(OPENSSL_NO_SSL3)
430 meth=SSLv3_server_method(); 491 meth=SSLv3_server_method();
431#elif !defined(NO_SSL2) 492#elif !defined(OPENSSL_NO_SSL2)
432 meth=SSLv2_server_method(); 493 meth=SSLv2_server_method();
433#endif 494#endif
434 495
@@ -443,6 +504,9 @@ int MAIN(int argc, char *argv[])
443 if (bio_err == NULL) 504 if (bio_err == NULL)
444 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 505 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
445 506
507 if (!load_config(bio_err, NULL))
508 goto end;
509
446 verify_depth=0; 510 verify_depth=0;
447#ifdef FIONBIO 511#ifdef FIONBIO
448 s_nbio=0; 512 s_nbio=0;
@@ -515,6 +579,16 @@ int MAIN(int argc, char *argv[])
515 if (--argc < 1) goto bad; 579 if (--argc < 1) goto bad;
516 CApath= *(++argv); 580 CApath= *(++argv);
517 } 581 }
582 else if (strcmp(*argv,"-crl_check") == 0)
583 {
584 vflags |= X509_V_FLAG_CRL_CHECK;
585 }
586 else if (strcmp(*argv,"-crl_check") == 0)
587 {
588 vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
589 }
590 else if (strcmp(*argv,"-serverpref") == 0)
591 { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
518 else if (strcmp(*argv,"-cipher") == 0) 592 else if (strcmp(*argv,"-cipher") == 0)
519 { 593 {
520 if (--argc < 1) goto bad; 594 if (--argc < 1) goto bad;
@@ -538,6 +612,8 @@ int MAIN(int argc, char *argv[])
538 } 612 }
539 else if (strcmp(*argv,"-debug") == 0) 613 else if (strcmp(*argv,"-debug") == 0)
540 { s_debug=1; } 614 { s_debug=1; }
615 else if (strcmp(*argv,"-msg") == 0)
616 { s_msg=1; }
541 else if (strcmp(*argv,"-hack") == 0) 617 else if (strcmp(*argv,"-hack") == 0)
542 { hack=1; } 618 { hack=1; }
543 else if (strcmp(*argv,"-state") == 0) 619 else if (strcmp(*argv,"-state") == 0)
@@ -556,34 +632,41 @@ int MAIN(int argc, char *argv[])
556 { www=1; } 632 { www=1; }
557 else if (strcmp(*argv,"-WWW") == 0) 633 else if (strcmp(*argv,"-WWW") == 0)
558 { www=2; } 634 { www=2; }
635 else if (strcmp(*argv,"-HTTP") == 0)
636 { www=3; }
559 else if (strcmp(*argv,"-no_ssl2") == 0) 637 else if (strcmp(*argv,"-no_ssl2") == 0)
560 { off|=SSL_OP_NO_SSLv2; } 638 { off|=SSL_OP_NO_SSLv2; }
561 else if (strcmp(*argv,"-no_ssl3") == 0) 639 else if (strcmp(*argv,"-no_ssl3") == 0)
562 { off|=SSL_OP_NO_SSLv3; } 640 { off|=SSL_OP_NO_SSLv3; }
563 else if (strcmp(*argv,"-no_tls1") == 0) 641 else if (strcmp(*argv,"-no_tls1") == 0)
564 { off|=SSL_OP_NO_TLSv1; } 642 { off|=SSL_OP_NO_TLSv1; }
565#ifndef NO_SSL2 643#ifndef OPENSSL_NO_SSL2
566 else if (strcmp(*argv,"-ssl2") == 0) 644 else if (strcmp(*argv,"-ssl2") == 0)
567 { meth=SSLv2_server_method(); } 645 { meth=SSLv2_server_method(); }
568#endif 646#endif
569#ifndef NO_SSL3 647#ifndef OPENSSL_NO_SSL3
570 else if (strcmp(*argv,"-ssl3") == 0) 648 else if (strcmp(*argv,"-ssl3") == 0)
571 { meth=SSLv3_server_method(); } 649 { meth=SSLv3_server_method(); }
572#endif 650#endif
573#ifndef NO_TLS1 651#ifndef OPENSSL_NO_TLS1
574 else if (strcmp(*argv,"-tls1") == 0) 652 else if (strcmp(*argv,"-tls1") == 0)
575 { meth=TLSv1_server_method(); } 653 { meth=TLSv1_server_method(); }
576#endif 654#endif
577 else if (strcmp(*argv,"-rand") == 0) 655 else if (strcmp(*argv, "-id_prefix") == 0)
578 { 656 {
579 if (--argc < 1) goto bad; 657 if (--argc < 1) goto bad;
580 inrand= *(++argv); 658 session_id_prefix = *(++argv);
581 } 659 }
582 else if (strcmp(*argv,"-engine") == 0) 660 else if (strcmp(*argv,"-engine") == 0)
583 { 661 {
584 if (--argc < 1) goto bad; 662 if (--argc < 1) goto bad;
585 engine_id= *(++argv); 663 engine_id= *(++argv);
586 } 664 }
665 else if (strcmp(*argv,"-rand") == 0)
666 {
667 if (--argc < 1) goto bad;
668 inrand= *(++argv);
669 }
587 else 670 else
588 { 671 {
589 BIO_printf(bio_err,"unknown option %s\n",*argv); 672 BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -611,7 +694,7 @@ bad:
611 694
612 if (bio_s_out == NULL) 695 if (bio_s_out == NULL)
613 { 696 {
614 if (s_quiet && !s_debug) 697 if (s_quiet && !s_debug && !s_msg)
615 { 698 {
616 bio_s_out=BIO_new(BIO_s_null()); 699 bio_s_out=BIO_new(BIO_s_null());
617 } 700 }
@@ -622,7 +705,7 @@ bad:
622 } 705 }
623 } 706 }
624 707
625#if !defined(NO_RSA) || !defined(NO_DSA) 708#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
626 if (nocert) 709 if (nocert)
627#endif 710#endif
628 { 711 {
@@ -635,28 +718,7 @@ bad:
635 SSL_load_error_strings(); 718 SSL_load_error_strings();
636 OpenSSL_add_ssl_algorithms(); 719 OpenSSL_add_ssl_algorithms();
637 720
638 if (engine_id != NULL) 721 e = setup_engine(bio_err, engine_id, 1);
639 {
640 if((e = ENGINE_by_id(engine_id)) == NULL)
641 {
642 BIO_printf(bio_err,"invalid engine\n");
643 ERR_print_errors(bio_err);
644 goto end;
645 }
646 if (s_debug)
647 {
648 ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
649 0, bio_err, 0);
650 }
651 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
652 {
653 BIO_printf(bio_err,"can't use that engine\n");
654 ERR_print_errors(bio_err);
655 goto end;
656 }
657 BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
658 ENGINE_free(e);
659 }
660 722
661 ctx=SSL_CTX_new(meth); 723 ctx=SSL_CTX_new(meth);
662 if (ctx == NULL) 724 if (ctx == NULL)
@@ -664,12 +726,26 @@ bad:
664 ERR_print_errors(bio_err); 726 ERR_print_errors(bio_err);
665 goto end; 727 goto end;
666 } 728 }
667 729 if (session_id_prefix)
730 {
731 if(strlen(session_id_prefix) >= 32)
732 BIO_printf(bio_err,
733"warning: id_prefix is too long, only one new session will be possible\n");
734 else if(strlen(session_id_prefix) >= 16)
735 BIO_printf(bio_err,
736"warning: id_prefix is too long if you use SSLv2\n");
737 if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
738 {
739 BIO_printf(bio_err,"error setting 'id_prefix'\n");
740 ERR_print_errors(bio_err);
741 goto end;
742 }
743 BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
744 }
668 SSL_CTX_set_quiet_shutdown(ctx,1); 745 SSL_CTX_set_quiet_shutdown(ctx,1);
669 if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); 746 if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
670 if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); 747 if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
671 SSL_CTX_set_options(ctx,off); 748 SSL_CTX_set_options(ctx,off);
672 if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
673 749
674 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); 750 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
675 751
@@ -694,11 +770,19 @@ bad:
694 ERR_print_errors(bio_err); 770 ERR_print_errors(bio_err);
695 /* goto end; */ 771 /* goto end; */
696 } 772 }
773 store = SSL_CTX_get_cert_store(ctx);
774 X509_STORE_set_flags(store, vflags);
697 775
698#ifndef NO_DH 776#ifndef OPENSSL_NO_DH
699 if (!no_dhe) 777 if (!no_dhe)
700 { 778 {
701 dh=load_dh_param(dhfile ? dhfile : s_cert_file); 779 DH *dh=NULL;
780
781 if (dhfile)
782 dh = load_dh_param(dhfile);
783 else if (s_cert_file)
784 dh = load_dh_param(s_cert_file);
785
702 if (dh != NULL) 786 if (dh != NULL)
703 { 787 {
704 BIO_printf(bio_s_out,"Setting temp DH parameters\n"); 788 BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -723,7 +807,7 @@ bad:
723 goto end; 807 goto end;
724 } 808 }
725 809
726#ifndef NO_RSA 810#ifndef OPENSSL_NO_RSA
727#if 1 811#if 1
728 if (!no_tmp_rsa) 812 if (!no_tmp_rsa)
729 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); 813 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
@@ -775,6 +859,7 @@ end:
775 BIO_free(bio_s_out); 859 BIO_free(bio_s_out);
776 bio_s_out=NULL; 860 bio_s_out=NULL;
777 } 861 }
862 apps_shutdown();
778 EXIT(ret); 863 EXIT(ret);
779 } 864 }
780 865
@@ -812,7 +897,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
812 unsigned long l; 897 unsigned long l;
813 SSL *con=NULL; 898 SSL *con=NULL;
814 BIO *sbio; 899 BIO *sbio;
815#ifdef WINDOWS 900#ifdef OPENSSL_SYS_WINDOWS
816 struct timeval tv; 901 struct timeval tv;
817#endif 902#endif
818 903
@@ -835,6 +920,15 @@ static int sv_body(char *hostname, int s, unsigned char *context)
835 920
836 if (con == NULL) { 921 if (con == NULL) {
837 con=SSL_new(ctx); 922 con=SSL_new(ctx);
923#ifndef OPENSSL_NO_KRB5
924 if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
925 {
926 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
927 KRB5SVC);
928 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
929 KRB5KEYTAB);
930 }
931#endif /* OPENSSL_NO_KRB5 */
838 if(context) 932 if(context)
839 SSL_set_session_id_context(con, context, 933 SSL_set_session_id_context(con, context,
840 strlen((char *)context)); 934 strlen((char *)context));
@@ -859,6 +953,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
859 BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); 953 BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
860 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); 954 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
861 } 955 }
956 if (s_msg)
957 {
958 SSL_set_msg_callback(con, msg_cb);
959 SSL_set_msg_callback_arg(con, bio_s_out);
960 }
862 961
863 width=s+1; 962 width=s+1;
864 for (;;) 963 for (;;)
@@ -872,7 +971,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
872 if (!read_from_sslcon) 971 if (!read_from_sslcon)
873 { 972 {
874 FD_ZERO(&readfds); 973 FD_ZERO(&readfds);
875#ifndef WINDOWS 974#ifndef OPENSSL_SYS_WINDOWS
876 FD_SET(fileno(stdin),&readfds); 975 FD_SET(fileno(stdin),&readfds);
877#endif 976#endif
878 FD_SET(s,&readfds); 977 FD_SET(s,&readfds);
@@ -882,7 +981,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
882 * the compiler: if you do have a cast then you can either 981 * the compiler: if you do have a cast then you can either
883 * go for (int *) or (void *). 982 * go for (int *) or (void *).
884 */ 983 */
885#ifdef WINDOWS 984#ifdef OPENSSL_SYS_WINDOWS
886 /* Under Windows we can't select on stdin: only 985 /* Under Windows we can't select on stdin: only
887 * on sockets. As a workaround we timeout the select every 986 * on sockets. As a workaround we timeout the select every
888 * second and check for any keypress. In a proper Windows 987 * second and check for any keypress. In a proper Windows
@@ -1148,7 +1247,7 @@ static int init_ssl_connection(SSL *con)
1148 return(1); 1247 return(1);
1149 } 1248 }
1150 1249
1151#ifndef NO_DH 1250#ifndef OPENSSL_NO_DH
1152static DH *load_dh_param(char *dhfile) 1251static DH *load_dh_param(char *dhfile)
1153 { 1252 {
1154 DH *ret=NULL; 1253 DH *ret=NULL;
@@ -1217,6 +1316,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
1217 if (!BIO_set_write_buffer_size(io,bufsize)) goto err; 1316 if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
1218 1317
1219 if ((con=SSL_new(ctx)) == NULL) goto err; 1318 if ((con=SSL_new(ctx)) == NULL) goto err;
1319#ifndef OPENSSL_NO_KRB5
1320 if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
1321 {
1322 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
1323 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
1324 }
1325#endif /* OPENSSL_NO_KRB5 */
1220 if(context) SSL_set_session_id_context(con, context, 1326 if(context) SSL_set_session_id_context(con, context,
1221 strlen((char *)context)); 1327 strlen((char *)context));
1222 1328
@@ -1244,6 +1350,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
1244 BIO_set_callback(SSL_get_rbio(con),bio_dump_cb); 1350 BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
1245 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); 1351 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
1246 } 1352 }
1353 if (s_msg)
1354 {
1355 SSL_set_msg_callback(con, msg_cb);
1356 SSL_set_msg_callback_arg(con, bio_s_out);
1357 }
1247 1358
1248 blank=0; 1359 blank=0;
1249 for (;;) 1360 for (;;)
@@ -1284,7 +1395,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
1284 else 1395 else
1285 { 1396 {
1286 BIO_printf(bio_s_out,"read R BLOCK\n"); 1397 BIO_printf(bio_s_out,"read R BLOCK\n");
1287#ifndef MSDOS 1398#ifndef OPENSSL_SYS_MSDOS
1288 sleep(1); 1399 sleep(1);
1289#endif 1400#endif
1290 continue; 1401 continue;
@@ -1378,7 +1489,8 @@ static int www_body(char *hostname, int s, unsigned char *context)
1378 BIO_puts(io,"</BODY></HTML>\r\n\r\n"); 1489 BIO_puts(io,"</BODY></HTML>\r\n\r\n");
1379 break; 1490 break;
1380 } 1491 }
1381 else if ((www == 2) && (strncmp("GET /",buf,5) == 0)) 1492 else if ((www == 2 || www == 3)
1493 && (strncmp("GET /",buf,5) == 0))
1382 { 1494 {
1383 BIO *file; 1495 BIO *file;
1384 char *p,*e; 1496 char *p,*e;
@@ -1468,13 +1580,16 @@ static int www_body(char *hostname, int s, unsigned char *context)
1468 if (!s_quiet) 1580 if (!s_quiet)
1469 BIO_printf(bio_err,"FILE:%s\n",p); 1581 BIO_printf(bio_err,"FILE:%s\n",p);
1470 1582
1471 i=strlen(p); 1583 if (www == 2)
1472 if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || 1584 {
1473 ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || 1585 i=strlen(p);
1474 ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) 1586 if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
1475 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 1587 ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
1476 else 1588 ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
1477 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); 1589 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
1590 else
1591 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
1592 }
1478 /* send the file */ 1593 /* send the file */
1479 total_bytes=0; 1594 total_bytes=0;
1480 for (;;) 1595 for (;;)
@@ -1552,7 +1667,7 @@ err:
1552 return(ret); 1667 return(ret);
1553 } 1668 }
1554 1669
1555#ifndef NO_RSA 1670#ifndef OPENSSL_NO_RSA
1556static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) 1671static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
1557 { 1672 {
1558 static RSA *rsa_tmp=NULL; 1673 static RSA *rsa_tmp=NULL;
@@ -1574,3 +1689,26 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
1574 return(rsa_tmp); 1689 return(rsa_tmp);
1575 } 1690 }
1576#endif 1691#endif
1692
1693#define MAX_SESSION_ID_ATTEMPTS 10
1694static int generate_session_id(const SSL *ssl, unsigned char *id,
1695 unsigned int *id_len)
1696 {
1697 unsigned int count = 0;
1698 do {
1699 RAND_pseudo_bytes(id, *id_len);
1700 /* Prefix the session_id with the required prefix. NB: If our
1701 * prefix is too long, clip it - but there will be worse effects
1702 * anyway, eg. the server could only possibly create 1 session
1703 * ID (ie. the prefix!) so all future session negotiations will
1704 * fail due to conflicts. */
1705 memcpy(id, session_id_prefix,
1706 (strlen(session_id_prefix) < *id_len) ?
1707 strlen(session_id_prefix) : *id_len);
1708 }
1709 while(SSL_has_matching_session_id(ssl, id, *id_len) &&
1710 (++count < MAX_SESSION_ID_ATTEMPTS));
1711 if(count >= MAX_SESSION_ID_ATTEMPTS)
1712 return 0;
1713 return 1;
1714 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 13:13:41 +0000