1 files changed, 0 insertions, 332 deletions
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c
deleted file mode 100644
index c8e4cb7fc3..0000000000
--- a/src/regress/lib/libssl/interop/server.c
+++ /dev/null
@@ -1,332 +0,0 @@
-/*      $OpenBSD: server.c,v 1.11 2022/07/07 13:12:57 tb Exp $  */
-/*
- * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <err.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include "util.h"
-void __dead usage(void);
-void __dead
-usage(void)
-{
-        fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
-            "[-l ciphers] [-p dhparam] [-V version] [host port]\n");
-        exit(2);
-}
-int
-main(int argc, char *argv[])
-{
-        const SSL_METHOD *method;
-        SSL_CTX *ctx;
-        SSL *ssl;
-        BIO *abio, *cbio;
-        SSL_SESSION *session;
-        int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
-        int version = 0;
-        char buf[256], *dhparam = NULL;
-        char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
-        char *host_port, *host = "127.0.0.1", *port = "0";
-        while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
-                switch (ch) {
-                case 'C':
-                        ca = optarg;
-                        break;
-                case 'c':
-                        crt = optarg;
-                        break;
-                case 'k':
-                        key = optarg;
-                        break;
-                case 'L':
-                        listciphers = 1;
-                        break;
-                case 'l':
-                        ciphers = optarg;
-                        break;
-                case 'p':
-                        dhparam = optarg;
-                        break;
-                case 's':
-                        /* multiple reueses are possible */
-                        sessionreuse++;
-                        break;
-                case 'V':
-                        if (strcmp(optarg, "TLS1") == 0) {
-                                version = TLS1_VERSION;
-                        } else if (strcmp(optarg, "TLS1_1") == 0) {
-                                version = TLS1_1_VERSION;
-                        } else if (strcmp(optarg, "TLS1_2") == 0) {
-                                version = TLS1_2_VERSION;
-#ifdef TLS1_3_VERSION
-                        } else if (strcmp(optarg, "TLS1_3") == 0) {
-                                version = TLS1_3_VERSION;
-#endif
-                        } else {
-                                errx(1, "unknown protocol version: %s", optarg);
-                        }
-                        break;
-                case 'v':
-                        /* use twice to force client cert */
-                        verify++;
-                        break;
-                default:
-                        usage();
-                }
-        }
-        argc -= optind;
-        argv += optind;
-        if (argc == 2) {
-                host = argv[0];
-                port = argv[1];
-        } else if (argc != 0 && !listciphers) {
-                usage();
-        }
-        if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
-            host, port) == -1)
-                err(1, "asprintf host port");
-        if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
-                errx(1, "certificate and private key must be used together");
-        if (crt == NULL && asprintf(&crt, "%s.crt", host) == -1)
-                err(1, "asprintf crt");
-        if (key == NULL && asprintf(&key, "%s.key", host) == -1)
-                err(1, "asprintf key");
-        SSL_library_init();
-        SSL_load_error_strings();
-        print_version();
-        /* setup method and context */
-#if OPENSSL_VERSION_NUMBER >= 0x1010000f
-        method = TLS_server_method();
-        if (method == NULL)
-                err_ssl(1, "TLS_server_method");
-#else
-        switch (version) {
-        case TLS1_VERSION:
-                method = TLSv1_server_method();
-                break;
-        case TLS1_1_VERSION:
-                method = TLSv1_1_server_method();
-                break;
-        case TLS1_2_VERSION:
-                method = TLSv1_2_server_method();
-                break;
-#ifdef TLS1_3_VERSION
-        case TLS1_3_VERSION:
-                err(1, "TLS1_3 not supported");
-#endif
-        default:
-                method = SSLv23_server_method();
-                break;
-        }
-        if (method == NULL)
-                err_ssl(1, "SSLv23_server_method");
-#endif
-        ctx = SSL_CTX_new(method);
-        if (ctx == NULL)
-                err_ssl(1, "SSL_CTX_new");
-#if OPENSSL_VERSION_NUMBER >= 0x1010000f
-        if (version) {
-                if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
-                        err_ssl(1, "SSL_CTX_set_min_proto_version");
-                if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
-                        err_ssl(1, "SSL_CTX_set_max_proto_version");
-        }
-#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
-        /* needed to use DHE cipher with libressl */
-        if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)
-                err_ssl(1, "SSL_CTX_set_dh_auto");
-#endif
-        /* needed to use ADH, EDH, DHE cipher with openssl */
-        if (dhparam != NULL) {
-                DH *dh;
-                FILE *file;
-                file = fopen(dhparam, "r");
-                if (file == NULL)
-                        err(1, "fopen %s", dhparam);
-                dh = PEM_read_DHparams(file, NULL, NULL, NULL);
-                if (dh == NULL)
-                        err_ssl(1, "PEM_read_DHparams");
-                if (SSL_CTX_set_tmp_dh(ctx, dh) <= 0)
-                        err_ssl(1, "SSL_CTX_set_tmp_dh");
-                fclose(file);
-        }
-        /* needed when linking with OpenSSL 1.0.2p */
-        if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0)
-                err_ssl(1, "SSL_CTX_set_ecdh_auto");
-        /* load server certificate */
-        if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
-                err_ssl(1, "SSL_CTX_use_certificate_file");
-        if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
-                err_ssl(1, "SSL_CTX_use_PrivateKey_file");
-        if (SSL_CTX_check_private_key(ctx) <= 0)
-                err_ssl(1, "SSL_CTX_check_private_key");
-        /* request client certificate and verify it */
-        if (ca != NULL) {
-                STACK_OF(X509_NAME) *x509stack;
-                x509stack = SSL_load_client_CA_file(ca);
-                if (x509stack == NULL)
-                        err_ssl(1, "SSL_load_client_CA_file");
-                SSL_CTX_set_client_CA_list(ctx, x509stack);
-                if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
-                        err_ssl(1, "SSL_CTX_load_verify_locations");
-        }
-        SSL_CTX_set_verify(ctx,
-            verify == 0 ?  SSL_VERIFY_NONE :
-            verify == 1 ?  SSL_VERIFY_PEER :
-            SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-            verify_callback);
-        if (sessionreuse) {
-                uint32_t context;
-                SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
-                context = arc4random();
-                if (SSL_CTX_set_session_id_context(ctx,
-                    (unsigned char *)&context, sizeof(context)) <= 0)
-                        err_ssl(1, "SSL_CTX_set_session_id_context");
-        }
-        if (ciphers) {
-                if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
-                        err_ssl(1, "SSL_CTX_set_cipher_list");
-        }
-        if (listciphers) {
-                STACK_OF(SSL_CIPHER) *supported_ciphers;
-#if OPENSSL_VERSION_NUMBER < 0x1010000f
-#define SSL_get1_supported_ciphers SSL_get_ciphers
-#endif
-                ssl = SSL_new(ctx);
-                if (ssl == NULL)
-                        err_ssl(1, "SSL_new");
-                supported_ciphers = SSL_get1_supported_ciphers(ssl);
-                if (supported_ciphers == NULL)
-                        err_ssl(1, "SSL_get1_supported_ciphers");
-                print_ciphers(supported_ciphers);
-#if OPENSSL_VERSION_NUMBER >= 0x1010000f
-                sk_SSL_CIPHER_free(supported_ciphers);
-#endif
-                return 0;
-        }
-        /* setup bio for socket operations */
-        abio = BIO_new_accept(host_port);
-        if (abio == NULL)
-                err_ssl(1, "BIO_new_accept");
-        /* bind, listen */
-        if (BIO_do_accept(abio) <= 0)
-                err_ssl(1, "BIO_do_accept setup");
-        printf("listen ");
-        print_sockname(abio);
-        /* fork to background and set timeout */
-        if (daemon(1, 1) == -1)
-                err(1, "daemon");
-        alarm(10);
-        do {
-                /* accept connection */
-                if (BIO_do_accept(abio) <= 0)
-                        err_ssl(1, "BIO_do_accept wait");
-                cbio = BIO_pop(abio);
-                printf("accept ");
-                print_sockname(cbio);
-                printf("accept ");
-                print_peername(cbio);
-                /* do ssl server handshake */
-                ssl = SSL_new(ctx);
-                if (ssl == NULL)
-                        err_ssl(1, "SSL_new");
-                SSL_set_bio(ssl, cbio, cbio);
-                if ((error = SSL_accept(ssl)) <= 0)
-                        err_ssl(1, "SSL_accept %d", error);
-                printf("session %d: %s\n", sessionreuse,
-                    SSL_session_reused(ssl) ? "reuse" : "new");
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                /* print session statistics */
-                session = SSL_get_session(ssl);
-                if (session == NULL)
-                        err_ssl(1, "SSL_get_session");
-                if (SSL_SESSION_print_fp(stdout, session) <= 0)
-                        err_ssl(1, "SSL_SESSION_print_fp");
-                /* write server greeting and read client hello over TLS */
-                strlcpy(buf, "greeting\n", sizeof(buf));
-                printf(">>> %s", buf);
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                if ((error = SSL_write(ssl, buf, 9)) <= 0)
-                        err_ssl(1, "SSL_write %d", error);
-                if (error != 9)
-                        errx(1, "write not 9 bytes greeting: %d", error);
-                if ((error = SSL_read(ssl, buf, 6)) <= 0)
-                        err_ssl(1, "SSL_read %d", error);
-                if (error != 6)
-                        errx(1, "read not 6 bytes hello: %d", error);
-                buf[6] = '\0';
-                printf("<<< %s", buf);
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                /* shutdown connection */
-                if ((error = SSL_shutdown(ssl)) < 0)
-                        err_ssl(1, "SSL_shutdown unidirectional %d", error);
-                if (error <= 0) {
-                        if ((error = SSL_shutdown(ssl)) <= 0)
-                                err_ssl(1, "SSL_shutdown bidirectional %d",
-                                    error);
-                }
-                SSL_free(ssl);
-        } while (sessionreuse--);
-        SSL_CTX_free(ctx);
-        printf("success\n");
-        return 0;
-}

diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c deleted file mode 100644 index c8e4cb7fc3..0000000000 --- a/src/regress/lib/libssl/interop/server.c +++ /dev/null
@@ -1,332 +0,0 @@
1	/* $OpenBSD: server.c,v 1.11 2022/07/07 13:12:57 tb Exp $ */
2	/*
3	* Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <sys/types.h>
19	#include <sys/socket.h>
20
21	#include <err.h>
22	#include <netdb.h>
23	#include <stdio.h>
24	#include <stdlib.h>
25	#include <string.h>
26	#include <unistd.h>
27
28	#include <openssl/err.h>
29	#include <openssl/ssl.h>
30
31	#include "util.h"
32
33	void __dead usage(void);
34
35	void __dead
36	usage(void)
37	{
38	fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
39	"[-l ciphers] [-p dhparam] [-V version] [host port]\n");
40	exit(2);
41	}
42
43	int
44	main(int argc, char *argv[])
45	{
46	const SSL_METHOD *method;
47	SSL_CTX *ctx;
48	SSL *ssl;
49	BIO abio, cbio;
50	SSL_SESSION *session;
51	int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
52	int version = 0;
53	char buf[256], *dhparam = NULL;
54	char ca = NULL, crt = NULL, key = NULL, ciphers = NULL;
55	char host_port, host = "127.0.0.1", *port = "0";
56
57	while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
58	switch (ch) {
59	case 'C':
60	ca = optarg;
61	break;
62	case 'c':
63	crt = optarg;
64	break;
65	case 'k':
66	key = optarg;
67	break;
68	case 'L':
69	listciphers = 1;
70	break;
71	case 'l':
72	ciphers = optarg;
73	break;
74	case 'p':
75	dhparam = optarg;
76	break;
77	case 's':
78	/* multiple reueses are possible */
79	sessionreuse++;
80	break;
81	case 'V':
82	if (strcmp(optarg, "TLS1") == 0) {
83	version = TLS1_VERSION;
84	} else if (strcmp(optarg, "TLS1_1") == 0) {
85	version = TLS1_1_VERSION;
86	} else if (strcmp(optarg, "TLS1_2") == 0) {
87	version = TLS1_2_VERSION;
88	#ifdef TLS1_3_VERSION
89	} else if (strcmp(optarg, "TLS1_3") == 0) {
90	version = TLS1_3_VERSION;
91	#endif
92	} else {
93	errx(1, "unknown protocol version: %s", optarg);
94	}
95	break;
96	case 'v':
97	/* use twice to force client cert */
98	verify++;
99	break;
100	default:
101	usage();
102	}
103	}
104	argc -= optind;
105	argv += optind;
106	if (argc == 2) {
107	host = argv[0];
108	port = argv[1];
109	} else if (argc != 0 && !listciphers) {
110	usage();
111	}
112	if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
113	host, port) == -1)
114	err(1, "asprintf host port");
115	if ((crt == NULL && key != NULL) \|\| (crt != NULL && key == NULL))
116	errx(1, "certificate and private key must be used together");
117	if (crt == NULL && asprintf(&crt, "%s.crt", host) == -1)
118	err(1, "asprintf crt");
119	if (key == NULL && asprintf(&key, "%s.key", host) == -1)
120	err(1, "asprintf key");
121
122	SSL_library_init();
123	SSL_load_error_strings();
124	print_version();
125
126	/* setup method and context */
127	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
128	method = TLS_server_method();
129	if (method == NULL)
130	err_ssl(1, "TLS_server_method");
131	#else
132	switch (version) {
133	case TLS1_VERSION:
134	method = TLSv1_server_method();
135	break;
136	case TLS1_1_VERSION:
137	method = TLSv1_1_server_method();
138	break;
139	case TLS1_2_VERSION:
140	method = TLSv1_2_server_method();
141	break;
142	#ifdef TLS1_3_VERSION
143	case TLS1_3_VERSION:
144	err(1, "TLS1_3 not supported");
145	#endif
146	default:
147	method = SSLv23_server_method();
148	break;
149	}
150	if (method == NULL)
151	err_ssl(1, "SSLv23_server_method");
152	#endif
153	ctx = SSL_CTX_new(method);
154	if (ctx == NULL)
155	err_ssl(1, "SSL_CTX_new");
156
157	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
158	if (version) {
159	if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
160	err_ssl(1, "SSL_CTX_set_min_proto_version");
161	if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
162	err_ssl(1, "SSL_CTX_set_max_proto_version");
163	}
164	#endif
165
166	#if OPENSSL_VERSION_NUMBER >= 0x10100000
167	/* needed to use DHE cipher with libressl */
168	if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)
169	err_ssl(1, "SSL_CTX_set_dh_auto");
170	#endif
171	/* needed to use ADH, EDH, DHE cipher with openssl */
172	if (dhparam != NULL) {
173	DH *dh;
174	FILE *file;
175
176	file = fopen(dhparam, "r");
177	if (file == NULL)
178	err(1, "fopen %s", dhparam);
179	dh = PEM_read_DHparams(file, NULL, NULL, NULL);
180	if (dh == NULL)
181	err_ssl(1, "PEM_read_DHparams");
182	if (SSL_CTX_set_tmp_dh(ctx, dh) <= 0)
183	err_ssl(1, "SSL_CTX_set_tmp_dh");
184	fclose(file);
185	}
186
187	/* needed when linking with OpenSSL 1.0.2p */
188	if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0)
189	err_ssl(1, "SSL_CTX_set_ecdh_auto");
190
191	/* load server certificate */
192	if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
193	err_ssl(1, "SSL_CTX_use_certificate_file");
194	if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
195	err_ssl(1, "SSL_CTX_use_PrivateKey_file");
196	if (SSL_CTX_check_private_key(ctx) <= 0)
197	err_ssl(1, "SSL_CTX_check_private_key");
198
199	/* request client certificate and verify it */
200	if (ca != NULL) {
201	STACK_OF(X509_NAME) *x509stack;
202
203	x509stack = SSL_load_client_CA_file(ca);
204	if (x509stack == NULL)
205	err_ssl(1, "SSL_load_client_CA_file");
206	SSL_CTX_set_client_CA_list(ctx, x509stack);
207	if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
208	err_ssl(1, "SSL_CTX_load_verify_locations");
209	}
210	SSL_CTX_set_verify(ctx,
211	verify == 0 ? SSL_VERIFY_NONE :
212	verify == 1 ? SSL_VERIFY_PEER :
213	SSL_VERIFY_PEER \| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
214	verify_callback);
215
216	if (sessionreuse) {
217	uint32_t context;
218
219	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
220	context = arc4random();
221	if (SSL_CTX_set_session_id_context(ctx,
222	(unsigned char *)&context, sizeof(context)) <= 0)
223	err_ssl(1, "SSL_CTX_set_session_id_context");
224	}
225
226	if (ciphers) {
227	if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
228	err_ssl(1, "SSL_CTX_set_cipher_list");
229	}
230
231	if (listciphers) {
232	STACK_OF(SSL_CIPHER) *supported_ciphers;
233
234	#if OPENSSL_VERSION_NUMBER < 0x1010000f
235	#define SSL_get1_supported_ciphers SSL_get_ciphers
236	#endif
237	ssl = SSL_new(ctx);
238	if (ssl == NULL)
239	err_ssl(1, "SSL_new");
240	supported_ciphers = SSL_get1_supported_ciphers(ssl);
241	if (supported_ciphers == NULL)
242	err_ssl(1, "SSL_get1_supported_ciphers");
243	print_ciphers(supported_ciphers);
244
245	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
246	sk_SSL_CIPHER_free(supported_ciphers);
247	#endif
248	return 0;
249	}
250
251	/* setup bio for socket operations */
252	abio = BIO_new_accept(host_port);
253	if (abio == NULL)
254	err_ssl(1, "BIO_new_accept");
255
256	/* bind, listen */
257	if (BIO_do_accept(abio) <= 0)
258	err_ssl(1, "BIO_do_accept setup");
259	printf("listen ");
260	print_sockname(abio);
261
262	/* fork to background and set timeout */
263	if (daemon(1, 1) == -1)
264	err(1, "daemon");
265	alarm(10);
266
267	do {
268	/* accept connection */
269	if (BIO_do_accept(abio) <= 0)
270	err_ssl(1, "BIO_do_accept wait");
271	cbio = BIO_pop(abio);
272	printf("accept ");
273	print_sockname(cbio);
274	printf("accept ");
275	print_peername(cbio);
276
277	/* do ssl server handshake */
278	ssl = SSL_new(ctx);
279	if (ssl == NULL)
280	err_ssl(1, "SSL_new");
281	SSL_set_bio(ssl, cbio, cbio);
282	if ((error = SSL_accept(ssl)) <= 0)
283	err_ssl(1, "SSL_accept %d", error);
284	printf("session %d: %s\n", sessionreuse,
285	SSL_session_reused(ssl) ? "reuse" : "new");
286	if (fflush(stdout) != 0)
287	err(1, "fflush stdout");
288
289
290	/* print session statistics */
291	session = SSL_get_session(ssl);
292	if (session == NULL)
293	err_ssl(1, "SSL_get_session");
294	if (SSL_SESSION_print_fp(stdout, session) <= 0)
295	err_ssl(1, "SSL_SESSION_print_fp");
296
297	/* write server greeting and read client hello over TLS */
298	strlcpy(buf, "greeting\n", sizeof(buf));
299	printf(">>> %s", buf);
300	if (fflush(stdout) != 0)
301	err(1, "fflush stdout");
302	if ((error = SSL_write(ssl, buf, 9)) <= 0)
303	err_ssl(1, "SSL_write %d", error);
304	if (error != 9)
305	errx(1, "write not 9 bytes greeting: %d", error);
306	if ((error = SSL_read(ssl, buf, 6)) <= 0)
307	err_ssl(1, "SSL_read %d", error);
308	if (error != 6)
309	errx(1, "read not 6 bytes hello: %d", error);
310	buf[6] = '\0';
311	printf("<<< %s", buf);
312	if (fflush(stdout) != 0)
313	err(1, "fflush stdout");
314
315	/* shutdown connection */
316	if ((error = SSL_shutdown(ssl)) < 0)
317	err_ssl(1, "SSL_shutdown unidirectional %d", error);
318	if (error <= 0) {
319	if ((error = SSL_shutdown(ssl)) <= 0)
320	err_ssl(1, "SSL_shutdown bidirectional %d",
321	error);
322	}
323
324	SSL_free(ssl);
325	} while (sessionreuse--);
326
327	SSL_CTX_free(ctx);
328
329	printf("success\n");
330
331	return 0;
332	}