diff options
Diffstat (limited to 'src/regress/lib/libssl/interop/server.c')
| -rw-r--r-- | src/regress/lib/libssl/interop/server.c | 62 |
1 files changed, 52 insertions, 10 deletions
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c index 3cbadda4c5..ee9c7c70a0 100644 --- a/src/regress/lib/libssl/interop/server.c +++ b/src/regress/lib/libssl/interop/server.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* $OpenBSD: server.c,v 1.6 2019/02/11 12:22:44 bluhm Exp $ */ | 1 | /* $OpenBSD: server.c,v 1.7 2019/02/21 23:06:33 bluhm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org> | 3 | * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org> |
| 4 | * | 4 | * |
| 5 | * Permission to use, copy, modify, and distribute this software for any | 5 | * Permission to use, copy, modify, and distribute this software for any |
| 6 | * purpose with or without fee is hereby granted, provided that the above | 6 | * purpose with or without fee is hereby granted, provided that the above |
| @@ -35,8 +35,8 @@ void __dead usage(void); | |||
| 35 | void __dead | 35 | void __dead |
| 36 | usage(void) | 36 | usage(void) |
| 37 | { | 37 | { |
| 38 | fprintf(stderr, | 38 | fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] " |
| 39 | "usage: server [-svv] [-C CA] [-c crt -k key] [host port]"); | 39 | "[-l cipers] [-p dhparam] [host port]\n"); |
| 40 | exit(2); | 40 | exit(2); |
| 41 | } | 41 | } |
| 42 | 42 | ||
| @@ -48,12 +48,12 @@ main(int argc, char *argv[]) | |||
| 48 | SSL *ssl; | 48 | SSL *ssl; |
| 49 | BIO *abio, *cbio; | 49 | BIO *abio, *cbio; |
| 50 | SSL_SESSION *session; | 50 | SSL_SESSION *session; |
| 51 | int ch, error, sessionreuse = 0, verify = 0; | 51 | int ch, error, listciphers = 0, sessionreuse = 0, verify = 0; |
| 52 | char buf[256]; | 52 | char buf[256], *dhparam = NULL; |
| 53 | char *ca = NULL, *crt = NULL, *key = NULL; | 53 | char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL; |
| 54 | char *host_port, *host = "127.0.0.1", *port = "0"; | 54 | char *host_port, *host = "127.0.0.1", *port = "0"; |
| 55 | 55 | ||
| 56 | while ((ch = getopt(argc, argv, "C:c:k:sv")) != -1) { | 56 | while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sv")) != -1) { |
| 57 | switch (ch) { | 57 | switch (ch) { |
| 58 | case 'C': | 58 | case 'C': |
| 59 | ca = optarg; | 59 | ca = optarg; |
| @@ -64,6 +64,15 @@ main(int argc, char *argv[]) | |||
| 64 | case 'k': | 64 | case 'k': |
| 65 | key = optarg; | 65 | key = optarg; |
| 66 | break; | 66 | break; |
| 67 | case 'L': | ||
| 68 | listciphers = 1; | ||
| 69 | break; | ||
| 70 | case 'l': | ||
| 71 | ciphers = optarg; | ||
| 72 | break; | ||
| 73 | case 'p': | ||
| 74 | dhparam = optarg; | ||
| 75 | break; | ||
| 67 | case 's': | 76 | case 's': |
| 68 | /* multiple reueses are possible */ | 77 | /* multiple reueses are possible */ |
| 69 | sessionreuse++; | 78 | sessionreuse++; |
| @@ -81,7 +90,7 @@ main(int argc, char *argv[]) | |||
| 81 | if (argc == 2) { | 90 | if (argc == 2) { |
| 82 | host = argv[0]; | 91 | host = argv[0]; |
| 83 | port = argv[1]; | 92 | port = argv[1]; |
| 84 | } else if (argc != 0) { | 93 | } else if (argc != 0 && !listciphers) { |
| 85 | usage(); | 94 | usage(); |
| 86 | } | 95 | } |
| 87 | if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s", | 96 | if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s", |
| @@ -112,6 +121,27 @@ main(int argc, char *argv[]) | |||
| 112 | if (ctx == NULL) | 121 | if (ctx == NULL) |
| 113 | err_ssl(1, "SSL_CTX_new"); | 122 | err_ssl(1, "SSL_CTX_new"); |
| 114 | 123 | ||
| 124 | #if OPENSSL_VERSION_NUMBER >= 0x10100000 | ||
| 125 | /* needed to use DHE cipher with libressl */ | ||
| 126 | if (SSL_CTX_set_dh_auto(ctx, 1) <= 0) | ||
| 127 | err_ssl(1, "SSL_CTX_set_dh_auto"); | ||
| 128 | #endif | ||
| 129 | /* needed to use ADH, EDH, DHE cipher with openssl */ | ||
| 130 | if (dhparam != NULL) { | ||
| 131 | DH *dh; | ||
| 132 | FILE *file; | ||
| 133 | |||
| 134 | file = fopen(dhparam, "r"); | ||
| 135 | if (file == NULL) | ||
| 136 | err(1, "fopen %s", dhparam); | ||
| 137 | dh = PEM_read_DHparams(file, NULL, NULL, NULL); | ||
| 138 | if (dh == NULL) | ||
| 139 | err_ssl(1, "PEM_read_DHparams"); | ||
| 140 | if (SSL_CTX_set_tmp_dh(ctx, dh) <= 0) | ||
| 141 | err_ssl(1, "SSL_CTX_set_tmp_dh"); | ||
| 142 | fclose(file); | ||
| 143 | } | ||
| 144 | |||
| 115 | /* needed when linking with OpenSSL 1.0.2p */ | 145 | /* needed when linking with OpenSSL 1.0.2p */ |
| 116 | if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) | 146 | if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0) |
| 117 | err_ssl(1, "SSL_CTX_set_ecdh_auto"); | 147 | err_ssl(1, "SSL_CTX_set_ecdh_auto"); |
| @@ -151,6 +181,19 @@ main(int argc, char *argv[]) | |||
| 151 | err_ssl(1, "SSL_CTX_set_session_id_context"); | 181 | err_ssl(1, "SSL_CTX_set_session_id_context"); |
| 152 | } | 182 | } |
| 153 | 183 | ||
| 184 | if (ciphers) { | ||
| 185 | if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0) | ||
| 186 | err_ssl(1, "SSL_CTX_set_cipher_list"); | ||
| 187 | } | ||
| 188 | |||
| 189 | if (listciphers) { | ||
| 190 | ssl = SSL_new(ctx); | ||
| 191 | if (ssl == NULL) | ||
| 192 | err_ssl(1, "SSL_new"); | ||
| 193 | print_ciphers(SSL_get_ciphers(ssl)); | ||
| 194 | return 0; | ||
| 195 | } | ||
| 196 | |||
| 154 | /* setup bio for socket operations */ | 197 | /* setup bio for socket operations */ |
| 155 | abio = BIO_new_accept(host_port); | 198 | abio = BIO_new_accept(host_port); |
| 156 | if (abio == NULL) | 199 | if (abio == NULL) |
| @@ -182,7 +225,6 @@ main(int argc, char *argv[]) | |||
| 182 | ssl = SSL_new(ctx); | 225 | ssl = SSL_new(ctx); |
| 183 | if (ssl == NULL) | 226 | if (ssl == NULL) |
| 184 | err_ssl(1, "SSL_new"); | 227 | err_ssl(1, "SSL_new"); |
| 185 | print_ciphers(SSL_get_ciphers(ssl)); | ||
| 186 | SSL_set_bio(ssl, cbio, cbio); | 228 | SSL_set_bio(ssl, cbio, cbio); |
| 187 | if ((error = SSL_accept(ssl)) <= 0) | 229 | if ((error = SSL_accept(ssl)) <= 0) |
| 188 | err_ssl(1, "SSL_accept %d", error); | 230 | err_ssl(1, "SSL_accept %d", error); |