summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/s_server.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/s_server.c560
1 files changed, 280 insertions, 280 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index adf98451ec..a7f6146c4c 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.55 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: s_server.c,v 1.56 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -294,23 +294,23 @@ static struct {
294 int tlsextstatus; 294 int tlsextstatus;
295 X509_VERIFY_PARAM *vpm; 295 X509_VERIFY_PARAM *vpm;
296 int www; 296 int www;
297} s_server_config; 297} cfg;
298 298
299static int 299static int
300s_server_opt_context(char *arg) 300s_server_opt_context(char *arg)
301{ 301{
302 s_server_config.context = (unsigned char *) arg; 302 cfg.context = (unsigned char *) arg;
303 return (0); 303 return (0);
304} 304}
305 305
306static int 306static int
307s_server_opt_keymatexportlen(char *arg) 307s_server_opt_keymatexportlen(char *arg)
308{ 308{
309 s_server_config.keymatexportlen = strtonum(arg, 1, INT_MAX, 309 cfg.keymatexportlen = strtonum(arg, 1, INT_MAX,
310 &s_server_config.errstr); 310 &cfg.errstr);
311 if (s_server_config.errstr != NULL) { 311 if (cfg.errstr != NULL) {
312 BIO_printf(bio_err, "invalid argument %s: %s\n", 312 BIO_printf(bio_err, "invalid argument %s: %s\n",
313 arg, s_server_config.errstr); 313 arg, cfg.errstr);
314 return (1); 314 return (1);
315 } 315 }
316 return (0); 316 return (0);
@@ -320,11 +320,11 @@ s_server_opt_keymatexportlen(char *arg)
320static int 320static int
321s_server_opt_mtu(char *arg) 321s_server_opt_mtu(char *arg)
322{ 322{
323 s_server_config.socket_mtu = strtonum(arg, 0, LONG_MAX, 323 cfg.socket_mtu = strtonum(arg, 0, LONG_MAX,
324 &s_server_config.errstr); 324 &cfg.errstr);
325 if (s_server_config.errstr != NULL) { 325 if (cfg.errstr != NULL) {
326 BIO_printf(bio_err, "invalid argument %s: %s\n", 326 BIO_printf(bio_err, "invalid argument %s: %s\n",
327 arg, s_server_config.errstr); 327 arg, cfg.errstr);
328 return (1); 328 return (1);
329 } 329 }
330 return (0); 330 return (0);
@@ -335,8 +335,8 @@ s_server_opt_mtu(char *arg)
335static int 335static int
336s_server_opt_protocol_version_dtls(void) 336s_server_opt_protocol_version_dtls(void)
337{ 337{
338 s_server_config.meth = DTLS_server_method(); 338 cfg.meth = DTLS_server_method();
339 s_server_config.socket_type = SOCK_DGRAM; 339 cfg.socket_type = SOCK_DGRAM;
340 return (0); 340 return (0);
341} 341}
342#endif 342#endif
@@ -345,10 +345,10 @@ s_server_opt_protocol_version_dtls(void)
345static int 345static int
346s_server_opt_protocol_version_dtls1(void) 346s_server_opt_protocol_version_dtls1(void)
347{ 347{
348 s_server_config.meth = DTLS_server_method(); 348 cfg.meth = DTLS_server_method();
349 s_server_config.min_version = DTLS1_VERSION; 349 cfg.min_version = DTLS1_VERSION;
350 s_server_config.max_version = DTLS1_VERSION; 350 cfg.max_version = DTLS1_VERSION;
351 s_server_config.socket_type = SOCK_DGRAM; 351 cfg.socket_type = SOCK_DGRAM;
352 return (0); 352 return (0);
353} 353}
354#endif 354#endif
@@ -357,10 +357,10 @@ s_server_opt_protocol_version_dtls1(void)
357static int 357static int
358s_server_opt_protocol_version_dtls1_2(void) 358s_server_opt_protocol_version_dtls1_2(void)
359{ 359{
360 s_server_config.meth = DTLS_server_method(); 360 cfg.meth = DTLS_server_method();
361 s_server_config.min_version = DTLS1_2_VERSION; 361 cfg.min_version = DTLS1_2_VERSION;
362 s_server_config.max_version = DTLS1_2_VERSION; 362 cfg.max_version = DTLS1_2_VERSION;
363 s_server_config.socket_type = SOCK_DGRAM; 363 cfg.socket_type = SOCK_DGRAM;
364 return (0); 364 return (0);
365} 365}
366#endif 366#endif
@@ -368,47 +368,47 @@ s_server_opt_protocol_version_dtls1_2(void)
368static int 368static int
369s_server_opt_protocol_version_tls1(void) 369s_server_opt_protocol_version_tls1(void)
370{ 370{
371 s_server_config.min_version = TLS1_VERSION; 371 cfg.min_version = TLS1_VERSION;
372 s_server_config.max_version = TLS1_VERSION; 372 cfg.max_version = TLS1_VERSION;
373 return (0); 373 return (0);
374} 374}
375 375
376static int 376static int
377s_server_opt_protocol_version_tls1_1(void) 377s_server_opt_protocol_version_tls1_1(void)
378{ 378{
379 s_server_config.min_version = TLS1_1_VERSION; 379 cfg.min_version = TLS1_1_VERSION;
380 s_server_config.max_version = TLS1_1_VERSION; 380 cfg.max_version = TLS1_1_VERSION;
381 return (0); 381 return (0);
382} 382}
383 383
384static int 384static int
385s_server_opt_protocol_version_tls1_2(void) 385s_server_opt_protocol_version_tls1_2(void)
386{ 386{
387 s_server_config.min_version = TLS1_2_VERSION; 387 cfg.min_version = TLS1_2_VERSION;
388 s_server_config.max_version = TLS1_2_VERSION; 388 cfg.max_version = TLS1_2_VERSION;
389 return (0); 389 return (0);
390} 390}
391 391
392static int 392static int
393s_server_opt_protocol_version_tls1_3(void) 393s_server_opt_protocol_version_tls1_3(void)
394{ 394{
395 s_server_config.min_version = TLS1_3_VERSION; 395 cfg.min_version = TLS1_3_VERSION;
396 s_server_config.max_version = TLS1_3_VERSION; 396 cfg.max_version = TLS1_3_VERSION;
397 return (0); 397 return (0);
398} 398}
399 399
400static int 400static int
401s_server_opt_nbio_test(void) 401s_server_opt_nbio_test(void)
402{ 402{
403 s_server_config.nbio = 1; 403 cfg.nbio = 1;
404 s_server_config.nbio_test = 1; 404 cfg.nbio_test = 1;
405 return (0); 405 return (0);
406} 406}
407 407
408static int 408static int
409s_server_opt_port(char *arg) 409s_server_opt_port(char *arg)
410{ 410{
411 if (!extract_port(arg, &s_server_config.port)) 411 if (!extract_port(arg, &cfg.port))
412 return (1); 412 return (1);
413 return (0); 413 return (0);
414} 414}
@@ -416,12 +416,12 @@ s_server_opt_port(char *arg)
416static int 416static int
417s_server_opt_status_timeout(char *arg) 417s_server_opt_status_timeout(char *arg)
418{ 418{
419 s_server_config.tlsextstatus = 1; 419 cfg.tlsextstatus = 1;
420 s_server_config.tlscstatp.timeout = strtonum(arg, 0, INT_MAX, 420 cfg.tlscstatp.timeout = strtonum(arg, 0, INT_MAX,
421 &s_server_config.errstr); 421 &cfg.errstr);
422 if (s_server_config.errstr != NULL) { 422 if (cfg.errstr != NULL) {
423 BIO_printf(bio_err, "invalid argument %s: %s\n", 423 BIO_printf(bio_err, "invalid argument %s: %s\n",
424 arg, s_server_config.errstr); 424 arg, cfg.errstr);
425 return (1); 425 return (1);
426 } 426 }
427 return (0); 427 return (0);
@@ -430,10 +430,10 @@ s_server_opt_status_timeout(char *arg)
430static int 430static int
431s_server_opt_status_url(char *arg) 431s_server_opt_status_url(char *arg)
432{ 432{
433 s_server_config.tlsextstatus = 1; 433 cfg.tlsextstatus = 1;
434 if (!OCSP_parse_url(arg, &s_server_config.tlscstatp.host, 434 if (!OCSP_parse_url(arg, &cfg.tlscstatp.host,
435 &s_server_config.tlscstatp.port, &s_server_config.tlscstatp.path, 435 &cfg.tlscstatp.port, &cfg.tlscstatp.path,
436 &s_server_config.tlscstatp.use_ssl)) { 436 &cfg.tlscstatp.use_ssl)) {
437 BIO_printf(bio_err, "Error parsing URL\n"); 437 BIO_printf(bio_err, "Error parsing URL\n");
438 return (1); 438 return (1);
439 } 439 }
@@ -443,20 +443,20 @@ s_server_opt_status_url(char *arg)
443static int 443static int
444s_server_opt_status_verbose(void) 444s_server_opt_status_verbose(void)
445{ 445{
446 s_server_config.tlsextstatus = 1; 446 cfg.tlsextstatus = 1;
447 s_server_config.tlscstatp.verbose = 1; 447 cfg.tlscstatp.verbose = 1;
448 return (0); 448 return (0);
449} 449}
450 450
451static int 451static int
452s_server_opt_verify(char *arg) 452s_server_opt_verify(char *arg)
453{ 453{
454 s_server_config.server_verify = SSL_VERIFY_PEER | 454 cfg.server_verify = SSL_VERIFY_PEER |
455 SSL_VERIFY_CLIENT_ONCE; 455 SSL_VERIFY_CLIENT_ONCE;
456 verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr); 456 verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
457 if (s_server_config.errstr != NULL) { 457 if (cfg.errstr != NULL) {
458 BIO_printf(bio_err, "invalid argument %s: %s\n", 458 BIO_printf(bio_err, "invalid argument %s: %s\n",
459 arg, s_server_config.errstr); 459 arg, cfg.errstr);
460 return (1); 460 return (1);
461 } 461 }
462 BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 462 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
@@ -466,12 +466,12 @@ s_server_opt_verify(char *arg)
466static int 466static int
467s_server_opt_verify_fail(char *arg) 467s_server_opt_verify_fail(char *arg)
468{ 468{
469 s_server_config.server_verify = SSL_VERIFY_PEER | 469 cfg.server_verify = SSL_VERIFY_PEER |
470 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE; 470 SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE;
471 verify_depth = strtonum(arg, 0, INT_MAX, &s_server_config.errstr); 471 verify_depth = strtonum(arg, 0, INT_MAX, &cfg.errstr);
472 if (s_server_config.errstr != NULL) { 472 if (cfg.errstr != NULL) {
473 BIO_printf(bio_err, "invalid argument %s: %s\n", 473 BIO_printf(bio_err, "invalid argument %s: %s\n",
474 arg, s_server_config.errstr); 474 arg, cfg.errstr);
475 return (1); 475 return (1);
476 } 476 }
477 BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", 477 BIO_printf(bio_err, "verify depth is %d, must return a certificate\n",
@@ -487,7 +487,7 @@ s_server_opt_verify_param(int argc, char **argv, int *argsused)
487 int badarg = 0; 487 int badarg = 0;
488 488
489 if (!args_verify(&pargs, &pargc, &badarg, bio_err, 489 if (!args_verify(&pargs, &pargc, &badarg, bio_err,
490 &s_server_config.vpm)) { 490 &cfg.vpm)) {
491 BIO_printf(bio_err, "unknown option %s\n", *argv); 491 BIO_printf(bio_err, "unknown option %s\n", *argv);
492 return (1); 492 return (1);
493 } 493 }
@@ -520,27 +520,27 @@ static const struct option s_server_options[] = {
520 .desc = "Set the advertised protocols for the ALPN extension" 520 .desc = "Set the advertised protocols for the ALPN extension"
521 " (comma-separated list)", 521 " (comma-separated list)",
522 .type = OPTION_ARG, 522 .type = OPTION_ARG,
523 .opt.arg = &s_server_config.alpn_in, 523 .opt.arg = &cfg.alpn_in,
524 }, 524 },
525 { 525 {
526 .name = "bugs", 526 .name = "bugs",
527 .desc = "Turn on SSL bug compatibility", 527 .desc = "Turn on SSL bug compatibility",
528 .type = OPTION_FLAG, 528 .type = OPTION_FLAG,
529 .opt.flag = &s_server_config.bugs, 529 .opt.flag = &cfg.bugs,
530 }, 530 },
531 { 531 {
532 .name = "CAfile", 532 .name = "CAfile",
533 .argname = "file", 533 .argname = "file",
534 .desc = "PEM format file of CA certificates", 534 .desc = "PEM format file of CA certificates",
535 .type = OPTION_ARG, 535 .type = OPTION_ARG,
536 .opt.arg = &s_server_config.CAfile, 536 .opt.arg = &cfg.CAfile,
537 }, 537 },
538 { 538 {
539 .name = "CApath", 539 .name = "CApath",
540 .argname = "directory", 540 .argname = "directory",
541 .desc = "PEM format directory of CA certificates", 541 .desc = "PEM format directory of CA certificates",
542 .type = OPTION_ARG, 542 .type = OPTION_ARG,
543 .opt.arg = &s_server_config.CApath, 543 .opt.arg = &cfg.CApath,
544 }, 544 },
545 { 545 {
546 .name = "cert", 546 .name = "cert",
@@ -548,7 +548,7 @@ static const struct option s_server_options[] = {
548 .desc = "Certificate file to use\n" 548 .desc = "Certificate file to use\n"
549 "(default is " TEST_CERT ")", 549 "(default is " TEST_CERT ")",
550 .type = OPTION_ARG, 550 .type = OPTION_ARG,
551 .opt.arg = &s_server_config.cert_file, 551 .opt.arg = &cfg.cert_file,
552 }, 552 },
553 { 553 {
554 .name = "cert2", 554 .name = "cert2",
@@ -556,20 +556,20 @@ static const struct option s_server_options[] = {
556 .desc = "Certificate file to use for servername\n" 556 .desc = "Certificate file to use for servername\n"
557 "(default is " TEST_CERT2 ")", 557 "(default is " TEST_CERT2 ")",
558 .type = OPTION_ARG, 558 .type = OPTION_ARG,
559 .opt.arg = &s_server_config.cert_file2, 559 .opt.arg = &cfg.cert_file2,
560 }, 560 },
561 { 561 {
562 .name = "certform", 562 .name = "certform",
563 .argname = "fmt", 563 .argname = "fmt",
564 .desc = "Certificate format (PEM or DER) PEM default", 564 .desc = "Certificate format (PEM or DER) PEM default",
565 .type = OPTION_ARG_FORMAT, 565 .type = OPTION_ARG_FORMAT,
566 .opt.value = &s_server_config.cert_format, 566 .opt.value = &cfg.cert_format,
567 }, 567 },
568#ifndef OPENSSL_NO_DTLS 568#ifndef OPENSSL_NO_DTLS
569 { 569 {
570 .name = "chain", 570 .name = "chain",
571 .type = OPTION_FLAG, 571 .type = OPTION_FLAG,
572 .opt.flag = &s_server_config.cert_chain, 572 .opt.flag = &cfg.cert_chain,
573 }, 573 },
574#endif 574#endif
575 { 575 {
@@ -577,7 +577,7 @@ static const struct option s_server_options[] = {
577 .argname = "list", 577 .argname = "list",
578 .desc = "List of ciphers to enable (see `openssl ciphers`)", 578 .desc = "List of ciphers to enable (see `openssl ciphers`)",
579 .type = OPTION_ARG, 579 .type = OPTION_ARG,
580 .opt.arg = &s_server_config.cipher, 580 .opt.arg = &cfg.cipher,
581 }, 581 },
582 { 582 {
583 .name = "context", 583 .name = "context",
@@ -590,55 +590,55 @@ static const struct option s_server_options[] = {
590 .name = "crlf", 590 .name = "crlf",
591 .desc = "Convert LF from terminal into CRLF", 591 .desc = "Convert LF from terminal into CRLF",
592 .type = OPTION_FLAG, 592 .type = OPTION_FLAG,
593 .opt.flag = &s_server_config.crlf, 593 .opt.flag = &cfg.crlf,
594 }, 594 },
595 { 595 {
596 .name = "dcert", 596 .name = "dcert",
597 .argname = "file", 597 .argname = "file",
598 .desc = "Second certificate file to use (usually for DSA)", 598 .desc = "Second certificate file to use (usually for DSA)",
599 .type = OPTION_ARG, 599 .type = OPTION_ARG,
600 .opt.arg = &s_server_config.dcert_file, 600 .opt.arg = &cfg.dcert_file,
601 }, 601 },
602 { 602 {
603 .name = "dcertform", 603 .name = "dcertform",
604 .argname = "fmt", 604 .argname = "fmt",
605 .desc = "Second certificate format (PEM or DER) PEM default", 605 .desc = "Second certificate format (PEM or DER) PEM default",
606 .type = OPTION_ARG_FORMAT, 606 .type = OPTION_ARG_FORMAT,
607 .opt.value = &s_server_config.dcert_format, 607 .opt.value = &cfg.dcert_format,
608 }, 608 },
609 { 609 {
610 .name = "debug", 610 .name = "debug",
611 .desc = "Print more output", 611 .desc = "Print more output",
612 .type = OPTION_FLAG, 612 .type = OPTION_FLAG,
613 .opt.flag = &s_server_config.debug, 613 .opt.flag = &cfg.debug,
614 }, 614 },
615 { 615 {
616 .name = "dhparam", 616 .name = "dhparam",
617 .argname = "file", 617 .argname = "file",
618 .desc = "DH parameter file to use, in cert file if not specified", 618 .desc = "DH parameter file to use, in cert file if not specified",
619 .type = OPTION_ARG, 619 .type = OPTION_ARG,
620 .opt.arg = &s_server_config.dhfile, 620 .opt.arg = &cfg.dhfile,
621 }, 621 },
622 { 622 {
623 .name = "dkey", 623 .name = "dkey",
624 .argname = "file", 624 .argname = "file",
625 .desc = "Second private key file to use (usually for DSA)", 625 .desc = "Second private key file to use (usually for DSA)",
626 .type = OPTION_ARG, 626 .type = OPTION_ARG,
627 .opt.arg = &s_server_config.dkey_file, 627 .opt.arg = &cfg.dkey_file,
628 }, 628 },
629 { 629 {
630 .name = "dkeyform", 630 .name = "dkeyform",
631 .argname = "fmt", 631 .argname = "fmt",
632 .desc = "Second key format (PEM or DER) PEM default", 632 .desc = "Second key format (PEM or DER) PEM default",
633 .type = OPTION_ARG_FORMAT, 633 .type = OPTION_ARG_FORMAT,
634 .opt.value = &s_server_config.dkey_format, 634 .opt.value = &cfg.dkey_format,
635 }, 635 },
636 { 636 {
637 .name = "dpass", 637 .name = "dpass",
638 .argname = "arg", 638 .argname = "arg",
639 .desc = "Second private key file pass phrase source", 639 .desc = "Second private key file pass phrase source",
640 .type = OPTION_ARG, 640 .type = OPTION_ARG,
641 .opt.arg = &s_server_config.dpassarg, 641 .opt.arg = &cfg.dpassarg,
642 }, 642 },
643#ifndef OPENSSL_NO_DTLS 643#ifndef OPENSSL_NO_DTLS
644 { 644 {
@@ -669,13 +669,13 @@ static const struct option s_server_options[] = {
669 .argname = "list", 669 .argname = "list",
670 .desc = "Specify EC groups (colon-separated list)", 670 .desc = "Specify EC groups (colon-separated list)",
671 .type = OPTION_ARG, 671 .type = OPTION_ARG,
672 .opt.arg = &s_server_config.groups_in, 672 .opt.arg = &cfg.groups_in,
673 }, 673 },
674 { 674 {
675 .name = "HTTP", 675 .name = "HTTP",
676 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", 676 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>",
677 .type = OPTION_VALUE, 677 .type = OPTION_VALUE,
678 .opt.value = &s_server_config.www, 678 .opt.value = &cfg.www,
679 .value = 3, 679 .value = 3,
680 }, 680 },
681 { 681 {
@@ -683,7 +683,7 @@ static const struct option s_server_options[] = {
683 .argname = "arg", 683 .argname = "arg",
684 .desc = "Generate SSL/TLS session IDs prefixed by 'arg'", 684 .desc = "Generate SSL/TLS session IDs prefixed by 'arg'",
685 .type = OPTION_ARG, 685 .type = OPTION_ARG,
686 .opt.arg = &s_server_config.session_id_prefix, 686 .opt.arg = &cfg.session_id_prefix,
687 }, 687 },
688 { 688 {
689 .name = "key", 689 .name = "key",
@@ -691,7 +691,7 @@ static const struct option s_server_options[] = {
691 .desc = "Private Key file to use, in cert file if\n" 691 .desc = "Private Key file to use, in cert file if\n"
692 "not specified (default is " TEST_CERT ")", 692 "not specified (default is " TEST_CERT ")",
693 .type = OPTION_ARG, 693 .type = OPTION_ARG,
694 .opt.arg = &s_server_config.key_file, 694 .opt.arg = &cfg.key_file,
695 }, 695 },
696 { 696 {
697 .name = "key2", 697 .name = "key2",
@@ -699,21 +699,21 @@ static const struct option s_server_options[] = {
699 .desc = "Private Key file to use for servername, in cert file if\n" 699 .desc = "Private Key file to use for servername, in cert file if\n"
700 "not specified (default is " TEST_CERT2 ")", 700 "not specified (default is " TEST_CERT2 ")",
701 .type = OPTION_ARG, 701 .type = OPTION_ARG,
702 .opt.arg = &s_server_config.key_file2, 702 .opt.arg = &cfg.key_file2,
703 }, 703 },
704 { 704 {
705 .name = "keyform", 705 .name = "keyform",
706 .argname = "fmt", 706 .argname = "fmt",
707 .desc = "Key format (PEM or DER) PEM default", 707 .desc = "Key format (PEM or DER) PEM default",
708 .type = OPTION_ARG_FORMAT, 708 .type = OPTION_ARG_FORMAT,
709 .opt.value = &s_server_config.key_format, 709 .opt.value = &cfg.key_format,
710 }, 710 },
711 { 711 {
712 .name = "keymatexport", 712 .name = "keymatexport",
713 .argname = "label", 713 .argname = "label",
714 .desc = "Export keying material using label", 714 .desc = "Export keying material using label",
715 .type = OPTION_ARG, 715 .type = OPTION_ARG,
716 .opt.arg = &s_server_config.keymatexportlabel, 716 .opt.arg = &cfg.keymatexportlabel,
717 }, 717 },
718 { 718 {
719 .name = "keymatexportlen", 719 .name = "keymatexportlen",
@@ -730,7 +730,7 @@ static const struct option s_server_options[] = {
730 .name = "msg", 730 .name = "msg",
731 .desc = "Show protocol messages", 731 .desc = "Show protocol messages",
732 .type = OPTION_FLAG, 732 .type = OPTION_FLAG,
733 .opt.flag = &s_server_config.msg, 733 .opt.flag = &cfg.msg,
734 }, 734 },
735#ifndef OPENSSL_NO_DTLS 735#ifndef OPENSSL_NO_DTLS
736 { 736 {
@@ -746,19 +746,19 @@ static const struct option s_server_options[] = {
746 .argname = "num", 746 .argname = "num",
747 .desc = "Terminate after num connections", 747 .desc = "Terminate after num connections",
748 .type = OPTION_ARG_INT, 748 .type = OPTION_ARG_INT,
749 .opt.value = &s_server_config.naccept 749 .opt.value = &cfg.naccept
750 }, 750 },
751 { 751 {
752 .name = "named_curve", 752 .name = "named_curve",
753 .argname = "arg", 753 .argname = "arg",
754 .type = OPTION_ARG, 754 .type = OPTION_ARG,
755 .opt.arg = &s_server_config.named_curve, 755 .opt.arg = &cfg.named_curve,
756 }, 756 },
757 { 757 {
758 .name = "nbio", 758 .name = "nbio",
759 .desc = "Run with non-blocking I/O", 759 .desc = "Run with non-blocking I/O",
760 .type = OPTION_FLAG, 760 .type = OPTION_FLAG,
761 .opt.flag = &s_server_config.nbio, 761 .opt.flag = &cfg.nbio,
762 }, 762 },
763 { 763 {
764 .name = "nbio_test", 764 .name = "nbio_test",
@@ -770,78 +770,78 @@ static const struct option s_server_options[] = {
770 .name = "nextprotoneg", 770 .name = "nextprotoneg",
771 .argname = "arg", 771 .argname = "arg",
772 .type = OPTION_ARG, 772 .type = OPTION_ARG,
773 .opt.arg = &s_server_config.npn_in, /* Ignored. */ 773 .opt.arg = &cfg.npn_in, /* Ignored. */
774 }, 774 },
775 { 775 {
776 .name = "no_cache", 776 .name = "no_cache",
777 .desc = "Disable session cache", 777 .desc = "Disable session cache",
778 .type = OPTION_FLAG, 778 .type = OPTION_FLAG,
779 .opt.flag = &s_server_config.no_cache, 779 .opt.flag = &cfg.no_cache,
780 }, 780 },
781 { 781 {
782 .name = "no_comp", 782 .name = "no_comp",
783 .desc = "Disable SSL/TLS compression", 783 .desc = "Disable SSL/TLS compression",
784 .type = OPTION_VALUE_OR, 784 .type = OPTION_VALUE_OR,
785 .opt.value = &s_server_config.off, 785 .opt.value = &cfg.off,
786 .value = SSL_OP_NO_COMPRESSION, 786 .value = SSL_OP_NO_COMPRESSION,
787 }, 787 },
788 { 788 {
789 .name = "no_dhe", 789 .name = "no_dhe",
790 .desc = "Disable ephemeral DH", 790 .desc = "Disable ephemeral DH",
791 .type = OPTION_FLAG, 791 .type = OPTION_FLAG,
792 .opt.flag = &s_server_config.no_dhe, 792 .opt.flag = &cfg.no_dhe,
793 }, 793 },
794 { 794 {
795 .name = "no_ecdhe", 795 .name = "no_ecdhe",
796 .desc = "Disable ephemeral ECDH", 796 .desc = "Disable ephemeral ECDH",
797 .type = OPTION_FLAG, 797 .type = OPTION_FLAG,
798 .opt.flag = &s_server_config.no_ecdhe, 798 .opt.flag = &cfg.no_ecdhe,
799 }, 799 },
800 { 800 {
801 .name = "no_ticket", 801 .name = "no_ticket",
802 .desc = "Disable use of RFC4507bis session tickets", 802 .desc = "Disable use of RFC4507bis session tickets",
803 .type = OPTION_VALUE_OR, 803 .type = OPTION_VALUE_OR,
804 .opt.value = &s_server_config.off, 804 .opt.value = &cfg.off,
805 .value = SSL_OP_NO_TICKET, 805 .value = SSL_OP_NO_TICKET,
806 }, 806 },
807 { 807 {
808 .name = "no_ssl2", 808 .name = "no_ssl2",
809 .type = OPTION_VALUE_OR, 809 .type = OPTION_VALUE_OR,
810 .opt.value = &s_server_config.off, 810 .opt.value = &cfg.off,
811 .value = SSL_OP_NO_SSLv2, 811 .value = SSL_OP_NO_SSLv2,
812 }, 812 },
813 { 813 {
814 .name = "no_ssl3", 814 .name = "no_ssl3",
815 .type = OPTION_VALUE_OR, 815 .type = OPTION_VALUE_OR,
816 .opt.value = &s_server_config.off, 816 .opt.value = &cfg.off,
817 .value = SSL_OP_NO_SSLv3, 817 .value = SSL_OP_NO_SSLv3,
818 }, 818 },
819 { 819 {
820 .name = "no_tls1", 820 .name = "no_tls1",
821 .desc = "Just disable TLSv1", 821 .desc = "Just disable TLSv1",
822 .type = OPTION_VALUE_OR, 822 .type = OPTION_VALUE_OR,
823 .opt.value = &s_server_config.off, 823 .opt.value = &cfg.off,
824 .value = SSL_OP_NO_TLSv1, 824 .value = SSL_OP_NO_TLSv1,
825 }, 825 },
826 { 826 {
827 .name = "no_tls1_1", 827 .name = "no_tls1_1",
828 .desc = "Just disable TLSv1.1", 828 .desc = "Just disable TLSv1.1",
829 .type = OPTION_VALUE_OR, 829 .type = OPTION_VALUE_OR,
830 .opt.value = &s_server_config.off, 830 .opt.value = &cfg.off,
831 .value = SSL_OP_NO_TLSv1_1, 831 .value = SSL_OP_NO_TLSv1_1,
832 }, 832 },
833 { 833 {
834 .name = "no_tls1_2", 834 .name = "no_tls1_2",
835 .desc = "Just disable TLSv1.2", 835 .desc = "Just disable TLSv1.2",
836 .type = OPTION_VALUE_OR, 836 .type = OPTION_VALUE_OR,
837 .opt.value = &s_server_config.off, 837 .opt.value = &cfg.off,
838 .value = SSL_OP_NO_TLSv1_2, 838 .value = SSL_OP_NO_TLSv1_2,
839 }, 839 },
840 { 840 {
841 .name = "no_tls1_3", 841 .name = "no_tls1_3",
842 .desc = "Just disable TLSv1.3", 842 .desc = "Just disable TLSv1.3",
843 .type = OPTION_VALUE_OR, 843 .type = OPTION_VALUE_OR,
844 .opt.value = &s_server_config.off, 844 .opt.value = &cfg.off,
845 .value = SSL_OP_NO_TLSv1_3, 845 .value = SSL_OP_NO_TLSv1_3,
846 }, 846 },
847 { 847 {
@@ -852,14 +852,14 @@ static const struct option s_server_options[] = {
852 .name = "nocert", 852 .name = "nocert",
853 .desc = "Don't use any certificates (Anon-DH)", 853 .desc = "Don't use any certificates (Anon-DH)",
854 .type = OPTION_FLAG, 854 .type = OPTION_FLAG,
855 .opt.flag = &s_server_config.nocert, 855 .opt.flag = &cfg.nocert,
856 }, 856 },
857 { 857 {
858 .name = "pass", 858 .name = "pass",
859 .argname = "arg", 859 .argname = "arg",
860 .desc = "Private key file pass phrase source", 860 .desc = "Private key file pass phrase source",
861 .type = OPTION_ARG, 861 .type = OPTION_ARG,
862 .opt.arg = &s_server_config.passarg, 862 .opt.arg = &cfg.passarg,
863 }, 863 },
864 { 864 {
865 .name = "port", 865 .name = "port",
@@ -871,40 +871,40 @@ static const struct option s_server_options[] = {
871 .name = "quiet", 871 .name = "quiet",
872 .desc = "Inhibit printing of session and certificate information", 872 .desc = "Inhibit printing of session and certificate information",
873 .type = OPTION_FLAG, 873 .type = OPTION_FLAG,
874 .opt.flag = &s_server_config.quiet, 874 .opt.flag = &cfg.quiet,
875 }, 875 },
876 { 876 {
877 .name = "servername", 877 .name = "servername",
878 .argname = "name", 878 .argname = "name",
879 .desc = "Servername for HostName TLS extension", 879 .desc = "Servername for HostName TLS extension",
880 .type = OPTION_ARG, 880 .type = OPTION_ARG,
881 .opt.arg = &s_server_config.tlsextcbp.servername, 881 .opt.arg = &cfg.tlsextcbp.servername,
882 }, 882 },
883 { 883 {
884 .name = "servername_fatal", 884 .name = "servername_fatal",
885 .desc = "On mismatch send fatal alert (default warning alert)", 885 .desc = "On mismatch send fatal alert (default warning alert)",
886 .type = OPTION_VALUE, 886 .type = OPTION_VALUE,
887 .opt.value = &s_server_config.tlsextcbp.extension_error, 887 .opt.value = &cfg.tlsextcbp.extension_error,
888 .value = SSL_TLSEXT_ERR_ALERT_FATAL, 888 .value = SSL_TLSEXT_ERR_ALERT_FATAL,
889 }, 889 },
890 { 890 {
891 .name = "serverpref", 891 .name = "serverpref",
892 .desc = "Use server's cipher preferences", 892 .desc = "Use server's cipher preferences",
893 .type = OPTION_VALUE_OR, 893 .type = OPTION_VALUE_OR,
894 .opt.value = &s_server_config.off, 894 .opt.value = &cfg.off,
895 .value = SSL_OP_CIPHER_SERVER_PREFERENCE, 895 .value = SSL_OP_CIPHER_SERVER_PREFERENCE,
896 }, 896 },
897 { 897 {
898 .name = "state", 898 .name = "state",
899 .desc = "Print the SSL states", 899 .desc = "Print the SSL states",
900 .type = OPTION_FLAG, 900 .type = OPTION_FLAG,
901 .opt.flag = &s_server_config.state, 901 .opt.flag = &cfg.state,
902 }, 902 },
903 { 903 {
904 .name = "status", 904 .name = "status",
905 .desc = "Respond to certificate status requests", 905 .desc = "Respond to certificate status requests",
906 .type = OPTION_FLAG, 906 .type = OPTION_FLAG,
907 .opt.flag = &s_server_config.tlsextstatus, 907 .opt.flag = &cfg.tlsextstatus,
908 }, 908 },
909 { 909 {
910 .name = "status_timeout", 910 .name = "status_timeout",
@@ -931,7 +931,7 @@ static const struct option s_server_options[] = {
931 .name = "timeout", 931 .name = "timeout",
932 .desc = "Enable timeouts", 932 .desc = "Enable timeouts",
933 .type = OPTION_FLAG, 933 .type = OPTION_FLAG,
934 .opt.flag = &s_server_config.enable_timeouts, 934 .opt.flag = &cfg.enable_timeouts,
935 }, 935 },
936#endif 936#endif
937 { 937 {
@@ -962,7 +962,7 @@ static const struct option s_server_options[] = {
962 .name = "tlsextdebug", 962 .name = "tlsextdebug",
963 .desc = "Hex dump of all TLS extensions received", 963 .desc = "Hex dump of all TLS extensions received",
964 .type = OPTION_FLAG, 964 .type = OPTION_FLAG,
965 .opt.flag = &s_server_config.tlsextdebug, 965 .opt.flag = &cfg.tlsextdebug,
966 }, 966 },
967#ifndef OPENSSL_NO_SRTP 967#ifndef OPENSSL_NO_SRTP
968 { 968 {
@@ -970,7 +970,7 @@ static const struct option s_server_options[] = {
970 .argname = "profiles", 970 .argname = "profiles",
971 .desc = "Offer SRTP key management with a colon-separated profile list", 971 .desc = "Offer SRTP key management with a colon-separated profile list",
972 .type = OPTION_ARG, 972 .type = OPTION_ARG,
973 .opt.arg = &s_server_config.srtp_profiles, 973 .opt.arg = &cfg.srtp_profiles,
974 }, 974 },
975#endif 975#endif
976 { 976 {
@@ -997,14 +997,14 @@ static const struct option s_server_options[] = {
997 .name = "WWW", 997 .name = "WWW",
998 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>", 998 .desc = "Respond to a 'GET /<path> HTTP/1.0' with file ./<path>",
999 .type = OPTION_VALUE, 999 .type = OPTION_VALUE,
1000 .opt.value = &s_server_config.www, 1000 .opt.value = &cfg.www,
1001 .value = 2, 1001 .value = 2,
1002 }, 1002 },
1003 { 1003 {
1004 .name = "www", 1004 .name = "www",
1005 .desc = "Respond to a 'GET /' with a status page", 1005 .desc = "Respond to a 'GET /' with a status page",
1006 .type = OPTION_VALUE, 1006 .type = OPTION_VALUE,
1007 .opt.value = &s_server_config.www, 1007 .opt.value = &cfg.www,
1008 .value = 1, 1008 .value = 1,
1009 }, 1009 },
1010 { 1010 {
@@ -1020,24 +1020,24 @@ static void
1020s_server_init(void) 1020s_server_init(void)
1021{ 1021{
1022 accept_socket = -1; 1022 accept_socket = -1;
1023 s_server_config.cipher = NULL; 1023 cfg.cipher = NULL;
1024 s_server_config.server_verify = SSL_VERIFY_NONE; 1024 cfg.server_verify = SSL_VERIFY_NONE;
1025 s_server_config.dcert_file = NULL; 1025 cfg.dcert_file = NULL;
1026 s_server_config.dkey_file = NULL; 1026 cfg.dkey_file = NULL;
1027 s_server_config.cert_file = TEST_CERT; 1027 cfg.cert_file = TEST_CERT;
1028 s_server_config.key_file = NULL; 1028 cfg.key_file = NULL;
1029 s_server_config.cert_file2 = TEST_CERT2; 1029 cfg.cert_file2 = TEST_CERT2;
1030 s_server_config.key_file2 = NULL; 1030 cfg.key_file2 = NULL;
1031 ctx2 = NULL; 1031 ctx2 = NULL;
1032 s_server_config.nbio = 0; 1032 cfg.nbio = 0;
1033 s_server_config.nbio_test = 0; 1033 cfg.nbio_test = 0;
1034 ctx = NULL; 1034 ctx = NULL;
1035 s_server_config.www = 0; 1035 cfg.www = 0;
1036 1036
1037 bio_s_out = NULL; 1037 bio_s_out = NULL;
1038 s_server_config.debug = 0; 1038 cfg.debug = 0;
1039 s_server_config.msg = 0; 1039 cfg.msg = 0;
1040 s_server_config.quiet = 0; 1040 cfg.quiet = 0;
1041} 1041}
1042 1042
1043static void 1043static void
@@ -1086,21 +1086,21 @@ s_server_main(int argc, char *argv[])
1086 exit(1); 1086 exit(1);
1087 } 1087 }
1088 1088
1089 memset(&s_server_config, 0, sizeof(s_server_config)); 1089 memset(&cfg, 0, sizeof(cfg));
1090 s_server_config.keymatexportlen = 20; 1090 cfg.keymatexportlen = 20;
1091 s_server_config.meth = TLS_server_method(); 1091 cfg.meth = TLS_server_method();
1092 s_server_config.naccept = -1; 1092 cfg.naccept = -1;
1093 s_server_config.port = PORT; 1093 cfg.port = PORT;
1094 s_server_config.cert_file = TEST_CERT; 1094 cfg.cert_file = TEST_CERT;
1095 s_server_config.cert_file2 = TEST_CERT2; 1095 cfg.cert_file2 = TEST_CERT2;
1096 s_server_config.cert_format = FORMAT_PEM; 1096 cfg.cert_format = FORMAT_PEM;
1097 s_server_config.dcert_format = FORMAT_PEM; 1097 cfg.dcert_format = FORMAT_PEM;
1098 s_server_config.dkey_format = FORMAT_PEM; 1098 cfg.dkey_format = FORMAT_PEM;
1099 s_server_config.key_format = FORMAT_PEM; 1099 cfg.key_format = FORMAT_PEM;
1100 s_server_config.server_verify = SSL_VERIFY_NONE; 1100 cfg.server_verify = SSL_VERIFY_NONE;
1101 s_server_config.socket_type = SOCK_STREAM; 1101 cfg.socket_type = SOCK_STREAM;
1102 s_server_config.tlscstatp.timeout = -1; 1102 cfg.tlscstatp.timeout = -1;
1103 s_server_config.tlsextcbp.extension_error = 1103 cfg.tlsextcbp.extension_error =
1104 SSL_TLSEXT_ERR_ALERT_WARNING; 1104 SSL_TLSEXT_ERR_ALERT_WARNING;
1105 1105
1106 local_argc = argc; 1106 local_argc = argc;
@@ -1111,47 +1111,47 @@ s_server_main(int argc, char *argv[])
1111 verify_depth = 0; 1111 verify_depth = 0;
1112 1112
1113 if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) { 1113 if (options_parse(argc, argv, s_server_options, NULL, NULL) != 0) {
1114 if (s_server_config.errstr == NULL) 1114 if (cfg.errstr == NULL)
1115 sv_usage(); 1115 sv_usage();
1116 goto end; 1116 goto end;
1117 } 1117 }
1118 1118
1119 if (!app_passwd(bio_err, s_server_config.passarg, 1119 if (!app_passwd(bio_err, cfg.passarg,
1120 s_server_config.dpassarg, &pass, &dpass)) { 1120 cfg.dpassarg, &pass, &dpass)) {
1121 BIO_printf(bio_err, "Error getting password\n"); 1121 BIO_printf(bio_err, "Error getting password\n");
1122 goto end; 1122 goto end;
1123 } 1123 }
1124 if (s_server_config.key_file == NULL) 1124 if (cfg.key_file == NULL)
1125 s_server_config.key_file = s_server_config.cert_file; 1125 cfg.key_file = cfg.cert_file;
1126 if (s_server_config.key_file2 == NULL) 1126 if (cfg.key_file2 == NULL)
1127 s_server_config.key_file2 = s_server_config.cert_file2; 1127 cfg.key_file2 = cfg.cert_file2;
1128 1128
1129 if (s_server_config.nocert == 0) { 1129 if (cfg.nocert == 0) {
1130 s_key = load_key(bio_err, s_server_config.key_file, 1130 s_key = load_key(bio_err, cfg.key_file,
1131 s_server_config.key_format, 0, pass, 1131 cfg.key_format, 0, pass,
1132 "server certificate private key file"); 1132 "server certificate private key file");
1133 if (!s_key) { 1133 if (!s_key) {
1134 ERR_print_errors(bio_err); 1134 ERR_print_errors(bio_err);
1135 goto end; 1135 goto end;
1136 } 1136 }
1137 s_cert = load_cert(bio_err, s_server_config.cert_file, 1137 s_cert = load_cert(bio_err, cfg.cert_file,
1138 s_server_config.cert_format, 1138 cfg.cert_format,
1139 NULL, "server certificate file"); 1139 NULL, "server certificate file");
1140 1140
1141 if (!s_cert) { 1141 if (!s_cert) {
1142 ERR_print_errors(bio_err); 1142 ERR_print_errors(bio_err);
1143 goto end; 1143 goto end;
1144 } 1144 }
1145 if (s_server_config.tlsextcbp.servername) { 1145 if (cfg.tlsextcbp.servername) {
1146 s_key2 = load_key(bio_err, s_server_config.key_file2, 1146 s_key2 = load_key(bio_err, cfg.key_file2,
1147 s_server_config.key_format, 0, pass, 1147 cfg.key_format, 0, pass,
1148 "second server certificate private key file"); 1148 "second server certificate private key file");
1149 if (!s_key2) { 1149 if (!s_key2) {
1150 ERR_print_errors(bio_err); 1150 ERR_print_errors(bio_err);
1151 goto end; 1151 goto end;
1152 } 1152 }
1153 s_cert2 = load_cert(bio_err, s_server_config.cert_file2, 1153 s_cert2 = load_cert(bio_err, cfg.cert_file2,
1154 s_server_config.cert_format, 1154 cfg.cert_format,
1155 NULL, "second server certificate file"); 1155 NULL, "second server certificate file");
1156 1156
1157 if (!s_cert2) { 1157 if (!s_cert2) {
@@ -1161,29 +1161,29 @@ s_server_main(int argc, char *argv[])
1161 } 1161 }
1162 } 1162 }
1163 alpn_ctx.data = NULL; 1163 alpn_ctx.data = NULL;
1164 if (s_server_config.alpn_in) { 1164 if (cfg.alpn_in) {
1165 unsigned short len; 1165 unsigned short len;
1166 alpn_ctx.data = next_protos_parse(&len, 1166 alpn_ctx.data = next_protos_parse(&len,
1167 s_server_config.alpn_in); 1167 cfg.alpn_in);
1168 if (alpn_ctx.data == NULL) 1168 if (alpn_ctx.data == NULL)
1169 goto end; 1169 goto end;
1170 alpn_ctx.len = len; 1170 alpn_ctx.len = len;
1171 } 1171 }
1172 1172
1173 if (s_server_config.dcert_file) { 1173 if (cfg.dcert_file) {
1174 1174
1175 if (s_server_config.dkey_file == NULL) 1175 if (cfg.dkey_file == NULL)
1176 s_server_config.dkey_file = s_server_config.dcert_file; 1176 cfg.dkey_file = cfg.dcert_file;
1177 1177
1178 s_dkey = load_key(bio_err, s_server_config.dkey_file, 1178 s_dkey = load_key(bio_err, cfg.dkey_file,
1179 s_server_config.dkey_format, 1179 cfg.dkey_format,
1180 0, dpass, "second certificate private key file"); 1180 0, dpass, "second certificate private key file");
1181 if (!s_dkey) { 1181 if (!s_dkey) {
1182 ERR_print_errors(bio_err); 1182 ERR_print_errors(bio_err);
1183 goto end; 1183 goto end;
1184 } 1184 }
1185 s_dcert = load_cert(bio_err, s_server_config.dcert_file, 1185 s_dcert = load_cert(bio_err, cfg.dcert_file,
1186 s_server_config.dcert_format, 1186 cfg.dcert_format,
1187 NULL, "second server certificate file"); 1187 NULL, "second server certificate file");
1188 1188
1189 if (!s_dcert) { 1189 if (!s_dcert) {
@@ -1192,23 +1192,23 @@ s_server_main(int argc, char *argv[])
1192 } 1192 }
1193 } 1193 }
1194 if (bio_s_out == NULL) { 1194 if (bio_s_out == NULL) {
1195 if (s_server_config.quiet && !s_server_config.debug && 1195 if (cfg.quiet && !cfg.debug &&
1196 !s_server_config.msg) { 1196 !cfg.msg) {
1197 bio_s_out = BIO_new(BIO_s_null()); 1197 bio_s_out = BIO_new(BIO_s_null());
1198 } else { 1198 } else {
1199 if (bio_s_out == NULL) 1199 if (bio_s_out == NULL)
1200 bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE); 1200 bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
1201 } 1201 }
1202 } 1202 }
1203 if (s_server_config.nocert) { 1203 if (cfg.nocert) {
1204 s_server_config.cert_file = NULL; 1204 cfg.cert_file = NULL;
1205 s_server_config.key_file = NULL; 1205 cfg.key_file = NULL;
1206 s_server_config.dcert_file = NULL; 1206 cfg.dcert_file = NULL;
1207 s_server_config.dkey_file = NULL; 1207 cfg.dkey_file = NULL;
1208 s_server_config.cert_file2 = NULL; 1208 cfg.cert_file2 = NULL;
1209 s_server_config.key_file2 = NULL; 1209 cfg.key_file2 = NULL;
1210 } 1210 }
1211 ctx = SSL_CTX_new(s_server_config.meth); 1211 ctx = SSL_CTX_new(cfg.meth);
1212 if (ctx == NULL) { 1212 if (ctx == NULL) {
1213 ERR_print_errors(bio_err); 1213 ERR_print_errors(bio_err);
1214 goto end; 1214 goto end;
@@ -1216,16 +1216,16 @@ s_server_main(int argc, char *argv[])
1216 1216
1217 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); 1217 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
1218 1218
1219 if (!SSL_CTX_set_min_proto_version(ctx, s_server_config.min_version)) 1219 if (!SSL_CTX_set_min_proto_version(ctx, cfg.min_version))
1220 goto end; 1220 goto end;
1221 if (!SSL_CTX_set_max_proto_version(ctx, s_server_config.max_version)) 1221 if (!SSL_CTX_set_max_proto_version(ctx, cfg.max_version))
1222 goto end; 1222 goto end;
1223 1223
1224 if (s_server_config.session_id_prefix) { 1224 if (cfg.session_id_prefix) {
1225 if (strlen(s_server_config.session_id_prefix) >= 32) 1225 if (strlen(cfg.session_id_prefix) >= 32)
1226 BIO_printf(bio_err, 1226 BIO_printf(bio_err,
1227 "warning: id_prefix is too long, only one new session will be possible\n"); 1227 "warning: id_prefix is too long, only one new session will be possible\n");
1228 else if (strlen(s_server_config.session_id_prefix) >= 16) 1228 else if (strlen(cfg.session_id_prefix) >= 16)
1229 BIO_printf(bio_err, 1229 BIO_printf(bio_err,
1230 "warning: id_prefix is too long if you use SSLv2\n"); 1230 "warning: id_prefix is too long if you use SSLv2\n");
1231 if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { 1231 if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
@@ -1234,58 +1234,58 @@ s_server_main(int argc, char *argv[])
1234 goto end; 1234 goto end;
1235 } 1235 }
1236 BIO_printf(bio_err, "id_prefix '%s' set.\n", 1236 BIO_printf(bio_err, "id_prefix '%s' set.\n",
1237 s_server_config.session_id_prefix); 1237 cfg.session_id_prefix);
1238 } 1238 }
1239 SSL_CTX_set_quiet_shutdown(ctx, 1); 1239 SSL_CTX_set_quiet_shutdown(ctx, 1);
1240 if (s_server_config.bugs) 1240 if (cfg.bugs)
1241 SSL_CTX_set_options(ctx, SSL_OP_ALL); 1241 SSL_CTX_set_options(ctx, SSL_OP_ALL);
1242 SSL_CTX_set_options(ctx, s_server_config.off); 1242 SSL_CTX_set_options(ctx, cfg.off);
1243 1243
1244 if (s_server_config.state) 1244 if (cfg.state)
1245 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 1245 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
1246 if (s_server_config.no_cache) 1246 if (cfg.no_cache)
1247 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 1247 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
1248 else 1248 else
1249 SSL_CTX_sess_set_cache_size(ctx, 128); 1249 SSL_CTX_sess_set_cache_size(ctx, 128);
1250 1250
1251#ifndef OPENSSL_NO_SRTP 1251#ifndef OPENSSL_NO_SRTP
1252 if (s_server_config.srtp_profiles != NULL) 1252 if (cfg.srtp_profiles != NULL)
1253 SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); 1253 SSL_CTX_set_tlsext_use_srtp(ctx, cfg.srtp_profiles);
1254#endif 1254#endif
1255 1255
1256 if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, 1256 if ((!SSL_CTX_load_verify_locations(ctx, cfg.CAfile,
1257 s_server_config.CApath)) || 1257 cfg.CApath)) ||
1258 (!SSL_CTX_set_default_verify_paths(ctx))) { 1258 (!SSL_CTX_set_default_verify_paths(ctx))) {
1259 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ 1259 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
1260 ERR_print_errors(bio_err); 1260 ERR_print_errors(bio_err);
1261 /* goto end; */ 1261 /* goto end; */
1262 } 1262 }
1263 if (s_server_config.vpm) 1263 if (cfg.vpm)
1264 SSL_CTX_set1_param(ctx, s_server_config.vpm); 1264 SSL_CTX_set1_param(ctx, cfg.vpm);
1265 1265
1266 if (s_cert2) { 1266 if (s_cert2) {
1267 ctx2 = SSL_CTX_new(s_server_config.meth); 1267 ctx2 = SSL_CTX_new(cfg.meth);
1268 if (ctx2 == NULL) { 1268 if (ctx2 == NULL) {
1269 ERR_print_errors(bio_err); 1269 ERR_print_errors(bio_err);
1270 goto end; 1270 goto end;
1271 } 1271 }
1272 1272
1273 if (!SSL_CTX_set_min_proto_version(ctx2, 1273 if (!SSL_CTX_set_min_proto_version(ctx2,
1274 s_server_config.min_version)) 1274 cfg.min_version))
1275 goto end; 1275 goto end;
1276 if (!SSL_CTX_set_max_proto_version(ctx2, 1276 if (!SSL_CTX_set_max_proto_version(ctx2,
1277 s_server_config.max_version)) 1277 cfg.max_version))
1278 goto end; 1278 goto end;
1279 SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); 1279 SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY);
1280 } 1280 }
1281 if (ctx2) { 1281 if (ctx2) {
1282 BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); 1282 BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
1283 1283
1284 if (s_server_config.session_id_prefix) { 1284 if (cfg.session_id_prefix) {
1285 if (strlen(s_server_config.session_id_prefix) >= 32) 1285 if (strlen(cfg.session_id_prefix) >= 32)
1286 BIO_printf(bio_err, 1286 BIO_printf(bio_err,
1287 "warning: id_prefix is too long, only one new session will be possible\n"); 1287 "warning: id_prefix is too long, only one new session will be possible\n");
1288 else if (strlen(s_server_config.session_id_prefix) >= 16) 1288 else if (strlen(cfg.session_id_prefix) >= 16)
1289 BIO_printf(bio_err, 1289 BIO_printf(bio_err,
1290 "warning: id_prefix is too long if you use SSLv2\n"); 1290 "warning: id_prefix is too long if you use SSLv2\n");
1291 if (!SSL_CTX_set_generate_session_id(ctx2, 1291 if (!SSL_CTX_set_generate_session_id(ctx2,
@@ -1296,48 +1296,48 @@ s_server_main(int argc, char *argv[])
1296 goto end; 1296 goto end;
1297 } 1297 }
1298 BIO_printf(bio_err, "id_prefix '%s' set.\n", 1298 BIO_printf(bio_err, "id_prefix '%s' set.\n",
1299 s_server_config.session_id_prefix); 1299 cfg.session_id_prefix);
1300 } 1300 }
1301 SSL_CTX_set_quiet_shutdown(ctx2, 1); 1301 SSL_CTX_set_quiet_shutdown(ctx2, 1);
1302 if (s_server_config.bugs) 1302 if (cfg.bugs)
1303 SSL_CTX_set_options(ctx2, SSL_OP_ALL); 1303 SSL_CTX_set_options(ctx2, SSL_OP_ALL);
1304 SSL_CTX_set_options(ctx2, s_server_config.off); 1304 SSL_CTX_set_options(ctx2, cfg.off);
1305 1305
1306 if (s_server_config.state) 1306 if (cfg.state)
1307 SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); 1307 SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
1308 1308
1309 if (s_server_config.no_cache) 1309 if (cfg.no_cache)
1310 SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF); 1310 SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
1311 else 1311 else
1312 SSL_CTX_sess_set_cache_size(ctx2, 128); 1312 SSL_CTX_sess_set_cache_size(ctx2, 128);
1313 1313
1314 if ((!SSL_CTX_load_verify_locations(ctx2, 1314 if ((!SSL_CTX_load_verify_locations(ctx2,
1315 s_server_config.CAfile, s_server_config.CApath)) || 1315 cfg.CAfile, cfg.CApath)) ||
1316 (!SSL_CTX_set_default_verify_paths(ctx2))) { 1316 (!SSL_CTX_set_default_verify_paths(ctx2))) {
1317 ERR_print_errors(bio_err); 1317 ERR_print_errors(bio_err);
1318 } 1318 }
1319 if (s_server_config.vpm) 1319 if (cfg.vpm)
1320 SSL_CTX_set1_param(ctx2, s_server_config.vpm); 1320 SSL_CTX_set1_param(ctx2, cfg.vpm);
1321 } 1321 }
1322 if (alpn_ctx.data) 1322 if (alpn_ctx.data)
1323 SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); 1323 SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
1324 1324
1325 if (s_server_config.groups_in != NULL) { 1325 if (cfg.groups_in != NULL) {
1326 if (SSL_CTX_set1_groups_list(ctx, s_server_config.groups_in) != 1) { 1326 if (SSL_CTX_set1_groups_list(ctx, cfg.groups_in) != 1) {
1327 BIO_printf(bio_err, "Failed to set groups '%s'\n", 1327 BIO_printf(bio_err, "Failed to set groups '%s'\n",
1328 s_server_config.groups_in); 1328 cfg.groups_in);
1329 goto end; 1329 goto end;
1330 } 1330 }
1331 } 1331 }
1332 1332
1333#ifndef OPENSSL_NO_DH 1333#ifndef OPENSSL_NO_DH
1334 if (!s_server_config.no_dhe) { 1334 if (!cfg.no_dhe) {
1335 DH *dh = NULL; 1335 DH *dh = NULL;
1336 1336
1337 if (s_server_config.dhfile) 1337 if (cfg.dhfile)
1338 dh = load_dh_param(s_server_config.dhfile); 1338 dh = load_dh_param(cfg.dhfile);
1339 else if (s_server_config.cert_file) 1339 else if (cfg.cert_file)
1340 dh = load_dh_param(s_server_config.cert_file); 1340 dh = load_dh_param(cfg.cert_file);
1341 1341
1342 if (dh != NULL) 1342 if (dh != NULL)
1343 BIO_printf(bio_s_out, "Setting temp DH parameters\n"); 1343 BIO_printf(bio_s_out, "Setting temp DH parameters\n");
@@ -1356,12 +1356,12 @@ s_server_main(int argc, char *argv[])
1356 } 1356 }
1357 1357
1358 if (ctx2) { 1358 if (ctx2) {
1359 if (!s_server_config.dhfile) { 1359 if (!cfg.dhfile) {
1360 DH *dh2 = NULL; 1360 DH *dh2 = NULL;
1361 1361
1362 if (s_server_config.cert_file2 != NULL) 1362 if (cfg.cert_file2 != NULL)
1363 dh2 = load_dh_param( 1363 dh2 = load_dh_param(
1364 s_server_config.cert_file2); 1364 cfg.cert_file2);
1365 if (dh2 != NULL) { 1365 if (dh2 != NULL) {
1366 BIO_printf(bio_s_out, 1366 BIO_printf(bio_s_out,
1367 "Setting temp DH parameters\n"); 1367 "Setting temp DH parameters\n");
@@ -1385,18 +1385,18 @@ s_server_main(int argc, char *argv[])
1385 } 1385 }
1386#endif 1386#endif
1387 1387
1388 if (!s_server_config.no_ecdhe && s_server_config.named_curve != NULL) { 1388 if (!cfg.no_ecdhe && cfg.named_curve != NULL) {
1389 EC_KEY *ecdh = NULL; 1389 EC_KEY *ecdh = NULL;
1390 int nid; 1390 int nid;
1391 1391
1392 if ((nid = OBJ_sn2nid(s_server_config.named_curve)) == 0) { 1392 if ((nid = OBJ_sn2nid(cfg.named_curve)) == 0) {
1393 BIO_printf(bio_err, "unknown curve name (%s)\n", 1393 BIO_printf(bio_err, "unknown curve name (%s)\n",
1394 s_server_config.named_curve); 1394 cfg.named_curve);
1395 goto end; 1395 goto end;
1396 } 1396 }
1397 if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) { 1397 if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) {
1398 BIO_printf(bio_err, "unable to create curve (%s)\n", 1398 BIO_printf(bio_err, "unable to create curve (%s)\n",
1399 s_server_config.named_curve); 1399 cfg.named_curve);
1400 goto end; 1400 goto end;
1401 } 1401 }
1402 BIO_printf(bio_s_out, "Setting temp ECDH parameters\n"); 1402 BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
@@ -1417,20 +1417,20 @@ s_server_main(int argc, char *argv[])
1417 goto end; 1417 goto end;
1418 } 1418 }
1419 1419
1420 if (s_server_config.cipher != NULL) { 1420 if (cfg.cipher != NULL) {
1421 if (!SSL_CTX_set_cipher_list(ctx, s_server_config.cipher)) { 1421 if (!SSL_CTX_set_cipher_list(ctx, cfg.cipher)) {
1422 BIO_printf(bio_err, "error setting cipher list\n"); 1422 BIO_printf(bio_err, "error setting cipher list\n");
1423 ERR_print_errors(bio_err); 1423 ERR_print_errors(bio_err);
1424 goto end; 1424 goto end;
1425 } 1425 }
1426 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, 1426 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,
1427 s_server_config.cipher)) { 1427 cfg.cipher)) {
1428 BIO_printf(bio_err, "error setting cipher list\n"); 1428 BIO_printf(bio_err, "error setting cipher list\n");
1429 ERR_print_errors(bio_err); 1429 ERR_print_errors(bio_err);
1430 goto end; 1430 goto end;
1431 } 1431 }
1432 } 1432 }
1433 SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); 1433 SSL_CTX_set_verify(ctx, cfg.server_verify, verify_callback);
1434 SSL_CTX_set_session_id_context(ctx, 1434 SSL_CTX_set_session_id_context(ctx,
1435 (void *) &s_server_session_id_context, 1435 (void *) &s_server_session_id_context,
1436 sizeof s_server_session_id_context); 1436 sizeof s_server_session_id_context);
@@ -1440,38 +1440,38 @@ s_server_main(int argc, char *argv[])
1440 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); 1440 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
1441 1441
1442 if (ctx2) { 1442 if (ctx2) {
1443 SSL_CTX_set_verify(ctx2, s_server_config.server_verify, 1443 SSL_CTX_set_verify(ctx2, cfg.server_verify,
1444 verify_callback); 1444 verify_callback);
1445 SSL_CTX_set_session_id_context(ctx2, 1445 SSL_CTX_set_session_id_context(ctx2,
1446 (void *) &s_server_session_id_context, 1446 (void *) &s_server_session_id_context,
1447 sizeof s_server_session_id_context); 1447 sizeof s_server_session_id_context);
1448 1448
1449 s_server_config.tlsextcbp.biodebug = bio_s_out; 1449 cfg.tlsextcbp.biodebug = bio_s_out;
1450 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); 1450 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
1451 SSL_CTX_set_tlsext_servername_arg(ctx2, 1451 SSL_CTX_set_tlsext_servername_arg(ctx2,
1452 &s_server_config.tlsextcbp); 1452 &cfg.tlsextcbp);
1453 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1453 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1454 SSL_CTX_set_tlsext_servername_arg(ctx, 1454 SSL_CTX_set_tlsext_servername_arg(ctx,
1455 &s_server_config.tlsextcbp); 1455 &cfg.tlsextcbp);
1456 } 1456 }
1457 1457
1458 if (s_server_config.CAfile != NULL) { 1458 if (cfg.CAfile != NULL) {
1459 SSL_CTX_set_client_CA_list(ctx, 1459 SSL_CTX_set_client_CA_list(ctx,
1460 SSL_load_client_CA_file(s_server_config.CAfile)); 1460 SSL_load_client_CA_file(cfg.CAfile));
1461 if (ctx2) 1461 if (ctx2)
1462 SSL_CTX_set_client_CA_list(ctx2, 1462 SSL_CTX_set_client_CA_list(ctx2,
1463 SSL_load_client_CA_file(s_server_config.CAfile)); 1463 SSL_load_client_CA_file(cfg.CAfile));
1464 } 1464 }
1465 BIO_printf(bio_s_out, "ACCEPT\n"); 1465 BIO_printf(bio_s_out, "ACCEPT\n");
1466 (void) BIO_flush(bio_s_out); 1466 (void) BIO_flush(bio_s_out);
1467 if (s_server_config.www) 1467 if (cfg.www)
1468 do_server(s_server_config.port, s_server_config.socket_type, 1468 do_server(cfg.port, cfg.socket_type,
1469 &accept_socket, www_body, s_server_config.context, 1469 &accept_socket, www_body, cfg.context,
1470 s_server_config.naccept); 1470 cfg.naccept);
1471 else 1471 else
1472 do_server(s_server_config.port, s_server_config.socket_type, 1472 do_server(cfg.port, cfg.socket_type,
1473 &accept_socket, sv_body, s_server_config.context, 1473 &accept_socket, sv_body, cfg.context,
1474 s_server_config.naccept); 1474 cfg.naccept);
1475 print_stats(bio_s_out, ctx); 1475 print_stats(bio_s_out, ctx);
1476 ret = 0; 1476 ret = 0;
1477 end: 1477 end:
@@ -1482,10 +1482,10 @@ s_server_main(int argc, char *argv[])
1482 EVP_PKEY_free(s_dkey); 1482 EVP_PKEY_free(s_dkey);
1483 free(pass); 1483 free(pass);
1484 free(dpass); 1484 free(dpass);
1485 X509_VERIFY_PARAM_free(s_server_config.vpm); 1485 X509_VERIFY_PARAM_free(cfg.vpm);
1486 free(s_server_config.tlscstatp.host); 1486 free(cfg.tlscstatp.host);
1487 free(s_server_config.tlscstatp.port); 1487 free(cfg.tlscstatp.port);
1488 free(s_server_config.tlscstatp.path); 1488 free(cfg.tlscstatp.path);
1489 SSL_CTX_free(ctx2); 1489 SSL_CTX_free(ctx2);
1490 X509_free(s_cert2); 1490 X509_free(s_cert2);
1491 EVP_PKEY_free(s_key2); 1491 EVP_PKEY_free(s_key2);
@@ -1543,8 +1543,8 @@ sv_body(int s, unsigned char *context)
1543 BIO_printf(bio_err, "out of memory\n"); 1543 BIO_printf(bio_err, "out of memory\n");
1544 goto err; 1544 goto err;
1545 } 1545 }
1546 if (s_server_config.nbio) { 1546 if (cfg.nbio) {
1547 if (!s_server_config.quiet) 1547 if (!cfg.quiet)
1548 BIO_printf(bio_err, "turning on non blocking io\n"); 1548 BIO_printf(bio_err, "turning on non blocking io\n");
1549 if (!BIO_socket_nbio(s, 1)) 1549 if (!BIO_socket_nbio(s, 1))
1550 ERR_print_errors(bio_err); 1550 ERR_print_errors(bio_err);
@@ -1552,15 +1552,15 @@ sv_body(int s, unsigned char *context)
1552 1552
1553 if (con == NULL) { 1553 if (con == NULL) {
1554 con = SSL_new(ctx); 1554 con = SSL_new(ctx);
1555 if (s_server_config.tlsextdebug) { 1555 if (cfg.tlsextdebug) {
1556 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1556 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1557 SSL_set_tlsext_debug_arg(con, bio_s_out); 1557 SSL_set_tlsext_debug_arg(con, bio_s_out);
1558 } 1558 }
1559 if (s_server_config.tlsextstatus) { 1559 if (cfg.tlsextstatus) {
1560 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); 1560 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
1561 s_server_config.tlscstatp.err = bio_err; 1561 cfg.tlscstatp.err = bio_err;
1562 SSL_CTX_set_tlsext_status_arg(ctx, 1562 SSL_CTX_set_tlsext_status_arg(ctx,
1563 &s_server_config.tlscstatp); 1563 &cfg.tlscstatp);
1564 } 1564 }
1565 if (context) 1565 if (context)
1566 SSL_set_session_id_context(con, context, 1566 SSL_set_session_id_context(con, context,
@@ -1571,7 +1571,7 @@ sv_body(int s, unsigned char *context)
1571 if (SSL_is_dtls(con)) { 1571 if (SSL_is_dtls(con)) {
1572 sbio = BIO_new_dgram(s, BIO_NOCLOSE); 1572 sbio = BIO_new_dgram(s, BIO_NOCLOSE);
1573 1573
1574 if (s_server_config.enable_timeouts) { 1574 if (cfg.enable_timeouts) {
1575 timeout.tv_sec = 0; 1575 timeout.tv_sec = 0;
1576 timeout.tv_usec = DGRAM_RCV_TIMEOUT; 1576 timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1577 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, 1577 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0,
@@ -1582,9 +1582,9 @@ sv_body(int s, unsigned char *context)
1582 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, 1582 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0,
1583 &timeout); 1583 &timeout);
1584 } 1584 }
1585 if (s_server_config.socket_mtu > 28) { 1585 if (cfg.socket_mtu > 28) {
1586 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 1586 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1587 SSL_set_mtu(con, s_server_config.socket_mtu - 28); 1587 SSL_set_mtu(con, cfg.socket_mtu - 28);
1588 } else 1588 } else
1589 /* want to do MTU discovery */ 1589 /* want to do MTU discovery */
1590 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 1590 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
@@ -1594,7 +1594,7 @@ sv_body(int s, unsigned char *context)
1594 } else 1594 } else
1595 sbio = BIO_new_socket(s, BIO_NOCLOSE); 1595 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1596 1596
1597 if (s_server_config.nbio_test) { 1597 if (cfg.nbio_test) {
1598 BIO *test; 1598 BIO *test;
1599 1599
1600 test = BIO_new(BIO_f_nbio_test()); 1600 test = BIO_new(BIO_f_nbio_test());
@@ -1605,16 +1605,16 @@ sv_body(int s, unsigned char *context)
1605 SSL_set_accept_state(con); 1605 SSL_set_accept_state(con);
1606 /* SSL_set_fd(con,s); */ 1606 /* SSL_set_fd(con,s); */
1607 1607
1608 if (s_server_config.debug) { 1608 if (cfg.debug) {
1609 SSL_set_debug(con, 1); 1609 SSL_set_debug(con, 1);
1610 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 1610 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
1611 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); 1611 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
1612 } 1612 }
1613 if (s_server_config.msg) { 1613 if (cfg.msg) {
1614 SSL_set_msg_callback(con, msg_cb); 1614 SSL_set_msg_callback(con, msg_cb);
1615 SSL_set_msg_callback_arg(con, bio_s_out); 1615 SSL_set_msg_callback_arg(con, bio_s_out);
1616 } 1616 }
1617 if (s_server_config.tlsextdebug) { 1617 if (cfg.tlsextdebug) {
1618 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1618 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1619 SSL_set_tlsext_debug_arg(con, bio_s_out); 1619 SSL_set_tlsext_debug_arg(con, bio_s_out);
1620 } 1620 }
@@ -1660,7 +1660,7 @@ sv_body(int s, unsigned char *context)
1660 } 1660 }
1661 } 1661 }
1662 if (read_from_terminal) { 1662 if (read_from_terminal) {
1663 if (s_server_config.crlf) { 1663 if (cfg.crlf) {
1664 int j, lf_num; 1664 int j, lf_num;
1665 1665
1666 i = read(fileno(stdin), buf, bufsize / 2); 1666 i = read(fileno(stdin), buf, bufsize / 2);
@@ -1680,7 +1680,7 @@ sv_body(int s, unsigned char *context)
1680 assert(lf_num == 0); 1680 assert(lf_num == 0);
1681 } else 1681 } else
1682 i = read(fileno(stdin), buf, bufsize); 1682 i = read(fileno(stdin), buf, bufsize);
1683 if (!s_server_config.quiet) { 1683 if (!cfg.quiet) {
1684 if ((i <= 0) || (buf[0] == 'Q')) { 1684 if ((i <= 0) || (buf[0] == 'Q')) {
1685 BIO_printf(bio_s_out, "DONE\n"); 1685 BIO_printf(bio_s_out, "DONE\n");
1686 shutdown(s, SHUT_RD); 1686 shutdown(s, SHUT_RD);
@@ -1910,23 +1910,23 @@ init_ssl_connection(SSL *con)
1910 BIO_printf(bio_s_out, "Reused session-id\n"); 1910 BIO_printf(bio_s_out, "Reused session-id\n");
1911 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", 1911 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
1912 SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); 1912 SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
1913 if (s_server_config.keymatexportlabel != NULL) { 1913 if (cfg.keymatexportlabel != NULL) {
1914 BIO_printf(bio_s_out, "Keying material exporter:\n"); 1914 BIO_printf(bio_s_out, "Keying material exporter:\n");
1915 BIO_printf(bio_s_out, " Label: '%s'\n", 1915 BIO_printf(bio_s_out, " Label: '%s'\n",
1916 s_server_config.keymatexportlabel); 1916 cfg.keymatexportlabel);
1917 BIO_printf(bio_s_out, " Length: %i bytes\n", 1917 BIO_printf(bio_s_out, " Length: %i bytes\n",
1918 s_server_config.keymatexportlen); 1918 cfg.keymatexportlen);
1919 exportedkeymat = malloc(s_server_config.keymatexportlen); 1919 exportedkeymat = malloc(cfg.keymatexportlen);
1920 if (exportedkeymat != NULL) { 1920 if (exportedkeymat != NULL) {
1921 if (!SSL_export_keying_material(con, exportedkeymat, 1921 if (!SSL_export_keying_material(con, exportedkeymat,
1922 s_server_config.keymatexportlen, 1922 cfg.keymatexportlen,
1923 s_server_config.keymatexportlabel, 1923 cfg.keymatexportlabel,
1924 strlen(s_server_config.keymatexportlabel), 1924 strlen(cfg.keymatexportlabel),
1925 NULL, 0, 0)) { 1925 NULL, 0, 0)) {
1926 BIO_printf(bio_s_out, " Error\n"); 1926 BIO_printf(bio_s_out, " Error\n");
1927 } else { 1927 } else {
1928 BIO_printf(bio_s_out, " Keying material: "); 1928 BIO_printf(bio_s_out, " Keying material: ");
1929 for (i = 0; i < s_server_config.keymatexportlen; i++) 1929 for (i = 0; i < cfg.keymatexportlen; i++)
1930 BIO_printf(bio_s_out, "%02X", 1930 BIO_printf(bio_s_out, "%02X",
1931 exportedkeymat[i]); 1931 exportedkeymat[i]);
1932 BIO_printf(bio_s_out, "\n"); 1932 BIO_printf(bio_s_out, "\n");
@@ -1971,8 +1971,8 @@ www_body(int s, unsigned char *context)
1971 if ((io == NULL) || (ssl_bio == NULL)) 1971 if ((io == NULL) || (ssl_bio == NULL))
1972 goto err; 1972 goto err;
1973 1973
1974 if (s_server_config.nbio) { 1974 if (cfg.nbio) {
1975 if (!s_server_config.quiet) 1975 if (!cfg.quiet)
1976 BIO_printf(bio_err, "turning on non blocking io\n"); 1976 BIO_printf(bio_err, "turning on non blocking io\n");
1977 if (!BIO_socket_nbio(s, 1)) 1977 if (!BIO_socket_nbio(s, 1))
1978 ERR_print_errors(bio_err); 1978 ERR_print_errors(bio_err);
@@ -1984,7 +1984,7 @@ www_body(int s, unsigned char *context)
1984 1984
1985 if ((con = SSL_new(ctx)) == NULL) 1985 if ((con = SSL_new(ctx)) == NULL)
1986 goto err; 1986 goto err;
1987 if (s_server_config.tlsextdebug) { 1987 if (cfg.tlsextdebug) {
1988 SSL_set_tlsext_debug_callback(con, tlsext_cb); 1988 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1989 SSL_set_tlsext_debug_arg(con, bio_s_out); 1989 SSL_set_tlsext_debug_arg(con, bio_s_out);
1990 } 1990 }
@@ -1993,7 +1993,7 @@ www_body(int s, unsigned char *context)
1993 strlen((char *) context)); 1993 strlen((char *) context));
1994 1994
1995 sbio = BIO_new_socket(s, BIO_NOCLOSE); 1995 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1996 if (s_server_config.nbio_test) { 1996 if (cfg.nbio_test) {
1997 BIO *test; 1997 BIO *test;
1998 1998
1999 test = BIO_new(BIO_f_nbio_test()); 1999 test = BIO_new(BIO_f_nbio_test());
@@ -2006,12 +2006,12 @@ www_body(int s, unsigned char *context)
2006 BIO_set_ssl(ssl_bio, con, BIO_CLOSE); 2006 BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
2007 BIO_push(io, ssl_bio); 2007 BIO_push(io, ssl_bio);
2008 2008
2009 if (s_server_config.debug) { 2009 if (cfg.debug) {
2010 SSL_set_debug(con, 1); 2010 SSL_set_debug(con, 1);
2011 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 2011 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
2012 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); 2012 BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
2013 } 2013 }
2014 if (s_server_config.msg) { 2014 if (cfg.msg) {
2015 SSL_set_msg_callback(con, msg_cb); 2015 SSL_set_msg_callback(con, msg_cb);
2016 SSL_set_msg_callback_arg(con, bio_s_out); 2016 SSL_set_msg_callback_arg(con, bio_s_out);
2017 } 2017 }
@@ -2019,11 +2019,11 @@ www_body(int s, unsigned char *context)
2019 i = BIO_gets(io, buf, bufsize - 1); 2019 i = BIO_gets(io, buf, bufsize - 1);
2020 if (i < 0) { /* error */ 2020 if (i < 0) { /* error */
2021 if (!BIO_should_retry(io)) { 2021 if (!BIO_should_retry(io)) {
2022 if (!s_server_config.quiet) 2022 if (!cfg.quiet)
2023 ERR_print_errors(bio_err); 2023 ERR_print_errors(bio_err);
2024 goto err; 2024 goto err;
2025 } else { 2025 } else {
2026 if (s_server_config.debug) { 2026 if (cfg.debug) {
2027 BIO_printf(bio_s_out, "read R BLOCK\n"); 2027 BIO_printf(bio_s_out, "read R BLOCK\n");
2028 sleep(1); 2028 sleep(1);
2029 } 2029 }
@@ -2034,9 +2034,9 @@ www_body(int s, unsigned char *context)
2034 goto end; 2034 goto end;
2035 } 2035 }
2036 /* else we have data */ 2036 /* else we have data */
2037 if (((s_server_config.www == 1) && 2037 if (((cfg.www == 1) &&
2038 (strncmp("GET ", buf, 4) == 0)) || 2038 (strncmp("GET ", buf, 4) == 0)) ||
2039 ((s_server_config.www == 2) && 2039 ((cfg.www == 2) &&
2040 (strncmp("GET /stats ", buf, 11) == 0))) { 2040 (strncmp("GET /stats ", buf, 11) == 0))) {
2041 char *p; 2041 char *p;
2042 X509 *peer; 2042 X509 *peer;
@@ -2117,8 +2117,8 @@ www_body(int s, unsigned char *context)
2117 "no client certificate available\n"); 2117 "no client certificate available\n");
2118 BIO_puts(io, "</BODY></HTML>\r\n\r\n"); 2118 BIO_puts(io, "</BODY></HTML>\r\n\r\n");
2119 break; 2119 break;
2120 } else if ((s_server_config.www == 2 || 2120 } else if ((cfg.www == 2 ||
2121 s_server_config.www == 3) && 2121 cfg.www == 3) &&
2122 (strncmp("GET /", buf, 5) == 0)) { 2122 (strncmp("GET /", buf, 5) == 0)) {
2123 BIO *file; 2123 BIO *file;
2124 char *p, *e; 2124 char *p, *e;
@@ -2183,10 +2183,10 @@ www_body(int s, unsigned char *context)
2183 ERR_print_errors(io); 2183 ERR_print_errors(io);
2184 break; 2184 break;
2185 } 2185 }
2186 if (!s_server_config.quiet) 2186 if (!cfg.quiet)
2187 BIO_printf(bio_err, "FILE:%s\n", p); 2187 BIO_printf(bio_err, "FILE:%s\n", p);
2188 2188
2189 if (s_server_config.www == 2) { 2189 if (cfg.www == 2) {
2190 i = strlen(p); 2190 i = strlen(p);
2191 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || 2191 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
2192 ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || 2192 ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
@@ -2276,9 +2276,9 @@ generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len)
2276 * 1 session ID (ie. the prefix!) so all future session 2276 * 1 session ID (ie. the prefix!) so all future session
2277 * negotiations will fail due to conflicts. 2277 * negotiations will fail due to conflicts.
2278 */ 2278 */
2279 memcpy(id, s_server_config.session_id_prefix, 2279 memcpy(id, cfg.session_id_prefix,
2280 (strlen(s_server_config.session_id_prefix) < *id_len) ? 2280 (strlen(cfg.session_id_prefix) < *id_len) ?
2281 strlen(s_server_config.session_id_prefix) : *id_len); 2281 strlen(cfg.session_id_prefix) : *id_len);
2282 } 2282 }
2283 while (SSL_has_matching_session_id(ssl, id, *id_len) && 2283 while (SSL_has_matching_session_id(ssl, id, *id_len) &&
2284 (++count < MAX_SESSION_ID_ATTEMPTS)); 2284 (++count < MAX_SESSION_ID_ATTEMPTS));
@@ -2449,7 +2449,7 @@ alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
2449{ 2449{
2450 tlsextalpnctx *alpn_ctx = arg; 2450 tlsextalpnctx *alpn_ctx = arg;
2451 2451
2452 if (!s_server_config.quiet) { 2452 if (!cfg.quiet) {
2453 /* We can assume that in is syntactically valid. */ 2453 /* We can assume that in is syntactically valid. */
2454 unsigned i; 2454 unsigned i;
2455 2455
@@ -2468,7 +2468,7 @@ alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
2468 alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED) 2468 alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED)
2469 return (SSL_TLSEXT_ERR_NOACK); 2469 return (SSL_TLSEXT_ERR_NOACK);
2470 2470
2471 if (!s_server_config.quiet) { 2471 if (!cfg.quiet) {
2472 BIO_printf(bio_s_out, "ALPN protocols selected: "); 2472 BIO_printf(bio_s_out, "ALPN protocols selected: ");
2473 BIO_write(bio_s_out, *out, *outlen); 2473 BIO_write(bio_s_out, *out, *outlen);
2474 BIO_write(bio_s_out, "\n", 1); 2474 BIO_write(bio_s_out, "\n", 1);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 16:28:33 +0000