summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/s_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin/openssl/s_server.c')
-rw-r--r--src/usr.bin/openssl/s_server.c74
1 files changed, 57 insertions, 17 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 4d4bed60ac..6009b584bf 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.44 2020/10/02 15:43:48 tb Exp $ */ 1/* $OpenBSD: s_server.c,v 1.45 2021/03/17 18:08:32 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -239,7 +239,7 @@ static struct {
239 int bugs; 239 int bugs;
240 char *CAfile; 240 char *CAfile;
241 char *CApath; 241 char *CApath;
242#ifndef OPENSSL_NO_DTLS1 242#ifndef OPENSSL_NO_DTLS
243 int cert_chain; 243 int cert_chain;
244#endif 244#endif
245 char *cert_file; 245 char *cert_file;
@@ -315,7 +315,7 @@ s_server_opt_keymatexportlen(char *arg)
315 return (0); 315 return (0);
316} 316}
317 317
318#ifndef OPENSSL_NO_DTLS1 318#ifndef OPENSSL_NO_DTLS
319static int 319static int
320s_server_opt_mtu(char *arg) 320s_server_opt_mtu(char *arg)
321{ 321{
@@ -328,9 +328,11 @@ s_server_opt_mtu(char *arg)
328 } 328 }
329 return (0); 329 return (0);
330} 330}
331#endif
331 332
333#ifndef OPENSSL_NO_DTLS
332static int 334static int
333s_server_protocol_version_dtls1(void) 335s_server_opt_protocol_version_dtls(void)
334{ 336{
335 s_server_config.meth = DTLS_server_method(); 337 s_server_config.meth = DTLS_server_method();
336 s_server_config.socket_type = SOCK_DGRAM; 338 s_server_config.socket_type = SOCK_DGRAM;
@@ -338,6 +340,30 @@ s_server_protocol_version_dtls1(void)
338} 340}
339#endif 341#endif
340 342
343#ifndef OPENSSL_NO_DTLS1
344static int
345s_server_opt_protocol_version_dtls1(void)
346{
347 s_server_config.meth = DTLS_server_method();
348 s_server_config.min_version = DTLS1_VERSION;
349 s_server_config.max_version = DTLS1_VERSION;
350 s_server_config.socket_type = SOCK_DGRAM;
351 return (0);
352}
353#endif
354
355#ifndef OPENSSL_NO_DTLS1_2
356static int
357s_server_opt_protocol_version_dtls1_2(void)
358{
359 s_server_config.meth = DTLS_server_method();
360 s_server_config.min_version = DTLS1_2_VERSION;
361 s_server_config.max_version = DTLS1_2_VERSION;
362 s_server_config.socket_type = SOCK_DGRAM;
363 return (0);
364}
365#endif
366
341static int 367static int
342s_server_protocol_version_tls1(void) 368s_server_protocol_version_tls1(void)
343{ 369{
@@ -538,7 +564,7 @@ static const struct option s_server_options[] = {
538 .type = OPTION_ARG_FORMAT, 564 .type = OPTION_ARG_FORMAT,
539 .opt.value = &s_server_config.cert_format, 565 .opt.value = &s_server_config.cert_format,
540 }, 566 },
541#ifndef OPENSSL_NO_DTLS1 567#ifndef OPENSSL_NO_DTLS
542 { 568 {
543 .name = "chain", 569 .name = "chain",
544 .type = OPTION_FLAG, 570 .type = OPTION_FLAG,
@@ -613,12 +639,28 @@ static const struct option s_server_options[] = {
613 .type = OPTION_ARG, 639 .type = OPTION_ARG,
614 .opt.arg = &s_server_config.dpassarg, 640 .opt.arg = &s_server_config.dpassarg,
615 }, 641 },
642#ifndef OPENSSL_NO_DTLS
643 {
644 .name = "dtls",
645 .desc = "Use any version of DTLS",
646 .type = OPTION_FUNC,
647 .opt.func = s_server_opt_protocol_version_dtls,
648 },
649#endif
616#ifndef OPENSSL_NO_DTLS1 650#ifndef OPENSSL_NO_DTLS1
617 { 651 {
618 .name = "dtls1", 652 .name = "dtls1",
619 .desc = "Just talk DTLSv1", 653 .desc = "Just use DTLSv1",
620 .type = OPTION_FUNC, 654 .type = OPTION_FUNC,
621 .opt.func = s_server_protocol_version_dtls1, 655 .opt.func = s_server_opt_protocol_version_dtls1,
656 },
657#endif
658#ifndef OPENSSL_NO_DTLS1_2
659 {
660 .name = "dtls1_2",
661 .desc = "Just use DTLSv1.2",
662 .type = OPTION_FUNC,
663 .opt.func = s_server_opt_protocol_version_dtls1_2,
622 }, 664 },
623#endif 665#endif
624 { 666 {
@@ -689,7 +731,7 @@ static const struct option s_server_options[] = {
689 .type = OPTION_FLAG, 731 .type = OPTION_FLAG,
690 .opt.flag = &s_server_config.msg, 732 .opt.flag = &s_server_config.msg,
691 }, 733 },
692#ifndef OPENSSL_NO_DTLS1 734#ifndef OPENSSL_NO_DTLS
693 { 735 {
694 .name = "mtu", 736 .name = "mtu",
695 .argname = "mtu", 737 .argname = "mtu",
@@ -876,7 +918,7 @@ static const struct option s_server_options[] = {
876 .type = OPTION_FUNC, 918 .type = OPTION_FUNC,
877 .opt.func = s_server_opt_status_verbose, 919 .opt.func = s_server_opt_status_verbose,
878 }, 920 },
879#ifndef OPENSSL_NO_DTLS1 921#ifndef OPENSSL_NO_DTLS
880 { 922 {
881 .name = "timeout", 923 .name = "timeout",
882 .desc = "Enable timeouts", 924 .desc = "Enable timeouts",
@@ -1000,7 +1042,7 @@ sv_usage(void)
1000 " [-context id] [-crl_check] [-crl_check_all] [-crlf]\n" 1042 " [-context id] [-crl_check] [-crl_check_all] [-crlf]\n"
1001 " [-dcert file] [-dcertform der | pem] [-debug]\n" 1043 " [-dcert file] [-dcertform der | pem] [-debug]\n"
1002 " [-dhparam file] [-dkey file] [-dkeyform der | pem]\n" 1044 " [-dhparam file] [-dkey file] [-dkeyform der | pem]\n"
1003 " [-dpass arg] [-dtls1] [-groups list] [-HTTP]\n" 1045 " [-dpass arg] [-dtls] [-dtls1] [-dtls1_2] [-groups list] [-HTTP]\n"
1004 " [-id_prefix arg] [-key keyfile] [-key2 keyfile]\n" 1046 " [-id_prefix arg] [-key keyfile] [-key2 keyfile]\n"
1005 " [-keyform der | pem] [-keymatexport label]\n" 1047 " [-keyform der | pem] [-keymatexport label]\n"
1006 " [-keymatexportlen len] [-msg] [-mtu mtu]\n" 1048 " [-keymatexportlen len] [-msg] [-mtu mtu]\n"
@@ -1535,8 +1577,7 @@ sv_body(char *hostname, int s, unsigned char *context)
1535 } 1577 }
1536 SSL_clear(con); 1578 SSL_clear(con);
1537 1579
1538 if (SSL_version(con) == DTLS1_VERSION) { 1580 if (SSL_is_dtls(con)) {
1539
1540 sbio = BIO_new_dgram(s, BIO_NOCLOSE); 1581 sbio = BIO_new_dgram(s, BIO_NOCLOSE);
1541 1582
1542 if (s_server_config.enable_timeouts) { 1583 if (s_server_config.enable_timeouts) {
@@ -1602,7 +1643,7 @@ sv_body(char *hostname, int s, unsigned char *context)
1602 pfd[1].fd = s; 1643 pfd[1].fd = s;
1603 pfd[1].events = POLLIN; 1644 pfd[1].events = POLLIN;
1604 1645
1605 if ((SSL_version(con) == DTLS1_VERSION) && 1646 if (SSL_is_dtls(con) &&
1606 DTLSv1_get_timeout(con, &timeout)) 1647 DTLSv1_get_timeout(con, &timeout))
1607 ptimeout = timeout.tv_sec * 1000 + 1648 ptimeout = timeout.tv_sec * 1000 +
1608 timeout.tv_usec / 1000; 1649 timeout.tv_usec / 1000;
@@ -1611,10 +1652,9 @@ sv_body(char *hostname, int s, unsigned char *context)
1611 1652
1612 i = poll(pfd, 2, ptimeout); 1653 i = poll(pfd, 2, ptimeout);
1613 1654
1614 if ((SSL_version(con) == DTLS1_VERSION) && 1655 if (SSL_is_dtls(con) &&
1615 DTLSv1_handle_timeout(con) > 0) { 1656 DTLSv1_handle_timeout(con) > 0)
1616 BIO_printf(bio_err, "TIMEOUT occured\n"); 1657 BIO_printf(bio_err, "TIMEOUT occured\n");
1617 }
1618 if (i <= 0) 1658 if (i <= 0)
1619 continue; 1659 continue;
1620 if (pfd[0].revents) { 1660 if (pfd[0].revents) {
@@ -1660,7 +1700,7 @@ sv_body(char *hostname, int s, unsigned char *context)
1660 } 1700 }
1661 if ((i <= 0) || (buf[0] == 'q')) { 1701 if ((i <= 0) || (buf[0] == 'q')) {
1662 BIO_printf(bio_s_out, "DONE\n"); 1702 BIO_printf(bio_s_out, "DONE\n");
1663 if (SSL_version(con) != DTLS1_VERSION) { 1703 if (!SSL_is_dtls(con)) {
1664 shutdown(s, SHUT_RD); 1704 shutdown(s, SHUT_RD);
1665 close(s); 1705 close(s);
1666 } 1706 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 23:22:39 +0000