summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/s_server.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Wrap long lines s_server.cinoguchi2020-07-271-67/+130
|
* Add function prototype and move sub functions to bottominoguchi2020-07-271-198/+197
|
* Remove space between '*' and pointer variable in s_server.cinoguchi2020-07-271-12/+12
|
* Remove 's_' prefix from member of s_server_config structinoguchi2020-07-271-110/+110
|
* Convert openssl(1) s_server option handlinginoguchi2020-07-271-568/+929
| | | | ok and comments from jsing@
* While the second SSL_CTX in this code is only used on servernametb2020-05-231-1/+2
| | | | | | | | callback, so its mode is not used to update the ssl's mode, it seems more appropriate to clear the SSL_MODE_AUTO_RETRY flag on it as well. ok jsing
* In ssl_lib.c revision 1.217, jsing enabled SSL_MODE_AUTO_RETRY bytb2020-05-231-1/+3
| | | | | | | default. To avoid hanging on a blocking read, we need to clear the SSL_MODE_AUTO_RETRY flag in the s_client and the s_server. ok beck inoguchi jsing
* Avoid an out-of-bounds array access in the s_server.tb2020-05-231-1/+3
| | | | | | | | | It can be triggered by sending a line to stdin while no connection is open and then connecting a client. The first SSL_write() fails, sends SSL_ERROR_WANT_* and then causes a segfault deep down in the tls stack when accessing &(buf[-1]). ok beck inoguchi
* Add -tls1_3 and -no_tls1_3 options to openssl(1) s_serverinoguchi2020-05-131-6/+28
| | | | | | | - Add -tls1_3 and -no_tls1_3 to openssl(1) s_server - Stop using version pinned methods, instead setting the min and max protocol versions ok jsing@ tb@
* Conditionalize sleep-before-retry in server code to only be done whenbeck2020-05-101-3/+5
| | | | | | | debug is on. otherwise, just retry. Fixes problems this creates in testing. ok jsing@ tb@
* Add -groups option to openssl(1) s_server.jsing2020-04-191-33/+29
| | | | | | | | | | This allows supported EC groups to be configured, which will also control which TLSv1.3 key shares we'll accept. While here, deprecate the rather useless -named_curve option, which is effectively the same as -groups with a single group. Also stop setting a single default group of P-256 via SSL_CTX_set_tmp_ecdh() - use the library defaults instead. ok beck@ inoguchi@
* Avoid a path traversal bug in s_server on Windows.bcook2019-10-041-3/+3
| | | | | | | | openssl s_server has an arbitrary read vulnerability on Windows when run with the -WWW or -HTTP options, due to an incomplete path check logic. Thanks to Jobert Abma for reporting. ok tb@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-2/+2
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Indent labels with a single space so that diff prototypes are more useful.jsing2018-02-071-9/+9
|
* Remove guards around *_free() calls since these functions handle NULL.jsing2018-02-071-21/+11
|
* Initialize variables to avoid compiler warningsinoguchi2018-01-281-2/+2
| | | | ok jsing@
* Remove NPN support - the -nextprotoneg options now become no-ops.jsing2017-08-121-47/+5
| | | | ok bcook@ beck@ doug@
* use freezero() instead of 4-line conditional explicit_bzero + freederaadt2017-04-181-5/+2
|
* rearrange pledge promises into the canonical order; easier to eyeballderaadt2017-01-201-2/+2
|
* remove NULL-check before free()mmcc2015-12-231-3/+2
|
* s_server also needs DNS; reported by tb@jca2015-12-011-2/+2
|
* Exit if a pledge call fails in non-interactive mode.doug2015-10-171-2/+4
| | | | ok semarie@
* add "tty" for several subcommands of opensslsemarie2015-10-171-2/+2
| | | | | | | | | | | it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@
* Initial support for pledges in openssl(1) commands.doug2015-10-101-1/+7
| | | | | | | | | | | | | | | | openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
* these do not use ioctl.hderaadt2015-10-061-2/+1
|
* kill evil commentbeck2015-09-111-3/+1
| | | | ok deraadt@
* Remove engine command and parameters from openssl(1).bcook2015-09-111-31/+9
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-2/+2
|
* Remove all duplicate prototypes for *_main functions (these are alreadyjsing2015-08-221-3/+1
| | | | | | | | | provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere). ok deraadt@ doug@
* Avoid possible NULL deref in openssl(1) s_server.doug2015-07-201-2/+5
| | | | | | Fixes Coverity issue 78873. ok miod@
* Remove SSLv3 support from openssl(1) s_server.doug2015-07-171-7/+2
| | | | ok miod@ bcook@ beck@
* Remove workaround for TLS padding bug from SSLeay days.doug2015-07-171-5/+1
| | | | | | | | | OpenSSL doesn't remember which clients were impacted and the functionality has been broken in their stable releases for 2 years. Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5. ok jsing@
* Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG.doug2015-06-151-29/+1
| | | | | This was imported into OpenSSL from SSLeay. It was recently deleted in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9
* Move verify externs into the header file.jsing2015-04-141-3/+1
|
* unifdef OPENSSL_NO_NEXTPROTONEGjsing2014-12-141-17/+1
|
* Add ALPN support to openssl(1).jsing2014-12-101-9/+65
| | | | Based on OpenSSL.
* convert select() to poll(). This is one of the most complicatedderaadt2014-12-021-14/+22
| | | | | | conversions in the tree, because the original code is very rotten and fragile. Please test and report any failures. Assistance from millert, bcook, and jsing.
* TLS is pretty boring without TLS extensions... unifdef OPENSSL_NO_TLSEXT,jsing2014-11-061-51/+1
| | | | which was already done for libssl some time back.
* Remove ephemeral RSA key handling.jsing2014-10-311-43/+4
|
* Use automatic DH ephemeral parameters instead of fixed 512 bit.jsing2014-10-311-38/+23
| | | | Based on OpenSSL.
* Use arc4random_buf() instead of RAND(_pseudo)?_bytes().jsing2014-10-221-3/+2
| | | | ok bcook@
* Use O_NONBLOCK over FIONBIO.bcook2014-10-131-7/+3
| | | | | | | | | Prefer this because it is the POSIX standard and has consistent behavior across platforms. Use BIO_socket_nbio consistently across the tree. from Jonas 'Sortie' Termansen, ok deraadt@
* Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is notjsing2014-08-261-0/+2154
a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-11 03:48:41 +0000