From 3958737f5fc329b07f544deb10827ed41270c9e0 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 29 Aug 2021 12:33:15 +0000
Subject: Implement -naccept in the s_server.

doc fixes/ok jmc
ok beck
---
 src/usr.bin/openssl/openssl.1  |  9 +++++++--
 src/usr.bin/openssl/s_apps.h   |  4 ++--
 src/usr.bin/openssl/s_server.c | 19 +++++++++++++++----
 src/usr.bin/openssl/s_socket.c |  8 +++++---
 4 files changed, 29 insertions(+), 11 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 84627a84a5..9d9f5ca580 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.129 2021/03/17 18:08:32 jsing Exp $
+.\" $OpenBSD: openssl.1,v 1.130 2021/08/29 12:33:15 tb Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -110,7 +110,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: March 17 2021 $
+.Dd $Mdocdate: August 29 2021 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -4607,6 +4607,7 @@ will be used.
 .Op Fl keymatexportlen Ar len
 .Op Fl msg
 .Op Fl mtu Ar mtu
+.Op Fl naccept Ar num
 .Op Fl named_curve Ar arg
 .Op Fl nbio
 .Op Fl nbio_test
@@ -4807,6 +4808,10 @@ Export len bytes of keying material (default 20).
 Show all protocol messages with hex dump.
 .It Fl mtu Ar mtu
 Set the link layer MTU.
+.It Fl naccept Ar num
+Terminate server after
+.Ar num
+connections.
 .It Fl named_curve Ar arg
 Specify the elliptic curve name to use for ephemeral ECDH keys.
 This option is deprecated; use
diff --git a/src/usr.bin/openssl/s_apps.h b/src/usr.bin/openssl/s_apps.h
index 9ee0bb7dc1..f535a35c39 100644
--- a/src/usr.bin/openssl/s_apps.h
+++ b/src/usr.bin/openssl/s_apps.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_apps.h,v 1.5 2018/04/25 07:12:33 tb Exp $ */
+/* $OpenBSD: s_apps.h,v 1.6 2021/08/29 12:33:15 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -120,7 +120,7 @@ extern int verify_return_error;
 
 int do_server(int port, int type, int *ret,
     int (*cb)(char *hostname, int s, unsigned char *context),
-    unsigned char *context);
+    unsigned char *context, int naccept);
 #ifdef HEADER_X509_H
 int verify_callback(int ok, X509_STORE_CTX *ctx);
 #endif
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 1bd544324a..abe2ee42ae 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_server.c,v 1.47 2021/03/17 18:11:01 jsing Exp $ */
+/* $OpenBSD: s_server.c,v 1.48 2021/08/29 12:33:15 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -267,6 +267,7 @@ static struct {
 	uint16_t min_version;
 	const SSL_METHOD *meth;
 	int msg;
+	int naccept;
 	char *named_curve;
 	int nbio;
 	int nbio_test;
@@ -740,6 +741,13 @@ static const struct option s_server_options[] = {
 		.opt.argfunc = s_server_opt_mtu,
 	},
 #endif
+	{
+		.name = "naccept",
+		.argname = "num",
+		.desc = "terminate after num connections",
+		.type = OPTION_ARG_INT,
+		.opt.value = &s_server_config.naccept
+	},
 	{
 		.name = "named_curve",
 		.argname = "arg",
@@ -1045,7 +1053,7 @@ sv_usage(void)
 	    "    [-dpass arg] [-dtls] [-dtls1] [-dtls1_2] [-groups list] [-HTTP]\n"
 	    "    [-id_prefix arg] [-key keyfile] [-key2 keyfile]\n"
 	    "    [-keyform der | pem] [-keymatexport label]\n"
-	    "    [-keymatexportlen len] [-msg] [-mtu mtu]\n"
+	    "    [-keymatexportlen len] [-msg] [-mtu mtu] [-naccept num]\n"
 	    "    [-named_curve arg] [-nbio] [-nbio_test] [-no_cache]\n"
 	    "    [-no_dhe] [-no_ecdhe] [-no_ticket] [-no_tls1]\n"
 	    "    [-no_tls1_1] [-no_tls1_2] [-no_tls1_3] [-no_tmp_rsa]\n"
@@ -1084,6 +1092,7 @@ s_server_main(int argc, char *argv[])
 	memset(&s_server_config, 0, sizeof(s_server_config));
 	s_server_config.keymatexportlen = 20;
 	s_server_config.meth = TLS_server_method();
+	s_server_config.naccept = -1;
 	s_server_config.port = PORT;
 	s_server_config.cert_file = TEST_CERT;
 	s_server_config.cert_file2 = TEST_CERT2;
@@ -1465,10 +1474,12 @@ s_server_main(int argc, char *argv[])
 	(void) BIO_flush(bio_s_out);
 	if (s_server_config.www)
 		do_server(s_server_config.port, s_server_config.socket_type,
-		    &accept_socket, www_body, s_server_config.context);
+		    &accept_socket, www_body, s_server_config.context,
+		    s_server_config.naccept);
 	else
 		do_server(s_server_config.port, s_server_config.socket_type,
-		    &accept_socket, sv_body, s_server_config.context);
+		    &accept_socket, sv_body, s_server_config.context,
+		    s_server_config.naccept);
 	print_stats(bio_s_out, ctx);
 	ret = 0;
  end:
diff --git a/src/usr.bin/openssl/s_socket.c b/src/usr.bin/openssl/s_socket.c
index 5d90fad8bb..f22c88d228 100644
--- a/src/usr.bin/openssl/s_socket.c
+++ b/src/usr.bin/openssl/s_socket.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_socket.c,v 1.11 2019/06/28 13:35:02 deraadt Exp $ */
+/* $OpenBSD: s_socket.c,v 1.12 2021/08/29 12:33:15 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -132,7 +132,7 @@ init_client(int *sock, char *host, char *port, int type, int af)
 int
 do_server(int port, int type, int *ret,
     int (*cb) (char *hostname, int s, unsigned char *context),
-    unsigned char *context)
+    unsigned char *context, int naccept)
 {
 	int sock;
 	char *name = NULL;
@@ -161,7 +161,9 @@ do_server(int port, int type, int *ret,
 			shutdown(sock, SHUT_RDWR);
 			close(sock);
 		}
-		if (i < 0) {
+		if (naccept != -1)
+			naccept--;
+		if (i < 0 || naccept == 0) {
 			shutdown(accept_socket, SHUT_RDWR);
 			close(accept_socket);
 			return (i);
-- 
cgit v1.2.3-55-g6feb