version 1.42, 2020/07/27 13:06:13 |
version 1.43, 2020/07/27 13:46:48 |
|
|
s_server_config.server_verify = SSL_VERIFY_NONE; |
s_server_config.server_verify = SSL_VERIFY_NONE; |
s_server_config.socket_type = SOCK_STREAM; |
s_server_config.socket_type = SOCK_STREAM; |
s_server_config.tlscstatp.timeout = -1; |
s_server_config.tlscstatp.timeout = -1; |
s_server_config.tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_WARNING; |
s_server_config.tlsextcbp.extension_error = |
|
SSL_TLSEXT_ERR_ALERT_WARNING; |
|
|
local_argc = argc; |
local_argc = argc; |
local_argv = argv; |
local_argv = argv; |
|
|
goto end; |
goto end; |
} |
} |
|
|
if (!app_passwd(bio_err, s_server_config.passarg, s_server_config.dpassarg, &pass, &dpass)) { |
if (!app_passwd(bio_err, s_server_config.passarg, |
|
s_server_config.dpassarg, &pass, &dpass)) { |
BIO_printf(bio_err, "Error getting password\n"); |
BIO_printf(bio_err, "Error getting password\n"); |
goto end; |
goto end; |
} |
} |
|
|
s_server_config.key_file2 = s_server_config.cert_file2; |
s_server_config.key_file2 = s_server_config.cert_file2; |
|
|
if (s_server_config.nocert == 0) { |
if (s_server_config.nocert == 0) { |
s_key = load_key(bio_err, s_server_config.key_file, s_server_config.key_format, 0, pass, |
s_key = load_key(bio_err, s_server_config.key_file, |
|
s_server_config.key_format, 0, pass, |
"server certificate private key file"); |
"server certificate private key file"); |
if (!s_key) { |
if (!s_key) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
s_cert = load_cert(bio_err, s_server_config.cert_file, s_server_config.cert_format, |
s_cert = load_cert(bio_err, s_server_config.cert_file, |
|
s_server_config.cert_format, |
NULL, "server certificate file"); |
NULL, "server certificate file"); |
|
|
if (!s_cert) { |
if (!s_cert) { |
|
|
goto end; |
goto end; |
} |
} |
if (s_server_config.tlsextcbp.servername) { |
if (s_server_config.tlsextcbp.servername) { |
s_key2 = load_key(bio_err, s_server_config.key_file2, s_server_config.key_format, 0, pass, |
s_key2 = load_key(bio_err, s_server_config.key_file2, |
|
s_server_config.key_format, 0, pass, |
"second server certificate private key file"); |
"second server certificate private key file"); |
if (!s_key2) { |
if (!s_key2) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
s_cert2 = load_cert(bio_err, s_server_config.cert_file2, s_server_config.cert_format, |
s_cert2 = load_cert(bio_err, s_server_config.cert_file2, |
|
s_server_config.cert_format, |
NULL, "second server certificate file"); |
NULL, "second server certificate file"); |
|
|
if (!s_cert2) { |
if (!s_cert2) { |
|
|
alpn_ctx.data = NULL; |
alpn_ctx.data = NULL; |
if (s_server_config.alpn_in) { |
if (s_server_config.alpn_in) { |
unsigned short len; |
unsigned short len; |
alpn_ctx.data = next_protos_parse(&len, s_server_config.alpn_in); |
alpn_ctx.data = next_protos_parse(&len, |
|
s_server_config.alpn_in); |
if (alpn_ctx.data == NULL) |
if (alpn_ctx.data == NULL) |
goto end; |
goto end; |
alpn_ctx.len = len; |
alpn_ctx.len = len; |
|
|
if (s_server_config.dkey_file == NULL) |
if (s_server_config.dkey_file == NULL) |
s_server_config.dkey_file = s_server_config.dcert_file; |
s_server_config.dkey_file = s_server_config.dcert_file; |
|
|
s_dkey = load_key(bio_err, s_server_config.dkey_file, s_server_config.dkey_format, |
s_dkey = load_key(bio_err, s_server_config.dkey_file, |
|
s_server_config.dkey_format, |
0, dpass, "second certificate private key file"); |
0, dpass, "second certificate private key file"); |
if (!s_dkey) { |
if (!s_dkey) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
s_dcert = load_cert(bio_err, s_server_config.dcert_file, s_server_config.dcert_format, |
s_dcert = load_cert(bio_err, s_server_config.dcert_file, |
|
s_server_config.dcert_format, |
NULL, "second server certificate file"); |
NULL, "second server certificate file"); |
|
|
if (!s_dcert) { |
if (!s_dcert) { |
|
|
} |
} |
} |
} |
if (bio_s_out == NULL) { |
if (bio_s_out == NULL) { |
if (s_server_config.quiet && !s_server_config.debug && !s_server_config.msg) { |
if (s_server_config.quiet && !s_server_config.debug && |
|
!s_server_config.msg) { |
bio_s_out = BIO_new(BIO_s_null()); |
bio_s_out = BIO_new(BIO_s_null()); |
} else { |
} else { |
if (bio_s_out == NULL) |
if (bio_s_out == NULL) |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
BIO_printf(bio_err, "id_prefix '%s' set.\n", s_server_config.session_id_prefix); |
BIO_printf(bio_err, "id_prefix '%s' set.\n", |
|
s_server_config.session_id_prefix); |
} |
} |
SSL_CTX_set_quiet_shutdown(ctx, 1); |
SSL_CTX_set_quiet_shutdown(ctx, 1); |
if (s_server_config.bugs) |
if (s_server_config.bugs) |
|
|
SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); |
SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); |
#endif |
#endif |
|
|
|
if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, |
if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, s_server_config.CApath)) || |
s_server_config.CApath)) || |
(!SSL_CTX_set_default_verify_paths(ctx))) { |
(!SSL_CTX_set_default_verify_paths(ctx))) { |
/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ |
/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
|
|
goto end; |
goto end; |
} |
} |
|
|
if (!SSL_CTX_set_min_proto_version(ctx2, s_server_config.min_version)) |
if (!SSL_CTX_set_min_proto_version(ctx2, |
|
s_server_config.min_version)) |
goto end; |
goto end; |
if (!SSL_CTX_set_max_proto_version(ctx2, s_server_config.max_version)) |
if (!SSL_CTX_set_max_proto_version(ctx2, |
|
s_server_config.max_version)) |
goto end; |
goto end; |
SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); |
SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); |
} |
} |
|
|
else if (strlen(s_server_config.session_id_prefix) >= 16) |
else if (strlen(s_server_config.session_id_prefix) >= 16) |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"warning: id_prefix is too long if you use SSLv2\n"); |
"warning: id_prefix is too long if you use SSLv2\n"); |
if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) { |
if (!SSL_CTX_set_generate_session_id(ctx2, |
BIO_printf(bio_err, "error setting 'id_prefix'\n"); |
generate_session_id)) { |
|
BIO_printf(bio_err, |
|
"error setting 'id_prefix'\n"); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
BIO_printf(bio_err, "id_prefix '%s' set.\n", s_server_config.session_id_prefix); |
BIO_printf(bio_err, "id_prefix '%s' set.\n", |
|
s_server_config.session_id_prefix); |
} |
} |
SSL_CTX_set_quiet_shutdown(ctx2, 1); |
SSL_CTX_set_quiet_shutdown(ctx2, 1); |
if (s_server_config.bugs) |
if (s_server_config.bugs) |
|
|
else |
else |
SSL_CTX_sess_set_cache_size(ctx2, 128); |
SSL_CTX_sess_set_cache_size(ctx2, 128); |
|
|
if ((!SSL_CTX_load_verify_locations(ctx2, s_server_config.CAfile, s_server_config.CApath)) || |
if ((!SSL_CTX_load_verify_locations(ctx2, |
|
s_server_config.CAfile, s_server_config.CApath)) || |
(!SSL_CTX_set_default_verify_paths(ctx2))) { |
(!SSL_CTX_set_default_verify_paths(ctx2))) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
} |
} |
|
|
DH *dh2 = NULL; |
DH *dh2 = NULL; |
|
|
if (s_server_config.cert_file2 != NULL) |
if (s_server_config.cert_file2 != NULL) |
dh2 = load_dh_param(s_server_config.cert_file2); |
dh2 = load_dh_param( |
|
s_server_config.cert_file2); |
if (dh2 != NULL) { |
if (dh2 != NULL) { |
BIO_printf(bio_s_out, "Setting temp DH parameters\n"); |
BIO_printf(bio_s_out, |
|
"Setting temp DH parameters\n"); |
(void) BIO_flush(bio_s_out); |
(void) BIO_flush(bio_s_out); |
|
|
DH_free(dh); |
DH_free(dh); |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, s_server_config.cipher)) { |
if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, |
|
s_server_config.cipher)) { |
BIO_printf(bio_err, "error setting cipher list\n"); |
BIO_printf(bio_err, "error setting cipher list\n"); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
} |
} |
SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); |
SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); |
SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context, |
SSL_CTX_set_session_id_context(ctx, |
|
(void *) &s_server_session_id_context, |
sizeof s_server_session_id_context); |
sizeof s_server_session_id_context); |
|
|
/* Set DTLS cookie generation and verification callbacks */ |
/* Set DTLS cookie generation and verification callbacks */ |
|
|
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); |
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); |
|
|
if (ctx2) { |
if (ctx2) { |
SSL_CTX_set_verify(ctx2, s_server_config.server_verify, verify_callback); |
SSL_CTX_set_verify(ctx2, s_server_config.server_verify, |
SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context, |
verify_callback); |
|
SSL_CTX_set_session_id_context(ctx2, |
|
(void *) &s_server_session_id_context, |
sizeof s_server_session_id_context); |
sizeof s_server_session_id_context); |
|
|
s_server_config.tlsextcbp.biodebug = bio_s_out; |
s_server_config.tlsextcbp.biodebug = bio_s_out; |
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); |
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); |
SSL_CTX_set_tlsext_servername_arg(ctx2, &s_server_config.tlsextcbp); |
SSL_CTX_set_tlsext_servername_arg(ctx2, |
|
&s_server_config.tlsextcbp); |
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
SSL_CTX_set_tlsext_servername_arg(ctx, &s_server_config.tlsextcbp); |
SSL_CTX_set_tlsext_servername_arg(ctx, |
|
&s_server_config.tlsextcbp); |
} |
} |
|
|
if (s_server_config.CAfile != NULL) { |
if (s_server_config.CAfile != NULL) { |
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(s_server_config.CAfile)); |
SSL_CTX_set_client_CA_list(ctx, |
|
SSL_load_client_CA_file(s_server_config.CAfile)); |
if (ctx2) |
if (ctx2) |
SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(s_server_config.CAfile)); |
SSL_CTX_set_client_CA_list(ctx2, |
|
SSL_load_client_CA_file(s_server_config.CAfile)); |
} |
} |
BIO_printf(bio_s_out, "ACCEPT\n"); |
BIO_printf(bio_s_out, "ACCEPT\n"); |
(void) BIO_flush(bio_s_out); |
(void) BIO_flush(bio_s_out); |
if (s_server_config.www) |
if (s_server_config.www) |
do_server(s_server_config.port, s_server_config.socket_type, &accept_socket, www_body, s_server_config.context); |
do_server(s_server_config.port, s_server_config.socket_type, |
|
&accept_socket, www_body, s_server_config.context); |
else |
else |
do_server(s_server_config.port, s_server_config.socket_type, &accept_socket, sv_body, s_server_config.context); |
do_server(s_server_config.port, s_server_config.socket_type, |
|
&accept_socket, sv_body, s_server_config.context); |
print_stats(bio_s_out, ctx); |
print_stats(bio_s_out, ctx); |
ret = 0; |
ret = 0; |
end: |
end: |
|
|
SSL_CTX_sess_accept_renegotiate(ssl_ctx)); |
SSL_CTX_sess_accept_renegotiate(ssl_ctx)); |
BIO_printf(bio, "%4ld server accepts that finished\n", |
BIO_printf(bio, "%4ld server accepts that finished\n", |
SSL_CTX_sess_accept_good(ssl_ctx)); |
SSL_CTX_sess_accept_good(ssl_ctx)); |
BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx)); |
BIO_printf(bio, "%4ld session cache hits\n", |
BIO_printf(bio, "%4ld session cache misses\n", SSL_CTX_sess_misses(ssl_ctx)); |
SSL_CTX_sess_hits(ssl_ctx)); |
BIO_printf(bio, "%4ld session cache timeouts\n", SSL_CTX_sess_timeouts(ssl_ctx)); |
BIO_printf(bio, "%4ld session cache misses\n", |
BIO_printf(bio, "%4ld callback cache hits\n", SSL_CTX_sess_cb_hits(ssl_ctx)); |
SSL_CTX_sess_misses(ssl_ctx)); |
|
BIO_printf(bio, "%4ld session cache timeouts\n", |
|
SSL_CTX_sess_timeouts(ssl_ctx)); |
|
BIO_printf(bio, "%4ld callback cache hits\n", |
|
SSL_CTX_sess_cb_hits(ssl_ctx)); |
BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", |
BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", |
SSL_CTX_sess_cache_full(ssl_ctx), |
SSL_CTX_sess_cache_full(ssl_ctx), |
SSL_CTX_sess_get_cache_size(ssl_ctx)); |
SSL_CTX_sess_get_cache_size(ssl_ctx)); |
|
|
if (s_server_config.tlsextstatus) { |
if (s_server_config.tlsextstatus) { |
SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); |
SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); |
s_server_config.tlscstatp.err = bio_err; |
s_server_config.tlscstatp.err = bio_err; |
SSL_CTX_set_tlsext_status_arg(ctx, &s_server_config.tlscstatp); |
SSL_CTX_set_tlsext_status_arg(ctx, |
|
&s_server_config.tlscstatp); |
} |
} |
if (context) |
if (context) |
SSL_set_session_id_context(con, context, |
SSL_set_session_id_context(con, context, |
|
|
if (s_server_config.enable_timeouts) { |
if (s_server_config.enable_timeouts) { |
timeout.tv_sec = 0; |
timeout.tv_sec = 0; |
timeout.tv_usec = DGRAM_RCV_TIMEOUT; |
timeout.tv_usec = DGRAM_RCV_TIMEOUT; |
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); |
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, |
|
&timeout); |
|
|
timeout.tv_sec = 0; |
timeout.tv_sec = 0; |
timeout.tv_usec = DGRAM_SND_TIMEOUT; |
timeout.tv_usec = DGRAM_SND_TIMEOUT; |
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); |
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, |
|
&timeout); |
} |
} |
if (s_server_config.socket_mtu > 28) { |
if (s_server_config.socket_mtu > 28) { |
SSL_set_options(con, SSL_OP_NO_QUERY_MTU); |
SSL_set_options(con, SSL_OP_NO_QUERY_MTU); |
|
|
|
|
i = poll(pfd, 2, ptimeout); |
i = poll(pfd, 2, ptimeout); |
|
|
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) { |
if ((SSL_version(con) == DTLS1_VERSION) && |
|
DTLSv1_handle_timeout(con) > 0) { |
BIO_printf(bio_err, "TIMEOUT occured\n"); |
BIO_printf(bio_err, "TIMEOUT occured\n"); |
} |
} |
if (i <= 0) |
if (i <= 0) |
|
|
if ((buf[0] == 'R') && |
if ((buf[0] == 'R') && |
((buf[1] == '\n') || (buf[1] == '\r'))) { |
((buf[1] == '\n') || (buf[1] == '\r'))) { |
SSL_set_verify(con, |
SSL_set_verify(con, |
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, NULL); |
SSL_VERIFY_PEER | |
|
SSL_VERIFY_CLIENT_ONCE, |
|
NULL); |
SSL_renegotiate(con); |
SSL_renegotiate(con); |
i = SSL_do_handshake(con); |
i = SSL_do_handshake(con); |
printf("SSL_do_handshake -> %d\n", i); |
printf("SSL_do_handshake -> %d\n", i); |
|
|
*/ |
*/ |
} |
} |
if (buf[0] == 'P') { |
if (buf[0] == 'P') { |
static const char *str = "Lets print some clear text\n"; |
static const char *str = |
BIO_write(SSL_get_wbio(con), str, strlen(str)); |
"Lets print some clear text\n"; |
|
BIO_write(SSL_get_wbio(con), str, |
|
strlen(str)); |
} |
} |
if (buf[0] == 'S') { |
if (buf[0] == 'S') { |
print_stats(bio_s_out, SSL_get_SSL_CTX(con)); |
print_stats(bio_s_out, |
|
SSL_get_SSL_CTX(con)); |
} |
} |
} |
} |
l = k = 0; |
l = k = 0; |
|
|
err: |
err: |
if (con != NULL) { |
if (con != NULL) { |
BIO_printf(bio_s_out, "shutting down SSL\n"); |
BIO_printf(bio_s_out, "shutting down SSL\n"); |
SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
SSL_set_shutdown(con, |
|
SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
SSL_free(con); |
SSL_free(con); |
} |
} |
BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); |
BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); |
|
|
= SSL_get_selected_srtp_profile(con); |
= SSL_get_selected_srtp_profile(con); |
|
|
if (srtp_profile) |
if (srtp_profile) |
BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n", |
BIO_printf(bio_s_out, |
|
"SRTP Extension negotiated, profile=%s\n", |
srtp_profile->name); |
srtp_profile->name); |
} |
} |
#endif |
#endif |
|
|
SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); |
SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); |
if (s_server_config.keymatexportlabel != NULL) { |
if (s_server_config.keymatexportlabel != NULL) { |
BIO_printf(bio_s_out, "Keying material exporter:\n"); |
BIO_printf(bio_s_out, "Keying material exporter:\n"); |
BIO_printf(bio_s_out, " Label: '%s'\n", s_server_config.keymatexportlabel); |
BIO_printf(bio_s_out, " Label: '%s'\n", |
|
s_server_config.keymatexportlabel); |
BIO_printf(bio_s_out, " Length: %i bytes\n", |
BIO_printf(bio_s_out, " Length: %i bytes\n", |
s_server_config.keymatexportlen); |
s_server_config.keymatexportlen); |
exportedkeymat = malloc(s_server_config.keymatexportlen); |
exportedkeymat = malloc(s_server_config.keymatexportlen); |
|
|
goto end; |
goto end; |
} |
} |
/* else we have data */ |
/* else we have data */ |
if (((s_server_config.www == 1) && (strncmp("GET ", buf, 4) == 0)) || |
if (((s_server_config.www == 1) && |
((s_server_config.www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { |
(strncmp("GET ", buf, 4) == 0)) || |
|
((s_server_config.www == 2) && |
|
(strncmp("GET /stats ", buf, 11) == 0))) { |
char *p; |
char *p; |
X509 *peer; |
X509 *peer; |
STACK_OF(SSL_CIPHER) *sk; |
STACK_OF(SSL_CIPHER) *sk; |
|
|
* The following is evil and should not really be |
* The following is evil and should not really be |
* done |
* done |
*/ |
*/ |
BIO_printf(io, "Ciphers supported in s_server binary\n"); |
BIO_printf(io, |
|
"Ciphers supported in s_server binary\n"); |
sk = SSL_get_ciphers(con); |
sk = SSL_get_ciphers(con); |
j = sk_SSL_CIPHER_num(sk); |
j = sk_SSL_CIPHER_num(sk); |
for (i = 0; i < j; i++) { |
for (i = 0; i < j; i++) { |
|
|
BIO_puts(io, "\n"); |
BIO_puts(io, "\n"); |
p = SSL_get_shared_ciphers(con, buf, bufsize); |
p = SSL_get_shared_ciphers(con, buf, bufsize); |
if (p != NULL) { |
if (p != NULL) { |
BIO_printf(io, "---\nCiphers common between both SSL end points:\n"); |
BIO_printf(io, |
|
"---\nCiphers common between both SSL end points:\n"); |
j = i = 0; |
j = i = 0; |
while (*p) { |
while (*p) { |
if (*p == ':') { |
if (*p == ':') { |
BIO_write(io, space, 26 - j); |
BIO_write(io, space, 26 - j); |
i++; |
i++; |
j = 0; |
j = 0; |
BIO_write(io, ((i % 3) ? " " : "\n"), 1); |
BIO_write(io, |
|
((i % 3) ? " " : "\n"), 1); |
} else { |
} else { |
BIO_write(io, p, 1); |
BIO_write(io, p, 1); |
j++; |
j++; |
|
|
X509_print(io, peer); |
X509_print(io, peer); |
PEM_write_bio_X509(io, peer); |
PEM_write_bio_X509(io, peer); |
} else |
} else |
BIO_puts(io, "no client certificate available\n"); |
BIO_puts(io, |
|
"no client certificate available\n"); |
BIO_puts(io, "</BODY></HTML>\r\n\r\n"); |
BIO_puts(io, "</BODY></HTML>\r\n\r\n"); |
break; |
break; |
} else if ((s_server_config.www == 2 || s_server_config.www == 3) |
} else if ((s_server_config.www == 2 || |
&& (strncmp("GET /", buf, 5) == 0)) { |
s_server_config.www == 3) && |
|
(strncmp("GET /", buf, 5) == 0)) { |
BIO *file; |
BIO *file; |
char *p, *e; |
char *p, *e; |
static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; |
static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; |
|
|
dot = (e[0] == '.') ? 3 : 0; |
dot = (e[0] == '.') ? 3 : 0; |
break; |
break; |
case 3: |
case 3: |
dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0; |
dot = (e[0] == '/' || e[0] == '\\') ? |
|
-1 : 0; |
break; |
break; |
} |
} |
if (dot == 0) |
if (dot == 0) |
dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0; |
dot = (e[0] == '/' || e[0] == '\\') ? |
|
1 : 0; |
} |
} |
dot = (dot == 3) || (dot == -1); /* filename contains |
dot = (dot == 3) || (dot == -1); /* filename contains |
* ".." component */ |
* ".." component */ |
|
|
if (*e == '\0') { |
if (*e == '\0') { |
BIO_puts(io, text); |
BIO_puts(io, text); |
BIO_printf(io, "'%s' is an invalid file name\r\n", p); |
BIO_printf(io, |
|
"'%s' is an invalid file name\r\n", p); |
break; |
break; |
} |
} |
*e = '\0'; |
*e = '\0'; |
|
|
if (dot) { |
if (dot) { |
BIO_puts(io, text); |
BIO_puts(io, text); |
BIO_printf(io, "'%s' contains '..' reference\r\n", p); |
BIO_printf(io, |
|
"'%s' contains '..' reference\r\n", p); |
break; |
break; |
} |
} |
if (*p == '/') { |
if (*p == '/') { |
BIO_puts(io, text); |
BIO_puts(io, text); |
BIO_printf(io, "'%s' is an invalid path\r\n", p); |
BIO_printf(io, |
|
"'%s' is an invalid path\r\n", p); |
break; |
break; |
} |
} |
/* if a directory, do the index thang */ |
/* if a directory, do the index thang */ |
|
|
if (!BIO_should_retry(io)) |
if (!BIO_should_retry(io)) |
goto write_error; |
goto write_error; |
else { |
else { |
BIO_printf(bio_s_out, "rwrite W BLOCK\n"); |
BIO_printf(bio_s_out, |
|
"rwrite W BLOCK\n"); |
} |
} |
} else { |
} else { |
j += k; |
j += k; |
|
|
ssl_servername_cb(SSL *s, int *ad, void *arg) |
ssl_servername_cb(SSL *s, int *ad, void *arg) |
{ |
{ |
tlsextctx *p = (tlsextctx *) arg; |
tlsextctx *p = (tlsextctx *) arg; |
const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); |
const char *servername = SSL_get_servername(s, |
|
TLSEXT_NAMETYPE_host_name); |
|
|
if (servername && p->biodebug) |
if (servername && p->biodebug) |
BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", servername); |
BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", |
|
servername); |
|
|
if (!p->servername) |
if (!p->servername) |
return SSL_TLSEXT_ERR_NOACK; |
return SSL_TLSEXT_ERR_NOACK; |
|
|
sk_OPENSSL_STRING_value(aia, 0)); |
sk_OPENSSL_STRING_value(aia, 0)); |
} else { |
} else { |
if (!srctx->host) { |
if (!srctx->host) { |
BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n"); |
BIO_puts(srctx->err, |
|
"cert_status: no AIA and no default responder URL\n"); |
goto done; |
goto done; |
} |
} |
host = srctx->host; |
host = srctx->host; |
|
|
goto err; |
goto err; |
if (X509_STORE_get_by_subject(&inctx, X509_LU_X509, |
if (X509_STORE_get_by_subject(&inctx, X509_LU_X509, |
X509_get_issuer_name(x), &obj) <= 0) { |
X509_get_issuer_name(x), &obj) <= 0) { |
BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); |
BIO_puts(err, |
|
"cert_status: Can't retrieve issuer certificate.\n"); |
X509_STORE_CTX_cleanup(&inctx); |
X509_STORE_CTX_cleanup(&inctx); |
goto done; |
goto done; |
} |
} |