| version 1.42, 2020/07/27 13:06:13 |
version 1.43, 2020/07/27 13:46:48 |
|
|
| s_server_config.server_verify = SSL_VERIFY_NONE; |
s_server_config.server_verify = SSL_VERIFY_NONE; |
| s_server_config.socket_type = SOCK_STREAM; |
s_server_config.socket_type = SOCK_STREAM; |
| s_server_config.tlscstatp.timeout = -1; |
s_server_config.tlscstatp.timeout = -1; |
| s_server_config.tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_WARNING; |
s_server_config.tlsextcbp.extension_error = |
| |
SSL_TLSEXT_ERR_ALERT_WARNING; |
| |
|
| local_argc = argc; |
local_argc = argc; |
| local_argv = argv; |
local_argv = argv; |
|
|
| goto end; |
goto end; |
| } |
} |
| |
|
| if (!app_passwd(bio_err, s_server_config.passarg, s_server_config.dpassarg, &pass, &dpass)) { |
if (!app_passwd(bio_err, s_server_config.passarg, |
| |
s_server_config.dpassarg, &pass, &dpass)) { |
| BIO_printf(bio_err, "Error getting password\n"); |
BIO_printf(bio_err, "Error getting password\n"); |
| goto end; |
goto end; |
| } |
} |
|
|
| s_server_config.key_file2 = s_server_config.cert_file2; |
s_server_config.key_file2 = s_server_config.cert_file2; |
| |
|
| if (s_server_config.nocert == 0) { |
if (s_server_config.nocert == 0) { |
| s_key = load_key(bio_err, s_server_config.key_file, s_server_config.key_format, 0, pass, |
s_key = load_key(bio_err, s_server_config.key_file, |
| |
s_server_config.key_format, 0, pass, |
| "server certificate private key file"); |
"server certificate private key file"); |
| if (!s_key) { |
if (!s_key) { |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| s_cert = load_cert(bio_err, s_server_config.cert_file, s_server_config.cert_format, |
s_cert = load_cert(bio_err, s_server_config.cert_file, |
| |
s_server_config.cert_format, |
| NULL, "server certificate file"); |
NULL, "server certificate file"); |
| |
|
| if (!s_cert) { |
if (!s_cert) { |
|
|
| goto end; |
goto end; |
| } |
} |
| if (s_server_config.tlsextcbp.servername) { |
if (s_server_config.tlsextcbp.servername) { |
| s_key2 = load_key(bio_err, s_server_config.key_file2, s_server_config.key_format, 0, pass, |
s_key2 = load_key(bio_err, s_server_config.key_file2, |
| |
s_server_config.key_format, 0, pass, |
| "second server certificate private key file"); |
"second server certificate private key file"); |
| if (!s_key2) { |
if (!s_key2) { |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| s_cert2 = load_cert(bio_err, s_server_config.cert_file2, s_server_config.cert_format, |
s_cert2 = load_cert(bio_err, s_server_config.cert_file2, |
| |
s_server_config.cert_format, |
| NULL, "second server certificate file"); |
NULL, "second server certificate file"); |
| |
|
| if (!s_cert2) { |
if (!s_cert2) { |
|
|
| alpn_ctx.data = NULL; |
alpn_ctx.data = NULL; |
| if (s_server_config.alpn_in) { |
if (s_server_config.alpn_in) { |
| unsigned short len; |
unsigned short len; |
| alpn_ctx.data = next_protos_parse(&len, s_server_config.alpn_in); |
alpn_ctx.data = next_protos_parse(&len, |
| |
s_server_config.alpn_in); |
| if (alpn_ctx.data == NULL) |
if (alpn_ctx.data == NULL) |
| goto end; |
goto end; |
| alpn_ctx.len = len; |
alpn_ctx.len = len; |
|
|
| if (s_server_config.dkey_file == NULL) |
if (s_server_config.dkey_file == NULL) |
| s_server_config.dkey_file = s_server_config.dcert_file; |
s_server_config.dkey_file = s_server_config.dcert_file; |
| |
|
| s_dkey = load_key(bio_err, s_server_config.dkey_file, s_server_config.dkey_format, |
s_dkey = load_key(bio_err, s_server_config.dkey_file, |
| |
s_server_config.dkey_format, |
| 0, dpass, "second certificate private key file"); |
0, dpass, "second certificate private key file"); |
| if (!s_dkey) { |
if (!s_dkey) { |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| s_dcert = load_cert(bio_err, s_server_config.dcert_file, s_server_config.dcert_format, |
s_dcert = load_cert(bio_err, s_server_config.dcert_file, |
| |
s_server_config.dcert_format, |
| NULL, "second server certificate file"); |
NULL, "second server certificate file"); |
| |
|
| if (!s_dcert) { |
if (!s_dcert) { |
|
|
| } |
} |
| } |
} |
| if (bio_s_out == NULL) { |
if (bio_s_out == NULL) { |
| if (s_server_config.quiet && !s_server_config.debug && !s_server_config.msg) { |
if (s_server_config.quiet && !s_server_config.debug && |
| |
!s_server_config.msg) { |
| bio_s_out = BIO_new(BIO_s_null()); |
bio_s_out = BIO_new(BIO_s_null()); |
| } else { |
} else { |
| if (bio_s_out == NULL) |
if (bio_s_out == NULL) |
|
|
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| BIO_printf(bio_err, "id_prefix '%s' set.\n", s_server_config.session_id_prefix); |
BIO_printf(bio_err, "id_prefix '%s' set.\n", |
| |
s_server_config.session_id_prefix); |
| } |
} |
| SSL_CTX_set_quiet_shutdown(ctx, 1); |
SSL_CTX_set_quiet_shutdown(ctx, 1); |
| if (s_server_config.bugs) |
if (s_server_config.bugs) |
|
|
| SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); |
SSL_CTX_set_tlsext_use_srtp(ctx, s_server_config.srtp_profiles); |
| #endif |
#endif |
| |
|
| |
if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, |
| if ((!SSL_CTX_load_verify_locations(ctx, s_server_config.CAfile, s_server_config.CApath)) || |
s_server_config.CApath)) || |
| (!SSL_CTX_set_default_verify_paths(ctx))) { |
(!SSL_CTX_set_default_verify_paths(ctx))) { |
| /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ |
/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
|
|
| goto end; |
goto end; |
| } |
} |
| |
|
| if (!SSL_CTX_set_min_proto_version(ctx2, s_server_config.min_version)) |
if (!SSL_CTX_set_min_proto_version(ctx2, |
| |
s_server_config.min_version)) |
| goto end; |
goto end; |
| if (!SSL_CTX_set_max_proto_version(ctx2, s_server_config.max_version)) |
if (!SSL_CTX_set_max_proto_version(ctx2, |
| |
s_server_config.max_version)) |
| goto end; |
goto end; |
| SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); |
SSL_CTX_clear_mode(ctx2, SSL_MODE_AUTO_RETRY); |
| } |
} |
|
|
| else if (strlen(s_server_config.session_id_prefix) >= 16) |
else if (strlen(s_server_config.session_id_prefix) >= 16) |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "warning: id_prefix is too long if you use SSLv2\n"); |
"warning: id_prefix is too long if you use SSLv2\n"); |
| if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) { |
if (!SSL_CTX_set_generate_session_id(ctx2, |
| BIO_printf(bio_err, "error setting 'id_prefix'\n"); |
generate_session_id)) { |
| |
BIO_printf(bio_err, |
| |
"error setting 'id_prefix'\n"); |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| BIO_printf(bio_err, "id_prefix '%s' set.\n", s_server_config.session_id_prefix); |
BIO_printf(bio_err, "id_prefix '%s' set.\n", |
| |
s_server_config.session_id_prefix); |
| } |
} |
| SSL_CTX_set_quiet_shutdown(ctx2, 1); |
SSL_CTX_set_quiet_shutdown(ctx2, 1); |
| if (s_server_config.bugs) |
if (s_server_config.bugs) |
|
|
| else |
else |
| SSL_CTX_sess_set_cache_size(ctx2, 128); |
SSL_CTX_sess_set_cache_size(ctx2, 128); |
| |
|
| if ((!SSL_CTX_load_verify_locations(ctx2, s_server_config.CAfile, s_server_config.CApath)) || |
if ((!SSL_CTX_load_verify_locations(ctx2, |
| |
s_server_config.CAfile, s_server_config.CApath)) || |
| (!SSL_CTX_set_default_verify_paths(ctx2))) { |
(!SSL_CTX_set_default_verify_paths(ctx2))) { |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| } |
} |
|
|
| DH *dh2 = NULL; |
DH *dh2 = NULL; |
| |
|
| if (s_server_config.cert_file2 != NULL) |
if (s_server_config.cert_file2 != NULL) |
| dh2 = load_dh_param(s_server_config.cert_file2); |
dh2 = load_dh_param( |
| |
s_server_config.cert_file2); |
| if (dh2 != NULL) { |
if (dh2 != NULL) { |
| BIO_printf(bio_s_out, "Setting temp DH parameters\n"); |
BIO_printf(bio_s_out, |
| |
"Setting temp DH parameters\n"); |
| (void) BIO_flush(bio_s_out); |
(void) BIO_flush(bio_s_out); |
| |
|
| DH_free(dh); |
DH_free(dh); |
|
|
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, s_server_config.cipher)) { |
if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, |
| |
s_server_config.cipher)) { |
| BIO_printf(bio_err, "error setting cipher list\n"); |
BIO_printf(bio_err, "error setting cipher list\n"); |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
| SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); |
SSL_CTX_set_verify(ctx, s_server_config.server_verify, verify_callback); |
| SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context, |
SSL_CTX_set_session_id_context(ctx, |
| |
(void *) &s_server_session_id_context, |
| sizeof s_server_session_id_context); |
sizeof s_server_session_id_context); |
| |
|
| /* Set DTLS cookie generation and verification callbacks */ |
/* Set DTLS cookie generation and verification callbacks */ |
|
|
| SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); |
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); |
| |
|
| if (ctx2) { |
if (ctx2) { |
| SSL_CTX_set_verify(ctx2, s_server_config.server_verify, verify_callback); |
SSL_CTX_set_verify(ctx2, s_server_config.server_verify, |
| SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context, |
verify_callback); |
| |
SSL_CTX_set_session_id_context(ctx2, |
| |
(void *) &s_server_session_id_context, |
| sizeof s_server_session_id_context); |
sizeof s_server_session_id_context); |
| |
|
| s_server_config.tlsextcbp.biodebug = bio_s_out; |
s_server_config.tlsextcbp.biodebug = bio_s_out; |
| SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); |
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); |
| SSL_CTX_set_tlsext_servername_arg(ctx2, &s_server_config.tlsextcbp); |
SSL_CTX_set_tlsext_servername_arg(ctx2, |
| |
&s_server_config.tlsextcbp); |
| SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); |
| SSL_CTX_set_tlsext_servername_arg(ctx, &s_server_config.tlsextcbp); |
SSL_CTX_set_tlsext_servername_arg(ctx, |
| |
&s_server_config.tlsextcbp); |
| } |
} |
| |
|
| if (s_server_config.CAfile != NULL) { |
if (s_server_config.CAfile != NULL) { |
| SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(s_server_config.CAfile)); |
SSL_CTX_set_client_CA_list(ctx, |
| |
SSL_load_client_CA_file(s_server_config.CAfile)); |
| if (ctx2) |
if (ctx2) |
| SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(s_server_config.CAfile)); |
SSL_CTX_set_client_CA_list(ctx2, |
| |
SSL_load_client_CA_file(s_server_config.CAfile)); |
| } |
} |
| BIO_printf(bio_s_out, "ACCEPT\n"); |
BIO_printf(bio_s_out, "ACCEPT\n"); |
| (void) BIO_flush(bio_s_out); |
(void) BIO_flush(bio_s_out); |
| if (s_server_config.www) |
if (s_server_config.www) |
| do_server(s_server_config.port, s_server_config.socket_type, &accept_socket, www_body, s_server_config.context); |
do_server(s_server_config.port, s_server_config.socket_type, |
| |
&accept_socket, www_body, s_server_config.context); |
| else |
else |
| do_server(s_server_config.port, s_server_config.socket_type, &accept_socket, sv_body, s_server_config.context); |
do_server(s_server_config.port, s_server_config.socket_type, |
| |
&accept_socket, sv_body, s_server_config.context); |
| print_stats(bio_s_out, ctx); |
print_stats(bio_s_out, ctx); |
| ret = 0; |
ret = 0; |
| end: |
end: |
|
|
| SSL_CTX_sess_accept_renegotiate(ssl_ctx)); |
SSL_CTX_sess_accept_renegotiate(ssl_ctx)); |
| BIO_printf(bio, "%4ld server accepts that finished\n", |
BIO_printf(bio, "%4ld server accepts that finished\n", |
| SSL_CTX_sess_accept_good(ssl_ctx)); |
SSL_CTX_sess_accept_good(ssl_ctx)); |
| BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx)); |
BIO_printf(bio, "%4ld session cache hits\n", |
| BIO_printf(bio, "%4ld session cache misses\n", SSL_CTX_sess_misses(ssl_ctx)); |
SSL_CTX_sess_hits(ssl_ctx)); |
| BIO_printf(bio, "%4ld session cache timeouts\n", SSL_CTX_sess_timeouts(ssl_ctx)); |
BIO_printf(bio, "%4ld session cache misses\n", |
| BIO_printf(bio, "%4ld callback cache hits\n", SSL_CTX_sess_cb_hits(ssl_ctx)); |
SSL_CTX_sess_misses(ssl_ctx)); |
| |
BIO_printf(bio, "%4ld session cache timeouts\n", |
| |
SSL_CTX_sess_timeouts(ssl_ctx)); |
| |
BIO_printf(bio, "%4ld callback cache hits\n", |
| |
SSL_CTX_sess_cb_hits(ssl_ctx)); |
| BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", |
BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", |
| SSL_CTX_sess_cache_full(ssl_ctx), |
SSL_CTX_sess_cache_full(ssl_ctx), |
| SSL_CTX_sess_get_cache_size(ssl_ctx)); |
SSL_CTX_sess_get_cache_size(ssl_ctx)); |
|
|
| if (s_server_config.tlsextstatus) { |
if (s_server_config.tlsextstatus) { |
| SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); |
SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); |
| s_server_config.tlscstatp.err = bio_err; |
s_server_config.tlscstatp.err = bio_err; |
| SSL_CTX_set_tlsext_status_arg(ctx, &s_server_config.tlscstatp); |
SSL_CTX_set_tlsext_status_arg(ctx, |
| |
&s_server_config.tlscstatp); |
| } |
} |
| if (context) |
if (context) |
| SSL_set_session_id_context(con, context, |
SSL_set_session_id_context(con, context, |
|
|
| if (s_server_config.enable_timeouts) { |
if (s_server_config.enable_timeouts) { |
| timeout.tv_sec = 0; |
timeout.tv_sec = 0; |
| timeout.tv_usec = DGRAM_RCV_TIMEOUT; |
timeout.tv_usec = DGRAM_RCV_TIMEOUT; |
| BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); |
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, |
| |
&timeout); |
| |
|
| timeout.tv_sec = 0; |
timeout.tv_sec = 0; |
| timeout.tv_usec = DGRAM_SND_TIMEOUT; |
timeout.tv_usec = DGRAM_SND_TIMEOUT; |
| BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); |
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, |
| |
&timeout); |
| } |
} |
| if (s_server_config.socket_mtu > 28) { |
if (s_server_config.socket_mtu > 28) { |
| SSL_set_options(con, SSL_OP_NO_QUERY_MTU); |
SSL_set_options(con, SSL_OP_NO_QUERY_MTU); |
|
|
| |
|
| i = poll(pfd, 2, ptimeout); |
i = poll(pfd, 2, ptimeout); |
| |
|
| if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) { |
if ((SSL_version(con) == DTLS1_VERSION) && |
| |
DTLSv1_handle_timeout(con) > 0) { |
| BIO_printf(bio_err, "TIMEOUT occured\n"); |
BIO_printf(bio_err, "TIMEOUT occured\n"); |
| } |
} |
| if (i <= 0) |
if (i <= 0) |
|
|
| if ((buf[0] == 'R') && |
if ((buf[0] == 'R') && |
| ((buf[1] == '\n') || (buf[1] == '\r'))) { |
((buf[1] == '\n') || (buf[1] == '\r'))) { |
| SSL_set_verify(con, |
SSL_set_verify(con, |
| SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, NULL); |
SSL_VERIFY_PEER | |
| |
SSL_VERIFY_CLIENT_ONCE, |
| |
NULL); |
| SSL_renegotiate(con); |
SSL_renegotiate(con); |
| i = SSL_do_handshake(con); |
i = SSL_do_handshake(con); |
| printf("SSL_do_handshake -> %d\n", i); |
printf("SSL_do_handshake -> %d\n", i); |
|
|
| */ |
*/ |
| } |
} |
| if (buf[0] == 'P') { |
if (buf[0] == 'P') { |
| static const char *str = "Lets print some clear text\n"; |
static const char *str = |
| BIO_write(SSL_get_wbio(con), str, strlen(str)); |
"Lets print some clear text\n"; |
| |
BIO_write(SSL_get_wbio(con), str, |
| |
strlen(str)); |
| } |
} |
| if (buf[0] == 'S') { |
if (buf[0] == 'S') { |
| print_stats(bio_s_out, SSL_get_SSL_CTX(con)); |
print_stats(bio_s_out, |
| |
SSL_get_SSL_CTX(con)); |
| } |
} |
| } |
} |
| l = k = 0; |
l = k = 0; |
|
|
| err: |
err: |
| if (con != NULL) { |
if (con != NULL) { |
| BIO_printf(bio_s_out, "shutting down SSL\n"); |
BIO_printf(bio_s_out, "shutting down SSL\n"); |
| SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
SSL_set_shutdown(con, |
| |
SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
| SSL_free(con); |
SSL_free(con); |
| } |
} |
| BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); |
BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); |
|
|
| = SSL_get_selected_srtp_profile(con); |
= SSL_get_selected_srtp_profile(con); |
| |
|
| if (srtp_profile) |
if (srtp_profile) |
| BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n", |
BIO_printf(bio_s_out, |
| |
"SRTP Extension negotiated, profile=%s\n", |
| srtp_profile->name); |
srtp_profile->name); |
| } |
} |
| #endif |
#endif |
|
|
| SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); |
SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); |
| if (s_server_config.keymatexportlabel != NULL) { |
if (s_server_config.keymatexportlabel != NULL) { |
| BIO_printf(bio_s_out, "Keying material exporter:\n"); |
BIO_printf(bio_s_out, "Keying material exporter:\n"); |
| BIO_printf(bio_s_out, " Label: '%s'\n", s_server_config.keymatexportlabel); |
BIO_printf(bio_s_out, " Label: '%s'\n", |
| |
s_server_config.keymatexportlabel); |
| BIO_printf(bio_s_out, " Length: %i bytes\n", |
BIO_printf(bio_s_out, " Length: %i bytes\n", |
| s_server_config.keymatexportlen); |
s_server_config.keymatexportlen); |
| exportedkeymat = malloc(s_server_config.keymatexportlen); |
exportedkeymat = malloc(s_server_config.keymatexportlen); |
|
|
| goto end; |
goto end; |
| } |
} |
| /* else we have data */ |
/* else we have data */ |
| if (((s_server_config.www == 1) && (strncmp("GET ", buf, 4) == 0)) || |
if (((s_server_config.www == 1) && |
| ((s_server_config.www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { |
(strncmp("GET ", buf, 4) == 0)) || |
| |
((s_server_config.www == 2) && |
| |
(strncmp("GET /stats ", buf, 11) == 0))) { |
| char *p; |
char *p; |
| X509 *peer; |
X509 *peer; |
| STACK_OF(SSL_CIPHER) *sk; |
STACK_OF(SSL_CIPHER) *sk; |
|
|
| * The following is evil and should not really be |
* The following is evil and should not really be |
| * done |
* done |
| */ |
*/ |
| BIO_printf(io, "Ciphers supported in s_server binary\n"); |
BIO_printf(io, |
| |
"Ciphers supported in s_server binary\n"); |
| sk = SSL_get_ciphers(con); |
sk = SSL_get_ciphers(con); |
| j = sk_SSL_CIPHER_num(sk); |
j = sk_SSL_CIPHER_num(sk); |
| for (i = 0; i < j; i++) { |
for (i = 0; i < j; i++) { |
|
|
| BIO_puts(io, "\n"); |
BIO_puts(io, "\n"); |
| p = SSL_get_shared_ciphers(con, buf, bufsize); |
p = SSL_get_shared_ciphers(con, buf, bufsize); |
| if (p != NULL) { |
if (p != NULL) { |
| BIO_printf(io, "---\nCiphers common between both SSL end points:\n"); |
BIO_printf(io, |
| |
"---\nCiphers common between both SSL end points:\n"); |
| j = i = 0; |
j = i = 0; |
| while (*p) { |
while (*p) { |
| if (*p == ':') { |
if (*p == ':') { |
| BIO_write(io, space, 26 - j); |
BIO_write(io, space, 26 - j); |
| i++; |
i++; |
| j = 0; |
j = 0; |
| BIO_write(io, ((i % 3) ? " " : "\n"), 1); |
BIO_write(io, |
| |
((i % 3) ? " " : "\n"), 1); |
| } else { |
} else { |
| BIO_write(io, p, 1); |
BIO_write(io, p, 1); |
| j++; |
j++; |
|
|
| X509_print(io, peer); |
X509_print(io, peer); |
| PEM_write_bio_X509(io, peer); |
PEM_write_bio_X509(io, peer); |
| } else |
} else |
| BIO_puts(io, "no client certificate available\n"); |
BIO_puts(io, |
| |
"no client certificate available\n"); |
| BIO_puts(io, "</BODY></HTML>\r\n\r\n"); |
BIO_puts(io, "</BODY></HTML>\r\n\r\n"); |
| break; |
break; |
| } else if ((s_server_config.www == 2 || s_server_config.www == 3) |
} else if ((s_server_config.www == 2 || |
| && (strncmp("GET /", buf, 5) == 0)) { |
s_server_config.www == 3) && |
| |
(strncmp("GET /", buf, 5) == 0)) { |
| BIO *file; |
BIO *file; |
| char *p, *e; |
char *p, *e; |
| static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; |
static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; |
|
|
| dot = (e[0] == '.') ? 3 : 0; |
dot = (e[0] == '.') ? 3 : 0; |
| break; |
break; |
| case 3: |
case 3: |
| dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0; |
dot = (e[0] == '/' || e[0] == '\\') ? |
| |
-1 : 0; |
| break; |
break; |
| } |
} |
| if (dot == 0) |
if (dot == 0) |
| dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0; |
dot = (e[0] == '/' || e[0] == '\\') ? |
| |
1 : 0; |
| } |
} |
| dot = (dot == 3) || (dot == -1); /* filename contains |
dot = (dot == 3) || (dot == -1); /* filename contains |
| * ".." component */ |
* ".." component */ |
| |
|
| if (*e == '\0') { |
if (*e == '\0') { |
| BIO_puts(io, text); |
BIO_puts(io, text); |
| BIO_printf(io, "'%s' is an invalid file name\r\n", p); |
BIO_printf(io, |
| |
"'%s' is an invalid file name\r\n", p); |
| break; |
break; |
| } |
} |
| *e = '\0'; |
*e = '\0'; |
| |
|
| if (dot) { |
if (dot) { |
| BIO_puts(io, text); |
BIO_puts(io, text); |
| BIO_printf(io, "'%s' contains '..' reference\r\n", p); |
BIO_printf(io, |
| |
"'%s' contains '..' reference\r\n", p); |
| break; |
break; |
| } |
} |
| if (*p == '/') { |
if (*p == '/') { |
| BIO_puts(io, text); |
BIO_puts(io, text); |
| BIO_printf(io, "'%s' is an invalid path\r\n", p); |
BIO_printf(io, |
| |
"'%s' is an invalid path\r\n", p); |
| break; |
break; |
| } |
} |
| /* if a directory, do the index thang */ |
/* if a directory, do the index thang */ |
|
|
| if (!BIO_should_retry(io)) |
if (!BIO_should_retry(io)) |
| goto write_error; |
goto write_error; |
| else { |
else { |
| BIO_printf(bio_s_out, "rwrite W BLOCK\n"); |
BIO_printf(bio_s_out, |
| |
"rwrite W BLOCK\n"); |
| } |
} |
| } else { |
} else { |
| j += k; |
j += k; |
|
|
| ssl_servername_cb(SSL *s, int *ad, void *arg) |
ssl_servername_cb(SSL *s, int *ad, void *arg) |
| { |
{ |
| tlsextctx *p = (tlsextctx *) arg; |
tlsextctx *p = (tlsextctx *) arg; |
| const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); |
const char *servername = SSL_get_servername(s, |
| |
TLSEXT_NAMETYPE_host_name); |
| |
|
| if (servername && p->biodebug) |
if (servername && p->biodebug) |
| BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", servername); |
BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", |
| |
servername); |
| |
|
| if (!p->servername) |
if (!p->servername) |
| return SSL_TLSEXT_ERR_NOACK; |
return SSL_TLSEXT_ERR_NOACK; |
|
|
| sk_OPENSSL_STRING_value(aia, 0)); |
sk_OPENSSL_STRING_value(aia, 0)); |
| } else { |
} else { |
| if (!srctx->host) { |
if (!srctx->host) { |
| BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n"); |
BIO_puts(srctx->err, |
| |
"cert_status: no AIA and no default responder URL\n"); |
| goto done; |
goto done; |
| } |
} |
| host = srctx->host; |
host = srctx->host; |
|
|
| goto err; |
goto err; |
| if (X509_STORE_get_by_subject(&inctx, X509_LU_X509, |
if (X509_STORE_get_by_subject(&inctx, X509_LU_X509, |
| X509_get_issuer_name(x), &obj) <= 0) { |
X509_get_issuer_name(x), &obj) <= 0) { |
| BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); |
BIO_puts(err, |
| |
"cert_status: Can't retrieve issuer certificate.\n"); |
| X509_STORE_CTX_cleanup(&inctx); |
X509_STORE_CTX_cleanup(&inctx); |
| goto done; |
goto done; |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to s_server.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl