#include <assert.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include <sys/stat.h>#include <openssl/e_os2.h>#include <sys/types.h>#include <openssl/lhash.h>#include <openssl/bn.h>#include "apps.h"#include <openssl/err.h>#include <openssl/pem.h>#include <openssl/x509.h>#include <openssl/ssl.h>#include <openssl/rand.h>#include <openssl/dh.h>#include <openssl/rsa.h>#include "s_apps.h"#include "timeouts.h"Go to the source code of this file.
Defines | |
| #define | USE_SOCKETS |
| #define | S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) |
| #define | BUFSIZZ 16*1024 |
| #define | TEST_CERT "server.pem" |
| #define | PROG s_server_main |
| #define | MAX_SESSION_ID_ATTEMPTS 10 |
Functions | |
| static RSA MS_CALLBACK * | tmp_rsa_cb (SSL *s, int is_export, int keylength) |
| static int | sv_body (char *hostname, int s, unsigned char *context) |
| static int | www_body (char *hostname, int s, unsigned char *context) |
| static void | close_accept_socket (void) |
| static void | sv_usage (void) |
| static int | init_ssl_connection (SSL *s) |
| static void | print_stats (BIO *bp, SSL_CTX *ctx) |
| static int | generate_session_id (const SSL *ssl, unsigned char *id, unsigned int *id_len) |
| static DH * | load_dh_param (const char *dhfile) |
| static DH * | get_dh512 (void) |
| int | MAIN (int, char **) |
Variables | |
| static unsigned char | dh512_p [] |
| static unsigned char | dh512_g [] |
| static int | bufsize = BUFSIZZ |
| static int | accept_socket = -1 |
| int | verify_depth |
| static char * | cipher = NULL |
| static int | s_server_verify = SSL_VERIFY_NONE |
| static int | s_server_session_id_context = 1 |
| static const char * | s_cert_file = TEST_CERT |
| static const char * | s_key_file = NULL |
| static char * | s_dcert_file = NULL |
| static char * | s_dkey_file = NULL |
| static int | s_nbio_test = 0 |
| int | s_crlf = 0 |
| static SSL_CTX * | ctx = NULL |
| static int | www = 0 |
| static BIO * | bio_s_out = NULL |
| static int | s_debug = 0 |
| static int | s_msg = 0 |
| static int | s_quiet = 0 |
| static int | hack = 0 |
| static char * | engine_id = NULL |
| static const char * | session_id_prefix = NULL |
| static int | enable_timeouts = 0 |
| static long | mtu |
| static int | cert_chain = 0 |
| static int | local_argc = 0 |
| static char ** | local_argv |
|
|
Definition at line 236 of file s_server.c. |
|
|
Definition at line 1994 of file s_server.c. Referenced by generate_session_id(). |
|
|
Definition at line 242 of file s_server.c. |
|
|
Definition at line 202 of file s_server.c. Referenced by www_body(). |
|
|
Definition at line 240 of file s_server.c. Referenced by sv_usage(). |
|
|
Definition at line 149 of file s_server.c. |
|
|
Definition at line 1471 of file s_server.c. References accept_socket, bio_err, and BIO_printf(). Referenced by sv_body(). 01472 { 01473 BIO_printf(bio_err,"shutdown accept socket\n"); 01474 if (accept_socket >= 0) 01475 { 01476 SHUTDOWN2(accept_socket); 01477 } 01478 }
|
|
||||||||||||||||
|
Definition at line 1995 of file s_server.c. References MAX_SESSION_ID_ATTEMPTS, RAND_pseudo_bytes(), session_id_prefix, and SSL_has_matching_session_id(). Referenced by MAIN(). 01997 { 01998 unsigned int count = 0; 01999 do { 02000 RAND_pseudo_bytes(id, *id_len); 02001 /* Prefix the session_id with the required prefix. NB: If our 02002 * prefix is too long, clip it - but there will be worse effects 02003 * anyway, eg. the server could only possibly create 1 session 02004 * ID (ie. the prefix!) so all future session negotiations will 02005 * fail due to conflicts. */ 02006 memcpy(id, session_id_prefix, 02007 (strlen(session_id_prefix) < *id_len) ? 02008 strlen(session_id_prefix) : *id_len); 02009 } 02010 while(SSL_has_matching_session_id(ssl, id, *id_len) && 02011 (++count < MAX_SESSION_ID_ATTEMPTS)); 02012 if(count >= MAX_SESSION_ID_ATTEMPTS) 02013 return 0; 02014 return 1; 02015 }
|
|
|
Definition at line 219 of file s_server.c. References BN_bin2bn(), dh512_g, dh512_p, DH_new(), dh_st::g, and dh_st::p. Referenced by ctx_set_dh(), main(), and MAIN(). 00220 { 00221 DH *dh=NULL; 00222 00223 if ((dh=DH_new()) == NULL) return(NULL); 00224 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); 00225 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); 00226 if ((dh->p == NULL) || (dh->g == NULL)) 00227 return(NULL); 00228 return(dh); 00229 }
|
|
|
Definition at line 1480 of file s_server.c. References bio_err, BIO_printf(), BIO_sock_should_retry(), kssl_ctx_st::client_princ, ERR_print_errors(), ssl_st::hit, ssl_st::kssl_ctx, MS_STATIC, PEM_write_bio_SSL_SESSION, SSL_accept(), SSL_CIPHER_get_name(), SSL_ctrl(), SSL_CTRL_GET_FLAGS, SSL_get_current_cipher(), SSL_get_peer_certificate(), SSL_get_session(), SSL_get_shared_ciphers(), SSL_get_verify_result(), TLS1_FLAGS_TLS_PADDING_BUG, verify_error, X509_get_issuer_name(), X509_get_subject_name(), X509_NAME_oneline(), X509_V_OK, and X509_verify_cert_error_string(). Referenced by sv_body(). 01481 { 01482 int i; 01483 const char *str; 01484 X509 *peer; 01485 long verify_error; 01486 MS_STATIC char buf[BUFSIZ]; 01487 01488 if ((i=SSL_accept(con)) <= 0) 01489 { 01490 if (BIO_sock_should_retry(i)) 01491 { 01492 BIO_printf(bio_s_out,"DELAY\n"); 01493 return(1); 01494 } 01495 01496 BIO_printf(bio_err,"ERROR\n"); 01497 verify_error=SSL_get_verify_result(con); 01498 if (verify_error != X509_V_OK) 01499 { 01500 BIO_printf(bio_err,"verify error:%s\n", 01501 X509_verify_cert_error_string(verify_error)); 01502 } 01503 else 01504 ERR_print_errors(bio_err); 01505 return(0); 01506 } 01507 01508 PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con)); 01509 01510 peer=SSL_get_peer_certificate(con); 01511 if (peer != NULL) 01512 { 01513 BIO_printf(bio_s_out,"Client certificate\n"); 01514 PEM_write_bio_X509(bio_s_out,peer); 01515 X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); 01516 BIO_printf(bio_s_out,"subject=%s\n",buf); 01517 X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); 01518 BIO_printf(bio_s_out,"issuer=%s\n",buf); 01519 X509_free(peer); 01520 } 01521 01522 if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) 01523 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); 01524 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 01525 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); 01526 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); 01527 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & 01528 TLS1_FLAGS_TLS_PADDING_BUG) 01529 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); 01530 #ifndef OPENSSL_NO_KRB5 01531 if (con->kssl_ctx->client_princ != NULL) 01532 { 01533 BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", 01534 con->kssl_ctx->client_princ); 01535 } 01536 #endif /* OPENSSL_NO_KRB5 */ 01537 return(1); 01538 }
|
|
|
Definition at line 1541 of file s_server.c. References BIO_free(), and BIO_new_file(). Referenced by MAIN(). 01542 { 01543 DH *ret=NULL; 01544 BIO *bio; 01545 01546 if ((bio=BIO_new_file(dhfile,"r")) == NULL) 01547 goto err; 01548 ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); 01549 err: 01550 if (bio != NULL) BIO_free(bio); 01551 return(ret); 01552 }
|
|
||||||||||||
|
|
|
||||||||||||
|
Definition at line 1117 of file s_server.c. References BIO_printf(), SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_cache_full, SSL_CTX_sess_cb_hits, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_get_cache_size, SSL_CTX_sess_hits, SSL_CTX_sess_misses, SSL_CTX_sess_number, and SSL_CTX_sess_timeouts. Referenced by main(), MAIN(), sv_body(), and www_body(). 01118 { 01119 BIO_printf(bio,"%4ld items in the session cache\n", 01120 SSL_CTX_sess_number(ssl_ctx)); 01121 BIO_printf(bio,"%4ld client connects (SSL_connect())\n", 01122 SSL_CTX_sess_connect(ssl_ctx)); 01123 BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n", 01124 SSL_CTX_sess_connect_renegotiate(ssl_ctx)); 01125 BIO_printf(bio,"%4ld client connects that finished\n", 01126 SSL_CTX_sess_connect_good(ssl_ctx)); 01127 BIO_printf(bio,"%4ld server accepts (SSL_accept())\n", 01128 SSL_CTX_sess_accept(ssl_ctx)); 01129 BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n", 01130 SSL_CTX_sess_accept_renegotiate(ssl_ctx)); 01131 BIO_printf(bio,"%4ld server accepts that finished\n", 01132 SSL_CTX_sess_accept_good(ssl_ctx)); 01133 BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); 01134 BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); 01135 BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); 01136 BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); 01137 BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n", 01138 SSL_CTX_sess_cache_full(ssl_ctx), 01139 SSL_CTX_sess_get_cache_size(ssl_ctx)); 01140 }
|
|
||||||||||||||||
|
Definition at line 1142 of file s_server.c. References ascii2ebcdic, BIO_ctrl(), BIO_CTRL_DGRAM_MTU_DISCOVER, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, bio_dump_callback(), bio_err, BIO_f_nbio_test(), BIO_new(), BIO_new_dgram(), BIO_new_socket(), BIO_NOCLOSE, BIO_printf(), BIO_push(), BIO_set_callback, BIO_set_callback_arg, BIO_socket_ioctl(), BIO_write(), bufsize, close_accept_socket(), ssl_st::debug, DGRAM_RCV_TIMEOUT, DGRAM_SND_TIMEOUT, DTLS1_VERSION, ebcdic2ascii, enable_timeouts, ERR_print_errors(), init_ssl_connection(), k, KRB5KEYTAB, KRB5SVC, ssl_st::kssl_ctx, kssl_ctx_new(), kssl_ctx_setstring(), KSSL_KEYTAB, KSSL_SERVICE, msg_cb(), mtu, OPENSSL_cleanse(), OPENSSL_free, OPENSSL_malloc, print_stats(), read(), s_crlf, s_debug, s_msg, s_nbio_test, s_quiet, SSL_clear(), SSL_do_handshake(), SSL_ERROR_NONE, SSL_ERROR_SSL, SSL_ERROR_SYSCALL, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE, SSL_ERROR_WANT_X509_LOOKUP, SSL_ERROR_ZERO_RETURN, SSL_free(), SSL_get_error(), SSL_get_rbio(), SSL_get_SSL_CTX(), SSL_get_wbio(), SSL_is_init_finished, SSL_new(), SSL_OP_COOKIE_EXCHANGE, SSL_OP_NO_QUERY_MTU, SSL_pending(), SSL_read(), SSL_RECEIVED_SHUTDOWN, SSL_renegotiate(), SSL_SENT_SHUTDOWN, SSL_set_accept_state(), SSL_set_bio(), SSL_set_msg_callback(), SSL_set_msg_callback_arg, SSL_set_mtu, SSL_set_options, SSL_set_session_id_context(), SSL_set_shutdown(), SSL_set_verify(), SSL_shutdown(), SSL_VERIFY_CLIENT_ONCE, SSL_VERIFY_PEER, SSL_version(), SSL_write(), and test. Referenced by MAIN(). 01143 { 01144 char *buf=NULL; 01145 fd_set readfds; 01146 int ret=1,width; 01147 int k,i; 01148 unsigned long l; 01149 SSL *con=NULL; 01150 BIO *sbio; 01151 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) 01152 struct timeval tv; 01153 #endif 01154 01155 if ((buf=OPENSSL_malloc(bufsize)) == NULL) 01156 { 01157 BIO_printf(bio_err,"out of memory\n"); 01158 goto err; 01159 } 01160 #ifdef FIONBIO 01161 if (s_nbio) 01162 { 01163 unsigned long sl=1; 01164 01165 if (!s_quiet) 01166 BIO_printf(bio_err,"turning on non blocking io\n"); 01167 if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 01168 ERR_print_errors(bio_err); 01169 } 01170 #endif 01171 01172 if (con == NULL) { 01173 con=SSL_new(ctx); 01174 #ifndef OPENSSL_NO_KRB5 01175 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) 01176 { 01177 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, 01178 KRB5SVC); 01179 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, 01180 KRB5KEYTAB); 01181 } 01182 #endif /* OPENSSL_NO_KRB5 */ 01183 if(context) 01184 SSL_set_session_id_context(con, context, 01185 strlen((char *)context)); 01186 } 01187 SSL_clear(con); 01188 01189 if (SSL_version(con) == DTLS1_VERSION) 01190 { 01191 struct timeval timeout; 01192 01193 sbio=BIO_new_dgram(s,BIO_NOCLOSE); 01194 01195 if ( enable_timeouts) 01196 { 01197 timeout.tv_sec = 0; 01198 timeout.tv_usec = DGRAM_RCV_TIMEOUT; 01199 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 01200 01201 timeout.tv_sec = 0; 01202 timeout.tv_usec = DGRAM_SND_TIMEOUT; 01203 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 01204 } 01205 01206 01207 if ( mtu > 0) 01208 { 01209 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 01210 SSL_set_mtu(con, mtu); 01211 } 01212 else 01213 /* want to do MTU discovery */ 01214 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 01215 01216 /* turn on cookie exchange */ 01217 SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); 01218 } 01219 else 01220 sbio=BIO_new_socket(s,BIO_NOCLOSE); 01221 01222 if (s_nbio_test) 01223 { 01224 BIO *test; 01225 01226 test=BIO_new(BIO_f_nbio_test()); 01227 sbio=BIO_push(test,sbio); 01228 } 01229 SSL_set_bio(con,sbio,sbio); 01230 SSL_set_accept_state(con); 01231 /* SSL_set_fd(con,s); */ 01232 01233 if (s_debug) 01234 { 01235 con->debug=1; 01236 BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); 01237 BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out); 01238 } 01239 if (s_msg) 01240 { 01241 SSL_set_msg_callback(con, msg_cb); 01242 SSL_set_msg_callback_arg(con, bio_s_out); 01243 } 01244 01245 width=s+1; 01246 for (;;) 01247 { 01248 int read_from_terminal; 01249 int read_from_sslcon; 01250 01251 read_from_terminal = 0; 01252 read_from_sslcon = SSL_pending(con); 01253 01254 if (!read_from_sslcon) 01255 { 01256 FD_ZERO(&readfds); 01257 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) 01258 FD_SET(fileno(stdin),&readfds); 01259 #endif 01260 FD_SET(s,&readfds); 01261 /* Note: under VMS with SOCKETSHR the second parameter is 01262 * currently of type (int *) whereas under other systems 01263 * it is (void *) if you don't have a cast it will choke 01264 * the compiler: if you do have a cast then you can either 01265 * go for (int *) or (void *). 01266 */ 01267 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) 01268 /* Under DOS (non-djgpp) and Windows we can't select on stdin: only 01269 * on sockets. As a workaround we timeout the select every 01270 * second and check for any keypress. In a proper Windows 01271 * application we wouldn't do this because it is inefficient. 01272 */ 01273 tv.tv_sec = 1; 01274 tv.tv_usec = 0; 01275 i=select(width,(void *)&readfds,NULL,NULL,&tv); 01276 if((i < 0) || (!i && !_kbhit() ) )continue; 01277 if(_kbhit()) 01278 read_from_terminal = 1; 01279 #else 01280 i=select(width,(void *)&readfds,NULL,NULL,NULL); 01281 if (i <= 0) continue; 01282 if (FD_ISSET(fileno(stdin),&readfds)) 01283 read_from_terminal = 1; 01284 #endif 01285 if (FD_ISSET(s,&readfds)) 01286 read_from_sslcon = 1; 01287 } 01288 if (read_from_terminal) 01289 { 01290 if (s_crlf) 01291 { 01292 int j, lf_num; 01293 01294 i=read(fileno(stdin), buf, bufsize/2); 01295 lf_num = 0; 01296 /* both loops are skipped when i <= 0 */ 01297 for (j = 0; j < i; j++) 01298 if (buf[j] == '\n') 01299 lf_num++; 01300 for (j = i-1; j >= 0; j--) 01301 { 01302 buf[j+lf_num] = buf[j]; 01303 if (buf[j] == '\n') 01304 { 01305 lf_num--; 01306 i++; 01307 buf[j+lf_num] = '\r'; 01308 } 01309 } 01310 assert(lf_num == 0); 01311 } 01312 else 01313 i=read(fileno(stdin),buf,bufsize); 01314 if (!s_quiet) 01315 { 01316 if ((i <= 0) || (buf[0] == 'Q')) 01317 { 01318 BIO_printf(bio_s_out,"DONE\n"); 01319 SHUTDOWN(s); 01320 close_accept_socket(); 01321 ret= -11; 01322 goto err; 01323 } 01324 if ((i <= 0) || (buf[0] == 'q')) 01325 { 01326 BIO_printf(bio_s_out,"DONE\n"); 01327 if (SSL_version(con) != DTLS1_VERSION) 01328 SHUTDOWN(s); 01329 /* close_accept_socket(); 01330 ret= -11;*/ 01331 goto err; 01332 } 01333 if ((buf[0] == 'r') && 01334 ((buf[1] == '\n') || (buf[1] == '\r'))) 01335 { 01336 SSL_renegotiate(con); 01337 i=SSL_do_handshake(con); 01338 printf("SSL_do_handshake -> %d\n",i); 01339 i=0; /*13; */ 01340 continue; 01341 /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ 01342 } 01343 if ((buf[0] == 'R') && 01344 ((buf[1] == '\n') || (buf[1] == '\r'))) 01345 { 01346 SSL_set_verify(con, 01347 SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); 01348 SSL_renegotiate(con); 01349 i=SSL_do_handshake(con); 01350 printf("SSL_do_handshake -> %d\n",i); 01351 i=0; /* 13; */ 01352 continue; 01353 /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ 01354 } 01355 if (buf[0] == 'P') 01356 { 01357 static const char *str="Lets print some clear text\n"; 01358 BIO_write(SSL_get_wbio(con),str,strlen(str)); 01359 } 01360 if (buf[0] == 'S') 01361 { 01362 print_stats(bio_s_out,SSL_get_SSL_CTX(con)); 01363 } 01364 } 01365 #ifdef CHARSET_EBCDIC 01366 ebcdic2ascii(buf,buf,i); 01367 #endif 01368 l=k=0; 01369 for (;;) 01370 { 01371 /* should do a select for the write */ 01372 #ifdef RENEG 01373 { static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } } 01374 #endif 01375 k=SSL_write(con,&(buf[l]),(unsigned int)i); 01376 switch (SSL_get_error(con,k)) 01377 { 01378 case SSL_ERROR_NONE: 01379 break; 01380 case SSL_ERROR_WANT_WRITE: 01381 case SSL_ERROR_WANT_READ: 01382 case SSL_ERROR_WANT_X509_LOOKUP: 01383 BIO_printf(bio_s_out,"Write BLOCK\n"); 01384 break; 01385 case SSL_ERROR_SYSCALL: 01386 case SSL_ERROR_SSL: 01387 BIO_printf(bio_s_out,"ERROR\n"); 01388 ERR_print_errors(bio_err); 01389 ret=1; 01390 goto err; 01391 /* break; */ 01392 case SSL_ERROR_ZERO_RETURN: 01393 BIO_printf(bio_s_out,"DONE\n"); 01394 ret=1; 01395 goto err; 01396 } 01397 l+=k; 01398 i-=k; 01399 if (i <= 0) break; 01400 } 01401 } 01402 if (read_from_sslcon) 01403 { 01404 if (!SSL_is_init_finished(con)) 01405 { 01406 i=init_ssl_connection(con); 01407 01408 if (i < 0) 01409 { 01410 ret=0; 01411 goto err; 01412 } 01413 else if (i == 0) 01414 { 01415 ret=1; 01416 goto err; 01417 } 01418 } 01419 else 01420 { 01421 again: 01422 i=SSL_read(con,(char *)buf,bufsize); 01423 switch (SSL_get_error(con,i)) 01424 { 01425 case SSL_ERROR_NONE: 01426 #ifdef CHARSET_EBCDIC 01427 ascii2ebcdic(buf,buf,i); 01428 #endif 01429 write(fileno(stdout),buf, 01430 (unsigned int)i); 01431 if (SSL_pending(con)) goto again; 01432 break; 01433 case SSL_ERROR_WANT_WRITE: 01434 case SSL_ERROR_WANT_READ: 01435 case SSL_ERROR_WANT_X509_LOOKUP: 01436 BIO_printf(bio_s_out,"Read BLOCK\n"); 01437 break; 01438 case SSL_ERROR_SYSCALL: 01439 case SSL_ERROR_SSL: 01440 BIO_printf(bio_s_out,"ERROR\n"); 01441 ERR_print_errors(bio_err); 01442 ret=1; 01443 goto err; 01444 case SSL_ERROR_ZERO_RETURN: 01445 BIO_printf(bio_s_out,"DONE\n"); 01446 ret=1; 01447 goto err; 01448 } 01449 } 01450 } 01451 } 01452 err: 01453 BIO_printf(bio_s_out,"shutting down SSL\n"); 01454 #if 1 01455 SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 01456 #else 01457 SSL_shutdown(con); 01458 #endif 01459 if (con != NULL) SSL_free(con); 01460 BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); 01461 if (buf != NULL) 01462 { 01463 OPENSSL_cleanse(buf,bufsize); 01464 OPENSSL_free(buf); 01465 } 01466 if (ret >= 0) 01467 BIO_printf(bio_s_out,"ACCEPT\n"); 01468 return(ret); 01469 }
|
|
|
Definition at line 306 of file s_server.c. References bio_err, BIO_printf(), LIST_SEPARATOR_CHAR, PORT, and TEST_CERT. Referenced by main(), and MAIN(). 00307 { 00308 BIO_printf(bio_err,"usage: s_server [args ...]\n"); 00309 BIO_printf(bio_err,"\n"); 00310 BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); 00311 BIO_printf(bio_err," -context arg - set session ID context\n"); 00312 BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); 00313 BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); 00314 BIO_printf(bio_err," -cert arg - certificate file to use\n"); 00315 BIO_printf(bio_err," (default is %s)\n",TEST_CERT); 00316 BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); 00317 BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); 00318 BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); 00319 BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); 00320 BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); 00321 BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); 00322 BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n"); 00323 BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); 00324 BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); 00325 BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n"); 00326 BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); 00327 BIO_printf(bio_err," or a default set of parameters is used\n"); 00328 #ifndef OPENSSL_NO_ECDH 00329 BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ 00330 " Use \"openssl ecparam -list_curves\" for all names\n" \ 00331 " (default is sect163r2).\n"); 00332 #endif 00333 #ifdef FIONBIO 00334 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); 00335 #endif 00336 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); 00337 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); 00338 BIO_printf(bio_err," -debug - Print more output\n"); 00339 BIO_printf(bio_err," -msg - Show protocol messages\n"); 00340 BIO_printf(bio_err," -state - Print the SSL states\n"); 00341 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); 00342 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); 00343 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); 00344 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); 00345 BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); 00346 BIO_printf(bio_err," -quiet - No server output\n"); 00347 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); 00348 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); 00349 BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); 00350 BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); 00351 BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); 00352 BIO_printf(bio_err," -timeout - Enable timeouts\n"); 00353 BIO_printf(bio_err," -mtu - Set MTU\n"); 00354 BIO_printf(bio_err," -chain - Read a certificate chain\n"); 00355 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); 00356 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); 00357 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); 00358 #ifndef OPENSSL_NO_DH 00359 BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); 00360 #endif 00361 #ifndef OPENSSL_NO_ECDH 00362 BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); 00363 #endif 00364 BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); 00365 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); 00366 BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 00367 BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 00368 BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); 00369 #ifndef OPENSSL_NO_ENGINE 00370 BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); 00371 #endif 00372 BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); 00373 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 00374 }
|
|
||||||||||||||||
|
Definition at line 1963 of file s_server.c. References bio_err, BIO_flush, BIO_printf(), BN_free(), BN_new(), BN_set_word(), RSA_F4, RSA_free(), RSA_generate_key_ex(), RSA_new(), rsa_tmp, s_quiet, and void(). Referenced by main(), and MAIN(). 01964 { 01965 BIGNUM *bn = NULL; 01966 static RSA *rsa_tmp=NULL; 01967 01968 if (!rsa_tmp && ((bn = BN_new()) == NULL)) 01969 BIO_printf(bio_err,"Allocation error in generating RSA key\n"); 01970 if (!rsa_tmp && bn) 01971 { 01972 if (!s_quiet) 01973 { 01974 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 01975 (void)BIO_flush(bio_err); 01976 } 01977 if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || 01978 !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) 01979 { 01980 if(rsa_tmp) RSA_free(rsa_tmp); 01981 rsa_tmp = NULL; 01982 } 01983 if (!s_quiet) 01984 { 01985 BIO_printf(bio_err,"\n"); 01986 (void)BIO_flush(bio_err); 01987 } 01988 BN_free(bn); 01989 } 01990 return(rsa_tmp); 01991 }
|
|
||||||||||||||||