X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=apps%2Fs_server.c;h=5ac3d8f72d7c8abf2eb6fd5cc07d4d6b23af89d6;hb=54dbf42398e23349b59f258a3dd60387bbc5ba13;hp=3c5b4222ef23a8df9230a6fac171b096cacc46a5;hpb=dba317774555fbd5bccdfc5270fc486e0d02d9db;p=openssl.git diff --git a/apps/s_server.c b/apps/s_server.c index 3c5b4222ef..5ac3d8f72d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -185,18 +185,10 @@ typedef unsigned int u_int; #include "s_apps.h" #include "timeouts.h" -#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) -/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ -# undef FIONBIO -#endif - static int not_resumable_sess_cb(SSL *s, int is_forward_secure); -static int sv_body(const char *hostname, int s, int stype, - unsigned char *context); -static int www_body(const char *hostname, int s, int stype, - unsigned char *context); -static int rev_body(const char *hostname, int s, int stype, - unsigned char *context); +static int sv_body(int s, int stype, unsigned char *context); +static int www_body(int s, int stype, unsigned char *context); +static int rev_body(int s, int stype, unsigned char *context); static void close_accept_socket(void); static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp, SSL_CTX *ctx); @@ -229,9 +221,7 @@ static const char *s_cert_file = TEST_CERT, *s_key_file = static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; -#ifdef FIONBIO static int s_nbio = 0; -#endif static int s_nbio_test = 0; static int s_crlf = 0; static SSL_CTX *ctx = NULL; @@ -355,6 +345,8 @@ typedef struct srpsrvparm_st { static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) { srpsrvparm *p = (srpsrvparm *) arg; + int ret = SSL3_AL_FATAL; + if (p->login == NULL && p->user == NULL) { p->login = SSL_get_srp_username(s); BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); @@ -363,21 +355,25 @@ static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) if (p->user == NULL) { BIO_printf(bio_err, "User %s doesn't exist\n", p->login); - return SSL3_AL_FATAL; + goto err; } + if (SSL_set_srp_server_param (s, p->user->N, p->user->g, p->user->s, p->user->v, p->user->info) < 0) { *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; + goto err; } BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info); - /* need to check whether there are memory leaks */ + ret = SSL_ERROR_NONE; + +err: + SRP_user_pwd_free(p->user); p->user = NULL; p->login = NULL; - return SSL_ERROR_NONE; + return ret; } #endif @@ -945,9 +941,7 @@ OPTIONS s_server_options[] = { OPT_S_OPTIONS, OPT_V_OPTIONS, OPT_X_OPTIONS, -#ifdef FIONBIO {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, -#endif #ifndef OPENSSL_NO_PSK {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, @@ -993,9 +987,9 @@ OPTIONS s_server_options[] = { #ifndef OPENSSL_NO_SRTP {"use_srtp", OPT_SRTP_PROFILES, 's', "Offer SRTP key management with a colon-separated profile list"}, +#endif {"alpn", OPT_ALPN, 's', "Set the advertised protocols for the ALPN extension (comma-separated list)"}, -#endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif @@ -1027,8 +1021,7 @@ int s_server_main(int argc, char *argv[]) #ifdef AF_UNIX int unlink_unix_path = 0; #endif - int (*server_cb) (const char *hostname, int s, int stype, - unsigned char *context); + do_server_cb server_cb; int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0; #ifndef OPENSSL_NO_DH int no_dhe = 0; @@ -1339,9 +1332,8 @@ int s_server_main(int argc, char *argv[]) case OPT_TRACE: #ifndef OPENSSL_NO_SSL_TRACE s_msg = 2; -#else - break; #endif + break; case OPT_SECURITY_DEBUG: sdebug = 1; break; @@ -1498,7 +1490,9 @@ int s_server_main(int argc, char *argv[]) alpn_in = opt_arg(); break; case OPT_SRTP_PROFILES: +#ifndef OPENSSL_NO_SRTP srtp_profiles = opt_arg(); +#endif break; case OPT_KEYMATEXPORT: keymatexportlabel = opt_arg(); @@ -1557,14 +1551,14 @@ int s_server_main(int argc, char *argv[]) } s_cert = load_cert(s_cert_file, s_cert_format, - NULL, e, "server certificate file"); + "server certificate file"); if (!s_cert) { ERR_print_errors(bio_err); goto end; } if (s_chain_file) { - if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e, + if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, "server certificate chain")) goto end; } @@ -1578,7 +1572,7 @@ int s_server_main(int argc, char *argv[]) } s_cert2 = load_cert(s_cert_file2, s_cert_format, - NULL, e, "second server certificate file"); + "second server certificate file"); if (!s_cert2) { ERR_print_errors(bio_err); @@ -1636,14 +1630,14 @@ int s_server_main(int argc, char *argv[]) } s_dcert = load_cert(s_dcert_file, s_dcert_format, - NULL, e, "second server certificate file"); + "second server certificate file"); if (!s_dcert) { ERR_print_errors(bio_err); goto end; } if (s_dchain_file) { - if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e, + if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, "second server certificate chain")) goto end; } @@ -1896,8 +1890,7 @@ int s_server_main(int argc, char *argv[]) not_resumable_sess_cb); } #ifndef OPENSSL_NO_PSK - if (psk_key != NULL) - { + if (psk_key != NULL) { if (s_debug) BIO_printf(bio_s_out, "PSK key given, setting server callback\n"); @@ -2054,8 +2047,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) SSL_CTX_sess_get_cache_size(ssl_ctx)); } -static int sv_body(const char *hostname, int s, int stype, - unsigned char *context) +static int sv_body(int s, int stype, unsigned char *context) { char *buf = NULL; fd_set readfds; @@ -2072,16 +2064,12 @@ static int sv_body(const char *hostname, int s, int stype, #endif buf = app_malloc(bufsize, "server buffer"); -#ifdef FIONBIO if (s_nbio) { - unsigned long sl = 1; - - if (!s_quiet) - BIO_printf(bio_err, "turning on non blocking io\n"); - if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0) + if (!BIO_socket_nbio(s, 1)) ERR_print_errors(bio_err); + else if (!s_quiet) + BIO_printf(bio_err, "Turned on non blocking io\n"); } -#endif if (con == NULL) { con = SSL_new(ctx); @@ -2331,9 +2319,10 @@ static int sv_body(const char *hostname, int s, int stype, #ifndef OPENSSL_NO_SRP while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during write\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2399,9 +2388,10 @@ static int sv_body(const char *hostname, int s, int stype, #ifndef OPENSSL_NO_SRP while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2526,9 +2516,10 @@ static int init_ssl_connection(SSL *con) while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2644,8 +2635,7 @@ static DH *load_dh_param(const char *dhfile) } #endif -static int www_body(const char *hostname, int s, int stype, - unsigned char *context) +static int www_body(int s, int stype, unsigned char *context) { char *buf = NULL; int ret = 1; @@ -2668,16 +2658,12 @@ static int www_body(const char *hostname, int s, int stype, if ((io == NULL) || (ssl_bio == NULL)) goto err; -#ifdef FIONBIO if (s_nbio) { - unsigned long sl = 1; - - if (!s_quiet) - BIO_printf(bio_err, "turning on non blocking io\n"); - if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0) + if (!BIO_socket_nbio(s, 1)) ERR_print_errors(bio_err); + else if (!s_quiet) + BIO_printf(bio_err, "Turned on non blocking io\n"); } -#endif /* lets make the output buffer a reasonable size */ if (!BIO_set_write_buffer_size(io, bufsize)) @@ -2739,9 +2725,10 @@ static int www_body(const char *hostname, int s, int stype, if (BIO_should_io_special(io) && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -3032,8 +3019,7 @@ static int www_body(const char *hostname, int s, int stype, return (ret); } -static int rev_body(const char *hostname, int s, int stype, - unsigned char *context) +static int rev_body(int s, int stype, unsigned char *context) { char *buf = NULL; int i; @@ -3101,9 +3087,10 @@ static int rev_body(const char *hostname, int s, int stype, if (BIO_should_io_special(io) && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during accept\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -3129,9 +3116,10 @@ static int rev_body(const char *hostname, int s, int stype, if (BIO_should_io_special(io) && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);