static char *psk_identity = "Client_identity";
char *psk_key = NULL; /* by default PSK is not used */
+static char http_server_binmode = 0; /* for now: 0/1 = default/binary */
+
#ifndef OPENSSL_NO_PSK
static unsigned int psk_server_cb(SSL *ssl, const char *identity,
unsigned char *psk,
OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
- OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY,
+ OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG,
+ OPT_HTTP_SERVER_BINMODE,
OPT_R_ENUM,
OPT_S_ENUM,
OPT_V_ENUM,
#endif
#ifndef OPENSSL_NO_SCTP
{"sctp", OPT_SCTP, '-', "Use SCTP"},
+ {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
#endif
#ifndef OPENSSL_NO_DH
{"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
"The number of TLSv1.3 session tickets that a server will automatically issue" },
{"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"},
{"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"},
+ {"http_server_binmode", OPT_HTTP_SERVER_BINMODE, '-', "opening files in binary mode when acting as http server (-WWW and -HTTP)"},
{NULL, OPT_EOF, 0, NULL}
};
const char *keylog_file = NULL;
int max_early_data = -1, recv_max_early_data = -1;
char *psksessf = NULL;
+#ifndef OPENSSL_NO_SCTP
+ int sctp_label_bug = 0;
+#endif
/* Init of few remaining global variables */
local_argc = argc;
for (p = psk_key = opt_arg(); *p; p++) {
if (isxdigit(_UC(*p)))
continue;
- BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
+ BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
goto end;
}
break;
case OPT_SCTP:
#ifndef OPENSSL_NO_SCTP
protocol = IPPROTO_SCTP;
+#endif
+ break;
+ case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+ sctp_label_bug = 1;
#endif
break;
case OPT_TIMEOUT:
if (max_early_data == -1)
max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
break;
+ case OPT_HTTP_SERVER_BINMODE:
+ http_server_binmode = 1;
+ break;
}
}
argc = opt_num_rest();
goto end;
}
}
+
+#ifndef OPENSSL_NO_SCTP
+ if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+ SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
if (min_version != 0
&& SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto end;
*/
goto err;
}
-#ifndef OPENSSL_NO_HEARTBEATS
- if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
- BIO_printf(bio_err, "HEARTBEATING\n");
- SSL_heartbeat(con);
- i = 0;
- continue;
- }
-#endif
if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
SSL_renegotiate(con);
i = SSL_do_handshake(con);
#ifndef OPENSSL_NO_KTLS
if (BIO_get_ktls_send(SSL_get_wbio(con)))
BIO_printf(bio_err, "Using Kernel TLS for sending\n");
+ if (BIO_get_ktls_recv(SSL_get_rbio(con)))
+ BIO_printf(bio_err, "Using Kernel TLS for receiving\n");
#endif
(void)BIO_flush(bio_s_out);
#endif
int width;
fd_set readfds;
+ const char *opmode;
/* Set width for a select call if needed */
width = s + 1;
break;
}
- if ((file = BIO_new_file(p, "r")) == NULL) {
+ opmode = (http_server_binmode == 1) ? "rb" : "r";
+ if ((file = BIO_new_file(p, opmode)) == NULL) {
BIO_puts(io, text);
- BIO_printf(io, "Error opening '%s'\r\n", p);
+ BIO_printf(io, "Error opening '%s' mode='%s'\r\n", p, opmode);
ERR_print_errors(io);
break;
}