static unsigned int split_send_fragment = 0;
static unsigned int max_pipelines = 0;
-#ifndef OPENSSL_NO_ENGINE
-static char *engine_id = NULL;
-#endif
static const char *session_id_prefix = NULL;
#ifndef OPENSSL_NO_DTLS
unsigned char *psk,
unsigned int max_psk_len)
{
- unsigned int psk_len = 0;
- int ret;
- BIGNUM *bn = NULL;
+ long key_len = 0;
+ unsigned char *key;
if (s_debug)
BIO_printf(bio_s_out, "psk_server_cb\n");
BIO_printf(bio_s_out, "PSK client identity found\n");
/* convert the PSK key to binary */
- ret = BN_hex2bn(&bn, psk_key);
- if (!ret) {
- BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
+ key = OPENSSL_hexstr2buf(psk_key, &key_len);
+ if (key == NULL) {
+ BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
psk_key);
- BN_free(bn);
return 0;
}
- if (BN_num_bytes(bn) > (int)max_psk_len) {
+ if (key_len > (int)max_psk_len) {
BIO_printf(bio_err,
- "psk buffer of callback is too small (%d) for key (%d)\n",
- max_psk_len, BN_num_bytes(bn));
- BN_free(bn);
+ "psk buffer of callback is too small (%d) for key (%ld)\n",
+ max_psk_len, key_len);
+ OPENSSL_free(key);
return 0;
}
- ret = BN_bn2bin(bn, psk);
- BN_free(bn);
-
- if (ret < 0)
- goto out_err;
- psk_len = (unsigned int)ret;
+ memcpy(psk, key, key_len);
+ OPENSSL_free(key);
if (s_debug)
- BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
- return psk_len;
+ BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
+ return key_len;
out_err:
if (s_debug)
BIO_printf(bio_err, "Error in PSK server callback\n");
async = 0;
split_send_fragment = 0;
max_pipelines = 0;
-#ifndef OPENSSL_NO_ENGINE
- engine_id = NULL;
-#endif
}
static int local_argc = 0;
BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
goto done;
}
- req = OCSP_REQUEST_new();
- if (req == NULL)
- goto err;
id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
X509_OBJECT_free(obj);
if (!id)
goto err;
+ req = OCSP_REQUEST_new();
+ if (req == NULL)
+ goto err;
if (!OCSP_request_add0_id(req, id))
goto err;
id = NULL;
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
- {NULL}
+ {NULL, OPT_EOF, 0, NULL}
};
int s_server_main(int argc, char *argv[])
{
- ENGINE *e = NULL;
+ ENGINE *engine = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
SSL_CONF_CTX *cctx = NULL;
const SSL_METHOD *meth = TLS_server_method();
session_id_prefix = opt_arg();
break;
case OPT_ENGINE:
- e = setup_engine(opt_arg(), 1);
+ engine = setup_engine(opt_arg(), 1);
break;
case OPT_RAND:
inrand = opt_arg();
goto end;
if (nocert == 0) {
- s_key = load_key(s_key_file, s_key_format, 0, pass, e,
+ s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
"server certificate private key file");
if (!s_key) {
ERR_print_errors(bio_err);
}
if (tlsextcbp.servername) {
- s_key2 = load_key(s_key_file2, s_key_format, 0, pass, e,
+ s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
"second server certificate private key file");
if (!s_key2) {
ERR_print_errors(bio_err);
s_dkey_file = s_dcert_file;
s_dkey = load_key(s_dkey_file, s_dkey_format,
- 0, dpass, e, "second certificate private key file");
+ 0, dpass, engine, "second certificate private key file");
if (!s_dkey) {
ERR_print_errors(bio_err);
goto end;
if (async)
SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC);
- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx2))) {
+ if (!ctx_set_verify_locations(ctx2, CAfile, CApath, noCAfile,
+ noCApath)) {
ERR_print_errors(bio_err);
+ goto end;
}
if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) {
BIO_printf(bio_err, "Error setting verify params\n");
tv.tv_sec = 1;
tv.tv_usec = 0;
i = select(width, (void *)&readfds, NULL, NULL, &tv);
- if ((i < 0) || (!i && !_kbhit()))
- continue;
- if (_kbhit())
+ if (has_stdin_waiting())
read_from_terminal = 1;
+ if ((i < 0) || (!i && !read_from_terminal))
+ continue;
#else
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
break;
case SSL_ERROR_WANT_ASYNC:
BIO_printf(bio_s_out, "Write BLOCK (Async)\n");
+ (void)BIO_flush(bio_s_out);
wait_for_async(con);
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_printf(bio_s_out, "Write BLOCK\n");
+ (void)BIO_flush(bio_s_out);
break;
case SSL_ERROR_WANT_ASYNC_JOB:
/*
ascii2ebcdic(buf, buf, i);
#endif
raw_write_stdout(buf, (unsigned int)i);
+ (void)BIO_flush(bio_s_out);
if (SSL_has_pending(con))
goto again;
break;
case SSL_ERROR_WANT_ASYNC:
BIO_printf(bio_s_out, "Read BLOCK (Async)\n");
+ (void)BIO_flush(bio_s_out);
wait_for_async(con);
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
BIO_printf(bio_s_out, "Read BLOCK\n");
+ (void)BIO_flush(bio_s_out);
break;
case SSL_ERROR_WANT_ASYNC_JOB:
/*
unsigned next_proto_neg_len;
#endif
unsigned char *exportedkeymat;
+ int retry = 0;
#ifndef OPENSSL_NO_DTLS
if(dtlslisten) {
BIO_ADDR_free(client);
dtlslisten = 0;
i = SSL_accept(con);
+ } else {
+ BIO_ADDR_free(client);
}
} else
#endif
do {
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
#ifdef CERT_CB_TEST_RETRY
{
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
BIO_printf(bio_err,
"LOOKUP from certificate callback during accept\n");
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
}
}
#endif
else
BIO_printf(bio_s_out, "LOOKUP not successful\n");
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
}
#endif
} while (i < 0 && SSL_waiting_for_async(con));
if (i <= 0) {
if ((dtlslisten && i == 0)
- || (!dtlslisten && BIO_sock_should_retry(i))) {
+ || (!dtlslisten && retry)) {
BIO_printf(bio_s_out, "DELAY\n");
return (1);
}
OPENSSL_free(exportedkeymat);
}
+ (void)BIO_flush(bio_s_out);
return (1);
}