- fprintf(fp,"%4ld items in the session cache\n",
- SSL_CTX_sess_number(ctx));
- fprintf(fp,"%4d client connects (SSL_connect())\n",
- SSL_CTX_sess_connect(ctx));
- fprintf(fp,"%4d client connects that finished\n",
- SSL_CTX_sess_connect_good(ctx));
- fprintf(fp,"%4d server connects (SSL_accept())\n",
- SSL_CTX_sess_accept(ctx));
- fprintf(fp,"%4d server connects that finished\n",
- SSL_CTX_sess_accept_good(ctx));
- fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
- fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
- fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
- }
-
-static void sv_usage()
- {
- fprintf(stderr,"usage: ssltest [args ...]\n");
- fprintf(stderr,"\n");
- fprintf(stderr," -server_auth - check server certificate\n");
- fprintf(stderr," -client_auth - do client authentication\n");
- fprintf(stderr," -v - more output\n");
- fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
- fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
- fprintf(stderr," -threads arg - number of threads\n");
- fprintf(stderr," -loops arg - number of 'connections', per thread\n");
- fprintf(stderr," -reconnect - reuse session-id's\n");
- fprintf(stderr," -stats - server session-id cache stats\n");
- fprintf(stderr," -cert arg - server certificate/key\n");
- fprintf(stderr," -ccert arg - client certificate/key\n");
- fprintf(stderr," -ssl3 - just SSLv3n\n");
- }
-
-int main(argc, argv)
-int argc;
-char *argv[];
- {
- char *CApath=NULL,*CAfile=NULL;
- int badop=0;
- int ret=1;
- int client_auth=0;
- int server_auth=0;
- SSL_CTX *s_ctx=NULL;
- SSL_CTX *c_ctx=NULL;
- char *scert=TEST_SERVER_CERT;
- char *ccert=TEST_CLIENT_CERT;
- SSL_METHOD *ssl_method=SSLv23_method();
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
- if (bio_stdout == NULL)
- bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
- argc--;
- argv++;
-
- while (argc >= 1)
- {
- if (strcmp(*argv,"-server_auth") == 0)
- server_auth=1;
- else if (strcmp(*argv,"-client_auth") == 0)
- client_auth=1;
- else if (strcmp(*argv,"-reconnect") == 0)
- reconnect=1;
- else if (strcmp(*argv,"-stats") == 0)
- cache_stats=1;
- else if (strcmp(*argv,"-ssl3") == 0)
- ssl_method=SSLv3_method();
- else if (strcmp(*argv,"-ssl2") == 0)
- ssl_method=SSLv2_method();
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- scert= *(++argv);
- }
- else if (strcmp(*argv,"-ccert") == 0)
- {
- if (--argc < 1) goto bad;
- ccert= *(++argv);
- }
- else if (strcmp(*argv,"-threads") == 0)
- {
- if (--argc < 1) goto bad;
- thread_number= atoi(*(++argv));
- if (thread_number == 0) thread_number=1;
- if (thread_number > MAX_THREAD_NUMBER)
- thread_number=MAX_THREAD_NUMBER;
- }
- else if (strcmp(*argv,"-loops") == 0)
- {
- if (--argc < 1) goto bad;
- number_of_loops= atoi(*(++argv));
- if (number_of_loops == 0) number_of_loops=1;
- }
- else
- {
- fprintf(stderr,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
- argc--;
- argv++;
- }
- if (badop)
- {
-bad:
- sv_usage();
- goto end;
- }
-
- if (cipher == NULL) cipher=getenv("SSL_CIPHER");
-
- SSL_load_error_strings();
- SSLeay_add_ssl_algorithms();
-
- c_ctx=SSL_CTX_new(ssl_method);
- s_ctx=SSL_CTX_new(ssl_method);
- if ((c_ctx == NULL) || (s_ctx == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- SSL_CTX_set_session_cache_mode(s_ctx,
- SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
- SSL_CTX_set_session_cache_mode(c_ctx,
- SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
-
- SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM);
- SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM);
-
- if (client_auth)
- {
- SSL_CTX_use_certificate_file(c_ctx,ccert,
- SSL_FILETYPE_PEM);
- SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
- SSL_FILETYPE_PEM);
- }
-
- if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
- (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(c_ctx)))
- {
- fprintf(stderr,"SSL_load_verify_locations\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (client_auth)
- {
- fprintf(stderr,"client authentication\n");
- SSL_CTX_set_verify(s_ctx,
- SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
- verify_callback);
- }
- if (server_auth)
- {
- fprintf(stderr,"server authentication\n");
- SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
- verify_callback);
- }
-
- thread_setup();
- do_threads(s_ctx,c_ctx);
- thread_cleanup();
-end:
-
- if (c_ctx != NULL)
- {
- fprintf(stderr,"Client SSL_CTX stats then free it\n");
- print_stats(stderr,c_ctx);
- SSL_CTX_free(c_ctx);
- }
- if (s_ctx != NULL)
- {
- fprintf(stderr,"Server SSL_CTX stats then free it\n");
- print_stats(stderr,s_ctx);
- if (cache_stats)
- {
- fprintf(stderr,"-----\n");
- lh_stats(SSL_CTX_sessions(s_ctx),stderr);
- fprintf(stderr,"-----\n");
- /* lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
- fprintf(stderr,"-----\n"); */
- lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
- fprintf(stderr,"-----\n");
- }
- SSL_CTX_free(s_ctx);
- fprintf(stderr,"done free\n");
- }
- exit(ret);
- return(0);
- }
-
-#define W_READ 1
-#define W_WRITE 2
-#define C_DONE 1
-#define S_DONE 2
-
-int ndoit(ssl_ctx)
-SSL_CTX *ssl_ctx[2];
- {
- int i;
- int ret;
- char *ctx[4];
-
- ctx[0]=(char *)ssl_ctx[0];
- ctx[1]=(char *)ssl_ctx[1];
-
- if (reconnect)
- {
- ctx[2]=(char *)SSL_new(ssl_ctx[0]);
- ctx[3]=(char *)SSL_new(ssl_ctx[1]);
- }
- else
- {
- ctx[2]=NULL;
- ctx[3]=NULL;
- }
-
- fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
- for (i=0; i<number_of_loops; i++)
- {
-/* fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
- CRYPTO_thread_id(),i,
- ssl_ctx[0]->references,
- ssl_ctx[1]->references); */
- /* pthread_delay_np(&tm);*/
-
- ret=doit(ctx);
- if (ret != 0)
- {
- fprintf(stdout,"error[%d] %lu - %d\n",
- i,CRYPTO_thread_id(),ret);
- return(ret);
- }
- }
- fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
- if (reconnect)
- {
- SSL_free((SSL *)ctx[2]);
- SSL_free((SSL *)ctx[3]);
- }
- return(0);
- }
-
-int doit(ctx)
-char *ctx[4];
- {
- SSL_CTX *s_ctx,*c_ctx;
- static char cbuf[200],sbuf[200];
- SSL *c_ssl=NULL;
- SSL *s_ssl=NULL;
- BIO *c_to_s=NULL;
- BIO *s_to_c=NULL;
- BIO *c_bio=NULL;
- BIO *s_bio=NULL;
- int c_r,c_w,s_r,s_w;
- int c_want,s_want;
- int i;
- int done=0;
- int c_write,s_write;
- int do_server=0,do_client=0;
-
- s_ctx=(SSL_CTX *)ctx[0];
- c_ctx=(SSL_CTX *)ctx[1];
-
- if (ctx[2] != NULL)
- s_ssl=(SSL *)ctx[2];
- else
- s_ssl=SSL_new(s_ctx);
-
- if (ctx[3] != NULL)
- c_ssl=(SSL *)ctx[3];
- else
- c_ssl=SSL_new(c_ctx);
-
- if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
-
- c_to_s=BIO_new(BIO_s_mem());
- s_to_c=BIO_new(BIO_s_mem());
- if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
-
- c_bio=BIO_new(BIO_f_ssl());
- s_bio=BIO_new(BIO_f_ssl());
- if ((c_bio == NULL) || (s_bio == NULL)) goto err;
-
- SSL_set_connect_state(c_ssl);
- SSL_set_bio(c_ssl,s_to_c,c_to_s);
- BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl,c_to_s,s_to_c);
- BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
-
- c_r=0; s_r=1;
- c_w=1; s_w=0;
- c_want=W_WRITE;
- s_want=0;
- c_write=1,s_write=0;
-
- /* We can always do writes */
- for (;;)
- {
- do_server=0;
- do_client=0;
-
- i=(int)BIO_pending(s_bio);
- if ((i && s_r) || s_w) do_server=1;
-
- i=(int)BIO_pending(c_bio);
- if ((i && c_r) || c_w) do_client=1;
-
- if (do_server && verbose)
- {
- if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
- else if (s_write)
- printf("server:SSL_write()\n");
- else
- printf("server:SSL_read()\n");
- }
-
- if (do_client && verbose)
- {
- if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
- else if (c_write)
- printf("client:SSL_write()\n");
- else
- printf("client:SSL_read()\n");
- }
-
- if (!do_client && !do_server)
- {
- fprintf(stdout,"ERROR IN STARTUP\n");
- break;
- }
- if (do_client && !(done & C_DONE))
- {
- if (c_write)
- {
- i=BIO_write(c_bio,"hello from client\n",18);
- if (i < 0)
- {
- c_r=0;
- c_w=0;
- if (BIO_should_retry(c_bio))
- {
- if (BIO_should_read(c_bio))
- c_r=1;
- if (BIO_should_write(c_bio))
- c_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- return(1);
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- return(1);
- }
- else
- {
- /* ok */
- c_write=0;
- }
- }
- else
- {
- i=BIO_read(c_bio,cbuf,100);
- if (i < 0)
- {
- c_r=0;
- c_w=0;
- if (BIO_should_retry(c_bio))
- {
- if (BIO_should_read(c_bio))
- c_r=1;
- if (BIO_should_write(c_bio))
- c_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- return(1);
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- return(1);
- }
- else
- {
- done|=C_DONE;
-#ifdef undef
- fprintf(stdout,"CLIENT:from server:");
- fwrite(cbuf,1,i,stdout);
- fflush(stdout);
-#endif
- }
- }
- }
-
- if (do_server && !(done & S_DONE))
- {
- if (!s_write)
- {
- i=BIO_read(s_bio,sbuf,100);
- if (i < 0)
- {
- s_r=0;
- s_w=0;
- if (BIO_should_retry(s_bio))
- {
- if (BIO_should_read(s_bio))
- s_r=1;
- if (BIO_should_write(s_bio))
- s_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in SERVER\n");
- ERR_print_errors_fp(stderr);
- return(1);
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
- return(1);
- }
- else
- {
- s_write=1;
- s_w=1;
-#ifdef undef
- fprintf(stdout,"SERVER:from client:");
- fwrite(sbuf,1,i,stdout);
- fflush(stdout);
+ SSL_CTX *s_ctx, *c_ctx;
+ static char cbuf[200], sbuf[200];
+ SSL *c_ssl = NULL;
+ SSL *s_ssl = NULL;
+ BIO *c_to_s = NULL;
+ BIO *s_to_c = NULL;
+ BIO *c_bio = NULL;
+ BIO *s_bio = NULL;
+ int c_r, c_w, s_r, s_w;
+ int c_want, s_want;
+ int i;
+ int done = 0;
+ int c_write, s_write;
+ int do_server = 0, do_client = 0;
+
+ s_ctx = (SSL_CTX *)ctx[0];
+ c_ctx = (SSL_CTX *)ctx[1];
+
+ if (ctx[2] != NULL)
+ s_ssl = (SSL *)ctx[2];
+ else
+ s_ssl = SSL_new(s_ctx);
+
+ if (ctx[3] != NULL)
+ c_ssl = (SSL *)ctx[3];
+ else
+ c_ssl = SSL_new(c_ctx);
+
+ if ((s_ssl == NULL) || (c_ssl == NULL))
+ goto err;
+
+ c_to_s = BIO_new(BIO_s_mem());
+ s_to_c = BIO_new(BIO_s_mem());
+ if ((s_to_c == NULL) || (c_to_s == NULL))
+ goto err;
+
+ c_bio = BIO_new(BIO_f_ssl());
+ s_bio = BIO_new(BIO_f_ssl());
+ if ((c_bio == NULL) || (s_bio == NULL))
+ goto err;
+
+ SSL_set_connect_state(c_ssl);
+ SSL_set_bio(c_ssl, s_to_c, c_to_s);
+ BIO_set_ssl(c_bio, c_ssl, (ctx[2] == NULL) ? BIO_CLOSE : BIO_NOCLOSE);
+
+ SSL_set_accept_state(s_ssl);
+ SSL_set_bio(s_ssl, c_to_s, s_to_c);
+ BIO_set_ssl(s_bio, s_ssl, (ctx[3] == NULL) ? BIO_CLOSE : BIO_NOCLOSE);
+
+ c_r = 0;
+ s_r = 1;
+ c_w = 1;
+ s_w = 0;
+ c_want = W_WRITE;
+ s_want = 0;
+ c_write = 1, s_write = 0;
+
+ /* We can always do writes */
+ for (;;) {
+ do_server = 0;
+ do_client = 0;
+
+ i = (int)BIO_pending(s_bio);
+ if ((i && s_r) || s_w)
+ do_server = 1;
+
+ i = (int)BIO_pending(c_bio);
+ if ((i && c_r) || c_w)
+ do_client = 1;
+
+ if (do_server && verbose) {
+ if (SSL_in_init(s_ssl))
+ BIO_printf(bio_stdout, "server waiting in SSL_accept - %s\n",
+ SSL_state_string_long(s_ssl));
+ else if (s_write)
+ BIO_printf(bio_stdout, "server:SSL_write()\n");
+ else
+ BIO_printf(bio_stdout, "server:SSL_read()\n");
+ }
+
+ if (do_client && verbose) {
+ if (SSL_in_init(c_ssl))
+ BIO_printf(bio_stdout, "client waiting in SSL_connect - %s\n",
+ SSL_state_string_long(c_ssl));
+ else if (c_write)
+ BIO_printf(bio_stdout, "client:SSL_write()\n");
+ else
+ BIO_printf(bio_stdout, "client:SSL_read()\n");
+ }
+
+ if (!do_client && !do_server) {
+ BIO_printf(bio_stdout, "ERROR IN STARTUP\n");
+ break;
+ }
+ if (do_client && !(done & C_DONE)) {
+ if (c_write) {
+ i = BIO_write(c_bio, "hello from client\n", 18);
+ if (i < 0) {
+ c_r = 0;
+ c_w = 0;
+ if (BIO_should_retry(c_bio)) {
+ if (BIO_should_read(c_bio))
+ c_r = 1;
+ if (BIO_should_write(c_bio))
+ c_w = 1;
+ } else {
+ BIO_printf(bio_err, "ERROR in CLIENT\n");
+ ERR_print_errors_fp(stderr);
+ return (1);
+ }
+ } else if (i == 0) {
+ BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n");
+ return (1);
+ } else {
+ /* ok */
+ c_write = 0;
+ }
+ } else {
+ i = BIO_read(c_bio, cbuf, 100);
+ if (i < 0) {
+ c_r = 0;
+ c_w = 0;
+ if (BIO_should_retry(c_bio)) {
+ if (BIO_should_read(c_bio))
+ c_r = 1;
+ if (BIO_should_write(c_bio))
+ c_w = 1;
+ } else {
+ BIO_printf(bio_err, "ERROR in CLIENT\n");
+ ERR_print_errors_fp(stderr);
+ return (1);
+ }
+ } else if (i == 0) {
+ BIO_printf(bio_err, "SSL CLIENT STARTUP FAILED\n");
+ return (1);
+ } else {
+ done |= C_DONE;
+ }
+ }
+ }
+
+ if (do_server && !(done & S_DONE)) {
+ if (!s_write) {
+ i = BIO_read(s_bio, sbuf, 100);
+ if (i < 0) {
+ s_r = 0;
+ s_w = 0;
+ if (BIO_should_retry(s_bio)) {
+ if (BIO_should_read(s_bio))
+ s_r = 1;
+ if (BIO_should_write(s_bio))
+ s_w = 1;
+ } else {
+ BIO_printf(bio_err, "ERROR in SERVER\n");
+ ERR_print_errors_fp(stderr);
+ return (1);
+ }
+ } else if (i == 0) {
+ BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n");
+ return (1);
+ } else {
+ s_write = 1;
+ s_w = 1;
+ }
+ } else {
+ i = BIO_write(s_bio, "hello from server\n", 18);
+ if (i < 0) {
+ s_r = 0;
+ s_w = 0;
+ if (BIO_should_retry(s_bio)) {
+ if (BIO_should_read(s_bio))
+ s_r = 1;
+ if (BIO_should_write(s_bio))
+ s_w = 1;
+ } else {
+ BIO_printf(bio_err, "ERROR in SERVER\n");
+ ERR_print_errors_fp(stderr);
+ return (1);
+ }
+ } else if (i == 0) {
+ BIO_printf(bio_err, "SSL SERVER STARTUP FAILED\n");
+ return (1);
+ } else {
+ s_write = 0;
+ s_r = 1;
+ done |= S_DONE;
+ }
+ }
+ }
+
+ if ((done & S_DONE) && (done & C_DONE))
+ break;
+#if defined(OPENSSL_SYS_NETWARE)
+ ThreadSwitchWithDelay();