X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_server.c;h=3828d79e7d6ce5670e26fbf45f566e0668f09bdf;hp=7b6a2b0a2d6c3e1715deb41059284d26b4f8b817;hb=d8770f3ece3bef28eb749af6d5854b38e6c15e4e;hpb=15d52ddb559223c87fe7bfaa5675b9e4ee05098f diff --git a/apps/s_server.c b/apps/s_server.c index 7b6a2b0a2d..3828d79e7d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -62,7 +62,7 @@ #include #include #include -#ifdef NO_STDIO +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif @@ -70,7 +70,7 @@ recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is needed to have fileno() declared correctly... So let's define u_int */ -#if defined(VMS) && defined(__DECC) && !defined(__U_INT) +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) #define __U_INT typedef unsigned int u_int; #endif @@ -86,16 +86,16 @@ typedef unsigned int u_int; #include #include "s_apps.h" -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS #include #endif -#if (defined(VMS) && __VMS_VER < 70000000) +#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif static int sv_body(char *hostname, int s, unsigned char *context); @@ -104,7 +104,7 @@ static void close_accept_socket(void ); static void sv_usage(void); static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp,SSL_CTX *ctx); -#ifndef NO_DH +#ifndef OPENSSL_NO_DH static DH *load_dh_param(char *dhfile); static DH *get_dh512(void); #endif @@ -120,7 +120,7 @@ static void s_server_init(void); # endif #endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH static unsigned char dh512_p[]={ 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, @@ -231,6 +231,7 @@ static void sv_usage(void) BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); + BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); BIO_printf(bio_err," -quiet - No server output\n"); BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); @@ -239,13 +240,14 @@ static void sv_usage(void) BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); -#ifndef NO_DH +#ifndef OPENSSL_NO_DH BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); #endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); + BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } static int local_argc=0; @@ -416,12 +418,13 @@ int MAIN(int argc, char *argv[]) int state=0; SSL_METHOD *meth=NULL; ENGINE *e=NULL; + char *inrand=NULL; -#if !defined(NO_SSL2) && !defined(NO_SSL3) +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); -#elif !defined(NO_SSL3) +#elif !defined(OPENSSL_NO_SSL3) meth=SSLv3_server_method(); -#elif !defined(NO_SSL2) +#elif !defined(OPENSSL_NO_SSL2) meth=SSLv2_server_method(); #endif @@ -508,6 +511,8 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; CApath= *(++argv); } + else if (strcmp(*argv,"-serverpref") == 0) + { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -555,15 +560,15 @@ int MAIN(int argc, char *argv[]) { off|=SSL_OP_NO_SSLv3; } else if (strcmp(*argv,"-no_tls1") == 0) { off|=SSL_OP_NO_TLSv1; } -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) { meth=SSLv2_server_method(); } #endif -#ifndef NO_SSL3 +#ifndef OPENSSL_NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) { meth=SSLv3_server_method(); } #endif -#ifndef NO_TLS1 +#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv,"-tls1") == 0) { meth=TLSv1_server_method(); } #endif @@ -572,6 +577,11 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; engine_id= *(++argv); } + else if (strcmp(*argv,"-rand") == 0) + { + if (--argc < 1) goto bad; + inrand= *(++argv); + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -588,7 +598,14 @@ bad: goto end; } - app_RAND_load_file(NULL, bio_err, 0); + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL + && !RAND_status()) + { + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); + } + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); if (bio_s_out == NULL) { @@ -603,7 +620,7 @@ bad: } } -#if !defined(NO_RSA) || !defined(NO_DSA) +#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) if (nocert) #endif { @@ -676,7 +693,7 @@ bad: /* goto end; */ } -#ifndef NO_DH +#ifndef OPENSSL_NO_DH if (!no_dhe) { DH *dh=NULL; @@ -710,7 +727,7 @@ bad: goto end; } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #if 1 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); #else @@ -798,7 +815,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif @@ -821,6 +838,13 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (con == NULL) { con=SSL_new(ctx); +#ifndef OPENSSL_NO_KRB5 + if ((con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); + kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); + } +#endif /* OPENSSL_NO_KRB5 */ if(context) SSL_set_session_id_context(con, context, strlen((char *)context)); @@ -858,7 +882,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); -#ifndef WINDOWS +#ifndef OPENSSL_SYS_WINDOWS FD_SET(fileno(stdin),&readfds); #endif FD_SET(s,&readfds); @@ -868,7 +892,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) * the compiler: if you do have a cast then you can either * go for (int *) or (void *). */ -#ifdef WINDOWS +#ifdef OPENSSL_SYS_WINDOWS /* Under Windows we can't select on stdin: only * on sockets. As a workaround we timeout the select every * second and check for any keypress. In a proper Windows @@ -1134,7 +1158,7 @@ static int init_ssl_connection(SSL *con) return(1); } -#ifndef NO_DH +#ifndef OPENSSL_NO_DH static DH *load_dh_param(char *dhfile) { DH *ret=NULL; @@ -1270,7 +1294,7 @@ static int www_body(char *hostname, int s, unsigned char *context) else { BIO_printf(bio_s_out,"read R BLOCK\n"); -#ifndef MSDOS +#ifndef OPENSSL_SYS_MSDOS sleep(1); #endif continue; @@ -1516,7 +1540,7 @@ err: return(ret); } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) { static RSA *rsa_tmp=NULL;