X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_server.c;h=c0546f6f9b0ea0529322bf758c70d4c0ad6e181f;hp=5012ef254da704a8676df51a31f21bfd1c36500c;hb=59ff7134625d24322cbf998470a80195a543fb4e;hpb=7dfb0b774e6592dcbfe47015168a0ac8b44e2a17 diff --git a/apps/s_server.c b/apps/s_server.c index 5012ef254d..c0546f6f9b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -136,7 +136,8 @@ static DH *get_dh512() /* static int load_CA(SSL_CTX *ctx, char *file);*/ #undef BUFSIZZ -#define BUFSIZZ 8*1024 +#define BUFSIZZ 16*1024 +static int bufsize=32; static int accept_socket= -1; #define TEST_CERT "server.pem" @@ -188,7 +189,7 @@ static void sv_usage() { BIO_printf(bio_err,"usage: s_server [args ...]\n"); BIO_printf(bio_err,"\n"); - BIO_printf(bio_err," -accept arg - port to accept on (default is %d\n",PORT); + BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); @@ -204,7 +205,7 @@ static void sv_usage() BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); - BIO_printf(bio_err," -cipher arg - play with 'ssleay ciphers' to see what goes here\n"); + BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); BIO_printf(bio_err," -quiet - No server output\n"); BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); @@ -504,7 +505,7 @@ bad: SSL_CTX_set_cipher_list(ctx,cipher); SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); - SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); + SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); BIO_printf(bio_s_out,"ACCEPT\n"); if (www) @@ -562,7 +563,7 @@ int s; SSL *con=NULL; BIO *sbio; - if ((buf=Malloc(BUFSIZZ)) == NULL) + if ((buf=Malloc(bufsize)) == NULL) { BIO_printf(bio_err,"out of memory\n"); goto err; @@ -614,7 +615,7 @@ int s; if (i <= 0) continue; if (FD_ISSET(fileno(stdin),&readfds)) { - i=read(fileno(stdin),buf,128/*BUFSIZZ*/); + i=read(fileno(stdin),buf,bufsize); if (!s_quiet) { if ((i <= 0) || (buf[0] == 'Q')) @@ -641,10 +642,10 @@ int s; printf("SSL_do_handshake -> %d\n",i); i=0; /*13; */ continue; - strcpy(buf,"server side RE-NEGOTIATE\n"); + /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ } if ((buf[0] == 'R') && - ((buf[1] == '\0') || (buf[1] == '\r'))) + ((buf[1] == '\n') || (buf[1] == '\r'))) { SSL_set_verify(con, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); @@ -653,7 +654,7 @@ int s; printf("SSL_do_handshake -> %d\n",i); i=0; /* 13; */ continue; - strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); + /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ } if (buf[0] == 'P') { @@ -688,7 +689,7 @@ int s; ERR_print_errors(bio_err); ret=1; goto err; - break; + /* break; */ case SSL_ERROR_ZERO_RETURN: BIO_printf(bio_s_out,"DONE\n"); ret=1; @@ -718,12 +719,14 @@ int s; } else { - i=SSL_read(con,(char *)buf,128 /*BUFSIZZ */); +again: + i=SSL_read(con,(char *)buf,bufsize); switch (SSL_get_error(con,i)) { case SSL_ERROR_NONE: write(fileno(stdout),buf, (unsigned int)i); + if (SSL_pending(con)) goto again; break; case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: @@ -755,7 +758,7 @@ err: BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); if (buf != NULL) { - memset(buf,0,BUFSIZZ); + memset(buf,0,bufsize); Free(buf); } if (ret >= 0) @@ -820,6 +823,10 @@ SSL *con; str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); + if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & + TLS1_FLAGS_TLS_PADDING_BUG) + BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); + return(1); } @@ -865,7 +872,7 @@ static int www_body(hostname, s) char *hostname; int s; { - char buf[1024]; + char *buf=NULL; int ret=1; int i,j,k,blank,dot; struct stat st_buf; @@ -874,6 +881,8 @@ int s; BIO *io,*ssl_bio,*sbio; long total_bytes; + buf=Malloc(bufsize); + if (buf == NULL) return(0); io=BIO_new(BIO_f_buffer()); ssl_bio=BIO_new(BIO_f_ssl()); if ((io == NULL) || (ssl_bio == NULL)) goto err; @@ -891,7 +900,7 @@ int s; #endif /* lets make the output buffer a reasonable size */ - if (!BIO_set_write_buffer_size(io,253 /*16*1024*/)) goto err; + if (!BIO_set_write_buffer_size(io,bufsize)) goto err; if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err; @@ -937,14 +946,14 @@ int s; case SSL_ERROR_ZERO_RETURN: ret=1; goto err; - break; + /* break; */ } SSL_renegotiate(con); SSL_write(con,NULL,0); } - i=BIO_gets(io,buf,sizeof(buf)-1); + i=BIO_gets(io,buf,bufsize-1); if (i < 0) /* error */ { if (!BIO_should_retry(io)) @@ -1004,7 +1013,7 @@ int s; BIO_puts(io,"\n"); } BIO_puts(io,"\n"); - p=SSL_get_shared_ciphers(con,buf,sizeof(buf)); + p=SSL_get_shared_ciphers(con,buf,bufsize); if (p != NULL) { BIO_printf(io,"---\nCiphers common between both SSL end points:\n"); @@ -1129,9 +1138,10 @@ int s; total_bytes=0; for (;;) { - i=BIO_read(file,buf,1024); + i=BIO_read(file,buf,bufsize); if (i <= 0) break; +#ifdef RENEG total_bytes+=i; fprintf(stderr,"%d\n",i); if (total_bytes > 3*1024) @@ -1140,6 +1150,7 @@ int s; fprintf(stderr,"RENEGOTIATE\n"); SSL_renegotiate(con); } +#endif for (j=0; j= 0) BIO_printf(bio_s_out,"ACCEPT\n"); + if (buf != NULL) Free(buf); if (io != NULL) BIO_free_all(io); /* if (ssl_bio != NULL) BIO_free(ssl_bio);*/ return(ret);