static int no_resume_ephemeral = 0;
static int s_msg=0;
static int s_quiet=0;
+static int s_ign_eof=0;
static int s_brief=0;
static char *keymatexportlabel=NULL;
BIO_printf(bio_err,"usage: s_server [args ...]\n");
BIO_printf(bio_err,"\n");
BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
+ BIO_printf(bio_err," -checkhost host - check peer certificate matches \"host\"\n");
+ BIO_printf(bio_err," -checkemail email - check peer certificate matches \"email\"\n");
+ BIO_printf(bio_err," -checkip ipaddr - check peer certificate matches \"ipaddr\"\n");
BIO_printf(bio_err," -context arg - set session ID context\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
char *vfyCApath=NULL,*vfyCAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
-#ifndef OPENSSL_NO_ECDH
- char *named_curve = NULL;
-#endif
int badop=0;
int ret=1;
int build_chain = 0;
STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
int no_cache = 0, ext_cache = 0;
- int rev = 0;
+ int rev = 0, naccept = -1;
#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
if (!extract_port(*(++argv),&port))
goto bad;
}
+ else if (strcmp(*argv,"-naccept") == 0)
+ {
+ if (--argc < 1) goto bad;
+ naccept = atol(*(++argv));
+ if (naccept <= 0)
+ {
+ BIO_printf(bio_err, "bad accept value %s\n",
+ *argv);
+ goto bad;
+ }
+ }
else if (strcmp(*argv,"-verify") == 0)
{
s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
#endif
s_nbio_test=1;
}
+ else if (strcmp(*argv,"-ign_eof") == 0)
+ s_ign_eof=1;
+ else if (strcmp(*argv,"-no_ign_eof") == 0)
+ s_ign_eof=0;
else if (strcmp(*argv,"-debug") == 0)
{ s_debug=1; }
#ifndef OPENSSL_NO_TLSEXT
keymatexportlen=atoi(*(++argv));
if (keymatexportlen == 0) goto bad;
}
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- else if (strcmp(*argv, "-debug_broken_protocol") == 0)
- cert_flags |= SSL_CERT_FLAG_BROKEN_PROTCOL;
-#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
- if (!args_ssl_call(ctx, bio_err, cctx, ssl_args))
+ if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile))
if (vpm)
SSL_CTX_set1_param(ctx2, vpm);
- if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args))
+ if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe))
goto end;
}
}
#endif
-#ifndef OPENSSL_NO_ECDH
- if (!no_ecdhe)
- {
- EC_KEY *ecdh=NULL;
-
- if (named_curve && strcmp(named_curve, "auto"))
- {
- int nid = EC_curve_nist2nid(named_curve);
- if (nid == NID_undef)
- nid = OBJ_sn2nid(named_curve);
- if (nid == 0)
- {
- BIO_printf(bio_err, "unknown curve name (%s)\n",
- named_curve);
- goto end;
- }
- ecdh = EC_KEY_new_by_curve_name(nid);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (%s)\n",
- named_curve);
- goto end;
- }
- }
-
- if (ecdh != NULL)
- {
- BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
- }
- else if (named_curve)
- SSL_CTX_set_ecdh_auto(ctx, 1);
- else
- {
- BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (nistp256)\n");
- goto end;
- }
- }
- (void)BIO_flush(bio_s_out);
-
- SSL_CTX_set_tmp_ecdh(ctx,ecdh);
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- SSL_CTX_set_tmp_ecdh(ctx2,ecdh);
-#endif
- EC_KEY_free(ecdh);
- }
-#endif
-
if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
goto end;
#ifndef OPENSSL_NO_TLSEXT
BIO_printf(bio_s_out,"ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (rev)
- do_server(port,socket_type,&accept_socket,rev_body, context);
+ do_server(port,socket_type,&accept_socket,rev_body, context, naccept);
else if (www)
- do_server(port,socket_type,&accept_socket,www_body, context);
+ do_server(port,socket_type,&accept_socket,www_body, context, naccept);
else
- do_server(port,socket_type,&accept_socket,sv_body, context);
+ do_server(port,socket_type,&accept_socket,sv_body, context, naccept);
print_stats(bio_s_out,ctx);
ret=0;
end:
OPENSSL_free(pass);
if (dpass)
OPENSSL_free(dpass);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
free_sessions();
#ifndef OPENSSL_NO_TLSEXT
if (tlscstatp.host)
p--;
i--;
}
+ if (!s_ign_eof && i == 5 && !strncmp(buf, "CLOSE", 5))
+ {
+ ret = 1;
+ BIO_printf(bio_err, "CONNECTION CLOSED\n");
+ goto end;
+ }
BUF_reverse((unsigned char *)buf, NULL, i);
buf[i] = '\n';
BIO_write(io, buf, i + 1);
projects / openssl.git / blobdiff