unsigned int *id_len);
static void init_session_cache_ctx(SSL_CTX *sctx);
static void free_sessions(void);
-static int ssl_load_stores(SSL_CTX *sctx,
- const char *vfyCApath, const char *vfyCAfile,
- const char *chCApath, const char *chCAfile);
#ifndef OPENSSL_NO_DH
static DH *load_dh_param(const char *dhfile);
static DH *get_dh512(void);
static int no_resume_ephemeral = 0;
static int s_msg=0;
static int s_quiet=0;
+static int s_ign_eof=0;
static int s_brief=0;
static char *keymatexportlabel=NULL;
BIO_printf(bio_err,"usage: s_server [args ...]\n");
BIO_printf(bio_err,"\n");
BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
+ BIO_printf(bio_err," -checkhost host - check peer certificate matches \"host\"\n");
+ BIO_printf(bio_err," -checkemail email - check peer certificate matches \"email\"\n");
+ BIO_printf(bio_err," -checkip ipaddr - check peer certificate matches \"ipaddr\"\n");
BIO_printf(bio_err," -context arg - set session ID context\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
char *vfyCApath=NULL,*vfyCAfile=NULL;
unsigned char *context = NULL;
char *dhfile = NULL;
-#ifndef OPENSSL_NO_ECDH
- char *named_curve = NULL;
-#endif
int badop=0;
int ret=1;
int build_chain = 0;
STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
int no_cache = 0, ext_cache = 0;
- int rev = 0;
+ int rev = 0, naccept = -1;
#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
if (!cctx)
goto end;
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
+ SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CMDLINE);
verify_depth=0;
#ifdef FIONBIO
if (!extract_port(*(++argv),&port))
goto bad;
}
+ else if (strcmp(*argv,"-naccept") == 0)
+ {
+ if (--argc < 1) goto bad;
+ naccept = atol(*(++argv));
+ if (naccept <= 0)
+ {
+ BIO_printf(bio_err, "bad accept value %s\n",
+ *argv);
+ goto bad;
+ }
+ }
else if (strcmp(*argv,"-verify") == 0)
{
s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
if (--argc < 1) goto bad;
verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
+ if (!s_quiet)
+ BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
}
else if (strcmp(*argv,"-Verify") == 0)
{
SSL_VERIFY_CLIENT_ONCE;
if (--argc < 1) goto bad;
verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
+ if (!s_quiet)
+ BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
}
else if (strcmp(*argv,"-context") == 0)
{
#endif
s_nbio_test=1;
}
+ else if (strcmp(*argv,"-ign_eof") == 0)
+ s_ign_eof=1;
+ else if (strcmp(*argv,"-no_ign_eof") == 0)
+ s_ign_eof=0;
else if (strcmp(*argv,"-debug") == 0)
{ s_debug=1; }
#ifndef OPENSSL_NO_TLSEXT
keymatexportlen=atoi(*(++argv));
if (keymatexportlen == 0) goto bad;
}
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
- else if (strcmp(*argv, "-debug_broken_protocol") == 0)
- cert_flags |= SSL_CERT_FLAG_BROKEN_PROTCOL;
-#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
if (bio_s_out == NULL)
{
- if (s_quiet && !s_debug && !s_msg)
+ if (s_quiet && !s_debug)
{
bio_s_out=BIO_new(BIO_s_null());
+ if (s_msg && !bio_s_msg)
+ bio_s_msg=BIO_new_fp(stdout,BIO_NOCLOSE);
}
else
{
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
- if (!args_ssl_call(ctx, bio_err, cctx, ssl_args))
+ if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile))
if (vpm)
SSL_CTX_set1_param(ctx2, vpm);
- if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args))
+ if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe))
goto end;
}
}
#endif
-#ifndef OPENSSL_NO_ECDH
- if (!no_ecdhe)
- {
- EC_KEY *ecdh=NULL;
-
- if (named_curve && strcmp(named_curve, "auto"))
- {
- int nid = EC_curve_nist2nid(named_curve);
- if (nid == NID_undef)
- nid = OBJ_sn2nid(named_curve);
- if (nid == 0)
- {
- BIO_printf(bio_err, "unknown curve name (%s)\n",
- named_curve);
- goto end;
- }
- ecdh = EC_KEY_new_by_curve_name(nid);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (%s)\n",
- named_curve);
- goto end;
- }
- }
-
- if (ecdh != NULL)
- {
- BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
- }
- else if (named_curve)
- SSL_CTX_set_ecdh_auto(ctx, 1);
- else
- {
- BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (nistp256)\n");
- goto end;
- }
- }
- (void)BIO_flush(bio_s_out);
-
- SSL_CTX_set_tmp_ecdh(ctx,ecdh);
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- SSL_CTX_set_tmp_ecdh(ctx2,ecdh);
-#endif
- EC_KEY_free(ecdh);
- }
-#endif
-
if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
goto end;
#ifndef OPENSSL_NO_TLSEXT
BIO_printf(bio_s_out,"ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (rev)
- do_server(port,socket_type,&accept_socket,rev_body, context);
+ do_server(port,socket_type,&accept_socket,rev_body, context, naccept);
else if (www)
- do_server(port,socket_type,&accept_socket,www_body, context);
+ do_server(port,socket_type,&accept_socket,www_body, context, naccept);
else
- do_server(port,socket_type,&accept_socket,sv_body, context);
+ do_server(port,socket_type,&accept_socket,sv_body, context, naccept);
print_stats(bio_s_out,ctx);
ret=0;
end:
OPENSSL_free(pass);
if (dpass)
OPENSSL_free(dpass);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
free_sessions();
#ifndef OPENSSL_NO_TLSEXT
if (tlscstatp.host)
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
ssl_print_sigalgs(bio_s_out, con);
+ ssl_print_point_formats(bio_s_out, con);
ssl_print_curves(bio_s_out, con, 0);
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
p--;
i--;
}
+ if (!s_ign_eof && i == 5 && !strncmp(buf, "CLOSE", 5))
+ {
+ ret = 1;
+ BIO_printf(bio_err, "CONNECTION CLOSED\n");
+ goto end;
+ }
BUF_reverse((unsigned char *)buf, NULL, i);
buf[i] = '\n';
BIO_write(io, buf, i + 1);
}
first = NULL;
}
-
-static int ssl_load_stores(SSL_CTX *sctx,
- const char *vfyCApath, const char *vfyCAfile,
- const char *chCApath, const char *chCAfile)
- {
- X509_STORE *vfy = NULL, *ch = NULL;
- int rv = 0;
- if (vfyCApath || vfyCAfile)
- {
- vfy = X509_STORE_new();
- if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
- goto err;
- SSL_CTX_set1_verify_cert_store(ctx, vfy);
- }
- if (chCApath || chCAfile)
- {
- ch = X509_STORE_new();
- if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
- goto err;
- /*X509_STORE_set_verify_cb(ch, verify_callback);*/
- SSL_CTX_set1_chain_cert_store(ctx, ch);
- }
- rv = 1;
- err:
- if (vfy)
- X509_STORE_free(vfy);
- if (ch)
- X509_STORE_free(ch);
- return rv;
- }
-
-
-
-
-
-
-
-
-