int MAIN(int argc, char *argv[])
{
+ X509_STORE *store = NULL;
+ int vflags = 0;
short port=PORT;
char *CApath=NULL,*CAfile=NULL;
char *context = NULL;
if (--argc < 1) goto bad;
CApath= *(++argv);
}
+ else if (strcmp(*argv,"-crl_check") == 0)
+ {
+ vflags |= X509_V_FLAG_CRL_CHECK;
+ }
+ else if (strcmp(*argv,"-crl_check") == 0)
+ {
+ vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+ }
else if (strcmp(*argv,"-serverpref") == 0)
{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
else if (strcmp(*argv,"-cipher") == 0)
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
- if (engine_id != NULL)
- {
- if((e = ENGINE_by_id(engine_id)) == NULL)
- {
- BIO_printf(bio_err,"invalid engine\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- if (s_debug)
- {
- ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
- 0, bio_err, 0);
- }
- if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
- {
- BIO_printf(bio_err,"can't use that engine\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
- ENGINE_free(e);
- }
+ e = setup_engine(bio_err, engine_id, 1);
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
SSL_CTX_set_options(ctx,off);
- if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
ERR_print_errors(bio_err);
/* goto end; */
}
+ store = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_set_flags(store, vflags);
#ifndef OPENSSL_NO_DH
if (!no_dhe)
BIO_free(bio_s_out);
bio_s_out=NULL;
}
+ apps_shutdown();
EXIT(ret);
}
#ifndef OPENSSL_NO_KRB5
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
{
- kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
- kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
+ KRB5SVC);
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
+ KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
if(context)
if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
if ((con=SSL_new(ctx)) == NULL) goto err;
+#ifndef OPENSSL_NO_KRB5
+ if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+ {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+ }
+#endif /* OPENSSL_NO_KRB5 */
if(context) SSL_set_session_id_context(con, context,
strlen((char *)context));
{
BIO *file;
char *p,*e;
- static char *text="HTTP/1.0 200 ok\r\n"
- "Content-type: text/plain\r\n\r\n";
+ static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
/* skip the '/' */
p= &(buf[5]);
- dot=0;
+
+ dot = 1;
for (e=p; *e != '\0'; e++)
{
- if (e[0] == ' ') break;
- if ( (e[0] == '.') &&
- (strncmp(&(e[-1]),"/../",4) == 0))
- dot=1;
+ if (e[0] == ' ')
+ break;
+
+ switch (dot)
+ {
+ case 1:
+ dot = (e[0] == '.') ? 2 : 0;
+ break;
+ case 2:
+ dot = (e[0] == '.') ? 3 : 0;
+ break;
+ case 3:
+ dot = (e[0] == '/') ? -1 : 0;
+ break;
+ }
+ if (dot == 0)
+ dot = (e[0] == '/') ? 1 : 0;
}
-
+ dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
if (*e == '\0')
{
break;
}
+#if 0
/* append if a directory lookup */
if (e[-1] == '/')
strcat(p,"index.html");
+#endif
/* if a directory, do the index thang */
if (stat(p,&st_buf) < 0)
}
if (S_ISDIR(st_buf.st_mode))
{
+#if 0 /* must check buffer size */
strcat(p,"/index.html");
+#else
+ BIO_puts(io,text);
+ BIO_printf(io,"'%s' is a directory\r\n",p);
+ break;
+#endif
}
if ((file=BIO_new_file(p,"r")) == NULL)