give EC_GROUP_new_by_nid a more meanigful name:

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index 986c1221e3c08c650d0a9905c4ebf36a911c9c89..ea19a50bff8f65c564f1f667fea18c42108d13dd 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -154,6 +154,7 @@ typedef unsigned int u_int;
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
 #include "s_apps.h"
+#include "timeouts.h"
 
 #ifdef OPENSSL_SYS_WINCE
 /* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
@@ -260,6 +261,11 @@ static char *engine_id=NULL;
 #endif
 static const char *session_id_prefix=NULL;
 
+static int enable_timeouts = 0;
+static long mtu;
+static int cert_chain = 0;
+
+
 #ifdef MONOLITH
 static void s_server_init(void)
        {
@@ -333,6 +339,10 @@ static void sv_usage(void)
        BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
        BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
        BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
+       BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");
+       BIO_printf(bio_err," -timeout      - Enable timeouts\n");
+       BIO_printf(bio_err," -mtu          - Set MTU\n");
+       BIO_printf(bio_err," -chain        - Read a certificate chain\n");
        BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
        BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
        BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
@@ -515,7 +525,7 @@ int MAIN(int argc, char *argv[])
        int vflags = 0;
        short port=PORT;
        char *CApath=NULL,*CAfile=NULL;
-       char *context = NULL;
+       unsigned char *context = NULL;
        char *dhfile = NULL;
        char *named_curve = NULL;
        int badop=0,bugs=0;
@@ -524,6 +534,7 @@ int MAIN(int argc, char *argv[])
        int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
        int state=0;
        SSL_METHOD *meth=NULL;
+    int sock_type=SOCK_STREAM;
 #ifndef OPENSSL_NO_ENGINE
        ENGINE *e=NULL;
 #endif
@@ -593,7 +604,7 @@ int MAIN(int argc, char *argv[])
                else if (strcmp(*argv,"-context") == 0)
                        {
                        if (--argc < 1) goto bad;
-                       context= *(++argv);
+                       context= (unsigned char *)*(++argv);
                        }
                else if (strcmp(*argv,"-cert") == 0)
                        {
@@ -740,6 +751,22 @@ int MAIN(int argc, char *argv[])
 #ifndef OPENSSL_NO_TLS1
                else if (strcmp(*argv,"-tls1") == 0)
                        { meth=TLSv1_server_method(); }
+#endif
+#ifndef OPENSSL_NO_DTLS1
+               else if (strcmp(*argv,"-dtls1") == 0)
+                       { 
+                       meth=DTLSv1_server_method();
+                       sock_type = SOCK_DGRAM;
+                       }
+               else if (strcmp(*argv,"-timeout") == 0)
+                       enable_timeouts = 1;
+               else if (strcmp(*argv,"-mtu") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       mtu = atol(*(++argv));
+                       }
+               else if (strcmp(*argv, "-chain") == 0)
+                       cert_chain = 1;
 #endif
                else if (strcmp(*argv, "-id_prefix") == 0)
                        {
@@ -892,6 +919,10 @@ bad:
        if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
        if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
        SSL_CTX_set_options(ctx,off);
+       /* DTLS: partial reads end up discarding unread UDP bytes :-( 
+        * Setting read ahead solves this problem.
+        */
+       if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
 
        if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 
@@ -968,7 +999,7 @@ bad:
                                goto end;
                                }
 
-                       ecdh->group = EC_GROUP_new_by_nid(nid);
+                       ecdh->group = EC_GROUP_new_by_curve_name(nid);
                        if (ecdh->group == NULL)
                                {
                                BIO_printf(bio_err, "unable to create curve (%s)\n", 
@@ -984,7 +1015,7 @@ bad:
                else
                        {
                        BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
-                       ecdh->group=EC_GROUP_new_by_nid(NID_sect163r2);
+                       ecdh->group=EC_GROUP_new_by_curve_name(NID_sect163r2);
                        if (ecdh->group == NULL) 
                                {
                                BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
@@ -1046,9 +1077,9 @@ bad:
 
        BIO_printf(bio_s_out,"ACCEPT\n");
        if (www)
-               do_server(port,&accept_socket,www_body, context);
+               do_server(port,sock_type,&accept_socket,www_body, context);
        else
-               do_server(port,&accept_socket,sv_body, context);
+               do_server(port,sock_type,&accept_socket,sv_body, context);
        print_stats(bio_s_out,ctx);
        ret=0;
 end:
@@ -1067,7 +1098,7 @@ end:
                OPENSSL_free(dpass);
        if (bio_s_out != NULL)
                {
-               BIO_free(bio_s_out);
+        BIO_free(bio_s_out);
                bio_s_out=NULL;
                }
        apps_shutdown();
@@ -1146,7 +1177,39 @@ static int sv_body(char *hostname, int s, unsigned char *context)
        }
        SSL_clear(con);
 
-       sbio=BIO_new_socket(s,BIO_NOCLOSE);
+       if (SSL_version(con) == DTLS1_VERSION)
+               {
+               struct timeval timeout;
+
+               sbio=BIO_new_dgram(s,BIO_NOCLOSE);
+
+               if ( enable_timeouts)
+                       {
+                       timeout.tv_sec = 0;
+                       timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+                       BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+                       
+                       timeout.tv_sec = 0;
+                       timeout.tv_usec = DGRAM_SND_TIMEOUT;
+                       BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+                       }
+
+               
+               if ( mtu > 0)
+                       {
+                       SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+                       SSL_set_mtu(con, mtu);
+                       }
+               else
+                       /* want to do MTU discovery */
+                       BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+
+        /* turn on cookie exchange */
+        SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
+               }
+       else
+               sbio=BIO_new_socket(s,BIO_NOCLOSE);
+
        if (s_nbio_test)
                {
                BIO *test;
@@ -1252,7 +1315,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                                if ((i <= 0) || (buf[0] == 'q'))
                                        {
                                        BIO_printf(bio_s_out,"DONE\n");
-                                       SHUTDOWN(s);
+                                       if (SSL_version(con) != DTLS1_VERSION)
+                        SHUTDOWN(s);
        /*                              close_accept_socket();
                                        ret= -11;*/
                                        goto err;
@@ -1470,7 +1534,7 @@ static DH *load_dh_param(const char *dhfile)
        DH *ret=NULL;
        BIO *bio;
 
-       if ((bio=BIO_new_file((char *)dhfile,"r")) == NULL)
+       if ((bio=BIO_new_file(dhfile,"r")) == NULL)
                goto err;
        ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
 err: