#include "s_apps.h"
#include "timeouts.h"
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-# undef FIONBIO
-#endif
-
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
-static int sv_body(char *hostname, int s, int stype, unsigned char *context);
-static int www_body(char *hostname, int s, int stype, unsigned char *context);
-static int rev_body(char *hostname, int s, int stype, unsigned char *context);
+static int sv_body(int s, int stype, unsigned char *context);
+static int www_body(int s, int stype, unsigned char *context);
+static int rev_body(int s, int stype, unsigned char *context);
static void close_accept_socket(void);
static int init_ssl_connection(SSL *s);
static void print_stats(BIO *bp, SSL_CTX *ctx);
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
-#ifdef FIONBIO
static int s_nbio = 0;
-#endif
static int s_nbio_test = 0;
static int s_crlf = 0;
static SSL_CTX *ctx = NULL;
static int keymatexportlen = 20;
static int async = 0;
+static unsigned int split_send_fragment = 0;
+static unsigned int max_pipelines = 0;
#ifndef OPENSSL_NO_ENGINE
static char *engine_id = NULL;
static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
{
srpsrvparm *p = (srpsrvparm *) arg;
+ int ret = SSL3_AL_FATAL;
+
if (p->login == NULL && p->user == NULL) {
p->login = SSL_get_srp_username(s);
BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
if (p->user == NULL) {
BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
- return SSL3_AL_FATAL;
+ goto err;
}
+
if (SSL_set_srp_server_param
(s, p->user->N, p->user->g, p->user->s, p->user->v,
p->user->info) < 0) {
*ad = SSL_AD_INTERNAL_ERROR;
- return SSL3_AL_FATAL;
+ goto err;
}
BIO_printf(bio_err,
"SRP parameters set: username = \"%s\" info=\"%s\" \n",
p->login, p->user->info);
- /* need to check whether there are memory leaks */
+ ret = SSL_ERROR_NONE;
+
+err:
+ SRP_user_pwd_free(p->user);
p->user = NULL;
p->login = NULL;
- return SSL_ERROR_NONE;
+ return ret;
}
#endif
s_quiet = 0;
s_brief = 0;
async = 0;
+ split_send_fragment = 0;
+ max_pipelines = 0;
#ifndef OPENSSL_NO_ENGINE
engine_id = NULL;
#endif
return is_forward_secure;
}
-static char *jpake_secret = NULL;
#ifndef OPENSSL_NO_SRP
static srpsrvparm srp_callback_parm;
#endif
#endif
typedef enum OPTION_choice {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_ENGINE, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE,
+ OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
OPT_VERIFY, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL,
OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM,
OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT,
OPT_QUIET, OPT_BRIEF, OPT_NO_DHE,
OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
- OPT_SSL_CONFIG, OPT_SSL3,
+ OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_SSL3,
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_LISTEN,
OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
- OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_JPAKE,
+ OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_S_ENUM,
OPT_V_ENUM,
OPTIONS s_server_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
- {"port", OPT_PORT, 'p'},
- {"accept", OPT_PORT, 'p',
- "TCP/IP port to accept on (default is " PORT_STR ")"},
+ {"port", OPT_PORT, 'p',
+ "TCP/IP port to listen on for connections (default is " PORT ")"},
+ {"accept", OPT_ACCEPT, 's',
+ "TCP/IP optional host and port to accept on (default is " PORT ")"},
+#ifdef AF_UNIX
{"unix", OPT_UNIX, 's', "Unix domain socket to accept on"},
+#endif
+ {"4", OPT_4, '-', "Use IPv4 only"},
+ {"6", OPT_6, '-', "Use IPv6 only"},
+#ifdef AF_UNIX
{"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"},
+#endif
{"context", OPT_CONTEXT, 's', "Set session ID context"},
{"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"},
{"Verify", OPT_UPPER_V_VERIFY, 'n',
{"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
{"debug", OPT_DEBUG, '-', "Print more output"},
{"msg", OPT_MSG, '-', "Show protocol messages"},
- {"msgfile", OPT_MSGFILE, '>'},
+ {"msgfile", OPT_MSGFILE, '>',
+ "File to send output of -msg or -trace, instead of stdout"},
{"state", OPT_STATE, '-', "Print the SSL states"},
{"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
{"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
"Export len bytes of keying material (default 20)"},
- {"CRL", OPT_CRL, '<'},
- {"crl_download", OPT_CRL_DOWNLOAD, '-'},
- {"cert_chain", OPT_CERT_CHAIN, '<'},
- {"dcert_chain", OPT_DCERT_CHAIN, '<'},
- {"chainCApath", OPT_CHAINCAPATH, '/'},
- {"verifyCApath", OPT_VERIFYCAPATH, '/'},
- {"no_cache", OPT_NO_CACHE, '-'},
- {"ext_cache", OPT_EXT_CACHE, '-'},
- {"CRLform", OPT_CRLFORM, 'F'},
- {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
- {"verify_quiet", OPT_VERIFY_QUIET, '-'},
- {"build_chain", OPT_BUILD_CHAIN, '-'},
- {"chainCAfile", OPT_CHAINCAFILE, '<'},
- {"verifyCAfile", OPT_VERIFYCAFILE, '<'},
- {"ign_eof", OPT_IGN_EOF, '-'},
- {"no_ign_eof", OPT_NO_IGN_EOF, '-'},
- {"status", OPT_STATUS, '-'},
- {"status_verbose", OPT_STATUS_VERBOSE, '-'},
- {"status_timeout", OPT_STATUS_TIMEOUT, 'n'},
- {"status_url", OPT_STATUS_URL, 's'},
- {"trace", OPT_TRACE, '-'},
- {"security_debug", OPT_SECURITY_DEBUG, '-'},
- {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
- {"brief", OPT_BRIEF, '-'},
- {"rev", OPT_REV, '-'},
+ {"CRL", OPT_CRL, '<', "CRL file to use"},
+ {"crl_download", OPT_CRL_DOWNLOAD, '-',
+ "Download CRL from distribution points"},
+ {"cert_chain", OPT_CERT_CHAIN, '<',
+ "certificate chain file in PEM format"},
+ {"dcert_chain", OPT_DCERT_CHAIN, '<',
+ "second certificate chain file in PEM format"},
+ {"chainCApath", OPT_CHAINCAPATH, '/',
+ "use dir as certificate store path to build CA certificate chain"},
+ {"verifyCApath", OPT_VERIFYCAPATH, '/',
+ "use dir as certificate store path to verify CA certificate"},
+ {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"},
+ {"ext_cache", OPT_EXT_CACHE, '-',
+ "Disable internal cache, setup and use external cache"},
+ {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default" },
+ {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+ "Close connection on verification error"},
+ {"verify_quiet", OPT_VERIFY_QUIET, '-',
+ "No verify output except verify errors"},
+ {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"},
+ {"chainCAfile", OPT_CHAINCAFILE, '<',
+ "CA file for certificate chain (PEM format)"},
+ {"verifyCAfile", OPT_VERIFYCAFILE, '<',
+ "CA file for certificate verification (PEM format)"},
+ {"ign_eof", OPT_IGN_EOF, '-', "ignore input eof (default when -quiet)"},
+ {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input eof"},
+ {"status", OPT_STATUS, '-', "Request certificate status from server"},
+ {"status_verbose", OPT_STATUS_VERBOSE, '-',
+ "Print more output in certificate status callback"},
+ {"status_timeout", OPT_STATUS_TIMEOUT, 'n',
+ "Status request responder timeout"},
+ {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"},
+#ifndef OPENSSL_NO_SSL_TRACE
+ {"trace", OPT_TRACE, '-', "trace protocol messages"},
+#endif
+ {"security_debug", OPT_SECURITY_DEBUG, '-',
+ "Print output from SSL/TLS security framework"},
+ {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
+ "Print more output from SSL/TLS security framework"},
+ {"brief", OPT_BRIEF, '-', \
+ "Restrict output to brief summary of connection parameters"},
+ {"rev", OPT_REV, '-',
+ "act as a simple test server which just sends back with the received text reversed"},
{"async", OPT_ASYNC, '-', "Operate in asynchronous mode"},
- {"ssl_config", OPT_SSL_CONFIG, 's'},
+ {"ssl_config", OPT_SSL_CONFIG, 's', \
+ "Configure SSL_CTX using the configuration 'val'"},
+ {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'n',
+ "Size used to split data for encrypt/decrypt pipelines"},
+ {"max_pipelines", OPT_MAX_PIPELINES, 'n',
+ "Maximum number of encrypt/decrypt pipelines to be used"},
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
-#ifdef FIONBIO
{"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
-#endif
#ifndef OPENSSL_NO_PSK
{"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
-# ifndef OPENSSL_NO_JPAKE
- {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
-# endif
#endif
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
{"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
#endif
#ifndef OPENSSL_NO_DTLS
- {"dtls", OPT_DTLS, '-'},
+ {"dtls", OPT_DTLS, '-', "Use any DTLS version"},
{"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
{"mtu", OPT_MTU, 'p', "Set link layer MTU"},
{"chain", OPT_CHAIN, '-', "Read a certificate chain"},
#ifndef OPENSSL_NO_SRTP
{"use_srtp", OPT_SRTP_PROFILES, 's',
"Offer SRTP key management with a colon-separated profile list"},
+#endif
{"alpn", OPT_ALPN, 's',
"Set the advertised protocols for the ALPN extension (comma-separated list)"},
-#endif
#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's'},
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
#ifndef OPENSSL_NO_PSK
char *p;
#endif
- const char *unix_path = NULL;
-#ifndef NO_SYS_UN_H
+#ifdef AF_UNIX
int unlink_unix_path = 0;
#endif
- int (*server_cb) (char *hostname, int s, int stype,
- unsigned char *context);
+ do_server_cb server_cb;
int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
#ifndef OPENSSL_NO_DH
int no_dhe = 0;
int noCApath = 0, noCAfile = 0;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
- int rev = 0, naccept = -1, sdebug = 0, socket_type = SOCK_STREAM;
+ int rev = 0, naccept = -1, sdebug = 0;
+ int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM;
int state = 0, crl_format = FORMAT_PEM, crl_download = 0;
- unsigned short port = PORT;
+ char *host = NULL;
+ char *port = BUF_strdup(PORT);
unsigned char *context = NULL;
OPTION_CHOICE o;
EVP_PKEY *s_key2 = NULL;
ret = 0;
goto end;
+ case OPT_4:
+#ifdef AF_UNIX
+ if (socket_family == AF_UNIX) {
+ OPENSSL_free(host); host = NULL;
+ OPENSSL_free(port); port = NULL;
+ }
+#endif
+ socket_family = AF_INET;
+ break;
+ case OPT_6:
+ if (1) {
+#ifdef AF_INET6
+#ifdef AF_UNIX
+ if (socket_family == AF_UNIX) {
+ OPENSSL_free(host); host = NULL;
+ OPENSSL_free(port); port = NULL;
+ }
+#endif
+ socket_family = AF_INET6;
+ } else {
+#endif
+ BIO_printf(bio_err, "%s: IPv6 domain sockets unsupported\n", prog);
+ goto end;
+ }
+ break;
case OPT_PORT:
- if (!extract_port(opt_arg(), &port))
+#ifdef AF_UNIX
+ if (socket_family == AF_UNIX) {
+ socket_family = AF_UNSPEC;
+ }
+#endif
+ OPENSSL_free(port); port = NULL;
+ OPENSSL_free(host); host = NULL;
+ if (BIO_parse_hostserv(opt_arg(), NULL, &port, BIO_PARSE_PRIO_SERV) < 1) {
+ BIO_printf(bio_err,
+ "%s: -port argument malformed or ambiguous\n",
+ port);
goto end;
+ }
break;
- case OPT_UNIX:
-#ifdef NO_SYS_UN_H
- BIO_printf(bio_err, "unix domain sockets unsupported\n");
- goto end;
-#else
- unix_path = opt_arg();
+ case OPT_ACCEPT:
+#ifdef AF_UNIX
+ if (socket_family == AF_UNIX) {
+ socket_family = AF_UNSPEC;
+ }
#endif
+ OPENSSL_free(port); port = NULL;
+ OPENSSL_free(host); host = NULL;
+ if (BIO_parse_hostserv(opt_arg(), &host, &port, BIO_PARSE_PRIO_SERV) < 1) {
+ BIO_printf(bio_err,
+ "%s: -accept argument malformed or ambiguous\n",
+ port);
+ goto end;
+ }
+ break;
+#ifdef AF_UNIX
+ case OPT_UNIX:
+ socket_family = AF_UNIX;
+ OPENSSL_free(host); host = BUF_strdup(opt_arg());
+ OPENSSL_free(port); port = NULL;
break;
case OPT_UNLINK:
-#ifdef NO_SYS_UN_H
- BIO_printf(bio_err, "unix domain sockets unsupported\n");
- goto end;
-#else
unlink_unix_path = 1;
-#endif
break;
+#endif
case OPT_NACCEPT:
naccept = atol(opt_arg());
break;
case OPT_TRACE:
#ifndef OPENSSL_NO_SSL_TRACE
s_msg = 2;
-#else
- break;
#endif
+ break;
case OPT_SECURITY_DEBUG:
sdebug = 1;
break;
case OPT_PSK:
#ifndef OPENSSL_NO_PSK
for (p = psk_key = opt_arg(); *p; p++) {
- if (isxdigit(*p))
+ if (isxdigit(_UC(*p)))
continue;
BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
goto end;
case OPT_ALPN:
alpn_in = opt_arg();
break;
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
- case OPT_JPAKE:
- jpake_secret = opt_arg();
- break;
-#else
- case OPT_JPAKE:
- goto opthelp;
-#endif
case OPT_SRTP_PROFILES:
+#ifndef OPENSSL_NO_SRTP
srtp_profiles = opt_arg();
+#endif
break;
case OPT_KEYMATEXPORT:
keymatexportlabel = opt_arg();
case OPT_ASYNC:
async = 1;
break;
+ case OPT_SPLIT_SEND_FRAG:
+ split_send_fragment = atoi(opt_arg());
+ if (split_send_fragment == 0) {
+ /* Not allowed - set to a deliberately bad value */
+ split_send_fragment = -1;
+ }
+ break;
+ case OPT_MAX_PIPELINES:
+ max_pipelines = atoi(opt_arg());
+ break;
}
}
argc = opt_num_rest();
}
#endif
- if (unix_path && (socket_type != SOCK_STREAM)) {
+#ifdef AF_UNIX
+ if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
BIO_printf(bio_err,
"Can't use unix sockets and datagrams together\n");
goto end;
}
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
- if (jpake_secret) {
- if (psk_key) {
- BIO_printf(bio_err, "Can't use JPAKE and PSK together\n");
- goto end;
- }
- psk_identity = "JPAKE";
- }
#endif
+ if (split_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) {
+ BIO_printf(bio_err, "Bad split send fragment size\n");
+ goto end;
+ }
+
+ if (max_pipelines > SSL_MAX_PIPELINES) {
+ BIO_printf(bio_err, "Bad max pipelines value\n");
+ goto end;
+ }
+
if (!app_passwd(passarg, dpassarg, &pass, &dpass)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
s_cert = load_cert(s_cert_file, s_cert_format,
- NULL, e, "server certificate file");
+ "server certificate file");
if (!s_cert) {
ERR_print_errors(bio_err);
goto end;
}
if (s_chain_file) {
- if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e,
+ if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL,
"server certificate chain"))
goto end;
}
}
s_cert2 = load_cert(s_cert_file2, s_cert_format,
- NULL, e, "second server certificate file");
+ "second server certificate file");
if (!s_cert2) {
ERR_print_errors(bio_err);
}
s_dcert = load_cert(s_dcert_file, s_dcert_format,
- NULL, e, "second server certificate file");
+ "second server certificate file");
if (!s_dcert) {
ERR_print_errors(bio_err);
goto end;
}
if (s_dchain_file) {
- if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e,
+ if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL,
"second server certificate chain"))
goto end;
}
}
ctx = SSL_CTX_new(meth);
- if (sdebug)
- ssl_ctx_security_debug(ctx, sdebug);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
}
+ if (sdebug)
+ ssl_ctx_security_debug(ctx, sdebug);
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
if (async) {
SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC);
- ASYNC_init(1, 0, 0);
+ }
+ if (split_send_fragment > 0) {
+ SSL_CTX_set_split_send_fragment(ctx, split_send_fragment);
+ }
+ if (max_pipelines > 0) {
+ SSL_CTX_set_max_pipelines(ctx, max_pipelines);
}
#ifndef OPENSSL_NO_SRTP
}
ssl_ctx_add_crls(ctx, crls, 0);
- if (!config_ctx(cctx, ssl_args, ctx, jpake_secret == NULL))
+ if (!config_ctx(cctx, ssl_args, ctx))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
}
ssl_ctx_add_crls(ctx2, crls, 0);
- if (!config_ctx(cctx, ssl_args, ctx2, jpake_secret == NULL))
+ if (!config_ctx(cctx, ssl_args, ctx2))
goto end;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
not_resumable_sess_cb);
}
#ifndef OPENSSL_NO_PSK
-# ifdef OPENSSL_NO_JPAKE
- if (psk_key != NULL)
-# else
- if (psk_key != NULL || jpake_secret)
-# endif
- {
+ if (psk_key != NULL) {
if (s_debug)
BIO_printf(bio_s_out,
- "PSK key given or JPAKE in use, setting server callback\n");
+ "PSK key given, setting server callback\n");
SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
}
server_cb = www_body;
else
server_cb = sv_body;
-#ifndef NO_SYS_UN_H
- if (unix_path) {
- if (unlink_unix_path)
- unlink(unix_path);
- do_server_unix(unix_path, &accept_socket, server_cb, context,
- naccept);
- } else
+#ifdef AF_UNIX
+ if (socket_family == AF_UNIX
+ && unlink_unix_path)
+ unlink(host);
#endif
- do_server(port, socket_type, &accept_socket, server_cb, context,
- naccept);
+ do_server(&accept_socket, host, port, socket_family, socket_type,
+ server_cb, context, naccept);
print_stats(bio_s_out, ctx);
ret = 0;
end:
sk_X509_pop_free(s_dchain, X509_free);
OPENSSL_free(pass);
OPENSSL_free(dpass);
+ OPENSSL_free(host);
+ OPENSSL_free(port);
X509_VERIFY_PARAM_free(vpm);
free_sessions();
OPENSSL_free(tlscstatp.host);
bio_s_out = NULL;
BIO_free(bio_s_msg);
bio_s_msg = NULL;
- if (async) {
- ASYNC_cleanup(1);
- }
return (ret);
}
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
-static int sv_body(char *hostname, int s, int stype, unsigned char *context)
+static int sv_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
fd_set readfds;
#endif
buf = app_malloc(bufsize, "server buffer");
-#ifdef FIONBIO
if (s_nbio) {
- unsigned long sl = 1;
-
- if (!s_quiet)
- BIO_printf(bio_err, "turning on non blocking io\n");
- if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
+ if (!BIO_socket_nbio(s, 1))
ERR_print_errors(bio_err);
+ else if (!s_quiet)
+ BIO_printf(bio_err, "Turned on non blocking io\n");
}
-#endif
if (con == NULL) {
con = SSL_new(ctx);
test = BIO_new(BIO_f_nbio_test());
sbio = BIO_push(test, sbio);
}
-#ifndef OPENSSL_NO_JPAKE
- if (jpake_secret)
- jpake_server_auth(bio_s_out, sbio, jpake_secret);
-#endif
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
if ((i <= 0) || (buf[0] == 'Q')) {
BIO_printf(bio_s_out, "DONE\n");
(void)BIO_flush(bio_s_out);
- SHUTDOWN(s);
+ BIO_closesocket(s);
close_accept_socket();
ret = -11;
goto err;
BIO_printf(bio_s_out, "DONE\n");
(void)BIO_flush(bio_s_out);
if (SSL_version(con) != DTLS1_VERSION)
- SHUTDOWN(s);
+ BIO_closesocket(s);
/*
* close_accept_socket(); ret= -11;
*/
#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during write\n");
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
{
BIO_printf(bio_err, "shutdown accept socket\n");
if (accept_socket >= 0) {
- SHUTDOWN2(accept_socket);
+ BIO_closesocket(accept_socket);
}
}
BIO_printf(bio_err, "ERROR - memory\n");
return 0;
}
- i = DTLSv1_listen(con, &client);
+ i = DTLSv1_listen(con, client);
if (i > 0) {
BIO *wbio;
int fd = -1;
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
srp_callback_parm.login);
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
srtp_profile->name);
}
#endif
- if (SSL_cache_hit(con))
+ if (SSL_session_reused(con))
BIO_printf(bio_s_out, "Reused session-id\n");
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
}
#endif
-static int www_body(char *hostname, int s, int stype, unsigned char *context)
+static int www_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int ret = 1;
if ((io == NULL) || (ssl_bio == NULL))
goto err;
-#ifdef FIONBIO
if (s_nbio) {
- unsigned long sl = 1;
-
- if (!s_quiet)
- BIO_printf(bio_err, "turning on non blocking io\n");
- if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
+ if (!BIO_socket_nbio(s, 1))
ERR_print_errors(bio_err);
+ else if (!s_quiet)
+ BIO_printf(bio_err, "Turned on non blocking io\n");
}
-#endif
/* lets make the output buffer a reasonable size */
if (!BIO_set_write_buffer_size(io, bufsize))
if (BIO_should_io_special(io)
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
#ifndef OPENSSL_NO_EC
ssl_print_curves(io, con, 0);
#endif
- BIO_printf(io, (SSL_cache_hit(con)
+ BIO_printf(io, (SSL_session_reused(con)
? "---\nReused, " : "---\nNew, "));
c = SSL_get_current_cipher(con);
BIO_printf(io, "%s, Cipher is %s\n",
return (ret);
}
-static int rev_body(char *hostname, int s, int stype, unsigned char *context)
+static int rev_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int i;
if (BIO_should_io_special(io)
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during accept\n");
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);
if (BIO_should_io_special(io)
&& BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+ SRP_user_pwd_free(srp_callback_parm.user);
srp_callback_parm.user =
- SRP_VBASE_get_by_user(srp_callback_parm.vb,
- srp_callback_parm.login);
+ SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+ srp_callback_parm.login);
if (srp_callback_parm.user)
BIO_printf(bio_s_out, "LOOKUP done %s\n",
srp_callback_parm.user->info);