← Back to branch summary

~andersk/ubuntu/oneiric/openssl/spurious-reboot

« back to all changes in this revision

Viewing changes to apps/s_server.c

  • Committer: Bazaar Package Importer
  • Author(s): Colin Watson
  • Date: 2011-05-01 23:51:53 UTC
  • mfrom: (11.1.20 sid)
  • Revision ID: james.westby@ubuntu.com-20110501235153-bjcxitndquaezb68
Tags: 1.0.0d-2ubuntu1
https://launchpad.net/bugs/675566
* Resynchronise with Debian (LP: #675566).  Remaining changes:
  - debian/libssl1.0.0.postinst:
    + Display a system restart required notification bubble on libssl1.0.0
      upgrade.
    + Use a different priority for libssl1.0.0/restart-services depending
      on whether a desktop, or server dist-upgrade is being performed.
  - debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
    libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
    in Debian).
  - debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
    rules}: Move runtime libraries to /lib, for the benefit of
    wpasupplicant.
  - debian/patches/aesni.patch: Backport Intel AES-NI support, now from
    http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
    0.9.8 variant.
  - debian/patches/Bsymbolic-functions.patch: Link using
    -Bsymbolic-functions.
  - debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
    .pc.
  - debian/rules:
    + Don't run 'make test' when cross-building.
    + Use host compiler when cross-building.  Patch from Neil Williams.
    + Don't build for processors no longer supported: i486, i586 (on
      i386), v8 (on sparc).
    + Fix Makefile to properly clean up libs/ dirs in clean target.
    + Replace duplicate files in the doc directory with symlinks.
* Update architectures affected by Bsymbolic-functions.patch.
* Drop debian/patches/no-sslv2.patch; Debian now adds the 'no-ssl2'
  configure option, which compiles out SSLv2 support entirely, so this is
  no longer needed.
* Drop openssl-doc in favour of the libssl-doc package introduced by
  Debian.  Add Conflicts/Replaces until the next LTS release.

Show diffs side-by-side

added added

removed removed

Lines of Context:
apps/s_server.c
56
56
 * [including the GNU Public Licence.]
57
57
 */
58
58
/* ====================================================================
59
 
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 
59
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60
60
 *
61
61
 * Redistribution and use in source and binary forms, with or without
62
62
 * modification, are permitted provided that the following conditions
113
113
 * ECC cipher suite support in OpenSSL originally developed by 
114
114
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115
115
 */
 
116
/* ====================================================================
 
117
 * Copyright 2005 Nokia. All rights reserved.
 
118
 *
 
119
 * The portions of the attached software ("Contribution") is developed by
 
120
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 
121
 * license.
 
122
 *
 
123
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 
124
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 
125
 * support (see RFC 4279) to OpenSSL.
 
126
 *
 
127
 * No patent licenses or other rights except those expressly stated in
 
128
 * the OpenSSL open source license shall be deemed granted or received
 
129
 * expressly, by implication, estoppel, or otherwise.
 
130
 *
 
131
 * No assurances are provided by Nokia that the Contribution does not
 
132
 * infringe the patent or other intellectual property rights of any third
 
133
 * party or that the license provides you with all the necessary rights
 
134
 * to make use of the Contribution.
 
135
 *
 
136
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 
137
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 
138
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 
139
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 
140
 * OTHERWISE.
 
141
 */
116
142
 
117
143
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
118
144
 * deprecated functions for openssl-internal code */
121
147
#endif
122
148
 
123
149
#include <assert.h>
 
150
#include <ctype.h>
124
151
#include <stdio.h>
125
152
#include <stdlib.h>
126
153
#include <string.h>
127
154
 
128
 
#include <sys/stat.h>
129
155
#include <openssl/e_os2.h>
130
156
#ifdef OPENSSL_NO_STDIO
131
157
#define APPS_WIN16
163
189
#include "s_apps.h"
164
190
#include "timeouts.h"
165
191
 
166
 
#ifdef OPENSSL_SYS_WINCE
167
 
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
168
 
#ifdef fileno
169
 
#undef fileno
170
 
#endif
171
 
#define fileno(a) (int)_fileno(a)
172
 
#endif
173
 
 
174
192
#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
175
193
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
176
194
#undef FIONBIO
177
195
#endif
178
196
 
 
197
#if defined(OPENSSL_SYS_BEOS_R5)
 
198
#include <fcntl.h>
 
199
#endif
 
200
 
179
201
#ifndef OPENSSL_NO_RSA
180
202
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
181
203
#endif
196
218
static void s_server_init(void);
197
219
#endif
198
220
 
199
 
#ifndef S_ISDIR
200
 
# if defined(_S_IFMT) && defined(_S_IFDIR)
201
 
#  define S_ISDIR(a)    (((a) & _S_IFMT) == _S_IFDIR)
202
 
# else
203
 
#  define S_ISDIR(a)    (((a) & S_IFMT) == S_IFDIR)
204
 
# endif
205
 
#endif
206
 
 
207
221
#ifndef OPENSSL_NO_DH
208
222
static unsigned char dh512_p[]={
209
223
        0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
245
259
#undef PROG
246
260
#define PROG            s_server_main
247
261
 
248
 
extern int verify_depth;
 
262
extern int verify_depth, verify_return_error;
249
263
 
250
264
static char *cipher=NULL;
251
265
static int s_server_verify=SSL_VERIFY_NONE;
288
302
static int cert_chain = 0;
289
303
#endif
290
304
 
 
305
#ifndef OPENSSL_NO_PSK
 
306
static char *psk_identity="Client_identity";
 
307
char *psk_key=NULL; /* by default PSK is not used */
 
308
 
 
309
static unsigned int psk_server_cb(SSL *ssl, const char *identity,
 
310
        unsigned char *psk, unsigned int max_psk_len)
 
311
        {
 
312
        unsigned int psk_len = 0;
 
313
        int ret;
 
314
        BIGNUM *bn = NULL;
 
315
 
 
316
        if (s_debug)
 
317
                BIO_printf(bio_s_out,"psk_server_cb\n");
 
318
        if (!identity)
 
319
                {
 
320
                BIO_printf(bio_err,"Error: client did not send PSK identity\n");
 
321
                goto out_err;
 
322
                }
 
323
        if (s_debug)
 
324
                BIO_printf(bio_s_out,"identity_len=%d identity=%s\n",
 
325
                        identity ? (int)strlen(identity) : 0, identity);
 
326
 
 
327
        /* here we could lookup the given identity e.g. from a database */
 
328
        if (strcmp(identity, psk_identity) != 0)
 
329
                {
 
330
                BIO_printf(bio_s_out, "PSK error: client identity not found"
 
331
                           " (got '%s' expected '%s')\n", identity,
 
332
                           psk_identity);
 
333
                goto out_err;
 
334
                }
 
335
        if (s_debug)
 
336
                BIO_printf(bio_s_out, "PSK client identity found\n");
 
337
 
 
338
        /* convert the PSK key to binary */
 
339
        ret = BN_hex2bn(&bn, psk_key);
 
340
        if (!ret)
 
341
                {
 
342
                BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
 
343
                if (bn)
 
344
                        BN_free(bn);
 
345
                return 0;
 
346
                }
 
347
        if (BN_num_bytes(bn) > (int)max_psk_len)
 
348
                {
 
349
                BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
 
350
                        max_psk_len, BN_num_bytes(bn));
 
351
                BN_free(bn);
 
352
                return 0;
 
353
                }
 
354
 
 
355
        ret = BN_bn2bin(bn, psk);
 
356
        BN_free(bn);
 
357
 
 
358
        if (ret < 0)
 
359
                goto out_err;
 
360
        psk_len = (unsigned int)ret;
 
361
 
 
362
        if (s_debug)
 
363
                BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
 
364
        return psk_len;
 
365
 out_err:
 
366
        if (s_debug)
 
367
                BIO_printf(bio_err, "Error in PSK server callback\n");
 
368
        return 0;
 
369
        }
 
370
#endif
291
371
 
292
372
#ifdef MONOLITH
293
373
static void s_server_init(void)
352
432
#ifndef OPENSSL_NO_ECDH
353
433
        BIO_printf(bio_err," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
354
434
                           "                 Use \"openssl ecparam -list_curves\" for all names\n" \
355
 
                           "                 (default is sect163r2).\n");
 
435
                           "                 (default is nistp256).\n");
356
436
#endif
357
437
#ifdef FIONBIO
358
438
        BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
369
449
        BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
370
450
        BIO_printf(bio_err," -quiet        - No server output\n");
371
451
        BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
 
452
#ifndef OPENSSL_NO_PSK
 
453
        BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
 
454
        BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
 
455
# ifndef OPENSSL_NO_JPAKE
 
456
        BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
 
457
# endif
 
458
#endif
372
459
        BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
373
460
        BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
374
461
        BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
587
674
                        return p->extension_error;
588
675
                if (ctx2)
589
676
                        {
590
 
                        BIO_printf(p->biodebug,"Swiching server context.\n");
 
677
                        BIO_printf(p->biodebug,"Switching server context.\n");
591
678
                        SSL_set_SSL_CTX(s,ctx2);
592
679
                        }     
593
680
                }
626
713
        int use_ssl;
627
714
        unsigned char *rspder = NULL;
628
715
        int rspderlen;
629
 
        STACK *aia = NULL;
 
716
        STACK_OF(OPENSSL_STRING) *aia = NULL;
630
717
        X509 *x = NULL;
631
718
        X509_STORE_CTX inctx;
632
719
        X509_OBJECT obj;
648
735
        aia = X509_get1_ocsp(x);
649
736
        if (aia)
650
737
                {
651
 
                if (!OCSP_parse_url(sk_value(aia, 0),
 
738
                if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
652
739
                        &host, &port, &path, &use_ssl))
653
740
                        {
654
741
                        BIO_puts(err, "cert_status: can't parse AIA URL\n");
656
743
                        }
657
744
                if (srctx->verbose)
658
745
                        BIO_printf(err, "cert_status: AIA URL: %s\n",
659
 
                                        sk_value(aia, 0));
 
746
                                        sk_OPENSSL_STRING_value(aia, 0));
660
747
                }
661
748
        else
662
749
                {
701
788
                if (!OCSP_REQUEST_add_ext(req, ext, -1))
702
789
                        goto err;
703
790
                }
704
 
        resp = process_responder(err, req, host, path, port, use_ssl,
 
791
        resp = process_responder(err, req, host, path, port, use_ssl, NULL,
705
792
                                        srctx->timeout);
706
793
        if (!resp)
707
794
                {
740
827
        goto done;
741
828
        }
742
829
#endif
 
830
 
743
831
int MAIN(int, char **);
744
832
 
745
833
#ifndef OPENSSL_NO_JPAKE
748
836
 
749
837
int MAIN(int argc, char *argv[])
750
838
        {
751
 
        X509_STORE *store = NULL;
752
 
        int vflags = 0;
 
839
        X509_VERIFY_PARAM *vpm = NULL;
 
840
        int badarg = 0;
753
841
        short port=PORT;
754
842
        char *CApath=NULL,*CAfile=NULL;
755
843
        unsigned char *context = NULL;
762
850
        int off=0;
763
851
        int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
764
852
        int state=0;
765
 
        SSL_METHOD *meth=NULL;
766
 
        int socket_type=SOCK_STREAM;
 
853
        const SSL_METHOD *meth=NULL;
 
854
        int socket_type=SOCK_STREAM;
767
855
        ENGINE *e=NULL;
768
856
        char *inrand=NULL;
769
857
        int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
780
868
#ifndef OPENSSL_NO_TLSEXT
781
869
        tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
782
870
#endif
783
 
 
 
871
#ifndef OPENSSL_NO_PSK
 
872
        /* by default do not send a PSK identity hint */
 
873
        static char *psk_identity_hint=NULL;
 
874
#endif
784
875
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
785
876
        meth=SSLv23_server_method();
786
877
#elif !defined(OPENSSL_NO_SSL3)
914
1005
                        }
915
1006
                else if (strcmp(*argv,"-no_cache") == 0)
916
1007
                        no_cache = 1;
917
 
                else if (strcmp(*argv,"-crl_check") == 0)
918
 
                        {
919
 
                        vflags |= X509_V_FLAG_CRL_CHECK;
920
 
                        }
921
 
                else if (strcmp(*argv,"-crl_check_all") == 0)
922
 
                        {
923
 
                        vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
924
 
                        }
 
1008
                else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
 
1009
                        {
 
1010
                        if (badarg)
 
1011
                                goto bad;
 
1012
                        continue;
 
1013
                        }
 
1014
                else if (strcmp(*argv,"-verify_return_error") == 0)
 
1015
                        verify_return_error = 1;
925
1016
                else if (strcmp(*argv,"-serverpref") == 0)
926
1017
                        { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
927
1018
                else if (strcmp(*argv,"-legacy_renegotiation") == 0)
998
1089
                        { no_dhe=1; }
999
1090
                else if (strcmp(*argv,"-no_ecdhe") == 0)
1000
1091
                        { no_ecdhe=1; }
 
1092
#ifndef OPENSSL_NO_PSK
 
1093
                else if (strcmp(*argv,"-psk_hint") == 0)
 
1094
                        {
 
1095
                        if (--argc < 1) goto bad;
 
1096
                        psk_identity_hint= *(++argv);
 
1097
                        }
 
1098
                else if (strcmp(*argv,"-psk") == 0)
 
1099
                        {
 
1100
                        size_t i;
 
1101
 
 
1102
                        if (--argc < 1) goto bad;
 
1103
                        psk_key=*(++argv);
 
1104
                        for (i=0; i<strlen(psk_key); i++)
 
1105
                                {
 
1106
                                if (isxdigit((int)psk_key[i]))
 
1107
                                        continue;
 
1108
                                BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
 
1109
                                goto bad;
 
1110
                                }
 
1111
                        }
 
1112
#endif
1001
1113
                else if (strcmp(*argv,"-www") == 0)
1002
1114
                        { www=1; }
1003
1115
                else if (strcmp(*argv,"-WWW") == 0)
1010
1122
                        { off|=SSL_OP_NO_SSLv3; }
1011
1123
                else if (strcmp(*argv,"-no_tls1") == 0)
1012
1124
                        { off|=SSL_OP_NO_TLSv1; }
 
1125
                else if (strcmp(*argv,"-no_comp") == 0)
 
1126
                        { off|=SSL_OP_NO_COMPRESSION; }
1013
1127
#ifndef OPENSSL_NO_TLSEXT
1014
1128
                else if (strcmp(*argv,"-no_ticket") == 0)
1015
1129
                        { off|=SSL_OP_NO_TICKET; }
1079
1193
                        }
1080
1194
                        
1081
1195
#endif
1082
 
#ifndef OPENSSL_NO_JPAKE
 
1196
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1083
1197
                else if (strcmp(*argv,"-jpake") == 0)
1084
1198
                        {
1085
1199
                        if (--argc < 1) goto bad;
1102
1216
                goto end;
1103
1217
                }
1104
1218
 
 
1219
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
 
1220
        if (jpake_secret)
 
1221
                {
 
1222
                if (psk_key)
 
1223
                        {
 
1224
                        BIO_printf(bio_err,
 
1225
                                   "Can't use JPAKE and PSK together\n");
 
1226
                        goto end;
 
1227
                        }
 
1228
                psk_identity = "JPAKE";
 
1229
                if (cipher)
 
1230
                        {
 
1231
                        BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
 
1232
                        goto end;
 
1233
                        }
 
1234
                cipher = "PSK";
 
1235
                }
 
1236
 
 
1237
#endif
 
1238
 
1105
1239
        SSL_load_error_strings();
1106
1240
        OpenSSL_add_ssl_algorithms();
1107
1241
 
1164
1298
                        }
1165
1299
#endif
1166
1300
                }
 
1301
 
 
1302
 
1167
1303
        if (s_dcert_file)
1168
1304
                {
1169
1305
 
1282
1418
                ERR_print_errors(bio_err);
1283
1419
                /* goto end; */
1284
1420
                }
1285
 
        store = SSL_CTX_get_cert_store(ctx);
1286
 
        X509_STORE_set_flags(store, vflags);
 
1421
        if (vpm)
 
1422
                SSL_CTX_set1_param(ctx, vpm);
 
1423
 
1287
1424
#ifndef OPENSSL_NO_TLSEXT
1288
1425
        if (s_cert2)
1289
1426
                {
1319
1456
                if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);
1320
1457
                if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1321
1458
                SSL_CTX_set_options(ctx2,off);
1322
 
 
1323
1459
                /* DTLS: partial reads end up discarding unread UDP bytes :-( 
1324
1460
                 * Setting read ahead solves this problem.
1325
1461
                 */
1326
1462
                if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);
1327
1463
 
1328
 
 
1329
1464
                if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
1330
1465
 
1331
1466
                if (no_cache)
1338
1473
                        {
1339
1474
                        ERR_print_errors(bio_err);
1340
1475
                        }
1341
 
                store = SSL_CTX_get_cert_store(ctx2);
1342
 
                X509_STORE_set_flags(store, vflags);
 
1476
                if (vpm)
 
1477
                        SSL_CTX_set1_param(ctx2, vpm);
1343
1478
                }
1344
1479
#endif 
1345
1480
 
1346
 
 
1347
1481
#ifndef OPENSSL_NO_DH
1348
1482
        if (!no_dhe)
1349
1483
                {
1419
1553
                else
1420
1554
                        {
1421
1555
                        BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
1422
 
                        ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
 
1556
                        ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1423
1557
                        if (ecdh == NULL) 
1424
1558
                                {
1425
 
                                BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
 
1559
                                BIO_printf(bio_err, "unable to create curve (nistp256)\n");
1426
1560
                                goto end;
1427
1561
                                }
1428
1562
                        }
1457
1591
#ifndef OPENSSL_NO_TLSEXT
1458
1592
                if (ctx2) 
1459
1593
                        SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);
1460
 
#endif  
 
1594
#endif          
1461
1595
                }
1462
1596
#else
1463
1597
        if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
1490
1624
#endif
1491
1625
#endif
1492
1626
 
 
1627
#ifndef OPENSSL_NO_PSK
 
1628
#ifdef OPENSSL_NO_JPAKE
 
1629
        if (psk_key != NULL)
 
1630
#else
 
1631
        if (psk_key != NULL || jpake_secret)
 
1632
#endif
 
1633
                {
 
1634
                if (s_debug)
 
1635
                        BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
 
1636
                SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
 
1637
                }
 
1638
 
 
1639
        if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint))
 
1640
                {
 
1641
                BIO_printf(bio_err,"error setting PSK identity hint to context\n");
 
1642
                ERR_print_errors(bio_err);
 
1643
                goto end;
 
1644
                }
 
1645
#endif
 
1646
 
1493
1647
        if (cipher != NULL)
1494
 
                if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
1495
 
                BIO_printf(bio_err,"error setting cipher list\n");
1496
 
                ERR_print_errors(bio_err);
1497
 
                goto end;
 
1648
                {
 
1649
                if(!SSL_CTX_set_cipher_list(ctx,cipher))
 
1650
                        {
 
1651
                        BIO_printf(bio_err,"error setting cipher list\n");
 
1652
                        ERR_print_errors(bio_err);
 
1653
                        goto end;
 
1654
                        }
1498
1655
#ifndef OPENSSL_NO_TLSEXT
1499
1656
                if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))
1500
1657
                        {
1503
1660
                        goto end;
1504
1661
                        }
1505
1662
#endif
1506
 
        }
 
1663
                }
1507
1664
        SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
1508
1665
        SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
1509
1666
                sizeof s_server_session_id_context);
1526
1683
                SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1527
1684
                }
1528
1685
#endif
 
1686
 
1529
1687
        if (CAfile != NULL)
1530
1688
                {
1531
1689
                SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
1534
1692
                        SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile));
1535
1693
#endif
1536
1694
                }
 
1695
 
1537
1696
        BIO_printf(bio_s_out,"ACCEPT\n");
 
1697
        (void)BIO_flush(bio_s_out);
1538
1698
        if (www)
1539
1699
                do_server(port,socket_type,&accept_socket,www_body, context);
1540
1700
        else
1606
1766
        SSL *con=NULL;
1607
1767
        BIO *sbio;
1608
1768
        struct timeval timeout;
1609
 
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
 
1769
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
1610
1770
        struct timeval tv;
1611
1771
#else
1612
1772
        struct timeval *timeoutp;
1658
1818
                                                 strlen((char *)context));
1659
1819
        }
1660
1820
        SSL_clear(con);
 
1821
#if 0
 
1822
#ifdef TLSEXT_TYPE_opaque_prf_input
 
1823
        SSL_set_tlsext_opaque_prf_input(con, "Test server", 11);
 
1824
#endif
 
1825
#endif
1661
1826
 
1662
1827
        if (SSL_version(con) == DTLS1_VERSION)
1663
1828
                {
1664
1829
 
1665
1830
                sbio=BIO_new_dgram(s,BIO_NOCLOSE);
1666
1831
 
1667
 
                if ( enable_timeouts)
 
1832
                if (enable_timeouts)
1668
1833
                        {
1669
1834
                        timeout.tv_sec = 0;
1670
1835
                        timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1675
1840
                        BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
1676
1841
                        }
1677
1842
 
1678
 
                
1679
1843
                if (socket_mtu > 28)
1680
1844
                        {
1681
1845
                        SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1738
1902
                if (!read_from_sslcon)
1739
1903
                        {
1740
1904
                        FD_ZERO(&readfds);
1741
 
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
1742
 
                        FD_SET(fileno(stdin),&readfds);
 
1905
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5)
 
1906
                        openssl_fdset(fileno(stdin),&readfds);
1743
1907
#endif
1744
 
                        FD_SET(s,&readfds);
 
1908
                        openssl_fdset(s,&readfds);
1745
1909
                        /* Note: under VMS with SOCKETSHR the second parameter is
1746
1910
                         * currently of type (int *) whereas under other systems
1747
1911
                         * it is (void *) if you don't have a cast it will choke
1760
1924
                        if((i < 0) || (!i && !_kbhit() ) )continue;
1761
1925
                        if(_kbhit())
1762
1926
                                read_from_terminal = 1;
 
1927
#elif defined(OPENSSL_SYS_BEOS_R5)
 
1928
                        /* Under BeOS-R5 the situation is similar to DOS */
 
1929
                        tv.tv_sec = 1;
 
1930
                        tv.tv_usec = 0;
 
1931
                        (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
 
1932
                        i=select(width,(void *)&readfds,NULL,NULL,&tv);
 
1933
                        if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0))
 
1934
                                continue;
 
1935
                        if (read(fileno(stdin), buf, 0) >= 0)
 
1936
                                read_from_terminal = 1;
 
1937
                        (void)fcntl(fileno(stdin), F_SETFL, 0);
1763
1938
#else
1764
1939
                        if ((SSL_version(con) == DTLS1_VERSION) &&
1765
1940
                                DTLSv1_get_timeout(con, &timeout))
1787
1962
                                {
1788
1963
                                int j, lf_num;
1789
1964
 
1790
 
                                i=read(fileno(stdin), buf, bufsize/2);
 
1965
                                i=raw_read_stdin(buf, bufsize/2);
1791
1966
                                lf_num = 0;
1792
1967
                                /* both loops are skipped when i <= 0 */
1793
1968
                                for (j = 0; j < i; j++)
1806
1981
                                assert(lf_num == 0);
1807
1982
                                }
1808
1983
                        else
1809
 
                                i=read(fileno(stdin),buf,bufsize);
 
1984
                                i=raw_read_stdin(buf,bufsize);
1810
1985
                        if (!s_quiet)
1811
1986
                                {
1812
1987
                                if ((i <= 0) || (buf[0] == 'Q'))
1826
2001
                                        ret= -11;*/
1827
2002
                                        goto err;
1828
2003
                                        }
 
2004
 
1829
2005
                                if ((buf[0] == 'r') && 
1830
2006
                                        ((buf[1] == '\n') || (buf[1] == '\r')))
1831
2007
                                        {
1922
2098
#ifdef CHARSET_EBCDIC
1923
2099
                                        ascii2ebcdic(buf,buf,i);
1924
2100
#endif
1925
 
                                        write(fileno(stdout),buf,
 
2101
                                        raw_write_stdout(buf,
1926
2102
                                                (unsigned int)i);
1927
2103
                                        if (SSL_pending(con)) goto again;
1928
2104
                                        break;
1946
2122
                        }
1947
2123
                }
1948
2124
err:
1949
 
        BIO_printf(bio_s_out,"shutting down SSL\n");
 
2125
        if (con != NULL)
 
2126
                {
 
2127
                BIO_printf(bio_s_out,"shutting down SSL\n");
1950
2128
#if 1
1951
 
        SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 
2129
                SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
1952
2130
#else
1953
 
        SSL_shutdown(con);
 
2131
                SSL_shutdown(con);
1954
2132
#endif
1955
 
        if (con != NULL) SSL_free(con);
 
2133
                SSL_free(con);
 
2134
                }
1956
2135
        BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
1957
2136
        if (buf != NULL)
1958
2137
                {
2075
2254
        {
2076
2255
        char *buf=NULL;
2077
2256
        int ret=1;
2078
 
        int i,j,k,blank,dot;
2079
 
        struct stat st_buf;
 
2257
        int i,j,k,dot;
2080
2258
        SSL *con;
2081
 
        SSL_CIPHER *c;
 
2259
        const SSL_CIPHER *c;
2082
2260
        BIO *io,*ssl_bio,*sbio;
2083
 
        long total_bytes;
2084
2261
 
2085
2262
        buf=OPENSSL_malloc(bufsize);
2086
2263
        if (buf == NULL) return(0);
2151
2328
                SSL_set_msg_callback_arg(con, bio_s_out);
2152
2329
                }
2153
2330
 
2154
 
        blank=0;
2155
2331
        for (;;)
2156
2332
                {
2157
2333
                if (hack)
2348
2524
#endif
2349
2525
 
2350
2526
                        /* if a directory, do the index thang */
2351
 
                        if (stat(p,&st_buf) < 0)
2352
 
                                {
2353
 
                                BIO_puts(io,text);
2354
 
                                BIO_printf(io,"Error accessing '%s'\r\n",p);
2355
 
                                ERR_print_errors(io);
2356
 
                                break;
2357
 
                                }
2358
 
                        if (S_ISDIR(st_buf.st_mode))
 
2527
                        if (app_isdir(p)>0)
2359
2528
                                {
2360
2529
#if 0 /* must check buffer size */
2361
2530
                                strcat(p,"/index.html");
2388
2557
                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
2389
2558
                                }
2390
2559
                        /* send the file */
2391
 
                        total_bytes=0;
2392
2560
                        for (;;)
2393
2561
                                {
2394
2562
                                i=BIO_read(file,buf,bufsize);