2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
87 * 6. Redistributions of any form whatsoever must retain the following
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
118 * Until the key-gen callbacks are modified to use newer prototypes, we allow
119 * deprecated functions for openssl-internal code
121 #ifdef OPENSSL_NO_DEPRECATED
122 # undef OPENSSL_NO_DEPRECATED
130 #include <sys/stat.h>
131 #include <openssl/e_os2.h>
132 #ifdef OPENSSL_NO_STDIO
136 /* conflicts with winsock2 stuff on netware */
137 #if !defined(OPENSSL_SYS_NETWARE)
138 # include <sys/types.h>
142 * With IPv6, it looks like Digital has mixed up the proper order of
143 * recursive header file inclusion, resulting in the compiler complaining
144 * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
145 * needed to have fileno() declared correctly... So let's define u_int
147 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
149 typedef unsigned int u_int;
152 #include <openssl/lhash.h>
153 #include <openssl/bn.h>
156 #include <openssl/err.h>
157 #include <openssl/pem.h>
158 #include <openssl/x509.h>
159 #include <openssl/ssl.h>
160 #include <openssl/rand.h>
161 #include <openssl/ocsp.h>
162 #ifndef OPENSSL_NO_DH
163 # include <openssl/dh.h>
165 #ifndef OPENSSL_NO_RSA
166 # include <openssl/rsa.h>
169 #include "timeouts.h"
171 #ifdef OPENSSL_SYS_WINCE
173 * Windows CE incorrectly defines fileno as returning void*, so to avoid
179 # define fileno(a) (int)_fileno(a)
182 #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
183 /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
187 #ifndef OPENSSL_NO_RSA
188 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
190 static int sv_body(char *hostname, int s, unsigned char *context);
191 static int www_body(char *hostname, int s, unsigned char *context);
192 static void close_accept_socket(void);
193 static void sv_usage(void);
194 static int init_ssl_connection(SSL *s);
195 static void print_stats(BIO *bp, SSL_CTX *ctx);
196 static int generate_session_id(const SSL *ssl, unsigned char *id,
197 unsigned int *id_len);
198 #ifndef OPENSSL_NO_DH
199 static DH *load_dh_param(const char *dhfile);
200 static DH *get_dh512(void);
204 static void s_server_init(void);
208 # if defined(_S_IFMT) && defined(_S_IFDIR)
209 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
211 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
215 #ifndef OPENSSL_NO_DH
216 static unsigned char dh512_p[] = {
217 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
218 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
219 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
220 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
221 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
222 0x47, 0x74, 0xE8, 0x33,
225 static unsigned char dh512_g[] = {
229 static DH *get_dh512(void)
233 if ((dh = DH_new()) == NULL)
235 dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
236 dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
237 if ((dh->p == NULL) || (dh->g == NULL))
243 /* static int load_CA(SSL_CTX *ctx, char *file);*/
246 #define BUFSIZZ 16*1024
247 static int bufsize = BUFSIZZ;
248 static int accept_socket = -1;
250 #define TEST_CERT "server.pem"
251 #ifndef OPENSSL_NO_TLSEXT
252 # define TEST_CERT2 "server2.pem"
255 #define PROG s_server_main
257 extern int verify_depth;
259 static char *cipher = NULL;
260 static int s_server_verify = SSL_VERIFY_NONE;
261 static int s_server_session_id_context = 1; /* anything will do */
262 static const char *s_cert_file = TEST_CERT, *s_key_file = NULL;
263 #ifndef OPENSSL_NO_TLSEXT
264 static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
266 static char *s_dcert_file = NULL, *s_dkey_file = NULL;
268 static int s_nbio = 0;
270 static int s_nbio_test = 0;
272 static SSL_CTX *ctx = NULL;
273 #ifndef OPENSSL_NO_TLSEXT
274 static SSL_CTX *ctx2 = NULL;
278 static BIO *bio_s_out = NULL;
279 static int s_debug = 0;
280 #ifndef OPENSSL_NO_TLSEXT
281 static int s_tlsextdebug = 0;
282 static int s_tlsextstatus = 0;
283 static int cert_status_cb(SSL *s, void *arg);
285 static int s_msg = 0;
286 static int s_quiet = 0;
289 #ifndef OPENSSL_NO_ENGINE
290 static char *engine_id = NULL;
292 static const char *session_id_prefix = NULL;
294 static int enable_timeouts = 0;
295 static long socket_mtu;
296 #ifndef OPENSSL_NO_DTLS1
297 static int cert_chain = 0;
301 static void s_server_init(void)
305 s_server_verify = SSL_VERIFY_NONE;
308 s_cert_file = TEST_CERT;
310 # ifndef OPENSSL_NO_TLSEXT
311 s_cert_file2 = TEST_CERT2;
327 # ifndef OPENSSL_NO_ENGINE
333 static void sv_usage(void)
335 BIO_printf(bio_err, "usage: s_server [args ...]\n");
336 BIO_printf(bio_err, "\n");
338 " -accept arg - port to accept on (default is %d)\n", PORT);
339 BIO_printf(bio_err, " -context arg - set session ID context\n");
341 " -verify arg - turn on peer certificate verification\n");
343 " -Verify arg - turn on peer certificate verification, must have a cert.\n");
344 BIO_printf(bio_err, " -cert arg - certificate file to use\n");
345 BIO_printf(bio_err, " (default is %s)\n", TEST_CERT);
347 " -crl_check - check the peer certificate has not been revoked by its CA.\n"
348 " The CRL(s) are appended to the certificate file\n");
350 " -crl_check_all - check the peer certificate has not been revoked by its CA\n"
351 " or any other CRL in the CA chain. CRL(s) are appened to the\n"
352 " the certificate file.\n");
354 " -certform arg - certificate format (PEM or DER) PEM default\n");
356 " -key arg - Private Key file to use, in cert file if\n");
357 BIO_printf(bio_err, " not specified (default is %s)\n",
360 " -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
362 " -pass arg - private key file pass phrase source\n");
364 " -dcert arg - second certificate file to use (usually for DSA)\n");
366 " -dcertform x - second certificate format (PEM or DER) PEM default\n");
368 " -dkey arg - second private key file to use (usually for DSA)\n");
370 " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
372 " -dpass arg - second private key file pass phrase source\n");
374 " -dhparam arg - DH parameter file to use, in cert file if not specified\n");
376 " or a default set of parameters is used\n");
377 #ifndef OPENSSL_NO_ECDH
379 " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
380 " Use \"openssl ecparam -list_curves\" for all names\n"
381 " (default is sect163r2).\n");
384 BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n");
387 " -nbio_test - test with the non-blocking test bio\n");
389 " -crlf - convert LF from terminal into CRLF\n");
390 BIO_printf(bio_err, " -debug - Print more output\n");
391 BIO_printf(bio_err, " -msg - Show protocol messages\n");
392 BIO_printf(bio_err, " -state - Print the SSL states\n");
393 BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
394 BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
396 " -nocert - Don't use any certificates (Anon-DH)\n");
398 " -cipher arg - play with 'openssl ciphers' to see what goes here\n");
399 BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n");
400 BIO_printf(bio_err, " -quiet - No server output\n");
401 BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n");
402 BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
403 BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
404 BIO_printf(bio_err, " -tls1 - Just talk TLSv1\n");
405 BIO_printf(bio_err, " -dtls1 - Just talk DTLSv1\n");
406 BIO_printf(bio_err, " -timeout - Enable timeouts\n");
407 BIO_printf(bio_err, " -mtu - Set link layer MTU\n");
408 BIO_printf(bio_err, " -chain - Read a certificate chain\n");
409 BIO_printf(bio_err, " -no_ssl2 - Just disable SSLv2\n");
410 BIO_printf(bio_err, " -no_ssl3 - Just disable SSLv3\n");
411 BIO_printf(bio_err, " -no_tls1 - Just disable TLSv1\n");
412 #ifndef OPENSSL_NO_DH
413 BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n");
415 #ifndef OPENSSL_NO_ECDH
416 BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n");
418 BIO_printf(bio_err, " -bugs - Turn on SSL bug compatibility\n");
420 " -www - Respond to a 'GET /' with a status page\n");
422 " -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
424 " -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
426 " with the assumption it contains a complete HTTP response.\n");
427 #ifndef OPENSSL_NO_ENGINE
429 " -engine id - Initialise and use the specified engine\n");
432 " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
433 BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
434 LIST_SEPARATOR_CHAR);
435 #ifndef OPENSSL_NO_TLSEXT
437 " -servername host - servername for HostName TLS extension\n");
439 " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
441 " -cert2 arg - certificate file to use for servername\n");
442 BIO_printf(bio_err, " (default is %s)\n", TEST_CERT2);
444 " -key2 arg - Private Key file to use for servername, in cert file if\n");
445 BIO_printf(bio_err, " not specified (default is %s)\n",
448 " -tlsextdebug - hex dump of all TLS extensions received\n");
450 " -no_ticket - disable use of RFC4507bis session tickets\n");
452 " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
456 static int local_argc = 0;
457 static char **local_argv;
459 #ifdef CHARSET_EBCDIC
460 static int ebcdic_new(BIO *bi);
461 static int ebcdic_free(BIO *a);
462 static int ebcdic_read(BIO *b, char *out, int outl);
463 static int ebcdic_write(BIO *b, const char *in, int inl);
464 static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
465 static int ebcdic_gets(BIO *bp, char *buf, int size);
466 static int ebcdic_puts(BIO *bp, const char *str);
468 # define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
469 static BIO_METHOD methods_ebcdic = {
470 BIO_TYPE_EBCDIC_FILTER,
471 "EBCDIC/ASCII filter",
486 BIO_METHOD *BIO_f_ebcdic_filter()
488 return (&methods_ebcdic);
491 static int ebcdic_new(BIO *bi)
493 EBCDIC_OUTBUFF *wbuf;
495 wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
496 wbuf->alloced = 1024;
497 wbuf->buff[0] = '\0';
499 bi->ptr = (char *)wbuf;
505 static int ebcdic_free(BIO *a)
510 OPENSSL_free(a->ptr);
517 static int ebcdic_read(BIO *b, char *out, int outl)
521 if (out == NULL || outl == 0)
523 if (b->next_bio == NULL)
526 ret = BIO_read(b->next_bio, out, outl);
528 ascii2ebcdic(out, out, ret);
532 static int ebcdic_write(BIO *b, const char *in, int inl)
534 EBCDIC_OUTBUFF *wbuf;
539 if ((in == NULL) || (inl <= 0))
541 if (b->next_bio == NULL)
544 wbuf = (EBCDIC_OUTBUFF *) b->ptr;
546 if (inl > (num = wbuf->alloced)) {
547 num = num + num; /* double the size */
552 (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
555 wbuf->buff[0] = '\0';
557 b->ptr = (char *)wbuf;
560 ebcdic2ascii(wbuf->buff, in, inl);
562 ret = BIO_write(b->next_bio, wbuf->buff, inl);
567 static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
571 if (b->next_bio == NULL)
578 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
584 static int ebcdic_gets(BIO *bp, char *buf, int size)
587 if (bp->next_bio == NULL)
589 /* return(BIO_gets(bp->next_bio,buf,size));*/
590 for (i = 0; i < size - 1; ++i) {
591 ret = ebcdic_read(bp, &buf[i], 1);
594 else if (buf[i] == '\n') {
601 return (ret < 0 && i == 0) ? ret : i;
604 static int ebcdic_puts(BIO *bp, const char *str)
606 if (bp->next_bio == NULL)
608 return ebcdic_write(bp, str, strlen(str));
612 #ifndef OPENSSL_NO_TLSEXT
614 /* This is a context that we pass to callbacks */
615 typedef struct tlsextctx_st {
621 static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
623 tlsextctx *p = (tlsextctx *) arg;
624 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
625 if (servername && p->biodebug)
626 BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
630 return SSL_TLSEXT_ERR_NOACK;
633 if (strcasecmp(servername, p->servername))
634 return p->extension_error;
636 BIO_printf(p->biodebug, "Swiching server context.\n");
637 SSL_set_SSL_CTX(s, ctx2);
640 return SSL_TLSEXT_ERR_OK;
643 /* Structure passed to cert status callback */
645 typedef struct tlsextstatusctx_st {
646 /* Default responder to use */
647 char *host, *path, *port;
654 static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, NULL, 0 };
657 * Certificate Status callback. This is called when a client includes a
658 * certificate status request extension. This is a simplified version. It
659 * examines certificates each time and makes one OCSP responder query for
660 * each request. A full version would store details such as the OCSP
661 * certificate IDs and minimise the number of OCSP responses by caching them
662 * until they were considered "expired".
665 static int cert_status_cb(SSL *s, void *arg)
667 tlsextstatusctx *srctx = arg;
668 BIO *err = srctx->err;
669 char *host, *port, *path;
671 unsigned char *rspder = NULL;
675 X509_STORE_CTX inctx;
677 OCSP_REQUEST *req = NULL;
678 OCSP_RESPONSE *resp = NULL;
679 OCSP_CERTID *id = NULL;
680 STACK_OF(X509_EXTENSION) *exts;
681 int ret = SSL_TLSEXT_ERR_NOACK;
684 STACK_OF(OCSP_RESPID) *ids;
685 SSL_get_tlsext_status_ids(s, &ids);
686 BIO_printf(err, "cert_status: received %d ids\n",
687 sk_OCSP_RESPID_num(ids));
690 BIO_puts(err, "cert_status: callback called\n");
691 /* Build up OCSP query from server certificate */
692 x = SSL_get_certificate(s);
693 aia = X509_get1_ocsp(x);
695 if (!OCSP_parse_url(sk_value(aia, 0), &host, &port, &path, &use_ssl)) {
696 BIO_puts(err, "cert_status: can't parse AIA URL\n");
700 BIO_printf(err, "cert_status: AIA URL: %s\n", sk_value(aia, 0));
704 "cert_status: no AIA and no default responder URL\n");
710 use_ssl = srctx->use_ssl;
713 if (!X509_STORE_CTX_init(&inctx,
714 SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
717 if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
718 X509_get_issuer_name(x), &obj) <= 0) {
719 BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
720 X509_STORE_CTX_cleanup(&inctx);
723 req = OCSP_REQUEST_new();
726 id = OCSP_cert_to_id(NULL, x, obj.data.x509);
727 X509_free(obj.data.x509);
728 X509_STORE_CTX_cleanup(&inctx);
731 if (!OCSP_request_add0_id(req, id))
734 /* Add any extensions to the request */
735 SSL_get_tlsext_status_exts(s, &exts);
736 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
737 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
738 if (!OCSP_REQUEST_add_ext(req, ext, -1))
741 resp = process_responder(err, req, host, path, port, use_ssl,
744 BIO_puts(err, "cert_status: error querying responder\n");
747 rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
750 SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
751 if (srctx->verbose) {
752 BIO_puts(err, "cert_status: ocsp response sent:\n");
753 OCSP_RESPONSE_print(err, resp, 2);
755 ret = SSL_TLSEXT_ERR_OK;
757 if (ret != SSL_TLSEXT_ERR_OK)
758 ERR_print_errors(err);
763 X509_email_free(aia);
766 OCSP_CERTID_free(id);
768 OCSP_REQUEST_free(req);
770 OCSP_RESPONSE_free(resp);
773 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
777 int MAIN(int, char **);
779 #ifndef OPENSSL_NO_JPAKE
780 static char *jpake_secret = NULL;
783 int MAIN(int argc, char *argv[])
785 X509_STORE *store = NULL;
788 char *CApath = NULL, *CAfile = NULL;
789 unsigned char *context = NULL;
791 #ifndef OPENSSL_NO_ECDH
792 char *named_curve = NULL;
794 int badop = 0, bugs = 0;
797 int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
799 SSL_METHOD *meth = NULL;
800 int socket_type = SOCK_STREAM;
803 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
804 char *passarg = NULL, *pass = NULL;
805 char *dpassarg = NULL, *dpass = NULL;
806 int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
807 X509 *s_cert = NULL, *s_dcert = NULL;
808 EVP_PKEY *s_key = NULL, *s_dkey = NULL;
810 #ifndef OPENSSL_NO_TLSEXT
811 EVP_PKEY *s_key2 = NULL;
812 X509 *s_cert2 = NULL;
814 #ifndef OPENSSL_NO_TLSEXT
815 tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
818 meth = SSLv23_server_method();
829 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
831 if (!load_config(bio_err, NULL))
844 if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
847 if (!extract_port(*(++argv), &port))
849 } else if (strcmp(*argv, "-verify") == 0) {
850 s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
853 verify_depth = atoi(*(++argv));
854 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
855 } else if (strcmp(*argv, "-Verify") == 0) {
857 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
858 SSL_VERIFY_CLIENT_ONCE;
861 verify_depth = atoi(*(++argv));
863 "verify depth is %d, must return a certificate\n",
865 } else if (strcmp(*argv, "-context") == 0) {
868 context = (unsigned char *)*(++argv);
869 } else if (strcmp(*argv, "-cert") == 0) {
872 s_cert_file = *(++argv);
873 } else if (strcmp(*argv, "-certform") == 0) {
876 s_cert_format = str2fmt(*(++argv));
877 } else if (strcmp(*argv, "-key") == 0) {
880 s_key_file = *(++argv);
881 } else if (strcmp(*argv, "-keyform") == 0) {
884 s_key_format = str2fmt(*(++argv));
885 } else if (strcmp(*argv, "-pass") == 0) {
889 } else if (strcmp(*argv, "-dhparam") == 0) {
894 #ifndef OPENSSL_NO_ECDH
895 else if (strcmp(*argv, "-named_curve") == 0) {
898 named_curve = *(++argv);
901 else if (strcmp(*argv, "-dcertform") == 0) {
904 s_dcert_format = str2fmt(*(++argv));
905 } else if (strcmp(*argv, "-dcert") == 0) {
908 s_dcert_file = *(++argv);
909 } else if (strcmp(*argv, "-dkeyform") == 0) {
912 s_dkey_format = str2fmt(*(++argv));
913 } else if (strcmp(*argv, "-dpass") == 0) {
916 dpassarg = *(++argv);
917 } else if (strcmp(*argv, "-dkey") == 0) {
920 s_dkey_file = *(++argv);
921 } else if (strcmp(*argv, "-nocert") == 0) {
923 } else if (strcmp(*argv, "-CApath") == 0) {
927 } else if (strcmp(*argv, "-no_cache") == 0)
929 else if (strcmp(*argv, "-crl_check") == 0) {
930 vflags |= X509_V_FLAG_CRL_CHECK;
931 } else if (strcmp(*argv, "-crl_check_all") == 0) {
932 vflags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
933 } else if (strcmp(*argv, "-serverpref") == 0) {
934 off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
935 } else if (strcmp(*argv, "-legacy_renegotiation") == 0)
936 off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
937 else if (strcmp(*argv, "-cipher") == 0) {
941 } else if (strcmp(*argv, "-CAfile") == 0) {
947 else if (strcmp(*argv, "-nbio") == 0) {
951 else if (strcmp(*argv, "-nbio_test") == 0) {
956 } else if (strcmp(*argv, "-debug") == 0) {
959 #ifndef OPENSSL_NO_TLSEXT
960 else if (strcmp(*argv, "-tlsextdebug") == 0)
962 else if (strcmp(*argv, "-status") == 0)
964 else if (strcmp(*argv, "-status_verbose") == 0) {
966 tlscstatp.verbose = 1;
967 } else if (!strcmp(*argv, "-status_timeout")) {
971 tlscstatp.timeout = atoi(*(++argv));
972 } else if (!strcmp(*argv, "-status_url")) {
976 if (!OCSP_parse_url(*(++argv),
979 &tlscstatp.path, &tlscstatp.use_ssl)) {
980 BIO_printf(bio_err, "Error parsing URL\n");
985 else if (strcmp(*argv, "-msg") == 0) {
987 } else if (strcmp(*argv, "-hack") == 0) {
989 } else if (strcmp(*argv, "-state") == 0) {
991 } else if (strcmp(*argv, "-crlf") == 0) {
993 } else if (strcmp(*argv, "-quiet") == 0) {
995 } else if (strcmp(*argv, "-bugs") == 0) {
997 } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
999 } else if (strcmp(*argv, "-no_dhe") == 0) {
1001 } else if (strcmp(*argv, "-no_ecdhe") == 0) {
1003 } else if (strcmp(*argv, "-www") == 0) {
1005 } else if (strcmp(*argv, "-WWW") == 0) {
1007 } else if (strcmp(*argv, "-HTTP") == 0) {
1009 } else if (strcmp(*argv, "-no_ssl2") == 0) {
1010 off |= SSL_OP_NO_SSLv2;
1011 } else if (strcmp(*argv, "-no_ssl3") == 0) {
1012 off |= SSL_OP_NO_SSLv3;
1013 } else if (strcmp(*argv, "-no_tls1") == 0) {
1014 off |= SSL_OP_NO_TLSv1;
1016 #ifndef OPENSSL_NO_TLSEXT
1017 else if (strcmp(*argv, "-no_ticket") == 0) {
1018 off |= SSL_OP_NO_TICKET;
1021 #ifndef OPENSSL_NO_SSL2
1022 else if (strcmp(*argv, "-ssl2") == 0) {
1023 meth = SSLv2_server_method();
1026 #ifndef OPENSSL_NO_SSL3
1027 else if (strcmp(*argv, "-ssl3") == 0) {
1028 meth = SSLv3_server_method();
1031 #ifndef OPENSSL_NO_TLS1
1032 else if (strcmp(*argv, "-tls1") == 0) {
1033 meth = TLSv1_server_method();
1036 #ifndef OPENSSL_NO_DTLS1
1037 else if (strcmp(*argv, "-dtls1") == 0) {
1038 meth = DTLSv1_server_method();
1039 socket_type = SOCK_DGRAM;
1040 } else if (strcmp(*argv, "-timeout") == 0)
1041 enable_timeouts = 1;
1042 else if (strcmp(*argv, "-mtu") == 0) {
1045 socket_mtu = atol(*(++argv));
1046 } else if (strcmp(*argv, "-chain") == 0)
1049 else if (strcmp(*argv, "-id_prefix") == 0) {
1052 session_id_prefix = *(++argv);
1054 #ifndef OPENSSL_NO_ENGINE
1055 else if (strcmp(*argv, "-engine") == 0) {
1058 engine_id = *(++argv);
1061 else if (strcmp(*argv, "-rand") == 0) {
1066 #ifndef OPENSSL_NO_TLSEXT
1067 else if (strcmp(*argv, "-servername") == 0) {
1070 tlsextcbp.servername = *(++argv);
1071 } else if (strcmp(*argv, "-servername_fatal") == 0) {
1072 tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
1073 } else if (strcmp(*argv, "-cert2") == 0) {
1076 s_cert_file2 = *(++argv);
1077 } else if (strcmp(*argv, "-key2") == 0) {
1080 s_key_file2 = *(++argv);
1083 #ifndef OPENSSL_NO_JPAKE
1084 else if (strcmp(*argv, "-jpake") == 0) {
1087 jpake_secret = *(++argv);
1091 BIO_printf(bio_err, "unknown option %s\n", *argv);
1103 #ifndef OPENSSL_NO_DTLS1
1104 if (www && socket_type == SOCK_DGRAM) {
1105 BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n");
1110 SSL_load_error_strings();
1111 OpenSSL_add_ssl_algorithms();
1113 #ifndef OPENSSL_NO_ENGINE
1114 e = setup_engine(bio_err, engine_id, 1);
1117 if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
1118 BIO_printf(bio_err, "Error getting password\n");
1122 if (s_key_file == NULL)
1123 s_key_file = s_cert_file;
1124 #ifndef OPENSSL_NO_TLSEXT
1125 if (s_key_file2 == NULL)
1126 s_key_file2 = s_cert_file2;
1130 s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
1131 "server certificate private key file");
1133 ERR_print_errors(bio_err);
1137 s_cert = load_cert(bio_err, s_cert_file, s_cert_format,
1138 NULL, e, "server certificate file");
1141 ERR_print_errors(bio_err);
1144 #ifndef OPENSSL_NO_TLSEXT
1145 if (tlsextcbp.servername) {
1146 s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
1147 "second server certificate private key file");
1149 ERR_print_errors(bio_err);
1153 s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format,
1154 NULL, e, "second server certificate file");
1157 ERR_print_errors(bio_err);
1165 if (s_dkey_file == NULL)
1166 s_dkey_file = s_dcert_file;
1168 s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
1169 0, dpass, e, "second certificate private key file");
1171 ERR_print_errors(bio_err);
1175 s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format,
1176 NULL, e, "second server certificate file");
1179 ERR_print_errors(bio_err);
1185 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1186 && !RAND_status()) {
1188 "warning, not much extra random data, consider using the -rand option\n");
1191 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
1192 app_RAND_load_files(inrand));
1194 if (bio_s_out == NULL) {
1195 if (s_quiet && !s_debug && !s_msg) {
1196 bio_s_out = BIO_new(BIO_s_null());
1198 if (bio_s_out == NULL)
1199 bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
1202 #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1208 s_dcert_file = NULL;
1210 #ifndef OPENSSL_NO_TLSEXT
1211 s_cert_file2 = NULL;
1216 ctx = SSL_CTX_new(meth);
1218 ERR_print_errors(bio_err);
1221 if (session_id_prefix) {
1222 if (strlen(session_id_prefix) >= 32)
1224 "warning: id_prefix is too long, only one new session will be possible\n");
1225 else if (strlen(session_id_prefix) >= 16)
1227 "warning: id_prefix is too long if you use SSLv2\n");
1228 if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
1229 BIO_printf(bio_err, "error setting 'id_prefix'\n");
1230 ERR_print_errors(bio_err);
1233 BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
1235 SSL_CTX_set_quiet_shutdown(ctx, 1);
1237 SSL_CTX_set_options(ctx, SSL_OP_ALL);
1239 SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1240 SSL_CTX_set_options(ctx, off);
1242 * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
1243 * read ahead solves this problem.
1245 if (socket_type == SOCK_DGRAM)
1246 SSL_CTX_set_read_ahead(ctx, 1);
1249 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
1251 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
1253 SSL_CTX_sess_set_cache_size(ctx, 128);
1257 cipher = getenv("SSL_CIPHER");
1261 if (s_cert_file == NULL) {
1263 "You must specify a certificate file for the server to use\n");
1268 if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
1269 (!SSL_CTX_set_default_verify_paths(ctx))) {
1270 /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
1271 ERR_print_errors(bio_err);
1274 store = SSL_CTX_get_cert_store(ctx);
1275 X509_STORE_set_flags(store, vflags);
1276 #ifndef OPENSSL_NO_TLSEXT
1278 ctx2 = SSL_CTX_new(meth);
1280 ERR_print_errors(bio_err);
1286 BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
1288 if (session_id_prefix) {
1289 if (strlen(session_id_prefix) >= 32)
1291 "warning: id_prefix is too long, only one new session will be possible\n");
1292 else if (strlen(session_id_prefix) >= 16)
1294 "warning: id_prefix is too long if you use SSLv2\n");
1295 if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
1296 BIO_printf(bio_err, "error setting 'id_prefix'\n");
1297 ERR_print_errors(bio_err);
1300 BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
1302 SSL_CTX_set_quiet_shutdown(ctx2, 1);
1304 SSL_CTX_set_options(ctx2, SSL_OP_ALL);
1306 SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1307 SSL_CTX_set_options(ctx2, off);
1310 * DTLS: partial reads end up discarding unread UDP bytes :-(
1311 * Setting read ahead solves this problem.
1313 if (socket_type == SOCK_DGRAM)
1314 SSL_CTX_set_read_ahead(ctx2, 1);
1317 SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
1320 SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
1322 SSL_CTX_sess_set_cache_size(ctx2, 128);
1324 if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
1325 (!SSL_CTX_set_default_verify_paths(ctx2))) {
1326 ERR_print_errors(bio_err);
1328 store = SSL_CTX_get_cert_store(ctx2);
1329 X509_STORE_set_flags(store, vflags);
1333 #ifndef OPENSSL_NO_DH
1338 dh = load_dh_param(dhfile);
1339 else if (s_cert_file)
1340 dh = load_dh_param(s_cert_file);
1343 BIO_printf(bio_s_out, "Setting temp DH parameters\n");
1345 BIO_printf(bio_s_out, "Using default temp DH parameters\n");
1348 (void)BIO_flush(bio_s_out);
1350 SSL_CTX_set_tmp_dh(ctx, dh);
1351 # ifndef OPENSSL_NO_TLSEXT
1354 DH *dh2 = load_dh_param(s_cert_file2);
1356 BIO_printf(bio_s_out, "Setting temp DH parameters\n");
1357 (void)BIO_flush(bio_s_out);
1363 SSL_CTX_set_tmp_dh(ctx2, dh);
1370 #ifndef OPENSSL_NO_ECDH
1372 EC_KEY *ecdh = NULL;
1375 int nid = OBJ_sn2nid(named_curve);
1378 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
1381 ecdh = EC_KEY_new_by_curve_name(nid);
1383 BIO_printf(bio_err, "unable to create curve (%s)\n",
1390 BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
1392 BIO_printf(bio_s_out, "Using default temp ECDH parameters\n");
1393 ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
1395 BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
1399 (void)BIO_flush(bio_s_out);
1401 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
1402 # ifndef OPENSSL_NO_TLSEXT
1404 SSL_CTX_set_tmp_ecdh(ctx2, ecdh);
1410 if (!set_cert_key_stuff(ctx, s_cert, s_key))
1412 #ifndef OPENSSL_NO_TLSEXT
1413 if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2))
1416 if (s_dcert != NULL) {
1417 if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
1420 #ifndef OPENSSL_NO_RSA
1423 SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
1424 # ifndef OPENSSL_NO_TLSEXT
1426 SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
1430 if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) {
1433 BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key...");
1434 BIO_flush(bio_s_out);
1436 rsa = RSA_generate_key(512, RSA_F4, NULL);
1438 if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
1439 ERR_print_errors(bio_err);
1442 # ifndef OPENSSL_NO_TLSEXT
1444 if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) {
1445 ERR_print_errors(bio_err);
1451 BIO_printf(bio_s_out, "\n");
1457 if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
1458 BIO_printf(bio_err, "error setting cipher list\n");
1459 ERR_print_errors(bio_err);
1461 #ifndef OPENSSL_NO_TLSEXT
1462 if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) {
1463 BIO_printf(bio_err, "error setting cipher list\n");
1464 ERR_print_errors(bio_err);
1469 SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
1470 SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
1471 sizeof s_server_session_id_context);
1473 /* Set DTLS cookie generation and verification callbacks */
1474 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
1475 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
1477 #ifndef OPENSSL_NO_TLSEXT
1479 SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
1480 SSL_CTX_set_session_id_context(ctx2,
1481 (void *)&s_server_session_id_context,
1482 sizeof s_server_session_id_context);
1484 tlsextcbp.biodebug = bio_s_out;
1485 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
1486 SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
1487 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1488 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1491 if (CAfile != NULL) {
1492 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
1493 #ifndef OPENSSL_NO_TLSEXT
1495 SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
1498 BIO_printf(bio_s_out, "ACCEPT\n");
1500 do_server(port, socket_type, &accept_socket, www_body, context);
1502 do_server(port, socket_type, &accept_socket, sv_body, context);
1503 print_stats(bio_s_out, ctx);
1513 EVP_PKEY_free(s_key);
1515 EVP_PKEY_free(s_dkey);
1519 OPENSSL_free(dpass);
1520 #ifndef OPENSSL_NO_TLSEXT
1522 OPENSSL_free(tlscstatp.host);
1524 OPENSSL_free(tlscstatp.port);
1526 OPENSSL_free(tlscstatp.path);
1532 EVP_PKEY_free(s_key2);
1534 if (bio_s_out != NULL) {
1535 BIO_free(bio_s_out);
1542 static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
1544 BIO_printf(bio, "%4ld items in the session cache\n",
1545 SSL_CTX_sess_number(ssl_ctx));
1546 BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
1547 SSL_CTX_sess_connect(ssl_ctx));
1548 BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
1549 SSL_CTX_sess_connect_renegotiate(ssl_ctx));
1550 BIO_printf(bio, "%4ld client connects that finished\n",
1551 SSL_CTX_sess_connect_good(ssl_ctx));
1552 BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
1553 SSL_CTX_sess_accept(ssl_ctx));
1554 BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
1555 SSL_CTX_sess_accept_renegotiate(ssl_ctx));
1556 BIO_printf(bio, "%4ld server accepts that finished\n",
1557 SSL_CTX_sess_accept_good(ssl_ctx));
1558 BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
1559 BIO_printf(bio, "%4ld session cache misses\n",
1560 SSL_CTX_sess_misses(ssl_ctx));
1561 BIO_printf(bio, "%4ld session cache timeouts\n",
1562 SSL_CTX_sess_timeouts(ssl_ctx));
1563 BIO_printf(bio, "%4ld callback cache hits\n",
1564 SSL_CTX_sess_cb_hits(ssl_ctx));
1565 BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
1566 SSL_CTX_sess_cache_full(ssl_ctx),
1567 SSL_CTX_sess_get_cache_size(ssl_ctx));
1570 static int sv_body(char *hostname, int s, unsigned char *context)
1579 struct timeval timeout;
1580 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
1583 struct timeval *timeoutp;
1586 if ((buf = OPENSSL_malloc(bufsize)) == NULL) {
1587 BIO_printf(bio_err, "out of memory\n");
1592 unsigned long sl = 1;
1595 BIO_printf(bio_err, "turning on non blocking io\n");
1596 if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
1597 ERR_print_errors(bio_err);
1603 #ifndef OPENSSL_NO_TLSEXT
1604 if (s_tlsextdebug) {
1605 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1606 SSL_set_tlsext_debug_arg(con, bio_s_out);
1608 if (s_tlsextstatus) {
1609 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
1610 tlscstatp.err = bio_err;
1611 SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
1614 #ifndef OPENSSL_NO_KRB5
1615 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) {
1616 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
1617 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
1619 #endif /* OPENSSL_NO_KRB5 */
1621 SSL_set_session_id_context(con, context, strlen((char *)context));
1625 if (SSL_version(con) == DTLS1_VERSION) {
1627 sbio = BIO_new_dgram(s, BIO_NOCLOSE);
1629 if (enable_timeouts) {
1631 timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1632 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
1635 timeout.tv_usec = DGRAM_SND_TIMEOUT;
1636 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
1639 if (socket_mtu > 28) {
1640 SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1641 SSL_set_mtu(con, socket_mtu - 28);
1643 /* want to do MTU discovery */
1644 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1646 /* turn on cookie exchange */
1647 SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
1649 sbio = BIO_new_socket(s, BIO_NOCLOSE);
1654 test = BIO_new(BIO_f_nbio_test());
1655 sbio = BIO_push(test, sbio);
1657 #ifndef OPENSSL_NO_JPAKE
1659 jpake_server_auth(bio_s_out, sbio, jpake_secret);
1662 SSL_set_bio(con, sbio, sbio);
1663 SSL_set_accept_state(con);
1664 /* SSL_set_fd(con,s); */
1668 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
1669 BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
1672 SSL_set_msg_callback(con, msg_cb);
1673 SSL_set_msg_callback_arg(con, bio_s_out);
1675 #ifndef OPENSSL_NO_TLSEXT
1676 if (s_tlsextdebug) {
1677 SSL_set_tlsext_debug_callback(con, tlsext_cb);
1678 SSL_set_tlsext_debug_arg(con, bio_s_out);
1684 int read_from_terminal;
1685 int read_from_sslcon;
1687 read_from_terminal = 0;
1688 read_from_sslcon = SSL_pending(con);
1690 if (!read_from_sslcon) {
1692 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
1693 FD_SET(fileno(stdin), &readfds);
1695 FD_SET(s, &readfds);
1697 * Note: under VMS with SOCKETSHR the second parameter is
1698 * currently of type (int *) whereas under other systems it is
1699 * (void *) if you don't have a cast it will choke the compiler:
1700 * if you do have a cast then you can either go for (int *) or
1703 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
1705 * Under DOS (non-djgpp) and Windows we can't select on stdin:
1706 * only on sockets. As a workaround we timeout the select every
1707 * second and check for any keypress. In a proper Windows
1708 * application we wouldn't do this because it is inefficient.
1712 i = select(width, (void *)&readfds, NULL, NULL, &tv);
1713 if ((i < 0) || (!i && !_kbhit()))
1716 read_from_terminal = 1;
1718 if ((SSL_version(con) == DTLS1_VERSION) &&
1719 DTLSv1_get_timeout(con, &timeout))
1720 timeoutp = &timeout;
1724 i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
1726 if ((SSL_version(con) == DTLS1_VERSION)
1727 && DTLSv1_handle_timeout(con) > 0) {
1728 BIO_printf(bio_err, "TIMEOUT occured\n");
1733 if (FD_ISSET(fileno(stdin), &readfds))
1734 read_from_terminal = 1;
1736 if (FD_ISSET(s, &readfds))
1737 read_from_sslcon = 1;
1739 if (read_from_terminal) {
1743 i = read(fileno(stdin), buf, bufsize / 2);
1745 /* both loops are skipped when i <= 0 */
1746 for (j = 0; j < i; j++)
1749 for (j = i - 1; j >= 0; j--) {
1750 buf[j + lf_num] = buf[j];
1751 if (buf[j] == '\n') {
1754 buf[j + lf_num] = '\r';
1757 assert(lf_num == 0);
1759 i = read(fileno(stdin), buf, bufsize);
1761 if ((i <= 0) || (buf[0] == 'Q')) {
1762 BIO_printf(bio_s_out, "DONE\n");
1764 close_accept_socket();
1768 if ((i <= 0) || (buf[0] == 'q')) {
1769 BIO_printf(bio_s_out, "DONE\n");
1770 if (SSL_version(con) != DTLS1_VERSION)
1773 * close_accept_socket(); ret= -11;
1777 if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
1778 SSL_renegotiate(con);
1779 i = SSL_do_handshake(con);
1780 printf("SSL_do_handshake -> %d\n", i);
1784 * strcpy(buf,"server side RE-NEGOTIATE\n");
1787 if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
1789 SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
1791 SSL_renegotiate(con);
1792 i = SSL_do_handshake(con);
1793 printf("SSL_do_handshake -> %d\n", i);
1797 * strcpy(buf,"server side RE-NEGOTIATE asking for client
1801 if (buf[0] == 'P') {
1802 static const char *str = "Lets print some clear text\n";
1803 BIO_write(SSL_get_wbio(con), str, strlen(str));
1805 if (buf[0] == 'S') {
1806 print_stats(bio_s_out, SSL_get_SSL_CTX(con));
1809 #ifdef CHARSET_EBCDIC
1810 ebcdic2ascii(buf, buf, i);
1814 /* should do a select for the write */
1818 if (++count == 100) {
1820 SSL_renegotiate(con);
1824 k = SSL_write(con, &(buf[l]), (unsigned int)i);
1825 switch (SSL_get_error(con, k)) {
1826 case SSL_ERROR_NONE:
1828 case SSL_ERROR_WANT_WRITE:
1829 case SSL_ERROR_WANT_READ:
1830 case SSL_ERROR_WANT_X509_LOOKUP:
1831 BIO_printf(bio_s_out, "Write BLOCK\n");
1833 case SSL_ERROR_SYSCALL:
1835 BIO_printf(bio_s_out, "ERROR\n");
1836 ERR_print_errors(bio_err);
1840 case SSL_ERROR_ZERO_RETURN:
1841 BIO_printf(bio_s_out, "DONE\n");
1851 if (read_from_sslcon) {
1852 if (!SSL_is_init_finished(con)) {
1853 i = init_ssl_connection(con);
1858 } else if (i == 0) {
1864 i = SSL_read(con, (char *)buf, bufsize);
1865 switch (SSL_get_error(con, i)) {
1866 case SSL_ERROR_NONE:
1867 #ifdef CHARSET_EBCDIC
1868 ascii2ebcdic(buf, buf, i);
1870 if (write(fileno(stdout), buf, (unsigned int)i) != i)
1873 if (SSL_pending(con))
1876 case SSL_ERROR_WANT_WRITE:
1877 case SSL_ERROR_WANT_READ:
1878 case SSL_ERROR_WANT_X509_LOOKUP:
1879 BIO_printf(bio_s_out, "Read BLOCK\n");
1881 case SSL_ERROR_SYSCALL:
1883 BIO_printf(bio_s_out, "ERROR\n");
1884 ERR_print_errors(bio_err);
1887 case SSL_ERROR_ZERO_RETURN:
1888 BIO_printf(bio_s_out, "DONE\n");
1896 BIO_printf(bio_s_out, "shutting down SSL\n");
1898 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
1904 BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
1906 OPENSSL_cleanse(buf, bufsize);
1910 BIO_printf(bio_s_out, "ACCEPT\n");
1914 static void close_accept_socket(void)
1916 BIO_printf(bio_err, "shutdown accept socket\n");
1917 if (accept_socket >= 0) {
1918 SHUTDOWN2(accept_socket);
1922 static int init_ssl_connection(SSL *con)
1928 MS_STATIC char buf[BUFSIZ];
1930 if ((i = SSL_accept(con)) <= 0) {
1931 if (BIO_sock_should_retry(i)) {
1932 BIO_printf(bio_s_out, "DELAY\n");
1936 BIO_printf(bio_err, "ERROR\n");
1937 verify_error = SSL_get_verify_result(con);
1938 if (verify_error != X509_V_OK) {
1939 BIO_printf(bio_err, "verify error:%s\n",
1940 X509_verify_cert_error_string(verify_error));
1942 ERR_print_errors(bio_err);
1946 PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
1948 peer = SSL_get_peer_certificate(con);
1950 BIO_printf(bio_s_out, "Client certificate\n");
1951 PEM_write_bio_X509(bio_s_out, peer);
1952 X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
1953 BIO_printf(bio_s_out, "subject=%s\n", buf);
1954 X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
1955 BIO_printf(bio_s_out, "issuer=%s\n", buf);
1959 if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
1960 BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
1961 str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
1962 BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
1964 BIO_printf(bio_s_out, "Reused session-id\n");
1965 if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
1966 TLS1_FLAGS_TLS_PADDING_BUG)
1967 BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
1968 #ifndef OPENSSL_NO_KRB5
1969 if (con->kssl_ctx->client_princ != NULL) {
1970 BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
1971 con->kssl_ctx->client_princ);
1973 #endif /* OPENSSL_NO_KRB5 */
1974 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
1975 SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
1979 #ifndef OPENSSL_NO_DH
1980 static DH *load_dh_param(const char *dhfile)
1985 if ((bio = BIO_new_file(dhfile, "r")) == NULL)
1987 ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1996 static int load_CA(SSL_CTX *ctx, char *file)
2001 if ((in = fopen(file, "r")) == NULL)
2005 if (PEM_read_X509(in, &x, NULL) == NULL)
2007 SSL_CTX_add_client_CA(ctx, x);
2016 static int www_body(char *hostname, int s, unsigned char *context)
2024 BIO *io, *ssl_bio, *sbio;
2029 buf = OPENSSL_malloc(bufsize);
2032 io = BIO_new(BIO_f_buffer());
2033 ssl_bio = BIO_new(BIO_f_ssl());
2034 if ((io == NULL) || (ssl_bio == NULL))
2039 unsigned long sl = 1;
2042 BIO_printf(bio_err, "turning on non blocking io\n");
2043 if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
2044 ERR_print_errors(bio_err);
2048 /* lets make the output buffer a reasonable size */
2049 if (!BIO_set_write_buffer_size(io, bufsize))
2052 if ((con = SSL_new(ctx)) == NULL)
2054 #ifndef OPENSSL_NO_TLSEXT
2055 if (s_tlsextdebug) {
2056 SSL_set_tlsext_debug_callback(con, tlsext_cb);
2057 SSL_set_tlsext_debug_arg(con, bio_s_out);
2060 #ifndef OPENSSL_NO_KRB5
2061 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) {
2062 kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
2063 kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
2065 #endif /* OPENSSL_NO_KRB5 */
2067 SSL_set_session_id_context(con, context, strlen((char *)context));
2069 sbio = BIO_new_socket(s, BIO_NOCLOSE);
2073 test = BIO_new(BIO_f_nbio_test());
2074 sbio = BIO_push(test, sbio);
2076 SSL_set_bio(con, sbio, sbio);
2077 SSL_set_accept_state(con);
2079 /* SSL_set_fd(con,s); */
2080 BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
2081 BIO_push(io, ssl_bio);
2082 #ifdef CHARSET_EBCDIC
2083 io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
2088 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
2089 BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
2092 SSL_set_msg_callback(con, msg_cb);
2093 SSL_set_msg_callback_arg(con, bio_s_out);
2098 i = SSL_accept(con);
2100 switch (SSL_get_error(con, i)) {
2101 case SSL_ERROR_NONE:
2103 case SSL_ERROR_WANT_WRITE:
2104 case SSL_ERROR_WANT_READ:
2105 case SSL_ERROR_WANT_X509_LOOKUP:
2107 case SSL_ERROR_SYSCALL:
2109 case SSL_ERROR_ZERO_RETURN:
2115 SSL_renegotiate(con);
2116 SSL_write(con, NULL, 0);
2119 i = BIO_gets(io, buf, bufsize - 1);
2120 if (i < 0) { /* error */
2121 if (!BIO_should_retry(io)) {
2123 ERR_print_errors(bio_err);
2126 BIO_printf(bio_s_out, "read R BLOCK\n");
2127 #if defined(OPENSSL_SYS_NETWARE)
2129 #elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
2134 } else if (i == 0) { /* end of input */
2139 /* else we have data */
2140 if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
2141 ((www == 2) && (strncmp("GET /stats ", buf, 10) == 0))) {
2144 STACK_OF(SSL_CIPHER) *sk;
2145 static const char *space = " ";
2148 "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
2149 BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
2150 BIO_puts(io, "<pre>\n");
2151 /* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
2153 for (i = 0; i < local_argc; i++) {
2154 BIO_puts(io, local_argv[i]);
2155 BIO_write(io, " ", 1);
2160 * The following is evil and should not really be done
2162 BIO_printf(io, "Ciphers supported in s_server binary\n");
2163 sk = SSL_get_ciphers(con);
2164 j = sk_SSL_CIPHER_num(sk);
2165 for (i = 0; i < j; i++) {
2166 c = sk_SSL_CIPHER_value(sk, i);
2167 BIO_printf(io, "%-11s:%-25s",
2168 SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
2169 if ((((i + 1) % 2) == 0) && (i + 1 != j))
2173 p = SSL_get_shared_ciphers(con, buf, bufsize);
2176 "---\nCiphers common between both SSL end points:\n");
2180 BIO_write(io, space, 26 - j);
2183 BIO_write(io, ((i % 3) ? " " : "\n"), 1);
2185 BIO_write(io, p, 1);
2192 BIO_printf(io, ((con->hit)
2193 ? "---\nReused, " : "---\nNew, "));
2194 c = SSL_get_current_cipher(con);
2195 BIO_printf(io, "%s, Cipher is %s\n",
2196 SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
2197 SSL_SESSION_print(io, SSL_get_session(con));
2198 BIO_printf(io, "---\n");
2199 print_stats(io, SSL_get_SSL_CTX(con));
2200 BIO_printf(io, "---\n");
2201 peer = SSL_get_peer_certificate(con);
2203 BIO_printf(io, "Client certificate\n");
2204 X509_print(io, peer);
2205 PEM_write_bio_X509(io, peer);
2207 BIO_puts(io, "no client certificate available\n");
2208 BIO_puts(io, "</BODY></HTML>\r\n\r\n");
2210 } else if ((www == 2 || www == 3)
2211 && (strncmp("GET /", buf, 5) == 0)) {
2214 static const char *text =
2215 "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
2221 for (e = p; *e != '\0'; e++) {
2227 dot = (e[0] == '.') ? 2 : 0;
2230 dot = (e[0] == '.') ? 3 : 0;
2233 dot = (e[0] == '/') ? -1 : 0;
2237 dot = (e[0] == '/') ? 1 : 0;
2239 dot = (dot == 3) || (dot == -1); /* filename contains ".."
2244 BIO_printf(io, "'%s' is an invalid file name\r\n", p);
2251 BIO_printf(io, "'%s' contains '..' reference\r\n", p);
2257 BIO_printf(io, "'%s' is an invalid path\r\n", p);
2261 /* append if a directory lookup */
2263 strcat(p, "index.html");
2266 /* if a directory, do the index thang */
2267 if (stat(p, &st_buf) < 0) {
2269 BIO_printf(io, "Error accessing '%s'\r\n", p);
2270 ERR_print_errors(io);
2273 if (S_ISDIR(st_buf.st_mode)) {
2274 #if 0 /* must check buffer size */
2275 strcat(p, "/index.html");
2278 BIO_printf(io, "'%s' is a directory\r\n", p);
2283 if ((file = BIO_new_file(p, "r")) == NULL) {
2285 BIO_printf(io, "Error opening '%s'\r\n", p);
2286 ERR_print_errors(io);
2291 BIO_printf(bio_err, "FILE:%s\n", p);
2295 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
2296 ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
2297 ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
2299 "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
2302 "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
2309 i = BIO_read(file, buf, bufsize);
2315 fprintf(stderr, "%d\n", i);
2316 if (total_bytes > 3 * 1024) {
2318 fprintf(stderr, "RENEGOTIATE\n");
2319 SSL_renegotiate(con);
2323 for (j = 0; j < i;) {
2327 if (++count == 13) {
2328 SSL_renegotiate(con);
2332 k = BIO_write(io, &(buf[j]), i - j);
2334 if (!BIO_should_retry(io))
2337 BIO_printf(bio_s_out, "rwrite W BLOCK\n");
2351 i = (int)BIO_flush(io);
2353 if (!BIO_should_retry(io))
2360 /* make sure we re-use sessions */
2361 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2363 /* This kills performance */
2365 * SSL_shutdown(con); A shutdown gets sent in the BIO_free_all(io)
2373 BIO_printf(bio_s_out, "ACCEPT\n");
2379 /* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
2383 #ifndef OPENSSL_NO_RSA
2384 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2387 static RSA *rsa_tmp = NULL;
2389 if (!rsa_tmp && ((bn = BN_new()) == NULL))
2390 BIO_printf(bio_err, "Allocation error in generating RSA key\n");
2391 if (!rsa_tmp && bn) {
2393 BIO_printf(bio_err, "Generating temp (%d bit) RSA key...",
2395 (void)BIO_flush(bio_err);
2397 if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
2398 !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
2404 BIO_printf(bio_err, "\n");
2405 (void)BIO_flush(bio_err);
2413 #define MAX_SESSION_ID_ATTEMPTS 10
2414 static int generate_session_id(const SSL *ssl, unsigned char *id,
2415 unsigned int *id_len)
2417 unsigned int count = 0;
2419 RAND_pseudo_bytes(id, *id_len);
2421 * Prefix the session_id with the required prefix. NB: If our prefix
2422 * is too long, clip it - but there will be worse effects anyway, eg.
2423 * the server could only possibly create 1 session ID (ie. the
2424 * prefix!) so all future session negotiations will fail due to
2427 memcpy(id, session_id_prefix,
2428 (strlen(session_id_prefix) < *id_len) ?
2429 strlen(session_id_prefix) : *id_len);
2431 while (SSL_has_matching_session_id(ssl, id, *id_len) &&
2432 (++count < MAX_SESSION_ID_ATTEMPTS));
2433 if (count >= MAX_SESSION_ID_ATTEMPTS)