diff options
| author | Geoff Thorpe <geoff@openssl.org> | 2014-04-26 01:22:54 -0400 |
|---|---|---|
| committer | Geoff Thorpe <geoff@openssl.org> | 2014-05-08 22:07:09 -0400 |
| commit | a935132099af20a8a742d30f8edcb613e73a368d (patch) | |
| tree | 9be58c34b66173e2e69a4c00d03fbda8d6dfb809 /apps/s_apps.h | |
| parent | b6e69d284b79097d0d9e39996cbe59eae6bb36e2 (diff) | |
s_client/s_server: support unix domain sockets
The "-unix <path>" argument allows s_server and s_client to use a unix
domain socket in the filesystem instead of IPv4 ("-connect", "-port",
"-accept", etc). If s_server exits gracefully, such as when "-naccept"
is used and the requested number of SSL/TLS connections have occurred,
then the domain socket file is removed. On ctrl-C, it is likely that
the stale socket file will be left over, such that s_server would
normally fail to restart with the same arguments. For this reason,
s_server also supports an "-unlink" option, which will clean up any
stale socket file before starting.
If you have any reason to want encrypted IPC within an O/S instance,
this concept might come in handy. Otherwise it just demonstrates that
there is nothing about SSL/TLS that limits it to TCP/IP in any way.
(There might also be benchmarking and profiling use in this path, as
unix domain sockets are much lower overhead than connecting over local
IP addresses).
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Diffstat (limited to 'apps/s_apps.h')
| -rw-r--r-- | apps/s_apps.h | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/apps/s_apps.h b/apps/s_apps.h index 3b9f9a0cb7..9d16e45978 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -148,7 +148,14 @@ typedef fd_mask fd_set; #define PORT_STR "4433" #define PROTOCOL "tcp" -int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept); +int do_server(int port, int type, int *ret, + int (*cb)(char *hostname, int s, int stype, unsigned char *context), + unsigned char *context, int naccept); +#ifndef NO_SYS_UN_H +int do_server_unix(const char *path, int *ret, + int (*cb)(char *hostname, int s, int stype, unsigned char *context), + unsigned char *context, int naccept); +#endif #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #endif @@ -162,6 +169,9 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *server, int port, int type); +#ifndef NO_SYS_UN_H +int init_client_unix(int *sock, const char *server); +#endif int should_retry(int i); int extract_port(const char *str, short *port_ptr); int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); |