diff options
| author | Matt Caswell <matt@openssl.org> | 2015-01-22 03:40:55 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:20:09 +0000 |
| commit | 0f113f3ee4d629ef9a4a30911b22b224772085e5 (patch) | |
| tree | e014603da5aed1d0751f587a66d6e270b6bda3de /demos/bio | |
| parent | 22b52164aaed31d6e93dbd2d397ace041360e6aa (diff) | |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'demos/bio')
| -rw-r--r-- | demos/bio/client-arg.c | 225 | ||||
| -rw-r--r-- | demos/bio/client-conf.c | 242 | ||||
| -rw-r--r-- | demos/bio/saccept.c | 166 | ||||
| -rw-r--r-- | demos/bio/sconnect.c | 187 | ||||
| -rw-r--r-- | demos/bio/server-arg.c | 268 | ||||
| -rw-r--r-- | demos/bio/server-conf.c | 260 |
6 files changed, 653 insertions, 695 deletions
diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c index cca7a1ed06..dc354cae06 100644 --- a/demos/bio/client-arg.c +++ b/demos/bio/client-arg.c @@ -2,121 +2,110 @@ #include <openssl/ssl.h> int main(int argc, char **argv) - { - BIO *sbio = NULL, *out = NULL; - int len; - char tmpbuf[1024]; - SSL_CTX *ctx; - SSL_CONF_CTX *cctx; - SSL *ssl; - char **args = argv + 1; - const char *connect_str = "localhost:4433"; - int nargs = argc - 1; - - ERR_load_crypto_strings(); - ERR_load_SSL_strings(); - SSL_library_init(); - - ctx = SSL_CTX_new(SSLv23_client_method()); - cctx = SSL_CONF_CTX_new(); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); - SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); - while(*args && **args == '-') - { - int rv; - /* Parse standard arguments */ - rv = SSL_CONF_cmd_argv(cctx, &nargs, &args); - if (rv == -3) - { - fprintf(stderr, "Missing argument for %s\n", *args); - goto end; - } - if (rv < 0) - { - fprintf(stderr, "Error in command %s\n", *args); - ERR_print_errors_fp(stderr); - goto end; - } - /* If rv > 0 we processed something so proceed to next arg */ - if (rv > 0) - continue; - /* Otherwise application specific argument processing */ - if (!strcmp(*args, "-connect")) - { - connect_str = args[1]; - if (connect_str == NULL) - { - fprintf(stderr, "Missing -connect argument\n"); - goto end; - } - args += 2; - nargs -= 2; - continue; - } - else - { - fprintf(stderr, "Unknown argument %s\n", *args); - goto end; - } - } - - if (!SSL_CONF_CTX_finish(cctx)) - { - fprintf(stderr, "Finish error\n"); - ERR_print_errors_fp(stderr); - goto err; - } - - /* We'd normally set some stuff like the verify paths and - * mode here because as things stand this will connect to - * any server whose certificate is signed by any CA. - */ - - sbio = BIO_new_ssl_connect(ctx); - - BIO_get_ssl(sbio, &ssl); - - if(!ssl) - { - fprintf(stderr, "Can't locate SSL pointer\n"); - goto end; - } - - /* Don't want any retries */ - SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - - /* We might want to do other things with ssl here */ - - BIO_set_conn_hostname(sbio, connect_str); - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - if(BIO_do_connect(sbio) <= 0) - { - fprintf(stderr, "Error connecting to server\n"); - ERR_print_errors_fp(stderr); - goto end; - } - - if(BIO_do_handshake(sbio) <= 0) - { - fprintf(stderr, "Error establishing SSL connection\n"); - ERR_print_errors_fp(stderr); - goto end; - } - - /* Could examine ssl here to get connection info */ - - BIO_puts(sbio, "GET / HTTP/1.0\n\n"); - for(;;) - { - len = BIO_read(sbio, tmpbuf, 1024); - if(len <= 0) break; - BIO_write(out, tmpbuf, len); - } - end: - SSL_CONF_CTX_free(cctx); - BIO_free_all(sbio); - BIO_free(out); - return 0; - } - +{ + BIO *sbio = NULL, *out = NULL; + int len; + char tmpbuf[1024]; + SSL_CTX *ctx; + SSL_CONF_CTX *cctx; + SSL *ssl; + char **args = argv + 1; + const char *connect_str = "localhost:4433"; + int nargs = argc - 1; + + ERR_load_crypto_strings(); + ERR_load_SSL_strings(); + SSL_library_init(); + + ctx = SSL_CTX_new(SSLv23_client_method()); + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + while (*args && **args == '-') { + int rv; + /* Parse standard arguments */ + rv = SSL_CONF_cmd_argv(cctx, &nargs, &args); + if (rv == -3) { + fprintf(stderr, "Missing argument for %s\n", *args); + goto end; + } + if (rv < 0) { + fprintf(stderr, "Error in command %s\n", *args); + ERR_print_errors_fp(stderr); + goto end; + } + /* If rv > 0 we processed something so proceed to next arg */ + if (rv > 0) + continue; + /* Otherwise application specific argument processing */ + if (!strcmp(*args, "-connect")) { + connect_str = args[1]; + if (connect_str == NULL) { + fprintf(stderr, "Missing -connect argument\n"); + goto end; + } + args += 2; + nargs -= 2; + continue; + } else { + fprintf(stderr, "Unknown argument %s\n", *args); + goto end; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto err; + } + + /* + * We'd normally set some stuff like the verify paths and * mode here + * because as things stand this will connect to * any server whose + * certificate is signed by any CA. + */ + + sbio = BIO_new_ssl_connect(ctx); + + BIO_get_ssl(sbio, &ssl); + + if (!ssl) { + fprintf(stderr, "Can't locate SSL pointer\n"); + goto end; + } + + /* Don't want any retries */ + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + + /* We might want to do other things with ssl here */ + + BIO_set_conn_hostname(sbio, connect_str); + + out = BIO_new_fp(stdout, BIO_NOCLOSE); + if (BIO_do_connect(sbio) <= 0) { + fprintf(stderr, "Error connecting to server\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + if (BIO_do_handshake(sbio) <= 0) { + fprintf(stderr, "Error establishing SSL connection\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + /* Could examine ssl here to get connection info */ + + BIO_puts(sbio, "GET / HTTP/1.0\n\n"); + for (;;) { + len = BIO_read(sbio, tmpbuf, 1024); + if (len <= 0) + break; + BIO_write(out, tmpbuf, len); + } + end: + SSL_CONF_CTX_free(cctx); + BIO_free_all(sbio); + BIO_free(out); + return 0; +} diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c index 191615a9ac..150e7fcf83 100644 --- a/demos/bio/client-conf.c +++ b/demos/bio/client-conf.c @@ -3,130 +3,118 @@ #include <openssl/conf.h> int main(int argc, char **argv) - { - BIO *sbio = NULL, *out = NULL; - int i, len, rv; - char tmpbuf[1024]; - SSL_CTX *ctx = NULL; - SSL_CONF_CTX *cctx = NULL; - SSL *ssl = NULL; - CONF *conf = NULL; - STACK_OF(CONF_VALUE) *sect = NULL; - CONF_VALUE *cnf; - const char *connect_str = "localhost:4433"; - long errline = -1; - - ERR_load_crypto_strings(); - ERR_load_SSL_strings(); - SSL_library_init(); - - conf = NCONF_new(NULL); - - if (NCONF_load(conf, "connect.cnf", &errline) <= 0) - { - if (errline <= 0) - fprintf(stderr, "Error processing config file\n"); - else - fprintf(stderr, "Error on line %ld\n", errline); - goto end; - } - - sect = NCONF_get_section(conf, "default"); - - if (sect == NULL) - { - fprintf(stderr, "Error retrieving default section\n"); - goto end; - } - - ctx = SSL_CTX_new(SSLv23_client_method()); - cctx = SSL_CONF_CTX_new(); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); - SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); - for (i = 0; i < sk_CONF_VALUE_num(sect); i++) - { - cnf = sk_CONF_VALUE_value(sect, i); - rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value); - if (rv > 0) - continue; - if (rv != -2) - { - fprintf(stderr, "Error processing %s = %s\n", - cnf->name, cnf->value); - ERR_print_errors_fp(stderr); - goto end; - } - if (!strcmp(cnf->name, "Connect")) - { - connect_str = cnf->value; - } - else - { - fprintf(stderr, "Unknown configuration option %s\n", - cnf->name); - goto end; - } - } - - if (!SSL_CONF_CTX_finish(cctx)) - { - fprintf(stderr, "Finish error\n"); - ERR_print_errors_fp(stderr); - goto err; - } - - /* We'd normally set some stuff like the verify paths and - * mode here because as things stand this will connect to - * any server whose certificate is signed by any CA. - */ - - sbio = BIO_new_ssl_connect(ctx); - - BIO_get_ssl(sbio, &ssl); - - if(!ssl) - { - fprintf(stderr, "Can't locate SSL pointer\n"); - goto end; - } - - /* Don't want any retries */ - SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); - - /* We might want to do other things with ssl here */ - - BIO_set_conn_hostname(sbio, connect_str); - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - if(BIO_do_connect(sbio) <= 0) - { - fprintf(stderr, "Error connecting to server\n"); - ERR_print_errors_fp(stderr); - goto end; - } - - if(BIO_do_handshake(sbio) <= 0) - { - fprintf(stderr, "Error establishing SSL connection\n"); - ERR_print_errors_fp(stderr); - goto end; - } - - /* Could examine ssl here to get connection info */ - - BIO_puts(sbio, "GET / HTTP/1.0\n\n"); - for(;;) - { - len = BIO_read(sbio, tmpbuf, 1024); - if(len <= 0) break; - BIO_write(out, tmpbuf, len); - } - end: - SSL_CONF_CTX_free(cctx); - BIO_free_all(sbio); - BIO_free(out); - NCONF_free(conf); - return 0; - } - +{ + BIO *sbio = NULL, *out = NULL; + int i, len, rv; + char tmpbuf[1024]; + SSL_CTX *ctx = NULL; + SSL_CONF_CTX *cctx = NULL; + SSL *ssl = NULL; + CONF *conf = NULL; + STACK_OF(CONF_VALUE) *sect = NULL; + CONF_VALUE *cnf; + const char *connect_str = "localhost:4433"; + long errline = -1; + + ERR_load_crypto_strings(); + ERR_load_SSL_strings(); + SSL_library_init(); + + conf = NCONF_new(NULL); + + if (NCONF_load(conf, "connect.cnf", &errline) <= 0) { + if (errline <= 0) + fprintf(stderr, "Error processing config file\n"); + else + fprintf(stderr, "Error on line %ld\n", errline); + goto end; + } + + sect = NCONF_get_section(conf, "default"); + + if (sect == NULL) { + fprintf(stderr, "Error retrieving default section\n"); + goto end; + } + + ctx = SSL_CTX_new(SSLv23_client_method()); + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { + cnf = sk_CONF_VALUE_value(sect, i); + rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value); + if (rv > 0) + continue; + if (rv != -2) { + fprintf(stderr, "Error processing %s = %s\n", + cnf->name, cnf->value); + ERR_print_errors_fp(stderr); + goto end; + } + if (!strcmp(cnf->name, "Connect")) { + connect_str = cnf->value; + } else { + fprintf(stderr, "Unknown configuration option %s\n", cnf->name); + goto end; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto err; + } + + /* + * We'd normally set some stuff like the verify paths and * mode here + * because as things stand this will connect to * any server whose + * certificate is signed by any CA. + */ + + sbio = BIO_new_ssl_connect(ctx); + + BIO_get_ssl(sbio, &ssl); + + if (!ssl) { + fprintf(stderr, "Can't locate SSL pointer\n"); + goto end; + } + + /* Don't want any retries */ + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + + /* We might want to do other things with ssl here */ + + BIO_set_conn_hostname(sbio, connect_str); + + out = BIO_new_fp(stdout, BIO_NOCLOSE); + if (BIO_do_connect(sbio) <= 0) { + fprintf(stderr, "Error connecting to server\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + if (BIO_do_handshake(sbio) <= 0) { + fprintf(stderr, "Error establishing SSL connection\n"); + ERR_print_errors_fp(stderr); + goto end; + } + + /* Could examine ssl here to get connection info */ + + BIO_puts(sbio, "GET / HTTP/1.0\n\n"); + for (;;) { + len = BIO_read(sbio, tmpbuf, 1024); + if (len <= 0) + break; + BIO_write(out, tmpbuf, len); + } + end: + SSL_CONF_CTX_free(cctx); + BIO_free_all(sbio); + BIO_free(out); + NCONF_free(conf); + return 0; +} diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c index 0686fd1e06..8c75029384 100644 --- a/demos/bio/saccept.c +++ b/demos/bio/saccept.c @@ -16,89 +16,93 @@ #include <openssl/err.h> #include <openssl/ssl.h> -#define CERT_FILE "server.pem" +#define CERT_FILE "server.pem" -BIO *in=NULL; +BIO *in = NULL; void close_up() - { - if (in != NULL) - BIO_free(in); - } +{ + if (in != NULL) + BIO_free(in); +} int main(int argc, char *argv[]) - { - char *port=NULL; - BIO *ssl_bio,*tmp; - SSL_CTX *ctx; - char buf[512]; - int ret=1,i; - - if (argc <= 1) - port="*:4433"; - else - port=argv[1]; - - signal(SIGINT,close_up); - - SSL_load_error_strings(); - - /* Add ciphers and message digests */ - OpenSSL_add_ssl_algorithms(); - - ctx=SSL_CTX_new(SSLv23_server_method()); - if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM)) - goto err; - if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM)) - goto err; - if (!SSL_CTX_check_private_key(ctx)) - goto err; - - /* Setup server side SSL bio */ - ssl_bio=BIO_new_ssl(ctx,0); - - if ((in=BIO_new_accept(port)) == NULL) goto err; - - /* This means that when a new connection is accepted on 'in', - * The ssl_bio will be 'duplicated' and have the new socket - * BIO push into it. Basically it means the SSL BIO will be - * automatically setup */ - BIO_set_accept_bios(in,ssl_bio); - -again: - /* The first call will setup the accept socket, and the second - * will get a socket. In this loop, the first actual accept - * will occur in the BIO_read() function. */ - - if (BIO_do_accept(in) <= 0) goto err; - - for (;;) - { - i=BIO_read(in,buf,512); - if (i == 0) - { - /* If we have finished, remove the underlying - * BIO stack so the next time we call any function - * for this BIO, it will attempt to do an - * accept */ - printf("Done\n"); - tmp=BIO_pop(in); - BIO_free_all(tmp); - goto again; - } - if (i < 0) goto err; - fwrite(buf,1,i,stdout); - fflush(stdout); - } - - ret=0; -err: - if (ret) - { - ERR_print_errors_fp(stderr); - } - if (in != NULL) BIO_free(in); - exit(ret); - return(!ret); - } - +{ + char *port = NULL; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + char buf[512]; + int ret = 1, i; + + if (argc <= 1) + port = "*:4433"; + else + port = argv[1]; + + signal(SIGINT, close_up); + + SSL_load_error_strings(); + + /* Add ciphers and message digests */ + OpenSSL_add_ssl_algorithms(); + + ctx = SSL_CTX_new(SSLv23_server_method()); + if (!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) + goto err; + if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) + goto err; + if (!SSL_CTX_check_private_key(ctx)) + goto err; + + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + for (;;) { + i = BIO_read(in, buf, 512); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) + goto err; + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = 0; + err: + if (ret) { + ERR_print_errors_fp(stderr); + } + if (in != NULL) + BIO_free(in); + exit(ret); + return (!ret); +} diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c index d15c4132e5..e6eddb1c05 100644 --- a/demos/bio/sconnect.c +++ b/demos/bio/sconnect.c @@ -16,107 +16,98 @@ extern int errno; -int main(argc,argv) +int main(argc, argv) int argc; char *argv[]; - { - char *host; - BIO *out; - char buf[1024*10],*p; - SSL_CTX *ssl_ctx=NULL; - SSL *ssl; - BIO *ssl_bio; - int i,len,off,ret=1; - - if (argc <= 1) - host="localhost:4433"; - else - host=argv[1]; +{ + char *host; + BIO *out; + char buf[1024 * 10], *p; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl; + BIO *ssl_bio; + int i, len, off, ret = 1; + + if (argc <= 1) + host = "localhost:4433"; + else + host = argv[1]; #ifdef WATT32 - dbug_init(); - sock_init(); + dbug_init(); + sock_init(); #endif - /* Lets get nice error messages */ - SSL_load_error_strings(); - - /* Setup all the global SSL stuff */ - OpenSSL_add_ssl_algorithms(); - ssl_ctx=SSL_CTX_new(SSLv23_client_method()); - - /* Lets make a SSL structure */ - ssl=SSL_new(ssl_ctx); - SSL_set_connect_state(ssl); - - /* Use it inside an SSL BIO */ - ssl_bio=BIO_new(BIO_f_ssl()); - BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE); - - /* Lets use a connect BIO under the SSL BIO */ - out=BIO_new(BIO_s_connect()); - BIO_set_conn_hostname(out,host); - BIO_set_nbio(out,1); - out=BIO_push(ssl_bio,out); - - p="GET / HTTP/1.0\r\n\r\n"; - len=strlen(p); - - off=0; - for (;;) - { - i=BIO_write(out,&(p[off]),len); - if (i <= 0) - { - if (BIO_should_retry(out)) - { - fprintf(stderr,"write DELAY\n"); - sleep(1); - continue; - } - else - { - goto err; - } - } - off+=i; - len-=i; - if (len <= 0) break; - } - - for (;;) - { - i=BIO_read(out,buf,sizeof(buf)); - if (i == 0) break; - if (i < 0) - { - if (BIO_should_retry(out)) - { - fprintf(stderr,"read DELAY\n"); - sleep(1); - continue; - } - goto err; - } - fwrite(buf,1,i,stdout); - } - - ret=1; - - if (0) - { -err: - if (ERR_peek_error() == 0) /* system call error */ - { - fprintf(stderr,"errno=%d ",errno); - perror("error"); - } - else - ERR_print_errors_fp(stderr); - } - BIO_free_all(out); - if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx); - exit(!ret); - return(ret); - } - + /* Lets get nice error messages */ + SSL_load_error_strings(); + + /* Setup all the global SSL stuff */ + OpenSSL_add_ssl_algorithms(); + ssl_ctx = SSL_CTX_new(SSLv23_client_method()); + + /* Lets make a SSL structure */ + ssl = SSL_new(ssl_ctx); + SSL_set_connect_state(ssl); + + /* Use it inside an SSL BIO */ + ssl_bio = BIO_new(BIO_f_ssl()); + BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); + + /* Lets use a connect BIO under the SSL BIO */ + out = BIO_new(BIO_s_connect()); + BIO_set_conn_hostname(out, host); + BIO_set_nbio(out, 1); + out = BIO_push(ssl_bio, out); + + p = "GET / HTTP/1.0\r\n\r\n"; + len = strlen(p); + + off = 0; + for (;;) { + i = BIO_write(out, &(p[off]), len); + if (i <= 0) { + if (BIO_should_retry(out)) { + fprintf(stderr, "write DELAY\n"); + sleep(1); + continue; + } else { + goto err; + } + } + off += i; + len -= i; + if (len <= 0) + break; + } + + for (;;) { + i = BIO_read(out, buf, sizeof(buf)); + if (i == 0) + break; + if (i < 0) { + if (BIO_should_retry(out)) { + fprintf(stderr, "read DELAY\n"); + sleep(1); + continue; + } + goto err; + } + fwrite(buf, 1, i, stdout); + } + + ret = 1; + + if (0) { + err: + if (ERR_peek_error() == 0) { /* system call error */ + fprintf(stderr, "errno=%d ", errno); + perror("error"); + } else + ERR_print_errors_fp(stderr); + } + BIO_free_all(out); + if (ssl_ctx != NULL) + SSL_CTX_free(ssl_ctx); + exit(!ret); + return (ret); +} diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c index 0d432a4762..1d0e1db234 100644 --- a/demos/bio/server-arg.c +++ b/demos/bio/server-arg.c @@ -1,11 +1,10 @@ /* NOCW */ /* demos/bio/server-arg.c */ -/* A minimal program to serve an SSL connection. - * It uses blocking. - * It use the SSL_CONF API with the command line. - * - * cc -I../../include server-arg.c -L../.. -lssl -lcrypto -ldl +/* + * A minimal program to serve an SSL connection. It uses blocking. It use the + * SSL_CONF API with the command line. cc -I../../include server-arg.c + * -L../.. -lssl -lcrypto -ldl */ #include <stdio.h> @@ -13,138 +12,133 @@ #include <openssl/err.h> #include <openssl/ssl.h> - int main(int argc, char *argv[]) - { - char *port = "*:4433"; - BIO *ssl_bio,*tmp; - SSL_CTX *ctx; - SSL_CONF_CTX *cctx; - char buf[512]; - BIO *in=NULL; - int ret=1,i; - char **args = argv + 1; - int nargs = argc - 1; - - SSL_load_error_strings(); - - /* Add ciphers and message digests */ - OpenSSL_add_ssl_algorithms(); - - ctx=SSL_CTX_new(SSLv23_server_method()); - - cctx = SSL_CONF_CTX_new(); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); - SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); - while(*args && **args == '-') - { - int rv; - /* Parse standard arguments */ - rv = SSL_CONF_cmd_argv(cctx, &nargs, &args); - if (rv == -3) - { - fprintf(stderr, "Missing argument for %s\n", *args); - goto err; - } - if (rv < 0) - { - fprintf(stderr, "Error in command %s\n", *args); - ERR_print_errors_fp(stderr); - goto err; - } - /* If rv > 0 we processed something so proceed to next arg */ - if (rv > 0) - continue; - /* Otherwise application specific argument processing */ - if (!strcmp(*args, "-port")) - { - port = args[1]; - if (port == NULL) - { - fprintf(stderr, "Missing -port argument\n"); - goto err; - } - args += 2; - nargs -= 2; - continue; - } - else - { - fprintf(stderr, "Unknown argument %s\n", *args); - goto err; - } - } - - if (!SSL_CONF_CTX_finish(cctx)) - { - fprintf(stderr, "Finish error\n"); - ERR_print_errors_fp(stderr); - goto err; - } +{ + char *port = "*:4433"; + BIO *ssl_bio, *tmp; + SSL_CTX *ctx; + SSL_CONF_CTX *cctx; + char buf[512]; + BIO *in = NULL; + int ret = 1, i; + char **args = argv + 1; + int nargs = argc - 1; + + SSL_load_error_strings(); + + /* Add ciphers and message digests */ + OpenSSL_add_ssl_algorithms(); + + ctx = SSL_CTX_new(SSLv23_server_method()); + + cctx = SSL_CONF_CTX_new(); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); + SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + while (*args && **args == '-') { + int rv; + /* Parse standard arguments */ + rv = SSL_CONF_cmd_argv(cctx, &nargs, &args); + if (rv == -3) { + fprintf(stderr, "Missing argument for %s\n", *args); + goto err; + } + if (rv < 0) { + fprintf(stderr, "Error in command %s\n", *args); + ERR_print_errors_fp(stderr); + goto err; + } + /* If rv > 0 we processed something so proceed to next arg */ + if (rv > 0) + continue; + /* Otherwise application specific argument processing */ + if (!strcmp(*args, "-port")) { + port = args[1]; + if (port == NULL) { + fprintf(stderr, "Missing -port argument\n"); + goto err; + } + args += 2; + nargs -= 2; + continue; + } else { + fprintf(stderr, "Unknown argument %s\n", *args); + goto err; + } + } + + if (!SSL_CONF_CTX_finish(cctx)) { + fprintf(stderr, "Finish error\n"); + ERR_print_errors_fp(stderr); + goto err; + } #if 0 - /* Demo of how to iterate over all certificates in an SSL_CTX - * structure. - */ - { - X509 *x; - int rv; - rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST); - while (rv) - { - X509 *x = SSL_CTX_get0_certificate(ctx); - X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0, XN_FLAG_ONELINE); - printf("\n"); - rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT); - } - fflush(stdout); - } + /* + * Demo of how to iterate over all certificates in an SSL_CTX structure. + */ + { + X509 *x; + int rv; + rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST); + while (rv) { + X509 *x = SSL_CTX_get0_certificate(ctx); + X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0, + XN_FLAG_ONELINE); + printf("\n"); + rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT); + } + fflush(stdout); + } #endif - /* Setup server side SSL bio */ - ssl_bio=BIO_new_ssl(ctx,0); - - if ((in=BIO_new_accept(port)) == NULL) goto err; - - /* This means that when a new connection is accepted on 'in', - * The ssl_bio will be 'duplicated' and have the new socket - * BIO push into it. Basically it means the SSL BIO will be - * automatically setup */ - BIO_set_accept_bios(in,ssl_bio); - -again: - /* The first call will setup the accept socket, and the second - * will get a socket. In this loop, the first actual accept - * will occur in the BIO_read() function. */ - - if (BIO_do_accept(in) <= 0) goto err; - - for (;;) - { - i=BIO_read(in,buf,512); - if (i == 0) - { - /* If we have finished, remove the underlying - * BIO stack so the next time we call any function - * for this BIO, it will attempt to do an - * accept */ - printf("Done\n"); - tmp=BIO_pop(in); - BIO_free_all(tmp); - goto again; - } - if (i < 0) goto err; - fwrite(buf,1,i,stdout); - fflush(stdout); - } - - ret=0; -err: - if (ret) - { - ERR_print_errors_fp(stderr); - } - if (in != NULL) BIO_free(in); - exit(ret); - return(!ret); - } - + /* Setup server side SSL bio */ + ssl_bio = BIO_new_ssl(ctx, 0); + + if ((in = BIO_new_accept(port)) == NULL) + goto err; + + /* + * This means that when a new connection is accepted on 'in', The ssl_bio + * will be 'duplicated' and have the new socket BIO push into it. + * Basically it means the SSL BIO will be automatically setup + */ + BIO_set_accept_bios(in, ssl_bio); + + again: + /* + * The first call will setup the accept socket, and the second will get a + * socket. In this loop, the first actual accept will occur in the + * BIO_read() function. + */ + + if (BIO_do_accept(in) <= 0) + goto err; + + for (;;) { + i = BIO_read(in, buf, 512); + if (i == 0) { + /* + * If we have finished, remove the underlying BIO stack so the + * next time we call any function for this BIO, it will attempt + * to do an accept + */ + printf("Done\n"); + tmp = BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) + goto err; + fwrite(buf, 1, i, stdout); + fflush(stdout); + } + + ret = 0; + err: + if (ret) { + ERR_print_errors_fp(stderr); + } + if (in != NULL) + BIO_free(in); + exit(ret); + return (!ret); +} diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c index 0d940f0f77..a09bc9320d 100644 --- a/demos/bio/server-conf.c +++ b/demos/bio/server-conf.c @@ -1,11 +1,10 @@ /* NOCW */ /* demos/bio/saccept-conf.c */ -/* A minimal program to serve an SSL connection. - * It u |