summaryrefslogtreecommitdiffstats
path: root/apps/s_server.c
AgeCommit message (Collapse)Author
2019-11-03Add -CAstore and similar to all openssl commands that have -CApathRichard Levitte
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8442)
2019-10-28Fix an s_server arbitrary file read issue on WindowsMatt Caswell
Running s_server in WWW mode on Windows can allow a client to read files outside the s_server directory by including backslashes in the name, e.g. GET /..\myfile.txt HTTP/1.0 There exists a check for this for Unix paths but it is not sufficient for Windows. Since s_server is a test tool no CVE is assigned. Thanks to Jobert Abma for reporting this. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10215)
2019-10-28Cleanup hardcoded cipher suite codepoints in s_serverJohannes Bauer
The hardcoded code points for TLSv1.3 cipher suites are used in the TLS PSK server callback. However, they seem to have been refactored a while ago to use tls13_aes128gcmsha256_id, so these defines are not necessary within the s_server code anymore. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10243)
2019-10-17Replace BUF_ string function calls with OPENSSL_ onesRich Salz
Deprecate the BUF_ string macros Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10207)
2019-08-19Get rid of using deprecated function isasciiDmitry Belyavskiy
Avoid using functions deprecated in some libcs (e.g. uClibc-ng). Fixes #9557 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9628)
2019-05-09Squashed commit of the following:Lorinczy Zsigmond
Add new option '-http_server_binmode' which allows the server to open and send binary files as well as text. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8811)
2019-04-01apps: print Kernel receive side TLS in s_client and s_serverBoris Pismenny
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7848)
2019-03-29Remove heartbeats completelyRichard Levitte
Fixes #4856 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1928)
2019-02-01Fix end-point shared secret for DTLS/SCTPMichael Tuexen
When computing the end-point shared secret, don't take the terminating NULL character into account. Please note that this fix breaks interoperability with older versions of OpenSSL, which are not fixed. Fixes #7956 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7957)
2019-01-31Fix error message for s_server -psk optionweinholtendian
Previously if -psk was given a bad key it would print "Not a hex number 's_server'". CLA: Trivial Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8113)
2018-12-07apps: print Kernel TLS in s_client and s_serverBoris Pismenny
Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-06Following the license change, modify the boilerplates in apps/Richard Levitte
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7765)
2018-11-21openssl s_server: don't use sendto() with connected UDP socketMatthew Hodgson
Fixes #7675 On macOS, if you call `connect()` on a UDP socket you cannot then call `sendto()` with a destination, otherwise it fails with Err#56 ('socket is already connected'). By calling `BIO_ctrl_set_connected()` on the wbio we can tell it that the socket has been connected and make it call `send()` rather than `sendto()`. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7676)
2018-10-19Don't complain and fail about unknown TLSv1.3 PSK identities in s_serverMatt Caswell
An unknown PSK identity could be because its actually a session resumption attempt. Sessions resumptions and external PSKs are indistinguishable so the callbacks need to fail gracefully if they don't recognise the identity. Fixes #7433 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7434)
2018-09-13Don't allow -early_data with other options where it doesn't workMatt Caswell
-early_data is not compatible with -www, -WWW, -HTTP or -rev. Fixes #7200 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7206)
2018-08-30Free SSL object on an error pathMatt Caswell
Thanks to @fangang190 for reporting this Fixes #7061 Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/7065)
2018-07-06Don't fail if the PSK identity doesn't matchMatt Caswell
In 1.1.0 s_server if the PSK identity doesn't match what we have then a warning is printed and we continue the connection anyway. In 1.1.1, if TLSv1.3 is used and the identity doesn't match then we abort the connection. We should really be consistent with the old behaviour. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6659)
2018-07-06Add the ability to configure recv_max_early_data via s_serverMatt Caswell
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6655)
2018-07-02Add the ability to configure anti-replay via SSL_CONFMatt Caswell
This also adds the ability to control this through s_server Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6469)
2018-05-31Free a variable on an error pathMatt Caswell
Issue found by Coverity. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6373)
2018-05-22Enable SSL_MODE_AUTO_RETRY by defaultKurt Roeckx
Because TLS 1.3 sends more non-application data records some clients run into problems because they don't expect SSL_read() to return and set SSL_ERROR_WANT_READ after processing it. This can cause problems for clients that use blocking I/O and use select() to see if data is available. It can be cleared using SSL_CTX_clear_mode(). Reviewed-by: Matt Caswell <matt@openssl.org> GH: #6260
2018-05-20Fix no-srtp build warningsTodd Short
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6255)
2018-05-17Allow configuation of the number of TLSv1.3 session tickets via SSL_CONFMatt Caswell
Also allows the apps to set it. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
2018-05-08Fix s_client and s_server so that they correctly handle the DTLS timerMatt Caswell
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6170)
2018-04-27apps/s_server.c: Avoid unused variable due to 'no-dtls'Richard Levitte
Fixes #6098 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6104)
2018-04-04openssl s_server: print the accepting address and socketRichard Levitte
The line saying ACCEPT is extended with a space followed by the the address and port combination on which s_server accepts connections. The address is written in such a way that s_client should be able to accepts as argument for the '-connect' option. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5843)
2018-03-21Unify s_client/s_server srtp profiles option handlingFdaSilvaYY
Add missing guards around STRP-related fields Remove two unneeded global variables: my 2'cents to #4679 Merge definition and instantiation of srpsrvparm global. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4908)
2018-03-19s_client, s_server: do generic SSL configuration first, specialization afterRichard Levitte
We did the SSL_CONF_cmd() pass last of all things that could affect the SSL ctx. However, the results of this, for example: -max_protocol TLSv1.3 -tls1_2 ... would mean that the protocol min got set to TLSv1.2 and the protocol max to TLSv1.3, when they should clearly both be TLSv1.2. However, if we see the SSL_CONF_cmd() switches as generic and those internal to s_client and s_server as specialisations, we get something that makes a little more sense. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5679)
2018-03-12Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cbBenjamin Saunders
These functions are similar to SSL_CTX_set_cookie_{generate,verify}_cb, but used for the application-controlled portion of TLS1.3 stateless handshake cookies rather than entire DTLSv1 cookies. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5463)
2018-03-09Tolerate TLSv1.3 PSKs that are a different size to the hash sizeMatt Caswell
We also default to SHA256 as per the spec if we do not have an explicit digest defined. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5554)
2018-02-28Do not set a nonzero default max_early_dataBenjamin Kaduk
When early data support was first added, this seemed like a good idea, as it would allow applications to just add SSL_read_early_data() calls as needed and have things "Just Work". However, for applications that do not use TLS 1.3 early data, there is a negative side effect. Having a nonzero max_early_data in a SSL_CTX (and thus, SSL objects derived from it) means that when generating a session ticket, tls_construct_stoc_early_data() will indicate to the client that the server supports early data. This is true, in that the implementation of TLS 1.3 (i.e., OpenSSL) does support early data, but does not necessarily indicate that the server application supports early data, when the default value is nonzero. In this case a well-intentioned client would send early data along with its resumption attempt, which would then be ignored by the server application, a waste of network bandwidth. Since, in order to successfully use TLS 1.3 early data, the application must introduce calls to SSL_read_early_data(), it is not much additional burden to require that the application also calls SSL_{CTX_,}set_max_early_data() in order to enable the feature; doing so closes this scenario where early data packets would be sent on the wire but ignored. Update SSL_read_early_data.pod accordingly, and make s_server and our test programs into applications that are compliant with the new requirements on applications that use early data. Fixes #4725 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5483)
2018-02-13Update copyright yearMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-01Add TLSv1.3 post-handshake authentication (PHA)Todd Short
Add SSL_verify_client_post_handshake() for servers to initiate PHA Add SSL_force_post_handshake_auth() for clients that don't have certificates initially configured, but use a certificate callback. Update SSL_CTX_set_verify()/SSL_set_verify() mode: * Add SSL_VERIFY_POST_HANDSHAKE to postpone client authentication until after the initial handshake. * Update SSL_VERIFY_CLIENT_ONCE now only sends out one CertRequest regardless of when the certificate authentication takes place; either initial handshake, re-negotiation, or post-handshake authentication. Add 'RequestPostHandshake' and 'RequirePostHandshake' SSL_CONF options that add the SSL_VERIFY_POST_HANDSHAKE to the 'Request' and 'Require' options Add support to s_client: * Enabled automatically when cert is configured * Can be forced enabled via -force_pha Add support to s_server: * Use 'c' to invoke PHA in s_server * Remove some dead code Update documentation Update unit tests: * Illegal use of PHA extension * TLSv1.3 certificate tests DTLS and TLS behave ever-so-slightly differently. So, when DTLS1.3 is implemented, it's PHA support state machine may need to be different. Add a TODO and a #error Update handshake context to deal with PHA. The handshake context for TLSv1.3 post-handshake auth is up through the ClientFinish message, plus the CertificateRequest message. Subsequent Certificate, CertificateVerify, and Finish messages are based on this handshake context (not the Certificate message per se, but it's included after the hash). KeyUpdate, NewSessionTicket, and prior Certificate Request messages are not included in post-handshake authentication. After the ClientFinished message is processed, save off the digest state for future post-handshake authentication. When post-handshake auth occurs, copy over the saved handshake context into the "main" handshake digest. This effectively discards the any KeyUpdate or NewSessionTicket messages and any prior post-handshake authentication. This, of course, assumes that the ID-22 did not mean to include any previous post-handshake authentication into the new handshake transcript. This is implied by section 4.4.1 that lists messages only up to the first ClientFinished. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4964)
2018-02-01Remove bad commentsTodd Short
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4964)
2018-01-31apps: Don't include progs.h in apps.hRichard Levitte
Everything in apps includes apps.h, because that one declares apps internal library routines. However, progs.h doesn't declare library routines, but rather the main commands and their options, and there's no reason why the library modules should include it. So, remove the inclusion of progs.h from apps.h and add that inclusion in all command source files. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5222)
2018-01-24Add the ability for s_server to operate statelesslyMatt Caswell
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
2017-12-07Consistent formatting for sizeof(foo)Rich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4872)
2017-11-21Provide a more information early_data message in s_serverMatt Caswell
s_server reported early_data not being sent and early_data being rejected in the same way, i.e. "No early data received". This is slightly misleading so this commit provides a different error message if the early data is rejected. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4738)
2017-11-07style : fix some if(...FdaSilvaYY
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-10-22apps/s_client.c: add missing null checkKaoruToda
apps/s_server.c: remove unnecessary null check Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4558)
2017-10-18Remove parentheses of return.KaoruToda
Since return is inconsistent, I removed unnecessary parentheses and unified them. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4541)
2017-10-09Since return is inconsistent, I removed unnecessary parentheses andKaoruToda
unified them. - return (0); -> return 0; - return (1); -> return 1; - return (-1); -> return -1; Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4500)
2017-09-29Remove unnecessary #include <openssl/lhash.h> directives.Pauli
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4431)
2017-09-23Fix 'key' option in s_server can be in ENGINE keyformPichulin Dmitrii
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Stephen Henson <steve@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4405)
2017-09-21Reenable s_server -dhparam optionBenjamin Kaduk
This option was lost when converting to a table-driven option parser in commit 7e1b7485706c2b11091b5fa897fe496a2faa56cc. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4398)
2017-08-25Ensure we exchange cookies in s_server even if SCTP is disabledMatt Caswell
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4243)
2017-08-22(Re)move some things from e_os.hRich Salz
Remove GETPID_IS_MEANINGLESS and osslargused. Move socket-related things to new file internal/sockets.h; this is now only needed by four(!!!) files. Compiles should be a bit faster. Remove USE_SOCKETS ifdef's Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4209)
2017-08-21Safely display SNI (just in case)Rich Salz
Thanks to Hubert Kario for pointing this out. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4193)
2017-08-09Add missing HTML tag in www_body in s_server.cXiaoyin Liu
In the generated HTML document, the `<pre>` tag is not closed. This patch also has a trivial code-style improvement, unrelated to the bug fix. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4088)
2017-08-03Add a DRBG to each SSL objectRich Salz
Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)