From a935132099af20a8a742d30f8edcb613e73a368d Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 26 Apr 2014 01:22:54 -0400 Subject: s_client/s_server: support unix domain sockets The "-unix " argument allows s_server and s_client to use a unix domain socket in the filesystem instead of IPv4 ("-connect", "-port", "-accept", etc). If s_server exits gracefully, such as when "-naccept" is used and the requested number of SSL/TLS connections have occurred, then the domain socket file is removed. On ctrl-C, it is likely that the stale socket file will be left over, such that s_server would normally fail to restart with the same arguments. For this reason, s_server also supports an "-unlink" option, which will clean up any stale socket file before starting. If you have any reason to want encrypted IPC within an O/S instance, this concept might come in handy. Otherwise it just demonstrates that there is nothing about SSL/TLS that limits it to TCP/IP in any way. (There might also be benchmarking and profiling use in this path, as unix domain sockets are much lower overhead than connecting over local IP addresses). Signed-off-by: Geoff Thorpe --- apps/s_apps.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'apps/s_apps.h') diff --git a/apps/s_apps.h b/apps/s_apps.h index 3b9f9a0cb7..9d16e45978 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -148,7 +148,14 @@ typedef fd_mask fd_set; #define PORT_STR "4433" #define PROTOCOL "tcp" -int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept); +int do_server(int port, int type, int *ret, + int (*cb)(char *hostname, int s, int stype, unsigned char *context), + unsigned char *context, int naccept); +#ifndef NO_SYS_UN_H +int do_server_unix(const char *path, int *ret, + int (*cb)(char *hostname, int s, int stype, unsigned char *context), + unsigned char *context, int naccept); +#endif #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #endif @@ -162,6 +169,9 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *server, int port, int type); +#ifndef NO_SYS_UN_H +int init_client_unix(int *sock, const char *server); +#endif int should_retry(int i); int extract_port(const char *str, short *port_ptr); int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); -- cgit v1.2.3