1/* apps/s_server.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to.  The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 *    notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 *    notice, this list of conditions and the following disclaimer in the
30 *    documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 *    must display the following acknowledgement:
33 *    "This product includes cryptographic software written by
34 *     Eric Young (eay@cryptsoft.com)"
35 *    The word 'cryptographic' can be left out if the rouines from the library
36 *    being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 *    the apps directory (application code) you must include an acknowledgement:
39 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 *    notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 *    notice, this list of conditions and the following disclaimer in
70 *    the documentation and/or other materials provided with the
71 *    distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 *    software must display the following acknowledgment:
75 *    "This product includes software developed by the OpenSSL Project
76 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 *    endorse or promote products derived from this software without
80 *    prior written permission. For written permission, please contact
81 *    openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 *    nor may "OpenSSL" appear in their names without prior written
85 *    permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 *    acknowledgment:
89 *    "This product includes software developed by the OpenSSL Project
90 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com).  This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117/* Until the key-gen callbacks are modified to use newer prototypes, we allow
118 * deprecated functions for openssl-internal code */
119#ifdef OPENSSL_NO_DEPRECATED
120#undef OPENSSL_NO_DEPRECATED
121#endif
122
123#include <assert.h>
124#include <stdio.h>
125#include <stdlib.h>
126#include <string.h>
127
128#include <sys/stat.h>
129#include <openssl/e_os2.h>
130#ifdef OPENSSL_NO_STDIO
131#define APPS_WIN16
132#endif
133
134#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
135#include <sys/types.h>
136#endif
137
138/* With IPv6, it looks like Digital has mixed up the proper order of
139   recursive header file inclusion, resulting in the compiler complaining
140   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
141   is needed to have fileno() declared correctly...  So let's define u_int */
142#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
143#define __U_INT
144typedef unsigned int u_int;
145#endif
146
147#include <openssl/lhash.h>
148#include <openssl/bn.h>
149#define USE_SOCKETS
150#include "apps.h"
151#include <openssl/err.h>
152#include <openssl/pem.h>
153#include <openssl/x509.h>
154#include <openssl/ssl.h>
155#include <openssl/rand.h>
156#include <openssl/ocsp.h>
157#ifndef OPENSSL_NO_DH
158#include <openssl/dh.h>
159#endif
160#ifndef OPENSSL_NO_RSA
161#include <openssl/rsa.h>
162#endif
163#include "s_apps.h"
164#include "timeouts.h"
165
166#ifdef OPENSSL_SYS_WINCE
167/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
168#ifdef fileno
169#undef fileno
170#endif
171#define fileno(a) (int)_fileno(a)
172#endif
173
174#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
175/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
176#undef FIONBIO
177#endif
178
179#ifndef OPENSSL_NO_RSA
180static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
181#endif
182static int sv_body(char *hostname, int s, unsigned char *context);
183static int www_body(char *hostname, int s, unsigned char *context);
184static void close_accept_socket(void );
185static void sv_usage(void);
186static int init_ssl_connection(SSL *s);
187static void print_stats(BIO *bp,SSL_CTX *ctx);
188static int generate_session_id(const SSL *ssl, unsigned char *id,
189				unsigned int *id_len);
190#ifndef OPENSSL_NO_DH
191static DH *load_dh_param(const char *dhfile);
192static DH *get_dh512(void);
193#endif
194
195#ifdef MONOLITH
196static void s_server_init(void);
197#endif
198
199#ifndef S_ISDIR
200# if defined(_S_IFMT) && defined(_S_IFDIR)
201#  define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
202# else
203#  define S_ISDIR(a)	(((a) & S_IFMT) == S_IFDIR)
204# endif
205#endif
206
207#ifndef OPENSSL_NO_DH
208static unsigned char dh512_p[]={
209	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
210	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
211	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
212	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
213	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
214	0x47,0x74,0xE8,0x33,
215	};
216static unsigned char dh512_g[]={
217	0x02,
218	};
219
220static DH *get_dh512(void)
221	{
222	DH *dh=NULL;
223
224	if ((dh=DH_new()) == NULL) return(NULL);
225	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
226	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
227	if ((dh->p == NULL) || (dh->g == NULL))
228		return(NULL);
229	return(dh);
230	}
231#endif
232
233
234/* static int load_CA(SSL_CTX *ctx, char *file);*/
235
236#undef BUFSIZZ
237#define BUFSIZZ	16*1024
238static int bufsize=BUFSIZZ;
239static int accept_socket= -1;
240
241#define TEST_CERT	"server.pem"
242#ifndef OPENSSL_NO_TLSEXT
243#define TEST_CERT2	"server2.pem"
244#endif
245#undef PROG
246#define PROG		s_server_main
247
248extern int verify_depth;
249
250static char *cipher=NULL;
251static int s_server_verify=SSL_VERIFY_NONE;
252static int s_server_session_id_context = 1; /* anything will do */
253static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;
254#ifndef OPENSSL_NO_TLSEXT
255static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
256#endif
257static char *s_dcert_file=NULL,*s_dkey_file=NULL;
258#ifdef FIONBIO
259static int s_nbio=0;
260#endif
261static int s_nbio_test=0;
262int s_crlf=0;
263static SSL_CTX *ctx=NULL;
264#ifndef OPENSSL_NO_TLSEXT
265static SSL_CTX *ctx2=NULL;
266#endif
267static int www=0;
268
269static BIO *bio_s_out=NULL;
270static int s_debug=0;
271#ifndef OPENSSL_NO_TLSEXT
272static int s_tlsextdebug=0;
273static int s_tlsextstatus=0;
274static int cert_status_cb(SSL *s, void *arg);
275#endif
276static int s_msg=0;
277static int s_quiet=0;
278
279static int hack=0;
280#ifndef OPENSSL_NO_ENGINE
281static char *engine_id=NULL;
282#endif
283static const char *session_id_prefix=NULL;
284
285static int enable_timeouts = 0;
286static long socket_mtu;
287#ifndef OPENSSL_NO_DTLS1
288static int cert_chain = 0;
289#endif
290
291
292#ifdef MONOLITH
293static void s_server_init(void)
294	{
295	accept_socket=-1;
296	cipher=NULL;
297	s_server_verify=SSL_VERIFY_NONE;
298	s_dcert_file=NULL;
299	s_dkey_file=NULL;
300	s_cert_file=TEST_CERT;
301	s_key_file=NULL;
302#ifndef OPENSSL_NO_TLSEXT
303	s_cert_file2=TEST_CERT2;
304	s_key_file2=NULL;
305	ctx2=NULL;
306#endif
307#ifdef FIONBIO
308	s_nbio=0;
309#endif
310	s_nbio_test=0;
311	ctx=NULL;
312	www=0;
313
314	bio_s_out=NULL;
315	s_debug=0;
316	s_msg=0;
317	s_quiet=0;
318	hack=0;
319#ifndef OPENSSL_NO_ENGINE
320	engine_id=NULL;
321#endif
322	}
323#endif
324
325static void sv_usage(void)
326	{
327	BIO_printf(bio_err,"usage: s_server [args ...]\n");
328	BIO_printf(bio_err,"\n");
329	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d)\n",PORT);
330	BIO_printf(bio_err," -context arg  - set session ID context\n");
331	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
332	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
333	BIO_printf(bio_err," -cert arg     - certificate file to use\n");
334	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
335	BIO_printf(bio_err," -crl_check    - check the peer certificate has not been revoked by its CA.\n" \
336	                   "                 The CRL(s) are appended to the certificate file\n");
337	BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
338	                   "                 or any other CRL in the CA chain. CRL(s) are appened to the\n" \
339	                   "                 the certificate file.\n");
340	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
341	BIO_printf(bio_err," -key arg      - Private Key file to use, in cert file if\n");
342	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);
343	BIO_printf(bio_err," -keyform arg  - key format (PEM, DER or ENGINE) PEM default\n");
344	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
345	BIO_printf(bio_err," -dcert arg    - second certificate file to use (usually for DSA)\n");
346	BIO_printf(bio_err," -dcertform x  - second certificate format (PEM or DER) PEM default\n");
347	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");
348	BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
349	BIO_printf(bio_err," -dpass arg    - second private key file pass phrase source\n");
350	BIO_printf(bio_err," -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
351	BIO_printf(bio_err,"                 or a default set of parameters is used\n");
352#ifndef OPENSSL_NO_ECDH
353	BIO_printf(bio_err," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
354	                   "                 Use \"openssl ecparam -list_curves\" for all names\n" \
355	                   "                 (default is sect163r2).\n");
356#endif
357#ifdef FIONBIO
358	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
359#endif
360	BIO_printf(bio_err," -nbio_test    - test with the non-blocking test bio\n");
361	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
362	BIO_printf(bio_err," -debug        - Print more output\n");
363	BIO_printf(bio_err," -msg          - Show protocol messages\n");
364	BIO_printf(bio_err," -state        - Print the SSL states\n");
365	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
366	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
367	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
368	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
369	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
370	BIO_printf(bio_err," -quiet        - No server output\n");
371	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
372	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
373	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
374	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
375	BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");
376	BIO_printf(bio_err," -timeout      - Enable timeouts\n");
377	BIO_printf(bio_err," -mtu          - Set link layer MTU\n");
378	BIO_printf(bio_err," -chain        - Read a certificate chain\n");
379	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
380	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
381	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
382#ifndef OPENSSL_NO_DH
383	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
384#endif
385#ifndef OPENSSL_NO_ECDH
386	BIO_printf(bio_err," -no_ecdhe     - Disable ephemeral ECDH\n");
387#endif
388	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
389	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
390	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
391	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
392        BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");
393#ifndef OPENSSL_NO_ENGINE
394	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
395#endif
396	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
397	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
398#ifndef OPENSSL_NO_TLSEXT
399	BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");
400	BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
401	BIO_printf(bio_err," -cert2 arg    - certificate file to use for servername\n");
402	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT2);
403	BIO_printf(bio_err," -key2 arg     - Private Key file to use for servername, in cert file if\n");
404	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);
405	BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");
406	BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");
407	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
408#endif
409	}
410
411static int local_argc=0;
412static char **local_argv;
413
414#ifdef CHARSET_EBCDIC
415static int ebcdic_new(BIO *bi);
416static int ebcdic_free(BIO *a);
417static int ebcdic_read(BIO *b, char *out, int outl);
418static int ebcdic_write(BIO *b, const char *in, int inl);
419static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
420static int ebcdic_gets(BIO *bp, char *buf, int size);
421static int ebcdic_puts(BIO *bp, const char *str);
422
423#define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
424static BIO_METHOD methods_ebcdic=
425	{
426	BIO_TYPE_EBCDIC_FILTER,
427	"EBCDIC/ASCII filter",
428	ebcdic_write,
429	ebcdic_read,
430	ebcdic_puts,
431	ebcdic_gets,
432	ebcdic_ctrl,
433	ebcdic_new,
434	ebcdic_free,
435	};
436
437typedef struct
438{
439	size_t	alloced;
440	char	buff[1];
441} EBCDIC_OUTBUFF;
442
443BIO_METHOD *BIO_f_ebcdic_filter()
444{
445	return(&methods_ebcdic);
446}
447
448static int ebcdic_new(BIO *bi)
449{
450	EBCDIC_OUTBUFF *wbuf;
451
452	wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
453	wbuf->alloced = 1024;
454	wbuf->buff[0] = '\0';
455
456	bi->ptr=(char *)wbuf;
457	bi->init=1;
458	bi->flags=0;
459	return(1);
460}
461
462static int ebcdic_free(BIO *a)
463{
464	if (a == NULL) return(0);
465	if (a->ptr != NULL)
466		OPENSSL_free(a->ptr);
467	a->ptr=NULL;
468	a->init=0;
469	a->flags=0;
470	return(1);
471}
472
473static int ebcdic_read(BIO *b, char *out, int outl)
474{
475	int ret=0;
476
477	if (out == NULL || outl == 0) return(0);
478	if (b->next_bio == NULL) return(0);
479
480	ret=BIO_read(b->next_bio,out,outl);
481	if (ret > 0)
482		ascii2ebcdic(out,out,ret);
483	return(ret);
484}
485
486static int ebcdic_write(BIO *b, const char *in, int inl)
487{
488	EBCDIC_OUTBUFF *wbuf;
489	int ret=0;
490	int num;
491	unsigned char n;
492
493	if ((in == NULL) || (inl <= 0)) return(0);
494	if (b->next_bio == NULL) return(0);
495
496	wbuf=(EBCDIC_OUTBUFF *)b->ptr;
497
498	if (inl > (num = wbuf->alloced))
499	{
500		num = num + num;  /* double the size */
501		if (num < inl)
502			num = inl;
503		OPENSSL_free(wbuf);
504		wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
505
506		wbuf->alloced = num;
507		wbuf->buff[0] = '\0';
508
509		b->ptr=(char *)wbuf;
510	}
511
512	ebcdic2ascii(wbuf->buff, in, inl);
513
514	ret=BIO_write(b->next_bio, wbuf->buff, inl);
515
516	return(ret);
517}
518
519static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
520{
521	long ret;
522
523	if (b->next_bio == NULL) return(0);
524	switch (cmd)
525	{
526	case BIO_CTRL_DUP:
527		ret=0L;
528		break;
529	default:
530		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
531		break;
532	}
533	return(ret);
534}
535
536static int ebcdic_gets(BIO *bp, char *buf, int size)
537{
538	int i, ret=0;
539	if (bp->next_bio == NULL) return(0);
540/*	return(BIO_gets(bp->next_bio,buf,size));*/
541	for (i=0; i<size-1; ++i)
542	{
543		ret = ebcdic_read(bp,&buf[i],1);
544		if (ret <= 0)
545			break;
546		else if (buf[i] == '\n')
547		{
548			++i;
549			break;
550		}
551	}
552	if (i < size)
553		buf[i] = '\0';
554	return (ret < 0 && i == 0) ? ret : i;
555}
556
557static int ebcdic_puts(BIO *bp, const char *str)
558{
559	if (bp->next_bio == NULL) return(0);
560	return ebcdic_write(bp, str, strlen(str));
561}
562#endif
563
564#ifndef OPENSSL_NO_TLSEXT
565
566/* This is a context that we pass to callbacks */
567typedef struct tlsextctx_st {
568   char * servername;
569   BIO * biodebug;
570   int extension_error;
571} tlsextctx;
572
573
574static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
575	{
576	tlsextctx * p = (tlsextctx *) arg;
577	const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
578        if (servername && p->biodebug)
579		BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);
580
581	if (!p->servername)
582		return SSL_TLSEXT_ERR_NOACK;
583
584	if (servername)
585		{
586    		if (strcmp(servername,p->servername))
587			return p->extension_error;
588		if (ctx2)
589			{
590			BIO_printf(p->biodebug,"Swiching server context.\n");
591			SSL_set_SSL_CTX(s,ctx2);
592			}
593		}
594	return SSL_TLSEXT_ERR_OK;
595}
596
597/* Structure passed to cert status callback */
598
599typedef struct tlsextstatusctx_st {
600   /* Default responder to use */
601   char *host, *path, *port;
602   int use_ssl;
603   int timeout;
604   BIO *err;
605   int verbose;
606} tlsextstatusctx;
607
608static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
609
610/* Certificate Status callback. This is called when a client includes a
611 * certificate status request extension.
612 *
613 * This is a simplified version. It examines certificates each time and
614 * makes one OCSP responder query for each request.
615 *
616 * A full version would store details such as the OCSP certificate IDs and
617 * minimise the number of OCSP responses by caching them until they were
618 * considered "expired".
619 */
620
621static int cert_status_cb(SSL *s, void *arg)
622	{
623	tlsextstatusctx *srctx = arg;
624	BIO *err = srctx->err;
625	char *host, *port, *path;
626	int use_ssl;
627	unsigned char *rspder = NULL;
628	int rspderlen;
629	STACK *aia = NULL;
630	X509 *x = NULL;
631	X509_STORE_CTX inctx;
632	X509_OBJECT obj;
633	OCSP_REQUEST *req = NULL;
634	OCSP_RESPONSE *resp = NULL;
635	OCSP_CERTID *id = NULL;
636	STACK_OF(X509_EXTENSION) *exts;
637	int ret = SSL_TLSEXT_ERR_NOACK;
638	int i;
639#if 0
640STACK_OF(OCSP_RESPID) *ids;
641SSL_get_tlsext_status_ids(s, &ids);
642BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
643#endif
644	if (srctx->verbose)
645		BIO_puts(err, "cert_status: callback called\n");
646	/* Build up OCSP query from server certificate */
647	x = SSL_get_certificate(s);
648	aia = X509_get1_ocsp(x);
649	if (aia)
650		{
651		if (!OCSP_parse_url(sk_value(aia, 0),
652			&host, &port, &path, &use_ssl))
653			{
654			BIO_puts(err, "cert_status: can't parse AIA URL\n");
655			goto err;
656			}
657		if (srctx->verbose)
658			BIO_printf(err, "cert_status: AIA URL: %s\n",
659					sk_value(aia, 0));
660		}
661	else
662		{
663		if (!srctx->host)
664			{
665			BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");
666			goto done;
667			}
668		host = srctx->host;
669		path = srctx->path;
670		port = srctx->port;
671		use_ssl = srctx->use_ssl;
672		}
673
674	if (!X509_STORE_CTX_init(&inctx,
675				SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
676				NULL, NULL))
677		goto err;
678	if (X509_STORE_get_by_subject(&inctx,X509_LU_X509,
679				X509_get_issuer_name(x),&obj) <= 0)
680		{
681		BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
682		X509_STORE_CTX_cleanup(&inctx);
683		goto done;
684		}
685	req = OCSP_REQUEST_new();
686	if (!req)
687		goto err;
688	id = OCSP_cert_to_id(NULL, x, obj.data.x509);
689	X509_free(obj.data.x509);
690	X509_STORE_CTX_cleanup(&inctx);
691	if (!id)
692		goto err;
693	if (!OCSP_request_add0_id(req, id))
694		goto err;
695	id = NULL;
696	/* Add any extensions to the request */
697	SSL_get_tlsext_status_exts(s, &exts);
698	for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)
699		{
700		X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
701		if (!OCSP_REQUEST_add_ext(req, ext, -1))
702			goto err;
703		}
704	resp = process_responder(err, req, host, path, port, use_ssl,
705					srctx->timeout);
706	if (!resp)
707		{
708		BIO_puts(err, "cert_status: error querying responder\n");
709		goto done;
710		}
711	rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
712	if (rspderlen <= 0)
713		goto err;
714	SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
715	if (srctx->verbose)
716		{
717		BIO_puts(err, "cert_status: ocsp response sent:\n");
718		OCSP_RESPONSE_print(err, resp, 2);
719		}
720	ret = SSL_TLSEXT_ERR_OK;
721	done:
722	if (ret != SSL_TLSEXT_ERR_OK)
723		ERR_print_errors(err);
724	if (aia)
725		{
726		OPENSSL_free(host);
727		OPENSSL_free(path);
728		OPENSSL_free(port);
729		X509_email_free(aia);
730		}
731	if (id)
732		OCSP_CERTID_free(id);
733	if (req)
734		OCSP_REQUEST_free(req);
735	if (resp)
736		OCSP_RESPONSE_free(resp);
737	return ret;
738	err:
739	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
740	goto done;
741	}
742#endif
743int MAIN(int, char **);
744
745#ifndef OPENSSL_NO_JPAKE
746static char *jpake_secret = NULL;
747#endif
748
749int MAIN(int argc, char *argv[])
750	{
751	X509_STORE *store = NULL;
752	int vflags = 0;
753	short port=PORT;
754	char *CApath=NULL,*CAfile=NULL;
755	unsigned char *context = NULL;
756	char *dhfile = NULL;
757#ifndef OPENSSL_NO_ECDH
758	char *named_curve = NULL;
759#endif
760	int badop=0,bugs=0;
761	int ret=1;
762	int off=0;
763	int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
764	int state=0;
765	SSL_METHOD *meth=NULL;
766        int socket_type=SOCK_STREAM;
767	ENGINE *e=NULL;
768	char *inrand=NULL;
769	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
770	char *passarg = NULL, *pass = NULL;
771	char *dpassarg = NULL, *dpass = NULL;
772	int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
773	X509 *s_cert = NULL, *s_dcert = NULL;
774	EVP_PKEY *s_key = NULL, *s_dkey = NULL;
775	int no_cache = 0;
776#ifndef OPENSSL_NO_TLSEXT
777	EVP_PKEY *s_key2 = NULL;
778	X509 *s_cert2 = NULL;
779#endif
780#ifndef OPENSSL_NO_TLSEXT
781        tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
782#endif
783
784#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
785	meth=SSLv23_server_method();
786#elif !defined(OPENSSL_NO_SSL3)
787	meth=SSLv3_server_method();
788#elif !defined(OPENSSL_NO_SSL2)
789	meth=SSLv2_server_method();
790#endif
791
792	local_argc=argc;
793	local_argv=argv;
794
795	apps_startup();
796#ifdef MONOLITH
797	s_server_init();
798#endif
799
800	if (bio_err == NULL)
801		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
802
803	if (!load_config(bio_err, NULL))
804		goto end;
805
806	verify_depth=0;
807#ifdef FIONBIO
808	s_nbio=0;
809#endif
810	s_nbio_test=0;
811
812	argc--;
813	argv++;
814
815	while (argc >= 1)
816		{
817		if	((strcmp(*argv,"-port") == 0) ||
818			 (strcmp(*argv,"-accept") == 0))
819			{
820			if (--argc < 1) goto bad;
821			if (!extract_port(*(++argv),&port))
822				goto bad;
823			}
824		else if	(strcmp(*argv,"-verify") == 0)
825			{
826			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
827			if (--argc < 1) goto bad;
828			verify_depth=atoi(*(++argv));
829			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
830			}
831		else if	(strcmp(*argv,"-Verify") == 0)
832			{
833			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
834				SSL_VERIFY_CLIENT_ONCE;
835			if (--argc < 1) goto bad;
836			verify_depth=atoi(*(++argv));
837			BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
838			}
839		else if	(strcmp(*argv,"-context") == 0)
840			{
841			if (--argc < 1) goto bad;
842			context= (unsigned char *)*(++argv);
843			}
844		else if	(strcmp(*argv,"-cert") == 0)
845			{
846			if (--argc < 1) goto bad;
847			s_cert_file= *(++argv);
848			}
849		else if	(strcmp(*argv,"-certform") == 0)
850			{
851			if (--argc < 1) goto bad;
852			s_cert_format = str2fmt(*(++argv));
853			}
854		else if	(strcmp(*argv,"-key") == 0)
855			{
856			if (--argc < 1) goto bad;
857			s_key_file= *(++argv);
858			}
859		else if	(strcmp(*argv,"-keyform") == 0)
860			{
861			if (--argc < 1) goto bad;
862			s_key_format = str2fmt(*(++argv));
863			}
864		else if	(strcmp(*argv,"-pass") == 0)
865			{
866			if (--argc < 1) goto bad;
867			passarg = *(++argv);
868			}
869		else if	(strcmp(*argv,"-dhparam") == 0)
870			{
871			if (--argc < 1) goto bad;
872			dhfile = *(++argv);
873			}
874#ifndef OPENSSL_NO_ECDH
875		else if	(strcmp(*argv,"-named_curve") == 0)
876			{
877			if (--argc < 1) goto bad;
878			named_curve = *(++argv);
879			}
880#endif
881		else if	(strcmp(*argv,"-dcertform") == 0)
882			{
883			if (--argc < 1) goto bad;
884			s_dcert_format = str2fmt(*(++argv));
885			}
886		else if	(strcmp(*argv,"-dcert") == 0)
887			{
888			if (--argc < 1) goto bad;
889			s_dcert_file= *(++argv);
890			}
891		else if	(strcmp(*argv,"-dkeyform") == 0)
892			{
893			if (--argc < 1) goto bad;
894			s_dkey_format = str2fmt(*(++argv));
895			}
896		else if	(strcmp(*argv,"-dpass") == 0)
897			{
898			if (--argc < 1) goto bad;
899			dpassarg = *(++argv);
900			}
901		else if	(strcmp(*argv,"-dkey") == 0)
902			{
903			if (--argc < 1) goto bad;
904			s_dkey_file= *(++argv);
905			}
906		else if (strcmp(*argv,"-nocert") == 0)
907			{
908			nocert=1;
909			}
910		else if	(strcmp(*argv,"-CApath") == 0)
911			{
912			if (--argc < 1) goto bad;
913			CApath= *(++argv);
914			}
915		else if (strcmp(*argv,"-no_cache") == 0)
916			no_cache = 1;
917		else if (strcmp(*argv,"-crl_check") == 0)
918			{
919			vflags |= X509_V_FLAG_CRL_CHECK;
920			}
921		else if (strcmp(*argv,"-crl_check_all") == 0)
922			{
923			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
924			}
925		else if	(strcmp(*argv,"-serverpref") == 0)
926			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
927		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
928			off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
929		else if	(strcmp(*argv,"-cipher") == 0)
930			{
931			if (--argc < 1) goto bad;
932			cipher= *(++argv);
933			}
934		else if	(strcmp(*argv,"-CAfile") == 0)
935			{
936			if (--argc < 1) goto bad;
937			CAfile= *(++argv);
938			}
939#ifdef FIONBIO
940		else if	(strcmp(*argv,"-nbio") == 0)
941			{ s_nbio=1; }
942#endif
943		else if	(strcmp(*argv,"-nbio_test") == 0)
944			{
945#ifdef FIONBIO
946			s_nbio=1;
947#endif
948			s_nbio_test=1;
949			}
950		else if	(strcmp(*argv,"-debug") == 0)
951			{ s_debug=1; }
952#ifndef OPENSSL_NO_TLSEXT
953		else if	(strcmp(*argv,"-tlsextdebug") == 0)
954			s_tlsextdebug=1;
955		else if	(strcmp(*argv,"-status") == 0)
956			s_tlsextstatus=1;
957		else if	(strcmp(*argv,"-status_verbose") == 0)
958			{
959			s_tlsextstatus=1;
960			tlscstatp.verbose = 1;
961			}
962		else if (!strcmp(*argv, "-status_timeout"))
963			{
964			s_tlsextstatus=1;
965                        if (--argc < 1) goto bad;
966			tlscstatp.timeout = atoi(*(++argv));
967			}
968		else if (!strcmp(*argv, "-status_url"))
969			{
970			s_tlsextstatus=1;
971                        if (--argc < 1) goto bad;
972			if (!OCSP_parse_url(*(++argv),
973					&tlscstatp.host,
974					&tlscstatp.port,
975					&tlscstatp.path,
976					&tlscstatp.use_ssl))
977				{
978				BIO_printf(bio_err, "Error parsing URL\n");
979				goto bad;
980				}
981			}
982#endif
983		else if	(strcmp(*argv,"-msg") == 0)
984			{ s_msg=1; }
985		else if	(strcmp(*argv,"-hack") == 0)
986			{ hack=1; }
987		else if	(strcmp(*argv,"-state") == 0)
988			{ state=1; }
989		else if	(strcmp(*argv,"-crlf") == 0)
990			{ s_crlf=1; }
991		else if	(strcmp(*argv,"-quiet") == 0)
992			{ s_quiet=1; }
993		else if	(strcmp(*argv,"-bugs") == 0)
994			{ bugs=1; }
995		else if	(strcmp(*argv,"-no_tmp_rsa") == 0)
996			{ no_tmp_rsa=1; }
997		else if	(strcmp(*argv,"-no_dhe") == 0)
998			{ no_dhe=1; }
999		else if	(strcmp(*argv,"-no_ecdhe") == 0)
1000			{ no_ecdhe=1; }
1001		else if	(strcmp(*argv,"-www") == 0)
1002			{ www=1; }
1003		else if	(strcmp(*argv,"-WWW") == 0)
1004			{ www=2; }
1005		else if	(strcmp(*argv,"-HTTP") == 0)
1006			{ www=3; }
1007		else if	(strcmp(*argv,"-no_ssl2") == 0)
1008			{ off|=SSL_OP_NO_SSLv2; }
1009		else if	(strcmp(*argv,"-no_ssl3") == 0)
1010			{ off|=SSL_OP_NO_SSLv3; }
1011		else if	(strcmp(*argv,"-no_tls1") == 0)
1012			{ off|=SSL_OP_NO_TLSv1; }
1013#ifndef OPENSSL_NO_TLSEXT
1014		else if	(strcmp(*argv,"-no_ticket") == 0)
1015			{ off|=SSL_OP_NO_TICKET; }
1016#endif
1017#ifndef OPENSSL_NO_SSL2
1018		else if	(strcmp(*argv,"-ssl2") == 0)
1019			{ meth=SSLv2_server_method(); }
1020#endif
1021#ifndef OPENSSL_NO_SSL3
1022		else if	(strcmp(*argv,"-ssl3") == 0)
1023			{ meth=SSLv3_server_method(); }
1024#endif
1025#ifndef OPENSSL_NO_TLS1
1026		else if	(strcmp(*argv,"-tls1") == 0)
1027			{ meth=TLSv1_server_method(); }
1028#endif
1029#ifndef OPENSSL_NO_DTLS1
1030		else if	(strcmp(*argv,"-dtls1") == 0)
1031			{
1032			meth=DTLSv1_server_method();
1033			socket_type = SOCK_DGRAM;
1034			}
1035		else if (strcmp(*argv,"-timeout") == 0)
1036			enable_timeouts = 1;
1037		else if (strcmp(*argv,"-mtu") == 0)
1038			{
1039			if (--argc < 1) goto bad;
1040			socket_mtu = atol(*(++argv));
1041			}
1042		else if (strcmp(*argv, "-chain") == 0)
1043			cert_chain = 1;
1044#endif
1045		else if (strcmp(*argv, "-id_prefix") == 0)
1046			{
1047			if (--argc < 1) goto bad;
1048			session_id_prefix = *(++argv);
1049			}
1050#ifndef OPENSSL_NO_ENGINE
1051		else if (strcmp(*argv,"-engine") == 0)
1052			{
1053			if (--argc < 1) goto bad;
1054			engine_id= *(++argv);
1055			}
1056#endif
1057		else if (strcmp(*argv,"-rand") == 0)
1058			{
1059			if (--argc < 1) goto bad;
1060			inrand= *(++argv);
1061			}
1062#ifndef OPENSSL_NO_TLSEXT
1063		else if (strcmp(*argv,"-servername") == 0)
1064			{
1065			if (--argc < 1) goto bad;
1066			tlsextcbp.servername= *(++argv);
1067			}
1068		else if (strcmp(*argv,"-servername_fatal") == 0)
1069			{ tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; }
1070		else if	(strcmp(*argv,"-cert2") == 0)
1071			{
1072			if (--argc < 1) goto bad;
1073			s_cert_file2= *(++argv);
1074			}
1075		else if	(strcmp(*argv,"-key2") == 0)
1076			{
1077			if (--argc < 1) goto bad;
1078			s_key_file2= *(++argv);
1079			}
1080
1081#endif
1082#ifndef OPENSSL_NO_JPAKE
1083		else if (strcmp(*argv,"-jpake") == 0)
1084			{
1085			if (--argc < 1) goto bad;
1086			jpake_secret = *(++argv);
1087			}
1088#endif
1089		else
1090			{
1091			BIO_printf(bio_err,"unknown option %s\n",*argv);
1092			badop=1;
1093			break;
1094			}
1095		argc--;
1096		argv++;
1097		}
1098	if (badop)
1099		{
1100bad:
1101		sv_usage();
1102		goto end;
1103		}
1104
1105	SSL_load_error_strings();
1106	OpenSSL_add_ssl_algorithms();
1107
1108#ifndef OPENSSL_NO_ENGINE
1109        e = setup_engine(bio_err, engine_id, 1);
1110#endif
1111
1112	if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))
1113		{
1114		BIO_printf(bio_err, "Error getting password\n");
1115		goto end;
1116		}
1117
1118
1119	if (s_key_file == NULL)
1120		s_key_file = s_cert_file;
1121#ifndef OPENSSL_NO_TLSEXT
1122	if (s_key_file2 == NULL)
1123		s_key_file2 = s_cert_file2;
1124#endif
1125
1126	if (nocert == 0)
1127		{
1128		s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
1129		       "server certificate private key file");
1130		if (!s_key)
1131			{
1132			ERR_print_errors(bio_err);
1133			goto end;
1134			}
1135
1136		s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
1137			NULL, e, "server certificate file");
1138
1139		if (!s_cert)
1140			{
1141			ERR_print_errors(bio_err);
1142			goto end;
1143			}
1144
1145#ifndef OPENSSL_NO_TLSEXT
1146		if (tlsextcbp.servername)
1147			{
1148			s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
1149				"second server certificate private key file");
1150			if (!s_key2)
1151				{
1152				ERR_print_errors(bio_err);
1153				goto end;
1154				}
1155
1156			s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format,
1157				NULL, e, "second server certificate file");
1158
1159			if (!s_cert2)
1160				{
1161				ERR_print_errors(bio_err);
1162				goto end;
1163				}
1164			}
1165#endif
1166		}
1167	if (s_dcert_file)
1168		{
1169
1170		if (s_dkey_file == NULL)
1171			s_dkey_file = s_dcert_file;
1172
1173		s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
1174				0, dpass, e,
1175			       "second certificate private key file");
1176		if (!s_dkey)
1177			{
1178			ERR_print_errors(bio_err);
1179			goto end;
1180			}
1181
1182		s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,
1183				NULL, e, "second server certificate file");
1184
1185		if (!s_dcert)
1186			{
1187			ERR_print_errors(bio_err);
1188			goto end;
1189			}
1190
1191		}
1192
1193	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1194		&& !RAND_status())
1195		{
1196		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
1197		}
1198	if (inrand != NULL)
1199		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
1200			app_RAND_load_files(inrand));
1201
1202	if (bio_s_out == NULL)
1203		{
1204		if (s_quiet && !s_debug && !s_msg)
1205			{
1206			bio_s_out=BIO_new(BIO_s_null());
1207			}
1208		else
1209			{
1210			if (bio_s_out == NULL)
1211				bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE);
1212			}
1213		}
1214
1215#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1216	if (nocert)
1217#endif
1218		{
1219		s_cert_file=NULL;
1220		s_key_file=NULL;
1221		s_dcert_file=NULL;
1222		s_dkey_file=NULL;
1223#ifndef OPENSSL_NO_TLSEXT
1224		s_cert_file2=NULL;
1225		s_key_file2=NULL;
1226#endif
1227		}
1228
1229	ctx=SSL_CTX_new(meth);
1230	if (ctx == NULL)
1231		{
1232		ERR_print_errors(bio_err);
1233		goto end;
1234		}
1235	if (session_id_prefix)
1236		{
1237		if(strlen(session_id_prefix) >= 32)
1238			BIO_printf(bio_err,
1239"warning: id_prefix is too long, only one new session will be possible\n");
1240		else if(strlen(session_id_prefix) >= 16)
1241			BIO_printf(bio_err,
1242"warning: id_prefix is too long if you use SSLv2\n");
1243		if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
1244			{
1245			BIO_printf(bio_err,"error setting 'id_prefix'\n");
1246			ERR_print_errors(bio_err);
1247			goto end;
1248			}
1249		BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
1250		}
1251	SSL_CTX_set_quiet_shutdown(ctx,1);
1252	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
1253	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1254	SSL_CTX_set_options(ctx,off);
1255	/* DTLS: partial reads end up discarding unread UDP bytes :-(
1256	 * Setting read ahead solves this problem.
1257	 */
1258	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
1259
1260	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
1261	if (no_cache)
1262		SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
1263	else
1264		SSL_CTX_sess_set_cache_size(ctx,128);
1265
1266#if 0
1267	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
1268#endif
1269
1270#if 0
1271	if (s_cert_file == NULL)
1272		{
1273		BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");
1274		goto end;
1275		}
1276#endif
1277
1278	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
1279		(!SSL_CTX_set_default_verify_paths(ctx)))
1280		{
1281		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
1282		ERR_print_errors(bio_err);
1283		/* goto end; */
1284		}
1285	store = SSL_CTX_get_cert_store(ctx);
1286	X509_STORE_set_flags(store, vflags);
1287#ifndef OPENSSL_NO_TLSEXT
1288	if (s_cert2)
1289		{
1290		ctx2=SSL_CTX_new(meth);
1291		if (ctx2 == NULL)
1292			{
1293			ERR_print_errors(bio_err);
1294			goto end;
1295			}
1296		}
1297
1298	if (ctx2)
1299		{
1300		BIO_printf(bio_s_out,"Setting secondary ctx parameters\n");
1301
1302		if (session_id_prefix)
1303			{
1304			if(strlen(session_id_prefix) >= 32)
1305				BIO_printf(bio_err,
1306					"warning: id_prefix is too long, only one new session will be possible\n");
1307			else if(strlen(session_id_prefix) >= 16)
1308				BIO_printf(bio_err,
1309					"warning: id_prefix is too long if you use SSLv2\n");
1310			if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id))
1311				{
1312				BIO_printf(bio_err,"error setting 'id_prefix'\n");
1313				ERR_print_errors(bio_err);
1314				goto end;
1315				}
1316			BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
1317			}
1318		SSL_CTX_set_quiet_shutdown(ctx2,1);
1319		if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);
1320		if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
1321		SSL_CTX_set_options(ctx2,off);
1322
1323		/* DTLS: partial reads end up discarding unread UDP bytes :-(
1324		 * Setting read ahead solves this problem.
1325		 */
1326		if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);
1327
1328
1329		if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
1330
1331		if (no_cache)
1332			SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
1333		else
1334			SSL_CTX_sess_set_cache_size(ctx2,128);
1335
1336		if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
1337			(!SSL_CTX_set_default_verify_paths(ctx2)))
1338			{
1339			ERR_print_errors(bio_err);
1340			}
1341		store = SSL_CTX_get_cert_store(ctx2);
1342		X509_STORE_set_flags(store, vflags);
1343		}
1344#endif
1345
1346
1347#ifndef OPENSSL_NO_DH
1348	if (!no_dhe)
1349		{
1350		DH *dh=NULL;
1351
1352		if (dhfile)
1353			dh = load_dh_param(dhfile);
1354		else if (s_cert_file)
1355			dh = load_dh_param(s_cert_file);
1356
1357		if (dh != NULL)
1358			{
1359			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
1360			}
1361		else
1362			{
1363			BIO_printf(bio_s_out,"Using default temp DH parameters\n");
1364			dh=get_dh512();
1365			}
1366		(void)BIO_flush(bio_s_out);
1367
1368		SSL_CTX_set_tmp_dh(ctx,dh);
1369#ifndef OPENSSL_NO_TLSEXT
1370		if (ctx2)
1371			{
1372			if (!dhfile)
1373				{
1374				DH *dh2=load_dh_param(s_cert_file2);
1375				if (dh2 != NULL)
1376					{
1377					BIO_printf(bio_s_out,"Setting temp DH parameters\n");
1378					(void)BIO_flush(bio_s_out);
1379
1380					DH_free(dh);
1381					dh = dh2;
1382					}
1383				}
1384			SSL_CTX_set_tmp_dh(ctx2,dh);
1385			}
1386#endif
1387		DH_free(dh);
1388		}
1389#endif
1390
1391#ifndef OPENSSL_NO_ECDH
1392	if (!no_ecdhe)
1393		{
1394		EC_KEY *ecdh=NULL;
1395
1396		if (named_curve)
1397			{
1398			int nid = OBJ_sn2nid(named_curve);
1399
1400			if (nid == 0)
1401				{
1402				BIO_printf(bio_err, "unknown curve name (%s)\n",
1403					named_curve);
1404				goto end;
1405				}
1406			ecdh = EC_KEY_new_by_curve_name(nid);
1407			if (ecdh == NULL)
1408				{
1409				BIO_printf(bio_err, "unable to create curve (%s)\n",
1410					named_curve);
1411				goto end;
1412				}
1413			}
1414
1415		if (ecdh != NULL)
1416			{
1417			BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
1418			}
1419		else
1420			{
1421			BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
1422			ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
1423			if (ecdh == NULL)
1424				{
1425				BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
1426				goto end;
1427				}
1428			}
1429		(void)BIO_flush(bio_s_out);
1430
1431		SSL_CTX_set_tmp_ecdh(ctx,ecdh);
1432#ifndef OPENSSL_NO_TLSEXT
1433		if (ctx2)
1434			SSL_CTX_set_tmp_ecdh(ctx2,ecdh);
1435#endif
1436		EC_KEY_free(ecdh);
1437		}
1438#endif
1439
1440	if (!set_cert_key_stuff(ctx,s_cert,s_key))
1441		goto end;
1442#ifndef OPENSSL_NO_TLSEXT
1443	if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
1444		goto end;
1445#endif
1446	if (s_dcert != NULL)
1447		{
1448		if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
1449			goto end;
1450		}
1451
1452#ifndef OPENSSL_NO_RSA
1453#if 1
1454	if (!no_tmp_rsa)
1455		{
1456		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
1457#ifndef OPENSSL_NO_TLSEXT
1458		if (ctx2)
1459			SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);
1460#endif
1461		}
1462#else
1463	if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
1464		{
1465		RSA *rsa;
1466
1467		BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");
1468		BIO_flush(bio_s_out);
1469
1470		rsa=RSA_generate_key(512,RSA_F4,NULL);
1471
1472		if (!SSL_CTX_set_tmp_rsa(ctx,rsa))
1473			{
1474			ERR_print_errors(bio_err);
1475			goto end;
1476			}
1477#ifndef OPENSSL_NO_TLSEXT
1478			if (ctx2)
1479				{
1480				if (!SSL_CTX_set_tmp_rsa(ctx2,rsa))
1481					{
1482					ERR_print_errors(bio_err);
1483					goto end;
1484					}
1485				}
1486#endif
1487		RSA_free(rsa);
1488		BIO_printf(bio_s_out,"\n");
1489		}
1490#endif
1491#endif
1492
1493	if (cipher != NULL)
1494		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
1495		BIO_printf(bio_err,"error setting cipher list\n");
1496		ERR_print_errors(bio_err);
1497		goto end;
1498#ifndef OPENSSL_NO_TLSEXT
1499		if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))
1500			{
1501			BIO_printf(bio_err,"error setting cipher list\n");
1502			ERR_print_errors(bio_err);
1503			goto end;
1504			}
1505#endif
1506	}
1507	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
1508	SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
1509		sizeof s_server_session_id_context);
1510
1511	/* Set DTLS cookie generation and verification callbacks */
1512	SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
1513	SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
1514
1515#ifndef OPENSSL_NO_TLSEXT
1516	if (ctx2)
1517		{
1518		SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback);
1519		SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context,
1520			sizeof s_server_session_id_context);
1521
1522		tlsextcbp.biodebug = bio_s_out;
1523		SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
1524		SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
1525		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1526		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1527		}
1528#endif
1529	if (CAfile != NULL)
1530		{
1531		SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
1532#ifndef OPENSSL_NO_TLSEXT
1533		if (ctx2)
1534			SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile));
1535#endif
1536		}
1537	BIO_printf(bio_s_out,"ACCEPT\n");
1538	if (www)
1539		do_server(port,socket_type,&accept_socket,www_body, context);
1540	else
1541		do_server(port,socket_type,&accept_socket,sv_body, context);
1542	print_stats(bio_s_out,ctx);
1543	ret=0;
1544end:
1545	if (ctx != NULL) SSL_CTX_free(ctx);
1546	if (s_cert)
1547		X509_free(s_cert);
1548	if (s_dcert)
1549		X509_free(s_dcert);
1550	if (s_key)
1551		EVP_PKEY_free(s_key);
1552	if (s_dkey)
1553		EVP_PKEY_free(s_dkey);
1554	if (pass)
1555		OPENSSL_free(pass);
1556	if (dpass)
1557		OPENSSL_free(dpass);
1558#ifndef OPENSSL_NO_TLSEXT
1559	if (ctx2 != NULL) SSL_CTX_free(ctx2);
1560	if (s_cert2)
1561		X509_free(s_cert2);
1562	if (s_key2)
1563		EVP_PKEY_free(s_key2);
1564#endif
1565	if (bio_s_out != NULL)
1566		{
1567        BIO_free(bio_s_out);
1568		bio_s_out=NULL;
1569		}
1570	apps_shutdown();
1571	OPENSSL_EXIT(ret);
1572	}
1573
1574static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
1575	{
1576	BIO_printf(bio,"%4ld items in the session cache\n",
1577		SSL_CTX_sess_number(ssl_ctx));
1578	BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
1579		SSL_CTX_sess_connect(ssl_ctx));
1580	BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
1581		SSL_CTX_sess_connect_renegotiate(ssl_ctx));
1582	BIO_printf(bio,"%4ld client connects that finished\n",
1583		SSL_CTX_sess_connect_good(ssl_ctx));
1584	BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
1585		SSL_CTX_sess_accept(ssl_ctx));
1586	BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
1587		SSL_CTX_sess_accept_renegotiate(ssl_ctx));
1588	BIO_printf(bio,"%4ld server accepts that finished\n",
1589		SSL_CTX_sess_accept_good(ssl_ctx));
1590	BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
1591	BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
1592	BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
1593	BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
1594	BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
1595		SSL_CTX_sess_cache_full(ssl_ctx),
1596		SSL_CTX_sess_get_cache_size(ssl_ctx));
1597	}
1598
1599static int sv_body(char *hostname, int s, unsigned char *context)
1600	{
1601	char *buf=NULL;
1602	fd_set readfds;
1603	int ret=1,width;
1604	int k,i;
1605	unsigned long l;
1606	SSL *con=NULL;
1607	BIO *sbio;
1608	struct timeval timeout;
1609#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
1610	struct timeval tv;
1611#else
1612	struct timeval *timeoutp;
1613#endif
1614
1615	if ((buf=OPENSSL_malloc(bufsize)) == NULL)
1616		{
1617		BIO_printf(bio_err,"out of memory\n");
1618		goto err;
1619		}
1620#ifdef FIONBIO
1621	if (s_nbio)
1622		{
1623		unsigned long sl=1;
1624
1625		if (!s_quiet)
1626			BIO_printf(bio_err,"turning on non blocking io\n");
1627		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
1628			ERR_print_errors(bio_err);
1629		}
1630#endif
1631
1632	if (con == NULL) {
1633		con=SSL_new(ctx);
1634#ifndef OPENSSL_NO_TLSEXT
1635	if (s_tlsextdebug)
1636		{
1637		SSL_set_tlsext_debug_callback(con, tlsext_cb);
1638		SSL_set_tlsext_debug_arg(con, bio_s_out);
1639		}
1640	if (s_tlsextstatus)
1641		{
1642		SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
1643		tlscstatp.err = bio_err;
1644		SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
1645		}
1646#endif
1647#ifndef OPENSSL_NO_KRB5
1648		if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
1649                        {
1650                        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
1651								KRB5SVC);
1652                        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
1653								KRB5KEYTAB);
1654                        }
1655#endif	/* OPENSSL_NO_KRB5 */
1656		if(context)
1657		      SSL_set_session_id_context(con, context,
1658						 strlen((char *)context));
1659	}
1660	SSL_clear(con);
1661
1662	if (SSL_version(con) == DTLS1_VERSION)
1663		{
1664
1665		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
1666
1667		if ( enable_timeouts)
1668			{
1669			timeout.tv_sec = 0;
1670			timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1671			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
1672
1673			timeout.tv_sec = 0;
1674			timeout.tv_usec = DGRAM_SND_TIMEOUT;
1675			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
1676			}
1677
1678
1679		if (socket_mtu > 28)
1680			{
1681			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1682			SSL_set_mtu(con, socket_mtu - 28);
1683			}
1684		else
1685			/* want to do MTU discovery */
1686			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1687
1688        /* turn on cookie exchange */
1689        SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
1690		}
1691	else
1692		sbio=BIO_new_socket(s,BIO_NOCLOSE);
1693
1694	if (s_nbio_test)
1695		{
1696		BIO *test;
1697
1698		test=BIO_new(BIO_f_nbio_test());
1699		sbio=BIO_push(test,sbio);
1700		}
1701#ifndef OPENSSL_NO_JPAKE
1702	if(jpake_secret)
1703		jpake_server_auth(bio_s_out, sbio, jpake_secret);
1704#endif
1705
1706	SSL_set_bio(con,sbio,sbio);
1707	SSL_set_accept_state(con);
1708	/* SSL_set_fd(con,s); */
1709
1710	if (s_debug)
1711		{
1712		con->debug=1;
1713		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
1714		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
1715		}
1716	if (s_msg)
1717		{
1718		SSL_set_msg_callback(con, msg_cb);
1719		SSL_set_msg_callback_arg(con, bio_s_out);
1720		}
1721#ifndef OPENSSL_NO_TLSEXT
1722	if (s_tlsextdebug)
1723		{
1724		SSL_set_tlsext_debug_callback(con, tlsext_cb);
1725		SSL_set_tlsext_debug_arg(con, bio_s_out);
1726		}
1727#endif
1728
1729	width=s+1;
1730	for (;;)
1731		{
1732		int read_from_terminal;
1733		int read_from_sslcon;
1734
1735		read_from_terminal = 0;
1736		read_from_sslcon = SSL_pending(con);
1737
1738		if (!read_from_sslcon)
1739			{
1740			FD_ZERO(&readfds);
1741#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
1742			FD_SET(fileno(stdin),&readfds);
1743#endif
1744			FD_SET(s,&readfds);
1745			/* Note: under VMS with SOCKETSHR the second parameter is
1746			 * currently of type (int *) whereas under other systems
1747			 * it is (void *) if you don't have a cast it will choke
1748			 * the compiler: if you do have a cast then you can either
1749			 * go for (int *) or (void *).
1750			 */
1751#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
1752                        /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
1753			 * on sockets. As a workaround we timeout the select every
1754			 * second and check for any keypress. In a proper Windows
1755			 * application we wouldn't do this because it is inefficient.
1756			 */
1757			tv.tv_sec = 1;
1758			tv.tv_usec = 0;
1759			i=select(width,(void *)&readfds,NULL,NULL,&tv);
1760			if((i < 0) || (!i && !_kbhit() ) )continue;
1761			if(_kbhit())
1762				read_from_terminal = 1;
1763#else
1764			if ((SSL_version(con) == DTLS1_VERSION) &&
1765				DTLSv1_get_timeout(con, &timeout))
1766				timeoutp = &timeout;
1767			else
1768				timeoutp = NULL;
1769
1770			i=select(width,(void *)&readfds,NULL,NULL,timeoutp);
1771
1772			if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
1773				{
1774				BIO_printf(bio_err,"TIMEOUT occured\n");
1775				}
1776
1777			if (i <= 0) continue;
1778			if (FD_ISSET(fileno(stdin),&readfds))
1779				read_from_terminal = 1;
1780#endif
1781			if (FD_ISSET(s,&readfds))
1782				read_from_sslcon = 1;
1783			}
1784		if (read_from_terminal)
1785			{
1786			if (s_crlf)
1787				{
1788				int j, lf_num;
1789
1790				i=read(fileno(stdin), buf, bufsize/2);
1791				lf_num = 0;
1792				/* both loops are skipped when i <= 0 */
1793				for (j = 0; j < i; j++)
1794					if (buf[j] == '\n')
1795						lf_num++;
1796				for (j = i-1; j >= 0; j--)
1797					{
1798					buf[j+lf_num] = buf[j];
1799					if (buf[j] == '\n')
1800						{
1801						lf_num--;
1802						i++;
1803						buf[j+lf_num] = '\r';
1804						}
1805					}
1806				assert(lf_num == 0);
1807				}
1808			else
1809				i=read(fileno(stdin),buf,bufsize);
1810			if (!s_quiet)
1811				{
1812				if ((i <= 0) || (buf[0] == 'Q'))
1813					{
1814					BIO_printf(bio_s_out,"DONE\n");
1815					SHUTDOWN(s);
1816					close_accept_socket();
1817					ret= -11;
1818					goto err;
1819					}
1820				if ((i <= 0) || (buf[0] == 'q'))
1821					{
1822					BIO_printf(bio_s_out,"DONE\n");
1823					if (SSL_version(con) != DTLS1_VERSION)
1824                        SHUTDOWN(s);
1825	/*				close_accept_socket();
1826					ret= -11;*/
1827					goto err;
1828					}
1829				if ((buf[0] == 'r') &&
1830					((buf[1] == '\n') || (buf[1] == '\r')))
1831					{
1832					SSL_renegotiate(con);
1833					i=SSL_do_handshake(con);
1834					printf("SSL_do_handshake -> %d\n",i);
1835					i=0; /*13; */
1836					continue;
1837					/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
1838					}
1839				if ((buf[0] == 'R') &&
1840					((buf[1] == '\n') || (buf[1] == '\r')))
1841					{
1842					SSL_set_verify(con,
1843						SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
1844					SSL_renegotiate(con);
1845					i=SSL_do_handshake(con);
1846					printf("SSL_do_handshake -> %d\n",i);
1847					i=0; /* 13; */
1848					continue;
1849					/* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
1850					}
1851				if (buf[0] == 'P')
1852					{
1853					static const char *str="Lets print some clear text\n";
1854					BIO_write(SSL_get_wbio(con),str,strlen(str));
1855					}
1856				if (buf[0] == 'S')
1857					{
1858					print_stats(bio_s_out,SSL_get_SSL_CTX(con));
1859					}
1860				}
1861#ifdef CHARSET_EBCDIC
1862			ebcdic2ascii(buf,buf,i);
1863#endif
1864			l=k=0;
1865			for (;;)
1866				{
1867				/* should do a select for the write */
1868#ifdef RENEG
1869{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
1870#endif
1871				k=SSL_write(con,&(buf[l]),(unsigned int)i);
1872				switch (SSL_get_error(con,k))
1873					{
1874				case SSL_ERROR_NONE:
1875					break;
1876				case SSL_ERROR_WANT_WRITE:
1877				case SSL_ERROR_WANT_READ:
1878				case SSL_ERROR_WANT_X509_LOOKUP:
1879					BIO_printf(bio_s_out,"Write BLOCK\n");
1880					break;
1881				case SSL_ERROR_SYSCALL:
1882				case SSL_ERROR_SSL:
1883					BIO_printf(bio_s_out,"ERROR\n");
1884					ERR_print_errors(bio_err);
1885					ret=1;
1886					goto err;
1887					/* break; */
1888				case SSL_ERROR_ZERO_RETURN:
1889					BIO_printf(bio_s_out,"DONE\n");
1890					ret=1;
1891					goto err;
1892					}
1893				l+=k;
1894				i-=k;
1895				if (i <= 0) break;
1896				}
1897			}
1898		if (read_from_sslcon)
1899			{
1900			if (!SSL_is_init_finished(con))
1901				{
1902				i=init_ssl_connection(con);
1903
1904				if (i < 0)
1905					{
1906					ret=0;
1907					goto err;
1908					}
1909				else if (i == 0)
1910					{
1911					ret=1;
1912					goto err;
1913					}
1914				}
1915			else
1916				{
1917again:
1918				i=SSL_read(con,(char *)buf,bufsize);
1919				switch (SSL_get_error(con,i))
1920					{
1921				case SSL_ERROR_NONE:
1922#ifdef CHARSET_EBCDIC
1923					ascii2ebcdic(buf,buf,i);
1924#endif
1925					write(fileno(stdout),buf,
1926						(unsigned int)i);
1927					if (SSL_pending(con)) goto again;
1928					break;
1929				case SSL_ERROR_WANT_WRITE:
1930				case SSL_ERROR_WANT_READ:
1931				case SSL_ERROR_WANT_X509_LOOKUP:
1932					BIO_printf(bio_s_out,"Read BLOCK\n");
1933					break;
1934				case SSL_ERROR_SYSCALL:
1935				case SSL_ERROR_SSL:
1936					BIO_printf(bio_s_out,"ERROR\n");
1937					ERR_print_errors(bio_err);
1938					ret=1;
1939					goto err;
1940				case SSL_ERROR_ZERO_RETURN:
1941					BIO_printf(bio_s_out,"DONE\n");
1942					ret=1;
1943					goto err;
1944					}
1945				}
1946			}
1947		}
1948err:
1949	BIO_printf(bio_s_out,"shutting down SSL\n");
1950#if 1
1951	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
1952#else
1953	SSL_shutdown(con);
1954#endif
1955	if (con != NULL) SSL_free(con);
1956	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
1957	if (buf != NULL)
1958		{
1959		OPENSSL_cleanse(buf,bufsize);
1960		OPENSSL_free(buf);
1961		}
1962	if (ret >= 0)
1963		BIO_printf(bio_s_out,"ACCEPT\n");
1964	return(ret);
1965	}
1966
1967static void close_accept_socket(void)
1968	{
1969	BIO_printf(bio_err,"shutdown accept socket\n");
1970	if (accept_socket >= 0)
1971		{
1972		SHUTDOWN2(accept_socket);
1973		}
1974	}
1975
1976static int init_ssl_connection(SSL *con)
1977	{
1978	int i;
1979	const char *str;
1980	X509 *peer;
1981	long verify_error;
1982	MS_STATIC char buf[BUFSIZ];
1983
1984	if ((i=SSL_accept(con)) <= 0)
1985		{
1986		if (BIO_sock_should_retry(i))
1987			{
1988			BIO_printf(bio_s_out,"DELAY\n");
1989			return(1);
1990			}
1991
1992		BIO_printf(bio_err,"ERROR\n");
1993		verify_error=SSL_get_verify_result(con);
1994		if (verify_error != X509_V_OK)
1995			{
1996			BIO_printf(bio_err,"verify error:%s\n",
1997				X509_verify_cert_error_string(verify_error));
1998			}
1999		else
2000			ERR_print_errors(bio_err);
2001		return(0);
2002		}
2003
2004	PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
2005
2006	peer=SSL_get_peer_certificate(con);
2007	if (peer != NULL)
2008		{
2009		BIO_printf(bio_s_out,"Client certificate\n");
2010		PEM_write_bio_X509(bio_s_out,peer);
2011		X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
2012		BIO_printf(bio_s_out,"subject=%s\n",buf);
2013		X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
2014		BIO_printf(bio_s_out,"issuer=%s\n",buf);
2015		X509_free(peer);
2016		}
2017
2018	if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
2019		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
2020	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
2021	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
2022	if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
2023	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
2024		TLS1_FLAGS_TLS_PADDING_BUG)
2025		BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
2026#ifndef OPENSSL_NO_KRB5
2027	if (con->kssl_ctx->client_princ != NULL)
2028		{
2029		BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
2030			con->kssl_ctx->client_princ);
2031		}
2032#endif /* OPENSSL_NO_KRB5 */
2033	BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
2034		      SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
2035	return(1);
2036	}
2037
2038#ifndef OPENSSL_NO_DH
2039static DH *load_dh_param(const char *dhfile)
2040	{
2041	DH *ret=NULL;
2042	BIO *bio;
2043
2044	if ((bio=BIO_new_file(dhfile,"r")) == NULL)
2045		goto err;
2046	ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
2047err:
2048	if (bio != NULL) BIO_free(bio);
2049	return(ret);
2050	}
2051#endif
2052
2053#if 0
2054static int load_CA(SSL_CTX *ctx, char *file)
2055	{
2056	FILE *in;
2057	X509 *x=NULL;
2058
2059	if ((in=fopen(file,"r")) == NULL)
2060		return(0);
2061
2062	for (;;)
2063		{
2064		if (PEM_read_X509(in,&x,NULL) == NULL)
2065			break;
2066		SSL_CTX_add_client_CA(ctx,x);
2067		}
2068	if (x != NULL) X509_free(x);
2069	fclose(in);
2070	return(1);
2071	}
2072#endif
2073
2074static int www_body(char *hostname, int s, unsigned char *context)
2075	{
2076	char *buf=NULL;
2077	int ret=1;
2078	int i,j,k,blank,dot;
2079	struct stat st_buf;
2080	SSL *con;
2081	SSL_CIPHER *c;
2082	BIO *io,*ssl_bio,*sbio;
2083	long total_bytes;
2084
2085	buf=OPENSSL_malloc(bufsize);
2086	if (buf == NULL) return(0);
2087	io=BIO_new(BIO_f_buffer());
2088	ssl_bio=BIO_new(BIO_f_ssl());
2089	if ((io == NULL) || (ssl_bio == NULL)) goto err;
2090
2091#ifdef FIONBIO
2092	if (s_nbio)
2093		{
2094		unsigned long sl=1;
2095
2096		if (!s_quiet)
2097			BIO_printf(bio_err,"turning on non blocking io\n");
2098		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
2099			ERR_print_errors(bio_err);
2100		}
2101#endif
2102
2103	/* lets make the output buffer a reasonable size */
2104	if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
2105
2106	if ((con=SSL_new(ctx)) == NULL) goto err;
2107#ifndef OPENSSL_NO_TLSEXT
2108		if (s_tlsextdebug)
2109			{
2110			SSL_set_tlsext_debug_callback(con, tlsext_cb);
2111			SSL_set_tlsext_debug_arg(con, bio_s_out);
2112			}
2113#endif
2114#ifndef OPENSSL_NO_KRB5
2115	if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
2116		{
2117		kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
2118		kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
2119		}
2120#endif	/* OPENSSL_NO_KRB5 */
2121	if(context) SSL_set_session_id_context(con, context,
2122					       strlen((char *)context));
2123
2124	sbio=BIO_new_socket(s,BIO_NOCLOSE);
2125	if (s_nbio_test)
2126		{
2127		BIO *test;
2128
2129		test=BIO_new(BIO_f_nbio_test());
2130		sbio=BIO_push(test,sbio);
2131		}
2132	SSL_set_bio(con,sbio,sbio);
2133	SSL_set_accept_state(con);
2134
2135	/* SSL_set_fd(con,s); */
2136	BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
2137	BIO_push(io,ssl_bio);
2138#ifdef CHARSET_EBCDIC
2139	io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io);
2140#endif
2141
2142	if (s_debug)
2143		{
2144		con->debug=1;
2145		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
2146		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
2147		}
2148	if (s_msg)
2149		{
2150		SSL_set_msg_callback(con, msg_cb);
2151		SSL_set_msg_callback_arg(con, bio_s_out);
2152		}
2153
2154	blank=0;
2155	for (;;)
2156		{
2157		if (hack)
2158			{
2159			i=SSL_accept(con);
2160
2161			switch (SSL_get_error(con,i))
2162				{
2163			case SSL_ERROR_NONE:
2164				break;
2165			case SSL_ERROR_WANT_WRITE:
2166			case SSL_ERROR_WANT_READ:
2167			case SSL_ERROR_WANT_X509_LOOKUP:
2168				continue;
2169			case SSL_ERROR_SYSCALL:
2170			case SSL_ERROR_SSL:
2171			case SSL_ERROR_ZERO_RETURN:
2172				ret=1;
2173				goto err;
2174				/* break; */
2175				}
2176
2177			SSL_renegotiate(con);
2178			SSL_write(con,NULL,0);
2179			}
2180
2181		i=BIO_gets(io,buf,bufsize-1);
2182		if (i < 0) /* error */
2183			{
2184			if (!BIO_should_retry(io))
2185				{
2186				if (!s_quiet)
2187					ERR_print_errors(bio_err);
2188				goto err;
2189				}
2190			else
2191				{
2192				BIO_printf(bio_s_out,"read R BLOCK\n");
2193#if defined(OPENSSL_SYS_NETWARE)
2194            delay(1000);
2195#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
2196				sleep(1);
2197#endif
2198				continue;
2199				}
2200			}
2201		else if (i == 0) /* end of input */
2202			{
2203			ret=1;
2204			goto end;
2205			}
2206
2207		/* else we have data */
2208		if (	((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
2209			((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
2210			{
2211			char *p;
2212			X509 *peer;
2213			STACK_OF(SSL_CIPHER) *sk;
2214			static const char *space="                          ";
2215
2216			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
2217			BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
2218			BIO_puts(io,"<pre>\n");
2219/*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
2220			BIO_puts(io,"\n");
2221			for (i=0; i<local_argc; i++)
2222				{
2223				BIO_puts(io,local_argv[i]);
2224				BIO_write(io," ",1);
2225				}
2226			BIO_puts(io,"\n");
2227
2228			/* The following is evil and should not really
2229			 * be done */
2230			BIO_printf(io,"Ciphers supported in s_server binary\n");
2231			sk=SSL_get_ciphers(con);
2232			j=sk_SSL_CIPHER_num(sk);
2233			for (i=0; i<j; i++)
2234				{
2235				c=sk_SSL_CIPHER_value(sk,i);
2236				BIO_printf(io,"%-11s:%-25s",
2237					SSL_CIPHER_get_version(c),
2238					SSL_CIPHER_get_name(c));
2239				if ((((i+1)%2) == 0) && (i+1 != j))
2240					BIO_puts(io,"\n");
2241				}
2242			BIO_puts(io,"\n");
2243			p=SSL_get_shared_ciphers(con,buf,bufsize);
2244			if (p != NULL)
2245				{
2246				BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
2247				j=i=0;
2248				while (*p)
2249					{
2250					if (*p == ':')
2251						{
2252						BIO_write(io,space,26-j);
2253						i++;
2254						j=0;
2255						BIO_write(io,((i%3)?" ":"\n"),1);
2256						}
2257					else
2258						{
2259						BIO_write(io,p,1);
2260						j++;
2261						}
2262					p++;
2263					}
2264				BIO_puts(io,"\n");
2265				}
2266			BIO_printf(io,((con->hit)
2267				?"---\nReused, "
2268				:"---\nNew, "));
2269			c=SSL_get_current_cipher(con);
2270			BIO_printf(io,"%s, Cipher is %s\n",
2271				SSL_CIPHER_get_version(c),
2272				SSL_CIPHER_get_name(c));
2273			SSL_SESSION_print(io,SSL_get_session(con));
2274			BIO_printf(io,"---\n");
2275			print_stats(io,SSL_get_SSL_CTX(con));
2276			BIO_printf(io,"---\n");
2277			peer=SSL_get_peer_certificate(con);
2278			if (peer != NULL)
2279				{
2280				BIO_printf(io,"Client certificate\n");
2281				X509_print(io,peer);
2282				PEM_write_bio_X509(io,peer);
2283				}
2284			else
2285				BIO_puts(io,"no client certificate available\n");
2286			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
2287			break;
2288			}
2289		else if ((www == 2 || www == 3)
2290                         && (strncmp("GET /",buf,5) == 0))
2291			{
2292			BIO *file;
2293			char *p,*e;
2294			static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
2295
2296			/* skip the '/' */
2297			p= &(buf[5]);
2298
2299			dot = 1;
2300			for (e=p; *e != '\0'; e++)
2301				{
2302				if (e[0] == ' ')
2303					break;
2304
2305				switch (dot)
2306					{
2307				case 1:
2308					dot = (e[0] == '.') ? 2 : 0;
2309					break;
2310				case 2:
2311					dot = (e[0] == '.') ? 3 : 0;
2312					break;
2313				case 3:
2314					dot = (e[0] == '/') ? -1 : 0;
2315					break;
2316					}
2317				if (dot == 0)
2318					dot = (e[0] == '/') ? 1 : 0;
2319				}
2320			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
2321
2322			if (*e == '\0')
2323				{
2324				BIO_puts(io,text);
2325				BIO_printf(io,"'%s' is an invalid file name\r\n",p);
2326				break;
2327				}
2328			*e='\0';
2329
2330			if (dot)
2331				{
2332				BIO_puts(io,text);
2333				BIO_printf(io,"'%s' contains '..' reference\r\n",p);
2334				break;
2335				}
2336
2337			if (*p == '/')
2338				{
2339				BIO_puts(io,text);
2340				BIO_printf(io,"'%s' is an invalid path\r\n",p);
2341				break;
2342				}
2343
2344#if 0
2345			/* append if a directory lookup */
2346			if (e[-1] == '/')
2347				strcat(p,"index.html");
2348#endif
2349
2350			/* if a directory, do the index thang */
2351			if (stat(p,&st_buf) < 0)
2352				{
2353				BIO_puts(io,text);
2354				BIO_printf(io,"Error accessing '%s'\r\n",p);
2355				ERR_print_errors(io);
2356				break;
2357				}
2358			if (S_ISDIR(st_buf.st_mode))
2359				{
2360#if 0 /* must check buffer size */
2361				strcat(p,"/index.html");
2362#else
2363				BIO_puts(io,text);
2364				BIO_printf(io,"'%s' is a directory\r\n",p);
2365				break;
2366#endif
2367				}
2368
2369			if ((file=BIO_new_file(p,"r")) == NULL)
2370				{
2371				BIO_puts(io,text);
2372				BIO_printf(io,"Error opening '%s'\r\n",p);
2373				ERR_print_errors(io);
2374				break;
2375				}
2376
2377			if (!s_quiet)
2378				BIO_printf(bio_err,"FILE:%s\n",p);
2379
2380                        if (www == 2)
2381                                {
2382                                i=strlen(p);
2383                                if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
2384                                        ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
2385                                        ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
2386                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
2387                                else
2388                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
2389                                }
2390			/* send the file */
2391			total_bytes=0;
2392			for (;;)
2393				{
2394				i=BIO_read(file,buf,bufsize);
2395				if (i <= 0) break;
2396
2397#ifdef RENEG
2398				total_bytes+=i;
2399				fprintf(stderr,"%d\n",i);
2400				if (total_bytes > 3*1024)
2401					{
2402					total_bytes=0;
2403					fprintf(stderr,"RENEGOTIATE\n");
2404					SSL_renegotiate(con);
2405					}
2406#endif
2407
2408				for (j=0; j<i; )
2409					{
2410#ifdef RENEG
2411{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
2412#endif
2413					k=BIO_write(io,&(buf[j]),i-j);
2414					if (k <= 0)
2415						{
2416						if (!BIO_should_retry(io))
2417							goto write_error;
2418						else
2419							{
2420							BIO_printf(bio_s_out,"rwrite W BLOCK\n");
2421							}
2422						}
2423					else
2424						{
2425						j+=k;
2426						}
2427					}
2428				}
2429write_error:
2430			BIO_free(file);
2431			break;
2432			}
2433		}
2434
2435	for (;;)
2436		{
2437		i=(int)BIO_flush(io);
2438		if (i <= 0)
2439			{
2440			if (!BIO_should_retry(io))
2441				break;
2442			}
2443		else
2444			break;
2445		}
2446end:
2447#if 1
2448	/* make sure we re-use sessions */
2449	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2450#else
2451	/* This kills performance */
2452/*	SSL_shutdown(con); A shutdown gets sent in the
2453 *	BIO_free_all(io) procession */
2454#endif
2455
2456err:
2457
2458	if (ret >= 0)
2459		BIO_printf(bio_s_out,"ACCEPT\n");
2460
2461	if (buf != NULL) OPENSSL_free(buf);
2462	if (io != NULL) BIO_free_all(io);
2463/*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
2464	return(ret);
2465	}
2466
2467#ifndef OPENSSL_NO_RSA
2468static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2469	{
2470	BIGNUM *bn = NULL;
2471	static RSA *rsa_tmp=NULL;
2472
2473	if (!rsa_tmp && ((bn = BN_new()) == NULL))
2474		BIO_printf(bio_err,"Allocation error in generating RSA key\n");
2475	if (!rsa_tmp && bn)
2476		{
2477		if (!s_quiet)
2478			{
2479			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
2480			(void)BIO_flush(bio_err);
2481			}
2482		if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
2483				!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
2484			{
2485			if(rsa_tmp) RSA_free(rsa_tmp);
2486			rsa_tmp = NULL;
2487			}
2488		if (!s_quiet)
2489			{
2490			BIO_printf(bio_err,"\n");
2491			(void)BIO_flush(bio_err);
2492			}
2493		BN_free(bn);
2494		}
2495	return(rsa_tmp);
2496	}
2497#endif
2498
2499#define MAX_SESSION_ID_ATTEMPTS 10
2500static int generate_session_id(const SSL *ssl, unsigned char *id,
2501				unsigned int *id_len)
2502	{
2503	unsigned int count = 0;
2504	do	{
2505		RAND_pseudo_bytes(id, *id_len);
2506		/* Prefix the session_id with the required prefix. NB: If our
2507		 * prefix is too long, clip it - but there will be worse effects
2508		 * anyway, eg. the server could only possibly create 1 session
2509		 * ID (ie. the prefix!) so all future session negotiations will
2510		 * fail due to conflicts. */
2511		memcpy(id, session_id_prefix,
2512			(strlen(session_id_prefix) < *id_len) ?
2513			strlen(session_id_prefix) : *id_len);
2514		}
2515	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
2516		(++count < MAX_SESSION_ID_ATTEMPTS));
2517	if(count >= MAX_SESSION_ID_ATTEMPTS)
2518		return 0;
2519	return 1;
2520	}
2521