1*4724848cSchristos /*
2*4724848cSchristos * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
3*4724848cSchristos *
4*4724848cSchristos * Licensed under the OpenSSL license (the "License"). You may not use
5*4724848cSchristos * this file except in compliance with the License. You can obtain a copy
6*4724848cSchristos * in the file LICENSE in the source distribution or at
7*4724848cSchristos * https://www.openssl.org/source/license.html
8*4724848cSchristos */
9c9496f6bSchristos
10c9496f6bSchristos /*
11c9496f6bSchristos * A minimal program to serve an SSL connection. It uses blocking. It use the
12c9496f6bSchristos * SSL_CONF API with the command line. cc -I../../include server-arg.c
13c9496f6bSchristos * -L../.. -lssl -lcrypto -ldl
14c9496f6bSchristos */
15c9496f6bSchristos
16c9496f6bSchristos #include <stdio.h>
17*4724848cSchristos #include <string.h>
18c9496f6bSchristos #include <signal.h>
19*4724848cSchristos #include <stdlib.h>
20c9496f6bSchristos #include <openssl/err.h>
21c9496f6bSchristos #include <openssl/ssl.h>
22c9496f6bSchristos
main(int argc,char * argv[])23c9496f6bSchristos int main(int argc, char *argv[])
24c9496f6bSchristos {
25c9496f6bSchristos char *port = "*:4433";
26c9496f6bSchristos BIO *ssl_bio, *tmp;
27c9496f6bSchristos SSL_CTX *ctx;
28c9496f6bSchristos SSL_CONF_CTX *cctx;
29c9496f6bSchristos char buf[512];
30c9496f6bSchristos BIO *in = NULL;
31*4724848cSchristos int ret = EXIT_FAILURE, i;
32c9496f6bSchristos char **args = argv + 1;
33c9496f6bSchristos int nargs = argc - 1;
34c9496f6bSchristos
35*4724848cSchristos ctx = SSL_CTX_new(TLS_server_method());
36c9496f6bSchristos
37c9496f6bSchristos cctx = SSL_CONF_CTX_new();
38c9496f6bSchristos SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
39c9496f6bSchristos SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
40c9496f6bSchristos SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
41c9496f6bSchristos while (*args && **args == '-') {
42c9496f6bSchristos int rv;
43c9496f6bSchristos /* Parse standard arguments */
44c9496f6bSchristos rv = SSL_CONF_cmd_argv(cctx, &nargs, &args);
45c9496f6bSchristos if (rv == -3) {
46c9496f6bSchristos fprintf(stderr, "Missing argument for %s\n", *args);
47c9496f6bSchristos goto err;
48c9496f6bSchristos }
49c9496f6bSchristos if (rv < 0) {
50c9496f6bSchristos fprintf(stderr, "Error in command %s\n", *args);
51c9496f6bSchristos ERR_print_errors_fp(stderr);
52c9496f6bSchristos goto err;
53c9496f6bSchristos }
54c9496f6bSchristos /* If rv > 0 we processed something so proceed to next arg */
55c9496f6bSchristos if (rv > 0)
56c9496f6bSchristos continue;
57c9496f6bSchristos /* Otherwise application specific argument processing */
58*4724848cSchristos if (strcmp(*args, "-port") == 0) {
59c9496f6bSchristos port = args[1];
60c9496f6bSchristos if (port == NULL) {
61c9496f6bSchristos fprintf(stderr, "Missing -port argument\n");
62c9496f6bSchristos goto err;
63c9496f6bSchristos }
64c9496f6bSchristos args += 2;
65c9496f6bSchristos nargs -= 2;
66c9496f6bSchristos continue;
67c9496f6bSchristos } else {
68c9496f6bSchristos fprintf(stderr, "Unknown argument %s\n", *args);
69c9496f6bSchristos goto err;
70c9496f6bSchristos }
71c9496f6bSchristos }
72c9496f6bSchristos
73c9496f6bSchristos if (!SSL_CONF_CTX_finish(cctx)) {
74c9496f6bSchristos fprintf(stderr, "Finish error\n");
75c9496f6bSchristos ERR_print_errors_fp(stderr);
76c9496f6bSchristos goto err;
77c9496f6bSchristos }
78*4724848cSchristos #ifdef ITERATE_CERTS
79c9496f6bSchristos /*
80c9496f6bSchristos * Demo of how to iterate over all certificates in an SSL_CTX structure.
81c9496f6bSchristos */
82c9496f6bSchristos {
83c9496f6bSchristos X509 *x;
84c9496f6bSchristos int rv;
85c9496f6bSchristos rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST);
86c9496f6bSchristos while (rv) {
87c9496f6bSchristos X509 *x = SSL_CTX_get0_certificate(ctx);
88c9496f6bSchristos X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0,
89c9496f6bSchristos XN_FLAG_ONELINE);
90c9496f6bSchristos printf("\n");
91c9496f6bSchristos rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT);
92c9496f6bSchristos }
93c9496f6bSchristos fflush(stdout);
94c9496f6bSchristos }
95c9496f6bSchristos #endif
96c9496f6bSchristos /* Setup server side SSL bio */
97c9496f6bSchristos ssl_bio = BIO_new_ssl(ctx, 0);
98c9496f6bSchristos
99c9496f6bSchristos if ((in = BIO_new_accept(port)) == NULL)
100c9496f6bSchristos goto err;
101c9496f6bSchristos
102c9496f6bSchristos /*
103c9496f6bSchristos * This means that when a new connection is accepted on 'in', The ssl_bio
104c9496f6bSchristos * will be 'duplicated' and have the new socket BIO push into it.
105c9496f6bSchristos * Basically it means the SSL BIO will be automatically setup
106c9496f6bSchristos */
107c9496f6bSchristos BIO_set_accept_bios(in, ssl_bio);
108c9496f6bSchristos
109c9496f6bSchristos again:
110c9496f6bSchristos /*
111c9496f6bSchristos * The first call will setup the accept socket, and the second will get a
112c9496f6bSchristos * socket. In this loop, the first actual accept will occur in the
113c9496f6bSchristos * BIO_read() function.
114c9496f6bSchristos */
115c9496f6bSchristos
116c9496f6bSchristos if (BIO_do_accept(in) <= 0)
117c9496f6bSchristos goto err;
118c9496f6bSchristos
119c9496f6bSchristos for (;;) {
120c9496f6bSchristos i = BIO_read(in, buf, 512);
121c9496f6bSchristos if (i == 0) {
122c9496f6bSchristos /*
123c9496f6bSchristos * If we have finished, remove the underlying BIO stack so the
124c9496f6bSchristos * next time we call any function for this BIO, it will attempt
125c9496f6bSchristos * to do an accept
126c9496f6bSchristos */
127c9496f6bSchristos printf("Done\n");
128c9496f6bSchristos tmp = BIO_pop(in);
129c9496f6bSchristos BIO_free_all(tmp);
130c9496f6bSchristos goto again;
131c9496f6bSchristos }
132c9496f6bSchristos if (i < 0)
133c9496f6bSchristos goto err;
134c9496f6bSchristos fwrite(buf, 1, i, stdout);
135c9496f6bSchristos fflush(stdout);
136c9496f6bSchristos }
137c9496f6bSchristos
138*4724848cSchristos ret = EXIT_SUCCESS;
139c9496f6bSchristos err:
140*4724848cSchristos if (ret != EXIT_SUCCESS)
141c9496f6bSchristos ERR_print_errors_fp(stderr);
142c9496f6bSchristos BIO_free(in);
143*4724848cSchristos return ret;
144c9496f6bSchristos }
145