1c7da899bSchristos /*
213d40330Schristos * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
3c7da899bSchristos *
4*b0d17251Schristos * Licensed under the Apache License 2.0 (the "License"). You may not use
5c7da899bSchristos * this file except in compliance with the License. You can obtain a copy
6c7da899bSchristos * in the file LICENSE in the source distribution or at
7c7da899bSchristos * https://www.openssl.org/source/license.html
8c7da899bSchristos */
9a6054fbfSspz
10a6054fbfSspz /*
11a6054fbfSspz * A minimal program to serve an SSL connection. It uses blocking. It use the
12a6054fbfSspz * SSL_CONF API with the command line. cc -I../../include server-arg.c
13a6054fbfSspz * -L../.. -lssl -lcrypto -ldl
14a6054fbfSspz */
15a6054fbfSspz
16a6054fbfSspz #include <stdio.h>
17c7da899bSchristos #include <string.h>
18a6054fbfSspz #include <signal.h>
1913d40330Schristos #include <stdlib.h>
20a6054fbfSspz #include <openssl/err.h>
21a6054fbfSspz #include <openssl/ssl.h>
22a6054fbfSspz
main(int argc,char * argv[])23a6054fbfSspz int main(int argc, char *argv[])
24a6054fbfSspz {
25a6054fbfSspz char *port = "*:4433";
26a6054fbfSspz BIO *ssl_bio, *tmp;
27a6054fbfSspz SSL_CTX *ctx;
28a6054fbfSspz SSL_CONF_CTX *cctx;
29a6054fbfSspz char buf[512];
30a6054fbfSspz BIO *in = NULL;
3113d40330Schristos int ret = EXIT_FAILURE, i;
32a6054fbfSspz char **args = argv + 1;
33a6054fbfSspz int nargs = argc - 1;
34a6054fbfSspz
35c7da899bSchristos ctx = SSL_CTX_new(TLS_server_method());
36a6054fbfSspz
37a6054fbfSspz cctx = SSL_CONF_CTX_new();
38a6054fbfSspz SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
39a6054fbfSspz SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
40a6054fbfSspz SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
41a6054fbfSspz while (*args && **args == '-') {
42a6054fbfSspz int rv;
43a6054fbfSspz /* Parse standard arguments */
44a6054fbfSspz rv = SSL_CONF_cmd_argv(cctx, &nargs, &args);
45a6054fbfSspz if (rv == -3) {
46a6054fbfSspz fprintf(stderr, "Missing argument for %s\n", *args);
47a6054fbfSspz goto err;
48a6054fbfSspz }
49a6054fbfSspz if (rv < 0) {
50a6054fbfSspz fprintf(stderr, "Error in command %s\n", *args);
51a6054fbfSspz ERR_print_errors_fp(stderr);
52a6054fbfSspz goto err;
53a6054fbfSspz }
54a6054fbfSspz /* If rv > 0 we processed something so proceed to next arg */
55a6054fbfSspz if (rv > 0)
56a6054fbfSspz continue;
57a6054fbfSspz /* Otherwise application specific argument processing */
58c7da899bSchristos if (strcmp(*args, "-port") == 0) {
59a6054fbfSspz port = args[1];
60a6054fbfSspz if (port == NULL) {
61a6054fbfSspz fprintf(stderr, "Missing -port argument\n");
62a6054fbfSspz goto err;
63a6054fbfSspz }
64a6054fbfSspz args += 2;
65a6054fbfSspz nargs -= 2;
66a6054fbfSspz continue;
67a6054fbfSspz } else {
68a6054fbfSspz fprintf(stderr, "Unknown argument %s\n", *args);
69a6054fbfSspz goto err;
70a6054fbfSspz }
71a6054fbfSspz }
72a6054fbfSspz
73a6054fbfSspz if (!SSL_CONF_CTX_finish(cctx)) {
74a6054fbfSspz fprintf(stderr, "Finish error\n");
75a6054fbfSspz ERR_print_errors_fp(stderr);
76a6054fbfSspz goto err;
77a6054fbfSspz }
78c7da899bSchristos #ifdef ITERATE_CERTS
79a6054fbfSspz /*
80a6054fbfSspz * Demo of how to iterate over all certificates in an SSL_CTX structure.
81a6054fbfSspz */
82a6054fbfSspz {
83a6054fbfSspz X509 *x;
84a6054fbfSspz int rv;
85a6054fbfSspz rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST);
86a6054fbfSspz while (rv) {
87a6054fbfSspz X509 *x = SSL_CTX_get0_certificate(ctx);
88a6054fbfSspz X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0,
89a6054fbfSspz XN_FLAG_ONELINE);
90a6054fbfSspz printf("\n");
91a6054fbfSspz rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT);
92a6054fbfSspz }
93a6054fbfSspz fflush(stdout);
94a6054fbfSspz }
95a6054fbfSspz #endif
96a6054fbfSspz /* Setup server side SSL bio */
97a6054fbfSspz ssl_bio = BIO_new_ssl(ctx, 0);
98a6054fbfSspz
99a6054fbfSspz if ((in = BIO_new_accept(port)) == NULL)
100a6054fbfSspz goto err;
101a6054fbfSspz
102a6054fbfSspz /*
103a6054fbfSspz * This means that when a new connection is accepted on 'in', The ssl_bio
104a6054fbfSspz * will be 'duplicated' and have the new socket BIO push into it.
105a6054fbfSspz * Basically it means the SSL BIO will be automatically setup
106a6054fbfSspz */
107a6054fbfSspz BIO_set_accept_bios(in, ssl_bio);
108a6054fbfSspz
109a6054fbfSspz again:
110a6054fbfSspz /*
111a6054fbfSspz * The first call will setup the accept socket, and the second will get a
112a6054fbfSspz * socket. In this loop, the first actual accept will occur in the
113a6054fbfSspz * BIO_read() function.
114a6054fbfSspz */
115a6054fbfSspz
116a6054fbfSspz if (BIO_do_accept(in) <= 0)
117a6054fbfSspz goto err;
118a6054fbfSspz
119a6054fbfSspz for (;;) {
120a6054fbfSspz i = BIO_read(in, buf, 512);
121a6054fbfSspz if (i == 0) {
122a6054fbfSspz /*
123a6054fbfSspz * If we have finished, remove the underlying BIO stack so the
124a6054fbfSspz * next time we call any function for this BIO, it will attempt
125a6054fbfSspz * to do an accept
126a6054fbfSspz */
127a6054fbfSspz printf("Done\n");
128a6054fbfSspz tmp = BIO_pop(in);
129a6054fbfSspz BIO_free_all(tmp);
130a6054fbfSspz goto again;
131a6054fbfSspz }
132a6054fbfSspz if (i < 0)
133a6054fbfSspz goto err;
134a6054fbfSspz fwrite(buf, 1, i, stdout);
135a6054fbfSspz fflush(stdout);
136a6054fbfSspz }
137a6054fbfSspz
13813d40330Schristos ret = EXIT_SUCCESS;
139a6054fbfSspz err:
14013d40330Schristos if (ret != EXIT_SUCCESS)
141a6054fbfSspz ERR_print_errors_fp(stderr);
142a6054fbfSspz BIO_free(in);
14313d40330Schristos return ret;
144a6054fbfSspz }
145