summaryrefslogtreecommitdiff
path: root/demos/bio/server-arg.c
blob: 0d432a47627aee5dbf4fe43bd802277cbb7e41fd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/* NOCW */
/* demos/bio/server-arg.c */

/* A minimal program to serve an SSL connection.
 * It uses blocking.
 * It use the SSL_CONF API with the command line.
 *
 * cc -I../../include server-arg.c -L../.. -lssl -lcrypto -ldl
 */

#include <stdio.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>


int main(int argc, char *argv[])
	{
	char *port = "*:4433";
	BIO *ssl_bio,*tmp;
	SSL_CTX *ctx;
	SSL_CONF_CTX *cctx;
	char buf[512];
	BIO *in=NULL;
	int ret=1,i;
	char **args = argv + 1;
	int nargs = argc - 1;

	SSL_load_error_strings();

	/* Add ciphers and message digests */
	OpenSSL_add_ssl_algorithms();

	ctx=SSL_CTX_new(SSLv23_server_method());

	cctx = SSL_CONF_CTX_new();
	SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
	SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
	SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
	while(*args && **args == '-')
		{
		int rv;
		/* Parse standard arguments */
		rv = SSL_CONF_cmd_argv(cctx, &nargs, &args);
		if (rv == -3)
			{
			fprintf(stderr, "Missing argument for %s\n", *args);
			goto err;
			}
		if (rv < 0)
			{
			fprintf(stderr, "Error in command %s\n", *args);
			ERR_print_errors_fp(stderr);
			goto err;
			}
		/* If rv > 0 we processed something so proceed to next arg */
		if (rv > 0)
			continue;
		/* Otherwise application specific argument processing */
		if (!strcmp(*args, "-port"))
			{
			port = args[1];
			if (port == NULL)
				{
				fprintf(stderr, "Missing -port argument\n");
				goto err;
				}
			args += 2;
			nargs -= 2;
			continue;
			}
		else
			{
			fprintf(stderr, "Unknown argument %s\n", *args);
			goto err;
			}
		}

	if (!SSL_CONF_CTX_finish(cctx))
		{
		fprintf(stderr, "Finish error\n");
		ERR_print_errors_fp(stderr);
		goto err;
		}
#if 0
	/* Demo of how to iterate over all certificates in an SSL_CTX
	 * structure.
	 */
	{
	X509 *x;
	int rv;
	rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST);
	while (rv)
		{
		X509 *x = SSL_CTX_get0_certificate(ctx);
		X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
		printf("\n");
		rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT);
		}
	fflush(stdout);
	}
#endif
	/* Setup server side SSL bio */
	ssl_bio=BIO_new_ssl(ctx,0);

	if ((in=BIO_new_accept(port)) == NULL) goto err;

	/* This means that when a new connection is accepted on 'in',
	 * The ssl_bio will be 'duplicated' and have the new socket
	 * BIO push into it.  Basically it means the SSL BIO will be
	 * automatically setup */
	BIO_set_accept_bios(in,ssl_bio);

again:
	/* The first call will setup the accept socket, and the second
	 * will get a socket.  In this loop, the first actual accept
	 * will occur in the BIO_read() function. */

	if (BIO_do_accept(in) <= 0) goto err;

	for (;;)
		{
		i=BIO_read(in,buf,512);
		if (i == 0)
			{
			/* If we have finished, remove the underlying
			 * BIO stack so the next time we call any function
			 * for this BIO, it will attempt to do an
			 * accept */
			printf("Done\n");
			tmp=BIO_pop(in);
			BIO_free_all(tmp);
			goto again;
			}
		if (i < 0) goto err;
		fwrite(buf,1,i,stdout);
		fflush(stdout);
		}

	ret=0;
err:
	if (ret)
		{
		ERR_print_errors_fp(stderr);
		}
	if (in != NULL) BIO_free(in);
	exit(ret);
	return(!ret);
	}