summaryrefslogtreecommitdiff
path: root/deps/openssl/openssl/demos/bio
diff options
context:
space:
mode:
Diffstat (limited to 'deps/openssl/openssl/demos/bio')
-rw-r--r--deps/openssl/openssl/demos/bio/Makefile40
-rw-r--r--deps/openssl/openssl/demos/bio/accept.cnf8
-rw-r--r--deps/openssl/openssl/demos/bio/client-arg.c20
-rw-r--r--deps/openssl/openssl/demos/bio/client-conf.c20
-rw-r--r--deps/openssl/openssl/demos/bio/cmod.cnf24
-rw-r--r--deps/openssl/openssl/demos/bio/descrip.mms47
-rw-r--r--deps/openssl/openssl/demos/bio/intca.pem23
-rw-r--r--deps/openssl/openssl/demos/bio/root.pem22
-rw-r--r--deps/openssl/openssl/demos/bio/saccept.c61
-rw-r--r--deps/openssl/openssl/demos/bio/sconnect.c68
-rw-r--r--deps/openssl/openssl/demos/bio/server-arg.c25
-rw-r--r--deps/openssl/openssl/demos/bio/server-cmod.c95
-rw-r--r--deps/openssl/openssl/demos/bio/server-conf.c22
-rw-r--r--deps/openssl/openssl/demos/bio/server-ec.pem17
-rw-r--r--deps/openssl/openssl/demos/bio/server.pem65
-rw-r--r--deps/openssl/openssl/demos/bio/shared.opt2
-rw-r--r--deps/openssl/openssl/demos/bio/static.opt2
17 files changed, 434 insertions, 127 deletions
diff --git a/deps/openssl/openssl/demos/bio/Makefile b/deps/openssl/openssl/demos/bio/Makefile
index f8c8f03517..493e8a58a5 100644
--- a/deps/openssl/openssl/demos/bio/Makefile
+++ b/deps/openssl/openssl/demos/bio/Makefile
@@ -1,22 +1,30 @@
-CC=cc
-CFLAGS= -g -I../../include
-LIBS= -L../.. ../../libssl.a ../../libcrypto.a -ldl
-EXAMPLES=saccept sconnect client-arg client-conf
+# Quick instruction:
+# To build against an OpenSSL built in the source tree, do this:
+#
+# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../..
+#
+# To run the demos when linked with a shared library (default):
+#
+# LD_LIBRARY_PATH=../.. ./server-arg
+# LD_LIBRARY_PATH=../.. ./server-cmod
+# LD_LIBRARY_PATH=../.. ./server-conf
+# LD_LIBRARY_PATH=../.. ./client-arg
+# LD_LIBRARY_PATH=../.. ./client-conf
+# LD_LIBRARY_PATH=../.. ./saccept
+# LD_LIBRARY_PATH=../.. ./sconnect
-all: $(EXAMPLES)
+CFLAGS = $(OPENSSL_INCS_LOCATION)
+LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS)
-saccept: saccept.o
- $(CC) -o saccept saccept.o $(LIBS)
-
-sconnect: sconnect.o
- $(CC) -o sconnect sconnect.o $(LIBS)
+all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf
client-arg: client-arg.o
- $(CC) -o client-arg client-arg.o $(LIBS)
-
client-conf: client-conf.o
- $(CC) -o client-conf client-conf.o $(LIBS)
-
-clean:
- rm -f $(EXAMPLES) *.o
+saccept: saccept.o
+sconnect: sconnect.o
+server-arg: server-arg.o
+server-cmod: server-cmod.o
+server-conf: server-conf.o
+client-arg client-conf saccept sconnect server-arg server-cmod server-conf:
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
diff --git a/deps/openssl/openssl/demos/bio/accept.cnf b/deps/openssl/openssl/demos/bio/accept.cnf
index e4acea75f3..eb6965832f 100644
--- a/deps/openssl/openssl/demos/bio/accept.cnf
+++ b/deps/openssl/openssl/demos/bio/accept.cnf
@@ -5,9 +5,13 @@ Port = 4433
# Protocol = ALL, -TLSv1.2
# Only support 3 curves
Curves = P-521:P-384:P-256
-# Automatic curve selection
-ECDHParameters = Automatic
# Restricted signature algorithms
SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
Certificate=server.pem
PrivateKey=server.pem
+ChainCAFile=root.pem
+VerifyCAFile=root.pem
+
+# Request certificate
+VerifyMode=Request
+ClientCAFile=root.pem
diff --git a/deps/openssl/openssl/demos/bio/client-arg.c b/deps/openssl/openssl/demos/bio/client-arg.c
index dc354cae06..e8d5e46ab5 100644
--- a/deps/openssl/openssl/demos/bio/client-arg.c
+++ b/deps/openssl/openssl/demos/bio/client-arg.c
@@ -1,3 +1,13 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -13,11 +23,7 @@ int main(int argc, char **argv)
const char *connect_str = "localhost:4433";
int nargs = argc - 1;
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
- SSL_library_init();
-
- ctx = SSL_CTX_new(SSLv23_client_method());
+ ctx = SSL_CTX_new(TLS_client_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
@@ -38,7 +44,7 @@ int main(int argc, char **argv)
if (rv > 0)
continue;
/* Otherwise application specific argument processing */
- if (!strcmp(*args, "-connect")) {
+ if (strcmp(*args, "-connect") == 0) {
connect_str = args[1];
if (connect_str == NULL) {
fprintf(stderr, "Missing -connect argument\n");
@@ -56,7 +62,7 @@ int main(int argc, char **argv)
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
- goto err;
+ goto end;
}
/*
diff --git a/deps/openssl/openssl/demos/bio/client-conf.c b/deps/openssl/openssl/demos/bio/client-conf.c
index 150e7fcf83..e819030eec 100644
--- a/deps/openssl/openssl/demos/bio/client-conf.c
+++ b/deps/openssl/openssl/demos/bio/client-conf.c
@@ -1,3 +1,13 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>
@@ -16,10 +26,6 @@ int main(int argc, char **argv)
const char *connect_str = "localhost:4433";
long errline = -1;
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
- SSL_library_init();
-
conf = NCONF_new(NULL);
if (NCONF_load(conf, "connect.cnf", &errline) <= 0) {
@@ -37,7 +43,7 @@ int main(int argc, char **argv)
goto end;
}
- ctx = SSL_CTX_new(SSLv23_client_method());
+ ctx = SSL_CTX_new(TLS_client_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
@@ -53,7 +59,7 @@ int main(int argc, char **argv)
ERR_print_errors_fp(stderr);
goto end;
}
- if (!strcmp(cnf->name, "Connect")) {
+ if (strcmp(cnf->name, "Connect") == 0) {
connect_str = cnf->value;
} else {
fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
@@ -64,7 +70,7 @@ int main(int argc, char **argv)
if (!SSL_CONF_CTX_finish(cctx)) {
fprintf(stderr, "Finish error\n");
ERR_print_errors_fp(stderr);
- goto err;
+ goto end;
}
/*
diff --git a/deps/openssl/openssl/demos/bio/cmod.cnf b/deps/openssl/openssl/demos/bio/cmod.cnf
new file mode 100644
index 0000000000..39ac54edd9
--- /dev/null
+++ b/deps/openssl/openssl/demos/bio/cmod.cnf
@@ -0,0 +1,24 @@
+# Example config module configuration
+
+# Name supplied by application to CONF_modules_load_file
+# and section containing configuration
+testapp = test_sect
+
+[test_sect]
+# list of configuration modules
+
+# SSL configuration module
+ssl_conf = ssl_sect
+
+[ssl_sect]
+# list of SSL configurations
+server = server_sect
+
+[server_sect]
+# Only support 3 curves
+Curves = P-521:P-384:P-256
+# Restricted signature algorithms
+SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
+# Certificates and keys
+RSA.Certificate=server.pem
+ECDSA.Certificate=server-ec.pem
diff --git a/deps/openssl/openssl/demos/bio/descrip.mms b/deps/openssl/openssl/demos/bio/descrip.mms
new file mode 100644
index 0000000000..d49725ffd1
--- /dev/null
+++ b/deps/openssl/openssl/demos/bio/descrip.mms
@@ -0,0 +1,47 @@
+# This build description trusts that the following logical names are defined:
+#
+# For compilation: OPENSSL
+# For linking with shared libraries: OSSL$LIBCRYPTO_SHR and OSSL$LIBSSL_SHR
+# For linking with static libraries: OSSL$LIBCRYPTO and OSSL$LIBSSL
+#
+# These are normally defined with the OpenSSL startup procedure
+
+# By default, we link with the shared libraries
+SHARED = TRUE
+
+# Alternative, for linking with static libraries
+#SHARED = FALSE
+
+.FIRST :
+ IF "$(SHARED)" .EQS. "TRUE" THEN DEFINE OPT []shared.opt
+ IF "$(SHARED)" .NES. "TRUE" THEN DEFINE OPT []static.opt
+
+.LAST :
+ DEASSIGN OPT
+
+.DEFAULT :
+ @ !
+
+# Because we use an option file, we need to redefine this
+.obj.exe :
+ $(LINK) $(LINKFLAGS) $<,OPT:/OPT
+
+all : client-arg.exe client-conf.exe saccept.exe sconnect.exe -
+ server-arg.exe server-cmod.exe server-conf.exe
+
+client-arg.exe : client-arg.obj
+client-conf.exe : client-conf.obj
+saccept.exe : saccept.obj
+sconnect.exe : sconnect.obj
+server-arg.exe : server-arg.obj
+server-cmod.exe : server-cmod.obj
+server-conf.exe : server-conf.obj
+
+# Stoopid MMS doesn't infer this automatically...
+client-arg.obj : client-arg.c
+client-conf.obj : client-conf.c
+saccept.obj : saccept.c
+sconnect.obj : sconnect.c
+server-arg.obj : server-arg.c
+server-cmod.obj : server-cmod.c
+server-conf.obj : server-conf.c
diff --git a/deps/openssl/openssl/demos/bio/intca.pem b/deps/openssl/openssl/demos/bio/intca.pem
new file mode 100644
index 0000000000..3551ea93d5
--- /dev/null
+++ b/deps/openssl/openssl/demos/bio/intca.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
+W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
+IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
+GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
+ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
+ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
+VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
+VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz
+audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg
+j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt
+CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR
+gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I
+RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN
+thI=
+-----END CERTIFICATE-----
diff --git a/deps/openssl/openssl/demos/bio/root.pem b/deps/openssl/openssl/demos/bio/root.pem
new file mode 100644
index 0000000000..3bd0e9b3ef
--- /dev/null
+++ b/deps/openssl/openssl/demos/bio/root.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgIJAKkg71CjIAovMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNDAyMjMxMzA1MTNaFw0yNDAyMjExMzA1MTNaMGgxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs
+vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H
+q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG
+juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu
+R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r
+77WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA
+AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA
+FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCsoxVi49anYZ1aI/2rVJ5bvEd3ZvGn
+wx1Y+l75SQVYU2qX9CHNBVg1t8reIBN8yPEfBM1WcFPEg7Vy3zFaklMPm/oYXwVI
+/lX/LsfPUxdnQmONxLw4x/0booN1LV/dtRcebewUSqog6W9Z2fbTEe6srIBE4M5G
+Wa943lthlmQM6HzlU4D606PQ3zQbX08mue4eqQB813r4uSoI1MpGLqxkziBRFGGN
+T4VNYp8DeSVr3jHjNBmKCAPZxJIYElnLEK027OG00RH7sF7SGFDNsCjN1NmCvuRz
+9AHnjVIBNzIvI3uiOn9tngRDXBRIcUBsdYG19tal8yWBgrr9SdlqFy/Y
+-----END CERTIFICATE-----
diff --git a/deps/openssl/openssl/demos/bio/saccept.c b/deps/openssl/openssl/demos/bio/saccept.c
index e79c872329..66c5c61755 100644
--- a/deps/openssl/openssl/demos/bio/saccept.c
+++ b/deps/openssl/openssl/demos/bio/saccept.c
@@ -1,5 +1,11 @@
-/* NOCW */
-/* demos/bio/saccept.c */
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
/*-
* A minimal program to serve an SSL connection.
@@ -18,22 +24,32 @@
#define CERT_FILE "server.pem"
-BIO *in = NULL;
+static int done = 0;
-void close_up()
+void interrupt(int sig)
{
- if (in != NULL)
- BIO_free(in);
+ done = 1;
}
-int main(argc, argv)
-int argc;
-char *argv[];
+void sigsetup(void)
+{
+ struct sigaction sa;
+
+ /*
+ * Catch at most once, and don't restart the accept system call.
+ */
+ sa.sa_flags = SA_RESETHAND;
+ sa.sa_handler = interrupt;
+ sigemptyset(&sa.sa_mask);
+ sigaction(SIGINT, &sa, NULL);
+}
+
+int main(int argc, char *argv[])
{
char *port = NULL;
+ BIO *in = NULL;
BIO *ssl_bio, *tmp;
SSL_CTX *ctx;
- SSL *ssl;
char buf[512];
int ret = 1, i;
@@ -42,20 +58,8 @@ char *argv[];
else
port = argv[1];
- signal(SIGINT, close_up);
-
- SSL_load_error_strings();
-
-#ifdef WATT32
- dbug_init();
- sock_init();
-#endif
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
-
- ctx = SSL_CTX_new(SSLv23_server_method());
- if (!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
+ ctx = SSL_CTX_new(TLS_server_method());
+ if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))
goto err;
if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
goto err;
@@ -63,7 +67,6 @@ char *argv[];
goto err;
/* Setup server side SSL bio */
- ssl = SSL_new(ctx);
ssl_bio = BIO_new_ssl(ctx, 0);
if ((in = BIO_new_accept(port)) == NULL)
@@ -76,6 +79,9 @@ char *argv[];
*/
BIO_set_accept_bios(in, ssl_bio);
+ /* Arrange to leave server loop on interrupt */
+ sigsetup();
+
again:
/*
* The first call will setup the accept socket, and the second will get a
@@ -86,7 +92,7 @@ char *argv[];
if (BIO_do_accept(in) <= 0)
goto err;
- for (;;) {
+ while (!done) {
i = BIO_read(in, buf, 512);
if (i == 0) {
/*
@@ -110,8 +116,7 @@ char *argv[];
if (ret) {
ERR_print_errors_fp(stderr);
}
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
exit(ret);
return (!ret);
}
diff --git a/deps/openssl/openssl/demos/bio/sconnect.c b/deps/openssl/openssl/demos/bio/sconnect.c
index e6eddb1c05..664a1e038c 100644
--- a/deps/openssl/openssl/demos/bio/sconnect.c
+++ b/deps/openssl/openssl/demos/bio/sconnect.c
@@ -1,5 +1,11 @@
-/* NOCW */
-/* demos/bio/sconnect.c */
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
/*-
* A minimal program to do SSL to a passed host and port.
@@ -11,51 +17,65 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
+#include <string.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
+#define HOSTPORT "localhost:4433"
+#define CAFILE "root.pem"
+
extern int errno;
int main(argc, argv)
int argc;
char *argv[];
{
- char *host;
- BIO *out;
+ const char *hostport = HOSTPORT;
+ const char *CAfile = CAFILE;
+ char *hostname;
+ char *cp;
+ BIO *out = NULL;
char buf[1024 * 10], *p;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl;
BIO *ssl_bio;
int i, len, off, ret = 1;
- if (argc <= 1)
- host = "localhost:4433";
- else
- host = argv[1];
+ if (argc > 1)
+ hostport = argv[1];
+ if (argc > 2)
+ CAfile = argv[2];
+
+ hostname = OPENSSL_strdup(hostport);
+ if ((cp = strchr(hostname, ':')) != NULL)
+ *cp = 0;
#ifdef WATT32
dbug_init();
sock_init();
#endif
- /* Lets get nice error messages */
- SSL_load_error_strings();
+ ssl_ctx = SSL_CTX_new(TLS_client_method());
- /* Setup all the global SSL stuff */
- OpenSSL_add_ssl_algorithms();
- ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+ /* Enable trust chain verification */
+ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+ SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL);
/* Lets make a SSL structure */
ssl = SSL_new(ssl_ctx);
SSL_set_connect_state(ssl);
+ /* Enable peername verification */
+ if (SSL_set1_host(ssl, hostname) <= 0)
+ goto err;
+
/* Use it inside an SSL BIO */
ssl_bio = BIO_new(BIO_f_ssl());
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
/* Lets use a connect BIO under the SSL BIO */
out = BIO_new(BIO_s_connect());
- BIO_set_conn_hostname(out, host);
+ BIO_set_conn_hostname(out, hostport);
BIO_set_nbio(out, 1);
out = BIO_push(ssl_bio, out);
@@ -96,18 +116,16 @@ char *argv[];
}
ret = 1;
+ goto done;
- if (0) {
err:
- if (ERR_peek_error() == 0) { /* system call error */
- fprintf(stderr, "errno=%d ", errno);
- perror("error");
- } else
- ERR_print_errors_fp(stderr);
- }
+ if (ERR_peek_error() == 0) { /* system call error */
+ fprintf(stderr, "errno=%d ", errno);
+ perror("error");
+ } else
+ ERR_print_errors_fp(stderr);
+ done:
BIO_free_all(out);
- if (ssl_ctx != NULL)
- SSL_CTX_free(ssl_ctx);
- exit(!ret);
- return (ret);
+ SSL_CTX_free(ssl_ctx);
+ return (ret == 1);
}
diff --git a/deps/openssl/openssl/demos/bio/server-arg.c b/deps/openssl/openssl/demos/bio/server-arg.c
index 1d0e1db234..6056969fe9 100644
--- a/deps/openssl/openssl/demos/bio/server-arg.c
+++ b/deps/openssl/openssl/demos/bio/server-arg.c
@@ -1,5 +1,11 @@
-/* NOCW */
-/* demos/bio/server-arg.c */
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
/*
* A minimal program to serve an SSL connection. It uses blocking. It use the
@@ -8,6 +14,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -24,12 +31,7 @@ int main(int argc, char *argv[])
char **args = argv + 1;
int nargs = argc - 1;
- SSL_load_error_strings();
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
-
- ctx = SSL_CTX_new(SSLv23_server_method());
+ ctx = SSL_CTX_new(TLS_server_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
@@ -52,7 +54,7 @@ int main(int argc, char *argv[])
if (rv > 0)
continue;
/* Otherwise application specific argument processing */
- if (!strcmp(*args, "-port")) {
+ if (strcmp(*args, "-port") == 0) {
port = args[1];
if (port == NULL) {
fprintf(stderr, "Missing -port argument\n");
@@ -72,7 +74,7 @@ int main(int argc, char *argv[])
ERR_print_errors_fp(stderr);
goto err;
}
-#if 0
+#ifdef ITERATE_CERTS
/*
* Demo of how to iterate over all certificates in an SSL_CTX structure.
*/
@@ -137,8 +139,7 @@ int main(int argc, char *argv[])
if (ret) {
ERR_print_errors_fp(stderr);
}
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
exit(ret);
return (!ret);
}
diff --git a/deps/openssl/openssl/demos/bio/server-cmod.c b/deps/openssl/openssl/demos/bio/server-cmod.c
new file mode 100644
index 0000000000..9cb246375c
--- /dev/null
+++ b/deps/openssl/openssl/demos/bio/server-cmod.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * A minimal TLS server it ses SSL_CTX_config and a configuration file to
+ * set most server parameters.
+ */
+
+#include <stdio.h>
+#include <signal.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/conf.h>
+
+int main(int argc, char *argv[])
+{
+ unsigned char buf[512];
+ char *port = "*:4433";
+ BIO *in = NULL;
+ BIO *ssl_bio, *tmp;
+ SSL_CTX *ctx;
+ int ret = 1, i;
+
+ ctx = SSL_CTX_new(TLS_server_method());
+
+ if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) {
+ fprintf(stderr, "Error processing config file\n");
+ goto err;
+ }
+
+ if (SSL_CTX_config(ctx, "server") == 0) {
+ fprintf(stderr, "Error configuring server.\n");
+ goto err;
+ }
+
+ /* Setup server side SSL bio */
+ ssl_bio = BIO_new_ssl(ctx, 0);
+
+ if ((in = BIO_new_accept(port)) == NULL)
+ goto err;
+
+ /*
+ * This means that when a new connection is accepted on 'in', The ssl_bio
+ * will be 'duplicated' and have the new socket BIO push into it.
+ * Basically it means the SSL BIO will be automatically setup
+ */
+ BIO_set_accept_bios(in, ssl_bio);
+
+ again:
+ /*
+ * The first call will setup the accept socket, and the second will get a
+ * socket. In this loop, the first actual accept will occur in the
+ * BIO_read() function.
+ */
+
+ if (BIO_do_accept(in) <= 0)
+ goto err;
+
+ for (;;) {
+ i = BIO_read(in, buf, sizeof(buf));
+ if (i == 0) {
+ /*
+ * If we have finished, remove the underlying BIO stack so the
+ * next time we call any function for this BIO, it will attempt
+ * to do an accept
+ */
+ printf("Done\n");
+ tmp = BIO_pop(in);
+ BIO_free_all(tmp);
+ goto again;
+ }
+ if (i < 0) {
+ if (BIO_should_retry(in))
+ continue;
+ goto err;
+ }
+ fwrite(buf, 1, i, stdout);
+ fflush(stdout);
+ }
+
+ ret = 0;
+ err:
+ if (ret) {
+ ERR_print_errors_fp(stderr);
+ }
+ BIO_free(in);
+ exit(ret);
+ return (!ret);
+}
diff --git a/deps/openssl/openssl/demos/bio/server-conf.c b/deps/openssl/openssl/demos/bio/server-conf.c
index a09bc9320d..41b13089c6 100644
--- a/deps/openssl/openssl/demos/bio/server-conf.c
+++ b/deps/openssl/openssl/demos/bio/server-conf.c
@@ -1,5 +1,11 @@
-/* NOCW */
-/* demos/bio/saccept-conf.c */
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
/*
* A minimal program to serve an SSL connection. It uses blocking. It uses
@@ -8,6 +14,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -27,10 +34,7 @@ int main(int argc, char *argv[])
char buf[512];
int ret = 1, i;
- SSL_load_error_strings();
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
+ ctx = SSL_CTX_new(TLS_server_method());
conf = NCONF_new(NULL);
@@ -49,7 +53,6 @@ int main(int argc, char *argv[])
goto err;
}
- ctx = SSL_CTX_new(SSLv23_server_method());
cctx = SSL_CONF_CTX_new();
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
@@ -67,7 +70,7 @@ int main(int argc, char *argv[])
ERR_print_errors_fp(stderr);
goto err;
}
- if (!strcmp(cnf->name, "Port")) {
+ if (strcmp(cnf->name, "Port") == 0) {
port = cnf->value;
} else {
fprintf(stderr, "Unknown configuration option %s\n", cnf->name);
@@ -131,8 +134,7 @@ int main(int argc, char *argv[])
if (ret) {
ERR_print_errors_fp(stderr);
}
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
exit(ret);
return (!ret);
}
diff --git a/deps/openssl/openssl/demos/bio/server-ec.pem b/deps/openssl/openssl/demos/bio/server-ec.pem
new file mode 100644
index 0000000000..a13fdc7e28
--- /dev/null
+++ b/deps/openssl/openssl/demos/bio/server-ec.pem
@@ -0,0 +1,17 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/5kYU3PUlHwfdjEN
+lC1xTZEx3o55RgtSOuOCTryDfomhRANCAARW/qUFg+qZzjcFWrST4bmkRCFu8/rn
+KTHjW2vpBXYGXKDn4AbAfYXYhM9J7v1HkkrZBPPGx53eVzs61/Pgr6Rc
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIBsTCCAVegAwIBAgIJALChLe0vZzgoMAoGCCqGSM49BAMCMDUxHzAdBgNVBAsM
+FlRlc3QgRUNEU0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x
+NTEyMjIxNDUxMDRaFw00NDAxMDQxNDUxMDRaMDUxHzAdBgNVBAsMFlRlc3QgRUNE
+U0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABFb+pQWD6pnONwVatJPhuaREIW7z+ucpMeNba+kFdgZcoOfg
+BsB9hdiEz0nu/UeSStkE88bHnd5XOzrX8+CvpFyjUDBOMB0GA1UdDgQWBBROhkTJ
+lsm8Qd8pEgrrapccfFY5gjAfBgNVHSMEGDAWgBROhkTJlsm8Qd8pEgrrapccfFY5
+gjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFhyU/WZRcihilTpwFVm
+fly1JhwisouiZjLnPkRYZVzHAiEAgqxXfRQl1/phnEgO9gRcv2nFp9xvJiDgKPse
+VktDYjE=
+-----END CERTIFICATE-----
diff --git a/deps/openssl/openssl/demos/bio/server.pem b/deps/openssl/openssl/demos/bio/server.pem
index d0fc265f04..8a4a51f9f0 100644
--- a/deps/openssl/openssl/demos/bio/server.pem
+++ b/deps/openssl/openssl/demos/bio/server.pem
@@ -1,27 +1,52 @@
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
-----BEGIN CERTIFICATE-----
-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
+MIIDyTCCArGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVSzEW
+MBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcgUFVS
+UE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0ZSBD
+QTAgFw0xNjAxMDQwODU0NDZaGA8yMTE2MDEwNTA4NTQ0NlowZDELMAkGA1UEBhMC
+VUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNUSU5H
+IFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJKCLTuf7g
+3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfiR7bfSdI/
++qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMvvPQGuI+O
+EAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7TVcGVSEi
+Jdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU41NEWAsu
+/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8RAgMBAAGj
+eDB2MB0GA1UdDgQWBBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2
+w2yI55X+sL3szj49hqshgYfa2jAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAC78R
+sAr4uvkYOu/pSwQ3MYOFqZ0BnPuP0/AZW2zF7TLNy8g36GyH9rKxz2ffQEHRmPQN
+Z11Ohg3z03jw/sVzkgt2U5Ipv923sSeCZcu0nuNex3v9/x72ldYikZNhQOsw+2kr
+hx3OvE9R7xl9eyjz7BknsbY7PC3kiUY8SDdc5Fr/XMkHm3ge65oWYOHBjC5tAr5K
+FGCEjM3syxS+Li5X6yfDGiVSjOU4gJuZDCYbl7cEQexU2deds8EmpJJrrI7s4JcQ
+rraHI8+Hu8X9VLpZE1jl/fKJw3D0i53PoN2WhukIOg1Zv+ajMKQ4ubVfISH2ebox
++ybAZO8hxL6/I08/GQ==
+-----END CERTIFICATE-----
+subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
+issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Root CA
+-----BEGIN CERTIFICATE-----
+MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
-KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
-R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
-vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
-TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
-41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
-AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
-AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
-BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
-hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
-WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
-yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
-vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
-xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
-JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
+VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
+QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL
+MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
+VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
+IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
+W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
+IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
+GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
+ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
+ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
+VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
+VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz
+audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg
+j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt
+CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR
+gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I
+RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN
+thI=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
diff --git a/deps/openssl/openssl/demos/bio/shared.opt b/deps/openssl/openssl/demos/bio/shared.opt
new file mode 100644
index 0000000000..4141b93a53
--- /dev/null
+++ b/deps/openssl/openssl/demos/bio/shared.opt
@@ -0,0 +1,2 @@
+OSSL$LIBSSL_SHR/SHARE
+OSSL$LIBCRYPTO_SHR/SHARE
diff --git a/deps/openssl/openssl/demos/bio/static.opt b/deps/openssl/openssl/demos/bio/static.opt
new file mode 100644
index 0000000000..9ca1588f77
--- /dev/null
+++ b/deps/openssl/openssl/demos/bio/static.opt
@@ -0,0 +1,2 @@
+OSSL$LIBSSL/LIB
+OSSL$LIBCRYPTO/LIB
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-20 22:10:31 +0000