summaryrefslogtreecommitdiff
path: root/apps/s_server.c
Commit message (Collapse)AuthorAgeFilesLines
* apps/s_server.c: Add check for OPENSSL_strdupJiasheng Jiang2022-06-221-0/+2
| | | | | | | | | | | | As the potential failure of the OPENSSL_strdup(), it should be better to check the return value and return error if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18595)
* s_serve: Report an error if init-connection fails without an attempt to read.Daniel Fiala2022-05-061-4/+42
| | | | | | | | | Fixes: openssl#18047. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18154)
* Remove duplicated #include headersJHH202022-05-041-1/+0
| | | | | | | | | CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18220)
* Update copyright yearMatt Caswell2022-05-031-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* str[n]casecmp => OPENSSL_strncasecmpDmitry Belyavskiy2022-04-221-1/+1
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
* Add TFO support to socket BIO and s_client/s_serverTodd Short2022-03-101-1/+16
| | | | | | | | | | | Supports Linux, MacOS and FreeBSD Disabled by default, enabled via `enabled-tfo` Some tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8692)
* check the return value of BIO_new_file()xkernel2022-03-101-0/+4
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17820)
* apps: several return value checks for BIO_new()xkernel2022-03-041-2/+6
| | | | | | | | | Also check return value of functions that call BIO_new() internally such as dup_bio_out(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17421)
* s_server: Do not use SSL_sendfile when KTLS is not being usedHugo Landau2022-03-031-1/+8
| | | | | | | | | | | | | | Fix a bug in `openssl s_server -WWW` where it would attempt to invoke `SSL_sendfile` if `-ktls -sendfile` was passed on the command line, even if KTLS has not actually been enabled, for example because it is not supported by the host. Since `SSL_sendfile` is only supported when KTLS is actually being used, this resulted in a failure to serve requests. Fixes #17503. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17788)
* apps/s_server: Add missing check for BIO_newJiasheng Jiang2022-02-171-4/+50
| | | | | | | | | | | | | | As the potential failure of the BIO_new(), it should be better to check the return value and return error if fails in order to avoid the dereference of NULL pointer. And because 'bio_s_msg' is checked before being used everytime, which has no need to add the check. But 'bio_s_out' is not. And since the check 'if (bio_s_out == NULL)' is redundant, it can be removed to make the code succincter. Also the 'sbio' and so forth should be checked like the other places in the same file. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17710)
* s_server: Add check for OPENSSL_strdupJiasheng Jiang2022-02-171-2/+3
| | | | | | | | | | | | | | | | Since the OPENSSL_strdup() may return NULL if allocation fails, the 'port' could be NULL. And then it will be used in do_server(), which can accept NULL as an valid parameter. That means that the system could run with a wrong parameter. Therefore it should be better to check it, like the other memory allocation. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17673)
* s_server: correctly handle 2^14 byte long recordsHubert Kario2022-01-201-5/+9
| | | | | | | | | | | | | | | as the code uses BIO_gets, and it always null terminates the strings it reads, when it reads a record 2^14 byte long, it actually returns 2^14-1 bytes to the calling application, in general it returns size-1 bytes to the caller This makes the code sub-optimal (as every 2^14 record will need two BIO_gets() calls) and makes it impossible to use -rev option to test all plaintext lengths (like in openssl#15706) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17538)
* add OSSL_STACK_OF_X509_free() for commonly used patternDr. David von Oheimb2021-12-211-2/+2
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
* apps/s_server: Correct s_server to return the correct file pathTianjia Zhang2021-12-101-1/+1
| | | | | | | | | | | | When s_server responds to a file data with the -WWW parameter, it always gets a path named "GET". In this case, we need to skip the "GET /" character to get the correct file path. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17231)
* APPS: Improve diagnostics on missing/extra args and unknown cipher/digestDr. David von Oheimb2021-12-071-2/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16450)
* SSL_export_keying_material: fix return checkPeiwei Hu2021-11-221-2/+2
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17028)
* Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string ↵Dr. David von Oheimb2021-11-171-14/+10
| | | | | | | has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
* Revise s_client and s_server verbiage re secure renegotiation.Felipe Gasper2021-11-021-6/+4
| | | | | | | | | | | | Since TLS v1.3 eschews renegotiation entirely it’s misleading to have these apps say it’s “not supported” when in fact the TLS version is new enough not to need renegotiation at all. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16937)
* Fix the s_server psk_server_cb for use in DTLSMatt Caswell2021-10-221-5/+5
| | | | | | | | | | | Commit 0007ff257c added a protocol version check to psk_server_cb but failed to take account of DTLS causing DTLS based psk connections to fail. Fixes #16707 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/16838)
* apps/s_server: Add ktls optionTianjia Zhang2021-09-191-1/+19
| | | | | | | | | | | | | | | | | From openssl-3.0.0-alpha15, KTLS is turned off by default, even if KTLS feature in compilation, which makes it difficult to use KTLS through s_server/s_client, so a parameter option 'ktls' is added to enable KTLS through cmdline. At the same time, SSL_sendfile() depends on KTLS feature to work properly, make parameters sendfile depend on parameters ktls. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16609)
* Fix s_server PSK handlingMatt Caswell2021-07-091-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue #15951 describes a scenario which causes s_server to fail when using a PSK. In the originally described issue this only impacted master and not 1.1.1. However, in fact this issue does also impact 1.1.1 - but only if you additionally supply the option "-no_ticket" to the s_server command line. The difference between the behaviour in master and 1.1.1 is due to 9c13b49, which changed PSK_MAX_IDENTITY_LEN from 128 to 256. It just so happens that a default OpenSSL TLSv1.3 ticket length happens to fall between those 2 values. Tickets are presented in TLSv1.3 as a PSK "identity". Passing "no_ticket" doesn't actually stop TLSv1.3 tickets completely, it just forces the use of "session ids as a ticket" instead. This significantly reduces the ticket size to below 128 in 1.1.1. The problem was due to s_server setting a TLSv1.2 PSK callback and a TLSv1.3 PSK callback. For backwards compat reasons the TLSv1.2 PSK callbacks also work in TLSv1.3 but are not preferred. In the described scenario we use a PSK to create the initial connection. Subsequent to that we attempt a resumption using a TLSv1.3 ticket (psk). If the psk length is below PSK_MAX_IDENTITY_LEN then we first call the TLSv1.2 PSK callback. Subsequently we call the TLSv1.3 PSK callback. Unfortunately s_server's TLSv1.2 PSK callback accepts the identity regardless, even though it is an unexpected value, and hence the binder subsequently fails to verify. The fix is to bail early in the TLSv1.2 callback if we detect we are being called from a TLSv1.3 connection. Fixes #15951 Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16008)
* apps: address potential memory leaksPauli2021-06-261-0/+4
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15910)
* s_server: make -rev option easier to find (mention echo)Hubert Kario2021-06-151-1/+1
| | | | | | | | | | | | Since the service is echo-like (see TCP port 7 from RFC 862 or gnutls-serv --echo), make it easier to find by mentioning "echo" in the description of it in the help message an man page Also fixes the man page inconsistency ("sends it back to the server") Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15739)
* Remove "-immedate_renegotiation" optionRich Salz2021-06-151-6/+0
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15415)
* Fix s_server app to not report an error when using a non DH certificate.Shane Lontis2021-06-101-4/+6
| | | | | | | | | | | | Fixes #15071 It always tries loading the cert as DH which previously did not produce an error. The errors are not suppressed for these operations. The output now matches previous versions of OpenSSL. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15670)
* Deprecate old style BIO callback callsTomas Mraz2021-05-261-3/+3
| | | | | | | | New style BIO_debug_callback_ex() function added to provide replacement for BIO_debug_callback(). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15440)
* DOC: Fix nits found by new check on SYNOPSIS and OPTIONS consistencyDr. David von Oheimb2021-05-201-6/+6
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15299)
* Move ossl_sleep() to e_os.h and use it in appsDr. David von Oheimb2021-05-181-6/+2
| | | | | | | | Fixes #15304 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15308)
* apps/s_server: Add -proxy and -no_proxy optionsDr. David von Oheimb2021-05-181-1/+22
| | | | | | | Strongly related to feature request #6965 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15245)
* apps/ocsp: Add -proxy and -no_proxy optionsDr. David von Oheimb2021-05-181-2/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15245)
* Add SSL_OP_ALLOW_CLIENT_RENEGOTIATIONRich Salz2021-05-171-0/+6
| | | | | | | | | | | | | | | | | | | Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app, the config code, and the documentation. Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to always enable it, but there are so many tests so this is the easiest thing to do. Add a test where client tries to renegotiate and it fails as expected. Add a test where server tries to renegotiate and it succeeds. The second test is supported by a new flag, -immediate_renegotiation, which is ignored on the client. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15184)
* Make the -inform option to be respected if possibleTomas Mraz2021-05-061-10/+12
| | | | | | | | | | | | | | | | Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called. The input type format is enforced only in case the file type file store is used. By default we use FORMAT_UNDEF meaning the input type is not enforced. Fixes #14569 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
* APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macroDr. David von Oheimb2021-05-051-1/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15111)
* Fix CRL app so that stdin works.Shane Lontis2021-04-301-1/+1
| | | | | | | | | | Fixes #15031 The maybe_stdin needed to be passed to load_key_certs_crls(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15058)
* APPS: make apps strict on app_RAND_load() and app_RAND_write() failureDr. David von Oheimb2021-04-141-1/+3
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14840)
* apps: Add maybe_stdin argument to load_certs and set it in pkcs12Tomas Mraz2021-03-151-2/+2
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14449)
* OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment componentsDr. David von Oheimb2021-03-011-5/+5
| | | | | | | | | | | | | | | | Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query, and frag components. All usages of this function, which are client-only, silently ignore userinfo and frag components, while the query component is taken as part of the path. Update and extend the unit tests and all affected documentation. Document and deprecat OCSP_parse_url(). Fixes an issue that came up when discussing FR #14001. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14009)
* Update copyright yearMatt Caswell2021-02-181-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
* Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_clientPetr Gotthard2021-02-171-2/+2
| | | | | | | | | | The `openssl s_server` and `openssl s_client` currently ignore the `-propquery` parameter. Fix patch fixes this. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14195)
* Deprecate the low level SRP APIsMatt Caswell2021-02-121-121/+22
| | | | | | | | | The OTC decided that all low level APIs should be deprecated. This extends to SRP, even though at the current time there is no "EVP" interface to it. This could be added in a future release. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14132)
* Load rand state after loading providersRich Salz2021-02-121-0/+1
| | | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14135)
* Drop OPENSSL_NO_RSA everywhereRichard Levitte2020-12-201-3/+1
| | | | | | | | The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13700)
* Drop unnecessary checks of OPENSSL_NO_DH, OPENSSL_NO_DSA and OPENSSL_NO_ECRichard Levitte2020-12-161-6/+1
| | | | | | | The apps, the CMS library and the X.509 library are primarly affected. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)
* Check non-option argumentsRich Salz2020-12-151-1/+4
| | | | | | | | | | | | | Make sure all commands check to see if there are any "extra" arguments after the options, and print an error if so. Made all error messages consistent (which is to say, minimal). Fixes: #13527 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13563)
* Minor cleanup of error output for various appsDavid von Oheimb2020-11-191-1/+2
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
* Only disabled what we need to in a no-dh buildMatt Caswell2020-11-181-6/+0
| | | | | | | | | no-dh disables the low level API for DH. However, since we're now using the high level EVP API in most places we don't need to disable quite so much. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Implement a replacement for SSL_set_tmp_dh()Matt Caswell2020-11-181-52/+35
| | | | | | | | The old function took a DH as a parameter. In the new version we pass an EVP_PKEY instead. Similarly for the SSL_CTX version of this function. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* Remove deprecated functionality from s_serverMatt Caswell2020-11-181-2/+15
| | | | | | | This will be added back in by a later commit Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* APPS: Remove the format argument where it's not usedRichard Levitte2020-10-261-6/+5
| | | | | | | | | | | | Also, restore a behaviour change, where load_cert() would look at stdin when the input file name is NULL, and make sure to call load_cert_pass() with a corresponding argument where load_cert() was used in OpenSSL 1.1.1. Fixes #13235 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13236)
* load_key_certs_crls(): Restore output of fatal errorsDr. David von Oheimb2020-09-241-6/+6
| | | | | | | | | | Also improve credentials loading diagnostics for many apps. Fixes #12840 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12893)
View Lorry Controller Status