feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

make server example more generic with short command opts

Browse Source
This commit is contained in:
toddouska
2012-07-30 11:58:57 -07:00
parent 3cd231bdfc
commit f904c598ed
4 changed files with 155 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
cyassl/test.h
View File

@@ -96,6 +96,8 @@
#endif #endif
#define SERVER_DEFAULT_VERSION 3
/* all certs relative to CyaSSL home directory now */ /* all certs relative to CyaSSL home directory now */
static const char* caCert = "./certs/ca-cert.pem"; static const char* caCert = "./certs/ca-cert.pem";
static const char* eccCert = "./certs/server-ecc.pem"; static const char* eccCert = "./certs/server-ecc.pem";
@@ -298,17 +300,16 @@ static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
} }
static INLINE void tcp_listen(SOCKET_T* sockfd) static INLINE void tcp_listen(SOCKET_T* sockfd, int port, int useAnyAddr)
{ {
SOCKADDR_IN_T addr; SOCKADDR_IN_T addr;
/* don't use INADDR_ANY by default, firewall may block, make user switch /* don't use INADDR_ANY by default, firewall may block, make user switch
on */ on */
#ifdef USE_ANY_ADDR if (useAnyAddr)
tcp_socket(sockfd, &addr, INADDR_ANY, yasslPort); tcp_socket(sockfd, &addr, INADDR_ANY, port);
#else else
tcp_socket(sockfd, &addr, yasslIP, yasslPort); tcp_socket(sockfd, &addr, yasslIP, port);
#endif
#ifndef USE_WINDOWS_API #ifndef USE_WINDOWS_API
{ {
@@ -379,7 +380,8 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
*clientfd = udp_read_connect(*sockfd); *clientfd = udp_read_connect(*sockfd);
} }
static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args) static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args,
int port, int useAnyAddr)
{ {
SOCKADDR_IN_T client; SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client); socklen_t client_len = sizeof(client);
@@ -389,7 +391,7 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
return; return;
#endif #endif
tcp_listen(sockfd); tcp_listen(sockfd, port, useAnyAddr);
#if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER)
/* signal ready to tcp_accept */ /* signal ready to tcp_accept */

5
examples/echoserver/echoserver.c
View File

@@ -58,6 +58,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
int outCreated = 0; int outCreated = 0;
int shutdown = 0; int shutdown = 0;
int useAnyAddr = 0;
int argc = ((func_args*)args)->argc; int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv; char** argv = ((func_args*)args)->argv;
@@ -72,7 +73,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
((func_args*)args)->return_code = -1; /* error state */ ((func_args*)args)->return_code = -1; /* error state */
tcp_listen(&sockfd); tcp_listen(&sockfd, yasslPort, useAnyAddr);
#if defined(CYASSL_DTLS) #if defined(CYASSL_DTLS)
method = CyaDTLSv1_server_method(); method = CyaDTLSv1_server_method();
@@ -236,7 +237,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_free(ssl); CyaSSL_free(ssl);
CloseSocket(clientfd); CloseSocket(clientfd);
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
tcp_listen(&sockfd); tcp_listen(&sockfd, yasslPort, useAnyAddr);
SignalReady(args); SignalReady(args);
#endif #endif
} }

207
examples/server/server.c
View File

@@ -25,6 +25,7 @@
#include <cyassl/openssl/ssl.h> #include <cyassl/openssl/ssl.h>
#include <cyassl/test.h> #include <cyassl/test.h>
#include <sysexits.h>
#ifdef CYASSL_CALLBACKS #ifdef CYASSL_CALLBACKS
@@ -63,6 +64,24 @@
#endif #endif
static void Usage(void)
{
printf("server " VERSION " NOTE: All files relative to CyaSSL home dir"
"\n");
printf("-? Help, print this usage\n");
printf("-p <num> Port to listen on, default %d\n", yasslPort);
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
SERVER_DEFAULT_VERSION);
printf("-l <str> Cipher list\n");
printf("-c <file> Certificate file, default %s\n", svrCert);
printf("-k <file> Key file, default %s\n", svrKey);
printf("-A <file> Certificate Authority file, default %s\n", cliCert);
printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n");
printf("-s Use pre Shared keys\n");
}
THREAD_RETURN CYASSL_THREAD server_test(void* args) THREAD_RETURN CYASSL_THREAD server_test(void* args)
{ {
SOCKET_T sockfd = 0; SOCKET_T sockfd = 0;
@@ -72,80 +91,136 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SSL_CTX* ctx = 0; SSL_CTX* ctx = 0;
SSL* ssl = 0; SSL* ssl = 0;
char msg[] = "I hear you fa shizzle!"; char msg[] = "I hear you fa shizzle!";
char input[1024]; char input[1024];
int idx; int idx;
int ch;
int version = SERVER_DEFAULT_VERSION;
int doCliCertCheck = 1;
int useAnyAddr = 0;
int port = yasslPort;
int usePsk = 0;
char* cipherList = NULL;
char* verifyCert = (char*)cliCert;
char* ourCert = (char*)svrCert;
char* ourKey = (char*)svrKey;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */ ((func_args*)args)->return_code = -1; /* error state */
#if defined(CYASSL_DTLS)
method = DTLSv1_server_method(); while ((ch = getopt(argc, argv, "?dbsp:v:l:A:c:k:")) != -1) {
#elif !defined(NO_TLS) switch (ch) {
method = SSLv23_server_method(); case '?' :
#else Usage();
method = SSLv3_server_method(); exit(EXIT_SUCCESS);
#endif
ctx = SSL_CTX_new(method); case 'd' :
doCliCertCheck = 0;
break;
case 'b' :
useAnyAddr = 1;
break;
case 's' :
usePsk = 1;
break;
case 'p' :
port = atoi(optarg);
break;
case 'v' :
version = atoi(optarg);
if (version < 0 || version > 3) {
Usage();
exit(EX_USAGE);
}
break;
case 'l' :
cipherList = optarg;
break;
case 'A' :
verifyCert = optarg;
break;
case 'c' :
ourCert = optarg;
break;
case 'k' :
ourKey = optarg;
break;
default:
Usage();
exit(EX_USAGE);
}
}
argc -= optind;
argv += optind;
switch (version) {
case 0:
method = SSLv3_server_method();
break;
case 1:
method = TLSv1_server_method();
break;
case 2:
method = TLSv1_1_server_method();
break;
case 3:
method = TLSv1_2_server_method();
break;
default:
err_sys("Bad SSL version");
}
ctx = SSL_CTX_new(method);
if (cipherList)
SSL_CTX_set_cipher_list(ctx, cipherList);
if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
#ifndef NO_PSK #ifndef NO_PSK
/* do PSK */ if (usePsk) {
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
SSL_CTX_set_cipher_list(ctx, "PSK-AES256-CBC-SHA"); if (cipherList == NULL)
#else SSL_CTX_set_cipher_list(ctx, "PSK-AES256-CBC-SHA");
/* not using PSK, verify peer with certs */ }
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
#endif #endif
/* if not using PSK, verify peer with certs */
if (doCliCertCheck && usePsk == 0) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif #endif
#ifndef NO_FILESYSTEM
/* for client auth */
if (SSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#ifdef HAVE_ECC
if (SSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server ecc cert file, "
"Please run from CyaSSL home dir");
if (SSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server ecc key file, "
"Please run from CyaSSL home dir");
/* for client auth */
if (SSL_CTX_load_verify_locations(ctx, cliEccCert, 0) != SSL_SUCCESS)
err_sys("can't load ecc ca file, Please run from CyaSSL home dir");
#elif HAVE_NTRU
if (SSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load ntru cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from CyaSSL home dir");
#else /* normal */
if (SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert chain file, "
"Please run from CyaSSL home dir");
if (SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
#endif /* NTRU */
#else
load_buffer(ctx, cliCert, CYASSL_CA);
load_buffer(ctx, svrCert, CYASSL_CERT);
load_buffer(ctx, svrKey, CYASSL_KEY);
#endif /* NO_FILESYSTEM */
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */ /* don't use EDH, can't sniff tmp keys */
SSL_CTX_set_cipher_list(ctx, "AES256-SHA"); SSL_CTX_set_cipher_list(ctx, "AES256-SHA");
@@ -158,7 +233,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
CYASSL_CRL_START_MON); CYASSL_CRL_START_MON);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack); CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#endif #endif
tcp_accept(&sockfd, &clientfd, (func_args*)args); tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr);
#ifndef CYASSL_DTLS #ifndef CYASSL_DTLS
CloseSocket(sockfd); CloseSocket(sockfd);
#endif #endif

2
tests/api.c
View File

@@ -603,7 +603,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
return 0; return 0;
} }
ssl = CyaSSL_new(ctx); ssl = CyaSSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args); tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0);
#ifndef CYASSL_DTLS #ifndef CYASSL_DTLS
CloseSocket(sockfd); CloseSocket(sockfd);
#endif #endif