From f904c598ed7bab466779be752777f064e08a59fa Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 30 Jul 2012 11:58:57 -0700 Subject: [PATCH] make server example more generic with short command opts --- cyassl/test.h | 18 +-- examples/echoserver/echoserver.c | 5 +- examples/server/server.c | 207 +++++++++++++++++++++---------- tests/api.c | 2 +- 4 files changed, 155 insertions(+), 77 deletions(-) diff --git a/cyassl/test.h b/cyassl/test.h index 8e682fb71..c13ec8caa 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -96,6 +96,8 @@ #endif +#define SERVER_DEFAULT_VERSION 3 + /* all certs relative to CyaSSL home directory now */ static const char* caCert = "./certs/ca-cert.pem"; static const char* eccCert = "./certs/server-ecc.pem"; @@ -298,17 +300,16 @@ static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port) } -static INLINE void tcp_listen(SOCKET_T* sockfd) +static INLINE void tcp_listen(SOCKET_T* sockfd, int port, int useAnyAddr) { SOCKADDR_IN_T addr; /* don't use INADDR_ANY by default, firewall may block, make user switch on */ -#ifdef USE_ANY_ADDR - tcp_socket(sockfd, &addr, INADDR_ANY, yasslPort); -#else - tcp_socket(sockfd, &addr, yasslIP, yasslPort); -#endif + if (useAnyAddr) + tcp_socket(sockfd, &addr, INADDR_ANY, port); + else + tcp_socket(sockfd, &addr, yasslIP, port); #ifndef USE_WINDOWS_API { @@ -379,7 +380,8 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args) *clientfd = udp_read_connect(*sockfd); } -static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args) +static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args, + int port, int useAnyAddr) { SOCKADDR_IN_T client; socklen_t client_len = sizeof(client); @@ -389,7 +391,7 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args) return; #endif - tcp_listen(sockfd); + tcp_listen(sockfd, port, useAnyAddr); #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER) /* signal ready to tcp_accept */ diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index e726f4a8f..2abe64a87 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -58,6 +58,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) int outCreated = 0; int shutdown = 0; + int useAnyAddr = 0; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; @@ -72,7 +73,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) ((func_args*)args)->return_code = -1; /* error state */ - tcp_listen(&sockfd); + tcp_listen(&sockfd, yasslPort, useAnyAddr); #if defined(CYASSL_DTLS) method = CyaDTLSv1_server_method(); @@ -236,7 +237,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) CyaSSL_free(ssl); CloseSocket(clientfd); #ifdef CYASSL_DTLS - tcp_listen(&sockfd); + tcp_listen(&sockfd, yasslPort, useAnyAddr); SignalReady(args); #endif } diff --git a/examples/server/server.c b/examples/server/server.c index 1403a109f..b85b344a6 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -25,6 +25,7 @@ #include #include +#include #ifdef CYASSL_CALLBACKS @@ -63,6 +64,24 @@ #endif +static void Usage(void) +{ + printf("server " VERSION " NOTE: All files relative to CyaSSL home dir" + "\n"); + printf("-? Help, print this usage\n"); + printf("-p Port to listen on, default %d\n", yasslPort); + printf("-v SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n", + SERVER_DEFAULT_VERSION); + printf("-l Cipher list\n"); + printf("-c Certificate file, default %s\n", svrCert); + printf("-k Key file, default %s\n", svrKey); + printf("-A Certificate Authority file, default %s\n", cliCert); + printf("-d Disable client cert check\n"); + printf("-b Bind to any interface instead of localhost only\n"); + printf("-s Use pre Shared keys\n"); +} + + THREAD_RETURN CYASSL_THREAD server_test(void* args) { SOCKET_T sockfd = 0; @@ -72,80 +91,136 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) SSL_CTX* ctx = 0; SSL* ssl = 0; - char msg[] = "I hear you fa shizzle!"; - char input[1024]; - int idx; - + char msg[] = "I hear you fa shizzle!"; + char input[1024]; + int idx; + int ch; + int version = SERVER_DEFAULT_VERSION; + int doCliCertCheck = 1; + int useAnyAddr = 0; + int port = yasslPort; + int usePsk = 0; + char* cipherList = NULL; + char* verifyCert = (char*)cliCert; + char* ourCert = (char*)svrCert; + char* ourKey = (char*)svrKey; + int argc = ((func_args*)args)->argc; + char** argv = ((func_args*)args)->argv; + ((func_args*)args)->return_code = -1; /* error state */ -#if defined(CYASSL_DTLS) - method = DTLSv1_server_method(); -#elif !defined(NO_TLS) - method = SSLv23_server_method(); -#else - method = SSLv3_server_method(); -#endif - ctx = SSL_CTX_new(method); + + while ((ch = getopt(argc, argv, "?dbsp:v:l:A:c:k:")) != -1) { + switch (ch) { + case '?' : + Usage(); + exit(EXIT_SUCCESS); + + case 'd' : + doCliCertCheck = 0; + break; + + case 'b' : + useAnyAddr = 1; + break; + + case 's' : + usePsk = 1; + break; + + case 'p' : + port = atoi(optarg); + break; + + case 'v' : + version = atoi(optarg); + if (version < 0 || version > 3) { + Usage(); + exit(EX_USAGE); + } + break; + + case 'l' : + cipherList = optarg; + break; + + case 'A' : + verifyCert = optarg; + break; + + case 'c' : + ourCert = optarg; + break; + + case 'k' : + ourKey = optarg; + break; + + default: + Usage(); + exit(EX_USAGE); + } + } + + argc -= optind; + argv += optind; + + switch (version) { + case 0: + method = SSLv3_server_method(); + break; + + case 1: + method = TLSv1_server_method(); + break; + + case 2: + method = TLSv1_1_server_method(); + break; + + case 3: + method = TLSv1_2_server_method(); + break; + + default: + err_sys("Bad SSL version"); + } + + ctx = SSL_CTX_new(method); + + if (cipherList) + SSL_CTX_set_cipher_list(ctx, cipherList); + + if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM) + != SSL_SUCCESS) + err_sys("can't load server cert file, check file and run from" + " CyaSSL home dir"); + + if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) + != SSL_SUCCESS) + err_sys("can't load server cert file, check file and run from" + " CyaSSL home dir"); #ifndef NO_PSK - /* do PSK */ - SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); - SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); - SSL_CTX_set_cipher_list(ctx, "PSK-AES256-CBC-SHA"); -#else - /* not using PSK, verify peer with certs */ - SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0); + if (usePsk) { + SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); + SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); + if (cipherList == NULL) + SSL_CTX_set_cipher_list(ctx, "PSK-AES256-CBC-SHA"); + } #endif + /* if not using PSK, verify peer with certs */ + if (doCliCertCheck && usePsk == 0) { + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | + SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0); + if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) + err_sys("can't load ca file, Please run from CyaSSL home dir"); + } + #ifdef OPENSSL_EXTRA SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif -#ifndef NO_FILESYSTEM - /* for client auth */ - if (SSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) - err_sys("can't load ca file, Please run from CyaSSL home dir"); - - #ifdef HAVE_ECC - if (SSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM) - != SSL_SUCCESS) - err_sys("can't load server ecc cert file, " - "Please run from CyaSSL home dir"); - - if (SSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM) - != SSL_SUCCESS) - err_sys("can't load server ecc key file, " - "Please run from CyaSSL home dir"); - /* for client auth */ - if (SSL_CTX_load_verify_locations(ctx, cliEccCert, 0) != SSL_SUCCESS) - err_sys("can't load ecc ca file, Please run from CyaSSL home dir"); - - #elif HAVE_NTRU - if (SSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM) - != SSL_SUCCESS) - err_sys("can't load ntru cert file, " - "Please run from CyaSSL home dir"); - - if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey) - != SSL_SUCCESS) - err_sys("can't load ntru key file, " - "Please run from CyaSSL home dir"); - #else /* normal */ - if (SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) - != SSL_SUCCESS) - err_sys("can't load server cert chain file, " - "Please run from CyaSSL home dir"); - - if (SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) - != SSL_SUCCESS) - err_sys("can't load server key file, " - "Please run from CyaSSL home dir"); - #endif /* NTRU */ -#else - load_buffer(ctx, cliCert, CYASSL_CA); - load_buffer(ctx, svrCert, CYASSL_CERT); - load_buffer(ctx, svrKey, CYASSL_KEY); -#endif /* NO_FILESYSTEM */ - #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) /* don't use EDH, can't sniff tmp keys */ SSL_CTX_set_cipher_list(ctx, "AES256-SHA"); @@ -158,7 +233,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) CYASSL_CRL_START_MON); CyaSSL_SetCRL_Cb(ssl, CRL_CallBack); #endif - tcp_accept(&sockfd, &clientfd, (func_args*)args); + tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr); #ifndef CYASSL_DTLS CloseSocket(sockfd); #endif diff --git a/tests/api.c b/tests/api.c index c0067b9f5..2862c5007 100644 --- a/tests/api.c +++ b/tests/api.c @@ -603,7 +603,7 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) return 0; } ssl = CyaSSL_new(ctx); - tcp_accept(&sockfd, &clientfd, (func_args*)args); + tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0); #ifndef CYASSL_DTLS CloseSocket(sockfd); #endif