3 * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
5 * This file is part of CyaSSL.
7 * CyaSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * CyaSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
26 #include <cyassl/openssl/ssl.h>
27 #include <cyassl/test.h>
30 #ifdef CYASSL_CALLBACKS
31 int srvHandShakeCB(HandShakeInfo*);
32 int srvTimeoutCB(TimeoutInfo*);
36 #if defined(NON_BLOCKING) || defined(CYASSL_CALLBACKS)
37 void NonBlockingSSL_Accept(SSL* ssl)
39 #ifndef CYASSL_CALLBACKS
40 int ret = SSL_accept(ssl);
42 int ret = CyaSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo);
44 int error = SSL_get_error(ssl, 0);
45 while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
46 error == SSL_ERROR_WANT_WRITE)) {
47 printf("... server would block\n");
48 #ifdef USE_WINDOWS_API
53 #ifndef CYASSL_CALLBACKS
54 ret = SSL_accept(ssl);
56 ret = CyaSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB,srvTo);
58 error = SSL_get_error(ssl, 0);
60 if (ret != SSL_SUCCESS)
61 err_sys("SSL_accept failed");
66 static void Usage(void)
68 printf("server " LIBCYASSL_VERSION_STRING
69 " NOTE: All files relative to CyaSSL home dir\n");
70 printf("-? Help, print this usage\n");
71 printf("-p <num> Port to listen on, default %d\n", yasslPort);
72 printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
73 SERVER_DEFAULT_VERSION);
74 printf("-l <str> Cipher list\n");
75 printf("-c <file> Certificate file, default %s\n", svrCert);
76 printf("-k <file> Key file, default %s\n", svrKey);
77 printf("-A <file> Certificate Authority file, default %s\n", cliCert);
78 printf("-d Disable client cert check\n");
79 printf("-b Bind to any interface instead of localhost only\n");
80 printf("-s Use pre Shared keys\n");
81 printf("-u Use UDP DTLS\n");
85 THREAD_RETURN CYASSL_THREAD server_test(void* args)
90 SSL_METHOD* method = 0;
94 char msg[] = "I hear you fa shizzle!";
98 int version = SERVER_DEFAULT_VERSION;
99 int doCliCertCheck = 1;
101 int port = yasslPort;
105 char* cipherList = NULL;
106 char* verifyCert = (char*)cliCert;
107 char* ourCert = (char*)svrCert;
108 char* ourKey = (char*)svrKey;
109 int argc = ((func_args*)args)->argc;
110 char** argv = ((func_args*)args)->argv;
112 ((func_args*)args)->return_code = -1; /* error state */
114 while ((ch = mygetopt(argc, argv, "?dbsnup:v:l:A:c:k:")) != -1) {
138 version = -1; /* DTLS flag */
142 port = atoi(myoptarg);
146 version = atoi(myoptarg);
147 if (version < 0 || version > 3) {
152 version = -1; /* stay with DTLS */
156 cipherList = myoptarg;
160 verifyCert = myoptarg;
179 myoptind = 0; /* reset for test cases */
183 method = SSLv3_server_method();
187 method = TLSv1_server_method();
191 method = TLSv1_1_server_method();
195 method = TLSv1_2_server_method();
200 method = DTLSv1_server_method();
205 err_sys("Bad SSL version");
209 err_sys("unable to get method");
211 ctx = SSL_CTX_new(method);
213 err_sys("unable to get ctx");
216 if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
217 err_sys("can't set cipher list");
219 if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
221 err_sys("can't load server cert file, check file and run from"
227 if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
229 err_sys("can't load ntru key file, "
230 "Please run from CyaSSL home dir");
235 if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
237 err_sys("can't load server cert file, check file and run from"
243 SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
244 SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
245 if (cipherList == NULL)
246 if (SSL_CTX_set_cipher_list(ctx,"PSK-AES256-CBC-SHA") !=SSL_SUCCESS)
247 err_sys("can't set cipher list");
251 /* if not using PSK, verify peer with certs */
252 if (doCliCertCheck && usePsk == 0) {
253 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
254 SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
255 if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
256 err_sys("can't load ca file, Please run from CyaSSL home dir");
260 SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
263 #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
264 /* don't use EDH, can't sniff tmp keys */
265 if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
266 err_sys("can't set cipher list");
271 err_sys("unable to get SSL");
274 CyaSSL_EnableCRL(ssl, 0);
275 CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
276 CYASSL_CRL_START_MON);
277 CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
279 tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS);
283 SSL_set_fd(ssl, clientfd);
285 #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
286 CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
288 SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
293 tcp_set_nonblocking(&clientfd);
294 NonBlockingSSL_Accept(ssl);
296 #ifndef CYASSL_CALLBACKS
297 if (SSL_accept(ssl) != SSL_SUCCESS) {
298 int err = SSL_get_error(ssl, 0);
300 printf("error = %d, %s\n", err, ERR_error_string(err, buffer));
301 err_sys("SSL_accept failed");
304 NonBlockingSSL_Accept(ssl);
309 idx = SSL_read(ssl, input, sizeof(input));
312 printf("Client message: %s\n", input);
315 if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
316 err_sys("SSL_write failed");
322 CloseSocket(clientfd);
323 ((func_args*)args)->return_code = 0;
328 /* so overall tests can pull in test function */
329 #ifndef NO_MAIN_DRIVER
331 int main(int argc, char** argv)
342 CyaSSL_Debugging_ON();
344 if (CurrentDir("server") || CurrentDir("build"))
350 return args.return_code;
354 char* myoptarg = NULL;
356 #endif /* NO_MAIN_DRIVER */
359 #ifdef CYASSL_CALLBACKS
361 int srvHandShakeCB(HandShakeInfo* info)
368 int srvTimeoutCB(TimeoutInfo* info)