server-conf.c

/* NOCW */
/* demos/bio/saccept-conf.c */

/* A minimal program to serve an SSL connection.
 * It uses blocking.
 * It uses the SSL_CONF API with a configuration file.
 *
 * cc -I../../include saccept.c -L../.. -lssl -lcrypto -ldl
 */

#include <stdio.h>
#include <signal.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/conf.h>

int main(int argc, char *argv[])
	{
	char *port = "*:4433";
	BIO *in=NULL;
	BIO *ssl_bio,*tmp;
	SSL_CTX *ctx;
	SSL_CONF_CTX *cctx = NULL;
	CONF *conf = NULL;
	STACK_OF(CONF_VALUE) *sect = NULL;
	CONF_VALUE *cnf;
	long errline = -1;
	char buf[512];
	int ret=1,i;

	SSL_load_error_strings();

	/* Add ciphers and message digests */
	OpenSSL_add_ssl_algorithms();

	conf = NCONF_new(NULL);

	if (NCONF_load(conf, "accept.cnf", &errline) <= 0)
		{
		if (errline <= 0)
			fprintf(stderr, "Error processing config file\n");
		else
			fprintf(stderr, "Error on line %ld\n", errline);
		goto err;
		}

	sect = NCONF_get_section(conf, "default");

	if (sect == NULL)
		{
		fprintf(stderr, "Error retrieving default section\n");
		goto err;
		}

	ctx=SSL_CTX_new(SSLv23_server_method());
	cctx = SSL_CONF_CTX_new();
	SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
	SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
	SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
	SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
	for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
		{
		int rv;
		cnf = sk_CONF_VALUE_value(sect, i);
		rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value);
		if (rv > 0)
			continue;
		if (rv != -2)
			{
			fprintf(stderr, "Error processing %s = %s\n",
						cnf->name, cnf->value);
			ERR_print_errors_fp(stderr);
			goto err;
			}
		if (!strcmp(cnf->name, "Port"))
			{
			port = cnf->value;
			}
		else
			{
			fprintf(stderr, "Unknown configuration option %s\n",
							cnf->name);
			goto err;
			}
		}

	if (!SSL_CONF_CTX_finish(cctx))
		{
		fprintf(stderr, "Finish error\n");
		ERR_print_errors_fp(stderr);
		goto err;
		}

	/* Setup server side SSL bio */
	ssl_bio=BIO_new_ssl(ctx,0);

	if ((in=BIO_new_accept(port)) == NULL) goto err;

	/* This means that when a new connection is accepted on 'in',
	 * The ssl_bio will be 'duplicated' and have the new socket
	 * BIO push into it.  Basically it means the SSL BIO will be
	 * automatically setup */
	BIO_set_accept_bios(in,ssl_bio);

again:
	/* The first call will setup the accept socket, and the second
	 * will get a socket.  In this loop, the first actual accept
	 * will occur in the BIO_read() function. */

	if (BIO_do_accept(in) <= 0) goto err;

	for (;;)
		{
		i=BIO_read(in,buf,512);
		if (i == 0)
			{
			/* If we have finished, remove the underlying
			 * BIO stack so the next time we call any function
			 * for this BIO, it will attempt to do an
			 * accept */
			printf("Done\n");
			tmp=BIO_pop(in);
			BIO_free_all(tmp);
			goto again;
			}
		if (i < 0)
			{
			if (BIO_should_retry(in))
				continue;
			goto err;
			}
		fwrite(buf,1,i,stdout);
		fflush(stdout);
		}

	ret=0;
err:
	if (ret)
		{
		ERR_print_errors_fp(stderr);
		}
	if (in != NULL) BIO_free(in);
	exit(ret);
	return(!ret);
	}