Experimental renegotiation support in s_server test -www server.
This commit is contained in:
Dr. Stephen Henson
parent
92714455af
commit
08c239701b
2 changed files with 36 additions and 1 deletions
5
CHANGES
5
CHANGES
|
|
@ -4,6 +4,11 @@
|
|||
|
||||
Changes between 1.0.0 and 1.1.0 [xx XXX xxxx]
|
||||
|
||||
*) Experiemental regnegotiation in s_server -www mode. If the client
|
||||
browsers /reneg connection is renegotiated. If /renegcert it is
|
||||
renegotiated requestion a certificate.
|
||||
[Steve Henson]
|
||||
|
||||
*) Add an "external" session cache for debugging purposes to s_server. This
|
||||
should help trace issues which normally are only apparent in deployed
|
||||
multi-process servers.
|
||||
|
|
|
|||
|
|
@ -2324,7 +2324,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
|||
}
|
||||
SSL_set_bio(con,sbio,sbio);
|
||||
SSL_set_accept_state(con);
|
||||
|
||||
/* SSL_set_fd(con,s); */
|
||||
BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
|
||||
BIO_push(io,ssl_bio);
|
||||
|
|
@ -2406,6 +2405,32 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
|||
STACK_OF(SSL_CIPHER) *sk;
|
||||
static const char *space=" ";
|
||||
|
||||
if (www == 1 && strncmp("GET /reneg", buf, 10) == 0)
|
||||
{
|
||||
if (strncmp("GET /renegcert", buf, 14) == 0)
|
||||
SSL_set_verify(con,
|
||||
SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
|
||||
i=SSL_renegotiate(con);
|
||||
BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n",i);
|
||||
i=SSL_do_handshake(con);
|
||||
if (i <= 0)
|
||||
{
|
||||
BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n", SSL_get_error(con, i));
|
||||
ERR_print_errors(bio_err);
|
||||
goto err;
|
||||
}
|
||||
/* EVIL HACK! */
|
||||
con->state = SSL_ST_ACCEPT;
|
||||
i=SSL_do_handshake(con);
|
||||
BIO_printf(bio_s_out, "SSL_do_handshake -> %d\n",i);
|
||||
if (i <= 0)
|
||||
{
|
||||
BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n", SSL_get_error(con, i));
|
||||
ERR_print_errors(bio_err);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
|
||||
BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
|
||||
BIO_puts(io,"<pre>\n");
|
||||
|
|
@ -2418,6 +2443,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
|||
}
|
||||
BIO_puts(io,"\n");
|
||||
|
||||
BIO_printf(io,
|
||||
"Secure Renegotiation IS%s supported\n",
|
||||
SSL_get_secure_renegotiation_support(con) ?
|
||||
"" : " NOT");
|
||||
|
||||
/* The following is evil and should not really
|
||||
* be done */
|
||||
BIO_printf(io,"Ciphers supported in s_server binary\n");
|
||||
|
|
|
|||
Loading…
Reference in a new issue