-/*
- * Simple TLS Server code is based on
- * https://wiki.openssl.org/index.php/Simple_TLS_Server
- */
-static int s_server(EVP_PKEY *pkey, X509 *cert, int client)
-{
- SSL_CTX *ctx;
- T(ctx = SSL_CTX_new(TLS_server_method()));
- T(SSL_CTX_use_certificate(ctx, cert));
- T(SSL_CTX_use_PrivateKey(ctx, pkey));
- T(SSL_CTX_check_private_key(ctx));
-
- SSL *ssl;
- T(ssl = SSL_new(ctx));
- T(SSL_set_fd(ssl, client));
- if (cipher_list)
- T(SSL_set_cipher_list(ssl, cipher_list));
- T(SSL_accept(ssl) == 1);
-
- /* Receive data from client */
- char buf[1024];
- int i;
- for (i = 0; i < KTRANSFER; i++) {
- int k;
-
- T(SSL_read(ssl, buf, sizeof(buf)) == sizeof(buf));
- for (k = 0; k < sizeof(buf); k++)
- if (buf[k] != 'c')
- err(1, "corruption from client");
- }
- /* Send data to client. */
- memset(buf, 's', sizeof(buf));
- for (i = 0; i < KTRANSFER; i++) {
- T(SSL_write(ssl, buf, sizeof(buf)) == sizeof(buf));
- }
- SSL_shutdown(ssl);
- SSL_free(ssl);
- close(client);
-
- SSL_CTX_free(ctx);
- return 0;
-}
-
-/*
- * Simple TLC Client code is based on man BIO_f_ssl and
- * https://wiki.openssl.org/index.php/SSL/TLS_Client
- */
-static int s_client(int server)
-{
- SSL_CTX *ctx;
- T(ctx = SSL_CTX_new(TLS_client_method()));
-
- BIO *sbio;
- T(sbio = BIO_new_ssl_connect(ctx));
- SSL *ssl;
- T(BIO_get_ssl(sbio, &ssl));
- T(SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY));
- if (cipher_list)
- T(SSL_set_cipher_list(ssl, cipher_list));
-#if 0
- /* Does not work with reneg. */
- BIO_set_ssl_renegotiate_bytes(sbio, 100 * 1024);
-#endif
- T(SSL_set_fd(ssl, server));
- T(BIO_do_handshake(sbio) == 1);
-
- printf("Protocol: %s\n", SSL_get_version(ssl));
- printf("Cipher: %s\n", SSL_get_cipher_name(ssl));
- if (verbose) {
- SSL_SESSION *sess = SSL_get0_session(ssl);
- SSL_SESSION_print_fp(stdout, sess);
- }
-
- X509 *cert;
- T(cert = SSL_get_peer_certificate(ssl));
- X509_free(cert);
- int verify = SSL_get_verify_result(ssl);
- printf("Verify: %s\n", X509_verify_cert_error_string(verify));
- if (verify != X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
- err(1, "invalid SSL_get_verify_result");
-
- /* Send data to server. */
- char buf[1024];
- int i;
- memset(buf, 'c', sizeof(buf));
- for (i = 0; i < KTRANSFER; i++) {
- T(BIO_write(sbio, buf, sizeof(buf)) == sizeof(buf));
- }
- (void)BIO_shutdown_wr(sbio);
-
- /* Receive data from server. */
- for (i = 0; i < KTRANSFER; i++) {
- int k;
- int n = BIO_read(sbio, buf, sizeof(buf));
-
- if (n != sizeof(buf)) {
- printf("i:%d BIO_read:%d SSL_get_error:%d\n", i, n,
- SSL_get_error(ssl, n));
- ERR_print_errors_fp(stderr);
- err(1, "BIO_read");
- }
-
- for (k = 0; k < sizeof(buf); k++)
- if (buf[k] != 's')
- err(1, "corruption from server");
- }
-
- i = BIO_get_num_renegotiates(sbio);
- if (i)
- printf("Renegs: %d\n", i);
- BIO_free_all(sbio);
- SSL_CTX_free(ctx);
-
- return 0;
-}
-