mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added -x option to allow example server to continue running when errors occur.

Browse Source
This commit is contained in:
Kincade Pavich 2017-06-22 22:19:59 -06:00 committed by dgarske
parent 8ef556c2a0
commit fbc4123ec0
1 changed files with 79 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
examples/server/server.c
View File

@ -1,6 +1,6 @@
/* server.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -83,6 +83,17 @@ static const char webServerMsg[] =
"</body>\n"
"</html>\n";
int runWithErrors = 0; /* Used with -x flag to run err_sys vs. print errors */
static void err_sys_ex(int out, const char* msg)
{
if (out == 1) { /* if server is running w/ -x flag, print error w/o exit */
printf("wolfSSL error: %s\n", msg);
printf("Continuing server execution...\n\n");
} else {
err_sys(msg);
}
}
static int NonBlockingSSL_Accept(SSL* ssl)
{
#ifndef CYASSL_CALLBACKS
@ -156,7 +167,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
buffer = (char*)malloc(TEST_BUFFER_SIZE);
if (!buffer) {
err_sys("Server buffer malloc failed");
err_sys_ex(runWithErrors, "Server buffer malloc failed");
}
while ((echoData && throughput == 0) ||
@ -186,7 +197,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
#endif
if (err != SSL_ERROR_WANT_READ) {
printf("SSL_read echo error %d\n", err);
err_sys("SSL_read failed");
err_sys_ex(runWithErrors, "SSL_read failed");
}
}
else {
@ -214,7 +225,7 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int throughput)
} while (err == WC_PENDING_E);
if (ret != len) {
printf("SSL_write echo error %d\n", err);
err_sys("SSL_write failed");
err_sys_ex(runWithErrors, "SSL_write failed");
}
if (throughput) {
@ -262,7 +273,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen)
if (err != SSL_ERROR_WANT_READ) {
printf("SSL_read input error %d, %s\n", err,
ERR_error_string(err, buffer));
err_sys("SSL_read failed");
err_sys_ex(runWithErrors, "SSL_read failed");
}
}
} while (err == WC_PENDING_E);
@ -294,7 +305,7 @@ static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen)
if (ret != outputLen) {
printf("SSL_write msg error %d, %s\n", err,
ERR_error_string(err, buffer));
err_sys("SSL_write failed");
err_sys_ex(runWithErrors, "SSL_write failed");
}
}
@ -346,6 +357,7 @@ static void Usage(void)
#ifndef NO_PSK
printf("-I Do not send PSK identity hint\n");
#endif
printf("-x Print server errors but do not close connection\n");
printf("-i Loop indefinitely (allow repeated connections)\n");
printf("-e Echo data mode (return raw bytes received)\n");
#ifdef HAVE_NTRU
@ -506,16 +518,19 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef WOLFSSL_VXWORKS
useAnyAddr = 1;
#else
/* Not Used: h, m, t, x, y, z, F, J, M, T, V, W, X, Y */
/* Not Used: h, m, t, y, z, F, J, M, T, V, W, X, Y */
while ((ch = mygetopt(argc, argv, "?"
"abc:defgijk:l:nop:q:rsuv:w"
"A:B:C:D:E:GHIKL:NO:PQR:S:UYZ:"
"0")) != -1) {
"abc:defgijk:l:nop:q:rsuv:wx"
"A:B:C:D:E:GHIKL:NO:PQR:S:UYZ:""0")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'x' :
runWithErrors = 1;
break;
case 'd' :
doCliCertCheck = 0;
break;
@ -748,7 +763,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
/* Can only use DTLS over UDP or SCTP, can't do both. */
if (dtlsUDP && dtlsSCTP) {
err_sys("Cannot use DTLS with both UDP and SCTP.");
err_sys_ex(runWithErrors, "Cannot use DTLS with both UDP and SCTP.");
}
/* sort out DTLS versus TLS versions */
@ -769,7 +784,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_WNR
if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0)
err_sys("can't load whitewood net random config file");
err_sys_ex(runWithErrors, "can't load whitewood net random config file");
#endif
switch (version) {
@ -818,11 +833,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif
default:
err_sys("Bad SSL version");
err_sys_ex(runWithErrors, "Bad SSL version");
}
if (method == NULL)
err_sys("unable to get method");
err_sys_ex(runWithErrors, "unable to get method");
#ifdef WOLFSSL_STATIC_MEMORY
#ifdef DEBUG_WOLFSSL
@ -839,29 +854,29 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),0,1)
!= SSL_SUCCESS)
err_sys("unable to load static memory and create ctx");
err_sys_ex(runWithErrors, "unable to load static memory and create ctx");
/* load in a buffer for IO */
if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO),
WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1)
!= SSL_SUCCESS)
err_sys("unable to load static memory and create ctx");
err_sys_ex(runWithErrors, "unable to load static memory and create ctx");
#else
ctx = SSL_CTX_new(method(NULL));
#endif /* WOLFSSL_STATIC_MEMORY */
if (ctx == NULL)
err_sys("unable to get ctx");
err_sys_ex(runWithErrors, "unable to get ctx");
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305)
if (TicketInit() != 0)
err_sys("unable to setup Session Ticket Key context");
err_sys_ex(runWithErrors, "unable to setup Session Ticket Key context");
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif
if (cipherList && !useDefCipherList) {
if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 1");
err_sys_ex(runWithErrors, "server can't set cipher list 1");
}
#ifdef CYASSL_LEANPSK
@ -893,7 +908,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#if !defined(NO_FILESYSTEM)
if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
err_sys_ex(runWithErrors, "can't load server cert file, check file and run from"
" wolfSSL home dir");
#else
/* loads cert chain file using buffer API */
@ -904,17 +919,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifndef NO_DH
if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits) != SSL_SUCCESS) {
err_sys("Error setting minimum DH key size");
err_sys_ex(runWithErrors, "Error setting minimum DH key size");
}
#endif
#ifndef NO_RSA
if (wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != SSL_SUCCESS){
err_sys("Error setting minimum RSA key size");
err_sys_ex(runWithErrors, "Error setting minimum RSA key size");
}
#endif
#ifdef HAVE_ECC
if (wolfSSL_CTX_SetMinEccKey_Sz(ctx, minEccKeyBits) != SSL_SUCCESS){
err_sys("Error setting minimum ECC key size");
err_sys_ex(runWithErrors, "Error setting minimum ECC key size");
}
#endif
@ -922,7 +937,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (useNtruKey) {
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
err_sys_ex(runWithErrors, "can't load ntru key file, "
"Please run from wolfSSL home dir");
}
#endif
@ -931,7 +946,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#if !defined(NO_FILESYSTEM)
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server private key file, check file and run "
err_sys_ex(runWithErrors, "can't load server private key file, check file and run "
"from wolfSSL home dir");
#else
/* loads private key file using buffer API */
@ -963,7 +978,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
defaultCipherList = "PSK-AES128-CBC-SHA256";
#endif
if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 2");
err_sys_ex(runWithErrors, "server can't set cipher list 2");
}
#endif
}
@ -973,7 +988,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
CyaSSL_CTX_allow_anon_cipher(ctx);
if (cipherList == NULL || (cipherList && useDefCipherList)) {
if (SSL_CTX_set_cipher_list(ctx, "ADH-AES128-SHA") != SSL_SUCCESS)
err_sys("server can't set cipher list 4");
err_sys_ex(runWithErrors, "server can't set cipher list 4");
}
#endif
}
@ -986,12 +1001,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
((usePskPlus)? SSL_VERIFY_FAIL_EXCEPT_PSK :
SSL_VERIFY_FAIL_IF_NO_PEER_CERT),0);
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
#ifdef WOLFSSL_TRUST_PEER_CERT
if (trustCert) {
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
SSL_FILETYPE_PEM)) != SSL_SUCCESS) {
err_sys("can't load trusted peer cert file");
err_sys_ex(runWithErrors, "can't load trusted peer cert file");
}
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
@ -1002,7 +1017,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
/* don't use EDH, can't sniff tmp keys */
if (cipherList == NULL) {
if (SSL_CTX_set_cipher_list(ctx, "AES128-SHA") != SSL_SUCCESS)
err_sys("server can't set cipher list 3");
err_sys_ex(runWithErrors, "server can't set cipher list 3");
}
#endif
@ -1010,7 +1025,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
if (sniHostName)
if (CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, sniHostName,
XSTRLEN(sniHostName)) != SSL_SUCCESS)
err_sys("UseSNI failed");
err_sys_ex(runWithErrors, "UseSNI failed");
#endif
#ifdef USE_WINDOWS_API
@ -1047,7 +1062,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
clientfd = sockfd;
}
if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) {
err_sys("tcp accept failed");
err_sys_ex(runWithErrors, "tcp accept failed");
}
}
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
@ -1055,15 +1070,15 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
WOLFSSL_MEM_STATS mem_stats;
fprintf(stderr, "Before creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
err_sys_ex(runWithErrors, "ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
err_sys("error printing out memory stats");
err_sys_ex(runWithErrors, "error printing out memory stats");
}
#endif
ssl = SSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL");
err_sys_ex(runWithErrors, "unable to get SSL");
#ifdef OPENSSL_EXTRA
wolfSSL_KeepArrays(ssl);
#endif
@ -1073,9 +1088,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
WOLFSSL_MEM_STATS mem_stats;
fprintf(stderr, "After creating SSL\n");
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
err_sys("ctx not using static memory");
err_sys_ex(runWithErrors, "ctx not using static memory");
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
err_sys("error printing out memory stats");
err_sys_ex(runWithErrors, "error printing out memory stats");
}
#endif
@ -1087,12 +1102,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
crlFlags = CYASSL_CRL_MONITOR | CYASSL_CRL_START_MON;
#endif
if (CyaSSL_EnableCRL(ssl, 0) != SSL_SUCCESS)
err_sys("unable to enable CRL");
err_sys_ex(runWithErrors, "unable to enable CRL");
if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, crlFlags)
!= SSL_SUCCESS)
err_sys("unable to load CRL");
err_sys_ex(runWithErrors, "unable to load CRL");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("unable to set CRL callback url");
err_sys_ex(runWithErrors, "unable to set CRL callback url");
#endif
#ifdef HAVE_OCSP
if (useOcsp) {
@ -1108,13 +1123,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
if (wolfSSL_CTX_EnableOCSPStapling(ctx) != SSL_SUCCESS)
err_sys("can't enable OCSP Stapling Certificate Manager");
err_sys_ex(runWithErrors, "can't enable OCSP Stapling Certificate Manager");
if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate1-ca-cert.pem", 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate2-ca-cert.pem", 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
if (SSL_CTX_load_verify_locations(ctx, "certs/ocsp/intermediate3-ca-cert.pem", 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
@ -1131,7 +1146,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
doListen = 0; /* Don't listen next time */
if (SSL_set_fd(ssl, clientfd) != SSL_SUCCESS) {
err_sys("error in setting fd");
err_sys_ex(runWithErrors, "error in setting fd");
}
#ifdef HAVE_ALPN
@ -1154,7 +1169,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
(struct sockaddr*)&cliaddr, &len);
if (n <= 0)
err_sys("recvfrom failed");
err_sys_ex(runWithErrors, "recvfrom failed");
wolfSSL_dtls_set_peer(ssl, &cliaddr, len);
}
@ -1224,12 +1239,12 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
err = SSL_get_error(ssl, 0);
printf("SSL_accept error %d, %s\n", err,
ERR_error_string(err, buffer));
err_sys("SSL_accept failed");
err_sys_ex(runWithErrors, "SSL_accept failed");
}
showPeer(ssl);
if (SSL_state(ssl) != 0) {
err_sys("SSL in error state");
err_sys_ex(runWithErrors, "SSL in error state");
}
#ifdef OPENSSL_EXTRA
@ -1241,23 +1256,29 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
/* get size of buffer then print */
size = wolfSSL_get_server_random(NULL, NULL, 0);
if (size == 0) {
err_sys("error getting server random buffer size");
err_sys_ex(runWithErrors, "error getting server random buffer size");
}
rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (rnd == NULL) {
err_sys("error creating server random buffer");
err_sys_ex(runWithErrors, "error creating server random buffer");
}
size = wolfSSL_get_server_random(ssl, rnd, size);
if (size == 0) {
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
err_sys("error getting server random buffer");
err_sys_ex(runWithErrors, "error getting server random buffer");
}
printf("Server Random : ");
for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
printf("\n");
pt = rnd;
if (pt != NULL) {
for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt);
printf("\n");
} else {
err_sys_ex(runWithErrors, "error: attempted to dereference null "
"pointer");
}
XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
@ -1295,13 +1316,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SSL_VERIFY_FAIL_IF_NO_PEER_CERT),0);
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0)
!= SSL_SUCCESS) {
err_sys("can't load ca file, Please run from wolfSSL home dir");
err_sys_ex(runWithErrors, "can't load ca file, Please run from wolfSSL home dir");
}
#ifdef WOLFSSL_TRUST_PEER_CERT
if (trustCert) {
if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert,
SSL_FILETYPE_PEM)) != SSL_SUCCESS) {
err_sys("can't load trusted peer cert file");
err_sys_ex(runWithErrors, "can't load trusted peer cert file");
}
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
@ -1360,7 +1381,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
/* display collected statistics */
#ifdef WOLFSSL_STATIC_MEMORY
if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
err_sys("static memory was not used with ssl");
err_sys_ex(runWithErrors, "static memory was not used with ssl");
fprintf(stderr, "\nprint off SSL memory stats\n");
fprintf(stderr, "*** This is memory state before wolfSSL_free is called\n");
@ -1459,7 +1480,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#ifdef HAVE_WNR
if (wc_FreeNetRandom() < 0)
err_sys("Failed to free netRandom context");
err_sys_ex(runWithErrors, "Failed to free netRandom context");
#endif /* HAVE_WNR */
return args.return_code;
@ -1500,3 +1521,4 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
return 0;
}
#endif