From 08c239701b543b784432d30578d79d1b6c732113 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 28 Jan 2010 19:48:36 +0000 Subject: [PATCH] Experimental renegotiation support in s_server test -www server. --- CHANGES | 5 +++++ apps/s_server.c | 32 +++++++++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index a08a98679..5baf7e4f7 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 1.0.0 and 1.1.0 [xx XXX xxxx] + *) Experiemental regnegotiation in s_server -www mode. If the client + browsers /reneg connection is renegotiated. If /renegcert it is + renegotiated requestion a certificate. + [Steve Henson] + *) Add an "external" session cache for debugging purposes to s_server. This should help trace issues which normally are only apparent in deployed multi-process servers. diff --git a/apps/s_server.c b/apps/s_server.c index 6de433299..a70482e93 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2324,7 +2324,6 @@ static int www_body(char *hostname, int s, unsigned char *context) } SSL_set_bio(con,sbio,sbio); SSL_set_accept_state(con); - /* SSL_set_fd(con,s); */ BIO_set_ssl(ssl_bio,con,BIO_CLOSE); BIO_push(io,ssl_bio); @@ -2406,6 +2405,32 @@ static int www_body(char *hostname, int s, unsigned char *context) STACK_OF(SSL_CIPHER) *sk; static const char *space=" "; + if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) + { + if (strncmp("GET /renegcert", buf, 14) == 0) + SSL_set_verify(con, + SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); + i=SSL_renegotiate(con); + BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n",i); + i=SSL_do_handshake(con); + if (i <= 0) + { + BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n", SSL_get_error(con, i)); + ERR_print_errors(bio_err); + goto err; + } + /* EVIL HACK! */ + con->state = SSL_ST_ACCEPT; + i=SSL_do_handshake(con); + BIO_printf(bio_s_out, "SSL_do_handshake -> %d\n",i); + if (i <= 0) + { + BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n", SSL_get_error(con, i)); + ERR_print_errors(bio_err); + goto err; + } + } + BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); BIO_puts(io,"\n"); BIO_puts(io,"
\n");
@@ -2418,6 +2443,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
 				}
 			BIO_puts(io,"\n");
 
+			BIO_printf(io,
+				"Secure Renegotiation IS%s supported\n",
+		      		SSL_get_secure_renegotiation_support(con) ?
+							"" : " NOT");
+
 			/* The following is evil and should not really
 			 * be done */
 			BIO_printf(io,"Ciphers supported in s_server binary\n");