generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

s_client/s_server: support unix domain sockets

Browse Source 
The "-unix <path>" argument allows s_server and s_client to use a unix
domain socket in the filesystem instead of IPv4 ("-connect", "-port",
"-accept", etc). If s_server exits gracefully, such as when "-naccept"
is used and the requested number of SSL/TLS connections have occurred,
then the domain socket file is removed. On ctrl-C, it is likely that
the stale socket file will be left over, such that s_server would
normally fail to restart with the same arguments. For this reason,
s_server also supports an "-unlink" option, which will clean up any
stale socket file before starting.

If you have any reason to want encrypted IPC within an O/S instance,
this concept might come in handy. Otherwise it just demonstrates that
there is nothing about SSL/TLS that limits it to TCP/IP in any way.

(There might also be benchmarking and profiling use in this path, as
unix domain sockets are much lower overhead than connecting over local
IP addresses).

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
This commit is contained in:
Geoff Thorpe
2014-04-26 01:22:54 -04:00
parent b6e69d284b
commit a935132099
5 changed files with 214 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/s_apps.h
View File

@@ -148,7 +148,14 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept);
int do_server(int port, int type, int *ret,
int (*cb)(char *hostname, int s, int stype, unsigned char *context),
unsigned char *context, int naccept);
#ifndef NO_SYS_UN_H
int do_server_unix(const char *path, int *ret,
int (*cb)(char *hostname, int s, int stype, unsigned char *context),
unsigned char *context, int naccept);
#endif
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -162,6 +169,9 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
int init_client(int *sock, const char *server, int port, int type);
#ifndef NO_SYS_UN_H
int init_client_unix(int *sock, const char *server);
#endif
int should_retry(int i);
int extract_port(const char *str, short *port_ptr);
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);