diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 21:12:02 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 21:12:02 +0000 |
commit | 77e50caaf2ef81cd91075cf836fed0e75718ffb4 (patch) | |
tree | 53b7b411290b63192fc9e924a3b6b65cdf67e9d0 /debian/vendor-h2o/deps/neverbleed/test.c | |
parent | Adding upstream version 1.8.3. (diff) | |
download | dnsdist-77e50caaf2ef81cd91075cf836fed0e75718ffb4.tar.xz dnsdist-77e50caaf2ef81cd91075cf836fed0e75718ffb4.zip |
Adding debian version 1.8.3-2.debian/1.8.3-2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/vendor-h2o/deps/neverbleed/test.c')
-rw-r--r-- | debian/vendor-h2o/deps/neverbleed/test.c | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/debian/vendor-h2o/deps/neverbleed/test.c b/debian/vendor-h2o/deps/neverbleed/test.c new file mode 100644 index 0000000..494fc65 --- /dev/null +++ b/debian/vendor-h2o/deps/neverbleed/test.c @@ -0,0 +1,149 @@ +/* + * Copyright (c) 2015 Kazuho Oku, DeNA Co., Ltd. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ +#include <netinet/in.h> +#include <stdio.h> +#include <string.h> +#include <sys/socket.h> +#include <sys/types.h> +#include <unistd.h> +#include <openssl/crypto.h> +#include <openssl/ssl.h> +#include "neverbleed.h" + +static void setup_ecc_key(SSL_CTX *ssl_ctx) +{ + int nid = NID_X9_62_prime256v1; + EC_KEY *key = EC_KEY_new_by_curve_name(nid); + if (key == NULL) { + fprintf(stderr, "Failed to create curve \"%s\"\n", OBJ_nid2sn(nid)); + return; + } + SSL_CTX_set_tmp_ecdh(ssl_ctx, key); + EC_KEY_free(key); +} + +int dumb_https_server(unsigned short port, SSL_CTX *ctx) +{ + int listen_fd, reuse_flag; + struct sockaddr_in sin = {}; + + if ((listen_fd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "failed to create socket:%s\n", strerror(errno)); + return 111; + } + reuse_flag = 1; + setsockopt(listen_fd, SOL_SOCKET, SO_REUSEADDR, &reuse_flag, sizeof(reuse_flag)); + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = htonl(0x7f000001); + sin.sin_port = htons(8888); + if (bind(listen_fd, (void *)&sin, sizeof(sin)) != 0) { + fprintf(stderr, "bind failed:%s\n", strerror(errno)); + return 111; + } + if (listen(listen_fd, SOMAXCONN) != 0) { + fprintf(stderr, "listen failed:%s\n", strerror(errno)); + return 111; + } + + while (1) { + int conn_fd; + SSL *ssl; + char buf[4096]; + /* accept connection */ + while ((conn_fd = accept(listen_fd, NULL, NULL)) == -1 && errno == EINTR) + ; + if (conn_fd == -1) { + fprintf(stderr, "accept(2) failed:%s\n", strerror(errno)); + return 111; + } + ssl = SSL_new(ctx); + SSL_set_fd(ssl, conn_fd); + if (SSL_accept(ssl) == 1) { + SSL_read(ssl, buf, sizeof(buf)); + const char *resp = + "HTTP/1.0 200 OK\r\nContent-Length: 6\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\nhello\n"; + SSL_write(ssl, resp, strlen(resp)); + SSL_shutdown(ssl); + } else { + fprintf(stderr, "SSL_accept failed\n"); + } + SSL_free(ssl); + close(conn_fd); + } +} + +int main(int argc, char **argv) +{ + unsigned short port; + SSL_CTX *ctx; + neverbleed_t nb; + char errbuf[NEVERBLEED_ERRBUF_SIZE]; + int use_privsep; + + /* initialization */ + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_algorithms(); + if (neverbleed_init(&nb, errbuf) != 0) { + fprintf(stderr, "openssl_privsep_init: %s\n", errbuf); + return 111; + } + ctx = SSL_CTX_new(SSLv23_server_method()); + SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION); + setup_ecc_key(ctx); + + /* parse args */ + if (argc != 5) { + fprintf(stderr, "Usage: %s <internal|privsep> <port> <certificate-chain-file> <private-key-file>\n", argv[0]); + return 111; + } + if (strcmp(argv[1], "internal") == 0) { + use_privsep = 0; + } else if (strcmp(argv[1], "privsep") == 0) { + use_privsep = 1; + } else { + fprintf(stderr, "unknown mode:%s\n", argv[1]); + return 111; + } + if (sscanf(argv[2], "%hu", &port) != 1) { + fprintf(stderr, "failed to parse port:%s\n", argv[2]); + return 111; + } + if (SSL_CTX_use_certificate_chain_file(ctx, argv[3]) != 1) { + fprintf(stderr, "failed to load certificate chain file:%s\n", argv[3]); + return 111; + } + if (use_privsep) { + if (neverbleed_load_private_key_file(&nb, ctx, argv[4], errbuf) != 1) { + fprintf(stderr, "failed to load private key from file:%s:%s\n", argv[4], errbuf); + return 111; + } + } else { + if (SSL_CTX_use_PrivateKey_file(ctx, argv[4], SSL_FILETYPE_PEM) != 1) { + fprintf(stderr, "failed to load private key from file:%s\n", argv[4]); + return 111; + } + } + + /* start the httpd */ + return dumb_https_server(port, ctx); +} |