2 /* demos/bio/server-arg.c */
4 /* A minimal program to serve an SSL connection.
6 * It use the SSL_CONF API with the command line.
8 * cc -I../../include server-arg.c -L../.. -lssl -lcrypto -ldl
13 #include <openssl/err.h>
14 #include <openssl/ssl.h>
17 int main(int argc, char *argv[])
19 char *port = "*:4433";
26 char **args = argv + 1;
29 SSL_load_error_strings();
31 /* Add ciphers and message digests */
32 OpenSSL_add_ssl_algorithms();
34 ctx=SSL_CTX_new(SSLv23_server_method());
36 cctx = SSL_CONF_CTX_new();
37 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
38 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
39 SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
40 while(*args && **args == '-')
43 /* Parse standard arguments */
44 rv = SSL_CONF_cmd_argv(cctx, &nargs, &args);
47 fprintf(stderr, "Missing argument for %s\n", *args);
52 fprintf(stderr, "Error in command %s\n", *args);
53 ERR_print_errors_fp(stderr);
56 /* If rv > 0 we processed something so proceed to next arg */
59 /* Otherwise application specific argument processing */
60 if (!strcmp(*args, "-port"))
65 fprintf(stderr, "Missing -port argument\n");
74 fprintf(stderr, "Unknown argument %s\n", *args);
79 if (!SSL_CONF_CTX_finish(cctx))
81 fprintf(stderr, "Finish error\n");
82 ERR_print_errors_fp(stderr);
86 /* Demo of how to iterate over all certificates in an SSL_CTX
92 rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST);
95 X509 *x = SSL_CTX_get0_certificate(ctx);
96 X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
98 rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT);
103 /* Setup server side SSL bio */
104 ssl_bio=BIO_new_ssl(ctx,0);
106 if ((in=BIO_new_accept(port)) == NULL) goto err;
108 /* This means that when a new connection is accepted on 'in',
109 * The ssl_bio will be 'duplicated' and have the new socket
110 * BIO push into it. Basically it means the SSL BIO will be
111 * automatically setup */
112 BIO_set_accept_bios(in,ssl_bio);
115 /* The first call will setup the accept socket, and the second
116 * will get a socket. In this loop, the first actual accept
117 * will occur in the BIO_read() function. */
119 if (BIO_do_accept(in) <= 0) goto err;
123 i=BIO_read(in,buf,512);
126 /* If we have finished, remove the underlying
127 * BIO stack so the next time we call any function
128 * for this BIO, it will attempt to do an
136 fwrite(buf,1,i,stdout);
144 ERR_print_errors_fp(stderr);
146 if (in != NULL) BIO_free(in);