- else if (strcmp(*argv,"-tlsextdebug") == 0)
- s_tlsextdebug=1;
- else if (strcmp(*argv,"-status") == 0)
- s_tlsextstatus=1;
- else if (strcmp(*argv,"-status_verbose") == 0)
- {
- s_tlsextstatus=1;
- tlscstatp.verbose = 1;
- }
- else if (!strcmp(*argv, "-status_timeout"))
- {
- s_tlsextstatus=1;
- if (--argc < 1) goto bad;
- tlscstatp.timeout = atoi(*(++argv));
- }
- else if (!strcmp(*argv, "-status_url"))
- {
- s_tlsextstatus=1;
- if (--argc < 1) goto bad;
- if (!OCSP_parse_url(*(++argv),
- &tlscstatp.host,
- &tlscstatp.port,
- &tlscstatp.path,
- &tlscstatp.use_ssl))
- {
- BIO_printf(bio_err, "Error parsing URL\n");
- goto bad;
- }
- }
-#endif
- else if (strcmp(*argv,"-msg") == 0)
- { s_msg=1; }
- else if (strcmp(*argv,"-hack") == 0)
- { hack=1; }
- else if (strcmp(*argv,"-state") == 0)
- { state=1; }
- else if (strcmp(*argv,"-crlf") == 0)
- { s_crlf=1; }
- else if (strcmp(*argv,"-quiet") == 0)
- { s_quiet=1; }
- else if (strcmp(*argv,"-bugs") == 0)
- { bugs=1; }
- else if (strcmp(*argv,"-no_tmp_rsa") == 0)
- { no_tmp_rsa=1; }
- else if (strcmp(*argv,"-no_dhe") == 0)
- { no_dhe=1; }
- else if (strcmp(*argv,"-no_ecdhe") == 0)
- { no_ecdhe=1; }
- else if (strcmp(*argv,"-no_resume_ephemeral") == 0)
- { no_resume_ephemeral = 1; }
-#ifndef OPENSSL_NO_PSK
- else if (strcmp(*argv,"-psk_hint") == 0)
- {
- if (--argc < 1) goto bad;
- psk_identity_hint= *(++argv);
- }
- else if (strcmp(*argv,"-psk") == 0)
- {
- size_t i;
-
- if (--argc < 1) goto bad;
- psk_key=*(++argv);
- for (i=0; i<strlen(psk_key); i++)
- {
- if (isxdigit((int)psk_key[i]))
- continue;
- BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
- goto bad;
- }
- }
-#endif
- else if (strcmp(*argv,"-www") == 0)
- { www=1; }
- else if (strcmp(*argv,"-WWW") == 0)
- { www=2; }
- else if (strcmp(*argv,"-HTTP") == 0)
- { www=3; }
- else if (strcmp(*argv,"-no_ssl2") == 0)
- { off|=SSL_OP_NO_SSLv2; }
- else if (strcmp(*argv,"-no_ssl3") == 0)
- { off|=SSL_OP_NO_SSLv3; }
- else if (strcmp(*argv,"-no_tls1_1") == 0)
- { off|=SSL_OP_NO_TLSv1_1; }
- else if (strcmp(*argv,"-no_tls1") == 0)
- { off|=SSL_OP_NO_TLSv1; }
- else if (strcmp(*argv,"-no_comp") == 0)
- { off|=SSL_OP_NO_COMPRESSION; }
+ {"servername", OPT_SERVERNAME, 's',
+ "Servername for HostName TLS extension"},
+ {"servername_fatal", OPT_SERVERNAME_FATAL, '-',
+ "mismatch send fatal alert (default warning alert)"},
+ {"cert2", OPT_CERT2, '<',
+ "Certificate file to use for servername; default is" TEST_CERT2},
+ {"key2", OPT_KEY2, '<',
+ "-Private Key file to use for servername if not in -cert2"},
+ {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
+ "Hex dump of all TLS extensions received"},
+# ifndef OPENSSL_NO_NEXTPROTONEG
+ {"nextprotoneg", OPT_NEXTPROTONEG, 's',
+ "Set the advertised protocols for the NPN extension (comma-separated list)"},
+# endif
+ {"use_srtp", OPT_SRTP_PROFILES, '<',
+ "Offer SRTP key management with a colon-separated profile list"},
+ {"alpn", OPT_ALPN, 's',
+ "Set the advertised protocols for the ALPN extension (comma-separated list)"},
+#endif
+ {"keymatexport", OPT_KEYMATEXPORT, 's',
+ "Export keying material using label"},
+ {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
+ "Export len bytes of keying material (default 20)"},
+ {"CRL", OPT_CRL, '<'},
+ {"crl_download", OPT_CRL_DOWNLOAD, '-'},
+ {"cert_chain", OPT_CERT_CHAIN, '<'},
+ {"dcert_chain", OPT_DCERT_CHAIN, '<'},
+ {"chainCApath", OPT_CHAINCAPATH, '/'},
+ {"verifyCApath", OPT_VERIFYCAPATH, '/'},
+ {"no_cache", OPT_NO_CACHE, '-'},
+ {"ext_cache", OPT_EXT_CACHE, '-'},
+ {"CRLform", OPT_CRLFORM, 'F'},
+ {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
+ {"verify_quiet", OPT_VERIFY_QUIET, '-'},
+ {"build_chain", OPT_BUILD_CHAIN, '-'},
+ {"chainCAfile", OPT_CHAINCAFILE, '<'},
+ {"verifyCAfile", OPT_VERIFYCAFILE, '<'},
+ {"ign_eof", OPT_IGN_EOF, '-'},
+ {"no_ign_eof", OPT_NO_IGN_EOF, '-'},
+ {"status", OPT_STATUS, '-'},
+ {"status_verbose", OPT_STATUS_VERBOSE, '-'},
+ {"status_timeout", OPT_STATUS_TIMEOUT, 'n'},
+ {"status_url", OPT_STATUS_URL, 's'},
+ {"trace", OPT_TRACE, '-'},
+ {"security_debug", OPT_SECURITY_DEBUG, '-'},
+ {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
+ {"brief", OPT_BRIEF, '-'},
+ {"rev", OPT_REV, '-'},
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's'},
+#endif
+ OPT_S_OPTIONS,
+ OPT_V_OPTIONS,
+ OPT_X_OPTIONS,
+ {NULL}
+};
+
+int s_server_main(int argc, char *argv[])
+{
+ ENGINE *e = NULL;
+ EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+ SSL_CONF_CTX *cctx = NULL;
+ const SSL_METHOD *meth = SSLv23_server_method();
+ SSL_EXCERT *exc = NULL;
+ STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
+ STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;
+ STACK_OF(X509_CRL) *crls = NULL;
+ X509 *s_cert = NULL, *s_dcert = NULL;
+ X509_VERIFY_PARAM *vpm = NULL;
+ char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
+ char *dhfile = NULL, *dpassarg = NULL, *dpass = NULL, *inrand = NULL;
+ char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
+ char *crl_file = NULL, *prog, *p;
+ const char *unix_path = NULL;
+#ifndef NO_SYS_UN_H
+ int unlink_unix_path = 0;
+#endif
+ int (*server_cb) (char *hostname, int s, int stype,
+ unsigned char *context);
+ int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
+ int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0, ret = 1;
+ int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+ int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+ int rev = 0, naccept = -1, sdebug = 0, socket_type = SOCK_STREAM;
+ int state = 0, crl_format = FORMAT_PEM, crl_download = 0;
+ unsigned short port = PORT;
+ unsigned char *context = NULL;
+ OPTION_CHOICE o;