search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix dangling/unused bindings in `(gnutls)'.
[gnutls.git] / src / serv.c
blob0ff113d750b39425a68855ec14b48ece688a7511
1 /*
2 * Copyright (C) 2004, 2006, 2007 Free Software Foundation
3 * Copyright (C) 2001,2002 Paul Sheer
4 * Portions Copyright (C) 2002,2003 Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * GNUTLS is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * GNUTLS is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 /* This server is heavily modified for GNUTLS by Nikos Mavrogiannopoulos
23 * (which means it is quite unreadable)
24 */
25
26 #include "common.h"
27 #include "serv-gaa.h"
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <errno.h>
31 #include <sys/types.h>
32 #include <string.h>
33 #include <gnutls/gnutls.h>
34 #include <gcrypt.h>
35 #include <gnutls/extra.h>
36 #include <sys/time.h>
37 #include <fcntl.h>
38 #include <list.h>
39
40 #if defined _WIN32 || defined __WIN32__
41 #define select _win_select
42 #endif
43
44 #include "error.h"
45 #include "read-file.h"
46
47 #include "getaddrinfo.h"
48
49 /* konqueror cannot handle sending the page in multiple
50 * pieces.
51 */
52 /* global stuff */
53 static int generate = 0;
54 static int http = 0;
55 static int port = 0;
56 static int x509ctype;
57 static int debug;
58
59 int verbose;
60 static int nodb;
61 int require_cert;
62 int disable_client_cert;
63
64 char *psk_passwd;
65 char *srp_passwd;
66 char *srp_passwd_conf;
67 char *pgp_keyring;
68 char *pgp_keyfile;
69 char *pgp_certfile;
70 char *x509_keyfile;
71 char *x509_certfile;
72 char *x509_dsakeyfile;
73 char *x509_dsacertfile;
74 char *x509_cafile;
75 char *dh_params_file;
76 char *x509_crlfile = NULL;
77
78 /* end of globals */
79
80 /* This is a sample TCP echo server.
81 * This will behave as an http server if any argument in the
82 * command line is present
83 */
84
85 #define SMALL_READ_TEST (2147483647)
86
87 #define SA struct sockaddr
88 #define ERR(err,s) if(err==-1) {perror(s);return(1);}
89 #define GERR(ret) fprintf(stdout, "Error: %s\n", safe_strerror(ret))
90 #define MAX_BUF 1024
91
92 #undef max
93 #define max(x,y) ((x) > (y) ? (x) : (y))
94 #undef min
95 #define min(x,y) ((x) < (y) ? (x) : (y))
96
97
98 #define HTTP_END "</BODY></HTML>\n\n"
99
100 #define HTTP_UNIMPLEMENTED "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n<HTML><HEAD>\r\n<TITLE>501 Method Not Implemented</TITLE>\r\n</HEAD><BODY>\r\n<H1>Method Not Implemented</H1>\r\n<HR>\r\n</BODY></HTML>\r\n"
101 #define HTTP_OK "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n"
102
103 #define HTTP_BEGIN HTTP_OK \
104 "\n" \
105 "<HTML><BODY>\n" \
106 "<CENTER><H1>This is <a href=\"http://www.gnu.org/software/gnutls\">" \
107 "GNUTLS</a></H1></CENTER>\n\n"
108
109 #define RENEGOTIATE
110
111 /* These are global */
112 gnutls_srp_server_credentials_t srp_cred = NULL;
113 gnutls_psk_server_credentials_t psk_cred = NULL;
114 gnutls_anon_server_credentials_t dh_cred = NULL;
115 gnutls_certificate_credentials_t cert_cred = NULL;
116
117 static gaainfo info;
118
119 const int ssl_session_cache = 128;
120
121 static void wrap_db_init (void);
122 static void wrap_db_deinit (void);
123 static int wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data);
124 static gnutls_datum_t wrap_db_fetch (void *dbf, gnutls_datum_t key);
125 static int wrap_db_delete (void *dbf, gnutls_datum_t key);
126
127
128 #define HTTP_STATE_REQUEST 1
129 #define HTTP_STATE_RESPONSE 2
130 #define HTTP_STATE_CLOSING 3
131
132 LIST_TYPE_DECLARE (listener_item, char *http_request;
133 char *http_response; int request_length;
134 int response_length; int response_written;
135 int http_state;
136 int fd; gnutls_session_t tls_session; int handshake_ok;);
137
138 static const char *
139 safe_strerror (int value)
140 {
141 const char *ret = gnutls_strerror (value);
142 if (ret == NULL)
143 ret = str_unknown;
144 return ret;
145 }
146
147 static void
148 listener_free (listener_item * j)
149 {
150
151 if (j->http_request)
152 free (j->http_request);
153 if (j->http_response)
154 free (j->http_response);
155 if (j->fd >= 0)
156 {
157 gnutls_bye (j->tls_session, GNUTLS_SHUT_WR);
158 shutdown (j->fd, 2);
159 close (j->fd);
160 gnutls_deinit (j->tls_session);
161 }
162 }
163
164
165 /* we use primes up to 1024 in this server.
166 * otherwise we should add them here.
167 */
168
169 gnutls_dh_params_t dh_params = NULL;
170 gnutls_rsa_params_t rsa_params = NULL;
171
172 static int
173 generate_dh_primes (void)
174 {
175 int prime_bits = 768;
176
177 if (gnutls_dh_params_init (&dh_params) < 0)
178 {
179 fprintf (stderr, "Error in dh parameter initialization\n");
180 exit (1);
181 }
182
183 /* Generate Diffie Hellman parameters - for use with DHE
184 * kx algorithms. These should be discarded and regenerated
185 * once a week or once a month. Depends on the
186 * security requirements.
187 */
188 printf
189 ("Generating Diffie Hellman parameters [%d]. Please wait...\n",
190 prime_bits);
191 fflush (stdout);
192
193 if (gnutls_dh_params_generate2 (dh_params, prime_bits) < 0)
194 {
195 fprintf (stderr, "Error in prime generation\n");
196 exit (1);
197 }
198
199 return 0;
200 }
201
202 static void
203 read_dh_params (void)
204 {
205 char tmpdata[2048];
206 int size;
207 gnutls_datum_t params;
208 FILE *fd;
209
210 if (gnutls_dh_params_init (&dh_params) < 0)
211 {
212 fprintf (stderr, "Error in dh parameter initialization\n");
213 exit (1);
214 }
215
216 /* read the params file
217 */
218 fd = fopen (dh_params_file, "r");
219 if (fd == NULL)
220 {
221 fprintf (stderr, "Could not open %s\n", dh_params_file);
222 exit (1);
223 }
224
225 size = fread (tmpdata, 1, sizeof (tmpdata) - 1, fd);
226 tmpdata[size] = 0;
227 fclose (fd);
228
229 params.data = (unsigned char *) tmpdata;
230 params.size = size;
231
232 size =
233 gnutls_dh_params_import_pkcs3 (dh_params, &params, GNUTLS_X509_FMT_PEM);
234
235 if (size < 0)
236 {
237 fprintf (stderr, "Error parsing dh params: %s\n", safe_strerror (size));
238 exit (1);
239 }
240
241 printf ("Read Diffie Hellman parameters.\n");
242 fflush (stdout);
243
244 }
245
246 static char pkcs3[] =
247 "-----BEGIN DH PARAMETERS-----\n"
248 "MIGGAoGAtkxw2jlsVCsrfLqxrN+IrF/3W8vVFvDzYbLmxi2GQv9s/PQGWP1d9i22\n"
249 "P2DprfcJknWt7KhCI1SaYseOQIIIAYP78CfyIpGScW/vS8khrw0rlQiyeCvQgF3O\n"
250 "GeGOEywcw+oQT4SmFOD7H0smJe2CNyjYpexBXQ/A0mbTF9QKm1cCAQU=\n"
251 "-----END DH PARAMETERS-----\n";
252
253 static int
254 static_dh_params (void)
255 {
256 gnutls_datum_t params = { pkcs3, sizeof (pkcs3) };
257 int ret;
258
259 if (gnutls_dh_params_init (&dh_params) < 0)
260 {
261 fprintf (stderr, "Error in dh parameter initialization\n");
262 exit (1);
263 }
264
265 ret = gnutls_dh_params_import_pkcs3 (dh_params, &params, GNUTLS_X509_FMT_PEM);
266
267 if (ret < 0)
268 {
269 fprintf (stderr, "Error parsing dh params: %s\n", safe_strerror (ret));
270 exit (1);
271 }
272
273 printf ("Set static Diffie Hellman parameters, consider --dhparams.\n");
274
275 return 0;
276 }
277
278 static int
279 get_params (gnutls_session_t session, gnutls_params_type_t type,
280 gnutls_params_st * st)
281 {
282
283 if (type == GNUTLS_PARAMS_RSA_EXPORT)
284 {
285 if (rsa_params == NULL)
286 return -1;
287 st->params.rsa_export = rsa_params;
288 }
289 else if (type == GNUTLS_PARAMS_DH)
290 {
291 if (dh_params == NULL)
292 return -1;
293 st->params.dh = dh_params;
294 }
295 else
296 return -1;
297
298 st->type = type;
299 st->deinit = 0;
300
301 return 0;
302 }
303
304 static int
305 generate_rsa_params (void)
306 {
307 if (gnutls_rsa_params_init (&rsa_params) < 0)
308 {
309 fprintf (stderr, "Error in rsa parameter initialization\n");
310 exit (1);
311 }
312
313 /* Generate RSA parameters - for use with RSA-export
314 * cipher suites. These should be discarded and regenerated
315 * once a day, once every 500 transactions etc. Depends on the
316 * security requirements.
317 */
318 printf ("Generating temporary RSA parameters. Please wait...\n");
319 fflush (stdout);
320
321 if (gnutls_rsa_params_generate2 (rsa_params, 512) < 0)
322 {
323 fprintf (stderr, "Error in rsa parameter generation\n");
324 exit (1);
325 }
326
327 return 0;
328 }
329
330 LIST_DECLARE_INIT (listener_list, listener_item, listener_free);
331
332 static int protocol_priority[PRI_MAX];
333 static int kx_priority[PRI_MAX];
334 static int cipher_priority[PRI_MAX];
335 static int comp_priority[PRI_MAX];
336 static int mac_priority[PRI_MAX];
337 static int cert_type_priority[PRI_MAX];
338
339 #if ENABLE_OPRFI
340 int
341 oprfi_callback (gnutls_session_t session,
342 void *userdata,
343 size_t oprfi_len,
344 const unsigned char *in_oprfi,
345 unsigned char *out_oprfi)
346 {
347 size_t ourlen = strlen (info.opaque_prf_input);
348 size_t i;
349
350 printf ("- Received Opaque PRF data of %d bytes\n", oprfi_len);
351 printf (" data: ");
352 for (i = 0; i < oprfi_len; i++)
353 printf ("%02x", in_oprfi[i]);
354 printf ("\n");
355
356 memset(out_oprfi, 0, oprfi_len);
357 strncpy (out_oprfi, info.opaque_prf_input, oprfi_len);
358
359 return 0;
360 }
361 #endif
362
363 gnutls_session_t
364 initialize_session (void)
365 {
366 gnutls_session_t session;
367 const char *err;
368
369 gnutls_init (&session, GNUTLS_SERVER);
370
371 /* allow the use of private ciphersuites.
372 */
373 gnutls_handshake_set_private_extensions (session, 1);
374
375 if (nodb == 0)
376 {
377 gnutls_db_set_retrieve_function (session, wrap_db_fetch);
378 gnutls_db_set_remove_function (session, wrap_db_delete);
379 gnutls_db_set_store_function (session, wrap_db_store);
380 gnutls_db_set_ptr (session, NULL);
381 }
382
383 if (gnutls_priority_set_direct (session, info.priorities, &err) < 0)
384 {
385 fprintf(stderr, "Syntax error at: %s\n", err);
386 exit(1);
387 }
388
389 if (cipher_priority[0])
390 gnutls_cipher_set_priority (session, cipher_priority);
391 if (comp_priority[0])
392 gnutls_compression_set_priority (session, comp_priority);
393 if (kx_priority[0])
394 gnutls_kx_set_priority (session, kx_priority);
395 if (protocol_priority[0])
396 gnutls_protocol_set_priority (session, protocol_priority);
397 if (mac_priority[0])
398 gnutls_mac_set_priority (session, mac_priority);
399 if (cert_type_priority[0])
400 gnutls_certificate_type_set_priority (session, cert_type_priority);
401
402 gnutls_credentials_set (session, GNUTLS_CRD_ANON, dh_cred);
403
404 if (srp_cred != NULL)
405 gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
406
407 if (psk_cred != NULL)
408 gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
409
410 if (cert_cred != NULL)
411 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred);
412
413 if (disable_client_cert)
414 gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
415 else {
416 if (require_cert)
417 gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
418 else
419 gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
420 }
421
422 /* Set maximum compatibility mode. This is only suggested on public webservers
423 * that need to trade security for compatibility
424 */
425 gnutls_session_enable_compatibility_mode( session);
426
427 #ifdef ENABLE_OPRFI
428 if (info.opaque_prf_input)
429 gnutls_oprfi_enable_server (session, oprfi_callback, NULL);
430 #endif
431
432 return session;
433 }
434
435 #include <gnutls/x509.h>
436
437 static const char DEFAULT_DATA[] =
438 "This is the default message reported by the GnuTLS implementation. "
439 "For more information please visit "
440 "<a href=\"http://www.gnutls.org/\">http://www.gnutls.org/</a>.";
441
442 /* Creates html with the current session information.
443 */
444 #define tmp2 &http_buffer[strlen(http_buffer)]
445 char *
446 peer_print_info (gnutls_session_t session, int *ret_length, const char *header)
447 {
448 const char *tmp;
449 unsigned char sesid[32];
450 size_t i, sesid_size;
451 char *http_buffer;
452 gnutls_kx_algorithm_t kx_alg;
453 size_t len = 5 * 1024 + strlen (header);
454 char *crtinfo = NULL;
455 size_t ncrtinfo = 0;
456
457 if (verbose != 0)
458 {
459 http_buffer = malloc (len);
460 if (http_buffer == NULL)
461 return NULL;
462
463 strcpy (http_buffer, HTTP_BEGIN);
464 strcpy (&http_buffer[sizeof (HTTP_BEGIN) - 1], DEFAULT_DATA);
465 strcpy (&http_buffer[sizeof (HTTP_BEGIN) + sizeof (DEFAULT_DATA) - 2],
466 HTTP_END);
467 *ret_length =
468 sizeof (DEFAULT_DATA) + sizeof (HTTP_BEGIN) + sizeof (HTTP_END) - 3;
469 return http_buffer;
470
471 }
472
473 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
474 {
475 const gnutls_datum_t *cert_list;
476 unsigned int cert_list_size = 0;
477 size_t i;
478
479 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
480
481 for (i = 0; i < cert_list_size; i++)
482 {
483 gnutls_x509_crt_t cert;
484 gnutls_datum_t info;
485
486 if (gnutls_x509_crt_init (&cert) == 0 &&
487 gnutls_x509_crt_import (cert, &cert_list[i],
488 GNUTLS_X509_FMT_DER) == 0 &&
489 gnutls_x509_crt_print (cert, GNUTLS_X509_CRT_FULL, &info) == 0)
490 {
491 const char *post = "</PRE><P><PRE>";
492
493 crtinfo = realloc (crtinfo, ncrtinfo + info.size +
494 strlen (post) + 1);
495 if (crtinfo == NULL)
496 return NULL;
497 memcpy (crtinfo + ncrtinfo, info.data, info.size);
498 ncrtinfo += info.size;
499 memcpy (crtinfo + ncrtinfo, post, strlen (post));
500 ncrtinfo += strlen (post);
501 crtinfo[ncrtinfo] = '\0';
502 gnutls_free (info.data);
503 }
504 }
505 }
506
507 http_buffer = malloc (len);
508 if (http_buffer == NULL)
509 return NULL;
510
511 strcpy (http_buffer, HTTP_BEGIN);
512
513 /* print session_id */
514 gnutls_session_get_id (session, sesid, &sesid_size);
515 sprintf (tmp2, "\n<p>Session ID: <i>");
516 for (i = 0; i < sesid_size; i++)
517 sprintf (tmp2, "%.2X", sesid[i]);
518 sprintf (tmp2, "</i></p>\n");
519 sprintf (tmp2,
520 "<h5>If your browser supports session resuming, then you should see the "
521 "same session ID, when you press the <b>reload</b> button.</h5>\n");
522
523 /* Here unlike print_info() we use the kx algorithm to distinguish
524 * the functions to call.
525 */
526 {
527 char dns[256];
528 size_t dns_size = sizeof (dns);
529 unsigned int type;
530
531 if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
532 {
533 sprintf (tmp2, "\n<p>Server Name: %s</p>\n", dns);
534 }
535
536 }
537
538 kx_alg = gnutls_kx_get (session);
539
540 /* print srp specific data */
541 #ifdef ENABLE_SRP
542 if (kx_alg == GNUTLS_KX_SRP)
543 {
544 sprintf (tmp2, "<p>Connected as user '%s'.</p>\n",
545 gnutls_srp_server_get_username (session));
546 }
547 #endif
548
549 #ifdef ENABLE_PSK
550 if (kx_alg == GNUTLS_KX_PSK)
551 {
552 sprintf (tmp2, "<p>Connected as user '%s'.</p>\n",
553 gnutls_psk_server_get_username (session));
554 }
555 #endif
556
557 #ifdef ENABLE_ANON
558 if (kx_alg == GNUTLS_KX_ANON_DH)
559 {
560 sprintf (tmp2,
561 "<p> Connect using anonymous DH (prime of %d bits)</p>\n",
562 gnutls_dh_get_prime_bits (session));
563 }
564 #endif
565
566 if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS)
567 {
568 sprintf (tmp2,
569 "Ephemeral DH using prime of <b>%d</b> bits.<br>\n",
570 gnutls_dh_get_prime_bits (session));
571 }
572
573 /* print session information */
574 strcat (http_buffer, "<P>\n");
575
576 tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session));
577 if (tmp == NULL)
578 tmp = str_unknown;
579 sprintf (tmp2,
580 "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n",
581 tmp);
582
583 if (gnutls_auth_get_type (session) == GNUTLS_CRD_CERTIFICATE)
584 {
585 tmp =
586 gnutls_certificate_type_get_name (gnutls_certificate_type_get
587 (session));
588 if (tmp == NULL)
589 tmp = str_unknown;
590 sprintf (tmp2, "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n", tmp);
591 }
592
593 tmp = gnutls_kx_get_name (kx_alg);
594 if (tmp == NULL)
595 tmp = str_unknown;
596 sprintf (tmp2, "<TR><TD>Key Exchange:</TD><TD>%s</TD></TR>\n", tmp);
597
598 tmp = gnutls_compression_get_name (gnutls_compression_get (session));
599 if (tmp == NULL)
600 tmp = str_unknown;
601 sprintf (tmp2, "<TR><TD>Compression</TD><TD>%s</TD></TR>\n", tmp);
602
603 tmp = gnutls_cipher_get_name (gnutls_cipher_get (session));
604 if (tmp == NULL)
605 tmp = str_unknown;
606 sprintf (tmp2, "<TR><TD>Cipher</TD><TD>%s</TD></TR>\n", tmp);
607
608 tmp = gnutls_mac_get_name (gnutls_mac_get (session));
609 if (tmp == NULL)
610 tmp = str_unknown;
611 sprintf (tmp2, "<TR><TD>MAC</TD><TD>%s</TD></TR>\n", tmp);
612
613 tmp = gnutls_cipher_suite_get_name (kx_alg,
614 gnutls_cipher_get (session),
615 gnutls_mac_get (session));
616 if (tmp == NULL)
617 tmp = str_unknown;
618 sprintf (tmp2, "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR></p></TABLE>\n",
619 tmp);
620
621 if (crtinfo)
622 {
623 strcat (http_buffer, "<hr><PRE>");
624 strcat (http_buffer, crtinfo);
625 strcat (http_buffer, "\n</PRE>\n");
626 }
627
628 strcat (http_buffer, "<hr><P>Your HTTP header was:<PRE>");
629 strcat (http_buffer, header);
630 strcat (http_buffer, "</PRE></P>");
631
632 strcat (http_buffer, "\n" HTTP_END);
633
634 *ret_length = strlen (http_buffer);
635
636 return http_buffer;
637 }
638
639 static int
640 listen_socket (const char *name, int listen_port)
641 {
642 struct addrinfo hints, *res, *ptr;
643 char portname[6];
644 int s;
645 int yes;
646
647 snprintf (portname, sizeof (portname), "%d", listen_port);
648 memset (&hints, 0, sizeof (hints));
649 hints.ai_socktype = SOCK_STREAM;
650 hints.ai_flags = AI_PASSIVE;
651
652 if ((s = getaddrinfo (NULL, portname, &hints, &res)) != 0)
653 {
654 fprintf (stderr, "getaddrinfo() failed: %s\n", gai_strerror (s));
655 return -1;
656 }
657 s = -1;
658
659 for (ptr = res; (ptr != NULL) && (s == -1); ptr = ptr->ai_next)
660 {
661 if ((s = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol)) < 0)
662 {
663 perror ("socket() failed");
664 continue;
665 }
666
667 yes = 1;
668 if (setsockopt
669 (s, SOL_SOCKET, SO_REUSEADDR, (const void *) &yes, sizeof (yes)) < 0)
670 {
671 perror ("setsockopt() failed");
672 failed:
673 close (s);
674 s = -1;
675 continue;
676 }
677
678 if (bind (s, res->ai_addr, res->ai_addrlen) < 0)
679 {
680 perror ("bind() failed");
681 goto failed;
682 }
683
684 if (listen (s, 10) < 0)
685 {
686 perror ("listen() failed");
687 goto failed;
688 }
689 }
690
691 freeaddrinfo (res);
692 if (s == -1)
693 {
694 return -1;
695 }
696
697 printf ("%s ready. Listening to port '%s'.\n\n", name, portname);
698 return s;
699 }
700
701 static void
702 get_response (gnutls_session_t session, char *request,
703 char **response, int *response_length)
704 {
705 char *p, *h;
706
707 if (http != 0)
708 {
709 if (strncmp (request, "GET ", 4))
710 goto unimplemented;
711
712 if (!(h = strchr (request, '\n')))
713 goto unimplemented;
714
715 *h++ = '\0';
716 while (*h == '\r' || *h == '\n')
717 h++;
718
719 if (!(p = strchr (request + 4, ' ')))
720 goto unimplemented;
721 *p = '\0';
722 }
723 /* *response = peer_print_info(session, request+4, h, response_length); */
724 if (http != 0)
725 {
726 *response = peer_print_info (session, response_length, h);
727 }
728 else
729 {
730 *response = strdup (request);
731 *response_length = ((*response) ? strlen (*response) : 0);
732 }
733
734 return;
735
736 unimplemented:
737 *response = strdup (HTTP_UNIMPLEMENTED);
738 *response_length = ((*response) ? strlen (*response) : 0);
739 }
740
741 void
742 terminate (int sig)
743 {
744 fprintf (stderr, "Exiting via signal %d\n", sig);
745 exit (1);
746 }
747
748
749 static void
750 check_alert (gnutls_session_t session, int ret)
751 {
752 if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
753 || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
754 {
755 int last_alert = gnutls_alert_get (session);
756 if (last_alert == GNUTLS_A_NO_RENEGOTIATION &&
757 ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
758 printf
759 ("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n");
760 else
761 printf ("* Received alert '%d': %s.\n", last_alert,
762 gnutls_alert_get_name (last_alert));
763 }
764 }
765
766 static void
767 tls_log_func (int level, const char *str)
768 {
769 fprintf (stderr, "|<%d>| %s", level, str);
770 }
771
772 static void gaa_parser (int argc, char **argv);
773
774 static int get_port (const struct sockaddr_storage *addr)
775 {
776 switch (addr->ss_family)
777 {
778 case AF_INET6:
779 return ntohs (((const struct sockaddr_in6 *)addr)->sin6_port);
780 case AF_INET:
781 return ntohs (((const struct sockaddr_in *)addr)->sin_port);
782 }
783 return -1;
784 }
785
786 static const char *addr_ntop (const struct sockaddr *sa, socklen_t salen,
787 char *buf, size_t buflen)
788 {
789 if (getnameinfo (sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) == 0)
790 {
791 return buf;
792 }
793 return NULL;
794 }
795
796 int
797 main (int argc, char **argv)
798 {
799 int ret, n, h;
800 char topbuf[512];
801 char name[256];
802 int accept_fd;
803 struct sockaddr_storage client_address;
804 socklen_t calen;
805
806 #ifndef _WIN32
807 signal (SIGPIPE, SIG_IGN);
808 signal (SIGHUP, SIG_IGN);
809 signal (SIGTERM, terminate);
810 if (signal (SIGINT, terminate) == SIG_IGN)
811 signal (SIGINT, SIG_IGN); /* e.g. background process */
812 #endif
813
814 sockets_init ();
815
816 gaa_parser (argc, argv);
817
818 if (nodb == 0)
819 wrap_db_init ();
820
821 if (http == 1)
822 {
823 strcpy (name, "HTTP Server");
824 }
825 else
826 {
827 strcpy (name, "Echo Server");
828 }
829
830 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
831
832 if ((ret = gnutls_global_init ()) < 0)
833 {
834 fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret));
835 exit (1);
836 }
837 gnutls_global_set_log_function (tls_log_func);
838 gnutls_global_set_log_level (debug);
839
840 if ((ret = gnutls_global_init_extra ()) < 0)
841 {
842 fprintf (stderr, "global_init_extra: %s\n", gnutls_strerror (ret));
843 exit (1);
844 }
845
846 /* Note that servers must generate parameters for
847 * Diffie Hellman. See gnutls_dh_params_generate(), and
848 * gnutls_dh_params_set().
849 */
850 if (generate != 0)
851 {
852 generate_rsa_params ();
853 generate_dh_primes ();
854 }
855 else if (dh_params_file)
856 {
857 read_dh_params ();
858 }
859 else
860 {
861 static_dh_params ();
862 }
863
864 if (gnutls_certificate_allocate_credentials (&cert_cred) < 0)
865 {
866 fprintf (stderr, "memory error\n");
867 exit (1);
868 }
869
870 if (x509_cafile != NULL)
871 {
872 if ((ret = gnutls_certificate_set_x509_trust_file
873 (cert_cred, x509_cafile, x509ctype)) < 0)
874 {
875 fprintf (stderr, "Error reading '%s'\n", x509_cafile);
876 GERR (ret);
877 exit (1);
878 }
879 else
880 {
881 printf ("Processed %d CA certificate(s).\n", ret);
882 }
883 }
884 #ifdef ENABLE_PKI
885 if (x509_crlfile != NULL)
886 {
887 if ((ret = gnutls_certificate_set_x509_crl_file
888 (cert_cred, x509_crlfile, x509ctype)) < 0)
889 {
890 fprintf (stderr, "Error reading '%s'\n", x509_crlfile);
891 GERR (ret);
892 exit (1);
893 }
894 else
895 {
896 printf ("Processed %d CRL(s).\n", ret);
897 }
898 }
899 #endif
900
901 #ifdef ENABLE_OPENPGP
902 if (pgp_keyring != NULL)
903 {
904 ret =
905 gnutls_certificate_set_openpgp_keyring_file (cert_cred, pgp_keyring, GNUTLS_OPENPGP_FMT_BASE64);
906 if (ret < 0)
907 {
908 fprintf (stderr, "Error setting the OpenPGP keyring file\n");
909 GERR (ret);
910 }
911 }
912
913 if (pgp_certfile != NULL)
914 if ((ret = gnutls_certificate_set_openpgp_key_file
915 (cert_cred, pgp_certfile, pgp_keyfile, GNUTLS_OPENPGP_FMT_BASE64)) < 0)
916 {
917 fprintf (stderr,
918 "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n",
919 ret, pgp_certfile, pgp_keyfile);
920 GERR (ret);
921 }
922 #endif
923
924 if (x509_certfile != NULL)
925 if ((ret = gnutls_certificate_set_x509_key_file
926 (cert_cred, x509_certfile, x509_keyfile, x509ctype)) < 0)
927 {
928 fprintf (stderr,
929 "Error reading '%s' or '%s'\n", x509_certfile, x509_keyfile);
930 GERR (ret);
931 exit (1);
932 }
933
934 if (x509_dsacertfile != NULL)
935 if ((ret = gnutls_certificate_set_x509_key_file
936 (cert_cred, x509_dsacertfile, x509_dsakeyfile, x509ctype)) < 0)
937 {
938 fprintf (stderr, "Error reading '%s' or '%s'\n",
939 x509_dsacertfile, x509_dsakeyfile);
940 GERR (ret);
941 exit (1);
942 }
943
944 gnutls_certificate_set_params_function (cert_cred, get_params);
945 /* gnutls_certificate_set_dh_params(cert_cred, dh_params);
946 * gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params);
947 */
948
949 /* this is a password file (created with the included srpcrypt utility)
950 * Read README.crypt prior to using SRP.
951 */
952 #ifdef ENABLE_SRP
953 if (srp_passwd != NULL)
954 {
955 gnutls_srp_allocate_server_credentials (&srp_cred);
956
957 if ((ret =
958 gnutls_srp_set_server_credentials_file (srp_cred, srp_passwd,
959 srp_passwd_conf)) < 0)
960 {
961 /* only exit is this function is not disabled
962 */
963 fprintf (stderr, "Error while setting SRP parameters\n");
964 GERR (ret);
965 }
966 }
967 #endif
968
969 /* this is a password file
970 */
971 #ifdef ENABLE_PSK
972 if (psk_passwd != NULL)
973 {
974 gnutls_psk_allocate_server_credentials (&psk_cred);
975
976 if ((ret =
977 gnutls_psk_set_server_credentials_file (psk_cred, psk_passwd)) < 0)
978 {
979 /* only exit is this function is not disabled
980 */
981 fprintf (stderr, "Error while setting PSK parameters\n");
982 GERR (ret);
983 }
984
985 gnutls_psk_set_server_params_function (psk_cred, get_params);
986 }
987 #endif
988
989 #ifdef ENABLE_ANON
990 gnutls_anon_allocate_server_credentials (&dh_cred);
991 gnutls_anon_set_server_params_function (dh_cred, get_params);
992
993 /* gnutls_anon_set_server_dh_params(dh_cred, dh_params); */
994 #endif
995
996 h = listen_socket (name, port);
997 if (h < 0)
998 exit (1);
999
1000 for (;;)
1001 {
1002 listener_item *j;
1003 fd_set rd, wr;
1004 int val;
1005
1006 FD_ZERO (&rd);
1007 FD_ZERO (&wr);
1008 n = 0;
1009
1010 /* check for new incoming connections */
1011 FD_SET (h, &rd);
1012 n = max (n, h);
1013
1014 /* flag which connections we are reading or writing to within the fd sets */
1015 lloopstart (listener_list, j)
1016 {
1017
1018 #ifndef _WIN32
1019 val = fcntl (j->fd, F_GETFL, 0);
1020 if ((val == -1) || (fcntl (j->fd, F_SETFL, val | O_NONBLOCK) < 0))
1021 {
1022 perror ("fcntl()");
1023 exit (1);
1024 }
1025 #endif
1026
1027 if (j->http_state == HTTP_STATE_REQUEST)
1028 {
1029 FD_SET (j->fd, &rd);
1030 n = max (n, j->fd);
1031 }
1032 if (j->http_state == HTTP_STATE_RESPONSE)
1033 {
1034 FD_SET (j->fd, &wr);
1035 n = max (n, j->fd);
1036 }
1037 }
1038 lloopend (listener_list, j);
1039
1040 /* core operation */
1041 n = select (n + 1, &rd, &wr, NULL, NULL);
1042 if (n == -1 && errno == EINTR)
1043 continue;
1044 if (n < 0)
1045 {
1046 perror ("select()");
1047 exit (1);
1048 }
1049
1050 /* a new connection has arrived */
1051 if (FD_ISSET (h, &rd))
1052 {
1053 gnutls_session_t tls_session;
1054
1055 tls_session = initialize_session ();
1056
1057 calen = sizeof (client_address);
1058 memset (&client_address, 0, calen);
1059 accept_fd = accept (h, (struct sockaddr *) &client_address, &calen);
1060
1061 if (accept_fd < 0)
1062 {
1063 perror ("accept()");
1064 }
1065 else
1066 {
1067 time_t tt;
1068 char *ctt;
1069
1070 /* new list entry for the connection */
1071 lappend (listener_list);
1072 j = listener_list.tail;
1073 j->http_request = (char *) strdup ("");
1074 j->http_state = HTTP_STATE_REQUEST;
1075 j->fd = accept_fd;
1076
1077 j->tls_session = tls_session;
1078 gnutls_transport_set_ptr (tls_session,
1079 (gnutls_transport_ptr_t) accept_fd);
1080 j->handshake_ok = 0;
1081
1082 if (verbose == 0)
1083 {
1084 tt = time (0);
1085 ctt = ctime (&tt);
1086 ctt[strlen (ctt) - 1] = 0;
1087
1088 /*
1089 printf("\n* connection from %s, port %d\n",
1090 inet_ntop(AF_INET, &client_address.sin_addr, topbuf,
1091 sizeof(topbuf)), ntohs(client_address.sin_port));
1092 */
1093
1094 }
1095 }
1096 }
1097
1098 /* read or write to each connection as indicated by select()'s return argument */
1099 lloopstart (listener_list, j)
1100 {
1101 if (FD_ISSET (j->fd, &rd))
1102 {
1103 /* read partial GET request */
1104 char buf[1024];
1105 int r, ret;
1106
1107 if (j->handshake_ok == 0)
1108 {
1109 r = gnutls_handshake (j->tls_session);
1110 if (r < 0 && gnutls_error_is_fatal (r) == 0)
1111 {
1112 check_alert (j->tls_session, r);
1113 /* nothing */
1114 }
1115 else if (r < 0 && gnutls_error_is_fatal (r) == 1)
1116 {
1117 check_alert (j->tls_session, r);
1118 fprintf (stderr, "Error in handshake\n");
1119 GERR (r);
1120
1121 do
1122 {
1123 ret =
1124 gnutls_alert_send_appropriate (j->tls_session, r);
1125 }
1126 while (ret == GNUTLS_E_AGAIN);
1127 j->http_state = HTTP_STATE_CLOSING;
1128 }
1129 else if (r == 0)
1130 {
1131 if (gnutls_session_is_resumed (j->tls_session) != 0
1132 && verbose == 0)
1133 printf ("*** This is a resumed session\n");
1134
1135 if (verbose == 0)
1136 {
1137 printf ("\n* connection from %s, port %d\n",
1138 addr_ntop ((struct sockaddr *)&client_address, calen,
1139 topbuf, sizeof (topbuf)),
1140 get_port (&client_address));
1141 print_info (j->tls_session, NULL);
1142 }
1143 j->handshake_ok = 1;
1144 }
1145 }
1146
1147 if (j->handshake_ok == 1)
1148 {
1149 r = gnutls_record_recv (j->tls_session, buf,
1150 min (1024, SMALL_READ_TEST));
1151 if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN)
1152 {
1153 /* do nothing */
1154 }
1155 else if (r <= 0)
1156 {
1157 j->http_state = HTTP_STATE_CLOSING;
1158 if (r < 0 && r != GNUTLS_E_UNEXPECTED_PACKET_LENGTH)
1159 {
1160 check_alert (j->tls_session, r);
1161 fprintf (stderr, "Error while receiving data\n");
1162 GERR (r);
1163 }
1164
1165 }
1166 else
1167 {
1168 j->http_request =
1169 realloc (j->http_request, j->request_length + r + 1);
1170 if (j->http_request != NULL)
1171 {
1172 memcpy (j->http_request + j->request_length, buf, r);
1173 j->request_length += r;
1174 j->http_request[j->request_length] = '\0';
1175 }
1176 else
1177 j->http_state = HTTP_STATE_CLOSING;
1178
1179 }
1180 /* check if we have a full HTTP header */
1181
1182 j->http_response = NULL;
1183 if (j->http_request != NULL)
1184 {
1185 if ((http == 0 && strchr (j->http_request, '\n'))
1186 || strstr (j->http_request, "\r\n\r\n")
1187 || strstr (j->http_request, "\n\n"))
1188 {
1189 get_response (j->tls_session, j->http_request,
1190 &j->http_response, &j->response_length);
1191 j->http_state = HTTP_STATE_RESPONSE;
1192 j->response_written = 0;
1193 }
1194 }
1195 }
1196 }
1197 if (FD_ISSET (j->fd, &wr))
1198 {
1199 /* write partial response request */
1200 int r;
1201
1202 if (j->handshake_ok == 0)
1203 {
1204 r = gnutls_handshake (j->tls_session);
1205 if (r < 0 && gnutls_error_is_fatal (r) == 0)
1206 {
1207 check_alert (j->tls_session, r);
1208 /* nothing */
1209 }
1210 else if (r < 0 && gnutls_error_is_fatal (r) == 1)
1211 {
1212 int ret;
1213
1214 j->http_state = HTTP_STATE_CLOSING;
1215 check_alert (j->tls_session, r);
1216 fprintf (stderr, "Error in handshake\n");
1217 GERR (r);
1218
1219 do
1220 {
1221 ret =
1222 gnutls_alert_send_appropriate (j->tls_session, r);
1223 }
1224 while (ret == GNUTLS_E_AGAIN);
1225 }
1226 else if (r == 0)
1227 {
1228 if (gnutls_session_is_resumed (j->tls_session) != 0
1229 && verbose == 0)
1230 printf ("*** This is a resumed session\n");
1231 if (verbose == 0)
1232 {
1233 printf ("- connection from %s, port %d\n",
1234 addr_ntop ((struct sockaddr*) &client_address, calen,
1235 topbuf, sizeof (topbuf)),
1236 get_port (&client_address));
1237
1238 print_info (j->tls_session, NULL);
1239 }
1240 j->handshake_ok = 1;
1241 }
1242 }
1243
1244 if (j->handshake_ok == 1)
1245 {
1246 /* FIXME if j->http_response == NULL? */
1247 r = gnutls_record_send (j->tls_session,
1248 j->http_response +
1249 j->response_written,
1250 min (j->response_length -
1251 j->response_written,
1252 SMALL_READ_TEST));
1253 if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN)
1254 {
1255 /* do nothing */
1256 }
1257 else if (r <= 0)
1258 {
1259 if (http != 0)
1260 j->http_state = HTTP_STATE_CLOSING;
1261 else
1262 {
1263 j->http_state = HTTP_STATE_REQUEST;
1264 free (j->http_response);
1265 j->response_length = 0;
1266 j->request_length = 0;
1267 j->http_request[0] = 0;
1268 }
1269
1270 if (r < 0)
1271 {
1272 fprintf (stderr, "Error while sending data\n");
1273 GERR (r);
1274 }
1275 check_alert (j->tls_session, r);
1276 }
1277 else
1278 {
1279 j->response_written += r;
1280 /* check if we have written a complete response */
1281 if (j->response_written == j->response_length)
1282 {
1283 if (http != 0)
1284 j->http_state = HTTP_STATE_CLOSING;
1285 else
1286 {
1287 j->http_state = HTTP_STATE_REQUEST;
1288 free (j->http_response);
1289 j->response_length = 0;
1290 j->request_length = 0;
1291 j->http_request[0] = 0;
1292 }
1293 }
1294 }
1295 }
1296 }
1297 }
1298 lloopend (listener_list, j);
1299
1300 /* loop through all connections, closing those that are in error */
1301 lloopstart (listener_list, j)
1302 {
1303 if (j->http_state == HTTP_STATE_CLOSING)
1304 {
1305 ldeleteinc (listener_list, j);
1306 }
1307 }
1308 lloopend (listener_list, j);
1309 }
1310
1311
1312 gnutls_certificate_free_credentials (cert_cred);
1313
1314 #ifdef ENABLE_SRP
1315 if (srp_cred)
1316 gnutls_srp_free_server_credentials (srp_cred);
1317 #endif
1318
1319 #ifdef ENABLE_PSK
1320 if (psk_cred)
1321 gnutls_psk_free_server_credentials (psk_cred);
1322 #endif
1323
1324 #ifdef ENABLE_ANON
1325 gnutls_anon_free_server_credentials (dh_cred);
1326 #endif
1327
1328 if (nodb == 0)
1329 wrap_db_deinit ();
1330 gnutls_global_deinit ();
1331
1332 return 0;
1333
1334 }
1335
1336 void
1337 gaa_parser (int argc, char **argv)
1338 {
1339 if (gaa (argc, argv, &info) != -1)
1340 {
1341 fprintf (stderr,
1342 "Error in the arguments. Use the --help or -h parameters to get more information.\n");
1343 exit (1);
1344 }
1345
1346 disable_client_cert = info.disable_client_cert;
1347 require_cert = info.require_cert;
1348 debug = info.debug;
1349 verbose = info.quiet;
1350 nodb = info.nodb;
1351
1352 if (info.http == 0)
1353 http = 0;
1354 else
1355 http = 1;
1356
1357 if (info.fmtder == 0)
1358 x509ctype = GNUTLS_X509_FMT_PEM;
1359 else
1360 x509ctype = GNUTLS_X509_FMT_DER;
1361
1362 if (info.generate == 0)
1363 generate = 0;
1364 else
1365 generate = 1;
1366
1367 dh_params_file = info.dh_params_file;
1368
1369 port = info.port;
1370
1371 x509_certfile = info.x509_certfile;
1372 x509_keyfile = info.x509_keyfile;
1373 x509_dsacertfile = info.x509_dsacertfile;
1374 x509_dsakeyfile = info.x509_dsakeyfile;
1375 x509_cafile = info.x509_cafile;
1376 x509_crlfile = info.x509_crlfile;
1377 pgp_certfile = info.pgp_certfile;
1378 pgp_keyfile = info.pgp_keyfile;
1379 srp_passwd = info.srp_passwd;
1380 srp_passwd_conf = info.srp_passwd_conf;
1381
1382 psk_passwd = info.psk_passwd;
1383
1384 pgp_keyring = info.pgp_keyring;
1385
1386 parse_protocols (info.proto, info.nproto, protocol_priority);
1387 parse_ciphers (info.ciphers, info.nciphers, cipher_priority);
1388 parse_macs (info.macs, info.nmacs, mac_priority);
1389 parse_ctypes (info.ctype, info.nctype, cert_type_priority);
1390 parse_kx (info.kx, info.nkx, kx_priority);
1391 parse_comp (info.comp, info.ncomp, comp_priority);
1392 }
1393
1394 void
1395 serv_version (void)
1396 {
1397 const char *v = gnutls_check_version (NULL);
1398
1399 printf ("gnutls-serv (GnuTLS) %s\n", LIBGNUTLS_VERSION);
1400 if (strcmp (v, LIBGNUTLS_VERSION) != 0)
1401 printf ("libgnutls %s\n", v);
1402 }
1403
1404 /* session resuming support */
1405
1406 #define SESSION_ID_SIZE 32
1407 #define SESSION_DATA_SIZE 1024
1408
1409 typedef struct
1410 {
1411 char session_id[SESSION_ID_SIZE];
1412 unsigned int session_id_size;
1413
1414 char session_data[SESSION_DATA_SIZE];
1415 unsigned int session_data_size;
1416 } CACHE;
1417
1418 static CACHE *cache_db;
1419 int cache_db_ptr = 0;
1420
1421 static void
1422 wrap_db_init (void)
1423 {
1424
1425 /* allocate cache_db */
1426 cache_db = calloc (1, ssl_session_cache * sizeof (CACHE));
1427 }
1428
1429 static void
1430 wrap_db_deinit (void)
1431 {
1432 }
1433
1434 static int
1435 wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data)
1436 {
1437
1438 if (cache_db == NULL)
1439 return -1;
1440
1441 if (key.size > SESSION_ID_SIZE)
1442 return -1;
1443 if (data.size > SESSION_DATA_SIZE)
1444 return -1;
1445
1446 memcpy (cache_db[cache_db_ptr].session_id, key.data, key.size);
1447 cache_db[cache_db_ptr].session_id_size = key.size;
1448
1449 memcpy (cache_db[cache_db_ptr].session_data, data.data, data.size);
1450 cache_db[cache_db_ptr].session_data_size = data.size;
1451
1452 cache_db_ptr++;
1453 cache_db_ptr %= ssl_session_cache;
1454
1455 return 0;
1456 }
1457
1458 static gnutls_datum_t
1459 wrap_db_fetch (void *dbf, gnutls_datum_t key)
1460 {
1461 gnutls_datum_t res = { NULL, 0 };
1462 int i;
1463
1464 if (cache_db == NULL)
1465 return res;
1466
1467 for (i = 0; i < ssl_session_cache; i++)
1468 {
1469 if (key.size == cache_db[i].session_id_size &&
1470 memcmp (key.data, cache_db[i].session_id, key.size) == 0)
1471 {
1472
1473
1474 res.size = cache_db[i].session_data_size;
1475
1476 res.data = gnutls_malloc (res.size);
1477 if (res.data == NULL)
1478 return res;
1479
1480 memcpy (res.data, cache_db[i].session_data, res.size);
1481
1482 return res;
1483 }
1484 }
1485 return res;
1486 }
1487
1488 static int
1489 wrap_db_delete (void *dbf, gnutls_datum_t key)
1490 {
1491 int i;
1492
1493 if (cache_db == NULL)
1494 return -1;
1495
1496 for (i = 0; i < ssl_session_cache; i++)
1497 {
1498 if (key.size == (unsigned int) cache_db[i].session_id_size &&
1499 memcmp (key.data, cache_db[i].session_id, key.size) == 0)
1500 {
1501
1502 cache_db[i].session_id_size = 0;
1503 cache_db[i].session_data_size = 0;
1504
1505 return 0;
1506 }
1507 }
1508
1509 return -1;
1510
1511 }
1512
1513 void
1514 print_serv_license (void)
1515 {
1516 fputs ("\nCopyright (C) 2001-2003 Paul Sheer, Nikos Mavrogiannopoulos\n"
1517 "\nCopyright (C) 2004 Free Software Foundation\n"
1518 "This program is free software; you can redistribute it and/or modify \n"
1519 "it under the terms of the GNU General Public License as published by \n"
1520 "the Free Software Foundation; either version 3 of the License, or \n"
1521 "(at your option) any later version. \n" "\n"
1522 "This program is distributed in the hope that it will be useful, \n"
1523 "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
1524 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
1525 "GNU General Public License for more details. \n" "\n"
1526 "You should have received a copy of the GNU General Public License \n"
1527 "along with this program; if not, write to the Free Software \n"
1528 "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n",
1529 stdout);
1530 }
Implementation of the SSL/TLS protocol