tests/x509signself.c

   1 /*
   2  * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation
   3  *
   4  * Author: Simon Josefsson
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * GNUTLS is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * GNUTLS is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with GNUTLS; if not, write to the Free Software Foundation,
  20  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  21  */
  22
  23 /* Parts copied from GnuTLS example programs. */
  24
  25 #if HAVE_CONFIG_H
  26 # include <config.h>
  27 #endif
  28
  29 #include <stdio.h>
  30 #include <stdlib.h>
  31 #include <string.h>
  32 #include <sys/types.h>
  33 #include <netinet/in.h>
  34 #include <sys/socket.h>
  35 #include <sys/wait.h>
  36 #include <arpa/inet.h>
  37 #include <unistd.h>
  38 #include <gnutls/gnutls.h>
  39 #include <gnutls/x509.h>
  40
  41 #include "ex-session-info.c"
  42 #include "ex-x509-info.c"
  43 extern int print_info (gnutls_session_t session);
  44
  45 #include "utils.h"
  46
  47 pid_t child;
  48
  49 static void
  50 tls_log_func (int level, const char *str)
  51 {
  52   fprintf (stderr, "%s |<%d>| %s", child ? "server" : "client", level, str);
  53 }
  54
  55 /* A very basic TLS client, with anonymous authentication.
  56  */
  57
  58 #define MAX_BUF 1024
  59 #define MSG "Hello TLS"
  60
  61 /* Connects to the peer and returns a socket
  62  * descriptor.
  63  */
  64 int
  65 tcp_connect (void)
  66 {
  67   const char *PORT = "5556";
  68   const char *SERVER = "127.0.0.1";
  69   int err, sd;
  70   struct sockaddr_in sa;
  71
  72   /* connects to server
  73    */
  74   sd = socket (AF_INET, SOCK_STREAM, 0);
  75
  76   memset (&sa, '\0', sizeof (sa));
  77   sa.sin_family = AF_INET;
  78   sa.sin_port = htons (atoi (PORT));
  79   inet_pton (AF_INET, SERVER, &sa.sin_addr);
  80
  81   err = connect (sd, (struct sockaddr *) &sa, sizeof (sa));
  82   if (err < 0)
  83     {
  84       fprintf (stderr, "Connect error\n");
  85       exit (1);
  86     }
  87
  88   return sd;
  89 }
  90
  91 /* closes the given socket descriptor.
  92  */
  93 void
  94 tcp_close (int sd)
  95 {
  96   shutdown (sd, SHUT_RDWR);     /* no more receptions */
  97   close (sd);
  98 }
  99
 100 static char ca_pem[] =
 101   "-----BEGIN CERTIFICATE-----\n"
 102   "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
 103   "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
 104   "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
 105   "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
 106   "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
 107   "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
 108   "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
 109   "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
 110   "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
 111   "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
 112   "PfqUpIhz5Bbm7J4=\n"
 113   "-----END CERTIFICATE-----\n";
 114 const gnutls_datum_t ca = { ca_pem, sizeof (ca_pem) };
 115
 116 static char cert_pem[] =
 117   "-----BEGIN CERTIFICATE-----\n"
 118   "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
 119   "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
 120   "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n"
 121   "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n"
 122   "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n"
 123   "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n"
 124   "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n"
 125   "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n"
 126   "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
 127   "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
 128   "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
 129   "dc8Siq5JojruiMizAf0pA7in\n"
 130   "-----END CERTIFICATE-----\n";
 131 const gnutls_datum_t cert = { cert_pem, sizeof (cert_pem) };
 132
 133 int
 134 sign_func (gnutls_session_t session,
 135            void *userdata,
 136            gnutls_certificate_type_t cert_type,
 137            const gnutls_datum_t * cert,
 138            const gnutls_datum_t * hash,
 139            gnutls_datum_t * signature)
 140 {
 141   gnutls_x509_privkey_t key;
 142   char key_pem[] =
 143     "-----BEGIN RSA PRIVATE KEY-----\n"
 144     "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
 145     "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
 146     "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n"
 147     "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n"
 148     "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n"
 149     "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n"
 150     "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n"
 151     "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n"
 152     "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n"
 153     "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n"
 154     "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n"
 155     "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
 156     "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
 157     "-----END RSA PRIVATE KEY-----\n";
 158   const gnutls_datum_t key_dat = { key_pem, sizeof (key_pem) };
 159   int ret;
 160
 161   ret = gnutls_x509_privkey_init (&key);
 162   if (ret < 0)
 163     return ret;
 164
 165   ret = gnutls_x509_privkey_import (key, &key_dat, GNUTLS_X509_FMT_PEM);
 166   if (ret < 0)
 167     goto done;
 168
 169   ret = gnutls_x509_privkey_sign_hash (key, hash, signature);
 170   if (ret < 0)
 171     goto done;
 172
 173   ret = 0;
 174
 175  done:
 176   gnutls_x509_privkey_deinit (key);
 177   return ret;
 178 }
 179
 180 void
 181 client (void)
 182 {
 183   int ret, sd, ii;
 184   gnutls_session_t session;
 185   char buffer[MAX_BUF + 1];
 186   gnutls_certificate_credentials_t xcred;
 187
 188   gnutls_global_init ();
 189
 190   gnutls_global_set_log_function (tls_log_func);
 191   gnutls_global_set_log_level (4711);
 192
 193   gnutls_certificate_allocate_credentials (&xcred);
 194
 195   /* sets the trusted cas file
 196    */
 197   gnutls_certificate_set_x509_trust_mem (xcred, &ca, GNUTLS_X509_FMT_PEM);
 198   gnutls_certificate_set_x509_key_mem (xcred, &cert, NULL,
 199                                        GNUTLS_X509_FMT_PEM);
 200
 201   /* Initialize TLS session
 202    */
 203   gnutls_init (&session, GNUTLS_CLIENT);
 204
 205   /* Set sign callback. */
 206   gnutls_sign_callback_set (session, sign_func, NULL);
 207
 208   /* Use default priorities */
 209   gnutls_set_default_priority (session);
 210
 211   /* put the x509 credentials to the current session
 212    */
 213   gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
 214
 215   /* connect to the peer
 216    */
 217   sd = tcp_connect ();
 218
 219   gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
 220
 221   /* Perform the TLS handshake
 222    */
 223   ret = gnutls_handshake (session);
 224
 225   if (ret < 0)
 226     {
 227       fail ("client: Handshake failed\n");
 228       gnutls_perror (ret);
 229       goto end;
 230     }
 231   else
 232     {
 233       success ("client: Handshake was completed\n");
 234     }
 235
 236   success ("client: TLS version is: %s\n",
 237            gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
 238
 239   /* see the Getting peer's information example */
 240   print_info(session);
 241
 242   gnutls_record_send (session, MSG, strlen (MSG));
 243
 244   ret = gnutls_record_recv (session, buffer, MAX_BUF);
 245   if (ret == 0)
 246     {
 247       success ("client: Peer has closed the TLS connection\n");
 248       goto end;
 249     }
 250   else if (ret < 0)
 251     {
 252       fail ("client: Error: %s\n", gnutls_strerror (ret));
 253       goto end;
 254     }
 255
 256   printf ("- Received %d bytes: ", ret);
 257   for (ii = 0; ii < ret; ii++)
 258     {
 259       fputc (buffer[ii], stdout);
 260     }
 261   fputs ("\n", stdout);
 262
 263   gnutls_bye (session, GNUTLS_SHUT_RDWR);
 264
 265 end:
 266
 267   tcp_close (sd);
 268
 269   gnutls_deinit (session);
 270
 271   gnutls_certificate_free_credentials (xcred);
 272
 273   gnutls_global_deinit ();
 274 }
 275
 276 /* This is a sample TLS 1.0 echo server, using X.509 authentication.
 277  */
 278
 279 #define SA struct sockaddr
 280 #define MAX_BUF 1024
 281 #define PORT 5556               /* listen to 5556 port */
 282 #define DH_BITS 1024
 283
 284 /* These are global */
 285 gnutls_certificate_credentials_t x509_cred;
 286
 287 gnutls_session_t
 288 initialize_tls_session (void)
 289 {
 290   gnutls_session_t session;
 291
 292   gnutls_init (&session, GNUTLS_SERVER);
 293
 294   /* avoid calling all the priority functions, since the defaults
 295    * are adequate.
 296    */
 297   gnutls_set_default_priority (session);
 298
 299   gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
 300
 301   /* request client certificate if any.
 302    */
 303   gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
 304
 305   gnutls_dh_set_prime_bits (session, DH_BITS);
 306
 307   return session;
 308 }
 309
 310 static gnutls_dh_params_t dh_params;
 311
 312 static int
 313 generate_dh_params (void)
 314 {
 315   const gnutls_datum_t p3 = { pkcs3, strlen (pkcs3) };
 316   /* Generate Diffie Hellman parameters - for use with DHE
 317    * kx algorithms. These should be discarded and regenerated
 318    * once a day, once a week or once a month. Depending on the
 319    * security requirements.
 320    */
 321   gnutls_dh_params_init (&dh_params);
 322   return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
 323 }
 324
 325 int err, listen_sd, i;
 326 int sd, ret;
 327 struct sockaddr_in sa_serv;
 328 struct sockaddr_in sa_cli;
 329 int client_len;
 330 char topbuf[512];
 331 gnutls_session_t session;
 332 char buffer[MAX_BUF + 1];
 333 int optval = 1;
 334
 335 static char server_cert_pem[] =
 336   "-----BEGIN CERTIFICATE-----\n"
 337   "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
 338   "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
 339   "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
 340   "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
 341   "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
 342   "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
 343   "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
 344   "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
 345   "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
 346   "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
 347   "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
 348   "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
 349   "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n"
 350   "-----END CERTIFICATE-----\n";
 351
 352 const gnutls_datum_t server_cert = { server_cert_pem,
 353                                      sizeof (server_cert_pem) };
 354
 355 static char server_key_pem[] =
 356   "-----BEGIN RSA PRIVATE KEY-----\n"
 357   "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
 358   "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
 359   "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
 360   "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
 361   "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
 362   "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
 363   "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
 364   "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
 365   "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
 366   "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
 367   "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
 368   "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
 369   "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
 370   "-----END RSA PRIVATE KEY-----\n";
 371
 372 const gnutls_datum_t server_key = { server_key_pem,
 373                                     sizeof (server_key_pem) };
 374
 375 void
 376 server_start (void)
 377 {
 378   /* this must be called once in the program
 379    */
 380   gnutls_global_init ();
 381
 382   gnutls_global_set_log_function (tls_log_func);
 383   gnutls_global_set_log_level (4711);
 384
 385   gnutls_certificate_allocate_credentials (&x509_cred);
 386   gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM);
 387
 388   gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
 389                                        GNUTLS_X509_FMT_PEM);
 390
 391   success ("Launched, generating DH parameters...\n");
 392
 393   generate_dh_params ();
 394
 395   gnutls_certificate_set_dh_params (x509_cred, dh_params);
 396
 397   /* Socket operations
 398    */
 399   listen_sd = socket (AF_INET, SOCK_STREAM, 0);
 400   if (err == -1)
 401     {
 402       perror ("socket");
 403       fail ("server: socket failed\n");
 404       return;
 405     }
 406
 407   memset (&sa_serv, '\0', sizeof (sa_serv));
 408   sa_serv.sin_family = AF_INET;
 409   sa_serv.sin_addr.s_addr = INADDR_ANY;
 410   sa_serv.sin_port = htons (PORT);      /* Server Port number */
 411
 412   setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (int));
 413
 414   err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
 415   if (err == -1)
 416     {
 417       perror ("bind");
 418       fail ("server: bind failed\n");
 419       return;
 420     }
 421
 422   err = listen (listen_sd, 1024);
 423   if (err == -1)
 424     {
 425       perror ("listen");
 426       fail ("server: listen failed\n");
 427       return;
 428     }
 429
 430   success ("server: ready. Listening to port '%d'.\n", PORT);
 431 }
 432
 433 void
 434 server (void)
 435 {
 436   client_len = sizeof (sa_cli);
 437
 438   session = initialize_tls_session ();
 439
 440   sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
 441
 442   success ("server: connection from %s, port %d\n",
 443            inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
 444                       sizeof (topbuf)), ntohs (sa_cli.sin_port));
 445
 446   gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
 447   ret = gnutls_handshake (session);
 448   if (ret < 0)
 449     {
 450       close (sd);
 451       gnutls_deinit (session);
 452       fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
 453       return;
 454     }
 455   success ("server: Handshake was completed\n");
 456
 457   success ("server: TLS version is: %s\n",
 458            gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
 459
 460   /* see the Getting peer's information example */
 461   print_info(session);
 462
 463   i = 0;
 464   for (;;)
 465     {
 466       bzero (buffer, MAX_BUF + 1);
 467       ret = gnutls_record_recv (session, buffer, MAX_BUF);
 468
 469       if (ret == 0)
 470         {
 471           success ("server: Peer has closed the GNUTLS connection\n");
 472           break;
 473         }
 474       else if (ret < 0)
 475         {
 476           fail ("server: Received corrupted data(%d). Closing...\n", ret);
 477           break;
 478         }
 479       else if (ret > 0)
 480         {
 481           /* echo data back to the client
 482            */
 483           gnutls_record_send (session, buffer, strlen (buffer));
 484         }
 485     }
 486   /* do not wait for the peer to close the connection.
 487    */
 488   gnutls_bye (session, GNUTLS_SHUT_WR);
 489
 490   close (sd);
 491   gnutls_deinit (session);
 492
 493   close (listen_sd);
 494
 495   gnutls_certificate_free_credentials (x509_cred);
 496
 497   gnutls_global_deinit ();
 498
 499   success ("server: finished\n");
 500 }
 501
 502
 503 void
 504 doit (void)
 505 {
 506   server_start ();
 507   if (error_count)
 508     return;
 509
 510   child = fork ();
 511   if (child < 0)
 512     {
 513       perror ("fork");
 514       fail ("fork");
 515       return;
 516     }
 517
 518   if (child)
 519     {
 520       int status;
 521       /* parent */
 522       server ();
 523       wait (&status);
 524     }
 525   else
 526     client ();
 527 }