mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-19 19:33:38 +08:00
Update tlcp_server.c
This commit is contained in:
Zhi Guan
@@ -38,6 +38,6 @@
|
||||
" gmssl tlcp_server -port 4431 -cert tlcpcert.pem -key tlcpkey.pem -pass 1234 -cipher_suite TLS_ECC_SM4_CBC_SM3\n"
|
||||
" gmssl tlcp_client -port 4431 -host 127.0.0.1 -cacert sm2rootcacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3\n"
|
||||
"\n"
|
||||
" gmssl tlcp_server -port 4431 -cert tlcpcert.pem -key tlcpkey.pem -pass 1234 -cacert sm2cacert.pem -verbose\n"
|
||||
" gmssl tlcp_server -port 4431 -cert tlcpcert.pem -key tlcpkey.pem -pass 1234 -cacert sm2cacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3 -cert_request -verbose\n"
|
||||
" gmssl tlcp_client -port 4431 -host 127.0.0.1 -cacert sm2rootcacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3 -cert sm2signcert.pem -key sm2signkey.pem -pass 1234 -verbose\n"
|
||||
"\n"
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
#include <gmssl/error.h>
|
||||
|
||||
|
||||
static const char *options = "[-port num] -cert pem -key pem -pass str [-alpn str] [-cacert pem] [-verbose]";
|
||||
static const char *options = "[-port num] -cert pem -key pem -pass str [-cipher_suite str] [-alpn str] [-cert_request] [-cacert pem] [-verbose]";
|
||||
|
||||
|
||||
static const char *help =
|
||||
@@ -27,7 +27,9 @@ static const char *help =
|
||||
" -cert pem Server's certificate chain in PEM format, may appear multiple times\n"
|
||||
" -key pem Server's signing and encryption private keys in PEM format: signing key first, encryption key second, may appear multiple times\n"
|
||||
" -pass str Password to decrypt both private keys in the same -key PEM, may appear multiple times\n"
|
||||
" -cipher_suite str Supported cipher suites, may appear multiple times, higher priority first\n"
|
||||
" -alpn str Application protocol name, may appear multiple times, higher priority first\n"
|
||||
" -cert_request Client certificate request\n"
|
||||
" -cacert pem CA certificate for client certificate verification\n"
|
||||
" -verbose Print TLS handshake messages\n"
|
||||
"\n"
|
||||
@@ -128,6 +130,8 @@ int tlcp_server_main(int argc , char **argv)
|
||||
int ret = 1;
|
||||
char *prog = argv[0];
|
||||
int port = 443;
|
||||
int cipher_suites[4];
|
||||
size_t cipher_suites_cnt = 0;
|
||||
char *certfiles[4];
|
||||
size_t certfiles_cnt = 0;
|
||||
char *signkeyfiles[sizeof(certfiles)/sizeof(certfiles[0])];
|
||||
@@ -136,14 +140,10 @@ int tlcp_server_main(int argc , char **argv)
|
||||
size_t signpasses_cnt = 0;
|
||||
char *alpn_protocols[4];
|
||||
size_t alpn_protocols_cnt = 0;
|
||||
int cert_request = 0;
|
||||
char *cacertfile = NULL;
|
||||
int verbose = 0;
|
||||
|
||||
int server_ciphers[] = {
|
||||
TLS_cipher_ecc_sm4_gcm_sm3,
|
||||
TLS_cipher_ecc_sm4_cbc_sm3,
|
||||
};
|
||||
|
||||
TLS_CTX ctx;
|
||||
TLS_CONNECT conn;
|
||||
char buf[1600] = {0};
|
||||
@@ -192,13 +192,29 @@ int tlcp_server_main(int argc , char **argv)
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
signpasses[signpasses_cnt++] = *(++argv);
|
||||
} else if (!strcmp(*argv, "-alpn")) {
|
||||
} else if (!strcmp(*argv, "-cipher_suite")) {
|
||||
char *cipher_suite_name;
|
||||
int cipher_suite;
|
||||
if (cipher_suites_cnt >= sizeof(cipher_suites)/sizeof(cipher_suites[0])) {
|
||||
fprintf(stderr, "%s: too many -cipher_suite options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
cipher_suite_name = *(++argv);
|
||||
if ((cipher_suite = tls_cipher_suite_from_name(cipher_suite_name)) == 0) {
|
||||
fprintf(stderr, "%s: invalid -cipher_suite '%s' value\n", prog, cipher_suite_name);
|
||||
return -1;
|
||||
}
|
||||
cipher_suites[cipher_suites_cnt++] = cipher_suite;
|
||||
} else if (!strcmp(*argv, "-alpn")) {
|
||||
if (alpn_protocols_cnt >= sizeof(alpn_protocols)/sizeof(alpn_protocols[0])) {
|
||||
fprintf(stderr, "%s: too many -alpn options\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (--argc < 1) goto bad;
|
||||
alpn_protocols[alpn_protocols_cnt++] = *(++argv);
|
||||
} else if (!strcmp(*argv, "-cert_request")) {
|
||||
cert_request = 1;
|
||||
} else if (!strcmp(*argv, "-cacert")) {
|
||||
if (--argc < 1) goto bad;
|
||||
cacertfile = *(++argv);
|
||||
@@ -231,11 +247,16 @@ bad:
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!cipher_suites_cnt) {
|
||||
fprintf(stderr, "%s: '-cipher_suite' option required\n", prog);
|
||||
return 1;
|
||||
}
|
||||
|
||||
memset(&ctx, 0, sizeof(ctx));
|
||||
memset(&conn, 0, sizeof(conn));
|
||||
|
||||
if (tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_server_mode) != 1
|
||||
|| tls_ctx_set_cipher_suites(&ctx, server_ciphers, sizeof(server_ciphers)/sizeof(int)) != 1) {
|
||||
|| tls_ctx_set_cipher_suites(&ctx, cipher_suites, cipher_suites_cnt) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
@@ -262,6 +283,12 @@ bad:
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
if (cert_request) {
|
||||
if (!cacertfile) {
|
||||
fprintf(stderr, "%s: -cacert required by -cert_request\n", prog);
|
||||
return 1;
|
||||
}
|
||||
if (tls_ctx_enable_certificate_request(&ctx, 1) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
|
||||
Reference in New Issue
Block a user