abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update tlcp_server.c

Browse Source
This commit is contained in:
Zhi Guan
2026-06-17 11:22:21 +08:00
parent 866b80c918
commit 18a5e5b969
5 changed files with 39 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -818,7 +818,7 @@ endif()
# #
set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_NAME "GmSSL")
set(CPACK_PACKAGE_VENDOR "GmSSL develop team") set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1072") set(CPACK_PACKAGE_VERSION "3.2.0-dev.1073")
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
set(CPACK_NSIS_MODIFY_PATH ON) set(CPACK_NSIS_MODIFY_PATH ON)
include(CPack) include(CPack)

1
cmake/tlcp_commands.cmake
View File

@@ -26,6 +26,7 @@ gmssl_run_tls_command_test(
SERVER_ARGS SERVER_ARGS
tlcp_server tlcp_server
-port ${TEST_PORT} -port ${TEST_PORT}
-cipher_suite ${TEST_CIPHER_SUITE}
-cert tlcp_server_certs.pem -cert tlcp_server_certs.pem
-key tlcp_server_keys.pem -key tlcp_server_keys.pem
-pass P@ssw0rd -pass P@ssw0rd

2
include/gmssl/version.h
View File

@@ -18,7 +18,7 @@ extern "C" {
#define GMSSL_VERSION_NUM 30200 #define GMSSL_VERSION_NUM 30200
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1072" #define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1073"
int gmssl_version_num(void); int gmssl_version_num(void);
const char *gmssl_version_str(void); const char *gmssl_version_str(void);

2
tools/tlcp_help.h
View File

@@ -38,6 +38,6 @@
" gmssl tlcp_server -port 4431 -cert tlcpcert.pem -key tlcpkey.pem -pass 1234 -cipher_suite TLS_ECC_SM4_CBC_SM3\n" " gmssl tlcp_server -port 4431 -cert tlcpcert.pem -key tlcpkey.pem -pass 1234 -cipher_suite TLS_ECC_SM4_CBC_SM3\n"
" gmssl tlcp_client -port 4431 -host 127.0.0.1 -cacert sm2rootcacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3\n" " gmssl tlcp_client -port 4431 -host 127.0.0.1 -cacert sm2rootcacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3\n"
"\n" "\n"
" gmssl tlcp_server -port 4431 -cert tlcpcert.pem -key tlcpkey.pem -pass 1234 -cacert sm2cacert.pem -verbose\n" " gmssl tlcp_server -port 4431 -cert tlcpcert.pem -key tlcpkey.pem -pass 1234 -cacert sm2cacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3 -cert_request -verbose\n"
" gmssl tlcp_client -port 4431 -host 127.0.0.1 -cacert sm2rootcacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3 -cert sm2signcert.pem -key sm2signkey.pem -pass 1234 -verbose\n" " gmssl tlcp_client -port 4431 -host 127.0.0.1 -cacert sm2rootcacert.pem -cipher_suite TLS_ECC_SM4_CBC_SM3 -cert sm2signcert.pem -key sm2signkey.pem -pass 1234 -verbose\n"
"\n" "\n"

41
tools/tlcp_server.c
View File

@@ -17,7 +17,7 @@
#include <gmssl/error.h> #include <gmssl/error.h>
static const char *options = "[-port num] -cert pem -key pem -pass str [-alpn str] [-cacert pem] [-verbose]"; static const char *options = "[-port num] -cert pem -key pem -pass str [-cipher_suite str] [-alpn str] [-cert_request] [-cacert pem] [-verbose]";
static const char *help = static const char *help =
@@ -27,7 +27,9 @@ static const char *help =
" -cert pem Server's certificate chain in PEM format, may appear multiple times\n" " -cert pem Server's certificate chain in PEM format, may appear multiple times\n"
" -key pem Server's signing and encryption private keys in PEM format: signing key first, encryption key second, may appear multiple times\n" " -key pem Server's signing and encryption private keys in PEM format: signing key first, encryption key second, may appear multiple times\n"
" -pass str Password to decrypt both private keys in the same -key PEM, may appear multiple times\n" " -pass str Password to decrypt both private keys in the same -key PEM, may appear multiple times\n"
" -cipher_suite str Supported cipher suites, may appear multiple times, higher priority first\n"
" -alpn str Application protocol name, may appear multiple times, higher priority first\n" " -alpn str Application protocol name, may appear multiple times, higher priority first\n"
" -cert_request Client certificate request\n"
" -cacert pem CA certificate for client certificate verification\n" " -cacert pem CA certificate for client certificate verification\n"
" -verbose Print TLS handshake messages\n" " -verbose Print TLS handshake messages\n"
"\n" "\n"
@@ -128,6 +130,8 @@ int tlcp_server_main(int argc , char **argv)
int ret = 1; int ret = 1;
char *prog = argv[0]; char *prog = argv[0];
int port = 443; int port = 443;
int cipher_suites[4];
size_t cipher_suites_cnt = 0;
char *certfiles[4]; char *certfiles[4];
size_t certfiles_cnt = 0; size_t certfiles_cnt = 0;
char *signkeyfiles[sizeof(certfiles)/sizeof(certfiles[0])]; char *signkeyfiles[sizeof(certfiles)/sizeof(certfiles[0])];
@@ -136,14 +140,10 @@ int tlcp_server_main(int argc , char **argv)
size_t signpasses_cnt = 0; size_t signpasses_cnt = 0;
char *alpn_protocols[4]; char *alpn_protocols[4];
size_t alpn_protocols_cnt = 0; size_t alpn_protocols_cnt = 0;
int cert_request = 0;
char *cacertfile = NULL; char *cacertfile = NULL;
int verbose = 0; int verbose = 0;
int server_ciphers[] = {
TLS_cipher_ecc_sm4_gcm_sm3,
TLS_cipher_ecc_sm4_cbc_sm3,
};
TLS_CTX ctx; TLS_CTX ctx;
TLS_CONNECT conn; TLS_CONNECT conn;
char buf[1600] = {0}; char buf[1600] = {0};
@@ -192,6 +192,20 @@ int tlcp_server_main(int argc , char **argv)
} }
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
signpasses[signpasses_cnt++] = *(++argv); signpasses[signpasses_cnt++] = *(++argv);
} else if (!strcmp(*argv, "-cipher_suite")) {
char *cipher_suite_name;
int cipher_suite;
if (cipher_suites_cnt >= sizeof(cipher_suites)/sizeof(cipher_suites[0])) {
fprintf(stderr, "%s: too many -cipher_suite options\n", prog);
return -1;
}
if (--argc < 1) goto bad;
cipher_suite_name = *(++argv);
if ((cipher_suite = tls_cipher_suite_from_name(cipher_suite_name)) == 0) {
fprintf(stderr, "%s: invalid -cipher_suite '%s' value\n", prog, cipher_suite_name);
return -1;
}
cipher_suites[cipher_suites_cnt++] = cipher_suite;
} else if (!strcmp(*argv, "-alpn")) { } else if (!strcmp(*argv, "-alpn")) {
if (alpn_protocols_cnt >= sizeof(alpn_protocols)/sizeof(alpn_protocols[0])) { if (alpn_protocols_cnt >= sizeof(alpn_protocols)/sizeof(alpn_protocols[0])) {
fprintf(stderr, "%s: too many -alpn options\n", prog); fprintf(stderr, "%s: too many -alpn options\n", prog);
@@ -199,6 +213,8 @@ int tlcp_server_main(int argc , char **argv)
} }
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
alpn_protocols[alpn_protocols_cnt++] = *(++argv); alpn_protocols[alpn_protocols_cnt++] = *(++argv);
} else if (!strcmp(*argv, "-cert_request")) {
cert_request = 1;
} else if (!strcmp(*argv, "-cacert")) { } else if (!strcmp(*argv, "-cacert")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
cacertfile = *(++argv); cacertfile = *(++argv);
@@ -231,11 +247,16 @@ bad:
return 1; return 1;
} }
if (!cipher_suites_cnt) {
fprintf(stderr, "%s: '-cipher_suite' option required\n", prog);
return 1;
}
memset(&ctx, 0, sizeof(ctx)); memset(&ctx, 0, sizeof(ctx));
memset(&conn, 0, sizeof(conn)); memset(&conn, 0, sizeof(conn));
if (tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_server_mode) != 1 if (tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_server_mode) != 1
|| tls_ctx_set_cipher_suites(&ctx, server_ciphers, sizeof(server_ciphers)/sizeof(int)) != 1) { || tls_ctx_set_cipher_suites(&ctx, cipher_suites, cipher_suites_cnt) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -262,6 +283,12 @@ bad:
error_print(); error_print();
return -1; return -1;
} }
}
if (cert_request) {
if (!cacertfile) {
fprintf(stderr, "%s: -cacert required by -cert_request\n", prog);
return 1;
}
if (tls_ctx_enable_certificate_request(&ctx, 1) != 1) { if (tls_ctx_enable_certificate_request(&ctx, 1) != 1) {
error_print(); error_print();
return -1; return -1;