On Sun, Aug 29, 2021 at 02:00:44PM +0200, Theo Buehler wrote:
> Terminate the s_server after n clients connected to it. This is
> occasionally useful, matches OpenSSL's behavior and should help
> simplifying regress/usr.bin/openssl/x509.
>
hi.
> Index: openssl.1
> ===================================================================
> RCS file: /cvs/src/usr.bin/openssl/openssl.1,v
> retrieving revision 1.129
> diff -u -p -r1.129 openssl.1
> --- openssl.1 17 Mar 2021 18:08:32 -0000 1.129
> +++ openssl.1 28 Aug 2021 17:12:59 -0000
> @@ -4607,6 +4607,7 @@ will be used.
> .Op Fl keymatexportlen Ar len
> .Op Fl msg
> .Op Fl mtu Ar mtu
> +.Op Fl naccept Ar arg
i guess "arg" should be "num".
also i think it needs to be added to sv_usage in s_server.c.
otherwise doc parts ok.
jmc
> .Op Fl named_curve Ar arg
> .Op Fl nbio
> .Op Fl nbio_test
> @@ -4807,6 +4808,10 @@ Export len bytes of keying material (def
> Show all protocol messages with hex dump.
> .It Fl mtu Ar mtu
> Set the link layer MTU.
> +.It Fl naccept Ar num
> +Terminate server after
> +.Ar num
> +connections.
> .It Fl named_curve Ar arg
> Specify the elliptic curve name to use for ephemeral ECDH keys.
> This option is deprecated; use
> Index: s_apps.h
> ===================================================================
> RCS file: /cvs/src/usr.bin/openssl/s_apps.h,v
> retrieving revision 1.5
> diff -u -p -r1.5 s_apps.h
> --- s_apps.h 25 Apr 2018 07:12:33 -0000 1.5
> +++ s_apps.h 28 Aug 2021 17:12:59 -0000
> @@ -120,7 +120,7 @@ extern int verify_return_error;
>
> int do_server(int port, int type, int *ret,
> int (*cb)(char *hostname, int s, unsigned char *context),
> - unsigned char *context);
> + unsigned char *context, int naccept);
> #ifdef HEADER_X509_H
> int verify_callback(int ok, X509_STORE_CTX *ctx);
> #endif
> Index: s_server.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/openssl/s_server.c,v
> retrieving revision 1.47
> diff -u -p -r1.47 s_server.c
> --- s_server.c 17 Mar 2021 18:11:01 -0000 1.47
> +++ s_server.c 28 Aug 2021 17:17:38 -0000
> @@ -267,6 +267,7 @@ static struct {
> uint16_t min_version;
> const SSL_METHOD *meth;
> int msg;
> + int naccept;
> char *named_curve;
> int nbio;
> int nbio_test;
> @@ -741,6 +742,13 @@ static const struct option s_server_opti
> },
> #endif
> {
> + .name = "naccept",
> + .argname = "num",
> + .desc = "terminate after num connections",
> + .type = OPTION_ARG_INT,
> + .opt.value = &s_server_config.naccept
> + },
> + {
> .name = "named_curve",
> .argname = "arg",
> .type = OPTION_ARG,
> @@ -1084,6 +1092,7 @@ s_server_main(int argc, char *argv[])
> memset(&s_server_config, 0, sizeof(s_server_config));
> s_server_config.keymatexportlen = 20;
> s_server_config.meth = TLS_server_method();
> + s_server_config.naccept = -1;
> s_server_config.port = PORT;
> s_server_config.cert_file = TEST_CERT;
> s_server_config.cert_file2 = TEST_CERT2;
> @@ -1465,10 +1474,12 @@ s_server_main(int argc, char *argv[])
> (void) BIO_flush(bio_s_out);
> if (s_server_config.www)
> do_server(s_server_config.port, s_server_config.socket_type,
> - &accept_socket, www_body, s_server_config.context);
> + &accept_socket, www_body, s_server_config.context,
> + s_server_config.naccept);
> else
> do_server(s_server_config.port, s_server_config.socket_type,
> - &accept_socket, sv_body, s_server_config.context);
> + &accept_socket, sv_body, s_server_config.context,
> + s_server_config.naccept);
> print_stats(bio_s_out, ctx);
> ret = 0;
> end:
> Index: s_socket.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/openssl/s_socket.c,v
> retrieving revision 1.11
> diff -u -p -r1.11 s_socket.c
> --- s_socket.c 28 Jun 2019 13:35:02 -0000 1.11
> +++ s_socket.c 28 Aug 2021 17:12:59 -0000
> @@ -132,7 +132,7 @@ init_client(int *sock, char *host, char
> int
> do_server(int port, int type, int *ret,
> int (*cb) (char *hostname, int s, unsigned char *context),
> - unsigned char *context)
> + unsigned char *context, int naccept)
> {
> int sock;
> char *name = NULL;
> @@ -161,7 +161,9 @@ do_server(int port, int type, int *ret,
> shutdown(sock, SHUT_RDWR);
> close(sock);
> }
> - if (i < 0) {
> + if (naccept != -1)
> + naccept--;
> + if (i < 0 || naccept == 0) {
> shutdown(accept_socket, SHUT_RDWR);
> close(accept_socket);
> return (i);
>
