[openssl] master update
dev at ddvo.net
dev at ddvo.net
Mon Nov 22 14:39:13 UTC 2021
The branch master has been updated
via 4599ea9fe31953c0c50738ed4b91ade76a693356 (commit)
from 40649e36c4c0c9438f62e1bf2ccb983f6854c662 (commit)
- Log -----------------------------------------------------------------
commit 4599ea9fe31953c0c50738ed4b91ade76a693356
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Tue Jul 13 10:20:38 2021 +0200
Fix HTTP server port output and allow dynamic verbosity setting
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16061)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 4 ++--
apps/include/http_server.h | 29 +++++++++++++++--------------
apps/include/s_apps.h | 1 +
apps/lib/http_server.c | 32 +++++++++++++++++++++++++-------
apps/lib/s_socket.c | 39 ++++++++++++++++++++++++++-------------
apps/ocsp.c | 10 +++++-----
6 files changed, 74 insertions(+), 41 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index 589cce1266..f646e3f7bc 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2568,7 +2568,7 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
int retry = 1;
int ret = 1;
- if ((acbio = http_server_init_bio(prog, opt_port)) == NULL)
+ if ((acbio = http_server_init(prog, opt_port, opt_verbosity)) == NULL)
return 0;
while (opt_max_msgs <= 0 || msgs < opt_max_msgs) {
char *path = NULL;
@@ -2578,7 +2578,7 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG),
(ASN1_VALUE **)&req, &path,
&cbio, acbio, &keep_alive,
- prog, opt_port, 0, 0);
+ prog, 0, 0);
if (ret == 0) { /* no request yet */
if (retry) {
ossl_sleep(1000);
diff --git a/apps/include/http_server.h b/apps/include/http_server.h
index 8c339660a6..3a81cbb140 100644
--- a/apps/include/http_server.h
+++ b/apps/include/http_server.h
@@ -34,17 +34,19 @@
# include <syslog.h>
# include <signal.h>
# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
-# else
-# undef LOG_DEBUG
-# undef LOG_INFO
-# undef LOG_WARNING
-# undef LOG_ERR
-# define LOG_DEBUG 7
-# define LOG_INFO 6
-# define LOG_WARNING 4
-# define LOG_ERR 3
# endif
+# undef LOG_TRACE
+# undef LOG_DEBUG
+# undef LOG_INFO
+# undef LOG_WARNING
+# undef LOG_ERR
+# define LOG_TRACE 8
+# define LOG_DEBUG 7
+# define LOG_INFO 6
+# define LOG_WARNING 4
+# define LOG_ERR 3
+
/*-
* Log a message to syslog if multi-threaded HTTP_DAEMON, else to bio_err
* prog: the name of the current app
@@ -56,12 +58,13 @@ void log_message(const char *prog, int level, const char *fmt, ...);
# ifndef OPENSSL_NO_SOCK
/*-
- * Initialize an HTTP server by setting up its listening BIO
+ * Initialize an HTTP server, setting up its listening BIO
* prog: the name of the current app
* port: the port to listen on
+ * verbosity: the level of verbosity to use, or -1 for default: LOG_INFO
* returns a BIO for accepting requests, NULL on error
*/
-BIO *http_server_init_bio(const char *prog, const char *port);
+BIO *http_server_init(const char *prog, const char *port, int verbosity);
/*-
* Accept an ASN.1-formatted HTTP request
@@ -72,7 +75,6 @@ BIO *http_server_init_bio(const char *prog, const char *port);
* acbio: the listening bio (typically as returned by http_server_init_bio())
* found_keep_alive: for returning flag if client requests persistent connection
* prog: the name of the current app, for diagnostics only
- * port: the local port listening to, for diagnostics only
* accept_get: whether to accept GET requests (in addition to POST requests)
* timeout: connection timeout (in seconds), or 0 for none/infinite
* returns 0 in case caller should retry, then *preq == *ppath == *pcbio == NULL
@@ -86,8 +88,7 @@ BIO *http_server_init_bio(const char *prog, const char *port);
int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
char **ppath, BIO **pcbio, BIO *acbio,
int *found_keep_alive,
- const char *prog, const char *port,
- int accept_get, int timeout);
+ const char *prog, int accept_get, int timeout);
/*-
* Send an ASN.1-formatted HTTP response
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index 194ea746ed..5b188b9892 100644
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -19,6 +19,7 @@
(SSL_is_dtls(s) || (SSL_version(s) < TLS1_3_VERSION))
typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
+void get_sock_info_address(int asock, char **hostname, char **service);
int report_server_accept(BIO *out, int asock, int with_address, int with_pid);
int do_server(int *accept_sock, const char *host, const char *port,
int family, int type, int protocol, do_server_cb cb,
diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
index 8f654660b4..e531201d17 100644
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@@ -216,18 +216,27 @@ void spawn_loop(const char *prog)
#endif
#ifndef OPENSSL_NO_SOCK
-BIO *http_server_init_bio(const char *prog, const char *port)
+BIO *http_server_init(const char *prog, const char *port, int verb)
{
BIO *acbio = NULL, *bufbio;
int asock;
+ int port_num;
+ if (verb >= 0) {
+ if (verb > LOG_TRACE) {
+ log_message(prog, LOG_ERR,
+ "Logging verbosity level %d too high", verb);
+ return NULL;
+ }
+ verbosity = verb;
+ }
bufbio = BIO_new(BIO_f_buffer());
if (bufbio == NULL)
goto err;
acbio = BIO_new(BIO_s_accept());
if (acbio == NULL
|| BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
- || BIO_set_accept_port(acbio, port) < 0) {
+ || BIO_set_accept_port(acbio, port /* may be "0" */) < 0) {
log_message(prog, LOG_ERR, "Error setting up accept BIO");
goto err;
}
@@ -241,7 +250,8 @@ BIO *http_server_init_bio(const char *prog, const char *port)
/* Report back what address and port are used */
BIO_get_fd(acbio, &asock);
- if (!report_server_accept(bio_out, asock, 1, 1)) {
+ port_num = report_server_accept(bio_out, asock, 1, 1);
+ if (port_num == 0) {
log_message(prog, LOG_ERR, "Error printing ACCEPT string");
goto err;
}
@@ -283,8 +293,7 @@ static int urldecode(char *p)
int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
char **ppath, BIO **pcbio, BIO *acbio,
int *found_keep_alive,
- const char *prog, const char *port,
- int accept_get, int timeout)
+ const char *prog, int accept_get, int timeout)
{
BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL;
int len;
@@ -298,15 +307,24 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
*ppath = NULL;
if (cbio == NULL) {
+ char *port;
+
+ get_sock_info_address(BIO_get_fd(acbio, NULL), NULL, &port);
+ if (port == NULL) {
+ log_message(prog, LOG_ERR, "Cannot get port listening on");
+ goto fatal;
+ }
log_message(prog, LOG_DEBUG,
- "Awaiting new connection on port %s...", port);
+ "Awaiting new connection on port %s ...", port);
+ OPENSSL_free(port);
+
if (BIO_do_accept(acbio) <= 0)
/* Connection loss before accept() is routine, ignore silently */
return ret;
*pcbio = cbio = BIO_pop(acbio);
} else {
- log_message(prog, LOG_DEBUG, "Awaiting next request...");
+ log_message(prog, LOG_DEBUG, "Awaiting next request ...");
}
if (cbio == NULL) {
/* Cannot call http_server_send_status(cbio, ...) */
diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index 805a1f0f3d..0751d460e8 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -207,6 +207,25 @@ out:
return ret;
}
+void get_sock_info_address(int asock, char **hostname, char **service)
+{
+ union BIO_sock_info_u info;
+
+ if (hostname != NULL)
+ *hostname = NULL;
+ if (service != NULL)
+ *service = NULL;
+
+ if ((info.addr = BIO_ADDR_new()) != NULL
+ && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)) {
+ if (hostname != NULL)
+ *hostname = BIO_ADDR_hostname_string(info.addr, 1);
+ if (service != NULL)
+ *service = BIO_ADDR_service_string(info.addr, 1);
+ }
+ BIO_ADDR_free(info.addr);
+}
+
int report_server_accept(BIO *out, int asock, int with_address, int with_pid)
{
int success = 1;
@@ -214,30 +233,24 @@ int report_server_accept(BIO *out, int asock, int with_address, int with_pid)
if (BIO_printf(out, "ACCEPT") <= 0)
return 0;
if (with_address) {
- union BIO_sock_info_u info;
- char *hostname = NULL;
- char *service = NULL;
+ char *hostname, *service;
- if ((info.addr = BIO_ADDR_new()) != NULL
- && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
- && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
- && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL) {
+ get_sock_info_address(asock, &hostname, &service);
+ success = hostname != NULL && service != NULL;
+ if (success)
success = BIO_printf(out,
strchr(hostname, ':') == NULL
? /* IPv4 */ " %s:%s"
: /* IPv6 */ " [%s]:%s",
hostname, service) > 0;
- } else {
+ else
(void)BIO_printf(out, "unknown:error\n");
- success = 0;
- }
OPENSSL_free(hostname);
OPENSSL_free(service);
- BIO_ADDR_free(info.addr);
}
if (with_pid)
- success = success && BIO_printf(out, " PID=%d", getpid()) > 0;
- success = success && BIO_printf(out, "\n") > 0;
+ success *= BIO_printf(out, " PID=%d", getpid()) > 0;
+ success *= BIO_printf(out, "\n") > 0;
(void)BIO_flush(out);
return success;
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 8f0eacad2b..841b5f7b81 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -76,7 +76,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
- const char *port, int timeout);
+ int timeout);
static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp);
static char *prog;
@@ -576,7 +576,7 @@ int ocsp_main(int argc, char **argv)
if (req == NULL && port != NULL) {
#ifndef OPENSSL_NO_SOCK
- acbio = http_server_init_bio(prog, port);
+ acbio = http_server_init(prog, port, -1);
if (acbio == NULL)
goto end;
#else
@@ -657,7 +657,7 @@ redo_accept:
#endif
req = NULL;
- res = do_responder(&req, &cbio, acbio, port, req_timeout);
+ res = do_responder(&req, &cbio, acbio, req_timeout);
if (res == 0)
goto redo_accept;
@@ -1188,13 +1188,13 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
}
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
- const char *port, int timeout)
+ int timeout)
{
#ifndef OPENSSL_NO_SOCK
return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_REQUEST),
(ASN1_VALUE **)preq, NULL, pcbio, acbio,
NULL /* found_keep_alive */,
- prog, port, 1 /* accept_get */, timeout);
+ prog, 1 /* accept_get */, timeout);
#else
BIO_printf(bio_err,
"Error getting OCSP request - sockets not supported\n");
More information about the openssl-commits
mailing list