len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-08-19 09:38:32 -04:00
Code Issues Projects Releases Packages Wiki Activity

Prepare for V7.2.0 release.

Browse source
This commit is contained in:
Richard Barry 2012-08-14 12:14:48 +00:00
parent 73ad4387e2
commit e0bab5981a
1071 changed files with 8726 additions and 2457 deletions
Download patch file Download diff file Expand all files Collapse all files

282
FreeRTOS-Plus/CyaSSL/examples/client/client.c
View file

@ -38,7 +38,7 @@
#endif
#if defined(NON_BLOCKING) || defined(CYASSL_CALLBACKS)
void NonBlockingSSL_Connect(CyaSSL* ssl)
void NonBlockingSSL_Connect(CYASSL* ssl)
{
#ifndef CYASSL_CALLBACKS
int ret = CyaSSL_connect(ssl);
@ -70,6 +70,28 @@
#endif
static void Usage(void)
{
printf("client " LIBCYASSL_VERSION_STRING
" NOTE: All files relative to CyaSSL home dir\n");
printf("-? Help, print this usage\n");
printf("-h <host> Host to connect to, default %s\n", yasslIP);
printf("-p <num> Port to connect on, default %d\n", yasslPort);
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
CLIENT_DEFAULT_VERSION);
printf("-l <str> Cipher list\n");
printf("-c <file> Certificate file, default %s\n", cliCert);
printf("-k <file> Key file, default %s\n", cliKey);
printf("-A <file> Certificate Authority file, default %s\n", caCert);
printf("-b <num> Benchmark <num> connections and print stats\n");
printf("-s Use pre Shared keys\n");
printf("-d Disable peer checks\n");
printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS\n");
printf("-m Match domain name in cert\n");
}
void client_test(void* args)
{
SOCKET_T sockfd = 0;
@ -90,22 +112,149 @@ void client_test(void* args)
int input;
int msgSz = strlen(msg);
int port = yasslPort;
char* host = (char*)yasslIP;
char* domain = "www.yassl.com";
int ch;
int version = CLIENT_DEFAULT_VERSION;
int usePsk = 0;
int sendGET = 0;
int benchmark = 0;
int doDTLS = 0;
int matchName = 0;
int doPeerCheck = 1;
char* cipherList = NULL;
char* verifyCert = (char*)caCert;
char* ourCert = (char*)cliCert;
char* ourKey = (char*)cliKey;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#if defined(CYASSL_DTLS)
method = CyaDTLSv1_client_method();
#elif !defined(NO_TLS)
method = CyaSSLv23_client_method();
#else
method = CyaSSLv3_client_method();
while ((ch = mygetopt(argc, argv, "?gdusmh:p:v:l:A:c:k:b:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 's' :
usePsk = 1;
break;
case 'm' :
matchName = 1;
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
break;
case 'p' :
port = atoi(myoptarg);
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* DTLS flag */
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
Usage();
exit(MY_EX_USAGE);
}
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */
switch (version) {
case 0:
method = CyaSSLv3_client_method();
break;
case 1:
method = CyaTLSv1_client_method();
break;
case 2:
method = CyaTLSv1_1_client_method();
break;
case 3:
method = CyaTLSv1_2_client_method();
break;
#ifdef CYASSL_DTLS
case -1:
method = CyaDTLSv1_client_method();
break;
#endif
ctx = CyaSSL_CTX_new(method);
default:
err_sys("Bad SSL version");
}
if (method == NULL)
err_sys("unable to get method");
ctx = CyaSSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("can't set cipher list");
#ifndef NO_PSK
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
if (usePsk)
CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
#endif
#ifdef OPENSSL_EXTRA
@ -114,76 +263,44 @@ void client_test(void* args)
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
if (cipherList == NULL)
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
err_sys("can't set cipher list");
#endif
#ifdef USER_CA_CB
CyaSSL_CTX_SetCACb(ctx, CaCb);
#endif
#ifndef NO_FILESYSTEM
if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#ifdef HAVE_ECC
if (CyaSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#endif
#else
load_buffer(ctx, caCert, CYASSL_CA);
#endif
#ifdef VERIFY_CALLBACK
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
#endif
if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (argc == 3) {
/* ./client server securePort */
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); /* TODO: add ca cert */
/* this is just to allow easy testing of other servers */
tcp_connect(&sockfd, argv[1], (short)atoi(argv[2]));
}
else if (argc == 1) {
/* ./client // plain mode */
/* for client cert authentication if server requests */
#ifndef NO_FILESYSTEM
#ifdef HAVE_ECC
if (CyaSSL_CTX_use_certificate_file(ctx, cliEccCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load ecc client cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliEccKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load ecc client key file, "
"Please run from CyaSSL home dir");
#else
if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client key file, "
"Please run from CyaSSL home dir");
#endif /* HAVE_ECC */
#else
load_buffer(ctx, cliCert, CYASSL_CERT);
load_buffer(ctx, cliKey, CYASSL_KEY);
#endif
if (doPeerCheck == 0)
CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
tcp_connect(&sockfd, yasslIP, yasslPort);
}
else if (argc == 2) {
if (benchmark) {
/* time passed in number of connects give average */
int times = atoi(argv[1]);
int times = benchmark;
int i = 0;
double start = current_time(), avg;
for (i = 0; i < times; i++) {
tcp_connect(&sockfd, yasslIP, yasslPort);
tcp_connect(&sockfd, host, port, doDTLS);
ssl = CyaSSL_new(ctx);
CyaSSL_set_fd(ssl, sockfd);
if (CyaSSL_connect(ssl) != SSL_SUCCESS)
@ -195,25 +312,30 @@ void client_test(void* args)
}
avg = current_time() - start;
avg /= times;
avg *= 1000; /* milliseconds */
printf("SSL_connect avg took:%6.3f milliseconds\n", avg);
avg *= 1000; /* milliseconds */
printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg);
CyaSSL_CTX_free(ctx);
((func_args*)args)->return_code = 0;
return;
}
else
err_sys("usage: ./client server securePort");
exit(EXIT_SUCCESS);
}
tcp_connect(&sockfd, host, port, doDTLS);
ssl = CyaSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
CyaSSL_set_fd(ssl, sockfd);
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS)
err_sys("can't enable crl check");
if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
err_sys("can't load crl, check crlfile and date validity");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
#endif
if (argc != 3)
CyaSSL_check_domain_name(ssl, "www.yassl.com");
if (matchName && doPeerCheck)
CyaSSL_check_domain_name(ssl, domain);
#ifdef NON_BLOCKING
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
@ -233,7 +355,7 @@ void client_test(void* args)
#endif
showPeer(ssl);
if (argc == 3) {
if (sendGET) {
printf("SSL connect ok, sending GET...\n");
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
@ -246,7 +368,7 @@ void client_test(void* args)
reply[input] = 0;
printf("Server response: %s\n", reply);
if (argc == 3) { /* get html */
if (sendGET) { /* get html */
while (1) {
input = CyaSSL_read(ssl, reply, sizeof(reply));
if (input > 0) {
@ -260,12 +382,12 @@ void client_test(void* args)
}
#ifdef TEST_RESUME
#ifdef CYASSL_DTLS
if (doDTLS) {
strncpy(msg, "break", 6);
msgSz = (int)strlen(msg);
/* try to send session close */
CyaSSL_write(ssl, msg, msgSz);
#endif
}
session = CyaSSL_get_session(ssl);
sslResume = CyaSSL_new(ctx);
#endif
@ -275,17 +397,14 @@ void client_test(void* args)
CloseSocket(sockfd);
#ifdef TEST_RESUME
#ifdef CYASSL_DTLS
if (doDTLS) {
#ifdef USE_WINDOWS_API
Sleep(500);
#else
sleep(1);
#endif
#endif
if (argc == 3)
tcp_connect(&sockfd, argv[1], (short)atoi(argv[2]));
else
tcp_connect(&sockfd, yasslIP, yasslPort);
}
tcp_connect(&sockfd, host, port);
CyaSSL_set_fd(sslResume, sockfd);
CyaSSL_set_session(sslResume, session);
@ -347,6 +466,9 @@ void client_test(void* args)
return args.return_code;
}
int myoptind = 0;
char* myoptarg = NULL;
#endif /* NO_MAIN_DRIVER */

20
FreeRTOS-Plus/CyaSSL/examples/echoclient/echoclient.c
View file

@ -44,6 +44,7 @@ void echoclient_test(void* args)
SSL_CTX* ctx = 0;
SSL* ssl = 0;
int doDTLS = 0;
int sendSz;
int argc = 0;
char** argv = 0;
@ -64,12 +65,16 @@ void echoclient_test(void* args)
if (!fin) err_sys("can't open input file");
if (!fout) err_sys("can't open output file");
tcp_connect(&sockfd, yasslIP, yasslPort);
#ifdef CYASSL_DTLS
doDTLS = 1;
#endif
tcp_connect(&sockfd, yasslIP, yasslPort, doDTLS);
#if defined(CYASSL_DTLS)
method = DTLSv1_client_method();
#elif !defined(NO_TLS)
method = TLSv1_client_method();
method = CyaSSLv23_client_method();
#else
method = SSLv3_client_method();
#endif
@ -105,7 +110,7 @@ void echoclient_test(void* args)
while (fgets(send, sizeof(send), fin)) {
sendSz = (int)strlen(send) + 1;
sendSz = (int)strlen(send);
if (SSL_write(ssl, send, sendSz) != sendSz)
err_sys("SSL_write failed");
@ -115,7 +120,7 @@ void echoclient_test(void* args)
break;
}
if (strncmp(send, "break", 4) == 0) {
if (strncmp(send, "break", 5) == 0) {
fputs("sending server session close: break!\n", fout);
break;
}
@ -123,6 +128,7 @@ void echoclient_test(void* args)
while (sendSz) {
int got;
if ( (got = SSL_read(ssl, reply, sizeof(reply))) > 0) {
reply[got] = 0;
fputs(reply, fout);
sendSz -= got;
}
@ -165,6 +171,9 @@ void echoclient_test(void* args)
args.argv = argv;
CyaSSL_Init();
#ifdef DEBUG_CYASSL
CyaSSL_Debugging_ON();
#endif
if (CurrentDir("echoclient") || CurrentDir("build"))
ChangeDirBack(2);
echoclient_test(&args);
@ -173,6 +182,9 @@ void echoclient_test(void* args)
return args.return_code;
}
int myoptind = 0;
char* myoptarg = NULL;
#endif /* NO_MAIN_DRIVER */

18
FreeRTOS-Plus/CyaSSL/examples/echoserver/echoserver.c
View file

@ -56,8 +56,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CYASSL_METHOD* method = 0;
CYASSL_CTX* ctx = 0;
int doDTLS = 0;
int outCreated = 0;
int shutdown = 0;
int useAnyAddr = 0;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
@ -72,7 +74,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
((func_args*)args)->return_code = -1; /* error state */
tcp_listen(&sockfd);
#ifdef CYASSL_DTLS
doDTLS = 1;
#endif
tcp_listen(&sockfd, yasslPort, useAnyAddr, doDTLS);
#if defined(CYASSL_DTLS)
method = CyaDTLSv1_server_method();
@ -128,6 +134,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
load_buffer(ctx, svrKey, CYASSL_KEY);
#endif
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
#endif
SignalReady(args);
while (!shutdown) {
@ -231,7 +242,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_free(ssl);
CloseSocket(clientfd);
#ifdef CYASSL_DTLS
tcp_listen(&sockfd);
tcp_listen(&sockfd, yasslPort, useAnyAddr, doDTLS);
SignalReady(args);
#endif
}
@ -273,6 +284,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
return args.return_code;
}
int myoptind = 0;
char* myoptarg = NULL;
#endif /* NO_MAIN_DRIVER */

263
FreeRTOS-Plus/CyaSSL/examples/server/server.c
View file

@ -63,6 +63,25 @@
#endif
static void Usage(void)
{
printf("server " LIBCYASSL_VERSION_STRING
" NOTE: All files relative to CyaSSL home dir\n");
printf("-? Help, print this usage\n");
printf("-p <num> Port to listen on, default %d\n", yasslPort);
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
SERVER_DEFAULT_VERSION);
printf("-l <str> Cipher list\n");
printf("-c <file> Certificate file, default %s\n", svrCert);
printf("-k <file> Key file, default %s\n", svrKey);
printf("-A <file> Certificate Authority file, default %s\n", cliCert);
printf("-d Disable client cert check\n");
printf("-b Bind to any interface instead of localhost only\n");
printf("-s Use pre Shared keys\n");
printf("-u Use UDP DTLS\n");
}
THREAD_RETURN CYASSL_THREAD server_test(void* args)
{
SOCKET_T sockfd = 0;
@ -72,85 +91,194 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
SSL_CTX* ctx = 0;
SSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
int ch;
int version = SERVER_DEFAULT_VERSION;
int doCliCertCheck = 1;
int useAnyAddr = 0;
int port = yasslPort;
int usePsk = 0;
int doDTLS = 0;
int useNtruKey = 0;
char* cipherList = NULL;
char* verifyCert = (char*)cliCert;
char* ourCert = (char*)svrCert;
char* ourKey = (char*)svrKey;
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#if defined(CYASSL_DTLS)
method = DTLSv1_server_method();
#elif !defined(NO_TLS)
method = SSLv23_server_method();
#else
method = SSLv3_server_method();
while ((ch = mygetopt(argc, argv, "?dbsnup:v:l:A:c:k:")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'd' :
doCliCertCheck = 0;
break;
case 'b' :
useAnyAddr = 1;
break;
case 's' :
usePsk = 1;
break;
case 'n' :
useNtruKey = 1;
break;
case 'u' :
doDTLS = 1;
version = -1; /* DTLS flag */
break;
case 'p' :
port = atoi(myoptarg);
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
if (doDTLS)
version = -1; /* stay with DTLS */
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
argc -= myoptind;
argv += myoptind;
myoptind = 0; /* reset for test cases */
switch (version) {
case 0:
method = SSLv3_server_method();
break;
case 1:
method = TLSv1_server_method();
break;
case 2:
method = TLSv1_1_server_method();
break;
case 3:
method = TLSv1_2_server_method();
break;
#ifdef CYASSL_DTLS
case -1:
method = DTLSv1_server_method();
break;
#endif
ctx = SSL_CTX_new(method);
default:
err_sys("Bad SSL version");
}
if (method == NULL)
err_sys("unable to get method");
ctx = SSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("can't set cipher list");
if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
#ifdef HAVE_NTRU
if (useNtruKey) {
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from CyaSSL home dir");
}
#endif
if (!useNtruKey) {
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert file, check file and run from"
" CyaSSL home dir");
}
#ifndef NO_PSK
/* do PSK */
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
SSL_CTX_set_cipher_list(ctx, "PSK-AES256-CBC-SHA");
#else
/* not using PSK, verify peer with certs */
SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
if (usePsk) {
SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
if (cipherList == NULL)
if (SSL_CTX_set_cipher_list(ctx,"PSK-AES256-CBC-SHA") !=SSL_SUCCESS)
err_sys("can't set cipher list");
}
#endif
/* if not using PSK, verify peer with certs */
if (doCliCertCheck && usePsk == 0) {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
}
#ifdef OPENSSL_EXTRA
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#ifndef NO_FILESYSTEM
/* for client auth */
if (SSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from CyaSSL home dir");
#ifdef HAVE_ECC
if (SSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server ecc cert file, "
"Please run from CyaSSL home dir");
if (SSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server ecc key file, "
"Please run from CyaSSL home dir");
/* for client auth */
if (SSL_CTX_load_verify_locations(ctx, cliEccCert, 0) != SSL_SUCCESS)
err_sys("can't load ecc ca file, Please run from CyaSSL home dir");
#elif HAVE_NTRU
if (SSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load ntru cert file, "
"Please run from CyaSSL home dir");
if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey)
!= SSL_SUCCESS)
err_sys("can't load ntru key file, "
"Please run from CyaSSL home dir");
#else /* normal */
if (SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server cert chain file, "
"Please run from CyaSSL home dir");
if (SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load server key file, "
"Please run from CyaSSL home dir");
#endif /* NTRU */
#else
load_buffer(ctx, cliCert, CYASSL_CA);
load_buffer(ctx, svrCert, CYASSL_CERT);
load_buffer(ctx, svrKey, CYASSL_KEY);
#endif /* NO_FILESYSTEM */
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
/* don't use EDH, can't sniff tmp keys */
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
err_sys("can't set cipher list");
#endif
ssl = SSL_new(ctx);
tcp_accept(&sockfd, &clientfd, (func_args*)args);
#ifndef CYASSL_DTLS
CloseSocket(sockfd);
if (ssl == NULL)
err_sys("unable to get SSL");
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
CYASSL_CRL_START_MON);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#endif
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS);
if (!doDTLS)
CloseSocket(sockfd);
SSL_set_fd(ssl, clientfd);
#ifdef NO_PSK
@ -222,6 +350,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
return args.return_code;
}
int myoptind = 0;
char* myoptarg = NULL;
#endif /* NO_MAIN_DRIVER */