]> git.saurik.com Git - apple/security.git/blobdiff - sslViewer/sslServer.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-59306.101.1.tar.gz
[apple/security.git] / sslViewer / sslServer.cpp
diff --git a/sslViewer/sslServer.cpp b/sslViewer/sslServer.cpp
index fca50f3ed8504eb936e6cbef51d3fa1cc1595fd6..fefc0898f983a39ece46227f47387da336d3d17f 100644 (file)
--- a/sslViewer/sslServer.cpp
+++ b/sslViewer/sslServer.cpp
@@ -45,10 +45,10 @@
 #include <Security/SecCertificatePriv.h>
 
 #include <CoreFoundation/CoreFoundation.h>
 #include <Security/SecCertificatePriv.h>
 
 #include <CoreFoundation/CoreFoundation.h>
-#include "SecurityTool/print_cert.h"
+#include "SecurityTool/sharedTool/print_cert.h"
 
 #if NO_SERVER
 
 #if NO_SERVER
-#include <securityd/spi.h>
+#include "keychain/securityd/spi.h"
 #endif
 
 /* Set true when PR-3074739 is merged to TOT */
 #endif
 
 /* Set true when PR-3074739 is merged to TOT */
@@ -226,7 +226,6 @@ static OSStatus sslServe(
        const char                              *acceptedProts,
        CFArrayRef                              serverCerts,            // required
        char                                    *password,                      // optional
        const char                              *acceptedProts,
        CFArrayRef                              serverCerts,            // required
        char                                    *password,                      // optional
-       CFArrayRef                              encryptServerCerts,     // optional
        bool                            allowExpired,
        bool                            allowAnyRoot,
        bool                            allowExpiredRoot,
        bool                            allowExpired,
        bool                            allowAnyRoot,
        bool                            allowExpiredRoot,
@@ -260,7 +259,9 @@ static OSStatus sslServe(
     size_t              length;
     uint8_t             rcvBuf[RCV_BUF_SIZE];
        const char *outMsg = SERVER_MESSAGE;
     size_t              length;
     uint8_t             rcvBuf[RCV_BUF_SIZE];
        const char *outMsg = SERVER_MESSAGE;
-       
+
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
     *negVersion = kSSLProtocolUnknown;
     *negCipher = SSL_NULL_WITH_NULL_NULL;
     *peerCerts = NULL;
     *negVersion = kSSLProtocolUnknown;
     *negCipher = SSL_NULL_WITH_NULL_NULL;
     *peerCerts = NULL;
@@ -288,7 +289,7 @@ static OSStatus sslServe(
        if(ortn) {
                printSslErrStr("SSLNewContext", ortn);
                goto cleanup;
        if(ortn) {
                printSslErrStr("SSLNewContext", ortn);
                goto cleanup;
-       } 
+       }
        ortn = SSLSetIOFuncs(ctx, SocketRead, SocketWrite);
        if(ortn) {
                printSslErrStr("SSLSetIOFuncs", ortn);
        ortn = SSLSetIOFuncs(ctx, SocketRead, SocketWrite);
        if(ortn) {
                printSslErrStr("SSLSetIOFuncs", ortn);
@@ -337,13 +338,6 @@ static OSStatus sslServe(
                        goto cleanup;
                }
        }
                        goto cleanup;
                }
        }
-       if(encryptServerCerts) {
-               ortn = SSLSetEncryptionCertificate(ctx, encryptServerCerts);
-               if(ortn) {
-                       printSslErrStr("SSLSetEncryptionCertificate", ortn);
-                       goto cleanup;
-               }
-       }
        if(allowExpiredRoot) {
                ortn = SSLSetAllowsExpiredRoots(ctx, true);
                if(ortn) {
        if(allowExpiredRoot) {
                ortn = SSLSetAllowsExpiredRoots(ctx, true);
                if(ortn) {
@@ -481,8 +475,7 @@ static OSStatus sslServe(
        SSLGetNegotiatedCipher(ctx, negCipher);
        SSLGetNegotiatedProtocolVersion(ctx, negVersion);
        *sessionIDLength = MAX_SESSION_ID_LENGTH;
        SSLGetNegotiatedCipher(ctx, negCipher);
        SSLGetNegotiatedProtocolVersion(ctx, negVersion);
        *sessionIDLength = MAX_SESSION_ID_LENGTH;
-       SSLGetResumableSessionInfo(ctx, sessionWasResumed, sessionID,
-               sessionIDLength);
+       ortn = SSLGetResumableSessionInfo(ctx, sessionWasResumed, sessionID, sessionIDLength);
        
        if(!silent) {
                printf("\n");
        
        if(!silent) {
                printf("\n");
@@ -558,7 +551,10 @@ cleanup:
        }
        if(ctx) {
            SSLDisposeContext(ctx);  
        }
        if(ctx) {
            SSLDisposeContext(ctx);  
-       }    
+       }
+
+#pragma clang diagnostic pop
+
        /* FIXME - dispose of serverCerts */
        return ortn;
 }
        /* FIXME - dispose of serverCerts */
        return ortn;
 }
@@ -599,7 +595,7 @@ static void writePeerCerts(
        for(i=0; i<numCerts; i++) {
                sprintf(fileName, "%s%02d.cer", fileBase, (int)i);
                certRef = (SecCertificateRef)CFArrayGetValueAtIndex(peerCerts, i);
        for(i=0; i<numCerts; i++) {
                sprintf(fileName, "%s%02d.cer", fileBase, (int)i);
                certRef = (SecCertificateRef)CFArrayGetValueAtIndex(peerCerts, i);
-               writeFile(fileName, SecCertificateGetBytePtr(certRef),
+               writeFileSizet(fileName, SecCertificateGetBytePtr(certRef),
                        SecCertificateGetLength(certRef));
        }
        printf("...wrote %lu certs to fileBase %s\n", numCerts, fileBase);
                        SecCertificateGetLength(certRef));
        }
        printf("...wrote %lu certs to fileBase %s\n", numCerts, fileBase);
@@ -634,10 +630,15 @@ static void showSSLResult(
                sslGetProtocolVersionString(negVersion));
        printf("   Negotiated CipherSuite : %s\n",
                sslGetCipherSuiteString(negCipher));
                sslGetProtocolVersionString(negVersion));
        printf("   Negotiated CipherSuite : %s\n",
                sslGetCipherSuiteString(negCipher));
+
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
        if(certState != kSSLClientCertNone) {
                printf("   Client Cert State      : %s\n",
                        sslGetClientCertStateString(certState));
        }
        if(certState != kSSLClientCertNone) {
                printf("   Client Cert State      : %s\n",
                        sslGetClientCertStateString(certState));
        }
+#pragma clang diagnostic pop
+
        printf("   Resumed Session        : ");
        if(sessionWasResumed) {
                for(unsigned dex=0; dex<sessionIDLength; dex++) {
        printf("   Resumed Session        : ");
        if(sessionWasResumed) {
                for(unsigned dex=0; dex<sessionIDLength; dex++) {
@@ -700,13 +701,14 @@ int main(int argc, char **argv)
        char                            *argp;
        otSocket                        listenSock;
        CFArrayRef                      serverCerts = nil;              // required
        char                            *argp;
        otSocket                        listenSock;
        CFArrayRef                      serverCerts = nil;              // required
-       CFArrayRef                      encryptCerts = nil;             // optional
        SecKeychainRef          serverKc = nil;
        SecKeychainRef          serverKc = nil;
-       SecKeychainRef          encryptKc = nil;
        int                             loopNum;
        int                                     errCount = 0;
        SSLClientCertificateState certState;            // obtained from sslServe
 
        int                             loopNum;
        int                                     errCount = 0;
        SSLClientCertificateState certState;            // obtained from sslServe
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+
        /* user-spec'd parameters */
        unsigned short          portNum = DEFAULT_PORT;
        bool                    allowExpired = false;
        /* user-spec'd parameters */
        unsigned short          portNum = DEFAULT_PORT;
        bool                    allowExpired = false;
@@ -722,7 +724,6 @@ int main(int argc, char **argv)
        bool                    resumableEnable = true;
        bool                    pause = false;
        char                            *keyChainName = NULL;
        bool                    resumableEnable = true;
        bool                    pause = false;
        char                            *keyChainName = NULL;
-       char                            *encryptKeyChainName = NULL;
        int                                     loops = 1;
        SSLAuthenticate         authenticate = kNeverAuthenticate;
        bool                    nonBlocking = false;
        int                                     loops = 1;
        SSLAuthenticate         authenticate = kNeverAuthenticate;
        bool                    nonBlocking = false;
@@ -733,10 +734,8 @@ int main(int argc, char **argv)
        bool                    vfyCertState = false;
        SSLClientCertificateState expectCertState = kSSLClientCertNone;
        char                            *password = NULL;
        bool                    vfyCertState = false;
        SSLClientCertificateState expectCertState = kSSLClientCertNone;
        char                            *password = NULL;
-       char                            *dhParamsFile = NULL;
        unsigned char           *dhParams = NULL;
        unsigned                        dhParamsLen = 0;
        unsigned char           *dhParams = NULL;
        unsigned                        dhParamsLen = 0;
-       bool                    doIdSearch = false;
        bool                    completeCertChain = false;
        uint32_t                                sessionCacheTimeout = 0;
        bool                    disableAnonCiphers = false;
        bool                    completeCertChain = false;
        uint32_t                                sessionCacheTimeout = 0;
        bool                    disableAnonCiphers = false;
@@ -751,9 +750,6 @@ int main(int argc, char **argv)
                        case 'k':
                                keyChainName = &argp[2];
                                break;
                        case 'k':
                                keyChainName = &argp[2];
                                break;
-                       case 'y':
-                               encryptKeyChainName = &argp[2];
-                               break;
                        case 'e':
                                allowExpired = true;
                                break;
                        case 'e':
                                allowExpired = true;
                                break;
@@ -854,13 +850,11 @@ int main(int argc, char **argv)
                                        /* requires another arg */
                                        usage(argv);
                                }
                                        /* requires another arg */
                                        usage(argv);
                                }
-                               dhParamsFile = argv[arg];
                                break;
                        case 'z':
                                password = &argp[2];
                                break;
                        case 'H':
                                break;
                        case 'z':
                                password = &argp[2];
                                break;
                        case 'H':
-                               doIdSearch = true;
                                break;
                        case 'M':
                                completeCertChain = true;
                                break;
                        case 'M':
                                completeCertChain = true;
@@ -877,33 +871,6 @@ int main(int argc, char **argv)
                        case 'q':
                                quiet = true;
                                break;
                        case 'q':
                                quiet = true;
                                break;
-#if 0
-                       case 'U':
-                               if(++arg == argc)  {
-                                       /* requires another arg */
-                                       usage(argv);
-                               }
-                               if(cspReadFile(argv[arg], &caCert, &caCertLen)) {
-                                       printf("***Error reading file %s. Aborting.\n", argv[arg]);
-                                       exit(1);
-                               }
-                               if(acceptableDNList == NULL) {
-                                       acceptableDNList = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
-                               }
-                               certData.Data = caCert;
-                               certData.Length = caCertLen;
-                               ortn = SecCertificateCreateFromData(&certData,
-                                                                                                       CSSM_CERT_X_509v3,
-                                                                                                       CSSM_CERT_ENCODING_DER,
-                                                                                                       &secCert);
-                               if(ortn) {
-                                       cssmPerror("SecCertificateCreateFromData", ortn);
-                                       exit(1);
-                               }
-                               CFArrayAppendValue(acceptableDNList, secCert);
-                               CFRelease(secCert);
-                               break;
-#endif
                        case 'l':
                                if(argp[1] == '\0') {
                                        /* no loop count --> loop forever */
                        case 'l':
                                if(argp[1] == '\0') {
                                        /* no loop count --> loop forever */
@@ -933,35 +900,7 @@ int main(int argc, char **argv)
                if(serverCerts == nil) {
                        exit(1);
                }
                if(serverCerts == nil) {
                        exit(1);
                }
-       }
-       else 
-#if 0
-    if(doIdSearch) {
-               OSStatus ortn = sslIdentityPicker(NULL, anchorFile, true, NULL, &serverCerts);
-               if(ortn) {
-                       printf("***IdentitySearch failure; aborting.\n");
-                       exit(1);
-               }
-       }
-       if(password) {
-               OSStatus ortn = SecKeychainUnlock(serverKc, strlen(password), password, true);
-               if(ortn) {
-                       printf("SecKeychainUnlock returned %d\n", (int)ortn);
-                       /* oh well */
-               }
-       }
-       if(encryptKeyChainName) {
-               encryptCerts = getSslCerts(encryptKeyChainName, true, completeCertChain,
-                       anchorFile, &encryptKc);
-               if(encryptCerts == nil) {
-                       exit(1);
-               }
-       }
-#else
-    (void) doIdSearch;
-    (void) encryptKeyChainName;
-#endif
-       if(protXOnly) {
+       } else if(protXOnly) {
                switch(attemptProt) {
                        case kTLSProtocol1:
                                attemptProt = kTLSProtocol1Only;
                switch(attemptProt) {
                        case kTLSProtocol1:
                                attemptProt = kTLSProtocol1Only;
@@ -973,17 +912,8 @@ int main(int argc, char **argv)
                                break;
                }
        }
                                break;
                }
        }
-#if 0
-       if(dhParamsFile) {
-               int r = cspReadFile(dhParamsFile, &dhParams, &dhParamsLen);
-               if(r) {
-                       printf("***Error reading diffie-hellman params from %s; aborting\n",
-                               dhParamsFile);
-               }
-       }
-#else
-    (void) dhParamsFile;
-#endif
+
+#pragma clang diagnostic pop
 
        /* one-time only server port setup */
        err = ListenForClients(portNum, nonBlocking, &listenSock);
 
        /* one-time only server port setup */
        err = ListenForClients(portNum, nonBlocking, &listenSock);
@@ -999,7 +929,6 @@ int main(int argc, char **argv)
                        acceptedProts,
                        serverCerts,
                        password,
                        acceptedProts,
                        serverCerts,
                        password,
-                       encryptCerts,
                        allowExpired,
                        allowAnyRoot,
                        allowExpiredRoot,
                        allowExpired,
                        allowAnyRoot,
                        allowExpiredRoot,
@@ -1055,9 +984,6 @@ int main(int argc, char **argv)
        if(serverKc) {
                CFRelease(serverKc);
        }
        if(serverKc) {
                CFRelease(serverKc);
        }
-       if(encryptKc) {
-               CFRelease(encryptKc);
-       }
     return errCount;
 
 }
     return errCount;
 
 }
mirror of Security