X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb..bf028f67fd3bb2266df81b80fb6f25a77112e308:/sslViewer/sslServer.cpp

diff --git a/sslViewer/sslServer.cpp b/sslViewer/sslServer.cpp
index fca50f3e..fefc0898 100644
--- a/sslViewer/sslServer.cpp
+++ b/sslViewer/sslServer.cpp
@@ -45,10 +45,10 @@
 #include <Security/SecCertificatePriv.h>
 
 #include <CoreFoundation/CoreFoundation.h>
-#include "SecurityTool/print_cert.h"
+#include "SecurityTool/sharedTool/print_cert.h"
 
 #if NO_SERVER
-#include <securityd/spi.h>
+#include "keychain/securityd/spi.h"
 #endif
 
 /* Set true when PR-3074739 is merged to TOT */
@@ -226,7 +226,6 @@ static OSStatus sslServe(
 	const char				*acceptedProts,
 	CFArrayRef				serverCerts,		// required
 	char					*password,			// optional
-	CFArrayRef				encryptServerCerts,	// optional
 	bool				allowExpired,
 	bool				allowAnyRoot,
 	bool				allowExpiredRoot,
@@ -260,7 +259,9 @@ static OSStatus sslServe(
     size_t              length;
     uint8_t             rcvBuf[RCV_BUF_SIZE];
 	const char *outMsg = SERVER_MESSAGE;
-	
+
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
     *negVersion = kSSLProtocolUnknown;
     *negCipher = SSL_NULL_WITH_NULL_NULL;
     *peerCerts = NULL;
@@ -288,7 +289,7 @@ static OSStatus sslServe(
 	if(ortn) {
 		printSslErrStr("SSLNewContext", ortn);
 		goto cleanup;
-	} 
+	}
 	ortn = SSLSetIOFuncs(ctx, SocketRead, SocketWrite);
 	if(ortn) {
 		printSslErrStr("SSLSetIOFuncs", ortn);
@@ -337,13 +338,6 @@ static OSStatus sslServe(
 			goto cleanup;
 		}
 	}
-	if(encryptServerCerts) {
-		ortn = SSLSetEncryptionCertificate(ctx, encryptServerCerts);
-		if(ortn) {
-			printSslErrStr("SSLSetEncryptionCertificate", ortn);
-			goto cleanup;
-		}
-	}
 	if(allowExpiredRoot) {
 		ortn = SSLSetAllowsExpiredRoots(ctx, true);
 		if(ortn) {
@@ -481,8 +475,7 @@ static OSStatus sslServe(
 	SSLGetNegotiatedCipher(ctx, negCipher);
 	SSLGetNegotiatedProtocolVersion(ctx, negVersion);
 	*sessionIDLength = MAX_SESSION_ID_LENGTH;
-	SSLGetResumableSessionInfo(ctx, sessionWasResumed, sessionID,
-		sessionIDLength);
+	ortn = SSLGetResumableSessionInfo(ctx, sessionWasResumed, sessionID, sessionIDLength);
 	
 	if(!silent) {
 		printf("\n");
@@ -558,7 +551,10 @@ cleanup:
 	}
 	if(ctx) {
 	    SSLDisposeContext(ctx);  
-	}    
+	}
+
+#pragma clang diagnostic pop
+
 	/* FIXME - dispose of serverCerts */
 	return ortn;
 }
@@ -599,7 +595,7 @@ static void writePeerCerts(
 	for(i=0; i<numCerts; i++) {
 		sprintf(fileName, "%s%02d.cer", fileBase, (int)i);
 		certRef = (SecCertificateRef)CFArrayGetValueAtIndex(peerCerts, i);
-		writeFile(fileName, SecCertificateGetBytePtr(certRef),
+		writeFileSizet(fileName, SecCertificateGetBytePtr(certRef),
 			SecCertificateGetLength(certRef));
 	}
 	printf("...wrote %lu certs to fileBase %s\n", numCerts, fileBase);
@@ -634,10 +630,15 @@ static void showSSLResult(
 		sslGetProtocolVersionString(negVersion));
 	printf("   Negotiated CipherSuite : %s\n",
 		sslGetCipherSuiteString(negCipher));
+
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
 	if(certState != kSSLClientCertNone) {
 		printf("   Client Cert State      : %s\n",
 			sslGetClientCertStateString(certState));
 	}
+#pragma clang diagnostic pop
+
 	printf("   Resumed Session        : ");
 	if(sessionWasResumed) {
 		for(unsigned dex=0; dex<sessionIDLength; dex++) {
@@ -700,13 +701,14 @@ int main(int argc, char **argv)
 	char				*argp;
 	otSocket			listenSock;
 	CFArrayRef			serverCerts = nil;		// required
-	CFArrayRef			encryptCerts = nil;		// optional
 	SecKeychainRef		serverKc = nil;
-	SecKeychainRef		encryptKc = nil;
 	int 				loopNum;
 	int					errCount = 0;
 	SSLClientCertificateState certState;		// obtained from sslServe
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+
 	/* user-spec'd parameters */
 	unsigned short		portNum = DEFAULT_PORT;
 	bool			allowExpired = false;
@@ -722,7 +724,6 @@ int main(int argc, char **argv)
 	bool			resumableEnable = true;
 	bool			pause = false;
 	char				*keyChainName = NULL;
-	char				*encryptKeyChainName = NULL;
 	int					loops = 1;
 	SSLAuthenticate		authenticate = kNeverAuthenticate;
 	bool			nonBlocking = false;
@@ -733,10 +734,8 @@ int main(int argc, char **argv)
 	bool			vfyCertState = false;
 	SSLClientCertificateState expectCertState = kSSLClientCertNone;
 	char				*password = NULL;
-	char				*dhParamsFile = NULL;
 	unsigned char		*dhParams = NULL;
 	unsigned			dhParamsLen = 0;
-	bool			doIdSearch = false;
 	bool			completeCertChain = false;
 	uint32_t				sessionCacheTimeout = 0;
 	bool			disableAnonCiphers = false;
@@ -751,9 +750,6 @@ int main(int argc, char **argv)
 			case 'k':
 				keyChainName = &argp[2];
 				break;
-			case 'y':
-				encryptKeyChainName = &argp[2];
-				break;
 			case 'e':
 				allowExpired = true;
 				break;
@@ -854,13 +850,11 @@ int main(int argc, char **argv)
 					/* requires another arg */
 					usage(argv);
 				}
-				dhParamsFile = argv[arg];
 				break;
 			case 'z':
 				password = &argp[2];
 				break;
 			case 'H':
-				doIdSearch = true;
 				break;
 			case 'M':
 				completeCertChain = true;
@@ -877,33 +871,6 @@ int main(int argc, char **argv)
 			case 'q':
 				quiet = true;
 				break;
-#if 0
-			case 'U':
-				if(++arg == argc)  {
-					/* requires another arg */
-					usage(argv);
-				}
-				if(cspReadFile(argv[arg], &caCert, &caCertLen)) {
-					printf("***Error reading file %s. Aborting.\n", argv[arg]);
-					exit(1);
-				}
-				if(acceptableDNList == NULL) {
-					acceptableDNList = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
-				}
-				certData.Data = caCert;
-				certData.Length = caCertLen;
-				ortn = SecCertificateCreateFromData(&certData,
-													CSSM_CERT_X_509v3,
-													CSSM_CERT_ENCODING_DER,
-													&secCert);
-				if(ortn) {
-					cssmPerror("SecCertificateCreateFromData", ortn);
-					exit(1);
-				}
-				CFArrayAppendValue(acceptableDNList, secCert);
-				CFRelease(secCert);
-				break;
-#endif
 			case 'l':
 				if(argp[1] == '\0') {
 					/* no loop count --> loop forever */
@@ -933,35 +900,7 @@ int main(int argc, char **argv)
 		if(serverCerts == nil) {
 			exit(1);
 		}
-	}
-	else 
-#if 0
-    if(doIdSearch) {
-		OSStatus ortn = sslIdentityPicker(NULL, anchorFile, true, NULL, &serverCerts);
-		if(ortn) {
-			printf("***IdentitySearch failure; aborting.\n");
-			exit(1);
-		}
-	}
-	if(password) {
-		OSStatus ortn = SecKeychainUnlock(serverKc, strlen(password), password, true);
-		if(ortn) {
-			printf("SecKeychainUnlock returned %d\n", (int)ortn);
-			/* oh well */
-		}
-	}
-	if(encryptKeyChainName) {
-		encryptCerts = getSslCerts(encryptKeyChainName, true, completeCertChain,
-			anchorFile, &encryptKc);
-		if(encryptCerts == nil) {
-			exit(1);
-		}
-	}
-#else
-    (void) doIdSearch;
-    (void) encryptKeyChainName;
-#endif
-	if(protXOnly) {
+	} else if(protXOnly) {
 		switch(attemptProt) {
 			case kTLSProtocol1:
 				attemptProt = kTLSProtocol1Only;
@@ -973,17 +912,8 @@ int main(int argc, char **argv)
 				break;
 		}
 	}
-#if 0
-	if(dhParamsFile) {
-		int r = cspReadFile(dhParamsFile, &dhParams, &dhParamsLen);
-		if(r) {
-			printf("***Error reading diffie-hellman params from %s; aborting\n",
-				dhParamsFile);
-		}
-	}
-#else
-    (void) dhParamsFile;
-#endif
+
+#pragma clang diagnostic pop
 
 	/* one-time only server port setup */
 	err = ListenForClients(portNum, nonBlocking, &listenSock);
@@ -999,7 +929,6 @@ int main(int argc, char **argv)
 			acceptedProts,
 			serverCerts,
 			password,
-			encryptCerts,
 			allowExpired,
 			allowAnyRoot,
 			allowExpiredRoot,
@@ -1055,9 +984,6 @@ int main(int argc, char **argv)
 	if(serverKc) {
 		CFRelease(serverKc);
 	}
-	if(encryptKc) {
-		CFRelease(encryptKc);
-	}
     return errCount;
 
 }