summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJannis Hoffmann <jannis@fehcom.de>2024-07-14 22:30:34 +0200
committerJannis Hoffmann <jannis@fehcom.de>2024-07-14 22:30:34 +0200
commit5e84d7b76ce1cccdaf0900d62a94d0d1d88cdd62 (patch)
tree61500c277101ec46af8fed732dfe1c17b941b42c
parent1087d4df2a7342d2832ba3bab1843bf4a3040775 (diff)
convert to the meson build system
This removes a lot of files. Remove all conf-* files. The settings move to meson.options. Add editor config. Remove the auto_*.h files. They move to config.h.in.
Diffstat
-rw-r--r--.editorconfig15
-rw-r--r--conf-cadir4
-rw-r--r--conf-cafile3
-rw-r--r--conf-cc3
-rw-r--r--conf-ccafile3
-rw-r--r--conf-ccperl7
-rw-r--r--conf-certchainfile3
-rw-r--r--conf-certfile3
-rw-r--r--conf-ciphers16
-rw-r--r--conf-dhfile7
-rw-r--r--conf-home4
-rw-r--r--conf-keyfile3
-rw-r--r--conf-ld4
-rw-r--r--conf-ldperl7
-rw-r--r--conf-man4
-rw-r--r--conf-perl3
-rw-r--r--conf-qlibs3
-rw-r--r--conf-rsa3
-rw-r--r--conf-ssl12
-rw-r--r--conf-ssllib11
-rw-r--r--man/meson.build4
-rw-r--r--meson.build85
-rw-r--r--meson.format5
-rw-r--r--meson.options29
-rw-r--r--script/meson.build15
-rw-r--r--src/Makefile351
-rw-r--r--src/TARGETS62
-rw-r--r--src/auto-str.c42
-rw-r--r--src/auto_cadir.h6
-rw-r--r--src/auto_cafile.h6
-rw-r--r--src/auto_ccafile.h6
-rw-r--r--src/auto_certchainfile.h6
-rw-r--r--src/auto_certfile.h6
-rw-r--r--src/auto_ciphers.h6
-rw-r--r--src/auto_dhfile.h6
-rw-r--r--src/auto_keyfile.h6
-rw-r--r--src/chkshsgr.c14
-rw-r--r--src/choose.sh18
-rw-r--r--src/coe.c2
-rw-r--r--src/config.h.in8
-rw-r--r--src/exit.h6
-rw-r--r--src/exp.base325
-rw-r--r--src/exp.it0
-rw-r--r--src/exp.sslperl105
-rw-r--r--src/find-systype.sh151
-rw-r--r--src/fork.h19
-rw-r--r--src/fork.h29
-rw-r--r--src/hassgact.h13
-rw-r--r--src/hassgact.h24
-rw-r--r--src/hassgprm.h13
-rw-r--r--src/hassgprm.h24
-rw-r--r--src/hasshsgr.h13
-rw-r--r--src/hasshsgr.h24
-rw-r--r--src/haswaitp.h13
-rw-r--r--src/haswaitp.h24
-rw-r--r--src/it-base=d7
-rw-r--r--src/it-sslperl=d1
-rw-r--r--src/it-sys=d1
-rw-r--r--src/it=d1
-rw-r--r--src/meson.build106
-rw-r--r--src/print-ar.sh14
-rw-r--r--src/print-cc.sh62
-rw-r--r--src/print-ccperl.sh10
-rw-r--r--src/print-dl.sh14
-rw-r--r--src/print-ld.sh18
-rw-r--r--src/print-ldperl.sh10
-rw-r--r--src/print-perlembed.sh10
-rw-r--r--src/rts.base329
-rw-r--r--src/rts.it197
-rw-r--r--src/rts.sslperl157
-rw-r--r--src/select.h112
-rw-r--r--src/select.h213
-rw-r--r--src/sslclient.c4
-rw-r--r--src/sslhandle.c68
-rw-r--r--src/sslserver.c13
-rw-r--r--src/trycpp.c9
-rw-r--r--src/trylsock.c4
-rw-r--r--src/trysgact.c12
-rw-r--r--src/trysgprm.c12
-rw-r--r--src/tryshsgr.c16
-rw-r--r--src/tryssl.c6
-rw-r--r--src/trysysel.c11
-rw-r--r--src/tryvfork.c4
-rw-r--r--src/warn-auto.sh2
-rw-r--r--src/warn-shsgr3
-rw-r--r--src/x86cpuid.c40
86 files changed, 303 insertions, 2297 deletions
diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..51e7219
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,15 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+trim_trailing_whitespace = true
+
+[*.{c,h}]
+indent_style = space
+indent_size = 2
+
+[meson.build]
+indent_style = space
+indent_size = 2
diff --git a/conf-cadir b/conf-cadir
deleted file mode 100644
index 80d386a..0000000
--- a/conf-cadir
+++ /dev/null
@@ -1,4 +0,0 @@
-/usr/local/ssl/certs
-
-# This is the ucspi-ssl CA directory.
-# An empty name means no certificate directory is compiled in.
diff --git a/conf-cafile b/conf-cafile
deleted file mode 100644
index f8d31bd..0000000
--- a/conf-cafile
+++ /dev/null
@@ -1,3 +0,0 @@
-
-# This is the ucspi-ssl CA file.
-# An empty name means no certificate file is compiled in.
diff --git a/conf-cc b/conf-cc
deleted file mode 100644
index 24b6cfd..0000000
--- a/conf-cc
+++ /dev/null
@@ -1,3 +0,0 @@
-cc -O2 -g -Wall
-
-# This will be used to compile .c files.
diff --git a/conf-ccafile b/conf-ccafile
deleted file mode 100644
index d0ab55b..0000000
--- a/conf-ccafile
+++ /dev/null
@@ -1,3 +0,0 @@
-
-# This is the ucspi-ssl client CA file.
-# An empty name means no client certificate file is compiled in.
diff --git a/conf-ccperl b/conf-ccperl
deleted file mode 100644
index e411971..0000000
--- a/conf-ccperl
+++ /dev/null
@@ -1,7 +0,0 @@
-auto
-
-# The compiler arguments required for sslperl.
-# All arguments must appear on a single line.
-# If the word "auto" appears, use the output from
-
-#=> `head -1 conf-perl` -MExtUtils::Embed -e ccopts
diff --git a/conf-certchainfile b/conf-certchainfile
deleted file mode 100644
index fcb6825..0000000
--- a/conf-certchainfile
+++ /dev/null
@@ -1,3 +0,0 @@
-
-# This is the sslserver certificate file.
-# An empty name means no certificate file is compiled in.
diff --git a/conf-certfile b/conf-certfile
deleted file mode 100644
index fcb6825..0000000
--- a/conf-certfile
+++ /dev/null
@@ -1,3 +0,0 @@
-
-# This is the sslserver certificate file.
-# An empty name means no certificate file is compiled in.
diff --git a/conf-ciphers b/conf-ciphers
deleted file mode 100644
index c4399d6..0000000
--- a/conf-ciphers
+++ /dev/null
@@ -1,16 +0,0 @@
-
-# This is the list of ciphers to use. Sample for TLS < 1.3:
-
-ALL:!EXP:!MD5:!RC4:!ADH:!DES:!3DES:!PSK:!aNULL
-
-# This is the list of ciphers to use. Sample for TLS 1.3:
-
-TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
-
-Comment:
-
-a) CHACHA20_POLY1305 has preference (hardest to break)
-b) AES_128_GCM comes next (-> GCM is 128 bit only!)
-c) AES_256_GCM is last (AES is mostly HW accelerated)
-
-# An empty name means use the ciphers compiled into openssl.
diff --git a/conf-dhfile b/conf-dhfile
deleted file mode 100644
index 19fb6d0..0000000
--- a/conf-dhfile
+++ /dev/null
@@ -1,7 +0,0 @@
-/package/host/superscript.com/net/ucspi-ssl/etc/dh1024.pem
-
-# This is ucspi-ssl's DH parameter file.
-
-# /usr/local/ssl/pem/dh1024.pem
-
-# This is OpenSSL's DH default parameter file.
diff --git a/conf-home b/conf-home
deleted file mode 100644
index a68e872..0000000
--- a/conf-home
+++ /dev/null
@@ -1,4 +0,0 @@
-/usr/local
-
-This is the ucspi-ssl home directory. Programs will be installed in
-.../bin.
diff --git a/conf-keyfile b/conf-keyfile
deleted file mode 100644
index 69f26ed..0000000
--- a/conf-keyfile
+++ /dev/null
@@ -1,3 +0,0 @@
-
-# This is the sslserver key file.
-# An empty name means no key file is compiled in.
diff --git a/conf-ld b/conf-ld
deleted file mode 100644
index a01f6d3..0000000
--- a/conf-ld
+++ /dev/null
@@ -1,4 +0,0 @@
-cc -s
-
-# This will be used to link .o files into an executable.
-# The '-m64' option will be inclucded automatically.
diff --git a/conf-ldperl b/conf-ldperl
deleted file mode 100644
index 83ed11b..0000000
--- a/conf-ldperl
+++ /dev/null
@@ -1,7 +0,0 @@
-auto
-
-# The loader arguments required for tcpperl.
-# All arguments must appear on a single line.
-# If the word "auto" appears, use the output from
-
-#=> `head -1 conf-perl` -MExtUtils::Embed -e ldopts
diff --git a/conf-man b/conf-man
deleted file mode 100644
index 944b0af..0000000
--- a/conf-man
+++ /dev/null
@@ -1,4 +0,0 @@
-
-/usr/share/man
-
-# Directories to install man pages - if no manpath is available
diff --git a/conf-perl b/conf-perl
deleted file mode 100644
index 79d4318..0000000
--- a/conf-perl
+++ /dev/null
@@ -1,3 +0,0 @@
-perl
-
-# How to run perl when searching for compiler and loader options.
diff --git a/conf-qlibs b/conf-qlibs
deleted file mode 100644
index 8d1fd94..0000000
--- a/conf-qlibs
+++ /dev/null
@@ -1,3 +0,0 @@
-/usr/local/qlibs
-
-# This is the path to your qlibs directory
diff --git a/conf-rsa b/conf-rsa
deleted file mode 100644
index 480a5c9..0000000
--- a/conf-rsa
+++ /dev/null
@@ -1,3 +0,0 @@
-2048
-
-# The length of the RSA key
diff --git a/conf-ssl b/conf-ssl
deleted file mode 100644
index 3ed85f8..0000000
--- a/conf-ssl
+++ /dev/null
@@ -1,12 +0,0 @@
--I/usr/local/openssl-3.0.7/include/
-
-# using the system default it could stay empty; otherwise check for that
-
--I/usr/local/openssl-3.0.7/include/
--I/home/ucspi/_SSL/libressl-3.7.2/include/
-
--I/usr/kerberos/include
-
-# This will be used to include headers from a different version,
-# or if openssl requires additional support, e.g. kerberos support on RedHat Linux.
-
diff --git a/conf-ssllib b/conf-ssllib
deleted file mode 100644
index 0f2cf61..0000000
--- a/conf-ssllib
+++ /dev/null
@@ -1,11 +0,0 @@
--L/usr/local/openssl-3.0.7 -lssl -lcrypto
-
--lssl -lcrypto
-
-# These are samples for OpenSSL and LibreSSL to be semi-statically linked
-
--L/home/ucspi/_SSL/libressl-3.7.2/ssl/.libs -L/home/ucspi/_SSL/libressl-3.7.2/crypto/.libs -lssl -lcrypto
--L/usr/local/openssl-3.0.7 -lssl -lcrypto
-
-# This will be used to add SSL and crypto support by the given library path (-L)
-# In case the ssl and crypto lib is not in your lib path, use LD_LIBRARY_PATH additionally upon call!
diff --git a/man/meson.build b/man/meson.build
new file mode 100644
index 0000000..4668b69
--- /dev/null
+++ b/man/meson.build
@@ -0,0 +1,4 @@
+if not get_option('lib-only')
+ install_man('https@.1', 'sslcat.1', 'sslclient.1', 'sslconnect.1', 'sslhandle.1', 'sslserver.1')
+endif
+install_man('ucspi-tls.2')
diff --git a/meson.build b/meson.build
new file mode 100644
index 0000000..4126229
--- /dev/null
+++ b/meson.build
@@ -0,0 +1,85 @@
+project(
+ 'ucspi-ssl',
+ 'c',
+ meson_version : '>=1.3.0',
+ version : '0.12.10',
+ default_options : ['c_std=gnu99'],
+)
+
+qlibs_dep = dependency('qlibs', version : '>=22', fallback : ['fehQlibs', 'qlibs_dep'])
+ssl_dep = dependency('libssl', version : '>=1.1')
+crypto_dep = dependency('libcrypto')
+
+if not get_option('lib-only')
+
+ dnsresolv_dep = dependency(
+ 'dnsresolv',
+ version : '>=22',
+ fallback : ['fehQlibs', 'qlibs_dnsresolv_dep'],
+ )
+
+ perl = find_program('perl', required : false)
+ use_perl = get_option('sslperl').require(perl.found())
+
+ if use_perl.allowed()
+
+ perl_cc_runres = run_command(perl, '-MExtUtils::Embed', '-e', 'ccopts', '--', check : false)
+ perl_ld_runres = run_command(perl, '-MExtUtils::Embed', '-e', 'ldopts', '--', check : false)
+ perl_version = run_command(perl, '-MConfig', '-e', 'print $Config{version}', check : false)
+
+ use_perl = use_perl.require(perl_cc_runres.returncode() == 0)
+ use_perl = use_perl.require(perl_ld_runres.returncode() == 0)
+ use_perl = use_perl.require(perl_version.returncode() == 0)
+
+ if use_perl.allowed()
+ perl_dep = declare_dependency(
+ compile_args : perl_cc_runres.stdout().split(),
+ link_args : perl_ld_runres.stdout().split(),
+ version : perl_version.stdout(),
+ )
+ else
+ perl_dep = disabler()
+ endif
+ else
+ perl_dep = disabler()
+ endif
+
+endif
+
+subdir('src')
+if not get_option('lib-only')
+ subdir('script')
+endif
+subdir('man')
+
+ucspissl_dep = declare_dependency(include_directories : 'src', link_with : ucspissl_lib)
+
+pkgc = import('pkgconfig')
+pkgc.generate(ucspissl_lib)
+
+if not get_option('lib-only')
+
+ if get_option('dhfile') != ''
+ install_data(get_option('dhfile'))
+ endif
+
+ s = {'build_sslperl' : perl_dep.found()}
+
+ if perl_dep.found()
+ s += {'perl_version' : perl_dep.version()}
+ endif
+
+ s += {
+ 'cadir' : get_option('cadir'),
+ 'cafile' : get_option('cafile'),
+ 'ccafile' : get_option('ccafile'),
+ 'certchainfile' : get_option('certchainfile'),
+ 'certfile' : get_option('certfile'),
+ 'ciphers' : get_option('ciphers'),
+ 'dhfile' : get_option('dhfile'),
+ 'keyfile' : get_option('keyfile'),
+ }
+
+ summary(s, bool_yn : true)
+
+endif
diff --git a/meson.format b/meson.format
new file mode 100644
index 0000000..fe8362b
--- /dev/null
+++ b/meson.format
@@ -0,0 +1,5 @@
+max_line_length = 100
+indent_by = ' '
+wide_colon = true
+end_of_line = lf
+sort_files = true
diff --git a/meson.options b/meson.options
new file mode 100644
index 0000000..41658b5
--- /dev/null
+++ b/meson.options
@@ -0,0 +1,29 @@
+option('cadir', type : 'string', value : '/etc/ssl/certs',
+ description : 'This is the ucspi-ssl CA directory. An empty name means no certificate directory is compiled in.')
+option('cafile', type : 'string', value : '',
+ description : 'This is the ucspi-ssl CA file. An empty name means no certificate file is compiled in.')
+option('ccafile', type : 'string', value : '',
+ description : 'This is the ucspi-ssl client CA file. An empty name means no client certificate file is compiled in.')
+option('certfile', type : 'string', value : '',
+ description : 'This is the sslserver certificate file. An empty name means no certificate file is compiled in.')
+option('certchainfile', type : 'string', value : '',
+ description : 'This is the sslserver certificate file. An empty name means no certificate file is compiled in.')
+option('dhfile', type : 'string', value : 'etc/dh2048.pem',
+ description : 'This is ucspi-ssls DH parameter file.')
+option('keyfile', type : 'string', value : '',
+ description : 'This is the sslserver key file. An empty name means no key file is compiled in.')
+
+# This is the list of ciphers to use. Sample for TLS < 1.3:
+# ALL:!EXP:!MD5:!RC4:!ADH:!DES:!3DES:!PSK:!aNULL
+# This is the list of ciphers to use. Sample for TLS 1.3:
+# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
+#
+# Comment:
+# a) CHACHA20_POLY1305 has preference (hardest to break)
+# b) AES_128_GCM comes next (-> GCM is 128 bit only!)
+# c) AES_256_GCM is last (AES is mostly HW accelerated)
+option('ciphers', type : 'string', value : '',
+ description : 'TLS ciphers. An empty name means use the ciphers compiled into openssl.')
+
+option('lib-only', type : 'boolean', value : false, description : 'build only libucspissl')
+option('sslperl', type : 'feature', description : 'Build the sslperl program.')
diff --git a/script/meson.build b/script/meson.build
new file mode 100644
index 0000000..e4d647b
--- /dev/null
+++ b/script/meson.build
@@ -0,0 +1,15 @@
+scripts = ['https@.sh', 'sslcat.sh', 'sslconnect.sh']
+
+renamed = []
+
+foreach s : scripts
+ renamed += s.substring(0, -3)
+endforeach
+
+install_data(
+ sources : scripts,
+ rename : renamed,
+ install_dir : get_option('bindir'),
+ install_tag : 'bin',
+ install_mode : 'rwxr-xr-x',
+)
diff --git a/src/Makefile b/src/Makefile
deleted file mode 100644
index f1f124b..0000000
--- a/src/Makefile
+++ /dev/null
@@ -1,351 +0,0 @@
-# Don't edit Makefile! Use conf-* for configuration.
-
-SHELL=/bin/sh
-
-default: it
-
-auto-str: \
-load auto-str.o
- ./load auto-str
-
-auto-str.o: \
-compile auto-str.c
- ./compile auto-str.c
-
-auto_cadir.c: \
-auto-str ../conf-cadir
- ./auto-str auto_cadir "`head -1 ../conf-cadir`" > auto_cadir.c
-
-auto_cadir.o: \
-compile auto_cadir.c
- ./compile auto_cadir.c
-
-auto_cafile.c: \
-auto-str ../conf-cafile
- ./auto-str auto_cafile "`head -1 ../conf-cafile`" > auto_cafile.c
-
-auto_cafile.o: \
-compile auto_cafile.c
- ./compile auto_cafile.c
-
-auto_ccafile.c: \
-auto-str ../conf-ccafile
- ./auto-str auto_ccafile "`head -1 ../conf-ccafile`" > auto_ccafile.c
-
-auto_ccafile.o: \
-compile auto_ccafile.c
- ./compile auto_ccafile.c
-
-auto_certchainfile.c: \
-auto-str ../conf-certchainfile
- ./auto-str auto_certchainfile "`head -1 ../conf-certchainfile`" > auto_certchainfile.c
-
-auto_certchainfile.o: \
-compile auto_certchainfile.c
- ./compile auto_certchainfile.c
-
-auto_certfile.c: \
-auto-str ../conf-certfile
- ./auto-str auto_certfile "`head -1 ../conf-certfile`" > auto_certfile.c
-
-auto_certfile.o: \
-compile auto_certfile.c
- ./compile auto_certfile.c
-
-auto_ciphers.c: \
-auto-str ../conf-ciphers
- ./auto-str auto_ciphers "`head -1 ../conf-ciphers`" > auto_ciphers.c
-
-auto_ciphers.o: \
-compile auto_ciphers.c
- ./compile auto_ciphers.c
-
-auto_dhfile.c: \
-auto-str ../conf-dhfile
- ./auto-str auto_dhfile "`head -1 ../conf-dhfile`" > auto_dhfile.c
-
-auto_dhfile.o: \
-compile auto_dhfile.c
- ./compile auto_dhfile.c
-
-auto_keyfile.c: \
-auto-str ../conf-keyfile
- ./auto-str auto_keyfile "`head -1 ../conf-keyfile`" > auto_keyfile.c
-
-auto_keyfile.o: \
-compile auto_keyfile.c
- ./compile auto_keyfile.c
-
-ccperl: \
-../conf-ccperl ../conf-perl print-ccperl.sh
- rm -f ccperl
- sh print-ccperl.sh > ccperl
-
-chkshsgr: \
-load chkshsgr.o
- ./load chkshsgr
-
-chkshsgr.o: \
-compile chkshsgr.c
- ./compile chkshsgr.c
-
-choose: \
-warn-auto.sh choose.sh
- rm -f choose
- cat warn-auto.sh choose.sh \
- | sed s}HOME}"`head -1 ../conf-home`"}g \
- > choose
- chmod 755 choose
-
-coe.o: \
-compile coe.c coe.h
- ./compile coe.c
-
-compile: \
-../conf-cc ../conf-ssl print-cc.sh systype warn-auto.sh
- rm -f compile
- sh print-cc.sh > compile
- chmod 755 compile
-
-hassgact.h: \
-choose compile trysgact.c hassgact.h1 hassgact.h2
- ./choose cl trysgact hassgact.h1 hassgact.h2 > hassgact.h
-
-hassgprm.h: \
-choose compile trysgprm.c hassgprm.h1 hassgprm.h2
- ./choose cl trysgprm hassgprm.h1 hassgprm.h2 > hassgprm.h
-
-hasshsgr.h: \
-choose compile tryshsgr.c hasshsgr.h1 hasshsgr.h2 chkshsgr warn-shsgr
- ./chkshsgr || ( cat warn-shsgr; exit 1 )
- ./choose clr tryshsgr hasshsgr.h1 hasshsgr.h2 > hasshsgr.h
-
-https@: warn-auto.sh https@.sh
- rm -f https@
- cat warn-auto.sh https@.sh \
- | sed s}HOME}"`head -1 ../conf-home`"}g \
- > https@
- chmod 755 https@
-
-it: it-sys it-base it-sslperl
-
-it-base: sslclient sslserver https@ sslcat sslconnect sslprint sslhandle
-
-it-sslperl: sslperl
-
-it-sys: sysdeps auto-str
-
-load: \
-../conf-ld print-ld.sh systype warn-auto.sh
- rm -f load
- sh print-ld.sh > load
- chmod 755 load
-
-makelib: \
-print-ar.sh systype warn-auto.sh
- rm -f makelib
- sh print-ar.sh > makelib
- chmod 755 makelib
-
-perlembed.lib: \
-../conf-perl ../conf-ldperl print-perlembed.sh
- rm -f perlembed.lib
- sh print-ldperl.sh > perlembed.lib
-
-remoteinfo.o: \
-compile remoteinfo.c remoteinfo.h
- ./compile remoteinfo.c
-
-rules.o: \
-compile rules.c rules.h ip4_bit.c ip6_bit.c ip_bit.h
- ./compile rules.c ip4_bit.c ip6_bit.c ip_bit.h
-
-socket.lib: \
-trylsock.c compile load
- ( ( ./compile trylsock.c && \
- ./load trylsock -lsocket -lnsl ) >/dev/null 2>&1 \
- && echo -lsocket -lnsl || exit 0 ) > socket.lib
- rm -f trylsock.o trylsock
-
-ssl.lib: \
-../conf-ssllib print-dl.sh
- rm -f ssl.lib
- sh print-dl.sh > ssl.lib
- chmod 755 ssl.lib
-
-ssl_ca.o: \
-compile ssl_ca.c ucspissl.h
- ./compile ssl_ca.c
-
-ssl_cca.o: \
-compile ssl_cca.c ucspissl.h
- ./compile ssl_cca.c
-
-ssl_chainfile.o: \
-compile ssl_chainfile.c ucspissl.h
- ./compile ssl_chainfile.c
-
-ssl_certkey.o: \
-compile ssl_certkey.c ucspissl.h
- ./compile ssl_certkey.c
-
-ssl_ciphers.o: \
-compile ssl_ciphers.c ucspissl.h
- ./compile ssl_ciphers.c
-
-ssl_context.o: \
-compile ssl_context.c ucspissl.h
- ./compile ssl_context.c
-
-ssl_env.o: \
-compile ssl_env.c ucspissl.h
- ./compile ssl_env.c
-
-ssl_error.o: \
-compile ssl_error.c ucspissl.h
- ./compile ssl_error.c
-
-ssl_io.o: \
-compile ssl_io.c ucspissl.h
- ./compile ssl_io.c
-
-ssl_new.o: \
-compile ssl_new.c ucspissl.h
- ./compile ssl_new.c
-
-ssl_params.o: \
-compile ssl_params.c ucspissl.h
- ./compile ssl_params.c
-
-ssl_timeout.o: \
-compile ssl_timeout.c ucspissl.h
- ./compile ssl_timeout.c
-
-ssl_verify.o: \
-compile ssl_verify.c ucspissl.h
- ./compile ssl_verify.c
-
-sslcat: \
-warn-auto.sh sslcat.sh
- rm -f sslcat
- cat warn-auto.sh sslcat.sh \
- | sed s}HOME}"`head -1 ../conf-home`"}g \
- > sslcat
- chmod 755 sslcat
-
-sslclient: \
-load sslclient.o auto_cafile.o auto_cadir.o auto_ciphers.o \
-remoteinfo.o ucspissl.a socket.lib ssl.lib
- ./load sslclient auto_cafile.o auto_cadir.o auto_ciphers.o \
- remoteinfo.o ucspissl.a \
- `cat socket.lib` `cat ssl.lib`
-
-sslclient.o: \
-compile sslclient.c auto_cadir.h auto_cafile.h auto_ciphers.h \
-remoteinfo.h ucspissl.h
- ./compile sslclient.c
-
-sslconnect: \
-warn-auto.sh sslconnect.sh
- rm -f sslconnect
- cat warn-auto.sh sslconnect.sh \
- | sed s}HOME}"`head -1 ../conf-home`"}g \
- > sslconnect
- chmod 755 sslconnect
-
-sslhandle: \
-load sslhandle.o auto_cafile.o auto_ccafile.o auto_cadir.o \
-auto_certchainfile.o auto_dhfile.o \
-auto_certfile.o auto_keyfile.o auto_ciphers.o \
-coe.o rules.o ip4_bit.o ip6_bit.o remoteinfo.o sslprint.o \
-ucspissl.a socket.lib ssl.lib
- ./load sslhandle auto_cafile.o auto_ccafile.o auto_cadir.o \
- auto_dhfile.o auto_ciphers.o \
- auto_certchainfile.o auto_certfile.o auto_keyfile.o \
- coe.o rules.o ip4_bit.o ip6_bit.o remoteinfo.o sslprint.o \
- ucspissl.a `cat socket.lib` `cat ssl.lib`
-
-sslhandle.o: \
-compile sslhandle.c auto_cadir.h auto_cafile.h auto_ccafile.h \
-auto_certchainfile.h auto_certfile.h auto_ciphers.h \
-auto_dhfile.h auto_keyfile.h rules.h ip_bit.h ucspissl.h coe.h \
-remoteinfo.o rules.o ip4_bit.o ip6_bit.o ucspissl.a
- ./compile sslhandle.c
-
-sslperl: \
-load sslperl.o ucspissl.a sslhandle.o \
-auto_cafile.o auto_ccafile.o auto_cadir.o \
-auto_dhfile.o auto_certfile.o auto_keyfile.o \
-auto_ciphers.o auto_certchainfile.o \
-coe.o rules.o remoteinfo.o ip4_bit.o ip6_bit.o \
-socket.lib ssl.lib perlembed.lib
- ./load sslperl auto_cafile.o auto_ccafile.o auto_cadir.o \
- auto_dhfile.o auto_certfile.o auto_keyfile.o \
- auto_ciphers.o auto_certchainfile.o ucspissl.a sslhandle.o \
- rules.o ip4_bit.o ip6_bit.o remoteinfo.o coe.o \
- ucspissl.a `cat socket.lib` `cat ssl.lib` `cat perlembed.lib`
-
-sslperl.o: \
-compile ccperl sslperl.c sslperl.c ucspissl.h
- ./compile `cat ccperl` sslperl.c
-
-sslprint: \
-load sslprint.o auto_cafile.o auto_ccafile.o auto_cadir.o \
-auto_dhfile.o auto_certfile.o auto_keyfile.o \
-auto_ciphers.o auto_certchainfile.o coe.o sslhandle.o \
-rules.o ip4_bit.o ip6_bit.o remoteinfo.o \
-ucspissl.a socket.lib ssl.lib
- ./load sslprint auto_cafile.o auto_ccafile.o auto_cadir.o \
- auto_dhfile.o auto_certfile.o auto_keyfile.o \
- auto_ciphers.o auto_certchainfile.o \
- rules.o ip4_bit.o ip6_bit.o remoteinfo.o coe.o sslhandle.o \
- ucspissl.a `cat socket.lib` `cat ssl.lib`
-
-sslprint.o: \
-compile sslprint.c
- ./compile sslprint.c
-
-sslserver: \
-load sslserver.o auto_cafile.o auto_ccafile.o auto_cadir.o \
-auto_certchainfile.o auto_dhfile.o \
-auto_certfile.o auto_keyfile.o auto_ciphers.o \
-rules.o ip4_bit.o ip6_bit.o remoteinfo.o \
-ucspissl.a socket.lib ssl.lib
- ./load sslserver auto_cafile.o auto_ccafile.o auto_cadir.o \
- auto_dhfile.o auto_ciphers.o \
- auto_certchainfile.o auto_certfile.o auto_keyfile.o \
- rules.o ip4_bit.o ip6_bit.o remoteinfo.o ucspissl.a \
- `cat socket.lib` `cat ssl.lib`
-
-sslserver.o: \
-compile sslserver.c auto_cadir.h auto_cafile.h auto_ccafile.h \
-auto_certchainfile.h auto_certfile.h auto_ciphers.h \
-auto_dhfile.h auto_keyfile.h \
-remoteinfo.h rules.h ip_bit.h ucspissl.h
- ./compile sslserver.c
-
-sysdeps: \
-systype compile load hassgact.h hassgprm.h
- rm -f sysdeps
- cat systype compile load >> sysdeps
- grep sysdep hassgact.h >> sysdeps
- grep sysdep hassgprm.h >> sysdeps
-
-systype: \
-find-systype.sh trycpp.c x86cpuid.c
- sh find-systype.sh > systype
-
-ucspissl.a: \
-makelib ssl_ca.o ssl_cca.o ssl_certkey.o ssl_chainfile.o ssl_ciphers.o \
-ssl_context.o ssl_env.o ssl_error.o ssl_io.o ssl_new.o ssl_params.o \
-ssl_timeout.o ssl_verify.o ucspissl.o
- ./makelib ucspissl.a ssl_ca.o ssl_cca.o ssl_certkey.o ssl_chainfile.o \
- ssl_ciphers.o ssl_context.o ssl_env.o ssl_error.o ssl_io.o ssl_new.o \
- ssl_params.o ssl_timeout.o ssl_verify.o ucspissl.o
-
-ucspissl.o: \
-compile ucspissl.c ucspissl.h
- ./compile ucspissl.c
-
-clean:
- rm -f `cat TARGETS`
diff --git a/src/TARGETS b/src/TARGETS
deleted file mode 100644
index 0c8ccf5..0000000
--- a/src/TARGETS
+++ /dev/null
@@ -1,62 +0,0 @@
-auto-str
-auto-str.o
-auto_cadir.c
-auto_cadir.o
-auto_cafile.c
-auto_cafile.o
-auto_ccafile.c
-auto_ccafile.o
-auto_certchainfile.c
-auto_certchainfile.o
-auto_certfile.c
-auto_certfile.o
-auto_ciphers.c
-auto_ciphers.o
-auto_dhfile.c
-auto_dhfile.o
-auto_keyfile.c
-auto_keyfile.o
-ccperl
-choose
-coe.o
-compile
-hasgact.h
-hasgprm.h
-https@
-load
-makelib
-perlembed.lib
-remoteinfo.o
-rules.o
-socket.lib
-ssl.lib
-ssl_ca.o
-ssl_cca.o
-ssl_certkey.o
-ssl_chainfile.o
-ssl_ciphers.o
-ssl_context.o
-ssl_env.o
-ssl_error.o
-ssl_io.o
-ssl_new.o
-ssl_params.o
-ssl_timeout.o
-ssl_verify.o
-sslcat
-sslclient
-sslclient.o
-sslconnect
-sslhandle.o
-sslperl
-sslperl.o
-sslprint
-sslprint.o
-sslserver
-sslserver.o
-sysdeps
-systype
-tryssl.o
-ucspissl.a
-ucspissl.o
-*.gch
diff --git a/src/auto-str.c b/src/auto-str.c
deleted file mode 100644
index 4086921..0000000
--- a/src/auto-str.c
+++ /dev/null
@@ -1,42 +0,0 @@
-/* what to do */
-#include "readwrite.h"
-#include "exit.h"
-#include "buffer.h"
-
-char bspace[BUFFER_SMALL];
-buffer b = BUFFER_INIT(buffer_unixwrite,1,bspace,sizeof(bspace));
-
-static void outs(const char *s)
-{
- if (buffer_puts(&b,s) == -1) _exit(111);
-}
-
-int main(int argc,char **argv)
-{
- char *name;
- char *value;
- unsigned char ch;
- char octal[4];
-
- name = argv[1];
- if (!name) _exit(100);
- value = argv[2];
- if (!value) _exit(100);
-
- outs("const char ");
- outs(name);
- outs("[] = \"\\\n");
-
- while ((ch = *value++)) {
- outs("\\");
- octal[3] = 0;
- octal[2] = '0' + (ch & 7); ch >>= 3;
- octal[1] = '0' + (ch & 7); ch >>= 3;
- octal[0] = '0' + (ch & 7);
- outs(octal);
- }
-
- outs("\\\n\";\n");
- if (buffer_flush(&b) == -1) _exit(111);
- _exit(0);
-}
diff --git a/src/auto_cadir.h b/src/auto_cadir.h
deleted file mode 100644
index 9d9dfe2..0000000
--- a/src/auto_cadir.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef AUTO_CADIR_H
-#define AUTO_CADIR_H
-
-extern const char auto_cadir[];
-
-#endif
diff --git a/src/auto_cafile.h b/src/auto_cafile.h
deleted file mode 100644
index 102ca55..0000000
--- a/src/auto_cafile.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef AUTO_CAFILE_H
-#define AUTO_CAFILE_H
-
-extern const char auto_cafile[];
-
-#endif
diff --git a/src/auto_ccafile.h b/src/auto_ccafile.h
deleted file mode 100644
index 9d39c72..0000000
--- a/src/auto_ccafile.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef AUTO_CCAFILE_H
-#define AUTO_CCAFILE_H
-
-extern const char auto_ccafile[];
-
-#endif
diff --git a/src/auto_certchainfile.h b/src/auto_certchainfile.h
deleted file mode 100644
index 31d4df8..0000000
--- a/src/auto_certchainfile.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef AUTO_CERTCHAINFILE_H
-#define AUTO_CERTCHAINFILE_H
-
-extern const char auto_certchainfile[];
-
-#endif
diff --git a/src/auto_certfile.h b/src/auto_certfile.h
deleted file mode 100644
index add5826..0000000
--- a/src/auto_certfile.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef AUTO_CERTFILE_H
-#define AUTO_CERTFILE_H
-
-extern const char auto_certfile[];
-
-#endif
diff --git a/src/auto_ciphers.h b/src/auto_ciphers.h
deleted file mode 100644
index 2842fbd..0000000
--- a/src/auto_ciphers.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef AUTO_CIPHERS_H
-#define AUTO_CIPHERS_H
-
-extern const char auto_ciphers[];
-
-#endif
diff --git a/src/auto_dhfile.h b/src/auto_dhfile.h
deleted file mode 100644
index 83afa2a..0000000
--- a/src/auto_dhfile.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef AUTO_DHFILE_H
-#define AUTO_DHFILE_H
-
-extern const char auto_dhfile[];
-
-#endif
diff --git a/src/auto_keyfile.h b/src/auto_keyfile.h
deleted file mode 100644
index feac74f..0000000
--- a/src/auto_keyfile.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef AUTO_KEYFILE_H
-#define AUTO_KEYFILE_H
-
-extern const char auto_keyfile[];
-
-#endif
diff --git a/src/chkshsgr.c b/src/chkshsgr.c
deleted file mode 100644
index 12442ea..0000000
--- a/src/chkshsgr.c
+++ /dev/null
@@ -1,14 +0,0 @@
-/* Public domain. */
-
-#include <sys/types.h>
-#include <unistd.h>
-#include "exit.h"
-
-int main()
-{
- short x[4];
-
- x[0] = x[1] = 0;
- if (getgroups(1,x) == 0) if (setgroups(1,x) == -1) _exit(1);
- _exit(0);
-}
diff --git a/src/choose.sh b/src/choose.sh
deleted file mode 100644
index feff2da..0000000
--- a/src/choose.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-
-result="$4"
-
-case "$1" in
- *c*) ./compile $2.c >/dev/null 2>&1 || result="$3" ;;
-esac
-
-case "$1" in
- *l*) ./load $2 >/dev/null 2>&1 || result="$3" ;;
-esac
-
-case "$1" in
- *r*) ./$2 >/dev/null 2>&1 || result="$3" ;;
-esac
-
-rm -f $2.o $2
-
-exec cat "$result"
diff --git a/src/coe.c b/src/coe.c
index 50b2397..26c7977 100644
--- a/src/coe.c
+++ b/src/coe.c
@@ -5,5 +5,5 @@
int coe(int fd)
{
- return fcntl(fd,F_SETFD,1);
+ return fcntl(fd,F_SETFD,FD_CLOEXEC);
}
diff --git a/src/config.h.in b/src/config.h.in
new file mode 100644
index 0000000..bc83a0d
--- /dev/null
+++ b/src/config.h.in
@@ -0,0 +1,8 @@
+static const char auto_cadir[] = "@auto_cadir@";
+static const char auto_cafile[] = "@auto_cafile@";
+static const char auto_ccafile[] = "@auto_ccafile@";
+static const char auto_certchainfile[] = "@auto_certchainfile@";
+static const char auto_certfile[] = "@auto_certfile@";
+static const char auto_ciphers[] = "@auto_ciphers@";
+static const char auto_dhfile[] = "@auto_dhfile@";
+static const char auto_keyfile[] = "@auto_keyfile@";
diff --git a/src/exit.h b/src/exit.h
deleted file mode 100644
index 39011c8..0000000
--- a/src/exit.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef EXIT_H
-#define EXIT_H
-
-extern void _exit();
-
-#endif
diff --git a/src/exp.base b/src/exp.base
deleted file mode 100644
index c182da0..0000000
--- a/src/exp.base
+++ /dev/null
@@ -1,325 +0,0 @@
----> test sslserver + sslclient: four instances of sslserver (ports 50013, 50014, 50015, 50016) are used
----> sslserver @port 50015 requires client certs
-++++
----> test sslclient/sslserver behavior with wrong parm (timeout 2 secs)
-++++
---- sslclient prints usage message without enough arguments
-sslclient: usage: sslclient [ -463hHrRdDiqQveEsSnNxX ] [ -i localip ] [ -p localport ] [ -T timeoutconn ] [ -l localname ] [ -t timeoutinfo ] [ -I interface ] [ -a cafile ] [ -A cadir ] [ -c certfile ] [ -z ciphers ] [ -k keyfile ] [ -V verifydepth ] [ -w progtimeout ] host port program
-100
---- sslclient prints error message with unknown port name
-sslclient: fatal: (111) unable to figure out port number for nonexistentport
-111
---- sslclient prints error message when connection fails
-sslclient: drop: (110) unable to connect to: 127.0.0.1 port: 16
-110
---- sslclient -q does not print error message when connection fails
-110
---- sslclient prints error message with unknown host name
-sslclient: error: (111) No IP address for: nonexistent.local.
-111
---- sslclient prints error message with unresolvable host name
-sslclient: error: (111) No IP address for: thislabelistoolongbecausednshasalimitof63charactersinasinglelabel.
-111
---- sslserver prints usage message without enough arguments
-sslserver: usage: sslserver [ -1346UXpPhHrRoOdDqQvVIeEsSnNmzZ ] [ -c limit ] [ -x rules.cdb ] [ -B banner ] [ -g gid ] [ -u uid ] [ -b backlog ] [ -l localname ] [ -t timeout ] [ -I interface ] [ -T ssltimeout ] [ -w progtimeout ] host port program
-100
---- sslserver prints error message with unknown port name
-sslserver: fatal: (111) unable to figure out port number for: nonexistentport
-111
---- sslserver prints error message with unknown host name
-sslserver: fatal: (111) no IP address for: nonexistent.local.
-111
---- sslserver prints error message with unresolvable host name
-sslserver: fatal: (111) temporarily unable to figure out IP address for: thislabelistoolongbecausednshasalimitof63charactersinasinglelabel.
-111
---- sslserver prints error message with non-local host name
-sslserver: fatal: (111) unable to bind to: ...
-111
----> test sslclient to connect to sslserver (on different port; note: cert verify will fail on localhost)
-++++
---- sslclient sets basic environment variables
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslserver -e also sets TCP environment variables
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslclient recognizes -D, -z, -r, -h, -t (with elective cipher)
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslclient sets basic environment variables
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslclient -e sets TCP environment variables
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslclient -s sets TLS environment variables
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslclient looks up host names properly (localhost. -> ip6-loopback)
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslclient -v works
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslserver -N does not check certificates CN
-sslclient: tls connected to: ::1 port: 50014
-ok
-0
---- sslserver and sslclient print errors for incompatible cipher lists for TLS < 1.3
-sslclient: error: (111) unable to set cipher list
-111
---- sslclient -X ignores any server certificate
-sslclient: tls connected to: ::1 port: 50014
-ok
-0
---- sslclient -n checks hostname with certificates SAN/CN
-sslclient: fatal: (111) unable to bind to: ::1 port: 50027
-111
----> test sslclient to connect to sslserver requiring client cert
-++++
---- sslserver prints error for no client certificate
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslserver prints error for bad client certificate
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslclient uses certificates
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
----> test sslcat to connect to sslserver@5016
-++++
---- sslcat works
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslconnect works
-banner0
---- https@ works
-0
----> test sslconnect to connect to sslserver@5013
-++++
---- sslclient and sslserver handle larger data
-sslclient: tls connected to: ::1 port: 50013
-0
---- sslserver times out
-sslclient: tls connected to: ::1 port: 50013
-bannerhereur^M
-0
-sslclient: tls connected to: ::1 port: 50013
-banner0
----> test sslprint@50021
-++++
---- sslprint prints usage message without enough arguments
-sslprint: usage: sslprint[ -1346UXpPhHrRoOdDqQviIeEsS ] [ -c limit ] [ -x rules.cdb ] [ -B banner ] [ -g gid ] [ -u uid ] [ -b backlog ] [ -l localname ] [ -t timeout ] [ -T ssltimeout ] [ -w progtimeout ] [ -f lockfile ] [ -I interface ] host port program
-100
---- sslprint prints error message with unknown port name
-sslprint: fatal: (111) unable to figure out port number for: nonexistentport
-111
---- sslprint prints error message with unknown host name
-sslprint: fatal: (111) no IP address for: nonexistent.local.
-111
---- sslprint prints error message with unresolvable host name
-sslprint: fatal: (111) temporarily unable to figure out IP address for: thislabelistoolongbecausednshasalimitof63charactersinasinglelabel.
-111
---- sslprint prints error message with non-local host name
-sslprint: fatal: (111) unable to bind
-111
---- sslprint prints error message with used port
-sslprint: fatal: (111) unable to bind
-111
---- sslprint sets basic environment variables
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslprint exits when environment changes
-sslclient: error: (110) missing credentials (CA) or unable to validate server certificate
-110
---- sslprint does not lose descriptors
-110
---- sslserver -1v prints proper messages
-::x1 : 50016
-sslserver::x ciphers x
-sslserver::x cafile x xxx/rootCA_cert.pem
-sslserver::x ccafile x
-sslserver::x cadir x xxx/etc
-sslserver::x certchainfile x
-sslserver::x cert x xxx/::1_cert.pem
-sslserver::x key x xxx/::1_key.pem
-sslserver::x dhparam x xxx
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_CHACHA20_POLY1305_SHA256
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-::x1 : 50015
-sslserver::x ciphers x
-sslserver::x cafile x xxx/rootCA_cert.pem
-sslserver::x ccafile x xxx/rootCA_cert.pem
-sslserver::x cadir x xxx/etc
-sslserver::x certchainfile x
-sslserver::x cert x xxx/::1_cert.pem
-sslserver::x key x xxx/::1_key.pem
-sslserver::x dhparam x xxx
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x error: (111) unable to accept TLS for pid: x
-sslserver::x ended by x status 28416
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x error: (111) unable to accept TLS for pid: x
-sslserver::x ended by x status 28416
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x error: (111) unable to accept TLS for pid: x
-sslserver::x ended by x status 28416
-sslserver::x status: 0/1/0
-::x1 : 50014
-sslserver::x ciphers x
-sslserver::x cafile x xxx/rootCA_cert.pem
-sslserver::x ccafile x
-sslserver::x cadir x xxx/etc
-sslserver::x certchainfile x
-sslserver::x cert x xxx/::1_cert.pem
-sslserver::x key x xxx/::1_key.pem
-sslserver::x dhparam x xxx
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x error: (111) unable to accept TLS for pid: x
-sslserver::x ended by x status 28416
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-::x1 : 50013
-sslserver::x ciphers x
-sslserver::x cafile x xxx/rootCA_cert.pem
-sslserver::x ccafile x
-sslserver::x cadir x xxx/etc
-sslserver::x certchainfile x
-sslserver::x cert x xxx/::1_cert.pem
-sslserver::x key x xxx/::1_key.pem
-sslserver::x dhparam x xxx
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-sslserver::x status: 1/1/0
-sslserver::x pid x from ::1
-sslserver::x ok x Localserver:::1:x ip6-loopback:::1::x
-sslserver::x tls x accept TLSv1.3:TLS_AES_256_GCM_SHA384
-sslserver::x ended by x status 0
-sslserver::x status: 0/1/0
-::x1 : 50021
-sslprint::x ciphers x
-sslprint::x cafile x xxx/rootCA_cert.pem
-sslprint::x ccafile x
-sslprint::x cadir x xxx/etc
-sslprint::x certchainfile x
-sslprint::x cert x xxx/::1_cert.pem
-sslprint::x key x xxx/::1_key.pem
-sslprint::x dhparam x xxx
-sslprint::x status: 0/1
-sslprint::x status: 1/1
-sslprint::x pid x from ::
-sslprint::x ok x Localserver:::1:x ip6-localnet:::::x
-sslprint::x end x status 13
-sslprint::x status: 0/1
-sslprint::x status: 1/1
-sslprint::x pid x from ::
-sslprint::x ok x Localserver:::1:x ip6-localnet:::::x
-sslprint::x end x status 13
-sslprint::x status: 0/1
-sslprint::x status: 1/1
-sslprint::x pid x from ::
-sslprint::x ok x Localserver:::1:x ip6-localnet:::::x
-sslprint::x end x status 13
-sslprint::x status: 0/1
-sslprint::x status: 1/1
-sslprint::x end x status 15
-sslprint::x status: 0/1
diff --git a/src/exp.it b/src/exp.it
deleted file mode 100644
index e69de29..0000000
--- a/src/exp.it
+++ /dev/null
diff --git a/src/exp.sslperl b/src/exp.sslperl
deleted file mode 100644
index 0a783dc..0000000
--- a/src/exp.sslperl
+++ /dev/null
@@ -1,105 +0,0 @@
---- sslperl works
-sslperlHello, World! (1): here you are
-0
-sslperlHello, World! (2): here you are
-0
-sslperlHello, World! (1): here you are
-0
-sslperlHello, World! (2): here you are
-0
---- sslperl prints usage message without enough arguments
-sslperl: usage: sslperl[ -1346UXpPhHrRoOdDqQviIeEsS ] [ -c limit ] [ -x rules.cdb ] [ -B banner ] [ -g gid ] [ -u uid ] [ -b backlog ] [ -l localname ] [ -t timeout ] [ -T ssltimeout ] [ -w progtimeout ] [ -f lockfile ] [ -I interface ] host port program
-100
---- sslperl prints error message with unknown port name
-sslperl: fatal: (111) unable to figure out port number for: nonexistentport
-111
---- sslperl prints error message with unknown host name
-sslperl: fatal: (111) temporarily unable to figure out IP address for: nonexistent.local.
-111
---- sslperl prints error message with unresolvable host name
-sslperl: fatal: (111) no IP address for: thislabelistoolongbecausednshasalimitof63charactersinasinglelabel.
-111
---- sslperl prints error message with non-local host name
-sslperl: fatal: (111) unable to bind
-111
---- sslperl preserves environment
-sslperl changed environment
-0
---- sslperl handles larger requests
-sslclient: tls connected to: 127.0.0.1 port: 50022
-0
---- sslserver -1v prints proper messages
-127.0.0.1 : 50022
-sslperl: cafile x xxx/rootCA.pem
-sslperl: ccafile x
-sslperl: cadir x xxx/etc
-sslperl: certchainfile x
-sslperl: cert x xxx/::x
-sslperl: key x xxx/::x
-sslperl: dhparam x xxx
-sslperl: status: 0/1/0
-sslperl: status: 1/1/0
-sslperl: pid x from 127.0.0.1
-sslperl: ok x Localserver:127.0.0.1:50022 ip4-loopback:127.0.0.1::x
-sslperl: tls x accept
-log: Hello, World! (1): here you are
-sslperl: drop: (110) environ changed
-sslperl: done ...
-sslperl: pid x from 127.0.0.1
-sslperl: ok x Localserver:127.0.0.1:50022 ip4-loopback:127.0.0.1::x
-sslperl: tls x accept
-log: Hello, World! (2): here you are
-sslperl: end x status 0
-sslperl: status: 0/1/0
-sslperl: status: 1/1/0
-sslperl: pid x from 127.0.0.1
-sslperl: ok x Localserver:127.0.0.1:50022 ip4-loopback:127.0.0.1::x
-sslperl: tls x accept
-log: Hello, World! (1): here you are
-sslperl: drop: (110) environ changed
-sslperl: done ...
-sslperl: pid x from 127.0.0.1
-sslperl: ok x Localserver:127.0.0.1:50022 ip4-loopback:127.0.0.1::x
-sslperl: tls x accept
-log: Hello, World! (2): here you are
-sslperl: end x status 0
-sslperl: status: 0/1/0
-sslperl: status: 1/1/0
-sslperl: end x status 15
-sslperl: status: 0/1/0
-127.0.0.1 : 50022
-sslperl: cafile x xxx/rootCA.pem
-sslperl: ccafile x
-sslperl: cadir x xxx/etc
-sslperl: certchainfile x
-sslperl: cert x xxx/::x
-sslperl: key x xxx/::x
-sslperl: dhparam x xxx
-sslperl: status: 0/1/0
-sslperl: status: 1/1/0
-sslperl: pid x from 127.0.0.1
-sslperl: ok x Localserver:127.0.0.1:50022 ip4-loopback:127.0.0.1::x
-sslperl: tls x accept
-log: NOW=
-log: changed environment
-sslperl: drop: (110) environ changed
-sslperl: done ...
-sslperl: end x status 15
-sslperl: status: 0/1/0
-127.0.0.1 : 50022
-sslperl: cafile x xxx/rootCA.pem
-sslperl: ccafile x
-sslperl: cadir x xxx/etc
-sslperl: certchainfile x
-sslperl: cert x xxx/::x
-sslperl: key x xxx/::x
-sslperl: dhparam x xxx
-sslperl: status: 0/1/0
-sslperl: status: 1/1/0
-sslperl: pid x from 127.0.0.1
-sslperl: ok x Localserver:127.0.0.1:50022 ip4-loopback:127.0.0.1::x
-sslperl: tls x accept
-sslperl: drop: (110) environ changed
-sslperl: done ...
-sslperl: end x status 15
-sslperl: status: 0/1/0
diff --git a/src/find-systype.sh b/src/find-systype.sh
deleted file mode 100644
index 15322b4..0000000
--- a/src/find-systype.sh
+++ /dev/null
@@ -1,151 +0,0 @@
-# oper-:arch-:syst-:chip-:kern-
-# oper = operating system type; e.g., sunos-4.1.4
-# arch = machine language; e.g., sparc
-# syst = which binaries can run; e.g., sun4
-# chip = chip model; e.g., micro-2-80
-# kern = kernel version; e.g., sun4m
-# dependence: arch --- chip
-# \ \
-# oper --- syst --- kern
-# so, for example, syst is interpreted in light of oper, but chip is not.
-# anyway, no slashes, no extra colons, no uppercase letters.
-# the point of the extra -'s is to ease parsing: can add hierarchies later.
-# e.g., *:i386-*:*:pentium-*:* would handle pentium-100 as well as pentium,
-# and i386-486 (486s do have more instructions, you know) as well as i386.
-# the idea here is to include ALL useful available information.
-
-exec 2>/dev/null
-
-sys="`uname -s | tr '/:[:upper:]' '..[:lower:]'`"
-if [ x"$sys" != x ]
-then
- unamer="`uname -r | tr /: ..`"
- unamem="`uname -m | tr /: ..`"
- unamev="`uname -v | tr /: ..`"
-
- case "$sys" in
- bsd.os|freebsd|netbsd|openbsd)
- # in bsd 4.4, uname -v does not have useful info.
- # in bsd 4.4, uname -m is arch, not chip.
- oper="$sys-$unamer"
- arch="$unamem"
- syst=""
- chip="`sysctl -n hw.model`" # hopefully
- kern=""
- ;;
- linux)
- # as in bsd 4.4, uname -v does not have useful info.
- oper="$sys-$unamer"
- syst=""
- chip="$unamem"
- kern=""
- case "$chip" in
- i386|i486|i586|i686)
- arch="i386"
- ;;
- alpha)
- arch="alpha"
- ;;
- esac
- ;;
- aix)
- # naturally IBM has to get uname -r and uname -v backwards. dorks.
- oper="$sys-$unamev-$unamer"
- arch="`arch | tr /: ..`"
- syst=""
- chip="$unamem"
- kern=""
- ;;
- sunos)
- oper="$sys-$unamer-$unamev"
- arch="`(uname -p || mach) | tr /: ..`"
- syst="`arch | tr /: ..`"
- chip="$unamem" # this is wrong; is there any way to get the real info?
- kern="`arch -k | tr /: ..`"
- ;;
- unix_sv)
- oper="$sys-$unamer-$unamev"
- arch="`uname -m`"
- syst=""
- chip="$unamem"
- kern=""
- ;;
- *)
- oper="$sys-$unamer-$unamev"
- arch="`arch | tr /: ..`"
- syst=""
- chip="$unamem"
- kern=""
- ;;
- esac
-else
- cc -c trycpp.c
- cc -o trycpp trycpp.o
- case `./trycpp` in
- nextstep)
- oper="nextstep-`hostinfo | sed -n 's/^[ ]*NeXT Mach \([^:]*\):.*$/\1/p'`"
- arch="`hostinfo | sed -n 's/^Processor type: \(.*\) (.*)$/\1/p' | tr /: ..`"
- syst=""
- chip="`hostinfo | sed -n 's/^Processor type: .* (\(.*\))$/\1/p' | tr ' /:' '...'`"
- kern=""
- ;;
- *)
- oper="unknown"
- arch=""
- syst=""
- chip=""
- kern=""
- ;;
- esac
- rm -f trycpp.o trycpp
-fi
-
-case "$chip" in
-80486)
- # let's try to be consistent here. (BSD/OS)
- chip=i486
- ;;
-i486DX)
- # respect the hyphen hierarchy. (FreeBSD)
- chip=i486-dx
- ;;
-i486.DX2)
- # respect the hyphen hierarchy. (FreeBSD)
- chip=i486-dx2
- ;;
-Intel.586)
- # no, you nitwits, there is no such chip. (NeXTStep)
- chip=pentium
- ;;
-i586)
- # no, you nitwits, there is no such chip. (Linux)
- chip=pentium
- ;;
-i686)
- # STOP SAYING THAT! (Linux)
- chip=ppro
- ;;
-arm)
- # too many on the rood
- chip=arm
- ;;
-arm64)
- # pi 3+
- chip=arm64
-esac
-
-if cc -c x86cpuid.c
-then
- if cc -o x86cpuid x86cpuid.o
- then
- x86cpuid="`./x86cpuid | tr /: ..`"
- case "$x86cpuid" in
- ?*)
- chip="$x86cpuid"
- ;;
- esac
- fi
-fi
-rm -f x86cpuid x86cpuid.o
-
-echo "$oper-:$arch-:$syst-:$chip-:$kern-" | tr ' [A-Z]' '.[a-z]'
diff --git a/src/fork.h1 b/src/fork.h1
deleted file mode 100644
index ddd589d..0000000
--- a/src/fork.h1
+++ /dev/null
@@ -1,9 +0,0 @@
-#ifndef FORK_H
-#define FORK_H
-
-/* sysdep: -vfork */
-
-extern int fork();
-#define vfork fork
-
-#endif
diff --git a/src/fork.h2 b/src/fork.h2
deleted file mode 100644
index 7c1b0b9..0000000
--- a/src/fork.h2
+++ /dev/null
@@ -1,9 +0,0 @@
-#ifndef FORK_H
-#define FORK_H
-
-/* sysdep: +vfork */
-
-extern int fork();
-extern int vfork();
-
-#endif
diff --git a/src/hassgact.h1 b/src/hassgact.h1
deleted file mode 100644
index 7639d24..0000000
--- a/src/hassgact.h1
+++ /dev/null
@@ -1,3 +0,0 @@
-/* Public domain. */
-
-/* sysdep: -sigaction */
diff --git a/src/hassgact.h2 b/src/hassgact.h2
deleted file mode 100644
index 60ff776..0000000
--- a/src/hassgact.h2
+++ /dev/null
@@ -1,4 +0,0 @@
-/* Public domain. */
-
-/* sysdep: +sigaction */
-#define HASSIGACTION 1
diff --git a/src/hassgprm.h1 b/src/hassgprm.h1
deleted file mode 100644
index ef3eee9..0000000
--- a/src/hassgprm.h1
+++ /dev/null
@@ -1,3 +0,0 @@
-/* Public domain. */
-
-/* sysdep: -sigprocmask */
diff --git a/src/hassgprm.h2 b/src/hassgprm.h2
deleted file mode 100644
index be9d0d7..0000000
--- a/src/hassgprm.h2
+++ /dev/null
@@ -1,4 +0,0 @@
-/* Public domain. */
-
-/* sysdep: +sigprocmask */
-#define HASSIGPROCMASK 1
diff --git a/src/hasshsgr.h1 b/src/hasshsgr.h1
deleted file mode 100644
index 3806277..0000000
--- a/src/hasshsgr.h1
+++ /dev/null
@@ -1,3 +0,0 @@
-/* Public domain. */
-
-/* sysdep: -shortsetgroups */
diff --git a/src/hasshsgr.h2 b/src/hasshsgr.h2
deleted file mode 100644
index 5624ed0..0000000
--- a/src/hasshsgr.h2
+++ /dev/null
@@ -1,4 +0,0 @@
-/* Public domain. */
-
-/* sysdep: +shortsetgroups */
-#define HASSHORTSETGROUPS 1
diff --git a/src/haswaitp.h1 b/src/haswaitp.h1
deleted file mode 100644
index 0d6f82c..0000000
--- a/src/haswaitp.h1
+++ /dev/null
@@ -1,3 +0,0 @@
-/* Public domain. */
-
-/* sysdep: -waitpid */
diff --git a/src/haswaitp.h2 b/src/haswaitp.h2
deleted file mode 100644
index 015413f..0000000
--- a/src/haswaitp.h2
+++ /dev/null
@@ -1,4 +0,0 @@
-/* Public domain. */
-
-/* sysdep: +waitpid */
-#define HASWAITPID 1
diff --git a/src/it-base=d b/src/it-base=d
deleted file mode 100644
index a1d0820..0000000
--- a/src/it-base=d
+++ /dev/null
@@ -1,7 +0,0 @@
-sslclient
-sslserver
-https@
-sslcat
-sslconnect
-sslprint
-sslhandle
diff --git a/src/it-sslperl=d b/src/it-sslperl=d
deleted file mode 100644
index 68065ca..0000000
--- a/src/it-sslperl=d
+++ /dev/null
@@ -1 +0,0 @@
-sslperl
diff --git a/src/it-sys=d b/src/it-sys=d
deleted file mode 100644
index fa5d3e9..0000000
--- a/src/it-sys=d
+++ /dev/null
@@ -1 +0,0 @@
-sysdeps
diff --git a/src/it=d b/src/it=d
deleted file mode 100644
index 304fcac..0000000
--- a/src/it=d
+++ /dev/null
@@ -1 +0,0 @@
-it-base
diff --git a/src/meson.build b/src/meson.build
new file mode 100644
index 0000000..8e3b7ad
--- /dev/null
+++ b/src/meson.build
@@ -0,0 +1,106 @@
+ssl_srcs = files(
+ 'ssl_ca.c',
+ 'ssl_cca.c',
+ 'ssl_certkey.c',
+ 'ssl_chainfile.c',
+ 'ssl_ciphers.c',
+ 'ssl_context.c',
+ 'ssl_env.c',
+ 'ssl_error.c',
+ 'ssl_io.c',
+ 'ssl_new.c',
+ 'ssl_params.c',
+ 'ssl_timeout.c',
+ 'ssl_verify.c',
+)
+
+ucspissl_lib = library(
+ 'ucspissl',
+ 'ucspissl.c',
+ ssl_srcs,
+ dependencies : [qlibs_dep, ssl_dep, crypto_dep],
+)
+
+install_headers('ucspissl.h')
+
+if get_option('lib-only')
+ subdir_done()
+endif
+
+fs = import('fs')
+
+ucspi_ssl_conf = configuration_data()
+ucspi_ssl_conf.set('auto_cadir', get_option('cadir'))
+ucspi_ssl_conf.set('auto_cafile', get_option('cafile'))
+ucspi_ssl_conf.set(
+ 'auto_dhfile',
+ get_option('prefix') / get_option('datadir') / meson.project_name() / fs.name(get_option('dhfile')),
+)
+ucspi_ssl_conf.set('auto_ccafile', get_option('ccafile'))
+ucspi_ssl_conf.set('auto_ciphers', get_option('ciphers'))
+ucspi_ssl_conf.set('auto_keyfile', get_option('keyfile'))
+ucspi_ssl_conf.set('auto_certfile', get_option('certfile'))
+ucspi_ssl_conf.set('auto_certchainfile', get_option('certchainfile'))
+
+configure_file(
+ configuration : ucspi_ssl_conf,
+ input : 'config.h.in',
+ output : 'ucspissl-config.h',
+ install_dir : get_option('includedir'),
+ install_tag : 'devel',
+)
+
+deps = [qlibs_dep, dnsresolv_dep, ssl_dep, crypto_dep]
+
+executable(
+ 'sslclient',
+ 'sslclient.c',
+ 'remoteinfo.c',
+ link_with : ucspissl_lib,
+ dependencies : deps,
+ install : true,
+)
+
+common_srcs = files('ip4_bit.c', 'ip6_bit.c', 'remoteinfo.c', 'rules.c')
+
+executable(
+ 'sslhandle',
+ 'sslhandle.c',
+ 'coe.c',
+ 'sslprint.c',
+ common_srcs,
+ link_with : ucspissl_lib,
+ dependencies : deps,
+ install : true,
+)
+
+executable(
+ 'sslperl',
+ 'sslperl.c',
+ 'coe.c',
+ 'sslhandle.c',
+ common_srcs,
+ link_with : ucspissl_lib,
+ dependencies : [deps, perl_dep],
+ install : true,
+)
+
+executable(
+ 'sslprint',
+ 'sslprint.c',
+ 'coe.c',
+ 'sslhandle.c',
+ common_srcs,
+ link_with : ucspissl_lib,
+ dependencies : deps,
+ install : true,
+)
+
+executable(
+ 'sslserver',
+ 'sslserver.c',
+ common_srcs,
+ link_with : ucspissl_lib,
+ dependencies : deps,
+ install : true,
+)
diff --git a/src/print-ar.sh b/src/print-ar.sh
deleted file mode 100644
index 99bc116..0000000
--- a/src/print-ar.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-cat warn-auto.sh
-echo 'main="$1"; shift'
-echo 'rm -f "$main"'
-echo 'ar cr "$main" ${1+"$@"}'
-case "`cat systype`" in
- sunos-5.*) ;;
- unix_sv*) ;;
- irix64-*) ;;
- irix-*) ;;
- dgux-*) ;;
- hp-ux-*) ;;
- sco*) ;;
- *) echo 'ranlib "$main"' ;;
-esac
diff --git a/src/print-cc.sh b/src/print-cc.sh
deleted file mode 100644
index 2a46533..0000000
--- a/src/print-cc.sh
+++ /dev/null
@@ -1,62 +0,0 @@
-cc="`head -1 ../conf-cc`"
-systype="`cat systype`"
-
-ccqlibs="`head -1 ../conf-qlibs`"
-[ -d "$ccqlibs"/include ] && ccqlibs="-I${ccqlibs}/include" \
-|| ccqlibs=""
-
-cc -c trycpp.c -malign-double >/dev/null 2>&1 \
-&& ccad="-malign-double"
-
-cc -c trycpp.c -march=ultrasparc >/dev/null 2>&1 \
-&& ccus="-march=ultrasparc"
-
-cc -c trycpp.c -march=powerpc >/dev/null 2>&1 \
-&& ccpp="-march=powerpc"
-
-cc -c trycpp.c -march=21164 >/dev/null 2>&1 \
-&& cc21="-march=21164"
-
-cc -c trycpp.c -march=native >/dev/null 2>&1 \
-&& ccarm="-march=native"
-
-rm -f trycpp.o
-
-ccssl="`head -1 ../conf-ssl`"
-eval cc -c tryssl.c ${ccssl} >/dev/null 2>&1 \
-|| ccssl=""
-
-ccbase="cc -fomit-frame-pointer -Wall"
-
-case "$cc:$systype" in
- auto:*:i386-*:*)
- cc="$ccbase -O1 $ccad"
- ;;
- auto:*:amd64-*:*)
- cc="$ccbase -O2 $ccad"
- ;;
- auto:*:x86_64-*:*)
- cc="$ccbase -O2 $ccad"
- ;;
- auto:*:sparc-*:*:*:*)
- cc="$ccbase -O1 $ccus"
- ;;
- auto:*:ppc-*:*:*:*)
- cc="$ccbase -O2 $ccpp"
- ;;
- auto:*:alpha-*:*:*:*)
- cc="$ccbase -O2 $cc21"
- ;;
- auto:aix-*:-:-:*:-)
- cc="$ccbase -O2 $ccpp"
- ;;
- auto:*:armv7l-:*)
- cc="$ccbase -O2 $ccarm"
- ;;
- auto:*)
- cc="$ccbase -O2"
- ;;
-esac
-
-cat warn-auto.sh
-echo exec "$cc" ${ccqlibs} ${ccssl} '-c ${1+"$@"}'
diff --git a/src/print-ccperl.sh b/src/print-ccperl.sh
deleted file mode 100644
index 9cda68d..0000000
--- a/src/print-ccperl.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-ccopts="`head -1 ../conf-ccperl`"
-runperl="`head -1 ../conf-perl`"
-
-case "$ccopts" in
- auto)
- ccopts="`$runperl -MExtUtils::Embed -e ccopts`"
- ;;
-esac
-
-echo "$ccopts"
diff --git a/src/print-dl.sh b/src/print-dl.sh
deleted file mode 100644
index faa491c..0000000
--- a/src/print-dl.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-ssllib="`head -1 ../conf-ssllib`"
-
-dlflag=0
-
-rm -f trycpp.o
-
-dlflag=`cc -c tryssl.c -ldl 2>&1 | wc -l`
-if [ $dlflag -eq 0 ]; then
- ssllib="$ssllib -ldl"
-fi
-
-rm -f trycpp.o
-
-echo $ssllib
diff --git a/src/print-ld.sh b/src/print-ld.sh
deleted file mode 100644
index c13472c..0000000
--- a/src/print-ld.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-ld="`head -1 ../conf-ld`"
-qlibs="`head -1 ../conf-qlibs`"
-systype="`cat systype`"
-
-flag=0
-
-rm -f trycpp.o
-
-flag=`cc -c tryssl.c -m64 2>&1 | wc -l`
-if [ $flag -eq 0 ]; then
- ld="$ld -m64"
-fi
-
-rm -f trycpp.o
-
-cat warn-auto.sh
-echo 'main="$1"; shift'
-echo exec "$ld" -L"${qlibs}" '-o "$main" "$main".o ${1+"$@"} -ldnsresolv -lqlibs'
diff --git a/src/print-ldperl.sh b/src/print-ldperl.sh
deleted file mode 100644
index 02331f0..0000000
--- a/src/print-ldperl.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-ldopts="`head -1 ../conf-ldperl`"
-runperl="`head -1 ../conf-perl`"
-
-case "$ldopts" in
- auto)
- ldopts="`$runperl -MExtUtils::Embed -e ldopts`"
- ;;
-esac
-
-echo "$ldopts"
diff --git a/src/print-perlembed.sh b/src/print-perlembed.sh
deleted file mode 100644
index 337da8e..0000000
--- a/src/print-perlembed.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-ldopts="`head -1 ../conf-ldperl`"
-runperl="`head -1 ../conf-perl`"
-
-case "$ldopts" in
- auto)
- ldopts="$runperl -MExtUtils::Embed -e ldopts"
- ;;
-esac
-
-echo "$ldopts"
diff --git a/src/rts.base b/src/rts.base
deleted file mode 100644
index 0096007..0000000
--- a/src/rts.base
+++ /dev/null
@@ -1,329 +0,0 @@
-#!/bin/sh
-# Assumptions:
-# ucspi-tcp
-# available TCP ports on ::1: 50013--50021
-# 127.0.0.1 is resolved as 'localhost'
-# ::1/128 is resolved as 'ip6-loopback'
-# 0.0.0.0 and ::/128 is resolved as 'localnet'
-#
-# $here is ucspi-ssl current directory
-#
-# Not tested:
-# setting UID or GID
-# rules
-# write timeout
-
-echo '---> test sslserver + sslclient: four instances of sslserver (ports 50013, 50014, 50015, 50016) are used'
-echo '---> sslserver @port 50015 requires client certs'
-echo '++++'
-
-sslserver -w 2 \
--s -E -c 1 -Bbanner -Vo -D -1 -3 -Xx rules.cdb -Rt5 -h -l Localserver -b 2 \
-::1 50016 ./print 3< $CADIR/::1.pw > log.50016 2>&1 &
-pid_50016=$!
-
-sslserver -w 2 \
--s -e -c 1 -Bbanner -Vo -D -1 -3 -Xx rules.cdb -Rt5 -h -l Localserver -b 2 -m \
-::1 50015 ./print 3< $CADIR/::1.pw > log.50015 2>&1 &
-pid_50015=$!
-
-CIPHERS='' sslserver -w 2 \
--s -e -c 1 -Bbanner -Vo -D -1 -3 -Xx rules.cdb -Rt5 -h -l Localserver -b 2 \
-::1 50014 ./print >log.50014 3< $CADIR/::1.pw 2>&1 &
-pid_50014=$!
-sleep 1
-
-sslserver -w 2 \
--s -e -c 1 -Bbanner -Vo -D -1 -3 -Xx rules.cdb -Rt5 -h -l Localserver -b 2 \
-::1 50013 cat - >log.50013 3< $CADIR/::1.pw 2>&1 &
-pid_50013=$!
-sleep 1
-
-echo '---> test sslclient/sslserver behavior with wrong parm (timeout 2 secs)'
-echo '++++'
-
-echo '--- sslclient prints usage message without enough arguments'
-sslclient -T2 0 0; echo $?
-
-echo '--- sslclient prints error message with unknown port name'
-sslclient -T2 0 nonexistentport echo wrong; echo $?
-
-echo '--- sslclient prints error message when connection fails'
-sslclient -T2 0 016 echo wrong; echo $?
-
-echo '--- sslclient -q does not print error message when connection fails'
-sslclient -T2 -q 0 016 echo wrong; echo $?
-
-echo '--- sslclient prints error message with unknown host name'
-sslclient nonexistent.local. 016 echo wrong; echo $?
-
-echo '--- sslclient prints error message with unresolvable host name'
-sslclient thislabelistoolongbecausednshasalimitof63charactersinasinglelabel. 50016 echo wrong; echo $?
-
-echo '--- sslserver prints usage message without enough arguments'
-sslserver 0 0; echo $?
-
-echo '--- sslserver prints error message with unknown port name'
-sslserver 0 nonexistentport echo wrong; echo $?
-
-echo '--- sslserver prints error message with unknown host name'
-sslserver nonexistent.local. 016 echo wrong; echo $?
-
-echo '--- sslserver prints error message with unresolvable host name'
-sslserver thislabelistoolongbecausednshasalimitof63charactersinasinglelabel. 50016 echo wrong; echo $?
-
-echo '--- sslserver prints error message with non-local host name'
-( sslserver 1.2.3.4 016 echo wrong 2>&1
- echo $?
-) | sed -e 's/unable to bind to: .*/unable to bind to: .../'
-
-
-echo '---> test sslclient to connect to sslserver (on different port; note: cert verify will fail on localhost)'
-echo '++++'
-
-echo '--- sslclient sets basic environment variables'
-{
- sslclient -p 50017 -R -N -H -T 10 -l Local -a "$CAFILE" ::1 50016 sh -c 'cat <&6'
- echo $?
-} | sed -e 's/unable to bind to: .*/unable to bind to: .../'
-
-
-echo '--- sslserver -e also sets TCP environment variables'
-{
- sslclient -p 50018 -e -S -R -N -H -T 10 -l Local -a "$CAFILE" ::1 50016 sh -c 'cat <&6'
- echo $?
-} | sanitize
-
-echo '--- sslclient recognizes -D, -z, -r, -h, -t (with elective cipher)'
-{
- sslclient -p 50019 -N -D -r -t1 -l Local -a "$CAFILE" \
- -z 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256' \
- ::1 50016 sh -c 'cat <&6'
- echo $?
-}
-#} | sanitize
-
-echo '--- sslclient sets basic environment variables'
-{
- sslclient -p 50020 -R -N -H -l Local -a "$CAFILE" ::1 50016 ./print
- echo $?
-} | sanitize
-
-echo '--- sslclient -e sets TCP environment variables'
-{
- sslclient -p 50021 -e -R -N -H -l Local -a "$CAFILE" ::1 50016 ./print
- echo $?
-} | sanitize
-
-echo '--- sslclient -s sets TLS environment variables'
-{
- sslclient -p 50022 -s -R -N -H -l Local -a "$CAFILE" ::1 50016 ./print
- echo $?
-} | sanitize
-
-echo '--- sslclient looks up host names properly (localhost. -> ip6-loopback)'
-{
- sslclient -p 50023 -R -N -a "$CAFILE" localhost. 50016 ./print
- echo $?
-} | sanitize
-
-echo '--- sslclient -v works'
-sslclient -p 50024 -v -R -N -H -l Local -a "$CAFILE" ::1 50016 echo ok
-echo $?
-
-echo '--- sslserver -N does not check certificates CN'
-( exec 2>&1
- sslclient -p 50025 -v -R -H -N -l ip6-localhost -a "$CAFILE" -X ::1 50014 sh -c 'sleep 1; echo ok'
- echo $?
-) | sanitize
-
-echo '--- sslserver and sslclient print errors for incompatible cipher lists for TLS < 1.3'
-( exec 2>&1
- sslclient -p 50026 -v -R -H -N -l ip6-localhost -z 'FOOBAR' -a "$CAFILE" ::1 50014 \
- sh -c 'sleep 1; echo ok'
- echo $?
-) | sanitize
-
-echo '--- sslclient -X ignores any server certificate'
-( exec 2>&1
- sslclient -p 50027 -v -R -H -l ip6-localhost -X ::1 50014 \
- sh -c 'sleep 1; echo ok'
- echo $?
-) | sanitize
-
-echo '--- sslclient -n checks hostname with certificates SAN/CN'
-( exec 2>&1
- sslclient -p 50027 -v -R -H -l ip6-localhost -a "$CAFILE" ::1 50014 \
- sh -c 'sleep 1; echo ok'
- echo $?
-) | sanitize
-
-echo '---> test sslclient to connect to sslserver requiring client cert'
-echo '++++'
-
-echo '--- sslserver prints error for no client certificate'
-( exec 2>&1
- sslclient -p 50028 -v -R -N -h -l ip6-localhost -a "$CAFILE" ::1 50015 \
- sh -c 'sleep 1; echo ok'
- echo $?
-) | sanitize
-
-echo '--- sslserver prints error for bad client certificate'
-( exec 2>&1
- exec 3< $CADIR/::1.pw
- sslclient -p 50029 -v -R -h -l ip6-localhost -a "$CAFILE" -c "$CERTFILE" -k "$KEYFILE" -3 \
- ::1 50015 sh -c 'sleep 1; echo ok'
- echo $?
-) | sanitize
-
-echo '--- sslclient uses certificates'
-( exec 2>&1
- exec 3< $CADIR/localhost.pw
- sslclient -p 50030 -v -s -R -N -h -l ip6-localhost -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3 \
- ::1 50015 sh -c 'cat <&6; ./print'
- echo $?
-) | sanitize
-
-echo '---> test sslcat to connect to sslserver@5016'
-echo '++++'
-
-echo '--- sslcat works'
-{
- sslcat ::1 50013 -N -a "$CAFILE" -N
- echo $?
-} | sanitize
-
-echo '--- sslconnect works'
-{
- sslconnect ::1 50013 -N -a "$CAFILE" </dev/null
- echo $?
-} | sanitize
-
-echo '--- https@ works'
-https@ ::1 somefile 50013 -X -a "$CAFILE"
-echo $?
-
-
-echo '---> test sslconnect to connect to sslserver@5013'
-echo '++++'
-
-
-echo '--- sslclient and sslserver handle larger data'
-( exec 2>&1
- exec 3< $CADIR/localhost.pw
- { for i in 0 1 2 3 4 5 6 7 8 9
- do
- for j in 0 1 2 3 4 5 6 7 8 9
- do
- for k in 0 1 2 3 4 5 6 7 8 9
- do
- echo "abcdefghijklmnopqrstuvwxyz"
- echo "abcdefghijklmnopqrstuvwxyz"
- echo "abcdefghijklmnopqrstuvwxyz"
- echo "abcdefghijklmnopqrstuvwxyz"
- done
- done
- done
- } | sslconnect ::1 50013 -v -s -N \
- -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3 > /dev/null
- echo $?
-) | sanitize
-
-echo '--- sslserver times out'
-( exec 2>&1
- exec 3< $CADIR/localhost.pw
- ( exec echo hereur ) | sslconnect ::1 50013 -v -s -N \
- -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3
- echo $?
-) | sanitize
-
-( exec 2>&1
- exec 3< $CADIR/localhost.pw
- ( sleep 6; exec echo hereur; ) | sslconnect ::1 50013 -v -s -N \
- -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3
- echo $?
-) | sanitize
-
-## Kill all sslserver processes
-
-kill -TERM $pid_50013
-kill -TERM $pid_50014
-kill -TERM $pid_50015
-kill -TERM $pid_50016
-wait $pid_50013
-wait $pid_50014
-wait $pid_50015
-wait $pid_50016
-
-echo '---> test sslprint@50021'
-echo '++++'
-
-
-sslprint \
--s -c 1 -Bsslprint -vo -D -e -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \
-::1 50021 3< $CADIR/::1.pw > log.sslprint 2>&1 &
-pid_50021=$!
-sleep 2
-
-echo '--- sslprint prints usage message without enough arguments'
-sslprint 0; echo $?
-
-echo '--- sslprint prints error message with unknown port name'
-sslprint 0 nonexistentport; echo $?
-
-echo '--- sslprint prints error message with unknown host name'
-sslprint nonexistent.local. 016; echo $?
-
-echo '--- sslprint prints error message with unresolvable host name'
-sslprint thislabelistoolongbecausednshasalimitof63charactersinasinglelabel. 016; echo $?
-
-echo '--- sslprint prints error message with non-local host name'
-( sslprint 1.2.3.4 16 2>&1
- echo $?
-) | sed -e 's/unable to bind to: .*/unable to bind to: .../'
-
-
-echo '--- sslprint prints error message with used port'
-sslprint -R -H -l Localserver ::1 50021 echo wrong
-echo $?
-
-echo '--- sslprint sets basic environment variables'
-{ sslclient -R -H -T 5 -l Local -a "$CAFILE" -N ::1 50021 sh -c 'cat <&6'
- echo $?
-} | sanitize
-
-echo '--- sslprint exits when environment changes'
-{ sslclient -R -H -T 5 -l Local -a "$CAFILE" -N ::1 50021 sh -c 'cat <&6'
- echo $?
-} | sanitize
-
-echo '--- sslprint does not lose descriptors'
-{ sslclient -R -H -T 5 -l Local -a "$CAFILE" -N ::1 50021 sh -c 'cat <&6' \
- 0<&- 2<&-
- echo $?
-} | sanitize
-
-sleep 1
-kill -TERM $pid_50021
-wait $pid_50021
-
-
-echo '--- sslserver -1v prints proper messages'
-cat log.50016 log.50015 log.50014 log.50013 log.sslprint | \
-sed -e 's/::*/::x/' \
- -e 's} [0-9]* } x }g' \
- -e 's} ip6-loopback:::1::[0-9]*} ip6-loopback:::1::x}' \
- -e 's} :::1:[0-9]*} :::1:x}' \
- -e 's} cafile x .*/\([^/]*\)} cafile x xxx/\1}' \
- -e 's} ccafile x .*/\([^/]*\)} ccafile x xxx/\1}' \
- -e 's} cadir x .*/\([^/]*\)} cadir x xxx/\1}' \
- -e 's} cert x .*/\([^/]*\)} cert x xxx/\1}' \
- -e 's} key x .*/\([^/]*\)} key x xxx/\1}' \
- -e 's} dhparam x .*} dhparam x xxx}' \
- -e 's} speak TLS: .*} speak TLS: ...}' \
- -e 's} accept TLS: .*} accept TLS: ...}' \
- -e 's} done [0-9]*$} done ...}' \
- -e 's} Localserver:::1:[0-9]*} Localserver:::1:x}' \
- -e 's} ip6-localnet:::::[0-9]*} ip6-localnet:::::x}' \
- -e 's} valid client cert received for pid: .*} valid client cert received for pid: ...}'
-
diff --git a/src/rts.it b/src/rts.it
deleted file mode 100644
index 7c0fa0e..0000000
--- a/src/rts.it
+++ /dev/null
@@ -1,197 +0,0 @@
-# Umbrella script to provide *SSL environment
-# and helper functions
-
-PATH="`pwd`:$PATH"
-CADIR=`pwd | cut -d':' -f1 | sed s/compile/etc/`
-
-# include the ssl and crypto libs by means of LD_LIBRARY_PATH
-#export LD_LIBRARY_PATH="/home/ucspi/_SSL/libressl-3.7.2/ssl/.libs:/home/ucspi/_SSL/libressl-3.7.2/crypto/.libs"
-export LD_LIBRARY_PATH="/home/ucspi/_SSL/openssl-3.2.0-alpha2"
-
-rm -rf rts-tmp
-mkdir rts-tmp
-cd rts-tmp
-
-CAFILE="$CADIR/rootCA_cert.pem"
-if [ ! -f $CAFILE ]
-then
- echo "$CAFILE does no exist!"
- exit 1
-fi
-CERTFILE="$CADIR/::1_cert.pem"
-if [ ! -f $CERTFILE ]
-then
- echo "$CERTFILE does no exist!"
- exit 1
-fi
-CHAINFILE="$CADIR/chain6.pem"
-if [ ! -f $CHAINFILE ]
-then
- echo "$CHAINFILE does no exist!"
- exit 1
-fi
-KEYFILE="$CADIR/::1_key.pem"
-if [ ! -f $KEYFILE ]
-then
- echo "$KEYFILE does no exist!"
- exit 1
-fi
-CCAFILE="$CADIR/rootCA_cert.pem"
-if [ ! -f $CCAFILE ]
-then
- echo "$CCAFILE does no exist!"
- exit 1
-fi
-CCERTFILE="$CADIR/localhost_cert.pem"
-if [ ! -f $CCERTFILE ]
-then
- echo "$CCERTFILE does no exist!"
- exit 1
-fi
-CKEYFILE="$CADIR/localhost_key.pem"
-if [ ! -f $CKEYFILE ]
-then
- echo "$CKEYFILE does no exist!"
- exit 1
-fi
-DHFILE="$CADIR/dh2048.pem"
-if [ ! -f $DHFILE ]
-then
- echo "$DHFILE does no exist!"
- exit 1
-fi
-
-export CADIR CAFILE CCAFILE CERTFILE CHAINFILE KEYFILE CCERTFILE CKEYFILE DHFILE
-
-# Create ./print file
-
-echo '#!/bin/sh
-# trap "" 13
- echo ""
- echo PROTO="$PROTO"
- echo SSLLOCALHOST="${SSLLOCALHOST-unset}"
- echo SSLLOCALIP="${SSLLOCALIP-unset}"
- echo SSLLOCALPORT="${SSLLOCALPORT-unset}"
- echo SSLREMOTEHOST="${SSLREMOTEHOST-unset}"
- echo SSLREMOTEIP="${SSLREMOTEIP-unset}"
- echo SSLREMOTEPORT="${SSLREMOTEPORT-unset}"
- echo SSLREMOTEINFO="${SSLREMOTEINFO-unset}"
-
- echo TCPLOCALHOST="${TCPLOCALHOST-unset}"
- echo TCPLOCALIP="${TCPLOCALIP-unset}"
- echo TCPLOCALPORT="${TCPLOCALPORT-unset}"
-
- echo TCPREMOTEHOST="${TCPREMOTEHOST-unset}"
- echo TCPREMOTEIP="${TCPREMOTEIP-unset}"
- echo TCPREMOTEPORT="${TCPREMOTEPORT-unset}"
- echo TCPREMOTEINFO="${TCPREMOTEINFO-unset}"
-
- echo TCP6REMOTEHOST="${TCP6REMOTEHOST-unset}"
- echo TCP6REMOTEIP="${TCP6REMOTEIP-unset}"
- echo TCP6REMOTEPORT="${TCP6REMOTEPORT-unset}"
-
- echo SSL_PROTOCOL="${SSL_PROTOCOL-unset}"
- echo SSL_SESSION_ID="${SSL_SESSION_ID-unset}"
- echo SSL_CIPHER="${SSL_CIPHER-unset}"
- echo SSL_CIPHER_EXPORT="${SSL_CIPHER_EXPORT-unset}"
- echo SSL_CIPHER_USEKEYSIZE="${SSL_CIPHER_USEKEYSIZE-unset}"
- echo SSL_CIPHER_ALGKEYSIZE="${SSL_CIPHER_ALGKEYSIZE-unset}"
- echo SSL_VERSION_INTERFACE="${SSL_VERSION_INTERFACE-unset}"
- echo SSL_VERSION_LIBRARY="${SSL_VERSION_LIBRARY-unset}"
-
- echo SSL_SERVER_M_VERSION="${SSL_SERVER_M_VERSION-unset}"
- echo SSL_SERVER_M_SERIAL="${SSL_SERVER_M_SERIAL-unset}"
- echo SSL_SERVER_S_DN="${SSL_SERVER_S_DN-unset}"
- echo SSL_SERVER_S_DN_C="${SSL_SERVER_S_DN_C-unset}"
- echo SSL_SERVER_S_DN_ST="${SSL_SERVER_S_DN_ST-unset}"
- echo SSL_SERVER_S_DN_L="${SSL_SERVER_S_DN_L-unset}"
- echo SSL_SERVER_S_DN_O="${SSL_SERVER_S_DN_O-unset}"
- echo SSL_SERVER_S_DN_OU="${SSL_SERVER_S_DN_OU-unset}"
- echo SSL_SERVER_S_DN_CN="${SSL_SERVER_S_DN_CN-unset}"
- echo SSL_SERVER_S_DN_T="${SSL_SERVER_S_DN_T-unset}"
- echo SSL_SERVER_S_DN_I="${SSL_SERVER_S_DN_I-unset}"
- echo SSL_SERVER_S_DN_G="${SSL_SERVER_S_DN_G-unset}"
- echo SSL_SERVER_S_DN_S="${SSL_SERVER_S_DN_S-unset}"
- echo SSL_SERVER_S_DN_D="${SSL_SERVER_S_DN_D-unset}"
- echo SSL_SERVER_S_DN_UID="${SSL_SERVER_S_DN_UID-unset}"
- echo SSL_SERVER_S_DN_Email="${SSL_SERVER_S_DN_Email-unset}"
- echo SSL_SERVER_I_DN="${SSL_SERVER_I_DN-unset}"
- echo SSL_SERVER_I_DN_C="${SSL_SERVER_I_DN_C-unset}"
- echo SSL_SERVER_I_DN_ST="${SSL_SERVER_I_DN_ST-unset}"
- echo SSL_SERVER_I_DN_L="${SSL_SERVER_I_DN_L-unset}"
- echo SSL_SERVER_I_DN_O="${SSL_SERVER_I_DN_O-unset}"
- echo SSL_SERVER_I_DN_OU="${SSL_SERVER_I_DN_OU-unset}"
- echo SSL_SERVER_I_DN_CN="${SSL_SERVER_I_DN_CN-unset}"
- echo SSL_SERVER_I_DN_T="${SSL_SERVER_I_DN_T-unset}"
- echo SSL_SERVER_I_DN_I="${SSL_SERVER_I_DN_I-unset}"
- echo SSL_SERVER_I_DN_G="${SSL_SERVER_I_DN_G-unset}"
- echo SSL_SERVER_I_DN_S="${SSL_SERVER_I_DN_S-unset}"
- echo SSL_SERVER_I_DN_D="${SSL_SERVER_I_DN_D-unset}"
- echo SSL_SERVER_I_DN_UID="${SSL_SERVER_I_DN_UID-unset}"
- echo SSL_SERVER_I_DN_Email="${SSL_SERVER_I_DN_Email-unset}"
- echo SSL_SERVER_V_START="${SSL_SERVER_V_START-unset}"
- echo SSL_SERVER_V_END="${SSL_SERVER_V_END-unset}"
- echo SSL_SERVER_A_SIG="${SSL_SERVER_A_SIG-unset}"
- echo SSL_SERVER_A_KEY="${SSL_SERVER_A_KEY-unset}"
- echo SSL_SERVER_CERT="${SSL_SERVER_CERT-unset}"
-
- echo SSL_CLIENT_M_VERSION="${SSL_CLIENT_M_VERSION-unset}"
- echo SSL_CLIENT_M_SERIAL="${SSL_CLIENT_M_SERIAL-unset}"
- echo SSL_CLIENT_S_DN="${SSL_CLIENT_S_DN-unset}"
- echo SSL_CLIENT_S_DN_C="${SSL_CLIENT_S_DN_C-unset}"
- echo SSL_CLIENT_S_DN_ST="${SSL_CLIENT_S_DN_ST-unset}"
- echo SSL_CLIENT_S_DN_L="${SSL_CLIENT_S_DN_L-unset}"
- echo SSL_CLIENT_S_DN_O="${SSL_CLIENT_S_DN_O-unset}"
- echo SSL_CLIENT_S_DN_OU="${SSL_CLIENT_S_DN_OU-unset}"
- echo SSL_CLIENT_S_DN_CN="${SSL_CLIENT_S_DN_CN-unset}"
- echo SSL_CLIENT_S_DN_T="${SSL_CLIENT_S_DN_T-unset}"
- echo SSL_CLIENT_S_DN_I="${SSL_CLIENT_S_DN_I-unset}"
- echo SSL_CLIENT_S_DN_G="${SSL_CLIENT_S_DN_G-unset}"
- echo SSL_CLIENT_S_DN_S="${SSL_CLIENT_S_DN_S-unset}"
- echo SSL_CLIENT_S_DN_D="${SSL_CLIENT_S_DN_D-unset}"
- echo SSL_CLIENT_S_DN_UID="${SSL_CLIENT_S_DN_UID-unset}"
- echo SSL_CLIENT_S_DN_Email="${SSL_CLIENT_S_DN_Email-unset}"
- echo SSL_CLIENT_I_DN="${SSL_CLIENT_I_DN-unset}"
- echo SSL_CLIENT_I_DN_C="${SSL_CLIENT_I_DN_C-unset}"
- echo SSL_CLIENT_I_DN_ST="${SSL_CLIENT_I_DN_ST-unset}"
- echo SSL_CLIENT_I_DN_L="${SSL_CLIENT_I_DN_L-unset}"
- echo SSL_CLIENT_I_DN_O="${SSL_CLIENT_I_DN_O-unset}"
- echo SSL_CLIENT_I_DN_OU="${SSL_CLIENT_I_DN_OU-unset}"
- echo SSL_CLIENT_I_DN_CN="${SSL_CLIENT_I_DN_CN-unset}"
- echo SSL_CLIENT_I_DN_T="${SSL_CLIENT_I_DN_T-unset}"
- echo SSL_CLIENT_I_DN_I="${SSL_CLIENT_I_DN_I-unset}"
- echo SSL_CLIENT_I_DN_G="${SSL_CLIENT_I_DN_G-unset}"
- echo SSL_CLIENT_I_DN_S="${SSL_CLIENT_I_DN_S-unset}"
- echo SSL_CLIENT_I_DN_D="${SSL_CLIENT_I_DN_D-unset}"
- echo SSL_CLIENT_I_DN_UID="${SSL_CLIENT_I_DN_UID-unset}"
- echo SSL_CLIENT_I_DN_Email="${SSL_CLIENT_I_DN_Email-unset}"
- echo SSL_CLIENT_V_START="${SSL_CLIENT_V_START-unset}"
- echo SSL_CLIENT_V_END="${SSL_CLIENT_V_END-unset}"
- echo SSL_CLIENT_A_SIG="${SSL_CLIENT_A_SIG-unset}"
- echo SSL_CLIENT_A_KEY="${SSL_CLIENT_A_KEY-unset}"
- echo SSL_CLIENT_CERT="${SSL_CLIENT_CERT-unset}"
- echo SSL_CLIENT_CERT_CHAIN_0="${SSL_CLIENT_CERT_CHAIN_0-unset}"
- echo SSL_CLIENT_CERT_CHAIN_1="${SSL_CLIENT_CERT_CHAIN_1-unset}"
-' > print
-chmod 755 print
-
-
-# Sanitze output
-
-sanitize() {
- sed -e 's/^SSL_SESSION_ID=.*/SSL_SESSION_ID=.../' \
- -e 's/^SSLREMOTEPORT=.*/SSLREMOTEPORT=.../' \
- -e 's/^SSLLOCALPORT=.*/SSLLOCALPORT=.../' \
- -e 's/^TCPREMOTEPORT=.*/TCPREMOTEPORT=.../' \
- -e 's/^TCP6REMOTEPORT=.*/TCP6REMOTEPORT=.../' \
- -e 's/^TCPLOCALPORT=.*/TCPLOCALPORT=.../' \
- -e 's/^SSL_VERSION_LIBRARY=.*/SSL_VERSION_LIBRARY=.../' \
- -e 's/^SSL_CIPHER_USEKEYSIZE=.*/SSL_CIPHER_USEKEYSIZE=.../' \
- -e 's/^SSL_CIPHER_ALGKEYSIZE=.*/SSL_CIPHER_ALGKEYSIZE=.../' \
- -e 's/^SSL_CIPHER=.*/SSL_CIPHER=.../' \
- -e 's/^SSL_PROTOCOL=TLSv1.*/SSL_PROTOCOL=TLSv1.../' \
- -e 's/Localserver:::1:[0-9]*/Localserver:::1:... /' \
- -e 's/ip6-localnet:::::[0-9]*/ip6-localnet:::::.../'
-}
-
-# done
diff --git a/src/rts.sslperl b/src/rts.sslperl
deleted file mode 100644
index 3d1e560..0000000
--- a/src/rts.sslperl
+++ /dev/null
@@ -1,157 +0,0 @@
-# Assumptions:
-# available TCP ports on 127.0.0.1: 50022
-
-echo 'package Embedded::test;
-my $n = 0;
-$| = 1;
-sub server (@) {
- ++$n;
- print STDERR "log: Hello, World! ($n): @_\n";
- print "Hello, World! ($n): @_\n";
-
- $n > 1 and exit(0);
-}
-1;
-' > hello.pm
-
-sanitize() {
- sed -e 's/^SSL_SESSION_ID=.*/SSL_SESSION_ID=.../' \
- -e 's/^SSLREMOTEPORT=.*/SSLREMOTEPORT=.../' \
- -e 's/^SSLLOCALPORT=.*/SSLLOCALPORT=.../' \
- -e 's/^TCPREMOTEPORT=.*/TCPREMOTEPORT=.../' \
- -e 's/^TCP6REMOTEPORT=.*/TCP6REMOTEPORT=.../' \
- -e 's/^TCPLOCALPORT=.*/TCPLOCALPORT=.../' \
- -e 's/^SSL_VERSION_LIBRARY=.*/SSL_VERSION_LIBRARY=.../' \
- -e 's/^SSL_CIPHER_USEKEYSIZE=.*/SSL_CIPHER_USEKEYSIZE=.../' \
- -e 's/^SSL_CIPHER_ALGKEYSIZE=.*/SSL_CIPHER_ALGKEYSIZE=.../' \
- -e 's/^SSL_CIPHER=.*/SSL_CIPHER=.../' \
- -e 's/^SSL_PROTOCOL=TLSv1.*/SSL_PROTOCOL=TLSv1.../'
-}
-
-sslperl -w 2 \
--s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \
--a -A \
-127.0.0.1 50022 hello.pm 'Embedded::test::server' here you are \
-3< $CADIR/127.0.0.1.pw >log.50022 2>&1 &
-pid_50022=$!
-sleep 2
-
-echo '--- sslperl works'
-{ sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6'
- echo $?
-} | sanitize
-{ sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6'
- echo $?
-} | sanitize
-{ sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6'
- echo $?
-} | sanitize
-{ sslclient -R -N -H -T 10 -l Local -X -4 0 50022 sh -c 'cat <&6'
- echo $?
-} | sanitize
-
-echo '--- sslperl prints usage message without enough arguments'
-sslperl 0; echo $?
-
-echo '--- sslperl prints error message with unknown port name'
-sslperl 0 nonexistentport echo wrong; echo $?
-
-echo '--- sslperl prints error message with unknown host name'
-sslperl nonexistent.local. 016 echo wrong; echo $?
-
-echo '--- sslperl prints error message with unresolvable host name'
-sslperl thislabelistoolongbecausednshasalimitof63charactersinasinglelabel. 50022 echo wrong; echo $?
-
-echo '--- sslperl prints error message with non-local host name'
-( sslperl 1.2.3.4 016 echo wrong 2>&1
- echo $?
-) | sed -e 's/unable to bind: .*$/unable to bind: .../'
-
-kill -TERM $pid_50022
-wait $pid_50022
-
-echo '--- sslperl preserves environment'
-echo 'package Embedded::test;
-my $n = 0;
-$| = 1;
-sub server () {
- print STDERR "log: NOW=$ENV{NOW}\n";
- print STDERR "log: changed environment\n";
- print " changed environment\n";
- $ENV{'HERE'} = 'NOW';
-}
-1;
-' > hello.pm
-
-sslperl -w 2 \
--s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \
--a -A \
-127.0.0.1 50022 hello.pm 'Embedded::test::server' here you are \
-3< $CADIR/127.0.0.1.pw >>log.50022 2>&1 &
-pid_50022=$!
-sleep 2
-
-{ sslclient -R -N -H -T 10 -l Local -a "$CAFILE" -4 0 50022 sh -c 'cat <&6'
- echo $?
-} | sanitize
-
-kill -TERM $pid_50022
-wait $pid_50022
-
-echo '--- sslperl handles larger requests'
-echo 'package Embedded::test;
-my $n = 0;
-$| = 1;
-sub server (@) {
- print @_;
- while(<>) {
- print $_;
- }
-}
-1;
-' > echo.pm
-
-sslperl -w 2 \
--s -c 1 -Bsslperl -vo -D -1 -3 -Xx rules.cdb -Rt5 -hp -l Localserver -b 2 \
--a -A \
-127.0.0.1 50022 echo.pm 'Embedded::test::server' here you are \
-3< $CADIR/127.0.0.1.pw >>log.50022 2>&1 &
-pid_50022=$!
-sleep 2
-
-( exec 2>&1
- exec 3< $CADIR/localhost.pw
- { for i in 0 1 2 3 4 5 6 7 8 9
- do
- for j in 0 1 2 3 4 5 6 7 8 9
- do
- for k in 0 1 2 3 4 5 6 7 8 9
- do
- echo "abcdefghijklmnopqrstuvwxyz"
- echo "abcdefghijklmnopqrstuvwxyz"
- echo "abcdefghijklmnopqrstuvwxyz"
- echo "abcdefghijklmnopqrstuvwxyz"
- done
- done
- done
- } | sslconnect 127.0.0.1 50022 -v -s \
- -a "$CAFILE" -c "$CCERTFILE" -k "$CKEYFILE" -3 >/dev/null
- echo $?
-) | sanitize
-
-kill -TERM $pid_50022
-wait $pid_50022
-
-echo '--- sslserver -1v prints proper messages'
-cat log.50022 | \
-sed -e 's/::.*/::x/' -e 's/ [0-9]* / x /' \
- -e 's} cafile x .*/\([^/]*\)} cafile x xxx/\1}' \
- -e 's} ccafile x .*/\([^/]*\)} ccafile x xxx/\1}' \
- -e 's} cadir x .*/\([^/]*\)} cadir x xxx/\1}' \
- -e 's} cert x .*/\([^/]*\)} cert x xxx/\1}' \
- -e 's} key x .*/\([^/]*\)} key x xxx/\1}' \
- -e 's/ dhparam x .*/ dhparam x xxx/' \
- -e 's/ ecdhparam x .*/ ecdhparam x xxx/' \
- -e 's/ speak TLS: .*/ speak TLS: .../' \
- -e 's/ accept TLS: .*/ accept TLS: .../' \
- -e 's/ done [0-9]*$/ done .../'
diff --git a/src/select.h1 b/src/select.h1
deleted file mode 100644
index 68e971f..0000000
--- a/src/select.h1
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Public domain. */
-
-#ifndef SELECT_H
-#define SELECT_H
-
-/* sysdep: -sysselect */
-
-#include <sys/types.h>
-#include <sys/time.h>
-extern int select();
-
-#endif
diff --git a/src/select.h2 b/src/select.h2
deleted file mode 100644
index 4bd4fcf..0000000
--- a/src/select.h2
+++ /dev/null
@@ -1,13 +0,0 @@
-/* Public domain. */
-
-#ifndef SELECT_H
-#define SELECT_H
-
-/* sysdep: +sysselect */
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/select.h>
-extern int select();
-
-#endif
diff --git a/src/sslclient.c b/src/sslclient.c
index 1d4ce57..c546388 100644
--- a/src/sslclient.c
+++ b/src/sslclient.c
@@ -30,9 +30,7 @@
#include "byte.h"
#include "ndelay.h"
#include "wait.h"
-#include "auto_cafile.h"
-#include "auto_cadir.h"
-#include "auto_ciphers.h"
+#include "ucspissl-config.h"
#define WHO "sslclient"
diff --git a/src/sslhandle.c b/src/sslhandle.c
index f31cee9..5c68402 100644
--- a/src/sslhandle.c
+++ b/src/sslhandle.c
@@ -3,50 +3,44 @@
@author web, feh
@brief IPv6 enabled TLS framework for a preforking server
*/
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/param.h>
+#include <arpa/inet.h>
#include <netdb.h>
#include <signal.h>
-#include <arpa/inet.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "coe.h"
+#include "remoteinfo.h"
+#include "rules.h"
#include "ucspissl.h"
-#include "uint_t.h"
-#include "str.h"
-#include "byte.h"
-#include "fmt.h"
-#include "scan.h"
-#include "ip.h"
-#include "fd.h"
-#include "exit.h"
-#include "env.h"
-#include "prot.h"
-#include "open.h"
-#include "wait.h"
-#include "stralloc.h"
+#include "ucspissl-config.h"
+
#include "alloc.h"
#include "buffer.h"
+#include "byte.h"
+#include "dnsresolv.h"
+#include "env.h"
+#include "exit.h"
+#include "fd.h"
+#include "fmt.h"
#include "getln.h"
-#include "logmsg.h"
#include "getoptb.h"
-#include "socket_if.h"
+#include "ip.h"
+#include "lock.h"
+#include "logmsg.h"
+#include "iopause.h"
#include "ndelay.h"
-#include "remoteinfo.h"
-#include "rules.h"
+#include "open.h"
+#include "prot.h"
+#include "scan.h"
#include "sig.h"
-#include "iopause.h"
-#include "dnsresolv.h"
-#include "auto_cafile.h"
-#include "auto_cadir.h"
-#include "auto_ccafile.h"
-#include "auto_dhfile.h"
-#include "auto_certchainfile.h"
-#include "auto_certfile.h"
-#include "auto_keyfile.h"
-#include "auto_ciphers.h"
-#include "iopause.h"
-#include "coe.h"
-#include "lock.h"
+#include "socket_if.h"
+#include "str.h"
+#include "stralloc.h"
+#include "uint_t.h"
+#include "wait.h"
extern void server(int argcs,char * const *argvs);
@@ -508,7 +502,7 @@ void trigger(void) {
buffer_unixwrite(selfpipe[1],"",1);
}
-void sigterm(void) {
+void sigterm(int _) {
int pid;
flagexit = 1;
@@ -518,7 +512,7 @@ void sigterm(void) {
trigger();
}
-void sigchld(void) {
+void sigchld(int _) {
int wstat;
int pid;
diff --git a/src/sslserver.c b/src/sslserver.c
index b342430..a87162b 100644
--- a/src/sslserver.c
+++ b/src/sslserver.c
@@ -40,14 +40,7 @@
#include "sig.h"
#include "iopause.h"
#include "dnsresolv.h"
-#include "auto_cafile.h"
-#include "auto_cadir.h"
-#include "auto_ccafile.h"
-#include "auto_dhfile.h"
-#include "auto_certfile.h"
-#include "auto_certchainfile.h"
-#include "auto_keyfile.h"
-#include "auto_ciphers.h"
+#include "ucspissl-config.h"
#define WHO "sslserver"
@@ -678,12 +671,12 @@ void printstatus(void)
log_who(WHO,B("status: ",strnum,"/",strnum2,"/",strnum3));
}
-void sigterm(void)
+void sigterm(int _)
{
_exit(0);
}
-void sigchld(void)
+void sigchld(int _)
{
int wstat;
int pid;
diff --git a/src/trycpp.c b/src/trycpp.c
deleted file mode 100644
index e4503d4..0000000
--- a/src/trycpp.c
+++ /dev/null
@@ -1,9 +0,0 @@
-/* Public domain. */
-
-int main()
-{
-#ifdef NeXT
- printf("nextstep\n"); exit(0);
-#endif
- printf("unknown\n"); exit(0);
-}
diff --git a/src/trylsock.c b/src/trylsock.c
deleted file mode 100644
index c32bd40..0000000
--- a/src/trylsock.c
+++ /dev/null
@@ -1,4 +0,0 @@
-int main()
-{
- ;
-}
diff --git a/src/trysgact.c b/src/trysgact.c
deleted file mode 100644
index e264ef2..0000000
--- a/src/trysgact.c
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Public domain. */
-
-#include <signal.h>
-
-main()
-{
- struct sigaction sa;
- sa.sa_handler = 0;
- sa.sa_flags = 0;
- sigemptyset(&sa.sa_mask);
- sigaction(0,&sa,(struct sigaction *) 0);
-}
diff --git a/src/trysgprm.c b/src/trysgprm.c
deleted file mode 100644
index a46c82c..0000000
--- a/src/trysgprm.c
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Public domain. */
-
-#include <signal.h>
-
-main()
-{
- sigset_t ss;
-
- sigemptyset(&ss);
- sigaddset(&ss,SIGCHLD);
- sigprocmask(SIG_SETMASK,&ss,(sigset_t *) 0);
-}
diff --git a/src/tryshsgr.c b/src/tryshsgr.c
deleted file mode 100644
index c5ed6d6..0000000
--- a/src/tryshsgr.c
+++ /dev/null
@@ -1,16 +0,0 @@
-/* Public domain. */
-
-int main()
-{
- short x[4];
-
- x[0] = x[1] = 1;
- if (getgroups(1,x) == 0) if (setgroups(1,x) == -1) _exit(1);
-
- if (getgroups(1,x) == -1) _exit(1);
- if (x[1] != 1) _exit(1);
- x[1] = 2;
- if (getgroups(1,x) == -1) _exit(1);
- if (x[1] != 2) _exit(1);
- _exit(0);
-}
diff --git a/src/tryssl.c b/src/tryssl.c
deleted file mode 100644
index 81dc4d1..0000000
--- a/src/tryssl.c
+++ /dev/null
@@ -1,6 +0,0 @@
-#include <openssl/ssl.h>
-
-int main()
-{
- ;
-}
diff --git a/src/trysysel.c b/src/trysysel.c
deleted file mode 100644
index 5be862d..0000000
--- a/src/trysysel.c
+++ /dev/null
@@ -1,11 +0,0 @@
-/* Public domain. */
-
-#include <sys/types.h>
-#include <time.h>
-#include <sys/time.h>
-#include <sys/select.h> /* SVR4 silliness */
-
-void foo()
-{
- ;
-}
diff --git a/src/tryvfork.c b/src/tryvfork.c
deleted file mode 100644
index cc39699..0000000
--- a/src/tryvfork.c
+++ /dev/null
@@ -1,4 +0,0 @@
-main()
-{
- vfork();
-}
diff --git a/src/warn-auto.sh b/src/warn-auto.sh
deleted file mode 100644
index 36d2313..0000000
--- a/src/warn-auto.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-# WARNING: This file was auto-generated. Do not edit!
diff --git a/src/warn-shsgr b/src/warn-shsgr
deleted file mode 100644
index 37c351e..0000000
--- a/src/warn-shsgr
+++ /dev/null
@@ -1,3 +0,0 @@
-Oops. Your getgroups() returned 0, and setgroups() failed; this means
-that I can't reliably do my shsgr test. Please either ``make'' as root
-or ``make'' while you're in one or more supplementary groups.
diff --git a/src/x86cpuid.c b/src/x86cpuid.c
deleted file mode 100644
index f81c593..0000000
--- a/src/x86cpuid.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/* Public domain. */
-
-#include <signal.h>
-
-void nope()
-{
- exit(1);
-}
-
-int main()
-{
- unsigned long x[4];
- unsigned long y[4];
- int i;
- int j;
- char c;
-
- signal(SIGILL,nope);
-
- x[0] = 0;
- x[1] = 0;
- x[2] = 0;
- x[3] = 0;
-
- asm volatile(".byte 15;.byte 162" : "=a"(x[0]),"=b"(x[1]),"=c"(x[3]),"=d"(x[2]) : "0"(0) );
- if (!x[0]) return 0;
- asm volatile(".byte 15;.byte 162" : "=a"(y[0]),"=b"(y[1]),"=c"(y[2]),"=d"(y[3]) : "0"(1) );
-
- for (i = 1;i < 4;++i)
- for (j = 0;j < 4;++j) {
- c = x[i] >> (8 * j);
- if (c < 32) c = 32;
- if (c > 126) c = 126;
- putchar(c);
- }
-
- printf("-%08x-%08x\n",y[0],y[3]);
-
- return 0;
-}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-04 22:37:44 +0000