I wrote a C backend server that uses OpenSSL version 3.0.2 15 on Ubuntu 22.04.2 LTS.
The SSL certificate was issued by Lets Encrypt CA via Certbot(manual DNS CNAME challenge).
When I try to connect to the server using Firefox, some requests end up failing with the following error: SSL_ERROR_NO_CYPHER_OVERLAP. The error can be caught in Chrome once in a while although its much more frequent in Firefox.
Here is the full server code:I wrote a C backend server that uses OpenSSL version 3.0.2 15 on Ubuntu 22.04.2 LTS.
The SSL certificate was issued by Lets Encrypt CA via Certbot(manual DNS CNAME challenge).
When I try to connect to the server using Firefox, some requests end up failing with the following error: SSL_ERROR_NO_CYPHER_OVERLAP. The error can be caught in Chrome once in a while although its much more frequent in Firefox.
Here is the full server code:
//#include <mysql/mysql.h>#include <arpa/inet.h>#include <stdio.h>#include <stdlib.h>#include <pthread.h>#include <sys/socket.h>#include <linux/in.h>#include <unistd.h>#include <string.h>#include <errno.h>#include <openssl/ssl.h>#include <openssl/err.h>#include <sys/types.h>#include <sys/stat.h>#include <dirent.h>/* limits.h defines "PATH_MAX". */#include <limits.h>#include <stdbool.h>#include <fcntl.h>#include <sys/wait.h>#define BUFFER_SIZE 8192char HOME[PATH_MAX] = ""; // = "/home/user/backbone/www";char CERTPATH[PATH_MAX] = ""; // "/etc/letsencrypt/live/opaq.co.il/fullchain.pem";char KEYPATH[PATH_MAX] = ""; //"/etc/letsencrypt/live/opaq.co.il/privkey.pem";//#define LOG_FILE_PATH "/root/log.txt"char LOG_FILE_PATH[PATH_MAX] = ""; //"/home/user/backbone/log.txt";//MYSQL *conn;// FIFO file pathchar * myfifo = "/tmp/httpsd";int getConfig(){ FILE *fp; fp = fopen("/home/itamar/prod/config.txt", "r"); /*File open operation failed.*/ if (fp == NULL) return -1; int indent = 0; char arr[4][2][PATH_MAX]; for(int i = 0; i < 4; i++){ fscanf(fp, "%s", &arr[i][0] [0]); fscanf(fp, "%s", &arr[i][1] [0]);// printf("%s", arr[i][0]); if(strcmp("HOME",arr[i][0]) == 0) strcpy(HOME, arr[i][1]); if(strcmp("CERTPATH",arr[i][0]) == 0) strcpy(CERTPATH, arr[i][1]); if(strcmp("KEYPATH",arr[i][0]) == 0) strcpy(KEYPATH, arr[i][1]); if(strcmp("LOG_FILE_PATH",arr[i][0]) == 0) strcpy(LOG_FILE_PATH, arr[i][1]); //fscanf(fp, "%s", &arr[i][1] [0]); printf("%s: %s\n", arr[i][0], arr[i][1]); }/* for (indent = 0; fscanf(fp, "%s\n", buf) == 1; indent++){ printf("|%s\n",buf); strcpy(arr[indent%4][indent%2], buf); } for(int k = 0; k < 4; k++){ printf("%s %s\n",arr[k][0], arr[k][1]+3); if(strcmp(arr[k][0], "HOME")==0){ strcpy(HOME,arr[k][1]); } }*//*Appending your address into the file...*///fprintf(fp, "# %s\n", str);/*Closing the file...*/ fclose(fp); return 0;}//char mimes[50][2][256] = { {"html","text/html"}, {"htm","text/html"}, {"css","text/css"}, {"js" ,"text/javascript"}, {"gif" ,"image/gif"}, {"jpg" ,"image/jpeg"}, {"jpeg" ,"image/jpeg"}, {"png" ,"image/png"}, {"tiff" ,"image/tiff"}, {"ico" ,"image/x-icon"}, {"svg" ,"image/svg+xml"}, {"csv" ,"text/csv"}, {"txt" ,"text/plain"}, {"xml" ,"text/xml"}, {"mpeg" ,"audio/mpeg"}, {"mp4" ,"video/mp4"}, {"pdf" ,"application/pdf"}, };int telli(char *buf, const char *delim){ return strcspn(buf, delim);}char *tellC(char *buf, const char *delim, int offset, long size){ char *output = malloc((size + 1) * sizeof(char)); memset(output, '\0', size);// int length = strcspn(buf+offset, delim); strncpy(output, buf+offset, strcspn(buf+offset, delim) ); return output;}//--------- SSL FUNCTIONS ---------------------struct Folder { long size; char **arr; char **type;};typedef struct{ int sock; struct sockaddr address; int addr_len;} connection_t;SSL_CTX *ctx;int sock;struct Folder folder;//--------LOGGER-----------------------------int logger(char *str, bool verbose){ //MYSQL_RES *res;// MYSQL_ROW row;/* FILE *fp; fp = fopen(LOG_FILE_PATH, "a+"); //File open operation failed. if (fp == NULL) return -1; //Appending your address into the file... fprintf(fp, "# %s\n", str);*/ if(verbose) printf("| %s\n",str); //Closing the file... //fclose(fp);*/ /*char *sql= "INSERT INTO Requests(ip,request) VALUES (\"ip check\",\""; char sql2[6] = "\");"; char *sqlOut = malloc(8500); strcpy(sqlOut, sql); strcat(sqlOut, str); strcat(sqlOut, sql2); if (mysql_query(conn, sqlOut)) { fprintf(stderr, "%s\n", mysql_error(conn)); exit(1); }*/}//======END OF LOGGER========================int create_socket(int port){ int s; struct sockaddr_in addr; addr.sin_family = AF_INET; addr.sin_port = htons(port); addr.sin_addr.s_addr = htonl(INADDR_ANY); //inet_addr("82.80.232.19"); //htonl(INADDR_ANY); s = socket(AF_INET, SOCK_STREAM, 0); if (s < 0) { logger("Unable to create socket",true); //perror("Unable to create socket"); exit(EXIT_FAILURE); } int reuse = 1; if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR | SO_REUSEPORT, (const char*)&reuse, sizeof(reuse)) < 0) logger("INFO: setting sockopt SO_REUSEADR failed", true);//perror("setsockopt(SO_REUSEADDR) failed");// if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &(int){1}, sizeof(int)) < 0)// error("setsockopt(SO_REUSEADDR) failed"); if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) { //perror("Unable to bind"); logger("Unable to bind: will now exit with status EXIT_FAILURE", true); exit(EXIT_FAILURE); } if (listen(s, 1000000) < 0) { logger("FATAL: Listen Error. Will now exit",true); perror("Unable to listen"); exit(EXIT_FAILURE); } return s;}SSL_CTX *create_context(){ const SSL_METHOD *method; SSL_CTX *ctx; method = TLS_server_method();//SSLv23_server_method();//TLS_server_method(); ctx = SSL_CTX_new(method); if (!ctx) { logger("ALERT: Unable to create SSL Context, will now exit with status EXIT_FAILURE", true); //perror("Unable to create SSL context"); ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION); // SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); //SSL_CTX_set_cipher_list(ctx, "TLSv1.2:TLSv1:SSLv3:!SSLv2:HIGH:!MEDIUM:!LOW"); return ctx;}void configure_context(SSL_CTX *ctx){ /* Set the key and cert */ if (SSL_CTX_use_certificate_chain_file(ctx, CERTPATH) <= 0 ){ //, SSL_FILETYPE_PEM) <= 0) { logger("Cannot set fullchain cert @",true); logger(CERTPATH, true); logger("Will now exit with status EXIT_FAILURE", true); // if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } if (SSL_CTX_use_PrivateKey_file(ctx, KEYPATH, SSL_FILETYPE_PEM) <= 0 ) { logger("Cannot set private key @",true); logger(KEYPATH,true); logger("Will now exit with status EXIT_FAILURE",true); ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); }}//====== END OF SSL FUNCTIONS================//-------THREADS-----------------------------void * process(void * ptr){ //char * buffer; int len; connection_t * conn; //long addr = 0;printf("test\n");if (!ptr){ logger("INFO: Thread did not pass pointer. Exiting Thread. ",true); pthread_exit(0); return 0;}//printf("test1\n");conn = (connection_t *)ptr; //struct sockaddr_in addr; //unsigned int length = sizeof(addr); SSL *ssl; ssl = SSL_new(ctx); SSL_set_fd(ssl, conn->sock); //do{ int sslSock = SSL_accept(ssl); //===========-----accept--------=================-------- //do{ if(sslSock <= 0){ //if (SSL_accept(ssl) <= 0) { //printf("SSL ACCEPT ERROR\n"); //logger("SSL ACCEPT ERROR",true); logger("ALERT: SSL ACCEPT ERROR: Thread will now exit and return 0",true);// ERR_print_errors_fp(stderr); SSL_shutdown(ssl); close(conn->sock); SSL_free(ssl); pthread_exit(0); return 0; } else {/* int error = 0; socklen_t len = sizeof (error); int retval = getsockopt (conn->sock, SOL_SOCKET, SO_ERROR, &error, &len); if (retval != 0) { // there was a problem getting the error code fprintf(stderr, "error getting socket error code: %s\n", strerror(retval)); return 0; } if (error != 0) { // socket has a non zero error status fprintf(stderr, "socket error: %s\n", strerror(error)); }*/ //==================================================================== //printf("enter accept\n"); //log(request); long addr = (long)((struct sockaddr_in *)&conn->address)->sin_addr.s_addr; char address_str[64]; sprintf(address_str, "%d.%d.%d.%d", (int)((addr ) & 0xff), (int)((addr >> 8) & 0xff), (int)((addr >> 16) & 0xff), (int)((addr >> 24) & 0xff)); //char *acceptAddress; //acceptAddress = malloc(256); //strcpy(acceptAddress, "SSL Accepted Connection: "); //strcat(acceptAddress, address_str); // logger(acceptAddress,true); //printf("SSL Accepted Connection: ---vvv----"); //free(acceptAddress); //logger(address_str,true); //printf("IP: %s\n",address_str); //FILE* ptr;/* char *line = malloc(8192); char *elm = malloc(8192); char *request = malloc(8192); char *method = malloc(10); char *uri = malloc(2048); char *home = malloc(2090); strcpy(home, HOME); char *version = malloc(40);*/ printf("-----Before SSL_read----\n"); //char *request = malloc(8192*sizeof char); char *request = malloc((BUFFER_SIZE + 1) * sizeof(char)); memset(request, '\0', BUFFER_SIZE+1); int leng = SSL_read(ssl, request, BUFFER_SIZE*sizeof(char) ); if(leng <= 0){ SSL_shutdown(ssl); close(conn->sock); SSL_free(ssl); free(conn); pthread_exit(0); return 0; } int parsed = 0; int offset = 0;// printf("Parsing:{\n%s}\n",input);// printf("before parse\n"); //METHOD: GET parsed += telli(request+offset," ")+1; char *method = tellC(request," ",offset,parsed-offset);// printf("%d-%d:[%s]\n",offset,parsed,method); offset = parsed; //URI: /uri.html parsed += telli(request+offset," ")+1; char *full_uri = tellC(request," ",offset,parsed-offset); int markIndex = strcspn(full_uri,"?"); char *uri = malloc(PATH_MAX); memset(uri, '\0', PATH_MAX); if(markIndex < 0){ strcpy(uri, full_uri); }else{ strncpy(uri, full_uri, markIndex); } //(full_uri);// printf("%d-%d:[%s]\n",offset,parsed,uri); offset = parsed; //VERSION: HTTP/1.1 parsed += telli(request+offset,"\r\n")+2; char *version = tellC(request,"\r\n",offset,parsed-offset);// printf("%d-%d:[%s]\n",offset,parsed,version); offset = parsed;// printf("after parse\n");/* char *header = tellC(request,"\r\n",offset,parsed-offset);while(strlen(header) > 0){ parsed += telli(request+offset,"\r\n")+2; // free(header); header = tellC(request,"\r\n",offset,parsed-offset);// printf("%d-%d:[%s]\n",offset,parsed,header); offset = parsed; } free(header);*/ char *home = malloc(strlen(HOME)+PATH_MAX+10); strcpy(home, HOME);// printf("home malloc\n"); bool isFile = false; int j = 0; char conType[256]; // = malloc(256); if(strcmp(uri, "/") == 0){ isFile = true; strcpy(conType, "html"); strcat(uri, "index.html"); }else{ /* for(j = 0; j < folder.size; j++){ //printf("folder.arr[j] %s uri %s\n", folder.arr[j],uri); if(strcmp(folder.arr[j], uri) == 0){ isFile = true; strcpy(conType, folder.type[j]); //printf("Type---- %s\n",folder.type[j]); } }*/ } isFile = true; strcat(home,uri);// printf("home: %s\n",home); //printf("======== 2 =======\n"); //=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/*int error2 = 0;socklen_t len2 = sizeof (error2);int retval2 = getsockopt (conn->sock, SOL_SOCKET, SO_ERROR, &error2, &len2);if (retval2 != 0) { // there was a problem getting the error code fprintf(stderr, "error getting socket error code: %s\n", strerror(retval2)); return 0;}if (error2 != 0) { // socket has a non zero error status fprintf(stderr, "socket error: %s\n", strerror(error2));}*///----------- end of verify active socket ------- if(isFile == true){ //inet_ntoa(conn->address.sin_addr) //fprintf(stdout, "%s %s %s |%s| 200 OK\n" , version, method, uri); /*printf("%d.%d.%d.%d: %s %s |%s| 200 OK\n", (int)((addr ) & 0xff), (int)((addr >> 8) & 0xff), (int)((addr >> 16) & 0xff), (int)((addr >> 24) & 0xff), version, method, uri); */ // printf("isFile=true\n"); FILE* file; file = fopen(home, "rb"); fseek(file, 0, SEEK_END); // seek to end of file size_t size = ftell(file); // get current file pointer fseek(file, 0, SEEK_SET);// printf("isFile=true after opened file: %s\n",home);// char* str = malloc(size+100); if (NULL == file) { logger("ALERT: File cannot be opened: ",true); logger(home,true); char *response = malloc(8192); strcpy(response, "HTTP/1.1 404 Not Found\r\n\r\n"); SSL_write(ssl, response, strlen(response)); free(response); //printf("file can't be opened \n"); }else{ char *response = malloc(8192); //strcpy(response, "HTTP/1.1 200 OK\r\nContent-Type: text/html;\r\n\r\n"); strcpy(response, "HTTP/1.1 200 OK\r\nContent-Type: "); int i = 0; char* conT = malloc(2048); strcpy(conT,home+strcspn(home,".")+1); printf("content Type: %s",conT); //printf("Before for\n"); for(i = 0; mimes[i] != NULL; i++){ //printf("key: %s \tValue: %s\tType: %s\n",mimes[i][0], mimes[i][1], conType ); if(strcmp(mimes[i][0], conT) == 0){ strcat(response, mimes[i][1]); // printf("----------- %s\n", mimes[i][1]); break; } }// printf("After Mimes\n"); //free(conType); //strcat(response, ); strcat(response, ";\r\n\r\n"); //logger( response, false);/* int error2 = 0;socklen_t len2 = sizeof (error2);int retval2 = getsockopt (conn->sock, SOL_SOCKET, SO_ERROR, &error2, &len2);if (retval2 != 0) { // there was a problem getting the error code fprintf(stderr, "error getting socket error code: %s\n", strerror(retval2));return 0;}if (error2 != 0) {// socket has a non zero error status fprintf(stderr, "socket error: %s\n", strerror(error2));}*/ int write = SSL_write(ssl, response, strlen(response)); if(write < 20) printf("write failed\n"); free(response); char *buffer;//fileptr = fopen("myfile.txt", "rb"); // Open the file in binary mode//fseek(ptr, 0, SEEK_END); // Jump to the end of the file//filelen = ftell(fileptr); // Get the current byte offset in the file//rewind(fileptr); // Jump back to the beginning of the file buffer = (char *)malloc(size * sizeof(char)); // Enough memory for the file fread(buffer, size, 1, file); // Read in the entire file fclose(file); // Close the file /*char* str = malloc(size+100); while (fgets(str, size, ptr) != NULL) { SSL_write(ssl, str, strlen(str)); }*/// there was a problem getting the error> int out = SSL_write(ssl, buffer, size); if( out < size) printf("write file out failed\n"); free(buffer); } char strOut[PATH_MAX+100]; snprintf(strOut, PATH_MAX+100,"%d.%d.%d.%d: %s %s |%s| 200 OK", (int)((addr ) & 0xff), (int)((addr >> 8) & 0xff), (int)((addr >> 16) & 0xff), (int)((addr >> 24) & 0xff), version, method, full_uri); //snprintf(strOut,256,"%s %s |%s|",version,method,uri); logger(strOut, true); }else{ //404 not found //fprintf(stdout, "Not Found--------404"); /*printf("%d.%d.%d.%d: %s %s |%s| 404 Not Found\n", (int)((addr ) & 0xff), (int)((addr >> 8) & 0xff), (int)((addr >> 16) & 0xff), (int)((addr >> 24) & 0xff), version, method, uri);*/ char strOut[256]; snprintf(strOut, 256,"%d.%d.%d.%d: %s %s |%s| 404 Not Found", (int)((addr ) & 0xff), (int)((addr >> 8) & 0xff), (int)((addr >> 16) & 0xff), (int)((addr >> 24) & 0xff), version, method, uri); char notfound[] = "HTTP/1.1 404 Not Found\r\n\r\n<!DOCTYPE html><html><body>Hi, I'm a 404 Not Found Error!</body></head>"; SSL_write(ssl, notfound, strlen(notfound)); logger(strOut, true);// free(str); } //#################################################################### //SSL_write(ssl, reply, strlen(reply)); //uri--; //}// if(str != NULL)// free(str); //free(ptr); free(method); free(uri); free(version); //free(line); //free(elm); free(request); }/* SSL_shutdown(ssl); close(conn->sock); SSL_free(ssl);*/ SSL_shutdown(ssl); close(conn->sock); SSL_free(ssl); free(conn); //logger("FATAL: Thread will now drop, reason: unkown",true); pthread_exit(0); return 0;}//====== END OF THREADS================//------ START OF FOLDERS--------------//1010static voidlist_dir (const char * dir_name, char **buf, long indent, char ** types){ DIR * d; /* Open the directory specified by "dir_name". */ d = opendir (dir_name); /* Check it was opened. */ if (! d) { logger("Failed to open directory, will now exit",true); fprintf (stderr, "Cannot open directory '%s': %s\n", dir_name, strerror (errno)); exit (EXIT_FAILURE); } while (1) { struct dirent * entry; const char * d_name; /* "Readdir" gets subsequent entries from "d". */ entry = readdir (d); if (! entry) { /* There are no more entries in this directory, so break out of the while loop. */ break; } d_name = entry->d_name; if(strcmp(d_name, ".") == 0 || strcmp(d_name, "..") == 0 || (entry->d_type != DT_DIR && entry->d_type != DT_REG)) continue; /* Print the name of the file and directory. */ if(entry->d_type == DT_REG){ char *file_uri; file_uri = malloc(8192); strcpy(file_uri,dir_name+strlen(HOME)); buf[indent] = malloc(512); strcpy(buf[indent], file_uri); strcat(buf[indent], "/"); strcat(buf[indent], d_name); //indent++; //type = malloc(1024); char typeMe[256]; strcpy(typeMe, buf[indent]); char *token;// = malloc(512); //strcpy(token, d_name); //printf("token\n"); // get the first token / token = strtok(typeMe, "."); //if() token = strtok(NULL, ".");//1020 types[indent] = malloc(512); //printf("malloc types indent (%s)\n",token); strcpy(types[indent], token); // walk through other tokens / //printf("after copy: %s\n",types[indent]); while( token != NULL ) { //printf( " %s\n", token ); token = strtok(NULL, "."); } //free(token); // printf("after while\n"); char *logREG; logREG = malloc(18300); strcpy(logREG, "Loaded: "); strcat(logREG,buf[indent]); strcat(logREG, " type: "); //printf("before REG Load: %s\n", buf[indent]); strcat(logREG, types[indent]); logger(logREG ,true); free(logREG); // while( token != NULL) token = strtok(NULL, "."); // free(token); free(file_uri); indent++; }#if 0 /* If you don't want to print the directories, use the following line: */ if ( (entry->d_type == DT_REG)) {// printf ("%s/%s\n", dir_name, d_name); }#endif /* 0 */ if (entry->d_type & DT_DIR) { /* Check that the directory is not "d" or d's parent. */ if (strcmp (d_name, "..") != 0 && strcmp (d_name, ".") != 0) { int path_length; char path[PATH_MAX]; path_length = snprintf (path, PATH_MAX,"%s/%s", dir_name, d_name);// printf ("%s\n", path); if (path_length >= PATH_MAX) { fprintf (stderr, "Path length has got too long.\n"); exit (EXIT_FAILURE); } /* Recursively call "list_dir" with the new path. */// indent++; list_dir (path, buf, indent, types); indent++; } } } /* After going through all the entries, close the directory. */ if (closedir (d)) { fprintf (stderr, "Could not close '%s': %s\n", dir_name, strerror (errno)); exit (EXIT_FAILURE); }}//======== END OF FOLDERS===============void * interpreter(){ while(1){ char str1[80]; memset(str1, '\0', 80); int fd1 = open(myfifo,O_RDONLY); read(fd1, str1, 80); // Print the read string and close int index = strcspn(str1,"\n"); char message[80]; memset(message, '\0', 80); strncpy(message,str1,index); printf("CLI: |%s|\n", message); close(fd1); if(strcmp(message,"exit") == 0){ logger("Will now exit due to user command.\n", true); exit (EXIT_FAILURE); } }//while(1); pthread_exit(0); return 0;}//========== MAIN ==============int main(int argc, char ** argv){ int cnf = getConfig(); //MYSQL *conn; //MYSQL_RES *res; //MYSQL_ROW row; char *server = "localhost"; char *user = "webvm"; char *password = "Aa123456"; /* set me first */ char *database = "web"; //conn = mysql_init(NULL); /* Connect to database if (!mysql_real_connect(conn, server, user, password,database, 0, NULL, 0)) { fprintf(stderr, "%s\n", mysql_error(conn)); exit(1); }*/ //printf("num %d\n",PATH_MAX);//int fd1;// FIFO file path//char * myfifo = "/tmp/httpsd";// Creating the named file(FIFO)// mkfifo(<pathname>,<permission>)mkfifo(myfifo, 0666);//char str1[80];//char str2[80]= ">"; logger("_____Server Start_____", true); folder.arr = malloc(65536*1999); folder.type = malloc(65536); list_dir (HOME, folder.arr, 0, folder.type);// printf("Loaded: %ld\n", indent);//folder.arr[0]); int i; for(i = 0; folder.arr[i] != NULL; i++){ //printf("Loaded: %s\n", folder.arr[i]);//folder.arr[0]); } folder.size = i; char *printFileSize; printFileSize = malloc(256); snprintf(printFileSize, 256,"Folder tree size: %ld",folder.size); //printf("Number of files: %ld\n", folder.size); logger(printFileSize, true); printf("Server up\n"); //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++// connection_t * connection;// pthread_t thread; //---------------------------/* ctx = create_context(); configure_context(ctx);*/ //sock = create_socket(8080); sock = create_socket(443);// sock = create_socket(80); /* Handle connections */ pthread_t thread_input; pthread_create(&thread_input, 0, interpreter, NULL); // pthread_detach(thread_input); //pthread_t thread_keepAlive; //pthread_create(&thread_keepAlive, 0, (void *)keepalive, &sock); do { ctx = create_context(); configure_context(ctx);// printf("waiting to accept...\n"); connection_t * connection; pthread_t thread; connection = (connection_t *)malloc(sizeof(connection_t)); connection->sock = accept(sock, &connection->address, &connection->addr_len);// printf("Accept\n"); if (connection->sock <= 0) { free(connection); } else { pthread_create(&thread, 0, process, (void *)connection); pthread_detach(thread); } }while(1); /* while(1) { struct sockaddr_in addr; unsigned int len = sizeof(addr); SSL *ssl;// const char reply[] = "HTTP/1.1 200 OK\r\n\r\n<html><body><style>p{background: red}</style><p>Nothing is true, everything is permitted</p><p>hello friends</p><p> sup my homie?</p><p>veredN1</p><p>Between and Under the words</p><p>BETWEEN</p><p>we are born in one day,</p><p>EVERYTHING can happen in 1 day</p></body></html>"; int client = accept(sock, (struct sockaddr*)&addr, &len); if (client < 0) { perror("Unable to accept"); exit(EXIT_FAILURE); } ssl = SSL_new(ctx); SSL_set_fd(ssl, client); //===========-----accept--------=================-------- if (SSL_accept(ssl) <= 0) { ERR_print_errors_fp(stderr); } else { //==================================================================== FILE* ptr; char *line = malloc(8192); char *elm = malloc(8192); char *request = malloc(8192);//----------------------------------------------- SSL_read(ssl, request, 8192);//------------------------------------------------ char *method = malloc(10); char *uri = malloc(2048); char *home = malloc(2090); strcpy(home, HOME); char *version = malloc(40); line = strtok(request, "\r\n"); elm = strtok(line, " "); strcpy(method, elm); elm = strtok(NULL, " "); strcpy(uri, elm); elm = strtok(NULL, " "); strcpy(version, elm); while( line!= NULL ) { line = strtok(NULL, "\r\n"); } while( elm!= NULL ) { elm = strtok(NULL, " "); }//========= STRING MANIPULATION SECTION ======= bool isFile = false; //switch(uri){ if(strcmp(uri, "/") == 0){ isFile = true; strcat(uri, "index.html"); }else{ for(int j = 0; j < folder.size; j++){ if(strcmp(folder.arr[j], uri) == 0){ isFile = true; } } } strcat(home,uri); if(isFile == true){ fprintf(stdout, "%s %s %s |%s| 200 OK\n", inet_ntoa(addr.sin_addr), version, method, uri); ptr = fopen(home, "r"); fseek(ptr, 0, SEEK_END); // seek to end of file size_t size = ftell(ptr); // get current file pointer fseek(ptr, 0, SEEK_SET); char* str = malloc(size+100); if (NULL == ptr) { printf("file can't be opened \n"); }else{ while (fgets(str, size, ptr) != NULL) { SSL_write(ssl, str, strlen(str)); } } }else{ //404 not found //fprintf(stdout, "Not Found--------404"); fprintf(stdout, "%s %s %s |%s| 404 Not Found\n", inet_ntoa(addr.sin_addr), version, method, uri); char notfound[] = "HTTP/1.1 404 Not Found\r\n\r\n<!DOCTYPE html><html><body>Hi, I'm a 404 Not Found Error!</body></head>"; SSL_write(ssl, notfound, strlen(notfound)); } free(method); free(uri); free(version); free(line); free(elm); } SSL_shutdown(ssl); SSL_free(ssl); close(client); }*/ //+++++++++++++++++++++++++++ /* //--------------- START OF ORIGINAL THREADING------------------------------ int sock = -1; struct sockaddr_in address; int port = 80; connection_t * connection; pthread_t thread; address.sin_family = AF_INET; address.sin_addr.s_addr = INADDR_ANY; address.sin_port = htons(port); if (bind(sock, (struct sockaddr *)&address, sizeof(struct sockaddr_in)) < 0) { fprintf(stderr, "%s: error: cannot bind socket to port %d\n", argv[0], port); return -4; } if (listen(sock, 500) < 0) { fprintf(stderr, "%d: error: cannot listen on port\n", port); return -5; } printf("%d: ready and listening\n", port); while (1) { connection = (connection_t *)malloc(sizeof(connection_t)); connection->sock = accept(sock, &connection->address, &connection->addr_len); if (connection->sock <= 0) { free(connection); } else { pthread_create(&thread, 0, process, (void *)connection); pthread_detach(thread); } } //============== END OF ORIGINAL THREADING ===================== */// mysql_free_result(res); //mysql_close(conn); close(sock); SSL_CTX_free(ctx); return 0;}I used the following to compile the code:
gcc -o server server.c -lssl -lcrypto -pthreadI tried verfying that the issue didn't stem from OpenSSL's version.Set the setting to a minimum required TLS version as 1.3 to force the usage of TLS1.3 cipher suites using the command SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
Used both options to create an SSL Method:
TLS_server_method();SSLv23_server_method();