lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00
Code Activity

Use platform layer in programs for consistency.

Browse Source
This commit is contained in:
Rich Evans
2015-01-19 14:26:37 +00:00
committed by Paul Bakker
parent e94e6e5b9c
commit f90016aade
48 changed files with 1572 additions and 1145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
programs/ssl/ssl_client1.c
View File

@@ -26,6 +26,15 @@
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#define polarssl_fprintf fprintf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#include <string.h>
#include <stdio.h>
@@ -46,7 +55,7 @@ int main( int argc, char *argv[] )
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
@@ -65,7 +74,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
fprintf( (FILE *) ctx, "%s", str );
polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
@@ -93,7 +102,7 @@ int main( int argc, char *argv[] )
memset( &ssl, 0, sizeof( ssl_context ) );
x509_crt_init( &cacert );
printf( "\n . Seeding the random number generator..." );
polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -101,16 +110,16 @@ int main( int argc, char *argv[] )
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 0. Initialize certificates
*/
printf( " . Loading the CA root certificate ..." );
polarssl_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_CERTS_C)
@@ -118,46 +127,46 @@ int main( int argc, char *argv[] )
strlen( test_ca_list ) );
#else
ret = 1;
printf("POLARSSL_CERTS_C not defined.");
polarssl_printf("POLARSSL_CERTS_C not defined.");
#endif
if( ret < 0 )
{
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok (%d skipped)\n", ret );
polarssl_printf( " ok (%d skipped)\n", ret );
/*
* 1. Start the connection
*/
printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
polarssl_printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
SERVER_PORT );
fflush( stdout );
if( ( ret = net_connect( &server_fd, SERVER_NAME,
SERVER_PORT ) ) != 0 )
{
printf( " failed\n ! net_connect returned %d\n\n", ret );
polarssl_printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 2. Setup stuff
*/
printf( " . Setting up the SSL/TLS structure..." );
polarssl_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
@@ -178,51 +187,51 @@ int main( int argc, char *argv[] )
/*
* 4. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );
polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
goto exit;
}
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 5. Verify the server certificate
*/
printf( " . Verifying peer X.509 certificate..." );
polarssl_printf( " . Verifying peer X.509 certificate..." );
/* In real life, we may want to bail out when ret != 0 */
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
{
printf( " failed\n" );
polarssl_printf( " failed\n" );
if( ( ret & BADCERT_EXPIRED ) != 0 )
printf( " ! server certificate has expired\n" );
polarssl_printf( " ! server certificate has expired\n" );
if( ( ret & BADCERT_REVOKED ) != 0 )
printf( " ! server certificate has been revoked\n" );
polarssl_printf( " ! server certificate has been revoked\n" );
if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
polarssl_printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
printf( " ! self-signed or not signed by a trusted CA\n" );
polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
printf( "\n" );
polarssl_printf( "\n" );
}
else
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 3. Write the GET request
*/
printf( " > Write to server:" );
polarssl_printf( " > Write to server:" );
fflush( stdout );
len = sprintf( (char *) buf, GET_REQUEST );
@@ -231,18 +240,18 @@ int main( int argc, char *argv[] )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
printf( " %d bytes written\n\n%s", len, (char *) buf );
polarssl_printf( " %d bytes written\n\n%s", len, (char *) buf );
/*
* 7. Read the HTTP response
*/
printf( " < Read from server:" );
polarssl_printf( " < Read from server:" );
fflush( stdout );
do
@@ -259,18 +268,18 @@ int main( int argc, char *argv[] )
if( ret < 0 )
{
printf( "failed\n ! ssl_read returned %d\n\n", ret );
polarssl_printf( "failed\n ! ssl_read returned %d\n\n", ret );
break;
}
if( ret == 0 )
{
printf( "\n\nEOF\n\n" );
polarssl_printf( "\n\nEOF\n\n" );
break;
}
len = ret;
printf( " %d bytes read\n\n%s", len, (char *) buf );
polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
}
while( 1 );
@@ -283,7 +292,7 @@ exit:
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf("Last error was: %d - %s\n\n", ret, error_buf );
polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
@@ -298,7 +307,7 @@ exit:
memset( &ssl, 0, sizeof( ssl ) );
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif

183
programs/ssl/ssl_client2.c
View File

@@ -26,6 +26,15 @@
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#define polarssl_fprintf fprintf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#if !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
@@ -35,7 +44,7 @@ int main( int argc, char *argv[] )
((void) argc);
((void) argv);
printf("POLARSSL_ENTROPY_C and/or "
polarssl_printf("POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
@@ -145,7 +154,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
fprintf( (FILE *) ctx, "%s", str );
polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
@@ -196,33 +205,33 @@ static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
char buf[1024];
((void) data);
printf( "\nVerify requested for (Depth %d):\n", depth );
polarssl_printf( "\nVerify requested for (Depth %d):\n", depth );
x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
printf( "%s", buf );
polarssl_printf( "%s", buf );
if( ( (*flags) & BADCERT_EXPIRED ) != 0 )
printf( " ! server certificate has expired\n" );
polarssl_printf( " ! server certificate has expired\n" );
if( ( (*flags) & BADCERT_REVOKED ) != 0 )
printf( " ! server certificate has been revoked\n" );
polarssl_printf( " ! server certificate has been revoked\n" );
if( ( (*flags) & BADCERT_CN_MISMATCH ) != 0 )
printf( " ! CN mismatch\n" );
polarssl_printf( " ! CN mismatch\n" );
if( ( (*flags) & BADCERT_NOT_TRUSTED ) != 0 )
printf( " ! self-signed or not signed by a trusted CA\n" );
polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
if( ( (*flags) & BADCRL_NOT_TRUSTED ) != 0 )
printf( " ! CRL not trusted\n" );
polarssl_printf( " ! CRL not trusted\n" );
if( ( (*flags) & BADCRL_EXPIRED ) != 0 )
printf( " ! CRL expired\n" );
polarssl_printf( " ! CRL expired\n" );
if( ( (*flags) & BADCERT_OTHER ) != 0 )
printf( " ! other (unknown) flag\n" );
polarssl_printf( " ! other (unknown) flag\n" );
if ( ( *flags ) == 0 )
printf( " This certificate has no flags\n" );
polarssl_printf( " This certificate has no flags\n" );
return( 0 );
}
@@ -417,19 +426,19 @@ int main( int argc, char *argv[] )
if( ret == 0 )
ret = 1;
printf( USAGE );
polarssl_printf( USAGE );
list = ssl_list_ciphersuites();
while( *list )
{
printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
polarssl_printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
list++;
if( !*list )
break;
printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
polarssl_printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++;
}
printf("\n");
polarssl_printf("\n");
goto exit;
}
@@ -717,14 +726,14 @@ int main( int argc, char *argv[] )
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
{
printf("forced ciphersuite not allowed with this protocol version\n");
polarssl_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
{
printf("forced ciphersuite not allowed with this protocol version\n");
polarssl_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
@@ -745,7 +754,7 @@ int main( int argc, char *argv[] )
if( strlen( opt.psk ) % 2 != 0 )
{
printf("pre-shared key not valid hex\n");
polarssl_printf("pre-shared key not valid hex\n");
goto exit;
}
@@ -762,7 +771,7 @@ int main( int argc, char *argv[] )
c -= 'A' - 10;
else
{
printf("pre-shared key not valid hex\n");
polarssl_printf("pre-shared key not valid hex\n");
goto exit;
}
psk[ j / 2 ] = c << 4;
@@ -776,7 +785,7 @@ int main( int argc, char *argv[] )
c -= 'A' - 10;
else
{
printf("pre-shared key not valid hex\n");
polarssl_printf("pre-shared key not valid hex\n");
goto exit;
}
psk[ j / 2 ] |= c;
@@ -807,7 +816,7 @@ int main( int argc, char *argv[] )
/*
* 0. Initialize the RNG and the session data
*/
printf( "\n . Seeding the random number generator..." );
polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -815,17 +824,17 @@ int main( int argc, char *argv[] )
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
polarssl_printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* 1.1. Load the trusted CA
*/
printf( " . Loading the CA root certificate ..." );
polarssl_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -847,23 +856,23 @@ int main( int argc, char *argv[] )
#else
{
ret = 1;
printf("POLARSSL_CERTS_C not defined.");
polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret < 0 )
{
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok (%d skipped)\n", ret );
polarssl_printf( " ok (%d skipped)\n", ret );
/*
* 1.2. Load own certificate and private key
*
* (can be skipped if client authentication is not required)
*/
printf( " . Loading the client cert. and key..." );
polarssl_printf( " . Loading the client cert. and key..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -880,12 +889,12 @@ int main( int argc, char *argv[] )
#else
{
ret = 1;
printf("POLARSSL_CERTS_C not defined.");
polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
@@ -903,16 +912,16 @@ int main( int argc, char *argv[] )
#else
{
ret = 1;
printf("POLARSSL_CERTS_C not defined.");
polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret != 0 )
{
printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
#endif /* POLARSSL_X509_CRT_PARSE_C */
/*
@@ -921,14 +930,14 @@ int main( int argc, char *argv[] )
if( opt.server_addr == NULL)
opt.server_addr = opt.server_name;
printf( " . Connecting to tcp/%s/%-4d...", opt.server_addr,
polarssl_printf( " . Connecting to tcp/%s/%-4d...", opt.server_addr,
opt.server_port );
fflush( stdout );
if( ( ret = net_connect( &server_fd, opt.server_addr,
opt.server_port ) ) != 0 )
{
printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
goto exit;
}
@@ -938,25 +947,25 @@ int main( int argc, char *argv[] )
ret = net_set_block( server_fd );
if( ret != 0 )
{
printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 3. Setup stuff
*/
printf( " . Setting up the SSL/TLS structure..." );
polarssl_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
#if defined(POLARSSL_X509_CRT_PARSE_C)
if( opt.debug_level > 0 )
@@ -969,7 +978,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
{
printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
goto exit;
}
#endif
@@ -1000,7 +1009,7 @@ int main( int argc, char *argv[] )
if( opt.alpn_string != NULL )
if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
{
printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit;
}
#endif
@@ -1016,7 +1025,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_SSL_SESSION_TICKETS)
if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
{
printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
goto exit;
}
#endif
@@ -1044,7 +1053,7 @@ int main( int argc, char *argv[] )
{
if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
{
printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
}
@@ -1055,7 +1064,7 @@ int main( int argc, char *argv[] )
(const unsigned char *) opt.psk_identity,
strlen( opt.psk_identity ) ) ) != 0 )
{
printf( " failed\n ! ssl_set_psk returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_psk returned %d\n\n", ret );
goto exit;
}
#endif
@@ -1063,7 +1072,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
#endif
@@ -1080,86 +1089,86 @@ int main( int argc, char *argv[] )
/*
* 4. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );
polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_handshake returned -0x%x\n", -ret );
polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n", -ret );
if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED )
printf(
polarssl_printf(
" Unable to verify the server's certificate. "
"Either it is invalid,\n"
" or you didn't set ca_file or ca_path "
"to an appropriate value.\n"
" Alternatively, you may want to use "
"auth_mode=optional for testing purposes.\n" );
printf( "\n" );
polarssl_printf( "\n" );
goto exit;
}
}
printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
polarssl_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
#if defined(POLARSSL_SSL_ALPN)
if( opt.alpn_string != NULL )
{
const char *alp = ssl_get_alpn_protocol( &ssl );
printf( " [ Application Layer Protocol is %s ]\n",
polarssl_printf( " [ Application Layer Protocol is %s ]\n",
alp ? alp : "(none)" );
}
#endif
if( opt.reconnect != 0 )
{
printf(" . Saving session for reuse..." );
polarssl_printf(" . Saving session for reuse..." );
fflush( stdout );
if( ( ret = ssl_get_session( &ssl, &saved_session ) ) != 0 )
{
printf( " failed\n ! ssl_get_session returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! ssl_get_session returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
}
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* 5. Verify the server certificate
*/
printf( " . Verifying peer X.509 certificate..." );
polarssl_printf( " . Verifying peer X.509 certificate..." );
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
{
printf( " failed\n" );
polarssl_printf( " failed\n" );
if( ( ret & BADCERT_EXPIRED ) != 0 )
printf( " ! server certificate has expired\n" );
polarssl_printf( " ! server certificate has expired\n" );
if( ( ret & BADCERT_REVOKED ) != 0 )
printf( " ! server certificate has been revoked\n" );
polarssl_printf( " ! server certificate has been revoked\n" );
if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
printf( " ! CN mismatch (expected CN=%s)\n", opt.server_name );
polarssl_printf( " ! CN mismatch (expected CN=%s)\n", opt.server_name );
if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
printf( " ! self-signed or not signed by a trusted CA\n" );
polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
printf( "\n" );
polarssl_printf( "\n" );
}
else
printf( " ok\n" );
polarssl_printf( " ok\n" );
if( ssl_get_peer_cert( &ssl ) != NULL )
{
printf( " . Peer certificate information ...\n" );
polarssl_printf( " . Peer certificate information ...\n" );
x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl_get_peer_cert( &ssl ) );
printf( "%s\n", buf );
polarssl_printf( "%s\n", buf );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
@@ -1170,18 +1179,18 @@ int main( int argc, char *argv[] )
* Perform renegotiation (this must be done when the server is waiting
* for input from our side).
*/
printf( " . Performing renegotiation..." );
polarssl_printf( " . Performing renegotiation..." );
fflush( stdout );
while( ( ret = ssl_renegotiate( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
goto exit;
}
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
}
#endif /* POLARSSL_SSL_RENEGOTIATION */
@@ -1189,7 +1198,7 @@ int main( int argc, char *argv[] )
* 6. Write the GET request
*/
send_request:
printf( " > Write to server:" );
polarssl_printf( " > Write to server:" );
fflush( stdout );
len = snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
@@ -1224,19 +1233,19 @@ send_request:
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_write returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! ssl_write returned -0x%x\n\n", -ret );
goto exit;
}
}
}
buf[written] = '\0';
printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
polarssl_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
/*
* 7. Read the HTTP response
*/
printf( " < Read from server:" );
polarssl_printf( " < Read from server:" );
fflush( stdout );
do
@@ -1254,25 +1263,25 @@ send_request:
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " connection was closed gracefully\n" );
polarssl_printf( " connection was closed gracefully\n" );
ret = 0;
goto close_notify;
case 0:
case POLARSSL_ERR_NET_CONN_RESET:
printf( " connection was reset by peer\n" );
polarssl_printf( " connection was reset by peer\n" );
ret = 0;
goto reconnect;
default:
printf( " ssl_read returned -0x%x\n", -ret );
polarssl_printf( " ssl_read returned -0x%x\n", -ret );
goto exit;
}
}
len = ret;
buf[len] = '\0';
printf( " %d bytes read\n\n%s", len, (char *) buf );
polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
/* End of message should be detected according to the syntax of the
* application protocol (eg HTTP), just use a dummy test here. */
@@ -1294,14 +1303,14 @@ send_request:
* 8. Done, cleanly close the connection
*/
close_notify:
printf( " . Closing the connection..." );
polarssl_printf( " . Closing the connection..." );
/* No error checking, the connection might be closed already */
do ret = ssl_close_notify( &ssl );
while( ret == POLARSSL_ERR_NET_WANT_WRITE );
ret = 0;
printf( " done\n" );
polarssl_printf( " done\n" );
/*
* 9. Reconnect?
@@ -1318,25 +1327,25 @@ reconnect:
m_sleep( 1000 * opt.reco_delay );
#endif
printf( " . Reconnecting with saved session..." );
polarssl_printf( " . Reconnecting with saved session..." );
fflush( stdout );
if( ( ret = ssl_session_reset( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_session_reset returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! ssl_session_reset returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = ssl_set_session( &ssl, &saved_session ) ) != 0 )
{
printf( " failed\n ! ssl_set_session returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_session returned %d\n\n", ret );
goto exit;
}
if( ( ret = net_connect( &server_fd, opt.server_addr,
opt.server_port ) ) != 0 )
{
printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
goto exit;
}
@@ -1345,12 +1354,12 @@ reconnect:
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
goto exit;
}
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
goto send_request;
}
@@ -1364,7 +1373,7 @@ exit:
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
polarssl_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
}
#endif
@@ -1382,7 +1391,7 @@ exit:
entropy_free( &entropy );
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif

87
programs/ssl/ssl_fork_server.c
View File

@@ -26,6 +26,15 @@
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#define polarssl_fprintf fprintf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#if defined(_WIN32)
#include <windows.h>
#endif
@@ -62,7 +71,7 @@ int main( int argc, char *argv[] )
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C and/or "
@@ -75,7 +84,7 @@ int main( int argc, char *argv[] )
((void) argc);
((void) argv);
printf("_WIN32 defined. This application requires fork() and signals "
polarssl_printf("_WIN32 defined. This application requires fork() and signals "
"to work correctly.\n");
return( 0 );
}
@@ -87,7 +96,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
if( level < DEBUG_LEVEL )
{
fprintf( (FILE *) ctx, "%s", str );
polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
}
@@ -120,23 +129,23 @@ int main( int argc, char *argv[] )
/*
* 0. Initial seeding of the RNG
*/
printf( "\n . Initial seeding of the random generator..." );
polarssl_printf( "\n . Initial seeding of the random generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 1. Load the certificates and private RSA key
*/
printf( " . Loading the server cert. and key..." );
polarssl_printf( " . Loading the server cert. and key..." );
fflush( stdout );
/*
@@ -148,7 +157,7 @@ int main( int argc, char *argv[] )
strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -156,7 +165,7 @@ int main( int argc, char *argv[] )
strlen( test_ca_list ) );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -164,25 +173,25 @@ int main( int argc, char *argv[] )
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
printf( " . Bind on https://localhost:4433/ ..." );
polarssl_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
{
printf( " failed\n ! net_bind returned %d\n\n", ret );
polarssl_printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
while( 1 )
{
@@ -192,16 +201,16 @@ int main( int argc, char *argv[] )
client_fd = -1;
memset( &ssl, 0, sizeof( ssl ) );
printf( " . Waiting for a remote connection ..." );
polarssl_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
printf( " failed\n ! net_accept returned %d\n\n", ret );
polarssl_printf( " failed\n ! net_accept returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 3.5. Forking server thread
@@ -209,16 +218,16 @@ int main( int argc, char *argv[] )
pid = fork();
printf( " . Forking to handle connection ..." );
polarssl_printf( " . Forking to handle connection ..." );
fflush( stdout );
if( pid < 0 )
{
printf(" failed\n ! fork returned %d\n\n", pid );
polarssl_printf(" failed\n ! fork returned %d\n\n", pid );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
if( pid != 0 )
{
@@ -226,7 +235,7 @@ int main( int argc, char *argv[] )
(const unsigned char *) "parent",
6 ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
polarssl_printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
goto exit;
}
@@ -239,24 +248,24 @@ int main( int argc, char *argv[] )
/*
* 4. Setup stuff
*/
printf( " . Setting up the SSL data...." );
polarssl_printf( " . Setting up the SSL data...." );
fflush( stdout );
if( ( ret = ctr_drbg_reseed( &ctr_drbg,
(const unsigned char *) "child",
5 ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
polarssl_printf( " failed\n ! ctr_drbg_reseed returned %d\n", ret );
goto exit;
}
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
@@ -275,31 +284,31 @@ int main( int argc, char *argv[] )
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
{
printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
/*
* 5. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );
polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
goto exit;
}
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 6. Read the HTTP Request
*/
printf( " < Read from client:" );
polarssl_printf( " < Read from client:" );
fflush( stdout );
do
@@ -316,15 +325,15 @@ int main( int argc, char *argv[] )
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " connection was closed gracefully\n" );
polarssl_printf( " connection was closed gracefully\n" );
break;
case POLARSSL_ERR_NET_CONN_RESET:
printf( " connection was reset by peer\n" );
polarssl_printf( " connection was reset by peer\n" );
break;
default:
printf( " ssl_read returned %d\n", ret );
polarssl_printf( " ssl_read returned %d\n", ret );
break;
}
@@ -332,14 +341,14 @@ int main( int argc, char *argv[] )
}
len = ret;
printf( " %d bytes read\n\n%s", len, (char *) buf );
polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
}
while( 0 );
/*
* 7. Write the 200 Response
*/
printf( " > Write to client:" );
polarssl_printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
@@ -351,18 +360,18 @@ int main( int argc, char *argv[] )
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
printf( " failed\n ! peer closed the connection\n\n" );
polarssl_printf( " failed\n ! peer closed the connection\n\n" );
goto exit;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
printf( " %d bytes written\n\n%s\n", len, (char *) buf );
polarssl_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
m_sleep( 1000 );
}
@@ -383,7 +392,7 @@ exit:
entropy_free( &entropy );
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );
polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif

183
programs/ssl/ssl_mail_client.c
View File

@@ -26,6 +26,15 @@
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#define polarssl_fprintf fprintf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
@@ -70,7 +79,7 @@ int main( int argc, char *argv[] )
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
@@ -120,7 +129,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
if( level < opt.debug_level )
{
fprintf( (FILE *) ctx, "%s", str );
polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
}
@@ -134,7 +143,7 @@ static int do_handshake( ssl_context *ssl, struct options *opt )
/*
* 4. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );
polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( ssl ) ) != 0 )
@@ -144,45 +153,45 @@ static int do_handshake( ssl_context *ssl, struct options *opt )
#if defined(POLARSSL_ERROR_C)
polarssl_strerror( ret, (char *) buf, 1024 );
#endif
printf( " failed\n ! ssl_handshake returned %d: %s\n\n", ret, buf );
polarssl_printf( " failed\n ! ssl_handshake returned %d: %s\n\n", ret, buf );
return( -1 );
}
}
printf( " ok\n [ Ciphersuite is %s ]\n",
polarssl_printf( " ok\n [ Ciphersuite is %s ]\n",
ssl_get_ciphersuite( ssl ) );
/*
* 5. Verify the server certificate
*/
printf( " . Verifying peer X.509 certificate..." );
polarssl_printf( " . Verifying peer X.509 certificate..." );
/* In real life, we may want to bail out when ret != 0 */
if( ( ret = ssl_get_verify_result( ssl ) ) != 0 )
{
printf( " failed\n" );
polarssl_printf( " failed\n" );
if( ( ret & BADCERT_EXPIRED ) != 0 )
printf( " ! server certificate has expired\n" );
polarssl_printf( " ! server certificate has expired\n" );
if( ( ret & BADCERT_REVOKED ) != 0 )
printf( " ! server certificate has been revoked\n" );
polarssl_printf( " ! server certificate has been revoked\n" );
if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
printf( " ! CN mismatch (expected CN=%s)\n", opt->server_name );
polarssl_printf( " ! CN mismatch (expected CN=%s)\n", opt->server_name );
if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
printf( " ! self-signed or not signed by a trusted CA\n" );
polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
printf( "\n" );
polarssl_printf( "\n" );
}
else
printf( " ok\n" );
polarssl_printf( " ok\n" );
printf( " . Peer certificate information ...\n" );
polarssl_printf( " . Peer certificate information ...\n" );
x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl_get_peer_cert( ssl ) );
printf( "%s\n", buf );
polarssl_printf( "%s\n", buf );
return( 0 );
}
@@ -191,12 +200,12 @@ static int write_ssl_data( ssl_context *ssl, unsigned char *buf, size_t len )
{
int ret;
printf("\n%s", buf);
polarssl_printf("\n%s", buf);
while( len && ( ret = ssl_write( ssl, buf, len ) ) <= 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
return -1;
}
}
@@ -211,12 +220,12 @@ static int write_ssl_and_get_response( ssl_context *ssl, unsigned char *buf, siz
char code[4];
size_t i, idx = 0;
printf("\n%s", buf);
polarssl_printf("\n%s", buf);
while( len && ( ret = ssl_write( ssl, buf, len ) ) <= 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
return -1;
}
}
@@ -235,11 +244,11 @@ static int write_ssl_and_get_response( ssl_context *ssl, unsigned char *buf, siz
if( ret <= 0 )
{
printf( "failed\n ! ssl_read returned %d\n\n", ret );
polarssl_printf( "failed\n ! ssl_read returned %d\n\n", ret );
return -1;
}
printf("\n%s", data);
polarssl_printf("\n%s", data);
len = ret;
for( i = 0; i < len; i++ )
{
@@ -269,10 +278,10 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len )
char code[4];
size_t i, idx = 0;
printf("\n%s", buf);
polarssl_printf("\n%s", buf);
if( len && ( ret = write( sock_fd, buf, len ) ) <= 0 )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
return -1;
}
@@ -284,12 +293,12 @@ static int write_and_get_response( int sock_fd, unsigned char *buf, size_t len )
if( ret <= 0 )
{
printf( "failed\n ! read returned %d\n\n", ret );
polarssl_printf( "failed\n ! read returned %d\n\n", ret );
return -1;
}
data[len] = '\0';
printf("\n%s", data);
polarssl_printf("\n%s", data);
len = ret;
for( i = 0; i < len; i++ )
{
@@ -380,15 +389,15 @@ int main( int argc, char *argv[] )
if( argc == 0 )
{
usage:
printf( USAGE );
polarssl_printf( USAGE );
list = ssl_list_ciphersuites();
while( *list )
{
printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
polarssl_printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++;
}
printf("\n");
polarssl_printf("\n");
goto exit;
}
@@ -471,7 +480,7 @@ int main( int argc, char *argv[] )
/*
* 0. Initialize the RNG and the session data
*/
printf( "\n . Seeding the random number generator..." );
polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -479,16 +488,16 @@ int main( int argc, char *argv[] )
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 1.1. Load the trusted CA
*/
printf( " . Loading the CA root certificate ..." );
polarssl_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -502,23 +511,23 @@ int main( int argc, char *argv[] )
#else
{
ret = 1;
printf("POLARSSL_CERTS_C not defined.");
polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret < 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
printf( " ok (%d skipped)\n", ret );
polarssl_printf( " ok (%d skipped)\n", ret );
/*
* 1.2. Load own certificate and private key
*
* (can be skipped if client authentication is not required)
*/
printf( " . Loading the client cert. and key..." );
polarssl_printf( " . Loading the client cert. and key..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -532,12 +541,12 @@ int main( int argc, char *argv[] )
#else
{
ret = -1;
printf("POLARSSL_CERTS_C not defined.");
polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -552,46 +561,46 @@ int main( int argc, char *argv[] )
#else
{
ret = -1;
printf("POLARSSL_CERTS_C not defined.");
polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret != 0 )
{
printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 2. Start the connection
*/
printf( " . Connecting to tcp/%s/%-4d...", opt.server_name,
polarssl_printf( " . Connecting to tcp/%s/%-4d...", opt.server_name,
opt.server_port );
fflush( stdout );
if( ( ret = net_connect( &server_fd, opt.server_name,
opt.server_port ) ) != 0 )
{
printf( " failed\n ! net_connect returned %d\n\n", ret );
polarssl_printf( " failed\n ! net_connect returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 3. Setup stuff
*/
printf( " . Setting up the SSL/TLS structure..." );
polarssl_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
/* OPTIONAL is not optimal for security,
@@ -614,14 +623,14 @@ int main( int argc, char *argv[] )
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
{
printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
#endif
@@ -631,19 +640,19 @@ int main( int argc, char *argv[] )
if( do_handshake( &ssl, &opt ) != 0 )
goto exit;
printf( " > Get header from server:" );
polarssl_printf( " > Get header from server:" );
fflush( stdout );
ret = write_ssl_and_get_response( &ssl, buf, 0 );
if( ret < 200 || ret > 299 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
printf( " > Write EHLO to server:" );
polarssl_printf( " > Write EHLO to server:" );
fflush( stdout );
gethostname( hostname, 32 );
@@ -651,25 +660,25 @@ int main( int argc, char *argv[] )
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
}
else
{
printf( " > Get header from server:" );
polarssl_printf( " > Get header from server:" );
fflush( stdout );
ret = write_and_get_response( server_fd, buf, 0 );
if( ret < 200 || ret > 299 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
printf( " > Write EHLO to server:" );
polarssl_printf( " > Write EHLO to server:" );
fflush( stdout );
gethostname( hostname, 32 );
@@ -677,13 +686,13 @@ int main( int argc, char *argv[] )
ret = write_and_get_response( server_fd, buf, len );
if( ret < 200 || ret > 299 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
printf( " > Write STARTTLS to server:" );
polarssl_printf( " > Write STARTTLS to server:" );
fflush( stdout );
gethostname( hostname, 32 );
@@ -691,11 +700,11 @@ int main( int argc, char *argv[] )
ret = write_and_get_response( server_fd, buf, len );
if( ret < 200 || ret > 299 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
if( do_handshake( &ssl, &opt ) != 0 )
goto exit;
@@ -704,20 +713,20 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_BASE64_C)
if( opt.authentication )
{
printf( " > Write AUTH LOGIN to server:" );
polarssl_printf( " > Write AUTH LOGIN to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "AUTH LOGIN\r\n" );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 399 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
printf( " > Write username to server: %s", opt.user_name );
polarssl_printf( " > Write username to server: %s", opt.user_name );
fflush( stdout );
n = sizeof( buf );
@@ -725,81 +734,81 @@ int main( int argc, char *argv[] )
strlen( opt.user_name ) );
if( ret != 0 ) {
printf( " failed\n ! base64_encode returned %d\n\n", ret );
polarssl_printf( " failed\n ! base64_encode returned %d\n\n", ret );
goto exit;
}
len = sprintf( (char *) buf, "%s\r\n", base );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 300 || ret > 399 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
printf( " > Write password to server: %s", opt.user_pwd );
polarssl_printf( " > Write password to server: %s", opt.user_pwd );
fflush( stdout );
ret = base64_encode( base, &n, (const unsigned char *) opt.user_pwd,
strlen( opt.user_pwd ) );
if( ret != 0 ) {
printf( " failed\n ! base64_encode returned %d\n\n", ret );
polarssl_printf( " failed\n ! base64_encode returned %d\n\n", ret );
goto exit;
}
len = sprintf( (char *) buf, "%s\r\n", base );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 399 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
}
#endif
printf( " > Write MAIL FROM to server:" );
polarssl_printf( " > Write MAIL FROM to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
printf( " > Write RCPT TO to server:" );
polarssl_printf( " > Write RCPT TO to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
printf( " > Write DATA to server:" );
polarssl_printf( " > Write DATA to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "DATA\r\n" );
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 300 || ret > 399 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
printf( " > Write content to server:" );
polarssl_printf( " > Write content to server:" );
fflush( stdout );
len = sprintf( (char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
@@ -813,11 +822,11 @@ int main( int argc, char *argv[] )
ret = write_ssl_and_get_response( &ssl, buf, len );
if( ret < 200 || ret > 299 )
{
printf( " failed\n ! server responded with %d\n\n", ret );
polarssl_printf( " failed\n ! server responded with %d\n\n", ret );
goto exit;
}
printf(" ok\n" );
polarssl_printf(" ok\n" );
ssl_close_notify( &ssl );
@@ -833,7 +842,7 @@ exit:
entropy_free( &entropy );
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif

95
programs/ssl/ssl_pthread_server.c
View File

@@ -27,6 +27,15 @@
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#define polarssl_fprintf fprintf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#if defined(_WIN32)
#include <windows.h>
#endif
@@ -62,7 +71,7 @@ int main( int argc, char *argv[] )
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C and/or "
@@ -86,7 +95,7 @@ static void my_mutexed_debug( void *ctx, int level, const char *str )
polarssl_mutex_lock( &debug_mutex );
if( level < DEBUG_LEVEL )
{
fprintf( (FILE *) ctx, "%s", str );
polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
polarssl_mutex_unlock( &debug_mutex );
@@ -131,8 +140,8 @@ static void *handle_ssl_connection( void *data )
memset( &ctr_drbg, 0, sizeof( ctr_drbg_context ) );
snprintf( pers, sizeof(pers), "SSL Pthread Thread %d", thread_id );
printf( " [ #%d ] Client FD %d\n", thread_id, client_fd );
printf( " [ #%d ] Seeding the random number generator...\n", thread_id );
polarssl_printf( " [ #%d ] Client FD %d\n", thread_id, client_fd );
polarssl_printf( " [ #%d ] Seeding the random number generator...\n", thread_id );
/* entropy_func() is thread-safe if POLARSSL_THREADING_C is set
*/
@@ -140,21 +149,21 @@ static void *handle_ssl_connection( void *data )
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " [ #%d ] failed: ctr_drbg_init returned -0x%04x\n",
polarssl_printf( " [ #%d ] failed: ctr_drbg_init returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
printf( " [ #%d ] ok\n", thread_id );
polarssl_printf( " [ #%d ] ok\n", thread_id );
/*
* 4. Setup stuff
*/
printf( " [ #%d ] Setting up the SSL data....\n", thread_id );
polarssl_printf( " [ #%d ] Setting up the SSL data....\n", thread_id );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " [ #%d ] failed: ssl_init returned -0x%04x\n",
polarssl_printf( " [ #%d ] failed: ssl_init returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
@@ -181,38 +190,38 @@ static void *handle_ssl_connection( void *data )
ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ) ) != 0 )
{
printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto thread_exit;
}
printf( " [ #%d ] ok\n", thread_id );
polarssl_printf( " [ #%d ] ok\n", thread_id );
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
printf( " [ #%d ] ok\n", thread_id );
polarssl_printf( " [ #%d ] ok\n", thread_id );
/*
* 5. Handshake
*/
printf( " [ #%d ] Performing the SSL/TLS handshake\n", thread_id );
polarssl_printf( " [ #%d ] Performing the SSL/TLS handshake\n", thread_id );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " [ #%d ] failed: ssl_handshake returned -0x%04x\n",
polarssl_printf( " [ #%d ] failed: ssl_handshake returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
}
printf( " [ #%d ] ok\n", thread_id );
polarssl_printf( " [ #%d ] ok\n", thread_id );
/*
* 6. Read the HTTP Request
*/
printf( " [ #%d ] < Read from client\n", thread_id );
polarssl_printf( " [ #%d ] < Read from client\n", thread_id );
do
{
@@ -228,24 +237,24 @@ static void *handle_ssl_connection( void *data )
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " [ #%d ] connection was closed gracefully\n",
polarssl_printf( " [ #%d ] connection was closed gracefully\n",
thread_id );
goto thread_exit;
case POLARSSL_ERR_NET_CONN_RESET:
printf( " [ #%d ] connection was reset by peer\n",
polarssl_printf( " [ #%d ] connection was reset by peer\n",
thread_id );
goto thread_exit;
default:
printf( " [ #%d ] ssl_read returned -0x%04x\n",
polarssl_printf( " [ #%d ] ssl_read returned -0x%04x\n",
thread_id, -ret );
goto thread_exit;
}
}
len = ret;
printf( " [ #%d ] %d bytes read\n=====\n%s\n=====\n",
polarssl_printf( " [ #%d ] %d bytes read\n=====\n%s\n=====\n",
thread_id, len, (char *) buf );
if( ret > 0 )
@@ -256,7 +265,7 @@ static void *handle_ssl_connection( void *data )
/*
* 7. Write the 200 Response
*/
printf( " [ #%d ] > Write to client:\n", thread_id );
polarssl_printf( " [ #%d ] > Write to client:\n", thread_id );
len = sprintf( (char *) buf, HTTP_RESPONSE,
ssl_get_ciphersuite( &ssl ) );
@@ -265,37 +274,37 @@ static void *handle_ssl_connection( void *data )
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
printf( " [ #%d ] failed: peer closed the connection\n",
polarssl_printf( " [ #%d ] failed: peer closed the connection\n",
thread_id );
goto thread_exit;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " [ #%d ] failed: ssl_write returned -0x%04x\n",
polarssl_printf( " [ #%d ] failed: ssl_write returned -0x%04x\n",
thread_id, ret );
goto thread_exit;
}
}
len = ret;
printf( " [ #%d ] %d bytes written\n=====\n%s\n=====\n",
polarssl_printf( " [ #%d ] %d bytes written\n=====\n%s\n=====\n",
thread_id, len, (char *) buf );
printf( " [ #%d ] . Closing the connection...", thread_id );
polarssl_printf( " [ #%d ] . Closing the connection...", thread_id );
while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " [ #%d ] failed: ssl_close_notify returned -0x%04x\n",
polarssl_printf( " [ #%d ] failed: ssl_close_notify returned -0x%04x\n",
thread_id, ret );
goto thread_exit;
}
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
ret = 0;
@@ -306,7 +315,7 @@ thread_exit:
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf(" [ #%d ] Last error was: -0x%04x - %s\n\n",
polarssl_printf(" [ #%d ] Last error was: -0x%04x - %s\n\n",
thread_id, -ret, error_buf );
}
#endif
@@ -334,7 +343,7 @@ static int thread_create( int client_fd )
if( threads[i].data.thread_complete == 1 )
{
printf( " [ main ] Cleaning up thread %d\n", i );
polarssl_printf( " [ main ] Cleaning up thread %d\n", i );
pthread_join(threads[i].thread, NULL );
memset( &threads[i], 0, sizeof(pthread_info_t) );
break;
@@ -400,7 +409,7 @@ int main( int argc, char *argv[] )
/*
* 1. Load the certificates and private RSA key
*/
printf( "\n . Loading the server cert. and key..." );
polarssl_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
x509_crt_init( &srvcert );
@@ -414,7 +423,7 @@ int main( int argc, char *argv[] )
strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -422,7 +431,7 @@ int main( int argc, char *argv[] )
strlen( test_ca_list ) );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -431,7 +440,7 @@ int main( int argc, char *argv[] )
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
goto exit;
}
@@ -439,21 +448,21 @@ int main( int argc, char *argv[] )
base_info.server_cert = &srvcert;
base_info.server_key = &pkey;
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
printf( " . Bind on https://localhost:4433/ ..." );
polarssl_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
{
printf( " failed\n ! net_bind returned %d\n\n", ret );
polarssl_printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
reset:
#ifdef POLARSSL_ERROR_C
@@ -461,7 +470,7 @@ reset:
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf );
polarssl_printf( " [ main ] Last error was: -0x%04x - %s\n", -ret, error_buf );
}
#endif
@@ -470,20 +479,20 @@ reset:
*/
client_fd = -1;
printf( " [ main ] Waiting for a remote connection\n" );
polarssl_printf( " [ main ] Waiting for a remote connection\n" );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
printf( " [ main ] failed: net_accept returned -0x%04x\n", ret );
polarssl_printf( " [ main ] failed: net_accept returned -0x%04x\n", ret );
goto exit;
}
printf( " [ main ] ok\n" );
printf( " [ main ] Creating a new thread\n" );
polarssl_printf( " [ main ] ok\n" );
polarssl_printf( " [ main ] Creating a new thread\n" );
if( ( ret = thread_create( client_fd ) ) != 0 )
{
printf( " [ main ] failed: thread_create returned %d\n", ret );
polarssl_printf( " [ main ] failed: thread_create returned %d\n", ret );
net_close( client_fd );
goto reset;
}
@@ -506,7 +515,7 @@ exit:
#endif
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );
polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif

85
programs/ssl/ssl_server.c
View File

@@ -26,6 +26,15 @@
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#define polarssl_fprintf fprintf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#if defined(_WIN32)
#include <windows.h>
#endif
@@ -57,7 +66,7 @@ int main( int argc, char *argv[] )
((void) argc);
((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
polarssl_printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
"and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
@@ -77,7 +86,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
fprintf( (FILE *) ctx, "%s", str );
polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
@@ -116,7 +125,7 @@ int main( int argc, char *argv[] )
/*
* 1. Load the certificates and private RSA key
*/
printf( "\n . Loading the server cert. and key..." );
polarssl_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
/*
@@ -128,7 +137,7 @@ int main( int argc, char *argv[] )
strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -136,7 +145,7 @@ int main( int argc, char *argv[] )
strlen( test_ca_list ) );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );
goto exit;
}
@@ -144,51 +153,51 @@ int main( int argc, char *argv[] )
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
polarssl_printf( " failed\n ! pk_parse_key returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 2. Setup the listening TCP socket
*/
printf( " . Bind on https://localhost:4433/ ..." );
polarssl_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
{
printf( " failed\n ! net_bind returned %d\n\n", ret );
polarssl_printf( " failed\n ! net_bind returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 3. Seed the RNG
*/
printf( " . Seeding the random number generator..." );
polarssl_printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 4. Setup stuff
*/
printf( " . Setting up the SSL data...." );
polarssl_printf( " . Setting up the SSL data...." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_init returned %d\n\n", ret );
goto exit;
}
@@ -211,11 +220,11 @@ int main( int argc, char *argv[] )
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
{
printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
reset:
#ifdef POLARSSL_ERROR_C
@@ -223,7 +232,7 @@ reset:
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf("Last error was: %d - %s\n\n", ret, error_buf );
polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
@@ -237,41 +246,41 @@ reset:
*/
client_fd = -1;
printf( " . Waiting for a remote connection ..." );
polarssl_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
{
printf( " failed\n ! net_accept returned %d\n\n", ret );
polarssl_printf( " failed\n ! net_accept returned %d\n\n", ret );
goto exit;
}
ssl_set_bio( &ssl, net_recv, &client_fd,
net_send, &client_fd );
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 5. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );
polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
goto reset;
}
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 6. Read the HTTP Request
*/
printf( " < Read from client:" );
polarssl_printf( " < Read from client:" );
fflush( stdout );
do
@@ -288,15 +297,15 @@ reset:
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " connection was closed gracefully\n" );
polarssl_printf( " connection was closed gracefully\n" );
break;
case POLARSSL_ERR_NET_CONN_RESET:
printf( " connection was reset by peer\n" );
polarssl_printf( " connection was reset by peer\n" );
break;
default:
printf( " ssl_read returned -0x%x\n", -ret );
polarssl_printf( " ssl_read returned -0x%x\n", -ret );
break;
}
@@ -304,7 +313,7 @@ reset:
}
len = ret;
printf( " %d bytes read\n\n%s", len, (char *) buf );
polarssl_printf( " %d bytes read\n\n%s", len, (char *) buf );
if( ret > 0 )
break;
@@ -314,7 +323,7 @@ reset:
/*
* 7. Write the 200 Response
*/
printf( " > Write to client:" );
polarssl_printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
@@ -324,33 +333,33 @@ reset:
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
printf( " failed\n ! peer closed the connection\n\n" );
polarssl_printf( " failed\n ! peer closed the connection\n\n" );
goto reset;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto exit;
}
}
len = ret;
printf( " %d bytes written\n\n%s\n", len, (char *) buf );
polarssl_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
printf( " . Closing the connection..." );
polarssl_printf( " . Closing the connection..." );
while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
goto reset;
}
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
ret = 0;
goto reset;
@@ -362,7 +371,7 @@ exit:
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf("Last error was: %d - %s\n\n", ret, error_buf );
polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
@@ -379,7 +388,7 @@ exit:
entropy_free( &entropy );
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );
polarssl_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif

196
programs/ssl/ssl_server2.c
View File

@@ -26,6 +26,15 @@
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#define polarssl_fprintf fprintf
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#if !defined(POLARSSL_ENTROPY_C) || \
!defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
!defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
@@ -35,7 +44,7 @@ int main( int argc, char *argv[] )
((void) argc);
((void) argv);
printf("POLARSSL_ENTROPY_C and/or "
polarssl_printf("POLARSSL_ENTROPY_C and/or "
"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
"POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
return( 0 );
@@ -46,13 +55,6 @@ int main( int argc, char *argv[] )
#define POLARSSL_SNI
#endif
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#if defined(_WIN32)
#include <windows.h>
#endif
@@ -189,7 +191,7 @@ static void my_debug( void *ctx, int level, const char *str )
{
((void) level);
fprintf( (FILE *) ctx, "%s", str );
polarssl_fprintf( (FILE *) ctx, "%s", str );
fflush( (FILE *) ctx );
}
@@ -710,19 +712,19 @@ int main( int argc, char *argv[] )
if( ret == 0 )
ret = 1;
printf( USAGE );
polarssl_printf( USAGE );
list = ssl_list_ciphersuites();
while( *list )
{
printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
polarssl_printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
list++;
if( !*list )
break;
printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
polarssl_printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
list++;
}
printf("\n");
polarssl_printf("\n");
goto exit;
}
@@ -1019,14 +1021,14 @@ int main( int argc, char *argv[] )
if( opt.max_version != -1 &&
ciphersuite_info->min_minor_ver > opt.max_version )
{
printf("forced ciphersuite not allowed with this protocol version\n");
polarssl_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
if( opt.min_version != -1 &&
ciphersuite_info->max_minor_ver < opt.min_version )
{
printf("forced ciphersuite not allowed with this protocol version\n");
polarssl_printf("forced ciphersuite not allowed with this protocol version\n");
ret = 2;
goto usage;
}
@@ -1056,7 +1058,7 @@ int main( int argc, char *argv[] )
if( i != 4 )
{
printf( "too few values for version_suites\n" );
polarssl_printf( "too few values for version_suites\n" );
ret = 1;
goto exit;
}
@@ -1070,7 +1072,7 @@ int main( int argc, char *argv[] )
if( version_suites[i][0] == 0 )
{
printf( "unknown ciphersuite: '%s'\n", name[i] );
polarssl_printf( "unknown ciphersuite: '%s'\n", name[i] );
ret = 2;
goto usage;
}
@@ -1083,7 +1085,7 @@ int main( int argc, char *argv[] )
*/
if( unhexify( psk, opt.psk, &psk_len ) != 0 )
{
printf( "pre-shared key not valid hex\n" );
polarssl_printf( "pre-shared key not valid hex\n" );
goto exit;
}
@@ -1091,7 +1093,7 @@ int main( int argc, char *argv[] )
{
if( ( psk_info = psk_parse( opt.psk_list ) ) == NULL )
{
printf( "psk_list invalid" );
polarssl_printf( "psk_list invalid" );
goto exit;
}
}
@@ -1120,7 +1122,7 @@ int main( int argc, char *argv[] )
/*
* 0. Initialize the RNG and the session data
*/
printf( "\n . Seeding the random number generator..." );
polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
@@ -1128,17 +1130,17 @@ int main( int argc, char *argv[] )
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
polarssl_printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
#if defined(POLARSSL_X509_CRT_PARSE_C)
/*
* 1.1. Load the trusted CA
*/
printf( " . Loading the CA root certificate ..." );
polarssl_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -1160,21 +1162,21 @@ int main( int argc, char *argv[] )
#else
{
ret = 1;
printf("POLARSSL_CERTS_C not defined.");
polarssl_printf("POLARSSL_CERTS_C not defined.");
}
#endif
if( ret < 0 )
{
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok (%d skipped)\n", ret );
polarssl_printf( " ok (%d skipped)\n", ret );
/*
* 1.2. Load own certificate and private key
*/
printf( " . Loading the server cert. and key..." );
polarssl_printf( " . Loading the server cert. and key..." );
fflush( stdout );
#if defined(POLARSSL_FS_IO)
@@ -1183,7 +1185,7 @@ int main( int argc, char *argv[] )
key_cert_init++;
if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
polarssl_printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
-ret );
goto exit;
}
@@ -1193,13 +1195,13 @@ int main( int argc, char *argv[] )
key_cert_init++;
if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
{
printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
goto exit;
}
}
if( key_cert_init == 1 )
{
printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
polarssl_printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
goto exit;
}
@@ -1208,7 +1210,7 @@ int main( int argc, char *argv[] )
key_cert_init2++;
if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
polarssl_printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
-ret );
goto exit;
}
@@ -1218,14 +1220,14 @@ int main( int argc, char *argv[] )
key_cert_init2++;
if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
{
printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
polarssl_printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
-ret );
goto exit;
}
}
if( key_cert_init2 == 1 )
{
printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
polarssl_printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
goto exit;
}
#endif
@@ -1237,7 +1239,7 @@ int main( int argc, char *argv[] )
strcmp( opt.key_file2, "none" ) != 0 )
{
#if !defined(POLARSSL_CERTS_C)
printf( "Not certificated or key provided, and \n"
polarssl_printf( "Not certificated or key provided, and \n"
"POLARSSL_CERTS_C not defined!\n" );
goto exit;
#else
@@ -1246,14 +1248,14 @@ int main( int argc, char *argv[] )
(const unsigned char *) test_srv_crt_rsa,
strlen( test_srv_crt_rsa ) ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = pk_parse_key( &pkey,
(const unsigned char *) test_srv_key_rsa,
strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 )
{
printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
goto exit;
}
key_cert_init = 2;
@@ -1263,14 +1265,14 @@ int main( int argc, char *argv[] )
(const unsigned char *) test_srv_crt_ec,
strlen( test_srv_crt_ec ) ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
goto exit;
}
if( ( ret = pk_parse_key( &pkey2,
(const unsigned char *) test_srv_key_ec,
strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 )
{
printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
goto exit;
}
key_cert_init2 = 2;
@@ -1278,66 +1280,66 @@ int main( int argc, char *argv[] )
#endif /* POLARSSL_CERTS_C */
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
#endif /* POLARSSL_X509_CRT_PARSE_C */
#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO)
if( opt.dhm_file != NULL )
{
printf( " . Loading DHM parameters..." );
polarssl_printf( " . Loading DHM parameters..." );
fflush( stdout );
if( ( ret = dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 )
{
printf( " failed\n ! dhm_parse_dhmfile returned -0x%04X\n\n",
polarssl_printf( " failed\n ! dhm_parse_dhmfile returned -0x%04X\n\n",
-ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
}
#endif
#if defined(POLARSSL_SNI)
if( opt.sni != NULL )
{
printf( " . Setting up SNI information..." );
polarssl_printf( " . Setting up SNI information..." );
fflush( stdout );
if( ( sni_info = sni_parse( opt.sni ) ) == NULL )
{
printf( " failed\n" );
polarssl_printf( " failed\n" );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
}
#endif /* POLARSSL_SNI */
/*
* 2. Setup the listening TCP socket
*/
printf( " . Bind on tcp://localhost:%-4d/ ...", opt.server_port );
polarssl_printf( " . Bind on tcp://localhost:%-4d/ ...", opt.server_port );
fflush( stdout );
if( ( ret = net_bind( &listen_fd, opt.server_addr,
opt.server_port ) ) != 0 )
{
printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
goto exit;
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 3. Setup stuff
*/
printf( " . Setting up the SSL/TLS structure..." );
polarssl_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
if( ( ret = ssl_init( &ssl ) ) != 0 )
{
printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
goto exit;
}
@@ -1347,7 +1349,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
{
printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
goto exit;
};
#endif
@@ -1371,7 +1373,7 @@ int main( int argc, char *argv[] )
if( opt.alpn_string != NULL )
if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
{
printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit;
}
#endif
@@ -1393,7 +1395,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_SSL_SESSION_TICKETS)
if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
{
printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
goto exit;
}
@@ -1446,13 +1448,13 @@ int main( int argc, char *argv[] )
if( key_cert_init )
if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
{
printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
if( key_cert_init2 )
if( ( ret = ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ) ) != 0 )
{
printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
goto exit;
}
#endif
@@ -1470,7 +1472,7 @@ int main( int argc, char *argv[] )
strlen( opt.psk_identity ) );
if( ret != 0 )
{
printf( " failed\n ssl_set_psk returned -0x%04X\n\n", - ret );
polarssl_printf( " failed\n ssl_set_psk returned -0x%04X\n\n", - ret );
goto exit;
}
}
@@ -1493,7 +1495,7 @@ int main( int argc, char *argv[] )
if( ret != 0 )
{
printf( " failed\n ssl_set_dh_param returned -0x%04X\n\n", - ret );
polarssl_printf( " failed\n ssl_set_dh_param returned -0x%04X\n\n", - ret );
goto exit;
}
#endif
@@ -1504,7 +1506,7 @@ int main( int argc, char *argv[] )
if( opt.max_version != -1 )
ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
printf( " ok\n" );
polarssl_printf( " ok\n" );
reset:
#if !defined(_WIN32)
@@ -1521,7 +1523,7 @@ reset:
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf("Last error was: %d - %s\n\n", ret, error_buf );
polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
}
#endif
@@ -1535,7 +1537,7 @@ reset:
*/
client_fd = -1;
printf( " . Waiting for a remote connection ..." );
polarssl_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
@@ -1543,13 +1545,13 @@ reset:
#if !defined(_WIN32)
if( received_sigterm )
{
printf( " interrupted by signal\n" );
polarssl_printf( " interrupted by signal\n" );
ret = 0;
goto exit;
}
#endif
printf( " failed\n ! net_accept returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! net_accept returned -0x%x\n\n", -ret );
goto exit;
}
@@ -1559,7 +1561,7 @@ reset:
ret = net_set_block( client_fd );
if( ret != 0 )
{
printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
goto exit;
}
@@ -1568,31 +1570,31 @@ reset:
else
ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd );
printf( " ok\n" );
polarssl_printf( " ok\n" );
/*
* 4. Handshake
*/
printf( " . Performing the SSL/TLS handshake..." );
polarssl_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
while( ( ret = ssl_handshake( &ssl ) ) != 0 )
{
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
goto reset;
}
}
printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
polarssl_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
#if defined(POLARSSL_SSL_ALPN)
if( opt.alpn_string != NULL )
{
const char *alp = ssl_get_alpn_protocol( &ssl );
printf( " [ Application Layer Protocol is %s ]\n",
polarssl_printf( " [ Application Layer Protocol is %s ]\n",
alp ? alp : "(none)" );
}
#endif
@@ -1601,35 +1603,35 @@ reset:
/*
* 5. Verify the server certificate
*/
printf( " . Verifying peer X.509 certificate..." );
polarssl_printf( " . Verifying peer X.509 certificate..." );
if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
{
printf( " failed\n" );
polarssl_printf( " failed\n" );
if( !ssl_get_peer_cert( &ssl ) )
printf( " ! no client certificate sent\n" );
polarssl_printf( " ! no client certificate sent\n" );
if( ( ret & BADCERT_EXPIRED ) != 0 )
printf( " ! client certificate has expired\n" );
polarssl_printf( " ! client certificate has expired\n" );
if( ( ret & BADCERT_REVOKED ) != 0 )
printf( " ! client certificate has been revoked\n" );
polarssl_printf( " ! client certificate has been revoked\n" );
if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
printf( " ! self-signed or not signed by a trusted CA\n" );
polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
printf( "\n" );
polarssl_printf( "\n" );
}
else
printf( " ok\n" );
polarssl_printf( " ok\n" );
if( ssl_get_peer_cert( &ssl ) )
{
printf( " . Peer certificate information ...\n" );
polarssl_printf( " . Peer certificate information ...\n" );
x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl_get_peer_cert( &ssl ) );
printf( "%s\n", buf );
polarssl_printf( "%s\n", buf );
}
#endif /* POLARSSL_X509_CRT_PARSE_C */
@@ -1638,7 +1640,7 @@ data_exchange:
/*
* 6. Read the HTTP Request
*/
printf( " < Read from client:" );
polarssl_printf( " < Read from client:" );
fflush( stdout );
do
@@ -1657,17 +1659,17 @@ data_exchange:
switch( ret )
{
case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " connection was closed gracefully\n" );
polarssl_printf( " connection was closed gracefully\n" );
goto close_notify;
case 0:
case POLARSSL_ERR_NET_CONN_RESET:
printf( " connection was reset by peer\n" );
polarssl_printf( " connection was reset by peer\n" );
ret = POLARSSL_ERR_NET_CONN_RESET;
goto reset;
default:
printf( " ssl_read returned -0x%x\n", -ret );
polarssl_printf( " ssl_read returned -0x%x\n", -ret );
goto reset;
}
}
@@ -1676,7 +1678,7 @@ data_exchange:
{
len = ret;
buf[len] = '\0';
printf( " %d bytes read\n\n%s\n", len, (char *) buf );
polarssl_printf( " %d bytes read\n\n%s\n", len, (char *) buf );
/* End of message should be detected according to the syntax of the
* application protocol (eg HTTP), just use a dummy test here. */
@@ -1694,7 +1696,7 @@ data_exchange:
larger_buf = polarssl_malloc( ori_len + extra_len + 1 );
if( larger_buf == NULL )
{
printf( " ! memory allocation failed\n" );
polarssl_printf( " ! memory allocation failed\n" );
ret = 1;
goto reset;
}
@@ -1707,13 +1709,13 @@ data_exchange:
if( ret != extra_len ||
ssl_get_bytes_avail( &ssl ) != 0 )
{
printf( " ! ssl_read failed on cached data\n" );
polarssl_printf( " ! ssl_read failed on cached data\n" );
ret = 1;
goto reset;
}
larger_buf[ori_len + extra_len] = '\0';
printf( " %u bytes read (%u + %u)\n\n%s\n",
polarssl_printf( " %u bytes read (%u + %u)\n\n%s\n",
ori_len + extra_len, ori_len, extra_len,
(char *) larger_buf );
@@ -1740,7 +1742,7 @@ data_exchange:
#if defined(POLARSSL_SSL_RENEGOTIATION)
if( opt.renegotiate && exchanges_left > 1 )
{
printf( " . Requestion renegotiation..." );
polarssl_printf( " . Requestion renegotiation..." );
fflush( stdout );
while( ( ret = ssl_renegotiate( &ssl ) ) != 0 )
@@ -1748,19 +1750,19 @@ data_exchange:
if( ret != POLARSSL_ERR_NET_WANT_READ &&
ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
goto reset;
}
}
printf( " ok\n" );
polarssl_printf( " ok\n" );
}
#endif /* POLARSSL_SSL_RENEGOTIATION */
/*
* 7. Write the 200 Response
*/
printf( " > Write to client:" );
polarssl_printf( " > Write to client:" );
fflush( stdout );
len = sprintf( (char *) buf, HTTP_RESPONSE,
@@ -1772,13 +1774,13 @@ data_exchange:
{
if( ret == POLARSSL_ERR_NET_CONN_RESET )
{
printf( " failed\n ! peer closed the connection\n\n" );
polarssl_printf( " failed\n ! peer closed the connection\n\n" );
goto reset;
}
if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
{
printf( " failed\n ! ssl_write returned %d\n\n", ret );
polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
goto reset;
}
}
@@ -1786,6 +1788,7 @@ data_exchange:
buf[written] = '\0';
printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
polarssl_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
ret = 0;
/*
@@ -1798,14 +1801,15 @@ data_exchange:
* 8. Done, cleanly close the connection
*/
close_notify:
printf( " . Closing the connection..." );
polarssl_printf( " . Closing the connection..." );
/* No error checking, the connection might be closed already */
do ret = ssl_close_notify( &ssl );
while( ret == POLARSSL_ERR_NET_WANT_WRITE );
ret = 0;
printf( " done\n" );
polarssl_printf( " done\n" );
goto reset;
/*
@@ -1817,7 +1821,7 @@ exit:
{
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
polarssl_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
}
#endif
@@ -1865,7 +1869,7 @@ exit:
printf( " done.\n" );
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif