blob: 6023cde104d28115a8455b80891c15789010377b [file] [log] [blame]
Paul Bakker4fc45522010-03-18 20:11:58 +00001/*
2 * Certificate reading application
3 *
Paul Bakker68884e32013-01-07 18:20:04 +01004 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +00005 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +00008 *
Paul Bakker4fc45522010-03-18 20:11:58 +00009 * All rights reserved.
10 *
Paul Bakker4fc45522010-03-18 20:11:58 +000011 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020026#if !defined(POLARSSL_CONFIG_FILE)
Manuel Pégourié-Gonnardabd6e022013-09-20 13:30:43 +020027#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020028#else
29#include POLARSSL_CONFIG_FILE
30#endif
Paul Bakker4fc45522010-03-18 20:11:58 +000031
32#include <string.h>
33#include <stdlib.h>
34#include <stdio.h>
35
Paul Bakker508ad5a2011-12-04 17:09:26 +000036#include "polarssl/entropy.h"
37#include "polarssl/ctr_drbg.h"
Paul Bakker4fc45522010-03-18 20:11:58 +000038#include "polarssl/net.h"
39#include "polarssl/ssl.h"
40#include "polarssl/x509.h"
41
Paul Bakker80d44fe2013-09-09 15:59:20 +020042#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ENTROPY_C) || \
43 !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
44 !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) || \
Paul Bakker7c6b2c32013-09-16 13:49:26 +020045 !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_FS_IO) || \
Paul Bakker80d44fe2013-09-09 15:59:20 +020046 !defined(POLARSSL_CTR_DRBG_C)
47int main( int argc, char *argv[] )
48{
49 ((void) argc);
50 ((void) argv);
51
52 printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
53 "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
54 "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
Paul Bakker7c6b2c32013-09-16 13:49:26 +020055 "POLARSSL_X509_CRT_PARSE_C and/or POLARSSL_FS_IO and/or "
Paul Bakker80d44fe2013-09-09 15:59:20 +020056 "POLARSSL_CTR_DRBG_C not defined.\n");
57 return( 0 );
58}
59#else
60
Paul Bakker4fc45522010-03-18 20:11:58 +000061#define MODE_NONE 0
62#define MODE_FILE 1
63#define MODE_SSL 2
64
65#define DFL_MODE MODE_NONE
66#define DFL_FILENAME "cert.crt"
Paul Bakker777a5752013-05-21 16:20:04 +020067#define DFL_CA_FILE ""
Paul Bakker1fd32532014-05-28 11:36:16 +020068#define DFL_CRL_FILE ""
Paul Bakker777a5752013-05-21 16:20:04 +020069#define DFL_CA_PATH ""
Paul Bakker4fc45522010-03-18 20:11:58 +000070#define DFL_SERVER_NAME "localhost"
71#define DFL_SERVER_PORT 4433
72#define DFL_DEBUG_LEVEL 0
Paul Bakker6c0ceb32011-12-04 12:24:18 +000073#define DFL_PERMISSIVE 0
Paul Bakker4fc45522010-03-18 20:11:58 +000074
75/*
76 * global options
77 */
78struct options
79{
80 int mode; /* the mode to run the application in */
Paul Bakkeref3f8c72013-06-24 13:01:08 +020081 const char *filename; /* filename of the certificate file */
82 const char *ca_file; /* the file with the CA certificate(s) */
Paul Bakker1fd32532014-05-28 11:36:16 +020083 const char *crl_file; /* the file with the CRL to use */
Paul Bakkeref3f8c72013-06-24 13:01:08 +020084 const char *ca_path; /* the path with the CA certificate(s) reside */
85 const char *server_name; /* hostname of the server (client only) */
Paul Bakker4fc45522010-03-18 20:11:58 +000086 int server_port; /* port on which the ssl service runs */
87 int debug_level; /* level of debugging */
Paul Bakker6c0ceb32011-12-04 12:24:18 +000088 int permissive; /* permissive parsing */
Paul Bakker4fc45522010-03-18 20:11:58 +000089} opt;
90
Paul Bakker3c5ef712013-06-25 16:37:45 +020091static void my_debug( void *ctx, int level, const char *str )
Paul Bakker4fc45522010-03-18 20:11:58 +000092{
93 if( level < opt.debug_level )
94 {
95 fprintf( (FILE *) ctx, "%s", str );
96 fflush( (FILE *) ctx );
97 }
98}
99
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200100static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
Paul Bakker777a5752013-05-21 16:20:04 +0200101{
102 char buf[1024];
103 ((void) data);
104
105 printf( "\nVerify requested for (Depth %d):\n", depth );
Paul Bakkerddf26b42013-09-18 13:46:23 +0200106 x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
Paul Bakker777a5752013-05-21 16:20:04 +0200107 printf( "%s", buf );
108
109 if( ( (*flags) & BADCERT_EXPIRED ) != 0 )
110 printf( " ! server certificate has expired\n" );
111
112 if( ( (*flags) & BADCERT_REVOKED ) != 0 )
113 printf( " ! server certificate has been revoked\n" );
114
115 if( ( (*flags) & BADCERT_CN_MISMATCH ) != 0 )
116 printf( " ! CN mismatch\n" );
117
118 if( ( (*flags) & BADCERT_NOT_TRUSTED ) != 0 )
119 printf( " ! self-signed or not signed by a trusted CA\n" );
120
121 if( ( (*flags) & BADCRL_NOT_TRUSTED ) != 0 )
122 printf( " ! CRL not trusted\n" );
123
124 if( ( (*flags) & BADCRL_EXPIRED ) != 0 )
125 printf( " ! CRL expired\n" );
126
127 if( ( (*flags) & BADCERT_OTHER ) != 0 )
128 printf( " ! other (unknown) flag\n" );
129
130 if ( ( *flags ) == 0 )
131 printf( " This certificate has no flags\n" );
132
133 return( 0 );
134}
135
136#define USAGE_IO \
137 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
138 " default: \"\" (none)\n" \
Paul Bakker1fd32532014-05-28 11:36:16 +0200139 " crl_file=%%s The single CRL file you want to use\n" \
140 " default: \"\" (none)\n" \
Paul Bakker777a5752013-05-21 16:20:04 +0200141 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
142 " default: \"\" (none) (overrides ca_file)\n"
143
Paul Bakker4fc45522010-03-18 20:11:58 +0000144#define USAGE \
145 "\n usage: cert_app param=<>...\n" \
146 "\n acceptable parameters:\n" \
Paul Bakker777a5752013-05-21 16:20:04 +0200147 " mode=file|ssl default: none\n" \
Paul Bakker4fc45522010-03-18 20:11:58 +0000148 " filename=%%s default: cert.crt\n" \
Paul Bakker777a5752013-05-21 16:20:04 +0200149 USAGE_IO \
Paul Bakker4fc45522010-03-18 20:11:58 +0000150 " server_name=%%s default: localhost\n" \
151 " server_port=%%d default: 4433\n" \
152 " debug_level=%%d default: 0 (disabled)\n" \
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000153 " permissive=%%d default: 0 (disabled)\n" \
Paul Bakker4fc45522010-03-18 20:11:58 +0000154 "\n"
155
156int main( int argc, char *argv[] )
157{
158 int ret = 0, server_fd;
159 unsigned char buf[1024];
Paul Bakker508ad5a2011-12-04 17:09:26 +0000160 entropy_context entropy;
161 ctr_drbg_context ctr_drbg;
Paul Bakker4fc45522010-03-18 20:11:58 +0000162 ssl_context ssl;
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200163 x509_crt cacert;
164 x509_crt clicert;
Paul Bakker1fd32532014-05-28 11:36:16 +0200165 x509_crl cacrl;
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200166 pk_context pkey;
Paul Bakker36713e82013-09-17 13:25:29 +0200167 int i, j;
Paul Bakker777a5752013-05-21 16:20:04 +0200168 int flags, verify = 0;
Paul Bakker4fc45522010-03-18 20:11:58 +0000169 char *p, *q;
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200170 const char *pers = "cert_app";
Paul Bakker4fc45522010-03-18 20:11:58 +0000171
Paul Bakker1a207ec2011-02-06 13:22:40 +0000172 /*
173 * Set to sane values
174 */
175 server_fd = 0;
Paul Bakker369d2eb2013-09-18 11:58:25 +0200176 x509_crt_init( &cacert );
177 x509_crt_init( &clicert );
Paul Bakker8880cb52014-06-12 23:22:26 +0200178#if defined(POLARSSL_X509_CRL_PARSE_C)
Paul Bakker1fd32532014-05-28 11:36:16 +0200179 x509_crl_init( &cacrl );
Paul Bakker8880cb52014-06-12 23:22:26 +0200180#else
181 /* Zeroize structure as CRL parsing is not supported and we have to pass
182 it to the verify function */
183 memset( &cacrl, 0, sizeof(x509_crl) );
184#endif
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200185 pk_init( &pkey );
Paul Bakker1a207ec2011-02-06 13:22:40 +0000186
Paul Bakker4fc45522010-03-18 20:11:58 +0000187 if( argc == 0 )
188 {
189 usage:
190 printf( USAGE );
191 goto exit;
192 }
193
194 opt.mode = DFL_MODE;
195 opt.filename = DFL_FILENAME;
Paul Bakker777a5752013-05-21 16:20:04 +0200196 opt.ca_file = DFL_CA_FILE;
Paul Bakker1fd32532014-05-28 11:36:16 +0200197 opt.crl_file = DFL_CRL_FILE;
Paul Bakker777a5752013-05-21 16:20:04 +0200198 opt.ca_path = DFL_CA_PATH;
Paul Bakker4fc45522010-03-18 20:11:58 +0000199 opt.server_name = DFL_SERVER_NAME;
200 opt.server_port = DFL_SERVER_PORT;
201 opt.debug_level = DFL_DEBUG_LEVEL;
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000202 opt.permissive = DFL_PERMISSIVE;
Paul Bakker4fc45522010-03-18 20:11:58 +0000203
204 for( i = 1; i < argc; i++ )
205 {
Paul Bakker4fc45522010-03-18 20:11:58 +0000206 p = argv[i];
207 if( ( q = strchr( p, '=' ) ) == NULL )
208 goto usage;
209 *q++ = '\0';
210
Paul Bakkerace02862013-09-16 21:40:34 +0200211 for( j = 0; p + j < q; j++ )
212 {
213 if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
214 argv[i][j] |= 0x20;
215 }
216
Paul Bakker4fc45522010-03-18 20:11:58 +0000217 if( strcmp( p, "mode" ) == 0 )
218 {
219 if( strcmp( q, "file" ) == 0 )
220 opt.mode = MODE_FILE;
221 else if( strcmp( q, "ssl" ) == 0 )
222 opt.mode = MODE_SSL;
223 else
224 goto usage;
225 }
226 else if( strcmp( p, "filename" ) == 0 )
227 opt.filename = q;
Paul Bakker777a5752013-05-21 16:20:04 +0200228 else if( strcmp( p, "ca_file" ) == 0 )
229 opt.ca_file = q;
Paul Bakker1fd32532014-05-28 11:36:16 +0200230 else if( strcmp( p, "crl_file" ) == 0 )
231 opt.crl_file = q;
Paul Bakker777a5752013-05-21 16:20:04 +0200232 else if( strcmp( p, "ca_path" ) == 0 )
233 opt.ca_path = q;
Paul Bakker4fc45522010-03-18 20:11:58 +0000234 else if( strcmp( p, "server_name" ) == 0 )
235 opt.server_name = q;
236 else if( strcmp( p, "server_port" ) == 0 )
237 {
238 opt.server_port = atoi( q );
239 if( opt.server_port < 1 || opt.server_port > 65535 )
240 goto usage;
241 }
242 else if( strcmp( p, "debug_level" ) == 0 )
243 {
244 opt.debug_level = atoi( q );
245 if( opt.debug_level < 0 || opt.debug_level > 65535 )
246 goto usage;
247 }
Paul Bakker6c0ceb32011-12-04 12:24:18 +0000248 else if( strcmp( p, "permissive" ) == 0 )
249 {
250 opt.permissive = atoi( q );
251 if( opt.permissive < 0 || opt.permissive > 1 )
252 goto usage;
253 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000254 else
255 goto usage;
256 }
257
Paul Bakker777a5752013-05-21 16:20:04 +0200258 /*
259 * 1.1. Load the trusted CA
260 */
261 printf( " . Loading the CA root certificate ..." );
262 fflush( stdout );
263
264 if( strlen( opt.ca_path ) )
265 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200266 ret = x509_crt_parse_path( &cacert, opt.ca_path );
Paul Bakker777a5752013-05-21 16:20:04 +0200267 verify = 1;
268 }
269 else if( strlen( opt.ca_file ) )
270 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200271 ret = x509_crt_parse_file( &cacert, opt.ca_file );
Paul Bakker777a5752013-05-21 16:20:04 +0200272 verify = 1;
273 }
274
275 if( ret < 0 )
276 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200277 printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
Paul Bakker777a5752013-05-21 16:20:04 +0200278 goto exit;
279 }
280
281 printf( " ok (%d skipped)\n", ret );
282
Paul Bakker8880cb52014-06-12 23:22:26 +0200283#if defined(POLARSSL_X509_CRL_PARSE_C)
Paul Bakker1fd32532014-05-28 11:36:16 +0200284 if( strlen( opt.crl_file ) )
285 {
Paul Bakker8880cb52014-06-12 23:22:26 +0200286 if( ( ret = x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 )
287 {
288 printf( " failed\n ! x509_crl_parse returned -0x%x\n\n", -ret );
289 goto exit;
290 }
291
Paul Bakker1fd32532014-05-28 11:36:16 +0200292 verify = 1;
293 }
Paul Bakker8880cb52014-06-12 23:22:26 +0200294#endif
Paul Bakker1fd32532014-05-28 11:36:16 +0200295
Paul Bakker4fc45522010-03-18 20:11:58 +0000296 if( opt.mode == MODE_FILE )
297 {
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200298 x509_crt crt;
299 x509_crt *cur = &crt;
Paul Bakker369d2eb2013-09-18 11:58:25 +0200300 x509_crt_init( &crt );
Paul Bakker4fc45522010-03-18 20:11:58 +0000301
302 /*
Paul Bakker14cb63a2011-11-25 12:44:31 +0000303 * 1.1. Load the certificate(s)
Paul Bakker4fc45522010-03-18 20:11:58 +0000304 */
Paul Bakker14cb63a2011-11-25 12:44:31 +0000305 printf( "\n . Loading the certificate(s) ..." );
Paul Bakker4fc45522010-03-18 20:11:58 +0000306 fflush( stdout );
307
Paul Bakkerddf26b42013-09-18 13:46:23 +0200308 ret = x509_crt_parse_file( &crt, opt.filename );
Paul Bakker4fc45522010-03-18 20:11:58 +0000309
Paul Bakker69e095c2011-12-10 21:55:01 +0000310 if( ret < 0 )
Paul Bakker4fc45522010-03-18 20:11:58 +0000311 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200312 printf( " failed\n ! x509_crt_parse_file returned %d\n\n", ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200313 x509_crt_free( &crt );
Paul Bakker4fc45522010-03-18 20:11:58 +0000314 goto exit;
315 }
316
Paul Bakker69e095c2011-12-10 21:55:01 +0000317 if( opt.permissive == 0 && ret > 0 )
318 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200319 printf( " failed\n ! x509_crt_parse failed to parse %d certificates\n\n", ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200320 x509_crt_free( &crt );
Paul Bakker69e095c2011-12-10 21:55:01 +0000321 goto exit;
322 }
323
Paul Bakker4fc45522010-03-18 20:11:58 +0000324 printf( " ok\n" );
325
326 /*
Paul Bakker14cb63a2011-11-25 12:44:31 +0000327 * 1.2 Print the certificate(s)
Paul Bakker4fc45522010-03-18 20:11:58 +0000328 */
Paul Bakker14cb63a2011-11-25 12:44:31 +0000329 while( cur != NULL )
Paul Bakker4fc45522010-03-18 20:11:58 +0000330 {
Paul Bakker14cb63a2011-11-25 12:44:31 +0000331 printf( " . Peer certificate information ...\n" );
Paul Bakkerddf26b42013-09-18 13:46:23 +0200332 ret = x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
333 cur );
Paul Bakker14cb63a2011-11-25 12:44:31 +0000334 if( ret == -1 )
335 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200336 printf( " failed\n ! x509_crt_info returned %d\n\n", ret );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200337 x509_crt_free( &crt );
Paul Bakker14cb63a2011-11-25 12:44:31 +0000338 goto exit;
339 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000340
Paul Bakker14cb63a2011-11-25 12:44:31 +0000341 printf( "%s\n", buf );
342
343 cur = cur->next;
344 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000345
Paul Bakker777a5752013-05-21 16:20:04 +0200346 /*
347 * 1.3 Verify the certificate
348 */
349 if( verify )
350 {
351 printf( " . Verifying X.509 certificate..." );
352
Paul Bakker1fd32532014-05-28 11:36:16 +0200353 if( ( ret = x509_crt_verify( &crt, &cacert, &cacrl, NULL, &flags,
Paul Bakkerddf26b42013-09-18 13:46:23 +0200354 my_verify, NULL ) ) != 0 )
Paul Bakker777a5752013-05-21 16:20:04 +0200355 {
356 printf( " failed\n" );
357
358 if( ( ret & BADCERT_EXPIRED ) != 0 )
359 printf( " ! server certificate has expired\n" );
360
361 if( ( ret & BADCERT_REVOKED ) != 0 )
362 printf( " ! server certificate has been revoked\n" );
363
364 if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
365 printf( " ! CN mismatch (expected CN=%s)\n", opt.server_name );
366
367 if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
368 printf( " ! self-signed or not signed by a trusted CA\n" );
369
370 printf( "\n" );
371 }
372 else
373 printf( " ok\n" );
374 }
375
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200376 x509_crt_free( &crt );
Paul Bakker4fc45522010-03-18 20:11:58 +0000377 }
378 else if( opt.mode == MODE_SSL )
379 {
380 /*
381 * 1. Initialize the RNG and the session data
382 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000383 printf( "\n . Seeding the random number generator..." );
384 fflush( stdout );
385
386 entropy_init( &entropy );
387 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200388 (const unsigned char *) pers,
389 strlen( pers ) ) ) != 0 )
Paul Bakker508ad5a2011-12-04 17:09:26 +0000390 {
391 printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
392 goto exit;
393 }
Paul Bakker4fc45522010-03-18 20:11:58 +0000394
Paul Bakker777a5752013-05-21 16:20:04 +0200395 printf( " ok\n" );
396
Paul Bakker4fc45522010-03-18 20:11:58 +0000397 /*
398 * 2. Start the connection
399 */
400 printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
401 opt.server_port );
402 fflush( stdout );
403
404 if( ( ret = net_connect( &server_fd, opt.server_name,
405 opt.server_port ) ) != 0 )
406 {
407 printf( " failed\n ! net_connect returned %d\n\n", ret );
408 goto exit;
409 }
410
411 /*
412 * 3. Setup stuff
413 */
414 if( ( ret = ssl_init( &ssl ) ) != 0 )
415 {
416 printf( " failed\n ! ssl_init returned %d\n\n", ret );
417 goto exit;
418 }
419
420 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
Paul Bakker777a5752013-05-21 16:20:04 +0200421 if( verify )
422 {
423 ssl_set_authmode( &ssl, SSL_VERIFY_REQUIRED );
424 ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
425 ssl_set_verify( &ssl, my_verify, NULL );
426 }
427 else
428 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
Paul Bakker4fc45522010-03-18 20:11:58 +0000429
Paul Bakker508ad5a2011-12-04 17:09:26 +0000430 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker4fc45522010-03-18 20:11:58 +0000431 ssl_set_dbg( &ssl, my_debug, stdout );
432 ssl_set_bio( &ssl, net_recv, &server_fd,
433 net_send, &server_fd );
434
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200435 ssl_set_own_cert( &ssl, &clicert, &pkey );
Paul Bakker4fc45522010-03-18 20:11:58 +0000436
Manuel Pégourié-Gonnarda7496f02013-09-20 11:29:59 +0200437#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
Paul Bakker4fc45522010-03-18 20:11:58 +0000438 ssl_set_hostname( &ssl, opt.server_name );
Manuel Pégourié-Gonnarda7496f02013-09-20 11:29:59 +0200439#endif
Paul Bakker4fc45522010-03-18 20:11:58 +0000440
441 /*
442 * 4. Handshake
443 */
444 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
445 {
Paul Bakker831a7552011-05-18 13:32:51 +0000446 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker4fc45522010-03-18 20:11:58 +0000447 {
448 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
Paul Bakker9a736322012-11-14 12:39:52 +0000449 ssl_free( &ssl );
Paul Bakker4fc45522010-03-18 20:11:58 +0000450 goto exit;
451 }
452 }
453
454 printf( " ok\n" );
455
456 /*
457 * 5. Print the certificate
458 */
459 printf( " . Peer certificate information ...\n" );
Paul Bakkerddf26b42013-09-18 13:46:23 +0200460 ret = x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
461 ssl.session->peer_cert );
Paul Bakker4fc45522010-03-18 20:11:58 +0000462 if( ret == -1 )
463 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200464 printf( " failed\n ! x509_crt_info returned %d\n\n", ret );
Paul Bakker9a736322012-11-14 12:39:52 +0000465 ssl_free( &ssl );
Paul Bakker4fc45522010-03-18 20:11:58 +0000466 goto exit;
467 }
468
469 printf( "%s\n", buf );
470
471 ssl_close_notify( &ssl );
Paul Bakker9a736322012-11-14 12:39:52 +0000472 ssl_free( &ssl );
Paul Bakker4fc45522010-03-18 20:11:58 +0000473 }
474 else
475 goto usage;
476
477exit:
478
Paul Bakker1a207ec2011-02-06 13:22:40 +0000479 if( server_fd )
480 net_close( server_fd );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200481 x509_crt_free( &cacert );
482 x509_crt_free( &clicert );
Paul Bakker8880cb52014-06-12 23:22:26 +0200483#if defined(POLARSSL_X509_CRL_PARSE_C)
Paul Bakker1fd32532014-05-28 11:36:16 +0200484 x509_crl_free( &cacrl );
Paul Bakker8880cb52014-06-12 23:22:26 +0200485#endif
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200486 pk_free( &pkey );
Paul Bakker1ffefac2013-09-28 15:23:03 +0200487 entropy_free( &entropy );
Paul Bakker4fc45522010-03-18 20:11:58 +0000488
Paul Bakkercce9d772011-11-18 14:26:47 +0000489#if defined(_WIN32)
Paul Bakker4fc45522010-03-18 20:11:58 +0000490 printf( " + Press Enter to exit this program.\n" );
491 fflush( stdout ); getchar();
492#endif
493
494 return( ret );
495}
Paul Bakker508ad5a2011-12-04 17:09:26 +0000496#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
Paul Bakker5690efc2011-05-26 13:16:06 +0000497 POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
Paul Bakker36713e82013-09-17 13:25:29 +0200498 POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */