Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1 | /* |
| 2 | * SSL client with certificate authentication |
| 3 | * |
Paul Bakker | 3c5ef71 | 2013-06-25 16:37:45 +0200 | [diff] [blame] | 4 | * Copyright (C) 2006-2013, Brainspark B.V. |
Paul Bakker | b96f154 | 2010-07-18 20:36:00 +0000 | [diff] [blame] | 5 | * |
| 6 | * This file is part of PolarSSL (http://www.polarssl.org) |
Paul Bakker | 84f12b7 | 2010-07-18 10:13:04 +0000 | [diff] [blame] | 7 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> |
Paul Bakker | b96f154 | 2010-07-18 20:36:00 +0000 | [diff] [blame] | 8 | * |
Paul Bakker | 77b385e | 2009-07-28 17:23:11 +0000 | [diff] [blame] | 9 | * All rights reserved. |
Paul Bakker | e0ccd0a | 2009-01-04 16:27:10 +0000 | [diff] [blame] | 10 | * |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 11 | * This program is free software; you can redistribute it and/or modify |
| 12 | * it under the terms of the GNU General Public License as published by |
| 13 | * the Free Software Foundation; either version 2 of the License, or |
| 14 | * (at your option) any later version. |
| 15 | * |
| 16 | * This program is distributed in the hope that it will be useful, |
| 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 19 | * GNU General Public License for more details. |
| 20 | * |
| 21 | * You should have received a copy of the GNU General Public License along |
| 22 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 24 | */ |
| 25 | |
Manuel Pégourié-Gonnard | abd6e02 | 2013-09-20 13:30:43 +0200 | [diff] [blame] | 26 | #include "polarssl/config.h" |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 27 | |
| 28 | #include <string.h> |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 29 | #include <stdlib.h> |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 30 | #include <stdio.h> |
| 31 | |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 32 | #include "polarssl/net.h" |
| 33 | #include "polarssl/ssl.h" |
Paul Bakker | 508ad5a | 2011-12-04 17:09:26 +0000 | [diff] [blame] | 34 | #include "polarssl/entropy.h" |
| 35 | #include "polarssl/ctr_drbg.h" |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 36 | #include "polarssl/certs.h" |
| 37 | #include "polarssl/x509.h" |
Paul Bakker | a3d195c | 2011-11-27 21:07:34 +0000 | [diff] [blame] | 38 | #include "polarssl/error.h" |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 39 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 40 | #define DFL_SERVER_NAME "localhost" |
| 41 | #define DFL_SERVER_PORT 4433 |
| 42 | #define DFL_REQUEST_PAGE "/" |
| 43 | #define DFL_DEBUG_LEVEL 0 |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 44 | #define DFL_CA_FILE "" |
Paul Bakker | 8d91458 | 2012-06-04 12:46:42 +0000 | [diff] [blame] | 45 | #define DFL_CA_PATH "" |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 46 | #define DFL_CRT_FILE "" |
| 47 | #define DFL_KEY_FILE "" |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 48 | #define DFL_PSK "" |
| 49 | #define DFL_PSK_IDENTITY "Client_identity" |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 50 | #define DFL_FORCE_CIPHER 0 |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 51 | #define DFL_RENEGOTIATION SSL_RENEGOTIATION_ENABLED |
Paul Bakker | d0f6fa7 | 2012-09-17 09:18:12 +0000 | [diff] [blame] | 52 | #define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 53 | #define DFL_MIN_VERSION -1 |
| 54 | #define DFL_MAX_VERSION -1 |
Paul Bakker | 91ebfb5 | 2012-11-23 14:04:08 +0100 | [diff] [blame] | 55 | #define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL |
Manuel Pégourié-Gonnard | 0df6b1f | 2013-07-16 13:39:57 +0200 | [diff] [blame] | 56 | #define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 57 | #define DFL_TRUNC_HMAC 0 |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 58 | #define DFL_RECONNECT 0 |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 59 | #define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED |
Paul Bakker | 0e6975b | 2009-02-10 22:19:10 +0000 | [diff] [blame] | 60 | |
Manuel Pégourié-Gonnard | e048b67 | 2013-07-19 12:47:00 +0200 | [diff] [blame] | 61 | #define LONG_HEADER "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-" \ |
Manuel Pégourié-Gonnard | 0c017a5 | 2013-07-18 14:07:36 +0200 | [diff] [blame] | 62 | "-01--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \ |
| 63 | "-02--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \ |
| 64 | "-03--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \ |
| 65 | "-04--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \ |
| 66 | "-05--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \ |
| 67 | "-06--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \ |
| 68 | "-07--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-END\r\n" |
Manuel Pégourié-Gonnard | 787b658 | 2013-07-16 15:43:17 +0200 | [diff] [blame] | 69 | |
Manuel Pégourié-Gonnard | e048b67 | 2013-07-19 12:47:00 +0200 | [diff] [blame] | 70 | /* Uncomment LONG_HEADER in the definition of GET_REQUEST to test sending |
| 71 | * longer paquets (for fragmentation purposes) */ |
| 72 | #define GET_REQUEST "GET %s HTTP/1.0\r\n" /* LONG_HEADER */ "\r\n" |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 73 | |
Manuel Pégourié-Gonnard | 9c1e189 | 2013-10-30 16:41:21 +0100 | [diff] [blame] | 74 | /* Uncomment to test client-initiated renegotiation */ |
Manuel Pégourié-Gonnard | 53b3e06 | 2013-10-29 18:16:38 +0100 | [diff] [blame] | 75 | // #define TEST_RENEGO |
| 76 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 77 | /* |
| 78 | * global options |
| 79 | */ |
| 80 | struct options |
| 81 | { |
Paul Bakker | ef3f8c7 | 2013-06-24 13:01:08 +0200 | [diff] [blame] | 82 | const char *server_name; /* hostname of the server (client only) */ |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 83 | int server_port; /* port on which the ssl service runs */ |
| 84 | int debug_level; /* level of debugging */ |
Paul Bakker | ef3f8c7 | 2013-06-24 13:01:08 +0200 | [diff] [blame] | 85 | const char *request_page; /* page on server to request */ |
| 86 | const char *ca_file; /* the file with the CA certificate(s) */ |
| 87 | const char *ca_path; /* the path with the CA certificate(s) reside */ |
| 88 | const char *crt_file; /* the file with the client certificate */ |
| 89 | const char *key_file; /* the file with the client key */ |
| 90 | const char *psk; /* the pre-shared key */ |
| 91 | const char *psk_identity; /* the pre-shared key identity */ |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 92 | int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 93 | int renegotiation; /* enable / disable renegotiation */ |
| 94 | int allow_legacy; /* allow legacy renegotiation */ |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 95 | int min_version; /* minimum protocol version accepted */ |
| 96 | int max_version; /* maximum protocol version accepted */ |
Paul Bakker | 91ebfb5 | 2012-11-23 14:04:08 +0100 | [diff] [blame] | 97 | int auth_mode; /* verify mode for connection */ |
Manuel Pégourié-Gonnard | 0df6b1f | 2013-07-16 13:39:57 +0200 | [diff] [blame] | 98 | unsigned char mfl_code; /* code for maximum fragment length */ |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 99 | int trunc_hmac; /* negotiate truncated hmac or not */ |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 100 | int reconnect; /* attempt to resume session */ |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 101 | int tickets; /* enable / disable session tickets */ |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 102 | } opt; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 103 | |
Paul Bakker | 3c5ef71 | 2013-06-25 16:37:45 +0200 | [diff] [blame] | 104 | static void my_debug( void *ctx, int level, const char *str ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 105 | { |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 106 | if( level < opt.debug_level ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 107 | { |
| 108 | fprintf( (FILE *) ctx, "%s", str ); |
| 109 | fflush( (FILE *) ctx ); |
| 110 | } |
| 111 | } |
| 112 | |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 113 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | 915275b | 2012-09-28 07:10:55 +0000 | [diff] [blame] | 114 | /* |
| 115 | * Enabled if debug_level > 1 in code below |
| 116 | */ |
Paul Bakker | c559c7a | 2013-09-18 14:13:26 +0200 | [diff] [blame] | 117 | static int my_verify( void *data, x509_crt *crt, int depth, int *flags ) |
Paul Bakker | 915275b | 2012-09-28 07:10:55 +0000 | [diff] [blame] | 118 | { |
| 119 | char buf[1024]; |
| 120 | ((void) data); |
| 121 | |
| 122 | printf( "\nVerify requested for (Depth %d):\n", depth ); |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 123 | x509_crt_info( buf, sizeof( buf ) - 1, "", crt ); |
Paul Bakker | 915275b | 2012-09-28 07:10:55 +0000 | [diff] [blame] | 124 | printf( "%s", buf ); |
| 125 | |
| 126 | if( ( (*flags) & BADCERT_EXPIRED ) != 0 ) |
| 127 | printf( " ! server certificate has expired\n" ); |
| 128 | |
| 129 | if( ( (*flags) & BADCERT_REVOKED ) != 0 ) |
| 130 | printf( " ! server certificate has been revoked\n" ); |
| 131 | |
| 132 | if( ( (*flags) & BADCERT_CN_MISMATCH ) != 0 ) |
| 133 | printf( " ! CN mismatch\n" ); |
| 134 | |
| 135 | if( ( (*flags) & BADCERT_NOT_TRUSTED ) != 0 ) |
| 136 | printf( " ! self-signed or not signed by a trusted CA\n" ); |
| 137 | |
| 138 | if( ( (*flags) & BADCRL_NOT_TRUSTED ) != 0 ) |
| 139 | printf( " ! CRL not trusted\n" ); |
| 140 | |
| 141 | if( ( (*flags) & BADCRL_EXPIRED ) != 0 ) |
| 142 | printf( " ! CRL expired\n" ); |
| 143 | |
| 144 | if( ( (*flags) & BADCERT_OTHER ) != 0 ) |
| 145 | printf( " ! other (unknown) flag\n" ); |
| 146 | |
| 147 | if ( ( *flags ) == 0 ) |
| 148 | printf( " This certificate has no flags\n" ); |
| 149 | |
| 150 | return( 0 ); |
| 151 | } |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 152 | #endif /* POLARSSL_X509_CRT_PARSE_C */ |
Paul Bakker | 915275b | 2012-09-28 07:10:55 +0000 | [diff] [blame] | 153 | |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 154 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 155 | #if defined(POLARSSL_FS_IO) |
| 156 | #define USAGE_IO \ |
Paul Bakker | 1f9d02d | 2012-11-20 10:30:55 +0100 | [diff] [blame] | 157 | " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \ |
| 158 | " default: \"\" (pre-loaded)\n" \ |
| 159 | " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \ |
| 160 | " default: \"\" (pre-loaded) (overrides ca_file)\n" \ |
| 161 | " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \ |
| 162 | " default: \"\" (pre-loaded)\n" \ |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 163 | " key_file=%%s default: \"\" (pre-loaded)\n" |
| 164 | #else |
| 165 | #define USAGE_IO \ |
| 166 | " No file operations available (POLARSSL_FS_IO not defined)\n" |
| 167 | #endif /* POLARSSL_FS_IO */ |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 168 | #else |
| 169 | #define USAGE_IO "" |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 170 | #endif /* POLARSSL_X509_CRT_PARSE_C */ |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 171 | |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 172 | #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 173 | #define USAGE_PSK \ |
| 174 | " psk=%%s default: \"\" (in hex, without 0x)\n" \ |
| 175 | " psk_identity=%%s default: \"Client_identity\"\n" |
| 176 | #else |
| 177 | #define USAGE_PSK "" |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 178 | #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 179 | |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 180 | #if defined(POLARSSL_SSL_SESSION_TICKETS) |
| 181 | #define USAGE_TICKETS \ |
| 182 | " tickets=%%d default: 1 (enabled)\n" |
| 183 | #else |
| 184 | #define USAGE_TICKETS "" |
| 185 | #endif /* POLARSSL_SSL_SESSION_TICKETS */ |
| 186 | |
Paul Bakker | 1f2bc62 | 2013-08-15 13:45:55 +0200 | [diff] [blame] | 187 | #if defined(POLARSSL_SSL_TRUNCATED_HMAC) |
| 188 | #define USAGE_TRUNC_HMAC \ |
| 189 | " trunc_hmac=%%d default: 0 (disabled)\n" |
| 190 | #else |
| 191 | #define USAGE_TRUNC_HMAC "" |
| 192 | #endif /* POLARSSL_SSL_TRUNCATED_HMAC */ |
| 193 | |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 194 | #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) |
| 195 | #define USAGE_MAX_FRAG_LEN \ |
| 196 | " max_frag_len=%%d default: 16384 (tls default)\n" \ |
| 197 | " options: 512, 1024, 2048, 4096\n" |
| 198 | #else |
| 199 | #define USAGE_MAX_FRAG_LEN "" |
| 200 | #endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */ |
| 201 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 202 | #define USAGE \ |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 203 | "\n usage: ssl_client2 param=<>...\n" \ |
| 204 | "\n acceptable parameters:\n" \ |
| 205 | " server_name=%%s default: localhost\n" \ |
| 206 | " server_port=%%d default: 4433\n" \ |
| 207 | " debug_level=%%d default: 0 (disabled)\n" \ |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 208 | USAGE_IO \ |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 209 | " request_page=%%s default: \".\"\n" \ |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 210 | " renegotiation=%%d default: 1 (enabled)\n" \ |
| 211 | " allow_legacy=%%d default: 0 (disabled)\n" \ |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 212 | " reconnect=%%d default: 0 (disabled)\n" \ |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 213 | USAGE_TICKETS \ |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 214 | "\n" \ |
| 215 | " min_version=%%s default: \"\" (ssl3)\n" \ |
| 216 | " max_version=%%s default: \"\" (tls1_2)\n" \ |
| 217 | " force_version=%%s default: \"\" (none)\n" \ |
| 218 | " options: ssl3, tls1, tls1_1, tls1_2\n" \ |
Paul Bakker | 91ebfb5 | 2012-11-23 14:04:08 +0100 | [diff] [blame] | 219 | " auth_mode=%%s default: \"optional\"\n" \ |
| 220 | " options: none, optional, required\n" \ |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 221 | USAGE_MAX_FRAG_LEN \ |
Paul Bakker | 1f2bc62 | 2013-08-15 13:45:55 +0200 | [diff] [blame] | 222 | USAGE_TRUNC_HMAC \ |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 223 | USAGE_PSK \ |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 224 | "\n" \ |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 225 | " force_ciphersuite=<name> default: all enabled\n"\ |
| 226 | " acceptable ciphersuite names:\n" |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 227 | |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 228 | #if !defined(POLARSSL_ENTROPY_C) || \ |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 229 | !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 230 | !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C) |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 231 | int main( int argc, char *argv[] ) |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 232 | { |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 233 | ((void) argc); |
| 234 | ((void) argv); |
| 235 | |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 236 | printf("POLARSSL_ENTROPY_C and/or " |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 237 | "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 238 | "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n"); |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 239 | return( 0 ); |
| 240 | } |
| 241 | #else |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 242 | int main( int argc, char *argv[] ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 243 | { |
Manuel Pégourié-Gonnard | 0c017a5 | 2013-07-18 14:07:36 +0200 | [diff] [blame] | 244 | int ret = 0, len, server_fd, i, written, frags; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 245 | unsigned char buf[1024]; |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 246 | #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 247 | unsigned char psk[256]; |
| 248 | size_t psk_len = 0; |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 249 | #endif |
Paul Bakker | ef3f8c7 | 2013-06-24 13:01:08 +0200 | [diff] [blame] | 250 | const char *pers = "ssl_client2"; |
Paul Bakker | 508ad5a | 2011-12-04 17:09:26 +0000 | [diff] [blame] | 251 | |
| 252 | entropy_context entropy; |
| 253 | ctr_drbg_context ctr_drbg; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 254 | ssl_context ssl; |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 255 | ssl_session saved_session; |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 256 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | c559c7a | 2013-09-18 14:13:26 +0200 | [diff] [blame] | 257 | x509_crt cacert; |
| 258 | x509_crt clicert; |
Manuel Pégourié-Gonnard | ac75523 | 2013-08-19 14:10:16 +0200 | [diff] [blame] | 259 | pk_context pkey; |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 260 | #endif |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 261 | char *p, *q; |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 262 | const int *list; |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 263 | |
Paul Bakker | 1a207ec | 2011-02-06 13:22:40 +0000 | [diff] [blame] | 264 | /* |
| 265 | * Make sure memory references are valid. |
| 266 | */ |
| 267 | server_fd = 0; |
Paul Bakker | 1a207ec | 2011-02-06 13:22:40 +0000 | [diff] [blame] | 268 | memset( &ssl, 0, sizeof( ssl_context ) ); |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 269 | memset( &saved_session, 0, sizeof( ssl_session ) ); |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 270 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | 369d2eb | 2013-09-18 11:58:25 +0200 | [diff] [blame] | 271 | x509_crt_init( &cacert ); |
| 272 | x509_crt_init( &clicert ); |
Manuel Pégourié-Gonnard | ac75523 | 2013-08-19 14:10:16 +0200 | [diff] [blame] | 273 | pk_init( &pkey ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 274 | #endif |
Paul Bakker | 1a207ec | 2011-02-06 13:22:40 +0000 | [diff] [blame] | 275 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 276 | if( argc == 0 ) |
| 277 | { |
| 278 | usage: |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 279 | if( ret == 0 ) |
| 280 | ret = 1; |
| 281 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 282 | printf( USAGE ); |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 283 | |
| 284 | list = ssl_list_ciphersuites(); |
| 285 | while( *list ) |
| 286 | { |
Paul Bakker | bcbe2d8 | 2013-04-19 09:10:20 +0200 | [diff] [blame] | 287 | printf(" %-42s", ssl_get_ciphersuite_name( *list ) ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 288 | list++; |
| 289 | if( !*list ) |
| 290 | break; |
| 291 | printf(" %s\n", ssl_get_ciphersuite_name( *list ) ); |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 292 | list++; |
| 293 | } |
| 294 | printf("\n"); |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 295 | goto exit; |
| 296 | } |
| 297 | |
| 298 | opt.server_name = DFL_SERVER_NAME; |
| 299 | opt.server_port = DFL_SERVER_PORT; |
| 300 | opt.debug_level = DFL_DEBUG_LEVEL; |
| 301 | opt.request_page = DFL_REQUEST_PAGE; |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 302 | opt.ca_file = DFL_CA_FILE; |
Paul Bakker | 8d91458 | 2012-06-04 12:46:42 +0000 | [diff] [blame] | 303 | opt.ca_path = DFL_CA_PATH; |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 304 | opt.crt_file = DFL_CRT_FILE; |
| 305 | opt.key_file = DFL_KEY_FILE; |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 306 | opt.psk = DFL_PSK; |
| 307 | opt.psk_identity = DFL_PSK_IDENTITY; |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 308 | opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 309 | opt.renegotiation = DFL_RENEGOTIATION; |
| 310 | opt.allow_legacy = DFL_ALLOW_LEGACY; |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 311 | opt.min_version = DFL_MIN_VERSION; |
| 312 | opt.max_version = DFL_MAX_VERSION; |
Paul Bakker | 91ebfb5 | 2012-11-23 14:04:08 +0100 | [diff] [blame] | 313 | opt.auth_mode = DFL_AUTH_MODE; |
Manuel Pégourié-Gonnard | 0df6b1f | 2013-07-16 13:39:57 +0200 | [diff] [blame] | 314 | opt.mfl_code = DFL_MFL_CODE; |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 315 | opt.trunc_hmac = DFL_TRUNC_HMAC; |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 316 | opt.reconnect = DFL_RECONNECT; |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 317 | opt.tickets = DFL_TICKETS; |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 318 | |
| 319 | for( i = 1; i < argc; i++ ) |
| 320 | { |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 321 | p = argv[i]; |
| 322 | if( ( q = strchr( p, '=' ) ) == NULL ) |
| 323 | goto usage; |
| 324 | *q++ = '\0'; |
| 325 | |
| 326 | if( strcmp( p, "server_name" ) == 0 ) |
| 327 | opt.server_name = q; |
| 328 | else if( strcmp( p, "server_port" ) == 0 ) |
| 329 | { |
| 330 | opt.server_port = atoi( q ); |
| 331 | if( opt.server_port < 1 || opt.server_port > 65535 ) |
| 332 | goto usage; |
| 333 | } |
| 334 | else if( strcmp( p, "debug_level" ) == 0 ) |
| 335 | { |
| 336 | opt.debug_level = atoi( q ); |
| 337 | if( opt.debug_level < 0 || opt.debug_level > 65535 ) |
| 338 | goto usage; |
| 339 | } |
| 340 | else if( strcmp( p, "request_page" ) == 0 ) |
| 341 | opt.request_page = q; |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 342 | else if( strcmp( p, "ca_file" ) == 0 ) |
| 343 | opt.ca_file = q; |
Paul Bakker | 8d91458 | 2012-06-04 12:46:42 +0000 | [diff] [blame] | 344 | else if( strcmp( p, "ca_path" ) == 0 ) |
| 345 | opt.ca_path = q; |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 346 | else if( strcmp( p, "crt_file" ) == 0 ) |
| 347 | opt.crt_file = q; |
| 348 | else if( strcmp( p, "key_file" ) == 0 ) |
| 349 | opt.key_file = q; |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 350 | else if( strcmp( p, "psk" ) == 0 ) |
| 351 | opt.psk = q; |
| 352 | else if( strcmp( p, "psk_identity" ) == 0 ) |
| 353 | opt.psk_identity = q; |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 354 | else if( strcmp( p, "force_ciphersuite" ) == 0 ) |
| 355 | { |
| 356 | opt.force_ciphersuite[0] = -1; |
| 357 | |
| 358 | opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q ); |
| 359 | |
| 360 | if( opt.force_ciphersuite[0] <= 0 ) |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 361 | { |
| 362 | ret = 2; |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 363 | goto usage; |
Paul Bakker | fab5c82 | 2012-02-06 16:45:10 +0000 | [diff] [blame] | 364 | } |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 365 | opt.force_ciphersuite[1] = 0; |
| 366 | } |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 367 | else if( strcmp( p, "renegotiation" ) == 0 ) |
| 368 | { |
| 369 | opt.renegotiation = (atoi( q )) ? SSL_RENEGOTIATION_ENABLED : |
| 370 | SSL_RENEGOTIATION_DISABLED; |
| 371 | } |
| 372 | else if( strcmp( p, "allow_legacy" ) == 0 ) |
| 373 | { |
| 374 | opt.allow_legacy = atoi( q ); |
| 375 | if( opt.allow_legacy < 0 || opt.allow_legacy > 1 ) |
| 376 | goto usage; |
| 377 | } |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 378 | else if( strcmp( p, "reconnect" ) == 0 ) |
| 379 | { |
| 380 | opt.reconnect = atoi( q ); |
Manuel Pégourié-Gonnard | cf2e97e | 2013-08-02 15:04:36 +0200 | [diff] [blame] | 381 | if( opt.reconnect < 0 || opt.reconnect > 2 ) |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 382 | goto usage; |
| 383 | } |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 384 | else if( strcmp( p, "tickets" ) == 0 ) |
| 385 | { |
| 386 | opt.tickets = atoi( q ); |
| 387 | if( opt.tickets < 0 || opt.tickets > 2 ) |
| 388 | goto usage; |
| 389 | } |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 390 | else if( strcmp( p, "min_version" ) == 0 ) |
| 391 | { |
| 392 | if( strcmp( q, "ssl3" ) == 0 ) |
| 393 | opt.min_version = SSL_MINOR_VERSION_0; |
| 394 | else if( strcmp( q, "tls1" ) == 0 ) |
| 395 | opt.min_version = SSL_MINOR_VERSION_1; |
| 396 | else if( strcmp( q, "tls1_1" ) == 0 ) |
| 397 | opt.min_version = SSL_MINOR_VERSION_2; |
| 398 | else if( strcmp( q, "tls1_2" ) == 0 ) |
| 399 | opt.min_version = SSL_MINOR_VERSION_3; |
| 400 | else |
| 401 | goto usage; |
| 402 | } |
| 403 | else if( strcmp( p, "max_version" ) == 0 ) |
| 404 | { |
| 405 | if( strcmp( q, "ssl3" ) == 0 ) |
| 406 | opt.max_version = SSL_MINOR_VERSION_0; |
| 407 | else if( strcmp( q, "tls1" ) == 0 ) |
| 408 | opt.max_version = SSL_MINOR_VERSION_1; |
| 409 | else if( strcmp( q, "tls1_1" ) == 0 ) |
| 410 | opt.max_version = SSL_MINOR_VERSION_2; |
| 411 | else if( strcmp( q, "tls1_2" ) == 0 ) |
| 412 | opt.max_version = SSL_MINOR_VERSION_3; |
| 413 | else |
| 414 | goto usage; |
| 415 | } |
| 416 | else if( strcmp( p, "force_version" ) == 0 ) |
| 417 | { |
| 418 | if( strcmp( q, "ssl3" ) == 0 ) |
| 419 | { |
| 420 | opt.min_version = SSL_MINOR_VERSION_0; |
| 421 | opt.max_version = SSL_MINOR_VERSION_0; |
| 422 | } |
| 423 | else if( strcmp( q, "tls1" ) == 0 ) |
| 424 | { |
| 425 | opt.min_version = SSL_MINOR_VERSION_1; |
| 426 | opt.max_version = SSL_MINOR_VERSION_1; |
| 427 | } |
| 428 | else if( strcmp( q, "tls1_1" ) == 0 ) |
| 429 | { |
| 430 | opt.min_version = SSL_MINOR_VERSION_2; |
| 431 | opt.max_version = SSL_MINOR_VERSION_2; |
| 432 | } |
| 433 | else if( strcmp( q, "tls1_2" ) == 0 ) |
| 434 | { |
| 435 | opt.min_version = SSL_MINOR_VERSION_3; |
| 436 | opt.max_version = SSL_MINOR_VERSION_3; |
| 437 | } |
| 438 | else |
| 439 | goto usage; |
| 440 | } |
Paul Bakker | 91ebfb5 | 2012-11-23 14:04:08 +0100 | [diff] [blame] | 441 | else if( strcmp( p, "auth_mode" ) == 0 ) |
| 442 | { |
| 443 | if( strcmp( q, "none" ) == 0 ) |
| 444 | opt.auth_mode = SSL_VERIFY_NONE; |
| 445 | else if( strcmp( q, "optional" ) == 0 ) |
| 446 | opt.auth_mode = SSL_VERIFY_OPTIONAL; |
| 447 | else if( strcmp( q, "required" ) == 0 ) |
| 448 | opt.auth_mode = SSL_VERIFY_REQUIRED; |
| 449 | else |
| 450 | goto usage; |
| 451 | } |
Manuel Pégourié-Gonnard | 0df6b1f | 2013-07-16 13:39:57 +0200 | [diff] [blame] | 452 | else if( strcmp( p, "max_frag_len" ) == 0 ) |
| 453 | { |
| 454 | if( strcmp( q, "512" ) == 0 ) |
| 455 | opt.mfl_code = SSL_MAX_FRAG_LEN_512; |
| 456 | else if( strcmp( q, "1024" ) == 0 ) |
| 457 | opt.mfl_code = SSL_MAX_FRAG_LEN_1024; |
| 458 | else if( strcmp( q, "2048" ) == 0 ) |
| 459 | opt.mfl_code = SSL_MAX_FRAG_LEN_2048; |
| 460 | else if( strcmp( q, "4096" ) == 0 ) |
| 461 | opt.mfl_code = SSL_MAX_FRAG_LEN_4096; |
| 462 | else |
| 463 | goto usage; |
| 464 | } |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 465 | else if( strcmp( p, "trunc_hmac" ) == 0 ) |
| 466 | { |
| 467 | opt.trunc_hmac = atoi( q ); |
| 468 | if( opt.trunc_hmac < 0 || opt.trunc_hmac > 1 ) |
| 469 | goto usage; |
| 470 | } |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 471 | else |
| 472 | goto usage; |
| 473 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 474 | |
Paul Bakker | c1516be | 2013-06-29 16:01:32 +0200 | [diff] [blame] | 475 | if( opt.force_ciphersuite[0] > 0 ) |
| 476 | { |
| 477 | const ssl_ciphersuite_t *ciphersuite_info; |
| 478 | ciphersuite_info = ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); |
| 479 | |
Paul Bakker | 66c4810 | 2013-07-26 14:05:32 +0200 | [diff] [blame] | 480 | if( opt.max_version != -1 && |
| 481 | ciphersuite_info->min_minor_ver > opt.max_version ) |
| 482 | { |
| 483 | printf("forced ciphersuite not allowed with this protocol version\n"); |
| 484 | ret = 2; |
| 485 | goto usage; |
| 486 | } |
| 487 | if( opt.min_version != -1 && |
Paul Bakker | c1516be | 2013-06-29 16:01:32 +0200 | [diff] [blame] | 488 | ciphersuite_info->max_minor_ver < opt.min_version ) |
| 489 | { |
| 490 | printf("forced ciphersuite not allowed with this protocol version\n"); |
| 491 | ret = 2; |
| 492 | goto usage; |
| 493 | } |
Paul Bakker | 66c4810 | 2013-07-26 14:05:32 +0200 | [diff] [blame] | 494 | if( opt.max_version > ciphersuite_info->max_minor_ver ) |
| 495 | opt.max_version = ciphersuite_info->max_minor_ver; |
| 496 | if( opt.min_version < ciphersuite_info->min_minor_ver ) |
| 497 | opt.min_version = ciphersuite_info->min_minor_ver; |
Paul Bakker | c1516be | 2013-06-29 16:01:32 +0200 | [diff] [blame] | 498 | } |
| 499 | |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 500 | #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 501 | /* |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 502 | * Unhexify the pre-shared key if any is given |
| 503 | */ |
| 504 | if( strlen( opt.psk ) ) |
| 505 | { |
| 506 | unsigned char c; |
| 507 | size_t j; |
| 508 | |
| 509 | if( strlen( opt.psk ) % 2 != 0 ) |
| 510 | { |
| 511 | printf("pre-shared key not valid hex\n"); |
| 512 | goto exit; |
| 513 | } |
| 514 | |
| 515 | psk_len = strlen( opt.psk ) / 2; |
| 516 | |
| 517 | for( j = 0; j < strlen( opt.psk ); j += 2 ) |
| 518 | { |
| 519 | c = opt.psk[j]; |
| 520 | if( c >= '0' && c <= '9' ) |
| 521 | c -= '0'; |
| 522 | else if( c >= 'a' && c <= 'f' ) |
| 523 | c -= 'a' - 10; |
| 524 | else if( c >= 'A' && c <= 'F' ) |
| 525 | c -= 'A' - 10; |
| 526 | else |
| 527 | { |
| 528 | printf("pre-shared key not valid hex\n"); |
| 529 | goto exit; |
| 530 | } |
| 531 | psk[ j / 2 ] = c << 4; |
| 532 | |
| 533 | c = opt.psk[j + 1]; |
| 534 | if( c >= '0' && c <= '9' ) |
| 535 | c -= '0'; |
| 536 | else if( c >= 'a' && c <= 'f' ) |
| 537 | c -= 'a' - 10; |
| 538 | else if( c >= 'A' && c <= 'F' ) |
| 539 | c -= 'A' - 10; |
| 540 | else |
| 541 | { |
| 542 | printf("pre-shared key not valid hex\n"); |
| 543 | goto exit; |
| 544 | } |
| 545 | psk[ j / 2 ] |= c; |
| 546 | } |
| 547 | } |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 548 | #endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */ |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 549 | |
| 550 | /* |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 551 | * 0. Initialize the RNG and the session data |
| 552 | */ |
Paul Bakker | 508ad5a | 2011-12-04 17:09:26 +0000 | [diff] [blame] | 553 | printf( "\n . Seeding the random number generator..." ); |
| 554 | fflush( stdout ); |
| 555 | |
| 556 | entropy_init( &entropy ); |
| 557 | if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, |
Paul Bakker | ef3f8c7 | 2013-06-24 13:01:08 +0200 | [diff] [blame] | 558 | (const unsigned char *) pers, |
| 559 | strlen( pers ) ) ) != 0 ) |
Paul Bakker | 508ad5a | 2011-12-04 17:09:26 +0000 | [diff] [blame] | 560 | { |
Paul Bakker | 0b22e3e | 2012-04-18 14:23:29 +0000 | [diff] [blame] | 561 | printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret ); |
Paul Bakker | 508ad5a | 2011-12-04 17:09:26 +0000 | [diff] [blame] | 562 | goto exit; |
| 563 | } |
| 564 | |
| 565 | printf( " ok\n" ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 566 | |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 567 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 568 | /* |
| 569 | * 1.1. Load the trusted CA |
| 570 | */ |
Paul Bakker | 508ad5a | 2011-12-04 17:09:26 +0000 | [diff] [blame] | 571 | printf( " . Loading the CA root certificate ..." ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 572 | fflush( stdout ); |
| 573 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 574 | #if defined(POLARSSL_FS_IO) |
Paul Bakker | 8d91458 | 2012-06-04 12:46:42 +0000 | [diff] [blame] | 575 | if( strlen( opt.ca_path ) ) |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 576 | ret = x509_crt_parse_path( &cacert, opt.ca_path ); |
Paul Bakker | 8d91458 | 2012-06-04 12:46:42 +0000 | [diff] [blame] | 577 | else if( strlen( opt.ca_file ) ) |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 578 | ret = x509_crt_parse_file( &cacert, opt.ca_file ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 579 | else |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 580 | #endif |
| 581 | #if defined(POLARSSL_CERTS_C) |
Manuel Pégourié-Gonnard | 641de71 | 2013-09-25 13:23:33 +0200 | [diff] [blame] | 582 | ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list, |
| 583 | strlen( test_ca_list ) ); |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 584 | #else |
| 585 | { |
| 586 | ret = 1; |
| 587 | printf("POLARSSL_CERTS_C not defined."); |
| 588 | } |
| 589 | #endif |
Paul Bakker | 4248823 | 2012-05-16 08:21:05 +0000 | [diff] [blame] | 590 | if( ret < 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 591 | { |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 592 | printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 593 | goto exit; |
| 594 | } |
| 595 | |
Paul Bakker | 4248823 | 2012-05-16 08:21:05 +0000 | [diff] [blame] | 596 | printf( " ok (%d skipped)\n", ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 597 | |
| 598 | /* |
| 599 | * 1.2. Load own certificate and private key |
| 600 | * |
| 601 | * (can be skipped if client authentication is not required) |
| 602 | */ |
| 603 | printf( " . Loading the client cert. and key..." ); |
| 604 | fflush( stdout ); |
| 605 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 606 | #if defined(POLARSSL_FS_IO) |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 607 | if( strlen( opt.crt_file ) ) |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 608 | ret = x509_crt_parse_file( &clicert, opt.crt_file ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 609 | else |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 610 | #endif |
| 611 | #if defined(POLARSSL_CERTS_C) |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 612 | ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt, |
Paul Bakker | 69e095c | 2011-12-10 21:55:01 +0000 | [diff] [blame] | 613 | strlen( test_cli_crt ) ); |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 614 | #else |
| 615 | { |
| 616 | ret = 1; |
| 617 | printf("POLARSSL_CERTS_C not defined."); |
| 618 | } |
| 619 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 620 | if( ret != 0 ) |
| 621 | { |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 622 | printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 623 | goto exit; |
| 624 | } |
| 625 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 626 | #if defined(POLARSSL_FS_IO) |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 627 | if( strlen( opt.key_file ) ) |
Paul Bakker | 1a7550a | 2013-09-15 13:01:22 +0200 | [diff] [blame] | 628 | ret = pk_parse_keyfile( &pkey, opt.key_file, "" ); |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 629 | else |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 630 | #endif |
| 631 | #if defined(POLARSSL_CERTS_C) |
Paul Bakker | 1a7550a | 2013-09-15 13:01:22 +0200 | [diff] [blame] | 632 | ret = pk_parse_key( &pkey, (const unsigned char *) test_cli_key, |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 633 | strlen( test_cli_key ), NULL, 0 ); |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 634 | #else |
| 635 | { |
| 636 | ret = 1; |
| 637 | printf("POLARSSL_CERTS_C not defined."); |
| 638 | } |
| 639 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 640 | if( ret != 0 ) |
| 641 | { |
Paul Bakker | 1a7550a | 2013-09-15 13:01:22 +0200 | [diff] [blame] | 642 | printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 643 | goto exit; |
| 644 | } |
| 645 | |
| 646 | printf( " ok\n" ); |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 647 | #endif /* POLARSSL_X509_CRT_PARSE_C */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 648 | |
| 649 | /* |
| 650 | * 2. Start the connection |
| 651 | */ |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 652 | printf( " . Connecting to tcp/%s/%-4d...", opt.server_name, |
| 653 | opt.server_port ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 654 | fflush( stdout ); |
| 655 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 656 | if( ( ret = net_connect( &server_fd, opt.server_name, |
| 657 | opt.server_port ) ) != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 658 | { |
Paul Bakker | 0b22e3e | 2012-04-18 14:23:29 +0000 | [diff] [blame] | 659 | printf( " failed\n ! net_connect returned -0x%x\n\n", -ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 660 | goto exit; |
| 661 | } |
| 662 | |
| 663 | printf( " ok\n" ); |
| 664 | |
| 665 | /* |
| 666 | * 3. Setup stuff |
| 667 | */ |
| 668 | printf( " . Setting up the SSL/TLS structure..." ); |
| 669 | fflush( stdout ); |
| 670 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 671 | if( ( ret = ssl_init( &ssl ) ) != 0 ) |
| 672 | { |
Paul Bakker | 0b22e3e | 2012-04-18 14:23:29 +0000 | [diff] [blame] | 673 | printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 674 | goto exit; |
| 675 | } |
| 676 | |
| 677 | printf( " ok\n" ); |
| 678 | |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 679 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | 915275b | 2012-09-28 07:10:55 +0000 | [diff] [blame] | 680 | if( opt.debug_level > 0 ) |
| 681 | ssl_set_verify( &ssl, my_verify, NULL ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 682 | #endif |
Paul Bakker | 915275b | 2012-09-28 07:10:55 +0000 | [diff] [blame] | 683 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 684 | ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); |
Paul Bakker | 91ebfb5 | 2012-11-23 14:04:08 +0100 | [diff] [blame] | 685 | ssl_set_authmode( &ssl, opt.auth_mode ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 686 | |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 687 | #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH) |
Manuel Pégourié-Gonnard | 0df6b1f | 2013-07-16 13:39:57 +0200 | [diff] [blame] | 688 | ssl_set_max_frag_len( &ssl, opt.mfl_code ); |
Paul Bakker | 05decb2 | 2013-08-15 13:33:48 +0200 | [diff] [blame] | 689 | #endif |
Manuel Pégourié-Gonnard | 0df6b1f | 2013-07-16 13:39:57 +0200 | [diff] [blame] | 690 | |
Paul Bakker | 1f2bc62 | 2013-08-15 13:45:55 +0200 | [diff] [blame] | 691 | #if defined(POLARSSL_SSL_TRUNCATED_HMAC) |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 692 | if( opt.trunc_hmac != 0 ) |
Paul Bakker | 8c1ede6 | 2013-07-19 14:14:37 +0200 | [diff] [blame] | 693 | ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED ); |
Paul Bakker | 1f2bc62 | 2013-08-15 13:45:55 +0200 | [diff] [blame] | 694 | #endif |
Manuel Pégourié-Gonnard | e980a99 | 2013-07-19 11:08:52 +0200 | [diff] [blame] | 695 | |
Paul Bakker | 508ad5a | 2011-12-04 17:09:26 +0000 | [diff] [blame] | 696 | ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg ); |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 697 | ssl_set_dbg( &ssl, my_debug, stdout ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 698 | ssl_set_bio( &ssl, net_recv, &server_fd, |
| 699 | net_send, &server_fd ); |
| 700 | |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 701 | #if defined(POLARSSL_SSL_SESSION_TICKETS) |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 702 | ssl_set_session_tickets( &ssl, opt.tickets ); |
Paul Bakker | a503a63 | 2013-08-14 13:48:06 +0200 | [diff] [blame] | 703 | #endif |
Manuel Pégourié-Gonnard | aa0d4d1 | 2013-08-03 13:02:31 +0200 | [diff] [blame] | 704 | |
Paul Bakker | 645ce3a | 2012-10-31 12:32:41 +0000 | [diff] [blame] | 705 | if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 706 | ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); |
| 707 | |
Paul Bakker | 48916f9 | 2012-09-16 19:57:18 +0000 | [diff] [blame] | 708 | ssl_set_renegotiation( &ssl, opt.renegotiation ); |
| 709 | ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); |
| 710 | |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 711 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 712 | ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); |
Manuel Pégourié-Gonnard | ac75523 | 2013-08-19 14:10:16 +0200 | [diff] [blame] | 713 | ssl_set_own_cert( &ssl, &clicert, &pkey ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 714 | #endif |
| 715 | |
Manuel Pégourié-Gonnard | 8a3c64d | 2013-10-14 19:54:10 +0200 | [diff] [blame] | 716 | #if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED) |
Paul Bakker | 3c5ef71 | 2013-06-25 16:37:45 +0200 | [diff] [blame] | 717 | ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity, |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 718 | strlen( opt.psk_identity ) ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 719 | #endif |
| 720 | |
Paul Bakker | 0be444a | 2013-08-27 21:55:01 +0200 | [diff] [blame] | 721 | #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 722 | ssl_set_hostname( &ssl, opt.server_name ); |
Paul Bakker | 0be444a | 2013-08-27 21:55:01 +0200 | [diff] [blame] | 723 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 724 | |
Paul Bakker | 1d29fb5 | 2012-09-28 13:28:45 +0000 | [diff] [blame] | 725 | if( opt.min_version != -1 ) |
| 726 | ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version ); |
| 727 | if( opt.max_version != -1 ) |
| 728 | ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version ); |
| 729 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 730 | /* |
| 731 | * 4. Handshake |
| 732 | */ |
| 733 | printf( " . Performing the SSL/TLS handshake..." ); |
| 734 | fflush( stdout ); |
| 735 | |
| 736 | while( ( ret = ssl_handshake( &ssl ) ) != 0 ) |
| 737 | { |
Paul Bakker | 831a755 | 2011-05-18 13:32:51 +0000 | [diff] [blame] | 738 | if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 739 | { |
Paul Bakker | 0b22e3e | 2012-04-18 14:23:29 +0000 | [diff] [blame] | 740 | printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 741 | goto exit; |
| 742 | } |
| 743 | } |
| 744 | |
Manuel Pégourié-Gonnard | c580a00 | 2014-02-12 10:15:30 +0100 | [diff] [blame^] | 745 | printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n", |
| 746 | ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 747 | |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 748 | if( opt.reconnect != 0 ) |
| 749 | { |
| 750 | printf(" . Saving session for reuse..." ); |
| 751 | fflush( stdout ); |
| 752 | |
| 753 | if( ( ret = ssl_get_session( &ssl, &saved_session ) ) != 0 ) |
| 754 | { |
| 755 | printf( " failed\n ! ssl_get_session returned -0x%x\n\n", -ret ); |
| 756 | goto exit; |
| 757 | } |
| 758 | |
| 759 | printf( " ok\n" ); |
| 760 | } |
| 761 | |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 762 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 763 | /* |
| 764 | * 5. Verify the server certificate |
| 765 | */ |
| 766 | printf( " . Verifying peer X.509 certificate..." ); |
| 767 | |
| 768 | if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 ) |
| 769 | { |
| 770 | printf( " failed\n" ); |
| 771 | |
| 772 | if( ( ret & BADCERT_EXPIRED ) != 0 ) |
| 773 | printf( " ! server certificate has expired\n" ); |
| 774 | |
| 775 | if( ( ret & BADCERT_REVOKED ) != 0 ) |
| 776 | printf( " ! server certificate has been revoked\n" ); |
| 777 | |
| 778 | if( ( ret & BADCERT_CN_MISMATCH ) != 0 ) |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 779 | printf( " ! CN mismatch (expected CN=%s)\n", opt.server_name ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 780 | |
| 781 | if( ( ret & BADCERT_NOT_TRUSTED ) != 0 ) |
| 782 | printf( " ! self-signed or not signed by a trusted CA\n" ); |
| 783 | |
| 784 | printf( "\n" ); |
| 785 | } |
| 786 | else |
| 787 | printf( " ok\n" ); |
| 788 | |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 789 | if( ssl_get_peer_cert( &ssl ) != NULL ) |
| 790 | { |
| 791 | printf( " . Peer certificate information ...\n" ); |
Paul Bakker | ddf26b4 | 2013-09-18 13:46:23 +0200 | [diff] [blame] | 792 | x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", |
| 793 | ssl_get_peer_cert( &ssl ) ); |
Paul Bakker | d4a56ec | 2013-04-16 18:05:29 +0200 | [diff] [blame] | 794 | printf( "%s\n", buf ); |
| 795 | } |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 796 | #endif /* POLARSSL_X509_CRT_PARSE_C */ |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 797 | |
Manuel Pégourié-Gonnard | 53b3e06 | 2013-10-29 18:16:38 +0100 | [diff] [blame] | 798 | #ifdef TEST_RENEGO |
| 799 | /* |
| 800 | * Perform renegotiation (this must be done when the server is waiting |
| 801 | * for input from our side). |
| 802 | */ |
| 803 | printf( " . Performing renegotiation..." ); |
| 804 | fflush( stdout ); |
| 805 | while( ( ret = ssl_renegotiate( &ssl ) ) != 0 ) |
| 806 | { |
| 807 | if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) |
| 808 | { |
| 809 | printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret ); |
| 810 | goto exit; |
| 811 | } |
| 812 | } |
| 813 | printf( " ok\n" ); |
| 814 | #endif |
| 815 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 816 | /* |
| 817 | * 6. Write the GET request |
| 818 | */ |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 819 | send_request: |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 820 | printf( " > Write to server:" ); |
| 821 | fflush( stdout ); |
| 822 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 823 | len = sprintf( (char *) buf, GET_REQUEST, opt.request_page ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 824 | |
Manuel Pégourié-Gonnard | 0c017a5 | 2013-07-18 14:07:36 +0200 | [diff] [blame] | 825 | for( written = 0, frags = 0; written < len; written += ret, frags++ ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 826 | { |
Manuel Pégourié-Gonnard | 787b658 | 2013-07-16 15:43:17 +0200 | [diff] [blame] | 827 | while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 828 | { |
Manuel Pégourié-Gonnard | 787b658 | 2013-07-16 15:43:17 +0200 | [diff] [blame] | 829 | if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) |
| 830 | { |
| 831 | printf( " failed\n ! ssl_write returned -0x%x\n\n", -ret ); |
| 832 | goto exit; |
| 833 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 834 | } |
| 835 | } |
| 836 | |
Manuel Pégourié-Gonnard | 787b658 | 2013-07-16 15:43:17 +0200 | [diff] [blame] | 837 | buf[written] = '\0'; |
Manuel Pégourié-Gonnard | 0c017a5 | 2013-07-18 14:07:36 +0200 | [diff] [blame] | 838 | printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 839 | |
| 840 | /* |
| 841 | * 7. Read the HTTP response |
| 842 | */ |
| 843 | printf( " < Read from server:" ); |
| 844 | fflush( stdout ); |
| 845 | |
| 846 | do |
| 847 | { |
| 848 | len = sizeof( buf ) - 1; |
| 849 | memset( buf, 0, sizeof( buf ) ); |
| 850 | ret = ssl_read( &ssl, buf, len ); |
| 851 | |
Paul Bakker | 831a755 | 2011-05-18 13:32:51 +0000 | [diff] [blame] | 852 | if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 853 | continue; |
| 854 | |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 855 | if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 856 | break; |
| 857 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 858 | if( ret < 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 859 | { |
Paul Bakker | 0b22e3e | 2012-04-18 14:23:29 +0000 | [diff] [blame] | 860 | printf( "failed\n ! ssl_read returned -0x%x\n\n", -ret ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 861 | break; |
| 862 | } |
| 863 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 864 | if( ret == 0 ) |
| 865 | { |
| 866 | printf("\n\nEOF\n\n"); |
| 867 | break; |
| 868 | } |
| 869 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 870 | len = ret; |
| 871 | printf( " %d bytes read\n\n%s", len, (char *) buf ); |
| 872 | } |
Paul Bakker | f357131 | 2011-05-20 12:32:35 +0000 | [diff] [blame] | 873 | while( 1 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 874 | |
| 875 | ssl_close_notify( &ssl ); |
| 876 | |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 877 | if( opt.reconnect != 0 ) |
| 878 | { |
Manuel Pégourié-Gonnard | cf2e97e | 2013-08-02 15:04:36 +0200 | [diff] [blame] | 879 | --opt.reconnect; |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 880 | |
Manuel Pégourié-Gonnard | e8ea0c0 | 2013-09-07 17:09:14 +0200 | [diff] [blame] | 881 | // printf( " ! Press a key to reconnect\n" ); |
| 882 | // (void) getchar(); |
Manuel Pégourié-Gonnard | 38d1eba | 2013-08-23 10:44:29 +0200 | [diff] [blame] | 883 | |
Manuel Pégourié-Gonnard | aaa1eab | 2013-07-30 13:43:43 +0200 | [diff] [blame] | 884 | printf( " . Reconnecting with saved session..." ); |
| 885 | fflush( stdout ); |
| 886 | |
| 887 | if( ( ret = ssl_session_reset( &ssl ) ) != 0 ) |
| 888 | { |
| 889 | printf( " failed\n ! ssl_session_reset returned -0x%x\n\n", -ret ); |
| 890 | goto exit; |
| 891 | } |
| 892 | |
| 893 | ssl_set_session( &ssl, &saved_session ); |
| 894 | |
| 895 | if( ( ret = net_connect( &server_fd, opt.server_name, |
| 896 | opt.server_port ) ) != 0 ) |
| 897 | { |
| 898 | printf( " failed\n ! net_connect returned -0x%x\n\n", -ret ); |
| 899 | goto exit; |
| 900 | } |
| 901 | |
| 902 | while( ( ret = ssl_handshake( &ssl ) ) != 0 ) |
| 903 | { |
| 904 | if( ret != POLARSSL_ERR_NET_WANT_READ && |
| 905 | ret != POLARSSL_ERR_NET_WANT_WRITE ) |
| 906 | { |
| 907 | printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret ); |
| 908 | goto exit; |
| 909 | } |
| 910 | } |
| 911 | |
| 912 | printf( " ok\n" ); |
| 913 | |
| 914 | goto send_request; |
| 915 | } |
| 916 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 917 | exit: |
| 918 | |
Paul Bakker | a3d195c | 2011-11-27 21:07:34 +0000 | [diff] [blame] | 919 | #ifdef POLARSSL_ERROR_C |
| 920 | if( ret != 0 ) |
| 921 | { |
| 922 | char error_buf[100]; |
Paul Bakker | 03a8a79 | 2013-06-30 12:18:08 +0200 | [diff] [blame] | 923 | polarssl_strerror( ret, error_buf, 100 ); |
Paul Bakker | 570267f | 2012-04-10 08:22:46 +0000 | [diff] [blame] | 924 | printf("Last error was: -0x%X - %s\n\n", -ret, error_buf ); |
Paul Bakker | a3d195c | 2011-11-27 21:07:34 +0000 | [diff] [blame] | 925 | } |
| 926 | #endif |
| 927 | |
Paul Bakker | 1a207ec | 2011-02-06 13:22:40 +0000 | [diff] [blame] | 928 | if( server_fd ) |
| 929 | net_close( server_fd ); |
Paul Bakker | 36713e8 | 2013-09-17 13:25:29 +0200 | [diff] [blame] | 930 | #if defined(POLARSSL_X509_CRT_PARSE_C) |
| 931 | x509_crt_free( &clicert ); |
| 932 | x509_crt_free( &cacert ); |
Manuel Pégourié-Gonnard | ac75523 | 2013-08-19 14:10:16 +0200 | [diff] [blame] | 933 | pk_free( &pkey ); |
Paul Bakker | ed27a04 | 2013-04-18 22:46:23 +0200 | [diff] [blame] | 934 | #endif |
Manuel Pégourié-Gonnard | 06650f6 | 2013-08-02 15:34:52 +0200 | [diff] [blame] | 935 | ssl_session_free( &saved_session ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 936 | ssl_free( &ssl ); |
Paul Bakker | 1ffefac | 2013-09-28 15:23:03 +0200 | [diff] [blame] | 937 | entropy_free( &entropy ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 938 | |
| 939 | memset( &ssl, 0, sizeof( ssl ) ); |
| 940 | |
Paul Bakker | cce9d77 | 2011-11-18 14:26:47 +0000 | [diff] [blame] | 941 | #if defined(_WIN32) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 942 | printf( " + Press Enter to exit this program.\n" ); |
| 943 | fflush( stdout ); getchar(); |
| 944 | #endif |
| 945 | |
Paul Bakker | dbd79ca | 2013-07-24 16:28:35 +0200 | [diff] [blame] | 946 | // Shell can not handle large exit numbers -> 1 for errors |
| 947 | if( ret < 0 ) |
| 948 | ret = 1; |
| 949 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 950 | return( ret ); |
| 951 | } |
Paul Bakker | 508ad5a | 2011-12-04 17:09:26 +0000 | [diff] [blame] | 952 | #endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C && |
| 953 | POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C && |
| 954 | POLARSSL_CTR_DRBG_C */ |