Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 1 | /* |
| 2 | * SSL client with certificate authentication |
| 3 | * |
Paul Bakker | 84f12b7 | 2010-07-18 10:13:04 +0000 | [diff] [blame] | 4 | * Copyright (C) 2006-2010, Brainspark B.V. |
Paul Bakker | b96f154 | 2010-07-18 20:36:00 +0000 | [diff] [blame] | 5 | * |
| 6 | * This file is part of PolarSSL (http://www.polarssl.org) |
Paul Bakker | 84f12b7 | 2010-07-18 10:13:04 +0000 | [diff] [blame] | 7 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> |
Paul Bakker | b96f154 | 2010-07-18 20:36:00 +0000 | [diff] [blame] | 8 | * |
Paul Bakker | 77b385e | 2009-07-28 17:23:11 +0000 | [diff] [blame] | 9 | * All rights reserved. |
Paul Bakker | e0ccd0a | 2009-01-04 16:27:10 +0000 | [diff] [blame] | 10 | * |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 11 | * This program is free software; you can redistribute it and/or modify |
| 12 | * it under the terms of the GNU General Public License as published by |
| 13 | * the Free Software Foundation; either version 2 of the License, or |
| 14 | * (at your option) any later version. |
| 15 | * |
| 16 | * This program is distributed in the hope that it will be useful, |
| 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 19 | * GNU General Public License for more details. |
| 20 | * |
| 21 | * You should have received a copy of the GNU General Public License along |
| 22 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 24 | */ |
| 25 | |
| 26 | #ifndef _CRT_SECURE_NO_DEPRECATE |
| 27 | #define _CRT_SECURE_NO_DEPRECATE 1 |
| 28 | #endif |
| 29 | |
| 30 | #include <string.h> |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 31 | #include <stdlib.h> |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 32 | #include <stdio.h> |
| 33 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 34 | #include "polarssl/config.h" |
| 35 | |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 36 | #include "polarssl/net.h" |
| 37 | #include "polarssl/ssl.h" |
| 38 | #include "polarssl/havege.h" |
| 39 | #include "polarssl/certs.h" |
| 40 | #include "polarssl/x509.h" |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 41 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 42 | #define DFL_SERVER_NAME "localhost" |
| 43 | #define DFL_SERVER_PORT 4433 |
| 44 | #define DFL_REQUEST_PAGE "/" |
| 45 | #define DFL_DEBUG_LEVEL 0 |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 46 | #define DFL_CA_FILE "" |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 47 | #define DFL_CRT_FILE "" |
| 48 | #define DFL_KEY_FILE "" |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 49 | #define DFL_FORCE_CIPHER 0 |
Paul Bakker | 0e6975b | 2009-02-10 22:19:10 +0000 | [diff] [blame] | 50 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 51 | #define GET_REQUEST "GET %s HTTP/1.0\r\n\r\n" |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 52 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 53 | /* |
| 54 | * global options |
| 55 | */ |
| 56 | struct options |
| 57 | { |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 58 | char *server_name; /* hostname of the server (client only) */ |
| 59 | int server_port; /* port on which the ssl service runs */ |
| 60 | int debug_level; /* level of debugging */ |
| 61 | char *request_page; /* page on server to request */ |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 62 | char *ca_file; /* the file with the CA certificate(s) */ |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 63 | char *crt_file; /* the file with the client certificate */ |
| 64 | char *key_file; /* the file with the client key */ |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 65 | int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 66 | } opt; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 67 | |
Paul Bakker | ff60ee6 | 2010-03-16 21:09:09 +0000 | [diff] [blame] | 68 | void my_debug( void *ctx, int level, const char *str ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 69 | { |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 70 | if( level < opt.debug_level ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 71 | { |
| 72 | fprintf( (FILE *) ctx, "%s", str ); |
| 73 | fflush( (FILE *) ctx ); |
| 74 | } |
| 75 | } |
| 76 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 77 | #if defined(POLARSSL_FS_IO) |
| 78 | #define USAGE_IO \ |
| 79 | " ca_file=%%s default: \"\" (pre-loaded)\n" \ |
| 80 | " crt_file=%%s default: \"\" (pre-loaded)\n" \ |
| 81 | " key_file=%%s default: \"\" (pre-loaded)\n" |
| 82 | #else |
| 83 | #define USAGE_IO \ |
| 84 | " No file operations available (POLARSSL_FS_IO not defined)\n" |
| 85 | #endif /* POLARSSL_FS_IO */ |
| 86 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 87 | #define USAGE \ |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 88 | "\n usage: ssl_client2 param=<>...\n" \ |
| 89 | "\n acceptable parameters:\n" \ |
| 90 | " server_name=%%s default: localhost\n" \ |
| 91 | " server_port=%%d default: 4433\n" \ |
| 92 | " debug_level=%%d default: 0 (disabled)\n" \ |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 93 | USAGE_IO \ |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 94 | " request_page=%%s default: \".\"\n" \ |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 95 | " force_ciphersuite=<name> default: all enabled\n"\ |
| 96 | " acceptable ciphersuite names:\n" |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 97 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 98 | #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \ |
| 99 | !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \ |
| 100 | !defined(POLARSSL_NET_C) || !defined(POLARSSL_RSA_C) |
| 101 | int main( void ) |
| 102 | { |
| 103 | printf("POLARSSL_BIGNUM_C and/or POLARSSL_HAVEGE_C and/or " |
| 104 | "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or " |
| 105 | "POLARSSL_NET_C and/or POLARSSL_RSA_C not defined.\n"); |
| 106 | return( 0 ); |
| 107 | } |
| 108 | #else |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 109 | int main( int argc, char *argv[] ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 110 | { |
Paul Bakker | f80d453 | 2010-03-16 21:16:04 +0000 | [diff] [blame] | 111 | int ret = 0, len, server_fd; |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 112 | unsigned char buf[1024]; |
| 113 | havege_state hs; |
| 114 | ssl_context ssl; |
| 115 | ssl_session ssn; |
| 116 | x509_cert cacert; |
| 117 | x509_cert clicert; |
| 118 | rsa_context rsa; |
Paul Bakker | 23986e5 | 2011-04-24 08:57:21 +0000 | [diff] [blame] | 119 | int i; |
| 120 | size_t j, n; |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 121 | char *p, *q; |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 122 | const int *list; |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 123 | |
Paul Bakker | 1a207ec | 2011-02-06 13:22:40 +0000 | [diff] [blame] | 124 | /* |
| 125 | * Make sure memory references are valid. |
| 126 | */ |
| 127 | server_fd = 0; |
| 128 | memset( &ssn, 0, sizeof( ssl_session ) ); |
| 129 | memset( &ssl, 0, sizeof( ssl_context ) ); |
| 130 | memset( &cacert, 0, sizeof( x509_cert ) ); |
| 131 | memset( &clicert, 0, sizeof( x509_cert ) ); |
| 132 | memset( &rsa, 0, sizeof( rsa_context ) ); |
| 133 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 134 | if( argc == 0 ) |
| 135 | { |
| 136 | usage: |
| 137 | printf( USAGE ); |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 138 | |
| 139 | list = ssl_list_ciphersuites(); |
| 140 | while( *list ) |
| 141 | { |
| 142 | printf(" %s\n", ssl_get_ciphersuite_name( *list ) ); |
| 143 | list++; |
| 144 | } |
| 145 | printf("\n"); |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 146 | goto exit; |
| 147 | } |
| 148 | |
| 149 | opt.server_name = DFL_SERVER_NAME; |
| 150 | opt.server_port = DFL_SERVER_PORT; |
| 151 | opt.debug_level = DFL_DEBUG_LEVEL; |
| 152 | opt.request_page = DFL_REQUEST_PAGE; |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 153 | opt.ca_file = DFL_CA_FILE; |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 154 | opt.crt_file = DFL_CRT_FILE; |
| 155 | opt.key_file = DFL_KEY_FILE; |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 156 | opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 157 | |
| 158 | for( i = 1; i < argc; i++ ) |
| 159 | { |
| 160 | n = strlen( argv[i] ); |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 161 | |
| 162 | for( j = 0; j < n; j++ ) |
| 163 | { |
| 164 | if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' ) |
| 165 | argv[i][j] |= 0x20; |
| 166 | } |
| 167 | |
| 168 | p = argv[i]; |
| 169 | if( ( q = strchr( p, '=' ) ) == NULL ) |
| 170 | goto usage; |
| 171 | *q++ = '\0'; |
| 172 | |
| 173 | if( strcmp( p, "server_name" ) == 0 ) |
| 174 | opt.server_name = q; |
| 175 | else if( strcmp( p, "server_port" ) == 0 ) |
| 176 | { |
| 177 | opt.server_port = atoi( q ); |
| 178 | if( opt.server_port < 1 || opt.server_port > 65535 ) |
| 179 | goto usage; |
| 180 | } |
| 181 | else if( strcmp( p, "debug_level" ) == 0 ) |
| 182 | { |
| 183 | opt.debug_level = atoi( q ); |
| 184 | if( opt.debug_level < 0 || opt.debug_level > 65535 ) |
| 185 | goto usage; |
| 186 | } |
| 187 | else if( strcmp( p, "request_page" ) == 0 ) |
| 188 | opt.request_page = q; |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 189 | else if( strcmp( p, "ca_file" ) == 0 ) |
| 190 | opt.ca_file = q; |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 191 | else if( strcmp( p, "crt_file" ) == 0 ) |
| 192 | opt.crt_file = q; |
| 193 | else if( strcmp( p, "key_file" ) == 0 ) |
| 194 | opt.key_file = q; |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 195 | else if( strcmp( p, "force_ciphersuite" ) == 0 ) |
| 196 | { |
| 197 | opt.force_ciphersuite[0] = -1; |
| 198 | |
| 199 | opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q ); |
| 200 | |
| 201 | if( opt.force_ciphersuite[0] <= 0 ) |
| 202 | goto usage; |
| 203 | |
| 204 | opt.force_ciphersuite[1] = 0; |
| 205 | } |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 206 | else |
| 207 | goto usage; |
| 208 | } |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 209 | |
| 210 | /* |
| 211 | * 0. Initialize the RNG and the session data |
| 212 | */ |
| 213 | havege_init( &hs ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 214 | |
| 215 | /* |
| 216 | * 1.1. Load the trusted CA |
| 217 | */ |
| 218 | printf( "\n . Loading the CA root certificate ..." ); |
| 219 | fflush( stdout ); |
| 220 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 221 | #if defined(POLARSSL_FS_IO) |
| 222 | if( strlen( opt.ca_file ) ) |
| 223 | ret = x509parse_crtfile( &cacert, opt.ca_file ); |
| 224 | else |
| 225 | #endif |
| 226 | #if defined(POLARSSL_CERTS_C) |
| 227 | ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt, |
| 228 | strlen( test_ca_crt ) ); |
| 229 | #else |
| 230 | { |
| 231 | ret = 1; |
| 232 | printf("POLARSSL_CERTS_C not defined."); |
| 233 | } |
| 234 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 235 | if( ret != 0 ) |
| 236 | { |
| 237 | printf( " failed\n ! x509parse_crt returned %d\n\n", ret ); |
| 238 | goto exit; |
| 239 | } |
| 240 | |
| 241 | printf( " ok\n" ); |
| 242 | |
| 243 | /* |
| 244 | * 1.2. Load own certificate and private key |
| 245 | * |
| 246 | * (can be skipped if client authentication is not required) |
| 247 | */ |
| 248 | printf( " . Loading the client cert. and key..." ); |
| 249 | fflush( stdout ); |
| 250 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 251 | #if defined(POLARSSL_FS_IO) |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 252 | if( strlen( opt.crt_file ) ) |
| 253 | ret = x509parse_crtfile( &clicert, opt.crt_file ); |
| 254 | else |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 255 | #endif |
| 256 | #if defined(POLARSSL_CERTS_C) |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 257 | ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt, |
| 258 | strlen( test_cli_crt ) ); |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 259 | #else |
| 260 | { |
| 261 | ret = 1; |
| 262 | printf("POLARSSL_CERTS_C not defined."); |
| 263 | } |
| 264 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 265 | if( ret != 0 ) |
| 266 | { |
| 267 | printf( " failed\n ! x509parse_crt returned %d\n\n", ret ); |
| 268 | goto exit; |
| 269 | } |
| 270 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 271 | #if defined(POLARSSL_FS_IO) |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 272 | if( strlen( opt.key_file ) ) |
| 273 | ret = x509parse_keyfile( &rsa, opt.key_file, "" ); |
| 274 | else |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 275 | #endif |
| 276 | #if defined(POLARSSL_CERTS_C) |
Paul Bakker | 6796839 | 2010-07-18 08:28:20 +0000 | [diff] [blame] | 277 | ret = x509parse_key( &rsa, (unsigned char *) test_cli_key, |
| 278 | strlen( test_cli_key ), NULL, 0 ); |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 279 | #else |
| 280 | { |
| 281 | ret = 1; |
| 282 | printf("POLARSSL_CERTS_C not defined."); |
| 283 | } |
| 284 | #endif |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 285 | if( ret != 0 ) |
| 286 | { |
| 287 | printf( " failed\n ! x509parse_key returned %d\n\n", ret ); |
| 288 | goto exit; |
| 289 | } |
| 290 | |
| 291 | printf( " ok\n" ); |
| 292 | |
| 293 | /* |
| 294 | * 2. Start the connection |
| 295 | */ |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 296 | printf( " . Connecting to tcp/%s/%-4d...", opt.server_name, |
| 297 | opt.server_port ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 298 | fflush( stdout ); |
| 299 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 300 | if( ( ret = net_connect( &server_fd, opt.server_name, |
| 301 | opt.server_port ) ) != 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 302 | { |
| 303 | printf( " failed\n ! net_connect returned %d\n\n", ret ); |
| 304 | goto exit; |
| 305 | } |
| 306 | |
| 307 | printf( " ok\n" ); |
| 308 | |
| 309 | /* |
| 310 | * 3. Setup stuff |
| 311 | */ |
| 312 | printf( " . Setting up the SSL/TLS structure..." ); |
| 313 | fflush( stdout ); |
| 314 | |
| 315 | havege_init( &hs ); |
| 316 | |
| 317 | if( ( ret = ssl_init( &ssl ) ) != 0 ) |
| 318 | { |
| 319 | printf( " failed\n ! ssl_init returned %d\n\n", ret ); |
| 320 | goto exit; |
| 321 | } |
| 322 | |
| 323 | printf( " ok\n" ); |
| 324 | |
| 325 | ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); |
| 326 | ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); |
| 327 | |
| 328 | ssl_set_rng( &ssl, havege_rand, &hs ); |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 329 | ssl_set_dbg( &ssl, my_debug, stdout ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 330 | ssl_set_bio( &ssl, net_recv, &server_fd, |
| 331 | net_send, &server_fd ); |
| 332 | |
Paul Bakker | 5193688 | 2011-02-20 16:05:58 +0000 | [diff] [blame] | 333 | if( opt.force_ciphersuite[0] == DFL_FORCE_CIPHER ) |
| 334 | ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites ); |
| 335 | else |
| 336 | ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); |
| 337 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 338 | ssl_set_session( &ssl, 1, 600, &ssn ); |
| 339 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 340 | ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 341 | ssl_set_own_cert( &ssl, &clicert, &rsa ); |
| 342 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 343 | ssl_set_hostname( &ssl, opt.server_name ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 344 | |
| 345 | /* |
| 346 | * 4. Handshake |
| 347 | */ |
| 348 | printf( " . Performing the SSL/TLS handshake..." ); |
| 349 | fflush( stdout ); |
| 350 | |
| 351 | while( ( ret = ssl_handshake( &ssl ) ) != 0 ) |
| 352 | { |
Paul Bakker | 831a755 | 2011-05-18 13:32:51 +0000 | [diff] [blame] | 353 | if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 354 | { |
| 355 | printf( " failed\n ! ssl_handshake returned %d\n\n", ret ); |
| 356 | goto exit; |
| 357 | } |
| 358 | } |
| 359 | |
Paul Bakker | e3166ce | 2011-01-27 17:40:50 +0000 | [diff] [blame] | 360 | printf( " ok\n [ Ciphersuite is %s ]\n", |
| 361 | ssl_get_ciphersuite( &ssl ) ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 362 | |
| 363 | /* |
| 364 | * 5. Verify the server certificate |
| 365 | */ |
| 366 | printf( " . Verifying peer X.509 certificate..." ); |
| 367 | |
| 368 | if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 ) |
| 369 | { |
| 370 | printf( " failed\n" ); |
| 371 | |
| 372 | if( ( ret & BADCERT_EXPIRED ) != 0 ) |
| 373 | printf( " ! server certificate has expired\n" ); |
| 374 | |
| 375 | if( ( ret & BADCERT_REVOKED ) != 0 ) |
| 376 | printf( " ! server certificate has been revoked\n" ); |
| 377 | |
| 378 | if( ( ret & BADCERT_CN_MISMATCH ) != 0 ) |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 379 | printf( " ! CN mismatch (expected CN=%s)\n", opt.server_name ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 380 | |
| 381 | if( ( ret & BADCERT_NOT_TRUSTED ) != 0 ) |
| 382 | printf( " ! self-signed or not signed by a trusted CA\n" ); |
| 383 | |
| 384 | printf( "\n" ); |
| 385 | } |
| 386 | else |
| 387 | printf( " ok\n" ); |
| 388 | |
| 389 | printf( " . Peer certificate information ...\n" ); |
Paul Bakker | d98030e | 2009-05-02 15:13:40 +0000 | [diff] [blame] | 390 | x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.peer_cert ); |
| 391 | printf( "%s\n", buf ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 392 | |
| 393 | /* |
| 394 | * 6. Write the GET request |
| 395 | */ |
| 396 | printf( " > Write to server:" ); |
| 397 | fflush( stdout ); |
| 398 | |
Paul Bakker | 9caf2d2 | 2010-02-18 19:37:19 +0000 | [diff] [blame] | 399 | len = sprintf( (char *) buf, GET_REQUEST, opt.request_page ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 400 | |
| 401 | while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 ) |
| 402 | { |
Paul Bakker | 831a755 | 2011-05-18 13:32:51 +0000 | [diff] [blame] | 403 | if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 404 | { |
| 405 | printf( " failed\n ! ssl_write returned %d\n\n", ret ); |
| 406 | goto exit; |
| 407 | } |
| 408 | } |
| 409 | |
| 410 | len = ret; |
| 411 | printf( " %d bytes written\n\n%s", len, (char *) buf ); |
| 412 | |
| 413 | /* |
| 414 | * 7. Read the HTTP response |
| 415 | */ |
| 416 | printf( " < Read from server:" ); |
| 417 | fflush( stdout ); |
| 418 | |
| 419 | do |
| 420 | { |
| 421 | len = sizeof( buf ) - 1; |
| 422 | memset( buf, 0, sizeof( buf ) ); |
| 423 | ret = ssl_read( &ssl, buf, len ); |
| 424 | |
Paul Bakker | 831a755 | 2011-05-18 13:32:51 +0000 | [diff] [blame] | 425 | if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 426 | continue; |
| 427 | |
Paul Bakker | 40e4694 | 2009-01-03 21:51:57 +0000 | [diff] [blame] | 428 | if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 429 | break; |
| 430 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 431 | if( ret < 0 ) |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 432 | { |
| 433 | printf( "failed\n ! ssl_read returned %d\n\n", ret ); |
| 434 | break; |
| 435 | } |
| 436 | |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 437 | if( ret == 0 ) |
| 438 | { |
| 439 | printf("\n\nEOF\n\n"); |
| 440 | break; |
| 441 | } |
| 442 | |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 443 | len = ret; |
| 444 | printf( " %d bytes read\n\n%s", len, (char *) buf ); |
| 445 | } |
Paul Bakker | f357131 | 2011-05-20 12:32:35 +0000 | [diff] [blame] | 446 | while( 1 ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 447 | |
| 448 | ssl_close_notify( &ssl ); |
| 449 | |
| 450 | exit: |
| 451 | |
Paul Bakker | 1a207ec | 2011-02-06 13:22:40 +0000 | [diff] [blame] | 452 | if( server_fd ) |
| 453 | net_close( server_fd ); |
Paul Bakker | 5121ce5 | 2009-01-03 21:22:43 +0000 | [diff] [blame] | 454 | x509_free( &clicert ); |
| 455 | x509_free( &cacert ); |
| 456 | rsa_free( &rsa ); |
| 457 | ssl_free( &ssl ); |
| 458 | |
| 459 | memset( &ssl, 0, sizeof( ssl ) ); |
| 460 | |
| 461 | #ifdef WIN32 |
| 462 | printf( " + Press Enter to exit this program.\n" ); |
| 463 | fflush( stdout ); getchar(); |
| 464 | #endif |
| 465 | |
| 466 | return( ret ); |
| 467 | } |
Paul Bakker | 5690efc | 2011-05-26 13:16:06 +0000 | [diff] [blame] | 468 | #endif /* POLARSSL_BIGNUM_C && POLARSSL_HAVEGE_C && POLARSSL_SSL_TLS_C && |
| 469 | POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C */ |