Blame - programs/ssl/ssl_client1.c - mirror/mbed-tls

blob: d4e45554e84e78520e8bd51df429de3c41f2d07b [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* SSL client demonstration program
				3	*
Manuel Pégourié-Gonnard	0edee5e	2015-01-26 15:29:40 +0000	[diff] [blame^]	4	* Copyright (C) 2006-2011, ARM Limited, All Rights Reserved
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
Manuel Pégourié-Gonnard	0edee5e	2015-01-26 15:29:40 +0000	[diff] [blame^]	6	* This file is part of mbed TLS (https://www.polarssl.org)
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	7	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	8	* This program is free software; you can redistribute it and/or modify
				9	* it under the terms of the GNU General Public License as published by
				10	* the Free Software Foundation; either version 2 of the License, or
				11	* (at your option) any later version.
				12	*
				13	* This program is distributed in the hope that it will be useful,
				14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				16	* GNU General Public License for more details.
				17	*
				18	* You should have received a copy of the GNU General Public License along
				19	* with this program; if not, write to the Free Software Foundation, Inc.,
				20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				21	*/
				22
				23	#ifndef _CRT_SECURE_NO_DEPRECATE
				24	#define _CRT_SECURE_NO_DEPRECATE 1
				25	#endif
				26
				27	#include <string.h>
				28	#include <stdio.h>
				29
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	30	#include "polarssl/config.h"
				31
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	32	#include "polarssl/net.h"
				33	#include "polarssl/ssl.h"
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	34	#include "polarssl/entropy.h"
				35	#include "polarssl/ctr_drbg.h"
Paul Bakker	a3d195c	2011-11-27 21:07:34 +0000	[diff] [blame]	36	#include "polarssl/error.h"
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	37	#include "polarssl/certs.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	38
Paul Bakker	757e250	2010-02-18 19:29:00 +0000	[diff] [blame]	39	#define SERVER_PORT 4433
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	40	#define SERVER_NAME "localhost"
				41	#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	42
Paul Bakker	eaca51d	2010-08-16 12:00:14 +0000	[diff] [blame]	43	#define DEBUG_LEVEL 1
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	44
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	45	void my_debug( void ctx, int level, const char str )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	46	{
				47	if( level < DEBUG_LEVEL )
				48	{
				49	fprintf( (FILE *) ctx, "%s", str );
				50	fflush( (FILE *) ctx );
				51	}
				52	}
				53
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	54	#if !defined(POLARSSL_BIGNUM_C) \|\| !defined(POLARSSL_ENTROPY_C) \|\| \
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	55	!defined(POLARSSL_SSL_TLS_C) \|\| !defined(POLARSSL_SSL_CLI_C) \|\| \
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	56	!defined(POLARSSL_NET_C) \|\| !defined(POLARSSL_RSA_C) \|\| \
				57	!defined(POLARSSL_CTR_DRBG_C)
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	58	int main( int argc, char *argv[] )
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	59	{
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	60	((void) argc);
				61	((void) argv);
				62
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	63	printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	64	"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	65	"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
				66	"POLARSSL_CTR_DRBG_C not defined.\n");
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	67	return( 0 );
				68	}
				69	#else
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	70	int main( int argc, char *argv[] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	71	{
Paul Bakker	a16e7f2	2014-07-09 14:58:11 +0200	[diff] [blame]	72	int ret, len, server_fd = -1;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	73	unsigned char buf[1024];
Paul Bakker	e0225e4	2013-06-06 12:52:24 +0200	[diff] [blame]	74	const char *pers = "ssl_client1";
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	75
				76	entropy_context entropy;
				77	ctr_drbg_context ctr_drbg;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	78	ssl_context ssl;
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	79	x509_cert cacert;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	80
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	81	((void) argc);
				82	((void) argv);
				83
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	84	/*
				85	* 0. Initialize the RNG and the session data
				86	*/
Paul Bakker	1a207ec	2011-02-06 13:22:40 +0000	[diff] [blame]	87	memset( &ssl, 0, sizeof( ssl_context ) );
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	88	memset( &cacert, 0, sizeof( x509_cert ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	89
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	90	printf( "\n . Seeding the random number generator..." );
				91	fflush( stdout );
				92
				93	entropy_init( &entropy );
				94	if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakker	e0225e4	2013-06-06 12:52:24 +0200	[diff] [blame]	95	(const unsigned char *) pers,
				96	strlen( pers ) ) ) != 0 )
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	97	{
				98	printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
				99	goto exit;
				100	}
				101
				102	printf( " ok\n" );
				103
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	104	/*
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	105	* 0. Initialize certificates
				106	*/
				107	printf( " . Loading the CA root certificate ..." );
				108	fflush( stdout );
				109
				110	#if defined(POLARSSL_CERTS_C)
Paul Bakker	e0225e4	2013-06-06 12:52:24 +0200	[diff] [blame]	111	ret = x509parse_crt( &cacert, (const unsigned char *) test_ca_crt,
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	112	strlen( test_ca_crt ) );
				113	#else
				114	ret = 1;
				115	printf("POLARSSL_CERTS_C not defined.");
				116	#endif
				117
				118	if( ret < 0 )
				119	{
				120	printf( " failed\n ! x509parse_crt returned -0x%x\n\n", -ret );
				121	goto exit;
				122	}
				123
				124	printf( " ok (%d skipped)\n", ret );
				125
				126	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	127	* 1. Start the connection
				128	*/
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	129	printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
				130	SERVER_PORT );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	131	fflush( stdout );
				132
				133	if( ( ret = net_connect( &server_fd, SERVER_NAME,
				134	SERVER_PORT ) ) != 0 )
				135	{
				136	printf( " failed\n ! net_connect returned %d\n\n", ret );
				137	goto exit;
				138	}
				139
				140	printf( " ok\n" );
				141
				142	/*
				143	* 2. Setup stuff
				144	*/
				145	printf( " . Setting up the SSL/TLS structure..." );
				146	fflush( stdout );
				147
				148	if( ( ret = ssl_init( &ssl ) ) != 0 )
				149	{
				150	printf( " failed\n ! ssl_init returned %d\n\n", ret );
				151	goto exit;
				152	}
				153
				154	printf( " ok\n" );
				155
				156	ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
Manuel Pégourié-Gonnard	516eb62	2014-03-11 11:10:27 +0100	[diff] [blame]	157	/* OPTIONAL is not optimal for security,
				158	* but makes interop easier in this simplified example */
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	159	ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
				160	ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	161
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	162	ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	163	ssl_set_dbg( &ssl, my_debug, stdout );
				164	ssl_set_bio( &ssl, net_recv, &server_fd,
				165	net_send, &server_fd );
				166
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	167	/*
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	168	* 4. Handshake
				169	*/
				170	printf( " . Performing the SSL/TLS handshake..." );
				171	fflush( stdout );
				172
				173	while( ( ret = ssl_handshake( &ssl ) ) != 0 )
				174	{
				175	if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
				176	{
				177	printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
				178	goto exit;
				179	}
				180	}
				181
				182	printf( " ok\n" );
				183
				184	/*
				185	* 5. Verify the server certificate
				186	*/
				187	printf( " . Verifying peer X.509 certificate..." );
				188
Manuel Pégourié-Gonnard	516eb62	2014-03-11 11:10:27 +0100	[diff] [blame]	189	/* In real life, we may want to bail out when ret != 0 */
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	190	if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
				191	{
				192	printf( " failed\n" );
				193
				194	if( ( ret & BADCERT_EXPIRED ) != 0 )
				195	printf( " ! server certificate has expired\n" );
				196
				197	if( ( ret & BADCERT_REVOKED ) != 0 )
				198	printf( " ! server certificate has been revoked\n" );
				199
				200	if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
				201	printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
				202
				203	if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
				204	printf( " ! self-signed or not signed by a trusted CA\n" );
				205
				206	printf( "\n" );
				207	}
				208	else
				209	printf( " ok\n" );
				210
				211	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	212	* 3. Write the GET request
				213	*/
				214	printf( " > Write to server:" );
				215	fflush( stdout );
				216
				217	len = sprintf( (char *) buf, GET_REQUEST );
				218
				219	while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
				220	{
Paul Bakker	831a755	2011-05-18 13:32:51 +0000	[diff] [blame]	221	if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	222	{
				223	printf( " failed\n ! ssl_write returned %d\n\n", ret );
				224	goto exit;
				225	}
				226	}
				227
				228	len = ret;
				229	printf( " %d bytes written\n\n%s", len, (char *) buf );
				230
				231	/*
				232	* 7. Read the HTTP response
				233	*/
				234	printf( " < Read from server:" );
				235	fflush( stdout );
				236
				237	do
				238	{
				239	len = sizeof( buf ) - 1;
				240	memset( buf, 0, sizeof( buf ) );
				241	ret = ssl_read( &ssl, buf, len );
				242
Paul Bakker	831a755	2011-05-18 13:32:51 +0000	[diff] [blame]	243	if( ret == POLARSSL_ERR_NET_WANT_READ \|\| ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	244	continue;
				245
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	246	if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	247	break;
				248
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	249	if( ret < 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	250	{
				251	printf( "failed\n ! ssl_read returned %d\n\n", ret );
				252	break;
				253	}
				254
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	255	if( ret == 0 )
				256	{
				257	printf( "\n\nEOF\n\n" );
				258	break;
				259	}
				260
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	261	len = ret;
				262	printf( " %d bytes read\n\n%s", len, (char *) buf );
				263	}
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	264	while( 1 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	265
				266	ssl_close_notify( &ssl );
				267
				268	exit:
				269
Paul Bakker	a3d195c	2011-11-27 21:07:34 +0000	[diff] [blame]	270	#ifdef POLARSSL_ERROR_C
				271	if( ret != 0 )
				272	{
				273	char error_buf[100];
				274	error_strerror( ret, error_buf, 100 );
				275	printf("Last error was: %d - %s\n\n", ret, error_buf );
				276	}
				277	#endif
				278
Paul Bakker	3914840	2014-04-17 16:02:36 +0200	[diff] [blame]	279	if( server_fd != -1 )
				280	net_close( server_fd );
				281
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	282	x509_free( &cacert );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	283	ssl_free( &ssl );
				284
				285	memset( &ssl, 0, sizeof( ssl ) );
				286
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	287	#if defined(_WIN32)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	288	printf( " + Press Enter to exit this program.\n" );
				289	fflush( stdout ); getchar();
				290	#endif
				291
				292	return( ret );
				293	}
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	294	#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
				295	POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
				296	POLARSSL_CTR_DRBG_C */