TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1a0f5520303f34c0faaf0e4be4403d5e43173e58 / . / programs / ssl / ssl_server.c
blob: a8855b8c2e438e4ca4b6207045e85864d2647032 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * SSL server demonstration program
3 *
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]4 * Copyright (C) 2006-2011, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]30#if defined(_WIN32)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]31#include <windows.h>
32#endif
33
34#include <string.h>
35#include <stdlib.h>
36#include <stdio.h>
37
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]38#include "polarssl/config.h"
39
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]40#include "polarssl/entropy.h"
41#include "polarssl/ctr_drbg.h"
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]42#include "polarssl/certs.h"
43#include "polarssl/x509.h"
44#include "polarssl/ssl.h"
45#include "polarssl/net.h"
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]46#include "polarssl/error.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]47
48#define HTTP_RESPONSE \
49 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
Paul Bakkereaca51d2010-08-16 12:00:14 +0000[diff] [blame]50 "<h2>PolarSSL Test Server</h2>\r\n" \
51 "<p>Successful connection using: %s</p>\r\n"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]52
53/*
Paul Bakker29b64762012-09-25 09:36:44 +0000[diff] [blame]54 * Computing a "safe" DH prime can take a very
55 * long time. RFC 5114 provides precomputed and standardized
56 * values.
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]57 */
Paul Bakker29b64762012-09-25 09:36:44 +0000[diff] [blame]58char *my_dhm_P = POLARSSL_DHM_RFC5114_MODP_1024_P;
59char *my_dhm_G = POLARSSL_DHM_RFC5114_MODP_1024_G;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]60
61/*
62 * Sorted by order of preference
63 */
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]64int my_ciphersuites[] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]65{
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]66#if defined(POLARSSL_DHM_C)
67#if defined(POLARSSL_AES_C)
68#if defined(POLARSSL_SHA2_C)
69 SSL_EDH_RSA_AES_256_SHA256,
70 SSL_EDH_RSA_AES_128_SHA256,
71#endif /* POLARSSL_SHA2_C */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]72 SSL_EDH_RSA_AES_256_SHA,
Paul Bakker77a43582010-06-15 21:32:46 +0000[diff] [blame]73 SSL_EDH_RSA_AES_128_SHA,
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]74#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
75 SSL_EDH_RSA_AES_256_GCM_SHA384,
76#endif
77#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
78 SSL_EDH_RSA_AES_128_GCM_SHA256,
79#endif
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]80#endif
81#if defined(POLARSSL_CAMELLIA_C)
82#if defined(POLARSSL_SHA2_C)
83 SSL_EDH_RSA_CAMELLIA_256_SHA256,
84 SSL_EDH_RSA_CAMELLIA_128_SHA256,
85#endif /* POLARSSL_SHA2_C */
86 SSL_EDH_RSA_CAMELLIA_256_SHA,
Paul Bakker77a43582010-06-15 21:32:46 +0000[diff] [blame]87 SSL_EDH_RSA_CAMELLIA_128_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]88#endif
89#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]90 SSL_EDH_RSA_DES_168_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]91#endif
92#endif
93
94#if defined(POLARSSL_AES_C)
95#if defined(POLARSSL_SHA2_C)
96 SSL_RSA_AES_256_SHA256,
97#endif /* POLARSSL_SHA2_C */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]98 SSL_RSA_AES_256_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]99#endif
100#if defined(POLARSSL_CAMELLIA_C)
101#if defined(POLARSSL_SHA2_C)
102 SSL_RSA_CAMELLIA_256_SHA256,
103#endif /* POLARSSL_SHA2_C */
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]104 SSL_RSA_CAMELLIA_256_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]105#endif
106#if defined(POLARSSL_AES_C)
107#if defined(POLARSSL_SHA2_C)
108 SSL_RSA_AES_128_SHA256,
109#endif /* POLARSSL_SHA2_C */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]110 SSL_RSA_AES_128_SHA,
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame]111#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
112 SSL_RSA_AES_256_GCM_SHA384,
113#endif
114#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
115 SSL_RSA_AES_128_GCM_SHA256,
116#endif
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]117#endif
118#if defined(POLARSSL_CAMELLIA_C)
119#if defined(POLARSSL_SHA2_C)
120 SSL_RSA_CAMELLIA_128_SHA256,
121#endif /* POLARSSL_SHA2_C */
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]122 SSL_RSA_CAMELLIA_128_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]123#endif
124#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]125 SSL_RSA_DES_168_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]126#endif
127#if defined(POLARSSL_ARC4_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]128 SSL_RSA_RC4_128_SHA,
129 SSL_RSA_RC4_128_MD5,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]130#endif
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]131#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]132#if defined(POLARSSL_DES_C)
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]133 SSL_EDH_RSA_DES_SHA,
134 SSL_RSA_DES_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]135#endif
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]136#if defined(POLARSSL_CIPHER_NULL_CIPHER)
137 SSL_RSA_NULL_MD5,
138 SSL_RSA_NULL_SHA,
139 SSL_RSA_NULL_SHA256,
140#endif
141#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]142 0
143};
144
Paul Bakker835b29e2012-08-23 08:31:59 +0000[diff] [blame]145#define DEBUG_LEVEL 0
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]146
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]147void my_debug( void *ctx, int level, const char *str )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]148{
149 if( level < DEBUG_LEVEL )
150 {
151 fprintf( (FILE *) ctx, "%s", str );
152 fflush( (FILE *) ctx );
153 }
154}
155
156/*
157 * These session callbacks use a simple chained list
158 * to store and retrieve the session information.
159 */
160ssl_session *s_list_1st = NULL;
161ssl_session *cur, *prv;
162
163static int my_get_session( ssl_context *ssl )
164{
165 time_t t = time( NULL );
166
167 if( ssl->resume == 0 )
168 return( 1 );
169
170 cur = s_list_1st;
171 prv = NULL;
172
173 while( cur != NULL )
174 {
175 prv = cur;
176 cur = cur->next;
177
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]178 if( ssl->timeout != 0 && (int) ( t - prv->start ) > ssl->timeout )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]179 continue;
180
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]181 if( ssl->session->ciphersuite != prv->ciphersuite ||
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]182 ssl->session->length != prv->length )
183 continue;
184
185 if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
186 continue;
187
188 memcpy( ssl->session->master, prv->master, 48 );
189 return( 0 );
190 }
191
192 return( 1 );
193}
194
195static int my_set_session( ssl_context *ssl )
196{
197 time_t t = time( NULL );
198
199 cur = s_list_1st;
200 prv = NULL;
201
202 while( cur != NULL )
203 {
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]204 if( ssl->timeout != 0 && (int) ( t - cur->start ) > ssl->timeout )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]205 break; /* expired, reuse this slot */
206
207 if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
208 break; /* client reconnected */
209
210 prv = cur;
211 cur = cur->next;
212 }
213
214 if( cur == NULL )
215 {
216 cur = (ssl_session *) malloc( sizeof( ssl_session ) );
217 if( cur == NULL )
218 return( 1 );
219
220 if( prv == NULL )
221 s_list_1st = cur;
222 else prv->next = cur;
223 }
224
225 memcpy( cur, ssl->session, sizeof( ssl_session ) );
226
227 return( 0 );
228}
229
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]230#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]231 !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]232 !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]233 !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C)
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]234int main( int argc, char *argv[] )
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]235{
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]236 ((void) argc);
237 ((void) argv);
238
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]239 printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]240 "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]241 "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
242 "POLARSSL_CTR_DRBG_C not defined.\n");
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]243 return( 0 );
244}
245#else
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]246int main( int argc, char *argv[] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]247{
248 int ret, len;
249 int listen_fd;
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]250 int client_fd = -1;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]251 unsigned char buf[1024];
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]252 char *pers = "ssl_server";
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]253
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]254 entropy_context entropy;
255 ctr_drbg_context ctr_drbg;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]256 ssl_context ssl;
257 ssl_session ssn;
258 x509_cert srvcert;
259 rsa_context rsa;
260
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]261 ((void) argc);
262 ((void) argv);
263
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]264 memset( &ssl, 0, sizeof( ssl_context ) );
265
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]266 /*
267 * 1. Load the certificates and private RSA key
268 */
269 printf( "\n . Loading the server cert. and key..." );
270 fflush( stdout );
271
272 memset( &srvcert, 0, sizeof( x509_cert ) );
273
274 /*
275 * This demonstration program uses embedded test certificates.
276 * Instead, you may want to use x509parse_crtfile() to read the
277 * server and CA certificates, as well as x509parse_keyfile().
278 */
279 ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]280 strlen( test_srv_crt ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]281 if( ret != 0 )
282 {
283 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
284 goto exit;
285 }
286
287 ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]288 strlen( test_ca_crt ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]289 if( ret != 0 )
290 {
291 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
292 goto exit;
293 }
294
Paul Bakker91b41592011-05-05 12:01:31 +0000[diff] [blame]295 rsa_init( &rsa, RSA_PKCS_V15, 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]296 ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
297 strlen( test_srv_key ), NULL, 0 );
298 if( ret != 0 )
299 {
300 printf( " failed\n ! x509parse_key returned %d\n\n", ret );
301 goto exit;
302 }
303
304 printf( " ok\n" );
305
306 /*
307 * 2. Setup the listening TCP socket
308 */
309 printf( " . Bind on https://localhost:4433/ ..." );
310 fflush( stdout );
311
312 if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
313 {
314 printf( " failed\n ! net_bind returned %d\n\n", ret );
315 goto exit;
316 }
317
318 printf( " ok\n" );
319
320 /*
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]321 * 3. Seed the RNG
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]322 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]323 printf( " . Seeding the random number generator..." );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]324 fflush( stdout );
325
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]326 entropy_init( &entropy );
327 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
328 (unsigned char *) pers, strlen( pers ) ) ) != 0 )
329 {
330 printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
331 goto exit;
332 }
333
334 printf( " ok\n" );
335
336 /*
337 * 4. Setup stuff
338 */
339 printf( " . Setting up the SSL data...." );
340 fflush( stdout );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]341
342 if( ( ret = ssl_init( &ssl ) ) != 0 )
343 {
344 printf( " failed\n ! ssl_init returned %d\n\n", ret );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]345 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]346 }
347
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]348 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
349 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
350
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]351 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]352 ssl_set_dbg( &ssl, my_debug, stdout );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]353
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]354 ssl_set_scb( &ssl, my_get_session,
355 my_set_session );
356
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]357 ssl_set_ciphersuites( &ssl, my_ciphersuites );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]358 ssl_set_session( &ssl, 1, 0, &ssn );
359
360 memset( &ssn, 0, sizeof( ssl_session ) );
361
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]362 ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]363 ssl_set_own_cert( &ssl, &srvcert, &rsa );
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]364#if defined(POLARSSL_DHM_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]365 ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]366#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]367
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]368 printf( " ok\n" );
369
370reset:
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]371#ifdef POLARSSL_ERROR_C
372 if( ret != 0 )
373 {
374 char error_buf[100];
375 error_strerror( ret, error_buf, 100 );
376 printf("Last error was: %d - %s\n\n", ret, error_buf );
377 }
378#endif
379
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]380 if( client_fd != -1 )
381 net_close( client_fd );
382
383 ssl_session_reset( &ssl );
384
385 /*
386 * 3. Wait until a client connects
387 */
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]388#if defined(_WIN32_WCE)
389 {
390 SHELLEXECUTEINFO sei;
391
392 ZeroMemory( &sei, sizeof( SHELLEXECUTEINFO ) );
393
394 sei.cbSize = sizeof( SHELLEXECUTEINFO );
395 sei.fMask = 0;
396 sei.hwnd = 0;
397 sei.lpVerb = _T( "open" );
398 sei.lpFile = _T( "https://localhost:4433/" );
399 sei.lpParameters = NULL;
400 sei.lpDirectory = NULL;
401 sei.nShow = SW_SHOWNORMAL;
402
403 ShellExecuteEx( &sei );
404 }
405#elif defined(_WIN32)
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]406 ShellExecute( NULL, "open", "https://localhost:4433/",
407 NULL, NULL, SW_SHOWNORMAL );
408#endif
409
410 client_fd = -1;
411
412 printf( " . Waiting for a remote connection ..." );
413 fflush( stdout );
414
415 if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
416 {
417 printf( " failed\n ! net_accept returned %d\n\n", ret );
418 goto exit;
419 }
420
421 ssl_set_bio( &ssl, net_recv, &client_fd,
422 net_send, &client_fd );
423
424 printf( " ok\n" );
425
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]426 /*
427 * 5. Handshake
428 */
429 printf( " . Performing the SSL/TLS handshake..." );
430 fflush( stdout );
431
432 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
433 {
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]434 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]435 {
436 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]437 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]438 }
439 }
440
441 printf( " ok\n" );
442
443 /*
444 * 6. Read the HTTP Request
445 */
446 printf( " < Read from client:" );
447 fflush( stdout );
448
449 do
450 {
451 len = sizeof( buf ) - 1;
452 memset( buf, 0, sizeof( buf ) );
453 ret = ssl_read( &ssl, buf, len );
454
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]455 if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]456 continue;
457
458 if( ret <= 0 )
459 {
460 switch( ret )
461 {
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]462 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]463 printf( " connection was closed gracefully\n" );
464 break;
465
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]466 case POLARSSL_ERR_NET_CONN_RESET:
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]467 printf( " connection was reset by peer\n" );
468 break;
469
470 default:
Paul Bakker6f3578c2012-04-16 06:46:01 +0000[diff] [blame]471 printf( " ssl_read returned -0x%x\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]472 break;
473 }
474
475 break;
476 }
477
478 len = ret;
479 printf( " %d bytes read\n\n%s", len, (char *) buf );
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]480
481 if( ret > 0 )
482 break;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]483 }
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]484 while( 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]485
486 /*
487 * 7. Write the 200 Response
488 */
489 printf( " > Write to client:" );
490 fflush( stdout );
491
492 len = sprintf( (char *) buf, HTTP_RESPONSE,
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]493 ssl_get_ciphersuite( &ssl ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]494
495 while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
496 {
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]497 if( ret == POLARSSL_ERR_NET_CONN_RESET )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]498 {
499 printf( " failed\n ! peer closed the connection\n\n" );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]500 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]501 }
502
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]503 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]504 {
505 printf( " failed\n ! ssl_write returned %d\n\n", ret );
506 goto exit;
507 }
508 }
509
510 len = ret;
511 printf( " %d bytes written\n\n%s\n", len, (char *) buf );
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]512
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]513 ret = 0;
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]514 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]515
516exit:
517
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]518#ifdef POLARSSL_ERROR_C
519 if( ret != 0 )
520 {
521 char error_buf[100];
522 error_strerror( ret, error_buf, 100 );
523 printf("Last error was: %d - %s\n\n", ret, error_buf );
524 }
525#endif
526
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]527 net_close( client_fd );
528 x509_free( &srvcert );
529 rsa_free( &rsa );
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]530 ssl_session_free( &ssn );
531 ssl_session_free( s_list_1st );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]532 ssl_free( &ssl );
533
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]534#if defined(_WIN32)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]535 printf( " Press Enter to exit this program.\n" );
536 fflush( stdout ); getchar();
537#endif
538
539 return( ret );
540}
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]541#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]542 POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]543 POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */