TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ee3c038a8e8fdfb0b210084be7d73048bd83b707 / . / programs / ssl / ssl_client2.c
blob: dd0496919bc5b9dc44c74763d1b3ae9e0928edb1 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * SSL client with certificate authentication
3 *
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]4 * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
5 *
6 * Copyright (C) 2009 Paul Bakker
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
23#ifndef _CRT_SECURE_NO_DEPRECATE
24#define _CRT_SECURE_NO_DEPRECATE 1
25#endif
26
27#include <string.h>
28#include <stdio.h>
29
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]30#include "polarssl/net.h"
31#include "polarssl/ssl.h"
32#include "polarssl/havege.h"
33#include "polarssl/certs.h"
34#include "polarssl/x509.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
36#define SERVER_PORT 443
37/*
38#define SERVER_NAME "localhost"
39#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
40*/
Paul Bakkerb749d682009-01-04 16:08:55 +0000[diff] [blame]41#define SERVER_NAME "polarssl.org"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]42#define GET_REQUEST \
43 "GET /hello/ HTTP/1.1\r\n" \
Paul Bakkerb749d682009-01-04 16:08:55 +0000[diff] [blame]44 "Host: polarssl.org\r\n\r\n"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]45
46#define DEBUG_LEVEL 0
47
48void my_debug( void *ctx, int level, char *str )
49{
50 if( level < DEBUG_LEVEL )
51 {
52 fprintf( (FILE *) ctx, "%s", str );
53 fflush( (FILE *) ctx );
54 }
55}
56
57int main( void )
58{
59 int ret, len, server_fd;
60 unsigned char buf[1024];
61 havege_state hs;
62 ssl_context ssl;
63 ssl_session ssn;
64 x509_cert cacert;
65 x509_cert clicert;
66 rsa_context rsa;
67
68 /*
69 * 0. Initialize the RNG and the session data
70 */
71 havege_init( &hs );
72 memset( &ssn, 0, sizeof( ssl_session ) );
73
74 /*
75 * 1.1. Load the trusted CA
76 */
77 printf( "\n . Loading the CA root certificate ..." );
78 fflush( stdout );
79
80 memset( &cacert, 0, sizeof( x509_cert ) );
81
82 /*
83 * Alternatively, you may load the CA certificates from a .pem or
84 * .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ).
85 */
86 ret = x509parse_crt( &cacert, (unsigned char *) xyssl_ca_crt,
87 strlen( xyssl_ca_crt ) );
88 if( ret != 0 )
89 {
90 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
91 goto exit;
92 }
93
94 printf( " ok\n" );
95
96 /*
97 * 1.2. Load own certificate and private key
98 *
99 * (can be skipped if client authentication is not required)
100 */
101 printf( " . Loading the client cert. and key..." );
102 fflush( stdout );
103
104 memset( &clicert, 0, sizeof( x509_cert ) );
105
106 ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
107 strlen( test_cli_crt ) );
108 if( ret != 0 )
109 {
110 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
111 goto exit;
112 }
113
114 ret = x509parse_key( &rsa, (unsigned char *) test_cli_key,
115 strlen( test_cli_key ), NULL, 0 );
116 if( ret != 0 )
117 {
118 printf( " failed\n ! x509parse_key returned %d\n\n", ret );
119 goto exit;
120 }
121
122 printf( " ok\n" );
123
124 /*
125 * 2. Start the connection
126 */
127 printf( " . Connecting to tcp/%s/%-4d...", SERVER_NAME,
128 SERVER_PORT );
129 fflush( stdout );
130
131 if( ( ret = net_connect( &server_fd, SERVER_NAME,
132 SERVER_PORT ) ) != 0 )
133 {
134 printf( " failed\n ! net_connect returned %d\n\n", ret );
135 goto exit;
136 }
137
138 printf( " ok\n" );
139
140 /*
141 * 3. Setup stuff
142 */
143 printf( " . Setting up the SSL/TLS structure..." );
144 fflush( stdout );
145
146 havege_init( &hs );
147
148 if( ( ret = ssl_init( &ssl ) ) != 0 )
149 {
150 printf( " failed\n ! ssl_init returned %d\n\n", ret );
151 goto exit;
152 }
153
154 printf( " ok\n" );
155
156 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
157 ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
158
159 ssl_set_rng( &ssl, havege_rand, &hs );
160 ssl_set_bio( &ssl, net_recv, &server_fd,
161 net_send, &server_fd );
162
163 ssl_set_ciphers( &ssl, ssl_default_ciphers );
164 ssl_set_session( &ssl, 1, 600, &ssn );
165
166 ssl_set_ca_chain( &ssl, &cacert, SERVER_NAME );
167 ssl_set_own_cert( &ssl, &clicert, &rsa );
168
169 ssl_set_hostname( &ssl, SERVER_NAME );
170
171 /*
172 * 4. Handshake
173 */
174 printf( " . Performing the SSL/TLS handshake..." );
175 fflush( stdout );
176
177 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
178 {
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]179 if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]180 {
181 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
182 goto exit;
183 }
184 }
185
186 printf( " ok\n [ Cipher is %s ]\n",
187 ssl_get_cipher( &ssl ) );
188
189 /*
190 * 5. Verify the server certificate
191 */
192 printf( " . Verifying peer X.509 certificate..." );
193
194 if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
195 {
196 printf( " failed\n" );
197
198 if( ( ret & BADCERT_EXPIRED ) != 0 )
199 printf( " ! server certificate has expired\n" );
200
201 if( ( ret & BADCERT_REVOKED ) != 0 )
202 printf( " ! server certificate has been revoked\n" );
203
204 if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
205 printf( " ! CN mismatch (expected CN=%s)\n", SERVER_NAME );
206
207 if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
208 printf( " ! self-signed or not signed by a trusted CA\n" );
209
210 printf( "\n" );
211 }
212 else
213 printf( " ok\n" );
214
215 printf( " . Peer certificate information ...\n" );
216 printf( x509parse_cert_info( " ", ssl.peer_cert ) );
217
218 /*
219 * 6. Write the GET request
220 */
221 printf( " > Write to server:" );
222 fflush( stdout );
223
224 len = sprintf( (char *) buf, GET_REQUEST );
225
226 while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
227 {
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]228 if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]229 {
230 printf( " failed\n ! ssl_write returned %d\n\n", ret );
231 goto exit;
232 }
233 }
234
235 len = ret;
236 printf( " %d bytes written\n\n%s", len, (char *) buf );
237
238 /*
239 * 7. Read the HTTP response
240 */
241 printf( " < Read from server:" );
242 fflush( stdout );
243
244 do
245 {
246 len = sizeof( buf ) - 1;
247 memset( buf, 0, sizeof( buf ) );
248 ret = ssl_read( &ssl, buf, len );
249
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]250 if( ret == POLARSSL_ERR_NET_TRY_AGAIN )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]251 continue;
252
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]253 if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]254 break;
255
256 if( ret <= 0 )
257 {
258 printf( "failed\n ! ssl_read returned %d\n\n", ret );
259 break;
260 }
261
262 len = ret;
263 printf( " %d bytes read\n\n%s", len, (char *) buf );
264 }
265 while( 0 );
266
267 ssl_close_notify( &ssl );
268
269exit:
270
271 net_close( server_fd );
272 x509_free( &clicert );
273 x509_free( &cacert );
274 rsa_free( &rsa );
275 ssl_free( &ssl );
276
277 memset( &ssl, 0, sizeof( ssl ) );
278
279#ifdef WIN32
280 printf( " + Press Enter to exit this program.\n" );
281 fflush( stdout ); getchar();
282#endif
283
284 return( ret );
285}