Blame - programs/ssl/ssl_client1.c - mirror/mbed-tls

blob: 0405326632df83f504468b740f27972c90eb3f23 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* SSL client demonstration program
				3	*
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	4	* Copyright (C) 2006-2011, Brainspark B.V.
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker	84f12b7	2010-07-18 10:13:04 +0000	[diff] [blame]	7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	8	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame]	9	* All rights reserved.
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	10	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25
				26	#ifndef _CRT_SECURE_NO_DEPRECATE
				27	#define _CRT_SECURE_NO_DEPRECATE 1
				28	#endif
				29
				30	#include <string.h>
				31	#include <stdio.h>
				32
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	33	#include "polarssl/config.h"
				34
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	35	#include "polarssl/net.h"
				36	#include "polarssl/ssl.h"
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	37	#include "polarssl/entropy.h"
				38	#include "polarssl/ctr_drbg.h"
Paul Bakker	a3d195c	2011-11-27 21:07:34 +0000	[diff] [blame]	39	#include "polarssl/error.h"
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	40	#include "polarssl/certs.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	41
Paul Bakker	757e250	2010-02-18 19:29:00 +0000	[diff] [blame]	42	#define SERVER_PORT 4433
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	43	#define SERVER_NAME "localhost"
				44	#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	45
Paul Bakker	eaca51d	2010-08-16 12:00:14 +0000	[diff] [blame]	46	#define DEBUG_LEVEL 1
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	47
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	48	void my_debug( void ctx, int level, const char str )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	49	{
				50	if( level < DEBUG_LEVEL )
				51	{
				52	fprintf( (FILE *) ctx, "%s", str );
				53	fflush( (FILE *) ctx );
				54	}
				55	}
				56
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	57	#if !defined(POLARSSL_BIGNUM_C) \|\| !defined(POLARSSL_ENTROPY_C) \|\| \
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	58	!defined(POLARSSL_SSL_TLS_C) \|\| !defined(POLARSSL_SSL_CLI_C) \|\| \
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	59	!defined(POLARSSL_NET_C) \|\| !defined(POLARSSL_RSA_C) \|\| \
				60	!defined(POLARSSL_CTR_DRBG_C)
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	61	int main( int argc, char *argv[] )
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	62	{
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	63	((void) argc);
				64	((void) argv);
				65
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	66	printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	67	"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	68	"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
				69	"POLARSSL_CTR_DRBG_C not defined.\n");
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	70	return( 0 );
				71	}
				72	#else
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	73	int main( int argc, char *argv[] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	74	{
Paul Bakker	a16e7f2	2014-07-09 14:58:11 +0200	[diff] [blame^]	75	int ret, len, server_fd = -1;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	76	unsigned char buf[1024];
Paul Bakker	e0225e4	2013-06-06 12:52:24 +0200	[diff] [blame]	77	const char *pers = "ssl_client1";
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	78
				79	entropy_context entropy;
				80	ctr_drbg_context ctr_drbg;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	81	ssl_context ssl;
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	82	x509_cert cacert;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	83
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	84	((void) argc);
				85	((void) argv);
				86
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	87	/*
				88	* 0. Initialize the RNG and the session data
				89	*/
Paul Bakker	1a207ec	2011-02-06 13:22:40 +0000	[diff] [blame]	90	memset( &ssl, 0, sizeof( ssl_context ) );
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	91	memset( &cacert, 0, sizeof( x509_cert ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	92
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	93	printf( "\n . Seeding the random number generator..." );
				94	fflush( stdout );
				95
				96	entropy_init( &entropy );
				97	if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakker	e0225e4	2013-06-06 12:52:24 +0200	[diff] [blame]	98	(const unsigned char *) pers,
				99	strlen( pers ) ) ) != 0 )
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	100	{
				101	printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
				102	goto exit;
				103	}
				104
				105	printf( " ok\n" );
				106
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	107	/*
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	108	* 0. Initialize certificates
				109	*/
				110	printf( " . Loading the CA root certificate ..." );
				111	fflush( stdout );
				112
				113	#if defined(POLARSSL_CERTS_C)
Paul Bakker	e0225e4	2013-06-06 12:52:24 +0200	[diff] [blame]	114	ret = x509parse_crt( &cacert, (const unsigned char *) test_ca_crt,
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	115	strlen( test_ca_crt ) );
				116	#else
				117	ret = 1;
				118	printf("POLARSSL_CERTS_C not defined.");
				119	#endif
				120
				121	if( ret < 0 )
				122	{
				123	printf( " failed\n ! x509parse_crt returned -0x%x\n\n", -ret );
				124	goto exit;
				125	}
				126
				127	printf( " ok (%d skipped)\n", ret );
				128
				129	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	130	* 1. Start the connection
				131	*/
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	132	printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
				133	SERVER_PORT );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	134	fflush( stdout );
				135
				136	if( ( ret = net_connect( &server_fd, SERVER_NAME,
				137	SERVER_PORT ) ) != 0 )
				138	{
				139	printf( " failed\n ! net_connect returned %d\n\n", ret );
				140	goto exit;
				141	}
				142
				143	printf( " ok\n" );
				144
				145	/*
				146	* 2. Setup stuff
				147	*/
				148	printf( " . Setting up the SSL/TLS structure..." );
				149	fflush( stdout );
				150
				151	if( ( ret = ssl_init( &ssl ) ) != 0 )
				152	{
				153	printf( " failed\n ! ssl_init returned %d\n\n", ret );
				154	goto exit;
				155	}
				156
				157	printf( " ok\n" );
				158
				159	ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
Manuel Pégourié-Gonnard	516eb62	2014-03-11 11:10:27 +0100	[diff] [blame]	160	/* OPTIONAL is not optimal for security,
				161	* but makes interop easier in this simplified example */
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	162	ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
				163	ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	164
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	165	ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	166	ssl_set_dbg( &ssl, my_debug, stdout );
				167	ssl_set_bio( &ssl, net_recv, &server_fd,
				168	net_send, &server_fd );
				169
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	170	/*
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	171	* 4. Handshake
				172	*/
				173	printf( " . Performing the SSL/TLS handshake..." );
				174	fflush( stdout );
				175
				176	while( ( ret = ssl_handshake( &ssl ) ) != 0 )
				177	{
				178	if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
				179	{
				180	printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
				181	goto exit;
				182	}
				183	}
				184
				185	printf( " ok\n" );
				186
				187	/*
				188	* 5. Verify the server certificate
				189	*/
				190	printf( " . Verifying peer X.509 certificate..." );
				191
Manuel Pégourié-Gonnard	516eb62	2014-03-11 11:10:27 +0100	[diff] [blame]	192	/* In real life, we may want to bail out when ret != 0 */
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	193	if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
				194	{
				195	printf( " failed\n" );
				196
				197	if( ( ret & BADCERT_EXPIRED ) != 0 )
				198	printf( " ! server certificate has expired\n" );
				199
				200	if( ( ret & BADCERT_REVOKED ) != 0 )
				201	printf( " ! server certificate has been revoked\n" );
				202
				203	if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
				204	printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
				205
				206	if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
				207	printf( " ! self-signed or not signed by a trusted CA\n" );
				208
				209	printf( "\n" );
				210	}
				211	else
				212	printf( " ok\n" );
				213
				214	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	215	* 3. Write the GET request
				216	*/
				217	printf( " > Write to server:" );
				218	fflush( stdout );
				219
				220	len = sprintf( (char *) buf, GET_REQUEST );
				221
				222	while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
				223	{
Paul Bakker	831a755	2011-05-18 13:32:51 +0000	[diff] [blame]	224	if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	225	{
				226	printf( " failed\n ! ssl_write returned %d\n\n", ret );
				227	goto exit;
				228	}
				229	}
				230
				231	len = ret;
				232	printf( " %d bytes written\n\n%s", len, (char *) buf );
				233
				234	/*
				235	* 7. Read the HTTP response
				236	*/
				237	printf( " < Read from server:" );
				238	fflush( stdout );
				239
				240	do
				241	{
				242	len = sizeof( buf ) - 1;
				243	memset( buf, 0, sizeof( buf ) );
				244	ret = ssl_read( &ssl, buf, len );
				245
Paul Bakker	831a755	2011-05-18 13:32:51 +0000	[diff] [blame]	246	if( ret == POLARSSL_ERR_NET_WANT_READ \|\| ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	247	continue;
				248
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	249	if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	250	break;
				251
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	252	if( ret < 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	253	{
				254	printf( "failed\n ! ssl_read returned %d\n\n", ret );
				255	break;
				256	}
				257
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	258	if( ret == 0 )
				259	{
				260	printf( "\n\nEOF\n\n" );
				261	break;
				262	}
				263
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	264	len = ret;
				265	printf( " %d bytes read\n\n%s", len, (char *) buf );
				266	}
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	267	while( 1 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	268
				269	ssl_close_notify( &ssl );
				270
				271	exit:
				272
Paul Bakker	a3d195c	2011-11-27 21:07:34 +0000	[diff] [blame]	273	#ifdef POLARSSL_ERROR_C
				274	if( ret != 0 )
				275	{
				276	char error_buf[100];
				277	error_strerror( ret, error_buf, 100 );
				278	printf("Last error was: %d - %s\n\n", ret, error_buf );
				279	}
				280	#endif
				281
Paul Bakker	3914840	2014-04-17 16:02:36 +0200	[diff] [blame]	282	if( server_fd != -1 )
				283	net_close( server_fd );
				284
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	285	x509_free( &cacert );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	286	ssl_free( &ssl );
				287
				288	memset( &ssl, 0, sizeof( ssl ) );
				289
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	290	#if defined(_WIN32)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	291	printf( " + Press Enter to exit this program.\n" );
				292	fflush( stdout ); getchar();
				293	#endif
				294
				295	return( ret );
				296	}
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	297	#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
				298	POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
				299	POLARSSL_CTR_DRBG_C */