TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / aa0d4d1aff41111a44061c1e6226436d2fac842f / . / programs / ssl / ssl_server2.c
blob: 2ed74e404dae6d390cd63acd9f3324788278b38e [file] [log] [blame]
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]1/*
2 * SSL client with options
3 *
Paul Bakker3c5ef712013-06-25 16:37:45 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
30#if defined(_WIN32)
31#include <windows.h>
32#endif
33
34#include <string.h>
35#include <stdlib.h>
36#include <stdio.h>
37
38#include "polarssl/config.h"
39
40#include "polarssl/net.h"
41#include "polarssl/ssl.h"
42#include "polarssl/entropy.h"
43#include "polarssl/ctr_drbg.h"
44#include "polarssl/certs.h"
45#include "polarssl/x509.h"
46#include "polarssl/error.h"
47
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]48#if defined(POLARSSL_SSL_CACHE_C)
49#include "polarssl/ssl_cache.h"
50#endif
51
Paul Bakker82024bf2013-07-04 11:52:32 +0200[diff] [blame]52#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
53#include "polarssl/memory.h"
54#endif
55
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]56#define DFL_SERVER_PORT 4433
57#define DFL_REQUEST_PAGE "/"
58#define DFL_DEBUG_LEVEL 0
59#define DFL_CA_FILE ""
60#define DFL_CA_PATH ""
61#define DFL_CRT_FILE ""
62#define DFL_KEY_FILE ""
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]63#define DFL_PSK ""
64#define DFL_PSK_IDENTITY "Client_identity"
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]65#define DFL_FORCE_CIPHER 0
66#define DFL_RENEGOTIATION SSL_RENEGOTIATION_ENABLED
67#define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]68#define DFL_MIN_VERSION -1
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]69#define DFL_MAX_VERSION -1
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]70#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]71#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame^]72#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]73
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]74#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
75 "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
76 "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
77 "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
78 "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
79 "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
80 "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]81
Paul Bakker8e714d72013-07-18 11:05:13 +0200[diff] [blame]82/* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
83 * packets (for fragmentation purposes) */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]84#define HTTP_RESPONSE \
85 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
86 "<h2>PolarSSL Test Server</h2>\r\n" \
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]87 "<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]88
89/*
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]90 * global options
91 */
92struct options
93{
94 int server_port; /* port on which the ssl service runs */
95 int debug_level; /* level of debugging */
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]96 const char *ca_file; /* the file with the CA certificate(s) */
97 const char *ca_path; /* the path with the CA certificate(s) reside */
98 const char *crt_file; /* the file with the client certificate */
99 const char *key_file; /* the file with the client key */
100 const char *psk; /* the pre-shared key */
101 const char *psk_identity; /* the pre-shared key identity */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]102 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
103 int renegotiation; /* enable / disable renegotiation */
104 int allow_legacy; /* allow legacy renegotiation */
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]105 int min_version; /* minimum protocol version accepted */
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]106 int max_version; /* maximum protocol version accepted */
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]107 int auth_mode; /* verify mode for connection */
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]108 unsigned char mfl_code; /* code for maximum fragment length */
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame^]109 int tickets; /* enable / disable session tickets */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]110} opt;
111
Paul Bakker3c5ef712013-06-25 16:37:45 +0200[diff] [blame]112static void my_debug( void *ctx, int level, const char *str )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]113{
114 if( level < opt.debug_level )
115 {
116 fprintf( (FILE *) ctx, "%s", str );
117 fflush( (FILE *) ctx );
118 }
119}
120
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]121#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]122#if defined(POLARSSL_FS_IO)
123#define USAGE_IO \
Paul Bakker1f9d02d2012-11-20 10:30:55 +0100[diff] [blame]124 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
125 " default: \"\" (pre-loaded)\n" \
126 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
127 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
128 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
129 " default: \"\" (pre-loaded)\n" \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]130 " key_file=%%s default: \"\" (pre-loaded)\n"
131#else
132#define USAGE_IO \
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]133 "\n" \
134 " No file operations available (POLARSSL_FS_IO not defined)\n" \
135 "\n"
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]136#endif /* POLARSSL_FS_IO */
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]137#else
138#define USAGE_IO ""
139#endif /* POLARSSL_X509_PARSE_C */
140
141#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
142#define USAGE_PSK \
143 " psk=%%s default: \"\" (in hex, without 0x)\n" \
144 " psk_identity=%%s default: \"Client_identity\"\n"
145#else
146#define USAGE_PSK ""
147#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]148
149#define USAGE \
150 "\n usage: ssl_server2 param=<>...\n" \
151 "\n acceptable parameters:\n" \
152 " server_port=%%d default: 4433\n" \
153 " debug_level=%%d default: 0 (disabled)\n" \
154 USAGE_IO \
155 " request_page=%%s default: \".\"\n" \
156 " renegotiation=%%d default: 1 (enabled)\n" \
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame^]157 " tickets=%%d default: 1 (enabled)\n" \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]158 " allow_legacy=%%d default: 0 (disabled)\n" \
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]159 " min_version=%%s default: \"ssl3\"\n" \
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]160 " max_version=%%s default: \"tls1_2\"\n" \
161 " force_version=%%s default: \"\" (none)\n" \
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]162 " options: ssl3, tls1, tls1_1, tls1_2\n" \
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]163 " auth_mode=%%s default: \"optional\"\n" \
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]164 " options: none, optional, required\n" \
Paul Bakker6c852792013-07-26 14:02:13 +0200[diff] [blame]165 " max_frag_len=%%d default: 16384 (tls default)\n" \
166 " options: 512, 1024, 2048, 4096\n" \
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]167 USAGE_PSK \
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]168 "\n" \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]169 " force_ciphersuite=<name> default: all enabled\n"\
170 " acceptable ciphersuite names:\n"
171
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]172#if !defined(POLARSSL_ENTROPY_C) || \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]173 !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]174 !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]175int main( int argc, char *argv[] )
176{
177 ((void) argc);
178 ((void) argv);
179
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]180 printf("POLARSSL_ENTROPY_C and/or "
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]181 "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]182 "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]183 return( 0 );
184}
185#else
186int main( int argc, char *argv[] )
187{
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]188 int ret = 0, len, written, frags;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]189 int listen_fd;
190 int client_fd = -1;
191 unsigned char buf[1024];
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]192#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]193 unsigned char psk[256];
194 size_t psk_len = 0;
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]195#endif
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]196 const char *pers = "ssl_server2";
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]197
198 entropy_context entropy;
199 ctr_drbg_context ctr_drbg;
200 ssl_context ssl;
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]201#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]202 x509_cert cacert;
203 x509_cert srvcert;
204 rsa_context rsa;
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]205#endif
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]206#if defined(POLARSSL_SSL_CACHE_C)
207 ssl_cache_context cache;
208#endif
Paul Bakker82024bf2013-07-04 11:52:32 +0200[diff] [blame]209#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
210 unsigned char alloc_buf[100000];
211#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]212
213 int i;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]214 char *p, *q;
215 const int *list;
216
Paul Bakker82024bf2013-07-04 11:52:32 +0200[diff] [blame]217#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
218 memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
219#endif
220
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]221 /*
222 * Make sure memory references are valid.
223 */
224 listen_fd = 0;
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]225#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]226 memset( &cacert, 0, sizeof( x509_cert ) );
227 memset( &srvcert, 0, sizeof( x509_cert ) );
228 memset( &rsa, 0, sizeof( rsa_context ) );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]229#endif
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]230#if defined(POLARSSL_SSL_CACHE_C)
231 ssl_cache_init( &cache );
232#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]233
234 if( argc == 0 )
235 {
236 usage:
237 if( ret == 0 )
238 ret = 1;
239
240 printf( USAGE );
241
242 list = ssl_list_ciphersuites();
243 while( *list )
244 {
Paul Bakkerbcbe2d82013-04-19 09:10:20 +0200[diff] [blame]245 printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]246 list++;
247 if( !*list )
248 break;
249 printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]250 list++;
251 }
252 printf("\n");
253 goto exit;
254 }
255
256 opt.server_port = DFL_SERVER_PORT;
257 opt.debug_level = DFL_DEBUG_LEVEL;
258 opt.ca_file = DFL_CA_FILE;
259 opt.ca_path = DFL_CA_PATH;
260 opt.crt_file = DFL_CRT_FILE;
261 opt.key_file = DFL_KEY_FILE;
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]262 opt.psk = DFL_PSK;
263 opt.psk_identity = DFL_PSK_IDENTITY;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]264 opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
265 opt.renegotiation = DFL_RENEGOTIATION;
266 opt.allow_legacy = DFL_ALLOW_LEGACY;
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]267 opt.min_version = DFL_MIN_VERSION;
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]268 opt.max_version = DFL_MAX_VERSION;
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]269 opt.auth_mode = DFL_AUTH_MODE;
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]270 opt.mfl_code = DFL_MFL_CODE;
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame^]271 opt.tickets = DFL_TICKETS;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]272
273 for( i = 1; i < argc; i++ )
274 {
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]275 p = argv[i];
276 if( ( q = strchr( p, '=' ) ) == NULL )
277 goto usage;
278 *q++ = '\0';
279
280 if( strcmp( p, "server_port" ) == 0 )
281 {
282 opt.server_port = atoi( q );
283 if( opt.server_port < 1 || opt.server_port > 65535 )
284 goto usage;
285 }
286 else if( strcmp( p, "debug_level" ) == 0 )
287 {
288 opt.debug_level = atoi( q );
289 if( opt.debug_level < 0 || opt.debug_level > 65535 )
290 goto usage;
291 }
292 else if( strcmp( p, "ca_file" ) == 0 )
293 opt.ca_file = q;
294 else if( strcmp( p, "ca_path" ) == 0 )
295 opt.ca_path = q;
296 else if( strcmp( p, "crt_file" ) == 0 )
297 opt.crt_file = q;
298 else if( strcmp( p, "key_file" ) == 0 )
299 opt.key_file = q;
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]300 else if( strcmp( p, "psk" ) == 0 )
301 opt.psk = q;
302 else if( strcmp( p, "psk_identity" ) == 0 )
303 opt.psk_identity = q;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]304 else if( strcmp( p, "force_ciphersuite" ) == 0 )
305 {
306 opt.force_ciphersuite[0] = -1;
307
308 opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
309
310 if( opt.force_ciphersuite[0] <= 0 )
311 {
312 ret = 2;
313 goto usage;
314 }
315 opt.force_ciphersuite[1] = 0;
316 }
317 else if( strcmp( p, "renegotiation" ) == 0 )
318 {
319 opt.renegotiation = (atoi( q )) ? SSL_RENEGOTIATION_ENABLED :
320 SSL_RENEGOTIATION_DISABLED;
321 }
322 else if( strcmp( p, "allow_legacy" ) == 0 )
323 {
324 opt.allow_legacy = atoi( q );
325 if( opt.allow_legacy < 0 || opt.allow_legacy > 1 )
326 goto usage;
327 }
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]328 else if( strcmp( p, "min_version" ) == 0 )
329 {
330 if( strcmp( q, "ssl3" ) == 0 )
331 opt.min_version = SSL_MINOR_VERSION_0;
332 else if( strcmp( q, "tls1" ) == 0 )
333 opt.min_version = SSL_MINOR_VERSION_1;
334 else if( strcmp( q, "tls1_1" ) == 0 )
335 opt.min_version = SSL_MINOR_VERSION_2;
336 else if( strcmp( q, "tls1_2" ) == 0 )
337 opt.min_version = SSL_MINOR_VERSION_3;
338 else
339 goto usage;
340 }
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]341 else if( strcmp( p, "max_version" ) == 0 )
342 {
343 if( strcmp( q, "ssl3" ) == 0 )
344 opt.max_version = SSL_MINOR_VERSION_0;
345 else if( strcmp( q, "tls1" ) == 0 )
346 opt.max_version = SSL_MINOR_VERSION_1;
347 else if( strcmp( q, "tls1_1" ) == 0 )
348 opt.max_version = SSL_MINOR_VERSION_2;
349 else if( strcmp( q, "tls1_2" ) == 0 )
350 opt.max_version = SSL_MINOR_VERSION_3;
351 else
352 goto usage;
353 }
354 else if( strcmp( p, "force_version" ) == 0 )
355 {
356 if( strcmp( q, "ssl3" ) == 0 )
357 {
358 opt.min_version = SSL_MINOR_VERSION_0;
359 opt.max_version = SSL_MINOR_VERSION_0;
360 }
361 else if( strcmp( q, "tls1" ) == 0 )
362 {
363 opt.min_version = SSL_MINOR_VERSION_1;
364 opt.max_version = SSL_MINOR_VERSION_1;
365 }
366 else if( strcmp( q, "tls1_1" ) == 0 )
367 {
368 opt.min_version = SSL_MINOR_VERSION_2;
369 opt.max_version = SSL_MINOR_VERSION_2;
370 }
371 else if( strcmp( q, "tls1_2" ) == 0 )
372 {
373 opt.min_version = SSL_MINOR_VERSION_3;
374 opt.max_version = SSL_MINOR_VERSION_3;
375 }
376 else
377 goto usage;
378 }
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]379 else if( strcmp( p, "auth_mode" ) == 0 )
380 {
381 if( strcmp( q, "none" ) == 0 )
382 opt.auth_mode = SSL_VERIFY_NONE;
383 else if( strcmp( q, "optional" ) == 0 )
384 opt.auth_mode = SSL_VERIFY_OPTIONAL;
385 else if( strcmp( q, "required" ) == 0 )
386 opt.auth_mode = SSL_VERIFY_REQUIRED;
387 else
388 goto usage;
389 }
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]390 else if( strcmp( p, "max_frag_len" ) == 0 )
391 {
392 if( strcmp( q, "512" ) == 0 )
393 opt.mfl_code = SSL_MAX_FRAG_LEN_512;
394 else if( strcmp( q, "1024" ) == 0 )
395 opt.mfl_code = SSL_MAX_FRAG_LEN_1024;
396 else if( strcmp( q, "2048" ) == 0 )
397 opt.mfl_code = SSL_MAX_FRAG_LEN_2048;
398 else if( strcmp( q, "4096" ) == 0 )
399 opt.mfl_code = SSL_MAX_FRAG_LEN_4096;
400 else
401 goto usage;
402 }
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame^]403 else if( strcmp( p, "tickets" ) == 0 )
404 {
405 opt.tickets = atoi( q );
406 if( opt.tickets < 0 || opt.tickets > 1 )
407 goto usage;
408 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]409 else
410 goto usage;
411 }
412
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]413 if( opt.force_ciphersuite[0] > 0 )
414 {
415 const ssl_ciphersuite_t *ciphersuite_info;
416 ciphersuite_info = ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
417
Paul Bakker5b55b792013-07-19 13:43:43 +0200[diff] [blame]418 if( opt.max_version != -1 &&
419 ciphersuite_info->min_minor_ver > opt.max_version )
420 {
421 printf("forced ciphersuite not allowed with this protocol version\n");
422 ret = 2;
423 goto usage;
424 }
425 if( opt.min_version != -1 &&
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]426 ciphersuite_info->max_minor_ver < opt.min_version )
427 {
428 printf("forced ciphersuite not allowed with this protocol version\n");
429 ret = 2;
430 goto usage;
431 }
Paul Bakker5b55b792013-07-19 13:43:43 +0200[diff] [blame]432 if( opt.max_version > ciphersuite_info->max_minor_ver )
433 opt.max_version = ciphersuite_info->max_minor_ver;
434 if( opt.min_version < ciphersuite_info->min_minor_ver )
435 opt.min_version = ciphersuite_info->min_minor_ver;
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]436 }
437
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]438#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]439 /*
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]440 * Unhexify the pre-shared key if any is given
441 */
442 if( strlen( opt.psk ) )
443 {
444 unsigned char c;
445 size_t j;
446
447 if( strlen( opt.psk ) % 2 != 0 )
448 {
449 printf("pre-shared key not valid hex\n");
450 goto exit;
451 }
452
453 psk_len = strlen( opt.psk ) / 2;
454
455 for( j = 0; j < strlen( opt.psk ); j += 2 )
456 {
457 c = opt.psk[j];
458 if( c >= '0' && c <= '9' )
459 c -= '0';
460 else if( c >= 'a' && c <= 'f' )
461 c -= 'a' - 10;
462 else if( c >= 'A' && c <= 'F' )
463 c -= 'A' - 10;
464 else
465 {
466 printf("pre-shared key not valid hex\n");
467 goto exit;
468 }
469 psk[ j / 2 ] = c << 4;
470
471 c = opt.psk[j + 1];
472 if( c >= '0' && c <= '9' )
473 c -= '0';
474 else if( c >= 'a' && c <= 'f' )
475 c -= 'a' - 10;
476 else if( c >= 'A' && c <= 'F' )
477 c -= 'A' - 10;
478 else
479 {
480 printf("pre-shared key not valid hex\n");
481 goto exit;
482 }
483 psk[ j / 2 ] |= c;
484 }
485 }
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]486#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]487
488 /*
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]489 * 0. Initialize the RNG and the session data
490 */
491 printf( "\n . Seeding the random number generator..." );
492 fflush( stdout );
493
494 entropy_init( &entropy );
495 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]496 (const unsigned char *) pers,
497 strlen( pers ) ) ) != 0 )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]498 {
499 printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
500 goto exit;
501 }
502
503 printf( " ok\n" );
504
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]505#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]506 /*
507 * 1.1. Load the trusted CA
508 */
509 printf( " . Loading the CA root certificate ..." );
510 fflush( stdout );
511
512#if defined(POLARSSL_FS_IO)
513 if( strlen( opt.ca_path ) )
514 ret = x509parse_crtpath( &cacert, opt.ca_path );
515 else if( strlen( opt.ca_file ) )
516 ret = x509parse_crtfile( &cacert, opt.ca_file );
517 else
518#endif
519#if defined(POLARSSL_CERTS_C)
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]520 ret = x509parse_crt( &cacert, (const unsigned char *) test_ca_crt,
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]521 strlen( test_ca_crt ) );
522#else
523 {
524 ret = 1;
525 printf("POLARSSL_CERTS_C not defined.");
526 }
527#endif
528 if( ret < 0 )
529 {
530 printf( " failed\n ! x509parse_crt returned -0x%x\n\n", -ret );
531 goto exit;
532 }
533
534 printf( " ok (%d skipped)\n", ret );
535
536 /*
537 * 1.2. Load own certificate and private key
538 */
539 printf( " . Loading the server cert. and key..." );
540 fflush( stdout );
541
542#if defined(POLARSSL_FS_IO)
543 if( strlen( opt.crt_file ) )
544 ret = x509parse_crtfile( &srvcert, opt.crt_file );
545 else
546#endif
547#if defined(POLARSSL_CERTS_C)
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]548 ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt,
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]549 strlen( test_srv_crt ) );
550#else
551 {
552 ret = 1;
553 printf("POLARSSL_CERTS_C not defined.");
554 }
555#endif
556 if( ret != 0 )
557 {
558 printf( " failed\n ! x509parse_crt returned -0x%x\n\n", -ret );
559 goto exit;
560 }
561
562#if defined(POLARSSL_FS_IO)
563 if( strlen( opt.key_file ) )
Manuel Pégourié-Gonnardba4878a2013-06-27 10:51:01 +0200[diff] [blame]564 ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]565 else
566#endif
567#if defined(POLARSSL_CERTS_C)
Manuel Pégourié-Gonnardba4878a2013-06-27 10:51:01 +0200[diff] [blame]568 ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]569 strlen( test_srv_key ), NULL, 0 );
570#else
571 {
572 ret = 1;
573 printf("POLARSSL_CERTS_C not defined.");
574 }
575#endif
576 if( ret != 0 )
577 {
Manuel Pégourié-Gonnardba4878a2013-06-27 10:51:01 +0200[diff] [blame]578 printf( " failed\n ! x509parse_key_rsa returned -0x%x\n\n", -ret );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]579 goto exit;
580 }
581
582 printf( " ok\n" );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]583#endif /* POLARSSL_X509_PARSE_C */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]584
585 /*
586 * 2. Setup the listening TCP socket
587 */
588 printf( " . Bind on tcp://localhost:%-4d/ ...", opt.server_port );
589 fflush( stdout );
590
591 if( ( ret = net_bind( &listen_fd, NULL, opt.server_port ) ) != 0 )
592 {
593 printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
594 goto exit;
595 }
596
597 printf( " ok\n" );
598
599 /*
600 * 3. Setup stuff
601 */
602 printf( " . Setting up the SSL/TLS structure..." );
603 fflush( stdout );
604
605 if( ( ret = ssl_init( &ssl ) ) != 0 )
606 {
607 printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
608 goto exit;
609 }
610
611 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]612 ssl_set_authmode( &ssl, opt.auth_mode );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]613
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]614 ssl_set_max_frag_len( &ssl, opt.mfl_code );
615
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]616 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
617 ssl_set_dbg( &ssl, my_debug, stdout );
618
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]619#if defined(POLARSSL_SSL_CACHE_C)
620 ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
621 ssl_cache_set, &cache );
622#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]623
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame^]624 ssl_set_session_tickets( &ssl, opt.tickets );
625
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]626 if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]627 ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
628
629 ssl_set_renegotiation( &ssl, opt.renegotiation );
630 ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
631
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]632#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]633 ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
634 ssl_set_own_cert( &ssl, &srvcert, &rsa );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]635#endif
636
637#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
Paul Bakker3c5ef712013-06-25 16:37:45 +0200[diff] [blame]638 ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity,
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]639 strlen( opt.psk_identity ) );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]640#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]641
642#if defined(POLARSSL_DHM_C)
Paul Bakker5d19f862012-09-28 07:33:00 +0000[diff] [blame]643 /*
644 * Use different group than default DHM group
645 */
Paul Bakkerd4324102012-09-26 08:29:38 +0000[diff] [blame]646 ssl_set_dh_param( &ssl, POLARSSL_DHM_RFC5114_MODP_2048_P,
647 POLARSSL_DHM_RFC5114_MODP_2048_G );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]648#endif
649
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]650 if( opt.min_version != -1 )
651 ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
652
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]653 if( opt.max_version != -1 )
654 ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
655
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]656 printf( " ok\n" );
657
658reset:
659#ifdef POLARSSL_ERROR_C
660 if( ret != 0 )
661 {
662 char error_buf[100];
Paul Bakker03a8a792013-06-30 12:18:08 +0200[diff] [blame]663 polarssl_strerror( ret, error_buf, 100 );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]664 printf("Last error was: %d - %s\n\n", ret, error_buf );
665 }
666#endif
667
668 if( client_fd != -1 )
669 net_close( client_fd );
670
671 ssl_session_reset( &ssl );
672
673 /*
674 * 3. Wait until a client connects
675 */
676#if defined(_WIN32_WCE)
677 {
678 SHELLEXECUTEINFO sei;
679
680 ZeroMemory( &sei, sizeof( SHELLEXECUTEINFO ) );
681
682 sei.cbSize = sizeof( SHELLEXECUTEINFO );
683 sei.fMask = 0;
684 sei.hwnd = 0;
685 sei.lpVerb = _T( "open" );
686 sei.lpFile = _T( "https://localhost:4433/" );
687 sei.lpParameters = NULL;
688 sei.lpDirectory = NULL;
689 sei.nShow = SW_SHOWNORMAL;
690
691 ShellExecuteEx( &sei );
692 }
693#elif defined(_WIN32)
694 ShellExecute( NULL, "open", "https://localhost:4433/",
695 NULL, NULL, SW_SHOWNORMAL );
696#endif
697
698 client_fd = -1;
699
700 printf( " . Waiting for a remote connection ..." );
701 fflush( stdout );
702
703 if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
704 {
705 printf( " failed\n ! net_accept returned -0x%x\n\n", -ret );
706 goto exit;
707 }
708
709 ssl_set_bio( &ssl, net_recv, &client_fd,
710 net_send, &client_fd );
711
712 printf( " ok\n" );
713
714 /*
715 * 4. Handshake
716 */
717 printf( " . Performing the SSL/TLS handshake..." );
718 fflush( stdout );
719
720 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
721 {
722 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
723 {
724 printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]725 goto reset;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]726 }
727 }
728
729 printf( " ok\n [ Ciphersuite is %s ]\n",
730 ssl_get_ciphersuite( &ssl ) );
731
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]732#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]733 /*
734 * 5. Verify the server certificate
735 */
736 printf( " . Verifying peer X.509 certificate..." );
737
738 if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
739 {
740 printf( " failed\n" );
741
Paul Bakkerb0550d92012-10-30 07:51:03 +0000[diff] [blame]742 if( !ssl_get_peer_cert( &ssl ) )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]743 printf( " ! no client certificate sent\n" );
744
745 if( ( ret & BADCERT_EXPIRED ) != 0 )
746 printf( " ! client certificate has expired\n" );
747
748 if( ( ret & BADCERT_REVOKED ) != 0 )
749 printf( " ! client certificate has been revoked\n" );
750
751 if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
752 printf( " ! self-signed or not signed by a trusted CA\n" );
753
754 printf( "\n" );
755 }
756 else
757 printf( " ok\n" );
758
Paul Bakkerb0550d92012-10-30 07:51:03 +0000[diff] [blame]759 if( ssl_get_peer_cert( &ssl ) )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]760 {
761 printf( " . Peer certificate information ...\n" );
762 x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
Paul Bakkerb0550d92012-10-30 07:51:03 +0000[diff] [blame]763 ssl_get_peer_cert( &ssl ) );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]764 printf( "%s\n", buf );
765 }
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]766#endif /* POLARSSL_X509_PARSE_C */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]767
768 /*
769 * 6. Read the HTTP Request
770 */
771 printf( " < Read from client:" );
772 fflush( stdout );
773
774 do
775 {
776 len = sizeof( buf ) - 1;
777 memset( buf, 0, sizeof( buf ) );
778 ret = ssl_read( &ssl, buf, len );
779
780 if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
781 continue;
782
783 if( ret <= 0 )
784 {
785 switch( ret )
786 {
787 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
788 printf( " connection was closed gracefully\n" );
789 break;
790
791 case POLARSSL_ERR_NET_CONN_RESET:
792 printf( " connection was reset by peer\n" );
793 break;
794
795 default:
796 printf( " ssl_read returned -0x%x\n", -ret );
797 break;
798 }
799
800 break;
801 }
802
803 len = ret;
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]804 printf( " %d bytes read\n\n%s\n", len, (char *) buf );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]805
Paul Bakker82024bf2013-07-04 11:52:32 +0200[diff] [blame]806 if( memcmp( buf, "SERVERQUIT", 10 ) == 0 )
807 goto exit;
808
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]809 if( ret > 0 )
810 break;
811 }
812 while( 1 );
813
814 /*
815 * 7. Write the 200 Response
816 */
817 printf( " > Write to client:" );
818 fflush( stdout );
819
820 len = sprintf( (char *) buf, HTTP_RESPONSE,
821 ssl_get_ciphersuite( &ssl ) );
822
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]823 for( written = 0, frags = 0; written < len; written += ret, frags++ )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]824 {
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]825 while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]826 {
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]827 if( ret == POLARSSL_ERR_NET_CONN_RESET )
828 {
829 printf( " failed\n ! peer closed the connection\n\n" );
830 goto reset;
831 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]832
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]833 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
834 {
835 printf( " failed\n ! ssl_write returned %d\n\n", ret );
836 goto exit;
837 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]838 }
839 }
840
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]841 buf[written] = '\0';
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]842 printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]843
844 ret = 0;
845 goto reset;
846
847exit:
848
849#ifdef POLARSSL_ERROR_C
850 if( ret != 0 )
851 {
852 char error_buf[100];
Paul Bakker03a8a792013-06-30 12:18:08 +0200[diff] [blame]853 polarssl_strerror( ret, error_buf, 100 );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]854 printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
855 }
856#endif
857
858 net_close( client_fd );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]859#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]860 x509_free( &srvcert );
861 x509_free( &cacert );
862 rsa_free( &rsa );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]863#endif
864
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]865 ssl_free( &ssl );
866
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]867#if defined(POLARSSL_SSL_CACHE_C)
868 ssl_cache_free( &cache );
869#endif
870
Paul Bakker82024bf2013-07-04 11:52:32 +0200[diff] [blame]871#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && defined(POLARSSL_MEMORY_DEBUG)
872 memory_buffer_alloc_status();
873#endif
874
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]875#if defined(_WIN32)
876 printf( " + Press Enter to exit this program.\n" );
877 fflush( stdout ); getchar();
878#endif
879
Paul Bakkerdbd79ca2013-07-24 16:28:35 +0200[diff] [blame]880 // Shell can not handle large exit numbers -> 1 for errors
881 if( ret < 0 )
882 ret = 1;
883
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]884 return( ret );
885}
886#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
887 POLARSSL_SSL_SRV_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
888 POLARSSL_CTR_DRBG_C */