TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 09edda888e448b8a3012bd01dbfcde57813d5431 / . / programs / ssl / ssl_server2.c
blob: 681850bee00295378c2eb988ec3ff3bd6438f2d0 [file] [log] [blame]
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]1/*
2 * SSL client with options
3 *
Paul Bakker3c5ef712013-06-25 16:37:45 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
30#if defined(_WIN32)
31#include <windows.h>
32#endif
33
34#include <string.h>
35#include <stdlib.h>
36#include <stdio.h>
37
38#include "polarssl/config.h"
39
40#include "polarssl/net.h"
41#include "polarssl/ssl.h"
42#include "polarssl/entropy.h"
43#include "polarssl/ctr_drbg.h"
44#include "polarssl/certs.h"
45#include "polarssl/x509.h"
46#include "polarssl/error.h"
47
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]48#if defined(POLARSSL_SSL_CACHE_C)
49#include "polarssl/ssl_cache.h"
50#endif
51
Paul Bakker82024bf2013-07-04 11:52:32 +0200[diff] [blame]52#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
53#include "polarssl/memory.h"
54#endif
55
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]56#define DFL_SERVER_PORT 4433
57#define DFL_REQUEST_PAGE "/"
58#define DFL_DEBUG_LEVEL 0
59#define DFL_CA_FILE ""
60#define DFL_CA_PATH ""
61#define DFL_CRT_FILE ""
62#define DFL_KEY_FILE ""
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]63#define DFL_PSK ""
64#define DFL_PSK_IDENTITY "Client_identity"
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]65#define DFL_FORCE_CIPHER 0
66#define DFL_RENEGOTIATION SSL_RENEGOTIATION_ENABLED
67#define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]68#define DFL_MIN_VERSION -1
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]69#define DFL_MAX_VERSION -1
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]70#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]71#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]72#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]73
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]74#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
75 "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
76 "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
77 "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
78 "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
79 "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
80 "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]81
Paul Bakker8e714d72013-07-18 11:05:13 +0200[diff] [blame]82/* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
83 * packets (for fragmentation purposes) */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]84#define HTTP_RESPONSE \
85 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
86 "<h2>PolarSSL Test Server</h2>\r\n" \
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]87 "<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]88
89/*
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]90 * global options
91 */
92struct options
93{
94 int server_port; /* port on which the ssl service runs */
95 int debug_level; /* level of debugging */
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]96 const char *ca_file; /* the file with the CA certificate(s) */
97 const char *ca_path; /* the path with the CA certificate(s) reside */
98 const char *crt_file; /* the file with the client certificate */
99 const char *key_file; /* the file with the client key */
100 const char *psk; /* the pre-shared key */
101 const char *psk_identity; /* the pre-shared key identity */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]102 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
103 int renegotiation; /* enable / disable renegotiation */
104 int allow_legacy; /* allow legacy renegotiation */
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]105 int min_version; /* minimum protocol version accepted */
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]106 int max_version; /* maximum protocol version accepted */
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]107 int auth_mode; /* verify mode for connection */
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]108 unsigned char mfl_code; /* code for maximum fragment length */
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]109 int tickets; /* enable / disable session tickets */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]110} opt;
111
Paul Bakker3c5ef712013-06-25 16:37:45 +0200[diff] [blame]112static void my_debug( void *ctx, int level, const char *str )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]113{
114 if( level < opt.debug_level )
115 {
116 fprintf( (FILE *) ctx, "%s", str );
117 fflush( (FILE *) ctx );
118 }
119}
120
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]121#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]122#if defined(POLARSSL_FS_IO)
123#define USAGE_IO \
Paul Bakker1f9d02d2012-11-20 10:30:55 +0100[diff] [blame]124 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
125 " default: \"\" (pre-loaded)\n" \
126 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
127 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
128 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
129 " default: \"\" (pre-loaded)\n" \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]130 " key_file=%%s default: \"\" (pre-loaded)\n"
131#else
132#define USAGE_IO \
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]133 "\n" \
134 " No file operations available (POLARSSL_FS_IO not defined)\n" \
135 "\n"
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]136#endif /* POLARSSL_FS_IO */
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]137#else
138#define USAGE_IO ""
139#endif /* POLARSSL_X509_PARSE_C */
140
141#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
142#define USAGE_PSK \
143 " psk=%%s default: \"\" (in hex, without 0x)\n" \
144 " psk_identity=%%s default: \"Client_identity\"\n"
145#else
146#define USAGE_PSK ""
147#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]148
Paul Bakkera503a632013-08-14 13:48:06 +0200[diff] [blame]149#if defined(POLARSSL_SSL_SESSION_TICKETS)
150#define USAGE_TICKETS \
151 " tickets=%%d default: 1 (enabled)\n"
152#else
153#define USAGE_TICKETS ""
154#endif /* POLARSSL_SSL_SESSION_TICKETS */
155
Paul Bakker05decb22013-08-15 13:33:48 +0200[diff] [blame]156#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
157#define USAGE_MAX_FRAG_LEN \
158 " max_frag_len=%%d default: 16384 (tls default)\n" \
159 " options: 512, 1024, 2048, 4096\n"
160#else
161#define USAGE_MAX_FRAG_LEN ""
162#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
163
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]164#define USAGE \
165 "\n usage: ssl_server2 param=<>...\n" \
166 "\n acceptable parameters:\n" \
167 " server_port=%%d default: 4433\n" \
168 " debug_level=%%d default: 0 (disabled)\n" \
169 USAGE_IO \
170 " request_page=%%s default: \".\"\n" \
171 " renegotiation=%%d default: 1 (enabled)\n" \
Paul Bakkera503a632013-08-14 13:48:06 +0200[diff] [blame]172 USAGE_TICKETS \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]173 " allow_legacy=%%d default: 0 (disabled)\n" \
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]174 " min_version=%%s default: \"ssl3\"\n" \
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]175 " max_version=%%s default: \"tls1_2\"\n" \
176 " force_version=%%s default: \"\" (none)\n" \
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]177 " options: ssl3, tls1, tls1_1, tls1_2\n" \
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]178 " auth_mode=%%s default: \"optional\"\n" \
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]179 " options: none, optional, required\n" \
Paul Bakker05decb22013-08-15 13:33:48 +0200[diff] [blame]180 USAGE_MAX_FRAG_LEN \
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]181 USAGE_PSK \
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]182 "\n" \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]183 " force_ciphersuite=<name> default: all enabled\n"\
184 " acceptable ciphersuite names:\n"
185
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]186#if !defined(POLARSSL_ENTROPY_C) || \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]187 !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]188 !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]189int main( int argc, char *argv[] )
190{
191 ((void) argc);
192 ((void) argv);
193
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]194 printf("POLARSSL_ENTROPY_C and/or "
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]195 "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]196 "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]197 return( 0 );
198}
199#else
200int main( int argc, char *argv[] )
201{
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]202 int ret = 0, len, written, frags;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]203 int listen_fd;
204 int client_fd = -1;
205 unsigned char buf[1024];
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]206#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]207 unsigned char psk[256];
208 size_t psk_len = 0;
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]209#endif
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]210 const char *pers = "ssl_server2";
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]211
212 entropy_context entropy;
213 ctr_drbg_context ctr_drbg;
214 ssl_context ssl;
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]215#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]216 x509_cert cacert;
217 x509_cert srvcert;
218 rsa_context rsa;
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]219#endif
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]220#if defined(POLARSSL_SSL_CACHE_C)
221 ssl_cache_context cache;
222#endif
Paul Bakker82024bf2013-07-04 11:52:32 +0200[diff] [blame]223#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
224 unsigned char alloc_buf[100000];
225#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]226
227 int i;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]228 char *p, *q;
229 const int *list;
230
Paul Bakker82024bf2013-07-04 11:52:32 +0200[diff] [blame]231#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
232 memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
233#endif
234
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]235 /*
236 * Make sure memory references are valid.
237 */
238 listen_fd = 0;
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]239#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]240 memset( &cacert, 0, sizeof( x509_cert ) );
241 memset( &srvcert, 0, sizeof( x509_cert ) );
242 memset( &rsa, 0, sizeof( rsa_context ) );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]243#endif
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]244#if defined(POLARSSL_SSL_CACHE_C)
245 ssl_cache_init( &cache );
246#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]247
248 if( argc == 0 )
249 {
250 usage:
251 if( ret == 0 )
252 ret = 1;
253
254 printf( USAGE );
255
256 list = ssl_list_ciphersuites();
257 while( *list )
258 {
Paul Bakkerbcbe2d82013-04-19 09:10:20 +0200[diff] [blame]259 printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]260 list++;
261 if( !*list )
262 break;
263 printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]264 list++;
265 }
266 printf("\n");
267 goto exit;
268 }
269
270 opt.server_port = DFL_SERVER_PORT;
271 opt.debug_level = DFL_DEBUG_LEVEL;
272 opt.ca_file = DFL_CA_FILE;
273 opt.ca_path = DFL_CA_PATH;
274 opt.crt_file = DFL_CRT_FILE;
275 opt.key_file = DFL_KEY_FILE;
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]276 opt.psk = DFL_PSK;
277 opt.psk_identity = DFL_PSK_IDENTITY;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]278 opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
279 opt.renegotiation = DFL_RENEGOTIATION;
280 opt.allow_legacy = DFL_ALLOW_LEGACY;
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]281 opt.min_version = DFL_MIN_VERSION;
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]282 opt.max_version = DFL_MAX_VERSION;
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]283 opt.auth_mode = DFL_AUTH_MODE;
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]284 opt.mfl_code = DFL_MFL_CODE;
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]285 opt.tickets = DFL_TICKETS;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]286
287 for( i = 1; i < argc; i++ )
288 {
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]289 p = argv[i];
290 if( ( q = strchr( p, '=' ) ) == NULL )
291 goto usage;
292 *q++ = '\0';
293
294 if( strcmp( p, "server_port" ) == 0 )
295 {
296 opt.server_port = atoi( q );
297 if( opt.server_port < 1 || opt.server_port > 65535 )
298 goto usage;
299 }
300 else if( strcmp( p, "debug_level" ) == 0 )
301 {
302 opt.debug_level = atoi( q );
303 if( opt.debug_level < 0 || opt.debug_level > 65535 )
304 goto usage;
305 }
306 else if( strcmp( p, "ca_file" ) == 0 )
307 opt.ca_file = q;
308 else if( strcmp( p, "ca_path" ) == 0 )
309 opt.ca_path = q;
310 else if( strcmp( p, "crt_file" ) == 0 )
311 opt.crt_file = q;
312 else if( strcmp( p, "key_file" ) == 0 )
313 opt.key_file = q;
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]314 else if( strcmp( p, "psk" ) == 0 )
315 opt.psk = q;
316 else if( strcmp( p, "psk_identity" ) == 0 )
317 opt.psk_identity = q;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]318 else if( strcmp( p, "force_ciphersuite" ) == 0 )
319 {
320 opt.force_ciphersuite[0] = -1;
321
322 opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
323
324 if( opt.force_ciphersuite[0] <= 0 )
325 {
326 ret = 2;
327 goto usage;
328 }
329 opt.force_ciphersuite[1] = 0;
330 }
331 else if( strcmp( p, "renegotiation" ) == 0 )
332 {
333 opt.renegotiation = (atoi( q )) ? SSL_RENEGOTIATION_ENABLED :
334 SSL_RENEGOTIATION_DISABLED;
335 }
336 else if( strcmp( p, "allow_legacy" ) == 0 )
337 {
338 opt.allow_legacy = atoi( q );
339 if( opt.allow_legacy < 0 || opt.allow_legacy > 1 )
340 goto usage;
341 }
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]342 else if( strcmp( p, "min_version" ) == 0 )
343 {
344 if( strcmp( q, "ssl3" ) == 0 )
345 opt.min_version = SSL_MINOR_VERSION_0;
346 else if( strcmp( q, "tls1" ) == 0 )
347 opt.min_version = SSL_MINOR_VERSION_1;
348 else if( strcmp( q, "tls1_1" ) == 0 )
349 opt.min_version = SSL_MINOR_VERSION_2;
350 else if( strcmp( q, "tls1_2" ) == 0 )
351 opt.min_version = SSL_MINOR_VERSION_3;
352 else
353 goto usage;
354 }
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]355 else if( strcmp( p, "max_version" ) == 0 )
356 {
357 if( strcmp( q, "ssl3" ) == 0 )
358 opt.max_version = SSL_MINOR_VERSION_0;
359 else if( strcmp( q, "tls1" ) == 0 )
360 opt.max_version = SSL_MINOR_VERSION_1;
361 else if( strcmp( q, "tls1_1" ) == 0 )
362 opt.max_version = SSL_MINOR_VERSION_2;
363 else if( strcmp( q, "tls1_2" ) == 0 )
364 opt.max_version = SSL_MINOR_VERSION_3;
365 else
366 goto usage;
367 }
368 else if( strcmp( p, "force_version" ) == 0 )
369 {
370 if( strcmp( q, "ssl3" ) == 0 )
371 {
372 opt.min_version = SSL_MINOR_VERSION_0;
373 opt.max_version = SSL_MINOR_VERSION_0;
374 }
375 else if( strcmp( q, "tls1" ) == 0 )
376 {
377 opt.min_version = SSL_MINOR_VERSION_1;
378 opt.max_version = SSL_MINOR_VERSION_1;
379 }
380 else if( strcmp( q, "tls1_1" ) == 0 )
381 {
382 opt.min_version = SSL_MINOR_VERSION_2;
383 opt.max_version = SSL_MINOR_VERSION_2;
384 }
385 else if( strcmp( q, "tls1_2" ) == 0 )
386 {
387 opt.min_version = SSL_MINOR_VERSION_3;
388 opt.max_version = SSL_MINOR_VERSION_3;
389 }
390 else
391 goto usage;
392 }
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]393 else if( strcmp( p, "auth_mode" ) == 0 )
394 {
395 if( strcmp( q, "none" ) == 0 )
396 opt.auth_mode = SSL_VERIFY_NONE;
397 else if( strcmp( q, "optional" ) == 0 )
398 opt.auth_mode = SSL_VERIFY_OPTIONAL;
399 else if( strcmp( q, "required" ) == 0 )
400 opt.auth_mode = SSL_VERIFY_REQUIRED;
401 else
402 goto usage;
403 }
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]404 else if( strcmp( p, "max_frag_len" ) == 0 )
405 {
406 if( strcmp( q, "512" ) == 0 )
407 opt.mfl_code = SSL_MAX_FRAG_LEN_512;
408 else if( strcmp( q, "1024" ) == 0 )
409 opt.mfl_code = SSL_MAX_FRAG_LEN_1024;
410 else if( strcmp( q, "2048" ) == 0 )
411 opt.mfl_code = SSL_MAX_FRAG_LEN_2048;
412 else if( strcmp( q, "4096" ) == 0 )
413 opt.mfl_code = SSL_MAX_FRAG_LEN_4096;
414 else
415 goto usage;
416 }
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]417 else if( strcmp( p, "tickets" ) == 0 )
418 {
419 opt.tickets = atoi( q );
420 if( opt.tickets < 0 || opt.tickets > 1 )
421 goto usage;
422 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]423 else
424 goto usage;
425 }
426
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]427 if( opt.force_ciphersuite[0] > 0 )
428 {
429 const ssl_ciphersuite_t *ciphersuite_info;
430 ciphersuite_info = ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
431
Paul Bakker5b55b792013-07-19 13:43:43 +0200[diff] [blame]432 if( opt.max_version != -1 &&
433 ciphersuite_info->min_minor_ver > opt.max_version )
434 {
435 printf("forced ciphersuite not allowed with this protocol version\n");
436 ret = 2;
437 goto usage;
438 }
439 if( opt.min_version != -1 &&
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]440 ciphersuite_info->max_minor_ver < opt.min_version )
441 {
442 printf("forced ciphersuite not allowed with this protocol version\n");
443 ret = 2;
444 goto usage;
445 }
Paul Bakker5b55b792013-07-19 13:43:43 +0200[diff] [blame]446 if( opt.max_version > ciphersuite_info->max_minor_ver )
447 opt.max_version = ciphersuite_info->max_minor_ver;
448 if( opt.min_version < ciphersuite_info->min_minor_ver )
449 opt.min_version = ciphersuite_info->min_minor_ver;
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]450 }
451
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]452#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]453 /*
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]454 * Unhexify the pre-shared key if any is given
455 */
456 if( strlen( opt.psk ) )
457 {
458 unsigned char c;
459 size_t j;
460
461 if( strlen( opt.psk ) % 2 != 0 )
462 {
463 printf("pre-shared key not valid hex\n");
464 goto exit;
465 }
466
467 psk_len = strlen( opt.psk ) / 2;
468
469 for( j = 0; j < strlen( opt.psk ); j += 2 )
470 {
471 c = opt.psk[j];
472 if( c >= '0' && c <= '9' )
473 c -= '0';
474 else if( c >= 'a' && c <= 'f' )
475 c -= 'a' - 10;
476 else if( c >= 'A' && c <= 'F' )
477 c -= 'A' - 10;
478 else
479 {
480 printf("pre-shared key not valid hex\n");
481 goto exit;
482 }
483 psk[ j / 2 ] = c << 4;
484
485 c = opt.psk[j + 1];
486 if( c >= '0' && c <= '9' )
487 c -= '0';
488 else if( c >= 'a' && c <= 'f' )
489 c -= 'a' - 10;
490 else if( c >= 'A' && c <= 'F' )
491 c -= 'A' - 10;
492 else
493 {
494 printf("pre-shared key not valid hex\n");
495 goto exit;
496 }
497 psk[ j / 2 ] |= c;
498 }
499 }
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]500#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]501
502 /*
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]503 * 0. Initialize the RNG and the session data
504 */
505 printf( "\n . Seeding the random number generator..." );
506 fflush( stdout );
507
508 entropy_init( &entropy );
509 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]510 (const unsigned char *) pers,
511 strlen( pers ) ) ) != 0 )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]512 {
513 printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
514 goto exit;
515 }
516
517 printf( " ok\n" );
518
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]519#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]520 /*
521 * 1.1. Load the trusted CA
522 */
523 printf( " . Loading the CA root certificate ..." );
524 fflush( stdout );
525
526#if defined(POLARSSL_FS_IO)
527 if( strlen( opt.ca_path ) )
528 ret = x509parse_crtpath( &cacert, opt.ca_path );
529 else if( strlen( opt.ca_file ) )
530 ret = x509parse_crtfile( &cacert, opt.ca_file );
531 else
532#endif
533#if defined(POLARSSL_CERTS_C)
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]534 ret = x509parse_crt( &cacert, (const unsigned char *) test_ca_crt,
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]535 strlen( test_ca_crt ) );
536#else
537 {
538 ret = 1;
539 printf("POLARSSL_CERTS_C not defined.");
540 }
541#endif
542 if( ret < 0 )
543 {
544 printf( " failed\n ! x509parse_crt returned -0x%x\n\n", -ret );
545 goto exit;
546 }
547
548 printf( " ok (%d skipped)\n", ret );
549
550 /*
551 * 1.2. Load own certificate and private key
552 */
553 printf( " . Loading the server cert. and key..." );
554 fflush( stdout );
555
556#if defined(POLARSSL_FS_IO)
557 if( strlen( opt.crt_file ) )
558 ret = x509parse_crtfile( &srvcert, opt.crt_file );
559 else
560#endif
561#if defined(POLARSSL_CERTS_C)
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]562 ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt,
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]563 strlen( test_srv_crt ) );
564#else
565 {
566 ret = 1;
567 printf("POLARSSL_CERTS_C not defined.");
568 }
569#endif
570 if( ret != 0 )
571 {
572 printf( " failed\n ! x509parse_crt returned -0x%x\n\n", -ret );
573 goto exit;
574 }
575
576#if defined(POLARSSL_FS_IO)
577 if( strlen( opt.key_file ) )
Manuel Pégourié-Gonnardba4878a2013-06-27 10:51:01 +0200[diff] [blame]578 ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]579 else
580#endif
581#if defined(POLARSSL_CERTS_C)
Manuel Pégourié-Gonnardba4878a2013-06-27 10:51:01 +0200[diff] [blame]582 ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]583 strlen( test_srv_key ), NULL, 0 );
584#else
585 {
586 ret = 1;
587 printf("POLARSSL_CERTS_C not defined.");
588 }
589#endif
590 if( ret != 0 )
591 {
Manuel Pégourié-Gonnardba4878a2013-06-27 10:51:01 +0200[diff] [blame]592 printf( " failed\n ! x509parse_key_rsa returned -0x%x\n\n", -ret );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]593 goto exit;
594 }
595
596 printf( " ok\n" );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]597#endif /* POLARSSL_X509_PARSE_C */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]598
599 /*
600 * 2. Setup the listening TCP socket
601 */
602 printf( " . Bind on tcp://localhost:%-4d/ ...", opt.server_port );
603 fflush( stdout );
604
605 if( ( ret = net_bind( &listen_fd, NULL, opt.server_port ) ) != 0 )
606 {
607 printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
608 goto exit;
609 }
610
611 printf( " ok\n" );
612
613 /*
614 * 3. Setup stuff
615 */
616 printf( " . Setting up the SSL/TLS structure..." );
617 fflush( stdout );
618
619 if( ( ret = ssl_init( &ssl ) ) != 0 )
620 {
621 printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
622 goto exit;
623 }
624
625 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]626 ssl_set_authmode( &ssl, opt.auth_mode );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]627
Paul Bakker05decb22013-08-15 13:33:48 +0200[diff] [blame]628#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]629 ssl_set_max_frag_len( &ssl, opt.mfl_code );
Paul Bakker05decb22013-08-15 13:33:48 +0200[diff] [blame]630#endif
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]631
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]632 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
633 ssl_set_dbg( &ssl, my_debug, stdout );
634
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]635#if defined(POLARSSL_SSL_CACHE_C)
636 ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
637 ssl_cache_set, &cache );
638#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]639
Paul Bakkera503a632013-08-14 13:48:06 +0200[diff] [blame]640#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]641 ssl_set_session_tickets( &ssl, opt.tickets );
Paul Bakkera503a632013-08-14 13:48:06 +0200[diff] [blame]642#endif
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]643
Paul Bakker41c83d32013-03-20 14:39:14 +0100[diff] [blame]644 if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]645 ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
646
647 ssl_set_renegotiation( &ssl, opt.renegotiation );
648 ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
649
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]650#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]651 ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
652 ssl_set_own_cert( &ssl, &srvcert, &rsa );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]653#endif
654
655#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
Paul Bakker3c5ef712013-06-25 16:37:45 +0200[diff] [blame]656 ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity,
Paul Bakkerfbb17802013-04-17 19:10:21 +0200[diff] [blame]657 strlen( opt.psk_identity ) );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]658#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]659
660#if defined(POLARSSL_DHM_C)
Paul Bakker5d19f862012-09-28 07:33:00 +0000[diff] [blame]661 /*
662 * Use different group than default DHM group
663 */
Paul Bakkerd4324102012-09-26 08:29:38 +0000[diff] [blame]664 ssl_set_dh_param( &ssl, POLARSSL_DHM_RFC5114_MODP_2048_P,
665 POLARSSL_DHM_RFC5114_MODP_2048_G );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]666#endif
667
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]668 if( opt.min_version != -1 )
669 ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
670
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]671 if( opt.max_version != -1 )
672 ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
673
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]674 printf( " ok\n" );
675
676reset:
677#ifdef POLARSSL_ERROR_C
678 if( ret != 0 )
679 {
680 char error_buf[100];
Paul Bakker03a8a792013-06-30 12:18:08 +0200[diff] [blame]681 polarssl_strerror( ret, error_buf, 100 );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]682 printf("Last error was: %d - %s\n\n", ret, error_buf );
683 }
684#endif
685
686 if( client_fd != -1 )
687 net_close( client_fd );
688
689 ssl_session_reset( &ssl );
690
691 /*
692 * 3. Wait until a client connects
693 */
694#if defined(_WIN32_WCE)
695 {
696 SHELLEXECUTEINFO sei;
697
698 ZeroMemory( &sei, sizeof( SHELLEXECUTEINFO ) );
699
700 sei.cbSize = sizeof( SHELLEXECUTEINFO );
701 sei.fMask = 0;
702 sei.hwnd = 0;
703 sei.lpVerb = _T( "open" );
704 sei.lpFile = _T( "https://localhost:4433/" );
705 sei.lpParameters = NULL;
706 sei.lpDirectory = NULL;
707 sei.nShow = SW_SHOWNORMAL;
708
709 ShellExecuteEx( &sei );
710 }
711#elif defined(_WIN32)
712 ShellExecute( NULL, "open", "https://localhost:4433/",
713 NULL, NULL, SW_SHOWNORMAL );
714#endif
715
716 client_fd = -1;
717
718 printf( " . Waiting for a remote connection ..." );
719 fflush( stdout );
720
721 if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
722 {
723 printf( " failed\n ! net_accept returned -0x%x\n\n", -ret );
724 goto exit;
725 }
726
727 ssl_set_bio( &ssl, net_recv, &client_fd,
728 net_send, &client_fd );
729
730 printf( " ok\n" );
731
732 /*
733 * 4. Handshake
734 */
735 printf( " . Performing the SSL/TLS handshake..." );
736 fflush( stdout );
737
738 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
739 {
740 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
741 {
742 printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]743 goto reset;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]744 }
745 }
746
747 printf( " ok\n [ Ciphersuite is %s ]\n",
748 ssl_get_ciphersuite( &ssl ) );
749
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]750#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]751 /*
752 * 5. Verify the server certificate
753 */
754 printf( " . Verifying peer X.509 certificate..." );
755
756 if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
757 {
758 printf( " failed\n" );
759
Paul Bakkerb0550d92012-10-30 07:51:03 +0000[diff] [blame]760 if( !ssl_get_peer_cert( &ssl ) )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]761 printf( " ! no client certificate sent\n" );
762
763 if( ( ret & BADCERT_EXPIRED ) != 0 )
764 printf( " ! client certificate has expired\n" );
765
766 if( ( ret & BADCERT_REVOKED ) != 0 )
767 printf( " ! client certificate has been revoked\n" );
768
769 if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
770 printf( " ! self-signed or not signed by a trusted CA\n" );
771
772 printf( "\n" );
773 }
774 else
775 printf( " ok\n" );
776
Paul Bakkerb0550d92012-10-30 07:51:03 +0000[diff] [blame]777 if( ssl_get_peer_cert( &ssl ) )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]778 {
779 printf( " . Peer certificate information ...\n" );
780 x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
Paul Bakkerb0550d92012-10-30 07:51:03 +0000[diff] [blame]781 ssl_get_peer_cert( &ssl ) );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]782 printf( "%s\n", buf );
783 }
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]784#endif /* POLARSSL_X509_PARSE_C */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]785
786 /*
787 * 6. Read the HTTP Request
788 */
789 printf( " < Read from client:" );
790 fflush( stdout );
791
792 do
793 {
794 len = sizeof( buf ) - 1;
795 memset( buf, 0, sizeof( buf ) );
796 ret = ssl_read( &ssl, buf, len );
797
798 if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
799 continue;
800
801 if( ret <= 0 )
802 {
803 switch( ret )
804 {
805 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
806 printf( " connection was closed gracefully\n" );
807 break;
808
809 case POLARSSL_ERR_NET_CONN_RESET:
810 printf( " connection was reset by peer\n" );
811 break;
812
813 default:
814 printf( " ssl_read returned -0x%x\n", -ret );
815 break;
816 }
817
818 break;
819 }
820
821 len = ret;
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]822 printf( " %d bytes read\n\n%s\n", len, (char *) buf );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]823
Paul Bakker82024bf2013-07-04 11:52:32 +0200[diff] [blame]824 if( memcmp( buf, "SERVERQUIT", 10 ) == 0 )
825 goto exit;
826
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]827 if( ret > 0 )
828 break;
829 }
830 while( 1 );
831
832 /*
833 * 7. Write the 200 Response
834 */
835 printf( " > Write to client:" );
836 fflush( stdout );
837
838 len = sprintf( (char *) buf, HTTP_RESPONSE,
839 ssl_get_ciphersuite( &ssl ) );
840
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]841 for( written = 0, frags = 0; written < len; written += ret, frags++ )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]842 {
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]843 while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]844 {
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]845 if( ret == POLARSSL_ERR_NET_CONN_RESET )
846 {
847 printf( " failed\n ! peer closed the connection\n\n" );
848 goto reset;
849 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]850
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]851 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
852 {
853 printf( " failed\n ! ssl_write returned %d\n\n", ret );
854 goto exit;
855 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]856 }
857 }
858
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200[diff] [blame]859 buf[written] = '\0';
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]860 printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]861
862 ret = 0;
863 goto reset;
864
865exit:
866
867#ifdef POLARSSL_ERROR_C
868 if( ret != 0 )
869 {
870 char error_buf[100];
Paul Bakker03a8a792013-06-30 12:18:08 +0200[diff] [blame]871 polarssl_strerror( ret, error_buf, 100 );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]872 printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
873 }
874#endif
875
876 net_close( client_fd );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]877#if defined(POLARSSL_X509_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]878 x509_free( &srvcert );
879 x509_free( &cacert );
880 rsa_free( &rsa );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]881#endif
882
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]883 ssl_free( &ssl );
884
Paul Bakker0a597072012-09-25 21:55:46 +0000[diff] [blame]885#if defined(POLARSSL_SSL_CACHE_C)
886 ssl_cache_free( &cache );
887#endif
888
Paul Bakker82024bf2013-07-04 11:52:32 +0200[diff] [blame]889#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && defined(POLARSSL_MEMORY_DEBUG)
890 memory_buffer_alloc_status();
891#endif
892
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]893#if defined(_WIN32)
894 printf( " + Press Enter to exit this program.\n" );
895 fflush( stdout ); getchar();
896#endif
897
Paul Bakkerdbd79ca2013-07-24 16:28:35 +0200[diff] [blame]898 // Shell can not handle large exit numbers -> 1 for errors
899 if( ret < 0 )
900 ret = 1;
901
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000[diff] [blame]902 return( ret );
903}
904#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
905 POLARSSL_SSL_SRV_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
906 POLARSSL_CTR_DRBG_C */