TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / ca4ab491585b432d7db0266aa6fbcbc6813eda00 / . / programs / ssl / ssl_server.c
blob: 0d24787185ada74577579db53177e6ad0b5aee7f [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * SSL server demonstration program
3 *
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]4 * Copyright (C) 2006-2011, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]30#if defined(_WIN32)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]31#include <windows.h>
32#endif
33
34#include <string.h>
35#include <stdlib.h>
36#include <stdio.h>
37
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]38#include "polarssl/config.h"
39
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]40#include "polarssl/entropy.h"
41#include "polarssl/ctr_drbg.h"
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]42#include "polarssl/certs.h"
43#include "polarssl/x509.h"
44#include "polarssl/ssl.h"
45#include "polarssl/net.h"
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]46#include "polarssl/error.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]47
48#define HTTP_RESPONSE \
49 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
Paul Bakkereaca51d2010-08-16 12:00:14 +0000[diff] [blame]50 "<h2>PolarSSL Test Server</h2>\r\n" \
51 "<p>Successful connection using: %s</p>\r\n"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]52
53/*
54 * Computing a "safe" DH-1024 prime can take a very
55 * long time, so a precomputed value is provided below.
56 * You may run dh_genprime to generate a new value.
57 */
58char *my_dhm_P =
59 "E4004C1F94182000103D883A448B3F80" \
60 "2CE4B44A83301270002C20D0321CFD00" \
61 "11CCEF784C26A400F43DFB901BCA7538" \
62 "F2C6B176001CF5A0FD16D2C48B1D0C1C" \
63 "F6AC8E1DA6BCC3B4E1F96B0564965300" \
64 "FFA1D0B601EB2800F489AA512C4B248C" \
65 "01F76949A60BB7F00A40B1EAB64BDD48" \
66 "E8A700D60B7F1200FA8E77B0A979DABF";
67
68char *my_dhm_G = "4";
69
70/*
71 * Sorted by order of preference
72 */
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]73int my_ciphersuites[] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]74{
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]75#if defined(POLARSSL_DHM_C)
76#if defined(POLARSSL_AES_C)
77#if defined(POLARSSL_SHA2_C)
78 SSL_EDH_RSA_AES_256_SHA256,
79 SSL_EDH_RSA_AES_128_SHA256,
80#endif /* POLARSSL_SHA2_C */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]81 SSL_EDH_RSA_AES_256_SHA,
Paul Bakker77a43582010-06-15 21:32:46 +0000[diff] [blame]82 SSL_EDH_RSA_AES_128_SHA,
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame^]83#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
84 SSL_EDH_RSA_AES_256_GCM_SHA384,
85#endif
86#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
87 SSL_EDH_RSA_AES_128_GCM_SHA256,
88#endif
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]89#endif
90#if defined(POLARSSL_CAMELLIA_C)
91#if defined(POLARSSL_SHA2_C)
92 SSL_EDH_RSA_CAMELLIA_256_SHA256,
93 SSL_EDH_RSA_CAMELLIA_128_SHA256,
94#endif /* POLARSSL_SHA2_C */
95 SSL_EDH_RSA_CAMELLIA_256_SHA,
Paul Bakker77a43582010-06-15 21:32:46 +0000[diff] [blame]96 SSL_EDH_RSA_CAMELLIA_128_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]97#endif
98#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]99 SSL_EDH_RSA_DES_168_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]100#endif
101#endif
102
103#if defined(POLARSSL_AES_C)
104#if defined(POLARSSL_SHA2_C)
105 SSL_RSA_AES_256_SHA256,
106#endif /* POLARSSL_SHA2_C */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]107 SSL_RSA_AES_256_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]108#endif
109#if defined(POLARSSL_CAMELLIA_C)
110#if defined(POLARSSL_SHA2_C)
111 SSL_RSA_CAMELLIA_256_SHA256,
112#endif /* POLARSSL_SHA2_C */
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]113 SSL_RSA_CAMELLIA_256_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]114#endif
115#if defined(POLARSSL_AES_C)
116#if defined(POLARSSL_SHA2_C)
117 SSL_RSA_AES_128_SHA256,
118#endif /* POLARSSL_SHA2_C */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]119 SSL_RSA_AES_128_SHA,
Paul Bakkerca4ab492012-04-18 14:23:57 +0000[diff] [blame^]120#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA4_C)
121 SSL_RSA_AES_256_GCM_SHA384,
122#endif
123#if defined(POLARSSL_GCM_C) && defined(POLARSSL_SHA2_C)
124 SSL_RSA_AES_128_GCM_SHA256,
125#endif
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]126#endif
127#if defined(POLARSSL_CAMELLIA_C)
128#if defined(POLARSSL_SHA2_C)
129 SSL_RSA_CAMELLIA_128_SHA256,
130#endif /* POLARSSL_SHA2_C */
Paul Bakkerb5ef0ba2009-01-11 20:25:36 +0000[diff] [blame]131 SSL_RSA_CAMELLIA_128_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]132#endif
133#if defined(POLARSSL_DES_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]134 SSL_RSA_DES_168_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]135#endif
136#if defined(POLARSSL_ARC4_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]137 SSL_RSA_RC4_128_SHA,
138 SSL_RSA_RC4_128_MD5,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]139#endif
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]140#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]141#if defined(POLARSSL_DES_C)
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]142 SSL_EDH_RSA_DES_SHA,
143 SSL_RSA_DES_SHA,
Paul Bakker10cd2252012-04-12 21:26:34 +0000[diff] [blame]144#endif
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]145#if defined(POLARSSL_CIPHER_NULL_CIPHER)
146 SSL_RSA_NULL_MD5,
147 SSL_RSA_NULL_SHA,
148 SSL_RSA_NULL_SHA256,
149#endif
150#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]151 0
152};
153
154#define DEBUG_LEVEL 0
155
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]156void my_debug( void *ctx, int level, const char *str )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]157{
158 if( level < DEBUG_LEVEL )
159 {
160 fprintf( (FILE *) ctx, "%s", str );
161 fflush( (FILE *) ctx );
162 }
163}
164
165/*
166 * These session callbacks use a simple chained list
167 * to store and retrieve the session information.
168 */
169ssl_session *s_list_1st = NULL;
170ssl_session *cur, *prv;
171
172static int my_get_session( ssl_context *ssl )
173{
174 time_t t = time( NULL );
175
176 if( ssl->resume == 0 )
177 return( 1 );
178
179 cur = s_list_1st;
180 prv = NULL;
181
182 while( cur != NULL )
183 {
184 prv = cur;
185 cur = cur->next;
186
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]187 if( ssl->timeout != 0 && (int) ( t - prv->start ) > ssl->timeout )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]188 continue;
189
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]190 if( ssl->session->ciphersuite != prv->ciphersuite ||
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]191 ssl->session->length != prv->length )
192 continue;
193
194 if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
195 continue;
196
197 memcpy( ssl->session->master, prv->master, 48 );
198 return( 0 );
199 }
200
201 return( 1 );
202}
203
204static int my_set_session( ssl_context *ssl )
205{
206 time_t t = time( NULL );
207
208 cur = s_list_1st;
209 prv = NULL;
210
211 while( cur != NULL )
212 {
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]213 if( ssl->timeout != 0 && (int) ( t - cur->start ) > ssl->timeout )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]214 break; /* expired, reuse this slot */
215
216 if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
217 break; /* client reconnected */
218
219 prv = cur;
220 cur = cur->next;
221 }
222
223 if( cur == NULL )
224 {
225 cur = (ssl_session *) malloc( sizeof( ssl_session ) );
226 if( cur == NULL )
227 return( 1 );
228
229 if( prv == NULL )
230 s_list_1st = cur;
231 else prv->next = cur;
232 }
233
234 memcpy( cur, ssl->session, sizeof( ssl_session ) );
235
236 return( 0 );
237}
238
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]239#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_CERTS_C) || \
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]240 !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_SSL_TLS_C) || \
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]241 !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_NET_C) || \
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]242 !defined(POLARSSL_RSA_C) || !defined(POLARSSL_CTR_DRBG_C)
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]243int main( int argc, char *argv[] )
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]244{
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]245 ((void) argc);
246 ((void) argv);
247
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]248 printf("POLARSSL_BIGNUM_C and/or POLARSSL_CERTS_C and/or POLARSSL_ENTROPY_C "
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]249 "and/or POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]250 "POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
251 "POLARSSL_CTR_DRBG_C not defined.\n");
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]252 return( 0 );
253}
254#else
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]255int main( int argc, char *argv[] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]256{
257 int ret, len;
258 int listen_fd;
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]259 int client_fd = -1;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]260 unsigned char buf[1024];
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]261 char *pers = "ssl_server";
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]262
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]263 entropy_context entropy;
264 ctr_drbg_context ctr_drbg;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]265 ssl_context ssl;
266 ssl_session ssn;
267 x509_cert srvcert;
268 rsa_context rsa;
269
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]270 ((void) argc);
271 ((void) argv);
272
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]273 memset( &ssl, 0, sizeof( ssl_context ) );
274
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]275 /*
276 * 1. Load the certificates and private RSA key
277 */
278 printf( "\n . Loading the server cert. and key..." );
279 fflush( stdout );
280
281 memset( &srvcert, 0, sizeof( x509_cert ) );
282
283 /*
284 * This demonstration program uses embedded test certificates.
285 * Instead, you may want to use x509parse_crtfile() to read the
286 * server and CA certificates, as well as x509parse_keyfile().
287 */
288 ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]289 strlen( test_srv_crt ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]290 if( ret != 0 )
291 {
292 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
293 goto exit;
294 }
295
296 ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]297 strlen( test_ca_crt ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]298 if( ret != 0 )
299 {
300 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
301 goto exit;
302 }
303
Paul Bakker91b41592011-05-05 12:01:31 +0000[diff] [blame]304 rsa_init( &rsa, RSA_PKCS_V15, 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]305 ret = x509parse_key( &rsa, (unsigned char *) test_srv_key,
306 strlen( test_srv_key ), NULL, 0 );
307 if( ret != 0 )
308 {
309 printf( " failed\n ! x509parse_key returned %d\n\n", ret );
310 goto exit;
311 }
312
313 printf( " ok\n" );
314
315 /*
316 * 2. Setup the listening TCP socket
317 */
318 printf( " . Bind on https://localhost:4433/ ..." );
319 fflush( stdout );
320
321 if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 )
322 {
323 printf( " failed\n ! net_bind returned %d\n\n", ret );
324 goto exit;
325 }
326
327 printf( " ok\n" );
328
329 /*
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]330 * 3. Seed the RNG
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]331 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]332 printf( " . Seeding the random number generator..." );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]333 fflush( stdout );
334
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]335 entropy_init( &entropy );
336 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
337 (unsigned char *) pers, strlen( pers ) ) ) != 0 )
338 {
339 printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
340 goto exit;
341 }
342
343 printf( " ok\n" );
344
345 /*
346 * 4. Setup stuff
347 */
348 printf( " . Setting up the SSL data...." );
349 fflush( stdout );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]350
351 if( ( ret = ssl_init( &ssl ) ) != 0 )
352 {
353 printf( " failed\n ! ssl_init returned %d\n\n", ret );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]354 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]355 }
356
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]357 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
358 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
359
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]360 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]361 ssl_set_dbg( &ssl, my_debug, stdout );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]362
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]363 ssl_set_scb( &ssl, my_get_session,
364 my_set_session );
365
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]366 ssl_set_ciphersuites( &ssl, my_ciphersuites );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]367 ssl_set_session( &ssl, 1, 0, &ssn );
368
369 memset( &ssn, 0, sizeof( ssl_session ) );
370
Paul Bakker40ea7de2009-05-03 10:18:48 +0000[diff] [blame]371 ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]372 ssl_set_own_cert( &ssl, &srvcert, &rsa );
373 ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
374
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]375 printf( " ok\n" );
376
377reset:
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]378#ifdef POLARSSL_ERROR_C
379 if( ret != 0 )
380 {
381 char error_buf[100];
382 error_strerror( ret, error_buf, 100 );
383 printf("Last error was: %d - %s\n\n", ret, error_buf );
384 }
385#endif
386
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]387 if( client_fd != -1 )
388 net_close( client_fd );
389
390 ssl_session_reset( &ssl );
391
392 /*
393 * 3. Wait until a client connects
394 */
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]395#if defined(_WIN32_WCE)
396 {
397 SHELLEXECUTEINFO sei;
398
399 ZeroMemory( &sei, sizeof( SHELLEXECUTEINFO ) );
400
401 sei.cbSize = sizeof( SHELLEXECUTEINFO );
402 sei.fMask = 0;
403 sei.hwnd = 0;
404 sei.lpVerb = _T( "open" );
405 sei.lpFile = _T( "https://localhost:4433/" );
406 sei.lpParameters = NULL;
407 sei.lpDirectory = NULL;
408 sei.nShow = SW_SHOWNORMAL;
409
410 ShellExecuteEx( &sei );
411 }
412#elif defined(_WIN32)
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]413 ShellExecute( NULL, "open", "https://localhost:4433/",
414 NULL, NULL, SW_SHOWNORMAL );
415#endif
416
417 client_fd = -1;
418
419 printf( " . Waiting for a remote connection ..." );
420 fflush( stdout );
421
422 if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
423 {
424 printf( " failed\n ! net_accept returned %d\n\n", ret );
425 goto exit;
426 }
427
428 ssl_set_bio( &ssl, net_recv, &client_fd,
429 net_send, &client_fd );
430
431 printf( " ok\n" );
432
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]433 /*
434 * 5. Handshake
435 */
436 printf( " . Performing the SSL/TLS handshake..." );
437 fflush( stdout );
438
439 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
440 {
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]441 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]442 {
443 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]444 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]445 }
446 }
447
448 printf( " ok\n" );
449
450 /*
451 * 6. Read the HTTP Request
452 */
453 printf( " < Read from client:" );
454 fflush( stdout );
455
456 do
457 {
458 len = sizeof( buf ) - 1;
459 memset( buf, 0, sizeof( buf ) );
460 ret = ssl_read( &ssl, buf, len );
461
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]462 if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]463 continue;
464
465 if( ret <= 0 )
466 {
467 switch( ret )
468 {
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]469 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]470 printf( " connection was closed gracefully\n" );
471 break;
472
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]473 case POLARSSL_ERR_NET_CONN_RESET:
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]474 printf( " connection was reset by peer\n" );
475 break;
476
477 default:
Paul Bakker6f3578c2012-04-16 06:46:01 +0000[diff] [blame]478 printf( " ssl_read returned -0x%x\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]479 break;
480 }
481
482 break;
483 }
484
485 len = ret;
486 printf( " %d bytes read\n\n%s", len, (char *) buf );
487 }
488 while( 0 );
489
490 /*
491 * 7. Write the 200 Response
492 */
493 printf( " > Write to client:" );
494 fflush( stdout );
495
496 len = sprintf( (char *) buf, HTTP_RESPONSE,
Paul Bakkere3166ce2011-01-27 17:40:50 +0000[diff] [blame]497 ssl_get_ciphersuite( &ssl ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]498
499 while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
500 {
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]501 if( ret == POLARSSL_ERR_NET_CONN_RESET )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]502 {
503 printf( " failed\n ! peer closed the connection\n\n" );
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]504 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]505 }
506
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]507 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]508 {
509 printf( " failed\n ! ssl_write returned %d\n\n", ret );
510 goto exit;
511 }
512 }
513
514 len = ret;
515 printf( " %d bytes written\n\n%s\n", len, (char *) buf );
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]516
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]517 ret = 0;
Paul Bakker7eb013f2011-10-06 12:37:39 +0000[diff] [blame]518 goto reset;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]519
520exit:
521
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]522#ifdef POLARSSL_ERROR_C
523 if( ret != 0 )
524 {
525 char error_buf[100];
526 error_strerror( ret, error_buf, 100 );
527 printf("Last error was: %d - %s\n\n", ret, error_buf );
528 }
529#endif
530
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]531 net_close( client_fd );
532 x509_free( &srvcert );
533 rsa_free( &rsa );
534 ssl_free( &ssl );
535
536 cur = s_list_1st;
537 while( cur != NULL )
538 {
539 prv = cur;
540 cur = cur->next;
541 memset( prv, 0, sizeof( ssl_session ) );
542 free( prv );
543 }
544
545 memset( &ssl, 0, sizeof( ssl_context ) );
546
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]547#if defined(_WIN32)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]548 printf( " Press Enter to exit this program.\n" );
549 fflush( stdout ); getchar();
550#endif
551
552 return( ret );
553}
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]554#endif /* POLARSSL_BIGNUM_C && POLARSSL_CERTS_C && POLARSSL_ENTROPY_C &&
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]555 POLARSSL_SSL_TLS_C && POLARSSL_SSL_SRV_C && POLARSSL_NET_C &&
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]556 POLARSSL_RSA_C && POLARSSL_CTR_DRBG_C */