blob: 12a1224838c3cddf3ccc61c6ad21f4d90364e12b [file] [log] [blame]
Paul Bakker4fc45522010-03-18 20:11:58 +00001/*
2 * Certificate reading application
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +00004 * Copyright (C) 2006-2010, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +00005 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +00008 *
Paul Bakker4fc45522010-03-18 20:11:58 +00009 * All rights reserved.
10 *
Paul Bakker4fc45522010-03-18 20:11:58 +000011 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#ifndef _CRT_SECURE_NO_DEPRECATE
27#define _CRT_SECURE_NO_DEPRECATE 1
28#endif
29
30#include <string.h>
31#include <stdlib.h>
32#include <stdio.h>
33
34#include "polarssl/havege.h"
35#include "polarssl/net.h"
36#include "polarssl/ssl.h"
37#include "polarssl/x509.h"
38
39#define MODE_NONE 0
40#define MODE_FILE 1
41#define MODE_SSL 2
42
43#define DFL_MODE MODE_NONE
44#define DFL_FILENAME "cert.crt"
45#define DFL_SERVER_NAME "localhost"
46#define DFL_SERVER_PORT 4433
47#define DFL_DEBUG_LEVEL 0
48
49/*
50 * global options
51 */
52struct options
53{
54 int mode; /* the mode to run the application in */
55 char *filename; /* filename of the certificate file */
56 char *server_name; /* hostname of the server (client only) */
57 int server_port; /* port on which the ssl service runs */
58 int debug_level; /* level of debugging */
59} opt;
60
61void my_debug( void *ctx, int level, const char *str )
62{
63 if( level < opt.debug_level )
64 {
65 fprintf( (FILE *) ctx, "%s", str );
66 fflush( (FILE *) ctx );
67 }
68}
69
70#define USAGE \
71 "\n usage: cert_app param=<>...\n" \
72 "\n acceptable parameters:\n" \
73 " mode=file|ssl default: none\n" \
74 " filename=%%s default: cert.crt\n" \
75 " server_name=%%s default: localhost\n" \
76 " server_port=%%d default: 4433\n" \
77 " debug_level=%%d default: 0 (disabled)\n" \
78 "\n"
79
80int main( int argc, char *argv[] )
81{
82 int ret = 0, server_fd;
83 unsigned char buf[1024];
84 havege_state hs;
85 ssl_context ssl;
86 ssl_session ssn;
87 x509_cert clicert;
88 rsa_context rsa;
89 int i, j, n;
90 char *p, *q;
91
Paul Bakker1a207ec2011-02-06 13:22:40 +000092 /*
93 * Set to sane values
94 */
95 server_fd = 0;
96 memset( &ssl, 0, sizeof( ssl_context ) );
97 memset( &ssn, 0, sizeof( ssl_session ) );
98 memset( &clicert, 0, sizeof( x509_cert ) );
99 memset( &rsa, 0, sizeof( rsa_context ) );
100
Paul Bakker4fc45522010-03-18 20:11:58 +0000101 if( argc == 0 )
102 {
103 usage:
104 printf( USAGE );
105 goto exit;
106 }
107
108 opt.mode = DFL_MODE;
109 opt.filename = DFL_FILENAME;
110 opt.server_name = DFL_SERVER_NAME;
111 opt.server_port = DFL_SERVER_PORT;
112 opt.debug_level = DFL_DEBUG_LEVEL;
113
114 for( i = 1; i < argc; i++ )
115 {
116 n = strlen( argv[i] );
117
118 for( j = 0; j < n; j++ )
119 {
120 if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
121 argv[i][j] |= 0x20;
122 }
123
124 p = argv[i];
125 if( ( q = strchr( p, '=' ) ) == NULL )
126 goto usage;
127 *q++ = '\0';
128
129 if( strcmp( p, "mode" ) == 0 )
130 {
131 if( strcmp( q, "file" ) == 0 )
132 opt.mode = MODE_FILE;
133 else if( strcmp( q, "ssl" ) == 0 )
134 opt.mode = MODE_SSL;
135 else
136 goto usage;
137 }
138 else if( strcmp( p, "filename" ) == 0 )
139 opt.filename = q;
140 else if( strcmp( p, "server_name" ) == 0 )
141 opt.server_name = q;
142 else if( strcmp( p, "server_port" ) == 0 )
143 {
144 opt.server_port = atoi( q );
145 if( opt.server_port < 1 || opt.server_port > 65535 )
146 goto usage;
147 }
148 else if( strcmp( p, "debug_level" ) == 0 )
149 {
150 opt.debug_level = atoi( q );
151 if( opt.debug_level < 0 || opt.debug_level > 65535 )
152 goto usage;
153 }
154 else
155 goto usage;
156 }
157
158 if( opt.mode == MODE_FILE )
159 {
160 x509_cert crt;
Paul Bakker4fc45522010-03-18 20:11:58 +0000161 memset( &crt, 0, sizeof( x509_cert ) );
162
163 /*
164 * 1.1. Load the certificate
165 */
166 printf( "\n . Loading the certificate ..." );
167 fflush( stdout );
168
169 ret = x509parse_crtfile( &crt, opt.filename );
170
171 if( ret != 0 )
172 {
173 printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
174 x509_free( &crt );
175 goto exit;
176 }
177
178 printf( " ok\n" );
179
180 /*
181 * 1.2 Print the certificate
182 */
183 printf( " . Peer certificate information ...\n" );
184 ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", &crt );
185 if( ret == -1 )
186 {
187 printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
188 x509_free( &crt );
189 goto exit;
190 }
191
192 printf( "%s\n", buf );
193
194 x509_free( &crt );
195 }
196 else if( opt.mode == MODE_SSL )
197 {
198 /*
199 * 1. Initialize the RNG and the session data
200 */
201 havege_init( &hs );
Paul Bakker4fc45522010-03-18 20:11:58 +0000202
203 /*
204 * 2. Start the connection
205 */
206 printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
207 opt.server_port );
208 fflush( stdout );
209
210 if( ( ret = net_connect( &server_fd, opt.server_name,
211 opt.server_port ) ) != 0 )
212 {
213 printf( " failed\n ! net_connect returned %d\n\n", ret );
214 goto exit;
215 }
216
217 /*
218 * 3. Setup stuff
219 */
220 if( ( ret = ssl_init( &ssl ) ) != 0 )
221 {
222 printf( " failed\n ! ssl_init returned %d\n\n", ret );
223 goto exit;
224 }
225
226 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
227 ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
228
229 ssl_set_rng( &ssl, havege_rand, &hs );
230 ssl_set_dbg( &ssl, my_debug, stdout );
231 ssl_set_bio( &ssl, net_recv, &server_fd,
232 net_send, &server_fd );
233
Paul Bakkere3166ce2011-01-27 17:40:50 +0000234 ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
Paul Bakker4fc45522010-03-18 20:11:58 +0000235 ssl_set_session( &ssl, 1, 600, &ssn );
236
237 ssl_set_own_cert( &ssl, &clicert, &rsa );
238
239 ssl_set_hostname( &ssl, opt.server_name );
240
241 /*
242 * 4. Handshake
243 */
244 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
245 {
246 if( ret != POLARSSL_ERR_NET_TRY_AGAIN )
247 {
248 printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
249 goto exit;
250 }
251 }
252
253 printf( " ok\n" );
254
255 /*
256 * 5. Print the certificate
257 */
258 printf( " . Peer certificate information ...\n" );
259 ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.peer_cert );
260 if( ret == -1 )
261 {
262 printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
263 goto exit;
264 }
265
266 printf( "%s\n", buf );
267
268 ssl_close_notify( &ssl );
269 }
270 else
271 goto usage;
272
273exit:
274
Paul Bakker1a207ec2011-02-06 13:22:40 +0000275 if( server_fd )
276 net_close( server_fd );
Paul Bakker4fc45522010-03-18 20:11:58 +0000277 x509_free( &clicert );
278 rsa_free( &rsa );
279 ssl_free( &ssl );
280
281 memset( &ssl, 0, sizeof( ssl ) );
282
283#ifdef WIN32
284 printf( " + Press Enter to exit this program.\n" );
285 fflush( stdout ); getchar();
286#endif
287
288 return( ret );
289}