TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1bd2281260980d76c7cf76e830fea69707ef03b5 / . / programs / ssl / ssl_client2.c
blob: d4428f2ff3d6e16a57b2925e8ff9e0534931d1b5 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * SSL client with certificate authentication
3 *
Paul Bakker3c5ef712013-06-25 16:37:45 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
Manuel Pégourié-Gonnardabd6e022013-09-20 13:30:43 +0200[diff] [blame]26#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]27
28#include <string.h>
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]29#include <stdlib.h>
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]30#include <stdio.h>
31
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/net.h"
33#include "polarssl/ssl.h"
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]34#include "polarssl/entropy.h"
35#include "polarssl/ctr_drbg.h"
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]36#include "polarssl/certs.h"
37#include "polarssl/x509.h"
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]38#include "polarssl/error.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]39
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]40#if defined(POLARSSL_TIMING_C)
41#include "polarssl/timing.h"
42#endif
43
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]44#define DFL_SERVER_NAME "localhost"
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100[diff] [blame]45#define DFL_SERVER_ADDR NULL
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]46#define DFL_SERVER_PORT 4433
47#define DFL_REQUEST_PAGE "/"
48#define DFL_DEBUG_LEVEL 0
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100[diff] [blame]49#define DFL_NBIO 0
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]50#define DFL_CA_FILE ""
Paul Bakker8d914582012-06-04 12:46:42 +0000[diff] [blame]51#define DFL_CA_PATH ""
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]52#define DFL_CRT_FILE ""
53#define DFL_KEY_FILE ""
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]54#define DFL_PSK ""
55#define DFL_PSK_IDENTITY "Client_identity"
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]56#define DFL_FORCE_CIPHER 0
Manuel Pégourié-Gonnard00d538f2014-03-31 10:44:40 +0200[diff] [blame]57#define DFL_RENEGOTIATION SSL_RENEGOTIATION_DISABLED
Paul Bakkerd0f6fa72012-09-17 09:18:12 +0000[diff] [blame]58#define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]59#define DFL_RENEGOTIATE 0
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]60#define DFL_MIN_VERSION -1
61#define DFL_MAX_VERSION -1
Manuel Pégourié-Gonnardfcf2fc22014-03-11 11:10:27 +0100[diff] [blame]62#define DFL_AUTH_MODE SSL_VERIFY_REQUIRED
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +0200[diff] [blame]63#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200[diff] [blame]64#define DFL_TRUNC_HMAC 0
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]65#define DFL_RECONNECT 0
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]66#define DFL_RECO_DELAY 0
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]67#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]68#define DFL_ALPN_STRING NULL
Paul Bakker0e6975b2009-02-10 22:19:10 +0000[diff] [blame]69
Manuel Pégourié-Gonnarde048b672013-07-19 12:47:00 +0200[diff] [blame]70#define LONG_HEADER "User-agent: blah-blah-blah-blah-blah-blah-blah-blah-" \
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]71 "-01--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
72 "-02--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
73 "-03--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
74 "-04--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
75 "-05--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
76 "-06--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-" \
77 "-07--blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-END\r\n"
Manuel Pégourié-Gonnard787b6582013-07-16 15:43:17 +0200[diff] [blame]78
Manuel Pégourié-Gonnarde048b672013-07-19 12:47:00 +0200[diff] [blame]79/* Uncomment LONG_HEADER in the definition of GET_REQUEST to test sending
80 * longer paquets (for fragmentation purposes) */
81#define GET_REQUEST "GET %s HTTP/1.0\r\n" /* LONG_HEADER */ "\r\n"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]82
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]83/*
84 * global options
85 */
86struct options
87{
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]88 const char *server_name; /* hostname of the server (client only) */
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100[diff] [blame]89 const char *server_addr; /* address of the server (client only) */
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]90 int server_port; /* port on which the ssl service runs */
91 int debug_level; /* level of debugging */
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100[diff] [blame]92 int nbio; /* should I/O be blocking? */
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]93 const char *request_page; /* page on server to request */
94 const char *ca_file; /* the file with the CA certificate(s) */
95 const char *ca_path; /* the path with the CA certificate(s) reside */
96 const char *crt_file; /* the file with the client certificate */
97 const char *key_file; /* the file with the client key */
98 const char *psk; /* the pre-shared key */
99 const char *psk_identity; /* the pre-shared key identity */
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]100 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]101 int renegotiation; /* enable / disable renegotiation */
102 int allow_legacy; /* allow legacy renegotiation */
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]103 int renegotiate; /* attempt renegotiation? */
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]104 int min_version; /* minimum protocol version accepted */
105 int max_version; /* maximum protocol version accepted */
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]106 int auth_mode; /* verify mode for connection */
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +0200[diff] [blame]107 unsigned char mfl_code; /* code for maximum fragment length */
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200[diff] [blame]108 int trunc_hmac; /* negotiate truncated hmac or not */
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]109 int reconnect; /* attempt to resume session */
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]110 int reco_delay; /* delay in seconds before resuming session */
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]111 int tickets; /* enable / disable session tickets */
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]112 const char *alpn_string; /* ALPN supported protocols */
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]113} opt;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]114
Paul Bakker3c5ef712013-06-25 16:37:45 +0200[diff] [blame]115static void my_debug( void *ctx, int level, const char *str )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]116{
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]117 if( level < opt.debug_level )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]118 {
119 fprintf( (FILE *) ctx, "%s", str );
120 fflush( (FILE *) ctx );
121 }
122}
123
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100[diff] [blame]124/*
125 * Test recv/send functions that make sure each try returns
126 * WANT_READ/WANT_WRITE at least once before sucesseding
127 */
128static int my_recv( void *ctx, unsigned char *buf, size_t len )
129{
130 static int first_try = 1;
131 int ret;
132
133 if( first_try )
134 {
135 first_try = 0;
136 return( POLARSSL_ERR_NET_WANT_READ );
137 }
138
139 ret = net_recv( ctx, buf, len );
140 if( ret != POLARSSL_ERR_NET_WANT_READ )
141 first_try = 1; /* Next call will be a new operation */
142 return( ret );
143}
144
145static int my_send( void *ctx, const unsigned char *buf, size_t len )
146{
147 static int first_try = 1;
148 int ret;
149
150 if( first_try )
151 {
152 first_try = 0;
153 return( POLARSSL_ERR_NET_WANT_WRITE );
154 }
155
156 ret = net_send( ctx, buf, len );
157 if( ret != POLARSSL_ERR_NET_WANT_WRITE )
158 first_try = 1; /* Next call will be a new operation */
159 return( ret );
160}
161
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]162#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker915275b2012-09-28 07:10:55 +0000[diff] [blame]163/*
164 * Enabled if debug_level > 1 in code below
165 */
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200[diff] [blame]166static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
Paul Bakker915275b2012-09-28 07:10:55 +0000[diff] [blame]167{
168 char buf[1024];
169 ((void) data);
170
171 printf( "\nVerify requested for (Depth %d):\n", depth );
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]172 x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
Paul Bakker915275b2012-09-28 07:10:55 +0000[diff] [blame]173 printf( "%s", buf );
174
175 if( ( (*flags) & BADCERT_EXPIRED ) != 0 )
176 printf( " ! server certificate has expired\n" );
177
178 if( ( (*flags) & BADCERT_REVOKED ) != 0 )
179 printf( " ! server certificate has been revoked\n" );
180
181 if( ( (*flags) & BADCERT_CN_MISMATCH ) != 0 )
182 printf( " ! CN mismatch\n" );
183
184 if( ( (*flags) & BADCERT_NOT_TRUSTED ) != 0 )
185 printf( " ! self-signed or not signed by a trusted CA\n" );
186
187 if( ( (*flags) & BADCRL_NOT_TRUSTED ) != 0 )
188 printf( " ! CRL not trusted\n" );
189
190 if( ( (*flags) & BADCRL_EXPIRED ) != 0 )
191 printf( " ! CRL expired\n" );
192
193 if( ( (*flags) & BADCERT_OTHER ) != 0 )
194 printf( " ! other (unknown) flag\n" );
195
196 if ( ( *flags ) == 0 )
197 printf( " This certificate has no flags\n" );
198
199 return( 0 );
200}
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]201#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker915275b2012-09-28 07:10:55 +0000[diff] [blame]202
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]203#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]204#if defined(POLARSSL_FS_IO)
205#define USAGE_IO \
Paul Bakker1f9d02d2012-11-20 10:30:55 +0100[diff] [blame]206 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
207 " default: \"\" (pre-loaded)\n" \
208 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
209 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
210 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
211 " default: \"\" (pre-loaded)\n" \
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]212 " key_file=%%s default: \"\" (pre-loaded)\n"
213#else
214#define USAGE_IO \
215 " No file operations available (POLARSSL_FS_IO not defined)\n"
216#endif /* POLARSSL_FS_IO */
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]217#else
218#define USAGE_IO ""
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]219#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]220
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200[diff] [blame]221#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]222#define USAGE_PSK \
223 " psk=%%s default: \"\" (in hex, without 0x)\n" \
224 " psk_identity=%%s default: \"Client_identity\"\n"
225#else
226#define USAGE_PSK ""
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200[diff] [blame]227#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]228
Paul Bakkera503a632013-08-14 13:48:06 +0200[diff] [blame]229#if defined(POLARSSL_SSL_SESSION_TICKETS)
230#define USAGE_TICKETS \
231 " tickets=%%d default: 1 (enabled)\n"
232#else
233#define USAGE_TICKETS ""
234#endif /* POLARSSL_SSL_SESSION_TICKETS */
235
Paul Bakker1f2bc622013-08-15 13:45:55 +0200[diff] [blame]236#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
237#define USAGE_TRUNC_HMAC \
238 " trunc_hmac=%%d default: 0 (disabled)\n"
239#else
240#define USAGE_TRUNC_HMAC ""
241#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
242
Paul Bakker05decb22013-08-15 13:33:48 +0200[diff] [blame]243#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
244#define USAGE_MAX_FRAG_LEN \
245 " max_frag_len=%%d default: 16384 (tls default)\n" \
246 " options: 512, 1024, 2048, 4096\n"
247#else
248#define USAGE_MAX_FRAG_LEN ""
249#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
250
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]251#if defined(POLARSSL_TIMING_C)
252#define USAGE_TIME \
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]253 " reco_delay=%%d default: 0 seconds\n"
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]254#else
255#define USAGE_TIME ""
256#endif /* POLARSSL_TIMING_C */
257
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]258#if defined(POLARSSL_SSL_ALPN)
259#define USAGE_ALPN \
260 " alpn=%%s default: \"\" (disabled)\n" \
261 " example: spdy/1,http/1.1\n"
262#else
263#define USAGE_ALPN ""
264#endif /* POLARSSL_SSL_ALPN */
265
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]266#define USAGE \
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]267 "\n usage: ssl_client2 param=<>...\n" \
268 "\n acceptable parameters:\n" \
269 " server_name=%%s default: localhost\n" \
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100[diff] [blame]270 " server_addr=%%s default: given by name\n" \
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]271 " server_port=%%d default: 4433\n" \
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]272 " request_page=%%s default: \".\"\n" \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100[diff] [blame]273 " debug_level=%%d default: 0 (disabled)\n" \
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100[diff] [blame]274 " nbio=%%d default: 0 (blocking I/O)\n" \
275 " options: 1 (non-blocking), 2 (added delays)\n" \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100[diff] [blame]276 "\n" \
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100[diff] [blame]277 " auth_mode=%%s default: \"optional\"\n" \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100[diff] [blame]278 " options: none, optional, required\n" \
279 USAGE_IO \
280 "\n" \
281 USAGE_PSK \
282 "\n" \
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]283 " renegotiation=%%d default: 1 (enabled)\n" \
284 " allow_legacy=%%d default: 0 (disabled)\n" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]285 " renegotiate=%%d default: 0 (disabled)\n" \
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]286 " reconnect=%%d default: 0 (disabled)\n" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]287 USAGE_TIME \
Paul Bakkera503a632013-08-14 13:48:06 +0200[diff] [blame]288 USAGE_TICKETS \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100[diff] [blame]289 USAGE_MAX_FRAG_LEN \
290 USAGE_TRUNC_HMAC \
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]291 USAGE_ALPN \
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]292 "\n" \
293 " min_version=%%s default: \"\" (ssl3)\n" \
294 " max_version=%%s default: \"\" (tls1_2)\n" \
295 " force_version=%%s default: \"\" (none)\n" \
296 " options: ssl3, tls1, tls1_1, tls1_2\n" \
Manuel Pégourié-Gonnardfcf2fc22014-03-11 11:10:27 +0100[diff] [blame]297 " auth_mode=%%s default: \"required\"\n" \
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]298 " options: none, optional, required\n" \
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]299 "\n" \
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]300 " force_ciphersuite=<name> default: all enabled\n"\
301 " acceptable ciphersuite names:\n"
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]302
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]303#if !defined(POLARSSL_ENTROPY_C) || \
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]304 !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]305 !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]306int main( int argc, char *argv[] )
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]307{
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]308 ((void) argc);
309 ((void) argv);
310
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]311 printf("POLARSSL_ENTROPY_C and/or "
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]312 "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]313 "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]314 return( 0 );
315}
316#else
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]317int main( int argc, char *argv[] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]318{
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]319 int ret = 0, len, server_fd, i, written, frags;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]320 unsigned char buf[1024];
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200[diff] [blame]321#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]322 unsigned char psk[256];
323 size_t psk_len = 0;
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]324#endif
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]325#if defined(POLARSSL_SSL_ALPN)
326 const char *alpn_list[10];
327#endif
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]328 const char *pers = "ssl_client2";
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]329
330 entropy_context entropy;
331 ctr_drbg_context ctr_drbg;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]332 ssl_context ssl;
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]333 ssl_session saved_session;
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]334#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200[diff] [blame]335 x509_crt cacert;
336 x509_crt clicert;
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200[diff] [blame]337 pk_context pkey;
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]338#endif
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]339 char *p, *q;
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]340 const int *list;
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]341
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]342 /*
343 * Make sure memory references are valid.
344 */
345 server_fd = 0;
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]346 memset( &ssl, 0, sizeof( ssl_context ) );
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]347 memset( &saved_session, 0, sizeof( ssl_session ) );
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]348#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]349 x509_crt_init( &cacert );
350 x509_crt_init( &clicert );
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200[diff] [blame]351 pk_init( &pkey );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]352#endif
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]353#if defined(POLARSSL_SSL_ALPN)
354 memset( alpn_list, 0, sizeof alpn_list );
355#endif
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]356
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]357 if( argc == 0 )
358 {
359 usage:
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]360 if( ret == 0 )
361 ret = 1;
362
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]363 printf( USAGE );
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]364
365 list = ssl_list_ciphersuites();
366 while( *list )
367 {
Paul Bakkerbcbe2d82013-04-19 09:10:20 +0200[diff] [blame]368 printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]369 list++;
370 if( !*list )
371 break;
372 printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]373 list++;
374 }
375 printf("\n");
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]376 goto exit;
377 }
378
379 opt.server_name = DFL_SERVER_NAME;
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100[diff] [blame]380 opt.server_addr = DFL_SERVER_ADDR;
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]381 opt.server_port = DFL_SERVER_PORT;
382 opt.debug_level = DFL_DEBUG_LEVEL;
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100[diff] [blame]383 opt.nbio = DFL_NBIO;
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]384 opt.request_page = DFL_REQUEST_PAGE;
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]385 opt.ca_file = DFL_CA_FILE;
Paul Bakker8d914582012-06-04 12:46:42 +0000[diff] [blame]386 opt.ca_path = DFL_CA_PATH;
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]387 opt.crt_file = DFL_CRT_FILE;
388 opt.key_file = DFL_KEY_FILE;
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]389 opt.psk = DFL_PSK;
390 opt.psk_identity = DFL_PSK_IDENTITY;
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]391 opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]392 opt.renegotiation = DFL_RENEGOTIATION;
393 opt.allow_legacy = DFL_ALLOW_LEGACY;
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]394 opt.renegotiate = DFL_RENEGOTIATE;
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]395 opt.min_version = DFL_MIN_VERSION;
396 opt.max_version = DFL_MAX_VERSION;
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]397 opt.auth_mode = DFL_AUTH_MODE;
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +0200[diff] [blame]398 opt.mfl_code = DFL_MFL_CODE;
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200[diff] [blame]399 opt.trunc_hmac = DFL_TRUNC_HMAC;
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]400 opt.reconnect = DFL_RECONNECT;
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]401 opt.reco_delay = DFL_RECO_DELAY;
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]402 opt.tickets = DFL_TICKETS;
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]403 opt.alpn_string = DFL_ALPN_STRING;
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]404
405 for( i = 1; i < argc; i++ )
406 {
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]407 p = argv[i];
408 if( ( q = strchr( p, '=' ) ) == NULL )
409 goto usage;
410 *q++ = '\0';
411
412 if( strcmp( p, "server_name" ) == 0 )
413 opt.server_name = q;
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100[diff] [blame]414 else if( strcmp( p, "server_addr" ) == 0 )
415 opt.server_addr = q;
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]416 else if( strcmp( p, "server_port" ) == 0 )
417 {
418 opt.server_port = atoi( q );
419 if( opt.server_port < 1 || opt.server_port > 65535 )
420 goto usage;
421 }
422 else if( strcmp( p, "debug_level" ) == 0 )
423 {
424 opt.debug_level = atoi( q );
425 if( opt.debug_level < 0 || opt.debug_level > 65535 )
426 goto usage;
427 }
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100[diff] [blame]428 else if( strcmp( p, "nbio" ) == 0 )
429 {
430 opt.nbio = atoi( q );
431 if( opt.nbio < 0 || opt.nbio > 2 )
432 goto usage;
433 }
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]434 else if( strcmp( p, "request_page" ) == 0 )
435 opt.request_page = q;
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]436 else if( strcmp( p, "ca_file" ) == 0 )
437 opt.ca_file = q;
Paul Bakker8d914582012-06-04 12:46:42 +0000[diff] [blame]438 else if( strcmp( p, "ca_path" ) == 0 )
439 opt.ca_path = q;
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]440 else if( strcmp( p, "crt_file" ) == 0 )
441 opt.crt_file = q;
442 else if( strcmp( p, "key_file" ) == 0 )
443 opt.key_file = q;
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]444 else if( strcmp( p, "psk" ) == 0 )
445 opt.psk = q;
446 else if( strcmp( p, "psk_identity" ) == 0 )
447 opt.psk_identity = q;
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]448 else if( strcmp( p, "force_ciphersuite" ) == 0 )
449 {
450 opt.force_ciphersuite[0] = -1;
451
452 opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
453
454 if( opt.force_ciphersuite[0] <= 0 )
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]455 {
456 ret = 2;
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]457 goto usage;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000[diff] [blame]458 }
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]459 opt.force_ciphersuite[1] = 0;
460 }
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]461 else if( strcmp( p, "renegotiation" ) == 0 )
462 {
463 opt.renegotiation = (atoi( q )) ? SSL_RENEGOTIATION_ENABLED :
464 SSL_RENEGOTIATION_DISABLED;
465 }
466 else if( strcmp( p, "allow_legacy" ) == 0 )
467 {
468 opt.allow_legacy = atoi( q );
469 if( opt.allow_legacy < 0 || opt.allow_legacy > 1 )
470 goto usage;
471 }
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]472 else if( strcmp( p, "renegotiate" ) == 0 )
473 {
474 opt.renegotiate = atoi( q );
475 if( opt.renegotiate < 0 || opt.renegotiate > 1 )
476 goto usage;
477 }
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]478 else if( strcmp( p, "reconnect" ) == 0 )
479 {
480 opt.reconnect = atoi( q );
Manuel Pégourié-Gonnardcf2e97e2013-08-02 15:04:36 +0200[diff] [blame]481 if( opt.reconnect < 0 || opt.reconnect > 2 )
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]482 goto usage;
483 }
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]484 else if( strcmp( p, "reco_delay" ) == 0 )
485 {
486 opt.reco_delay = atoi( q );
487 if( opt.reco_delay < 0 )
488 goto usage;
489 }
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]490 else if( strcmp( p, "tickets" ) == 0 )
491 {
492 opt.tickets = atoi( q );
493 if( opt.tickets < 0 || opt.tickets > 2 )
494 goto usage;
495 }
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]496 else if( strcmp( p, "alpn" ) == 0 )
497 {
498 opt.alpn_string = q;
499 }
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]500 else if( strcmp( p, "min_version" ) == 0 )
501 {
502 if( strcmp( q, "ssl3" ) == 0 )
503 opt.min_version = SSL_MINOR_VERSION_0;
504 else if( strcmp( q, "tls1" ) == 0 )
505 opt.min_version = SSL_MINOR_VERSION_1;
506 else if( strcmp( q, "tls1_1" ) == 0 )
507 opt.min_version = SSL_MINOR_VERSION_2;
508 else if( strcmp( q, "tls1_2" ) == 0 )
509 opt.min_version = SSL_MINOR_VERSION_3;
510 else
511 goto usage;
512 }
513 else if( strcmp( p, "max_version" ) == 0 )
514 {
515 if( strcmp( q, "ssl3" ) == 0 )
516 opt.max_version = SSL_MINOR_VERSION_0;
517 else if( strcmp( q, "tls1" ) == 0 )
518 opt.max_version = SSL_MINOR_VERSION_1;
519 else if( strcmp( q, "tls1_1" ) == 0 )
520 opt.max_version = SSL_MINOR_VERSION_2;
521 else if( strcmp( q, "tls1_2" ) == 0 )
522 opt.max_version = SSL_MINOR_VERSION_3;
523 else
524 goto usage;
525 }
526 else if( strcmp( p, "force_version" ) == 0 )
527 {
528 if( strcmp( q, "ssl3" ) == 0 )
529 {
530 opt.min_version = SSL_MINOR_VERSION_0;
531 opt.max_version = SSL_MINOR_VERSION_0;
532 }
533 else if( strcmp( q, "tls1" ) == 0 )
534 {
535 opt.min_version = SSL_MINOR_VERSION_1;
536 opt.max_version = SSL_MINOR_VERSION_1;
537 }
538 else if( strcmp( q, "tls1_1" ) == 0 )
539 {
540 opt.min_version = SSL_MINOR_VERSION_2;
541 opt.max_version = SSL_MINOR_VERSION_2;
542 }
543 else if( strcmp( q, "tls1_2" ) == 0 )
544 {
545 opt.min_version = SSL_MINOR_VERSION_3;
546 opt.max_version = SSL_MINOR_VERSION_3;
547 }
548 else
549 goto usage;
550 }
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]551 else if( strcmp( p, "auth_mode" ) == 0 )
552 {
553 if( strcmp( q, "none" ) == 0 )
554 opt.auth_mode = SSL_VERIFY_NONE;
555 else if( strcmp( q, "optional" ) == 0 )
556 opt.auth_mode = SSL_VERIFY_OPTIONAL;
557 else if( strcmp( q, "required" ) == 0 )
558 opt.auth_mode = SSL_VERIFY_REQUIRED;
559 else
560 goto usage;
561 }
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +0200[diff] [blame]562 else if( strcmp( p, "max_frag_len" ) == 0 )
563 {
564 if( strcmp( q, "512" ) == 0 )
565 opt.mfl_code = SSL_MAX_FRAG_LEN_512;
566 else if( strcmp( q, "1024" ) == 0 )
567 opt.mfl_code = SSL_MAX_FRAG_LEN_1024;
568 else if( strcmp( q, "2048" ) == 0 )
569 opt.mfl_code = SSL_MAX_FRAG_LEN_2048;
570 else if( strcmp( q, "4096" ) == 0 )
571 opt.mfl_code = SSL_MAX_FRAG_LEN_4096;
572 else
573 goto usage;
574 }
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200[diff] [blame]575 else if( strcmp( p, "trunc_hmac" ) == 0 )
576 {
577 opt.trunc_hmac = atoi( q );
578 if( opt.trunc_hmac < 0 || opt.trunc_hmac > 1 )
579 goto usage;
580 }
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]581 else
582 goto usage;
583 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]584
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]585 if( opt.force_ciphersuite[0] > 0 )
586 {
587 const ssl_ciphersuite_t *ciphersuite_info;
588 ciphersuite_info = ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
589
Paul Bakker66c48102013-07-26 14:05:32 +0200[diff] [blame]590 if( opt.max_version != -1 &&
591 ciphersuite_info->min_minor_ver > opt.max_version )
592 {
593 printf("forced ciphersuite not allowed with this protocol version\n");
594 ret = 2;
595 goto usage;
596 }
597 if( opt.min_version != -1 &&
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]598 ciphersuite_info->max_minor_ver < opt.min_version )
599 {
600 printf("forced ciphersuite not allowed with this protocol version\n");
601 ret = 2;
602 goto usage;
603 }
Paul Bakker66c48102013-07-26 14:05:32 +0200[diff] [blame]604 if( opt.max_version > ciphersuite_info->max_minor_ver )
605 opt.max_version = ciphersuite_info->max_minor_ver;
606 if( opt.min_version < ciphersuite_info->min_minor_ver )
607 opt.min_version = ciphersuite_info->min_minor_ver;
Paul Bakkerc1516be2013-06-29 16:01:32 +0200[diff] [blame]608 }
609
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200[diff] [blame]610#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]611 /*
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]612 * Unhexify the pre-shared key if any is given
613 */
614 if( strlen( opt.psk ) )
615 {
616 unsigned char c;
617 size_t j;
618
619 if( strlen( opt.psk ) % 2 != 0 )
620 {
621 printf("pre-shared key not valid hex\n");
622 goto exit;
623 }
624
625 psk_len = strlen( opt.psk ) / 2;
626
627 for( j = 0; j < strlen( opt.psk ); j += 2 )
628 {
629 c = opt.psk[j];
630 if( c >= '0' && c <= '9' )
631 c -= '0';
632 else if( c >= 'a' && c <= 'f' )
633 c -= 'a' - 10;
634 else if( c >= 'A' && c <= 'F' )
635 c -= 'A' - 10;
636 else
637 {
638 printf("pre-shared key not valid hex\n");
639 goto exit;
640 }
641 psk[ j / 2 ] = c << 4;
642
643 c = opt.psk[j + 1];
644 if( c >= '0' && c <= '9' )
645 c -= '0';
646 else if( c >= 'a' && c <= 'f' )
647 c -= 'a' - 10;
648 else if( c >= 'A' && c <= 'F' )
649 c -= 'A' - 10;
650 else
651 {
652 printf("pre-shared key not valid hex\n");
653 goto exit;
654 }
655 psk[ j / 2 ] |= c;
656 }
657 }
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200[diff] [blame]658#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]659
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]660#if defined(POLARSSL_SSL_ALPN)
661 if( opt.alpn_string != NULL )
662 {
663 p = (char *) opt.alpn_string;
664 i = 0;
665
666 /* Leave room for a final NULL in alpn_list */
667 while( i < (int) sizeof alpn_list - 1 && *p != '\0' )
668 {
669 alpn_list[i++] = p;
670
671 /* Terminate the current string and move on to next one */
672 while( *p != ',' && *p != '\0' )
673 p++;
674 if( *p == ',' )
675 *p++ = '\0';
676 }
677 }
678#endif /* POLARSSL_SSL_ALPN */
679
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]680 /*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]681 * 0. Initialize the RNG and the session data
682 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]683 printf( "\n . Seeding the random number generator..." );
684 fflush( stdout );
685
686 entropy_init( &entropy );
687 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200[diff] [blame]688 (const unsigned char *) pers,
689 strlen( pers ) ) ) != 0 )
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]690 {
Paul Bakker0b22e3e2012-04-18 14:23:29 +0000[diff] [blame]691 printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]692 goto exit;
693 }
694
695 printf( " ok\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]696
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]697#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]698 /*
699 * 1.1. Load the trusted CA
700 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]701 printf( " . Loading the CA root certificate ..." );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]702 fflush( stdout );
703
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]704#if defined(POLARSSL_FS_IO)
Paul Bakker8d914582012-06-04 12:46:42 +0000[diff] [blame]705 if( strlen( opt.ca_path ) )
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100[diff] [blame]706 if( strcmp( opt.ca_path, "none" ) == 0 )
707 ret = 0;
708 else
709 ret = x509_crt_parse_path( &cacert, opt.ca_path );
Paul Bakker8d914582012-06-04 12:46:42 +0000[diff] [blame]710 else if( strlen( opt.ca_file ) )
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100[diff] [blame]711 if( strcmp( opt.ca_file, "none" ) == 0 )
712 ret = 0;
713 else
714 ret = x509_crt_parse_file( &cacert, opt.ca_file );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]715 else
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]716#endif
717#if defined(POLARSSL_CERTS_C)
Manuel Pégourié-Gonnard641de712013-09-25 13:23:33 +0200[diff] [blame]718 ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
719 strlen( test_ca_list ) );
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]720#else
721 {
722 ret = 1;
723 printf("POLARSSL_CERTS_C not defined.");
724 }
725#endif
Paul Bakker42488232012-05-16 08:21:05 +0000[diff] [blame]726 if( ret < 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]727 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]728 printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]729 goto exit;
730 }
731
Paul Bakker42488232012-05-16 08:21:05 +0000[diff] [blame]732 printf( " ok (%d skipped)\n", ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]733
734 /*
735 * 1.2. Load own certificate and private key
736 *
737 * (can be skipped if client authentication is not required)
738 */
739 printf( " . Loading the client cert. and key..." );
740 fflush( stdout );
741
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]742#if defined(POLARSSL_FS_IO)
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]743 if( strlen( opt.crt_file ) )
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100[diff] [blame]744 if( strcmp( opt.crt_file, "none" ) == 0 )
745 ret = 0;
746 else
747 ret = x509_crt_parse_file( &clicert, opt.crt_file );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]748 else
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]749#endif
750#if defined(POLARSSL_CERTS_C)
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]751 ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]752 strlen( test_cli_crt ) );
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]753#else
754 {
755 ret = 1;
756 printf("POLARSSL_CERTS_C not defined.");
757 }
758#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]759 if( ret != 0 )
760 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]761 printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]762 goto exit;
763 }
764
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]765#if defined(POLARSSL_FS_IO)
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]766 if( strlen( opt.key_file ) )
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100[diff] [blame]767 if( strcmp( opt.key_file, "none" ) == 0 )
768 ret = 0;
769 else
770 ret = pk_parse_keyfile( &pkey, opt.key_file, "" );
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]771 else
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]772#endif
773#if defined(POLARSSL_CERTS_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]774 ret = pk_parse_key( &pkey, (const unsigned char *) test_cli_key,
Paul Bakker67968392010-07-18 08:28:20 +0000[diff] [blame]775 strlen( test_cli_key ), NULL, 0 );
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]776#else
777 {
778 ret = 1;
779 printf("POLARSSL_CERTS_C not defined.");
780 }
781#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]782 if( ret != 0 )
783 {
Paul Bakker1a7550a2013-09-15 13:01:22 +0200[diff] [blame]784 printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]785 goto exit;
786 }
787
788 printf( " ok\n" );
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]789#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]790
791 /*
792 * 2. Start the connection
793 */
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100[diff] [blame]794 if( opt.server_addr == NULL)
795 opt.server_addr = opt.server_name;
796
797 printf( " . Connecting to tcp/%s/%-4d...", opt.server_addr,
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]798 opt.server_port );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]799 fflush( stdout );
800
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100[diff] [blame]801 if( ( ret = net_connect( &server_fd, opt.server_addr,
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]802 opt.server_port ) ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]803 {
Paul Bakker0b22e3e2012-04-18 14:23:29 +0000[diff] [blame]804 printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]805 goto exit;
806 }
807
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100[diff] [blame]808 if( opt.nbio > 0 )
809 ret = net_set_nonblock( server_fd );
810 else
811 ret = net_set_block( server_fd );
812 if( ret != 0 )
813 {
814 printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
815 goto exit;
816 }
817
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]818 printf( " ok\n" );
819
820 /*
821 * 3. Setup stuff
822 */
823 printf( " . Setting up the SSL/TLS structure..." );
824 fflush( stdout );
825
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]826 if( ( ret = ssl_init( &ssl ) ) != 0 )
827 {
Paul Bakker0b22e3e2012-04-18 14:23:29 +0000[diff] [blame]828 printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]829 goto exit;
830 }
831
832 printf( " ok\n" );
833
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]834#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker915275b2012-09-28 07:10:55 +0000[diff] [blame]835 if( opt.debug_level > 0 )
836 ssl_set_verify( &ssl, my_verify, NULL );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]837#endif
Paul Bakker915275b2012-09-28 07:10:55 +0000[diff] [blame]838
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]839 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
Paul Bakker91ebfb52012-11-23 14:04:08 +0100[diff] [blame]840 ssl_set_authmode( &ssl, opt.auth_mode );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]841
Paul Bakker05decb22013-08-15 13:33:48 +0200[diff] [blame]842#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +0200[diff] [blame]843 ssl_set_max_frag_len( &ssl, opt.mfl_code );
Paul Bakker05decb22013-08-15 13:33:48 +0200[diff] [blame]844#endif
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +0200[diff] [blame]845
Paul Bakker1f2bc622013-08-15 13:45:55 +0200[diff] [blame]846#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200[diff] [blame]847 if( opt.trunc_hmac != 0 )
Paul Bakker8c1ede62013-07-19 14:14:37 +0200[diff] [blame]848 ssl_set_truncated_hmac( &ssl, SSL_TRUNC_HMAC_ENABLED );
Paul Bakker1f2bc622013-08-15 13:45:55 +0200[diff] [blame]849#endif
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200[diff] [blame]850
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]851#if defined(POLARSSL_SSL_ALPN)
852 if( opt.alpn_string != NULL )
853 ssl_set_alpn_protocols( &ssl, alpn_list );
854#endif
855
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]856 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]857 ssl_set_dbg( &ssl, my_debug, stdout );
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100[diff] [blame]858
859 if( opt.nbio == 2 )
860 ssl_set_bio( &ssl, my_recv, &server_fd, my_send, &server_fd );
861 else
862 ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]863
Paul Bakkera503a632013-08-14 13:48:06 +0200[diff] [blame]864#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]865 ssl_set_session_tickets( &ssl, opt.tickets );
Paul Bakkera503a632013-08-14 13:48:06 +0200[diff] [blame]866#endif
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200[diff] [blame]867
Paul Bakker645ce3a2012-10-31 12:32:41 +0000[diff] [blame]868 if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
Paul Bakker51936882011-02-20 16:05:58 +0000[diff] [blame]869 ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
870
Paul Bakker48916f92012-09-16 19:57:18 +0000[diff] [blame]871 ssl_set_renegotiation( &ssl, opt.renegotiation );
872 ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
873
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]874#if defined(POLARSSL_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100[diff] [blame]875 if( strcmp( opt.ca_path, "none" ) != 0 &&
876 strcmp( opt.ca_file, "none" ) != 0 )
877 {
878 ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
879 }
880 if( strcmp( opt.crt_file, "none" ) != 0 &&
881 strcmp( opt.key_file, "none" ) != 0 )
882 {
883 ssl_set_own_cert( &ssl, &clicert, &pkey );
884 }
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]885#endif
886
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200[diff] [blame]887#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Paul Bakker3c5ef712013-06-25 16:37:45 +0200[diff] [blame]888 ssl_set_psk( &ssl, psk, psk_len, (const unsigned char *) opt.psk_identity,
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]889 strlen( opt.psk_identity ) );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]890#endif
891
Paul Bakker0be444a2013-08-27 21:55:01 +0200[diff] [blame]892#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]893 ssl_set_hostname( &ssl, opt.server_name );
Paul Bakker0be444a2013-08-27 21:55:01 +0200[diff] [blame]894#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]895
Paul Bakker1d29fb52012-09-28 13:28:45 +0000[diff] [blame]896 if( opt.min_version != -1 )
897 ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
898 if( opt.max_version != -1 )
899 ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
900
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]901 /*
902 * 4. Handshake
903 */
904 printf( " . Performing the SSL/TLS handshake..." );
905 fflush( stdout );
906
907 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
908 {
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]909 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]910 {
Manuel Pégourié-Gonnardfcf2fc22014-03-11 11:10:27 +0100[diff] [blame]911 printf( " failed\n ! ssl_handshake returned -0x%x\n", -ret );
912 if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED )
913 printf(
914 " Unable to verify the server's certificate. "
915 "Either it is invalid,\n"
916 " or you didn't set ca_file or ca_path "
917 "to an appropriate value.\n"
918 " Alternatively, you may want to use "
919 "auth_mode=optional for testing purposes.\n" );
920 printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]921 goto exit;
922 }
923 }
924
Manuel Pégourié-Gonnardc580a002014-02-12 10:15:30 +0100[diff] [blame]925 printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
926 ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]927
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200[diff] [blame^]928#if defined(POLARSSL_SSL_ALPN)
929 if( opt.alpn_string != NULL )
930 {
931 const char *alp = ssl_get_alpn_protocol( &ssl );
932 printf( " [ Application Layer Protocol is %s ]\n",
933 alp ? alp : "(none)" );
934 }
935#endif
936
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]937 if( opt.reconnect != 0 )
938 {
939 printf(" . Saving session for reuse..." );
940 fflush( stdout );
941
942 if( ( ret = ssl_get_session( &ssl, &saved_session ) ) != 0 )
943 {
944 printf( " failed\n ! ssl_get_session returned -0x%x\n\n", -ret );
945 goto exit;
946 }
947
948 printf( " ok\n" );
949 }
950
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]951#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]952 /*
953 * 5. Verify the server certificate
954 */
955 printf( " . Verifying peer X.509 certificate..." );
956
957 if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
958 {
959 printf( " failed\n" );
960
961 if( ( ret & BADCERT_EXPIRED ) != 0 )
962 printf( " ! server certificate has expired\n" );
963
964 if( ( ret & BADCERT_REVOKED ) != 0 )
965 printf( " ! server certificate has been revoked\n" );
966
967 if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
Paul Bakker9caf2d22010-02-18 19:37:19 +0000[diff] [blame]968 printf( " ! CN mismatch (expected CN=%s)\n", opt.server_name );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]969
970 if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
971 printf( " ! self-signed or not signed by a trusted CA\n" );
972
973 printf( "\n" );
974 }
975 else
976 printf( " ok\n" );
977
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]978 if( ssl_get_peer_cert( &ssl ) != NULL )
979 {
980 printf( " . Peer certificate information ...\n" );
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]981 x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
982 ssl_get_peer_cert( &ssl ) );
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200[diff] [blame]983 printf( "%s\n", buf );
984 }
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]985#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]986
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]987 if( opt.renegotiate )
Manuel Pégourié-Gonnard53b3e062013-10-29 18:16:38 +0100[diff] [blame]988 {
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]989 /*
990 * Perform renegotiation (this must be done when the server is waiting
991 * for input from our side).
992 */
993 printf( " . Performing renegotiation..." );
994 fflush( stdout );
995 while( ( ret = ssl_renegotiate( &ssl ) ) != 0 )
Manuel Pégourié-Gonnard53b3e062013-10-29 18:16:38 +0100[diff] [blame]996 {
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]997 if( ret != POLARSSL_ERR_NET_WANT_READ &&
998 ret != POLARSSL_ERR_NET_WANT_WRITE )
999 {
1000 printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
1001 goto exit;
1002 }
Manuel Pégourié-Gonnard53b3e062013-10-29 18:16:38 +0100[diff] [blame]1003 }
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1004 printf( " ok\n" );
Manuel Pégourié-Gonnard53b3e062013-10-29 18:16:38 +0100[diff] [blame]1005 }
Manuel Pégourié-Gonnard53b3e062013-10-29 18:16:38 +0100[diff] [blame]1006
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1007 /*
1008 * 6. Write the GET request
1009 */
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]1010send_request:
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1011 printf( " > Write to server:" );
1012 fflush( stdout );
1013
Manuel Pégourié-Gonnard84fd6872014-03-13 18:35:10 +0100[diff] [blame]1014 if( strcmp( opt.request_page, "SERVERQUIT" ) == 0 )
1015 len = sprintf( (char *) buf, "%s", opt.request_page );
1016 else
1017 len = sprintf( (char *) buf, GET_REQUEST, opt.request_page );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1018
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]1019 for( written = 0, frags = 0; written < len; written += ret, frags++ )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1020 {
Manuel Pégourié-Gonnard787b6582013-07-16 15:43:17 +0200[diff] [blame]1021 while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1022 {
Manuel Pégourié-Gonnard787b6582013-07-16 15:43:17 +0200[diff] [blame]1023 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
1024 {
1025 printf( " failed\n ! ssl_write returned -0x%x\n\n", -ret );
1026 goto exit;
1027 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1028 }
1029 }
1030
Manuel Pégourié-Gonnard787b6582013-07-16 15:43:17 +0200[diff] [blame]1031 buf[written] = '\0';
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200[diff] [blame]1032 printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1033
1034 /*
1035 * 7. Read the HTTP response
1036 */
1037 printf( " < Read from server:" );
1038 fflush( stdout );
1039
1040 do
1041 {
1042 len = sizeof( buf ) - 1;
1043 memset( buf, 0, sizeof( buf ) );
1044 ret = ssl_read( &ssl, buf, len );
1045
Paul Bakker831a7552011-05-18 13:32:51 +0000[diff] [blame]1046 if( ret == POLARSSL_ERR_NET_WANT_READ || ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1047 continue;
1048
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]1049 if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1050 break;
1051
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]1052 if( ret < 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1053 {
Paul Bakker0b22e3e2012-04-18 14:23:29 +0000[diff] [blame]1054 printf( "failed\n ! ssl_read returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1055 break;
1056 }
1057
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]1058 if( ret == 0 )
1059 {
1060 printf("\n\nEOF\n\n");
Manuel Pégourié-Gonnard6b0d2682014-03-25 11:24:43 +0100[diff] [blame]1061 ssl_close_notify( &ssl );
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]1062 break;
1063 }
1064
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1065 len = ret;
1066 printf( " %d bytes read\n\n%s", len, (char *) buf );
1067 }
Paul Bakkerf3571312011-05-20 12:32:35 +0000[diff] [blame]1068 while( 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1069
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]1070 if( opt.reconnect != 0 )
1071 {
Manuel Pégourié-Gonnardcf2e97e2013-08-02 15:04:36 +0200[diff] [blame]1072 --opt.reconnect;
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]1073
Manuel Pégourié-Gonnard6b0d2682014-03-25 11:24:43 +0100[diff] [blame]1074 net_close( server_fd );
1075
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]1076#if defined(POLARSSL_TIMING_C)
1077 if( opt.reco_delay > 0 )
1078 m_sleep( 1000 * opt.reco_delay );
1079#endif
Manuel Pégourié-Gonnard38d1eba2013-08-23 10:44:29 +0200[diff] [blame]1080
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200[diff] [blame]1081 printf( " . Reconnecting with saved session..." );
1082 fflush( stdout );
1083
1084 if( ( ret = ssl_session_reset( &ssl ) ) != 0 )
1085 {
1086 printf( " failed\n ! ssl_session_reset returned -0x%x\n\n", -ret );
1087 goto exit;
1088 }
1089
1090 ssl_set_session( &ssl, &saved_session );
1091
1092 if( ( ret = net_connect( &server_fd, opt.server_name,
1093 opt.server_port ) ) != 0 )
1094 {
1095 printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
1096 goto exit;
1097 }
1098
1099 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
1100 {
1101 if( ret != POLARSSL_ERR_NET_WANT_READ &&
1102 ret != POLARSSL_ERR_NET_WANT_WRITE )
1103 {
1104 printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
1105 goto exit;
1106 }
1107 }
1108
1109 printf( " ok\n" );
1110
1111 goto send_request;
1112 }
1113
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1114exit:
Manuel Pégourié-Gonnard6b0d2682014-03-25 11:24:43 +0100[diff] [blame]1115 if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
1116 ret = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1117
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]1118#ifdef POLARSSL_ERROR_C
1119 if( ret != 0 )
1120 {
1121 char error_buf[100];
Paul Bakker03a8a792013-06-30 12:18:08 +0200[diff] [blame]1122 polarssl_strerror( ret, error_buf, 100 );
Paul Bakker570267f2012-04-10 08:22:46 +0000[diff] [blame]1123 printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
Paul Bakkera3d195c2011-11-27 21:07:34 +0000[diff] [blame]1124 }
1125#endif
1126
Paul Bakker1a207ec2011-02-06 13:22:40 +0000[diff] [blame]1127 if( server_fd )
1128 net_close( server_fd );
Paul Bakker36713e82013-09-17 13:25:29 +0200[diff] [blame]1129#if defined(POLARSSL_X509_CRT_PARSE_C)
1130 x509_crt_free( &clicert );
1131 x509_crt_free( &cacert );
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200[diff] [blame]1132 pk_free( &pkey );
Paul Bakkered27a042013-04-18 22:46:23 +0200[diff] [blame]1133#endif
Manuel Pégourié-Gonnard06650f62013-08-02 15:34:52 +0200[diff] [blame]1134 ssl_session_free( &saved_session );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1135 ssl_free( &ssl );
Paul Bakker1ffefac2013-09-28 15:23:03 +0200[diff] [blame]1136 entropy_free( &entropy );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1137
1138 memset( &ssl, 0, sizeof( ssl ) );
1139
Paul Bakkercce9d772011-11-18 14:26:47 +0000[diff] [blame]1140#if defined(_WIN32)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1141 printf( " + Press Enter to exit this program.\n" );
1142 fflush( stdout ); getchar();
1143#endif
1144
Paul Bakkerdbd79ca2013-07-24 16:28:35 +0200[diff] [blame]1145 // Shell can not handle large exit numbers -> 1 for errors
1146 if( ret < 0 )
1147 ret = 1;
1148
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1149 return( ret );
1150}
Paul Bakker508ad5a2011-12-04 17:09:26 +0000[diff] [blame]1151#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
1152 POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
1153 POLARSSL_CTR_DRBG_C */