blob: 76cc8a4cb828f4b5b3c640a7f978fa108ea7442c [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +00001/*
2 * SSL client with certificate authentication
3 *
Paul Bakker3c5ef712013-06-25 16:37:45 +02004 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +00005 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +00008 *
Paul Bakker77b385e2009-07-28 17:23:11 +00009 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +000010 *
Paul Bakker5121ce52009-01-03 21:22:43 +000011 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020026#if !defined(POLARSSL_CONFIG_FILE)
Manuel Pégourié-Gonnardabd6e022013-09-20 13:30:43 +020027#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020028#else
29#include POLARSSL_CONFIG_FILE
30#endif
Paul Bakker5121ce52009-01-03 21:22:43 +000031
Manuel Pégourié-Gonnard8a4d5712014-06-24 14:19:59 +020032#if !defined(POLARSSL_ENTROPY_C) || \
33 !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_CLI_C) || \
34 !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
35#include <stdio.h>
36int main( int argc, char *argv[] )
37{
38 ((void) argc);
39 ((void) argv);
40
41 printf("POLARSSL_ENTROPY_C and/or "
42 "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
43 "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
44 return( 0 );
45}
46#else
47
Paul Bakker5121ce52009-01-03 21:22:43 +000048#include <string.h>
Paul Bakker9caf2d22010-02-18 19:37:19 +000049#include <stdlib.h>
Paul Bakker5121ce52009-01-03 21:22:43 +000050#include <stdio.h>
51
Paul Bakker40e46942009-01-03 21:51:57 +000052#include "polarssl/net.h"
53#include "polarssl/ssl.h"
Paul Bakker508ad5a2011-12-04 17:09:26 +000054#include "polarssl/entropy.h"
55#include "polarssl/ctr_drbg.h"
Paul Bakker40e46942009-01-03 21:51:57 +000056#include "polarssl/certs.h"
57#include "polarssl/x509.h"
Paul Bakkera3d195c2011-11-27 21:07:34 +000058#include "polarssl/error.h"
Paul Bakkerc73079a2014-04-25 16:34:30 +020059#include "polarssl/debug.h"
Paul Bakker5121ce52009-01-03 21:22:43 +000060
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +010061#if defined(POLARSSL_TIMING_C)
62#include "polarssl/timing.h"
63#endif
64
Paul Bakker93c32b22014-04-25 13:40:05 +020065#if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
66#if !defined snprintf
67#define snprintf _snprintf
68#endif
69#endif
70
Paul Bakker9caf2d22010-02-18 19:37:19 +000071#define DFL_SERVER_NAME "localhost"
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +010072#define DFL_SERVER_ADDR NULL
Paul Bakker9caf2d22010-02-18 19:37:19 +000073#define DFL_SERVER_PORT 4433
74#define DFL_REQUEST_PAGE "/"
Manuel Pégourié-Gonnarddea29c52014-06-18 13:07:56 +020075#define DFL_REQUEST_SIZE -1
Paul Bakker9caf2d22010-02-18 19:37:19 +000076#define DFL_DEBUG_LEVEL 0
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +010077#define DFL_NBIO 0
Paul Bakker5690efc2011-05-26 13:16:06 +000078#define DFL_CA_FILE ""
Paul Bakker8d914582012-06-04 12:46:42 +000079#define DFL_CA_PATH ""
Paul Bakker67968392010-07-18 08:28:20 +000080#define DFL_CRT_FILE ""
81#define DFL_KEY_FILE ""
Paul Bakkerd4a56ec2013-04-16 18:05:29 +020082#define DFL_PSK ""
83#define DFL_PSK_IDENTITY "Client_identity"
Paul Bakker51936882011-02-20 16:05:58 +000084#define DFL_FORCE_CIPHER 0
Manuel Pégourié-Gonnard00d538f2014-03-31 10:44:40 +020085#define DFL_RENEGOTIATION SSL_RENEGOTIATION_DISABLED
Paul Bakkerd0f6fa72012-09-17 09:18:12 +000086#define DFL_ALLOW_LEGACY SSL_LEGACY_NO_RENEGOTIATION
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +010087#define DFL_RENEGOTIATE 0
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +020088#define DFL_EXCHANGES 1
Paul Bakker1d29fb52012-09-28 13:28:45 +000089#define DFL_MIN_VERSION -1
90#define DFL_MAX_VERSION -1
Manuel Pégourié-Gonnardfcf2fc22014-03-11 11:10:27 +010091#define DFL_AUTH_MODE SSL_VERIFY_REQUIRED
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +020092#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
Manuel Pégourié-Gonnard265fe992015-01-09 12:43:35 +010093#define DFL_TRUNC_HMAC -1
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +020094#define DFL_RECONNECT 0
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +010095#define DFL_RECO_DELAY 0
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +020096#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +020097#define DFL_ALPN_STRING NULL
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +020098#define DFL_FALLBACK -1
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +020099#define DFL_EXTENDED_MS -1
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100100#define DFL_ETM -1
Paul Bakker0e6975b2009-02-10 22:19:10 +0000101
Paul Bakker93c32b22014-04-25 13:40:05 +0200102#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
103#define GET_REQUEST_END "\r\n\r\n"
Paul Bakker5121ce52009-01-03 21:22:43 +0000104
Paul Bakker9caf2d22010-02-18 19:37:19 +0000105/*
106 * global options
107 */
108struct options
109{
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200110 const char *server_name; /* hostname of the server (client only) */
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100111 const char *server_addr; /* address of the server (client only) */
Paul Bakker67968392010-07-18 08:28:20 +0000112 int server_port; /* port on which the ssl service runs */
113 int debug_level; /* level of debugging */
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100114 int nbio; /* should I/O be blocking? */
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200115 const char *request_page; /* page on server to request */
Paul Bakker93c32b22014-04-25 13:40:05 +0200116 int request_size; /* pad request with header to requested size */
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200117 const char *ca_file; /* the file with the CA certificate(s) */
118 const char *ca_path; /* the path with the CA certificate(s) reside */
119 const char *crt_file; /* the file with the client certificate */
120 const char *key_file; /* the file with the client key */
121 const char *psk; /* the pre-shared key */
122 const char *psk_identity; /* the pre-shared key identity */
Paul Bakker51936882011-02-20 16:05:58 +0000123 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
Paul Bakker48916f92012-09-16 19:57:18 +0000124 int renegotiation; /* enable / disable renegotiation */
125 int allow_legacy; /* allow legacy renegotiation */
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100126 int renegotiate; /* attempt renegotiation? */
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200127 int renego_delay; /* delay before enforcing renegotiation */
128 int exchanges; /* number of data exchanges */
Paul Bakker1d29fb52012-09-28 13:28:45 +0000129 int min_version; /* minimum protocol version accepted */
130 int max_version; /* maximum protocol version accepted */
Paul Bakker91ebfb52012-11-23 14:04:08 +0100131 int auth_mode; /* verify mode for connection */
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +0200132 unsigned char mfl_code; /* code for maximum fragment length */
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200133 int trunc_hmac; /* negotiate truncated hmac or not */
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200134 int reconnect; /* attempt to resume session */
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100135 int reco_delay; /* delay in seconds before resuming session */
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200136 int tickets; /* enable / disable session tickets */
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200137 const char *alpn_string; /* ALPN supported protocols */
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200138 int fallback; /* is this a fallback connection? */
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200139 char extended_ms; /* negotiate extended master secret? */
Manuel Pégourié-Gonnardbe6ce832014-11-17 14:29:36 +0100140 char etm; /* negotiate encrypt then mac? ? */
Paul Bakker9caf2d22010-02-18 19:37:19 +0000141} opt;
Paul Bakker5121ce52009-01-03 21:22:43 +0000142
Paul Bakker3c5ef712013-06-25 16:37:45 +0200143static void my_debug( void *ctx, int level, const char *str )
Paul Bakker5121ce52009-01-03 21:22:43 +0000144{
Paul Bakkerc73079a2014-04-25 16:34:30 +0200145 ((void) level);
146
147 fprintf( (FILE *) ctx, "%s", str );
148 fflush( (FILE *) ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000149}
150
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100151/*
152 * Test recv/send functions that make sure each try returns
153 * WANT_READ/WANT_WRITE at least once before sucesseding
154 */
155static int my_recv( void *ctx, unsigned char *buf, size_t len )
156{
157 static int first_try = 1;
158 int ret;
159
160 if( first_try )
161 {
162 first_try = 0;
163 return( POLARSSL_ERR_NET_WANT_READ );
164 }
165
166 ret = net_recv( ctx, buf, len );
167 if( ret != POLARSSL_ERR_NET_WANT_READ )
168 first_try = 1; /* Next call will be a new operation */
169 return( ret );
170}
171
172static int my_send( void *ctx, const unsigned char *buf, size_t len )
173{
174 static int first_try = 1;
175 int ret;
176
177 if( first_try )
178 {
179 first_try = 0;
180 return( POLARSSL_ERR_NET_WANT_WRITE );
181 }
182
183 ret = net_send( ctx, buf, len );
184 if( ret != POLARSSL_ERR_NET_WANT_WRITE )
185 first_try = 1; /* Next call will be a new operation */
186 return( ret );
187}
188
Paul Bakker36713e82013-09-17 13:25:29 +0200189#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker915275b2012-09-28 07:10:55 +0000190/*
191 * Enabled if debug_level > 1 in code below
192 */
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200193static int my_verify( void *data, x509_crt *crt, int depth, int *flags )
Paul Bakker915275b2012-09-28 07:10:55 +0000194{
195 char buf[1024];
196 ((void) data);
197
198 printf( "\nVerify requested for (Depth %d):\n", depth );
Paul Bakkerddf26b42013-09-18 13:46:23 +0200199 x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
Paul Bakker915275b2012-09-28 07:10:55 +0000200 printf( "%s", buf );
201
202 if( ( (*flags) & BADCERT_EXPIRED ) != 0 )
203 printf( " ! server certificate has expired\n" );
204
205 if( ( (*flags) & BADCERT_REVOKED ) != 0 )
206 printf( " ! server certificate has been revoked\n" );
207
208 if( ( (*flags) & BADCERT_CN_MISMATCH ) != 0 )
209 printf( " ! CN mismatch\n" );
210
211 if( ( (*flags) & BADCERT_NOT_TRUSTED ) != 0 )
212 printf( " ! self-signed or not signed by a trusted CA\n" );
213
214 if( ( (*flags) & BADCRL_NOT_TRUSTED ) != 0 )
215 printf( " ! CRL not trusted\n" );
216
217 if( ( (*flags) & BADCRL_EXPIRED ) != 0 )
218 printf( " ! CRL expired\n" );
219
220 if( ( (*flags) & BADCERT_OTHER ) != 0 )
221 printf( " ! other (unknown) flag\n" );
222
223 if ( ( *flags ) == 0 )
224 printf( " This certificate has no flags\n" );
225
226 return( 0 );
227}
Paul Bakker36713e82013-09-17 13:25:29 +0200228#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker915275b2012-09-28 07:10:55 +0000229
Paul Bakker36713e82013-09-17 13:25:29 +0200230#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker5690efc2011-05-26 13:16:06 +0000231#if defined(POLARSSL_FS_IO)
232#define USAGE_IO \
Paul Bakker1f9d02d2012-11-20 10:30:55 +0100233 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
234 " default: \"\" (pre-loaded)\n" \
235 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
236 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
237 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
238 " default: \"\" (pre-loaded)\n" \
Paul Bakker5690efc2011-05-26 13:16:06 +0000239 " key_file=%%s default: \"\" (pre-loaded)\n"
240#else
241#define USAGE_IO \
242 " No file operations available (POLARSSL_FS_IO not defined)\n"
243#endif /* POLARSSL_FS_IO */
Paul Bakkered27a042013-04-18 22:46:23 +0200244#else
245#define USAGE_IO ""
Paul Bakker36713e82013-09-17 13:25:29 +0200246#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakkered27a042013-04-18 22:46:23 +0200247
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200248#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Paul Bakkered27a042013-04-18 22:46:23 +0200249#define USAGE_PSK \
250 " psk=%%s default: \"\" (in hex, without 0x)\n" \
251 " psk_identity=%%s default: \"Client_identity\"\n"
252#else
253#define USAGE_PSK ""
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200254#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
Paul Bakker5690efc2011-05-26 13:16:06 +0000255
Paul Bakkera503a632013-08-14 13:48:06 +0200256#if defined(POLARSSL_SSL_SESSION_TICKETS)
257#define USAGE_TICKETS \
258 " tickets=%%d default: 1 (enabled)\n"
259#else
260#define USAGE_TICKETS ""
261#endif /* POLARSSL_SSL_SESSION_TICKETS */
262
Paul Bakker1f2bc622013-08-15 13:45:55 +0200263#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
264#define USAGE_TRUNC_HMAC \
Manuel Pégourié-Gonnard265fe992015-01-09 12:43:35 +0100265 " trunc_hmac=%%d default: library default\n"
Paul Bakker1f2bc622013-08-15 13:45:55 +0200266#else
267#define USAGE_TRUNC_HMAC ""
268#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
269
Paul Bakker05decb22013-08-15 13:33:48 +0200270#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
271#define USAGE_MAX_FRAG_LEN \
272 " max_frag_len=%%d default: 16384 (tls default)\n" \
273 " options: 512, 1024, 2048, 4096\n"
274#else
275#define USAGE_MAX_FRAG_LEN ""
276#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
277
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100278#if defined(POLARSSL_TIMING_C)
279#define USAGE_TIME \
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200280 " reco_delay=%%d default: 0 seconds\n"
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100281#else
282#define USAGE_TIME ""
283#endif /* POLARSSL_TIMING_C */
284
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200285#if defined(POLARSSL_SSL_ALPN)
286#define USAGE_ALPN \
287 " alpn=%%s default: \"\" (disabled)\n" \
288 " example: spdy/1,http/1.1\n"
289#else
290#define USAGE_ALPN ""
291#endif /* POLARSSL_SSL_ALPN */
292
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200293#if defined(POLARSSL_SSL_FALLBACK_SCSV)
294#define USAGE_FALLBACK \
295 " fallback=0/1 default: (library default: off)\n"
296#else
297#define USAGE_FALLBACK ""
298#endif
299
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200300#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
301#define USAGE_EMS \
302 " extended_ms=0/1 default: (library default: on)\n"
303#else
304#define USAGE_EMS ""
305#endif
306
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100307#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
308#define USAGE_ETM \
309 " etm=0/1 default: (library default: on)\n"
310#else
311#define USAGE_ETM ""
312#endif
313
Paul Bakker9caf2d22010-02-18 19:37:19 +0000314#define USAGE \
Paul Bakker67968392010-07-18 08:28:20 +0000315 "\n usage: ssl_client2 param=<>...\n" \
316 "\n acceptable parameters:\n" \
317 " server_name=%%s default: localhost\n" \
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100318 " server_addr=%%s default: given by name\n" \
Paul Bakker67968392010-07-18 08:28:20 +0000319 " server_port=%%d default: 4433\n" \
Paul Bakker67968392010-07-18 08:28:20 +0000320 " request_page=%%s default: \".\"\n" \
Manuel Pégourié-Gonnarddea29c52014-06-18 13:07:56 +0200321 " request_size=%%d default: about 34 (basic request)\n" \
322 " (minimum: 0, max: 16384)\n" \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100323 " debug_level=%%d default: 0 (disabled)\n" \
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100324 " nbio=%%d default: 0 (blocking I/O)\n" \
325 " options: 1 (non-blocking), 2 (added delays)\n" \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100326 "\n" \
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100327 " auth_mode=%%s default: \"optional\"\n" \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100328 " options: none, optional, required\n" \
329 USAGE_IO \
330 "\n" \
331 USAGE_PSK \
332 "\n" \
Paul Bakker48916f92012-09-16 19:57:18 +0000333 " renegotiation=%%d default: 1 (enabled)\n" \
334 " allow_legacy=%%d default: 0 (disabled)\n" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100335 " renegotiate=%%d default: 0 (disabled)\n" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200336 " exchanges=%%d default: 1\n" \
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200337 " reconnect=%%d default: 0 (disabled)\n" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100338 USAGE_TIME \
Paul Bakkera503a632013-08-14 13:48:06 +0200339 USAGE_TICKETS \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100340 USAGE_MAX_FRAG_LEN \
341 USAGE_TRUNC_HMAC \
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200342 USAGE_ALPN \
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200343 USAGE_FALLBACK \
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200344 USAGE_EMS \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100345 USAGE_ETM \
Paul Bakker1d29fb52012-09-28 13:28:45 +0000346 "\n" \
347 " min_version=%%s default: \"\" (ssl3)\n" \
348 " max_version=%%s default: \"\" (tls1_2)\n" \
349 " force_version=%%s default: \"\" (none)\n" \
350 " options: ssl3, tls1, tls1_1, tls1_2\n" \
Manuel Pégourié-Gonnardfcf2fc22014-03-11 11:10:27 +0100351 " auth_mode=%%s default: \"required\"\n" \
Paul Bakker91ebfb52012-11-23 14:04:08 +0100352 " options: none, optional, required\n" \
Paul Bakker1d29fb52012-09-28 13:28:45 +0000353 "\n" \
Paul Bakker51936882011-02-20 16:05:58 +0000354 " force_ciphersuite=<name> default: all enabled\n"\
355 " acceptable ciphersuite names:\n"
Paul Bakker9caf2d22010-02-18 19:37:19 +0000356
357int main( int argc, char *argv[] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000358{
Manuel Pégourié-Gonnarddcab2932014-08-14 17:47:17 +0200359 int ret = 0, len, tail_len, server_fd, i, written, frags;
Paul Bakker93c32b22014-04-25 13:40:05 +0200360 unsigned char buf[SSL_MAX_CONTENT_LEN + 1];
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200361#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Manuel Pégourié-Gonnard481fcfd2014-07-03 16:12:50 +0200362 unsigned char psk[POLARSSL_PSK_MAX_LEN];
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200363 size_t psk_len = 0;
Paul Bakkered27a042013-04-18 22:46:23 +0200364#endif
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200365#if defined(POLARSSL_SSL_ALPN)
366 const char *alpn_list[10];
367#endif
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200368 const char *pers = "ssl_client2";
Paul Bakker508ad5a2011-12-04 17:09:26 +0000369
370 entropy_context entropy;
371 ctr_drbg_context ctr_drbg;
Paul Bakker5121ce52009-01-03 21:22:43 +0000372 ssl_context ssl;
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200373 ssl_session saved_session;
Paul Bakker36713e82013-09-17 13:25:29 +0200374#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200375 x509_crt cacert;
376 x509_crt clicert;
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200377 pk_context pkey;
Paul Bakkered27a042013-04-18 22:46:23 +0200378#endif
Paul Bakker9caf2d22010-02-18 19:37:19 +0000379 char *p, *q;
Paul Bakker51936882011-02-20 16:05:58 +0000380 const int *list;
Paul Bakker9caf2d22010-02-18 19:37:19 +0000381
Paul Bakker1a207ec2011-02-06 13:22:40 +0000382 /*
383 * Make sure memory references are valid.
384 */
385 server_fd = 0;
Paul Bakker1a207ec2011-02-06 13:22:40 +0000386 memset( &ssl, 0, sizeof( ssl_context ) );
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200387 memset( &saved_session, 0, sizeof( ssl_session ) );
Paul Bakker36713e82013-09-17 13:25:29 +0200388#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker369d2eb2013-09-18 11:58:25 +0200389 x509_crt_init( &cacert );
390 x509_crt_init( &clicert );
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200391 pk_init( &pkey );
Paul Bakkered27a042013-04-18 22:46:23 +0200392#endif
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200393#if defined(POLARSSL_SSL_ALPN)
Paul Bakker525f8752014-05-01 10:58:57 +0200394 memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200395#endif
Paul Bakker1a207ec2011-02-06 13:22:40 +0000396
Paul Bakker9caf2d22010-02-18 19:37:19 +0000397 if( argc == 0 )
398 {
399 usage:
Paul Bakkerfab5c822012-02-06 16:45:10 +0000400 if( ret == 0 )
401 ret = 1;
402
Paul Bakker9caf2d22010-02-18 19:37:19 +0000403 printf( USAGE );
Paul Bakker51936882011-02-20 16:05:58 +0000404
405 list = ssl_list_ciphersuites();
406 while( *list )
407 {
Paul Bakkerbcbe2d82013-04-19 09:10:20 +0200408 printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
Paul Bakkered27a042013-04-18 22:46:23 +0200409 list++;
410 if( !*list )
411 break;
412 printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
Paul Bakker51936882011-02-20 16:05:58 +0000413 list++;
414 }
415 printf("\n");
Paul Bakker9caf2d22010-02-18 19:37:19 +0000416 goto exit;
417 }
418
419 opt.server_name = DFL_SERVER_NAME;
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100420 opt.server_addr = DFL_SERVER_ADDR;
Paul Bakker9caf2d22010-02-18 19:37:19 +0000421 opt.server_port = DFL_SERVER_PORT;
422 opt.debug_level = DFL_DEBUG_LEVEL;
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100423 opt.nbio = DFL_NBIO;
Paul Bakker9caf2d22010-02-18 19:37:19 +0000424 opt.request_page = DFL_REQUEST_PAGE;
Paul Bakker93c32b22014-04-25 13:40:05 +0200425 opt.request_size = DFL_REQUEST_SIZE;
Paul Bakker5690efc2011-05-26 13:16:06 +0000426 opt.ca_file = DFL_CA_FILE;
Paul Bakker8d914582012-06-04 12:46:42 +0000427 opt.ca_path = DFL_CA_PATH;
Paul Bakker67968392010-07-18 08:28:20 +0000428 opt.crt_file = DFL_CRT_FILE;
429 opt.key_file = DFL_KEY_FILE;
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200430 opt.psk = DFL_PSK;
431 opt.psk_identity = DFL_PSK_IDENTITY;
Paul Bakker51936882011-02-20 16:05:58 +0000432 opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
Paul Bakker48916f92012-09-16 19:57:18 +0000433 opt.renegotiation = DFL_RENEGOTIATION;
434 opt.allow_legacy = DFL_ALLOW_LEGACY;
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100435 opt.renegotiate = DFL_RENEGOTIATE;
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200436 opt.exchanges = DFL_EXCHANGES;
Paul Bakker1d29fb52012-09-28 13:28:45 +0000437 opt.min_version = DFL_MIN_VERSION;
438 opt.max_version = DFL_MAX_VERSION;
Paul Bakker91ebfb52012-11-23 14:04:08 +0100439 opt.auth_mode = DFL_AUTH_MODE;
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +0200440 opt.mfl_code = DFL_MFL_CODE;
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200441 opt.trunc_hmac = DFL_TRUNC_HMAC;
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200442 opt.reconnect = DFL_RECONNECT;
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100443 opt.reco_delay = DFL_RECO_DELAY;
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200444 opt.tickets = DFL_TICKETS;
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200445 opt.alpn_string = DFL_ALPN_STRING;
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200446 opt.fallback = DFL_FALLBACK;
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200447 opt.extended_ms = DFL_EXTENDED_MS;
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100448 opt.etm = DFL_ETM;
Paul Bakker9caf2d22010-02-18 19:37:19 +0000449
450 for( i = 1; i < argc; i++ )
451 {
Paul Bakker9caf2d22010-02-18 19:37:19 +0000452 p = argv[i];
453 if( ( q = strchr( p, '=' ) ) == NULL )
454 goto usage;
455 *q++ = '\0';
456
457 if( strcmp( p, "server_name" ) == 0 )
458 opt.server_name = q;
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100459 else if( strcmp( p, "server_addr" ) == 0 )
460 opt.server_addr = q;
Paul Bakker9caf2d22010-02-18 19:37:19 +0000461 else if( strcmp( p, "server_port" ) == 0 )
462 {
463 opt.server_port = atoi( q );
464 if( opt.server_port < 1 || opt.server_port > 65535 )
465 goto usage;
466 }
467 else if( strcmp( p, "debug_level" ) == 0 )
468 {
469 opt.debug_level = atoi( q );
470 if( opt.debug_level < 0 || opt.debug_level > 65535 )
471 goto usage;
472 }
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100473 else if( strcmp( p, "nbio" ) == 0 )
474 {
475 opt.nbio = atoi( q );
476 if( opt.nbio < 0 || opt.nbio > 2 )
477 goto usage;
478 }
Paul Bakker9caf2d22010-02-18 19:37:19 +0000479 else if( strcmp( p, "request_page" ) == 0 )
480 opt.request_page = q;
Paul Bakker93c32b22014-04-25 13:40:05 +0200481 else if( strcmp( p, "request_size" ) == 0 )
482 {
483 opt.request_size = atoi( q );
484 if( opt.request_size < 0 || opt.request_size > SSL_MAX_CONTENT_LEN )
485 goto usage;
486 }
Paul Bakker5690efc2011-05-26 13:16:06 +0000487 else if( strcmp( p, "ca_file" ) == 0 )
488 opt.ca_file = q;
Paul Bakker8d914582012-06-04 12:46:42 +0000489 else if( strcmp( p, "ca_path" ) == 0 )
490 opt.ca_path = q;
Paul Bakker67968392010-07-18 08:28:20 +0000491 else if( strcmp( p, "crt_file" ) == 0 )
492 opt.crt_file = q;
493 else if( strcmp( p, "key_file" ) == 0 )
494 opt.key_file = q;
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200495 else if( strcmp( p, "psk" ) == 0 )
496 opt.psk = q;
497 else if( strcmp( p, "psk_identity" ) == 0 )
498 opt.psk_identity = q;
Paul Bakker51936882011-02-20 16:05:58 +0000499 else if( strcmp( p, "force_ciphersuite" ) == 0 )
500 {
Paul Bakker51936882011-02-20 16:05:58 +0000501 opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
502
Manuel Pégourié-Gonnard8de259b2014-06-11 14:19:06 +0200503 if( opt.force_ciphersuite[0] == 0 )
Paul Bakkerfab5c822012-02-06 16:45:10 +0000504 {
505 ret = 2;
Paul Bakker51936882011-02-20 16:05:58 +0000506 goto usage;
Paul Bakkerfab5c822012-02-06 16:45:10 +0000507 }
Paul Bakker51936882011-02-20 16:05:58 +0000508 opt.force_ciphersuite[1] = 0;
509 }
Paul Bakker48916f92012-09-16 19:57:18 +0000510 else if( strcmp( p, "renegotiation" ) == 0 )
511 {
512 opt.renegotiation = (atoi( q )) ? SSL_RENEGOTIATION_ENABLED :
513 SSL_RENEGOTIATION_DISABLED;
514 }
515 else if( strcmp( p, "allow_legacy" ) == 0 )
516 {
517 opt.allow_legacy = atoi( q );
518 if( opt.allow_legacy < 0 || opt.allow_legacy > 1 )
519 goto usage;
520 }
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100521 else if( strcmp( p, "renegotiate" ) == 0 )
522 {
523 opt.renegotiate = atoi( q );
524 if( opt.renegotiate < 0 || opt.renegotiate > 1 )
525 goto usage;
526 }
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200527 else if( strcmp( p, "exchanges" ) == 0 )
528 {
529 opt.exchanges = atoi( q );
530 if( opt.exchanges < 1 )
531 goto usage;
532 }
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200533 else if( strcmp( p, "reconnect" ) == 0 )
534 {
535 opt.reconnect = atoi( q );
Manuel Pégourié-Gonnardcf2e97e2013-08-02 15:04:36 +0200536 if( opt.reconnect < 0 || opt.reconnect > 2 )
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +0200537 goto usage;
538 }
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100539 else if( strcmp( p, "reco_delay" ) == 0 )
540 {
541 opt.reco_delay = atoi( q );
542 if( opt.reco_delay < 0 )
543 goto usage;
544 }
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200545 else if( strcmp( p, "tickets" ) == 0 )
546 {
547 opt.tickets = atoi( q );
548 if( opt.tickets < 0 || opt.tickets > 2 )
549 goto usage;
550 }
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200551 else if( strcmp( p, "alpn" ) == 0 )
552 {
553 opt.alpn_string = q;
554 }
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200555 else if( strcmp( p, "fallback" ) == 0 )
556 {
557 switch( atoi( q ) )
558 {
559 case 0: opt.fallback = SSL_IS_NOT_FALLBACK; break;
560 case 1: opt.fallback = SSL_IS_FALLBACK; break;
561 default: goto usage;
562 }
563 }
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200564 else if( strcmp( p, "extended_ms" ) == 0 )
565 {
566 switch( atoi( q ) )
567 {
568 case 0: opt.extended_ms = SSL_EXTENDED_MS_DISABLED; break;
569 case 1: opt.extended_ms = SSL_EXTENDED_MS_ENABLED; break;
570 default: goto usage;
571 }
572 }
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100573 else if( strcmp( p, "etm" ) == 0 )
574 {
575 switch( atoi( q ) )
576 {
577 case 0: opt.etm = SSL_ETM_DISABLED; break;
578 case 1: opt.etm = SSL_ETM_ENABLED; break;
579 default: goto usage;
580 }
581 }
Paul Bakker1d29fb52012-09-28 13:28:45 +0000582 else if( strcmp( p, "min_version" ) == 0 )
583 {
584 if( strcmp( q, "ssl3" ) == 0 )
585 opt.min_version = SSL_MINOR_VERSION_0;
586 else if( strcmp( q, "tls1" ) == 0 )
587 opt.min_version = SSL_MINOR_VERSION_1;
588 else if( strcmp( q, "tls1_1" ) == 0 )
589 opt.min_version = SSL_MINOR_VERSION_2;
590 else if( strcmp( q, "tls1_2" ) == 0 )
591 opt.min_version = SSL_MINOR_VERSION_3;
592 else
593 goto usage;
594 }
595 else if( strcmp( p, "max_version" ) == 0 )
596 {
597 if( strcmp( q, "ssl3" ) == 0 )
598 opt.max_version = SSL_MINOR_VERSION_0;
599 else if( strcmp( q, "tls1" ) == 0 )
600 opt.max_version = SSL_MINOR_VERSION_1;
601 else if( strcmp( q, "tls1_1" ) == 0 )
602 opt.max_version = SSL_MINOR_VERSION_2;
603 else if( strcmp( q, "tls1_2" ) == 0 )
604 opt.max_version = SSL_MINOR_VERSION_3;
605 else
606 goto usage;
607 }
608 else if( strcmp( p, "force_version" ) == 0 )
609 {
610 if( strcmp( q, "ssl3" ) == 0 )
611 {
612 opt.min_version = SSL_MINOR_VERSION_0;
613 opt.max_version = SSL_MINOR_VERSION_0;
614 }
615 else if( strcmp( q, "tls1" ) == 0 )
616 {
617 opt.min_version = SSL_MINOR_VERSION_1;
618 opt.max_version = SSL_MINOR_VERSION_1;
619 }
620 else if( strcmp( q, "tls1_1" ) == 0 )
621 {
622 opt.min_version = SSL_MINOR_VERSION_2;
623 opt.max_version = SSL_MINOR_VERSION_2;
624 }
625 else if( strcmp( q, "tls1_2" ) == 0 )
626 {
627 opt.min_version = SSL_MINOR_VERSION_3;
628 opt.max_version = SSL_MINOR_VERSION_3;
629 }
630 else
631 goto usage;
632 }
Paul Bakker91ebfb52012-11-23 14:04:08 +0100633 else if( strcmp( p, "auth_mode" ) == 0 )
634 {
635 if( strcmp( q, "none" ) == 0 )
636 opt.auth_mode = SSL_VERIFY_NONE;
637 else if( strcmp( q, "optional" ) == 0 )
638 opt.auth_mode = SSL_VERIFY_OPTIONAL;
639 else if( strcmp( q, "required" ) == 0 )
640 opt.auth_mode = SSL_VERIFY_REQUIRED;
641 else
642 goto usage;
643 }
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +0200644 else if( strcmp( p, "max_frag_len" ) == 0 )
645 {
646 if( strcmp( q, "512" ) == 0 )
647 opt.mfl_code = SSL_MAX_FRAG_LEN_512;
648 else if( strcmp( q, "1024" ) == 0 )
649 opt.mfl_code = SSL_MAX_FRAG_LEN_1024;
650 else if( strcmp( q, "2048" ) == 0 )
651 opt.mfl_code = SSL_MAX_FRAG_LEN_2048;
652 else if( strcmp( q, "4096" ) == 0 )
653 opt.mfl_code = SSL_MAX_FRAG_LEN_4096;
654 else
655 goto usage;
656 }
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200657 else if( strcmp( p, "trunc_hmac" ) == 0 )
658 {
Manuel Pégourié-Gonnard265fe992015-01-09 12:43:35 +0100659 switch( atoi( q ) )
660 {
661 case 0: opt.trunc_hmac = SSL_TRUNC_HMAC_DISABLED; break;
662 case 1: opt.trunc_hmac = SSL_TRUNC_HMAC_ENABLED; break;
663 default: goto usage;
664 }
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200665 }
Paul Bakker9caf2d22010-02-18 19:37:19 +0000666 else
667 goto usage;
668 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000669
Paul Bakkerc73079a2014-04-25 16:34:30 +0200670#if defined(POLARSSL_DEBUG_C)
671 debug_set_threshold( opt.debug_level );
672#endif
673
Paul Bakkerc1516be2013-06-29 16:01:32 +0200674 if( opt.force_ciphersuite[0] > 0 )
675 {
676 const ssl_ciphersuite_t *ciphersuite_info;
677 ciphersuite_info = ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
678
Paul Bakker66c48102013-07-26 14:05:32 +0200679 if( opt.max_version != -1 &&
680 ciphersuite_info->min_minor_ver > opt.max_version )
681 {
682 printf("forced ciphersuite not allowed with this protocol version\n");
683 ret = 2;
684 goto usage;
685 }
686 if( opt.min_version != -1 &&
Paul Bakkerc1516be2013-06-29 16:01:32 +0200687 ciphersuite_info->max_minor_ver < opt.min_version )
688 {
689 printf("forced ciphersuite not allowed with this protocol version\n");
690 ret = 2;
691 goto usage;
692 }
Paul Bakker66c48102013-07-26 14:05:32 +0200693 if( opt.max_version > ciphersuite_info->max_minor_ver )
694 opt.max_version = ciphersuite_info->max_minor_ver;
695 if( opt.min_version < ciphersuite_info->min_minor_ver )
696 opt.min_version = ciphersuite_info->min_minor_ver;
Paul Bakkerc1516be2013-06-29 16:01:32 +0200697 }
698
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200699#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Paul Bakker5121ce52009-01-03 21:22:43 +0000700 /*
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200701 * Unhexify the pre-shared key if any is given
702 */
703 if( strlen( opt.psk ) )
704 {
705 unsigned char c;
706 size_t j;
707
708 if( strlen( opt.psk ) % 2 != 0 )
709 {
710 printf("pre-shared key not valid hex\n");
711 goto exit;
712 }
713
714 psk_len = strlen( opt.psk ) / 2;
715
716 for( j = 0; j < strlen( opt.psk ); j += 2 )
717 {
718 c = opt.psk[j];
719 if( c >= '0' && c <= '9' )
720 c -= '0';
721 else if( c >= 'a' && c <= 'f' )
722 c -= 'a' - 10;
723 else if( c >= 'A' && c <= 'F' )
724 c -= 'A' - 10;
725 else
726 {
727 printf("pre-shared key not valid hex\n");
728 goto exit;
729 }
730 psk[ j / 2 ] = c << 4;
731
732 c = opt.psk[j + 1];
733 if( c >= '0' && c <= '9' )
734 c -= '0';
735 else if( c >= 'a' && c <= 'f' )
736 c -= 'a' - 10;
737 else if( c >= 'A' && c <= 'F' )
738 c -= 'A' - 10;
739 else
740 {
741 printf("pre-shared key not valid hex\n");
742 goto exit;
743 }
744 psk[ j / 2 ] |= c;
745 }
746 }
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200747#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200748
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200749#if defined(POLARSSL_SSL_ALPN)
750 if( opt.alpn_string != NULL )
751 {
752 p = (char *) opt.alpn_string;
753 i = 0;
754
755 /* Leave room for a final NULL in alpn_list */
756 while( i < (int) sizeof alpn_list - 1 && *p != '\0' )
757 {
758 alpn_list[i++] = p;
759
760 /* Terminate the current string and move on to next one */
761 while( *p != ',' && *p != '\0' )
762 p++;
763 if( *p == ',' )
764 *p++ = '\0';
765 }
766 }
767#endif /* POLARSSL_SSL_ALPN */
768
Paul Bakkerd4a56ec2013-04-16 18:05:29 +0200769 /*
Paul Bakker5121ce52009-01-03 21:22:43 +0000770 * 0. Initialize the RNG and the session data
771 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000772 printf( "\n . Seeding the random number generator..." );
773 fflush( stdout );
774
775 entropy_init( &entropy );
776 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200777 (const unsigned char *) pers,
778 strlen( pers ) ) ) != 0 )
Paul Bakker508ad5a2011-12-04 17:09:26 +0000779 {
Paul Bakker0b22e3e2012-04-18 14:23:29 +0000780 printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
Paul Bakker508ad5a2011-12-04 17:09:26 +0000781 goto exit;
782 }
783
784 printf( " ok\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000785
Paul Bakker36713e82013-09-17 13:25:29 +0200786#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000787 /*
788 * 1.1. Load the trusted CA
789 */
Paul Bakker508ad5a2011-12-04 17:09:26 +0000790 printf( " . Loading the CA root certificate ..." );
Paul Bakker5121ce52009-01-03 21:22:43 +0000791 fflush( stdout );
792
Paul Bakker5690efc2011-05-26 13:16:06 +0000793#if defined(POLARSSL_FS_IO)
Paul Bakker8d914582012-06-04 12:46:42 +0000794 if( strlen( opt.ca_path ) )
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100795 if( strcmp( opt.ca_path, "none" ) == 0 )
796 ret = 0;
797 else
798 ret = x509_crt_parse_path( &cacert, opt.ca_path );
Paul Bakker8d914582012-06-04 12:46:42 +0000799 else if( strlen( opt.ca_file ) )
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100800 if( strcmp( opt.ca_file, "none" ) == 0 )
801 ret = 0;
802 else
803 ret = x509_crt_parse_file( &cacert, opt.ca_file );
Paul Bakkered27a042013-04-18 22:46:23 +0200804 else
Paul Bakker5690efc2011-05-26 13:16:06 +0000805#endif
806#if defined(POLARSSL_CERTS_C)
Manuel Pégourié-Gonnard641de712013-09-25 13:23:33 +0200807 ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
808 strlen( test_ca_list ) );
Paul Bakker5690efc2011-05-26 13:16:06 +0000809#else
810 {
811 ret = 1;
812 printf("POLARSSL_CERTS_C not defined.");
813 }
814#endif
Paul Bakker42488232012-05-16 08:21:05 +0000815 if( ret < 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000816 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200817 printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000818 goto exit;
819 }
820
Paul Bakker42488232012-05-16 08:21:05 +0000821 printf( " ok (%d skipped)\n", ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000822
823 /*
824 * 1.2. Load own certificate and private key
825 *
826 * (can be skipped if client authentication is not required)
827 */
828 printf( " . Loading the client cert. and key..." );
829 fflush( stdout );
830
Paul Bakker5690efc2011-05-26 13:16:06 +0000831#if defined(POLARSSL_FS_IO)
Paul Bakker67968392010-07-18 08:28:20 +0000832 if( strlen( opt.crt_file ) )
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100833 if( strcmp( opt.crt_file, "none" ) == 0 )
834 ret = 0;
835 else
836 ret = x509_crt_parse_file( &clicert, opt.crt_file );
Paul Bakkered27a042013-04-18 22:46:23 +0200837 else
Paul Bakker5690efc2011-05-26 13:16:06 +0000838#endif
839#if defined(POLARSSL_CERTS_C)
Paul Bakkerddf26b42013-09-18 13:46:23 +0200840 ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
Paul Bakker69e095c2011-12-10 21:55:01 +0000841 strlen( test_cli_crt ) );
Paul Bakker5690efc2011-05-26 13:16:06 +0000842#else
843 {
844 ret = 1;
845 printf("POLARSSL_CERTS_C not defined.");
846 }
847#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000848 if( ret != 0 )
849 {
Paul Bakkerddf26b42013-09-18 13:46:23 +0200850 printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000851 goto exit;
852 }
853
Paul Bakker5690efc2011-05-26 13:16:06 +0000854#if defined(POLARSSL_FS_IO)
Paul Bakker67968392010-07-18 08:28:20 +0000855 if( strlen( opt.key_file ) )
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100856 if( strcmp( opt.key_file, "none" ) == 0 )
857 ret = 0;
858 else
859 ret = pk_parse_keyfile( &pkey, opt.key_file, "" );
Paul Bakker67968392010-07-18 08:28:20 +0000860 else
Paul Bakker5690efc2011-05-26 13:16:06 +0000861#endif
862#if defined(POLARSSL_CERTS_C)
Paul Bakker1a7550a2013-09-15 13:01:22 +0200863 ret = pk_parse_key( &pkey, (const unsigned char *) test_cli_key,
Paul Bakker67968392010-07-18 08:28:20 +0000864 strlen( test_cli_key ), NULL, 0 );
Paul Bakker5690efc2011-05-26 13:16:06 +0000865#else
866 {
867 ret = 1;
868 printf("POLARSSL_CERTS_C not defined.");
869 }
870#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000871 if( ret != 0 )
872 {
Paul Bakker1a7550a2013-09-15 13:01:22 +0200873 printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000874 goto exit;
875 }
876
877 printf( " ok\n" );
Paul Bakker36713e82013-09-17 13:25:29 +0200878#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker5121ce52009-01-03 21:22:43 +0000879
880 /*
881 * 2. Start the connection
882 */
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100883 if( opt.server_addr == NULL)
884 opt.server_addr = opt.server_name;
885
886 printf( " . Connecting to tcp/%s/%-4d...", opt.server_addr,
Paul Bakker9caf2d22010-02-18 19:37:19 +0000887 opt.server_port );
Paul Bakker5121ce52009-01-03 21:22:43 +0000888 fflush( stdout );
889
Manuel Pégourié-Gonnard0d8780b2014-02-25 11:11:26 +0100890 if( ( ret = net_connect( &server_fd, opt.server_addr,
Paul Bakker9caf2d22010-02-18 19:37:19 +0000891 opt.server_port ) ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000892 {
Paul Bakker0b22e3e2012-04-18 14:23:29 +0000893 printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000894 goto exit;
895 }
896
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100897 if( opt.nbio > 0 )
898 ret = net_set_nonblock( server_fd );
899 else
900 ret = net_set_block( server_fd );
901 if( ret != 0 )
902 {
903 printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
904 goto exit;
905 }
906
Paul Bakker5121ce52009-01-03 21:22:43 +0000907 printf( " ok\n" );
908
909 /*
910 * 3. Setup stuff
911 */
912 printf( " . Setting up the SSL/TLS structure..." );
913 fflush( stdout );
914
Paul Bakker5121ce52009-01-03 21:22:43 +0000915 if( ( ret = ssl_init( &ssl ) ) != 0 )
916 {
Paul Bakker0b22e3e2012-04-18 14:23:29 +0000917 printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000918 goto exit;
919 }
920
921 printf( " ok\n" );
922
Paul Bakker36713e82013-09-17 13:25:29 +0200923#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker915275b2012-09-28 07:10:55 +0000924 if( opt.debug_level > 0 )
925 ssl_set_verify( &ssl, my_verify, NULL );
Paul Bakkered27a042013-04-18 22:46:23 +0200926#endif
Paul Bakker915275b2012-09-28 07:10:55 +0000927
Paul Bakker5121ce52009-01-03 21:22:43 +0000928 ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
Paul Bakker91ebfb52012-11-23 14:04:08 +0100929 ssl_set_authmode( &ssl, opt.auth_mode );
Paul Bakker5121ce52009-01-03 21:22:43 +0000930
Paul Bakker05decb22013-08-15 13:33:48 +0200931#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +0200932 if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
933 {
934 printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
935 goto exit;
936 }
Paul Bakker05decb22013-08-15 13:33:48 +0200937#endif
Manuel Pégourié-Gonnard0df6b1f2013-07-16 13:39:57 +0200938
Paul Bakker1f2bc622013-08-15 13:45:55 +0200939#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
Manuel Pégourié-Gonnard265fe992015-01-09 12:43:35 +0100940 if( opt.trunc_hmac != DFL_TRUNC_HMAC )
941 ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
Paul Bakker1f2bc622013-08-15 13:45:55 +0200942#endif
Manuel Pégourié-Gonnarde980a992013-07-19 11:08:52 +0200943
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200944#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
945 if( opt.extended_ms != DFL_EXTENDED_MS )
946 ssl_set_extended_master_secret( &ssl, opt.extended_ms );
947#endif
948
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100949#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
950 if( opt.etm != DFL_ETM )
951 ssl_set_encrypt_then_mac( &ssl, opt.etm );
952#endif
953
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200954#if defined(POLARSSL_SSL_ALPN)
955 if( opt.alpn_string != NULL )
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +0200956 if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
957 {
958 printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
959 goto exit;
960 }
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200961#endif
962
Paul Bakker508ad5a2011-12-04 17:09:26 +0000963 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker9caf2d22010-02-18 19:37:19 +0000964 ssl_set_dbg( &ssl, my_debug, stdout );
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100965
966 if( opt.nbio == 2 )
967 ssl_set_bio( &ssl, my_recv, &server_fd, my_send, &server_fd );
968 else
969 ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd );
Paul Bakker5121ce52009-01-03 21:22:43 +0000970
Paul Bakkera503a632013-08-14 13:48:06 +0200971#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +0200972 if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
973 {
974 printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
975 goto exit;
976 }
Paul Bakkera503a632013-08-14 13:48:06 +0200977#endif
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200978
Paul Bakker645ce3a2012-10-31 12:32:41 +0000979 if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
Paul Bakker51936882011-02-20 16:05:58 +0000980 ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
981
Paul Bakker48916f92012-09-16 19:57:18 +0000982 ssl_set_renegotiation( &ssl, opt.renegotiation );
983 ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
984
Paul Bakker36713e82013-09-17 13:25:29 +0200985#if defined(POLARSSL_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100986 if( strcmp( opt.ca_path, "none" ) != 0 &&
987 strcmp( opt.ca_file, "none" ) != 0 )
988 {
989 ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
990 }
991 if( strcmp( opt.crt_file, "none" ) != 0 &&
992 strcmp( opt.key_file, "none" ) != 0 )
993 {
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +0200994 if( ( ret = ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
995 {
996 printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
997 goto exit;
998 }
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +0100999 }
Paul Bakkered27a042013-04-18 22:46:23 +02001000#endif
1001
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +02001002#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001003 if( ( ret = ssl_set_psk( &ssl, psk, psk_len,
1004 (const unsigned char *) opt.psk_identity,
1005 strlen( opt.psk_identity ) ) ) != 0 )
1006 {
1007 printf( " failed\n ! ssl_set_psk returned %d\n\n", ret );
1008 goto exit;
1009 }
Paul Bakkered27a042013-04-18 22:46:23 +02001010#endif
1011
Paul Bakker0be444a2013-08-27 21:55:01 +02001012#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001013 if( ( ret = ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
1014 {
1015 printf( " failed\n ! ssl_set_hostname returned %d\n\n", ret );
1016 goto exit;
1017 }
Paul Bakker0be444a2013-08-27 21:55:01 +02001018#endif
Paul Bakker5121ce52009-01-03 21:22:43 +00001019
Paul Bakker1d29fb52012-09-28 13:28:45 +00001020 if( opt.min_version != -1 )
1021 ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
1022 if( opt.max_version != -1 )
1023 ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +02001024#if defined(POLARSSL_SSL_FALLBACK_SCSV)
1025 if( opt.fallback != DFL_FALLBACK )
1026 ssl_set_fallback( &ssl, opt.fallback );
1027#endif
Paul Bakker1d29fb52012-09-28 13:28:45 +00001028
Paul Bakker5121ce52009-01-03 21:22:43 +00001029 /*
1030 * 4. Handshake
1031 */
1032 printf( " . Performing the SSL/TLS handshake..." );
1033 fflush( stdout );
1034
1035 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
1036 {
Paul Bakker831a7552011-05-18 13:32:51 +00001037 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +00001038 {
Manuel Pégourié-Gonnardfcf2fc22014-03-11 11:10:27 +01001039 printf( " failed\n ! ssl_handshake returned -0x%x\n", -ret );
1040 if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED )
1041 printf(
1042 " Unable to verify the server's certificate. "
1043 "Either it is invalid,\n"
1044 " or you didn't set ca_file or ca_path "
1045 "to an appropriate value.\n"
1046 " Alternatively, you may want to use "
1047 "auth_mode=optional for testing purposes.\n" );
1048 printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +00001049 goto exit;
1050 }
1051 }
1052
Manuel Pégourié-Gonnardc580a002014-02-12 10:15:30 +01001053 printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
1054 ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
Paul Bakker5121ce52009-01-03 21:22:43 +00001055
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +02001056#if defined(POLARSSL_SSL_ALPN)
1057 if( opt.alpn_string != NULL )
1058 {
1059 const char *alp = ssl_get_alpn_protocol( &ssl );
1060 printf( " [ Application Layer Protocol is %s ]\n",
1061 alp ? alp : "(none)" );
1062 }
1063#endif
1064
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +02001065 if( opt.reconnect != 0 )
1066 {
1067 printf(" . Saving session for reuse..." );
1068 fflush( stdout );
1069
1070 if( ( ret = ssl_get_session( &ssl, &saved_session ) ) != 0 )
1071 {
1072 printf( " failed\n ! ssl_get_session returned -0x%x\n\n", -ret );
1073 goto exit;
1074 }
1075
1076 printf( " ok\n" );
1077 }
1078
Paul Bakker36713e82013-09-17 13:25:29 +02001079#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker5121ce52009-01-03 21:22:43 +00001080 /*
1081 * 5. Verify the server certificate
1082 */
1083 printf( " . Verifying peer X.509 certificate..." );
1084
1085 if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
1086 {
1087 printf( " failed\n" );
1088
1089 if( ( ret & BADCERT_EXPIRED ) != 0 )
1090 printf( " ! server certificate has expired\n" );
1091
1092 if( ( ret & BADCERT_REVOKED ) != 0 )
1093 printf( " ! server certificate has been revoked\n" );
1094
1095 if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
Paul Bakker9caf2d22010-02-18 19:37:19 +00001096 printf( " ! CN mismatch (expected CN=%s)\n", opt.server_name );
Paul Bakker5121ce52009-01-03 21:22:43 +00001097
1098 if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
1099 printf( " ! self-signed or not signed by a trusted CA\n" );
1100
1101 printf( "\n" );
1102 }
1103 else
1104 printf( " ok\n" );
1105
Paul Bakkerd4a56ec2013-04-16 18:05:29 +02001106 if( ssl_get_peer_cert( &ssl ) != NULL )
1107 {
1108 printf( " . Peer certificate information ...\n" );
Paul Bakkerddf26b42013-09-18 13:46:23 +02001109 x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
1110 ssl_get_peer_cert( &ssl ) );
Paul Bakkerd4a56ec2013-04-16 18:05:29 +02001111 printf( "%s\n", buf );
1112 }
Paul Bakker36713e82013-09-17 13:25:29 +02001113#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakker5121ce52009-01-03 21:22:43 +00001114
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01001115 if( opt.renegotiate )
Manuel Pégourié-Gonnard53b3e062013-10-29 18:16:38 +01001116 {
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01001117 /*
1118 * Perform renegotiation (this must be done when the server is waiting
1119 * for input from our side).
1120 */
1121 printf( " . Performing renegotiation..." );
1122 fflush( stdout );
1123 while( ( ret = ssl_renegotiate( &ssl ) ) != 0 )
Manuel Pégourié-Gonnard53b3e062013-10-29 18:16:38 +01001124 {
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01001125 if( ret != POLARSSL_ERR_NET_WANT_READ &&
1126 ret != POLARSSL_ERR_NET_WANT_WRITE )
1127 {
1128 printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
1129 goto exit;
1130 }
Manuel Pégourié-Gonnard53b3e062013-10-29 18:16:38 +01001131 }
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01001132 printf( " ok\n" );
Manuel Pégourié-Gonnard53b3e062013-10-29 18:16:38 +01001133 }
Manuel Pégourié-Gonnard53b3e062013-10-29 18:16:38 +01001134
Paul Bakker5121ce52009-01-03 21:22:43 +00001135 /*
1136 * 6. Write the GET request
1137 */
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +02001138send_request:
Paul Bakker5121ce52009-01-03 21:22:43 +00001139 printf( " > Write to server:" );
1140 fflush( stdout );
1141
Manuel Pégourié-Gonnarddcab2932014-08-14 17:47:17 +02001142 len = snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
1143 opt.request_page );
1144 tail_len = strlen( GET_REQUEST_END );
1145
1146 /* Add padding to GET request to reach opt.request_size in length */
1147 if( opt.request_size != DFL_REQUEST_SIZE &&
1148 len + tail_len < opt.request_size )
Paul Bakker93c32b22014-04-25 13:40:05 +02001149 {
Manuel Pégourié-Gonnarddcab2932014-08-14 17:47:17 +02001150 memset( buf + len, 'A', opt.request_size - len - tail_len );
1151 len += opt.request_size - len - tail_len;
Paul Bakker93c32b22014-04-25 13:40:05 +02001152 }
Paul Bakker5121ce52009-01-03 21:22:43 +00001153
Manuel Pégourié-Gonnarddcab2932014-08-14 17:47:17 +02001154 strncpy( (char *) buf + len, GET_REQUEST_END, sizeof(buf) - len - 1 );
1155 len += tail_len;
1156
Manuel Pégourié-Gonnarddea29c52014-06-18 13:07:56 +02001157 /* Truncate if request size is smaller than the "natural" size */
1158 if( opt.request_size != DFL_REQUEST_SIZE &&
1159 len > opt.request_size )
1160 {
1161 len = opt.request_size;
1162
1163 /* Still end with \r\n unless that's really not possible */
1164 if( len >= 2 ) buf[len - 2] = '\r';
1165 if( len >= 1 ) buf[len - 1] = '\n';
1166 }
1167
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +02001168 for( written = 0, frags = 0; written < len; written += ret, frags++ )
Paul Bakker5121ce52009-01-03 21:22:43 +00001169 {
Manuel Pégourié-Gonnard787b6582013-07-16 15:43:17 +02001170 while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +00001171 {
Manuel Pégourié-Gonnard787b6582013-07-16 15:43:17 +02001172 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
1173 {
1174 printf( " failed\n ! ssl_write returned -0x%x\n\n", -ret );
1175 goto exit;
1176 }
Paul Bakker5121ce52009-01-03 21:22:43 +00001177 }
1178 }
1179
Manuel Pégourié-Gonnard787b6582013-07-16 15:43:17 +02001180 buf[written] = '\0';
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +02001181 printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
Paul Bakker5121ce52009-01-03 21:22:43 +00001182
1183 /*
1184 * 7. Read the HTTP response
1185 */
1186 printf( " < Read from server:" );
1187 fflush( stdout );
1188
1189 do
1190 {
1191 len = sizeof( buf ) - 1;
1192 memset( buf, 0, sizeof( buf ) );
1193 ret = ssl_read( &ssl, buf, len );
1194
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001195 if( ret == POLARSSL_ERR_NET_WANT_READ ||
1196 ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker5121ce52009-01-03 21:22:43 +00001197 continue;
1198
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001199 if( ret <= 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +00001200 {
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001201 switch( ret )
1202 {
1203 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
1204 printf( " connection was closed gracefully\n" );
1205 ret = 0;
Manuel Pégourié-Gonnardf1388742014-08-19 16:14:36 +02001206 goto close_notify;
Paul Bakker5121ce52009-01-03 21:22:43 +00001207
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001208 case 0:
1209 case POLARSSL_ERR_NET_CONN_RESET:
1210 printf( " connection was reset by peer\n" );
1211 ret = 0;
1212 goto reconnect;
1213
1214 default:
1215 printf( " ssl_read returned -0x%x\n", -ret );
1216 goto exit;
1217 }
Paul Bakker5690efc2011-05-26 13:16:06 +00001218 }
1219
Paul Bakker5121ce52009-01-03 21:22:43 +00001220 len = ret;
Paul Bakker93c32b22014-04-25 13:40:05 +02001221 buf[len] = '\0';
Paul Bakker5121ce52009-01-03 21:22:43 +00001222 printf( " %d bytes read\n\n%s", len, (char *) buf );
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001223
1224 /* End of message should be detected according to the syntax of the
1225 * application protocol (eg HTTP), just use a dummy test here. */
1226 if( ret > 0 && buf[len-1] == '\n' )
1227 {
1228 ret = 0;
1229 break;
1230 }
Paul Bakker5121ce52009-01-03 21:22:43 +00001231 }
Paul Bakkerf3571312011-05-20 12:32:35 +00001232 while( 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +00001233
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001234 /*
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001235 * 7b. Continue doing data exchanges?
1236 */
1237 if( --opt.exchanges > 0 )
1238 goto send_request;
1239
1240 /*
Manuel Pégourié-Gonnardf1388742014-08-19 16:14:36 +02001241 * 8. Done, cleanly close the connection
1242 */
1243close_notify:
1244 printf( " . Closing the connection..." );
1245
1246 while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
1247 {
1248 if( ret == POLARSSL_ERR_NET_CONN_RESET )
1249 {
1250 printf( " ok (already closed by peer)\n" );
1251 ret = 0;
1252 goto reconnect;
1253 }
1254
1255 if( ret != POLARSSL_ERR_NET_WANT_READ &&
1256 ret != POLARSSL_ERR_NET_WANT_WRITE )
1257 {
1258 printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
1259 goto reconnect;
1260 }
1261 }
1262
1263 printf( " ok\n" );
1264
1265 /*
1266 * 9. Reconnect?
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001267 */
1268reconnect:
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +02001269 if( opt.reconnect != 0 )
1270 {
Manuel Pégourié-Gonnardcf2e97e2013-08-02 15:04:36 +02001271 --opt.reconnect;
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +02001272
Manuel Pégourié-Gonnard6b0d2682014-03-25 11:24:43 +01001273 net_close( server_fd );
1274
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01001275#if defined(POLARSSL_TIMING_C)
1276 if( opt.reco_delay > 0 )
1277 m_sleep( 1000 * opt.reco_delay );
1278#endif
Manuel Pégourié-Gonnard38d1eba2013-08-23 10:44:29 +02001279
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +02001280 printf( " . Reconnecting with saved session..." );
1281 fflush( stdout );
1282
1283 if( ( ret = ssl_session_reset( &ssl ) ) != 0 )
1284 {
1285 printf( " failed\n ! ssl_session_reset returned -0x%x\n\n", -ret );
1286 goto exit;
1287 }
1288
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001289 if( ( ret = ssl_set_session( &ssl, &saved_session ) ) != 0 )
1290 {
1291 printf( " failed\n ! ssl_set_session returned %d\n\n", ret );
1292 goto exit;
1293 }
Manuel Pégourié-Gonnardaaa1eab2013-07-30 13:43:43 +02001294
1295 if( ( ret = net_connect( &server_fd, opt.server_name,
1296 opt.server_port ) ) != 0 )
1297 {
1298 printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
1299 goto exit;
1300 }
1301
1302 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
1303 {
1304 if( ret != POLARSSL_ERR_NET_WANT_READ &&
1305 ret != POLARSSL_ERR_NET_WANT_WRITE )
1306 {
1307 printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
1308 goto exit;
1309 }
1310 }
1311
1312 printf( " ok\n" );
1313
1314 goto send_request;
1315 }
1316
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001317 /*
1318 * Cleanup and exit
1319 */
Paul Bakker5121ce52009-01-03 21:22:43 +00001320exit:
Paul Bakkera3d195c2011-11-27 21:07:34 +00001321#ifdef POLARSSL_ERROR_C
1322 if( ret != 0 )
1323 {
1324 char error_buf[100];
Paul Bakker03a8a792013-06-30 12:18:08 +02001325 polarssl_strerror( ret, error_buf, 100 );
Paul Bakker570267f2012-04-10 08:22:46 +00001326 printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
Paul Bakkera3d195c2011-11-27 21:07:34 +00001327 }
1328#endif
1329
Paul Bakker1a207ec2011-02-06 13:22:40 +00001330 if( server_fd )
1331 net_close( server_fd );
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001332
Paul Bakker36713e82013-09-17 13:25:29 +02001333#if defined(POLARSSL_X509_CRT_PARSE_C)
1334 x509_crt_free( &clicert );
1335 x509_crt_free( &cacert );
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +02001336 pk_free( &pkey );
Paul Bakkered27a042013-04-18 22:46:23 +02001337#endif
Manuel Pégourié-Gonnard06650f62013-08-02 15:34:52 +02001338 ssl_session_free( &saved_session );
Paul Bakker5121ce52009-01-03 21:22:43 +00001339 ssl_free( &ssl );
Paul Bakkera317a982014-06-18 16:44:11 +02001340 ctr_drbg_free( &ctr_drbg );
Paul Bakker1ffefac2013-09-28 15:23:03 +02001341 entropy_free( &entropy );
Paul Bakker5121ce52009-01-03 21:22:43 +00001342
Paul Bakkercce9d772011-11-18 14:26:47 +00001343#if defined(_WIN32)
Paul Bakker5121ce52009-01-03 21:22:43 +00001344 printf( " + Press Enter to exit this program.\n" );
1345 fflush( stdout ); getchar();
1346#endif
1347
Paul Bakkerdbd79ca2013-07-24 16:28:35 +02001348 // Shell can not handle large exit numbers -> 1 for errors
1349 if( ret < 0 )
1350 ret = 1;
1351
Paul Bakker5121ce52009-01-03 21:22:43 +00001352 return( ret );
1353}
Paul Bakker508ad5a2011-12-04 17:09:26 +00001354#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
1355 POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
1356 POLARSSL_CTR_DRBG_C */