blob: 39420d53af6b24d50cbfb70493a12bd5924a0e50 [file] [log] [blame]
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001/*
2 * SSL client with options
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +00004 * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
Paul Bakkerb60b95f2012-09-25 09:05:17 +00005 *
Manuel Pégourié-Gonnard860b5162015-01-28 17:12:07 +00006 * This file is part of mbed TLS (https://polarssl.org)
Paul Bakkerb60b95f2012-09-25 09:05:17 +00007 *
Paul Bakkerb60b95f2012-09-25 09:05:17 +00008 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020023#if !defined(POLARSSL_CONFIG_FILE)
Manuel Pégourié-Gonnardabd6e022013-09-20 13:30:43 +020024#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +020025#else
26#include POLARSSL_CONFIG_FILE
27#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +000028
Rich Evansf90016a2015-01-19 14:26:37 +000029#if defined(POLARSSL_PLATFORM_C)
30#include "polarssl/platform.h"
31#else
32#define polarssl_printf printf
33#define polarssl_fprintf fprintf
34#define polarssl_malloc malloc
35#define polarssl_free free
36#endif
37
Manuel Pégourié-Gonnard8a4d5712014-06-24 14:19:59 +020038#if !defined(POLARSSL_ENTROPY_C) || \
39 !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_SRV_C) || \
40 !defined(POLARSSL_NET_C) || !defined(POLARSSL_CTR_DRBG_C)
41#include <stdio.h>
42int main( int argc, char *argv[] )
43{
44 ((void) argc);
45 ((void) argv);
46
Rich Evansf90016a2015-01-19 14:26:37 +000047 polarssl_printf("POLARSSL_ENTROPY_C and/or "
Manuel Pégourié-Gonnard8a4d5712014-06-24 14:19:59 +020048 "POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_SRV_C and/or "
49 "POLARSSL_NET_C and/or POLARSSL_CTR_DRBG_C not defined.\n");
50 return( 0 );
51}
52#else
53
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +010054#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) && defined(POLARSSL_FS_IO)
55#define POLARSSL_SNI
56#endif
57
Paul Bakkerb60b95f2012-09-25 09:05:17 +000058#if defined(_WIN32)
59#include <windows.h>
60#endif
61
62#include <string.h>
63#include <stdlib.h>
64#include <stdio.h>
Paul Bakkerc1283d32014-08-18 11:05:51 +020065
66#if !defined(_WIN32)
Manuel Pégourié-Gonnarddb493302014-08-14 15:36:12 +020067#include <signal.h>
Paul Bakkerc1283d32014-08-18 11:05:51 +020068#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +000069
Paul Bakkerb60b95f2012-09-25 09:05:17 +000070#include "polarssl/net.h"
71#include "polarssl/ssl.h"
72#include "polarssl/entropy.h"
73#include "polarssl/ctr_drbg.h"
74#include "polarssl/certs.h"
75#include "polarssl/x509.h"
76#include "polarssl/error.h"
Paul Bakkerc73079a2014-04-25 16:34:30 +020077#include "polarssl/debug.h"
Paul Bakkerb60b95f2012-09-25 09:05:17 +000078
Paul Bakker0a597072012-09-25 21:55:46 +000079#if defined(POLARSSL_SSL_CACHE_C)
80#include "polarssl/ssl_cache.h"
81#endif
82
Paul Bakker82024bf2013-07-04 11:52:32 +020083#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
Manuel Pégourié-Gonnardd43ccb62015-01-23 17:38:09 +000084#include "polarssl/memory_buffer_alloc.h"
Paul Bakker82024bf2013-07-04 11:52:32 +020085#endif
86
Manuel Pégourié-Gonnard18d31f82013-12-13 16:21:41 +010087#define DFL_SERVER_ADDR NULL
Paul Bakkerb60b95f2012-09-25 09:05:17 +000088#define DFL_SERVER_PORT 4433
Paul Bakkerb60b95f2012-09-25 09:05:17 +000089#define DFL_DEBUG_LEVEL 0
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +010090#define DFL_NBIO 0
Paul Bakkerb60b95f2012-09-25 09:05:17 +000091#define DFL_CA_FILE ""
92#define DFL_CA_PATH ""
93#define DFL_CRT_FILE ""
94#define DFL_KEY_FILE ""
Manuel Pégourié-Gonnard3ebb2cd2013-09-23 17:00:18 +020095#define DFL_CRT_FILE2 ""
96#define DFL_KEY_FILE2 ""
Paul Bakkerfbb17802013-04-17 19:10:21 +020097#define DFL_PSK ""
98#define DFL_PSK_IDENTITY "Client_identity"
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +020099#define DFL_PSK_LIST NULL
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000100#define DFL_FORCE_CIPHER 0
Manuel Pégourié-Gonnard6dc07812014-06-11 13:50:34 +0200101#define DFL_VERSION_SUITES NULL
Manuel Pégourié-Gonnard00d538f2014-03-31 10:44:40 +0200102#define DFL_RENEGOTIATION SSL_RENEGOTIATION_DISABLED
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100103#define DFL_ALLOW_LEGACY -2
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100104#define DFL_RENEGOTIATE 0
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200105#define DFL_RENEGO_DELAY -2
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100106#define DFL_RENEGO_PERIOD -1
Manuel Pégourié-Gonnard67686c42014-08-15 11:17:27 +0200107#define DFL_EXCHANGES 1
Manuel Pégourié-Gonnard448ea502015-01-12 11:40:14 +0100108#define DFL_MIN_VERSION SSL_MINOR_VERSION_1
Paul Bakkerc1516be2013-06-29 16:01:32 +0200109#define DFL_MAX_VERSION -1
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100110#define DFL_ARC4 SSL_ARC4_DISABLED
Paul Bakker91ebfb52012-11-23 14:04:08 +0100111#define DFL_AUTH_MODE SSL_VERIFY_OPTIONAL
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200112#define DFL_MFL_CODE SSL_MAX_FRAG_LEN_NONE
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100113#define DFL_TRUNC_HMAC -1
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200114#define DFL_TICKETS SSL_SESSION_TICKETS_ENABLED
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100115#define DFL_TICKET_TIMEOUT -1
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100116#define DFL_CACHE_MAX -1
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100117#define DFL_CACHE_TIMEOUT -1
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100118#define DFL_SNI NULL
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200119#define DFL_ALPN_STRING NULL
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +0200120#define DFL_DHM_FILE NULL
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200121#define DFL_EXTENDED_MS -1
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100122#define DFL_ETM -1
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000123
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200124#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
125 "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
126 "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
127 "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
128 "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
129 "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
130 "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200131
Paul Bakker8e714d72013-07-18 11:05:13 +0200132/* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
133 * packets (for fragmentation purposes) */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000134#define HTTP_RESPONSE \
135 "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
Manuel Pégourié-Gonnard91699212015-01-22 16:26:39 +0000136 "<h2>mbed TLS Test Server</h2>\r\n" \
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +0200137 "<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000138
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +0200139/*
140 * Size of the basic I/O buffer. Able to hold our default response.
141 *
142 * You will need to adapt the ssl_get_bytes_avail() test in ssl-opt.sh
143 * if you change this value to something outside the range <= 100 or > 500
144 */
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +0200145#define IO_BUF_LEN 200
146
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000147/*
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000148 * global options
149 */
150struct options
151{
Manuel Pégourié-Gonnard18d31f82013-12-13 16:21:41 +0100152 const char *server_addr; /* address on which the ssl service runs */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000153 int server_port; /* port on which the ssl service runs */
154 int debug_level; /* level of debugging */
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100155 int nbio; /* should I/O be blocking? */
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200156 const char *ca_file; /* the file with the CA certificate(s) */
157 const char *ca_path; /* the path with the CA certificate(s) reside */
Manuel Pégourié-Gonnard3ebb2cd2013-09-23 17:00:18 +0200158 const char *crt_file; /* the file with the server certificate */
159 const char *key_file; /* the file with the server key */
160 const char *crt_file2; /* the file with the 2nd server certificate */
161 const char *key_file2; /* the file with the 2nd server key */
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200162 const char *psk; /* the pre-shared key */
163 const char *psk_identity; /* the pre-shared key identity */
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +0200164 char *psk_list; /* list of PSK id/key pairs for callback */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000165 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
Manuel Pégourié-Gonnard6dc07812014-06-11 13:50:34 +0200166 const char *version_suites; /* per-version ciphersuites */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000167 int renegotiation; /* enable / disable renegotiation */
168 int allow_legacy; /* allow legacy renegotiation */
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100169 int renegotiate; /* attempt renegotiation? */
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200170 int renego_delay; /* delay before enforcing renegotiation */
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100171 int renego_period; /* period for automatic renegotiation */
Manuel Pégourié-Gonnard67686c42014-08-15 11:17:27 +0200172 int exchanges; /* number of data exchanges */
Paul Bakker1d29fb52012-09-28 13:28:45 +0000173 int min_version; /* minimum protocol version accepted */
Paul Bakkerc1516be2013-06-29 16:01:32 +0200174 int max_version; /* maximum protocol version accepted */
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100175 int arc4; /* flag for arc4 suites support */
Paul Bakker91ebfb52012-11-23 14:04:08 +0100176 int auth_mode; /* verify mode for connection */
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200177 unsigned char mfl_code; /* code for maximum fragment length */
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100178 int trunc_hmac; /* accept truncated hmac? */
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200179 int tickets; /* enable / disable session tickets */
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100180 int ticket_timeout; /* session ticket lifetime */
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100181 int cache_max; /* max number of session cache entries */
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100182 int cache_timeout; /* expiration delay of session cache entries */
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200183 char *sni; /* string describing sni information */
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200184 const char *alpn_string; /* ALPN supported protocols */
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +0200185 const char *dhm_file; /* the file with the DH parameters */
Paul Bakkerb2eaac12015-01-13 17:15:31 +0100186 int extended_ms; /* allow negotiation of extended MS? */
187 int etm; /* allow negotiation of encrypt-then-MAC? */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000188} opt;
189
Paul Bakker3c5ef712013-06-25 16:37:45 +0200190static void my_debug( void *ctx, int level, const char *str )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000191{
Paul Bakkerc73079a2014-04-25 16:34:30 +0200192 ((void) level);
193
Rich Evansf90016a2015-01-19 14:26:37 +0000194 polarssl_fprintf( (FILE *) ctx, "%s", str );
Paul Bakkerc73079a2014-04-25 16:34:30 +0200195 fflush( (FILE *) ctx );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000196}
197
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100198/*
199 * Test recv/send functions that make sure each try returns
200 * WANT_READ/WANT_WRITE at least once before sucesseding
201 */
202static int my_recv( void *ctx, unsigned char *buf, size_t len )
203{
204 static int first_try = 1;
205 int ret;
206
207 if( first_try )
208 {
209 first_try = 0;
210 return( POLARSSL_ERR_NET_WANT_READ );
211 }
212
213 ret = net_recv( ctx, buf, len );
214 if( ret != POLARSSL_ERR_NET_WANT_READ )
215 first_try = 1; /* Next call will be a new operation */
216 return( ret );
217}
218
219static int my_send( void *ctx, const unsigned char *buf, size_t len )
220{
221 static int first_try = 1;
222 int ret;
223
224 if( first_try )
225 {
226 first_try = 0;
227 return( POLARSSL_ERR_NET_WANT_WRITE );
228 }
229
230 ret = net_send( ctx, buf, len );
231 if( ret != POLARSSL_ERR_NET_WANT_WRITE )
232 first_try = 1; /* Next call will be a new operation */
233 return( ret );
234}
Manuel Pégourié-Gonnard3ebb2cd2013-09-23 17:00:18 +0200235
236#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000237#if defined(POLARSSL_FS_IO)
238#define USAGE_IO \
Paul Bakker1f9d02d2012-11-20 10:30:55 +0100239 " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
240 " default: \"\" (pre-loaded)\n" \
241 " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
242 " default: \"\" (pre-loaded) (overrides ca_file)\n" \
243 " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +0200244 " default: see note after key_file2\n" \
245 " key_file=%%s default: see note after key_file2\n" \
Manuel Pégourié-Gonnard3ebb2cd2013-09-23 17:00:18 +0200246 " crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +0200247 " default: see note after key_file2\n" \
248 " key_file2=%%s default: see note below\n" \
249 " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +0200250 " preloaded certificate(s) and key(s) are used if available\n" \
251 " dhm_file=%%s File containing Diffie-Hellman parameters\n" \
252 " default: preloaded parameters\n"
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000253#else
254#define USAGE_IO \
Paul Bakkered27a042013-04-18 22:46:23 +0200255 "\n" \
256 " No file operations available (POLARSSL_FS_IO not defined)\n" \
257 "\n"
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000258#endif /* POLARSSL_FS_IO */
Paul Bakkered27a042013-04-18 22:46:23 +0200259#else
260#define USAGE_IO ""
Paul Bakker36713e82013-09-17 13:25:29 +0200261#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakkered27a042013-04-18 22:46:23 +0200262
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200263#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Paul Bakkered27a042013-04-18 22:46:23 +0200264#define USAGE_PSK \
265 " psk=%%s default: \"\" (in hex, without 0x)\n" \
266 " psk_identity=%%s default: \"Client_identity\"\n"
267#else
268#define USAGE_PSK ""
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200269#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000270
Paul Bakkera503a632013-08-14 13:48:06 +0200271#if defined(POLARSSL_SSL_SESSION_TICKETS)
272#define USAGE_TICKETS \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100273 " tickets=%%d default: 1 (enabled)\n" \
274 " ticket_timeout=%%d default: ticket default (1d)\n"
Paul Bakkera503a632013-08-14 13:48:06 +0200275#else
276#define USAGE_TICKETS ""
277#endif /* POLARSSL_SSL_SESSION_TICKETS */
278
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100279#if defined(POLARSSL_SSL_CACHE_C)
280#define USAGE_CACHE \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100281 " cache_max=%%d default: cache default (50)\n" \
282 " cache_timeout=%%d default: cache default (1d)\n"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100283#else
284#define USAGE_CACHE ""
285#endif /* POLARSSL_SSL_CACHE_C */
286
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100287#if defined(POLARSSL_SNI)
288#define USAGE_SNI \
289 " sni=%%s name1,cert1,key1[,name2,cert2,key2[,...]]\n" \
290 " default: disabled\n"
291#else
292#define USAGE_SNI ""
293#endif /* POLARSSL_SNI */
294
Paul Bakker05decb22013-08-15 13:33:48 +0200295#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
296#define USAGE_MAX_FRAG_LEN \
297 " max_frag_len=%%d default: 16384 (tls default)\n" \
298 " options: 512, 1024, 2048, 4096\n"
299#else
300#define USAGE_MAX_FRAG_LEN ""
301#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
302
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100303#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
304#define USAGE_TRUNC_HMAC \
305 " trunc_hmac=%%d default: library default\n"
306#else
307#define USAGE_TRUNC_HMAC ""
308#endif
309
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200310#if defined(POLARSSL_SSL_ALPN)
311#define USAGE_ALPN \
312 " alpn=%%s default: \"\" (disabled)\n" \
313 " example: spdy/1,http/1.1\n"
314#else
315#define USAGE_ALPN ""
316#endif /* POLARSSL_SSL_ALPN */
317
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200318#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
319#define USAGE_EMS \
320 " extended_ms=0/1 default: (library default: on)\n"
321#else
322#define USAGE_EMS ""
323#endif
324
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100325#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
326#define USAGE_ETM \
327 " etm=0/1 default: (library default: on)\n"
328#else
329#define USAGE_ETM ""
330#endif
331
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +0100332#if defined(POLARSSL_SSL_RENEGOTIATION)
333#define USAGE_RENEGO \
334 " renegotiation=%%d default: 0 (disabled)\n" \
335 " renegotiate=%%d default: 0 (disabled)\n" \
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100336 " renego_delay=%%d default: -2 (library default)\n" \
337 " renego_period=%%d default: (library default)\n"
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +0100338#else
339#define USAGE_RENEGO ""
340#endif
341
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000342#define USAGE \
343 "\n usage: ssl_server2 param=<>...\n" \
344 "\n acceptable parameters:\n" \
Manuel Pégourié-Gonnard18d31f82013-12-13 16:21:41 +0100345 " server_addr=%%d default: (all interfaces)\n" \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000346 " server_port=%%d default: 4433\n" \
347 " debug_level=%%d default: 0 (disabled)\n" \
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100348 " nbio=%%d default: 0 (blocking I/O)\n" \
349 " options: 1 (non-blocking), 2 (added delays)\n" \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100350 "\n" \
351 " auth_mode=%%s default: \"optional\"\n" \
352 " options: none, optional, required\n" \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000353 USAGE_IO \
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100354 USAGE_SNI \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100355 "\n" \
356 USAGE_PSK \
357 "\n" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100358 " allow_legacy=%%d default: (library default: no)\n" \
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +0100359 USAGE_RENEGO \
Manuel Pégourié-Gonnard67686c42014-08-15 11:17:27 +0200360 " exchanges=%%d default: 1\n" \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100361 USAGE_TICKETS \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100362 USAGE_CACHE \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100363 USAGE_MAX_FRAG_LEN \
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100364 USAGE_TRUNC_HMAC \
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200365 USAGE_ALPN \
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200366 USAGE_EMS \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100367 USAGE_ETM \
Manuel Pégourié-Gonnard2fc243d2014-02-19 18:22:59 +0100368 "\n" \
Paul Bakker1d29fb52012-09-28 13:28:45 +0000369 " min_version=%%s default: \"ssl3\"\n" \
Paul Bakkerc1516be2013-06-29 16:01:32 +0200370 " max_version=%%s default: \"tls1_2\"\n" \
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100371 " arc4=%%d default: 0 (disabled)\n" \
Paul Bakkerc1516be2013-06-29 16:01:32 +0200372 " force_version=%%s default: \"\" (none)\n" \
Manuel Pégourié-Gonnard6dc07812014-06-11 13:50:34 +0200373 " options: ssl3, tls1, tls1_1, tls1_2\n" \
374 "\n" \
375 " version_suites=a,b,c,d per-version ciphersuites\n" \
376 " in order from ssl3 to tls1_2\n" \
377 " default: all enabled\n" \
378 " force_ciphersuite=<name> default: all enabled\n" \
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000379 " acceptable ciphersuite names:\n"
380
Manuel Pégourié-Gonnardfdee74b2014-06-10 15:15:06 +0200381/*
382 * Used by sni_parse and psk_parse to handle coma-separated lists
383 */
384#define GET_ITEM( dst ) \
385 dst = p; \
386 while( *p != ',' ) \
387 if( ++p > end ) \
388 return( NULL ); \
389 *p++ = '\0';
390
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100391#if defined(POLARSSL_SNI)
392typedef struct _sni_entry sni_entry;
393
394struct _sni_entry {
395 const char *name;
396 x509_crt *cert;
397 pk_context *key;
398 sni_entry *next;
399};
400
401/*
402 * Parse a string of triplets name1,crt1,key1[,name2,crt2,key2[,...]]
403 * into a usable sni_entry list.
404 *
Manuel Pégourié-Gonnardfdee74b2014-06-10 15:15:06 +0200405 * Modifies the input string! This is not production quality!
406 * (leaks memory if parsing fails, no error reporting, ...)
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100407 */
408sni_entry *sni_parse( char *sni_string )
409{
410 sni_entry *cur = NULL, *new = NULL;
411 char *p = sni_string;
412 char *end = p;
413 char *crt_file, *key_file;
414
415 while( *end != '\0' )
416 ++end;
417 *end = ',';
418
419 while( p <= end )
420 {
421 if( ( new = polarssl_malloc( sizeof( sni_entry ) ) ) == NULL )
Mansour Moufid5811d3e2015-02-17 13:51:16 -0500422 goto error;
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100423
424 memset( new, 0, sizeof( sni_entry ) );
425
426 if( ( new->cert = polarssl_malloc( sizeof( x509_crt ) ) ) == NULL ||
427 ( new->key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
Mansour Moufid5811d3e2015-02-17 13:51:16 -0500428 goto error;
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100429
430 x509_crt_init( new->cert );
431 pk_init( new->key );
432
Manuel Pégourié-Gonnardfdee74b2014-06-10 15:15:06 +0200433 GET_ITEM( new->name );
434 GET_ITEM( crt_file );
435 GET_ITEM( key_file );
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100436
437 if( x509_crt_parse_file( new->cert, crt_file ) != 0 ||
438 pk_parse_keyfile( new->key, key_file, "" ) != 0 )
Mansour Moufid5811d3e2015-02-17 13:51:16 -0500439 goto error;
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100440
441 new->next = cur;
442 cur = new;
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100443 }
444
445 return( cur );
Mansour Moufid5811d3e2015-02-17 13:51:16 -0500446
447error:
448 sni_free( new );
449 return( NULL );
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100450}
451
452void sni_free( sni_entry *head )
453{
454 sni_entry *cur = head, *next;
455
456 while( cur != NULL )
457 {
458 x509_crt_free( cur->cert );
459 polarssl_free( cur->cert );
460
461 pk_free( cur->key );
462 polarssl_free( cur->key );
463
464 next = cur->next;
465 polarssl_free( cur );
466 cur = next;
467 }
468}
469
470/*
471 * SNI callback.
472 */
473int sni_callback( void *p_info, ssl_context *ssl,
474 const unsigned char *name, size_t name_len )
475{
476 sni_entry *cur = (sni_entry *) p_info;
477
478 while( cur != NULL )
479 {
480 if( name_len == strlen( cur->name ) &&
481 memcmp( name, cur->name, name_len ) == 0 )
482 {
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +0200483 return( ssl_set_own_cert( ssl, cur->cert, cur->key ) );
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100484 }
485
486 cur = cur->next;
487 }
488
489 return( -1 );
490}
491
492#endif /* POLARSSL_SNI */
493
Manuel Pégourié-Gonnard9e271632014-06-09 19:06:00 +0200494#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
495
496#define HEX2NUM( c ) \
497 if( c >= '0' && c <= '9' ) \
498 c -= '0'; \
499 else if( c >= 'a' && c <= 'f' ) \
500 c -= 'a' - 10; \
501 else if( c >= 'A' && c <= 'F' ) \
502 c -= 'A' - 10; \
503 else \
504 return( -1 );
505
506/*
507 * Convert a hex string to bytes.
508 * Return 0 on success, -1 on error.
509 */
510int unhexify( unsigned char *output, const char *input, size_t *olen )
511{
512 unsigned char c;
513 size_t j;
514
515 *olen = strlen( input );
Manuel Pégourié-Gonnard481fcfd2014-07-03 16:12:50 +0200516 if( *olen % 2 != 0 || *olen / 2 > POLARSSL_PSK_MAX_LEN )
Manuel Pégourié-Gonnard9e271632014-06-09 19:06:00 +0200517 return( -1 );
518 *olen /= 2;
519
520 for( j = 0; j < *olen * 2; j += 2 )
521 {
522 c = input[j];
523 HEX2NUM( c );
524 output[ j / 2 ] = c << 4;
525
526 c = input[j + 1];
527 HEX2NUM( c );
528 output[ j / 2 ] |= c;
529 }
530
531 return( 0 );
532}
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +0200533
534typedef struct _psk_entry psk_entry;
535
536struct _psk_entry
537{
538 const char *name;
539 size_t key_len;
Manuel Pégourié-Gonnard481fcfd2014-07-03 16:12:50 +0200540 unsigned char key[POLARSSL_PSK_MAX_LEN];
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +0200541 psk_entry *next;
542};
543
544/*
545 * Parse a string of pairs name1,key1[,name2,key2[,...]]
546 * into a usable psk_entry list.
547 *
548 * Modifies the input string! This is not production quality!
549 * (leaks memory if parsing fails, no error reporting, ...)
550 */
551psk_entry *psk_parse( char *psk_string )
552{
553 psk_entry *cur = NULL, *new = NULL;
554 char *p = psk_string;
555 char *end = p;
556 char *key_hex;
557
558 while( *end != '\0' )
559 ++end;
560 *end = ',';
561
562 while( p <= end )
563 {
564 if( ( new = polarssl_malloc( sizeof( psk_entry ) ) ) == NULL )
565 return( NULL );
566
567 memset( new, 0, sizeof( psk_entry ) );
568
Manuel Pégourié-Gonnardfdee74b2014-06-10 15:15:06 +0200569 GET_ITEM( new->name );
570 GET_ITEM( key_hex );
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +0200571
572 if( unhexify( new->key, key_hex, &new->key_len ) != 0 )
573 return( NULL );
574
575 new->next = cur;
576 cur = new;
577 }
578
579 return( cur );
580}
581
582/*
583 * Free a list of psk_entry's
584 */
585void psk_free( psk_entry *head )
586{
587 psk_entry *next;
588
589 while( head != NULL )
590 {
591 next = head->next;
592 polarssl_free( head );
593 head = next;
594 }
595}
596
597/*
598 * PSK callback
599 */
600int psk_callback( void *p_info, ssl_context *ssl,
601 const unsigned char *name, size_t name_len )
602{
603 psk_entry *cur = (psk_entry *) p_info;
604
605 while( cur != NULL )
606 {
607 if( name_len == strlen( cur->name ) &&
608 memcmp( name, cur->name, name_len ) == 0 )
609 {
610 return( ssl_set_psk( ssl, cur->key, cur->key_len,
611 name, name_len ) );
612 }
613
614 cur = cur->next;
615 }
616
617 return( -1 );
618}
Manuel Pégourié-Gonnard9e271632014-06-09 19:06:00 +0200619#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
620
Manuel Pégourié-Gonnard3a3066c2014-09-20 12:03:00 +0200621static int listen_fd, client_fd = -1;
Paul Bakkerbc3e54c2014-08-18 14:36:17 +0200622
623/* Interruption handler to ensure clean exit (for valgrind testing) */
624#if !defined(_WIN32)
Manuel Pégourié-Gonnarddb493302014-08-14 15:36:12 +0200625static int received_sigterm = 0;
626void term_handler( int sig )
627{
628 ((void) sig);
629 received_sigterm = 1;
630 net_close( listen_fd ); /* causes net_accept() to abort */
Manuel Pégourié-Gonnard3a3066c2014-09-20 12:03:00 +0200631 net_close( client_fd ); /* causes net_read() to abort */
Manuel Pégourié-Gonnarddb493302014-08-14 15:36:12 +0200632}
Paul Bakkerc1283d32014-08-18 11:05:51 +0200633#endif
Manuel Pégourié-Gonnarddb493302014-08-14 15:36:12 +0200634
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000635int main( int argc, char *argv[] )
636{
Manuel Pégourié-Gonnard6a0017b2015-01-22 10:33:29 +0000637 int ret = 0, len, written, frags, exchanges_left;
Manuel Pégourié-Gonnard6dc07812014-06-11 13:50:34 +0200638 int version_suites[4][2];
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +0200639 unsigned char buf[IO_BUF_LEN];
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +0200640#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Manuel Pégourié-Gonnard481fcfd2014-07-03 16:12:50 +0200641 unsigned char psk[POLARSSL_PSK_MAX_LEN];
Paul Bakkerfbb17802013-04-17 19:10:21 +0200642 size_t psk_len = 0;
Paul Bakker9b7fb6f2014-06-12 23:01:43 +0200643 psk_entry *psk_info = NULL;
Paul Bakkered27a042013-04-18 22:46:23 +0200644#endif
Paul Bakkeref3f8c72013-06-24 13:01:08 +0200645 const char *pers = "ssl_server2";
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000646
647 entropy_context entropy;
648 ctr_drbg_context ctr_drbg;
649 ssl_context ssl;
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100650#if defined(POLARSSL_SSL_RENEGOTIATION)
651 unsigned char renego_period[8] = { 0 };
652#endif
Paul Bakker36713e82013-09-17 13:25:29 +0200653#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakkerc559c7a2013-09-18 14:13:26 +0200654 x509_crt cacert;
655 x509_crt srvcert;
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200656 pk_context pkey;
Manuel Pégourié-Gonnard3ebb2cd2013-09-23 17:00:18 +0200657 x509_crt srvcert2;
658 pk_context pkey2;
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +0200659 int key_cert_init = 0, key_cert_init2 = 0;
Paul Bakkered27a042013-04-18 22:46:23 +0200660#endif
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +0200661#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO)
662 dhm_context dhm;
663#endif
Paul Bakker0a597072012-09-25 21:55:46 +0000664#if defined(POLARSSL_SSL_CACHE_C)
665 ssl_cache_context cache;
666#endif
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100667#if defined(POLARSSL_SNI)
668 sni_entry *sni_info = NULL;
669#endif
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200670#if defined(POLARSSL_SSL_ALPN)
671 const char *alpn_list[10];
672#endif
Paul Bakker82024bf2013-07-04 11:52:32 +0200673#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
674 unsigned char alloc_buf[100000];
675#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000676
677 int i;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000678 char *p, *q;
679 const int *list;
680
Paul Bakker82024bf2013-07-04 11:52:32 +0200681#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
682 memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
683#endif
684
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000685 /*
Manuel Pégourié-Gonnard3bd2aae2013-09-20 13:10:13 +0200686 * Make sure memory references are valid in case we exit early.
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000687 */
688 listen_fd = 0;
Manuel Pégourié-Gonnard3bd2aae2013-09-20 13:10:13 +0200689 memset( &ssl, 0, sizeof( ssl_context ) );
Paul Bakker36713e82013-09-17 13:25:29 +0200690#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker369d2eb2013-09-18 11:58:25 +0200691 x509_crt_init( &cacert );
692 x509_crt_init( &srvcert );
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +0200693 pk_init( &pkey );
Manuel Pégourié-Gonnard3ebb2cd2013-09-23 17:00:18 +0200694 x509_crt_init( &srvcert2 );
695 pk_init( &pkey2 );
Paul Bakkered27a042013-04-18 22:46:23 +0200696#endif
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +0200697#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO)
Paul Bakkera317a982014-06-18 16:44:11 +0200698 dhm_init( &dhm );
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +0200699#endif
Paul Bakker0a597072012-09-25 21:55:46 +0000700#if defined(POLARSSL_SSL_CACHE_C)
701 ssl_cache_init( &cache );
702#endif
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200703#if defined(POLARSSL_SSL_ALPN)
Paul Bakker525f8752014-05-01 10:58:57 +0200704 memset( (void *) alpn_list, 0, sizeof( alpn_list ) );
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200705#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000706
Paul Bakkerc1283d32014-08-18 11:05:51 +0200707#if !defined(_WIN32)
Manuel Pégourié-Gonnard403a86f2014-11-17 12:46:49 +0100708 /* Abort cleanly on SIGTERM and SIGINT */
Manuel Pégourié-Gonnarddb493302014-08-14 15:36:12 +0200709 signal( SIGTERM, term_handler );
Manuel Pégourié-Gonnard403a86f2014-11-17 12:46:49 +0100710 signal( SIGINT, term_handler );
Paul Bakkerc1283d32014-08-18 11:05:51 +0200711#endif
Manuel Pégourié-Gonnarddb493302014-08-14 15:36:12 +0200712
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000713 if( argc == 0 )
714 {
715 usage:
716 if( ret == 0 )
717 ret = 1;
718
Rich Evansf90016a2015-01-19 14:26:37 +0000719 polarssl_printf( USAGE );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000720
721 list = ssl_list_ciphersuites();
722 while( *list )
723 {
Rich Evansf90016a2015-01-19 14:26:37 +0000724 polarssl_printf(" %-42s", ssl_get_ciphersuite_name( *list ) );
Paul Bakkered27a042013-04-18 22:46:23 +0200725 list++;
726 if( !*list )
727 break;
Rich Evansf90016a2015-01-19 14:26:37 +0000728 polarssl_printf(" %s\n", ssl_get_ciphersuite_name( *list ) );
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000729 list++;
730 }
Rich Evansf90016a2015-01-19 14:26:37 +0000731 polarssl_printf("\n");
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000732 goto exit;
733 }
734
Manuel Pégourié-Gonnard18d31f82013-12-13 16:21:41 +0100735 opt.server_addr = DFL_SERVER_ADDR;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000736 opt.server_port = DFL_SERVER_PORT;
737 opt.debug_level = DFL_DEBUG_LEVEL;
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100738 opt.nbio = DFL_NBIO;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000739 opt.ca_file = DFL_CA_FILE;
740 opt.ca_path = DFL_CA_PATH;
741 opt.crt_file = DFL_CRT_FILE;
742 opt.key_file = DFL_KEY_FILE;
Manuel Pégourié-Gonnard3ebb2cd2013-09-23 17:00:18 +0200743 opt.crt_file2 = DFL_CRT_FILE2;
744 opt.key_file2 = DFL_KEY_FILE2;
Paul Bakkerfbb17802013-04-17 19:10:21 +0200745 opt.psk = DFL_PSK;
746 opt.psk_identity = DFL_PSK_IDENTITY;
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +0200747 opt.psk_list = DFL_PSK_LIST;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000748 opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
Manuel Pégourié-Gonnard6dc07812014-06-11 13:50:34 +0200749 opt.version_suites = DFL_VERSION_SUITES;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000750 opt.renegotiation = DFL_RENEGOTIATION;
751 opt.allow_legacy = DFL_ALLOW_LEGACY;
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100752 opt.renegotiate = DFL_RENEGOTIATE;
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200753 opt.renego_delay = DFL_RENEGO_DELAY;
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100754 opt.renego_period = DFL_RENEGO_PERIOD;
Manuel Pégourié-Gonnard67686c42014-08-15 11:17:27 +0200755 opt.exchanges = DFL_EXCHANGES;
Paul Bakker1d29fb52012-09-28 13:28:45 +0000756 opt.min_version = DFL_MIN_VERSION;
Paul Bakkerc1516be2013-06-29 16:01:32 +0200757 opt.max_version = DFL_MAX_VERSION;
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100758 opt.arc4 = DFL_ARC4;
Paul Bakker91ebfb52012-11-23 14:04:08 +0100759 opt.auth_mode = DFL_AUTH_MODE;
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200760 opt.mfl_code = DFL_MFL_CODE;
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100761 opt.trunc_hmac = DFL_TRUNC_HMAC;
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200762 opt.tickets = DFL_TICKETS;
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100763 opt.ticket_timeout = DFL_TICKET_TIMEOUT;
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100764 opt.cache_max = DFL_CACHE_MAX;
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100765 opt.cache_timeout = DFL_CACHE_TIMEOUT;
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +0100766 opt.sni = DFL_SNI;
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200767 opt.alpn_string = DFL_ALPN_STRING;
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +0200768 opt.dhm_file = DFL_DHM_FILE;
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200769 opt.extended_ms = DFL_EXTENDED_MS;
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100770 opt.etm = DFL_ETM;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000771
772 for( i = 1; i < argc; i++ )
773 {
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000774 p = argv[i];
775 if( ( q = strchr( p, '=' ) ) == NULL )
776 goto usage;
777 *q++ = '\0';
778
779 if( strcmp( p, "server_port" ) == 0 )
780 {
781 opt.server_port = atoi( q );
782 if( opt.server_port < 1 || opt.server_port > 65535 )
783 goto usage;
784 }
Manuel Pégourié-Gonnard18d31f82013-12-13 16:21:41 +0100785 else if( strcmp( p, "server_addr" ) == 0 )
786 opt.server_addr = q;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000787 else if( strcmp( p, "debug_level" ) == 0 )
788 {
789 opt.debug_level = atoi( q );
790 if( opt.debug_level < 0 || opt.debug_level > 65535 )
791 goto usage;
792 }
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +0100793 else if( strcmp( p, "nbio" ) == 0 )
794 {
795 opt.nbio = atoi( q );
796 if( opt.nbio < 0 || opt.nbio > 2 )
797 goto usage;
798 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000799 else if( strcmp( p, "ca_file" ) == 0 )
800 opt.ca_file = q;
801 else if( strcmp( p, "ca_path" ) == 0 )
802 opt.ca_path = q;
803 else if( strcmp( p, "crt_file" ) == 0 )
804 opt.crt_file = q;
805 else if( strcmp( p, "key_file" ) == 0 )
806 opt.key_file = q;
Manuel Pégourié-Gonnard3ebb2cd2013-09-23 17:00:18 +0200807 else if( strcmp( p, "crt_file2" ) == 0 )
808 opt.crt_file2 = q;
809 else if( strcmp( p, "key_file2" ) == 0 )
810 opt.key_file2 = q;
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +0200811 else if( strcmp( p, "dhm_file" ) == 0 )
812 opt.dhm_file = q;
Paul Bakkerfbb17802013-04-17 19:10:21 +0200813 else if( strcmp( p, "psk" ) == 0 )
814 opt.psk = q;
815 else if( strcmp( p, "psk_identity" ) == 0 )
816 opt.psk_identity = q;
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +0200817 else if( strcmp( p, "psk_list" ) == 0 )
818 opt.psk_list = q;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000819 else if( strcmp( p, "force_ciphersuite" ) == 0 )
820 {
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000821 opt.force_ciphersuite[0] = ssl_get_ciphersuite_id( q );
822
Manuel Pégourié-Gonnard8de259b2014-06-11 14:19:06 +0200823 if( opt.force_ciphersuite[0] == 0 )
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000824 {
825 ret = 2;
826 goto usage;
827 }
828 opt.force_ciphersuite[1] = 0;
829 }
Manuel Pégourié-Gonnard6dc07812014-06-11 13:50:34 +0200830 else if( strcmp( p, "version_suites" ) == 0 )
831 opt.version_suites = q;
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000832 else if( strcmp( p, "renegotiation" ) == 0 )
833 {
834 opt.renegotiation = (atoi( q )) ? SSL_RENEGOTIATION_ENABLED :
835 SSL_RENEGOTIATION_DISABLED;
836 }
837 else if( strcmp( p, "allow_legacy" ) == 0 )
838 {
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100839 switch( atoi( q ) )
840 {
841 case -1: opt.allow_legacy = SSL_LEGACY_BREAK_HANDSHAKE; break;
842 case 0: opt.allow_legacy = SSL_LEGACY_NO_RENEGOTIATION; break;
843 case 1: opt.allow_legacy = SSL_LEGACY_ALLOW_RENEGOTIATION; break;
844 default: goto usage;
845 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +0000846 }
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100847 else if( strcmp( p, "renegotiate" ) == 0 )
848 {
849 opt.renegotiate = atoi( q );
850 if( opt.renegotiate < 0 || opt.renegotiate > 1 )
851 goto usage;
852 }
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200853 else if( strcmp( p, "renego_delay" ) == 0 )
854 {
855 opt.renego_delay = atoi( q );
856 }
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100857 else if( strcmp( p, "renego_period" ) == 0 )
858 {
859 opt.renego_period = atoi( q );
860 if( opt.renego_period < 2 || opt.renego_period > 255 )
861 goto usage;
862 }
Manuel Pégourié-Gonnard67686c42014-08-15 11:17:27 +0200863 else if( strcmp( p, "exchanges" ) == 0 )
864 {
865 opt.exchanges = atoi( q );
866 if( opt.exchanges < 1 )
867 goto usage;
868 }
Paul Bakker1d29fb52012-09-28 13:28:45 +0000869 else if( strcmp( p, "min_version" ) == 0 )
870 {
871 if( strcmp( q, "ssl3" ) == 0 )
872 opt.min_version = SSL_MINOR_VERSION_0;
873 else if( strcmp( q, "tls1" ) == 0 )
874 opt.min_version = SSL_MINOR_VERSION_1;
875 else if( strcmp( q, "tls1_1" ) == 0 )
876 opt.min_version = SSL_MINOR_VERSION_2;
877 else if( strcmp( q, "tls1_2" ) == 0 )
878 opt.min_version = SSL_MINOR_VERSION_3;
879 else
880 goto usage;
881 }
Paul Bakkerc1516be2013-06-29 16:01:32 +0200882 else if( strcmp( p, "max_version" ) == 0 )
883 {
884 if( strcmp( q, "ssl3" ) == 0 )
885 opt.max_version = SSL_MINOR_VERSION_0;
886 else if( strcmp( q, "tls1" ) == 0 )
887 opt.max_version = SSL_MINOR_VERSION_1;
888 else if( strcmp( q, "tls1_1" ) == 0 )
889 opt.max_version = SSL_MINOR_VERSION_2;
890 else if( strcmp( q, "tls1_2" ) == 0 )
891 opt.max_version = SSL_MINOR_VERSION_3;
892 else
893 goto usage;
894 }
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100895 else if( strcmp( p, "arc4" ) == 0 )
896 {
897 switch( atoi( q ) )
898 {
899 case 0: opt.arc4 = SSL_ARC4_DISABLED; break;
900 case 1: opt.arc4 = SSL_ARC4_ENABLED; break;
901 default: goto usage;
902 }
903 }
Paul Bakkerc1516be2013-06-29 16:01:32 +0200904 else if( strcmp( p, "force_version" ) == 0 )
905 {
906 if( strcmp( q, "ssl3" ) == 0 )
907 {
908 opt.min_version = SSL_MINOR_VERSION_0;
909 opt.max_version = SSL_MINOR_VERSION_0;
910 }
911 else if( strcmp( q, "tls1" ) == 0 )
912 {
913 opt.min_version = SSL_MINOR_VERSION_1;
914 opt.max_version = SSL_MINOR_VERSION_1;
915 }
916 else if( strcmp( q, "tls1_1" ) == 0 )
917 {
918 opt.min_version = SSL_MINOR_VERSION_2;
919 opt.max_version = SSL_MINOR_VERSION_2;
920 }
921 else if( strcmp( q, "tls1_2" ) == 0 )
922 {
923 opt.min_version = SSL_MINOR_VERSION_3;
924 opt.max_version = SSL_MINOR_VERSION_3;
925 }
926 else
927 goto usage;
928 }
Paul Bakker91ebfb52012-11-23 14:04:08 +0100929 else if( strcmp( p, "auth_mode" ) == 0 )
930 {
931 if( strcmp( q, "none" ) == 0 )
932 opt.auth_mode = SSL_VERIFY_NONE;
933 else if( strcmp( q, "optional" ) == 0 )
934 opt.auth_mode = SSL_VERIFY_OPTIONAL;
935 else if( strcmp( q, "required" ) == 0 )
936 opt.auth_mode = SSL_VERIFY_REQUIRED;
937 else
938 goto usage;
939 }
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +0200940 else if( strcmp( p, "max_frag_len" ) == 0 )
941 {
942 if( strcmp( q, "512" ) == 0 )
943 opt.mfl_code = SSL_MAX_FRAG_LEN_512;
944 else if( strcmp( q, "1024" ) == 0 )
945 opt.mfl_code = SSL_MAX_FRAG_LEN_1024;
946 else if( strcmp( q, "2048" ) == 0 )
947 opt.mfl_code = SSL_MAX_FRAG_LEN_2048;
948 else if( strcmp( q, "4096" ) == 0 )
949 opt.mfl_code = SSL_MAX_FRAG_LEN_4096;
950 else
951 goto usage;
952 }
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +0200953 else if( strcmp( p, "alpn" ) == 0 )
954 {
955 opt.alpn_string = q;
956 }
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100957 else if( strcmp( p, "trunc_hmac" ) == 0 )
958 {
959 switch( atoi( q ) )
960 {
961 case 0: opt.trunc_hmac = SSL_TRUNC_HMAC_DISABLED; break;
962 case 1: opt.trunc_hmac = SSL_TRUNC_HMAC_ENABLED; break;
963 default: goto usage;
964 }
965 }
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200966 else if( strcmp( p, "extended_ms" ) == 0 )
967 {
968 switch( atoi( q ) )
969 {
970 case 0: opt.extended_ms = SSL_EXTENDED_MS_DISABLED; break;
971 case 1: opt.extended_ms = SSL_EXTENDED_MS_ENABLED; break;
972 default: goto usage;
973 }
974 }
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100975 else if( strcmp( p, "etm" ) == 0 )
976 {
977 switch( atoi( q ) )
978 {
979 case 0: opt.etm = SSL_ETM_DISABLED; break;
980 case 1: opt.etm = SSL_ETM_ENABLED; break;
981 default: goto usage;
982 }
983 }
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +0200984 else if( strcmp( p, "tickets" ) == 0 )
985 {
986 opt.tickets = atoi( q );
987 if( opt.tickets < 0 || opt.tickets > 1 )
988 goto usage;
989 }
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100990 else if( strcmp( p, "ticket_timeout" ) == 0 )
991 {
992 opt.ticket_timeout = atoi( q );
993 if( opt.ticket_timeout < 0 )
994 goto usage;
995 }
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100996 else if( strcmp( p, "cache_max" ) == 0 )
997 {
998 opt.cache_max = atoi( q );
999 if( opt.cache_max < 0 )
1000 goto usage;
1001 }
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01001002 else if( strcmp( p, "cache_timeout" ) == 0 )
1003 {
1004 opt.cache_timeout = atoi( q );
1005 if( opt.cache_timeout < 0 )
1006 goto usage;
1007 }
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +01001008 else if( strcmp( p, "sni" ) == 0 )
1009 {
1010 opt.sni = q;
1011 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001012 else
1013 goto usage;
1014 }
1015
Paul Bakkerc73079a2014-04-25 16:34:30 +02001016#if defined(POLARSSL_DEBUG_C)
1017 debug_set_threshold( opt.debug_level );
1018#endif
1019
Paul Bakkerc1516be2013-06-29 16:01:32 +02001020 if( opt.force_ciphersuite[0] > 0 )
1021 {
1022 const ssl_ciphersuite_t *ciphersuite_info;
1023 ciphersuite_info = ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
1024
Paul Bakker5b55b792013-07-19 13:43:43 +02001025 if( opt.max_version != -1 &&
1026 ciphersuite_info->min_minor_ver > opt.max_version )
1027 {
Rich Evansf90016a2015-01-19 14:26:37 +00001028 polarssl_printf("forced ciphersuite not allowed with this protocol version\n");
Paul Bakker5b55b792013-07-19 13:43:43 +02001029 ret = 2;
1030 goto usage;
1031 }
1032 if( opt.min_version != -1 &&
Paul Bakkerc1516be2013-06-29 16:01:32 +02001033 ciphersuite_info->max_minor_ver < opt.min_version )
1034 {
Rich Evansf90016a2015-01-19 14:26:37 +00001035 polarssl_printf("forced ciphersuite not allowed with this protocol version\n");
Paul Bakkerc1516be2013-06-29 16:01:32 +02001036 ret = 2;
1037 goto usage;
1038 }
Paul Bakker5b55b792013-07-19 13:43:43 +02001039 if( opt.max_version > ciphersuite_info->max_minor_ver )
1040 opt.max_version = ciphersuite_info->max_minor_ver;
1041 if( opt.min_version < ciphersuite_info->min_minor_ver )
1042 opt.min_version = ciphersuite_info->min_minor_ver;
Paul Bakkerc1516be2013-06-29 16:01:32 +02001043 }
1044
Manuel Pégourié-Gonnard6dc07812014-06-11 13:50:34 +02001045 if( opt.version_suites != NULL )
1046 {
1047 const char *name[4] = { 0 };
1048
1049 /* Parse 4-element coma-separated list */
1050 for( i = 0, p = (char *) opt.version_suites;
1051 i < 4 && *p != '\0';
1052 i++ )
1053 {
1054 name[i] = p;
1055
1056 /* Terminate the current string and move on to next one */
1057 while( *p != ',' && *p != '\0' )
1058 p++;
1059 if( *p == ',' )
1060 *p++ = '\0';
1061 }
1062
1063 if( i != 4 )
1064 {
Rich Evansf90016a2015-01-19 14:26:37 +00001065 polarssl_printf( "too few values for version_suites\n" );
Manuel Pégourié-Gonnard6dc07812014-06-11 13:50:34 +02001066 ret = 1;
1067 goto exit;
1068 }
1069
1070 memset( version_suites, 0, sizeof( version_suites ) );
1071
1072 /* Get the suites identifiers from their name */
1073 for( i = 0; i < 4; i++ )
1074 {
1075 version_suites[i][0] = ssl_get_ciphersuite_id( name[i] );
1076
1077 if( version_suites[i][0] == 0 )
1078 {
Rich Evansf90016a2015-01-19 14:26:37 +00001079 polarssl_printf( "unknown ciphersuite: '%s'\n", name[i] );
Manuel Pégourié-Gonnard6dc07812014-06-11 13:50:34 +02001080 ret = 2;
1081 goto usage;
1082 }
1083 }
1084 }
1085
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +02001086#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001087 /*
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +02001088 * Unhexify the pre-shared key and parse the list if any given
Paul Bakkerfbb17802013-04-17 19:10:21 +02001089 */
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +02001090 if( unhexify( psk, opt.psk, &psk_len ) != 0 )
Paul Bakkerfbb17802013-04-17 19:10:21 +02001091 {
Rich Evansf90016a2015-01-19 14:26:37 +00001092 polarssl_printf( "pre-shared key not valid hex\n" );
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +02001093 goto exit;
1094 }
1095
1096 if( opt.psk_list != NULL )
1097 {
1098 if( ( psk_info = psk_parse( opt.psk_list ) ) == NULL )
Paul Bakkerfbb17802013-04-17 19:10:21 +02001099 {
Rich Evansf90016a2015-01-19 14:26:37 +00001100 polarssl_printf( "psk_list invalid" );
Paul Bakkerfbb17802013-04-17 19:10:21 +02001101 goto exit;
1102 }
Paul Bakkerfbb17802013-04-17 19:10:21 +02001103 }
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +02001104#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
Paul Bakkerfbb17802013-04-17 19:10:21 +02001105
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +02001106#if defined(POLARSSL_SSL_ALPN)
1107 if( opt.alpn_string != NULL )
1108 {
1109 p = (char *) opt.alpn_string;
1110 i = 0;
1111
1112 /* Leave room for a final NULL in alpn_list */
1113 while( i < (int) sizeof alpn_list - 1 && *p != '\0' )
1114 {
1115 alpn_list[i++] = p;
1116
1117 /* Terminate the current string and move on to next one */
1118 while( *p != ',' && *p != '\0' )
1119 p++;
1120 if( *p == ',' )
1121 *p++ = '\0';
1122 }
1123 }
1124#endif /* POLARSSL_SSL_ALPN */
1125
Paul Bakkerfbb17802013-04-17 19:10:21 +02001126 /*
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001127 * 0. Initialize the RNG and the session data
1128 */
Rich Evansf90016a2015-01-19 14:26:37 +00001129 polarssl_printf( "\n . Seeding the random number generator..." );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001130 fflush( stdout );
1131
1132 entropy_init( &entropy );
1133 if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakkeref3f8c72013-06-24 13:01:08 +02001134 (const unsigned char *) pers,
1135 strlen( pers ) ) ) != 0 )
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001136 {
Rich Evansf90016a2015-01-19 14:26:37 +00001137 polarssl_printf( " failed\n ! ctr_drbg_init returned -0x%x\n", -ret );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001138 goto exit;
1139 }
1140
Rich Evansf90016a2015-01-19 14:26:37 +00001141 polarssl_printf( " ok\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001142
Paul Bakker36713e82013-09-17 13:25:29 +02001143#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001144 /*
1145 * 1.1. Load the trusted CA
1146 */
Rich Evansf90016a2015-01-19 14:26:37 +00001147 polarssl_printf( " . Loading the CA root certificate ..." );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001148 fflush( stdout );
1149
1150#if defined(POLARSSL_FS_IO)
1151 if( strlen( opt.ca_path ) )
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +01001152 if( strcmp( opt.ca_path, "none" ) == 0 )
1153 ret = 0;
1154 else
1155 ret = x509_crt_parse_path( &cacert, opt.ca_path );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001156 else if( strlen( opt.ca_file ) )
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +01001157 if( strcmp( opt.ca_file, "none" ) == 0 )
1158 ret = 0;
1159 else
1160 ret = x509_crt_parse_file( &cacert, opt.ca_file );
Paul Bakkerddf26b42013-09-18 13:46:23 +02001161 else
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001162#endif
1163#if defined(POLARSSL_CERTS_C)
Manuel Pégourié-Gonnard641de712013-09-25 13:23:33 +02001164 ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
1165 strlen( test_ca_list ) );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001166#else
1167 {
1168 ret = 1;
Rich Evansf90016a2015-01-19 14:26:37 +00001169 polarssl_printf("POLARSSL_CERTS_C not defined.");
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001170 }
1171#endif
1172 if( ret < 0 )
1173 {
Rich Evansf90016a2015-01-19 14:26:37 +00001174 polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001175 goto exit;
1176 }
1177
Rich Evansf90016a2015-01-19 14:26:37 +00001178 polarssl_printf( " ok (%d skipped)\n", ret );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001179
1180 /*
1181 * 1.2. Load own certificate and private key
1182 */
Rich Evansf90016a2015-01-19 14:26:37 +00001183 polarssl_printf( " . Loading the server cert. and key..." );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001184 fflush( stdout );
1185
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001186#if defined(POLARSSL_FS_IO)
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +01001187 if( strlen( opt.crt_file ) && strcmp( opt.crt_file, "none" ) != 0 )
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001188 {
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001189 key_cert_init++;
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001190 if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
1191 {
Rich Evansf90016a2015-01-19 14:26:37 +00001192 polarssl_printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001193 -ret );
1194 goto exit;
1195 }
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001196 }
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +01001197 if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 )
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001198 {
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001199 key_cert_init++;
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001200 if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
1201 {
Rich Evansf90016a2015-01-19 14:26:37 +00001202 polarssl_printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001203 goto exit;
1204 }
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001205 }
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001206 if( key_cert_init == 1 )
1207 {
Rich Evansf90016a2015-01-19 14:26:37 +00001208 polarssl_printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001209 goto exit;
1210 }
1211
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +01001212 if( strlen( opt.crt_file2 ) && strcmp( opt.crt_file2, "none" ) != 0 )
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001213 {
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001214 key_cert_init2++;
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001215 if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
1216 {
Rich Evansf90016a2015-01-19 14:26:37 +00001217 polarssl_printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001218 -ret );
1219 goto exit;
1220 }
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001221 }
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +01001222 if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 )
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001223 {
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001224 key_cert_init2++;
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001225 if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
1226 {
Rich Evansf90016a2015-01-19 14:26:37 +00001227 polarssl_printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001228 -ret );
1229 goto exit;
1230 }
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001231 }
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001232 if( key_cert_init2 == 1 )
1233 {
Rich Evansf90016a2015-01-19 14:26:37 +00001234 polarssl_printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001235 goto exit;
1236 }
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001237#endif
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +01001238 if( key_cert_init == 0 &&
1239 strcmp( opt.crt_file, "none" ) != 0 &&
1240 strcmp( opt.key_file, "none" ) != 0 &&
1241 key_cert_init2 == 0 &&
1242 strcmp( opt.crt_file2, "none" ) != 0 &&
1243 strcmp( opt.key_file2, "none" ) != 0 )
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001244 {
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001245#if !defined(POLARSSL_CERTS_C)
Rich Evansf90016a2015-01-19 14:26:37 +00001246 polarssl_printf( "Not certificated or key provided, and \n"
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001247 "POLARSSL_CERTS_C not defined!\n" );
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001248 goto exit;
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001249#else
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001250#if defined(POLARSSL_RSA_C)
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001251 if( ( ret = x509_crt_parse( &srvcert,
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001252 (const unsigned char *) test_srv_crt_rsa,
1253 strlen( test_srv_crt_rsa ) ) ) != 0 )
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001254 {
Rich Evansf90016a2015-01-19 14:26:37 +00001255 polarssl_printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001256 goto exit;
1257 }
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001258 if( ( ret = pk_parse_key( &pkey,
1259 (const unsigned char *) test_srv_key_rsa,
1260 strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 )
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001261 {
Rich Evansf90016a2015-01-19 14:26:37 +00001262 polarssl_printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001263 goto exit;
1264 }
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001265 key_cert_init = 2;
1266#endif /* POLARSSL_RSA_C */
1267#if defined(POLARSSL_ECDSA_C)
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001268 if( ( ret = x509_crt_parse( &srvcert2,
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001269 (const unsigned char *) test_srv_crt_ec,
1270 strlen( test_srv_crt_ec ) ) ) != 0 )
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001271 {
Rich Evansf90016a2015-01-19 14:26:37 +00001272 polarssl_printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001273 goto exit;
1274 }
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001275 if( ( ret = pk_parse_key( &pkey2,
1276 (const unsigned char *) test_srv_key_ec,
1277 strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 )
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001278 {
Rich Evansf90016a2015-01-19 14:26:37 +00001279 polarssl_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001280 goto exit;
1281 }
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001282 key_cert_init2 = 2;
1283#endif /* POLARSSL_ECDSA_C */
Manuel Pégourié-Gonnardac8474f2013-09-25 11:35:15 +02001284#endif /* POLARSSL_CERTS_C */
1285 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001286
Rich Evansf90016a2015-01-19 14:26:37 +00001287 polarssl_printf( " ok\n" );
Paul Bakker36713e82013-09-17 13:25:29 +02001288#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001289
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +02001290#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO)
1291 if( opt.dhm_file != NULL )
1292 {
Rich Evansf90016a2015-01-19 14:26:37 +00001293 polarssl_printf( " . Loading DHM parameters..." );
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +02001294 fflush( stdout );
1295
1296 if( ( ret = dhm_parse_dhmfile( &dhm, opt.dhm_file ) ) != 0 )
1297 {
Rich Evansf90016a2015-01-19 14:26:37 +00001298 polarssl_printf( " failed\n ! dhm_parse_dhmfile returned -0x%04X\n\n",
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +02001299 -ret );
1300 goto exit;
1301 }
1302
Rich Evansf90016a2015-01-19 14:26:37 +00001303 polarssl_printf( " ok\n" );
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +02001304 }
1305#endif
1306
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +01001307#if defined(POLARSSL_SNI)
1308 if( opt.sni != NULL )
1309 {
Rich Evansf90016a2015-01-19 14:26:37 +00001310 polarssl_printf( " . Setting up SNI information..." );
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +01001311 fflush( stdout );
1312
1313 if( ( sni_info = sni_parse( opt.sni ) ) == NULL )
1314 {
Rich Evansf90016a2015-01-19 14:26:37 +00001315 polarssl_printf( " failed\n" );
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +01001316 goto exit;
1317 }
1318
Rich Evansf90016a2015-01-19 14:26:37 +00001319 polarssl_printf( " ok\n" );
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +01001320 }
1321#endif /* POLARSSL_SNI */
1322
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001323 /*
1324 * 2. Setup the listening TCP socket
1325 */
Rich Evansf90016a2015-01-19 14:26:37 +00001326 polarssl_printf( " . Bind on tcp://localhost:%-4d/ ...", opt.server_port );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001327 fflush( stdout );
1328
Manuel Pégourié-Gonnard18d31f82013-12-13 16:21:41 +01001329 if( ( ret = net_bind( &listen_fd, opt.server_addr,
1330 opt.server_port ) ) != 0 )
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001331 {
Rich Evansf90016a2015-01-19 14:26:37 +00001332 polarssl_printf( " failed\n ! net_bind returned -0x%x\n\n", -ret );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001333 goto exit;
1334 }
1335
Rich Evansf90016a2015-01-19 14:26:37 +00001336 polarssl_printf( " ok\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001337
1338 /*
1339 * 3. Setup stuff
1340 */
Rich Evansf90016a2015-01-19 14:26:37 +00001341 polarssl_printf( " . Setting up the SSL/TLS structure..." );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001342 fflush( stdout );
1343
1344 if( ( ret = ssl_init( &ssl ) ) != 0 )
1345 {
Rich Evansf90016a2015-01-19 14:26:37 +00001346 polarssl_printf( " failed\n ! ssl_init returned -0x%x\n\n", -ret );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001347 goto exit;
1348 }
1349
1350 ssl_set_endpoint( &ssl, SSL_IS_SERVER );
Paul Bakker91ebfb52012-11-23 14:04:08 +01001351 ssl_set_authmode( &ssl, opt.auth_mode );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001352
Paul Bakker05decb22013-08-15 13:33:48 +02001353#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001354 if( ( ret = ssl_set_max_frag_len( &ssl, opt.mfl_code ) ) != 0 )
1355 {
Rich Evansf90016a2015-01-19 14:26:37 +00001356 polarssl_printf( " failed\n ! ssl_set_max_frag_len returned %d\n\n", ret );
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001357 goto exit;
1358 };
Paul Bakker05decb22013-08-15 13:33:48 +02001359#endif
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +02001360
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +01001361#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
1362 if( opt.trunc_hmac != DFL_TRUNC_HMAC )
1363 ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
1364#endif
1365
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02001366#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
1367 if( opt.extended_ms != DFL_EXTENDED_MS )
1368 ssl_set_extended_master_secret( &ssl, opt.extended_ms );
1369#endif
1370
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01001371#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC)
1372 if( opt.etm != DFL_ETM )
1373 ssl_set_encrypt_then_mac( &ssl, opt.etm );
1374#endif
1375
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +02001376#if defined(POLARSSL_SSL_ALPN)
1377 if( opt.alpn_string != NULL )
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001378 if( ( ret = ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
1379 {
Rich Evansf90016a2015-01-19 14:26:37 +00001380 polarssl_printf( " failed\n ! ssl_set_alpn_protocols returned %d\n\n", ret );
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001381 goto exit;
1382 }
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +02001383#endif
1384
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001385 ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
1386 ssl_set_dbg( &ssl, my_debug, stdout );
1387
Paul Bakker0a597072012-09-25 21:55:46 +00001388#if defined(POLARSSL_SSL_CACHE_C)
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +01001389 if( opt.cache_max != -1 )
1390 ssl_cache_set_max_entries( &cache, opt.cache_max );
1391
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01001392 if( opt.cache_timeout != -1 )
1393 ssl_cache_set_timeout( &cache, opt.cache_timeout );
1394
Paul Bakker0a597072012-09-25 21:55:46 +00001395 ssl_set_session_cache( &ssl, ssl_cache_get, &cache,
1396 ssl_cache_set, &cache );
1397#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001398
Paul Bakkera503a632013-08-14 13:48:06 +02001399#if defined(POLARSSL_SSL_SESSION_TICKETS)
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001400 if( ( ret = ssl_set_session_tickets( &ssl, opt.tickets ) ) != 0 )
1401 {
Rich Evansf90016a2015-01-19 14:26:37 +00001402 polarssl_printf( " failed\n ! ssl_set_session_tickets returned %d\n\n", ret );
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001403 goto exit;
1404 }
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +01001405
1406 if( opt.ticket_timeout != -1 )
1407 ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
Paul Bakkera503a632013-08-14 13:48:06 +02001408#endif
Manuel Pégourié-Gonnardaa0d4d12013-08-03 13:02:31 +02001409
Paul Bakker41c83d32013-03-20 14:39:14 +01001410 if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001411 ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +01001412 else
1413 ssl_set_arc4_support( &ssl, opt.arc4 );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001414
Manuel Pégourié-Gonnard6dc07812014-06-11 13:50:34 +02001415 if( opt.version_suites != NULL )
1416 {
1417 ssl_set_ciphersuites_for_version( &ssl, version_suites[0],
1418 SSL_MAJOR_VERSION_3,
1419 SSL_MINOR_VERSION_0 );
1420 ssl_set_ciphersuites_for_version( &ssl, version_suites[1],
1421 SSL_MAJOR_VERSION_3,
1422 SSL_MINOR_VERSION_1 );
1423 ssl_set_ciphersuites_for_version( &ssl, version_suites[2],
1424 SSL_MAJOR_VERSION_3,
1425 SSL_MINOR_VERSION_2 );
1426 ssl_set_ciphersuites_for_version( &ssl, version_suites[3],
1427 SSL_MAJOR_VERSION_3,
1428 SSL_MINOR_VERSION_3 );
1429 }
1430
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01001431 if( opt.allow_legacy != DFL_ALLOW_LEGACY )
1432 ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001433#if defined(POLARSSL_SSL_RENEGOTIATION)
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001434 ssl_set_renegotiation( &ssl, opt.renegotiation );
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +01001435
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +02001436 if( opt.renego_delay != DFL_RENEGO_DELAY )
1437 ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001438
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +01001439 if( opt.renego_period != DFL_RENEGO_PERIOD )
1440 {
1441 renego_period[7] = opt.renego_period;
1442 ssl_set_renegotiation_period( &ssl, renego_period );
1443 }
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001444#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001445
Paul Bakker36713e82013-09-17 13:25:29 +02001446#if defined(POLARSSL_X509_CRT_PARSE_C)
Manuel Pégourié-Gonnard3e1b1782014-02-27 13:35:00 +01001447 if( strcmp( opt.ca_path, "none" ) != 0 &&
1448 strcmp( opt.ca_file, "none" ) != 0 )
1449 {
1450 ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
1451 }
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001452 if( key_cert_init )
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001453 if( ( ret = ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
1454 {
Rich Evansf90016a2015-01-19 14:26:37 +00001455 polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001456 goto exit;
1457 }
Manuel Pégourié-Gonnarda0fdf8b2013-09-25 14:05:49 +02001458 if( key_cert_init2 )
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001459 if( ( ret = ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ) ) != 0 )
1460 {
Rich Evansf90016a2015-01-19 14:26:37 +00001461 polarssl_printf( " failed\n ! ssl_set_own_cert returned %d\n\n", ret );
Manuel Pégourié-Gonnardc5fd3912014-07-08 14:05:52 +02001462 goto exit;
1463 }
Manuel Pégourié-Gonnardb095a7b2013-09-24 21:14:51 +02001464#endif
Paul Bakkered27a042013-04-18 22:46:23 +02001465
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +01001466#if defined(POLARSSL_SNI)
1467 if( opt.sni != NULL )
1468 ssl_set_sni( &ssl, sni_callback, sni_info );
1469#endif
1470
Manuel Pégourié-Gonnard8a3c64d2013-10-14 19:54:10 +02001471#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
Manuel Pégourié-Gonnarddc019b92014-06-10 15:24:51 +02001472 if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
1473 {
1474 ret = ssl_set_psk( &ssl, psk, psk_len,
1475 (const unsigned char *) opt.psk_identity,
1476 strlen( opt.psk_identity ) );
1477 if( ret != 0 )
1478 {
Rich Evansf90016a2015-01-19 14:26:37 +00001479 polarssl_printf( " failed\n ssl_set_psk returned -0x%04X\n\n", - ret );
Manuel Pégourié-Gonnarddc019b92014-06-10 15:24:51 +02001480 goto exit;
1481 }
1482 }
1483
Manuel Pégourié-Gonnard80c85532014-06-10 14:01:52 +02001484 if( opt.psk_list != NULL )
1485 ssl_set_psk_cb( &ssl, psk_callback, psk_info );
Paul Bakkered27a042013-04-18 22:46:23 +02001486#endif
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001487
1488#if defined(POLARSSL_DHM_C)
Paul Bakker5d19f862012-09-28 07:33:00 +00001489 /*
1490 * Use different group than default DHM group
1491 */
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +02001492#if defined(POLARSSL_FS_IO)
1493 if( opt.dhm_file != NULL )
1494 ret = ssl_set_dh_param_ctx( &ssl, &dhm );
1495 else
1496#endif
1497 ret = ssl_set_dh_param( &ssl, POLARSSL_DHM_RFC5114_MODP_2048_P,
1498 POLARSSL_DHM_RFC5114_MODP_2048_G );
1499
1500 if( ret != 0 )
1501 {
Rich Evansf90016a2015-01-19 14:26:37 +00001502 polarssl_printf( " failed\n ssl_set_dh_param returned -0x%04X\n\n", - ret );
Manuel Pégourié-Gonnard736699c2014-06-09 11:29:50 +02001503 goto exit;
1504 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001505#endif
1506
Paul Bakker1d29fb52012-09-28 13:28:45 +00001507 if( opt.min_version != -1 )
1508 ssl_set_min_version( &ssl, SSL_MAJOR_VERSION_3, opt.min_version );
1509
Paul Bakkerc1516be2013-06-29 16:01:32 +02001510 if( opt.max_version != -1 )
1511 ssl_set_max_version( &ssl, SSL_MAJOR_VERSION_3, opt.max_version );
1512
Rich Evansf90016a2015-01-19 14:26:37 +00001513 polarssl_printf( " ok\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001514
1515reset:
Manuel Pégourié-Gonnard3a3066c2014-09-20 12:03:00 +02001516#if !defined(_WIN32)
1517 if( received_sigterm )
1518 {
Manuel Pégourié-Gonnard7e81e702015-01-29 11:47:41 +00001519 polarssl_printf( " interrupted by SIGTERM\n" );
Manuel Pégourié-Gonnard3a3066c2014-09-20 12:03:00 +02001520 ret = 0;
1521 goto exit;
1522 }
1523#endif
1524
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001525#ifdef POLARSSL_ERROR_C
1526 if( ret != 0 )
1527 {
1528 char error_buf[100];
Paul Bakker03a8a792013-06-30 12:18:08 +02001529 polarssl_strerror( ret, error_buf, 100 );
Rich Evansf90016a2015-01-19 14:26:37 +00001530 polarssl_printf("Last error was: %d - %s\n\n", ret, error_buf );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001531 }
1532#endif
1533
1534 if( client_fd != -1 )
1535 net_close( client_fd );
1536
1537 ssl_session_reset( &ssl );
1538
1539 /*
1540 * 3. Wait until a client connects
1541 */
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001542 client_fd = -1;
1543
Rich Evansf90016a2015-01-19 14:26:37 +00001544 polarssl_printf( " . Waiting for a remote connection ..." );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001545 fflush( stdout );
1546
1547 if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
1548 {
Paul Bakkerc1283d32014-08-18 11:05:51 +02001549#if !defined(_WIN32)
Manuel Pégourié-Gonnarddb493302014-08-14 15:36:12 +02001550 if( received_sigterm )
1551 {
Rich Evansf90016a2015-01-19 14:26:37 +00001552 polarssl_printf( " interrupted by signal\n" );
Manuel Pégourié-Gonnarddb493302014-08-14 15:36:12 +02001553 ret = 0;
1554 goto exit;
1555 }
Paul Bakkerc1283d32014-08-18 11:05:51 +02001556#endif
Manuel Pégourié-Gonnarddb493302014-08-14 15:36:12 +02001557
Rich Evansf90016a2015-01-19 14:26:37 +00001558 polarssl_printf( " failed\n ! net_accept returned -0x%x\n\n", -ret );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001559 goto exit;
1560 }
1561
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +01001562 if( opt.nbio > 0 )
1563 ret = net_set_nonblock( client_fd );
1564 else
1565 ret = net_set_block( client_fd );
1566 if( ret != 0 )
1567 {
Rich Evansf90016a2015-01-19 14:26:37 +00001568 polarssl_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
Manuel Pégourié-Gonnard55753162014-02-26 13:47:08 +01001569 goto exit;
1570 }
1571
1572 if( opt.nbio == 2 )
1573 ssl_set_bio( &ssl, my_recv, &client_fd, my_send, &client_fd );
1574 else
1575 ssl_set_bio( &ssl, net_recv, &client_fd, net_send, &client_fd );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001576
Rich Evansf90016a2015-01-19 14:26:37 +00001577 polarssl_printf( " ok\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001578
1579 /*
1580 * 4. Handshake
1581 */
Rich Evansf90016a2015-01-19 14:26:37 +00001582 polarssl_printf( " . Performing the SSL/TLS handshake..." );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001583 fflush( stdout );
1584
1585 while( ( ret = ssl_handshake( &ssl ) ) != 0 )
1586 {
1587 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
1588 {
Rich Evansf90016a2015-01-19 14:26:37 +00001589 polarssl_printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
Paul Bakker1d29fb52012-09-28 13:28:45 +00001590 goto reset;
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001591 }
1592 }
1593
Rich Evansf90016a2015-01-19 14:26:37 +00001594 polarssl_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
Manuel Pégourié-Gonnardc580a002014-02-12 10:15:30 +01001595 ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001596
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +02001597#if defined(POLARSSL_SSL_ALPN)
1598 if( opt.alpn_string != NULL )
1599 {
1600 const char *alp = ssl_get_alpn_protocol( &ssl );
Rich Evansf90016a2015-01-19 14:26:37 +00001601 polarssl_printf( " [ Application Layer Protocol is %s ]\n",
Manuel Pégourié-Gonnard1bd22812014-04-05 14:34:07 +02001602 alp ? alp : "(none)" );
1603 }
1604#endif
1605
Paul Bakker36713e82013-09-17 13:25:29 +02001606#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001607 /*
1608 * 5. Verify the server certificate
1609 */
Rich Evansf90016a2015-01-19 14:26:37 +00001610 polarssl_printf( " . Verifying peer X.509 certificate..." );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001611
1612 if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
1613 {
Rich Evansf90016a2015-01-19 14:26:37 +00001614 polarssl_printf( " failed\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001615
Paul Bakkerb0550d92012-10-30 07:51:03 +00001616 if( !ssl_get_peer_cert( &ssl ) )
Rich Evansf90016a2015-01-19 14:26:37 +00001617 polarssl_printf( " ! no client certificate sent\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001618
1619 if( ( ret & BADCERT_EXPIRED ) != 0 )
Rich Evansf90016a2015-01-19 14:26:37 +00001620 polarssl_printf( " ! client certificate has expired\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001621
1622 if( ( ret & BADCERT_REVOKED ) != 0 )
Rich Evansf90016a2015-01-19 14:26:37 +00001623 polarssl_printf( " ! client certificate has been revoked\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001624
1625 if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
Rich Evansf90016a2015-01-19 14:26:37 +00001626 polarssl_printf( " ! self-signed or not signed by a trusted CA\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001627
Rich Evansf90016a2015-01-19 14:26:37 +00001628 polarssl_printf( "\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001629 }
1630 else
Rich Evansf90016a2015-01-19 14:26:37 +00001631 polarssl_printf( " ok\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001632
Paul Bakkerb0550d92012-10-30 07:51:03 +00001633 if( ssl_get_peer_cert( &ssl ) )
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001634 {
Rich Evansf90016a2015-01-19 14:26:37 +00001635 polarssl_printf( " . Peer certificate information ...\n" );
Paul Bakkerddf26b42013-09-18 13:46:23 +02001636 x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
1637 ssl_get_peer_cert( &ssl ) );
Rich Evansf90016a2015-01-19 14:26:37 +00001638 polarssl_printf( "%s\n", buf );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001639 }
Paul Bakker36713e82013-09-17 13:25:29 +02001640#endif /* POLARSSL_X509_CRT_PARSE_C */
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001641
Manuel Pégourié-Gonnard6a0017b2015-01-22 10:33:29 +00001642 exchanges_left = opt.exchanges;
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001643data_exchange:
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001644 /*
1645 * 6. Read the HTTP Request
1646 */
Rich Evansf90016a2015-01-19 14:26:37 +00001647 polarssl_printf( " < Read from client:" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001648 fflush( stdout );
1649
1650 do
1651 {
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001652 int terminated = 0;
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001653 len = sizeof( buf ) - 1;
1654 memset( buf, 0, sizeof( buf ) );
1655 ret = ssl_read( &ssl, buf, len );
1656
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001657 if( ret == POLARSSL_ERR_NET_WANT_READ ||
1658 ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001659 continue;
1660
1661 if( ret <= 0 )
1662 {
1663 switch( ret )
1664 {
1665 case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
Rich Evansf90016a2015-01-19 14:26:37 +00001666 polarssl_printf( " connection was closed gracefully\n" );
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001667 goto close_notify;
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001668
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001669 case 0:
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001670 case POLARSSL_ERR_NET_CONN_RESET:
Rich Evansf90016a2015-01-19 14:26:37 +00001671 polarssl_printf( " connection was reset by peer\n" );
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001672 ret = POLARSSL_ERR_NET_CONN_RESET;
1673 goto reset;
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001674
1675 default:
Rich Evansf90016a2015-01-19 14:26:37 +00001676 polarssl_printf( " ssl_read returned -0x%x\n", -ret );
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001677 goto reset;
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001678 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001679 }
1680
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +02001681 if( ssl_get_bytes_avail( &ssl ) == 0 )
1682 {
1683 len = ret;
1684 buf[len] = '\0';
Rich Evansf90016a2015-01-19 14:26:37 +00001685 polarssl_printf( " %d bytes read\n\n%s\n", len, (char *) buf );
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001686
1687 /* End of message should be detected according to the syntax of the
1688 * application protocol (eg HTTP), just use a dummy test here. */
1689 if( buf[len - 1] == '\n' )
1690 terminated = 1;
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +02001691 }
1692 else
1693 {
1694 int extra_len, ori_len;
1695 unsigned char *larger_buf;
1696
1697 ori_len = ret;
1698 extra_len = ssl_get_bytes_avail( &ssl );
1699
1700 larger_buf = polarssl_malloc( ori_len + extra_len + 1 );
1701 if( larger_buf == NULL )
1702 {
Rich Evansf90016a2015-01-19 14:26:37 +00001703 polarssl_printf( " ! memory allocation failed\n" );
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +02001704 ret = 1;
Manuel Pégourié-Gonnard250b1ca2014-08-15 10:59:03 +02001705 goto reset;
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +02001706 }
1707
1708 memset( larger_buf, 0, ori_len + extra_len );
1709 memcpy( larger_buf, buf, ori_len );
1710
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +02001711 /* This read should never fail and get the whole cached data */
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +02001712 ret = ssl_read( &ssl, larger_buf + ori_len, extra_len );
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +02001713 if( ret != extra_len ||
1714 ssl_get_bytes_avail( &ssl ) != 0 )
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +02001715 {
Rich Evansf90016a2015-01-19 14:26:37 +00001716 polarssl_printf( " ! ssl_read failed on cached data\n" );
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +02001717 ret = 1;
Manuel Pégourié-Gonnard250b1ca2014-08-15 10:59:03 +02001718 goto reset;
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +02001719 }
1720
1721 larger_buf[ori_len + extra_len] = '\0';
Rich Evansf90016a2015-01-19 14:26:37 +00001722 polarssl_printf( " %u bytes read (%u + %u)\n\n%s\n",
Manuel Pégourié-Gonnard0669f272014-06-18 13:07:20 +02001723 ori_len + extra_len, ori_len, extra_len,
1724 (char *) larger_buf );
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +02001725
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001726 /* End of message should be detected according to the syntax of the
1727 * application protocol (eg HTTP), just use a dummy test here. */
1728 if( larger_buf[ori_len + extra_len - 1] == '\n' )
1729 terminated = 1;
1730
Manuel Pégourié-Gonnarde7a3b102014-06-11 18:21:20 +02001731 polarssl_free( larger_buf );
1732 }
1733
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001734 if( terminated )
1735 {
1736 ret = 0;
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001737 break;
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001738 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001739 }
1740 while( 1 );
1741
1742 /*
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001743 * 7a. Request renegotiation while client is waiting for input from us.
1744 * (only if we're going to exhange more data afterwards)
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001745 */
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001746#if defined(POLARSSL_SSL_RENEGOTIATION)
Manuel Pégourié-Gonnard6a0017b2015-01-22 10:33:29 +00001747 if( opt.renegotiate && exchanges_left > 1 )
Manuel Pégourié-Gonnard296e3b12014-08-19 12:59:03 +02001748 {
Rich Evansf90016a2015-01-19 14:26:37 +00001749 polarssl_printf( " . Requestion renegotiation..." );
Manuel Pégourié-Gonnard296e3b12014-08-19 12:59:03 +02001750 fflush( stdout );
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001751
Manuel Pégourié-Gonnard296e3b12014-08-19 12:59:03 +02001752 while( ( ret = ssl_renegotiate( &ssl ) ) != 0 )
1753 {
1754 if( ret != POLARSSL_ERR_NET_WANT_READ &&
1755 ret != POLARSSL_ERR_NET_WANT_WRITE )
1756 {
Rich Evansf90016a2015-01-19 14:26:37 +00001757 polarssl_printf( " failed\n ! ssl_renegotiate returned %d\n\n", ret );
Manuel Pégourié-Gonnard296e3b12014-08-19 12:59:03 +02001758 goto reset;
1759 }
1760 }
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001761
Rich Evansf90016a2015-01-19 14:26:37 +00001762 polarssl_printf( " ok\n" );
Manuel Pégourié-Gonnard296e3b12014-08-19 12:59:03 +02001763 }
Manuel Pégourié-Gonnard615e6772014-11-03 08:23:14 +01001764#endif /* POLARSSL_SSL_RENEGOTIATION */
Manuel Pégourié-Gonnard296e3b12014-08-19 12:59:03 +02001765
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001766 /*
1767 * 7. Write the 200 Response
1768 */
Rich Evansf90016a2015-01-19 14:26:37 +00001769 polarssl_printf( " > Write to client:" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001770 fflush( stdout );
1771
1772 len = sprintf( (char *) buf, HTTP_RESPONSE,
1773 ssl_get_ciphersuite( &ssl ) );
1774
Manuel Pégourié-Gonnard0c017a52013-07-18 14:07:36 +02001775 for( written = 0, frags = 0; written < len; written += ret, frags++ )
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001776 {
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +02001777 while( ( ret = ssl_write( &ssl, buf + written, len - written ) ) <= 0 )
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001778 {
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +02001779 if( ret == POLARSSL_ERR_NET_CONN_RESET )
1780 {
Rich Evansf90016a2015-01-19 14:26:37 +00001781 polarssl_printf( " failed\n ! peer closed the connection\n\n" );
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +02001782 goto reset;
1783 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001784
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +02001785 if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
1786 {
Rich Evansf90016a2015-01-19 14:26:37 +00001787 polarssl_printf( " failed\n ! ssl_write returned %d\n\n", ret );
Manuel Pégourié-Gonnard250b1ca2014-08-15 10:59:03 +02001788 goto reset;
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +02001789 }
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001790 }
1791 }
1792
Manuel Pégourié-Gonnardbd7ce632013-07-17 15:34:17 +02001793 buf[written] = '\0';
Rich Evansf90016a2015-01-19 14:26:37 +00001794 polarssl_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
Manuel Pégourié-Gonnarda92ed482015-01-14 10:46:08 +01001795 ret = 0;
Manuel Pégourié-Gonnardf3dc2f62013-10-29 18:17:41 +01001796
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001797 /*
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001798 * 7b. Continue doing data exchanges?
1799 */
Manuel Pégourié-Gonnard6a0017b2015-01-22 10:33:29 +00001800 if( --exchanges_left > 0 )
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02001801 goto data_exchange;
1802
1803 /*
1804 * 8. Done, cleanly close the connection
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001805 */
1806close_notify:
Rich Evansf90016a2015-01-19 14:26:37 +00001807 polarssl_printf( " . Closing the connection..." );
Manuel Pégourié-Gonnard6b0d2682014-03-25 11:24:43 +01001808
Manuel Pégourié-Gonnard34377b12015-01-22 10:46:46 +00001809 /* No error checking, the connection might be closed already */
1810 do ret = ssl_close_notify( &ssl );
1811 while( ret == POLARSSL_ERR_NET_WANT_WRITE );
1812 ret = 0;
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001813
Rich Evansf90016a2015-01-19 14:26:37 +00001814 polarssl_printf( " done\n" );
1815
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001816 goto reset;
1817
Manuel Pégourié-Gonnarde08660e2014-08-16 11:28:40 +02001818 /*
1819 * Cleanup and exit
1820 */
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001821exit:
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001822#ifdef POLARSSL_ERROR_C
1823 if( ret != 0 )
1824 {
1825 char error_buf[100];
Paul Bakker03a8a792013-06-30 12:18:08 +02001826 polarssl_strerror( ret, error_buf, 100 );
Rich Evansf90016a2015-01-19 14:26:37 +00001827 polarssl_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001828 }
1829#endif
1830
Manuel Pégourié-Gonnard7e81e702015-01-29 11:47:41 +00001831 polarssl_printf( " . Cleaning up..." );
Manuel Pégourié-Gonnardf29e5de2014-11-21 11:54:41 +01001832 fflush( stdout );
1833
Paul Bakker0c226102014-04-17 16:02:36 +02001834 if( client_fd != -1 )
1835 net_close( client_fd );
1836
Paul Bakkera317a982014-06-18 16:44:11 +02001837#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO)
1838 dhm_free( &dhm );
1839#endif
Paul Bakker36713e82013-09-17 13:25:29 +02001840#if defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker36713e82013-09-17 13:25:29 +02001841 x509_crt_free( &cacert );
Manuel Pégourié-Gonnard3ebb2cd2013-09-23 17:00:18 +02001842 x509_crt_free( &srvcert );
Manuel Pégourié-Gonnardac755232013-08-19 14:10:16 +02001843 pk_free( &pkey );
Manuel Pégourié-Gonnard3ebb2cd2013-09-23 17:00:18 +02001844 x509_crt_free( &srvcert2 );
1845 pk_free( &pkey2 );
Paul Bakkered27a042013-04-18 22:46:23 +02001846#endif
Manuel Pégourié-Gonnard5d917ff2014-02-21 16:52:06 +01001847#if defined(POLARSSL_SNI)
1848 sni_free( sni_info );
1849#endif
Manuel Pégourié-Gonnard4505ed32014-06-19 20:56:52 +02001850#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
1851 psk_free( psk_info );
1852#endif
1853#if defined(POLARSSL_DHM_C) && defined(POLARSSL_FS_IO)
1854 dhm_free( &dhm );
1855#endif
Paul Bakkered27a042013-04-18 22:46:23 +02001856
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001857 ssl_free( &ssl );
Paul Bakkera317a982014-06-18 16:44:11 +02001858 ctr_drbg_free( &ctr_drbg );
Paul Bakker1ffefac2013-09-28 15:23:03 +02001859 entropy_free( &entropy );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001860
Paul Bakker0a597072012-09-25 21:55:46 +00001861#if defined(POLARSSL_SSL_CACHE_C)
1862 ssl_cache_free( &cache );
1863#endif
1864
Paul Bakker1337aff2013-09-29 14:45:34 +02001865#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
1866#if defined(POLARSSL_MEMORY_DEBUG)
Paul Bakker82024bf2013-07-04 11:52:32 +02001867 memory_buffer_alloc_status();
1868#endif
Paul Bakker1337aff2013-09-29 14:45:34 +02001869 memory_buffer_alloc_free();
1870#endif
Paul Bakker82024bf2013-07-04 11:52:32 +02001871
Manuel Pégourié-Gonnard7e81e702015-01-29 11:47:41 +00001872 polarssl_printf( " done.\n" );
Manuel Pégourié-Gonnardf29e5de2014-11-21 11:54:41 +01001873
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001874#if defined(_WIN32)
Rich Evansf90016a2015-01-19 14:26:37 +00001875 polarssl_printf( " + Press Enter to exit this program.\n" );
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001876 fflush( stdout ); getchar();
1877#endif
1878
Paul Bakkerdbd79ca2013-07-24 16:28:35 +02001879 // Shell can not handle large exit numbers -> 1 for errors
1880 if( ret < 0 )
1881 ret = 1;
1882
Paul Bakkerb60b95f2012-09-25 09:05:17 +00001883 return( ret );
1884}
1885#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
1886 POLARSSL_SSL_SRV_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
1887 POLARSSL_CTR_DRBG_C */