Blame - programs/ssl/ssl_client1.c - mirror/mbed-tls

blob: a61ae64d9bfe8160bbe8020b6214d03d3a94fce5 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* SSL client demonstration program
				3	*
Paul Bakker	3c5ef71	2013-06-25 16:37:45 +0200	[diff] [blame]	4	* Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker	84f12b7	2010-07-18 10:13:04 +0000	[diff] [blame]	7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	8	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame]	9	* All rights reserved.
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	10	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25
Manuel Pégourié-Gonnard	abd6e02	2013-09-20 13:30:43 +0200	[diff] [blame]	26	#include "polarssl/config.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	27
				28	#include <string.h>
				29	#include <stdio.h>
				30
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	31	#include "polarssl/net.h"
Paul Bakker	c73079a	2014-04-25 16:34:30 +0200	[diff] [blame^]	32	#include "polarssl/debug.h"
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	33	#include "polarssl/ssl.h"
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	34	#include "polarssl/entropy.h"
				35	#include "polarssl/ctr_drbg.h"
Paul Bakker	a3d195c	2011-11-27 21:07:34 +0000	[diff] [blame]	36	#include "polarssl/error.h"
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	37	#include "polarssl/certs.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	38
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	39	#if !defined(POLARSSL_BIGNUM_C) \|\| !defined(POLARSSL_ENTROPY_C) \|\| \
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	40	!defined(POLARSSL_SSL_TLS_C) \|\| !defined(POLARSSL_SSL_CLI_C) \|\| \
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	41	!defined(POLARSSL_NET_C) \|\| !defined(POLARSSL_RSA_C) \|\| \
Paul Bakker	36713e8	2013-09-17 13:25:29 +0200	[diff] [blame]	42	!defined(POLARSSL_CTR_DRBG_C) \|\| !defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	43	int main( int argc, char *argv[] )
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	44	{
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	45	((void) argc);
				46	((void) argv);
				47
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	48	printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	49	"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	50	"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
Paul Bakker	36713e8	2013-09-17 13:25:29 +0200	[diff] [blame]	51	"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
Paul Bakker	ed27a04	2013-04-18 22:46:23 +0200	[diff] [blame]	52	"not defined.\n");
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	53	return( 0 );
				54	}
				55	#else
Paul Bakker	9a97c5d	2013-09-15 17:07:33 +0200	[diff] [blame]	56
				57	#define SERVER_PORT 4433
				58	#define SERVER_NAME "localhost"
				59	#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
				60
				61	#define DEBUG_LEVEL 1
				62
				63	static void my_debug( void ctx, int level, const char str )
				64	{
Paul Bakker	c73079a	2014-04-25 16:34:30 +0200	[diff] [blame^]	65	((void) level);
				66
				67	fprintf( (FILE *) ctx, "%s", str );
				68	fflush( (FILE *) ctx );
Paul Bakker	9a97c5d	2013-09-15 17:07:33 +0200	[diff] [blame]	69	}
				70
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	71	int main( int argc, char *argv[] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	72	{
Manuel Pégourié-Gonnard	68821da	2013-09-16 12:34:33 +0200	[diff] [blame]	73	int ret, len, server_fd = -1;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	74	unsigned char buf[1024];
Paul Bakker	ef3f8c7	2013-06-24 13:01:08 +0200	[diff] [blame]	75	const char *pers = "ssl_client1";
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	76
				77	entropy_context entropy;
				78	ctr_drbg_context ctr_drbg;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	79	ssl_context ssl;
Paul Bakker	c559c7a	2013-09-18 14:13:26 +0200	[diff] [blame]	80	x509_crt cacert;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	81
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	82	((void) argc);
				83	((void) argv);
				84
Paul Bakker	c73079a	2014-04-25 16:34:30 +0200	[diff] [blame^]	85	#if defined(POLARSSL_DEBUG_C)
				86	debug_set_threshold( DEBUG_LEVEL );
				87	#endif
				88
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	89	/*
				90	* 0. Initialize the RNG and the session data
				91	*/
Paul Bakker	1a207ec	2011-02-06 13:22:40 +0000	[diff] [blame]	92	memset( &ssl, 0, sizeof( ssl_context ) );
Paul Bakker	369d2eb	2013-09-18 11:58:25 +0200	[diff] [blame]	93	x509_crt_init( &cacert );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	94
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	95	printf( "\n . Seeding the random number generator..." );
				96	fflush( stdout );
				97
				98	entropy_init( &entropy );
				99	if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakker	ef3f8c7	2013-06-24 13:01:08 +0200	[diff] [blame]	100	(const unsigned char *) pers,
				101	strlen( pers ) ) ) != 0 )
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	102	{
				103	printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
				104	goto exit;
				105	}
				106
				107	printf( " ok\n" );
				108
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	109	/*
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	110	* 0. Initialize certificates
				111	*/
				112	printf( " . Loading the CA root certificate ..." );
				113	fflush( stdout );
				114
				115	#if defined(POLARSSL_CERTS_C)
Manuel Pégourié-Gonnard	641de71	2013-09-25 13:23:33 +0200	[diff] [blame]	116	ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
				117	strlen( test_ca_list ) );
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	118	#else
				119	ret = 1;
				120	printf("POLARSSL_CERTS_C not defined.");
				121	#endif
				122
				123	if( ret < 0 )
				124	{
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	125	printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	126	goto exit;
				127	}
				128
				129	printf( " ok (%d skipped)\n", ret );
				130
				131	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	132	* 1. Start the connection
				133	*/
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	134	printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
				135	SERVER_PORT );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	136	fflush( stdout );
				137
				138	if( ( ret = net_connect( &server_fd, SERVER_NAME,
				139	SERVER_PORT ) ) != 0 )
				140	{
				141	printf( " failed\n ! net_connect returned %d\n\n", ret );
				142	goto exit;
				143	}
				144
				145	printf( " ok\n" );
				146
				147	/*
				148	* 2. Setup stuff
				149	*/
				150	printf( " . Setting up the SSL/TLS structure..." );
				151	fflush( stdout );
				152
				153	if( ( ret = ssl_init( &ssl ) ) != 0 )
				154	{
				155	printf( " failed\n ! ssl_init returned %d\n\n", ret );
				156	goto exit;
				157	}
				158
				159	printf( " ok\n" );
				160
				161	ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
Manuel Pégourié-Gonnard	fcf2fc2	2014-03-11 11:10:27 +0100	[diff] [blame]	162	/* OPTIONAL is not optimal for security,
				163	* but makes interop easier in this simplified example */
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	164	ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
				165	ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	166
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	167	ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	168	ssl_set_dbg( &ssl, my_debug, stdout );
				169	ssl_set_bio( &ssl, net_recv, &server_fd,
				170	net_send, &server_fd );
				171
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	172	/*
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	173	* 4. Handshake
				174	*/
				175	printf( " . Performing the SSL/TLS handshake..." );
				176	fflush( stdout );
				177
				178	while( ( ret = ssl_handshake( &ssl ) ) != 0 )
				179	{
				180	if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
				181	{
				182	printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
				183	goto exit;
				184	}
				185	}
				186
				187	printf( " ok\n" );
				188
				189	/*
				190	* 5. Verify the server certificate
				191	*/
				192	printf( " . Verifying peer X.509 certificate..." );
				193
Manuel Pégourié-Gonnard	fcf2fc2	2014-03-11 11:10:27 +0100	[diff] [blame]	194	/* In real life, we may want to bail out when ret != 0 */
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	195	if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
				196	{
				197	printf( " failed\n" );
				198
				199	if( ( ret & BADCERT_EXPIRED ) != 0 )
				200	printf( " ! server certificate has expired\n" );
				201
				202	if( ( ret & BADCERT_REVOKED ) != 0 )
				203	printf( " ! server certificate has been revoked\n" );
				204
				205	if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
				206	printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
				207
				208	if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
				209	printf( " ! self-signed or not signed by a trusted CA\n" );
				210
				211	printf( "\n" );
				212	}
				213	else
				214	printf( " ok\n" );
				215
				216	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	217	* 3. Write the GET request
				218	*/
				219	printf( " > Write to server:" );
				220	fflush( stdout );
				221
				222	len = sprintf( (char *) buf, GET_REQUEST );
				223
				224	while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
				225	{
Paul Bakker	831a755	2011-05-18 13:32:51 +0000	[diff] [blame]	226	if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	227	{
				228	printf( " failed\n ! ssl_write returned %d\n\n", ret );
				229	goto exit;
				230	}
				231	}
				232
				233	len = ret;
				234	printf( " %d bytes written\n\n%s", len, (char *) buf );
				235
				236	/*
				237	* 7. Read the HTTP response
				238	*/
				239	printf( " < Read from server:" );
				240	fflush( stdout );
				241
				242	do
				243	{
				244	len = sizeof( buf ) - 1;
				245	memset( buf, 0, sizeof( buf ) );
				246	ret = ssl_read( &ssl, buf, len );
				247
Paul Bakker	831a755	2011-05-18 13:32:51 +0000	[diff] [blame]	248	if( ret == POLARSSL_ERR_NET_WANT_READ \|\| ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	249	continue;
				250
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	251	if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	252	break;
				253
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	254	if( ret < 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	255	{
				256	printf( "failed\n ! ssl_read returned %d\n\n", ret );
				257	break;
				258	}
				259
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	260	if( ret == 0 )
				261	{
				262	printf( "\n\nEOF\n\n" );
				263	break;
				264	}
				265
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	266	len = ret;
				267	printf( " %d bytes read\n\n%s", len, (char *) buf );
				268	}
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	269	while( 1 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	270
				271	ssl_close_notify( &ssl );
				272
				273	exit:
				274
Paul Bakker	a3d195c	2011-11-27 21:07:34 +0000	[diff] [blame]	275	#ifdef POLARSSL_ERROR_C
				276	if( ret != 0 )
				277	{
				278	char error_buf[100];
Paul Bakker	03a8a79	2013-06-30 12:18:08 +0200	[diff] [blame]	279	polarssl_strerror( ret, error_buf, 100 );
Paul Bakker	a3d195c	2011-11-27 21:07:34 +0000	[diff] [blame]	280	printf("Last error was: %d - %s\n\n", ret, error_buf );
				281	}
				282	#endif
				283
Paul Bakker	0c22610	2014-04-17 16:02:36 +0200	[diff] [blame]	284	if( server_fd != -1 )
				285	net_close( server_fd );
				286
Paul Bakker	36713e8	2013-09-17 13:25:29 +0200	[diff] [blame]	287	x509_crt_free( &cacert );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	288	ssl_free( &ssl );
Paul Bakker	1ffefac	2013-09-28 15:23:03 +0200	[diff] [blame]	289	entropy_free( &entropy );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	290
				291	memset( &ssl, 0, sizeof( ssl ) );
				292
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	293	#if defined(_WIN32)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	294	printf( " + Press Enter to exit this program.\n" );
				295	fflush( stdout ); getchar();
				296	#endif
				297
				298	return( ret );
				299	}
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	300	#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
				301	POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
				302	POLARSSL_CTR_DRBG_C */