Blame - programs/ssl/ssl_client1.c - mirror/mbed-tls

blob: efb210e4640059bcd37f095151c372bffa83e7d4 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* SSL client demonstration program
				3	*
Paul Bakker	3c5ef71	2013-06-25 16:37:45 +0200	[diff] [blame]	4	* Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker	84f12b7	2010-07-18 10:13:04 +0000	[diff] [blame]	7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	8	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame]	9	* All rights reserved.
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	10	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25
Manuel Pégourié-Gonnard	abd6e02	2013-09-20 13:30:43 +0200	[diff] [blame]	26	#include "polarssl/config.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	27
				28	#include <string.h>
				29	#include <stdio.h>
				30
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	31	#include "polarssl/net.h"
				32	#include "polarssl/ssl.h"
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	33	#include "polarssl/entropy.h"
				34	#include "polarssl/ctr_drbg.h"
Paul Bakker	a3d195c	2011-11-27 21:07:34 +0000	[diff] [blame]	35	#include "polarssl/error.h"
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	36	#include "polarssl/certs.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	37
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	38	#if !defined(POLARSSL_BIGNUM_C) \|\| !defined(POLARSSL_ENTROPY_C) \|\| \
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	39	!defined(POLARSSL_SSL_TLS_C) \|\| !defined(POLARSSL_SSL_CLI_C) \|\| \
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	40	!defined(POLARSSL_NET_C) \|\| !defined(POLARSSL_RSA_C) \|\| \
Paul Bakker	36713e8	2013-09-17 13:25:29 +0200	[diff] [blame]	41	!defined(POLARSSL_CTR_DRBG_C) \|\| !defined(POLARSSL_X509_CRT_PARSE_C)
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	42	int main( int argc, char *argv[] )
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	43	{
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	44	((void) argc);
				45	((void) argv);
				46
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	47	printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	48	"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	49	"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
Paul Bakker	36713e8	2013-09-17 13:25:29 +0200	[diff] [blame]	50	"POLARSSL_CTR_DRBG_C and/or POLARSSL_X509_CRT_PARSE_C "
Paul Bakker	ed27a04	2013-04-18 22:46:23 +0200	[diff] [blame]	51	"not defined.\n");
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	52	return( 0 );
				53	}
				54	#else
Paul Bakker	9a97c5d	2013-09-15 17:07:33 +0200	[diff] [blame]	55
				56	#define SERVER_PORT 4433
				57	#define SERVER_NAME "localhost"
				58	#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
				59
				60	#define DEBUG_LEVEL 1
				61
				62	static void my_debug( void ctx, int level, const char str )
				63	{
				64	if( level < DEBUG_LEVEL )
				65	{
				66	fprintf( (FILE *) ctx, "%s", str );
				67	fflush( (FILE *) ctx );
				68	}
				69	}
				70
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	71	int main( int argc, char *argv[] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	72	{
Manuel Pégourié-Gonnard	68821da	2013-09-16 12:34:33 +0200	[diff] [blame]	73	int ret, len, server_fd = -1;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	74	unsigned char buf[1024];
Paul Bakker	ef3f8c7	2013-06-24 13:01:08 +0200	[diff] [blame]	75	const char *pers = "ssl_client1";
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	76
				77	entropy_context entropy;
				78	ctr_drbg_context ctr_drbg;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	79	ssl_context ssl;
Paul Bakker	c559c7a	2013-09-18 14:13:26 +0200	[diff] [blame]	80	x509_crt cacert;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	81
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	82	((void) argc);
				83	((void) argv);
				84
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	85	/*
				86	* 0. Initialize the RNG and the session data
				87	*/
Paul Bakker	1a207ec	2011-02-06 13:22:40 +0000	[diff] [blame]	88	memset( &ssl, 0, sizeof( ssl_context ) );
Paul Bakker	369d2eb	2013-09-18 11:58:25 +0200	[diff] [blame]	89	x509_crt_init( &cacert );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	90
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	91	printf( "\n . Seeding the random number generator..." );
				92	fflush( stdout );
				93
				94	entropy_init( &entropy );
				95	if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
Paul Bakker	ef3f8c7	2013-06-24 13:01:08 +0200	[diff] [blame]	96	(const unsigned char *) pers,
				97	strlen( pers ) ) ) != 0 )
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	98	{
				99	printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
				100	goto exit;
				101	}
				102
				103	printf( " ok\n" );
				104
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	105	/*
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	106	* 0. Initialize certificates
				107	*/
				108	printf( " . Loading the CA root certificate ..." );
				109	fflush( stdout );
				110
				111	#if defined(POLARSSL_CERTS_C)
Manuel Pégourié-Gonnard	641de71	2013-09-25 13:23:33 +0200	[diff] [blame]	112	ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
				113	strlen( test_ca_list ) );
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	114	#else
				115	ret = 1;
				116	printf("POLARSSL_CERTS_C not defined.");
				117	#endif
				118
				119	if( ret < 0 )
				120	{
Paul Bakker	ddf26b4	2013-09-18 13:46:23 +0200	[diff] [blame]	121	printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	122	goto exit;
				123	}
				124
				125	printf( " ok (%d skipped)\n", ret );
				126
				127	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	128	* 1. Start the connection
				129	*/
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	130	printf( " . Connecting to tcp/%s/%4d...", SERVER_NAME,
				131	SERVER_PORT );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	132	fflush( stdout );
				133
				134	if( ( ret = net_connect( &server_fd, SERVER_NAME,
				135	SERVER_PORT ) ) != 0 )
				136	{
				137	printf( " failed\n ! net_connect returned %d\n\n", ret );
				138	goto exit;
				139	}
				140
				141	printf( " ok\n" );
				142
				143	/*
				144	* 2. Setup stuff
				145	*/
				146	printf( " . Setting up the SSL/TLS structure..." );
				147	fflush( stdout );
				148
				149	if( ( ret = ssl_init( &ssl ) ) != 0 )
				150	{
				151	printf( " failed\n ! ssl_init returned %d\n\n", ret );
				152	goto exit;
				153	}
				154
				155	printf( " ok\n" );
				156
				157	ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	158	ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL );
				159	ssl_set_ca_chain( &ssl, &cacert, NULL, "PolarSSL Server 1" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	160
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	161	ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	162	ssl_set_dbg( &ssl, my_debug, stdout );
				163	ssl_set_bio( &ssl, net_recv, &server_fd,
				164	net_send, &server_fd );
				165
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	166	/*
Paul Bakker	75242c3	2012-11-17 00:03:46 +0100	[diff] [blame]	167	* 4. Handshake
				168	*/
				169	printf( " . Performing the SSL/TLS handshake..." );
				170	fflush( stdout );
				171
				172	while( ( ret = ssl_handshake( &ssl ) ) != 0 )
				173	{
				174	if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
				175	{
				176	printf( " failed\n ! ssl_handshake returned -0x%x\n\n", -ret );
				177	goto exit;
				178	}
				179	}
				180
				181	printf( " ok\n" );
				182
				183	/*
				184	* 5. Verify the server certificate
				185	*/
				186	printf( " . Verifying peer X.509 certificate..." );
				187
				188	if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 )
				189	{
				190	printf( " failed\n" );
				191
				192	if( ( ret & BADCERT_EXPIRED ) != 0 )
				193	printf( " ! server certificate has expired\n" );
				194
				195	if( ( ret & BADCERT_REVOKED ) != 0 )
				196	printf( " ! server certificate has been revoked\n" );
				197
				198	if( ( ret & BADCERT_CN_MISMATCH ) != 0 )
				199	printf( " ! CN mismatch (expected CN=%s)\n", "PolarSSL Server 1" );
				200
				201	if( ( ret & BADCERT_NOT_TRUSTED ) != 0 )
				202	printf( " ! self-signed or not signed by a trusted CA\n" );
				203
				204	printf( "\n" );
				205	}
				206	else
				207	printf( " ok\n" );
				208
				209	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	210	* 3. Write the GET request
				211	*/
				212	printf( " > Write to server:" );
				213	fflush( stdout );
				214
				215	len = sprintf( (char *) buf, GET_REQUEST );
				216
				217	while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 )
				218	{
Paul Bakker	831a755	2011-05-18 13:32:51 +0000	[diff] [blame]	219	if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	220	{
				221	printf( " failed\n ! ssl_write returned %d\n\n", ret );
				222	goto exit;
				223	}
				224	}
				225
				226	len = ret;
				227	printf( " %d bytes written\n\n%s", len, (char *) buf );
				228
				229	/*
				230	* 7. Read the HTTP response
				231	*/
				232	printf( " < Read from server:" );
				233	fflush( stdout );
				234
				235	do
				236	{
				237	len = sizeof( buf ) - 1;
				238	memset( buf, 0, sizeof( buf ) );
				239	ret = ssl_read( &ssl, buf, len );
				240
Paul Bakker	831a755	2011-05-18 13:32:51 +0000	[diff] [blame]	241	if( ret == POLARSSL_ERR_NET_WANT_READ \|\| ret == POLARSSL_ERR_NET_WANT_WRITE )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	242	continue;
				243
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	244	if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	245	break;
				246
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	247	if( ret < 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	248	{
				249	printf( "failed\n ! ssl_read returned %d\n\n", ret );
				250	break;
				251	}
				252
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	253	if( ret == 0 )
				254	{
				255	printf( "\n\nEOF\n\n" );
				256	break;
				257	}
				258
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	259	len = ret;
				260	printf( " %d bytes read\n\n%s", len, (char *) buf );
				261	}
Paul Bakker	61da752	2011-11-11 10:28:58 +0000	[diff] [blame]	262	while( 1 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	263
				264	ssl_close_notify( &ssl );
				265
				266	exit:
				267
Paul Bakker	a3d195c	2011-11-27 21:07:34 +0000	[diff] [blame]	268	#ifdef POLARSSL_ERROR_C
				269	if( ret != 0 )
				270	{
				271	char error_buf[100];
Paul Bakker	03a8a79	2013-06-30 12:18:08 +0200	[diff] [blame]	272	polarssl_strerror( ret, error_buf, 100 );
Paul Bakker	a3d195c	2011-11-27 21:07:34 +0000	[diff] [blame]	273	printf("Last error was: %d - %s\n\n", ret, error_buf );
				274	}
				275	#endif
				276
Paul Bakker	36713e8	2013-09-17 13:25:29 +0200	[diff] [blame]	277	x509_crt_free( &cacert );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	278	net_close( server_fd );
				279	ssl_free( &ssl );
Paul Bakker	1ffefac	2013-09-28 15:23:03 +0200	[diff] [blame]	280	entropy_free( &entropy );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	281
				282	memset( &ssl, 0, sizeof( ssl ) );
				283
Paul Bakker	cce9d77	2011-11-18 14:26:47 +0000	[diff] [blame]	284	#if defined(_WIN32)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	285	printf( " + Press Enter to exit this program.\n" );
				286	fflush( stdout ); getchar();
				287	#endif
				288
				289	return( ret );
				290	}
Paul Bakker	508ad5a	2011-12-04 17:09:26 +0000	[diff] [blame]	291	#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
				292	POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
				293	POLARSSL_CTR_DRBG_C */