wolfssl/examples/client/client.c

983 lines
27 KiB
C
Raw Normal View History

2011-07-27 00:27:22 +04:00
/* client.c
*
2014-04-12 01:58:58 +04:00
* Copyright (C) 2006-2014 wolfSSL Inc.
2011-07-27 00:27:22 +04:00
*
2015-01-06 00:54:43 +03:00
* This file is part of wolfSSL. (formerly known as CyaSSL)
2011-07-27 00:27:22 +04:00
*
2015-01-06 00:48:43 +03:00
* wolfSSL is free software; you can redistribute it and/or modify
2011-07-27 00:27:22 +04:00
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
2015-01-06 00:48:43 +03:00
* wolfSSL is distributed in the hope that it will be useful,
2011-07-27 00:27:22 +04:00
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
2014-04-12 01:58:58 +04:00
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
2011-07-27 00:27:22 +04:00
*/
#ifdef HAVE_CONFIG_H
2014-04-11 11:20:12 +04:00
#include <config.h>
#endif
2014-04-11 11:20:12 +04:00
2015-01-06 00:48:43 +03:00
#include <wolfssl/ssl.h> /* name change portability layer */
2014-12-20 01:30:07 +03:00
2015-01-06 00:48:43 +03:00
#if defined(WOLFSSL_MDK_ARM)
2014-04-11 11:20:12 +04:00
#include <stdio.h>
2013-05-19 05:02:13 +04:00
#include <string.h>
2014-04-11 11:20:12 +04:00
2015-01-06 00:48:43 +03:00
#if defined(WOLFSSL_MDK5)
2014-04-11 11:20:12 +04:00
#include "cmsis_os.h"
#include "rl_fs.h"
#include "rl_net.h"
#else
#include "rtl.h"
#endif
2015-01-06 00:48:43 +03:00
#include "wolfssl_MDK_ARM.h"
2013-05-19 05:02:13 +04:00
#endif
2015-01-06 00:48:43 +03:00
#include <wolfssl/wolfcrypt/settings.h>
2015-01-06 00:48:43 +03:00
#if !defined(WOLFSSL_TRACK_MEMORY) && !defined(NO_MAIN_DRIVER)
/* in case memory tracker wants stats */
2015-01-06 00:48:43 +03:00
#define WOLFSSL_TRACK_MEMORY
#endif
2015-01-06 00:48:43 +03:00
#include <wolfssl/ssl.h>
2014-04-11 11:20:12 +04:00
2015-01-06 00:48:43 +03:00
#include <wolfssl/test.h>
2011-02-05 22:14:47 +03:00
#include "examples/client/client.h"
2011-02-05 22:14:47 +03:00
2015-01-06 00:48:43 +03:00
#ifdef WOLFSSL_CALLBACKS
2011-02-05 22:14:47 +03:00
int handShakeCB(HandShakeInfo*);
int timeoutCB(TimeoutInfo*);
Timeval timeout;
#endif
#ifdef HAVE_SESSION_TICKET
2015-01-06 00:48:43 +03:00
int sessionTicketCB(WOLFSSL*, const unsigned char*, int, void*);
#endif
2015-01-06 00:48:43 +03:00
static void NonBlockingSSL_Connect(WOLFSSL* ssl)
{
2015-01-06 00:48:43 +03:00
#ifndef WOLFSSL_CALLBACKS
int ret = wolfSSL_connect(ssl);
2011-02-05 22:14:47 +03:00
#else
2015-01-06 00:48:43 +03:00
int ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout);
2011-02-05 22:14:47 +03:00
#endif
2015-01-06 00:48:43 +03:00
int error = wolfSSL_get_error(ssl, 0);
SOCKET_T sockfd = (SOCKET_T)wolfSSL_get_fd(ssl);
int select_ret;
while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
error == SSL_ERROR_WANT_WRITE)) {
int currTimeout = 1;
if (error == SSL_ERROR_WANT_READ)
printf("... client would read block\n");
else
printf("... client would write block\n");
2015-01-06 00:48:43 +03:00
#ifdef WOLFSSL_DTLS
currTimeout = wolfSSL_dtls_get_current_timeout(ssl);
#endif
select_ret = tcp_select(sockfd, currTimeout);
if ((select_ret == TEST_RECV_READY) ||
(select_ret == TEST_ERROR_READY)) {
2015-01-06 00:48:43 +03:00
#ifndef WOLFSSL_CALLBACKS
ret = wolfSSL_connect(ssl);
#else
2015-01-06 00:48:43 +03:00
ret = wolfSSL_connect_ex(ssl,handShakeCB,timeoutCB,timeout);
#endif
2015-01-06 00:48:43 +03:00
error = wolfSSL_get_error(ssl, 0);
}
2015-01-06 00:48:43 +03:00
else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) {
error = SSL_ERROR_WANT_READ;
}
2015-01-06 00:48:43 +03:00
#ifdef WOLFSSL_DTLS
else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl) &&
wolfSSL_dtls_got_timeout(ssl) >= 0) {
error = SSL_ERROR_WANT_READ;
}
#endif
else {
error = SSL_FATAL_ERROR;
2011-02-05 22:14:47 +03:00
}
}
if (ret != SSL_SUCCESS)
err_sys("SSL_connect failed");
}
2011-02-05 22:14:47 +03:00
static void Usage(void)
{
2015-01-06 00:48:43 +03:00
printf("client " LIBWOLFSSL_VERSION_STRING
" NOTE: All files relative to wolfSSL home dir\n");
printf("-? Help, print this usage\n");
printf("-h <host> Host to connect to, default %s\n", yasslIP);
printf("-p <num> Port to connect on, not 0, default %d\n", yasslPort);
printf("-v <num> SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
CLIENT_DEFAULT_VERSION);
printf("-l <str> Cipher list\n");
printf("-c <file> Certificate file, default %s\n", cliCert);
printf("-k <file> Key file, default %s\n", cliKey);
printf("-A <file> Certificate Authority file, default %s\n", caCert);
printf("-b <num> Benchmark <num> connections and print stats\n");
printf("-s Use pre Shared keys\n");
2015-01-06 00:48:43 +03:00
printf("-t Track wolfSSL memory use\n");
printf("-d Disable peer checks\n");
printf("-D Override Date Errors example\n");
printf("-g Send server HTTP GET\n");
printf("-u Use UDP DTLS,"
" add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
printf("-m Match domain name in cert\n");
printf("-N Use Non-blocking sockets\n");
printf("-r Resume session\n");
#ifdef HAVE_SECURE_RENEGOTIATION
printf("-R Allow Secure Renegotiation\n");
printf("-i Force client Initiated Secure Renegotiation\n");
#endif
printf("-f Fewer packets/group messages\n");
printf("-x Disable client cert/key loading\n");
#ifdef SHOW_SIZES
printf("-z Print structure sizes\n");
#endif
#ifdef HAVE_SNI
2013-05-22 01:37:50 +04:00
printf("-S <str> Use Host Name Indication\n");
#endif
2014-02-16 17:19:40 +04:00
#ifdef HAVE_MAX_FRAGMENT
printf("-L <num> Use Maximum Fragment Length [1-5]\n");
#endif
#ifdef HAVE_TRUNCATED_HMAC
printf("-T Use Truncated HMAC\n");
#endif
#ifdef HAVE_OCSP
printf("-o Perform OCSP lookup on peer certificate\n");
printf("-O <url> Perform OCSP lookup using <url> as responder\n");
#endif
2013-08-10 04:27:15 +04:00
#ifdef ATOMIC_USER
printf("-U Atomic User Record Layer Callbacks\n");
#endif
#ifdef HAVE_PK_CALLBACKS
printf("-P Public Key Callbacks\n");
#endif
#ifdef HAVE_ANON
printf("-a Anonymous client\n");
#endif
}
2015-01-06 00:48:43 +03:00
THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
2011-02-05 22:14:47 +03:00
{
SOCKET_T sockfd = 0;
2015-01-06 00:48:43 +03:00
WOLFSSL_METHOD* method = 0;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
2011-02-05 22:14:47 +03:00
2015-01-06 00:48:43 +03:00
WOLFSSL* sslResume = 0;
WOLFSSL_SESSION* session = 0;
char resumeMsg[] = "resuming wolfssl!";
2011-02-05 22:14:47 +03:00
int resumeSz = sizeof(resumeMsg);
2015-01-06 00:48:43 +03:00
char msg[32] = "hello wolfssl!"; /* GET may make bigger */
char reply[80];
2011-02-05 22:14:47 +03:00
int input;
int msgSz = (int)strlen(msg);
2011-02-05 22:14:47 +03:00
word16 port = yasslPort;
char* host = (char*)yasslIP;
2014-05-29 04:36:21 +04:00
const char* domain = "www.yassl.com";
int ch;
int version = CLIENT_INVALID_VERSION;
int usePsk = 0;
int useAnon = 0;
int sendGET = 0;
int benchmark = 0;
int doDTLS = 0;
int matchName = 0;
int doPeerCheck = 1;
int nonBlocking = 0;
int resumeSession = 0;
int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiaed scr */
int trackMemory = 0;
int useClientCert = 1;
int fewerPackets = 0;
2013-08-10 04:27:15 +04:00
int atomicUser = 0;
int pkCallbacks = 0;
int overrideDateErrors = 0;
char* cipherList = NULL;
2014-05-29 04:36:21 +04:00
const char* verifyCert = caCert;
const char* ourCert = cliCert;
const char* ourKey = cliKey;
2013-05-22 01:37:50 +04:00
#ifdef HAVE_SNI
char* sniHostName = NULL;
#endif
#ifdef HAVE_MAX_FRAGMENT
byte maxFragment = 0;
#endif
#ifdef HAVE_TRUNCATED_HMAC
byte truncatedHMAC = 0;
#endif
2013-05-22 01:37:50 +04:00
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
#endif
2011-02-05 22:14:47 +03:00
int argc = ((func_args*)args)->argc;
char** argv = ((func_args*)args)->argv;
((func_args*)args)->return_code = -1; /* error state */
#ifdef NO_RSA
verifyCert = (char*)eccCert;
ourCert = (char*)cliEccCert;
ourKey = (char*)cliEccKey;
#endif
(void)resumeSz;
(void)session;
(void)sslResume;
(void)trackMemory;
2013-08-10 04:27:15 +04:00
(void)atomicUser;
(void)pkCallbacks;
(void)scr;
(void)forceScr;
StackTrap();
while ((ch = mygetopt(argc, argv,
"?gdDusmNrRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
switch (ch) {
case '?' :
Usage();
exit(EXIT_SUCCESS);
case 'g' :
sendGET = 1;
break;
case 'd' :
doPeerCheck = 0;
break;
case 'D' :
overrideDateErrors = 1;
break;
case 'u' :
doDTLS = 1;
break;
case 's' :
usePsk = 1;
break;
case 't' :
2015-01-06 00:48:43 +03:00
#ifdef USE_WOLFSSL_MEMORY
trackMemory = 1;
#endif
break;
case 'm' :
matchName = 1;
break;
case 'x' :
useClientCert = 0;
break;
case 'f' :
fewerPackets = 1;
break;
2013-08-10 04:27:15 +04:00
case 'U' :
#ifdef ATOMIC_USER
atomicUser = 1;
#endif
break;
case 'P' :
#ifdef HAVE_PK_CALLBACKS
pkCallbacks = 1;
#endif
break;
case 'h' :
host = myoptarg;
domain = myoptarg;
break;
case 'p' :
port = (word16)atoi(myoptarg);
#if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API)
if (port == 0)
err_sys("port number cannot be 0");
#endif
break;
case 'v' :
version = atoi(myoptarg);
if (version < 0 || version > 3) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'l' :
cipherList = myoptarg;
break;
case 'A' :
verifyCert = myoptarg;
break;
case 'c' :
ourCert = myoptarg;
break;
case 'k' :
ourKey = myoptarg;
break;
case 'b' :
benchmark = atoi(myoptarg);
if (benchmark < 0 || benchmark > 1000000) {
Usage();
exit(MY_EX_USAGE);
}
break;
case 'N' :
nonBlocking = 1;
break;
case 'r' :
resumeSession = 1;
break;
case 'R' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
#endif
break;
case 'i' :
#ifdef HAVE_SECURE_RENEGOTIATION
scr = 1;
forceScr = 1;
#endif
break;
case 'z' :
2015-01-06 00:48:43 +03:00
#ifndef WOLFSSL_LEANPSK
wolfSSL_GetObjectSize();
#endif
break;
2013-05-22 01:37:50 +04:00
case 'S' :
#ifdef HAVE_SNI
sniHostName = myoptarg;
#endif
break;
case 'L' :
#ifdef HAVE_MAX_FRAGMENT
maxFragment = atoi(myoptarg);
2015-01-06 00:48:43 +03:00
if (maxFragment < WOLFSSL_MFL_2_9 ||
maxFragment > WOLFSSL_MFL_2_13) {
Usage();
exit(MY_EX_USAGE);
}
#endif
break;
case 'T' :
#ifdef HAVE_TRUNCATED_HMAC
truncatedHMAC = 1;
#endif
break;
case 'o' :
#ifdef HAVE_OCSP
useOcsp = 1;
#endif
break;
case 'O' :
#ifdef HAVE_OCSP
useOcsp = 1;
ocspUrl = myoptarg;
#endif
break;
case 'a' :
#ifdef HAVE_ANON
useAnon = 1;
#endif
break;
default:
Usage();
exit(MY_EX_USAGE);
}
}
myoptind = 0; /* reset for test cases */
/* sort out DTLS versus TLS versions */
if (version == CLIENT_INVALID_VERSION) {
if (doDTLS)
version = CLIENT_DTLS_DEFAULT_VERSION;
else
version = CLIENT_DEFAULT_VERSION;
}
else {
if (doDTLS) {
if (version == 3)
version = -2;
else
version = -1;
}
}
2015-01-06 00:48:43 +03:00
#ifdef USE_WOLFSSL_MEMORY
if (trackMemory)
InitMemoryTracker();
#endif
switch (version) {
#ifndef NO_OLD_TLS
case 0:
2015-01-06 00:48:43 +03:00
method = wolfSSLv3_client_method();
break;
2013-05-19 05:02:13 +04:00
#ifndef NO_TLS
case 1:
2015-01-06 00:48:43 +03:00
method = wolfTLSv1_client_method();
break;
case 2:
2015-01-06 00:48:43 +03:00
method = wolfTLSv1_1_client_method();
break;
2013-05-19 05:02:13 +04:00
#endif /* NO_TLS */
#endif /* NO_OLD_TLS */
#ifndef NO_TLS
case 3:
2015-01-06 00:48:43 +03:00
method = wolfTLSv1_2_client_method();
break;
2013-05-19 05:02:13 +04:00
#endif
2015-01-06 00:48:43 +03:00
#ifdef WOLFSSL_DTLS
case -1:
2015-01-06 00:48:43 +03:00
method = wolfDTLSv1_client_method();
break;
case -2:
2015-01-06 00:48:43 +03:00
method = wolfDTLSv1_2_client_method();
break;
#endif
default:
err_sys("Bad SSL version");
2013-05-22 01:37:50 +04:00
break;
}
if (method == NULL)
err_sys("unable to get method");
2015-01-06 00:48:43 +03:00
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL)
err_sys("unable to get ctx");
if (cipherList)
2015-01-06 00:48:43 +03:00
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
2013-01-21 22:53:42 +04:00
err_sys("client can't set cipher list 1");
2011-02-05 22:14:47 +03:00
2015-01-06 00:48:43 +03:00
#ifdef WOLFSSL_LEANPSK
2012-10-30 23:51:14 +04:00
usePsk = 1;
#endif
2013-03-12 00:19:43 +04:00
#if defined(NO_RSA) && !defined(HAVE_ECC)
usePsk = 1;
#endif
if (fewerPackets)
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_set_group_messages(ctx);
2012-10-30 23:51:14 +04:00
if (usePsk) {
2011-02-05 22:14:47 +03:00
#ifndef NO_PSK
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
2012-10-30 23:51:14 +04:00
if (cipherList == NULL) {
const char *defaultCipherList;
#ifdef HAVE_NULL_CIPHER
defaultCipherList = "PSK-NULL-SHA256";
2012-10-30 23:51:14 +04:00
#else
2013-03-12 00:19:43 +04:00
defaultCipherList = "PSK-AES128-CBC-SHA256";
2012-10-30 23:51:14 +04:00
#endif
2015-01-06 00:48:43 +03:00
if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
2013-01-21 22:53:42 +04:00
err_sys("client can't set cipher list 2");
2012-10-30 23:51:14 +04:00
}
2011-02-05 22:14:47 +03:00
#endif
useClientCert = 0;
2012-10-30 23:51:14 +04:00
}
2011-02-05 22:14:47 +03:00
if (useAnon) {
#ifdef HAVE_ANON
if (cipherList == NULL) {
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_allow_anon_cipher(ctx);
if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS)
err_sys("client can't set cipher list 4");
}
#endif
useClientCert = 0;
}
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
2011-02-05 22:14:47 +03:00
#endif
2015-01-06 00:48:43 +03:00
#if defined(WOLFSSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
if (cipherList == NULL) {
2012-10-30 23:51:14 +04:00
/* don't use EDH, can't sniff tmp keys */
2015-01-06 00:48:43 +03:00
if (wolfSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
2013-01-21 22:53:42 +04:00
err_sys("client can't set cipher list 3");
2012-10-30 23:51:14 +04:00
}
}
#endif
#ifdef HAVE_OCSP
if (useOcsp) {
if (ocspUrl != NULL) {
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
| WOLFSSL_OCSP_URL_OVERRIDE);
}
else
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
}
#endif
2012-01-27 00:52:54 +04:00
#ifdef USER_CA_CB
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_SetCACb(ctx, CaCb);
2012-01-27 00:52:54 +04:00
#endif
2011-02-05 22:14:47 +03:00
#ifdef VERIFY_CALLBACK
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
2011-02-05 22:14:47 +03:00
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
if (useClientCert){
2015-01-06 00:48:43 +03:00
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
2012-10-30 02:39:42 +04:00
err_sys("can't load client cert file, check file and run from"
2015-01-06 00:48:43 +03:00
" wolfSSL home dir");
2011-02-05 22:14:47 +03:00
2015-01-06 00:48:43 +03:00
if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
2012-10-30 02:39:42 +04:00
!= SSL_SUCCESS)
err_sys("can't load client private key file, check file and run "
2015-01-06 00:48:43 +03:00
"from wolfSSL home dir");
}
if (!usePsk && !useAnon) {
2015-01-06 00:48:43 +03:00
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
err_sys("can't load ca file, Please run from wolfSSL home dir");
2012-10-30 02:39:42 +04:00
}
#endif
#if !defined(NO_CERTS)
if (!usePsk && !useAnon && doPeerCheck == 0)
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
if (!usePsk && !useAnon && overrideDateErrors == 1)
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
#endif
#ifdef HAVE_CAVIUM
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID);
#endif
2013-05-22 01:37:50 +04:00
#ifdef HAVE_SNI
if (sniHostName)
2015-01-06 00:48:43 +03:00
if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName))
!= SSL_SUCCESS)
2013-05-22 01:37:50 +04:00
err_sys("UseSNI failed");
#endif
#ifdef HAVE_MAX_FRAGMENT
if (maxFragment)
2015-01-06 00:48:43 +03:00
if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
err_sys("UseMaxFragment failed");
#endif
#ifdef HAVE_TRUNCATED_HMAC
if (truncatedHMAC)
2015-01-06 00:48:43 +03:00
if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
err_sys("UseTruncatedHMAC failed");
#endif
#ifdef HAVE_SESSION_TICKET
2015-01-06 00:48:43 +03:00
if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
err_sys("UseSessionTicket failed");
#endif
2013-05-22 01:37:50 +04:00
if (benchmark) {
2011-02-05 22:14:47 +03:00
/* time passed in number of connects give average */
int times = benchmark;
2011-02-05 22:14:47 +03:00
int i = 0;
double start = current_time(), avg;
for (i = 0; i < times; i++) {
tcp_connect(&sockfd, host, port, doDTLS);
2013-05-19 05:02:13 +04:00
2015-01-06 00:48:43 +03:00
ssl = wolfSSL_new(ctx);
wolfSSL_set_fd(ssl, sockfd);
if (wolfSSL_connect(ssl) != SSL_SUCCESS)
2011-02-05 22:14:47 +03:00
err_sys("SSL_connect failed");
2015-01-06 00:48:43 +03:00
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
2011-02-05 22:14:47 +03:00
CloseSocket(sockfd);
}
avg = current_time() - start;
avg /= times;
avg *= 1000; /* milliseconds */
2015-01-06 00:48:43 +03:00
printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg);
2011-02-05 22:14:47 +03:00
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_free(ctx);
2011-02-05 22:14:47 +03:00
((func_args*)args)->return_code = 0;
exit(EXIT_SUCCESS);
2011-02-05 22:14:47 +03:00
}
2013-05-19 05:02:13 +04:00
2015-01-06 00:48:43 +03:00
#if defined(WOLFSSL_MDK_ARM)
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
2013-05-19 05:02:13 +04:00
#endif
2015-01-06 00:48:43 +03:00
ssl = wolfSSL_new(ctx);
if (ssl == NULL)
err_sys("unable to get SSL object");
#ifdef HAVE_SESSION_TICKET
2015-01-06 00:48:43 +03:00
wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
#endif
if (doDTLS) {
SOCKADDR_IN_T addr;
build_addr(&addr, host, port, 1);
2015-01-06 00:48:43 +03:00
wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
2014-07-18 01:00:40 +04:00
#ifdef HAVE_POLY1305
/* use old poly to connect with google server */
if (!XSTRNCMP(domain, "www.google.com", 14)) {
2015-01-06 00:48:43 +03:00
if (wolfSSL_use_old_poly(ssl, 1) != 0)
2014-07-18 01:00:40 +04:00
err_sys("unable to set to old poly");
}
#endif
2015-01-06 00:48:43 +03:00
wolfSSL_set_fd(ssl, sockfd);
2012-05-17 04:04:56 +04:00
#ifdef HAVE_CRL
2015-01-06 00:48:43 +03:00
if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
err_sys("can't enable crl check");
2015-01-06 00:48:43 +03:00
if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
err_sys("can't load crl, check crlfile and date validity");
2015-01-06 00:48:43 +03:00
if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("can't set crl callback");
2013-08-10 04:27:15 +04:00
#endif
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr) {
2015-01-06 00:48:43 +03:00
if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS)
err_sys("can't enable secure renegotiation");
}
#endif
2013-08-10 04:27:15 +04:00
#ifdef ATOMIC_USER
if (atomicUser)
SetupAtomicUser(ctx, ssl);
#endif
#ifdef HAVE_PK_CALLBACKS
if (pkCallbacks)
SetupPkCallbacks(ctx, ssl);
2012-05-17 04:04:56 +04:00
#endif
if (matchName && doPeerCheck)
2015-01-06 00:48:43 +03:00
wolfSSL_check_domain_name(ssl, domain);
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
2015-01-06 00:48:43 +03:00
wolfSSL_set_using_nonblock(ssl, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(ssl);
}
2015-01-06 00:48:43 +03:00
else if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
/* see note at top of README */
2015-01-06 00:48:43 +03:00
int err = wolfSSL_get_error(ssl, 0);
char buffer[WOLFSSL_MAX_ERROR_SZ];
printf("err = %d, %s\n", err,
2015-01-06 00:48:43 +03:00
wolfSSL_ERR_error_string(err, buffer));
err_sys("SSL_connect failed");
/* if you're getting an error here */
}
2011-02-05 22:14:47 +03:00
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
2011-02-05 22:14:47 +03:00
#endif
showPeer(ssl);
#ifdef HAVE_SECURE_RENEGOTIATION
if (scr && forceScr) {
if (nonBlocking) {
printf("not doing secure renegotiation on example with"
" nonblocking yet");
2014-09-26 21:47:57 +04:00
} else {
#ifndef NO_SESSION_CACHE
if (resumeSession) {
2015-01-06 00:48:43 +03:00
session = wolfSSL_get_session(ssl);
wolfSSL_set_session(ssl, session);
2014-09-26 21:47:57 +04:00
resumeSession = 0; /* only resume once */
}
#endif
2015-01-06 00:48:43 +03:00
if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) {
int err = wolfSSL_get_error(ssl, 0);
char buffer[WOLFSSL_MAX_ERROR_SZ];
2014-09-26 21:47:57 +04:00
printf("err = %d, %s\n", err,
2015-01-06 00:48:43 +03:00
wolfSSL_ERR_error_string(err, buffer));
err_sys("wolfSSL_Rehandshake failed");
2014-09-26 21:47:57 +04:00
}
}
}
#endif /* HAVE_SECURE_RENEGOTIATION */
if (sendGET) {
2011-02-05 22:14:47 +03:00
printf("SSL connect ok, sending GET...\n");
msgSz = 28;
strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
2013-02-15 02:09:41 +04:00
msg[msgSz] = '\0';
2011-02-05 22:14:47 +03:00
}
2015-01-06 00:48:43 +03:00
if (wolfSSL_write(ssl, msg, msgSz) != msgSz)
2011-02-05 22:14:47 +03:00
err_sys("SSL_write failed");
2015-01-06 00:48:43 +03:00
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
2011-02-05 22:14:47 +03:00
if (input > 0) {
reply[input] = 0;
printf("Server response: %s\n", reply);
if (sendGET) { /* get html */
while (1) {
2015-01-06 00:48:43 +03:00
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("%s\n", reply);
}
else
break;
}
}
2011-02-05 22:14:47 +03:00
}
2012-12-29 05:54:19 +04:00
else if (input < 0) {
2015-01-06 00:48:43 +03:00
int readErr = wolfSSL_get_error(ssl, 0);
2012-12-29 05:54:19 +04:00
if (readErr != SSL_ERROR_WANT_READ)
2015-01-06 00:48:43 +03:00
err_sys("wolfSSL_read failed");
2012-12-29 05:54:19 +04:00
}
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
strncpy(msg, "break", 6);
msgSz = (int)strlen(msg);
/* try to send session close */
2015-01-06 00:48:43 +03:00
wolfSSL_write(ssl, msg, msgSz);
}
2015-01-06 00:48:43 +03:00
session = wolfSSL_get_session(ssl);
sslResume = wolfSSL_new(ctx);
}
#endif
2011-02-05 22:14:47 +03:00
2012-08-17 23:43:36 +04:00
if (doDTLS == 0) /* don't send alert after "break" command */
2015-01-06 00:48:43 +03:00
wolfSSL_shutdown(ssl); /* echoserver will interpret as new conn */
2013-08-10 04:27:15 +04:00
#ifdef ATOMIC_USER
if (atomicUser)
FreeAtomicUser(ssl);
#endif
2015-01-06 00:48:43 +03:00
wolfSSL_free(ssl);
2011-02-05 22:14:47 +03:00
CloseSocket(sockfd);
#ifndef NO_SESSION_CACHE
if (resumeSession) {
if (doDTLS) {
SOCKADDR_IN_T addr;
#ifdef USE_WINDOWS_API
Sleep(500);
2015-01-06 00:48:43 +03:00
#elif defined(WOLFSSL_TIRTOS)
2014-05-09 02:52:20 +04:00
Task_sleep(1);
#else
sleep(1);
#endif
build_addr(&addr, host, port, 1);
2015-01-06 00:48:43 +03:00
wolfSSL_dtls_set_peer(sslResume, &addr, sizeof(addr));
tcp_socket(&sockfd, 1);
}
else {
tcp_connect(&sockfd, host, port, 0);
}
2015-01-06 00:48:43 +03:00
wolfSSL_set_fd(sslResume, sockfd);
wolfSSL_set_session(sslResume, session);
#ifdef HAVE_SESSION_TICKET
2015-01-06 00:48:43 +03:00
wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,
(void*)"resumed session");
#endif
showPeer(sslResume);
2015-01-06 00:48:43 +03:00
#ifndef WOLFSSL_CALLBACKS
if (nonBlocking) {
2015-01-06 00:48:43 +03:00
wolfSSL_set_using_nonblock(sslResume, 1);
tcp_set_nonblocking(&sockfd);
NonBlockingSSL_Connect(sslResume);
}
2015-01-06 00:48:43 +03:00
else if (wolfSSL_connect(sslResume) != SSL_SUCCESS)
err_sys("SSL resume failed");
#else
timeout.tv_sec = 2;
timeout.tv_usec = 0;
NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */
#endif
2011-02-05 22:14:47 +03:00
2015-01-06 00:48:43 +03:00
if (wolfSSL_session_reused(sslResume))
printf("reused session id\n");
else
printf("didn't reuse session id!!!\n");
2015-01-06 00:48:43 +03:00
if (wolfSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
err_sys("SSL_write failed");
if (nonBlocking) {
/* give server a chance to bounce a message back to client */
#ifdef USE_WINDOWS_API
Sleep(500);
2015-01-06 00:48:43 +03:00
#elif defined(WOLFSSL_TIRTOS)
2014-05-09 02:52:20 +04:00
Task_sleep(1);
#else
sleep(1);
#endif
}
2015-01-06 00:48:43 +03:00
input = wolfSSL_read(sslResume, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = 0;
printf("Server resume response: %s\n", reply);
}
2011-02-05 22:14:47 +03:00
/* try to send session break */
2015-01-06 00:48:43 +03:00
wolfSSL_write(sslResume, msg, msgSz);
2011-02-05 22:14:47 +03:00
2015-01-06 00:48:43 +03:00
wolfSSL_shutdown(sslResume);
wolfSSL_free(sslResume);
2013-02-15 02:09:41 +04:00
CloseSocket(sockfd);
}
#endif /* NO_SESSION_CACHE */
2011-02-05 22:14:47 +03:00
2015-01-06 00:48:43 +03:00
wolfSSL_CTX_free(ctx);
2011-02-05 22:14:47 +03:00
((func_args*)args)->return_code = 0;
2015-01-06 00:48:43 +03:00
#ifdef USE_WOLFSSL_MEMORY
if (trackMemory)
ShowMemoryTracker();
2015-01-06 00:48:43 +03:00
#endif /* USE_WOLFSSL_MEMORY */
2015-01-06 00:48:43 +03:00
#if !defined(WOLFSSL_TIRTOS)
return 0;
2014-05-09 02:52:20 +04:00
#endif
2011-02-05 22:14:47 +03:00
}
/* so overall tests can pull in test function */
#ifndef NO_MAIN_DRIVER
int main(int argc, char** argv)
{
func_args args;
#ifdef HAVE_CAVIUM
int ret = OpenNitroxDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID);
if (ret != 0)
err_sys("Cavium OpenNitroxDevice failed");
#endif /* HAVE_CAVIUM */
2011-02-05 22:14:47 +03:00
StartTCP();
args.argc = argc;
args.argv = argv;
2015-01-06 00:48:43 +03:00
wolfSSL_Init();
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
wolfSSL_Debugging_ON();
2011-02-05 22:14:47 +03:00
#endif
2013-12-20 03:23:57 +04:00
if (CurrentDir("client"))
ChangeDirBack(2);
2013-12-20 03:23:57 +04:00
else if (CurrentDir("Debug") || CurrentDir("Release"))
ChangeDirBack(3);
#ifdef HAVE_STACK_SIZE
StackSizeCheck(&args, client_test);
#else
2011-02-05 22:14:47 +03:00
client_test(&args);
#endif
2015-01-06 00:48:43 +03:00
wolfSSL_Cleanup();
2011-02-05 22:14:47 +03:00
#ifdef HAVE_CAVIUM
CspShutdown(CAVIUM_DEV_ID);
#endif
2011-02-05 22:14:47 +03:00
return args.return_code;
}
int myoptind = 0;
char* myoptarg = NULL;
2011-02-05 22:14:47 +03:00
#endif /* NO_MAIN_DRIVER */
2015-01-06 00:48:43 +03:00
#ifdef WOLFSSL_CALLBACKS
2011-02-05 22:14:47 +03:00
int handShakeCB(HandShakeInfo* info)
{
(void)info;
2011-02-05 22:14:47 +03:00
return 0;
}
int timeoutCB(TimeoutInfo* info)
{
(void)info;
2011-02-05 22:14:47 +03:00
return 0;
}
#endif
#ifdef HAVE_SESSION_TICKET
2015-01-06 00:48:43 +03:00
int sessionTicketCB(WOLFSSL* ssl,
const unsigned char* ticket, int ticketSz,
void* ctx)
{
(void)ssl;
(void)ticket;
printf("Session Ticket CB: ticketSz = %d, ctx = %s\n",
ticketSz, (char*)ctx);
return 0;
}
#endif