Context Navigation

cert_app.c @ 1159

Visit:

Revision 1159, 10.0 KB checked in by paul, 5 months ago (diff)
Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it. As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules. Programs and tests were adapted accordingly

Line
1	/*
2	* Certificate reading application
3	*
4	* Copyright (C) 2006-2011, Brainspark B.V.
5	*
6	* This file is part of PolarSSL (http://www.polarssl.org)
7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8	*
9	* All rights reserved.
10	*
11	* This program is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 2 of the License, or
14	* (at your option) any later version.
15	*
16	* This program is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License along
22	* with this program; if not, write to the Free Software Foundation, Inc.,
23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24	*/
25
26	#ifndef _CRT_SECURE_NO_DEPRECATE
27	#define _CRT_SECURE_NO_DEPRECATE 1
28	#endif
29
30	#include <string.h>
31	#include <stdlib.h>
32	#include <stdio.h>
33
34	#include "polarssl/config.h"
35
36	#include "polarssl/entropy.h"
37	#include "polarssl/ctr_drbg.h"
38	#include "polarssl/net.h"
39	#include "polarssl/ssl.h"
40	#include "polarssl/x509.h"
41
42	#define MODE_NONE 0
43	#define MODE_FILE 1
44	#define MODE_SSL 2
45
46	#define DFL_MODE MODE_NONE
47	#define DFL_FILENAME "cert.crt"
48	#define DFL_SERVER_NAME "localhost"
49	#define DFL_SERVER_PORT 4433
50	#define DFL_DEBUG_LEVEL 0
51	#define DFL_PERMISSIVE 0
52
53	/*
54	* global options
55	*/
56	struct options
57	{
58	int mode; /* the mode to run the application in */
59	char filename; / filename of the certificate file */
60	char server_name; / hostname of the server (client only) */
61	int server_port; /* port on which the ssl service runs */
62	int debug_level; /* level of debugging */
63	int permissive; /* permissive parsing */
64	} opt;
65
66	void my_debug( void ctx, int level, const char str )
67	{
68	if( level < opt.debug_level )
69	{
70	fprintf( (FILE *) ctx, "%s", str );
71	fflush( (FILE *) ctx );
72	}
73	}
74
75	#define USAGE \
76	"\n usage: cert_app param=<>...\n" \
77	"\n acceptable parameters:\n" \
78	" mode=file\|ssl default: none\n" \
79	" filename=%%s default: cert.crt\n" \
80	" server_name=%%s default: localhost\n" \
81	" server_port=%%d default: 4433\n" \
82	" debug_level=%%d default: 0 (disabled)\n" \
83	" permissive=%%d default: 0 (disabled)\n" \
84	"\n"
85
86	#if !defined(POLARSSL_BIGNUM_C) \|\| !defined(POLARSSL_ENTROPY_C) \|\| \
87	!defined(POLARSSL_SSL_TLS_C) \|\| !defined(POLARSSL_SSL_CLI_C) \|\| \
88	!defined(POLARSSL_NET_C) \|\| !defined(POLARSSL_RSA_C) \|\| \
89	!defined(POLARSSL_X509_PARSE_C) \|\| !defined(POLARSSL_FS_IO) \|\| \
90	!defined(POLARSSL_CTR_DRBG_C)
91	int main( int argc, char *argv[] )
92	{
93	((void) argc);
94	((void) argv);
95
96	printf("POLARSSL_BIGNUM_C and/or POLARSSL_ENTROPY_C and/or "
97	"POLARSSL_SSL_TLS_C and/or POLARSSL_SSL_CLI_C and/or "
98	"POLARSSL_NET_C and/or POLARSSL_RSA_C and/or "
99	"POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or "
100	"POLARSSL_CTR_DRBG_C not defined.\n");
101	return( 0 );
102	}
103	#else
104	int main( int argc, char *argv[] )
105	{
106	int ret = 0, server_fd;
107	unsigned char buf[1024];
108	entropy_context entropy;
109	ctr_drbg_context ctr_drbg;
110	ssl_context ssl;
111	ssl_session ssn;
112	x509_cert clicert;
113	rsa_context rsa;
114	int i, j, n;
115	char p, q;
116	char *pers = "cert_app";
117
118	/*
119	* Set to sane values
120	*/
121	server_fd = 0;
122	memset( &ssl, 0, sizeof( ssl_context ) );
123	memset( &ssn, 0, sizeof( ssl_session ) );
124	memset( &clicert, 0, sizeof( x509_cert ) );
125	memset( &rsa, 0, sizeof( rsa_context ) );
126
127	if( argc == 0 )
128	{
129	usage:
130	printf( USAGE );
131	goto exit;
132	}
133
134	opt.mode = DFL_MODE;
135	opt.filename = DFL_FILENAME;
136	opt.server_name = DFL_SERVER_NAME;
137	opt.server_port = DFL_SERVER_PORT;
138	opt.debug_level = DFL_DEBUG_LEVEL;
139	opt.permissive = DFL_PERMISSIVE;
140
141	for( i = 1; i < argc; i++ )
142	{
143	n = strlen( argv[i] );
144
145	for( j = 0; j < n; j++ )
146	{
147	if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
148	argv[i][j] \|= 0x20;
149	}
150
151	p = argv[i];
152	if( ( q = strchr( p, '=' ) ) == NULL )
153	goto usage;
154	*q++ = '\0';
155
156	if( strcmp( p, "mode" ) == 0 )
157	{
158	if( strcmp( q, "file" ) == 0 )
159	opt.mode = MODE_FILE;
160	else if( strcmp( q, "ssl" ) == 0 )
161	opt.mode = MODE_SSL;
162	else
163	goto usage;
164	}
165	else if( strcmp( p, "filename" ) == 0 )
166	opt.filename = q;
167	else if( strcmp( p, "server_name" ) == 0 )
168	opt.server_name = q;
169	else if( strcmp( p, "server_port" ) == 0 )
170	{
171	opt.server_port = atoi( q );
172	if( opt.server_port < 1 \|\| opt.server_port > 65535 )
173	goto usage;
174	}
175	else if( strcmp( p, "debug_level" ) == 0 )
176	{
177	opt.debug_level = atoi( q );
178	if( opt.debug_level < 0 \|\| opt.debug_level > 65535 )
179	goto usage;
180	}
181	else if( strcmp( p, "permissive" ) == 0 )
182	{
183	opt.permissive = atoi( q );
184	if( opt.permissive < 0 \|\| opt.permissive > 1 )
185	goto usage;
186	}
187	else
188	goto usage;
189	}
190
191	if( opt.mode == MODE_FILE )
192	{
193	x509_cert crt;
194	x509_cert *cur = &crt;
195	memset( &crt, 0, sizeof( x509_cert ) );
196
197	/*
198	* 1.1. Load the certificate(s)
199	*/
200	printf( "\n . Loading the certificate(s) ..." );
201	fflush( stdout );
202
203	ret = x509parse_crtfile( &crt, opt.filename );
204
205	if( ret < 0 )
206	{
207	printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
208	x509_free( &crt );
209	goto exit;
210	}
211
212	if( opt.permissive == 0 && ret > 0 )
213	{
214	printf( " failed\n ! x509parse_crt failed to parse %d certificates\n\n", ret );
215	x509_free( &crt );
216	goto exit;
217	}
218
219	printf( " ok\n" );
220
221
222	/*
223	* 1.2 Print the certificate(s)
224	*/
225	while( cur != NULL )
226	{
227	printf( " . Peer certificate information ...\n" );
228	ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", cur );
229	if( ret == -1 )
230	{
231	printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
232	x509_free( &crt );
233	goto exit;
234	}
235
236	printf( "%s\n", buf );
237
238	cur = cur->next;
239	}
240
241	x509_free( &crt );
242	}
243	else if( opt.mode == MODE_SSL )
244	{
245	/*
246	* 1. Initialize the RNG and the session data
247	*/
248	printf( "\n . Seeding the random number generator..." );
249	fflush( stdout );
250
251	entropy_init( &entropy );
252	if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
253	(unsigned char *) pers, strlen( pers ) ) ) != 0 )
254	{
255	printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
256	goto exit;
257	}
258
259	/*
260	* 2. Start the connection
261	*/
262	printf( " . SSL connection to tcp/%s/%-4d...", opt.server_name,
263	opt.server_port );
264	fflush( stdout );
265
266	if( ( ret = net_connect( &server_fd, opt.server_name,
267	opt.server_port ) ) != 0 )
268	{
269	printf( " failed\n ! net_connect returned %d\n\n", ret );
270	goto exit;
271	}
272
273	/*
274	* 3. Setup stuff
275	*/
276	if( ( ret = ssl_init( &ssl ) ) != 0 )
277	{
278	printf( " failed\n ! ssl_init returned %d\n\n", ret );
279	goto exit;
280	}
281
282	ssl_set_endpoint( &ssl, SSL_IS_CLIENT );
283	ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
284
285	ssl_set_rng( &ssl, ctr_drbg_random, &ctr_drbg );
286	ssl_set_dbg( &ssl, my_debug, stdout );
287	ssl_set_bio( &ssl, net_recv, &server_fd,
288	net_send, &server_fd );
289
290	ssl_set_ciphersuites( &ssl, ssl_default_ciphersuites );
291	ssl_set_session( &ssl, 1, 600, &ssn );
292
293	ssl_set_own_cert( &ssl, &clicert, &rsa );
294
295	ssl_set_hostname( &ssl, opt.server_name );
296
297	/*
298	* 4. Handshake
299	*/
300	while( ( ret = ssl_handshake( &ssl ) ) != 0 )
301	{
302	if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
303	{
304	printf( " failed\n ! ssl_handshake returned %d\n\n", ret );
305	goto exit;
306	}
307	}
308
309	printf( " ok\n" );
310
311	/*
312	* 5. Print the certificate
313	*/
314	printf( " . Peer certificate information ...\n" );
315	ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.peer_cert );
316	if( ret == -1 )
317	{
318	printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
319	goto exit;
320	}
321
322	printf( "%s\n", buf );
323
324	ssl_close_notify( &ssl );
325	}
326	else
327	goto usage;
328
329	exit:
330
331	if( server_fd )
332	net_close( server_fd );
333	x509_free( &clicert );
334	rsa_free( &rsa );
335	ssl_free( &ssl );
336
337	memset( &ssl, 0, sizeof( ssl ) );
338
339	#if defined(_WIN32)
340	printf( " + Press Enter to exit this program.\n" );
341	fflush( stdout ); getchar();
342	#endif
343
344	return( ret );
345	}
346	#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
347	POLARSSL_SSL_CLI_C && POLARSSL_NET_C && POLARSSL_RSA_C &&
348	POLARSSL_X509_PARSE_C && POLARSSL_FS_IO && POLARSSL_CTR_DRBG_C */

Note: See TracBrowser for help on using the repository browser.

PolarSSL

Cryptography and SSL made easy

Context Navigation

source: trunk/programs/x509/cert_app.c @ 1159

Download in other formats:

What are you looking for?

Main links

Community links

Documentation

Block cipher sources

Hash sources