diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-04-27 08:17:45 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-04-27 08:17:45 +0200 |
| commit | edc867eb3c13b09b037dc7c4b7670f3fc87856b0 (patch) | |
| tree | 57f5c7785d3418b07e3a659304d872155f5bdae4 | |
| parent | 2b5cf00c137c7d63c133f407d2a6f4cd5fdd5ee9 (diff) | |
| download | gnutls-edc867eb3c13b09b037dc7c4b7670f3fc87856b0.tar.gz | |
examples: introduced basic error checking in more examples
| -rw-r--r-- | doc/examples/ex-cert-select-pkcs11.c | 35 | ||||
| -rw-r--r-- | doc/examples/ex-cert-select.c | 64 | ||||
| -rw-r--r-- | doc/examples/ex-client-dtls.c | 37 | ||||
| -rw-r--r-- | doc/examples/ex-client-psk.c | 19 | ||||
| -rw-r--r-- | doc/examples/ex-serv-x509.c | 63 | ||||
| -rw-r--r-- | doc/examples/ex-verify-ssh.c | 26 |
6 files changed, 103 insertions, 141 deletions
diff --git a/doc/examples/ex-cert-select-pkcs11.c b/doc/examples/ex-cert-select-pkcs11.c index dd16676e22..c8a71126ff 100644 --- a/doc/examples/ex-cert-select-pkcs11.c +++ b/doc/examples/ex-cert-select-pkcs11.c @@ -14,6 +14,7 @@ #include <gnutls/gnutls.h> #include <gnutls/x509.h> #include <gnutls/pkcs11.h> +#include <assert.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> @@ -22,6 +23,8 @@ /* A TLS client that loads the certificate and key. */ +#define CHECK(x) assert((x)>=0) + #define MAX_BUF 1024 #define MSG "GET / HTTP/1.0\r\n\r\n" #define MIN(x,y) (((x)<(y))?(x):(y)) @@ -73,7 +76,6 @@ int main(void) { int ret, sd, ii; gnutls_session_t session; - gnutls_priority_t priorities_cache; char buffer[MAX_BUF + 1]; gnutls_certificate_credentials_t xcred; /* Allow connections to servers that have OpenPGP keys as well. @@ -85,37 +87,37 @@ int main(void) } /* for backwards compatibility with gnutls < 3.3.0 */ - gnutls_global_init(); + CHECK(gnutls_global_init()); /* The PKCS11 private key operations may require PIN. * Register a callback. */ gnutls_pkcs11_set_pin_function(pin_callback, NULL); /* X509 stuff */ - gnutls_certificate_allocate_credentials(&xcred); - - /* priorities */ - gnutls_priority_init(&priorities_cache, - "NORMAL", NULL); + CHECK(gnutls_certificate_allocate_credentials(&xcred)); /* sets the trusted cas file */ - gnutls_certificate_set_x509_trust_file(xcred, CAFILE, - GNUTLS_X509_FMT_PEM); + CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM)); + + CHECK(gnutls_certificate_set_x509_key_file(xcred, CERT_URL, KEY_URL, + GNUTLS_X509_FMT_DER)); + + /* Note that there is no server certificate verification in this example + */ - gnutls_certificate_set_x509_key_file(xcred, CERT_URL, KEY_URL, - GNUTLS_X509_FMT_DER); /* Initialize TLS session */ - gnutls_init(&session, GNUTLS_CLIENT); + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); /* Use default priorities */ - gnutls_priority_set(session, priorities_cache); + CHECK(gnutls_set_default_priority(session)); /* put the x509 credentials to the current session */ - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); /* connect to the peer */ @@ -139,7 +141,7 @@ int main(void) gnutls_free(desc); } - gnutls_record_send(session, MSG, strlen(MSG)); + CHECK(gnutls_record_send(session, MSG, strlen(MSG))); ret = gnutls_record_recv(session, buffer, MAX_BUF); if (ret == 0) { @@ -156,7 +158,7 @@ int main(void) } fputs("\n", stdout); - gnutls_bye(session, GNUTLS_SHUT_RDWR); + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); end: @@ -165,7 +167,6 @@ int main(void) gnutls_deinit(session); gnutls_certificate_free_credentials(xcred); - gnutls_priority_deinit(priorities_cache); gnutls_global_deinit(); diff --git a/doc/examples/ex-cert-select.c b/doc/examples/ex-cert-select.c index 4c15f0b4e3..9f84b67efd 100644 --- a/doc/examples/ex-cert-select.c +++ b/doc/examples/ex-cert-select.c @@ -11,6 +11,7 @@ #include <sys/socket.h> #include <arpa/inet.h> #include <unistd.h> +#include <assert.h> #include <gnutls/gnutls.h> #include <gnutls/x509.h> #include <gnutls/abstract.h> @@ -21,6 +22,8 @@ /* A TLS client that loads the certificate and key. */ +#define CHECK(x) assert((x)>=0) + #define MAX_BUF 1024 #define MSG "GET / HTTP/1.0\r\n\r\n" @@ -45,43 +48,22 @@ gnutls_privkey_t key; */ static void load_keys(void) { - int ret; gnutls_datum_t data; - ret = gnutls_load_file(CERT_FILE, &data); - if (ret < 0) { - fprintf(stderr, "*** Error loading certificate file.\n"); - exit(1); - } + CHECK(gnutls_load_file(CERT_FILE, &data)); - ret = - gnutls_pcert_import_x509_raw(&pcrt, &data, GNUTLS_X509_FMT_PEM, - 0); - if (ret < 0) { - fprintf(stderr, "*** Error loading certificate file: %s\n", - gnutls_strerror(ret)); - exit(1); - } + CHECK(gnutls_pcert_import_x509_raw(&pcrt, &data, + GNUTLS_X509_FMT_PEM, 0)); gnutls_free(data.data); - ret = gnutls_load_file(KEY_FILE, &data); - if (ret < 0) { - fprintf(stderr, "*** Error loading key file.\n"); - exit(1); - } + CHECK(gnutls_load_file(KEY_FILE, &data)); - gnutls_privkey_init(&key); - - ret = - gnutls_privkey_import_x509_raw(key, &data, GNUTLS_X509_FMT_PEM, - NULL, 0); - if (ret < 0) { - fprintf(stderr, "*** Error loading key file: %s\n", - gnutls_strerror(ret)); - exit(1); - } + CHECK(gnutls_privkey_init(&key)); + CHECK(gnutls_privkey_import_x509_raw(key, &data, + GNUTLS_X509_FMT_PEM, + NULL, 0)); gnutls_free(data.data); } @@ -89,7 +71,6 @@ int main(void) { int ret, sd, ii; gnutls_session_t session; - gnutls_priority_t priorities_cache; char buffer[MAX_BUF + 1]; gnutls_certificate_credentials_t xcred; @@ -99,34 +80,30 @@ int main(void) } /* for backwards compatibility with gnutls < 3.3.0 */ - gnutls_global_init(); + CHECK(gnutls_global_init()); load_keys(); /* X509 stuff */ - gnutls_certificate_allocate_credentials(&xcred); - - /* priorities */ - gnutls_priority_init(&priorities_cache, - "NORMAL", NULL); + CHECK(gnutls_certificate_allocate_credentials(&xcred)); /* sets the trusted cas file */ - gnutls_certificate_set_x509_trust_file(xcred, CAFILE, - GNUTLS_X509_FMT_PEM); + CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM)); gnutls_certificate_set_retrieve_function2(xcred, cert_callback); /* Initialize TLS session */ - gnutls_init(&session, GNUTLS_CLIENT); + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); /* Use default priorities */ - gnutls_priority_set(session, priorities_cache); + CHECK(gnutls_set_default_priority(session)); /* put the x509 credentials to the current session */ - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); /* connect to the peer */ @@ -150,7 +127,7 @@ int main(void) gnutls_free(desc); } - gnutls_record_send(session, MSG, strlen(MSG)); + CHECK(gnutls_record_send(session, MSG, strlen(MSG))); ret = gnutls_record_recv(session, buffer, MAX_BUF); if (ret == 0) { @@ -167,7 +144,7 @@ int main(void) } fputs("\n", stdout); - gnutls_bye(session, GNUTLS_SHUT_RDWR); + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); end: @@ -176,7 +153,6 @@ int main(void) gnutls_deinit(session); gnutls_certificate_free_credentials(xcred); - gnutls_priority_deinit(priorities_cache); gnutls_global_deinit(); diff --git a/doc/examples/ex-client-dtls.c b/doc/examples/ex-client-dtls.c index dea3b687f3..d154015395 100644 --- a/doc/examples/ex-client-dtls.c +++ b/doc/examples/ex-client-dtls.c @@ -10,6 +10,7 @@ #include <sys/types.h> #include <sys/socket.h> #include <arpa/inet.h> +#include <assert.h> #include <unistd.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -17,6 +18,8 @@ /* A very basic Datagram TLS client, over UDP with X.509 authentication. */ +#define CHECK(x) assert((x)>=0) + #define MAX_BUF 1024 #define CAFILE "/etc/ssl/certs/ca-certificates.crt" #define MSG "GET / HTTP/1.0\r\n\r\n" @@ -30,7 +33,6 @@ int main(void) int ret, sd, ii; gnutls_session_t session; char buffer[MAX_BUF + 1]; - const char *err; gnutls_certificate_credentials_t xcred; if (gnutls_check_version("3.1.4") == NULL) { @@ -39,34 +41,27 @@ int main(void) } /* for backwards compatibility with gnutls < 3.3.0 */ - gnutls_global_init(); + CHECK(gnutls_global_init()); /* X509 stuff */ - gnutls_certificate_allocate_credentials(&xcred); + CHECK(gnutls_certificate_allocate_credentials(&xcred)); /* sets the trusted cas file */ - gnutls_certificate_set_x509_trust_file(xcred, CAFILE, - GNUTLS_X509_FMT_PEM); - gnutls_certificate_set_verify_function(xcred, - verify_certificate_callback); + CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM)); /* Initialize TLS session */ - gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + CHECK(gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM)); /* Use default priorities */ - ret = gnutls_priority_set_direct(session, - "NORMAL", &err); - if (ret < 0) { - if (ret == GNUTLS_E_INVALID_REQUEST) { - fprintf(stderr, "Syntax error at: %s\n", err); - } - exit(1); - } + CHECK(gnutls_set_default_priority(session)); /* put the x509 credentials to the current session */ - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); - gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name", - strlen("my_host_name")); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); + CHECK(gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name", + strlen("my_host_name"))); + + gnutls_session_set_verify_cert(session, "my_host_name", 0); /* connect to the peer */ sd = udp_connect(); @@ -96,7 +91,7 @@ int main(void) gnutls_free(desc); } - gnutls_record_send(session, MSG, strlen(MSG)); + CHECK(gnutls_record_send(session, MSG, strlen(MSG))); ret = gnutls_record_recv(session, buffer, MAX_BUF); if (ret == 0) { @@ -120,7 +115,7 @@ int main(void) /* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS * connections because the peer's closure message might * be lost */ - gnutls_bye(session, GNUTLS_SHUT_WR); + CHECK(gnutls_bye(session, GNUTLS_SHUT_WR)); end: diff --git a/doc/examples/ex-client-psk.c b/doc/examples/ex-client-psk.c index 63a24a7247..5658cb0ce0 100644 --- a/doc/examples/ex-client-psk.c +++ b/doc/examples/ex-client-psk.c @@ -11,11 +11,14 @@ #include <sys/socket.h> #include <arpa/inet.h> #include <unistd.h> +#include <assert.h> #include <gnutls/gnutls.h> /* A very basic TLS client, with PSK authentication. */ +#define CHECK(x) assert((x)>=0) + #define MAX_BUF 1024 #define MSG "GET / HTTP/1.0\r\n\r\n" @@ -31,15 +34,15 @@ int main(void) gnutls_psk_client_credentials_t pskcred; const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; - gnutls_global_init(); + CHECK(gnutls_global_init()); - gnutls_psk_allocate_client_credentials(&pskcred); - gnutls_psk_set_client_credentials(pskcred, "test", &key, - GNUTLS_PSK_KEY_HEX); + CHECK(gnutls_psk_allocate_client_credentials(&pskcred)); + CHECK(gnutls_psk_set_client_credentials(pskcred, "test", &key, + GNUTLS_PSK_KEY_HEX)); /* Initialize TLS session */ - gnutls_init(&session, GNUTLS_CLIENT); + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); /* Use default priorities */ ret = @@ -55,7 +58,7 @@ int main(void) /* put the x509 credentials to the current session */ - gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred)); /* connect to the peer */ @@ -84,7 +87,7 @@ int main(void) gnutls_free(desc); } - gnutls_record_send(session, MSG, strlen(MSG)); + CHECK(gnutls_record_send(session, MSG, strlen(MSG))); ret = gnutls_record_recv(session, buffer, MAX_BUF); if (ret == 0) { @@ -105,7 +108,7 @@ int main(void) fputs("\n", stdout); } - gnutls_bye(session, GNUTLS_SHUT_RDWR); + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); end: diff --git a/doc/examples/ex-serv-x509.c b/doc/examples/ex-serv-x509.c index 69061e633c..da376037b9 100644 --- a/doc/examples/ex-serv-x509.c +++ b/doc/examples/ex-serv-x509.c @@ -14,12 +14,15 @@ #include <string.h> #include <unistd.h> #include <gnutls/gnutls.h> +#include <assert.h> #define KEYFILE "key.pem" #define CERTFILE "cert.pem" #define CAFILE "/etc/ssl/certs/ca-certificates.crt" #define CRLFILE "crl.pem" +#define CHECK(x) assert((x)>=0) + /* The OCSP status file contains up to date information about revocation * of the server's certificate. That can be periodically be updated * using: @@ -41,14 +44,14 @@ static gnutls_dh_params_t dh_params; static int generate_dh_params(void) { unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, - GNUTLS_SEC_PARAM_LEGACY); + GNUTLS_SEC_PARAM_MEDIUM); /* Generate Diffie-Hellman parameters - for use with DHE * kx algorithms. When short bit length is used, it might * be wise to regenerate parameters often. */ - gnutls_dh_params_init(&dh_params); - gnutls_dh_params_generate2(dh_params, bits); + CHECK(gnutls_dh_params_init(&dh_params)); + CHECK(gnutls_dh_params_generate2(dh_params, bits)); return 0; } @@ -68,35 +71,29 @@ int main(void) int optval = 1; /* for backwards compatibility with gnutls < 3.3.0 */ - gnutls_global_init(); - - gnutls_certificate_allocate_credentials(&x509_cred); - /* gnutls_certificate_set_x509_system_trust(xcred); */ - gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE, - GNUTLS_X509_FMT_PEM); - - gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE, - GNUTLS_X509_FMT_PEM); - - ret = - gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE, - KEYFILE, - GNUTLS_X509_FMT_PEM); - if (ret < 0) { - printf("No certificate or key were found\n"); - exit(1); - } + CHECK(gnutls_global_init()); + + CHECK(gnutls_certificate_allocate_credentials(&x509_cred)); + + CHECK(gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE, + GNUTLS_X509_FMT_PEM)); + + CHECK(gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE, + GNUTLS_X509_FMT_PEM)); + + CHECK(gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE, + KEYFILE, + GNUTLS_X509_FMT_PEM)); /* loads an OCSP status request if available */ - gnutls_certificate_set_ocsp_status_request_file(x509_cred, - OCSP_STATUS_FILE, - 0); + CHECK(gnutls_certificate_set_ocsp_status_request_file(x509_cred, + OCSP_STATUS_FILE, + 0)); generate_dh_params(); - gnutls_priority_init(&priority_cache, - "PERFORMANCE:%SERVER_PRECEDENCE", NULL); - + CHECK(gnutls_priority_init(&priority_cache, + "PERFORMANCE:%SERVER_PRECEDENCE", NULL)); gnutls_certificate_set_dh_params(x509_cred, dh_params); @@ -120,10 +117,10 @@ int main(void) client_len = sizeof(sa_cli); for (;;) { - gnutls_init(&session, GNUTLS_SERVER); - gnutls_priority_set(session, priority_cache); - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, - x509_cred); + CHECK(gnutls_init(&session, GNUTLS_SERVER)); + CHECK(gnutls_priority_set(session, priority_cache)); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + x509_cred)); /* We don't request any certificate from the client. * If we did we would need to verify it. One way of @@ -179,13 +176,13 @@ int main(void) } else if (ret > 0) { /* echo data back to the client */ - gnutls_record_send(session, buffer, ret); + CHECK(gnutls_record_send(session, buffer, ret)); } } printf("\n"); /* do not wait for the peer to close the connection. */ - gnutls_bye(session, GNUTLS_SHUT_WR); + CHECK(gnutls_bye(session, GNUTLS_SHUT_WR)); close(sd); gnutls_deinit(session); diff --git a/doc/examples/ex-verify-ssh.c b/doc/examples/ex-verify-ssh.c index 1bc0bfae72..a2af8e57a7 100644 --- a/doc/examples/ex-verify-ssh.c +++ b/doc/examples/ex-verify-ssh.c @@ -9,8 +9,11 @@ #include <string.h> #include <gnutls/gnutls.h> #include <gnutls/x509.h> +#include <assert.h> #include "examples.h" +#define CHECK(x) assert((x)>=0) + /* This function will verify the peer's certificate, check * if the hostname matches. In addition it will perform an * SSH-style authentication, where ultimately trusted keys @@ -31,22 +34,12 @@ int _ssh_verify_certificate_callback(gnutls_session_t session) /* This verification function uses the trusted CAs in the credentials * structure. So you must have installed one or more CA certificates. */ - ret = gnutls_certificate_verify_peers3(session, hostname, &status); - if (ret < 0) { - printf("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } + CHECK(gnutls_certificate_verify_peers3(session, hostname, &status)); type = gnutls_certificate_type_get(session); - ret = - gnutls_certificate_verification_status_print(status, type, - &out, 0); - if (ret < 0) { - printf("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - + CHECK(gnutls_certificate_verification_status_print(status, + type, &out, 0)); printf("%s", out.data); gnutls_free(out.data); @@ -98,11 +91,8 @@ int _ssh_verify_certificate_callback(gnutls_session_t session) /* user trusts the key -> store it */ if (ret != 0) { - ret = gnutls_store_pubkey(NULL, NULL, hostname, "https", - type, &cert_list[0], 0, 0); - if (ret < 0) - printf("gnutls_store_pubkey: %s\n", - gnutls_strerror(ret)); + CHECK(gnutls_store_pubkey(NULL, NULL, hostname, "https", + type, &cert_list[0], 0, 0)); } /* notify gnutls to continue handshake normally */ |