diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-02-14 09:25:16 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-02-14 09:25:16 +0000 |
| commit | 7090442dcc8aca0c18fb29e1a591dcbf74493eb2 (patch) | |
| tree | 141cd44dcf80faaffd7ca2b4799b5c02b84827c1 | |
| parent | 2dccf41aa0a5fd9c3ac85c16eab21dc912011313 (diff) | |
| download | gnutls-7090442dcc8aca0c18fb29e1a591dcbf74493eb2.tar.gz | |
Updated client
| -rw-r--r-- | src/cli-gaa.c | 89 | ||||
| -rw-r--r-- | src/cli-gaa.h | 30 | ||||
| -rw-r--r-- | src/cli.c | 468 | ||||
| -rw-r--r-- | src/cli.gaa | 10 | ||||
| -rw-r--r-- | src/common.c | 7 |
5 files changed, 334 insertions, 270 deletions
diff --git a/src/cli-gaa.c b/src/cli-gaa.c index f7bcabed09..4b9a8af892 100644 --- a/src/cli-gaa.c +++ b/src/cli-gaa.c @@ -102,10 +102,9 @@ void __gaa_helpsingle(char short_name, char *name, void gaa_help() { - printf("cli help\nUsage: cli [options]""\n"); + printf("cli help\nUsage: cli [options] hostname""\n"); __gaa_helpsingle('r', "resume", "", "Connect, establish a session. Connect again and resume this session."); __gaa_helpsingle('p', "port", """integer"" ", "The port to connect to."); - __gaa_helpsingle(0, "host", """hostname"" ", "The host to connect to."); __gaa_helpsingle(0, "ciphers", """cipher1 cipher2..."" ", "Ciphers to enable."); __gaa_helpsingle(0, "protocols", """protocol1 protocol2..."" ", "Protocols to enable."); __gaa_helpsingle(0, "comp", """comp1 comp2..."" ", "Compression methods to enable."); @@ -128,32 +127,34 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 33 "cli.gaa" +#line 39 "cli.gaa" + char **rest_args; +#line 38 "cli.gaa" + int nrest_args; +#line 31 "cli.gaa" char **ctype; -#line 32 "cli.gaa" +#line 30 "cli.gaa" int nctype; -#line 29 "cli.gaa" +#line 27 "cli.gaa" char **kx; -#line 28 "cli.gaa" +#line 26 "cli.gaa" int nkx; -#line 25 "cli.gaa" +#line 23 "cli.gaa" char **macs; -#line 24 "cli.gaa" +#line 22 "cli.gaa" int nmacs; -#line 21 "cli.gaa" +#line 19 "cli.gaa" char **comp; -#line 20 "cli.gaa" +#line 18 "cli.gaa" int ncomp; -#line 17 "cli.gaa" +#line 15 "cli.gaa" char **proto; -#line 16 "cli.gaa" +#line 14 "cli.gaa" int nproto; -#line 13 "cli.gaa" +#line 11 "cli.gaa" char **ciphers; -#line 12 "cli.gaa" +#line 10 "cli.gaa" int nciphers; -#line 9 "cli.gaa" - char *hostname; #line 6 "cli.gaa" int port; #line 3 "cli.gaa" @@ -212,7 +213,7 @@ int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 11 +#define GAA_NB_OPTION 10 #define GAAOPTID_help 1 #define GAAOPTID_list 2 #define GAAOPTID_certtype 3 @@ -221,9 +222,8 @@ int gaa_error = 0; #define GAAOPTID_comp 6 #define GAAOPTID_protocols 7 #define GAAOPTID_ciphers 8 -#define GAAOPTID_host 9 -#define GAAOPTID_port 10 -#define GAAOPTID_resume 11 +#define GAAOPTID_port 9 +#define GAAOPTID_resume 10 #line 168 "gaa.skel" @@ -442,15 +442,16 @@ struct GAAOPTION_ciphers int size1; }; -struct GAAOPTION_host +struct GAAOPTION_port { - char* arg1; + int arg1; int size1; }; +#define GAA_REST_EXISTS -struct GAAOPTION_port +struct GAAREST { - int arg1; + char** arg1; int size1; }; @@ -489,7 +490,6 @@ int gaa_get_option_num(char *str, int status) GAA_CHECK1STR("", GAAOPTID_comp); GAA_CHECK1STR("", GAAOPTID_protocols); GAA_CHECK1STR("", GAAOPTID_ciphers); - GAA_CHECK1STR("", GAAOPTID_host); GAA_CHECK1STR("p", GAAOPTID_port); case GAA_MULTIPLE_OPTION: #line 375 "gaa.skel" @@ -508,7 +508,6 @@ int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("comp", GAAOPTID_comp); GAA_CHECKSTR("protocols", GAAOPTID_protocols); GAA_CHECKSTR("ciphers", GAAOPTID_ciphers); - GAA_CHECKSTR("host", GAAOPTID_host); GAA_CHECKSTR("port", GAAOPTID_port); GAA_CHECKSTR("resume", GAAOPTID_resume); @@ -529,7 +528,6 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) struct GAAOPTION_comp GAATMP_comp; struct GAAOPTION_protocols GAATMP_protocols; struct GAAOPTION_ciphers GAATMP_ciphers; - struct GAAOPTION_host GAATMP_host; struct GAAOPTION_port GAATMP_port; #line 393 "gaa.skel" @@ -553,14 +551,14 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_help: OK = 0; -#line 38 "cli.gaa" +#line 36 "cli.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_list: OK = 0; -#line 37 "cli.gaa" +#line 35 "cli.gaa" { print_list(); exit(0); ;}; return GAA_OK; @@ -568,7 +566,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_certtype: OK = 0; GAA_LIST_FILL(GAATMP_certtype.arg1, gaa_getstr, char*, GAATMP_certtype.size1); -#line 34 "cli.gaa" +#line 32 "cli.gaa" { gaaval->ctype = GAATMP_certtype.arg1; gaaval->nctype = GAATMP_certtype.size1 ;}; return GAA_OK; @@ -576,7 +574,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_kx: OK = 0; GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1); -#line 30 "cli.gaa" +#line 28 "cli.gaa" { gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;}; return GAA_OK; @@ -584,7 +582,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_macs: OK = 0; GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1); -#line 26 "cli.gaa" +#line 24 "cli.gaa" { gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;}; return GAA_OK; @@ -592,7 +590,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_comp: OK = 0; GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1); -#line 22 "cli.gaa" +#line 20 "cli.gaa" { gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;}; return GAA_OK; @@ -600,7 +598,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_protocols: OK = 0; GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1); -#line 18 "cli.gaa" +#line 16 "cli.gaa" { gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;}; return GAA_OK; @@ -608,21 +606,11 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ciphers: OK = 0; GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1); -#line 14 "cli.gaa" +#line 12 "cli.gaa" { gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;}; return GAA_OK; break; - case GAAOPTID_host: - OK = 0; - GAA_TESTMOREARGS; - GAA_FILL(GAATMP_host.arg1, gaa_getstr, GAATMP_host.size1); - gaa_index++; -#line 10 "cli.gaa" -{ gaaval->hostname = GAATMP_host.arg1 ;}; - - return GAA_OK; - break; case GAAOPTID_port: OK = 0; GAA_TESTMOREARGS; @@ -640,6 +628,13 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) return GAA_OK; break; + case GAA_REST: + GAA_OPTIONALLIST_FILL(GAAREST_tmp.arg1, gaa_getstr, char*, GAAREST_tmp.size1); +#line 40 "cli.gaa" +{ gaaval->rest_args = GAAREST_tmp.arg1; gaaval->nrest_args = GAAREST_tmp.size1 ;}; + + return GAA_OK; + break; #line 413 "gaa.skel" default: break; @@ -663,8 +658,8 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 40 "cli.gaa" -{ gaaval->resume=0; gaaval->port=5556; gaaval->hostname="localhost"; gaaval->ciphers=NULL; +#line 42 "cli.gaa" +{ gaaval->resume=0; gaaval->port=5556; gaaval->rest_args=NULL; gaaval->nrest_args=0; gaaval->ciphers=NULL; gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0; gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; ;}; diff --git a/src/cli-gaa.h b/src/cli-gaa.h index 139666c1f7..8b2e858a77 100644 --- a/src/cli-gaa.h +++ b/src/cli-gaa.h @@ -8,32 +8,34 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 33 "cli.gaa" +#line 39 "cli.gaa" + char **rest_args; +#line 38 "cli.gaa" + int nrest_args; +#line 31 "cli.gaa" char **ctype; -#line 32 "cli.gaa" +#line 30 "cli.gaa" int nctype; -#line 29 "cli.gaa" +#line 27 "cli.gaa" char **kx; -#line 28 "cli.gaa" +#line 26 "cli.gaa" int nkx; -#line 25 "cli.gaa" +#line 23 "cli.gaa" char **macs; -#line 24 "cli.gaa" +#line 22 "cli.gaa" int nmacs; -#line 21 "cli.gaa" +#line 19 "cli.gaa" char **comp; -#line 20 "cli.gaa" +#line 18 "cli.gaa" int ncomp; -#line 17 "cli.gaa" +#line 15 "cli.gaa" char **proto; -#line 16 "cli.gaa" +#line 14 "cli.gaa" int nproto; -#line 13 "cli.gaa" +#line 11 "cli.gaa" char **ciphers; -#line 12 "cli.gaa" +#line 10 "cli.gaa" int nciphers; -#line 9 "cli.gaa" - char *hostname; #line 6 "cli.gaa" int port; #line 3 "cli.gaa" @@ -48,12 +48,16 @@ /* global stuff here */ int resume; -char* hostname; +char *hostname=NULL; int port; int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; -int kx_priority[16] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH, 0 }; -int cipher_priority[16] = { GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; +int kx_priority[16] = + { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, +GNUTLS_KX_ANON_DH, 0 }; +int cipher_priority[16] = + { GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC, +GNUTLS_CIPHER_ARCFOUR, 0 }; int comp_priority[16] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; int mac_priority[16] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; int cert_type_priority[16] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; @@ -73,49 +77,51 @@ int cert_type_priority[16] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; #define CLICERTFILE_PGP "openpgp/cli_pub.asc" #define CLIRINGFILE_PGP "openpgp/cli_ring.gpg" -static int cert_callback( GNUTLS_STATE state, const gnutls_datum *client_certs, int ncerts, const gnutls_datum* req_ca_cert, int nreqs) { +static int cert_callback(GNUTLS_STATE state, + const gnutls_datum * client_certs, int ncerts, + const gnutls_datum * req_ca_cert, int nreqs) +{ - if (client_certs==NULL) { - return 0; /* means the we will only be called again - * if the library cannot determine which - * certificate to send - */ + if (client_certs == NULL) { + return 0; /* means the we will only be called again + * if the library cannot determine which + * certificate to send + */ } - #if 0 /* here we should prompt the user and ask him * which certificate to choose. Too bored to * implement that. --nmav */ - for (i=0;i<ncerts;i++){ + for (i = 0; i < ncerts; i++) { fprintf(stderr, "%s.", client_cert->common_name); fprintf(stderr, "%s\n", issuer_cert->common_name); } - for (i=0;i<nreqs;i++){ + for (i = 0; i < nreqs; i++) { fprintf(stderr, "%s.", req_ca_cert->common_name); } fprintf(stderr, "\n"); return 0; #endif - return -1; /* send no certificate to the peer */ + return -1; /* send no certificate to the peer */ } -static void gaa_parser( int argc, char** argv); +static void gaa_parser(int argc, char **argv); -int main(int argc, char** argv) +int main(int argc, char **argv) { int err, ret; int sd, ii; struct sockaddr_in sa; GNUTLS_STATE state; - char buffer[MAX_BUF+1]; + char buffer[MAX_BUF + 1]; char *session; - char* session_id; + char *session_id; int session_size; int session_id_size; - char* tmp_session_id; + char *tmp_session_id; int tmp_session_id_size; fd_set rset; int maxfd; @@ -124,73 +130,84 @@ int main(int argc, char** argv) GNUTLS_SRP_CLIENT_CREDENTIALS cred; GNUTLS_ANON_CLIENT_CREDENTIALS anon_cred; GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS xcred; - struct hostent* server_host; - + struct hostent *server_host; + gaa_parser(argc, argv); - - signal( SIGPIPE, SIG_IGN); - + + signal(SIGPIPE, SIG_IGN); + if (gnutls_global_init() < 0) { fprintf(stderr, "global state initialization error\n"); exit(1); } + printf("Connecting to %s...\n", hostname); /* get server name */ - server_host = gethostbyname( hostname); - if (server_host==NULL) { + server_host = gethostbyname(hostname); + if (server_host == NULL) { fprintf(stderr, "Cannot resolve %s\n", hostname); exit(1); } /* X509 stuff */ - if (gnutls_certificate_allocate_client_sc( &xcred) < 0) { /* space for 2 certificates */ + if (gnutls_certificate_allocate_client_sc(&xcred) < 0) { /* space for 2 certificates */ fprintf(stderr, "memory error\n"); exit(1); } - ret=gnutls_certificate_set_x509_trust_file( xcred, CAFILE, CRLFILE); + ret = + gnutls_certificate_set_x509_trust_file(xcred, CAFILE, CRLFILE); if (ret < 0) { fprintf(stderr, "Error setting the x509 trust file\n"); exit(1); } - - ret=gnutls_certificate_set_x509_key_file( xcred, CLICERTFILE1, CLIKEYFILE1); + + ret = + gnutls_certificate_set_x509_key_file(xcred, CLICERTFILE1, + CLIKEYFILE1); if (ret < 0) { fprintf(stderr, "Error setting the x509 key file\n"); exit(1); } - ret=gnutls_certificate_set_x509_key_file( xcred, CLICERTFILE2, CLIKEYFILE2); + ret = + gnutls_certificate_set_x509_key_file(xcred, CLICERTFILE2, + CLIKEYFILE2); if (ret < 0) { fprintf(stderr, "Error setting the x509 key file\n"); exit(1); } - ret=gnutls_certificate_set_openpgp_key_file( xcred, CLICERTFILE_PGP, CLIKEYFILE_PGP); + ret = + gnutls_certificate_set_openpgp_key_file(xcred, CLICERTFILE_PGP, + CLIKEYFILE_PGP); if (ret < 0) { fprintf(stderr, "Error setting the OpenPGP key file\n"); exit(1); } - ret=gnutls_certificate_set_openpgp_keyring_file( xcred, CLIRINGFILE_PGP); + ret = + gnutls_certificate_set_openpgp_keyring_file(xcred, + CLIRINGFILE_PGP); if (ret < 0) { - fprintf(stderr, "Error setting the OpenPGP keyring file\n"); + fprintf(stderr, + "Error setting the OpenPGP keyring file\n"); exit(1); } /* gnutls_certificate_client_callback_func( xcred, cert_callback); */ /* SRP stuff */ - if (gnutls_srp_allocate_client_sc( &cred)<0) { + if (gnutls_srp_allocate_client_sc(&cred) < 0) { fprintf(stderr, "memory error\n"); exit(1); } - gnutls_srp_set_client_cred( cred, "test", "test"); + gnutls_srp_set_client_cred(cred, "test", "test"); /* ANON stuff */ - if (gnutls_anon_allocate_client_sc( &anon_cred)<0) { + if (gnutls_anon_allocate_client_sc(&anon_cred) < 0) { fprintf(stderr, "memory error\n"); exit(1); } - + sd = socket(AF_INET, SOCK_STREAM, 0); ERR(sd, "socket"); @@ -198,111 +215,120 @@ int main(int argc, char** argv) sa.sin_family = AF_INET; sa.sin_port = htons(port); - sa.sin_addr.s_addr = *((unsigned int*)server_host->h_addr); + sa.sin_addr.s_addr = *((unsigned int *) server_host->h_addr); - inet_ntop( AF_INET, &sa.sin_addr, buffer, MAX_BUF); + inet_ntop(AF_INET, &sa.sin_addr, buffer, MAX_BUF); fprintf(stderr, "Connecting to '%s'...\n", buffer); - + err = connect(sd, (SA *) & sa, sizeof(sa)); ERR(err, "connect"); - if (resume!=0) { - gnutls_init(&state, GNUTLS_CLIENT); - - gnutls_cipher_set_priority(state, cipher_priority); - gnutls_compression_set_priority(state, comp_priority); - gnutls_kx_set_priority(state, kx_priority); - gnutls_protocol_set_priority( state, protocol_priority); - gnutls_mac_set_priority(state, mac_priority); - gnutls_cert_type_set_priority(state, cert_type_priority); + if (resume != 0) { + gnutls_init(&state, GNUTLS_CLIENT); + + gnutls_cipher_set_priority(state, cipher_priority); + gnutls_compression_set_priority(state, comp_priority); + gnutls_kx_set_priority(state, kx_priority); + gnutls_protocol_set_priority(state, protocol_priority); + gnutls_mac_set_priority(state, mac_priority); + gnutls_cert_type_set_priority(state, cert_type_priority); + + gnutls_dh_set_prime_bits(state, 1024); + + gnutls_cred_set(state, GNUTLS_CRD_ANON, anon_cred); + gnutls_cred_set(state, GNUTLS_CRD_SRP, cred); + gnutls_cred_set(state, GNUTLS_CRD_CERTIFICATE, xcred); - gnutls_dh_set_prime_bits( state, 1024); - - gnutls_cred_set( state, GNUTLS_CRD_ANON, anon_cred); - gnutls_cred_set( state, GNUTLS_CRD_SRP, cred); - gnutls_cred_set( state, GNUTLS_CRD_CERTIFICATE, xcred); + /* use the max record size extension */ + gnutls_record_set_max_size(state, 2048); - /* use the max record size extension */ - gnutls_record_set_max_size( state, 2048); - /* This TLS extension may break old implementations. */ - gnutls_transport_set_ptr( state, sd); - do { - ret = gnutls_handshake( state); - } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); - - if (ret < 0) { - if (ret==GNUTLS_E_WARNING_ALERT_RECEIVED || ret==GNUTLS_E_FATAL_ALERT_RECEIVED) - printf("*** Received alert [%d]\n", gnutls_alert_get_last(state)); + gnutls_transport_set_ptr(state, sd); + do { + ret = gnutls_handshake(state); + } while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); + + if (ret < 0) { + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) + printf("*** Received alert [%d]\n", + gnutls_alert_get_last(state)); + + fprintf(stderr, "*** Handshake has failed\n"); + gnutls_perror(ret); + gnutls_deinit(state); + return 1; + } else { + printf("- Handshake was completed\n"); + } - fprintf(stderr, "*** Handshake has failed\n"); - gnutls_perror(ret); - gnutls_deinit(state); - return 1; - } else { - printf("- Handshake was completed\n"); - } - - gnutls_session_get_data( state, NULL, &session_size); - session = malloc(session_size); - gnutls_session_get_data( state, session, &session_size); + gnutls_session_get_data(state, NULL, &session_size); + session = malloc(session_size); + gnutls_session_get_data(state, session, &session_size); - gnutls_session_get_id( state, NULL, &session_id_size); - session_id = malloc(session_id_size); - gnutls_session_get_id( state, session_id, &session_id_size); + gnutls_session_get_id(state, NULL, &session_id_size); + session_id = malloc(session_id_size); + gnutls_session_get_id(state, session_id, &session_id_size); /* print some information */ - print_info( state); + print_info(state); - printf("- Disconnecting\n"); - do { - ret = gnutls_bye( state, GNUTLS_SHUT_RDWR); - } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); - - shutdown( sd, SHUT_WR); - close(sd); - gnutls_deinit( state); + printf("- Disconnecting\n"); + do { + ret = gnutls_bye(state, GNUTLS_SHUT_RDWR); + } while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); - printf("\n\n- Connecting again- trying to resume previous session\n"); - sd = socket(AF_INET, SOCK_STREAM, 0); - ERR(sd, "socket"); + shutdown(sd, SHUT_WR); + close(sd); - err = connect(sd, (SA *) & sa, sizeof(sa)); - ERR(err, "connect"); + gnutls_deinit(state); - } /* resume */ + printf + ("\n\n- Connecting again- trying to resume previous session\n"); + sd = socket(AF_INET, SOCK_STREAM, 0); + ERR(sd, "socket"); + err = connect(sd, (SA *) & sa, sizeof(sa)); + ERR(err, "connect"); + + } + + /* resume */ /* Begin handshake again */ gnutls_init(&state, GNUTLS_CLIENT); - + gnutls_cipher_set_priority(state, cipher_priority); gnutls_compression_set_priority(state, comp_priority); gnutls_kx_set_priority(state, kx_priority); - gnutls_protocol_set_priority( state, protocol_priority); + gnutls_protocol_set_priority(state, protocol_priority); gnutls_mac_set_priority(state, mac_priority); gnutls_cert_type_set_priority(state, cert_type_priority); - gnutls_dh_set_prime_bits( state, 1024); + gnutls_dh_set_prime_bits(state, 1024); - gnutls_cred_set( state, GNUTLS_CRD_ANON, anon_cred); - gnutls_cred_set( state, GNUTLS_CRD_SRP, cred); - gnutls_cred_set( state, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_cred_set(state, GNUTLS_CRD_ANON, anon_cred); + gnutls_cred_set(state, GNUTLS_CRD_SRP, cred); + gnutls_cred_set(state, GNUTLS_CRD_CERTIFICATE, xcred); -#ifdef RESUME - gnutls_session_set_data( state, session, session_size); - free(session); -#endif + if (resume != 0) { + gnutls_session_set_data(state, session, session_size); + free(session); + } - gnutls_transport_set_ptr( state, sd); + gnutls_transport_set_ptr(state, sd); do { - ret = gnutls_handshake( state); - } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); + ret = gnutls_handshake(state); + } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); if (ret < 0) { - if (ret==GNUTLS_E_WARNING_ALERT_RECEIVED || ret==GNUTLS_E_FATAL_ALERT_RECEIVED) - printf("*** Received alert [%d]\n", gnutls_alert_get_last(state)); + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) + printf("*** Received alert [%d]\n", + gnutls_alert_get_last(state)); fprintf(stderr, "*** Handshake failed\n"); gnutls_perror(ret); gnutls_deinit(state); @@ -311,117 +337,147 @@ int main(int argc, char** argv) printf("- Handshake was completed\n"); } - /* check if we actually resumed the previous session */ - gnutls_session_get_id( state, NULL, &tmp_session_id_size); - tmp_session_id = malloc(tmp_session_id_size); - gnutls_session_get_id( state, tmp_session_id, &tmp_session_id_size); - - if (memcmp( tmp_session_id, session_id, session_id_size)==0) { - printf("- Previous session was resumed\n"); - } else { - fprintf(stderr, "*** Previous session was NOT resumed\n"); + if (resume != 0) { + /* check if we actually resumed the previous session */ + gnutls_session_get_id(state, NULL, &tmp_session_id_size); + tmp_session_id = malloc(tmp_session_id_size); + gnutls_session_get_id(state, tmp_session_id, &tmp_session_id_size); + + if (memcmp(tmp_session_id, session_id, session_id_size) == + 0) { + printf("- Previous session was resumed\n"); + } else { + fprintf(stderr, + "*** Previous session was NOT resumed\n"); + } + free(tmp_session_id); + free(session_id); } - free(tmp_session_id); - free(session_id); - /* print some information */ - print_info( state); - + print_info(state); + printf("\n- Simple Client Mode:\n\n"); FD_ZERO(&rset); - for(;;) { + for (;;) { FD_SET(fileno(stdin), &rset); FD_SET(sd, &rset); - + maxfd = MAX(fileno(stdin), sd); tv.tv_sec = 3; tv.tv_usec = 0; - select(maxfd+1, &rset, NULL, NULL, &tv); + select(maxfd + 1, &rset, NULL, NULL, &tv); if (FD_ISSET(sd, &rset)) { - bzero(buffer, MAX_BUF+1); + bzero(buffer, MAX_BUF + 1); do { - ret = gnutls_read( state, buffer, MAX_BUF); - } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); + ret = gnutls_read(state, buffer, MAX_BUF); + } while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); /* remove new line */ - if (gnutls_error_is_fatal(ret) == 1 || ret==0) { + if (gnutls_error_is_fatal(ret) == 1 || ret == 0) { if (ret == 0) { - printf("- Peer has closed the GNUTLS connection\n"); + printf + ("- Peer has closed the GNUTLS connection\n"); break; } else { - fprintf(stderr, "*** Received corrupted data(%d) - server has terminated the connection abnormally\n", + fprintf(stderr, + "*** Received corrupted data(%d) - server has terminated the connection abnormally\n", ret); break; } } else { - if (ret==GNUTLS_E_WARNING_ALERT_RECEIVED || ret==GNUTLS_E_FATAL_ALERT_RECEIVED) - printf("* Received alert [%d]\n", gnutls_alert_get_last(state)); - if (ret==GNUTLS_E_REHANDSHAKE) { - - /* There is a race condition here. If application - * data is sent after the rehandshake request, - * the server thinks we ignored his request. - * This is a bad design of this client. - */ - printf("* Received rehandshake request\n"); + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == + GNUTLS_E_FATAL_ALERT_RECEIVED) + printf("* Received alert [%d]\n", + gnutls_alert_get_last + (state)); + if (ret == GNUTLS_E_REHANDSHAKE) { + + /* There is a race condition here. If application + * data is sent after the rehandshake request, + * the server thinks we ignored his request. + * This is a bad design of this client. + */ + printf + ("* Received rehandshake request\n"); /* gnutls_alert_send( state, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); */ do { - ret = gnutls_handshake( state); - } while( ret==GNUTLS_E_AGAIN || ret==GNUTLS_E_INTERRUPTED); - - if (ret==0) printf("* Rehandshake was performed\n"); + ret = + gnutls_handshake + (state); + } while (ret == GNUTLS_E_AGAIN + || ret == + GNUTLS_E_INTERRUPTED); + + if (ret == 0) + printf + ("* Rehandshake was performed\n"); else { - printf("* Rehandshake Failed [%d]\n", ret); + printf + ("* Rehandshake Failed [%d]\n", + ret); } } if (ret > 0) { printf("- Received[%d]: ", ret); - for (ii=0;ii<ret;ii++) { + for (ii = 0; ii < ret; ii++) { fputc(buffer[ii], stdout); } fputs("\n", stdout); } } - if (user_term!=0) break; + if (user_term != 0) + break; } if (FD_ISSET(fileno(stdin), &rset)) { - if( fgets(buffer, MAX_BUF, stdin) == NULL) { + if (fgets(buffer, MAX_BUF, stdin) == NULL) { do { - ret = gnutls_bye( state, GNUTLS_SHUT_WR); - } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); + ret = + gnutls_bye(state, + GNUTLS_SHUT_WR); + } while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); user_term = 1; continue; } do { - ret = gnutls_write( state, buffer, strlen(buffer)); - } while(ret==GNUTLS_E_AGAIN || ret==GNUTLS_E_INTERRUPTED); + ret = + gnutls_write(state, buffer, + strlen(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); printf("- Sent: %d bytes\n", ret); } } - if (user_term!=0) do ret = gnutls_bye( state, GNUTLS_SHUT_RDWR); - while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); + if (user_term != 0) + do + ret = gnutls_bye(state, GNUTLS_SHUT_RDWR); + while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); - shutdown( sd, SHUT_RDWR); /* no more receptions */ + shutdown(sd, SHUT_RDWR); /* no more receptions */ close(sd); - - gnutls_deinit( state); - gnutls_srp_free_client_sc( cred); - gnutls_certificate_free_client_sc( xcred); - gnutls_anon_free_client_sc( anon_cred); + gnutls_deinit(state); + + gnutls_srp_free_client_sc(cred); + gnutls_certificate_free_client_sc(xcred); + gnutls_anon_free_client_sc(anon_cred); gnutls_global_deinit(); - + return 0; } static gaainfo info; -void gaa_parser( int argc, char** argv) { -int i,j; +void gaa_parser(int argc, char **argv) +{ + int i, j; if (gaa(argc, argv, &info) != -1) { fprintf(stderr, "Error in the arguments.\n"); @@ -430,73 +486,80 @@ int i,j; resume = info.resume; port = info.port; - hostname = info.hostname; - - if (info.proto!=NULL && info.nproto > 0) { - for (j=i=0;i<info.nproto;i++) { - if (strncasecmp( info.proto[i], "SSL", 3)==0) + + if (info.nrest_args==0) hostname="localhost"; + else hostname = info.rest_args[0]; + + if (info.proto != NULL && info.nproto > 0) { + for (j = i = 0; i < info.nproto; i++) { + if (strncasecmp(info.proto[i], "SSL", 3) == 0) protocol_priority[j++] = GNUTLS_SSL3; - if (strncasecmp( info.proto[i], "TLS", 3)==0) + if (strncasecmp(info.proto[i], "TLS", 3) == 0) protocol_priority[j++] = GNUTLS_TLS1; } protocol_priority[j] = 0; } - if (info.ciphers!=NULL && info.nciphers > 0) { - for (j=i=0;i<info.nciphers;i++) { - if (strncasecmp( info.ciphers[i], "RIJ", 3)==0) - cipher_priority[j++] = GNUTLS_CIPHER_RIJNDAEL_128_CBC; - if (strncasecmp( info.ciphers[i], "TWO", 3)==0) - cipher_priority[j++] = GNUTLS_CIPHER_TWOFISH_128_CBC; - if (strncasecmp( info.ciphers[i], "3DE", 3)==0) - cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC; - if (strncasecmp( info.ciphers[i], "ARC", 3)==0) - cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR; + if (info.ciphers != NULL && info.nciphers > 0) { + for (j = i = 0; i < info.nciphers; i++) { + if (strncasecmp(info.ciphers[i], "RIJ", 3) == 0) + cipher_priority[j++] = + GNUTLS_CIPHER_RIJNDAEL_128_CBC; + if (strncasecmp(info.ciphers[i], "TWO", 3) == 0) + cipher_priority[j++] = + GNUTLS_CIPHER_TWOFISH_128_CBC; + if (strncasecmp(info.ciphers[i], "3DE", 3) == 0) + cipher_priority[j++] = + GNUTLS_CIPHER_3DES_CBC; + if (strncasecmp(info.ciphers[i], "ARC", 3) == 0) + cipher_priority[j++] = + GNUTLS_CIPHER_ARCFOUR; } cipher_priority[j] = 0; } - if (info.macs!=NULL && info.nmacs > 0) { - for (j=i=0;i<info.nmacs;i++) { - if (strncasecmp( info.macs[i], "MD5", 3)==0) + if (info.macs != NULL && info.nmacs > 0) { + for (j = i = 0; i < info.nmacs; i++) { + if (strncasecmp(info.macs[i], "MD5", 3) == 0) mac_priority[j++] = GNUTLS_MAC_MD5; - if (strncasecmp( info.macs[i], "SHA", 3)==0) + if (strncasecmp(info.macs[i], "SHA", 3) == 0) mac_priority[j++] = GNUTLS_MAC_SHA; } mac_priority[j] = 0; } - if (info.ctype!=NULL && info.nctype > 0) { - for (j=i=0;i<info.nctype;i++) { - if (strncasecmp( info.ctype[i], "OPE", 3)==0) - cert_type_priority[j++] = GNUTLS_CRT_OPENPGP; - if (strncasecmp( info.ctype[i], "X", 1)==0) + if (info.ctype != NULL && info.nctype > 0) { + for (j = i = 0; i < info.nctype; i++) { + if (strncasecmp(info.ctype[i], "OPE", 3) == 0) + cert_type_priority[j++] = + GNUTLS_CRT_OPENPGP; + if (strncasecmp(info.ctype[i], "X", 1) == 0) cert_type_priority[j++] = GNUTLS_CRT_X509; } cert_type_priority[j] = 0; } - if (info.kx!=NULL && info.nkx > 0) { - for (j=i=0;i<info.nkx;i++) { - if (strncasecmp( info.kx[i], "SRP", 3)==0) + if (info.kx != NULL && info.nkx > 0) { + for (j = i = 0; i < info.nkx; i++) { + if (strncasecmp(info.kx[i], "SRP", 3) == 0) kx_priority[j++] = GNUTLS_KX_SRP; - if (strncasecmp( info.kx[i], "RSA", 3)==0) + if (strncasecmp(info.kx[i], "RSA", 3) == 0) kx_priority[j++] = GNUTLS_KX_RSA; - if (strncasecmp( info.kx[i], "DHE_RSA", 7)==0) + if (strncasecmp(info.kx[i], "DHE_RSA", 7) == 0) kx_priority[j++] = GNUTLS_KX_DHE_RSA; - if (strncasecmp( info.kx[i], "DHE_DSS", 7)==0) + if (strncasecmp(info.kx[i], "DHE_DSS", 7) == 0) kx_priority[j++] = GNUTLS_KX_DHE_DSS; - if (strncasecmp( info.kx[i], "ANON", 4)==0) + if (strncasecmp(info.kx[i], "ANON", 4) == 0) kx_priority[j++] = GNUTLS_KX_ANON_DH; } kx_priority[j] = 0; } - if (info.comp!=NULL && info.ncomp > 0) { - for (j=i=0;i<info.ncomp;i++) { - if (strncasecmp( info.comp[i], "NUL", 3)==0) + if (info.comp != NULL && info.ncomp > 0) { + for (j = i = 0; i < info.ncomp; i++) { + if (strncasecmp(info.comp[i], "NUL", 3) == 0) comp_priority[j++] = GNUTLS_COMP_NULL; - if (strncasecmp( info.comp[i], "ZLI", 1)==0) + if (strncasecmp(info.comp[i], "ZLI", 1) == 0) comp_priority[j++] = GNUTLS_COMP_ZLIB; } comp_priority[j] = 0; @@ -504,7 +567,8 @@ int i,j; } -void print_list(void) { +void print_list(void) +{ /* FIXME: This is hard coded. Make it print all the supported * algorithms. */ diff --git a/src/cli.gaa b/src/cli.gaa index 84ce49c76a..27b4ee04a9 100644 --- a/src/cli.gaa +++ b/src/cli.gaa @@ -1,4 +1,4 @@ -helpnode "cli help\nUsage: cli [options]" +helpnode "cli help\nUsage: cli [options] hostname" #int resume; option (r, resume) { $resume = 1 } "Connect, establish a session. Connect again and resume this session." @@ -6,8 +6,6 @@ option (r, resume) { $resume = 1 } "Connect, establish a session. Connect again #int port; option (p, port) INT "integer" { $port = $1 } "The port to connect to." -#char *hostname; -option (host) STR "hostname" { $hostname = $1 } "The host to connect to." #int nciphers; #char **ciphers; @@ -37,7 +35,11 @@ option (certtype) *STR "certtype1 certtype2..." { $ctype = $1; $nctype = @1 } "C option (l, list) { print_list(); exit(0); } "Print a list of the supported algorithms and modes." option (h, help) { gaa_help(); exit(0); } "prints this help" -init { $resume=0; $port=5556; $hostname="localhost"; $ciphers=NULL; +#int nrest_args; +#char **rest_args; +rest optional *STR "hostname" { $rest_args = $1; $nrest_args = @1 } + +init { $resume=0; $port=5556; $rest_args=NULL; $nrest_args=0; $ciphers=NULL; $kx=NULL; $comp=NULL; $macs=NULL; $ctype=NULL; $nciphers=0; $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; } diff --git a/src/common.c b/src/common.c index 122f72a5d1..2887a27a4b 100644 --- a/src/common.c +++ b/src/common.c @@ -119,15 +119,16 @@ void print_cert_vrfy(GNUTLS_STATE state) printf("\n"); switch (status) { - case GNUTLS_CERT_NOT_TRUSTED: - printf("- Peer's certificate was NOT verified\n"); + case GNUTLS_CERT_VALID: + case GNUTLS_CERT_INVALID: + printf("- Peer's certificate is NOT trusted\n"); break; case GNUTLS_CERT_EXPIRED: printf ("- Peer's certificate was verified but is expired\n"); break; case GNUTLS_CERT_TRUSTED: - printf("- Peer's certificate was verified\n"); + printf("- Peer's certificate is trusted\n"); break; case GNUTLS_CERT_NONE: printf("- Peer did not send any certificate.\n"); |