diff options
Diffstat (limited to 'doc/examples')
30 files changed, 3012 insertions, 3114 deletions
diff --git a/doc/examples/ex-alert.c b/doc/examples/ex-alert.c index 6bc14562fe..868771a681 100644 --- a/doc/examples/ex-alert.c +++ b/doc/examples/ex-alert.c @@ -14,25 +14,23 @@ * a gnutls function (recv/send), is an alert, and will print * that alert. */ -void -check_alert (gnutls_session_t session, int ret) +void check_alert(gnutls_session_t session, int ret) { - int last_alert; + int last_alert; - if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED - || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) - { - last_alert = gnutls_alert_get (session); + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { + last_alert = gnutls_alert_get(session); - /* The check for renegotiation is only useful if we are - * a server, and we had requested a rehandshake. - */ - if (last_alert == GNUTLS_A_NO_RENEGOTIATION && - ret == GNUTLS_E_WARNING_ALERT_RECEIVED) - printf ("* Received NO_RENEGOTIATION alert. " - "Client Does not support renegotiation.\n"); - else - printf ("* Received alert '%d': %s.\n", last_alert, - gnutls_alert_get_name (last_alert)); - } + /* The check for renegotiation is only useful if we are + * a server, and we had requested a rehandshake. + */ + if (last_alert == GNUTLS_A_NO_RENEGOTIATION && + ret == GNUTLS_E_WARNING_ALERT_RECEIVED) + printf("* Received NO_RENEGOTIATION alert. " + "Client Does not support renegotiation.\n"); + else + printf("* Received alert '%d': %s.\n", last_alert, + gnutls_alert_get_name(last_alert)); + } } diff --git a/doc/examples/ex-cert-select-pkcs11.c b/doc/examples/ex-cert-select-pkcs11.c index 8e29a2586f..aa76662ccf 100644 --- a/doc/examples/ex-cert-select-pkcs11.c +++ b/doc/examples/ex-cert-select-pkcs11.c @@ -17,7 +17,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> -#include <getpass.h> /* for getpass() */ +#include <getpass.h> /* for getpass() */ /* A TLS client that loads the certificate and key. */ @@ -36,138 +36,131 @@ #define CERT_URL "pkcs11:manufacturer=SomeManufacturer;object=Certificate;" \ "objecttype=cert;id=db%5b%3e%b5%72%33" -extern int tcp_connect (void); -extern void tcp_close (int sd); +extern int tcp_connect(void); +extern void tcp_close(int sd); static int -pin_callback (void *user, int attempt, const char *token_url, - const char *token_label, unsigned int flags, char *pin, - size_t pin_max) +pin_callback(void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) { - const char *password; - int len; - - printf ("PIN required for token '%s' with URL '%s'\n", token_label, - token_url); - if (flags & GNUTLS_PIN_FINAL_TRY) - printf ("*** This is the final try before locking!\n"); - if (flags & GNUTLS_PIN_COUNT_LOW) - printf ("*** Only few tries left before locking!\n"); - if (flags & GNUTLS_PIN_WRONG) - printf ("*** Wrong PIN\n"); - - password = getpass ("Enter pin: "); - if (password == NULL || password[0] == 0) - { - fprintf (stderr, "No password given\n"); - exit (1); - } - - len = MIN (pin_max-1, strlen (password)); - memcpy (pin, password, len); - pin[len] = 0; - - return 0; + const char *password; + int len; + + printf("PIN required for token '%s' with URL '%s'\n", token_label, + token_url); + if (flags & GNUTLS_PIN_FINAL_TRY) + printf("*** This is the final try before locking!\n"); + if (flags & GNUTLS_PIN_COUNT_LOW) + printf("*** Only few tries left before locking!\n"); + if (flags & GNUTLS_PIN_WRONG) + printf("*** Wrong PIN\n"); + + password = getpass("Enter pin: "); + if (password == NULL || password[0] == 0) { + fprintf(stderr, "No password given\n"); + exit(1); + } + + len = MIN(pin_max - 1, strlen(password)); + memcpy(pin, password, len); + pin[len] = 0; + + return 0; } -int -main (void) +int main(void) { - int ret, sd, ii; - gnutls_session_t session; - gnutls_priority_t priorities_cache; - char buffer[MAX_BUF + 1]; - gnutls_certificate_credentials_t xcred; - /* Allow connections to servers that have OpenPGP keys as well. - */ - - gnutls_global_init (); - /* PKCS11 private key operations might require PIN. - * Register a callback. - */ - gnutls_pkcs11_set_pin_function (pin_callback, NULL); - - /* X509 stuff */ - gnutls_certificate_allocate_credentials (&xcred); - - /* priorities */ - gnutls_priority_init (&priorities_cache, "NORMAL", NULL); - - /* sets the trusted cas file - */ - gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM); - - gnutls_certificate_set_x509_key_file (xcred, CERT_URL, KEY_URL, GNUTLS_X509_FMT_DER); - - /* Initialize TLS session - */ - gnutls_init (&session, GNUTLS_CLIENT); - - /* Use default priorities */ - gnutls_priority_set (session, priorities_cache); - - /* put the x509 credentials to the current session - */ - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); - - /* connect to the peer - */ - sd = tcp_connect (); - - gnutls_transport_set_int (session, sd); - - /* Perform the TLS handshake - */ - ret = gnutls_handshake (session); - - if (ret < 0) - { - fprintf (stderr, "*** Handshake failed\n"); - gnutls_perror (ret); - goto end; - } - else - { - char* desc; - - desc = gnutls_session_get_desc(session); - printf ("- Session info: %s\n", desc); - gnutls_free(desc); - } - - gnutls_record_send (session, MSG, strlen (MSG)); - - ret = gnutls_record_recv (session, buffer, MAX_BUF); - if (ret == 0) - { - printf ("- Peer has closed the TLS connection\n"); - goto end; - } - else if (ret < 0) - { - fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); - goto end; - } - - printf ("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } - fputs ("\n", stdout); - - gnutls_bye (session, GNUTLS_SHUT_RDWR); - -end: - - tcp_close (sd); - - gnutls_deinit (session); - - gnutls_certificate_free_credentials (xcred); - gnutls_priority_deinit (priorities_cache); - - gnutls_global_deinit (); - - return 0; + int ret, sd, ii; + gnutls_session_t session; + gnutls_priority_t priorities_cache; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + /* Allow connections to servers that have OpenPGP keys as well. + */ + + gnutls_global_init(); + /* PKCS11 private key operations might require PIN. + * Register a callback. + */ + gnutls_pkcs11_set_pin_function(pin_callback, NULL); + + /* X509 stuff */ + gnutls_certificate_allocate_credentials(&xcred); + + /* priorities */ + gnutls_priority_init(&priorities_cache, "NORMAL", NULL); + + /* sets the trusted cas file + */ + gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_file(xcred, CERT_URL, KEY_URL, + GNUTLS_X509_FMT_DER); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set(session, priorities_cache); + + /* put the x509 credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + /* connect to the peer + */ + sd = tcp_connect(); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + tcp_close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + gnutls_priority_deinit(priorities_cache); + + gnutls_global_deinit(); + + return 0; } diff --git a/doc/examples/ex-cert-select.c b/doc/examples/ex-cert-select.c index 6e12a8d3a1..99cd126d91 100644 --- a/doc/examples/ex-cert-select.c +++ b/doc/examples/ex-cert-select.c @@ -28,163 +28,155 @@ #define KEY_FILE "key.pem" #define CAFILE "/etc/ssl/certs/ca-certificates.crt" -extern int tcp_connect (void); -extern void tcp_close (int sd); +extern int tcp_connect(void); +extern void tcp_close(int sd); static int -cert_callback (gnutls_session_t session, - const gnutls_datum_t * req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t * sign_algos, - int sign_algos_length, gnutls_pcert_st ** pcert, - unsigned int *pcert_length, gnutls_privkey_t * pkey); +cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey); gnutls_pcert_st pcrt; gnutls_privkey_t key; /* Load the certificate and the private key. */ -static void -load_keys (void) +static void load_keys(void) { - int ret; - gnutls_datum_t data; - - ret = gnutls_load_file (CERT_FILE, &data); - if (ret < 0) - { - fprintf (stderr, "*** Error loading certificate file.\n"); - exit (1); - } - - ret = gnutls_pcert_import_x509_raw (&pcrt, &data, GNUTLS_X509_FMT_PEM, 0); - if (ret < 0) - { - fprintf (stderr, "*** Error loading certificate file: %s\n", - gnutls_strerror (ret)); - exit (1); - } - - gnutls_free(data.data); - - ret = gnutls_load_file (KEY_FILE, &data); - if (ret < 0) - { - fprintf (stderr, "*** Error loading key file.\n"); - exit (1); - } - - gnutls_privkey_init (&key); - - ret = gnutls_privkey_import_x509_raw (key, &data, GNUTLS_X509_FMT_PEM, NULL, 0); - if (ret < 0) - { - fprintf (stderr, "*** Error loading key file: %s\n", - gnutls_strerror (ret)); - exit (1); - } - - gnutls_free(data.data); + int ret; + gnutls_datum_t data; + + ret = gnutls_load_file(CERT_FILE, &data); + if (ret < 0) { + fprintf(stderr, "*** Error loading certificate file.\n"); + exit(1); + } + + ret = + gnutls_pcert_import_x509_raw(&pcrt, &data, GNUTLS_X509_FMT_PEM, + 0); + if (ret < 0) { + fprintf(stderr, "*** Error loading certificate file: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + gnutls_free(data.data); + + ret = gnutls_load_file(KEY_FILE, &data); + if (ret < 0) { + fprintf(stderr, "*** Error loading key file.\n"); + exit(1); + } + + gnutls_privkey_init(&key); + + ret = + gnutls_privkey_import_x509_raw(key, &data, GNUTLS_X509_FMT_PEM, + NULL, 0); + if (ret < 0) { + fprintf(stderr, "*** Error loading key file: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + gnutls_free(data.data); } -int -main (void) +int main(void) { - int ret, sd, ii; - gnutls_session_t session; - gnutls_priority_t priorities_cache; - char buffer[MAX_BUF + 1]; - gnutls_certificate_credentials_t xcred; - /* Allow connections to servers that have OpenPGP keys as well. - */ + int ret, sd, ii; + gnutls_session_t session; + gnutls_priority_t priorities_cache; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + /* Allow connections to servers that have OpenPGP keys as well. + */ - gnutls_global_init (); + gnutls_global_init(); - load_keys (); + load_keys(); - /* X509 stuff */ - gnutls_certificate_allocate_credentials (&xcred); + /* X509 stuff */ + gnutls_certificate_allocate_credentials(&xcred); - /* priorities */ - gnutls_priority_init (&priorities_cache, "NORMAL", NULL); + /* priorities */ + gnutls_priority_init(&priorities_cache, "NORMAL", NULL); - /* sets the trusted cas file - */ - gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM); + /* sets the trusted cas file + */ + gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM); - gnutls_certificate_set_retrieve_function2 (xcred, cert_callback); + gnutls_certificate_set_retrieve_function2(xcred, cert_callback); - /* Initialize TLS session - */ - gnutls_init (&session, GNUTLS_CLIENT); + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); - /* Use default priorities */ - gnutls_priority_set (session, priorities_cache); + /* Use default priorities */ + gnutls_priority_set(session, priorities_cache); - /* put the x509 credentials to the current session - */ - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); + /* put the x509 credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); - /* connect to the peer - */ - sd = tcp_connect (); + /* connect to the peer + */ + sd = tcp_connect(); - gnutls_transport_set_int (session, sd); + gnutls_transport_set_int(session, sd); - /* Perform the TLS handshake - */ - ret = gnutls_handshake (session); + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); - if (ret < 0) - { - fprintf (stderr, "*** Handshake failed\n"); - gnutls_perror (ret); - goto end; - } - else - { - char* desc; - - desc = gnutls_session_get_desc(session); - printf ("- Session info: %s\n", desc); - gnutls_free(desc); - } + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; - gnutls_record_send (session, MSG, strlen (MSG)); + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } - ret = gnutls_record_recv (session, buffer, MAX_BUF); - if (ret == 0) - { - printf ("- Peer has closed the TLS connection\n"); - goto end; - } - else if (ret < 0) - { - fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); - goto end; - } + gnutls_record_send(session, MSG, strlen(MSG)); - printf ("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } - fputs ("\n", stdout); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } - gnutls_bye (session, GNUTLS_SHUT_RDWR); + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); -end: + gnutls_bye(session, GNUTLS_SHUT_RDWR); - tcp_close (sd); + end: - gnutls_deinit (session); + tcp_close(sd); - gnutls_certificate_free_credentials (xcred); - gnutls_priority_deinit (priorities_cache); + gnutls_deinit(session); - gnutls_global_deinit (); + gnutls_certificate_free_credentials(xcred); + gnutls_priority_deinit(priorities_cache); - return 0; + gnutls_global_deinit(); + + return 0; } @@ -195,52 +187,48 @@ end: */ static int -cert_callback (gnutls_session_t session, - const gnutls_datum_t * req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t * sign_algos, - int sign_algos_length, gnutls_pcert_st ** pcert, - unsigned int *pcert_length, gnutls_privkey_t * pkey) +cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey) { - char issuer_dn[256]; - int i, ret; - size_t len; - gnutls_certificate_type_t type; - - /* Print the server's trusted CAs - */ - if (nreqs > 0) - printf ("- Server's trusted authorities:\n"); - else - printf ("- Server did not send us any trusted authorities names.\n"); - - /* print the names (if any) */ - for (i = 0; i < nreqs; i++) - { - len = sizeof (issuer_dn); - ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len); - if (ret >= 0) - { - printf (" [%d]: ", i); - printf ("%s\n", issuer_dn); + char issuer_dn[256]; + int i, ret; + size_t len; + gnutls_certificate_type_t type; + + /* Print the server's trusted CAs + */ + if (nreqs > 0) + printf("- Server's trusted authorities:\n"); + else + printf + ("- Server did not send us any trusted authorities names.\n"); + + /* print the names (if any) */ + for (i = 0; i < nreqs; i++) { + len = sizeof(issuer_dn); + ret = gnutls_x509_rdn_get(&req_ca_rdn[i], issuer_dn, &len); + if (ret >= 0) { + printf(" [%d]: ", i); + printf("%s\n", issuer_dn); + } + } + + /* Select a certificate and return it. + * The certificate must be of any of the "sign algorithms" + * supported by the server. + */ + type = gnutls_certificate_type_get(session); + if (type == GNUTLS_CRT_X509) { + *pcert_length = 1; + *pcert = &pcrt; + *pkey = key; + } else { + return -1; } - } - - /* Select a certificate and return it. - * The certificate must be of any of the "sign algorithms" - * supported by the server. - */ - type = gnutls_certificate_type_get (session); - if (type == GNUTLS_CRT_X509) - { - *pcert_length = 1; - *pcert = &pcrt; - *pkey = key; - } - else - { - return -1; - } - - return 0; + + return 0; } diff --git a/doc/examples/ex-client-anon.c b/doc/examples/ex-client-anon.c index 4cb804e65d..e86e9302f5 100644 --- a/doc/examples/ex-client-anon.c +++ b/doc/examples/ex-client-anon.c @@ -19,103 +19,93 @@ #define MAX_BUF 1024 #define MSG "GET / HTTP/1.0\r\n\r\n" -extern int tcp_connect (void); -extern void tcp_close (int sd); +extern int tcp_connect(void); +extern void tcp_close(int sd); -int -main (void) +int main(void) { - int ret, sd, ii; - gnutls_session_t session; - char buffer[MAX_BUF + 1]; - gnutls_anon_client_credentials_t anoncred; - /* Need to enable anonymous KX specifically. */ - - gnutls_global_init (); - - gnutls_anon_allocate_client_credentials (&anoncred); - - /* Initialize TLS session - */ - gnutls_init (&session, GNUTLS_CLIENT); - - /* Use default priorities */ - gnutls_priority_set_direct (session, "PERFORMANCE:+ANON-ECDH:+ANON-DH", - NULL); - - /* put the anonymous credentials to the current session - */ - gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred); - - /* connect to the peer - */ - sd = tcp_connect (); - - gnutls_transport_set_int (session, sd); - gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); - - /* Perform the TLS handshake - */ - do - { - ret = gnutls_handshake (session); - } - while (ret < 0 && gnutls_error_is_fatal (ret) == 0); - - if (ret < 0) - { - fprintf (stderr, "*** Handshake failed\n"); - gnutls_perror (ret); - goto end; - } - else - { - char* desc; - - desc = gnutls_session_get_desc(session); - printf ("- Session info: %s\n", desc); - gnutls_free(desc); - } - - gnutls_record_send (session, MSG, strlen (MSG)); - - ret = gnutls_record_recv (session, buffer, MAX_BUF); - if (ret == 0) - { - printf ("- Peer has closed the TLS connection\n"); - goto end; - } - else if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - } - else if (ret < 0) - { - fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); - goto end; - } - - if (ret > 0) - { - printf ("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + /* Need to enable anonymous KX specifically. */ + + gnutls_global_init(); + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "PERFORMANCE:+ANON-ECDH:+ANON-DH", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + /* connect to the peer + */ + sd = tcp_connect(); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); } - fputs ("\n", stdout); - } - gnutls_bye (session, GNUTLS_SHUT_RDWR); + gnutls_bye(session, GNUTLS_SHUT_RDWR); -end: + end: - tcp_close (sd); + tcp_close(sd); - gnutls_deinit (session); + gnutls_deinit(session); - gnutls_anon_free_client_credentials (anoncred); + gnutls_anon_free_client_credentials(anoncred); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } diff --git a/doc/examples/ex-client-dtls.c b/doc/examples/ex-client-dtls.c index 9b8fd98c21..cb9375d2ab 100644 --- a/doc/examples/ex-client-dtls.c +++ b/doc/examples/ex-client-dtls.c @@ -21,121 +21,110 @@ #define CAFILE "/etc/ssl/certs/ca-certificates.crt" #define MSG "GET / HTTP/1.0\r\n\r\n" -extern int udp_connect (void); -extern void udp_close (int sd); -extern int verify_certificate_callback (gnutls_session_t session); +extern int udp_connect(void); +extern void udp_close(int sd); +extern int verify_certificate_callback(gnutls_session_t session); -int -main (void) +int main(void) { - int ret, sd, ii; - gnutls_session_t session; - char buffer[MAX_BUF + 1]; - const char *err; - gnutls_certificate_credentials_t xcred; - - gnutls_global_init (); - - /* X509 stuff */ - gnutls_certificate_allocate_credentials (&xcred); - - /* sets the trusted cas file */ - gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM); - gnutls_certificate_set_verify_function (xcred, verify_certificate_callback); - - /* Initialize TLS session */ - gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); - - /* Use default priorities */ - ret = gnutls_priority_set_direct (session, "NORMAL", &err); - if (ret < 0) - { - if (ret == GNUTLS_E_INVALID_REQUEST) - { - fprintf (stderr, "Syntax error at: %s\n", err); + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + const char *err; + gnutls_certificate_credentials_t xcred; + + gnutls_global_init(); + + /* X509 stuff */ + gnutls_certificate_allocate_credentials(&xcred); + + /* sets the trusted cas file */ + gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_verify_function(xcred, + verify_certificate_callback); + + /* Initialize TLS session */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, "NORMAL", &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) { + fprintf(stderr, "Syntax error at: %s\n", err); + } + exit(1); } - exit (1); - } - - /* put the x509 credentials to the current session */ - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); - gnutls_server_name_set (session, GNUTLS_NAME_DNS, "my_host_name", - strlen("my_host_name")); - - /* connect to the peer */ - sd = udp_connect (); - - gnutls_transport_set_int (session, sd); - - /* set the connection MTU */ - gnutls_dtls_set_mtu (session, 1000); - gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); - - /* Perform the TLS handshake */ - do - { - ret = gnutls_handshake (session); - } - while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); - /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET */ - - if (ret < 0) - { - fprintf (stderr, "*** Handshake failed\n"); - gnutls_perror (ret); - goto end; - } - else - { - char* desc; - - desc = gnutls_session_get_desc(session); - printf ("- Session info: %s\n", desc); - gnutls_free(desc); - } - - gnutls_record_send (session, MSG, strlen (MSG)); - - ret = gnutls_record_recv (session, buffer, MAX_BUF); - if (ret == 0) - { - printf ("- Peer has closed the TLS connection\n"); - goto end; - } - else if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - } - else if (ret < 0) - { - fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); - goto end; - } - - if (ret > 0) - { - printf ("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); + + /* put the x509 credentials to the current session */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name", + strlen("my_host_name")); + + /* connect to the peer */ + sd = udp_connect(); + + gnutls_transport_set_int(session, sd); + + /* set the connection MTU */ + gnutls_dtls_set_mtu(session, 1000); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake */ + do { + ret = gnutls_handshake(session); + } + while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); + /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET */ + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); } - fputs ("\n", stdout); - } - /* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS - * connections because the peer's closure message might - * be lost */ - gnutls_bye (session, GNUTLS_SHUT_WR); + /* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS + * connections because the peer's closure message might + * be lost */ + gnutls_bye(session, GNUTLS_SHUT_WR); -end: + end: - udp_close (sd); + udp_close(sd); - gnutls_deinit (session); + gnutls_deinit(session); - gnutls_certificate_free_credentials (xcred); + gnutls_certificate_free_credentials(xcred); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } diff --git a/doc/examples/ex-client-psk.c b/doc/examples/ex-client-psk.c index 60da53e66b..63a24a7247 100644 --- a/doc/examples/ex-client-psk.c +++ b/doc/examples/ex-client-psk.c @@ -19,113 +19,103 @@ #define MAX_BUF 1024 #define MSG "GET / HTTP/1.0\r\n\r\n" -extern int tcp_connect (void); -extern void tcp_close (int sd); +extern int tcp_connect(void); +extern void tcp_close(int sd); -int -main (void) +int main(void) { - int ret, sd, ii; - gnutls_session_t session; - char buffer[MAX_BUF + 1]; - const char *err; - gnutls_psk_client_credentials_t pskcred; - const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; - - gnutls_global_init (); - - gnutls_psk_allocate_client_credentials (&pskcred); - gnutls_psk_set_client_credentials (pskcred, "test", &key, - GNUTLS_PSK_KEY_HEX); - - /* Initialize TLS session - */ - gnutls_init (&session, GNUTLS_CLIENT); - - /* Use default priorities */ - ret = gnutls_priority_set_direct (session, "PERFORMANCE:+ECDHE-PSK:+DHE-PSK:+PSK", &err); - if (ret < 0) - { - if (ret == GNUTLS_E_INVALID_REQUEST) - { - fprintf (stderr, "Syntax error at: %s\n", err); + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + const char *err; + gnutls_psk_client_credentials_t pskcred; + const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; + + gnutls_global_init(); + + gnutls_psk_allocate_client_credentials(&pskcred); + gnutls_psk_set_client_credentials(pskcred, "test", &key, + GNUTLS_PSK_KEY_HEX); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + ret = + gnutls_priority_set_direct(session, + "PERFORMANCE:+ECDHE-PSK:+DHE-PSK:+PSK", + &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) { + fprintf(stderr, "Syntax error at: %s\n", err); + } + exit(1); } - exit (1); - } - - /* put the x509 credentials to the current session - */ - gnutls_credentials_set (session, GNUTLS_CRD_PSK, pskcred); - - /* connect to the peer - */ - sd = tcp_connect (); - - gnutls_transport_set_int (session, sd); - gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); - - /* Perform the TLS handshake - */ - do - { - ret = gnutls_handshake (session); - } - while (ret < 0 && gnutls_error_is_fatal (ret) == 0); - - if (ret < 0) - { - fprintf (stderr, "*** Handshake failed\n"); - gnutls_perror (ret); - goto end; - } - else - { - char* desc; - - desc = gnutls_session_get_desc(session); - printf ("- Session info: %s\n", desc); - gnutls_free(desc); - } - - gnutls_record_send (session, MSG, strlen (MSG)); - - ret = gnutls_record_recv (session, buffer, MAX_BUF); - if (ret == 0) - { - printf ("- Peer has closed the TLS connection\n"); - goto end; - } - else if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - } - else if (ret < 0) - { - fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); - goto end; - } - - if (ret > 0) - { - printf ("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); + + /* put the x509 credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); + + /* connect to the peer + */ + sd = tcp_connect(); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); } - fputs ("\n", stdout); - } - gnutls_bye (session, GNUTLS_SHUT_RDWR); + gnutls_bye(session, GNUTLS_SHUT_RDWR); -end: + end: - tcp_close (sd); + tcp_close(sd); - gnutls_deinit (session); + gnutls_deinit(session); - gnutls_psk_free_client_credentials (pskcred); + gnutls_psk_free_client_credentials(pskcred); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } diff --git a/doc/examples/ex-client-resume.c b/doc/examples/ex-client-resume.c index 1842c5e7a1..218cc4447a 100644 --- a/doc/examples/ex-client-resume.c +++ b/doc/examples/ex-client-resume.c @@ -11,145 +11,136 @@ /* Those functions are defined in other examples. */ -extern void check_alert (gnutls_session_t session, int ret); -extern int tcp_connect (void); -extern void tcp_close (int sd); +extern void check_alert(gnutls_session_t session, int ret); +extern int tcp_connect(void); +extern void tcp_close(int sd); #define MAX_BUF 1024 #define CAFILE "/etc/ssl/certs/ca-certificates.crt" #define MSG "GET / HTTP/1.0\r\n\r\n" -int -main (void) +int main(void) { - int ret; - int sd, ii; - gnutls_session_t session; - char buffer[MAX_BUF + 1]; - gnutls_certificate_credentials_t xcred; - - /* variables used in session resuming - */ - int t; - char *session_data = NULL; - size_t session_data_size = 0; - - gnutls_global_init (); - - /* X509 stuff */ - gnutls_certificate_allocate_credentials (&xcred); - - gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM); - - for (t = 0; t < 2; t++) - { /* connect 2 times to the server */ - - sd = tcp_connect (); - - gnutls_init (&session, GNUTLS_CLIENT); - - gnutls_priority_set_direct (session, "PERFORMANCE:!ARCFOUR-128", NULL); - - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); - - if (t > 0) - { - /* if this is not the first time we connect */ - gnutls_session_set_data (session, session_data, session_data_size); - free (session_data); - } - - gnutls_transport_set_int (session, sd); - gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); - - /* Perform the TLS handshake - */ - do - { - ret = gnutls_handshake (session); - } - while (ret < 0 && gnutls_error_is_fatal (ret) == 0); - - if (ret < 0) - { - fprintf (stderr, "*** Handshake failed\n"); - gnutls_perror (ret); - goto end; - } - else - { - printf ("- Handshake was completed\n"); - } - - if (t == 0) - { /* the first time we connect */ - /* get the session data size */ - gnutls_session_get_data (session, NULL, &session_data_size); - session_data = malloc (session_data_size); - - /* put session data to the session variable */ - gnutls_session_get_data (session, session_data, &session_data_size); - - } - else - { /* the second time we connect */ - - /* check if we actually resumed the previous session */ - if (gnutls_session_is_resumed (session) != 0) - { - printf ("- Previous session was resumed\n"); - } - else - { - fprintf (stderr, "*** Previous session was NOT resumed\n"); - } - } - - /* This function was defined in a previous example - */ - /* print_info(session); */ - - gnutls_record_send (session, MSG, strlen (MSG)); - - ret = gnutls_record_recv (session, buffer, MAX_BUF); - if (ret == 0) - { - printf ("- Peer has closed the TLS connection\n"); - goto end; - } - else if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - } - else if (ret < 0) - { - fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); - goto end; - } - - if (ret > 0) - { - printf ("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } - fputs ("\n", stdout); - } - - gnutls_bye (session, GNUTLS_SHUT_RDWR); - - end: - - tcp_close (sd); - - gnutls_deinit (session); - - } /* for() */ - - gnutls_certificate_free_credentials (xcred); - - gnutls_global_deinit (); - - return 0; + int ret; + int sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + + /* variables used in session resuming + */ + int t; + char *session_data = NULL; + size_t session_data_size = 0; + + gnutls_global_init(); + + /* X509 stuff */ + gnutls_certificate_allocate_credentials(&xcred); + + gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM); + + for (t = 0; t < 2; t++) { /* connect 2 times to the server */ + + sd = tcp_connect(); + + gnutls_init(&session, GNUTLS_CLIENT); + + gnutls_priority_set_direct(session, + "PERFORMANCE:!ARCFOUR-128", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + xcred); + + if (t > 0) { + /* if this is not the first time we connect */ + gnutls_session_set_data(session, session_data, + session_data_size); + free(session_data); + } + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + printf("- Handshake was completed\n"); + } + + if (t == 0) { /* the first time we connect */ + /* get the session data size */ + gnutls_session_get_data(session, NULL, + &session_data_size); + session_data = malloc(session_data_size); + + /* put session data to the session variable */ + gnutls_session_get_data(session, session_data, + &session_data_size); + + } else { /* the second time we connect */ + + /* check if we actually resumed the previous session */ + if (gnutls_session_is_resumed(session) != 0) { + printf("- Previous session was resumed\n"); + } else { + fprintf(stderr, + "*** Previous session was NOT resumed\n"); + } + } + + /* This function was defined in a previous example + */ + /* print_info(session); */ + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", + gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + tcp_close(sd); + + gnutls_deinit(session); + + } /* for() */ + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + return 0; } diff --git a/doc/examples/ex-client-srp.c b/doc/examples/ex-client-srp.c index e828eb8eaa..722b79a0ae 100644 --- a/doc/examples/ex-client-srp.c +++ b/doc/examples/ex-client-srp.c @@ -11,9 +11,9 @@ /* Those functions are defined in other examples. */ -extern void check_alert (gnutls_session_t session, int ret); -extern int tcp_connect (void); -extern void tcp_close (int sd); +extern void check_alert(gnutls_session_t session, int ret); +extern int tcp_connect(void); +extern void tcp_close(int sd); #define MAX_BUF 1024 #define USERNAME "user" @@ -21,109 +21,101 @@ extern void tcp_close (int sd); #define CAFILE "/etc/ssl/certs/ca-certificates.crt" #define MSG "GET / HTTP/1.0\r\n\r\n" -int -main (void) +int main(void) { - int ret; - int sd, ii; - gnutls_session_t session; - char buffer[MAX_BUF + 1]; - gnutls_srp_client_credentials_t srp_cred; - gnutls_certificate_credentials_t cert_cred; - - gnutls_global_init (); - - gnutls_srp_allocate_client_credentials (&srp_cred); - gnutls_certificate_allocate_credentials (&cert_cred); - - gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE, - GNUTLS_X509_FMT_PEM); - gnutls_srp_set_client_credentials (srp_cred, USERNAME, PASSWORD); - - /* connects to server - */ - sd = tcp_connect (); - - /* Initialize TLS session - */ - gnutls_init (&session, GNUTLS_CLIENT); - - - /* Set the priorities. - */ - gnutls_priority_set_direct (session, "NORMAL:+SRP:+SRP-RSA:+SRP-DSS", NULL); - - /* put the SRP credentials to the current session - */ - gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred); - - gnutls_transport_set_int (session, sd); - gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); - - /* Perform the TLS handshake - */ - do - { - ret = gnutls_handshake (session); - } - while (ret < 0 && gnutls_error_is_fatal (ret) == 0); - - if (ret < 0) - { - fprintf (stderr, "*** Handshake failed\n"); - gnutls_perror (ret); - goto end; - } - else - { - char* desc; - - desc = gnutls_session_get_desc(session); - printf ("- Session info: %s\n", desc); - gnutls_free(desc); - } - - gnutls_record_send (session, MSG, strlen (MSG)); - - ret = gnutls_record_recv (session, buffer, MAX_BUF); - if (gnutls_error_is_fatal (ret) != 0 || ret == 0) - { - if (ret == 0) - { - printf ("- Peer has closed the GnuTLS connection\n"); - goto end; + int ret; + int sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_srp_client_credentials_t srp_cred; + gnutls_certificate_credentials_t cert_cred; + + gnutls_global_init(); + + gnutls_srp_allocate_client_credentials(&srp_cred); + gnutls_certificate_allocate_credentials(&cert_cred); + + gnutls_certificate_set_x509_trust_file(cert_cred, CAFILE, + GNUTLS_X509_FMT_PEM); + gnutls_srp_set_client_credentials(srp_cred, USERNAME, PASSWORD); + + /* connects to server + */ + sd = tcp_connect(); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + + /* Set the priorities. + */ + gnutls_priority_set_direct(session, + "NORMAL:+SRP:+SRP-RSA:+SRP-DSS", NULL); + + /* put the SRP credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); } - else - { - fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); - goto end; + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); } - } - else - check_alert (session, ret); - - if (ret > 0) - { - printf ("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (gnutls_error_is_fatal(ret) != 0 || ret == 0) { + if (ret == 0) { + printf + ("- Peer has closed the GnuTLS connection\n"); + goto end; + } else { + fprintf(stderr, "*** Error: %s\n", + gnutls_strerror(ret)); + goto end; + } + } else + check_alert(session, ret); + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); } - fputs ("\n", stdout); - } - gnutls_bye (session, GNUTLS_SHUT_RDWR); + gnutls_bye(session, GNUTLS_SHUT_RDWR); -end: + end: - tcp_close (sd); + tcp_close(sd); - gnutls_deinit (session); + gnutls_deinit(session); - gnutls_srp_free_client_credentials (srp_cred); - gnutls_certificate_free_credentials (cert_cred); + gnutls_srp_free_client_credentials(srp_cred); + gnutls_certificate_free_credentials(cert_cred); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c index bf8ae6bbef..4d1753ae7f 100644 --- a/doc/examples/ex-client-x509.c +++ b/doc/examples/ex-client-x509.c @@ -20,173 +20,161 @@ #define CAFILE "/etc/ssl/certs/ca-certificates.crt" #define MSG "GET / HTTP/1.0\r\n\r\n" -extern int tcp_connect (void); -extern void tcp_close (int sd); -static int _verify_certificate_callback (gnutls_session_t session); +extern int tcp_connect(void); +extern void tcp_close(int sd); +static int _verify_certificate_callback(gnutls_session_t session); -int main (void) +int main(void) { - int ret, sd, ii; - gnutls_session_t session; - char buffer[MAX_BUF + 1]; - const char *err; - gnutls_certificate_credentials_t xcred; - - gnutls_global_init (); - - /* X509 stuff */ - gnutls_certificate_allocate_credentials (&xcred); - - /* sets the trusted cas file - */ - gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM); - gnutls_certificate_set_verify_function (xcred, _verify_certificate_callback); - - /* If client holds a certificate it can be set using the following: - * - gnutls_certificate_set_x509_key_file (xcred, - "cert.pem", "key.pem", - GNUTLS_X509_FMT_PEM); - */ - - /* Initialize TLS session - */ - gnutls_init (&session, GNUTLS_CLIENT); - - gnutls_session_set_ptr (session, (void *) "my_host_name"); - - gnutls_server_name_set (session, GNUTLS_NAME_DNS, "my_host_name", - strlen("my_host_name")); - - /* Use default priorities */ - ret = gnutls_priority_set_direct (session, "NORMAL", &err); - if (ret < 0) - { - if (ret == GNUTLS_E_INVALID_REQUEST) - { - fprintf (stderr, "Syntax error at: %s\n", err); + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + const char *err; + gnutls_certificate_credentials_t xcred; + + gnutls_global_init(); + + /* X509 stuff */ + gnutls_certificate_allocate_credentials(&xcred); + + /* sets the trusted cas file + */ + gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_verify_function(xcred, + _verify_certificate_callback); + + /* If client holds a certificate it can be set using the following: + * + gnutls_certificate_set_x509_key_file (xcred, + "cert.pem", "key.pem", + GNUTLS_X509_FMT_PEM); + */ + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + gnutls_session_set_ptr(session, (void *) "my_host_name"); + + gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name", + strlen("my_host_name")); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, "NORMAL", &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) { + fprintf(stderr, "Syntax error at: %s\n", err); + } + exit(1); } - exit (1); - } - - /* put the x509 credentials to the current session - */ - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); - - /* connect to the peer - */ - sd = tcp_connect (); - - gnutls_transport_set_int (session, sd); - gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); - - /* Perform the TLS handshake - */ - do - { - ret = gnutls_handshake (session); - } - while (ret < 0 && gnutls_error_is_fatal (ret) == 0); - - if (ret < 0) - { - fprintf (stderr, "*** Handshake failed\n"); - gnutls_perror (ret); - goto end; - } - else - { - char* desc; - - desc = gnutls_session_get_desc(session); - printf ("- Session info: %s\n", desc); - gnutls_free(desc); - } - - gnutls_record_send (session, MSG, strlen (MSG)); - - ret = gnutls_record_recv (session, buffer, MAX_BUF); - if (ret == 0) - { - printf ("- Peer has closed the TLS connection\n"); - goto end; - } - else if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - } - else if (ret < 0) - { - fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); - goto end; - } - - if (ret > 0) - { - printf ("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); + + /* put the x509 credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + /* connect to the peer + */ + sd = tcp_connect(); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); } - fputs ("\n", stdout); - } - gnutls_bye (session, GNUTLS_SHUT_RDWR); + gnutls_bye(session, GNUTLS_SHUT_RDWR); -end: + end: - tcp_close (sd); + tcp_close(sd); - gnutls_deinit (session); + gnutls_deinit(session); - gnutls_certificate_free_credentials (xcred); + gnutls_certificate_free_credentials(xcred); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } /* This function will verify the peer's certificate, and check * if the hostname matches, as well as the activation, expiration dates. */ -static int -_verify_certificate_callback (gnutls_session_t session) +static int _verify_certificate_callback(gnutls_session_t session) { - unsigned int status; - int ret, type; - const char *hostname; - gnutls_datum_t out; - - /* read hostname */ - hostname = gnutls_session_get_ptr (session); - - /* This verification function uses the trusted CAs in the credentials - * structure. So you must have installed one or more CA certificates. - */ - ret = gnutls_certificate_verify_peers3 (session, hostname, &status); - if (ret < 0) - { - printf ("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - type = gnutls_certificate_type_get (session); - - ret = gnutls_certificate_verification_status_print( status, type, &out, 0); - if (ret < 0) - { - printf ("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - printf ("%s", out.data); - - gnutls_free(out.data); - - if (status != 0) /* Certificate is not trusted */ - return GNUTLS_E_CERTIFICATE_ERROR; - - /* notify gnutls to continue handshake normally */ - return 0; -} + unsigned int status; + int ret, type; + const char *hostname; + gnutls_datum_t out; + + /* read hostname */ + hostname = gnutls_session_get_ptr(session); + + /* This verification function uses the trusted CAs in the credentials + * structure. So you must have installed one or more CA certificates. + */ + ret = gnutls_certificate_verify_peers3(session, hostname, &status); + if (ret < 0) { + printf("Error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + type = gnutls_certificate_type_get(session); + + ret = + gnutls_certificate_verification_status_print(status, type, + &out, 0); + if (ret < 0) { + printf("Error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + printf("%s", out.data); + + gnutls_free(out.data); + + if (status != 0) /* Certificate is not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + + /* notify gnutls to continue handshake normally */ + return 0; +} diff --git a/doc/examples/ex-client-xssl1.c b/doc/examples/ex-client-xssl1.c index f9d77e61c5..a50b4123a8 100644 --- a/doc/examples/ex-client-xssl1.c +++ b/doc/examples/ex-client-xssl1.c @@ -15,71 +15,68 @@ * is explicit. */ -extern int tcp_connect (void); -extern void tcp_close (int sd); +extern int tcp_connect(void); +extern void tcp_close(int sd); -int main (void) +int main(void) { - int ret; - char *line = NULL; - size_t line_len; - xssl_cred_t cred; - xssl_t sb; - unsigned int status; - int fd; - - gnutls_global_init (); - - fd = tcp_connect (); - - ret = xssl_cred_init(&cred, GNUTLS_VMETHOD_SYSTEM_CAS, NULL, 0); - if (ret < 0) - exit(1); - - /* Initialize TLS session - */ - ret = xssl_client_init(&sb, "www.example.com", NULL, - (gnutls_transport_ptr_t)fd, - NULL, cred, &status, 0); - if (ret < 0) - { - if (ret == GNUTLS_E_AUTH_ERROR) - { - gnutls_datum_t txt; - - gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, - &txt, 0); - - fprintf(stderr, "Verification error (%x): %s\n", status, txt.data); - gnutls_free(txt.data); - } - exit(1); - } + int ret; + char *line = NULL; + size_t line_len; + xssl_cred_t cred; + xssl_t sb; + unsigned int status; + int fd; + + gnutls_global_init(); + + fd = tcp_connect(); + + ret = xssl_cred_init(&cred, GNUTLS_VMETHOD_SYSTEM_CAS, NULL, 0); + if (ret < 0) + exit(1); + + /* Initialize TLS session + */ + ret = xssl_client_init(&sb, "www.example.com", NULL, + (gnutls_transport_ptr_t) fd, + NULL, cred, &status, 0); + if (ret < 0) { + if (ret == GNUTLS_E_AUTH_ERROR) { + gnutls_datum_t txt; + gnutls_certificate_verification_status_print + (status, GNUTLS_CRT_X509, &txt, 0); + + fprintf(stderr, "Verification error (%x): %s\n", + status, txt.data); + gnutls_free(txt.data); + } + exit(1); + } #define REQ "GET / HTTP/1.0\r\n" - ret = xssl_write(sb, REQ, sizeof(REQ)-1); - if (ret < 0) - exit(1); + ret = xssl_write(sb, REQ, sizeof(REQ) - 1); + if (ret < 0) + exit(1); + + do { + ret = xssl_getline(sb, &line, &line_len); + if (ret < 0) + exit(1); + + fprintf(stderr, "received: %s\n", line); + } + while (ret >= 0); - do - { - ret = xssl_getline(sb, &line, &line_len); - if (ret < 0) - exit(1); - - fprintf(stderr, "received: %s\n", line); - } - while (ret >= 0); + gnutls_free(line); - gnutls_free(line); + xssl_deinit(sb); - xssl_deinit(sb); + tcp_close(fd); - tcp_close (fd); + xssl_cred_deinit(cred); - xssl_cred_deinit (cred); + gnutls_global_deinit(); - gnutls_global_deinit (); - - return 0; + return 0; } diff --git a/doc/examples/ex-client-xssl2.c b/doc/examples/ex-client-xssl2.c index d29735ce23..f457f315c4 100644 --- a/doc/examples/ex-client-xssl2.c +++ b/doc/examples/ex-client-xssl2.c @@ -15,86 +15,85 @@ * with a fixed CA, and trust on first use. */ -extern int tcp_connect (void); -extern void tcp_close (int sd); +extern int tcp_connect(void); +extern void tcp_close(int sd); -int main (void) +int main(void) { - int ret; - char *line = NULL; - size_t line_len; - xssl_cred_t cred; - xssl_t sb; - gnutls_cinput_st aux[2]; - unsigned aux_size = 0; - unsigned int status; - int fd; - - gnutls_global_init (); - - fd = tcp_connect (); - - aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE; - aux[aux_size].contents = GNUTLS_CINPUT_CAS; - aux[aux_size].fmt = GNUTLS_X509_FMT_PEM; - aux[aux_size].i1.file = "/path/to/ca/file"; - aux_size++; - - /* This may be skipped to use the default DB file */ - aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE; - aux[aux_size].contents = GNUTLS_CINPUT_TOFU_DB; - aux[aux_size].i1.file = "/path/to/trust/db/file"; - aux_size++; - - ret = xssl_cred_init(&cred, GNUTLS_VMETHOD_GIVEN_CAS|GNUTLS_VMETHOD_TOFU, - aux, aux_size); - if (ret < 0) - exit(1); - - /* Initialize TLS session - */ - ret = xssl_client_init(&sb, "www.example.com", NULL, - (gnutls_transport_ptr_t)fd, - NULL, cred, &status, 0); - if (ret < 0) - { - if (ret == GNUTLS_E_AUTH_ERROR) - { - gnutls_datum_t txt; - - gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, - &txt, 0); - - fprintf(stderr, "Verification error (%x): %s\n", status, txt.data); - gnutls_free(txt.data); + int ret; + char *line = NULL; + size_t line_len; + xssl_cred_t cred; + xssl_t sb; + gnutls_cinput_st aux[2]; + unsigned aux_size = 0; + unsigned int status; + int fd; + + gnutls_global_init(); + + fd = tcp_connect(); + + aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE; + aux[aux_size].contents = GNUTLS_CINPUT_CAS; + aux[aux_size].fmt = GNUTLS_X509_FMT_PEM; + aux[aux_size].i1.file = "/path/to/ca/file"; + aux_size++; + + /* This may be skipped to use the default DB file */ + aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE; + aux[aux_size].contents = GNUTLS_CINPUT_TOFU_DB; + aux[aux_size].i1.file = "/path/to/trust/db/file"; + aux_size++; + + ret = + xssl_cred_init(&cred, + GNUTLS_VMETHOD_GIVEN_CAS | GNUTLS_VMETHOD_TOFU, + aux, aux_size); + if (ret < 0) + exit(1); + + /* Initialize TLS session + */ + ret = xssl_client_init(&sb, "www.example.com", NULL, + (gnutls_transport_ptr_t) fd, + NULL, cred, &status, 0); + if (ret < 0) { + if (ret == GNUTLS_E_AUTH_ERROR) { + gnutls_datum_t txt; + + gnutls_certificate_verification_status_print + (status, GNUTLS_CRT_X509, &txt, 0); + + fprintf(stderr, "Verification error (%x): %s\n", + status, txt.data); + gnutls_free(txt.data); + } + exit(1); } - exit(1); - } - #define REQ "GET / HTTP/1.0\r\n" - ret = xssl_write(sb, REQ, sizeof(REQ)-1); - if (ret < 0) - exit(1); + ret = xssl_write(sb, REQ, sizeof(REQ) - 1); + if (ret < 0) + exit(1); + + do { + ret = xssl_getline(sb, &line, &line_len); + if (ret < 0) + exit(1); + + fprintf(stderr, "received: %s\n", line); + } + while (ret >= 0); - do - { - ret = xssl_getline(sb, &line, &line_len); - if (ret < 0) - exit(1); - - fprintf(stderr, "received: %s\n", line); - } - while (ret >= 0); + gnutls_free(line); - gnutls_free(line); + xssl_deinit(sb); - xssl_deinit(sb); + tcp_close(fd); - tcp_close (fd); + xssl_cred_deinit(cred); - xssl_cred_deinit (cred); + gnutls_global_deinit(); - gnutls_global_deinit (); - - return 0; + return 0; } diff --git a/doc/examples/ex-crq.c b/doc/examples/ex-crq.c index f452460eab..448138573a 100644 --- a/doc/examples/ex-crq.c +++ b/doc/examples/ex-crq.c @@ -16,72 +16,76 @@ * request. */ -int -main (void) +int main(void) { - gnutls_x509_crq_t crq; - gnutls_x509_privkey_t key; - unsigned char buffer[10 * 1024]; - size_t buffer_size = sizeof (buffer); - unsigned int bits; + gnutls_x509_crq_t crq; + gnutls_x509_privkey_t key; + unsigned char buffer[10 * 1024]; + size_t buffer_size = sizeof(buffer); + unsigned int bits; - gnutls_global_init (); + gnutls_global_init(); - /* Initialize an empty certificate request, and - * an empty private key. - */ - gnutls_x509_crq_init (&crq); + /* Initialize an empty certificate request, and + * an empty private key. + */ + gnutls_x509_crq_init(&crq); - gnutls_x509_privkey_init (&key); + gnutls_x509_privkey_init(&key); - /* Generate an RSA key of moderate security. - */ - bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_NORMAL); - gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, bits, 0); + /* Generate an RSA key of moderate security. + */ + bits = + gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA, + GNUTLS_SEC_PARAM_NORMAL); + gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, bits, 0); - /* Add stuff to the distinguished name - */ - gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COUNTRY_NAME, - 0, "GR", 2); + /* Add stuff to the distinguished name + */ + gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COUNTRY_NAME, + 0, "GR", 2); - gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME, - 0, "Nikos", strlen ("Nikos")); + gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, + 0, "Nikos", strlen("Nikos")); - /* Set the request version. - */ - gnutls_x509_crq_set_version (crq, 1); + /* Set the request version. + */ + gnutls_x509_crq_set_version(crq, 1); - /* Set a challenge password. - */ - gnutls_x509_crq_set_challenge_password (crq, "something to remember here"); + /* Set a challenge password. + */ + gnutls_x509_crq_set_challenge_password(crq, + "something to remember here"); - /* Associate the request with the private key - */ - gnutls_x509_crq_set_key (crq, key); + /* Associate the request with the private key + */ + gnutls_x509_crq_set_key(crq, key); - /* Self sign the certificate request. - */ - gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0); + /* Self sign the certificate request. + */ + gnutls_x509_crq_sign2(crq, key, GNUTLS_DIG_SHA1, 0); - /* Export the PEM encoded certificate request, and - * display it. - */ - gnutls_x509_crq_export (crq, GNUTLS_X509_FMT_PEM, buffer, &buffer_size); + /* Export the PEM encoded certificate request, and + * display it. + */ + gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buffer, + &buffer_size); - printf ("Certificate Request: \n%s", buffer); + printf("Certificate Request: \n%s", buffer); - /* Export the PEM encoded private key, and - * display it. - */ - buffer_size = sizeof (buffer); - gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &buffer_size); + /* Export the PEM encoded private key, and + * display it. + */ + buffer_size = sizeof(buffer); + gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer, + &buffer_size); - printf ("\n\nPrivate key: \n%s", buffer); + printf("\n\nPrivate key: \n%s", buffer); - gnutls_x509_crq_deinit (crq); - gnutls_x509_privkey_deinit (key); + gnutls_x509_crq_deinit(crq); + gnutls_x509_privkey_deinit(key); - return 0; + return 0; } diff --git a/doc/examples/ex-ocsp-client.c b/doc/examples/ex-ocsp-client.c index 6373fc24e6..a995c2c81f 100644 --- a/doc/examples/ex-ocsp-client.c +++ b/doc/examples/ex-ocsp-client.c @@ -15,16 +15,15 @@ #endif #include "read-file.h" -size_t get_data (void *buffer, size_t size, size_t nmemb, - void *userp); -static gnutls_x509_crt_t load_cert (const char *cert_file); -static void _response_info (const gnutls_datum_t * data); +size_t get_data(void *buffer, size_t size, size_t nmemb, void *userp); +static gnutls_x509_crt_t load_cert(const char *cert_file); +static void _response_info(const gnutls_datum_t * data); static void -_generate_request (gnutls_datum_t * rdata, gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer); +_generate_request(gnutls_datum_t * rdata, gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer); static int -_verify_response (gnutls_datum_t * data, gnutls_x509_crt_t cert, - gnutls_x509_crt_t signer); +_verify_response(gnutls_datum_t * data, gnutls_x509_crt_t cert, + gnutls_x509_crt_t signer); /* This program queries an OCSP server. It expects three files. argv[1] containing the certificate to @@ -35,282 +34,273 @@ _verify_response (gnutls_datum_t * data, gnutls_x509_crt_t cert, For simplicity the libcurl library is used. */ -int -main (int argc, char *argv[]) +int main(int argc, char *argv[]) { - gnutls_datum_t ud, tmp; - int ret; - gnutls_datum_t req; - gnutls_x509_crt_t cert, issuer, signer; + gnutls_datum_t ud, tmp; + int ret; + gnutls_datum_t req; + gnutls_x509_crt_t cert, issuer, signer; #ifndef NO_LIBCURL - CURL *handle; - struct curl_slist *headers = NULL; + CURL *handle; + struct curl_slist *headers = NULL; #endif - int v, seq; - const char *cert_file = argv[1]; - const char *issuer_file = argv[2]; - const char *signer_file = argv[3]; - char *hostname = NULL; - - gnutls_global_init (); - - if (argc > 4) - hostname = argv[4]; - - cert = load_cert (cert_file); - issuer = load_cert (issuer_file); - signer = load_cert (signer_file); - - if (hostname == NULL) - { - - for (seq = 0;; seq++) - { - ret = gnutls_x509_crt_get_authority_info_access (cert, seq, - GNUTLS_IA_OCSP_URI, - &tmp, - NULL); - if (ret == GNUTLS_E_UNKNOWN_ALGORITHM) - continue; - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - { - fprintf (stderr, - "No URI was found in the certificate.\n"); - exit (1); - } - if (ret < 0) - { - fprintf (stderr, "error: %s\n", - gnutls_strerror (ret)); - exit (1); - } - - printf ("CA issuers URI: %.*s\n", tmp.size, tmp.data); - - hostname = malloc (tmp.size + 1); - memcpy (hostname, tmp.data, tmp.size); - hostname[tmp.size] = 0; - - gnutls_free (tmp.data); - break; - } - - } - - /* Note that the OCSP servers hostname might be available - * using gnutls_x509_crt_get_authority_info_access() in the issuer's - * certificate */ - - memset (&ud, 0, sizeof (ud)); - fprintf (stderr, "Connecting to %s\n", hostname); - - _generate_request (&req, cert, issuer); + int v, seq; + const char *cert_file = argv[1]; + const char *issuer_file = argv[2]; + const char *signer_file = argv[3]; + char *hostname = NULL; + + gnutls_global_init(); + + if (argc > 4) + hostname = argv[4]; + + cert = load_cert(cert_file); + issuer = load_cert(issuer_file); + signer = load_cert(signer_file); + + if (hostname == NULL) { + + for (seq = 0;; seq++) { + ret = + gnutls_x509_crt_get_authority_info_access(cert, + seq, + GNUTLS_IA_OCSP_URI, + &tmp, + NULL); + if (ret == GNUTLS_E_UNKNOWN_ALGORITHM) + continue; + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fprintf(stderr, + "No URI was found in the certificate.\n"); + exit(1); + } + if (ret < 0) { + fprintf(stderr, "error: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + printf("CA issuers URI: %.*s\n", tmp.size, + tmp.data); + + hostname = malloc(tmp.size + 1); + memcpy(hostname, tmp.data, tmp.size); + hostname[tmp.size] = 0; + + gnutls_free(tmp.data); + break; + } + + } + + /* Note that the OCSP servers hostname might be available + * using gnutls_x509_crt_get_authority_info_access() in the issuer's + * certificate */ + + memset(&ud, 0, sizeof(ud)); + fprintf(stderr, "Connecting to %s\n", hostname); + + _generate_request(&req, cert, issuer); #ifndef NO_LIBCURL - curl_global_init (CURL_GLOBAL_ALL); - - handle = curl_easy_init (); - if (handle == NULL) - exit (1); - - headers = - curl_slist_append (headers, - "Content-Type: application/ocsp-request"); - - curl_easy_setopt (handle, CURLOPT_HTTPHEADER, headers); - curl_easy_setopt (handle, CURLOPT_POSTFIELDS, (void *) req.data); - curl_easy_setopt (handle, CURLOPT_POSTFIELDSIZE, req.size); - curl_easy_setopt (handle, CURLOPT_URL, hostname); - curl_easy_setopt (handle, CURLOPT_WRITEFUNCTION, get_data); - curl_easy_setopt (handle, CURLOPT_WRITEDATA, &ud); - - ret = curl_easy_perform (handle); - if (ret != 0) - { - fprintf (stderr, "curl[%d] error %d\n", __LINE__, ret); - exit (1); - } - - curl_easy_cleanup (handle); + curl_global_init(CURL_GLOBAL_ALL); + + handle = curl_easy_init(); + if (handle == NULL) + exit(1); + + headers = + curl_slist_append(headers, + "Content-Type: application/ocsp-request"); + + curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers); + curl_easy_setopt(handle, CURLOPT_POSTFIELDS, (void *) req.data); + curl_easy_setopt(handle, CURLOPT_POSTFIELDSIZE, req.size); + curl_easy_setopt(handle, CURLOPT_URL, hostname); + curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, get_data); + curl_easy_setopt(handle, CURLOPT_WRITEDATA, &ud); + + ret = curl_easy_perform(handle); + if (ret != 0) { + fprintf(stderr, "curl[%d] error %d\n", __LINE__, ret); + exit(1); + } + + curl_easy_cleanup(handle); #endif - _response_info (&ud); + _response_info(&ud); - v = _verify_response (&ud, cert, signer); + v = _verify_response(&ud, cert, signer); - gnutls_x509_crt_deinit (cert); - gnutls_x509_crt_deinit (issuer); - gnutls_x509_crt_deinit (signer); - gnutls_global_deinit (); + gnutls_x509_crt_deinit(cert); + gnutls_x509_crt_deinit(issuer); + gnutls_x509_crt_deinit(signer); + gnutls_global_deinit(); - return v; + return v; } -static void -_response_info (const gnutls_datum_t * data) +static void _response_info(const gnutls_datum_t * data) { - gnutls_ocsp_resp_t resp; - int ret; - gnutls_datum buf; + gnutls_ocsp_resp_t resp; + int ret; + gnutls_datum buf; - ret = gnutls_ocsp_resp_init (&resp); - if (ret < 0) - exit (1); + ret = gnutls_ocsp_resp_init(&resp); + if (ret < 0) + exit(1); - ret = gnutls_ocsp_resp_import (resp, data); - if (ret < 0) - exit (1); + ret = gnutls_ocsp_resp_import(resp, data); + if (ret < 0) + exit(1); - ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_FULL, &buf); - if (ret != 0) - exit (1); + ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &buf); + if (ret != 0) + exit(1); - printf ("%.*s", buf.size, buf.data); - gnutls_free (buf.data); + printf("%.*s", buf.size, buf.data); + gnutls_free(buf.data); - gnutls_ocsp_resp_deinit (resp); + gnutls_ocsp_resp_deinit(resp); } -static gnutls_x509_crt_t -load_cert (const char *cert_file) +static gnutls_x509_crt_t load_cert(const char *cert_file) { - gnutls_x509_crt_t crt; - int ret; - gnutls_datum_t data; - size_t size; - - ret = gnutls_x509_crt_init (&crt); - if (ret < 0) - exit (1); - - data.data = (void *) read_binary_file (cert_file, &size); - data.size = size; - - if (!data.data) - { - fprintf (stderr, "Cannot open file: %s\n", cert_file); - exit (1); - } - - ret = gnutls_x509_crt_import (crt, &data, GNUTLS_X509_FMT_PEM); - free (data.data); - if (ret < 0) - { - fprintf (stderr, "Cannot import certificate in %s: %s\n", - cert_file, gnutls_strerror (ret)); - exit (1); - } - - return crt; + gnutls_x509_crt_t crt; + int ret; + gnutls_datum_t data; + size_t size; + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + exit(1); + + data.data = (void *) read_binary_file(cert_file, &size); + data.size = size; + + if (!data.data) { + fprintf(stderr, "Cannot open file: %s\n", cert_file); + exit(1); + } + + ret = gnutls_x509_crt_import(crt, &data, GNUTLS_X509_FMT_PEM); + free(data.data); + if (ret < 0) { + fprintf(stderr, "Cannot import certificate in %s: %s\n", + cert_file, gnutls_strerror(ret)); + exit(1); + } + + return crt; } static void -_generate_request (gnutls_datum_t * rdata, gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer) +_generate_request(gnutls_datum_t * rdata, gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer) { - gnutls_ocsp_req_t req; - int ret; - unsigned char noncebuf[23]; - gnutls_datum_t nonce = { noncebuf, sizeof (noncebuf) }; + gnutls_ocsp_req_t req; + int ret; + unsigned char noncebuf[23]; + gnutls_datum_t nonce = { noncebuf, sizeof(noncebuf) }; - ret = gnutls_ocsp_req_init (&req); - if (ret < 0) - exit (1); + ret = gnutls_ocsp_req_init(&req); + if (ret < 0) + exit(1); - ret = gnutls_ocsp_req_add_cert (req, GNUTLS_DIG_SHA1, issuer, cert); - if (ret < 0) - exit (1); + ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1, issuer, cert); + if (ret < 0) + exit(1); - ret = gnutls_rnd (GNUTLS_RND_RANDOM, nonce.data, nonce.size); - if (ret < 0) - exit (1); + ret = gnutls_rnd(GNUTLS_RND_RANDOM, nonce.data, nonce.size); + if (ret < 0) + exit(1); - ret = gnutls_ocsp_req_set_nonce (req, 0, &nonce); - if (ret < 0) - exit (1); + ret = gnutls_ocsp_req_set_nonce(req, 0, &nonce); + if (ret < 0) + exit(1); - ret = gnutls_ocsp_req_export (req, rdata); - if (ret != 0) - exit (1); + ret = gnutls_ocsp_req_export(req, rdata); + if (ret != 0) + exit(1); - gnutls_ocsp_req_deinit (req); + gnutls_ocsp_req_deinit(req); - return; + return; } static int -_verify_response (gnutls_datum_t * data, gnutls_x509_crt_t cert, - gnutls_x509_crt_t signer) +_verify_response(gnutls_datum_t * data, gnutls_x509_crt_t cert, + gnutls_x509_crt_t signer) { - gnutls_ocsp_resp_t resp; - int ret; - unsigned verify; + gnutls_ocsp_resp_t resp; + int ret; + unsigned verify; + + ret = gnutls_ocsp_resp_init(&resp); + if (ret < 0) + exit(1); - ret = gnutls_ocsp_resp_init (&resp); - if (ret < 0) - exit (1); + ret = gnutls_ocsp_resp_import(resp, data); + if (ret < 0) + exit(1); - ret = gnutls_ocsp_resp_import (resp, data); - if (ret < 0) - exit (1); - - ret = gnutls_ocsp_resp_check_crt (resp, 0, cert); - if (ret < 0) - exit(1); + ret = gnutls_ocsp_resp_check_crt(resp, 0, cert); + if (ret < 0) + exit(1); - ret = gnutls_ocsp_resp_verify_direct (resp, signer, &verify, 0); - if (ret < 0) - exit (1); + ret = gnutls_ocsp_resp_verify_direct(resp, signer, &verify, 0); + if (ret < 0) + exit(1); - printf ("Verifying OCSP Response: "); - if (verify == 0) - printf ("Verification success!\n"); - else - printf ("Verification error!\n"); + printf("Verifying OCSP Response: "); + if (verify == 0) + printf("Verification success!\n"); + else + printf("Verification error!\n"); - if (verify & GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND) - printf ("Signer cert not found\n"); + if (verify & GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND) + printf("Signer cert not found\n"); - if (verify & GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR) - printf ("Signer cert keyusage error\n"); + if (verify & GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR) + printf("Signer cert keyusage error\n"); - if (verify & GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) - printf ("Signer cert is not trusted\n"); + if (verify & GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) + printf("Signer cert is not trusted\n"); - if (verify & GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) - printf ("Insecure algorithm\n"); + if (verify & GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) + printf("Insecure algorithm\n"); - if (verify & GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE) - printf ("Signature failure\n"); + if (verify & GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE) + printf("Signature failure\n"); - if (verify & GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED) - printf ("Signer cert not yet activated\n"); + if (verify & GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED) + printf("Signer cert not yet activated\n"); - if (verify & GNUTLS_OCSP_VERIFY_CERT_EXPIRED) - printf ("Signer cert expired\n"); + if (verify & GNUTLS_OCSP_VERIFY_CERT_EXPIRED) + printf("Signer cert expired\n"); - gnutls_ocsp_resp_deinit (resp); + gnutls_ocsp_resp_deinit(resp); - return verify; + return verify; } -size_t -get_data (void *buffer, size_t size, size_t nmemb, void *userp) +size_t get_data(void *buffer, size_t size, size_t nmemb, void *userp) { - gnutls_datum_t *ud = userp; + gnutls_datum_t *ud = userp; - size *= nmemb; + size *= nmemb; - ud->data = realloc (ud->data, size + ud->size); - if (ud->data == NULL) - { - fprintf (stderr, "Not enough memory for the request\n"); - exit (1); - } + ud->data = realloc(ud->data, size + ud->size); + if (ud->data == NULL) { + fprintf(stderr, "Not enough memory for the request\n"); + exit(1); + } - memcpy (&ud->data[ud->size], buffer, size); - ud->size += size; + memcpy(&ud->data[ud->size], buffer, size); + ud->size += size; - return size; + return size; } diff --git a/doc/examples/ex-pkcs11-list.c b/doc/examples/ex-pkcs11-list.c index 70849beada..5091161890 100644 --- a/doc/examples/ex-pkcs11-list.c +++ b/doc/examples/ex-pkcs11-list.c @@ -8,45 +8,43 @@ #define URL "pkcs11:URL" -int -main (int argc, char** argv) +int main(int argc, char **argv) { - gnutls_pkcs11_obj_t *obj_list; - gnutls_x509_crt_t xcrt; - unsigned int obj_list_size = 0; - gnutls_datum_t cinfo; - int ret; - unsigned int i; - - obj_list_size = 0; - ret = gnutls_pkcs11_obj_list_import_url (NULL, &obj_list_size, URL, - GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, - 0); - if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - return -1; + gnutls_pkcs11_obj_t *obj_list; + gnutls_x509_crt_t xcrt; + unsigned int obj_list_size = 0; + gnutls_datum_t cinfo; + int ret; + unsigned int i; + + obj_list_size = 0; + ret = gnutls_pkcs11_obj_list_import_url(NULL, &obj_list_size, URL, + GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, + 0); + if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + return -1; /* no error checking from now on */ - obj_list = malloc (sizeof (*obj_list) * obj_list_size); + obj_list = malloc(sizeof(*obj_list) * obj_list_size); - gnutls_pkcs11_obj_list_import_url (obj_list, &obj_list_size, URL, - GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, - 0); + gnutls_pkcs11_obj_list_import_url(obj_list, &obj_list_size, URL, + GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, + 0); /* now all certificates are in obj_list */ - for (i = 0; i < obj_list_size; i++) - { + for (i = 0; i < obj_list_size; i++) { - gnutls_x509_crt_init (&xcrt); + gnutls_x509_crt_init(&xcrt); - gnutls_x509_crt_import_pkcs11 (xcrt, obj_list[i]); + gnutls_x509_crt_import_pkcs11(xcrt, obj_list[i]); - gnutls_x509_crt_print (xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo); + gnutls_x509_crt_print(xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo); - fprintf (stdout, "cert[%d]:\n %s\n\n", i, cinfo.data); + fprintf(stdout, "cert[%d]:\n %s\n\n", i, cinfo.data); - gnutls_free (cinfo.data); - gnutls_x509_crt_deinit (xcrt); - } + gnutls_free(cinfo.data); + gnutls_x509_crt_deinit(xcrt); + } - return 0; + return 0; } diff --git a/doc/examples/ex-pkcs12.c b/doc/examples/ex-pkcs12.c index 69e7987618..7890518f94 100644 --- a/doc/examples/ex-pkcs12.c +++ b/doc/examples/ex-pkcs12.c @@ -20,115 +20,113 @@ * password: is the password used to encrypt the PKCS #12 packet. */ int -write_pkcs12 (const gnutls_datum_t * cert, - const gnutls_datum_t * pkcs8_key, const char *password) +write_pkcs12(const gnutls_datum_t * cert, + const gnutls_datum_t * pkcs8_key, const char *password) { - gnutls_pkcs12_t pkcs12; - int ret, bag_index; - gnutls_pkcs12_bag_t bag, key_bag; - char pkcs12_struct[10 * 1024]; - size_t pkcs12_struct_size; - FILE *fd; - - /* A good idea might be to use gnutls_x509_privkey_get_key_id() - * to obtain a unique ID. - */ - gnutls_datum_t key_id = { (void *) "\x00\x00\x07", 3 }; - - gnutls_global_init (); - - /* Firstly we create two helper bags, which hold the certificate, - * and the (encrypted) key. - */ - - gnutls_pkcs12_bag_init (&bag); - gnutls_pkcs12_bag_init (&key_bag); - - ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CERTIFICATE, cert); - if (ret < 0) - { - fprintf (stderr, "ret: %s\n", gnutls_strerror (ret)); - return 1; - } - - /* ret now holds the bag's index. - */ - bag_index = ret; - - /* Associate a friendly name with the given certificate. Used - * by browsers. - */ - gnutls_pkcs12_bag_set_friendly_name (bag, bag_index, "My name"); - - /* Associate the certificate with the key using a unique key - * ID. - */ - gnutls_pkcs12_bag_set_key_id (bag, bag_index, &key_id); - - /* use weak encryption for the certificate. - */ - gnutls_pkcs12_bag_encrypt (bag, password, GNUTLS_PKCS_USE_PKCS12_RC2_40); - - /* Now the key. - */ - - ret = gnutls_pkcs12_bag_set_data (key_bag, - GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, - pkcs8_key); - if (ret < 0) - { - fprintf (stderr, "ret: %s\n", gnutls_strerror (ret)); - return 1; - } - - /* Note that since the PKCS #8 key is already encrypted we don't - * bother encrypting that bag. - */ - bag_index = ret; - - gnutls_pkcs12_bag_set_friendly_name (key_bag, bag_index, "My name"); - - gnutls_pkcs12_bag_set_key_id (key_bag, bag_index, &key_id); - - - /* The bags were filled. Now create the PKCS #12 structure. - */ - gnutls_pkcs12_init (&pkcs12); - - /* Insert the two bags in the PKCS #12 structure. - */ - - gnutls_pkcs12_set_bag (pkcs12, bag); - gnutls_pkcs12_set_bag (pkcs12, key_bag); - - - /* Generate a message authentication code for the PKCS #12 - * structure. - */ - gnutls_pkcs12_generate_mac (pkcs12, password); - - pkcs12_struct_size = sizeof (pkcs12_struct); - ret = - gnutls_pkcs12_export (pkcs12, GNUTLS_X509_FMT_DER, pkcs12_struct, - &pkcs12_struct_size); - if (ret < 0) - { - fprintf (stderr, "ret: %s\n", gnutls_strerror (ret)); - return 1; - } - - fd = fopen (OUTFILE, "w"); - if (fd == NULL) - { - fprintf (stderr, "cannot open file\n"); - return 1; - } - fwrite (pkcs12_struct, 1, pkcs12_struct_size, fd); - fclose (fd); - - gnutls_pkcs12_bag_deinit (bag); - gnutls_pkcs12_bag_deinit (key_bag); - gnutls_pkcs12_deinit (pkcs12); - - return 0; + gnutls_pkcs12_t pkcs12; + int ret, bag_index; + gnutls_pkcs12_bag_t bag, key_bag; + char pkcs12_struct[10 * 1024]; + size_t pkcs12_struct_size; + FILE *fd; + + /* A good idea might be to use gnutls_x509_privkey_get_key_id() + * to obtain a unique ID. + */ + gnutls_datum_t key_id = { (void *) "\x00\x00\x07", 3 }; + + gnutls_global_init(); + + /* Firstly we create two helper bags, which hold the certificate, + * and the (encrypted) key. + */ + + gnutls_pkcs12_bag_init(&bag); + gnutls_pkcs12_bag_init(&key_bag); + + ret = + gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CERTIFICATE, cert); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + return 1; + } + + /* ret now holds the bag's index. + */ + bag_index = ret; + + /* Associate a friendly name with the given certificate. Used + * by browsers. + */ + gnutls_pkcs12_bag_set_friendly_name(bag, bag_index, "My name"); + + /* Associate the certificate with the key using a unique key + * ID. + */ + gnutls_pkcs12_bag_set_key_id(bag, bag_index, &key_id); + + /* use weak encryption for the certificate. + */ + gnutls_pkcs12_bag_encrypt(bag, password, + GNUTLS_PKCS_USE_PKCS12_RC2_40); + + /* Now the key. + */ + + ret = gnutls_pkcs12_bag_set_data(key_bag, + GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, + pkcs8_key); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + return 1; + } + + /* Note that since the PKCS #8 key is already encrypted we don't + * bother encrypting that bag. + */ + bag_index = ret; + + gnutls_pkcs12_bag_set_friendly_name(key_bag, bag_index, "My name"); + + gnutls_pkcs12_bag_set_key_id(key_bag, bag_index, &key_id); + + + /* The bags were filled. Now create the PKCS #12 structure. + */ + gnutls_pkcs12_init(&pkcs12); + + /* Insert the two bags in the PKCS #12 structure. + */ + + gnutls_pkcs12_set_bag(pkcs12, bag); + gnutls_pkcs12_set_bag(pkcs12, key_bag); + + + /* Generate a message authentication code for the PKCS #12 + * structure. + */ + gnutls_pkcs12_generate_mac(pkcs12, password); + + pkcs12_struct_size = sizeof(pkcs12_struct); + ret = + gnutls_pkcs12_export(pkcs12, GNUTLS_X509_FMT_DER, + pkcs12_struct, &pkcs12_struct_size); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + return 1; + } + + fd = fopen(OUTFILE, "w"); + if (fd == NULL) { + fprintf(stderr, "cannot open file\n"); + return 1; + } + fwrite(pkcs12_struct, 1, pkcs12_struct_size, fd); + fclose(fd); + + gnutls_pkcs12_bag_deinit(bag); + gnutls_pkcs12_bag_deinit(key_bag); + gnutls_pkcs12_deinit(pkcs12); + + return 0; } diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c index 727ed16bd6..fd24cbfa1f 100644 --- a/doc/examples/ex-serv-anon.c +++ b/doc/examples/ex-serv-anon.c @@ -26,141 +26,137 @@ /* These are global */ static gnutls_dh_params_t dh_params; -static int -generate_dh_params (void) +static int generate_dh_params(void) { - unsigned int bits = - gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY); - /* Generate Diffie-Hellman parameters - for use with DHE - * kx algorithms. These should be discarded and regenerated - * once a day, once a week or once a month. Depending on the - * security requirements. - */ - gnutls_dh_params_init (&dh_params); - gnutls_dh_params_generate2 (dh_params, bits); - - return 0; + unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, + GNUTLS_SEC_PARAM_LEGACY); + /* Generate Diffie-Hellman parameters - for use with DHE + * kx algorithms. These should be discarded and regenerated + * once a day, once a week or once a month. Depending on the + * security requirements. + */ + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_generate2(dh_params, bits); + + return 0; } -int -main (void) +int main(void) { - int err, listen_sd; - int sd, ret; - struct sockaddr_in sa_serv; - struct sockaddr_in sa_cli; - socklen_t client_len; - char topbuf[512]; - gnutls_session_t session; - gnutls_anon_server_credentials_t anoncred; - char buffer[MAX_BUF + 1]; - int optval = 1; + int err, listen_sd; + int sd, ret; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + socklen_t client_len; + char topbuf[512]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + char buffer[MAX_BUF + 1]; + int optval = 1; + + /* this must be called once in the program + */ + gnutls_global_init(); + + gnutls_anon_allocate_server_credentials(&anoncred); + + generate_dh_params(); + + gnutls_anon_set_server_dh_params(anoncred, dh_params); + + /* Socket operations + */ + listen_sd = socket(AF_INET, SOCK_STREAM, 0); + SOCKET_ERR(listen_sd, "socket"); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); /* Server Port number */ + + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof(int)); + + err = + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + SOCKET_ERR(err, "bind"); + err = listen(listen_sd, 1024); + SOCKET_ERR(err, "listen"); + + printf("Server ready. Listening to port '%d'.\n\n", PORT); + + client_len = sizeof(sa_cli); + for (;;) { + gnutls_init(&session, GNUTLS_SERVER); + gnutls_priority_set_direct(session, + "NORMAL:+ANON-ECDH:+ANON-DH", + NULL); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + sd = accept(listen_sd, (struct sockaddr *) &sa_cli, + &client_len); + + printf("- connection from %s, port %d\n", + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, + sizeof(topbuf)), ntohs(sa_cli.sin_port)); + + gnutls_transport_set_int(session, sd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fprintf(stderr, + "*** Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + continue; + } + printf("- Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + printf + ("\n- Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0 + && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", + ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, ret); + } + } + printf("\n"); + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); - /* this must be called once in the program - */ - gnutls_global_init (); - - gnutls_anon_allocate_server_credentials (&anoncred); - - generate_dh_params (); - - gnutls_anon_set_server_dh_params (anoncred, dh_params); - - /* Socket operations - */ - listen_sd = socket (AF_INET, SOCK_STREAM, 0); - SOCKET_ERR (listen_sd, "socket"); - - memset (&sa_serv, '\0', sizeof (sa_serv)); - sa_serv.sin_family = AF_INET; - sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ - - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); - - err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv)); - SOCKET_ERR (err, "bind"); - err = listen (listen_sd, 1024); - SOCKET_ERR (err, "listen"); - - printf ("Server ready. Listening to port '%d'.\n\n", PORT); - - client_len = sizeof (sa_cli); - for (;;) - { - gnutls_init (&session, GNUTLS_SERVER); - gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL); - gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred); - - sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len); - - printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); - - gnutls_transport_set_int (session, sd); - - do - { - ret = gnutls_handshake (session); } - while (ret < 0 && gnutls_error_is_fatal (ret) == 0); - - if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - continue; - } - printf ("- Handshake was completed\n"); - - /* see the Getting peer's information example */ - /* print_info(session); */ - - for (;;) - { - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("\n- Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - } - else if (ret < 0) - { - fprintf (stderr, "\n*** Received corrupted " - "data(%d). Closing the connection.\n\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, ret); - } - } - printf ("\n"); - /* do not wait for the peer to close the connection. - */ - gnutls_bye (session, GNUTLS_SHUT_WR); - - close (sd); - gnutls_deinit (session); - - } - close (listen_sd); + close(listen_sd); - gnutls_anon_free_server_credentials (anoncred); + gnutls_anon_free_server_credentials(anoncred); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } diff --git a/doc/examples/ex-serv-dtls.c b/doc/examples/ex-serv-dtls.c index 8b33a444bd..7e35bbca32 100644 --- a/doc/examples/ex-serv-dtls.c +++ b/doc/examples/ex-serv-dtls.c @@ -30,22 +30,22 @@ #define MAX_BUFFER 1024 #define PORT 5556 -typedef struct -{ - gnutls_session_t session; - int fd; - struct sockaddr *cli_addr; - socklen_t cli_addr_size; +typedef struct { + gnutls_session_t session; + int fd; + struct sockaddr *cli_addr; + socklen_t cli_addr_size; } priv_data_st; -static int pull_timeout_func (gnutls_transport_ptr_t ptr, unsigned int ms); -static ssize_t push_func (gnutls_transport_ptr_t p, const void *data, - size_t size); -static ssize_t pull_func (gnutls_transport_ptr_t p, void *data, size_t size); -static const char *human_addr (const struct sockaddr *sa, socklen_t salen, - char *buf, size_t buflen); -static int wait_for_connection (int fd); -static int generate_dh_params (void); +static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms); +static ssize_t push_func(gnutls_transport_ptr_t p, const void *data, + size_t size); +static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, + size_t size); +static const char *human_addr(const struct sockaddr *sa, socklen_t salen, + char *buf, size_t buflen); +static int wait_for_connection(int fd); +static int generate_dh_params(void); /* Use global credentials and parameters to simplify * the example. */ @@ -53,386 +53,386 @@ static gnutls_certificate_credentials_t x509_cred; static gnutls_priority_t priority_cache; static gnutls_dh_params_t dh_params; -int -main (void) +int main(void) { - int listen_sd; - int sock, ret; - struct sockaddr_in sa_serv; - struct sockaddr_in cli_addr; - socklen_t cli_addr_size; - gnutls_session_t session; - char buffer[MAX_BUFFER]; - priv_data_st priv; - gnutls_datum_t cookie_key; - gnutls_dtls_prestate_st prestate; - int mtu = 1400; - unsigned char sequence[8]; - - /* this must be called once in the program - */ - gnutls_global_init (); - - gnutls_certificate_allocate_credentials (&x509_cred); - gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE, - GNUTLS_X509_FMT_PEM); - - gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE, - GNUTLS_X509_FMT_PEM); - - ret = gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE, - GNUTLS_X509_FMT_PEM); - if (ret < 0) - { - printf("No certificate or key were found\n"); - exit(1); - } - - generate_dh_params (); - - gnutls_certificate_set_dh_params (x509_cred, dh_params); - - gnutls_priority_init (&priority_cache, - "PERFORMANCE:-VERS-TLS-ALL:+VERS-DTLS1.0:%SERVER_PRECEDENCE", - NULL); - - gnutls_key_generate (&cookie_key, GNUTLS_COOKIE_KEY_SIZE); - - /* Socket operations - */ - listen_sd = socket (AF_INET, SOCK_DGRAM, 0); - - memset (&sa_serv, '\0', sizeof (sa_serv)); - sa_serv.sin_family = AF_INET; - sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); - - { /* DTLS requires the IP don't fragment (DF) bit to be set */ -#if defined(IP_DONTFRAG) - int optval = 1; - setsockopt (listen_sd, IPPROTO_IP, IP_DONTFRAG, - (const void *) &optval, sizeof (optval)); -#elif defined(IP_MTU_DISCOVER) - int optval = IP_PMTUDISC_DO; - setsockopt(listen_sd, IPPROTO_IP, IP_MTU_DISCOVER, - (const void*) &optval, sizeof (optval)); -#endif - } - - bind (listen_sd, (struct sockaddr *) &sa_serv, sizeof (sa_serv)); - - printf ("UDP server ready. Listening to port '%d'.\n\n", PORT); - - for (;;) - { - printf ("Waiting for connection...\n"); - sock = wait_for_connection (listen_sd); - if (sock < 0) - continue; - - cli_addr_size = sizeof (cli_addr); - ret = recvfrom (sock, buffer, sizeof (buffer), MSG_PEEK, - (struct sockaddr *) &cli_addr, &cli_addr_size); - if (ret > 0) - { - memset (&prestate, 0, sizeof (prestate)); - ret = gnutls_dtls_cookie_verify (&cookie_key, &cli_addr, - sizeof (cli_addr), buffer, ret, - &prestate); - if (ret < 0) /* cookie not valid */ - { - priv_data_st s; - - memset (&s, 0, sizeof (s)); - s.fd = sock; - s.cli_addr = (void *) &cli_addr; - s.cli_addr_size = sizeof (cli_addr); - - printf ("Sending hello verify request to %s\n", - human_addr ((struct sockaddr *) &cli_addr, - sizeof (cli_addr), buffer, - sizeof (buffer))); - - gnutls_dtls_cookie_send (&cookie_key, &cli_addr, - sizeof (cli_addr), &prestate, - (gnutls_transport_ptr_t) & s, - push_func); - - /* discard peeked data */ - recvfrom (sock, buffer, sizeof (buffer), 0, - (struct sockaddr *) &cli_addr, &cli_addr_size); - usleep (100); - continue; - } - printf ("Accepted connection from %s\n", - human_addr ((struct sockaddr *) - &cli_addr, sizeof (cli_addr), buffer, - sizeof (buffer))); + int listen_sd; + int sock, ret; + struct sockaddr_in sa_serv; + struct sockaddr_in cli_addr; + socklen_t cli_addr_size; + gnutls_session_t session; + char buffer[MAX_BUFFER]; + priv_data_st priv; + gnutls_datum_t cookie_key; + gnutls_dtls_prestate_st prestate; + int mtu = 1400; + unsigned char sequence[8]; + + /* this must be called once in the program + */ + gnutls_global_init(); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE, + GNUTLS_X509_FMT_PEM); + + ret = + gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE, + KEYFILE, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + printf("No certificate or key were found\n"); + exit(1); } - else - continue; - gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); - gnutls_priority_set (session, priority_cache); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred); + generate_dh_params(); - gnutls_dtls_prestate_set (session, &prestate); - gnutls_dtls_set_mtu (session, mtu); + gnutls_certificate_set_dh_params(x509_cred, dh_params); - priv.session = session; - priv.fd = sock; - priv.cli_addr = (struct sockaddr *) &cli_addr; - priv.cli_addr_size = sizeof (cli_addr); + gnutls_priority_init(&priority_cache, + "PERFORMANCE:-VERS-TLS-ALL:+VERS-DTLS1.0:%SERVER_PRECEDENCE", + NULL); - gnutls_transport_set_ptr (session, &priv); - gnutls_transport_set_push_function (session, push_func); - gnutls_transport_set_pull_function (session, pull_func); - gnutls_transport_set_pull_timeout_function (session, pull_timeout_func); + gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE); - do - { - ret = gnutls_handshake (session); - } - while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); - /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET. - * In that case the MTU should be adjusted. - */ - - if (ret < 0) - { - fprintf (stderr, "Error in handshake(): %s\n", - gnutls_strerror (ret)); - gnutls_deinit (session); - continue; - } + /* Socket operations + */ + listen_sd = socket(AF_INET, SOCK_DGRAM, 0); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); - printf ("- Handshake was completed\n"); - - for (;;) - { - do - { - ret = gnutls_record_recv_seq (session, buffer, MAX_BUFFER, - sequence); - } - while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); - - if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - continue; - } - else if (ret < 0) - { - fprintf (stderr, "Error in recv(): %s\n", - gnutls_strerror (ret)); - break; - } - - if (ret == 0) - { - printf ("EOF\n\n"); - break; - } - - buffer[ret] = 0; - printf ("received[%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x]: %s\n", - sequence[0], sequence[1], sequence[2], sequence[3], - sequence[4], sequence[5], sequence[6], sequence[7], buffer); - - /* reply back */ - ret = gnutls_record_send (session, buffer, ret); - if (ret < 0) - { - fprintf (stderr, "Error in send(): %s\n", - gnutls_strerror (ret)); - break; - } + { /* DTLS requires the IP don't fragment (DF) bit to be set */ +#if defined(IP_DONTFRAG) + int optval = 1; + setsockopt(listen_sd, IPPROTO_IP, IP_DONTFRAG, + (const void *) &optval, sizeof(optval)); +#elif defined(IP_MTU_DISCOVER) + int optval = IP_PMTUDISC_DO; + setsockopt(listen_sd, IPPROTO_IP, IP_MTU_DISCOVER, + (const void *) &optval, sizeof(optval)); +#endif } - gnutls_bye (session, GNUTLS_SHUT_WR); - gnutls_deinit (session); + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + + printf("UDP server ready. Listening to port '%d'.\n\n", PORT); + + for (;;) { + printf("Waiting for connection...\n"); + sock = wait_for_connection(listen_sd); + if (sock < 0) + continue; + + cli_addr_size = sizeof(cli_addr); + ret = recvfrom(sock, buffer, sizeof(buffer), MSG_PEEK, + (struct sockaddr *) &cli_addr, + &cli_addr_size); + if (ret > 0) { + memset(&prestate, 0, sizeof(prestate)); + ret = + gnutls_dtls_cookie_verify(&cookie_key, + &cli_addr, + sizeof(cli_addr), + buffer, ret, + &prestate); + if (ret < 0) { /* cookie not valid */ + priv_data_st s; + + memset(&s, 0, sizeof(s)); + s.fd = sock; + s.cli_addr = (void *) &cli_addr; + s.cli_addr_size = sizeof(cli_addr); + + printf + ("Sending hello verify request to %s\n", + human_addr((struct sockaddr *) + &cli_addr, + sizeof(cli_addr), buffer, + sizeof(buffer))); + + gnutls_dtls_cookie_send(&cookie_key, + &cli_addr, + sizeof(cli_addr), + &prestate, + (gnutls_transport_ptr_t) + & s, push_func); + + /* discard peeked data */ + recvfrom(sock, buffer, sizeof(buffer), 0, + (struct sockaddr *) &cli_addr, + &cli_addr_size); + usleep(100); + continue; + } + printf("Accepted connection from %s\n", + human_addr((struct sockaddr *) + &cli_addr, sizeof(cli_addr), + buffer, sizeof(buffer))); + } else + continue; + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_priority_set(session, priority_cache); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + x509_cred); + + gnutls_dtls_prestate_set(session, &prestate); + gnutls_dtls_set_mtu(session, mtu); + + priv.session = session; + priv.fd = sock; + priv.cli_addr = (struct sockaddr *) &cli_addr; + priv.cli_addr_size = sizeof(cli_addr); + + gnutls_transport_set_ptr(session, &priv); + gnutls_transport_set_push_function(session, push_func); + gnutls_transport_set_pull_function(session, pull_func); + gnutls_transport_set_pull_timeout_function(session, + pull_timeout_func); + + do { + ret = gnutls_handshake(session); + } + while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); + /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET. + * In that case the MTU should be adjusted. + */ + + if (ret < 0) { + fprintf(stderr, "Error in handshake(): %s\n", + gnutls_strerror(ret)); + gnutls_deinit(session); + continue; + } + + printf("- Handshake was completed\n"); + + for (;;) { + do { + ret = + gnutls_record_recv_seq(session, buffer, + MAX_BUFFER, + sequence); + } + while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + continue; + } else if (ret < 0) { + fprintf(stderr, "Error in recv(): %s\n", + gnutls_strerror(ret)); + break; + } + + if (ret == 0) { + printf("EOF\n\n"); + break; + } + + buffer[ret] = 0; + printf + ("received[%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x]: %s\n", + sequence[0], sequence[1], sequence[2], + sequence[3], sequence[4], sequence[5], + sequence[6], sequence[7], buffer); + + /* reply back */ + ret = gnutls_record_send(session, buffer, ret); + if (ret < 0) { + fprintf(stderr, "Error in send(): %s\n", + gnutls_strerror(ret)); + break; + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + gnutls_deinit(session); - } - close (listen_sd); + } + close(listen_sd); - gnutls_certificate_free_credentials (x509_cred); - gnutls_priority_deinit (priority_cache); + gnutls_certificate_free_credentials(x509_cred); + gnutls_priority_deinit(priority_cache); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } -static int -wait_for_connection (int fd) +static int wait_for_connection(int fd) { - fd_set rd, wr; - int n; + fd_set rd, wr; + int n; - FD_ZERO (&rd); - FD_ZERO (&wr); + FD_ZERO(&rd); + FD_ZERO(&wr); - FD_SET (fd, &rd); + FD_SET(fd, &rd); - /* waiting part */ - n = select (fd + 1, &rd, &wr, NULL, NULL); - if (n == -1 && errno == EINTR) - return -1; - if (n < 0) - { - perror ("select()"); - exit (1); - } + /* waiting part */ + n = select(fd + 1, &rd, &wr, NULL, NULL); + if (n == -1 && errno == EINTR) + return -1; + if (n < 0) { + perror("select()"); + exit(1); + } - return fd; + return fd; } /* Wait for data to be received within a timeout period in milliseconds */ -static int -pull_timeout_func (gnutls_transport_ptr_t ptr, unsigned int ms) +static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms) { - fd_set rfds; - struct timeval tv; - priv_data_st *priv = ptr; - struct sockaddr_in cli_addr; - socklen_t cli_addr_size; - int ret; - char c; - - FD_ZERO (&rfds); - FD_SET (priv->fd, &rfds); - - tv.tv_sec = 0; - tv.tv_usec = ms * 1000; - - while(tv.tv_usec >= 1000000) - { - tv.tv_usec -= 1000000; - tv.tv_sec++; - } - - ret = select (priv->fd + 1, &rfds, NULL, NULL, &tv); - - if (ret <= 0) - return ret; - - /* only report ok if the next message is from the peer we expect - * from - */ - cli_addr_size = sizeof (cli_addr); - ret = - recvfrom (priv->fd, &c, 1, MSG_PEEK, (struct sockaddr *) &cli_addr, - &cli_addr_size); - if (ret > 0) - { - if (cli_addr_size == priv->cli_addr_size - && memcmp (&cli_addr, priv->cli_addr, sizeof (cli_addr)) == 0) - return 1; - } - - return 0; + fd_set rfds; + struct timeval tv; + priv_data_st *priv = ptr; + struct sockaddr_in cli_addr; + socklen_t cli_addr_size; + int ret; + char c; + + FD_ZERO(&rfds); + FD_SET(priv->fd, &rfds); + + tv.tv_sec = 0; + tv.tv_usec = ms * 1000; + + while (tv.tv_usec >= 1000000) { + tv.tv_usec -= 1000000; + tv.tv_sec++; + } + + ret = select(priv->fd + 1, &rfds, NULL, NULL, &tv); + + if (ret <= 0) + return ret; + + /* only report ok if the next message is from the peer we expect + * from + */ + cli_addr_size = sizeof(cli_addr); + ret = + recvfrom(priv->fd, &c, 1, MSG_PEEK, + (struct sockaddr *) &cli_addr, &cli_addr_size); + if (ret > 0) { + if (cli_addr_size == priv->cli_addr_size + && memcmp(&cli_addr, priv->cli_addr, + sizeof(cli_addr)) == 0) + return 1; + } + + return 0; } static ssize_t -push_func (gnutls_transport_ptr_t p, const void *data, size_t size) +push_func(gnutls_transport_ptr_t p, const void *data, size_t size) { - priv_data_st *priv = p; + priv_data_st *priv = p; - return sendto (priv->fd, data, size, 0, priv->cli_addr, - priv->cli_addr_size); + return sendto(priv->fd, data, size, 0, priv->cli_addr, + priv->cli_addr_size); } -static ssize_t -pull_func (gnutls_transport_ptr_t p, void *data, size_t size) +static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, size_t size) { - priv_data_st *priv = p; - struct sockaddr_in cli_addr; - socklen_t cli_addr_size; - char buffer[64]; - int ret; - - cli_addr_size = sizeof (cli_addr); - ret = - recvfrom (priv->fd, data, size, 0, (struct sockaddr *) &cli_addr, - &cli_addr_size); - if (ret == -1) - return ret; - - if (cli_addr_size == priv->cli_addr_size - && memcmp (&cli_addr, priv->cli_addr, sizeof (cli_addr)) == 0) - return ret; - - printf ("Denied connection from %s\n", - human_addr ((struct sockaddr *) - &cli_addr, sizeof (cli_addr), buffer, sizeof (buffer))); - - gnutls_transport_set_errno (priv->session, EAGAIN); - return -1; + priv_data_st *priv = p; + struct sockaddr_in cli_addr; + socklen_t cli_addr_size; + char buffer[64]; + int ret; + + cli_addr_size = sizeof(cli_addr); + ret = + recvfrom(priv->fd, data, size, 0, + (struct sockaddr *) &cli_addr, &cli_addr_size); + if (ret == -1) + return ret; + + if (cli_addr_size == priv->cli_addr_size + && memcmp(&cli_addr, priv->cli_addr, sizeof(cli_addr)) == 0) + return ret; + + printf("Denied connection from %s\n", + human_addr((struct sockaddr *) + &cli_addr, sizeof(cli_addr), buffer, + sizeof(buffer))); + + gnutls_transport_set_errno(priv->session, EAGAIN); + return -1; } -static const char * -human_addr (const struct sockaddr *sa, socklen_t salen, - char *buf, size_t buflen) +static const char *human_addr(const struct sockaddr *sa, socklen_t salen, + char *buf, size_t buflen) { - const char *save_buf = buf; - size_t l; + const char *save_buf = buf; + size_t l; - if (!buf || !buflen) - return NULL; + if (!buf || !buflen) + return NULL; - *buf = '\0'; + *buf = '\0'; - switch (sa->sa_family) - { + switch (sa->sa_family) { #if HAVE_IPV6 - case AF_INET6: - snprintf (buf, buflen, "IPv6 "); - break; + case AF_INET6: + snprintf(buf, buflen, "IPv6 "); + break; #endif - case AF_INET: - snprintf (buf, buflen, "IPv4 "); - break; - } + case AF_INET: + snprintf(buf, buflen, "IPv4 "); + break; + } - l = strlen (buf); - buf += l; - buflen -= l; + l = strlen(buf); + buf += l; + buflen -= l; - if (getnameinfo (sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) != 0) - return NULL; + if (getnameinfo(sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) != + 0) + return NULL; - l = strlen (buf); - buf += l; - buflen -= l; + l = strlen(buf); + buf += l; + buflen -= l; - strncat (buf, " port ", buflen); + strncat(buf, " port ", buflen); - l = strlen (buf); - buf += l; - buflen -= l; + l = strlen(buf); + buf += l; + buflen -= l; - if (getnameinfo (sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) != 0) - return NULL; + if (getnameinfo(sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) != + 0) + return NULL; - return save_buf; + return save_buf; } -static int -generate_dh_params (void) +static int generate_dh_params(void) { - int bits = - gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY); + int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, + GNUTLS_SEC_PARAM_LEGACY); - /* Generate Diffie-Hellman parameters - for use with DHE - * kx algorithms. When short bit length is used, it might - * be wise to regenerate parameters often. - */ - gnutls_dh_params_init (&dh_params); - gnutls_dh_params_generate2 (dh_params, bits); + /* Generate Diffie-Hellman parameters - for use with DHE + * kx algorithms. When short bit length is used, it might + * be wise to regenerate parameters often. + */ + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_generate2(dh_params, bits); - return 0; + return 0; } diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c index 78e4c59e1f..b68a6bfec2 100644 --- a/doc/examples/ex-serv-pgp.c +++ b/doc/examples/ex-serv-pgp.c @@ -31,147 +31,144 @@ /* These are global */ gnutls_dh_params_t dh_params; -static int -generate_dh_params (void) +static int generate_dh_params(void) { - unsigned int bits = - gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY); - - /* Generate Diffie-Hellman parameters - for use with DHE - * kx algorithms. These should be discarded and regenerated - * once a day, once a week or once a month. Depending on the - * security requirements. - */ - gnutls_dh_params_init (&dh_params); - gnutls_dh_params_generate2 (dh_params, bits); - - return 0; + unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, + GNUTLS_SEC_PARAM_LEGACY); + + /* Generate Diffie-Hellman parameters - for use with DHE + * kx algorithms. These should be discarded and regenerated + * once a day, once a week or once a month. Depending on the + * security requirements. + */ + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_generate2(dh_params, bits); + + return 0; } -int -main (void) +int main(void) { - int err, listen_sd; - int sd, ret; - struct sockaddr_in sa_serv; - struct sockaddr_in sa_cli; - socklen_t client_len; - char topbuf[512]; - gnutls_session_t session; - gnutls_certificate_credentials_t cred; - char buffer[MAX_BUF + 1]; - int optval = 1; - char name[256]; - - strcpy (name, "Echo Server"); - - /* this must be called once in the program - */ - gnutls_global_init (); - - gnutls_certificate_allocate_credentials (&cred); - gnutls_certificate_set_openpgp_keyring_file (cred, RINGFILE, - GNUTLS_OPENPGP_FMT_BASE64); - - gnutls_certificate_set_openpgp_key_file (cred, CERTFILE, KEYFILE, - GNUTLS_OPENPGP_FMT_BASE64); - - generate_dh_params (); - - gnutls_certificate_set_dh_params (cred, dh_params); - - /* Socket operations - */ - listen_sd = socket (AF_INET, SOCK_STREAM, 0); - SOCKET_ERR (listen_sd, "socket"); - - memset (&sa_serv, '\0', sizeof (sa_serv)); - sa_serv.sin_family = AF_INET; - sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ - - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); - - err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv)); - SOCKET_ERR (err, "bind"); - err = listen (listen_sd, 1024); - SOCKET_ERR (err, "listen"); - - printf ("%s ready. Listening to port '%d'.\n\n", name, PORT); - - client_len = sizeof (sa_cli); - for (;;) - { - gnutls_init (&session, GNUTLS_SERVER); - gnutls_priority_set_direct (session, "NORMAL:+CTYPE-OPENPGP", NULL); - - /* request client certificate if any. - */ - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); - - sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len); - - printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); - - gnutls_transport_set_int (session, sd); - ret = gnutls_handshake (session); - if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - continue; - } - printf ("- Handshake was completed\n"); - - /* see the Getting peer's information example */ - /* print_info(session); */ - - for (;;) - { - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("\n- Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - } - else if (ret < 0) - { - fprintf (stderr, "\n*** Received corrupted " - "data(%d). Closing the connection.\n\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, ret); - } - } - printf ("\n"); - /* do not wait for the peer to close the connection. - */ - gnutls_bye (session, GNUTLS_SHUT_WR); + int err, listen_sd; + int sd, ret; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + socklen_t client_len; + char topbuf[512]; + gnutls_session_t session; + gnutls_certificate_credentials_t cred; + char buffer[MAX_BUF + 1]; + int optval = 1; + char name[256]; + + strcpy(name, "Echo Server"); + + /* this must be called once in the program + */ + gnutls_global_init(); + + gnutls_certificate_allocate_credentials(&cred); + gnutls_certificate_set_openpgp_keyring_file(cred, RINGFILE, + GNUTLS_OPENPGP_FMT_BASE64); + + gnutls_certificate_set_openpgp_key_file(cred, CERTFILE, KEYFILE, + GNUTLS_OPENPGP_FMT_BASE64); + + generate_dh_params(); + + gnutls_certificate_set_dh_params(cred, dh_params); + + /* Socket operations + */ + listen_sd = socket(AF_INET, SOCK_STREAM, 0); + SOCKET_ERR(listen_sd, "socket"); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); /* Server Port number */ + + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof(int)); + + err = + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + SOCKET_ERR(err, "bind"); + err = listen(listen_sd, 1024); + SOCKET_ERR(err, "listen"); + + printf("%s ready. Listening to port '%d'.\n\n", name, PORT); + + client_len = sizeof(sa_cli); + for (;;) { + gnutls_init(&session, GNUTLS_SERVER); + gnutls_priority_set_direct(session, + "NORMAL:+CTYPE-OPENPGP", NULL); + + /* request client certificate if any. + */ + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_REQUEST); + + sd = accept(listen_sd, (struct sockaddr *) &sa_cli, + &client_len); + + printf("- connection from %s, port %d\n", + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, + sizeof(topbuf)), ntohs(sa_cli.sin_port)); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fprintf(stderr, + "*** Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + continue; + } + printf("- Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + printf + ("\n- Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0 + && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", + ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, ret); + } + } + printf("\n"); + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); - close (sd); - gnutls_deinit (session); - - } - close (listen_sd); + } + close(listen_sd); - gnutls_certificate_free_credentials (cred); + gnutls_certificate_free_credentials(cred); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c index 2e025ca9ca..7244787619 100644 --- a/doc/examples/ex-serv-psk.c +++ b/doc/examples/ex-serv-psk.c @@ -32,180 +32,179 @@ /* These are global */ static gnutls_dh_params_t dh_params; -static int -generate_dh_params (void) +static int generate_dh_params(void) { - /* Generate Diffie-Hellman parameters - for use with DHE - * kx algorithms. When short bit length is used, it might - * be wise to regenerate parameters. - * - * Check the ex-serv-export.c example for using static - * parameters. - */ - gnutls_dh_params_init (&dh_params); - gnutls_dh_params_generate2 (dh_params, DH_BITS); - - return 0; + /* Generate Diffie-Hellman parameters - for use with DHE + * kx algorithms. When short bit length is used, it might + * be wise to regenerate parameters. + * + * Check the ex-serv-export.c example for using static + * parameters. + */ + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_generate2(dh_params, DH_BITS); + + return 0; } static int -pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key) +pskfunc(gnutls_session_t session, const char *username, + gnutls_datum_t * key) { - printf ("psk: username %s\n", username); - key->data = gnutls_malloc (4); - key->data[0] = 0xDE; - key->data[1] = 0xAD; - key->data[2] = 0xBE; - key->data[3] = 0xEF; - key->size = 4; - return 0; + printf("psk: username %s\n", username); + key->data = gnutls_malloc(4); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; } -int -main (void) +int main(void) { - int err, listen_sd; - int sd, ret; - struct sockaddr_in sa_serv; - struct sockaddr_in sa_cli; - socklen_t client_len; - char topbuf[512]; - gnutls_session_t session; - gnutls_certificate_credentials_t x509_cred; - gnutls_psk_server_credentials_t psk_cred; - gnutls_priority_t priority_cache; - char buffer[MAX_BUF + 1]; - int optval = 1; - int kx; - - /* this must be called once in the program - */ - gnutls_global_init (); - - gnutls_certificate_allocate_credentials (&x509_cred); - gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE, - GNUTLS_X509_FMT_PEM); - - gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE, - GNUTLS_X509_FMT_PEM); - - gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE, - GNUTLS_X509_FMT_PEM); - - gnutls_psk_allocate_server_credentials (&psk_cred); - gnutls_psk_set_server_credentials_function (psk_cred, pskfunc); - - generate_dh_params (); - - gnutls_priority_init (&priority_cache, "NORMAL:+PSK:+ECDHE-PSK:+DHE-PSK", NULL); - - gnutls_certificate_set_dh_params (x509_cred, dh_params); - - /* Socket operations - */ - listen_sd = socket (AF_INET, SOCK_STREAM, 0); - SOCKET_ERR (listen_sd, "socket"); - - memset (&sa_serv, '\0', sizeof (sa_serv)); - sa_serv.sin_family = AF_INET; - sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ - - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); - - err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv)); - SOCKET_ERR (err, "bind"); - err = listen (listen_sd, 1024); - SOCKET_ERR (err, "listen"); - - printf ("Server ready. Listening to port '%d'.\n\n", PORT); - - client_len = sizeof (sa_cli); - for (;;) - { - gnutls_init (&session, GNUTLS_SERVER); - gnutls_priority_set (session, priority_cache); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred); - gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred); - - /* request client certificate if any. - */ - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); - - sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len); - - printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); - - gnutls_transport_set_int (session, sd); - ret = gnutls_handshake (session); - if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - continue; - } - printf ("- Handshake was completed\n"); - - kx = gnutls_kx_get(session); - if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK || - kx == GNUTLS_KX_ECDHE_PSK) - { - printf("- User %s was connected\n", gnutls_psk_server_get_username(session)); - } + int err, listen_sd; + int sd, ret; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + socklen_t client_len; + char topbuf[512]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_psk_server_credentials_t psk_cred; + gnutls_priority_t priority_cache; + char buffer[MAX_BUF + 1]; + int optval = 1; + int kx; + + /* this must be called once in the program + */ + gnutls_global_init(); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE, KEYFILE, + GNUTLS_X509_FMT_PEM); + + gnutls_psk_allocate_server_credentials(&psk_cred); + gnutls_psk_set_server_credentials_function(psk_cred, pskfunc); + + generate_dh_params(); + + gnutls_priority_init(&priority_cache, + "NORMAL:+PSK:+ECDHE-PSK:+DHE-PSK", NULL); + + gnutls_certificate_set_dh_params(x509_cred, dh_params); + + /* Socket operations + */ + listen_sd = socket(AF_INET, SOCK_STREAM, 0); + SOCKET_ERR(listen_sd, "socket"); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); /* Server Port number */ + + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof(int)); + + err = + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + SOCKET_ERR(err, "bind"); + err = listen(listen_sd, 1024); + SOCKET_ERR(err, "listen"); + + printf("Server ready. Listening to port '%d'.\n\n", PORT); + + client_len = sizeof(sa_cli); + for (;;) { + gnutls_init(&session, GNUTLS_SERVER); + gnutls_priority_set(session, priority_cache); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + x509_cred); + gnutls_credentials_set(session, GNUTLS_CRD_PSK, psk_cred); + + /* request client certificate if any. + */ + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_REQUEST); + + sd = accept(listen_sd, (struct sockaddr *) &sa_cli, + &client_len); + + printf("- connection from %s, port %d\n", + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, + sizeof(topbuf)), ntohs(sa_cli.sin_port)); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fprintf(stderr, + "*** Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + continue; + } + printf("- Handshake was completed\n"); + + kx = gnutls_kx_get(session); + if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK || + kx == GNUTLS_KX_ECDHE_PSK) { + printf("- User %s was connected\n", + gnutls_psk_server_get_username(session)); + } + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + printf + ("\n- Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0 + && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", + ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, ret); + } + } + printf("\n"); + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); - /* see the Getting peer's information example */ - /* print_info(session); */ - - for (;;) - { - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("\n- Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - } - else if (ret < 0) - { - fprintf (stderr, "\n*** Received corrupted " - "data(%d). Closing the connection.\n\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, ret); - } } - printf ("\n"); - /* do not wait for the peer to close the connection. - */ - gnutls_bye (session, GNUTLS_SHUT_WR); - - close (sd); - gnutls_deinit (session); - - } - close (listen_sd); + close(listen_sd); - gnutls_certificate_free_credentials (x509_cred); - gnutls_psk_free_server_credentials (psk_cred); + gnutls_certificate_free_credentials(x509_cred); + gnutls_psk_free_server_credentials(psk_cred); - gnutls_priority_deinit (priority_cache); + gnutls_priority_deinit(priority_cache); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c index 3a95edd172..44b0a711ad 100644 --- a/doc/examples/ex-serv-srp.c +++ b/doc/examples/ex-serv-srp.c @@ -29,141 +29,140 @@ #define MAX_BUF 1024 #define PORT 5556 /* listen to 5556 port */ -int -main (void) +int main(void) { - int err, listen_sd; - int sd, ret; - struct sockaddr_in sa_serv; - struct sockaddr_in sa_cli; - socklen_t client_len; - char topbuf[512]; - gnutls_session_t session; - gnutls_srp_server_credentials_t srp_cred; - gnutls_certificate_credentials_t cert_cred; - char buffer[MAX_BUF + 1]; - int optval = 1; - char name[256]; - - strcpy (name, "Echo Server"); - - gnutls_global_init (); - - /* SRP_PASSWD a password file (created with the included srptool utility) - */ - gnutls_srp_allocate_server_credentials (&srp_cred); - gnutls_srp_set_server_credentials_file (srp_cred, SRP_PASSWD, - SRP_PASSWD_CONF); - - gnutls_certificate_allocate_credentials (&cert_cred); - gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE, - GNUTLS_X509_FMT_PEM); - gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE, KEYFILE, - GNUTLS_X509_FMT_PEM); - - /* TCP socket operations - */ - listen_sd = socket (AF_INET, SOCK_STREAM, 0); - SOCKET_ERR (listen_sd, "socket"); - - memset (&sa_serv, '\0', sizeof (sa_serv)); - sa_serv.sin_family = AF_INET; - sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ - - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); - - err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv)); - SOCKET_ERR (err, "bind"); - err = listen (listen_sd, 1024); - SOCKET_ERR (err, "listen"); - - printf ("%s ready. Listening to port '%d'.\n\n", name, PORT); - - client_len = sizeof (sa_cli); - for (;;) - { - gnutls_init (&session, GNUTLS_SERVER); - gnutls_priority_set_direct (session, - "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA", NULL); - gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred); - /* for the certificate authenticated ciphersuites. - */ - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred); - - /* request client certificate if any. - */ - gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE); - - sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len); - - printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); - - gnutls_transport_set_int (session, sd); - - do - { - ret = gnutls_handshake (session); - } - while (ret < 0 && gnutls_error_is_fatal (ret) == 0); - - if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - continue; - } - printf ("- Handshake was completed\n"); - printf ("- User %s was connected\n", gnutls_srp_server_get_username(session)); - - /* print_info(session); */ - - for (;;) - { - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("\n- Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - } - else if (ret < 0) - { - fprintf (stderr, "\n*** Received corrupted " - "data(%d). Closing the connection.\n\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, ret); - } - } - printf ("\n"); - /* do not wait for the peer to close the connection. */ - gnutls_bye (session, GNUTLS_SHUT_WR); + int err, listen_sd; + int sd, ret; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + socklen_t client_len; + char topbuf[512]; + gnutls_session_t session; + gnutls_srp_server_credentials_t srp_cred; + gnutls_certificate_credentials_t cert_cred; + char buffer[MAX_BUF + 1]; + int optval = 1; + char name[256]; + + strcpy(name, "Echo Server"); + + gnutls_global_init(); + + /* SRP_PASSWD a password file (created with the included srptool utility) + */ + gnutls_srp_allocate_server_credentials(&srp_cred); + gnutls_srp_set_server_credentials_file(srp_cred, SRP_PASSWD, + SRP_PASSWD_CONF); + + gnutls_certificate_allocate_credentials(&cert_cred); + gnutls_certificate_set_x509_trust_file(cert_cred, CAFILE, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_key_file(cert_cred, CERTFILE, KEYFILE, + GNUTLS_X509_FMT_PEM); + + /* TCP socket operations + */ + listen_sd = socket(AF_INET, SOCK_STREAM, 0); + SOCKET_ERR(listen_sd, "socket"); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); /* Server Port number */ + + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof(int)); + + err = + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + SOCKET_ERR(err, "bind"); + err = listen(listen_sd, 1024); + SOCKET_ERR(err, "listen"); + + printf("%s ready. Listening to port '%d'.\n\n", name, PORT); + + client_len = sizeof(sa_cli); + for (;;) { + gnutls_init(&session, GNUTLS_SERVER); + gnutls_priority_set_direct(session, + "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA", + NULL); + gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); + /* for the certificate authenticated ciphersuites. + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + cert_cred); + + /* request client certificate if any. + */ + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_IGNORE); + + sd = accept(listen_sd, (struct sockaddr *) &sa_cli, + &client_len); + + printf("- connection from %s, port %d\n", + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, + sizeof(topbuf)), ntohs(sa_cli.sin_port)); + + gnutls_transport_set_int(session, sd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fprintf(stderr, + "*** Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + continue; + } + printf("- Handshake was completed\n"); + printf("- User %s was connected\n", + gnutls_srp_server_get_username(session)); + + /* print_info(session); */ + + for (;;) { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + printf + ("\n- Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0 + && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", + ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, ret); + } + } + printf("\n"); + /* do not wait for the peer to close the connection. */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); - close (sd); - gnutls_deinit (session); - - } - close (listen_sd); + } + close(listen_sd); - gnutls_srp_free_server_credentials (srp_cred); - gnutls_certificate_free_credentials (cert_cred); + gnutls_srp_free_server_credentials(srp_cred); + gnutls_certificate_free_credentials(cert_cred); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } diff --git a/doc/examples/ex-serv-x509.c b/doc/examples/ex-serv-x509.c index 2060f80a8b..bc5b371877 100644 --- a/doc/examples/ex-serv-x509.c +++ b/doc/examples/ex-serv-x509.c @@ -38,165 +38,164 @@ /* These are global */ static gnutls_dh_params_t dh_params; -static int -generate_dh_params (void) +static int generate_dh_params(void) { - unsigned int bits = - gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY); + unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, + GNUTLS_SEC_PARAM_LEGACY); - /* Generate Diffie-Hellman parameters - for use with DHE - * kx algorithms. When short bit length is used, it might - * be wise to regenerate parameters often. - */ - gnutls_dh_params_init (&dh_params); - gnutls_dh_params_generate2 (dh_params, bits); + /* Generate Diffie-Hellman parameters - for use with DHE + * kx algorithms. When short bit length is used, it might + * be wise to regenerate parameters often. + */ + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_generate2(dh_params, bits); - return 0; + return 0; } -int -main (void) +int main(void) { - int listen_sd; - int sd, ret; - gnutls_certificate_credentials_t x509_cred; - gnutls_priority_t priority_cache; - struct sockaddr_in sa_serv; - struct sockaddr_in sa_cli; - socklen_t client_len; - char topbuf[512]; - gnutls_session_t session; - char buffer[MAX_BUF + 1]; - int optval = 1; - - /* this must be called once in the program - */ - gnutls_global_init (); - - gnutls_certificate_allocate_credentials (&x509_cred); - /* gnutls_certificate_set_x509_system_trust(xcred); */ - gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE, - GNUTLS_X509_FMT_PEM); - - gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE, - GNUTLS_X509_FMT_PEM); - - ret = gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE, - GNUTLS_X509_FMT_PEM); - if (ret < 0) - { - printf("No certificate or key were found\n"); - exit(1); - } - - /* loads an OCSP status request if available */ - gnutls_certificate_set_ocsp_status_request_file(x509_cred, OCSP_STATUS_FILE, 0); - - generate_dh_params (); - - gnutls_priority_init (&priority_cache, "PERFORMANCE:%SERVER_PRECEDENCE", NULL); - - - gnutls_certificate_set_dh_params (x509_cred, dh_params); - - /* Socket operations - */ - listen_sd = socket (AF_INET, SOCK_STREAM, 0); - - memset (&sa_serv, '\0', sizeof (sa_serv)); - sa_serv.sin_family = AF_INET; - sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ - - setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); - - bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv)); - - listen (listen_sd, 1024); - - printf ("Server ready. Listening to port '%d'.\n\n", PORT); - - client_len = sizeof (sa_cli); - for (;;) - { - gnutls_init (&session, GNUTLS_SERVER); - gnutls_priority_set (session, priority_cache); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred); - /* We don't request any certificate from the client. - * If we did we would need to verify it. - */ - gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE); - - sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len); - - printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); - - gnutls_transport_set_int (session, sd); - - do - { - ret = gnutls_handshake (session); - } - while (ret < 0 && gnutls_error_is_fatal (ret) == 0); - - if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - continue; + int listen_sd; + int sd, ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_priority_t priority_cache; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + socklen_t client_len; + char topbuf[512]; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + int optval = 1; + + /* this must be called once in the program + */ + gnutls_global_init(); + + gnutls_certificate_allocate_credentials(&x509_cred); + /* gnutls_certificate_set_x509_system_trust(xcred); */ + gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE, + GNUTLS_X509_FMT_PEM); + + ret = + gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE, + KEYFILE, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + printf("No certificate or key were found\n"); + exit(1); } - printf ("- Handshake was completed\n"); - - /* see the Getting peer's information example */ - /* print_info(session); */ - - for (;;) - { - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("\n- Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret)); - } - else if (ret < 0) - { - fprintf (stderr, "\n*** Received corrupted " - "data(%d). Closing the connection.\n\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, ret); - } - } - printf ("\n"); - /* do not wait for the peer to close the connection. - */ - gnutls_bye (session, GNUTLS_SHUT_WR); - close (sd); - gnutls_deinit (session); + /* loads an OCSP status request if available */ + gnutls_certificate_set_ocsp_status_request_file(x509_cred, + OCSP_STATUS_FILE, + 0); + + generate_dh_params(); + + gnutls_priority_init(&priority_cache, + "PERFORMANCE:%SERVER_PRECEDENCE", NULL); + + + gnutls_certificate_set_dh_params(x509_cred, dh_params); + + /* Socket operations + */ + listen_sd = socket(AF_INET, SOCK_STREAM, 0); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); /* Server Port number */ + + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof(int)); + + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + + listen(listen_sd, 1024); + + printf("Server ready. Listening to port '%d'.\n\n", PORT); + + client_len = sizeof(sa_cli); + for (;;) { + gnutls_init(&session, GNUTLS_SERVER); + gnutls_priority_set(session, priority_cache); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + x509_cred); + /* We don't request any certificate from the client. + * If we did we would need to verify it. + */ + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_IGNORE); + + sd = accept(listen_sd, (struct sockaddr *) &sa_cli, + &client_len); + + printf("- connection from %s, port %d\n", + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, + sizeof(topbuf)), ntohs(sa_cli.sin_port)); + + gnutls_transport_set_int(session, sd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fprintf(stderr, + "*** Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + continue; + } + printf("- Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + printf + ("\n- Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0 + && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", + ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, ret); + } + } + printf("\n"); + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); - } - close (listen_sd); + } + close(listen_sd); - gnutls_certificate_free_credentials (x509_cred); - gnutls_priority_deinit (priority_cache); + gnutls_certificate_free_credentials(x509_cred); + gnutls_priority_deinit(priority_cache); - gnutls_global_deinit (); + gnutls_global_deinit(); - return 0; + return 0; } diff --git a/doc/examples/ex-session-info.c b/doc/examples/ex-session-info.c index e5f0b545e7..7838e43105 100644 --- a/doc/examples/ex-session-info.c +++ b/doc/examples/ex-session-info.c @@ -14,119 +14,121 @@ /* This function will print some details of the * given session. */ -int -print_info (gnutls_session_t session) +int print_info(gnutls_session_t session) { - const char *tmp; - gnutls_credentials_type_t cred; - gnutls_kx_algorithm_t kx; - int dhe, ecdh; - - dhe = ecdh = 0; - - /* print the key exchange's algorithm name - */ - kx = gnutls_kx_get (session); - tmp = gnutls_kx_get_name (kx); - printf ("- Key Exchange: %s\n", tmp); - - /* Check the authentication type used and switch - * to the appropriate. - */ - cred = gnutls_auth_get_type (session); - switch (cred) - { - case GNUTLS_CRD_IA: - printf ("- TLS/IA session\n"); - break; + const char *tmp; + gnutls_credentials_type_t cred; + gnutls_kx_algorithm_t kx; + int dhe, ecdh; + + dhe = ecdh = 0; + + /* print the key exchange's algorithm name + */ + kx = gnutls_kx_get(session); + tmp = gnutls_kx_get_name(kx); + printf("- Key Exchange: %s\n", tmp); + + /* Check the authentication type used and switch + * to the appropriate. + */ + cred = gnutls_auth_get_type(session); + switch (cred) { + case GNUTLS_CRD_IA: + printf("- TLS/IA session\n"); + break; #ifdef ENABLE_SRP - case GNUTLS_CRD_SRP: - printf ("- SRP session with username %s\n", - gnutls_srp_server_get_username (session)); - break; + case GNUTLS_CRD_SRP: + printf("- SRP session with username %s\n", + gnutls_srp_server_get_username(session)); + break; #endif - case GNUTLS_CRD_PSK: - /* This returns NULL in server side. - */ - if (gnutls_psk_client_get_hint (session) != NULL) - printf ("- PSK authentication. PSK hint '%s'\n", - gnutls_psk_client_get_hint (session)); - /* This returns NULL in client side. - */ - if (gnutls_psk_server_get_username (session) != NULL) - printf ("- PSK authentication. Connected as '%s'\n", - gnutls_psk_server_get_username (session)); - - if (kx == GNUTLS_KX_ECDHE_PSK) - ecdh = 1; - else if (kx == GNUTLS_KX_DHE_PSK) - dhe = 1; - break; - - case GNUTLS_CRD_ANON: /* anonymous authentication */ - - printf ("- Anonymous authentication.\n"); - if (kx == GNUTLS_KX_ANON_ECDH) - ecdh = 1; - else if (kx == GNUTLS_KX_ANON_DH) - dhe = 1; - break; - - case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */ - - /* Check if we have been using ephemeral Diffie-Hellman. - */ - if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) - dhe = 1; - else if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA) - ecdh = 1; - - /* if the certificate list is available, then - * print some information about it. - */ - print_x509_certificate_info (session); - - } /* switch */ - - if (ecdh != 0) - printf ("- Ephemeral ECDH using curve %s\n", - gnutls_ecc_curve_get_name (gnutls_ecc_curve_get (session))); - else if (dhe != 0) - printf ("- Ephemeral DH using prime of %d bits\n", - gnutls_dh_get_prime_bits (session)); - - /* print the protocol's name (ie TLS 1.0) - */ - tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session)); - printf ("- Protocol: %s\n", tmp); - - /* print the certificate type of the peer. - * ie X.509 - */ - tmp = - gnutls_certificate_type_get_name (gnutls_certificate_type_get (session)); - - printf ("- Certificate Type: %s\n", tmp); - - /* print the compression algorithm (if any) - */ - tmp = gnutls_compression_get_name (gnutls_compression_get (session)); - printf ("- Compression: %s\n", tmp); - - /* print the name of the cipher used. - * ie 3DES. - */ - tmp = gnutls_cipher_get_name (gnutls_cipher_get (session)); - printf ("- Cipher: %s\n", tmp); - - /* Print the MAC algorithms name. - * ie SHA1 - */ - tmp = gnutls_mac_get_name (gnutls_mac_get (session)); - printf ("- MAC: %s\n", tmp); - - return 0; + case GNUTLS_CRD_PSK: + /* This returns NULL in server side. + */ + if (gnutls_psk_client_get_hint(session) != NULL) + printf("- PSK authentication. PSK hint '%s'\n", + gnutls_psk_client_get_hint(session)); + /* This returns NULL in client side. + */ + if (gnutls_psk_server_get_username(session) != NULL) + printf("- PSK authentication. Connected as '%s'\n", + gnutls_psk_server_get_username(session)); + + if (kx == GNUTLS_KX_ECDHE_PSK) + ecdh = 1; + else if (kx == GNUTLS_KX_DHE_PSK) + dhe = 1; + break; + + case GNUTLS_CRD_ANON: /* anonymous authentication */ + + printf("- Anonymous authentication.\n"); + if (kx == GNUTLS_KX_ANON_ECDH) + ecdh = 1; + else if (kx == GNUTLS_KX_ANON_DH) + dhe = 1; + break; + + case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */ + + /* Check if we have been using ephemeral Diffie-Hellman. + */ + if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) + dhe = 1; + else if (kx == GNUTLS_KX_ECDHE_RSA + || kx == GNUTLS_KX_ECDHE_ECDSA) + ecdh = 1; + + /* if the certificate list is available, then + * print some information about it. + */ + print_x509_certificate_info(session); + + } /* switch */ + + if (ecdh != 0) + printf("- Ephemeral ECDH using curve %s\n", + gnutls_ecc_curve_get_name(gnutls_ecc_curve_get + (session))); + else if (dhe != 0) + printf("- Ephemeral DH using prime of %d bits\n", + gnutls_dh_get_prime_bits(session)); + + /* print the protocol's name (ie TLS 1.0) + */ + tmp = + gnutls_protocol_get_name(gnutls_protocol_get_version(session)); + printf("- Protocol: %s\n", tmp); + + /* print the certificate type of the peer. + * ie X.509 + */ + tmp = + gnutls_certificate_type_get_name(gnutls_certificate_type_get + (session)); + + printf("- Certificate Type: %s\n", tmp); + + /* print the compression algorithm (if any) + */ + tmp = gnutls_compression_get_name(gnutls_compression_get(session)); + printf("- Compression: %s\n", tmp); + + /* print the name of the cipher used. + * ie 3DES. + */ + tmp = gnutls_cipher_get_name(gnutls_cipher_get(session)); + printf("- Cipher: %s\n", tmp); + + /* Print the MAC algorithms name. + * ie SHA1 + */ + tmp = gnutls_mac_get_name(gnutls_mac_get(session)); + printf("- MAC: %s\n", tmp); + + return 0; } diff --git a/doc/examples/ex-verify-ssh.c b/doc/examples/ex-verify-ssh.c index 474a3e6d1f..1bc0bfae72 100644 --- a/doc/examples/ex-verify-ssh.c +++ b/doc/examples/ex-verify-ssh.c @@ -16,97 +16,95 @@ * SSH-style authentication, where ultimately trusted keys * are only the keys that have been seen before. */ -int -_ssh_verify_certificate_callback (gnutls_session_t session) +int _ssh_verify_certificate_callback(gnutls_session_t session) { - unsigned int status; - const gnutls_datum_t *cert_list; - unsigned int cert_list_size; - int ret, type; - gnutls_datum_t out; - const char *hostname; - - /* read hostname */ - hostname = gnutls_session_get_ptr (session); - - /* This verification function uses the trusted CAs in the credentials - * structure. So you must have installed one or more CA certificates. - */ - ret = gnutls_certificate_verify_peers3 (session, hostname, &status); - if (ret < 0) - { - printf ("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - type = gnutls_certificate_type_get (session); - - ret = gnutls_certificate_verification_status_print( status, type, &out, 0); - if (ret < 0) - { - printf ("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - printf ("%s", out.data); - - gnutls_free(out.data); - - if (status != 0) /* Certificate is not trusted */ - return GNUTLS_E_CERTIFICATE_ERROR; - - /* Do SSH verification */ - cert_list = gnutls_certificate_get_peers (session, &cert_list_size); - if (cert_list == NULL) - { - printf ("No certificate was found!\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - /* service may be obtained alternatively using getservbyport() */ - ret = gnutls_verify_stored_pubkey(NULL, NULL, hostname, "https", - type, &cert_list[0], 0); - if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) - { - printf("Host %s is not known.", hostname); - if (status == 0) - printf("Its certificate is valid for %s.\n", hostname); - - /* the certificate must be printed and user must be asked on - * whether it is trustworthy. --see gnutls_x509_crt_print() */ - - /* if not trusted */ - return GNUTLS_E_CERTIFICATE_ERROR; - } - else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) - { - printf("Warning: host %s is known but has another key associated.", hostname); - printf("It might be that the server has multiple keys, or you are under attack\n"); - if (status == 0) - printf("Its certificate is valid for %s.\n", hostname); - - /* the certificate must be printed and user must be asked on - * whether it is trustworthy. --see gnutls_x509_crt_print() */ - - /* if not trusted */ - return GNUTLS_E_CERTIFICATE_ERROR; - } - else if (ret < 0) - { - printf("gnutls_verify_stored_pubkey: %s\n", gnutls_strerror(ret)); - return ret; - } - - /* user trusts the key -> store it */ - if (ret != 0) - { - ret = gnutls_store_pubkey(NULL, NULL, hostname, "https", - type, &cert_list[0], 0, 0); - if (ret < 0) - printf("gnutls_store_pubkey: %s\n", gnutls_strerror(ret)); - } - - /* notify gnutls to continue handshake normally */ - return 0; -} + unsigned int status; + const gnutls_datum_t *cert_list; + unsigned int cert_list_size; + int ret, type; + gnutls_datum_t out; + const char *hostname; + + /* read hostname */ + hostname = gnutls_session_get_ptr(session); + + /* This verification function uses the trusted CAs in the credentials + * structure. So you must have installed one or more CA certificates. + */ + ret = gnutls_certificate_verify_peers3(session, hostname, &status); + if (ret < 0) { + printf("Error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + type = gnutls_certificate_type_get(session); + + ret = + gnutls_certificate_verification_status_print(status, type, + &out, 0); + if (ret < 0) { + printf("Error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + printf("%s", out.data); + + gnutls_free(out.data); + + if (status != 0) /* Certificate is not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + /* Do SSH verification */ + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); + if (cert_list == NULL) { + printf("No certificate was found!\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + /* service may be obtained alternatively using getservbyport() */ + ret = gnutls_verify_stored_pubkey(NULL, NULL, hostname, "https", + type, &cert_list[0], 0); + if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) { + printf("Host %s is not known.", hostname); + if (status == 0) + printf("Its certificate is valid for %s.\n", + hostname); + + /* the certificate must be printed and user must be asked on + * whether it is trustworthy. --see gnutls_x509_crt_print() */ + + /* if not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + } else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { + printf + ("Warning: host %s is known but has another key associated.", + hostname); + printf + ("It might be that the server has multiple keys, or you are under attack\n"); + if (status == 0) + printf("Its certificate is valid for %s.\n", + hostname); + + /* the certificate must be printed and user must be asked on + * whether it is trustworthy. --see gnutls_x509_crt_print() */ + + /* if not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + } else if (ret < 0) { + printf("gnutls_verify_stored_pubkey: %s\n", + gnutls_strerror(ret)); + return ret; + } + + /* user trusts the key -> store it */ + if (ret != 0) { + ret = gnutls_store_pubkey(NULL, NULL, hostname, "https", + type, &cert_list[0], 0, 0); + if (ret < 0) + printf("gnutls_store_pubkey: %s\n", + gnutls_strerror(ret)); + } + + /* notify gnutls to continue handshake normally */ + return 0; +} diff --git a/doc/examples/ex-verify.c b/doc/examples/ex-verify.c index 0d52429e3a..45618b9fe9 100644 --- a/doc/examples/ex-verify.c +++ b/doc/examples/ex-verify.c @@ -22,126 +22,129 @@ int crl_list_size; gnutls_x509_crt_t *ca_list; int ca_list_size; -static int print_details_func (gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer, - gnutls_x509_crl_t crl, - unsigned int verification_output); +static int print_details_func(gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer, + gnutls_x509_crl_t crl, + unsigned int verification_output); /* This function will try to verify the peer's certificate chain, and * also check if the hostname matches. */ void -verify_certificate_chain (const char *hostname, - const gnutls_datum_t * cert_chain, - int cert_chain_length) +verify_certificate_chain(const char *hostname, + const gnutls_datum_t * cert_chain, + int cert_chain_length) { - int i; - gnutls_x509_trust_list_t tlist; - gnutls_x509_crt_t *cert; - - unsigned int output; - - /* Initialize the trusted certificate list. This should be done - * once on initialization. gnutls_x509_crt_list_import2() and - * gnutls_x509_crl_list_import2() can be used to load them. - */ - gnutls_x509_trust_list_init (&tlist, 0); - - gnutls_x509_trust_list_add_cas (tlist, ca_list, ca_list_size, 0); - gnutls_x509_trust_list_add_crls (tlist, crl_list, crl_list_size, - GNUTLS_TL_VERIFY_CRL, 0); - - cert = malloc (sizeof (*cert) * cert_chain_length); - - /* Import all the certificates in the chain to - * native certificate format. - */ - for (i = 0; i < cert_chain_length; i++) - { - gnutls_x509_crt_init (&cert[i]); - gnutls_x509_crt_import (cert[i], &cert_chain[i], GNUTLS_X509_FMT_DER); - } - - gnutls_x509_trust_list_verify_named_crt (tlist, cert[0], hostname, - strlen (hostname), - GNUTLS_VERIFY_DISABLE_CRL_CHECKS, - &output, print_details_func); - - /* if this certificate is not explicitly trusted verify against CAs - */ - if (output != 0) - { - gnutls_x509_trust_list_verify_crt (tlist, cert, cert_chain_length, 0, - &output, print_details_func); - } - - if (output & GNUTLS_CERT_INVALID) - { - fprintf (stderr, "Not trusted"); - - if (output & GNUTLS_CERT_SIGNER_NOT_FOUND) - fprintf (stderr, ": no issuer was found"); - if (output & GNUTLS_CERT_SIGNER_NOT_CA) - fprintf (stderr, ": issuer is not a CA"); - if (output & GNUTLS_CERT_NOT_ACTIVATED) - fprintf (stderr, ": not yet activated\n"); - if (output & GNUTLS_CERT_EXPIRED) - fprintf (stderr, ": expired\n"); - - fprintf (stderr, "\n"); - } - else - fprintf (stderr, "Trusted\n"); - - /* Check if the name in the first certificate matches our destination! - */ - if (!gnutls_x509_crt_check_hostname (cert[0], hostname)) - { - printf ("The certificate's owner does not match hostname '%s'\n", - hostname); - } - - gnutls_x509_trust_list_deinit (tlist, 1); - - return; + int i; + gnutls_x509_trust_list_t tlist; + gnutls_x509_crt_t *cert; + + unsigned int output; + + /* Initialize the trusted certificate list. This should be done + * once on initialization. gnutls_x509_crt_list_import2() and + * gnutls_x509_crl_list_import2() can be used to load them. + */ + gnutls_x509_trust_list_init(&tlist, 0); + + gnutls_x509_trust_list_add_cas(tlist, ca_list, ca_list_size, 0); + gnutls_x509_trust_list_add_crls(tlist, crl_list, crl_list_size, + GNUTLS_TL_VERIFY_CRL, 0); + + cert = malloc(sizeof(*cert) * cert_chain_length); + + /* Import all the certificates in the chain to + * native certificate format. + */ + for (i = 0; i < cert_chain_length; i++) { + gnutls_x509_crt_init(&cert[i]); + gnutls_x509_crt_import(cert[i], &cert_chain[i], + GNUTLS_X509_FMT_DER); + } + + gnutls_x509_trust_list_verify_named_crt(tlist, cert[0], hostname, + strlen(hostname), + GNUTLS_VERIFY_DISABLE_CRL_CHECKS, + &output, + print_details_func); + + /* if this certificate is not explicitly trusted verify against CAs + */ + if (output != 0) { + gnutls_x509_trust_list_verify_crt(tlist, cert, + cert_chain_length, 0, + &output, + print_details_func); + } + + if (output & GNUTLS_CERT_INVALID) { + fprintf(stderr, "Not trusted"); + + if (output & GNUTLS_CERT_SIGNER_NOT_FOUND) + fprintf(stderr, ": no issuer was found"); + if (output & GNUTLS_CERT_SIGNER_NOT_CA) + fprintf(stderr, ": issuer is not a CA"); + if (output & GNUTLS_CERT_NOT_ACTIVATED) + fprintf(stderr, ": not yet activated\n"); + if (output & GNUTLS_CERT_EXPIRED) + fprintf(stderr, ": expired\n"); + + fprintf(stderr, "\n"); + } else + fprintf(stderr, "Trusted\n"); + + /* Check if the name in the first certificate matches our destination! + */ + if (!gnutls_x509_crt_check_hostname(cert[0], hostname)) { + printf + ("The certificate's owner does not match hostname '%s'\n", + hostname); + } + + gnutls_x509_trust_list_deinit(tlist, 1); + + return; } static int -print_details_func (gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl, - unsigned int verification_output) +print_details_func(gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl, + unsigned int verification_output) { - char name[512]; - char issuer_name[512]; - size_t name_size; - size_t issuer_name_size; + char name[512]; + char issuer_name[512]; + size_t name_size; + size_t issuer_name_size; - issuer_name_size = sizeof (issuer_name); - gnutls_x509_crt_get_issuer_dn (cert, issuer_name, &issuer_name_size); + issuer_name_size = sizeof(issuer_name); + gnutls_x509_crt_get_issuer_dn(cert, issuer_name, + &issuer_name_size); - name_size = sizeof (name); - gnutls_x509_crt_get_dn (cert, name, &name_size); + name_size = sizeof(name); + gnutls_x509_crt_get_dn(cert, name, &name_size); - fprintf (stdout, "\tSubject: %s\n", name); - fprintf (stdout, "\tIssuer: %s\n", issuer_name); + fprintf(stdout, "\tSubject: %s\n", name); + fprintf(stdout, "\tIssuer: %s\n", issuer_name); - if (issuer != NULL) - { - issuer_name_size = sizeof (issuer_name); - gnutls_x509_crt_get_dn (issuer, issuer_name, &issuer_name_size); + if (issuer != NULL) { + issuer_name_size = sizeof(issuer_name); + gnutls_x509_crt_get_dn(issuer, issuer_name, + &issuer_name_size); - fprintf (stdout, "\tVerified against: %s\n", issuer_name); - } + fprintf(stdout, "\tVerified against: %s\n", issuer_name); + } - if (crl != NULL) - { - issuer_name_size = sizeof (issuer_name); - gnutls_x509_crl_get_issuer_dn (crl, issuer_name, &issuer_name_size); + if (crl != NULL) { + issuer_name_size = sizeof(issuer_name); + gnutls_x509_crl_get_issuer_dn(crl, issuer_name, + &issuer_name_size); - fprintf (stdout, "\tVerified against CRL of: %s\n", issuer_name); - } + fprintf(stdout, "\tVerified against CRL of: %s\n", + issuer_name); + } - fprintf (stdout, "\tVerification output: %x\n\n", verification_output); + fprintf(stdout, "\tVerification output: %x\n\n", + verification_output); - return 0; + return 0; } diff --git a/doc/examples/ex-x509-info.c b/doc/examples/ex-x509-info.c index d2f39cf437..a54aeff468 100644 --- a/doc/examples/ex-x509-info.c +++ b/doc/examples/ex-x509-info.c @@ -11,112 +11,115 @@ #include "examples.h" -static const char * -bin2hex (const void *bin, size_t bin_size) +static const char *bin2hex(const void *bin, size_t bin_size) { - static char printable[110]; - const unsigned char *_bin = bin; - char *print; - size_t i; - - if (bin_size > 50) - bin_size = 50; - - print = printable; - for (i = 0; i < bin_size; i++) - { - sprintf (print, "%.2x ", _bin[i]); - print += 2; - } - - return printable; + static char printable[110]; + const unsigned char *_bin = bin; + char *print; + size_t i; + + if (bin_size > 50) + bin_size = 50; + + print = printable; + for (i = 0; i < bin_size; i++) { + sprintf(print, "%.2x ", _bin[i]); + print += 2; + } + + return printable; } /* This function will print information about this session's peer * certificate. */ -void -print_x509_certificate_info (gnutls_session_t session) +void print_x509_certificate_info(gnutls_session_t session) { - char serial[40]; - char dn[256]; - size_t size; - unsigned int algo, bits; - time_t expiration_time, activation_time; - const gnutls_datum_t *cert_list; - unsigned int cert_list_size = 0; - gnutls_x509_crt_t cert; - gnutls_datum_t cinfo; + char serial[40]; + char dn[256]; + size_t size; + unsigned int algo, bits; + time_t expiration_time, activation_time; + const gnutls_datum_t *cert_list; + unsigned int cert_list_size = 0; + gnutls_x509_crt_t cert; + gnutls_datum_t cinfo; - /* This function only works for X.509 certificates. - */ - if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) - return; + /* This function only works for X.509 certificates. + */ + if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) + return; - cert_list = gnutls_certificate_get_peers (session, &cert_list_size); + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); - printf ("Peer provided %d certificates.\n", cert_list_size); + printf("Peer provided %d certificates.\n", cert_list_size); - if (cert_list_size > 0) - { - int ret; + if (cert_list_size > 0) { + int ret; - /* we only print information about the first certificate. - */ - gnutls_x509_crt_init (&cert); + /* we only print information about the first certificate. + */ + gnutls_x509_crt_init(&cert); - gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER); + gnutls_x509_crt_import(cert, &cert_list[0], + GNUTLS_X509_FMT_DER); - printf ("Certificate info:\n"); + printf("Certificate info:\n"); - /* This is the preferred way of printing short information about - a certificate. */ + /* This is the preferred way of printing short information about + a certificate. */ - ret = gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_ONELINE, &cinfo); - if (ret == 0) - { - printf ("\t%s\n", cinfo.data); - gnutls_free (cinfo.data); - } + ret = + gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_ONELINE, + &cinfo); + if (ret == 0) { + printf("\t%s\n", cinfo.data); + gnutls_free(cinfo.data); + } - /* If you want to extract fields manually for some other reason, - below are popular example calls. */ + /* If you want to extract fields manually for some other reason, + below are popular example calls. */ - expiration_time = gnutls_x509_crt_get_expiration_time (cert); - activation_time = gnutls_x509_crt_get_activation_time (cert); + expiration_time = + gnutls_x509_crt_get_expiration_time(cert); + activation_time = + gnutls_x509_crt_get_activation_time(cert); - printf ("\tCertificate is valid since: %s", ctime (&activation_time)); - printf ("\tCertificate expires: %s", ctime (&expiration_time)); + printf("\tCertificate is valid since: %s", + ctime(&activation_time)); + printf("\tCertificate expires: %s", + ctime(&expiration_time)); - /* Print the serial number of the certificate. - */ - size = sizeof (serial); - gnutls_x509_crt_get_serial (cert, serial, &size); + /* Print the serial number of the certificate. + */ + size = sizeof(serial); + gnutls_x509_crt_get_serial(cert, serial, &size); - printf ("\tCertificate serial number: %s\n", bin2hex (serial, size)); + printf("\tCertificate serial number: %s\n", + bin2hex(serial, size)); - /* Extract some of the public key algorithm's parameters - */ - algo = gnutls_x509_crt_get_pk_algorithm (cert, &bits); + /* Extract some of the public key algorithm's parameters + */ + algo = gnutls_x509_crt_get_pk_algorithm(cert, &bits); - printf ("Certificate public key: %s", - gnutls_pk_algorithm_get_name (algo)); + printf("Certificate public key: %s", + gnutls_pk_algorithm_get_name(algo)); - /* Print the version of the X.509 - * certificate. - */ - printf ("\tCertificate version: #%d\n", - gnutls_x509_crt_get_version (cert)); + /* Print the version of the X.509 + * certificate. + */ + printf("\tCertificate version: #%d\n", + gnutls_x509_crt_get_version(cert)); - size = sizeof (dn); - gnutls_x509_crt_get_dn (cert, dn, &size); - printf ("\tDN: %s\n", dn); + size = sizeof(dn); + gnutls_x509_crt_get_dn(cert, dn, &size); + printf("\tDN: %s\n", dn); - size = sizeof (dn); - gnutls_x509_crt_get_issuer_dn (cert, dn, &size); - printf ("\tIssuer's DN: %s\n", dn); + size = sizeof(dn); + gnutls_x509_crt_get_issuer_dn(cert, dn, &size); + printf("\tIssuer's DN: %s\n", dn); - gnutls_x509_crt_deinit (cert); + gnutls_x509_crt_deinit(cert); - } + } } diff --git a/doc/examples/examples.h b/doc/examples/examples.h index 0c2dbb3372..e5641a52e4 100644 --- a/doc/examples/examples.h +++ b/doc/examples/examples.h @@ -1,25 +1,24 @@ #ifndef EXAMPLES_H #define EXAMPLES_H -void check_alert (gnutls_session_t session, int ret); +void check_alert(gnutls_session_t session, int ret); -int write_pkcs12 (const gnutls_datum_t * cert, - const gnutls_datum_t * pkcs8_key, const char *password); +int write_pkcs12(const gnutls_datum_t * cert, + const gnutls_datum_t * pkcs8_key, const char *password); -void verify_certificate (gnutls_session_t session, const char *hostname); +void verify_certificate(gnutls_session_t session, const char *hostname); -int print_info (gnutls_session_t session); +int print_info(gnutls_session_t session); -void print_x509_certificate_info (gnutls_session_t session); +void print_x509_certificate_info(gnutls_session_t session); -int -_ssh_verify_certificate_callback (gnutls_session_t session); +int _ssh_verify_certificate_callback(gnutls_session_t session); void -verify_certificate_chain (const char *hostname, - const gnutls_datum_t * cert_chain, - int cert_chain_length); +verify_certificate_chain(const char *hostname, + const gnutls_datum_t * cert_chain, + int cert_chain_length); -int verify_certificate_callback (gnutls_session_t session); +int verify_certificate_callback(gnutls_session_t session); -#endif /* EXAMPLES_H */ +#endif /* EXAMPLES_H */ diff --git a/doc/examples/print-ciphersuites.c b/doc/examples/print-ciphersuites.c index a1f8ab3d1a..c0b83216dd 100644 --- a/doc/examples/print-ciphersuites.c +++ b/doc/examples/print-ciphersuites.c @@ -6,50 +6,54 @@ #include <string.h> #include <gnutls/gnutls.h> -static void -print_cipher_suite_list (const char* priorities) +static void print_cipher_suite_list(const char *priorities) { - size_t i; - int ret; - unsigned int idx; - const char *name; - const char *err; - unsigned char id[2]; - gnutls_protocol_t version; - gnutls_priority_t pcache; - - if (priorities != NULL) - { - printf ("Cipher suites for %s\n", priorities); - - ret = gnutls_priority_init(&pcache, priorities, &err); - if (ret < 0) - { - fprintf (stderr, "Syntax error at: %s\n", err); - exit(1); - } - - for (i=0;;i++) - { - ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx); - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; - if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue; - - name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL, &version); - - if (name != NULL) - printf ("%-50s\t0x%02x, 0x%02x\t%s\n", - name, (unsigned char) id[0], (unsigned char) id[1], - gnutls_protocol_get_name (version)); - } - - return; - } + size_t i; + int ret; + unsigned int idx; + const char *name; + const char *err; + unsigned char id[2]; + gnutls_protocol_t version; + gnutls_priority_t pcache; + + if (priorities != NULL) { + printf("Cipher suites for %s\n", priorities); + + ret = gnutls_priority_init(&pcache, priorities, &err); + if (ret < 0) { + fprintf(stderr, "Syntax error at: %s\n", err); + exit(1); + } + + for (i = 0;; i++) { + ret = + gnutls_priority_get_cipher_suite_index(pcache, + i, + &idx); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) + continue; + + name = + gnutls_cipher_suite_info(idx, id, NULL, NULL, + NULL, &version); + + if (name != NULL) + printf("%-50s\t0x%02x, 0x%02x\t%s\n", + name, (unsigned char) id[0], + (unsigned char) id[1], + gnutls_protocol_get_name(version)); + } + + return; + } } -int main(int argc, char** argv) +int main(int argc, char **argv) { - if (argc > 1) - print_cipher_suite_list (argv[1]); - return 0; + if (argc > 1) + print_cipher_suite_list(argv[1]); + return 0; } diff --git a/doc/examples/tcp.c b/doc/examples/tcp.c index fcf8441297..a9b2f0ddaf 100644 --- a/doc/examples/tcp.c +++ b/doc/examples/tcp.c @@ -14,44 +14,41 @@ #include <unistd.h> /* tcp.c */ -int tcp_connect (void); -void tcp_close (int sd); +int tcp_connect(void); +void tcp_close(int sd); /* Connects to the peer and returns a socket * descriptor. */ -extern int -tcp_connect (void) +extern int tcp_connect(void) { - const char *PORT = "5556"; - const char *SERVER = "127.0.0.1"; - int err, sd; - struct sockaddr_in sa; - - /* connects to server - */ - sd = socket (AF_INET, SOCK_STREAM, 0); - - memset (&sa, '\0', sizeof (sa)); - sa.sin_family = AF_INET; - sa.sin_port = htons (atoi (PORT)); - inet_pton (AF_INET, SERVER, &sa.sin_addr); - - err = connect (sd, (struct sockaddr *) & sa, sizeof (sa)); - if (err < 0) - { - fprintf (stderr, "Connect error\n"); - exit (1); - } - - return sd; + const char *PORT = "5556"; + const char *SERVER = "127.0.0.1"; + int err, sd; + struct sockaddr_in sa; + + /* connects to server + */ + sd = socket(AF_INET, SOCK_STREAM, 0); + + memset(&sa, '\0', sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_port = htons(atoi(PORT)); + inet_pton(AF_INET, SERVER, &sa.sin_addr); + + err = connect(sd, (struct sockaddr *) &sa, sizeof(sa)); + if (err < 0) { + fprintf(stderr, "Connect error\n"); + exit(1); + } + + return sd; } /* closes the given socket descriptor. */ -extern void -tcp_close (int sd) +extern void tcp_close(int sd) { - shutdown (sd, SHUT_RDWR); /* no more receptions */ - close (sd); + shutdown(sd, SHUT_RDWR); /* no more receptions */ + close(sd); } diff --git a/doc/examples/udp.c b/doc/examples/udp.c index 0c48ac1b5b..184f31718d 100644 --- a/doc/examples/udp.c +++ b/doc/examples/udp.c @@ -14,53 +14,50 @@ #include <unistd.h> /* udp.c */ -int udp_connect (void); -void udp_close (int sd); +int udp_connect(void); +void udp_close(int sd); /* Connects to the peer and returns a socket * descriptor. */ -extern int -udp_connect (void) +extern int udp_connect(void) { - const char *PORT = "5557"; - const char *SERVER = "127.0.0.1"; - int err, sd, optval; - struct sockaddr_in sa; + const char *PORT = "5557"; + const char *SERVER = "127.0.0.1"; + int err, sd, optval; + struct sockaddr_in sa; - /* connects to server - */ - sd = socket (AF_INET, SOCK_DGRAM, 0); + /* connects to server + */ + sd = socket(AF_INET, SOCK_DGRAM, 0); - memset (&sa, '\0', sizeof (sa)); - sa.sin_family = AF_INET; - sa.sin_port = htons (atoi (PORT)); - inet_pton (AF_INET, SERVER, &sa.sin_addr); + memset(&sa, '\0', sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_port = htons(atoi(PORT)); + inet_pton(AF_INET, SERVER, &sa.sin_addr); #if defined(IP_DONTFRAG) - optval = 1; - setsockopt (sd, IPPROTO_IP, IP_DONTFRAG, - (const void *) &optval, sizeof (optval)); + optval = 1; + setsockopt(sd, IPPROTO_IP, IP_DONTFRAG, + (const void *) &optval, sizeof(optval)); #elif defined(IP_MTU_DISCOVER) - optval = IP_PMTUDISC_DO; - setsockopt(sd, IPPROTO_IP, IP_MTU_DISCOVER, - (const void*) &optval, sizeof (optval)); + optval = IP_PMTUDISC_DO; + setsockopt(sd, IPPROTO_IP, IP_MTU_DISCOVER, + (const void *) &optval, sizeof(optval)); #endif - err = connect (sd, (struct sockaddr *) & sa, sizeof (sa)); - if (err < 0) - { - fprintf (stderr, "Connect error\n"); - exit (1); - } + err = connect(sd, (struct sockaddr *) &sa, sizeof(sa)); + if (err < 0) { + fprintf(stderr, "Connect error\n"); + exit(1); + } - return sd; + return sd; } /* closes the given socket descriptor. */ -extern void -udp_close (int sd) +extern void udp_close(int sd) { - close (sd); + close(sd); } diff --git a/doc/examples/verify.c b/doc/examples/verify.c index bee8e6bdf4..4d0d059ea6 100644 --- a/doc/examples/verify.c +++ b/doc/examples/verify.c @@ -10,42 +10,42 @@ #include "examples.h" -int verify_certificate_callback (gnutls_session_t session) +int verify_certificate_callback(gnutls_session_t session) { - unsigned int status; - int ret, type; - const char *hostname; - gnutls_datum_t out; - - /* read hostname */ - hostname = gnutls_session_get_ptr (session); - - /* This verification function uses the trusted CAs in the credentials - * structure. So you must have installed one or more CA certificates. - */ - ret = gnutls_certificate_verify_peers3 (session, hostname, &status); - if (ret < 0) - { - printf ("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - type = gnutls_certificate_type_get (session); - - ret = gnutls_certificate_verification_status_print( status, type, &out, 0); - if (ret < 0) - { - printf ("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - printf ("%s", out.data); - - gnutls_free(out.data); - - if (status != 0) /* Certificate is not trusted */ - return GNUTLS_E_CERTIFICATE_ERROR; - - /* notify gnutls to continue handshake normally */ - return 0; + unsigned int status; + int ret, type; + const char *hostname; + gnutls_datum_t out; + + /* read hostname */ + hostname = gnutls_session_get_ptr(session); + + /* This verification function uses the trusted CAs in the credentials + * structure. So you must have installed one or more CA certificates. + */ + ret = gnutls_certificate_verify_peers3(session, hostname, &status); + if (ret < 0) { + printf("Error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + type = gnutls_certificate_type_get(session); + + ret = + gnutls_certificate_verification_status_print(status, type, + &out, 0); + if (ret < 0) { + printf("Error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + printf("%s", out.data); + + gnutls_free(out.data); + + if (status != 0) /* Certificate is not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + + /* notify gnutls to continue handshake normally */ + return 0; } |