search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix dangling/unused bindings in `(gnutls)'.
[gnutls.git] / src / cli.c
blob1136d9d0e3b40a29d518bee02f1a701fdc8619e1
1 /*
2 * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation
3 * Copyright (C) 2000,2001,2002,2003 Nikos Mavrogiannopoulos
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22
23 #include <stdio.h>
24 #include <errno.h>
25 #include <stdlib.h>
26 #include <sys/types.h>
27 #include <string.h>
28 #include <sys/time.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31 #include <fcntl.h>
32
33 #include <gnutls/gnutls.h>
34 #include <gnutls/extra.h>
35 #include <gnutls/x509.h>
36 #include <gnutls/openpgp.h>
37 #include <gcrypt.h>
38
39 #include "error.h"
40 #include "read-file.h"
41
42 #include "common.h"
43 #include "cli-gaa.h"
44
45 #if defined _WIN32 || defined __WIN32__
46 #define select _win_select
47 #endif
48
49 #ifndef SHUT_WR
50 # define SHUT_WR 1
51 #endif
52
53 #ifndef SHUT_RDWR
54 # define SHUT_RDWR 2
55 #endif
56
57 #define SA struct sockaddr
58 #define ERR(err,s) do { if (err==-1) {perror(s);return(1);} } while (0)
59 #define MAX_BUF 4096
60
61 /* global stuff here */
62 int resume, starttls, insecure;
63 char *hostname = NULL;
64 char *service;
65 int record_max_size;
66 int fingerprint;
67 int crlf;
68 int verbose = 0;
69 extern int print_cert;
70
71 char *srp_passwd = NULL;
72 char *srp_username;
73 char *pgp_keyfile;
74 char *pgp_certfile;
75 char *pgp_keyring;
76 char *x509_keyfile;
77 char *x509_certfile;
78 char *x509_cafile;
79 char *x509_crlfile = NULL;
80 static int x509ctype;
81 static int disable_extensions;
82
83 char *psk_username = NULL;
84 gnutls_datum_t psk_key = { NULL, 0 };
85
86 static gnutls_srp_client_credentials_t srp_cred;
87 static gnutls_psk_client_credentials_t psk_cred;
88 static gnutls_anon_client_credentials_t anon_cred;
89 static gnutls_certificate_credentials_t xcred;
90
91 static gaainfo info;
92
93 static int protocol_priority[PRI_MAX];
94 static int kx_priority[PRI_MAX];
95 static int cipher_priority[PRI_MAX];
96 static int comp_priority[PRI_MAX];
97 static int mac_priority[PRI_MAX];
98 static int cert_type_priority[PRI_MAX];
99
100 /* end of global stuff */
101
102 /* prototypes */
103 typedef struct
104 {
105 int fd;
106 gnutls_session_t session;
107 int secure;
108 char *hostname;
109 char *ip;
110 char *service;
111 struct addrinfo *ptr;
112 struct addrinfo *addr_info;
113 } socket_st;
114
115 ssize_t socket_recv (const socket_st * socket, void *buffer, int buffer_size);
116 ssize_t socket_send (const socket_st * socket, const void *buffer,
117 int buffer_size);
118 void socket_open (socket_st * hd, const char *hostname, const char *service);
119 void socket_connect (const socket_st * hd);
120 void socket_bye (socket_st * socket);
121
122 static void check_rehandshake (socket_st * socket, int ret);
123 static int do_handshake (socket_st * socket);
124 static void init_global_tls_stuff (void);
125
126
127 #undef MAX
128 #define MAX(X,Y) (X >= Y ? X : Y);
129
130
131 /* Helper functions to load a certificate and key
132 * files into memory.
133 */
134 static gnutls_datum_t
135 load_file (const char *file)
136 {
137 FILE *f;
138 gnutls_datum_t loaded_file = { NULL, 0 };
139 long filelen;
140 void *ptr;
141
142 if (!(f = fopen (file, "r"))
143 || fseek (f, 0, SEEK_END) != 0
144 || (filelen = ftell (f)) < 0
145 || fseek (f, 0, SEEK_SET) != 0
146 || !(ptr = malloc ((size_t) filelen))
147 || fread (ptr, 1, (size_t) filelen, f) < (size_t) filelen)
148 {
149 return loaded_file;
150 }
151
152 loaded_file.data = ptr;
153 loaded_file.size = (unsigned int) filelen;
154 return loaded_file;
155 }
156
157 static void
158 unload_file (gnutls_datum_t data)
159 {
160 free (data.data);
161 }
162
163 #define MAX_CRT 6
164 static unsigned int x509_crt_size;
165 static gnutls_x509_crt_t x509_crt[MAX_CRT];
166 static gnutls_x509_privkey_t x509_key = NULL;
167
168 static gnutls_openpgp_crt_t pgp_crt = NULL;
169 static gnutls_openpgp_privkey_t pgp_key = NULL;
170
171 /* Load the certificate and the private key.
172 */
173 static void
174 load_keys (void)
175 {
176 unsigned int crt_num;
177 int ret;
178 gnutls_datum_t data;
179
180 if (x509_certfile != NULL && x509_keyfile != NULL)
181 {
182 data = load_file (x509_certfile);
183 if (data.data == NULL)
184 {
185 fprintf (stderr, "*** Error loading cert file.\n");
186 exit (1);
187 }
188
189 crt_num = MAX_CRT;
190 ret =
191 gnutls_x509_crt_list_import (x509_crt, &crt_num, &data,
192 GNUTLS_X509_FMT_PEM,
193 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
194 if (ret < 0)
195 {
196 if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
197 {
198 fprintf (stderr,
199 "*** Error loading cert file: Too many certs %d\n",
200 crt_num);
201
202 }
203 else
204 {
205 fprintf (stderr,
206 "*** Error loading cert file: %s\n",
207 gnutls_strerror (ret));
208 }
209 exit (1);
210 }
211 x509_crt_size = ret;
212 fprintf (stderr, "Processed %d client certificates...\n", ret);
213
214 unload_file (data);
215
216 data = load_file (x509_keyfile);
217 if (data.data == NULL)
218 {
219 fprintf (stderr, "*** Error loading key file.\n");
220 exit (1);
221 }
222
223 gnutls_x509_privkey_init (&x509_key);
224
225 ret = gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM);
226 if (ret < 0)
227 {
228 fprintf (stderr, "*** Error loading key file: %s\n",
229 gnutls_strerror (ret));
230 exit (1);
231 }
232
233 unload_file (data);
234
235 fprintf (stderr, "Processed %d client X.509 certificates...\n",
236 x509_crt_size);
237 }
238 #ifdef ENABLE_OPENPGP
239 if (pgp_certfile != NULL && pgp_keyfile != NULL)
240 {
241 data = load_file (pgp_certfile);
242 if (data.data == NULL)
243 {
244 fprintf (stderr, "*** Error loading PGP cert file.\n");
245 exit (1);
246 }
247 gnutls_openpgp_crt_init (&pgp_crt);
248
249 ret =
250 gnutls_openpgp_crt_import (pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64);
251 if (ret < 0)
252 {
253 fprintf (stderr,
254 "*** Error loading PGP cert file: %s\n",
255 gnutls_strerror (ret));
256 exit (1);
257 }
258
259 unload_file (data);
260
261 data = load_file (pgp_keyfile);
262 if (data.data == NULL)
263 {
264 fprintf (stderr, "*** Error loading PGP key file.\n");
265 exit (1);
266 }
267
268 gnutls_openpgp_privkey_init (&pgp_key);
269
270 ret =
271 gnutls_openpgp_privkey_import (pgp_key, &data,
272 GNUTLS_OPENPGP_FMT_BASE64, NULL, 0);
273 if (ret < 0)
274 {
275 fprintf (stderr,
276 "*** Error loading PGP key file: %s\n",
277 gnutls_strerror (ret));
278 exit (1);
279 }
280
281 unload_file (data);
282 fprintf (stderr, "Processed 1 client PGP certificate...\n");
283 }
284 #endif
285
286 }
287
288
289
290 /* This callback should be associated with a session by calling
291 * gnutls_certificate_client_set_retrieve_function( session, cert_callback),
292 * before a handshake.
293 */
294
295 static int
296 cert_callback (gnutls_session_t session,
297 const gnutls_datum_t * req_ca_rdn, int nreqs,
298 const gnutls_pk_algorithm_t * sign_algos,
299 int sign_algos_length, gnutls_retr_st * st)
300 {
301 char issuer_dn[256];
302 int i, ret;
303 size_t len;
304
305 if (verbose)
306 {
307
308 /* Print the server's trusted CAs
309 */
310 if (nreqs > 0)
311 printf ("- Server's trusted authorities:\n");
312 else
313 printf ("- Server did not send us any trusted authorities names.\n");
314
315 /* print the names (if any) */
316 for (i = 0; i < nreqs; i++)
317 {
318 len = sizeof (issuer_dn);
319 ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
320 if (ret >= 0)
321 {
322 printf (" [%d]: ", i);
323 printf ("%s\n", issuer_dn);
324 }
325 }
326 }
327
328 /* Select a certificate and return it.
329 * The certificate must be of any of the "sign algorithms"
330 * supported by the server.
331 */
332
333 st->type = gnutls_certificate_type_get (session);
334
335 st->ncerts = 0;
336
337 if (st->type == GNUTLS_CRT_X509)
338 {
339 if (x509_crt != NULL && x509_key != NULL)
340 {
341 st->ncerts = x509_crt_size;
342
343 st->cert.x509 = x509_crt;
344 st->key.x509 = x509_key;
345
346 st->deinit_all = 0;
347
348 return 0;
349 }
350 }
351 else if (st->type == GNUTLS_CRT_OPENPGP)
352 {
353 if (pgp_key != NULL && pgp_crt != NULL)
354 {
355 st->ncerts = 1;
356
357 st->cert.pgp = pgp_crt;
358 st->key.pgp = pgp_key;
359
360 st->deinit_all = 0;
361
362 return 0;
363 }
364 }
365
366 printf ("- Successfully sent %d certificate(s) to server.\n", st->ncerts);
367 return 0;
368
369 }
370
371 /* initializes a gnutls_session_t with some defaults.
372 */
373 static gnutls_session_t
374 init_tls_session (const char *hostname)
375 {
376 const char *err;
377
378 gnutls_session_t session;
379
380 gnutls_init (&session, GNUTLS_CLIENT);
381
382 if (gnutls_priority_set_direct (session, info.priorities, &err) < 0)
383 {
384 fprintf(stderr, "Syntax error at: %s\n", err);
385 exit(1);
386 }
387
388 /* allow the use of private ciphersuites.
389 */
390 if (disable_extensions == 0)
391 {
392 gnutls_handshake_set_private_extensions (session, 1);
393 gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
394 strlen (hostname));
395 if (cert_type_priority[0])
396 gnutls_certificate_type_set_priority (session, cert_type_priority);
397 }
398
399 if (cipher_priority[0])
400 gnutls_cipher_set_priority (session, cipher_priority);
401 if (comp_priority[0])
402 gnutls_compression_set_priority (session, comp_priority);
403 if (kx_priority[0])
404 gnutls_kx_set_priority (session, kx_priority);
405 if (protocol_priority[0])
406 gnutls_protocol_set_priority (session, protocol_priority);
407 if (mac_priority[0])
408 gnutls_mac_set_priority (session, mac_priority);
409
410 gnutls_dh_set_prime_bits (session, 512);
411
412 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
413 if (srp_cred)
414 gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
415 if (psk_cred)
416 gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
417 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
418
419 gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);
420
421 /* send the fingerprint */
422 if (fingerprint != 0)
423 gnutls_openpgp_send_cert (session, GNUTLS_OPENPGP_CERT_FINGERPRINT);
424
425 /* use the max record size extension */
426 if (record_max_size > 0 && disable_extensions == 0)
427 {
428 if (gnutls_record_set_max_size (session, record_max_size) < 0)
429 {
430 fprintf (stderr,
431 "Cannot set the maximum record size to %d.\n",
432 record_max_size);
433 fprintf (stderr, "Possible values: 512, 1024, 2048, 4096.\n");
434 exit (1);
435 }
436 }
437
438 #ifdef ENABLE_OPRFI
439 if (info.opaque_prf_input)
440 gnutls_oprfi_enable_client (session, strlen (info.opaque_prf_input),
441 info.opaque_prf_input);
442 #endif
443
444 return session;
445 }
446
447 static void gaa_parser (int argc, char **argv);
448
449 /* Returns zero if the error code was successfully handled.
450 */
451 static int
452 handle_error (socket_st * hd, int err)
453 {
454 int alert, ret;
455 const char *err_type, *str;
456
457 if (err >= 0)
458 return 0;
459
460 if (gnutls_error_is_fatal (err) == 0)
461 {
462 ret = 0;
463 err_type = "Non fatal";
464 }
465 else
466 {
467 ret = err;
468 err_type = "Fatal";
469 }
470
471 str = gnutls_strerror (err);
472 if (str == NULL)
473 str = str_unknown;
474 fprintf (stderr, "*** %s error: %s\n", err_type, str);
475
476 if (err == GNUTLS_E_WARNING_ALERT_RECEIVED
477 || err == GNUTLS_E_FATAL_ALERT_RECEIVED)
478 {
479 alert = gnutls_alert_get (hd->session);
480 str = gnutls_alert_get_name (alert);
481 if (str == NULL)
482 str = str_unknown;
483 printf ("*** Received alert [%d]: %s\n", alert, str);
484
485 /* In SRP if the alert is MISSING_SRP_USERNAME,
486 * we should read the username/password and
487 * call gnutls_handshake(). This is not implemented
488 * here.
489 */
490 }
491
492 check_rehandshake (hd, ret);
493
494 return ret;
495 }
496
497 int starttls_alarmed = 0;
498
499 void
500 starttls_alarm (int signum)
501 {
502 starttls_alarmed = 1;
503 }
504
505 static void
506 tls_log_func (int level, const char *str)
507 {
508 fprintf (stderr, "|<%d>| %s", level, str);
509 }
510
511 int
512 main (int argc, char **argv)
513 {
514 int err, ret;
515 int ii, i;
516 char buffer[MAX_BUF + 1];
517 char *session_data = NULL;
518 char *session_id = NULL;
519 size_t session_data_size;
520 size_t session_id_size;
521 fd_set rset;
522 int maxfd;
523 struct timeval tv;
524 int user_term = 0;
525 socket_st hd;
526
527 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
528
529 if ((ret = gnutls_global_init ()) < 0)
530 {
531 fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret));
532 exit (1);
533 }
534
535 if ((ret = gnutls_global_init_extra ()) < 0)
536 {
537 fprintf (stderr, "global_init_extra: %s\n", gnutls_strerror (ret));
538 // exit (1);
539 }
540
541 gaa_parser (argc, argv);
542 if (hostname == NULL)
543 {
544 fprintf (stderr, "No hostname given\n");
545 exit (1);
546 }
547
548 gnutls_global_set_log_function (tls_log_func);
549 gnutls_global_set_log_level (info.debug);
550
551 sockets_init ();
552
553 #ifndef _WIN32
554 signal (SIGPIPE, SIG_IGN);
555 #endif
556
557 init_global_tls_stuff ();
558
559 socket_open (&hd, hostname, service);
560 socket_connect (&hd);
561
562 hd.session = init_tls_session (hostname);
563 if (starttls)
564 goto after_handshake;
565
566 for (i = 0; i < 2; i++)
567 {
568
569
570 if (i == 1)
571 {
572 hd.session = init_tls_session (hostname);
573 gnutls_session_set_data (hd.session, session_data,
574 session_data_size);
575 free (session_data);
576 }
577
578 ret = do_handshake (&hd);
579
580 if (ret < 0)
581 {
582 fprintf (stderr, "*** Handshake has failed\n");
583 gnutls_perror (ret);
584 gnutls_deinit (hd.session);
585 return 1;
586 }
587 else
588 {
589 printf ("- Handshake was completed\n");
590 if (gnutls_session_is_resumed (hd.session) != 0)
591 printf ("*** This is a resumed session\n");
592 }
593
594
595
596 if (resume != 0 && i == 0)
597 {
598
599 gnutls_session_get_data (hd.session, NULL, &session_data_size);
600 session_data = malloc (session_data_size);
601
602 gnutls_session_get_data (hd.session, session_data,
603 &session_data_size);
604
605 gnutls_session_get_id (hd.session, NULL, &session_id_size);
606 session_id = malloc (session_id_size);
607 gnutls_session_get_id (hd.session, session_id, &session_id_size);
608
609 /* print some information */
610 print_info (hd.session, hostname);
611
612 printf ("- Disconnecting\n");
613 socket_bye (&hd);
614
615 printf
616 ("\n\n- Connecting again- trying to resume previous session\n");
617 socket_open (&hd, hostname, service);
618 socket_connect (&hd);
619 }
620 else
621 {
622 break;
623 }
624 }
625
626 after_handshake:
627
628 /* Warning! Do not touch this text string, it is used by external
629 programs to search for when gnutls-cli has reached this point. */
630 printf ("\n- Simple Client Mode:\n\n");
631
632 #ifndef _WIN32
633 signal (SIGALRM, &starttls_alarm);
634 #endif
635
636 /* do not buffer */
637 #if !(defined _WIN32 || defined __WIN32__)
638 setbuf (stdin, NULL);
639 #endif
640 setbuf (stdout, NULL);
641 setbuf (stderr, NULL);
642
643 for (;;)
644 {
645 if (starttls_alarmed && !hd.secure)
646 {
647 /* Warning! Do not touch this text string, it is used by
648 external programs to search for when gnutls-cli has
649 reached this point. */
650 fprintf (stderr, "*** Starting TLS handshake\n");
651 ret = do_handshake (&hd);
652 if (ret < 0)
653 {
654 fprintf (stderr, "*** Handshake has failed\n");
655 socket_bye (&hd);
656 user_term = 1;
657 break;
658 }
659 }
660
661 FD_ZERO (&rset);
662 FD_SET (fileno (stdin), &rset);
663 FD_SET (hd.fd, &rset);
664
665 maxfd = MAX (fileno (stdin), hd.fd);
666 tv.tv_sec = 3;
667 tv.tv_usec = 0;
668
669 err = select (maxfd + 1, &rset, NULL, NULL, &tv);
670 if (err < 0)
671 continue;
672
673 if (FD_ISSET (hd.fd, &rset))
674 {
675 memset (buffer, 0, MAX_BUF + 1);
676 ret = socket_recv (&hd, buffer, MAX_BUF);
677
678 if (ret == 0)
679 {
680 printf ("- Peer has closed the GNUTLS connection\n");
681 break;
682 }
683 else if (handle_error (&hd, ret) < 0 && user_term == 0)
684 {
685 fprintf (stderr,
686 "*** Server has terminated the connection abnormally.\n");
687 break;
688 }
689 else if (ret > 0)
690 {
691 if (verbose != 0)
692 printf ("- Received[%d]: ", ret);
693 for (ii = 0; ii < ret; ii++)
694 {
695 fputc (buffer[ii], stdout);
696 }
697 fflush (stdout);
698 }
699
700 if (user_term != 0)
701 break;
702 }
703
704 if (FD_ISSET (fileno (stdin), &rset))
705 {
706 if (fgets (buffer, MAX_BUF, stdin) == NULL)
707 {
708 if (hd.secure == 0)
709 {
710 /* Warning! Do not touch this text string, it is
711 used by external programs to search for when
712 gnutls-cli has reached this point. */
713 fprintf (stderr, "*** Starting TLS handshake\n");
714 ret = do_handshake (&hd);
715 clearerr (stdin);
716 if (ret < 0)
717 {
718 fprintf (stderr, "*** Handshake has failed\n");
719 socket_bye (&hd);
720 user_term = 1;
721 break;
722 }
723 }
724 else
725 {
726 user_term = 1;
727 break;
728 }
729 continue;
730 }
731
732 if (crlf != 0)
733 {
734 char *b = strchr (buffer, '\n');
735 if (b != NULL)
736 strcpy (b, "\r\n");
737 }
738
739 ret = socket_send (&hd, buffer, strlen (buffer));
740
741 if (ret > 0)
742 {
743 if (verbose != 0)
744 printf ("- Sent: %d bytes\n", ret);
745 }
746 else
747 handle_error (&hd, ret);
748
749 }
750 }
751
752 if (user_term != 0)
753 socket_bye (&hd);
754 else
755 gnutls_deinit (hd.session);
756
757 #ifdef ENABLE_SRP
758 if (srp_cred)
759 gnutls_srp_free_client_credentials (srp_cred);
760 #endif
761 #ifdef ENABLE_PSK
762 if (psk_cred)
763 gnutls_psk_free_client_credentials (psk_cred);
764 #endif
765
766 gnutls_certificate_free_credentials (xcred);
767
768 #ifdef ENABLE_ANON
769 gnutls_anon_free_client_credentials (anon_cred);
770 #endif
771
772 gnutls_global_deinit ();
773
774 return 0;
775 }
776
777 void
778 gaa_parser (int argc, char **argv)
779 {
780 if (gaa (argc, argv, &info) != -1)
781 {
782 fprintf (stderr,
783 "Error in the arguments. Use the --help or -h parameters to get more information.\n");
784 exit (1);
785 }
786
787 verbose = info.verbose;
788 disable_extensions = info.disable_extensions;
789 print_cert = info.print_cert;
790 starttls = info.starttls;
791 resume = info.resume;
792 insecure = info.insecure;
793 service = info.port;
794 record_max_size = info.record_size;
795 fingerprint = info.fingerprint;
796
797 if (info.fmtder == 0)
798 x509ctype = GNUTLS_X509_FMT_PEM;
799 else
800 x509ctype = GNUTLS_X509_FMT_DER;
801
802 srp_username = info.srp_username;
803 srp_passwd = info.srp_passwd;
804 x509_cafile = info.x509_cafile;
805 x509_crlfile = info.x509_crlfile;
806 x509_keyfile = info.x509_keyfile;
807 x509_certfile = info.x509_certfile;
808 pgp_keyfile = info.pgp_keyfile;
809 pgp_certfile = info.pgp_certfile;
810
811 psk_username = info.psk_username;
812 psk_key.data = (unsigned char *) info.psk_key;
813 if (info.psk_key != NULL)
814 psk_key.size = strlen (info.psk_key);
815 else
816 psk_key.size = 0;
817
818 pgp_keyring = info.pgp_keyring;
819
820 crlf = info.crlf;
821
822 if (info.rest_args == NULL)
823 hostname = "localhost";
824 else
825 hostname = info.rest_args;
826
827 parse_protocols (info.proto, info.nproto, protocol_priority);
828 parse_ciphers (info.ciphers, info.nciphers, cipher_priority);
829 parse_macs (info.macs, info.nmacs, mac_priority);
830 parse_ctypes (info.ctype, info.nctype, cert_type_priority);
831 parse_kx (info.kx, info.nkx, kx_priority);
832 parse_comp (info.comp, info.ncomp, comp_priority);
833 }
834
835 void
836 cli_version (void)
837 {
838 const char *v = gnutls_check_version (NULL);
839
840 printf ("gnutls-cli (GnuTLS) %s\n", LIBGNUTLS_VERSION);
841 if (strcmp (v, LIBGNUTLS_VERSION) != 0)
842 printf ("libgnutls %s\n", v);
843 }
844
845
846 static void
847 check_rehandshake (socket_st * socket, int ret)
848 {
849 if (socket->secure && ret == GNUTLS_E_REHANDSHAKE)
850 {
851 /* There is a race condition here. If application
852 * data is sent after the rehandshake request,
853 * the server thinks we ignored his request.
854 * This is a bad design of this client.
855 */
856 printf ("*** Received rehandshake request\n");
857 /* gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); */
858
859 ret = do_handshake (socket);
860
861 if (ret == 0)
862 {
863 printf ("*** Rehandshake was performed.\n");
864 }
865 else
866 {
867 printf ("*** Rehandshake Failed.\n");
868 }
869 }
870 }
871
872
873 static int
874 do_handshake (socket_st * socket)
875 {
876 int ret;
877 gnutls_transport_set_ptr (socket->session,
878 (gnutls_transport_ptr_t) socket->fd);
879 do
880 {
881 ret = gnutls_handshake (socket->session);
882
883 if (ret < 0)
884 {
885 handle_error (socket, ret);
886 }
887 }
888 while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
889
890 if (ret == 0)
891 {
892 /* print some information */
893 print_info (socket->session, socket->hostname);
894
895 if ((x509_cafile || pgp_keyring) && !insecure)
896 {
897 int rc;
898 unsigned int status;
899
900 /* abort if verification fail */
901 rc = gnutls_certificate_verify_peers2 (socket->session, &status);
902 if (rc != 0 || status != 0)
903 {
904 printf ("*** Verifying server certificate failed...\n");
905 exit (1);
906 }
907 }
908
909 socket->secure = 1;
910
911 }
912 return ret;
913 }
914
915 static int
916 srp_username_callback (gnutls_session_t session,
917 char **username, char **password)
918 {
919 if (srp_username == NULL || srp_passwd == NULL)
920 {
921 return -1;
922 }
923
924 *username = gnutls_strdup (srp_username);
925 *password = gnutls_strdup (srp_passwd);
926
927 return 0;
928 }
929
930 static void
931 init_global_tls_stuff (void)
932 {
933 int ret;
934
935 /* X509 stuff */
936 if (gnutls_certificate_allocate_credentials (&xcred) < 0)
937 {
938 fprintf (stderr, "Certificate allocation memory error\n");
939 exit (1);
940 }
941
942 /* there are some CAs that have a v1 certificate *%&@#*%&
943 */
944 gnutls_certificate_set_verify_flags (xcred,
945 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
946
947 if (x509_cafile != NULL)
948 {
949 ret =
950 gnutls_certificate_set_x509_trust_file (xcred,
951 x509_cafile, x509ctype);
952 if (ret < 0)
953 {
954 fprintf (stderr, "Error setting the x509 trust file\n");
955 }
956 else
957 {
958 printf ("Processed %d CA certificate(s).\n", ret);
959 }
960 }
961 #ifdef ENABLE_PKI
962 if (x509_crlfile != NULL)
963 {
964 ret =
965 gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile, x509ctype);
966 if (ret < 0)
967 {
968 fprintf (stderr, "Error setting the x509 CRL file\n");
969 }
970 else
971 {
972 printf ("Processed %d CRL(s).\n", ret);
973 }
974 }
975 #endif
976
977 load_keys ();
978
979 #ifdef ENABLE_OPENPGP
980 if (pgp_keyring != NULL)
981 {
982 ret = gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring, GNUTLS_OPENPGP_FMT_BASE64);
983 if (ret < 0)
984 {
985 fprintf (stderr, "Error setting the OpenPGP keyring file\n");
986 }
987 }
988 #endif
989
990 #ifdef ENABLE_SRP
991 if (srp_username && srp_passwd)
992 {
993 /* SRP stuff */
994 if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
995 {
996 fprintf (stderr, "SRP authentication error\n");
997 }
998
999 gnutls_srp_set_client_credentials_function (srp_cred,
1000 srp_username_callback);
1001 }
1002 #endif
1003
1004 #ifdef ENABLE_PSK
1005 if (psk_username && !psk_key.data)
1006 {
1007 /* SRP stuff */
1008 if (gnutls_psk_allocate_client_credentials (&psk_cred) < 0)
1009 {
1010 fprintf (stderr, "PSK authentication error\n");
1011 }
1012
1013 gnutls_psk_set_client_credentials (psk_cred,
1014 psk_username, &psk_key,
1015 GNUTLS_PSK_KEY_HEX);
1016 }
1017 #endif
1018
1019 #ifdef ENABLE_ANON
1020 /* ANON stuff */
1021 if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
1022 {
1023 fprintf (stderr, "Anonymous authentication error\n");
1024 }
1025 #endif
1026
1027 }
1028
1029 /* Functions to manipulate sockets
1030 */
1031
1032 ssize_t
1033 socket_recv (const socket_st * socket, void *buffer, int buffer_size)
1034 {
1035 int ret;
1036
1037 if (socket->secure)
1038 do
1039 {
1040 ret = gnutls_record_recv (socket->session, buffer, buffer_size);
1041 }
1042 while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
1043 else
1044 do
1045 {
1046 ret = recv (socket->fd, buffer, buffer_size, 0);
1047 }
1048 while (ret == -1 && errno == EINTR);
1049
1050 return ret;
1051 }
1052
1053 ssize_t
1054 socket_send (const socket_st * socket, const void *buffer, int buffer_size)
1055 {
1056 int ret;
1057
1058 if (socket->secure)
1059 do
1060 {
1061 ret = gnutls_record_send (socket->session, buffer, buffer_size);
1062 }
1063 while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
1064 else
1065 do
1066 {
1067 ret = send (socket->fd, buffer, buffer_size, 0);
1068 }
1069 while (ret == -1 && errno == EINTR);
1070
1071 if (ret > 0 && ret != buffer_size && verbose)
1072 fprintf (stderr,
1073 "*** Only sent %d bytes instead of %d.\n", ret, buffer_size);
1074
1075 return ret;
1076 }
1077
1078 void
1079 socket_bye (socket_st * socket)
1080 {
1081 int ret;
1082 if (socket->secure)
1083 {
1084 do
1085 ret = gnutls_bye (socket->session, GNUTLS_SHUT_RDWR);
1086 while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
1087 if (ret < 0)
1088 fprintf (stderr, "*** gnutls_bye() error: %s\n",
1089 gnutls_strerror (ret));
1090 gnutls_deinit (socket->session);
1091 socket->session = NULL;
1092 }
1093
1094 freeaddrinfo (socket->addr_info);
1095 socket->addr_info = socket->ptr = NULL;
1096
1097 free (socket->ip);
1098 free (socket->hostname);
1099 free (socket->service);
1100
1101 shutdown (socket->fd, SHUT_RDWR); /* no more receptions */
1102 close (socket->fd);
1103
1104 socket->fd = -1;
1105 socket->secure = 0;
1106 }
1107
1108 void
1109 socket_connect (const socket_st * hd)
1110 {
1111 int err;
1112
1113 printf ("Connecting to '%s:%s'...\n", hd->ip, hd->service);
1114
1115 err = connect (hd->fd, hd->ptr->ai_addr, hd->ptr->ai_addrlen);
1116 if (err < 0)
1117 {
1118 fprintf (stderr, "Cannot connect to %s:%s: %s\n", hd->hostname,
1119 hd->service, strerror (errno));
1120 exit (1);
1121 }
1122 }
1123
1124 void
1125 socket_open (socket_st * hd, const char *hostname, const char *service)
1126 {
1127 struct addrinfo hints, *res, *ptr;
1128 int sd, err;
1129 char buffer[MAX_BUF + 1];
1130 char portname[16] = { 0 };
1131
1132 printf ("Resolving '%s'...\n", hostname);
1133 /* get server name */
1134 memset (&hints, 0, sizeof (hints));
1135 hints.ai_socktype = SOCK_STREAM;
1136 if ((err = getaddrinfo (hostname, service, &hints, &res)))
1137 {
1138 fprintf (stderr, "Cannot resolve %s:%s: %s\n", hostname, service,
1139 gai_strerror (err));
1140 exit (1);
1141 }
1142
1143 sd = -1;
1144 for (ptr = res; ptr != NULL; ptr = ptr->ai_next)
1145 {
1146 sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
1147 if (sd == -1)
1148 continue;
1149
1150 if ((err = getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF,
1151 portname, sizeof (portname),
1152 NI_NUMERICHOST | NI_NUMERICSERV)) != 0)
1153 {
1154 fprintf (stderr, "getnameinfo(): %s\n", gai_strerror (err));
1155 freeaddrinfo (res);
1156 exit (1);
1157 }
1158
1159 break;
1160 }
1161
1162 if (sd == -1)
1163 {
1164 fprintf (stderr, "socket(): %s\n", strerror (errno));
1165 exit (1);
1166 }
1167
1168 hd->secure = 0;
1169 hd->fd = sd;
1170 hd->hostname = strdup (hostname);
1171 hd->ip = strdup (buffer);
1172 hd->service = strdup (portname);
1173 hd->ptr = ptr;
1174 hd->addr_info = res;
1175
1176 return;
1177 }
Implementation of the SSL/TLS protocol