doc/examples/ex-client-dtls.c

   1 /* This example code is placed in the public domain. */
   2
   3 #ifdef HAVE_CONFIG_H
   4 #include <config.h>
   5 #endif
   6
   7 #include <stdio.h>
   8 #include <stdlib.h>
   9 #include <string.h>
  10 #include <sys/types.h>
  11 #include <sys/socket.h>
  12 #include <arpa/inet.h>
  13 #include <unistd.h>
  14 #include <gnutls/gnutls.h>
  15 #include <gnutls/dtls.h>
  16
  17 /* A very basic Datagram TLS client, over UDP with X.509 authentication.
  18  */
  19
  20 #define MAX_BUF 1024
  21 #define CAFILE "/etc/ssl/certs/ca-certificates.crt"
  22 #define MSG "GET / HTTP/1.0\r\n\r\n"
  23
  24 extern int udp_connect (void);
  25 extern void udp_close (int sd);
  26 extern int verify_certificate_callback (gnutls_session_t session);
  27
  28 int
  29 main (void)
  30 {
  31   int ret, sd, ii;
  32   gnutls_session_t session;
  33   char buffer[MAX_BUF + 1];
  34   const char *err;
  35   gnutls_certificate_credentials_t xcred;
  36
  37   gnutls_global_init ();
  38
  39   /* X509 stuff */
  40   gnutls_certificate_allocate_credentials (&xcred);
  41
  42   /* sets the trusted cas file */
  43   gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
  44   gnutls_certificate_set_verify_function (xcred, verify_certificate_callback);
  45
  46   /* Initialize TLS session */
  47   gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
  48
  49   /* Use default priorities */
  50   ret = gnutls_priority_set_direct (session, "NORMAL", &err);
  51   if (ret < 0)
  52     {
  53       if (ret == GNUTLS_E_INVALID_REQUEST)
  54         {
  55           fprintf (stderr, "Syntax error at: %s\n", err);
  56         }
  57       exit (1);
  58     }
  59
  60   /* put the x509 credentials to the current session */
  61   gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
  62   gnutls_server_name_set (session, GNUTLS_NAME_DNS, "my_host_name",
  63                           strlen("my_host_name"));
  64
  65   /* connect to the peer */
  66   sd = udp_connect ();
  67
  68   gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
  69
  70   /* set the connection MTU */
  71   gnutls_dtls_set_mtu (session, 1000);
  72
  73   /* Perform the TLS handshake */
  74   do
  75     {
  76       ret = gnutls_handshake (session);
  77     }
  78   while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
  79
  80   if (ret < 0)
  81     {
  82       fprintf (stderr, "*** Handshake failed\n");
  83       gnutls_perror (ret);
  84       goto end;
  85     }
  86   else
  87     {
  88       printf ("- Handshake was completed\n");
  89     }
  90
  91   gnutls_record_send (session, MSG, strlen (MSG));
  92
  93   ret = gnutls_record_recv (session, buffer, MAX_BUF);
  94   if (ret == 0)
  95     {
  96       printf ("- Peer has closed the TLS connection\n");
  97       goto end;
  98     }
  99   else if (ret < 0)
 100     {
 101       fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
 102       goto end;
 103     }
 104
 105   printf ("- Received %d bytes: ", ret);
 106   for (ii = 0; ii < ret; ii++)
 107     {
 108       fputc (buffer[ii], stdout);
 109     }
 110   fputs ("\n", stdout);
 111
 112   /* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS
 113    * connections because the peer's closure message might
 114    * be lost */
 115   gnutls_bye (session, GNUTLS_SHUT_WR);
 116
 117 end:
 118
 119   udp_close (sd);
 120
 121   gnutls_deinit (session);
 122
 123   gnutls_certificate_free_credentials (xcred);
 124
 125   gnutls_global_deinit ();
 126
 127   return 0;
 128 }