]>
Commit | Line | Data |
---|---|---|
b71f4375 JB |
1 | diff -Nur gnutls-1.2.0/doc/examples.orig/ex-client1.c gnutls-1.2.0/doc/examples/ex-client1.c |
2 | --- gnutls-1.2.0/doc/examples.orig/ex-client1.c 1970-01-01 01:00:00.000000000 +0100 | |
3 | +++ gnutls-1.2.0/doc/examples/ex-client1.c 2005-02-28 19:46:21.821264960 +0100 | |
4 | @@ -0,0 +1,128 @@ | |
5 | + | |
6 | +#include <stdio.h> | |
7 | +#include <stdlib.h> | |
8 | +#include <string.h> | |
9 | +#include <sys/types.h> | |
10 | +#include <sys/socket.h> | |
11 | +#include <netinet/in.h> | |
12 | +#include <arpa/inet.h> | |
13 | +#include <unistd.h> | |
14 | +#include <gnutls/gnutls.h> | |
15 | + | |
16 | +/* A very basic TLS client, with anonymous authentication. | |
17 | + */ | |
18 | + | |
19 | +#define MAX_BUF 1024 | |
20 | +#define SA struct sockaddr | |
21 | +#define MSG "GET / HTTP/1.0\r\n\r\n" | |
22 | + | |
23 | +/* Connects to the peer and returns a socket | |
24 | + * descriptor. | |
25 | + */ | |
26 | +int tcp_connect(void) | |
27 | +{ | |
28 | + const char *PORT = "5556"; | |
29 | + const char *SERVER = "127.0.0.1"; | |
30 | + int err, sd; | |
31 | + struct sockaddr_in sa; | |
32 | + | |
33 | + /* connects to server | |
34 | + */ | |
35 | + sd = socket(AF_INET, SOCK_STREAM, 0); | |
36 | + | |
37 | + memset(&sa, '\0', sizeof(sa)); | |
38 | + sa.sin_family = AF_INET; | |
39 | + sa.sin_port = htons(atoi(PORT)); | |
40 | + inet_pton(AF_INET, SERVER, &sa.sin_addr); | |
41 | + | |
42 | + err = connect(sd, (SA *) & sa, sizeof(sa)); | |
43 | + if (err < 0) { | |
44 | + fprintf(stderr, "Connect error\n"); | |
45 | + exit(1); | |
46 | + } | |
47 | + | |
48 | + return sd; | |
49 | +} | |
50 | + | |
51 | +/* closes the given socket descriptor. | |
52 | + */ | |
53 | +void tcp_close(int sd) | |
54 | +{ | |
55 | + shutdown(sd, SHUT_RDWR); /* no more receptions */ | |
56 | + close(sd); | |
57 | +} | |
58 | + | |
59 | +int main() | |
60 | +{ | |
61 | + int ret, sd, ii; | |
62 | + gnutls_session_t session; | |
63 | + char buffer[MAX_BUF + 1]; | |
64 | + gnutls_anon_client_credentials_t anoncred; | |
65 | + /* Need to enable anonymous KX specifically. */ | |
66 | + const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 }; | |
67 | + | |
68 | + gnutls_global_init(); | |
69 | + | |
70 | + gnutls_anon_allocate_client_credentials(&anoncred); | |
71 | + | |
72 | + /* Initialize TLS session | |
73 | + */ | |
74 | + gnutls_init(&session, GNUTLS_CLIENT); | |
75 | + | |
76 | + /* Use default priorities */ | |
77 | + gnutls_set_default_priority(session); | |
78 | + gnutls_kx_set_priority (session, kx_prio); | |
79 | + | |
80 | + /* put the anonymous credentials to the current session | |
81 | + */ | |
82 | + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); | |
83 | + | |
84 | + /* connect to the peer | |
85 | + */ | |
86 | + sd = tcp_connect(); | |
87 | + | |
88 | + gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd); | |
89 | + | |
90 | + /* Perform the TLS handshake | |
91 | + */ | |
92 | + ret = gnutls_handshake(session); | |
93 | + | |
94 | + if (ret < 0) { | |
95 | + fprintf(stderr, "*** Handshake failed\n"); | |
96 | + gnutls_perror(ret); | |
97 | + goto end; | |
98 | + } else { | |
99 | + printf("- Handshake was completed\n"); | |
100 | + } | |
101 | + | |
102 | + gnutls_record_send(session, MSG, strlen(MSG)); | |
103 | + | |
104 | + ret = gnutls_record_recv(session, buffer, MAX_BUF); | |
105 | + if (ret == 0) { | |
106 | + printf("- Peer has closed the TLS connection\n"); | |
107 | + goto end; | |
108 | + } else if (ret < 0) { | |
109 | + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); | |
110 | + goto end; | |
111 | + } | |
112 | + | |
113 | + printf("- Received %d bytes: ", ret); | |
114 | + for (ii = 0; ii < ret; ii++) { | |
115 | + fputc(buffer[ii], stdout); | |
116 | + } | |
117 | + fputs("\n", stdout); | |
118 | + | |
119 | + gnutls_bye(session, GNUTLS_SHUT_RDWR); | |
120 | + | |
121 | + end: | |
122 | + | |
123 | + tcp_close(sd); | |
124 | + | |
125 | + gnutls_deinit(session); | |
126 | + | |
127 | + gnutls_anon_free_client_credentials (anoncred); | |
128 | + | |
129 | + gnutls_global_deinit(); | |
130 | + | |
131 | + return 0; | |
132 | +} | |
133 | diff -Nur gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c gnutls-1.2.0/doc/examples/ex-rfc2818.c | |
134 | --- gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c 1970-01-01 01:00:00.000000000 +0100 | |
135 | +++ gnutls-1.2.0/doc/examples/ex-rfc2818.c 2005-02-28 19:46:21.822264808 +0100 | |
136 | @@ -0,0 +1,81 @@ | |
137 | +#include <gnutls/gnutls.h> | |
138 | +#include <gnutls/x509.h> | |
139 | + | |
140 | +/* This function will try to verify the peer's certificate, and | |
141 | + * also check if the hostname matches, and the activation, expiration dates. | |
142 | + */ | |
143 | +void verify_certificate( gnutls_session_t session, const char* hostname) | |
144 | +{ | |
145 | + unsigned int status; | |
146 | + const gnutls_datum_t* cert_list; | |
147 | + int cert_list_size, ret; | |
148 | + gnutls_x509_crt_t cert; | |
149 | + | |
150 | + | |
151 | + /* This verification function uses the trusted CAs in the credentials | |
152 | + * structure. So you must have installed one or more CA certificates. | |
153 | + */ | |
154 | + ret = gnutls_certificate_verify_peers2(session, &status); | |
155 | + | |
156 | + if (ret < 0) { | |
157 | + printf("Error\n"); | |
158 | + return; | |
159 | + } | |
160 | + | |
161 | + if (status & GNUTLS_CERT_INVALID) | |
162 | + printf("The certificate is not trusted.\n"); | |
163 | + | |
164 | + if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) | |
165 | + printf("The certificate hasn't got a known issuer.\n"); | |
166 | + | |
167 | + if (status & GNUTLS_CERT_REVOKED) | |
168 | + printf("The certificate has been revoked.\n"); | |
169 | + | |
170 | + | |
171 | + /* Up to here the process is the same for X.509 certificates and | |
172 | + * OpenPGP keys. From now on X.509 certificates are assumed. This can | |
173 | + * be easily extended to work with openpgp keys as well. | |
174 | + */ | |
175 | + if ( gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) | |
176 | + return; | |
177 | + | |
178 | + if ( gnutls_x509_crt_init( &cert) < 0) { | |
179 | + printf("error in initialization\n"); | |
180 | + return; | |
181 | + } | |
182 | + | |
183 | + cert_list = gnutls_certificate_get_peers( session, &cert_list_size); | |
184 | + if ( cert_list == NULL) { | |
185 | + printf("No certificate was found!\n"); | |
186 | + return; | |
187 | + } | |
188 | + | |
189 | + /* This is not a real world example, since we only check the first | |
190 | + * certificate in the given chain. | |
191 | + */ | |
192 | + if ( gnutls_x509_crt_import( cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0) { | |
193 | + printf("error parsing certificate\n"); | |
194 | + return; | |
195 | + } | |
196 | + | |
197 | + /* Beware here we do not check for errors. | |
198 | + */ | |
199 | + if ( gnutls_x509_crt_get_expiration( cert) < time(0)) { | |
200 | + printf("The certificate has expired\n"); | |
201 | + return; | |
202 | + } | |
203 | + | |
204 | + if ( gnutls_x509_crt_get_activation_time( cert) > time(0)) { | |
205 | + printf("The certificate is not yet activated\n"); | |
206 | + return; | |
207 | + } | |
208 | + | |
209 | + if ( !gnutls_x509_crt_check_hostname( cert, hostname)) { | |
210 | + printf("The certificate's owner does not match hostname '%s'\n", hostname); | |
211 | + return; | |
212 | + } | |
213 | + | |
214 | + gnutls_x509_crt_deinit( cert); | |
215 | + | |
216 | + return; | |
217 | +} | |
218 | diff -Nur gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c gnutls-1.2.0/doc/examples/ex-serv-anon.c | |
219 | --- gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c 1970-01-01 01:00:00.000000000 +0100 | |
220 | +++ gnutls-1.2.0/doc/examples/ex-serv-anon.c 2005-02-28 19:46:21.822264808 +0100 | |
221 | @@ -0,0 +1,162 @@ | |
222 | + | |
223 | +#include <stdio.h> | |
224 | +#include <stdlib.h> | |
225 | +#include <errno.h> | |
226 | +#include <sys/types.h> | |
227 | +#include <sys/socket.h> | |
228 | +#include <netinet/in.h> | |
229 | +#include <arpa/inet.h> | |
230 | +#include <string.h> | |
231 | +#include <unistd.h> | |
232 | +#include <gnutls/gnutls.h> | |
233 | + | |
234 | +/* This is a sample TLS 1.0 echo server, for anonymous authentication only. | |
235 | + */ | |
236 | + | |
237 | + | |
238 | +#define SA struct sockaddr | |
239 | +#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} | |
240 | +#define MAX_BUF 1024 | |
241 | +#define PORT 5556 /* listen to 5556 port */ | |
242 | +#define DH_BITS 1024 | |
243 | + | |
244 | +/* These are global */ | |
245 | +gnutls_anon_server_credentials_t anoncred; | |
246 | + | |
247 | +gnutls_session_t initialize_tls_session() | |
248 | +{ | |
249 | + gnutls_session_t session; | |
250 | + const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 }; | |
251 | + | |
252 | + gnutls_init(&session, GNUTLS_SERVER); | |
253 | + | |
254 | + /* avoid calling all the priority functions, since the defaults | |
255 | + * are adequate. | |
256 | + */ | |
257 | + gnutls_set_default_priority(session); | |
258 | + gnutls_kx_set_priority (session, kx_prio); | |
259 | + | |
260 | + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); | |
261 | + | |
262 | + gnutls_dh_set_prime_bits(session, DH_BITS); | |
263 | + | |
264 | + return session; | |
265 | +} | |
266 | + | |
267 | +static gnutls_dh_params_t dh_params; | |
268 | + | |
269 | +static int generate_dh_params(void) | |
270 | +{ | |
271 | + | |
272 | + /* Generate Diffie Hellman parameters - for use with DHE | |
273 | + * kx algorithms. These should be discarded and regenerated | |
274 | + * once a day, once a week or once a month. Depending on the | |
275 | + * security requirements. | |
276 | + */ | |
277 | + gnutls_dh_params_init(&dh_params); | |
278 | + gnutls_dh_params_generate2(dh_params, DH_BITS); | |
279 | + | |
280 | + return 0; | |
281 | +} | |
282 | + | |
283 | +int main() | |
284 | +{ | |
285 | + int err, listen_sd, i; | |
286 | + int sd, ret; | |
287 | + struct sockaddr_in sa_serv; | |
288 | + struct sockaddr_in sa_cli; | |
289 | + int client_len; | |
290 | + char topbuf[512]; | |
291 | + gnutls_session_t session; | |
292 | + char buffer[MAX_BUF + 1]; | |
293 | + int optval = 1; | |
294 | + | |
295 | + /* this must be called once in the program | |
296 | + */ | |
297 | + gnutls_global_init(); | |
298 | + | |
299 | + gnutls_anon_allocate_server_credentials (&anoncred); | |
300 | + | |
301 | + generate_dh_params(); | |
302 | + | |
303 | + gnutls_anon_set_server_dh_params (anoncred, dh_params); | |
304 | + | |
305 | + /* Socket operations | |
306 | + */ | |
307 | + listen_sd = socket(AF_INET, SOCK_STREAM, 0); | |
308 | + SOCKET_ERR(listen_sd, "socket"); | |
309 | + | |
310 | + memset(&sa_serv, '\0', sizeof(sa_serv)); | |
311 | + sa_serv.sin_family = AF_INET; | |
312 | + sa_serv.sin_addr.s_addr = INADDR_ANY; | |
313 | + sa_serv.sin_port = htons(PORT); /* Server Port number */ | |
314 | + | |
315 | + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(int)); | |
316 | + | |
317 | + err = bind(listen_sd, (SA *) & sa_serv, sizeof(sa_serv)); | |
318 | + SOCKET_ERR(err, "bind"); | |
319 | + err = listen(listen_sd, 1024); | |
320 | + SOCKET_ERR(err, "listen"); | |
321 | + | |
322 | + printf("Server ready. Listening to port '%d'.\n\n", PORT); | |
323 | + | |
324 | + client_len = sizeof(sa_cli); | |
325 | + for (;;) { | |
326 | + session = initialize_tls_session(); | |
327 | + | |
328 | + sd = accept(listen_sd, (SA *) & sa_cli, &client_len); | |
329 | + | |
330 | + printf("- connection from %s, port %d\n", | |
331 | + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, | |
332 | + sizeof(topbuf)), ntohs(sa_cli.sin_port)); | |
333 | + | |
334 | + gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd); | |
335 | + ret = gnutls_handshake(session); | |
336 | + if (ret < 0) { | |
337 | + close(sd); | |
338 | + gnutls_deinit(session); | |
339 | + fprintf(stderr, "*** Handshake has failed (%s)\n\n", | |
340 | + gnutls_strerror(ret)); | |
341 | + continue; | |
342 | + } | |
343 | + printf("- Handshake was completed\n"); | |
344 | + | |
345 | + /* see the Getting peer's information example */ | |
346 | + /* print_info(session); */ | |
347 | + | |
348 | + i = 0; | |
349 | + for (;;) { | |
350 | + bzero(buffer, MAX_BUF + 1); | |
351 | + ret = gnutls_record_recv(session, buffer, MAX_BUF); | |
352 | + | |
353 | + if (ret == 0) { | |
354 | + printf("\n- Peer has closed the GNUTLS connection\n"); | |
355 | + break; | |
356 | + } else if (ret < 0) { | |
357 | + fprintf(stderr, "\n*** Received corrupted " | |
358 | + "data(%d). Closing the connection.\n\n", ret); | |
359 | + break; | |
360 | + } else if (ret > 0) { | |
361 | + /* echo data back to the client | |
362 | + */ | |
363 | + gnutls_record_send(session, buffer, strlen(buffer)); | |
364 | + } | |
365 | + } | |
366 | + printf("\n"); | |
367 | + /* do not wait for the peer to close the connection. | |
368 | + */ | |
369 | + gnutls_bye(session, GNUTLS_SHUT_WR); | |
370 | + | |
371 | + close(sd); | |
372 | + gnutls_deinit(session); | |
373 | + | |
374 | + } | |
375 | + close(listen_sd); | |
376 | + | |
377 | + gnutls_anon_free_client_credentials (anoncred); | |
378 | + | |
379 | + gnutls_global_deinit(); | |
380 | + | |
381 | + return 0; | |
382 | + | |
383 | +} |