1 diff -Nur gnutls-1.2.0/doc/examples.orig/ex-client1.c gnutls-1.2.0/doc/examples/ex-client1.c
2 --- gnutls-1.2.0/doc/examples.orig/ex-client1.c 1970-01-01 01:00:00.000000000 +0100
3 +++ gnutls-1.2.0/doc/examples/ex-client1.c 2005-02-28 19:46:21.821264960 +0100
9 +#include <sys/types.h>
10 +#include <sys/socket.h>
11 +#include <netinet/in.h>
12 +#include <arpa/inet.h>
14 +#include <gnutls/gnutls.h>
16 +/* A very basic TLS client, with anonymous authentication.
20 +#define SA struct sockaddr
21 +#define MSG "GET / HTTP/1.0\r\n\r\n"
23 +/* Connects to the peer and returns a socket
26 +int tcp_connect(void)
28 + const char *PORT = "5556";
29 + const char *SERVER = "127.0.0.1";
31 + struct sockaddr_in sa;
33 + /* connects to server
35 + sd = socket(AF_INET, SOCK_STREAM, 0);
37 + memset(&sa, '\0', sizeof(sa));
38 + sa.sin_family = AF_INET;
39 + sa.sin_port = htons(atoi(PORT));
40 + inet_pton(AF_INET, SERVER, &sa.sin_addr);
42 + err = connect(sd, (SA *) & sa, sizeof(sa));
44 + fprintf(stderr, "Connect error\n");
51 +/* closes the given socket descriptor.
53 +void tcp_close(int sd)
55 + shutdown(sd, SHUT_RDWR); /* no more receptions */
62 + gnutls_session_t session;
63 + char buffer[MAX_BUF + 1];
64 + gnutls_anon_client_credentials_t anoncred;
65 + /* Need to enable anonymous KX specifically. */
66 + const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
68 + gnutls_global_init();
70 + gnutls_anon_allocate_client_credentials(&anoncred);
72 + /* Initialize TLS session
74 + gnutls_init(&session, GNUTLS_CLIENT);
76 + /* Use default priorities */
77 + gnutls_set_default_priority(session);
78 + gnutls_kx_set_priority (session, kx_prio);
80 + /* put the anonymous credentials to the current session
82 + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
84 + /* connect to the peer
88 + gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd);
90 + /* Perform the TLS handshake
92 + ret = gnutls_handshake(session);
95 + fprintf(stderr, "*** Handshake failed\n");
99 + printf("- Handshake was completed\n");
102 + gnutls_record_send(session, MSG, strlen(MSG));
104 + ret = gnutls_record_recv(session, buffer, MAX_BUF);
106 + printf("- Peer has closed the TLS connection\n");
108 + } else if (ret < 0) {
109 + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
113 + printf("- Received %d bytes: ", ret);
114 + for (ii = 0; ii < ret; ii++) {
115 + fputc(buffer[ii], stdout);
117 + fputs("\n", stdout);
119 + gnutls_bye(session, GNUTLS_SHUT_RDWR);
125 + gnutls_deinit(session);
127 + gnutls_anon_free_client_credentials (anoncred);
129 + gnutls_global_deinit();
133 diff -Nur gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c gnutls-1.2.0/doc/examples/ex-rfc2818.c
134 --- gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c 1970-01-01 01:00:00.000000000 +0100
135 +++ gnutls-1.2.0/doc/examples/ex-rfc2818.c 2005-02-28 19:46:21.822264808 +0100
137 +#include <gnutls/gnutls.h>
138 +#include <gnutls/x509.h>
140 +/* This function will try to verify the peer's certificate, and
141 + * also check if the hostname matches, and the activation, expiration dates.
143 +void verify_certificate( gnutls_session_t session, const char* hostname)
145 + unsigned int status;
146 + const gnutls_datum_t* cert_list;
147 + int cert_list_size, ret;
148 + gnutls_x509_crt_t cert;
151 + /* This verification function uses the trusted CAs in the credentials
152 + * structure. So you must have installed one or more CA certificates.
154 + ret = gnutls_certificate_verify_peers2(session, &status);
161 + if (status & GNUTLS_CERT_INVALID)
162 + printf("The certificate is not trusted.\n");
164 + if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
165 + printf("The certificate hasn't got a known issuer.\n");
167 + if (status & GNUTLS_CERT_REVOKED)
168 + printf("The certificate has been revoked.\n");
171 + /* Up to here the process is the same for X.509 certificates and
172 + * OpenPGP keys. From now on X.509 certificates are assumed. This can
173 + * be easily extended to work with openpgp keys as well.
175 + if ( gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
178 + if ( gnutls_x509_crt_init( &cert) < 0) {
179 + printf("error in initialization\n");
183 + cert_list = gnutls_certificate_get_peers( session, &cert_list_size);
184 + if ( cert_list == NULL) {
185 + printf("No certificate was found!\n");
189 + /* This is not a real world example, since we only check the first
190 + * certificate in the given chain.
192 + if ( gnutls_x509_crt_import( cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0) {
193 + printf("error parsing certificate\n");
197 + /* Beware here we do not check for errors.
199 + if ( gnutls_x509_crt_get_expiration( cert) < time(0)) {
200 + printf("The certificate has expired\n");
204 + if ( gnutls_x509_crt_get_activation_time( cert) > time(0)) {
205 + printf("The certificate is not yet activated\n");
209 + if ( !gnutls_x509_crt_check_hostname( cert, hostname)) {
210 + printf("The certificate's owner does not match hostname '%s'\n", hostname);
214 + gnutls_x509_crt_deinit( cert);
218 diff -Nur gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c gnutls-1.2.0/doc/examples/ex-serv-anon.c
219 --- gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c 1970-01-01 01:00:00.000000000 +0100
220 +++ gnutls-1.2.0/doc/examples/ex-serv-anon.c 2005-02-28 19:46:21.822264808 +0100
226 +#include <sys/types.h>
227 +#include <sys/socket.h>
228 +#include <netinet/in.h>
229 +#include <arpa/inet.h>
232 +#include <gnutls/gnutls.h>
234 +/* This is a sample TLS 1.0 echo server, for anonymous authentication only.
238 +#define SA struct sockaddr
239 +#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
240 +#define MAX_BUF 1024
241 +#define PORT 5556 /* listen to 5556 port */
242 +#define DH_BITS 1024
244 +/* These are global */
245 +gnutls_anon_server_credentials_t anoncred;
247 +gnutls_session_t initialize_tls_session()
249 + gnutls_session_t session;
250 + const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
252 + gnutls_init(&session, GNUTLS_SERVER);
254 + /* avoid calling all the priority functions, since the defaults
257 + gnutls_set_default_priority(session);
258 + gnutls_kx_set_priority (session, kx_prio);
260 + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
262 + gnutls_dh_set_prime_bits(session, DH_BITS);
267 +static gnutls_dh_params_t dh_params;
269 +static int generate_dh_params(void)
272 + /* Generate Diffie Hellman parameters - for use with DHE
273 + * kx algorithms. These should be discarded and regenerated
274 + * once a day, once a week or once a month. Depending on the
275 + * security requirements.
277 + gnutls_dh_params_init(&dh_params);
278 + gnutls_dh_params_generate2(dh_params, DH_BITS);
285 + int err, listen_sd, i;
287 + struct sockaddr_in sa_serv;
288 + struct sockaddr_in sa_cli;
291 + gnutls_session_t session;
292 + char buffer[MAX_BUF + 1];
295 + /* this must be called once in the program
297 + gnutls_global_init();
299 + gnutls_anon_allocate_server_credentials (&anoncred);
301 + generate_dh_params();
303 + gnutls_anon_set_server_dh_params (anoncred, dh_params);
305 + /* Socket operations
307 + listen_sd = socket(AF_INET, SOCK_STREAM, 0);
308 + SOCKET_ERR(listen_sd, "socket");
310 + memset(&sa_serv, '\0', sizeof(sa_serv));
311 + sa_serv.sin_family = AF_INET;
312 + sa_serv.sin_addr.s_addr = INADDR_ANY;
313 + sa_serv.sin_port = htons(PORT); /* Server Port number */
315 + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(int));
317 + err = bind(listen_sd, (SA *) & sa_serv, sizeof(sa_serv));
318 + SOCKET_ERR(err, "bind");
319 + err = listen(listen_sd, 1024);
320 + SOCKET_ERR(err, "listen");
322 + printf("Server ready. Listening to port '%d'.\n\n", PORT);
324 + client_len = sizeof(sa_cli);
326 + session = initialize_tls_session();
328 + sd = accept(listen_sd, (SA *) & sa_cli, &client_len);
330 + printf("- connection from %s, port %d\n",
331 + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
332 + sizeof(topbuf)), ntohs(sa_cli.sin_port));
334 + gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd);
335 + ret = gnutls_handshake(session);
338 + gnutls_deinit(session);
339 + fprintf(stderr, "*** Handshake has failed (%s)\n\n",
340 + gnutls_strerror(ret));
343 + printf("- Handshake was completed\n");
345 + /* see the Getting peer's information example */
346 + /* print_info(session); */
350 + bzero(buffer, MAX_BUF + 1);
351 + ret = gnutls_record_recv(session, buffer, MAX_BUF);
354 + printf("\n- Peer has closed the GNUTLS connection\n");
356 + } else if (ret < 0) {
357 + fprintf(stderr, "\n*** Received corrupted "
358 + "data(%d). Closing the connection.\n\n", ret);
360 + } else if (ret > 0) {
361 + /* echo data back to the client
363 + gnutls_record_send(session, buffer, strlen(buffer));
367 + /* do not wait for the peer to close the connection.
369 + gnutls_bye(session, GNUTLS_SHUT_WR);
372 + gnutls_deinit(session);
377 + gnutls_anon_free_client_credentials (anoncred);
379 + gnutls_global_deinit();