diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-04-27 07:50:20 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-04-27 07:50:20 +0200 |
| commit | 26272f5a78fb001717dcb7a37242020cd81d6ced (patch) | |
| tree | d52324f46bd1ead24139aec11ea5e4fcfef91040 /doc/examples | |
| parent | 508dc44186e568c41b795ce927694616dc356c8a (diff) | |
| download | gnutls-26272f5a78fb001717dcb7a37242020cd81d6ced.tar.gz | |
examples: introduced basic error checking in main client examples
Diffstat (limited to 'doc/examples')
| -rw-r--r-- | doc/examples/ex-client-x509-3.1.c | 46 | ||||
| -rw-r--r-- | doc/examples/ex-client-x509.c | 37 |
2 files changed, 36 insertions, 47 deletions
diff --git a/doc/examples/ex-client-x509-3.1.c b/doc/examples/ex-client-x509-3.1.c index c60d1d4689..a6cc5241c0 100644 --- a/doc/examples/ex-client-x509-3.1.c +++ b/doc/examples/ex-client-x509-3.1.c @@ -7,15 +7,18 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <assert.h> #include <gnutls/gnutls.h> #include <gnutls/x509.h> #include "examples.h" /* A very basic TLS client, with X.509 authentication and server certificate - * verification. Note that error checking for missing files etc. is omitted - * for simplicity. + * verification utilizing the GnuTLS 3.1.x API. + * Note that error recovery is minimal for simplicity. */ +#define CHECK(x) assert((x)>=0) + #define MAX_BUF 1024 #define CAFILE "/etc/ssl/certs/ca-certificates.crt" #define MSG "GET / HTTP/1.0\r\n\r\n" @@ -29,7 +32,6 @@ int main(void) int ret, sd, ii; gnutls_session_t session; char buffer[MAX_BUF + 1]; - const char *err; gnutls_certificate_credentials_t xcred; if (gnutls_check_version("3.1.4") == NULL) { @@ -37,16 +39,15 @@ int main(void) exit(1); } - /* for backwards compatibility with gnutls < 3.3.0 */ - gnutls_global_init(); + CHECK(gnutls_global_init()); /* X509 stuff */ - gnutls_certificate_allocate_credentials(&xcred); + CHECK(gnutls_certificate_allocate_credentials(&xcred)); /* sets the trusted cas file */ - gnutls_certificate_set_x509_trust_file(xcred, CAFILE, - GNUTLS_X509_FMT_PEM); + CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM)); gnutls_certificate_set_verify_function(xcred, _verify_certificate_callback); @@ -59,7 +60,7 @@ int main(void) /* Initialize TLS session */ - gnutls_init(&session, GNUTLS_CLIENT); + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); gnutls_session_set_ptr(session, (void *) "my_host_name"); @@ -67,7 +68,7 @@ int main(void) strlen("my_host_name")); /* use default priorities */ - gnutls_set_default_priority(session); + CHECK(gnutls_set_default_priority(session)); #if 0 /* if more fine-graned control is required */ ret = gnutls_priority_set_direct(session, @@ -82,7 +83,7 @@ int main(void) /* put the x509 credentials to the current session */ - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); /* connect to the peer */ @@ -111,7 +112,7 @@ int main(void) gnutls_free(desc); } - gnutls_record_send(session, MSG, strlen(MSG)); + CHECK(gnutls_record_send(session, MSG, strlen(MSG))); ret = gnutls_record_recv(session, buffer, MAX_BUF); if (ret == 0) { @@ -132,7 +133,7 @@ int main(void) fputs("\n", stdout); } - gnutls_bye(session, GNUTLS_SHUT_RDWR); + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); end: @@ -153,7 +154,7 @@ int main(void) static int _verify_certificate_callback(gnutls_session_t session) { unsigned int status; - int ret, type; + int type; const char *hostname; gnutls_datum_t out; @@ -164,22 +165,13 @@ static int _verify_certificate_callback(gnutls_session_t session) * structure. So you must have installed one or more CA certificates. */ - ret = gnutls_certificate_verify_peers3(session, hostname, - &status); - if (ret < 0) { - printf("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } + CHECK(gnutls_certificate_verify_peers3(session, hostname, + &status)); type = gnutls_certificate_type_get(session); - ret = - gnutls_certificate_verification_status_print(status, type, - &out, 0); - if (ret < 0) { - printf("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } + CHECK(gnutls_certificate_verification_status_print(status, type, + &out, 0)); printf("%s", out.data); diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c index 2fe4774101..cbc4afaad7 100644 --- a/doc/examples/ex-client-x509.c +++ b/doc/examples/ex-client-x509.c @@ -7,15 +7,17 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <assert.h> #include <gnutls/gnutls.h> #include <gnutls/x509.h> #include "examples.h" /* A very basic TLS client, with X.509 authentication and server certificate - * verification. Note that error checking for missing files etc. is omitted - * for simplicity. + * verification. Note that error recovery is minimal for simplicity. */ +#define CHECK(x) assert((x)>=0) + #define MAX_BUF 1024 #define CAFILE "/etc/ssl/certs/ca-certificates.crt" #define MSG "GET / HTTP/1.0\r\n\r\n" @@ -42,15 +44,15 @@ int main(void) } /* for backwards compatibility with gnutls < 3.3.0 */ - gnutls_global_init(); + CHECK(gnutls_global_init()); /* X509 stuff */ - gnutls_certificate_allocate_credentials(&xcred); + CHECK(gnutls_certificate_allocate_credentials(&xcred)); /* sets the trusted cas file */ - gnutls_certificate_set_x509_trust_file(xcred, CAFILE, - GNUTLS_X509_FMT_PEM); + CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM)); /* If client holds a certificate it can be set using the following: * @@ -61,15 +63,15 @@ int main(void) /* Initialize TLS session */ - gnutls_init(&session, GNUTLS_CLIENT); + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); gnutls_session_set_ptr(session, (void *) "my_host_name"); - gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name", - strlen("my_host_name")); + CHECK(gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name", + strlen("my_host_name"))); /* It is recommended to use the default priorities */ - gnutls_set_default_priority(session); + CHECK(gnutls_set_default_priority(session)); #if 0 /* if more fine-graned control is required */ ret = gnutls_priority_set_direct(session, @@ -84,7 +86,7 @@ int main(void) /* put the x509 credentials to the current session */ - gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); gnutls_session_set_verify_cert(session, "my_host_name", 0); /* connect to the peer @@ -116,19 +118,14 @@ int main(void) /* check certificate verification status */ type = gnutls_certificate_type_get(session); status = gnutls_session_get_verify_cert_status(session); - ret = - gnutls_certificate_verification_status_print(status, type, - &out, 0); - if (ret < 0) { - printf("Error\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } + CHECK(gnutls_certificate_verification_status_print(status, type, + &out, 0)); printf("%s", out.data); gnutls_free(out.data); /* send data */ - gnutls_record_send(session, MSG, strlen(MSG)); + CHECK(gnutls_record_send(session, MSG, strlen(MSG))); ret = gnutls_record_recv(session, buffer, MAX_BUF); if (ret == 0) { @@ -149,7 +146,7 @@ int main(void) fputs("\n", stdout); } - gnutls_bye(session, GNUTLS_SHUT_RDWR); + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); end: |