diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-04 14:51:08 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-06 13:38:10 +0200 |
commit | 9f9b69de66ecbe56e61fd3fca6487f3721864a32 (patch) | |
tree | 15ab5448dbd95d57b5f6d385943a09c48f9875e6 /doc/examples | |
parent | 77bdacf5c843bdb472a35ddc8e26225d5d803f04 (diff) | |
download | gnutls-9f9b69de66ecbe56e61fd3fca6487f3721864a32.tar.gz |
doc: re-organized and modernized examples
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'doc/examples')
-rw-r--r-- | doc/examples/ex-client-resume.c | 67 | ||||
-rw-r--r-- | doc/examples/ex-session-info.c | 77 |
2 files changed, 57 insertions, 87 deletions
diff --git a/doc/examples/ex-client-resume.c b/doc/examples/ex-client-resume.c index 218cc4447a..cf67bfcf1b 100644 --- a/doc/examples/ex-client-resume.c +++ b/doc/examples/ex-client-resume.c @@ -7,16 +7,22 @@ #include <string.h> #include <stdio.h> #include <stdlib.h> +#include <assert.h> #include <gnutls/gnutls.h> -/* Those functions are defined in other examples. - */ extern void check_alert(gnutls_session_t session, int ret); extern int tcp_connect(void); extern void tcp_close(int sd); +/* A very basic TLS client, with X.509 authentication and server certificate + * verification as well as session resumption. + * + * Note that error recovery is minimal for simplicity. + */ + +#define CHECK(x) assert((x)>=0) + #define MAX_BUF 1024 -#define CAFILE "/etc/ssl/certs/ca-certificates.crt" #define MSG "GET / HTTP/1.0\r\n\r\n" int main(void) @@ -30,41 +36,41 @@ int main(void) /* variables used in session resuming */ int t; - char *session_data = NULL; - size_t session_data_size = 0; - - gnutls_global_init(); + gnutls_datum_t sdata; - /* X509 stuff */ - gnutls_certificate_allocate_credentials(&xcred); + /* for backwards compatibility with gnutls < 3.3.0 */ + CHECK(gnutls_global_init()); - gnutls_certificate_set_x509_trust_file(xcred, CAFILE, - GNUTLS_X509_FMT_PEM); + CHECK(gnutls_certificate_allocate_credentials(&xcred)); + CHECK(gnutls_certificate_set_x509_system_trust(xcred)); for (t = 0; t < 2; t++) { /* connect 2 times to the server */ sd = tcp_connect(); - gnutls_init(&session, GNUTLS_CLIENT); + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); - gnutls_priority_set_direct(session, - "PERFORMANCE:!ARCFOUR-128", - NULL); + CHECK(gnutls_server_name_set(session, GNUTLS_NAME_DNS, + "my_host_name", + strlen("my_host_name"))); + gnutls_session_set_verify_cert(session, "my_host_name", 0); + + CHECK(gnutls_set_default_priority(session)); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); if (t > 0) { /* if this is not the first time we connect */ - gnutls_session_set_data(session, session_data, - session_data_size); - free(session_data); + CHECK(gnutls_session_set_data(session, sdata.data, + sdata.size)); + gnutls_free(sdata.data); } - gnutls_transport_set_int(session, sd); - gnutls_handshake_set_timeout(session, - GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); - /* Perform the TLS handshake */ do { @@ -81,16 +87,9 @@ int main(void) } if (t == 0) { /* the first time we connect */ - /* get the session data size */ - gnutls_session_get_data(session, NULL, - &session_data_size); - session_data = malloc(session_data_size); - - /* put session data to the session variable */ - gnutls_session_get_data(session, session_data, - &session_data_size); - - } else { /* the second time we connect */ + /* get the session data */ + CHECK(gnutls_session_get_data2(session, &sdata)); + } else { /* the second time we connect */ /* check if we actually resumed the previous session */ if (gnutls_session_is_resumed(session) != 0) { @@ -101,10 +100,6 @@ int main(void) } } - /* This function was defined in a previous example - */ - /* print_info(session); */ - gnutls_record_send(session, MSG, strlen(MSG)); ret = gnutls_record_recv(session, buffer, MAX_BUF); diff --git a/doc/examples/ex-session-info.c b/doc/examples/ex-session-info.c index 7838e43105..6cbf1905bf 100644 --- a/doc/examples/ex-session-info.c +++ b/doc/examples/ex-session-info.c @@ -16,29 +16,27 @@ */ int print_info(gnutls_session_t session) { - const char *tmp; gnutls_credentials_type_t cred; gnutls_kx_algorithm_t kx; - int dhe, ecdh; + int dhe, ecdh, group; + char *desc; + + /* get a description of the session connection, protocol, + * cipher/key exchange */ + desc = gnutls_session_get_desc(session); + if (desc != NULL) { + printf("- Session: %s\n", desc); + } dhe = ecdh = 0; - /* print the key exchange's algorithm name - */ kx = gnutls_kx_get(session); - tmp = gnutls_kx_get_name(kx); - printf("- Key Exchange: %s\n", tmp); /* Check the authentication type used and switch * to the appropriate. */ cred = gnutls_auth_get_type(session); switch (cred) { - case GNUTLS_CRD_IA: - printf("- TLS/IA session\n"); - break; - - #ifdef ENABLE_SRP case GNUTLS_CRD_SRP: printf("- SRP session with username %s\n", @@ -87,48 +85,25 @@ int print_info(gnutls_session_t session) * print some information about it. */ print_x509_certificate_info(session); - + break; + default: + break; } /* switch */ - if (ecdh != 0) - printf("- Ephemeral ECDH using curve %s\n", - gnutls_ecc_curve_get_name(gnutls_ecc_curve_get - (session))); - else if (dhe != 0) - printf("- Ephemeral DH using prime of %d bits\n", - gnutls_dh_get_prime_bits(session)); - - /* print the protocol's name (ie TLS 1.0) - */ - tmp = - gnutls_protocol_get_name(gnutls_protocol_get_version(session)); - printf("- Protocol: %s\n", tmp); - - /* print the certificate type of the peer. - * ie X.509 - */ - tmp = - gnutls_certificate_type_get_name(gnutls_certificate_type_get - (session)); - - printf("- Certificate Type: %s\n", tmp); - - /* print the compression algorithm (if any) - */ - tmp = gnutls_compression_get_name(gnutls_compression_get(session)); - printf("- Compression: %s\n", tmp); - - /* print the name of the cipher used. - * ie 3DES. - */ - tmp = gnutls_cipher_get_name(gnutls_cipher_get(session)); - printf("- Cipher: %s\n", tmp); - - /* Print the MAC algorithms name. - * ie SHA1 - */ - tmp = gnutls_mac_get_name(gnutls_mac_get(session)); - printf("- MAC: %s\n", tmp); + /* read the negotiated group - if any */ + group = gnutls_group_get(session); + if (group != 0) { + printf("- Negotiated group %s\n", + gnutls_group_get_name(group)); + } else { + if (ecdh != 0) + printf("- Ephemeral ECDH using curve %s\n", + gnutls_ecc_curve_get_name(gnutls_ecc_curve_get + (session))); + else if (dhe != 0) + printf("- Ephemeral DH using prime of %d bits\n", + gnutls_dh_get_prime_bits(session)); + } return 0; } |