diff options
Diffstat (limited to 'doc/examples/ex-client-x509-3.1.c')
-rw-r--r-- | doc/examples/ex-client-x509-3.1.c | 236 |
1 files changed, 117 insertions, 119 deletions
diff --git a/doc/examples/ex-client-x509-3.1.c b/doc/examples/ex-client-x509-3.1.c index bd7fd2fcb6..891efb9c54 100644 --- a/doc/examples/ex-client-x509-3.1.c +++ b/doc/examples/ex-client-x509-3.1.c @@ -1,7 +1,7 @@ /* This example code is placed in the public domain. */ #ifdef HAVE_CONFIG_H -#include <config.h> +# include <config.h> #endif #include <stdio.h> @@ -34,123 +34,122 @@ static int _verify_certificate_callback(gnutls_session_t session); int main(void) { - int ret, sd, ii; - gnutls_session_t session; - char buffer[MAX_BUF + 1]; - gnutls_certificate_credentials_t xcred; - - if (gnutls_check_version("3.1.4") == NULL) { - fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); - exit(1); - } - - CHECK(gnutls_global_init()); - - /* X509 stuff */ - CHECK(gnutls_certificate_allocate_credentials(&xcred)); - - /* sets the trusted cas file - */ - CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE, - GNUTLS_X509_FMT_PEM)); - gnutls_certificate_set_verify_function(xcred, - _verify_certificate_callback); - - /* If client holds a certificate it can be set using the following: - * - gnutls_certificate_set_x509_key_file (xcred, - "cert.pem", "key.pem", - GNUTLS_X509_FMT_PEM); - */ - - /* Initialize TLS session - */ - CHECK(gnutls_init(&session, GNUTLS_CLIENT)); - - gnutls_session_set_ptr(session, (void *) "www.example.com"); - - gnutls_server_name_set(session, GNUTLS_NAME_DNS, "www.example.com", - strlen("www.example.com")); - - /* use default priorities */ - CHECK(gnutls_set_default_priority(session)); + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + + if (gnutls_check_version("3.1.4") == NULL) { + fprintf(stderr, + "GnuTLS 3.1.4 or later is required for this example\n"); + exit(1); + } + + CHECK(gnutls_global_init()); + + /* X509 stuff */ + CHECK(gnutls_certificate_allocate_credentials(&xcred)); + + /* sets the trusted cas file + */ + CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM)); + gnutls_certificate_set_verify_function(xcred, + _verify_certificate_callback); + + /* If client holds a certificate it can be set using the following: + * + gnutls_certificate_set_x509_key_file (xcred, + "cert.pem", "key.pem", + GNUTLS_X509_FMT_PEM); + */ + + /* Initialize TLS session + */ + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); + + gnutls_session_set_ptr(session, (void *)"www.example.com"); + + gnutls_server_name_set(session, GNUTLS_NAME_DNS, "www.example.com", + strlen("www.example.com")); + + /* use default priorities */ + CHECK(gnutls_set_default_priority(session)); #if 0 /* if more fine-graned control is required */ - ret = gnutls_priority_set_direct(session, - "NORMAL", &err); - if (ret < 0) { - if (ret == GNUTLS_E_INVALID_REQUEST) { - fprintf(stderr, "Syntax error at: %s\n", err); - } - exit(1); - } + ret = gnutls_priority_set_direct(session, "NORMAL", &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) { + fprintf(stderr, "Syntax error at: %s\n", err); + } + exit(1); + } #endif - /* put the x509 credentials to the current session - */ - CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); + /* put the x509 credentials to the current session + */ + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); - /* connect to the peer - */ - sd = tcp_connect(); + /* connect to the peer + */ + sd = tcp_connect(); - gnutls_transport_set_int(session, sd); - gnutls_handshake_set_timeout(session, - GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); - /* Perform the TLS handshake - */ - do { - ret = gnutls_handshake(session); - } - while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); - if (ret < 0) { - fprintf(stderr, "*** Handshake failed\n"); - gnutls_perror(ret); - goto end; - } else { - char *desc; + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; - desc = gnutls_session_get_desc(session); - printf("- Session info: %s\n", desc); - gnutls_free(desc); - } + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } - LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG))); + LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG))); - LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); - if (ret == 0) { - printf("- Peer has closed the TLS connection\n"); - goto end; - } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { - fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); - } else if (ret < 0) { - fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); - goto end; - } + LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } - if (ret > 0) { - printf("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) { - fputc(buffer[ii], stdout); - } - fputs("\n", stdout); - } + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } - CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); - end: + end: - tcp_close(sd); + tcp_close(sd); - gnutls_deinit(session); + gnutls_deinit(session); - gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(xcred); - gnutls_global_deinit(); + gnutls_global_deinit(); - return 0; + return 0; } /* This function will verify the peer's certificate, and check @@ -158,33 +157,32 @@ int main(void) */ static int _verify_certificate_callback(gnutls_session_t session) { - unsigned int status; - int type; - const char *hostname; - gnutls_datum_t out; + unsigned int status; + int type; + const char *hostname; + gnutls_datum_t out; - /* read hostname */ - hostname = gnutls_session_get_ptr(session); + /* read hostname */ + hostname = gnutls_session_get_ptr(session); - /* This verification function uses the trusted CAs in the credentials - * structure. So you must have installed one or more CA certificates. - */ + /* This verification function uses the trusted CAs in the credentials + * structure. So you must have installed one or more CA certificates. + */ - CHECK(gnutls_certificate_verify_peers3(session, hostname, - &status)); + CHECK(gnutls_certificate_verify_peers3(session, hostname, &status)); - type = gnutls_certificate_type_get(session); + type = gnutls_certificate_type_get(session); - CHECK(gnutls_certificate_verification_status_print(status, type, - &out, 0)); + CHECK(gnutls_certificate_verification_status_print(status, type, + &out, 0)); - printf("%s", out.data); + printf("%s", out.data); - gnutls_free(out.data); + gnutls_free(out.data); - if (status != 0) /* Certificate is not trusted */ - return GNUTLS_E_CERTIFICATE_ERROR; + if (status != 0) /* Certificate is not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; - /* notify gnutls to continue handshake normally */ - return 0; + /* notify gnutls to continue handshake normally */ + return 0; } |