1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
\begin{verbatim}
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <gnutls/gnutls.h>
#define MAX_BUF 1024
#define CRLFILE "crl.pem"
#define CAFILE "ca.pem"
#define SA struct sockaddr
#define MSG "GET / HTTP/1.0\r\n\r\n"
int main()
{
const char *PORT = "443";
const char *SERVER = "127.0.0.1";
int err, ret;
int sd, ii, alert;
struct sockaddr_in sa;
gnutls_session session;
char buffer[MAX_BUF + 1];
gnutls_certificate_credentials xcred;
/* variables used in session resuming */
int t;
char *session_data;
int session_data_size;
gnutls_global_init();
/* X509 stuff */
gnutls_certificate_allocate_credentials(&xcred);
gnutls_certificate_set_x509_trust_file(xcred, CAFILE, GNUTLS_X509_FMT_PEM);
for (t = 0; t < 2; t++) { /* connect 2 times to the server */
sd = socket(AF_INET, SOCK_STREAM, 0);
memset(&sa, '\0', sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_port = htons(atoi(PORT));
inet_pton(AF_INET, SERVER, &sa.sin_addr);
err = connect(sd, (SA *) & sa, sizeof(sa));
if (err < 0) {
fprintf(stderr, "Connect error");
exit(1);
}
gnutls_init(&session, GNUTLS_CLIENT);
gnutls_set_default_priority(session);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
if (t > 0) { /* if this is not the first time we connect */
gnutls_session_set_data(session, session_data, session_data_size);
free(session_data);
}
gnutls_transport_set_ptr( session, sd);
/* Perform the TLS handshake
*/
ret = gnutls_handshake( session);
if (ret < 0) {
fprintf(stderr, "*** Handshake failed\n");
gnutls_perror(ret);
goto end;
} else {
printf("- Handshake was completed\n");
}
if (t == 0) { /* the first time we connect */
/* get the session data size */
gnutls_session_get_data(session, NULL, &session_data_size);
session_data = malloc(session_data_size);
/* put session data to the session variable */
gnutls_session_get_data(session, session_data, &session_data_size);
} else { /* the second time we connect */
/* check if we actually resumed the previous session */
if (gnutls_session_is_resumed( session) != 0) {
printf("- Previous session was resumed\n");
} else {
fprintf(stderr, "*** Previous session was NOT resumed\n");
}
}
/* This function was defined in a previous example
*/
/* print_info(session); */
gnutls_record_send( session, MSG, strlen(MSG));
ret = gnutls_record_recv( session, buffer, MAX_BUF);
if (ret == 0) {
printf("- Peer has closed the TLS connection\n");
goto end;
} else if (ret < 0) {
fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
goto end;
} else if (ret > 0) {
printf("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++) {
fputc(buffer[ii], stdout);
}
fputs("\n", stdout);
}
gnutls_bye( session, GNUTLS_SHUT_RDWR);
end:
shutdown(sd, SHUT_RDWR); /* no more receptions */
close(sd);
gnutls_deinit(session);
} /* for() */
gnutls_certificate_free_credentials(xcred);
gnutls_global_deinit();
return 0;
}
\end{verbatim}
|
