From 315e08b000a3644bb34f52b395ce73b39896e270 Mon Sep 17 00:00:00 2001 From: Alan Antonuk Date: Tue, 16 Feb 2016 23:08:44 -0800 Subject: Examples: add flags to enable verification. Add verifypeer flag to enable verification of broker's certificate, and verifyhostname flag to enable verification of broker's hostname. Fixes #194 --- examples/amqps_bind.c | 26 +++++++++++++++++++------- examples/amqps_consumer.c | 26 +++++++++++++++++++------- examples/amqps_exchange_declare.c | 27 ++++++++++++++++++++------- examples/amqps_listen.c | 27 ++++++++++++++++++++------- examples/amqps_listenq.c | 27 ++++++++++++++++++++------- examples/amqps_producer.c | 26 +++++++++++++++++++------- examples/amqps_sendstring.c | 27 ++++++++++++++++++++------- examples/amqps_unbind.c | 26 +++++++++++++++++++------- 8 files changed, 156 insertions(+), 56 deletions(-) (limited to 'examples') diff --git a/examples/amqps_bind.c b/examples/amqps_bind.c index 35c845f..c78e0b5 100644 --- a/examples/amqps_bind.c +++ b/examples/amqps_bind.c @@ -59,7 +59,7 @@ int main(int argc, char const *const *argv) if (argc < 6) { fprintf(stderr, "Usage: amqps_bind host port exchange bindingkey queue " - "[cacert.pem [key.pem cert.pem]]\n"); + "[cacert.pem [verifypeer] [verifyhostname] [key.pem cert.pem]]\n"); return 1; } @@ -76,17 +76,29 @@ int main(int argc, char const *const *argv) die("creating SSL/TLS socket"); } + amqp_ssl_socket_set_verify_peer(socket, 0); + amqp_ssl_socket_set_verify_hostname(socket, 0); + if (argc > 6) { + int nextarg = 7; status = amqp_ssl_socket_set_cacert(socket, argv[6]); if (status) { die("setting CA certificate"); } - } - - if (argc > 8) { - status = amqp_ssl_socket_set_key(socket, argv[8], argv[7]); - if (status) { - die("setting client cert"); + if (argc > nextarg && !strcmp("verifypeer", argv[nextarg])) { + amqp_ssl_socket_set_verify_peer(socket, 1); + nextarg++; + } + if (argc > nextarg && !strcmp("verifyhostname", argv[nextarg])) { + amqp_ssl_socket_set_verify_hostname(socket, 1); + nextarg++; + } + if (argc > nextarg + 1) { + status = + amqp_ssl_socket_set_key(socket, argv[nextarg + 1], argv[nextarg]); + if (status) { + die("setting client cert"); + } } } diff --git a/examples/amqps_consumer.c b/examples/amqps_consumer.c index affe0f6..9a2ba36 100644 --- a/examples/amqps_consumer.c +++ b/examples/amqps_consumer.c @@ -159,7 +159,7 @@ int main(int argc, char const *const *argv) if (argc < 3) { fprintf(stderr, "Usage: amqps_consumer host port " - "[cacert.pem [key.pem cert.pem]]\n"); + "[cacert.pem [verifypeer] [verifyhostname] [key.pem cert.pem]]\n"); return 1; } @@ -175,17 +175,29 @@ int main(int argc, char const *const *argv) die("creating SSL/TLS socket"); } + amqp_ssl_socket_set_verify_peer(socket, 0); + amqp_ssl_socket_set_verify_hostname(socket, 0); + if (argc > 3) { + int nextarg = 4; status = amqp_ssl_socket_set_cacert(socket, argv[3]); if (status) { die("setting CA certificate"); } - } - - if (argc > 5) { - status = amqp_ssl_socket_set_key(socket, argv[5], argv[4]); - if (status) { - die("setting client key"); + if (argc > nextarg && !strcmp("verifypeer", argv[nextarg])) { + amqp_ssl_socket_set_verify_peer(socket, 1); + nextarg++; + } + if (argc > nextarg && !strcmp("verifyhostname", argv[nextarg])) { + amqp_ssl_socket_set_verify_hostname(socket, 1); + nextarg++; + } + if (argc > nextarg + 1) { + status = + amqp_ssl_socket_set_key(socket, argv[nextarg + 1], argv[nextarg]); + if (status) { + die("setting client key"); + } } } diff --git a/examples/amqps_exchange_declare.c b/examples/amqps_exchange_declare.c index d53fa2e..d13c9c7 100644 --- a/examples/amqps_exchange_declare.c +++ b/examples/amqps_exchange_declare.c @@ -58,7 +58,8 @@ int main(int argc, char const *const *argv) if (argc < 5) { fprintf(stderr, "Usage: amqps_exchange_declare host port exchange " - "exchangetype [cacert.pem [key.pem cert.pem]]\n"); + "exchangetype [cacert.pem [verifypeer] [verifyhostname] " + "[key.pem cert.pem]]\n"); return 1; } @@ -74,17 +75,29 @@ int main(int argc, char const *const *argv) die("creating SSL/TLS socket"); } + amqp_ssl_socket_set_verify_peer(socket, 0); + amqp_ssl_socket_set_verify_hostname(socket, 0); + if (argc > 5) { + int nextarg = 6; status = amqp_ssl_socket_set_cacert(socket, argv[5]); if (status) { die("setting CA certificate"); } - } - - if (argc > 7) { - status = amqp_ssl_socket_set_key(socket, argv[7], argv[6]); - if (status) { - die("setting client key/cert"); + if (argc > nextarg && !strcmp("verifypeer", argv[nextarg])) { + amqp_ssl_socket_set_verify_peer(socket, 1); + nextarg++; + } + if (argc > nextarg && !strcmp("verifyhostname", argv[nextarg])) { + amqp_ssl_socket_set_verify_hostname(socket, 1); + nextarg++; + } + if (argc > nextarg + 1) { + status = + amqp_ssl_socket_set_key(socket, argv[nextarg + 1], argv[nextarg]); + if (status) { + die("setting client key/cert"); + } } } diff --git a/examples/amqps_listen.c b/examples/amqps_listen.c index fe1b86f..16f6825 100644 --- a/examples/amqps_listen.c +++ b/examples/amqps_listen.c @@ -62,7 +62,7 @@ int main(int argc, char const *const *argv) if (argc < 5) { fprintf(stderr, "Usage: amqps_listen host port exchange bindingkey " - "[cacert.pem [key.pem cert.pem]]\n"); + "[cacert.pem [verifypeer] [verifyhostname] [key.pem cert.pem]]\n"); return 1; } @@ -78,20 +78,33 @@ int main(int argc, char const *const *argv) die("creating SSL/TLS socket"); } + amqp_ssl_socket_set_verify_peer(socket, 0); + amqp_ssl_socket_set_verify_hostname(socket, 0); + if (argc > 5) { + int nextarg = 6; status = amqp_ssl_socket_set_cacert(socket, argv[5]); if (status) { die("setting CA certificate"); } - } - - if (argc > 7) { - status = amqp_ssl_socket_set_key(socket, argv[7], argv[6]); - if (status) { - die("setting client cert"); + if (argc > nextarg && !strcmp("verifypeer", argv[nextarg])) { + amqp_ssl_socket_set_verify_peer(socket, 1); + nextarg++; + } + if (argc > nextarg && !strcmp("verifyhostname", argv[nextarg])) { + amqp_ssl_socket_set_verify_hostname(socket, 1); + nextarg++; + } + if (argc > nextarg + 1) { + status = + amqp_ssl_socket_set_key(socket, argv[nextarg + 1], argv[nextarg]); + if (status) { + die("setting client cert"); + } } } + status = amqp_socket_open(socket, hostname, port); if (status) { die("opening SSL/TLS connection"); diff --git a/examples/amqps_listenq.c b/examples/amqps_listenq.c index b00b50e..7b26ce1 100644 --- a/examples/amqps_listenq.c +++ b/examples/amqps_listenq.c @@ -59,7 +59,7 @@ int main(int argc, char const *const *argv) if (argc < 4) { fprintf(stderr, "Usage: amqps_listenq host port queuename " - "[cacert.pem [key.pem cert.pem]]\n"); + "[cacert.pem [verifypeer] [verifyhostname] [key.pem cert.pem]]\n"); return 1; } @@ -74,20 +74,33 @@ int main(int argc, char const *const *argv) die("creating SSL/TLS socket"); } + amqp_ssl_socket_set_verify_peer(socket, 0); + amqp_ssl_socket_set_verify_hostname(socket, 0); + if (argc > 4) { + int nextarg = 5; status = amqp_ssl_socket_set_cacert(socket, argv[4]); if (status) { die("setting CA certificate"); } - } - - if (argc > 6) { - status = amqp_ssl_socket_set_key(socket, argv[6], argv[5]); - if (status) { - die("setting client cert"); + if (argc > nextarg && !strcmp("verifypeer", argv[nextarg])) { + amqp_ssl_socket_set_verify_peer(socket, 1); + nextarg++; + } + if (argc > nextarg && !strcmp("verifyhostname", argv[nextarg])) { + amqp_ssl_socket_set_verify_hostname(socket, 1); + nextarg++; + } + if (argc > nextarg + 1) { + status = + amqp_ssl_socket_set_key(socket, argv[nextarg + 1], argv[nextarg]); + if (status) { + die("setting client cert"); + } } } + status = amqp_socket_open(socket, hostname, port); if (status) { die("opening SSL/TLS connection"); diff --git a/examples/amqps_producer.c b/examples/amqps_producer.c index 7d3a24b..07e7ad7 100644 --- a/examples/amqps_producer.c +++ b/examples/amqps_producer.c @@ -122,7 +122,7 @@ int main(int argc, char const *const *argv) if (argc < 5) { fprintf(stderr, "Usage: amqps_producer host port rate_limit message_count " - "[cacert.pem [key.pem cert.pem]]\n"); + "[cacert.pem [verifypeer] [verifyhostname] [key.pem cert.pem]]\n"); return 1; } @@ -138,17 +138,29 @@ int main(int argc, char const *const *argv) die("creating SSL/TLS socket"); } + amqp_ssl_socket_set_verify_peer(socket, 0); + amqp_ssl_socket_set_verify_hostname(socket, 0); + if (argc > 5) { + int nextarg = 6; status = amqp_ssl_socket_set_cacert(socket, argv[5]); if (status) { die("setting CA certificate"); } - } - - if (argc > 7) { - status = amqp_ssl_socket_set_key(socket, argv[7], argv[6]); - if (status) { - die("setting client cert"); + if (argc > nextarg && !strcmp("verifypeer", argv[nextarg])) { + amqp_ssl_socket_set_verify_peer(socket, 1); + nextarg++; + } + if (argc > nextarg && !strcmp("verifyhostname", argv[nextarg])) { + amqp_ssl_socket_set_verify_hostname(socket, 1); + nextarg++; + } + if (argc > nextarg + 1) { + status = + amqp_ssl_socket_set_key(socket, argv[nextarg + 1], argv[nextarg]); + if (status) { + die("setting client cert"); + } } } diff --git a/examples/amqps_sendstring.c b/examples/amqps_sendstring.c index fe3ac67..6ef4396 100644 --- a/examples/amqps_sendstring.c +++ b/examples/amqps_sendstring.c @@ -59,7 +59,8 @@ int main(int argc, char const *const *argv) if (argc < 6) { fprintf(stderr, "Usage: amqps_sendstring host port exchange routingkey " - "messagebody [cacert.pem [key.pem cert.pem]]\n"); + "messagebody [cacert.pem [verifypeer] [verifyhostname] " + "[key.pem cert.pem]]\n"); return 1; } @@ -76,17 +77,29 @@ int main(int argc, char const *const *argv) die("creating SSL/TLS socket"); } + amqp_ssl_socket_set_verify_peer(socket, 0); + amqp_ssl_socket_set_verify_hostname(socket, 0); + if (argc > 6) { + int nextarg = 7; status = amqp_ssl_socket_set_cacert(socket, argv[6]); if (status) { die("setting CA certificate"); } - } - - if (argc > 8) { - status = amqp_ssl_socket_set_key(socket, argv[8], argv[7]); - if (status) { - die("setting client cert"); + if (argc > nextarg && !strcmp("verifypeer", argv[nextarg])) { + amqp_ssl_socket_set_verify_peer(socket, 1); + nextarg++; + } + if (argc > nextarg && !strcmp("verifyhostname", argv[nextarg])) { + amqp_ssl_socket_set_verify_hostname(socket, 1); + nextarg++; + } + if (argc > nextarg + 1) { + status = + amqp_ssl_socket_set_key(socket, argv[nextarg + 1], argv[nextarg]); + if (status) { + die("setting client cert"); + } } } diff --git a/examples/amqps_unbind.c b/examples/amqps_unbind.c index 7f4737e..29102bb 100644 --- a/examples/amqps_unbind.c +++ b/examples/amqps_unbind.c @@ -59,7 +59,7 @@ int main(int argc, char const *const *argv) if (argc < 6) { fprintf(stderr, "Usage: amqps_unbind host port exchange bindingkey queue " - "[cacert.pem [key.pem cert.pem]]\n"); + "[cacert.pem [verifypeer] [verifyhostname] [key.pem cert.pem]]\n"); return 1; } @@ -76,17 +76,29 @@ int main(int argc, char const *const *argv) die("creating SSL/TLS socket"); } + amqp_ssl_socket_set_verify_peer(socket, 0); + amqp_ssl_socket_set_verify_hostname(socket, 0); + if (argc > 6) { + int nextarg = 7; status = amqp_ssl_socket_set_cacert(socket, argv[6]); if (status) { die("setting CA certificate"); } - } - - if (argc > 8) { - status = amqp_ssl_socket_set_key(socket, argv[8], argv[7]); - if (status) { - die("setting client cert"); + if (argc > nextarg && !strcmp("verifypeer", argv[nextarg])) { + amqp_ssl_socket_set_verify_peer(socket, 1); + nextarg++; + } + if (argc > nextarg && !strcmp("verifyhostname", argv[nextarg])) { + amqp_ssl_socket_set_verify_hostname(socket, 1); + nextarg++; + } + if (argc > nextarg + 1) { + status = + amqp_ssl_socket_set_key(socket, argv[nextarg + 1], argv[nextarg]); + if (status) { + die("setting client cert"); + } } } -- cgit v1.2.1