int main(int argc, char **argv)
{
BEGIN_TEST();
EXPECT_SUCCESS(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0));
EXPECT_SUCCESS(setenv("S2N_DONT_MLOCK", "1", 0));
EXPECT_SUCCESS(s2n_init());
/* Client doens't use the server name extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || (client_blocked && errno == EAGAIN));
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || (server_blocked && errno == EAGAIN));
} while (client_blocked || server_blocked);
/* Verify that the server didn't receive the server name. */
EXPECT_NULL(s2n_get_server_name(server_conn));
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Client uses the server name extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
const char *sent_server_name = "awesome.amazonaws.com";
const char *received_server_name;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
/* Set the server name */
EXPECT_SUCCESS(s2n_set_server_name(client_conn, sent_server_name));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || (client_blocked && errno == EAGAIN));
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || (server_blocked && errno == EAGAIN));
} while (client_blocked || server_blocked);
/* Verify that the server name was received intact. */
EXPECT_NOT_NULL(received_server_name = s2n_get_server_name(server_conn));
EXPECT_EQUAL(strlen(received_server_name), strlen(sent_server_name));
EXPECT_BYTEARRAY_EQUAL(received_server_name, sent_server_name, strlen(received_server_name));
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Client sends multiple server names. */
{
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
const char *sent_server_name = "svr";
const char *received_server_name;
uint8_t client_extensions[] = {
/* Extension type TLS_EXTENSION_SERVER_NAME */
0x00, 0x00,
/* Extension size */
0x00, 0x0C,
/* All server names len */
0x00, 0x0A,
/* First server name type - host name */
0x00,
/* First server name len */
0x00, 0x03,
/* First server name, matches sent_server_name */
's', 'v', 'r',
/* Second server name type - host name */
0x00,
/* Second server name len */
0x00, 0x01,
/* Second server name */
0xFF,
};
int client_extensions_len = sizeof(client_extensions);
uint8_t client_hello_message[] = {
/* Protocol version TLS 1.2 */
0x03, 0x03,
/* Client random */
ZERO_TO_THIRTY_ONE,
/* SessionID len - 32 bytes */
0x20,
/* Session ID */
ZERO_TO_THIRTY_ONE,
/* Cipher suites len */
0x00, 0x02,
/* Cipher suite - TLS_RSA_WITH_AES_128_CBC_SHA256 */
0x00, 0x3C,
/* Compression methods len */
0x01,
/* Compression method - none */
0x00,
/* Extensions len */
(client_extensions_len >> 8) & 0xff, (client_extensions_len & 0xff),
};
int body_len = sizeof(client_hello_message) + client_extensions_len;
uint8_t message_header[] = {
/* Handshake message type CLIENT HELLO */
0x01,
/* Body len */
(body_len >> 16) & 0xff, (body_len >> 8) & 0xff, (body_len & 0xff),
};
int message_len = sizeof(message_header) + body_len;
uint8_t record_header[] = {
/* Record type HANDSHAKE */
0x16,
/* Protocol version TLS 1.2 */
0x03, 0x03,
/* Message len */
(message_len >> 8) & 0xff, (message_len & 0xff),
};
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
/* Send the client hello */
EXPECT_EQUAL(write(client_to_server[1], record_header, sizeof(record_header)), sizeof(record_header));
EXPECT_EQUAL(write(client_to_server[1], message_header, sizeof(message_header)), sizeof(message_header));
EXPECT_EQUAL(write(client_to_server[1], client_hello_message, sizeof(client_hello_message)), sizeof(client_hello_message));
EXPECT_EQUAL(write(client_to_server[1], client_extensions, sizeof(client_extensions)), sizeof(client_extensions));
/* Verify that the CLIENT HELLO is accepted */
s2n_negotiate(server_conn, &server_blocked);
EXPECT_EQUAL(server_blocked, 1);
EXPECT_EQUAL(server_conn->handshake.state, CLIENT_KEY);
/* Verify that the server name was received intact. */
EXPECT_NOT_NULL(received_server_name = s2n_get_server_name(server_conn));
EXPECT_EQUAL(strlen(received_server_name), strlen(sent_server_name));
EXPECT_BYTEARRAY_EQUAL(received_server_name, sent_server_name, strlen(received_server_name));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Client doesn't use the OCSP extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
uint32_t length;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_with_status(server_config, certificate, private_key, server_ocsp_status, sizeof(server_ocsp_status)));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || client_blocked);
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || server_blocked);
} while (client_blocked || server_blocked);
/* Verify that the client didn't receive an OCSP response. */
EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length));
EXPECT_EQUAL(length, 0);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Server doesn't support the OCSP extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
struct s2n_config *client_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
uint32_t length;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_OCSP));
EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, certificate, private_key));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || client_blocked);
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || server_blocked);
} while (client_blocked || server_blocked);
/* Verify that the client didn't receive an OCSP response. */
EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length));
EXPECT_EQUAL(length, 0);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
EXPECT_SUCCESS(s2n_config_free(client_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
/* Server and client support the OCSP extension. */
{
struct s2n_connection *client_conn;
struct s2n_connection *server_conn;
struct s2n_config *server_config;
struct s2n_config *client_config;
s2n_blocked_status client_blocked;
s2n_blocked_status server_blocked;
int server_to_client[2];
int client_to_server[2];
uint32_t length;
/* Create nonblocking pipes */
EXPECT_SUCCESS(pipe(server_to_client));
EXPECT_SUCCESS(pipe(client_to_server));
for (int i = 0; i < 2; i++) {
EXPECT_NOT_EQUAL(fcntl(server_to_client[i], F_SETFL, fcntl(server_to_client[i], F_GETFL) | O_NONBLOCK), -1);
EXPECT_NOT_EQUAL(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK), -1);
}
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
EXPECT_SUCCESS(s2n_connection_set_read_fd(client_conn, server_to_client[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(client_conn, client_to_server[1]));
EXPECT_NOT_NULL(client_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_set_status_request_type(client_config, S2N_STATUS_REQUEST_OCSP));
EXPECT_SUCCESS(s2n_connection_set_config(client_conn, client_config));
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
EXPECT_SUCCESS(s2n_connection_set_read_fd(server_conn, client_to_server[0]));
EXPECT_SUCCESS(s2n_connection_set_write_fd(server_conn, server_to_client[1]));
EXPECT_NOT_NULL(server_config = s2n_config_new());
EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_with_status(server_config, certificate, private_key, server_ocsp_status, sizeof(server_ocsp_status)));
EXPECT_SUCCESS(s2n_connection_set_config(server_conn, server_config));
do {
int ret;
ret = s2n_negotiate(client_conn, &client_blocked);
EXPECT_TRUE(ret == 0 || client_blocked);
ret = s2n_negotiate(server_conn, &server_blocked);
EXPECT_TRUE(ret == 0 || server_blocked);
} while (client_blocked || server_blocked);
/* Verify that the client didn't receive an OCSP response. */
EXPECT_NULL(s2n_connection_get_ocsp_response(client_conn, &length));
EXPECT_EQUAL(length, 0);
EXPECT_SUCCESS(s2n_shutdown(client_conn, &client_blocked));
EXPECT_SUCCESS(s2n_connection_free(client_conn));
EXPECT_SUCCESS(s2n_shutdown(server_conn, &server_blocked));
EXPECT_SUCCESS(s2n_connection_free(server_conn));
EXPECT_SUCCESS(s2n_config_free(server_config));
EXPECT_SUCCESS(s2n_config_free(client_config));
for (int i = 0; i < 2; i++) {
EXPECT_SUCCESS(close(server_to_client[i]));
EXPECT_SUCCESS(close(client_to_server[i]));
}
}
END_TEST();
return 0;
}
int main(int argc, char * const *argv)
{
struct addrinfo hints, *ai_list, *ai;
int r, sockfd = 0;
/* Optional args */
const char *alpn_protocols = NULL;
const char *server_name = NULL;
s2n_status_request_type type = S2N_STATUS_REQUEST_NONE;
/* required args */
const char *host = NULL;
const char *port = "443";
static struct option long_options[] = {
{ "alpn", required_argument, 0, 'a' },
{ "help", no_argument, 0, 'h' },
{ "name", required_argument, 0, 'n' },
{ "status", no_argument, 0, 's' },
};
while (1) {
int option_index = 0;
int c = getopt_long (argc, argv, "a:hn:s", long_options, &option_index);
if (c == -1) {
break;
}
switch (c) {
case 'a':
alpn_protocols = optarg;
break;
case 'h':
usage();
break;
case 'n':
server_name = optarg;
break;
case 's':
type = S2N_STATUS_REQUEST_OCSP;
break;
case '?':
default:
usage();
break;
}
}
if (optind < argc) {
host = argv[optind++];
}
if (optind < argc) {
port = argv[optind++];
}
if (!host) {
usage();
}
if (!server_name) {
server_name = host;
}
if (memset(&hints, 0, sizeof(hints)) != &hints) {
fprintf(stderr, "memset error: %s\n", strerror(errno));
exit(1);
}
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
fprintf(stderr, "Error disabling SIGPIPE\n");
exit(1);
}
if ((r = getaddrinfo(host, port, &hints, &ai_list)) != 0) {
fprintf(stderr, "error: %s\n", gai_strerror(r));
exit(1);
}
int connected = 0;
for (ai = ai_list; ai != NULL; ai = ai->ai_next) {
if ((sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol)) == -1) {
continue;
}
if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1) {
close(sockfd);
continue;
}
connected = 1;
/* connect() succeeded */
break;
}
freeaddrinfo(ai_list);
if (connected == 0) {
fprintf(stderr, "Failed to connect to %s:%s\n", argv[1], port);
close(sockfd);
exit(1);
}
const char *error;
if (s2n_init(&error) < 0) {
fprintf(stderr, "Error running s2n_init(): '%s'\n", s2n_strerror(s2n_errno, "EN"));
}
struct s2n_config *config = s2n_config_new();
if (config == NULL) {
fprintf(stderr, "Error getting new config: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (s2n_config_set_status_request_type(config, type) < 0) {
fprintf(stderr, "Error setting status request type: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (alpn_protocols) {
/* Count the number of commas, this tells us how many protocols there
are in the list */
const char *ptr = alpn_protocols;
int protocol_count = 1;
while (*ptr) {
if (*ptr == ',') {
protocol_count++;
}
ptr++;
}
char **protocols = malloc(sizeof(char *) * protocol_count);
if (!protocols) {
fprintf(stderr, "Error allocating memory\n");
exit(1);
}
const char *next = alpn_protocols;
int index = 0;
int length = 0;
ptr = alpn_protocols;
while (*ptr) {
if (*ptr == ',') {
protocols[index] = malloc(length + 1);
if (!protocols[index]) {
fprintf(stderr, "Error allocating memory\n");
exit(1);
}
memcpy(protocols[index], next, length);
protocols[index][length] = '\0';
length = 0;
index++;
ptr++;
next = ptr;
} else {
length++;
ptr++;
}
}
if (ptr != next) {
protocols[index] = malloc(length + 1);
if (!protocols[index]) {
fprintf(stderr, "Error allocating memory\n");
exit(1);
}
memcpy(protocols[index], next, length);
protocols[index][length] = '\0';
}
if (s2n_config_set_protocol_preferences(config, (const char * const *)protocols, protocol_count) < 0) {
fprintf(stderr, "Failed to set protocol preferences: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
while(protocol_count) {
protocol_count--;
free(protocols[protocol_count]);
}
free(protocols);
}
struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT);
if (conn == NULL) {
fprintf(stderr, "Error getting new connection: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
printf("Connected to %s:%s\n", host, port);
if (s2n_connection_set_config(conn, config) < 0) {
fprintf(stderr, "Error setting configuration: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (s2n_set_server_name(conn, server_name) < 0) {
fprintf(stderr, "Error setting server name: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (s2n_connection_set_fd(conn, sockfd) < 0) {
fprintf(stderr, "Error setting file descriptor: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
/* See echo.c */
echo(conn, sockfd);
if (s2n_connection_free(conn) < 0) {
fprintf(stderr, "Error freeing connection: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (s2n_config_free(config) < 0) {
fprintf(stderr, "Error freeing configuration: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (s2n_cleanup(&error) < 0) {
fprintf(stderr, "Error running s2n_cleanup(): '%s'\n", s2n_strerror(s2n_errno, "EN"));
}
return 0;
}
int main(int argc, char *const *argv)
{
struct addrinfo hints, *ai_list, *ai;
int r, sockfd = 0;
ssize_t session_state_length = 0;
uint8_t *session_state = NULL;
/* Optional args */
const char *alpn_protocols = NULL;
const char *server_name = NULL;
const char *ca_file = NULL;
const char *ca_dir = NULL;
uint16_t mfl_value = 0;
uint8_t insecure = 0;
int reconnect = 0;
uint8_t session_ticket = 1;
s2n_status_request_type type = S2N_STATUS_REQUEST_NONE;
uint32_t dyn_rec_threshold = 0;
uint8_t dyn_rec_timeout = 0;
/* required args */
const char *cipher_prefs = "default";
const char *host = NULL;
struct verify_data unsafe_verify_data;
const char *port = "443";
int echo_input = 0;
int use_corked_io = 0;
static struct option long_options[] = {
{"alpn", required_argument, 0, 'a'},
{"ciphers", required_argument, 0, 'c'},
{"echo", required_argument, 0, 'e'},
{"help", no_argument, 0, 'h'},
{"name", required_argument, 0, 'n'},
{"status", no_argument, 0, 's'},
{"mfl", required_argument, 0, 'm'},
{"ca-file", required_argument, 0, 'f'},
{"ca-dir", required_argument, 0, 'd'},
{"insecure", no_argument, 0, 'i'},
{"reconnect", no_argument, 0, 'r'},
{"no-session-ticket", no_argument, 0, 'T'},
{"dynamic", required_argument, 0, 'D'},
{"timeout", required_argument, 0, 't'},
{"corked-io", no_argument, 0, 'C'},
};
while (1) {
int option_index = 0;
int c = getopt_long(argc, argv, "a:c:ehn:sf:d:D:t:irTC", long_options, &option_index);
if (c == -1) {
break;
}
switch (c) {
case 'a':
alpn_protocols = optarg;
break;
case 'C':
use_corked_io = 1;
break;
case 'c':
cipher_prefs = optarg;
break;
case 'e':
echo_input = 1;
break;
case 'h':
usage();
break;
case 'n':
server_name = optarg;
break;
case 's':
type = S2N_STATUS_REQUEST_OCSP;
break;
case 'm':
mfl_value = (uint16_t) atoi(optarg);
break;
case 'f':
ca_file = optarg;
break;
case 'd':
ca_dir = optarg;
break;
case 'i':
insecure = 1;
break;
case 'r':
reconnect = 5;
break;
case 'T':
session_ticket = 0;
break;
case 't':
dyn_rec_timeout = (uint8_t) MIN(255, atoi(optarg));
break;
case 'D':
dyn_rec_threshold = strtoul(optarg, 0, 10);
if (errno == ERANGE) {
dyn_rec_threshold = 0;
}
break;
case '?':
default:
usage();
break;
}
}
if (optind < argc) {
host = argv[optind++];
}
if (optind < argc) {
port = argv[optind++];
}
if (!host) {
usage();
}
if (!server_name) {
server_name = host;
}
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
fprintf(stderr, "Error disabling SIGPIPE\n");
exit(1);
}
GUARD_EXIT(s2n_init(), "Error running s2n_init()");
if ((r = getaddrinfo(host, port, &hints, &ai_list)) != 0) {
fprintf(stderr, "error: %s\n", gai_strerror(r));
exit(1);
}
do {
int connected = 0;
for (ai = ai_list; ai != NULL; ai = ai->ai_next) {
if ((sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol)) == -1) {
continue;
}
if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1) {
close(sockfd);
continue;
}
connected = 1;
/* connect() succeeded */
break;
}
if (connected == 0) {
fprintf(stderr, "Failed to connect to %s:%s\n", host, port);
exit(1);
}
struct s2n_config *config = s2n_config_new();
setup_s2n_config(config, cipher_prefs, type, &unsafe_verify_data, host, alpn_protocols, mfl_value);
if (ca_file || ca_dir) {
if (s2n_config_set_verification_ca_location(config, ca_file, ca_dir) < 0) {
print_s2n_error("Error setting CA file for trust store.");
}
}
else if (insecure) {
GUARD_EXIT(s2n_config_disable_x509_verification(config), "Error disabling X.509 validation");
}
if (session_ticket) {
GUARD_EXIT(s2n_config_set_session_tickets_onoff(config, 1), "Error enabling session tickets");
}
struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT);
if (conn == NULL) {
print_s2n_error("Error getting new connection");
exit(1);
}
GUARD_EXIT(s2n_connection_set_config(conn, config), "Error setting configuration");
GUARD_EXIT(s2n_set_server_name(conn, server_name), "Error setting server name");
GUARD_EXIT(s2n_connection_set_fd(conn, sockfd) , "Error setting file descriptor");
if (use_corked_io) {
GUARD_EXIT(s2n_connection_use_corked_io(conn), "Error setting corked io");
}
/* Update session state in connection if exists */
if (session_state_length > 0) {
GUARD_EXIT(s2n_connection_set_session(conn, session_state, session_state_length), "Error setting session state in connection");
}
/* See echo.c */
int ret = negotiate(conn);
if (ret != 0) {
/* Error is printed in negotiate */
return -1;
}
printf("Connected to %s:%s\n", host, port);
/* Save session state from connection if reconnect is enabled */
if (reconnect > 0) {
if (!session_ticket && s2n_connection_get_session_id_length(conn) <= 0) {
printf("Endpoint sent empty session id so cannot resume session\n");
exit(1);
}
free(session_state);
session_state_length = s2n_connection_get_session_length(conn);
session_state = calloc(session_state_length, sizeof(uint8_t));
if (s2n_connection_get_session(conn, session_state, session_state_length) != session_state_length) {
print_s2n_error("Error getting serialized session state");
exit(1);
}
}
if (dyn_rec_threshold > 0 && dyn_rec_timeout > 0) {
s2n_connection_set_dynamic_record_threshold(conn, dyn_rec_threshold, dyn_rec_timeout);
}
if (echo_input == 1) {
echo(conn, sockfd);
}
s2n_blocked_status blocked;
s2n_shutdown(conn, &blocked);
GUARD_EXIT(s2n_connection_free(conn), "Error freeing connection");
GUARD_EXIT(s2n_config_free(config), "Error freeing configuration");
close(sockfd);
reconnect--;
} while (reconnect >= 0);
GUARD_EXIT(s2n_cleanup(), "Error running s2n_cleanup()");
free(session_state);
freeaddrinfo(ai_list);
return 0;
}