static int create_client_socket(const char *hostname) { int sock; int err; printf("Create client socket\n"); sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if(sock<0) { perror("client socket"); return sock; } #if 1 err=TLSSocket_Attach(sock); if(err<0) { perror("TLSSocket_Attach (server)"); exit(err); } #endif struct hostent *host; struct sockaddr_in server_addr; //host = gethostbyname("kruk.apple.com"); //host = gethostbyname("localhost"); host= gethostbyname(hostname); if(!host) { herror("host"); return -1; } server_addr.sin_family = AF_INET; server_addr.sin_port = htons(23232); server_addr.sin_addr = *((struct in_addr *)host->h_addr); bzero(&(server_addr.sin_zero),8); err = connect(sock, (struct sockaddr *)&server_addr, sizeof(struct sockaddr)); if(err) { perror("connect"); return err; } return sock; }
int dtls_client(const char *hostname, int bypass) { int fd; int tlsfd; struct sockaddr_in sa; printf("Running dtls_client test with hostname=%s, bypass=%d\n", hostname, bypass); if ((fd=socket(AF_INET, SOCK_DGRAM, 0))==-1) { perror("socket"); exit(-1); } memset((char *) &sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_port = htons(PORT); if (inet_aton(hostname, &sa.sin_addr)==0) { fprintf(stderr, "inet_aton() failed\n"); exit(1); } if(connect(fd, (struct sockaddr *)&sa, sizeof(sa))==-1) { perror("connect"); return errno; } /* Change to non blocking io */ fcntl(fd, F_SETFL, O_NONBLOCK); SSLRecordContextRef c=(intptr_t)fd; OSStatus ortn; SSLContextRef ctx = NULL; SSLClientCertificateState certState; SSLCipherSuite negCipher; SSLProtocol negVersion; /* * Set up a SecureTransport session. */ ctx = SSLCreateContextWithRecordFuncs(kCFAllocatorDefault, kSSLClientSide, kSSLDatagramType, &TLSSocket_Funcs); if(!ctx) { printSslErrStr("SSLCreateContextWithRecordFuncs", -1); return -1; } printf("Attaching filter\n"); ortn = TLSSocket_Attach(fd); if(ortn) { printSslErrStr("TLSSocket_Attach", ortn); return ortn; } if(bypass) { tlsfd = open("/dev/tlsnke", O_RDWR); if(tlsfd<0) { perror("opening tlsnke dev"); exit(-1); } } ortn = SSLSetRecordContext(ctx, c); if(ortn) { printSslErrStr("SSLSetRecordContext", ortn); return ortn; } ortn = SSLSetMaxDatagramRecordSize(ctx, 600); if(ortn) { printSslErrStr("SSLSetMaxDatagramRecordSize", ortn); return ortn; } /* Lets not verify the cert, which is a random test cert */ ortn = SSLSetEnableCertVerify(ctx, false); if(ortn) { printSslErrStr("SSLSetEnableCertVerify", ortn); return ortn; } ortn = SSLSetCertificate(ctx, server_chain()); if(ortn) { printSslErrStr("SSLSetCertificate", ortn); return ortn; } printf("Handshake...\n"); do { ortn = SSLHandshake(ctx); if(ortn == errSSLWouldBlock) { /* keep UI responsive */ sslOutputDot(); } } while (ortn == errSSLWouldBlock); SSLGetClientCertificateState(ctx, &certState); SSLGetNegotiatedCipher(ctx, &negCipher); SSLGetNegotiatedProtocolVersion(ctx, &negVersion); int count; size_t len; ssize_t sreadLen, swriteLen; size_t readLen, writeLen; char buffer[BUFLEN]; count = 0; while(count<COUNT) { int timeout = 10000; snprintf(buffer, BUFLEN, "Message %d", count); len = strlen(buffer); if(bypass) { /* Send data through the side channel, kind of like utun would */ swriteLen=write(tlsfd, buffer, len); if(swriteLen<0) { perror("write to tlsfd"); break; } writeLen=swriteLen; } else { ortn=SSLWrite(ctx, buffer, len, &writeLen); if(ortn) { printSslErrStr("SSLWrite", ortn); break; } } printf("Wrote %lu bytes\n", writeLen); count++; if(bypass) { do { sreadLen=read(tlsfd, buffer, BUFLEN); } while((sreadLen==-1) && (errno==EAGAIN) && (timeout--)); if((sreadLen==-1) && (errno==EAGAIN)) { printf("Read timeout...\n"); continue; } if(sreadLen<0) { perror("read from tlsfd"); break; } readLen=sreadLen; } else { do { ortn=SSLRead(ctx, buffer, BUFLEN, &readLen); } while((ortn==errSSLWouldBlock) && (timeout--)); if(ortn==errSSLWouldBlock) { printf("SSLRead timeout...\n"); continue; } if(ortn) { printSslErrStr("SSLRead", ortn); break; } } buffer[readLen]=0; printf("Received %lu bytes: %s\n", readLen, buffer); } SSLClose(ctx); SSLDisposeContext(ctx); return ortn; }