static void test_CyaSSL_CTX_load_verify_locations(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) CYASSL_CTX *ctx; AssertNotNull(ctx = CyaSSL_CTX_new(CyaSSLv23_client_method())); /* invalid context */ AssertFalse(CyaSSL_CTX_load_verify_locations(NULL, caCert, 0)); /* invalid ca file */ AssertFalse(CyaSSL_CTX_load_verify_locations(ctx, NULL, 0)); AssertFalse(CyaSSL_CTX_load_verify_locations(ctx, bogusFile, 0)); #ifndef CYASSL_TIRTOS /* invalid path */ /* not working... investigate! */ /* AssertFalse(CyaSSL_CTX_load_verify_locations(ctx, caCert, bogusFile)); */ #endif /* success */ AssertTrue(CyaSSL_CTX_load_verify_locations(ctx, caCert, 0)); CyaSSL_CTX_free(ctx); #endif }
static void prvInitialiseCyaSSL( void ) { int32_t iReturn; #ifdef DEBUG_CYASSL { CyaSSL_Debugging_ON(); } #endif /* Initialise CyaSSL. This must be done before any other CyaSSL functions are called. */ CyaSSL_Init(); /* Attempt to create a context that uses the TLS V1 server protocol. */ xCyaSSL_ServerContext = CyaSSL_CTX_new( CyaTLSv1_server_method() ); if( xCyaSSL_ServerContext != NULL ) { /* Load the CA certificate. Real applications should ensure that CyaSSL_CTX_load_verify_locations() returns SSL_SUCCESS before proceeding. */ iReturn = CyaSSL_CTX_load_verify_locations( xCyaSSL_ServerContext, "ca-cert.pem", 0 ); configASSERT( iReturn == SSL_SUCCESS ); iReturn = CyaSSL_CTX_use_certificate_file( xCyaSSL_ServerContext, "server-cert.pem", SSL_FILETYPE_PEM ); configASSERT( iReturn == SSL_SUCCESS ); iReturn = CyaSSL_CTX_use_PrivateKey_file( xCyaSSL_ServerContext, "server-key.pem", SSL_FILETYPE_PEM ); configASSERT( iReturn == SSL_SUCCESS ); } }
static void test_client_CyaSSL_new(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) CYASSL_CTX *ctx; CYASSL_CTX *ctx_nocert; CYASSL *ssl; AssertNotNull(ctx_nocert = CyaSSL_CTX_new(CyaSSLv23_client_method())); AssertNotNull(ctx = CyaSSL_CTX_new(CyaSSLv23_client_method())); AssertTrue(CyaSSL_CTX_load_verify_locations(ctx, caCert, 0)); /* invalid context */ AssertNull(ssl = CyaSSL_new(NULL)); /* success */ AssertNotNull(ssl = CyaSSL_new(ctx_nocert)); CyaSSL_free(ssl); /* success */ AssertNotNull(ssl = CyaSSL_new(ctx)); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CyaSSL_CTX_free(ctx_nocert); #endif }
int main(int argc, char** argv) { /* cont short for "continue?", Loc short for "location" */ int cont = 0; char caCertLoc[] = "../certs/ca-cert.pem"; char servCertLoc[] = "../certs/server-cert.pem"; char servKeyLoc[] = "../certs/server-key.pem"; /* "./config --enable-debug" and uncomment next line for debugging */ /* CyaSSL_Debugging_ON(); */ /* Initialize CyaSSL */ CyaSSL_Init(); /* Set ctx to DTLS 1.2 */ if ((ctx = CyaSSL_CTX_new(CyaDTLSv1_2_server_method())) == NULL) { printf("CyaSSL_CTX_new error.\n"); return 1; } /* Load CA certificates */ if (CyaSSL_CTX_load_verify_locations(ctx,caCertLoc,0) != SSL_SUCCESS) { printf("Error loading %s, please check the file.\n", caCertLoc); return 1; } /* Load server certificates */ if (CyaSSL_CTX_use_certificate_file(ctx, servCertLoc, SSL_FILETYPE_PEM) != SSL_SUCCESS) { printf("Error loading %s, please check the file.\n", servCertLoc); return 1; } /* Load server Keys */ if (CyaSSL_CTX_use_PrivateKey_file(ctx, servKeyLoc, SSL_FILETYPE_PEM) != SSL_SUCCESS) { printf("Error loading %s, please check the file.\n", servKeyLoc); return 1; } cont = AwaitDGram(ctx); if (cont == 1) { CyaSSL_CTX_free(ctx); CyaSSL_Cleanup(); } return 0; }
/** * \brief Loads the certificate defined through the SSLCertConfig_t * \return 1 if successfull <0 other way */ inline static int load_certificate( CYASSL_CTX* cya_ctx, const SSLCertConfig_t* cert_config ) { assert( cya_ctx != 0 && "CyaSSL context must not be null!" ); assert( cert_config != 0 && "CyaSSL certificate configuration must not be null!" ); assert( cert_config->file != 0 && "CyaSSL certificate filename must not be null!" ); debug_fmt( "Trying to load certificate: file %s at %s dir", cert_config->file, cert_config->path ); int ret = CyaSSL_CTX_load_verify_locations( cya_ctx, cert_config->file, 0 ); debug_fmt( "Ret: %d", ret ); if( ret < 0 ) { return -1; //@TODO add proper cya err detection } return 1; }
/* Helper for testing CyaSSL_CTX_load_verify_locations() */ int test_lvl(CYASSL_CTX *ctx, const char* file, const char* path, int cond, const char* name) { int result; printf(testingFmt, name); /* * CyaSSL_CTX_load_verify_locations() returns SSL_SUCCESS (1) for * success, SSL_FAILURE (0) for a non-specific failure, or a specific * failure code (<0). Need to normalize the return code to 1 or 0. */ result = CyaSSL_CTX_load_verify_locations(ctx, file, path) >= SSL_SUCCESS; if (result != cond) { printf(resultFmt, failed); return TEST_FAIL; } printf(resultFmt, passed); return TEST_SUCCESS; }
/* * applies TLS 1.2 security layer to data being sent. */ int Security(int sock) { CYASSL_CTX* ctx; CYASSL* ssl; /* create CYASSL object */ int ret = 0; CyaSSL_Init(); /* initialize CyaSSL */ /* create and initiLize CYASSL_CTX structure */ if ((ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method())) == NULL) { printf("SSL_CTX_new error.\n"); return EXIT_FAILURE; } /* load CA certificates into CyaSSL_CTX. which will verify the server */ if (CyaSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) { printf("Error loading %s. Please check the file.\n", cert); return EXIT_FAILURE; } if ((ssl = CyaSSL_new(ctx)) == NULL) { printf("CyaSSL_new error.\n"); return EXIT_FAILURE; } CyaSSL_set_fd(ssl, sock); ret = CyaSSL_connect(ssl); if (ret == SSL_SUCCESS) { ret = ClientGreet(sock, ssl); } /* frees all data before client termination */ CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CyaSSL_Cleanup(); return ret; }
static void test_client_nofail(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; char msg[64] = "hello cyassl!"; char reply[1024]; int input; int msgSz = (int)strlen(msg); #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; method = CyaSSLv23_client_method(); ctx = CyaSSL_CTX_new(method); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) { /* err_sys("can't load ca file, Please run from CyaSSL home dir");*/ goto done2; } if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from CyaSSL home dir");*/ goto done2; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from CyaSSL home dir");*/ goto done2; } tcp_connect(&sockfd, yasslIP, ((func_args*)args)->signal->port, 0); ssl = CyaSSL_new(ctx); CyaSSL_set_fd(ssl, sockfd); if (CyaSSL_connect(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*printf("SSL_connect failed");*/ goto done2; } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ goto done2; } input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); } done2: CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(sockfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif return; }
int test_client_CyaSSL_new(void) { int result; CYASSL_CTX *ctx; CYASSL_CTX *ctx_nocert; CYASSL *ssl; ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); if (ctx == NULL) { printf("test_client_CyaSSL_new() cannot create context\n"); return TEST_FAIL; } result = CyaSSL_CTX_load_verify_locations(ctx, caCert, 0); if (result == SSL_FAILURE) { printf("test_client_CyaSSL_new() cannot obtain certificate\n"); CyaSSL_CTX_free(ctx); return TEST_FAIL; } ctx_nocert = CyaSSL_CTX_new(CyaSSLv23_client_method()); if (ctx_nocert == NULL) { printf("test_client_CyaSSL_new() cannot create bogus context\n"); CyaSSL_CTX_free(ctx); return TEST_FAIL; } printf(testingFmt, "CyaSSL_new(NULL) client"); ssl = CyaSSL_new(NULL); if (ssl != NULL) { printf(resultFmt, failed); CyaSSL_free(ssl); } else printf(resultFmt, passed); printf(testingFmt, "CyaSSL_new(ctx_nocert) client"); ssl = CyaSSL_new(ctx_nocert); if (ssl == NULL) printf(resultFmt, failed); else { printf(resultFmt, passed); CyaSSL_free(ssl); } printf(testingFmt, "CyaSSL_new(ctx) client"); ssl = CyaSSL_new(ctx); if (ssl == NULL) printf(resultFmt, failed); else { printf(resultFmt, passed); CyaSSL_free(ssl); } CyaSSL_CTX_free(ctx_nocert); CyaSSL_CTX_free(ctx); return TEST_SUCCESS; }
static THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port = yasslPort; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; method = CyaSSLv23_server_method(); ctx = CyaSSL_CTX_new(method); #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \ !defined(CYASSL_TIRTOS) port = 0; #endif CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) { /*err_sys("can't load ca file, Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from CyaSSL home dir");*/ goto done; } ssl = CyaSSL_new(ctx); tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0); CloseSocket(sockfd); CyaSSL_set_fd(ssl, clientfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*err_sys("SSL_accept failed");*/ goto done; } idx = CyaSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); } if (CyaSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef CYASSL_TIRTOS return; #else return 0; #endif } #ifdef CYASSL_TIRTOS Task_yield(); #endif done: CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(clientfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) ecc_fp_free(); /* free per thread cache */ #endif #ifndef CYASSL_TIRTOS return 0; #endif }
void client_test(void) { char msg[64]; char reply[1024]; int sockfd, input; int ret = 0, msgSz = 0; struct sockaddr_in servaddr; CYASSL_CTX* ctx; CYASSL* ssl; long yasslIP = IPADDR(192,168,1,125); long yasslPort = 11111; /* for debug, compile CyaSSL with DEBUG_CYASSL defined */ CyaSSL_Debugging_ON(); CyaSSL_Init(); ctx = CyaSSL_CTX_new(CyaTLSv1_2_client_method()); if (ctx == 0) err_sys("setting up ctx"); CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); ret = CyaSSL_CTX_use_certificate_file(ctx, clientCert, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("can't load client cert file, check file"); ret = CyaSSL_CTX_use_PrivateKey_file(ctx, clientKey, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) err_sys("can't load client key file, check file"); ret = CyaSSL_CTX_load_verify_locations(ctx, caCert, 0); if (ret != SSL_SUCCESS) err_sys("can't load CA cert file, check file"); /* create socket descriptor */ sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd == RTCS_SOCKET_ERROR) { err_sys("socket creation failed"); } else { printf("socket created successfully\n"); } /* * Unlike most TCP/IP stacks, RTCS requires that sin_port and * sin_addr needs to be in Host Byte Order, not Network Byte Order. * This means we shouldn't use htons() when setting these values. */ memset((char*)&servaddr, 0, sizeof(servaddr)); servaddr.sin_family = AF_INET; servaddr.sin_port = yasslPort; servaddr.sin_addr.s_addr = yasslIP; ret = connect(sockfd, &servaddr, sizeof(servaddr)); if (ret != RTCS_OK) { err_sys("connect() failed"); } else { printf("Connected to %lx, port %d.\n", servaddr.sin_addr.s_addr, servaddr.sin_port); } if ( (ssl = CyaSSL_new(ctx)) == NULL) err_sys("CyaSSL_new failed"); CyaSSL_set_fd(ssl, sockfd); ret = CyaSSL_connect(ssl); if (ret != SSL_SUCCESS) err_sys("CyaSSL_connect failed"); printf("CyaSSL_connect() ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("CyaSSL_write() failed"); input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); while (1) { input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else { break; } } } CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CyaSSL_Cleanup(); }
THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; int clientfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; ((func_args*)args)->return_code = TEST_FAIL; method = CyaSSLv23_server_method(); ctx = CyaSSL_CTX_new(method); CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS) { /*err_sys("can't load ca file, Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from CyaSSL home dir");*/ goto done; } if (CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from CyaSSL home dir");*/ goto done; } ssl = CyaSSL_new(ctx); tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0); CloseSocket(sockfd); CyaSSL_set_fd(ssl, clientfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #else SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[80]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); /*err_sys("SSL_accept failed");*/ goto done; } idx = CyaSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = 0; printf("Client message: %s\n", input); } if (CyaSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ return 0; } done: CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(clientfd); ((func_args*)args)->return_code = TEST_SUCCESS; return 0; }
int main (int argc, char** argv) { int sockfd = 0; struct sockaddr_in servAddr; const char* host = argv[1]; CYASSL* ssl = 0; CYASSL_CTX* ctx = 0; CYASSL* sslResume = 0; CYASSL_SESSION* session = 0; char* srTest = "testing session resume"; char cert_array[] = "../certs/ca-cert.pem"; char* certs = cert_array; if (argc != 2) { printf("usage: udpcli <IP address>\n"); return 1; } CyaSSL_Init(); /* CyaSSL_Debugging_ON(); */ if ( (ctx = CyaSSL_CTX_new(CyaDTLSv1_2_client_method())) == NULL) { fprintf(stderr, "CyaSSL_CTX_new error.\n"); return 1; } if (CyaSSL_CTX_load_verify_locations(ctx, certs, 0) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", certs); return 1; } ssl = CyaSSL_new(ctx); if (ssl == NULL) { printf("unable to get ssl object"); return 1; } memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); if ( (inet_pton(AF_INET, host, &servAddr.sin_addr)) < 1) { printf("Error and/or invalid IP address"); return 1; } CyaSSL_dtls_set_peer(ssl, &servAddr, sizeof(servAddr)); if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { printf("cannot create a socket."); return 1; } CyaSSL_set_fd(ssl, sockfd); if (CyaSSL_connect(ssl) != SSL_SUCCESS) { int err1 = CyaSSL_get_error(ssl, 0); char buffer[80]; printf("err = %d, %s\n", err1, CyaSSL_ERR_error_string(err1, buffer)); printf("SSL_connect failed"); return 1; } DatagramClient(ssl); CyaSSL_write(ssl, srTest, sizeof(srTest)); session = CyaSSL_get_session(ssl); sslResume = CyaSSL_new(ctx); CyaSSL_shutdown(ssl); CyaSSL_free(ssl); close(sockfd); memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); if ( (inet_pton(AF_INET, host, &servAddr.sin_addr)) < 1) { printf("Error and/or invalid IP address"); return 1; } CyaSSL_dtls_set_peer(sslResume, &servAddr, sizeof(servAddr)); if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { printf("cannot create a socket."); return 1; } CyaSSL_set_fd(sslResume, sockfd); CyaSSL_set_session(sslResume, session); if (CyaSSL_connect(sslResume) != SSL_SUCCESS) { printf("SSL_connect failed"); return 1; } if(CyaSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); DatagramClient(sslResume); CyaSSL_write(sslResume, srTest, sizeof(srTest)); CyaSSL_shutdown(sslResume); CyaSSL_free(sslResume); close(sockfd); CyaSSL_CTX_free(ctx); CyaSSL_Cleanup(); return 0; }
struct variable *sys_connect(struct context *context) { struct variable *arguments = (struct variable*)stack_pop(context->operand_stack); const char *serveraddr = param_str(arguments, 1); const int32_t serverport = param_int(arguments, 2); struct variable *listener = ((struct variable*)array_get(arguments->list, 2)); int sockfd; struct sockaddr_in servaddr; CYASSL_CTX* ctx; CYASSL* ssl; node_init(); // Create and initialize CYASSL_CTX structure if ( (ctx = CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL) { context->vm_exception = variable_new_str(context, byte_array_from_string("SSL_CTX_new error")); CyaSSL_Cleanup(); return NULL; } // Load CA certificates into CYASSL_CTX if (CyaSSL_CTX_load_verify_locations(ctx, "./conf/ca-cert.pem", 0) != SSL_SUCCESS) { context->vm_exception = variable_new_str(context, byte_array_from_string("Error loading ca-cert.pem, please check the file.\n")); CyaSSL_CTX_free(ctx); CyaSSL_Cleanup(); return NULL; } // Create Socket file descriptor sockfd = socket(AF_INET, SOCK_STREAM, 0); bzero(&servaddr, sizeof(servaddr)); servaddr.sin_family = AF_INET; servaddr.sin_port = htons(serverport); inet_pton(AF_INET, serveraddr, &servaddr.sin_addr); // Blocking Connect to socket file descriptor connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); // Create CYASSL object if ((ssl = CyaSSL_new(ctx)) == NULL) { context->vm_exception = variable_new_str(context, byte_array_from_string("CyaSSL_new error")); CyaSSL_CTX_free(ctx); CyaSSL_Cleanup(); return NULL; } CyaSSL_set_fd(ssl, sockfd); fprintf(stderr, "Connected on %d -- %p\n", sockfd, ssl); struct thread_argument *ta = (struct thread_argument *)malloc(sizeof(struct thread_argument)); ta->find = context->find; ta->listener = listener; ta->ssl = ssl; ta->fd = sockfd; ta->cya = ctx; if (socket_listeners == NULL) socket_listeners = map_new_ex(NULL, &int_compare, &int_hash, &int_copy, &int_del); map_insert(socket_listeners, (void*)(VOID_INT)sockfd, (void*)(VOID_INT)ta); return variable_new_int(context, sockfd); }
int main (int argc, char** argv) { int sockfd = 0; struct sockaddr_in servAddr; const char* host = argv[1]; CYASSL* ssl = 0; CYASSL_CTX* ctx = 0; CYASSL* sslResume = 0; CYASSL_SESSION* session = 0; int resumeSession = 0; char cert_array[] = "../cyassl/certs/ca-cert.pem"; char* certs = cert_array; char* srTest = "testing session resume"; if (argc != 2) { printf("usage: udpcli <IP address>\n"); return 1; } CyaSSL_Init(); /* CyaSSL_Debugging_ON();*/ if ( (ctx = CyaSSL_CTX_new(CyaDTLSv1_2_client_method())) == NULL) { fprintf(stderr, "CyaSSL_CTX_new error.\n"); return(EXIT_FAILURE); } if (CyaSSL_CTX_load_verify_locations(ctx,certs, 0) != SSL_SUCCESS) { fprintf(stderr, "Error loading %s, please check the file.\n", certs); return(EXIT_FAILURE); } ssl = CyaSSL_new(ctx); if (ssl == NULL) { printf("unable to get ssl object"); return 1; } memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); if (inet_pton(AF_INET, host, &servAddr.sin_addr) < 1) { printf("Error and/or invalid IP address"); return 1; } CyaSSL_dtls_set_peer(ssl, &servAddr, sizeof(servAddr)); if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { printf("cannot create a socket."); return 1; } CyaSSL_set_fd(ssl, sockfd); CyaSSL_set_using_nonblock(ssl, 1); fcntl(sockfd, F_SETFL, O_NONBLOCK); NonBlockingDTLS_Connect(ssl); DatagramClient(ssl); while ( (CyaSSL_write(ssl, srTest, sizeof(srTest))) != sizeof(srTest)) { printf("failed to write"); return 1; } session = CyaSSL_get_session(ssl); sslResume = CyaSSL_new(ctx); CyaSSL_shutdown(ssl); CyaSSL_free(ssl); close(sockfd); memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(SERV_PORT); if (inet_pton(AF_INET, host, &servAddr.sin_addr) < 1) { printf("Error and/or invalid IP address"); return 1; } CyaSSL_dtls_set_peer(sslResume, &servAddr, sizeof(servAddr)); if ( (sockfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { printf("cannot create a socket."); return 1; } CyaSSL_set_fd(sslResume, sockfd); CyaSSL_set_session(sslResume, session); CyaSSL_set_using_nonblock(sslResume, 1); fcntl(sockfd, F_SETFL, O_NONBLOCK); NonBlockingDTLS_Connect(sslResume); if(CyaSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); DatagramClient(sslResume); while ((CyaSSL_write(sslResume, srTest, sizeof(srTest))) != sizeof(srTest)) { printf("failed to write"); return 1; } sleep(1); CyaSSL_shutdown(sslResume); CyaSSL_free(sslResume); close(sockfd); CyaSSL_CTX_free(ctx); CyaSSL_Cleanup(); return 0; }
static THREAD_RETURN CYASSL_THREAD run_cyassl_server(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method()); CYASSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port = yasslPort; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \ !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \ !defined(CYASSL_TIRTOS) port = 0; #endif CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, cliCert, 0)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = CyaSSL_new(ctx); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0); CloseSocket(sfd); CyaSSL_set_fd(ssl, cfd); #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); /* AssertIntEQ(SSL_SUCCESS, CyaSSL_accept(ssl)); */ if (CyaSSL_accept(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); } else { if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Client message: %s\n", input); } AssertIntEQ(len, CyaSSL_write(ssl, msg, len)); #ifdef CYASSL_TIRTOS Task_yield(); #endif CyaSSL_shutdown(ssl); } if (callbacks->on_result) callbacks->on_result(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(cfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) ecc_fp_free(); /* free per thread cache */ #endif #ifndef CYASSL_TIRTOS return 0; #endif }
// listens for incoming connections void *sys_listen2(void *arg) { struct listen_arguments *la = (struct listen_arguments*)arg; struct variable *listener = la->listener; int serverport = la->serverport; if (server_listeners == NULL) server_listeners = map_new_ex(NULL, &int_compare, &int_hash, &int_copy, &int_del); map_insert(server_listeners, (void*)(VOID_INT)serverport, listener); node_init(); // Create and initialize CYASSL_CTX structure CYASSL_CTX* ctx; if ( (ctx = CyaSSL_CTX_new(CyaTLSv1_server_method())) == NULL) { fprintf(stderr, "CyaSSL_CTX_new error.\n"); return NULL; } // Load CA certificates into CYASSL_CTX if (CyaSSL_CTX_load_verify_locations(ctx, "./conf/ca-cert.pem", 0) != SSL_SUCCESS) { fprintf(stderr, "Error loading ca-cert.pem, please check the file.\n"); return NULL; } // Load server certificate into CYASSL_CTX if (CyaSSL_CTX_use_certificate_file(ctx, "conf/server-cert.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "Error loading server-cert.pem, please check the file.\n"); return NULL; } // Load server key into CYASSL_CTX if (CyaSSL_CTX_use_PrivateKey_file(ctx, "conf/server-key.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS) { fprintf(stderr, "Error loading server-key.pem, please check the file.\n"); return NULL; } // open the server socket over specified port 8080 to accept client connections int listenfd = socket(AF_INET, SOCK_STREAM, 0); // setsockopt: Eliminates "ERROR on binding: Address already in use" error. int optval = 1; setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (const void *)&optval, sizeof(int)); struct sockaddr_in servaddr; bzero(&servaddr, sizeof(servaddr)); servaddr.sin_family = AF_INET; servaddr.sin_addr.s_addr = htonl(INADDR_ANY); servaddr.sin_port = htons(serverport); bind(listenfd, (struct sockaddr *) &servaddr, sizeof(servaddr)); listen(listenfd, 5); // create thread for processing each client request struct sockaddr_in client_addr; socklen_t sin_size = sizeof (struct sockaddr_in); for(;;) { int connfd = accept(listenfd, (struct sockaddr *) &client_addr, &sin_size ); DEBUGPRINT("\n Got a connection from (%s , %d)\n", inet_ntoa(client_addr.sin_addr), ntohs(client_addr.sin_port)); // Create CYASSL Object CYASSL* ssl; if ((ssl = CyaSSL_new(ctx)) == NULL) { fprintf(stderr, "CyaSSL_new error"); return NULL; } CyaSSL_set_fd(ssl, connfd); struct thread_argument *ta = (struct thread_argument *)malloc(sizeof(struct thread_argument)); ta->find = la->find; ta->listener = listener; ta->ssl = ssl; ta->fd = connfd; ta->cya = ctx; DEBUGPRINT("listenting on %d - %p\n", connfd, ta->ssl); pthread_t child; pthread_create(&child, NULL, incoming_connection, &ta); } return NULL; }
static void run_cyassl_client(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; CYASSL_CTX* ctx = CyaSSL_CTX_new(callbacks->method()); CYASSL* ssl = NULL; SOCKET_T sfd = 0; char msg[] = "hello cyassl server!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_load_verify_locations(ctx, caCert, 0)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)); AssertIntEQ(SSL_SUCCESS, CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); tcp_connect(&sfd, yasslIP, ((func_args*)args)->signal->port, 0); ssl = CyaSSL_new(ctx); CyaSSL_set_fd(ssl, sfd); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); if (CyaSSL_connect(ssl) != SSL_SUCCESS) { int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); } else { AssertIntEQ(len, CyaSSL_write(ssl, msg, len)); if (0 < (idx = CyaSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Server response: %s\n", input); } } if (callbacks->on_result) callbacks->on_result(ssl); CyaSSL_free(ssl); CyaSSL_CTX_free(ctx); CloseSocket(sfd); ((func_args*)args)->return_code = TEST_SUCCESS; #ifdef CYASSL_TIRTOS fdCloseSession(Task_self()); #endif }
int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct capwap_dtls_param* param) { ASSERT(dtlscontext != NULL); ASSERT(param != NULL); memset(dtlscontext, 0, sizeof(struct capwap_dtls_context)); dtlscontext->type = param->type; dtlscontext->mode = param->mode; /* Alloc context */ dtlscontext->sslcontext = (void*)CyaSSL_CTX_new(((param->type == CAPWAP_DTLS_SERVER) ? CyaDTLSv1_server_method() : CyaDTLSv1_client_method())); if (!dtlscontext->sslcontext) { capwap_logging_debug("Error to initialize dtls context"); return 0; } /* Set context IO */ CyaSSL_SetIORecv((CYASSL_CTX*)dtlscontext->sslcontext, capwap_bio_method_recv); CyaSSL_SetIOSend((CYASSL_CTX*)dtlscontext->sslcontext, capwap_bio_method_send); CyaSSL_CTX_SetGenCookie((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_createcookie); /* */ if (dtlscontext->mode == CAPWAP_DTLS_MODE_CERTIFICATE) { /* Check context */ if (!param->cert.filecert || !strlen(param->cert.filecert)) { capwap_logging_debug("Error, request certificate file"); capwap_crypt_freecontext(dtlscontext); return 0; } else if (!param->cert.filekey || !strlen(param->cert.filekey)) { capwap_logging_debug("Error, request privatekey file"); capwap_crypt_freecontext(dtlscontext); return 0; } else if (!param->cert.fileca || !strlen(param->cert.fileca)) { capwap_logging_debug("Error, request ca file"); capwap_crypt_freecontext(dtlscontext); return 0; } /* Public certificate */ if (!CyaSSL_CTX_use_certificate_file((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.filecert, SSL_FILETYPE_PEM)) { capwap_logging_debug("Error to load certificate file"); capwap_crypt_freecontext(dtlscontext); return 0; } /* Private key */ if (!CyaSSL_CTX_use_PrivateKey_file((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.filekey, SSL_FILETYPE_PEM)) { capwap_logging_debug("Error to load private key file"); capwap_crypt_freecontext(dtlscontext); return 0; } if (!CyaSSL_CTX_check_private_key((CYASSL_CTX*)dtlscontext->sslcontext)) { capwap_logging_debug("Error to check private key"); capwap_crypt_freecontext(dtlscontext); return 0; } /* Certificate Authority */ if (!CyaSSL_CTX_load_verify_locations((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.fileca, NULL)) { capwap_logging_debug("Error to load ca file"); capwap_crypt_freecontext(dtlscontext); return 0; } /* Verify certificate callback */ CyaSSL_CTX_set_verify((CYASSL_CTX*)dtlscontext->sslcontext, ((param->type == CAPWAP_DTLS_SERVER) ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_PEER), capwap_crypt_verifycertificate); /* Cipher list: TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ if (!CyaSSL_CTX_set_cipher_list((CYASSL_CTX*)dtlscontext->sslcontext, "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA:DHE-RSA-AES256-SHA")) { capwap_logging_debug("Error to select cipher list"); capwap_crypt_freecontext(dtlscontext); return 0; } } else if (dtlscontext->mode == CAPWAP_DTLS_MODE_PRESHAREDKEY) { /* Cipher list: TLS_PSK_WITH_AES_128_CBC_SHA TLS_DHE_PSK_WITH_AES_128_CBC_SHA TLS_PSK_WITH_AES_256_CBC_SHA TLS_DHE_PSK_WITH_AES_256_CBC_SHA */ if (!CyaSSL_CTX_set_cipher_list((CYASSL_CTX*)dtlscontext->sslcontext, "PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA")) { capwap_logging_debug("Error to select cipher list"); capwap_crypt_freecontext(dtlscontext); return 0; } /* */ if (dtlscontext->type == CAPWAP_DTLS_SERVER) { if (param->presharedkey.hint) { CyaSSL_CTX_use_psk_identity_hint((CYASSL_CTX*)dtlscontext->sslcontext, param->presharedkey.hint); } else { capwap_logging_debug("Error to presharedkey hint"); capwap_crypt_freecontext(dtlscontext); return 0; } } /* */ dtlscontext->presharedkey.identity = capwap_duplicate_string(param->presharedkey.identity); dtlscontext->presharedkey.pskkeylength = capwap_crypt_psk_to_bin(param->presharedkey.pskkey, &dtlscontext->presharedkey.pskkey); if (!dtlscontext->presharedkey.pskkeylength) { capwap_logging_debug("Error to presharedkey"); capwap_crypt_freecontext(dtlscontext); return 0; } /* */ if (dtlscontext->type == CAPWAP_DTLS_SERVER) { CyaSSL_CTX_set_psk_server_callback((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_psk_server); } else { CyaSSL_CTX_set_psk_client_callback((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_psk_client); } } else { capwap_logging_debug("Invalid DTLS mode"); capwap_crypt_freecontext(dtlscontext); return 0; } return 1; }
THREAD_RETURN CYASSL_THREAD client_test(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; CYASSL* sslResume = 0; CYASSL_SESSION* session = 0; char resumeMsg[] = "resuming cyassl!"; int resumeSz = sizeof(resumeMsg); char msg[32] = "hello cyassl!"; /* GET may make bigger */ char reply[80]; int input; int msgSz = (int)strlen(msg); int port = yasslPort; char* host = (char*)yasslIP; char* domain = (char*)"www.yassl.com"; int ch; int version = CLIENT_INVALID_VERSION; int usePsk = 0; int sendGET = 0; int benchmark = 0; int doDTLS = 0; int matchName = 0; int doPeerCheck = 1; int nonBlocking = 0; int resumeSession = 0; int trackMemory = 0; int useClientCert = 1; int fewerPackets = 0; int atomicUser = 0; int pkCallbacks = 0; char* cipherList = NULL; char* verifyCert = (char*)caCert; char* ourCert = (char*)cliCert; char* ourKey = (char*)cliKey; #ifdef HAVE_SNI char* sniHostName = NULL; #endif #ifdef HAVE_MAX_FRAGMENT byte maxFragment = 0; #endif #ifdef HAVE_TRUNCATED_HMAC byte truncatedHMAC = 0; #endif #ifdef HAVE_OCSP int useOcsp = 0; char* ocspUrl = NULL; #endif int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; ((func_args*)args)->return_code = -1; /* error state */ #ifdef NO_RSA verifyCert = (char*)eccCert; ourCert = (char*)cliEccCert; ourKey = (char*)cliEccKey; #endif (void)resumeSz; (void)session; (void)sslResume; (void)trackMemory; (void)atomicUser; (void)pkCallbacks; StackTrap(); while ((ch = mygetopt(argc, argv, "?gdusmNrtfxUPh:p:v:l:A:c:k:b:zS:L:ToO:")) != -1) { switch (ch) { case '?' : Usage(); exit(EXIT_SUCCESS); case 'g' : sendGET = 1; break; case 'd' : doPeerCheck = 0; break; case 'u' : doDTLS = 1; break; case 's' : usePsk = 1; break; case 't' : #ifdef USE_CYASSL_MEMORY trackMemory = 1; #endif break; case 'm' : matchName = 1; break; case 'x' : useClientCert = 0; break; case 'f' : fewerPackets = 1; break; case 'U' : #ifdef ATOMIC_USER atomicUser = 1; #endif break; case 'P' : #ifdef HAVE_PK_CALLBACKS pkCallbacks = 1; #endif break; case 'h' : host = myoptarg; domain = myoptarg; break; case 'p' : port = atoi(myoptarg); #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API) if (port == 0) err_sys("port number cannot be 0"); #endif break; case 'v' : version = atoi(myoptarg); if (version < 0 || version > 3) { Usage(); exit(MY_EX_USAGE); } break; case 'l' : cipherList = myoptarg; break; case 'A' : verifyCert = myoptarg; break; case 'c' : ourCert = myoptarg; break; case 'k' : ourKey = myoptarg; break; case 'b' : benchmark = atoi(myoptarg); if (benchmark < 0 || benchmark > 1000000) { Usage(); exit(MY_EX_USAGE); } break; case 'N' : nonBlocking = 1; break; case 'r' : resumeSession = 1; break; case 'z' : #ifndef CYASSL_LEANPSK CyaSSL_GetObjectSize(); #endif break; case 'S' : #ifdef HAVE_SNI sniHostName = myoptarg; #endif break; case 'L' : #ifdef HAVE_MAX_FRAGMENT maxFragment = atoi(myoptarg); if (maxFragment < CYASSL_MFL_2_9 || maxFragment > CYASSL_MFL_2_13) { Usage(); exit(MY_EX_USAGE); } #endif break; case 'T' : #ifdef HAVE_TRUNCATED_HMAC truncatedHMAC = 1; #endif break; case 'o' : #ifdef HAVE_OCSP useOcsp = 1; #endif break; case 'O' : #ifdef HAVE_OCSP useOcsp = 1; ocspUrl = myoptarg; #endif break; default: Usage(); exit(MY_EX_USAGE); } } myoptind = 0; /* reset for test cases */ /* sort out DTLS versus TLS versions */ if (version == CLIENT_INVALID_VERSION) { if (doDTLS) version = CLIENT_DTLS_DEFAULT_VERSION; else version = CLIENT_DEFAULT_VERSION; } else { if (doDTLS) { if (version == 3) version = -2; else version = -1; } } #ifdef USE_CYASSL_MEMORY if (trackMemory) InitMemoryTracker(); #endif switch (version) { #ifndef NO_OLD_TLS case 0: method = CyaSSLv3_client_method(); break; #ifndef NO_TLS case 1: method = CyaTLSv1_client_method(); break; case 2: method = CyaTLSv1_1_client_method(); break; #endif /* NO_TLS */ #endif /* NO_OLD_TLS */ #ifndef NO_TLS case 3: method = CyaTLSv1_2_client_method(); break; #endif #ifdef CYASSL_DTLS case -1: method = CyaDTLSv1_client_method(); break; case -2: method = CyaDTLSv1_2_client_method(); break; #endif default: err_sys("Bad SSL version"); break; } if (method == NULL) err_sys("unable to get method"); ctx = CyaSSL_CTX_new(method); if (ctx == NULL) err_sys("unable to get ctx"); if (cipherList) if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("client can't set cipher list 1"); #ifdef CYASSL_LEANPSK usePsk = 1; #endif #if defined(NO_RSA) && !defined(HAVE_ECC) usePsk = 1; #endif if (fewerPackets) CyaSSL_CTX_set_group_messages(ctx); if (usePsk) { #ifndef NO_PSK CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); if (cipherList == NULL) { const char *defaultCipherList; #ifdef HAVE_NULL_CIPHER defaultCipherList = "PSK-NULL-SHA256"; #else defaultCipherList = "PSK-AES128-CBC-SHA256"; #endif if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS) err_sys("client can't set cipher list 2"); } #endif useClientCert = 0; } #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) if (cipherList == NULL) { /* don't use EDH, can't sniff tmp keys */ if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) { err_sys("client can't set cipher list 3"); } } #endif #ifdef HAVE_OCSP if (useOcsp) { if (ocspUrl != NULL) { CyaSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE | CYASSL_OCSP_URL_OVERRIDE); } else CyaSSL_CTX_EnableOCSP(ctx, CYASSL_OCSP_NO_NONCE); } #endif #ifdef USER_CA_CB CyaSSL_CTX_SetCACb(ctx, CaCb); #endif #ifdef VERIFY_CALLBACK CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) if (useClientCert){ if (CyaSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS) err_sys("can't load client cert file, check file and run from" " CyaSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client private key file, check file and run " "from CyaSSL home dir"); } if (!usePsk) { if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from CyaSSL home dir"); } #endif #if !defined(NO_CERTS) if (!usePsk && doPeerCheck == 0) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif #ifdef HAVE_CAVIUM CyaSSL_CTX_UseCavium(ctx, CAVIUM_DEV_ID); #endif #ifdef HAVE_SNI if (sniHostName) if (CyaSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS) err_sys("UseSNI failed"); #endif #ifdef HAVE_MAX_FRAGMENT if (maxFragment) if (CyaSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS) err_sys("UseMaxFragment failed"); #endif #ifdef HAVE_TRUNCATED_HMAC if (truncatedHMAC) if (CyaSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS) err_sys("UseTruncatedHMAC failed"); #endif if (benchmark) { /* time passed in number of connects give average */ int times = benchmark; int i = 0; double start = current_time(), avg; for (i = 0; i < times; i++) { tcp_connect(&sockfd, host, port, doDTLS); ssl = CyaSSL_new(ctx); CyaSSL_set_fd(ssl, sockfd); if (CyaSSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CloseSocket(sockfd); } avg = current_time() - start; avg /= times; avg *= 1000; /* milliseconds */ printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg); CyaSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; exit(EXIT_SUCCESS); } #if defined(CYASSL_MDK_ARM) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); #endif ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); if (doDTLS) { SOCKADDR_IN_T addr; build_addr(&addr, host, port, 1); CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); tcp_socket(&sockfd, 1); } else { tcp_connect(&sockfd, host, port, 0); } CyaSSL_set_fd(ssl, sockfd); #ifdef HAVE_CRL if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS) err_sys("can't enable crl check"); if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) err_sys("can't load crl, check crlfile and date validity"); if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) err_sys("can't set crl callback"); #endif #ifdef ATOMIC_USER if (atomicUser) SetupAtomicUser(ctx, ssl); #endif #ifdef HAVE_PK_CALLBACKS if (pkCallbacks) SetupPkCallbacks(ctx, ssl); #endif if (matchName && doPeerCheck) CyaSSL_check_domain_name(ssl, domain); #ifndef CYASSL_CALLBACKS if (nonBlocking) { CyaSSL_set_using_nonblock(ssl, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(ssl); } else if (CyaSSL_connect(ssl) != SSL_SUCCESS) { /* see note at top of README */ int err = CyaSSL_get_error(ssl, 0); char buffer[CYASSL_MAX_ERROR_SZ]; printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); err_sys("SSL_connect failed"); /* if you're getting an error here */ } #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif showPeer(ssl); if (sendGET) { printf("SSL connect ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); msg[msgSz] = '\0'; } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (sendGET) { /* get html */ while (1) { input = CyaSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else break; } } } else if (input < 0) { int readErr = CyaSSL_get_error(ssl, 0); if (readErr != SSL_ERROR_WANT_READ) err_sys("CyaSSL_read failed"); } #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { strncpy(msg, "break", 6); msgSz = (int)strlen(msg); /* try to send session close */ CyaSSL_write(ssl, msg, msgSz); } session = CyaSSL_get_session(ssl); sslResume = CyaSSL_new(ctx); } #endif if (doDTLS == 0) /* don't send alert after "break" command */ CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */ #ifdef ATOMIC_USER if (atomicUser) FreeAtomicUser(ssl); #endif CyaSSL_free(ssl); CloseSocket(sockfd); #ifndef NO_SESSION_CACHE if (resumeSession) { if (doDTLS) { SOCKADDR_IN_T addr; #ifdef USE_WINDOWS_API Sleep(500); #else sleep(1); #endif build_addr(&addr, host, port, 1); CyaSSL_dtls_set_peer(sslResume, &addr, sizeof(addr)); tcp_socket(&sockfd, 1); } else { tcp_connect(&sockfd, host, port, 0); } CyaSSL_set_fd(sslResume, sockfd); CyaSSL_set_session(sslResume, session); showPeer(sslResume); #ifndef CYASSL_CALLBACKS if (nonBlocking) { CyaSSL_set_using_nonblock(sslResume, 1); tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(sslResume); } else if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif if (CyaSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); if (nonBlocking) { /* give server a chance to bounce a message back to client */ #ifdef USE_WINDOWS_API Sleep(500); #else sleep(1); #endif } input = CyaSSL_read(sslResume, reply, sizeof(reply)-1); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); } /* try to send session break */ CyaSSL_write(sslResume, msg, msgSz); CyaSSL_shutdown(sslResume); CyaSSL_free(sslResume); CloseSocket(sockfd); } #endif /* NO_SESSION_CACHE */ CyaSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; #ifdef USE_CYASSL_MEMORY if (trackMemory) ShowMemoryTracker(); #endif /* USE_CYASSL_MEMORY */ return 0; }
void client_test(void* args) { SOCKET_T sockfd = 0; CYASSL_METHOD* method = 0; CYASSL_CTX* ctx = 0; CYASSL* ssl = 0; #ifdef TEST_RESUME CYASSL* sslResume = 0; CYASSL_SESSION* session = 0; char resumeMsg[] = "resuming cyassl!"; int resumeSz = sizeof(resumeMsg); #endif char msg[64] = "hello cyassl!"; char reply[1024]; int input; int msgSz = strlen(msg); int port = yasslPort; char* host = (char*)yasslIP; char* domain = "www.yassl.com"; int ch; int version = CLIENT_DEFAULT_VERSION; int usePsk = 0; int sendGET = 0; int benchmark = 0; int doDTLS = 0; int matchName = 0; int doPeerCheck = 1; char* cipherList = NULL; char* verifyCert = (char*)caCert; char* ourCert = (char*)cliCert; char* ourKey = (char*)cliKey; int argc = ((func_args*)args)->argc; char** argv = ((func_args*)args)->argv; ((func_args*)args)->return_code = -1; /* error state */ while ((ch = mygetopt(argc, argv, "?gdusmh:p:v:l:A:c:k:b:")) != -1) { switch (ch) { case '?' : Usage(); exit(EXIT_SUCCESS); case 'g' : sendGET = 1; break; case 'd' : doPeerCheck = 0; break; case 'u' : doDTLS = 1; version = -1; /* DTLS flag */ break; case 's' : usePsk = 1; break; case 'm' : matchName = 1; break; case 'h' : host = myoptarg; domain = myoptarg; break; case 'p' : port = atoi(myoptarg); break; case 'v' : version = atoi(myoptarg); if (version < 0 || version > 3) { Usage(); exit(MY_EX_USAGE); } if (doDTLS) version = -1; /* DTLS flag */ break; case 'l' : cipherList = myoptarg; break; case 'A' : verifyCert = myoptarg; break; case 'c' : ourCert = myoptarg; break; case 'k' : ourKey = myoptarg; break; case 'b' : benchmark = atoi(myoptarg); if (benchmark < 0 || benchmark > 1000000) { Usage(); exit(MY_EX_USAGE); } break; default: Usage(); exit(MY_EX_USAGE); } } argc -= myoptind; argv += myoptind; myoptind = 0; /* reset for test cases */ switch (version) { case 0: method = CyaSSLv3_client_method(); break; case 1: method = CyaTLSv1_client_method(); break; case 2: method = CyaTLSv1_1_client_method(); break; case 3: method = CyaTLSv1_2_client_method(); break; #ifdef CYASSL_DTLS case -1: method = CyaDTLSv1_client_method(); break; #endif default: err_sys("Bad SSL version"); } if (method == NULL) err_sys("unable to get method"); ctx = CyaSSL_CTX_new(method); if (ctx == NULL) err_sys("unable to get ctx"); if (cipherList) if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("can't set cipher list"); #ifndef NO_PSK if (usePsk) CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); #endif #ifdef OPENSSL_EXTRA CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC) /* don't use EDH, can't sniff tmp keys */ if (cipherList == NULL) if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) err_sys("can't set cipher list"); #endif #ifdef USER_CA_CB CyaSSL_CTX_SetCACb(ctx, CaCb); #endif #ifdef VERIFY_CALLBACK CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); #endif if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client cert file, check file and run from" " CyaSSL home dir"); if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS) err_sys("can't load client cert file, check file and run from" " CyaSSL home dir"); if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS) err_sys("can't load ca file, Please run from CyaSSL home dir"); if (doPeerCheck == 0) CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); if (benchmark) { /* time passed in number of connects give average */ int times = benchmark; int i = 0; double start = current_time(), avg; for (i = 0; i < times; i++) { tcp_connect(&sockfd, host, port, doDTLS); ssl = CyaSSL_new(ctx); CyaSSL_set_fd(ssl, sockfd); if (CyaSSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed"); CyaSSL_shutdown(ssl); CyaSSL_free(ssl); CloseSocket(sockfd); } avg = current_time() - start; avg /= times; avg *= 1000; /* milliseconds */ printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg); CyaSSL_CTX_free(ctx); ((func_args*)args)->return_code = 0; exit(EXIT_SUCCESS); } tcp_connect(&sockfd, host, port, doDTLS); ssl = CyaSSL_new(ctx); if (ssl == NULL) err_sys("unable to get SSL object"); CyaSSL_set_fd(ssl, sockfd); #ifdef HAVE_CRL if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS) err_sys("can't enable crl check"); if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS) err_sys("can't load crl, check crlfile and date validity"); if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) err_sys("can't set crl callback"); #endif if (matchName && doPeerCheck) CyaSSL_check_domain_name(ssl, domain); #ifdef NON_BLOCKING tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(ssl); #else #ifndef CYASSL_CALLBACKS if (CyaSSL_connect(ssl) != SSL_SUCCESS) {/* see note at top of README */ int err = CyaSSL_get_error(ssl, 0); char buffer[80]; printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer)); err_sys("SSL_connect failed");/* if you're getting an error here */ } #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif #endif showPeer(ssl); if (sendGET) { printf("SSL connect ok, sending GET...\n"); msgSz = 28; strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz); } if (CyaSSL_write(ssl, msg, msgSz) != msgSz) err_sys("SSL_write failed"); input = CyaSSL_read(ssl, reply, sizeof(reply)); if (input > 0) { reply[input] = 0; printf("Server response: %s\n", reply); if (sendGET) { /* get html */ while (1) { input = CyaSSL_read(ssl, reply, sizeof(reply)); if (input > 0) { reply[input] = 0; printf("%s\n", reply); } else break; } } } #ifdef TEST_RESUME if (doDTLS) { strncpy(msg, "break", 6); msgSz = (int)strlen(msg); /* try to send session close */ CyaSSL_write(ssl, msg, msgSz); } session = CyaSSL_get_session(ssl); sslResume = CyaSSL_new(ctx); #endif if (doDTLS == 0) /* don't send alert after "break" command */ CyaSSL_shutdown(ssl); /* echoserver will interpret as new conn */ CyaSSL_free(ssl); CloseSocket(sockfd); #ifdef TEST_RESUME if (doDTLS) { #ifdef USE_WINDOWS_API Sleep(500); #else sleep(1); #endif } tcp_connect(&sockfd, host, port, doDTLS); CyaSSL_set_fd(sslResume, sockfd); CyaSSL_set_session(sslResume, session); showPeer(sslResume); #ifdef NON_BLOCKING tcp_set_nonblocking(&sockfd); NonBlockingSSL_Connect(sslResume); #else #ifndef CYASSL_CALLBACKS if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); #else timeout.tv_sec = 2; timeout.tv_usec = 0; NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ #endif #endif #ifdef OPENSSL_EXTRA if (CyaSSL_session_reused(sslResume)) printf("reused session id\n"); else printf("didn't reuse session id!!!\n"); #endif if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) err_sys("SSL_write failed"); #ifdef NON_BLOCKING /* need to give server a chance to bounce a message back to client */ #ifdef USE_WINDOWS_API Sleep(500); #else sleep(1); #endif #endif input = CyaSSL_read(sslResume, reply, sizeof(reply)); if (input > 0) { reply[input] = 0; printf("Server resume response: %s\n", reply); } /* try to send session break */ CyaSSL_write(sslResume, msg, msgSz); CyaSSL_shutdown(sslResume); CyaSSL_free(sslResume); #endif /* TEST_RESUME */ CyaSSL_CTX_free(ctx); CloseSocket(sockfd); ((func_args*)args)->return_code = 0; }
static CYASSL_CTX * get_cyassl_ctx(const char *hostname) { int err; CYASSL_CTX *ret; s_config *config = config_get_config(); LOCK_CYASSL_CTX(); if (NULL == cyassl_ctx) { CyaSSL_Init(); /* Create the CYASSL_CTX */ /* Allow TLSv1.0 up to TLSv1.2 */ if ((cyassl_ctx = CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL) { debug(LOG_ERR, "Could not create CYASSL context."); UNLOCK_CYASSL_CTX(); return NULL; } if (config->ssl_cipher_list) { debug(LOG_INFO, "Setting SSL cipher list to [%s]", config->ssl_cipher_list); err = CyaSSL_CTX_set_cipher_list(cyassl_ctx, config->ssl_cipher_list); if (SSL_SUCCESS != err) { debug(LOG_ERR, "Could not load SSL cipher list (error %d)", err); UNLOCK_CYASSL_CTX(); return NULL; } } #ifdef HAVE_SNI if (config->ssl_use_sni) { debug(LOG_INFO, "Setting SSL using SNI for hostname %s", hostname); err = CyaSSL_CTX_UseSNI(cyassl_ctx, CYASSL_SNI_HOST_NAME, hostname, strlen(hostname)); if (SSL_SUCCESS != err) { debug(LOG_ERR, "Could not setup SSL using SNI for hostname %s", hostname); UNLOCK_CYASSL_CTX(); return NULL; } } #endif if (config->ssl_verify) { /* Use trusted certs */ /* Note: CyaSSL requires that the certificates are named by their hash values */ debug(LOG_INFO, "Loading SSL certificates from %s", config->ssl_certs); err = CyaSSL_CTX_load_verify_locations(cyassl_ctx, NULL, config->ssl_certs); if (err != SSL_SUCCESS) { debug(LOG_ERR, "Could not load SSL certificates (error %d)", err); if (err == ASN_UNKNOWN_OID_E) { debug(LOG_ERR, "Error is ASN_UNKNOWN_OID_E - try compiling cyassl/wolfssl with --enable-ecc"); } else { debug(LOG_ERR, "Make sure that SSLCertPath points to the correct path in the config file"); debug(LOG_ERR, "Or disable certificate loading with 'SSLPeerVerification No'."); } UNLOCK_CYASSL_CTX(); return NULL; } } else { CyaSSL_CTX_set_verify(cyassl_ctx, SSL_VERIFY_NONE, 0); debug(LOG_INFO, "Disabling SSL certificate verification!"); } } ret = cyassl_ctx; UNLOCK_CYASSL_CTX(); return ret; }
/* See the comments at the top of main.c. */ void vSecureTCPClientTask( void *pvParameters ) { SOCKET xClientSocket; struct sockaddr_in xConnection; CYASSL* xCyaSSL_Object; WORD wVersionRequested; WSADATA xWSAData; char cString[ 50 ]; BaseType_t lReturned; uint32_t ulCount = 0UL; /* Remove compiler warning about unused parameters. */ ( void ) pvParameters; /* Prepare to use WinSock. */ wVersionRequested = MAKEWORD( 2, 2 ); configASSERT( WSAStartup( wVersionRequested, &xWSAData ) == 0 ); /* Set family and port for client socket. */ memset( ( void * ) &xConnection, 0x00, sizeof( struct sockaddr_in ) ); xConnection.sin_family = AF_INET; xConnection.sin_addr.s_addr = inet_addr("127.0.0.1"); xConnection.sin_port = htons( configTCP_PORT_NUMBER ); /* Attempt to create a context that uses the TLS V1 server protocol. */ xCyaSSL_ClientContext = CyaSSL_CTX_new( CyaTLSv1_client_method() ); configASSERT( xCyaSSL_ClientContext ); /* Load the CA certificate. */ lReturned = CyaSSL_CTX_load_verify_locations( xCyaSSL_ClientContext, "ca-cert.pem", 0 ); configASSERT( lReturned == SSL_SUCCESS ); for( ;; ) { /* Create the socket. */ xClientSocket = socket( AF_INET, SOCK_STREAM, 0 ); configASSERT( xClientSocket != INVALID_SOCKET ); /* Connect to the secure server. */ if( connect( xClientSocket, ( SOCKADDR * ) &xConnection, sizeof( xConnection ) ) == 0 ) { /* The connect was successful. Create a CyaSSL object to associate with this connection. */ xCyaSSL_Object = CyaSSL_new( xCyaSSL_ClientContext ); if( xCyaSSL_Object != NULL ) { /* Associate the created CyaSSL object with the connected socket. */ lReturned = CyaSSL_set_fd( xCyaSSL_Object, xClientSocket ); configASSERT( lReturned == SSL_SUCCESS ); /* The count is used to differentiate between messages sent to the server, and to break out of the do while loop below. */ ulCount = 0UL; do { /* Create the string that is sent to the secure server. */ sprintf( cString, "Message number %lu\r\n", ulCount ); /* The next line is the secure equivalent of the standard sockets call: lReturned = send( xClientSocket, cString, strlen( cString ) + 1, 0 ); */ lReturned = CyaSSL_write( xCyaSSL_Object, cString, strlen( cString ) + 1 ); /* Short delay to prevent the messages streaming up the console too quickly. */ vTaskDelay( 50 ); ulCount++; } while( ( lReturned != SOCKET_ERROR ) && ( ulCount < 10UL ) ); } CyaSSL_free( xCyaSSL_Object ); closesocket( xClientSocket ); /* Delay for a short time before starting over. */ vTaskDelay( 250 ); } } }