const char *s2n_strerror_debug(int error, const char *lang) { if (lang == NULL) { lang = "EN"; } if (strcasecmp(lang, "EN")) { return no_such_language; } /* No error, just return the no error string */ if (error == S2N_ERR_OK) { return s2n_strerror(error, lang); } return s2n_debug_str; }
int main(int argc, char * const *argv) { struct addrinfo hints, *ai_list, *ai; int r, sockfd = 0; /* Optional args */ const char *alpn_protocols = NULL; const char *server_name = NULL; s2n_status_request_type type = S2N_STATUS_REQUEST_NONE; /* required args */ const char *host = NULL; const char *port = "443"; static struct option long_options[] = { { "alpn", required_argument, 0, 'a' }, { "help", no_argument, 0, 'h' }, { "name", required_argument, 0, 'n' }, { "status", no_argument, 0, 's' }, }; while (1) { int option_index = 0; int c = getopt_long (argc, argv, "a:hn:s", long_options, &option_index); if (c == -1) { break; } switch (c) { case 'a': alpn_protocols = optarg; break; case 'h': usage(); break; case 'n': server_name = optarg; break; case 's': type = S2N_STATUS_REQUEST_OCSP; break; case '?': default: usage(); break; } } if (optind < argc) { host = argv[optind++]; } if (optind < argc) { port = argv[optind++]; } if (!host) { usage(); } if (!server_name) { server_name = host; } if (memset(&hints, 0, sizeof(hints)) != &hints) { fprintf(stderr, "memset error: %s\n", strerror(errno)); exit(1); } hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) { fprintf(stderr, "Error disabling SIGPIPE\n"); exit(1); } if ((r = getaddrinfo(host, port, &hints, &ai_list)) != 0) { fprintf(stderr, "error: %s\n", gai_strerror(r)); exit(1); } int connected = 0; for (ai = ai_list; ai != NULL; ai = ai->ai_next) { if ((sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol)) == -1) { continue; } if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1) { close(sockfd); continue; } connected = 1; /* connect() succeeded */ break; } freeaddrinfo(ai_list); if (connected == 0) { fprintf(stderr, "Failed to connect to %s:%s\n", argv[1], port); close(sockfd); exit(1); } const char *error; if (s2n_init(&error) < 0) { fprintf(stderr, "Error running s2n_init(): '%s'\n", s2n_strerror(s2n_errno, "EN")); } struct s2n_config *config = s2n_config_new(); if (config == NULL) { fprintf(stderr, "Error getting new config: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } if (s2n_config_set_status_request_type(config, type) < 0) { fprintf(stderr, "Error setting status request type: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } if (alpn_protocols) { /* Count the number of commas, this tells us how many protocols there are in the list */ const char *ptr = alpn_protocols; int protocol_count = 1; while (*ptr) { if (*ptr == ',') { protocol_count++; } ptr++; } char **protocols = malloc(sizeof(char *) * protocol_count); if (!protocols) { fprintf(stderr, "Error allocating memory\n"); exit(1); } const char *next = alpn_protocols; int index = 0; int length = 0; ptr = alpn_protocols; while (*ptr) { if (*ptr == ',') { protocols[index] = malloc(length + 1); if (!protocols[index]) { fprintf(stderr, "Error allocating memory\n"); exit(1); } memcpy(protocols[index], next, length); protocols[index][length] = '\0'; length = 0; index++; ptr++; next = ptr; } else { length++; ptr++; } } if (ptr != next) { protocols[index] = malloc(length + 1); if (!protocols[index]) { fprintf(stderr, "Error allocating memory\n"); exit(1); } memcpy(protocols[index], next, length); protocols[index][length] = '\0'; } if (s2n_config_set_protocol_preferences(config, (const char * const *)protocols, protocol_count) < 0) { fprintf(stderr, "Failed to set protocol preferences: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } while(protocol_count) { protocol_count--; free(protocols[protocol_count]); } free(protocols); } struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT); if (conn == NULL) { fprintf(stderr, "Error getting new connection: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } printf("Connected to %s:%s\n", host, port); if (s2n_connection_set_config(conn, config) < 0) { fprintf(stderr, "Error setting configuration: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } if (s2n_set_server_name(conn, server_name) < 0) { fprintf(stderr, "Error setting server name: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } if (s2n_connection_set_fd(conn, sockfd) < 0) { fprintf(stderr, "Error setting file descriptor: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } /* See echo.c */ echo(conn, sockfd); if (s2n_connection_free(conn) < 0) { fprintf(stderr, "Error freeing connection: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } if (s2n_config_free(config) < 0) { fprintf(stderr, "Error freeing configuration: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } if (s2n_cleanup(&error) < 0) { fprintf(stderr, "Error running s2n_cleanup(): '%s'\n", s2n_strerror(s2n_errno, "EN")); } return 0; }
int main(int argc, char **argv) { if(argc != 2) { fprintf(stderr,"usage: %s hostname\n", argv[0]); return 1; } signal(SIGINT, sigint_handler); printf("Looking up addresses for %s ...\n", argv[1]); struct addrinfo hints; memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; // AF_INET or AF_INET6 to force version hints.ai_socktype = SOCK_STREAM; struct addrinfo *dnsres; int status_1 = getaddrinfo(argv[1], PORT, &hints, &dnsres); if(status_1 != 0) { fprintf(stderr, "dns lookup failed: %s\n", gai_strerror(status_1)); return 2; } print_addrinfo(dnsres); printf("Connecting to %s ...\n", "the server"); int sockfd = socket(dnsres->ai_family, dnsres->ai_socktype, dnsres->ai_protocol); if(connect(sockfd, dnsres->ai_addr, dnsres->ai_addrlen) != 0) { perror("connect"); return 3; } printf("Connected.\n"); freeaddrinfo(dnsres); // frees the memory that was dynamically allocated for the linked lists by getaddrinfo s2n_init(); struct s2n_config *config = s2n_config_new(); s2n_status_request_type type = S2N_STATUS_REQUEST_NONE; s2n_config_set_status_request_type(config, type); struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT); s2n_connection_set_config(conn, config); s2n_connection_set_fd(conn, sockfd); s2n_blocked_status blocked; do { if (s2n_negotiate(conn, &blocked) < 0) { fprintf(stderr, "Failed to negotiate: '%s' %d\n", s2n_strerror(s2n_errno, "EN"), s2n_connection_get_alert(conn)); exit(1); } } while (blocked); int client_hello_version; int client_protocol_version; int server_protocol_version; int actual_protocol_version; if ((client_hello_version = s2n_connection_get_client_hello_version(conn)) < 0) { fprintf(stderr, "Could not get client hello version\n"); exit(1); } if ((client_protocol_version = s2n_connection_get_client_protocol_version(conn)) < 0) { fprintf(stderr, "Could not get client protocol version\n"); exit(1); } if ((server_protocol_version = s2n_connection_get_server_protocol_version(conn)) < 0) { fprintf(stderr, "Could not get server protocol version\n"); exit(1); } if ((actual_protocol_version = s2n_connection_get_actual_protocol_version(conn)) < 0) { fprintf(stderr, "Could not get actual protocol version\n"); exit(1); } printf("Client hello version: %d\n", client_hello_version); printf("Client protocol version: %d\n", client_protocol_version); printf("Server protocol version: %d\n", server_protocol_version); printf("Actual protocol version: %d\n", actual_protocol_version); if (s2n_get_server_name(conn)) { printf("Server name: %s\n", s2n_get_server_name(conn)); } if (s2n_get_application_protocol(conn)) { printf("Application protocol: %s\n", s2n_get_application_protocol(conn)); } uint32_t length; const uint8_t *status = s2n_connection_get_ocsp_response(conn, &length); if (status && length > 0) { fprintf(stderr, "OCSP response received, length %d\n", length); } printf("Cipher negotiated: %s\n", s2n_connection_get_cipher(conn)); char buf[BUFFERSIZE + 1]; int bytes_read, bytes_written; // Make sure stdin is a terminal. if (!isatty(STDIN_FILENO)) { fprintf(stderr, "Not a terminal.\n"); exit(EXIT_FAILURE); } // Save the terminal attributes so we can restore them later. tcgetattr(STDIN_FILENO, &saved_attributes); atexit(reset_input_mode); // Set the funny terminal modes. struct termios tattr; tcgetattr(STDIN_FILENO, &tattr); tattr.c_lflag &= ~(ICANON | ECHO); // Clear ICANON and ECHO. tattr.c_cc[VMIN] = 1; tattr.c_cc[VTIME] = 0; tcsetattr(STDIN_FILENO, TCSAFLUSH, &tattr); fd_set master, readfds; FD_ZERO(&master); FD_SET(STDIN_FILENO, &master); FD_SET(sockfd, &master); for(;;) { readfds = master; select(sockfd + 1, &readfds, NULL, NULL, NULL); if(FD_ISSET(STDIN_FILENO, &readfds)) { bytes_read = read(STDIN_FILENO, buf, BUFFERSIZE); if(bytes_read < 1) break; char *buf_ptr = buf; int bytes_available = bytes_read; do { bytes_written = s2n_send(conn, buf_ptr, bytes_available, &blocked); if(bytes_written < 0) break; bytes_available -= bytes_written; buf_ptr += bytes_written; } while(bytes_available || blocked); } if(FD_ISSET(sockfd, &readfds)) { do { bytes_read = s2n_recv(conn, buf, BUFFERSIZE, &blocked); if(bytes_read < 1) break; write(STDOUT_FILENO, buf, bytes_read); } while(blocked); } //if(nbytes != mbytes) printf("nbytes [%d] != mbytes [%d] \n", nbytes, mbytes); } close(sockfd); s2n_connection_free(conn); s2n_config_free(config); s2n_cleanup(); printf("\nBYE!\n"); return 0; }
int negotiate(struct s2n_connection *conn) { s2n_blocked_status blocked; do { if (s2n_negotiate(conn, &blocked) < 0) { fprintf(stderr, "Failed to negotiate: '%s'. %s\n", s2n_strerror(s2n_errno, "EN"), s2n_strerror_debug(s2n_errno, "EN")); fprintf(stderr, "Alert: %d\n", s2n_connection_get_alert(conn)); return -1; } } while (blocked); /* Now that we've negotiated, print some parameters */ int client_hello_version; int client_protocol_version; int server_protocol_version; int actual_protocol_version; if ((client_hello_version = s2n_connection_get_client_hello_version(conn)) < 0) { fprintf(stderr, "Could not get client hello version\n"); return -1; } if ((client_protocol_version = s2n_connection_get_client_protocol_version(conn)) < 0) { fprintf(stderr, "Could not get client protocol version\n"); return -1; } if ((server_protocol_version = s2n_connection_get_server_protocol_version(conn)) < 0) { fprintf(stderr, "Could not get server protocol version\n"); return -1; } if ((actual_protocol_version = s2n_connection_get_actual_protocol_version(conn)) < 0) { fprintf(stderr, "Could not get actual protocol version\n"); return -1; } printf("CONNECTED:\n"); printf("Client hello version: %d\n", client_hello_version); printf("Client protocol version: %d\n", client_protocol_version); printf("Server protocol version: %d\n", server_protocol_version); printf("Actual protocol version: %d\n", actual_protocol_version); if (s2n_get_server_name(conn)) { printf("Server name: %s\n", s2n_get_server_name(conn)); } if (s2n_get_application_protocol(conn)) { printf("Application protocol: %s\n", s2n_get_application_protocol(conn)); } printf("Curve: %s\n", s2n_connection_get_curve(conn)); uint32_t length; const uint8_t *status = s2n_connection_get_ocsp_response(conn, &length); if (status && length > 0) { fprintf(stderr, "OCSP response received, length %u\n", length); } printf("Cipher negotiated: %s\n", s2n_connection_get_cipher(conn)); if (s2n_connection_is_session_resumed(conn)) { printf("Resumed session\n"); } return 0; }
void print_s2n_error(const char *app_error) { fprintf(stderr, "%s: '%s' : '%s'\n", app_error, s2n_strerror(s2n_errno, "EN"), s2n_strerror_debug(s2n_errno, "EN")); }
int echo(struct s2n_connection *conn, int sockfd) { struct pollfd readers[2]; readers[0].fd = sockfd; readers[0].events = POLLIN; readers[1].fd = STDIN_FILENO; readers[1].events = POLLIN; /* Act as a simple proxy between stdin and the SSL connection */ int p; s2n_blocked_status blocked; do { while ((p = poll(readers, 2, -1)) > 0) { char buffer[10240]; int bytes_read, bytes_written; if (readers[0].revents & POLLIN) { do { bytes_read = s2n_recv(conn, buffer, 10240, &blocked); if (bytes_read == 0) { return 0; } if (bytes_read < 0) { fprintf(stderr, "Error reading from connection: '%s' %d\n", s2n_strerror(s2n_errno, "EN"), s2n_connection_get_alert(conn)); exit(1); } bytes_written = write(STDOUT_FILENO, buffer, bytes_read); if (bytes_written <= 0) { fprintf(stderr, "Error writing to stdout\n"); exit(1); } } while (blocked); } if (readers[1].revents & POLLIN) { int bytes_available; if (ioctl(STDIN_FILENO, FIONREAD, &bytes_available) < 0) { bytes_available = 1; } if (bytes_available > sizeof(buffer)) { bytes_available = sizeof(buffer); } /* Read as many bytes as we think we can */ do { errno = 0; bytes_read = read(STDIN_FILENO, buffer, bytes_available); if(bytes_read < 0 && errno != EINTR){ fprintf(stderr, "Error reading from stdin\n"); exit(1); } } while (bytes_read < 0); if (bytes_read == 0) { /* Exit on EOF */ return 0; } char *buf_ptr = buffer; do { bytes_written = s2n_send(conn, buf_ptr, bytes_available, &blocked); if (bytes_written < 0) { fprintf(stderr, "Error writing to connection: '%s'\n", s2n_strerror(s2n_errno, "EN")); exit(1); } bytes_available -= bytes_written; buf_ptr += bytes_written; } while (bytes_available || blocked); } if (readers[1].revents & POLLHUP) { /* The stdin pipe hanged up, and we've handled all read from it above */ return 0; } if (readers[0].revents & (POLLERR | POLLHUP | POLLNVAL)) { fprintf(stderr, "Error polling from socket: err=%d hup=%d nval=%d\n", (readers[0].revents & POLLERR ) ? 1 : 0, (readers[0].revents & POLLHUP ) ? 1 : 0, (readers[0].revents & POLLNVAL ) ? 1 : 0); return -1; } if (readers[1].revents & (POLLERR | POLLNVAL)) { fprintf(stderr, "Error polling from socket: err=%d nval=%d\n", (readers[1].revents & POLLERR ) ? 1 : 0, (readers[1].revents & POLLNVAL ) ? 1 : 0); return -1; } } } while (p < 0 && errno == EINTR); return 0; }