const char *s2n_strerror_debug(int error, const char *lang)
{
if (lang == NULL) {
lang = "EN";
}
if (strcasecmp(lang, "EN")) {
return no_such_language;
}
/* No error, just return the no error string */
if (error == S2N_ERR_OK) {
return s2n_strerror(error, lang);
}
return s2n_debug_str;
}
int main(int argc, char * const *argv)
{
struct addrinfo hints, *ai_list, *ai;
int r, sockfd = 0;
/* Optional args */
const char *alpn_protocols = NULL;
const char *server_name = NULL;
s2n_status_request_type type = S2N_STATUS_REQUEST_NONE;
/* required args */
const char *host = NULL;
const char *port = "443";
static struct option long_options[] = {
{ "alpn", required_argument, 0, 'a' },
{ "help", no_argument, 0, 'h' },
{ "name", required_argument, 0, 'n' },
{ "status", no_argument, 0, 's' },
};
while (1) {
int option_index = 0;
int c = getopt_long (argc, argv, "a:hn:s", long_options, &option_index);
if (c == -1) {
break;
}
switch (c) {
case 'a':
alpn_protocols = optarg;
break;
case 'h':
usage();
break;
case 'n':
server_name = optarg;
break;
case 's':
type = S2N_STATUS_REQUEST_OCSP;
break;
case '?':
default:
usage();
break;
}
}
if (optind < argc) {
host = argv[optind++];
}
if (optind < argc) {
port = argv[optind++];
}
if (!host) {
usage();
}
if (!server_name) {
server_name = host;
}
if (memset(&hints, 0, sizeof(hints)) != &hints) {
fprintf(stderr, "memset error: %s\n", strerror(errno));
exit(1);
}
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
fprintf(stderr, "Error disabling SIGPIPE\n");
exit(1);
}
if ((r = getaddrinfo(host, port, &hints, &ai_list)) != 0) {
fprintf(stderr, "error: %s\n", gai_strerror(r));
exit(1);
}
int connected = 0;
for (ai = ai_list; ai != NULL; ai = ai->ai_next) {
if ((sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol)) == -1) {
continue;
}
if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1) {
close(sockfd);
continue;
}
connected = 1;
/* connect() succeeded */
break;
}
freeaddrinfo(ai_list);
if (connected == 0) {
fprintf(stderr, "Failed to connect to %s:%s\n", argv[1], port);
close(sockfd);
exit(1);
}
const char *error;
if (s2n_init(&error) < 0) {
fprintf(stderr, "Error running s2n_init(): '%s'\n", s2n_strerror(s2n_errno, "EN"));
}
struct s2n_config *config = s2n_config_new();
if (config == NULL) {
fprintf(stderr, "Error getting new config: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (s2n_config_set_status_request_type(config, type) < 0) {
fprintf(stderr, "Error setting status request type: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (alpn_protocols) {
/* Count the number of commas, this tells us how many protocols there
are in the list */
const char *ptr = alpn_protocols;
int protocol_count = 1;
while (*ptr) {
if (*ptr == ',') {
protocol_count++;
}
ptr++;
}
char **protocols = malloc(sizeof(char *) * protocol_count);
if (!protocols) {
fprintf(stderr, "Error allocating memory\n");
exit(1);
}
const char *next = alpn_protocols;
int index = 0;
int length = 0;
ptr = alpn_protocols;
while (*ptr) {
if (*ptr == ',') {
protocols[index] = malloc(length + 1);
if (!protocols[index]) {
fprintf(stderr, "Error allocating memory\n");
exit(1);
}
memcpy(protocols[index], next, length);
protocols[index][length] = '\0';
length = 0;
index++;
ptr++;
next = ptr;
} else {
length++;
ptr++;
}
}
if (ptr != next) {
protocols[index] = malloc(length + 1);
if (!protocols[index]) {
fprintf(stderr, "Error allocating memory\n");
exit(1);
}
memcpy(protocols[index], next, length);
protocols[index][length] = '\0';
}
if (s2n_config_set_protocol_preferences(config, (const char * const *)protocols, protocol_count) < 0) {
fprintf(stderr, "Failed to set protocol preferences: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
while(protocol_count) {
protocol_count--;
free(protocols[protocol_count]);
}
free(protocols);
}
struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT);
if (conn == NULL) {
fprintf(stderr, "Error getting new connection: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
printf("Connected to %s:%s\n", host, port);
if (s2n_connection_set_config(conn, config) < 0) {
fprintf(stderr, "Error setting configuration: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (s2n_set_server_name(conn, server_name) < 0) {
fprintf(stderr, "Error setting server name: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (s2n_connection_set_fd(conn, sockfd) < 0) {
fprintf(stderr, "Error setting file descriptor: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
/* See echo.c */
echo(conn, sockfd);
if (s2n_connection_free(conn) < 0) {
fprintf(stderr, "Error freeing connection: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (s2n_config_free(config) < 0) {
fprintf(stderr, "Error freeing configuration: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
if (s2n_cleanup(&error) < 0) {
fprintf(stderr, "Error running s2n_cleanup(): '%s'\n", s2n_strerror(s2n_errno, "EN"));
}
return 0;
}
int main(int argc, char **argv)
{
if(argc != 2)
{
fprintf(stderr,"usage: %s hostname\n", argv[0]);
return 1;
}
signal(SIGINT, sigint_handler);
printf("Looking up addresses for %s ...\n", argv[1]);
struct addrinfo hints;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC; // AF_INET or AF_INET6 to force version
hints.ai_socktype = SOCK_STREAM;
struct addrinfo *dnsres;
int status_1 = getaddrinfo(argv[1], PORT, &hints, &dnsres);
if(status_1 != 0)
{
fprintf(stderr, "dns lookup failed: %s\n", gai_strerror(status_1));
return 2;
}
print_addrinfo(dnsres);
printf("Connecting to %s ...\n", "the server");
int sockfd = socket(dnsres->ai_family, dnsres->ai_socktype, dnsres->ai_protocol);
if(connect(sockfd, dnsres->ai_addr, dnsres->ai_addrlen) != 0)
{
perror("connect");
return 3;
}
printf("Connected.\n");
freeaddrinfo(dnsres); // frees the memory that was dynamically allocated for the linked lists by getaddrinfo
s2n_init();
struct s2n_config *config = s2n_config_new();
s2n_status_request_type type = S2N_STATUS_REQUEST_NONE;
s2n_config_set_status_request_type(config, type);
struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT);
s2n_connection_set_config(conn, config);
s2n_connection_set_fd(conn, sockfd);
s2n_blocked_status blocked;
do {
if (s2n_negotiate(conn, &blocked) < 0) {
fprintf(stderr, "Failed to negotiate: '%s' %d\n", s2n_strerror(s2n_errno, "EN"), s2n_connection_get_alert(conn));
exit(1);
}
} while (blocked);
int client_hello_version;
int client_protocol_version;
int server_protocol_version;
int actual_protocol_version;
if ((client_hello_version = s2n_connection_get_client_hello_version(conn)) < 0) {
fprintf(stderr, "Could not get client hello version\n");
exit(1);
}
if ((client_protocol_version = s2n_connection_get_client_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get client protocol version\n");
exit(1);
}
if ((server_protocol_version = s2n_connection_get_server_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get server protocol version\n");
exit(1);
}
if ((actual_protocol_version = s2n_connection_get_actual_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get actual protocol version\n");
exit(1);
}
printf("Client hello version: %d\n", client_hello_version);
printf("Client protocol version: %d\n", client_protocol_version);
printf("Server protocol version: %d\n", server_protocol_version);
printf("Actual protocol version: %d\n", actual_protocol_version);
if (s2n_get_server_name(conn)) {
printf("Server name: %s\n", s2n_get_server_name(conn));
}
if (s2n_get_application_protocol(conn)) {
printf("Application protocol: %s\n", s2n_get_application_protocol(conn));
}
uint32_t length;
const uint8_t *status = s2n_connection_get_ocsp_response(conn, &length);
if (status && length > 0) {
fprintf(stderr, "OCSP response received, length %d\n", length);
}
printf("Cipher negotiated: %s\n", s2n_connection_get_cipher(conn));
char buf[BUFFERSIZE + 1];
int bytes_read, bytes_written;
// Make sure stdin is a terminal.
if (!isatty(STDIN_FILENO))
{
fprintf(stderr, "Not a terminal.\n");
exit(EXIT_FAILURE);
}
// Save the terminal attributes so we can restore them later.
tcgetattr(STDIN_FILENO, &saved_attributes);
atexit(reset_input_mode);
// Set the funny terminal modes.
struct termios tattr;
tcgetattr(STDIN_FILENO, &tattr);
tattr.c_lflag &= ~(ICANON | ECHO); // Clear ICANON and ECHO.
tattr.c_cc[VMIN] = 1;
tattr.c_cc[VTIME] = 0;
tcsetattr(STDIN_FILENO, TCSAFLUSH, &tattr);
fd_set master, readfds;
FD_ZERO(&master);
FD_SET(STDIN_FILENO, &master);
FD_SET(sockfd, &master);
for(;;)
{
readfds = master;
select(sockfd + 1, &readfds, NULL, NULL, NULL);
if(FD_ISSET(STDIN_FILENO, &readfds))
{
bytes_read = read(STDIN_FILENO, buf, BUFFERSIZE);
if(bytes_read < 1) break;
char *buf_ptr = buf;
int bytes_available = bytes_read;
do
{
bytes_written = s2n_send(conn, buf_ptr, bytes_available, &blocked);
if(bytes_written < 0) break;
bytes_available -= bytes_written;
buf_ptr += bytes_written;
} while(bytes_available || blocked);
}
if(FD_ISSET(sockfd, &readfds))
{
do
{
bytes_read = s2n_recv(conn, buf, BUFFERSIZE, &blocked);
if(bytes_read < 1) break;
write(STDOUT_FILENO, buf, bytes_read);
} while(blocked);
}
//if(nbytes != mbytes) printf("nbytes [%d] != mbytes [%d] \n", nbytes, mbytes);
}
close(sockfd);
s2n_connection_free(conn);
s2n_config_free(config);
s2n_cleanup();
printf("\nBYE!\n");
return 0;
}
int negotiate(struct s2n_connection *conn)
{
s2n_blocked_status blocked;
do {
if (s2n_negotiate(conn, &blocked) < 0) {
fprintf(stderr, "Failed to negotiate: '%s'. %s\n", s2n_strerror(s2n_errno, "EN"), s2n_strerror_debug(s2n_errno, "EN"));
fprintf(stderr, "Alert: %d\n", s2n_connection_get_alert(conn));
return -1;
}
} while (blocked);
/* Now that we've negotiated, print some parameters */
int client_hello_version;
int client_protocol_version;
int server_protocol_version;
int actual_protocol_version;
if ((client_hello_version = s2n_connection_get_client_hello_version(conn)) < 0) {
fprintf(stderr, "Could not get client hello version\n");
return -1;
}
if ((client_protocol_version = s2n_connection_get_client_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get client protocol version\n");
return -1;
}
if ((server_protocol_version = s2n_connection_get_server_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get server protocol version\n");
return -1;
}
if ((actual_protocol_version = s2n_connection_get_actual_protocol_version(conn)) < 0) {
fprintf(stderr, "Could not get actual protocol version\n");
return -1;
}
printf("CONNECTED:\n");
printf("Client hello version: %d\n", client_hello_version);
printf("Client protocol version: %d\n", client_protocol_version);
printf("Server protocol version: %d\n", server_protocol_version);
printf("Actual protocol version: %d\n", actual_protocol_version);
if (s2n_get_server_name(conn)) {
printf("Server name: %s\n", s2n_get_server_name(conn));
}
if (s2n_get_application_protocol(conn)) {
printf("Application protocol: %s\n", s2n_get_application_protocol(conn));
}
printf("Curve: %s\n", s2n_connection_get_curve(conn));
uint32_t length;
const uint8_t *status = s2n_connection_get_ocsp_response(conn, &length);
if (status && length > 0) {
fprintf(stderr, "OCSP response received, length %u\n", length);
}
printf("Cipher negotiated: %s\n", s2n_connection_get_cipher(conn));
if (s2n_connection_is_session_resumed(conn)) {
printf("Resumed session\n");
}
return 0;
}
void print_s2n_error(const char *app_error)
{
fprintf(stderr, "%s: '%s' : '%s'\n", app_error, s2n_strerror(s2n_errno, "EN"),
s2n_strerror_debug(s2n_errno, "EN"));
}
int echo(struct s2n_connection *conn, int sockfd)
{
struct pollfd readers[2];
readers[0].fd = sockfd;
readers[0].events = POLLIN;
readers[1].fd = STDIN_FILENO;
readers[1].events = POLLIN;
/* Act as a simple proxy between stdin and the SSL connection */
int p;
s2n_blocked_status blocked;
do {
while ((p = poll(readers, 2, -1)) > 0) {
char buffer[10240];
int bytes_read, bytes_written;
if (readers[0].revents & POLLIN) {
do {
bytes_read = s2n_recv(conn, buffer, 10240, &blocked);
if (bytes_read == 0) {
return 0;
}
if (bytes_read < 0) {
fprintf(stderr, "Error reading from connection: '%s' %d\n", s2n_strerror(s2n_errno, "EN"), s2n_connection_get_alert(conn));
exit(1);
}
bytes_written = write(STDOUT_FILENO, buffer, bytes_read);
if (bytes_written <= 0) {
fprintf(stderr, "Error writing to stdout\n");
exit(1);
}
} while (blocked);
}
if (readers[1].revents & POLLIN) {
int bytes_available;
if (ioctl(STDIN_FILENO, FIONREAD, &bytes_available) < 0) {
bytes_available = 1;
}
if (bytes_available > sizeof(buffer)) {
bytes_available = sizeof(buffer);
}
/* Read as many bytes as we think we can */
do {
errno = 0;
bytes_read = read(STDIN_FILENO, buffer, bytes_available);
if(bytes_read < 0 && errno != EINTR){
fprintf(stderr, "Error reading from stdin\n");
exit(1);
}
} while (bytes_read < 0);
if (bytes_read == 0) {
/* Exit on EOF */
return 0;
}
char *buf_ptr = buffer;
do {
bytes_written = s2n_send(conn, buf_ptr, bytes_available, &blocked);
if (bytes_written < 0) {
fprintf(stderr, "Error writing to connection: '%s'\n", s2n_strerror(s2n_errno, "EN"));
exit(1);
}
bytes_available -= bytes_written;
buf_ptr += bytes_written;
} while (bytes_available || blocked);
}
if (readers[1].revents & POLLHUP) {
/* The stdin pipe hanged up, and we've handled all read from it above */
return 0;
}
if (readers[0].revents & (POLLERR | POLLHUP | POLLNVAL)) {
fprintf(stderr, "Error polling from socket: err=%d hup=%d nval=%d\n",
(readers[0].revents & POLLERR ) ? 1 : 0,
(readers[0].revents & POLLHUP ) ? 1 : 0,
(readers[0].revents & POLLNVAL ) ? 1 : 0);
return -1;
}
if (readers[1].revents & (POLLERR | POLLNVAL)) {
fprintf(stderr, "Error polling from socket: err=%d nval=%d\n",
(readers[1].revents & POLLERR ) ? 1 : 0,
(readers[1].revents & POLLNVAL ) ? 1 : 0);
return -1;
}
}
} while (p < 0 && errno == EINTR);
return 0;
}
