static const char *check_fp(struct Worker *w, const char *algo, const char *fn, size_t xlen) { const char *emsg; int res; struct tls_cert *cert = NULL; static char buf[1024]; if (!fn) return NULL; res = tls_get_peer_cert(w->ctx, &cert, algo); if (res != 0) { snprintf(buf, sizeof buf, "fp-cert: %s", tls_error(w->ctx)); return buf; } if (cert->fingerprint_size != xlen) { tls_cert_free(cert); return "FP-sha1-fail"; } emsg = hexcmp(fn, cert->fingerprint, cert->fingerprint_size); tls_cert_free(cert); if (emsg) return emsg; return NULL; }
static const char *done_handshake(struct Worker *w) { int res; size_t outlen = 0; const char *emsg; emsg = check_fp(w, "sha1", w->peer_fingerprint_sha1, 20); if (emsg) return emsg; emsg = check_fp(w, "sha256", w->peer_fingerprint_sha256, 32); if (emsg) return emsg; if (w->show) { if (strcmp(w->show, "ciphers") == 0) { tls_get_connection_info(w->ctx, w->showbuf, sizeof w->showbuf); } else if (strcmp(w->show, "peer-cert") == 0) { struct tls_cert *cert = NULL; tls_get_peer_cert(w->ctx, &cert, NULL); show_cert(cert, w->showbuf, sizeof w->showbuf); tls_cert_free(cert); } else { snprintf(w->showbuf, sizeof w->showbuf, "bad kw: show=%s", w->show); } } if (!w->is_server) { res = tls_write(w->ctx, "PKT", 3, &outlen); if (res != 0 && outlen != 3) return "write!=3"; } return wait_for_event(w, EV_READ); }
int main(int argc, char *argv[]) { struct tls_config *conf; struct tls *ctx; struct tls_cert_info *cert; int res; const char *host; if (argc < 2) errx(1, "give host as arg\n"); host = argv[1]; res = tls_init(); if (res < 0) errx(1, "tls_init"); conf = tls_config_new(); if (!conf) errx(1, "tls_config_new"); tls_config_set_protocols(conf, TLS_PROTOCOLS_ALL); tls_config_set_ciphers(conf, "fast"); ctx = tls_client(); if (!ctx) errx(1, "tls_client"); res = tls_configure(ctx, conf); if (res < 0) errx(1, "tls_configure: %s", tls_error(ctx)); res = tls_connect(ctx, host, "443"); if (res < 0) errx(1, "tls_connect: %s", tls_error(ctx)); printf("connect ok\n"); res = tls_get_peer_cert(ctx, &cert); if (res < 0) errx(1, "tls_get_peer_cert: %s", tls_error(ctx)); tls_close(ctx); tls_free(ctx); tls_config_free(conf); printf(" CN='%s'\n", cert->subject.common_name); printf(" C='%s'\n", cert->subject.country_name); printf(" ST='%s'\n", cert->subject.state_or_province_name); printf(" L='%s'\n", cert->subject.locality_name); printf(" S='%s'\n", cert->subject.street_address); printf(" O='%s'\n", cert->subject.organization_name); printf(" OU='%s'\n", cert->subject.organizational_unit_name); tls_cert_free(cert); return 0; }
static const char *done_handshake(struct Worker *w) { int res; const char *emsg; emsg = check_fp(w, "sha1", w->peer_fingerprint_sha1, 20); if (emsg) return emsg; emsg = check_fp(w, "sha256", w->peer_fingerprint_sha256, 32); if (emsg) return emsg; if (w->show) { if (strcmp(w->show, "ciphers") == 0) { tls_get_connection_info(w->ctx, w->showbuf, sizeof w->showbuf); } else if (strcmp(w->show, "peer-cert") == 0) { struct tls_cert *cert = NULL; tls_get_peer_cert(w->ctx, &cert, NULL); show_cert(cert, w->showbuf, sizeof w->showbuf); tls_cert_free(cert); } else { snprintf(w->showbuf, sizeof w->showbuf, "bad kw: show=%s", w->show); } } if (w->aggressive_close) { close(w->socket); tls_close(w->ctx); w->wstate = CLOSED; return "OK"; } if (!w->is_server) { res = tls_write(w->ctx, "PKT", 3); if (res < 0) { return tls_error(w->ctx); } else if (res == 0) { return "write==0"; } else if (res != 3) { return "write!=3"; } } return wait_for_event(w, EV_READ); }
static const char *check_fp(struct Worker *w, const char *algo, const char *fn, size_t xlen) { const char *emsg; int res; struct tls_cert *cert; if (!fn) return NULL; res = tls_get_peer_cert(w->ctx, &cert, algo); if (res != 0 || cert->fingerprint_size != xlen) { tls_cert_free(cert); return "FP-sha1-fail"; } emsg = hexcmp(fn, cert->fingerprint, cert->fingerprint_size); tls_cert_free(cert); if (emsg) return emsg; return NULL; }
VMINT vm_tls_get_peer_cert(VMINT res_id, vm_tls_cert_struct *cert) { kal_int32 ret; vm_tls_context_t * ctx_p = NULL; MMI_TRACE(TRACE_GROUP_8, TRC_MRE_SSL_S, 14, __LINE__); ctx_p = vm_tls_get_ctx_by_res(res_id); if (NULL == ctx_p) { MMI_TRACE(TRACE_GROUP_8, TRC_MRE_SSL_E1, 14, __LINE__); return VM_TLS_RET_BASE -2; } ret = tls_get_peer_cert((kal_int8)ctx_p->soc_id, (tls_cert_struct *)cert); if (TLS_ERR_NONE != ret) { MMI_TRACE(TRACE_GROUP_8, TRC_MRE_SSL_E2, 14, ret); return ret; } MMI_TRACE(TRACE_GROUP_8, TRC_MRE_SSL_E, 14, __LINE__); return 0; }
int main(int argc, char *argv[]) { struct tls_config *conf; struct tls *ctx, *ocsp; struct tls_cert *cert; int res; const char *host; char buf[256]; if (argc < 2) errx(1, "give host as arg\n"); host = argv[1]; #ifdef USUAL_LIBSSL_FOR_TLS printf("libssl: %s\n", SSLeay_version(SSLEAY_VERSION)); #endif res = tls_init(); if (res < 0) errx(1, "tls_init"); conf = tls_config_new(); if (!conf) errx(1, "tls_config_new"); tls_config_set_protocols(conf, TLS_PROTOCOLS_ALL); tls_config_set_ciphers(conf, "fast"); ctx = tls_client(); if (!ctx) errx(1, "tls_client"); res = tls_configure(ctx, conf); if (res < 0) errx(1, "tls_configure: %s", tls_error(ctx)); res = tls_connect(ctx, host, "443"); if (res < 0) errx(1, "tls_connect: %s", tls_error(ctx)); res = tls_handshake(ctx); if (res < 0) errx(1, "tls_handshake: %s", tls_error(ctx)); res = tls_get_peer_cert(ctx, &cert, NULL); if (res < 0) errx(1, "tls_get_peer_cert: %s", tls_error(ctx)); tls_get_connection_info(ctx, buf, sizeof buf); printf("Connection: '%s'\n", buf); printf(" CN='%s'\n", cert->subject.common_name); printf(" C='%s'\n", cert->subject.country_name); printf(" ST='%s'\n", cert->subject.state_or_province_name); printf(" L='%s'\n", cert->subject.locality_name); printf(" S='%s'\n", cert->subject.street_address); printf(" O='%s'\n", cert->subject.organization_name); printf(" OU='%s'\n", cert->subject.organizational_unit_name); show_ocsp_info("OCSP stapling", ctx); ocsp = NULL; res = tls_ocsp_check_peer(&ocsp, NULL, ctx); if (ocsp) { show_ocsp_info("OCSP responder", ocsp); tls_free(ocsp); } else if (res == TLS_NO_OCSP) { printf("OCSP responder: No OCSP support in libtls\n"); } if (0) test_context(ctx); tls_close(ctx); tls_free(ctx); tls_config_free(conf); tls_cert_free(cert); return 0; }