From 5ac03256db0fe4ca7e3ad1117d096c3a76368b76 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Fri, 9 Jan 2015 09:46:07 +0100 Subject: backported CyaSSL/OpenSSL support for internal webserver instead of MatrixSSL --- release/src/router/cyassl/examples/client/client.c | 303 +++++++++++++++++++++ 1 file changed, 303 insertions(+) create mode 100644 release/src/router/cyassl/examples/client/client.c (limited to 'release/src/router/cyassl/examples/client/client.c') diff --git a/release/src/router/cyassl/examples/client/client.c b/release/src/router/cyassl/examples/client/client.c new file mode 100644 index 00000000..bf01d621 --- /dev/null +++ b/release/src/router/cyassl/examples/client/client.c @@ -0,0 +1,303 @@ +/* client.c */ +#include "ssl.h" +#include "cyassl_test.h" + + +/* +#define TEST_RESUME +*/ + + +#ifdef CYASSL_CALLBACKS + int handShakeCB(HandShakeInfo*); + int timeoutCB(TimeoutInfo*); + Timeval timeout; +#endif + +#if defined(NON_BLOCKING) || defined(CYASSL_CALLBACKS) + void NonBlockingSSL_Connect(SSL* ssl) + { +#ifndef CYASSL_CALLBACKS + int ret = SSL_connect(ssl); +#else + int ret = CyaSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout); +#endif + int error = SSL_get_error(ssl, 0); + while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ || + error == SSL_ERROR_WANT_WRITE)) { + if (error == SSL_ERROR_WANT_READ) + printf("... client would read block\n"); + else + printf("... client would write block\n"); + #ifdef USE_WINDOWS_API + Sleep(100); + #else + sleep(1); + #endif + #ifndef CYASSL_CALLBACKS + ret = SSL_connect(ssl); + #else + ret = CyaSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout); + #endif + error = SSL_get_error(ssl, 0); + } + if (ret != SSL_SUCCESS) + err_sys("SSL_connect failed"); + } +#endif + + +void client_test(void* args) +{ + SOCKET_T sockfd = 0; + + SSL_METHOD* method = 0; + SSL_CTX* ctx = 0; + SSL* ssl = 0; + +#ifdef TEST_RESUME + SSL* sslResume = 0; + SSL_SESSION* session = 0; + char resumeMsg[] = "resuming cyassl!"; + int resumeSz = sizeof(resumeMsg); +#endif + + char msg[] = "hello cyassl!"; + char reply[1024]; + int input; + int msgSz = sizeof(msg); + + int argc = ((func_args*)args)->argc; + char** argv = ((func_args*)args)->argv; + + ((func_args*)args)->return_code = -1; /* error state */ + +#if defined(CYASSL_DTLS) + method = DTLSv1_client_method(); +#elif !defined(NO_TLS) + method = TLSv1_client_method(); +#else + method = SSLv3_client_method(); +#endif + ctx = SSL_CTX_new(method); + +#ifndef NO_PSK + SSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); +#endif + +#ifdef OPENSSL_EXTRA + SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); +#endif + +#ifndef NO_FILESYSTEM + if (SSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS) + err_sys("can't load ca file"); + #ifdef HAVE_ECC + if (SSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS) + err_sys("can't load ca file"); + #endif +#else + load_buffer(ctx, caCert, CYASSL_CA); +#endif + +#ifdef VERIFY_CALLBACK + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); +#endif + + if (argc == 3) { + /* ./client server securePort */ + SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); /* TODO: add ca cert */ + /* this is just to allow easy testing of other servers */ + tcp_connect(&sockfd, argv[1], (short)atoi(argv[2])); + } + else if (argc == 1) { + /* ./client // plain mode */ + /* for client cert authentication if server requests */ +#ifndef NO_FILESYSTEM + if (SSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM) + != SSL_SUCCESS) + err_sys("can't load client cert file"); + + if (SSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM) + != SSL_SUCCESS) + err_sys("can't load client key file"); +#else + load_buffer(ctx, cliCert, CYASSL_CERT); + load_buffer(ctx, cliKey, CYASSL_KEY); +#endif + + tcp_connect(&sockfd, yasslIP, yasslPort); + } + else if (argc == 2) { + /* time passed in number of connects give average */ + int times = atoi(argv[1]); + int i = 0; + + double start = current_time(), avg; + + for (i = 0; i < times; i++) { + tcp_connect(&sockfd, yasslIP, yasslPort); + ssl = SSL_new(ctx); + SSL_set_fd(ssl, sockfd); + if (SSL_connect(ssl) != SSL_SUCCESS) + err_sys("SSL_connect failed"); + + SSL_shutdown(ssl); + SSL_free(ssl); + CloseSocket(sockfd); + } + avg = current_time() - start; + avg /= times; + avg *= 1000; /* milliseconds */ + printf("SSL_connect avg took:%6.3f milliseconds\n", avg); + + SSL_CTX_free(ctx); + ((func_args*)args)->return_code = 0; + return; + } + else + err_sys("usage: ./client server securePort"); + + ssl = SSL_new(ctx); + SSL_set_fd(ssl, sockfd); + CyaSSL_check_domain_name(ssl, "www.yassl.com"); +#ifdef NON_BLOCKING + tcp_set_nonblocking(&sockfd); + NonBlockingSSL_Connect(ssl); +#else + #ifndef CYASSL_CALLBACKS + if (SSL_connect(ssl) != SSL_SUCCESS) { /* see note at top of README */ + int err = SSL_get_error(ssl, 0); + char buffer[80]; + printf("err = %d, %s\n", err, ERR_error_string(err, buffer)); + err_sys("SSL_connect failed");/* if you're getting an error here */ + } + #else + timeout.tv_sec = 2; + timeout.tv_usec = 0; + NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ + #endif +#endif + showPeer(ssl); + + if (argc == 3) { + printf("SSL connect ok, sending GET...\n"); + strncpy(msg, "GET\r\n", 6); + msgSz = 6; + } + if (SSL_write(ssl, msg, msgSz) != msgSz) + err_sys("SSL_write failed"); + + input = SSL_read(ssl, reply, sizeof(reply)); + if (input > 0) { + reply[input] = 0; + printf("Server response: %s\n", reply); + } + +#ifdef TEST_RESUME + #ifdef CYASSL_DTLS + strncpy(msg, "break", 6); + msgSz = (int)strlen(msg); + /* try to send session close */ + SSL_write(ssl, msg, msgSz); + #endif + session = SSL_get_session(ssl); + sslResume = SSL_new(ctx); +#endif + + SSL_shutdown(ssl); + SSL_free(ssl); + CloseSocket(sockfd); + +#ifdef TEST_RESUME + #ifdef CYASSL_DTLS + #ifdef USE_WINDOWS_API + Sleep(500); + #else + sleep(1); + #endif + #endif + if (argc == 3) + tcp_connect(&sockfd, argv[1], (short)atoi(argv[2])); + else + tcp_connect(&sockfd, yasslIP, yasslPort); + SSL_set_fd(sslResume, sockfd); + SSL_set_session(sslResume, session); + + showPeer(sslResume); + if (SSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed"); + +#ifdef OPENSSL_EXTRA + if (SSL_session_reused(sslResume)) + printf("reused session id\n"); + else + printf("didn't reuse session id!!!\n"); +#endif + + if (SSL_write(sslResume, resumeMsg, resumeSz) != resumeSz) + err_sys("SSL_write failed"); + + input = SSL_read(sslResume, reply, sizeof(reply)); + if (input > 0) { + reply[input] = 0; + printf("Server resume response: %s\n", reply); + } + + /* try to send session break */ + SSL_write(sslResume, msg, msgSz); + + SSL_shutdown(sslResume); + SSL_free(sslResume); +#endif /* TEST_RESUME */ + + SSL_CTX_free(ctx); + CloseSocket(sockfd); + + ((func_args*)args)->return_code = 0; +} + + +/* so overall tests can pull in test function */ +#ifndef NO_MAIN_DRIVER + + int main(int argc, char** argv) + { + func_args args; + + StartTCP(); + + args.argc = argc; + args.argv = argv; + + InitCyaSSL(); +#ifdef DEBUG_CYASSL + CyaSSL_Debugging_ON(); +#endif + client_test(&args); + FreeCyaSSL(); + + return args.return_code; + } + +#endif /* NO_MAIN_DRIVER */ + + + +#ifdef CYASSL_CALLBACKS + + int handShakeCB(HandShakeInfo* info) + { + + return 0; + } + + + int timeoutCB(TimeoutInfo* info) + { + + return 0; + } + +#endif + + -- cgit v1.2.3-54-g00ecf