Tree - source-git/gnutls - CentOS Git server

source-git / gnutls

Blame doc/examples/ex-serv-x509.c

Blob History Raw

Packit Service	4684c1	`/* This example code is placed in the public domain. */`
Packit Service	4684c1
Packit Service	4684c1	`#ifdef HAVE_CONFIG_H`
Packit Service	4684c1	`#include <config.h>`
Packit Service	4684c1	`#endif`
Packit Service	4684c1
Packit Service	4684c1	`#include <stdio.h>`
Packit Service	4684c1	`#include <stdlib.h>`
Packit Service	4684c1	`#include <errno.h>`
Packit Service	4684c1	`#include <sys/types.h>`
Packit Service	4684c1	`#include <sys/socket.h>`
Packit Service	4684c1	`#include <arpa/inet.h>`
Packit Service	4684c1	`#include <netinet/in.h>`
Packit Service	4684c1	`#include <string.h>`
Packit Service	4684c1	`#include <unistd.h>`
Packit Service	4684c1	`#include <gnutls/gnutls.h>`
Packit Service	4684c1	`#include <assert.h>`
Packit Service	4684c1
Packit Service	4684c1	`#define KEYFILE "key.pem"`
Packit Service	4684c1	`#define CERTFILE "cert.pem"`
Packit Service	4684c1	`#define CAFILE "/etc/ssl/certs/ca-certificates.crt"`
Packit Service	4684c1	`#define CRLFILE "crl.pem"`
Packit Service	4684c1
Packit Service	4684c1	`#define CHECK(x) assert((x)>=0)`
Packit Service	4684c1	`#define LOOP_CHECK(rval, cmd) \`
Packit Service	4684c1	`do { \`
Packit Service	4684c1	`rval = cmd; \`
Packit Service	4684c1	`} while(rval == GNUTLS_E_AGAIN \|\| rval == GNUTLS_E_INTERRUPTED)`
Packit Service	4684c1
Packit Service	4684c1	`/* The OCSP status file contains up to date information about revocation`
Packit Service	4684c1	`* of the server's certificate. That can be periodically be updated`
Packit Service	4684c1	`* using:`
Packit Service	4684c1	`* $ ocsptool --ask --load-cert your_cert.pem --load-issuer your_issuer.pem`
Packit Service	4684c1	`* --load-signer your_issuer.pem --outfile ocsp-status.der`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`#define OCSP_STATUS_FILE "ocsp-status.der"`
Packit Service	4684c1
Packit Service	4684c1	`/* This is a sample TLS 1.0 echo server, using X.509 authentication and`
Packit Service	4684c1	`* OCSP stapling support.`
Packit Service	4684c1	`*/`
Packit Service	4684c1
Packit Service	4684c1	`#define MAX_BUF 1024`
Packit Service	4684c1	`#define PORT 5556 /* listen to 5556 port */`
Packit Service	4684c1
Packit Service	4684c1	`int main(void)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`int listen_sd;`
Packit Service	4684c1	`int sd, ret;`
Packit Service	4684c1	`gnutls_certificate_credentials_t x509_cred;`
Packit Service	4684c1	`gnutls_priority_t priority_cache;`
Packit Service	4684c1	`struct sockaddr_in sa_serv;`
Packit Service	4684c1	`struct sockaddr_in sa_cli;`
Packit Service	4684c1	`socklen_t client_len;`
Packit Service	4684c1	`char topbuf[512];`
Packit Service	4684c1	`gnutls_session_t session;`
Packit Service	4684c1	`char buffer[MAX_BUF + 1];`
Packit Service	4684c1	`int optval = 1;`
Packit Service	4684c1
Packit Service	4684c1	`/* for backwards compatibility with gnutls < 3.3.0 */`
Packit Service	4684c1	`CHECK(gnutls_global_init());`
Packit Service	4684c1
Packit Service	4684c1	`CHECK(gnutls_certificate_allocate_credentials(&x509_cred));`
Packit Service	4684c1
Packit Service	4684c1	`CHECK(gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE,`
Packit Service	4684c1	`GNUTLS_X509_FMT_PEM));`
Packit Service	4684c1
Packit Service	4684c1	`CHECK(gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE,`
Packit Service	4684c1	`GNUTLS_X509_FMT_PEM));`
Packit Service	4684c1
Packit Service	4684c1	`/* The following code sets the certificate key pair as well as,`
Packit Service	4684c1	`* an OCSP response which corresponds to it. It is possible`
Packit Service	4684c1	`* to set multiple key-pairs and multiple OCSP status responses`
Packit Service	4684c1	`* (the latter since 3.5.6). See the manual pages of the individual`
Packit Service	4684c1	`* functions for more information.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`CHECK(gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE,`
Packit Service	4684c1	`KEYFILE,`
Packit Service	4684c1	`GNUTLS_X509_FMT_PEM));`
Packit Service	4684c1
Packit Service	4684c1	`CHECK(gnutls_certificate_set_ocsp_status_request_file(x509_cred,`
Packit Service	4684c1	`OCSP_STATUS_FILE,`
Packit Service	4684c1	`0));`
Packit Service	4684c1
Packit Service	4684c1	`CHECK(gnutls_priority_init(&priority_cache, NULL, NULL));`
Packit Service	4684c1
Packit Service	4684c1	`/* Instead of the default options as shown above one could specify`
Packit Service	4684c1	`* additional options such as server precedence in ciphersuite selection`
Packit Service	4684c1	`* as follows:`
Packit Service	4684c1	`* gnutls_priority_init2(&priority_cache,`
Packit Service	4684c1	`* "%SERVER_PRECEDENCE",`
Packit Service	4684c1	`* NULL, GNUTLS_PRIORITY_INIT_DEF_APPEND);`
Packit Service	4684c1	`*/`
Packit Service	4684c1
Packit Service	4684c1	`#if GNUTLS_VERSION_NUMBER >= 0x030506`
Packit Service	4684c1	`/* only available since GnuTLS 3.5.6, on previous versions see`
Packit Service	4684c1	`* gnutls_certificate_set_dh_params(). */`
Packit Service	4684c1	`gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM);`
Packit Service	4684c1	`#endif`
Packit Service	4684c1
Packit Service	4684c1	`/* Socket operations`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`listen_sd = socket(AF_INET, SOCK_STREAM, 0);`
Packit Service	4684c1
Packit Service	4684c1	`memset(&sa_serv, '\0', sizeof(sa_serv));`
Packit Service	4684c1	`sa_serv.sin_family = AF_INET;`
Packit Service	4684c1	`sa_serv.sin_addr.s_addr = INADDR_ANY;`
Packit Service	4684c1	`sa_serv.sin_port = htons(PORT); /* Server Port number */`
Packit Service	4684c1
Packit Service	4684c1	`setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,`
Packit Service	4684c1	`sizeof(int));`
Packit Service	4684c1
Packit Service	4684c1	`bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));`
Packit Service	4684c1
Packit Service	4684c1	`listen(listen_sd, 1024);`
Packit Service	4684c1
Packit Service	4684c1	`printf("Server ready. Listening to port '%d'.\n\n", PORT);`
Packit Service	4684c1
Packit Service	4684c1	`client_len = sizeof(sa_cli);`
Packit Service	4684c1	`for (;;) {`
Packit Service	4684c1	`CHECK(gnutls_init(&session, GNUTLS_SERVER));`
Packit Service	4684c1	`CHECK(gnutls_priority_set(session, priority_cache));`
Packit Service	4684c1	`CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,`
Packit Service	4684c1	`x509_cred));`
Packit Service	4684c1
Packit Service	4684c1	`/* We don't request any certificate from the client.`
Packit Service	4684c1	`* If we did we would need to verify it. One way of`
Packit Service	4684c1	`* doing that is shown in the "Verifying a certificate"`
Packit Service	4684c1	`* example.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`gnutls_certificate_server_set_request(session,`
Packit Service	4684c1	`GNUTLS_CERT_IGNORE);`
Packit Service	4684c1	`gnutls_handshake_set_timeout(session,`
Packit Service	4684c1	`GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);`
Packit Service	4684c1
Packit Service	4684c1	`sd = accept(listen_sd, (struct sockaddr *) &sa_cli,`
Packit Service	4684c1	`&client_len);`
Packit Service	4684c1
Packit Service	4684c1	`printf("- connection from %s, port %d\n",`
Packit Service	4684c1	`inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,`
Packit Service	4684c1	`sizeof(topbuf)), ntohs(sa_cli.sin_port));`
Packit Service	4684c1
Packit Service	4684c1	`gnutls_transport_set_int(session, sd);`
Packit Service	4684c1
Packit Service	4684c1	`LOOP_CHECK(ret, gnutls_handshake(session));`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`close(sd);`
Packit Service	4684c1	`gnutls_deinit(session);`
Packit Service	4684c1	`fprintf(stderr,`
Packit Service	4684c1	`"*** Handshake has failed (%s)\n\n",`
Packit Service	4684c1	`gnutls_strerror(ret));`
Packit Service	4684c1	`continue;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`printf("- Handshake was completed\n");`
Packit Service	4684c1
Packit Service	4684c1	`/* see the Getting peer's information example */`
Packit Service	4684c1	`/* print_info(session); */`
Packit Service	4684c1
Packit Service	4684c1	`for (;;) {`
Packit Service	4684c1	`LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF));`
Packit Service	4684c1
Packit Service	4684c1	`if (ret == 0) {`
Packit Service	4684c1	`printf`
Packit Service	4684c1	`("\n- Peer has closed the GnuTLS connection\n");`
Packit Service	4684c1	`break;`
Packit Service	4684c1	`} else if (ret < 0`
Packit Service	4684c1	`&& gnutls_error_is_fatal(ret) == 0) {`
Packit Service	4684c1	`fprintf(stderr, "*** Warning: %s\n",`
Packit Service	4684c1	`gnutls_strerror(ret));`
Packit Service	4684c1	`} else if (ret < 0) {`
Packit Service	4684c1	`fprintf(stderr, "\n*** Received corrupted "`
Packit Service	4684c1	`"data(%d). Closing the connection.\n\n",`
Packit Service	4684c1	`ret);`
Packit Service	4684c1	`break;`
Packit Service	4684c1	`} else if (ret > 0) {`
Packit Service	4684c1	`/* echo data back to the client`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`CHECK(gnutls_record_send(session, buffer, ret));`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`printf("\n");`
Packit Service	4684c1	`/* do not wait for the peer to close the connection.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`LOOP_CHECK(ret, gnutls_bye(session, GNUTLS_SHUT_WR));`
Packit Service	4684c1
Packit Service	4684c1	`close(sd);`
Packit Service	4684c1	`gnutls_deinit(session);`
Packit Service	4684c1
Packit Service	4684c1	`}`
Packit Service	4684c1	`close(listen_sd);`
Packit Service	4684c1
Packit Service	4684c1	`gnutls_certificate_free_credentials(x509_cred);`
Packit Service	4684c1	`gnutls_priority_deinit(priority_cache);`
Packit Service	4684c1
Packit Service	4684c1	`gnutls_global_deinit();`
Packit Service	4684c1
Packit Service	4684c1	`return 0;`
Packit Service	4684c1
Packit Service	4684c1	`}`

source-git / gnutls

Source Code

Blame doc/examples/ex-serv-x509.c