2
* Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation
3
* Copyright (C) 2000,2001,2002,2003 Nikos Mavrogiannopoulos
5
* This file is part of GNUTLS.
7
* GNUTLS is free software: you can redistribute it and/or modify
2
* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
3
* 2009, 2010 Free Software Foundation, Inc.
5
* This file is part of GnuTLS.
7
* GnuTLS is free software: you can redistribute it and/or modify
8
8
* it under the terms of the GNU General Public License as published by
9
9
* the Free Software Foundation, either version 3 of the License, or
10
10
* (at your option) any later version.
12
* GNUTLS is distributed in the hope that it will be useful,
12
* GnuTLS is distributed in the hope that it will be useful,
13
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
15
* GNU General Public License for more details.
53
53
#define MAX_BUF 4096
55
55
/* global stuff here */
56
int resume, starttls, insecure;
56
int resume, starttls, insecure, rehandshake;
57
57
const char *hostname = NULL;
59
59
int record_max_size;
322
cert_verify_callback (gnutls_session_t session)
327
if (!x509_cafile && !pgp_keyring)
330
rc = gnutls_certificate_verify_peers2 (session, &status);
331
if (rc != 0 || status != 0)
333
printf ("*** Verifying server certificate failed...\n");
323
341
/* This callback should be associated with a session by calling
324
342
* gnutls_certificate_client_set_retrieve_function( session, cert_callback),
366
384
st->type = gnutls_certificate_type_get (session);
370
389
if (st->type == GNUTLS_CRT_X509)
391
gnutls_sign_algorithm_t cert_algo, req_algo;
394
if (x509_crt[0] != NULL)
396
ret = gnutls_x509_crt_get_signature_algorithm (x509_crt[0]);
399
/* error reading signature algorithm */
408
gnutls_sign_algorithm_get_requested (session, i, &req_algo);
409
if (ret >= 0 && cert_algo == req_algo)
415
/* server has not requested anything specific */
416
if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
428
("- Could not find a suitable certificate to send to server\n");
372
433
if (x509_crt != NULL && x509_key != NULL)
374
435
st->ncerts = x509_crt_size;
450
511
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
452
513
gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);
514
gnutls_certificate_set_verify_function (xcred, cert_verify_callback);
515
gnutls_certificate_set_verify_flags (xcred, 0);
454
517
/* send the fingerprint */
455
518
#ifdef ENABLE_OPENPGP
558
626
struct timeval tv;
559
627
int user_term = 0, retval = 0;
562
631
set_program_name (argv[0]);
564
633
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
566
635
#ifdef gcry_fips_mode_active
636
/* Libgcrypt manual says that gcry_version_check must be called
637
before calling gcry_fips_mode_active. */
638
gcry_check_version (NULL);
567
639
if (gcry_fips_mode_active ())
569
641
ret = gnutls_register_md5_handler ();
674
746
programs to search for when gnutls-cli has reached this point. */
675
747
printf ("\n- Simple Client Mode:\n\n");
751
ret = do_handshake (&hd);
755
fprintf (stderr, "*** ReHandshake has failed\n");
757
gnutls_deinit (hd.session);
762
printf ("- ReHandshake was completed\n");
678
767
signal (SIGALRM, &starttls_alarm);
681
773
/* do not buffer */
682
774
#if !(defined _WIN32 || defined __WIN32__)
683
775
setbuf (stdin, NULL);
750
842
if (FD_ISSET (fileno (stdin), &rset))
752
if (fgets (buffer, MAX_BUF, stdin) == NULL)
844
if ((bytes = read (fileno (stdin), buffer, MAX_BUF - 1)) <= 0)
754
846
if (hd.secure == 0)
780
872
char *b = strchr (buffer, '\n');
785
ret = socket_send (&hd, buffer, strlen (buffer));
880
ret = socket_send (&hd, buffer, bytes);
838
933
print_cert = info.print_cert;
839
934
starttls = info.starttls;
840
935
resume = info.resume;
936
rehandshake = info.rehandshake;
841
937
insecure = info.insecure;
842
938
service = info.port;
843
939
record_max_size = info.record_size;
945
1041
/* print some information */
946
1042
print_info (socket->session, socket->hostname, info.insecure);
948
if ((x509_cafile || pgp_keyring) && !insecure)
953
/* abort if verification fail */
954
rc = gnutls_certificate_verify_peers2 (socket->session, &status);
955
if (rc != 0 || status != 0)
957
printf ("*** Verifying server certificate failed...\n");
962
1045
socket->secure = 1;
1050
gnutls_alert_send_appropriate (socket->session, ret);
1051
shutdown (socket->fd, SHUT_RDWR);