2010-08-25 10:57:13 +00:00
|
|
|
/*
|
2020-10-23 14:01:03 +00:00
|
|
|
* Copyright (C) 2020 Pascal Knecht
|
|
|
|
|
* Copyright (C) 2020 Tobias Brunner
|
|
|
|
|
* HSR Hochschule fuer Technik Rapperswil
|
|
|
|
|
*
|
2010-08-25 10:57:13 +00:00
|
|
|
* Copyright (C) 2010 Martin Willi
|
|
|
|
|
* Copyright (C) 2010 revosec AG
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
|
* under the terms of the GNU General Public License as published by the
|
|
|
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
|
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
|
* for more details.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <getopt.h>
|
2011-12-31 00:41:56 +00:00
|
|
|
#include <errno.h>
|
|
|
|
|
#include <string.h>
|
2010-08-25 10:57:13 +00:00
|
|
|
|
|
|
|
|
#include <library.h>
|
2012-10-16 14:03:21 +00:00
|
|
|
#include <utils/debug.h>
|
2010-08-25 10:57:13 +00:00
|
|
|
#include <tls_socket.h>
|
2012-10-16 12:29:18 +00:00
|
|
|
#include <networking/host.h>
|
2010-08-25 10:57:13 +00:00
|
|
|
#include <credentials/sets/mem_cred.h>
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Print usage information
|
|
|
|
|
*/
|
|
|
|
|
static void usage(FILE *out, char *cmd)
|
|
|
|
|
{
|
|
|
|
|
fprintf(out, "usage:\n");
|
2020-11-01 15:39:00 +00:00
|
|
|
fprintf(out, " %s --connect <address> --port <port> [--key <key] [--cert <file>] [--cacert <file>]+ [--times <n>]\n", cmd);
|
2021-02-18 14:36:59 +00:00
|
|
|
fprintf(out, " %s --listen <address> --port <port> --key <key> --cert <file> [--cacert <file>]+ [--auth-optional] [--times <n>]\n", cmd);
|
2020-11-01 15:39:00 +00:00
|
|
|
fprintf(out, "\n");
|
|
|
|
|
fprintf(out, "options:\n");
|
|
|
|
|
fprintf(out, " --help print help and exit\n");
|
|
|
|
|
fprintf(out, " --connect <address> connect to a server on dns name or ip address\n");
|
|
|
|
|
fprintf(out, " --listen <address> listen on dns name or ip address\n");
|
|
|
|
|
fprintf(out, " --port <port> specify the port to use\n");
|
|
|
|
|
fprintf(out, " --cert <file> certificate to authenticate itself\n");
|
|
|
|
|
fprintf(out, " --key <file> private key to authenticate itself\n");
|
|
|
|
|
fprintf(out, " --cacert <file> certificate to verify other peer\n");
|
2021-02-18 14:36:59 +00:00
|
|
|
fprintf(out, " --auth-optional don't enforce client authentication\n");
|
2020-11-01 15:39:00 +00:00
|
|
|
fprintf(out, " --times <n> specify the amount of repeated connection establishments\n");
|
|
|
|
|
fprintf(out, " --ipv4 use IPv4\n");
|
|
|
|
|
fprintf(out, " --ipv6 use IPv6\n");
|
|
|
|
|
fprintf(out, " --min-version <version> specify the minimum TLS version, supported versions:\n");
|
|
|
|
|
fprintf(out, " 1.0 (default), 1.1, 1.2 and 1.3\n");
|
|
|
|
|
fprintf(out, " --max-version <version> specify the maximum TLS version, supported versions:\n");
|
|
|
|
|
fprintf(out, " 1.0, 1.1, 1.2 and 1.3 (default)\n");
|
|
|
|
|
fprintf(out, " --version <version> set one specific TLS version to use, supported versions:\n");
|
|
|
|
|
fprintf(out, " 1.0, 1.1, 1.2 and 1.3\n");
|
|
|
|
|
fprintf(out, " --debug <debug level> set debug level, default is 1\n");
|
2010-08-25 10:57:13 +00:00
|
|
|
}
|
|
|
|
|
|
2013-04-02 14:09:17 +00:00
|
|
|
/**
|
|
|
|
|
* Check, as client, if we have a client certificate with private key
|
|
|
|
|
*/
|
|
|
|
|
static identification_t *find_client_id()
|
|
|
|
|
{
|
|
|
|
|
identification_t *client = NULL, *keyid;
|
|
|
|
|
enumerator_t *enumerator;
|
|
|
|
|
certificate_t *cert;
|
|
|
|
|
public_key_t *pubkey;
|
|
|
|
|
private_key_t *privkey;
|
|
|
|
|
chunk_t chunk;
|
|
|
|
|
|
|
|
|
|
enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
|
|
|
|
|
CERT_X509, KEY_ANY, NULL, FALSE);
|
|
|
|
|
while (enumerator->enumerate(enumerator, &cert))
|
|
|
|
|
{
|
|
|
|
|
pubkey = cert->get_public_key(cert);
|
|
|
|
|
if (pubkey)
|
|
|
|
|
{
|
|
|
|
|
if (pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &chunk))
|
|
|
|
|
{
|
|
|
|
|
keyid = identification_create_from_encoding(ID_KEY_ID, chunk);
|
|
|
|
|
privkey = lib->credmgr->get_private(lib->credmgr,
|
|
|
|
|
pubkey->get_type(pubkey), keyid, NULL);
|
|
|
|
|
keyid->destroy(keyid);
|
|
|
|
|
if (privkey)
|
|
|
|
|
{
|
|
|
|
|
client = cert->get_subject(cert);
|
|
|
|
|
client = client->clone(client);
|
|
|
|
|
privkey->destroy(privkey);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
pubkey->destroy(pubkey);
|
|
|
|
|
}
|
|
|
|
|
if (client)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
enumerator->destroy(enumerator);
|
|
|
|
|
|
|
|
|
|
return client;
|
|
|
|
|
}
|
|
|
|
|
|
2010-08-25 10:57:13 +00:00
|
|
|
/**
|
|
|
|
|
* Client routine
|
|
|
|
|
*/
|
2013-04-02 14:09:17 +00:00
|
|
|
static int run_client(host_t *host, identification_t *server,
|
2020-08-26 13:00:30 +00:00
|
|
|
identification_t *client, int times, tls_cache_t *cache,
|
2021-02-18 14:36:59 +00:00
|
|
|
tls_version_t min_version, tls_version_t max_version,
|
|
|
|
|
tls_flag_t flags)
|
2010-08-25 10:57:13 +00:00
|
|
|
{
|
|
|
|
|
tls_socket_t *tls;
|
2011-12-31 00:41:56 +00:00
|
|
|
int fd, res;
|
2010-08-25 10:57:13 +00:00
|
|
|
|
2011-12-31 00:41:56 +00:00
|
|
|
while (times == -1 || times-- > 0)
|
2010-08-25 10:57:13 +00:00
|
|
|
{
|
2020-08-25 11:09:55 +00:00
|
|
|
DBG2(DBG_TLS, "connecting to %#H", host);
|
|
|
|
|
fd = socket(host->get_family(host), SOCK_STREAM, 0);
|
2011-12-31 00:41:56 +00:00
|
|
|
if (fd == -1)
|
|
|
|
|
{
|
|
|
|
|
DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno));
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if (connect(fd, host->get_sockaddr(host),
|
|
|
|
|
*host->get_sockaddr_len(host)) == -1)
|
|
|
|
|
{
|
2020-08-25 11:09:55 +00:00
|
|
|
DBG1(DBG_TLS, "connecting to %#H failed: %s", host, strerror(errno));
|
|
|
|
|
close(fd);
|
|
|
|
|
return 1;
|
2011-12-31 00:41:56 +00:00
|
|
|
}
|
2020-08-26 13:00:30 +00:00
|
|
|
tls = tls_socket_create(FALSE, server, client, fd, cache, min_version,
|
2021-02-18 14:36:59 +00:00
|
|
|
max_version, flags);
|
2011-12-31 00:41:56 +00:00
|
|
|
if (!tls)
|
|
|
|
|
{
|
|
|
|
|
close(fd);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2011-12-31 11:49:18 +00:00
|
|
|
res = tls->splice(tls, 0, 1) ? 0 : 1;
|
2011-12-31 00:41:56 +00:00
|
|
|
tls->destroy(tls);
|
|
|
|
|
close(fd);
|
|
|
|
|
if (res)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
}
|
2010-08-25 10:57:13 +00:00
|
|
|
}
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Server routine
|
|
|
|
|
*/
|
2020-11-01 15:39:00 +00:00
|
|
|
static int serve(host_t *host, identification_t *server, identification_t *client,
|
2020-08-26 13:00:30 +00:00
|
|
|
int times, tls_cache_t *cache, tls_version_t min_version,
|
2021-02-18 14:36:59 +00:00
|
|
|
tls_version_t max_version, tls_flag_t flags)
|
2010-08-25 10:57:13 +00:00
|
|
|
{
|
|
|
|
|
tls_socket_t *tls;
|
2011-12-31 00:41:56 +00:00
|
|
|
int fd, cfd;
|
2010-08-25 10:57:13 +00:00
|
|
|
|
2011-12-31 00:41:56 +00:00
|
|
|
fd = socket(AF_INET, SOCK_STREAM, 0);
|
|
|
|
|
if (fd == -1)
|
|
|
|
|
{
|
|
|
|
|
DBG1(DBG_TLS, "opening socket failed: %s", strerror(errno));
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2010-08-25 10:57:13 +00:00
|
|
|
if (bind(fd, host->get_sockaddr(host),
|
|
|
|
|
*host->get_sockaddr_len(host)) == -1)
|
|
|
|
|
{
|
2011-12-31 00:41:56 +00:00
|
|
|
DBG1(DBG_TLS, "binding to %#H failed: %s", host, strerror(errno));
|
|
|
|
|
close(fd);
|
2010-08-25 10:57:13 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if (listen(fd, 1) == -1)
|
|
|
|
|
{
|
2011-12-31 00:41:56 +00:00
|
|
|
DBG1(DBG_TLS, "listen to %#H failed: %m", host, strerror(errno));
|
|
|
|
|
close(fd);
|
2010-08-25 10:57:13 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2011-12-31 00:41:56 +00:00
|
|
|
while (times == -1 || times-- > 0)
|
2010-08-25 10:57:13 +00:00
|
|
|
{
|
|
|
|
|
cfd = accept(fd, host->get_sockaddr(host), host->get_sockaddr_len(host));
|
|
|
|
|
if (cfd == -1)
|
|
|
|
|
{
|
2011-12-31 00:41:56 +00:00
|
|
|
DBG1(DBG_TLS, "accept failed: %s", strerror(errno));
|
|
|
|
|
close(fd);
|
2010-08-25 10:57:13 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
2011-12-31 00:41:56 +00:00
|
|
|
DBG1(DBG_TLS, "%#H connected", host);
|
2010-08-25 10:57:13 +00:00
|
|
|
|
2020-11-01 15:39:00 +00:00
|
|
|
tls = tls_socket_create(TRUE, server, client, cfd, cache, min_version,
|
2021-02-18 14:36:59 +00:00
|
|
|
max_version, flags);
|
2010-08-25 10:57:13 +00:00
|
|
|
if (!tls)
|
|
|
|
|
{
|
2011-12-31 00:41:56 +00:00
|
|
|
close(fd);
|
2010-08-25 10:57:13 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
2011-12-31 11:49:18 +00:00
|
|
|
tls->splice(tls, 0, 1);
|
2011-12-31 00:41:56 +00:00
|
|
|
DBG1(DBG_TLS, "%#H disconnected", host);
|
2010-08-25 10:57:13 +00:00
|
|
|
tls->destroy(tls);
|
|
|
|
|
}
|
2011-12-31 00:41:56 +00:00
|
|
|
close(fd);
|
2010-08-25 10:57:13 +00:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* In-Memory credential set
|
|
|
|
|
*/
|
|
|
|
|
static mem_cred_t *creds;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Load certificate from file
|
|
|
|
|
*/
|
|
|
|
|
static bool load_certificate(char *filename)
|
|
|
|
|
{
|
|
|
|
|
certificate_t *cert;
|
|
|
|
|
|
|
|
|
|
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
|
|
|
|
BUILD_FROM_FILE, filename, BUILD_END);
|
|
|
|
|
if (!cert)
|
|
|
|
|
{
|
2011-12-31 00:41:56 +00:00
|
|
|
DBG1(DBG_TLS, "loading certificate from '%s' failed", filename);
|
2010-08-25 10:57:13 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
creds->add_cert(creds, TRUE, cert);
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Load private key from file
|
|
|
|
|
*/
|
|
|
|
|
static bool load_key(char *filename)
|
|
|
|
|
{
|
|
|
|
|
private_key_t *key;
|
|
|
|
|
|
2020-10-23 14:01:03 +00:00
|
|
|
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
|
|
|
|
|
BUILD_FROM_FILE, filename, BUILD_END);
|
2010-08-25 10:57:13 +00:00
|
|
|
if (!key)
|
|
|
|
|
{
|
2011-12-31 00:41:56 +00:00
|
|
|
DBG1(DBG_TLS, "loading key from '%s' failed", filename);
|
2010-08-25 10:57:13 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
creds->add_key(creds, key);
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
2010-08-26 10:17:22 +00:00
|
|
|
/**
|
|
|
|
|
* TLS debug level
|
|
|
|
|
*/
|
|
|
|
|
static level_t tls_level = 1;
|
|
|
|
|
|
|
|
|
|
static void dbg_tls(debug_t group, level_t level, char *fmt, ...)
|
|
|
|
|
{
|
|
|
|
|
if ((group == DBG_TLS && level <= tls_level) || level <= 1)
|
|
|
|
|
{
|
|
|
|
|
va_list args;
|
|
|
|
|
|
|
|
|
|
va_start(args, fmt);
|
|
|
|
|
vfprintf(stderr, fmt, args);
|
|
|
|
|
fprintf(stderr, "\n");
|
|
|
|
|
va_end(args);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-08-25 10:57:13 +00:00
|
|
|
/**
|
|
|
|
|
* Cleanup
|
|
|
|
|
*/
|
|
|
|
|
static void cleanup()
|
|
|
|
|
{
|
|
|
|
|
lib->credmgr->remove_set(lib->credmgr, &creds->set);
|
|
|
|
|
creds->destroy(creds);
|
|
|
|
|
library_deinit();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Initialize library
|
|
|
|
|
*/
|
|
|
|
|
static void init()
|
|
|
|
|
{
|
2020-09-03 13:56:14 +00:00
|
|
|
char *plugins;
|
|
|
|
|
|
2014-01-22 10:50:39 +00:00
|
|
|
library_init(NULL, "tls_test");
|
2010-08-26 10:17:22 +00:00
|
|
|
|
|
|
|
|
dbg = dbg_tls;
|
|
|
|
|
|
2020-09-03 13:56:14 +00:00
|
|
|
plugins = getenv("PLUGINS") ?: PLUGINS;
|
|
|
|
|
lib->plugins->load(lib->plugins, plugins);
|
2010-08-25 10:57:13 +00:00
|
|
|
|
|
|
|
|
creds = mem_cred_create();
|
|
|
|
|
lib->credmgr->add_set(lib->credmgr, &creds->set);
|
|
|
|
|
|
|
|
|
|
atexit(cleanup);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int main(int argc, char *argv[])
|
|
|
|
|
{
|
|
|
|
|
char *address = NULL;
|
2011-12-31 00:41:56 +00:00
|
|
|
bool listen = FALSE;
|
2020-08-25 11:09:55 +00:00
|
|
|
int port = 0, times = -1, res, family = AF_UNSPEC;
|
2020-11-01 15:39:00 +00:00
|
|
|
identification_t *server, *client = NULL;
|
2021-01-13 13:40:40 +00:00
|
|
|
tls_version_t min_version = TLS_SUPPORTED_MIN, max_version = TLS_SUPPORTED_MAX;
|
2021-02-18 14:36:59 +00:00
|
|
|
tls_flag_t flags = TLS_FLAG_ENCRYPTION_OPTIONAL;
|
2011-12-31 00:41:56 +00:00
|
|
|
tls_cache_t *cache;
|
2010-08-25 10:57:13 +00:00
|
|
|
host_t *host;
|
|
|
|
|
|
|
|
|
|
init();
|
|
|
|
|
|
|
|
|
|
while (TRUE)
|
|
|
|
|
{
|
|
|
|
|
struct option long_opts[] = {
|
2021-02-18 14:36:59 +00:00
|
|
|
{"help", no_argument, NULL, 'h' },
|
|
|
|
|
{"connect", required_argument, NULL, 'c' },
|
|
|
|
|
{"listen", required_argument, NULL, 'l' },
|
|
|
|
|
{"port", required_argument, NULL, 'p' },
|
|
|
|
|
{"cert", required_argument, NULL, 'x' },
|
|
|
|
|
{"key", required_argument, NULL, 'k' },
|
|
|
|
|
{"cacert", required_argument, NULL, 'f' },
|
|
|
|
|
{"times", required_argument, NULL, 't' },
|
|
|
|
|
{"ipv4", no_argument, NULL, '4' },
|
|
|
|
|
{"ipv6", no_argument, NULL, '6' },
|
|
|
|
|
{"min-version", required_argument, NULL, 'm' },
|
|
|
|
|
{"max-version", required_argument, NULL, 'M' },
|
|
|
|
|
{"version", required_argument, NULL, 'v' },
|
|
|
|
|
{"auth-optional", no_argument, NULL, 'n' },
|
|
|
|
|
{"debug", required_argument, NULL, 'd' },
|
2010-08-25 10:57:13 +00:00
|
|
|
{0,0,0,0 }
|
|
|
|
|
};
|
|
|
|
|
switch (getopt_long(argc, argv, "", long_opts, NULL))
|
|
|
|
|
{
|
|
|
|
|
case EOF:
|
|
|
|
|
break;
|
|
|
|
|
case 'h':
|
|
|
|
|
usage(stdout, argv[0]);
|
|
|
|
|
return 0;
|
|
|
|
|
case 'x':
|
|
|
|
|
if (!load_certificate(optarg))
|
|
|
|
|
{
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
continue;
|
|
|
|
|
case 'k':
|
|
|
|
|
if (!load_key(optarg))
|
|
|
|
|
{
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
continue;
|
2020-11-01 15:39:00 +00:00
|
|
|
case 'f':
|
|
|
|
|
if (!load_certificate(optarg))
|
|
|
|
|
{
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
client = identification_create_from_encoding(ID_ANY, chunk_empty);
|
|
|
|
|
continue;
|
2010-08-25 10:57:13 +00:00
|
|
|
case 'l':
|
|
|
|
|
listen = TRUE;
|
|
|
|
|
/* fall */
|
|
|
|
|
case 'c':
|
|
|
|
|
if (address)
|
|
|
|
|
{
|
|
|
|
|
usage(stderr, argv[0]);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
address = optarg;
|
|
|
|
|
continue;
|
|
|
|
|
case 'p':
|
|
|
|
|
port = atoi(optarg);
|
|
|
|
|
continue;
|
2011-12-31 00:41:56 +00:00
|
|
|
case 't':
|
|
|
|
|
times = atoi(optarg);
|
2010-08-25 10:57:13 +00:00
|
|
|
continue;
|
2010-08-26 10:17:22 +00:00
|
|
|
case 'd':
|
|
|
|
|
tls_level = atoi(optarg);
|
|
|
|
|
continue;
|
2020-08-25 11:09:55 +00:00
|
|
|
case '4':
|
|
|
|
|
family = AF_INET;
|
|
|
|
|
continue;
|
|
|
|
|
case '6':
|
|
|
|
|
family = AF_INET6;
|
|
|
|
|
continue;
|
2020-08-26 13:00:30 +00:00
|
|
|
case 'm':
|
2021-01-13 13:40:40 +00:00
|
|
|
if (!enum_from_name(tls_numeric_version_names, optarg,
|
|
|
|
|
&min_version))
|
2020-08-26 13:00:30 +00:00
|
|
|
{
|
|
|
|
|
fprintf(stderr, "unknown minimum TLS version: %s\n", optarg);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
continue;
|
|
|
|
|
case 'M':
|
2021-01-13 13:40:40 +00:00
|
|
|
if (!enum_from_name(tls_numeric_version_names, optarg,
|
|
|
|
|
&max_version))
|
2020-08-26 13:00:30 +00:00
|
|
|
{
|
|
|
|
|
fprintf(stderr, "unknown maximum TLS version: %s\n", optarg);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
continue;
|
|
|
|
|
case 'v':
|
2021-01-13 13:40:40 +00:00
|
|
|
if (!enum_from_name(tls_numeric_version_names, optarg,
|
|
|
|
|
&min_version))
|
2020-08-26 13:00:30 +00:00
|
|
|
{
|
|
|
|
|
fprintf(stderr, "unknown TLS version: %s\n", optarg);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
max_version = min_version;
|
|
|
|
|
continue;
|
2021-02-18 14:36:59 +00:00
|
|
|
case 'n':
|
|
|
|
|
flags |= TLS_FLAG_CLIENT_AUTH_OPTIONAL;
|
|
|
|
|
continue;
|
2010-08-25 10:57:13 +00:00
|
|
|
default:
|
|
|
|
|
usage(stderr, argv[0]);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (!port || !address)
|
|
|
|
|
{
|
|
|
|
|
usage(stderr, argv[0]);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2020-08-25 11:09:55 +00:00
|
|
|
host = host_create_from_dns(address, family, port);
|
2010-08-25 10:57:13 +00:00
|
|
|
if (!host)
|
|
|
|
|
{
|
2020-08-25 11:09:55 +00:00
|
|
|
DBG1(DBG_TLS, "resolving hostname %s failed", address);
|
|
|
|
|
return 1;
|
2010-08-25 10:57:13 +00:00
|
|
|
}
|
|
|
|
|
server = identification_create_from_string(address);
|
2011-12-31 00:41:56 +00:00
|
|
|
cache = tls_cache_create(100, 30);
|
2010-08-25 10:57:13 +00:00
|
|
|
if (listen)
|
|
|
|
|
{
|
2021-02-18 14:36:59 +00:00
|
|
|
res = serve(host, server, client, times, cache, min_version,
|
|
|
|
|
max_version, flags);
|
2010-08-25 10:57:13 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2020-11-01 15:39:00 +00:00
|
|
|
DESTROY_IF(client);
|
2013-04-02 14:09:17 +00:00
|
|
|
client = find_client_id();
|
2020-08-26 13:00:30 +00:00
|
|
|
res = run_client(host, server, client, times, cache, min_version,
|
2021-02-18 14:36:59 +00:00
|
|
|
max_version, flags);
|
2013-04-02 14:09:17 +00:00
|
|
|
DESTROY_IF(client);
|
2010-08-25 10:57:13 +00:00
|
|
|
}
|
2011-12-31 00:41:56 +00:00
|
|
|
cache->destroy(cache);
|
2010-08-25 10:57:13 +00:00
|
|
|
host->destroy(host);
|
|
|
|
|
server->destroy(server);
|
|
|
|
|
return res;
|
|
|
|
|
}
|
