WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

made *-tls-ecdhe from *-tls

pull/58/head
Levi Rak 2017-05-31 14:05:02 -06:00
parent 74deab3262
commit cc2fe9cae0
8 changed files with 312 additions and 316 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.gitignore vendored
View File

@ -51,23 +51,23 @@ android/wolfssljni-ndk-sample/proguard-project.txt
/psk/server-psk
/psk/server-tcp
/tls/client-callback
/tls/client-tls-nonblocking
/tls/client-tls-resume
/tls/client-tls
/tls/client-tls-writedup
/tls/client-tcp
/tls/memory-tls
/tls/server-callback
/tls/server-tls-nonblocking
/tls/server-tls-threaded
/tls/server-tls
/tls/server-tcp
/tls/client-tls
/tls/client-tls-callback
/tls/client-tls-ecdhe
/tls/server-tls-ecdhe
/tls/client-tls-nonblocking
/tls/client-tls-perf
/tls/client-tls-resume
/tls/client-tls-writedup
/tls/memory-tls
/tls/server-tcp
/tls/server-tls
/tls/server-tls-callback
/tls/server-tls-ecdhe
/tls/server-tls-epoll-perf
/tls/server-tls-epoll-threaded
/tls/server-tls-nonblocking
/tls/server-tls-threaded
crypto/3des/3des-file-encrypt
crypto/aes/aes-file-encrypt

2
tls/client-tcp.c
View File

@ -99,7 +99,7 @@ int main(int argc, char** argv)
}
/* Print the message to stdout */
printf("Recieved: %s\n", buff);
printf("Recieved: %s\n", buff);
/* Cleanup and return */

8
tls/client-tls-callback.c
View File

@ -136,6 +136,8 @@ int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
#define DEFAULT_PORT 11111
#define CERT_FILE "../certs/ca-cert.pem"
int main(int argc, char** argv)
{
int sockfd;
@ -175,10 +177,10 @@ int main(int argc, char** argv)
}
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", NULL)
if (wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load certs/ca-cert.pem, please "
"check the file.\n");
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE);
return -1;
}

263
tls/client-tls-ecdhe.c
View File

@ -18,157 +18,156 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <wolfssl/options.h>
#include <wolfssl/ssl.h> /* wolfSSL security library */
#include <wolfssl/test.h>
#define MAXDATASIZE 4096 /* maximum acceptable amount of data */
#define SERV_PORT 11111 /* define default port number */
/* the usual suspects */
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
const char* cert = "../certs/server-ecc.pem";
/* socket includes */
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <unistd.h>
/*
* clients initial contact with server. (socket to connect, security layer)
*/
int ClientGreet(int sock, WOLFSSL* ssl)
{
/* data to send to the server, data recieved from the server */
char sendBuff[MAXDATASIZE], rcvBuff[MAXDATASIZE] = {0};
int ret = 0; /* variable for error checking */
printf("Message for server:\t");
fgets(sendBuff, MAXDATASIZE, stdin);
if (wolfSSL_write(ssl, sendBuff, strlen(sendBuff)) != strlen(sendBuff)) {
/* the message is not able to send, or error trying */
ret = wolfSSL_get_error(ssl, 0);
printf("Write error: Error: %i\n", ret);
return EXIT_FAILURE;
}
if (wolfSSL_read(ssl, rcvBuff, MAXDATASIZE) < 0) {
/* the server failed to send data, or error trying */
ret = wolfSSL_get_error(ssl, 0);
printf("Read error. Error: %i\n", ret);
return EXIT_FAILURE;
}
printf("Recieved: \t%s\n", rcvBuff);
return ret;
}
/*
* applies TLS 1.2 security layer to data being sent.
*/
int Security(int sock)
{
WOLFSSL_CTX* ctx;
WOLFSSL* ssl; /* create WOLFSSL object */
int ret = 0;
const char* myCert = "../certs/client-ecc-cert.pem";
const char* myKey = "../certs/ecc-client-key.pem";
char* cipherList = "ECDHE-ECDSA-CHACHA20-POLY1305";
char buffer[WOLFSSL_MAX_ERROR_SZ];
wolfSSL_Init(); /* initialize wolfSSL */
/* create and initiLize WOLFSSL_CTX structure */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
printf("SSL_CTX_new error.\n");
return EXIT_FAILURE;
}
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("client can't set cipher list 1");
if (wolfSSL_CTX_use_certificate_chain_file(ctx, myCert)
!= SSL_SUCCESS)
err_sys("can't load client cert file, check file and run from"
" wolfSSL home dir");
if (wolfSSL_CTX_use_PrivateKey_file(ctx, myKey, SSL_FILETYPE_PEM)
!= SSL_SUCCESS)
err_sys("can't load client private key file, check file and run "
"from wolfSSL home dir");
/* load CA certificates into wolfSSL_CTX. which will verify the server */
if (wolfSSL_CTX_load_verify_locations(ctx, cert, 0) != SSL_SUCCESS) {
printf("Error loading %s. Please check the file.\n", cert);
return EXIT_FAILURE;
}
if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("wolfSSL_new error.\n");
return EXIT_FAILURE;
}
wolfSSL_set_fd(ssl, sock);
ret = wolfSSL_connect(ssl);
if (ret == SSL_SUCCESS) {
ret = ClientGreet(sock, ssl);
} else {
printf("Failure:");
ret = wolfSSL_get_error(ssl, 0);
printf(" ret = %d", ret);
printf(" %s\n", wolfSSL_ERR_error_string(ret, buffer));
}
/* wolfSSL */
#include <wolfssl/ssl.h>
/* frees all data before client termination */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
#define DEFAULT_PORT 11111
return ret;
}
#define CERT_FILE "../certs/server-ecc.pem"
#define ECC_FILE "../certs/client-ecc-cert.pem"
#define KEY_FILE "../certs/ecc-client-key.pem"
#define CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305"
/*
* Command line argumentCount and argumentValues
*/
int main(int argc, char** argv)
{
int sockfd; /* socket file descriptor */
struct sockaddr_in servAddr; /* struct for server address */
int ret = 0; /* variable for error checking */
int sockfd;
struct sockaddr_in servAddr;
char buff[256];
size_t len;
/* declare wolfSSL objects */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
/* Check for proper calling convention */
if (argc != 2) {
/* if the number of arguments is not two, error */
printf("usage: ./client-tcp <IP address>\n");
return EXIT_FAILURE;
printf("usage: %s <IPv4 address>\n", argv[0]);
return 0;
}
/* internet address family, stream based tcp, default protocol */
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
printf("Failed to create socket. Error: %i\n", errno);
return EXIT_FAILURE;
/* Initialize wolfSSL */
wolfSSL_Init();
/* Create a socket that uses an internet IPv4 address,
* Sets the socket to be stream based (TCP),
* 0 means choose the default protocol. */
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
fprintf(stderr, "ERROR: failed to create the socket\n");
return -1;
}
memset(&servAddr, 0, sizeof(servAddr)); /* clears memory block for use */
servAddr.sin_family = AF_INET; /* sets addressfamily to internet*/
servAddr.sin_port = htons(SERV_PORT); /* sets port to defined port */
/* looks for the server at the entered address (ip in the command line) */
if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) < 1) {
/* checks validity of address */
ret = errno;
printf("Invalid Address. Error: %i\n", ret);
return EXIT_FAILURE;
/* Create and initialize WOLFSSL_CTX */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
return -1;
}
if (connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr)) < 0) {
/* if socket fails to connect to the server*/
ret = errno;
printf("Connect error. Error: %i\n", ret);
return EXIT_FAILURE;
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE);
return -1;
}
Security(sockfd);
return ret;
/* Load client ecc certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ECC_FILE) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
ECC_FILE);
return -1;
}
/* Load client ecc key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
KEY_FILE);
return -1;
}
/* Set cipher list */
if (wolfSSL_CTX_set_cipher_list(ctx, CIPHER_LIST) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to set cipher list\n");
return -1;
}
/* Initialize the server address struct with zeros */
memset(&servAddr, 0, sizeof(servAddr));
/* Fill in the server address */
servAddr.sin_family = AF_INET; /* using IPv4 */
servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
/* Get the server IPv4 address from the command line call */
if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) != 1) {
fprintf(stderr, "ERROR: invalid Address\n");
return -1;
}
/* Connect to the server */
if (connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr)) < 0) {
fprintf(stderr, "ERROR: failed to connect\n");
return -1;
}
/* Create a WOLFSSL object */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
return -1;
}
/* Attach wolfSSL to the socket */
wolfSSL_set_fd(ssl, sockfd);
/* Get a message for the server from stdin */
printf("Message for server: ");
memset(buff, 0, sizeof(buff));
fgets(buff, sizeof(buff), stdin);
len = strnlen(buff, sizeof(buff));
/* Send the message */
if (wolfSSL_write(ssl, buff, len) != len) {
fprintf(stderr, "ERROR: failed to write\n");
return -1;
}
/* Get a response from the server */
memset(buff, 0, sizeof(buff));
if (wolfSSL_read(ssl, buff, sizeof(buff)-1) < 0) {
fprintf(stderr, "ERROR: failed to read\n");
return -1;
}
/* Print the message to stdout */
printf("Recieved: %s\n", buff);
/* Cleanup and return */
wolfSSL_free(ssl); /* Free the wolfSSL object */
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
return 0; /* Return reporting a success */
}

8
tls/client-tls.c
View File

@ -36,6 +36,8 @@
#define DEFAULT_PORT 11111
#define CERT_FILE "../certs/ca-cert.pem"
int main(int argc, char** argv)
{
int sockfd;
@ -75,10 +77,10 @@ int main(int argc, char** argv)
}
/* Load client certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", NULL)
if (wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load certs/ca-cert.pem, please "
"check the file.\n");
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE);
return -1;
}

22
tls/server-tls-callback.c
View File

@ -136,6 +136,10 @@ int my_IOSend(WOLFSSL* ssl, char* buff, int sz, void* ctx)
#define DEFAULT_PORT 11111
#define CERT_FILE "../certs/server-cert.pem"
#define KEY_FILE "../certs/server-key.pem"
#define DH_FILE "../certs/dh2048.pem"
int main()
{
int sockfd;
@ -171,23 +175,23 @@ int main()
}
/* Load server certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load certs/server-cert.pem, please "
"check the file.\n");
if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE);
return -1;
}
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load certs/server-key.pem, please "
"check the file.\n");
if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
KEY_FILE);
return -1;
}
/* Set DH params for WOLFSSL_CTX */
if (wolfSSL_CTX_SetTmpDH_file(ctx, "../certs/dh2048.pem", SSL_FILETYPE_PEM)
if (wolfSSL_CTX_SetTmpDH_file(ctx, DH_FILE, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to set DH parameters.\n");
return -1;

279
tls/server-tls-ecdhe.c
View File

@ -17,184 +17,169 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*=============================================================================
*
* This is a super basic example of what a TCP Server secured with TLS 1.2
* might look like. This server can also resume the session if a client
* inadvertantly disconnects.
*/
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <string.h>
#include <netinet/in.h>
/* the usual suspects */
#include <stdlib.h>
#include <errno.h>
#include <wolfssl/options.h>
#include <stdio.h>
#include <string.h>
/* include the wolfSSL library for our TLS 1.2 security */
/* socket includes */
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <unistd.h>
/* wolfSSL */
#include <wolfssl/ssl.h>
#define DEFAULT_PORT 11111
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr);
int AcceptAndRead(WOLFSSL_CTX* ctx, socklen_t sockfd, struct sockaddr_in
clientAddr)
{
/* Create our reply message */
const char reply[] = "I hear ya fa shizzle!\n";
socklen_t size = sizeof(clientAddr);
/* Wait until a client connects */
socklen_t connd = accept(sockfd, (struct sockaddr *)&clientAddr, &size);
/* If fails to connect,int loop back up and wait for a new connection */
if (connd == -1) {
printf("failed to accept the connection..\n");
}
/* If it connects, read in and reply to the client */
else {
printf("Client connected successfully\n");
WOLFSSL* ssl;
if ( (ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "wolfSSL_new error.\n");
exit(EXIT_FAILURE);
}
/* direct our ssl to our clients connection */
wolfSSL_set_fd(ssl, connd);
printf("Using Non-Blocking I/O: %d\n", wolfSSL_get_using_nonblock(
ssl));
for ( ; ; ) {
char buff[256];
int ret = 0;
/* Clear the buffer memory for anything possibly left over */
memset(&buff, 0, sizeof(buff));
/* Read the client data into our buff array */
if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) {
/* Print any data the client sends to the console */
printf("Client: %s\n", buff);
/* Reply back to the client */
if ((ret = wolfSSL_write(ssl, reply, sizeof(reply)-1))
< 0)
{
printf("wolfSSL_write error = %d\n", wolfSSL_get_error(ssl, ret));
}
break;
}
/* if the client disconnects break the loop */
else {
if (ret < 0)
printf("wolfSSL_read error = %d\n", wolfSSL_get_error(ssl
,ret));
else if (ret == 0)
printf("The client has closed the connection.\n");
break;
}
}
wolfSSL_free(ssl); /* Free the WOLFSSL object */
}
close(connd); /* close the connected socket */
return 0;
}
#define CERT_FILE "../certs/server-ecc.pem"
#define KEY_FILE "../certs/ecc-key.pem"
#define CIPHER_LIST "ECDHE-ECDSA-CHACHA20-POLY1305"
int main()
{
/* Create a ctx pointer for our ssl */
WOLFSSL_CTX* ctx;
int sockfd;
int connd;
struct sockaddr_in servAddr;
struct sockaddr_in clientAddr;
socklen_t size = sizeof(clientAddr);
char buff[256];
int ret = 0;
/* declare wolfSSL objects */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
/*
* Creates a socket that uses an internet IP address,
* Sets the type to be Stream based (TCP),
* 0 means choose the default protocol.
*/
socklen_t sockfd = socket(AF_INET, SOCK_STREAM, 0);
int loopExit = 0; /* 0 = False, 1 = True */
int ret = 0; /* Return value */
/* Server and client socket address structures */
struct sockaddr_in serverAddr = {0}, clientAddr = {0};
char* cipherList = "ECDHE-ECDSA-CHACHA20-POLY1305";
/* Initialize wolfSSL */
wolfSSL_Init();
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
/* If positive value, the socket is valid */
if (sockfd == -1) {
printf("ERROR: failed to create the socket\n");
return EXIT_FAILURE; /* Kill the server with exit status 1 */
/* Create a socket that uses an internet IPv4 address,
* Sets the socket to be stream based (TCP),
* 0 means choose the default protocol. */
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
fprintf(stderr, "ERROR: failed to create the socket\n");
return -1;
}
/* create and initialize WOLFSSL_CTX structure */
/* Create and initialize WOLFSSL_CTX */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
fprintf(stderr, "wolfSSL_CTX_new error.\n");
return EXIT_FAILURE;
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
return -1;
}
/* Load server certificate into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-ecc.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-cert.pem, please check"
"the file.\n");
return EXIT_FAILURE;
/* Load server certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE);
return -1;
}
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/ecc-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "Error loading certs/server-key.pem, please check"
"the file.\n");
return EXIT_FAILURE;
if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
KEY_FILE);
return -1;
}
if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
printf("client can't set cipher list 1");
/* Initialize the server address struct to zero */
memset((char *)&serverAddr, 0, sizeof(serverAddr));
/* Fill the server's address family */
serverAddr.sin_family = AF_INET;
serverAddr.sin_addr.s_addr = INADDR_ANY;
serverAddr.sin_port = htons(DEFAULT_PORT);
/* Attach the server socket to our port */
if (bind(sockfd, (struct sockaddr *)&serverAddr, sizeof(serverAddr))
< 0) {
printf("ERROR: failed to bind\n");
return EXIT_FAILURE;
/* Set cipher list */
if (wolfSSL_CTX_set_cipher_list(ctx, CIPHER_LIST) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to set cipher list\n");
return -1;
}
/* Initialize the server address struct with zeros */
memset(&servAddr, 0, sizeof(servAddr));
/* Fill in the server address */
servAddr.sin_family = AF_INET; /* using IPv4 */
servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */
servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */
/* Bind the server socket to our port */
if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) < 0) {
fprintf(stderr, "ERROR: failed to bind\n");
return -1;
}
/* Listen for a new connection, allow 5 pending connections */
if (listen(sockfd, 5) == -1) {
fprintf(stderr, "ERROR: failed to listen\n");
return -1;
}
printf("Waiting for a connection...\n");
/* Continuously accept connects while not currently in an active connection
or told to quit */
while (loopExit == 0) {
/* listen for a new connection, allow 5 pending connections */
ret = listen(sockfd, 5);
if (ret == 0) {
/* Accept client connections and read from them */
loopExit = AcceptAndRead(ctx, sockfd, clientAddr);
ret = -1;
}
/* Accept client connections */
if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) == -1) {
fprintf(stderr, "ERROR: failed to accept the connection\n\n");
return -1;
}
wolfSSL_CTX_free(ctx); /* Free WOLFSSL_CTX */
wolfSSL_Cleanup(); /* Free wolfSSL */
return EXIT_SUCCESS;
/* Create a WOLFSSL object */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
return -1;
}
/* Attach wolfSSL to the socket */
wolfSSL_set_fd(ssl, connd);
printf("Client connected successfully\n");
/* Read in from the client while there is something to read */
do {
/* Clear the buffer memory for anything possibly left over */
memset(buff, 0, sizeof(buff));
/* Read the client data into our buff array */
if (wolfSSL_read(ssl, buff, sizeof(buff)-1) > 0) {
/* Print any data the client sends to the console */
printf("Client: %s\n", buff);
/* Write our reply into buff */
memset(buff, 0, sizeof(buff));
memcpy(buff, "I hear ya fa shizzle!\n", 23);
/* Reply back to the client */
if (wolfSSL_write(ssl, buff, sizeof(buff)-1) < 0) {
fprintf(stderr, "ERROR: failed to write\n");
}
}
} while (ret > 0);
/* Check for a read error condition */
if (ret == 0) {
printf("Client has closed the connection.\n");
}
else {
fprintf(stderr, "ERROR: failed to read\n");
}
/* Cleanup and return */
wolfSSL_free(ssl); /* Free the wolfSSL object */
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
return 0; /* Return reporting a success */
}

22
tls/server-tls.c
View File

@ -36,6 +36,10 @@
#define DEFAULT_PORT 11111
#define CERT_FILE "../certs/server-cert.pem"
#define KEY_FILE "../certs/server-key.pem"
#define DH_FILE "../certs/dh2048.pem"
int main()
{
int sockfd;
@ -71,23 +75,23 @@ int main()
}
/* Load server certificates into WOLFSSL_CTX */
if (wolfSSL_CTX_use_certificate_file(ctx, "../certs/server-cert.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load certs/server-cert.pem, please "
"check the file.\n");
if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE);
return -1;
}
/* Load server key into WOLFSSL_CTX */
if (wolfSSL_CTX_use_PrivateKey_file(ctx, "../certs/server-key.pem",
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load certs/server-key.pem, please "
"check the file.\n");
if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
KEY_FILE);
return -1;
}
/* Set DH params for WOLFSSL_CTX */
if (wolfSSL_CTX_SetTmpDH_file(ctx, "../certs/dh2048.pem", SSL_FILETYPE_PEM)
if (wolfSSL_CTX_SetTmpDH_file(ctx, DH_FILE, SSL_FILETYPE_PEM)
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to set DH parameters.\n");
return -1;