X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=blobdiff_plain;f=scripts%2Ftls_test.c;h=332f13d89ac0235b8285472e45d5bbcdb573ad06;hp=9e0b4e2562f4066dbdee7b31837f65fb50e33db4;hb=3f4300ed1eb32ad685b6bd1007059221a3318cd4;hpb=6a5c86b7ada9dd6a57290f228fd06b20cdf7011b diff --git a/scripts/tls_test.c b/scripts/tls_test.c index 9e0b4e2..332f13d 100644 --- a/scripts/tls_test.c +++ b/scripts/tls_test.c @@ -22,9 +22,9 @@ #include #include -#include +#include #include -#include +#include #include /** @@ -33,67 +33,59 @@ static void usage(FILE *out, char *cmd) { fprintf(out, "usage:\n"); - fprintf(out, " %s --connect
--port [--cert ]+ [--times ]\n", cmd); + fprintf(out, " %s --connect
--port [--key ]+ [--times ]\n", cmd); fprintf(out, " %s --listen
--port --key [--cert ]+ [--times ]\n", cmd); } /** - * Stream between stdio and TLS socket + * Check, as client, if we have a client certificate with private key */ -static int stream(int fd, tls_socket_t *tls) +static identification_t *find_client_id() { - while (TRUE) - { - fd_set set; - chunk_t data; - - FD_ZERO(&set); - FD_SET(fd, &set); - FD_SET(0, &set); + identification_t *client = NULL, *keyid; + enumerator_t *enumerator; + certificate_t *cert; + public_key_t *pubkey; + private_key_t *privkey; + chunk_t chunk; - if (select(fd + 1, &set, NULL, NULL, NULL) == -1) - { - return 1; - } - if (FD_ISSET(fd, &set)) - { - if (!tls->read(tls, &data)) - { - return 0; - } - if (data.len) - { - ignore_result(write(1, data.ptr, data.len)); - free(data.ptr); - } - } - if (FD_ISSET(0, &set)) + enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, + CERT_X509, KEY_ANY, NULL, FALSE); + while (enumerator->enumerate(enumerator, &cert)) + { + pubkey = cert->get_public_key(cert); + if (pubkey) { - char buf[1024]; - ssize_t len; - - len = read(0, buf, sizeof(buf)); - if (len == 0) - { - return 0; - } - if (len > 0) + if (pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &chunk)) { - if (!tls->write(tls, chunk_create(buf, len))) + keyid = identification_create_from_encoding(ID_KEY_ID, chunk); + privkey = lib->credmgr->get_private(lib->credmgr, + pubkey->get_type(pubkey), keyid, NULL); + keyid->destroy(keyid); + if (privkey) { - DBG1(DBG_TLS, "TLS write error"); - return 1; + client = cert->get_subject(cert); + client = client->clone(client); + privkey->destroy(privkey); } } + pubkey->destroy(pubkey); + } + if (client) + { + break; } } + enumerator->destroy(enumerator); + + return client; } /** * Client routine */ -static int client(host_t *host, identification_t *server, - int times, tls_cache_t *cache) +static int run_client(host_t *host, identification_t *server, + identification_t *client, int times, tls_cache_t *cache) { tls_socket_t *tls; int fd, res; @@ -113,13 +105,13 @@ static int client(host_t *host, identification_t *server, close(fd); return 1; } - tls = tls_socket_create(FALSE, server, NULL, fd, cache); + tls = tls_socket_create(FALSE, server, client, fd, cache); if (!tls) { close(fd); return 1; } - res = stream(fd, tls); + res = tls->splice(tls, 0, 1) ? 0 : 1; tls->destroy(tls); close(fd); if (res) @@ -176,7 +168,7 @@ static int serve(host_t *host, identification_t *server, close(fd); return 1; } - stream(cfd, tls); + tls->splice(tls, 0, 1); DBG1(DBG_TLS, "%#H disconnected", host); tls->destroy(tls); } @@ -276,7 +268,7 @@ int main(int argc, char *argv[]) char *address = NULL; bool listen = FALSE; int port = 0, times = -1, res; - identification_t *server; + identification_t *server, *client; tls_cache_t *cache; host_t *host; @@ -359,11 +351,12 @@ int main(int argc, char *argv[]) } else { - res = client(host, server, times, cache); + client = find_client_id(); + res = run_client(host, server, client, times, cache); + DESTROY_IF(client); } cache->destroy(cache); host->destroy(host); server->destroy(server); return res; } -