+++ /dev/null
-/*
- * nisccSimpleClient.cpp - just do one SSL client session expecting
- * errSSLPeerCertUnknown and ClientCertRejected
- */
-
-#include <Security/SecureTransport.h>
-#include <Security/Security.h>
-#include <Security/SecBasePriv.h>
-#include <clAppUtils/sslAppUtils.h>
-#include <clAppUtils/ioSock.h>
-#include <clAppUtils/sslThreading.h>
-#include <security_cdsa_utils/cuFileIo.h>
-#include <security_cdsa_utils/cuCdsaUtils.h>
-#include <security_cdsa_utils/cuPrintCert.h>
-#include <security_utilities/threading.h>
-#include <security_utilities/devrandom.h>
-
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-#include <time.h>
-#include <ctype.h>
-#include <sys/param.h>
-
-/* skip certs larger than this - ST can't fragment protocol msgs (yet) */
-#define MAX_CERT_SIZE 16000
-
-static void usage(char **argv)
-{
- printf("Usage: %s hostname port keychain [q(uiet)]\n", argv[0]);
- exit(1);
-}
-
-#define IGNORE_SIGPIPE 1
-#if IGNORE_SIGPIPE
-#include <signal.h>
-
-void sigpipe(int sig)
-{
-}
-#endif /* IGNORE_SIGPIPE */
-
-SslAppTestParams clientDefaults =
-{
- NULL, // hostName - user-provided
- true, // skipHostNameCHeck
- 0, // port - user-provided
- NULL, NULL, // RingBuffers
- false, // noProtSpec
- kTLSProtocol1,
- NULL, // acceptedProts - not used in this test
- NULL, // myCerts - user-provided
- NULL, // password - same as myCerts
- false, // idIsTrustedRoot
- true, // disableCertVerify - SPECIAL FOR THIS TEST
- NULL, // anchorFile - not needed - right?
- false, // replaceAnchors
- kAlwaysAuthenticate,
- false, // resumeEnable
- NULL, // ciphers
- false, // nonBlocking
- NULL, // dhParams
- 0, // dhParamsLen
- errSSLPeerCertUnknown, // expectRtn
- kTLSProtocol1, // expectVersion
- kSSLClientCertRejected,
- SSL_CIPHER_IGNORE,
- false, // quiet - user-provided
- false, // silent
- false, // verbose
- NULL, // lock
- 0, // clientDone
- false, // serverAbort
- /* returned */
- kSSLProtocolUnknown,
- SSL_NULL_WITH_NULL_NULL,
- kSSLClientCertNone,
- noHardwareErr
-
-};
-
-static void testStartBanner(
- char *testName,
- int argc,
- char **argv)
-{
- printf("Starting %s; args: ", testName);
- for(int i=1; i<argc; i++) {
- printf("%s ", argv[i]);
- }
- printf("\n");
-}
-
-/* this normally comes from libcsputils.a, which we don't link against */
-
-extern "C" {
-char *cssmErrToStr(CSSM_RETURN err);
-}
-
-char *cssmErrToStr(CSSM_RETURN err)
-{
- string errStr = cssmErrorString(err);
- return const_cast<char *>(errStr.c_str());
-}
-
-
-int main(int argc, char **argv)
-{
- int ourRtn = 0;
- char *argp;
- int errCount = 0;
-
- if(argc < 4) {
- usage(argv);
- }
-
- /* required args */
- clientDefaults.hostName = argv[1];
- clientDefaults.password = argv[1];
- clientDefaults.port = atoi(argv[2]);
- clientDefaults.myCertKcName = argv[3];
-
- /* optional args */
- for(int arg=4; arg<argc; arg++) {
- argp = argv[arg];
- switch(argp[0]) {
- case 'q':
- clientDefaults.quiet = true;
- break;
- default:
- usage(argv);
- }
- }
-
- #if IGNORE_SIGPIPE
- signal(SIGPIPE, sigpipe);
- #endif
-
- if(!clientDefaults.quiet) {
- testStartBanner("nisccSimpleClient", argc, argv);
- }
- ourRtn = sslAppClient(&clientDefaults);
-
- /* accept a number of returns - even success! */
- if((ourRtn != errSSLPeerCertUnknown) &&
- (ourRtn != errSSLPeerUnknownCA) &&
- (ourRtn != errSSLPeerRecordOverflow) &&
- (ourRtn != noErr)) {
- printf("***Unexpected error return (%s)\n",
- sslGetSSLErrString(ourRtn));
- errCount++;
- }
- if(ourRtn == noErr) {
- errCount += sslVerifyClientCertState("client",
- kSSLClientCertSent,
- clientDefaults.certState);
- }
- else {
- errCount += sslVerifyClientCertState("client",
- clientDefaults.expectCertState,
- clientDefaults.certState);
- }
-
- if(!clientDefaults.quiet) {
- if(errCount == 0) {
- printf("===== %s test PASSED =====\n", argv[0]);
- ourRtn = noErr;
- }
- else {
- printf("****FAIL: sslAppClient detected %d errors\n", errCount);
- }
- }
-
- return errCount;
-}
projects / apple / security.git / blobdiff