From: Marcel Poul Date: Tue, 29 Jan 2013 20:50:09 +0000 (+0000) Subject: Get peer's certificate if asked for. X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=b8f9803183c40e1fb9bae9d6a937c317785740d1;p=jra1mw.git Get peer's certificate if asked for. --- diff --git a/emi.canl.canl-c/examples/canl_sample_client.c b/emi.canl.canl-c/examples/canl_sample_client.c index 9bac30b..1b696ec 100644 --- a/emi.canl.canl-c/examples/canl_sample_client.c +++ b/emi.canl.canl-c/examples/canl_sample_client.c @@ -25,17 +25,21 @@ int main(int argc, char *argv[]) char *serv_cert = NULL; char *serv_key = NULL; char *proxy_cert = NULL; + canl_principal princ = NULL; + int get_peer_princ = 0; + char *name = NULL; timeout.tv_sec = DEF_TIMEOUT; timeout.tv_usec = 0; - while ((opt = getopt(argc, argv, "hp:s:c:k:t:")) != -1) { + while ((opt = getopt(argc, argv, "nhp:s:c:k:t:")) != -1) { switch (opt) { case 'h': fprintf(stderr, "Usage: %s [-p port] [-c certificate]" " [-k private key] [-d ca_dir] [-h] " " [-s server] [-x proxy certificate] " - " [-t timeout] \n", argv[0]); + "[-t timeout] [-n {print peer's princ name}] " + " \n", argv[0]); exit(0); case 'p': port = atoi(optarg); @@ -58,11 +62,15 @@ int main(int argc, char *argv[]) case 't': timeout.tv_sec = atoi(optarg); break; + case 'n': + get_peer_princ = 1; + break; default: /* '?' */ fprintf(stderr, "Usage: %s [-p port] [-c certificate]" " [-k private key] [-d ca_dir] [-h]" " [-s server] [-x proxy certificate]" - " [-t timeout] \n", argv[0]); + "[-t timeout] [-n {print peer's princ name}] " + " \n", argv[0]); exit(-1); } } @@ -94,14 +102,28 @@ int main(int argc, char *argv[]) } } - err = canl_io_connect(my_ctx, my_io_h, p_server, NULL, port, NULL, 0, - NULL, &timeout); - if (err) { - printf("[CLIENT] connection to %s cannot be established:\n[CANL] %s\n", - p_server, canl_get_error_message(my_ctx)); - goto end; + if (get_peer_princ) { + err = canl_io_connect(my_ctx, my_io_h, p_server, NULL, port, NULL, 0, + &princ, &timeout); + if (err) { + printf("[CLIENT] connection cannot be established:\n[CANL] %s\n", + canl_get_error_message(my_ctx)); + goto end; + } + + err = canl_princ_name(my_ctx, princ, &name); + printf("[CLIENT] connection established with %s\n", name); + free(name); + canl_princ_free(my_ctx, princ); } - else { + else{ + err = canl_io_connect(my_ctx, my_io_h, p_server, NULL, port, NULL, 0, + NULL, &timeout); + if (err) { + printf("[CLIENT] connection cannot be established:\n[CANL] %s\n", + canl_get_error_message(my_ctx)); + goto end; + } printf("[CLIENT] connection established\n"); } diff --git a/emi.canl.canl-c/examples/canl_sample_server.c b/emi.canl.canl-c/examples/canl_sample_server.c index d129c4b..f7bf581 100644 --- a/emi.canl.canl-c/examples/canl_sample_server.c +++ b/emi.canl.canl-c/examples/canl_sample_server.c @@ -26,18 +26,20 @@ int main(int argc, char *argv[]) int buf_len = 0; struct timeval timeout; canl_principal princ = NULL; + int get_peer_princ = 0; char *name = NULL; timeout.tv_sec = DEF_TIMEOUT; timeout.tv_usec = 0; - while ((opt = getopt(argc, argv, "hp:c:k:d:t:")) != -1) { + while ((opt = getopt(argc, argv, "nhp:c:k:d:t:")) != -1) { switch (opt) { case 'h': fprintf(stderr, "Usage: %s [-p port] [-c certificate]" " [-k private key] [-d ca_dir] [-h] " - "[-t timeout] \n", argv[0]); + "[-t timeout] [-n {print peer's princ name}] " + " \n", argv[0]); exit(0); case 'p': port = atoi(optarg); @@ -54,10 +56,14 @@ int main(int argc, char *argv[]) case 't': timeout.tv_sec = atoi(optarg); break; + case 'n': + get_peer_princ = 1; + break; default: /* '?' */ fprintf(stderr, "Usage: %s [-p port] [-c certificate]" " [-k private key] [-d ca_dir] [-h] " - "[-t timeout] \n", argv[0]); + "[-t timeout] [-n {print peer's princ name}] " + " \n", argv[0]); exit(-1); } } @@ -152,17 +158,31 @@ int main(int argc, char *argv[]) /* canl_create_io_handler has to be called for my_io_h*/ /* TODO timeout in this function? and select around it*/ - err = canl_io_accept(my_ctx, my_io_h, new_fd, s_addr, 0, &princ, &timeout); - if (err) { - printf("[SERVER] connection cannot be established:\n[CANL] %s\n", - canl_get_error_message(my_ctx)); - goto end; - } + if (get_peer_princ) { + err = canl_io_accept(my_ctx, my_io_h, new_fd, s_addr, + 0, &princ, &timeout); + if (err) { + printf("[SERVER] connection cannot be established:\n[CANL] %s\n", + canl_get_error_message(my_ctx)); + goto end; + } + - err = canl_princ_name(my_ctx, princ, &name); - printf("[SERVER] connection established with %s\n", name); - free(name); - canl_princ_free(my_ctx, princ); + err = canl_princ_name(my_ctx, princ, &name); + printf("[SERVER] connection established with %s\n", name); + free(name); + canl_princ_free(my_ctx, princ); + } + else{ + err = canl_io_accept(my_ctx, my_io_h, new_fd, s_addr, + 0, NULL, &timeout); + if (err) { + printf("[SERVER] connection cannot be established:\n[CANL] %s\n", + canl_get_error_message(my_ctx)); + goto end; + } + printf("[SERVER] connection established\n"); + } strncpy(buf, "This is a testing message to send", sizeof(buf)); buf_len = strlen(buf) + 1; diff --git a/emi.canl.canl-c/src/canl.c b/emi.canl.canl-c/src/canl.c index b14cda7..c592fbc 100644 --- a/emi.canl.canl-c/src/canl.c +++ b/emi.canl.canl-c/src/canl.c @@ -186,13 +186,13 @@ canl_io_connect(canl_ctx cc, canl_io_handler io, const char *host, } io_cc->conn_ctx = ctx; done = 1; - /*TODO Not mandatory peer certificate for now*/ - /* if (peer) { - err = mech->get_peer(glb_cc, io_cc, conn_ctx, peer); - if (err) - goto end; - } - */ + /* If peer != NULL then client certificate is mandatory*/ + if (peer) { + err = mech->get_peer(glb_cc, io_cc, ctx, peer); + if (err) + goto end; + } + break; } if (err == ETIMEDOUT) @@ -353,7 +353,7 @@ canl_io_accept(canl_ctx cc, canl_io_handler io, int new_fd, if (err) goto end; - /*TODO Not mandatory peer certificate for now*/ + /* If peer != NULL then client certificate is mandatory*/ if (peer) { err = mech->get_peer(glb_cc, io_cc, conn_ctx, peer); if (err)