ddd-01-conn-blocking.c 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187
  1. #include <openssl/ssl.h>
  2. /*
  3. * Demo 1: Client — Managed Connection — Blocking
  4. * ==============================================
  5. *
  6. * This is an example of (part of) an application which uses libssl in a simple,
  7. * synchronous, blocking fashion. The functions show all interactions with
  8. * libssl the application makes, and would hypothetically be linked into a
  9. * larger application.
  10. */
  11. /*
  12. * The application is initializing and wants an SSL_CTX which it will use for
  13. * some number of outgoing connections, which it creates in subsequent calls to
  14. * new_conn. The application may also call this function multiple times to
  15. * create multiple SSL_CTX.
  16. */
  17. SSL_CTX *create_ssl_ctx(void)
  18. {
  19. SSL_CTX *ctx;
  20. #ifdef USE_QUIC
  21. ctx = SSL_CTX_new(OSSL_QUIC_client_method());
  22. #else
  23. ctx = SSL_CTX_new(TLS_client_method());
  24. #endif
  25. if (ctx == NULL)
  26. return NULL;
  27. /* Enable trust chain verification. */
  28. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
  29. /* Load default root CA store. */
  30. if (SSL_CTX_set_default_verify_paths(ctx) == 0) {
  31. SSL_CTX_free(ctx);
  32. return NULL;
  33. }
  34. return ctx;
  35. }
  36. /*
  37. * The application wants to create a new outgoing connection using a given
  38. * SSL_CTX.
  39. *
  40. * hostname is a string like "openssl.org:443" or "[::1]:443".
  41. */
  42. BIO *new_conn(SSL_CTX *ctx, const char *hostname)
  43. {
  44. BIO *out;
  45. SSL *ssl = NULL;
  46. const char *bare_hostname;
  47. #ifdef USE_QUIC
  48. static const unsigned char alpn[] = {5, 'd', 'u', 'm', 'm', 'y'};
  49. #endif
  50. out = BIO_new_ssl_connect(ctx);
  51. if (out == NULL)
  52. return NULL;
  53. if (BIO_get_ssl(out, &ssl) == 0) {
  54. BIO_free_all(out);
  55. return NULL;
  56. }
  57. if (BIO_set_conn_hostname(out, hostname) == 0) {
  58. BIO_free_all(out);
  59. return NULL;
  60. }
  61. /* Returns the parsed hostname extracted from the hostname:port string. */
  62. bare_hostname = BIO_get_conn_hostname(out);
  63. if (bare_hostname == NULL) {
  64. BIO_free_all(out);
  65. return NULL;
  66. }
  67. /* Tell the SSL object the hostname to check certificates against. */
  68. if (SSL_set1_host(ssl, bare_hostname) <= 0) {
  69. BIO_free_all(out);
  70. return NULL;
  71. }
  72. #ifdef USE_QUIC
  73. /* Configure ALPN, which is required for QUIC. */
  74. if (SSL_set_alpn_protos(ssl, alpn, sizeof(alpn))) {
  75. /* Note: SSL_set_alpn_protos returns 1 for failure. */
  76. BIO_free_all(out);
  77. return NULL;
  78. }
  79. #endif
  80. return out;
  81. }
  82. /*
  83. * The application wants to send some block of data to the peer.
  84. * This is a blocking call.
  85. */
  86. int tx(BIO *bio, const void *buf, int buf_len)
  87. {
  88. return BIO_write(bio, buf, buf_len);
  89. }
  90. /*
  91. * The application wants to receive some block of data from
  92. * the peer. This is a blocking call.
  93. */
  94. int rx(BIO *bio, void *buf, int buf_len)
  95. {
  96. return BIO_read(bio, buf, buf_len);
  97. }
  98. /*
  99. * The application wants to close the connection and free bookkeeping
  100. * structures.
  101. */
  102. void teardown(BIO *bio)
  103. {
  104. BIO_free_all(bio);
  105. }
  106. /*
  107. * The application is shutting down and wants to free a previously
  108. * created SSL_CTX.
  109. */
  110. void teardown_ctx(SSL_CTX *ctx)
  111. {
  112. SSL_CTX_free(ctx);
  113. }
  114. /*
  115. * ============================================================================
  116. * Example driver for the above code. This is just to demonstrate that the code
  117. * works and is not intended to be representative of a real application.
  118. */
  119. int main(int argc, char **argv)
  120. {
  121. static char msg[384], host_port[300];
  122. SSL_CTX *ctx = NULL;
  123. BIO *b = NULL;
  124. char buf[2048];
  125. int l, mlen, res = 1;
  126. if (argc < 3) {
  127. fprintf(stderr, "usage: %s host port\n", argv[0]);
  128. goto fail;
  129. }
  130. snprintf(host_port, sizeof(host_port), "%s:%s", argv[1], argv[2]);
  131. mlen = snprintf(msg, sizeof(msg),
  132. "GET / HTTP/1.0\r\nHost: %s\r\n\r\n", argv[1]);
  133. ctx = create_ssl_ctx();
  134. if (ctx == NULL) {
  135. fprintf(stderr, "could not create context\n");
  136. goto fail;
  137. }
  138. b = new_conn(ctx, host_port);
  139. if (b == NULL) {
  140. fprintf(stderr, "could not create connection\n");
  141. goto fail;
  142. }
  143. l = tx(b, msg, mlen);
  144. if (l < mlen) {
  145. fprintf(stderr, "tx error\n");
  146. goto fail;
  147. }
  148. for (;;) {
  149. l = rx(b, buf, sizeof(buf));
  150. if (l <= 0)
  151. break;
  152. fwrite(buf, 1, l, stdout);
  153. }
  154. res = 0;
  155. fail:
  156. if (b != NULL)
  157. teardown(b);
  158. if (ctx != NULL)
  159. teardown_ctx(ctx);
  160. return res;
  161. }