/* wolfSSL-TLS-Client.cs
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
using System;
using System.Runtime.InteropServices;
using System.Text;
using System.IO;
using System.Net;
using System.Net.Sockets;
using wolfSSL.CSharp;
public class wolfSSL_TLS_Client
{
///
/// Example of a logging function
///
/// level of log
/// message to log
public static void standard_log(int lvl, StringBuilder msg)
{
Console.WriteLine(msg);
}
private static void clean(IntPtr ssl, IntPtr ctx)
{
wolfssl.free(ssl);
wolfssl.CTX_free(ctx);
wolfssl.Cleanup();
}
///
/// Verification callback
///
/// 1=Verify Okay, 0=Failure
/// Certificate in WOLFSSL_X509_STORE_CTX format
private static int myVerify(int preverify, IntPtr x509_ctx)
{
/* Use the provided verification */
/* Can optionally override failures by returning non-zero value */
return preverify;
}
///
/// Checks if the SNI option was enabled via command line.
/// Must be enabled with ./configure --enable-sni when configuring
/// wolfSSL.
/// Parameters passed via command line
///
private static int haveSNI(string[] args)
{
for (int i = 0; i < args.Length; i++) {
if (args[i] == "-S") {
Console.WriteLine("SNI IS ON");
return i+1;
}
}
Console.WriteLine("SNI IS OFF");
return -1;
}
public static void Main(string[] args)
{
IntPtr ctx;
IntPtr ssl;
Socket tcp;
IntPtr sniHostName;
/* These paths should be changed for use */
string caCert = wolfssl.setPath("ca-cert.pem");
StringBuilder dhparam = new StringBuilder(wolfssl.setPath("dh2048.pem"));
if (caCert == "" || dhparam.Length == 0) {
Console.WriteLine("Platform not supported.");
return;
}
StringBuilder buff = new StringBuilder(1024);
StringBuilder reply = new StringBuilder("Hello, this is the wolfSSL C# wrapper");
//example of function used for setting logging
wolfssl.SetLogging(standard_log);
wolfssl.Init();
Console.WriteLine("Calling ctx Init from wolfSSL");
ctx = wolfssl.CTX_new(wolfssl.usev23_client());
if (ctx == IntPtr.Zero)
{
Console.WriteLine("Error in creating ctx structure");
return;
}
Console.WriteLine("Finished init of ctx .... now load in CA");
if (!File.Exists(caCert))
{
Console.WriteLine("Could not find CA cert file");
wolfssl.CTX_free(ctx);
return;
}
if (!File.Exists(dhparam.ToString())) {
Console.WriteLine("Could not find dh file");
wolfssl.CTX_free(ctx);
return;
}
if (wolfssl.CTX_load_verify_locations(ctx, caCert, null)
!= wolfssl.SUCCESS)
{
Console.WriteLine("Error loading CA cert");
wolfssl.CTX_free(ctx);
return;
}
int sniArg = haveSNI(args);
if (sniArg >= 0)
{
string sniHostNameString = args[sniArg].Trim();
sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString);
ushort size = (ushort)sniHostNameString.Length;
if (wolfssl.CTX_UseSNI(ctx, (byte)wolfssl.WOLFSSL_SNI_HOST_NAME, sniHostName, size) != wolfssl.SUCCESS)
{
Console.WriteLine("UseSNI failed");
wolfssl.CTX_free(ctx);
return;
}
}
StringBuilder ciphers = new StringBuilder(new String(' ', 4096));
wolfssl.get_ciphers(ciphers, 4096);
Console.WriteLine("Ciphers : " + ciphers.ToString());
/* Uncomment Section to enable specific cipher suite */
#if false
ciphers = new StringBuilder("ECDHE-ECDSA-AES128-GCM-SHA256");
if (wolfssl.CTX_set_cipher_list(ctx, ciphers) != wolfssl.SUCCESS)
{
Console.WriteLine("ERROR CTX_set_cipher_list()");
wolfssl.CTX_free(ctx);
return;
}
#endif
short minDhKey = 128;
wolfssl.CTX_SetMinDhKey_Sz(ctx, minDhKey);
/* Setup Verify Callback */
if (wolfssl.CTX_set_verify(ctx, wolfssl.SSL_VERIFY_PEER, myVerify)
!= wolfssl.SUCCESS)
{
Console.WriteLine("Error setting verify callback!");
}
/* set up TCP socket */
tcp = new Socket(AddressFamily.InterNetwork, SocketType.Stream,
ProtocolType.Tcp);
try
{
tcp.Connect("localhost", 11111);
}
catch (Exception e)
{
Console.WriteLine("tcp.Connect() error " + e.ToString());
wolfssl.CTX_free(ctx);
return;
}
if (!tcp.Connected)
{
Console.WriteLine("tcp.Connect() failed!");
tcp.Close();
wolfssl.CTX_free(ctx);
return;
}
Console.WriteLine("Connected TCP");
ssl = wolfssl.new_ssl(ctx);
if (ssl == IntPtr.Zero)
{
Console.WriteLine("Error in creating ssl object");
wolfssl.CTX_free(ctx);
return;
}
Console.WriteLine("Connection made wolfSSL_connect ");
if (wolfssl.set_fd(ssl, tcp) != wolfssl.SUCCESS)
{
/* get and print out the error */
Console.WriteLine(wolfssl.get_error(ssl));
tcp.Close();
clean(ssl, ctx);
return;
}
wolfssl.SetTmpDH_file(ssl, dhparam, wolfssl.SSL_FILETYPE_PEM);
if (wolfssl.connect(ssl) != wolfssl.SUCCESS)
{
/* get and print out the error */
Console.WriteLine(wolfssl.get_error(ssl));
tcp.Close();
clean(ssl, ctx);
return;
}
/* print out results of TLS/SSL accept */
Console.WriteLine("SSL version is " + wolfssl.get_version(ssl));
Console.WriteLine("SSL cipher suite is " + wolfssl.get_current_cipher(ssl));
if (wolfssl.write(ssl, reply, reply.Length) != reply.Length)
{
Console.WriteLine("Error in write");
tcp.Close();
clean(ssl, ctx);
return;
}
/* read and print out the message then reply */
if (wolfssl.read(ssl, buff, 1023) < 0)
{
Console.WriteLine("Error in read");
tcp.Close();
clean(ssl, ctx);
return;
}
Console.WriteLine(buff);
wolfssl.shutdown(ssl);
tcp.Close();
clean(ssl, ctx);
}
}