search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
corrected verification examples
[gnutls.git] / doc / examples / ex-client-dtls.c
blob412e149be1960e98d449ee73b4840e3bfb3d7114
1 /* This example code is placed in the public domain. */
2
3 #ifdef HAVE_CONFIG_H
4 #include <config.h>
5 #endif
6
7 #include <stdio.h>
8 #include <stdlib.h>
9 #include <string.h>
10 #include <sys/types.h>
11 #include <sys/socket.h>
12 #include <arpa/inet.h>
13 #include <unistd.h>
14 #include <gnutls/gnutls.h>
15 #include <gnutls/dtls.h>
16
17 /* A very basic Datagram TLS client, over UDP with X.509 authentication.
18 */
19
20 #define MAX_BUF 1024
21 #define CAFILE "/etc/ssl/certs/ca-certificates.crt"
22 #define MSG "GET / HTTP/1.0\r\n\r\n"
23
24 extern int udp_connect (void);
25 extern void udp_close (int sd);
26 extern int verify_certificate_callback (gnutls_session_t session);
27
28 int
29 main (void)
30 {
31 int ret, sd, ii;
32 gnutls_session_t session;
33 char buffer[MAX_BUF + 1];
34 const char *err;
35 gnutls_certificate_credentials_t xcred;
36
37 gnutls_global_init ();
38
39 /* X509 stuff */
40 gnutls_certificate_allocate_credentials (&xcred);
41
42 /* sets the trusted cas file */
43 gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
44 gnutls_certificate_set_verify_function (xcred, verify_certificate_callback);
45
46 /* Initialize TLS session */
47 gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
48
49 /* Use default priorities */
50 ret = gnutls_priority_set_direct (session, "NORMAL", &err);
51 if (ret < 0)
52 {
53 if (ret == GNUTLS_E_INVALID_REQUEST)
54 {
55 fprintf (stderr, "Syntax error at: %s\n", err);
56 }
57 exit (1);
58 }
59
60 /* put the x509 credentials to the current session */
61 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
62 gnutls_server_name_set (session, GNUTLS_NAME_DNS, "my_host_name",
63 strlen("my_host_name"));
64
65 /* connect to the peer */
66 sd = udp_connect ();
67
68 gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
69
70 /* set the connection MTU */
71 gnutls_dtls_set_mtu (session, 1000);
72 gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
73
74 /* Perform the TLS handshake */
75 do
76 {
77 ret = gnutls_handshake (session);
78 }
79 while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
80
81 if (ret < 0)
82 {
83 fprintf (stderr, "*** Handshake failed\n");
84 gnutls_perror (ret);
85 goto end;
86 }
87 else
88 {
89 printf ("- Handshake was completed\n");
90 }
91
92 gnutls_record_send (session, MSG, strlen (MSG));
93
94 ret = gnutls_record_recv (session, buffer, MAX_BUF);
95 if (ret == 0)
96 {
97 printf ("- Peer has closed the TLS connection\n");
98 goto end;
99 }
100 else if (ret < 0)
101 {
102 fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
103 goto end;
104 }
105
106 printf ("- Received %d bytes: ", ret);
107 for (ii = 0; ii < ret; ii++)
108 {
109 fputc (buffer[ii], stdout);
110 }
111 fputs ("\n", stdout);
112
113 /* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS
114 * connections because the peer's closure message might
115 * be lost */
116 gnutls_bye (session, GNUTLS_SHUT_WR);
117
118 end:
119
120 udp_close (sd);
121
122 gnutls_deinit (session);
123
124 gnutls_certificate_free_credentials (xcred);
125
126 gnutls_global_deinit ();
127
128 return 0;
129 }
Implementation of the SSL/TLS protocol