|
| 1 | +/* cli.cpp - Minimal ssleay client for Unix |
| 2 | + 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */ |
| 3 | + |
| 4 | +/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b |
| 5 | + Simplified to be even more minimal |
| 6 | + 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */ |
| 7 | + |
| 8 | +#include <stdio.h> |
| 9 | +#include <memory.h> |
| 10 | +#include <errno.h> |
| 11 | +#include <sys/types.h> |
| 12 | +#include "SipUdp.h" |
| 13 | + |
| 14 | +#include <openssl/crypto.h> |
| 15 | +#include <openssl/x509.h> |
| 16 | +#include <openssl/pem.h> |
| 17 | +#include <openssl/ssl.h> |
| 18 | +#include <openssl/err.h> |
| 19 | + |
| 20 | +#define CRLF "\r\n" |
| 21 | +#define CRLFCRLF "\r\n\r\n" |
| 22 | + |
| 23 | +/* Make these what you want for cert & key files */ |
| 24 | +#define CERTF "C:\\Temp\\new\\client.crt" |
| 25 | +#define KEYF "C:\\Temp\\new\\client.key" |
| 26 | + |
| 27 | +#define CHK_NULL(x) if ((x)==NULL) exit (1) |
| 28 | +#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } |
| 29 | +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } |
| 30 | + |
| 31 | +void print_x509(SSL *ssl) |
| 32 | +{ |
| 33 | + char *ascii_cert; |
| 34 | + X509 *cert = SSL_get_peer_certificate(ssl); |
| 35 | + BIO *b; |
| 36 | + BUF_MEM *bptr; |
| 37 | + |
| 38 | + b = BIO_new(BIO_s_mem()); |
| 39 | + |
| 40 | + if(X509_print(b, cert) > 0) |
| 41 | + { |
| 42 | + BIO_get_mem_ptr(b, &bptr); |
| 43 | + ascii_cert = (char *)malloc(1 + bptr->length); |
| 44 | + memcpy(ascii_cert, bptr->data, bptr->length); |
| 45 | + } |
| 46 | + else |
| 47 | + { |
| 48 | + ascii_cert = (char *)malloc(1024); |
| 49 | + sprintf(ascii_cert, "This certificate has never been seen before and can't be shown\n"); |
| 50 | + } |
| 51 | + BIO_free(b); |
| 52 | + |
| 53 | + /* X.509 ÀÎÁõ¼ Ãâ·Â */ |
| 54 | + printf("X.509:\n%s\n", ascii_cert); |
| 55 | +} |
| 56 | + |
| 57 | +int main () |
| 58 | +{ |
| 59 | + int err = 0; |
| 60 | + int sd; |
| 61 | + struct sockaddr_in sa; |
| 62 | + |
| 63 | + SSL_CTX* ctx; |
| 64 | + SSL* ssl; |
| 65 | + X509* server_cert; |
| 66 | + |
| 67 | + char* str; |
| 68 | + char buf [4096]; |
| 69 | + X509_NAME * name; |
| 70 | + char commonName [512]; |
| 71 | + |
| 72 | + SSL_METHOD *meth; |
| 73 | + |
| 74 | + InitNetwork(); |
| 75 | + |
| 76 | + memset(buf, 0, 4096); |
| 77 | + |
| 78 | + strcpy(buf, "REGISTER sips:192.168.1.142:5061 SIP/2.0"); |
| 79 | + strcat(buf, CRLF); |
| 80 | + strcat(buf, "Max-Forwards: 70"); |
| 81 | + strcat(buf, CRLF); |
| 82 | + strcat(buf, "Content-Length: 0"); |
| 83 | + strcat(buf, CRLF); |
| 84 | + strcat(buf, "Via: SIP/2.0/TLS 192.168.1.142:5060;branch=z9hG4bKba05d177b;rport"); |
| 85 | + strcat(buf, CRLF); |
| 86 | + strcat(buf, "Call-ID: e0cd67001414191dbc4ff911f1a7329c@192.168.1.142"); |
| 87 | + strcat(buf, CRLF); |
| 88 | + strcat(buf, "From: <sips:07070001004@192.168.1.142:5061>;tag=e60c96951bac6ae"); |
| 89 | + strcat(buf, CRLF); |
| 90 | + strcat(buf, "To: <sips:07070001004@192.168.1.142:5061>"); |
| 91 | + strcat(buf, CRLF); |
| 92 | + strcat(buf, "CSeq: 9 REGISTER"); |
| 93 | + strcat(buf, CRLF); |
| 94 | + strcat(buf, "Contact: <sips:07070001004@192.168.1.142:5061>;expires=60"); |
| 95 | + strcat(buf, CRLF); |
| 96 | + strcat(buf, "Expires: 60"); |
| 97 | + strcat(buf, CRLFCRLF); |
| 98 | + |
| 99 | + SSL_library_init(); |
| 100 | + meth = TLSv1_client_method(); |
| 101 | + SSL_load_error_strings(); |
| 102 | + SSLeay_add_ssl_algorithms(); |
| 103 | + ctx = SSL_CTX_new (meth); |
| 104 | + CHK_NULL(ctx); |
| 105 | + CHK_SSL(err); |
| 106 | + |
| 107 | + |
| 108 | + /////////////////////////////////////////////////////////////////////////////////////// |
| 109 | + // Create a socket and connect to server using normal socket calls. |
| 110 | + sd = socket (AF_INET, SOCK_STREAM, 0); |
| 111 | + CHK_ERR(sd, "socket"); |
| 112 | + |
| 113 | + memset (&sa, '\0', sizeof(sa)); |
| 114 | + sa.sin_family = AF_INET; |
| 115 | + sa.sin_addr.s_addr = inet_addr ("211.232.179.68"); /* Server IP */ |
| 116 | + sa.sin_port = htons (5065); /* Server Port number */ |
| 117 | + |
| 118 | + // Normal-connect |
| 119 | + err = connect(sd, (struct sockaddr*) &sa, sizeof(sa)); |
| 120 | + CHK_ERR(err, "connect"); |
| 121 | + |
| 122 | +// SSL_set_cipher_list(ssl, "AES128-SHA,ARIA128-SHA"); |
| 123 | + |
| 124 | + if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) { |
| 125 | + ERR_print_errors_fp(stderr); |
| 126 | + exit(3); |
| 127 | + } |
| 128 | + |
| 129 | + if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) { |
| 130 | + ERR_print_errors_fp(stderr); |
| 131 | + exit(4); |
| 132 | + } |
| 133 | + |
| 134 | +#if 0 |
| 135 | + if (SSL_CTX_load_verify_locations(ctx, "./ca.crt", NULL) <= 0) { |
| 136 | + SSL_CTX_free(ctx); |
| 137 | + return; |
| 138 | + } |
| 139 | +#endif |
| 140 | + |
| 141 | + if (!SSL_CTX_check_private_key(ctx)) { |
| 142 | + fprintf(stderr,"Private key does not match the certificate public key\n"); |
| 143 | + exit(5); |
| 144 | + } |
| 145 | + |
| 146 | + // Now we have TCP conncetion. Start SSL negotiation. |
| 147 | + // create a new SSL structure for a connection |
| 148 | + ssl = SSL_new (ctx); |
| 149 | + CHK_NULL(ssl); |
| 150 | + |
| 151 | + // connect the SSL object with a file descriptor |
| 152 | + SSL_set_fd (ssl, sd); |
| 153 | + |
| 154 | + // initiate the TLS/SSL handshake with an TLS/SSL server |
| 155 | + err = SSL_connect (ssl); |
| 156 | + CHK_SSL(err); |
| 157 | + |
| 158 | + /* |
| 159 | + * Following two steps are optional and not required for |
| 160 | + * data exchange to be successful. |
| 161 | + */ |
| 162 | + |
| 163 | + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); |
| 164 | + |
| 165 | +#if 0 |
| 166 | + // Get server's certificate (note: beware of dynamic allocation) - opt |
| 167 | + server_cert = SSL_get_peer_certificate (ssl); |
| 168 | + if (server_cert != NULL) |
| 169 | + { |
| 170 | + print_x509(ssl); |
| 171 | + X509_free (server_cert); |
| 172 | + } |
| 173 | + else |
| 174 | + { |
| 175 | + printf ("Server does not have certificate.\n"); |
| 176 | + } |
| 177 | +#endif |
| 178 | + |
| 179 | + // DATA EXCHANGE - Send a message and receive a reply. |
| 180 | + //err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); |
| 181 | + //CHK_SSL(err); |
| 182 | + err = SSL_write (ssl, buf, strlen(buf)); |
| 183 | + CHK_SSL(err); |
| 184 | + |
| 185 | + printf ("Send chars:'%s'\n", buf); |
| 186 | + |
| 187 | + memset(buf, 0, 4096); |
| 188 | + |
| 189 | + err = SSL_read (ssl, buf, sizeof(buf) - 1); |
| 190 | + CHK_SSL(err); |
| 191 | + buf[err] = '\0'; |
| 192 | + printf ("Got %d chars:'%s'\n", err, buf); |
| 193 | + |
| 194 | + // send SSL/TLS close_notify |
| 195 | + SSL_shutdown (ssl); |
| 196 | + |
| 197 | + /* Clean up. */ |
| 198 | + |
| 199 | + close (sd); |
| 200 | + SSL_free (ssl); |
| 201 | + SSL_CTX_free (ctx); |
| 202 | + |
| 203 | + return 0; |
| 204 | +} |
| 205 | + |
0 commit comments