summaryrefslogtreecommitdiffhomepage
path: root/libs/nixio/axTLS/samples/perl/axssl.pl
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2014-12-03 15:17:05 +0100
committerJo-Philipp Wich <jow@openwrt.org>2015-01-08 16:26:20 +0100
commit1bb4822dca6113f73e3bc89e2acf15935e6f8e92 (patch)
tree35e16f100466e4e00657199b38bb3d87d52bf73f /libs/nixio/axTLS/samples/perl/axssl.pl
parent9edd0e46c3f880727738ce8ca6ff1c8b85f99ef4 (diff)
Rework LuCI build system
* Rename subdirectories to their repective OpenWrt package names * Make each LuCI module its own standalone package * Deploy a shared luci.mk which is used by each module Makefile Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'libs/nixio/axTLS/samples/perl/axssl.pl')
-rwxr-xr-xlibs/nixio/axTLS/samples/perl/axssl.pl634
1 files changed, 0 insertions, 634 deletions
diff --git a/libs/nixio/axTLS/samples/perl/axssl.pl b/libs/nixio/axTLS/samples/perl/axssl.pl
deleted file mode 100755
index e49d52270d..0000000000
--- a/libs/nixio/axTLS/samples/perl/axssl.pl
+++ /dev/null
@@ -1,634 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Copyright (c) 2007, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-#
-# Demonstrate the use of the axTLS library in Perl with a set of
-# command-line parameters similar to openssl. In fact, openssl clients
-# should be able to communicate with axTLS servers and visa-versa.
-#
-# This code has various bits enabled depending on the configuration. To enable
-# the most interesting version, compile with the 'full mode' enabled.
-#
-# To see what options you have, run the following:
-# > [perl] axssl s_server -?
-# > [perl] axssl s_client -?
-#
-# The axtls/axtlsp shared libraries must be in the same directory or be found
-# by the OS. axtlsp.pm must be in this directory or be in @INC.
-#
-# Under Win32, ActivePerl was used (see
-# http://www.activestate.com/Products/ActivePerl/?mp=1)
-#
-use axtlsp;
-use IO::Socket;
-
-# To get access to Win32 file descriptor stuff
-my $is_win32 = 0;
-
-if ($^O eq "MSWin32")
-{
- eval("use Win32API::File 0.08 qw( :ALL )");
- $is_win32 = 1;
-}
-
-use strict;
-
-#
-# Win32 has some problems with socket handles
-#
-sub get_native_sock
-{
- my ($sock) = @_;
- return $is_win32 ? FdGetOsFHandle($sock) : $sock;
-}
-
-# print version?
-if ($#ARGV == 0 && $ARGV[0] eq "version")
-{
- printf("axssl.pl ".axtlsp::ssl_version()."\n");
- exit 0;
-}
-
-#
-# Main entry point. Doesn't do much except works out whether we are a client
-# or a server.
-#
-print_options($#ARGV > -1 ? $ARGV[0] : "")
- if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
-
-
-# Cygwin/Win32 issue - flush our output continuously
-select STDOUT;
-local $|=1;
-
-my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
-$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
-
-#
-# Implement the SSL server logic.
-#
-sub do_server
-{
- my ($build_mode) = @_;
- my $i = 1;
- my $port = 4433;
- my $options = $axtlsp::SSL_DISPLAY_CERTS;
- my $quiet = 0;
- my $password = undef;
- my $private_key_file = undef;
- my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
- my $ca_cert_size = axtlsp::ssl_get_config(
- $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
- my @cert;
- my @ca_cert;
-
- while ($i <= $#ARGV)
- {
- if ($ARGV[$i] eq "-accept")
- {
- print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- $port = $ARGV[++$i];
- }
- elsif ($ARGV[$i] eq "-quiet")
- {
- $quiet = 1;
- $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
- }
- elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
- {
- if ($ARGV[$i] eq "-cert")
- {
- print_server_options($build_mode, $ARGV[$i])
- if $i >= $#ARGV || $#cert >= $cert_size-1;
-
- push @cert, $ARGV[++$i];
- }
- elsif ($ARGV[$i] eq "-key")
- {
- print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- $private_key_file = $ARGV[++$i];
- $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
- }
- elsif ($ARGV[$i] eq "-pass")
- {
- print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- $password = $ARGV[++$i];
- }
- elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
- {
- if ($ARGV[$i] eq "-verify")
- {
- $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
- }
- elsif ($ARGV[$i] eq "-CAfile")
- {
- print_server_options($build_mode, $ARGV[$i])
- if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
- push @ca_cert, $ARGV[++$i];
- }
- elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
- {
- if ($ARGV[$i] eq "-debug")
- {
- $options |= $axtlsp::SSL_DISPLAY_BYTES;
- }
- elsif ($ARGV[$i] eq "-state")
- {
- $options |= $axtlsp::SSL_DISPLAY_STATES;
- }
- elsif ($ARGV[$i] eq "-show-rsa")
- {
- $options |= $axtlsp::SSL_DISPLAY_RSA;
- }
- else
- {
- print_server_options($build_mode, $ARGV[$i]);
- }
- }
- else
- {
- print_server_options($build_mode, $ARGV[$i]);
- }
- }
- else
- {
- print_server_options($build_mode, $ARGV[$i]);
- }
- }
- else
- {
- print_server_options($build_mode, $ARGV[$i]);
- }
-
- $i++;
- }
-
- # Create socket for incoming connections
- my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
- LocalPort => $port,
- Listen => 1,
- Reuse => 1) or die $!;
-
- ###########################################################################
- # This is where the interesting stuff happens. Up until now we've
- # just been setting up sockets etc. Now we do the SSL handshake.
- ###########################################################################
- my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
- die "Error: Server context is invalid" if not defined $ssl_ctx;
-
- if (defined $private_key_file)
- {
- my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
-
- $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
- $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
-
- die "Private key '$private_key_file' is undefined." if
- axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
- $private_key_file, $password);
- }
-
- foreach (@cert)
- {
- die "Certificate '$_' is undefined."
- if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT,
- $_, undef) != $axtlsp::SSL_OK;
- }
-
- foreach (@ca_cert)
- {
- die "Certificate '$_' is undefined."
- if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT,
- $_, undef) != $axtlsp::SSL_OK;
- }
-
- for (;;)
- {
- printf("ACCEPT\n") if not $quiet;
- my $client_sock = $server_sock->accept;
- my $native_sock = get_native_sock($client_sock->fileno);
-
- # This doesn't work in Win32 - need to get file descriptor from socket.
- my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
-
- # do the actual SSL handshake
- my $res;
- my $buf;
- my $connected = 0;
-
- while (1)
- {
- ($res, $buf) = axtlsp::ssl_read($ssl, undef);
- last if $res < $axtlsp::SSL_OK;
-
- if ($res == $axtlsp::SSL_OK) # connection established and ok
- {
- if (axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK)
- {
- if (!$quiet && !$connected)
- {
- display_session_id($ssl);
- display_cipher($ssl);
- }
-
- $connected = 1;
- }
- }
-
- if ($res > $axtlsp::SSL_OK)
- {
- printf($$buf);
- }
- elsif ($res < $axtlsp::SSL_OK)
- {
- axtlsp::ssl_display_error($res) if not $quiet;
- last;
- }
- }
-
- # client was disconnected or the handshake failed.
- printf("CONNECTION CLOSED\n") if not $quiet;
- axtlsp::ssl_free($ssl);
- $client_sock->close;
- }
-
- axtlsp::ssl_ctx_free($ssl_ctx);
-}
-
-#
-# Implement the SSL client logic.
-#
-sub do_client
-{
- my ($build_mode) = @_;
- my $i = 1;
- my $port = 4433;
- my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
- my $private_key_file = undef;
- my $reconnect = 0;
- my $quiet = 0;
- my $password = undef;
- my @session_id;
- my $host = "127.0.0.1";
- my @cert;
- my @ca_cert;
- my $cert_size = axtlsp::ssl_get_config(
- $axtlsp::SSL_MAX_CERT_CFG_OFFSET);
- my $ca_cert_size = axtlsp::ssl_get_config(
- $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
- while ($i <= $#ARGV)
- {
- if ($ARGV[$i] eq "-connect")
- {
- print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- ($host, $port) = split(':', $ARGV[++$i]);
- }
- elsif ($ARGV[$i] eq "-cert")
- {
- print_client_options($build_mode, $ARGV[$i])
- if $i >= $#ARGV || $#cert >= $cert_size-1;
-
- push @cert, $ARGV[++$i];
- }
- elsif ($ARGV[$i] eq "-key")
- {
- print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- $private_key_file = $ARGV[++$i];
- $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
- }
- elsif ($ARGV[$i] eq "-CAfile")
- {
- print_client_options($build_mode, $ARGV[$i])
- if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
-
- push @ca_cert, $ARGV[++$i];
- }
- elsif ($ARGV[$i] eq "-verify")
- {
- $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
- }
- elsif ($ARGV[$i] eq "-reconnect")
- {
- $reconnect = 4;
- }
- elsif ($ARGV[$i] eq "-quiet")
- {
- $quiet = 1;
- $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
- }
- elsif ($ARGV[$i] eq "-pass")
- {
- print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- $password = $ARGV[++$i];
- }
- elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
- {
- if ($ARGV[$i] eq "-debug")
- {
- $options |= $axtlsp::SSL_DISPLAY_BYTES;
- }
- elsif ($ARGV[$i] eq "-state")
- {
- $options |= $axtlsp::SSL_DISPLAY_STATES;
- }
- elsif ($ARGV[$i] eq "-show-rsa")
- {
- $options |= $axtlsp::SSL_DISPLAY_RSA;
- }
- else # don't know what this is
- {
- print_client_options($build_mode, $ARGV[$i]);
- }
- }
- else # don't know what this is
- {
- print_client_options($build_mode, $ARGV[$i]);
- }
-
- $i++;
- }
-
- my $client_sock = new IO::Socket::INET (
- PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
- || die ("no socket: $!");
- my $ssl;
- my $res;
- my $native_sock = get_native_sock($client_sock->fileno);
-
- printf("CONNECTED\n") if not $quiet;
-
- ###########################################################################
- # This is where the interesting stuff happens. Up until now we've
- # just been setting up sockets etc. Now we do the SSL handshake.
- ###########################################################################
- my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
- die "Error: Client context is invalid" if not defined $ssl_ctx;
-
- if (defined $private_key_file)
- {
- my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
-
- $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
- $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
-
- die "Private key '$private_key_file' is undefined." if
- axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
- $private_key_file, $password);
- }
-
- foreach (@cert)
- {
- die "Certificate '$_' is undefined."
- if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT,
- $_, undef) != $axtlsp::SSL_OK;
- }
-
- foreach (@ca_cert)
- {
- die "Certificate '$_' is undefined."
- if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT,
- $_, undef) != $axtlsp::SSL_OK;
- }
-
- # Try session resumption?
- if ($reconnect)
- {
- my $session_id = undef;
- my $sess_id_size = 0;
-
- while ($reconnect--)
- {
- $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock,
- $session_id, $sess_id_size);
-
- $res = axtlsp::ssl_handshake_status($ssl);
- if ($res != $axtlsp::SSL_OK)
- {
- axtlsp::ssl_display_error($res) if !$quiet;
- axtlsp::ssl_free($ssl);
- exit 1;
- }
-
- display_session_id($ssl);
- $session_id = axtlsp::ssl_get_session_id($ssl);
-
- if ($reconnect)
- {
- axtlsp::ssl_free($ssl);
- $client_sock->close;
- $client_sock = new IO::Socket::INET (
- PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
- || die ("no socket: $!");
-
- }
- }
- }
- else
- {
- $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0);
- }
-
- # check the return status
- $res = axtlsp::ssl_handshake_status($ssl);
- if ($res != $axtlsp::SSL_OK)
- {
- axtlsp::ssl_display_error($res) if not $quiet;
- exit 1;
- }
-
- if (!$quiet)
- {
- my $common_name = axtlsp::ssl_get_cert_dn($ssl,
- $axtlsp::SSL_X509_CERT_COMMON_NAME);
-
- printf("Common Name:\t\t\t%s\n", $common_name) if defined $common_name;
- display_session_id($ssl);
- display_cipher($ssl);
- }
-
- while (<STDIN>)
- {
- my $cstring = pack("a*x", $_); # add null terminator
- $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
- if ($res < $axtlsp::SSL_OK)
- {
- axtlsp::ssl_display_error($res) if not $quiet;
- last;
- }
- }
-
- axtlsp::ssl_ctx_free($ssl_ctx);
- $client_sock->close;
-}
-
-#
-# We've had some sort of command-line error. Print out the basic options.
-#
-sub print_options
-{
- my ($option) = @_;
- printf("axssl: Error: '%s' is an invalid command.\n", $option);
- printf("usage: axssl [s_server|s_client|version] [args ...]\n");
- exit 1;
-}
-
-#
-# We've had some sort of command-line error. Print out the server options.
-#
-sub print_server_options
-{
- my ($build_mode, $option) = @_;
- my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
- my $ca_cert_size = axtlsp::ssl_get_config(
- $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
- printf("unknown option %s\n", $option);
- printf("usage: s_server [args ...]\n");
- printf(" -accept arg\t- port to accept on (default is 4433)\n");
- printf(" -quiet\t\t- No server output\n");
-
- if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
- {
- printf(" -cert arg\t- certificate file to add (in addition to default)".
- " to chain -\n".
- "\t\t Can repeat up to %d times\n", $cert_size);
- printf(" -key arg\t- Private key file to use - default DER format\n");
- printf(" -pass\t\t- private key file pass phrase source\n");
- }
-
- if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
- {
- printf(" -verify\t- turn on peer certificate verification\n");
- printf(" -CAfile arg\t- Certificate authority - default DER format\n");
- printf("\t\t Can repeat up to %d times\n", $ca_cert_size);
- }
-
- if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
- {
- printf(" -debug\t\t- Print more output\n");
- printf(" -state\t\t- Show state messages\n");
- printf(" -show-rsa\t- Show RSA state\n");
- }
-
- exit 1;
-}
-
-#
-# We've had some sort of command-line error. Print out the client options.
-#
-sub print_client_options
-{
- my ($build_mode, $option) = @_;
- my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
- my $ca_cert_size = axtlsp::ssl_get_config(
- $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
- printf("unknown option %s\n", $option);
-
- if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
- {
- printf("usage: s_client [args ...]\n");
- printf(" -connect host:port - who to connect to (default ".
- "is localhost:4433)\n");
- printf(" -verify\t- turn on peer certificate verification\n");
- printf(" -cert arg\t- certificate file to use - default DER format\n");
- printf(" -key arg\t- Private key file to use - default DER format\n");
- printf("\t\t Can repeat up to %d times\n", $cert_size);
- printf(" -CAfile arg\t- Certificate authority - default DER format\n");
- printf("\t\t Can repeat up to %d times\n", $ca_cert_size);
- printf(" -quiet\t\t- No client output\n");
- printf(" -pass\t\t- private key file pass phrase source\n");
- printf(" -reconnect\t- Drop and re-make the connection ".
- "with the same Session-ID\n");
-
- if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
- {
- printf(" -debug\t\t- Print more output\n");
- printf(" -state\t\t- Show state messages\n");
- printf(" -show-rsa\t- Show RSA state\n");
- }
- }
- else
- {
- printf("Change configuration to allow this feature\n");
- }
-
- exit 1;
-}
-
-#
-# Display what cipher we are using
-#
-sub display_cipher
-{
- my ($ssl) = @_;
- printf("CIPHER is ");
- my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
-
- if ($cipher_id == $axtlsp::SSL_AES128_SHA)
- {
- printf("AES128-SHA");
- }
- elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
- {
- printf("AES256-SHA");
- }
- elsif ($axtlsp::SSL_RC4_128_SHA)
- {
- printf("RC4-SHA");
- }
- elsif ($axtlsp::SSL_RC4_128_MD5)
- {
- printf("RC4-MD5");
- }
- else
- {
- printf("Unknown - %d", $cipher_id);
- }
-
- printf("\n");
-}
-
-#
-# Display what session id we have.
-#
-sub display_session_id
-{
- my ($ssl) = @_;
- my $session_id = axtlsp::ssl_get_session_id($ssl);
- if (length($$session_id) > 0)
- {
- printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
- printf(unpack("H*", $$session_id));
- printf("\n-----END SSL SESSION PARAMETERS-----\n");
- }
-}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 23:22:07 +0000