summaryrefslogtreecommitdiffhomepage
path: root/libs/nixio/axTLS/samples
diff options
context:
space:
mode:
Diffstat (limited to 'libs/nixio/axTLS/samples')
-rw-r--r--libs/nixio/axTLS/samples/Config.in63
-rw-r--r--libs/nixio/axTLS/samples/Makefile62
-rw-r--r--libs/nixio/axTLS/samples/c/Makefile76
-rw-r--r--libs/nixio/axTLS/samples/c/axssl.c883
-rw-r--r--libs/nixio/axTLS/samples/csharp/Makefile48
-rw-r--r--libs/nixio/axTLS/samples/csharp/axssl.cs758
-rw-r--r--libs/nixio/axTLS/samples/java/Makefile51
-rw-r--r--libs/nixio/axTLS/samples/java/axssl.java760
-rw-r--r--libs/nixio/axTLS/samples/java/manifest.mf1
-rw-r--r--libs/nixio/axTLS/samples/lua/Makefile43
-rwxr-xr-xlibs/nixio/axTLS/samples/lua/axssl.lua562
-rw-r--r--libs/nixio/axTLS/samples/perl/Makefile43
-rwxr-xr-xlibs/nixio/axTLS/samples/perl/axssl.pl634
-rw-r--r--libs/nixio/axTLS/samples/vbnet/Makefile48
-rw-r--r--libs/nixio/axTLS/samples/vbnet/axssl.vb702
15 files changed, 0 insertions, 4734 deletions
diff --git a/libs/nixio/axTLS/samples/Config.in b/libs/nixio/axTLS/samples/Config.in
deleted file mode 100644
index ecad25eeb7..0000000000
--- a/libs/nixio/axTLS/samples/Config.in
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-# For a description of the syntax of this configuration file,
-# see scripts/config/Kconfig-language.txt
-#
-menu "Samples"
-
-config CONFIG_SAMPLES
- bool "Create Samples"
- default y
- help
- axTLS contains various sample code.
-
- Select Y here if you want to build the various samples.
-
-config CONFIG_C_SAMPLES
- bool "axssl - C version"
- default y
- depends on CONFIG_SAMPLES
- help
- Build the "C" version of axssl. The features enabled are very
- dependent on the build mode ('full' mode will give all features).
-
-config CONFIG_CSHARP_SAMPLES
- bool "axssl - C# version"
- default y
- depends on CONFIG_SAMPLES && CONFIG_CSHARP_BINDINGS
- help
- Build the "C#" version of axssl. The features enabled are very
- dependent on the build mode ('full' mode will give all features).
-
-config CONFIG_VBNET_SAMPLES
- bool "axssl - VB.NET version"
- default y
- depends on CONFIG_SAMPLES && CONFIG_VBNET_BINDINGS
- help
- Build the "VB.NET" version of axssl. The features enabled are very
- dependent on the build mode ('full' mode will give all features).
-
-config CONFIG_JAVA_SAMPLES
- bool "axssl - Java version"
- default y
- depends on CONFIG_SAMPLES && CONFIG_JAVA_BINDINGS
- help
- Build the "Java" version of axssl. The features enabled are very
- dependent on the build mode ('full' mode will give all features).
-
-config CONFIG_PERL_SAMPLES
- bool "axssl - Perl version"
- default y
- depends on CONFIG_SAMPLES && CONFIG_PERL_BINDINGS
- help
- Build the "Perl" version of axssl. The features enabled are very
- dependent on the build mode ('full' mode will give all features).
-
-config CONFIG_LUA_SAMPLES
- bool "axssl - Lua version"
- default y
- depends on CONFIG_SAMPLES && CONFIG_LUA_BINDINGS
- help
- Build the "Lua" version of axssl. The features enabled are very
- dependent on the build mode ('full' mode will give all features).
-endmenu
-
diff --git a/libs/nixio/axTLS/samples/Makefile b/libs/nixio/axTLS/samples/Makefile
deleted file mode 100644
index afbdd43d1b..0000000000
--- a/libs/nixio/axTLS/samples/Makefile
+++ /dev/null
@@ -1,62 +0,0 @@
-#
-# Copyright (c) 2007, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-all:
-
-include ../config/.config
-include ../config/makefile.conf
-
-all:
-ifdef CONFIG_C_SAMPLES
- $(MAKE) -C c
-endif
-ifdef CONFIG_CSHARP_SAMPLES
- $(MAKE) -C csharp
-endif
-ifdef CONFIG_VBNET_SAMPLES
- $(MAKE) -C vbnet
-endif
-ifdef CONFIG_JAVA_SAMPLES
- $(MAKE) -C java
-endif
-ifdef CONFIG_PERL_SAMPLES
- $(MAKE) -C perl
-endif
-ifdef CONFIG_LUA_SAMPLES
- $(MAKE) -C lua
-endif
-
-clean::
- $(MAKE) -C c clean
- $(MAKE) -C csharp clean
- $(MAKE) -C vbnet clean
- $(MAKE) -C java clean
- $(MAKE) -C perl clean
- $(MAKE) -C lua clean
diff --git a/libs/nixio/axTLS/samples/c/Makefile b/libs/nixio/axTLS/samples/c/Makefile
deleted file mode 100644
index 17cf9e7c12..0000000000
--- a/libs/nixio/axTLS/samples/c/Makefile
+++ /dev/null
@@ -1,76 +0,0 @@
-#
-# Copyright (c) 2007, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-all : sample
-
-AXTLS_HOME=../..
-
-include $(AXTLS_HOME)/config/.config
-include $(AXTLS_HOME)/config/makefile.conf
-
-ifndef CONFIG_PLATFORM_WIN32
-
-ifdef CONFIG_PLATFORM_CYGWIN
-TARGET=$(AXTLS_HOME)/$(STAGE)/axssl.exe
-else
-TARGET=$(AXTLS_HOME)/$(STAGE)/axssl
-endif # cygwin
-
-LIBS=$(AXTLS_HOME)/$(STAGE)
-else
-TARGET=$(AXTLS_HOME)/$(STAGE)/axssl.exe
-endif
-
-ifndef CONFIG_C_SAMPLES
-sample:
-
-else
-sample : $(TARGET)
-OBJ= axssl.o
-include $(AXTLS_HOME)/config/makefile.post
-
-ifndef CONFIG_PLATFORM_WIN32
-
-$(TARGET): $(OBJ) $(LIBS)/libaxtls.a
- $(LD) $(LDFLAGS) -o $@ $(OBJ) -L$(LIBS) -laxtls
-ifdef CONFIG_STRIP_UNWANTED_SECTIONS
- $(STRIP) --remove-section=.comment $(TARGET)
-endif # use strip
-else # Win32
-
-$(TARGET): $(OBJ)
- $(LD) $(LDFLAGS) $(AXTLS_HOME)/config/axtls.res /out:$@ $^ /libpath:"$(AXTLS_HOME)/$(STAGE)" axtls.lib
-endif
-
-endif # CONFIG_C_SAMPLES
-
-clean::
- -@rm -f $(AXTLS_HOME)/$(STAGE)/axssl*
-
diff --git a/libs/nixio/axTLS/samples/c/axssl.c b/libs/nixio/axTLS/samples/c/axssl.c
deleted file mode 100644
index 6892ee452b..0000000000
--- a/libs/nixio/axTLS/samples/c/axssl.c
+++ /dev/null
@@ -1,883 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Demonstrate the use of the axTLS library in C with a set of
- * command-line parameters similar to openssl. In fact, openssl clients
- * should be able to communicate with axTLS servers and visa-versa.
- *
- * This code has various bits enabled depending on the configuration. To enable
- * the most interesting version, compile with the 'full mode' enabled.
- *
- * To see what options you have, run the following:
- * > axssl s_server -?
- * > axssl s_client -?
- *
- * The axtls shared library must be in the same directory or be found
- * by the OS.
- */
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include "ssl.h"
-
-/* define standard input */
-#ifndef STDIN_FILENO
-#define STDIN_FILENO 0
-#endif
-
-static void do_server(int argc, char *argv[]);
-static void print_options(char *option);
-static void print_server_options(char *option);
-static void do_client(int argc, char *argv[]);
-static void print_client_options(char *option);
-static void display_cipher(SSL *ssl);
-static void display_session_id(SSL *ssl);
-
-/**
- * Main entry point. Doesn't do much except works out whether we are a client
- * or a server.
- */
-int main(int argc, char *argv[])
-{
-#ifdef WIN32
- WSADATA wsaData;
- WORD wVersionRequested = MAKEWORD(2, 2);
- WSAStartup(wVersionRequested, &wsaData);
-#elif !defined(CONFIG_PLATFORM_SOLARIS)
- signal(SIGPIPE, SIG_IGN); /* ignore pipe errors */
-#endif
-
- if (argc == 2 && strcmp(argv[1], "version") == 0)
- {
- printf("axssl %s %s\n", ssl_version(), __DATE__);
- exit(0);
- }
-
- if (argc < 2 || (
- strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
- print_options(argc > 1 ? argv[1] : "");
-
- strcmp(argv[1], "s_server") ?
- do_client(argc, argv) : do_server(argc, argv);
- return 0;
-}
-
-/**
- * Implement the SSL server logic.
- */
-static void do_server(int argc, char *argv[])
-{
- int i = 2;
- uint16_t port = 4433;
- uint32_t options = SSL_DISPLAY_CERTS;
- int client_fd;
- SSL_CTX *ssl_ctx;
- int server_fd, res = 0;
- socklen_t client_len;
-#ifndef CONFIG_SSL_SKELETON_MODE
- char *private_key_file = NULL;
- const char *password = NULL;
- char **cert;
- int cert_index = 0;
- int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
-#endif
-#ifdef WIN32
- char yes = 1;
-#else
- int yes = 1;
-#endif
- struct sockaddr_in serv_addr;
- struct sockaddr_in client_addr;
- int quiet = 0;
-#ifdef CONFIG_SSL_CERT_VERIFICATION
- int ca_cert_index = 0;
- int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
- char **ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
-#endif
- fd_set read_set;
-
-#ifndef CONFIG_SSL_SKELETON_MODE
- cert = (char **)calloc(1, sizeof(char *)*cert_size);
-#endif
-
- while (i < argc)
- {
- if (strcmp(argv[i], "-accept") == 0)
- {
- if (i >= argc-1)
- {
- print_server_options(argv[i]);
- }
-
- port = atoi(argv[++i]);
- }
-#ifndef CONFIG_SSL_SKELETON_MODE
- else if (strcmp(argv[i], "-cert") == 0)
- {
- if (i >= argc-1 || cert_index >= cert_size)
- {
- print_server_options(argv[i]);
- }
-
- cert[cert_index++] = argv[++i];
- }
- else if (strcmp(argv[i], "-key") == 0)
- {
- if (i >= argc-1)
- {
- print_server_options(argv[i]);
- }
-
- private_key_file = argv[++i];
- options |= SSL_NO_DEFAULT_KEY;
- }
- else if (strcmp(argv[i], "-pass") == 0)
- {
- if (i >= argc-1)
- {
- print_server_options(argv[i]);
- }
-
- password = argv[++i];
- }
-#endif
- else if (strcmp(argv[i], "-quiet") == 0)
- {
- quiet = 1;
- options &= ~SSL_DISPLAY_CERTS;
- }
-#ifdef CONFIG_SSL_CERT_VERIFICATION
- else if (strcmp(argv[i], "-verify") == 0)
- {
- options |= SSL_CLIENT_AUTHENTICATION;
- }
- else if (strcmp(argv[i], "-CAfile") == 0)
- {
- if (i >= argc-1 || ca_cert_index >= ca_cert_size)
- {
- print_server_options(argv[i]);
- }
-
- ca_cert[ca_cert_index++] = argv[++i];
- }
-#endif
-#ifdef CONFIG_SSL_FULL_MODE
- else if (strcmp(argv[i], "-debug") == 0)
- {
- options |= SSL_DISPLAY_BYTES;
- }
- else if (strcmp(argv[i], "-state") == 0)
- {
- options |= SSL_DISPLAY_STATES;
- }
- else if (strcmp(argv[i], "-show-rsa") == 0)
- {
- options |= SSL_DISPLAY_RSA;
- }
-#endif
- else /* don't know what this is */
- {
- print_server_options(argv[i]);
- }
-
- i++;
- }
-
- if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL)
- {
- fprintf(stderr, "Error: Server context is invalid\n");
- exit(1);
- }
-
-#ifndef CONFIG_SSL_SKELETON_MODE
- if (private_key_file)
- {
- int obj_type = SSL_OBJ_RSA_KEY;
-
- /* auto-detect the key type from the file extension */
- if (strstr(private_key_file, ".p8"))
- obj_type = SSL_OBJ_PKCS8;
- else if (strstr(private_key_file, ".p12"))
- obj_type = SSL_OBJ_PKCS12;
-
- if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
- {
- fprintf(stderr, "Error: Private key '%s' is undefined.\n",
- private_key_file);
- exit(1);
- }
- }
-
- for (i = 0; i < cert_index; i++)
- {
- if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
- {
- printf("Certificate '%s' is undefined.\n", cert[i]);
- exit(1);
- }
- }
-#endif
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
- for (i = 0; i < ca_cert_index; i++)
- {
- if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
- {
- printf("Certificate '%s' is undefined.\n", ca_cert[i]);
- exit(1);
- }
- }
-
- free(ca_cert);
-#endif
-#ifndef CONFIG_SSL_SKELETON_MODE
- free(cert);
-#endif
-
- /* Create socket for incoming connections */
- if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
- {
- perror("socket");
- return;
- }
-
- setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
-
- /* Construct local address structure */
- memset(&serv_addr, 0, sizeof(serv_addr)); /* Zero out structure */
- serv_addr.sin_family = AF_INET; /* Internet address family */
- serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
- serv_addr.sin_port = htons(port); /* Local port */
-
- /* Bind to the local address */
- if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
- {
- perror("bind");
- exit(1);
- }
-
- if (listen(server_fd, 5) < 0)
- {
- perror("listen");
- exit(1);
- }
-
- client_len = sizeof(client_addr);
-
- /*************************************************************************
- * This is where the interesting stuff happens. Up until now we've
- * just been setting up sockets etc. Now we do the SSL handshake.
- *************************************************************************/
- for (;;)
- {
- SSL *ssl;
- int reconnected = 0;
-
- if (!quiet)
- {
- printf("ACCEPT\n");
- TTY_FLUSH();
- }
-
- if ((client_fd = accept(server_fd,
- (struct sockaddr *)&client_addr, &client_len)) < 0)
- {
- res = 1;
- break;
- }
-
- ssl = ssl_server_new(ssl_ctx, client_fd);
-
- /* now read (and display) whatever the client sends us */
- for (;;)
- {
- /* allow parallel reading of client and standard input */
- FD_ZERO(&read_set);
- FD_SET(client_fd, &read_set);
-
-#ifndef WIN32
- /* win32 doesn't like mixing up stdin and sockets */
- if (isatty(STDIN_FILENO))/* but only if we are in an active shell */
- {
- FD_SET(STDIN_FILENO, &read_set);
- }
-
- if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
- {
- uint8_t buf[1024];
-
- /* read standard input? */
- if (FD_ISSET(STDIN_FILENO, &read_set))
- {
- if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
- {
- res = SSL_ERROR_CONN_LOST;
- }
- else
- {
- /* small hack to check renegotiation */
- if (buf[0] == 'r' && (buf[1] == '\n' || buf[1] == '\r'))
- {
- res = ssl_renegotiate(ssl);
- }
- else /* write our ramblings to the client */
- {
- res = ssl_write(ssl, buf, strlen((char *)buf)+1);
- }
- }
- }
- else /* a socket read */
-#endif
- {
- /* keep reading until we get something interesting */
- uint8_t *read_buf;
-
- if ((res = ssl_read(ssl, &read_buf)) == SSL_OK)
- {
- /* are we in the middle of doing a handshake? */
- if (ssl_handshake_status(ssl) != SSL_OK)
- {
- reconnected = 0;
- }
- else if (!reconnected)
- {
- /* we are connected/reconnected */
- if (!quiet)
- {
- display_session_id(ssl);
- display_cipher(ssl);
- }
-
- reconnected = 1;
- }
- }
-
- if (res > SSL_OK) /* display our interesting output */
- {
- printf("%s", read_buf);
- TTY_FLUSH();
- }
- else if (res < SSL_OK && !quiet)
- {
- ssl_display_error(res);
- }
- }
-#ifndef WIN32
- }
-#endif
-
- if (res < SSL_OK)
- {
- if (!quiet)
- {
- printf("CONNECTION CLOSED\n");
- TTY_FLUSH();
- }
-
- break;
- }
- }
-
- /* client was disconnected or the handshake failed. */
- ssl_free(ssl);
- SOCKET_CLOSE(client_fd);
- }
-
- ssl_ctx_free(ssl_ctx);
-}
-
-/**
- * Implement the SSL client logic.
- */
-static void do_client(int argc, char *argv[])
-{
-#ifdef CONFIG_SSL_ENABLE_CLIENT
- int res, i = 2;
- uint16_t port = 4433;
- uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
- int client_fd;
- char *private_key_file = NULL;
- struct sockaddr_in client_addr;
- struct hostent *hostent;
- int reconnect = 0;
- uint32_t sin_addr;
- SSL_CTX *ssl_ctx;
- SSL *ssl = NULL;
- int quiet = 0;
- int cert_index = 0, ca_cert_index = 0;
- int cert_size, ca_cert_size;
- char **ca_cert, **cert;
- uint8_t session_id[SSL_SESSION_ID_SIZE];
- fd_set read_set;
- const char *password = NULL;
-
- FD_ZERO(&read_set);
- sin_addr = inet_addr("127.0.0.1");
- cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
- ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
- ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
- cert = (char **)calloc(1, sizeof(char *)*cert_size);
-
- while (i < argc)
- {
- if (strcmp(argv[i], "-connect") == 0)
- {
- char *host, *ptr;
-
- if (i >= argc-1)
- {
- print_client_options(argv[i]);
- }
-
- host = argv[++i];
- if ((ptr = strchr(host, ':')) == NULL)
- {
- print_client_options(argv[i]);
- }
-
- *ptr++ = 0;
- port = atoi(ptr);
- hostent = gethostbyname(host);
-
- if (hostent == NULL)
- {
- print_client_options(argv[i]);
- }
-
- sin_addr = *((uint32_t **)hostent->h_addr_list)[0];
- }
- else if (strcmp(argv[i], "-cert") == 0)
- {
- if (i >= argc-1 || cert_index >= cert_size)
- {
- print_client_options(argv[i]);
- }
-
- cert[cert_index++] = argv[++i];
- }
- else if (strcmp(argv[i], "-key") == 0)
- {
- if (i >= argc-1)
- {
- print_client_options(argv[i]);
- }
-
- private_key_file = argv[++i];
- options |= SSL_NO_DEFAULT_KEY;
- }
- else if (strcmp(argv[i], "-CAfile") == 0)
- {
- if (i >= argc-1 || ca_cert_index >= ca_cert_size)
- {
- print_client_options(argv[i]);
- }
-
- ca_cert[ca_cert_index++] = argv[++i];
- }
- else if (strcmp(argv[i], "-verify") == 0)
- {
- options &= ~SSL_SERVER_VERIFY_LATER;
- }
- else if (strcmp(argv[i], "-reconnect") == 0)
- {
- reconnect = 4;
- }
- else if (strcmp(argv[i], "-quiet") == 0)
- {
- quiet = 1;
- options &= ~SSL_DISPLAY_CERTS;
- }
- else if (strcmp(argv[i], "-pass") == 0)
- {
- if (i >= argc-1)
- {
- print_client_options(argv[i]);
- }
-
- password = argv[++i];
- }
-#ifdef CONFIG_SSL_FULL_MODE
- else if (strcmp(argv[i], "-debug") == 0)
- {
- options |= SSL_DISPLAY_BYTES;
- }
- else if (strcmp(argv[i], "-state") == 0)
- {
- options |= SSL_DISPLAY_STATES;
- }
- else if (strcmp(argv[i], "-show-rsa") == 0)
- {
- options |= SSL_DISPLAY_RSA;
- }
-#endif
- else /* don't know what this is */
- {
- print_client_options(argv[i]);
- }
-
- i++;
- }
-
- if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
- {
- fprintf(stderr, "Error: Client context is invalid\n");
- exit(1);
- }
-
- if (private_key_file)
- {
- int obj_type = SSL_OBJ_RSA_KEY;
-
- /* auto-detect the key type from the file extension */
- if (strstr(private_key_file, ".p8"))
- obj_type = SSL_OBJ_PKCS8;
- else if (strstr(private_key_file, ".p12"))
- obj_type = SSL_OBJ_PKCS12;
-
- if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
- {
- fprintf(stderr, "Error: Private key '%s' is undefined.\n",
- private_key_file);
- exit(1);
- }
- }
-
- for (i = 0; i < cert_index; i++)
- {
- if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
- {
- printf("Certificate '%s' is undefined.\n", cert[i]);
- exit(1);
- }
- }
-
- for (i = 0; i < ca_cert_index; i++)
- {
- if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
- {
- printf("Certificate '%s' is undefined.\n", ca_cert[i]);
- exit(1);
- }
- }
-
- free(cert);
- free(ca_cert);
-
- /*************************************************************************
- * This is where the interesting stuff happens. Up until now we've
- * just been setting up sockets etc. Now we do the SSL handshake.
- *************************************************************************/
- client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
- memset(&client_addr, 0, sizeof(client_addr));
- client_addr.sin_family = AF_INET;
- client_addr.sin_port = htons(port);
- client_addr.sin_addr.s_addr = sin_addr;
-
- if (connect(client_fd, (struct sockaddr *)&client_addr,
- sizeof(client_addr)) < 0)
- {
- perror("connect");
- exit(1);
- }
-
- if (!quiet)
- {
- printf("CONNECTED\n");
- TTY_FLUSH();
- }
-
- /* Try session resumption? */
- if (reconnect)
- {
- while (reconnect--)
- {
- ssl = ssl_client_new(ssl_ctx, client_fd, session_id,
- sizeof(session_id));
- if ((res = ssl_handshake_status(ssl)) != SSL_OK)
- {
- if (!quiet)
- {
- ssl_display_error(res);
- }
-
- ssl_free(ssl);
- exit(1);
- }
-
- display_session_id(ssl);
- memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
-
- if (reconnect)
- {
- ssl_free(ssl);
- SOCKET_CLOSE(client_fd);
-
- client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
- connect(client_fd, (struct sockaddr *)&client_addr,
- sizeof(client_addr));
- }
- }
- }
- else
- {
- ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0);
- }
-
- /* check the return status */
- if ((res = ssl_handshake_status(ssl)) != SSL_OK)
- {
- if (!quiet)
- {
- ssl_display_error(res);
- }
-
- exit(1);
- }
-
- if (!quiet)
- {
- const char *common_name = ssl_get_cert_dn(ssl,
- SSL_X509_CERT_COMMON_NAME);
- if (common_name)
- {
- printf("Common Name:\t\t\t%s\n", common_name);
- }
-
- display_session_id(ssl);
- display_cipher(ssl);
- }
-
- for (;;)
- {
- uint8_t buf[1024];
- res = SSL_OK;
-
- /* allow parallel reading of server and standard input */
- FD_SET(client_fd, &read_set);
-#ifndef WIN32
- /* win32 doesn't like mixing up stdin and sockets */
- FD_SET(STDIN_FILENO, &read_set);
-
- if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
- {
- /* read standard input? */
- if (FD_ISSET(STDIN_FILENO, &read_set))
-#endif
- {
- if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
- {
- /* bomb out of here */
- ssl_free(ssl);
- break;
- }
- else
- {
- /* small hack to check renegotiation */
- if (buf[0] == 'R' && (buf[1] == '\n' || buf[1] == '\r'))
- {
- res = ssl_renegotiate(ssl);
- }
- else
- {
- res = ssl_write(ssl, buf, strlen((char *)buf)+1);
- }
- }
- }
-#ifndef WIN32
- else /* a socket read */
- {
- uint8_t *read_buf;
-
- res = ssl_read(ssl, &read_buf);
-
- if (res > 0) /* display our interesting output */
- {
- printf("%s", read_buf);
- TTY_FLUSH();
- }
- }
- }
-#endif
-
- if (res < 0)
- {
- if (!quiet)
- {
- ssl_display_error(res);
- }
-
- break; /* get outta here */
- }
- }
-
- ssl_ctx_free(ssl_ctx);
- SOCKET_CLOSE(client_fd);
-#else
- print_client_options(argv[1]);
-#endif
-}
-
-/**
- * We've had some sort of command-line error. Print out the basic options.
- */
-static void print_options(char *option)
-{
- printf("axssl: Error: '%s' is an invalid command.\n", option);
- printf("usage: axssl [s_server|s_client|version] [args ...]\n");
- exit(1);
-}
-
-/**
- * We've had some sort of command-line error. Print out the server options.
- */
-static void print_server_options(char *option)
-{
-#ifndef CONFIG_SSL_SKELETON_MODE
- int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
-#endif
-#ifdef CONFIG_SSL_CERT_VERIFICATION
- int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
-#endif
-
- printf("unknown option %s\n", option);
- printf("usage: s_server [args ...]\n");
- printf(" -accept arg\t- port to accept on (default is 4433)\n");
-#ifndef CONFIG_SSL_SKELETON_MODE
- printf(" -cert arg\t- certificate file to add (in addition to default)"
- " to chain -\n"
- "\t\t Can repeat up to %d times\n", cert_size);
- printf(" -key arg\t- Private key file to use\n");
- printf(" -pass\t\t- private key file pass phrase source\n");
-#endif
- printf(" -quiet\t\t- No server output\n");
-#ifdef CONFIG_SSL_CERT_VERIFICATION
- printf(" -verify\t- turn on peer certificate verification\n");
- printf(" -CAfile arg\t- Certificate authority\n");
- printf("\t\t Can repeat up to %d times\n", ca_cert_size);
-#endif
-#ifdef CONFIG_SSL_FULL_MODE
- printf(" -debug\t\t- Print more output\n");
- printf(" -state\t\t- Show state messages\n");
- printf(" -show-rsa\t- Show RSA state\n");
-#endif
- exit(1);
-}
-
-/**
- * We've had some sort of command-line error. Print out the client options.
- */
-static void print_client_options(char *option)
-{
-#ifdef CONFIG_SSL_ENABLE_CLIENT
- int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
- int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
-#endif
-
- printf("unknown option %s\n", option);
-#ifdef CONFIG_SSL_ENABLE_CLIENT
- printf("usage: s_client [args ...]\n");
- printf(" -connect host:port - who to connect to (default "
- "is localhost:4433)\n");
- printf(" -verify\t- turn on peer certificate verification\n");
- printf(" -cert arg\t- certificate file to use\n");
- printf("\t\t Can repeat up to %d times\n", cert_size);
- printf(" -key arg\t- Private key file to use\n");
- printf(" -CAfile arg\t- Certificate authority\n");
- printf("\t\t Can repeat up to %d times\n", ca_cert_size);
- printf(" -quiet\t\t- No client output\n");
- printf(" -reconnect\t- Drop and re-make the connection "
- "with the same Session-ID\n");
- printf(" -pass\t\t- private key file pass phrase source\n");
-#ifdef CONFIG_SSL_FULL_MODE
- printf(" -debug\t\t- Print more output\n");
- printf(" -state\t\t- Show state messages\n");
- printf(" -show-rsa\t- Show RSA state\n");
-#endif
-#else
- printf("Change configuration to allow this feature\n");
-#endif
- exit(1);
-}
-
-/**
- * Display what cipher we are using
- */
-static void display_cipher(SSL *ssl)
-{
- printf("CIPHER is ");
- switch (ssl_get_cipher_id(ssl))
- {
- case SSL_AES128_SHA:
- printf("AES128-SHA");
- break;
-
- case SSL_AES256_SHA:
- printf("AES256-SHA");
- break;
-
- case SSL_RC4_128_SHA:
- printf("RC4-SHA");
- break;
-
- case SSL_RC4_128_MD5:
- printf("RC4-MD5");
- break;
-
- default:
- printf("Unknown - %d", ssl_get_cipher_id(ssl));
- break;
- }
-
- printf("\n");
- TTY_FLUSH();
-}
-
-/**
- * Display what session id we have.
- */
-static void display_session_id(SSL *ssl)
-{
- int i;
- const uint8_t *session_id = ssl_get_session_id(ssl);
- int sess_id_size = ssl_get_session_id_size(ssl);
-
- if (sess_id_size > 0)
- {
- printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
- for (i = 0; i < sess_id_size; i++)
- {
- printf("%02x", session_id[i]);
- }
-
- printf("\n-----END SSL SESSION PARAMETERS-----\n");
- TTY_FLUSH();
- }
-}
diff --git a/libs/nixio/axTLS/samples/csharp/Makefile b/libs/nixio/axTLS/samples/csharp/Makefile
deleted file mode 100644
index 46c2421dce..0000000000
--- a/libs/nixio/axTLS/samples/csharp/Makefile
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# Copyright (c) 2007, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-include ../../config/makefile.dotnet.conf
-
-all : sample
-TARGET=../../$(STAGE)/axssl.csharp.exe
-sample : $(TARGET)
-
-$(TARGET): ../../bindings/csharp/axTLS.cs ../../bindings/csharp/axInterface.cs axssl.cs
-ifdef GO_DOT_NET
- csc.exe /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`")
-else # use mono to build
- mcs -out:$@ $^
-
-endif # ARCH
-
-clean::
- -@rm -f $(TARGET)
diff --git a/libs/nixio/axTLS/samples/csharp/axssl.cs b/libs/nixio/axTLS/samples/csharp/axssl.cs
deleted file mode 100644
index dae2b8a41f..0000000000
--- a/libs/nixio/axTLS/samples/csharp/axssl.cs
+++ /dev/null
@@ -1,758 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Demonstrate the use of the axTLS library in C# with a set of
- * command-line parameters similar to openssl. In fact, openssl clients
- * should be able to communicate with axTLS servers and visa-versa.
- *
- * This code has various bits enabled depending on the configuration. To enable
- * the most interesting version, compile with the 'full mode' enabled.
- *
- * To see what options you have, run the following:
- * > axssl.csharp.exe s_server -?
- * > axssl.csharp.exe s_client -?
- *
- * The axtls shared library must be in the same directory or be found
- * by the OS.
- */
-
-using System;
-using System.Net;
-using System.Net.Sockets;
-using axTLS;
-
-public class axssl
-{
- /*
- * Main()
- */
- public static void Main(string[] args)
- {
- if (args.Length == 1 && args[0] == "version")
- {
- Console.WriteLine("axssl.csharp " + SSLUtil.Version());
- Environment.Exit(0);
- }
-
- axssl runner = new axssl();
-
- if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
- runner.print_options(args.Length > 0 ? args[0] : "");
-
- int build_mode = SSLUtil.BuildMode();
-
- if (args[0] == "s_server")
- runner.do_server(build_mode, args);
- else
- runner.do_client(build_mode, args);
- }
-
- /*
- * do_server()
- */
- private void do_server(int build_mode, string[] args)
- {
- int i = 1;
- int port = 4433;
- uint options = axtls.SSL_DISPLAY_CERTS;
- bool quiet = false;
- string password = null;
- string private_key_file = null;
-
- /* organise the cert/ca_cert lists */
- int cert_size = SSLUtil.MaxCerts();
- int ca_cert_size = SSLUtil.MaxCACerts();
- string[] cert = new string[cert_size];
- string[] ca_cert = new string[ca_cert_size];
- int cert_index = 0;
- int ca_cert_index = 0;
-
- while (i < args.Length)
- {
- if (args[i] == "-accept")
- {
- if (i >= args.Length-1)
- {
- print_server_options(build_mode, args[i]);
- }
-
- port = Int32.Parse(args[++i]);
- }
- else if (args[i] == "-quiet")
- {
- quiet = true;
- options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
- }
- else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
- {
- if (args[i] == "-cert")
- {
- if (i >= args.Length-1 || cert_index >= cert_size)
- {
- print_server_options(build_mode, args[i]);
- }
-
- cert[cert_index++] = args[++i];
- }
- else if (args[i] == "-key")
- {
- if (i >= args.Length-1)
- {
- print_server_options(build_mode, args[i]);
- }
-
- private_key_file = args[++i];
- options |= axtls.SSL_NO_DEFAULT_KEY;
- }
- else if (args[i] == "-pass")
- {
- if (i >= args.Length-1)
- {
- print_server_options(build_mode, args[i]);
- }
-
- password = args[++i];
- }
- else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
- {
- if (args[i] == "-verify")
- {
- options |= axtls.SSL_CLIENT_AUTHENTICATION;
- }
- else if (args[i] == "-CAfile")
- {
- if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
- {
- print_server_options(build_mode, args[i]);
- }
-
- ca_cert[ca_cert_index++] = args[++i];
- }
- else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
- {
- if (args[i] == "-debug")
- {
- options |= axtls.SSL_DISPLAY_BYTES;
- }
- else if (args[i] == "-state")
- {
- options |= axtls.SSL_DISPLAY_STATES;
- }
- else if (args[i] == "-show-rsa")
- {
- options |= axtls.SSL_DISPLAY_RSA;
- }
- else
- print_server_options(build_mode, args[i]);
- }
- else
- print_server_options(build_mode, args[i]);
- }
- else
- print_server_options(build_mode, args[i]);
- }
- else
- print_server_options(build_mode, args[i]);
-
- i++;
- }
-
- /* Create socket for incoming connections */
- IPEndPoint ep = new IPEndPoint(IPAddress.Any, port);
- TcpListener server_sock = new TcpListener(ep);
- server_sock.Start();
-
- /**********************************************************************
- * This is where the interesting stuff happens. Up until now we've
- * just been setting up sockets etc. Now we do the SSL handshake.
- **********************************************************************/
- SSLServer ssl_ctx = new SSLServer(
- options, axtls.SSL_DEFAULT_SVR_SESS);
-
- if (ssl_ctx == null)
- {
- Console.Error.WriteLine("Error: Server context is invalid");
- Environment.Exit(1);
- }
-
- if (private_key_file != null)
- {
- int obj_type = axtls.SSL_OBJ_RSA_KEY;
-
- if (private_key_file.EndsWith(".p8"))
- obj_type = axtls.SSL_OBJ_PKCS8;
- else if (private_key_file.EndsWith(".p12"))
- obj_type = axtls.SSL_OBJ_PKCS12;
-
- if (ssl_ctx.ObjLoad(obj_type,
- private_key_file, password) != axtls.SSL_OK)
- {
- Console.Error.WriteLine("Private key '" + private_key_file +
- "' is undefined.");
- Environment.Exit(1);
- }
- }
-
- for (i = 0; i < cert_index; i++)
- {
- if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT,
- cert[i], null) != axtls.SSL_OK)
- {
- Console.WriteLine("Certificate '" + cert[i] +
- "' is undefined.");
- Environment.Exit(1);
- }
- }
-
- for (i = 0; i < ca_cert_index; i++)
- {
- if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT,
- ca_cert[i], null) != axtls.SSL_OK)
- {
- Console.WriteLine("Certificate '" + cert[i] +
- "' is undefined.");
- Environment.Exit(1);
- }
- }
-
- byte[] buf = null;
- int res;
-
- for (;;)
- {
- if (!quiet)
- {
- Console.WriteLine("ACCEPT");
- }
-
- Socket client_sock = server_sock.AcceptSocket();
-
- SSL ssl = ssl_ctx.Connect(client_sock);
-
- /* do the actual SSL handshake */
- while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
- {
- /* check when the connection has been established */
- if (ssl.HandshakeStatus() == axtls.SSL_OK)
- break;
-
- /* could do something else here */
- }
-
- if (res == axtls.SSL_OK) /* connection established and ok */
- {
- if (!quiet)
- {
- display_session_id(ssl);
- display_cipher(ssl);
- }
-
- /* now read (and display) whatever the client sends us */
- for (;;)
- {
- /* keep reading until we get something interesting */
- while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
- {
- /* could do something else here */
- }
-
- if (res < axtls.SSL_OK)
- {
- if (!quiet)
- {
- Console.WriteLine("CONNECTION CLOSED");
- }
-
- break;
- }
-
- /* convert to string */
- char[] str = new char[res];
- for (i = 0; i < res; i++)
- {
- str[i] = (char)buf[i];
- }
-
- Console.Write(str);
- }
- }
- else if (!quiet)
- {
- SSLUtil.DisplayError(res);
- }
-
- /* client was disconnected or the handshake failed. */
- ssl.Dispose();
- client_sock.Close();
- }
-
- /* ssl_ctx.Dispose(); */
- }
-
- /*
- * do_client()
- */
- private void do_client(int build_mode, string[] args)
- {
- if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT)
- {
- print_client_options(build_mode, args[1]);
- }
-
- int i = 1, res;
- int port = 4433;
- bool quiet = false;
- string password = null;
- int reconnect = 0;
- string private_key_file = null;
- string hostname = "127.0.0.1";
-
- /* organise the cert/ca_cert lists */
- int cert_index = 0;
- int ca_cert_index = 0;
- int cert_size = SSLUtil.MaxCerts();
- int ca_cert_size = SSLUtil.MaxCACerts();
- string[] cert = new string[cert_size];
- string[] ca_cert = new string[ca_cert_size];
-
- uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS;
- byte[] session_id = null;
-
- while (i < args.Length)
- {
- if (args[i] == "-connect")
- {
- string host_port;
-
- if (i >= args.Length-1)
- {
- print_client_options(build_mode, args[i]);
- }
-
- host_port = args[++i];
- int index_colon;
-
- if ((index_colon = host_port.IndexOf(':')) < 0)
- print_client_options(build_mode, args[i]);
-
- hostname = new string(host_port.ToCharArray(),
- 0, index_colon);
- port = Int32.Parse(new String(host_port.ToCharArray(),
- index_colon+1, host_port.Length-index_colon-1));
- }
- else if (args[i] == "-cert")
- {
- if (i >= args.Length-1 || cert_index >= cert_size)
- {
- print_client_options(build_mode, args[i]);
- }
-
- cert[cert_index++] = args[++i];
- }
- else if (args[i] == "-key")
- {
- if (i >= args.Length-1)
- {
- print_client_options(build_mode, args[i]);
- }
-
- private_key_file = args[++i];
- options |= axtls.SSL_NO_DEFAULT_KEY;
- }
- else if (args[i] == "-CAfile")
- {
- if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
- {
- print_client_options(build_mode, args[i]);
- }
-
- ca_cert[ca_cert_index++] = args[++i];
- }
- else if (args[i] == "-verify")
- {
- options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER;
- }
- else if (args[i] == "-reconnect")
- {
- reconnect = 4;
- }
- else if (args[i] == "-quiet")
- {
- quiet = true;
- options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
- }
- else if (args[i] == "-pass")
- {
- if (i >= args.Length-1)
- {
- print_client_options(build_mode, args[i]);
- }
-
- password = args[++i];
- }
- else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
- {
- if (args[i] == "-debug")
- {
- options |= axtls.SSL_DISPLAY_BYTES;
- }
- else if (args[i] == "-state")
- {
- options |= axtls.SSL_DISPLAY_STATES;
- }
- else if (args[i] == "-show-rsa")
- {
- options |= axtls.SSL_DISPLAY_RSA;
- }
- else
- print_client_options(build_mode, args[i]);
- }
- else /* don't know what this is */
- print_client_options(build_mode, args[i]);
-
- i++;
- }
-
- // IPHostEntry hostInfo = Dns.Resolve(hostname);
- IPHostEntry hostInfo = Dns.GetHostEntry(hostname);
- IPAddress[] addresses = hostInfo.AddressList;
- IPEndPoint ep = new IPEndPoint(addresses[0], port);
- Socket client_sock = new Socket(AddressFamily.InterNetwork,
- SocketType.Stream, ProtocolType.Tcp);
- client_sock.Connect(ep);
-
- if (!client_sock.Connected)
- {
- Console.WriteLine("could not connect");
- Environment.Exit(1);
- }
-
- if (!quiet)
- {
- Console.WriteLine("CONNECTED");
- }
-
- /**********************************************************************
- * This is where the interesting stuff happens. Up until now we've
- * just been setting up sockets etc. Now we do the SSL handshake.
- **********************************************************************/
- SSLClient ssl_ctx = new SSLClient(options,
- axtls.SSL_DEFAULT_CLNT_SESS);
-
- if (ssl_ctx == null)
- {
- Console.Error.WriteLine("Error: Client context is invalid");
- Environment.Exit(1);
- }
-
- if (private_key_file != null)
- {
- int obj_type = axtls.SSL_OBJ_RSA_KEY;
-
- if (private_key_file.EndsWith(".p8"))
- obj_type = axtls.SSL_OBJ_PKCS8;
- else if (private_key_file.EndsWith(".p12"))
- obj_type = axtls.SSL_OBJ_PKCS12;
-
- if (ssl_ctx.ObjLoad(obj_type,
- private_key_file, password) != axtls.SSL_OK)
- {
- Console.Error.WriteLine("Private key '" + private_key_file +
- "' is undefined.");
- Environment.Exit(1);
- }
- }
-
- for (i = 0; i < cert_index; i++)
- {
- if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT,
- cert[i], null) != axtls.SSL_OK)
- {
- Console.WriteLine("Certificate '" + cert[i] +
- "' is undefined.");
- Environment.Exit(1);
- }
- }
-
- for (i = 0; i < ca_cert_index; i++)
- {
- if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT,
- ca_cert[i], null) != axtls.SSL_OK)
- {
- Console.WriteLine("Certificate '" + cert[i] +
- "' is undefined.");
- Environment.Exit(1);
- }
- }
-
- SSL ssl = new SSL(new IntPtr(0)); /* keep compiler happy */
-
- /* Try session resumption? */
- if (reconnect > 0)
- {
- while (reconnect-- > 0)
- {
- ssl = ssl_ctx.Connect(client_sock, session_id);
-
- if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
- {
- if (!quiet)
- {
- SSLUtil.DisplayError(res);
- }
-
- ssl.Dispose();
- Environment.Exit(1);
- }
-
- display_session_id(ssl);
- session_id = ssl.GetSessionId();
-
- if (reconnect > 0)
- {
- ssl.Dispose();
- client_sock.Close();
-
- /* and reconnect */
- client_sock = new Socket(AddressFamily.InterNetwork,
- SocketType.Stream, ProtocolType.Tcp);
- client_sock.Connect(ep);
- }
- }
- }
- else
- {
- ssl = ssl_ctx.Connect(client_sock, null);
- }
-
- /* check the return status */
- if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
- {
- if (!quiet)
- {
- SSLUtil.DisplayError(res);
- }
-
- Environment.Exit(1);
- }
-
- if (!quiet)
- {
- string common_name =
- ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME);
-
- if (common_name != null)
- {
- Console.WriteLine("Common Name:\t\t\t" + common_name);
- }
-
- display_session_id(ssl);
- display_cipher(ssl);
- }
-
- for (;;)
- {
- string user_input = Console.ReadLine();
-
- if (user_input == null)
- break;
-
- byte[] buf = new byte[user_input.Length+2];
- buf[buf.Length-2] = (byte)'\n'; /* add the carriage return */
- buf[buf.Length-1] = 0; /* null terminate */
-
- for (i = 0; i < buf.Length-2; i++)
- {
- buf[i] = (byte)user_input[i];
- }
-
- if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK)
- {
- if (!quiet)
- {
- SSLUtil.DisplayError(res);
- }
-
- break;
- }
- }
-
- ssl_ctx.Dispose();
- }
-
- /**
- * We've had some sort of command-line error. Print out the basic options.
- */
- private void print_options(string option)
- {
- Console.WriteLine("axssl: Error: '" + option +
- "' is an invalid command.");
- Console.WriteLine("usage: axssl.csharp [s_server|" +
- "s_client|version] [args ...]");
- Environment.Exit(1);
- }
-
- /**
- * We've had some sort of command-line error. Print out the server options.
- */
- private void print_server_options(int build_mode, string option)
- {
- int cert_size = SSLUtil.MaxCerts();
- int ca_cert_size = SSLUtil.MaxCACerts();
-
- Console.WriteLine("unknown option " + option);
- Console.WriteLine("usage: s_server [args ...]");
- Console.WriteLine(" -accept arg\t- port to accept on (default " +
- "is 4433)");
- Console.WriteLine(" -quiet\t\t- No server output");
-
- if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
- {
- Console.WriteLine(" -cert arg\t- certificate file to add (in " +
- "addition to default) to chain -");
- Console.WriteLine("\t\t Can repeat up to " + cert_size + " times");
- Console.WriteLine(" -key arg\t- Private key file to use");
- Console.WriteLine(" -pass\t\t- private key file pass phrase source");
- }
-
- if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
- {
- Console.WriteLine(" -verify\t- turn on peer certificate " +
- "verification");
- Console.WriteLine(" -CAfile arg\t- Certificate authority.");
- Console.WriteLine("\t\t Can repeat up to " +
- ca_cert_size + "times");
- }
-
- if (build_mode == axtls.SSL_BUILD_FULL_MODE)
- {
- Console.WriteLine(" -debug\t\t- Print more output");
- Console.WriteLine(" -state\t\t- Show state messages");
- Console.WriteLine(" -show-rsa\t- Show RSA state");
- }
-
- Environment.Exit(1);
- }
-
- /**
- * We've had some sort of command-line error. Print out the client options.
- */
- private void print_client_options(int build_mode, string option)
- {
- int cert_size = SSLUtil.MaxCerts();
- int ca_cert_size = SSLUtil.MaxCACerts();
-
- Console.WriteLine("unknown option " + option);
-
- if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT)
- {
- Console.WriteLine("usage: s_client [args ...]");
- Console.WriteLine(" -connect host:port - who to connect to " +
- "(default is localhost:4433)");
- Console.WriteLine(" -verify\t- turn on peer certificate " +
- "verification");
- Console.WriteLine(" -cert arg\t- certificate file to use");
- Console.WriteLine("\t\t Can repeat up to %d times", cert_size);
- Console.WriteLine(" -key arg\t- Private key file to use");
- Console.WriteLine(" -CAfile arg\t- Certificate authority.");
- Console.WriteLine("\t\t Can repeat up to " + ca_cert_size +
- " times");
- Console.WriteLine(" -quiet\t\t- No client output");
- Console.WriteLine(" -pass\t\t- private key file pass " +
- "phrase source");
- Console.WriteLine(" -reconnect\t- Drop and re-make the " +
- "connection with the same Session-ID");
-
- if (build_mode == axtls.SSL_BUILD_FULL_MODE)
- {
- Console.WriteLine(" -debug\t\t- Print more output");
- Console.WriteLine(" -state\t\t- Show state messages");
- Console.WriteLine(" -show-rsa\t- Show RSA state");
- }
- }
- else
- {
- Console.WriteLine("Change configuration to allow this feature");
- }
-
- Environment.Exit(1);
- }
-
- /**
- * Display what cipher we are using
- */
- private void display_cipher(SSL ssl)
- {
- Console.Write("CIPHER is ");
-
- switch (ssl.GetCipherId())
- {
- case axtls.SSL_AES128_SHA:
- Console.WriteLine("AES128-SHA");
- break;
-
- case axtls.SSL_AES256_SHA:
- Console.WriteLine("AES256-SHA");
- break;
-
- case axtls.SSL_RC4_128_SHA:
- Console.WriteLine("RC4-SHA");
- break;
-
- case axtls.SSL_RC4_128_MD5:
- Console.WriteLine("RC4-MD5");
- break;
-
- default:
- Console.WriteLine("Unknown - " + ssl.GetCipherId());
- break;
- }
- }
-
- /**
- * Display what session id we have.
- */
- private void display_session_id(SSL ssl)
- {
- byte[] session_id = ssl.GetSessionId();
-
- if (session_id.Length > 0)
- {
- Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
- foreach (byte b in session_id)
- {
- Console.Write("{0:x02}", b);
- }
-
- Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
- }
- }
-}
diff --git a/libs/nixio/axTLS/samples/java/Makefile b/libs/nixio/axTLS/samples/java/Makefile
deleted file mode 100644
index b10a79f372..0000000000
--- a/libs/nixio/axTLS/samples/java/Makefile
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# Copyright (c) 2007, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-include ../../config/makefile.java.conf
-
-all : sample
-JAR=../../$(STAGE)/axtls.jar
-CLASSES=../../bindings/java/classes
-sample : $(JAR)
-
-$(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class)
- jar mcvf manifest.mf $@ -C $(CLASSES) axTLSj -C $(CLASSES) axssl.class
-
-JAVA_FILES=axssl.java
-JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class)
-
-$(CLASSES)/%.class : %.java
- javac -d $(CLASSES) -classpath $(CLASSES) $^
-
-clean::
- -@rm -f $(TARGET)
-
diff --git a/libs/nixio/axTLS/samples/java/axssl.java b/libs/nixio/axTLS/samples/java/axssl.java
deleted file mode 100644
index 2057f29662..0000000000
--- a/libs/nixio/axTLS/samples/java/axssl.java
+++ /dev/null
@@ -1,760 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Demonstrate the use of the axTLS library in Java with a set of
- * command-line parameters similar to openssl. In fact, openssl clients
- * should be able to communicate with axTLS servers and visa-versa. *
- * This code has various bits enabled depending on the configuration. To enable
- * the most interesting version, compile with the 'full mode' enabled.
- *
- * To see what options you have, run the following:
- * > java -jar axtls.jar s_server -?
- * > java -jar axtls.jar s_client -?
- *
- * The axtls/axtlsj shared libraries must be in the same directory or be found
- * by the OS.
- */
-
-import java.io.*;
-import java.util.*;
-import java.net.*;
-import axTLSj.*;
-
-public class axssl
-{
- /*
- * Main()
- */
- public static void main(String[] args)
- {
- if (args.length == 1 && args[0].equals("version"))
- {
- System.out.println("axtls.jar " + SSLUtil.version());
- System.exit(0);
- }
-
- axssl runner = new axssl();
-
- try
- {
- if (args.length < 1 ||
- (!args[0].equals("s_server") &&
- !args[0].equals("s_client")))
- {
- runner.print_options(args.length > 0 ? args[0] : "");
- }
-
- int build_mode = SSLUtil.buildMode();
-
- if (args[0].equals("s_server"))
- runner.do_server(build_mode, args);
- else
- runner.do_client(build_mode, args);
- }
- catch (Exception e)
- {
- System.out.println(e);
- }
- }
-
- /*
- * do_server()
- */
- private void do_server(int build_mode, String[] args)
- throws Exception
- {
- int i = 1;
- int port = 4433;
- int options = axtlsj.SSL_DISPLAY_CERTS;
- boolean quiet = false;
- String password = null;
- String private_key_file = null;
-
- /* organise the cert/ca_cert lists */
- int cert_size = SSLUtil.maxCerts();
- int ca_cert_size = SSLUtil.maxCACerts();
- String[] cert = new String[cert_size];
- String[] ca_cert = new String[ca_cert_size];
- int cert_index = 0;
- int ca_cert_index = 0;
-
- while (i < args.length)
- {
- if (args[i].equals("-accept"))
- {
- if (i >= args.length-1)
- {
- print_server_options(build_mode, args[i]);
- }
-
- port = Integer.parseInt(args[++i]);
- }
- else if (args[i].equals("-quiet"))
- {
- quiet = true;
- options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
- }
- else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
- {
- if (args[i].equals("-cert"))
- {
- if (i >= args.length-1 || cert_index >= cert_size)
- {
- print_server_options(build_mode, args[i]);
- }
-
- cert[cert_index++] = args[++i];
- }
- else if (args[i].equals("-key"))
- {
- if (i >= args.length-1)
- {
- print_server_options(build_mode, args[i]);
- }
-
- private_key_file = args[++i];
- options |= axtlsj.SSL_NO_DEFAULT_KEY;
- }
- else if (args[i].equals("-pass"))
- {
- if (i >= args.length-1)
- {
- print_server_options(build_mode, args[i]);
- }
-
- password = args[++i];
- }
- else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
- {
- if (args[i].equals("-verify"))
- {
- options |= axtlsj.SSL_CLIENT_AUTHENTICATION;
- }
- else if (args[i].equals("-CAfile"))
- {
- if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
- {
- print_server_options(build_mode, args[i]);
- }
-
- ca_cert[ca_cert_index++] = args[++i];
- }
- else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
- {
- if (args[i].equals("-debug"))
- {
- options |= axtlsj.SSL_DISPLAY_BYTES;
- }
- else if (args[i].equals("-state"))
- {
- options |= axtlsj.SSL_DISPLAY_STATES;
- }
- else if (args[i].equals("-show-rsa"))
- {
- options |= axtlsj.SSL_DISPLAY_RSA;
- }
- else
- print_server_options(build_mode, args[i]);
- }
- else
- print_server_options(build_mode, args[i]);
- }
- else
- print_server_options(build_mode, args[i]);
- }
- else
- print_server_options(build_mode, args[i]);
-
- i++;
- }
-
- /* Create socket for incoming connections */
- ServerSocket server_sock = new ServerSocket(port);
-
- /**********************************************************************
- * This is where the interesting stuff happens. Up until now we've
- * just been setting up sockets etc. Now we do the SSL handshake.
- **********************************************************************/
- SSLServer ssl_ctx = new SSLServer(options,
- axtlsj.SSL_DEFAULT_SVR_SESS);
-
- if (ssl_ctx == null)
- throw new Exception("Error: Server context is invalid");
-
- if (private_key_file != null)
- {
- int obj_type = axtlsj.SSL_OBJ_RSA_KEY;
-
- if (private_key_file.endsWith(".p8"))
- obj_type = axtlsj.SSL_OBJ_PKCS8;
- else if (private_key_file.endsWith(".p12"))
- obj_type = axtlsj.SSL_OBJ_PKCS12;
-
- if (ssl_ctx.objLoad(obj_type,
- private_key_file, password) != axtlsj.SSL_OK)
- {
- throw new Exception("Error: Private key '" + private_key_file +
- "' is undefined.");
- }
- }
-
- for (i = 0; i < cert_index; i++)
- {
- if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT,
- cert[i], null) != axtlsj.SSL_OK)
- {
- throw new Exception("Certificate '" + cert[i] +
- "' is undefined.");
- }
- }
-
- for (i = 0; i < ca_cert_index; i++)
- {
- if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT,
- ca_cert[i], null) != axtlsj.SSL_OK)
- {
- throw new Exception("Certificate '" + ca_cert[i] +
- "' is undefined.");
- }
- }
-
- int res;
- SSLReadHolder rh = new SSLReadHolder();
-
- for (;;)
- {
- if (!quiet)
- {
- System.out.println("ACCEPT");
- }
-
- Socket client_sock = server_sock.accept();
-
- SSL ssl = ssl_ctx.connect(client_sock);
-
- while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
- {
- /* check when the connection has been established */
- if (ssl.handshakeStatus() == axtlsj.SSL_OK)
- break;
-
- /* could do something else here */
- }
-
- if (res == axtlsj.SSL_OK) /* connection established and ok */
- {
- if (!quiet)
- {
- display_session_id(ssl);
- display_cipher(ssl);
- }
-
- /* now read (and display) whatever the client sends us */
- for (;;)
- {
- /* keep reading until we get something interesting */
- while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
- {
- /* could do something else here */
- }
-
- if (res < axtlsj.SSL_OK)
- {
- if (!quiet)
- {
- System.out.println("CONNECTION CLOSED");
- }
-
- break;
- }
-
- /* convert to String */
- byte[] buf = rh.getData();
- char[] str = new char[res];
-
- for (i = 0; i < res; i++)
- {
- str[i] = (char)buf[i];
- }
-
- System.out.print(str);
- }
- }
- else if (!quiet)
- {
- SSLUtil.displayError(res);
- }
-
- /* client was disconnected or the handshake failed. */
- ssl.dispose();
- client_sock.close();
- }
-
- /* ssl_ctx.dispose(); */
- }
-
- /*
- * do_client()
- */
- private void do_client(int build_mode, String[] args)
- throws Exception
- {
- if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
- print_client_options(build_mode, args[1]);
-
- int i = 1, res;
- int port = 4433;
- boolean quiet = false;
- String password = null;
- int reconnect = 0;
- String private_key_file = null;
- String hostname = "127.0.0.1";
-
- /* organise the cert/ca_cert lists */
- int cert_index = 0;
- int ca_cert_index = 0;
- int cert_size = SSLUtil.maxCerts();
- int ca_cert_size = SSLUtil.maxCACerts();
- String[] cert = new String[cert_size];
- String[] ca_cert = new String[ca_cert_size];
-
- int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS;
- byte[] session_id = null;
-
- while (i < args.length)
- {
- if (args[i].equals("-connect"))
- {
- String host_port;
-
- if (i >= args.length-1)
- {
- print_client_options(build_mode, args[i]);
- }
-
- host_port = args[++i];
- int index_colon;
-
- if ((index_colon = host_port.indexOf(':')) < 0)
- print_client_options(build_mode, args[i]);
-
- hostname = new String(host_port.toCharArray(),
- 0, index_colon);
- port = Integer.parseInt(new String(host_port.toCharArray(),
- index_colon+1, host_port.length()-index_colon-1));
- }
- else if (args[i].equals("-cert"))
- {
- if (i >= args.length-1 || cert_index >= cert_size)
- {
- print_client_options(build_mode, args[i]);
- }
-
- cert[cert_index++] = args[++i];
- }
- else if (args[i].equals("-CAfile"))
- {
- if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
- {
- print_client_options(build_mode, args[i]);
- }
-
- ca_cert[ca_cert_index++] = args[++i];
- }
- else if (args[i].equals("-key"))
- {
- if (i >= args.length-1)
- {
- print_client_options(build_mode, args[i]);
- }
-
- private_key_file = args[++i];
- options |= axtlsj.SSL_NO_DEFAULT_KEY;
- }
- else if (args[i].equals("-verify"))
- {
- options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER;
- }
- else if (args[i].equals("-reconnect"))
- {
- reconnect = 4;
- }
- else if (args[i].equals("-quiet"))
- {
- quiet = true;
- options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
- }
- else if (args[i].equals("-pass"))
- {
- if (i >= args.length-1)
- {
- print_server_options(build_mode, args[i]);
- }
-
- password = args[++i];
- }
- else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
- {
- if (args[i].equals("-debug"))
- {
- options |= axtlsj.SSL_DISPLAY_BYTES;
- }
- else if (args[i].equals("-state"))
- {
- options |= axtlsj.SSL_DISPLAY_STATES;
- }
- else if (args[i].equals("-show-rsa"))
- {
- options |= axtlsj.SSL_DISPLAY_RSA;
- }
- else
- print_client_options(build_mode, args[i]);
- }
- else /* don't know what this is */
- print_client_options(build_mode, args[i]);
-
- i++;
- }
-
- Socket client_sock = new Socket(hostname, port);
-
- if (!client_sock.isConnected())
- {
- System.out.println("could not connect");
- throw new Exception();
- }
-
- if (!quiet)
- {
- System.out.println("CONNECTED");
- }
-
- /**********************************************************************
- * This is where the interesting stuff happens. Up until now we've
- * just been setting up sockets etc. Now we do the SSL handshake.
- **********************************************************************/
- SSLClient ssl_ctx = new SSLClient(options,
- axtlsj.SSL_DEFAULT_CLNT_SESS);
-
- if (ssl_ctx == null)
- {
- throw new Exception("Error: Client context is invalid");
- }
-
- if (private_key_file != null)
- {
- int obj_type = axtlsj.SSL_OBJ_RSA_KEY;
-
- if (private_key_file.endsWith(".p8"))
- obj_type = axtlsj.SSL_OBJ_PKCS8;
- else if (private_key_file.endsWith(".p12"))
- obj_type = axtlsj.SSL_OBJ_PKCS12;
-
- if (ssl_ctx.objLoad(obj_type,
- private_key_file, password) != axtlsj.SSL_OK)
- {
- throw new Exception("Error: Private key '" + private_key_file +
- "' is undefined.");
- }
- }
-
- for (i = 0; i < cert_index; i++)
- {
- if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT,
- cert[i], null) != axtlsj.SSL_OK)
- {
- throw new Exception("Certificate '" + cert[i] +
- "' is undefined.");
- }
- }
-
- for (i = 0; i < ca_cert_index; i++)
- {
- if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT,
- ca_cert[i], null) != axtlsj.SSL_OK)
- {
- throw new Exception("Certificate '" + ca_cert[i] +
- "' is undefined.");
- }
- }
-
- SSL ssl = null;
-
- /* Try session resumption? */
- if (reconnect > 0)
- {
- while (reconnect-- > 0)
- {
- ssl = ssl_ctx.connect(client_sock, session_id);
-
- if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
- {
- if (!quiet)
- {
- SSLUtil.displayError(res);
- }
-
- ssl.dispose();
- throw new Exception();
- }
-
- display_session_id(ssl);
- session_id = ssl.getSessionId();
-
- if (reconnect > 0)
- {
- ssl.dispose();
- client_sock.close();
-
- /* and reconnect */
- client_sock = new Socket(hostname, port);
- }
- }
- }
- else
- {
- ssl = ssl_ctx.connect(client_sock, null);
- }
-
- /* check the return status */
- if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
- {
- if (!quiet)
- {
- SSLUtil.displayError(res);
- }
-
- throw new Exception();
- }
-
- if (!quiet)
- {
- String common_name =
- ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME);
-
- if (common_name != null)
- {
- System.out.println("Common Name:\t\t\t" + common_name);
- }
-
- display_session_id(ssl);
- display_cipher(ssl);
- }
-
- BufferedReader in = new BufferedReader(
- new InputStreamReader(System.in));
-
- for (;;)
- {
- String user_input = in.readLine();
-
- if (user_input == null)
- break;
-
- byte[] buf = new byte[user_input.length()+2];
- buf[buf.length-2] = (byte)'\n'; /* add the carriage return */
- buf[buf.length-1] = 0; /* null terminate */
-
- for (i = 0; i < buf.length-2; i++)
- {
- buf[i] = (byte)user_input.charAt(i);
- }
-
- if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK)
- {
- if (!quiet)
- {
- SSLUtil.displayError(res);
- }
-
- break;
- }
- }
-
- ssl_ctx.dispose();
- }
-
- /**
- * We've had some sort of command-line error. Print out the basic options.
- */
- private void print_options(String option)
- {
- System.out.println("axssl: Error: '" + option +
- "' is an invalid command.");
- System.out.println("usage: axtlsj.jar [s_server|s_client|version] " +
- "[args ...]");
- System.exit(1);
- }
-
- /**
- * We've had some sort of command-line error. Print out the server options.
- */
- private void print_server_options(int build_mode, String option)
- {
- int cert_size = SSLUtil.maxCerts();
- int ca_cert_size = SSLUtil.maxCACerts();
-
- System.out.println("unknown option " + option);
- System.out.println("usage: s_server [args ...]");
- System.out.println(" -accept arg\t- port to accept on (default " +
- "is 4433)");
- System.out.println(" -quiet\t\t- No server output");
-
- if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
- {
- System.out.println(" -cert arg\t- certificate file to add (in " +
- "addition to default) to chain -");
- System.out.println("\t\t Can repeat up to " + cert_size + " times");
- System.out.println(" -key arg\t- Private key file to use");
- System.out.println(" -pass\t\t- private key file pass phrase source");
- }
-
- if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
- {
- System.out.println(" -verify\t- turn on peer certificate " +
- "verification");
- System.out.println(" -CAfile arg\t- Certificate authority. ");
- System.out.println("\t\t Can repeat up to " +
- ca_cert_size + " times");
- }
-
- if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
- {
- System.out.println(" -debug\t\t- Print more output");
- System.out.println(" -state\t\t- Show state messages");
- System.out.println(" -show-rsa\t- Show RSA state");
- }
-
- System.exit(1);
- }
-
- /**
- * We've had some sort of command-line error. Print out the client options.
- */
- private void print_client_options(int build_mode, String option)
- {
- int cert_size = SSLUtil.maxCerts();
- int ca_cert_size = SSLUtil.maxCACerts();
-
- System.out.println("unknown option " + option);
-
- if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT)
- {
- System.out.println("usage: s_client [args ...]");
- System.out.println(" -connect host:port - who to connect to " +
- "(default is localhost:4433)");
- System.out.println(" -verify\t- turn on peer certificate " +
- "verification");
- System.out.println(" -cert arg\t- certificate file to use");
- System.out.println(" -key arg\t- Private key file to use");
- System.out.println("\t\t Can repeat up to " + cert_size +
- " times");
- System.out.println(" -CAfile arg\t- Certificate authority.");
- System.out.println("\t\t Can repeat up to " + ca_cert_size +
- " times");
- System.out.println(" -quiet\t\t- No client output");
- System.out.println(" -pass\t\t- private key file pass " +
- "phrase source");
- System.out.println(" -reconnect\t- Drop and re-make the " +
- "connection with the same Session-ID");
-
- if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
- {
- System.out.println(" -debug\t\t- Print more output");
- System.out.println(" -state\t\t- Show state messages");
- System.out.println(" -show-rsa\t- Show RSA state");
- }
- }
- else
- {
- System.out.println("Change configuration to allow this feature");
- }
-
- System.exit(1);
- }
-
- /**
- * Display what cipher we are using
- */
- private void display_cipher(SSL ssl)
- {
- System.out.print("CIPHER is ");
-
- byte ciph_id = ssl.getCipherId();
-
- if (ciph_id == axtlsj.SSL_AES128_SHA)
- System.out.println("AES128-SHA");
- else if (ciph_id == axtlsj.SSL_AES256_SHA)
- System.out.println("AES256-SHA");
- else if (ciph_id == axtlsj.SSL_RC4_128_SHA)
- System.out.println("RC4-SHA");
- else if (ciph_id == axtlsj.SSL_RC4_128_MD5)
- System.out.println("RC4-MD5");
- else
- System.out.println("Unknown - " + ssl.getCipherId());
- }
-
- public char toHexChar(int i)
- {
- if ((0 <= i) && (i <= 9 ))
- return (char)('0' + i);
- else
- return (char)('a' + (i-10));
- }
-
- public void bytesToHex(byte[] data)
- {
- StringBuffer buf = new StringBuffer();
- for (int i = 0; i < data.length; i++ )
- {
- buf.append(toHexChar((data[i]>>>4)&0x0F));
- buf.append(toHexChar(data[i]&0x0F));
- }
-
- System.out.println(buf);
- }
-
-
- /**
- * Display what session id we have.
- */
- private void display_session_id(SSL ssl)
- {
- byte[] session_id = ssl.getSessionId();
-
- if (session_id.length > 0)
- {
- System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
- bytesToHex(session_id);
- System.out.println("-----END SSL SESSION PARAMETERS-----");
- }
- }
-}
diff --git a/libs/nixio/axTLS/samples/java/manifest.mf b/libs/nixio/axTLS/samples/java/manifest.mf
deleted file mode 100644
index b906ed29ed..0000000000
--- a/libs/nixio/axTLS/samples/java/manifest.mf
+++ /dev/null
@@ -1 +0,0 @@
-Main-Class: axssl
diff --git a/libs/nixio/axTLS/samples/lua/Makefile b/libs/nixio/axTLS/samples/lua/Makefile
deleted file mode 100644
index a460da3c55..0000000000
--- a/libs/nixio/axTLS/samples/lua/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# Copyright (c) 2007, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-
-all: samples
-TARGET=../../$(STAGE)/axssl.lua
-samples: $(TARGET)
-
-$(TARGET): axssl.lua
- install $< $@
-
-clean::
- -@rm -f $(TARGET)
-
diff --git a/libs/nixio/axTLS/samples/lua/axssl.lua b/libs/nixio/axTLS/samples/lua/axssl.lua
deleted file mode 100755
index 6ea26b69dd..0000000000
--- a/libs/nixio/axTLS/samples/lua/axssl.lua
+++ /dev/null
@@ -1,562 +0,0 @@
-#!/usr/local/bin/lua
-
---
--- Copyright (c) 2007, Cameron Rich
---
--- All rights reserved.
---
--- Redistribution and use in source and binary forms, with or without
--- modification, are permitted provided that the following conditions are met:
---
--- * Redistributions of source code must retain the above copyright notice,
--- this list of conditions and the following disclaimer.
--- * Redistributions in binary form must reproduce the above copyright
--- notice, this list of conditions and the following disclaimer in the
--- documentation and/or other materials provided with the distribution.
--- * Neither the name of the axTLS project nor the names of its
--- contributors may be used to endorse or promote products derived
--- from this software without specific prior written permission.
---
--- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
--- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
--- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
--- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
--- CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
--- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
--- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
--- OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
--- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
--- THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
---
-
---
--- Demonstrate the use of the axTLS library in Lua with a set of
--- command-line parameters similar to openssl. In fact, openssl clients
--- should be able to communicate with axTLS servers and visa-versa.
---
--- This code has various bits enabled depending on the configuration. To enable
--- the most interesting version, compile with the 'full mode' enabled.
---
--- To see what options you have, run the following:
--- > [lua] axssl s_server -?
--- > [lua] axssl s_client -?
---
--- The axtls/axtlsl shared libraries must be in the same directory or be found
--- by the OS.
---
---
-require "bit"
-require("axtlsl")
-local socket = require("socket")
-
--- print version?
-if #arg == 1 and arg[1] == "version" then
- print("axssl.lua "..axtlsl.ssl_version())
- os.exit(1)
-end
-
---
--- We've had some sort of command-line error. Print out the basic options.
---
-function print_options(option)
- print("axssl: Error: '"..option.."' is an invalid command.")
- print("usage: axssl [s_server|s_client|version] [args ...]")
- os.exit(1)
-end
-
---
--- We've had some sort of command-line error. Print out the server options.
---
-function print_server_options(build_mode, option)
- local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
- local ca_cert_size = axtlsl.ssl_get_config(
- axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
-
- print("unknown option "..option)
- print("usage: s_server [args ...]")
- print(" -accept\t- port to accept on (default is 4433)")
- print(" -quiet\t\t- No server output")
-
- if build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
- print(" -cert arg\t- certificate file to add (in addition to "..
- "default) to chain -")
- print("\t\t Can repeat up to "..cert_size.." times")
- print(" -key arg\t- Private key file to use - default DER format")
- print(" -pass\t\t- private key file pass phrase source")
- end
-
- if build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
- print(" -verify\t- turn on peer certificate verification")
- print(" -CAfile arg\t- Certificate authority - default DER format")
- print("\t\t Can repeat up to "..ca_cert_size.." times")
- end
-
- if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
- print(" -debug\t\t- Print more output")
- print(" -state\t\t- Show state messages")
- print(" -show-rsa\t- Show RSA state")
- end
-
- os.exit(1)
-end
-
---
--- We've had some sort of command-line error. Print out the client options.
---
-function print_client_options(build_mode, option)
- local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
- local ca_cert_size = axtlsl.ssl_get_config(
- axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
-
- print("unknown option "..option)
-
- if build_mode >= axtlsl.SSL_BUILD_ENABLE_CLIENT then
- print("usage: s_client [args ...]")
- print(" -connect host:port - who to connect to (default "..
- "is localhost:4433)")
- print(" -verify\t- turn on peer certificate verification")
- print(" -cert arg\t- certificate file to use - default DER format")
- print(" -key arg\t- Private key file to use - default DER format")
- print("\t\t Can repeat up to "..cert_size.." times")
- print(" -CAfile arg\t- Certificate authority - default DER format")
- print("\t\t Can repeat up to "..ca_cert_size.."times")
- print(" -quiet\t\t- No client output")
- print(" -pass\t\t- private key file pass phrase source")
- print(" -reconnect\t- Drop and re-make the connection "..
- "with the same Session-ID")
-
- if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
- print(" -debug\t\t- Print more output")
- print(" -state\t\t- Show state messages")
- print(" -show-rsa\t- Show RSA state")
- end
- else
- print("Change configuration to allow this feature")
- end
-
- os.exit(1)
-end
-
--- Implement the SSL server logic.
-function do_server(build_mode)
- local i = 2
- local v
- local port = 4433
- local options = axtlsl.SSL_DISPLAY_CERTS
- local quiet = false
- local password = ""
- local private_key_file = nil
- local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
- local ca_cert_size = axtlsl.
- ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
- local cert = {}
- local ca_cert = {}
-
- while i <= #arg do
- if arg[i] == "-accept" then
- if i >= #arg then
- print_server_options(build_mode, arg[i])
- end
-
- i = i + 1
- port = arg[i]
- elseif arg[i] == "-quiet" then
- quiet = true
- options = bit.band(options, bit.bnot(axtlsl.SSL_DISPLAY_CERTS))
- elseif build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
- if arg[i] == "-cert" then
- if i >= #arg or #cert >= cert_size then
- print_server_options(build_mode, arg[i])
- end
-
- i = i + 1
- table.insert(cert, arg[i])
- elseif arg[i] == "-key" then
- if i >= #arg then
- print_server_options(build_mode, arg[i])
- end
-
- i = i + 1
- private_key_file = arg[i]
- options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
- elseif arg[i] == "-pass" then
- if i >= #arg then
- print_server_options(build_mode, arg[i])
- end
-
- i = i + 1
- password = arg[i]
- elseif build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
- if arg[i] == "-verify" then
- options = bit.bor(options, axtlsl.SSL_CLIENT_AUTHENTICATION)
- elseif arg[i] == "-CAfile" then
- if i >= #arg or #ca_cert >= ca_cert_size then
- print_server_options(build_mode, arg[i])
- end
-
- i = i + 1
- table.insert(ca_cert, arg[i])
- elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
- if arg[i] == "-debug" then
- options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
- elseif arg[i] == "-state" then
- options = bit.bor(options, axtlsl.SSL_DISPLAY_STATES)
- elseif arg[i] == "-show-rsa" then
- options = bit.bor(options, axtlsl.SSL_DISPLAY_RSA)
- else
- print_server_options(build_mode, arg[i])
- end
- else
- print_server_options(build_mode, arg[i])
- end
- else
- print_server_options(build_mode, arg[i])
- end
- else
- print_server_options(build_mode, arg[i])
- end
-
- i = i + 1
- end
-
- -- Create socket for incoming connections
- local server_sock = socket.try(socket.bind("*", port))
-
- ---------------------------------------------------------------------------
- -- This is where the interesting stuff happens. Up until now we've
- -- just been setting up sockets etc. Now we do the SSL handshake.
- ---------------------------------------------------------------------------
- local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_SVR_SESS)
- if ssl_ctx == nil then error("Error: Server context is invalid") end
-
- if private_key_file ~= nil then
- local obj_type = axtlsl.SSL_OBJ_RSA_KEY
-
- if string.find(private_key_file, ".p8") then
- obj_type = axtlsl.SSL_OBJ_PKCS8
- end
-
- if string.find(private_key_file, ".p12") then
- obj_type = axtlsl.SSL_OBJ_PKCS12
- end
-
- if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file,
- password) ~= axtlsl.SSL_OK then
- error("Private key '" .. private_key_file .. "' is undefined.")
- end
- end
-
- for _, v in ipairs(cert) do
- if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~=
- axtlsl.SSL_OK then
- error("Certificate '"..v .. "' is undefined.")
- end
- end
-
- for _, v in ipairs(ca_cert) do
- if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~=
- axtlsl.SSL_OK then
- error("Certificate '"..v .."' is undefined.")
- end
- end
-
- while true do
- if not quiet then print("ACCEPT") end
- local client_sock = server_sock:accept();
- local ssl = axtlsl.ssl_server_new(ssl_ctx, client_sock:getfd())
-
- -- do the actual SSL handshake
- local connected = false
- local res
- local buf
-
- while true do
- socket.select({client_sock}, nil)
- res, buf = axtlsl.ssl_read(ssl)
-
- if res == axtlsl.SSL_OK then -- connection established and ok
- if axtlsl.ssl_handshake_status(ssl) == axtlsl.SSL_OK then
- if not quiet and not connected then
- display_session_id(ssl)
- display_cipher(ssl)
- end
- connected = true
- end
- end
-
- if res > axtlsl.SSL_OK then
- for _, v in ipairs(buf) do
- io.write(string.format("%c", v))
- end
- elseif res < axtlsl.SSL_OK then
- if not quiet then
- axtlsl.ssl_display_error(res)
- end
- break
- end
- end
-
- -- client was disconnected or the handshake failed.
- print("CONNECTION CLOSED")
- axtlsl.ssl_free(ssl)
- client_sock:close()
- end
-
- axtlsl.ssl_ctx_free(ssl_ctx)
-end
-
---
--- Implement the SSL client logic.
---
-function do_client(build_mode)
- local i = 2
- local v
- local port = 4433
- local options =
- bit.bor(axtlsl.SSL_SERVER_VERIFY_LATER, axtlsl.SSL_DISPLAY_CERTS)
- local private_key_file = nil
- local reconnect = 0
- local quiet = false
- local password = ""
- local session_id = {}
- local host = "127.0.0.1"
- local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
- local ca_cert_size = axtlsl.
- ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
- local cert = {}
- local ca_cert = {}
-
- while i <= #arg do
- if arg[i] == "-connect" then
- if i >= #arg then
- print_client_options(build_mode, arg[i])
- end
-
- i = i + 1
- local t = string.find(arg[i], ":")
- host = string.sub(arg[i], 1, t-1)
- port = string.sub(arg[i], t+1)
- elseif arg[i] == "-cert" then
- if i >= #arg or #cert >= cert_size then
- print_client_options(build_mode, arg[i])
- end
-
- i = i + 1
- table.insert(cert, arg[i])
- elseif arg[i] == "-key" then
- if i >= #arg then
- print_client_options(build_mode, arg[i])
- end
-
- i = i + 1
- private_key_file = arg[i]
- options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
- elseif arg[i] == "-CAfile" then
- if i >= #arg or #ca_cert >= ca_cert_size then
- print_client_options(build_mode, arg[i])
- end
-
- i = i + 1
- table.insert(ca_cert, arg[i])
- elseif arg[i] == "-verify" then
- options = bit.band(options,
- bit.bnot(axtlsl.SSL_SERVER_VERIFY_LATER))
- elseif arg[i] == "-reconnect" then
- reconnect = 4
- elseif arg[i] == "-quiet" then
- quiet = true
- options = bit.band(options, bnot(axtlsl.SSL_DISPLAY_CERTS))
- elseif arg[i] == "-pass" then
- if i >= #arg then
- print_server_options(build_mode, arg[i])
- end
-
- i = i + 1
- password = arg[i]
- elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
- if arg[i] == "-debug" then
- options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
- elseif arg[i] == "-state" then
- options = bit.bor(axtlsl.SSL_DISPLAY_STATES)
- elseif arg[i] == "-show-rsa" then
- options = bit.bor(axtlsl.SSL_DISPLAY_RSA)
- else -- don't know what this is
- print_client_options(build_mode, arg[i])
- end
- else -- don't know what this is
- print_client_options(build_mode, arg[i])
- end
-
- i = i + 1
- end
-
- local client_sock = socket.try(socket.connect(host, port))
- local ssl
- local res
-
- if not quiet then print("CONNECTED") end
-
- ---------------------------------------------------------------------------
- -- This is where the interesting stuff happens. Up until now we've
- -- just been setting up sockets etc. Now we do the SSL handshake.
- ---------------------------------------------------------------------------
- local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_CLNT_SESS)
-
- if ssl_ctx == nil then
- error("Error: Client context is invalid")
- end
-
- if private_key_file ~= nil then
- local obj_type = axtlsl.SSL_OBJ_RSA_KEY
-
- if string.find(private_key_file, ".p8") then
- obj_type = axtlsl.SSL_OBJ_PKCS8
- end
-
- if string.find(private_key_file, ".p12") then
- obj_type = axtlsl.SSL_OBJ_PKCS12
- end
-
- if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file,
- password) ~= axtlsl.SSL_OK then
- error("Private key '"..private_key_file.."' is undefined.")
- end
- end
-
- for _, v in ipairs(cert) do
- if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~=
- axtlsl.SSL_OK then
- error("Certificate '"..v .. "' is undefined.")
- end
- end
-
- for _, v in ipairs(ca_cert) do
- if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~=
- axtlsl.SSL_OK then
- error("Certificate '"..v .."' is undefined.")
- end
- end
-
- -- Try session resumption?
- if reconnect ~= 0 then
- local session_id = nil
- local sess_id_size = 0
-
- while reconnect > 0 do
- reconnect = reconnect - 1
- ssl = axtlsl.ssl_client_new(ssl_ctx,
- client_sock:getfd(), session_id, sess_id_size)
-
- res = axtlsl.ssl_handshake_status(ssl)
- if res ~= axtlsl.SSL_OK then
- if not quiet then axtlsl.ssl_display_error(res) end
- axtlsl.ssl_free(ssl)
- os.exit(1)
- end
-
- display_session_id(ssl)
- session_id = axtlsl.ssl_get_session_id(ssl)
- sess_id_size = axtlsl.ssl_get_session_id_size(ssl)
-
- if reconnect > 0 then
- axtlsl.ssl_free(ssl)
- client_sock:close()
- client_sock = socket.try(socket.connect(host, port))
- end
-
- end
- else
- ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil, 0)
- end
-
- -- check the return status
- res = axtlsl.ssl_handshake_status(ssl)
- if res ~= axtlsl.SSL_OK then
- if not quiet then axtlsl.ssl_display_error(res) end
- os.exit(1)
- end
-
- if not quiet then
- local common_name = axtlsl.ssl_get_cert_dn(ssl,
- axtlsl.SSL_X509_CERT_COMMON_NAME)
-
- if common_name ~= nil then
- print("Common Name:\t\t\t"..common_name)
- end
-
- display_session_id(ssl)
- display_cipher(ssl)
- end
-
- while true do
- local line = io.read()
- if line == nil then break end
- local bytes = {}
-
- for i = 1, #line do
- bytes[i] = line.byte(line, i)
- end
-
- bytes[#line+1] = 10 -- add carriage return, null
- bytes[#line+2] = 0
-
- res = axtlsl.ssl_write(ssl, bytes, #bytes)
- if res < axtlsl.SSL_OK then
- if not quiet then axtlsl.ssl_display_error(res) end
- break
- end
- end
-
- axtlsl.ssl_ctx_free(ssl_ctx)
- client_sock:close()
-end
-
---
--- Display what cipher we are using
---
-function display_cipher(ssl)
- io.write("CIPHER is ")
- local cipher_id = axtlsl.ssl_get_cipher_id(ssl)
-
- if cipher_id == axtlsl.SSL_AES128_SHA then
- print("AES128-SHA")
- elseif cipher_id == axtlsl.SSL_AES256_SHA then
- print("AES256-SHA")
- elseif axtlsl.SSL_RC4_128_SHA then
- print("RC4-SHA")
- elseif axtlsl.SSL_RC4_128_MD5 then
- print("RC4-MD5")
- else
- print("Unknown - "..cipher_id)
- end
-end
-
---
--- Display what session id we have.
---
-function display_session_id(ssl)
- local session_id = axtlsl.ssl_get_session_id(ssl)
- local v
-
- if #session_id > 0 then
- print("-----BEGIN SSL SESSION PARAMETERS-----")
- for _, v in ipairs(session_id) do
- io.write(string.format("%02x", v))
- end
- print("\n-----END SSL SESSION PARAMETERS-----")
- end
-end
-
---
--- Main entry point. Doesn't do much except works out whether we are a client
--- or a server.
---
-if #arg == 0 or (arg[1] ~= "s_server" and arg[1] ~= "s_client") then
- print_options(#arg > 0 and arg[1] or "")
-end
-
-local build_mode = axtlsl.ssl_get_config(axtlsl.SSL_BUILD_MODE)
-_ = arg[1] == "s_server" and do_server(build_mode) or do_client(build_mode)
-os.exit(0)
-
diff --git a/libs/nixio/axTLS/samples/perl/Makefile b/libs/nixio/axTLS/samples/perl/Makefile
deleted file mode 100644
index 5200c4302e..0000000000
--- a/libs/nixio/axTLS/samples/perl/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# Copyright (c) 2007, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-
-all: samples
-TARGET=../../$(STAGE)/axssl.pl
-samples: $(TARGET)
-
-$(TARGET): axssl.pl
- install $< $@
-
-clean::
- -@rm -f $(TARGET)
-
diff --git a/libs/nixio/axTLS/samples/perl/axssl.pl b/libs/nixio/axTLS/samples/perl/axssl.pl
deleted file mode 100755
index e49d52270d..0000000000
--- a/libs/nixio/axTLS/samples/perl/axssl.pl
+++ /dev/null
@@ -1,634 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Copyright (c) 2007, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-#
-# Demonstrate the use of the axTLS library in Perl with a set of
-# command-line parameters similar to openssl. In fact, openssl clients
-# should be able to communicate with axTLS servers and visa-versa.
-#
-# This code has various bits enabled depending on the configuration. To enable
-# the most interesting version, compile with the 'full mode' enabled.
-#
-# To see what options you have, run the following:
-# > [perl] axssl s_server -?
-# > [perl] axssl s_client -?
-#
-# The axtls/axtlsp shared libraries must be in the same directory or be found
-# by the OS. axtlsp.pm must be in this directory or be in @INC.
-#
-# Under Win32, ActivePerl was used (see
-# http://www.activestate.com/Products/ActivePerl/?mp=1)
-#
-use axtlsp;
-use IO::Socket;
-
-# To get access to Win32 file descriptor stuff
-my $is_win32 = 0;
-
-if ($^O eq "MSWin32")
-{
- eval("use Win32API::File 0.08 qw( :ALL )");
- $is_win32 = 1;
-}
-
-use strict;
-
-#
-# Win32 has some problems with socket handles
-#
-sub get_native_sock
-{
- my ($sock) = @_;
- return $is_win32 ? FdGetOsFHandle($sock) : $sock;
-}
-
-# print version?
-if ($#ARGV == 0 && $ARGV[0] eq "version")
-{
- printf("axssl.pl ".axtlsp::ssl_version()."\n");
- exit 0;
-}
-
-#
-# Main entry point. Doesn't do much except works out whether we are a client
-# or a server.
-#
-print_options($#ARGV > -1 ? $ARGV[0] : "")
- if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
-
-
-# Cygwin/Win32 issue - flush our output continuously
-select STDOUT;
-local $|=1;
-
-my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
-$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
-
-#
-# Implement the SSL server logic.
-#
-sub do_server
-{
- my ($build_mode) = @_;
- my $i = 1;
- my $port = 4433;
- my $options = $axtlsp::SSL_DISPLAY_CERTS;
- my $quiet = 0;
- my $password = undef;
- my $private_key_file = undef;
- my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
- my $ca_cert_size = axtlsp::ssl_get_config(
- $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
- my @cert;
- my @ca_cert;
-
- while ($i <= $#ARGV)
- {
- if ($ARGV[$i] eq "-accept")
- {
- print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- $port = $ARGV[++$i];
- }
- elsif ($ARGV[$i] eq "-quiet")
- {
- $quiet = 1;
- $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
- }
- elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
- {
- if ($ARGV[$i] eq "-cert")
- {
- print_server_options($build_mode, $ARGV[$i])
- if $i >= $#ARGV || $#cert >= $cert_size-1;
-
- push @cert, $ARGV[++$i];
- }
- elsif ($ARGV[$i] eq "-key")
- {
- print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- $private_key_file = $ARGV[++$i];
- $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
- }
- elsif ($ARGV[$i] eq "-pass")
- {
- print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- $password = $ARGV[++$i];
- }
- elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
- {
- if ($ARGV[$i] eq "-verify")
- {
- $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
- }
- elsif ($ARGV[$i] eq "-CAfile")
- {
- print_server_options($build_mode, $ARGV[$i])
- if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
- push @ca_cert, $ARGV[++$i];
- }
- elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
- {
- if ($ARGV[$i] eq "-debug")
- {
- $options |= $axtlsp::SSL_DISPLAY_BYTES;
- }
- elsif ($ARGV[$i] eq "-state")
- {
- $options |= $axtlsp::SSL_DISPLAY_STATES;
- }
- elsif ($ARGV[$i] eq "-show-rsa")
- {
- $options |= $axtlsp::SSL_DISPLAY_RSA;
- }
- else
- {
- print_server_options($build_mode, $ARGV[$i]);
- }
- }
- else
- {
- print_server_options($build_mode, $ARGV[$i]);
- }
- }
- else
- {
- print_server_options($build_mode, $ARGV[$i]);
- }
- }
- else
- {
- print_server_options($build_mode, $ARGV[$i]);
- }
-
- $i++;
- }
-
- # Create socket for incoming connections
- my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
- LocalPort => $port,
- Listen => 1,
- Reuse => 1) or die $!;
-
- ###########################################################################
- # This is where the interesting stuff happens. Up until now we've
- # just been setting up sockets etc. Now we do the SSL handshake.
- ###########################################################################
- my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
- die "Error: Server context is invalid" if not defined $ssl_ctx;
-
- if (defined $private_key_file)
- {
- my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
-
- $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
- $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
-
- die "Private key '$private_key_file' is undefined." if
- axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
- $private_key_file, $password);
- }
-
- foreach (@cert)
- {
- die "Certificate '$_' is undefined."
- if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT,
- $_, undef) != $axtlsp::SSL_OK;
- }
-
- foreach (@ca_cert)
- {
- die "Certificate '$_' is undefined."
- if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT,
- $_, undef) != $axtlsp::SSL_OK;
- }
-
- for (;;)
- {
- printf("ACCEPT\n") if not $quiet;
- my $client_sock = $server_sock->accept;
- my $native_sock = get_native_sock($client_sock->fileno);
-
- # This doesn't work in Win32 - need to get file descriptor from socket.
- my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
-
- # do the actual SSL handshake
- my $res;
- my $buf;
- my $connected = 0;
-
- while (1)
- {
- ($res, $buf) = axtlsp::ssl_read($ssl, undef);
- last if $res < $axtlsp::SSL_OK;
-
- if ($res == $axtlsp::SSL_OK) # connection established and ok
- {
- if (axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK)
- {
- if (!$quiet && !$connected)
- {
- display_session_id($ssl);
- display_cipher($ssl);
- }
-
- $connected = 1;
- }
- }
-
- if ($res > $axtlsp::SSL_OK)
- {
- printf($$buf);
- }
- elsif ($res < $axtlsp::SSL_OK)
- {
- axtlsp::ssl_display_error($res) if not $quiet;
- last;
- }
- }
-
- # client was disconnected or the handshake failed.
- printf("CONNECTION CLOSED\n") if not $quiet;
- axtlsp::ssl_free($ssl);
- $client_sock->close;
- }
-
- axtlsp::ssl_ctx_free($ssl_ctx);
-}
-
-#
-# Implement the SSL client logic.
-#
-sub do_client
-{
- my ($build_mode) = @_;
- my $i = 1;
- my $port = 4433;
- my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
- my $private_key_file = undef;
- my $reconnect = 0;
- my $quiet = 0;
- my $password = undef;
- my @session_id;
- my $host = "127.0.0.1";
- my @cert;
- my @ca_cert;
- my $cert_size = axtlsp::ssl_get_config(
- $axtlsp::SSL_MAX_CERT_CFG_OFFSET);
- my $ca_cert_size = axtlsp::ssl_get_config(
- $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
- while ($i <= $#ARGV)
- {
- if ($ARGV[$i] eq "-connect")
- {
- print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- ($host, $port) = split(':', $ARGV[++$i]);
- }
- elsif ($ARGV[$i] eq "-cert")
- {
- print_client_options($build_mode, $ARGV[$i])
- if $i >= $#ARGV || $#cert >= $cert_size-1;
-
- push @cert, $ARGV[++$i];
- }
- elsif ($ARGV[$i] eq "-key")
- {
- print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- $private_key_file = $ARGV[++$i];
- $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
- }
- elsif ($ARGV[$i] eq "-CAfile")
- {
- print_client_options($build_mode, $ARGV[$i])
- if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
-
- push @ca_cert, $ARGV[++$i];
- }
- elsif ($ARGV[$i] eq "-verify")
- {
- $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
- }
- elsif ($ARGV[$i] eq "-reconnect")
- {
- $reconnect = 4;
- }
- elsif ($ARGV[$i] eq "-quiet")
- {
- $quiet = 1;
- $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
- }
- elsif ($ARGV[$i] eq "-pass")
- {
- print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
- $password = $ARGV[++$i];
- }
- elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
- {
- if ($ARGV[$i] eq "-debug")
- {
- $options |= $axtlsp::SSL_DISPLAY_BYTES;
- }
- elsif ($ARGV[$i] eq "-state")
- {
- $options |= $axtlsp::SSL_DISPLAY_STATES;
- }
- elsif ($ARGV[$i] eq "-show-rsa")
- {
- $options |= $axtlsp::SSL_DISPLAY_RSA;
- }
- else # don't know what this is
- {
- print_client_options($build_mode, $ARGV[$i]);
- }
- }
- else # don't know what this is
- {
- print_client_options($build_mode, $ARGV[$i]);
- }
-
- $i++;
- }
-
- my $client_sock = new IO::Socket::INET (
- PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
- || die ("no socket: $!");
- my $ssl;
- my $res;
- my $native_sock = get_native_sock($client_sock->fileno);
-
- printf("CONNECTED\n") if not $quiet;
-
- ###########################################################################
- # This is where the interesting stuff happens. Up until now we've
- # just been setting up sockets etc. Now we do the SSL handshake.
- ###########################################################################
- my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
- die "Error: Client context is invalid" if not defined $ssl_ctx;
-
- if (defined $private_key_file)
- {
- my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
-
- $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
- $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
-
- die "Private key '$private_key_file' is undefined." if
- axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
- $private_key_file, $password);
- }
-
- foreach (@cert)
- {
- die "Certificate '$_' is undefined."
- if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT,
- $_, undef) != $axtlsp::SSL_OK;
- }
-
- foreach (@ca_cert)
- {
- die "Certificate '$_' is undefined."
- if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT,
- $_, undef) != $axtlsp::SSL_OK;
- }
-
- # Try session resumption?
- if ($reconnect)
- {
- my $session_id = undef;
- my $sess_id_size = 0;
-
- while ($reconnect--)
- {
- $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock,
- $session_id, $sess_id_size);
-
- $res = axtlsp::ssl_handshake_status($ssl);
- if ($res != $axtlsp::SSL_OK)
- {
- axtlsp::ssl_display_error($res) if !$quiet;
- axtlsp::ssl_free($ssl);
- exit 1;
- }
-
- display_session_id($ssl);
- $session_id = axtlsp::ssl_get_session_id($ssl);
-
- if ($reconnect)
- {
- axtlsp::ssl_free($ssl);
- $client_sock->close;
- $client_sock = new IO::Socket::INET (
- PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
- || die ("no socket: $!");
-
- }
- }
- }
- else
- {
- $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0);
- }
-
- # check the return status
- $res = axtlsp::ssl_handshake_status($ssl);
- if ($res != $axtlsp::SSL_OK)
- {
- axtlsp::ssl_display_error($res) if not $quiet;
- exit 1;
- }
-
- if (!$quiet)
- {
- my $common_name = axtlsp::ssl_get_cert_dn($ssl,
- $axtlsp::SSL_X509_CERT_COMMON_NAME);
-
- printf("Common Name:\t\t\t%s\n", $common_name) if defined $common_name;
- display_session_id($ssl);
- display_cipher($ssl);
- }
-
- while (<STDIN>)
- {
- my $cstring = pack("a*x", $_); # add null terminator
- $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
- if ($res < $axtlsp::SSL_OK)
- {
- axtlsp::ssl_display_error($res) if not $quiet;
- last;
- }
- }
-
- axtlsp::ssl_ctx_free($ssl_ctx);
- $client_sock->close;
-}
-
-#
-# We've had some sort of command-line error. Print out the basic options.
-#
-sub print_options
-{
- my ($option) = @_;
- printf("axssl: Error: '%s' is an invalid command.\n", $option);
- printf("usage: axssl [s_server|s_client|version] [args ...]\n");
- exit 1;
-}
-
-#
-# We've had some sort of command-line error. Print out the server options.
-#
-sub print_server_options
-{
- my ($build_mode, $option) = @_;
- my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
- my $ca_cert_size = axtlsp::ssl_get_config(
- $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
- printf("unknown option %s\n", $option);
- printf("usage: s_server [args ...]\n");
- printf(" -accept arg\t- port to accept on (default is 4433)\n");
- printf(" -quiet\t\t- No server output\n");
-
- if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
- {
- printf(" -cert arg\t- certificate file to add (in addition to default)".
- " to chain -\n".
- "\t\t Can repeat up to %d times\n", $cert_size);
- printf(" -key arg\t- Private key file to use - default DER format\n");
- printf(" -pass\t\t- private key file pass phrase source\n");
- }
-
- if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
- {
- printf(" -verify\t- turn on peer certificate verification\n");
- printf(" -CAfile arg\t- Certificate authority - default DER format\n");
- printf("\t\t Can repeat up to %d times\n", $ca_cert_size);
- }
-
- if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
- {
- printf(" -debug\t\t- Print more output\n");
- printf(" -state\t\t- Show state messages\n");
- printf(" -show-rsa\t- Show RSA state\n");
- }
-
- exit 1;
-}
-
-#
-# We've had some sort of command-line error. Print out the client options.
-#
-sub print_client_options
-{
- my ($build_mode, $option) = @_;
- my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
- my $ca_cert_size = axtlsp::ssl_get_config(
- $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
- printf("unknown option %s\n", $option);
-
- if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
- {
- printf("usage: s_client [args ...]\n");
- printf(" -connect host:port - who to connect to (default ".
- "is localhost:4433)\n");
- printf(" -verify\t- turn on peer certificate verification\n");
- printf(" -cert arg\t- certificate file to use - default DER format\n");
- printf(" -key arg\t- Private key file to use - default DER format\n");
- printf("\t\t Can repeat up to %d times\n", $cert_size);
- printf(" -CAfile arg\t- Certificate authority - default DER format\n");
- printf("\t\t Can repeat up to %d times\n", $ca_cert_size);
- printf(" -quiet\t\t- No client output\n");
- printf(" -pass\t\t- private key file pass phrase source\n");
- printf(" -reconnect\t- Drop and re-make the connection ".
- "with the same Session-ID\n");
-
- if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
- {
- printf(" -debug\t\t- Print more output\n");
- printf(" -state\t\t- Show state messages\n");
- printf(" -show-rsa\t- Show RSA state\n");
- }
- }
- else
- {
- printf("Change configuration to allow this feature\n");
- }
-
- exit 1;
-}
-
-#
-# Display what cipher we are using
-#
-sub display_cipher
-{
- my ($ssl) = @_;
- printf("CIPHER is ");
- my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
-
- if ($cipher_id == $axtlsp::SSL_AES128_SHA)
- {
- printf("AES128-SHA");
- }
- elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
- {
- printf("AES256-SHA");
- }
- elsif ($axtlsp::SSL_RC4_128_SHA)
- {
- printf("RC4-SHA");
- }
- elsif ($axtlsp::SSL_RC4_128_MD5)
- {
- printf("RC4-MD5");
- }
- else
- {
- printf("Unknown - %d", $cipher_id);
- }
-
- printf("\n");
-}
-
-#
-# Display what session id we have.
-#
-sub display_session_id
-{
- my ($ssl) = @_;
- my $session_id = axtlsp::ssl_get_session_id($ssl);
- if (length($$session_id) > 0)
- {
- printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
- printf(unpack("H*", $$session_id));
- printf("\n-----END SSL SESSION PARAMETERS-----\n");
- }
-}
diff --git a/libs/nixio/axTLS/samples/vbnet/Makefile b/libs/nixio/axTLS/samples/vbnet/Makefile
deleted file mode 100644
index 0984d4e02e..0000000000
--- a/libs/nixio/axTLS/samples/vbnet/Makefile
+++ /dev/null
@@ -1,48 +0,0 @@
-#
-# Copyright (c) 2007, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-# this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-include ../../config/makefile.dotnet.conf
-
-# only build on Win32 platforms
-ifdef GO_DOT_NET
-all : sample
-TARGET=../../$(STAGE)/axssl.vbnet.exe
-sample : $(TARGET)
-
-$(TARGET): ../../bindings/vbnet/axTLSvb.vb ../../bindings/vbnet/axInterface.vb axssl.vb
- vbc.exe /r:"`cygpath -w "$(CONFIG_DOT_NET_FRAMEWORK_BASE)/System.dll"`" /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`")
-
-endif # ARCH
-
-clean::
- -@rm -f $(TARGET)
-
diff --git a/libs/nixio/axTLS/samples/vbnet/axssl.vb b/libs/nixio/axTLS/samples/vbnet/axssl.vb
deleted file mode 100644
index 1b423c8659..0000000000
--- a/libs/nixio/axTLS/samples/vbnet/axssl.vb
+++ /dev/null
@@ -1,702 +0,0 @@
-'
-' Copyright (c) 2007, Cameron Rich
-'
-' All rights reserved.
-'
-' Redistribution and use in source and binary forms, with or without
-' modification, are permitted provided that the following conditions are met:
-'
-' * Redistributions of source code must retain the above copyright notice,
-' this list of conditions and the following disclaimer.
-' * Redistributions in binary form must reproduce the above copyright
-' notice, this list of conditions and the following disclaimer in the
-' documentation and/or other materials provided with the distribution.
-' * Neither the name of the axTLS project nor the names of its
-' contributors may be used to endorse or promote products derived
-' from this software without specific prior written permission.
-'
-' THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-' "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-' LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-' A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-' CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-' SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-' TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-' DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-' OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-' NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-' THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-'
-
-'
-' Demonstrate the use of the axTLS library in VB.NET with a set of
-' command-line parameters similar to openssl. In fact, openssl clients
-' should be able to communicate with axTLS servers and visa-versa.
-'
-' This code has various bits enabled depending on the configuration. To enable
-' the most interesting version, compile with the 'full mode' enabled.
-'
-' To see what options you have, run the following:
-' > axssl.vbnet.exe s_server -?
-' > axssl.vbnet.exe s_client -?
-'
-' The axtls shared library must be in the same directory or be found
-' by the OS.
-'
-
-Imports System
-Imports System.Net
-Imports System.Net.Sockets
-Imports Microsoft.VisualBasic
-Imports axTLSvb
-
-Public Class axssl
- '
- ' do_server()
- '
- Public Sub do_server(ByVal build_mode As Integer, _
- ByVal args() As String)
- Dim i As Integer = 1
- Dim port As Integer = 4433
- Dim options As Integer = axtls.SSL_DISPLAY_CERTS
- Dim quiet As Boolean = False
- Dim password As String = Nothing
- Dim private_key_file As String = Nothing
-
- ' organise the cert/ca_cert lists
- Dim cert_size As Integer = SSLUtil.MaxCerts()
- Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
- Dim cert(cert_size) As String
- Dim ca_cert(ca_cert_size) As String
- Dim cert_index As Integer = 0
- Dim ca_cert_index As Integer = 0
-
- While i < args.Length
- If args(i) = "-accept" Then
- If i >= args.Length-1
- print_server_options(build_mode, args(i))
- End If
-
- i += 1
- port = Int32.Parse(args(i))
- ElseIf args(i) = "-quiet"
- quiet = True
- options = options And Not axtls.SSL_DISPLAY_CERTS
- ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY
- If args(i) = "-cert"
- If i >= args.Length-1 Or cert_index >= cert_size
- print_server_options(build_mode, args(i))
- End If
-
- i += 1
- cert(cert_index) = args(i)
- cert_index += 1
- ElseIf args(i) = "-key"
- If i >= args.Length-1
- print_server_options(build_mode, args(i))
- End If
-
- i += 1
- private_key_file = args(i)
- options = options Or axtls.SSL_NO_DEFAULT_KEY
- ElseIf args(i) = "-pass"
- If i >= args.Length-1
- print_server_options(build_mode, args(i))
- End If
-
- i += 1
- password = args(i)
- ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
- If args(i) = "-verify" Then
- options = options Or axtls.SSL_CLIENT_AUTHENTICATION
- ElseIf args(i) = "-CAfile"
- If i >= args.Length-1 Or _
- ca_cert_index >= ca_cert_size Then
- print_server_options(build_mode, args(i))
- End If
-
- i += 1
- ca_cert(ca_cert_index) = args(i)
- ca_cert_index += 1
- ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
- If args(i) = "-debug" Then
- options = options Or axtls.SSL_DISPLAY_BYTES
- ElseIf args(i) = "-state"
- options = options Or axtls.SSL_DISPLAY_STATES
- ElseIf args(i) = "-show-rsa"
- options = options Or axtls.SSL_DISPLAY_RSA
- Else
- print_server_options(build_mode, args(i))
- End If
- Else
- print_server_options(build_mode, args(i))
- End If
- Else
- print_server_options(build_mode, args(i))
- End If
- End If
-
- i += 1
- End While
-
- ' Create socket for incoming connections
- Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port)
- Dim server_sock As TcpListener = New TcpListener(ep)
- server_sock.Start()
-
- '*********************************************************************
- ' This is where the interesting stuff happens. Up until now we've
- ' just been setting up sockets etc. Now we do the SSL handshake.
- '*********************************************************************/
- Dim ssl_ctx As SSLServer = New SSLServer(options, _
- axtls.SSL_DEFAULT_SVR_SESS)
-
- If ssl_ctx Is Nothing Then
- Console.Error.WriteLine("Error: Server context is invalid")
- Environment.Exit(1)
- End If
-
- If private_key_file <> Nothing Then
- Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
-
- If private_key_file.EndsWith(".p8") Then
- obj_type = axtls.SSL_OBJ_PKCS8
- Else If (private_key_file.EndsWith(".p12"))
- obj_type = axtls.SSL_OBJ_PKCS12
- End If
-
- If ssl_ctx.ObjLoad(obj_type, private_key_file, _
- password) <> axtls.SSL_OK Then
- Console.Error.WriteLine("Error: Private key '" & _
- private_key_file & "' is undefined.")
- Environment.Exit(1)
- End If
- End If
-
- For i = 0 To cert_index-1
- If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
- cert(i), Nothing) <> axtls.SSL_OK Then
- Console.WriteLine("Certificate '" & cert(i) & _
- "' is undefined.")
- Environment.Exit(1)
- End If
- Next
-
- For i = 0 To ca_cert_index-1
- If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
- ca_cert(i), Nothing) <> axtls.SSL_OK Then
- Console.WriteLine("Certificate '" & ca_cert(i) & _
- "' is undefined.")
- Environment.Exit(1)
- End If
- Next
-
- Dim buf As Byte() = Nothing
- Dim res As Integer
- Dim ssl As SSL
-
- While 1
- If Not quiet Then
- Console.WriteLine("ACCEPT")
- End If
-
- Dim client_sock As Socket = server_sock.AcceptSocket()
-
- ssl = ssl_ctx.Connect(client_sock)
-
- ' do the actual SSL handshake
- While 1
- res = ssl_ctx.Read(ssl, buf)
- If res <> axtls.SSL_OK Then
- Exit While
- End If
-
- ' check when the connection has been established
- If ssl.HandshakeStatus() = axtls.SSL_OK
- Exit While
- End If
-
- ' could do something else here
- End While
-
- If res = axtls.SSL_OK Then ' connection established and ok
- If Not quiet
- display_session_id(ssl)
- display_cipher(ssl)
- End If
-
- ' now read (and display) whatever the client sends us
- While 1
- ' keep reading until we get something interesting
- While 1
- res = ssl_ctx.Read(ssl, buf)
- If res <> axtls.SSL_OK Then
- Exit While
- End If
-
- ' could do something else here
- End While
-
- If res < axtls.SSL_OK
- If Not quiet
- Console.WriteLine("CONNECTION CLOSED")
- End If
-
- Exit While
- End If
-
- ' convert to String
- Dim str(res) As Char
- For i = 0 To res-1
- str(i) = Chr(buf(i))
- Next
-
- Console.Write(str)
- End While
- ElseIf Not quiet
- SSLUtil.DisplayError(res)
- End If
-
- ' client was disconnected or the handshake failed. */
- ssl.Dispose()
- client_sock.Close()
- End While
-
- ssl_ctx.Dispose()
- End Sub
-
- '
- ' do_client()
- '
- Public Sub do_client(ByVal build_mode As Integer, _
- ByVal args() As String)
-
- If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then
- print_client_options(build_mode, args(1))
- End If
-
- Dim i As Integer = 1
- Dim res As Integer
- Dim port As Integer = 4433
- Dim quiet As Boolean = False
- Dim password As String = Nothing
- Dim reconnect As Integer = 0
- Dim private_key_file As String = Nothing
- Dim hostname As String = "127.0.0.1"
-
- ' organise the cert/ca_cert lists
- Dim ssl As SSL = Nothing
- Dim cert_size As Integer = SSLUtil.MaxCerts()
- Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
- Dim cert(cert_size) As String
- Dim ca_cert(ca_cert_size) As String
- Dim cert_index As Integer = 0
- Dim ca_cert_index As Integer = 0
-
- Dim options As Integer = _
- axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS
- Dim session_id As Byte() = Nothing
-
- While i < args.Length
- If args(i) = "-connect" Then
- Dim host_port As String
-
- If i >= args.Length-1
- print_client_options(build_mode, args(i))
- End If
-
- i += 1
- host_port = args(i)
-
- Dim index_colon As Integer = host_port.IndexOf(":"C)
- If index_colon < 0 Then
- print_client_options(build_mode, args(i))
- End If
-
- hostname = New String(host_port.ToCharArray(), _
- 0, index_colon)
- port = Int32.Parse(New String(host_port.ToCharArray(), _
- index_colon+1, host_port.Length-index_colon-1))
- ElseIf args(i) = "-cert"
- If i >= args.Length-1 Or cert_index >= cert_size Then
- print_client_options(build_mode, args(i))
- End If
-
- i += 1
- cert(cert_index) = args(i)
- cert_index += 1
- ElseIf args(i) = "-key"
- If i >= args.Length-1
- print_client_options(build_mode, args(i))
- End If
-
- i += 1
- private_key_file = args(i)
- options = options Or axtls.SSL_NO_DEFAULT_KEY
- ElseIf args(i) = "-CAfile"
- If i >= args.Length-1 Or ca_cert_index >= ca_cert_size
- print_client_options(build_mode, args(i))
- End If
-
- i += 1
- ca_cert(ca_cert_index) = args(i)
- ca_cert_index += 1
- ElseIf args(i) = "-verify"
- options = options And Not axtls.SSL_SERVER_VERIFY_LATER
- ElseIf args(i) = "-reconnect"
- reconnect = 4
- ElseIf args(i) = "-quiet"
- quiet = True
- options = options And Not axtls.SSL_DISPLAY_CERTS
- ElseIf args(i) = "-pass"
- If i >= args.Length-1
- print_client_options(build_mode, args(i))
- End If
-
- i += 1
- password = args(i)
- ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
- If args(i) = "-debug" Then
- options = options Or axtls.SSL_DISPLAY_BYTES
- ElseIf args(i) = "-state"
- options = options Or axtls.SSL_DISPLAY_STATES
- ElseIf args(i) = "-show-rsa"
- options = options Or axtls.SSL_DISPLAY_RSA
- Else
- print_client_options(build_mode, args(i))
- End If
- Else ' don't know what this is
- print_client_options(build_mode, args(i))
- End If
-
- i += 1
- End While
-
- 'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname)
- Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname)
- Dim addresses As IPAddress() = hostInfo.AddressList
- Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port)
- Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _
- SocketType.Stream, ProtocolType.Tcp)
- client_sock.Connect(ep)
-
- If Not client_sock.Connected Then
- Console.WriteLine("could not connect")
- Environment.Exit(1)
- End If
-
- If Not quiet Then
- Console.WriteLine("CONNECTED")
- End If
-
- '*********************************************************************
- ' This is where the interesting stuff happens. Up until now we've
- ' just been setting up sockets etc. Now we do the SSL handshake.
- '*********************************************************************/
- Dim ssl_ctx As SSLClient = New SSLClient(options, _
- axtls.SSL_DEFAULT_CLNT_SESS)
-
- If ssl_ctx Is Nothing Then
- Console.Error.WriteLine("Error: Client context is invalid")
- Environment.Exit(1)
- End If
-
- If private_key_file <> Nothing Then
- Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
-
- If private_key_file.EndsWith(".p8") Then
- obj_type = axtls.SSL_OBJ_PKCS8
- Else If (private_key_file.EndsWith(".p12"))
- obj_type = axtls.SSL_OBJ_PKCS12
- End If
-
- If ssl_ctx.ObjLoad(obj_type, private_key_file, _
- password) <> axtls.SSL_OK Then
- Console.Error.WriteLine("Error: Private key '" & _
- private_key_file & "' is undefined.")
- Environment.Exit(1)
- End If
- End If
-
- For i = 0 To cert_index-1
- If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
- cert(i), Nothing) <> axtls.SSL_OK Then
- Console.WriteLine("Certificate '" & cert(i) & _
- "' is undefined.")
- Environment.Exit(1)
- End If
- Next
-
- For i = 0 To ca_cert_index-1
- If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
- ca_cert(i), Nothing) <> axtls.SSL_OK Then
- Console.WriteLine("Certificate '" & ca_cert(i) & _
- "' is undefined.")
- Environment.Exit(1)
- End If
- Next
-
- ' Try session resumption?
- If reconnect > 0 Then
- While reconnect > 0
- reconnect -= 1
- ssl = ssl_ctx.Connect(client_sock, session_id)
-
- res = ssl.HandshakeStatus()
- If res <> axtls.SSL_OK Then
- If Not quiet Then
- SSLUtil.DisplayError(res)
- End If
-
- ssl.Dispose()
- Environment.Exit(1)
- End If
-
- display_session_id(ssl)
- session_id = ssl.GetSessionId()
-
- If reconnect > 0 Then
- ssl.Dispose()
- client_sock.Close()
-
- ' and reconnect
- client_sock = New Socket(AddressFamily.InterNetwork, _
- SocketType.Stream, ProtocolType.Tcp)
- client_sock.Connect(ep)
- End If
- End While
- Else
- ssl = ssl_ctx.Connect(client_sock, Nothing)
- End If
-
- ' check the return status
- res = ssl.HandshakeStatus()
- If res <> axtls.SSL_OK Then
- If Not quiet Then
- SSLUtil.DisplayError(res)
- End If
-
- Environment.Exit(1)
- End If
-
- If Not quiet Then
- Dim common_name As String = _
- ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME)
-
- If common_name <> Nothing
- Console.WriteLine("Common Name:" & _
- ControlChars.Tab & ControlChars.Tab & _
- ControlChars.Tab & common_name)
- End If
-
- display_session_id(ssl)
- display_cipher(ssl)
- End If
-
- While (1)
- Dim user_input As String = Console.ReadLine()
-
- If user_input = Nothing Then
- Exit While
- End If
-
- Dim buf(user_input.Length+1) As Byte
- buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return
- buf(buf.Length-1) = 0 ' null terminate
-
- For i = 0 To user_input.Length-1
- buf(i) = Asc(user_input.Chars(i))
- Next
-
- res = ssl_ctx.Write(ssl, buf, buf.Length)
- If res < axtls.SSL_OK Then
- If Not quiet Then
- SSLUtil.DisplayError(res)
- End If
-
- Exit While
- End If
- End While
-
- ssl_ctx.Dispose()
- End Sub
-
- '
- ' Display what cipher we are using
- '
- Private Sub display_cipher(ByVal ssl As SSL)
- Console.Write("CIPHER is ")
-
- Select ssl.GetCipherId()
- Case axtls.SSL_AES128_SHA
- Console.WriteLine("AES128-SHA")
-
- Case axtls.SSL_AES256_SHA
- Console.WriteLine("AES256-SHA")
-
- Case axtls.SSL_RC4_128_SHA
- Console.WriteLine("RC4-SHA")
-
- Case axtls.SSL_RC4_128_MD5
- Console.WriteLine("RC4-MD5")
-
- Case Else
- Console.WriteLine("Unknown - " & ssl.GetCipherId())
- End Select
- End Sub
-
- '
- ' Display what session id we have.
- '
- Private Sub display_session_id(ByVal ssl As SSL)
- Dim session_id As Byte() = ssl.GetSessionId()
-
- If session_id.Length > 0 Then
- Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
- Dim b As Byte
- For Each b In session_id
- Console.Write("{0:x02}", b)
- Next
-
- Console.WriteLine()
- Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
- End If
- End Sub
-
- '
- ' We've had some sort of command-line error. Print out the basic options.
- '
- Public Sub print_options(ByVal options As String)
- Console.WriteLine("axssl: Error: '" & options & _
- "' is an invalid command.")
- Console.WriteLine("usage: axssl.vbnet [s_server|s_client|" & _
- "version] [args ...]")
- Environment.Exit(1)
- End Sub
-
- '
- ' We've had some sort of command-line error. Print out the server options.
- '
- Private Sub print_server_options(ByVal build_mode As Integer, _
- ByVal options As String)
- Dim cert_size As Integer = SSLUtil.MaxCerts()
- Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
-
- Console.WriteLine("unknown option " & options)
- Console.WriteLine("usage: s_server [args ...]")
- Console.WriteLine(" -accept arg" & ControlChars.Tab & _
- "- port to accept on (default is 4433)")
- Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _
- "- No server output")
- If build_mode >= axtls.SSL_BUILD_SERVER_ONLY
- Console.WriteLine(" -cert arg" & ControlChars.Tab & _
- "- certificate file to add (in addition to default) to chain -")
- Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
- " Can repeat up to " & cert_size & " times")
- Console.WriteLine(" -key arg" & ControlChars.Tab & _
- "- Private key file to use")
- Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _
- "- private key file pass phrase source")
- End If
-
- If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
- Console.WriteLine(" -verify" & ControlChars.Tab & _
- "- turn on peer certificate verification")
- Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
- "- Certificate authority")
- Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
- " Can repeat up to " & ca_cert_size & " times")
- End If
-
- If build_mode = axtls.SSL_BUILD_FULL_MODE
- Console.WriteLine(" -debug" & _
- ControlChars.Tab & ControlChars.Tab & _
- "- Print more output")
- Console.WriteLine(" -state" & _
- ControlChars.Tab & ControlChars.Tab & _
- "- Show state messages")
- Console.WriteLine(" -show-rsa" & _
- ControlChars.Tab & "- Show RSA state")
- End If
-
- Environment.Exit(1)
- End Sub
-
- '
- ' We've had some sort of command-line error. Print out the client options.
- '
- Private Sub print_client_options(ByVal build_mode As Integer, _
- ByVal options As String)
- Dim cert_size As Integer = SSLUtil.MaxCerts()
- Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
-
- Console.WriteLine("unknown option " & options)
-
- If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then
- Console.WriteLine("usage: s_client [args ...]")
- Console.WriteLine(" -connect host:port - who to connect to " & _
- "(default is localhost:4433)")
- Console.WriteLine(" -verify" & ControlChars.Tab & _
- "- turn on peer certificate verification")
- Console.WriteLine(" -cert arg" & ControlChars.Tab & _
- "- certificate file to use")
- Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
- " Can repeat up to " & cert_size & " times")
- Console.WriteLine(" -key arg" & ControlChars.Tab & _
- "- Private key file to use")
- Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
- "- Certificate authority")
- Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
- " Can repeat up to " & ca_cert_size & " times")
- Console.WriteLine(" -quiet" & _
- ControlChars.Tab & ControlChars.Tab & "- No client output")
- Console.WriteLine(" -pass" & ControlChars.Tab & _
- ControlChars.Tab & _
- "- private key file pass phrase source")
- Console.WriteLine(" -reconnect" & ControlChars.Tab & _
- "- Drop and re-make the " & _
- "connection with the same Session-ID")
-
- If build_mode = axtls.SSL_BUILD_FULL_MODE Then
- Console.WriteLine(" -debug" & _
- ControlChars.Tab & ControlChars.Tab & _
- "- Print more output")
- Console.WriteLine(" -state" & _
- ControlChars.Tab & ControlChars.Tab & _
- "- Show state messages")
- Console.WriteLine(" -show-rsa" & ControlChars.Tab & _
- "- Show RSA state")
- End If
- Else
- Console.WriteLine("Change configuration to allow this feature")
- End If
-
- Environment.Exit(1)
- End Sub
-
-End Class
-
-Public Module MyMain
- Function Main(ByVal args() As String) As Integer
- Dim runner As axssl = New axssl()
-
- If args.Length = 1 And args(0) = "version" Then
- Console.WriteLine("axssl.vbnet " & SSLUtil.Version())
- Environment.Exit(0)
- End If
-
- If args.Length < 1
- runner.print_options("")
- ElseIf args(0) <> "s_server" And args(0) <> "s_client"
- runner.print_options(args(0))
- End If
-
- Dim build_mode As Integer = SSLUtil.BuildMode()
-
- If args(0) = "s_server" Then
- runner.do_server(build_mode, args)
- Else
- runner.do_client(build_mode, args)
- End If
- End Function
-End Module