From 1bb4822dca6113f73e3bc89e2acf15935e6f8e92 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Wed, 3 Dec 2014 15:17:05 +0100 Subject: Rework LuCI build system * Rename subdirectories to their repective OpenWrt package names * Make each LuCI module its own standalone package * Deploy a shared luci.mk which is used by each module Makefile Signed-off-by: Jo-Philipp Wich --- libs/nixio/axTLS/samples/Config.in | 63 --- libs/nixio/axTLS/samples/Makefile | 62 --- libs/nixio/axTLS/samples/c/Makefile | 76 --- libs/nixio/axTLS/samples/c/axssl.c | 883 ------------------------------ libs/nixio/axTLS/samples/csharp/Makefile | 48 -- libs/nixio/axTLS/samples/csharp/axssl.cs | 758 ------------------------- libs/nixio/axTLS/samples/java/Makefile | 51 -- libs/nixio/axTLS/samples/java/axssl.java | 760 ------------------------- libs/nixio/axTLS/samples/java/manifest.mf | 1 - libs/nixio/axTLS/samples/lua/Makefile | 43 -- libs/nixio/axTLS/samples/lua/axssl.lua | 562 ------------------- libs/nixio/axTLS/samples/perl/Makefile | 43 -- libs/nixio/axTLS/samples/perl/axssl.pl | 634 --------------------- libs/nixio/axTLS/samples/vbnet/Makefile | 48 -- libs/nixio/axTLS/samples/vbnet/axssl.vb | 702 ------------------------ 15 files changed, 4734 deletions(-) delete mode 100644 libs/nixio/axTLS/samples/Config.in delete mode 100644 libs/nixio/axTLS/samples/Makefile delete mode 100644 libs/nixio/axTLS/samples/c/Makefile delete mode 100644 libs/nixio/axTLS/samples/c/axssl.c delete mode 100644 libs/nixio/axTLS/samples/csharp/Makefile delete mode 100644 libs/nixio/axTLS/samples/csharp/axssl.cs delete mode 100644 libs/nixio/axTLS/samples/java/Makefile delete mode 100644 libs/nixio/axTLS/samples/java/axssl.java delete mode 100644 libs/nixio/axTLS/samples/java/manifest.mf delete mode 100644 libs/nixio/axTLS/samples/lua/Makefile delete mode 100755 libs/nixio/axTLS/samples/lua/axssl.lua delete mode 100644 libs/nixio/axTLS/samples/perl/Makefile delete mode 100755 libs/nixio/axTLS/samples/perl/axssl.pl delete mode 100644 libs/nixio/axTLS/samples/vbnet/Makefile delete mode 100644 libs/nixio/axTLS/samples/vbnet/axssl.vb (limited to 'libs/nixio/axTLS/samples') diff --git a/libs/nixio/axTLS/samples/Config.in b/libs/nixio/axTLS/samples/Config.in deleted file mode 100644 index ecad25eeb7..0000000000 --- a/libs/nixio/axTLS/samples/Config.in +++ /dev/null @@ -1,63 +0,0 @@ -# -# For a description of the syntax of this configuration file, -# see scripts/config/Kconfig-language.txt -# -menu "Samples" - -config CONFIG_SAMPLES - bool "Create Samples" - default y - help - axTLS contains various sample code. - - Select Y here if you want to build the various samples. - -config CONFIG_C_SAMPLES - bool "axssl - C version" - default y - depends on CONFIG_SAMPLES - help - Build the "C" version of axssl. The features enabled are very - dependent on the build mode ('full' mode will give all features). - -config CONFIG_CSHARP_SAMPLES - bool "axssl - C# version" - default y - depends on CONFIG_SAMPLES && CONFIG_CSHARP_BINDINGS - help - Build the "C#" version of axssl. The features enabled are very - dependent on the build mode ('full' mode will give all features). - -config CONFIG_VBNET_SAMPLES - bool "axssl - VB.NET version" - default y - depends on CONFIG_SAMPLES && CONFIG_VBNET_BINDINGS - help - Build the "VB.NET" version of axssl. The features enabled are very - dependent on the build mode ('full' mode will give all features). - -config CONFIG_JAVA_SAMPLES - bool "axssl - Java version" - default y - depends on CONFIG_SAMPLES && CONFIG_JAVA_BINDINGS - help - Build the "Java" version of axssl. The features enabled are very - dependent on the build mode ('full' mode will give all features). - -config CONFIG_PERL_SAMPLES - bool "axssl - Perl version" - default y - depends on CONFIG_SAMPLES && CONFIG_PERL_BINDINGS - help - Build the "Perl" version of axssl. The features enabled are very - dependent on the build mode ('full' mode will give all features). - -config CONFIG_LUA_SAMPLES - bool "axssl - Lua version" - default y - depends on CONFIG_SAMPLES && CONFIG_LUA_BINDINGS - help - Build the "Lua" version of axssl. The features enabled are very - dependent on the build mode ('full' mode will give all features). -endmenu - diff --git a/libs/nixio/axTLS/samples/Makefile b/libs/nixio/axTLS/samples/Makefile deleted file mode 100644 index afbdd43d1b..0000000000 --- a/libs/nixio/axTLS/samples/Makefile +++ /dev/null @@ -1,62 +0,0 @@ -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -all: - -include ../config/.config -include ../config/makefile.conf - -all: -ifdef CONFIG_C_SAMPLES - $(MAKE) -C c -endif -ifdef CONFIG_CSHARP_SAMPLES - $(MAKE) -C csharp -endif -ifdef CONFIG_VBNET_SAMPLES - $(MAKE) -C vbnet -endif -ifdef CONFIG_JAVA_SAMPLES - $(MAKE) -C java -endif -ifdef CONFIG_PERL_SAMPLES - $(MAKE) -C perl -endif -ifdef CONFIG_LUA_SAMPLES - $(MAKE) -C lua -endif - -clean:: - $(MAKE) -C c clean - $(MAKE) -C csharp clean - $(MAKE) -C vbnet clean - $(MAKE) -C java clean - $(MAKE) -C perl clean - $(MAKE) -C lua clean diff --git a/libs/nixio/axTLS/samples/c/Makefile b/libs/nixio/axTLS/samples/c/Makefile deleted file mode 100644 index 17cf9e7c12..0000000000 --- a/libs/nixio/axTLS/samples/c/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -all : sample - -AXTLS_HOME=../.. - -include $(AXTLS_HOME)/config/.config -include $(AXTLS_HOME)/config/makefile.conf - -ifndef CONFIG_PLATFORM_WIN32 - -ifdef CONFIG_PLATFORM_CYGWIN -TARGET=$(AXTLS_HOME)/$(STAGE)/axssl.exe -else -TARGET=$(AXTLS_HOME)/$(STAGE)/axssl -endif # cygwin - -LIBS=$(AXTLS_HOME)/$(STAGE) -else -TARGET=$(AXTLS_HOME)/$(STAGE)/axssl.exe -endif - -ifndef CONFIG_C_SAMPLES -sample: - -else -sample : $(TARGET) -OBJ= axssl.o -include $(AXTLS_HOME)/config/makefile.post - -ifndef CONFIG_PLATFORM_WIN32 - -$(TARGET): $(OBJ) $(LIBS)/libaxtls.a - $(LD) $(LDFLAGS) -o $@ $(OBJ) -L$(LIBS) -laxtls -ifdef CONFIG_STRIP_UNWANTED_SECTIONS - $(STRIP) --remove-section=.comment $(TARGET) -endif # use strip -else # Win32 - -$(TARGET): $(OBJ) - $(LD) $(LDFLAGS) $(AXTLS_HOME)/config/axtls.res /out:$@ $^ /libpath:"$(AXTLS_HOME)/$(STAGE)" axtls.lib -endif - -endif # CONFIG_C_SAMPLES - -clean:: - -@rm -f $(AXTLS_HOME)/$(STAGE)/axssl* - diff --git a/libs/nixio/axTLS/samples/c/axssl.c b/libs/nixio/axTLS/samples/c/axssl.c deleted file mode 100644 index 6892ee452b..0000000000 --- a/libs/nixio/axTLS/samples/c/axssl.c +++ /dev/null @@ -1,883 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * Demonstrate the use of the axTLS library in C with a set of - * command-line parameters similar to openssl. In fact, openssl clients - * should be able to communicate with axTLS servers and visa-versa. - * - * This code has various bits enabled depending on the configuration. To enable - * the most interesting version, compile with the 'full mode' enabled. - * - * To see what options you have, run the following: - * > axssl s_server -? - * > axssl s_client -? - * - * The axtls shared library must be in the same directory or be found - * by the OS. - */ -#include -#include -#include -#include "ssl.h" - -/* define standard input */ -#ifndef STDIN_FILENO -#define STDIN_FILENO 0 -#endif - -static void do_server(int argc, char *argv[]); -static void print_options(char *option); -static void print_server_options(char *option); -static void do_client(int argc, char *argv[]); -static void print_client_options(char *option); -static void display_cipher(SSL *ssl); -static void display_session_id(SSL *ssl); - -/** - * Main entry point. Doesn't do much except works out whether we are a client - * or a server. - */ -int main(int argc, char *argv[]) -{ -#ifdef WIN32 - WSADATA wsaData; - WORD wVersionRequested = MAKEWORD(2, 2); - WSAStartup(wVersionRequested, &wsaData); -#elif !defined(CONFIG_PLATFORM_SOLARIS) - signal(SIGPIPE, SIG_IGN); /* ignore pipe errors */ -#endif - - if (argc == 2 && strcmp(argv[1], "version") == 0) - { - printf("axssl %s %s\n", ssl_version(), __DATE__); - exit(0); - } - - if (argc < 2 || ( - strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client"))) - print_options(argc > 1 ? argv[1] : ""); - - strcmp(argv[1], "s_server") ? - do_client(argc, argv) : do_server(argc, argv); - return 0; -} - -/** - * Implement the SSL server logic. - */ -static void do_server(int argc, char *argv[]) -{ - int i = 2; - uint16_t port = 4433; - uint32_t options = SSL_DISPLAY_CERTS; - int client_fd; - SSL_CTX *ssl_ctx; - int server_fd, res = 0; - socklen_t client_len; -#ifndef CONFIG_SSL_SKELETON_MODE - char *private_key_file = NULL; - const char *password = NULL; - char **cert; - int cert_index = 0; - int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET); -#endif -#ifdef WIN32 - char yes = 1; -#else - int yes = 1; -#endif - struct sockaddr_in serv_addr; - struct sockaddr_in client_addr; - int quiet = 0; -#ifdef CONFIG_SSL_CERT_VERIFICATION - int ca_cert_index = 0; - int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET); - char **ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size); -#endif - fd_set read_set; - -#ifndef CONFIG_SSL_SKELETON_MODE - cert = (char **)calloc(1, sizeof(char *)*cert_size); -#endif - - while (i < argc) - { - if (strcmp(argv[i], "-accept") == 0) - { - if (i >= argc-1) - { - print_server_options(argv[i]); - } - - port = atoi(argv[++i]); - } -#ifndef CONFIG_SSL_SKELETON_MODE - else if (strcmp(argv[i], "-cert") == 0) - { - if (i >= argc-1 || cert_index >= cert_size) - { - print_server_options(argv[i]); - } - - cert[cert_index++] = argv[++i]; - } - else if (strcmp(argv[i], "-key") == 0) - { - if (i >= argc-1) - { - print_server_options(argv[i]); - } - - private_key_file = argv[++i]; - options |= SSL_NO_DEFAULT_KEY; - } - else if (strcmp(argv[i], "-pass") == 0) - { - if (i >= argc-1) - { - print_server_options(argv[i]); - } - - password = argv[++i]; - } -#endif - else if (strcmp(argv[i], "-quiet") == 0) - { - quiet = 1; - options &= ~SSL_DISPLAY_CERTS; - } -#ifdef CONFIG_SSL_CERT_VERIFICATION - else if (strcmp(argv[i], "-verify") == 0) - { - options |= SSL_CLIENT_AUTHENTICATION; - } - else if (strcmp(argv[i], "-CAfile") == 0) - { - if (i >= argc-1 || ca_cert_index >= ca_cert_size) - { - print_server_options(argv[i]); - } - - ca_cert[ca_cert_index++] = argv[++i]; - } -#endif -#ifdef CONFIG_SSL_FULL_MODE - else if (strcmp(argv[i], "-debug") == 0) - { - options |= SSL_DISPLAY_BYTES; - } - else if (strcmp(argv[i], "-state") == 0) - { - options |= SSL_DISPLAY_STATES; - } - else if (strcmp(argv[i], "-show-rsa") == 0) - { - options |= SSL_DISPLAY_RSA; - } -#endif - else /* don't know what this is */ - { - print_server_options(argv[i]); - } - - i++; - } - - if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL) - { - fprintf(stderr, "Error: Server context is invalid\n"); - exit(1); - } - -#ifndef CONFIG_SSL_SKELETON_MODE - if (private_key_file) - { - int obj_type = SSL_OBJ_RSA_KEY; - - /* auto-detect the key type from the file extension */ - if (strstr(private_key_file, ".p8")) - obj_type = SSL_OBJ_PKCS8; - else if (strstr(private_key_file, ".p12")) - obj_type = SSL_OBJ_PKCS12; - - if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password)) - { - fprintf(stderr, "Error: Private key '%s' is undefined.\n", - private_key_file); - exit(1); - } - } - - for (i = 0; i < cert_index; i++) - { - if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL)) - { - printf("Certificate '%s' is undefined.\n", cert[i]); - exit(1); - } - } -#endif - -#ifdef CONFIG_SSL_CERT_VERIFICATION - for (i = 0; i < ca_cert_index; i++) - { - if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL)) - { - printf("Certificate '%s' is undefined.\n", ca_cert[i]); - exit(1); - } - } - - free(ca_cert); -#endif -#ifndef CONFIG_SSL_SKELETON_MODE - free(cert); -#endif - - /* Create socket for incoming connections */ - if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) - { - perror("socket"); - return; - } - - setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)); - - /* Construct local address structure */ - memset(&serv_addr, 0, sizeof(serv_addr)); /* Zero out structure */ - serv_addr.sin_family = AF_INET; /* Internet address family */ - serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */ - serv_addr.sin_port = htons(port); /* Local port */ - - /* Bind to the local address */ - if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) - { - perror("bind"); - exit(1); - } - - if (listen(server_fd, 5) < 0) - { - perror("listen"); - exit(1); - } - - client_len = sizeof(client_addr); - - /************************************************************************* - * This is where the interesting stuff happens. Up until now we've - * just been setting up sockets etc. Now we do the SSL handshake. - *************************************************************************/ - for (;;) - { - SSL *ssl; - int reconnected = 0; - - if (!quiet) - { - printf("ACCEPT\n"); - TTY_FLUSH(); - } - - if ((client_fd = accept(server_fd, - (struct sockaddr *)&client_addr, &client_len)) < 0) - { - res = 1; - break; - } - - ssl = ssl_server_new(ssl_ctx, client_fd); - - /* now read (and display) whatever the client sends us */ - for (;;) - { - /* allow parallel reading of client and standard input */ - FD_ZERO(&read_set); - FD_SET(client_fd, &read_set); - -#ifndef WIN32 - /* win32 doesn't like mixing up stdin and sockets */ - if (isatty(STDIN_FILENO))/* but only if we are in an active shell */ - { - FD_SET(STDIN_FILENO, &read_set); - } - - if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0) - { - uint8_t buf[1024]; - - /* read standard input? */ - if (FD_ISSET(STDIN_FILENO, &read_set)) - { - if (fgets((char *)buf, sizeof(buf), stdin) == NULL) - { - res = SSL_ERROR_CONN_LOST; - } - else - { - /* small hack to check renegotiation */ - if (buf[0] == 'r' && (buf[1] == '\n' || buf[1] == '\r')) - { - res = ssl_renegotiate(ssl); - } - else /* write our ramblings to the client */ - { - res = ssl_write(ssl, buf, strlen((char *)buf)+1); - } - } - } - else /* a socket read */ -#endif - { - /* keep reading until we get something interesting */ - uint8_t *read_buf; - - if ((res = ssl_read(ssl, &read_buf)) == SSL_OK) - { - /* are we in the middle of doing a handshake? */ - if (ssl_handshake_status(ssl) != SSL_OK) - { - reconnected = 0; - } - else if (!reconnected) - { - /* we are connected/reconnected */ - if (!quiet) - { - display_session_id(ssl); - display_cipher(ssl); - } - - reconnected = 1; - } - } - - if (res > SSL_OK) /* display our interesting output */ - { - printf("%s", read_buf); - TTY_FLUSH(); - } - else if (res < SSL_OK && !quiet) - { - ssl_display_error(res); - } - } -#ifndef WIN32 - } -#endif - - if (res < SSL_OK) - { - if (!quiet) - { - printf("CONNECTION CLOSED\n"); - TTY_FLUSH(); - } - - break; - } - } - - /* client was disconnected or the handshake failed. */ - ssl_free(ssl); - SOCKET_CLOSE(client_fd); - } - - ssl_ctx_free(ssl_ctx); -} - -/** - * Implement the SSL client logic. - */ -static void do_client(int argc, char *argv[]) -{ -#ifdef CONFIG_SSL_ENABLE_CLIENT - int res, i = 2; - uint16_t port = 4433; - uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS; - int client_fd; - char *private_key_file = NULL; - struct sockaddr_in client_addr; - struct hostent *hostent; - int reconnect = 0; - uint32_t sin_addr; - SSL_CTX *ssl_ctx; - SSL *ssl = NULL; - int quiet = 0; - int cert_index = 0, ca_cert_index = 0; - int cert_size, ca_cert_size; - char **ca_cert, **cert; - uint8_t session_id[SSL_SESSION_ID_SIZE]; - fd_set read_set; - const char *password = NULL; - - FD_ZERO(&read_set); - sin_addr = inet_addr("127.0.0.1"); - cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET); - ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET); - ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size); - cert = (char **)calloc(1, sizeof(char *)*cert_size); - - while (i < argc) - { - if (strcmp(argv[i], "-connect") == 0) - { - char *host, *ptr; - - if (i >= argc-1) - { - print_client_options(argv[i]); - } - - host = argv[++i]; - if ((ptr = strchr(host, ':')) == NULL) - { - print_client_options(argv[i]); - } - - *ptr++ = 0; - port = atoi(ptr); - hostent = gethostbyname(host); - - if (hostent == NULL) - { - print_client_options(argv[i]); - } - - sin_addr = *((uint32_t **)hostent->h_addr_list)[0]; - } - else if (strcmp(argv[i], "-cert") == 0) - { - if (i >= argc-1 || cert_index >= cert_size) - { - print_client_options(argv[i]); - } - - cert[cert_index++] = argv[++i]; - } - else if (strcmp(argv[i], "-key") == 0) - { - if (i >= argc-1) - { - print_client_options(argv[i]); - } - - private_key_file = argv[++i]; - options |= SSL_NO_DEFAULT_KEY; - } - else if (strcmp(argv[i], "-CAfile") == 0) - { - if (i >= argc-1 || ca_cert_index >= ca_cert_size) - { - print_client_options(argv[i]); - } - - ca_cert[ca_cert_index++] = argv[++i]; - } - else if (strcmp(argv[i], "-verify") == 0) - { - options &= ~SSL_SERVER_VERIFY_LATER; - } - else if (strcmp(argv[i], "-reconnect") == 0) - { - reconnect = 4; - } - else if (strcmp(argv[i], "-quiet") == 0) - { - quiet = 1; - options &= ~SSL_DISPLAY_CERTS; - } - else if (strcmp(argv[i], "-pass") == 0) - { - if (i >= argc-1) - { - print_client_options(argv[i]); - } - - password = argv[++i]; - } -#ifdef CONFIG_SSL_FULL_MODE - else if (strcmp(argv[i], "-debug") == 0) - { - options |= SSL_DISPLAY_BYTES; - } - else if (strcmp(argv[i], "-state") == 0) - { - options |= SSL_DISPLAY_STATES; - } - else if (strcmp(argv[i], "-show-rsa") == 0) - { - options |= SSL_DISPLAY_RSA; - } -#endif - else /* don't know what this is */ - { - print_client_options(argv[i]); - } - - i++; - } - - if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL) - { - fprintf(stderr, "Error: Client context is invalid\n"); - exit(1); - } - - if (private_key_file) - { - int obj_type = SSL_OBJ_RSA_KEY; - - /* auto-detect the key type from the file extension */ - if (strstr(private_key_file, ".p8")) - obj_type = SSL_OBJ_PKCS8; - else if (strstr(private_key_file, ".p12")) - obj_type = SSL_OBJ_PKCS12; - - if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password)) - { - fprintf(stderr, "Error: Private key '%s' is undefined.\n", - private_key_file); - exit(1); - } - } - - for (i = 0; i < cert_index; i++) - { - if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL)) - { - printf("Certificate '%s' is undefined.\n", cert[i]); - exit(1); - } - } - - for (i = 0; i < ca_cert_index; i++) - { - if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL)) - { - printf("Certificate '%s' is undefined.\n", ca_cert[i]); - exit(1); - } - } - - free(cert); - free(ca_cert); - - /************************************************************************* - * This is where the interesting stuff happens. Up until now we've - * just been setting up sockets etc. Now we do the SSL handshake. - *************************************************************************/ - client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - memset(&client_addr, 0, sizeof(client_addr)); - client_addr.sin_family = AF_INET; - client_addr.sin_port = htons(port); - client_addr.sin_addr.s_addr = sin_addr; - - if (connect(client_fd, (struct sockaddr *)&client_addr, - sizeof(client_addr)) < 0) - { - perror("connect"); - exit(1); - } - - if (!quiet) - { - printf("CONNECTED\n"); - TTY_FLUSH(); - } - - /* Try session resumption? */ - if (reconnect) - { - while (reconnect--) - { - ssl = ssl_client_new(ssl_ctx, client_fd, session_id, - sizeof(session_id)); - if ((res = ssl_handshake_status(ssl)) != SSL_OK) - { - if (!quiet) - { - ssl_display_error(res); - } - - ssl_free(ssl); - exit(1); - } - - display_session_id(ssl); - memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE); - - if (reconnect) - { - ssl_free(ssl); - SOCKET_CLOSE(client_fd); - - client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - connect(client_fd, (struct sockaddr *)&client_addr, - sizeof(client_addr)); - } - } - } - else - { - ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0); - } - - /* check the return status */ - if ((res = ssl_handshake_status(ssl)) != SSL_OK) - { - if (!quiet) - { - ssl_display_error(res); - } - - exit(1); - } - - if (!quiet) - { - const char *common_name = ssl_get_cert_dn(ssl, - SSL_X509_CERT_COMMON_NAME); - if (common_name) - { - printf("Common Name:\t\t\t%s\n", common_name); - } - - display_session_id(ssl); - display_cipher(ssl); - } - - for (;;) - { - uint8_t buf[1024]; - res = SSL_OK; - - /* allow parallel reading of server and standard input */ - FD_SET(client_fd, &read_set); -#ifndef WIN32 - /* win32 doesn't like mixing up stdin and sockets */ - FD_SET(STDIN_FILENO, &read_set); - - if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0) - { - /* read standard input? */ - if (FD_ISSET(STDIN_FILENO, &read_set)) -#endif - { - if (fgets((char *)buf, sizeof(buf), stdin) == NULL) - { - /* bomb out of here */ - ssl_free(ssl); - break; - } - else - { - /* small hack to check renegotiation */ - if (buf[0] == 'R' && (buf[1] == '\n' || buf[1] == '\r')) - { - res = ssl_renegotiate(ssl); - } - else - { - res = ssl_write(ssl, buf, strlen((char *)buf)+1); - } - } - } -#ifndef WIN32 - else /* a socket read */ - { - uint8_t *read_buf; - - res = ssl_read(ssl, &read_buf); - - if (res > 0) /* display our interesting output */ - { - printf("%s", read_buf); - TTY_FLUSH(); - } - } - } -#endif - - if (res < 0) - { - if (!quiet) - { - ssl_display_error(res); - } - - break; /* get outta here */ - } - } - - ssl_ctx_free(ssl_ctx); - SOCKET_CLOSE(client_fd); -#else - print_client_options(argv[1]); -#endif -} - -/** - * We've had some sort of command-line error. Print out the basic options. - */ -static void print_options(char *option) -{ - printf("axssl: Error: '%s' is an invalid command.\n", option); - printf("usage: axssl [s_server|s_client|version] [args ...]\n"); - exit(1); -} - -/** - * We've had some sort of command-line error. Print out the server options. - */ -static void print_server_options(char *option) -{ -#ifndef CONFIG_SSL_SKELETON_MODE - int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET); -#endif -#ifdef CONFIG_SSL_CERT_VERIFICATION - int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET); -#endif - - printf("unknown option %s\n", option); - printf("usage: s_server [args ...]\n"); - printf(" -accept arg\t- port to accept on (default is 4433)\n"); -#ifndef CONFIG_SSL_SKELETON_MODE - printf(" -cert arg\t- certificate file to add (in addition to default)" - " to chain -\n" - "\t\t Can repeat up to %d times\n", cert_size); - printf(" -key arg\t- Private key file to use\n"); - printf(" -pass\t\t- private key file pass phrase source\n"); -#endif - printf(" -quiet\t\t- No server output\n"); -#ifdef CONFIG_SSL_CERT_VERIFICATION - printf(" -verify\t- turn on peer certificate verification\n"); - printf(" -CAfile arg\t- Certificate authority\n"); - printf("\t\t Can repeat up to %d times\n", ca_cert_size); -#endif -#ifdef CONFIG_SSL_FULL_MODE - printf(" -debug\t\t- Print more output\n"); - printf(" -state\t\t- Show state messages\n"); - printf(" -show-rsa\t- Show RSA state\n"); -#endif - exit(1); -} - -/** - * We've had some sort of command-line error. Print out the client options. - */ -static void print_client_options(char *option) -{ -#ifdef CONFIG_SSL_ENABLE_CLIENT - int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET); - int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET); -#endif - - printf("unknown option %s\n", option); -#ifdef CONFIG_SSL_ENABLE_CLIENT - printf("usage: s_client [args ...]\n"); - printf(" -connect host:port - who to connect to (default " - "is localhost:4433)\n"); - printf(" -verify\t- turn on peer certificate verification\n"); - printf(" -cert arg\t- certificate file to use\n"); - printf("\t\t Can repeat up to %d times\n", cert_size); - printf(" -key arg\t- Private key file to use\n"); - printf(" -CAfile arg\t- Certificate authority\n"); - printf("\t\t Can repeat up to %d times\n", ca_cert_size); - printf(" -quiet\t\t- No client output\n"); - printf(" -reconnect\t- Drop and re-make the connection " - "with the same Session-ID\n"); - printf(" -pass\t\t- private key file pass phrase source\n"); -#ifdef CONFIG_SSL_FULL_MODE - printf(" -debug\t\t- Print more output\n"); - printf(" -state\t\t- Show state messages\n"); - printf(" -show-rsa\t- Show RSA state\n"); -#endif -#else - printf("Change configuration to allow this feature\n"); -#endif - exit(1); -} - -/** - * Display what cipher we are using - */ -static void display_cipher(SSL *ssl) -{ - printf("CIPHER is "); - switch (ssl_get_cipher_id(ssl)) - { - case SSL_AES128_SHA: - printf("AES128-SHA"); - break; - - case SSL_AES256_SHA: - printf("AES256-SHA"); - break; - - case SSL_RC4_128_SHA: - printf("RC4-SHA"); - break; - - case SSL_RC4_128_MD5: - printf("RC4-MD5"); - break; - - default: - printf("Unknown - %d", ssl_get_cipher_id(ssl)); - break; - } - - printf("\n"); - TTY_FLUSH(); -} - -/** - * Display what session id we have. - */ -static void display_session_id(SSL *ssl) -{ - int i; - const uint8_t *session_id = ssl_get_session_id(ssl); - int sess_id_size = ssl_get_session_id_size(ssl); - - if (sess_id_size > 0) - { - printf("-----BEGIN SSL SESSION PARAMETERS-----\n"); - for (i = 0; i < sess_id_size; i++) - { - printf("%02x", session_id[i]); - } - - printf("\n-----END SSL SESSION PARAMETERS-----\n"); - TTY_FLUSH(); - } -} diff --git a/libs/nixio/axTLS/samples/csharp/Makefile b/libs/nixio/axTLS/samples/csharp/Makefile deleted file mode 100644 index 46c2421dce..0000000000 --- a/libs/nixio/axTLS/samples/csharp/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -include ../../config/.config -include ../../config/makefile.conf -include ../../config/makefile.dotnet.conf - -all : sample -TARGET=../../$(STAGE)/axssl.csharp.exe -sample : $(TARGET) - -$(TARGET): ../../bindings/csharp/axTLS.cs ../../bindings/csharp/axInterface.cs axssl.cs -ifdef GO_DOT_NET - csc.exe /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`") -else # use mono to build - mcs -out:$@ $^ - -endif # ARCH - -clean:: - -@rm -f $(TARGET) diff --git a/libs/nixio/axTLS/samples/csharp/axssl.cs b/libs/nixio/axTLS/samples/csharp/axssl.cs deleted file mode 100644 index dae2b8a41f..0000000000 --- a/libs/nixio/axTLS/samples/csharp/axssl.cs +++ /dev/null @@ -1,758 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * Demonstrate the use of the axTLS library in C# with a set of - * command-line parameters similar to openssl. In fact, openssl clients - * should be able to communicate with axTLS servers and visa-versa. - * - * This code has various bits enabled depending on the configuration. To enable - * the most interesting version, compile with the 'full mode' enabled. - * - * To see what options you have, run the following: - * > axssl.csharp.exe s_server -? - * > axssl.csharp.exe s_client -? - * - * The axtls shared library must be in the same directory or be found - * by the OS. - */ - -using System; -using System.Net; -using System.Net.Sockets; -using axTLS; - -public class axssl -{ - /* - * Main() - */ - public static void Main(string[] args) - { - if (args.Length == 1 && args[0] == "version") - { - Console.WriteLine("axssl.csharp " + SSLUtil.Version()); - Environment.Exit(0); - } - - axssl runner = new axssl(); - - if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client")) - runner.print_options(args.Length > 0 ? args[0] : ""); - - int build_mode = SSLUtil.BuildMode(); - - if (args[0] == "s_server") - runner.do_server(build_mode, args); - else - runner.do_client(build_mode, args); - } - - /* - * do_server() - */ - private void do_server(int build_mode, string[] args) - { - int i = 1; - int port = 4433; - uint options = axtls.SSL_DISPLAY_CERTS; - bool quiet = false; - string password = null; - string private_key_file = null; - - /* organise the cert/ca_cert lists */ - int cert_size = SSLUtil.MaxCerts(); - int ca_cert_size = SSLUtil.MaxCACerts(); - string[] cert = new string[cert_size]; - string[] ca_cert = new string[ca_cert_size]; - int cert_index = 0; - int ca_cert_index = 0; - - while (i < args.Length) - { - if (args[i] == "-accept") - { - if (i >= args.Length-1) - { - print_server_options(build_mode, args[i]); - } - - port = Int32.Parse(args[++i]); - } - else if (args[i] == "-quiet") - { - quiet = true; - options &= ~(uint)axtls.SSL_DISPLAY_CERTS; - } - else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY) - { - if (args[i] == "-cert") - { - if (i >= args.Length-1 || cert_index >= cert_size) - { - print_server_options(build_mode, args[i]); - } - - cert[cert_index++] = args[++i]; - } - else if (args[i] == "-key") - { - if (i >= args.Length-1) - { - print_server_options(build_mode, args[i]); - } - - private_key_file = args[++i]; - options |= axtls.SSL_NO_DEFAULT_KEY; - } - else if (args[i] == "-pass") - { - if (i >= args.Length-1) - { - print_server_options(build_mode, args[i]); - } - - password = args[++i]; - } - else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION) - { - if (args[i] == "-verify") - { - options |= axtls.SSL_CLIENT_AUTHENTICATION; - } - else if (args[i] == "-CAfile") - { - if (i >= args.Length-1 || ca_cert_index >= ca_cert_size) - { - print_server_options(build_mode, args[i]); - } - - ca_cert[ca_cert_index++] = args[++i]; - } - else if (build_mode == axtls.SSL_BUILD_FULL_MODE) - { - if (args[i] == "-debug") - { - options |= axtls.SSL_DISPLAY_BYTES; - } - else if (args[i] == "-state") - { - options |= axtls.SSL_DISPLAY_STATES; - } - else if (args[i] == "-show-rsa") - { - options |= axtls.SSL_DISPLAY_RSA; - } - else - print_server_options(build_mode, args[i]); - } - else - print_server_options(build_mode, args[i]); - } - else - print_server_options(build_mode, args[i]); - } - else - print_server_options(build_mode, args[i]); - - i++; - } - - /* Create socket for incoming connections */ - IPEndPoint ep = new IPEndPoint(IPAddress.Any, port); - TcpListener server_sock = new TcpListener(ep); - server_sock.Start(); - - /********************************************************************** - * This is where the interesting stuff happens. Up until now we've - * just been setting up sockets etc. Now we do the SSL handshake. - **********************************************************************/ - SSLServer ssl_ctx = new SSLServer( - options, axtls.SSL_DEFAULT_SVR_SESS); - - if (ssl_ctx == null) - { - Console.Error.WriteLine("Error: Server context is invalid"); - Environment.Exit(1); - } - - if (private_key_file != null) - { - int obj_type = axtls.SSL_OBJ_RSA_KEY; - - if (private_key_file.EndsWith(".p8")) - obj_type = axtls.SSL_OBJ_PKCS8; - else if (private_key_file.EndsWith(".p12")) - obj_type = axtls.SSL_OBJ_PKCS12; - - if (ssl_ctx.ObjLoad(obj_type, - private_key_file, password) != axtls.SSL_OK) - { - Console.Error.WriteLine("Private key '" + private_key_file + - "' is undefined."); - Environment.Exit(1); - } - } - - for (i = 0; i < cert_index; i++) - { - if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, - cert[i], null) != axtls.SSL_OK) - { - Console.WriteLine("Certificate '" + cert[i] + - "' is undefined."); - Environment.Exit(1); - } - } - - for (i = 0; i < ca_cert_index; i++) - { - if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, - ca_cert[i], null) != axtls.SSL_OK) - { - Console.WriteLine("Certificate '" + cert[i] + - "' is undefined."); - Environment.Exit(1); - } - } - - byte[] buf = null; - int res; - - for (;;) - { - if (!quiet) - { - Console.WriteLine("ACCEPT"); - } - - Socket client_sock = server_sock.AcceptSocket(); - - SSL ssl = ssl_ctx.Connect(client_sock); - - /* do the actual SSL handshake */ - while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK) - { - /* check when the connection has been established */ - if (ssl.HandshakeStatus() == axtls.SSL_OK) - break; - - /* could do something else here */ - } - - if (res == axtls.SSL_OK) /* connection established and ok */ - { - if (!quiet) - { - display_session_id(ssl); - display_cipher(ssl); - } - - /* now read (and display) whatever the client sends us */ - for (;;) - { - /* keep reading until we get something interesting */ - while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK) - { - /* could do something else here */ - } - - if (res < axtls.SSL_OK) - { - if (!quiet) - { - Console.WriteLine("CONNECTION CLOSED"); - } - - break; - } - - /* convert to string */ - char[] str = new char[res]; - for (i = 0; i < res; i++) - { - str[i] = (char)buf[i]; - } - - Console.Write(str); - } - } - else if (!quiet) - { - SSLUtil.DisplayError(res); - } - - /* client was disconnected or the handshake failed. */ - ssl.Dispose(); - client_sock.Close(); - } - - /* ssl_ctx.Dispose(); */ - } - - /* - * do_client() - */ - private void do_client(int build_mode, string[] args) - { - if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT) - { - print_client_options(build_mode, args[1]); - } - - int i = 1, res; - int port = 4433; - bool quiet = false; - string password = null; - int reconnect = 0; - string private_key_file = null; - string hostname = "127.0.0.1"; - - /* organise the cert/ca_cert lists */ - int cert_index = 0; - int ca_cert_index = 0; - int cert_size = SSLUtil.MaxCerts(); - int ca_cert_size = SSLUtil.MaxCACerts(); - string[] cert = new string[cert_size]; - string[] ca_cert = new string[ca_cert_size]; - - uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS; - byte[] session_id = null; - - while (i < args.Length) - { - if (args[i] == "-connect") - { - string host_port; - - if (i >= args.Length-1) - { - print_client_options(build_mode, args[i]); - } - - host_port = args[++i]; - int index_colon; - - if ((index_colon = host_port.IndexOf(':')) < 0) - print_client_options(build_mode, args[i]); - - hostname = new string(host_port.ToCharArray(), - 0, index_colon); - port = Int32.Parse(new String(host_port.ToCharArray(), - index_colon+1, host_port.Length-index_colon-1)); - } - else if (args[i] == "-cert") - { - if (i >= args.Length-1 || cert_index >= cert_size) - { - print_client_options(build_mode, args[i]); - } - - cert[cert_index++] = args[++i]; - } - else if (args[i] == "-key") - { - if (i >= args.Length-1) - { - print_client_options(build_mode, args[i]); - } - - private_key_file = args[++i]; - options |= axtls.SSL_NO_DEFAULT_KEY; - } - else if (args[i] == "-CAfile") - { - if (i >= args.Length-1 || ca_cert_index >= ca_cert_size) - { - print_client_options(build_mode, args[i]); - } - - ca_cert[ca_cert_index++] = args[++i]; - } - else if (args[i] == "-verify") - { - options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER; - } - else if (args[i] == "-reconnect") - { - reconnect = 4; - } - else if (args[i] == "-quiet") - { - quiet = true; - options &= ~(uint)axtls.SSL_DISPLAY_CERTS; - } - else if (args[i] == "-pass") - { - if (i >= args.Length-1) - { - print_client_options(build_mode, args[i]); - } - - password = args[++i]; - } - else if (build_mode == axtls.SSL_BUILD_FULL_MODE) - { - if (args[i] == "-debug") - { - options |= axtls.SSL_DISPLAY_BYTES; - } - else if (args[i] == "-state") - { - options |= axtls.SSL_DISPLAY_STATES; - } - else if (args[i] == "-show-rsa") - { - options |= axtls.SSL_DISPLAY_RSA; - } - else - print_client_options(build_mode, args[i]); - } - else /* don't know what this is */ - print_client_options(build_mode, args[i]); - - i++; - } - - // IPHostEntry hostInfo = Dns.Resolve(hostname); - IPHostEntry hostInfo = Dns.GetHostEntry(hostname); - IPAddress[] addresses = hostInfo.AddressList; - IPEndPoint ep = new IPEndPoint(addresses[0], port); - Socket client_sock = new Socket(AddressFamily.InterNetwork, - SocketType.Stream, ProtocolType.Tcp); - client_sock.Connect(ep); - - if (!client_sock.Connected) - { - Console.WriteLine("could not connect"); - Environment.Exit(1); - } - - if (!quiet) - { - Console.WriteLine("CONNECTED"); - } - - /********************************************************************** - * This is where the interesting stuff happens. Up until now we've - * just been setting up sockets etc. Now we do the SSL handshake. - **********************************************************************/ - SSLClient ssl_ctx = new SSLClient(options, - axtls.SSL_DEFAULT_CLNT_SESS); - - if (ssl_ctx == null) - { - Console.Error.WriteLine("Error: Client context is invalid"); - Environment.Exit(1); - } - - if (private_key_file != null) - { - int obj_type = axtls.SSL_OBJ_RSA_KEY; - - if (private_key_file.EndsWith(".p8")) - obj_type = axtls.SSL_OBJ_PKCS8; - else if (private_key_file.EndsWith(".p12")) - obj_type = axtls.SSL_OBJ_PKCS12; - - if (ssl_ctx.ObjLoad(obj_type, - private_key_file, password) != axtls.SSL_OK) - { - Console.Error.WriteLine("Private key '" + private_key_file + - "' is undefined."); - Environment.Exit(1); - } - } - - for (i = 0; i < cert_index; i++) - { - if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, - cert[i], null) != axtls.SSL_OK) - { - Console.WriteLine("Certificate '" + cert[i] + - "' is undefined."); - Environment.Exit(1); - } - } - - for (i = 0; i < ca_cert_index; i++) - { - if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, - ca_cert[i], null) != axtls.SSL_OK) - { - Console.WriteLine("Certificate '" + cert[i] + - "' is undefined."); - Environment.Exit(1); - } - } - - SSL ssl = new SSL(new IntPtr(0)); /* keep compiler happy */ - - /* Try session resumption? */ - if (reconnect > 0) - { - while (reconnect-- > 0) - { - ssl = ssl_ctx.Connect(client_sock, session_id); - - if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK) - { - if (!quiet) - { - SSLUtil.DisplayError(res); - } - - ssl.Dispose(); - Environment.Exit(1); - } - - display_session_id(ssl); - session_id = ssl.GetSessionId(); - - if (reconnect > 0) - { - ssl.Dispose(); - client_sock.Close(); - - /* and reconnect */ - client_sock = new Socket(AddressFamily.InterNetwork, - SocketType.Stream, ProtocolType.Tcp); - client_sock.Connect(ep); - } - } - } - else - { - ssl = ssl_ctx.Connect(client_sock, null); - } - - /* check the return status */ - if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK) - { - if (!quiet) - { - SSLUtil.DisplayError(res); - } - - Environment.Exit(1); - } - - if (!quiet) - { - string common_name = - ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME); - - if (common_name != null) - { - Console.WriteLine("Common Name:\t\t\t" + common_name); - } - - display_session_id(ssl); - display_cipher(ssl); - } - - for (;;) - { - string user_input = Console.ReadLine(); - - if (user_input == null) - break; - - byte[] buf = new byte[user_input.Length+2]; - buf[buf.Length-2] = (byte)'\n'; /* add the carriage return */ - buf[buf.Length-1] = 0; /* null terminate */ - - for (i = 0; i < buf.Length-2; i++) - { - buf[i] = (byte)user_input[i]; - } - - if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK) - { - if (!quiet) - { - SSLUtil.DisplayError(res); - } - - break; - } - } - - ssl_ctx.Dispose(); - } - - /** - * We've had some sort of command-line error. Print out the basic options. - */ - private void print_options(string option) - { - Console.WriteLine("axssl: Error: '" + option + - "' is an invalid command."); - Console.WriteLine("usage: axssl.csharp [s_server|" + - "s_client|version] [args ...]"); - Environment.Exit(1); - } - - /** - * We've had some sort of command-line error. Print out the server options. - */ - private void print_server_options(int build_mode, string option) - { - int cert_size = SSLUtil.MaxCerts(); - int ca_cert_size = SSLUtil.MaxCACerts(); - - Console.WriteLine("unknown option " + option); - Console.WriteLine("usage: s_server [args ...]"); - Console.WriteLine(" -accept arg\t- port to accept on (default " + - "is 4433)"); - Console.WriteLine(" -quiet\t\t- No server output"); - - if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY) - { - Console.WriteLine(" -cert arg\t- certificate file to add (in " + - "addition to default) to chain -"); - Console.WriteLine("\t\t Can repeat up to " + cert_size + " times"); - Console.WriteLine(" -key arg\t- Private key file to use"); - Console.WriteLine(" -pass\t\t- private key file pass phrase source"); - } - - if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION) - { - Console.WriteLine(" -verify\t- turn on peer certificate " + - "verification"); - Console.WriteLine(" -CAfile arg\t- Certificate authority."); - Console.WriteLine("\t\t Can repeat up to " + - ca_cert_size + "times"); - } - - if (build_mode == axtls.SSL_BUILD_FULL_MODE) - { - Console.WriteLine(" -debug\t\t- Print more output"); - Console.WriteLine(" -state\t\t- Show state messages"); - Console.WriteLine(" -show-rsa\t- Show RSA state"); - } - - Environment.Exit(1); - } - - /** - * We've had some sort of command-line error. Print out the client options. - */ - private void print_client_options(int build_mode, string option) - { - int cert_size = SSLUtil.MaxCerts(); - int ca_cert_size = SSLUtil.MaxCACerts(); - - Console.WriteLine("unknown option " + option); - - if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT) - { - Console.WriteLine("usage: s_client [args ...]"); - Console.WriteLine(" -connect host:port - who to connect to " + - "(default is localhost:4433)"); - Console.WriteLine(" -verify\t- turn on peer certificate " + - "verification"); - Console.WriteLine(" -cert arg\t- certificate file to use"); - Console.WriteLine("\t\t Can repeat up to %d times", cert_size); - Console.WriteLine(" -key arg\t- Private key file to use"); - Console.WriteLine(" -CAfile arg\t- Certificate authority."); - Console.WriteLine("\t\t Can repeat up to " + ca_cert_size + - " times"); - Console.WriteLine(" -quiet\t\t- No client output"); - Console.WriteLine(" -pass\t\t- private key file pass " + - "phrase source"); - Console.WriteLine(" -reconnect\t- Drop and re-make the " + - "connection with the same Session-ID"); - - if (build_mode == axtls.SSL_BUILD_FULL_MODE) - { - Console.WriteLine(" -debug\t\t- Print more output"); - Console.WriteLine(" -state\t\t- Show state messages"); - Console.WriteLine(" -show-rsa\t- Show RSA state"); - } - } - else - { - Console.WriteLine("Change configuration to allow this feature"); - } - - Environment.Exit(1); - } - - /** - * Display what cipher we are using - */ - private void display_cipher(SSL ssl) - { - Console.Write("CIPHER is "); - - switch (ssl.GetCipherId()) - { - case axtls.SSL_AES128_SHA: - Console.WriteLine("AES128-SHA"); - break; - - case axtls.SSL_AES256_SHA: - Console.WriteLine("AES256-SHA"); - break; - - case axtls.SSL_RC4_128_SHA: - Console.WriteLine("RC4-SHA"); - break; - - case axtls.SSL_RC4_128_MD5: - Console.WriteLine("RC4-MD5"); - break; - - default: - Console.WriteLine("Unknown - " + ssl.GetCipherId()); - break; - } - } - - /** - * Display what session id we have. - */ - private void display_session_id(SSL ssl) - { - byte[] session_id = ssl.GetSessionId(); - - if (session_id.Length > 0) - { - Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----"); - foreach (byte b in session_id) - { - Console.Write("{0:x02}", b); - } - - Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----"); - } - } -} diff --git a/libs/nixio/axTLS/samples/java/Makefile b/libs/nixio/axTLS/samples/java/Makefile deleted file mode 100644 index b10a79f372..0000000000 --- a/libs/nixio/axTLS/samples/java/Makefile +++ /dev/null @@ -1,51 +0,0 @@ -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -include ../../config/.config -include ../../config/makefile.conf -include ../../config/makefile.java.conf - -all : sample -JAR=../../$(STAGE)/axtls.jar -CLASSES=../../bindings/java/classes -sample : $(JAR) - -$(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class) - jar mcvf manifest.mf $@ -C $(CLASSES) axTLSj -C $(CLASSES) axssl.class - -JAVA_FILES=axssl.java -JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class) - -$(CLASSES)/%.class : %.java - javac -d $(CLASSES) -classpath $(CLASSES) $^ - -clean:: - -@rm -f $(TARGET) - diff --git a/libs/nixio/axTLS/samples/java/axssl.java b/libs/nixio/axTLS/samples/java/axssl.java deleted file mode 100644 index 2057f29662..0000000000 --- a/libs/nixio/axTLS/samples/java/axssl.java +++ /dev/null @@ -1,760 +0,0 @@ -/* - * Copyright (c) 2007, Cameron Rich - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * * Neither the name of the axTLS project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Demonstrate the use of the axTLS library in Java with a set of - * command-line parameters similar to openssl. In fact, openssl clients - * should be able to communicate with axTLS servers and visa-versa. * - * This code has various bits enabled depending on the configuration. To enable - * the most interesting version, compile with the 'full mode' enabled. - * - * To see what options you have, run the following: - * > java -jar axtls.jar s_server -? - * > java -jar axtls.jar s_client -? - * - * The axtls/axtlsj shared libraries must be in the same directory or be found - * by the OS. - */ - -import java.io.*; -import java.util.*; -import java.net.*; -import axTLSj.*; - -public class axssl -{ - /* - * Main() - */ - public static void main(String[] args) - { - if (args.length == 1 && args[0].equals("version")) - { - System.out.println("axtls.jar " + SSLUtil.version()); - System.exit(0); - } - - axssl runner = new axssl(); - - try - { - if (args.length < 1 || - (!args[0].equals("s_server") && - !args[0].equals("s_client"))) - { - runner.print_options(args.length > 0 ? args[0] : ""); - } - - int build_mode = SSLUtil.buildMode(); - - if (args[0].equals("s_server")) - runner.do_server(build_mode, args); - else - runner.do_client(build_mode, args); - } - catch (Exception e) - { - System.out.println(e); - } - } - - /* - * do_server() - */ - private void do_server(int build_mode, String[] args) - throws Exception - { - int i = 1; - int port = 4433; - int options = axtlsj.SSL_DISPLAY_CERTS; - boolean quiet = false; - String password = null; - String private_key_file = null; - - /* organise the cert/ca_cert lists */ - int cert_size = SSLUtil.maxCerts(); - int ca_cert_size = SSLUtil.maxCACerts(); - String[] cert = new String[cert_size]; - String[] ca_cert = new String[ca_cert_size]; - int cert_index = 0; - int ca_cert_index = 0; - - while (i < args.length) - { - if (args[i].equals("-accept")) - { - if (i >= args.length-1) - { - print_server_options(build_mode, args[i]); - } - - port = Integer.parseInt(args[++i]); - } - else if (args[i].equals("-quiet")) - { - quiet = true; - options &= ~(int)axtlsj.SSL_DISPLAY_CERTS; - } - else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY) - { - if (args[i].equals("-cert")) - { - if (i >= args.length-1 || cert_index >= cert_size) - { - print_server_options(build_mode, args[i]); - } - - cert[cert_index++] = args[++i]; - } - else if (args[i].equals("-key")) - { - if (i >= args.length-1) - { - print_server_options(build_mode, args[i]); - } - - private_key_file = args[++i]; - options |= axtlsj.SSL_NO_DEFAULT_KEY; - } - else if (args[i].equals("-pass")) - { - if (i >= args.length-1) - { - print_server_options(build_mode, args[i]); - } - - password = args[++i]; - } - else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION) - { - if (args[i].equals("-verify")) - { - options |= axtlsj.SSL_CLIENT_AUTHENTICATION; - } - else if (args[i].equals("-CAfile")) - { - if (i >= args.length-1 || ca_cert_index >= ca_cert_size) - { - print_server_options(build_mode, args[i]); - } - - ca_cert[ca_cert_index++] = args[++i]; - } - else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE) - { - if (args[i].equals("-debug")) - { - options |= axtlsj.SSL_DISPLAY_BYTES; - } - else if (args[i].equals("-state")) - { - options |= axtlsj.SSL_DISPLAY_STATES; - } - else if (args[i].equals("-show-rsa")) - { - options |= axtlsj.SSL_DISPLAY_RSA; - } - else - print_server_options(build_mode, args[i]); - } - else - print_server_options(build_mode, args[i]); - } - else - print_server_options(build_mode, args[i]); - } - else - print_server_options(build_mode, args[i]); - - i++; - } - - /* Create socket for incoming connections */ - ServerSocket server_sock = new ServerSocket(port); - - /********************************************************************** - * This is where the interesting stuff happens. Up until now we've - * just been setting up sockets etc. Now we do the SSL handshake. - **********************************************************************/ - SSLServer ssl_ctx = new SSLServer(options, - axtlsj.SSL_DEFAULT_SVR_SESS); - - if (ssl_ctx == null) - throw new Exception("Error: Server context is invalid"); - - if (private_key_file != null) - { - int obj_type = axtlsj.SSL_OBJ_RSA_KEY; - - if (private_key_file.endsWith(".p8")) - obj_type = axtlsj.SSL_OBJ_PKCS8; - else if (private_key_file.endsWith(".p12")) - obj_type = axtlsj.SSL_OBJ_PKCS12; - - if (ssl_ctx.objLoad(obj_type, - private_key_file, password) != axtlsj.SSL_OK) - { - throw new Exception("Error: Private key '" + private_key_file + - "' is undefined."); - } - } - - for (i = 0; i < cert_index; i++) - { - if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, - cert[i], null) != axtlsj.SSL_OK) - { - throw new Exception("Certificate '" + cert[i] + - "' is undefined."); - } - } - - for (i = 0; i < ca_cert_index; i++) - { - if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, - ca_cert[i], null) != axtlsj.SSL_OK) - { - throw new Exception("Certificate '" + ca_cert[i] + - "' is undefined."); - } - } - - int res; - SSLReadHolder rh = new SSLReadHolder(); - - for (;;) - { - if (!quiet) - { - System.out.println("ACCEPT"); - } - - Socket client_sock = server_sock.accept(); - - SSL ssl = ssl_ctx.connect(client_sock); - - while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK) - { - /* check when the connection has been established */ - if (ssl.handshakeStatus() == axtlsj.SSL_OK) - break; - - /* could do something else here */ - } - - if (res == axtlsj.SSL_OK) /* connection established and ok */ - { - if (!quiet) - { - display_session_id(ssl); - display_cipher(ssl); - } - - /* now read (and display) whatever the client sends us */ - for (;;) - { - /* keep reading until we get something interesting */ - while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK) - { - /* could do something else here */ - } - - if (res < axtlsj.SSL_OK) - { - if (!quiet) - { - System.out.println("CONNECTION CLOSED"); - } - - break; - } - - /* convert to String */ - byte[] buf = rh.getData(); - char[] str = new char[res]; - - for (i = 0; i < res; i++) - { - str[i] = (char)buf[i]; - } - - System.out.print(str); - } - } - else if (!quiet) - { - SSLUtil.displayError(res); - } - - /* client was disconnected or the handshake failed. */ - ssl.dispose(); - client_sock.close(); - } - - /* ssl_ctx.dispose(); */ - } - - /* - * do_client() - */ - private void do_client(int build_mode, String[] args) - throws Exception - { - if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT) - print_client_options(build_mode, args[1]); - - int i = 1, res; - int port = 4433; - boolean quiet = false; - String password = null; - int reconnect = 0; - String private_key_file = null; - String hostname = "127.0.0.1"; - - /* organise the cert/ca_cert lists */ - int cert_index = 0; - int ca_cert_index = 0; - int cert_size = SSLUtil.maxCerts(); - int ca_cert_size = SSLUtil.maxCACerts(); - String[] cert = new String[cert_size]; - String[] ca_cert = new String[ca_cert_size]; - - int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS; - byte[] session_id = null; - - while (i < args.length) - { - if (args[i].equals("-connect")) - { - String host_port; - - if (i >= args.length-1) - { - print_client_options(build_mode, args[i]); - } - - host_port = args[++i]; - int index_colon; - - if ((index_colon = host_port.indexOf(':')) < 0) - print_client_options(build_mode, args[i]); - - hostname = new String(host_port.toCharArray(), - 0, index_colon); - port = Integer.parseInt(new String(host_port.toCharArray(), - index_colon+1, host_port.length()-index_colon-1)); - } - else if (args[i].equals("-cert")) - { - if (i >= args.length-1 || cert_index >= cert_size) - { - print_client_options(build_mode, args[i]); - } - - cert[cert_index++] = args[++i]; - } - else if (args[i].equals("-CAfile")) - { - if (i >= args.length-1 || ca_cert_index >= ca_cert_size) - { - print_client_options(build_mode, args[i]); - } - - ca_cert[ca_cert_index++] = args[++i]; - } - else if (args[i].equals("-key")) - { - if (i >= args.length-1) - { - print_client_options(build_mode, args[i]); - } - - private_key_file = args[++i]; - options |= axtlsj.SSL_NO_DEFAULT_KEY; - } - else if (args[i].equals("-verify")) - { - options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER; - } - else if (args[i].equals("-reconnect")) - { - reconnect = 4; - } - else if (args[i].equals("-quiet")) - { - quiet = true; - options &= ~(int)axtlsj.SSL_DISPLAY_CERTS; - } - else if (args[i].equals("-pass")) - { - if (i >= args.length-1) - { - print_server_options(build_mode, args[i]); - } - - password = args[++i]; - } - else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE) - { - if (args[i].equals("-debug")) - { - options |= axtlsj.SSL_DISPLAY_BYTES; - } - else if (args[i].equals("-state")) - { - options |= axtlsj.SSL_DISPLAY_STATES; - } - else if (args[i].equals("-show-rsa")) - { - options |= axtlsj.SSL_DISPLAY_RSA; - } - else - print_client_options(build_mode, args[i]); - } - else /* don't know what this is */ - print_client_options(build_mode, args[i]); - - i++; - } - - Socket client_sock = new Socket(hostname, port); - - if (!client_sock.isConnected()) - { - System.out.println("could not connect"); - throw new Exception(); - } - - if (!quiet) - { - System.out.println("CONNECTED"); - } - - /********************************************************************** - * This is where the interesting stuff happens. Up until now we've - * just been setting up sockets etc. Now we do the SSL handshake. - **********************************************************************/ - SSLClient ssl_ctx = new SSLClient(options, - axtlsj.SSL_DEFAULT_CLNT_SESS); - - if (ssl_ctx == null) - { - throw new Exception("Error: Client context is invalid"); - } - - if (private_key_file != null) - { - int obj_type = axtlsj.SSL_OBJ_RSA_KEY; - - if (private_key_file.endsWith(".p8")) - obj_type = axtlsj.SSL_OBJ_PKCS8; - else if (private_key_file.endsWith(".p12")) - obj_type = axtlsj.SSL_OBJ_PKCS12; - - if (ssl_ctx.objLoad(obj_type, - private_key_file, password) != axtlsj.SSL_OK) - { - throw new Exception("Error: Private key '" + private_key_file + - "' is undefined."); - } - } - - for (i = 0; i < cert_index; i++) - { - if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, - cert[i], null) != axtlsj.SSL_OK) - { - throw new Exception("Certificate '" + cert[i] + - "' is undefined."); - } - } - - for (i = 0; i < ca_cert_index; i++) - { - if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, - ca_cert[i], null) != axtlsj.SSL_OK) - { - throw new Exception("Certificate '" + ca_cert[i] + - "' is undefined."); - } - } - - SSL ssl = null; - - /* Try session resumption? */ - if (reconnect > 0) - { - while (reconnect-- > 0) - { - ssl = ssl_ctx.connect(client_sock, session_id); - - if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK) - { - if (!quiet) - { - SSLUtil.displayError(res); - } - - ssl.dispose(); - throw new Exception(); - } - - display_session_id(ssl); - session_id = ssl.getSessionId(); - - if (reconnect > 0) - { - ssl.dispose(); - client_sock.close(); - - /* and reconnect */ - client_sock = new Socket(hostname, port); - } - } - } - else - { - ssl = ssl_ctx.connect(client_sock, null); - } - - /* check the return status */ - if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK) - { - if (!quiet) - { - SSLUtil.displayError(res); - } - - throw new Exception(); - } - - if (!quiet) - { - String common_name = - ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME); - - if (common_name != null) - { - System.out.println("Common Name:\t\t\t" + common_name); - } - - display_session_id(ssl); - display_cipher(ssl); - } - - BufferedReader in = new BufferedReader( - new InputStreamReader(System.in)); - - for (;;) - { - String user_input = in.readLine(); - - if (user_input == null) - break; - - byte[] buf = new byte[user_input.length()+2]; - buf[buf.length-2] = (byte)'\n'; /* add the carriage return */ - buf[buf.length-1] = 0; /* null terminate */ - - for (i = 0; i < buf.length-2; i++) - { - buf[i] = (byte)user_input.charAt(i); - } - - if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK) - { - if (!quiet) - { - SSLUtil.displayError(res); - } - - break; - } - } - - ssl_ctx.dispose(); - } - - /** - * We've had some sort of command-line error. Print out the basic options. - */ - private void print_options(String option) - { - System.out.println("axssl: Error: '" + option + - "' is an invalid command."); - System.out.println("usage: axtlsj.jar [s_server|s_client|version] " + - "[args ...]"); - System.exit(1); - } - - /** - * We've had some sort of command-line error. Print out the server options. - */ - private void print_server_options(int build_mode, String option) - { - int cert_size = SSLUtil.maxCerts(); - int ca_cert_size = SSLUtil.maxCACerts(); - - System.out.println("unknown option " + option); - System.out.println("usage: s_server [args ...]"); - System.out.println(" -accept arg\t- port to accept on (default " + - "is 4433)"); - System.out.println(" -quiet\t\t- No server output"); - - if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY) - { - System.out.println(" -cert arg\t- certificate file to add (in " + - "addition to default) to chain -"); - System.out.println("\t\t Can repeat up to " + cert_size + " times"); - System.out.println(" -key arg\t- Private key file to use"); - System.out.println(" -pass\t\t- private key file pass phrase source"); - } - - if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION) - { - System.out.println(" -verify\t- turn on peer certificate " + - "verification"); - System.out.println(" -CAfile arg\t- Certificate authority. "); - System.out.println("\t\t Can repeat up to " + - ca_cert_size + " times"); - } - - if (build_mode == axtlsj.SSL_BUILD_FULL_MODE) - { - System.out.println(" -debug\t\t- Print more output"); - System.out.println(" -state\t\t- Show state messages"); - System.out.println(" -show-rsa\t- Show RSA state"); - } - - System.exit(1); - } - - /** - * We've had some sort of command-line error. Print out the client options. - */ - private void print_client_options(int build_mode, String option) - { - int cert_size = SSLUtil.maxCerts(); - int ca_cert_size = SSLUtil.maxCACerts(); - - System.out.println("unknown option " + option); - - if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT) - { - System.out.println("usage: s_client [args ...]"); - System.out.println(" -connect host:port - who to connect to " + - "(default is localhost:4433)"); - System.out.println(" -verify\t- turn on peer certificate " + - "verification"); - System.out.println(" -cert arg\t- certificate file to use"); - System.out.println(" -key arg\t- Private key file to use"); - System.out.println("\t\t Can repeat up to " + cert_size + - " times"); - System.out.println(" -CAfile arg\t- Certificate authority."); - System.out.println("\t\t Can repeat up to " + ca_cert_size + - " times"); - System.out.println(" -quiet\t\t- No client output"); - System.out.println(" -pass\t\t- private key file pass " + - "phrase source"); - System.out.println(" -reconnect\t- Drop and re-make the " + - "connection with the same Session-ID"); - - if (build_mode == axtlsj.SSL_BUILD_FULL_MODE) - { - System.out.println(" -debug\t\t- Print more output"); - System.out.println(" -state\t\t- Show state messages"); - System.out.println(" -show-rsa\t- Show RSA state"); - } - } - else - { - System.out.println("Change configuration to allow this feature"); - } - - System.exit(1); - } - - /** - * Display what cipher we are using - */ - private void display_cipher(SSL ssl) - { - System.out.print("CIPHER is "); - - byte ciph_id = ssl.getCipherId(); - - if (ciph_id == axtlsj.SSL_AES128_SHA) - System.out.println("AES128-SHA"); - else if (ciph_id == axtlsj.SSL_AES256_SHA) - System.out.println("AES256-SHA"); - else if (ciph_id == axtlsj.SSL_RC4_128_SHA) - System.out.println("RC4-SHA"); - else if (ciph_id == axtlsj.SSL_RC4_128_MD5) - System.out.println("RC4-MD5"); - else - System.out.println("Unknown - " + ssl.getCipherId()); - } - - public char toHexChar(int i) - { - if ((0 <= i) && (i <= 9 )) - return (char)('0' + i); - else - return (char)('a' + (i-10)); - } - - public void bytesToHex(byte[] data) - { - StringBuffer buf = new StringBuffer(); - for (int i = 0; i < data.length; i++ ) - { - buf.append(toHexChar((data[i]>>>4)&0x0F)); - buf.append(toHexChar(data[i]&0x0F)); - } - - System.out.println(buf); - } - - - /** - * Display what session id we have. - */ - private void display_session_id(SSL ssl) - { - byte[] session_id = ssl.getSessionId(); - - if (session_id.length > 0) - { - System.out.println("-----BEGIN SSL SESSION PARAMETERS-----"); - bytesToHex(session_id); - System.out.println("-----END SSL SESSION PARAMETERS-----"); - } - } -} diff --git a/libs/nixio/axTLS/samples/java/manifest.mf b/libs/nixio/axTLS/samples/java/manifest.mf deleted file mode 100644 index b906ed29ed..0000000000 --- a/libs/nixio/axTLS/samples/java/manifest.mf +++ /dev/null @@ -1 +0,0 @@ -Main-Class: axssl diff --git a/libs/nixio/axTLS/samples/lua/Makefile b/libs/nixio/axTLS/samples/lua/Makefile deleted file mode 100644 index a460da3c55..0000000000 --- a/libs/nixio/axTLS/samples/lua/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -include ../../config/.config -include ../../config/makefile.conf - -all: samples -TARGET=../../$(STAGE)/axssl.lua -samples: $(TARGET) - -$(TARGET): axssl.lua - install $< $@ - -clean:: - -@rm -f $(TARGET) - diff --git a/libs/nixio/axTLS/samples/lua/axssl.lua b/libs/nixio/axTLS/samples/lua/axssl.lua deleted file mode 100755 index 6ea26b69dd..0000000000 --- a/libs/nixio/axTLS/samples/lua/axssl.lua +++ /dev/null @@ -1,562 +0,0 @@ -#!/usr/local/bin/lua - --- --- Copyright (c) 2007, Cameron Rich --- --- All rights reserved. --- --- Redistribution and use in source and binary forms, with or without --- modification, are permitted provided that the following conditions are met: --- --- * Redistributions of source code must retain the above copyright notice, --- this list of conditions and the following disclaimer. --- * Redistributions in binary form must reproduce the above copyright --- notice, this list of conditions and the following disclaimer in the --- documentation and/or other materials provided with the distribution. --- * Neither the name of the axTLS project nor the names of its --- contributors may be used to endorse or promote products derived --- from this software without specific prior written permission. --- --- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS --- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT --- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR --- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR --- CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, --- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED --- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, --- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY --- OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING --- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF --- THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --- - --- --- Demonstrate the use of the axTLS library in Lua with a set of --- command-line parameters similar to openssl. In fact, openssl clients --- should be able to communicate with axTLS servers and visa-versa. --- --- This code has various bits enabled depending on the configuration. To enable --- the most interesting version, compile with the 'full mode' enabled. --- --- To see what options you have, run the following: --- > [lua] axssl s_server -? --- > [lua] axssl s_client -? --- --- The axtls/axtlsl shared libraries must be in the same directory or be found --- by the OS. --- --- -require "bit" -require("axtlsl") -local socket = require("socket") - --- print version? -if #arg == 1 and arg[1] == "version" then - print("axssl.lua "..axtlsl.ssl_version()) - os.exit(1) -end - --- --- We've had some sort of command-line error. Print out the basic options. --- -function print_options(option) - print("axssl: Error: '"..option.."' is an invalid command.") - print("usage: axssl [s_server|s_client|version] [args ...]") - os.exit(1) -end - --- --- We've had some sort of command-line error. Print out the server options. --- -function print_server_options(build_mode, option) - local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET) - local ca_cert_size = axtlsl.ssl_get_config( - axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET) - - print("unknown option "..option) - print("usage: s_server [args ...]") - print(" -accept\t- port to accept on (default is 4433)") - print(" -quiet\t\t- No server output") - - if build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then - print(" -cert arg\t- certificate file to add (in addition to ".. - "default) to chain -") - print("\t\t Can repeat up to "..cert_size.." times") - print(" -key arg\t- Private key file to use - default DER format") - print(" -pass\t\t- private key file pass phrase source") - end - - if build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then - print(" -verify\t- turn on peer certificate verification") - print(" -CAfile arg\t- Certificate authority - default DER format") - print("\t\t Can repeat up to "..ca_cert_size.." times") - end - - if build_mode == axtlsl.SSL_BUILD_FULL_MODE then - print(" -debug\t\t- Print more output") - print(" -state\t\t- Show state messages") - print(" -show-rsa\t- Show RSA state") - end - - os.exit(1) -end - --- --- We've had some sort of command-line error. Print out the client options. --- -function print_client_options(build_mode, option) - local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET) - local ca_cert_size = axtlsl.ssl_get_config( - axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET) - - print("unknown option "..option) - - if build_mode >= axtlsl.SSL_BUILD_ENABLE_CLIENT then - print("usage: s_client [args ...]") - print(" -connect host:port - who to connect to (default ".. - "is localhost:4433)") - print(" -verify\t- turn on peer certificate verification") - print(" -cert arg\t- certificate file to use - default DER format") - print(" -key arg\t- Private key file to use - default DER format") - print("\t\t Can repeat up to "..cert_size.." times") - print(" -CAfile arg\t- Certificate authority - default DER format") - print("\t\t Can repeat up to "..ca_cert_size.."times") - print(" -quiet\t\t- No client output") - print(" -pass\t\t- private key file pass phrase source") - print(" -reconnect\t- Drop and re-make the connection ".. - "with the same Session-ID") - - if build_mode == axtlsl.SSL_BUILD_FULL_MODE then - print(" -debug\t\t- Print more output") - print(" -state\t\t- Show state messages") - print(" -show-rsa\t- Show RSA state") - end - else - print("Change configuration to allow this feature") - end - - os.exit(1) -end - --- Implement the SSL server logic. -function do_server(build_mode) - local i = 2 - local v - local port = 4433 - local options = axtlsl.SSL_DISPLAY_CERTS - local quiet = false - local password = "" - local private_key_file = nil - local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET) - local ca_cert_size = axtlsl. - ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET) - local cert = {} - local ca_cert = {} - - while i <= #arg do - if arg[i] == "-accept" then - if i >= #arg then - print_server_options(build_mode, arg[i]) - end - - i = i + 1 - port = arg[i] - elseif arg[i] == "-quiet" then - quiet = true - options = bit.band(options, bit.bnot(axtlsl.SSL_DISPLAY_CERTS)) - elseif build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then - if arg[i] == "-cert" then - if i >= #arg or #cert >= cert_size then - print_server_options(build_mode, arg[i]) - end - - i = i + 1 - table.insert(cert, arg[i]) - elseif arg[i] == "-key" then - if i >= #arg then - print_server_options(build_mode, arg[i]) - end - - i = i + 1 - private_key_file = arg[i] - options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY) - elseif arg[i] == "-pass" then - if i >= #arg then - print_server_options(build_mode, arg[i]) - end - - i = i + 1 - password = arg[i] - elseif build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then - if arg[i] == "-verify" then - options = bit.bor(options, axtlsl.SSL_CLIENT_AUTHENTICATION) - elseif arg[i] == "-CAfile" then - if i >= #arg or #ca_cert >= ca_cert_size then - print_server_options(build_mode, arg[i]) - end - - i = i + 1 - table.insert(ca_cert, arg[i]) - elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then - if arg[i] == "-debug" then - options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES) - elseif arg[i] == "-state" then - options = bit.bor(options, axtlsl.SSL_DISPLAY_STATES) - elseif arg[i] == "-show-rsa" then - options = bit.bor(options, axtlsl.SSL_DISPLAY_RSA) - else - print_server_options(build_mode, arg[i]) - end - else - print_server_options(build_mode, arg[i]) - end - else - print_server_options(build_mode, arg[i]) - end - else - print_server_options(build_mode, arg[i]) - end - - i = i + 1 - end - - -- Create socket for incoming connections - local server_sock = socket.try(socket.bind("*", port)) - - --------------------------------------------------------------------------- - -- This is where the interesting stuff happens. Up until now we've - -- just been setting up sockets etc. Now we do the SSL handshake. - --------------------------------------------------------------------------- - local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_SVR_SESS) - if ssl_ctx == nil then error("Error: Server context is invalid") end - - if private_key_file ~= nil then - local obj_type = axtlsl.SSL_OBJ_RSA_KEY - - if string.find(private_key_file, ".p8") then - obj_type = axtlsl.SSL_OBJ_PKCS8 - end - - if string.find(private_key_file, ".p12") then - obj_type = axtlsl.SSL_OBJ_PKCS12 - end - - if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, - password) ~= axtlsl.SSL_OK then - error("Private key '" .. private_key_file .. "' is undefined.") - end - end - - for _, v in ipairs(cert) do - if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= - axtlsl.SSL_OK then - error("Certificate '"..v .. "' is undefined.") - end - end - - for _, v in ipairs(ca_cert) do - if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= - axtlsl.SSL_OK then - error("Certificate '"..v .."' is undefined.") - end - end - - while true do - if not quiet then print("ACCEPT") end - local client_sock = server_sock:accept(); - local ssl = axtlsl.ssl_server_new(ssl_ctx, client_sock:getfd()) - - -- do the actual SSL handshake - local connected = false - local res - local buf - - while true do - socket.select({client_sock}, nil) - res, buf = axtlsl.ssl_read(ssl) - - if res == axtlsl.SSL_OK then -- connection established and ok - if axtlsl.ssl_handshake_status(ssl) == axtlsl.SSL_OK then - if not quiet and not connected then - display_session_id(ssl) - display_cipher(ssl) - end - connected = true - end - end - - if res > axtlsl.SSL_OK then - for _, v in ipairs(buf) do - io.write(string.format("%c", v)) - end - elseif res < axtlsl.SSL_OK then - if not quiet then - axtlsl.ssl_display_error(res) - end - break - end - end - - -- client was disconnected or the handshake failed. - print("CONNECTION CLOSED") - axtlsl.ssl_free(ssl) - client_sock:close() - end - - axtlsl.ssl_ctx_free(ssl_ctx) -end - --- --- Implement the SSL client logic. --- -function do_client(build_mode) - local i = 2 - local v - local port = 4433 - local options = - bit.bor(axtlsl.SSL_SERVER_VERIFY_LATER, axtlsl.SSL_DISPLAY_CERTS) - local private_key_file = nil - local reconnect = 0 - local quiet = false - local password = "" - local session_id = {} - local host = "127.0.0.1" - local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET) - local ca_cert_size = axtlsl. - ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET) - local cert = {} - local ca_cert = {} - - while i <= #arg do - if arg[i] == "-connect" then - if i >= #arg then - print_client_options(build_mode, arg[i]) - end - - i = i + 1 - local t = string.find(arg[i], ":") - host = string.sub(arg[i], 1, t-1) - port = string.sub(arg[i], t+1) - elseif arg[i] == "-cert" then - if i >= #arg or #cert >= cert_size then - print_client_options(build_mode, arg[i]) - end - - i = i + 1 - table.insert(cert, arg[i]) - elseif arg[i] == "-key" then - if i >= #arg then - print_client_options(build_mode, arg[i]) - end - - i = i + 1 - private_key_file = arg[i] - options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY) - elseif arg[i] == "-CAfile" then - if i >= #arg or #ca_cert >= ca_cert_size then - print_client_options(build_mode, arg[i]) - end - - i = i + 1 - table.insert(ca_cert, arg[i]) - elseif arg[i] == "-verify" then - options = bit.band(options, - bit.bnot(axtlsl.SSL_SERVER_VERIFY_LATER)) - elseif arg[i] == "-reconnect" then - reconnect = 4 - elseif arg[i] == "-quiet" then - quiet = true - options = bit.band(options, bnot(axtlsl.SSL_DISPLAY_CERTS)) - elseif arg[i] == "-pass" then - if i >= #arg then - print_server_options(build_mode, arg[i]) - end - - i = i + 1 - password = arg[i] - elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then - if arg[i] == "-debug" then - options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES) - elseif arg[i] == "-state" then - options = bit.bor(axtlsl.SSL_DISPLAY_STATES) - elseif arg[i] == "-show-rsa" then - options = bit.bor(axtlsl.SSL_DISPLAY_RSA) - else -- don't know what this is - print_client_options(build_mode, arg[i]) - end - else -- don't know what this is - print_client_options(build_mode, arg[i]) - end - - i = i + 1 - end - - local client_sock = socket.try(socket.connect(host, port)) - local ssl - local res - - if not quiet then print("CONNECTED") end - - --------------------------------------------------------------------------- - -- This is where the interesting stuff happens. Up until now we've - -- just been setting up sockets etc. Now we do the SSL handshake. - --------------------------------------------------------------------------- - local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_CLNT_SESS) - - if ssl_ctx == nil then - error("Error: Client context is invalid") - end - - if private_key_file ~= nil then - local obj_type = axtlsl.SSL_OBJ_RSA_KEY - - if string.find(private_key_file, ".p8") then - obj_type = axtlsl.SSL_OBJ_PKCS8 - end - - if string.find(private_key_file, ".p12") then - obj_type = axtlsl.SSL_OBJ_PKCS12 - end - - if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, - password) ~= axtlsl.SSL_OK then - error("Private key '"..private_key_file.."' is undefined.") - end - end - - for _, v in ipairs(cert) do - if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= - axtlsl.SSL_OK then - error("Certificate '"..v .. "' is undefined.") - end - end - - for _, v in ipairs(ca_cert) do - if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= - axtlsl.SSL_OK then - error("Certificate '"..v .."' is undefined.") - end - end - - -- Try session resumption? - if reconnect ~= 0 then - local session_id = nil - local sess_id_size = 0 - - while reconnect > 0 do - reconnect = reconnect - 1 - ssl = axtlsl.ssl_client_new(ssl_ctx, - client_sock:getfd(), session_id, sess_id_size) - - res = axtlsl.ssl_handshake_status(ssl) - if res ~= axtlsl.SSL_OK then - if not quiet then axtlsl.ssl_display_error(res) end - axtlsl.ssl_free(ssl) - os.exit(1) - end - - display_session_id(ssl) - session_id = axtlsl.ssl_get_session_id(ssl) - sess_id_size = axtlsl.ssl_get_session_id_size(ssl) - - if reconnect > 0 then - axtlsl.ssl_free(ssl) - client_sock:close() - client_sock = socket.try(socket.connect(host, port)) - end - - end - else - ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil, 0) - end - - -- check the return status - res = axtlsl.ssl_handshake_status(ssl) - if res ~= axtlsl.SSL_OK then - if not quiet then axtlsl.ssl_display_error(res) end - os.exit(1) - end - - if not quiet then - local common_name = axtlsl.ssl_get_cert_dn(ssl, - axtlsl.SSL_X509_CERT_COMMON_NAME) - - if common_name ~= nil then - print("Common Name:\t\t\t"..common_name) - end - - display_session_id(ssl) - display_cipher(ssl) - end - - while true do - local line = io.read() - if line == nil then break end - local bytes = {} - - for i = 1, #line do - bytes[i] = line.byte(line, i) - end - - bytes[#line+1] = 10 -- add carriage return, null - bytes[#line+2] = 0 - - res = axtlsl.ssl_write(ssl, bytes, #bytes) - if res < axtlsl.SSL_OK then - if not quiet then axtlsl.ssl_display_error(res) end - break - end - end - - axtlsl.ssl_ctx_free(ssl_ctx) - client_sock:close() -end - --- --- Display what cipher we are using --- -function display_cipher(ssl) - io.write("CIPHER is ") - local cipher_id = axtlsl.ssl_get_cipher_id(ssl) - - if cipher_id == axtlsl.SSL_AES128_SHA then - print("AES128-SHA") - elseif cipher_id == axtlsl.SSL_AES256_SHA then - print("AES256-SHA") - elseif axtlsl.SSL_RC4_128_SHA then - print("RC4-SHA") - elseif axtlsl.SSL_RC4_128_MD5 then - print("RC4-MD5") - else - print("Unknown - "..cipher_id) - end -end - --- --- Display what session id we have. --- -function display_session_id(ssl) - local session_id = axtlsl.ssl_get_session_id(ssl) - local v - - if #session_id > 0 then - print("-----BEGIN SSL SESSION PARAMETERS-----") - for _, v in ipairs(session_id) do - io.write(string.format("%02x", v)) - end - print("\n-----END SSL SESSION PARAMETERS-----") - end -end - --- --- Main entry point. Doesn't do much except works out whether we are a client --- or a server. --- -if #arg == 0 or (arg[1] ~= "s_server" and arg[1] ~= "s_client") then - print_options(#arg > 0 and arg[1] or "") -end - -local build_mode = axtlsl.ssl_get_config(axtlsl.SSL_BUILD_MODE) -_ = arg[1] == "s_server" and do_server(build_mode) or do_client(build_mode) -os.exit(0) - diff --git a/libs/nixio/axTLS/samples/perl/Makefile b/libs/nixio/axTLS/samples/perl/Makefile deleted file mode 100644 index 5200c4302e..0000000000 --- a/libs/nixio/axTLS/samples/perl/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -include ../../config/.config -include ../../config/makefile.conf - -all: samples -TARGET=../../$(STAGE)/axssl.pl -samples: $(TARGET) - -$(TARGET): axssl.pl - install $< $@ - -clean:: - -@rm -f $(TARGET) - diff --git a/libs/nixio/axTLS/samples/perl/axssl.pl b/libs/nixio/axTLS/samples/perl/axssl.pl deleted file mode 100755 index e49d52270d..0000000000 --- a/libs/nixio/axTLS/samples/perl/axssl.pl +++ /dev/null @@ -1,634 +0,0 @@ -#!/usr/bin/perl -w -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -# -# Demonstrate the use of the axTLS library in Perl with a set of -# command-line parameters similar to openssl. In fact, openssl clients -# should be able to communicate with axTLS servers and visa-versa. -# -# This code has various bits enabled depending on the configuration. To enable -# the most interesting version, compile with the 'full mode' enabled. -# -# To see what options you have, run the following: -# > [perl] axssl s_server -? -# > [perl] axssl s_client -? -# -# The axtls/axtlsp shared libraries must be in the same directory or be found -# by the OS. axtlsp.pm must be in this directory or be in @INC. -# -# Under Win32, ActivePerl was used (see -# http://www.activestate.com/Products/ActivePerl/?mp=1) -# -use axtlsp; -use IO::Socket; - -# To get access to Win32 file descriptor stuff -my $is_win32 = 0; - -if ($^O eq "MSWin32") -{ - eval("use Win32API::File 0.08 qw( :ALL )"); - $is_win32 = 1; -} - -use strict; - -# -# Win32 has some problems with socket handles -# -sub get_native_sock -{ - my ($sock) = @_; - return $is_win32 ? FdGetOsFHandle($sock) : $sock; -} - -# print version? -if ($#ARGV == 0 && $ARGV[0] eq "version") -{ - printf("axssl.pl ".axtlsp::ssl_version()."\n"); - exit 0; -} - -# -# Main entry point. Doesn't do much except works out whether we are a client -# or a server. -# -print_options($#ARGV > -1 ? $ARGV[0] : "") - if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client")); - - -# Cygwin/Win32 issue - flush our output continuously -select STDOUT; -local $|=1; - -my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE); -$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode); - -# -# Implement the SSL server logic. -# -sub do_server -{ - my ($build_mode) = @_; - my $i = 1; - my $port = 4433; - my $options = $axtlsp::SSL_DISPLAY_CERTS; - my $quiet = 0; - my $password = undef; - my $private_key_file = undef; - my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET); - my $ca_cert_size = axtlsp::ssl_get_config( - $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET); - my @cert; - my @ca_cert; - - while ($i <= $#ARGV) - { - if ($ARGV[$i] eq "-accept") - { - print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV; - $port = $ARGV[++$i]; - } - elsif ($ARGV[$i] eq "-quiet") - { - $quiet = 1; - $options &= ~$axtlsp::SSL_DISPLAY_CERTS; - } - elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY) - { - if ($ARGV[$i] eq "-cert") - { - print_server_options($build_mode, $ARGV[$i]) - if $i >= $#ARGV || $#cert >= $cert_size-1; - - push @cert, $ARGV[++$i]; - } - elsif ($ARGV[$i] eq "-key") - { - print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV; - $private_key_file = $ARGV[++$i]; - $options |= $axtlsp::SSL_NO_DEFAULT_KEY; - } - elsif ($ARGV[$i] eq "-pass") - { - print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV; - $password = $ARGV[++$i]; - } - elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION) - { - if ($ARGV[$i] eq "-verify") - { - $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION; - } - elsif ($ARGV[$i] eq "-CAfile") - { - print_server_options($build_mode, $ARGV[$i]) - if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1; - push @ca_cert, $ARGV[++$i]; - } - elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE) - { - if ($ARGV[$i] eq "-debug") - { - $options |= $axtlsp::SSL_DISPLAY_BYTES; - } - elsif ($ARGV[$i] eq "-state") - { - $options |= $axtlsp::SSL_DISPLAY_STATES; - } - elsif ($ARGV[$i] eq "-show-rsa") - { - $options |= $axtlsp::SSL_DISPLAY_RSA; - } - else - { - print_server_options($build_mode, $ARGV[$i]); - } - } - else - { - print_server_options($build_mode, $ARGV[$i]); - } - } - else - { - print_server_options($build_mode, $ARGV[$i]); - } - } - else - { - print_server_options($build_mode, $ARGV[$i]); - } - - $i++; - } - - # Create socket for incoming connections - my $server_sock = IO::Socket::INET->new(Proto => 'tcp', - LocalPort => $port, - Listen => 1, - Reuse => 1) or die $!; - - ########################################################################### - # This is where the interesting stuff happens. Up until now we've - # just been setting up sockets etc. Now we do the SSL handshake. - ########################################################################### - my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS); - die "Error: Server context is invalid" if not defined $ssl_ctx; - - if (defined $private_key_file) - { - my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY; - - $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/; - $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/; - - die "Private key '$private_key_file' is undefined." if - axtlsp::ssl_obj_load($ssl_ctx, $obj_type, - $private_key_file, $password); - } - - foreach (@cert) - { - die "Certificate '$_' is undefined." - if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, - $_, undef) != $axtlsp::SSL_OK; - } - - foreach (@ca_cert) - { - die "Certificate '$_' is undefined." - if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, - $_, undef) != $axtlsp::SSL_OK; - } - - for (;;) - { - printf("ACCEPT\n") if not $quiet; - my $client_sock = $server_sock->accept; - my $native_sock = get_native_sock($client_sock->fileno); - - # This doesn't work in Win32 - need to get file descriptor from socket. - my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock); - - # do the actual SSL handshake - my $res; - my $buf; - my $connected = 0; - - while (1) - { - ($res, $buf) = axtlsp::ssl_read($ssl, undef); - last if $res < $axtlsp::SSL_OK; - - if ($res == $axtlsp::SSL_OK) # connection established and ok - { - if (axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK) - { - if (!$quiet && !$connected) - { - display_session_id($ssl); - display_cipher($ssl); - } - - $connected = 1; - } - } - - if ($res > $axtlsp::SSL_OK) - { - printf($$buf); - } - elsif ($res < $axtlsp::SSL_OK) - { - axtlsp::ssl_display_error($res) if not $quiet; - last; - } - } - - # client was disconnected or the handshake failed. - printf("CONNECTION CLOSED\n") if not $quiet; - axtlsp::ssl_free($ssl); - $client_sock->close; - } - - axtlsp::ssl_ctx_free($ssl_ctx); -} - -# -# Implement the SSL client logic. -# -sub do_client -{ - my ($build_mode) = @_; - my $i = 1; - my $port = 4433; - my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS; - my $private_key_file = undef; - my $reconnect = 0; - my $quiet = 0; - my $password = undef; - my @session_id; - my $host = "127.0.0.1"; - my @cert; - my @ca_cert; - my $cert_size = axtlsp::ssl_get_config( - $axtlsp::SSL_MAX_CERT_CFG_OFFSET); - my $ca_cert_size = axtlsp::ssl_get_config( - $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET); - - while ($i <= $#ARGV) - { - if ($ARGV[$i] eq "-connect") - { - print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV; - ($host, $port) = split(':', $ARGV[++$i]); - } - elsif ($ARGV[$i] eq "-cert") - { - print_client_options($build_mode, $ARGV[$i]) - if $i >= $#ARGV || $#cert >= $cert_size-1; - - push @cert, $ARGV[++$i]; - } - elsif ($ARGV[$i] eq "-key") - { - print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV; - $private_key_file = $ARGV[++$i]; - $options |= $axtlsp::SSL_NO_DEFAULT_KEY; - } - elsif ($ARGV[$i] eq "-CAfile") - { - print_client_options($build_mode, $ARGV[$i]) - if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1; - - push @ca_cert, $ARGV[++$i]; - } - elsif ($ARGV[$i] eq "-verify") - { - $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER; - } - elsif ($ARGV[$i] eq "-reconnect") - { - $reconnect = 4; - } - elsif ($ARGV[$i] eq "-quiet") - { - $quiet = 1; - $options &= ~$axtlsp::SSL_DISPLAY_CERTS; - } - elsif ($ARGV[$i] eq "-pass") - { - print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV; - $password = $ARGV[++$i]; - } - elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE) - { - if ($ARGV[$i] eq "-debug") - { - $options |= $axtlsp::SSL_DISPLAY_BYTES; - } - elsif ($ARGV[$i] eq "-state") - { - $options |= $axtlsp::SSL_DISPLAY_STATES; - } - elsif ($ARGV[$i] eq "-show-rsa") - { - $options |= $axtlsp::SSL_DISPLAY_RSA; - } - else # don't know what this is - { - print_client_options($build_mode, $ARGV[$i]); - } - } - else # don't know what this is - { - print_client_options($build_mode, $ARGV[$i]); - } - - $i++; - } - - my $client_sock = new IO::Socket::INET ( - PeerAddr => $host, PeerPort => $port, Proto => 'tcp') - || die ("no socket: $!"); - my $ssl; - my $res; - my $native_sock = get_native_sock($client_sock->fileno); - - printf("CONNECTED\n") if not $quiet; - - ########################################################################### - # This is where the interesting stuff happens. Up until now we've - # just been setting up sockets etc. Now we do the SSL handshake. - ########################################################################### - my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS); - die "Error: Client context is invalid" if not defined $ssl_ctx; - - if (defined $private_key_file) - { - my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY; - - $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/; - $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/; - - die "Private key '$private_key_file' is undefined." if - axtlsp::ssl_obj_load($ssl_ctx, $obj_type, - $private_key_file, $password); - } - - foreach (@cert) - { - die "Certificate '$_' is undefined." - if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, - $_, undef) != $axtlsp::SSL_OK; - } - - foreach (@ca_cert) - { - die "Certificate '$_' is undefined." - if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, - $_, undef) != $axtlsp::SSL_OK; - } - - # Try session resumption? - if ($reconnect) - { - my $session_id = undef; - my $sess_id_size = 0; - - while ($reconnect--) - { - $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, - $session_id, $sess_id_size); - - $res = axtlsp::ssl_handshake_status($ssl); - if ($res != $axtlsp::SSL_OK) - { - axtlsp::ssl_display_error($res) if !$quiet; - axtlsp::ssl_free($ssl); - exit 1; - } - - display_session_id($ssl); - $session_id = axtlsp::ssl_get_session_id($ssl); - - if ($reconnect) - { - axtlsp::ssl_free($ssl); - $client_sock->close; - $client_sock = new IO::Socket::INET ( - PeerAddr => $host, PeerPort => $port, Proto => 'tcp') - || die ("no socket: $!"); - - } - } - } - else - { - $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0); - } - - # check the return status - $res = axtlsp::ssl_handshake_status($ssl); - if ($res != $axtlsp::SSL_OK) - { - axtlsp::ssl_display_error($res) if not $quiet; - exit 1; - } - - if (!$quiet) - { - my $common_name = axtlsp::ssl_get_cert_dn($ssl, - $axtlsp::SSL_X509_CERT_COMMON_NAME); - - printf("Common Name:\t\t\t%s\n", $common_name) if defined $common_name; - display_session_id($ssl); - display_cipher($ssl); - } - - while () - { - my $cstring = pack("a*x", $_); # add null terminator - $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring)); - if ($res < $axtlsp::SSL_OK) - { - axtlsp::ssl_display_error($res) if not $quiet; - last; - } - } - - axtlsp::ssl_ctx_free($ssl_ctx); - $client_sock->close; -} - -# -# We've had some sort of command-line error. Print out the basic options. -# -sub print_options -{ - my ($option) = @_; - printf("axssl: Error: '%s' is an invalid command.\n", $option); - printf("usage: axssl [s_server|s_client|version] [args ...]\n"); - exit 1; -} - -# -# We've had some sort of command-line error. Print out the server options. -# -sub print_server_options -{ - my ($build_mode, $option) = @_; - my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET); - my $ca_cert_size = axtlsp::ssl_get_config( - $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET); - - printf("unknown option %s\n", $option); - printf("usage: s_server [args ...]\n"); - printf(" -accept arg\t- port to accept on (default is 4433)\n"); - printf(" -quiet\t\t- No server output\n"); - - if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY) - { - printf(" -cert arg\t- certificate file to add (in addition to default)". - " to chain -\n". - "\t\t Can repeat up to %d times\n", $cert_size); - printf(" -key arg\t- Private key file to use - default DER format\n"); - printf(" -pass\t\t- private key file pass phrase source\n"); - } - - if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION) - { - printf(" -verify\t- turn on peer certificate verification\n"); - printf(" -CAfile arg\t- Certificate authority - default DER format\n"); - printf("\t\t Can repeat up to %d times\n", $ca_cert_size); - } - - if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE) - { - printf(" -debug\t\t- Print more output\n"); - printf(" -state\t\t- Show state messages\n"); - printf(" -show-rsa\t- Show RSA state\n"); - } - - exit 1; -} - -# -# We've had some sort of command-line error. Print out the client options. -# -sub print_client_options -{ - my ($build_mode, $option) = @_; - my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET); - my $ca_cert_size = axtlsp::ssl_get_config( - $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET); - - printf("unknown option %s\n", $option); - - if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT) - { - printf("usage: s_client [args ...]\n"); - printf(" -connect host:port - who to connect to (default ". - "is localhost:4433)\n"); - printf(" -verify\t- turn on peer certificate verification\n"); - printf(" -cert arg\t- certificate file to use - default DER format\n"); - printf(" -key arg\t- Private key file to use - default DER format\n"); - printf("\t\t Can repeat up to %d times\n", $cert_size); - printf(" -CAfile arg\t- Certificate authority - default DER format\n"); - printf("\t\t Can repeat up to %d times\n", $ca_cert_size); - printf(" -quiet\t\t- No client output\n"); - printf(" -pass\t\t- private key file pass phrase source\n"); - printf(" -reconnect\t- Drop and re-make the connection ". - "with the same Session-ID\n"); - - if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE) - { - printf(" -debug\t\t- Print more output\n"); - printf(" -state\t\t- Show state messages\n"); - printf(" -show-rsa\t- Show RSA state\n"); - } - } - else - { - printf("Change configuration to allow this feature\n"); - } - - exit 1; -} - -# -# Display what cipher we are using -# -sub display_cipher -{ - my ($ssl) = @_; - printf("CIPHER is "); - my $cipher_id = axtlsp::ssl_get_cipher_id($ssl); - - if ($cipher_id == $axtlsp::SSL_AES128_SHA) - { - printf("AES128-SHA"); - } - elsif ($cipher_id == $axtlsp::SSL_AES256_SHA) - { - printf("AES256-SHA"); - } - elsif ($axtlsp::SSL_RC4_128_SHA) - { - printf("RC4-SHA"); - } - elsif ($axtlsp::SSL_RC4_128_MD5) - { - printf("RC4-MD5"); - } - else - { - printf("Unknown - %d", $cipher_id); - } - - printf("\n"); -} - -# -# Display what session id we have. -# -sub display_session_id -{ - my ($ssl) = @_; - my $session_id = axtlsp::ssl_get_session_id($ssl); - if (length($$session_id) > 0) - { - printf("-----BEGIN SSL SESSION PARAMETERS-----\n"); - printf(unpack("H*", $$session_id)); - printf("\n-----END SSL SESSION PARAMETERS-----\n"); - } -} diff --git a/libs/nixio/axTLS/samples/vbnet/Makefile b/libs/nixio/axTLS/samples/vbnet/Makefile deleted file mode 100644 index 0984d4e02e..0000000000 --- a/libs/nixio/axTLS/samples/vbnet/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -include ../../config/.config -include ../../config/makefile.conf -include ../../config/makefile.dotnet.conf - -# only build on Win32 platforms -ifdef GO_DOT_NET -all : sample -TARGET=../../$(STAGE)/axssl.vbnet.exe -sample : $(TARGET) - -$(TARGET): ../../bindings/vbnet/axTLSvb.vb ../../bindings/vbnet/axInterface.vb axssl.vb - vbc.exe /r:"`cygpath -w "$(CONFIG_DOT_NET_FRAMEWORK_BASE)/System.dll"`" /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`") - -endif # ARCH - -clean:: - -@rm -f $(TARGET) - diff --git a/libs/nixio/axTLS/samples/vbnet/axssl.vb b/libs/nixio/axTLS/samples/vbnet/axssl.vb deleted file mode 100644 index 1b423c8659..0000000000 --- a/libs/nixio/axTLS/samples/vbnet/axssl.vb +++ /dev/null @@ -1,702 +0,0 @@ -' -' Copyright (c) 2007, Cameron Rich -' -' All rights reserved. -' -' Redistribution and use in source and binary forms, with or without -' modification, are permitted provided that the following conditions are met: -' -' * Redistributions of source code must retain the above copyright notice, -' this list of conditions and the following disclaimer. -' * Redistributions in binary form must reproduce the above copyright -' notice, this list of conditions and the following disclaimer in the -' documentation and/or other materials provided with the distribution. -' * Neither the name of the axTLS project nor the names of its -' contributors may be used to endorse or promote products derived -' from this software without specific prior written permission. -' -' THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -' "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -' LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -' A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -' CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -' SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -' TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -' DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -' OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -' NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -' THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -' - -' -' Demonstrate the use of the axTLS library in VB.NET with a set of -' command-line parameters similar to openssl. In fact, openssl clients -' should be able to communicate with axTLS servers and visa-versa. -' -' This code has various bits enabled depending on the configuration. To enable -' the most interesting version, compile with the 'full mode' enabled. -' -' To see what options you have, run the following: -' > axssl.vbnet.exe s_server -? -' > axssl.vbnet.exe s_client -? -' -' The axtls shared library must be in the same directory or be found -' by the OS. -' - -Imports System -Imports System.Net -Imports System.Net.Sockets -Imports Microsoft.VisualBasic -Imports axTLSvb - -Public Class axssl - ' - ' do_server() - ' - Public Sub do_server(ByVal build_mode As Integer, _ - ByVal args() As String) - Dim i As Integer = 1 - Dim port As Integer = 4433 - Dim options As Integer = axtls.SSL_DISPLAY_CERTS - Dim quiet As Boolean = False - Dim password As String = Nothing - Dim private_key_file As String = Nothing - - ' organise the cert/ca_cert lists - Dim cert_size As Integer = SSLUtil.MaxCerts() - Dim ca_cert_size As Integer = SSLUtil.MaxCACerts() - Dim cert(cert_size) As String - Dim ca_cert(ca_cert_size) As String - Dim cert_index As Integer = 0 - Dim ca_cert_index As Integer = 0 - - While i < args.Length - If args(i) = "-accept" Then - If i >= args.Length-1 - print_server_options(build_mode, args(i)) - End If - - i += 1 - port = Int32.Parse(args(i)) - ElseIf args(i) = "-quiet" - quiet = True - options = options And Not axtls.SSL_DISPLAY_CERTS - ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY - If args(i) = "-cert" - If i >= args.Length-1 Or cert_index >= cert_size - print_server_options(build_mode, args(i)) - End If - - i += 1 - cert(cert_index) = args(i) - cert_index += 1 - ElseIf args(i) = "-key" - If i >= args.Length-1 - print_server_options(build_mode, args(i)) - End If - - i += 1 - private_key_file = args(i) - options = options Or axtls.SSL_NO_DEFAULT_KEY - ElseIf args(i) = "-pass" - If i >= args.Length-1 - print_server_options(build_mode, args(i)) - End If - - i += 1 - password = args(i) - ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION - If args(i) = "-verify" Then - options = options Or axtls.SSL_CLIENT_AUTHENTICATION - ElseIf args(i) = "-CAfile" - If i >= args.Length-1 Or _ - ca_cert_index >= ca_cert_size Then - print_server_options(build_mode, args(i)) - End If - - i += 1 - ca_cert(ca_cert_index) = args(i) - ca_cert_index += 1 - ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE - If args(i) = "-debug" Then - options = options Or axtls.SSL_DISPLAY_BYTES - ElseIf args(i) = "-state" - options = options Or axtls.SSL_DISPLAY_STATES - ElseIf args(i) = "-show-rsa" - options = options Or axtls.SSL_DISPLAY_RSA - Else - print_server_options(build_mode, args(i)) - End If - Else - print_server_options(build_mode, args(i)) - End If - Else - print_server_options(build_mode, args(i)) - End If - End If - - i += 1 - End While - - ' Create socket for incoming connections - Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port) - Dim server_sock As TcpListener = New TcpListener(ep) - server_sock.Start() - - '********************************************************************* - ' This is where the interesting stuff happens. Up until now we've - ' just been setting up sockets etc. Now we do the SSL handshake. - '*********************************************************************/ - Dim ssl_ctx As SSLServer = New SSLServer(options, _ - axtls.SSL_DEFAULT_SVR_SESS) - - If ssl_ctx Is Nothing Then - Console.Error.WriteLine("Error: Server context is invalid") - Environment.Exit(1) - End If - - If private_key_file <> Nothing Then - Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY - - If private_key_file.EndsWith(".p8") Then - obj_type = axtls.SSL_OBJ_PKCS8 - Else If (private_key_file.EndsWith(".p12")) - obj_type = axtls.SSL_OBJ_PKCS12 - End If - - If ssl_ctx.ObjLoad(obj_type, private_key_file, _ - password) <> axtls.SSL_OK Then - Console.Error.WriteLine("Error: Private key '" & _ - private_key_file & "' is undefined.") - Environment.Exit(1) - End If - End If - - For i = 0 To cert_index-1 - If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _ - cert(i), Nothing) <> axtls.SSL_OK Then - Console.WriteLine("Certificate '" & cert(i) & _ - "' is undefined.") - Environment.Exit(1) - End If - Next - - For i = 0 To ca_cert_index-1 - If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _ - ca_cert(i), Nothing) <> axtls.SSL_OK Then - Console.WriteLine("Certificate '" & ca_cert(i) & _ - "' is undefined.") - Environment.Exit(1) - End If - Next - - Dim buf As Byte() = Nothing - Dim res As Integer - Dim ssl As SSL - - While 1 - If Not quiet Then - Console.WriteLine("ACCEPT") - End If - - Dim client_sock As Socket = server_sock.AcceptSocket() - - ssl = ssl_ctx.Connect(client_sock) - - ' do the actual SSL handshake - While 1 - res = ssl_ctx.Read(ssl, buf) - If res <> axtls.SSL_OK Then - Exit While - End If - - ' check when the connection has been established - If ssl.HandshakeStatus() = axtls.SSL_OK - Exit While - End If - - ' could do something else here - End While - - If res = axtls.SSL_OK Then ' connection established and ok - If Not quiet - display_session_id(ssl) - display_cipher(ssl) - End If - - ' now read (and display) whatever the client sends us - While 1 - ' keep reading until we get something interesting - While 1 - res = ssl_ctx.Read(ssl, buf) - If res <> axtls.SSL_OK Then - Exit While - End If - - ' could do something else here - End While - - If res < axtls.SSL_OK - If Not quiet - Console.WriteLine("CONNECTION CLOSED") - End If - - Exit While - End If - - ' convert to String - Dim str(res) As Char - For i = 0 To res-1 - str(i) = Chr(buf(i)) - Next - - Console.Write(str) - End While - ElseIf Not quiet - SSLUtil.DisplayError(res) - End If - - ' client was disconnected or the handshake failed. */ - ssl.Dispose() - client_sock.Close() - End While - - ssl_ctx.Dispose() - End Sub - - ' - ' do_client() - ' - Public Sub do_client(ByVal build_mode As Integer, _ - ByVal args() As String) - - If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then - print_client_options(build_mode, args(1)) - End If - - Dim i As Integer = 1 - Dim res As Integer - Dim port As Integer = 4433 - Dim quiet As Boolean = False - Dim password As String = Nothing - Dim reconnect As Integer = 0 - Dim private_key_file As String = Nothing - Dim hostname As String = "127.0.0.1" - - ' organise the cert/ca_cert lists - Dim ssl As SSL = Nothing - Dim cert_size As Integer = SSLUtil.MaxCerts() - Dim ca_cert_size As Integer = SSLUtil.MaxCACerts() - Dim cert(cert_size) As String - Dim ca_cert(ca_cert_size) As String - Dim cert_index As Integer = 0 - Dim ca_cert_index As Integer = 0 - - Dim options As Integer = _ - axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS - Dim session_id As Byte() = Nothing - - While i < args.Length - If args(i) = "-connect" Then - Dim host_port As String - - If i >= args.Length-1 - print_client_options(build_mode, args(i)) - End If - - i += 1 - host_port = args(i) - - Dim index_colon As Integer = host_port.IndexOf(":"C) - If index_colon < 0 Then - print_client_options(build_mode, args(i)) - End If - - hostname = New String(host_port.ToCharArray(), _ - 0, index_colon) - port = Int32.Parse(New String(host_port.ToCharArray(), _ - index_colon+1, host_port.Length-index_colon-1)) - ElseIf args(i) = "-cert" - If i >= args.Length-1 Or cert_index >= cert_size Then - print_client_options(build_mode, args(i)) - End If - - i += 1 - cert(cert_index) = args(i) - cert_index += 1 - ElseIf args(i) = "-key" - If i >= args.Length-1 - print_client_options(build_mode, args(i)) - End If - - i += 1 - private_key_file = args(i) - options = options Or axtls.SSL_NO_DEFAULT_KEY - ElseIf args(i) = "-CAfile" - If i >= args.Length-1 Or ca_cert_index >= ca_cert_size - print_client_options(build_mode, args(i)) - End If - - i += 1 - ca_cert(ca_cert_index) = args(i) - ca_cert_index += 1 - ElseIf args(i) = "-verify" - options = options And Not axtls.SSL_SERVER_VERIFY_LATER - ElseIf args(i) = "-reconnect" - reconnect = 4 - ElseIf args(i) = "-quiet" - quiet = True - options = options And Not axtls.SSL_DISPLAY_CERTS - ElseIf args(i) = "-pass" - If i >= args.Length-1 - print_client_options(build_mode, args(i)) - End If - - i += 1 - password = args(i) - ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE - If args(i) = "-debug" Then - options = options Or axtls.SSL_DISPLAY_BYTES - ElseIf args(i) = "-state" - options = options Or axtls.SSL_DISPLAY_STATES - ElseIf args(i) = "-show-rsa" - options = options Or axtls.SSL_DISPLAY_RSA - Else - print_client_options(build_mode, args(i)) - End If - Else ' don't know what this is - print_client_options(build_mode, args(i)) - End If - - i += 1 - End While - - 'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname) - Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname) - Dim addresses As IPAddress() = hostInfo.AddressList - Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port) - Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _ - SocketType.Stream, ProtocolType.Tcp) - client_sock.Connect(ep) - - If Not client_sock.Connected Then - Console.WriteLine("could not connect") - Environment.Exit(1) - End If - - If Not quiet Then - Console.WriteLine("CONNECTED") - End If - - '********************************************************************* - ' This is where the interesting stuff happens. Up until now we've - ' just been setting up sockets etc. Now we do the SSL handshake. - '*********************************************************************/ - Dim ssl_ctx As SSLClient = New SSLClient(options, _ - axtls.SSL_DEFAULT_CLNT_SESS) - - If ssl_ctx Is Nothing Then - Console.Error.WriteLine("Error: Client context is invalid") - Environment.Exit(1) - End If - - If private_key_file <> Nothing Then - Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY - - If private_key_file.EndsWith(".p8") Then - obj_type = axtls.SSL_OBJ_PKCS8 - Else If (private_key_file.EndsWith(".p12")) - obj_type = axtls.SSL_OBJ_PKCS12 - End If - - If ssl_ctx.ObjLoad(obj_type, private_key_file, _ - password) <> axtls.SSL_OK Then - Console.Error.WriteLine("Error: Private key '" & _ - private_key_file & "' is undefined.") - Environment.Exit(1) - End If - End If - - For i = 0 To cert_index-1 - If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _ - cert(i), Nothing) <> axtls.SSL_OK Then - Console.WriteLine("Certificate '" & cert(i) & _ - "' is undefined.") - Environment.Exit(1) - End If - Next - - For i = 0 To ca_cert_index-1 - If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _ - ca_cert(i), Nothing) <> axtls.SSL_OK Then - Console.WriteLine("Certificate '" & ca_cert(i) & _ - "' is undefined.") - Environment.Exit(1) - End If - Next - - ' Try session resumption? - If reconnect > 0 Then - While reconnect > 0 - reconnect -= 1 - ssl = ssl_ctx.Connect(client_sock, session_id) - - res = ssl.HandshakeStatus() - If res <> axtls.SSL_OK Then - If Not quiet Then - SSLUtil.DisplayError(res) - End If - - ssl.Dispose() - Environment.Exit(1) - End If - - display_session_id(ssl) - session_id = ssl.GetSessionId() - - If reconnect > 0 Then - ssl.Dispose() - client_sock.Close() - - ' and reconnect - client_sock = New Socket(AddressFamily.InterNetwork, _ - SocketType.Stream, ProtocolType.Tcp) - client_sock.Connect(ep) - End If - End While - Else - ssl = ssl_ctx.Connect(client_sock, Nothing) - End If - - ' check the return status - res = ssl.HandshakeStatus() - If res <> axtls.SSL_OK Then - If Not quiet Then - SSLUtil.DisplayError(res) - End If - - Environment.Exit(1) - End If - - If Not quiet Then - Dim common_name As String = _ - ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME) - - If common_name <> Nothing - Console.WriteLine("Common Name:" & _ - ControlChars.Tab & ControlChars.Tab & _ - ControlChars.Tab & common_name) - End If - - display_session_id(ssl) - display_cipher(ssl) - End If - - While (1) - Dim user_input As String = Console.ReadLine() - - If user_input = Nothing Then - Exit While - End If - - Dim buf(user_input.Length+1) As Byte - buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return - buf(buf.Length-1) = 0 ' null terminate - - For i = 0 To user_input.Length-1 - buf(i) = Asc(user_input.Chars(i)) - Next - - res = ssl_ctx.Write(ssl, buf, buf.Length) - If res < axtls.SSL_OK Then - If Not quiet Then - SSLUtil.DisplayError(res) - End If - - Exit While - End If - End While - - ssl_ctx.Dispose() - End Sub - - ' - ' Display what cipher we are using - ' - Private Sub display_cipher(ByVal ssl As SSL) - Console.Write("CIPHER is ") - - Select ssl.GetCipherId() - Case axtls.SSL_AES128_SHA - Console.WriteLine("AES128-SHA") - - Case axtls.SSL_AES256_SHA - Console.WriteLine("AES256-SHA") - - Case axtls.SSL_RC4_128_SHA - Console.WriteLine("RC4-SHA") - - Case axtls.SSL_RC4_128_MD5 - Console.WriteLine("RC4-MD5") - - Case Else - Console.WriteLine("Unknown - " & ssl.GetCipherId()) - End Select - End Sub - - ' - ' Display what session id we have. - ' - Private Sub display_session_id(ByVal ssl As SSL) - Dim session_id As Byte() = ssl.GetSessionId() - - If session_id.Length > 0 Then - Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----") - Dim b As Byte - For Each b In session_id - Console.Write("{0:x02}", b) - Next - - Console.WriteLine() - Console.WriteLine("-----END SSL SESSION PARAMETERS-----") - End If - End Sub - - ' - ' We've had some sort of command-line error. Print out the basic options. - ' - Public Sub print_options(ByVal options As String) - Console.WriteLine("axssl: Error: '" & options & _ - "' is an invalid command.") - Console.WriteLine("usage: axssl.vbnet [s_server|s_client|" & _ - "version] [args ...]") - Environment.Exit(1) - End Sub - - ' - ' We've had some sort of command-line error. Print out the server options. - ' - Private Sub print_server_options(ByVal build_mode As Integer, _ - ByVal options As String) - Dim cert_size As Integer = SSLUtil.MaxCerts() - Dim ca_cert_size As Integer = SSLUtil.MaxCACerts() - - Console.WriteLine("unknown option " & options) - Console.WriteLine("usage: s_server [args ...]") - Console.WriteLine(" -accept arg" & ControlChars.Tab & _ - "- port to accept on (default is 4433)") - Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _ - "- No server output") - If build_mode >= axtls.SSL_BUILD_SERVER_ONLY - Console.WriteLine(" -cert arg" & ControlChars.Tab & _ - "- certificate file to add (in addition to default) to chain -") - Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _ - " Can repeat up to " & cert_size & " times") - Console.WriteLine(" -key arg" & ControlChars.Tab & _ - "- Private key file to use") - Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _ - "- private key file pass phrase source") - End If - - If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION - Console.WriteLine(" -verify" & ControlChars.Tab & _ - "- turn on peer certificate verification") - Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _ - "- Certificate authority") - Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _ - " Can repeat up to " & ca_cert_size & " times") - End If - - If build_mode = axtls.SSL_BUILD_FULL_MODE - Console.WriteLine(" -debug" & _ - ControlChars.Tab & ControlChars.Tab & _ - "- Print more output") - Console.WriteLine(" -state" & _ - ControlChars.Tab & ControlChars.Tab & _ - "- Show state messages") - Console.WriteLine(" -show-rsa" & _ - ControlChars.Tab & "- Show RSA state") - End If - - Environment.Exit(1) - End Sub - - ' - ' We've had some sort of command-line error. Print out the client options. - ' - Private Sub print_client_options(ByVal build_mode As Integer, _ - ByVal options As String) - Dim cert_size As Integer = SSLUtil.MaxCerts() - Dim ca_cert_size As Integer = SSLUtil.MaxCACerts() - - Console.WriteLine("unknown option " & options) - - If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then - Console.WriteLine("usage: s_client [args ...]") - Console.WriteLine(" -connect host:port - who to connect to " & _ - "(default is localhost:4433)") - Console.WriteLine(" -verify" & ControlChars.Tab & _ - "- turn on peer certificate verification") - Console.WriteLine(" -cert arg" & ControlChars.Tab & _ - "- certificate file to use") - Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _ - " Can repeat up to " & cert_size & " times") - Console.WriteLine(" -key arg" & ControlChars.Tab & _ - "- Private key file to use") - Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _ - "- Certificate authority") - Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _ - " Can repeat up to " & ca_cert_size & " times") - Console.WriteLine(" -quiet" & _ - ControlChars.Tab & ControlChars.Tab & "- No client output") - Console.WriteLine(" -pass" & ControlChars.Tab & _ - ControlChars.Tab & _ - "- private key file pass phrase source") - Console.WriteLine(" -reconnect" & ControlChars.Tab & _ - "- Drop and re-make the " & _ - "connection with the same Session-ID") - - If build_mode = axtls.SSL_BUILD_FULL_MODE Then - Console.WriteLine(" -debug" & _ - ControlChars.Tab & ControlChars.Tab & _ - "- Print more output") - Console.WriteLine(" -state" & _ - ControlChars.Tab & ControlChars.Tab & _ - "- Show state messages") - Console.WriteLine(" -show-rsa" & ControlChars.Tab & _ - "- Show RSA state") - End If - Else - Console.WriteLine("Change configuration to allow this feature") - End If - - Environment.Exit(1) - End Sub - -End Class - -Public Module MyMain - Function Main(ByVal args() As String) As Integer - Dim runner As axssl = New axssl() - - If args.Length = 1 And args(0) = "version" Then - Console.WriteLine("axssl.vbnet " & SSLUtil.Version()) - Environment.Exit(0) - End If - - If args.Length < 1 - runner.print_options("") - ElseIf args(0) <> "s_server" And args(0) <> "s_client" - runner.print_options(args(0)) - End If - - Dim build_mode As Integer = SSLUtil.BuildMode() - - If args(0) = "s_server" Then - runner.do_server(build_mode, args) - Else - runner.do_client(build_mode, args) - End If - End Function -End Module -- cgit v1.2.3