luprex/experiments/sslcon.c

#include <assert.h>
#include <openssl/ssl.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <string.h>
#include <sys/time.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <netdb.h>


void main(int argc, char **argv) {

    /* OPENSSL_init_ssl(0, NULL); */
    
    SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method());
    SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
    SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
    SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
    SSL_CTX_set_default_verify_paths(ssl_ctx);
    
    int sock_fd = socket(AF_INET, SOCK_STREAM, 0);

    /* this is mit.edu */
    unsigned int ip0 = 104;
    unsigned int ip1 = 90;
    unsigned int ip2 = 66;
    unsigned int ip3 = 18;
    unsigned int ip = (ip0<<24)|(ip1<<16)|(ip2<<8)|ip3;
    
    struct sockaddr_in addr;
    addr.sin_family = AF_INET;
    addr.sin_port = htons(443);
    addr.sin_addr.s_addr = htonl(ip);

    int status = connect(sock_fd, (struct sockaddr *) &addr, sizeof(struct sockaddr_in));
    assert(status == 0);
    fprintf(stderr, "Connect successful.\n");

    int flags = fcntl(sock_fd, F_GETFL, 0);
    assert(0 == fcntl(sock_fd, F_SETFL, flags | O_NONBLOCK));

    SSL *ssl = SSL_new(ssl_ctx);
    SSL_set_fd(ssl, sock_fd);
    SSL_set1_host(ssl, "web.mit.edu");
    
    while (1) {
	int ret = SSL_connect(ssl);
	if (ret == 1) break;
	int err = SSL_get_error(ssl, ret);
	if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
	    /* sleep(1); */
        } else {
	    ERR_print_errors_fp(stderr);
	    exit(1);
	}
    }
    fprintf(stderr, "SSL connect done.\n");

    
    STACK_OF(X509)* certCollection = SSL_get_peer_cert_chain(ssl);
    for (size_t i = 0; i < sk_X509_num(certCollection); i++) {
	X509* cert = sk_X509_value(certCollection, i);
	X509_print_fp(stderr, cert);
	fprintf(stderr, "\n----\n");
    }

    const char *req =
	"HEAD / HTTP/1.1\r\nHost: mit.edu:https\r\nConnection: close\r\n\r\n";
    int reqlen = strlen(req);

    while (reqlen > 0) {
	size_t nwrote;
	int ret = SSL_write_ex(ssl, req, reqlen, &nwrote);
	if (ret == 1) {
	    req += nwrote;
	    reqlen -= nwrote;
	} else {
	    int err = SSL_get_error(ssl, ret);
	    if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
		/* sleep(1); */
	    } else {
		ERR_print_errors_fp(stderr);
		exit(1);
	    }
	}
    }
    fprintf(stderr, "Header transmitted.\n");

    while (1) {
	char buf[256];
	size_t nread;
	int ret = SSL_read_ex(ssl, buf, 256, &nread);
	if (ret == 1) {
	    write(1, buf, nread);
	} else {
	    int err = SSL_get_error(ssl, ret);
	    if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
		/* sleep(1); */
	    } else {
		ERR_print_errors_fp(stderr);
		exit(1);
	    }
	}
    }
}
Add experiments directory with sslcon 2022-01-03 12:45:51 -05:00			`#include <assert.h>`
			`#include <openssl/ssl.h>`
			`#include <openssl/rsa.h>`
			`#include <openssl/x509.h>`
			`#include <openssl/evp.h>`
			`#include <openssl/err.h>`
			`#include <string.h>`
			`#include <sys/time.h>`
			`#include <fcntl.h>`
			`#include <unistd.h>`
			`#include <sys/select.h>`
			`#include <sys/socket.h>`
			`#include <arpa/inet.h>`
			`#include <sys/types.h>`
			`#include <netdb.h>`


			`void main(int argc, char **argv) {`

			`/* OPENSSL_init_ssl(0, NULL); */`

			`SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method());`
			`SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);`
			`SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);`
			`SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);`
			`SSL_CTX_set_default_verify_paths(ssl_ctx);`

			`int sock_fd = socket(AF_INET, SOCK_STREAM, 0);`

			`/* this is mit.edu */`
			`unsigned int ip0 = 104;`
			`unsigned int ip1 = 90;`
			`unsigned int ip2 = 66;`
			`unsigned int ip3 = 18;`
			`unsigned int ip = (ip0<<24)\|(ip1<<16)\|(ip2<<8)\|ip3;`

			`struct sockaddr_in addr;`
			`addr.sin_family = AF_INET;`
			`addr.sin_port = htons(443);`
			`addr.sin_addr.s_addr = htonl(ip);`

			`int status = connect(sock_fd, (struct sockaddr *) &addr, sizeof(struct sockaddr_in));`
			`assert(status == 0);`
			`fprintf(stderr, "Connect successful.\n");`

			`int flags = fcntl(sock_fd, F_GETFL, 0);`
			`assert(0 == fcntl(sock_fd, F_SETFL, flags \| O_NONBLOCK));`

			`SSL *ssl = SSL_new(ssl_ctx);`
			`SSL_set_fd(ssl, sock_fd);`
			`SSL_set1_host(ssl, "web.mit.edu");`

			`while (1) {`
			`int ret = SSL_connect(ssl);`
			`if (ret == 1) break;`
			`int err = SSL_get_error(ssl, ret);`
			`if (SSL_ERROR_WANT_READ == err \|\| SSL_ERROR_WANT_WRITE == err) {`
			`/* sleep(1); */`
			`} else {`
			`ERR_print_errors_fp(stderr);`
			`exit(1);`
			`}`
			`}`
			`fprintf(stderr, "SSL connect done.\n");`


			`STACK_OF(X509)* certCollection = SSL_get_peer_cert_chain(ssl);`
			`for (size_t i = 0; i < sk_X509_num(certCollection); i++) {`
			`X509* cert = sk_X509_value(certCollection, i);`
			`X509_print_fp(stderr, cert);`
			`fprintf(stderr, "\n----\n");`
			`}`

			`const char *req =`
			`"HEAD / HTTP/1.1\r\nHost: mit.edu:https\r\nConnection: close\r\n\r\n";`
			`int reqlen = strlen(req);`

			`while (reqlen > 0) {`
			`size_t nwrote;`
			`int ret = SSL_write_ex(ssl, req, reqlen, &nwrote);`
			`if (ret == 1) {`
			`req += nwrote;`
			`reqlen -= nwrote;`
			`} else {`
			`int err = SSL_get_error(ssl, ret);`
			`if (SSL_ERROR_WANT_READ == err \|\| SSL_ERROR_WANT_WRITE == err) {`
			`/* sleep(1); */`
			`} else {`
			`ERR_print_errors_fp(stderr);`
			`exit(1);`
			`}`
			`}`
			`}`
			`fprintf(stderr, "Header transmitted.\n");`

			`while (1) {`
			`char buf[256];`
			`size_t nread;`
			`int ret = SSL_read_ex(ssl, buf, 256, &nread);`
			`if (ret == 1) {`
			`write(1, buf, nread);`
			`} else {`
			`int err = SSL_get_error(ssl, ret);`
			`if (SSL_ERROR_WANT_READ == err \|\| SSL_ERROR_WANT_WRITE == err) {`
			`/* sleep(1); */`
			`} else {`
			`ERR_print_errors_fp(stderr);`
			`exit(1);`
			`}`
			`}`
			`}`
			`}`