From 94224fda6f17473a7604a99fc08821c04dc0986b Mon Sep 17 00:00:00 2001
From: jyelon <jyelon@gmail.com>
Date: Mon, 3 Jan 2022 12:45:51 -0500
Subject: [PATCH] Add experiments directory with sslcon

---
 luprex/experiments/sslcon.c | 115 ++++++++++++++++++++++++++++++++++++
 1 file changed, 115 insertions(+)
 create mode 100644 luprex/experiments/sslcon.c

diff --git a/luprex/experiments/sslcon.c b/luprex/experiments/sslcon.c
new file mode 100644
index 00000000..df90def9
--- /dev/null
+++ b/luprex/experiments/sslcon.c
@@ -0,0 +1,115 @@
+#include <assert.h>
+#include <openssl/ssl.h>
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <sys/time.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <sys/types.h>
+#include <netdb.h>
+
+
+void main(int argc, char **argv) {
+
+    /* OPENSSL_init_ssl(0, NULL); */
+    
+    SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method());
+    SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+    SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+    SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+    SSL_CTX_set_default_verify_paths(ssl_ctx);
+    
+    int sock_fd = socket(AF_INET, SOCK_STREAM, 0);
+
+    /* this is mit.edu */
+    unsigned int ip0 = 104;
+    unsigned int ip1 = 90;
+    unsigned int ip2 = 66;
+    unsigned int ip3 = 18;
+    unsigned int ip = (ip0<<24)|(ip1<<16)|(ip2<<8)|ip3;
+    
+    struct sockaddr_in addr;
+    addr.sin_family = AF_INET;
+    addr.sin_port = htons(443);
+    addr.sin_addr.s_addr = htonl(ip);
+
+    int status = connect(sock_fd, (struct sockaddr *) &addr, sizeof(struct sockaddr_in));
+    assert(status == 0);
+    fprintf(stderr, "Connect successful.\n");
+
+    int flags = fcntl(sock_fd, F_GETFL, 0);
+    assert(0 == fcntl(sock_fd, F_SETFL, flags | O_NONBLOCK));
+
+    SSL *ssl = SSL_new(ssl_ctx);
+    SSL_set_fd(ssl, sock_fd);
+    SSL_set1_host(ssl, "web.mit.edu");
+    
+    while (1) {
+	int ret = SSL_connect(ssl);
+	if (ret == 1) break;
+	int err = SSL_get_error(ssl, ret);
+	if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
+	    /* sleep(1); */
+        } else {
+	    ERR_print_errors_fp(stderr);
+	    exit(1);
+	}
+    }
+    fprintf(stderr, "SSL connect done.\n");
+
+    
+    STACK_OF(X509)* certCollection = SSL_get_peer_cert_chain(ssl);
+    for (size_t i = 0; i < sk_X509_num(certCollection); i++) {
+	X509* cert = sk_X509_value(certCollection, i);
+	X509_print_fp(stderr, cert);
+	fprintf(stderr, "\n----\n");
+    }
+
+    const char *req =
+	"HEAD / HTTP/1.1\r\nHost: mit.edu:https\r\nConnection: close\r\n\r\n";
+    int reqlen = strlen(req);
+
+    while (reqlen > 0) {
+	size_t nwrote;
+	int ret = SSL_write_ex(ssl, req, reqlen, &nwrote);
+	if (ret == 1) {
+	    req += nwrote;
+	    reqlen -= nwrote;
+	} else {
+	    int err = SSL_get_error(ssl, ret);
+	    if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
+		/* sleep(1); */
+	    } else {
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	    }
+	}
+    }
+    fprintf(stderr, "Header transmitted.\n");
+
+    while (1) {
+	char buf[256];
+	size_t nread;
+	int ret = SSL_read_ex(ssl, buf, 256, &nread);
+	if (ret == 1) {
+	    write(1, buf, nread);
+	} else {
+	    int err = SSL_get_error(ssl, ret);
+	    if (SSL_ERROR_WANT_READ == err || SSL_ERROR_WANT_WRITE == err) {
+		/* sleep(1); */
+	    } else {
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	    }
+	}
+    }
+}
+
+
+