From bf3f967353053ce408f3bbee58d183487e569f7e Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 20 Apr 2012 21:53:20 +0000 Subject: Various hacks for testing client auth, SRP, etc --- doc/examples/credentials.h | 26 ++++++++++++++++++-------- doc/examples/tls_client.cpp | 11 ++++++++++- doc/examples/tls_server.cpp | 10 +++++++++- 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/doc/examples/credentials.h b/doc/examples/credentials.h index 047e42339..6d59c3749 100644 --- a/doc/examples/credentials.h +++ b/doc/examples/credentials.h @@ -30,7 +30,7 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager std::string srp_identifier(const std::string& type, const std::string& hostname) { - if(type == "tls-client" && hostname == "localhost") + if(type == "tls-client" && hostname == "srp-host") return "user"; return ""; } @@ -38,20 +38,30 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager bool attempt_srp(const std::string& type, const std::string& hostname) { - return true; - if(hostname == "localhost") + if(hostname == "srp-host") return true; return false; } std::vector - trusted_certificate_authorities(const std::string&, - const std::string&) + trusted_certificate_authorities(const std::string& type, + const std::string& hostname) { + std::vector certs; - Botan::X509_Certificate verisign("/usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt"); - certs.push_back(verisign); + if(type == "tls-server") + { + Botan::X509_Certificate testca("testCA.crt"); + certs.push_back(testca); + } + + if(type == "tls-client" && hostname == "twitter.com") + { + Botan::X509_Certificate verisign("/usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt"); + certs.push_back(verisign); + } + return certs; } @@ -68,7 +78,7 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager } catch(std::exception& e) { - std::cout << "Certificate verification failed - " << e.what() << "\n"; + std::cout << "Certificate verification failed - " << e.what() << " - but will ignore\n"; } } diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index d0a354e66..a787af1fe 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -188,7 +188,16 @@ void doit(RandomNumberGenerator& rng, continue; } - client.send(buf, got); + if(got == 2 && (buf[0] == 'R' || buf[0] == 'r') && buf[1] == '\n') + { + std::cout << "Client initiated renegotiation\n"; + client.renegotiate((buf[0] == 'R')); + } + + if(buf[0] == 'H') + client.heartbeat(&buf[1], got-1); + else + client.send(buf, got); } } diff --git a/doc/examples/tls_server.cpp b/doc/examples/tls_server.cpp index 057584677..bdc9c0b8a 100644 --- a/doc/examples/tls_server.cpp +++ b/doc/examples/tls_server.cpp @@ -57,6 +57,12 @@ class Blocking_TLS_Server if(server.next_protocol() != "") std::cout << "Next protocol: " << server.next_protocol() << "\n"; + /* + std::vector peer_certs = session.peer_certs(); + if(peer_certs.size()) + std::cout << peer_certs[0].to_string(); + */ + return true; } @@ -208,7 +214,9 @@ int main(int argc, char* argv[]) } if(line == "reneg\n") - tls.underlying().renegotiate(); + tls.underlying().renegotiate(false); + else if(line == "RENEG\n") + tls.underlying().renegotiate(true); line.clear(); } -- cgit v1.2.3