sslstrength.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 642 行 · 第 1/2 页

	telnet = 1;
      else if (!PL_strcmp(argv[i] , "servertype") )
	servertype = 1;
      else if (!PL_strncmp(argv[i] , "querystring=",11) )
	querystring = &argv[i][12];
#endif
      else if (!PL_strcmp(argv[i] , "verbose") )
	verbose = 1;
    }
  
#ifdef SSLTELNET
  if (telnet && (servertype || querystring)) {
    PR_fprintf(PR_STDOUT,"You can't use telnet and (server or querystring) options at the same time\n");
    exit(1);
  }
#endif

  PR_fprintf(PR_STDOUT,"Using %s policy\n",policy?"domestic":"export");
  
  /* use current directory for certificate database if not set */
  
  if (! certdir) {   
    certdir = PR_smprintf(".");
  }
  
  SECU_ConfigDirectory(certdir);
  
  
  /* allow you to set env var SSLDIR to set the cert directory */
  if (! certdir) certdir = SECU_DefaultSSLDir();  
  if (certdir) SECU_ConfigDirectory(certdir);
  
  /* PR_Init(progname, 1, 1, 0); */
  SECU_PKCS11Init(PR_FALSE /*readOnly==PR_FALSE*/);
  
  /* Lookup host */
  r = PR_GetHostByName(hostname,netdbbuf,PR_NETDB_BUF_SIZE,&hp);
  
  if (r) {
    PrintErrString(progname,"Host Name lookup failed");
    return(1);
  }
  
  /* should the third field really be 0? */

  PR_EnumerateHostEnt(0,&hp,0,&na);
  PR_InitializeNetAddr(PR_IpAddrNull,portnum,&na);

  PR_fprintf(PR_STDOUT,"Connecting to %s:%d\n",hostname, portnum);
  
  /* Create socket */

  fd = PR_NewTCPSocket();
  if (fd == NULL) {
    PrintErrString(progname, "error creating socket");
    return -1;
  }

  s = SSL_ImportFD(NULL,fd);
  if (s == NULL) {
    PrintErrString(progname, "error creating socket");
    return -1;
  }
  
  /* Initialize all the libsec goodies */
  SEC_Init();
  
  dbmsg("10: About to enable security\n");
  
  rv = SSL_Enable(s, SSL_SECURITY, 1);
  if (rv < 0) {
    PrintErrString(progname, "error enabling socket");
    return -1;
  }
  
  if (set_ssl_policy) {
    SetPolicy(set_ssl_policy,policy);
  }
  else {
    PR_fprintf(PR_STDOUT,"Using all ciphersuites usually found in client\n");
    if (policy) {
      SetPolicy("abcdefghijklmnopqrst",policy);
    }
    else {
      SetPolicy("efghijlmo",policy);
    }
  }

  PrintCiphers(1);

  rv = SSL_Enable(s, SSL_HANDSHAKE_AS_CLIENT, 1);
  if (rv < 0) {
    PrintErrString(progname, "error enabling client handshake");
    return -1;
  }
  
  handle = (CERTCertDBHandle *)PORT_ZAlloc(sizeof(CERTCertDBHandle));
  if (!handle) {
    PrintErrString(progname, "could not allocate database handle");
    return -1;
  }
  
  dbmsg("20: About to open certificate database\n");
  
  
  /* Open up the certificate database */
  rv = CERT_OpenCertDBFilename(handle, "cert7.db", PR_TRUE);
  if ( rv ) {
    PrintErrString(progname, "unable to open cert database");
    rv = CERT_OpenVolatileCertDB(handle);
  }
  
	     CERT_SetDefaultCertDB(handle);
  
  dbmsg("30: About to set AuthCertificateHook\n");
  
  
  SSL_AuthCertificateHook(s, MyAuthCertificateHook, (void *)handle);
  /* SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); */
  /* SSL_GetClientAuthDataHook(s, GetClientAuthDataHook, (void *)nickname);*/
  
  
  dbmsg("40: About to SSLConnect\n");
  
  /* Try to connect to the server */
  /* now SSL_Connect takes new arguments. */
  
  
  r = PR_Connect(s, &na, PR_TicksPerSecond()*5);
  if (r < 0) {
    PrintErrString(progname, "unable to connect");
    return -1;
  }
  
  rv = SSL_ForceHandshake(s);
  
  if (rv) {
    PrintErrString(progname,"SSL Handshake failed. ");
    exit(1);
  }

  rv = SSL_SecurityStatus(s, &ss_on, &ss_cipher,
			  &ss_keysize, &ss_secretsize,
			  &ss_issuer, &ss_subject);

  
  dbmsg("60:  done with security status, about to print\n");
  
  c = SSL_PeerCertificate(s);
  if (!c) PR_fprintf(PR_STDOUT,"Couldn't retrieve peers Certificate\n");
  PR_fprintf(PR_STDOUT,"SSL Connection Status\n",rv);
  
  PR_fprintf(PR_STDOUT,"   Cipher:          %s\n",ss_cipher);
  PR_fprintf(PR_STDOUT,"   Key Size:        %d\n",ss_keysize);
  PR_fprintf(PR_STDOUT,"   Secret Key Size: %d\n",ss_secretsize);
  PR_fprintf(PR_STDOUT,"   Issuer:          %s\n",ss_issuer);
  PR_fprintf(PR_STDOUT,"   Subject:         %s\n",ss_subject);

  PR_fprintf(PR_STDOUT,"   Valid:           from %s to %s\n",
	     c==NULL?"???":DER_UTCDayToAscii(&c->validity.notBefore),
	     c==NULL?"???":DER_UTCDayToAscii(&c->validity.notAfter));

#ifdef SSLTELNET

 


  if (servertype || querystring) {
    char buffer[1024];
    char ch;
    char qs[] = "HEAD / HTTP/1.0";




    if (!querystring) querystring = qs;
    PR_fprintf(PR_STDOUT,"\nServer query mode\n>>Sending:\n%s\n",querystring);

    PR_fprintf(PR_STDOUT,"\n*** Server said:\n");
    ch = querystring[PL_strlen(querystring)-1];
    if (ch == '"' || ch == '\'') {
      PR_fprintf(PR_STDOUT,"Warning: I'm not smart enough to cope with quotes mid-string like that\n");
    }
    
    rv = PR_Write(s,querystring,PL_strlen(querystring));
    if ((rv < 1) ) {
      PR_fprintf(PR_STDOUT,"Oh dear - couldn't send servertype query\n");
      goto closedown;
    }

    rv = PR_Write(s,"\r\n\r\n",4);
    rv = PR_Read(s,buffer,1024);
    if ((rv < 1) ) {
      PR_fprintf(PR_STDOUT,"Oh dear - couldn't read server repsonse\n");
      goto closedown;
    }
      PR_Write(PR_STDOUT,buffer,rv);
  }

    
  if (telnet) {

    PR_fprintf(PR_STDOUT,"---------------------------\n"
	       "telnet mode. CTRL-C to exit\n"
	       "---------------------------\n");
    


    /* fudge terminal attributes */
    t_fin = PR_FileDesc2NativeHandle(PR_STDIN);
    t_fout = PR_FileDesc2NativeHandle(PR_STDOUT);
    
    tcgetattr(t_fin,&tmp_tc);
    prev_lflag = tmp_tc.c_lflag;
    prev_oflag = tmp_tc.c_oflag;
    prev_iflag = tmp_tc.c_iflag;
    tmp_tc.c_lflag &= ~ECHO;
    /*    tmp_tc.c_oflag &= ~ONLCR; */
    tmp_tc.c_lflag &= ~ICANON;
    tmp_tc.c_iflag &= ~ICRNL;
    tmp_tc.c_cflag |= CS8;
    tmp_tc.c_cc[VMIN] = 1;
    tmp_tc.c_cc[VTIME] = 0;
    
    tcsetattr(t_fin, TCSANOW, &tmp_tc);
    /*   ioctl(tin, FIONBIO, (char *)&onoff); 
	 ioctl(tout, FIONBIO, (char *)&onoff);*/
    
    
    {
      PRPollDesc pds[2];
      char buffer[1024];
      int amt,amtwritten;
      char *x;
      
      /* STDIN */
      pds[0].fd = PR_STDIN;
      pds[0].in_flags = PR_POLL_READ;
      pds[1].fd = s;
      pds[1].in_flags = PR_POLL_READ | PR_POLL_EXCEPT;
      
      while (1) {
	int nfds;

	nfds = PR_Poll(pds,2,PR_SecondsToInterval(2));
	if (nfds == 0) continue;

	/** read input from keyboard*/
	/*  note: this is very inefficient if reading from a file */
	
	if (pds[0].out_flags & PR_POLL_READ) {
	  amt = PR_Read(PR_STDIN,&buffer,1);
	  /*	PR_fprintf(PR_STDOUT,"fd[0]:%d=%d\r\n",amt,buffer[0]); */
	  if (amt == 0) {
	    PR_fprintf(PR_STDOUT,"\n");
	    goto loser;
	  }
	  
	  if (buffer[0] == '\r') {
	    buffer[0] = '\r';
	    buffer[1] = '\n';
	    amt = 2;
	  }
	  rv = PR_Write(PR_STDOUT,buffer,amt);
	  
	  
	  rv = PR_Write(s,buffer,amt);
	  if (rv == -1) {
	    PR_fprintf(PR_STDOUT,"Error writing to socket: %d\n",PR_GetError());
	  }
	}
	
	/***/
	
	
	/***/
	if (pds[1].out_flags & PR_POLL_EXCEPT) {
	  PR_fprintf(PR_STDOUT,"\r\nServer closed connection\r\n");
	  goto loser;
	}
	if (pds[1].out_flags & PR_POLL_READ) {
	  amt = PR_Read(s,&buffer,1024);
	  
	  if (amt == 0) {
	    PR_fprintf(PR_STDOUT,"\r\nServer closed connection\r\n");
	    goto loser;
	  }
	  rv = PR_Write(PR_STDOUT,buffer,amt);
	}
	/***/
	
      }
    }
  loser:
    
    /* set terminal back to normal */
    tcgetattr(t_fin,&tmp_tc);
    
    tmp_tc.c_lflag = prev_lflag;
    tmp_tc.c_oflag = prev_oflag;
    tmp_tc.c_iflag = prev_iflag;
    tcsetattr(t_fin, TCSANOW, &tmp_tc);
    
    /*   ioctl(tin, FIONBIO, (char *)&onoff);
	 ioctl(tout, FIONBIO, (char *)&onoff); */
  }

#endif
  /* SSLTELNET */

 closedown:

  PR_Close(s);

  return(0);

} /* main */

/*EOF*/