Re: [gnutls-help] How do I use the GnuTLS Transport Layer Security Secure Communications Library on Linux and Windows desktops?

Sat, 16 Oct 2021 01:38:28 -0700 

On Sat, Oct 16, 2021 at 07:47:10AM +0000,
 Turritopsis Dohrnii Teo En Ming <[email protected]> wrote 
 a message of 191 lines which said:

> Subject: How do I use the GnuTLS Transport Layer Security Secure
> Communications Library on Linux and Windows desktops?

I assume you already installed it ("Linux", as you know, is not an
operating system, just a kernel, so the installation of the package
will depend on your specific operating system; on Debian, 'apt install
libgnutls28-dev' will do the job).

To now use the library, the documentation is here:
https://gnutls.org/manual/html_node/How-to-use-GnuTLS-in-applications.html#How-to-use-GnuTLS-in-applications

I attach a very simple C program to connect to a TLS server, to help
you start. I compiled it on Debian with 'cc -I/usr/include/p11-kit-1
-Wall -Wextra -o test test.c -lgnutls'.

[I cannot help for MS Windows, I don't know it enough.]

#define MAXHOSTNAME 256
#define MAXPORTNAME 128
/* Default port */
#define PORT "https"

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <errno.h>

#include <gnutls/gnutls.h>

/* https://gnutls.org/manual/gnutls.html */

int
main(argc, argv)
    int             argc;
    char          **argv;
{
    gnutls_session_t *session = malloc(sizeof(gnutls_session_t));
    int             tls_result;
    int             last_alert;
    int             result;
    char           *hostname = malloc(MAXHOSTNAME);
    char           *portname = malloc(MAXPORTNAME);
    int             sockfd;
    struct addrinfo hints, *res;
    gnutls_certificate_credentials_t xcred;

    if (argc <= 1 || argc >= 4) {
        fprintf(stderr, "Usage: %s server-name [server-port]\n", argv[0]);
        exit(1);
    }
    strcpy(hostname, argv[1]);
    if (argc == 3) {
        strcpy(portname, argv[2]);
    } else {
        strcpy(portname, PORT);
    }

    tls_result = gnutls_certificate_allocate_credentials(&xcred);
    if (tls_result != GNUTLS_E_SUCCESS) {
        fprintf(stderr, "Cannot allocate credentials: %s\n",
                gnutls_strerror(tls_result));
        exit(1);
    }
    tls_result = gnutls_certificate_set_x509_system_trust(xcred);
    if (tls_result < 0) {
        fprintf(stderr, "Cannot load credentials: %s\n",
                gnutls_strerror(tls_result));
        exit(1);
    } else {
        fprintf(stdout, "%d root certificates\n", tls_result);
    }
    tls_result = gnutls_init(session, GNUTLS_CLIENT);
    if (tls_result != GNUTLS_E_SUCCESS) {
        fprintf(stderr, "Cannot create a new TLS session: %s\n",
                gnutls_strerror(tls_result));
        exit(1);
    }
    tls_result = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE, xcred);       /* Mandatory 
                                                                                         * or 
                                                                                         * "no 
                                                                                         * cipher 
                                                                                         * suites 
                                                                                         * found" 
                                                                                         */
    if (tls_result != GNUTLS_E_SUCCESS) {
        fprintf(stderr, "Cannot set credentials: %s\n", gnutls_strerror(tls_result));
        exit(1);
    }
    tls_result = gnutls_set_default_priority(*session);
    if (tls_result != GNUTLS_E_SUCCESS) {
        fprintf(stderr, "Cannot set priorities: %s\n", gnutls_strerror(tls_result));
        exit(1);
    }
    /* gnutls_session_set_verify_cert(*session, hostname, 0); */
    memset(&hints, 0, sizeof(hints));
    hints.ai_family = PF_UNSPEC;        /* v4 or v6, I don't care */
    hints.ai_socktype = SOCK_STREAM;
    result = getaddrinfo(hostname, portname, &hints, &res);
    if (result != 0) {
        fprintf(stderr,
                "Cannot resolve name '%s : %s' (wrong name or wrong port): %d\n",
                hostname, portname, result);
        exit(1);
    }
    sockfd = socket(res->ai_family, res->ai_socktype, 0);
    if (sockfd == -1) {
        fprintf(stderr, "Cannot create socket\n");
        exit(1);
    }
    result = connect(sockfd, res->ai_addr, res->ai_addrlen);
    if (result != 0) {
        fprintf(stderr, "Cannot connect to %s: %d\n", hostname, errno);
        exit(1);
    }
    gnutls_transport_set_int(*session, sockfd);
    tls_result = gnutls_handshake(*session);
    if (tls_result != GNUTLS_E_SUCCESS) {
        fprintf(stderr, "Cannot start the TLS session to %s: ", hostname);
        if (tls_result == GNUTLS_E_FATAL_ALERT_RECEIVED) {
            last_alert = gnutls_alert_get(*session);
            fprintf(stderr, "Received alert '%d': %s.\n", last_alert,
                    gnutls_alert_get_name(last_alert));
        } else {
            fprintf(stderr, "%s\n", gnutls_strerror(tls_result));
        }
        exit(1);
    }
    fprintf
        (stderr, "TLS connection using \"%s %s\"\n",
         gnutls_protocol_get_name(gnutls_protocol_get_version(*session)),
         gnutls_cipher_get_name(gnutls_cipher_get(*session)));

}

_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help

Reply via email to