xref: /aosp_15_r20/external/curl/docs/examples/simplessl.c (revision 6236dae45794135f37c4eb022389c904c8b0090d) 
1*6236dae4SAndroid Build Coastguard Worker /***************************************************************************
2*6236dae4SAndroid Build Coastguard Worker  *                                  _   _ ____  _
3*6236dae4SAndroid Build Coastguard Worker  *  Project                     ___| | | |  _ \| |
4*6236dae4SAndroid Build Coastguard Worker  *                             / __| | | | |_) | |
5*6236dae4SAndroid Build Coastguard Worker  *                            | (__| |_| |  _ <| |___
6*6236dae4SAndroid Build Coastguard Worker  *                             \___|\___/|_| \_\_____|
7*6236dae4SAndroid Build Coastguard Worker  *
8*6236dae4SAndroid Build Coastguard Worker  * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
9*6236dae4SAndroid Build Coastguard Worker  *
10*6236dae4SAndroid Build Coastguard Worker  * This software is licensed as described in the file COPYING, which
11*6236dae4SAndroid Build Coastguard Worker  * you should have received as part of this distribution. The terms
12*6236dae4SAndroid Build Coastguard Worker  * are also available at https://curl.se/docs/copyright.html.
13*6236dae4SAndroid Build Coastguard Worker  *
14*6236dae4SAndroid Build Coastguard Worker  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15*6236dae4SAndroid Build Coastguard Worker  * copies of the Software, and permit persons to whom the Software is
16*6236dae4SAndroid Build Coastguard Worker  * furnished to do so, under the terms of the COPYING file.
17*6236dae4SAndroid Build Coastguard Worker  *
18*6236dae4SAndroid Build Coastguard Worker  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19*6236dae4SAndroid Build Coastguard Worker  * KIND, either express or implied.
20*6236dae4SAndroid Build Coastguard Worker  *
21*6236dae4SAndroid Build Coastguard Worker  * SPDX-License-Identifier: curl
22*6236dae4SAndroid Build Coastguard Worker  *
23*6236dae4SAndroid Build Coastguard Worker  ***************************************************************************/
24*6236dae4SAndroid Build Coastguard Worker /* <DESC>
25*6236dae4SAndroid Build Coastguard Worker  * Shows HTTPS usage with client certs and optional ssl engine use.
26*6236dae4SAndroid Build Coastguard Worker  * </DESC>
27*6236dae4SAndroid Build Coastguard Worker  */
28*6236dae4SAndroid Build Coastguard Worker #include <stdio.h>
29*6236dae4SAndroid Build Coastguard Worker 
30*6236dae4SAndroid Build Coastguard Worker #include <curl/curl.h>
31*6236dae4SAndroid Build Coastguard Worker 
32*6236dae4SAndroid Build Coastguard Worker /* some requirements for this to work:
33*6236dae4SAndroid Build Coastguard Worker    1.   set pCertFile to the file with the client certificate
34*6236dae4SAndroid Build Coastguard Worker    2.   if the key is passphrase protected, set pPassphrase to the
35*6236dae4SAndroid Build Coastguard Worker         passphrase you use
36*6236dae4SAndroid Build Coastguard Worker    3.   if you are using a crypto engine:
37*6236dae4SAndroid Build Coastguard Worker    3.1. set a #define USE_ENGINE
38*6236dae4SAndroid Build Coastguard Worker    3.2. set pEngine to the name of the crypto engine you use
39*6236dae4SAndroid Build Coastguard Worker    3.3. set pKeyName to the key identifier you want to use
40*6236dae4SAndroid Build Coastguard Worker    4.   if you do not use a crypto engine:
41*6236dae4SAndroid Build Coastguard Worker    4.1. set pKeyName to the filename of your client key
42*6236dae4SAndroid Build Coastguard Worker    4.2. if the format of the key file is DER, set pKeyType to "DER"
43*6236dae4SAndroid Build Coastguard Worker 
44*6236dae4SAndroid Build Coastguard Worker    !! verify of the server certificate is not implemented here !!
45*6236dae4SAndroid Build Coastguard Worker 
46*6236dae4SAndroid Build Coastguard Worker    **** This example only works with libcurl 7.9.3 and later! ****
47*6236dae4SAndroid Build Coastguard Worker 
48*6236dae4SAndroid Build Coastguard Worker */
49*6236dae4SAndroid Build Coastguard Worker 
main(void)50*6236dae4SAndroid Build Coastguard Worker int main(void)
51*6236dae4SAndroid Build Coastguard Worker {
52*6236dae4SAndroid Build Coastguard Worker   CURL *curl;
53*6236dae4SAndroid Build Coastguard Worker   CURLcode res;
54*6236dae4SAndroid Build Coastguard Worker   FILE *headerfile;
55*6236dae4SAndroid Build Coastguard Worker   const char *pPassphrase = NULL;
56*6236dae4SAndroid Build Coastguard Worker 
57*6236dae4SAndroid Build Coastguard Worker   static const char *pCertFile = "testcert.pem";
58*6236dae4SAndroid Build Coastguard Worker   static const char *pCACertFile = "cacert.pem";
59*6236dae4SAndroid Build Coastguard Worker   static const char *pHeaderFile = "dumpit";
60*6236dae4SAndroid Build Coastguard Worker 
61*6236dae4SAndroid Build Coastguard Worker   const char *pKeyName;
62*6236dae4SAndroid Build Coastguard Worker   const char *pKeyType;
63*6236dae4SAndroid Build Coastguard Worker 
64*6236dae4SAndroid Build Coastguard Worker   const char *pEngine;
65*6236dae4SAndroid Build Coastguard Worker 
66*6236dae4SAndroid Build Coastguard Worker #ifdef USE_ENGINE
67*6236dae4SAndroid Build Coastguard Worker   pKeyName  = "rsa_test";
68*6236dae4SAndroid Build Coastguard Worker   pKeyType  = "ENG";
69*6236dae4SAndroid Build Coastguard Worker   pEngine   = "chil";            /* for nChiper HSM... */
70*6236dae4SAndroid Build Coastguard Worker #else
71*6236dae4SAndroid Build Coastguard Worker   pKeyName  = "testkey.pem";
72*6236dae4SAndroid Build Coastguard Worker   pKeyType  = "PEM";
73*6236dae4SAndroid Build Coastguard Worker   pEngine   = NULL;
74*6236dae4SAndroid Build Coastguard Worker #endif
75*6236dae4SAndroid Build Coastguard Worker 
76*6236dae4SAndroid Build Coastguard Worker   headerfile = fopen(pHeaderFile, "wb");
77*6236dae4SAndroid Build Coastguard Worker 
78*6236dae4SAndroid Build Coastguard Worker   curl_global_init(CURL_GLOBAL_DEFAULT);
79*6236dae4SAndroid Build Coastguard Worker 
80*6236dae4SAndroid Build Coastguard Worker   curl = curl_easy_init();
81*6236dae4SAndroid Build Coastguard Worker   if(curl) {
82*6236dae4SAndroid Build Coastguard Worker     /* what call to write: */
83*6236dae4SAndroid Build Coastguard Worker     curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://your.favourite.ssl.site");
84*6236dae4SAndroid Build Coastguard Worker     curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);
85*6236dae4SAndroid Build Coastguard Worker 
86*6236dae4SAndroid Build Coastguard Worker #ifdef _MSC_VER
87*6236dae4SAndroid Build Coastguard Worker #pragma warning(push)
88*6236dae4SAndroid Build Coastguard Worker #pragma warning(disable:4127)  /* conditional expression is constant */
89*6236dae4SAndroid Build Coastguard Worker #endif
90*6236dae4SAndroid Build Coastguard Worker     do { /* dummy loop, just to break out from */
91*6236dae4SAndroid Build Coastguard Worker       if(pEngine) {
92*6236dae4SAndroid Build Coastguard Worker         /* use crypto engine */
93*6236dae4SAndroid Build Coastguard Worker         if(curl_easy_setopt(curl, CURLOPT_SSLENGINE, pEngine) != CURLE_OK) {
94*6236dae4SAndroid Build Coastguard Worker           /* load the crypto engine */
95*6236dae4SAndroid Build Coastguard Worker           fprintf(stderr, "cannot set crypto engine\n");
96*6236dae4SAndroid Build Coastguard Worker           break;
97*6236dae4SAndroid Build Coastguard Worker         }
98*6236dae4SAndroid Build Coastguard Worker         if(curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) {
99*6236dae4SAndroid Build Coastguard Worker           /* set the crypto engine as default */
100*6236dae4SAndroid Build Coastguard Worker           /* only needed for the first time you load
101*6236dae4SAndroid Build Coastguard Worker              an engine in a curl object... */
102*6236dae4SAndroid Build Coastguard Worker           fprintf(stderr, "cannot set crypto engine as default\n");
103*6236dae4SAndroid Build Coastguard Worker           break;
104*6236dae4SAndroid Build Coastguard Worker         }
105*6236dae4SAndroid Build Coastguard Worker       }
106*6236dae4SAndroid Build Coastguard Worker       /* cert is stored PEM coded in file... */
107*6236dae4SAndroid Build Coastguard Worker       /* since PEM is default, we needn't set it for PEM */
108*6236dae4SAndroid Build Coastguard Worker       curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
109*6236dae4SAndroid Build Coastguard Worker 
110*6236dae4SAndroid Build Coastguard Worker       /* set the cert for client authentication */
111*6236dae4SAndroid Build Coastguard Worker       curl_easy_setopt(curl, CURLOPT_SSLCERT, pCertFile);
112*6236dae4SAndroid Build Coastguard Worker 
113*6236dae4SAndroid Build Coastguard Worker       /* sorry, for engine we must set the passphrase
114*6236dae4SAndroid Build Coastguard Worker          (if the key has one...) */
115*6236dae4SAndroid Build Coastguard Worker       if(pPassphrase)
116*6236dae4SAndroid Build Coastguard Worker         curl_easy_setopt(curl, CURLOPT_KEYPASSWD, pPassphrase);
117*6236dae4SAndroid Build Coastguard Worker 
118*6236dae4SAndroid Build Coastguard Worker       /* if we use a key stored in a crypto engine,
119*6236dae4SAndroid Build Coastguard Worker          we must set the key type to "ENG" */
120*6236dae4SAndroid Build Coastguard Worker       curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, pKeyType);
121*6236dae4SAndroid Build Coastguard Worker 
122*6236dae4SAndroid Build Coastguard Worker       /* set the private key (file or ID in engine) */
123*6236dae4SAndroid Build Coastguard Worker       curl_easy_setopt(curl, CURLOPT_SSLKEY, pKeyName);
124*6236dae4SAndroid Build Coastguard Worker 
125*6236dae4SAndroid Build Coastguard Worker       /* set the file with the certs validating the server */
126*6236dae4SAndroid Build Coastguard Worker       curl_easy_setopt(curl, CURLOPT_CAINFO, pCACertFile);
127*6236dae4SAndroid Build Coastguard Worker 
128*6236dae4SAndroid Build Coastguard Worker       /* disconnect if we cannot validate server's cert */
129*6236dae4SAndroid Build Coastguard Worker       curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
130*6236dae4SAndroid Build Coastguard Worker 
131*6236dae4SAndroid Build Coastguard Worker       /* Perform the request, res gets the return code */
132*6236dae4SAndroid Build Coastguard Worker       res = curl_easy_perform(curl);
133*6236dae4SAndroid Build Coastguard Worker       /* Check for errors */
134*6236dae4SAndroid Build Coastguard Worker       if(res != CURLE_OK)
135*6236dae4SAndroid Build Coastguard Worker         fprintf(stderr, "curl_easy_perform() failed: %s\n",
136*6236dae4SAndroid Build Coastguard Worker                 curl_easy_strerror(res));
137*6236dae4SAndroid Build Coastguard Worker 
138*6236dae4SAndroid Build Coastguard Worker       /* we are done... */
139*6236dae4SAndroid Build Coastguard Worker     } while(0);
140*6236dae4SAndroid Build Coastguard Worker #ifdef _MSC_VER
141*6236dae4SAndroid Build Coastguard Worker #pragma warning(pop)
142*6236dae4SAndroid Build Coastguard Worker #endif
143*6236dae4SAndroid Build Coastguard Worker     /* always cleanup */
144*6236dae4SAndroid Build Coastguard Worker     curl_easy_cleanup(curl);
145*6236dae4SAndroid Build Coastguard Worker   }
146*6236dae4SAndroid Build Coastguard Worker 
147*6236dae4SAndroid Build Coastguard Worker   curl_global_cleanup();
148*6236dae4SAndroid Build Coastguard Worker 
149*6236dae4SAndroid Build Coastguard Worker   return 0;
150*6236dae4SAndroid Build Coastguard Worker }
151