• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  SSL client for SMTP servers
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 /* Enable definition of gethostname() even when compiling with -std=c99. Must
21  * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
22  * Harmless on other platforms. */
23 
24 #define _POSIX_C_SOURCE 200112L
25 #define _XOPEN_SOURCE 600
26 
27 #include "mbedtls/build_info.h"
28 
29 #include "mbedtls/platform.h"
30 
31 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
32     !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
33     !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) ||         \
34     !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
35     !defined(MBEDTLS_FS_IO)
main(void)36 int main(void)
37 {
38     mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
39                    "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
40                    "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
41                    "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
42                    "not defined.\n");
43     mbedtls_exit(0);
44 }
45 #else
46 
47 #include "mbedtls/base64.h"
48 #include "mbedtls/error.h"
49 #include "mbedtls/net_sockets.h"
50 #include "mbedtls/ssl.h"
51 #include "mbedtls/entropy.h"
52 #include "mbedtls/ctr_drbg.h"
53 #include "test/certs.h"
54 #include "mbedtls/x509.h"
55 
56 #include <stdlib.h>
57 #include <string.h>
58 
59 #if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
60 #include <unistd.h>
61 #else
62 #include <io.h>
63 #endif
64 
65 #if defined(_WIN32) || defined(_WIN32_WCE)
66 #include <winsock2.h>
67 #include <windows.h>
68 
69 #if defined(_MSC_VER)
70 #if defined(_WIN32_WCE)
71 #pragma comment( lib, "ws2.lib" )
72 #else
73 #pragma comment( lib, "ws2_32.lib" )
74 #endif
75 #endif /* _MSC_VER */
76 #endif
77 
78 #define DFL_SERVER_NAME         "localhost"
79 #define DFL_SERVER_PORT         "465"
80 #define DFL_USER_NAME           "user"
81 #define DFL_USER_PWD            "password"
82 #define DFL_MAIL_FROM           ""
83 #define DFL_MAIL_TO             ""
84 #define DFL_DEBUG_LEVEL         0
85 #define DFL_CA_FILE             ""
86 #define DFL_CRT_FILE            ""
87 #define DFL_KEY_FILE            ""
88 #define DFL_FORCE_CIPHER        0
89 #define DFL_MODE                0
90 #define DFL_AUTHENTICATION      0
91 
92 #define MODE_SSL_TLS            0
93 #define MODE_STARTTLS           0
94 
95 #if defined(MBEDTLS_BASE64_C)
96 #define USAGE_AUTH \
97     "    authentication=%%d   default: 0 (disabled)\n"          \
98     "    user_name=%%s        default: \"" DFL_USER_NAME "\"\n" \
99                                                          "    user_pwd=%%s         default: \"" \
100     DFL_USER_PWD "\"\n"
101 #else
102 #define USAGE_AUTH \
103     "    authentication options disabled. (Require MBEDTLS_BASE64_C)\n"
104 #endif /* MBEDTLS_BASE64_C */
105 
106 #if defined(MBEDTLS_FS_IO)
107 #define USAGE_IO \
108     "    ca_file=%%s          default: \"\" (pre-loaded)\n" \
109     "    crt_file=%%s         default: \"\" (pre-loaded)\n" \
110     "    key_file=%%s         default: \"\" (pre-loaded)\n"
111 #else
112 #define USAGE_IO \
113     "    No file operations available (MBEDTLS_FS_IO not defined)\n"
114 #endif /* MBEDTLS_FS_IO */
115 
116 #define USAGE \
117     "\n usage: ssl_mail_client param=<>...\n"                 \
118     "\n acceptable parameters:\n"                             \
119     "    server_name=%%s      default: " DFL_SERVER_NAME "\n" \
120                                                          "    server_port=%%d      default: " \
121     DFL_SERVER_PORT "\n" \
122                     "    debug_level=%%d      default: 0 (disabled)\n"        \
123                     "    mode=%%d             default: 0 (SSL/TLS) (1 for STARTTLS)\n"  \
124     USAGE_AUTH                                                \
125     "    mail_from=%%s        default: \"\"\n"                \
126     "    mail_to=%%s          default: \"\"\n"                \
127     USAGE_IO                                                  \
128     "    force_ciphersuite=<name>    default: all enabled\n"  \
129     " acceptable ciphersuite names:\n"
130 
131 
132 /*
133  * global options
134  */
135 struct options {
136     const char *server_name;    /* hostname of the server (client only)     */
137     const char *server_port;    /* port on which the ssl service runs       */
138     int debug_level;            /* level of debugging                       */
139     int authentication;         /* if authentication is required            */
140     int mode;                   /* SSL/TLS (0) or STARTTLS (1)              */
141     const char *user_name;      /* username to use for authentication       */
142     const char *user_pwd;       /* password to use for authentication       */
143     const char *mail_from;      /* E-Mail address to use as sender          */
144     const char *mail_to;        /* E-Mail address to use as recipient       */
145     const char *ca_file;        /* the file with the CA certificate(s)      */
146     const char *crt_file;       /* the file with the client certificate     */
147     const char *key_file;       /* the file with the client key             */
148     int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
149 } opt;
150 
my_debug(void * ctx,int level,const char * file,int line,const char * str)151 static void my_debug(void *ctx, int level,
152                      const char *file, int line,
153                      const char *str)
154 {
155     ((void) level);
156 
157     mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
158     fflush((FILE *) ctx);
159 }
160 
do_handshake(mbedtls_ssl_context * ssl)161 static int do_handshake(mbedtls_ssl_context *ssl)
162 {
163     int ret;
164     uint32_t flags;
165     unsigned char buf[1024];
166     memset(buf, 0, 1024);
167 
168     /*
169      * 4. Handshake
170      */
171     mbedtls_printf("  . Performing the SSL/TLS handshake...");
172     fflush(stdout);
173 
174     while ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
175         if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
176 #if defined(MBEDTLS_ERROR_C)
177             mbedtls_strerror(ret, (char *) buf, 1024);
178 #endif
179             mbedtls_printf(" failed\n  ! mbedtls_ssl_handshake returned %d: %s\n\n", ret, buf);
180             return -1;
181         }
182     }
183 
184     mbedtls_printf(" ok\n    [ Ciphersuite is %s ]\n",
185                    mbedtls_ssl_get_ciphersuite(ssl));
186 
187     /*
188      * 5. Verify the server certificate
189      */
190     mbedtls_printf("  . Verifying peer X.509 certificate...");
191 
192     /* In real life, we probably want to bail out when ret != 0 */
193     if ((flags = mbedtls_ssl_get_verify_result(ssl)) != 0) {
194 #if !defined(MBEDTLS_X509_REMOVE_INFO)
195         char vrfy_buf[512];
196 #endif
197 
198         mbedtls_printf(" failed\n");
199 
200 #if !defined(MBEDTLS_X509_REMOVE_INFO)
201         mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "  ! ", flags);
202 
203         mbedtls_printf("%s\n", vrfy_buf);
204 #endif
205     } else {
206         mbedtls_printf(" ok\n");
207     }
208 
209 #if !defined(MBEDTLS_X509_REMOVE_INFO)
210     mbedtls_printf("  . Peer certificate information    ...\n");
211     mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, "      ",
212                           mbedtls_ssl_get_peer_cert(ssl));
213     mbedtls_printf("%s\n", buf);
214 #endif
215 
216     return 0;
217 }
218 
write_ssl_data(mbedtls_ssl_context * ssl,unsigned char * buf,size_t len)219 static int write_ssl_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
220 {
221     int ret;
222 
223     mbedtls_printf("\n%s", buf);
224     while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) {
225         if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
226             mbedtls_printf(" failed\n  ! mbedtls_ssl_write returned %d\n\n", ret);
227             return -1;
228         }
229     }
230 
231     return 0;
232 }
233 
write_ssl_and_get_response(mbedtls_ssl_context * ssl,unsigned char * buf,size_t len)234 static int write_ssl_and_get_response(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
235 {
236     int ret;
237     unsigned char data[128];
238     char code[4];
239     size_t i, idx = 0;
240 
241     mbedtls_printf("\n%s", buf);
242     while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) {
243         if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
244             mbedtls_printf(" failed\n  ! mbedtls_ssl_write returned %d\n\n", ret);
245             return -1;
246         }
247     }
248 
249     do {
250         len = sizeof(data) - 1;
251         memset(data, 0, sizeof(data));
252         ret = mbedtls_ssl_read(ssl, data, len);
253 
254         if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
255             continue;
256         }
257 
258         if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
259             return -1;
260         }
261 
262         if (ret <= 0) {
263             mbedtls_printf("failed\n  ! mbedtls_ssl_read returned %d\n\n", ret);
264             return -1;
265         }
266 
267         mbedtls_printf("\n%s", data);
268         len = ret;
269         for (i = 0; i < len; i++) {
270             if (data[i] != '\n') {
271                 if (idx < 4) {
272                     code[idx++] = data[i];
273                 }
274                 continue;
275             }
276 
277             if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') {
278                 code[3] = '\0';
279                 return atoi(code);
280             }
281 
282             idx = 0;
283         }
284     } while (1);
285 }
286 
write_and_get_response(mbedtls_net_context * sock_fd,unsigned char * buf,size_t len)287 static int write_and_get_response(mbedtls_net_context *sock_fd, unsigned char *buf, size_t len)
288 {
289     int ret;
290     unsigned char data[128];
291     char code[4];
292     size_t i, idx = 0;
293 
294     mbedtls_printf("\n%s", buf);
295     if (len && (ret = mbedtls_net_send(sock_fd, buf, len)) <= 0) {
296         mbedtls_printf(" failed\n  ! mbedtls_net_send returned %d\n\n", ret);
297         return -1;
298     }
299 
300     do {
301         len = sizeof(data) - 1;
302         memset(data, 0, sizeof(data));
303         ret = mbedtls_net_recv(sock_fd, data, len);
304 
305         if (ret <= 0) {
306             mbedtls_printf("failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
307             return -1;
308         }
309 
310         data[len] = '\0';
311         mbedtls_printf("\n%s", data);
312         len = ret;
313         for (i = 0; i < len; i++) {
314             if (data[i] != '\n') {
315                 if (idx < 4) {
316                     code[idx++] = data[i];
317                 }
318                 continue;
319             }
320 
321             if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') {
322                 code[3] = '\0';
323                 return atoi(code);
324             }
325 
326             idx = 0;
327         }
328     } while (1);
329 }
330 
main(int argc,char * argv[])331 int main(int argc, char *argv[])
332 {
333     int ret = 1, len;
334     int exit_code = MBEDTLS_EXIT_FAILURE;
335     mbedtls_net_context server_fd;
336 #if defined(MBEDTLS_BASE64_C)
337     unsigned char base[1024];
338     /* buf is used as the destination buffer for printing base with the format:
339      * "%s\r\n". Hence, the size of buf should be at least the size of base
340      * plus 2 bytes for the \r and \n characters.
341      */
342     unsigned char buf[sizeof(base) + 2];
343 #else
344     unsigned char buf[1024];
345 #endif
346     char hostname[32];
347     const char *pers = "ssl_mail_client";
348 
349     mbedtls_entropy_context entropy;
350     mbedtls_ctr_drbg_context ctr_drbg;
351     mbedtls_ssl_context ssl;
352     mbedtls_ssl_config conf;
353     mbedtls_x509_crt cacert;
354     mbedtls_x509_crt clicert;
355     mbedtls_pk_context pkey;
356     int i;
357     size_t n;
358     char *p, *q;
359     const int *list;
360 
361     /*
362      * Make sure memory references are valid in case we exit early.
363      */
364     mbedtls_net_init(&server_fd);
365     mbedtls_ssl_init(&ssl);
366     mbedtls_ssl_config_init(&conf);
367     memset(&buf, 0, sizeof(buf));
368     mbedtls_x509_crt_init(&cacert);
369     mbedtls_x509_crt_init(&clicert);
370     mbedtls_pk_init(&pkey);
371     mbedtls_ctr_drbg_init(&ctr_drbg);
372 
373     if (argc < 2) {
374 usage:
375         mbedtls_printf(USAGE);
376 
377         list = mbedtls_ssl_list_ciphersuites();
378         while (*list) {
379             mbedtls_printf("    %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
380             list++;
381         }
382         mbedtls_printf("\n");
383         goto exit;
384     }
385 
386     opt.server_name         = DFL_SERVER_NAME;
387     opt.server_port         = DFL_SERVER_PORT;
388     opt.debug_level         = DFL_DEBUG_LEVEL;
389     opt.authentication      = DFL_AUTHENTICATION;
390     opt.mode                = DFL_MODE;
391     opt.user_name           = DFL_USER_NAME;
392     opt.user_pwd            = DFL_USER_PWD;
393     opt.mail_from           = DFL_MAIL_FROM;
394     opt.mail_to             = DFL_MAIL_TO;
395     opt.ca_file             = DFL_CA_FILE;
396     opt.crt_file            = DFL_CRT_FILE;
397     opt.key_file            = DFL_KEY_FILE;
398     opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
399 
400     for (i = 1; i < argc; i++) {
401         p = argv[i];
402         if ((q = strchr(p, '=')) == NULL) {
403             goto usage;
404         }
405         *q++ = '\0';
406 
407         if (strcmp(p, "server_name") == 0) {
408             opt.server_name = q;
409         } else if (strcmp(p, "server_port") == 0) {
410             opt.server_port = q;
411         } else if (strcmp(p, "debug_level") == 0) {
412             opt.debug_level = atoi(q);
413             if (opt.debug_level < 0 || opt.debug_level > 65535) {
414                 goto usage;
415             }
416         } else if (strcmp(p, "authentication") == 0) {
417             opt.authentication = atoi(q);
418             if (opt.authentication < 0 || opt.authentication > 1) {
419                 goto usage;
420             }
421         } else if (strcmp(p, "mode") == 0) {
422             opt.mode = atoi(q);
423             if (opt.mode < 0 || opt.mode > 1) {
424                 goto usage;
425             }
426         } else if (strcmp(p, "user_name") == 0) {
427             opt.user_name = q;
428         } else if (strcmp(p, "user_pwd") == 0) {
429             opt.user_pwd = q;
430         } else if (strcmp(p, "mail_from") == 0) {
431             opt.mail_from = q;
432         } else if (strcmp(p, "mail_to") == 0) {
433             opt.mail_to = q;
434         } else if (strcmp(p, "ca_file") == 0) {
435             opt.ca_file = q;
436         } else if (strcmp(p, "crt_file") == 0) {
437             opt.crt_file = q;
438         } else if (strcmp(p, "key_file") == 0) {
439             opt.key_file = q;
440         } else if (strcmp(p, "force_ciphersuite") == 0) {
441             opt.force_ciphersuite[0] = -1;
442 
443             opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
444 
445             if (opt.force_ciphersuite[0] <= 0) {
446                 goto usage;
447             }
448 
449             opt.force_ciphersuite[1] = 0;
450         } else {
451             goto usage;
452         }
453     }
454 
455     /*
456      * 0. Initialize the RNG and the session data
457      */
458     mbedtls_printf("\n  . Seeding the random number generator...");
459     fflush(stdout);
460 
461     mbedtls_entropy_init(&entropy);
462     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
463                                      (const unsigned char *) pers,
464                                      strlen(pers))) != 0) {
465         mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
466         goto exit;
467     }
468 
469     mbedtls_printf(" ok\n");
470 
471     /*
472      * 1.1. Load the trusted CA
473      */
474     mbedtls_printf("  . Loading the CA root certificate ...");
475     fflush(stdout);
476 
477 #if defined(MBEDTLS_FS_IO)
478     if (strlen(opt.ca_file)) {
479         ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
480     } else
481 #endif
482 #if defined(MBEDTLS_PEM_PARSE_C)
483     ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
484                                  mbedtls_test_cas_pem_len);
485 #else
486     {
487         mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");
488         goto exit;
489     }
490 #endif
491     if (ret < 0) {
492         mbedtls_printf(" failed\n  !  mbedtls_x509_crt_parse returned %d\n\n", ret);
493         goto exit;
494     }
495 
496     mbedtls_printf(" ok (%d skipped)\n", ret);
497 
498     /*
499      * 1.2. Load own certificate and private key
500      *
501      * (can be skipped if client authentication is not required)
502      */
503     mbedtls_printf("  . Loading the client cert. and key...");
504     fflush(stdout);
505 
506 #if defined(MBEDTLS_FS_IO)
507     if (strlen(opt.crt_file)) {
508         ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file);
509     } else
510 #endif
511     ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *) mbedtls_test_cli_crt,
512                                  mbedtls_test_cli_crt_len);
513     if (ret != 0) {
514         mbedtls_printf(" failed\n  !  mbedtls_x509_crt_parse returned %d\n\n", ret);
515         goto exit;
516     }
517 
518 #if defined(MBEDTLS_FS_IO)
519     if (strlen(opt.key_file)) {
520         ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "",
521                                        mbedtls_ctr_drbg_random, &ctr_drbg);
522     } else
523 #endif
524 #if defined(MBEDTLS_PEM_PARSE_C)
525     {
526         ret = mbedtls_pk_parse_key(&pkey,
527                                    (const unsigned char *) mbedtls_test_cli_key,
528                                    mbedtls_test_cli_key_len,
529                                    NULL,
530                                    0,
531                                    mbedtls_ctr_drbg_random,
532                                    &ctr_drbg);
533     }
534 #else
535     {
536         mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");
537         goto exit;
538     }
539 #endif
540     if (ret != 0) {
541         mbedtls_printf(" failed\n  !  mbedtls_pk_parse_key returned %d\n\n", ret);
542         goto exit;
543     }
544 
545     mbedtls_printf(" ok\n");
546 
547     /*
548      * 2. Start the connection
549      */
550     mbedtls_printf("  . Connecting to tcp/%s/%s...", opt.server_name,
551                    opt.server_port);
552     fflush(stdout);
553 
554     if ((ret = mbedtls_net_connect(&server_fd, opt.server_name,
555                                    opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) {
556         mbedtls_printf(" failed\n  ! mbedtls_net_connect returned %d\n\n", ret);
557         goto exit;
558     }
559 
560     mbedtls_printf(" ok\n");
561 
562     /*
563      * 3. Setup stuff
564      */
565     mbedtls_printf("  . Setting up the SSL/TLS structure...");
566     fflush(stdout);
567 
568     if ((ret = mbedtls_ssl_config_defaults(&conf,
569                                            MBEDTLS_SSL_IS_CLIENT,
570                                            MBEDTLS_SSL_TRANSPORT_STREAM,
571                                            MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
572         mbedtls_printf(" failed\n  ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
573         goto exit;
574     }
575 
576     /* OPTIONAL is not optimal for security,
577      * but makes interop easier in this simplified example */
578     mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
579 
580     mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
581     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
582 
583     if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
584         mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
585     }
586 
587     mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
588     if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
589         mbedtls_printf(" failed\n  ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
590         goto exit;
591     }
592 
593     if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
594         mbedtls_printf(" failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret);
595         goto exit;
596     }
597 
598     if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
599         mbedtls_printf(" failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
600         goto exit;
601     }
602 
603     mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
604 
605     mbedtls_printf(" ok\n");
606 
607     if (opt.mode == MODE_SSL_TLS) {
608         if (do_handshake(&ssl) != 0) {
609             goto exit;
610         }
611 
612         mbedtls_printf("  > Get header from server:");
613         fflush(stdout);
614 
615         ret = write_ssl_and_get_response(&ssl, buf, 0);
616         if (ret < 200 || ret > 299) {
617             mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
618             goto exit;
619         }
620 
621         mbedtls_printf(" ok\n");
622 
623         mbedtls_printf("  > Write EHLO to server:");
624         fflush(stdout);
625 
626         gethostname(hostname, 32);
627         len = sprintf((char *) buf, "EHLO %s\r\n", hostname);
628         ret = write_ssl_and_get_response(&ssl, buf, len);
629         if (ret < 200 || ret > 299) {
630             mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
631             goto exit;
632         }
633     } else {
634         mbedtls_printf("  > Get header from server:");
635         fflush(stdout);
636 
637         ret = write_and_get_response(&server_fd, buf, 0);
638         if (ret < 200 || ret > 299) {
639             mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
640             goto exit;
641         }
642 
643         mbedtls_printf(" ok\n");
644 
645         mbedtls_printf("  > Write EHLO to server:");
646         fflush(stdout);
647 
648         gethostname(hostname, 32);
649         len = sprintf((char *) buf, "EHLO %s\r\n", hostname);
650         ret = write_and_get_response(&server_fd, buf, len);
651         if (ret < 200 || ret > 299) {
652             mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
653             goto exit;
654         }
655 
656         mbedtls_printf(" ok\n");
657 
658         mbedtls_printf("  > Write STARTTLS to server:");
659         fflush(stdout);
660 
661         gethostname(hostname, 32);
662         len = sprintf((char *) buf, "STARTTLS\r\n");
663         ret = write_and_get_response(&server_fd, buf, len);
664         if (ret < 200 || ret > 299) {
665             mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
666             goto exit;
667         }
668 
669         mbedtls_printf(" ok\n");
670 
671         if (do_handshake(&ssl) != 0) {
672             goto exit;
673         }
674     }
675 
676 #if defined(MBEDTLS_BASE64_C)
677     if (opt.authentication) {
678         mbedtls_printf("  > Write AUTH LOGIN to server:");
679         fflush(stdout);
680 
681         len = sprintf((char *) buf, "AUTH LOGIN\r\n");
682         ret = write_ssl_and_get_response(&ssl, buf, len);
683         if (ret < 200 || ret > 399) {
684             mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
685             goto exit;
686         }
687 
688         mbedtls_printf(" ok\n");
689 
690         mbedtls_printf("  > Write username to server: %s", opt.user_name);
691         fflush(stdout);
692 
693         ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_name,
694                                     strlen(opt.user_name));
695 
696         if (ret != 0) {
697             mbedtls_printf(" failed\n  ! mbedtls_base64_encode returned %d\n\n", ret);
698             goto exit;
699         }
700         len = sprintf((char *) buf, "%s\r\n", base);
701         ret = write_ssl_and_get_response(&ssl, buf, len);
702         if (ret < 300 || ret > 399) {
703             mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
704             goto exit;
705         }
706 
707         mbedtls_printf(" ok\n");
708 
709         mbedtls_printf("  > Write password to server: %s", opt.user_pwd);
710         fflush(stdout);
711 
712         ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_pwd,
713                                     strlen(opt.user_pwd));
714 
715         if (ret != 0) {
716             mbedtls_printf(" failed\n  ! mbedtls_base64_encode returned %d\n\n", ret);
717             goto exit;
718         }
719         len = sprintf((char *) buf, "%s\r\n", base);
720         ret = write_ssl_and_get_response(&ssl, buf, len);
721         if (ret < 200 || ret > 399) {
722             mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
723             goto exit;
724         }
725 
726         mbedtls_printf(" ok\n");
727     }
728 #endif
729 
730     mbedtls_printf("  > Write MAIL FROM to server:");
731     fflush(stdout);
732 
733     len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from);
734     ret = write_ssl_and_get_response(&ssl, buf, len);
735     if (ret < 200 || ret > 299) {
736         mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
737         goto exit;
738     }
739 
740     mbedtls_printf(" ok\n");
741 
742     mbedtls_printf("  > Write RCPT TO to server:");
743     fflush(stdout);
744 
745     len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to);
746     ret = write_ssl_and_get_response(&ssl, buf, len);
747     if (ret < 200 || ret > 299) {
748         mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
749         goto exit;
750     }
751 
752     mbedtls_printf(" ok\n");
753 
754     mbedtls_printf("  > Write DATA to server:");
755     fflush(stdout);
756 
757     len = sprintf((char *) buf, "DATA\r\n");
758     ret = write_ssl_and_get_response(&ssl, buf, len);
759     if (ret < 300 || ret > 399) {
760         mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
761         goto exit;
762     }
763 
764     mbedtls_printf(" ok\n");
765 
766     mbedtls_printf("  > Write content to server:");
767     fflush(stdout);
768 
769     len = sprintf((char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
770                                 "This is a simple test mail from the "
771                                 "mbed TLS mail client example.\r\n"
772                                 "\r\n"
773                                 "Enjoy!", opt.mail_from);
774     ret = write_ssl_data(&ssl, buf, len);
775 
776     len = sprintf((char *) buf, "\r\n.\r\n");
777     ret = write_ssl_and_get_response(&ssl, buf, len);
778     if (ret < 200 || ret > 299) {
779         mbedtls_printf(" failed\n  ! server responded with %d\n\n", ret);
780         goto exit;
781     }
782 
783     mbedtls_printf(" ok\n");
784 
785     mbedtls_ssl_close_notify(&ssl);
786 
787     exit_code = MBEDTLS_EXIT_SUCCESS;
788 
789 exit:
790 
791     mbedtls_net_free(&server_fd);
792     mbedtls_x509_crt_free(&clicert);
793     mbedtls_x509_crt_free(&cacert);
794     mbedtls_pk_free(&pkey);
795     mbedtls_ssl_free(&ssl);
796     mbedtls_ssl_config_free(&conf);
797     mbedtls_ctr_drbg_free(&ctr_drbg);
798     mbedtls_entropy_free(&entropy);
799 
800     mbedtls_exit(exit_code);
801 }
802 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
803           MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
804           MBEDTLS_CTR_DRBG_C */
805