1 /*
2 * SSL client for SMTP servers
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 */
7
8 /* Enable definition of gethostname() even when compiling with -std=c99. Must
9 * be set before config.h, which pulls in glibc's features.h indirectly.
10 * Harmless on other platforms. */
11 #define _POSIX_C_SOURCE 200112L
12 #define _XOPEN_SOURCE 600
13
14 #if !defined(MBEDTLS_CONFIG_FILE)
15 #include "mbedtls/config.h"
16 #else
17 #include MBEDTLS_CONFIG_FILE
18 #endif
19
20 #include "mbedtls/platform.h"
21
22 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
23 !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
24 !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
25 !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
26 !defined(MBEDTLS_FS_IO)
main(void)27 int main(void)
28 {
29 mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
30 "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
31 "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
32 "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
33 "not defined.\n");
34 mbedtls_exit(0);
35 }
36 #else
37
38 #include "mbedtls/base64.h"
39 #include "mbedtls/error.h"
40 #include "mbedtls/net_sockets.h"
41 #include "mbedtls/ssl.h"
42 #include "mbedtls/entropy.h"
43 #include "mbedtls/ctr_drbg.h"
44 #include "mbedtls/certs.h"
45 #include "mbedtls/x509.h"
46
47 #include <stdlib.h>
48 #include <string.h>
49
50 #if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
51 #include <unistd.h>
52 #else
53 #include <io.h>
54 #endif
55
56 #if defined(_WIN32) || defined(_WIN32_WCE)
57 #include <winsock2.h>
58 #include <windows.h>
59
60 #if defined(_MSC_VER)
61 #if defined(_WIN32_WCE)
62 #pragma comment( lib, "ws2.lib" )
63 #else
64 #pragma comment( lib, "ws2_32.lib" )
65 #endif
66 #endif /* _MSC_VER */
67 #endif
68
69 #define DFL_SERVER_NAME "localhost"
70 #define DFL_SERVER_PORT "465"
71 #define DFL_USER_NAME "user"
72 #define DFL_USER_PWD "password"
73 #define DFL_MAIL_FROM ""
74 #define DFL_MAIL_TO ""
75 #define DFL_DEBUG_LEVEL 0
76 #define DFL_CA_FILE ""
77 #define DFL_CRT_FILE ""
78 #define DFL_KEY_FILE ""
79 #define DFL_FORCE_CIPHER 0
80 #define DFL_MODE 0
81 #define DFL_AUTHENTICATION 0
82
83 #define MODE_SSL_TLS 0
84 #define MODE_STARTTLS 0
85
86 #if defined(MBEDTLS_BASE64_C)
87 #define USAGE_AUTH \
88 " authentication=%%d default: 0 (disabled)\n" \
89 " user_name=%%s default: \"" DFL_USER_NAME "\"\n" \
90 " user_pwd=%%s default: \"" \
91 DFL_USER_PWD "\"\n"
92 #else
93 #define USAGE_AUTH \
94 " authentication options disabled. (Require MBEDTLS_BASE64_C)\n"
95 #endif /* MBEDTLS_BASE64_C */
96
97 #if defined(MBEDTLS_FS_IO)
98 #define USAGE_IO \
99 " ca_file=%%s default: \"\" (pre-loaded)\n" \
100 " crt_file=%%s default: \"\" (pre-loaded)\n" \
101 " key_file=%%s default: \"\" (pre-loaded)\n"
102 #else
103 #define USAGE_IO \
104 " No file operations available (MBEDTLS_FS_IO not defined)\n"
105 #endif /* MBEDTLS_FS_IO */
106
107 #define USAGE \
108 "\n usage: ssl_mail_client param=<>...\n" \
109 "\n acceptable parameters:\n" \
110 " server_name=%%s default: " DFL_SERVER_NAME "\n" \
111 " server_port=%%d default: " \
112 DFL_SERVER_PORT "\n" \
113 " debug_level=%%d default: 0 (disabled)\n" \
114 " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
115 USAGE_AUTH \
116 " mail_from=%%s default: \"\"\n" \
117 " mail_to=%%s default: \"\"\n" \
118 USAGE_IO \
119 " force_ciphersuite=<name> default: all enabled\n" \
120 " acceptable ciphersuite names:\n"
121
122
123 /*
124 * global options
125 */
126 struct options {
127 const char *server_name; /* hostname of the server (client only) */
128 const char *server_port; /* port on which the ssl service runs */
129 int debug_level; /* level of debugging */
130 int authentication; /* if authentication is required */
131 int mode; /* SSL/TLS (0) or STARTTLS (1) */
132 const char *user_name; /* username to use for authentication */
133 const char *user_pwd; /* password to use for authentication */
134 const char *mail_from; /* E-Mail address to use as sender */
135 const char *mail_to; /* E-Mail address to use as recipient */
136 const char *ca_file; /* the file with the CA certificate(s) */
137 const char *crt_file; /* the file with the client certificate */
138 const char *key_file; /* the file with the client key */
139 int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
140 } opt;
141
my_debug(void * ctx,int level,const char * file,int line,const char * str)142 static void my_debug(void *ctx, int level,
143 const char *file, int line,
144 const char *str)
145 {
146 ((void) level);
147
148 mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
149 fflush((FILE *) ctx);
150 }
151
do_handshake(mbedtls_ssl_context * ssl)152 static int do_handshake(mbedtls_ssl_context *ssl)
153 {
154 int ret;
155 uint32_t flags;
156 unsigned char buf[1024];
157 memset(buf, 0, 1024);
158
159 /*
160 * 4. Handshake
161 */
162 mbedtls_printf(" . Performing the SSL/TLS handshake...");
163 fflush(stdout);
164
165 while ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
166 if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
167 #if defined(MBEDTLS_ERROR_C)
168 mbedtls_strerror(ret, (char *) buf, 1024);
169 #endif
170 mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d: %s\n\n", ret, buf);
171 return -1;
172 }
173 }
174
175 mbedtls_printf(" ok\n [ Ciphersuite is %s ]\n",
176 mbedtls_ssl_get_ciphersuite(ssl));
177
178 /*
179 * 5. Verify the server certificate
180 */
181 mbedtls_printf(" . Verifying peer X.509 certificate...");
182
183 /* In real life, we probably want to bail out when ret != 0 */
184 if ((flags = mbedtls_ssl_get_verify_result(ssl)) != 0) {
185 char vrfy_buf[512];
186
187 mbedtls_printf(" failed\n");
188
189 mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
190
191 mbedtls_printf("%s\n", vrfy_buf);
192 } else {
193 mbedtls_printf(" ok\n");
194 }
195
196 mbedtls_printf(" . Peer certificate information ...\n");
197 mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ",
198 mbedtls_ssl_get_peer_cert(ssl));
199 mbedtls_printf("%s\n", buf);
200
201 return 0;
202 }
203
write_ssl_data(mbedtls_ssl_context * ssl,unsigned char * buf,size_t len)204 static int write_ssl_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
205 {
206 int ret;
207
208 mbedtls_printf("\n%s", buf);
209 while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) {
210 if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
211 mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
212 return -1;
213 }
214 }
215
216 return 0;
217 }
218
write_ssl_and_get_response(mbedtls_ssl_context * ssl,unsigned char * buf,size_t len)219 static int write_ssl_and_get_response(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
220 {
221 int ret;
222 unsigned char data[128];
223 char code[4];
224 size_t i, idx = 0;
225
226 mbedtls_printf("\n%s", buf);
227 while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) {
228 if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
229 mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
230 return -1;
231 }
232 }
233
234 do {
235 len = sizeof(data) - 1;
236 memset(data, 0, sizeof(data));
237 ret = mbedtls_ssl_read(ssl, data, len);
238
239 if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
240 continue;
241 }
242
243 if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
244 return -1;
245 }
246
247 if (ret <= 0) {
248 mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret);
249 return -1;
250 }
251
252 mbedtls_printf("\n%s", data);
253 len = ret;
254 for (i = 0; i < len; i++) {
255 if (data[i] != '\n') {
256 if (idx < 4) {
257 code[idx++] = data[i];
258 }
259 continue;
260 }
261
262 if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') {
263 code[3] = '\0';
264 return atoi(code);
265 }
266
267 idx = 0;
268 }
269 } while (1);
270 }
271
write_and_get_response(mbedtls_net_context * sock_fd,unsigned char * buf,size_t len)272 static int write_and_get_response(mbedtls_net_context *sock_fd, unsigned char *buf, size_t len)
273 {
274 int ret;
275 unsigned char data[128];
276 char code[4];
277 size_t i, idx = 0;
278
279 mbedtls_printf("\n%s", buf);
280 if (len && (ret = mbedtls_net_send(sock_fd, buf, len)) <= 0) {
281 mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
282 return -1;
283 }
284
285 do {
286 len = sizeof(data) - 1;
287 memset(data, 0, sizeof(data));
288 ret = mbedtls_net_recv(sock_fd, data, len);
289
290 if (ret <= 0) {
291 mbedtls_printf("failed\n ! mbedtls_net_recv returned %d\n\n", ret);
292 return -1;
293 }
294
295 data[len] = '\0';
296 mbedtls_printf("\n%s", data);
297 len = ret;
298 for (i = 0; i < len; i++) {
299 if (data[i] != '\n') {
300 if (idx < 4) {
301 code[idx++] = data[i];
302 }
303 continue;
304 }
305
306 if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') {
307 code[3] = '\0';
308 return atoi(code);
309 }
310
311 idx = 0;
312 }
313 } while (1);
314 }
315
main(int argc,char * argv[])316 int main(int argc, char *argv[])
317 {
318 int ret = 1, len;
319 int exit_code = MBEDTLS_EXIT_FAILURE;
320 mbedtls_net_context server_fd;
321 #if defined(MBEDTLS_BASE64_C)
322 unsigned char base[1024];
323 /* buf is used as the destination buffer for printing base with the format:
324 * "%s\r\n". Hence, the size of buf should be at least the size of base
325 * plus 2 bytes for the \r and \n characters.
326 */
327 unsigned char buf[sizeof(base) + 2];
328 #else
329 unsigned char buf[1024];
330 #endif
331 char hostname[32];
332 const char *pers = "ssl_mail_client";
333
334 mbedtls_entropy_context entropy;
335 mbedtls_ctr_drbg_context ctr_drbg;
336 mbedtls_ssl_context ssl;
337 mbedtls_ssl_config conf;
338 mbedtls_x509_crt cacert;
339 mbedtls_x509_crt clicert;
340 mbedtls_pk_context pkey;
341 int i;
342 size_t n;
343 char *p, *q;
344 const int *list;
345
346 /*
347 * Make sure memory references are valid in case we exit early.
348 */
349 mbedtls_net_init(&server_fd);
350 mbedtls_ssl_init(&ssl);
351 mbedtls_ssl_config_init(&conf);
352 memset(&buf, 0, sizeof(buf));
353 mbedtls_x509_crt_init(&cacert);
354 mbedtls_x509_crt_init(&clicert);
355 mbedtls_pk_init(&pkey);
356 mbedtls_ctr_drbg_init(&ctr_drbg);
357 mbedtls_entropy_init(&entropy);
358
359 #if defined(MBEDTLS_USE_PSA_CRYPTO)
360 psa_status_t status = psa_crypto_init();
361 if (status != PSA_SUCCESS) {
362 mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
363 (int) status);
364 goto exit;
365 }
366 #endif /* MBEDTLS_USE_PSA_CRYPTO */
367
368 if (argc < 2) {
369 usage:
370 mbedtls_printf(USAGE);
371
372 list = mbedtls_ssl_list_ciphersuites();
373 while (*list) {
374 mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
375 list++;
376 }
377 mbedtls_printf("\n");
378 goto exit;
379 }
380
381 opt.server_name = DFL_SERVER_NAME;
382 opt.server_port = DFL_SERVER_PORT;
383 opt.debug_level = DFL_DEBUG_LEVEL;
384 opt.authentication = DFL_AUTHENTICATION;
385 opt.mode = DFL_MODE;
386 opt.user_name = DFL_USER_NAME;
387 opt.user_pwd = DFL_USER_PWD;
388 opt.mail_from = DFL_MAIL_FROM;
389 opt.mail_to = DFL_MAIL_TO;
390 opt.ca_file = DFL_CA_FILE;
391 opt.crt_file = DFL_CRT_FILE;
392 opt.key_file = DFL_KEY_FILE;
393 opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
394
395 for (i = 1; i < argc; i++) {
396 p = argv[i];
397 if ((q = strchr(p, '=')) == NULL) {
398 goto usage;
399 }
400 *q++ = '\0';
401
402 if (strcmp(p, "server_name") == 0) {
403 opt.server_name = q;
404 } else if (strcmp(p, "server_port") == 0) {
405 opt.server_port = q;
406 } else if (strcmp(p, "debug_level") == 0) {
407 opt.debug_level = atoi(q);
408 if (opt.debug_level < 0 || opt.debug_level > 65535) {
409 goto usage;
410 }
411 } else if (strcmp(p, "authentication") == 0) {
412 opt.authentication = atoi(q);
413 if (opt.authentication < 0 || opt.authentication > 1) {
414 goto usage;
415 }
416 } else if (strcmp(p, "mode") == 0) {
417 opt.mode = atoi(q);
418 if (opt.mode < 0 || opt.mode > 1) {
419 goto usage;
420 }
421 } else if (strcmp(p, "user_name") == 0) {
422 opt.user_name = q;
423 } else if (strcmp(p, "user_pwd") == 0) {
424 opt.user_pwd = q;
425 } else if (strcmp(p, "mail_from") == 0) {
426 opt.mail_from = q;
427 } else if (strcmp(p, "mail_to") == 0) {
428 opt.mail_to = q;
429 } else if (strcmp(p, "ca_file") == 0) {
430 opt.ca_file = q;
431 } else if (strcmp(p, "crt_file") == 0) {
432 opt.crt_file = q;
433 } else if (strcmp(p, "key_file") == 0) {
434 opt.key_file = q;
435 } else if (strcmp(p, "force_ciphersuite") == 0) {
436 opt.force_ciphersuite[0] = -1;
437
438 opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
439
440 if (opt.force_ciphersuite[0] <= 0) {
441 goto usage;
442 }
443
444 opt.force_ciphersuite[1] = 0;
445 } else {
446 goto usage;
447 }
448 }
449
450 /*
451 * 0. Initialize the RNG and the session data
452 */
453 mbedtls_printf("\n . Seeding the random number generator...");
454 fflush(stdout);
455
456 if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
457 (const unsigned char *) pers,
458 strlen(pers))) != 0) {
459 mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
460 goto exit;
461 }
462
463 mbedtls_printf(" ok\n");
464
465 /*
466 * 1.1. Load the trusted CA
467 */
468 mbedtls_printf(" . Loading the CA root certificate ...");
469 fflush(stdout);
470
471 #if defined(MBEDTLS_FS_IO)
472 if (strlen(opt.ca_file)) {
473 ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
474 } else
475 #endif
476 #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
477 ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
478 mbedtls_test_cas_pem_len);
479 #else
480 {
481 mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.");
482 goto exit;
483 }
484 #endif
485 if (ret < 0) {
486 mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
487 goto exit;
488 }
489
490 mbedtls_printf(" ok (%d skipped)\n", ret);
491
492 /*
493 * 1.2. Load own certificate and private key
494 *
495 * (can be skipped if client authentication is not required)
496 */
497 mbedtls_printf(" . Loading the client cert. and key...");
498 fflush(stdout);
499
500 #if defined(MBEDTLS_FS_IO)
501 if (strlen(opt.crt_file)) {
502 ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file);
503 } else
504 #endif
505 #if defined(MBEDTLS_CERTS_C)
506 ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *) mbedtls_test_cli_crt,
507 mbedtls_test_cli_crt_len);
508 #else
509 {
510 mbedtls_printf("MBEDTLS_CERTS_C not defined.");
511 goto exit;
512 }
513 #endif
514 if (ret != 0) {
515 mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
516 goto exit;
517 }
518
519 #if defined(MBEDTLS_FS_IO)
520 if (strlen(opt.key_file)) {
521 ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "");
522 } else
523 #endif
524 #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
525 ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_cli_key,
526 mbedtls_test_cli_key_len, NULL, 0);
527 #else
528 {
529 mbedtls_printf("MBEDTLS_CERTS_C or MBEDTLS_PEM_PARSE_C not defined.");
530 goto exit;
531 }
532 #endif
533 if (ret != 0) {
534 mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
535 goto exit;
536 }
537
538 mbedtls_printf(" ok\n");
539
540 /*
541 * 2. Start the connection
542 */
543 mbedtls_printf(" . Connecting to tcp/%s/%s...", opt.server_name,
544 opt.server_port);
545 fflush(stdout);
546
547 if ((ret = mbedtls_net_connect(&server_fd, opt.server_name,
548 opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) {
549 mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
550 goto exit;
551 }
552
553 mbedtls_printf(" ok\n");
554
555 /*
556 * 3. Setup stuff
557 */
558 mbedtls_printf(" . Setting up the SSL/TLS structure...");
559 fflush(stdout);
560
561 if ((ret = mbedtls_ssl_config_defaults(&conf,
562 MBEDTLS_SSL_IS_CLIENT,
563 MBEDTLS_SSL_TRANSPORT_STREAM,
564 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
565 mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
566 goto exit;
567 }
568
569 /* OPTIONAL is not optimal for security,
570 * but makes interop easier in this simplified example */
571 mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
572
573 mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
574 mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
575
576 if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
577 mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
578 }
579
580 mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
581 if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
582 mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
583 goto exit;
584 }
585
586 if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
587 mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
588 goto exit;
589 }
590
591 if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
592 mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
593 goto exit;
594 }
595
596 mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
597
598 mbedtls_printf(" ok\n");
599
600 if (opt.mode == MODE_SSL_TLS) {
601 if (do_handshake(&ssl) != 0) {
602 goto exit;
603 }
604
605 mbedtls_printf(" > Get header from server:");
606 fflush(stdout);
607
608 ret = write_ssl_and_get_response(&ssl, buf, 0);
609 if (ret < 200 || ret > 299) {
610 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
611 goto exit;
612 }
613
614 mbedtls_printf(" ok\n");
615
616 mbedtls_printf(" > Write EHLO to server:");
617 fflush(stdout);
618
619 gethostname(hostname, 32);
620 len = sprintf((char *) buf, "EHLO %s\r\n", hostname);
621 ret = write_ssl_and_get_response(&ssl, buf, len);
622 if (ret < 200 || ret > 299) {
623 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
624 goto exit;
625 }
626 } else {
627 mbedtls_printf(" > Get header from server:");
628 fflush(stdout);
629
630 ret = write_and_get_response(&server_fd, buf, 0);
631 if (ret < 200 || ret > 299) {
632 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
633 goto exit;
634 }
635
636 mbedtls_printf(" ok\n");
637
638 mbedtls_printf(" > Write EHLO to server:");
639 fflush(stdout);
640
641 gethostname(hostname, 32);
642 len = sprintf((char *) buf, "EHLO %s\r\n", hostname);
643 ret = write_and_get_response(&server_fd, buf, len);
644 if (ret < 200 || ret > 299) {
645 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
646 goto exit;
647 }
648
649 mbedtls_printf(" ok\n");
650
651 mbedtls_printf(" > Write STARTTLS to server:");
652 fflush(stdout);
653
654 gethostname(hostname, 32);
655 len = sprintf((char *) buf, "STARTTLS\r\n");
656 ret = write_and_get_response(&server_fd, buf, len);
657 if (ret < 200 || ret > 299) {
658 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
659 goto exit;
660 }
661
662 mbedtls_printf(" ok\n");
663
664 if (do_handshake(&ssl) != 0) {
665 goto exit;
666 }
667 }
668
669 #if defined(MBEDTLS_BASE64_C)
670 if (opt.authentication) {
671 mbedtls_printf(" > Write AUTH LOGIN to server:");
672 fflush(stdout);
673
674 len = sprintf((char *) buf, "AUTH LOGIN\r\n");
675 ret = write_ssl_and_get_response(&ssl, buf, len);
676 if (ret < 200 || ret > 399) {
677 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
678 goto exit;
679 }
680
681 mbedtls_printf(" ok\n");
682
683 mbedtls_printf(" > Write username to server: %s", opt.user_name);
684 fflush(stdout);
685
686 ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_name,
687 strlen(opt.user_name));
688
689 if (ret != 0) {
690 mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret);
691 goto exit;
692 }
693 len = sprintf((char *) buf, "%s\r\n", base);
694 ret = write_ssl_and_get_response(&ssl, buf, len);
695 if (ret < 300 || ret > 399) {
696 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
697 goto exit;
698 }
699
700 mbedtls_printf(" ok\n");
701
702 mbedtls_printf(" > Write password to server: %s", opt.user_pwd);
703 fflush(stdout);
704
705 ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_pwd,
706 strlen(opt.user_pwd));
707
708 if (ret != 0) {
709 mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret);
710 goto exit;
711 }
712 len = sprintf((char *) buf, "%s\r\n", base);
713 ret = write_ssl_and_get_response(&ssl, buf, len);
714 if (ret < 200 || ret > 399) {
715 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
716 goto exit;
717 }
718
719 mbedtls_printf(" ok\n");
720 }
721 #endif
722
723 mbedtls_printf(" > Write MAIL FROM to server:");
724 fflush(stdout);
725
726 len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from);
727 ret = write_ssl_and_get_response(&ssl, buf, len);
728 if (ret < 200 || ret > 299) {
729 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
730 goto exit;
731 }
732
733 mbedtls_printf(" ok\n");
734
735 mbedtls_printf(" > Write RCPT TO to server:");
736 fflush(stdout);
737
738 len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to);
739 ret = write_ssl_and_get_response(&ssl, buf, len);
740 if (ret < 200 || ret > 299) {
741 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
742 goto exit;
743 }
744
745 mbedtls_printf(" ok\n");
746
747 mbedtls_printf(" > Write DATA to server:");
748 fflush(stdout);
749
750 len = sprintf((char *) buf, "DATA\r\n");
751 ret = write_ssl_and_get_response(&ssl, buf, len);
752 if (ret < 300 || ret > 399) {
753 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
754 goto exit;
755 }
756
757 mbedtls_printf(" ok\n");
758
759 mbedtls_printf(" > Write content to server:");
760 fflush(stdout);
761
762 len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
763 "This is a simple test mail from the "
764 "Mbed TLS mail client example.\r\n"
765 "\r\n"
766 "Enjoy!", opt.mail_from);
767 ret = write_ssl_data(&ssl, buf, len);
768
769 len = sprintf((char *) buf, "\r\n.\r\n");
770 ret = write_ssl_and_get_response(&ssl, buf, len);
771 if (ret < 200 || ret > 299) {
772 mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
773 goto exit;
774 }
775
776 mbedtls_printf(" ok\n");
777
778 mbedtls_ssl_close_notify(&ssl);
779
780 exit_code = MBEDTLS_EXIT_SUCCESS;
781
782 exit:
783
784 mbedtls_net_free(&server_fd);
785 mbedtls_x509_crt_free(&clicert);
786 mbedtls_x509_crt_free(&cacert);
787 mbedtls_pk_free(&pkey);
788 mbedtls_ssl_free(&ssl);
789 mbedtls_ssl_config_free(&conf);
790 mbedtls_ctr_drbg_free(&ctr_drbg);
791 mbedtls_entropy_free(&entropy);
792 #if defined(MBEDTLS_USE_PSA_CRYPTO)
793 mbedtls_psa_crypto_free();
794 #endif /* MBEDTLS_USE_PSA_CRYPTO */
795
796 #if defined(_WIN32)
797 mbedtls_printf(" + Press Enter to exit this program.\n");
798 fflush(stdout); getchar();
799 #endif
800
801 mbedtls_exit(exit_code);
802 }
803 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
804 MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
805 MBEDTLS_CTR_DRBG_C */
806