diff options
Diffstat (limited to 'programs/ssl/ssl_mail_client.c')
| -rw-r--r-- | programs/ssl/ssl_mail_client.c | 804 |
1 files changed, 804 insertions, 0 deletions
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c new file mode 100644 index 00000000000..febb881c804 --- /dev/null +++ b/programs/ssl/ssl_mail_client.c @@ -0,0 +1,804 @@ +/* + * SSL client for SMTP servers + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/* Enable definition of gethostname() even when compiling with -std=c99. Must + * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly. + * Harmless on other platforms. */ + +#define _POSIX_C_SOURCE 200112L +#define _XOPEN_SOURCE 600 + +#include "mbedtls/build_info.h" + +#include "mbedtls/platform.h" + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ + !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ + !defined(MBEDTLS_FS_IO) +int main(void) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " + "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " + "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " + "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C " + "not defined.\n"); + mbedtls_exit(0); +} +#else + +#include "mbedtls/base64.h" +#include "mbedtls/error.h" +#include "mbedtls/net_sockets.h" +#include "mbedtls/ssl.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "test/certs.h" +#include "mbedtls/x509.h" + +#include <stdlib.h> +#include <string.h> + +#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32) +#include <unistd.h> +#else +#include <io.h> +#endif + +#if defined(_WIN32) || defined(_WIN32_WCE) +#include <winsock2.h> +#include <windows.h> + +#if defined(_MSC_VER) +#if defined(_WIN32_WCE) +#pragma comment( lib, "ws2.lib" ) +#else +#pragma comment( lib, "ws2_32.lib" ) +#endif +#endif /* _MSC_VER */ +#endif + +#define DFL_SERVER_NAME "localhost" +#define DFL_SERVER_PORT "465" +#define DFL_USER_NAME "user" +#define DFL_USER_PWD "password" +#define DFL_MAIL_FROM "" +#define DFL_MAIL_TO "" +#define DFL_DEBUG_LEVEL 0 +#define DFL_CA_FILE "" +#define DFL_CRT_FILE "" +#define DFL_KEY_FILE "" +#define DFL_FORCE_CIPHER 0 +#define DFL_MODE 0 +#define DFL_AUTHENTICATION 0 + +#define MODE_SSL_TLS 0 +#define MODE_STARTTLS 0 + +#if defined(MBEDTLS_BASE64_C) +#define USAGE_AUTH \ + " authentication=%%d default: 0 (disabled)\n" \ + " user_name=%%s default: \"" DFL_USER_NAME "\"\n" \ + " user_pwd=%%s default: \"" \ + DFL_USER_PWD "\"\n" +#else +#define USAGE_AUTH \ + " authentication options disabled. (Require MBEDTLS_BASE64_C)\n" +#endif /* MBEDTLS_BASE64_C */ + +#if defined(MBEDTLS_FS_IO) +#define USAGE_IO \ + " ca_file=%%s default: \"\" (pre-loaded)\n" \ + " crt_file=%%s default: \"\" (pre-loaded)\n" \ + " key_file=%%s default: \"\" (pre-loaded)\n" +#else +#define USAGE_IO \ + " No file operations available (MBEDTLS_FS_IO not defined)\n" +#endif /* MBEDTLS_FS_IO */ + +#define USAGE \ + "\n usage: ssl_mail_client param=<>...\n" \ + "\n acceptable parameters:\n" \ + " server_name=%%s default: " DFL_SERVER_NAME "\n" \ + " server_port=%%d default: " \ + DFL_SERVER_PORT "\n" \ + " debug_level=%%d default: 0 (disabled)\n" \ + " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \ + USAGE_AUTH \ + " mail_from=%%s default: \"\"\n" \ + " mail_to=%%s default: \"\"\n" \ + USAGE_IO \ + " force_ciphersuite=<name> default: all enabled\n" \ + " acceptable ciphersuite names:\n" + + +/* + * global options + */ +struct options { + const char *server_name; /* hostname of the server (client only) */ + const char *server_port; /* port on which the ssl service runs */ + int debug_level; /* level of debugging */ + int authentication; /* if authentication is required */ + int mode; /* SSL/TLS (0) or STARTTLS (1) */ + const char *user_name; /* username to use for authentication */ + const char *user_pwd; /* password to use for authentication */ + const char *mail_from; /* E-Mail address to use as sender */ + const char *mail_to; /* E-Mail address to use as recipient */ + const char *ca_file; /* the file with the CA certificate(s) */ + const char *crt_file; /* the file with the client certificate */ + const char *key_file; /* the file with the client key */ + int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ +} opt; + +static void my_debug(void *ctx, int level, + const char *file, int line, + const char *str) +{ + ((void) level); + + mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str); + fflush((FILE *) ctx); +} + +static int do_handshake(mbedtls_ssl_context *ssl) +{ + int ret; + uint32_t flags; + unsigned char buf[1024]; + memset(buf, 0, 1024); + + /* + * 4. Handshake + */ + mbedtls_printf(" . Performing the SSL/TLS handshake..."); + fflush(stdout); + + while ((ret = mbedtls_ssl_handshake(ssl)) != 0) { + if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { +#if defined(MBEDTLS_ERROR_C) + mbedtls_strerror(ret, (char *) buf, 1024); +#endif + mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d: %s\n\n", ret, buf); + return -1; + } + } + + mbedtls_printf(" ok\n [ Ciphersuite is %s ]\n", + mbedtls_ssl_get_ciphersuite(ssl)); + + /* + * 5. Verify the server certificate + */ + mbedtls_printf(" . Verifying peer X.509 certificate..."); + + /* In real life, we probably want to bail out when ret != 0 */ + if ((flags = mbedtls_ssl_get_verify_result(ssl)) != 0) { +#if !defined(MBEDTLS_X509_REMOVE_INFO) + char vrfy_buf[512]; +#endif + + mbedtls_printf(" failed\n"); + +#if !defined(MBEDTLS_X509_REMOVE_INFO) + mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); + + mbedtls_printf("%s\n", vrfy_buf); +#endif + } else { + mbedtls_printf(" ok\n"); + } + +#if !defined(MBEDTLS_X509_REMOVE_INFO) + mbedtls_printf(" . Peer certificate information ...\n"); + mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", + mbedtls_ssl_get_peer_cert(ssl)); + mbedtls_printf("%s\n", buf); +#endif + + return 0; +} + +static int write_ssl_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) +{ + int ret; + + mbedtls_printf("\n%s", buf); + while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) { + if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); + return -1; + } + } + + return 0; +} + +static int write_ssl_and_get_response(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) +{ + int ret; + unsigned char data[128]; + char code[4]; + size_t i, idx = 0; + + mbedtls_printf("\n%s", buf); + while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) { + if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret); + return -1; + } + } + + do { + len = sizeof(data) - 1; + memset(data, 0, sizeof(data)); + ret = mbedtls_ssl_read(ssl, data, len); + + if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { + continue; + } + + if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { + return -1; + } + + if (ret <= 0) { + mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret); + return -1; + } + + mbedtls_printf("\n%s", data); + len = ret; + for (i = 0; i < len; i++) { + if (data[i] != '\n') { + if (idx < 4) { + code[idx++] = data[i]; + } + continue; + } + + if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') { + code[3] = '\0'; + return atoi(code); + } + + idx = 0; + } + } while (1); +} + +static int write_and_get_response(mbedtls_net_context *sock_fd, unsigned char *buf, size_t len) +{ + int ret; + unsigned char data[128]; + char code[4]; + size_t i, idx = 0; + + mbedtls_printf("\n%s", buf); + if (len && (ret = mbedtls_net_send(sock_fd, buf, len)) <= 0) { + mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret); + return -1; + } + + do { + len = sizeof(data) - 1; + memset(data, 0, sizeof(data)); + ret = mbedtls_net_recv(sock_fd, data, len); + + if (ret <= 0) { + mbedtls_printf("failed\n ! mbedtls_net_recv returned %d\n\n", ret); + return -1; + } + + data[len] = '\0'; + mbedtls_printf("\n%s", data); + len = ret; + for (i = 0; i < len; i++) { + if (data[i] != '\n') { + if (idx < 4) { + code[idx++] = data[i]; + } + continue; + } + + if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') { + code[3] = '\0'; + return atoi(code); + } + + idx = 0; + } + } while (1); +} + +int main(int argc, char *argv[]) +{ + int ret = 1, len; + int exit_code = MBEDTLS_EXIT_FAILURE; + mbedtls_net_context server_fd; +#if defined(MBEDTLS_BASE64_C) + unsigned char base[1024]; + /* buf is used as the destination buffer for printing base with the format: + * "%s\r\n". Hence, the size of buf should be at least the size of base + * plus 2 bytes for the \r and \n characters. + */ + unsigned char buf[sizeof(base) + 2]; +#else + unsigned char buf[1024]; +#endif + char hostname[32]; + const char *pers = "ssl_mail_client"; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_ssl_context ssl; + mbedtls_ssl_config conf; + mbedtls_x509_crt cacert; + mbedtls_x509_crt clicert; + mbedtls_pk_context pkey; + int i; + size_t n; + char *p, *q; + const int *list; + + /* + * Make sure memory references are valid in case we exit early. + */ + mbedtls_net_init(&server_fd); + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); + memset(&buf, 0, sizeof(buf)); + mbedtls_x509_crt_init(&cacert); + mbedtls_x509_crt_init(&clicert); + mbedtls_pk_init(&pkey); + mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_entropy_init(&entropy); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", + (int) status); + goto exit; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + if (argc < 2) { +usage: + mbedtls_printf(USAGE); + + list = mbedtls_ssl_list_ciphersuites(); + while (*list) { + mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list)); + list++; + } + mbedtls_printf("\n"); + goto exit; + } + + opt.server_name = DFL_SERVER_NAME; + opt.server_port = DFL_SERVER_PORT; + opt.debug_level = DFL_DEBUG_LEVEL; + opt.authentication = DFL_AUTHENTICATION; + opt.mode = DFL_MODE; + opt.user_name = DFL_USER_NAME; + opt.user_pwd = DFL_USER_PWD; + opt.mail_from = DFL_MAIL_FROM; + opt.mail_to = DFL_MAIL_TO; + opt.ca_file = DFL_CA_FILE; + opt.crt_file = DFL_CRT_FILE; + opt.key_file = DFL_KEY_FILE; + opt.force_ciphersuite[0] = DFL_FORCE_CIPHER; + + for (i = 1; i < argc; i++) { + p = argv[i]; + if ((q = strchr(p, '=')) == NULL) { + goto usage; + } + *q++ = '\0'; + + if (strcmp(p, "server_name") == 0) { + opt.server_name = q; + } else if (strcmp(p, "server_port") == 0) { + opt.server_port = q; + } else if (strcmp(p, "debug_level") == 0) { + opt.debug_level = atoi(q); + if (opt.debug_level < 0 || opt.debug_level > 65535) { + goto usage; + } + } else if (strcmp(p, "authentication") == 0) { + opt.authentication = atoi(q); + if (opt.authentication < 0 || opt.authentication > 1) { + goto usage; + } + } else if (strcmp(p, "mode") == 0) { + opt.mode = atoi(q); + if (opt.mode < 0 || opt.mode > 1) { + goto usage; + } + } else if (strcmp(p, "user_name") == 0) { + opt.user_name = q; + } else if (strcmp(p, "user_pwd") == 0) { + opt.user_pwd = q; + } else if (strcmp(p, "mail_from") == 0) { + opt.mail_from = q; + } else if (strcmp(p, "mail_to") == 0) { + opt.mail_to = q; + } else if (strcmp(p, "ca_file") == 0) { + opt.ca_file = q; + } else if (strcmp(p, "crt_file") == 0) { + opt.crt_file = q; + } else if (strcmp(p, "key_file") == 0) { + opt.key_file = q; + } else if (strcmp(p, "force_ciphersuite") == 0) { + opt.force_ciphersuite[0] = -1; + + opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q); + + if (opt.force_ciphersuite[0] <= 0) { + goto usage; + } + + opt.force_ciphersuite[1] = 0; + } else { + goto usage; + } + } + + /* + * 0. Initialize the RNG and the session data + */ + mbedtls_printf("\n . Seeding the random number generator..."); + fflush(stdout); + + if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen(pers))) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + /* + * 1.1. Load the trusted CA + */ + mbedtls_printf(" . Loading the CA root certificate ..."); + fflush(stdout); + +#if defined(MBEDTLS_FS_IO) + if (strlen(opt.ca_file)) { + ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file); + } else +#endif +#if defined(MBEDTLS_PEM_PARSE_C) + ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, + mbedtls_test_cas_pem_len); +#else + { + mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined."); + goto exit; + } +#endif + if (ret < 0) { + mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok (%d skipped)\n", ret); + + /* + * 1.2. Load own certificate and private key + * + * (can be skipped if client authentication is not required) + */ + mbedtls_printf(" . Loading the client cert. and key..."); + fflush(stdout); + +#if defined(MBEDTLS_FS_IO) + if (strlen(opt.crt_file)) { + ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file); + } else +#endif + ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *) mbedtls_test_cli_crt, + mbedtls_test_cli_crt_len); + if (ret != 0) { + mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret); + goto exit; + } + +#if defined(MBEDTLS_FS_IO) + if (strlen(opt.key_file)) { + ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "", + mbedtls_ctr_drbg_random, &ctr_drbg); + } else +#endif +#if defined(MBEDTLS_PEM_PARSE_C) + { + ret = mbedtls_pk_parse_key(&pkey, + (const unsigned char *) mbedtls_test_cli_key, + mbedtls_test_cli_key_len, + NULL, + 0, + mbedtls_ctr_drbg_random, + &ctr_drbg); + } +#else + { + mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined."); + goto exit; + } +#endif + if (ret != 0) { + mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + /* + * 2. Start the connection + */ + mbedtls_printf(" . Connecting to tcp/%s/%s...", opt.server_name, + opt.server_port); + fflush(stdout); + + if ((ret = mbedtls_net_connect(&server_fd, opt.server_name, + opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + /* + * 3. Setup stuff + */ + mbedtls_printf(" . Setting up the SSL/TLS structure..."); + fflush(stdout); + + if ((ret = mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret); + goto exit; + } + + /* OPTIONAL is not optimal for security, + * but makes interop easier in this simplified example */ + mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); + + mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); + + if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) { + mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite); + } + + mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); + if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret); + goto exit; + } + + if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret); + goto exit; + } + + if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret); + goto exit; + } + + mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); + + mbedtls_printf(" ok\n"); + + if (opt.mode == MODE_SSL_TLS) { + if (do_handshake(&ssl) != 0) { + goto exit; + } + + mbedtls_printf(" > Get header from server:"); + fflush(stdout); + + ret = write_ssl_and_get_response(&ssl, buf, 0); + if (ret < 200 || ret > 299) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + mbedtls_printf(" > Write EHLO to server:"); + fflush(stdout); + + gethostname(hostname, 32); + len = sprintf((char *) buf, "EHLO %s\r\n", hostname); + ret = write_ssl_and_get_response(&ssl, buf, len); + if (ret < 200 || ret > 299) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + } else { + mbedtls_printf(" > Get header from server:"); + fflush(stdout); + + ret = write_and_get_response(&server_fd, buf, 0); + if (ret < 200 || ret > 299) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + mbedtls_printf(" > Write EHLO to server:"); + fflush(stdout); + + gethostname(hostname, 32); + len = sprintf((char *) buf, "EHLO %s\r\n", hostname); + ret = write_and_get_response(&server_fd, buf, len); + if (ret < 200 || ret > 299) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + mbedtls_printf(" > Write STARTTLS to server:"); + fflush(stdout); + + gethostname(hostname, 32); + len = sprintf((char *) buf, "STARTTLS\r\n"); + ret = write_and_get_response(&server_fd, buf, len); + if (ret < 200 || ret > 299) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + if (do_handshake(&ssl) != 0) { + goto exit; + } + } + +#if defined(MBEDTLS_BASE64_C) + if (opt.authentication) { + mbedtls_printf(" > Write AUTH LOGIN to server:"); + fflush(stdout); + + len = sprintf((char *) buf, "AUTH LOGIN\r\n"); + ret = write_ssl_and_get_response(&ssl, buf, len); + if (ret < 200 || ret > 399) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + mbedtls_printf(" > Write username to server: %s", opt.user_name); + fflush(stdout); + + ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_name, + strlen(opt.user_name)); + + if (ret != 0) { + mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret); + goto exit; + } + len = sprintf((char *) buf, "%s\r\n", base); + ret = write_ssl_and_get_response(&ssl, buf, len); + if (ret < 300 || ret > 399) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + mbedtls_printf(" > Write password to server: %s", opt.user_pwd); + fflush(stdout); + + ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_pwd, + strlen(opt.user_pwd)); + + if (ret != 0) { + mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret); + goto exit; + } + len = sprintf((char *) buf, "%s\r\n", base); + ret = write_ssl_and_get_response(&ssl, buf, len); + if (ret < 200 || ret > 399) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + } +#endif + + mbedtls_printf(" > Write MAIL FROM to server:"); + fflush(stdout); + + len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from); + ret = write_ssl_and_get_response(&ssl, buf, len); + if (ret < 200 || ret > 299) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + mbedtls_printf(" > Write RCPT TO to server:"); + fflush(stdout); + + len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to); + ret = write_ssl_and_get_response(&ssl, buf, len); + if (ret < 200 || ret > 299) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + mbedtls_printf(" > Write DATA to server:"); + fflush(stdout); + + len = sprintf((char *) buf, "DATA\r\n"); + ret = write_ssl_and_get_response(&ssl, buf, len); + if (ret < 300 || ret > 399) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + mbedtls_printf(" > Write content to server:"); + fflush(stdout); + + len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" + "This is a simple test mail from the " + "Mbed TLS mail client example.\r\n" + "\r\n" + "Enjoy!", opt.mail_from); + ret = write_ssl_data(&ssl, buf, len); + + len = sprintf((char *) buf, "\r\n.\r\n"); + ret = write_ssl_and_get_response(&ssl, buf, len); + if (ret < 200 || ret > 299) { + mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); + goto exit; + } + + mbedtls_printf(" ok\n"); + + mbedtls_ssl_close_notify(&ssl); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + mbedtls_net_free(&server_fd); + mbedtls_x509_crt_free(&clicert); + mbedtls_x509_crt_free(&cacert); + mbedtls_pk_free(&pkey); + mbedtls_ssl_free(&ssl); + mbedtls_ssl_config_free(&conf); + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_psa_crypto_free(); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + mbedtls_exit(exit_code); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C && + MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C ** + MBEDTLS_CTR_DRBG_C */ |