Skip to content

Instantly share code, notes, and snippets.

@sirn

sirn/DarwinSecurityCerts.c

Last active May 31, 2016 23:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save sirn/34dd38ff44201bc688486d2c45241e35 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save sirn/34dd38ff44201bc688486d2c45241e35 to your computer and use it in GitHub Desktop.
Download ZIP
Sample code for debugging Security.framework in Nix
Raw
DarwinSecurityCerts.c
#include <stdio.h>
#include <CoreFoundation/CoreFoundation.h>
#include <Security/Security.h>
int main() {
CFDataRef data = NULL;
CFArrayRef certs = NULL;
OSStatus err = SecTrustCopyAnchorCertificates(&certs);
if (err != noErr) {
printf("SSL certificate retrieve error: %d\n", err);
return -1;
}
int i, ncerts = CFArrayGetCount(certs);
printf("SSL certificates available: %d\n", ncerts);
return 0;
}
Raw
DarwinSecurityHandshake.c
#include <stdio.h>
#include <arpa/inet.h>
#include <CoreFoundation/CoreFoundation.h>
#include <Security/Security.h>
static OSStatus SocketWrite(SSLConnectionRef conn, const void *data, size_t *length) {
size_t len = *length;
uint8_t *ptr = (uint8_t *)data;
do {
ssize_t ret;
do {
ret = write((int)conn, ptr, len);
} while ((ret < 0) && (errno == EAGAIN || errno == EINTR));
if (ret > 0) {
len -= ret;
ptr += ret;
} else {
return -36;
}
} while (len > 0);
*length = *length - len;
return errSecSuccess;
}
static OSStatus SocketRead(SSLConnectionRef conn, void *data, size_t *length) {
size_t len = *length;
uint8_t *ptr = (uint8_t *)data;
do {
ssize_t ret;
do {
ret = read((int)conn, ptr, len);
} while ((ret < 0) && (errno == EAGAIN || errno == EINTR));
if (ret > 0) {
len -= ret;
ptr += ret;
} else {
return -36;
}
} while (len > 0);
*length = *length - len;
return errSecSuccess;
}
int main() {
struct in_addr host;
host.s_addr = inet_addr("93.184.216.34"); /* example.com */
struct sockaddr_in addr;
int sock = socket(AF_INET, SOCK_STREAM, 0);
addr.sin_addr = host;
addr.sin_port = htons(443);
connect(sock, (struct sockaddr *)&addr, sizeof(struct sockaddr_in));
SSLContextRef context = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
SSLSetProtocolVersionMin(context, kTLSProtocol1);
SSLSetIOFuncs(context, SocketRead, SocketWrite);
SSLSetConnection(context, (SSLConnectionRef)(long)sock);
OSStatus err = SSLHandshake(context);
if (err != noErr) {
printf("SSL handshake error: %d\n", err);
return -1;
}
printf("SSL handshake OK\n");
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment