Follow the following guide to install msys2, gcc & make:
https://github.com/orlp/dev-on-windows/wiki/Installing-GCC--&-MSYS2
Be sure to install the 1.0.x version of openssl!
pacman -S openssl-devel
pacman -S libexpat-devel
Be sure to install a version lower or higher than 2.6.3 because of a bug in that version!
wget http://repo.msys2.org/msys/x86_64/flex-2.6.1-1-x86_64.pkg.tar.xz
pacman -U flex-2.6.1-1-x86_64.pkg.tar.xz
To get the PKGBUILD files you need you can download or clone the following repository:
https://github.com/Alexpux/MINGW-packages
After the download you should copy the directories for the needed packages to your msys home directory "home/your_username".
Most PKGBUILD files in the msys2 repository are out-of-date. Because of that you need fix the SHA256-sums inside these files using openssl and a text-editor:
openssl dgst -sha256 ./the_file_to_hash
Copy the mingw-w64-ldns directory to your home directory and enter it. After that Compile and install it with the following commands:
MINGW_INSTALLS=mingw64 makepkg-mingw -sLf
pacman -U mingw-w64-x86_64-ldns-1.6.17-4-any.pkg.tar.xz
cd ..
Copy the mingw-w64-unbound directory to your home directory and enter it. After that Compile and install it with the following commands:
cd mingw-w64-unbound/
MINGW_INSTALLS=mingw64 makepkg-mingw -sLf
pacman -U mingw-w64-x86_64-unbound-1.5.10-1-any.pkg.tar.xz
Add the following headers to use the libraries:
#include <stdio.h> /* for printf */
#include <ws2tcpip.h>
#include <unbound.h> /* unbound API - BSD-LICENSE*/
#include <stdbool.h> /* bool */
#include <ldns/ldns.h> /* BSD-LICENSE*/
#include <ldns/rdata.h>
#include <math.h>
#include <string.h>
Compiling own sources under Windows:
mkdir build
cd ./build
cmake -G "MSYS Makefiles" ..
make
Compiling own sources under GNU/Linux:
-
Use a cmake script:
- See CMakeLists.txt example file
Build the project:
mkdir build cd ./build cmake make
- parsing srv-response:
-
Fetch the Trust-Anchor with the following tool:
-
Add the received Trust-Anchor file "ksk-as-ds.txt" to the folder of your compiled binary.
-
Request Example:
- https://www.unbound.net/documentation/libunbound-tutorial-6.html
- load the "ksk-as-ds.txt" in your program as trust anchor
ldns_rr * own_tlsa_rr = malloc(sizeof(ldns_rr)*6);
ldns_status status;
status = ldns_dane_create_tlsa_rr(/*ldns_rr** */ &own_tlsa_rr,
/*ldns_tlsa_certificate_usage*/ tlsa_record->usage,
/*ldns_tlsa_selector*/ tlsa_record->selector,
/*ldns_tlsa_matching_type*/ tlsa_record->match_type,
/*X509* */ cert);
- -> Line 1642: creating tlsa qname
- -> Line 1891: TLSA request
https://www.cs.utah.edu/~swalton/listings/articles/ssl_client.c
- -> fetch tls certificate
- Changes needed: use TLSv1_1_client_method as ssl_method
http://fm4dd.com/openssl/certpubkey.htm
read public key:
-
additional link for pinning: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
EVP_PKEY *pkey; pkey=X509_get_pubkey(cert); if (pkey == NULL) { //TODO: return error } //output on console as PEM PEM_write_PUBKEY(stdout, pkey);
http://openssl.6102.n7.nabble.com/difference-between-i2d-PUBKEY-and-i2d-PublicKey-td43869.html
- convert evp_pkey to der.
https://stackoverflow.com/questions/2262386/generate-sha256-with-openssl-and-c
- sha256 hash with openssl
Snippet: Conversion of uint8_to_hex-string:
void uint8_to_hex(uint8_t * bin, size_t size, char * result)
{
char buffer [200];
for(int i = 0; i < 32; i++) {
sprintf(result,"%02x",bin[i]);
printf("\n hex: %s \n", result);
}
printf("\n hex: %s \n", result);
}
Sending HTTPS request: