7 static gnutls_dh_params_t dhParameters;
8 static gnutls_certificate_credentials_t certificate;
10 static const char * ciphers = "NORMAL";
11 static gnutls_priority_t cipherCache;
13 void initializeCertificate()
15 char* certificatePath = (char*) getStrConf(CERTIFICATE);
17 if(!certificatePath) {
18 Log_fatal("No certificate file specified.");
21 char* keyPath = (char*) getStrConf(KEY);
24 Log_fatal("No key file specified");
27 gnutls_certificate_allocate_credentials(&certificate);
29 int error = gnutls_certificate_set_x509_key_file(certificate, certificatePath, keyPath, GNUTLS_X509_FMT_PEM);
31 if( error != GNUTLS_E_SUCCESS ) {
32 Log_fatal("Could not open key (%s) or certificate (%s).", keyPath, certificatePath);
39 unsigned const bitCount = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_MEDIUM);
41 gnutls_dh_params_init(&dhParameters);
42 gnutls_dh_params_generate2(dhParameters, bitCount);
44 #if GNUTLS_VERSION_NUMBER < 0x030300
48 gnutls_priority_init(&cipherCache, ciphers, NULL);
50 initializeCertificate();
52 Log_info("Sucessfully initialized GNUTLS version %s", gnutls_check_version(NULL));
58 gnutls_certificate_free_credentials(certificate);
59 gnutls_priority_deinit(cipherCache);
60 gnutls_global_deinit();
63 SSL_handle_t * SSLi_newconnection( int * fileDescriptor, bool_t * isSSLReady )
65 gnutls_session_t * session = calloc(1, sizeof(gnutls_session_t));
67 gnutls_init(session, GNUTLS_SERVER);
68 gnutls_priority_set(*session, cipherCache);
69 gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE, certificate);
71 gnutls_certificate_server_set_request(*session, GNUTLS_CERT_REQUIRE);
73 gnutls_transport_set_int(*session, *fileDescriptor);
75 if(isSSLReady && SSLi_nonblockaccept(session, isSSLReady))
81 bool_t SSLi_getSHA1Hash(SSL_handle_t *session, uint8_t *hash)
83 gnutls_datum_t const * certificateData = gnutls_certificate_get_peers(*session, NULL);
85 size_t resultSize = 0;
86 int error = gnutls_fingerprint( GNUTLS_DIG_SHA1, certificateData, hash, &resultSize);
87 return error == GNUTLS_E_SUCCESS && resultSize == 20;
90 int SSLi_nonblockaccept( SSL_handle_t *session, bool_t * isSSLReady )
94 error = gnutls_handshake(*session);
95 } while(error < GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(error));
97 if ( error < GNUTLS_E_SUCCESS ) {
98 Log_warn("TLS handshake failed with error %i (%s).", error, gnutls_strerror(error));
107 int SSLi_read(SSL_handle_t *session, uint8_t *buffer, int length)
109 return gnutls_record_recv(*session, buffer, length);
112 int SSLi_write(SSL_handle_t *session, uint8_t *buffer, int length)
114 return gnutls_record_send(*session, buffer, length);
117 int SSLi_get_error(SSL_handle_t *session, int code)
122 bool_t SSLi_data_pending(SSL_handle_t *session)
124 return gnutls_record_check_pending(*session);
127 void SSLi_shutdown(SSL_handle_t *session)
129 gnutls_bye(*session, GNUTLS_SHUT_WR);
132 void SSLi_free(SSL_handle_t *session)
134 gnutls_deinit(*session);