fixed cipher suite and implemented shutdown/free

[umurmur.git] / src / ssli_gnutls.c
diff --git a/src/ssli_gnutls.c b/src/ssli_gnutls.c

index bfadca71404613fb34204844be5b5faa8ee40f1a..a50d48c3edf9ef69441ced9d4091a5984673deaa 100644 (file)
--- a/src/ssli_gnutls.c
+++ b/src/ssli_gnutls.c
@@ -1,10 +1,14 @@
  #include "ssl.h"
  #include "conf.h"
+#include "log.h"
  
  static gnutls_dh_params_t dhParameters;
-static gnutls_certificate_credentials certificate;
+static gnutls_certificate_credentials_t certificate;
  
-void initiliazeCertificate()
+static const char * ciphers = "NONE:+CTYPE-X.509:+DHE-RSA:+RSA:+AES-256-CBC:+AES-128-CBC:+SHA256:+SHA1:+VERS-TLS-ALL:+COMP-ALL:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1";
+static gnutls_priority_t cipherCache;
+
+void initializeCertificate()
    {
    char* certificatePath = (char*) getStrConf(CERTIFICATE);
  
@@ -39,6 +43,8 @@ void SSLi_init()
    gnutls_global_init();
  #endif
  
+  gnutls_priority_init(&cipherCache, ciphers, NULL);
+
    initializeCertificate();
  
    Log_info("Sucessfully initialized GNUTLS version %s", gnutls_check_version(NULL));
@@ -48,5 +54,77 @@ void SSLi_init()
  void SSLi_deinit()
    {
    gnutls_certificate_free_credentials(certificate);
+  gnutls_priority_deinit(cipherCache);
    gnutls_global_deinit();
    }
+
+SSL_handle_t * SSLi_newconnection( int * fileDescriptor, bool_t * isSSLReady )
+  {
+  gnutls_session_t * session = calloc(1, sizeof(gnutls_session_t));
+
+  gnutls_init(session, GNUTLS_SERVER);
+  gnutls_priority_set(*session, cipherCache);
+  gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE, certificate);
+
+  gnutls_certificate_server_set_request(*session, GNUTLS_CERT_REQUIRE);
+
+  gnutls_transport_set_int(*session, *fileDescriptor);
+
+  if(isSSLReady && SSLi_nonblockaccept(session, isSSLReady))
+    *isSSLReady = true;
+
+  return session;
+  }
+
+bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash)
+  {
+  *hash = 0;
+  return true;
+  }
+
+int SSLi_nonblockaccept( SSL_handle_t *session, bool_t * isSSLReady )
+  {
+  int error;
+  do {
+    error = gnutls_handshake(*session);
+  } while(error < GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(error));
+
+  if ( error < GNUTLS_E_SUCCESS ) {
+    Log_fatal("TLS handshake failed with error %i (%s).", error, gnutls_strerror(error));
+  }
+
+  if(isSSLReady)
+    *isSSLReady = true;
+
+  return error;
+  }
+
+int SSLi_read(SSL_handle_t *session, uint8_t *buffer, int length)
+  {
+  return gnutls_record_recv(*session, buffer, length);
+  }
+
+int SSLi_write(SSL_handle_t *session, uint8_t *buffer, int length)
+  {
+  return gnutls_record_send(*session, buffer, length);
+  }
+
+int SSLi_get_error(SSL_handle_t *session, int code)
+  {
+  return code;
+  }
+
+bool_t SSLi_data_pending(SSL_handle_t *session)
+  {
+  return gnutls_record_check_pending(*session);
+  }
+
+void SSLi_shutdown(SSL_handle_t *session)
+  {
+  gnutls_bye(*session, GNUTLS_SHUT_WR);
+  }
+
+void SSLi_free(SSL_handle_t *session)
+  {
+  gnutls_deinit(*session);
+  }