#include "conf.h"
#include "log.h"
+#include <stdlib.h>
+
static gnutls_dh_params_t dhParameters;
static gnutls_certificate_credentials_t certificate;
-static const char * ciphers = "NONE:+CTYPE-X.509:+DHE-RSA:+RSA:+AES-256-CBC:+AES-128-CBC:+SHA256:+SHA1:+VERS-TLS-ALL:+COMP-ALL:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1";
+static const char * ciphers = "NORMAL";
static gnutls_priority_t cipherCache;
void initializeCertificate()
return session;
}
-bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash)
+bool_t SSLi_getSHA1Hash(SSL_handle_t *session, uint8_t *hash)
{
- *hash = 0;
- return true;
+ gnutls_datum_t const * certificateData = gnutls_certificate_get_peers(*session, NULL);
+
+ size_t resultSize = 0;
+ int error = gnutls_fingerprint( GNUTLS_DIG_SHA1, certificateData, hash, &resultSize);
+ return error == GNUTLS_E_SUCCESS && resultSize == 20;
}
int SSLi_nonblockaccept( SSL_handle_t *session, bool_t * isSSLReady )
} while(error < GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(error));
if ( error < GNUTLS_E_SUCCESS ) {
- Log_fatal("TLS handshake failed with error %i (%s).", error, gnutls_strerror(error));
+ Log_warn("TLS handshake failed with error %i (%s).", error, gnutls_strerror(error));
}
if(isSSLReady)