X-Git-Url: http://git.code-monkey.de/?a=blobdiff_plain;f=src%2Fssli_gnutls.c;h=8883757d279f061b982e0d2409babdbd9208ddc0;hb=d55c5e7cf9d7dd4b22132d07afc3cd823f43abb8;hp=bfadca71404613fb34204844be5b5faa8ee40f1a;hpb=557fb1412d6fe0e0525b5ae0fee1337821bfe658;p=umurmur.git diff --git a/src/ssli_gnutls.c b/src/ssli_gnutls.c index bfadca7..8883757 100644 --- a/src/ssli_gnutls.c +++ b/src/ssli_gnutls.c @@ -1,10 +1,14 @@ #include "ssl.h" #include "conf.h" +#include "log.h" static gnutls_dh_params_t dhParameters; -static gnutls_certificate_credentials certificate; +static gnutls_certificate_credentials_t certificate; -void initiliazeCertificate() +static const char * ciphers = "SECURE128:-VERS-DTLS-ALL:-VERS-SSL3.0:-VERS-TLS1.0:+COMP_ALL"; +static gnutls_priority_t cipherCache; + +void initializeCertificate() { char* certificatePath = (char*) getStrConf(CERTIFICATE); @@ -39,6 +43,8 @@ void SSLi_init() gnutls_global_init(); #endif + gnutls_priority_init(&cipherCache, ciphers, NULL); + initializeCertificate(); Log_info("Sucessfully initialized GNUTLS version %s", gnutls_check_version(NULL)); @@ -48,5 +54,54 @@ void SSLi_init() void SSLi_deinit() { gnutls_certificate_free_credentials(certificate); + gnutls_priority_deinit(cipherCache); gnutls_global_deinit(); } + +SSL_handle_t * SSLi_newconnection( int * fileDescriptor, bool_t * isSSLReady ) + { + gnutls_session_t * session; // Maybe we need to calloc here + + gnutls_init(session, GNUTLS_SERVER); + gnutls_priority_set(*session, cipherCache); + gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE, certificate); + + gnutls_certificate_server_set_request(*session, GNUTLS_CERT_REQUIRE); + + gnutls_transport_set_int(*session, *fileDescriptor); + + *isSSLReady = true; + + return session; + } + +bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash) + { + *hash = 0; + return true; + } + +int SSLi_nonblockaccept( SSL_handle_t *session, bool_t * isSSLReady ) + { + int error; + do { + gnutls_handshake(*session); + } while(error < GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(error)); + + if ( error < GNUTLS_E_SUCCESS ) { + Log_fatal("TLS handshake failed with error %i (%s).", error, gnutls_strerror(error)); + } + + return error; + } + +int SSLi_read(SSL_handle_t *session, uint8_t *buffer, int length) + { + return gnutls_record_recv(*session, buffer, length); + } + +void SSLi_shutdown(SSL_handle_t *ssl) + { + } + +void SSLi_free(SSL_handle_t *ssl) {}