X-Git-Url: http://git.code-monkey.de/?a=blobdiff_plain;f=src%2Fssli_gnutls.c;h=a50d48c3edf9ef69441ced9d4091a5984673deaa;hb=1bab3b2b671edd8ada2c42ba662782ce81ca3215;hp=938678697fadf8b9ee753f0a2101b2c0a23ee625;hpb=cb1c5a3fb9bd38f05601b93d1ddc35b828a270de;p=umurmur.git diff --git a/src/ssli_gnutls.c b/src/ssli_gnutls.c index 9386786..a50d48c 100644 --- a/src/ssli_gnutls.c +++ b/src/ssli_gnutls.c @@ -5,7 +5,7 @@ static gnutls_dh_params_t dhParameters; static gnutls_certificate_credentials_t certificate; -static const char * ciphers = "SECURE128:-VERS-DTLS-ALL:-VERS-SSL3.0:-VERS-TLS1.0:+COMP_ALL"; +static const char * ciphers = "NONE:+CTYPE-X.509:+DHE-RSA:+RSA:+AES-256-CBC:+AES-128-CBC:+SHA256:+SHA1:+VERS-TLS-ALL:+COMP-ALL:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1"; static gnutls_priority_t cipherCache; void initializeCertificate() @@ -54,5 +54,77 @@ void SSLi_init() void SSLi_deinit() { gnutls_certificate_free_credentials(certificate); + gnutls_priority_deinit(cipherCache); gnutls_global_deinit(); } + +SSL_handle_t * SSLi_newconnection( int * fileDescriptor, bool_t * isSSLReady ) + { + gnutls_session_t * session = calloc(1, sizeof(gnutls_session_t)); + + gnutls_init(session, GNUTLS_SERVER); + gnutls_priority_set(*session, cipherCache); + gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE, certificate); + + gnutls_certificate_server_set_request(*session, GNUTLS_CERT_REQUIRE); + + gnutls_transport_set_int(*session, *fileDescriptor); + + if(isSSLReady && SSLi_nonblockaccept(session, isSSLReady)) + *isSSLReady = true; + + return session; + } + +bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash) + { + *hash = 0; + return true; + } + +int SSLi_nonblockaccept( SSL_handle_t *session, bool_t * isSSLReady ) + { + int error; + do { + error = gnutls_handshake(*session); + } while(error < GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(error)); + + if ( error < GNUTLS_E_SUCCESS ) { + Log_fatal("TLS handshake failed with error %i (%s).", error, gnutls_strerror(error)); + } + + if(isSSLReady) + *isSSLReady = true; + + return error; + } + +int SSLi_read(SSL_handle_t *session, uint8_t *buffer, int length) + { + return gnutls_record_recv(*session, buffer, length); + } + +int SSLi_write(SSL_handle_t *session, uint8_t *buffer, int length) + { + return gnutls_record_send(*session, buffer, length); + } + +int SSLi_get_error(SSL_handle_t *session, int code) + { + return code; + } + +bool_t SSLi_data_pending(SSL_handle_t *session) + { + return gnutls_record_check_pending(*session); + } + +void SSLi_shutdown(SSL_handle_t *session) + { + gnutls_bye(*session, GNUTLS_SHUT_WR); + } + +void SSLi_free(SSL_handle_t *session) + { + gnutls_deinit(*session); + }