X-Git-Url: http://git.code-monkey.de/?a=blobdiff_plain;f=src%2Fssli_gnutls.c;h=b2e149e719d399b77b82a9d3c3aa470c12f73a25;hb=21d88cde9cf17f177e506badeaf0e512290e09e0;hp=95e96a5a9df3234b51ed30bc1f2e96d2b5b49911;hpb=df93d4e9a7be423740ca2f050ebc5b1492405e8d;p=umurmur.git diff --git a/src/ssli_gnutls.c b/src/ssli_gnutls.c index 95e96a5..b2e149e 100644 --- a/src/ssli_gnutls.c +++ b/src/ssli_gnutls.c @@ -1,10 +1,14 @@ #include "ssl.h" #include "conf.h" +#include "log.h" static gnutls_dh_params_t dhParameters; -static gnutls_certificate_credentials certificate; +static gnutls_certificate_credentials_t certificate; -void initiliazeCertificate() +static const char * ciphers = "SECURE128:-VERS-DTLS-ALL:-VERS-SSL3.0:-VERS-TLS1.0:+COMP_ALL"; +static gnutls_priority_t cipherCache; + +void initializeCertificate() { char* certificatePath = (char*) getStrConf(CERTIFICATE); @@ -39,9 +43,80 @@ void SSLi_init() gnutls_global_init(); #endif + gnutls_priority_init(&cipherCache, ciphers, NULL); + initializeCertificate(); Log_info("Sucessfully initialized GNUTLS version %s", gnutls_check_version(NULL)); } +void SSLi_deinit() + { + gnutls_certificate_free_credentials(certificate); + gnutls_priority_deinit(cipherCache); + gnutls_global_deinit(); + } + +SSL_handle_t * SSLi_newconnection( int * fileDescriptor, bool_t * isSSLReady ) + { + gnutls_session_t * session; // Maybe we need to calloc here + + gnutls_init(session, GNUTLS_SERVER); + gnutls_priority_set(*session, cipherCache); + gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE, certificate); + + gnutls_certificate_server_set_request(*session, GNUTLS_CERT_REQUIRE); + + gnutls_transport_set_int(*session, *fileDescriptor); + + *isSSLReady = true; + + return session; + } + +bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash) + { + *hash = 0; + return true; + } + +int SSLi_nonblockaccept( SSL_handle_t *session, bool_t * isSSLReady ) + { + int error; + do { + gnutls_handshake(*session); + } while(error < GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(error)); + + if ( error < GNUTLS_E_SUCCESS ) { + Log_fatal("TLS handshake failed with error %i (%s).", error, gnutls_strerror(error)); + } + + return error; + } + +int SSLi_read(SSL_handle_t *session, uint8_t *buffer, int length) + { + return gnutls_record_recv(*session, buffer, length); + } + +int SSLi_write(SSL_handle_t *session, uint8_t *buffer, int length) + { + return gnutls_record_send(*session, buffer, length); + } + +int SSLi_get_error(SSL_handle_t *session, int code) + { + return code; + } + +bool_t SSLi_data_pending(SSL_handle_t *session) + { + return gnutls_record_check_pending(*session); + } + +void SSLi_shutdown(SSL_handle_t *ssl) + { + } + +void SSLi_free(SSL_handle_t *ssl) {}