X-Git-Url: http://git.code-monkey.de/?a=blobdiff_plain;f=src%2Fssli_gnutls.c;h=c961525e2c7e51bada3c0fa752efca1ce7c4066c;hb=e1f22673c2a5e665130411ccedef6e2f4b230c3a;hp=938678697fadf8b9ee753f0a2101b2c0a23ee625;hpb=cb1c5a3fb9bd38f05601b93d1ddc35b828a270de;p=umurmur.git

diff --git a/src/ssli_gnutls.c b/src/ssli_gnutls.c
index 9386786..c961525 100644
--- a/src/ssli_gnutls.c
+++ b/src/ssli_gnutls.c
@@ -2,10 +2,12 @@
 #include "conf.h"
 #include "log.h"
 
+#include <stdlib.h>
+
 static gnutls_dh_params_t dhParameters;
 static gnutls_certificate_credentials_t certificate;
 
-static const char * ciphers = "SECURE128:-VERS-DTLS-ALL:-VERS-SSL3.0:-VERS-TLS1.0:+COMP_ALL";
+static const char * ciphers = "NORMAL";
 static gnutls_priority_t cipherCache;
 
 void initializeCertificate()
@@ -54,5 +56,81 @@ void SSLi_init()
 void SSLi_deinit()
   {
   gnutls_certificate_free_credentials(certificate);
+  gnutls_priority_deinit(cipherCache);
   gnutls_global_deinit();
   }
+
+SSL_handle_t * SSLi_newconnection( int * fileDescriptor, bool_t * isSSLReady )
+  {
+  gnutls_session_t * session = calloc(1, sizeof(gnutls_session_t));
+
+  gnutls_init(session, GNUTLS_SERVER);
+  gnutls_priority_set(*session, cipherCache);
+  gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE, certificate);
+
+  gnutls_certificate_server_set_request(*session, GNUTLS_CERT_REQUIRE);
+
+  gnutls_transport_set_int(*session, *fileDescriptor);
+
+  if(isSSLReady && SSLi_nonblockaccept(session, isSSLReady))
+    *isSSLReady = true;
+
+  return session;
+  }
+
+bool_t SSLi_getSHA1Hash(SSL_handle_t *session, uint8_t *hash)
+  {
+	gnutls_datum_t const * certificateData = gnutls_certificate_get_peers(*session, NULL);
+
+	size_t resultSize = 0;
+	int error = gnutls_fingerprint( GNUTLS_DIG_SHA1, certificateData, hash, &resultSize);
+	return error == GNUTLS_E_SUCCESS && resultSize == 20;
+  }
+
+int SSLi_nonblockaccept( SSL_handle_t *session, bool_t * isSSLReady )
+  {
+  int error;
+  do {
+    error = gnutls_handshake(*session);
+  } while(error < GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(error));
+
+  if ( error < GNUTLS_E_SUCCESS ) {
+    Log_warn("TLS handshake failed with error %i (%s).", error, gnutls_strerror(error));
+  }
+
+  if(isSSLReady)
+    *isSSLReady = true;
+
+  return error;
+  }
+
+int SSLi_read(SSL_handle_t *session, uint8_t *buffer, int length)
+  {
+  return gnutls_record_recv(*session, buffer, length);
+  }
+
+int SSLi_write(SSL_handle_t *session, uint8_t *buffer, int length)
+  {
+  return gnutls_record_send(*session, buffer, length);
+  }
+
+int SSLi_get_error(SSL_handle_t *session, int code)
+  {
+  return code;
+  }
+
+bool_t SSLi_data_pending(SSL_handle_t *session)
+  {
+  return gnutls_record_check_pending(*session);
+  }
+
+void SSLi_shutdown(SSL_handle_t *session)
+  {
+  gnutls_bye(*session, GNUTLS_SHUT_WR);
+  }
+
+void SSLi_free(SSL_handle_t *session)
+  {
+  gnutls_deinit(*session);
+  free(session);
+  }