X-Git-Url: http://git.code-monkey.de/?a=blobdiff_plain;f=src%2Fssli_gnutls.c;h=c961525e2c7e51bada3c0fa752efca1ce7c4066c;hb=e1f22673c2a5e665130411ccedef6e2f4b230c3a;hp=dde1909de1abb35ca4bc805f60f457b0e6967d58;hpb=bc9c7b0ebb9f880015622e978c5df681cc6bf139;p=umurmur.git diff --git a/src/ssli_gnutls.c b/src/ssli_gnutls.c index dde1909..c961525 100644 --- a/src/ssli_gnutls.c +++ b/src/ssli_gnutls.c @@ -2,10 +2,12 @@ #include "conf.h" #include "log.h" +#include + static gnutls_dh_params_t dhParameters; static gnutls_certificate_credentials_t certificate; -static const char * ciphers = "SECURE128:-VERS-DTLS-ALL:-VERS-SSL3.0:-VERS-TLS1.0:+COMP_ALL"; +static const char * ciphers = "NORMAL"; static gnutls_priority_t cipherCache; void initializeCertificate() @@ -60,7 +62,7 @@ void SSLi_deinit() SSL_handle_t * SSLi_newconnection( int * fileDescriptor, bool_t * isSSLReady ) { - gnutls_session_t * session; // Maybe we need to calloc here + gnutls_session_t * session = calloc(1, sizeof(gnutls_session_t)); gnutls_init(session, GNUTLS_SERVER); gnutls_priority_set(*session, cipherCache); @@ -70,29 +72,65 @@ SSL_handle_t * SSLi_newconnection( int * fileDescriptor, bool_t * isSSLReady ) gnutls_transport_set_int(*session, *fileDescriptor); - *isSSLReady = true; + if(isSSLReady && SSLi_nonblockaccept(session, isSSLReady)) + *isSSLReady = true; return session; } -bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash) +bool_t SSLi_getSHA1Hash(SSL_handle_t *session, uint8_t *hash) { - *hash = 0; - return true; + gnutls_datum_t const * certificateData = gnutls_certificate_get_peers(*session, NULL); + + size_t resultSize = 0; + int error = gnutls_fingerprint( GNUTLS_DIG_SHA1, certificateData, hash, &resultSize); + return error == GNUTLS_E_SUCCESS && resultSize == 20; } int SSLi_nonblockaccept( SSL_handle_t *session, bool_t * isSSLReady ) { int error; do { - gnutls_handshake(*session); + error = gnutls_handshake(*session); } while(error < GNUTLS_E_SUCCESS && !gnutls_error_is_fatal(error)); if ( error < GNUTLS_E_SUCCESS ) { - Log_fatal("TLS handshake failed with error %i (%s).", error, gnutls_strerror(error)); + Log_warn("TLS handshake failed with error %i (%s).", error, gnutls_strerror(error)); } + if(isSSLReady) + *isSSLReady = true; + return error; } +int SSLi_read(SSL_handle_t *session, uint8_t *buffer, int length) + { + return gnutls_record_recv(*session, buffer, length); + } + +int SSLi_write(SSL_handle_t *session, uint8_t *buffer, int length) + { + return gnutls_record_send(*session, buffer, length); + } +int SSLi_get_error(SSL_handle_t *session, int code) + { + return code; + } + +bool_t SSLi_data_pending(SSL_handle_t *session) + { + return gnutls_record_check_pending(*session); + } + +void SSLi_shutdown(SSL_handle_t *session) + { + gnutls_bye(*session, GNUTLS_SHUT_WR); + } + +void SSLi_free(SSL_handle_t *session) + { + gnutls_deinit(*session); + free(session); + }