C++ (Cpp) gnutls_certificate_allocate_credentials Examples

Example #1

File: mini-overhead.c Project: Drakey83/steamlink-sdk

static void server(int fd, const char *prio)
{
	int ret;
	char buffer[MAX_BUF + 1];
	gnutls_session_t session;

	/* this must be called once in the program
	 */
	global_init();
	memset(buffer, 0, sizeof(buffer));

	if (debug) {
		gnutls_global_set_log_function(server_log_func);
		gnutls_global_set_log_level(4711);
	}

	gnutls_certificate_allocate_credentials(&x509_cred);
	gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
					    &server_key,
					    GNUTLS_X509_FMT_PEM);

	gnutls_anon_allocate_server_credentials(&anoncred);

	session = initialize_tls_session(prio);

	gnutls_transport_set_int(session, fd);

	do {
		ret = gnutls_handshake(session);
	}
	while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
	if (ret < 0) {
		close(fd);
		gnutls_deinit(session);
		fail("server: Handshake has failed (%s) for %s\n\n",
		     gnutls_strerror(ret), prio);
		terminate();
	}
	if (debug)
		success("server: Handshake was completed\n");

	if (debug)
		success("server: TLS version is: %s\n",
			gnutls_protocol_get_name
			(gnutls_protocol_get_version(session)));
	close(fd);
	gnutls_deinit(session);

	gnutls_anon_free_server_credentials(anoncred);
	gnutls_certificate_free_credentials(x509_cred);

	gnutls_global_deinit();

	if (debug)
		success("server: finished\n");
}

Example #2

File: idevice.c Project: awadaolqi/irestore

/**
 * Enables SSL for the given connection.
 *
 * @param connection The connection to enable SSL for.
 *
 * @return IDEVICE_E_SUCCESS on success, IDEVICE_E_INVALID_ARG when connection
 *     is NULL or connection->ssl_data is non-NULL, or IDEVICE_E_SSL_ERROR when
 *     SSL initialization, setup, or handshake fails.
 */
idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection)
{
	if (!connection || connection->ssl_data)
		return IDEVICE_E_INVALID_ARG;

	idevice_error_t ret = IDEVICE_E_SSL_ERROR;
	uint32_t return_me = 0;

	ssl_data_t ssl_data_loc = (ssl_data_t)malloc(sizeof(struct ssl_data_private));

	/* Set up GnuTLS... */
	debug_info("enabling SSL mode");
	errno = 0;
	gnutls_global_init();
	gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate);
	gnutls_certificate_client_set_retrieve_function (ssl_data_loc->certificate, internal_cert_callback);
	gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT);
	gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL);
	gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate);
	gnutls_session_set_ptr(ssl_data_loc->session, ssl_data_loc);

	gnutls_x509_crt_init(&ssl_data_loc->root_cert);
	gnutls_x509_crt_init(&ssl_data_loc->host_cert);
	gnutls_x509_privkey_init(&ssl_data_loc->root_privkey);
	gnutls_x509_privkey_init(&ssl_data_loc->host_privkey);

	userpref_error_t uerr = userpref_get_keys_and_certs(ssl_data_loc->root_privkey, ssl_data_loc->root_cert, ssl_data_loc->host_privkey, ssl_data_loc->host_cert);
	if (uerr != USERPREF_E_SUCCESS) {
		debug_info("Error %d when loading keys and certificates! %d", uerr);
	}

	debug_info("GnuTLS step 1...");
	gnutls_transport_set_ptr(ssl_data_loc->session, (gnutls_transport_ptr_t)connection);
	debug_info("GnuTLS step 2...");
	gnutls_transport_set_push_function(ssl_data_loc->session, (gnutls_push_func) & internal_ssl_write);
	debug_info("GnuTLS step 3...");
	gnutls_transport_set_pull_function(ssl_data_loc->session, (gnutls_pull_func) & internal_ssl_read);
	debug_info("GnuTLS step 4 -- now handshaking...");
	if (errno)
		debug_info("WARN: errno says %s before handshake!", strerror(errno));
	return_me = gnutls_handshake(ssl_data_loc->session);
	debug_info("GnuTLS handshake done...");

	if (return_me != GNUTLS_E_SUCCESS) {
		internal_ssl_cleanup(ssl_data_loc);
		free(ssl_data_loc);
		debug_info("GnuTLS reported something wrong.");
		gnutls_perror(return_me);
		debug_info("oh.. errno says %s", strerror(errno));
	} else {
		connection->ssl_data = ssl_data_loc;
		ret = IDEVICE_E_SUCCESS;
		debug_info("SSL mode enabled");
	}
	return ret;
}

Example #3

File: ne_gnutls.c Project: GCrean/sitecopy

ne_ssl_context *ne_ssl_context_create(int flags)
{
    ne_ssl_context *ctx = ne_calloc(sizeof *ctx);
    gnutls_certificate_allocate_credentials(&ctx->cred);
    if (flags == NE_SSL_CTX_CLIENT) {
        gnutls_certificate_client_set_retrieve_function(ctx->cred,
                                                        provide_client_cert);
    }
    return ctx;
}

Example #4

File: ufwissl_gnutls_ctx.c Project: maximerobin/Ufwi

ufwissl_ssl_context *ufwissl_ssl_context_create(int flags)
{
	ufwissl_ssl_context *ctx = ufwissl_calloc(sizeof *ctx);
	gnutls_certificate_allocate_credentials(&ctx->cred);
/*    if (flags == UFWISSL_SSL_CTX_CLIENT) {
        gnutls_certificate_client_set_retrieve_function(ctx->cred,
                                                        provide_client_cert);
    }*/
	return ctx;
}

Example #5

File: mini-eagain2.c Project: nobled/gnutls

int
main (void)
{
  /* credentials */
  gnutls_anon_client_credentials_t c_anoncred;
  gnutls_certificate_credentials_t c_certcred;
  
  gnutls_session_t client;
  int sd, i;

  /* General init. */
  gnutls_global_init ();
  ecore_init();
//  gnutls_global_set_log_function (tls_log_func);
//  gnutls_global_set_log_level (2);

  /* Init client */
  gnutls_anon_allocate_client_credentials (&c_anoncred);
  gnutls_certificate_allocate_credentials (&c_certcred);


  for (i=0;i<5;i++) 
    {

      gnutls_init (&client, GNUTLS_CLIENT);
      /* set very specific priorities */
      gnutls_priority_set_direct(client, "NORMAL:+ANON-DH", NULL);
      gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
      gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, c_certcred);
      gnutls_server_name_set(client, GNUTLS_NAME_DNS, "localhost", strlen("localhost"));

      /* connect to the peer
       */
      sd = tcp_connect ();

      /* associate gnutls with socket */
      gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t) sd);
      /* add a callback for data being available for send/receive on socket */
      if (!ecore_main_fd_handler_add(sd, ECORE_FD_READ | ECORE_FD_WRITE, (Ecore_Fd_Cb)_process_data, client, NULL, NULL))
        {
           print("could not create fd handler!");
           exit(1);
        }
      /* begin main loop */
      ecore_main_loop_begin();

      gnutls_bye (client, GNUTLS_SHUT_RDWR);

      gnutls_deinit (client);

      tcp_close (sd);
    }
  
  return 0;
}

Example #6

File: set_pkcs12_cred.c Project: GostCrypt/GnuTLS

void doit(void)
{
	gnutls_certificate_credentials_t x509cred;
	const char *path;
	unsigned int i;
	char file[512];
	int ret;

	if (gnutls_fips140_mode_enabled()) {
		exit(77);
	}

	ret = global_init();
	if (ret < 0)
		fail("global_init failed %d\n", ret);

	gnutls_global_set_log_function(tls_log_func);
	if (debug)
		gnutls_global_set_log_level(4711);

	for (i = 0; files[i].file != NULL; i++) {

		ret = gnutls_certificate_allocate_credentials(&x509cred);
		if (ret < 0)
			fail("gnutls_certificate_allocate_credentials failed %d\n", ret);

		path = getenv("PKCS12PATH");
		if (!path)
			path = "cert-tests/data/";

		snprintf(file, sizeof(file), "%s/%s", path, files[i].file);

		if (debug)
			success
			    ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
			     file, files[i].pass);
		ret =
		    gnutls_certificate_set_x509_simple_pkcs12_file(x509cred,
								   file,
								   GNUTLS_X509_FMT_DER,
								   files[i].
								   pass);
		if (ret < 0)
			fail("x509_pkcs12 failed %d: %s\n", ret,
			     gnutls_strerror(ret));

		if (debug)
			success("Read file OK\n");

		gnutls_certificate_free_credentials(x509cred);
	}

	gnutls_global_deinit();
}

Example #7

File: tls_gnutls.c Project: 21hub/libvncserver

static gnutls_certificate_credentials_t
CreateX509CertCredential(rfbCredential *cred)
{
  gnutls_certificate_credentials_t x509_cred;
  int ret;

  if (!cred->x509Credential.x509CACertFile)
  {
    rfbClientLog("No CA certificate provided.\n");
    return NULL;
  }

  if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0)
  {
    rfbClientLog("Cannot allocate credentials: %s.\n", gnutls_strerror(ret));
    return NULL;
  }
  if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
    cred->x509Credential.x509CACertFile, GNUTLS_X509_FMT_PEM)) < 0)
  {
    rfbClientLog("Cannot load CA credentials: %s.\n", gnutls_strerror(ret));
    gnutls_certificate_free_credentials (x509_cred);
    return NULL;
  }
  if (cred->x509Credential.x509ClientCertFile && cred->x509Credential.x509ClientKeyFile)
  {
    if ((ret = gnutls_certificate_set_x509_key_file(x509_cred,
      cred->x509Credential.x509ClientCertFile, cred->x509Credential.x509ClientKeyFile,
      GNUTLS_X509_FMT_PEM)) < 0)
    {
      rfbClientLog("Cannot load client certificate or key: %s.\n", gnutls_strerror(ret));
      gnutls_certificate_free_credentials (x509_cred);
      return NULL;
    }
  } else
  {
    rfbClientLog("No client certificate or key provided.\n");
  }
  if (cred->x509Credential.x509CACrlFile)
  {
    if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
      cred->x509Credential.x509CACrlFile, GNUTLS_X509_FMT_PEM)) < 0)
    {
      rfbClientLog("Cannot load CRL: %s.\n", gnutls_strerror(ret));
      gnutls_certificate_free_credentials (x509_cred);
      return NULL;
    }
  } else
  {
    rfbClientLog("No CRL provided.\n");
  }
  gnutls_certificate_set_dh_params (x509_cred, rfbDHParams);
  return x509_cred;
}

Example #8

File: giognutls.c Project: connectivity/connman-stable

GIOChannel *g_io_channel_gnutls_new(int fd)
{
	GIOGnuTLSChannel *gnutls_channel;
	GIOChannel *channel;
	int err;

	DBG("");

	gnutls_channel = g_new(GIOGnuTLSChannel, 1);

	channel = (GIOChannel *) gnutls_channel;

	g_io_channel_init(channel);
	channel->funcs = &gnutls_channel_funcs;

	gnutls_channel->fd = fd;

	channel->is_seekable = FALSE;
	channel->is_readable = TRUE;
	channel->is_writeable = TRUE;

	channel->do_encode = FALSE;

	g_io_gnutls_global_init();

        err = gnutls_init(&gnutls_channel->session, GNUTLS_CLIENT);
	if (err < 0) {
		g_free(gnutls_channel);
		return NULL;
	}

	gnutls_transport_set_ptr(gnutls_channel->session, gnutls_channel);
        gnutls_transport_set_push_function(gnutls_channel->session,
						g_io_gnutls_push_func);
        gnutls_transport_set_pull_function(gnutls_channel->session,
						g_io_gnutls_pull_func);
#if GNUTLS_VERSION_NUMBER < 0x020c00
	gnutls_transport_set_lowat(gnutls_channel->session, 0);

	gnutls_priority_set_direct(gnutls_channel->session,
						"NORMAL:%COMPAT", NULL);
#else
	gnutls_priority_set_direct(gnutls_channel->session,
		"NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT", NULL);
#endif

	gnutls_certificate_allocate_credentials(&gnutls_channel->cred);
	gnutls_credentials_set(gnutls_channel->session,
				GNUTLS_CRD_CERTIFICATE, gnutls_channel->cred);

	DBG("channel %p", channel);

	return channel;
}

Example #9

File: relay-network.c Project: FauxFaux/weechat_old

void
relay_network_set_ssl_cert_key (int verbose)
{
#ifdef HAVE_GNUTLS
    char *certkey_path, *certkey_path2;
    int ret;

    gnutls_certificate_free_credentials (relay_gnutls_x509_cred);
    gnutls_certificate_allocate_credentials (&relay_gnutls_x509_cred);

    relay_network_init_ssl_cert_key_ok = 0;

    certkey_path = weechat_string_expand_home (weechat_config_string (relay_config_network_ssl_cert_key));
    if (certkey_path)
    {
        certkey_path2 = weechat_string_replace (certkey_path, "%h",
                                                weechat_info_get ("weechat_dir",
                                                                  NULL));
        if (certkey_path2)
        {
            ret = gnutls_certificate_set_x509_key_file (relay_gnutls_x509_cred,
                                                        certkey_path2,
                                                        certkey_path2,
                                                        GNUTLS_X509_FMT_PEM);
            if (ret >= 0)
            {
                relay_network_init_ssl_cert_key_ok = 1;
                if (verbose)
                {
                    weechat_printf (NULL,
                                    _("%s: SSL certificate and key have been "
                                      "set"),
                                    RELAY_PLUGIN_NAME);
                }
            }
            else
            {
                if (verbose)
                {
                    weechat_printf (NULL,
                                    _("%s%s: warning: no SSL certificate/key "
                                      "found (option relay.network.ssl_cert_key)"),
                                    weechat_prefix ("error"), RELAY_PLUGIN_NAME);
                }
            }
            free (certkey_path2);
        }
        free (certkey_path);
    }
#else
    /* make C compiler happy */
    (void) verbose;
#endif
}

Example #10

File: ne_gnutls.c Project: Nymphetaminer/dsl-n55u

ne_ssl_context *ne_ssl_context_create(int flags)
{
    ne_ssl_context *ctx = ne_calloc(sizeof *ctx);
    gnutls_certificate_allocate_credentials(&ctx->cred);
    if (flags == NE_SSL_CTX_CLIENT) {
        gnutls_certificate_client_set_retrieve_function(ctx->cred,
                                                        provide_client_cert);
    }
    gnutls_certificate_set_verify_flags(ctx->cred, 
                                        GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
    return ctx;
}

Example #11

File: tls.c Project: JavaProphet/Avuna-Skeleton

struct cert* loadCert(const char* ca, const char* cert, const char* key) {
	struct cert* oc = xmalloc(sizeof(struct cert));
	gnutls_certificate_allocate_credentials(&oc->cert);
	if (ca != NULL) gnutls_certificate_set_x509_trust_file(oc->cert, ca, GNUTLS_X509_FMT_PEM);
	int e1 = gnutls_certificate_set_x509_key_file(oc->cert, cert, key, GNUTLS_X509_FMT_PEM);
	if (e1 < 0) {
		return NULL;
	}
	gnutls_priority_init(&oc->priority, "PERFORMANCE:%SERVER_PRECEDENCE", NULL);
	gnutls_certificate_set_dh_params(oc->cert, dh_params);
	return oc;
}

Example #12

static Ecore_Con_Ssl_Error
_ecore_con_ssl_server_prepare_gnutls(Ecore_Con_Server *svr,
                                     int               ssl_type)
{
   int ret;

   if (ssl_type & ECORE_CON_USE_SSL2)
     return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;

   switch (ssl_type)
     {
      case ECORE_CON_USE_SSL3:
      case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
      case ECORE_CON_USE_TLS:
      case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
      case ECORE_CON_USE_MIXED:
      case ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT:
        break;

      default:
        return ECORE_CON_SSL_ERROR_NONE;
     }

   SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_certificate_allocate_credentials(&svr->cert));

   if ((!svr->use_cert) && svr->created)
     {
        SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_init(&svr->dh_params));
        INF("Generating DH params");
        SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_generate2(svr->dh_params, 1024));

        SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_server_credentials(&svr->anoncred_s));
        /* TODO: implement PSK */
        //  SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_psk_allocate_server_credentials(&svr->pskcred_s));

        gnutls_anon_set_server_dh_params(svr->anoncred_s, svr->dh_params);
        gnutls_certificate_set_dh_params(svr->cert, svr->dh_params);
        //gnutls_psk_set_server_dh_params(svr->pskcred_s, svr->dh_params);
        INF("DH params successfully generated and applied!");
     }
   else if (!svr->use_cert)
     {
        //SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_psk_allocate_client_credentials(&svr->pskcred_c));
          SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_client_credentials(&svr->anoncred_c));
     }

   return ECORE_CON_SSL_ERROR_NONE;

error:
   _gnutls_print_errors(ret);
   _ecore_con_ssl_server_shutdown_gnutls(svr);
   return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
}

Example #13

File: vnc-tls.c Project: BernardXiong/qemu

static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncDisplay *vd)
{
    gnutls_certificate_credentials_t x509_cred;
    int ret;

    if (!vd->tls.x509cacert) {
        VNC_DEBUG("No CA x509 certificate specified\n");
        return NULL;
    }
    if (!vd->tls.x509cert) {
        VNC_DEBUG("No server x509 certificate specified\n");
        return NULL;
    }
    if (!vd->tls.x509key) {
        VNC_DEBUG("No server private key specified\n");
        return NULL;
    }

    if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
        VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
        return NULL;
    }
    if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
                                                      vd->tls.x509cacert,
                                                      GNUTLS_X509_FMT_PEM)) < 0) {
        VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
        gnutls_certificate_free_credentials(x509_cred);
        return NULL;
    }

    if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
                                                     vd->tls.x509cert,
                                                     vd->tls.x509key,
                                                     GNUTLS_X509_FMT_PEM)) < 0) {
        VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
        gnutls_certificate_free_credentials(x509_cred);
        return NULL;
    }

    if (vd->tls.x509cacrl) {
        if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
                                                        vd->tls.x509cacrl,
                                                        GNUTLS_X509_FMT_PEM)) < 0) {
            VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
            gnutls_certificate_free_credentials(x509_cred);
            return NULL;
        }
    }

    gnutls_certificate_set_dh_params (x509_cred, dh_params);

    return x509_cred;
}

Example #14

File: x509cert.c Project: nobled/gnutls

void
doit (void)
{
  gnutls_certificate_credentials_t x509_cred;
  int ret;
  unsigned int i;
  gnutls_x509_crt_t issuer;
  gnutls_x509_crt_t list[LIST_SIZE];
  char dn[128];
  size_t dn_size;
  unsigned int list_size;

  /* this must be called once in the program
   */
  gnutls_global_init ();

  gnutls_global_set_log_function (tls_log_func);
  if (debug)
    gnutls_global_set_log_level (6);

  gnutls_certificate_allocate_credentials (&x509_cred);
  gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM);

  gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key,
                                       GNUTLS_X509_FMT_PEM);

  /* test for gnutls_certificate_get_issuer() */
  
  list_size = LIST_SIZE;
  ret = gnutls_x509_crt_list_import(list, &list_size, &cert, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED);
  if (ret < 0)
    fail("gnutls_x509_crt_list_import");

  ret = gnutls_certificate_get_issuer(x509_cred, list[0], &issuer, 0);
  if (ret < 0)
    fail("gnutls_certificate_get_isser");

  dn_size = sizeof(dn);
  ret = gnutls_x509_crt_get_dn(issuer, dn, &dn_size);
  if (ret < 0)
    fail("gnutls_certificate_get_isser");
  
  if (debug)
    fprintf(stderr, "Issuer's DN: %s\n", dn);
  for (i=0;i<list_size;i++)
    gnutls_x509_crt_deinit(list[i]);
  gnutls_certificate_free_credentials(x509_cred);
  
  gnutls_global_deinit();

  if (debug) success("success");
}

Example #15

File: keylog-env.c Project: komh/gnutls-os2

static void run(const char *env, const char *filename)
{
	gnutls_certificate_credentials_t x509_cred;
	int ret;

	remove(filename);

#ifdef _WIN32
	{
		char buf[512];
		snprintf(buf, sizeof(buf), "%s=%s", env, filename);
		_putenv(buf);
	}
#else
	setenv(env, filename, 1);
#endif

	global_init();

	if (debug) {
		gnutls_global_set_log_level(6);
		gnutls_global_set_log_function(tls_log_func);
	}

	/* test gnutls_certificate_flags() */
	assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0);

	ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert,
					    &server_ca3_key,
					    GNUTLS_X509_FMT_PEM);
	if (ret < 0) {
		fail("error in error code\n");
		exit(1);
	}

	test_cli_serv(x509_cred, "NORMAL", &ca3_cert, "localhost");

	if (access(filename, R_OK) != 0) {
		fail("keylog file was not created\n");
		exit(1);
	}

	search_for_str(filename);

	gnutls_certificate_free_credentials(x509_cred);

	gnutls_global_deinit();
	remove(filename);

	if (debug)
		success("success");
}

Example #16

static gpointer
server_thread (gpointer user_data)
{
	int listener = GPOINTER_TO_INT (user_data), client;
	gnutls_certificate_credentials creds;
	gnutls_session_t session;
	struct sockaddr_in sin;
	int len;
	char buf[BUFSIZE];
	int status;

	gnutls_certificate_allocate_credentials (&creds);
	if (gnutls_certificate_set_x509_key_file (creds,
						  ssl_cert_file, ssl_key_file,
						  GNUTLS_X509_FMT_PEM) != 0) {
		g_error ("Failed to set SSL certificate and key files "
			 "(%s, %s).", ssl_cert_file, ssl_key_file);
	}
	gnutls_certificate_set_dh_params (creds, dh_params);

	/* Create a new session */
	gnutls_init (&session, GNUTLS_SERVER);
	gnutls_set_default_priority (session);
	gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, creds);
	gnutls_dh_set_prime_bits (session, DH_BITS);

	/* Wait for client thread to connect */
	len = sizeof (sin);
	client = accept (listener, (struct sockaddr *) &sin, (void *)&len);
	gnutls_transport_set_ptr (session, GINT_TO_POINTER (client));

	/* Initial handshake */
	status = gnutls_handshake (session);
	if (status < 0)
		g_error ("initial handshake failed: %d", status);

	/* Synchronous client test. */
	server_read (session, buf, BUFSIZE);
	server_write (session, buf, BUFSIZE);

	/* Async client test. */
	server_read (session, buf, BUFSIZE);
	server_write (session, buf, BUFSIZE);

	/* That's all, folks. */
	gnutls_bye (session, GNUTLS_SHUT_WR);
	gnutls_deinit (session);
	close (client);
	gnutls_certificate_free_credentials (creds);

	return NULL;
}

Example #17

File: gnutls.c Project: azzurra/bluebox

int
rb_init_ssl(void)
{
    gnutls_global_init();

    if (gnutls_certificate_allocate_credentials(&x509) != GNUTLS_E_SUCCESS)
    {
        rb_lib_log("rb_init_ssl: Unable to allocate SSL/TLS certificate credentials");
        return 0;
    }
    rb_event_addish("rb_gcry_random_seed", rb_gcry_random_seed, NULL, 300);
    return 1;
}

Example #18

File: stream.c Project: areski/FreeSWITCH

static int
handshake (struct stream_data *data)
{
	const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
	const int kx_priority[] = { GNUTLS_KX_RSA, 0 };
	const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0};
	const int comp_priority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
	const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
	int ret;

#ifndef WIN32
	gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#endif

	if (gnutls_global_init () != 0)
		return IKS_NOMEM;

	if (gnutls_certificate_allocate_credentials (&data->cred) < 0)
		return IKS_NOMEM;

	if (gnutls_init (&data->sess, GNUTLS_CLIENT) != 0) {
		gnutls_certificate_free_credentials (data->cred);
		return IKS_NOMEM;
	}
	gnutls_protocol_set_priority (data->sess, protocol_priority);
	gnutls_cipher_set_priority(data->sess, cipher_priority);
	gnutls_compression_set_priority(data->sess, comp_priority);
	gnutls_kx_set_priority(data->sess, kx_priority);
	gnutls_mac_set_priority(data->sess, mac_priority);
	gnutls_credentials_set (data->sess, GNUTLS_CRD_CERTIFICATE, data->cred);


	gnutls_transport_set_push_function (data->sess, (gnutls_push_func) tls_push);
	gnutls_transport_set_pull_function (data->sess, (gnutls_pull_func) tls_pull);
	
	gnutls_transport_set_ptr (data->sess, data->prs);

	ret = gnutls_handshake (data->sess);
	if (ret != 0) {
		gnutls_deinit (data->sess);
		gnutls_certificate_free_credentials (data->cred);
		return IKS_NET_TLSFAIL;
	}

	data->flags &= (~SF_TRY_SECURE);
	data->flags |= SF_SECURE;

	iks_send_header (data->prs, data->server);

	return IKS_OK;
} // HAVE_GNUTLS

Example #19

File: session-tickets-ok.c Project: gnutls/gnutls

static void client(int fd, const char *prio)
{
	int ret;
	gnutls_certificate_credentials_t x509_cred;
	gnutls_session_t session;

	global_init();

	if (debug) {
		gnutls_global_set_log_function(client_log_func);
		gnutls_global_set_log_level(7);
	}

	gnutls_certificate_allocate_credentials(&x509_cred);

	assert(gnutls_init(&session, GNUTLS_CLIENT)>=0);

	assert(gnutls_priority_set_direct(session, prio, NULL)>=0);

	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);

	gnutls_transport_set_int(session, fd);

	do {
		ret = gnutls_handshake(session);
	}
	while (ret < 0 && gnutls_error_is_fatal(ret) == 0);

	if (ret < 0) {
		fail("client: Handshake failed: %s\n", gnutls_strerror(ret));
		terminate();
	} else {
		if (debug)
			success("client: Handshake was completed\n");
	}

	if (debug)
		success("client: TLS version is: %s\n",
			gnutls_protocol_get_name
			(gnutls_protocol_get_version(session)));

	gnutls_bye(session, GNUTLS_SHUT_WR);

	close(fd);

	gnutls_deinit(session);

	gnutls_certificate_free_credentials(x509_cred);

	gnutls_global_deinit();
}

Example #20

File: tls_common.c Project: Longdengyu/gtk-gnutella

G_GNUC_COLD void
tls_global_init(void)
{
    static const struct {
        const char * const name;
        const int major;
        const int minor;
    } f = {
        "tls", 1, 0
    };
    char *cert_file, *key_file;

#if !defined(REMAP_ZALLOC) && !defined(TRACK_MALLOC) && !defined(TRACK_ZALLOC)
    gnutls_global_set_mem_functions(halloc, halloc, NULL, hrealloc, hfree);
#endif

    if (gnutls_global_init()) {
        g_error("gnutls_global_init() failed");
    }

#ifdef USE_TLS_CUSTOM_IO
    gnutls_global_set_log_level(9);
    gnutls_global_set_log_function(tls_log_function);
#endif	/* USE_TLS_CUSTOM_IO */

    get_dh_params();
    gnutls_certificate_allocate_credentials(&cert_cred);

    key_file = make_pathname(settings_config_dir(), "key.pem");
    cert_file = make_pathname(settings_config_dir(), "cert.pem");

    if (file_exists(key_file) && file_exists(cert_file)) {
        int ret;

        ret = gnutls_certificate_set_x509_key_file(cert_cred,
                cert_file, key_file, GNUTLS_X509_FMT_PEM);
        if (ret < 0) {
            g_warning("gnutls_certificate_set_x509_key_file() failed: %s",
                      gnutls_strerror(ret));
        } else {
            gnutls_certificate_set_dh_params(cert_cred, get_dh_params());
        }
    }
    HFREE_NULL(key_file);
    HFREE_NULL(cert_file);

    header_features_add(FEATURES_CONNECTIONS, f.name, f.major, f.minor);
    header_features_add(FEATURES_G2_CONNECTIONS, f.name, f.major, f.minor);
    header_features_add(FEATURES_DOWNLOADS, f.name, f.major, f.minor);
    header_features_add(FEATURES_UPLOADS, f.name, f.major, f.minor);
}

Example #21

File: tlsext-decoding.c Project: ShiftMediaProject/gnutls

static void client(int fd)
{
	int ret;
	gnutls_certificate_credentials_t xcred;
	gnutls_session_t session;

	global_init();

	if (debug) {
		gnutls_global_set_log_function(client_log_func);
		gnutls_global_set_log_level(4711);
	}

	gnutls_certificate_allocate_credentials(&xcred);

	/* Initialize TLS session
	 */
	gnutls_init(&session, GNUTLS_CLIENT);
	gnutls_handshake_set_timeout(session, 20 * 1000);

	/* Use default priorities */
	gnutls_priority_set_direct(session,
				   "NORMAL:-KX-ALL:+ECDHE-RSA:%COMPAT",
				   NULL);

	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);

	gnutls_transport_set_int(session, fd);
	gnutls_transport_set_push_function(session, odd_push);

	/* Perform the TLS handshake
	 */
	do {
		ret = gnutls_handshake(session);
	}
	while (ret < 0 && gnutls_error_is_fatal(ret) == 0);

	if (ret >= 0) {
		fail("client: Handshake succeeded!\n");
		exit(1);
	}

	close(fd);

	gnutls_deinit(session);

	gnutls_certificate_free_credentials(xcred);

	gnutls_global_deinit();
}

Example #22

File: ecore_fd_handler_gnutls_example.c Project: amitesh-singh/Enlightenment

int
main (void)
{
  /* credentials */
  gnutls_anon_client_credentials_t c_anoncred;
  gnutls_certificate_credentials_t c_certcred;
  
  gnutls_session_t client;
  int sd;

  /* General init. */
  gnutls_global_init ();
  ecore_init();
  gnutls_global_set_log_function (tls_log_func);
    gnutls_global_set_log_level (6);

  /* Init client */
  gnutls_anon_allocate_client_credentials (&c_anoncred);
  gnutls_certificate_allocate_credentials (&c_certcred);
  gnutls_init (&client, GNUTLS_CLIENT);
  /* set very specific priorities */
  gnutls_priority_set_direct(client, "NONE:%VERIFY_ALLOW_X509_V1_CA_CRT:+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+COMP-DEFLATE:+COMP-NULL:+CTYPE-X509:+SHA1:+SHA256:+SHA384:+SHA512:+AES-256-CBC:+AES-128-CBC:+3DES-CBC:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0", NULL);
  gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
  gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, c_certcred);
  gnutls_server_name_set(client, GNUTLS_NAME_DNS, "www.verisign.com", strlen("www.verisign.com"));


  /* connect to the peer
   */
  sd = tcp_connect ();

  /* associate gnutls with socket */
  gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t) sd);
  /* add a callback for data being available for send/receive on socket */
  if (!ecore_main_fd_handler_add(sd, ECORE_FD_READ | ECORE_FD_WRITE, (Ecore_Fd_Cb)_process_data, client, NULL, NULL))
    {
       print("could not create fd handler!");
       exit(1);
    }
  /* begin main loop */
  ecore_main_loop_begin();

  gnutls_bye (client, GNUTLS_SHUT_RDWR);

  gnutls_deinit (client);

  tcp_close (sd);
  
  return 0;
}

Example #23

File: mailwatch-net-conn.c Project: xfce-mirror/xfce4-mailwatch-plugin

gboolean
xfce_mailwatch_net_conn_make_secure(XfceMailwatchNetConn *net_conn,
                                    GError **error)
{
    g_return_val_if_fail(net_conn && (!error || !*error), FALSE);
    g_return_val_if_fail(net_conn->fd != -1, FALSE);
    g_return_val_if_fail(!net_conn->is_secure, TRUE);

#ifdef HAVE_SSL_SUPPORT
    /* init the x509 cert */
    gnutls_certificate_allocate_credentials(&net_conn->gt_creds);
    gnutls_certificate_set_x509_trust_file(net_conn->gt_creds,
                                           GNUTLS_CA_FILE,
                                           GNUTLS_X509_FMT_PEM);
    
    /* init the session and set it up */
    gnutls_init(&net_conn->gt_session, GNUTLS_CLIENT);
    gnutls_priority_set_direct (net_conn->gt_session, "NORMAL", NULL); 
    gnutls_credentials_set(net_conn->gt_session, GNUTLS_CRD_CERTIFICATE,
                           net_conn->gt_creds);
    gnutls_transport_set_ptr(net_conn->gt_session,
                             (gnutls_transport_ptr_t)net_conn->fd);
#if GNUTLS_VERSION_NUMBER < 0x020c00 
    if(fcntl(net_conn->fd, F_GETFL) & O_NONBLOCK)
        gnutls_transport_set_lowat(net_conn->gt_session, 0);
#endif    

    if(!xfce_mailwatch_net_conn_tls_handshake(net_conn, error)) {
#if 0
        gnutls_bye(net_conn->gt_session, GNUTLS_SHUT_RDWR);
#endif
        gnutls_deinit(net_conn->gt_session);
        gnutls_certificate_free_credentials(net_conn->gt_creds);

        return FALSE;
    }

    net_conn->is_secure = TRUE;

    return TRUE;
#else
    if(error) {
        g_set_error(error, XFCE_MAILWATCH_ERROR, 0,
                    _("Not compiled with SSL/TLS support"));
    }
    g_critical("XfceMailwatch: TLS handshake failed: not compiled with SSL support.");
    
    return FALSE;
#endif
}

Example #24

File: gnutls_openssl.c Project: uvbs/SupportCenter

SSL *
SSL_new (SSL_CTX * ctx)
{
  SSL *ssl;
  int err;

  ssl = (SSL *) calloc (1, sizeof (SSL));
  if (!ssl)
    return NULL;

  err = gnutls_certificate_allocate_credentials (&ssl->gnutls_cred);
  if (err < 0)
    {
      last_error = err;
      free (ssl);
      return NULL;
    }

  gnutls_init (&ssl->gnutls_state, ctx->method->connend);

  gnutls_protocol_set_priority (ssl->gnutls_state,
				ctx->method->protocol_priority);
  gnutls_cipher_set_priority (ssl->gnutls_state,
			      ctx->method->cipher_priority);
  gnutls_compression_set_priority (ssl->gnutls_state,
				   ctx->method->comp_priority);
  gnutls_kx_set_priority (ssl->gnutls_state, ctx->method->kx_priority);
  gnutls_mac_set_priority (ssl->gnutls_state, ctx->method->mac_priority);

  gnutls_credentials_set (ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
			  ssl->gnutls_cred);
  if (ctx->certfile)
    gnutls_certificate_set_x509_trust_file (ssl->gnutls_cred,
					    ctx->certfile,
					    ctx->certfile_type);
  if (ctx->keyfile)
    gnutls_certificate_set_x509_key_file (ssl->gnutls_cred,
					  ctx->certfile, ctx->keyfile,
					  ctx->keyfile_type);
  ssl->ctx = ctx;
  ssl->verify_mode = ctx->verify_mode;
  ssl->verify_callback = ctx->verify_callback;

  ssl->options = ctx->options;

  ssl->rfd = (gnutls_transport_ptr_t) - 1;
  ssl->wfd = (gnutls_transport_ptr_t) - 1;

  return ssl;
}

Example #25

File: ocsp-filename-memleak.c Project: GostCrypt/GnuTLS

void doit(void)
{
    gnutls_certificate_credentials_t x509_cred;

    gnutls_certificate_allocate_credentials(&x509_cred);
    /* The file does not need to exist for this test
     */
    gnutls_certificate_set_ocsp_status_request_file
    (x509_cred, "ocsp-status.der", 0);
    gnutls_certificate_set_ocsp_status_request_file
    (x509_cred, "ocsp-status.der", 0);

    gnutls_certificate_free_credentials(x509_cred);
}

Example #26

File: custom-urls.c Project: gnutls/gnutls

static void client(int fd)
{
	int ret;
	gnutls_certificate_credentials_t x509_cred;
	gnutls_session_t session;

	gnutls_certificate_allocate_credentials(&x509_cred);

	/* Initialize TLS session
	 */
	gnutls_init(&session, GNUTLS_CLIENT);

	/* Use default priorities */
	assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0);

	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);

	gnutls_transport_set_int(session, fd);

	/* Perform the TLS handshake
	 */
	do {
		ret = gnutls_handshake(session);
	}
	while (ret < 0 && gnutls_error_is_fatal(ret) == 0);

	if (ret < 0) {
		fail("client: Handshake failed\n");
		gnutls_perror(ret);
		exit(1);
	} else {
		if (debug)
			success("client: Handshake was completed\n");
	}

	if (debug)
		success("client: TLS version is: %s\n",
			gnutls_protocol_get_name
			(gnutls_protocol_get_version(session)));

	gnutls_bye(session, GNUTLS_SHUT_WR);

	close(fd);

	gnutls_deinit(session);

	gnutls_certificate_free_credentials(x509_cred);

	gnutls_global_deinit();
}

Example #27

File: gnutlsif.cpp Project: BackupTheBerlios/btg-svn

         gtlsClientData::gtlsClientData(std::string const& _caFile,
                                        std::string const& _certFile,
                                        std::string const& _keyFile)
         {
            int ret = 0;

            gnutls_global_set_log_level(loglevel);
            gnutls_global_set_log_function(gtlsGeneric::logCallback);

            gnutls_certificate_allocate_credentials(&cred_);
            // GNUTLS_NOTICE("Allocted credentials");
            // Add the certificate authority used.
            // GNUTLS_NOTICE("Setting CA, file='" << _caFile << "'");
            ret = gnutls_certificate_set_x509_trust_file(cred_, _caFile.c_str(), GNUTLS_X509_FMT_PEM);
            // printerror("gnutls_certificate_set_x509_trust_file", ret);
            // GNUTLS_NOTICE("Processed " << ret << " certificates.");

            // Set the cert and private key.
            // Set the certificate and priate key pair.
            // GNUTLS_NOTICE("Setting certificate, file='" << _certFile << "'");
            // GNUTLS_NOTICE("Setting private key, file='" << _keyFile << "'");

            ret = gnutls_certificate_set_x509_key_file(cred_,
                                                       _certFile.c_str(),
                                                       _keyFile.c_str(),
                                                       GNUTLS_X509_FMT_PEM);
            // printerror("gnutls_certificate_set_x509_key_file", ret);

            // GNUTLS_NOTICE("Processed " << ret << " certificate/key pair(s).");

            ret = gnutls_init(&session_, GNUTLS_CLIENT);
            // printerror("gnutls_init", ret);

            ret = gnutls_set_default_priority(session_);
            // printerror("gnutls_set_default_priority", ret);

            gnutls_dh_set_prime_bits(session_, gtlsGeneric::GNUTLSIF_DH_BITS);

            const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };
            ret = gnutls_certificate_type_set_priority(session_,
                                                       cert_type_priority);
            // printerror("gnutls_certificate_type_set_priority", ret);

            ret = gnutls_credentials_set(session_,
                                         GNUTLS_CRD_CERTIFICATE,
                                         cred_);

            // printerror("gnutls_credentials_set", ret);
         }

Example #28

File: relay-network.c Project: angrylogic/weechat

void
relay_network_init ()
{
#ifdef HAVE_GNUTLS

    /* credentials */
    gnutls_certificate_allocate_credentials (&relay_gnutls_x509_cred);
    relay_network_set_ssl_cert_key (0);

    /* priority */
    relay_gnutls_priority_cache = malloc (sizeof (*relay_gnutls_priority_cache));
    if (relay_gnutls_priority_cache)
        relay_network_set_priority ();
#endif
    relay_network_init_ok = 1;
}

Example #29

File: quorumd.c Project: dhazen/heartbeat

void initialize_tls_global(void)
{
	gnutls_global_init ();

	gnutls_certificate_allocate_credentials (&x509_cred);
	gnutls_certificate_set_x509_trust_file (x509_cred, CACERT,
						GNUTLS_X509_FMT_PEM);
	gnutls_certificate_set_x509_crl_file (x509_cred, CACRL,
						GNUTLS_X509_FMT_PEM);
	gnutls_certificate_set_x509_key_file (x509_cred, SERVERCERT, SERVERKEY,
						GNUTLS_X509_FMT_PEM);
	gnutls_dh_params_init (&dh_params);
	gnutls_dh_params_generate2 (dh_params, DH_BITS);

	gnutls_certificate_set_dh_params (x509_cred, dh_params);
}

Example #30

File: gnutls_openssl.c Project: justinc1985/IntelRangeley

SSL *
SSL_new (SSL_CTX * ctx)
{
  SSL *ssl;
  int err;

  ssl = (SSL *) calloc (1, sizeof (SSL));
  if (!ssl)
    return NULL;

  err = gnutls_certificate_allocate_credentials (&ssl->gnutls_cred);
  if (err < 0)
    {
      last_error = err;
      free (ssl);
      return NULL;
    }

  gnutls_init (&ssl->gnutls_state, ctx->method->connend);

  gnutls_priority_set_direct (ssl->gnutls_state,
                                ctx->method->priority_string, NULL);

  gnutls_credentials_set (ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
                          ssl->gnutls_cred);
  if (ctx->certfile)
    gnutls_certificate_set_x509_trust_file (ssl->gnutls_cred,
                                            ctx->certfile,
                                            ctx->certfile_type);
  if (ctx->keyfile)
    gnutls_certificate_set_x509_key_file (ssl->gnutls_cred,
                                          ctx->certfile, ctx->keyfile,
                                          ctx->keyfile_type);
  ssl->ctx = ctx;
  ssl->verify_mode = ctx->verify_mode;
  ssl->verify_callback = ctx->verify_callback;

  ssl->options = ctx->options;

  ssl->rfd = (gnutls_transport_ptr_t) - 1;
  ssl->wfd = (gnutls_transport_ptr_t) - 1;

  ssl->ssl_peek_buffer = NULL;
  ssl->ssl_peek_buffer_size = ssl->ssl_peek_avail = 0;

  return ssl;
}