void server(int sock) { gnutls_session_t s = session(sock, 1); int err; time_t started = time(0); write(sock, &sock, 1); setup_killtimer(); do { await(sock); err = log(gnutls_handshake(s)); reset_killtimer(); } while (err != 0 && !gnutls_error_is_fatal(err)); log_error(err, started); for (;;) { char buffer[8192]; int len; do { await(sock); len = gnutls_record_recv(s, buffer, sizeof(buffer)); reset_killtimer(); } while (len < 0 && !gnutls_error_is_fatal(len)); log_error(len, started); gnutls_record_send(s, buffer, len); exit(0); } }
static void on_goodbye_tls(struct ev_loop *loop, ev_io *watcher, int revents) { ebb_connection *connection = watcher->data; assert(watcher == &connection->goodbye_tls_watcher); if(EV_ERROR & revents) { error("on_goodbye() got error event, closing connection."); goto die; } int r = gnutls_bye(connection->session, GNUTLS_SHUT_RDWR); if(r < 0) { if(gnutls_error_is_fatal(r)) goto die; if(r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) ev_io_set( watcher , connection->fd , (GNUTLS_NEED_WRITE ? EV_WRITE : EV_READ) ); return; } die: ev_io_stop(loop, watcher); if(connection->session) gnutls_deinit(connection->session); close_connection(connection); }
/** * @short Initializes a connection on a request * @memberof onion_https_t * * Do the accept of the request, and the SSL handshake. * * @param req The request * @returns <0 in case of error. */ static int onion_https_request_init(onion_request *req){ onion_listen_point_request_init_from_socket(req); onion_https *https=(onion_https*)req->connection.listen_point->user_data; ONION_DEBUG("Accept new request, fd %d",req->connection.fd); gnutls_session_t session; gnutls_init (&session, GNUTLS_SERVER); gnutls_priority_set (session, https->priority_cache); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, https->x509_cred); /* Set maximum compatibility mode. This is only suggested on public webservers * that need to trade security for compatibility */ gnutls_session_enable_compatibility_mode (session); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t)(long) req->connection.fd); int ret; do{ ret = gnutls_handshake (session); }while (ret < 0 && gnutls_error_is_fatal (ret) == 0); if (ret<0){ // could not handshake. assume an error. ONION_ERROR("Handshake has failed (%s)", gnutls_strerror (ret)); gnutls_bye (session, GNUTLS_SHUT_WR); gnutls_deinit(session); onion_listen_point_request_close_socket(req); return -1; } req->connection.user_data=(void*)session; return 0; }
static int tls_socket_read (CONNECTION* conn, char* buf, size_t len) { tlssockdata *data = conn->sockdata; int ret; if (!data) { mutt_error (_("Error: no TLS socket open")); mutt_sleep (2); return -1; } do { ret = gnutls_record_recv (data->state, buf, len); if (ret < 0 && gnutls_error_is_fatal(ret) == 1) { mutt_error ("tls_socket_read (%s)", gnutls_strerror (ret)); mutt_sleep (4); return -1; } } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); return ret; }
extern int xlibgnutls_tls_handshake(gnutls_session_t *session, int tcp_sd, unsigned verbose_level) { int ret, ii; /* Need to enable anonymous KX specifically. */ gnutls_global_init(); gnutls_anon_allocate_client_credentials(&anoncred); gnutls_init(session, GNUTLS_CLIENT); gnutls_priority_set_direct(*session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL); gnutls_credentials_set(*session, GNUTLS_CRD_ANON, anoncred); gnutls_transport_set_int(*session, tcp_sd); gnutls_handshake_set_timeout(*session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); do { ret = gnutls_handshake(*session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { print_error("handshake failed"); gnutls_perror(ret); } else { char *desc; desc = gnutls_session_get_desc(*session); print_info("- Session info: %s\n", desc); gnutls_free(desc); } return ret; }
static int do_handshake (socket_st * socket) { int ret; gnutls_transport_set_ptr (socket->session, (gnutls_transport_ptr_t) gl_fd_to_handle (socket->fd)); do { gnutls_handshake_set_timeout( socket->session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); ret = gnutls_handshake (socket->session); if (ret < 0) { handle_error (socket, ret); } } while (ret < 0 && gnutls_error_is_fatal (ret) == 0); if (ret == 0) { /* print some information */ print_info (socket->session, verbose, 0); socket->secure = 1; } else { gnutls_alert_send_appropriate (socket->session, ret); shutdown (socket->fd, SHUT_RDWR); } return ret; }
static int handle_ssl_error(struct ssl_proxy *proxy, int error) { if (!gnutls_error_is_fatal(error)) { if (!verbose_ssl) return 0; if (error == GNUTLS_E_WARNING_ALERT_RECEIVED) { i_warning("Received SSL warning alert: %s [%s]", get_alert_text(proxy), net_ip2addr(&proxy->ip)); } else { i_warning("Non-fatal SSL error: %s: %s", get_alert_text(proxy), net_ip2addr(&proxy->ip)); } return 0; } if (verbose_ssl) { /* fatal error occurred */ if (error == GNUTLS_E_FATAL_ALERT_RECEIVED) { i_warning("Received SSL fatal alert: %s [%s]", get_alert_text(proxy), net_ip2addr(&proxy->ip)); } else { i_warning("Error reading from SSL client: %s [%s]", gnutls_strerror(error), net_ip2addr(&proxy->ip)); } } gnutls_alert_send_appropriate(proxy->session, error); ssl_proxy_destroy(proxy); return -1; }
static int _ecore_con_ssl_server_write_gnutls(Ecore_Con_Server *svr, unsigned char *buf, int size) { int num; if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING) { DBG("Continuing gnutls handshake"); if (!_ecore_con_ssl_server_init_gnutls(svr)) return 0; return -1; } num = gnutls_record_send(svr->session, buf, size); if (num > 0) return num; if (num == GNUTLS_E_REHANDSHAKE) { WRN("Rehandshake request ignored"); return 0; /* this is only partly functional I think? */ svr->handshaking = EINA_TRUE; svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING; if (!_ecore_con_ssl_server_init_gnutls(svr)) return 0; } else if (!gnutls_error_is_fatal(num)) return 0; return -1; }
static int _ecore_con_ssl_client_write_gnutls(Ecore_Con_Client *cl, unsigned char *buf, int size) { int num; if (cl->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING) { if (!_ecore_con_ssl_client_init_gnutls(cl)) return 0; return -1; } num = gnutls_record_send(cl->session, buf, size); if (num > 0) return num; if (num == GNUTLS_E_REHANDSHAKE) { WRN("Rehandshake request ignored"); return 0; cl->handshaking = EINA_TRUE; cl->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING; if (!_ecore_con_ssl_client_init_gnutls(cl)) return 0; } else if (!gnutls_error_is_fatal(num)) return 0; return -1; }
static int do_handshake (socket_st * socket) { int ret; gnutls_transport_set_ptr (socket->session, (gnutls_transport_ptr_t) gl_fd_to_handle (socket->fd)); do { ret = gnutls_handshake (socket->session); if (ret < 0) { handle_error (socket, ret); } } while (ret < 0 && gnutls_error_is_fatal (ret) == 0); if (ret == 0) { /* print some information */ print_info (socket->session, socket->hostname, info.insecure); socket->secure = 1; } else { gnutls_alert_send_appropriate (socket->session, ret); shutdown (socket->fd, SHUT_RDWR); } return ret; }
bool GnuTLSBase::handshake() { if( !m_handler ) return false; int ret = gnutls_handshake( *m_session ); if( ret < 0 && gnutls_error_is_fatal( ret ) ) { gnutls_perror( ret ); gnutls_db_remove_session( *m_session ); gnutls_deinit( *m_session ); m_valid = false; m_handler->handleHandshakeResult( this, false, m_certInfo ); return false; } else if( ret == GNUTLS_E_AGAIN ) { return true; } m_secure = true; getCertInfo(); m_handler->handleHandshakeResult( this, true, m_certInfo ); return true; }
static int vnc_start_vencrypt_handshake(struct VncState *vs) { int ret; if ((ret = gnutls_handshake(vs->tls.session)) < 0) { if (!gnutls_error_is_fatal(ret)) { VNC_DEBUG("Handshake interrupted (blocking)\n"); if (!gnutls_record_get_direction(vs->tls.session)) qemu_set_fd_handler(vs->csock, vnc_tls_handshake_io, NULL, vs); else qemu_set_fd_handler(vs->csock, NULL, vnc_tls_handshake_io, vs); return 0; } VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret)); vnc_client_error(vs); return -1; } if (vs->vd->tls.x509verify) { if (vnc_tls_validate_certificate(vs) < 0) { VNC_DEBUG("Client verification failed\n"); vnc_client_error(vs); return -1; } else { VNC_DEBUG("Client verification passed\n"); } } VNC_DEBUG("Handshake done, switching to TLS data mode\n"); vs->tls.wiremode = VNC_WIREMODE_TLS; qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs); start_auth_vencrypt_subauth(vs); return 0; }
static rfbBool HandshakeTLS(rfbClient* client) { int timeout = 15; int ret; while (timeout > 0 && (ret = gnutls_handshake((gnutls_session_t)client->tlsSession)) < 0) { if (!gnutls_error_is_fatal(ret)) { rfbClientLog("TLS handshake blocking.\n"); sleep(1); timeout--; continue; } rfbClientLog("TLS handshake failed: %s.\n", gnutls_strerror(ret)); FreeTLS(client); return FALSE; } if (timeout <= 0) { rfbClientLog("TLS handshake timeout.\n"); FreeTLS(client); return FALSE; } rfbClientLog("TLS handshake done.\n"); return TRUE; }
static int gnutls_Error(vlc_tls_t *tls, int val) { switch (val) { case GNUTLS_E_AGAIN: #ifdef _WIN32 WSASetLastError (WSAEWOULDBLOCK); #endif errno = EAGAIN; break; case GNUTLS_E_INTERRUPTED: #ifdef _WIN32 WSASetLastError (WSAEINTR); #endif errno = EINTR; break; default: msg_Err(tls->obj, "%s", gnutls_strerror (val)); #ifndef NDEBUG if (!gnutls_error_is_fatal (val)) msg_Err(tls->obj, "Error above should be handled"); #endif #ifdef _WIN32 WSASetLastError (WSAECONNRESET); #endif errno = ECONNRESET; } return -1; }
static void server (int fd, int wait) { int ret; gnutls_session_t session; gnutls_anon_server_credentials_t anoncred; /* this must be called once in the program */ global_init (); if (debug) { gnutls_global_set_log_function (server_log_func); gnutls_global_set_log_level (4711); } gnutls_anon_allocate_server_credentials (&anoncred); initialize_tls_session (&session); gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd); if (wait) sleep(25); else do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); gnutls_deinit (session); gnutls_anon_free_server_credentials(anoncred); gnutls_global_deinit(); }
static void server(int fd, int packet) { int ret; /* this must be called once in the program */ global_init(); if (debug) { gnutls_global_set_log_function(server_log_func); gnutls_global_set_log_level(4711); } gnutls_anon_allocate_server_credentials(&anoncred); session = initialize_tls_session(); counter = 0; packet_to_lose = packet; gnutls_transport_set_int(session, fd); gnutls_transport_set_push_function(session, push); do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); gnutls_deinit(session); gnutls_global_deinit(); if (ret < 0) { return; } }
static int tls_socket_write (CONNECTION* conn, const char* buf, size_t len) { tlssockdata *data = conn->sockdata; int ret; size_t sent = 0; if (!data) { mutt_error (_("Error: no TLS socket open")); mutt_sleep (2); return -1; } do { ret = gnutls_record_send (data->state, buf + sent, len - sent); if (ret < 0) { if (gnutls_error_is_fatal(ret) == 1) { mutt_error ("tls_socket_write (%s)", gnutls_strerror (ret)); mutt_sleep (4); return -1; } return ret; } sent += ret; } while (sent < len); return sent; }
static int vncws_start_tls_handshake(struct VncState *vs) { int ret = gnutls_handshake(vs->ws_tls.session); if (ret < 0) { if (!gnutls_error_is_fatal(ret)) { VNC_DEBUG("Handshake interrupted (blocking)\n"); if (!gnutls_record_get_direction(vs->ws_tls.session)) { qemu_set_fd_handler(vs->csock, vncws_tls_handshake_io, NULL, vs); } else { qemu_set_fd_handler(vs->csock, NULL, vncws_tls_handshake_io, vs); } return 0; } VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret)); vnc_client_error(vs); return -1; } VNC_DEBUG("Handshake done, switching to TLS data mode\n"); vs->ws_tls.wiremode = VNC_WIREMODE_TLS; qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs); return 0; }
/// Initializes GNUTLS session on the given socket. static gnutls_session_t onion_prepare_gnutls_session(onion *o, int clientfd){ gnutls_session_t session; gnutls_init (&session, GNUTLS_SERVER); gnutls_priority_set (session, o->priority_cache); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, o->x509_cred); /* request client certificate if any. */ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); /* Set maximum compatibility mode. This is only suggested on public webservers * that need to trade security for compatibility */ gnutls_session_enable_compatibility_mode (session); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t)(long) clientfd); int ret; int n_tries=0; do{ ret = gnutls_handshake (session); if (n_tries++>10) // Ok, dont abuse the system. Maybe trying to DoS me? break; }while (ret<0 && gnutls_error_is_fatal(ret)==0); if (ret<0){ // could not handshake. assume an error. ONION_ERROR("Handshake has failed (%s)", gnutls_strerror (ret)); gnutls_deinit (session); return NULL; } return session; }
static int _ecore_con_ssl_server_read_gnutls(Ecore_Con_Server *svr, unsigned char *buf, int size) { int num; if (svr->ssl_state == ECORE_CON_SSL_STATE_HANDSHAKING) { DBG("Continuing gnutls handshake"); if (!_ecore_con_ssl_server_init_gnutls(svr)) return 0; return -1; } num = gnutls_record_recv(svr->session, buf, size); if (num > 0) return num; if (num == GNUTLS_E_REHANDSHAKE) { WRN("Rehandshake request ignored"); return 0; svr->handshaking = EINA_TRUE; svr->ssl_state = ECORE_CON_SSL_STATE_HANDSHAKING; if (!_ecore_con_ssl_server_init_gnutls(svr)) return 0; } else if ((!gnutls_error_is_fatal(num)) && (num != GNUTLS_E_SUCCESS)) return 0; return -1; }
static void server (int fd, const char* prio) { int ret; char buffer[MAX_BUF + 1]; gnutls_session_t session; /* this must be called once in the program */ gnutls_global_init (); memset(buffer, 0, sizeof(buffer)); if (debug) { gnutls_global_set_log_function (server_log_func); gnutls_global_set_log_level (4711); } gnutls_certificate_allocate_credentials (&x509_cred); gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key, GNUTLS_X509_FMT_PEM); gnutls_anon_allocate_server_credentials (&anoncred); session = initialize_tls_session (prio); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd); do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { close (fd); gnutls_deinit (session); fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret)); terminate(); } if (debug) success ("server: Handshake was completed\n"); if (debug) success ("server: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version (session))); close(fd); gnutls_deinit (session); gnutls_anon_free_server_credentials (anoncred); gnutls_certificate_free_credentials (x509_cred); gnutls_global_deinit (); if (debug) success ("server: finished\n"); }
static void client(int fd, int packet) { int ret; gnutls_anon_client_credentials_t anoncred; /* Need to enable anonymous KX specifically. */ global_init(); if (debug) { gnutls_global_set_log_function(client_log_func); gnutls_global_set_log_level(4711); } gnutls_anon_allocate_client_credentials(&anoncred); /* Initialize TLS session */ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); gnutls_dtls_set_mtu(session, 1500); /* Use default priorities */ gnutls_priority_set_direct(session, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", NULL); /* put the anonymous credentials to the current session */ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); counter = 0; packet_to_lose = packet; gnutls_transport_set_int(session, fd); gnutls_transport_set_push_function(session, push); /* Perform the TLS handshake */ do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); gnutls_deinit(session); gnutls_global_deinit(); if (ret < 0) { if (ret == GNUTLS_E_TIMEDOUT) return; fail("client: Handshake failed\n"); gnutls_perror(ret); exit(1); } else { if (debug) success("client: Handshake was completed\n"); } exit(1); }
static void client(int fd) { int ret; gnutls_anon_client_credentials_t anoncred; gnutls_session_t session; /* Need to enable anonymous KX specifically. */ global_init(); if (debug) { gnutls_global_set_log_function(client_log_func); gnutls_global_set_log_level(4711); } gnutls_anon_allocate_client_credentials(&anoncred); /* Initialize TLS session */ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); gnutls_dtls_set_mtu(session, 1500); gnutls_handshake_set_timeout(session, 20 * 1000); /* Use default priorities */ gnutls_priority_set_direct(session, "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", NULL); /* put the anonymous credentials to the current session */ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); gnutls_transport_set_int(session, fd); gnutls_transport_set_push_function(session, push); /* Perform the TLS handshake */ do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { success("client: Handshake failed as expected\n"); gnutls_perror(ret); goto exit; } else { fail("client: Handshake completed unexpectedly\n"); goto exit; } exit: gnutls_deinit(session); gnutls_anon_free_client_credentials(anoncred); gnutls_global_deinit(); }
void TLSTransaction::init (TLSServer& server) { gnutls_init (&_session, GNUTLS_SERVER); gnutls_priority_set (_session, server._priorities); gnutls_credentials_set (_session, GNUTLS_CRD_CERTIFICATE, server._credentials); // Require client certificate. gnutls_certificate_server_set_request (_session, GNUTLS_CERT_REQUIRE); /* // Set maximum compatibility mode. This is only suggested on public // webservers that need to trade security for compatibility gnutls_session_enable_compatibility_mode (_session); */ struct sockaddr_in sa_cli = {0}; socklen_t client_len = sizeof sa_cli; do { _socket = accept (server._socket, (struct sockaddr *) &sa_cli, &client_len); } while (errno == EINTR); if (_socket < 0) throw std::string (::strerror (errno)); // Obtain client info. char topbuf[512]; _address = inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)); _port = ntohs (sa_cli.sin_port); if (_debug) std::cout << "s: INFO connection from " << _address << " port " << _port << "\n"; #if GNUTLS_VERSION_NUMBER >= 0x030109 gnutls_transport_set_int (_session, _socket); #else gnutls_transport_set_ptr (_session, (gnutls_transport_ptr_t) (long) _socket); #endif // Key exchange. int ret; do { ret = gnutls_handshake (_session); } while (ret < 0 && gnutls_error_is_fatal (ret) == 0); if (ret < 0) throw std::string ("Handshake has failed (") + gnutls_strerror (ret) + ")"; if (_debug) std::cout << "s: INFO Handshake was completed\n"; }
void socket_thread_main(apr_thread_t *self, void *data) { int ret = 0; socket_thread_data_t *thread_data = (socket_thread_data_t*)data; gnutls_session_t session; apr_os_sock_t sock; if(tls_cert != NULL) { if(apr_os_sock_get(&sock, thread_data->socket) != APR_SUCCESS) { syslog(LOG_ERR, "Can't get raw socket for TLS use"); ret = -1; } else if((thread_data->tls_session=apr_pcalloc( thread_data->pool, sizeof(gnutls_session_t)))!=NULL) { session = initialize_tls_session (); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (sock)); do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal (ret) == 0); if (ret < 0) { syslog(LOG_ERR, "handshake has failed (%s)\n\n", gnutls_strerror (ret)); } *(thread_data->tls_session) = session; } else { syslog(LOG_ERR, "memory allocation failure"); ret = -1; } } if(ret >= 0) { socket_thread_handle(thread_data); if(thread_data->tls_session != NULL) gnutls_bye(session, GNUTLS_SHUT_WR); } apr_socket_close(thread_data->socket); if(thread_data->tls_session != NULL) gnutls_deinit (session); apr_pool_destroy(thread_data->pool); syslog(LOG_INFO, "client connection closed"); }
/* Internal callback * called by connection->read_watcher */ static void on_readable(struct ev_loop *loop, ev_io *watcher, int revents) { ebb_connection *connection = watcher->data; char recv_buffer[4096]; ssize_t recved; //printf("on_readable\n"); // TODO -- why is this broken? //assert(ev_is_active(&connection->timeout_watcher)); assert(watcher == &connection->read_watcher); if(EV_ERROR & revents) { error("on_readable() got error event, closing connection."); goto error; } #ifdef HAVE_GNUTLS assert(!ev_is_active(&connection->handshake_watcher)); if(connection->server->secure) { recved = gnutls_record_recv( connection->session , recv_buffer , TCP_MAXWIN ); if(recved <= 0) { if(gnutls_error_is_fatal(recved)) goto error; if( (recved == GNUTLS_E_INTERRUPTED || recved == GNUTLS_E_AGAIN) && GNUTLS_NEED_WRITE ) ev_io_start(loop, &connection->write_watcher); return; } } else { #endif /* HAVE_GNUTLS */ recved = recv(connection->fd, recv_buffer, 4096, 0); if(recved <= 0) goto error; #ifdef HAVE_GNUTLS } #endif /* HAVE_GNUTLS */ ebb_connection_reset_timeout(connection); ebb_request_parser_execute(&connection->parser, recv_buffer, recved); /* parse error? just drop the client. screw the 400 response */ if(ebb_request_parser_has_error(&connection->parser)) goto error; return; error: ebb_connection_schedule_close(connection); }
int log(int code) { if (code < 0 && code != GNUTLS_E_AGAIN) { fprintf(stderr, "<%s tls> %s", role_to_name(role), gnutls_strerror(code)); if (gnutls_error_is_fatal(code)) { fprintf(stderr, " (fatal)\n"); exit(1); } else { fprintf(stderr, "\n"); } } return code; }
static int _process_error(int loc, int code, int die) { if (code < 0 && (die || code != GNUTLS_E_AGAIN)) { fprintf(stdout, "%i <%s tls> line %i: %s", run_id, role_name, loc, gnutls_strerror(code)); if (gnutls_error_is_fatal(code) || die) { fprintf(stdout, " (fatal)\n"); exit(1); } else { fprintf(stdout, "\n"); } } return code; }
static void client(int fd, const char *prio) { int ret; gnutls_certificate_credentials_t x509_cred; gnutls_session_t session; global_init(); if (debug) { gnutls_global_set_log_function(client_log_func); gnutls_global_set_log_level(7); } gnutls_certificate_allocate_credentials(&x509_cred); assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); assert(gnutls_priority_set_direct(session, prio, NULL)>=0); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_int(session, fd); do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); terminate(); } else { if (debug) success("client: Handshake was completed\n"); } if (debug) success("client: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version(session))); gnutls_bye(session, GNUTLS_SHUT_WR); close(fd); gnutls_deinit(session); gnutls_certificate_free_credentials(x509_cred); gnutls_global_deinit(); }
void SocketRWCommon::readAction() { // Ensure we have at least 0x200 bytes space free // (Up this, maybe?) int bufSize = inputBuf.size(); int requiredSize = bufSize + 0x200; if (requiredSize > inputBuf.capacity()) inputBuf.setCapacity(requiredSize); ssize_t amount; #ifdef USE_GNUTLS if (tlsActive) { amount = gnutls_record_recv(tls, &inputBuf.data()[bufSize], 0x200); } else #endif { amount = recv(sock, &inputBuf.data()[bufSize], 0x200, 0); } if (amount > 0) { // Yep, we have data printf("[fd=%d] Read %" PRIuPTR " bytes\n", sock, amount); inputBuf.resize(bufSize + amount); processReadBuffer(); } else if (amount == 0) { printf("[fd=%d] Read 0! Socket closing.\n", sock); close(); } else if (amount < 0) { #ifdef USE_GNUTLS if (tlsActive) { if (gnutls_error_is_fatal(amount)) { printf("Error while reading [gnutls %" PRIuPTR "]!\n", amount); close(); } } else #endif { perror("Error while reading!"); close(); } } }