/**
* FIXME Replace this with a tls_load_key function and use it
* in tls_connection_create.
*
* Most probably we only need one context and key for all connections
*/
int
tls_check_keyfile(const char *keyfile)
{
gnutls_x509_privkey_t key;
gnutls_datum_t keycontent = { NULL, 0 };
FILE *keyfp;
size_t br;
SSL_library_init();
OpenSSL_add_all_algorithms();
if (access(capture_keyfile(), R_OK) != 0)
return 0;
if (!(keyfp = fopen(capture_keyfile(), "rb")))
return 0;
fseek(keyfp, 0, SEEK_END);
keycontent.size = ftell(keyfp);
fseek(keyfp, 0, SEEK_SET);
keycontent.data = sng_malloc(keycontent.size);
br = fread(keycontent.data, 1, keycontent.size, keyfp);
fclose(keyfp);
gnutls_x509_privkey_init(&key);
if (gnutls_x509_privkey_import(key, &keycontent, GNUTLS_X509_FMT_PEM) < 0)
return 0;
sng_free(keycontent.data);
return 1;
}
/**
* FIXME Replace this with a tls_load_key function and use it
* in tls_connection_create.
*
* Most probably we only need one context and key for all connections
*/
int
tls_check_keyfile(const char *keyfile)
{
SSL *ssl;
SSL_CTX *ssl_ctx;
SSL_library_init();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
if (access(capture_keyfile(), R_OK) != 0)
return 0;
if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
return 0;
SSL_CTX_use_PrivateKey_file(ssl_ctx, capture_keyfile(), SSL_FILETYPE_PEM);
if (!(ssl = SSL_new(ssl_ctx)))
return 0;
if (!SSL_get_privatekey(ssl))
return 0;
return 1;
}
struct SSLConnection *
tls_connection_create(struct in_addr caddr, uint16_t cport, struct in_addr saddr, uint16_t sport) {
struct SSLConnection *conn = NULL;
conn = sng_malloc(sizeof(struct SSLConnection));
memcpy(&conn->client_addr, &caddr, sizeof(struct in_addr));
memcpy(&conn->server_addr, &saddr, sizeof(struct in_addr));
memcpy(&conn->client_port, &cport, sizeof(uint16_t));
memcpy(&conn->server_port, &sport, sizeof(uint16_t));
SSL_library_init();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
if (!(conn->ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
return NULL;
SSL_CTX_use_PrivateKey_file(conn->ssl_ctx, capture_keyfile(),
SSL_FILETYPE_PEM);
if (!(conn->ssl = SSL_new(conn->ssl_ctx)))
return NULL;
conn->server_private_key = SSL_get_privatekey(conn->ssl);
// Add this connection to the list
conn->next = connections;
connections = conn;
return conn;
}
struct SSLConnection *
tls_connection_create(struct in_addr caddr, uint16_t cport, struct in_addr saddr, uint16_t sport) {
struct SSLConnection *conn = NULL;
gnutls_datum_t keycontent = { NULL, 0 };
FILE *keyfp;
gnutls_x509_privkey_t spkey;
size_t br;
// Allocate memory for this connection
conn = sng_malloc(sizeof(struct SSLConnection));
memcpy(&conn->client_addr, &caddr, sizeof(struct in_addr));
memcpy(&conn->server_addr, &saddr, sizeof(struct in_addr));
memcpy(&conn->client_port, &cport, sizeof(uint16_t));
memcpy(&conn->server_port, &sport, sizeof(uint16_t));
SSL_library_init();
OpenSSL_add_all_algorithms();
if (!(conn->ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
return NULL;
if (!(conn->ssl = SSL_new(conn->ssl_ctx)))
return NULL;
if (!(keyfp = fopen(capture_keyfile(), "rb")))
return NULL;
fseek(keyfp, 0, SEEK_END);
keycontent.size = ftell(keyfp);
fseek(keyfp, 0, SEEK_SET);
keycontent.data = sng_malloc(keycontent.size);
br = fread(keycontent.data, 1, keycontent.size, keyfp);
fclose(keyfp);
gnutls_x509_privkey_init(&spkey);
gnutls_x509_privkey_import(spkey, &keycontent, GNUTLS_X509_FMT_PEM);
sng_free(keycontent.data);
gnutls_privkey_init(&conn->server_private_key);
gnutls_privkey_import_x509(conn->server_private_key, spkey, 0);
// Add this connection to the list
conn->next = connections;
connections = conn;
return conn;
}
