/** * FIXME Replace this with a tls_load_key function and use it * in tls_connection_create. * * Most probably we only need one context and key for all connections */ int tls_check_keyfile(const char *keyfile) { gnutls_x509_privkey_t key; gnutls_datum_t keycontent = { NULL, 0 }; FILE *keyfp; size_t br; SSL_library_init(); OpenSSL_add_all_algorithms(); if (access(capture_keyfile(), R_OK) != 0) return 0; if (!(keyfp = fopen(capture_keyfile(), "rb"))) return 0; fseek(keyfp, 0, SEEK_END); keycontent.size = ftell(keyfp); fseek(keyfp, 0, SEEK_SET); keycontent.data = sng_malloc(keycontent.size); br = fread(keycontent.data, 1, keycontent.size, keyfp); fclose(keyfp); gnutls_x509_privkey_init(&key); if (gnutls_x509_privkey_import(key, &keycontent, GNUTLS_X509_FMT_PEM) < 0) return 0; sng_free(keycontent.data); return 1; }
/** * FIXME Replace this with a tls_load_key function and use it * in tls_connection_create. * * Most probably we only need one context and key for all connections */ int tls_check_keyfile(const char *keyfile) { SSL *ssl; SSL_CTX *ssl_ctx; SSL_library_init(); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); if (access(capture_keyfile(), R_OK) != 0) return 0; if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) return 0; SSL_CTX_use_PrivateKey_file(ssl_ctx, capture_keyfile(), SSL_FILETYPE_PEM); if (!(ssl = SSL_new(ssl_ctx))) return 0; if (!SSL_get_privatekey(ssl)) return 0; return 1; }
struct SSLConnection * tls_connection_create(struct in_addr caddr, uint16_t cport, struct in_addr saddr, uint16_t sport) { struct SSLConnection *conn = NULL; conn = sng_malloc(sizeof(struct SSLConnection)); memcpy(&conn->client_addr, &caddr, sizeof(struct in_addr)); memcpy(&conn->server_addr, &saddr, sizeof(struct in_addr)); memcpy(&conn->client_port, &cport, sizeof(uint16_t)); memcpy(&conn->server_port, &sport, sizeof(uint16_t)); SSL_library_init(); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); if (!(conn->ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) return NULL; SSL_CTX_use_PrivateKey_file(conn->ssl_ctx, capture_keyfile(), SSL_FILETYPE_PEM); if (!(conn->ssl = SSL_new(conn->ssl_ctx))) return NULL; conn->server_private_key = SSL_get_privatekey(conn->ssl); // Add this connection to the list conn->next = connections; connections = conn; return conn; }
struct SSLConnection * tls_connection_create(struct in_addr caddr, uint16_t cport, struct in_addr saddr, uint16_t sport) { struct SSLConnection *conn = NULL; gnutls_datum_t keycontent = { NULL, 0 }; FILE *keyfp; gnutls_x509_privkey_t spkey; size_t br; // Allocate memory for this connection conn = sng_malloc(sizeof(struct SSLConnection)); memcpy(&conn->client_addr, &caddr, sizeof(struct in_addr)); memcpy(&conn->server_addr, &saddr, sizeof(struct in_addr)); memcpy(&conn->client_port, &cport, sizeof(uint16_t)); memcpy(&conn->server_port, &sport, sizeof(uint16_t)); SSL_library_init(); OpenSSL_add_all_algorithms(); if (!(conn->ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) return NULL; if (!(conn->ssl = SSL_new(conn->ssl_ctx))) return NULL; if (!(keyfp = fopen(capture_keyfile(), "rb"))) return NULL; fseek(keyfp, 0, SEEK_END); keycontent.size = ftell(keyfp); fseek(keyfp, 0, SEEK_SET); keycontent.data = sng_malloc(keycontent.size); br = fread(keycontent.data, 1, keycontent.size, keyfp); fclose(keyfp); gnutls_x509_privkey_init(&spkey); gnutls_x509_privkey_import(spkey, &keycontent, GNUTLS_X509_FMT_PEM); sng_free(keycontent.data); gnutls_privkey_init(&conn->server_private_key); gnutls_privkey_import_x509(conn->server_private_key, spkey, 0); // Add this connection to the list conn->next = connections; connections = conn; return conn; }