static gnutls_session new_tls_session(int sock) { int ret; gnutls_session session; const int kx_priority[] = { GNUTLS_KX_ANON_DH, #ifdef GNUTLS_SRP_ENABLED GNUTLS_KX_SRP, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP_RSA, #endif 0 }; gnutls_init(&session, GNUTLS_SERVER); gnutls_set_default_priority(session); gnutls_kx_set_priority(session, kx_priority); #ifdef GNUTLS_SRP_ENABLED gnutls_credentials_set(session, GNUTLS_CRD_SRP, srpcred); gnutls_certificate_server_set_request(session, GNUTLS_CERT_IGNORE); #endif gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); gnutls_transport_set_ptr(session, fd_to_ptr(sock)); gnutls_transport_set_pull_function(session, tls_pull); gnutls_transport_set_push_function(session, tls_push); ret = gnutls_handshake(session); if ( ret < 0 ) { fprintf(stderr, "GnuTLS handshake failed: %s.\n", gnutls_strerror(ret)); gnutls_alert_send_appropriate(session, ret); return NULL; } return session; }
static gnutls_session_t new_tls_session(int sock) { int ret; gnutls_session_t session; const char *err; #if defined LIBGNUTLS_VERSION_MAJOR && LIBGNUTLS_VERSION_MAJOR >= 3 # define TLS_DH_STR "+ANON-ECDH:+ANON-DH" #else # define TLS_DH_STR "+ANON-DH" #endif #ifdef GNUTLS_SRP_ENABLED const char *pstring = "NORMAL:+SRP:+SRP-DSS:+SRP-RSA:" TLS_DH_STR; #else const char *pstring = "NORMAL:" TLS_DH_STR; #endif gnutls_init(&session, GNUTLS_SERVER); gnutls_set_default_priority(session); ret = gnutls_priority_set_direct(session, pstring, &err); if (ret < 0) { fprintf(stderr, "TLS priority syntax error at: %s\n", err); return NULL; } #ifdef GNUTLS_SRP_ENABLED gnutls_credentials_set(session, GNUTLS_CRD_SRP, srpcred); gnutls_certificate_server_set_request(session, GNUTLS_CERT_IGNORE); #endif gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); gnutls_transport_set_ptr(session, fd_to_ptr(sock)); gnutls_transport_set_pull_function(session, tls_pull); gnutls_transport_set_push_function(session, tls_push); ret = gnutls_handshake(session); if ( ret < 0 ) { fprintf(stderr, "GnuTLS handshake failed: %s.\n", gnutls_strerror(ret)); gnutls_alert_send_appropriate(session, ret); return NULL; } return session; }