/**
* Initializes GnuTLS with proper locking.
* @return VLC_SUCCESS on success, a VLC error code otherwise.
*/
static int gnutls_Init (vlc_object_t *obj)
{
const char *version = gnutls_check_version ("3.1.11");
if (version == NULL)
{
msg_Err (obj, "unsupported GnuTLS version");
return -1;
}
msg_Dbg (obj, "using GnuTLS version %s", version);
if (gnutls_check_version ("3.3.0") == NULL)
{
int val;
vlc_mutex_lock (&gnutls_mutex);
val = gnutls_global_init ();
vlc_mutex_unlock (&gnutls_mutex);
if (val)
{
msg_Err (obj, "cannot initialize GnuTLS");
return -1;
}
}
return 0;
}
void
psktool_version (void)
{
const char *p = PACKAGE_NAME;
if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
p = PACKAGE_STRING;
version_etc (stdout, "psktool", p, gnutls_check_version (NULL),
"Nikos Mavrogiannopoulos", (char *) NULL);
}
void
doit (void)
{
MD5_CTX c;
unsigned char md[MD5_DIGEST_LENGTH];
if (global_init () != 0)
fail ("global_init\n");
if (!gnutls_check_version (GNUTLS_VERSION))
success ("gnutls_check_version ERROR\n");
MD5_Init (&c);
MD5_Update (&c, "abc", 3);
MD5_Final (&(md[0]), &c);
if (memcmp (md, "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
"\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", sizeof (md)) != 0)
{
hexprint (md, sizeof (md));
fail ("MD5 failure\n");
}
else if (debug)
success ("MD5 OK\n");
gnutls_global_deinit ();
}
void * tls_init(const struct tls_config *conf)
{
/* Because of the horrible hack to get master_secret and client/server
* random, we need to make sure that the gnutls version is something
* that is expected to have same structure definition for the session
* data.. */
const char *ver;
const char *ok_ver[] = { "1.2.3", "1.2.4", "1.2.5", "1.2.6", NULL };
int i;
if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0)
return NULL;
tls_gnutls_ref_count++;
ver = gnutls_check_version(NULL);
if (ver == NULL)
return NULL;
wpa_printf(MSG_DEBUG, "%s - gnutls version %s", __func__, ver);
for (i = 0; ok_ver[i]; i++) {
if (strcmp(ok_ver[i], ver) == 0)
break;
}
if (ok_ver[i] == NULL) {
wpa_printf(MSG_INFO, "Untested gnutls version %s - this needs "
"to be tested and enabled in tls_gnutls.c", ver);
return NULL;
}
gnutls_global_set_log_function(tls_log_func);
if (wpa_debug_show_keys)
gnutls_global_set_log_level(11);
return (void *) 1;
}
bool Plugin::onLoad(LightBird::IApi *api)
{
int error;
const char *err_pos = NULL;
this->api = api;
try
{
ASSERT_INIT(gnutls_global_init(), "global");
if (!gnutls_check_version(GNUTLS_CHECK_VERSION))
throw Properties("error", "Bad GnuTLS version").add("version required", GNUTLS_CHECK_VERSION);
gnutls_global_set_audit_log_function(Plugin::log);
this->_loadConfiguration();
this->_loadPrivateKey();
this->_loadCertificate();
this->_loadDHParams();
ASSERT_INIT(gnutls_certificate_allocate_credentials(&this->x509_cred), "credentials");
ASSERT(gnutls_certificate_set_x509_key(this->x509_cred, &this->crt, 1, this->key));
ASSERT_INIT(gnutls_priority_init(&this->priority, this->priorityStrings.data(), &err_pos), "priority");
gnutls_certificate_set_dh_params(this->x509_cred, this->dhParams);
}
catch (Properties p)
{
if (err_pos)
p.add("error position", err_pos).add("priority string", this->priorityStrings);
LOG_FATAL("Unable to initialize GnuTLS", p.toMap(), "Plugin", "onLoad");
this->_deinit();
return (false);
}
this->api->contexts().declareInstance("handshake", (this->handshake = new Handshake(this->api, this->handshakeTimeout)));
this->api->contexts().declareInstance("record", (this->record = new Record(this->api)));
return (true);
}
SslPlugin(x0d::XzeroDaemon* d, const std::string& name) :
x0d::XzeroPlugin(d, name),
listeners_(),
priorities_("NORMAL")
{
gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
int rv = gnutls_global_init();
if (rv != GNUTLS_E_SUCCESS) {
TRACE("gnutls_global_init: %s", gnutls_strerror(rv));
return; //Error::CouldNotInitializeSslLibrary;
}
TRACE("gnutls_global_init: %s", gnutls_strerror(rv));
daemon().addComponent(std::string("GnuTLS/") + gnutls_check_version(nullptr));
setupFunction("ssl.listen", &SslPlugin::add_listener)
.param<x0::IPAddress>("address", x0::IPAddress("0.0.0.0"))
.param<int>("port", 80)
.param<int>("backlog", 128)
.param<int>("multi_accept", 1)
.param<bool>("reuse_port", false);
setupFunction("ssl.loglevel", &SslPlugin::set_loglevel, x0::FlowType::Number);
setupFunction("ssl.priorities", &SslPlugin::set_priorities, x0::FlowType::String);
setupFunction("ssl.context", &SslPlugin::add_context)
.param<x0::FlowString>("keyfile")
.param<x0::FlowString>("certfile")
.param<x0::FlowString>("trustfile")
.param<x0::FlowString>("priorities");
}
void * tls_init(const struct tls_config *conf)
{
struct tls_global *global;
if (tls_gnutls_ref_count == 0) {
wpa_printf(MSG_DEBUG,
"GnuTLS: Library version %s (runtime) - %s (build)",
gnutls_check_version(NULL), GNUTLS_VERSION);
}
global = os_zalloc(sizeof(*global));
if (global == NULL)
return NULL;
if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0) {
os_free(global);
return NULL;
}
tls_gnutls_ref_count++;
gnutls_global_set_log_function(tls_log_func);
if (wpa_debug_show_keys)
gnutls_global_set_log_level(11);
if (conf) {
global->event_cb = conf->event_cb;
global->cb_ctx = conf->cb_ctx;
global->cert_in_cb = conf->cert_in_cb;
}
return global;
}
int main(void)
{
tls_client_t client = {0};
const char *gnutls_ver = NULL;
time_t start = 0;
time_t end = 0;
int ret = 0;
int i = 0;
/* initialise signal handling */
set_signal();
coap_log_set_level(COAP_LOG_DEBUG);
gnutls_ver = gnutls_check_version(NULL);
if (gnutls_ver == NULL)
{
coap_log_error("Unable to determine GnuTLS version");
return EXIT_FAILURE;
}
coap_log_info("GnuTLS version: %s", gnutls_ver);
ret = tls_init();
if (ret != SOCK_OK)
{
coap_log_error("%s", sock_strerror(ret));
return EXIT_FAILURE;
}
ret = tls_client_create(&client, TRUST_FILE_NAME, CERT_FILE_NAME, KEY_FILE_NAME);
if (ret != SOCK_OK)
{
coap_log_error("%s", sock_strerror(ret));
tls_deinit();
return EXIT_FAILURE;
}
for (i = 0; i < NUM_ITER; i++)
{
start = time(NULL);
ret = client_run(&client);
end = time(NULL);
if (ret != SOCK_OK)
{
coap_log_error("%s", sock_strerror(ret));
tls_client_destroy(&client);
tls_deinit();
return EXIT_FAILURE;
}
coap_log_info("Result: %s", sock_strerror(ret));
coap_log_debug("Time: %d sec", (int)(end - start));
coap_log_debug("Sleeping for %d seconds...", DELAY);
sleep(DELAY);
}
tls_client_destroy(&client);
tls_deinit();
return EXIT_SUCCESS;
}
void
tls_version_report(FILE *f)
{
fprintf(f, "Library version: GnuTLS: Compile: %s\n"
" Runtime: %s\n",
LIBGNUTLS_VERSION,
gnutls_check_version(NULL));
}
bool
ConnSSL_InitLibrary( void )
{
#ifdef HAVE_LIBSSL
SSL_CTX *newctx;
if (!ssl_ctx) {
SSL_library_init();
SSL_load_error_strings();
}
if (!RAND_status()) {
Log(LOG_ERR, "OpenSSL PRNG not seeded: /dev/urandom missing?");
/*
* it is probably best to fail and let the user install EGD or a similar program if no kernel random device is available.
* According to OpenSSL RAND_egd(3): "The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7";
* so it makes little sense to deal with PRNGD seeding ourselves.
*/
return false;
}
newctx = SSL_CTX_new(SSLv23_method());
if (!newctx) {
LogOpenSSLError("SSL_CTX_new()", NULL);
return false;
}
if (!ConnSSL_LoadServerKey_openssl(newctx))
goto out;
SSL_CTX_set_options(newctx, SSL_OP_SINGLE_DH_USE|SSL_OP_NO_SSLv2);
SSL_CTX_set_mode(newctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_free(ssl_ctx);
ssl_ctx = newctx;
Log(LOG_INFO, "%s initialized.", SSLeay_version(SSLEAY_VERSION));
return true;
out:
SSL_CTX_free(newctx);
return false;
#endif
#ifdef HAVE_LIBGNUTLS
int err;
static bool initialized;
if (initialized) /* TODO: cannot reload gnutls keys: can't simply free x509 context -- it may still be in use */
return false;
err = gnutls_global_init();
if (err) {
Log(LOG_ERR, "gnutls_global_init(): %s", gnutls_strerror(err));
return false;
}
if (!ConnSSL_LoadServerKey_gnutls())
return false;
Log(LOG_INFO, "gnutls %s initialized.", gnutls_check_version(NULL));
initialized = true;
return true;
#endif
}
void
cli_version (void)
{
const char *v = gnutls_check_version (NULL);
printf ("gnutls-cli (GnuTLS) %s\n", LIBGNUTLS_VERSION);
if (strcmp (v, LIBGNUTLS_VERSION) != 0)
printf ("libgnutls %s\n", v);
}
void SSLi_init()
{
if(gnutls_priority_init(&cipherCache, ciphers, NULL) != GNUTLS_E_SUCCESS)
{
Log_fatal("Failed to set priorities");
}
initializeCertificate();
Log_info("Sucessfully initialized GNUTLS version %s", gnutls_check_version(NULL));
}
static int gnutls_Init (vlc_object_t *obj)
{
const char *version = gnutls_check_version ("3.3.0");
if (version == NULL)
{
msg_Err (obj, "unsupported GnuTLS version");
return -1;
}
msg_Dbg (obj, "using GnuTLS version %s", version);
return 0;
}
MainWindow::MainWindow(QWidget * parent):
QMainWindow(parent), ui(new Ui::MainWindow)
{
const char *version = openconnect_get_version();
QString txt;
ui->setupUi(this);
this->setWindowTitle(QLatin1String("openconnect " VERSION));
txt = QLatin1String("Based on libopenconnect ") + QLatin1String(version);
txt +=
QLatin1String("\nGnuTLS: ") + QLatin1String(gnutls_check_version(NULL));
ui->versionLabel->setText(txt);
timer = new QTimer(this);
blink_timer = new QTimer(this);
this->cmd_fd = INVALID_SOCKET;
connect(ui->actionQuit, SIGNAL(triggered()), qApp, SLOT(quit()));
connect(blink_timer, SIGNAL(timeout(void)), this, SLOT(blink_ui(void)),
Qt::QueuedConnection);
connect(timer, SIGNAL(timeout()), this, SLOT(request_update_stats()),
Qt::QueuedConnection);
connect(ui->comboBox->lineEdit(), SIGNAL(returnPressed()), this,
SLOT(on_connectBtn_clicked()), Qt::QueuedConnection);
connect(this, SIGNAL(vpn_status_changed_sig(int)), this,
SLOT(changeStatus(int)), Qt::QueuedConnection);
QObject::connect(this, SIGNAL(log_changed(QString)), this,
SLOT(writeProgressBar(QString)), Qt::QueuedConnection);
QObject::connect(this, SIGNAL(stats_changed_sig(QString, QString, QString)),
this, SLOT(statsChanged(QString, QString, QString)),
Qt::QueuedConnection);
ui->iconLabel->setPixmap(OFF_ICON);
QNetworkProxyFactory::setUseSystemConfiguration(true);
if (QSystemTrayIcon::isSystemTrayAvailable()) {
QIcon icon;
createActions();
createTrayIcon();
connect(trayIcon, SIGNAL(activated(QSystemTrayIcon::ActivationReason)),
this, SLOT(iconActivated(QSystemTrayIcon::ActivationReason)));
icon.addPixmap(TRAY_OFF_ICON, QIcon::Normal, QIcon::Off);
trayIcon->setIcon(icon);
trayIcon->show();
} else {
updateProgressBar(QLatin1String("System doesn't support tray icon"),
false);
trayIcon = NULL;
}
}
void * tls_init(const struct tls_config *conf)
{
struct tls_global *global;
#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
/* Because of the horrible hack to get master_secret and client/server
* random, we need to make sure that the gnutls version is something
* that is expected to have same structure definition for the session
* data.. */
const char *ver;
const char *ok_ver[] = { "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.9",
"1.3.2",
NULL };
int i;
#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
global = os_zalloc(sizeof(*global));
if (global == NULL)
return NULL;
if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0) {
os_free(global);
return NULL;
}
tls_gnutls_ref_count++;
#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK
ver = gnutls_check_version(NULL);
if (ver == NULL) {
tls_deinit(global);
return NULL;
}
wpa_printf(MSG_DEBUG, "%s - gnutls version %s", __func__, ver);
for (i = 0; ok_ver[i]; i++) {
if (strcmp(ok_ver[i], ver) == 0)
break;
}
if (ok_ver[i] == NULL) {
wpa_printf(MSG_INFO, "Untested gnutls version %s - this needs "
"to be tested and enabled in tls_gnutls.c", ver);
tls_deinit(global);
return NULL;
}
#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */
gnutls_global_set_log_function(tls_log_func);
if (wpa_debug_show_keys)
gnutls_global_set_log_level(11);
return global;
}
const char *
tls_version_string(void)
{
static char buf[128];
if ('\0' == buf[0]) {
const char *current = gnutls_check_version(NULL);
int differ = strcmp(current, LIBGNUTLS_VERSION);
concat_strings(buf, sizeof buf, "GnuTLS ", current,
differ ? " (compiled against " : "",
differ ? LIBGNUTLS_VERSION : "",
differ ? ")" : "",
(void *) 0);
}
return buf;
}
libmaus2::network::GnuTLSInit::GnuTLSInit()
{
libmaus2::parallel::ScopePosixSpinLock slock(lock);
if ( ! initcomplete++ )
{
#if defined(LIBMAUS2_HAVE_GNUTLS)
if (gnutls_check_version("2.12.14") == NULL)
{
libmaus2::exception::LibMausException lme;
lme.getStream() << "Required GnuTLS 2.12.14 not available" << "\n";
lme.finish();
throw lme;
}
gnutls_global_init();
#endif
}
}
ssl_plugin(x0::HttpServer& srv, const std::string& name) :
x0::HttpPlugin(srv, name)
{
gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
int rv = gnutls_global_init();
if (rv != GNUTLS_E_SUCCESS)
{
TRACE("gnutls_global_init: %s", gnutls_strerror(rv));
return; //Error::CouldNotInitializeSslLibrary;
}
server().addComponent(std::string("GnuTLS/") + gnutls_check_version(nullptr));
registerSetupFunction<ssl_plugin, &ssl_plugin::add_listener>("ssl.listen", x0::FlowValue::VOID);
registerSetupFunction<ssl_plugin, &ssl_plugin::add_context>("ssl.context", x0::FlowValue::VOID);
registerSetupProperty<ssl_plugin, &ssl_plugin::set_loglevel>("ssl.loglevel", x0::FlowValue::VOID);
}
Tls_globals::Tls_globals()
{
int result = gnutls_global_init();
if (result != GNUTLS_E_SUCCESS)
{
std::string msg("Unable to initialize the TLS Library: [");
msg.append(gnutls_strerror(result));
msg.append("]");
throw LJ__Exception(msg);
}
gnutls_global_set_log_level(10);
gnutls_global_set_log_function(&tls_debug_logger);
gnutls_global_set_audit_log_function(&tls_audit_logger);
if (nullptr == gnutls_check_version("3.0.23"))
{
throw logjam::Tls_exception("gnutls version 3.0.23 or higher is required.", 0);
}
}
wxString GetDependencyVersion(dependency::type d)
{
switch (d) {
case dependency::wxwidgets:
return wxVERSION_NUM_DOT_STRING_T;
case dependency::gnutls:
{
const char* v = gnutls_check_version(0);
if (!v || !*v)
return _T("unknown");
return wxString(v, wxConvLibc);
}
case dependency::sqlite:
return wxString::FromUTF8(sqlite3_libversion());
default:
return wxString();
}
}
static int
Open( vlc_object_t *p_this )
{
tls_t *p_tls = (tls_t *)p_this;
vlc_value_t lock, count;
var_Create( p_this->p_libvlc, "tls_mutex", VLC_VAR_MUTEX );
var_Get( p_this->p_libvlc, "tls_mutex", &lock );
vlc_mutex_lock( lock.p_address );
/* Initialize GnuTLS only once */
var_Create( p_this->p_libvlc, "gnutls_count", VLC_VAR_INTEGER );
var_Get( p_this->p_libvlc, "gnutls_count", &count);
if( count.i_int == 0)
{
__p_gcry_data = VLC_OBJECT( p_this->p_vlc );
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_vlc);
if( gnutls_global_init( ) )
{
msg_Warn( p_this, "cannot initialize GNUTLS" );
vlc_mutex_unlock( lock.p_address );
return VLC_EGENERIC;
}
if( gnutls_check_version( "1.0.0" ) == NULL )
{
gnutls_global_deinit( );
vlc_mutex_unlock( lock.p_address );
msg_Err( p_this, "unsupported GNUTLS version" );
return VLC_EGENERIC;
}
msg_Dbg( p_this, "GNUTLS initialized" );
}
count.i_int++;
var_Set( p_this->p_libvlc, "gnutls_count", count);
vlc_mutex_unlock( lock.p_address );
p_tls->pf_server_create = gnutls_ServerCreate;
return VLC_SUCCESS;
}
int ssl_init(void)
{
if (!gnutls_check_version("3.1.4")) {
logit(LOG_ERR, "%s requires GnuTLS 3.1.4 or later for SSL", ident);
exit(1);
}
/* for backwards compatibility with gnutls < 3.3.0 */
gnutls_global_init();
/* X509 stuff */
gnutls_certificate_allocate_credentials(&xcred);
/* Try to figure out location of trusted CA certs on system */
if (ssl_set_ca_location())
return RC_HTTPS_NO_TRUSTED_CA_STORE;
gnutls_certificate_set_verify_function(xcred, verify_certificate_callback);
return 0;
}
void SSLi_init()
{
unsigned const bitCount = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_MEDIUM);
gnutls_priority_init(&cipherCache, ciphers, NULL);
initializeCertificate();
gnutls_dh_params_init(&dhParameters);
Log_info("Generating Diffie-Hellman parameters (%i bits)", bitCount);
int error = gnutls_dh_params_generate2(dhParameters, bitCount);
if(!error) {
Log_info("Successfully generated Diffie-Hellman parameters");
} else {
Log_warn("Failed to generate Diffie-Hellman parameters: %s", gnutls_strerror(error));
}
gnutls_certificate_set_dh_params(certificate, dhParameters);
Log_info("Sucessfully initialized GNUTLS version %s", gnutls_check_version(NULL));
}
char *ncdc_version() {
static GString *ver = NULL;
static char *msg =
"%s %s (built %s %s)\n"
"Sendfile support: "
#ifdef HAVE_SENDFILE
"yes (%s)\n"
#else
"no\n"
#endif
"Libraries:\n"
" GLib %d.%d.%d (%d.%d.%d)\n"
" GnuTLS %s (%s)\n"
" SQLite %s (%s)"
#ifdef NCURSES_VERSION
"\n ncurses %s"
#endif
;
if(ver)
return ver->str;
ver = g_string_new("");
g_string_printf(ver, msg, PACKAGE_NAME, main_version,
__DATE__, __TIME__,
#ifdef HAVE_LINUX_SENDFILE
"Linux",
#elif HAVE_BSD_SENDFILE
"BSD",
#endif
GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION, GLIB_MICRO_VERSION, glib_major_version, glib_minor_version, glib_micro_version,
GNUTLS_VERSION, gnutls_check_version(NULL),
SQLITE_VERSION, sqlite3_libversion()
#ifdef NCURSES_VERSION
, NCURSES_VERSION
#endif
);
return ver->str;
}
void
doit (void)
{
if (debug)
{
printf ("GnuTLS header version %s.\n", GNUTLS_VERSION);
printf ("GnuTLS library version %s.\n", gnutls_check_version (NULL));
}
if (!gnutls_check_version (GNUTLS_VERSION))
fail ("gnutls_check_version ERROR\n");
{
const gnutls_pk_algorithm_t *algs;
size_t i;
int pk;
algs = gnutls_pk_list ();
if (!algs)
fail ("gnutls_pk_list return NULL\n");
for (i = 0; algs[i]; i++)
{
if (debug)
printf ("pk_list[%d] = %d = %s = %d\n", (int) i, algs[i],
gnutls_pk_algorithm_get_name (algs[i]),
gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i])));
if (gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i]))
!= algs[i])
fail ("gnutls_pk id's doesn't match\n");
}
pk = gnutls_pk_get_id ("foo");
if (pk != GNUTLS_PK_UNKNOWN)
fail ("gnutls_pk unknown test failed (%d)\n", pk);
if (debug)
success ("gnutls_pk_list ok\n");
}
{
const gnutls_sign_algorithm_t *algs;
size_t i;
int pk;
algs = gnutls_sign_list ();
if (!algs)
fail ("gnutls_sign_list return NULL\n");
for (i = 0; algs[i]; i++)
{
if (debug)
printf ("sign_list[%d] = %d = %s = %d\n", (int) i, algs[i],
gnutls_sign_algorithm_get_name (algs[i]),
gnutls_sign_get_id (gnutls_sign_algorithm_get_name
(algs[i])));
if (gnutls_sign_get_id (gnutls_sign_algorithm_get_name (algs[i])) !=
algs[i])
fail ("gnutls_sign id's doesn't match\n");
}
pk = gnutls_sign_get_id ("foo");
if (pk != GNUTLS_PK_UNKNOWN)
fail ("gnutls_sign unknown test failed (%d)\n", pk);
if (debug)
success ("gnutls_sign_list ok\n");
}
}
int dtls_gnutls_init()
{
cw_dbg(DBG_INFO,"Init SSL library - using GnuTLS %s",gnutls_check_version(NULL));
gnutls_global_init();
return 1;
}
size_t Curl_gtls_version(char *buffer, size_t size)
{
return snprintf(buffer, size, " GnuTLS/%s", gnutls_check_version(NULL));
}
int main(void)
{
int ret, sd, ii;
gnutls_session_t session;
char buffer[MAX_BUF + 1];
const char *err;
gnutls_certificate_credentials_t xcred;
if (gnutls_check_version("3.1.4") == NULL) {
fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n");
exit(1);
}
/* for backwards compatibility with gnutls < 3.3.0 */
gnutls_global_init();
/* X509 stuff */
gnutls_certificate_allocate_credentials(&xcred);
/* sets the trusted cas file */
gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_function(xcred,
verify_certificate_callback);
/* Initialize TLS session */
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
/* Use default priorities */
ret = gnutls_priority_set_direct(session,
"NORMAL", &err);
if (ret < 0) {
if (ret == GNUTLS_E_INVALID_REQUEST) {
fprintf(stderr, "Syntax error at: %s\n", err);
}
exit(1);
}
/* put the x509 credentials to the current session */
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name",
strlen("my_host_name"));
/* connect to the peer */
sd = udp_connect();
gnutls_transport_set_int(session, sd);
/* set the connection MTU */
gnutls_dtls_set_mtu(session, 1000);
gnutls_handshake_set_timeout(session,
GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
/* Perform the TLS handshake */
do {
ret = gnutls_handshake(session);
}
while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
/* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET */
if (ret < 0) {
fprintf(stderr, "*** Handshake failed\n");
gnutls_perror(ret);
goto end;
} else {
char *desc;
desc = gnutls_session_get_desc(session);
printf("- Session info: %s\n", desc);
gnutls_free(desc);
}
gnutls_record_send(session, MSG, strlen(MSG));
ret = gnutls_record_recv(session, buffer, MAX_BUF);
if (ret == 0) {
printf("- Peer has closed the TLS connection\n");
goto end;
} else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
} else if (ret < 0) {
fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
goto end;
}
if (ret > 0) {
printf("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++) {
fputc(buffer[ii], stdout);
}
fputs("\n", stdout);
}
/* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS
* connections because the peer's closure message might
* be lost */
gnutls_bye(session, GNUTLS_SHUT_WR);
end:
udp_close(sd);
gnutls_deinit(session);
gnutls_certificate_free_credentials(xcred);
gnutls_global_deinit();
return 0;
}
int main(void)
{
int ret, sd, ii;
gnutls_session_t session;
char buffer[MAX_BUF + 1];
const char *err;
gnutls_certificate_credentials_t xcred;
if (gnutls_check_version("3.1.4") == NULL) {
fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n");
exit(1);
}
/* for backwards compatibility with gnutls < 3.3.0 */
gnutls_global_init();
/* X509 stuff */
gnutls_certificate_allocate_credentials(&xcred);
/* sets the trusted cas file
*/
gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_function(xcred,
_verify_certificate_callback);
/* If client holds a certificate it can be set using the following:
*
gnutls_certificate_set_x509_key_file (xcred,
"cert.pem", "key.pem",
GNUTLS_X509_FMT_PEM);
*/
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT);
gnutls_session_set_ptr(session, (void *) "my_host_name");
gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name",
strlen("my_host_name"));
/* use default priorities */
gnutls_set_default_priority(session);
#if 0
/* if more fine-graned control is required */
ret = gnutls_priority_set_direct(session,
"NORMAL", &err);
if (ret < 0) {
if (ret == GNUTLS_E_INVALID_REQUEST) {
fprintf(stderr, "Syntax error at: %s\n", err);
}
exit(1);
}
#endif
/* put the x509 credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
/* connect to the peer
*/
sd = tcp_connect();
gnutls_transport_set_int(session, sd);
gnutls_handshake_set_timeout(session,
GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
fprintf(stderr, "*** Handshake failed\n");
gnutls_perror(ret);
goto end;
} else {
char *desc;
desc = gnutls_session_get_desc(session);
printf("- Session info: %s\n", desc);
gnutls_free(desc);
}
gnutls_record_send(session, MSG, strlen(MSG));
ret = gnutls_record_recv(session, buffer, MAX_BUF);
if (ret == 0) {
printf("- Peer has closed the TLS connection\n");
goto end;
} else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
} else if (ret < 0) {
fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
goto end;
}
if (ret > 0) {
printf("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++) {
fputc(buffer[ii], stdout);
}
fputs("\n", stdout);
}
gnutls_bye(session, GNUTLS_SHUT_RDWR);
end:
tcp_close(sd);
gnutls_deinit(session);
gnutls_certificate_free_credentials(xcred);
gnutls_global_deinit();
return 0;
}
}
/*
* Get runtime information for libraries used by libwireshark.
*/
void
epan_get_runtime_version_info(GString *str
#if !defined(HAVE_LIBGNUTLS) && !defined(HAVE_LIBGCRYPT)
_U_
#endif
)
{
/* GnuTLS */
#ifdef HAVE_LIBGNUTLS
g_string_append_printf(str, ", with GnuTLS %s", gnutls_check_version(NULL));
#endif /* HAVE_LIBGNUTLS */
/* Gcrypt */
#ifdef HAVE_LIBGCRYPT
g_string_append_printf(str, ", with Gcrypt %s", gcry_check_version(NULL));
#endif /* HAVE_LIBGCRYPT */
}
/*
* Editor modelines - http://www.wireshark.org/tools/modelines.html
*
* Local variables:
* c-basic-offset: 8
* tab-width: 8
* indent-tabs-mode: t