bool generate_dh_params(gnutls_dh_params_t *const dh_params)
{
/* int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LOW); */
int bits = 1248; /* Equivalent, gnutls_sec_param_to_pk_bits is available since 2.12 */
int ret;
assert(dh_params != NULL);
/* Generate Diffie-Hellman parameters - for use with DHE
* kx algorithms. When short bit length is used, it might
* be wise to regenerate parameters often. */
ret = gnutls_dh_params_init(dh_params);
if(ret != GNUTLS_E_SUCCESS)
{
trace(LOG_ERR, "failed to initialize Diffie-Hellman parameters");
goto error;
}
ret = gnutls_dh_params_generate2(*dh_params, bits);
if(ret != GNUTLS_E_SUCCESS)
{
trace(LOG_ERR, "failed to generate Diffie-Hellman parameters");
goto free_dh;
}
return true;
free_dh:
gnutls_dh_params_deinit(*dh_params);
error:
return false;
}
static void read_dh_parameters(int fd, const char *fname)
{
gnutls_datum dbits, prime, generator;
int ret, bits;
if ((ret = gnutls_dh_params_init(&dh_params)) < 0) {
i_fatal("gnutls_dh_params_init() failed: %s",
gnutls_strerror(ret));
}
/* read until bits field is 0 */
for (;;) {
read_next_field(fd, &dbits, fname, "DH bits");
if (dbits.size != sizeof(int)) {
(void)unlink(fname);
i_fatal("Corrupted SSL parameter file %s: "
"Field 'DH bits' has invalid size %u",
fname, dbits.size);
}
bits = *((int *) dbits.data);
if (bits == 0)
break;
read_next_field(fd, &prime, fname, "DH prime");
read_next_field(fd, &generator, fname, "DH generator");
ret = gnutls_dh_params_set(dh_params, prime, generator, bits);
if (ret < 0) {
i_fatal("gnutls_dh_params_set() failed: %s",
gnutls_strerror(ret));
}
}
}
int ufwissl_ssl_context_set_dh_file(ufwissl_ssl_context * ctx,
const char *filename)
{
gnutls_datum_t datum_dh;
int ret;
datum_dh.data = NULL;
if (!filename)
return UFWISSL_ERROR;
/* read CRL and CA */
ret = read_to_datum(filename, &datum_dh);
if (ret != 0)
return UFWISSL_ERROR;
if (gnutls_dh_params_init(&ctx->dh) < 0) {
free(datum_dh.data);
return UFWISSL_ERROR;
}
if (gnutls_dh_params_import_pkcs3(ctx->dh, &datum_dh, GNUTLS_X509_FMT_PEM) < 0) {
free(datum_dh.data);
return UFWISSL_ERROR;
}
free(datum_dh.data);
return UFWISSL_OK;
}
void TLSSocket::init(const std::string& caPath,
const std::string& crlPath,
const std::string& certPath,
const std::string& keyPath) {
gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
gnutls_global_init();
gnutls_certificate_allocate_credentials(&xcred);
if (!caPath.empty()) {
gnutls_certificate_set_x509_trust_file(xcred,
caPath.c_str(),
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_flags (xcred,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
}
if (!crlPath.empty()) {
gnutls_certificate_set_x509_crl_file(xcred,
crlPath.c_str(),
GNUTLS_X509_FMT_PEM);
}
gnutls_certificate_set_x509_key_file(xcred,
certPath.c_str(),
keyPath.c_str(),
GNUTLS_X509_FMT_PEM);
gnutls_dh_params_init(&dh_params);
gnutls_dh_params_generate2(dh_params, 1024);
gnutls_priority_init(&priority_cache, "NORMAL", NULL);
gnutls_certificate_set_dh_params(xcred, dh_params);
}
static int generate_dh_params(struct rfbssl_ctx *ctx)
{
int ret;
if (GNUTLS_E_SUCCESS == (ret = gnutls_dh_params_init(&ctx->dh_params)))
ret = gnutls_dh_params_generate2(ctx->dh_params, 1024);
return ret;
}
static int vnc_tls_initialize(void)
{
static int tlsinitialized = 0;
if (tlsinitialized)
return 1;
if (gnutls_global_init () < 0)
return 0;
/* XXX ought to re-generate diffie-hellman params periodically */
if (gnutls_dh_params_init (&dh_params) < 0)
return 0;
if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
return 0;
#if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
gnutls_global_set_log_level(10);
gnutls_global_set_log_function(vnc_debug_gnutls_log);
#endif
tlsinitialized = 1;
return 1;
}
int
manos_tls_regenerate_dhparams (int bits)
{
gnutls_dh_params_t params, oldparams;
int err;
err = gnutls_dh_params_init (¶ms);
if (err != 0) {
return err;
}
err = gnutls_dh_params_generate2 (params, bits);
if (err != 0) {
gnutls_dh_params_deinit (params);
return err;
}
oldparams = dh_params;
dh_params = params;
if (oldparams != NULL) {
gnutls_dh_params_deinit (oldparams);
}
return 0;
}
static int generate_dh_params (void)
{
gnutls_dh_params_init (&dh_params);
gnutls_dh_params_generate2 (dh_params, DH_BITS);
return 0;
}
int
rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile)
{
int ret;
gnutls_datum_t *d_cert, *d_key;
if(cert == NULL)
{
rb_lib_log("rb_setup_ssl_server: No certificate file");
return 0;
}
if((d_cert = rb_load_file_into_datum_t(cert)) == NULL)
{
rb_lib_log("rb_setup_ssl_server: Error loading certificate: %s", strerror(errno));
return 0;
}
if((d_key = rb_load_file_into_datum_t(keyfile)) == NULL)
{
rb_lib_log("rb_setup_ssl_server: Error loading key: %s", strerror(errno));
return 0;
}
if((ret =
gnutls_certificate_set_x509_key_mem(x509, d_cert, d_key,
GNUTLS_X509_FMT_PEM)) != GNUTLS_E_SUCCESS)
{
rb_lib_log("rb_setup_ssl_server: Error loading certificate or key file: %s",
gnutls_strerror(ret));
return 0;
}
rb_free_datum_t(d_cert);
rb_free_datum_t(d_key);
if(dhfile != NULL)
{
if(gnutls_dh_params_init(&dh_params) == GNUTLS_E_SUCCESS)
{
gnutls_datum_t *data;
int xret;
data = rb_load_file_into_datum_t(dhfile);
if(data != NULL)
{
xret = gnutls_dh_params_import_pkcs3(dh_params, data,
GNUTLS_X509_FMT_PEM);
if(xret < 0)
rb_lib_log
("rb_setup_ssl_server: Error parsing DH file: %s\n",
gnutls_strerror(xret));
rb_free_datum_t(data);
}
gnutls_certificate_set_dh_params(x509, dh_params);
}
else
rb_lib_log("rb_setup_ssl_server: Unable to setup DH parameters");
}
return 1;
}
void dh_info(FILE * infile, FILE * outfile, common_info_st * ci)
{
gnutls_datum_t params;
size_t size;
int ret;
gnutls_dh_params_t dh_params;
gnutls_datum_t p, g;
unsigned int q_bits = 0;
if (gnutls_dh_params_init(&dh_params) < 0) {
fprintf(stderr, "Error in dh parameter initialization\n");
exit(1);
}
params.data = (void *) fread_file(infile, &size);
params.size = size;
ret =
gnutls_dh_params_import_pkcs3(dh_params, ¶ms,
ci->incert_format);
if (ret < 0) {
fprintf(stderr, "Error parsing dh params: %s\n",
gnutls_strerror(ret));
exit(1);
}
ret = gnutls_dh_params_export_raw(dh_params, &p, &g, &q_bits);
if (ret < 0) {
fprintf(stderr, "Error exporting parameters: %s\n",
gnutls_strerror(ret));
exit(1);
}
if (ci->outcert_format == GNUTLS_X509_FMT_PEM)
print_dh_info(outfile, &p, &g, q_bits, ci->cprint);
if (!ci->cprint) { /* generate a PKCS#3 structure */
size_t len = buffer_size;
ret =
gnutls_dh_params_export_pkcs3(dh_params,
ci->outcert_format,
buffer, &len);
if (ret == 0) {
if (ci->outcert_format == GNUTLS_X509_FMT_PEM) {
fprintf(outfile, "\n%s", buffer);
} else {
fwrite(buffer, 1, len, outfile);
}
} else {
fprintf(stderr, "Error: %s\n",
gnutls_strerror(ret));
}
}
gnutls_dh_params_deinit(dh_params);
}
/** Generate initial DH and RSA params.
* Loads the pre-generated DH primes.
*/
static void _crywrap_tls_init(void)
{
gnutls_dh_params_init(&dh_params);
gnutls_dh_params_import_pkcs3(dh_params, &dh_file,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_dh_params(cred, dh_params);
}
void TLSServer::init (
const std::string& ca,
const std::string& crl,
const std::string& cert,
const std::string& key)
{
_ca = ca;
_crl = crl;
_cert = cert;
_key = key;
int ret = gnutls_global_init ();
if (ret < 0)
throw format ("TLS init error. {1}", gnutls_strerror (ret));
ret = gnutls_certificate_allocate_credentials (&_credentials);
if (ret < 0)
throw format ("TLS allocation error. {1}", gnutls_strerror (ret));
if (_ca != "" &&
(ret = gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM)) < 0)
throw format ("Bad CA file. {1}", gnutls_strerror (ret));
if ( _crl != "" &&
(ret = gnutls_certificate_set_x509_crl_file (_credentials, _crl.c_str (), GNUTLS_X509_FMT_PEM)) < 0)
throw format ("Bad CRL file. {1}", gnutls_strerror (ret));
if (_cert != "" &&
_key != "" &&
(ret = gnutls_certificate_set_x509_key_file (_credentials, _cert.c_str (), _key.c_str (), GNUTLS_X509_FMT_PEM)) < 0)
throw format ("Bad CERT file. {1}", gnutls_strerror (ret));
#if GNUTLS_VERSION_NUMBER >= 0x020b00
#if GNUTLS_VERSION_NUMBER >= 0x03000d
unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
#else
unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL);
#endif
#else
unsigned int bits = DH_BITS;
#endif
gnutls_dh_params_init (&_params);
gnutls_dh_params_generate2 (_params, bits);
if (_ciphers == "")
_ciphers = "NORMAL";
gnutls_priority_init (&_priorities, _ciphers.c_str (), NULL);
gnutls_certificate_set_dh_params (_credentials, _params);
#if GNUTLS_VERSION_NUMBER >= 0x02090a
// The automatic verification for the client certificate with
// gnutls_certificate_set_verify_function only works with gnutls
// >=2.9.10. So with older versions we should call the verify function
// manually after the gnutls handshake.
gnutls_certificate_set_verify_function (_credentials, verify_certificate_callback);
#endif
}
static int
generate_dh_params (void)
{
const gnutls_datum_t p3 = { pkcs3, strlen (pkcs3) };
/* Generate Diffie Hellman parameters - for use with DHE
* kx algorithms. These should be discarded and regenerated
* once a day, once a week or once a month. Depending on the
* security requirements.
*/
gnutls_dh_params_init (&dh_params);
return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
}
static Ecore_Con_Ssl_Error
_ecore_con_ssl_server_prepare_gnutls(Ecore_Con_Server *svr,
int ssl_type)
{
int ret;
if (ssl_type & ECORE_CON_USE_SSL2)
return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
switch (ssl_type)
{
case ECORE_CON_USE_SSL3:
case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
case ECORE_CON_USE_TLS:
case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
case ECORE_CON_USE_MIXED:
case ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT:
break;
default:
return ECORE_CON_SSL_ERROR_NONE;
}
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_certificate_allocate_credentials(&svr->cert));
if ((!svr->use_cert) && svr->created)
{
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_init(&svr->dh_params));
INF("Generating DH params");
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_generate2(svr->dh_params, 1024));
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_server_credentials(&svr->anoncred_s));
/* TODO: implement PSK */
// SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_psk_allocate_server_credentials(&svr->pskcred_s));
gnutls_anon_set_server_dh_params(svr->anoncred_s, svr->dh_params);
gnutls_certificate_set_dh_params(svr->cert, svr->dh_params);
//gnutls_psk_set_server_dh_params(svr->pskcred_s, svr->dh_params);
INF("DH params successfully generated and applied!");
}
else if (!svr->use_cert)
{
//SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_psk_allocate_client_credentials(&svr->pskcred_c));
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_client_credentials(&svr->anoncred_c));
}
return ECORE_CON_SSL_ERROR_NONE;
error:
_gnutls_print_errors(ret);
_ecore_con_ssl_server_shutdown_gnutls(svr);
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
}
void gtlsGlobalServerData::generate_dh_params()
{
int ret = 0;
ret = gnutls_dh_params_init(&dh_params);
// printerror("gnutls_dh_params_init", ret);
if (ret < 0) { initialized_ = false; }
ret = gnutls_dh_params_generate2(dh_params, gtlsGeneric::GNUTLSIF_DH_BITS);
// printerror("gnutls_dh_params_generate2", ret);
if (ret < 0) { initialized_ = false; }
}
/* Server mode: Set DH parameters */
int ufwissl_ssl_context_set_dh_bits(ufwissl_ssl_context * ctx,
unsigned int dh_bits)
{
ctx->dh_bits = dh_bits;
if (gnutls_dh_params_init(&ctx->dh) < 0)
return UFWISSL_ERROR;
if (gnutls_dh_params_generate2(ctx->dh, ctx->dh_bits) < 0)
return UFWISSL_ERROR;
return UFWISSL_OK;
}
static int
generate_dh_params (void)
{
/* Generate Diffie-Hellman parameters - for use with DHE
* kx algorithms. These should be discarded and regenerated
* once a day, once a week or once a month. Depending on the
* security requirements.
*/
gnutls_dh_params_init (&dh_params);
gnutls_dh_params_generate2 (dh_params, DH_BITS);
return 0;
}
static int
generate_dh_params (void)
{
int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LOW);
/* Generate Diffie-Hellman parameters - for use with DHE
* kx algorithms. When short bit length is used, it might
* be wise to regenerate parameters often.
*/
gnutls_dh_params_init (&dh_params);
gnutls_dh_params_generate2 (dh_params, bits);
return 0;
}
static int generate_dh_params(void)
{
/* Generate Diffie-Hellman parameters - for use with DHE
* kx algorithms. When short bit length is used, it might
* be wise to regenerate parameters.
*
* Check the ex-serv-export.c example for using static
* parameters.
*/
gnutls_dh_params_init(&dh_params);
gnutls_dh_params_generate2(dh_params, DH_BITS);
return 0;
}
void initialize_tls_global(void)
{
gnutls_global_init ();
gnutls_certificate_allocate_credentials (&x509_cred);
gnutls_certificate_set_x509_trust_file (x509_cred, CACERT,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_crl_file (x509_cred, CACRL,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_file (x509_cred, SERVERCERT, SERVERKEY,
GNUTLS_X509_FMT_PEM);
gnutls_dh_params_init (&dh_params);
gnutls_dh_params_generate2 (dh_params, DH_BITS);
gnutls_certificate_set_dh_params (x509_cred, dh_params);
}
void doit(void)
{
gnutls_dh_params_t dh_params;
gnutls_x509_privkey_t privkey;
gnutls_datum_t p1, g1, p2, g2, q;
unsigned bits = 0;
int ret;
/* import DH parameters from DSA key and verify they are the same */
gnutls_dh_params_init(&dh_params);
gnutls_x509_privkey_init(&privkey);
ret = gnutls_x509_privkey_import(privkey, &dsa_key, GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("error in %s: %d\n", __FILE__, __LINE__);
ret = gnutls_dh_params_import_dsa(dh_params, privkey);
if (ret < 0)
fail("error in %s: %d\n", __FILE__, __LINE__);
ret = gnutls_dh_params_export_raw(dh_params, &p1, &g1, &bits);
if (ret < 0)
fail("error in %s: %d\n", __FILE__, __LINE__);
ret = gnutls_x509_privkey_export_dsa_raw(privkey, &p2, &q, &g2, NULL, NULL);
if (ret < 0)
fail("error in %s: %d\n", __FILE__, __LINE__);
if (bits > q.size*8 || bits < q.size*8-8)
fail("error in %s: %d\n", __FILE__, __LINE__);
if (compare(&p1, &p2) != 0)
fail("error in %s: %d\n", __FILE__, __LINE__);
if (compare(&g1, &g2) != 0)
fail("error in %s: %d\n", __FILE__, __LINE__);
gnutls_free(p1.data);
gnutls_free(g1.data);
gnutls_free(p2.data);
gnutls_free(g2.data);
gnutls_free(q.data);
gnutls_dh_params_deinit(dh_params);
gnutls_x509_privkey_deinit(privkey);
success("all ok\n");
}
void TLSServer::init (
const std::string& ca,
const std::string& crl,
const std::string& cert,
const std::string& key)
{
_ca = ca;
_crl = crl;
_cert = cert;
_key = key;
gnutls_global_init ();
gnutls_certificate_allocate_credentials (&_credentials);
if (_ca != "" &&
gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM) < 0)
throw std::string ("Missing CA file.");
if ( _crl != "" &&
gnutls_certificate_set_x509_crl_file (_credentials, _crl.c_str (), GNUTLS_X509_FMT_PEM) < 0)
throw std::string ("Missing CRL file.");
if (_cert != "" &&
_key != "" &&
gnutls_certificate_set_x509_key_file (_credentials, _cert.c_str (), _key.c_str (), GNUTLS_X509_FMT_PEM) < 0)
throw std::string ("Missing CERT file.");
#if GNUTLS_VERSION_NUMBER >= 0x020b00
#if GNUTLS_VERSION_NUMBER >= 0x03000d
unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
#else
unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL);
#endif
#else
unsigned int bits = DH_BITS;
#endif
gnutls_dh_params_init (&_params);
gnutls_dh_params_generate2 (_params, bits);
if (_ciphers == "")
_ciphers = "NORMAL";
gnutls_priority_init (&_priorities, _ciphers.c_str (), NULL);
gnutls_certificate_set_dh_params (_credentials, _params);
#if GNUTLS_VERSION_NUMBER >= 0x02090a
gnutls_certificate_set_verify_function (_credentials, verify_certificate_callback);
#endif
}
static rfbBool
InitializeTLS(void)
{
int ret;
if (rfbTLSInitialized) return TRUE;
if ((ret = gnutls_global_init()) < 0 ||
(ret = gnutls_dh_params_init(&rfbDHParams)) < 0 ||
(ret = gnutls_dh_params_generate2(rfbDHParams, DH_BITS)) < 0)
{
rfbClientLog("Failed to initialized GnuTLS: %s.\n", gnutls_strerror(ret));
return FALSE;
}
rfbClientLog("GnuTLS initialized.\n");
rfbTLSInitialized = TRUE;
return TRUE;
}
/// Enables TLS on the given server.
static void onion_enable_tls(onion *o){
#ifdef HAVE_PTHREADS
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#endif
if (!(o->flags&O_USE_DEV_RANDOM)){
gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
}
gnutls_global_init ();
gnutls_certificate_allocate_credentials (&o->x509_cred);
gnutls_dh_params_init (&o->dh_params);
gnutls_dh_params_generate2 (o->dh_params, 1024);
gnutls_certificate_set_dh_params (o->x509_cred, o->dh_params);
gnutls_priority_init (&o->priority_cache, "NORMAL", NULL);
o->flags|=O_SSL_ENABLED;
}
int server_create(prelude_client_profile_t *cp, const char *addr, unsigned int port,
prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt)
{
int sock;
size_t size;
struct pollfd pfd[128];
gnutls_dh_params_t dh_params;
#ifdef GNUTLS_SRP_ENABLED
int ret;
ret = gnutls_srp_allocate_server_credentials(&srpcred);
if ( ret < 0 ) {
fprintf(stderr, "error creating SRP credentials: %s.\n", gnutls_strerror(ret));
return -1;
}
gnutls_srp_set_server_credentials_function(srpcred, srp_callback);
#endif
one_shot_passwd = pass;
gnutls_anon_allocate_server_credentials(&anoncred);
fprintf(stderr, "Generating %d bits Diffie-Hellman key for anonymous authentication...", ANON_DH_BITS);
gnutls_dh_params_init(&dh_params);
gnutls_dh_params_generate2(dh_params, ANON_DH_BITS);
gnutls_anon_set_server_dh_params(anoncred, dh_params);
fprintf(stderr, "\n");
size = sizeof(pfd) / sizeof(*pfd);
sock = setup_server(addr, port, pfd, &size);
if ( sock < 0 )
return -1;
wait_connection(cp, sock, pfd, size, keepalive, key, cacrt, crt);
#ifdef GNUTLS_SRP_ENABLED
gnutls_srp_free_server_credentials(srpcred);
#endif
gnutls_anon_free_server_credentials(anoncred);
return 0;
}
static gnutls_dh_params
get_dh_params(void)
{
static gnutls_dh_params dh_params;
static bool initialized = FALSE;
if (!initialized) {
if (gnutls_dh_params_init(&dh_params)) {
g_warning("%s(): gnutls_dh_params_init() failed", G_STRFUNC);
return NULL;
}
if (gnutls_dh_params_generate2(dh_params, TLS_DH_BITS)) {
g_warning("%s(): gnutls_dh_params_generate2() failed", G_STRFUNC);
return NULL;
}
initialized = TRUE;
}
return dh_params;
}
SslContext::SslContext() :
enabled(true),
certFile(this),
keyFile(this),
crlFile(this),
trustFile(this),
error_(),
logger_(0),
numX509Certs_(0),
clientVerifyMode_(GNUTLS_CERT_IGNORE),
caList_(0)
{
TRACE("SslContext()");
gnutls_dh_params_init(&dhParams_);
gnutls_dh_params_generate2(dhParams_, 1024);
gnutls_certificate_allocate_credentials(&certs_);
gnutls_anon_allocate_server_credentials(&anonCreds_);
}
void doit(void)
{
gnutls_dh_params_t dh_params = NULL;
int rc;
rc = global_init();
if (rc)
fail("global_init\n");
if (gnutls_dh_params_init(&dh_params) < 0)
fail("Error in dh parameter initialization\n");
if (gnutls_dh_params_generate2(dh_params, 1024) < 0)
fail("Error in prime generation\n");
gnutls_dh_params_deinit(dh_params);
gnutls_global_deinit();
if (debug)
success("generated DH params OK\n");
}
static struct gnutls_dh_params_int* gnutls_dh_params_create (void) {
struct gnutls_dh_params_int* result = NULL;
struct gnutls_dh_params_int* _result_ = NULL;
gint ret = 0;
struct gnutls_dh_params_int* _tmp0_ = NULL;
gint _tmp1_ = 0;
gint _tmp2_ = 0;
_tmp1_ = gnutls_dh_params_init (&_tmp0_);
_gnutls_dh_params_deinit0 (_result_);
_result_ = _tmp0_;
ret = _tmp1_;
_tmp2_ = ret;
if (_tmp2_ != 0) {
gint _tmp3_ = 0;
const gchar* _tmp4_ = NULL;
_tmp3_ = ret;
_tmp4_ = gnutls_strerror ((int) _tmp3_);
g_error ("gnutls.vapi:359: %s", _tmp4_);
}
result = _result_;
return result;
}
GnuTlsInit::GnuTlsInit()
{
int ret;
cxxtools::MutexLock lock(mutex);
if (_initCount++ == 0)
{
log_debug("gnutls_global_init()");
ret = gnutls_global_init();
if (ret != 0)
throw GnuTlsException("gnutls_global_init", ret);
log_debug("gnutls_dh_params_init(dhParams)");
ret = gnutls_dh_params_init(&_dhParams);
if (ret != 0)
throw GnuTlsException("gnutls_dh_params_init", ret);
log_debug("gnutls_dh_params_generate2(dh_params, 1024)");
ret = gnutls_dh_params_generate2(_dhParams, 1024);
if (ret != 0)
throw GnuTlsException("gnutls_dh_params_generate2", ret);
}
}
