SslSocket::SslSocket(SslDriver *driver, struct ev_loop *loop, int fd, int af) : x0::Socket(loop, fd, af), #ifndef XZERO_NDEBUG ctime_(ev_now(loop)), #endif driver_(driver), context_(nullptr), session_() { TRACE("SslSocket()"); setSecure(true); setState(Handshake); GNUTLS_CHECK( gnutls_init(&session_, GNUTLS_SERVER) ); gnutls_handshake_set_post_client_hello_function(session_, &SslSocket::onClientHello); gnutls_certificate_server_set_request(session_, GNUTLS_CERT_REQUEST); gnutls_dh_set_prime_bits(session_, 1024); gnutls_session_enable_compatibility_mode(session_); gnutls_session_set_ptr(session_, this); gnutls_transport_set_ptr(session_, reinterpret_cast<gnutls_transport_ptr_t>(handle())); driver_->initialize(this); }
liGnuTLSFilter* li_gnutls_filter_new( liServer *srv, liWorker *wrk, const liGnuTLSFilterCallbacks *callbacks, gpointer data, gnutls_session_t session, liStream *crypt_source, liStream *crypt_drain ) { liEventLoop *loop = crypt_source->loop; liGnuTLSFilter *f; liCQLimit *out_limit; f = g_slice_new0(liGnuTLSFilter); f->refcount = 5; /* 1 + 4 streams */ f->callbacks = callbacks; f->callback_data = data; f->srv = srv; f->wrk = wrk; f->session = session; gnutls_transport_set_ptr(f->session, (gnutls_transport_ptr_t) f); gnutls_transport_set_push_function(f->session, stream_push); #ifdef HAVE_GIOVEC gnutls_transport_set_vec_push_function(f->session, stream_pushv); #endif gnutls_transport_set_pull_function(f->session, stream_pull); gnutls_session_set_ptr(f->session, f); gnutls_handshake_set_post_client_hello_function(f->session, post_client_hello_cb); f->initial_handshaked_finished = 0; f->closing = f->aborted = 0; f->write_wants_read = 0; li_stream_init(&f->crypt_source, loop, stream_crypt_source_cb); li_stream_init(&f->crypt_drain, loop, stream_crypt_drain_cb); li_stream_init(&f->plain_source, loop, stream_plain_source_cb); li_stream_init(&f->plain_drain, loop, stream_plain_drain_cb); /* "virtual" connections - the content goes through SSL */ li_stream_connect(&f->plain_drain, &f->crypt_source); li_stream_connect(&f->crypt_drain, &f->plain_source); li_stream_connect(crypt_source, &f->crypt_drain); li_stream_connect(&f->crypt_source, crypt_drain); /* separate limit for buffer of encrypted data * * f->plain_drain is already connected to f->crypt_source, * so they won't share the same limit */ out_limit = li_cqlimit_new(); out_limit->notify = stream_crypt_source_limit_notify_cb; out_limit->context = f; li_cqlimit_set_limit(out_limit, 32*1024); li_chunkqueue_set_limit(crypt_drain->out, out_limit); li_chunkqueue_set_limit(f->crypt_source.out, out_limit); li_cqlimit_release(out_limit); return f; }
void doit(void) { /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; gnutls_session_t server; int sret = GNUTLS_E_AGAIN; /* Client stuff. */ gnutls_certificate_credentials_t clientx509cred; gnutls_session_t client; int cret = GNUTLS_E_AGAIN; /* General init. */ global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(2); /* Init server */ gnutls_certificate_allocate_credentials(&serverx509cred); gnutls_certificate_set_x509_key_mem(serverx509cred, &server_cert, &server_key, GNUTLS_X509_FMT_PEM); gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct(server, "NORMAL", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); gnutls_certificate_set_verify_function(serverx509cred, server_callback); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); gnutls_handshake_set_post_client_hello_function(server, post_client_hello_callback); gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, handshake_callback); /* Init client */ gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); gnutls_certificate_set_verify_function(clientx509cred, client_callback); HANDSHAKE(client, server); gnutls_bye(client, GNUTLS_SHUT_RDWR); gnutls_bye(server, GNUTLS_SHUT_RDWR); gnutls_deinit(client); gnutls_deinit(server); gnutls_certificate_free_credentials(serverx509cred); gnutls_certificate_free_credentials(clientx509cred); gnutls_global_deinit(); if (pch_ok == 0) fail("Post client hello callback wasn't called\n"); if (server_ok == 0) fail("Server certificate verify callback wasn't called\n"); if (client_ok == 0) fail("Client certificate verify callback wasn't called\n"); }