static void SetupNewSession(int index, NetworkAddress * networkAddress, bool client) { DTLS_Session * session = &sessions[index]; session->NetworkAddress = networkAddress; unsigned int flags; #if GNUTLS_VERSION_MAJOR >= 3 if (client) flags = GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK; else flags = GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK; #else if (client) flags = GNUTLS_CLIENT; else flags = GNUTLS_SERVER; #endif if (gnutls_init(&session->Session, flags) == GNUTLS_E_SUCCESS) { gnutls_transport_set_pull_function(session->Session, DecryptCallBack); gnutls_transport_set_push_function(session->Session, SSLSendCallBack); #if GNUTLS_VERSION_MAJOR >= 3 gnutls_transport_set_pull_timeout_function(session->Session, ReceiveTimeout); #endif gnutls_transport_set_ptr(session->Session, session); if (certificate || !pskIdentity) { if (_CertCredentials) { gnutls_credentials_set(session->Session, GNUTLS_CRD_CERTIFICATE, _CertCredentials); } else if (gnutls_certificate_allocate_credentials(&_CertCredentials) == GNUTLS_E_SUCCESS) { if (certificate) { gnutls_datum_t certificateData; certificateData.data = certificate; certificateData.size = certificateLength; int format = GNUTLS_X509_FMT_PEM; if (certificateFormat == AwaCertificateFormat_ASN1) format = GNUTLS_X509_FMT_DER; // if (client) // gnutls_certificate_set_x509_trust_mem(session->Credentials, &certificateData, format); // else gnutls_certificate_set_x509_key_mem(_CertCredentials, &certificateData, &certificateData, format); } #if GNUTLS_VERSION_MAJOR >= 3 gnutls_certificate_set_verify_function(_CertCredentials, CertificateVerify); //gnutls_certificate_set_retrieve_function(xcred, cert_callback); //gnutls_session_set_verify_cert(session->Session, NULL, GNUTLS_VERIFY_DISABLE_CA_SIGN); #else gnutls_certificate_set_verify_flags(_CertCredentials, GNUTLS_VERIFY_DISABLE_CA_SIGN); #endif gnutls_credentials_set(session->Session, GNUTLS_CRD_CERTIFICATE, _CertCredentials); } } else if (pskIdentity) { if (client) { gnutls_psk_client_credentials_t credentials; if (gnutls_psk_allocate_client_credentials(&credentials) == GNUTLS_E_SUCCESS) { if (gnutls_psk_set_client_credentials(credentials, pskIdentity, &pskKey, GNUTLS_PSK_KEY_RAW) == GNUTLS_E_SUCCESS) { gnutls_credentials_set(session->Session, GNUTLS_CRD_PSK, credentials); session->Credentials = credentials; session->CredentialType = CredentialType_ClientPSK; } else { gnutls_psk_set_client_credentials_function(credentials, PSKClientCallBack); session->Credentials = credentials; session->CredentialType = CredentialType_ClientPSK; } } } else { gnutls_psk_server_credentials_t credentials; if (gnutls_psk_allocate_server_credentials(&credentials) == GNUTLS_E_SUCCESS) { gnutls_psk_set_server_credentials_function(credentials, PSKCallBack); gnutls_credentials_set(session->Session, GNUTLS_CRD_PSK, credentials); session->Credentials = credentials; session->CredentialType = CredentialType_ServerPSK; } } } gnutls_priority_set(session->Session, _PriorityCache); if (!client) { gnutls_certificate_server_set_request(session->Session, GNUTLS_CERT_REQUEST); // GNUTLS_CERT_IGNORE Don't require Client Cert } #if GNUTLS_VERSION_MAJOR >= 3 gnutls_handshake_set_timeout(session->Session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); #endif } }
static void init_global_tls_stuff (void) { int ret; /* X509 stuff */ if (gnutls_certificate_allocate_credentials (&xcred) < 0) { fprintf (stderr, "Certificate allocation memory error\n"); exit (1); } if (x509_cafile != NULL) { ret = gnutls_certificate_set_x509_trust_file (xcred, x509_cafile, x509ctype); if (ret < 0) { fprintf (stderr, "Error setting the x509 trust file\n"); } else { printf ("Processed %d CA certificate(s).\n", ret); } } #ifdef ENABLE_PKI if (x509_crlfile != NULL) { ret = gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile, x509ctype); if (ret < 0) { fprintf (stderr, "Error setting the x509 CRL file\n"); } else { printf ("Processed %d CRL(s).\n", ret); } } #endif load_keys (); #ifdef ENABLE_OPENPGP if (pgp_keyring != NULL) { ret = gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring, GNUTLS_OPENPGP_FMT_BASE64); if (ret < 0) { fprintf (stderr, "Error setting the OpenPGP keyring file\n"); } } #endif #ifdef ENABLE_SRP if (srp_username && srp_passwd) { /* SRP stuff */ if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0) { fprintf (stderr, "SRP authentication error\n"); } gnutls_srp_set_client_credentials_function (srp_cred, srp_username_callback); } #endif #ifdef ENABLE_PSK /* PSK stuff */ if (gnutls_psk_allocate_client_credentials (&psk_cred) < 0) { fprintf (stderr, "PSK authentication error\n"); } if (psk_username && psk_key.data) { ret = gnutls_psk_set_client_credentials (psk_cred, psk_username, &psk_key, GNUTLS_PSK_KEY_HEX); if (ret < 0) { fprintf (stderr, "Error setting the PSK credentials: %s\n", gnutls_strerror (ret)); } } gnutls_psk_set_client_credentials_function (psk_cred, psk_callback); #endif #ifdef ENABLE_ANON /* ANON stuff */ if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0) { fprintf (stderr, "Anonymous authentication error\n"); } #endif }
void psk_client_credentials:: set_credentials_function (gnutls_psk_client_credentials_function * func) { gnutls_psk_set_client_credentials_function (cred, func); }