static void SetupNewSession(int index, NetworkAddress * networkAddress, bool client)
{
DTLS_Session * session = &sessions[index];
session->NetworkAddress = networkAddress;
unsigned int flags;
#if GNUTLS_VERSION_MAJOR >= 3
if (client)
flags = GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK;
else
flags = GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK;
#else
if (client)
flags = GNUTLS_CLIENT;
else
flags = GNUTLS_SERVER;
#endif
if (gnutls_init(&session->Session, flags) == GNUTLS_E_SUCCESS)
{
gnutls_transport_set_pull_function(session->Session, DecryptCallBack);
gnutls_transport_set_push_function(session->Session, SSLSendCallBack);
#if GNUTLS_VERSION_MAJOR >= 3
gnutls_transport_set_pull_timeout_function(session->Session, ReceiveTimeout);
#endif
gnutls_transport_set_ptr(session->Session, session);
if (certificate || !pskIdentity)
{
if (_CertCredentials)
{
gnutls_credentials_set(session->Session, GNUTLS_CRD_CERTIFICATE, _CertCredentials);
}
else if (gnutls_certificate_allocate_credentials(&_CertCredentials) == GNUTLS_E_SUCCESS)
{
if (certificate)
{
gnutls_datum_t certificateData;
certificateData.data = certificate;
certificateData.size = certificateLength;
int format = GNUTLS_X509_FMT_PEM;
if (certificateFormat == AwaCertificateFormat_ASN1)
format = GNUTLS_X509_FMT_DER;
// if (client)
// gnutls_certificate_set_x509_trust_mem(session->Credentials, &certificateData, format);
// else
gnutls_certificate_set_x509_key_mem(_CertCredentials, &certificateData, &certificateData, format);
}
#if GNUTLS_VERSION_MAJOR >= 3
gnutls_certificate_set_verify_function(_CertCredentials, CertificateVerify);
//gnutls_certificate_set_retrieve_function(xcred, cert_callback);
//gnutls_session_set_verify_cert(session->Session, NULL, GNUTLS_VERIFY_DISABLE_CA_SIGN);
#else
gnutls_certificate_set_verify_flags(_CertCredentials, GNUTLS_VERIFY_DISABLE_CA_SIGN);
#endif
gnutls_credentials_set(session->Session, GNUTLS_CRD_CERTIFICATE, _CertCredentials);
}
}
else if (pskIdentity)
{
if (client)
{
gnutls_psk_client_credentials_t credentials;
if (gnutls_psk_allocate_client_credentials(&credentials) == GNUTLS_E_SUCCESS)
{
if (gnutls_psk_set_client_credentials(credentials, pskIdentity, &pskKey, GNUTLS_PSK_KEY_RAW) == GNUTLS_E_SUCCESS)
{
gnutls_credentials_set(session->Session, GNUTLS_CRD_PSK, credentials);
session->Credentials = credentials;
session->CredentialType = CredentialType_ClientPSK;
}
else
{
gnutls_psk_set_client_credentials_function(credentials, PSKClientCallBack);
session->Credentials = credentials;
session->CredentialType = CredentialType_ClientPSK;
}
}
}
else
{
gnutls_psk_server_credentials_t credentials;
if (gnutls_psk_allocate_server_credentials(&credentials) == GNUTLS_E_SUCCESS)
{
gnutls_psk_set_server_credentials_function(credentials, PSKCallBack);
gnutls_credentials_set(session->Session, GNUTLS_CRD_PSK, credentials);
session->Credentials = credentials;
session->CredentialType = CredentialType_ServerPSK;
}
}
}
gnutls_priority_set(session->Session, _PriorityCache);
if (!client)
{
gnutls_certificate_server_set_request(session->Session, GNUTLS_CERT_REQUEST); // GNUTLS_CERT_IGNORE Don't require Client Cert
}
#if GNUTLS_VERSION_MAJOR >= 3
gnutls_handshake_set_timeout(session->Session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
#endif
}
}
static void
init_global_tls_stuff (void)
{
int ret;
/* X509 stuff */
if (gnutls_certificate_allocate_credentials (&xcred) < 0)
{
fprintf (stderr, "Certificate allocation memory error\n");
exit (1);
}
if (x509_cafile != NULL)
{
ret = gnutls_certificate_set_x509_trust_file (xcred,
x509_cafile, x509ctype);
if (ret < 0)
{
fprintf (stderr, "Error setting the x509 trust file\n");
}
else
{
printf ("Processed %d CA certificate(s).\n", ret);
}
}
#ifdef ENABLE_PKI
if (x509_crlfile != NULL)
{
ret = gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile,
x509ctype);
if (ret < 0)
{
fprintf (stderr, "Error setting the x509 CRL file\n");
}
else
{
printf ("Processed %d CRL(s).\n", ret);
}
}
#endif
load_keys ();
#ifdef ENABLE_OPENPGP
if (pgp_keyring != NULL)
{
ret =
gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring,
GNUTLS_OPENPGP_FMT_BASE64);
if (ret < 0)
{
fprintf (stderr, "Error setting the OpenPGP keyring file\n");
}
}
#endif
#ifdef ENABLE_SRP
if (srp_username && srp_passwd)
{
/* SRP stuff */
if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
{
fprintf (stderr, "SRP authentication error\n");
}
gnutls_srp_set_client_credentials_function (srp_cred,
srp_username_callback);
}
#endif
#ifdef ENABLE_PSK
/* PSK stuff */
if (gnutls_psk_allocate_client_credentials (&psk_cred) < 0)
{
fprintf (stderr, "PSK authentication error\n");
}
if (psk_username && psk_key.data)
{
ret = gnutls_psk_set_client_credentials (psk_cred,
psk_username, &psk_key,
GNUTLS_PSK_KEY_HEX);
if (ret < 0)
{
fprintf (stderr, "Error setting the PSK credentials: %s\n",
gnutls_strerror (ret));
}
}
gnutls_psk_set_client_credentials_function (psk_cred, psk_callback);
#endif
#ifdef ENABLE_ANON
/* ANON stuff */
if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
{
fprintf (stderr, "Anonymous authentication error\n");
}
#endif
}
void psk_client_credentials::
set_credentials_function (gnutls_psk_client_credentials_function * func)
{
gnutls_psk_set_client_credentials_function (cred, func);
}
