/** Create a GNUTLS session. * Initialises the cyphers and the session database for a new TLS * session. * * @returns The newly created TLS session. */ static gnutls_session_t _crywrap_tls_session_create(const crywrap_config_t * config) { gnutls_session_t session; int ret; gnutls_init(&session, GNUTLS_SERVER); if (config->anon) { gnutls_credentials_set(session, GNUTLS_CRD_ANON, cred); } else { gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred); } ret = gnutls_priority_set(session, config->priority); if (ret < 0) { cry_error("Error setting priority %s: ", gnutls_strerror(ret)); exit(4); } if (config->verify == 1) gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUEST); else if (config->verify == 2) gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE); return session; }
bool gtlsServerData::initSession(gnutls_session_t & _session) { bool status = true; int ret = 0; // Create a session. ret = gnutls_init (&_session, GNUTLS_SERVER); if (ret < 0) { initialized_ = false; } // printerror("gnutls_init", ret); // Set the default priority. ret = gnutls_set_default_priority(_session); if (ret < 0) { initialized_ = false; } // printerror("gnutls_set_default_priority", ret); ret = gnutls_credentials_set(_session, GNUTLS_CRD_CERTIFICATE, gtlsglobalserverdata_->cert_cred); if (ret < 0) { initialized_ = false; } // printerror("gnutls_credentials_set", ret); gnutls_certificate_server_set_request(_session, GNUTLS_CERT_REQUEST); gnutls_dh_set_prime_bits(_session, gtlsGeneric::GNUTLSIF_DH_BITS); // GNUTLS_NOTICE("Created new TLS session with id = " << _session); return status; }
void rb_ssl_accept_setup(rb_fde_t *F, rb_fde_t *new_F, struct sockaddr *st, int addrlen) { new_F->type |= RB_FD_SSL; new_F->ssl = rb_malloc(sizeof(gnutls_session_t)); new_F->accept = rb_malloc(sizeof(struct acceptdata)); new_F->accept->callback = F->accept->callback; new_F->accept->data = F->accept->data; rb_settimeout(new_F, 10, rb_ssl_timeout, NULL); memcpy(&new_F->accept->S, st, addrlen); new_F->accept->addrlen = addrlen; gnutls_init((gnutls_session_t *) new_F->ssl, GNUTLS_SERVER); gnutls_set_default_priority(SSL_P(new_F)); gnutls_credentials_set(SSL_P(new_F), GNUTLS_CRD_CERTIFICATE, x509); gnutls_dh_set_prime_bits(SSL_P(new_F), 1024); gnutls_transport_set_ptr(SSL_P(new_F), (gnutls_transport_ptr_t) (long int)rb_get_fd(new_F)); gnutls_certificate_server_set_request(SSL_P(new_F), GNUTLS_CERT_REQUEST); if(do_ssl_handshake(F, rb_ssl_tryaccept)) { struct acceptdata *ad = F->accept; F->accept = NULL; ad->callback(F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data); rb_free(ad); } }
static void test_failure_server(void) { /* Server stuff. */ gnutls_certificate_credentials_t serverx509cred; gnutls_session_t server; int sret = GNUTLS_E_AGAIN; /* Client stuff. */ gnutls_certificate_credentials_t clientx509cred; gnutls_session_t client; int cret = GNUTLS_E_AGAIN; /* General init. */ to_server_len = 0; to_client_len = 0; client_ret_val = 0; server_ret_val = GNUTLS_E_CERTIFICATE_ERROR; server_ok = 0; client_ok = 0; /* Init server */ gnutls_certificate_allocate_credentials(&serverx509cred); gnutls_certificate_set_x509_key_mem(serverx509cred, &server_cert, &server_key, GNUTLS_X509_FMT_PEM); gnutls_init(&server, GNUTLS_SERVER); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct(server, "NORMAL", NULL); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); gnutls_session_set_verify_function(server, server_callback); gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); /* Init client */ gnutls_certificate_allocate_credentials(&clientx509cred); gnutls_init(&client, GNUTLS_CLIENT); gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); gnutls_priority_set_direct(client, "NORMAL", NULL); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_ptr(client, client); gnutls_session_set_verify_function(client, client_callback); HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_CERTIFICATE_ERROR); gnutls_deinit(client); gnutls_deinit(server); gnutls_certificate_free_credentials(serverx509cred); gnutls_certificate_free_credentials(clientx509cred); if (server_ok == 0) fail("%s: certificate verify callback wasn't called\n", __func__); }
/// Initializes GNUTLS session on the given socket. static gnutls_session_t onion_prepare_gnutls_session(onion *o, int clientfd){ gnutls_session_t session; gnutls_init (&session, GNUTLS_SERVER); gnutls_priority_set (session, o->priority_cache); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, o->x509_cred); /* request client certificate if any. */ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); /* Set maximum compatibility mode. This is only suggested on public webservers * that need to trade security for compatibility */ gnutls_session_enable_compatibility_mode (session); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t)(long) clientfd); int ret; int n_tries=0; do{ ret = gnutls_handshake (session); if (n_tries++>10) // Ok, dont abuse the system. Maybe trying to DoS me? break; }while (ret<0 && gnutls_error_is_fatal(ret)==0); if (ret<0){ // could not handshake. assume an error. ONION_ERROR("Handshake has failed (%s)", gnutls_strerror (ret)); gnutls_deinit (session); return NULL; } return session; }
static gnutls_session_t initialize_tls_session (void) { gnutls_session_t session; gnutls_init (&session, GNUTLS_CLIENT); int data_length=0;//hard-coding this length assuming 4 proxies already exist in the connection. void *data=malloc(80); /*printf("Existing Proxy_Info retrived by proxy from outgoing TLS connection\n"); for(int i=0;i<data_length;i+=4){ int random_num=rand()%20; printf("%u ",random_num); if((i-1)%5==0&&i!=0) printf("\n"); memcpy(data+i,&random_num,sizeof(int)); } */ gnutls_proxyinfo_set (session, GNUTLS_NAME_DNS, "karthikmihir",strlen("karthikmihir"),data,data_length,0); gnutls_priority_set (session, priority_cache); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred); /* request client certificate if any. */ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); /* Set maximum compatibility mode. This is only suggested on public webservers * that need to trade security for compatibility */ gnutls_session_enable_compatibility_mode (session); return session; }
static void session_init(int sock, int server) { gnutls_init(&session, GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT) | GNUTLS_NONBLOCK * nonblock); gnutls_priority_set_direct(session, "+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+ECDHE-RSA:+ANON-ECDH", 0); gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) (intptr_t) sock); if (full) { gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred); if (server) { gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE); } } else if (server) { gnutls_anon_server_credentials_t cred; gnutls_anon_allocate_server_credentials(&cred); gnutls_credentials_set(session, GNUTLS_CRD_ANON, cred); } else { gnutls_anon_client_credentials_t cred; gnutls_anon_allocate_client_credentials(&cred); gnutls_credentials_set(session, GNUTLS_CRD_ANON, cred); } gnutls_transport_set_push_function(session, writefn); gnutls_dtls_set_mtu(session, 1400); gnutls_dtls_set_timeouts(session, retransmit_milliseconds, timeout_seconds * 1000); }
static tls_session * tlsg_session_new ( tls_ctx * ctx, int is_server ) { tlsg_ctx *c = (tlsg_ctx *)ctx; tlsg_session *session; session = ber_memcalloc ( 1, sizeof (*session) ); if ( !session ) return NULL; session->ctx = c; gnutls_init( &session->session, is_server ? GNUTLS_SERVER : GNUTLS_CLIENT ); gnutls_priority_set( session->session, c->prios ); if ( c->cred ) gnutls_credentials_set( session->session, GNUTLS_CRD_CERTIFICATE, c->cred ); if ( is_server ) { int flag = 0; if ( c->lo->ldo_tls_require_cert ) { flag = GNUTLS_CERT_REQUEST; if ( c->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND || c->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD ) flag = GNUTLS_CERT_REQUIRE; gnutls_certificate_server_set_request( session->session, flag ); } } return (tls_session *)session; }
static gnutls_session new_tls_session(int sock) { int ret; gnutls_session session; const int kx_priority[] = { GNUTLS_KX_ANON_DH, #ifdef GNUTLS_SRP_ENABLED GNUTLS_KX_SRP, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP_RSA, #endif 0 }; gnutls_init(&session, GNUTLS_SERVER); gnutls_set_default_priority(session); gnutls_kx_set_priority(session, kx_priority); #ifdef GNUTLS_SRP_ENABLED gnutls_credentials_set(session, GNUTLS_CRD_SRP, srpcred); gnutls_certificate_server_set_request(session, GNUTLS_CERT_IGNORE); #endif gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); gnutls_transport_set_ptr(session, fd_to_ptr(sock)); gnutls_transport_set_pull_function(session, tls_pull); gnutls_transport_set_push_function(session, tls_push); ret = gnutls_handshake(session); if ( ret < 0 ) { fprintf(stderr, "GnuTLS handshake failed: %s.\n", gnutls_strerror(ret)); gnutls_alert_send_appropriate(session, ret); return NULL; } return session; }
SslSocket::SslSocket(SslDriver *driver, struct ev_loop *loop, int fd, int af) : x0::Socket(loop, fd, af), #ifndef XZERO_NDEBUG ctime_(ev_now(loop)), #endif driver_(driver), context_(nullptr), session_() { TRACE("SslSocket()"); setSecure(true); setState(Handshake); GNUTLS_CHECK( gnutls_init(&session_, GNUTLS_SERVER) ); gnutls_handshake_set_post_client_hello_function(session_, &SslSocket::onClientHello); gnutls_certificate_server_set_request(session_, GNUTLS_CERT_REQUEST); gnutls_dh_set_prime_bits(session_, 1024); gnutls_session_enable_compatibility_mode(session_); gnutls_session_set_ptr(session_, this); gnutls_transport_set_ptr(session_, reinterpret_cast<gnutls_transport_ptr_t>(handle())); driver_->initialize(this); }
void rb_ssl_start_accepted(rb_fde_t *new_F, ACCB * cb, void *data, int timeout) { gnutls_session_t *ssl; new_F->type |= RB_FD_SSL; ssl = new_F->ssl = rb_malloc(sizeof(gnutls_session_t)); new_F->accept = rb_malloc(sizeof(struct acceptdata)); new_F->accept->callback = cb; new_F->accept->data = data; rb_settimeout(new_F, timeout, rb_ssl_timeout, NULL); new_F->accept->addrlen = 0; gnutls_init(ssl, GNUTLS_SERVER); gnutls_set_default_priority(*ssl); gnutls_credentials_set(*ssl, GNUTLS_CRD_CERTIFICATE, x509); gnutls_dh_set_prime_bits(*ssl, 1024); gnutls_transport_set_ptr(*ssl, (gnutls_transport_ptr_t) (long int)new_F->fd); gnutls_certificate_server_set_request(*ssl, GNUTLS_CERT_REQUEST); if(do_ssl_handshake(new_F, rb_ssl_tryaccept)) { struct acceptdata *ad = new_F->accept; new_F->accept = NULL; ad->callback(new_F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data); rb_free(ad); } }
gnutls_session initialize_tls_session (int sd, char* CN) { int ret; gnutls_session session; gnutls_init (&session, GNUTLS_SERVER); gnutls_set_default_priority (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE); gnutls_dh_set_prime_bits (session, DH_BITS); gnutls_transport_set_ptr (session, (gnutls_transport_ptr) GINT_TO_POINTER(sd)); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); quorum_log(LOG_WARNING,"handshake failed"); return NULL; } if (verify_certificate(session,CN) < 0) { return NULL; } return session; }
/** Set up the given session with the settings in this profile */ void SetupSession(gnutls_session_t sess) { priority.SetupSession(sess); x509cred.SetupSession(sess); gnutls_dh_set_prime_bits(sess, min_dh_bits); // Request client certificate if we are a server, no-op if we're a client gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST); }
void TLSTransaction::init (TLSServer& server) { gnutls_init (&_session, GNUTLS_SERVER); gnutls_priority_set (_session, server._priorities); gnutls_credentials_set (_session, GNUTLS_CRD_CERTIFICATE, server._credentials); // Require client certificate. gnutls_certificate_server_set_request (_session, GNUTLS_CERT_REQUIRE); /* // Set maximum compatibility mode. This is only suggested on public // webservers that need to trade security for compatibility gnutls_session_enable_compatibility_mode (_session); */ struct sockaddr_in sa_cli = {0}; socklen_t client_len = sizeof sa_cli; do { _socket = accept (server._socket, (struct sockaddr *) &sa_cli, &client_len); } while (errno == EINTR); if (_socket < 0) throw std::string (::strerror (errno)); // Obtain client info. char topbuf[512]; _address = inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)); _port = ntohs (sa_cli.sin_port); if (_debug) std::cout << "s: INFO connection from " << _address << " port " << _port << "\n"; #if GNUTLS_VERSION_NUMBER >= 0x030109 gnutls_transport_set_int (_session, _socket); #else gnutls_transport_set_ptr (_session, (gnutls_transport_ptr_t) (long) _socket); #endif // Key exchange. int ret; do { ret = gnutls_handshake (_session); } while (ret < 0 && gnutls_error_is_fatal (ret) == 0); if (ret < 0) throw std::string ("Handshake has failed (") + gnutls_strerror (ret) + ")"; if (_debug) std::cout << "s: INFO Handshake was completed\n"; }
void InitSession(StreamSocket* user, bool me_server) { gnutls_init(&sess, me_server ? GNUTLS_SERVER : GNUTLS_CLIENT); profile->SetupSession(sess); gnutls_transport_set_ptr(sess, reinterpret_cast<gnutls_transport_ptr_t>(user)); gnutls_transport_set_push_function(sess, gnutls_push_wrapper); gnutls_transport_set_pull_function(sess, gnutls_pull_wrapper); if (me_server) gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST); // Request client certificate if any. }
void SslContext::bind(SslSocket *socket) { TRACE("bind() (cn=\"%s\")", commonName().c_str()); socket->context_ = this; gnutls_certificate_server_set_request(socket->session_, clientVerifyMode_); gnutls_credentials_set(socket->session_, GNUTLS_CRD_CERTIFICATE, certs_); gnutls_credentials_set(socket->session_, GNUTLS_CRD_ANON, anonCreds_); // XXX following function is marked deprecated and has no replacement API it seems. //const int cprio[] = { GNUTLS_CRT_X509, 0 }; //gnutls_certificate_type_set_priority(socket->session_, cprio); }
int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, int verify_peer) { if (conn == NULL || conn->session == NULL) return -1; conn->verify_peer = verify_peer; gnutls_certificate_server_set_request(conn->session, verify_peer ? GNUTLS_CERT_REQUIRE : GNUTLS_CERT_REQUEST); return 0; }
/* * Starts a standard gnutls session * on a server port. */ static gnutls_session_t initialize_tls_session (void) { gnutls_session_t session; gnutls_init (&session, GNUTLS_SERVER); gnutls_priority_set (session, priority_cache); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred); gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); return session; }
void ssl_init(struct sockifo* ifo, const char* key, const char* cert, const char* ca, int server) { int rv; rv = gnutls_certificate_allocate_credentials(&ifo->xcred); if (rv < 0) goto out_err; if (cert && *cert) { rv = gnutls_certificate_set_x509_key_file(ifo->xcred, cert, key, GNUTLS_X509_FMT_PEM); if (rv < 0) goto out_err_cred; } if (ca && *ca) { if (!access(ca, R_OK)) { ifo->state.ssl_verify_type = VERIFY_CA; rv = gnutls_certificate_set_x509_trust_file(ifo->xcred, ca, GNUTLS_X509_FMT_PEM); if (rv < 0) goto out_err_cred; } else { ifo->state.ssl_verify_type = VERIFY_FP; ifo->fingerprint = strdup(ca); } } gnutls_certificate_set_dh_params(ifo->xcred, dh_params); rv = gnutls_init(&ifo->ssl, server ? GNUTLS_SERVER : GNUTLS_CLIENT); if (rv < 0) goto out_err_cred; rv = gnutls_set_default_priority(ifo->ssl); if (rv < 0) goto out_err_all; rv = gnutls_credentials_set(ifo->ssl, GNUTLS_CRD_CERTIFICATE, ifo->xcred); if (rv < 0) goto out_err_all; if (server) { gnutls_dh_set_prime_bits(ifo->ssl, 1024); gnutls_certificate_server_set_request(ifo->ssl, GNUTLS_CERT_REQUEST); } gnutls_transport_set_ptr(ifo->ssl, (gnutls_transport_ptr_t)(long) ifo->fd); ifo->state.ssl = SSL_HSHK; if (!ifo->state.connpend) ssl_handshake(ifo); return; out_err_all: gnutls_deinit(ifo->ssl); out_err_cred: gnutls_certificate_free_credentials(ifo->xcred); if (ifo->fingerprint) free(ifo->fingerprint); out_err: esock(ifo, gnutls_strerror(rv)); }
SSL_handle_t * SSLi_newconnection( int * fileDescriptor, bool_t * isSSLReady ) { gnutls_session_t * session = calloc(1, sizeof(gnutls_session_t)); gnutls_init(session, GNUTLS_SERVER); gnutls_priority_set(*session, cipherCache); gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE, certificate); gnutls_certificate_server_set_request(*session, GNUTLS_CERT_REQUIRE); gnutls_transport_set_int(*session, *fileDescriptor); if(isSSLReady && SSLi_nonblockaccept(session, isSSLReady)) *isSSLReady = true; return session; }
static gnutls_session_t new_tls_session(int sock) { int ret; gnutls_session_t session; const char *err; #if defined LIBGNUTLS_VERSION_MAJOR && LIBGNUTLS_VERSION_MAJOR >= 3 # define TLS_DH_STR "+ANON-ECDH:+ANON-DH" #else # define TLS_DH_STR "+ANON-DH" #endif #ifdef GNUTLS_SRP_ENABLED const char *pstring = "NORMAL:+SRP:+SRP-DSS:+SRP-RSA:" TLS_DH_STR; #else const char *pstring = "NORMAL:" TLS_DH_STR; #endif gnutls_init(&session, GNUTLS_SERVER); gnutls_set_default_priority(session); ret = gnutls_priority_set_direct(session, pstring, &err); if (ret < 0) { fprintf(stderr, "TLS priority syntax error at: %s\n", err); return NULL; } #ifdef GNUTLS_SRP_ENABLED gnutls_credentials_set(session, GNUTLS_CRD_SRP, srpcred); gnutls_certificate_server_set_request(session, GNUTLS_CERT_IGNORE); #endif gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); gnutls_transport_set_ptr(session, fd_to_ptr(sock)); gnutls_transport_set_pull_function(session, tls_pull); gnutls_transport_set_push_function(session, tls_push); ret = gnutls_handshake(session); if ( ret < 0 ) { fprintf(stderr, "GnuTLS handshake failed: %s.\n", gnutls_strerror(ret)); gnutls_alert_send_appropriate(session, ret); return NULL; } return session; }
static gnutls_session_t initialize_tls_session (void) { gnutls_session_t session; gnutls_init (&session, GNUTLS_SERVER); gnutls_priority_set_direct (session, "NORMAL", NULL); /* request client certificate if any. */ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); gnutls_dh_set_prime_bits (session, DH_BITS); return session; }
static gnutls_session_t initialize_tls_session (void) { gnutls_session_t session; gnutls_init (&session, GNUTLS_SERVER); gnutls_priority_set (session, priority_cache); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred); /* We don't request any certificate from the client. * If we did we would need to verify it. */ gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE); return session; }
int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) { int ret; ne_ssl_socket ssl; #if defined(HAVE_OPENSSL) ssl = SSL_new(ctx->ctx); SSL_set_fd(ssl, sock->fd); sock->ssl = ssl; ret = SSL_accept(ssl); if (ret != 1) { return error_ossl(sock, ret); } #elif defined(HAVE_GNUTLS) gnutls_init(&ssl, GNUTLS_SERVER); gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); gnutls_set_default_priority(ssl); /* Set up dummy session cache. */ gnutls_db_set_store_function(ssl, store_sess); gnutls_db_set_retrieve_function(ssl, retrieve_sess); gnutls_db_set_remove_function(ssl, remove_sess); gnutls_db_set_ptr(ssl, ctx); if (ctx->verify) gnutls_certificate_server_set_request(ssl, GNUTLS_CERT_REQUEST); sock->ssl = ssl; gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr) sock->fd); ret = gnutls_handshake(ssl); if (ret < 0) { return error_gnutls(sock, ret); } if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { set_error(sock, _("Client certificate verification failed")); return NE_SOCK_ERROR; } #endif sock->ops = &iofns_ssl; return 0; }
static gnutls_session_t initialize_tls_session (void) { gnutls_session_t session; gnutls_init (&session, GNUTLS_SERVER); gnutls_priority_set_direct (session, "NORMAL:+SRP:+SRP-DSS:+SRP-RSA", NULL); gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred); /* for the certificate authenticated ciphersuites. */ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred); /* request client certificate if any. */ gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE); return session; }
gnutls_session_t context::session(context *ctx) { SSL ssl = NULL; if(ctx && ctx->xcred && ctx->err() == secure::OK) { gnutls_init(&ssl, ctx->connect); switch(ctx->connect) { case GNUTLS_CLIENT: gnutls_priority_set_direct(ssl, "PERFORMANCE", NULL); break; case GNUTLS_SERVER: gnutls_priority_set(ssl, context::priority_cache); gnutls_certificate_server_set_request(ssl, GNUTLS_CERT_REQUEST); gnutls_session_enable_compatibility_mode(ssl); default: break; } gnutls_credentials_set(ssl, ctx->xtype, ctx->xcred); } return ssl; }
void InitSession(StreamSocket* user, bool me_server) { issl_session* session = &sessions[user->GetFd()]; gnutls_init(&session->sess, me_server ? GNUTLS_SERVER : GNUTLS_CLIENT); session->socket = user; #ifdef GNUTLS_NEW_PRIO_API gnutls_priority_set(session->sess, priority); #endif gnutls_credentials_set(session->sess, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_dh_set_prime_bits(session->sess, dh_bits); gnutls_transport_set_ptr(session->sess, reinterpret_cast<gnutls_transport_ptr_t>(session)); gnutls_transport_set_push_function(session->sess, gnutls_push_wrapper); gnutls_transport_set_pull_function(session->sess, gnutls_pull_wrapper); if (me_server) gnutls_certificate_server_set_request(session->sess, GNUTLS_CERT_REQUEST); // Request client certificate if any. Handshake(session, user); }
static gnutls_session_t initialize_tls_session(void) { gnutls_session_t session; gnutls_init(&session, GNUTLS_SERVER); /* avoid calling all the priority functions, since the defaults * are adequate. */ gnutls_priority_set_direct(session, "NORMAL:+CTYPE-OPENPGP:+DHE-DSS:+SIGN-DSA-SHA1:+SIGN-DSA-SHA256", NULL); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, pgp_cred); /* request client certificate if any. */ gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUEST); gnutls_dh_set_prime_bits(session, DH_BITS); return session; }
gnutls_session_t initialize_tls_session (void) { gnutls_session_t session; gnutls_init (&session, GNUTLS_SERVER); /* avoid calling all the priority functions, since the defaults * are adequate. */ gnutls_set_default_priority (session); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred); /* request client certificate if any. */ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); gnutls_dh_set_prime_bits (session, DH_BITS); return session; }
static gnutls_session_t initialize_tls_session (void) { gnutls_session_t session; gnutls_init (&session, GNUTLS_SERVER); gnutls_priority_set (session, priority_cache); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred); /* request client certificate if any. */ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); /* Set maximum compatibility mode. This is only suggested on public webservers * that need to trade security for compatibility */ gnutls_session_enable_compatibility_mode (session); return session; }