C++ (Cpp) gnutls_set_default_priority示例

示例#1

文件： remote.c 项目： KevenChang/pacemaker

void *
create_psk_tls_session(int csock, int type /* GNUTLS_SERVER, GNUTLS_CLIENT */ , void *credentials)
{
    gnutls_session_t *session = gnutls_malloc(sizeof(gnutls_session_t));

    gnutls_init(session, type);
#  ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT
    gnutls_priority_set_direct(*session, "NORMAL:+DHE-PSK:+PSK", NULL);
#  else
    gnutls_set_default_priority(*session);
    gnutls_kx_set_priority(*session, psk_tls_kx_order);
#  endif
    gnutls_transport_set_ptr(*session, (gnutls_transport_ptr_t) GINT_TO_POINTER(csock));
    switch (type) {
        case GNUTLS_SERVER:
            gnutls_credentials_set(*session, GNUTLS_CRD_PSK,
                                   (gnutls_psk_server_credentials_t) credentials);
            break;
        case GNUTLS_CLIENT:
            gnutls_credentials_set(*session, GNUTLS_CRD_PSK,
                                   (gnutls_psk_client_credentials_t) credentials);
            break;
    }

    return session;
}

示例#2

文件： resume.c 项目： Chronic-Dev/gnutls

static gnutls_session_t
initialize_tls_session (struct params_res *params)
{
  gnutls_session_t session;
  const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };

  gnutls_init (&session, GNUTLS_SERVER);

  /* avoid calling all the priority functions, since the defaults
   * are adequate.
   */
  gnutls_set_default_priority (session);
  gnutls_kx_set_priority (session, kx_prio);

  gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);

  gnutls_dh_set_prime_bits (session, DH_BITS);

  if (params->enable_db)
    {
      gnutls_db_set_retrieve_function (session, wrap_db_fetch);
      gnutls_db_set_remove_function (session, wrap_db_delete);
      gnutls_db_set_store_function (session, wrap_db_store);
      gnutls_db_set_ptr (session, NULL);
    }
#ifdef ENABLE_SESSION_TICKET
  if (params->enable_session_ticket_server)
    gnutls_session_ticket_enable_server (session, &session_ticket_key);
#endif

  return session;
}

示例#3

文件： ssl_gnutls.c 项目： shiplu/bitlbee

static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
{
	struct scd *conn = data;
	
	if( source == -1 )
	{
		conn->func( conn->data, 0, NULL, cond );
		g_free( conn );
		return FALSE;
	}
	
	ssl_init();
	
	gnutls_init( &conn->session, GNUTLS_CLIENT );
	if( conn->verify )
		gnutls_session_set_ptr( conn->session, (void *) conn->hostname );
#if GNUTLS_VERSION_NUMBER < 0x020c00
	gnutls_transport_set_lowat( conn->session, 0 );
#endif
	gnutls_set_default_priority( conn->session );
	gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, xcred );
	
	sock_make_nonblocking( conn->fd );
	gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) GNUTLS_STUPID_CAST conn->fd );
	
	return ssl_handshake( data, source, cond );
}

示例#4

文件： gnutlsif.cpp 项目： BackupTheBerlios/btg-svn

         bool gtlsServerData::initSession(gnutls_session_t & _session)
         {
            bool status = true;

            int ret = 0;

            // Create a session.
            ret = gnutls_init (&_session, GNUTLS_SERVER);
            if (ret < 0) { initialized_ = false; }
            // printerror("gnutls_init", ret);

            // Set the default priority.
            ret = gnutls_set_default_priority(_session);
            if (ret < 0) { initialized_ = false; }
            // printerror("gnutls_set_default_priority", ret);

            ret = gnutls_credentials_set(_session, GNUTLS_CRD_CERTIFICATE, gtlsglobalserverdata_->cert_cred);
            if (ret < 0) { initialized_ = false; }
            // printerror("gnutls_credentials_set", ret);

            gnutls_certificate_server_set_request(_session, GNUTLS_CERT_REQUEST);

            gnutls_dh_set_prime_bits(_session, gtlsGeneric::GNUTLSIF_DH_BITS);
            // GNUTLS_NOTICE("Created new TLS session with id = " << _session);

            return status;
         }

示例#5

文件： remote.c 项目： KevenChang/pacemaker

void *
crm_create_anon_tls_session(int csock, int type /* GNUTLS_SERVER, GNUTLS_CLIENT */ ,
                            void *credentials)
{
    gnutls_session_t *session = gnutls_malloc(sizeof(gnutls_session_t));

    gnutls_init(session, type);
#  ifdef HAVE_GNUTLS_PRIORITY_SET_DIRECT
/*      http://www.manpagez.com/info/gnutls/gnutls-2.10.4/gnutls_81.php#Echo-Server-with-anonymous-authentication */
    gnutls_priority_set_direct(*session, "NORMAL:+ANON-DH", NULL);
/*	gnutls_priority_set_direct (*session, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL); */
#  else
    gnutls_set_default_priority(*session);
    gnutls_kx_set_priority(*session, anon_tls_kx_order);
#  endif
    gnutls_transport_set_ptr(*session, (gnutls_transport_ptr_t) GINT_TO_POINTER(csock));
    switch (type) {
        case GNUTLS_SERVER:
            gnutls_credentials_set(*session, GNUTLS_CRD_ANON,
                                   (gnutls_anon_server_credentials_t) credentials);
            break;
        case GNUTLS_CLIENT:
            gnutls_credentials_set(*session, GNUTLS_CRD_ANON,
                                   (gnutls_anon_client_credentials_t) credentials);
            break;
    }

    return session;
}

示例#6

文件： server.c 项目： requiem-forasiem/librequiem

static gnutls_session new_tls_session(int sock)
{
        int ret;
        gnutls_session session;
        const int kx_priority[] = {
                GNUTLS_KX_ANON_DH,
#ifdef GNUTLS_SRP_ENABLED
                GNUTLS_KX_SRP, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP_RSA,
#endif
                0 };

        gnutls_init(&session, GNUTLS_SERVER);

        gnutls_set_default_priority(session);
        gnutls_kx_set_priority(session, kx_priority);

#ifdef GNUTLS_SRP_ENABLED
        gnutls_credentials_set(session, GNUTLS_CRD_SRP, srpcred);
        gnutls_certificate_server_set_request(session, GNUTLS_CERT_IGNORE);
#endif
        gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);

        gnutls_transport_set_ptr(session, fd_to_ptr(sock));
        gnutls_transport_set_pull_function(session, tls_pull);
        gnutls_transport_set_push_function(session, tls_push);

        ret = gnutls_handshake(session);
        if ( ret < 0 ) {
                fprintf(stderr, "GnuTLS handshake failed: %s.\n", gnutls_strerror(ret));
                gnutls_alert_send_appropriate(session, ret);
                return NULL;
        }

        return session;
}

示例#7

文件： tls_gnutls.c 项目： NikhilNJ/screenplay-dx

struct tls_connection * tls_connection_init(void *ssl_ctx)
{
	struct tls_connection *conn;
	const int cert_types[2] = { GNUTLS_CRT_X509, 0 };
	const int protos[2] = { GNUTLS_TLS1, 0 };


	conn = malloc(sizeof(*conn));
	if (conn == NULL)
		return NULL;
	memset(conn, 0, sizeof(*conn));
	if (gnutls_init(&conn->session, GNUTLS_CLIENT) < 0) {
		wpa_printf(MSG_INFO, "TLS: Failed to initialize new TLS "
			   "connection");
		free(conn);
		return NULL;
	}

	gnutls_set_default_priority(conn->session);
	gnutls_certificate_type_set_priority(conn->session, cert_types);
	gnutls_protocol_set_priority(conn->session, protos);

	gnutls_transport_set_pull_function(conn->session, tls_pull_func);
	gnutls_transport_set_push_function(conn->session, tls_push_func);
	gnutls_transport_set_ptr(conn->session, (gnutls_transport_ptr) conn);

	gnutls_certificate_allocate_credentials(&conn->xcred);

	return conn;
}

示例#8

文件： quorumd.c 项目： dhazen/heartbeat

gnutls_session
initialize_tls_session (int sd, char* CN)
{
	int ret;
	gnutls_session session;

	gnutls_init (&session, GNUTLS_SERVER);
	gnutls_set_default_priority (session);
	gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
	gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
	gnutls_dh_set_prime_bits (session, DH_BITS);
	gnutls_transport_set_ptr (session, (gnutls_transport_ptr) GINT_TO_POINTER(sd));
	ret = gnutls_handshake (session);
	if (ret < 0)
	{
		close (sd);
		gnutls_deinit (session);
		quorum_log(LOG_WARNING,"handshake failed");
		return NULL;
	}
	if (verify_certificate(session,CN) < 0) {
		return NULL;
	}
	return session;
}

示例#9

文件： resume.c 项目： uvbs/SupportCenter

gnutls_session_t
initialize_tls_session (void)
{
  gnutls_session_t session;
  const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };

  gnutls_init (&session, GNUTLS_SERVER);

  /* avoid calling all the priority functions, since the defaults
   * are adequate.
   */
  gnutls_set_default_priority (session);
  gnutls_kx_set_priority (session, kx_prio);

  gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);

  gnutls_dh_set_prime_bits (session, DH_BITS);

  if (TLS_SESSION_CACHE != 0)
    {
      gnutls_db_set_retrieve_function (session, wrap_db_fetch);
      gnutls_db_set_remove_function (session, wrap_db_delete);
      gnutls_db_set_store_function (session, wrap_db_store);
      gnutls_db_set_ptr (session, NULL);
    }

  return session;
}

示例#10

文件： gnutls.c 项目： azzurra/bluebox

void
rb_ssl_accept_setup(rb_fde_t *F, rb_fde_t *new_F, struct sockaddr *st, int addrlen)
{
    new_F->type |= RB_FD_SSL;
    new_F->ssl = rb_malloc(sizeof(gnutls_session_t));
    new_F->accept = rb_malloc(sizeof(struct acceptdata));

    new_F->accept->callback = F->accept->callback;
    new_F->accept->data = F->accept->data;
    rb_settimeout(new_F, 10, rb_ssl_timeout, NULL);
    memcpy(&new_F->accept->S, st, addrlen);
    new_F->accept->addrlen = addrlen;

    gnutls_init((gnutls_session_t *) new_F->ssl, GNUTLS_SERVER);
    gnutls_set_default_priority(SSL_P(new_F));
    gnutls_credentials_set(SSL_P(new_F), GNUTLS_CRD_CERTIFICATE, x509);
    gnutls_dh_set_prime_bits(SSL_P(new_F), 1024);
    gnutls_transport_set_ptr(SSL_P(new_F), (gnutls_transport_ptr_t) (long int)rb_get_fd(new_F));
    if (do_ssl_handshake(F, rb_ssl_tryaccept))
    {
        struct acceptdata *ad = F->accept;
        F->accept = NULL;
        ad->callback(F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data);
        rb_free(ad);
    }
}

示例#11

文件： gnutls.c 项目： azzurra/bluebox

static void
rb_ssl_tryconn(rb_fde_t *F, int status, void *data)
{
    struct ssl_connect *sconn = data;
    if (status != RB_OK)
    {
        rb_ssl_connect_realcb(F, status, sconn);
        return;
    }

    F->type |= RB_FD_SSL;


    rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
    F->ssl = rb_malloc(sizeof(gnutls_session_t));
    gnutls_init(F->ssl, GNUTLS_CLIENT);
    gnutls_set_default_priority(SSL_P(F));
    gnutls_dh_set_prime_bits(SSL_P(F), 1024);
    gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd);

    if (do_ssl_handshake(F, rb_ssl_tryconn_cb))
    {
        rb_ssl_connect_realcb(F, RB_OK, sconn);
    }
}

示例#12

文件： gnutls.c 项目： azzurra/bluebox

void
rb_ssl_start_connected(rb_fde_t *F, CNCB * callback, void *data, int timeout)
{
    struct ssl_connect *sconn;
    if (F == NULL)
        return;

    sconn = rb_malloc(sizeof(struct ssl_connect));
    sconn->data = data;
    sconn->callback = callback;
    sconn->timeout = timeout;
    F->connect = rb_malloc(sizeof(struct conndata));
    F->connect->callback = callback;
    F->connect->data = data;
    F->type |= RB_FD_SSL;
    F->ssl = rb_malloc(sizeof(gnutls_session_t));

    gnutls_init(F->ssl, GNUTLS_CLIENT);
    gnutls_set_default_priority(SSL_P(F));
    gnutls_dh_set_prime_bits(SSL_P(F), 1024);
    gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd);

    rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);

    if (do_ssl_handshake(F, rb_ssl_tryconn_cb))
    {
        rb_ssl_connect_realcb(F, RB_OK, sconn);
    }
}

示例#13

文件： gnutls.c 项目： azzurra/bluebox

void
rb_ssl_start_accepted(rb_fde_t *new_F, ACCB * cb, void *data, int timeout)
{
    gnutls_session_t *ssl;
    new_F->type |= RB_FD_SSL;
    ssl = new_F->ssl = rb_malloc(sizeof(gnutls_session_t));
    new_F->accept = rb_malloc(sizeof(struct acceptdata));

    new_F->accept->callback = cb;
    new_F->accept->data = data;
    rb_settimeout(new_F, timeout, rb_ssl_timeout, NULL);

    new_F->accept->addrlen = 0;

    gnutls_init(ssl, GNUTLS_SERVER);
    gnutls_set_default_priority(*ssl);
    gnutls_credentials_set(*ssl, GNUTLS_CRD_CERTIFICATE, x509);
    gnutls_dh_set_prime_bits(*ssl, 1024);
    gnutls_transport_set_ptr(*ssl, (gnutls_transport_ptr_t) (long int)new_F->fd);
    if (do_ssl_handshake(new_F, rb_ssl_tryaccept))
    {
        struct acceptdata *ad = new_F->accept;
        new_F->accept = NULL;
        ad->callback(new_F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data);
        rb_free(ad);
    }

}

示例#14

文件： netio.c 项目： vikcena01/whiteboard-over-network

void
network_client_init(int security_policy)
{
	security = malloc(sizeof(*security));
	int kx_prio[2];

	gnutls_global_init ();

	if (security_policy == CRED_ANON) {
		gnutls_anon_allocate_client_credentials(&(security->anoncred));
	}

    /* Initialize TLS session */
	gnutls_init(&(security->session), GNUTLS_CLIENT);
    /* Use default priorities */
    gnutls_set_default_priority(security->session);
	if (security_policy == CRED_ANON) {
		kx_prio[0] = GNUTLS_KX_ANON_DH;
		kx_prio[1] = 0;
		gnutls_kx_set_priority (security->session, kx_prio);
		/* Put the anonymous credentials to the current session */
		gnutls_credentials_set(security->session, GNUTLS_CRD_ANON,
							   security->anoncred);
	} else
        printf("Unknown credentials requested\n");
}

示例#15

文件： tlssocket.cpp 项目： idgaf/FileZilla3

bool CTlsSocket::Init()
{
	// This function initializes GnuTLS
	int res = gnutls_global_init();
	if (res)
	{
		LogError(res);
		return false;
	}
	m_initialized = true;

	res = gnutls_certificate_allocate_credentials(&m_certCredentials);
	if (res < 0)
	{
		LogError(res);
		Uninit();
		return false;
	}

	res = gnutls_init(&m_session, GNUTLS_CLIENT);
	if (res)
	{
		LogError(res);
		Uninit();
		return false;
	}

	res = gnutls_set_default_priority(m_session);
	if (res)
	{
		LogError(res);
		Uninit();
		return false;
	}
	
	// Set which type of certificates we accept
	const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
	gnutls_certificate_type_set_priority(m_session, cert_type_priority);
	if (res)
	{
		LogError(res);
		Uninit();
		return false;
	}

	gnutls_credentials_set(m_session, GNUTLS_CRD_CERTIFICATE, m_certCredentials);

	// Setup transport functions
	gnutls_transport_set_push_function(m_session, PushFunction);
	gnutls_transport_set_pull_function(m_session, PullFunction);
	gnutls_transport_set_ptr(m_session, (gnutls_transport_ptr_t)this);
	gnutls_transport_set_lowat(m_session, 0);

	m_shutdown_requested = false;

	// At this point, we can start shaking hands.

	return true;
}

示例#16

文件： gnutls.c 项目： db48x/wget-warc

bool
ssl_connect_wget (int fd)
{
  static const int cert_type_priority[] = {
    GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0
  };
  struct wgnutls_transport_context *ctx;
  gnutls_session session;
  int err;
  int allowed_protocols[4] = {0, 0, 0, 0};
  gnutls_init (&session, GNUTLS_CLIENT);
  gnutls_set_default_priority (session);
  gnutls_certificate_type_set_priority (session, cert_type_priority);
  gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials);
#ifndef FD_TO_SOCKET
# define FD_TO_SOCKET(X) (X)
#endif
  gnutls_transport_set_ptr (session, (gnutls_transport_ptr) FD_TO_SOCKET (fd));

  err = 0;
  switch (opt.secure_protocol)
    {
    case secure_protocol_auto:
      break;
    case secure_protocol_sslv2:
    case secure_protocol_sslv3:
      allowed_protocols[0] = GNUTLS_SSL3;
      err = gnutls_protocol_set_priority (session, allowed_protocols);
      break;
    case secure_protocol_tlsv1:
      allowed_protocols[0] = GNUTLS_TLS1_0;
      allowed_protocols[1] = GNUTLS_TLS1_1;
      allowed_protocols[2] = GNUTLS_TLS1_2;
      err = gnutls_protocol_set_priority (session, allowed_protocols);
      break;
    default:
      abort ();
    }
  if (err < 0)
    {
      logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
      gnutls_deinit (session);
      return false;
    }

  err = gnutls_handshake (session);
  if (err < 0)
    {
      logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
      gnutls_deinit (session);
      return false;
    }

  ctx = xnew0 (struct wgnutls_transport_context);
  ctx->session = session;
  fd_register_transport (fd, &wgnutls_transport, ctx);
  return true;
}

示例#17

文件： ssl-gnutls.c 项目： Lilitana/Pidgin

static void
ssl_gnutls_connect(PurpleSslConnection *gsc)
{
	PurpleSslGnutlsData *gnutls_data;
	static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };

	gnutls_data = g_new0(PurpleSslGnutlsData, 1);
	gsc->private_data = gnutls_data;

	gnutls_init(&gnutls_data->session, GNUTLS_CLIENT);
#ifdef HAVE_GNUTLS_PRIORITY_FUNCS
	{
		const char *prio_str = NULL;
		gboolean set = FALSE;

		/* Let's see if someone has specified a specific priority */
		if (gsc->host && host_priorities)
			prio_str = g_hash_table_lookup(host_priorities, gsc->host);

		if (prio_str)
			set = (GNUTLS_E_SUCCESS ==
					gnutls_priority_set_direct(gnutls_data->session, prio_str,
				                               NULL));

		if (!set)
			gnutls_priority_set(gnutls_data->session, default_priority);
	}
#else
	gnutls_set_default_priority(gnutls_data->session);
#endif

	gnutls_certificate_type_set_priority(gnutls_data->session,
		cert_type_priority);

	gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE,
		xcred);

	gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));

	gnutls_data->handshake_handler = purple_input_add(gsc->fd,
		PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);

	/* Orborde asks: Why are we configuring a callback, then
	   (almost) immediately calling it?

	   Answer: gnutls_handshake (up in handshake_cb) needs to be called
	   once in order to get the ball rolling on the SSL connection.
	   Once it has done so, only then will the server reply, triggering
	   the callback.

	   Since the logic driving gnutls_handshake is the same with the first
	   and subsequent calls, we'll just fire the callback immediately to
	   accomplish this.
	*/
	gnutls_data->handshake_timer = purple_timeout_add(0, start_handshake_cb,
	                                                  gsc);
}

示例#18

文件： tls_gnutls.c 项目： samm-git/e3372h-vendor-src

static int tls_gnutls_init_session(struct tls_global *global,
				   struct tls_connection *conn)
{
#if LIBGNUTLS_VERSION_NUMBER >= 0x020200
	const char *err;
#else /* LIBGNUTLS_VERSION_NUMBER >= 0x020200 */
	const int cert_types[2] = { GNUTLS_CRT_X509, 0 };
	const int protos[2] = { GNUTLS_TLS1, 0 };
#endif /* LIBGNUTLS_VERSION_NUMBER < 0x020200 */
	int ret;

	ret = gnutls_init(&conn->session,
			  global->server ? GNUTLS_SERVER : GNUTLS_CLIENT);
	if (ret < 0) {
		wpa_printf(MSG_INFO, "TLS: Failed to initialize new TLS "
			   "connection: %s", gnutls_strerror(ret));
		return -1;
	}

	ret = gnutls_set_default_priority(conn->session);
	if (ret < 0)
		goto fail;

#if LIBGNUTLS_VERSION_NUMBER >= 0x020200
	ret = gnutls_priority_set_direct(conn->session, "NORMAL:-VERS-SSL3.0",
					 &err);
	if (ret < 0) {
		wpa_printf(MSG_ERROR, "GnuTLS: Priority string failure at "
			   "'%s'", err);
		goto fail;
	}
#else /* LIBGNUTLS_VERSION_NUMBER >= 0x020200 */
	ret = gnutls_certificate_type_set_priority(conn->session, cert_types);
	if (ret < 0)
		goto fail;

	ret = gnutls_protocol_set_priority(conn->session, protos);
	if (ret < 0)
		goto fail;
#endif /* LIBGNUTLS_VERSION_NUMBER < 0x020200 */

	gnutls_transport_set_pull_function(conn->session, tls_pull_func);
	gnutls_transport_set_push_function(conn->session, tls_push_func);
	gnutls_transport_set_ptr(conn->session, (gnutls_transport_ptr) conn);

	return 0;

fail:
	wpa_printf(MSG_INFO, "TLS: Failed to setup new TLS connection: %s",
		   gnutls_strerror(ret));
	gnutls_deinit(conn->session);
	return -1;
}

示例#19

static gpointer
server_thread (gpointer user_data)
{
	int listener = GPOINTER_TO_INT (user_data), client;
	gnutls_certificate_credentials creds;
	gnutls_session_t session;
	struct sockaddr_in sin;
	int len;
	char buf[BUFSIZE];
	int status;

	gnutls_certificate_allocate_credentials (&creds);
	if (gnutls_certificate_set_x509_key_file (creds,
						  ssl_cert_file, ssl_key_file,
						  GNUTLS_X509_FMT_PEM) != 0) {
		g_error ("Failed to set SSL certificate and key files "
			 "(%s, %s).", ssl_cert_file, ssl_key_file);
	}
	gnutls_certificate_set_dh_params (creds, dh_params);

	/* Create a new session */
	gnutls_init (&session, GNUTLS_SERVER);
	gnutls_set_default_priority (session);
	gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, creds);
	gnutls_dh_set_prime_bits (session, DH_BITS);

	/* Wait for client thread to connect */
	len = sizeof (sin);
	client = accept (listener, (struct sockaddr *) &sin, (void *)&len);
	gnutls_transport_set_ptr (session, GINT_TO_POINTER (client));

	/* Initial handshake */
	status = gnutls_handshake (session);
	if (status < 0)
		g_error ("initial handshake failed: %d", status);

	/* Synchronous client test. */
	server_read (session, buf, BUFSIZE);
	server_write (session, buf, BUFSIZE);

	/* Async client test. */
	server_read (session, buf, BUFSIZE);
	server_write (session, buf, BUFSIZE);

	/* That's all, folks. */
	gnutls_bye (session, GNUTLS_SHUT_WR);
	gnutls_deinit (session);
	close (client);
	gnutls_certificate_free_credentials (creds);

	return NULL;
}

示例#20

文件： test.c 项目： jcaose/evcom

void anon_tls_server (evcom_stream *stream)
{
  gnutls_session_t session;
  stream->data = session;

  int r = gnutls_init(&session, GNUTLS_SERVER);
  assert(r == 0);
  gnutls_set_default_priority(session);
  gnutls_kx_set_priority (session, kx_prio);
  gnutls_credentials_set(session, GNUTLS_CRD_ANON, server_credentials);
  gnutls_dh_set_prime_bits(session, DH_BITS);

  evcom_stream_set_secure_session(stream, session);
}

示例#21

文件： conn-ssl.c 项目： briancollins/ngircd

static bool
ConnSSL_Init_SSL(CONNECTION *c)
{
	int ret;
	assert(c != NULL);
#ifdef HAVE_LIBSSL
	if (!ssl_ctx) {
		Log(LOG_ERR, "Cannot init ssl_ctx: OpenSSL initialization failed at startup");
		return false;
	}
	assert(c->ssl_state.ssl == NULL);

	c->ssl_state.ssl = SSL_new(ssl_ctx);
	if (!c->ssl_state.ssl) {
		LogOpenSSLError("SSL_new()", NULL);
		return false;
	}

	ret = SSL_set_fd(c->ssl_state.ssl, c->sock);
	if (ret != 1) {
		LogOpenSSLError("SSL_set_fd()", NULL);
		ConnSSL_Free(c);
		return false;
	}
#endif
#ifdef HAVE_LIBGNUTLS
	ret = gnutls_set_default_priority(c->ssl_state.gnutls_session);
	if (ret < 0) {
		Log(LOG_ERR, "gnutls_set_default_priority: %s", gnutls_strerror(ret));
		ConnSSL_Free(c);
		return false;
	}
	/*
	 * The intermediate (long) cast is here to avoid a warning like:
	 * "cast to pointer from integer of different size" on 64-bit platforms.
	 * There doesn't seem to be an alternate GNUTLS API we could use instead, see e.g.
	 * http://www.mail-archive.com/[email protected]/msg00286.html
	 */
	gnutls_transport_set_ptr(c->ssl_state.gnutls_session, (gnutls_transport_ptr_t) (long) c->sock);
	ret = gnutls_credentials_set(c->ssl_state.gnutls_session, GNUTLS_CRD_CERTIFICATE, x509_cred);
	if (ret < 0) {
		Log(LOG_ERR, "gnutls_credentials_set: %s", gnutls_strerror(ret));
		ConnSSL_Free(c);
		return false;
	}
	gnutls_dh_set_prime_bits(c->ssl_state.gnutls_session, DH_BITS_MIN);
#endif
	Conn_OPTION_ADD(c, CONN_SSL);
	return true;
}

示例#22

文件： gnutls.cpp 项目： mwuehrer/tntnet

  void GnuTlsStream::handshake(const GnuTlsServer& server)
  {
    log_debug("gnutls_init(session, GNUTLS_SERVER)");
    int ret = gnutls_init(&_session, GNUTLS_SERVER);
    if (ret != 0)
      throw GnuTlsException("gnutls_init", ret);

    log_debug("gnutls_set_default_priority");
    ret = gnutls_set_default_priority(_session);
    if (ret != 0)
      throw GnuTlsException("gnutls_set_default_priority", ret);

    log_debug("gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, "
      << server.getCred() << ')');
    ret = gnutls_credentials_set(_session, GNUTLS_CRD_CERTIFICATE, server.getCred());
    if (ret != 0)
      throw GnuTlsException("gnutls_credentials_set", ret);

    log_debug("gnutls_dh_set_prime_bits(session, 1024)");
    gnutls_dh_set_prime_bits(_session, 1024);

    _fdInfo.fd = getFd();
    _fdInfo.timeout = getTimeout();

    log_debug("gnutls_transport_set_ptr(ptr)");
    gnutls_transport_set_ptr(_session, static_cast<gnutls_transport_ptr_t>(&_fdInfo));

    log_debug("gnutls_transport_set_pull_function()");
    gnutls_transport_set_pull_function(_session, pull_func);

    log_debug("gnutls_transport_set_push_function()");
    gnutls_transport_set_push_function(_session, push_func);

    // non-blocking/with timeout

    _fdInfo.timeout = 10000;

    log_debug("gnutls_handshake");
    ret = gnutls_handshake(_session);
    log_debug("gnutls_handshake => " << ret);

    if (ret != 0)
      throw GnuTlsException("gnutls_handshake", ret);

    _connected = true;
    _fdInfo.timeout = getTimeout();

    log_debug("ssl-handshake was completed");
  }

示例#23

文件： gnutlsif.cpp 项目： BackupTheBerlios/btg-svn

         gtlsClientData::gtlsClientData(std::string const& _caFile,
                                        std::string const& _certFile,
                                        std::string const& _keyFile)
         {
            int ret = 0;

            gnutls_global_set_log_level(loglevel);
            gnutls_global_set_log_function(gtlsGeneric::logCallback);

            gnutls_certificate_allocate_credentials(&cred_);
            // GNUTLS_NOTICE("Allocted credentials");
            // Add the certificate authority used.
            // GNUTLS_NOTICE("Setting CA, file='" << _caFile << "'");
            ret = gnutls_certificate_set_x509_trust_file(cred_, _caFile.c_str(), GNUTLS_X509_FMT_PEM);
            // printerror("gnutls_certificate_set_x509_trust_file", ret);
            // GNUTLS_NOTICE("Processed " << ret << " certificates.");

            // Set the cert and private key.
            // Set the certificate and priate key pair.
            // GNUTLS_NOTICE("Setting certificate, file='" << _certFile << "'");
            // GNUTLS_NOTICE("Setting private key, file='" << _keyFile << "'");

            ret = gnutls_certificate_set_x509_key_file(cred_,
                                                       _certFile.c_str(),
                                                       _keyFile.c_str(),
                                                       GNUTLS_X509_FMT_PEM);
            // printerror("gnutls_certificate_set_x509_key_file", ret);

            // GNUTLS_NOTICE("Processed " << ret << " certificate/key pair(s).");

            ret = gnutls_init(&session_, GNUTLS_CLIENT);
            // printerror("gnutls_init", ret);

            ret = gnutls_set_default_priority(session_);
            // printerror("gnutls_set_default_priority", ret);

            gnutls_dh_set_prime_bits(session_, gtlsGeneric::GNUTLSIF_DH_BITS);

            const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };
            ret = gnutls_certificate_type_set_priority(session_,
                                                       cert_type_priority);
            // printerror("gnutls_certificate_type_set_priority", ret);

            ret = gnutls_credentials_set(session_,
                                         GNUTLS_CRD_CERTIFICATE,
                                         cred_);

            // printerror("gnutls_credentials_set", ret);
         }

示例#24

文件： test.c 项目： jcaose/evcom

void anon_tls_client (evcom_stream *stream)
{
  gnutls_session_t client_session;
  gnutls_anon_client_credentials_t client_credentials;

  gnutls_anon_allocate_client_credentials (&client_credentials);
  gnutls_init(&client_session, GNUTLS_CLIENT);
  gnutls_set_default_priority(client_session);
  gnutls_kx_set_priority(client_session, kx_prio);
  /* Need to enable anonymous KX specifically. */
  gnutls_credentials_set(client_session, GNUTLS_CRD_ANON, client_credentials);

  evcom_stream_set_secure_session(stream, client_session);
  assert(stream->flags & EVCOM_SECURE);
}

示例#25

文件： dhepskself.c 项目： Chronic-Dev/gnutls

static gnutls_session_t
initialize_tls_session (void)
{
  gnutls_session_t session;

  gnutls_init (&session, GNUTLS_SERVER);

  /* avoid calling all the priority functions, since the defaults
   * are adequate.
   */
  gnutls_set_default_priority (session);

  gnutls_credentials_set (session, GNUTLS_CRD_PSK, server_pskcred);

  return session;
}

示例#26

文件： ssl-gnutls.c 项目： asterIRC/Janus4Sporks

void ssl_init(struct sockifo* ifo, const char* key, const char* cert, const char* ca, int server) {
	int rv;
	rv = gnutls_certificate_allocate_credentials(&ifo->xcred);
	if (rv < 0) goto out_err;
	if (cert && *cert) {
		rv = gnutls_certificate_set_x509_key_file(ifo->xcred, cert, key, GNUTLS_X509_FMT_PEM);
		if (rv < 0) goto out_err_cred;
	}
	if (ca && *ca) {
		if (!access(ca, R_OK)) {
			ifo->state.ssl_verify_type = VERIFY_CA;
			rv = gnutls_certificate_set_x509_trust_file(ifo->xcred, ca, GNUTLS_X509_FMT_PEM);
			if (rv < 0) goto out_err_cred;
		} else {
			ifo->state.ssl_verify_type = VERIFY_FP;
			ifo->fingerprint = strdup(ca);
		}
	}
	gnutls_certificate_set_dh_params(ifo->xcred, dh_params);
	rv = gnutls_init(&ifo->ssl, server ? GNUTLS_SERVER : GNUTLS_CLIENT);
	if (rv < 0) goto out_err_cred;
	rv = gnutls_set_default_priority(ifo->ssl);
	if (rv < 0) goto out_err_all;
	rv = gnutls_credentials_set(ifo->ssl, GNUTLS_CRD_CERTIFICATE, ifo->xcred);
	if (rv < 0) goto out_err_all;

	if (server) {
		gnutls_dh_set_prime_bits(ifo->ssl, 1024);
		gnutls_certificate_server_set_request(ifo->ssl, GNUTLS_CERT_REQUEST);
	}

	gnutls_transport_set_ptr(ifo->ssl, (gnutls_transport_ptr_t)(long) ifo->fd);

	ifo->state.ssl = SSL_HSHK;
	if (!ifo->state.connpend)
		ssl_handshake(ifo);
	return;

out_err_all:
	gnutls_deinit(ifo->ssl);
out_err_cred:
	gnutls_certificate_free_credentials(ifo->xcred);
	if (ifo->fingerprint)
		free(ifo->fingerprint);
out_err:
	esock(ifo, gnutls_strerror(rv));
}

示例#27

文件： ebb.c 项目： bakins/libebb

void ebb_connection_start(ebb_connection *connection)
{
  ebb_server *server = connection->server;
  struct ev_loop *loop;

  if(!connection->loop) {
      connection->loop = server->loop;
  }
  loop  = connection->loop;
 
  /*Need thread safe session cache?*/
#ifdef HAVE_GNUTLS
  if(server->secure) {
    gnutls_init(&connection->session, GNUTLS_SERVER);
    gnutls_transport_set_lowat(connection->session, 0); 
    gnutls_set_default_priority(connection->session);
    gnutls_credentials_set(connection->session, GNUTLS_CRD_CERTIFICATE, connection->server->credentials);

    gnutls_transport_set_ptr(connection->session, (gnutls_transport_ptr) fd); 
    gnutls_transport_set_push_function(connection->session, nosigpipe_push);

    gnutls_db_set_ptr (connection->session, &server->session_cache);
    gnutls_db_set_store_function (connection->session, session_cache_store);
    gnutls_db_set_retrieve_function (connection->session, session_cache_retrieve);
    gnutls_db_set_remove_function (connection->session, session_cache_remove);
  }

  ev_io_set(&connection->handshake_watcher, connection->fd, EV_READ | EV_WRITE);
#endif /* HAVE_GNUTLS */

  /* Note: not starting the write watcher until there is data to be written */
  ev_io_set(&connection->write_watcher, connection->fd, EV_WRITE);
  ev_io_set(&connection->read_watcher, connection->fd, EV_READ);
  /* XXX: seperate error watcher? */

  ev_timer_again(loop, &connection->timeout_watcher);

#ifdef HAVE_GNUTLS
  if(server->secure) {
    ev_io_start(loop, &connection->handshake_watcher);
    return;
  }
#endif

  ev_io_start(loop, &connection->read_watcher);
}

示例#28

文件： server.c 项目： Prelude-SIEM/libprelude

static gnutls_session_t new_tls_session(int sock)
{
        int ret;
        gnutls_session_t session;
        const char *err;

#if defined LIBGNUTLS_VERSION_MAJOR && LIBGNUTLS_VERSION_MAJOR >= 3
# define TLS_DH_STR "+ANON-ECDH:+ANON-DH"
#else
# define TLS_DH_STR "+ANON-DH"
#endif

#ifdef GNUTLS_SRP_ENABLED
        const char *pstring = "NORMAL:+SRP:+SRP-DSS:+SRP-RSA:" TLS_DH_STR;
#else
        const char *pstring = "NORMAL:" TLS_DH_STR;
#endif

        gnutls_init(&session, GNUTLS_SERVER);
        gnutls_set_default_priority(session);

        ret = gnutls_priority_set_direct(session, pstring, &err);
        if (ret < 0) {
                fprintf(stderr, "TLS priority syntax error at: %s\n", err);
                return NULL;
        }

#ifdef GNUTLS_SRP_ENABLED
        gnutls_credentials_set(session, GNUTLS_CRD_SRP, srpcred);
        gnutls_certificate_server_set_request(session, GNUTLS_CERT_IGNORE);
#endif
        gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);

        gnutls_transport_set_ptr(session, fd_to_ptr(sock));
        gnutls_transport_set_pull_function(session, tls_pull);
        gnutls_transport_set_push_function(session, tls_push);

        ret = gnutls_handshake(session);
        if ( ret < 0 ) {
                fprintf(stderr, "GnuTLS handshake failed: %s.\n", gnutls_strerror(ret));
                gnutls_alert_send_appropriate(session, ret);
                return NULL;
        }

        return session;
}

示例#29

文件： danetool.c 项目： attilamolnar/gnutls

static int get_cert(socket_st *hd, const char *hostname, unsigned udp, int fd)
{
	gnutls_certificate_credentials_t xcred;
	gnutls_session_t session;
	int ret;
	struct priv_st priv;

	priv.found = 0;
	priv.fd = fd;

	ret = gnutls_certificate_allocate_credentials(&xcred);
	if (ret < 0) {
		fprintf(stderr, "error[%d]: %s\n", __LINE__,
			gnutls_strerror(ret));
		exit(1);
	}
	gnutls_certificate_set_verify_function(xcred, cert_callback);

	ret = gnutls_init(&session, (udp?GNUTLS_DATAGRAM:0)|GNUTLS_CLIENT);
	if (ret < 0) {
		fprintf(stderr, "error[%d]: %s\n", __LINE__,
			gnutls_strerror(ret));
		exit(1);
	}
	gnutls_session_set_ptr(session, &priv);
	gnutls_transport_set_int(session, hd->fd);

	gnutls_set_default_priority(session);
	if (hostname && is_ip(hostname)==0) {
		gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
	}
	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);

	do {
		ret = gnutls_handshake(session);
	} while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_WARNING_ALERT_RECEIVED);
	/* we don't care on the result */

	gnutls_deinit(session);
	gnutls_certificate_free_credentials(xcred);

	if (priv.found == 0)
		return -1;

	return 0;
}

示例#30

文件： ssl-gnutls.c 项目： bf4/pidgin-mac

static void
ssl_gnutls_connect(PurpleSslConnection *gsc)
{
	PurpleSslGnutlsData *gnutls_data;
	static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 };

	gnutls_data = g_new0(PurpleSslGnutlsData, 1);
	gsc->private_data = gnutls_data;

	gnutls_init(&gnutls_data->session, GNUTLS_CLIENT);
#ifdef HAVE_GNUTLS_PRIORITY_FUNCS
	if (gnutls_priority_set_direct(gnutls_data->session,
		                             "NORMAL:%SSL3_RECORD_VERSION", NULL))
		gnutls_priority_set_direct(gnutls_data->session, "NORMAL", NULL);
#else
	gnutls_set_default_priority(gnutls_data->session);
#endif

	gnutls_certificate_type_set_priority(gnutls_data->session,
		cert_type_priority);

	gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE,
		xcred);

	gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(gsc->fd));

	gnutls_data->handshake_handler = purple_input_add(gsc->fd,
		PURPLE_INPUT_READ, ssl_gnutls_handshake_cb, gsc);

	purple_debug_info("gnutls", "Starting handshake with %s\n", gsc->host);

	/* Orborde asks: Why are we configuring a callback, then
	   immediately calling it?

	   Answer: gnutls_handshake (up in handshake_cb) needs to be called
	   once in order to get the ball rolling on the SSL connection.
	   Once it has done so, only then will the server reply, triggering
	   the callback.

	   Since the logic driving gnutls_handshake is the same with the first
	   and subsequent calls, we'll just fire the callback immediately to
	   accomplish this.
	*/
	ssl_gnutls_handshake_cb(gsc, gsc->fd, PURPLE_INPUT_READ);
}