void* connection_thread(void* arg) { int sd; gnutls_session_t session; pp_session_t ppsession; int ret; sd = (int)(long)arg; ret = initialize_tls_session(&session); if (ret != GNUTLS_E_SUCCESS) { fprintf(stderr, "Error initializing TLS session\n"); return (void *)(long)ret; } gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t)(long)sd); memset(&ppsession, '\0', sizeof(pp_session_t)); ppsession.cfg = &cfg; gnutls_session_set_ptr(session, &ppsession); ret = do_proxy(session); if (ret != GNUTLS_E_SUCCESS) fprintf(stderr, "- Proxy exited with failure\n"); close((int)(long)gnutls_transport_get_ptr(session)); gnutls_deinit(session); return 0; }
static void server (int fd, int wait) { int ret; gnutls_session_t session; gnutls_anon_server_credentials_t anoncred; /* this must be called once in the program */ global_init (); if (debug) { gnutls_global_set_log_function (server_log_func); gnutls_global_set_log_level (4711); } gnutls_anon_allocate_server_credentials (&anoncred); initialize_tls_session (&session); gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd); if (wait) sleep(25); else do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); gnutls_deinit (session); gnutls_anon_free_server_credentials(anoncred); gnutls_global_deinit(); }
static void server(int fd, int packet) { int ret; /* this must be called once in the program */ global_init(); if (debug) { gnutls_global_set_log_function(server_log_func); gnutls_global_set_log_level(4711); } gnutls_anon_allocate_server_credentials(&anoncred); session = initialize_tls_session(); counter = 0; packet_to_lose = packet; gnutls_transport_set_int(session, fd); gnutls_transport_set_push_function(session, push); do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); gnutls_deinit(session); gnutls_global_deinit(); if (ret < 0) { return; } }
static void server (int fd, const char* prio) { int ret; char buffer[MAX_BUF + 1]; gnutls_session_t session; /* this must be called once in the program */ gnutls_global_init (); memset(buffer, 0, sizeof(buffer)); if (debug) { gnutls_global_set_log_function (server_log_func); gnutls_global_set_log_level (4711); } gnutls_certificate_allocate_credentials (&x509_cred); gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key, GNUTLS_X509_FMT_PEM); gnutls_anon_allocate_server_credentials (&anoncred); session = initialize_tls_session (prio); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd); do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { close (fd); gnutls_deinit (session); fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret)); terminate(); } if (debug) success ("server: Handshake was completed\n"); if (debug) success ("server: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version (session))); close(fd); gnutls_deinit (session); gnutls_anon_free_server_credentials (anoncred); gnutls_certificate_free_credentials (x509_cred); gnutls_global_deinit (); if (debug) success ("server: finished\n"); }
void socket_thread_main(apr_thread_t *self, void *data) { int ret = 0; socket_thread_data_t *thread_data = (socket_thread_data_t*)data; gnutls_session_t session; apr_os_sock_t sock; if(tls_cert != NULL) { if(apr_os_sock_get(&sock, thread_data->socket) != APR_SUCCESS) { syslog(LOG_ERR, "Can't get raw socket for TLS use"); ret = -1; } else if((thread_data->tls_session=apr_pcalloc( thread_data->pool, sizeof(gnutls_session_t)))!=NULL) { session = initialize_tls_session (); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) (sock)); do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal (ret) == 0); if (ret < 0) { syslog(LOG_ERR, "handshake has failed (%s)\n\n", gnutls_strerror (ret)); } *(thread_data->tls_session) = session; } else { syslog(LOG_ERR, "memory allocation failure"); ret = -1; } } if(ret >= 0) { socket_thread_handle(thread_data); if(thread_data->tls_session != NULL) gnutls_bye(session, GNUTLS_SHUT_WR); } apr_socket_close(thread_data->socket); if(thread_data->tls_session != NULL) gnutls_deinit (session); apr_pool_destroy(thread_data->pool); syslog(LOG_INFO, "client connection closed"); }
gboolean on_listen(GIOChannel *ch, GIOCondition condition, gpointer data) { int ssock, csock; unsigned laddr; struct sockaddr_in addr; char buf[MAXMSG]; char CN[MAX_DN_LEN]; ssize_t len; gnutls_session session; struct hb_quorumd_fns *fns; if (condition & G_IO_IN) { /* accept the connection */ ssock = g_io_channel_unix_get_fd(ch); laddr = sizeof(addr); csock = accept(ssock, (struct sockaddr*)&addr, &laddr); if (csock == -1) { quorum_log(LOG_ERR, "%s accept socket failed", __FUNCTION__); return TRUE; } memset(CN, 0, MAX_DN_LEN); session = initialize_tls_session(csock, CN); if (session == NULL) { quorum_log(LOG_ERR, "%s tls handshake failed", __FUNCTION__); close(csock); return TRUE; } memset(buf,0,MAXMSG); len = gnutls_record_recv(session, buf, MAXMSG); if (len <= 0) { quorum_log(LOG_ERR, "can't get version info"); gnutls_bye (session, GNUTLS_SHUT_WR); gnutls_deinit (session); close(csock); return TRUE; } quorum_debug(LOG_DEBUG, "version:%s(%d)",buf,(int)len); fns = get_protocol(buf); if(fns != NULL) { fns->on_connect(csock,session,CN); } else { quorum_log(LOG_WARNING, "version %s is not supported", buf); gnutls_bye (session, GNUTLS_SHUT_WR); gnutls_deinit (session); close(csock); } } return TRUE; }
static int common_connect(socket_reference rReference, remote_connection sSocket, const struct sockaddr *aAddress, socklen_t lLength, bool sServer, const char *aActual) { gnutls_srp_client_credentials_t srp_client; if (!session_mutex.valid() || pthread_mutex_lock(session_mutex) < 0) return -1; sessions[rReference] = initialize_tls_session(sServer, srp_client, aAddress, lLength, aActual); gnutls_transport_set_ptr(sessions[rReference], (gnutls_transport_ptr_t) sSocket); socket_setup[sSocket] = true; gnutls_session_t session = sessions[rReference]; pthread_mutex_unlock(session_mutex); //NOTE: must be unlocked here if "from" and "to" are the same forwarder! int handshake = gnutls_handshake(session); if (handshake < 0) { client_log_output(logging_normal, "rsvx-tls:connect", gnutls_strerror(handshake)); gnutls_deinit(session); return -1; } if (!session_mutex.valid() || pthread_mutex_lock(session_mutex) < 0) return -1; socket_setup[sSocket] = false; pthread_mutex_unlock(session_mutex); return 0; }
int main (void) { int listen_sd; int sock, ret; struct sockaddr_in sa_serv; struct sockaddr_in cli_addr; socklen_t cli_addr_size; gnutls_session_t session; char buffer[MAX_BUFFER]; priv_data_st priv; gnutls_datum_t cookie_key; gnutls_dtls_prestate_st prestate; int mtu = 1400; unsigned char sequence[8]; /* this must be called once in the program */ gnutls_global_init (); gnutls_certificate_allocate_credentials (&x509_cred); gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE, GNUTLS_X509_FMT_PEM); ret = gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE, GNUTLS_X509_FMT_PEM); if (ret < 0) { printf("No certificate or key were found\n"); exit(1); } generate_dh_params (); gnutls_certificate_set_dh_params (x509_cred, dh_params); gnutls_priority_init (&priority_cache, "PERFORMANCE:-VERS-TLS-ALL:+VERS-DTLS1.0:%SERVER_PRECEDENCE", NULL); gnutls_key_generate (&cookie_key, GNUTLS_COOKIE_KEY_SIZE); /* Socket operations */ listen_sd = socket (AF_INET, SOCK_DGRAM, 0); memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); { /* DTLS requires the IP don't fragment (DF) bit to be set */ #if defined(IP_DONTFRAG) int optval = 1; setsockopt (listen_sd, IPPROTO_IP, IP_DONTFRAG, (const void *) &optval, sizeof (optval)); #elif defined(IP_MTU_DISCOVER) int optval = IP_PMTUDISC_DO; setsockopt(listen_sd, IPPROTO_IP, IP_MTU_DISCOVER, (const void*) &optval, sizeof (optval)); #endif } bind (listen_sd, (struct sockaddr *) &sa_serv, sizeof (sa_serv)); printf ("UDP server ready. Listening to port '%d'.\n\n", PORT); for (;;) { printf ("Waiting for connection...\n"); sock = wait_for_connection (listen_sd); if (sock < 0) continue; cli_addr_size = sizeof (cli_addr); ret = recvfrom (sock, buffer, sizeof (buffer), MSG_PEEK, (struct sockaddr *) &cli_addr, &cli_addr_size); if (ret > 0) { memset (&prestate, 0, sizeof (prestate)); ret = gnutls_dtls_cookie_verify (&cookie_key, &cli_addr, sizeof (cli_addr), buffer, ret, &prestate); if (ret < 0) /* cookie not valid */ { priv_data_st s; memset (&s, 0, sizeof (s)); s.fd = sock; s.cli_addr = (void *) &cli_addr; s.cli_addr_size = sizeof (cli_addr); printf ("Sending hello verify request to %s\n", human_addr ((struct sockaddr *) &cli_addr, sizeof (cli_addr), buffer, sizeof (buffer))); gnutls_dtls_cookie_send (&cookie_key, &cli_addr, sizeof (cli_addr), &prestate, (gnutls_transport_ptr_t) & s, push_func); /* discard peeked data */ recvfrom (sock, buffer, sizeof (buffer), 0, (struct sockaddr *) &cli_addr, &cli_addr_size); usleep (100); continue; } printf ("Accepted connection from %s\n", human_addr ((struct sockaddr *) &cli_addr, sizeof (cli_addr), buffer, sizeof (buffer))); } else continue; session = initialize_tls_session (); gnutls_dtls_prestate_set (session, &prestate); gnutls_dtls_set_mtu (session, mtu); priv.session = session; priv.fd = sock; priv.cli_addr = (struct sockaddr *) &cli_addr; priv.cli_addr_size = sizeof (cli_addr); gnutls_transport_set_ptr (session, &priv); gnutls_transport_set_push_function (session, push_func); gnutls_transport_set_pull_function (session, pull_func); gnutls_transport_set_pull_timeout_function (session, pull_timeout_func); do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal (ret) == 0); if (ret < 0) { fprintf (stderr, "Error in handshake(): %s\n", gnutls_strerror (ret)); gnutls_deinit (session); continue; } printf ("- Handshake was completed\n"); for (;;) { do { ret = gnutls_record_recv_seq (session, buffer, MAX_BUFFER, sequence); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); if (ret < 0) { fprintf (stderr, "Error in recv(): %s\n", gnutls_strerror (ret)); break; } if (ret == 0) { printf ("EOF\n\n"); break; } buffer[ret] = 0; printf ("received[%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x]: %s\n", sequence[0], sequence[1], sequence[2], sequence[3], sequence[4], sequence[5], sequence[6], sequence[7], buffer); /* reply back */ ret = gnutls_record_send (session, buffer, ret); if (ret < 0) { fprintf (stderr, "Error in send(): %s\n", gnutls_strerror (ret)); break; } } gnutls_bye (session, GNUTLS_SHUT_WR); gnutls_deinit (session); } close (listen_sd); gnutls_certificate_free_credentials (x509_cred); gnutls_priority_deinit (priority_cache); gnutls_global_deinit (); return 0; }
static void server (int fd, int server_init) { int ret, ret2; char buffer[MAX_BUF + 1]; gnutls_session_t session; gnutls_anon_server_credentials_t anoncred; /* this must be called once in the program */ gnutls_global_init (); if (debug) { gnutls_global_set_log_function (server_log_func); gnutls_global_set_log_level (4711); } gnutls_anon_allocate_server_credentials (&anoncred); session = initialize_tls_session (); gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd); do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal (ret) == 0); if (ret < 0) { close (fd); gnutls_deinit (session); fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret)); terminate (); } if (debug) success ("server: Handshake was completed\n"); if (debug) success ("server: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version (session))); /* see the Getting peer's information example */ /* print_info(session); */ if (server_init) { do { ret = gnutls_record_recv (session, buffer, sizeof (buffer)); if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) { if (debug) success ("Ping received. Replying with pong.\n"); ret2 = gnutls_heartbeat_pong (session, 0); if (ret2 < 0) { fail ("pong: %s\n", gnutls_strerror (ret)); terminate (); } } } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED); } else { do { ret = gnutls_heartbeat_ping (session, 256, 5, GNUTLS_HEARTBEAT_WAIT); if (debug) success ("Ping sent.\n"); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); if (ret < 0) { fail ("ping: %s\n", gnutls_strerror (ret)); terminate (); } } /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (fd); gnutls_deinit (session); gnutls_anon_free_server_credentials (anoncred); gnutls_global_deinit (); if (debug) success ("server: finished\n"); }
int main (void) { int err, listen_sd, i; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; int client_len; char topbuf[512]; gnutls_session_t session; char buffer[MAX_BUF + 1]; int optval = 1; /* to disallow usage of the blocking /dev/random */ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); /* this must be called once in the program */ gnutls_global_init (); gnutls_certificate_allocate_credentials (&x509_cred); gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE, GNUTLS_X509_FMT_PEM); gnutls_psk_allocate_server_credentials (&psk_cred); gnutls_psk_set_server_credentials_function (psk_cred, pskfunc); generate_dh_params (); gnutls_priority_init (&priority_cache, "NORMAL:PSK", NULL); gnutls_certificate_set_dh_params (x509_cred, dh_params); /* Socket operations */ listen_sd = socket (AF_INET, SOCK_STREAM, 0); SOCKET_ERR (listen_sd, "socket"); memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); err = listen (listen_sd, 1024); SOCKET_ERR (err, "listen"); printf ("Server ready. Listening to port '%d'.\n\n", PORT); client_len = sizeof (sa_cli); for (;;) { session = initialize_tls_session (); sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fprintf (stderr, "*** Handshake has failed (%s)\n\n", gnutls_strerror (ret)); continue; } printf ("- Handshake was completed\n"); /* see the Getting peer's information example */ /* print_info(session); */ i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { printf ("\n- Peer has closed the GNUTLS connection\n"); break; } else if (ret < 0) { fprintf (stderr, "\n*** Received corrupted " "data(%d). Closing the connection.\n\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send (session, buffer, strlen (buffer)); } } printf ("\n"); /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (sd); gnutls_deinit (session); } close (listen_sd); gnutls_certificate_free_credentials (x509_cred); gnutls_psk_free_server_credentials (psk_cred); gnutls_priority_deinit (priority_cache); gnutls_global_deinit (); return 0; }
static void server(int sd) { /* this must be called once in the program */ global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); gnutls_certificate_allocate_credentials(&x509_cred); gnutls_certificate_set_x509_trust_mem(x509_cred, &ca, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, &server_key, GNUTLS_X509_FMT_PEM); if (debug) success("Launched, generating DH parameters...\n"); generate_dh_params(); gnutls_certificate_set_dh_params(x509_cred, dh_params); session = initialize_tls_session(); gnutls_transport_set_int(session, sd); ret = gnutls_handshake(session); if (ret < 0) { close(sd); gnutls_deinit(session); fail("server: Handshake has failed (%s)\n\n", gnutls_strerror(ret)); return; } if (debug) { success("server: Handshake was completed\n"); success("server: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version(session))); } /* see the Getting peer's information example */ if (debug) print_info(session); for (;;) { memset(buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv(session, buffer, MAX_BUF); if (ret == 0) { if (debug) success ("server: Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { fail("server: Received corrupted data(%d). Closing...\n", ret); break; } else if (ret > 0) { gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUEST); if (debug) success ("server: got data, forcing rehandshake.\n"); ret = gnutls_rehandshake(session); if (ret < 0) { fail("server: rehandshake failed\n"); gnutls_perror(ret); break; } ret = gnutls_handshake(session); if (ret < 0) { fail("server: (re)handshake failed\n"); gnutls_perror(ret); break; } if (debug) success("server: rehandshake complete.\n"); /* echo data back to the client */ gnutls_record_send(session, buffer, strlen(buffer)); } } /* do not wait for the peer to close the connection. */ gnutls_bye(session, GNUTLS_SHUT_WR); close(sd); gnutls_deinit(session); gnutls_certificate_free_credentials(x509_cred); gnutls_dh_params_deinit(dh_params); gnutls_global_deinit(); if (debug) success("server: finished\n"); }
static void server(int sds[]) { int j; /* this must be called once in the program */ global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(5); if (debug) success("Launched, setting DH parameters...\n"); generate_dh_params(); for (j = 0; j < SESSIONS; j++) { int sd = sds[j]; if (j == 0) { gnutls_certificate_allocate_credentials(&pgp_cred); ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &server_crt, &server_key, "auto", GNUTLS_OPENPGP_FMT_BASE64); } else { gnutls_certificate_free_credentials(pgp_cred); gnutls_certificate_allocate_credentials(&pgp_cred); ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &cert2048, &key2048, "auto", GNUTLS_OPENPGP_FMT_BASE64); } if (ret < 0) { fail("Could not set server key files...\n"); goto end; } gnutls_certificate_set_dh_params(pgp_cred, dh_params); session = initialize_tls_session(); gnutls_transport_set_int(session, sd); ret = gnutls_handshake(session); if (ret < 0) { close(sd); gnutls_deinit(session); fail("server: Handshake %d has failed (%s)\n\n", j, gnutls_strerror(ret)); goto end; } if (debug) success("server: Handshake %d was completed\n", j); if (debug) success("server: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version(session))); /* see the Getting peer's information example */ if (debug) print_info(session); for (;;) { memset(buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv(session, buffer, MAX_BUF); if (ret == 0) { if (debug) success ("server: Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { fail("server: Received corrupted data(%d). Closing...\n", ret); goto end; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send(session, buffer, strlen(buffer)); } } /* do not wait for the peer to close the connection. */ gnutls_bye(session, GNUTLS_SHUT_WR); close(sd); gnutls_deinit(session); } end: gnutls_certificate_free_credentials(pgp_cred); gnutls_dh_params_deinit(dh_params); gnutls_global_deinit(); if (debug) success("server: finished\n"); }
gboolean connect_quorum_server(gpointer data) { struct sockaddr_in addr; struct ha_msg* msg = NULL; struct ha_msg* ret = NULL; const char* version = "2_0_8"; struct hostent* hp; int quorum; size_t len; char* s = NULL; char buf[MAXMSG]; cl_log(LOG_DEBUG, "quorum plugin: quorumd, connect_quorum_server"); /* initialize gnutls */ initialize_tls_global(); /* create socket */ sock=socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); if (sock == -1 ) { return FALSE; } /* connect to server*/ memset(&addr, 0, sizeof(addr)); addr.sin_family = AF_INET; hp = gethostbyname(quorum_server); if (hp == NULL) { return FALSE; } memcpy(&addr.sin_addr, hp->h_addr_list[0], sizeof(struct in_addr)); addr.sin_port = htons(5561); if (connect(sock, (struct sockaddr *) &addr, sizeof(addr)) == -1) { return FALSE; } session = initialize_tls_session(sock); if (session == NULL) { close(sock); session = NULL; return FALSE; } /* send the version */ gnutls_record_send(session, version, strlen(version)+1); /* send initialize msg */ msg = ha_msg_new(10); ha_msg_add(msg, "t","init"); ha_msg_add(msg, "cl_name", cluster); s = msg2wirefmt(msg, &len); gnutls_record_send(session, s, len); free(s); len = gnutls_record_recv(session, buf, MAXMSG); if ((ssize_t)len <=0) { close(sock); session = NULL; return FALSE; } ret = wirefmt2msg(buf, len, FALSE); if (STRNCMP_CONST(ha_msg_value(ret, "result"), "ok") != 0) { close(sock); session = NULL; return FALSE; } if (ha_msg_value_int(ret, "interval", &interval)!= HA_OK) { close(sock); session = NULL; return FALSE; } ha_msg_del(ret); ha_msg_del(msg); /* send quorum query msg */ msg = ha_msg_new(10); ha_msg_add(msg, "t","quorum"); ha_msg_add_int(msg, "nodenum", nodenum); ha_msg_add_int(msg, "weight", weight); s = msg2wirefmt(msg, &len); gnutls_record_send(session, s, len); free(s); len = gnutls_record_recv(session, buf, MAXMSG); ret = wirefmt2msg(buf, len, FALSE); ha_msg_value_int(ret, "quorum", &quorum); LOG(LOG_DEBUG,"quorum:%d\n", quorum); cur_quorum = quorum; ha_msg_del(ret); ha_msg_del(msg); /* set the repeatly query */ repeat_timer = g_timeout_add(interval, query_quorum, NULL); return FALSE; }
int main (void) { /* * Variable init */ int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; int client_len; char topbuf[512]; gnutls_session_t session; int optval = 1; /* * SSL TLS utility init * This will add the certificate files properly * to the TLS session we are about to create. */ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); gnutls_global_init (); gnutls_certificate_allocate_credentials (&x509_cred); gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE, GNUTLS_X509_FMT_PEM); gnutls_psk_allocate_server_credentials (&psk_cred); gnutls_psk_set_server_credentials_function (psk_cred, pskfunc); generate_dh_params (); gnutls_priority_init (&priority_cache, "NORMAL:PSK", NULL); gnutls_certificate_set_dh_params (x509_cred, dh_params); /* * Web server socket stuff */ listen_sd = socket (AF_INET, SOCK_STREAM, 0); SOCKET_ERR (listen_sd, "socket"); memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); err = listen (listen_sd, 1024); SOCKET_ERR (err, "listen"); /* * Listening for clients this will SSLize * the incoming connection by properly doing the "handshake" */ client_len = sizeof (sa_cli); for (;;) { session = initialize_tls_session (); sd = accept(listen_sd, (SA *) & sa_cli, &client_len); pid_t pid = fork(); if (pid == 0) break; else continue; } printf ("Connection received from %s:%d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fprintf (stderr, "\tSSL handshake failed!\n\tError: %s\n\n", gnutls_strerror(ret)); } printf ("\tSSL handshake successful!\n"); /* * Send it for processing */ process_request(session); printf ("\n"); /* * Closing connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); // close (sd); gnutls_deinit (session); /* * Properly closing the TLS connection * we created to the web server. */ close (listen_sd); gnutls_certificate_free_credentials (x509_cred); gnutls_psk_free_server_credentials (psk_cred); gnutls_priority_deinit (priority_cache); gnutls_global_deinit (); return 0; }
static void server (struct params_res *params) { size_t t; /* this must be called once in the program, it is mostly for the server. */ if (debug) { gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (2); } gnutls_global_init (); gnutls_anon_allocate_server_credentials (&anoncred); if (debug) success ("Launched, generating DH parameters...\n"); generate_dh_params (); gnutls_anon_set_server_dh_params (anoncred, dh_params); if (params->enable_db) { wrap_db_init (); } #ifdef ENABLE_SESSION_TICKET if (params->enable_session_ticket_server) gnutls_session_ticket_key_generate (&session_ticket_key); #endif for (t = 0; t < 2; t++) { client_len = sizeof (sa_cli); session = initialize_tls_session (params); sd = accept (listen_sd, (SA *) & sa_cli, &client_len); if (debug) success ("server: connection from %s, port %d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret)); return; } if (debug) success ("server: Handshake was completed\n"); /* see the Getting peer's information example */ /* print_info(session); */ i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { if (debug) success ("server: Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { fail ("server: Received corrupted data(%d). Closing...\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send (session, buffer, strlen (buffer)); } } /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (sd); gnutls_deinit (session); } close (listen_sd); if (params->enable_db) { wrap_db_deinit (); } gnutls_free (session_ticket_key.data); session_ticket_key.data = NULL; if (debug) success ("server: finished\n"); }
static void server (void) { /* this must be called once in the program */ gnutls_global_init (); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (4711); generate_dh_params (); gnutls_psk_allocate_server_credentials (&server_pskcred); gnutls_psk_set_server_credentials_function (server_pskcred, pskfunc); gnutls_psk_set_server_dh_params (server_pskcred, dh_params); client_len = sizeof (sa_cli); session = initialize_tls_session (); sd = accept (listen_sd, (SA *) & sa_cli, &client_len); if (debug) success ("server: connection from %s, port %d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret)); return; } if (debug) success ("server: Handshake was completed\n"); /* see the Getting peer's information example */ /* print_info(session); */ i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { if (debug) success ("server: Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { fail ("server: Received corrupted data(%d). Closing...\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send (session, buffer, strlen (buffer)); } } /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (sd); gnutls_deinit (session); close (listen_sd); gnutls_psk_free_server_credentials (server_pskcred); gnutls_dh_params_deinit (dh_params); gnutls_global_deinit (); if (debug) success ("server: finished\n"); }
int main (void) { int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; int client_len; char topbuf[512]; gnutls_session_t session; char buffer[MAX_BUF + 1]; int optval = 1; char name[256]; strcpy (name, "Echo Server"); /* these must be called once in the program */ gnutls_global_init (); gnutls_global_init_extra (); /* for SRP */ /* SRP_PASSWD a password file (created with the included srptool utility) */ gnutls_srp_allocate_server_credentials (&srp_cred); gnutls_srp_set_server_credentials_file (srp_cred, SRP_PASSWD, SRP_PASSWD_CONF); gnutls_certificate_allocate_credentials (&cert_cred); gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE, KEYFILE, GNUTLS_X509_FMT_PEM); /* TCP socket operations */ listen_sd = socket (AF_INET, SOCK_STREAM, 0); SOCKET_ERR (listen_sd, "socket"); memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); err = listen (listen_sd, 1024); SOCKET_ERR (err, "listen"); printf ("%s ready. Listening to port '%d'.\n\n", name, PORT); client_len = sizeof (sa_cli); for (;;) { session = initialize_tls_session (); sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fprintf (stderr, "*** Handshake has failed (%s)\n\n", gnutls_strerror (ret)); continue; } printf ("- Handshake was completed\n"); /* print_info(session); */ for (;;) { memset (buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { printf ("\n- Peer has closed the GNUTLS connection\n"); break; } else if (ret < 0) { fprintf (stderr, "\n*** Received corrupted " "data(%d). Closing the connection.\n\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send (session, buffer, strlen (buffer)); } } printf ("\n"); /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (sd); gnutls_deinit (session); } close (listen_sd); gnutls_srp_free_server_credentials (srp_cred); gnutls_certificate_free_credentials (cert_cred); gnutls_global_deinit (); return 0; }
int main (void) { int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; int client_len; char topbuf[512]; gnutls_session_t session; char buffer[MAX_BUF + 1]; int optval = 1; /* this must be called once in the program */ gnutls_global_init (); gnutls_anon_allocate_server_credentials (&anoncred); generate_dh_params (); gnutls_anon_set_server_dh_params (anoncred, dh_params); /* Socket operations */ listen_sd = socket (AF_INET, SOCK_STREAM, 0); SOCKET_ERR (listen_sd, "socket"); memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); err = listen (listen_sd, 1024); SOCKET_ERR (err, "listen"); printf ("Server ready. Listening to port '%d'.\n\n", PORT); client_len = sizeof (sa_cli); for (;;) { session = initialize_tls_session (); sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fprintf (stderr, "*** Handshake has failed (%s)\n\n", gnutls_strerror (ret)); continue; } printf ("- Handshake was completed\n"); /* see the Getting peer's information example */ /* print_info(session); */ for (;;) { memset (buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { printf ("\n- Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { fprintf (stderr, "\n*** Received corrupted " "data(%d). Closing the connection.\n\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send (session, buffer, strlen (buffer)); } } printf ("\n"); /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (sd); gnutls_deinit (session); } close (listen_sd); gnutls_anon_free_server_credentials (anoncred); gnutls_global_deinit (); return 0; }
void server (void) { client_len = sizeof (sa_cli); session = initialize_tls_session (); sd = accept (listen_sd, (SA *) & sa_cli, &client_len); success ("server: connection from %s, port %d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret)); return; } success ("server: Handshake was completed\n"); success ("server: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version (session))); /* see the Getting peer's information example */ print_info(session); i = 0; for (;;) { bzero (buffer, MAX_BUF + 1); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { success ("server: Peer has closed the GNUTLS connection\n"); break; } else if (ret < 0) { fail ("server: Received corrupted data(%d). Closing...\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send (session, buffer, strlen (buffer)); } } /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (sd); gnutls_deinit (session); close (listen_sd); gnutls_certificate_free_credentials (x509_cred); gnutls_global_deinit (); success ("server: finished\n"); }
static void server (int fd, int server_init) { int ret; char buffer[MAX_BUF + 1]; /* this must be called once in the program */ global_init (); if (debug) { gnutls_global_set_log_function (server_log_func); gnutls_global_set_log_level (4711); } gnutls_anon_allocate_server_credentials (&anoncred); session = initialize_tls_session (); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd); gnutls_transport_set_push_function (session, push); do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { close (fd); gnutls_deinit (session); fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret)); terminate(); } if (debug) success ("server: Handshake was completed\n"); if (debug) success ("server: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version (session))); /* see the Getting peer's information example */ /* print_info(session); */ if (server_init) { if (debug) success("server: Sending dummy packet\n"); ret = gnutls_rehandshake(session); if (ret < 0) { fail ("gnutls_rehandshake: %s\n", gnutls_strerror(ret)); terminate(); } if (debug) success("server: Initiating rehandshake\n"); do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) { fail ("server: 2nd gnutls_handshake: %s\n", gnutls_strerror(ret)); terminate(); } } for (;;) { memset (buffer, 0, MAX_BUF + 1); do { ret = gnutls_record_recv (session, buffer, MAX_BUF); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); if (ret == 0) { if (debug) success ("server: Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { if (!server_init && ret == GNUTLS_E_REHANDSHAKE) { if (debug) success("Initiating rehandshake due to client request\n"); do { ret = gnutls_handshake (session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret == 0) break; } fail ("server: Received corrupted data(%s). Closing...\n", gnutls_strerror(ret)); terminate(); } else if (ret > 0) { /* echo data back to the client */ do { ret = gnutls_record_send (session, buffer, strlen (buffer)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); } } /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (fd); gnutls_deinit (session); gnutls_anon_free_server_credentials (anoncred); gnutls_global_deinit (); if (debug) success ("server: finished\n"); }