1 /* This example code is placed in the public domain. */
10 #include <sys/types.h>
11 #include <sys/socket.h>
12 #include <arpa/inet.h>
13 #include <netinet/in.h>
16 #include <gnutls/gnutls.h>
18 #define KEYFILE "key.pem"
19 #define CERTFILE "cert.pem"
20 #define CAFILE "/etc/ssl/certs/ca-certificates.crt"
21 #define CRLFILE "crl.pem"
23 /* This is a sample TLS 1.0 echo server, using X.509 authentication.
27 #define PORT 5556 /* listen to 5556 port */
29 /* These are global */
30 gnutls_certificate_credentials_t x509_cred
;
31 gnutls_priority_t priority_cache
;
33 static gnutls_session_t
34 initialize_tls_session (void)
36 gnutls_session_t session
;
38 gnutls_init (&session
, GNUTLS_SERVER
);
40 gnutls_priority_set (session
, priority_cache
);
42 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, x509_cred
);
44 /* We don't request any certificate from the client.
45 * If we did we would need to verify it.
47 gnutls_certificate_server_set_request (session
, GNUTLS_CERT_IGNORE
);
52 static gnutls_dh_params_t dh_params
;
55 generate_dh_params (void)
57 int bits
= gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH
, GNUTLS_SEC_PARAM_LOW
);
59 /* Generate Diffie-Hellman parameters - for use with DHE
60 * kx algorithms. When short bit length is used, it might
61 * be wise to regenerate parameters often.
63 gnutls_dh_params_init (&dh_params
);
64 gnutls_dh_params_generate2 (dh_params
, bits
);
74 struct sockaddr_in sa_serv
;
75 struct sockaddr_in sa_cli
;
78 gnutls_session_t session
;
79 char buffer
[MAX_BUF
+ 1];
82 /* this must be called once in the program
84 gnutls_global_init ();
86 gnutls_certificate_allocate_credentials (&x509_cred
);
87 gnutls_certificate_set_x509_trust_file (x509_cred
, CAFILE
,
90 gnutls_certificate_set_x509_crl_file (x509_cred
, CRLFILE
,
93 ret
= gnutls_certificate_set_x509_key_file (x509_cred
, CERTFILE
, KEYFILE
,
97 printf("No certificate or key were found\n");
101 generate_dh_params ();
103 gnutls_priority_init (&priority_cache
, "PERFORMANCE:%SERVER_PRECEDENCE", NULL
);
106 gnutls_certificate_set_dh_params (x509_cred
, dh_params
);
110 listen_sd
= socket (AF_INET
, SOCK_STREAM
, 0);
112 memset (&sa_serv
, '\0', sizeof (sa_serv
));
113 sa_serv
.sin_family
= AF_INET
;
114 sa_serv
.sin_addr
.s_addr
= INADDR_ANY
;
115 sa_serv
.sin_port
= htons (PORT
); /* Server Port number */
117 setsockopt (listen_sd
, SOL_SOCKET
, SO_REUSEADDR
, (void *) &optval
,
120 bind (listen_sd
, (struct sockaddr
*) & sa_serv
, sizeof (sa_serv
));
122 listen (listen_sd
, 1024);
124 printf ("Server ready. Listening to port '%d'.\n\n", PORT
);
126 client_len
= sizeof (sa_cli
);
129 session
= initialize_tls_session ();
131 sd
= accept (listen_sd
, (struct sockaddr
*) & sa_cli
, &client_len
);
133 printf ("- connection from %s, port %d\n",
134 inet_ntop (AF_INET
, &sa_cli
.sin_addr
, topbuf
,
135 sizeof (topbuf
)), ntohs (sa_cli
.sin_port
));
137 gnutls_transport_set_ptr (session
, (gnutls_transport_ptr_t
) sd
);
141 ret
= gnutls_handshake (session
);
143 while (ret
< 0 && gnutls_error_is_fatal (ret
) == 0);
148 gnutls_deinit (session
);
149 fprintf (stderr
, "*** Handshake has failed (%s)\n\n",
150 gnutls_strerror (ret
));
153 printf ("- Handshake was completed\n");
155 /* see the Getting peer's information example */
156 /* print_info(session); */
160 memset (buffer
, 0, MAX_BUF
+ 1);
161 ret
= gnutls_record_recv (session
, buffer
, MAX_BUF
);
165 printf ("\n- Peer has closed the GnuTLS connection\n");
170 fprintf (stderr
, "\n*** Received corrupted "
171 "data(%d). Closing the connection.\n\n", ret
);
176 /* echo data back to the client
178 gnutls_record_send (session
, buffer
, strlen (buffer
));
182 /* do not wait for the peer to close the connection.
184 gnutls_bye (session
, GNUTLS_SHUT_WR
);
187 gnutls_deinit (session
);
192 gnutls_certificate_free_credentials (x509_cred
);
193 gnutls_priority_deinit (priority_cache
);
195 gnutls_global_deinit ();