1 /* This example code is placed in the public domain. */
10 #include <sys/types.h>
11 #include <sys/socket.h>
12 #include <arpa/inet.h>
13 #include <netinet/in.h>
16 #include <gnutls/gnutls.h>
17 #include <gcrypt.h> /* for gcry_control */
19 #define KEYFILE "key.pem"
20 #define CERTFILE "cert.pem"
21 #define CAFILE "ca.pem"
22 #define CRLFILE "crl.pem"
24 /* This is a sample TLS 1.0 echo server, using X.509 authentication.
28 #define SA struct sockaddr
29 #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
31 #define PORT 5556 /* listen to 5556 port */
34 /* These are global */
35 gnutls_certificate_credentials_t x509_cred
;
36 gnutls_priority_t priority_cache
;
38 static gnutls_session_t
39 initialize_tls_session (void)
41 gnutls_session_t session
;
43 gnutls_init (&session
, GNUTLS_SERVER
);
45 gnutls_priority_set (session
, priority_cache
);
47 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, x509_cred
);
49 /* request client certificate if any.
51 gnutls_certificate_server_set_request (session
, GNUTLS_CERT_REQUEST
);
53 /* Set maximum compatibility mode. This is only suggested on public webservers
54 * that need to trade security for compatibility
56 gnutls_session_enable_compatibility_mode (session
);
61 static gnutls_dh_params_t dh_params
;
64 generate_dh_params (void)
67 /* Generate Diffie-Hellman parameters - for use with DHE
68 * kx algorithms. When short bit length is used, it might
69 * be wise to regenerate parameters.
71 * Check the ex-serv-export.c example for using static
74 gnutls_dh_params_init (&dh_params
);
75 gnutls_dh_params_generate2 (dh_params
, DH_BITS
);
85 struct sockaddr_in sa_serv
;
86 struct sockaddr_in sa_cli
;
89 gnutls_session_t session
;
90 char buffer
[MAX_BUF
+ 1];
93 /* to disallow usage of the blocking /dev/random
95 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM
, 0);
97 /* this must be called once in the program
99 gnutls_global_init ();
101 gnutls_certificate_allocate_credentials (&x509_cred
);
102 gnutls_certificate_set_x509_trust_file (x509_cred
, CAFILE
,
103 GNUTLS_X509_FMT_PEM
);
105 gnutls_certificate_set_x509_crl_file (x509_cred
, CRLFILE
,
106 GNUTLS_X509_FMT_PEM
);
108 gnutls_certificate_set_x509_key_file (x509_cred
, CERTFILE
, KEYFILE
,
109 GNUTLS_X509_FMT_PEM
);
111 generate_dh_params ();
113 gnutls_priority_init (&priority_cache
, "NORMAL", NULL
);
116 gnutls_certificate_set_dh_params (x509_cred
, dh_params
);
120 listen_sd
= socket (AF_INET
, SOCK_STREAM
, 0);
121 SOCKET_ERR (listen_sd
, "socket");
123 memset (&sa_serv
, '\0', sizeof (sa_serv
));
124 sa_serv
.sin_family
= AF_INET
;
125 sa_serv
.sin_addr
.s_addr
= INADDR_ANY
;
126 sa_serv
.sin_port
= htons (PORT
); /* Server Port number */
128 setsockopt (listen_sd
, SOL_SOCKET
, SO_REUSEADDR
, (void *) &optval
, sizeof (int));
130 err
= bind (listen_sd
, (SA
*) & sa_serv
, sizeof (sa_serv
));
131 SOCKET_ERR (err
, "bind");
132 err
= listen (listen_sd
, 1024);
133 SOCKET_ERR (err
, "listen");
135 printf ("Server ready. Listening to port '%d'.\n\n", PORT
);
137 client_len
= sizeof (sa_cli
);
140 session
= initialize_tls_session ();
142 sd
= accept (listen_sd
, (SA
*) & sa_cli
, &client_len
);
144 printf ("- connection from %s, port %d\n",
145 inet_ntop (AF_INET
, &sa_cli
.sin_addr
, topbuf
,
146 sizeof (topbuf
)), ntohs (sa_cli
.sin_port
));
148 gnutls_transport_set_ptr (session
, (gnutls_transport_ptr_t
) sd
);
149 ret
= gnutls_handshake (session
);
153 gnutls_deinit (session
);
154 fprintf (stderr
, "*** Handshake has failed (%s)\n\n",
155 gnutls_strerror (ret
));
158 printf ("- Handshake was completed\n");
160 /* see the Getting peer's information example */
161 /* print_info(session); */
165 memset (buffer
, 0, MAX_BUF
+ 1);
166 ret
= gnutls_record_recv (session
, buffer
, MAX_BUF
);
170 printf ("\n- Peer has closed the GNUTLS connection\n");
175 fprintf (stderr
, "\n*** Received corrupted "
176 "data(%d). Closing the connection.\n\n", ret
);
181 /* echo data back to the client
183 gnutls_record_send (session
, buffer
, strlen (buffer
));
187 /* do not wait for the peer to close the connection.
189 gnutls_bye (session
, GNUTLS_SHUT_WR
);
192 gnutls_deinit (session
);
197 gnutls_certificate_free_credentials (x509_cred
);
198 gnutls_priority_deinit (priority_cache
);
200 gnutls_global_deinit ();