search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync with TP.
[gnutls.git] / doc / examples / ex-serv1.c
blob6dd8164ef5bcbb0973873c706bd6b656ca9492df
1 /* This example code is placed in the public domain. */
2
3 #ifdef HAVE_CONFIG_H
4 # include <config.h>
5 #endif
6
7 #include <stdio.h>
8 #include <stdlib.h>
9 #include <errno.h>
10 #include <sys/types.h>
11 #include <sys/socket.h>
12 #include <arpa/inet.h>
13 #include <netinet/in.h>
14 #include <string.h>
15 #include <unistd.h>
16 #include <gnutls/gnutls.h>
17 #include <gcrypt.h> /* for gcry_control */
18
19 #define KEYFILE "key.pem"
20 #define CERTFILE "cert.pem"
21 #define CAFILE "ca.pem"
22 #define CRLFILE "crl.pem"
23
24 /* This is a sample TLS 1.0 echo server, using X.509 authentication.
25 */
26
27
28 #define SA struct sockaddr
29 #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
30 #define MAX_BUF 1024
31 #define PORT 5556 /* listen to 5556 port */
32 #define DH_BITS 1024
33
34 /* These are global */
35 gnutls_certificate_credentials_t x509_cred;
36 gnutls_priority_t priority_cache;
37
38 static gnutls_session_t
39 initialize_tls_session (void)
40 {
41 gnutls_session_t session;
42
43 gnutls_init (&session, GNUTLS_SERVER);
44
45 gnutls_priority_set (session, priority_cache);
46
47 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
48
49 /* request client certificate if any.
50 */
51 gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
52
53 /* Set maximum compatibility mode. This is only suggested on public webservers
54 * that need to trade security for compatibility
55 */
56 gnutls_session_enable_compatibility_mode (session);
57
58 return session;
59 }
60
61 static gnutls_dh_params_t dh_params;
62
63 static int
64 generate_dh_params (void)
65 {
66
67 /* Generate Diffie-Hellman parameters - for use with DHE
68 * kx algorithms. When short bit length is used, it might
69 * be wise to regenerate parameters.
70 *
71 * Check the ex-serv-export.c example for using static
72 * parameters.
73 */
74 gnutls_dh_params_init (&dh_params);
75 gnutls_dh_params_generate2 (dh_params, DH_BITS);
76
77 return 0;
78 }
79
80 int
81 main (void)
82 {
83 int err, listen_sd;
84 int sd, ret;
85 struct sockaddr_in sa_serv;
86 struct sockaddr_in sa_cli;
87 int client_len;
88 char topbuf[512];
89 gnutls_session_t session;
90 char buffer[MAX_BUF + 1];
91 int optval = 1;
92
93 /* to disallow usage of the blocking /dev/random
94 */
95 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
96
97 /* this must be called once in the program
98 */
99 gnutls_global_init ();
100
101 gnutls_certificate_allocate_credentials (&x509_cred);
102 gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
103 GNUTLS_X509_FMT_PEM);
104
105 gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
106 GNUTLS_X509_FMT_PEM);
107
108 gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
109 GNUTLS_X509_FMT_PEM);
110
111 generate_dh_params ();
112
113 gnutls_priority_init (&priority_cache, "NORMAL", NULL);
114
115
116 gnutls_certificate_set_dh_params (x509_cred, dh_params);
117
118 /* Socket operations
119 */
120 listen_sd = socket (AF_INET, SOCK_STREAM, 0);
121 SOCKET_ERR (listen_sd, "socket");
122
123 memset (&sa_serv, '\0', sizeof (sa_serv));
124 sa_serv.sin_family = AF_INET;
125 sa_serv.sin_addr.s_addr = INADDR_ANY;
126 sa_serv.sin_port = htons (PORT); /* Server Port number */
127
128 setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int));
129
130 err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
131 SOCKET_ERR (err, "bind");
132 err = listen (listen_sd, 1024);
133 SOCKET_ERR (err, "listen");
134
135 printf ("Server ready. Listening to port '%d'.\n\n", PORT);
136
137 client_len = sizeof (sa_cli);
138 for (;;)
139 {
140 session = initialize_tls_session ();
141
142 sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
143
144 printf ("- connection from %s, port %d\n",
145 inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
146 sizeof (topbuf)), ntohs (sa_cli.sin_port));
147
148 gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
149 ret = gnutls_handshake (session);
150 if (ret < 0)
151 {
152 close (sd);
153 gnutls_deinit (session);
154 fprintf (stderr, "*** Handshake has failed (%s)\n\n",
155 gnutls_strerror (ret));
156 continue;
157 }
158 printf ("- Handshake was completed\n");
159
160 /* see the Getting peer's information example */
161 /* print_info(session); */
162
163 for (;;)
164 {
165 memset (buffer, 0, MAX_BUF + 1);
166 ret = gnutls_record_recv (session, buffer, MAX_BUF);
167
168 if (ret == 0)
169 {
170 printf ("\n- Peer has closed the GNUTLS connection\n");
171 break;
172 }
173 else if (ret < 0)
174 {
175 fprintf (stderr, "\n*** Received corrupted "
176 "data(%d). Closing the connection.\n\n", ret);
177 break;
178 }
179 else if (ret > 0)
180 {
181 /* echo data back to the client
182 */
183 gnutls_record_send (session, buffer, strlen (buffer));
184 }
185 }
186 printf ("\n");
187 /* do not wait for the peer to close the connection.
188 */
189 gnutls_bye (session, GNUTLS_SHUT_WR);
190
191 close (sd);
192 gnutls_deinit (session);
193
194 }
195 close (listen_sd);
196
197 gnutls_certificate_free_credentials (x509_cred);
198 gnutls_priority_deinit (priority_cache);
199
200 gnutls_global_deinit ();
201
202 return 0;
203
204 }
Implementation of the SSL/TLS protocol