doc/examples/ex-serv1.c

   1 /* This example code is placed in the public domain. */
   2
   3 #ifdef HAVE_CONFIG_H
   4 #include <config.h>
   5 #endif
   6
   7 #include <stdio.h>
   8 #include <stdlib.h>
   9 #include <errno.h>
  10 #include <sys/types.h>
  11 #include <sys/socket.h>
  12 #include <arpa/inet.h>
  13 #include <netinet/in.h>
  14 #include <string.h>
  15 #include <unistd.h>
  16 #include <gnutls/gnutls.h>
  17
  18 #define KEYFILE "key.pem"
  19 #define CERTFILE "cert.pem"
  20 #define CAFILE "ca.pem"
  21 #define CRLFILE "crl.pem"
  22
  23 /* This is a sample TLS 1.0 echo server, using X.509 authentication.
  24  */
  25
  26
  27 #define SA struct sockaddr
  28 #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
  29 #define MAX_BUF 1024
  30 #define PORT 5556               /* listen to 5556 port */
  31 #define DH_BITS 1024
  32
  33 /* These are global */
  34 gnutls_certificate_credentials_t x509_cred;
  35 gnutls_priority_t priority_cache;
  36
  37 static gnutls_session_t
  38 initialize_tls_session (void)
  39 {
  40   gnutls_session_t session;
  41
  42   gnutls_init (&session, GNUTLS_SERVER);
  43
  44   gnutls_priority_set (session, priority_cache);
  45
  46   gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
  47
  48   /* request client certificate if any.
  49    */
  50   gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
  51
  52   /* Set maximum compatibility mode. This is only suggested on public webservers
  53    * that need to trade security for compatibility
  54    */
  55   gnutls_session_enable_compatibility_mode (session);
  56
  57   return session;
  58 }
  59
  60 static gnutls_dh_params_t dh_params;
  61
  62 static int
  63 generate_dh_params (void)
  64 {
  65
  66   /* Generate Diffie-Hellman parameters - for use with DHE
  67    * kx algorithms. When short bit length is used, it might
  68    * be wise to regenerate parameters.
  69    *
  70    * Check the ex-serv-export.c example for using static
  71    * parameters.
  72    */
  73   gnutls_dh_params_init (&dh_params);
  74   gnutls_dh_params_generate2 (dh_params, DH_BITS);
  75
  76   return 0;
  77 }
  78
  79 int
  80 main (void)
  81 {
  82   int err, listen_sd;
  83   int sd, ret;
  84   struct sockaddr_in sa_serv;
  85   struct sockaddr_in sa_cli;
  86   int client_len;
  87   char topbuf[512];
  88   gnutls_session_t session;
  89   char buffer[MAX_BUF + 1];
  90   int optval = 1;
  91
  92   /* this must be called once in the program
  93    */
  94   gnutls_global_init ();
  95
  96   gnutls_certificate_allocate_credentials (&x509_cred);
  97   gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
  98                                           GNUTLS_X509_FMT_PEM);
  99
 100   gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
 101                                         GNUTLS_X509_FMT_PEM);
 102
 103   gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
 104                                         GNUTLS_X509_FMT_PEM);
 105
 106   generate_dh_params ();
 107
 108   gnutls_priority_init (&priority_cache, "NORMAL", NULL);
 109
 110
 111   gnutls_certificate_set_dh_params (x509_cred, dh_params);
 112
 113   /* Socket operations
 114    */
 115   listen_sd = socket (AF_INET, SOCK_STREAM, 0);
 116   SOCKET_ERR (listen_sd, "socket");
 117
 118   memset (&sa_serv, '\0', sizeof (sa_serv));
 119   sa_serv.sin_family = AF_INET;
 120   sa_serv.sin_addr.s_addr = INADDR_ANY;
 121   sa_serv.sin_port = htons (PORT);      /* Server Port number */
 122
 123   setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
 124               sizeof (int));
 125
 126   err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
 127   SOCKET_ERR (err, "bind");
 128   err = listen (listen_sd, 1024);
 129   SOCKET_ERR (err, "listen");
 130
 131   printf ("Server ready. Listening to port '%d'.\n\n", PORT);
 132
 133   client_len = sizeof (sa_cli);
 134   for (;;)
 135     {
 136       session = initialize_tls_session ();
 137
 138       sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
 139
 140       printf ("- connection from %s, port %d\n",
 141               inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
 142                          sizeof (topbuf)), ntohs (sa_cli.sin_port));
 143
 144       gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
 145       ret = gnutls_handshake (session);
 146       if (ret < 0)
 147         {
 148           close (sd);
 149           gnutls_deinit (session);
 150           fprintf (stderr, "*** Handshake has failed (%s)\n\n",
 151                    gnutls_strerror (ret));
 152           continue;
 153         }
 154       printf ("- Handshake was completed\n");
 155
 156       /* see the Getting peer's information example */
 157       /* print_info(session); */
 158
 159       for (;;)
 160         {
 161           memset (buffer, 0, MAX_BUF + 1);
 162           ret = gnutls_record_recv (session, buffer, MAX_BUF);
 163
 164           if (ret == 0)
 165             {
 166               printf ("\n- Peer has closed the GnuTLS connection\n");
 167               break;
 168             }
 169           else if (ret < 0)
 170             {
 171               fprintf (stderr, "\n*** Received corrupted "
 172                        "data(%d). Closing the connection.\n\n", ret);
 173               break;
 174             }
 175           else if (ret > 0)
 176             {
 177               /* echo data back to the client
 178                */
 179               gnutls_record_send (session, buffer, strlen (buffer));
 180             }
 181         }
 182       printf ("\n");
 183       /* do not wait for the peer to close the connection.
 184        */
 185       gnutls_bye (session, GNUTLS_SHUT_WR);
 186
 187       close (sd);
 188       gnutls_deinit (session);
 189
 190     }
 191   close (listen_sd);
 192
 193   gnutls_certificate_free_credentials (x509_cred);
 194   gnutls_priority_deinit (priority_cache);
 195
 196   gnutls_global_deinit ();
 197
 198   return 0;
 199
 200 }