1 /* This example code is placed in the public domain. */
10 #include <sys/types.h>
11 #include <sys/socket.h>
12 #include <arpa/inet.h>
13 #include <netinet/in.h>
16 #include <gnutls/gnutls.h>
18 /* This is a sample TLS 1.0 echo server, for anonymous authentication only.
22 #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
24 #define PORT 5556 /* listen to 5556 port */
27 /* These are global */
28 gnutls_anon_server_credentials_t anoncred
;
30 static gnutls_session_t
31 initialize_tls_session (void)
33 gnutls_session_t session
;
35 gnutls_init (&session
, GNUTLS_SERVER
);
37 gnutls_priority_set_direct (session
, "NORMAL:+ANON-ECDH:+ANON-DH", NULL
);
39 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anoncred
);
41 gnutls_dh_set_prime_bits (session
, DH_BITS
);
46 static gnutls_dh_params_t dh_params
;
49 generate_dh_params (void)
52 /* Generate Diffie-Hellman parameters - for use with DHE
53 * kx algorithms. These should be discarded and regenerated
54 * once a day, once a week or once a month. Depending on the
55 * security requirements.
57 gnutls_dh_params_init (&dh_params
);
58 gnutls_dh_params_generate2 (dh_params
, DH_BITS
);
68 struct sockaddr_in sa_serv
;
69 struct sockaddr_in sa_cli
;
72 gnutls_session_t session
;
73 char buffer
[MAX_BUF
+ 1];
76 /* this must be called once in the program
78 gnutls_global_init ();
80 gnutls_anon_allocate_server_credentials (&anoncred
);
82 generate_dh_params ();
84 gnutls_anon_set_server_dh_params (anoncred
, dh_params
);
88 listen_sd
= socket (AF_INET
, SOCK_STREAM
, 0);
89 SOCKET_ERR (listen_sd
, "socket");
91 memset (&sa_serv
, '\0', sizeof (sa_serv
));
92 sa_serv
.sin_family
= AF_INET
;
93 sa_serv
.sin_addr
.s_addr
= INADDR_ANY
;
94 sa_serv
.sin_port
= htons (PORT
); /* Server Port number */
96 setsockopt (listen_sd
, SOL_SOCKET
, SO_REUSEADDR
, (void *) &optval
,
99 err
= bind (listen_sd
, (struct sockaddr
*) & sa_serv
, sizeof (sa_serv
));
100 SOCKET_ERR (err
, "bind");
101 err
= listen (listen_sd
, 1024);
102 SOCKET_ERR (err
, "listen");
104 printf ("Server ready. Listening to port '%d'.\n\n", PORT
);
106 client_len
= sizeof (sa_cli
);
109 session
= initialize_tls_session ();
111 sd
= accept (listen_sd
, (struct sockaddr
*) & sa_cli
, &client_len
);
113 printf ("- connection from %s, port %d\n",
114 inet_ntop (AF_INET
, &sa_cli
.sin_addr
, topbuf
,
115 sizeof (topbuf
)), ntohs (sa_cli
.sin_port
));
117 gnutls_transport_set_ptr (session
, (gnutls_transport_ptr_t
) ((ptrdiff_t) sd
));
121 ret
= gnutls_handshake (session
);
123 while (ret
< 0 && gnutls_error_is_fatal (ret
) == 0);
128 gnutls_deinit (session
);
129 fprintf (stderr
, "*** Handshake has failed (%s)\n\n",
130 gnutls_strerror (ret
));
133 printf ("- Handshake was completed\n");
135 /* see the Getting peer's information example */
136 /* print_info(session); */
140 memset (buffer
, 0, MAX_BUF
+ 1);
141 ret
= gnutls_record_recv (session
, buffer
, MAX_BUF
);
145 printf ("\n- Peer has closed the GnuTLS connection\n");
150 fprintf (stderr
, "\n*** Received corrupted "
151 "data(%d). Closing the connection.\n\n", ret
);
156 /* echo data back to the client
158 gnutls_record_send (session
, buffer
, strlen (buffer
));
162 /* do not wait for the peer to close the connection.
164 gnutls_bye (session
, GNUTLS_SHUT_WR
);
167 gnutls_deinit (session
);
172 gnutls_anon_free_server_credentials (anoncred
);
174 gnutls_global_deinit ();