1 /* This example code is placed in the public domain. */
10 #include <sys/types.h>
11 #include <sys/socket.h>
12 #include <arpa/inet.h>
13 #include <netinet/in.h>
16 #include <gnutls/gnutls.h>
18 #define KEYFILE "key.pem"
19 #define CERTFILE "cert.pem"
20 #define CAFILE "/etc/ssl/certs/ca-certificates.crt"
21 #define CRLFILE "crl.pem"
23 /* This is a sample TLS 1.0 echo server, using X.509 authentication.
27 #define PORT 5556 /* listen to 5556 port */
29 /* These are global */
30 gnutls_certificate_credentials_t x509_cred
;
31 gnutls_priority_t priority_cache
;
33 static gnutls_session_t
34 initialize_tls_session (void)
36 gnutls_session_t session
;
38 gnutls_init (&session
, GNUTLS_SERVER
);
40 gnutls_priority_set (session
, priority_cache
);
42 gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, x509_cred
);
44 /* We don't request any certificate from the client.
45 * If we did we would need to verify it.
47 gnutls_certificate_server_set_request (session
, GNUTLS_CERT_IGNORE
);
52 static gnutls_dh_params_t dh_params
;
55 generate_dh_params (void)
57 int bits
= gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH
, GNUTLS_SEC_PARAM_LOW
);
59 /* Generate Diffie-Hellman parameters - for use with DHE
60 * kx algorithms. When short bit length is used, it might
61 * be wise to regenerate parameters often.
63 gnutls_dh_params_init (&dh_params
);
64 gnutls_dh_params_generate2 (dh_params
, bits
);
74 struct sockaddr_in sa_serv
;
75 struct sockaddr_in sa_cli
;
78 gnutls_session_t session
;
79 char buffer
[MAX_BUF
+ 1];
82 /* this must be called once in the program
84 gnutls_global_init ();
86 gnutls_certificate_allocate_credentials (&x509_cred
);
87 /* gnutls_certificate_set_x509_system_trust(xcred); */
88 gnutls_certificate_set_x509_trust_file (x509_cred
, CAFILE
,
91 gnutls_certificate_set_x509_crl_file (x509_cred
, CRLFILE
,
94 ret
= gnutls_certificate_set_x509_key_file (x509_cred
, CERTFILE
, KEYFILE
,
98 printf("No certificate or key were found\n");
102 generate_dh_params ();
104 gnutls_priority_init (&priority_cache
, "PERFORMANCE:%SERVER_PRECEDENCE", NULL
);
107 gnutls_certificate_set_dh_params (x509_cred
, dh_params
);
111 listen_sd
= socket (AF_INET
, SOCK_STREAM
, 0);
113 memset (&sa_serv
, '\0', sizeof (sa_serv
));
114 sa_serv
.sin_family
= AF_INET
;
115 sa_serv
.sin_addr
.s_addr
= INADDR_ANY
;
116 sa_serv
.sin_port
= htons (PORT
); /* Server Port number */
118 setsockopt (listen_sd
, SOL_SOCKET
, SO_REUSEADDR
, (void *) &optval
,
121 bind (listen_sd
, (struct sockaddr
*) & sa_serv
, sizeof (sa_serv
));
123 listen (listen_sd
, 1024);
125 printf ("Server ready. Listening to port '%d'.\n\n", PORT
);
127 client_len
= sizeof (sa_cli
);
130 session
= initialize_tls_session ();
132 sd
= accept (listen_sd
, (struct sockaddr
*) & sa_cli
, &client_len
);
134 printf ("- connection from %s, port %d\n",
135 inet_ntop (AF_INET
, &sa_cli
.sin_addr
, topbuf
,
136 sizeof (topbuf
)), ntohs (sa_cli
.sin_port
));
138 gnutls_transport_set_ptr (session
, (gnutls_transport_ptr_t
) sd
);
142 ret
= gnutls_handshake (session
);
144 while (ret
< 0 && gnutls_error_is_fatal (ret
) == 0);
149 gnutls_deinit (session
);
150 fprintf (stderr
, "*** Handshake has failed (%s)\n\n",
151 gnutls_strerror (ret
));
154 printf ("- Handshake was completed\n");
156 /* see the Getting peer's information example */
157 /* print_info(session); */
161 memset (buffer
, 0, MAX_BUF
+ 1);
162 ret
= gnutls_record_recv (session
, buffer
, MAX_BUF
);
166 printf ("\n- Peer has closed the GnuTLS connection\n");
171 fprintf (stderr
, "\n*** Received corrupted "
172 "data(%d). Closing the connection.\n\n", ret
);
177 /* echo data back to the client
179 gnutls_record_send (session
, buffer
, strlen (buffer
));
183 /* do not wait for the peer to close the connection.
185 gnutls_bye (session
, GNUTLS_SHUT_WR
);
188 gnutls_deinit (session
);
193 gnutls_certificate_free_credentials (x509_cred
);
194 gnutls_priority_deinit (priority_cache
);
196 gnutls_global_deinit ();