1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
3 Copyright (C) 2008 Ben Kibbey <bjk@luxsci.net>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
20 #include <glib/gprintf.h>
21 #include <gnutls/x509.h>
34 struct tls_s
*tls_init(gint fd
)
36 struct tls_s
*tls
= g_malloc0(sizeof(struct tls_s
));
39 const gchar
*prio_error
;
42 log_write("%s(%i): %s: %s", __FILE__
, __LINE__
, __FUNCTION__
,
47 ret
= gnutls_init(&tls
->ses
, GNUTLS_SERVER
);
49 if (ret
!= GNUTLS_E_SUCCESS
)
52 ret
= gnutls_priority_set_direct(tls
->ses
, "SECURE256", &prio_error
);
54 if (ret
!= GNUTLS_E_SUCCESS
)
57 ret
= gnutls_credentials_set(tls
->ses
, GNUTLS_CRD_CERTIFICATE
, x509_cred
);
59 if (ret
!= GNUTLS_E_SUCCESS
)
62 gnutls_certificate_server_set_request(tls
->ses
, GNUTLS_CERT_REQUIRE
);
63 gnutls_transport_set_ptr(tls
->ses
, (gnutls_transport_ptr_t
)fd
);
64 ret
= gnutls_handshake(tls
->ses
);
66 if (ret
!= GNUTLS_E_SUCCESS
)
69 ret
= gnutls_certificate_verify_peers2(tls
->ses
, &status
);
77 log_write("%s", gnutls_strerror(ret
));
78 gnutls_deinit(tls
->ses
);
83 /* From the documentation. */
84 gint
tls_get_params(gnutls_session_t ses
, gnutls_params_type_t type
,
87 if (type
== GNUTLS_PARAMS_RSA_EXPORT
)
88 st
->params
.rsa_export
= rsa_params
;
89 else if (type
== GNUTLS_PARAMS_DH
)
90 st
->params
.dh
= dh_params
;
99 void tls_log(gint level
, const char *msg
)
101 log_write("TLS: %i: %s", level
, msg
);