src/tls.c

   1 /* vim:tw=78:ts=8:sw=4:set ft=c:  */
   2 /*
   3     Copyright (C) 2008 Ben Kibbey <bjk@luxsci.net>
   4
   5     This program is free software; you can redistribute it and/or modify
   6     it under the terms of the GNU General Public License as published by
   7     the Free Software Foundation; either version 2 of the License, or
   8     (at your option) any later version.
   9
  10     This program is distributed in the hope that it will be useful,
  11     but WITHOUT ANY WARRANTY; without even the implied warranty of
  12     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13     GNU General Public License for more details.
  14
  15     You should have received a copy of the GNU General Public License
  16     along with this program; if not, write to the Free Software
  17     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02110-1301  USA
  18 */
  19 #include <glib.h>
  20 #include <glib/gprintf.h>
  21 #include <gnutls/x509.h>
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include <config.h>
  25 #endif
  26
  27 #ifndef MEM_DEBUG
  28 #include "mem.h"
  29 #endif
  30
  31 #include "tls.h"
  32 #include "common.h"
  33
  34 struct tls_s *tls_init(gint fd)
  35 {
  36     struct tls_s *tls = g_malloc0(sizeof(struct tls_s));
  37     gint ret;
  38     guint status;
  39     const gchar *prio_error;
  40
  41     if (!tls) {
  42         log_write("%s(%i): %s: %s", __FILE__, __LINE__, __FUNCTION__,
  43                 strerror(ENOMEM));
  44         return NULL;
  45     }
  46
  47     ret = gnutls_init(&tls->ses, GNUTLS_SERVER);
  48
  49     if (ret != GNUTLS_E_SUCCESS)
  50         goto fail;
  51
  52     ret = gnutls_priority_set_direct(tls->ses, "SECURE256", &prio_error);
  53
  54     if (ret != GNUTLS_E_SUCCESS)
  55         goto fail;
  56
  57     ret = gnutls_credentials_set(tls->ses, GNUTLS_CRD_CERTIFICATE, x509_cred);
  58
  59     if (ret != GNUTLS_E_SUCCESS)
  60         goto fail;
  61
  62     gnutls_certificate_server_set_request(tls->ses, GNUTLS_CERT_REQUIRE);
  63     gnutls_transport_set_ptr(tls->ses, (gnutls_transport_ptr_t)fd);
  64     ret = gnutls_handshake(tls->ses);
  65
  66     if (ret != GNUTLS_E_SUCCESS)
  67         goto fail;
  68
  69     ret = gnutls_certificate_verify_peers2(tls->ses, &status);
  70
  71     if (ret)
  72         goto fail;
  73
  74     return tls;
  75
  76 fail:
  77     log_write("%s", gnutls_strerror(ret));
  78     gnutls_deinit(tls->ses);
  79     g_free(tls);
  80     return NULL;
  81 }
  82
  83 /* From the documentation. */
  84 gint tls_get_params(gnutls_session_t ses, gnutls_params_type_t type,
  85         gnutls_params_st *st)
  86 {
  87     if (type == GNUTLS_PARAMS_RSA_EXPORT)
  88         st->params.rsa_export = rsa_params;
  89     else if (type == GNUTLS_PARAMS_DH)
  90         st->params.dh = dh_params;
  91     else
  92         return -1;
  93
  94     st->type = type;
  95     st->deinit = 0;
  96     return 0;
  97 }
  98
  99 void tls_log(gint level, const char *msg)
 100 {
 101     log_write("TLS: %i: %s", level, msg);
 102 }