X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=hcconn_ssl.c;h=1277207919cc7cf288aa83b9ca03d17cf2cd39a5;hb=268611d2bf7a824189cd6a8f3f492847a55ec785;hp=d4fa465b34863d2713b3dc95b3417300e57717ed;hpb=430215be2a18ee1cf703532e9490e80ddec45420;p=cascardo%2Frnetproxy.git diff --git a/hcconn_ssl.c b/hcconn_ssl.c index d4fa465..1277207 100644 --- a/hcconn_ssl.c +++ b/hcconn_ssl.c @@ -33,18 +33,64 @@ struct ssl_data gpointer lowconn; }; -static struct ssl_data * -ssl_data_new (void) +#define DH_BITS 1024 +void * +hc_conn_ssl_server_init_credentials (char *certfile, char *keyfile) +{ + static int initialized = 0; + static gnutls_certificate_credentials_t cred; + gnutls_dh_params_t dh_params; + if (initialized) + return cred; + gnutls_dh_params_init (&dh_params); + gnutls_dh_params_generate2 (dh_params, DH_BITS); + gnutls_certificate_allocate_credentials (&cred); + gnutls_certificate_set_x509_key_file (cred, certfile, keyfile, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params (cred, dh_params); + initialized = 1; + return cred; +} + +static void * +ssl_server_get_credentials(void) +{ + return hc_conn_ssl_server_init_credentials (NULL, NULL); +} + +static void +ssl_server_session_new (gnutls_session_t *session) +{ + static void *cred; + cred = ssl_server_get_credentials (); + gnutls_init (session, GNUTLS_SERVER); + gnutls_priority_set_direct (*session, "NORMAL", NULL); + gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, cred); + gnutls_dh_set_prime_bits (*session, DH_BITS); +} +#undef DH_BITS + +static void +ssl_client_session_new (gnutls_session_t *session) { - struct ssl_data *ssl; int kx_prio[] = {GNUTLS_KX_RSA, 0}; gnutls_certificate_credentials cred; gnutls_certificate_allocate_credentials (&cred); + gnutls_init (session, GNUTLS_CLIENT); + gnutls_set_default_priority (*session); + gnutls_kx_set_priority (*session, kx_prio); + gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, cred); +} + +static struct ssl_data * +ssl_data_new (int server) +{ + struct ssl_data *ssl; ssl = g_slice_new (struct ssl_data); - gnutls_init (&ssl->session, GNUTLS_CLIENT); - gnutls_set_default_priority (ssl->session); - gnutls_kx_set_priority (ssl->session, kx_prio); - gnutls_credentials_set (ssl->session, GNUTLS_CRD_CERTIFICATE, cred); + if (server) + ssl_server_session_new (&ssl->session); + else + ssl_client_session_new (&ssl->session); ssl->buffer = g_string_sized_new (4096); ssl->handshaking = FALSE; return ssl; @@ -177,10 +223,13 @@ hc_conn_ssl_watch (HCConn *conn, HCEvent event, gpointer data) } } -void -hc_conn_set_driver_ssl (HCConn *conn, HCConn *lowconn) +static int +hc_conn_set_driver_ssl (HCConn *conn, HCConn *lowconn, int server) { - struct ssl_data *ssl = ssl_data_new (); + struct ssl_data *ssl; + ssl = ssl_data_new (server); + if (ssl == NULL) + return -1; ssl->lowconn = lowconn; conn->layer = ssl; conn->read = hc_conn_ssl_read; @@ -188,4 +237,17 @@ hc_conn_set_driver_ssl (HCConn *conn, HCConn *lowconn) conn->close = hc_conn_ssl_close; hc_conn_set_callback (lowconn, hc_conn_ssl_watch, conn); ssl_server_connect (conn); + return 0; +} + +int +hc_conn_set_driver_ssl_client (HCConn *conn, HCConn *lowconn) +{ + return hc_conn_set_driver_ssl (conn, lowconn, 0); +} + +int +hc_conn_set_driver_ssl_server (HCConn *conn, HCConn *lowconn) +{ + return hc_conn_set_driver_ssl (conn, lowconn, 1); }