X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=hcconn_ssl.c;h=aaf8037257167ae315592801d1f08e7d358972ac;hb=420d54ee44ea5495b62e3539df67b9bc3bffba99;hp=cdcca97e57816fd8b3e06ba16b17328a2a31edb1;hpb=278f50268f5f20e285c08cb8a2b55462331c36bb;p=cascardo%2Frnetproxy.git diff --git a/hcconn_ssl.c b/hcconn_ssl.c index cdcca97..aaf8037 100644 --- a/hcconn_ssl.c +++ b/hcconn_ssl.c @@ -30,34 +30,43 @@ struct ssl_data gnutls_session_t session; GString *buffer; gboolean handshaking; + gboolean failed; gpointer lowconn; }; #define DH_BITS 1024 -static gnutls_anon_server_credentials_t -ssl_server_get_credentials (void) +void * +hc_conn_ssl_server_init_credentials (char *certfile, char *keyfile) { static int initialized = 0; - static gnutls_anon_server_credentials_t cred; + static gnutls_certificate_credentials_t cred; gnutls_dh_params_t dh_params; if (initialized) return cred; gnutls_dh_params_init (&dh_params); gnutls_dh_params_generate2 (dh_params, DH_BITS); - gnutls_anon_allocate_server_credentials (&cred); - gnutls_anon_set_server_dh_params (cred, dh_params); + gnutls_certificate_allocate_credentials (&cred); + gnutls_certificate_set_x509_key_file (cred, certfile, keyfile, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params (cred, dh_params); initialized = 1; return cred; } +static void * +ssl_server_get_credentials(void) +{ + return hc_conn_ssl_server_init_credentials (NULL, NULL); +} + static void ssl_server_session_new (gnutls_session_t *session) { - static gnutls_anon_server_credentials_t cred; + static void *cred; cred = ssl_server_get_credentials (); gnutls_init (session, GNUTLS_SERVER); - gnutls_priority_set_direct (*session, "NORMAL:+ANON-DH", NULL); - gnutls_credentials_set (*session, GNUTLS_CRD_ANON, cred); + gnutls_set_default_priority (*session); + gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, cred); gnutls_dh_set_prime_bits (*session, DH_BITS); } #undef DH_BITS @@ -85,6 +94,7 @@ ssl_data_new (int server) ssl_client_session_new (&ssl->session); ssl->buffer = g_string_sized_new (4096); ssl->handshaking = FALSE; + ssl->failed = FALSE; return ssl; } @@ -130,25 +140,31 @@ ssl_pull (gnutls_transport_ptr_t ptr, void *buffer, size_t len) } if (r == 0) { - gnutls_transport_set_errno (ssl->session, EAGAIN); + errno = (EAGAIN); return -1; } return r; } static void -ssl_server_handshake (struct ssl_data *ssl) +ssl_server_handshake (HCConn *conn) { + struct ssl_data *ssl = conn->layer; int error; if ((error = gnutls_handshake (ssl->session)) < 0) { if (gnutls_error_is_fatal (error)) - g_critical ("Fatal error while doing TLS handshaking: %s\n", - gnutls_strerror (error)); + { + g_critical ("Fatal error while doing TLS handshaking: %s\n", + gnutls_strerror (error)); + ssl->failed = TRUE; + } } else { ssl->handshaking = FALSE; + if (conn->func) + conn->func (conn, HC_EVENT_CONNECT, conn->data); } } @@ -160,7 +176,7 @@ ssl_server_connect (HCConn *conn) gnutls_transport_set_push_function (ssl->session, ssl_push); gnutls_transport_set_pull_function (ssl->session, ssl_pull); ssl->handshaking = TRUE; - ssl_server_handshake (ssl); + ssl_server_handshake (conn); } static void @@ -201,7 +217,10 @@ hc_conn_ssl_watch (HCConn *conn, HCEvent event, gpointer data) case HC_EVENT_READ: if (ssl->handshaking) { - ssl_server_handshake (ssl); + ssl_server_handshake (ssl_conn); + /* FIXME: create HC_CONN_ERROR */ + if (ssl->failed && ssl_conn->func) + ssl_conn->func (ssl_conn, HC_EVENT_CLOSE, ssl_conn->data); return; } while ((r = hc_conn_read (ssl->lowconn, buffer, sizeof (buffer))) > 0)