Use equivalent but more common GNUTLS call.

[cascardo/rnetproxy.git] / hcconn_ssl.c

diff --git a/hcconn_ssl.c b/hcconn_ssl.c
index cdcca97..a769327 100644 (file)
--- a/hcconn_ssl.c
+++ b/hcconn_ssl.c
@@ -30,34 +30,43 @@ struct ssl_data
   gnutls_session_t session;
   GString *buffer;
   gboolean handshaking;
+  gboolean failed;
   gpointer lowconn;
 };
 
 #define DH_BITS 1024
-static gnutls_anon_server_credentials_t
-ssl_server_get_credentials (void)
+void *
+hc_conn_ssl_server_init_credentials (char *certfile, char *keyfile)
 {
   static int initialized = 0;
-  static gnutls_anon_server_credentials_t cred;
+  static gnutls_certificate_credentials_t cred;
   gnutls_dh_params_t dh_params;
   if (initialized)
     return cred;
   gnutls_dh_params_init (&dh_params);
   gnutls_dh_params_generate2 (dh_params, DH_BITS);
-  gnutls_anon_allocate_server_credentials (&cred);
-  gnutls_anon_set_server_dh_params (cred, dh_params);
+  gnutls_certificate_allocate_credentials (&cred);
+  gnutls_certificate_set_x509_key_file (cred, certfile, keyfile,
+                                        GNUTLS_X509_FMT_PEM);
+  gnutls_certificate_set_dh_params (cred, dh_params);
   initialized = 1;
   return cred;
 }
 
+static void *
+ssl_server_get_credentials(void)
+{
+  return hc_conn_ssl_server_init_credentials (NULL, NULL);
+}
+ 
 static void
 ssl_server_session_new (gnutls_session_t *session)
 {
-  static gnutls_anon_server_credentials_t cred;
+  static void *cred;
   cred = ssl_server_get_credentials ();
   gnutls_init (session, GNUTLS_SERVER);
-  gnutls_priority_set_direct (*session, "NORMAL:+ANON-DH", NULL);
-  gnutls_credentials_set (*session, GNUTLS_CRD_ANON, cred);
+  gnutls_set_default_priority (*session);
+  gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, cred);
   gnutls_dh_set_prime_bits (*session, DH_BITS);
 }
 #undef DH_BITS
@@ -85,6 +94,7 @@ ssl_data_new (int server)
     ssl_client_session_new (&ssl->session);
   ssl->buffer = g_string_sized_new (4096);
   ssl->handshaking = FALSE;
+  ssl->failed = FALSE;
   return ssl;
 }
 
@@ -143,8 +153,11 @@ ssl_server_handshake (struct ssl_data *ssl)
   if ((error = gnutls_handshake (ssl->session)) < 0)
     {
       if (gnutls_error_is_fatal (error))
-        g_critical ("Fatal error while doing TLS handshaking: %s\n",
-                    gnutls_strerror (error));
+        {
+          g_critical ("Fatal error while doing TLS handshaking: %s\n",
+                      gnutls_strerror (error));
+          ssl->failed = TRUE;
+        }
     }
   else
     {
@@ -202,6 +215,9 @@ hc_conn_ssl_watch (HCConn *conn, HCEvent event, gpointer data)
       if (ssl->handshaking)
         {
           ssl_server_handshake (ssl);
+          /* FIXME: create HC_CONN_ERROR */
+          if (ssl->failed && ssl_conn->func)
+            ssl_conn->func (ssl_conn, HC_EVENT_CLOSE, ssl_conn->data);
           return;
         }
       while ((r = hc_conn_read (ssl->lowconn, buffer, sizeof (buffer))) > 0)