1

#include "ssl_internal.h"

     2

     3

#include <assert.h>

     4

     5

/*

     6

 * Global shared anonymous client credentials

     7

 */

     8

struct ssl_client_cred ssl_client_cred_anon = { .x509 = NULL, .verify = false, .refcount = 0 };

     9

    10

    11

// XXX: GnuTLS log func

    12

void _log (int level, const char *msg)

    13

{

    14

    printf("gnutls: %d: %s", level, msg);

    15

}

    16

    17

err_t ssl_global_init (error_t *err)

    18

{

    19

    // global init

    20

    if ((ERROR_EXTRA(err) = gnutls_global_init()) < 0)

    21

        return SET_ERROR(err, ERR_GNUTLS_GLOBAL_INIT);

    22

    23

    // initialize the anon client credentials

    24

    if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&ssl_client_cred_anon.x509)) < 0)

    25

        return SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);

    26

    27

    // XXX: debug

    28

//    gnutls_global_set_log_function(&_log);

    29

//    gnutls_global_set_log_level(11);

    30

    31

    // done

    32

    return SUCCESS;

    33

}

    34

    35

static void ssl_client_cred_destroy (struct ssl_client_cred *cred)

    36

{

    37

    // simple

    38

    gnutls_certificate_free_credentials(cred->x509);

    39

    40

    free(cred);

    41

}

    42

    43

err_t ssl_client_cred_create (struct ssl_client_cred **ctx_cred,

    44

        const char *cafile_path, bool verify,

    45

        const char *cert_path, const char *pkey_path,

    46

        error_t *err

    47

) {

    48

    struct ssl_client_cred *cred;

    49

    50

    // alloc it

    51

    if ((cred = calloc(1, sizeof(*cred))) == NULL)

    52

        return SET_ERROR(err, ERR_CALLOC);

    53

    54

    // create the cert

    55

    if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&cred->x509)) < 0)

    56

        JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);

    57

    58

    // load the trusted ca certs?

    59

    if (cafile_path) {

    60

        // load them

    61

        if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_trust_file(cred->x509, cafile_path, GNUTLS_X509_FMT_PEM)) < 0)

    62

            JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_TRUST_FILE);

    63

    64

    }

    65

    66

    // set the verify flags?

    67

    cred->verify = verify;

    68

    gnutls_certificate_set_verify_flags(cred->x509, 0);

    69

    70

    // load the client cert?

    71

    if (cert_path || pkey_path) {

    72

        // need both...

    73

        assert(cert_path && pkey_path);

    74

    75

        // load

    76

        if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_key_file(cred->x509, cert_path, pkey_path, GNUTLS_X509_FMT_PEM)))

    77

            JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_KEY_FILE);

    78

    }

    79

    80

    // ok

    81

    cred->refcount = 1;

    82

    *ctx_cred = cred;

    83

    84

    return SUCCESS;

    85

    86

error:

    87

    // release

    88

    ssl_client_cred_destroy(cred);

    89

    90

    return ERROR_CODE(err);

    91

}

    92

    93

void ssl_client_cred_get (struct ssl_client_cred *cred)

    94

{

    95

    cred->refcount++;

    96

}

    97

    98

void ssl_client_cred_put (struct ssl_client_cred *cred)

    99

{

   100

    if (--cred->refcount == 0)

   101

        ssl_client_cred_destroy(cred);

   102

}