author | Tero Marttila <terom@fixme.fi> |
Sun, 22 Feb 2009 05:27:29 +0200 | |
changeset 2 | a834f0559939 |
child 3 | cc94ae754e2a |
permissions | -rw-r--r-- |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
1 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
2 |
#include "sock_gnutls.h" |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
3 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
4 |
#include <stdlib.h> |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
5 |
#include <err.h> |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
6 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
7 |
static void _sock_gnutls_error (struct sock_gnutls *sock, const char *func, int _err) { |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
8 |
if (_err == GNUTLS_E_FATAL_ALERT_RECEIVED) |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
9 |
errx(1, "%s: %s: %s", func, gnutls_strerror(_err), gnutls_alert_get_name(gnutls_alert_get(sock->session))); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
10 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
11 |
else |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
12 |
errx(1, "%s: %s", func, gnutls_strerror(_err)); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
13 |
} |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
14 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
15 |
static int sock_gnutls_read (struct sock_stream *base_sock, void *buf, size_t len) |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
16 |
{ |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
17 |
struct sock_gnutls *sock = SOCK_FROM_BASE(base_sock, struct sock_gnutls); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
18 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
19 |
// just map to gnutls_record_recv |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
20 |
return gnutls_record_recv(sock->session, buf, len); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
21 |
} |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
22 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
23 |
static int sock_gnutls_write (struct sock_stream *base_sock, const void *buf, size_t len) |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
24 |
{ |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
25 |
struct sock_gnutls *sock = SOCK_FROM_BASE(base_sock, struct sock_gnutls); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
26 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
27 |
// just map to gnutls_record_send |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
28 |
return gnutls_record_send(sock->session, buf, len); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
29 |
} |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
30 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
31 |
/* |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
32 |
* Our sock_stream_Type |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
33 |
*/ |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
34 |
struct sock_stream_type sock_gnutls_type = { |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
35 |
.methods.read = &sock_gnutls_read, |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
36 |
.methods.write = &sock_gnutls_write, |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
37 |
}; |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
38 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
39 |
/* |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
40 |
* XXX: global shared sock_gnutls_ctx |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
41 |
*/ |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
42 |
struct sock_gnutls_client_ctx _sock_gnutls_client_ctx; |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
43 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
44 |
/* |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
45 |
* Configure the given gnutls socket context to use simple anonymous client credentials |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
46 |
* |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
47 |
* XXX: errors |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
48 |
*/ |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
49 |
void sock_gnutls_client_ctx_anon (struct sock_gnutls_client_ctx *ctx) |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
50 |
{ |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
51 |
gnutls_certificate_allocate_credentials(&ctx->xcred); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
52 |
} |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
53 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
54 |
// XXX: errors |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
55 |
void sock_gnutls_init (void) |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
56 |
{ |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
57 |
int _err; |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
58 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
59 |
// global init |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
60 |
if ((_err = gnutls_global_init()) < 0) |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
61 |
errx(1, "gnutls_global_init: %s", gnutls_strerror(_err)); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
62 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
63 |
// init _sock_gnutls_ctx |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
64 |
sock_gnutls_client_ctx_anon(&_sock_gnutls_client_ctx); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
65 |
} |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
66 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
67 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
68 |
// XXX: errors |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
69 |
struct sock_stream *sock_ssl_connect (const char *host, const char *service) |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
70 |
{ |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
71 |
int _err; |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
72 |
struct sock_gnutls *sock; |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
73 |
struct sock_gnutls_client_ctx *ctx = &_sock_gnutls_client_ctx; |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
74 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
75 |
// alloc |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
76 |
if ((sock = calloc(1, sizeof(*sock))) == NULL) |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
77 |
errx(1, "calloc"); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
78 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
79 |
// initialize |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
80 |
sock->base_tcp.base.type = &sock_gnutls_type; |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
81 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
82 |
// initialize client session |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
83 |
if ((_err = gnutls_init(&sock->session, GNUTLS_CLIENT)) < 0) |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
84 |
errx(1, "gnutls_init: %s", gnutls_strerror(_err)); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
85 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
86 |
// ...default priority stuff |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
87 |
gnutls_set_default_priority(sock->session); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
88 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
89 |
// bind anon credentials |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
90 |
gnutls_credentials_set(sock->session, GNUTLS_CRD_CERTIFICATE, ctx->xcred); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
91 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
92 |
// TCP connect |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
93 |
sock_tcp_init_connect(SOCK_GNUTLS_TCP(sock), host, service); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
94 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
95 |
// bind default transport functions (recv/send) to use the TCP fd |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
96 |
gnutls_transport_set_ptr(sock->session, (gnutls_transport_ptr_t) sock->base_tcp.fd); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
97 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
98 |
// perform the handshake |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
99 |
if ((_err = gnutls_handshake(sock->session)) < 0) |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
100 |
_sock_gnutls_error(sock, "gnutls_handshake", _err); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
101 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
102 |
// done |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
103 |
return SOCK_GNUTLS_BASE(sock); |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
104 |
} |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
105 |