1 #include "ssl_internal.h"

     2 

     3 #include <assert.h>

     4 

     5 /*

     6  * Global shared anonymous client credentials

     7  */

     8 struct ssl_client_cred ssl_client_cred_anon = { .x509 = NULL, .verify = false, .refcount = 0 };

     9 

    10 

    11 // XXX: GnuTLS log func

    12 void _log (int level, const char *msg)

    13 {

    14     printf("gnutls: %d: %s", level, msg);

    15 }

    16 

    17 err_t ssl_global_init (error_t *err)

    18 {

    19     // global init

    20     if ((ERROR_EXTRA(err) = gnutls_global_init()) < 0)

    21         return SET_ERROR(err, ERR_GNUTLS_GLOBAL_INIT);

    22 

    23     // initialize the anon client credentials

    24     if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&ssl_client_cred_anon.x509)) < 0)

    25         return SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);

    26 

    27     // XXX: debug

    28 //    gnutls_global_set_log_function(&_log);

    29 //    gnutls_global_set_log_level(11);

    30 

    31     // done

    32     return SUCCESS;

    33 }

    34 

    35 static void ssl_client_cred_destroy (struct ssl_client_cred *cred)

    36 {

    37     // simple

    38     gnutls_certificate_free_credentials(cred->x509);

    39 

    40     free(cred);

    41 }

    42 

    43 err_t ssl_client_cred_create (struct ssl_client_cred **ctx_cred,

    44         const char *cafile_path, bool verify,

    45         const char *cert_path, const char *pkey_path,

    46         error_t *err

    47 ) {

    48     struct ssl_client_cred *cred;

    49 

    50     // alloc it

    51     if ((cred = calloc(1, sizeof(*cred))) == NULL)

    52         return SET_ERROR(err, ERR_CALLOC);

    53 

    54     // create the cert

    55     if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&cred->x509)) < 0)

    56         JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);

    57     

    58     // load the trusted ca certs?

    59     if (cafile_path) {

    60         // load them

    61         if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_trust_file(cred->x509, cafile_path, GNUTLS_X509_FMT_PEM)) < 0)

    62             JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_TRUST_FILE);

    63 

    64     }

    65 

    66     // set the verify flags?

    67     cred->verify = verify;

    68     gnutls_certificate_set_verify_flags(cred->x509, 0);

    69 

    70     // load the client cert?

    71     if (cert_path || pkey_path) {

    72         // need both...

    73         assert(cert_path && pkey_path);

    74 

    75         // load

    76         if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_key_file(cred->x509, cert_path, pkey_path, GNUTLS_X509_FMT_PEM)))

    77             JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_KEY_FILE);

    78     }

    79 

    80     // ok

    81     cred->refcount = 1;

    82     *ctx_cred = cred;

    83 

    84     return SUCCESS;

    85 

    86 error:

    87     // release

    88     ssl_client_cred_destroy(cred);

    89 

    90     return ERROR_CODE(err);

    91 }

    92 

    93 void ssl_client_cred_get (struct ssl_client_cred *cred)

    94 {

    95     cred->refcount++;

    96 }

    97 

    98 void ssl_client_cred_put (struct ssl_client_cred *cred)

    99 {

   100     if (--cred->refcount == 0)

   101         ssl_client_cred_destroy(cred);

   102 }