Mercurial Mercurial > evirc / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
src/lib/ssl.c
branchnew-lib-errors
changeset 219 cefec18b8268
parent 181 b12a6081fc85 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/lib/ssl.c	Thu May 28 01:17:36 2009 +0300
@@ -0,0 +1,129 @@
+#include "ssl_internal.h"
+
+#include <assert.h>
+
+static const char* _gnutls_error_msg (const struct error_extra_type *type, const union error_extra *extra)
+{
+    (void) type;
+
+    return gnutls_strerror(extra->int_);
+}
+
+static const struct error_extra_type _gnutls_error_type = {
+    .name       = "gnutls",
+    .msg_func   = _gnutls_error_msg
+};
+
+const struct error_list ssl_errors = ERROR_LIST("gnutls",
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_CERT_ALLOC_CRED,         "gnutls_certificate_allocate_credentials",  &_gnutls_error_type    ),
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_GLOBAL_INIT,             "gnutls_global_init",                       &_gnutls_error_type    ),
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_SET_DEFAULT_PRIORITY,    "gnutls_set_default_priority",              &_gnutls_error_type    ),
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_CRED_SET,                "gnutls_credentials_set",                   &_gnutls_error_type    ),
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_HANDSHAKE,               "gnutls_handshake",                         &_gnutls_error_type    ),
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_RECORD_SEND,             "gnutls_record_send",                       &_gnutls_error_type    ),
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_RECORD_RECV,             "gnutls_record_recv",                       &_gnutls_error_type    ),
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_RECORD_GET_DIRECTION,    "gnutls_record_get_direction",              &_gnutls_error_type    ),
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_CERT_VERIFY_PEERS2,      "gnutls_certificate_verify_peers2",         &_gnutls_error_type    ),
+    ERROR_TYPE_STRING(  ERR_GNUTLS_CERT_VERIFY,             "X.509 Certificate verification failed"                            ),
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_CERT_SET_X509_TRUST_FILE,"gnutls_certificate_set_x509_trust_file",   &_gnutls_error_type    ),
+    ERROR_TYPE_EXTRA(   ERR_GNUTLS_CERT_SET_X509_KEY_FILE,  "gnutls_certificate_set_x509_key_file",     &_gnutls_error_type    )
+);
+
+/*
+ * Global shared anonymous client credentials
+ */
+struct ssl_client_cred ssl_client_cred_anon = { .x509 = NULL, .verify = false, .refcount = 0 };
+
+
+// XXX: GnuTLS log func
+void _log (int level, const char *msg)
+{
+    printf("gnutls: %d: %s", level, msg);
+}
+
+err_t ssl_global_init (error_t *err)
+{
+    // global init
+    if ((ERROR_EXTRA(err) = gnutls_global_init()) < 0)
+        return SET_ERROR(err, ERR_GNUTLS_GLOBAL_INIT);
+
+    // initialize the anon client credentials
+    if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&ssl_client_cred_anon.x509)) < 0)
+        return SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
+
+    // XXX: debug
+//    gnutls_global_set_log_function(&_log);
+//    gnutls_global_set_log_level(11);
+
+    // done
+    return SUCCESS;
+}
+
+static void ssl_client_cred_destroy (struct ssl_client_cred *cred)
+{
+    // simple
+    gnutls_certificate_free_credentials(cred->x509);
+
+    free(cred);
+}
+
+err_t ssl_client_cred_create (struct ssl_client_cred **ctx_cred,
+        const char *cafile_path, bool verify,
+        const char *cert_path, const char *pkey_path,
+        error_t *err
+) {
+    struct ssl_client_cred *cred;
+
+    // alloc it
+    if ((cred = calloc(1, sizeof(*cred))) == NULL)
+        return SET_ERROR(err, ERR_CALLOC);
+
+    // create the cert
+    if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&cred->x509)) < 0)
+        JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
+    
+    // load the trusted ca certs?
+    if (cafile_path) {
+        // load them
+        if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_trust_file(cred->x509, cafile_path, GNUTLS_X509_FMT_PEM)) < 0)
+            JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_TRUST_FILE);
+
+    }
+
+    // set the verify flags?
+    cred->verify = verify;
+    gnutls_certificate_set_verify_flags(cred->x509, 0);
+
+    // load the client cert?
+    if (cert_path || pkey_path) {
+        // need both...
+        assert(cert_path && pkey_path);
+
+        // load
+        if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_key_file(cred->x509, cert_path, pkey_path, GNUTLS_X509_FMT_PEM)))
+            JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_KEY_FILE);
+    }
+
+    // ok
+    cred->refcount = 1;
+    *ctx_cred = cred;
+
+    return SUCCESS;
+
+error:
+    // release
+    ssl_client_cred_destroy(cred);
+
+    return ERROR_CODE(err);
+}
+
+void ssl_client_cred_get (struct ssl_client_cred *cred)
+{
+    cred->refcount++;
+}
+
+void ssl_client_cred_put (struct ssl_client_cred *cred)
+{
+    if (--cred->refcount == 0)
+        ssl_client_cred_destroy(cred);
+}
evirc