--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/ssl.c Thu May 07 02:49:10 2009 +0300
@@ -0,0 +1,102 @@
+#include "ssl_internal.h"
+
+#include <assert.h>
+
+/*
+ * Global shared anonymous client credentials
+ */
+struct ssl_client_cred ssl_client_cred_anon = { .x509 = NULL, .verify = false, .refcount = 0 };
+
+
+// XXX: GnuTLS log func
+void _log (int level, const char *msg)
+{
+ printf("gnutls: %d: %s", level, msg);
+}
+
+err_t ssl_global_init (error_t *err)
+{
+ // global init
+ if ((ERROR_EXTRA(err) = gnutls_global_init()) < 0)
+ return SET_ERROR(err, ERR_GNUTLS_GLOBAL_INIT);
+
+ // initialize the anon client credentials
+ if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&ssl_client_cred_anon.x509)) < 0)
+ return SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
+
+ // XXX: debug
+// gnutls_global_set_log_function(&_log);
+// gnutls_global_set_log_level(11);
+
+ // done
+ return SUCCESS;
+}
+
+static void ssl_client_cred_destroy (struct ssl_client_cred *cred)
+{
+ // simple
+ gnutls_certificate_free_credentials(cred->x509);
+
+ free(cred);
+}
+
+err_t ssl_client_cred_create (struct ssl_client_cred **ctx_cred,
+ const char *cafile_path, bool verify,
+ const char *cert_path, const char *pkey_path,
+ error_t *err
+) {
+ struct ssl_client_cred *cred;
+
+ // alloc it
+ if ((cred = calloc(1, sizeof(*cred))) == NULL)
+ return SET_ERROR(err, ERR_CALLOC);
+
+ // create the cert
+ if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&cred->x509)) < 0)
+ JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
+
+ // load the trusted ca certs?
+ if (cafile_path) {
+ // load them
+ if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_trust_file(cred->x509, cafile_path, GNUTLS_X509_FMT_PEM)) < 0)
+ JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_TRUST_FILE);
+
+ }
+
+ // set the verify flags?
+ cred->verify = verify;
+ gnutls_certificate_set_verify_flags(cred->x509, 0);
+
+ // load the client cert?
+ if (cert_path || pkey_path) {
+ // need both...
+ assert(cert_path && pkey_path);
+
+ // load
+ if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_key_file(cred->x509, cert_path, pkey_path, GNUTLS_X509_FMT_PEM)))
+ JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_KEY_FILE);
+ }
+
+ // ok
+ cred->refcount = 1;
+ *ctx_cred = cred;
+
+ return SUCCESS;
+
+error:
+ // release
+ ssl_client_cred_destroy(cred);
+
+ return ERROR_CODE(err);
+}
+
+void ssl_client_cred_get (struct ssl_client_cred *cred)
+{
+ cred->refcount++;
+}
+
+void ssl_client_cred_put (struct ssl_client_cred *cred)
+{
+ if (--cred->refcount == 0)
+ ssl_client_cred_destroy(cred);
+}