tlsgnutlsserveranon.cpp
00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015 #include "tlsgnutlsserveranon.h"
00016
00017 #ifdef HAVE_GNUTLS
00018
00019 #include <errno.h>
00020
00021 namespace gloox
00022 {
00023
00024 GnuTLSServerAnon::GnuTLSServerAnon( TLSHandler* th )
00025 : GnuTLSBase( th ), m_dhBits( 1024 )
00026 {
00027 }
00028
00029 GnuTLSServerAnon::~GnuTLSServerAnon()
00030 {
00031 gnutls_anon_free_server_credentials( m_anoncred );
00032 gnutls_dh_params_deinit( m_dhParams );
00033 }
00034
00035 void GnuTLSServerAnon::cleanup()
00036 {
00037 GnuTLSBase::cleanup();
00038 init();
00039 }
00040
00041 bool GnuTLSServerAnon::init( const std::string&,
00042 const std::string&,
00043 const StringList& )
00044 {
00045 const int protocolPriority[] = { GNUTLS_TLS1, 0 };
00046 const int kxPriority[] = { GNUTLS_KX_ANON_DH, 0 };
00047 const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
00048 GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
00049 const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
00050 const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
00051
00052 if( m_initLib && gnutls_global_init() != 0 )
00053 return false;
00054
00055 if( gnutls_anon_allocate_server_credentials( &m_anoncred ) < 0 )
00056 return false;
00057
00058 generateDH();
00059 gnutls_anon_set_server_dh_params( m_anoncred, m_dhParams );
00060
00061 if( gnutls_init( m_session, GNUTLS_SERVER ) != 0 )
00062 return false;
00063
00064 gnutls_protocol_set_priority( *m_session, protocolPriority );
00065 gnutls_cipher_set_priority( *m_session, cipherPriority );
00066 gnutls_compression_set_priority( *m_session, compPriority );
00067 gnutls_kx_set_priority( *m_session, kxPriority );
00068 gnutls_mac_set_priority( *m_session, macPriority );
00069 gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );
00070
00071 gnutls_dh_set_prime_bits( *m_session, m_dhBits );
00072
00073 gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this );
00074 gnutls_transport_set_push_function( *m_session, pushFunc );
00075 gnutls_transport_set_pull_function( *m_session, pullFunc );
00076
00077 m_valid = true;
00078 return true;
00079 }
00080
00081 void GnuTLSServerAnon::generateDH()
00082 {
00083 gnutls_dh_params_init( &m_dhParams );
00084 gnutls_dh_params_generate2( m_dhParams, m_dhBits );
00085 }
00086
00087 void GnuTLSServerAnon::getCertInfo()
00088 {
00089 m_certInfo.status = CertOk;
00090
00091 const char* info;
00092 info = gnutls_compression_get_name( gnutls_compression_get( *m_session ) );
00093 if( info )
00094 m_certInfo.compression = info;
00095
00096 info = gnutls_mac_get_name( gnutls_mac_get( *m_session ) );
00097 if( info )
00098 m_certInfo.mac = info;
00099
00100 info = gnutls_cipher_get_name( gnutls_cipher_get( *m_session ) );
00101 if( info )
00102 m_certInfo.cipher = info;
00103
00104 info = gnutls_protocol_get_name( gnutls_protocol_get_version( *m_session ) );
00105 if( info )
00106 m_certInfo.protocol = info;
00107
00108 m_valid = true;
00109 }
00110
00111 }
00112
00113 #endif // HAVE_GNUTLS