Chat-O-Matic/libs/libgloox/tlsgnutlsserveranon.cpp

124 lines
3.5 KiB
C++
Raw Normal View History

/*
2015-06-24 10:52:32 -05:00
Copyright (c) 2005-2015 by Jakob Schröter <js@camaya.net>
This file is part of the gloox library. http://camaya.net/gloox
This software is distributed under a license. The full license
agreement can be found in the file LICENSE in this distribution.
This software may not be copied, modified, sold or distributed
other than expressed in the named license agreement.
This software is distributed without any warranty.
*/
#include "tlsgnutlsserveranon.h"
#ifdef HAVE_GNUTLS
#include <errno.h>
namespace gloox
{
GnuTLSServerAnon::GnuTLSServerAnon( TLSHandler* th )
: GnuTLSBase( th ), m_dhBits( 1024 )
{
}
GnuTLSServerAnon::~GnuTLSServerAnon()
{
gnutls_anon_free_server_credentials( m_anoncred );
gnutls_dh_params_deinit( m_dhParams );
}
void GnuTLSServerAnon::cleanup()
{
GnuTLSBase::cleanup();
init();
}
bool GnuTLSServerAnon::init( const std::string&,
const std::string&,
const StringList& )
{
if( m_initLib && gnutls_global_init() != 0 )
return false;
if( gnutls_anon_allocate_server_credentials( &m_anoncred ) < 0 )
return false;
generateDH();
gnutls_anon_set_server_dh_params( m_anoncred, m_dhParams );
if( gnutls_init( m_session, GNUTLS_SERVER ) != 0 )
return false;
2015-06-24 10:52:32 -05:00
#if GNUTLS_VERSION_NUMBER >= 0x020600
int ret = gnutls_priority_set_direct( *m_session, "SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL", 0 );
if( ret != GNUTLS_E_SUCCESS )
return false;
#else
const int protocolPriority[] = {
#ifdef GNUTLS_TLS1_2
GNUTLS_TLS1_2,
#endif
GNUTLS_TLS1_1, GNUTLS_TLS1, 0 };
const int kxPriority[] = { GNUTLS_KX_ANON_DH, 0 };
const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
gnutls_protocol_set_priority( *m_session, protocolPriority );
gnutls_cipher_set_priority( *m_session, cipherPriority );
gnutls_compression_set_priority( *m_session, compPriority );
gnutls_kx_set_priority( *m_session, kxPriority );
gnutls_mac_set_priority( *m_session, macPriority );
2015-06-24 10:52:32 -05:00
#endif
gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );
gnutls_dh_set_prime_bits( *m_session, m_dhBits );
gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this );
gnutls_transport_set_push_function( *m_session, pushFunc );
gnutls_transport_set_pull_function( *m_session, pullFunc );
m_valid = true;
return true;
}
void GnuTLSServerAnon::generateDH()
{
gnutls_dh_params_init( &m_dhParams );
gnutls_dh_params_generate2( m_dhParams, m_dhBits );
}
void GnuTLSServerAnon::getCertInfo()
{
m_certInfo.status = CertOk;
const char* info;
info = gnutls_compression_get_name( gnutls_compression_get( *m_session ) );
if( info )
m_certInfo.compression = info;
info = gnutls_mac_get_name( gnutls_mac_get( *m_session ) );
if( info )
m_certInfo.mac = info;
info = gnutls_cipher_get_name( gnutls_cipher_get( *m_session ) );
if( info )
m_certInfo.cipher = info;
info = gnutls_protocol_get_name( gnutls_protocol_get_version( *m_session ) );
if( info )
m_certInfo.protocol = info;
m_valid = true;
}
}
#endif // HAVE_GNUTLS