gloox  1.0.20
tlsgnutlsclientanon.cpp
1 /*
2  Copyright (c) 2005-2017 by Jakob Schröter <js@camaya.net>
3  This file is part of the gloox library. http://camaya.net/gloox
4 
5  This software is distributed under a license. The full license
6  agreement can be found in the file LICENSE in this distribution.
7  This software may not be copied, modified, sold or distributed
8  other than expressed in the named license agreement.
9 
10  This software is distributed without any warranty.
11 */
12 
13 
14 
15 #include "tlsgnutlsclientanon.h"
16 
17 #ifdef HAVE_GNUTLS
18 
19 #include <errno.h>
20 
21 namespace gloox
22 {
23 
25  : GnuTLSBase( th )
26  {
27  }
28 
30  {
31  gnutls_anon_free_client_credentials( m_anoncred );
32  }
33 
35  {
37  init();
38  }
39 
40  bool GnuTLSClientAnon::init( const std::string&,
41  const std::string&,
42  const StringList& )
43  {
44  if( m_initLib && gnutls_global_init() != 0 )
45  return false;
46 
47  if( gnutls_anon_allocate_client_credentials( &m_anoncred ) < 0 )
48  return false;
49 
50  if( gnutls_init( m_session, GNUTLS_CLIENT ) != 0 )
51  return false;
52 
53 #if GNUTLS_VERSION_NUMBER >= 0x020600
54  int ret = gnutls_priority_set_direct( *m_session, "SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL", 0 );
55  if( ret != GNUTLS_E_SUCCESS )
56  return false;
57 #else
58  const int protocolPriority[] = {
59 #ifdef GNUTLS_TLS1_2
60  GNUTLS_TLS1_2,
61 #endif
62  GNUTLS_TLS1_1, GNUTLS_TLS1, 0 };
63  const int protocolPriority[] = { GNUTLS_TLS1, 0 };
64  const int kxPriority[] = { GNUTLS_KX_ANON_DH, 0 };
65  const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
66  GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
67  const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
68  const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
69  gnutls_protocol_set_priority( *m_session, protocolPriority );
70  gnutls_cipher_set_priority( *m_session, cipherPriority );
71  gnutls_compression_set_priority( *m_session, compPriority );
72  gnutls_kx_set_priority( *m_session, kxPriority );
73  gnutls_mac_set_priority( *m_session, macPriority );
74 #endif
75 
76  gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );
77 
78  gnutls_transport_set_ptr( *m_session, static_cast<gnutls_transport_ptr_t>( this ) );
79  gnutls_transport_set_push_function( *m_session, pushFunc );
80  gnutls_transport_set_pull_function( *m_session, pullFunc );
81 
82  m_valid = true;
83  return true;
84  }
85 
86  void GnuTLSClientAnon::getCertInfo()
87  {
88  m_certInfo.status = CertOk;
89 
90  const char* info;
91  info = gnutls_compression_get_name( gnutls_compression_get( *m_session ) );
92  if( info )
93  m_certInfo.compression = info;
94 
95  info = gnutls_mac_get_name( gnutls_mac_get( *m_session ) );
96  if( info )
97  m_certInfo.mac = info;
98 
99  info = gnutls_cipher_get_name( gnutls_cipher_get( *m_session ) );
100  if( info )
101  m_certInfo.cipher = info;
102 
103  info = gnutls_protocol_get_name( gnutls_protocol_get_version( *m_session ) );
104  if( info )
105  m_certInfo.protocol = info;
106 
107  m_valid = true;
108  }
109 
110 }
111 
112 #endif // HAVE_GNUTLS
std::list< std::string > StringList
Definition: gloox.h:1251
virtual void cleanup()
std::string cipher
Definition: gloox.h:1002
std::string mac
Definition: gloox.h:1003
The namespace for the gloox library.
Definition: adhoc.cpp:27
This is the common base class for (stream) encryption using GnuTLS.
Definition: tlsgnutlsbase.h:38
std::string protocol
Definition: gloox.h:1001
virtual bool init(const std::string &clientKey=EmptyString, const std::string &clientCerts=EmptyString, const StringList &cacerts=StringList())
An interface that allows for interacting with TLS implementations derived from TLSBase.
Definition: tlshandler.h:34
std::string compression
Definition: gloox.h:1004