15 #include "tlsgnutlsserver.h"
31 gnutls_certificate_free_credentials( m_x509cred );
32 gnutls_dh_params_deinit( m_dhParams );
42 const std::string& clientCerts,
45 if( m_initLib && gnutls_global_init() != 0 )
48 if( gnutls_certificate_allocate_credentials( &m_x509cred ) < 0 )
51 setClientCert( clientKey, clientCerts );
52 setCACerts( cacerts );
55 gnutls_certificate_set_dh_params( m_x509cred, m_dhParams );
56 gnutls_certificate_set_rsa_export_params( m_x509cred, m_rsaParams);
59 if( gnutls_init( m_session, GNUTLS_SERVER ) != 0 )
62 #if GNUTLS_VERSION_NUMBER >= 0x020600
63 int ret = gnutls_priority_set_direct( *m_session,
"SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL", 0 );
64 if( ret != GNUTLS_E_SUCCESS )
67 const int protocolPriority[] = {
71 GNUTLS_TLS1_1, GNUTLS_TLS1, 0 };
72 const int kxPriority[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, 0 };
73 const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
74 GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
75 const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
76 const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
77 gnutls_protocol_set_priority( *m_session, protocolPriority );
78 gnutls_cipher_set_priority( *m_session, cipherPriority );
79 gnutls_compression_set_priority( *m_session, compPriority );
80 gnutls_kx_set_priority( *m_session, kxPriority );
81 gnutls_mac_set_priority( *m_session, macPriority );
84 gnutls_credentials_set( *m_session, GNUTLS_CRD_CERTIFICATE, m_x509cred );
86 gnutls_certificate_server_set_request( *m_session, GNUTLS_CERT_REQUEST );
88 gnutls_dh_set_prime_bits( *m_session, m_dhBits );
90 gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)
this );
91 gnutls_transport_set_push_function( *m_session, pushFunc );
92 gnutls_transport_set_pull_function( *m_session, pullFunc );
98 void GnuTLSServer::setCACerts(
const StringList& cacerts )
102 StringList::const_iterator it = m_cacerts.begin();
103 for( ; it != m_cacerts.end(); ++it )
104 gnutls_certificate_set_x509_trust_file( m_x509cred, (*it).c_str(), GNUTLS_X509_FMT_PEM );
107 void GnuTLSServer::setClientCert(
const std::string& clientKey,
const std::string& clientCerts )
109 m_clientKey = clientKey;
110 m_clientCerts = clientCerts;
112 if( !m_clientKey.empty() && !m_clientCerts.empty() )
114 gnutls_certificate_set_x509_key_file( m_x509cred,
115 m_clientCerts.c_str(),
117 GNUTLS_X509_FMT_PEM );
122 void GnuTLSServer::generateDH()
124 gnutls_dh_params_init( &m_dhParams );
125 gnutls_dh_params_generate2( m_dhParams, m_dhBits );
126 gnutls_rsa_params_init( &m_rsaParams );
127 gnutls_rsa_params_generate2( m_rsaParams, 512 );
130 void GnuTLSServer::getCertInfo()
This is the common base class for (stream) encryption using GnuTLS.
virtual bool init(const std::string &clientKey=EmptyString, const std::string &clientCerts=EmptyString, const StringList &cacerts=StringList())
GnuTLSServer(TLSHandler *th)
An interface that allows for interacting with TLS implementations derived from TLSBase.
The namespace for the gloox library.
std::list< std::string > StringList