gloox  1.0.28
tlsgnutlsserveranon.cpp
1 /*
2  Copyright (c) 2005-2023 by Jakob Schröter <js@camaya.net>
3  This file is part of the gloox library. http://camaya.net/gloox
4 
5  This software is distributed under a license. The full license
6  agreement can be found in the file LICENSE in this distribution.
7  This software may not be copied, modified, sold or distributed
8  other than expressed in the named license agreement.
9 
10  This software is distributed without any warranty.
11 */
12 
13 
14 
15 #include "tlsgnutlsserveranon.h"
16 
17 #ifdef HAVE_GNUTLS
18 
19 #include <errno.h>
20 
21 namespace gloox
22 {
23 
25  : GnuTLSBase( th ), m_dhBits( 1024 )
26  {
27  }
28 
30  {
31  gnutls_anon_free_server_credentials( m_anoncred );
32  gnutls_dh_params_deinit( m_dhParams );
33  }
34 
36  {
38  init();
39  }
40 
41  bool GnuTLSServerAnon::init( const std::string&,
42  const std::string&,
43  const StringList& )
44  {
45  if( m_initLib && gnutls_global_init() != 0 )
46  return false;
47 
48  if( gnutls_anon_allocate_server_credentials( &m_anoncred ) < 0 )
49  return false;
50 
51  generateDH();
52  gnutls_anon_set_server_dh_params( m_anoncred, m_dhParams );
53 
54  if( gnutls_init( m_session, GNUTLS_SERVER ) != 0 )
55  return false;
56 
57 #if GNUTLS_VERSION_NUMBER >= 0x020600
58  int ret = gnutls_priority_set_direct( *m_session, "SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL:+ANON-ECDH:+ANON-DH", 0 );
59  if( ret != GNUTLS_E_SUCCESS )
60  return false;
61 #else
62  const int protocolPriority[] = {
63 #ifdef GNUTLS_TLS1_2
64  GNUTLS_TLS1_2,
65 #endif
66  GNUTLS_TLS1_1, GNUTLS_TLS1, 0 };
67  const int kxPriority[] = { GNUTLS_KX_ANON_DH, 0 };
68  const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
69  GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
70  const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
71  const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
72  gnutls_protocol_set_priority( *m_session, protocolPriority );
73  gnutls_cipher_set_priority( *m_session, cipherPriority );
74  gnutls_compression_set_priority( *m_session, compPriority );
75  gnutls_kx_set_priority( *m_session, kxPriority );
76  gnutls_mac_set_priority( *m_session, macPriority );
77 #endif
78 
79  gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );
80 
81  gnutls_dh_set_prime_bits( *m_session, m_dhBits );
82 
83  gnutls_transport_set_ptr( *m_session, static_cast<gnutls_transport_ptr_t>( this ) );
84  gnutls_transport_set_push_function( *m_session, pushFunc );
85  gnutls_transport_set_pull_function( *m_session, pullFunc );
86 
87  m_valid = true;
88  return true;
89  }
90 
91  void GnuTLSServerAnon::generateDH()
92  {
93  gnutls_dh_params_init( &m_dhParams );
94  gnutls_dh_params_generate2( m_dhParams, m_dhBits );
95  }
96 
97  void GnuTLSServerAnon::getCertInfo()
98  {
99  m_certInfo.status = CertOk;
100 
101  getCommonCertInfo();
102 
103  m_valid = true;
104  }
105 
106 }
107 
108 #endif // HAVE_GNUTLS
This is the common base class for (stream) encryption using GnuTLS.
Definition: tlsgnutlsbase.h:39
virtual void cleanup()
virtual bool init(const std::string &clientKey=EmptyString, const std::string &clientCerts=EmptyString, const StringList &cacerts=StringList())
An interface that allows for interacting with TLS implementations derived from TLSBase.
Definition: tlshandler.h:35
The namespace for the gloox library.
Definition: adhoc.cpp:28
std::list< std::string > StringList
Definition: gloox.h:1251
@ CertOk
Definition: gloox.h:975