diff options
author | Andrew McDonald <admcd@gnutls.org> | 2002-07-05 19:03:32 +0000 |
---|---|---|
committer | Andrew McDonald <admcd@gnutls.org> | 2002-07-05 19:03:32 +0000 |
commit | fa2fafe0bca274d45a22a2b80a74ca2fc6f33b9a (patch) | |
tree | f11c520f207e2827feae68fc067fc631d110e996 | |
parent | f83939aa7ba98433b123ae030b7f778d86e1c8f1 (diff) | |
download | gnutls-fa2fafe0bca274d45a22a2b80a74ca2fc6f33b9a.tar.gz |
some more functions implemented
-rw-r--r-- | includes/gnutls/openssl.h | 26 | ||||
-rw-r--r-- | libextra/gnutls_openssl.c | 150 |
2 files changed, 168 insertions, 8 deletions
diff --git a/includes/gnutls/openssl.h b/includes/gnutls/openssl.h index 7f0813d790..6cb285df5f 100644 --- a/includes/gnutls/openssl.h +++ b/includes/gnutls/openssl.h @@ -16,12 +16,7 @@ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -/* FIXME FIXME FIXME - Things to fix: - error handling - SSL->options -*/ +/* WARNING: Error functions aren't currently thread-safe */ #ifndef GNUTLS_OPENSSL_H #define GNUTLS_OPENSSL_H @@ -66,7 +61,6 @@ typedef struct int mac_priority[GNUTLS_MAX_ALGORITHM_NUM]; } SSL_METHOD; - typedef struct { GNUTLS_Version version; @@ -77,6 +71,11 @@ typedef struct GNUTLS_CertificateType cert; } SSL_CIPHER; +typedef struct _BIO +{ + int fd; +} BIO; + typedef struct { struct _SSL *ssl; @@ -85,6 +84,8 @@ typedef struct #define current_cert cert_list } X509_STORE_CTX; +#define X509_STORE_CTX_get_current_cert(ctx) ((ctx)->current_cert) + typedef struct _SSL_CTX { SSL_METHOD *method; @@ -103,6 +104,7 @@ typedef struct _SSL { GNUTLS_STATE gnutls_state; #define rbio gnutls_state + GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS gnutls_cred; SSL_CTX *ctx; @@ -122,6 +124,10 @@ typedef struct GCRY_MD_HD handle; } MD_CTX; +typedef struct +{ +} RSA; + #define MD5_CTX MD_CTX #define RIPEMD160_CTX MD_CTX @@ -160,6 +166,7 @@ void SSL_free(SSL *ssl); void SSL_load_error_strings(void); int SSL_get_error(SSL *ssl, int ret); int SSL_set_fd(SSL *ssl, int fd); +void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); void SSL_set_connect_state(SSL *ssl); int SSL_pending(SSL *ssl); void SSL_set_verify(SSL *ssl, int verify_mode, @@ -177,6 +184,9 @@ int SSL_write(SSL *ssl, const void *buf, int len); /* SSL_METHOD functions */ SSL_METHOD *SSLv23_client_method(void); +SSL_METHOD *TLSv1_client_method(void); +SSL_METHOD *SSLv23_server_method(void); +SSL_METHOD *TLSv1_server_method(void); /* SSL_CIPHER functions */ @@ -196,7 +206,7 @@ char *X509_NAME_oneline(gnutls_x509_dn *name, char *buf, int len); /* BIO functions */ void BIO_get_fd(GNUTLS_STATE gnutls_state, int *fd); - +BIO *BIO_new_socket(int sock, int close_flag); /* error handling */ diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c index ac9b471324..11efe099e2 100644 --- a/libextra/gnutls_openssl.c +++ b/libextra/gnutls_openssl.c @@ -22,6 +22,8 @@ #include <stdlib.h> #include <gnutls/openssl.h> +/* WARNING: Error functions aren't currently thread-safe */ + static int last_error = 0; @@ -171,6 +173,11 @@ int SSL_set_fd(SSL *ssl, int fd) return 1; } +void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) +{ + gnutls_transport_set_ptr (ssl->gnutls_state, rbio->fd); + free(BIO); +} void SSL_set_connect_state(SSL *ssl) { @@ -329,6 +336,136 @@ SSL_METHOD *SSLv23_client_method(void) return m; } +SSL_METHOD *SSLv23_server_method(void) +{ + SSL_METHOD *m; + m = (SSL_METHOD *)calloc(1, sizeof(SSL_METHOD)); + if (!m) + return NULL; + + m->protocol_priority[0] = GNUTLS_TLS1; + m->protocol_priority[1] = GNUTLS_SSL3; + m->protocol_priority[2] = 0; + + m->cipher_priority[0] = GNUTLS_CIPHER_RIJNDAEL_128_CBC; + m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC; + m->cipher_priority[2] = GNUTLS_CIPHER_RIJNDAEL_256_CBC; + m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR; + m->cipher_priority[4] = 0; + + m->comp_priority[0] = GNUTLS_COMP_ZLIB; + m->comp_priority[1] = GNUTLS_COMP_NULL; + m->comp_priority[2] = 0; + + m->kx_priority[0] = GNUTLS_KX_DHE_RSA; + m->kx_priority[1] = GNUTLS_KX_RSA; + m->kx_priority[2] = GNUTLS_KX_DHE_DSS; + m->kx_priority[3] = 0; + + m->mac_priority[0] = GNUTLS_MAC_SHA; + m->mac_priority[1] = GNUTLS_MAC_MD5; + m->mac_priority[2] = 0; + + return m; +} + +SSL_METHOD *SSLv23_client_method(void) +{ + SSL_METHOD *m; + m = (SSL_METHOD *)calloc(1, sizeof(SSL_METHOD)); + if (!m) + return NULL; + + m->protocol_priority[0] = GNUTLS_TLS1; + m->protocol_priority[1] = GNUTLS_SSL3; + m->protocol_priority[2] = 0; + + m->cipher_priority[0] = GNUTLS_CIPHER_RIJNDAEL_128_CBC; + m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC; + m->cipher_priority[2] = GNUTLS_CIPHER_RIJNDAEL_256_CBC; + m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR; + m->cipher_priority[4] = 0; + + m->comp_priority[0] = GNUTLS_COMP_ZLIB; + m->comp_priority[1] = GNUTLS_COMP_NULL; + m->comp_priority[2] = 0; + + m->kx_priority[0] = GNUTLS_KX_DHE_RSA; + m->kx_priority[1] = GNUTLS_KX_RSA; + m->kx_priority[2] = GNUTLS_KX_DHE_DSS; + m->kx_priority[3] = 0; + + m->mac_priority[0] = GNUTLS_MAC_SHA; + m->mac_priority[1] = GNUTLS_MAC_MD5; + m->mac_priority[2] = 0; + + return m; +} + +SSL_METHOD *TLSv1_client_method(void) +{ + SSL_METHOD *m; + m = (SSL_METHOD *)calloc(1, sizeof(SSL_METHOD)); + if (!m) + return NULL; + + m->protocol_priority[0] = GNUTLS_TLS1; + m->protocol_priority[1] = 0; + + m->cipher_priority[0] = GNUTLS_CIPHER_RIJNDAEL_128_CBC; + m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC; + m->cipher_priority[2] = GNUTLS_CIPHER_RIJNDAEL_256_CBC; + m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR; + m->cipher_priority[4] = 0; + + m->comp_priority[0] = GNUTLS_COMP_ZLIB; + m->comp_priority[1] = GNUTLS_COMP_NULL; + m->comp_priority[2] = 0; + + m->kx_priority[0] = GNUTLS_KX_DHE_RSA; + m->kx_priority[1] = GNUTLS_KX_RSA; + m->kx_priority[2] = GNUTLS_KX_DHE_DSS; + m->kx_priority[3] = 0; + + m->mac_priority[0] = GNUTLS_MAC_SHA; + m->mac_priority[1] = GNUTLS_MAC_MD5; + m->mac_priority[2] = 0; + + return m; +} + +SSL_METHOD *TLSv1_server_method(void) +{ + SSL_METHOD *m; + m = (SSL_METHOD *)calloc(1, sizeof(SSL_METHOD)); + if (!m) + return NULL; + + m->protocol_priority[0] = GNUTLS_TLS1; + m->protocol_priority[1] = 0; + + m->cipher_priority[0] = GNUTLS_CIPHER_RIJNDAEL_128_CBC; + m->cipher_priority[1] = GNUTLS_CIPHER_3DES_CBC; + m->cipher_priority[2] = GNUTLS_CIPHER_RIJNDAEL_256_CBC; + m->cipher_priority[3] = GNUTLS_CIPHER_ARCFOUR; + m->cipher_priority[4] = 0; + + m->comp_priority[0] = GNUTLS_COMP_ZLIB; + m->comp_priority[1] = GNUTLS_COMP_NULL; + m->comp_priority[2] = 0; + + m->kx_priority[0] = GNUTLS_KX_DHE_RSA; + m->kx_priority[1] = GNUTLS_KX_RSA; + m->kx_priority[2] = GNUTLS_KX_DHE_DSS; + m->kx_priority[3] = 0; + + m->mac_priority[0] = GNUTLS_MAC_SHA; + m->mac_priority[1] = GNUTLS_MAC_MD5; + m->mac_priority[2] = 0; + + return m; +} + /* SSL_CIPHER functions */ @@ -422,6 +559,19 @@ void BIO_get_fd(GNUTLS_STATE gnutls_state, int *fd) *fd = gnutls_transport_get_ptr(gnutls_state); } +BIO *BIO_new_socket(int sock, int close_flag) +{ + BIO *bio; + + bio = (BIO *)malloc(sizeof(BIO)); + if (!bio) + return NULL; + + BIO->fd = sock; + + return BIO; +} + /* error handling */ |