some initial support for TLS/SSL server applications

author: Andrew McDonald <admcd@gnutls.org> 2002-07-21 19:10:55 +0000
committer: Andrew McDonald <admcd@gnutls.org> 2002-07-21 19:10:55 +0000
commit: 8adb38c1cba35bf06664898dd2ee320dac033900 (patch)
tree: 0d375432de538cf33c99a0780b66f9c8b8dbb61c
parent: 030c20e4959cca8e110831b7d9d92afbecee15fc (diff)
download: gnutls-8adb38c1cba35bf06664898dd2ee320dac033900.tar.gz
2 files changed, 153 insertions, 5 deletions
diff --git a/includes/gnutls/openssl.h b/includes/gnutls/openssl.h
index 5ff7244e50..3cacfd6f99 100644
--- a/includes/gnutls/openssl.h
+++ b/includes/gnutls/openssl.h
@@ -63,6 +63,7 @@ typedef struct
     int comp_priority[GNUTLS_MAX_ALGORITHM_NUM];
     int kx_priority[GNUTLS_MAX_ALGORITHM_NUM];
     int mac_priority[GNUTLS_MAX_ALGORITHM_NUM];
+    GNUTLS_ConnectionEnd connend;
 } SSL_METHOD;
 
 typedef struct
@@ -164,6 +165,21 @@ unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long options);
 long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *list);
 
+
+/* SSL_CTX statistics */
+
+long SSL_CTX_sess_number(SSL_CTX *ctx);
+long SSL_CTX_sess_connect(SSL_CTX *ctx);
+long SSL_CTX_sess_connect_good(SSL_CTX *ctx);
+long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
+long SSL_CTX_sess_accept(SSL_CTX *ctx);
+long SSL_CTX_sess_accept_good(SSL_CTX *ctx);
+long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
+long SSL_CTX_sess_hits(SSL_CTX *ctx);
+long SSL_CTX_sess_misses(SSL_CTX *ctx);
+long SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+
+
 /* SSL structure handling */
 
 SSL *SSL_new(SSL_CTX *ctx);
@@ -183,6 +199,7 @@ const X509 *SSL_get_peer_certificate(SSL *ssl);
 /* SSL connection open/close/read/write functions */
 
 int SSL_connect(SSL *ssl);
+int SSL_accept(SSL *ssl);
 int SSL_shutdown(SSL *ssl);
 int SSL_read(SSL *ssl, void *buf, int len);
 int SSL_write(SSL *ssl, const void *buf, int len);
@@ -221,9 +238,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size);
 
 /* X509 functions */
 
-X509_NAME *X509_get_subject_name(X509 *cert);
-X509_NAME *X509_get_issuer_name(X509 *cert);
+X509_NAME *X509_get_subject_name(const X509 *cert);
+X509_NAME *X509_get_issuer_name(const X509 *cert);
 char *X509_NAME_oneline(gnutls_x509_dn *name, char *buf, int len);
+void X509_free(const X509 *cert);
 
 
 /* BIO functions */
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index e9fe1bd71a..4fe1608b3e 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -119,6 +119,60 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *list)
 }
 
 
+/* SSL_CTX statistics */
+
+long SSL_CTX_sess_number(SSL_CTX *ctx)
+{
+    return 0;
+}
+
+long SSL_CTX_sess_connect(SSL_CTX *ctx)
+{
+    return 0;
+}
+
+long SSL_CTX_sess_connect_good(SSL_CTX *ctx)
+{
+    return 0;
+}
+
+long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx)
+{
+    return 0;
+}
+
+long SSL_CTX_sess_accept(SSL_CTX *ctx)
+{
+    return 0;
+}
+
+long SSL_CTX_sess_accept_good(SSL_CTX *ctx)
+{
+    return 0;
+}
+
+long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx)
+{
+    return 0;
+}
+
+long SSL_CTX_sess_hits(SSL_CTX *ctx)
+{
+    return 0;
+}
+
+long SSL_CTX_sess_misses(SSL_CTX *ctx)
+{
+    return 0;
+}
+
+long SSL_CTX_sess_timeouts(SSL_CTX *ctx)
+{
+    return 0;
+}
+
+
+
 /* SSL structure handling */
 
 SSL *SSL_new(SSL_CTX *ctx)
@@ -138,7 +192,7 @@ SSL *SSL_new(SSL_CTX *ctx)
         return NULL;
     }
 
-    gnutls_init(&ssl->gnutls_state, GNUTLS_CLIENT);
+    gnutls_init(&ssl->gnutls_state, ctx->method->connend);
 
     gnutls_protocol_set_priority (ssl->gnutls_state, ctx->method->protocol_priority);
     gnutls_cipher_set_priority (ssl->gnutls_state, ctx->method->cipher_priority);
@@ -286,6 +340,64 @@ int SSL_connect(SSL *ssl)
     err = store->error;
     free(store);
 
+    /* FIXME: deal with error from callback */
+
+    return 1;
+}
+
+int SSL_accept(SSL *ssl)
+{
+    X509_STORE_CTX *store;
+    int cert_list_size = 0;
+    int err;
+    int i, j;
+    int x_priority[GNUTLS_MAX_ALGORITHM_NUM];
+    /* take options into account before accepting */
+
+    if (ssl->options & SSL_OP_NO_TLSv1)
+    {
+        for (i=0, j=0;
+             i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0;
+             i++, j++)
+        {
+            if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1)
+                j++;
+            else
+                x_priority[i] = ssl->ctx->method->protocol_priority[j];
+        }
+        if (i < GNUTLS_MAX_ALGORITHM_NUM)
+            x_priority[i] = 0;
+        gnutls_protocol_set_priority (ssl->gnutls_state,
+                                      ssl->ctx->method->protocol_priority);
+    }
+
+    /* FIXME: dh params, do we want client cert? */
+
+    err = gnutls_handshake(ssl->gnutls_state);
+    ssl->last_error = err;
+
+    if (err < 0)
+    {
+        last_error = err;
+        return 0;
+    }
+
+    store = (X509_STORE_CTX *)calloc(1, sizeof(X509_STORE_CTX));
+    store->ssl = ssl;
+    store->cert_list = gnutls_certificate_get_peers(ssl->gnutls_state,
+                                                    &cert_list_size);
+
+    if (ssl->verify_callback)
+    {
+        ssl->verify_callback(1 /*FIXME*/, store);
+    }
+    ssl->state = SSL_ST_OK;
+
+    err = store->error;
+    free(store);
+
+    /* FIXME: deal with error from callback */
+
     return 1;
 }
 
@@ -376,6 +488,8 @@ SSL_METHOD *SSLv23_client_method(void)
     m->mac_priority[1] = GNUTLS_MAC_MD5;
     m->mac_priority[2] = 0;
 
+    m->connend = GNUTLS_CLIENT;
+
     return m;
 }
 
@@ -409,6 +523,8 @@ SSL_METHOD *SSLv23_server_method(void)
     m->mac_priority[1] = GNUTLS_MAC_MD5;
     m->mac_priority[2] = 0;
 
+    m->connend = GNUTLS_SERVER;
+
     return m;
 }
 
@@ -439,6 +555,8 @@ SSL_METHOD *SSLv3_client_method(void)
     m->mac_priority[1] = GNUTLS_MAC_MD5;
     m->mac_priority[2] = 0;
 
+    m->connend = GNUTLS_CLIENT;
+
     return m;
 }
 
@@ -469,6 +587,8 @@ SSL_METHOD *SSLv3_server_method(void)
     m->mac_priority[1] = GNUTLS_MAC_MD5;
     m->mac_priority[2] = 0;
 
+    m->connend = GNUTLS_SERVER;
+
     return m;
 }
 
@@ -501,6 +621,8 @@ SSL_METHOD *TLSv1_client_method(void)
     m->mac_priority[1] = GNUTLS_MAC_MD5;
     m->mac_priority[2] = 0;
 
+    m->connend = GNUTLS_CLIENT;
+
     return m;
 }
 
@@ -533,6 +655,8 @@ SSL_METHOD *TLSv1_server_method(void)
     m->mac_priority[1] = GNUTLS_MAC_MD5;
     m->mac_priority[2] = 0;
 
+    m->connend = GNUTLS_SERVER;
+
     return m;
 }
 
@@ -628,7 +752,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size)
 
 /* X509 functions */
 
-X509_NAME *X509_get_subject_name(X509 *cert)
+X509_NAME *X509_get_subject_name(const X509 *cert)
 {
     gnutls_x509_dn *dn;
     dn = (gnutls_x509_dn *)calloc(1, sizeof(gnutls_x509_dn));
@@ -640,7 +764,7 @@ X509_NAME *X509_get_subject_name(X509 *cert)
     return dn;
 }
 
-X509_NAME *X509_get_issuer_name(X509 *cert)
+X509_NAME *X509_get_issuer_name(const X509 *cert)
 {
     gnutls_x509_dn *dn;
     dn = (gnutls_x509_dn *)calloc(1, sizeof(gnutls_x509_dn));
@@ -666,6 +790,12 @@ char *X509_NAME_oneline(gnutls_x509_dn *name, char *buf, int len)
     return buf;
 }
 
+void X509_free(const X509 *cert)
+{
+    /* only get certificates as const items */
+    return;
+}
+
 
 /* BIO functions */
author	Andrew McDonald <admcd@gnutls.org>	2002-07-21 19:10:55 +0000
committer	Andrew McDonald <admcd@gnutls.org>	2002-07-21 19:10:55 +0000
commit	8adb38c1cba35bf06664898dd2ee320dac033900 (patch)
tree	0d375432de538cf33c99a0780b66f9c8b8dbb61c
parent	030c20e4959cca8e110831b7d9d92afbecee15fc (diff)
download	gnutls-8adb38c1cba35bf06664898dd2ee320dac033900.tar.gz