diff options
Diffstat (limited to 'doc/examples/ex-serv-export.c')
-rw-r--r-- | doc/examples/ex-serv-export.c | 40 |
1 files changed, 31 insertions, 9 deletions
diff --git a/doc/examples/ex-serv-export.c b/doc/examples/ex-serv-export.c index 12b7fc3aa9..e457ecff5d 100644 --- a/doc/examples/ex-serv-export.c +++ b/doc/examples/ex-serv-export.c @@ -1,3 +1,10 @@ +/* Copyright 2007 Free Software Foundation + * + * Copying and distribution of this file, with or without modification, + * are permitted in any medium without royalty provided the copyright + * notice and this notice are preserved. + */ + #if HAVE_CONFIG_H # include <config.h> #endif @@ -12,6 +19,7 @@ #include <string.h> #include <unistd.h> #include <gnutls/gnutls.h> +#include <gcrypt.h> /* for gcry_control */ #define KEYFILE "key.pem" #define CERTFILE "cert.pem" @@ -48,7 +56,7 @@ initialize_tls_session (void) /* Use the default priorities, plus, export cipher suites. */ - gnutls_set_default_export_priority (session); + gnutls_set_default_priority2 (session, GNUTLS_PRIORITIES_EXPORT); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred); @@ -75,16 +83,25 @@ gnutls_dh_params_t dh_params; */ gnutls_rsa_params_t rsa_params; +static char srp_dh_group2048[] = + "-----BEGIN DH PARAMETERS-----\n" + "MIIBBwKCAQCsa9tBMkqam/Fm3l4TiVgvr3K2ZRmH7gf8MZKUPbVgUKNzKcu0oJnt\n" + "gZPgdXdnoT3VIxKrSwMxDc1/SKnaBP1Q6Ag5ae23Z7DPYJUXmhY6s2YaBfvV+qro\n" + "KRipli8Lk7hV+XmT7Jde6qgNdArb9P90c1nQQdXDPqcdKB5EaxR3O8qXtDoj+4AW\n" + "dr0gekNsZIHx0rkHhxdGGludMuaI+HdIVEUjtSSw1X1ep3onddLs+gMs+9v1L7N4\n" + "YWAnkATleuavh05zA85TKZzMBBx7wwjYKlaY86jQw4JxrjX46dv7tpS1yAPYn3rk\n" + "Nd4jbVJfVHWbZeNy/NaO8g+nER+eSv9zAgEC\n" + "-----END DH PARAMETERS-----\n"; + int generate_dh_params (void) { - /* Generate Diffie Hellman parameters - for use with DHE - * kx algorithms. These should be discarded and regenerated - * once a day, once a week or once a month. Depends on the - * security requirements. +gnutls_datum dparams = { srp_dh_group2048, sizeof( srp_dh_group2048) }; + /* Here instead of generating Diffie Hellman parameters (for use with DHE + * kx algorithms) we import them. */ gnutls_dh_params_init (&dh_params); - gnutls_dh_params_generate2 (dh_params, DH_BITS); + gnutls_dh_params_import_pkcs3 (dh_params, &dparams, GNUTLS_X509_FMT_PEM); return 0; } @@ -95,9 +112,9 @@ generate_rsa_params (void) gnutls_rsa_params_init (&rsa_params); /* Generate RSA parameters - for use with RSA-export - * cipher suites. These should be discarded and regenerated - * once a day, once every 500 transactions etc. Depends on the - * security requirements. + * cipher suites. This is an RSA private key and should be + * discarded and regenerated once a day, once every 500 + * transactions etc. Depends on the security requirements. */ gnutls_rsa_params_generate2 (rsa_params, 512); @@ -121,10 +138,15 @@ main (void) strcpy (name, "Echo Server"); + /* to disallow usage of the blocking /dev/random + */ + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + /* this must be called once in the program */ gnutls_global_init (); + gnutls_certificate_allocate_credentials (&cert_cred); gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE, |