|
Packit Service |
4684c1 |
/* This example code is placed in the public domain. */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#ifdef HAVE_CONFIG_H
|
|
Packit Service |
4684c1 |
#include <config.h>
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include <stdio.h>
|
|
Packit Service |
4684c1 |
#include <stdlib.h>
|
|
Packit Service |
4684c1 |
#include <errno.h>
|
|
Packit Service |
4684c1 |
#include <sys/types.h>
|
|
Packit Service |
4684c1 |
#include <sys/socket.h>
|
|
Packit Service |
4684c1 |
#include <arpa/inet.h>
|
|
Packit Service |
4684c1 |
#include <netinet/in.h>
|
|
Packit Service |
4684c1 |
#include <string.h>
|
|
Packit Service |
4684c1 |
#include <unistd.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/gnutls.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define SRP_PASSWD "tpasswd"
|
|
Packit Service |
4684c1 |
#define SRP_PASSWD_CONF "tpasswd.conf"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define KEYFILE "key.pem"
|
|
Packit Service |
4684c1 |
#define CERTFILE "cert.pem"
|
|
Packit Service |
4684c1 |
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define LOOP_CHECK(rval, cmd) \
|
|
Packit Service |
4684c1 |
do { \
|
|
Packit Service |
4684c1 |
rval = cmd; \
|
|
Packit Service |
4684c1 |
} while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* This is a sample TLS-SRP echo server.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
|
|
Packit Service |
4684c1 |
#define MAX_BUF 1024
|
|
Packit Service |
4684c1 |
#define PORT 5556 /* listen to 5556 port */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int main(void)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int err, listen_sd;
|
|
Packit Service |
4684c1 |
int sd, ret;
|
|
Packit Service |
4684c1 |
struct sockaddr_in sa_serv;
|
|
Packit Service |
4684c1 |
struct sockaddr_in sa_cli;
|
|
Packit Service |
4684c1 |
socklen_t client_len;
|
|
Packit Service |
4684c1 |
char topbuf[512];
|
|
Packit Service |
4684c1 |
gnutls_session_t session;
|
|
Packit Service |
4684c1 |
gnutls_srp_server_credentials_t srp_cred;
|
|
Packit Service |
4684c1 |
gnutls_certificate_credentials_t cert_cred;
|
|
Packit Service |
4684c1 |
char buffer[MAX_BUF + 1];
|
|
Packit Service |
4684c1 |
int optval = 1;
|
|
Packit Service |
4684c1 |
char name[256];
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
strcpy(name, "Echo Server");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gnutls_check_version("3.1.4") == NULL) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n");
|
|
Packit Service |
4684c1 |
exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* for backwards compatibility with gnutls < 3.3.0 */
|
|
Packit Service |
4684c1 |
gnutls_global_init();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* SRP_PASSWD a password file (created with the included srptool utility)
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
gnutls_srp_allocate_server_credentials(&srp_cred);
|
|
Packit Service |
4684c1 |
gnutls_srp_set_server_credentials_file(srp_cred, SRP_PASSWD,
|
|
Packit Service |
4684c1 |
SRP_PASSWD_CONF);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_certificate_allocate_credentials(&cert_cred);
|
|
Packit Service |
4684c1 |
gnutls_certificate_set_x509_trust_file(cert_cred, CAFILE,
|
|
Packit Service |
4684c1 |
GNUTLS_X509_FMT_PEM);
|
|
Packit Service |
4684c1 |
gnutls_certificate_set_x509_key_file(cert_cred, CERTFILE, KEYFILE,
|
|
Packit Service |
4684c1 |
GNUTLS_X509_FMT_PEM);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* TCP socket operations
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
listen_sd = socket(AF_INET, SOCK_STREAM, 0);
|
|
Packit Service |
4684c1 |
SOCKET_ERR(listen_sd, "socket");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memset(&sa_serv, '\0', sizeof(sa_serv));
|
|
Packit Service |
4684c1 |
sa_serv.sin_family = AF_INET;
|
|
Packit Service |
4684c1 |
sa_serv.sin_addr.s_addr = INADDR_ANY;
|
|
Packit Service |
4684c1 |
sa_serv.sin_port = htons(PORT); /* Server Port number */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
|
|
Packit Service |
4684c1 |
sizeof(int));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
|
|
Packit Service |
4684c1 |
SOCKET_ERR(err, "bind");
|
|
Packit Service |
4684c1 |
err = listen(listen_sd, 1024);
|
|
Packit Service |
4684c1 |
SOCKET_ERR(err, "listen");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
printf("%s ready. Listening to port '%d'.\n\n", name, PORT);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
client_len = sizeof(sa_cli);
|
|
Packit Service |
4684c1 |
for (;;) {
|
|
Packit Service |
4684c1 |
gnutls_init(&session, GNUTLS_SERVER);
|
|
Packit Service |
4684c1 |
gnutls_priority_set_direct(session,
|
|
Packit Service |
4684c1 |
"NORMAL"
|
|
Packit Service |
4684c1 |
":-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA",
|
|
Packit Service |
4684c1 |
NULL);
|
|
Packit Service |
4684c1 |
gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred);
|
|
Packit Service |
4684c1 |
/* for the certificate authenticated ciphersuites.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
|
|
Packit Service |
4684c1 |
cert_cred);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* We don't request any certificate from the client.
|
|
Packit Service |
4684c1 |
* If we did we would need to verify it. One way of
|
|
Packit Service |
4684c1 |
* doing that is shown in the "Verifying a certificate"
|
|
Packit Service |
4684c1 |
* example.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
gnutls_certificate_server_set_request(session,
|
|
Packit Service |
4684c1 |
GNUTLS_CERT_IGNORE);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
|
|
Packit Service |
4684c1 |
&client_len);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
printf("- connection from %s, port %d\n",
|
|
Packit Service |
4684c1 |
inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
|
|
Packit Service |
4684c1 |
sizeof(topbuf)), ntohs(sa_cli.sin_port));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_transport_set_int(session, sd);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
LOOP_CHECK(ret, gnutls_handshake(session));
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
close(sd);
|
|
Packit Service |
4684c1 |
gnutls_deinit(session);
|
|
Packit Service |
4684c1 |
fprintf(stderr,
|
|
Packit Service |
4684c1 |
"*** Handshake has failed (%s)\n\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
continue;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
printf("- Handshake was completed\n");
|
|
Packit Service |
4684c1 |
printf("- User %s was connected\n",
|
|
Packit Service |
4684c1 |
gnutls_srp_server_get_username(session));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* print_info(session); */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (;;) {
|
|
Packit Service |
4684c1 |
LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ret == 0) {
|
|
Packit Service |
4684c1 |
printf
|
|
Packit Service |
4684c1 |
("\n- Peer has closed the GnuTLS connection\n");
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
} else if (ret < 0
|
|
Packit Service |
4684c1 |
&& gnutls_error_is_fatal(ret) == 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "*** Warning: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
} else if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "\n*** Received corrupted "
|
|
Packit Service |
4684c1 |
"data(%d). Closing the connection.\n\n",
|
|
Packit Service |
4684c1 |
ret);
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
} else if (ret > 0) {
|
|
Packit Service |
4684c1 |
/* echo data back to the client
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
gnutls_record_send(session, buffer, ret);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
printf("\n");
|
|
Packit Service |
4684c1 |
/* do not wait for the peer to close the connection. */
|
|
Packit Service |
4684c1 |
LOOP_CHECK(ret, gnutls_bye(session, GNUTLS_SHUT_WR));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
close(sd);
|
|
Packit Service |
4684c1 |
gnutls_deinit(session);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
close(listen_sd);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_srp_free_server_credentials(srp_cred);
|
|
Packit Service |
4684c1 |
gnutls_certificate_free_credentials(cert_cred);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_global_deinit();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|