#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
#define MAX_BUF 1024
#define PORT 5556 /* listen to 5556 port */
-#define DH_BITS 1024
/* These are global */
-gnutls_anon_server_credentials_t anoncred;
-
-static gnutls_session_t
-initialize_tls_session (void)
-{
- gnutls_session_t session;
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
-
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- gnutls_dh_set_prime_bits (session, DH_BITS);
-
- return session;
-}
-
static gnutls_dh_params_t dh_params;
static int
generate_dh_params (void)
{
-
+ unsigned int bits =
+ gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
/* Generate Diffie-Hellman parameters - for use with DHE
* kx algorithms. These should be discarded and regenerated
* once a day, once a week or once a month. Depending on the
* security requirements.
*/
gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, DH_BITS);
+ gnutls_dh_params_generate2 (dh_params, bits);
return 0;
}
socklen_t client_len;
char topbuf[512];
gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
char buffer[MAX_BUF + 1];
int optval = 1;
client_len = sizeof (sa_cli);
for (;;)
{
- session = initialize_tls_session ();
+ gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
+ gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
static const char *human_addr (const struct sockaddr *sa, socklen_t salen,
char *buf, size_t buflen);
static int wait_for_connection (int fd);
-static gnutls_session_t initialize_tls_session (void);
static int generate_dh_params (void);
/* Use global credentials and parameters to simplify
else
continue;
- session = initialize_tls_session ();
+ gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_priority_set (session, priority_cache);
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+
gnutls_dtls_prestate_set (session, &prestate);
gnutls_dtls_set_mtu (session, mtu);
return save_buf;
}
-static gnutls_session_t
-initialize_tls_session (void)
-{
- gnutls_session_t session;
-
- gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
-
- gnutls_priority_set (session, priority_cache);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- return session;
-}
-
static int
generate_dh_params (void)
{
- int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LOW);
+ int bits =
+ gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
/* Generate Diffie-Hellman parameters - for use with DHE
* kx algorithms. When short bit length is used, it might
#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
#define MAX_BUF 1024
#define PORT 5556 /* listen to 5556 port */
-#define DH_BITS 1024
/* These are global */
-gnutls_certificate_credentials_t cred;
gnutls_dh_params_t dh_params;
static int
generate_dh_params (void)
{
+ unsigned int bits =
+ gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
/* Generate Diffie-Hellman parameters - for use with DHE
* kx algorithms. These should be discarded and regenerated
* security requirements.
*/
gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, DH_BITS);
+ gnutls_dh_params_generate2 (dh_params, bits);
return 0;
}
-static gnutls_session_t
-initialize_tls_session (void)
-{
- gnutls_session_t session;
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- gnutls_priority_set_direct (session, "NORMAL:+CTYPE-OPENPGP", NULL);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
-
- gnutls_dh_set_prime_bits (session, DH_BITS);
-
- return session;
-}
-
int
main (void)
{
socklen_t client_len;
char topbuf[512];
gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
char buffer[MAX_BUF + 1];
int optval = 1;
char name[256];
client_len = sizeof (sa_cli);
for (;;)
{
- session = initialize_tls_session ();
+ gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_priority_set_direct (session, "NORMAL:+CTYPE-OPENPGP", NULL);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
#define DH_BITS 1024
/* These are global */
-gnutls_certificate_credentials_t x509_cred;
-gnutls_psk_server_credentials_t psk_cred;
-gnutls_priority_t priority_cache;
-
-static gnutls_session_t
-initialize_tls_session (void)
-{
- gnutls_session_t session;
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- gnutls_priority_set (session, priority_cache);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
-
- return session;
-}
-
static gnutls_dh_params_t dh_params;
static int
socklen_t client_len;
char topbuf[512];
gnutls_session_t session;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_psk_server_credentials_t psk_cred;
+ gnutls_priority_t priority_cache;
char buffer[MAX_BUF + 1];
int optval = 1;
int kx;
client_len = sizeof (sa_cli);
for (;;)
{
- session = initialize_tls_session ();
+ gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_priority_set (session, priority_cache);
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
#define MAX_BUF 1024
#define PORT 5556 /* listen to 5556 port */
-/* These are global */
-gnutls_srp_server_credentials_t srp_cred;
-gnutls_certificate_credentials_t cert_cred;
-
-static gnutls_session_t
-initialize_tls_session (void)
-{
- gnutls_session_t session;
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- gnutls_priority_set_direct (session, "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA", NULL);
-
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
- /* for the certificate authenticated ciphersuites.
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
-
- return session;
-}
-
int
main (void)
{
socklen_t client_len;
char topbuf[512];
gnutls_session_t session;
+ gnutls_srp_server_credentials_t srp_cred;
+ gnutls_certificate_credentials_t cert_cred;
char buffer[MAX_BUF + 1];
int optval = 1;
char name[256];
client_len = sizeof (sa_cli);
for (;;)
{
- session = initialize_tls_session ();
+ gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_priority_set_direct (session,
+ "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA", NULL);
+ gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
+ /* for the certificate authenticated ciphersuites.
+ */
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
#define PORT 5556 /* listen to 5556 port */
/* These are global */
-gnutls_certificate_credentials_t x509_cred;
-gnutls_priority_t priority_cache;
-
-static gnutls_session_t
-initialize_tls_session (void)
-{
- gnutls_session_t session;
-
- gnutls_init (&session, GNUTLS_SERVER);
-
- gnutls_priority_set (session, priority_cache);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-
- /* We don't request any certificate from the client.
- * If we did we would need to verify it.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
-
- return session;
-}
-
static gnutls_dh_params_t dh_params;
static int
generate_dh_params (void)
{
- int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LOW);
+ unsigned int bits =
+ gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
/* Generate Diffie-Hellman parameters - for use with DHE
* kx algorithms. When short bit length is used, it might
{
int listen_sd;
int sd, ret;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_priority_t priority_cache;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
socklen_t client_len;
client_len = sizeof (sa_cli);
for (;;)
{
- session = initialize_tls_session ();
+ gnutls_init (&session, GNUTLS_SERVER);
+ gnutls_priority_set (session, priority_cache);
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ /* We don't request any certificate from the client.
+ * If we did we would need to verify it.
+ */
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);