Added support for server-side SSL with anonymous credentials.

[cascardo/rnetproxy.git] / hcconn_ssl.c

diff --git a/hcconn_ssl.c b/hcconn_ssl.c
index 264be27..cdcca97 100644 (file)
--- a/hcconn_ssl.c
+++ b/hcconn_ssl.c
@@ -33,6 +33,35 @@ struct ssl_data
   gpointer lowconn;
 };
 
+#define DH_BITS 1024
+static gnutls_anon_server_credentials_t
+ssl_server_get_credentials (void)
+{
+  static int initialized = 0;
+  static gnutls_anon_server_credentials_t cred;
+  gnutls_dh_params_t dh_params;
+  if (initialized)
+    return cred;
+  gnutls_dh_params_init (&dh_params);
+  gnutls_dh_params_generate2 (dh_params, DH_BITS);
+  gnutls_anon_allocate_server_credentials (&cred);
+  gnutls_anon_set_server_dh_params (cred, dh_params);
+  initialized = 1;
+  return cred;
+}
+
+static void
+ssl_server_session_new (gnutls_session_t *session)
+{
+  static gnutls_anon_server_credentials_t cred;
+  cred = ssl_server_get_credentials ();
+  gnutls_init (session, GNUTLS_SERVER);
+  gnutls_priority_set_direct (*session, "NORMAL:+ANON-DH", NULL);
+  gnutls_credentials_set (*session, GNUTLS_CRD_ANON, cred);
+  gnutls_dh_set_prime_bits (*session, DH_BITS);
+}
+#undef DH_BITS
+
 static void
 ssl_client_session_new (gnutls_session_t *session)
 {
@@ -49,10 +78,11 @@ static struct ssl_data *
 ssl_data_new (int server)
 {
   struct ssl_data *ssl;
-  if (server)
-    return NULL;
   ssl = g_slice_new (struct ssl_data);
-  ssl_client_session_new (&ssl->session);
+  if (server)
+    ssl_server_session_new (&ssl->session);
+  else
+    ssl_client_session_new (&ssl->session);
   ssl->buffer = g_string_sized_new (4096);
   ssl->handshaking = FALSE;
   return ssl;
@@ -207,3 +237,9 @@ hc_conn_set_driver_ssl_client (HCConn *conn, HCConn *lowconn)
 {
   return hc_conn_set_driver_ssl (conn, lowconn, 0);
 }
+
+int
+hc_conn_set_driver_ssl_server (HCConn *conn, HCConn *lowconn)
+{
+  return hc_conn_set_driver_ssl (conn, lowconn, 1);
+}