|
|
|
|
|
|
|
|
void CSecurityTLS::shutdown() |
|
|
void CSecurityTLS::shutdown() |
|
|
{ |
|
|
{ |
|
|
if (session) |
|
|
if (session) |
|
|
gnutls_bye(session, GNUTLS_SHUT_RDWR); |
|
|
|
|
|
|
|
|
if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS) |
|
|
|
|
|
throw Exception("gnutls_bye failed"); |
|
|
|
|
|
|
|
|
if (anon_cred) { |
|
|
if (anon_cred) { |
|
|
gnutls_anon_free_client_credentials(anon_cred); |
|
|
gnutls_anon_free_client_credentials(anon_cred); |
|
|
|
|
|
|
|
|
if (is->readU8() == 0) |
|
|
if (is->readU8() == 0) |
|
|
return true; |
|
|
return true; |
|
|
|
|
|
|
|
|
gnutls_init(&session, GNUTLS_CLIENT); |
|
|
|
|
|
gnutls_set_default_priority(session); |
|
|
|
|
|
|
|
|
if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS) |
|
|
|
|
|
throw AuthFailureException("gnutls_init failed"); |
|
|
|
|
|
|
|
|
|
|
|
if (gnutls_set_default_priority(session) != GNUTLS_E_SUCCESS) |
|
|
|
|
|
throw AuthFailureException("gnutls_set_default_priority failed"); |
|
|
|
|
|
|
|
|
setParam(); |
|
|
setParam(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; |
|
|
GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; |
|
|
|
|
|
|
|
|
if (anon) { |
|
|
if (anon) { |
|
|
gnutls_kx_set_priority(session, kx_anon_priority); |
|
|
|
|
|
gnutls_anon_allocate_client_credentials(&anon_cred); |
|
|
|
|
|
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred); |
|
|
|
|
|
|
|
|
if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS) |
|
|
|
|
|
throw AuthFailureException("gnutls_kx_set_priority failed"); |
|
|
|
|
|
|
|
|
|
|
|
if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS) |
|
|
|
|
|
throw AuthFailureException("gnutls_anon_allocate_client_credentials failed"); |
|
|
|
|
|
|
|
|
|
|
|
if (gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred) != GNUTLS_E_SUCCESS) |
|
|
|
|
|
throw AuthFailureException("gnutls_credentials_set failed"); |
|
|
|
|
|
|
|
|
vlog.debug("Anonymous session has been set"); |
|
|
vlog.debug("Anonymous session has been set"); |
|
|
} else { |
|
|
} else { |
|
|
gnutls_kx_set_priority(session, kx_priority); |
|
|
|
|
|
gnutls_certificate_allocate_credentials(&cert_cred); |
|
|
|
|
|
|
|
|
if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS) |
|
|
|
|
|
throw AuthFailureException("gnutls_kx_set_priority failed"); |
|
|
|
|
|
|
|
|
|
|
|
if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS) |
|
|
|
|
|
throw AuthFailureException("gnutls_certificate_allocate_credentials failed"); |
|
|
|
|
|
|
|
|
if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0) |
|
|
if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0) |
|
|
throw AuthFailureException("load of CA cert failed"); |
|
|
throw AuthFailureException("load of CA cert failed"); |
|
|
|
|
|
|
|
|
if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0) |
|
|
if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0) |
|
|
throw AuthFailureException("load of CRL failed"); |
|
|
throw AuthFailureException("load of CRL failed"); |
|
|
|
|
|
|
|
|
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred); |
|
|
|
|
|
|
|
|
if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS) |
|
|
|
|
|
throw AuthFailureException("gnutls_credentials_set failed"); |
|
|
|
|
|
|
|
|
vlog.debug("X509 session has been set"); |
|
|
vlog.debug("X509 session has been set"); |
|
|
} |
|
|
} |