1 /* This example code is placed in the public domain. */
10 #include <sys/types.h>
11 #include <sys/socket.h>
12 #include <arpa/inet.h>
13 #include <netinet/in.h>
16 #include <gnutls/gnutls.h>
17 #include <gnutls/openpgp.h>
19 #define KEYFILE "secret.asc"
20 #define CERTFILE "public.asc"
21 #define RINGFILE "ring.gpg"
23 /* This is a sample TLS 1.0-OpenPGP echo server.
27 #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
29 #define PORT 5556 /* listen to 5556 port */
31 /* These are global */
32 gnutls_dh_params_t dh_params;
34 static int generate_dh_params(void)
36 unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
37 GNUTLS_SEC_PARAM_LEGACY);
39 /* Generate Diffie-Hellman parameters - for use with DHE
40 * kx algorithms. These should be discarded and regenerated
41 * once a day, once a week or once a month. Depending on the
42 * security requirements.
44 gnutls_dh_params_init(&dh_params);
45 gnutls_dh_params_generate2(dh_params, bits);
54 struct sockaddr_in sa_serv;
55 struct sockaddr_in sa_cli;
58 gnutls_session_t session;
59 gnutls_certificate_credentials_t cred;
60 char buffer[MAX_BUF + 1];
64 strcpy(name, "Echo Server");
66 if (gnutls_check_version("3.1.4") == NULL) {
67 fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n");
71 /* for backwards compatibility with gnutls < 3.3.0 */
74 gnutls_certificate_allocate_credentials(&cred);
75 gnutls_certificate_set_openpgp_keyring_file(cred, RINGFILE,
76 GNUTLS_OPENPGP_FMT_BASE64);
78 gnutls_certificate_set_openpgp_key_file(cred, CERTFILE, KEYFILE,
79 GNUTLS_OPENPGP_FMT_BASE64);
83 gnutls_certificate_set_dh_params(cred, dh_params);
87 listen_sd = socket(AF_INET, SOCK_STREAM, 0);
88 SOCKET_ERR(listen_sd, "socket");
90 memset(&sa_serv, '\0', sizeof(sa_serv));
91 sa_serv.sin_family = AF_INET;
92 sa_serv.sin_addr.s_addr = INADDR_ANY;
93 sa_serv.sin_port = htons(PORT); /* Server Port number */
95 setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
99 bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
100 SOCKET_ERR(err, "bind");
101 err = listen(listen_sd, 1024);
102 SOCKET_ERR(err, "listen");
104 printf("%s ready. Listening to port '%d'.\n\n", name, PORT);
106 client_len = sizeof(sa_cli);
108 gnutls_init(&session, GNUTLS_SERVER);
109 gnutls_priority_set_direct(session,
110 "NORMAL:+CTYPE-OPENPGP", NULL);
112 /* request client certificate if any.
114 gnutls_certificate_server_set_request(session,
115 GNUTLS_CERT_REQUEST);
117 sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
120 printf("- connection from %s, port %d\n",
121 inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
122 sizeof(topbuf)), ntohs(sa_cli.sin_port));
124 gnutls_transport_set_int(session, sd);
125 ret = gnutls_handshake(session);
128 gnutls_deinit(session);
130 "*** Handshake has failed (%s)\n\n",
131 gnutls_strerror(ret));
134 printf("- Handshake was completed\n");
136 /* see the Getting peer's information example */
137 /* print_info(session); */
140 ret = gnutls_record_recv(session, buffer, MAX_BUF);
144 ("\n- Peer has closed the GnuTLS connection\n");
147 && gnutls_error_is_fatal(ret) == 0) {
148 fprintf(stderr, "*** Warning: %s\n",
149 gnutls_strerror(ret));
150 } else if (ret < 0) {
151 fprintf(stderr, "\n*** Received corrupted "
152 "data(%d). Closing the connection.\n\n",
155 } else if (ret > 0) {
156 /* echo data back to the client
158 gnutls_record_send(session, buffer, ret);
162 /* do not wait for the peer to close the connection.
164 gnutls_bye(session, GNUTLS_SHUT_WR);
167 gnutls_deinit(session);
172 gnutls_certificate_free_credentials(cred);
174 gnutls_global_deinit();