1 /* This example code is placed in the public domain. */
10 #include <sys/types.h>
11 #include <sys/socket.h>
12 #include <arpa/inet.h>
13 #include <netinet/in.h>
16 #include <gnutls/gnutls.h>
17 #include <gnutls/openpgp.h>
19 #define KEYFILE "secret.asc"
20 #define CERTFILE "public.asc"
21 #define RINGFILE "ring.gpg"
23 /* This is a sample TLS 1.0-OpenPGP echo server.
27 #define SA struct sockaddr
28 #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
30 #define PORT 5556 /* listen to 5556 port */
33 /* These are global */
34 gnutls_certificate_credentials_t cred;
35 gnutls_dh_params_t dh_params;
38 generate_dh_params (void)
41 /* Generate Diffie-Hellman parameters - for use with DHE
42 * kx algorithms. These should be discarded and regenerated
43 * once a day, once a week or once a month. Depending on the
44 * security requirements.
46 gnutls_dh_params_init (&dh_params);
47 gnutls_dh_params_generate2 (dh_params, DH_BITS);
52 static gnutls_session_t
53 initialize_tls_session (void)
55 gnutls_session_t session;
57 gnutls_init (&session, GNUTLS_SERVER);
59 gnutls_priority_set_direct (session, "NORMAL", NULL);
61 /* request client certificate if any.
63 gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
65 gnutls_dh_set_prime_bits (session, DH_BITS);
75 struct sockaddr_in sa_serv;
76 struct sockaddr_in sa_cli;
79 gnutls_session_t session;
80 char buffer[MAX_BUF + 1];
84 strcpy (name, "Echo Server");
86 /* this must be called once in the program
88 gnutls_global_init ();
90 gnutls_certificate_allocate_credentials (&cred);
91 gnutls_certificate_set_openpgp_keyring_file (cred, RINGFILE,
92 GNUTLS_OPENPGP_FMT_BASE64);
94 gnutls_certificate_set_openpgp_key_file (cred, CERTFILE, KEYFILE,
95 GNUTLS_OPENPGP_FMT_BASE64);
97 generate_dh_params ();
99 gnutls_certificate_set_dh_params (cred, dh_params);
103 listen_sd = socket (AF_INET, SOCK_STREAM, 0);
104 SOCKET_ERR (listen_sd, "socket");
106 memset (&sa_serv, '\0', sizeof (sa_serv));
107 sa_serv.sin_family = AF_INET;
108 sa_serv.sin_addr.s_addr = INADDR_ANY;
109 sa_serv.sin_port = htons (PORT); /* Server Port number */
111 setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
114 err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
115 SOCKET_ERR (err, "bind");
116 err = listen (listen_sd, 1024);
117 SOCKET_ERR (err, "listen");
119 printf ("%s ready. Listening to port '%d'.\n\n", name, PORT);
121 client_len = sizeof (sa_cli);
124 session = initialize_tls_session ();
126 sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
128 printf ("- connection from %s, port %d\n",
129 inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
130 sizeof (topbuf)), ntohs (sa_cli.sin_port));
132 gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
133 ret = gnutls_handshake (session);
137 gnutls_deinit (session);
138 fprintf (stderr, "*** Handshake has failed (%s)\n\n",
139 gnutls_strerror (ret));
142 printf ("- Handshake was completed\n");
144 /* see the Getting peer's information example */
145 /* print_info(session); */
149 memset (buffer, 0, MAX_BUF + 1);
150 ret = gnutls_record_recv (session, buffer, MAX_BUF);
154 printf ("\n- Peer has closed the GnuTLS connection\n");
159 fprintf (stderr, "\n*** Received corrupted "
160 "data(%d). Closing the connection.\n\n", ret);
165 /* echo data back to the client
167 gnutls_record_send (session, buffer, strlen (buffer));
171 /* do not wait for the peer to close the connection.
173 gnutls_bye (session, GNUTLS_SHUT_WR);
176 gnutls_deinit (session);
181 gnutls_certificate_free_credentials (cred);
183 gnutls_global_deinit ();