X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Ftlsproxy.c;h=fed379971b5f7b24f0d321cef2462fdabfa74bd2;hb=219d904b7d12173ee93d016fe1a2cb8ae32eea9c;hp=40729f08c8240938ea24dca75597a96115c2c474;hpb=4b64428fe11db22f70c304de1bc9f0cc95f1d189;p=tlsproxy%2Ftlsproxy.git diff --git a/src/tlsproxy.c b/src/tlsproxy.c index 40729f0..fed3799 100644 --- a/src/tlsproxy.c +++ b/src/tlsproxy.c @@ -42,9 +42,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL; /* Size of ringbuffer. */ #define RINGBUFFER_SIZE 10 -/* Bit size of Diffie-Hellman key exchange parameters. */ -#define DH_SIZE 1024 - /* For gnutls_*() functions. */ #define GNUTLS_ERROR_EXIT(error, message) \ @@ -75,7 +72,7 @@ static void sigint_handler(int signal); static void parse_arguments(int argc, char **argv); static void print_usage(const char *argv); -static char *slurp_file(const char *path); +static char *slurp_text_file(const char *path); static void initialize_gnutls(void); static void deinitialize_gnutls(void); @@ -258,7 +255,7 @@ static void parse_arguments(int argc, char **argv) { /* Default values. */ thread_count = 10; #ifdef DEBUG - global_log_level = LOG_DEBUG_LEVEL; + global_log_level = LOG_DEBUG1_LEVEL; #else global_log_level = LOG_WARNING_LEVEL; #endif @@ -267,7 +264,7 @@ static void parse_arguments(int argc, char **argv) { while ((option = getopt(argc, argv, "a:d:p:t:uh?")) != -1) { switch (option) { case 'a': { - http_digest_authorization = slurp_file(optarg); + http_digest_authorization = slurp_text_file(optarg); if (http_digest_authorization == NULL) { fprintf(stderr, "failed to open authorization file '%s': ", optarg); @@ -364,8 +361,18 @@ static void print_usage(const char *argv) { fprintf(stderr, " WARNING: might be a security problem!\n"); } +#if 0 +static void log_function_gnutls(int level, const char *string) { + (void)level; + fprintf(stderr, " => %s", string); +} +#endif + static void initialize_gnutls(void) { int result; + char *dh_parameters; + gnutls_datum_t dh_parameters_datum; + /* Recent versions of GnuTLS automatically initialize the cryptography layer * in gnutls_global_init(). */ #if GNUTLS_VERSION_NUMBER <= 0x020b00 @@ -391,15 +398,33 @@ static void initialize_gnutls(void) { result = gnutls_global_init(); GNUTLS_ERROR_EXIT(result, "gnutls_global_init()"); +#if 0 + gnutls_global_set_log_level(10); + gnutls_global_set_log_function(log_function_gnutls); +#endif + /* Setup GnuTLS cipher suites. */ result = gnutls_priority_init(&global_tls_priority_cache, "NORMAL", NULL); GNUTLS_ERROR_EXIT(result, "gnutls_priority_init()"); - /* Generate Diffie-Hellman parameters. */ + /* Read Diffie-Hellman parameters. */ + dh_parameters = slurp_text_file(PROXY_DH_PATH); + if (dh_parameters == NULL) { + fprintf(stderr, PROXY_DH_PATH " missing, " + "use `tlsproxy-setup` to create it\n"); + exit(EXIT_FAILURE); + } + dh_parameters_datum.data = (unsigned char *)dh_parameters; + dh_parameters_datum.size = strlen(dh_parameters); + result = gnutls_dh_params_init(&global_tls_dh_params); GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_init()"); - result = gnutls_dh_params_generate2(global_tls_dh_params, DH_SIZE); - GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_generate2()"); + result = gnutls_dh_params_import_pkcs3(global_tls_dh_params, + &dh_parameters_datum, + GNUTLS_X509_FMT_PEM); + GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_import_pkcs3()"); + + free(dh_parameters); } static void deinitialize_gnutls(void) { gnutls_dh_params_deinit(global_tls_dh_params); @@ -433,7 +458,7 @@ static void *worker_thread(void *unused) { return NULL; } -static char *slurp_file(const char *path) { +static char *slurp_text_file(const char *path) { struct stat stat; size_t size_read; char *content = NULL;