static int initialize_tls_session_server(int peer_socket,
gnutls_session_t *session,
gnutls_certificate_credentials_t *x509_cred);
+static int initialize_tls_session_both(int flags,
+ int peer_socket,
+ gnutls_session_t *session,
+ gnutls_certificate_credentials_t *x509_cred);
static int fdopen_read_write(int socket, FILE **read_fd, FILE **write_fd);
static int read_http_request(FILE *client_fd, char *request, size_t length);
/* Load proxy CA file, this CA "list" is send to the client. */
if (!use_invalid_cert) {
result = gnutls_certificate_set_x509_trust_file(*x509_cred,
- PROXY_CA_FILE,
+ PROXY_CA_PATH,
GNUTLS_X509_FMT_PEM);
if (result <= 0) {
LOG(ERROR,
"initialize_tls_session_client(): can't read CA file: '%s'",
- PROXY_CA_FILE);
+ PROXY_CA_PATH);
gnutls_certificate_free_credentials(*x509_cred);
return -1;
}
/* And certificate for this website and proxy's private key. */
if (!use_invalid_cert) {
result = gnutls_certificate_set_x509_key_file(*x509_cred,
- path, PROXY_KEY_FILE,
+ path,
+ PROXY_KEY_PATH,
GNUTLS_X509_FMT_PEM);
/* If the invalid hostname was specified load our special "invalid"
* certificate. */
} else {
result = gnutls_certificate_set_x509_key_file(*x509_cred,
- PROXY_INVALID_CERT_FILE,
- PROXY_KEY_FILE,
+ PROXY_INVALID_CERT_PATH,
+ PROXY_KEY_PATH,
GNUTLS_X509_FMT_PEM);
}
if (result != GNUTLS_E_SUCCESS) {
LOG(ERROR,
"initialize_tls_session_client(): "
"can't read server certificate ('%s') or key file ('%s'): %s",
- path, PROXY_KEY_FILE, gnutls_strerror(result));
+ path, PROXY_KEY_PATH, gnutls_strerror(result));
gnutls_certificate_free_credentials(*x509_cred);
/* Could be a missing certificate. */
return -2;
gnutls_certificate_set_dh_params(*x509_cred, global_tls_dh_params);
- result = gnutls_init(session, GNUTLS_SERVER);
- if (result != GNUTLS_E_SUCCESS) {
- LOG(ERROR,
- "initialize_tls_session_client(): gnutls_init(): %s",
- gnutls_strerror(result));
- gnutls_certificate_free_credentials(*x509_cred);
- return -1;
- }
- result = gnutls_priority_set(*session, global_tls_priority_cache);
- if (result != GNUTLS_E_SUCCESS) {
- LOG(ERROR,
- "initialize_tls_session_client(): gnutls_priority_set(): %s",
- gnutls_strerror(result));
- gnutls_deinit(*session);
- gnutls_certificate_free_credentials(*x509_cred);
- return -1;
- }
- result = gnutls_credentials_set(*session,
- GNUTLS_CRD_CERTIFICATE, *x509_cred);
- if (result != GNUTLS_E_SUCCESS) {
- LOG(ERROR,
- "initialize_tls_session_client(): gnutls_credentials_set(): %s",
- gnutls_strerror(result));
- gnutls_deinit(*session);
- gnutls_certificate_free_credentials(*x509_cred);
- return -1;
- }
-
- gnutls_transport_set_ptr(*session, (gnutls_transport_ptr_t)peer_socket);
-
- return 0;
+ return initialize_tls_session_both(GNUTLS_SERVER,
+ peer_socket, session, x509_cred);
}
static int initialize_tls_session_server(int peer_socket,
gnutls_session_t *session,
return -1;
}
- result = gnutls_init(session, GNUTLS_CLIENT);
+ return initialize_tls_session_both(GNUTLS_CLIENT,
+ peer_socket, session, x509_cred);
+}
+static int initialize_tls_session_both(int flags,
+ int peer_socket,
+ gnutls_session_t *session,
+ gnutls_certificate_credentials_t *x509_cred) {
+ int result;
+
+ result = gnutls_init(session, flags);
if (result != GNUTLS_E_SUCCESS) {
LOG(ERROR,
- "initialize_tls_session_server(): gnutls_init(): %s",
+ "initialize_tls_session_both(): gnutls_init(): %s",
gnutls_strerror(result));
gnutls_certificate_free_credentials(*x509_cred);
return -1;
result = gnutls_priority_set(*session, global_tls_priority_cache);
if (result != GNUTLS_E_SUCCESS) {
LOG(ERROR,
- "initialize_tls_session_server(): gnutls_priority_set(): %s",
+ "initialize_tls_session_both(): gnutls_priority_set(): %s",
gnutls_strerror(result));
gnutls_deinit(*session);
gnutls_certificate_free_credentials(*x509_cred);
GNUTLS_CRD_CERTIFICATE, *x509_cred);
if (result != GNUTLS_E_SUCCESS) {
LOG(ERROR,
- "initialize_tls_session_server(): gnutls_credentials_set(): %s",
+ "initialize_tls_session_both(): gnutls_credentials_set(): %s",
gnutls_strerror(result));
gnutls_deinit(*session);
gnutls_certificate_free_credentials(*x509_cred);
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff