/* Size of ringbuffer. */
#define RINGBUFFER_SIZE 10
-/* Bit size of Diffie-Hellman key exchange parameters. */
-#define DH_SIZE 1024
-
/* For gnutls_*() functions. */
#define GNUTLS_ERROR_EXIT(error, message) \
static void parse_arguments(int argc, char **argv);
static void print_usage(const char *argv);
-static char *slurp_file(const char *path);
+static char *slurp_text_file(const char *path);
static void initialize_gnutls(void);
static void deinitialize_gnutls(void);
free(global_proxy_host);
free(global_proxy_port);
+ free(http_digest_authorization);
return EXIT_FAILURE;
}
while ((option = getopt(argc, argv, "a:d:p:t:uh?")) != -1) {
switch (option) {
case 'a': {
- http_digest_authorization = slurp_file(optarg);
+ http_digest_authorization = slurp_text_file(optarg);
if (http_digest_authorization == NULL) {
fprintf(stderr, "failed to open authorization file '%s': ",
optarg);
fprintf(stderr, " WARNING: might be a security problem!\n");
}
+#if 0
+static void log_function_gnutls(int level, const char *string) {
+ (void)level;
+ fprintf(stderr, " => %s", string);
+}
+#endif
+
static void initialize_gnutls(void) {
int result;
+ char *dh_parameters;
+ gnutls_datum_t dh_parameters_datum;
+
/* Recent versions of GnuTLS automatically initialize the cryptography layer
* in gnutls_global_init(). */
#if GNUTLS_VERSION_NUMBER <= 0x020b00
result = gnutls_global_init();
GNUTLS_ERROR_EXIT(result, "gnutls_global_init()");
+#if 0
+ gnutls_global_set_log_level(10);
+ gnutls_global_set_log_function(log_function_gnutls);
+#endif
+
/* Setup GnuTLS cipher suites. */
result = gnutls_priority_init(&global_tls_priority_cache, "NORMAL", NULL);
GNUTLS_ERROR_EXIT(result, "gnutls_priority_init()");
- /* Generate Diffie-Hellman parameters. */
+ /* Read Diffie-Hellman parameters. */
+ dh_parameters = slurp_text_file(PROXY_DH_PATH);
+ if (dh_parameters == NULL) {
+ fprintf(stderr, PROXY_DH_PATH " missing, "
+ "use `tlsproxy-setup` to create it\n");
+ exit(EXIT_FAILURE);
+ }
+ dh_parameters_datum.data = (unsigned char *)dh_parameters;
+ dh_parameters_datum.size = strlen(dh_parameters);
+
result = gnutls_dh_params_init(&global_tls_dh_params);
GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_init()");
- result = gnutls_dh_params_generate2(global_tls_dh_params, DH_SIZE);
- GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_generate2()");
+ result = gnutls_dh_params_import_pkcs3(global_tls_dh_params,
+ &dh_parameters_datum,
+ GNUTLS_X509_FMT_PEM);
+ GNUTLS_ERROR_EXIT(result, "gnutls_dh_params_import_pkcs3()");
+
+ free(dh_parameters);
}
static void deinitialize_gnutls(void) {
gnutls_dh_params_deinit(global_tls_dh_params);
return NULL;
}
-static char *slurp_file(const char *path) {
+static char *slurp_text_file(const char *path) {
struct stat stat;
size_t size_read;
char *content = NULL;
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff