serverutils.h File Reference

GnuTLS based functions for server communication - header file. More...

#include <glib.h>
#include <gnutls/gnutls.h>
#include <stdarg.h>
#include <sys/param.h>
#include <netinet/ip.h>

Include dependency graph for serverutils.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	gvm_connection_t
	Connection. More...

Functions
void	gvm_connection_free (gvm_connection_t *)
	Free connection. More...
void	gvm_connection_close (gvm_connection_t *)
	Close a server connection and its socket. More...
int	gvm_server_verify (gnutls_session_t)
	Verify certificate. More...
int	gvm_server_open (gnutls_session_t *, const char *, int)
	Connect to the server using a given host and port. More...
int	gvm_server_open_verify (gnutls_session_t *, const char *, int, const char *, const char *, const char *, int)
	Connect to the server using a given host, port and cert. More...
int	gvm_server_open_with_cert (gnutls_session_t *, const char *, int, const char *, const char *, const char *)
	Connect to the server using a given host, port and cert. More...
int	gvm_server_close (int, gnutls_session_t)
	Close a server connection and its socket. More...
int	gvm_server_attach (int, gnutls_session_t *)
	Attach a socket to a session, and shake hands with the peer. More...
int	gvm_server_sendf (gnutls_session_t *, const char *,...) __attribute__((format(printf
int int	gvm_server_vsendf (gnutls_session_t *, const char *, va_list)
	Send a string to the server. More...
int	gvm_socket_vsendf (int, const char *, va_list)
	Send a string to the server. More...
int	gvm_server_sendf_xml (gnutls_session_t *, const char *,...)
	Format and send an XML string to the server. More...
int	gvm_server_sendf_xml_quiet (gnutls_session_t *, const char *,...)
	Format and send an XML string to the server. More...
int	gvm_connection_sendf_xml (gvm_connection_t *, const char *,...)
	Format and send an XML string to the server. More...
int	gvm_connection_sendf_xml_quiet (gvm_connection_t *, const char *,...)
	Format and send an XML string to the server. More...
int	gvm_connection_sendf (gvm_connection_t *, const char *,...)
	Format and send a string to the server. More...
int	gvm_server_new (unsigned int, gchar *, gchar *, gchar *, gnutls_session_t *, gnutls_certificate_credentials_t *)
	Make a session for connecting to a server. More...
int	gvm_server_new_mem (unsigned int, const char *, const char *, const char *, gnutls_session_t *, gnutls_certificate_credentials_t *)
	Make a session for connecting to a server, with certificates stored in memory. More...
int	gvm_server_free (int, gnutls_session_t, gnutls_certificate_credentials_t)
	Cleanup a server session. More...
int	gvm_server_session_free (gnutls_session_t, gnutls_certificate_credentials_t)
int	load_gnutls_file (const char *, gnutls_datum_t *)
	Loads a file's data into gnutls_datum_t struct. More...
void	unload_gnutls_file (gnutls_datum_t *)
	Unloads a gnutls_datum_t struct's data. More...
int	set_gnutls_dhparams (gnutls_certificate_credentials_t, const char *)
	Set a gnutls session's Diffie-Hellman parameters. More...

Detailed Description

GnuTLS based functions for server communication - header file.

This module supplies low-level communication functions for communication with a server over GnuTLS.

Definition in file serverutils.h.

Function Documentation

gvm_connection_close()

void gvm_connection_close

(

gvm_connection_t *

connection

)

Close a server connection and its socket.

Parameters

[in]

connection

Connection.

Definition at line 505 of file serverutils.c.

{
  gvm_connection_free (connection);
}

References gvm_connection_free().

Here is the call graph for this function:

gvm_connection_free()

void gvm_connection_free

(

gvm_connection_t *

client_connection

)

Free connection.

Parameters

[in]

client_connection

Connection.

Definition at line 92 of file serverutils.c.

{
  if (client_connection->tls)
    gvm_server_free (client_connection->socket, client_connection->session,
                     client_connection->credentials);
  else
    close_unix (client_connection);
}

References close_unix(), gvm_connection_t::credentials, gvm_server_free(), gvm_connection_t::session, gvm_connection_t::socket, and gvm_connection_t::tls.

Referenced by gvm_connection_close().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_connection_sendf()

int gvm_connection_sendf	(	gvm_connection_t *	connection,
		const char *	format,
			...
	)

Format and send a string to the server.

Parameters

[in]	connection	Connection.
[in]	format	printf-style format string for message.

Returns

0 on success, -1 on error.

Definition at line 824 of file serverutils.c.

{
  va_list ap;
  int rc;
 
  va_start (ap, format);
  rc = gvm_connection_vsendf (connection, format, ap);
  va_end (ap);
  return rc;
}

References gvm_connection_vsendf().

Referenced by gmp_ping_c(), gmp_resume_task_report_c(), gmp_start_task_ext_c(), gmp_start_task_report_c(), gmp_stop_task_c(), and gvm_connection_sendf_xml().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_connection_sendf_xml()

int gvm_connection_sendf_xml	(	gvm_connection_t *	connection,
		const char *	format,
			...
	)

Format and send an XML string to the server.

Escape XML in string and character args.

Parameters

[in]	connection	Connection.
[in]	format	printf-style format string for message.

Returns

0 on success, -1 on error.

Definition at line 912 of file serverutils.c.

{
  va_list ap;
  gchar *msg;
  int rc;
 
  va_start (ap, format);
  msg = g_markup_vprintf_escaped (format, ap);
  rc = gvm_connection_sendf (connection, "%s", msg);
  g_free (msg);
  va_end (ap);
  return rc;
}

References gvm_connection_sendf().

Here is the call graph for this function:

gvm_connection_sendf_xml_quiet()

int gvm_connection_sendf_xml_quiet	(	gvm_connection_t *	connection,
		const char *	format,
			...
	)

Format and send an XML string to the server.

Escape XML in string and character args.

Quiet version, only logs warnings.

Parameters

[in]	connection	Connection.
[in]	format	printf-style format string for message.

Returns

0 on success, -1 on error.

Definition at line 966 of file serverutils.c.

{
  va_list ap;
  gchar *msg;
  int rc;
 
  va_start (ap, format);
  msg = g_markup_vprintf_escaped (format, ap);
  rc = gvm_connection_sendf_quiet (connection, "%s", msg);
  g_free (msg);
  va_end (ap);
  return rc;
}

References gvm_connection_sendf_quiet().

Referenced by gmp_authenticate_info_ext_c().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_server_attach()

int gvm_server_attach	(	int	socket,
		gnutls_session_t *	session
	)

Attach a socket to a session, and shake hands with the peer.

Parameters

[in]	socket	Socket.
[in]	session	Pointer to GNUTLS session. FIXME: Why is this a pointer to a session?

Returns

0 on success, -1 on error.

Definition at line 570 of file serverutils.c.

{
  int ret;
 
  ret = server_attach_internal (socket, session, NULL, 0);
  return ret ? -1 : 0;
}

References server_attach_internal().

Here is the call graph for this function:

gvm_server_close()

int gvm_server_close	(	int	socket,
		gnutls_session_t	session
	)

Close a server connection and its socket.

Parameters

[in]	socket	Socket connected to server.
[in]	session	GNUTLS session with server.

Returns

0 on success, -1 on error.

Definition at line 494 of file serverutils.c.

{
  return gvm_server_free (socket, session, NULL);
}

References gvm_server_free().

Referenced by osp_connection_close().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_server_free()

int gvm_server_free	(	int	server_socket,
		gnutls_session_t	server_session,
		gnutls_certificate_credentials_t	server_credentials
	)

Cleanup a server session.

This shuts down the TLS session, closes the socket and releases the TLS resources.

Parameters

[in]	server_socket	The socket connected to the server.
[in]	server_session	The session with the server.
[in]	server_credentials	Credentials or NULL.

Returns

0 success, -1 error.

Definition at line 1271 of file serverutils.c.

{
  /* Turn off blocking. */
  // FIX get flags first
  if (fcntl (server_socket, F_SETFL, O_NONBLOCK) == -1)
    {
      g_warning ("%s: failed to set server socket flag: %s\n", __func__,
                 strerror (errno));
      return -1;
    }
 
  while (1)
    {
      int ret = gnutls_bye (server_session, GNUTLS_SHUT_WR);
      if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
        {
          continue;
        }
      if (ret)
        {
          g_debug ("   Failed to gnutls_bye: %s\n",
                   gnutls_strerror ((int) ret));
          /* Carry on successfully anyway, as this often fails, perhaps
           * because the server is closing the connection first. */
          break;
        }
      break;
    }
 
  /* The former separate code in gvm_server_close and here
     differed in the order the TLS session and socket was closed.  The
     way we do it here seems to be the right thing but for full
     backward compatibility we do it for calls from
     gvm_server_close in the old way.  We can distinguish the two
     modes by the existence of server_credentials.  */
  if (server_credentials)
    {
      if (close (server_socket) == -1)
        {
          g_warning ("%s: failed to close server socket: %s\n", __func__,
                     strerror (errno));
          return -1;
        }
      gnutls_deinit (server_session);
      gnutls_certificate_free_credentials (server_credentials);
    }
  else
    {
      gnutls_deinit (server_session);
      close (server_socket);
    }
 
  gnutls_global_deinit ();
 
  return 0;
}

Referenced by gvm_connection_free(), and gvm_server_close().

Here is the caller graph for this function:

gvm_server_new()

int gvm_server_new	(	unsigned int	end_type,
		gchar *	ca_cert_file,
		gchar *	cert_file,
		gchar *	key_file,
		gnutls_session_t *	server_session,
		gnutls_certificate_credentials_t *	server_credentials
	)

Make a session for connecting to a server.

Parameters

[in]	end_type	Connection end type (GNUTLS_SERVER or GNUTLS_CLIENT).
[in]	ca_cert_file	Certificate authority file.
[in]	cert_file	Certificate file.
[in]	key_file	Key file.
[out]	server_session	The session with the server.
[out]	server_credentials	Server credentials.

Returns

0 on success, -1 on error.

Definition at line 1144 of file serverutils.c.

{
  return server_new_internal (end_type, NULL, ca_cert_file, cert_file, key_file,
                              server_session, server_credentials);
}

References server_new_internal().

Here is the call graph for this function:

gvm_server_new_mem()

int gvm_server_new_mem	(	unsigned int	end_type,
		const char *	ca_cert,
		const char *	pub_key,
		const char *	priv_key,
		gnutls_session_t *	session,
		gnutls_certificate_credentials_t *	credentials
	)

Make a session for connecting to a server, with certificates stored in memory.

Parameters

[in]	end_type	Connection end type: GNUTLS_SERVER or GNUTLS_CLIENT.
[in]	ca_cert	Certificate authority public key.
[in]	pub_key	Public key.
[in]	priv_key	Private key.
[out]	session	The session with the server.
[out]	credentials	Server credentials.

Returns

0 on success, -1 on error.

Definition at line 1166 of file serverutils.c.

{
  if (server_new_gnutls_init (credentials))
    return -1;
 
  if (pub_key && priv_key)
    {
      int ret;
      gnutls_datum_t pub, priv;
 
      pub.data = (void *) pub_key;
      pub.size = strlen (pub_key);
      priv.data = (void *) priv_key;
      priv.size = strlen (priv_key);
 
      ret = gnutls_certificate_set_x509_key_mem (*credentials, &pub, &priv,
                                                 GNUTLS_X509_FMT_PEM);
      if (ret < 0)
        {
          g_warning ("%s: %s\n", __func__, gnutls_strerror (ret));
          return -1;
        }
    }
 
  if (ca_cert)
    {
      int ret;
      gnutls_datum_t data;
 
      data.data = (void *) ca_cert;
      data.size = strlen (ca_cert);
      ret = gnutls_certificate_set_x509_trust_mem (*credentials, &data,
                                                   GNUTLS_X509_FMT_PEM);
      if (ret < 0)
        {
          g_warning ("%s: %s\n", __func__, gnutls_strerror (ret));
          gnutls_certificate_free_credentials (*credentials);
          return -1;
        }
    }
 
  if (server_new_gnutls_set (end_type, NULL, session, credentials))
    {
      gnutls_certificate_free_credentials (*credentials);
      return -1;
    }
 
  return 0;
}

References server_new_gnutls_init(), and server_new_gnutls_set().

Referenced by gvm_server_open_verify().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_server_open()

int gvm_server_open	(	gnutls_session_t *	session,
		const char *	host,
		int	port
	)

Connect to the server using a given host and port.

Parameters

[in]	session	Pointer to GNUTLS session.
[in]	host	Host to connect to.
[in]	port	Port to connect to.

Returns

0 on success, -1 on error.

Definition at line 480 of file serverutils.c.

{
  return gvm_server_open_with_cert (session, host, port, NULL, NULL, NULL);
}

References gvm_server_open_with_cert().

Here is the call graph for this function:

gvm_server_open_verify()

int gvm_server_open_verify	(	gnutls_session_t *	session,
		const char *	host,
		int	port,
		const char *	ca_mem,
		const char *	pub_mem,
		const char *	priv_mem,
		int	verify
	)

Connect to the server using a given host, port and cert.

Parameters

[in]	session	Pointer to GNUTLS session.
[in]	host	Host to connect to.
[in]	port	Port to connect to.
[in]	ca_mem	CA cert.
[in]	pub_mem	Public key.
[in]	priv_mem	Private key.
[in]	verify	Whether to verify.

Returns

0 on success, -1 on error.

Warning

On success we are leaking the credentials. We can't free them because the session only makes a shallow copy.

Definition at line 314 of file serverutils.c.

{
  int ret;
  int server_socket;
  struct addrinfo address_hints;
  struct addrinfo *addresses, *address;
  gchar *port_string;
  int host_type;
 
  gnutls_certificate_credentials_t credentials;
 
  /* Ensure that host and port have sane values. */
  if (port < 1 || port > 65535)
    {
      g_warning ("Failed to create client TLS session. "
                 "Invalid port %d",
                 port);
      return -1;
    }
  host_type = gvm_get_host_type (host);
  if (!(host_type == HOST_TYPE_NAME || host_type == HOST_TYPE_IPV4
        || host_type == HOST_TYPE_IPV6))
    {
      g_warning ("Failed to create client TLS session. Invalid host %s", host);
      return -1;
    }
 
  if (gvm_server_new_mem (GNUTLS_CLIENT, ca_mem, pub_mem, priv_mem, session,
                          &credentials))
    {
      g_warning ("Failed to create client TLS session.");
      return -1;
    }
 
  if (ca_mem && pub_mem && priv_mem)
    {
      set_cert_pub_mem (pub_mem);
      set_cert_priv_mem (priv_mem);
 
      gnutls_certificate_set_retrieve_function (credentials,
                                                client_cert_callback);
    }
 
  /* Create the port string. */
 
  port_string = g_strdup_printf ("%i", port);
 
  /* Get all possible addresses. */
 
  memset (&address_hints, 0, sizeof (address_hints));
  address_hints.ai_family = AF_UNSPEC; /* IPv4 or IPv6. */
  address_hints.ai_socktype = SOCK_STREAM;
  address_hints.ai_protocol = 0;
 
  if (getaddrinfo (host, port_string, &address_hints, &addresses))
    {
      g_free (port_string);
      g_warning ("Failed to get server addresses for %s: %s", host,
                 gai_strerror (errno));
      gnutls_deinit (*session);
      gnutls_certificate_free_credentials (credentials);
      return -1;
    }
  g_free (port_string);
 
  /* Try to connect to each address in turn. */
 
  for (address = addresses; address; address = address->ai_next)
    {
      /* Make server socket. */
 
      if (address->ai_family == AF_INET6)
        server_socket = socket (PF_INET6, SOCK_STREAM, 0);
      else
        server_socket = socket (PF_INET, SOCK_STREAM, 0);
      if (server_socket == -1)
        {
          g_warning ("Failed to create server socket");
          freeaddrinfo (addresses);
          gnutls_deinit (*session);
          gnutls_certificate_free_credentials (credentials);
          return -1;
        }
 
      /* Connect to server. */
 
      if (connect (server_socket, address->ai_addr, address->ai_addrlen) == -1)
        {
          close (server_socket);
          continue;
        }
      break;
    }
 
  freeaddrinfo (addresses);
 
  if (address == NULL)
    {
      g_warning ("Failed to connect to server");
      gnutls_deinit (*session);
      gnutls_certificate_free_credentials (credentials);
      return -1;
    }
 
  g_debug ("   Connected to server '%s' port %d.", host, port);
 
  /* Complete setup of server session. */
  ret = server_attach_internal (server_socket, session, host, port);
  if (ret)
    {
      if (ret == -2)
        {
          close (server_socket);
          gnutls_deinit (*session);
          gnutls_certificate_free_credentials (credentials);
        }
      close (server_socket);
      return -1;
    }
  if (verify && gvm_server_verify (*session))
    {
      close (server_socket);
      return -1;
    }
 
  return server_socket;
}

References client_cert_callback(), gvm_get_host_type(), gvm_server_new_mem(), gvm_server_verify(), HOST_TYPE_IPV4, HOST_TYPE_IPV6, HOST_TYPE_NAME, server_attach_internal(), set_cert_priv_mem(), and set_cert_pub_mem().

Referenced by gvm_server_open_with_cert().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_server_open_with_cert()

int gvm_server_open_with_cert	(	gnutls_session_t *	session,
		const char *	host,
		int	port,
		const char *	ca_mem,
		const char *	pub_mem,
		const char *	priv_mem
	)

Connect to the server using a given host, port and cert.

Verify if all cert args are given.

Parameters

[in]	session	Pointer to GNUTLS session.
[in]	host	Host to connect to.
[in]	port	Port to connect to.
[in]	ca_mem	CA cert.
[in]	pub_mem	Public key.
[in]	priv_mem	Private key.

Returns

0 on success, -1 on error.

Definition at line 462 of file serverutils.c.

{
  return gvm_server_open_verify (session, host, port, ca_mem, pub_mem, priv_mem,
                                 ca_mem && pub_mem && priv_mem);
}

References gvm_server_open_verify().

Referenced by gvm_server_open(), and osp_send_command().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_server_sendf()

int gvm_server_sendf	(	gnutls_session_t *	,
		const char *	,
			...
	)

gvm_server_sendf_xml()

int gvm_server_sendf_xml	(	gnutls_session_t *	session,
		const char *	format,
			...
	)

Format and send an XML string to the server.

Escape XML in string and character args.

Parameters

[in]	session	Pointer to GNUTLS session.
[in]	format	printf-style format string for message.

Returns

0 on success, -1 on error.

Definition at line 887 of file serverutils.c.

{
  va_list ap;
  gchar *msg;
  int rc;
 
  va_start (ap, format);
  msg = g_markup_vprintf_escaped (format, ap);
  rc = gvm_server_sendf (session, "%s", msg);
  g_free (msg);
  va_end (ap);
  return rc;
}

References gvm_server_sendf().

Referenced by gmp_create_lsc_credential(), gmp_create_lsc_credential_key(), and gmp_create_task().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_server_sendf_xml_quiet()

int gvm_server_sendf_xml_quiet	(	gnutls_session_t *	session,
		const char *	format,
			...
	)

Format and send an XML string to the server.

Escape XML in string and character args.

Quiet version, only logs warnings.

Parameters

[in]	session	Pointer to GNUTLS session.
[in]	format	printf-style format string for message.

Returns

0 on success, -1 on error.

Definition at line 939 of file serverutils.c.

{
  va_list ap;
  gchar *msg;
  int rc;
 
  va_start (ap, format);
  msg = g_markup_vprintf_escaped (format, ap);
  rc = gvm_server_sendf_quiet (session, "%s", msg);
  g_free (msg);
  va_end (ap);
  return rc;
}

References gvm_server_sendf_quiet().

Referenced by gmp_authenticate(), gmp_authenticate_info_ext(), and gmp_create_lsc_credential().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_server_session_free()

int gvm_server_session_free	(	gnutls_session_t	,
		gnutls_certificate_credentials_t
	)

gvm_server_verify()

int gvm_server_verify

(

gnutls_session_t

session

)

Verify certificate.

Parameters

[in]

session

Pointer to GNUTLS session.

Returns

0 on success, 1 on failure, -1 on error.

Definition at line 111 of file serverutils.c.

{
  unsigned int status;
  int ret;
 
  ret = gnutls_certificate_verify_peers2 (session, &status);
  if (ret < 0)
    {
      g_warning ("%s: failed to verify peers: %s", __func__,
                 gnutls_strerror (ret));
      return -1;
    }
 
  if (status & GNUTLS_CERT_INVALID)
    g_warning ("%s: the certificate is not trusted", __func__);
 
  if (status & GNUTLS_CERT_SIGNER_NOT_CA)
    g_warning ("%s: the certificate's issuer is not a CA", __func__);
 
  if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
    g_warning ("%s: the certificate was signed using an insecure algorithm",
               __func__);
 
  if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
    g_warning ("%s: the certificate hasn't got a known issuer", __func__);
 
  if (status & GNUTLS_CERT_REVOKED)
    g_warning ("%s: the certificate has been revoked", __func__);
 
  if (status & GNUTLS_CERT_EXPIRED)
    g_warning ("%s: the certificate has expired", __func__);
 
  if (status & GNUTLS_CERT_NOT_ACTIVATED)
    g_warning ("%s: the certificate is not yet activated", __func__);
 
  if (status)
    return 1;
 
  return 0;
}

Referenced by gvm_server_open_verify().

Here is the caller graph for this function:

gvm_server_vsendf()

int int gvm_server_vsendf	(	gnutls_session_t *	session,
		const char *	fmt,
		va_list	ap
	)

Send a string to the server.

Parameters

[in]	session	Pointer to GNUTLS session.
[in]	fmt	Format of string to send.
[in]	ap	Args for fmt.

Returns

0 on success, 1 if server closed connection, -1 on error.

Definition at line 728 of file serverutils.c.

{
  return gvm_server_vsendf_internal (session, fmt, ap, 0);
}

References gvm_server_vsendf_internal().

Referenced by gvm_server_sendf(), osp_send_command(), and osp_send_command_str().

Here is the call graph for this function:

Here is the caller graph for this function:

gvm_socket_vsendf()

int gvm_socket_vsendf	(	int	socket,
		const char *	fmt,
		va_list	ap
	)

Send a string to the server.

Parameters

[in]	socket	Socket to send string through.
[in]	fmt	Format of string to send.
[in]	ap	Args for fmt.

Returns

0 on success, 1 if server closed connection, -1 on error.

Definition at line 743 of file serverutils.c.

{
  return unix_vsendf_internal (socket, fmt, ap, 0);
}

References unix_vsendf_internal().

Referenced by osp_send_command(), and osp_send_command_str().

Here is the call graph for this function:

Here is the caller graph for this function:

load_gnutls_file()

int load_gnutls_file	(	const char *	file,
		gnutls_datum_t *	loaded_file
	)

Loads a file's data into gnutls_datum_t struct.

Parameters

[in]	file	File to load.
[out]	loaded_file	Destination to load file into.

Returns

0 if success, -1 if error.

Definition at line 161 of file serverutils.c.

{
  FILE *f = NULL;
  int64_t filelen;
  void *ptr;
 
  if (!(f = fopen (file, "r")) || fseek (f, 0, SEEK_END) != 0
      || (filelen = ftell (f)) < 0 || fseek (f, 0, SEEK_SET) != 0
      || !(ptr = g_malloc0 ((size_t) filelen))
      || fread (ptr, 1, (size_t) filelen, f) < (size_t) filelen)
    {
      if (f)
        fclose (f);
      return -1;
    }
 
  loaded_file->data = ptr;
  loaded_file->size = filelen;
  fclose (f);
  return 0;
}

Referenced by set_gnutls_dhparams().

Here is the caller graph for this function:

set_gnutls_dhparams()

int set_gnutls_dhparams	(	gnutls_certificate_credentials_t	creds,
		const char *	dhparams_file
	)

Set a gnutls session's Diffie-Hellman parameters.

Parameters

[in]	creds	GnuTLS credentials.
[in]	dhparams_file	Path to PEM file containing the DH parameters.

Returns

0 on success, -1 on error.

Definition at line 1228 of file serverutils.c.

{
  int ret;
  gnutls_datum_t data;
 
  if (!creds || !dhparams_file)
    return -1;
 
  if (load_gnutls_file (dhparams_file, &data))
    return -1;
 
/* Disable false positive warning about potential leak of memory */
#ifndef __clang_analyzer__
 
  gnutls_dh_params_t params = g_malloc0 (sizeof (gnutls_dh_params_t));
  ret = gnutls_dh_params_import_pkcs3 (params, &data, GNUTLS_X509_FMT_PEM);
  unload_gnutls_file (&data);
  if (ret)
    {
      g_free (params);
      return -1;
    }
  else
    gnutls_certificate_set_dh_params (creds, params);
  return 0;
 
#endif
}

References load_gnutls_file(), and unload_gnutls_file().

Here is the call graph for this function:

unload_gnutls_file()

void unload_gnutls_file

(

gnutls_datum_t *

data

)

Unloads a gnutls_datum_t struct's data.

Parameters

[in]

data

Pointer to gnutls_datum_t struct to be unloaded.

Definition at line 189 of file serverutils.c.

{
  if (data)
    g_free (data->data);
}

Referenced by set_gnutls_dhparams().

Here is the caller graph for this function: