]> jfr.im git - solanum.git/blob - libratbox/src/gnutls.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of github.com:charybdis-ircd/charybdis
[solanum.git] / libratbox / src / gnutls.c
1 /*
2 * libratbox: a library used by ircd-ratbox and other things
3 * gnutls.c: gnutls related code
4 *
5 * Copyright (C) 2007-2008 ircd-ratbox development team
6 * Copyright (C) 2007-2008 Aaron Sethman <androsyn@ratbox.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
21 * USA
22 *
23 * $Id: gnutls.c 26296 2008-12-13 03:36:00Z androsyn $
24 */
25
26 #include <libratbox_config.h>
27 #include <ratbox_lib.h>
28 #include <commio-int.h>
29 #include <commio-ssl.h>
30 #ifdef HAVE_GNUTLS
31
32 #include <gnutls/gnutls.h>
33 #include <gnutls/x509.h>
34
35 #if (GNUTLS_VERSION_MAJOR < 3)
36 # include <gcrypt.h>
37 #else
38 # include <gnutls/crypto.h>
39 #endif
40
41 static gnutls_certificate_credentials_t x509;
42 static gnutls_dh_params_t dh_params;
43 static gnutls_priority_t default_priority;
44
45 /* These are all used for getting GnuTLS to supply a client cert. */
46 #define MAX_CERTS 6
47 static unsigned int x509_cert_count;
48 static gnutls_x509_crt_t x509_cert[MAX_CERTS];
49 static gnutls_x509_privkey_t x509_key;
50 #if GNUTLS_VERSION_MAJOR < 3
51 static int cert_callback(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs,
52 const gnutls_pk_algorithm_t *sign_algos, int sign_algos_len, gnutls_retr_st *st);
53 #else
54 static int cert_callback(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs,
55 const gnutls_pk_algorithm_t *sign_algos, int sign_algos_len, gnutls_retr2_st *st);
56 #endif
57
58 #define SSL_P(x) *((gnutls_session_t *)F->ssl)
59
60 void
61 rb_ssl_shutdown(rb_fde_t *F)
62 {
63 int i;
64 if(F == NULL || F->ssl == NULL)
65 return;
66 for(i = 0; i < 4; i++)
67 {
68 if(gnutls_bye(SSL_P(F), GNUTLS_SHUT_RDWR) == GNUTLS_E_SUCCESS)
69 break;
70 }
71 gnutls_deinit(SSL_P(F));
72 rb_free(F->ssl);
73 }
74
75 unsigned int
76 rb_ssl_handshake_count(rb_fde_t *F)
77 {
78 return F->handshake_count;
79 }
80
81 void
82 rb_ssl_clear_handshake_count(rb_fde_t *F)
83 {
84 F->handshake_count = 0;
85 }
86
87 static void
88 rb_ssl_timeout(rb_fde_t *F, void *notused)
89 {
90 lrb_assert(F->accept != NULL);
91 F->accept->callback(F, RB_ERR_TIMEOUT, NULL, 0, F->accept->data);
92 }
93
94
95 static int
96 do_ssl_handshake(rb_fde_t *F, PF * callback, void *data)
97 {
98 int ret;
99 int flags;
100
101 ret = gnutls_handshake(SSL_P(F));
102 if(ret < 0)
103 {
104 if((ret == GNUTLS_E_INTERRUPTED && rb_ignore_errno(errno)) || ret == GNUTLS_E_AGAIN)
105 {
106 if(gnutls_record_get_direction(SSL_P(F)) == 0)
107 flags = RB_SELECT_READ;
108 else
109 flags = RB_SELECT_WRITE;
110 rb_setselect(F, flags, callback, data);
111 return 0;
112 }
113 F->ssl_errno = ret;
114 return -1;
115 }
116 return 1; /* handshake is finished..go about life */
117 }
118
119 static void
120 rb_ssl_tryaccept(rb_fde_t *F, void *data)
121 {
122 int ret;
123 struct acceptdata *ad;
124
125 lrb_assert(F->accept != NULL);
126
127 ret = do_ssl_handshake(F, rb_ssl_tryaccept, NULL);
128
129 /* do_ssl_handshake does the rb_setselect */
130 if(ret == 0)
131 return;
132
133 ad = F->accept;
134 F->accept = NULL;
135 rb_settimeout(F, 0, NULL, NULL);
136 rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE, NULL, NULL);
137
138 if(ret > 0)
139 ad->callback(F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data);
140 else
141 ad->callback(F, RB_ERROR_SSL, NULL, 0, ad->data);
142
143 rb_free(ad);
144 }
145
146 void
147 rb_ssl_start_accepted(rb_fde_t *new_F, ACCB * cb, void *data, int timeout)
148 {
149 gnutls_session_t *ssl;
150 new_F->type |= RB_FD_SSL;
151 ssl = new_F->ssl = rb_malloc(sizeof(gnutls_session_t));
152 new_F->accept = rb_malloc(sizeof(struct acceptdata));
153
154 new_F->accept->callback = cb;
155 new_F->accept->data = data;
156 rb_settimeout(new_F, timeout, rb_ssl_timeout, NULL);
157
158 new_F->accept->addrlen = 0;
159
160 gnutls_init(ssl, GNUTLS_SERVER);
161 gnutls_set_default_priority(*ssl);
162 gnutls_credentials_set(*ssl, GNUTLS_CRD_CERTIFICATE, x509);
163 gnutls_dh_set_prime_bits(*ssl, 1024);
164 gnutls_transport_set_ptr(*ssl, (gnutls_transport_ptr_t) (long int)new_F->fd);
165 gnutls_certificate_server_set_request(*ssl, GNUTLS_CERT_REQUEST);
166 gnutls_priority_set(*ssl, default_priority);
167
168 if(do_ssl_handshake(new_F, rb_ssl_tryaccept, NULL))
169 {
170 struct acceptdata *ad = new_F->accept;
171 new_F->accept = NULL;
172 ad->callback(new_F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data);
173 rb_free(ad);
174 }
175
176 }
177
178
179
180
181 void
182 rb_ssl_accept_setup(rb_fde_t *F, rb_fde_t *new_F, struct sockaddr *st, int addrlen)
183 {
184 new_F->type |= RB_FD_SSL;
185 new_F->ssl = rb_malloc(sizeof(gnutls_session_t));
186 new_F->accept = rb_malloc(sizeof(struct acceptdata));
187
188 new_F->accept->callback = F->accept->callback;
189 new_F->accept->data = F->accept->data;
190 rb_settimeout(new_F, 10, rb_ssl_timeout, NULL);
191 memcpy(&new_F->accept->S, st, addrlen);
192 new_F->accept->addrlen = addrlen;
193
194 gnutls_init((gnutls_session_t *) new_F->ssl, GNUTLS_SERVER);
195 gnutls_set_default_priority(SSL_P(new_F));
196 gnutls_credentials_set(SSL_P(new_F), GNUTLS_CRD_CERTIFICATE, x509);
197 gnutls_dh_set_prime_bits(SSL_P(new_F), 1024);
198 gnutls_transport_set_ptr(SSL_P(new_F), (gnutls_transport_ptr_t) (long int)rb_get_fd(new_F));
199 gnutls_certificate_server_set_request(SSL_P(new_F), GNUTLS_CERT_REQUEST);
200 gnutls_priority_set(SSL_P(F), default_priority);
201
202 if(do_ssl_handshake(F, rb_ssl_tryaccept, NULL))
203 {
204 struct acceptdata *ad = F->accept;
205 F->accept = NULL;
206 ad->callback(F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data);
207 rb_free(ad);
208 }
209 }
210
211
212
213
214 static ssize_t
215 rb_ssl_read_or_write(int r_or_w, rb_fde_t *F, void *rbuf, const void *wbuf, size_t count)
216 {
217 ssize_t ret;
218 gnutls_session_t *ssl = F->ssl;
219
220 if(r_or_w == 0)
221 ret = gnutls_record_recv(*ssl, rbuf, count);
222 else
223 ret = gnutls_record_send(*ssl, wbuf, count);
224
225 if(ret < 0)
226 {
227 switch (ret)
228 {
229 case GNUTLS_E_AGAIN:
230 case GNUTLS_E_INTERRUPTED:
231 if(rb_ignore_errno(errno))
232 {
233 if(gnutls_record_get_direction(*ssl) == 0)
234 return RB_RW_SSL_NEED_READ;
235 else
236 return RB_RW_SSL_NEED_WRITE;
237 break;
238 }
239 default:
240 F->ssl_errno = ret;
241 errno = EIO;
242 return RB_RW_IO_ERROR;
243 }
244 }
245 return ret;
246 }
247
248 ssize_t
249 rb_ssl_read(rb_fde_t *F, void *buf, size_t count)
250 {
251 return rb_ssl_read_or_write(0, F, buf, NULL, count);
252 }
253
254 ssize_t
255 rb_ssl_write(rb_fde_t *F, const void *buf, size_t count)
256 {
257 return rb_ssl_read_or_write(1, F, NULL, buf, count);
258 }
259
260 #if (GNUTLS_VERSION_MAJOR < 3)
261 static void
262 rb_gcry_random_seed(void *unused)
263 {
264 gcry_fast_random_poll();
265 }
266 #endif
267
268 int
269 rb_init_ssl(void)
270 {
271 gnutls_global_init();
272
273 if(gnutls_certificate_allocate_credentials(&x509) != GNUTLS_E_SUCCESS)
274 {
275 rb_lib_log("rb_init_ssl: Unable to allocate SSL/TLS certificate credentials");
276 return 0;
277 }
278
279 #if GNUTLS_VERSION_MAJOR < 3
280 gnutls_certificate_client_set_retrieve_function(x509, cert_callback);
281 #else
282 gnutls_certificate_set_retrieve_function(x509, cert_callback);
283 #endif
284
285 #if (GNUTLS_VERSION_MAJOR < 3)
286 rb_event_addish("rb_gcry_random_seed", rb_gcry_random_seed, NULL, 300);
287 #endif
288
289 return 1;
290 }
291
292 /* We only have one certificate to authenticate with, as both client and server. Unfortunately,
293 * GnuTLS tries to be clever, and as client, will attempt to use a certificate that the server
294 * will trust. We usually use self-signed certs, though, so the result of this search is always
295 * nothing. Therefore, it uses no certificate to authenticate as a client. This is undesirable
296 * as it breaks fingerprint auth. Thus, we use this callback to force GnuTLS to always
297 * authenticate with our certificate at all times.
298 */
299 #if GNUTLS_VERSION_MAJOR < 3
300 static int
301 cert_callback(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs,
302 const gnutls_pk_algorithm_t *sign_algos, int sign_algos_len, gnutls_retr_st *st)
303 #else
304 static int
305 cert_callback(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs,
306 const gnutls_pk_algorithm_t *sign_algos, int sign_algos_len, gnutls_retr2_st *st)
307 #endif
308 {
309 /* XXX - ugly hack. Tell GnuTLS to use the first (only) certificate we have for auth. */
310 #if (GNUTLS_VERSION_MAJOR < 3)
311 st->type = GNUTLS_CRT_X509;
312 #else
313 st->cert_type = GNUTLS_CRT_X509;
314 st->key_type = GNUTLS_PRIVKEY_X509;
315 #endif
316 st->ncerts = x509_cert_count;
317 st->cert.x509 = x509_cert;
318 st->key.x509 = x509_key;
319 st->deinit_all = 0;
320
321 return 0;
322 }
323
324 static void
325 rb_free_datum_t(gnutls_datum_t * d)
326 {
327 rb_free(d->data);
328 rb_free(d);
329 }
330
331 static gnutls_datum_t *
332 rb_load_file_into_datum_t(const char *file)
333 {
334 FILE *f;
335 gnutls_datum_t *datum;
336 struct stat fileinfo;
337 if((f = fopen(file, "r")) == NULL)
338 return NULL;
339 if(fstat(fileno(f), &fileinfo))
340 return NULL;
341
342 datum = rb_malloc(sizeof(gnutls_datum_t));
343
344 if(fileinfo.st_size > 131072) /* deal with retards */
345 datum->size = 131072;
346 else
347 datum->size = fileinfo.st_size;
348
349 datum->data = rb_malloc(datum->size + 1);
350 fread(datum->data, datum->size, 1, f);
351 fclose(f);
352 return datum;
353 }
354
355 int
356 rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list)
357 {
358 int ret;
359 const char *err;
360 gnutls_datum_t *d_cert, *d_key;
361 if(cert == NULL)
362 {
363 rb_lib_log("rb_setup_ssl_server: No certificate file");
364 return 0;
365 }
366
367 if((d_cert = rb_load_file_into_datum_t(cert)) == NULL)
368 {
369 rb_lib_log("rb_setup_ssl_server: Error loading certificate: %s", strerror(errno));
370 return 0;
371 }
372
373 if((d_key = rb_load_file_into_datum_t(keyfile)) == NULL)
374 {
375 rb_lib_log("rb_setup_ssl_server: Error loading key: %s", strerror(errno));
376 return 0;
377 }
378
379 /* In addition to creating the certificate set, we also need to store our cert elsewhere
380 * so we can force GnuTLS to identify with it when acting as a client.
381 */
382 gnutls_x509_privkey_init(&x509_key);
383 if ((ret = gnutls_x509_privkey_import(x509_key, d_key, GNUTLS_X509_FMT_PEM)) != GNUTLS_E_SUCCESS)
384 {
385 rb_lib_log("rb_setup_ssl_server: Error loading key file: %s", gnutls_strerror(ret));
386 return 0;
387 }
388
389 x509_cert_count = MAX_CERTS;
390 if ((ret = gnutls_x509_crt_list_import(x509_cert, &x509_cert_count, d_cert, GNUTLS_X509_FMT_PEM,
391 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) < 0)
392 {
393 rb_lib_log("rb_setup_ssl_server: Error loading certificate: %s", gnutls_strerror(ret));
394 return 0;
395 }
396 x509_cert_count = ret;
397
398 if((ret =
399 gnutls_certificate_set_x509_key_mem(x509, d_cert, d_key,
400 GNUTLS_X509_FMT_PEM)) != GNUTLS_E_SUCCESS)
401 {
402 rb_lib_log("rb_setup_ssl_server: Error loading certificate or key file: %s",
403 gnutls_strerror(ret));
404 return 0;
405 }
406
407 rb_free_datum_t(d_cert);
408 rb_free_datum_t(d_key);
409
410 if(dhfile != NULL)
411 {
412 if(gnutls_dh_params_init(&dh_params) == GNUTLS_E_SUCCESS)
413 {
414 gnutls_datum_t *data;
415 int xret;
416 data = rb_load_file_into_datum_t(dhfile);
417 if(data != NULL)
418 {
419 xret = gnutls_dh_params_import_pkcs3(dh_params, data,
420 GNUTLS_X509_FMT_PEM);
421 if(xret < 0)
422 rb_lib_log
423 ("rb_setup_ssl_server: Error parsing DH file: %s\n",
424 gnutls_strerror(xret));
425 rb_free_datum_t(data);
426 }
427 gnutls_certificate_set_dh_params(x509, dh_params);
428 }
429 else
430 rb_lib_log("rb_setup_ssl_server: Unable to setup DH parameters");
431 }
432
433 ret = gnutls_priority_init(&default_priority, cipher_list, &err);
434 if (ret < 0)
435 {
436 rb_lib_log("rb_setup_ssl_server: syntax error (using defaults instead) in ssl cipher list at: %s", err);
437 gnutls_priority_init(&default_priority, NULL, &err);
438 return 1;
439 }
440
441 return 1;
442 }
443
444 int
445 rb_ssl_listen(rb_fde_t *F, int backlog, int defer_accept)
446 {
447 int result;
448
449 result = rb_listen(F, backlog, defer_accept);
450 F->type = RB_FD_SOCKET | RB_FD_LISTEN | RB_FD_SSL;
451
452 return result;
453 }
454
455 struct ssl_connect
456 {
457 CNCB *callback;
458 void *data;
459 int timeout;
460 };
461
462 static void
463 rb_ssl_connect_realcb(rb_fde_t *F, int status, struct ssl_connect *sconn)
464 {
465 F->connect->callback = sconn->callback;
466 F->connect->data = sconn->data;
467 rb_free(sconn);
468 rb_connect_callback(F, status);
469 }
470
471 static void
472 rb_ssl_tryconn_timeout_cb(rb_fde_t *F, void *data)
473 {
474 rb_ssl_connect_realcb(F, RB_ERR_TIMEOUT, data);
475 }
476
477 static void
478 rb_ssl_tryconn_cb(rb_fde_t *F, void *data)
479 {
480 struct ssl_connect *sconn = data;
481 int ret;
482
483 ret = do_ssl_handshake(F, rb_ssl_tryconn_cb, (void *)sconn);
484
485 switch (ret)
486 {
487 case -1:
488 rb_ssl_connect_realcb(F, RB_ERROR_SSL, sconn);
489 break;
490 case 0:
491 /* do_ssl_handshake does the rb_setselect stuff */
492 return;
493 default:
494 break;
495
496
497 }
498 rb_ssl_connect_realcb(F, RB_OK, sconn);
499 }
500
501 static void
502 rb_ssl_tryconn(rb_fde_t *F, int status, void *data)
503 {
504 struct ssl_connect *sconn = data;
505 if(status != RB_OK)
506 {
507 rb_ssl_connect_realcb(F, status, sconn);
508 return;
509 }
510
511 F->type |= RB_FD_SSL;
512
513
514 rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
515 F->ssl = rb_malloc(sizeof(gnutls_session_t));
516 gnutls_init(F->ssl, GNUTLS_CLIENT);
517 gnutls_set_default_priority(SSL_P(F));
518 gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, x509);
519 gnutls_dh_set_prime_bits(SSL_P(F), 1024);
520 gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd);
521 gnutls_priority_set(SSL_P(F), default_priority);
522
523 do_ssl_handshake(F, rb_ssl_tryconn_cb, (void *)sconn);
524 }
525
526 void
527 rb_connect_tcp_ssl(rb_fde_t *F, struct sockaddr *dest,
528 struct sockaddr *clocal, int socklen, CNCB * callback, void *data, int timeout)
529 {
530 struct ssl_connect *sconn;
531 if(F == NULL)
532 return;
533
534 sconn = rb_malloc(sizeof(struct ssl_connect));
535 sconn->data = data;
536 sconn->callback = callback;
537 sconn->timeout = timeout;
538 rb_connect_tcp(F, dest, clocal, socklen, rb_ssl_tryconn, sconn, timeout);
539
540 }
541
542 void
543 rb_ssl_start_connected(rb_fde_t *F, CNCB * callback, void *data, int timeout)
544 {
545 struct ssl_connect *sconn;
546 if(F == NULL)
547 return;
548
549 sconn = rb_malloc(sizeof(struct ssl_connect));
550 sconn->data = data;
551 sconn->callback = callback;
552 sconn->timeout = timeout;
553 F->connect = rb_malloc(sizeof(struct conndata));
554 F->connect->callback = callback;
555 F->connect->data = data;
556 F->type |= RB_FD_SSL;
557 F->ssl = rb_malloc(sizeof(gnutls_session_t));
558
559 gnutls_init(F->ssl, GNUTLS_CLIENT);
560 gnutls_set_default_priority(SSL_P(F));
561 gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, x509);
562 gnutls_dh_set_prime_bits(SSL_P(F), 1024);
563 gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd);
564 gnutls_priority_set(SSL_P(F), default_priority);
565
566 rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
567
568 do_ssl_handshake(F, rb_ssl_tryconn_cb, (void *)sconn);
569 }
570
571 int
572 rb_init_prng(const char *path, prng_seed_t seed_type)
573 {
574 #if GNUTLS_VERSION_MAJOR < 3
575 gcry_fast_random_poll();
576 #endif
577 return 1;
578 }
579
580 int
581 rb_get_random(void *buf, size_t length)
582 {
583 #if GNUTLS_VERSION_MAJOR < 3
584 gcry_randomize(buf, length, GCRY_STRONG_RANDOM);
585 #else
586 gnutls_rnd(GNUTLS_RND_KEY, buf, length);
587 #endif
588 return 1;
589 }
590
591 const char *
592 rb_get_ssl_strerror(rb_fde_t *F)
593 {
594 return gnutls_strerror(F->ssl_errno);
595 }
596
597 int
598 rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
599 {
600 gnutls_x509_crt_t cert;
601 gnutls_digest_algorithm_t algo;
602 unsigned int cert_list_size;
603 const gnutls_datum_t *cert_list;
604 uint8_t digest[RB_SSL_CERTFP_LEN * 2];
605 size_t digest_size;
606 int len;
607
608 if (gnutls_certificate_type_get(SSL_P(F)) != GNUTLS_CRT_X509)
609 return 0;
610
611 if (gnutls_x509_crt_init(&cert) < 0)
612 return 0;
613
614 cert_list_size = 0;
615 cert_list = gnutls_certificate_get_peers(SSL_P(F), &cert_list_size);
616 if (cert_list == NULL)
617 {
618 gnutls_x509_crt_deinit(cert);
619 return 0;
620 }
621
622 if (gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0)
623 {
624 gnutls_x509_crt_deinit(cert);
625 return 0;
626 }
627
628 switch(method)
629 {
630 case RB_SSL_CERTFP_METH_SHA1:
631 algo = GNUTLS_DIG_SHA1;
632 len = RB_SSL_CERTFP_LEN_SHA1;
633 break;
634 case RB_SSL_CERTFP_METH_SHA256:
635 algo = GNUTLS_DIG_SHA256;
636 len = RB_SSL_CERTFP_LEN_SHA256;
637 break;
638 case RB_SSL_CERTFP_METH_SHA512:
639 algo = GNUTLS_DIG_SHA512;
640 len = RB_SSL_CERTFP_LEN_SHA512;
641 break;
642 default:
643 return 0;
644 }
645
646 if (gnutls_x509_crt_get_fingerprint(cert, algo, digest, &digest_size) < 0)
647 {
648 gnutls_x509_crt_deinit(cert);
649 return 0;
650 }
651
652 memcpy(certfp, digest, len);
653
654 gnutls_x509_crt_deinit(cert);
655 return len;
656 }
657
658 int
659 rb_supports_ssl(void)
660 {
661 return 1;
662 }
663
664 void
665 rb_get_ssl_info(char *buf, size_t len)
666 {
667 snprintf(buf, len, "GNUTLS: compiled (%s), library(%s)",
668 LIBGNUTLS_VERSION, gnutls_check_version(NULL));
669 }
670
671 const char *
672 rb_ssl_get_cipher(rb_fde_t *F)
673 {
674 static char buf[1024];
675
676 snprintf(buf, sizeof(buf), "%s-%s-%s-%s",
677 gnutls_protocol_get_name(gnutls_protocol_get_version(SSL_P(F))),
678 gnutls_kx_get_name(gnutls_kx_get(SSL_P(F))),
679 gnutls_cipher_get_name(gnutls_cipher_get(SSL_P(F))),
680 gnutls_mac_get_name(gnutls_mac_get(SSL_P(F))));
681
682 return buf;
683 }
684
685 #endif /* HAVE_GNUTLS */
Fork of solanum ircd, history is rebased regularly