]> jfr.im git - solanum.git/blob - libratbox/src/gnutls.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
libratbox: gnutls: add gnutls 3.4 support (closes #123)
[solanum.git] / libratbox / src / gnutls.c
1 /*
2 * libratbox: a library used by ircd-ratbox and other things
3 * gnutls.c: gnutls related code
4 *
5 * Copyright (C) 2007-2008 ircd-ratbox development team
6 * Copyright (C) 2007-2008 Aaron Sethman <androsyn@ratbox.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
21 * USA
22 *
23 * $Id: gnutls.c 26296 2008-12-13 03:36:00Z androsyn $
24 */
25
26 #include <libratbox_config.h>
27 #include <ratbox_lib.h>
28 #include <commio-int.h>
29 #include <commio-ssl.h>
30 #ifdef HAVE_GNUTLS
31
32 #include <gnutls/gnutls.h>
33 #include <gnutls/x509.h>
34 #include <gnutls/crypto.h>
35
36 #if GNUTLS_VERSION_MAJOR < 3
37 # include <gcrypt.h>
38 #endif
39
40 static gnutls_certificate_credentials x509;
41 static gnutls_dh_params dh_params;
42 static gnutls_priority_t default_priority;
43
44 /* These are all used for getting GnuTLS to supply a client cert. */
45 #define MAX_CERTS 6
46 static unsigned int x509_cert_count;
47 static gnutls_x509_crt_t x509_cert[MAX_CERTS];
48 static gnutls_x509_privkey_t x509_key;
49 #if GNUTLS_VERSION_MAJOR < 3
50 static int cert_callback(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs,
51 const gnutls_pk_algorithm_t *sign_algos, int sign_algos_len, gnutls_retr_st *st);
52 #else
53 static int cert_callback(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs,
54 const gnutls_pk_algorithm_t *sign_algos, int sign_algos_len, gnutls_retr2_st *st);
55 #endif
56
57 #define SSL_P(x) *((gnutls_session_t *)F->ssl)
58
59 void
60 rb_ssl_shutdown(rb_fde_t *F)
61 {
62 int i;
63 if(F == NULL || F->ssl == NULL)
64 return;
65 for(i = 0; i < 4; i++)
66 {
67 if(gnutls_bye(SSL_P(F), GNUTLS_SHUT_RDWR) == GNUTLS_E_SUCCESS)
68 break;
69 }
70 gnutls_deinit(SSL_P(F));
71 rb_free(F->ssl);
72 }
73
74 unsigned int
75 rb_ssl_handshake_count(rb_fde_t *F)
76 {
77 return F->handshake_count;
78 }
79
80 void
81 rb_ssl_clear_handshake_count(rb_fde_t *F)
82 {
83 F->handshake_count = 0;
84 }
85
86 static void
87 rb_ssl_timeout(rb_fde_t *F, void *notused)
88 {
89 lrb_assert(F->accept != NULL);
90 F->accept->callback(F, RB_ERR_TIMEOUT, NULL, 0, F->accept->data);
91 }
92
93
94 static int
95 do_ssl_handshake(rb_fde_t *F, PF * callback, void *data)
96 {
97 int ret;
98 int flags;
99
100 ret = gnutls_handshake(SSL_P(F));
101 if(ret < 0)
102 {
103 if((ret == GNUTLS_E_INTERRUPTED && rb_ignore_errno(errno)) || ret == GNUTLS_E_AGAIN)
104 {
105 if(gnutls_record_get_direction(SSL_P(F)) == 0)
106 flags = RB_SELECT_READ;
107 else
108 flags = RB_SELECT_WRITE;
109 rb_setselect(F, flags, callback, data);
110 return 0;
111 }
112 F->ssl_errno = ret;
113 return -1;
114 }
115 return 1; /* handshake is finished..go about life */
116 }
117
118 static void
119 rb_ssl_tryaccept(rb_fde_t *F, void *data)
120 {
121 int ret;
122 struct acceptdata *ad;
123
124 lrb_assert(F->accept != NULL);
125
126 ret = do_ssl_handshake(F, rb_ssl_tryaccept, NULL);
127
128 /* do_ssl_handshake does the rb_setselect */
129 if(ret == 0)
130 return;
131
132 ad = F->accept;
133 F->accept = NULL;
134 rb_settimeout(F, 0, NULL, NULL);
135 rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE, NULL, NULL);
136
137 if(ret > 0)
138 ad->callback(F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data);
139 else
140 ad->callback(F, RB_ERROR_SSL, NULL, 0, ad->data);
141
142 rb_free(ad);
143 }
144
145 void
146 rb_ssl_start_accepted(rb_fde_t *new_F, ACCB * cb, void *data, int timeout)
147 {
148 gnutls_session_t *ssl;
149 new_F->type |= RB_FD_SSL;
150 ssl = new_F->ssl = rb_malloc(sizeof(gnutls_session_t));
151 new_F->accept = rb_malloc(sizeof(struct acceptdata));
152
153 new_F->accept->callback = cb;
154 new_F->accept->data = data;
155 rb_settimeout(new_F, timeout, rb_ssl_timeout, NULL);
156
157 new_F->accept->addrlen = 0;
158
159 gnutls_init(ssl, GNUTLS_SERVER);
160 gnutls_set_default_priority(*ssl);
161 gnutls_credentials_set(*ssl, GNUTLS_CRD_CERTIFICATE, x509);
162 gnutls_dh_set_prime_bits(*ssl, 1024);
163 gnutls_transport_set_ptr(*ssl, (gnutls_transport_ptr_t) (long int)new_F->fd);
164 gnutls_certificate_server_set_request(*ssl, GNUTLS_CERT_REQUEST);
165 gnutls_priority_set(SSL_P(F), default_priority);
166
167 if(do_ssl_handshake(new_F, rb_ssl_tryaccept, NULL))
168 {
169 struct acceptdata *ad = new_F->accept;
170 new_F->accept = NULL;
171 ad->callback(new_F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data);
172 rb_free(ad);
173 }
174
175 }
176
177
178
179
180 void
181 rb_ssl_accept_setup(rb_fde_t *F, rb_fde_t *new_F, struct sockaddr *st, int addrlen)
182 {
183 new_F->type |= RB_FD_SSL;
184 new_F->ssl = rb_malloc(sizeof(gnutls_session_t));
185 new_F->accept = rb_malloc(sizeof(struct acceptdata));
186
187 new_F->accept->callback = F->accept->callback;
188 new_F->accept->data = F->accept->data;
189 rb_settimeout(new_F, 10, rb_ssl_timeout, NULL);
190 memcpy(&new_F->accept->S, st, addrlen);
191 new_F->accept->addrlen = addrlen;
192
193 gnutls_init((gnutls_session_t *) new_F->ssl, GNUTLS_SERVER);
194 gnutls_set_default_priority(SSL_P(new_F));
195 gnutls_credentials_set(SSL_P(new_F), GNUTLS_CRD_CERTIFICATE, x509);
196 gnutls_dh_set_prime_bits(SSL_P(new_F), 1024);
197 gnutls_transport_set_ptr(SSL_P(new_F), (gnutls_transport_ptr_t) (long int)rb_get_fd(new_F));
198 gnutls_certificate_server_set_request(SSL_P(new_F), GNUTLS_CERT_REQUEST);
199 gnutls_priority_set(SSL_P(F), default_priority);
200
201 if(do_ssl_handshake(F, rb_ssl_tryaccept, NULL))
202 {
203 struct acceptdata *ad = F->accept;
204 F->accept = NULL;
205 ad->callback(F, RB_OK, (struct sockaddr *)&ad->S, ad->addrlen, ad->data);
206 rb_free(ad);
207 }
208 }
209
210
211
212
213 static ssize_t
214 rb_ssl_read_or_write(int r_or_w, rb_fde_t *F, void *rbuf, const void *wbuf, size_t count)
215 {
216 ssize_t ret;
217 gnutls_session_t *ssl = F->ssl;
218
219 if(r_or_w == 0)
220 ret = gnutls_record_recv(*ssl, rbuf, count);
221 else
222 ret = gnutls_record_send(*ssl, wbuf, count);
223
224 if(ret < 0)
225 {
226 switch (ret)
227 {
228 case GNUTLS_E_AGAIN:
229 case GNUTLS_E_INTERRUPTED:
230 if(rb_ignore_errno(errno))
231 {
232 if(gnutls_record_get_direction(*ssl) == 0)
233 return RB_RW_SSL_NEED_READ;
234 else
235 return RB_RW_SSL_NEED_WRITE;
236 break;
237 }
238 default:
239 F->ssl_errno = ret;
240 errno = EIO;
241 return RB_RW_IO_ERROR;
242 }
243 }
244 return ret;
245 }
246
247 ssize_t
248 rb_ssl_read(rb_fde_t *F, void *buf, size_t count)
249 {
250 return rb_ssl_read_or_write(0, F, buf, NULL, count);
251 }
252
253 ssize_t
254 rb_ssl_write(rb_fde_t *F, const void *buf, size_t count)
255 {
256 return rb_ssl_read_or_write(1, F, NULL, buf, count);
257 }
258
259 static void
260 rb_gcry_random_seed(void *unused)
261 {
262 #if GNUTLS_VERSION_MAJOR < 3
263 gcry_fast_random_poll();
264 #endif
265 }
266
267 int
268 rb_init_ssl(void)
269 {
270 gnutls_global_init();
271
272 if(gnutls_certificate_allocate_credentials(&x509) != GNUTLS_E_SUCCESS)
273 {
274 rb_lib_log("rb_init_ssl: Unable to allocate SSL/TLS certificate credentials");
275 return 0;
276 }
277
278 #if GNUTLS_VERSION_MAJOR < 3
279 gnutls_certificate_client_set_retrieve_function(x509, cert_callback);
280 #else
281 gnutls_certificate_set_retrieve_function(x509, cert_callback);
282 #endif
283
284 rb_event_addish("rb_gcry_random_seed", rb_gcry_random_seed, NULL, 300);
285 return 1;
286 }
287
288 /* We only have one certificate to authenticate with, as both client and server. Unfortunately,
289 * GnuTLS tries to be clever, and as client, will attempt to use a certificate that the server
290 * will trust. We usually use self-signed certs, though, so the result of this search is always
291 * nothing. Therefore, it uses no certificate to authenticate as a client. This is undesirable
292 * as it breaks fingerprint auth. Thus, we use this callback to force GnuTLS to always
293 * authenticate with our certificate at all times.
294 */
295 #if GNUTLS_VERSION_MAJOR < 3
296 static int
297 cert_callback(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs,
298 const gnutls_pk_algorithm_t *sign_algos, int sign_algos_len, gnutls_retr_st *st)
299 #else
300 static int
301 cert_callback(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs,
302 const gnutls_pk_algorithm_t *sign_algos, int sign_algos_len, gnutls_retr2_st *st)
303 #endif
304 {
305 /* XXX - ugly hack. Tell GnuTLS to use the first (only) certificate we have for auth. */
306 st->type = GNUTLS_CRT_X509;
307 st->ncerts = x509_cert_count;
308 st->cert.x509 = x509_cert;
309 st->key.x509 = x509_key;
310
311 return 0;
312 }
313
314 static void
315 rb_free_datum_t(gnutls_datum_t * d)
316 {
317 rb_free(d->data);
318 rb_free(d);
319 }
320
321 static gnutls_datum_t *
322 rb_load_file_into_datum_t(const char *file)
323 {
324 FILE *f;
325 gnutls_datum_t *datum;
326 struct stat fileinfo;
327 if((f = fopen(file, "r")) == NULL)
328 return NULL;
329 if(fstat(fileno(f), &fileinfo))
330 return NULL;
331
332 datum = rb_malloc(sizeof(gnutls_datum_t));
333
334 if(fileinfo.st_size > 131072) /* deal with retards */
335 datum->size = 131072;
336 else
337 datum->size = fileinfo.st_size;
338
339 datum->data = rb_malloc(datum->size + 1);
340 fread(datum->data, datum->size, 1, f);
341 fclose(f);
342 return datum;
343 }
344
345 int
346 rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list)
347 {
348 int ret;
349 const char *err;
350 gnutls_datum_t *d_cert, *d_key;
351 if(cert == NULL)
352 {
353 rb_lib_log("rb_setup_ssl_server: No certificate file");
354 return 0;
355 }
356
357 if((d_cert = rb_load_file_into_datum_t(cert)) == NULL)
358 {
359 rb_lib_log("rb_setup_ssl_server: Error loading certificate: %s", strerror(errno));
360 return 0;
361 }
362
363 if((d_key = rb_load_file_into_datum_t(keyfile)) == NULL)
364 {
365 rb_lib_log("rb_setup_ssl_server: Error loading key: %s", strerror(errno));
366 return 0;
367 }
368
369 /* In addition to creating the certificate set, we also need to store our cert elsewhere
370 * so we can force GnuTLS to identify with it when acting as a client.
371 */
372 gnutls_x509_privkey_init(&x509_key);
373 if ((ret = gnutls_x509_privkey_import(x509_key, d_key, GNUTLS_X509_FMT_PEM)) != GNUTLS_E_SUCCESS)
374 {
375 rb_lib_log("rb_setup_ssl_server: Error loading key file: %s", gnutls_strerror(ret));
376 return 0;
377 }
378
379 x509_cert_count = MAX_CERTS;
380 if ((ret = gnutls_x509_crt_list_import(x509_cert, &x509_cert_count, d_cert, GNUTLS_X509_FMT_PEM,
381 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) < 0)
382 {
383 rb_lib_log("rb_setup_ssl_server: Error loading certificate: %s", gnutls_strerror(ret));
384 return 0;
385 }
386 x509_cert_count = ret;
387
388 if((ret =
389 gnutls_certificate_set_x509_key_mem(x509, d_cert, d_key,
390 GNUTLS_X509_FMT_PEM)) != GNUTLS_E_SUCCESS)
391 {
392 rb_lib_log("rb_setup_ssl_server: Error loading certificate or key file: %s",
393 gnutls_strerror(ret));
394 return 0;
395 }
396
397 rb_free_datum_t(d_cert);
398 rb_free_datum_t(d_key);
399
400 if(dhfile != NULL)
401 {
402 if(gnutls_dh_params_init(&dh_params) == GNUTLS_E_SUCCESS)
403 {
404 gnutls_datum_t *data;
405 int xret;
406 data = rb_load_file_into_datum_t(dhfile);
407 if(data != NULL)
408 {
409 xret = gnutls_dh_params_import_pkcs3(dh_params, data,
410 GNUTLS_X509_FMT_PEM);
411 if(xret < 0)
412 rb_lib_log
413 ("rb_setup_ssl_server: Error parsing DH file: %s\n",
414 gnutls_strerror(xret));
415 rb_free_datum_t(data);
416 }
417 gnutls_certificate_set_dh_params(x509, dh_params);
418 }
419 else
420 rb_lib_log("rb_setup_ssl_server: Unable to setup DH parameters");
421 }
422
423 ret = gnutls_priority_init(&default_priority, cipher_list, &err);
424 if (ret < 0)
425 {
426 rb_lib_log("rb_setup_ssl_server: syntax error (using defaults instead) in ssl cipher list at: %s", err);
427 gnutls_priority_init(&default_priority, NULL, &err);
428 return 1;
429 }
430
431 return 1;
432 }
433
434 int
435 rb_ssl_listen(rb_fde_t *F, int backlog, int defer_accept)
436 {
437 int result;
438
439 result = rb_listen(F, backlog, defer_accept);
440 F->type = RB_FD_SOCKET | RB_FD_LISTEN | RB_FD_SSL;
441
442 return result;
443 }
444
445 struct ssl_connect
446 {
447 CNCB *callback;
448 void *data;
449 int timeout;
450 };
451
452 static void
453 rb_ssl_connect_realcb(rb_fde_t *F, int status, struct ssl_connect *sconn)
454 {
455 F->connect->callback = sconn->callback;
456 F->connect->data = sconn->data;
457 rb_free(sconn);
458 rb_connect_callback(F, status);
459 }
460
461 static void
462 rb_ssl_tryconn_timeout_cb(rb_fde_t *F, void *data)
463 {
464 rb_ssl_connect_realcb(F, RB_ERR_TIMEOUT, data);
465 }
466
467 static void
468 rb_ssl_tryconn_cb(rb_fde_t *F, void *data)
469 {
470 struct ssl_connect *sconn = data;
471 int ret;
472
473 ret = do_ssl_handshake(F, rb_ssl_tryconn_cb, (void *)sconn);
474
475 switch (ret)
476 {
477 case -1:
478 rb_ssl_connect_realcb(F, RB_ERROR_SSL, sconn);
479 break;
480 case 0:
481 /* do_ssl_handshake does the rb_setselect stuff */
482 return;
483 default:
484 break;
485
486
487 }
488 rb_ssl_connect_realcb(F, RB_OK, sconn);
489 }
490
491 static void
492 rb_ssl_tryconn(rb_fde_t *F, int status, void *data)
493 {
494 struct ssl_connect *sconn = data;
495 if(status != RB_OK)
496 {
497 rb_ssl_connect_realcb(F, status, sconn);
498 return;
499 }
500
501 F->type |= RB_FD_SSL;
502
503
504 rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
505 F->ssl = rb_malloc(sizeof(gnutls_session_t));
506 gnutls_init(F->ssl, GNUTLS_CLIENT);
507 gnutls_set_default_priority(SSL_P(F));
508 gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, x509);
509 gnutls_dh_set_prime_bits(SSL_P(F), 1024);
510 gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd);
511 gnutls_priority_set(SSL_P(F), default_priority);
512
513 do_ssl_handshake(F, rb_ssl_tryconn_cb, (void *)sconn);
514 }
515
516 void
517 rb_connect_tcp_ssl(rb_fde_t *F, struct sockaddr *dest,
518 struct sockaddr *clocal, int socklen, CNCB * callback, void *data, int timeout)
519 {
520 struct ssl_connect *sconn;
521 if(F == NULL)
522 return;
523
524 sconn = rb_malloc(sizeof(struct ssl_connect));
525 sconn->data = data;
526 sconn->callback = callback;
527 sconn->timeout = timeout;
528 rb_connect_tcp(F, dest, clocal, socklen, rb_ssl_tryconn, sconn, timeout);
529
530 }
531
532 void
533 rb_ssl_start_connected(rb_fde_t *F, CNCB * callback, void *data, int timeout)
534 {
535 struct ssl_connect *sconn;
536 if(F == NULL)
537 return;
538
539 sconn = rb_malloc(sizeof(struct ssl_connect));
540 sconn->data = data;
541 sconn->callback = callback;
542 sconn->timeout = timeout;
543 F->connect = rb_malloc(sizeof(struct conndata));
544 F->connect->callback = callback;
545 F->connect->data = data;
546 F->type |= RB_FD_SSL;
547 F->ssl = rb_malloc(sizeof(gnutls_session_t));
548
549 gnutls_init(F->ssl, GNUTLS_CLIENT);
550 gnutls_set_default_priority(SSL_P(F));
551 gnutls_credentials_set(SSL_P(F), GNUTLS_CRD_CERTIFICATE, x509);
552 gnutls_dh_set_prime_bits(SSL_P(F), 1024);
553 gnutls_transport_set_ptr(SSL_P(F), (gnutls_transport_ptr_t) (long int)F->fd);
554 gnutls_priority_set(SSL_P(F), default_priority);
555
556 rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
557
558 do_ssl_handshake(F, rb_ssl_tryconn_cb, (void *)sconn);
559 }
560
561 int
562 rb_init_prng(const char *path, prng_seed_t seed_type)
563 {
564 #if GNUTLS_VERSION_MAJOR < 3
565 gcry_fast_random_poll();
566 #else
567 gnutls_rnd_refresh();
568 #endif
569 return 1;
570 }
571
572 int
573 rb_get_random(void *buf, size_t length)
574 {
575 #if GNUTLS_VERSION_MAJOR < 3
576 gcry_randomize(buf, length, GCRY_STRONG_RANDOM);
577 #else
578 gnutls_rnd(GNUTLS_RND_KEY, buf, length);
579 #endif
580 return 1;
581 }
582
583 const char *
584 rb_get_ssl_strerror(rb_fde_t *F)
585 {
586 return gnutls_strerror(F->ssl_errno);
587 }
588
589 int
590 rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
591 {
592 gnutls_x509_crt_t cert;
593 gnutls_digest_algorithm_t algo;
594 unsigned int cert_list_size;
595 const gnutls_datum_t *cert_list;
596 uint8_t digest[RB_SSL_CERTFP_LEN * 2];
597 size_t digest_size;
598 int len;
599
600 if (gnutls_certificate_type_get(SSL_P(F)) != GNUTLS_CRT_X509)
601 return 0;
602
603 if (gnutls_x509_crt_init(&cert) < 0)
604 return 0;
605
606 cert_list_size = 0;
607 cert_list = gnutls_certificate_get_peers(SSL_P(F), &cert_list_size);
608 if (cert_list == NULL)
609 {
610 gnutls_x509_crt_deinit(cert);
611 return 0;
612 }
613
614 if (gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0)
615 {
616 gnutls_x509_crt_deinit(cert);
617 return 0;
618 }
619
620 switch(method)
621 {
622 case RB_SSL_CERTFP_METH_SHA1:
623 algo = GNUTLS_DIG_SHA1;
624 len = RB_SSL_CERTFP_LEN_SHA1;
625 break;
626 case RB_SSL_CERTFP_METH_SHA256:
627 algo = GNUTLS_DIG_SHA256;
628 len = RB_SSL_CERTFP_LEN_SHA256;
629 break;
630 case RB_SSL_CERTFP_METH_SHA512:
631 algo = GNUTLS_DIG_SHA512;
632 len = RB_SSL_CERTFP_LEN_SHA512;
633 break;
634 default:
635 return 0;
636 }
637
638 if (gnutls_x509_crt_get_fingerprint(cert, algo, digest, &digest_size) < 0)
639 {
640 gnutls_x509_crt_deinit(cert);
641 return 0;
642 }
643
644 memcpy(certfp, digest, len);
645
646 gnutls_x509_crt_deinit(cert);
647 return len;
648 }
649
650 int
651 rb_supports_ssl(void)
652 {
653 return 1;
654 }
655
656 void
657 rb_get_ssl_info(char *buf, size_t len)
658 {
659 rb_snprintf(buf, len, "GNUTLS: compiled (%s), library(%s)",
660 LIBGNUTLS_VERSION, gnutls_check_version(NULL));
661 }
662
663 const char *
664 rb_ssl_get_cipher(rb_fde_t *F)
665 {
666 static char buf[1024];
667
668 rb_snprintf(buf, sizeof(buf), "%s-%s-%s-%s",
669 gnutls_protocol_get_name(gnutls_protocol_get_version(SSL_P(F))),
670 gnutls_kx_get_name(gnutls_kx_get(SSL_P(F))),
671 gnutls_cipher_get_name(gnutls_cipher_get(SSL_P(F))),
672 gnutls_mac_get_name(gnutls_mac_get(SSL_P(F))));
673
674 return buf;
675 }
676
677 #endif /* HAVE_GNUTLS */
Fork of solanum ircd, history is rebased regularly