Commit 5ad04672 authored by Sebastien Decugis's avatar Sebastien Decugis
Browse files

Added proper gcrypt initializer

parent aa61f58e
......@@ -30,6 +30,11 @@ SET(FD_COMMON_GEN_SRC
FIND_PACKAGE(GNUTLS REQUIRED)
INCLUDE_DIRECTORIES(${GNUTLS_INCLUDE_DIRS})
SET(FD_LIBS ${FD_LIBS} ${GNUTLS_LIBRARIES})
find_path(GCRYPT_INCLUDE_DIR NAMES gcrypt.h)
If ( NOT GCRYPT_INCLUDE_DIR )
MESSAGE(SEND_ERROR "Unable to find gcrypt.h, please install libgcrypt-dev or equivalent")
Endif ( NOT GCRYPT_INCLUDE_DIR )
INCLUDE_DIRECTORIES(${GCRYPT_INCLUDE_DIR})
# Building the executable
ADD_EXECUTABLE(freeDiameterd ${FD_COMMON_SRC} ${FD_COMMON_GEN_SRC} main.c)
......
......@@ -121,6 +121,11 @@ void fd_conf_dump()
#endif /* DISABLE_SCTP */
fd_log_debug(" - Pref. proto .. : %s\n", fd_g_config->cnf_flags.pr_tcp ? "TCP" : "SCTP");
fd_log_debug(" - TLS method ... : %s\n", fd_g_config->cnf_flags.tls_alg ? "INBAND" : "Separate port");
fd_log_debug(" TLS : - Certificate .. : %s\n", fd_g_config->cnf_sec_data.cert_file ?: "(none)");
fd_log_debug(" - Private key .. : %s\n", fd_g_config->cnf_sec_data.key_file ?: "(none)");
fd_log_debug(" - CA ........... : %s\n", fd_g_config->cnf_sec_data.ca_file ?: "(none)");
fd_log_debug(" - CRL .......... : %s\n", fd_g_config->cnf_sec_data.crl_file ?: "(none)");
fd_log_debug(" - Priority ..... : %s\n", fd_g_config->cnf_sec_data.prio_string ?: "(default)");
fd_log_debug(" Origin-State-Id ........ : %u\n", fd_g_config->cnf_orstateid);
}
......@@ -202,5 +207,11 @@ int fd_conf_parse()
return EINVAL;
}
/* TLS parameters */
CHECK_GNUTLS_DO( gnutls_certificate_allocate_credentials (&fd_g_config->cnf_sec_data.credentials), return ENOMEM );
CHECK_GNUTLS_DO( gnutls_dh_params_init (&fd_g_config->cnf_sec_data.dh_cache), return ENOMEM );
return 0;
}
......@@ -38,11 +38,9 @@
#include <signal.h>
#include <getopt.h>
#include <locale.h>
#include <gcrypt.h>
#ifdef GCRY_THREAD_OPTION_PTHREAD_IMPL
GCRY_THREAD_OPTION_PTHREAD_IMPL;
#endif /* GCRY_THREAD_OPTION_PTHREAD_IMPL */
/* forward declarations */
static void * sig_hdl(void * arg);
......@@ -79,6 +77,7 @@ int main(int argc, char * argv[])
CHECK_FCT( main_cmdline(argc, argv) );
/* Initialize gnutls */
(void) gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
CHECK_GNUTLS_DO( gnutls_global_init(), return EINVAL );
if ( ! gnutls_check_version(GNUTLS_VERSION) ) {
fprintf(stderr, "The GNUTLS library is too old; found '%s', need '" GNUTLS_VERSION "'\n", gnutls_check_version(NULL));
......
......@@ -11,7 +11,7 @@ OPTION(DEFAULT_CONF_FILE "Default path to configuration file?" OFF)
# Disable SCTP support completly ?
OPTION(DISABLE_SCTP "Disable SCTP support?")
# Disable SCTP support completly ?
# Find TODO items in the code easily ?
OPTION(ERRORS_ON_TODO "(development) Generate compilation errors on TODO items ?" OFF)
......
......@@ -89,8 +89,17 @@ struct fd_config {
} cnf_flags;
struct {
/* GNUTLS global state */
/* Server credential(s) */
/* Credentials parameters */
char * key_file;
char * cert_file;
char * ca_file;
char * crl_file;
char * prio_string;
/* GNUTLS server credential(s) (created from previous files) */
gnutls_certificate_credentials_t credentials;
/* Other GNUTLS global parameters */
gnutls_priority_t prio_cache;
gnutls_dh_params_t dh_cache;
} cnf_sec_data;
uint32_t cnf_orstateid; /* The value to use in Origin-State-Id, default to random value */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment