diff options
-rw-r--r-- | configure.ac | 1 | ||||
-rw-r--r-- | doc/cha-intro-tls.texi | 15 | ||||
-rw-r--r-- | lib/ext/Makefile.am | 4 | ||||
-rw-r--r-- | lib/ext/alpn.c | 326 | ||||
-rw-r--r-- | lib/ext/alpn.h | 39 | ||||
-rw-r--r-- | lib/gnutls_extensions.c | 7 | ||||
-rw-r--r-- | lib/gnutls_int.h | 1 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 7 | ||||
-rw-r--r-- | lib/libgnutls.map | 2 | ||||
-rw-r--r-- | m4/hooks.m4 | 14 | ||||
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/mini-alpn.c | 322 |
12 files changed, 739 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 3f33c25e8a..747eb4cc35 100644 --- a/configure.ac +++ b/configure.ac @@ -649,6 +649,7 @@ AC_MSG_NOTICE([Optional features: if features are disabled) DTLS-SRTP support: $ac_enable_srtp + ALPN support: $ac_enable_alpn OCSP support: $ac_enable_ocsp OpenPGP support: $ac_enable_openpgp SRP support: $ac_enable_srp diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index d9c90c963f..1e16a28fa9 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -404,6 +404,7 @@ and they will be discussed in the subsections that follow. * Safe renegotiation:: * OCSP status request:: * SRTP:: +* Application Layer Protocol Negotiation (ALPN):: @end menu @node Maximum fragment length negotiation @@ -622,6 +623,20 @@ Other helper functions are listed below. @showfuncC{gnutls_srtp_get_selected_profile,gnutls_srtp_get_profile_name,gnutls_srtp_get_profile_id} +@node Application Layer Protocol Negotiation (ALPN) +@subsection Application Layer Protocol Negotiation (ALPN) +@cindex ALPN +@cindex Application Layer Protocol Negotiation + +The TLS protocol was extended in @code{draft-ietf-tls-applayerprotoneg-00} +to provide the application layer a method of +negotiating the application protocol version. This allows for negotiation +of the application protocol during the TLS handshake, thus reducing +round-trips. The application protocol is described by an opaque +string. To enable, use the following functions. + +@showfuncB{gnutls_alpn_set_protocols,gnutls_alpn_get_selected_protocol} + @include sec-tls-app.texi @node On SSL 2 and older protocols diff --git a/lib/ext/Makefile.am b/lib/ext/Makefile.am index 604fce1034..5572430602 100644 --- a/lib/ext/Makefile.am +++ b/lib/ext/Makefile.am @@ -42,6 +42,10 @@ libgnutls_ext_la_SOURCES = max_record.c cert_type.c \ status_request.h status_request.c new_record_padding.c \ new_record_padding.h +if ENABLE_ALPN +libgnutls_ext_la_SOURCES += alpn.c alpn.h +endif + if ENABLE_DTLS_SRTP libgnutls_ext_la_SOURCES += srtp.c srtp.h endif diff --git a/lib/ext/alpn.c b/lib/ext/alpn.c new file mode 100644 index 0000000000..4f19f0752e --- /dev/null +++ b/lib/ext/alpn.c @@ -0,0 +1,326 @@ +/* + * Copyright (C) 2013 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +#include "gnutls_int.h" +#include "gnutls_auth.h" +#include "gnutls_errors.h" +#include "gnutls_num.h" +#include <ext/alpn.h> + +static int _gnutls_alpn_recv_params (gnutls_session_t session, + const uint8_t * data, + size_t data_size); +static int _gnutls_alpn_send_params (gnutls_session_t session, + gnutls_buffer_st* extdata); + +static int _gnutls_alpn_unpack (gnutls_buffer_st * ps, + extension_priv_data_t * _priv); +static int _gnutls_alpn_pack (extension_priv_data_t _priv, + gnutls_buffer_st * ps); +static void _gnutls_alpn_deinit_data (extension_priv_data_t priv); + + +extension_entry_st ext_mod_alpn = { + .name = "ALPN", + .type = GNUTLS_EXTENSION_ALPN, + .parse_type = GNUTLS_EXT_APPLICATION, + + .recv_func = _gnutls_alpn_recv_params, + .send_func = _gnutls_alpn_send_params, + .pack_func = _gnutls_alpn_pack, + .unpack_func = _gnutls_alpn_unpack, + .deinit_func = _gnutls_alpn_deinit_data, +}; + +static int +_gnutls_alpn_recv_params (gnutls_session_t session, + const uint8_t *data, size_t _data_size) +{ + unsigned int i; + int ret; + const uint8_t *p = data; + unsigned len1, len; + ssize_t data_size = _data_size; + alpn_ext_st *priv; + extension_priv_data_t epriv; + + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN, + &epriv); + if (ret < 0) + return 0; + + priv = epriv.ptr; + + DECR_LENGTH_RET (data_size, 2, 0); + len = _gnutls_read_uint16 (p); + p += 2; + + if (len > data_size) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + + if (session->security_parameters.entity == GNUTLS_SERVER) + { + while(data_size > 0) + { + DECR_LENGTH_RET (data_size, 1, 0); + len1 = *p; + p += 1; + DECR_LENGTH_RET (data_size, len1, 0); + + for (i=0;i<priv->size;i++) + if (priv->protocol_size[i] == len1 && memcmp(p, priv->protocols[i], len1) == 0) + { + priv->selected_protocol = priv->protocols[i]; + priv->selected_protocol_size = priv->protocol_size[i]; + break; + } + p += len1; + } + } + else + { + DECR_LENGTH_RET (data_size, 1, 0); + len1 = *p; + p += 1; + DECR_LENGTH_RET (data_size, len1, 0); + + for (i=0;i<priv->size;i++) + if (priv->protocol_size[i] == len1 && memcmp(p, priv->protocols[i], len1) == 0) + { + priv->selected_protocol = priv->protocols[i]; + priv->selected_protocol_size = priv->protocol_size[i]; + break; + } + p += len1; + } + + return 0; +} + +static int +_gnutls_alpn_send_params (gnutls_session_t session, + gnutls_buffer_st* extdata) +{ + unsigned i; + int total_size = 0, ret; + alpn_ext_st *priv; + extension_priv_data_t epriv; + + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN, + &epriv); + if (ret < 0) + return 0; + + priv = epriv.ptr; + + if (priv->size == 0) + return 0; + + if (session->security_parameters.entity == GNUTLS_SERVER) + { + if (priv->selected_protocol_size == 0) + return 0; + + ret = _gnutls_buffer_append_prefix(extdata, 16, priv->selected_protocol_size+1); + if (ret < 0) + return gnutls_assert_val(ret); + + total_size += 2; + + ret = _gnutls_buffer_append_data_prefix(extdata, 8, priv->selected_protocol, priv->selected_protocol_size); + if (ret < 0) + return gnutls_assert_val(ret); + + total_size += 1+priv->selected_protocol_size; + } + else + { + int t = 0; + for (i=0;i<priv->size;i++) + t += priv->protocol_size[i] + 1; + + ret = _gnutls_buffer_append_prefix(extdata, 16, t); + if (ret < 0) + return gnutls_assert_val(ret); + + total_size += 2; + + for (i=0;i<priv->size;i++) + { + ret = _gnutls_buffer_append_data_prefix(extdata, 8, priv->protocols[i], priv->protocol_size[i]); + if (ret < 0) + return gnutls_assert_val(ret); + + total_size += 1+priv->protocol_size[i]; + } + } + + return total_size; +} + +/** + * gnutls_alpn_get_selected_protocol: + * @session: is a #gnutls_session_t structure. + * @protocol: will hold the protocol name + * + * This function allows you to get the negotiated protocol name. The + * returned protocol should be treated as opaque, constant value and + * only valid during the session life. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, + * otherwise a negative error code is returned. + * + * Since 3.1.11 + **/ +int +gnutls_alpn_get_selected_protocol (gnutls_session_t session, + gnutls_datum_t * protocol) +{ + alpn_ext_st *priv; + int ret; + extension_priv_data_t epriv; + + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN, + &epriv); + if (ret < 0) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + priv = epriv.ptr; + + if (priv->selected_protocol_size == 0) + return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + protocol->data = priv->selected_protocol; + protocol->size = priv->selected_protocol_size; + + return 0; +} + +/** + * gnutls_alpn_set_protocols: + * @session: is a #gnutls_session_t structure. + * @protocols: is the protocol names to add. + * @protocols_size: the number of protocols to add. + * + * This function is to be used by both clients and servers, to declare + * the supported ALPN protocols, which are used during peer negotiation. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, + * otherwise a negative error code is returned. + * + * Since 3.1.11 + **/ +int +gnutls_alpn_set_protocols (gnutls_session_t session, + const gnutls_datum_t * protocols, unsigned protocols_size) +{ + int ret; + alpn_ext_st *priv; + extension_priv_data_t epriv; + unsigned i; + + ret = + _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_ALPN, + &epriv); + if (ret < 0) + { + priv = gnutls_calloc (1, sizeof (*priv)); + if (priv == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + epriv.ptr = priv; + _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_ALPN, + epriv); + } + else + priv = epriv.ptr; + + if (protocols_size > MAX_ALPN_PROTOCOLS) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + for (i=0;i<protocols_size;i++) + { + if (protocols[i].size >= MAX_ALPN_PROTOCOL_NAME) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + memcpy(priv->protocols[i], protocols[i].data, protocols[i].size); + priv->protocol_size[i] = protocols[i].size; + priv->size++; + } + + return 0; +} + + +static void +_gnutls_alpn_deinit_data (extension_priv_data_t priv) +{ + gnutls_free (priv.ptr); +} + +static int +_gnutls_alpn_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) +{ + alpn_ext_st *priv = epriv.ptr; + int ret; + + BUFFER_APPEND_PFX4 (ps, priv->selected_protocol, priv->selected_protocol_size); + + return 0; +} + +static int +_gnutls_alpn_unpack (gnutls_buffer_st * ps, + extension_priv_data_t * _priv) +{ + alpn_ext_st *priv; + int ret; + extension_priv_data_t epriv; + + priv = gnutls_calloc (1, sizeof (*priv)); + if (priv == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + BUFFER_POP_NUM (ps, priv->protocol_size[0]); + BUFFER_POP (ps, &priv->protocols[0], priv->protocol_size[0]); + priv->size++; + priv->selected_protocol_size = priv->protocol_size[0]; + priv->selected_protocol = priv->protocols[0]; + + epriv.ptr = priv; + *_priv = epriv; + + return 0; + +error: + gnutls_free (priv); + return ret; +} diff --git a/lib/ext/alpn.h b/lib/ext/alpn.h new file mode 100644 index 0000000000..541bcaeb21 --- /dev/null +++ b/lib/ext/alpn.h @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2013 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ +#ifndef EXT_ALPN_H +#define EXT_ALPN_H + +#include <gnutls_extensions.h> + +#define MAX_ALPN_PROTOCOLS 8 +#define MAX_ALPN_PROTOCOL_NAME 32 + +typedef struct +{ + uint8_t protocols[MAX_ALPN_PROTOCOLS][MAX_ALPN_PROTOCOL_NAME]; + unsigned protocol_size[MAX_ALPN_PROTOCOLS]; + unsigned size; + uint8_t *selected_protocol; + unsigned selected_protocol_size; +} alpn_ext_st; + +extern extension_entry_st ext_mod_alpn; + +#endif diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index f676993ece..99ed731594 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -40,6 +40,7 @@ #include <ext/ecc.h> #include <ext/status_request.h> #include <ext/srtp.h> +#include <ext/alpn.h> #include <ext/new_record_padding.h> #include <gnutls_num.h> @@ -368,6 +369,12 @@ _gnutls_ext_init (void) return ret; #endif +#ifdef ENABLE_ALPN + ret = _gnutls_ext_register (&ext_mod_alpn); + if (ret != GNUTLS_E_SUCCESS) + return ret; +#endif + return GNUTLS_E_SUCCESS; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 14ddfbec15..71ee6c7dcb 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -272,6 +272,7 @@ typedef enum extensions_t GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13, GNUTLS_EXTENSION_SRTP = 14, GNUTLS_EXTENSION_HEARTBEAT = 15, + GNUTLS_EXTENSION_ALPN = 16, GNUTLS_EXTENSION_SESSION_TICKET = 35, GNUTLS_EXTENSION_NEW_RECORD_PADDING = 48015, /* aka: 0xbeaf */ GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */ diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 4d16a46663..672b7566a0 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1045,6 +1045,13 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); int gnutls_srtp_set_mki (gnutls_session_t session, const gnutls_datum_t *mki); int gnutls_srtp_get_mki (gnutls_session_t session, gnutls_datum_t *mki); +/* ALPN TLS extension */ + int gnutls_alpn_get_selected_protocol (gnutls_session_t session, + gnutls_datum_t * protocol); + int gnutls_alpn_set_protocols (gnutls_session_t session, + const gnutls_datum_t * protocols, unsigned protocols_size); + + int gnutls_key_generate (gnutls_datum_t * key, unsigned int key_size); /* if you just want some defaults, use the following. diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 7ae94496c2..f2eb6bbb9f 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -908,6 +908,8 @@ GNUTLS_3_1_0 { gnutls_sign_algorithm_get_client; gnutls_certificate_set_x509_key_mem2; gnutls_certificate_set_x509_key_file2; + gnutls_alpn_get_selected_protocol; + gnutls_alpn_set_protocols; } GNUTLS_3_0_0; GNUTLS_PRIVATE { diff --git a/m4/hooks.m4 b/m4/hooks.m4 index 905e5a4c2c..16f21a1532 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -155,6 +155,20 @@ fi fi AM_CONDITIONAL(ENABLE_DTLS_SRTP, test "$ac_enable_srtp" != "no") + AC_MSG_CHECKING([whether to disable ALPN extension]) + AC_ARG_ENABLE(dtls-alpn-support, + AS_HELP_STRING([--disable-dtls-alpn-support], + [disable support for the Application Layer Protocol Negotiation (ALPN) extension]), + ac_enable_alpn=$enableval,ac_enable_alpn=yes) + if test x$ac_enable_alpn != xno; then + AC_MSG_RESULT(no) + AC_DEFINE([ENABLE_ALPN], 1, [enable ALPN support]) + else + ac_full=0 + AC_MSG_RESULT(yes) + fi + AM_CONDITIONAL(ENABLE_ALPN, test "$ac_enable_alpn" != "no") + ac_enable_heartbeat=yes AC_MSG_CHECKING([whether to disable TLS heartbeat support]) AC_ARG_ENABLE(heartbeat-support, diff --git a/tests/Makefile.am b/tests/Makefile.am index 050a9a49d9..08a7eb6812 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -67,7 +67,7 @@ ctests = mini-deflate simple gc set_pkcs12_cred certder certuniqueid \ nul-in-x509-names x509_altname pkcs12_encode mini-x509 \ mini-rehandshake rng-fork mini-eagain-dtls resume-dtls \ x509cert x509cert-tl infoaccess \ - mini-tdb mini-dtls-rehandshake \ + mini-tdb mini-dtls-rehandshake mini-alpn \ mini-termination mini-x509-cas mini-x509-2 pkcs12_simple \ mini-emsgsize-dtls chainverify-unsorted \ mini-dtls-heartbeat mini-x509-callbacks key-openssl \ diff --git a/tests/mini-alpn.c b/tests/mini-alpn.c new file mode 100644 index 0000000000..8bac7421a8 --- /dev/null +++ b/tests/mini-alpn.c @@ -0,0 +1,322 @@ +/* + * Copyright (C) 2013 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> + +#if defined(_WIN32) || !defined(ENABLE_ALPN) + +int +main (int argc, char** argv) +{ + exit (77); +} + +#else + +#include <string.h> +#include <sys/types.h> +#include <netinet/in.h> +#include <sys/socket.h> +#include <sys/wait.h> +#include <arpa/inet.h> +#include <unistd.h> +#include <gnutls/gnutls.h> +#include <gnutls/dtls.h> + +#include "utils.h" + +static void terminate (void); + +/* This program tests the rehandshake in DTLS + */ + +static void +server_log_func (int level, const char *str) +{ + fprintf (stderr, "server|<%d>| %s", level, str); +} + +static void +client_log_func (int level, const char *str) +{ + fprintf (stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +/* A very basic DTLS client, with anonymous authentication, that negotiates SRTP + */ + +static void +client (int fd, const char* protocol1, const char* protocol2) +{ + gnutls_session_t session; + int ret; + gnutls_datum_t proto; + gnutls_anon_client_credentials_t anoncred; + /* Need to enable anonymous KX specifically. */ + + gnutls_global_init (); + + if (debug) + { + gnutls_global_set_log_function (client_log_func); + gnutls_global_set_log_level (4711); + } + + gnutls_anon_allocate_client_credentials (&anoncred); + + /* Initialize TLS session + */ + gnutls_init (&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct (session, + "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + if (protocol1) + { + gnutls_datum_t t[2]; + t[0].data = (void*)protocol1; + t[0].size = strlen(protocol1); + t[1].data = (void*)protocol2; + t[1].size = strlen(protocol2); + + ret = gnutls_alpn_set_protocols(session, t, 2); + if (ret < 0) + { + gnutls_perror(ret); + exit(1); + } + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd); + + /* Perform the TLS handshake + */ + do + { + ret = gnutls_handshake (session); + } + while (ret < 0 && gnutls_error_is_fatal (ret) == 0); + + if (ret < 0) + { + fail ("client: Handshake failed\n"); + gnutls_perror (ret); + exit (1); + } + else + { + if (debug) + success ("client: Handshake was completed\n"); + } + + if (debug) + success ("client: TLS version is: %s\n", + gnutls_protocol_get_name (gnutls_protocol_get_version + (session))); + + ret = gnutls_alpn_get_selected_protocol(session, &proto); + if (ret < 0) + { + gnutls_perror(ret); + exit(1); + } + + if (debug) + { + fprintf(stderr, "selected protocol: %.*s\n", (int)proto.size, proto.data); + } + + + gnutls_bye (session, GNUTLS_SHUT_WR); + + close (fd); + + gnutls_deinit (session); + + gnutls_anon_free_client_credentials (anoncred); + + gnutls_global_deinit (); +} + +static void +terminate (void) +{ + int status; + + kill (child, SIGTERM); + wait (&status); + exit (1); +} + +static void +server (int fd, const char* protocol1, const char* protocol2) +{ + int ret; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_datum_t t[2]; + + /* this must be called once in the program + */ + gnutls_global_init (); + + if (debug) + { + gnutls_global_set_log_function (server_log_func); + gnutls_global_set_log_level (4711); + } + + gnutls_anon_allocate_server_credentials (&anoncred); + + gnutls_init (&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct (session, + "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + t[0].data = (void*)protocol1; + t[0].size = strlen(protocol1); + t[1].data = (void*)protocol2; + t[1].size = strlen(protocol2); + + ret = gnutls_alpn_set_protocols(session, t, 2); + if (ret < 0) + { + gnutls_perror(ret); + exit(1); + } + + gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd); + + do + { + ret = gnutls_handshake (session); + } + while (ret < 0 && gnutls_error_is_fatal (ret) == 0); + if (ret < 0) + { + close (fd); + gnutls_deinit (session); + fail ("server: Handshake has failed (%s)\n\n", + gnutls_strerror (ret)); + terminate (); + } + if (debug) + success ("server: Handshake was completed\n"); + + if (debug) + success ("server: TLS version is: %s\n", + gnutls_protocol_get_name (gnutls_protocol_get_version + (session))); + + ret = gnutls_alpn_get_selected_protocol(session, &t[0]); + if (ret < 0) + { + gnutls_perror(ret); + exit(1); + } + +#if 0 + if (debug) + { + success ("Protocol: %.*s\n", (int)t[0].size, t[0].data); + } +#endif + + /* do not wait for the peer to close the connection. + */ + gnutls_bye (session, GNUTLS_SHUT_WR); + + close (fd); + gnutls_deinit (session); + + gnutls_anon_free_server_credentials (anoncred); + + gnutls_global_deinit (); + + if (debug) + success ("server: finished\n"); +} + +static void +start (const char* p1, const char* p2) +{ + int fd[2]; + int ret; + + ret = socketpair (AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) + { + perror ("socketpair"); + exit (1); + } + + child = fork (); + if (child < 0) + { + perror ("fork"); + fail ("fork"); + exit (1); + } + + if (child) + { + int status; + /* parent */ + + server (fd[0], p1, p2); + wait (&status); + if (WEXITSTATUS (status) != 0) + fail ("Child died with status %d\n", WEXITSTATUS (status)); + } + else + { + close (fd[0]); + client (fd[1], p2, p1); + exit (0); + } +} + +void +doit (void) +{ + start ("spdy/2", "spdy/3"); + start ("spdy/3", "spdy/2"); +} + +#endif /* _WIN32 */ |