+ public:
+ static reference<Profile> Create(const std::string& profilename, ConfigTag* tag)
+ {
+ std::string certstr = ReadFile(tag->getString("certfile", "cert.pem"));
+ std::string keystr = ReadFile(tag->getString("keyfile", "key.pem"));
+
+ std::auto_ptr<DHParams> dh;
+ int gendh = tag->getInt("gendh");
+ if (gendh)
+ {
+ gendh = (gendh < 1024 ? 1024 : gendh);
+ dh = DHParams::Generate(gendh);
+ }
+ else
+ dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem")));
+
+ // Use default priority string if this tag does not specify one
+ std::string priostr = tag->getString("priority", "NORMAL");
+ unsigned int mindh = tag->getInt("mindhbits", 1024);
+ std::string hashstr = tag->getString("hash", "md5");
+
+ // Load trusted CA and revocation list, if set
+ std::auto_ptr<X509CertList> ca;
+ std::auto_ptr<X509CRL> crl;
+ std::string filename = tag->getString("cafile");
+ if (!filename.empty())
+ {
+ ca.reset(new X509CertList(ReadFile(filename)));
+
+ filename = tag->getString("crlfile");
+ if (!filename.empty())
+ crl.reset(new X509CRL(ReadFile(filename)));
+ }
+
+ return new Profile(profilename, certstr, keystr, dh, mindh, hashstr, priostr, ca, crl);
+ }
+
+ /** Set up the given session with the settings in this profile
+ */
+ void SetupSession(gnutls_session_t sess)
+ {
+ priority.SetupSession(sess);
+ x509cred.SetupSession(sess);
+ gnutls_dh_set_prime_bits(sess, min_dh_bits);
+ }
+
+ const std::string& GetName() const { return name; }
+ X509Credentials& GetX509Credentials() { return x509cred; }
+ gnutls_digest_algorithm_t GetHash() const { return hash.get(); }
+ };
+}
+
+class GnuTLSIOHook : public SSLIOHook
+{
+ private:
+ gnutls_session_t sess;
+ issl_status status;
+ reference<GnuTLS::Profile> profile;
+
+ void InitSession(StreamSocket* user, bool me_server)