+ /** Priorities for ciphers, compression methods, etc.
+ */
+ Priority priority;
+
+ Profile(const std::string& profilename, const std::string& certstr, const std::string& keystr,
+ std::auto_ptr<DHParams>& DH, unsigned int mindh, const std::string& hashstr,
+ const std::string& priostr, std::auto_ptr<X509CertList>& CA, std::auto_ptr<X509CRL>& CRL)
+ : name(profilename)
+ , x509cred(certstr, keystr)
+ , min_dh_bits(mindh)
+ , hash(hashstr)
+ , priority(priostr)
+ {
+ x509cred.SetDH(DH);
+ x509cred.SetCA(CA, CRL);
+ }
+
+ static std::string ReadFile(const std::string& filename)
+ {
+ FileReader reader(filename);
+ std::string ret = reader.GetString();
+ if (ret.empty())
+ throw Exception("Cannot read file " + filename);
+ return ret;
+ }
+
+ public:
+ static reference<Profile> Create(const std::string& profilename, ConfigTag* tag)
+ {
+ std::string certstr = ReadFile(tag->getString("certfile", "cert.pem"));
+ std::string keystr = ReadFile(tag->getString("keyfile", "key.pem"));
+
+ std::auto_ptr<DHParams> dh;
+ int gendh = tag->getInt("gendh");
+ if (gendh)
+ {
+ gendh = (gendh < 1024 ? 1024 : gendh);
+ dh = DHParams::Generate(gendh);
+ }
+ else
+ dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem")));
+
+ // Use default priority string if this tag does not specify one
+ std::string priostr = tag->getString("priority", "NORMAL");
+ unsigned int mindh = tag->getInt("mindhbits", 1024);
+ std::string hashstr = tag->getString("hash", "md5");
+
+ // Load trusted CA and revocation list, if set
+ std::auto_ptr<X509CertList> ca;
+ std::auto_ptr<X509CRL> crl;
+ std::string filename = tag->getString("cafile");
+ if (!filename.empty())
+ {
+ ca.reset(new X509CertList(ReadFile(filename)));
+
+ filename = tag->getString("crlfile");
+ if (!filename.empty())
+ crl.reset(new X509CRL(ReadFile(filename)));
+ }
+
+ return new Profile(profilename, certstr, keystr, dh, mindh, hashstr, priostr, ca, crl);
+ }
+
+ /** Set up the given session with the settings in this profile
+ */
+ void SetupSession(gnutls_session_t sess)
+ {
+ priority.SetupSession(sess);
+ x509cred.SetupSession(sess);
+ gnutls_dh_set_prime_bits(sess, min_dh_bits);
+ }
+
+ const std::string& GetName() const { return name; }
+ X509Credentials& GetX509Credentials() { return x509cred; }
+ gnutls_digest_algorithm_t GetHash() const { return hash.get(); }
+ };
+}
+
+class GnuTLSIOHook : public SSLIOHook
+{
+ private:
+ gnutls_session_t sess;
+ issl_status status;
+ reference<GnuTLS::Profile> profile;
+
+ void InitSession(StreamSocket* user, bool me_server)