search for: start_psk

This is ready for review but needs a bit more real-world testing before I'd be happy about it going upstream. It also needs tests. It does interoperate with qemu, at least in my limited tests. Rich.

...d: could not load TLS certificates"); - return; + return -1; found_certificates: #ifdef HAVE_GNUTLS_CERTIFICATE_SET_KNOWN_DH_PARAMS gnutls_certificate_set_known_dh_params (x509_creds, GNUTLS_SEC_PARAM_MEDIUM); #endif + return 0; +} - debug ("TLS enabled"); +static int +start_psk (void) +{ + int err; + CLEANUP_FREE char *abs_psk_file = NULL; + + /* Make sure the path to the PSK file is absolute. */ + abs_psk_file = realpath (tls_psk, NULL); + if (abs_psk_file == NULL) { + perror (tls_psk); + exit (EXIT_FAILURE); + } + + err = gnutls_psk_allocate_server_credenti...

...lude <gnutls/gnutls.h> > > +static int crypto_auth = 0; Explicit assignment to 0 is not necessary for static variables (and in general, the assignment moves the variable from .bss into .data for a larger binary, although gcc has options for changing this). > +static int > +start_psk (void) > +{ > + int err; > + CLEANUP_FREE char *abs_psk_file = NULL; > + > + /* Make sure the path to the PSK file is absolute. */ > + abs_psk_file = realpath (tls_psk, NULL); > + if (abs_psk_file == NULL) { > + perror (tls_psk); > + exit (EXIT_FAILURE); > +...

v2: * Improved documentation. * Added a test (interop with qemu client).

...urn -1; - conn->using_tls = 1; + conn->using_tls = true; debug ("using TLS on this connection"); } break; diff --git a/server/crypto.c b/server/crypto.c index 5b01684..4638a69 100644 --- a/server/crypto.c +++ b/server/crypto.c @@ -230,7 +230,7 @@ start_psk (void) * and loading the server certificate. */ void -crypto_init (int tls_set_on_cli) +crypto_init (bool tls_set_on_cli) { int err, r; const char *what; @@ -521,7 +521,7 @@ crypto_negotiate_tls (struct connection *conn, int sockin, int sockout) */ void -crypto_init (int tls_set_on...