[Help-gnutls] Problem with anonymous authentication
Alexei Boyarchenko
trener at hotbox.ru
Mon Jun 7 14:05:37 CEST 2004
Sorry for my bad English!
I am trying to make server with anonymous authentication:
gnutls_anon_server_credentials anon_serv_cred;
static gnutls_dh_params dh_params;
gnutls_session initialize_tls_session()
{
int ret = 0;
gnutls_session session;
ret = gnutls_init(&session, GNUTLS_SERVER);
ret = gnutls_set_default_priority( session);
const int KX_PRIOR[] = {GNUTLS_KX_ANON_DH,0};
ret = gnutls_kx_set_priority(session,KX_PRIOR);
ret = gnutls_credentials_set(session, GNUTLS_CRD_ANON,&anon_serv_cred);
gnutls_certificate_server_set_request( session, GNUTLS_CERT_IGNORE);
gnutls_dh_set_prime_bits( session, DH_BITS);
return session;
}
static int generate_dh_params(void) {
/* Generate Diffie Hellman parameters - for use with DHE
* kx algorithms. These should be discarded and regenerated
* once a day, once a week or once a month. Depending on the
* security requirements.
*/
gnutls_dh_params_init( &dh_params);
gnutls_dh_params_generate2( dh_params, DH_BITS);
return 0;
}
int main()
{
int err, listen_sd, i;
int sd, ret;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
int client_len;
char topbuf[512];
gnutls_session session;
char buffer[MAX_BUF + 1];
const char optval = 1;
/* this must be called once in the program
*/
gnutls_global_init();
ret = gnutls_anon_allocate_server_credentials(&anon_serv_cred); // ret = 0
ret = generate_dh_params(); // ret = 0
gnutls_anon_set_server_dh_params (anon_serv_cred,dh_params);
// anon_serv_cred->dh_params ara set and not NULL both
/* Socket operations
*/
........................................
*/
printf("Server ready. Listening to port '%d'.\n\n", PORT);
client_len = sizeof(sa_cli);
for (;;) {
session = initialize_tls_session();
sd = accept(listen_sd, (SA *) & sa_cli, &client_len);
printf("- connection from %s, port %d\n",
inet_ntoa(sa_cli.sin_addr), ntohs(sa_cli.sin_port));
gnutls_transport_set_ptr( session, (gnutls_transport_ptr)sd);
ret = gnutls_handshake( session);
if (ret < 0) { // ret = -21
closesocket(sd);
gnutls_deinit(session);
fprintf(stderr, "*** Handshake has failed (%s)\n\n",
gnutls_strerror(ret));
continue;
}
gnutls_bye( session, GNUTLS_SHUT_WR); //do not wait for
// the peer to close the connection.
close(sd);
gnutls_deinit(session);
}
closesocket(listen_sd);
gnutls_anon_free_server_credentials(anon_serv_cred);
gnutls_global_deinit();
return 0;
}
While testing I got mistake -"Could not negotiate a supported cipher suite"
When I tryed to debug server i've found that handshaking failed because of all
ciphersuites was removed during _gnutls_remove_unwanted_ciphersuites function in
gnutls_handshake.c
Ciphersuits was removed because check_server_params failed .
...........
else if ( cred_type == GNUTLS_CRD_ANON) {
anon_cred =
_gnutls_get_cred(session->key, cred_type, NULL);
if (anon_cred != NULL) {
dh_params = anon_cred->dh_params;
}
} else return 0; /* no need for params */
/* If the key exchange method needs RSA or DH params,
* but they are not set then remove it.
*/
if (_gnutls_kx_needs_rsa_params( kx) != 0) {
/* needs rsa params. */
if (_gnutls_get_rsa_params( rsa_params)==NULL)
return 1;
}
if (_gnutls_kx_needs_dh_params( kx) != 0) {
/* needs DH params. */
if (_gnutls_get_dh_params( dh_params)==NULL)
return 1;
}
..........
I got _gnutls_get_dh_params( dh_params) = NULL
(dh_params != NULL ,dh_params->params[0] != NULL but dh_params->params[1] = 0)
and all ciphersuites was removed. (((::::
After I call gnutls_anon_set_server_dh_params(anon_serv_cred,dh_params)
anon_serv_cred->dh_params->params[0] != NULL and
anon_serv_cred->dh_params->params[1] != NULL
Please help me find my mistake!!!!!!!!!!!!!!
More information about the Gnutls-help
mailing list