diff options
author | Gerd Hoffmann <kraxel@redhat.com> | 2010-03-09 14:22:19 +0100 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2010-03-09 14:22:19 +0100 |
commit | b4f5752a0e831d48f022caff7d14106a0e56d142 (patch) | |
tree | c081f9ccf30224a1435a71d915825f861bfa6df0 /server | |
parent | 1ecd01f58693d464dd49c5f7a9b36c2768b2c876 (diff) | |
download | spice-b4f5752a0e831d48f022caff7d14106a0e56d142.tar.gz spice-b4f5752a0e831d48f022caff7d14106a0e56d142.tar.xz spice-b4f5752a0e831d48f022caff7d14106a0e56d142.zip |
new libspice api: configure tls
Diffstat (limited to 'server')
-rw-r--r-- | server/reds.c | 46 | ||||
-rw-r--r-- | server/spice.h | 4 |
2 files changed, 48 insertions, 2 deletions
diff --git a/server/reds.c b/server/reds.c index 121fe050..c1021ae8 100644 --- a/server/reds.c +++ b/server/reds.c @@ -3278,10 +3278,14 @@ static void reds_init_ssl() SSL_CTX_set_verify_depth(reds->ctx, 1); #endif - load_dh_params(reds->ctx, ssl_parameters.dh_key_file); + if (strlen(ssl_parameters.dh_key_file) > 0) { + load_dh_params(reds->ctx, ssl_parameters.dh_key_file); + } SSL_CTX_set_session_id_context(reds->ctx, (const unsigned char *)"SPICE", 5); - SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite); + if (strlen(ssl_parameters.ciphersuite) > 0) { + SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite); + } openssl_thread_setup(); @@ -5560,6 +5564,44 @@ int spice_server_set_ticket(SpiceServer *s, const char *passwd, int lifetime, return 0; } +int spice_server_set_tls(SpiceServer *s, int port, + const char *ca_cert_file, const char *certs_file, + const char *private_key_file, const char *key_passwd, + const char *dh_key_file, const char *ciphersuite) +{ + ASSERT(reds == s); + if (port == 0 || ca_cert_file == NULL || certs_file == NULL || + private_key_file == NULL) { + return -1; + } + if (port < 0 || port > 0xffff) { + return -1; + } + memset(&ssl_parameters, 0, sizeof(ssl_parameters)); + + spice_secure_port = port; + strncpy(ssl_parameters.ca_certificate_file, ca_cert_file, + sizeof(ssl_parameters.ca_certificate_file)-1); + strncpy(ssl_parameters.certs_file, certs_file, + sizeof(ssl_parameters.certs_file)-1); + strncpy(ssl_parameters.private_key_file, private_key_file, + sizeof(ssl_parameters.private_key_file)-1); + + if (key_passwd) { + strncpy(ssl_parameters.keyfile_password, key_passwd, + sizeof(ssl_parameters.keyfile_password)-1); + } + if (ciphersuite) { + strncpy(ssl_parameters.ciphersuite, ciphersuite, + sizeof(ssl_parameters.ciphersuite)-1); + } + if (dh_key_file) { + strncpy(ssl_parameters.dh_key_file, dh_key_file, + sizeof(ssl_parameters.dh_key_file)-1); + } + return 0; +} + int spice_server_add_interface(SpiceServer *s, VDInterface *interface) { ASSERT(reds == s); diff --git a/server/spice.h b/server/spice.h index c72b3059..015ed895 100644 --- a/server/spice.h +++ b/server/spice.h @@ -36,6 +36,10 @@ int spice_server_set_port(SpiceServer *s, int port); int spice_server_set_noauth(SpiceServer *s); int spice_server_set_ticket(SpiceServer *s, const char *passwd, int lifetime, int fail_if_connected, int disconnect_if_connected); +int spice_server_set_tls(SpiceServer *s, int port, + const char *ca_cert_file, const char *certs_file, + const char *private_key_file, const char *key_passwd, + const char *dh_key_file, const char *ciphersuite); int spice_server_add_interface(SpiceServer *s, VDInterface *interface); int spice_server_remove_interface(SpiceServer *s, VDInterface *interface); |