From 2c1451b5d1bbb33706432cc632289e0cbbdd6cbd Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Thu, 4 Mar 2010 10:57:03 +0100 Subject: new libspice api: configure tls Signed-off-by: Gerd Hoffmann --- server/reds.c | 45 +++++++++++++++++++++++++++++++++++++++++++-- server/spice.h | 4 ++++ 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/server/reds.c b/server/reds.c index f6f43840..30dc7c0a 100644 --- a/server/reds.c +++ b/server/reds.c @@ -3276,10 +3276,14 @@ static void reds_init_ssl() SSL_CTX_set_verify_depth(reds->ctx, 1); #endif - load_dh_params(reds->ctx, ssl_parameters.dh_key_file); + if (strlen(ssl_parameters.dh_key_file) > 0) { + load_dh_params(reds->ctx, ssl_parameters.dh_key_file); + } SSL_CTX_set_session_id_context(reds->ctx, (const unsigned char *)"SPICE", 5); - SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite); + if (strlen(ssl_parameters.ciphersuite) > 0) { + SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite); + } openssl_thread_setup(); @@ -5546,6 +5550,43 @@ int spice_server_set_ticket(SpiceServer *s, const char *passwd, int lifetime, return 0; } +int spice_server_set_tls(SpiceServer *s, int port, + const char *ca_cert_file, const char *certs_file, + const char *private_key_file, const char *key_passwd, + const char *dh_key_file, const char *ciphersuite) +{ + ASSERT(reds == s); + if (port == 0 || ca_cert_file == NULL || certs_file == NULL || + private_key_file == NULL) { + return -1; + } + if (port < 0 || port > 0xffff) + return -1; + memset(&ssl_parameters, 0, sizeof(ssl_parameters)); + + spice_secure_port = port; + strncpy(ssl_parameters.ca_certificate_file, ca_cert_file, + sizeof(ssl_parameters.ca_certificate_file)-1); + strncpy(ssl_parameters.certs_file, certs_file, + sizeof(ssl_parameters.certs_file)-1); + strncpy(ssl_parameters.private_key_file, private_key_file, + sizeof(ssl_parameters.private_key_file)-1); + + if (key_passwd) { + strncpy(ssl_parameters.keyfile_password, key_passwd, + sizeof(ssl_parameters.keyfile_password)-1); + } + if (ciphersuite) { + strncpy(ssl_parameters.ciphersuite, ciphersuite, + sizeof(ssl_parameters.ciphersuite)-1); + } + if (dh_key_file) { + strncpy(ssl_parameters.dh_key_file, dh_key_file, + sizeof(ssl_parameters.dh_key_file)-1); + } + return 0; +} + int spice_server_add_interface(SpiceServer *s, VDInterface *interface) { ASSERT(reds == s); diff --git a/server/spice.h b/server/spice.h index c72b3059..015ed895 100644 --- a/server/spice.h +++ b/server/spice.h @@ -36,6 +36,10 @@ int spice_server_set_port(SpiceServer *s, int port); int spice_server_set_noauth(SpiceServer *s); int spice_server_set_ticket(SpiceServer *s, const char *passwd, int lifetime, int fail_if_connected, int disconnect_if_connected); +int spice_server_set_tls(SpiceServer *s, int port, + const char *ca_cert_file, const char *certs_file, + const char *private_key_file, const char *key_passwd, + const char *dh_key_file, const char *ciphersuite); int spice_server_add_interface(SpiceServer *s, VDInterface *interface); int spice_server_remove_interface(SpiceServer *s, VDInterface *interface); -- cgit