0

I'm trying to connect to a mumble server and TLS is required. I don't know very much about TLS or how it works, but I've been following along with the docs and I seem to understand what's going on a lot of the time. However, I'm a bit stumped by an error I'm getting on the handshake saying that it can't find a file. I'm assuming it's erroring out on the file descriptor for the socket, but I can't seem to figure out why. Here's what I have right now, can anyone direct me to what I'm doing wrong?

#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <gnutls/gnutls.h>

void error(char* msg) {
    perror(msg);
    exit(1);
}

int main()
{
    int sockfd; 
    int portno = 64738;
    struct sockaddr_in serv_addr;
    struct hostent* server;

    //set up socket
    server = gethostbyname("localhost");
    bzero(&serv_addr, sizeof(serv_addr));
    serv_addr.sin_family = AF_INET;
    bcopy(server->h_addr,
          &serv_addr.sin_addr.s_addr,
          server->h_length);
    serv_addr.sin_port = htons(portno);
    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
        error("Couldn't create socket");
    if (connect(sockfd, &serv_addr, sizeof(serv_addr)) < 0 ) 
        error("Connection error");

    //global init
    if (gnutls_global_init() < 0)
        error("Could not globally initialize TLS");

    //session init
    gnutls_session_t* session = malloc(sizeof(gnutls_session_t));
    if (gnutls_init(session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
        error("Could not initialize TLS session");

    //Should eventually use certs, but I don't know how right now
    //gnutls_certificate_credentials_t cert_cred = malloc(sizeof(gnutls_certificate_credentials_t));
    //if (gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS)
    //  
    //For now do it anonymously
    gnutls_anon_client_credentials_t* anon_cred = malloc(sizeof(gnutls_anon_client_credentials_t));
    if (gnutls_credentials_set(*session, GNUTLS_CRD_ANON, anon_cred) != GNUTLS_E_SUCCESS)
        error("Could not set credentials");
    if (gnutls_anon_allocate_client_credentials(anon_cred) != GNUTLS_E_SUCCESS)
        error("Could not allocate credentials");

    //set up socket for tls
    gnutls_transport_set_int(*session, sockfd);

    //do the handshake
    if (gnutls_handshake(*session) != GNUTLS_E_SUCCESS)
        error("TLS handshake failed");

    //deinit
    gnutls_global_deinit();
    printf("Success\n");
    return 0;
}

Any other tips would be greatly appreciated, especially regarding resources for this type of thing, since I can't seem to find anyone else talking about it.

miscsubbin
  • 511
  • 1
  • 5
  • 16
  • Running `strace` on your application could give an indication of which file it's trying to load. My guess would be it's trying to use a default file/directory for CA certificates. – Bruno Feb 28 '14 at 00:25
  • That's interesting, it's trying to open /etc/gnutls/pkcs11.conf. Which I don't know anything about. I wonder what it is. – miscsubbin Feb 28 '14 at 23:51

0 Answers0