diff options
Diffstat (limited to 'tls.c')
-rw-r--r-- | tls.c | 17 |
1 files changed, 10 insertions, 7 deletions
@@ -52,28 +52,31 @@ int connect_tls(void) { if (gnutls_certificate_set_x509_system_trust(xcred) < 0) return 3; - if (gnutls_init(&session, GNUTLS_CLIENT) < 0) + if (tls_cert_path && tls_key_path && gnutls_certificate_set_x509_key_file(xcred, tls_cert_path, tls_key_path, GNUTLS_X509_FMT_PEM) < 0) return 4; - if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0) + if (gnutls_init(&session, GNUTLS_CLIENT) < 0) return 5; - if (gnutls_set_default_priority(session) < 0) + if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0) return 6; - if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0) + if (gnutls_set_default_priority(session) < 0) return 7; + + if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0) + return 8; gnutls_session_set_verify_cert(session, address.data, 0); fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) - return 8; + return 9; struct sockaddr sockaddr; resolve(address.data, port.data, &sockaddr); int ret = connect(fd, &sockaddr, sizeof(sockaddr)); if (ret != 0) - return 9; + return 10; gnutls_transport_set_int(session, fd); gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); @@ -82,7 +85,7 @@ int connect_tls(void) { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (ret < 0) - return 10; + return 11; gnutls_record_set_timeout(session, 60000); // 60s |