[packages/gnutls.git] / gnutls-fix.patch

diff -Nur gnutls-1.2.0/doc/examples.orig/ex-client1.c gnutls-1.2.0/doc/examples/ex-client1.c
--- gnutls-1.2.0/doc/examples.orig/ex-client1.c	1970-01-01 01:00:00.000000000 +0100
+++ gnutls-1.2.0/doc/examples/ex-client1.c	2005-02-28 19:46:21.821264960 +0100
@@ -0,0 +1,128 @@
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <gnutls/gnutls.h>
+
+/* A very basic TLS client, with anonymous authentication.
+ */
+
+#define MAX_BUF 1024
+#define SA struct sockaddr
+#define MSG "GET / HTTP/1.0\r\n\r\n"
+
+/* Connects to the peer and returns a socket
+ * descriptor.
+ */
+int tcp_connect(void)
+{
+    const char *PORT = "5556";
+    const char *SERVER = "127.0.0.1";
+    int err, sd;
+    struct sockaddr_in sa;
+
+    /* connects to server 
+     */
+    sd = socket(AF_INET, SOCK_STREAM, 0);
+
+    memset(&sa, '\0', sizeof(sa));
+    sa.sin_family = AF_INET;
+    sa.sin_port = htons(atoi(PORT));
+    inet_pton(AF_INET, SERVER, &sa.sin_addr);
+
+    err = connect(sd, (SA *) & sa, sizeof(sa));
+    if (err < 0) {
+	fprintf(stderr, "Connect error\n");
+	exit(1);
+    }
+
+    return sd;
+}
+
+/* closes the given socket descriptor.
+ */
+void tcp_close(int sd)
+{
+    shutdown(sd, SHUT_RDWR);	/* no more receptions */
+    close(sd);
+}
+
+int main()
+{
+    int ret, sd, ii;
+    gnutls_session_t session;
+    char buffer[MAX_BUF + 1];
+    gnutls_anon_client_credentials_t anoncred;
+    /* Need to enable anonymous KX specifically. */
+    const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
+
+    gnutls_global_init();
+
+    gnutls_anon_allocate_client_credentials(&anoncred);
+
+    /* Initialize TLS session 
+     */
+    gnutls_init(&session, GNUTLS_CLIENT);
+
+    /* Use default priorities */
+    gnutls_set_default_priority(session);
+    gnutls_kx_set_priority (session, kx_prio);
+
+    /* put the anonymous credentials to the current session
+     */
+    gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+    /* connect to the peer
+     */
+    sd = tcp_connect();
+
+    gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd);
+
+    /* Perform the TLS handshake
+     */
+    ret = gnutls_handshake(session);
+
+    if (ret < 0) {
+	fprintf(stderr, "*** Handshake failed\n");
+	gnutls_perror(ret);
+	goto end;
+    } else {
+	printf("- Handshake was completed\n");
+    }
+
+    gnutls_record_send(session, MSG, strlen(MSG));
+
+    ret = gnutls_record_recv(session, buffer, MAX_BUF);
+    if (ret == 0) {
+	printf("- Peer has closed the TLS connection\n");
+	goto end;
+    } else if (ret < 0) {
+	fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+	goto end;
+    }
+
+    printf("- Received %d bytes: ", ret);
+    for (ii = 0; ii < ret; ii++) {
+	fputc(buffer[ii], stdout);
+    }
+    fputs("\n", stdout);
+
+    gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+  end:
+
+    tcp_close(sd);
+
+    gnutls_deinit(session);
+
+    gnutls_anon_free_client_credentials (anoncred);
+
+    gnutls_global_deinit();
+
+    return 0;
+}
diff -Nur gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c gnutls-1.2.0/doc/examples/ex-rfc2818.c
--- gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c	1970-01-01 01:00:00.000000000 +0100
+++ gnutls-1.2.0/doc/examples/ex-rfc2818.c	2005-02-28 19:46:21.822264808 +0100
@@ -0,0 +1,81 @@
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+/* This function will try to verify the peer's certificate, and
+ * also check if the hostname matches, and the activation, expiration dates.
+ */
+void verify_certificate( gnutls_session_t session, const char* hostname)
+{
+   unsigned int status;
+   const gnutls_datum_t* cert_list;
+   int cert_list_size, ret;
+   gnutls_x509_crt_t cert;
+
+
+   /* This verification function uses the trusted CAs in the credentials
+    * structure. So you must have installed one or more CA certificates.
+    */
+   ret = gnutls_certificate_verify_peers2(session, &status);
+
+   if (ret < 0) {
+      printf("Error\n");
+      return;
+   }
+
+   if (status & GNUTLS_CERT_INVALID)
+      printf("The certificate is not trusted.\n");
+
+   if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+      printf("The certificate hasn't got a known issuer.\n");
+
+   if (status & GNUTLS_CERT_REVOKED)
+     printf("The certificate has been revoked.\n");
+
+
+   /* Up to here the process is the same for X.509 certificates and
+    * OpenPGP keys. From now on X.509 certificates are assumed. This can
+    * be easily extended to work with openpgp keys as well.
+    */
+   if ( gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+      return;
+
+   if ( gnutls_x509_crt_init( &cert) < 0) {
+      printf("error in initialization\n");
+      return;
+   }
+
+   cert_list = gnutls_certificate_get_peers( session, &cert_list_size);
+   if ( cert_list == NULL) {
+      printf("No certificate was found!\n");
+      return;
+   }
+
+   /* This is not a real world example, since we only check the first 
+    * certificate in the given chain.
+    */
+   if ( gnutls_x509_crt_import( cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0) {
+      printf("error parsing certificate\n");
+      return;
+   }
+
+   /* Beware here we do not check for errors.
+    */
+   if ( gnutls_x509_crt_get_expiration( cert) < time(0)) {
+      printf("The certificate has expired\n");
+      return;
+   }
+
+   if ( gnutls_x509_crt_get_activation_time( cert) > time(0)) {
+      printf("The certificate is not yet activated\n");
+      return;
+   }
+
+   if ( !gnutls_x509_crt_check_hostname( cert, hostname)) {
+      printf("The certificate's owner does not match hostname '%s'\n", hostname);
+      return;
+   }
+
+   gnutls_x509_crt_deinit( cert);
+
+   return;
+}
diff -Nur gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c gnutls-1.2.0/doc/examples/ex-serv-anon.c
--- gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c	1970-01-01 01:00:00.000000000 +0100
+++ gnutls-1.2.0/doc/examples/ex-serv-anon.c	2005-02-28 19:46:21.822264808 +0100
@@ -0,0 +1,162 @@
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
+#include <unistd.h>
+#include <gnutls/gnutls.h>
+
+/* This is a sample TLS 1.0 echo server, for anonymous authentication only.
+ */
+
+
+#define SA struct sockaddr
+#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
+#define MAX_BUF 1024
+#define PORT 5556		/* listen to 5556 port */
+#define DH_BITS 1024
+
+/* These are global */
+gnutls_anon_server_credentials_t anoncred;
+
+gnutls_session_t initialize_tls_session()
+{
+    gnutls_session_t session;
+    const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
+
+    gnutls_init(&session, GNUTLS_SERVER);
+
+    /* avoid calling all the priority functions, since the defaults
+     * are adequate.
+     */
+    gnutls_set_default_priority(session);
+    gnutls_kx_set_priority (session, kx_prio);
+
+    gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+    gnutls_dh_set_prime_bits(session, DH_BITS);
+
+    return session;
+}
+
+static gnutls_dh_params_t dh_params;
+
+static int generate_dh_params(void)
+{
+
+    /* Generate Diffie Hellman parameters - for use with DHE
+     * kx algorithms. These should be discarded and regenerated
+     * once a day, once a week or once a month. Depending on the
+     * security requirements.
+     */
+    gnutls_dh_params_init(&dh_params);
+    gnutls_dh_params_generate2(dh_params, DH_BITS);
+
+    return 0;
+}
+
+int main()
+{
+    int err, listen_sd, i;
+    int sd, ret;
+    struct sockaddr_in sa_serv;
+    struct sockaddr_in sa_cli;
+    int client_len;
+    char topbuf[512];
+    gnutls_session_t session;
+    char buffer[MAX_BUF + 1];
+    int optval = 1;
+
+    /* this must be called once in the program
+     */
+    gnutls_global_init();
+
+    gnutls_anon_allocate_server_credentials (&anoncred);
+
+    generate_dh_params();
+
+    gnutls_anon_set_server_dh_params (anoncred, dh_params);
+
+    /* Socket operations
+     */
+    listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+    SOCKET_ERR(listen_sd, "socket");
+
+    memset(&sa_serv, '\0', sizeof(sa_serv));
+    sa_serv.sin_family = AF_INET;
+    sa_serv.sin_addr.s_addr = INADDR_ANY;
+    sa_serv.sin_port = htons(PORT);	/* Server Port number */
+
+    setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(int));
+
+    err = bind(listen_sd, (SA *) & sa_serv, sizeof(sa_serv));
+    SOCKET_ERR(err, "bind");
+    err = listen(listen_sd, 1024);
+    SOCKET_ERR(err, "listen");
+
+    printf("Server ready. Listening to port '%d'.\n\n", PORT);
+
+    client_len = sizeof(sa_cli);
+    for (;;) {
+	session = initialize_tls_session();
+
+	sd = accept(listen_sd, (SA *) & sa_cli, &client_len);
+
+	printf("- connection from %s, port %d\n",
+	       inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+			 sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+	gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd);
+	ret = gnutls_handshake(session);
+	if (ret < 0) {
+	    close(sd);
+	    gnutls_deinit(session);
+	    fprintf(stderr, "*** Handshake has failed (%s)\n\n",
+		    gnutls_strerror(ret));
+	    continue;
+	}
+	printf("- Handshake was completed\n");
+
+	/* see the Getting peer's information example */
+	/* print_info(session); */
+
+	i = 0;
+	for (;;) {
+	    bzero(buffer, MAX_BUF + 1);
+	    ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+	    if (ret == 0) {
+		printf("\n- Peer has closed the GNUTLS connection\n");
+		break;
+	    } else if (ret < 0) {
+		fprintf(stderr, "\n*** Received corrupted "
+			"data(%d). Closing the connection.\n\n", ret);
+		break;
+	    } else if (ret > 0) {
+		/* echo data back to the client
+		 */
+		gnutls_record_send(session, buffer, strlen(buffer));
+	    }
+	}
+	printf("\n");
+	/* do not wait for the peer to close the connection.
+	 */
+	gnutls_bye(session, GNUTLS_SHUT_WR);
+
+	close(sd);
+	gnutls_deinit(session);
+
+    }
+    close(listen_sd);
+
+    gnutls_anon_free_client_credentials (anoncred);
+
+    gnutls_global_deinit();
+
+    return 0;
+
+}
Commit	Line	Data
b71f4375 JB	1	diff -Nur gnutls-1.2.0/doc/examples.orig/ex-client1.c gnutls-1.2.0/doc/examples/ex-client1.c
	2	--- gnutls-1.2.0/doc/examples.orig/ex-client1.c 1970-01-01 01:00:00.000000000 +0100
	3	+++ gnutls-1.2.0/doc/examples/ex-client1.c 2005-02-28 19:46:21.821264960 +0100
	4	@@ -0,0 +1,128 @@
	5	+
	6	+#include <stdio.h>
	7	+#include <stdlib.h>
	8	+#include <string.h>
	9	+#include <sys/types.h>
	10	+#include <sys/socket.h>
	11	+#include <netinet/in.h>
	12	+#include <arpa/inet.h>
	13	+#include <unistd.h>
	14	+#include <gnutls/gnutls.h>
	15	+
	16	+/* A very basic TLS client, with anonymous authentication.
	17	+ */
	18	+
	19	+#define MAX_BUF 1024
	20	+#define SA struct sockaddr
	21	+#define MSG "GET / HTTP/1.0\r\n\r\n"
	22	+
	23	+/* Connects to the peer and returns a socket
	24	+ * descriptor.
	25	+ */
	26	+int tcp_connect(void)
	27	+{
	28	+ const char *PORT = "5556";
	29	+ const char *SERVER = "127.0.0.1";
	30	+ int err, sd;
	31	+ struct sockaddr_in sa;
	32	+
	33	+ /* connects to server
	34	+ */
	35	+ sd = socket(AF_INET, SOCK_STREAM, 0);
	36	+
	37	+ memset(&sa, '\0', sizeof(sa));
	38	+ sa.sin_family = AF_INET;
	39	+ sa.sin_port = htons(atoi(PORT));
	40	+ inet_pton(AF_INET, SERVER, &sa.sin_addr);
	41	+
	42	+ err = connect(sd, (SA *) & sa, sizeof(sa));
	43	+ if (err < 0) {
	44	+ fprintf(stderr, "Connect error\n");
	45	+ exit(1);
	46	+ }
	47	+
	48	+ return sd;
	49	+}
	50	+
	51	+/* closes the given socket descriptor.
	52	+ */
	53	+void tcp_close(int sd)
	54	+{
	55	+ shutdown(sd, SHUT_RDWR); /* no more receptions */
	56	+ close(sd);
	57	+}
	58	+
	59	+int main()
	60	+{
	61	+ int ret, sd, ii;
	62	+ gnutls_session_t session;
	63	+ char buffer[MAX_BUF + 1];
	64	+ gnutls_anon_client_credentials_t anoncred;
65	+ /* Need to enable anonymous KX specifically. */
66	+ const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
67	+
68	+ gnutls_global_init();
69	+
70	+ gnutls_anon_allocate_client_credentials(&anoncred);
71	+
72	+ /* Initialize TLS session
73	+ */
74	+ gnutls_init(&session, GNUTLS_CLIENT);
75	+
76	+ /* Use default priorities */
77	+ gnutls_set_default_priority(session);
78	+ gnutls_kx_set_priority (session, kx_prio);
79	+
80	+ /* put the anonymous credentials to the current session
81	+ */
82	+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
83	+
84	+ /* connect to the peer
85	+ */
86	+ sd = tcp_connect();
87	+
88	+ gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd);
89	+
90	+ /* Perform the TLS handshake
91	+ */
92	+ ret = gnutls_handshake(session);
93	+
94	+ if (ret < 0) {
95	+ fprintf(stderr, "*** Handshake failed\n");
96	+ gnutls_perror(ret);
97	+ goto end;
98	+ } else {
99	+ printf("- Handshake was completed\n");
100	+ }
101	+
102	+ gnutls_record_send(session, MSG, strlen(MSG));
103	+
104	+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
105	+ if (ret == 0) {
106	+ printf("- Peer has closed the TLS connection\n");
107	+ goto end;
108	+ } else if (ret < 0) {
109	+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
110	+ goto end;
111	+ }
112	+
113	+ printf("- Received %d bytes: ", ret);
114	+ for (ii = 0; ii < ret; ii++) {
115	+ fputc(buffer[ii], stdout);
116	+ }
117	+ fputs("\n", stdout);
118	+
119	+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
120	+
121	+ end:
122	+
123	+ tcp_close(sd);
124	+
125	+ gnutls_deinit(session);
126	+
127	+ gnutls_anon_free_client_credentials (anoncred);
128	+
129	+ gnutls_global_deinit();
130	+
131	+ return 0;
132	+}
133	diff -Nur gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c gnutls-1.2.0/doc/examples/ex-rfc2818.c
134	--- gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c 1970-01-01 01:00:00.000000000 +0100
135	+++ gnutls-1.2.0/doc/examples/ex-rfc2818.c 2005-02-28 19:46:21.822264808 +0100
136	@@ -0,0 +1,81 @@
137	+#include <gnutls/gnutls.h>
138	+#include <gnutls/x509.h>
139	+
140	+/* This function will try to verify the peer's certificate, and
141	+ * also check if the hostname matches, and the activation, expiration dates.
142	+ */
143	+void verify_certificate( gnutls_session_t session, const char* hostname)
144	+{
145	+ unsigned int status;
146	+ const gnutls_datum_t* cert_list;
147	+ int cert_list_size, ret;
148	+ gnutls_x509_crt_t cert;
149	+
150	+
151	+ /* This verification function uses the trusted CAs in the credentials
152	+ * structure. So you must have installed one or more CA certificates.
153	+ */
154	+ ret = gnutls_certificate_verify_peers2(session, &status);
155	+
156	+ if (ret < 0) {
157	+ printf("Error\n");
158	+ return;
159	+ }
160	+
161	+ if (status & GNUTLS_CERT_INVALID)
162	+ printf("The certificate is not trusted.\n");
163	+
164	+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
165	+ printf("The certificate hasn't got a known issuer.\n");
166	+
167	+ if (status & GNUTLS_CERT_REVOKED)
168	+ printf("The certificate has been revoked.\n");
169	+
170	+
171	+ /* Up to here the process is the same for X.509 certificates and
172	+ * OpenPGP keys. From now on X.509 certificates are assumed. This can
173	+ * be easily extended to work with openpgp keys as well.
174	+ */
175	+ if ( gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
176	+ return;
177	+
178	+ if ( gnutls_x509_crt_init( &cert) < 0) {
179	+ printf("error in initialization\n");
180	+ return;
181	+ }
182	+
183	+ cert_list = gnutls_certificate_get_peers( session, &cert_list_size);
184	+ if ( cert_list == NULL) {
185	+ printf("No certificate was found!\n");
186	+ return;
187	+ }
188	+
189	+ /* This is not a real world example, since we only check the first
190	+ * certificate in the given chain.
191	+ */
192	+ if ( gnutls_x509_crt_import( cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0) {
193	+ printf("error parsing certificate\n");
194	+ return;
195	+ }
196	+
197	+ /* Beware here we do not check for errors.
198	+ */
199	+ if ( gnutls_x509_crt_get_expiration( cert) < time(0)) {
200	+ printf("The certificate has expired\n");
201	+ return;
202	+ }
203	+
204	+ if ( gnutls_x509_crt_get_activation_time( cert) > time(0)) {
205	+ printf("The certificate is not yet activated\n");
206	+ return;
207	+ }
208	+
209	+ if ( !gnutls_x509_crt_check_hostname( cert, hostname)) {
210	+ printf("The certificate's owner does not match hostname '%s'\n", hostname);
211	+ return;
212	+ }
213	+
214	+ gnutls_x509_crt_deinit( cert);
215	+
216	+ return;
217	+}
218	diff -Nur gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c gnutls-1.2.0/doc/examples/ex-serv-anon.c
219	--- gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c 1970-01-01 01:00:00.000000000 +0100
220	+++ gnutls-1.2.0/doc/examples/ex-serv-anon.c 2005-02-28 19:46:21.822264808 +0100
221	@@ -0,0 +1,162 @@
222	+
223	+#include <stdio.h>
224	+#include <stdlib.h>
225	+#include <errno.h>
226	+#include <sys/types.h>
227	+#include <sys/socket.h>
228	+#include <netinet/in.h>
229	+#include <arpa/inet.h>
230	+#include <string.h>
231	+#include <unistd.h>
232	+#include <gnutls/gnutls.h>
233	+
234	+/* This is a sample TLS 1.0 echo server, for anonymous authentication only.
235	+ */
236	+
237	+
238	+#define SA struct sockaddr
239	+#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
240	+#define MAX_BUF 1024
241	+#define PORT 5556 /* listen to 5556 port */
242	+#define DH_BITS 1024
243	+
244	+/* These are global */
245	+gnutls_anon_server_credentials_t anoncred;
246	+
247	+gnutls_session_t initialize_tls_session()
248	+{
249	+ gnutls_session_t session;
250	+ const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
251	+
252	+ gnutls_init(&session, GNUTLS_SERVER);
253	+
254	+ /* avoid calling all the priority functions, since the defaults
255	+ * are adequate.
256	+ */
257	+ gnutls_set_default_priority(session);
258	+ gnutls_kx_set_priority (session, kx_prio);
259	+
260	+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
261	+
262	+ gnutls_dh_set_prime_bits(session, DH_BITS);
263	+
264	+ return session;
265	+}
266	+
267	+static gnutls_dh_params_t dh_params;
268	+
269	+static int generate_dh_params(void)
270	+{
271	+
272	+ /* Generate Diffie Hellman parameters - for use with DHE
273	+ * kx algorithms. These should be discarded and regenerated
274	+ * once a day, once a week or once a month. Depending on the
275	+ * security requirements.
276	+ */
277	+ gnutls_dh_params_init(&dh_params);
278	+ gnutls_dh_params_generate2(dh_params, DH_BITS);
279	+
280	+ return 0;
281	+}
282	+
283	+int main()
284	+{
285	+ int err, listen_sd, i;
286	+ int sd, ret;
287	+ struct sockaddr_in sa_serv;
288	+ struct sockaddr_in sa_cli;
289	+ int client_len;
290	+ char topbuf[512];
291	+ gnutls_session_t session;
292	+ char buffer[MAX_BUF + 1];
293	+ int optval = 1;
294	+
295	+ /* this must be called once in the program
296	+ */
297	+ gnutls_global_init();
298	+
299	+ gnutls_anon_allocate_server_credentials (&anoncred);
300	+
301	+ generate_dh_params();
302	+
303	+ gnutls_anon_set_server_dh_params (anoncred, dh_params);
304	+
305	+ /* Socket operations
306	+ */
307	+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
308	+ SOCKET_ERR(listen_sd, "socket");
309	+
310	+ memset(&sa_serv, '\0', sizeof(sa_serv));
311	+ sa_serv.sin_family = AF_INET;
312	+ sa_serv.sin_addr.s_addr = INADDR_ANY;
313	+ sa_serv.sin_port = htons(PORT); /* Server Port number */
314	+
315	+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(int));
316	+
317	+ err = bind(listen_sd, (SA *) & sa_serv, sizeof(sa_serv));
318	+ SOCKET_ERR(err, "bind");
319	+ err = listen(listen_sd, 1024);
320	+ SOCKET_ERR(err, "listen");
321	+
322	+ printf("Server ready. Listening to port '%d'.\n\n", PORT);
323	+
324	+ client_len = sizeof(sa_cli);
325	+ for (;;) {
326	+ session = initialize_tls_session();
327	+
328	+ sd = accept(listen_sd, (SA *) & sa_cli, &client_len);
329	+
330	+ printf("- connection from %s, port %d\n",
331	+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
332	+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
333	+
334	+ gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd);
335	+ ret = gnutls_handshake(session);
336	+ if (ret < 0) {
337	+ close(sd);
338	+ gnutls_deinit(session);
339	+ fprintf(stderr, "*** Handshake has failed (%s)\n\n",
340	+ gnutls_strerror(ret));
341	+ continue;
342	+ }
343	+ printf("- Handshake was completed\n");
344	+
345	+ /* see the Getting peer's information example */
346	+ /* print_info(session); */
347	+
348	+ i = 0;
349	+ for (;;) {
350	+ bzero(buffer, MAX_BUF + 1);
351	+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
352	+
353	+ if (ret == 0) {
354	+ printf("\n- Peer has closed the GNUTLS connection\n");
355	+ break;
356	+ } else if (ret < 0) {
357	+ fprintf(stderr, "\n*** Received corrupted "
358	+ "data(%d). Closing the connection.\n\n", ret);
359	+ break;
360	+ } else if (ret > 0) {
361	+ /* echo data back to the client
362	+ */
363	+ gnutls_record_send(session, buffer, strlen(buffer));
364	+ }
365	+ }
366	+ printf("\n");
367	+ /* do not wait for the peer to close the connection.
368	+ */
369	+ gnutls_bye(session, GNUTLS_SHUT_WR);
370	+
371	+ close(sd);
372	+ gnutls_deinit(session);
373	+
374	+ }
375	+ close(listen_sd);
376	+
377	+ gnutls_anon_free_client_credentials (anoncred);
378	+
379	+ gnutls_global_deinit();
380	+
381	+ return 0;
382	+
383	+}