-
Notifications
You must be signed in to change notification settings - Fork 253
davidmoreno edited this page May 6, 2011
·
1 revision
libonion provides full SSL support.
It is given via gnutls but is completely transparent for the user. If for whatever reason this compatibility is not enough, it i also possible to create your own transports.
To enable the SSL support you must just pass the PEM files data to the onion server object:
onion_set_certificate(o, O_SSL_CERTIFICATE_KEY, certfile, keyfile);
The following options for the certificates are available:
- O_SSL_CERTIFICATE_KEY The certfile, and the key file.
- O_SSL_CERTIFICATE_CRL Certificate revocation list.
- O_SSL_CERTIFICATE_TRUST The list of trusted CAs, also known as intermediaries.
- O_SSL_CERTIFICATE_PKCS12 The certificate is in a PKCS12. Needs the PKCS12 file and the password. Set password=NULL if none.
- O_SSL_DER The certificate is in DER format. Default is PEM.
- O_SSL_NO_DEINIT Should not deinit GnuTLS at free. Use only if there are more users of GnuTLS on this executable. Saves some memory on free.
Once the certificate is set, on next onion_listen it will be only cyphered communication.