8 files changed, 34 insertions, 49 deletions
diff --git a/src/Net/ClientConnection.cpp b/src/Net/ClientConnection.cpp
index 8705795..e0058ff 100644
--- a/src/Net/ClientConnection.cpp
+++ b/src/Net/ClientConnection.cpp
@@ -87,14 +87,8 @@ void ClientConnection::connect(const IPAddress &address, bool daemon0) throw(Con
   setsockopt(sock, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger));
 
   gnutls_init(&session, GNUTLS_CLIENT);
-
   gnutls_set_default_priority(session);
-
-  const int kx_list[] = {GNUTLS_KX_ANON_DH, 0};
-  gnutls_kx_set_priority(session, kx_list);
-
-  gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
-
+  gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
   gnutls_transport_set_ptr(session, reinterpret_cast<gnutls_transport_ptr_t>(sock));
 
   handshake();
diff --git a/src/Net/ClientConnection.h b/src/Net/ClientConnection.h
index 18b1a02..280f382 100644
--- a/src/Net/ClientConnection.h
+++ b/src/Net/ClientConnection.h
@@ -30,24 +30,16 @@ class IPAddress;
 
 class ClientConnection : public Connection {
   private:
-    gnutls_anon_client_credentials_t anoncred;
-    
     bool daemon;
-    
+
     void connectionHeaderReceiveHandler(const void *data, unsigned long length);
-    
+
   protected:
     virtual void connectionHeader();
-    
+
   public:
-    ClientConnection() : daemon(0) {
-      gnutls_anon_allocate_client_credentials(&anoncred);
-    }
-    
-    virtual ~ClientConnection() {
-      gnutls_anon_free_client_credentials(anoncred);
-    }
-    
+    ClientConnection() : daemon(0) {}
+
     void connect(const IPAddress &address, bool daemon0 = false) throw(ConnectionException);
 };
 
diff --git a/src/Net/Connection.cpp b/src/Net/Connection.cpp
index 5d221fb..ac3121d 100644
--- a/src/Net/Connection.cpp
+++ b/src/Net/Connection.cpp
@@ -22,6 +22,8 @@
 #include <cstring>
 #include <sys/socket.h>
 
+#include <iostream>
+
 namespace Mad {
 namespace Net {
 
@@ -34,6 +36,8 @@ void Connection::doHandshake() {
     if(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN)
       return;
 
+    std::cerr << "Handshake error: " << gnutls_strerror(ret) << std::endl;
+
     // TODO: Error
     doDisconnect();
     return;
diff --git a/src/Net/Connection.h b/src/Net/Connection.h
index 0949ec4..21e8444 100644
--- a/src/Net/Connection.h
+++ b/src/Net/Connection.h
@@ -98,6 +98,7 @@ class Connection {
 
     int sock;
     gnutls_session_t session;
+    gnutls_certificate_credentials_t x509_cred;
 
     IPAddress *peer;
 
@@ -128,6 +129,8 @@ class Connection {
     Connection() : state(DISCONNECTED), peer(0) {
       transR.length = transR.transmitted = 0;
       transR.data = 0;
+
+      gnutls_certificate_allocate_credentials(&x509_cred);
     }
 
     virtual ~Connection() {
@@ -141,6 +144,8 @@ class Connection {
         delete [] transS.front().data;
         transS.pop();
       }
+
+      gnutls_certificate_free_credentials(x509_cred);
     }
 
     bool isConnected() const {return (state != DISCONNECTED);}
diff --git a/src/Net/Listener.cpp b/src/Net/Listener.cpp
index 3b2e3d6..892d057 100644
--- a/src/Net/Listener.cpp
+++ b/src/Net/Listener.cpp
@@ -28,8 +28,8 @@
 namespace Mad {
 namespace Net {
 
-Listener::Listener(const IPAddress &address0) throw(ConnectionException)
-: address(address0) {
+Listener::Listener(const std::string &x905CertFile0, const std::string &x905KeyFile0, const IPAddress &address0) throw(ConnectionException)
+: x905CertFile(x905CertFile0), x905KeyFile(x905KeyFile0), address(address0) {
   gnutls_dh_params_init(&dh_params);
   gnutls_dh_params_generate2(dh_params, 768);
 
@@ -99,7 +99,7 @@ ServerConnection* Listener::getConnection(const std::map<int,const short*> &poll
 
 
   while((sd = accept(sock, reinterpret_cast<struct sockaddr*>(&sa), &addrlen)) >= 0) {
-    connections.push_back(new ServerConnection(sd, IPAddress(sa), dh_params));
+    connections.push_back(new ServerConnection(sd, IPAddress(sa), dh_params, x905CertFile, x905KeyFile));
 
     addrlen = sizeof(sa);
   }
diff --git a/src/Net/Listener.h b/src/Net/Listener.h
index 81260ed..63e12c6 100644
--- a/src/Net/Listener.h
+++ b/src/Net/Listener.h
@@ -27,6 +27,7 @@
 #include <list>
 #include <vector>
 #include <map>
+#include <string>
 
 namespace Mad {
 namespace Net {
@@ -35,6 +36,7 @@ class ServerConnection;
 
 class Listener {
   private:
+    std::string x905CertFile, x905KeyFile;
     IPAddress address;
     int sock;
 
@@ -47,7 +49,7 @@ class Listener {
     Listener& operator=(const Listener &o);
 
   public:
-    Listener(const IPAddress &address0 = IPAddress()) throw(ConnectionException);
+    Listener(const std::string &x905CertFile0, const std::string &x905KeyFile0, const IPAddress &address0 = IPAddress()) throw(ConnectionException);
     virtual ~Listener();
 
     std::vector<struct pollfd> getPollfds() const;
diff --git a/src/Net/ServerConnection.cpp b/src/Net/ServerConnection.cpp
index c011f66..0c35991 100644
--- a/src/Net/ServerConnection.cpp
+++ b/src/Net/ServerConnection.cpp
@@ -57,26 +57,18 @@ void ServerConnection::connectionHeaderReceiveHandler(const void *data, unsigned
   enterReceiveLoop();
 }
 
-ServerConnection::ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params)
+ServerConnection::ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params, const std::string &x905CertFile, const std::string &x905KeyFile)
 : daemon(false) {
   sock = sock0;
 
-  gnutls_anon_allocate_server_credentials(&anoncred);
-
-
-  gnutls_anon_set_server_dh_params(anoncred, dh_params);
-
   peer = new IPAddress(address);
 
-  gnutls_init(&session, GNUTLS_SERVER);
+  gnutls_certificate_set_dh_params(x509_cred, dh_params);
+  gnutls_certificate_set_x509_key_file(x509_cred, x905CertFile.c_str(), x905KeyFile.c_str(), GNUTLS_X509_FMT_PEM);
 
+  gnutls_init(&session, GNUTLS_SERVER);
   gnutls_set_default_priority(session);
-
-  const int kx_list[] = {GNUTLS_KX_ANON_DH, 0};
-  gnutls_kx_set_priority(session, kx_list);
-
-  gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
-
+  gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
   gnutls_transport_set_ptr(session, reinterpret_cast<gnutls_transport_ptr_t>(sock));
 
   handshake();
diff --git a/src/Net/ServerConnection.h b/src/Net/ServerConnection.h
index ff88ad3..9a4d86b 100644
--- a/src/Net/ServerConnection.h
+++ b/src/Net/ServerConnection.h
@@ -31,28 +31,24 @@ class Listener;
 
 class ServerConnection : public Connection {
   friend class Listener;
-  
+
   private:
     IPAddress *peer;
-    
+
     bool daemon;
-    
+
     gnutls_anon_server_credentials_t anoncred;
-    
+
     void connectionHeaderReceiveHandler(const void *data, unsigned long length);
-    
+
   protected:
-    ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params);
-    
+    ServerConnection(int sock0, const IPAddress &address, gnutls_dh_params_t dh_params, const std::string &x905certFile, const std::string &x905keyFile);
+
     virtual void connectionHeader() {
       rawReceive(sizeof(ConnectionHeader), sigc::mem_fun(this, &ServerConnection::connectionHeaderReceiveHandler));
     }
-    
+
   public:
-    virtual ~ServerConnection() {
-      gnutls_anon_free_server_credentials(anoncred);
-    }
-    
     bool isDaemonConnection() const {return daemon;}
 };