- net->ctx = SSL_CTX_new(TLSv1_2_client_method());
- net->ssl = SSL_new(net->ctx);
-
- net->in = BIO_new(BIO_s_mem());
- net->out = BIO_new(BIO_s_mem());
-
- BIO_set_mem_eof_return(net->in, -1);
- BIO_set_mem_eof_return(net->out, -1);
-
- SSL_set_bio(net->ssl, net->in, net->out);
- SSL_set_connect_state(net->ssl);
+#if defined(USE_OPENSSL)
+ net->crypto = new0(crypto_t);
+ net->crypto->ctx = SSL_CTX_new(TLSv1_2_client_method());
+ net->crypto->ssl = SSL_new(net->ctx);
+
+ net->crypto->in = BIO_new(BIO_s_mem());
+ net->crypto->out = BIO_new(BIO_s_mem());
+
+ BIO_set_mem_eof_return(net->crypto->in, -1);
+ BIO_set_mem_eof_return(net->crypto->out, -1);
+
+ SSL_set_bio(net->crypto->ssl, net->crypto->in, net->crypto->out);
+ SSL_set_connect_state(net->crypto->ssl);
+#elif defined(USE_GNUTLS)
+ net->crypto = new0(crypto_t);
+ gnutls_init(&net->crypto->tls, GNUTLS_CLIENT);
+ gnutls_set_default_priority(net->crypto->tls);
+ gnutls_server_name_set(net->crypto->tls, GNUTLS_NAME_DNS,
+ net->host, strlen(net->host));
+ gnutls_credentials_set(net->crypto->tls, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_handshake_set_timeout(net->crypto->tls, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+ gnutls_transport_set_int(net->crypto->tls, net->poll.fd);
+ if (!(flags & NET_NOVERIFY))
+ gnutls_session_set_verify_cert(net->crypto->tls, net->host, 0);
+#else
+ error("Encryption is not supported");
+#endif