summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2012-01-24 20:58:09 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2012-01-24 21:01:26 +0100
commit172edf8fe210e6c6554b95d6f0de3c849019d1a4 (patch)
tree69af36916bfb251fc8802f138dfacf0daddc56a2
parent1a6cc0534fec3023e94878a9bd89918bb84244cb (diff)
downloadgnutls-172edf8fe210e6c6554b95d6f0de3c849019d1a4.tar.gz
Added functions to allow quering a priority structure.
That is to allow more information being extracted than only the ciphersuites. gnutls_priority_certificate_type_list: Added gnutls_priority_sign_list: Added gnutls_priority_protocol_list: Added gnutls_priority_compression_list: Added gnutls_priority_ecc_curve_list: Added
-rw-r--r--NEWS6
-rw-r--r--doc/cha-programs.texi18
-rw-r--r--lib/gnutls_priority.c105
-rw-r--r--lib/includes/gnutls/gnutls.h.in6
-rw-r--r--lib/libgnutls.map5
-rw-r--r--src/common.c1280
6 files changed, 842 insertions, 578 deletions
diff --git a/NEWS b/NEWS
index 6d82a68ef9..098c30b1c1 100644
--- a/NEWS
+++ b/NEWS
@@ -26,6 +26,12 @@ gnutls_x509_crt_get_authority_key_gn_serial: Added
gnutls_x509_crl_get_authority_key_gn_serial: Added
gnutls_pkcs11_reinit: Added
gnutls_ecc_list: Added
+gnutls_priority_certificate_type_list: Added
+gnutls_priority_sign_list: Added
+gnutls_priority_protocol_list: Added
+gnutls_priority_compression_list: Added
+gnutls_priority_ecc_curve_list: Added
+
* Version 3.0.12 (released 2012-01-20)
diff --git a/doc/cha-programs.texi b/doc/cha-programs.texi
index 4009261e2b..02d0d49df7 100644
--- a/doc/cha-programs.texi
+++ b/doc/cha-programs.texi
@@ -107,12 +107,18 @@ the handshake.
@example
$ ./gnutls-cli --priority SECURE192 -l
Cipher suites for SECURE192
-TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2
-TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2e TLS1.2
-TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
-TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
-TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
-TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2
+TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2
+TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2e TLS1.2
+TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
+TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
+TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
+TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2
+
+Certificate types: CTYPE-X.509
+Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-SSL3.0, VERS-DTLS1.0
+Compression: COMP-NULL
+Elliptic curves: CURVE-SECP384R1, CURVE-SECP521R1
+PK-signatures: SIGN-RSA-SHA384, SIGN-ECDSA-SHA384, SIGN-RSA-SHA512, SIGN-ECDSA-SHA512
@end example
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 2848a6056d..59f43271db 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -1128,3 +1128,108 @@ void _gnutls_priority_prefer_aes_gcm(void)
cipher_priority_performance = cipher_priority_performance_hw_aes;
cipher_priority_normal = cipher_priority_normal_hw_aes;
}
+
+/**
+ * gnutls_priority_ecc_curve_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available elliptic curves in the priority
+ * structure.
+ *
+ * Returns: the number of curves, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_ecc_curve_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+ if (pcache->supported_ecc.algorithms == 0)
+ return 0;
+
+ *list = pcache->supported_ecc.priority;
+ return pcache->supported_ecc.algorithms;
+}
+
+/**
+ * gnutls_priority_compression_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available compression method in the priority
+ * structure.
+ *
+ * Returns: the number of methods, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_compression_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+ if (pcache->compression.algorithms == 0)
+ return 0;
+
+ *list = pcache->compression.priority;
+ return pcache->compression.algorithms;
+}
+
+/**
+ * gnutls_priority_protocol_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available TLS version numbers in the priority
+ * structure.
+ *
+ * Returns: the number of protocols, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_protocol_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+ if (pcache->protocol.algorithms == 0)
+ return 0;
+
+ *list = pcache->protocol.priority;
+ return pcache->protocol.algorithms;
+}
+
+/**
+ * gnutls_priority_sign_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available signature algorithms in the priority
+ * structure.
+ *
+ * Returns: the number of algorithms, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_sign_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+ if (pcache->sign_algo.algorithms == 0)
+ return 0;
+
+ *list = pcache->sign_algo.priority;
+ return pcache->sign_algo.algorithms;
+}
+
+/**
+ * gnutls_priority_certificate_type_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available certificate types in the priority
+ * structure.
+ *
+ * Returns: the number of certificate types, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_certificate_type_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+ if (pcache->cert_type.algorithms == 0)
+ return 0;
+
+ *list = pcache->cert_type.priority;
+ return pcache->cert_type.algorithms;
+}
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 344168a2e0..6730306743 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -921,6 +921,12 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
const char *priorities,
const char **err_pos);
+ int gnutls_priority_get_certificate_type_list (gnutls_priority_t pcache, const unsigned int** list);
+ int gnutls_priority_get_sign_list (gnutls_priority_t pcache, const unsigned int** list);
+ int gnutls_priority_get_protocol_list (gnutls_priority_t pcache, const unsigned int** list);
+ int gnutls_priority_get_compression_list (gnutls_priority_t pcache, const unsigned int** list);
+ int gnutls_priority_get_ecc_curve_list (gnutls_priority_t pcache, const unsigned int** list);
+
/* for compatibility
*/
int gnutls_set_default_priority (gnutls_session_t session);
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 229a65c4e2..e169a06170 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -766,6 +766,11 @@ GNUTLS_3_0_0 {
gnutls_x509_crt_get_authority_key_gn_serial;
gnutls_x509_crl_get_authority_key_gn_serial;
gnutls_ecc_curve_list;
+ gnutls_priority_certificate_type_list;
+ gnutls_priority_sign_list;
+ gnutls_priority_protocol_list;
+ gnutls_priority_compression_list;
+ gnutls_priority_ecc_curve_list;
} GNUTLS_2_12;
GNUTLS_PRIVATE {
diff --git a/src/common.c b/src/common.c
index e01e9a07ca..dcaf421dcd 100644
--- a/src/common.c
+++ b/src/common.c
@@ -49,122 +49,137 @@ const char str_unknown[] = "(unknown)";
const char *
raw_to_string (const unsigned char *raw, size_t raw_size)
{
- static char buf[1024];
- size_t i;
- if (raw_size == 0)
- return NULL;
+ static char buf[1024];
+ size_t i;
+ if (raw_size == 0)
+ return NULL;
- if (raw_size * 3 + 1 >= sizeof (buf))
- return NULL;
+ if (raw_size * 3 + 1 >= sizeof (buf))
+ return NULL;
- for (i = 0; i < raw_size; i++)
- {
- sprintf (&(buf[i * 3]), "%02X%s", raw[i],
- (i == raw_size - 1) ? "" : ":");
- }
- buf[sizeof (buf) - 1] = '\0';
+ for (i = 0; i < raw_size; i++)
+ {
+ sprintf (&(buf[i * 3]), "%02X%s", raw[i],
+ (i == raw_size - 1) ? "" : ":");
+ }
+ buf[sizeof (buf) - 1] = '\0';
- return buf;
+ return buf;
}
static void
-print_x509_info (gnutls_session_t session, const char *hostname, int insecure)
+print_x509_info (gnutls_session_t session, const char *hostname,
+ int insecure)
{
- gnutls_x509_crt_t crt;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0, j;
- int hostname_ok = 0;
- int ret;
-
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list_size == 0)
- {
- fprintf (stderr, "No certificates found!\n");
- return;
- }
+ gnutls_x509_crt_t crt;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0, j;
+ int hostname_ok = 0;
+ int ret;
- printf (" - Got a certificate list of %d certificates.\n", cert_list_size);
+ cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
+ if (cert_list_size == 0)
+ {
+ fprintf (stderr, "No certificates found!\n");
+ return;
+ }
- for (j = 0; j < cert_list_size; j++)
- {
- gnutls_datum_t cinfo;
+ printf (" - Got a certificate list of %d certificates.\n",
+ cert_list_size);
- gnutls_x509_crt_init (&crt);
- ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
- return;
- }
-
- printf (" - Certificate[%d] info:\n - ", j);
-
- if (verbose)
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
- else
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
- if (ret == 0)
- {
- printf ("%s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
-
- if (print_cert)
- {
- size_t size = 0;
- char *p = NULL;
-
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p, &size);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- p = malloc (size);
- if (!p)
- {
- fprintf (stderr, "gnutls_malloc\n");
- exit (1);
- }
+ for (j = 0; j < cert_list_size; j++)
+ {
+ gnutls_datum_t cinfo;
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
- p, &size);
- }
+ gnutls_x509_crt_init (&crt);
+ ret =
+ gnutls_x509_crt_import (crt, &cert_list[j],
+ GNUTLS_X509_FMT_DER);
if (ret < 0)
{
- fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
- return;
+ fprintf (stderr, "Decoding error: %s\n",
+ gnutls_strerror (ret));
+ return;
}
- fputs ("\n", stdout);
- fputs (p, stdout);
- fputs ("\n", stdout);
-
- gnutls_free (p);
- }
+ printf (" - Certificate[%d] info:\n - ", j);
- if (j == 0 && hostname != NULL)
- {
- /* Check the hostname of the first certificate if it matches
- * the name of the host we connected to.
- */
- if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
- hostname_ok = 1;
+ if (verbose)
+ ret =
+ gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL,
+ &cinfo);
else
- hostname_ok = 2;
- }
+ ret =
+ gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE,
+ &cinfo);
+ if (ret == 0)
+ {
+ printf ("%s\n", cinfo.data);
+ gnutls_free (cinfo.data);
+ }
- gnutls_x509_crt_deinit (crt);
- }
+ if (print_cert)
+ {
+ size_t size = 0;
+ char *p = NULL;
+
+ ret =
+ gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p,
+ &size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ p = malloc (size);
+ if (!p)
+ {
+ fprintf (stderr, "gnutls_malloc\n");
+ exit (1);
+ }
+
+ ret =
+ gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
+ p, &size);
+ }
+ if (ret < 0)
+ {
+ fprintf (stderr, "Encoding error: %s\n",
+ gnutls_strerror (ret));
+ return;
+ }
+
+ fputs ("\n", stdout);
+ fputs (p, stdout);
+ fputs ("\n", stdout);
+
+ gnutls_free (p);
+ }
- if (hostname_ok == 1)
- {
- printf ("- The hostname in the certificate does NOT match '%s'\n",
- hostname);
- if (!insecure)
- exit (1);
- }
- else if (hostname_ok == 2)
- {
- printf ("- The hostname in the certificate matches '%s'.\n", hostname);
- }
+ if (j == 0 && hostname != NULL)
+ {
+ /* Check the hostname of the first certificate if it matches
+ * the name of the host we connected to.
+ */
+ if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
+ hostname_ok = 1;
+ else
+ hostname_ok = 2;
+ }
+
+ gnutls_x509_crt_deinit (crt);
+ }
+
+ if (hostname_ok == 1)
+ {
+ printf
+ ("- The hostname in the certificate does NOT match '%s'\n",
+ hostname);
+ if (!insecure)
+ exit (1);
+ }
+ else if (hostname_ok == 2)
+ {
+ printf ("- The hostname in the certificate matches '%s'.\n",
+ hostname);
+ }
}
#ifdef ENABLE_OPENPGP
@@ -174,94 +189,105 @@ print_openpgp_info (gnutls_session_t session, const char *hostname,
int insecure)
{
- gnutls_openpgp_crt_t crt;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- int hostname_ok = 0;
- int ret;
+ gnutls_openpgp_crt_t crt;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+ int hostname_ok = 0;
+ int ret;
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
+ cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list_size > 0)
- {
- gnutls_datum_t cinfo;
-
- gnutls_openpgp_crt_init (&crt);
- ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
- GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
- return;
- }
-
- if (verbose)
- ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
- else
- ret =
- gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
- if (ret == 0)
- {
- printf (" - %s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
-
- if (print_cert)
- {
- size_t size = 0;
- char *p = NULL;
-
- ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
- p, &size);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- p = malloc (size);
- if (!p)
- {
- fprintf (stderr, "gnutls_malloc\n");
- exit (1);
- }
+ if (cert_list_size > 0)
+ {
+ gnutls_datum_t cinfo;
- ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
- p, &size);
- }
+ gnutls_openpgp_crt_init (&crt);
+ ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
+ GNUTLS_OPENPGP_FMT_RAW);
if (ret < 0)
{
- fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
- return;
+ fprintf (stderr, "Decoding error: %s\n",
+ gnutls_strerror (ret));
+ return;
}
- fputs (p, stdout);
- fputs ("\n", stdout);
+ if (verbose)
+ ret =
+ gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL,
+ &cinfo);
+ else
+ ret =
+ gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE,
+ &cinfo);
+ if (ret == 0)
+ {
+ printf (" - %s\n", cinfo.data);
+ gnutls_free (cinfo.data);
+ }
- gnutls_free (p);
- }
+ if (print_cert)
+ {
+ size_t size = 0;
+ char *p = NULL;
- if (hostname != NULL)
- {
- /* Check the hostname of the first certificate if it matches
- * the name of the host we connected to.
- */
- if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
- hostname_ok = 1;
- else
- hostname_ok = 2;
- }
+ ret =
+ gnutls_openpgp_crt_export (crt,
+ GNUTLS_OPENPGP_FMT_BASE64,
+ p, &size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ p = malloc (size);
+ if (!p)
+ {
+ fprintf (stderr, "gnutls_malloc\n");
+ exit (1);
+ }
+
+ ret =
+ gnutls_openpgp_crt_export (crt,
+ GNUTLS_OPENPGP_FMT_BASE64,
+ p, &size);
+ }
+ if (ret < 0)
+ {
+ fprintf (stderr, "Encoding error: %s\n",
+ gnutls_strerror (ret));
+ return;
+ }
+
+ fputs (p, stdout);
+ fputs ("\n", stdout);
+
+ gnutls_free (p);
+ }
- gnutls_openpgp_crt_deinit (crt);
- }
+ if (hostname != NULL)
+ {
+ /* Check the hostname of the first certificate if it matches
+ * the name of the host we connected to.
+ */
+ if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
+ hostname_ok = 1;
+ else
+ hostname_ok = 2;
+ }
- if (hostname_ok == 1)
- {
- printf ("- The hostname in the certificate does NOT match '%s'\n",
- hostname);
- if (!insecure)
- exit (1);
- }
- else if (hostname_ok == 2)
- {
- printf ("- The hostname in the certificate matches '%s'.\n", hostname);
- }
+ gnutls_openpgp_crt_deinit (crt);
+ }
+
+ if (hostname_ok == 1)
+ {
+ printf
+ ("- The hostname in the certificate does NOT match '%s'\n",
+ hostname);
+ if (!insecure)
+ exit (1);
+ }
+ else if (hostname_ok == 2)
+ {
+ printf ("- The hostname in the certificate matches '%s'.\n",
+ hostname);
+ }
}
#endif
@@ -269,300 +295,320 @@ print_openpgp_info (gnutls_session_t session, const char *hostname,
static void
print_cert_vrfy (gnutls_session_t session)
{
- int rc;
- unsigned int status;
+ int rc;
+ unsigned int status;
- rc = gnutls_certificate_verify_peers2 (session, &status);
- if (rc < 0)
- {
- printf ("- Could not verify certificate (err: %s)\n",
- gnutls_strerror (rc));
- return;
- }
+ rc = gnutls_certificate_verify_peers2 (session, &status);
+ if (rc < 0)
+ {
+ printf ("- Could not verify certificate (err: %s)\n",
+ gnutls_strerror (rc));
+ return;
+ }
- if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- printf ("- Peer did not send any certificate.\n");
- return;
- }
+ if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
+ {
+ printf ("- Peer did not send any certificate.\n");
+ return;
+ }
- if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
- {
- if (status & GNUTLS_CERT_REVOKED)
- printf ("- Peer's certificate chain revoked\n");
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- printf ("- Peer's certificate issuer is unknown\n");
- if (status & GNUTLS_CERT_SIGNER_NOT_CA)
- printf ("- Peer's certificate issuer is not a CA\n");
- if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
- printf ("- Peer's certificate chain uses insecure algorithm\n");
- if (status & GNUTLS_CERT_NOT_ACTIVATED)
- printf
- ("- Peer's certificate chain uses not yet valid certificate\n");
- if (status & GNUTLS_CERT_EXPIRED)
- printf ("- Peer's certificate chain uses expired certificate\n");
- if (status & GNUTLS_CERT_INVALID)
- printf ("- Peer's certificate is NOT trusted\n");
- else
- printf ("- Peer's certificate is trusted\n");
- }
- else
- {
- if (status & GNUTLS_CERT_INVALID)
- printf ("- Peer's key is invalid\n");
- else
- printf ("- Peer's key is valid\n");
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- printf ("- Could not find a signer of the peer's key\n");
- }
+ if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
+ {
+ if (status & GNUTLS_CERT_REVOKED)
+ printf ("- Peer's certificate chain revoked\n");
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ printf ("- Peer's certificate issuer is unknown\n");
+ if (status & GNUTLS_CERT_SIGNER_NOT_CA)
+ printf ("- Peer's certificate issuer is not a CA\n");
+ if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+ printf
+ ("- Peer's certificate chain uses insecure algorithm\n");
+ if (status & GNUTLS_CERT_NOT_ACTIVATED)
+ printf
+ ("- Peer's certificate chain uses not yet valid certificate\n");
+ if (status & GNUTLS_CERT_EXPIRED)
+ printf
+ ("- Peer's certificate chain uses expired certificate\n");
+ if (status & GNUTLS_CERT_INVALID)
+ printf ("- Peer's certificate is NOT trusted\n");
+ else
+ printf ("- Peer's certificate is trusted\n");
+ }
+ else
+ {
+ if (status & GNUTLS_CERT_INVALID)
+ printf ("- Peer's key is invalid\n");
+ else
+ printf ("- Peer's key is valid\n");
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ printf ("- Could not find a signer of the peer's key\n");
+ }
}
static void
print_dh_info (gnutls_session_t session, const char *str)
{
- printf ("- %sDiffie-Hellman parameters\n", str);
- printf (" - Using prime: %d bits\n", gnutls_dh_get_prime_bits (session));
- printf (" - Secret key: %d bits\n", gnutls_dh_get_secret_bits (session));
- printf (" - Peer's public key: %d bits\n",
- gnutls_dh_get_peers_public_bits (session));
+ printf ("- %sDiffie-Hellman parameters\n", str);
+ printf (" - Using prime: %d bits\n",
+ gnutls_dh_get_prime_bits (session));
+ printf (" - Secret key: %d bits\n",
+ gnutls_dh_get_secret_bits (session));
+ printf (" - Peer's public key: %d bits\n",
+ gnutls_dh_get_peers_public_bits (session));
+
+ if (print_cert)
+ {
+ int ret;
+ gnutls_datum_t raw_gen = { NULL, 0 };
+ gnutls_datum_t raw_prime = { NULL, 0 };
+ gnutls_dh_params_t dh_params = NULL;
+ unsigned char *params_data = NULL;
+ size_t params_data_size = 0;
+
+ ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
+ if (ret)
+ {
+ fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
+ goto out;
+ }
- if (print_cert)
- {
- int ret;
- gnutls_datum_t raw_gen = { NULL, 0 };
- gnutls_datum_t raw_prime = { NULL, 0 };
- gnutls_dh_params_t dh_params = NULL;
- unsigned char *params_data = NULL;
- size_t params_data_size = 0;
-
- ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_init (&dh_params);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_import_raw (dh_params, &raw_prime, &raw_gen);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_export_pkcs3 (dh_params,
- GNUTLS_X509_FMT_PEM,
- params_data, &params_data_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
- goto out;
- }
-
- params_data = gnutls_malloc (params_data_size);
- if (!params_data)
- {
- fprintf (stderr, "gnutls_malloc %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_export_pkcs3 (dh_params,
- GNUTLS_X509_FMT_PEM,
- params_data, &params_data_size);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
- goto out;
- }
-
- printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
- params_data);
-
- out:
- gnutls_free (params_data);
- gnutls_free (raw_prime.data);
- gnutls_free (raw_gen.data);
- gnutls_dh_params_deinit (dh_params);
- }
+ ret = gnutls_dh_params_init (&dh_params);
+ if (ret)
+ {
+ fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
+ goto out;
+ }
+
+ ret =
+ gnutls_dh_params_import_raw (dh_params, &raw_prime,
+ &raw_gen);
+ if (ret)
+ {
+ fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
+ goto out;
+ }
+
+ ret = gnutls_dh_params_export_pkcs3 (dh_params,
+ GNUTLS_X509_FMT_PEM,
+ params_data,
+ &params_data_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n",
+ ret);
+ goto out;
+ }
+
+ params_data = gnutls_malloc (params_data_size);
+ if (!params_data)
+ {
+ fprintf (stderr, "gnutls_malloc %d\n", ret);
+ goto out;
+ }
+
+ ret = gnutls_dh_params_export_pkcs3 (dh_params,
+ GNUTLS_X509_FMT_PEM,
+ params_data,
+ &params_data_size);
+ if (ret)
+ {
+ fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n",
+ ret);
+ goto out;
+ }
+
+ printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
+ params_data);
+
+ out:
+ gnutls_free (params_data);
+ gnutls_free (raw_prime.data);
+ gnutls_free (raw_gen.data);
+ gnutls_dh_params_deinit (dh_params);
+ }
}
static void
print_ecdh_info (gnutls_session_t session, const char *str)
{
-int curve;
+ int curve;
+
+ printf ("- %sEC Diffie-Hellman parameters\n", str);
- printf ("- %sEC Diffie-Hellman parameters\n", str);
-
- curve = gnutls_ecc_curve_get(session);
-
- printf (" - Using curve: %s\n", gnutls_ecc_curve_get_name (curve));
- printf (" - Curve size: %d bits\n", gnutls_ecc_curve_get_size(curve)*8);
+ curve = gnutls_ecc_curve_get (session);
+
+ printf (" - Using curve: %s\n", gnutls_ecc_curve_get_name (curve));
+ printf (" - Curve size: %d bits\n",
+ gnutls_ecc_curve_get_size (curve) * 8);
}
int
print_info (gnutls_session_t session, const char *hostname, int insecure)
{
- const char *tmp;
- gnutls_credentials_type_t cred;
- gnutls_kx_algorithm_t kx;
- unsigned char session_id[33];
- size_t session_id_size = sizeof(session_id);
-
- /* print session ID */
- gnutls_session_get_id (session, session_id, &session_id_size);
- printf("- Session ID: %s\n", raw_to_string(session_id, session_id_size));
-
- /* print the key exchange's algorithm name
- */
- kx = gnutls_kx_get (session);
-
- cred = gnutls_auth_get_type (session);
- switch (cred)
- {
+ const char *tmp;
+ gnutls_credentials_type_t cred;
+ gnutls_kx_algorithm_t kx;
+ unsigned char session_id[33];
+ size_t session_id_size = sizeof (session_id);
+
+ /* print session ID */
+ gnutls_session_get_id (session, session_id, &session_id_size);
+ printf ("- Session ID: %s\n",
+ raw_to_string (session_id, session_id_size));
+
+ /* print the key exchange's algorithm name
+ */
+ kx = gnutls_kx_get (session);
+
+ cred = gnutls_auth_get_type (session);
+ switch (cred)
+ {
#ifdef ENABLE_ANON
- case GNUTLS_CRD_ANON:
- if (kx == GNUTLS_KX_ANON_ECDH)
- print_ecdh_info(session, "Anonymous ");
- else
- print_dh_info (session, "Anonymous ");
- break;
+ case GNUTLS_CRD_ANON:
+ if (kx == GNUTLS_KX_ANON_ECDH)
+ print_ecdh_info (session, "Anonymous ");
+ else
+ print_dh_info (session, "Anonymous ");
+ break;
#endif
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:
- /* This should be only called in server
- * side.
- */
- if (gnutls_srp_server_get_username (session) != NULL)
- printf ("- SRP authentication. Connected as '%s'\n",
- gnutls_srp_server_get_username (session));
- break;
+ case GNUTLS_CRD_SRP:
+ /* This should be only called in server
+ * side.
+ */
+ if (gnutls_srp_server_get_username (session) != NULL)
+ printf ("- SRP authentication. Connected as '%s'\n",
+ gnutls_srp_server_get_username (session));
+ break;
#endif
#ifdef ENABLE_PSK
- case GNUTLS_CRD_PSK:
- /* This returns NULL in server side.
- */
- if (gnutls_psk_client_get_hint (session) != NULL)
- printf ("- PSK authentication. PSK hint '%s'\n",
- gnutls_psk_client_get_hint (session));
- /* This returns NULL in client side.
- */
- if (gnutls_psk_server_get_username (session) != NULL)
- printf ("- PSK authentication. Connected as '%s'\n",
- gnutls_psk_server_get_username (session));
- if (kx == GNUTLS_KX_DHE_PSK)
- print_dh_info (session, "Ephemeral ");
- if (kx == GNUTLS_KX_ECDHE_PSK)
- print_ecdh_info(session, "Ephemeral ");
- break;
+ case GNUTLS_CRD_PSK:
+ /* This returns NULL in server side.
+ */
+ if (gnutls_psk_client_get_hint (session) != NULL)
+ printf ("- PSK authentication. PSK hint '%s'\n",
+ gnutls_psk_client_get_hint (session));
+ /* This returns NULL in client side.
+ */
+ if (gnutls_psk_server_get_username (session) != NULL)
+ printf ("- PSK authentication. Connected as '%s'\n",
+ gnutls_psk_server_get_username (session));
+ if (kx == GNUTLS_KX_DHE_PSK)
+ print_dh_info (session, "Ephemeral ");
+ if (kx == GNUTLS_KX_ECDHE_PSK)
+ print_ecdh_info (session, "Ephemeral ");
+ break;
#endif
- case GNUTLS_CRD_IA:
- printf ("- TLS/IA authentication\n");
- break;
- case GNUTLS_CRD_CERTIFICATE:
- {
- char dns[256];
- size_t dns_size = sizeof (dns);
- unsigned int type;
-
- /* This fails in client side */
- if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
+ case GNUTLS_CRD_IA:
+ printf ("- TLS/IA authentication\n");
+ break;
+ case GNUTLS_CRD_CERTIFICATE:
{
- printf ("- Given server name[%d]: %s\n", type, dns);
+ char dns[256];
+ size_t dns_size = sizeof (dns);
+ unsigned int type;
+
+ /* This fails in client side */
+ if (gnutls_server_name_get
+ (session, dns, &dns_size, &type, 0) == 0)
+ {
+ printf ("- Given server name[%d]: %s\n", type, dns);
+ }
}
- }
- print_cert_info (session, hostname, insecure);
+ print_cert_info (session, hostname, insecure);
- print_cert_vrfy (session);
+ print_cert_vrfy (session);
- if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
- print_dh_info (session, "Ephemeral ");
- else if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA)
- print_ecdh_info(session, "Ephemeral ");
- }
+ if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
+ print_dh_info (session, "Ephemeral ");
+ else if (kx == GNUTLS_KX_ECDHE_RSA
+ || kx == GNUTLS_KX_ECDHE_ECDSA)
+ print_ecdh_info (session, "Ephemeral ");
+ }
- tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
- printf ("- Version: %s\n", tmp);
+ tmp =
+ SU (gnutls_protocol_get_name
+ (gnutls_protocol_get_version (session)));
+ printf ("- Version: %s\n", tmp);
- tmp = SU (gnutls_kx_get_name (kx));
- printf ("- Key Exchange: %s\n", tmp);
+ tmp = SU (gnutls_kx_get_name (kx));
+ printf ("- Key Exchange: %s\n", tmp);
- tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
- printf ("- Cipher: %s\n", tmp);
+ tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
+ printf ("- Cipher: %s\n", tmp);
- tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
- printf ("- MAC: %s\n", tmp);
+ tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
+ printf ("- MAC: %s\n", tmp);
- tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
- printf ("- Compression: %s\n", tmp);
+ tmp =
+ SU (gnutls_compression_get_name
+ (gnutls_compression_get (session)));
+ printf ("- Compression: %s\n", tmp);
- if (verbose)
- {
- gnutls_datum_t cb;
- int rc;
-
- rc =
- gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb);
- if (rc)
- fprintf (stderr, "Channel binding error: %s\n", gnutls_strerror (rc));
- else
- {
- size_t i;
-
- printf ("- Channel binding 'tls-unique': ");
- for (i = 0; i < cb.size; i++)
- printf ("%02x", cb.data[i]);
- printf ("\n");
- }
- }
+ if (verbose)
+ {
+ gnutls_datum_t cb;
+ int rc;
+
+ rc = gnutls_session_channel_binding (session,
+ GNUTLS_CB_TLS_UNIQUE, &cb);
+ if (rc)
+ fprintf (stderr, "Channel binding error: %s\n",
+ gnutls_strerror (rc));
+ else
+ {
+ size_t i;
- /* Warning: Do not print anything more here. The 'Compression:'
- output MUST be the last non-verbose output. This is used by
- Emacs starttls.el code. */
+ printf ("- Channel binding 'tls-unique': ");
+ for (i = 0; i < cb.size; i++)
+ printf ("%02x", cb.data[i]);
+ printf ("\n");
+ }
+ }
- fflush (stdout);
+ /* Warning: Do not print anything more here. The 'Compression:'
+ output MUST be the last non-verbose output. This is used by
+ Emacs starttls.el code. */
- return 0;
+ fflush (stdout);
+
+ return 0;
}
void
-print_cert_info (gnutls_session_t session, const char *hostname, int insecure)
+print_cert_info (gnutls_session_t session, const char *hostname,
+ int insecure)
{
- if (gnutls_certificate_client_get_request_status (session) != 0)
- printf ("- Server has requested a certificate.\n");
+ if (gnutls_certificate_client_get_request_status (session) != 0)
+ printf ("- Server has requested a certificate.\n");
- printf ("- Certificate type: ");
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_UNKNOWN:
- printf ("Unknown\n");
-
- if (!insecure)
- exit (1);
- break;
- case GNUTLS_CRT_X509:
- printf ("X.509\n");
- print_x509_info (session, hostname, insecure);
- break;
+ printf ("- Certificate type: ");
+ switch (gnutls_certificate_type_get (session))
+ {
+ case GNUTLS_CRT_UNKNOWN:
+ printf ("Unknown\n");
+
+ if (!insecure)
+ exit (1);
+ break;
+ case GNUTLS_CRT_X509:
+ printf ("X.509\n");
+ print_x509_info (session, hostname, insecure);
+ break;
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- printf ("OpenPGP\n");
- print_openpgp_info (session, hostname, insecure);
- break;
+ case GNUTLS_CRT_OPENPGP:
+ printf ("OpenPGP\n");
+ print_openpgp_info (session, hostname, insecure);
+ break;
#endif
- }
+ }
}
void
-print_list (const char* priorities, int verbose)
+print_list (const char *priorities, int verbose)
{
size_t i;
int ret;
@@ -575,188 +621,279 @@ print_list (const char* priorities, int verbose)
gnutls_mac_algorithm_t mac;
gnutls_protocol_t version;
gnutls_priority_t pcache;
+ const unsigned int *list;
if (priorities != NULL)
{
- printf ("Cipher suites for %s\n", priorities);
-
- ret = gnutls_priority_init(&pcache, priorities, &err);
- if (ret < 0)
+ printf ("Cipher suites for %s\n", priorities);
+
+ ret = gnutls_priority_init (&pcache, priorities, &err);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Syntax error at: %s\n", err);
+ exit (1);
+ }
+
+ for (i = 0;; i++)
+ {
+ ret =
+ gnutls_priority_get_cipher_suite_index (pcache, i,
+ &idx);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
+ continue;
+
+ name =
+ gnutls_cipher_suite_info (idx, id, NULL, NULL, NULL,
+ &version);
+
+ if (name != NULL)
+ printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
+ name, (unsigned char) id[0],
+ (unsigned char) id[1],
+ gnutls_protocol_get_name (version));
+ }
+
+ printf("\n");
{
- fprintf (stderr, "Syntax error at: %s\n", err);
- exit(1);
+ ret = gnutls_priority_certificate_type_list (pcache, &list);
+
+ printf ("Certificate types: ");
+ if (ret == 0) printf("none\n");
+ for (i = 0; i < (unsigned)ret; i++)
+ {
+ printf ("CTYPE-%s",
+ gnutls_certificate_type_get_name (list[i]));
+ if (i+1!=(unsigned)ret)
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
+
+ {
+ ret = gnutls_priority_protocol_list (pcache, &list);
+
+ printf ("Protocols: ");
+ if (ret == 0) printf("none\n");
+ for (i = 0; i < (unsigned)ret; i++)
+ {
+ printf ("VERS-%s", gnutls_protocol_get_name (list[i]));
+ if (i+1!=(unsigned)ret)
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
+
+ {
+ ret = gnutls_priority_compression_list (pcache, &list);
+
+ printf ("Compression: ");
+ if (ret == 0) printf("none\n");
+ for (i = 0; i < (unsigned)ret; i++)
+ {
+ printf ("COMP-%s",
+ gnutls_compression_get_name (list[i]));
+ if (i+1!=(unsigned)ret)
+ printf (", ");
+ else
+ printf ("\n");
+ }
}
-
- for (i=0;;i++)
+
{
- ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break;
- if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue;
-
- name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL, &version);
-
- if (name != NULL)
- printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
- name, (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
+ ret = gnutls_priority_ecc_curve_list (pcache, &list);
+
+ printf ("Elliptic curves: ");
+ if (ret == 0) printf("none\n");
+ for (i = 0; i < (unsigned)ret; i++)
+ {
+ printf ("CURVE-%s",
+ gnutls_ecc_curve_get_name (list[i]));
+ if (i+1!=(unsigned)ret)
+ printf (", ");
+ else
+ printf ("\n");
+ }
}
-
- return;
+
+ {
+ ret = gnutls_priority_sign_list (pcache, &list);
+
+ printf ("PK-signatures: ");
+ if (ret == 0) printf("none\n");
+ for (i = 0; i < (unsigned)ret; i++)
+ {
+ printf ("SIGN-%s",
+ gnutls_sign_algorithm_get_name (list[i]));
+ if (i+1!=(unsigned)ret)
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
+
+ return;
}
printf ("Cipher suites:\n");
for (i = 0; (name = gnutls_cipher_suite_info
(i, id, &kx, &cipher, &mac, &version)); i++)
{
- printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
- name,
- (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- if (verbose)
- printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
- gnutls_kx_get_name (kx),
- gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
+ printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
+ name,
+ (unsigned char) id[0], (unsigned char) id[1],
+ gnutls_protocol_get_name (version));
+ if (verbose)
+ printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
+ gnutls_kx_get_name (kx),
+ gnutls_cipher_get_name (cipher),
+ gnutls_mac_get_name (mac));
}
- {
- const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
+ printf("\n");
+ {
+ const gnutls_certificate_type_t *p =
+ gnutls_certificate_type_list ();
- printf ("Certificate types: ");
- for (; *p; p++)
- {
- printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Certificate types: ");
+ for (; *p; p++)
+ {
+ printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_protocol_t *p = gnutls_protocol_list ();
+ {
+ const gnutls_protocol_t *p = gnutls_protocol_list ();
- printf ("Protocols: ");
- for (; *p; p++)
- {
- printf ("VERS-%s", gnutls_protocol_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Protocols: ");
+ for (; *p; p++)
+ {
+ printf ("VERS-%s", gnutls_protocol_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
+ {
+ const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
- printf ("Ciphers: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_cipher_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Ciphers: ");
+ for (; *p; p++)
+ {
+ printf ("%s", gnutls_cipher_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
+ {
+ const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
- printf ("MACs: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_mac_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("MACs: ");
+ for (; *p; p++)
+ {
+ printf ("%s", gnutls_mac_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
+ {
+ const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
- printf ("Key exchange algorithms: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_kx_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Key exchange algorithms: ");
+ for (; *p; p++)
+ {
+ printf ("%s", gnutls_kx_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_compression_method_t *p = gnutls_compression_list ();
+ {
+ const gnutls_compression_method_t *p = gnutls_compression_list ();
- printf ("Compression: ");
- for (; *p; p++)
- {
- printf ("COMP-%s", gnutls_compression_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Compression: ");
+ for (; *p; p++)
+ {
+ printf ("COMP-%s", gnutls_compression_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
+ {
+ const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
- printf ("Elliptic curves: ");
- for (; *p; p++)
- {
- printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Elliptic curves: ");
+ for (; *p; p++)
+ {
+ printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
+ {
+ const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
- printf ("Public Key Systems: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_pk_algorithm_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Public Key Systems: ");
+ for (; *p; p++)
+ {
+ printf ("%s", gnutls_pk_algorithm_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
+ {
+ const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
- printf ("PK-signatures: ");
- for (; *p; p++)
- {
- printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("PK-signatures: ");
+ for (; *p; p++)
+ {
+ printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
}
void
sockets_init (void)
{
#ifdef _WIN32
- WORD wVersionRequested;
- WSADATA wsaData;
+ WORD wVersionRequested;
+ WSADATA wsaData;
- wVersionRequested = MAKEWORD (1, 1);
- if (WSAStartup (wVersionRequested, &wsaData) != 0)
- {
- perror ("WSA_STARTUP_ERROR");
- }
+ wVersionRequested = MAKEWORD (1, 1);
+ if (WSAStartup (wVersionRequested, &wsaData) != 0)
+ {
+ perror ("WSA_STARTUP_ERROR");
+ }
#endif
}
@@ -768,20 +905,19 @@ sockets_init (void)
int
service_to_port (const char *service)
{
- int port;
- struct servent *server_port;
+ int port;
+ struct servent *server_port;
- port = atoi (service);
- if (port != 0)
- return port;
+ port = atoi (service);
+ if (port != 0)
+ return port;
- server_port = getservbyname (service, "tcp");
- if (server_port == NULL)
- {
- perror ("getservbyname()");
- return (-1);
- }
+ server_port = getservbyname (service, "tcp");
+ if (server_port == NULL)
+ {
+ perror ("getservbyname()");
+ return (-1);
+ }
- return ntohs (server_port->s_port);
+ return ntohs (server_port->s_port);
}
-