diff options
author | Nikos <nmav@crystal.(none)> | 2007-12-20 21:13:38 +0200 |
---|---|---|
committer | Nikos <nmav@crystal.(none)> | 2007-12-20 21:13:38 +0200 |
commit | 76833d183538bc4d3ab444c3614da2654986d540 (patch) | |
tree | a02760002567077a5869454aad9e065a6435d1fb | |
parent | 522f343516dd2e88bde4b06b3d0fe7ee77797d8f (diff) | |
download | gnutls-76833d183538bc4d3ab444c3614da2654986d540.tar.gz |
openpgp can be disabled
-rw-r--r-- | lib/auth_cert.c | 35 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 19 | ||||
-rw-r--r-- | lib/gnutls_state.c | 4 |
3 files changed, 48 insertions, 10 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c index cb7eca9bbd..24ea0a5d63 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -44,14 +44,19 @@ #include <gnutls_pk.h> #include <gnutls_x509.h> #include "debug.h" -#include "openpgp/gnutls_openpgp.h" -static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, - unsigned); -static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); +#ifdef ENABLE_OPENPGP +# include "openpgp/gnutls_openpgp.h" + static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert); static gnutls_privkey *alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t key); +#endif + +static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, + unsigned); +static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); + /* Copies data from a internal certificate struct (gnutls_cert) to @@ -255,6 +260,7 @@ _find_x509_cert (const gnutls_certificate_credentials_t cred, } +#ifdef ENABLE_OPENPGP /* Locates the most appropriate openpgp cert */ static int @@ -289,6 +295,7 @@ _find_openpgp_cert (const gnutls_certificate_credentials_t cred, return 0; } +#endif /* Returns the number of issuers in the server's * certificate request packet. @@ -479,11 +486,13 @@ cleanup: } else { +#ifdef ENABLE_OPENPGP if (st.deinit_all) { gnutls_openpgp_crt_deinit (st.cert.pgp); gnutls_openpgp_privkey_deinit (st.key.pgp); } +#endif } return ret; @@ -571,9 +580,10 @@ _select_client_cert (gnutls_session_t session, _find_x509_cert (cred, _data, _data_size, pk_algos, pk_algos_length, &indx); +#ifdef ENABLE_OPENPGP if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP) result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx); - +#endif if (result < 0) { @@ -663,6 +673,7 @@ _gnutls_gen_x509_crt (gnutls_session_t session, opaque ** data) enum PGPKeyDescriptorType { PGP_KEY_FINGERPRINT, PGP_KEY }; +#ifdef ENABLE_OPENPGP int _gnutls_gen_openpgp_certificate (gnutls_session_t session, opaque ** data) { @@ -770,7 +781,7 @@ _gnutls_gen_openpgp_certificate_fpr (gnutls_session_t session, opaque ** data) return packet_size; } - +#endif int @@ -778,12 +789,13 @@ _gnutls_gen_cert_client_certificate (gnutls_session_t session, opaque ** data) { switch (session->security_parameters.cert_type) { +#ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: if (_gnutls_openpgp_send_fingerprint (session) == 0) return _gnutls_gen_openpgp_certificate (session, data); else return _gnutls_gen_openpgp_certificate_fpr (session, data); - +#endif case GNUTLS_CRT_X509: return _gnutls_gen_x509_crt (session, data); @@ -798,8 +810,10 @@ _gnutls_gen_cert_server_certificate (gnutls_session_t session, opaque ** data) { switch (session->security_parameters.cert_type) { +#ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return _gnutls_gen_openpgp_certificate (session, data); +#endif case GNUTLS_CRT_X509: return _gnutls_gen_x509_crt (session, data); default: @@ -954,6 +968,7 @@ cleanup: } #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_gcert_deinit(&peer_certificate_list[x]) +#ifdef ENABLE_OPENPGP int _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, opaque * data, size_t data_size) @@ -1120,6 +1135,7 @@ cleanup: return ret; } +#endif int _gnutls_proc_cert_server_certificate (gnutls_session_t session, @@ -1127,9 +1143,11 @@ _gnutls_proc_cert_server_certificate (gnutls_session_t session, { switch (session->security_parameters.cert_type) { +#ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return _gnutls_proc_openpgp_server_certificate (session, data, data_size); +#endif case GNUTLS_CRT_X509: return _gnutls_proc_x509_server_certificate (session, data, data_size); default: @@ -1557,6 +1575,7 @@ alloc_and_load_x509_key (gnutls_x509_privkey_t key) /* converts the given pgp certificate to gnutls_cert* and allocates * space for them. */ +#ifdef ENABLE_OPENPGP static gnutls_cert * alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert) { @@ -1619,7 +1638,7 @@ alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t key) return local_key; } - +#endif void _gnutls_selected_certs_deinit (gnutls_session_t session) diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index dbaf6b27fb..f0378f4fbb 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -42,7 +42,9 @@ #include <gnutls_x509.h> #include "x509/x509.h" #include "x509/mpi.h" -#include "openpgp/gnutls_openpgp.h" +#ifdef ENABLE_OPENPGP +# include "openpgp/gnutls_openpgp.h" +#endif /** * gnutls_certificate_free_keys - Used to free all the keys from a gnutls_certificate_credentials_t structure @@ -191,12 +193,14 @@ gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc) gnutls_certificate_free_crls (sc); #endif +#ifdef ENABLE_OPENPGP #ifndef KEYRING_HACK if (_E_gnutls_openpgp_keyring_deinit) _E_gnutls_openpgp_keyring_deinit( sc->keyring); #else _gnutls_free_datum( &sc->keyring); #endif +#endif gnutls_free (sc); } @@ -436,6 +440,7 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert) return result; } +#ifdef ENABLE_OPENPGP /*- * _gnutls_openpgp_crt_verify_peers - This function returns the peer's certificate status * @session: is a gnutls session @@ -497,7 +502,7 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session, return 0; } - +#endif /** * gnutls_certificate_verify_peers2 - This function returns the peer's certificate verification status @@ -546,8 +551,10 @@ gnutls_certificate_verify_peers2 (gnutls_session_t session, { case GNUTLS_CRT_X509: return _gnutls_x509_cert_verify_peers (session, status); +#ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return _gnutls_openpgp_crt_verify_peers (session, status); +#endif default: return GNUTLS_E_INVALID_REQUEST; } @@ -620,10 +627,12 @@ gnutls_certificate_expiration_time_peers (gnutls_session_t session) return _gnutls_x509_get_raw_crt_expiration_time (&info-> raw_certificate_list [0]); +#ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return _gnutls_openpgp_get_raw_key_expiration_time (&info-> raw_certificate_list [0]); +#endif default: return (time_t) - 1; } @@ -663,10 +672,12 @@ gnutls_certificate_activation_time_peers (gnutls_session_t session) return _gnutls_x509_get_raw_crt_activation_time (&info-> raw_certificate_list [0]); +#ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return _gnutls_openpgp_get_raw_key_creation_time (&info-> raw_certificate_list [0]); +#endif default: return (time_t) - 1; } @@ -682,8 +693,10 @@ _gnutls_raw_cert_to_gcert (gnutls_cert * gcert, { case GNUTLS_CRT_X509: return _gnutls_x509_raw_cert_to_gcert (gcert, raw_cert, flags); +#ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return _gnutls_openpgp_raw_key_to_gcert (gcert, raw_cert); +#endif default: gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -700,10 +713,12 @@ _gnutls_raw_privkey_to_gkey (gnutls_privkey * key, { case GNUTLS_CRT_X509: return _gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc); +#ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return _gnutls_openpgp_raw_privkey_to_gkey (key, raw_key, (gnutls_openpgp_crt_fmt_t) key_enc); +#endif default: gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 4058dbcf9d..a8ad52ad55 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -624,6 +624,7 @@ _gnutls_dh_set_group (gnutls_session_t session, mpi_t gen, mpi_t prime) return 0; } +#ifdef ENABLE_OPENPGP /** * gnutls_openpgp_send_cert - This function will order gnutls to send the openpgp fingerprint instead of the key * @session: is a pointer to a #gnutls_session_t structure. @@ -640,6 +641,7 @@ gnutls_openpgp_send_cert (gnutls_session_t session, { session->internals.pgp_fingerprint = status; } +#endif /** * gnutls_certificate_send_x509_rdn_sequence - This function will order gnutls to send or not the x.509 rdn sequence @@ -662,11 +664,13 @@ gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session, session->internals.ignore_rdn_sequence = status; } +#ifdef ENABLE_OPENPGP int _gnutls_openpgp_send_fingerprint (gnutls_session_t session) { return session->internals.pgp_fingerprint; } +#endif /*- * _gnutls_record_set_default_version - Used to set the default version for the first record packet |