diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-03 13:59:39 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 15:29:35 +0100 |
| commit | e6840481c05fe2e0810ae138e9bde7f1db550e9d (patch) | |
| tree | 9c548b8bd185d4031c663d713defc42850e3a770 /lib/auth | |
| parent | f3991e2f3352003af5ef83933d133bcb7193e2b9 (diff) | |
| download | gnutls-e6840481c05fe2e0810ae138e9bde7f1db550e9d.tar.gz | |
handshake: added support for client certificates
That is, receive and parse a certificate request, certificate
verify, as well as certificate in server side.
That way, client certificates
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/auth')
| -rw-r--r-- | lib/auth/cert.c | 19 | ||||
| -rw-r--r-- | lib/auth/cert.h | 5 |
2 files changed, 12 insertions, 12 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 3d463d0a76..744641ad24 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -513,10 +513,10 @@ call_get_cert_callback(gnutls_session_t session, * 20020128: added ability to select a certificate depending on the SIGN * algorithm (only in automatic mode). */ -static int -select_client_cert(gnutls_session_t session, - uint8_t * _data, size_t _data_size, - gnutls_pk_algorithm_t * pk_algos, int pk_algos_length) +int +_gnutls_select_client_cert(gnutls_session_t session, + uint8_t * _data, size_t _data_size, + gnutls_pk_algorithm_t * pk_algos, int pk_algos_length) { int result; int indx = -1; @@ -983,8 +983,8 @@ _gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data, * he wants to use. */ if ((ret = - select_client_cert(session, p, size, pk_algos, - pk_algos_length)) < 0) { + _gnutls_select_client_cert(session, p, size, pk_algos, + pk_algos_length)) < 0) { gnutls_assert(); return ret; } @@ -1217,9 +1217,6 @@ _gnutls_get_selected_cert(gnutls_session_t session, { if (session->security_parameters.entity == GNUTLS_SERVER) { - /* select_client_cert() has been called before. - */ - *apr_cert_list = session->internals.selected_cert_list; *apr_pkey = session->internals.selected_key; *apr_cert_list_length = @@ -1232,9 +1229,7 @@ _gnutls_get_selected_cert(gnutls_session_t session, } else { /* CLIENT SIDE */ - - /* we have already decided which certificate - * to send. + /* _gnutls_select_client_cert() must have been called before. */ *apr_cert_list = session->internals.selected_cert_list; *apr_cert_list_length = diff --git a/lib/auth/cert.h b/lib/auth/cert.h index 1c89ebe1a8..ab8e840c7c 100644 --- a/lib/auth/cert.h +++ b/lib/auth/cert.h @@ -130,6 +130,11 @@ int _gnutls_get_selected_cert(gnutls_session_t session, int *apr_cert_list_length, gnutls_privkey_t * apr_pkey); +int +_gnutls_select_client_cert(gnutls_session_t session, + uint8_t * _data, size_t _data_size, + gnutls_pk_algorithm_t * pk_algos, int pk_algos_length); + int _gnutls_copy_certificate_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts); int |