diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-21 14:51:24 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-21 14:51:24 +0000 |
commit | 0445a3554997687e10655fd10b94d5ea16adbd5a (patch) | |
tree | 848519a092da399e2902b7d896906d94aa0f6303 /lib | |
parent | b14fc8a7a4d304521a657a6f63635f6d1c765bd1 (diff) | |
download | gnutls-0445a3554997687e10655fd10b94d5ea16adbd5a.tar.gz |
*** empty log message ***gnutls_1_1_0
Diffstat (limited to 'lib')
-rw-r--r-- | lib/auth_cert.c | 24 | ||||
-rw-r--r-- | lib/auth_cert.h | 27 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 12 | ||||
-rw-r--r-- | lib/gnutls_int.h | 30 | ||||
-rw-r--r-- | lib/gnutls_ui.h | 12 | ||||
-rw-r--r-- | lib/x509/compat.c | 1 |
6 files changed, 56 insertions, 50 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c index cbc4401b80..e76ece4bfc 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -412,15 +412,23 @@ retr_st st; int ret; gnutls_certificate_type type = gnutls_certificate_type_get(session); +const gnutls_certificate_credentials cred; + + cred = + _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL); + if (cred == NULL) { + gnutls_assert(); + return GNUTLS_E_INSUFFICIENT_CREDENTIALS; + } memset( &st, 0, sizeof(st)); if (session->security_parameters.entity == GNUTLS_SERVER) { ret = - session->internals.server_get_cert_callback(session, &st); + cred->server_get_cert_callback(session, &st); } else { /* CLIENT */ ret = - session->internals.client_get_cert_callback(session, + cred->client_get_cert_callback(session, issuers_dn, issuers_dn_length, &st); } @@ -454,7 +462,7 @@ gnutls_certificate_type type = } - _gnutls_selected_certs_set(session, local_certs, st.ncerts, + _gnutls_selected_certs_set(session, local_certs, (local_certs!=NULL)?st.ncerts:0, local_key, 1); ret = 0; @@ -462,7 +470,7 @@ gnutls_certificate_type type = cleanup: if (st.type == GNUTLS_CRT_X509) { - if (st.deinit_all_keys) { + if (st.deinit_all) { for (i = 0; i < st.ncerts; i++) { gnutls_x509_crt_deinit(st.cert.x509[i]); } @@ -470,7 +478,7 @@ cleanup: gnutls_x509_privkey_deinit(st.key.x509); } } else { - if (st.deinit_all_keys) { + if (st.deinit_all) { if (_E_gnutls_openpgp_key_deinit == NULL || _E_gnutls_openpgp_privkey_deinit == NULL) { gnutls_assert(); @@ -512,7 +520,7 @@ static int _select_client_cert(gnutls_session session, return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if (session->internals.client_get_cert_callback != NULL || + if (cred->client_get_cert_callback != NULL || session->internals.client_cert_callback != NULL) { /* use a callback to get certificate @@ -537,7 +545,7 @@ static int _select_client_cert(gnutls_session session, } } - if (session->internals.client_get_cert_callback) { + if (cred->client_get_cert_callback) { result = call_get_cert_callback( session, issuers_dn, issuers_dn_length); goto cleanup; } @@ -1610,7 +1618,7 @@ int _gnutls_server_select_cert(gnutls_session session, /* If the callback which retrieves certificate has been * set use it. */ - if (session->internals.server_get_cert_callback != NULL) { + if (cred->server_get_cert_callback != NULL) { return call_get_cert_callback( session, NULL, 0); diff --git a/lib/auth_cert.h b/lib/auth_cert.h index 94085ca53d..3e26c21207 100644 --- a/lib/auth_cert.h +++ b/lib/auth_cert.h @@ -3,6 +3,30 @@ # include "gnutls_cert.h" # include "gnutls_auth.h" # include "x509/x509.h" +#include "../libextra/openpgp/openpgp.h" + +typedef struct retr_st { + gnutls_certificate_type type; + union cert { + gnutls_x509_crt* x509; + gnutls_openpgp_key pgp; + } cert; + uint ncerts; + + union key { + gnutls_x509_privkey x509; + gnutls_openpgp_privkey pgp; + } key; + + uint deinit_all; +} retr_st; + +typedef int gnutls_certificate_client_retrieve_function( + struct gnutls_session_int*, const gnutls_datum* req_ca_cert, int nreqs, + retr_st*); + +typedef int gnutls_certificate_server_retrieve_function( + struct gnutls_session_int*, retr_st*); /* This structure may be complex, but it's the only way to * support a server that has multiple certificates @@ -59,6 +83,9 @@ typedef struct { * generating on every handshake. */ gnutls_datum x509_rdn_sequence; + + gnutls_certificate_client_retrieve_function* client_get_cert_callback; + gnutls_certificate_server_retrieve_function* server_get_cert_callback; } CERTIFICATE_CREDENTIALS_INT; /* typedef CERTIFICATE_CREDENTIALS_INT * CERTIFICATE_CREDENTIALS; */ diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 16162b1be0..8366a5c392 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -319,7 +319,7 @@ void gnutls_certificate_server_set_select_function(gnutls_session session, /** * gnutls_certificate_client_set_retrieve_function - Used to set a callback to retrieve the certificate - * @session: is a &gnutls_session structure. + * @cred: is a &gnutls_certificate_credentials structure. * @func: is the callback function * * This function sets a callback to be called in order to retrieve the certificate @@ -348,15 +348,15 @@ void gnutls_certificate_server_set_select_function(gnutls_session session, * return 0 on success. The value (-1) indicates error and the handshake * will be terminated. **/ -void gnutls_certificate_client_set_retrieve_function(gnutls_session session, +void gnutls_certificate_client_set_retrieve_function(gnutls_certificate_credentials cred, gnutls_certificate_client_retrieve_function * func) { - session->internals.client_get_cert_callback = func; + cred->client_get_cert_callback = func; } /** * gnutls_certificate_server_set_retrieve_function - Used to set a callback to retrieve the certificate - * @session: is a &gnutls_session structure. + * @cred: is a &gnutls_certificate_credentials structure. * @func: is the callback function * * This function sets a callback to be called in order to retrieve the certificate @@ -379,10 +379,10 @@ void gnutls_certificate_client_set_retrieve_function(gnutls_session session, * return 0 on success. The value (-1) indicates error and the handshake * will be terminated. **/ -void gnutls_certificate_server_set_retrieve_function(gnutls_session session, +void gnutls_certificate_server_set_retrieve_function(gnutls_certificate_credentials cred, gnutls_certificate_server_retrieve_function * func) { - session->internals.server_get_cert_callback = func; + cred->server_get_cert_callback = func; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index cb396180fe..7eb254f64a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -420,33 +420,6 @@ typedef int certificate_server_select_func(struct gnutls_session_int*, typedef int srp_server_select_func(struct gnutls_session_int*, const char**, const char**, unsigned int); -/* authentication function definitions: - */ -#include "../libextra/openpgp/openpgp.h" - -typedef struct retr_st { - gnutls_certificate_type type; - union cert { - gnutls_x509_crt* x509; - gnutls_openpgp_key pgp; - } cert; - uint ncerts; - - union key { - gnutls_x509_privkey x509; - gnutls_openpgp_privkey pgp; - } key; - - uint deinit_all_keys; -} retr_st; - -typedef int gnutls_certificate_client_retrieve_function( - struct gnutls_session_int*, const gnutls_datum* req_ca_cert, int nreqs, - retr_st*); - -typedef int gnutls_certificate_server_retrieve_function( - struct gnutls_session_int*, retr_st*); - typedef struct { opaque header[HANDSHAKE_HEADER_SIZE]; /* this holds the number of bytes in the handshake_header[] */ @@ -566,9 +539,6 @@ typedef struct { certificate_client_select_func* client_cert_callback; certificate_server_select_func* server_cert_callback; - gnutls_certificate_client_retrieve_function* client_get_cert_callback; - gnutls_certificate_server_retrieve_function* server_get_cert_callback; - /* Callback to select the proper password file */ srp_server_select_func* server_srp_callback; diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index 6c2dbabdd3..fbca386228 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -43,12 +43,12 @@ typedef struct gnutls_retr_st { gnutls_openpgp_privkey pgp; } key; - uint deinit_all_keys; /* if non zero all keys will be deinited */ + uint deinit_all; /* if non zero all keys will be deinited */ } gnutls_retr_st; typedef int gnutls_certificate_client_retrieve_function(gnutls_session, const gnutls_datum - * req_ca_cert, + * req_ca_rdn, int nreqs, gnutls_retr_st *); typedef int gnutls_certificate_server_retrieve_function(gnutls_session, @@ -72,8 +72,6 @@ int gnutls_rsa_export_get_modulus_bits(gnutls_session session); /* X509PKI */ -#include <gnutls/compat8.h> - void gnutls_certificate_client_set_select_function(gnutls_session, gnutls_certificate_client_select_function *); @@ -81,10 +79,12 @@ void gnutls_certificate_server_set_select_function(gnutls_session, gnutls_certificate_server_select_function *); -void gnutls_certificate_client_set_retrieve_function(gnutls_session, +/* These are set on the credentials structure. + */ +void gnutls_certificate_client_set_retrieve_function(gnutls_certificate_client_credentials, gnutls_certificate_client_retrieve_function *); -void gnutls_certificate_server_set_retrieve_function(gnutls_session, +void gnutls_certificate_server_set_retrieve_function(gnutls_certificate_server_credentials, gnutls_certificate_server_retrieve_function *); diff --git a/lib/x509/compat.c b/lib/x509/compat.c index 95b0ae6877..77c21d4da4 100644 --- a/lib/x509/compat.c +++ b/lib/x509/compat.c @@ -30,6 +30,7 @@ #include <dn.h> #include <libtasn1.h> #include <gnutls/x509.h> +#include <gnutls/compat8.h> /** * gnutls_x509_extract_dn - This function parses an RDN sequence |