*** empty log message ***gnutls_1_1_0

6 files changed, 56 insertions, 50 deletions

diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index cbc4401b80..e76ece4bfc 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -412,15 +412,23 @@ retr_st st;
 int ret;
 gnutls_certificate_type type =
     gnutls_certificate_type_get(session);
+const gnutls_certificate_credentials cred;
+
+	cred =
+	    _gnutls_get_cred(session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+	if (cred == NULL) {
+		gnutls_assert();
+		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+	}
 
 	memset( &st, 0, sizeof(st));
 
 	if (session->security_parameters.entity == GNUTLS_SERVER) {
 		ret =
-		    session->internals.server_get_cert_callback(session, &st);
+		    cred->server_get_cert_callback(session, &st);
 	} else { /* CLIENT */
 		ret =
-		    session->internals.client_get_cert_callback(session,
+		    cred->client_get_cert_callback(session,
 		    		issuers_dn, issuers_dn_length,
 				&st);
 	}
@@ -454,7 +462,7 @@ gnutls_certificate_type type =
 
 	}
 
-	_gnutls_selected_certs_set(session, local_certs, st.ncerts,
+	_gnutls_selected_certs_set(session, local_certs, (local_certs!=NULL)?st.ncerts:0,
 				   local_key, 1);
 
 	ret = 0;
@@ -462,7 +470,7 @@ gnutls_certificate_type type =
 cleanup:
 
 	if (st.type == GNUTLS_CRT_X509) {
-		if (st.deinit_all_keys) {
+		if (st.deinit_all) {
 			for (i = 0; i < st.ncerts; i++) {
 				gnutls_x509_crt_deinit(st.cert.x509[i]);
 			}
@@ -470,7 +478,7 @@ cleanup:
 			gnutls_x509_privkey_deinit(st.key.x509);
 		}
 	} else {
-		if (st.deinit_all_keys) {
+		if (st.deinit_all) {
 			if (_E_gnutls_openpgp_key_deinit == NULL ||
 				_E_gnutls_openpgp_privkey_deinit == NULL) {
 				gnutls_assert();
@@ -512,7 +520,7 @@ static int _select_client_cert(gnutls_session session,
 		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 	}
 
-	if (session->internals.client_get_cert_callback != NULL ||
+	if (cred->client_get_cert_callback != NULL ||
 		session->internals.client_cert_callback != NULL) {
 
 		/* use a callback to get certificate 
@@ -537,7 +545,7 @@ static int _select_client_cert(gnutls_session session,
 			}
 		}
 
-		if (session->internals.client_get_cert_callback) {
+		if (cred->client_get_cert_callback) {
 			result = call_get_cert_callback( session, issuers_dn, issuers_dn_length);
 			goto cleanup;
 		}
@@ -1610,7 +1618,7 @@ int _gnutls_server_select_cert(gnutls_session session,
 	/* If the callback which retrieves certificate has been
 	 * set use it.
 	 */
-	if (session->internals.server_get_cert_callback != NULL) {
+	if (cred->server_get_cert_callback != NULL) {
 
 		return call_get_cert_callback( session, NULL, 0);
 
diff --git a/lib/auth_cert.h b/lib/auth_cert.h
index 94085ca53d..3e26c21207 100644
--- a/lib/auth_cert.h
+++ b/lib/auth_cert.h
@@ -3,6 +3,30 @@
 # include "gnutls_cert.h"
 # include "gnutls_auth.h"
 # include "x509/x509.h"
+#include "../libextra/openpgp/openpgp.h"
+
+typedef struct retr_st {
+	gnutls_certificate_type type;
+	union cert {
+		gnutls_x509_crt* x509;
+		gnutls_openpgp_key pgp;
+	} cert;
+	uint ncerts;
+
+	union key {
+		gnutls_x509_privkey x509;
+		gnutls_openpgp_privkey pgp;
+	} key;
+	
+	uint deinit_all;
+} retr_st;
+
+typedef int gnutls_certificate_client_retrieve_function(
+   struct gnutls_session_int*, const gnutls_datum* req_ca_cert, int nreqs,
+   retr_st*);
+
+typedef int gnutls_certificate_server_retrieve_function(
+   struct gnutls_session_int*, retr_st*);
 
 /* This structure may be complex, but it's the only way to
  * support a server that has multiple certificates
@@ -59,6 +83,9 @@ typedef struct {
 			 * generating on every handshake.
 			 */
 	gnutls_datum	x509_rdn_sequence;
+
+	gnutls_certificate_client_retrieve_function*	client_get_cert_callback;
+	gnutls_certificate_server_retrieve_function*	server_get_cert_callback;
 } CERTIFICATE_CREDENTIALS_INT;
 
 /* typedef CERTIFICATE_CREDENTIALS_INT * CERTIFICATE_CREDENTIALS; */
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 16162b1be0..8366a5c392 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -319,7 +319,7 @@ void gnutls_certificate_server_set_select_function(gnutls_session session,
 
 /**
   * gnutls_certificate_client_set_retrieve_function - Used to set a callback to retrieve the certificate
-  * @session: is a &gnutls_session structure.
+  * @cred: is a &gnutls_certificate_credentials structure.
   * @func: is the callback function
   *
   * This function sets a callback to be called in order to retrieve the certificate
@@ -348,15 +348,15 @@ void gnutls_certificate_server_set_select_function(gnutls_session session,
   * return 0 on success.  The value (-1) indicates error and the handshake
   * will be terminated.
   **/
-void gnutls_certificate_client_set_retrieve_function(gnutls_session session,
+void gnutls_certificate_client_set_retrieve_function(gnutls_certificate_credentials cred,
 			gnutls_certificate_client_retrieve_function * func)
 {
-	session->internals.client_get_cert_callback = func;
+	cred->client_get_cert_callback = func;
 }
 
 /**
   * gnutls_certificate_server_set_retrieve_function - Used to set a callback to retrieve the certificate
-  * @session: is a &gnutls_session structure.
+  * @cred: is a &gnutls_certificate_credentials structure.
   * @func: is the callback function
   *
   * This function sets a callback to be called in order to retrieve the certificate
@@ -379,10 +379,10 @@ void gnutls_certificate_client_set_retrieve_function(gnutls_session session,
   * return 0 on success.  The value (-1) indicates error and the handshake
   * will be terminated.
   **/
-void gnutls_certificate_server_set_retrieve_function(gnutls_session session,
+void gnutls_certificate_server_set_retrieve_function(gnutls_certificate_credentials cred,
 			gnutls_certificate_server_retrieve_function * func)
 {
-	session->internals.server_get_cert_callback = func;
+	cred->server_get_cert_callback = func;
 }
 
 
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index cb396180fe..7eb254f64a 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -420,33 +420,6 @@ typedef int certificate_server_select_func(struct gnutls_session_int*,
 typedef int srp_server_select_func(struct gnutls_session_int*, 
 	const char**, const char**, unsigned int);
 
-/* authentication function definitions:
- */
-#include "../libextra/openpgp/openpgp.h"
-
-typedef struct retr_st {
-	gnutls_certificate_type type;
-	union cert {
-		gnutls_x509_crt* x509;
-		gnutls_openpgp_key pgp;
-	} cert;
-	uint ncerts;
-
-	union key {
-		gnutls_x509_privkey x509;
-		gnutls_openpgp_privkey pgp;
-	} key;
-	
-	uint deinit_all_keys;
-} retr_st;
-
-typedef int gnutls_certificate_client_retrieve_function(
-   struct gnutls_session_int*, const gnutls_datum* req_ca_cert, int nreqs,
-   retr_st*);
-
-typedef int gnutls_certificate_server_retrieve_function(
-   struct gnutls_session_int*, retr_st*);
-
 typedef struct {
 	opaque				header[HANDSHAKE_HEADER_SIZE];
 	/* this holds the number of bytes in the handshake_header[] */
@@ -566,9 +539,6 @@ typedef struct {
 	certificate_client_select_func*	client_cert_callback;
 	certificate_server_select_func*	server_cert_callback;
 
-	gnutls_certificate_client_retrieve_function*	client_get_cert_callback;
-	gnutls_certificate_server_retrieve_function*	server_get_cert_callback;
-
 	/* Callback to select the proper password file
 	 */
 	srp_server_select_func*		server_srp_callback;
diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h
index 6c2dbabdd3..fbca386228 100644
--- a/lib/gnutls_ui.h
+++ b/lib/gnutls_ui.h
@@ -43,12 +43,12 @@ typedef struct gnutls_retr_st {
 		gnutls_openpgp_privkey pgp;
 	} key;
 
-	uint deinit_all_keys;	/* if non zero all keys will be deinited */
+	uint deinit_all;	/* if non zero all keys will be deinited */
 } gnutls_retr_st;
 
 typedef int gnutls_certificate_client_retrieve_function(gnutls_session,
 							const gnutls_datum
-							* req_ca_cert,
+							* req_ca_rdn,
 							int nreqs,
 							gnutls_retr_st *);
 typedef int gnutls_certificate_server_retrieve_function(gnutls_session,
@@ -72,8 +72,6 @@ int gnutls_rsa_export_get_modulus_bits(gnutls_session session);
 
 /* X509PKI */
 
-#include <gnutls/compat8.h>
-
 void gnutls_certificate_client_set_select_function(gnutls_session,
 						   gnutls_certificate_client_select_function
 						   *);
@@ -81,10 +79,12 @@ void gnutls_certificate_server_set_select_function(gnutls_session,
 						   gnutls_certificate_server_select_function
 						   *);
 
-void gnutls_certificate_client_set_retrieve_function(gnutls_session,
+/* These are set on the credentials structure.
+ */
+void gnutls_certificate_client_set_retrieve_function(gnutls_certificate_client_credentials,
 						     gnutls_certificate_client_retrieve_function
 						     *);
-void gnutls_certificate_server_set_retrieve_function(gnutls_session,
+void gnutls_certificate_server_set_retrieve_function(gnutls_certificate_server_credentials,
 						     gnutls_certificate_server_retrieve_function
 						     *);
 
diff --git a/lib/x509/compat.c b/lib/x509/compat.c
index 95b0ae6877..77c21d4da4 100644
--- a/lib/x509/compat.c
+++ b/lib/x509/compat.c
@@ -30,6 +30,7 @@
 #include <dn.h>
 #include <libtasn1.h>
 #include <gnutls/x509.h>
+#include <gnutls/compat8.h>
 
 /**
   * gnutls_x509_extract_dn - This function parses an RDN sequence