diff options
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/cli.c | 4 | ||||
-rw-r--r-- | src/common.c | 1074 | ||||
-rw-r--r-- | src/serv.c | 1717 |
4 files changed, 1285 insertions, 1511 deletions
@@ -4,6 +4,7 @@ Copyright (C) 2000, 2001, 2002, 2003, 2004 Nikos Mavroyanopoulos See the end for copying conditions. * Version 1.2.12 (unreleased) +- Replaced inactive ifdefs to enable openpgp support in test programs. - API and ABI modifications: No changes since last version. @@ -216,7 +216,7 @@ static void load_keys(void) fprintf(stderr, "Processed %d client X.509 certificates...\n", x509_crt_size); } -#ifdef USE_OPENPGP +#ifdef ENABLE_OPENPGP if (pgp_certfile != NULL && pgp_keyfile != NULL) { data = load_file(pgp_certfile); if (data.data == NULL) { @@ -958,7 +958,7 @@ static void init_global_tls_stuff(void) load_keys(); -#ifdef USE_OPENPGP +#ifdef ENABLE_OPENPGP if (pgp_keyring != NULL) { ret = gnutls_certificate_set_openpgp_keyring_file(xcred, diff --git a/src/common.c b/src/common.c index d57147f1e1..ce53cabb96 100644 --- a/src/common.c +++ b/src/common.c @@ -47,772 +47,692 @@ const char str_unknown[] = "(unknown)"; /* Hex encodes the given data. */ -const char * -raw_to_string (const unsigned char *raw, size_t raw_size) +const char *raw_to_string(const unsigned char *raw, size_t raw_size) { - static char buf[1024]; - size_t i; - if (raw_size == 0) - return NULL; - - if (raw_size * 3 + 1 >= sizeof (buf)) - return NULL; - - for (i = 0; i < raw_size; i++) - { - sprintf (&(buf[i * 3]), "%02X%s", raw[i], - (i == raw_size - 1) ? "" : ":"); + static char buf[1024]; + size_t i; + if (raw_size == 0) + return NULL; + + if (raw_size * 3 + 1 >= sizeof(buf)) + return NULL; + + for (i = 0; i < raw_size; i++) { + sprintf(&(buf[i * 3]), "%02X%s", raw[i], + (i == raw_size - 1) ? "" : ":"); } - buf[sizeof (buf) - 1] = '\0'; + buf[sizeof(buf) - 1] = '\0'; - return buf; + return buf; } -static const char * -my_ctime (const time_t * tv) +static const char *my_ctime(const time_t * tv) { - static char buf[256]; - struct tm *tp; + static char buf[256]; + struct tm *tp; - if (((tp = localtime (tv)) == NULL) || - (!strftime (buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp))) - strcpy (buf, str_unknown); /* make sure buf text isn't garbage */ + if (((tp = localtime(tv)) == NULL) || + (!strftime(buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp))) + strcpy(buf, str_unknown); /* make sure buf text isn't garbage */ - return buf; + return buf; } -void -print_x509_info (gnutls_session session, const char *hostname) +void print_x509_info(gnutls_session session, const char *hostname) { - gnutls_x509_crt crt; - const gnutls_datum *cert_list; - size_t cert_list_size = 0; - int ret; - char digest[20]; - char serial[40]; - char dn[256]; - size_t dn_size; - size_t digest_size = sizeof (digest); - unsigned int j; - size_t serial_size = sizeof (serial); - const char *print; - const char *cstr; - unsigned int bits, algo; - time_t expiret, activet; - - cert_list = gnutls_certificate_get_peers (session, &cert_list_size); - - - if (cert_list_size == 0) - { - fprintf (stderr, "No certificates found!\n"); - return; + gnutls_x509_crt crt; + const gnutls_datum *cert_list; + size_t cert_list_size = 0; + int ret; + char digest[20]; + char serial[40]; + char dn[256]; + size_t dn_size; + size_t digest_size = sizeof(digest); + unsigned int j; + size_t serial_size = sizeof(serial); + const char *print; + const char *cstr; + unsigned int bits, algo; + time_t expiret, activet; + + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); + + + if (cert_list_size == 0) { + fprintf(stderr, "No certificates found!\n"); + return; } - printf (" - Got a certificate list of %d certificates.\n\n", - cert_list_size); + printf(" - Got a certificate list of %d certificates.\n\n", + cert_list_size); - for (j = 0; j < (unsigned int) cert_list_size; j++) - { + for (j = 0; j < (unsigned int) cert_list_size; j++) { - gnutls_x509_crt_init (&crt); - ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER); - if (ret < 0) - { - fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret)); - return; + gnutls_x509_crt_init(&crt); + ret = + gnutls_x509_crt_import(crt, &cert_list[j], + GNUTLS_X509_FMT_DER); + if (ret < 0) { + fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret)); + return; } - printf (" - Certificate[%d] info:\n", j); + printf(" - Certificate[%d] info:\n", j); - if (print_cert) - { - size_t size; + if (print_cert) { + size_t size; - size = sizeof (buffer); + size = sizeof(buffer); - ret = - gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, buffer, &size); - if (ret < 0) - { - fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret)); - return; + ret = + gnutls_x509_crt_export(crt, + GNUTLS_X509_FMT_PEM, buffer, &size); + if (ret < 0) { + fprintf(stderr, "Encoding error: %s\n", + gnutls_strerror(ret)); + return; } - fputs ("\n", stdout); - fputs (buffer, stdout); - fputs ("\n", stdout); + fputs("\n", stdout); + fputs(buffer, stdout); + fputs("\n", stdout); } - if (j == 0 && hostname != NULL) - { /* Check the hostname of the first certificate - * if it matches the name of the host we - * connected to. - */ - if (gnutls_x509_crt_check_hostname (crt, hostname) == 0) - { - printf - (" # The hostname in the certificate does NOT match '%s'.\n", - hostname); - } - else - { - printf - (" # The hostname in the certificate matches '%s'.\n", - hostname); + if (j == 0 && hostname != NULL) { /* Check the hostname of the first certificate + * if it matches the name of the host we + * connected to. + */ + if (gnutls_x509_crt_check_hostname(crt, hostname) + == 0) { + printf + (" # The hostname in the certificate does NOT match '%s'.\n", + hostname); + } else { + printf + (" # The hostname in the certificate matches '%s'.\n", + hostname); } } - if (xml) - { + if (xml) { #ifdef ENABLE_PKI - gnutls_datum xml_data; - - ret = gnutls_x509_crt_to_xml (crt, &xml_data, 0); - if (ret < 0) - { - fprintf (stderr, "XML encoding error: %s\n", - gnutls_strerror (ret)); - return; + gnutls_datum xml_data; + + ret = gnutls_x509_crt_to_xml(crt, &xml_data, 0); + if (ret < 0) { + fprintf(stderr, "XML encoding error: %s\n", + gnutls_strerror(ret)); + return; } - printf ("%s", xml_data.data); - gnutls_free (xml_data.data); + printf("%s", xml_data.data); + gnutls_free(xml_data.data); #endif - } - else - { + } else { - expiret = gnutls_x509_crt_get_expiration_time (crt); - activet = gnutls_x509_crt_get_activation_time (crt); + expiret = gnutls_x509_crt_get_expiration_time(crt); + activet = gnutls_x509_crt_get_activation_time(crt); - printf (" # valid since: %s", my_ctime (&activet)); - printf (" # expires at: %s", my_ctime (&expiret)); + printf(" # valid since: %s", my_ctime(&activet)); + printf(" # expires at: %s", my_ctime(&expiret)); - /* Print the serial number of the certificate. - */ - if (verbose - && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0) - { - print = raw_to_string (serial, serial_size); - if (print != NULL) - printf (" # serial number: %s\n", print); + /* Print the serial number of the certificate. + */ + if (verbose + && gnutls_x509_crt_get_serial(crt, serial, &serial_size) + >= 0) { + print = raw_to_string(serial, serial_size); + if (print != NULL) + printf(" # serial number: %s\n", print); } - /* Print the fingerprint of the certificate - */ - digest_size = sizeof (digest); - if ((ret = - gnutls_x509_crt_get_fingerprint (crt, - GNUTLS_DIG_MD5, - digest, &digest_size)) < 0) - { - fprintf (stderr, - "Error in fingerprint calculation: %s\n", - gnutls_strerror (ret)); - } - else - { - print = raw_to_string (digest, digest_size); - if (print != NULL) - printf (" # fingerprint: %s\n", print); + /* Print the fingerprint of the certificate + */ + digest_size = sizeof(digest); + if ((ret = + gnutls_x509_crt_get_fingerprint(crt, + GNUTLS_DIG_MD5, + digest, &digest_size)) + < 0) { + fprintf(stderr, + "Error in fingerprint calculation: %s\n", + gnutls_strerror(ret)); + } else { + print = raw_to_string(digest, digest_size); + if (print != NULL) + printf(" # fingerprint: %s\n", print); } - /* Print the version of the X.509 - * certificate. - */ - if (verbose) - { - printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt)); + /* Print the version of the X.509 + * certificate. + */ + if (verbose) { + printf(" # version: #%d\n", + gnutls_x509_crt_get_version(crt)); - bits = 0; - algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits); - printf (" # public key algorithm: "); + bits = 0; + algo = gnutls_x509_crt_get_pk_algorithm(crt, &bits); + printf(" # public key algorithm: "); - cstr = SU (gnutls_pk_algorithm_get_name (algo)); - printf ("%s (%d bits)\n", cstr, bits); + cstr = SU(gnutls_pk_algorithm_get_name(algo)); + printf("%s (%d bits)\n", cstr, bits); #ifdef ENABLE_PKI - if (algo == GNUTLS_PK_RSA) - { - gnutls_datum e, m; + if (algo == GNUTLS_PK_RSA) { + gnutls_datum e, m; - ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e); - if (ret >= 0) - { - print = SU (raw_to_string (e.data, e.size)); - printf (" # e [%d bits]: %s\n", e.size * 8, print); + ret = gnutls_x509_crt_get_pk_rsa_raw(crt, &m, &e); + if (ret >= 0) { + print = SU(raw_to_string(e.data, e.size)); + printf(" # e [%d bits]: %s\n", e.size * 8, print); - print = SU (raw_to_string (m.data, m.size)); - printf (" # m [%d bits]: %s\n", m.size * 8, print); + print = SU(raw_to_string(m.data, m.size)); + printf(" # m [%d bits]: %s\n", m.size * 8, print); - gnutls_free (e.data); - gnutls_free (m.data); + gnutls_free(e.data); + gnutls_free(m.data); } - } - else if (algo == GNUTLS_PK_DSA) - { - gnutls_datum p, q, g, y; + } else if (algo == GNUTLS_PK_DSA) { + gnutls_datum p, q, g, y; - ret = gnutls_x509_crt_get_pk_dsa_raw (crt, &p, &q, &g, &y); - if (ret >= 0) - { - print = SU (raw_to_string (p.data, p.size)); - printf (" # p [%d bits]: %s\n", p.size * 8, print); + ret = + gnutls_x509_crt_get_pk_dsa_raw + (crt, &p, &q, &g, &y); + if (ret >= 0) { + print = SU(raw_to_string(p.data, p.size)); + printf(" # p [%d bits]: %s\n", p.size * 8, print); - print = SU (raw_to_string (q.data, q.size)); - printf (" # q [%d bits]: %s\n", q.size * 8, print); + print = SU(raw_to_string(q.data, q.size)); + printf(" # q [%d bits]: %s\n", q.size * 8, print); - print = SU (raw_to_string (g.data, g.size)); - printf (" # g [%d bits]: %s\n", g.size * 8, print); + print = SU(raw_to_string(g.data, g.size)); + printf(" # g [%d bits]: %s\n", g.size * 8, print); - print = SU (raw_to_string (y.data, y.size)); - printf (" # y [%d bits]: %s\n", y.size * 8, print); + print = SU(raw_to_string(y.data, y.size)); + printf(" # y [%d bits]: %s\n", y.size * 8, print); - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - gnutls_free (y.data); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); } } #endif } - dn_size = sizeof (dn); - ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size); - if (ret >= 0) - printf (" # Subject's DN: %s\n", dn); + dn_size = sizeof(dn); + ret = gnutls_x509_crt_get_dn(crt, dn, &dn_size); + if (ret >= 0) + printf(" # Subject's DN: %s\n", dn); - dn_size = sizeof (dn); - ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size); - if (ret >= 0) - printf (" # Issuer's DN: %s\n", dn); + dn_size = sizeof(dn); + ret = gnutls_x509_crt_get_issuer_dn(crt, dn, &dn_size); + if (ret >= 0) + printf(" # Issuer's DN: %s\n", dn); } - gnutls_x509_crt_deinit (crt); + gnutls_x509_crt_deinit(crt); - printf ("\n"); + printf("\n"); } } -#ifdef USE_OPENPGP +#ifdef ENABLE_OPENPGP -void -print_openpgp_info (gnutls_session session, const char *hostname) +void print_openpgp_info(gnutls_session session, const char *hostname) { - char digest[20]; - size_t digest_size = sizeof (digest); - int ret; - const char *print; - const char *cstr; - char name[256]; - size_t name_len = sizeof (name); - gnutls_openpgp_key crt; - const gnutls_datum *cert_list; - int cert_list_size = 0; - time_t expiret; - time_t activet; - - cert_list = gnutls_certificate_get_peers (session, &cert_list_size); - - if (cert_list_size > 0) - { - unsigned int algo, bits; - - gnutls_openpgp_key_init (&crt); - ret = - gnutls_openpgp_key_import (crt, &cert_list[0], - GNUTLS_OPENPGP_FMT_RAW); - if (ret < 0) - { - fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret)); - return; + char digest[20]; + size_t digest_size = sizeof(digest); + int ret; + const char *print; + const char *cstr; + char name[256]; + size_t name_len = sizeof(name); + gnutls_openpgp_key crt; + const gnutls_datum *cert_list; + int cert_list_size = 0; + time_t expiret; + time_t activet; + + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); + + if (cert_list_size > 0) { + unsigned int algo, bits; + + gnutls_openpgp_key_init(&crt); + ret = + gnutls_openpgp_key_import(crt, &cert_list[0], + GNUTLS_OPENPGP_FMT_RAW); + if (ret < 0) { + fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret)); + return; } - if (print_cert) - { - size_t size; - - size = sizeof (buffer); - - ret = - gnutls_openpgp_key_export (crt, - GNUTLS_OPENPGP_FMT_BASE64, - buffer, &size); - if (ret < 0) - { - fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret)); - return; + if (print_cert) { + size_t size; + + size = sizeof(buffer); + + ret = + gnutls_openpgp_key_export(crt, + GNUTLS_OPENPGP_FMT_BASE64, + buffer, &size); + if (ret < 0) { + fprintf(stderr, "Encoding error: %s\n", + gnutls_strerror(ret)); + return; } - fputs ("\n", stdout); - fputs (buffer, stdout); - fputs ("\n", stdout); + fputs("\n", stdout); + fputs(buffer, stdout); + fputs("\n", stdout); } - if (hostname != NULL) - { /* Check the hostname of the first certificate + if (hostname != NULL) { /* Check the hostname of the first certificate * if it matches the name of the host we * connected to. */ - if (gnutls_openpgp_key_check_hostname (crt, hostname) == 0) - { - printf - (" # The hostname in the key does NOT match '%s'.\n", - hostname); - } - else - { - printf (" # The hostname in the key matches '%s'.\n", hostname); + if (gnutls_openpgp_key_check_hostname(crt, hostname) == 0) { + printf + (" # The hostname in the key does NOT match '%s'.\n", + hostname); + } else { + printf + (" # The hostname in the key matches '%s'.\n", + hostname); } } - if (xml) - { - gnutls_datum xml_data; - - ret = gnutls_openpgp_key_to_xml (crt, &xml_data, 0); - if (ret < 0) - { - fprintf (stderr, "XML encoding error: %s\n", - gnutls_strerror (ret)); - return; + if (xml) { + gnutls_datum xml_data; + + ret = gnutls_openpgp_key_to_xml(crt, &xml_data, 0); + if (ret < 0) { + fprintf(stderr, "XML encoding error: %s\n", + gnutls_strerror(ret)); + return; } - printf ("%s", xml_data.data); - gnutls_free (xml_data.data); + printf("%s", xml_data.data); + gnutls_free(xml_data.data); - return; + return; } - activet = gnutls_openpgp_key_get_creation_time (crt); - expiret = gnutls_openpgp_key_get_expiration_time (crt); + activet = gnutls_openpgp_key_get_creation_time(crt); + expiret = gnutls_openpgp_key_get_expiration_time(crt); - printf (" # Key was created at: %s", my_ctime (&activet)); - printf (" # Key expires: "); - if (expiret != 0) - printf ("%s", my_ctime (&expiret)); - else - printf ("Never\n"); + printf(" # Key was created at: %s", my_ctime(&activet)); + printf(" # Key expires: "); + if (expiret != 0) + printf("%s", my_ctime(&expiret)); + else + printf("Never\n"); - if (gnutls_openpgp_key_get_fingerprint (crt, digest, &digest_size) >= 0) - { - print = raw_to_string (digest, digest_size); + if (gnutls_openpgp_key_get_fingerprint + (crt, digest, &digest_size) >= 0) { + print = raw_to_string(digest, digest_size); - printf (" # PGP Key version: %d\n", - gnutls_openpgp_key_get_version (crt)); + printf(" # PGP Key version: %d\n", + gnutls_openpgp_key_get_version(crt)); - bits = 0; - algo = gnutls_openpgp_key_get_pk_algorithm (crt, &bits); + bits = 0; + algo = gnutls_openpgp_key_get_pk_algorithm(crt, &bits); - printf (" # PGP Key public key algorithm: "); - cstr = SU (gnutls_pk_algorithm_get_name (algo)); - printf ("%s (%d bits)\n", cstr, bits); + printf(" # PGP Key public key algorithm: "); + cstr = SU(gnutls_pk_algorithm_get_name(algo)); + printf("%s (%d bits)\n", cstr, bits); - if (print != NULL) - printf (" # PGP Key fingerprint: %s\n", print); + if (print != NULL) + printf(" # PGP Key fingerprint: %s\n", print); - name_len = sizeof (name); - if (gnutls_openpgp_key_get_name (crt, 0, name, &name_len) < 0) - { - fprintf (stderr, "Could not extract name\n"); - } - else - { - PRINT_PGP_NAME (name); + name_len = sizeof(name); + if (gnutls_openpgp_key_get_name(crt, 0, name, &name_len) < 0) { + fprintf(stderr, "Could not extract name\n"); + } else { + PRINT_PGP_NAME(name); } } - gnutls_openpgp_key_deinit (crt); + gnutls_openpgp_key_deinit(crt); } } #endif -void -print_cert_vrfy (gnutls_session session) +void print_cert_vrfy(gnutls_session session) { - int rc; - unsigned int status; + int rc; + unsigned int status; - rc = gnutls_certificate_verify_peers2 (session, &status); - printf ("\n"); + rc = gnutls_certificate_verify_peers2(session, &status); + printf("\n"); - if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND) - { - printf ("- Peer did not send any certificate.\n"); + if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND) { + printf("- Peer did not send any certificate.\n"); return; } - if (rc < 0) - { - printf ("- Could not verify certificate (err: %s)\n", - gnutls_strerror (rc)); + if (rc < 0) { + printf("- Could not verify certificate (err: %s)\n", + gnutls_strerror(rc)); return; } - if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509) - { - if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) - printf ("- Peer's certificate issuer is unknown\n"); - if (status & GNUTLS_CERT_INVALID) - printf ("- Peer's certificate is NOT trusted\n"); - else - printf ("- Peer's certificate is trusted\n"); - } - else - { - if (status & GNUTLS_CERT_INVALID) - printf ("- Peer's key is invalid\n"); - else - printf ("- Peer's key is valid\n"); - if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) - printf ("- Could not find a signer of the peer's key\n"); + if (gnutls_certificate_type_get(session) == GNUTLS_CRT_X509) { + if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) + printf("- Peer's certificate issuer is unknown\n"); + if (status & GNUTLS_CERT_INVALID) + printf("- Peer's certificate is NOT trusted\n"); + else + printf("- Peer's certificate is trusted\n"); + } else { + if (status & GNUTLS_CERT_INVALID) + printf("- Peer's key is invalid\n"); + else + printf("- Peer's key is valid\n"); + if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) + printf("- Could not find a signer of the peer's key\n"); } } -int -print_info (gnutls_session session, const char *hostname) +int print_info(gnutls_session session, const char *hostname) { - const char *tmp; - gnutls_credentials_type cred; - gnutls_kx_algorithm kx; + const char *tmp; + gnutls_credentials_type cred; + gnutls_kx_algorithm kx; - /* print the key exchange's algorithm name - */ - kx = gnutls_kx_get (session); + /* print the key exchange's algorithm name + */ + kx = gnutls_kx_get(session); - cred = gnutls_auth_get_type (session); - switch (cred) - { + cred = gnutls_auth_get_type(session); + switch (cred) { #ifdef ENABLE_ANON case GNUTLS_CRD_ANON: - printf ("- Anonymous DH using prime of %d bits, secret key " - "of %d bits, and peer's public key is %d bits.\n", - gnutls_dh_get_prime_bits (session), - gnutls_dh_get_secret_bits (session), - gnutls_dh_get_peers_public_bits (session)); - break; + printf("- Anonymous DH using prime of %d bits, secret key " + "of %d bits, and peer's public key is %d bits.\n", + gnutls_dh_get_prime_bits(session), + gnutls_dh_get_secret_bits(session), + gnutls_dh_get_peers_public_bits(session)); + break; #endif #ifdef ENABLE_SRP case GNUTLS_CRD_SRP: - /* This should be only called in server - * side. - */ - if (gnutls_srp_server_get_username (session) != NULL) - printf ("- SRP authentication. Connected as '%s'\n", - gnutls_srp_server_get_username (session)); - break; -#endif -#ifdef ENABLE_PSK - case GNUTLS_CRD_PSK: - /* This should be only called in server - * side. - */ - if (gnutls_psk_server_get_username (session) != NULL) - printf ("- PSK authentication. Connected as '%s'\n", - gnutls_psk_server_get_username (session)); - if (kx == GNUTLS_KX_DHE_PSK) { - printf ("- DH using prime of %d bits, secret key " - "of %d bits, and peer's public key is %d bits.\n", - gnutls_dh_get_prime_bits (session), - gnutls_dh_get_secret_bits (session), - gnutls_dh_get_peers_public_bits (session)); - } - break; + /* This should be only called in server + * side. + */ + if (gnutls_srp_server_get_username(session) != NULL) + printf("- SRP authentication. Connected as '%s'\n", + gnutls_srp_server_get_username(session)); + break; #endif case GNUTLS_CRD_CERTIFICATE: - { - char dns[256]; - size_t dns_size = sizeof (dns); - unsigned int type; - - /* This fails in client side */ - if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0) - { - printf ("- Given server name[%d]: %s\n", type, dns); - } - } + { + char dns[256]; + size_t dns_size = sizeof(dns); + unsigned int type; + + /* This fails in client side */ + if (gnutls_server_name_get + (session, dns, &dns_size, &type, 0) == 0) { + printf("- Given server name[%d]: %s\n", type, dns); + } + } - print_cert_info (session, hostname); + print_cert_info(session, hostname); - print_cert_vrfy (session); + print_cert_vrfy(session); } - tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session))); - printf ("- Version: %s\n", tmp); + tmp = + SU(gnutls_protocol_get_name(gnutls_protocol_get_version(session))); + printf("- Version: %s\n", tmp); - tmp = SU (gnutls_kx_get_name (kx)); - printf ("- Key Exchange: %s\n", tmp); + tmp = SU(gnutls_kx_get_name(kx)); + printf("- Key Exchange: %s\n", tmp); - tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session))); - printf ("- Cipher: %s\n", tmp); + tmp = SU(gnutls_cipher_get_name(gnutls_cipher_get(session))); + printf("- Cipher: %s\n", tmp); - tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session))); - printf ("- MAC: %s\n", tmp); + tmp = SU(gnutls_mac_get_name(gnutls_mac_get(session))); + printf("- MAC: %s\n", tmp); - tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session))); - printf ("- Compression: %s\n", tmp); + tmp = SU(gnutls_compression_get_name(gnutls_compression_get(session))); + printf("- Compression: %s\n", tmp); - fflush (stdout); + fflush(stdout); - return 0; + return 0; } -void -print_cert_info (gnutls_session session, const char *hostname) +void print_cert_info(gnutls_session session, const char *hostname) { - printf ("- Certificate type: "); - switch (gnutls_certificate_type_get (session)) - { + printf("- Certificate type: "); + switch (gnutls_certificate_type_get(session)) { case GNUTLS_CRT_X509: - printf ("X.509\n"); - print_x509_info (session, hostname); - break; -#ifdef USE_OPENPGP + printf("X.509\n"); + print_x509_info(session, hostname); + break; +#ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: - printf ("OpenPGP\n"); - print_openpgp_info (session, hostname); - break; + printf("OpenPGP\n"); + print_openpgp_info(session, hostname); + break; #endif } } -void -print_list (void) +void print_list(void) { - /* FIXME: This is hard coded. Make it print all the supported - * algorithms. - */ - printf ("\n"); - printf ("Certificate types:"); - printf (" X.509"); - printf (", OPENPGP\n"); - - printf ("Protocols:"); - printf (" TLS1.0"); - printf (", TLS1.1"); - printf (", SSL3.0\n"); - - printf ("Ciphers:"); - printf (" AES-256-CBC"); - printf (", AES-128-CBC"); - printf (", 3DES-CBC"); - printf (", ARCFOUR"); - printf (", ARCFOUR-40\n"); - - printf ("MACs:"); - printf (" MD5"); - printf (", RMD160"); - printf (", SHA1\n"); - - printf ("Key exchange algorithms:"); - printf (" RSA"); - printf (", RSA-EXPORT"); - printf (", DHE-DSS"); - printf (", DHE-RSA"); - printf (", DHE-PSK"); - printf (", PSK"); - printf (", SRP"); - printf (", SRP-RSA"); - printf (", SRP-DSS"); - printf (", ANON-DH\n"); - - printf ("Compression methods:"); - printf (" DEFLATE"); - printf (", LZO"); - printf (", NULL\n"); + /* FIXME: This is hard coded. Make it print all the supported + * algorithms. + */ + printf("\n"); + printf("Certificate types:"); + printf(" X.509"); + printf(", OPENPGP\n"); + + printf("Protocols:"); + printf(" TLS1.0"); + printf(", TLS1.1"); + printf(", SSL3.0\n"); + + printf("Ciphers:"); + printf(" AES-256-CBC"); + printf(", AES-128-CBC"); + printf(", 3DES-CBC"); + printf(", ARCFOUR"); + printf(", ARCFOUR-40\n"); + + printf("MACs:"); + printf(" MD5"); + printf(", RMD160"); + printf(", SHA1\n"); + + printf("Key exchange algorithms:"); + printf(" RSA"); + printf(", RSA-EXPORT"); + printf(", DHE-DSS"); + printf(", DHE-RSA"); + printf(", SRP"); + printf(", SRP-RSA"); + printf(", SRP-DSS"); + printf(", ANON-DH\n"); + + printf("Compression methods:"); + printf(" DEFLATE"); + printf(", LZO"); + printf(", NULL\n"); } -void -print_license (void) +void print_license(void) { - fputs ("\nCopyright (C) 2004 Free Software Foundation\n" - "This program is free software; you can redistribute it and/or modify \n" - "it under the terms of the GNU General Public License as published by \n" - "the Free Software Foundation; either version 2 of the License, or \n" - "(at your option) any later version. \n" "\n" - "This program is distributed in the hope that it will be useful, \n" - "but WITHOUT ANY WARRANTY; without even the implied warranty of \n" - "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n" - "GNU General Public License for more details. \n" "\n" - "You should have received a copy of the GNU General Public License \n" - "along with this program; if not, write to the Free Software \n" - "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n", - stdout); + fputs("\nCopyright (C) 2004 Free Software Foundation\n" + "This program is free software; you can redistribute it and/or modify \n" + "it under the terms of the GNU General Public License as published by \n" + "the Free Software Foundation; either version 2 of the License, or \n" + "(at your option) any later version. \n" "\n" + "This program is distributed in the hope that it will be useful, \n" + "but WITHOUT ANY WARRANTY; without even the implied warranty of \n" + "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n" + "GNU General Public License for more details. \n" "\n" + "You should have received a copy of the GNU General Public License \n" + "along with this program; if not, write to the Free Software \n" + "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n", + stdout); } -void -parse_protocols (char **protocols, int protocols_size, int *protocol_priority) +void parse_protocols(char **protocols, int protocols_size, + int *protocol_priority) { - int i, j; - - if (protocols != NULL && protocols_size > 0) - { - for (j = i = 0; i < protocols_size; i++) - { - if (strncasecmp (protocols[i], "SSL", 3) == 0) - protocol_priority[j++] = GNUTLS_SSL3; - else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0) - protocol_priority[j++] = GNUTLS_TLS1_1; - else if (strncasecmp (protocols[i], "TLS", 3) == 0) - protocol_priority[j++] = GNUTLS_TLS1_0; - else - fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]); + int i, j; + + if (protocols != NULL && protocols_size > 0) { + for (j = i = 0; i < protocols_size; i++) { + if (strncasecmp(protocols[i], "SSL", 3) == 0) + protocol_priority[j++] = GNUTLS_SSL3; + else if (strncasecmp(protocols[i], "TLS1.1", 6) == 0) + protocol_priority[j++] = GNUTLS_TLS1_1; + else if (strncasecmp(protocols[i], "TLS", 3) == 0) + protocol_priority[j++] = GNUTLS_TLS1_0; + else + fprintf(stderr, "Unknown protocol: '%s'\n", protocols[i]); } - protocol_priority[j] = 0; + protocol_priority[j] = 0; } } -void -parse_ciphers (char **ciphers, int nciphers, int *cipher_priority) +void parse_ciphers(char **ciphers, int nciphers, int *cipher_priority) { - int j, i; - - if (ciphers != NULL && nciphers > 0) - { - for (j = i = 0; i < nciphers; i++) - { - if (strncasecmp (ciphers[i], "AES-2", 5) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC; - else if (strncasecmp (ciphers[i], "AES", 3) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC; - else if (strncasecmp (ciphers[i], "3DE", 3) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC; - else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0) - cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40; - else if (strcasecmp (ciphers[i], "ARCFOUR") == 0) - cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128; - else if (strncasecmp (ciphers[i], "NUL", 3) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_NULL; - else - fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]); + int j, i; + + if (ciphers != NULL && nciphers > 0) { + for (j = i = 0; i < nciphers; i++) { + if (strncasecmp(ciphers[i], "AES-2", 5) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC; + else if (strncasecmp(ciphers[i], "AES", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC; + else if (strncasecmp(ciphers[i], "3DE", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC; + else if (strcasecmp(ciphers[i], "ARCFOUR-40") == 0) + cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40; + else if (strcasecmp(ciphers[i], "ARCFOUR") == 0) + cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128; + else if (strncasecmp(ciphers[i], "NUL", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_NULL; + else + fprintf(stderr, "Unknown cipher: '%s'\n", ciphers[i]); } - cipher_priority[j] = 0; + cipher_priority[j] = 0; } } -void -parse_macs (char **macs, int nmacs, int *mac_priority) +void parse_macs(char **macs, int nmacs, int *mac_priority) { - int i, j; - if (macs != NULL && nmacs > 0) - { - for (j = i = 0; i < nmacs; i++) - { - if (strncasecmp (macs[i], "MD5", 3) == 0) - mac_priority[j++] = GNUTLS_MAC_MD5; - else if (strncasecmp (macs[i], "RMD", 3) == 0) - mac_priority[j++] = GNUTLS_MAC_RMD160; - else if (strncasecmp (macs[i], "SHA", 3) == 0) - mac_priority[j++] = GNUTLS_MAC_SHA1; - else - fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]); + int i, j; + if (macs != NULL && nmacs > 0) { + for (j = i = 0; i < nmacs; i++) { + if (strncasecmp(macs[i], "MD5", 3) == 0) + mac_priority[j++] = GNUTLS_MAC_MD5; + else if (strncasecmp(macs[i], "RMD", 3) == 0) + mac_priority[j++] = GNUTLS_MAC_RMD160; + else if (strncasecmp(macs[i], "SHA", 3) == 0) + mac_priority[j++] = GNUTLS_MAC_SHA1; + else + fprintf(stderr, "Unknown MAC: '%s'\n", macs[i]); } - mac_priority[j] = 0; + mac_priority[j] = 0; } } -void -parse_ctypes (char **ctype, int nctype, int *cert_type_priority) +void parse_ctypes(char **ctype, int nctype, int *cert_type_priority) { - int i, j; - if (ctype != NULL && nctype > 0) - { - for (j = i = 0; i < nctype; i++) - { - if (strncasecmp (ctype[i], "OPE", 3) == 0) - cert_type_priority[j++] = GNUTLS_CRT_OPENPGP; - else if (strncasecmp (ctype[i], "X", 1) == 0) - cert_type_priority[j++] = GNUTLS_CRT_X509; - else - fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]); + int i, j; + if (ctype != NULL && nctype > 0) { + for (j = i = 0; i < nctype; i++) { + if (strncasecmp(ctype[i], "OPE", 3) == 0) + cert_type_priority[j++] = GNUTLS_CRT_OPENPGP; + else if (strncasecmp(ctype[i], "X", 1) == 0) + cert_type_priority[j++] = GNUTLS_CRT_X509; + else + fprintf(stderr, + "Unknown certificate type: '%s'\n", ctype[i]); } - cert_type_priority[j] = 0; + cert_type_priority[j] = 0; } } -void -parse_kx (char **kx, int nkx, int *kx_priority) +void parse_kx(char **kx, int nkx, int *kx_priority) { - int i, j; - if (kx != NULL && nkx > 0) - { - for (j = i = 0; i < nkx; i++) - { - if (strcasecmp (kx[i], "SRP") == 0) - kx_priority[j++] = GNUTLS_KX_SRP; - else if (strcasecmp (kx[i], "SRP-RSA") == 0) - kx_priority[j++] = GNUTLS_KX_SRP_RSA; - else if (strcasecmp (kx[i], "SRP-DSS") == 0) - kx_priority[j++] = GNUTLS_KX_SRP_DSS; - else if (strcasecmp (kx[i], "RSA") == 0) - kx_priority[j++] = GNUTLS_KX_RSA; - else if (strcasecmp (kx[i], "PSK") == 0) - kx_priority[j++] = GNUTLS_KX_PSK; - else if (strcasecmp (kx[i], "DHE-PSK") == 0) - kx_priority[j++] = GNUTLS_KX_DHE_PSK; - else if (strcasecmp (kx[i], "RSA-EXPORT") == 0) - kx_priority[j++] = GNUTLS_KX_RSA_EXPORT; - else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0) - kx_priority[j++] = GNUTLS_KX_DHE_RSA; - else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0) - kx_priority[j++] = GNUTLS_KX_DHE_DSS; - else if (strncasecmp (kx[i], "ANON", 4) == 0) - kx_priority[j++] = GNUTLS_KX_ANON_DH; - else - fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]); + int i, j; + if (kx != NULL && nkx > 0) { + for (j = i = 0; i < nkx; i++) { + if (strcasecmp(kx[i], "SRP") == 0) + kx_priority[j++] = GNUTLS_KX_SRP; + else if (strcasecmp(kx[i], "SRP-RSA") == 0) + kx_priority[j++] = GNUTLS_KX_SRP_RSA; + else if (strcasecmp(kx[i], "SRP-DSS") == 0) + kx_priority[j++] = GNUTLS_KX_SRP_DSS; + else if (strcasecmp(kx[i], "RSA") == 0) + kx_priority[j++] = GNUTLS_KX_RSA; + else if (strcasecmp(kx[i], "RSA-EXPORT") == 0) + kx_priority[j++] = GNUTLS_KX_RSA_EXPORT; + else if (strncasecmp(kx[i], "DHE-RSA", 7) == 0) + kx_priority[j++] = GNUTLS_KX_DHE_RSA; + else if (strncasecmp(kx[i], "DHE-DSS", 7) == 0) + kx_priority[j++] = GNUTLS_KX_DHE_DSS; + else if (strncasecmp(kx[i], "ANON", 4) == 0) + kx_priority[j++] = GNUTLS_KX_ANON_DH; + else + fprintf(stderr, "Unknown key exchange: '%s'\n", kx[i]); } - kx_priority[j] = 0; + kx_priority[j] = 0; } } -void -parse_comp (char **comp, int ncomp, int *comp_priority) +void parse_comp(char **comp, int ncomp, int *comp_priority) { - int i, j; - if (comp != NULL && ncomp > 0) - { - for (j = i = 0; i < ncomp; i++) - { - if (strncasecmp (comp[i], "NUL", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_NULL; - else if (strncasecmp (comp[i], "ZLI", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_DEFLATE; - else if (strncasecmp (comp[i], "DEF", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_DEFLATE; - else if (strncasecmp (comp[i], "LZO", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_LZO; - else - fprintf (stderr, "Unknown compression: '%s'\n", comp[i]); + int i, j; + if (comp != NULL && ncomp > 0) { + for (j = i = 0; i < ncomp; i++) { + if (strncasecmp(comp[i], "NUL", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_NULL; + else if (strncasecmp(comp[i], "ZLI", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_DEFLATE; + else if (strncasecmp(comp[i], "DEF", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_DEFLATE; + else if (strncasecmp(comp[i], "LZO", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_LZO; + else + fprintf(stderr, "Unknown compression: '%s'\n", comp[i]); } - comp_priority[j] = 0; + comp_priority[j] = 0; } } -void -sockets_init (void) +void sockets_init(void) { #ifdef _WIN32 - WORD wVersionRequested; - WSADATA wsaData; + WORD wVersionRequested; + WSADATA wsaData; - wVersionRequested = MAKEWORD (1, 1); - if (WSAStartup (wVersionRequested, &wsaData) != 0) - { - perror ("WSA_STARTUP_ERROR"); + wVersionRequested = MAKEWORD(1, 1); + if (WSAStartup(wVersionRequested, &wsaData) != 0) { + perror("WSA_STARTUP_ERROR"); } #endif } diff --git a/src/serv.c b/src/serv.c index 6c6bfc5fcc..e3f3169de5 100644 --- a/src/serv.c +++ b/src/serv.c @@ -24,8 +24,6 @@ * (which means it is quite unreadable) */ -#include "common.h" -#include "serv-gaa.h" #include <stdio.h> #include <stdlib.h> #include <errno.h> @@ -33,8 +31,11 @@ #include <string.h> #include <gnutls/gnutls.h> #include <gnutls/extra.h> +#include "common.h" +#include "serv-gaa.h" #include <sys/time.h> #include <fcntl.h> +#include <config.h> #include <list.h> /* konqueror cannot handle sending the page in multiple @@ -51,7 +52,6 @@ int verbose; static int nodb; int require_cert; -char *psk_passwd; char *srp_passwd; char *srp_passwd_conf; char *pgp_keyring; @@ -100,53 +100,50 @@ char *x509_crlfile = NULL; #define RENEGOTIATE /* These are global */ -gnutls_srp_server_credentials_t srp_cred = NULL; -gnutls_psk_server_credentials_t psk_cred = NULL; -gnutls_anon_server_credentials_t dh_cred = NULL; -gnutls_certificate_credentials_t cert_cred = NULL; +gnutls_srp_server_credentials srp_cred = NULL; +gnutls_anon_server_credentials dh_cred = NULL; +gnutls_certificate_credentials cert_cred = NULL; const int ssl_session_cache = 128; -static void wrap_db_init (void); -static void wrap_db_deinit (void); -static int wrap_db_store (void *dbf, gnutls_datum key, gnutls_datum data); -static gnutls_datum wrap_db_fetch (void *dbf, gnutls_datum key); -static int wrap_db_delete (void *dbf, gnutls_datum key); +static void wrap_db_init(void); +static void wrap_db_deinit(void); +static int wrap_db_store(void *dbf, gnutls_datum key, gnutls_datum data); +static gnutls_datum wrap_db_fetch(void *dbf, gnutls_datum key); +static int wrap_db_delete(void *dbf, gnutls_datum key); #define HTTP_STATE_REQUEST 1 #define HTTP_STATE_RESPONSE 2 #define HTTP_STATE_CLOSING 3 -LIST_TYPE_DECLARE (listener_item, char *http_request; - char *http_response; int request_length; - int response_length; int response_written; - int http_state; - int fd; gnutls_session tls_session; int handshake_ok;); +LIST_TYPE_DECLARE(listener_item, char *http_request; char *http_response; + int request_length; int response_length; + int response_written; int http_state; int fd; + gnutls_session tls_session; + int handshake_ok; + ); -static const char * -safe_strerror (int value) +static const char *safe_strerror(int value) { - const char *ret = gnutls_strerror (value); - if (ret == NULL) - ret = str_unknown; - return ret; + const char *ret = gnutls_strerror(value); + if (ret == NULL) + ret = str_unknown; + return ret; } -static void -listener_free (listener_item * j) +static void listener_free(listener_item * j) { - if (j->http_request) - free (j->http_request); - if (j->http_response) - free (j->http_response); - if (j->fd >= 0) - { - gnutls_bye (j->tls_session, GNUTLS_SHUT_WR); - shutdown (j->fd, 2); - close (j->fd); - gnutls_deinit (j->tls_session); + if (j->http_request) + free(j->http_request); + if (j->http_response) + free(j->http_response); + if (j->fd >= 0) { + gnutls_bye(j->tls_session, GNUTLS_SHUT_WR); + shutdown(j->fd, 2); + close(j->fd); + gnutls_deinit(j->tls_session); } } @@ -158,756 +155,667 @@ listener_free (listener_item * j) gnutls_dh_params dh_params = NULL; gnutls_rsa_params rsa_params = NULL; -static int -generate_dh_primes (void) +static int generate_dh_primes(void) { - int prime_bits = 768; + int prime_bits = 768; - if (gnutls_dh_params_init (&dh_params) < 0) - { - fprintf (stderr, "Error in dh parameter initialization\n"); - exit (1); + if (gnutls_dh_params_init(&dh_params) < 0) { + fprintf(stderr, "Error in dh parameter initialization\n"); + exit(1); } - /* Generate Diffie Hellman parameters - for use with DHE - * kx algorithms. These should be discarded and regenerated - * once a week or once a month. Depends on the - * security requirements. - */ - printf - ("Generating Diffie Hellman parameters [%d]. Please wait...\n", - prime_bits); - fflush (stdout); - - if (gnutls_dh_params_generate2 (dh_params, prime_bits) < 0) - { - fprintf (stderr, "Error in prime generation\n"); - exit (1); + /* Generate Diffie Hellman parameters - for use with DHE + * kx algorithms. These should be discarded and regenerated + * once a week or once a month. Depends on the + * security requirements. + */ + printf + ("Generating Diffie Hellman parameters [%d]. Please wait...\n", + prime_bits); + fflush(stdout); + + if (gnutls_dh_params_generate2(dh_params, prime_bits) < 0) { + fprintf(stderr, "Error in prime generation\n"); + exit(1); } - return 0; + return 0; } -static void -read_dh_params (void) +static void read_dh_params(void) { - char tmpdata[2048]; - int size; - gnutls_datum params; - FILE *fd; - - if (gnutls_dh_params_init (&dh_params) < 0) - { - fprintf (stderr, "Error in dh parameter initialization\n"); - exit (1); + char tmpdata[2048]; + int size; + gnutls_datum params; + FILE *fd; + + if (gnutls_dh_params_init(&dh_params) < 0) { + fprintf(stderr, "Error in dh parameter initialization\n"); + exit(1); } - /* read the params file - */ - fd = fopen (dh_params_file, "r"); - if (fd == NULL) - { - fprintf (stderr, "Could not open %s\n", dh_params_file); - exit (1); + /* read the params file + */ + fd = fopen(dh_params_file, "r"); + if (fd == NULL) { + fprintf(stderr, "Could not open %s\n", dh_params_file); + exit(1); } - size = fread (tmpdata, 1, sizeof (tmpdata) - 1, fd); - tmpdata[size] = 0; - fclose (fd); + size = fread(tmpdata, 1, sizeof(tmpdata) - 1, fd); + tmpdata[size] = 0; + fclose(fd); - params.data = (unsigned char *) tmpdata; - params.size = size; + params.data = tmpdata; + params.size = size; - size = - gnutls_dh_params_import_pkcs3 (dh_params, ¶ms, GNUTLS_X509_FMT_PEM); + size = + gnutls_dh_params_import_pkcs3(dh_params, ¶ms, + GNUTLS_X509_FMT_PEM); - if (size < 0) - { - fprintf (stderr, "Error parsing dh params: %s\n", safe_strerror (size)); - exit (1); + if (size < 0) { + fprintf(stderr, "Error parsing dh params: %s\n", + safe_strerror(size)); + exit(1); } - printf ("Read Diffie Hellman parameters.\n"); - fflush (stdout); + printf("Read Diffie Hellman parameters.\n"); + fflush(stdout); } -static int -get_params (gnutls_session session, gnutls_params_type type, - gnutls_params_st * st) +static int get_params(gnutls_session session, gnutls_params_type type, + gnutls_params_st * st) { - if (type == GNUTLS_PARAMS_RSA_EXPORT) { - if (rsa_params == NULL) return -1; - st->params.rsa_export = rsa_params; - } else if (type == GNUTLS_PARAMS_DH) { - if (dh_params == NULL) return -1; - st->params.dh = dh_params; - } else - return -1; + if (type == GNUTLS_PARAMS_RSA_EXPORT) + st->params.rsa_export = rsa_params; + else if (type == GNUTLS_PARAMS_DH) + st->params.dh = dh_params; + else + return -1; - st->type = type; - st->deinit = 0; + st->type = type; + st->deinit = 0; - return 0; + return 0; } -static int -generate_rsa_params (void) +static int generate_rsa_params(void) { - if (gnutls_rsa_params_init (&rsa_params) < 0) - { - fprintf (stderr, "Error in rsa parameter initialization\n"); - exit (1); + if (gnutls_rsa_params_init(&rsa_params) < 0) { + fprintf(stderr, "Error in rsa parameter initialization\n"); + exit(1); } - /* Generate RSA parameters - for use with RSA-export - * cipher suites. These should be discarded and regenerated - * once a day, once every 500 transactions etc. Depends on the - * security requirements. - */ - printf ("Generating temporary RSA parameters. Please wait...\n"); - fflush (stdout); - - if (gnutls_rsa_params_generate2 (rsa_params, 512) < 0) - { - fprintf (stderr, "Error in rsa parameter generation\n"); - exit (1); + /* Generate RSA parameters - for use with RSA-export + * cipher suites. These should be discarded and regenerated + * once a day, once every 500 transactions etc. Depends on the + * security requirements. + */ + printf("Generating temporary RSA parameters. Please wait...\n"); + fflush(stdout); + + if (gnutls_rsa_params_generate2(rsa_params, 512) < 0) { + fprintf(stderr, "Error in rsa parameter generation\n"); + exit(1); } - return 0; + return 0; } int protocol_priority[PRI_MAX] = - { GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3, 0 }; + { GNUTLS_TLS1_1, GNUTLS_TLS1, GNUTLS_SSL3, 0 }; int kx_priority[PRI_MAX] = - { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, - GNUTLS_KX_PSK, GNUTLS_KX_DHE_PSK, - /* Do not use anonymous authentication, unless you know what that means */ - GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP_RSA, GNUTLS_KX_ANON_DH, - GNUTLS_KX_RSA_EXPORT, 0 + { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, + /* Do not use anonymous authentication, unless you know what that means */ + GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP_RSA, GNUTLS_KX_ANON_DH, + GNUTLS_KX_RSA_EXPORT, 0 }; int cipher_priority[PRI_MAX] = - { GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_ARCFOUR_40, 0 + { GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, + GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_ARCFOUR_40, 0 }; int comp_priority[PRI_MAX] = - { GNUTLS_COMP_ZLIB, GNUTLS_COMP_LZO, GNUTLS_COMP_NULL, 0 }; + { GNUTLS_COMP_ZLIB, GNUTLS_COMP_LZO, GNUTLS_COMP_NULL, 0 }; int mac_priority[PRI_MAX] = - { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; -int cert_type_priority[PRI_MAX] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; + { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; +int cert_type_priority[PRI_MAX] = + { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; -LIST_DECLARE_INIT (listener_list, listener_item, listener_free); +LIST_DECLARE_INIT(listener_list, listener_item, listener_free); -gnutls_session -initialize_session (void) +gnutls_session initialize_session(void) { - gnutls_session session; + gnutls_session session; - gnutls_init (&session, GNUTLS_SERVER); + gnutls_init(&session, GNUTLS_SERVER); - /* allow the use of private ciphersuites. - */ - gnutls_handshake_set_private_extensions (session, 1); + /* allow the use of private ciphersuites. + */ + gnutls_handshake_set_private_extensions(session, 1); - if (nodb == 0) - { - gnutls_db_set_retrieve_function (session, wrap_db_fetch); - gnutls_db_set_remove_function (session, wrap_db_delete); - gnutls_db_set_store_function (session, wrap_db_store); - gnutls_db_set_ptr (session, NULL); + if (nodb == 0) { + gnutls_db_set_retrieve_function(session, wrap_db_fetch); + gnutls_db_set_remove_function(session, wrap_db_delete); + gnutls_db_set_store_function(session, wrap_db_store); + gnutls_db_set_ptr(session, NULL); } /* gnutls_dh_set_prime_bits( session, prime_bits); */ - gnutls_cipher_set_priority (session, cipher_priority); - gnutls_compression_set_priority (session, comp_priority); - gnutls_kx_set_priority (session, kx_priority); - gnutls_protocol_set_priority (session, protocol_priority); - gnutls_mac_set_priority (session, mac_priority); - gnutls_certificate_type_set_priority (session, cert_type_priority); + gnutls_cipher_set_priority(session, cipher_priority); + gnutls_compression_set_priority(session, comp_priority); + gnutls_kx_set_priority(session, kx_priority); + gnutls_protocol_set_priority(session, protocol_priority); + gnutls_mac_set_priority(session, mac_priority); + gnutls_certificate_type_set_priority(session, cert_type_priority); - gnutls_credentials_set (session, GNUTLS_CRD_ANON, dh_cred); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, dh_cred); - if (srp_cred != NULL) - gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred); + if (srp_cred != NULL) + gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); - if (psk_cred != NULL) - gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred); + if (cert_cred != NULL) + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred); - if (cert_cred != NULL) - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred); + if (require_cert) + gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE); + else + gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUEST); - if (require_cert) - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE); - else - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); - - return session; + return session; } static const char DEFAULT_DATA[] = "This is the default message reported " - "by GnuTLS TLS version 1.0 implementation. For more information " - "please visit http://www.gnutls.org or even http://www.gnu.org/software/gnutls."; + "by GnuTLS TLS version 1.0 implementation. For more information " + "please visit http://www.gnutls.org or even http://www.gnu.org/software/gnutls."; /* Creates html with the current session information. */ #define tmp2 &http_buffer[strlen(http_buffer)] -char * -peer_print_info (gnutls_session session, int *ret_length, const char *header) +char *peer_print_info(gnutls_session session, int *ret_length, + const char *header) { - const char *tmp; - unsigned char sesid[32]; - size_t i, sesid_size; - char *http_buffer = malloc (5 * 1024 + strlen (header)); - gnutls_kx_algorithm kx_alg; - - if (http_buffer == NULL) - return NULL; - if (verbose != 0) - { - - strcpy (http_buffer, HTTP_BEGIN); - strcpy (&http_buffer[sizeof (HTTP_BEGIN) - 1], DEFAULT_DATA); - strcpy (&http_buffer[sizeof (HTTP_BEGIN) + sizeof (DEFAULT_DATA) - 2], - HTTP_END); - *ret_length = - sizeof (DEFAULT_DATA) + sizeof (HTTP_BEGIN) + sizeof (HTTP_END) - 3; - return http_buffer; + const char *tmp; + unsigned char sesid[32]; + int sesid_size, i; + char *http_buffer = malloc(5 * 1024 + strlen(header)); + gnutls_kx_algorithm kx_alg; + + if (http_buffer == NULL) + return NULL; + if (verbose != 0) { + + strcpy(http_buffer, HTTP_BEGIN); + strcpy(&http_buffer[sizeof(HTTP_BEGIN) - 1], DEFAULT_DATA); + strcpy(&http_buffer[sizeof(HTTP_BEGIN) + sizeof(DEFAULT_DATA) - 2], + HTTP_END); + *ret_length = + sizeof(DEFAULT_DATA) + sizeof(HTTP_BEGIN) + sizeof(HTTP_END) - + 3; + return http_buffer; } - strcpy (http_buffer, HTTP_BEGIN); - - /* print session_id */ - gnutls_session_get_id (session, sesid, &sesid_size); - sprintf (tmp2, "\n<p>Session ID: <i>"); - for (i = 0; i < sesid_size; i++) - sprintf (tmp2, "%.2X", sesid[i]); - sprintf (tmp2, "</i></p>\n"); - sprintf (tmp2, - "<h5>If your browser supports session resuming, then you should see the " - "same session ID, when you press the <b>reload</b> button.</h5>\n"); - - /* Here unlike print_info() we use the kx algorithm to distinguish - * the functions to call. - */ - { - char dns[256]; - size_t dns_size = sizeof (dns); - unsigned int type; + strcpy(http_buffer, HTTP_BEGIN); + + /* print session_id */ + gnutls_session_get_id(session, sesid, &sesid_size); + sprintf(tmp2, "\n<p>Session ID: <i>"); + for (i = 0; i < sesid_size; i++) + sprintf(tmp2, "%.2X", sesid[i]); + sprintf(tmp2, "</i></p>\n"); + sprintf(tmp2, + "<h5>If your browser supports session resuming, then you should see the " + "same session ID, when you press the <b>reload</b> button.</h5>\n"); + + /* Here unlike print_info() we use the kx algorithm to distinguish + * the functions to call. + */ + { + char dns[256]; + size_t dns_size = sizeof(dns); + unsigned int type; - if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0) - { - sprintf (tmp2, "\n<p>Server Name: %s</p>\n", dns); - } + if (gnutls_server_name_get(session, dns, &dns_size, &type, 0) == 0) { + sprintf(tmp2, "\n<p>Server Name: %s</p>\n", dns); + } - } + } - kx_alg = gnutls_kx_get (session); + kx_alg = gnutls_kx_get(session); - /* print srp specific data */ + /* print srp specific data */ #ifdef ENABLE_SRP - if (kx_alg == GNUTLS_KX_SRP) - { - sprintf (tmp2, "<p>Connected as user '%s'.</p>\n", - gnutls_srp_server_get_username (session)); - } -#endif - -#ifdef ENABLE_PSK - if (kx_alg == GNUTLS_KX_PSK) - { - sprintf (tmp2, "<p>Connected as user '%s'.</p>\n", - gnutls_psk_server_get_username (session)); + if (kx_alg == GNUTLS_KX_SRP) { + sprintf(tmp2, "<p>Connected as user '%s'.</p>\n", + gnutls_srp_server_get_username(session)); } #endif #ifdef ENABLE_ANON - if (kx_alg == GNUTLS_KX_ANON_DH) - { - sprintf (tmp2, - "<p> Connect using anonymous DH (prime of %d bits)</p>\n", - gnutls_dh_get_prime_bits (session)); + if (kx_alg == GNUTLS_KX_ANON_DH) { + sprintf(tmp2, + "<p> Connect using anonymous DH (prime of %d bits)</p>\n", + gnutls_dh_get_prime_bits(session)); } #endif - if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS) - { - sprintf (tmp2, - "Ephemeral DH using prime of <b>%d</b> bits.<br>\n", - gnutls_dh_get_prime_bits (session)); + if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS) { + sprintf(tmp2, + "Ephemeral DH using prime of <b>%d</b> bits.<br>\n", + gnutls_dh_get_prime_bits(session)); } - /* print session information */ - strcat (http_buffer, "<P>\n"); - - tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session)); - if (tmp == NULL) - tmp = str_unknown; - sprintf (tmp2, - "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n", - tmp); + /* print session information */ + strcat(http_buffer, "<P>\n"); - if (gnutls_auth_get_type (session) == GNUTLS_CRD_CERTIFICATE) - { - tmp = - gnutls_certificate_type_get_name (gnutls_certificate_type_get - (session)); - if (tmp == NULL) + tmp = gnutls_protocol_get_name(gnutls_protocol_get_version(session)); + if (tmp == NULL) tmp = str_unknown; - sprintf (tmp2, "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n", tmp); + sprintf(tmp2, + "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n", + tmp); + + if (gnutls_auth_get_type(session) == GNUTLS_CRD_CERTIFICATE) { + tmp = + gnutls_certificate_type_get_name(gnutls_certificate_type_get + (session)); + if (tmp == NULL) + tmp = str_unknown; + sprintf(tmp2, "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n", + tmp); } - tmp = gnutls_kx_get_name (kx_alg); - if (tmp == NULL) - tmp = str_unknown; - sprintf (tmp2, "<TR><TD>Key Exchange:</TD><TD>%s</TD></TR>\n", tmp); + tmp = gnutls_kx_get_name(kx_alg); + if (tmp == NULL) + tmp = str_unknown; + sprintf(tmp2, "<TR><TD>Key Exchange:</TD><TD>%s</TD></TR>\n", tmp); - tmp = gnutls_compression_get_name (gnutls_compression_get (session)); - if (tmp == NULL) - tmp = str_unknown; - sprintf (tmp2, "<TR><TD>Compression</TD><TD>%s</TD></TR>\n", tmp); + tmp = gnutls_compression_get_name(gnutls_compression_get(session)); + if (tmp == NULL) + tmp = str_unknown; + sprintf(tmp2, "<TR><TD>Compression</TD><TD>%s</TD></TR>\n", tmp); - tmp = gnutls_cipher_get_name (gnutls_cipher_get (session)); - if (tmp == NULL) - tmp = str_unknown; - sprintf (tmp2, "<TR><TD>Cipher</TD><TD>%s</TD></TR>\n", tmp); + tmp = gnutls_cipher_get_name(gnutls_cipher_get(session)); + if (tmp == NULL) + tmp = str_unknown; + sprintf(tmp2, "<TR><TD>Cipher</TD><TD>%s</TD></TR>\n", tmp); - tmp = gnutls_mac_get_name (gnutls_mac_get (session)); - if (tmp == NULL) - tmp = str_unknown; - sprintf (tmp2, "<TR><TD>MAC</TD><TD>%s</TD></TR>\n", tmp); + tmp = gnutls_mac_get_name(gnutls_mac_get(session)); + if (tmp == NULL) + tmp = str_unknown; + sprintf(tmp2, "<TR><TD>MAC</TD><TD>%s</TD></TR>\n", tmp); - tmp = gnutls_cipher_suite_get_name (kx_alg, - gnutls_cipher_get (session), - gnutls_mac_get (session)); - if (tmp == NULL) - tmp = str_unknown; - sprintf (tmp2, "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR></p></TABLE>\n", - tmp); + tmp = gnutls_cipher_suite_get_name(kx_alg, + gnutls_cipher_get(session), + gnutls_mac_get(session)); + if (tmp == NULL) + tmp = str_unknown; + sprintf(tmp2, "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR></p></TABLE>\n", + tmp); - strcat (http_buffer, "<hr><P>Your header was:<PRE>"); - strcat (http_buffer, header); - strcat (http_buffer, "</PRE></P>"); + strcat(http_buffer, "<hr><P>Your header was:<PRE>"); + strcat(http_buffer, header); + strcat(http_buffer, "</PRE></P>"); - strcat (http_buffer, "\n" HTTP_END); + strcat(http_buffer, "\n" HTTP_END); - *ret_length = strlen (http_buffer); + *ret_length = strlen(http_buffer); - return http_buffer; + return http_buffer; } -static int -listen_socket (const char *name, int listen_port) +static int listen_socket(const char *name, int listen_port) { - struct sockaddr_in a; - int s; - int yes; + struct sockaddr_in a; + int s; + int yes; - if ((s = socket (AF_INET, SOCK_STREAM, 0)) < 0) - { - perror ("socket() failed"); - return -1; + if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket() failed"); + return -1; } - yes = 1; - - if (setsockopt - (s, SOL_SOCKET, SO_REUSEADDR, (const void *) &yes, sizeof (yes)) < 0) - { - perror ("setsockopt() failed"); - failed: - close (s); - return -1; + yes = 1; + + if (setsockopt + (s, SOL_SOCKET, SO_REUSEADDR, (const void *) &yes, sizeof(yes)) + < 0) { + perror("setsockopt() failed"); + failed: + close(s); + return -1; } - memset (&a, 0, sizeof (a)); - a.sin_port = htons (listen_port); - a.sin_family = AF_INET; - if (bind (s, (struct sockaddr *) &a, sizeof (a)) < 0) - { - perror ("bind() failed"); - goto failed; + memset(&a, 0, sizeof(a)); + a.sin_port = htons(listen_port); + a.sin_family = AF_INET; + if (bind(s, (struct sockaddr *) &a, sizeof(a)) < 0) { + perror("bind() failed"); + goto failed; } - if (listen (s, 10) < 0) - { - perror ("listen() failed"); - goto failed; + if (listen(s, 10) < 0) { + perror("listen() failed"); + goto failed; } - printf ("%s ready. Listening to port '%d'.\n\n", name, listen_port); - return s; + printf("%s ready. Listening to port '%d'.\n\n", name, listen_port); + return s; } -static void -get_response (gnutls_session session, char *request, - char **response, int *response_length) +static void get_response(gnutls_session session, char *request, + char **response, int *response_length) { - char *p, *h; + char *p, *h; - if (http != 0) - { - if (strncmp (request, "GET ", 4)) - goto unimplemented; + if (http != 0) { + if (strncmp(request, "GET ", 4)) + goto unimplemented; - if (!(h = strchr (request, '\n'))) - goto unimplemented; + if (!(h = strchr(request, '\n'))) + goto unimplemented; - *h++ = '\0'; - while (*h == '\r' || *h == '\n') - h++; + *h++ = '\0'; + while (*h == '\r' || *h == '\n') + h++; - if (!(p = strchr (request + 4, ' '))) - goto unimplemented; - *p = '\0'; + if (!(p = strchr(request + 4, ' '))) + goto unimplemented; + *p = '\0'; } /* *response = peer_print_info(session, request+4, h, response_length); */ - if (http != 0) - { - *response = peer_print_info (session, response_length, h); - } - else - { - *response = strdup (request); - *response_length = ((*response) ? strlen (*response) : 0); + if (http != 0) { + *response = peer_print_info(session, response_length, h); + } else { + *response = strdup(request); + *response_length = ((*response) ? strlen(*response) : 0); } - return; + return; -unimplemented: - *response = strdup (HTTP_UNIMPLEMENTED); - *response_length = ((*response) ? strlen (*response) : 0); + unimplemented: + *response = strdup(HTTP_UNIMPLEMENTED); + *response_length = ((*response) ? strlen(*response) : 0); } -void -terminate (int sig) +void terminate(int sig) { - fprintf (stderr, "Exiting via signal %d\n", sig); - exit (1); + fprintf(stderr, "Exiting via signal %d\n", sig); + exit(1); } -static void -check_alert (gnutls_session session, int ret) +static void check_alert(gnutls_session session, int ret) { - if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED - || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) - { - int last_alert = gnutls_alert_get (session); - if (last_alert == GNUTLS_A_NO_RENEGOTIATION && - ret == GNUTLS_E_WARNING_ALERT_RECEIVED) - printf - ("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n"); - else - printf ("* Received alert '%d': %s.\n", last_alert, - gnutls_alert_get_name (last_alert)); + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { + int last_alert = gnutls_alert_get(session); + if (last_alert == GNUTLS_A_NO_RENEGOTIATION && + ret == GNUTLS_E_WARNING_ALERT_RECEIVED) + printf + ("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n"); + else + printf("* Received alert '%d': %s.\n", last_alert, + gnutls_alert_get_name(last_alert)); } } -static void -tls_log_func (int level, const char *str) +static void tls_log_func(int level, const char *str) { - fprintf (stderr, "|<%d>| %s", level, str); + fprintf(stderr, "|<%d>| %s", level, str); } -static void gaa_parser (int argc, char **argv); +static void gaa_parser(int argc, char **argv); -int -main (int argc, char **argv) +int main(int argc, char **argv) { - int ret, n, h; - char topbuf[512]; - char name[256]; - int accept_fd; - struct sockaddr_in client_address; + int ret, n, h; + char topbuf[512]; + char name[256]; + int accept_fd; + struct sockaddr_in client_address; #ifndef _WIN32 - signal (SIGPIPE, SIG_IGN); - signal (SIGHUP, SIG_IGN); - signal (SIGTERM, terminate); - if (signal (SIGINT, terminate) == SIG_IGN) - signal (SIGINT, SIG_IGN); /* e.g. background process */ + signal(SIGPIPE, SIG_IGN); + signal(SIGHUP, SIG_IGN); + signal(SIGTERM, terminate); + if (signal(SIGINT, terminate) == SIG_IGN) + signal(SIGINT, SIG_IGN); /* e.g. background process */ #endif - sockets_init (); + sockets_init(); - gaa_parser (argc, argv); + gaa_parser(argc, argv); - if (nodb == 0) - wrap_db_init (); + if (nodb == 0) + wrap_db_init(); - if (http == 1) - { - strcpy (name, "HTTP Server"); - } - else - { - strcpy (name, "Echo Server"); + if (http == 1) { + strcpy(name, "HTTP Server"); + } else { + strcpy(name, "Echo Server"); } - if ((ret = gnutls_global_init ()) < 0) - { - fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret)); - exit (1); + if ((ret = gnutls_global_init()) < 0) { + fprintf(stderr, "global_init: %s\n", gnutls_strerror(ret)); + exit(1); } - gnutls_global_set_log_function (tls_log_func); - gnutls_global_set_log_level (debug); + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(debug); - if ((ret = gnutls_global_init_extra ()) < 0) - { - fprintf (stderr, "global_init_extra: %s\n", gnutls_strerror (ret)); -// exit (1); + if ((ret = gnutls_global_init_extra()) < 0) { + fprintf(stderr, "global_init_extra: %s\n", gnutls_strerror(ret)); + exit(1); } - /* Note that servers must generate parameters for - * Diffie Hellman. See gnutls_dh_params_generate(), and - * gnutls_dh_params_set(). - */ - if (generate != 0) - { - generate_rsa_params (); - generate_dh_primes (); + /* Note that servers must generate parameters for + * Diffie Hellman. See gnutls_dh_params_generate(), and + * gnutls_dh_params_set(). + */ + if (generate != 0) { + generate_rsa_params(); + generate_dh_primes(); } - if (dh_params_file && generate == 0) - { - read_dh_params (); + if (dh_params_file) { + read_dh_params(); } - if (gnutls_certificate_allocate_credentials (&cert_cred) < 0) - { - fprintf (stderr, "memory error\n"); - exit (1); + if (gnutls_certificate_allocate_credentials(&cert_cred) < 0) { + fprintf(stderr, "memory error\n"); + exit(1); } - if (x509_cafile != NULL) - { - if ((ret = gnutls_certificate_set_x509_trust_file - (cert_cred, x509_cafile, x509ctype)) < 0) - { - fprintf (stderr, "Error reading '%s'\n", x509_cafile); - GERR (ret); - exit (1); - } - else - { - printf ("Processed %d CA certificate(s).\n", ret); + if (x509_cafile != NULL) { + if ((ret = gnutls_certificate_set_x509_trust_file + (cert_cred, x509_cafile, x509ctype)) < 0) { + fprintf(stderr, "Error reading '%s'\n", x509_cafile); + GERR(ret); + exit(1); + } else { + printf("Processed %d CA certificate(s).\n", ret); } } #ifdef ENABLE_PKI - if (x509_crlfile != NULL) - { - if ((ret = gnutls_certificate_set_x509_crl_file - (cert_cred, x509_crlfile, x509ctype)) < 0) - { - fprintf (stderr, "Error reading '%s'\n", x509_crlfile); - GERR (ret); - exit (1); - } - else - { - printf ("Processed %d CRL(s).\n", ret); + if (x509_crlfile != NULL) { + if ((ret = gnutls_certificate_set_x509_crl_file + (cert_cred, x509_crlfile, x509ctype)) < 0) { + fprintf(stderr, "Error reading '%s'\n", x509_crlfile); + GERR(ret); + exit(1); + } else { + printf("Processed %d CRL(s).\n", ret); } } #endif -#ifdef USE_OPENPGP - if (pgp_keyring != NULL) - { - ret = - gnutls_certificate_set_openpgp_keyring_file (cert_cred, pgp_keyring); - if (ret < 0) - { - fprintf (stderr, "Error setting the OpenPGP keyring file\n"); - GERR (ret); +#ifdef ENABLE_OPENPGP + if (pgp_keyring != NULL) { + ret = + gnutls_certificate_set_openpgp_keyring_file(cert_cred, + pgp_keyring); + if (ret < 0) { + fprintf(stderr, "Error setting the OpenPGP keyring file\n"); + GERR(ret); } } - if (pgp_trustdb != NULL) - { - ret = gnutls_certificate_set_openpgp_trustdb (cert_cred, pgp_trustdb); - if (ret < 0) - { - fprintf (stderr, "Error setting the OpenPGP trustdb file\n"); - GERR (ret); + if (pgp_trustdb != NULL) { + ret = + gnutls_certificate_set_openpgp_trustdb(cert_cred, pgp_trustdb); + if (ret < 0) { + fprintf(stderr, "Error setting the OpenPGP trustdb file\n"); + GERR(ret); } } - if (pgp_certfile != NULL) - if ((ret = gnutls_certificate_set_openpgp_key_file - (cert_cred, pgp_certfile, pgp_keyfile)) < 0) - { - fprintf (stderr, - "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n", - ret, pgp_certfile, pgp_keyfile); - GERR (ret); - } + if (pgp_certfile != NULL) + if ((ret = gnutls_certificate_set_openpgp_key_file + (cert_cred, pgp_certfile, pgp_keyfile)) < 0) { + fprintf(stderr, + "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n", + ret, pgp_certfile, pgp_keyfile); + GERR(ret); + } #endif - if (x509_certfile != NULL) - if ((ret = gnutls_certificate_set_x509_key_file - (cert_cred, x509_certfile, x509_keyfile, x509ctype)) < 0) - { - fprintf (stderr, - "Error reading '%s' or '%s'\n", x509_certfile, x509_keyfile); - GERR (ret); - exit (1); - } - - if (x509_dsacertfile != NULL) - if ((ret = gnutls_certificate_set_x509_key_file - (cert_cred, x509_dsacertfile, x509_dsakeyfile, x509ctype)) < 0) - { - fprintf (stderr, "Error reading '%s' or '%s'\n", - x509_dsacertfile, x509_dsakeyfile); - GERR (ret); - exit (1); - } - - gnutls_certificate_set_params_function (cert_cred, get_params); + if (x509_certfile != NULL) + if ((ret = gnutls_certificate_set_x509_key_file + (cert_cred, x509_certfile, x509_keyfile, x509ctype)) < 0) { + fprintf(stderr, + "Error reading '%s' or '%s'\n", x509_certfile, + x509_keyfile); + GERR(ret); + exit(1); + } + + if (x509_dsacertfile != NULL) + if ((ret = gnutls_certificate_set_x509_key_file + (cert_cred, x509_dsacertfile, x509_dsakeyfile, + x509ctype)) < 0) { + fprintf(stderr, "Error reading '%s' or '%s'\n", + x509_dsacertfile, x509_dsakeyfile); + GERR(ret); + exit(1); + } + + if (generate != 0 || read_dh_params != NULL) { + gnutls_certificate_set_params_function(cert_cred, get_params); /* gnutls_certificate_set_dh_params(cert_cred, dh_params); * gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params); */ - - /* this is a password file (created with the included srpcrypt utility) - * Read README.crypt prior to using SRP. - */ -#ifdef ENABLE_SRP - if (srp_passwd != NULL) - { - gnutls_srp_allocate_server_credentials (&srp_cred); - - if ((ret = - gnutls_srp_set_server_credentials_file (srp_cred, srp_passwd, - srp_passwd_conf)) < 0) - { - /* only exit is this function is not disabled - */ - fprintf (stderr, "Error while setting SRP parameters\n"); - GERR (ret); - } } -#endif - /* this is a password file - */ -#ifdef ENABLE_PSK - if (psk_passwd != NULL) - { - gnutls_psk_allocate_server_credentials (&psk_cred); - - if ((ret = - gnutls_psk_set_server_credentials_file (psk_cred, psk_passwd)) < 0) - { - /* only exit is this function is not disabled - */ - fprintf (stderr, "Error while setting PSK parameters\n"); - GERR (ret); + /* this is a password file (created with the included srpcrypt utility) + * Read README.crypt prior to using SRP. + */ +#ifdef ENABLE_SRP + if (srp_passwd != NULL) { + gnutls_srp_allocate_server_credentials(&srp_cred); + + if ((ret = + gnutls_srp_set_server_credentials_file(srp_cred, srp_passwd, + srp_passwd_conf)) < + 0) { + /* only exit is this function is not disabled + */ + fprintf(stderr, "Error while setting SRP parameters\n"); + GERR(ret); } - - gnutls_psk_set_server_params_function (psk_cred, get_params); } #endif #ifdef ENABLE_ANON - gnutls_anon_allocate_server_credentials (&dh_cred); - gnutls_anon_set_server_params_function (dh_cred, get_params); + gnutls_anon_allocate_server_credentials(&dh_cred); + if (generate != 0) + gnutls_anon_set_params_function(dh_cred, get_params); /* gnutls_anon_set_server_dh_params(dh_cred, dh_params); */ #endif - h = listen_socket (name, port); - if (h < 0) - exit (1); + h = listen_socket(name, port); + if (h < 0) + exit(1); - for (;;) - { - listener_item *j; - fd_set rd, wr; - int val; + for (;;) { + listener_item *j; + fd_set rd, wr; + int val; - FD_ZERO (&rd); - FD_ZERO (&wr); - n = 0; + FD_ZERO(&rd); + FD_ZERO(&wr); + n = 0; /* check for new incoming connections */ - FD_SET (h, &rd); - n = max (n, h); + FD_SET(h, &rd); + n = max(n, h); /* flag which connections we are reading or writing to within the fd sets */ - lloopstart (listener_list, j) - { + lloopstart(listener_list, j) { #ifndef _WIN32 - val = fcntl (j->fd, F_GETFL, 0); - if ((val == -1) || (fcntl (j->fd, F_SETFL, val | O_NONBLOCK) < 0)) - { - perror ("fcntl()"); - exit (1); - } + val = fcntl(j->fd, F_GETFL, 0); + if ((val == -1) + || (fcntl(j->fd, F_SETFL, val | O_NONBLOCK) < 0)) { + perror("fcntl()"); + exit(1); + } #endif - if (j->http_state == HTTP_STATE_REQUEST) - { - FD_SET (j->fd, &rd); - n = max (n, j->fd); - } - if (j->http_state == HTTP_STATE_RESPONSE) - { - FD_SET (j->fd, &wr); - n = max (n, j->fd); - } - } - lloopend (listener_list, j); + if (j->http_state == HTTP_STATE_REQUEST) { + FD_SET(j->fd, &rd); + n = max(n, j->fd); + } + if (j->http_state == HTTP_STATE_RESPONSE) { + FD_SET(j->fd, &wr); + n = max(n, j->fd); + } + } + lloopend(listener_list, j); /* core operation */ - n = select (n + 1, &rd, &wr, NULL, NULL); - if (n == -1 && errno == EINTR) - continue; - if (n < 0) - { - perror ("select()"); - exit (1); + n = select(n + 1, &rd, &wr, NULL, NULL); + if (n == -1 && errno == EINTR) + continue; + if (n < 0) { + perror("select()"); + exit(1); } /* a new connection has arrived */ - if (FD_ISSET (h, &rd)) - { - unsigned int l; - gnutls_session tls_session; + if (FD_ISSET(h, &rd)) { + unsigned int l; + gnutls_session tls_session; - tls_session = initialize_session (); + tls_session = initialize_session(); - l = sizeof (client_address); - memset (&client_address, 0, l); - accept_fd = accept (h, (struct sockaddr *) &client_address, &l); + l = sizeof(client_address); + memset(&client_address, 0, l); + accept_fd = accept(h, (struct sockaddr *) &client_address, &l); - if (accept_fd < 0) - { - perror ("accept()"); - } - else - { - time_t tt; - char *ctt; + if (accept_fd < 0) { + perror("accept()"); + } else { + time_t tt; + char *ctt; /* new list entry for the connection */ - lappend (listener_list); - j = listener_list.tail; - j->http_request = (char *) strdup (""); - j->http_state = HTTP_STATE_REQUEST; - j->fd = accept_fd; - - j->tls_session = tls_session; - gnutls_transport_set_ptr (tls_session, - (gnutls_transport_ptr) accept_fd); - j->handshake_ok = 0; - - if (verbose == 0) - { - tt = time (0); - ctt = ctime (&tt); - ctt[strlen (ctt) - 1] = 0; + lappend(listener_list); + j = listener_list.tail; + j->http_request = (char *) strdup(""); + j->http_state = HTTP_STATE_REQUEST; + j->fd = accept_fd; + + j->tls_session = tls_session; + gnutls_transport_set_ptr(tls_session, + (gnutls_transport_ptr) accept_fd); + j->handshake_ok = 0; + + if (verbose == 0) { + tt = time(0); + ctt = ctime(&tt); + ctt[strlen(ctt) - 1] = 0; /* printf("\n* connection from %s, port %d\n", @@ -920,308 +828,264 @@ main (int argc, char **argv) } /* read or write to each connection as indicated by select()'s return argument */ - lloopstart (listener_list, j) - { - if (FD_ISSET (j->fd, &rd)) - { + lloopstart(listener_list, j) { + if (FD_ISSET(j->fd, &rd)) { /* read partial GET request */ - char buf[1024]; - int r, ret; - - if (j->handshake_ok == 0) - { - r = gnutls_handshake (j->tls_session); - if (r < 0 && gnutls_error_is_fatal (r) == 0) - { - check_alert (j->tls_session, r); - /* nothing */ - } - else if (r < 0 && gnutls_error_is_fatal (r) == 1) - { - check_alert (j->tls_session, r); - fprintf (stderr, "Error in handshake\n"); - GERR (r); - - do - { - ret = - gnutls_alert_send_appropriate (j->tls_session, r); - } - while (ret == GNUTLS_E_AGAIN); - j->http_state = HTTP_STATE_CLOSING; - } - else if (r == 0) - { - if (gnutls_session_is_resumed (j->tls_session) != 0 - && verbose == 0) - printf ("*** This is a resumed session\n"); - - if (verbose == 0) - { - printf ("\n* connection from %s, port %d\n", - inet_ntop (AF_INET, - &client_address.sin_addr, - topbuf, sizeof (topbuf)), - ntohs (client_address.sin_port)); - print_info (j->tls_session, NULL); - } - j->handshake_ok = 1; - } - } - - if (j->handshake_ok == 1) - { - r = gnutls_record_recv (j->tls_session, buf, - min (1024, SMALL_READ_TEST)); - if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) - { - /* do nothing */ - } - else if (r <= 0) - { - j->http_state = HTTP_STATE_CLOSING; - if (r < 0 && r != GNUTLS_E_UNEXPECTED_PACKET_LENGTH) - { - check_alert (j->tls_session, r); - fprintf (stderr, "Error while receiving data\n"); - GERR (r); - } - - } - else - { - j->http_request = - realloc (j->http_request, j->request_length + r + 1); - if (j->http_request != NULL) - { - memcpy (j->http_request + j->request_length, buf, r); - j->request_length += r; - j->http_request[j->request_length] = '\0'; - } - else - j->http_state = HTTP_STATE_CLOSING; - - } + char buf[1024]; + int r, ret; + + if (j->handshake_ok == 0) { + r = gnutls_handshake(j->tls_session); + if (r < 0 && gnutls_error_is_fatal(r) == 0) { + check_alert(j->tls_session, r); + /* nothing */ + } else if (r < 0 && gnutls_error_is_fatal(r) == 1) { + check_alert(j->tls_session, r); + fprintf(stderr, "Error in handshake\n"); + GERR(r); + + do { + ret = + gnutls_alert_send_appropriate(j-> + tls_session, + r); + } while (ret == GNUTLS_E_AGAIN); + j->http_state = HTTP_STATE_CLOSING; + } else if (r == 0) { + if (gnutls_session_is_resumed(j->tls_session) != 0 + && verbose == 0) + printf("*** This is a resumed session\n"); + + if (verbose == 0) { + printf("\n* connection from %s, port %d\n", + inet_ntop(AF_INET, + &client_address.sin_addr, + topbuf, sizeof(topbuf)), + ntohs(client_address.sin_port)); + print_info(j->tls_session, NULL); + } + j->handshake_ok = 1; + } + } + + if (j->handshake_ok == 1) { + r = gnutls_record_recv(j->tls_session, buf, + min(1024, SMALL_READ_TEST)); + if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) { + /* do nothing */ + } else if (r <= 0) { + j->http_state = HTTP_STATE_CLOSING; + if (r < 0 + && r != GNUTLS_E_UNEXPECTED_PACKET_LENGTH) { + check_alert(j->tls_session, r); + fprintf(stderr, + "Error while receiving data\n"); + GERR(r); + } + + } else { + j->http_request = + realloc(j->http_request, + j->request_length + r + 1); + if (j->http_request != NULL) { + memcpy(j->http_request + j->request_length, + buf, r); + j->request_length += r; + j->http_request[j->request_length] = '\0'; + } else + j->http_state = HTTP_STATE_CLOSING; + + } /* check if we have a full HTTP header */ - j->http_response = NULL; - if (j->http_request != NULL) - { - if ((http == 0 && strchr (j->http_request, '\n')) - || strstr (j->http_request, "\r\n\r\n") - || strstr (j->http_request, "\n\n")) - { - get_response (j->tls_session, j->http_request, - &j->http_response, &j->response_length); - j->http_state = HTTP_STATE_RESPONSE; - j->response_written = 0; - } - } - } - } - if (FD_ISSET (j->fd, &wr)) - { + j->http_response = NULL; + if (j->http_request != NULL) { + if ((http == 0 && strchr(j->http_request, '\n')) + || strstr(j->http_request, "\r\n\r\n") + || strstr(j->http_request, "\n\n")) { + get_response(j->tls_session, j->http_request, + &j->http_response, + &j->response_length); + j->http_state = HTTP_STATE_RESPONSE; + j->response_written = 0; + } + } + } + } + if (FD_ISSET(j->fd, &wr)) { /* write partial response request */ - int r; - - if (j->handshake_ok == 0) - { - r = gnutls_handshake (j->tls_session); - if (r < 0 && gnutls_error_is_fatal (r) == 0) - { - check_alert (j->tls_session, r); - /* nothing */ - } - else if (r < 0 && gnutls_error_is_fatal (r) == 1) - { - int ret; - - j->http_state = HTTP_STATE_CLOSING; - check_alert (j->tls_session, r); - fprintf (stderr, "Error in handshake\n"); - GERR (r); - - do - { - ret = - gnutls_alert_send_appropriate (j->tls_session, r); - } - while (ret == GNUTLS_E_AGAIN); - } - else if (r == 0) - { - if (gnutls_session_is_resumed (j->tls_session) != 0 - && verbose == 0) - printf ("*** This is a resumed session\n"); - if (verbose == 0) - { - printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, - &client_address.sin_addr, - topbuf, sizeof (topbuf)), - ntohs (client_address.sin_port)); - - print_info (j->tls_session, NULL); - } - j->handshake_ok = 1; - } - } - - if (j->handshake_ok == 1) - { - /* FIXME if j->http_response == NULL? */ - r = gnutls_record_send (j->tls_session, - j->http_response + - j->response_written, - min (j->response_length - - j->response_written, - SMALL_READ_TEST)); - if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) - { - /* do nothing */ - } - else if (r <= 0) - { - if (http != 0) - j->http_state = HTTP_STATE_CLOSING; - else - { - j->http_state = HTTP_STATE_REQUEST; - free (j->http_response); - j->response_length = 0; - j->request_length = 0; - j->http_request[0] = 0; - } - - if (r < 0) - { - fprintf (stderr, "Error while sending data\n"); - GERR (r); - } - check_alert (j->tls_session, r); - } - else - { - j->response_written += r; -/* check if we have written a complete response */ - if (j->response_written == j->response_length) - { + int r; + + if (j->handshake_ok == 0) { + r = gnutls_handshake(j->tls_session); + if (r < 0 && gnutls_error_is_fatal(r) == 0) { + check_alert(j->tls_session, r); + /* nothing */ + } else if (r < 0 && gnutls_error_is_fatal(r) == 1) { + int ret; + + j->http_state = HTTP_STATE_CLOSING; + check_alert(j->tls_session, r); + fprintf(stderr, "Error in handshake\n"); + GERR(r); + + do { + ret = + gnutls_alert_send_appropriate(j-> + tls_session, + r); + } while (ret == GNUTLS_E_AGAIN); + } else if (r == 0) { + if (gnutls_session_is_resumed(j->tls_session) != 0 + && verbose == 0) + printf("*** This is a resumed session\n"); + if (verbose == 0) { + printf("- connection from %s, port %d\n", + inet_ntop(AF_INET, + &client_address.sin_addr, + topbuf, sizeof(topbuf)), + ntohs(client_address.sin_port)); + + print_info(j->tls_session, NULL); + } + j->handshake_ok = 1; + } + } + + if (j->handshake_ok == 1) { + /* FIXME if j->http_response == NULL? */ + r = gnutls_record_send(j->tls_session, + j->http_response + + j->response_written, + min(j->response_length - + j->response_written, + SMALL_READ_TEST)); + if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) { + /* do nothing */ + } else if (r <= 0) { if (http != 0) - j->http_state = HTTP_STATE_CLOSING; - else - { + j->http_state = HTTP_STATE_CLOSING; + else { j->http_state = HTTP_STATE_REQUEST; - free (j->http_response); + free(j->http_response); j->response_length = 0; j->request_length = 0; j->http_request[0] = 0; - } - } - } - } - } - } - lloopend (listener_list, j); + } + + if (r < 0) { + fprintf(stderr, "Error while sending data\n"); + GERR(r); + } + check_alert(j->tls_session, r); + } else { + j->response_written += r; +/* check if we have written a complete response */ + if (j->response_written == j->response_length) { + if (http != 0) + j->http_state = HTTP_STATE_CLOSING; + else { + j->http_state = HTTP_STATE_REQUEST; + free(j->http_response); + j->response_length = 0; + j->request_length = 0; + j->http_request[0] = 0; + } + } + } + } + } + } + lloopend(listener_list, j); /* loop through all connections, closing those that are in error */ - lloopstart (listener_list, j) - { - if (j->http_state == HTTP_STATE_CLOSING) - { - ldeleteinc (listener_list, j); - } - } - lloopend (listener_list, j); + lloopstart(listener_list, j) { + if (j->http_state == HTTP_STATE_CLOSING) { + ldeleteinc(listener_list, j); + } + } + lloopend(listener_list, j); } - gnutls_certificate_free_credentials (cert_cred); + gnutls_certificate_free_credentials(cert_cred); #ifdef ENABLE_SRP - gnutls_srp_free_server_credentials (srp_cred); -#endif - -#ifdef ENABLE_PSK - gnutls_psk_free_server_credentials (psk_cred); + gnutls_srp_free_server_credentials(srp_cred); #endif #ifdef ENABLE_ANON - gnutls_anon_free_server_credentials (dh_cred); + gnutls_anon_free_server_credentials(dh_cred); #endif - if (nodb == 0) - wrap_db_deinit (); - gnutls_global_deinit (); + if (nodb == 0) + wrap_db_deinit(); + gnutls_global_deinit(); - return 0; + return 0; } static gaainfo info; -void -gaa_parser (int argc, char **argv) +void gaa_parser(int argc, char **argv) { - if (gaa (argc, argv, &info) != -1) - { - fprintf (stderr, - "Error in the arguments. Use the --help or -h parameters to get more information.\n"); - exit (1); + if (gaa(argc, argv, &info) != -1) { + fprintf(stderr, + "Error in the arguments. Use the --help or -h parameters to get more information.\n"); + exit(1); } - require_cert = info.require_cert; - debug = info.debug; - verbose = info.quiet; - nodb = info.nodb; - - if (info.http == 0) - http = 0; - else - http = 1; - - if (info.fmtder == 0) - x509ctype = GNUTLS_X509_FMT_PEM; - else - x509ctype = GNUTLS_X509_FMT_DER; - - if (info.generate == 0) - generate = 0; - else - generate = 1; - - dh_params_file = info.dh_params_file; - - port = info.port; - - x509_certfile = info.x509_certfile; - x509_keyfile = info.x509_keyfile; - x509_dsacertfile = info.x509_dsacertfile; - x509_dsakeyfile = info.x509_dsakeyfile; - x509_cafile = info.x509_cafile; - x509_crlfile = info.x509_crlfile; - pgp_certfile = info.pgp_certfile; - pgp_keyfile = info.pgp_keyfile; - srp_passwd = info.srp_passwd; - srp_passwd_conf = info.srp_passwd_conf; - - psk_passwd = info.psk_passwd; - - pgp_keyring = info.pgp_keyring; - pgp_trustdb = info.pgp_trustdb; - - parse_protocols (info.proto, info.nproto, protocol_priority); - parse_ciphers (info.ciphers, info.nciphers, cipher_priority); - parse_macs (info.macs, info.nmacs, mac_priority); - parse_ctypes (info.ctype, info.nctype, cert_type_priority); - parse_kx (info.kx, info.nkx, kx_priority); - parse_comp (info.comp, info.ncomp, comp_priority); + require_cert = info.require_cert; + debug = info.debug; + verbose = info.quiet; + nodb = info.nodb; + + if (info.http == 0) + http = 0; + else + http = 1; + + if (info.fmtder == 0) + x509ctype = GNUTLS_X509_FMT_PEM; + else + x509ctype = GNUTLS_X509_FMT_DER; + + if (info.generate == 0) + generate = 0; + else + generate = 1; + + dh_params_file = info.dh_params_file; + + port = info.port; + + x509_certfile = info.x509_certfile; + x509_keyfile = info.x509_keyfile; + x509_dsacertfile = info.x509_dsacertfile; + x509_dsakeyfile = info.x509_dsakeyfile; + x509_cafile = info.x509_cafile; + x509_crlfile = info.x509_crlfile; + pgp_certfile = info.pgp_certfile; + pgp_keyfile = info.pgp_keyfile; + srp_passwd = info.srp_passwd; + srp_passwd_conf = info.srp_passwd_conf; + + pgp_keyring = info.pgp_keyring; + pgp_trustdb = info.pgp_trustdb; + + parse_protocols(info.proto, info.nproto, protocol_priority); + parse_ciphers(info.ciphers, info.nciphers, cipher_priority); + parse_macs(info.macs, info.nmacs, mac_priority); + parse_ctypes(info.ctype, info.nctype, cert_type_priority); + parse_kx(info.kx, info.nkx, kx_priority); + parse_comp(info.comp, info.ncomp, comp_priority); } -void -serv_version (void) +void serv_version(void) { - fprintf (stderr, "GNU TLS test server, "); - fprintf (stderr, "version %s. Libgnutls %s.\n", LIBGNUTLS_VERSION, - gnutls_check_version (NULL)); + fprintf(stderr, "GNU TLS test server, "); + fprintf(stderr, "version %s. Libgnutls %s.\n", LIBGNUTLS_VERSION, + gnutls_check_version(NULL)); } /* session resuming support */ @@ -1229,125 +1093,114 @@ serv_version (void) #define SESSION_ID_SIZE 32 #define SESSION_DATA_SIZE 1024 -typedef struct -{ - char session_id[SESSION_ID_SIZE]; - unsigned int session_id_size; +typedef struct { + char session_id[SESSION_ID_SIZE]; + unsigned int session_id_size; - char session_data[SESSION_DATA_SIZE]; - unsigned int session_data_size; + char session_data[SESSION_DATA_SIZE]; + unsigned int session_data_size; } CACHE; static CACHE *cache_db; int cache_db_ptr = 0; -static void -wrap_db_init (void) +static void wrap_db_init(void) { - /* allocate cache_db */ - cache_db = calloc (1, ssl_session_cache * sizeof (CACHE)); + /* allocate cache_db */ + cache_db = calloc(1, ssl_session_cache * sizeof(CACHE)); } -static void -wrap_db_deinit (void) +static void wrap_db_deinit(void) { } -static int -wrap_db_store (void *dbf, gnutls_datum key, gnutls_datum data) +static int wrap_db_store(void *dbf, gnutls_datum key, gnutls_datum data) { - if (cache_db == NULL) - return -1; + if (cache_db == NULL) + return -1; - if (key.size > SESSION_ID_SIZE) - return -1; - if (data.size > SESSION_DATA_SIZE) - return -1; + if (key.size > SESSION_ID_SIZE) + return -1; + if (data.size > SESSION_DATA_SIZE) + return -1; - memcpy (cache_db[cache_db_ptr].session_id, key.data, key.size); - cache_db[cache_db_ptr].session_id_size = key.size; + memcpy(cache_db[cache_db_ptr].session_id, key.data, key.size); + cache_db[cache_db_ptr].session_id_size = key.size; - memcpy (cache_db[cache_db_ptr].session_data, data.data, data.size); - cache_db[cache_db_ptr].session_data_size = data.size; + memcpy(cache_db[cache_db_ptr].session_data, data.data, data.size); + cache_db[cache_db_ptr].session_data_size = data.size; - cache_db_ptr++; - cache_db_ptr %= ssl_session_cache; + cache_db_ptr++; + cache_db_ptr %= ssl_session_cache; - return 0; + return 0; } -static gnutls_datum -wrap_db_fetch (void *dbf, gnutls_datum key) +static gnutls_datum wrap_db_fetch(void *dbf, gnutls_datum key) { - gnutls_datum res = { NULL, 0 }; - int i; + gnutls_datum res = { NULL, 0 }; + int i; - if (cache_db == NULL) - return res; + if (cache_db == NULL) + return res; - for (i = 0; i < ssl_session_cache; i++) - { - if (key.size == cache_db[i].session_id_size && - memcmp (key.data, cache_db[i].session_id, key.size) == 0) - { + for (i = 0; i < ssl_session_cache; i++) { + if (key.size == cache_db[i].session_id_size && + memcmp(key.data, cache_db[i].session_id, key.size) == 0) { - res.size = cache_db[i].session_data_size; + res.size = cache_db[i].session_data_size; - res.data = gnutls_malloc (res.size); - if (res.data == NULL) - return res; + res.data = gnutls_malloc(res.size); + if (res.data == NULL) + return res; - memcpy (res.data, cache_db[i].session_data, res.size); + memcpy(res.data, cache_db[i].session_data, res.size); - return res; + return res; } } - return res; + return res; } -static int -wrap_db_delete (void *dbf, gnutls_datum key) +static int wrap_db_delete(void *dbf, gnutls_datum key) { - int i; + int i; - if (cache_db == NULL) - return -1; + if (cache_db == NULL) + return -1; - for (i = 0; i < ssl_session_cache; i++) - { - if (key.size == (unsigned int) cache_db[i].session_id_size && - memcmp (key.data, cache_db[i].session_id, key.size) == 0) - { + for (i = 0; i < ssl_session_cache; i++) { + if (key.size == (unsigned int) cache_db[i].session_id_size && + memcmp(key.data, cache_db[i].session_id, key.size) == 0) { - cache_db[i].session_id_size = 0; - cache_db[i].session_data_size = 0; + cache_db[i].session_id_size = 0; + cache_db[i].session_data_size = 0; - return 0; + return 0; } } - return -1; + return -1; } -void -print_serv_license (void) +void print_serv_license(void) { - fputs ("\nCopyright (C) 2001-2003 Paul Sheer, Nikos Mavroyanopoulos\n" - "\nCopyright (C) 2004 Free Software Foundation\n" - "This program is free software; you can redistribute it and/or modify \n" - "it under the terms of the GNU General Public License as published by \n" - "the Free Software Foundation; either version 2 of the License, or \n" - "(at your option) any later version. \n" "\n" - "This program is distributed in the hope that it will be useful, \n" - "but WITHOUT ANY WARRANTY; without even the implied warranty of \n" - "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n" - "GNU General Public License for more details. \n" "\n" - "You should have received a copy of the GNU General Public License \n" - "along with this program; if not, write to the Free Software \n" - "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n", - stdout); + fputs("\nCopyright (C) 2001-2003 Paul Sheer, Nikos Mavroyanopoulos\n" + "\nCopyright (C) 2004 Free Software Foundation\n" + "This program is free software; you can redistribute it and/or modify \n" + "it under the terms of the GNU General Public License as published by \n" + "the Free Software Foundation; either version 2 of the License, or \n" + "(at your option) any later version. \n" "\n" + "This program is distributed in the hope that it will be useful, \n" + "but WITHOUT ANY WARRANTY; without even the implied warranty of \n" + "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n" + "GNU General Public License for more details. \n" "\n" + "You should have received a copy of the GNU General Public License \n" + "along with this program; if not, write to the Free Software \n" + "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n", + stdout); } |