diff options
| -rw-r--r-- | NEWS | 18 | ||||
| -rwxr-xr-x | build-aux/config.rpath | 102 | ||||
| -rwxr-xr-x | doc/credentials/gnutls-http-serv | 2 | ||||
| -rw-r--r-- | doc/gnutls.texi | 308 | ||||
| -rw-r--r-- | includes/gnutls/gnutls.h.in | 10 | ||||
| -rw-r--r-- | includes/gnutls/openpgp.h | 3 | ||||
| -rw-r--r-- | includes/gnutls/x509.h | 8 | ||||
| -rw-r--r-- | lib/auth_srp.c | 3 | ||||
| -rw-r--r-- | lib/ext_srp.c | 23 | ||||
| -rw-r--r-- | lib/gnutls_alert.c | 14 | ||||
| -rw-r--r-- | lib/gnutls_errors.h | 1 | ||||
| -rw-r--r-- | lib/gnutls_extensions.c | 4 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 96 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 9 | ||||
| -rw-r--r-- | lib/gnutls_srp.c | 12 | ||||
| -rw-r--r-- | lib/gnutls_state.c | 25 | ||||
| -rw-r--r-- | lib/x509/Makefile.am | 2 | ||||
| -rw-r--r-- | lib/x509/common.c | 4 | ||||
| -rw-r--r-- | lib/x509/dn.c | 5 | ||||
| -rw-r--r-- | lib/x509/xml.c | 762 | ||||
| -rw-r--r-- | libextra/openpgp/Makefile.am | 2 | ||||
| -rw-r--r-- | libextra/openpgp/xml.c | 442 | ||||
| -rw-r--r-- | po/de.po | 291 | ||||
| -rw-r--r-- | po/ms.po | 277 | ||||
| -rw-r--r-- | src/certtool-gaa.c | 40 | ||||
| -rw-r--r-- | src/certtool-gaa.h | 6 | ||||
| -rw-r--r-- | src/certtool.c | 23 | ||||
| -rw-r--r-- | src/certtool.gaa | 8 | ||||
| -rw-r--r-- | src/cli-gaa.c | 163 | ||||
| -rw-r--r-- | src/cli-gaa.h | 68 | ||||
| -rw-r--r-- | src/cli.c | 244 | ||||
| -rw-r--r-- | src/cli.gaa | 5 | ||||
| -rw-r--r-- | src/common.c | 235 |
33 files changed, 1057 insertions, 2158 deletions
@@ -7,8 +7,24 @@ See the end for copying conditions. ** certtool: Fixed data corruption when using --outder. +** Removed all the xml related stubs and functions. + +** Added capability to set a callback after the client hello is received +by the server in order to adjust parameters before the handshake. + +** SRP was corrected to adhere to the latest draft (published soon as RFC) + +** Corrected bug which did not allow a server to run without supporting +certificates. + +** Updated the DN parser which now prints wrongly decoded values as hex +strings. + ** API and ABI modifications: -No changes since last version. +gnutls_x509_crt_to_xml: REMOVED +gnutls_openpgp_key_to_xml: REMOVED +gnutls_srp_set_client_credentials_function: CHANGED +gnutls_handshake_set_post_client_hello_function: ADDED * Version 2.1.1 (released 2007-09-24) diff --git a/build-aux/config.rpath b/build-aux/config.rpath index c547c68825..c492a93b66 100755 --- a/build-aux/config.rpath +++ b/build-aux/config.rpath @@ -2,7 +2,7 @@ # Output a system dependent set of variables, describing how to set the # run time search path of shared libraries in an executable. # -# Copyright 1996-2007 Free Software Foundation, Inc. +# Copyright 1996-2006 Free Software Foundation, Inc. # Taken from GNU libtool, 2001 # Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996 # @@ -64,7 +64,7 @@ else ;; esac ;; - mingw* | cygwin* | pw32* | os2*) + mingw* | pw32* | os2*) ;; hpux9* | hpux10* | hpux11*) wl='-Wl,' @@ -74,7 +74,7 @@ else ;; newsos6) ;; - linux* | k*bsd*-gnu) + linux*) case $cc_basename in icc* | ecc*) wl='-Wl,' @@ -100,7 +100,7 @@ else osf3* | osf4* | osf5*) wl='-Wl,' ;; - rdos*) + sco3.2v5*) ;; solaris*) wl='-Wl,' @@ -108,14 +108,11 @@ else sunos4*) wl='-Qoption ld ' ;; - sysv4 | sysv4.2uw2* | sysv4.3*) + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) wl='-Wl,' ;; sysv4*MP*) ;; - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - wl='-Wl,' - ;; unicos*) wl='-Wl,' ;; @@ -192,11 +189,11 @@ if test "$with_gnu_ld" = yes; then ld_shlibs=no fi ;; - interix[3-9]*) + interix3*) hardcode_direct=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; - gnu* | linux* | k*bsd*-gnu) + linux*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else @@ -283,7 +280,7 @@ else strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 - : + hardcode_direct=yes else # We have old collect2 hardcode_direct=unsupported @@ -362,7 +359,7 @@ else hardcode_direct=yes hardcode_minus_L=yes ;; - freebsd* | dragonfly*) + freebsd* | kfreebsd*-gnu | dragonfly*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes ;; @@ -415,22 +412,18 @@ else hardcode_libdir_separator=: ;; openbsd*) - if test -f /usr/libexec/ld.so; then - hardcode_direct=yes - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - else - case "$host_os" in - openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) - hardcode_libdir_flag_spec='-R$libdir' - ;; - *) - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - ;; - esac - fi + hardcode_direct=yes + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' else - ld_shlibs=no + case "$host_os" in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac fi ;; os2*) @@ -478,7 +471,7 @@ else ld_shlibs=yes fi ;; - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) ;; sysv5* | sco3.2v5* | sco5v6*) hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' @@ -495,51 +488,33 @@ fi # Check dynamic linker characteristics # Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER. -# Unlike libtool.m4, here we don't care about _all_ names of the library, but -# only about the one the linker finds when passed -lNAME. This is the last -# element of library_names_spec in libtool.m4, or possibly two of them if the -# linker has special search rules. -library_names_spec= # the last element of library_names_spec in libtool.m4 libname_spec='lib$name' case "$host_os" in aix3*) - library_names_spec='$libname.a' ;; aix4* | aix5*) - library_names_spec='$libname$shrext' ;; amigaos*) - library_names_spec='$libname.a' ;; beos*) - library_names_spec='$libname$shrext' ;; bsdi[45]*) - library_names_spec='$libname$shrext' ;; cygwin* | mingw* | pw32*) shrext=.dll - library_names_spec='$libname.dll.a $libname.lib' ;; darwin* | rhapsody*) shrext=.dylib - library_names_spec='$libname$shrext' ;; dgux*) - library_names_spec='$libname$shrext' ;; freebsd1*) ;; + kfreebsd*-gnu) + ;; freebsd* | dragonfly*) - case "$host_os" in - freebsd[123]*) - library_names_spec='$libname$shrext$versuffix' ;; - *) - library_names_spec='$libname$shrext' ;; - esac ;; gnu*) - library_names_spec='$libname$shrext' ;; hpux9* | hpux10* | hpux11*) case $host_cpu in @@ -553,13 +528,10 @@ case "$host_os" in shrext=.sl ;; esac - library_names_spec='$libname$shrext' ;; - interix[3-9]*) - library_names_spec='$libname$shrext' + interix3*) ;; irix5* | irix6* | nonstopux*) - library_names_spec='$libname$shrext' case "$host_os" in irix5* | nonstopux*) libsuff= shlibsuff= @@ -576,59 +548,41 @@ case "$host_os" in ;; linux*oldld* | linux*aout* | linux*coff*) ;; - linux* | k*bsd*-gnu) - library_names_spec='$libname$shrext' + linux*) ;; knetbsd*-gnu) - library_names_spec='$libname$shrext' ;; netbsd*) - library_names_spec='$libname$shrext' ;; newsos6) - library_names_spec='$libname$shrext' ;; nto-qnx*) - library_names_spec='$libname$shrext' ;; openbsd*) - library_names_spec='$libname$shrext$versuffix' ;; os2*) libname_spec='$name' shrext=.dll - library_names_spec='$libname.a' ;; osf3* | osf4* | osf5*) - library_names_spec='$libname$shrext' - ;; - rdos*) ;; solaris*) - library_names_spec='$libname$shrext' ;; sunos4*) - library_names_spec='$libname$shrext$versuffix' ;; sysv4 | sysv4.3*) - library_names_spec='$libname$shrext' ;; sysv4*MP*) - library_names_spec='$libname$shrext' ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - library_names_spec='$libname$shrext' ;; uts4*) - library_names_spec='$libname$shrext' ;; esac sed_quote_subst='s/\(["`$\\]\)/\\\1/g' escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"` shlibext=`echo "$shrext" | sed -e 's,^\.,,'` -escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` -escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF @@ -642,12 +596,6 @@ libext="$libext" # Shared library suffix (normally "so"). shlibext="$shlibext" -# Format of library name prefix. -libname_spec="$escaped_libname_spec" - -# Library names that the linker finds when passed -lNAME. -library_names_spec="$escaped_library_names_spec" - # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist. hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec" diff --git a/doc/credentials/gnutls-http-serv b/doc/credentials/gnutls-http-serv index 93e527a69e..5f5fcee3d4 100755 --- a/doc/credentials/gnutls-http-serv +++ b/doc/credentials/gnutls-http-serv @@ -1,6 +1,6 @@ #! /bin/sh -./gnutls-serv --http --x509certfile x509/cert.pem --x509keyfile x509/key.pem --x509cafile x509/ca.pem \ +../../src/gnutls-serv --http --x509certfile x509/cert.pem --x509keyfile x509/key.pem --x509cafile x509/ca.pem \ --x509dsacertfile x509/cert-dsa.pem --x509dsakeyfile x509/key-dsa.pem \ --srppasswd srp/tpasswd --srppasswdconf srp/tpasswd.conf \ --pgpkeyfile openpgp/sec.asc --pgpcertfile openpgp/pub.asc --pskpasswd psk/passwd.psk \ diff --git a/doc/gnutls.texi b/doc/gnutls.texi index d5b7026c1b..4971a9ef10 100644 --- a/doc/gnutls.texi +++ b/doc/gnutls.texi @@ -81,7 +81,6 @@ Documentation License''. * How to use GnuTLS in applications:: * Included programs:: * Function reference:: -* Certificate to XML Conversion Functions:: * All the supported ciphersuites in GnuTLS:: * Guile Bindings:: * Internal architecture of GnuTLS:: @@ -2498,8 +2497,6 @@ Usage: gnutls-cli [options] hostname -f, --fingerprint Send the openpgp fingerprint, instead of the key. --disable-extensions Disable all the TLS extensions. - --xml Print the certificate information in - XML format. --print-cert Print the certificate in PEM format. -p, --port integer The port to connect to. --recordsize integer The maximum record size to advertize. @@ -2865,7 +2862,6 @@ Usage: certtool [options] --export-ciphers Use weak encryption algorithms. --inder Use DER format for input certificates and private keys. - --xml Use XML format for output certificates. --outder Use DER format for output certificates and private keys. --bits BITS specify the number of bits for key @@ -3203,310 +3199,6 @@ expressions. @include error_codes.texi -@node Certificate to XML Conversion Functions -@chapter Certificate to @acronym{XML} Conversion Functions -@cindex Certificate to XML conversion - -This appendix contains some example output of the XML conversion -functions: - -@itemize - -@item @ref{gnutls_x509_crt_to_xml} - -@item @ref{gnutls_openpgp_key_to_xml} - -@end itemize - -@menu -* An X.509 certificate:: -* An OpenPGP key:: -@end menu - -@node An X.509 certificate -@section An @acronym{X.509} Certificate - -@smallexample -<?xml version="1.0" encoding="UTF-8"?> - -<gnutls:x509:certificate version="1.1"> - <certificate type="SEQUENCE"> - <tbsCertificate type="SEQUENCE"> - <version type="INTEGER" encoding="HEX">02</version> - <serialNumber type="INTEGER" encoding="HEX">01</serialNumber> - <signature type="SEQUENCE"> - <algorithm type="OBJECT ID">1.2.840.113549.1.1.4</algorithm> - <parameters type="ANY"> - <md5WithRSAEncryption encoding="HEX">0500</md5WithRSAEncryption> - </parameters> - </signature> - <issuer type="CHOICE"> - <rdnSequence type="SEQUENCE OF"> - <unnamed1 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.6</type> - <value type="ANY"> - <X520countryName>GR</X520countryName> - </value> - </unnamed1> - </unnamed1> - <unnamed2 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.8</type> - <value type="ANY"> - <X520StateOrProvinceName>Attiki</X520StateOrProvinceName> - </value> - </unnamed1> - </unnamed2> - <unnamed3 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.7</type> - <value type="ANY"> - <X520LocalityName>Athina</X520LocalityName> - </value> - </unnamed1> - </unnamed3> - <unnamed4 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.10</type> - <value type="ANY"> - <X520OrganizationName>GNUTLS</X520OrganizationName> - </value> - </unnamed1> - </unnamed4> - <unnamed5 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.11</type> - <value type="ANY"> - <X520OrganizationalUnitName>GNUTLS dev.</X520OrganizationalUnitName> - </value> - </unnamed1> - </unnamed5> - <unnamed6 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.3</type> - <value type="ANY"> - <X520CommonName>GNUTLS TEST CA</X520CommonName> - </value> - </unnamed1> - </unnamed6> - <unnamed7 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">1.2.840.113549.1.9.1</type> - <value type="ANY"> - <Pkcs9email>gnutls-dev@@gnupg.org</Pkcs9email> - </value> - </unnamed1> - </unnamed7> - </rdnSequence> - </issuer> - <validity type="SEQUENCE"> - <notBefore type="CHOICE"> - <utcTime type="TIME">010707101845Z</utcTime> - </notBefore> - <notAfter type="CHOICE"> - <utcTime type="TIME">020707101845Z</utcTime> - </notAfter> - </validity> - <subject type="CHOICE"> - <rdnSequence type="SEQUENCE OF"> - <unnamed1 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.6</type> - <value type="ANY"> - <X520countryName>GR</X520countryName> - </value> - </unnamed1> - </unnamed1> - <unnamed2 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.8</type> - <value type="ANY"> - <X520StateOrProvinceName>Attiki</X520StateOrProvinceName> - </value> - </unnamed1> - </unnamed2> - <unnamed3 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.7</type> - <value type="ANY"> - <X520LocalityName>Athina</X520LocalityName> - </value> - </unnamed1> - </unnamed3> - <unnamed4 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.10</type> - <value type="ANY"> - <X520OrganizationName>GNUTLS</X520OrganizationName> - </value> - </unnamed1> - </unnamed4> - <unnamed5 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.11</type> - <value type="ANY"> - <X520OrganizationalUnitName>GNUTLS dev.</X520OrganizationalUnitName> - </value> - </unnamed1> - </unnamed5> - <unnamed6 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.3</type> - <value type="ANY"> - <X520CommonName>localhost</X520CommonName> - </value> - </unnamed1> - </unnamed6> - <unnamed7 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">1.2.840.113549.1.9.1</type> - <value type="ANY"> - <Pkcs9email>root@@localhost</Pkcs9email> - </value> - </unnamed1> - </unnamed7> - </rdnSequence> - </subject> - <subjectPublicKeyInfo type="SEQUENCE"> - <algorithm type="SEQUENCE"> - <algorithm type="OBJECT ID">1.2.840.113549.1.1.1</algorithm> - <parameters type="ANY"> - <rsaEncryption encoding="HEX">0500</rsaEncryption> - </parameters> - </algorithm> - <subjectPublicKey type="BIT STRING" encoding="HEX" length="1120"> - 30818902818100D00B49EBB226D951F5CC57072199DDF287683D2DA1A0E - FCC96BFF73164777C78C3991E92EDA66584E7B97BAB4BE68D595D225557 - E01E7E57B5C35C04B491948C5C427AD588D8C6989764996D6D44E17B65C - CFC86F3B4842DE559B730C1DE3AEF1CE1A328AFF8A357EBA911E1F7E8FC - 1598E21E4BF721748C587F50CF46157D950203010001</subjectPublicKey> - </subjectPublicKeyInfo> - <extensions type="SEQUENCE OF"> - <unnamed1 type="SEQUENCE"> - <extnID type="OBJECT ID">2.5.29.35</extnID> - <critical type="BOOLEAN">FALSE</critical> - <extnValue type="SEQUENCE"> - <keyIdentifier type="OCTET STRING" encoding="HEX"> - EFEE94ABC8CA577F5313DB76DC1A950093BAF3C9</keyIdentifier> - </extnValue> - </unnamed1> - <unnamed2 type="SEQUENCE"> - <extnID type="OBJECT ID">2.5.29.37</extnID> - <critical type="BOOLEAN">FALSE</critical> - <extnValue type="SEQUENCE OF"> - <unnamed1 type="OBJECT ID">1.3.6.1.5.5.7.3.1</unnamed1> - <unnamed2 type="OBJECT ID">1.3.6.1.5.5.7.3.2</unnamed2> - <unnamed3 type="OBJECT ID">1.3.6.1.4.1.311.10.3.3</unnamed3> - <unnamed4 type="OBJECT ID">2.16.840.1.113730.4.1</unnamed4> - </extnValue> - </unnamed2> - <unnamed3 type="SEQUENCE"> - <extnID type="OBJECT ID">2.5.29.19</extnID> - <critical type="BOOLEAN">TRUE</critical> - <extnValue type="SEQUENCE"> - <cA type="BOOLEAN">FALSE</cA> - </extnValue> - </unnamed3> - </extensions> - </tbsCertificate> - <signatureAlgorithm type="SEQUENCE"> - <algorithm type="OBJECT ID">1.2.840.113549.1.1.4</algorithm> - <parameters type="ANY"> - <md5WithRSAEncryption encoding="HEX">0500</md5WithRSAEncryption> - </parameters> - </signatureAlgorithm> - <signature type="BIT STRING" encoding="HEX" length="1024"> - B73945273AF2A395EC54BF5DC669D953885A9D811A3B92909D24792D36A44EC - 27E1C463AF8738BEFD29B311CCE8C6D9661BEC30911DAABB39B8813382B32D2 - E259581EBCD26C495C083984763966FF35D1DEFE432891E610C85072578DA74 - 23244A8F5997B41A1F44E61F4F22C94375775055A5E72F25D5E4557467A91BD - 4251</signature> - </certificate> -</gnutls:x509:certificate> -@end smallexample - -@node An OpenPGP key -@section An @acronym{OpenPGP} Key - -@smallexample -<?xml version="1.0"?> - -<gnutls:openpgp:key version="1.0"> - <OPENPGPKEY> - <MAINKEY> - <KEYID>BD572CDCCCC07C3</KEYID> - <FINGERPRINT>BE615E88D6CFF27225B8A2E7BD572CDCCCC07C35</FINGERPRINT> - <PKALGO>DSA</PKALGO> - <KEYLEN>1024</KEYLEN> - <CREATED>1011533164</CREATED> - <REVOKED>0</REVOKED> - <KEY ENCODING="HEX"/> - <DSA-P>0400E72E76B62EEFA9A3BD594093292418050C02D7029D6CA2066E - FC34C86038627C643EB1A652A7AF1D37CF46FC505AC1E0C699B37895B4BCB - 3E53541FFDA4766D6168C2B8AAFD6AB22466D06D18034D5DAC698E6993BA5 - B350FF822E1CD8702A75114E8B73A6B09CB3B93CE44DBB516C9BB5F95BB66 - 6188602A0A1447236C0658F</DSA-P> - <DSA-Q>00A08F5B5E78D85F792CC2072F9474645726FB4D9373</DSA-Q> - <DSA-G>03FE3578D689D6606E9118E9F9A7042B963CF23F3D8F1377A273C0 - F0974DBF44B3CABCBE14DD64412555863E39A9C627662D77AC36662AE4497 - 92C3262D3F12E9832A7565309D67BA0AE4DF25F5EDA0937056AD5BE89F406 - 9EBD7EC76CE432441DF5D52FFFD06D39E5F61E36947B698A77CB62AB81E4A - 4122BF9050671D9946C865E</DSA-G> - <DSA-Y>0400D061437A964DDE318818C2B24DE008E60096B60DB8A684B85A - 838D119FC930311889AD57A3B927F448F84EB253C623EDA73B42FF78BCE63 - A6A531D75A64CE8540513808E9F5B10CE075D3417B801164918B131D3544C - 8765A8ECB9971F61A09FC73D509806106B5977D211CB0E1D04D0ED96BCE89 - BAE8F73D800B052139CBF8D</DSA-Y> - </MAINKEY> - <USERID> - <NAME>OpenCDK test key (Only intended for test purposes!)</NAME> - <EMAIL>opencdk@@foo-bar.org</EMAIL> - <PRIMARY>0</PRIMARY> - <REVOKED>0</REVOKED> - </USERID> - <SIGNATURE> - <VERSION>4</VERSION> - <SIGCLASS>19</SIGCLASS> - <EXPIRED>0</EXPIRED> - <PKALGO>DSA</PKALGO> - <MDALGO>SHA1</MDALGO> - <CREATED>1011533164</CREATED> - <KEYID>BD572CDCCCC07C3</KEYID> - </SIGNATURE> - <SUBKEY> - <KEYID>FCB0CF3A5261E06</KEYID> - <FINGERPRINT>297B48ACC09C0FF683CA1ED1FCB0CF3A5261E067</FINGERPRINT> - <PKALGO>ELG</PKALGO> - <KEYLEN>1024</KEYLEN> - <CREATED>1011533167</CREATED> - <REVOKED>0</REVOKED> - <KEY ENCODING="HEX"/> - <ELG-P>0400E20156526069D067D24F4D71E6D38658E08BE3BF246C1ADCE0 - 8DB69CD8D459C1ED335738410798755AFDB79F1797CF022E70C7960F12CA6 - 896D27CFD24A11CD316DDE1FBCC1EA615C5C31FEC656E467078C875FC509B - 1ECB99C8B56C2D875C50E2018B5B0FA378606EB6425A2533830F55FD21D64 - 9015615D49A1D09E9510F5F</ELG-P> - <ELG-G>000305</ELG-G> - <ELG-Y>0400D0BDADE40432758675C87D0730C360981467BAE1BEB6CC105A - 3C1F366BFDBEA12E378456513238B8AD414E52A2A9661D1DF1DB6BB5F33F6 - 906166107556C813224330B30932DB7C8CC8225672D7AE24AF2469750E539 - B661EA6475D2E03CD8D3838DC4A8AC4AFD213536FE3E96EC9D0AEA65164B5 - 76E01B37A8DCA89F2B257D0</ELG-Y> - </SUBKEY> - <SIGNATURE> - <VERSION>4</VERSION> - <SIGCLASS>24</SIGCLASS> - <EXPIRED>0</EXPIRED> - <PKALGO>DSA</PKALGO> - <MDALGO>SHA1</MDALGO> - <CREATED>1011533167</CREATED> - <KEYID>BD572CDCCCC07C3</KEYID> - </SIGNATURE> - </OPENPGPKEY> -</gnutls:openpgp:key> -@end smallexample - @node All the supported ciphersuites in GnuTLS @chapter All the Supported Ciphersuites in @acronym{GnuTLS} @anchor{ciphersuites} diff --git a/includes/gnutls/gnutls.h.in b/includes/gnutls/gnutls.h.in index ecfd261d97..381591c2d2 100644 --- a/includes/gnutls/gnutls.h.in +++ b/includes/gnutls/gnutls.h.in @@ -197,8 +197,7 @@ extern "C" GNUTLS_A_UNSUPPORTED_EXTENSION = 110, GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111, GNUTLS_A_UNRECOGNIZED_NAME = 112, - GNUTLS_A_UNKNOWN_SRP_USERNAME = 120, - GNUTLS_A_MISSING_SRP_USERNAME = 121, + GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115, GNUTLS_A_INNER_APPLICATION_FAILURE = 208, GNUTLS_A_INNER_APPLICATION_VERIFICATION = 209 } gnutls_alert_description_t; @@ -600,6 +599,10 @@ extern "C" int gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry); + typedef int (*gnutls_handshake_post_client_hello_func)(gnutls_session_t); + void gnutls_handshake_set_post_client_hello_function(gnutls_session_t, + gnutls_handshake_post_client_hello_func); + void gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max); @@ -911,8 +914,7 @@ extern "C" gnutls_srp_server_credentials_function * func); typedef int gnutls_srp_client_credentials_function (gnutls_session_t, - unsigned int, char **, - char **); + char **, char **); void gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t cred, diff --git a/includes/gnutls/openpgp.h b/includes/gnutls/openpgp.h index 2d7a7d4ac0..5b2761068b 100644 --- a/includes/gnutls/openpgp.h +++ b/includes/gnutls/openpgp.h @@ -84,9 +84,6 @@ extern "C" int gnutls_openpgp_key_check_hostname (gnutls_openpgp_key_t key, const char *hostname); - int gnutls_openpgp_key_to_xml (gnutls_openpgp_key_t key, - gnutls_datum_t * xmlkey, int ext); - /* privkey stuff. */ int gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key); diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index 2955f75bf7..da1df88b38 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -231,14 +231,6 @@ extern "C" size_t sizeof_buf, unsigned int critical); - int gnutls_x509_crt_to_xml (gnutls_x509_crt_t cert, - gnutls_datum_t * res, int detail); - -/* Possible values for gnutls_x509_crt_to_xml() detail. - */ -#define GNUTLS_XML_SHOW_ALL 1 -#define GNUTLS_XML_NORMAL 0 - /* X.509 Certificate writing. */ int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, diff --git a/lib/auth_srp.c b/lib/auth_srp.c index e30c069caa..d647020467 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -171,7 +171,8 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data) } /* copy from pwd_entry to local variables (actually in session) */ - if (_gnutls_mpi_scan_nz (&G, pwd_entry->g.data, &pwd_entry->g.size) < 0) + tmp_size = pwd_entry->g.size; + if (_gnutls_mpi_scan_nz (&G, pwd_entry->g.data, &tmp_size) < 0) { gnutls_assert (); return GNUTLS_E_MPI_SCAN_FAILED; diff --git a/lib/ext_srp.c b/lib/ext_srp.c index e8bd84e0c1..6350525679 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -40,15 +40,6 @@ _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data, uint8_t len; ssize_t data_size = _data_size; - if (_gnutls_kx_priority (session, GNUTLS_KX_SRP) < 0 && - _gnutls_kx_priority (session, GNUTLS_KX_SRP_DSS) < 0 && - _gnutls_kx_priority (session, GNUTLS_KX_SRP_RSA) < 0) - { - /* algorithm was not allowed in this session - */ - return 0; - } - if (session->security_parameters.entity == GNUTLS_SERVER) { if (data_size > 0) @@ -117,19 +108,11 @@ _gnutls_srp_send_params (gnutls_session_t session, opaque * data, */ char *username = NULL, *password = NULL; - if (cred->get_function (session, - session->internals.handshake_restarted, - &username, &password) < 0 + if (cred->get_function (session, &username, &password) < 0 || username == NULL || password == NULL) { - - if (session->internals.handshake_restarted) - { - gnutls_assert (); - return GNUTLS_E_ILLEGAL_SRP_USERNAME; - } - - return 0; + gnutls_assert (); + return GNUTLS_E_ILLEGAL_SRP_USERNAME; } len = MIN (strlen (username), 255); diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c index 92431bc799..be2843e1b3 100644 --- a/lib/gnutls_alert.c +++ b/lib/gnutls_alert.c @@ -62,8 +62,7 @@ static const gnutls_alert_entry sup_alerts[] = { {GNUTLS_A_UNSUPPORTED_EXTENSION, "An unsupported extension was sent"}, {GNUTLS_A_UNRECOGNIZED_NAME, "The server name sent was not recognized"}, - {GNUTLS_A_UNKNOWN_SRP_USERNAME, "The SRP username is not known"}, - {GNUTLS_A_MISSING_SRP_USERNAME, "The SRP username was not sent"}, + {GNUTLS_A_UNKNOWN_PSK_IDENTITY, "The SRP/PSK username is missing or not known"}, {GNUTLS_A_INNER_APPLICATION_FAILURE, "Inner application negotiation failed"}, {GNUTLS_A_INNER_APPLICATION_VERIFICATION, @@ -148,15 +147,14 @@ gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level, * alert should be sent to the peer indicating that no renegotiation will * be performed. * - * If the return value is GNUTLS_E_INVALID_REQUEST, then there was no - * mapping to an alert. + * If there is no mapping to a valid alert the alert to indicate internal error + * is returned. * **/ int gnutls_error_to_alert (int err, int *level) { - int ret = GNUTLS_E_INVALID_REQUEST; - int _level = -1; + int ret, _level = -1; switch (err) { /* send appropriate alert */ @@ -241,6 +239,10 @@ gnutls_error_to_alert (int err, int *level) ret = GNUTLS_A_INSUFFICIENT_SECURITY; _level = GNUTLS_AL_FATAL; break; + default: + ret = GNUTLS_A_INTERNAL_ERROR; + _level = GNUTLS_AL_FATAL; + break; } if (level != NULL) diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h index 46724708b0..4d98fa0a8c 100644 --- a/lib/gnutls_errors.h +++ b/lib/gnutls_errors.h @@ -25,7 +25,6 @@ #include <defines.h> #define GNUTLS_E_INT_RET_0 -1251 -#define GNUTLS_E_INT_HANDSHAKE_AGAIN -1252 #ifdef __FILE__ # ifdef __LINE__ diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 20b1bbd414..4c54cbfb70 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -177,8 +177,8 @@ _gnutls_parse_extensions (gnutls_session_t session, const opaque * data, type = _gnutls_read_uint16 (&data[pos]); pos += 2; - _gnutls_debug_log ("EXT[%x]: Received extension '%s'\n", session, - _gnutls_extension_get_name (type)); + _gnutls_debug_log ("EXT[%x]: Received extension '%s/%d'\n", session, + _gnutls_extension_get_name (type),type); if ((ret = _gnutls_extension_list_check (session, type)) < 0) { diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index f8d2724ff3..753bfe2d14 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -282,12 +282,12 @@ int _gnutls_read_client_hello (gnutls_session_t session, opaque * data, int datalen) { - uint8_t session_id_len, z; + uint8_t session_id_len; int pos = 0, ret; - uint16_t suite_size; + uint16_t suite_size, comp_size; gnutls_protocol_t version; int len = datalen; - opaque rnd[TLS_RANDOM_SIZE], *suite_ptr; + opaque rnd[TLS_RANDOM_SIZE], *suite_ptr, *comp_ptr; gnutls_protocol_t ver; if (session->internals.v2_hello != 0) @@ -376,20 +376,14 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, suite_ptr = &data[pos]; pos += suite_size; - /* Select an appropriate compression method + /* Point to the compression methods */ DECR_LEN (len, 1); - z = data[pos++]; /* z is the number of compression methods */ + comp_size = data[pos++]; /* z is the number of compression methods */ - DECR_LEN (len, z); - ret = _gnutls_server_select_comp_method (session, &data[pos], z); - pos += z; - - if (ret < 0) - { - gnutls_assert (); - return ret; - } + DECR_LEN (len, comp_size); + comp_ptr = &data[pos]; + pos += comp_size; /* Parse the extensions (if any) */ @@ -403,6 +397,16 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, } } + if (session->internals.user_hello_func != NULL) + { + ret = session->internals.user_hello_func( session); + if (ret < 0) + { + gnutls_assert(); + return ret; + } + } + /* select an appropriate cipher suite */ ret = _gnutls_server_select_suite (session, suite_ptr, suite_size); @@ -412,6 +416,14 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, return ret; } + /* select appropriate compression method */ + ret = _gnutls_server_select_comp_method (session, comp_ptr, comp_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + return 0; } @@ -1115,17 +1127,6 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, if (ret < 0) { - /* In SRP when expecting the server hello we may receive - * an alert instead. Do as the draft demands. - */ - if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED && - gnutls_alert_get (session) == GNUTLS_A_MISSING_SRP_USERNAME && - type == GNUTLS_HANDSHAKE_SERVER_HELLO) - { - gnutls_assert (); - return GNUTLS_E_INT_HANDSHAKE_AGAIN; - } - if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET && optional == OPTIONAL_PACKET) { @@ -1839,19 +1840,19 @@ _gnutls_send_server_hello (gnutls_session_t session, int again) session->security_parameters.extensions.srp_username[0] == 0) { /* The peer didn't send a valid SRP extension with the - * SRP username. The draft requires that we send an - * alert and start the handshake again. + * SRP username. The draft requires that we send a fatal + * alert and abort. */ gnutls_assert (); - ret = gnutls_alert_send (session, GNUTLS_AL_WARNING, - GNUTLS_A_MISSING_SRP_USERNAME); + ret = gnutls_alert_send (session, GNUTLS_AL_FATAL, + GNUTLS_A_UNKNOWN_PSK_IDENTITY); if (ret < 0) { gnutls_assert (); return ret; } - return GNUTLS_E_INT_HANDSHAKE_AGAIN; + return GNUTLS_E_ILLEGAL_SRP_USERNAME; } } #endif @@ -2217,21 +2218,8 @@ gnutls_handshake (gnutls_session_t session) return 0; } -/* Here if GNUTLS_E_INT_HANDSHAKE_AGAIN is received we go to - * restart. This works because this error code may only be - * received on the first 2 handshake packets. If for some reason - * this changes we should return GNUTLS_E_AGAIN. - */ #define IMED_RET( str, ret) do { \ if (ret < 0) { \ - if (ret == GNUTLS_E_INT_HANDSHAKE_AGAIN && \ - session->internals.handshake_restarted == 1) \ - ret = GNUTLS_E_INTERNAL_ERROR; \ - if (ret == GNUTLS_E_INT_HANDSHAKE_AGAIN) { \ - STATE = STATE0; \ - session->internals.handshake_restarted = 1; \ - goto restart; \ - } \ if (gnutls_error_is_fatal(ret)==0) return ret; \ gnutls_assert(); \ ERR( str, ret); \ @@ -2263,7 +2251,6 @@ _gnutls_handshake_client (gnutls_session_t session) session_id_size, buf, sizeof (buf))); #endif -restart: switch (STATE) { @@ -2491,8 +2478,6 @@ _gnutls_handshake_server (gnutls_session_t session) { int ret = 0; -restart: - switch (STATE) { case STATE0: @@ -2594,8 +2579,6 @@ _gnutls_handshake_common (gnutls_session_t session) { int ret = 0; -restart: - /* send and recv the change cipher spec and finished messages */ if ((session->internals.resumed == RESUME_TRUE && session->security_parameters.entity == GNUTLS_CLIENT) @@ -2801,11 +2784,11 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, int ret = 0; cipher_suite_st *newSuite, cs; int newSuiteSize = 0, i; - gnutls_certificate_credentials_t x509_cred; + gnutls_certificate_credentials_t cert_cred; gnutls_kx_algorithm_t kx; int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; - gnutls_kx_algorithm_t *alg; - int alg_size; + gnutls_kx_algorithm_t *alg = NULL; + int alg_size = 0; /* if we should use a specific certificate, * we should remove all algorithms that are not supported @@ -2813,22 +2796,23 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, * method (CERTIFICATE). */ - x509_cred = + cert_cred = (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); - /* if x509_cred==NULL we should remove all X509 ciphersuites + /* If there are certificate credentials, find an appropriate certificate + * or disable them; */ - if (session->security_parameters.entity == GNUTLS_SERVER - && x509_cred != NULL) + && cert_cred != NULL) { ret = _gnutls_server_select_cert (session, requested_pk_algo); if (ret < 0) { gnutls_assert (); - return ret; + _gnutls_x509_log("Could not find an appropriate certificate: %s\n", gnutls_strerror(ret)); + cert_cred = NULL; } } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 1c9f10e5f5..2cff4d1eda 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -549,6 +549,10 @@ typedef struct gnutls_db_retr_func db_retrieve_func; gnutls_db_remove_func db_remove_func; void *db_ptr; + + /* post client hello callback (server side only) + */ + gnutls_handshake_post_client_hello_func user_hello_func; /* Holds the record size requested by the * user. @@ -612,11 +616,6 @@ typedef struct char *srp_username; char *srp_password; - /* This is only set in SRP, when the handshake is - * restarted if an username is not found. - */ - int handshake_restarted; - /* Here we cache the DH or RSA parameters got from the * credentials structure, or from a callback. That is to * minimize external calls. diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 7a54d2d382..99678a7035 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -612,21 +612,15 @@ gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t * This function can be used to set a callback to retrieve the username and * password for client SRP authentication. * The callback's function form is: - * int (*callback)(gnutls_session_t, unsigned int times, char** username, + * int (*callback)(gnutls_session_t, char** username, * char** password); * * The @username and @password must be allocated using gnutls_malloc(). - * @times will be 0 the first time called, and 1 the second. * @username and @password should be ASCII strings or UTF-8 strings * prepared using the "SASLprep" profile of "stringprep". * - * The callback function will be called once or twice per handshake. - * The first time called, is before the ciphersuite is negotiated. - * At that time if the callback returns a negative error code, - * the callback will be called again if SRP has been - * negotiated. This uses a special TLS-SRP idiom in order to avoid - * asking the user for SRP password and username if the server does - * not support SRP. + * The callback function will be called once per handshake before the + * initial hello message is sent. * * The callback should not return a negative error code the second * time called, since the handshake procedure will be aborted. diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 7e07e6773d..4bbbbace46 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -209,8 +209,6 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t session) session->internals.last_handshake_in = -1; session->internals.last_handshake_out = -1; - session->internals.handshake_restarted = 0; - session->internals.resumable = RESUME_TRUE; _gnutls_free_datum (&session->internals.recv_buffer); @@ -1209,3 +1207,26 @@ _gnutls_rsa_pms_set_version (gnutls_session_t session, session->internals.rsa_pms_version[0] = major; session->internals.rsa_pms_version[1] = minor; } + +/** + * gnutls_handshake_set_post_client_hello_function - This function will a callback to be called after the client hello is received + * @res: is a gnutls_anon_server_credentials_t structure + * @func: is the function to be called + * + * This function will set a callback to be called after the client hello + * has been received (callback valid in server side only). This allows the + * server to adjust settings based on received extensions. + * + * Those settings could be ciphersuites, requesting certificate, or anything + * else except for version negotiation (this is done before the hello message + * is parsed). + * + * This callback must return 0 on success or a gnutls error code to + * terminate the handshake. + * + **/ +void gnutls_handshake_set_post_client_hello_function( gnutls_session_t session, + gnutls_handshake_post_client_hello_func func) +{ + session->internals.user_hello_func = func; +} diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am index 2cdc2f61a4..621066786f 100644 --- a/lib/x509/Makefile.am +++ b/lib/x509/Makefile.am @@ -30,7 +30,7 @@ noinst_LTLIBRARIES = libgnutls_x509.la libgnutls_x509_la_SOURCES = crl.c dn.c common.c x509.c extensions.c \ dsa.c rfc2818_hostname.c verify.c mpi.c privkey.c pkcs7.c \ - crq.c xml.c sign.c privkey_pkcs8.c pkcs12.c pkcs12_bag.c \ + crq.c sign.c privkey_pkcs8.c pkcs12.c pkcs12_bag.c \ pkcs12_encr.c x509_write.c crl_write.c dn.h common.h x509.h \ extensions.h pkcs7.h verify.h mpi.h crq.h sign.h privkey.h \ pkcs12.h rfc2818.h dsa.h output.c diff --git a/lib/x509/common.c b/lib/x509/common.c index e1b7f7a2d6..515dcfe8d0 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -183,6 +183,7 @@ _gnutls_x509_oid_data2string (const char *oid, void *value, const char *ANAME = NULL; int CHOICE = -1, len = -1, result; ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY; + char asn1_err[MAX_ERROR_DESCRIPTION_SIZE] = ""; if (value == NULL || value_size <= 0 || res_size == NULL) { @@ -217,9 +218,10 @@ _gnutls_x509_oid_data2string (const char *oid, void *value, } if ((result = - asn1_der_decoding (&tmpasn, value, value_size, NULL)) != ASN1_SUCCESS) + asn1_der_decoding (&tmpasn, value, value_size, asn1_err)) != ASN1_SUCCESS) { gnutls_assert (); + _gnutls_x509_log("asn1_der_decoding: %s:%s\n", str, asn1_err); asn1_delete_structure (&tmpasn); return _gnutls_asn2err (result); } diff --git a/lib/x509/dn.c b/lib/x509/dn.c index d891763500..33927cdac2 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -261,12 +261,15 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, STR_APPEND (ldap_desc); STR_APPEND ("="); + result = 0; + if (printable) result = _gnutls_x509_oid_data2string (oid, value2, len, string, &sizeof_string); - else + + if (!printable || result < 0) result = _gnutls_x509_data2hex (value2, len, string, &sizeof_string); diff --git a/lib/x509/xml.c b/lib/x509/xml.c deleted file mode 100644 index d20f9ae42e..0000000000 --- a/lib/x509/xml.c +++ /dev/null @@ -1,762 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavroyanopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - - -/* This file has the required functions to convert an X.509 DER certificate - * to XML format. - */ - -#include <defines.h> - -#if 1 - -#include <gnutls_int.h> - -/* The function below rely on some internal libtasn1 functions. While - it would be easy to export them (or copy them) we prefer not to at - this point. If you need the XML functionality, simply build with - --with-included-libtasn1 and change the '1' above to '0', or help - us add XML export functions to libtasn1 proper. */ - -int -gnutls_x509_crt_to_xml (gnutls_x509_crt_t cert, gnutls_datum_t * res, - int detail) -{ - return GNUTLS_E_INTERNAL_ERROR; -} - -#else - -#ifdef ENABLE_PKI - -#include <int.h> -#include <errors.h> -#include <structure.h> -#include <parser_aux.h> -#include <gnutls_int.h> -#include <gnutls_datum.h> -#include <gnutls_global.h> -#include <gnutls_errors.h> -#include <gnutls_str.h> -#include <gnutls_x509.h> -#include <x509.h> -#include <common.h> - -static int _gnutls_x509_expand_extensions (ASN1_TYPE * rasn); - -static const void * -find_default_value (ASN1_TYPE x) -{ - ASN1_TYPE p = x; - - if (x->value == NULL && x->type & CONST_DEFAULT) - { - if (x->down) - { - x = x->down; - do - { - if (type_field (x->type) == TYPE_DEFAULT) - { - if (type_field (p->type) == TYPE_BOOLEAN) - { - if (x->type & CONST_TRUE) - return "TRUE"; - else - return "FALSE"; - } - else - return x->value; - } - x = x->right; - } - while (x != NULL); - - } - } - return NULL; -} - - -static int -is_node_printable (ASN1_TYPE x) -{ - switch (type_field (x->type)) - { - case TYPE_TAG: - case TYPE_SIZE: - case TYPE_DEFAULT: - return 0; - case TYPE_CONSTANT: - { - ASN1_TYPE up = _asn1_find_up (x); - - if (up != NULL && type_field (up->type) != TYPE_ANY && - up->value != NULL) - return 0; - } - return 1; - } - if (x->name == NULL && _asn1_find_up (x) != NULL) - return 0; - if (x->value == NULL && x->down == NULL) - return 0; - return 1; -} - -/* returns true if the node is the only one printable in - * the level down of it. - */ -static int -is_leaf (ASN1_TYPE p) -{ - ASN1_TYPE x; - - if (p == NULL) - return 1; - if (p->down == NULL) - return 1; - - x = p->down; - - while (x != NULL) - { - if (is_node_printable (x)) - return 0; - if (is_leaf (x) == 0) - return 0; - x = x->right; - } - - return 1; - -} - -#define APPEND(y, z) if (_gnutls_string_append_data( &str, y, z) < 0) { \ - _gnutls_string_clear( &str); \ - gnutls_assert(); \ - return GNUTLS_E_MEMORY_ERROR; \ - } -#define STR_APPEND(y) if (_gnutls_string_append_str( &str, y) < 0) { \ - _gnutls_string_clear( &str); \ - gnutls_assert(); \ - return GNUTLS_E_MEMORY_ERROR; \ - } - -#define UNNAMED "unnamed" -#define ROOT "certificate" -/* This function removes the '?' character from ASN.1 names - */ -static int -normalize_name (ASN1_TYPE p, char *output, int output_size) -{ - const char *name; - - if (output_size > 0) - output[0] = 0; - else - return GNUTLS_E_INTERNAL_ERROR; - - if (p == NULL) - return GNUTLS_E_INTERNAL_ERROR; - - name = p->name; - if (name == NULL) - name = ROOT; - - if (type_field (p->type) == TYPE_CONSTANT) - { - ASN1_TYPE up = _asn1_find_up (p); - const char *tmp; - - if (up && type_field (up->type) == TYPE_ANY && - up->left && up->left->value && - up->type & CONST_DEFINED_BY && - type_field (up->left->type) == TYPE_OBJECT_ID) - { - - tmp = - asn1_find_structure_from_oid (_gnutls_get_pkix (), - up->left->value); - if (tmp != NULL) - _gnutls_str_cpy (output, output_size, tmp); - else - { - _gnutls_str_cpy (output, output_size, "DEFINED_BY_"); - _gnutls_str_cat (output, output_size, name); - } - } - else - { - _gnutls_str_cpy (output, output_size, "DEFINED_BY_"); - _gnutls_str_cat (output, output_size, name); - } - - - return 0; - } - - if (name[0] == '?') - { - _gnutls_str_cpy (output, output_size, UNNAMED); - if (strlen (name) > 1) - _gnutls_str_cat (output, output_size, &name[1]); - } - else - { - _gnutls_str_cpy (output, output_size, name); - } - return 0; -} - -#define XML_HEADER "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n" \ - "<gnutls:x509:certificate version=\"1.1\">\n" - -#define XML_FOOTER "</gnutls:x509:certificate>\n" - -static int -_gnutls_asn1_get_structure_xml (ASN1_TYPE structure, - gnutls_datum_t * res, int detail) -{ - node_asn *p, *root; - int k, indent = 0, len, len2, len3; - opaque tmp[1024]; - char nname[256]; - int ret; - gnutls_string str; - - if (res == NULL || structure == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _gnutls_string_init (&str, malloc, realloc, free); - - STR_APPEND (XML_HEADER); - indent = 1; - - root = _asn1_find_node (structure, ""); - - if (root == NULL) - { - gnutls_assert (); - _gnutls_string_clear (&str); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (detail == GNUTLS_XML_SHOW_ALL) - ret = asn1_expand_any_defined_by (_gnutls_get_pkix (), &structure); - /* we don't need to check the error value - * here. - */ - - if (detail == GNUTLS_XML_SHOW_ALL) - { - ret = _gnutls_x509_expand_extensions (&structure); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } - - p = root; - while (p) - { - if (is_node_printable (p)) - { - for (k = 0; k < indent; k++) - APPEND (" ", 1); - - if ((ret = normalize_name (p, nname, sizeof (nname))) < 0) - { - _gnutls_string_clear (&str); - gnutls_assert (); - return ret; - } - - APPEND ("<", 1); - STR_APPEND (nname); - } - - if (is_node_printable (p)) - { - switch (type_field (p->type)) - { - case TYPE_DEFAULT: - STR_APPEND (" type=\"DEFAULT\""); - break; - case TYPE_NULL: - STR_APPEND (" type=\"NULL\""); - break; - case TYPE_IDENTIFIER: - STR_APPEND (" type=\"IDENTIFIER\""); - break; - case TYPE_INTEGER: - STR_APPEND (" type=\"INTEGER\""); - STR_APPEND (" encoding=\"HEX\""); - break; - case TYPE_ENUMERATED: - STR_APPEND (" type=\"ENUMERATED\""); - STR_APPEND (" encoding=\"HEX\""); - break; - case TYPE_TIME: - STR_APPEND (" type=\"TIME\""); - break; - case TYPE_BOOLEAN: - STR_APPEND (" type=\"BOOLEAN\""); - break; - case TYPE_SEQUENCE: - STR_APPEND (" type=\"SEQUENCE\""); - break; - case TYPE_BIT_STRING: - STR_APPEND (" type=\"BIT STRING\""); - STR_APPEND (" encoding=\"HEX\""); - break; - case TYPE_OCTET_STRING: - STR_APPEND (" type=\"OCTET STRING\""); - STR_APPEND (" encoding=\"HEX\""); - break; - case TYPE_SEQUENCE_OF: - STR_APPEND (" type=\"SEQUENCE OF\""); - break; - case TYPE_OBJECT_ID: - STR_APPEND (" type=\"OBJECT ID\""); - break; - case TYPE_ANY: - STR_APPEND (" type=\"ANY\""); - if (!p->down) - STR_APPEND (" encoding=\"HEX\""); - break; - case TYPE_CONSTANT: - { - ASN1_TYPE up = _asn1_find_up (p); - - if (up && type_field (up->type) == TYPE_ANY && - up->left && up->left->value && - up->type & CONST_DEFINED_BY && - type_field (up->left->type) == TYPE_OBJECT_ID) - { - - if (_gnutls_x509_oid_data_printable - (up->left->value) == 0) - { - STR_APPEND (" encoding=\"HEX\""); - } - - } - } - break; - case TYPE_SET: - STR_APPEND (" type=\"SET\""); - break; - case TYPE_SET_OF: - STR_APPEND (" type=\"SET OF\""); - break; - case TYPE_CHOICE: - STR_APPEND (" type=\"CHOICE\""); - break; - case TYPE_DEFINITIONS: - STR_APPEND (" type=\"DEFINITIONS\""); - break; - default: - break; - } - } - - - if (p->type == TYPE_BIT_STRING) - { - len2 = -1; - len = asn1_get_length_der (p->value, p->value_len, &len2); - snprintf (tmp, sizeof (tmp), " length=\"%i\"", - (len - 1) * 8 - (p->value[len2])); - STR_APPEND (tmp); - } - - if (is_node_printable (p)) - STR_APPEND (">"); - - if (is_node_printable (p)) - { - const unsigned char *value; - - if (p->value == NULL) - value = find_default_value (p); - else - value = p->value; - - switch (type_field (p->type)) - { - - case TYPE_DEFAULT: - if (value) - STR_APPEND (value); - break; - case TYPE_IDENTIFIER: - if (value) - STR_APPEND (value); - break; - case TYPE_INTEGER: - if (value) - { - len2 = -1; - len = asn1_get_length_der (value, p->value_len, &len2); - - for (k = 0; k < len; k++) - { - snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); - STR_APPEND (tmp); - } - - } - break; - case TYPE_ENUMERATED: - if (value) - { - len2 = -1; - len = asn1_get_length_der (value, p->value_len, &len2); - - for (k = 0; k < len; k++) - { - snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); - STR_APPEND (tmp); - } - } - break; - case TYPE_TIME: - if (value) - STR_APPEND (value); - break; - case TYPE_BOOLEAN: - if (value) - { - if (value[0] == 'T') - { - STR_APPEND ("TRUE"); - } - else if (value[0] == 'F') - { - STR_APPEND ("FALSE"); - } - } - break; - case TYPE_BIT_STRING: - if (value) - { - len2 = -1; - len = asn1_get_length_der (value, p->value_len, &len2); - - for (k = 1; k < len; k++) - { - snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); - STR_APPEND (tmp); - } - } - break; - case TYPE_OCTET_STRING: - if (value) - { - len2 = -1; - len = asn1_get_length_der (value, p->value_len, &len2); - for (k = 0; k < len; k++) - { - snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); - STR_APPEND (tmp); - } - } - break; - case TYPE_OBJECT_ID: - if (value) - STR_APPEND (value); - break; - case TYPE_ANY: - if (!p->down) - { - if (value) - { - len3 = -1; - len2 = asn1_get_length_der (value, p->value_len, &len3); - for (k = 0; k < len2; k++) - { - snprintf (tmp, sizeof (tmp), - "%02X", (value)[k + len3]); - STR_APPEND (tmp); - } - } - } - break; - case TYPE_CONSTANT: - { - ASN1_TYPE up = _asn1_find_up (p); - - if (up && type_field (up->type) == TYPE_ANY && - up->left && up->left->value && - up->type & CONST_DEFINED_BY && - type_field (up->left->type) == TYPE_OBJECT_ID) - { - - len2 = - asn1_get_length_der (up->value, up->value_len, &len3); - - if (len2 > 0 && strcmp (p->name, "type") == 0) - { - size_t tmp_len = sizeof (tmp); - ret = - _gnutls_x509_oid_data2string (up->left-> - value, - up->value + len3, - len2, tmp, &tmp_len); - - if (ret >= 0) - { - STR_APPEND (tmp); - } - } - else - { - for (k = 0; k < len2; k++) - { - snprintf (tmp, sizeof (tmp), - "%02X", (up->value)[k + len3]); - STR_APPEND (tmp); - } - - } - } - else - { - if (value) - STR_APPEND (value); - } - - } - break; - case TYPE_SET: - case TYPE_SET_OF: - case TYPE_CHOICE: - case TYPE_DEFINITIONS: - case TYPE_SEQUENCE_OF: - case TYPE_SEQUENCE: - case TYPE_NULL: - break; - default: - break; - } - } - - if (p->down && is_node_printable (p)) - { - ASN1_TYPE x; - p = p->down; - indent += 2; - x = p; - do - { - if (is_node_printable (x)) - { - STR_APPEND ("\n"); - break; - } - x = x->right; - } - while (x != NULL); - } - else if (p == root) - { - if (is_node_printable (p)) - { - if ((ret = normalize_name (p, nname, sizeof (nname))) < 0) - { - _gnutls_string_clear (&str); - gnutls_assert (); - return ret; - } - - APPEND ("</", 2); - STR_APPEND (nname); - APPEND (">\n", 2); - } - p = NULL; - break; - } - else - { - if (is_node_printable (p)) - { - if ((ret = normalize_name (p, nname, sizeof (nname))) < 0) - { - _gnutls_string_clear (&str); - gnutls_assert (); - return ret; - } - - APPEND ("</", 2); - STR_APPEND (nname); - APPEND (">\n", 2); - } - if (p->right) - p = p->right; - else - { - while (1) - { - ASN1_TYPE old_p; - - old_p = p; - - p = _asn1_find_up (p); - indent -= 2; - if (is_node_printable (p)) - { - if (!is_leaf (p)) /* XXX */ - for (k = 0; k < indent; k++) - STR_APPEND (" "); - - if ((ret = - normalize_name (p, nname, sizeof (nname))) < 0) - { - _gnutls_string_clear (&str); - gnutls_assert (); - return ret; - } - - APPEND ("</", 2); - STR_APPEND (nname); - APPEND (">\n", 2); - } - if (p == root) - { - p = NULL; - break; - } - - if (p->right) - { - p = p->right; - break; - } - } - } - } - } - - STR_APPEND (XML_FOOTER); - APPEND ("\n\0", 2); - - *res = _gnutls_string2datum (&str); - res->size -= 1; /* null is not included in size */ - - return 0; -} - -/** - * gnutls_x509_crt_to_xml - This function parses an RDN sequence - * @cert: should contain a gnutls_x509_crt_t structure - * @res: The datum that will hold the result - * @detail: The detail level (must be GNUTLS_XML_SHOW_ALL or GNUTLS_XML_NORMAL) - * - * This function will return the XML structures of the given X.509 - * certificate. The XML structures are allocated internally (with - * malloc) and stored into res. - * - * Returns a negative error code in case of an error. - * - * Deprecated: This function is currently not implemented. See the - * NEWS entry for GnuTLS version 1.3.5. - * - **/ -int -gnutls_x509_crt_to_xml (gnutls_x509_crt_t cert, gnutls_datum_t * res, - int detail) -{ - int result; - - res->data = NULL; - res->size = 0; - - result = _gnutls_asn1_get_structure_xml (cert->cert, res, detail); - if (result < 0) - { - gnutls_assert (); - return result; - } - - return 0; -} - -/* This function will attempt to parse Extensions in - * an X509v3 certificate - * - * If no_critical_ext is non zero, then unsupported critical extensions - * do not lead into a fatal error. - */ -static int -_gnutls_x509_expand_extensions (ASN1_TYPE * rasn) -{ - int k, result, len; - char name[128], name2[128], counter[MAX_INT_DIGITS]; - char name1[128]; - char extnID[128]; - - k = 0; - do - { - k++; - - _gnutls_str_cpy (name, sizeof (name), "tbsCertificate.extensions.?"); - _gnutls_int2str (k, counter); - _gnutls_str_cat (name, sizeof (name), counter); - - _gnutls_str_cpy (name2, sizeof (name2), name); - _gnutls_str_cat (name2, sizeof (name2), ".extnID"); - - _gnutls_str_cpy (name1, sizeof (name1), name); - _gnutls_str_cat (name1, sizeof (name1), ".extnValue"); - - len = sizeof (extnID) - 1; - - result = asn1_expand_octet_string (_gnutls_get_pkix (), - rasn, name1, name2); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - } - while (1); - - if (result == ASN1_ELEMENT_NOT_FOUND) - return 0; - else - return _gnutls_asn2err (result); -} - -#endif -#endif diff --git a/libextra/openpgp/Makefile.am b/libextra/openpgp/Makefile.am index 116f93ba96..a0ca2a509e 100644 --- a/libextra/openpgp/Makefile.am +++ b/libextra/openpgp/Makefile.am @@ -33,7 +33,7 @@ endif noinst_LTLIBRARIES = libgnutls_openpgp.la -COBJECTS = pgp.c xml.c pgpverify.c extras.c compat.c privkey.c +COBJECTS = pgp.c pgpverify.c extras.c compat.c privkey.c libgnutls_openpgp_la_SOURCES = $(COBJECTS) openpgp.h gnutls_openpgp.h diff --git a/libextra/openpgp/xml.c b/libextra/openpgp/xml.c deleted file mode 100644 index 3f16effd24..0000000000 --- a/libextra/openpgp/xml.c +++ /dev/null @@ -1,442 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Timo Schulz, Nikos Mavroyanopoulos - * - * This file is part of GNUTLS-EXTRA. - * - * GNUTLS-EXTRA is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or (at your option) any later version. - * - * GNUTLS-EXTRA is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with GNUTLS-EXTRA; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - * - */ - -#include <gnutls_int.h> -#include <gnutls_str.h> -#include <gnutls_errors.h> -#include <openpgp.h> -#include <x509/rfc2818.h> /* for MAX_CN */ - - -static int -xml_add_tag (gnutls_string * xmlkey, const char *tag, const char *val) -{ - if (!xmlkey || !tag || !val) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _gnutls_string_append_str (xmlkey, " <"); - _gnutls_string_append_str (xmlkey, tag); - _gnutls_string_append_str (xmlkey, ">"); - _gnutls_string_append_str (xmlkey, val); - _gnutls_string_append_str (xmlkey, "</"); - _gnutls_string_append_str (xmlkey, tag); - _gnutls_string_append_str (xmlkey, ">\n"); - - return 0; -} - - -/* Add a tag to the xml key with an unsigned integer based value. - We use the unsigned format, because no key attribute has a - negative values. */ -static int -xml_add_tag_uint_val (gnutls_string *xmlkey, const char *tag, unsigned int val) -{ - char tmp[32]; - - sprintf (tmp, "%lu", (unsigned long)val); - return xml_add_tag (xmlkey, tag, tmp); -} - - -static int -xml_add_mpi2 (gnutls_string * xmlkey, const uint8_t * data, size_t count, - const char *tag) -{ - char *p; - size_t i; - int rc; - - if (!xmlkey || !data || !tag) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - p = gnutls_calloc (1, 2 * (count + 3)); - if (!p) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - for (i = 0; i < count; i++) - sprintf (p + 2 * i, "%02X", data[i]); - p[2 * count] = '\0'; - - rc = xml_add_tag (xmlkey, tag, p); - gnutls_free (p); - - return rc; -} - - -static int -xml_add_mpi (gnutls_string * xmlkey, cdk_pkt_pubkey_t pk, int idx, - const char *tag) -{ - uint8_t buf[4096]; /* Maximal supported MPI of size 32786 bits */ - size_t nbytes; - - /* FIXME: we should not hardcode the buffer size. */ - nbytes = 4096; - if (cdk_pk_get_mpi (pk, idx, buf, nbytes, &nbytes, NULL)) - return GNUTLS_E_INTERNAL_ERROR; - return xml_add_mpi2 (xmlkey, buf, nbytes, tag); -} - - - -static int -xml_add_key_mpi (gnutls_string * xmlkey, cdk_pkt_pubkey_t pk) -{ - const char *s = " <KEY ENCODING=\"HEX\"/>\n"; - int rc = 0; - - if (!xmlkey || !pk) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _gnutls_string_append_str (xmlkey, s); - - if (is_RSA (pk->pubkey_algo)) - { - rc = xml_add_mpi (xmlkey, pk, 0, "RSA-N"); - if (!rc) - rc = xml_add_mpi (xmlkey, pk, 1, "RSA-E"); - } - else if (is_DSA (pk->pubkey_algo)) - { - rc = xml_add_mpi (xmlkey, pk, 0, "DSA-P"); - if (!rc) - rc = xml_add_mpi (xmlkey, pk, 1, "DSA-Q"); - if (!rc) - rc = xml_add_mpi (xmlkey, pk, 2, "DSA-G"); - if (!rc) - rc = xml_add_mpi (xmlkey, pk, 3, "DSA-Y"); - } - else - return GNUTLS_E_UNWANTED_ALGORITHM; - - return rc; -} - - -static int -xml_add_key (gnutls_string * xmlkey, int ext, cdk_pkt_pubkey_t pk, int sub) -{ - const char *algo, *s; - char keyid[32+1], strfpr[40+1]; - uint8_t keyfpr[20]; - unsigned int kid[2]; - int i = 0, rc = 0; - - if (!xmlkey || !pk) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - s = sub ? " <SUBKEY>\n" : " <MAINKEY>\n"; - _gnutls_string_append_str (xmlkey, s); - - cdk_pk_get_keyid (pk, kid); - snprintf (keyid, 32, "%08lX%08lX", - (unsigned long)kid[0], (unsigned long)kid[1]); - rc = xml_add_tag (xmlkey, "KEYID", keyid); - if (rc) - return rc; - - cdk_pk_get_fingerprint (pk, keyfpr); - for (i = 0; i < 20; i++) - sprintf (strfpr + 2 * i, "%02X", keyfpr[i]); - strfpr[40] = '\0'; - rc = xml_add_tag (xmlkey, "FINGERPRINT", strfpr); - if (rc) - return rc; - - if (is_DSA (pk->pubkey_algo)) - algo = "DSA"; - else if (is_RSA (pk->pubkey_algo)) - algo = "RSA"; - else - return GNUTLS_E_UNWANTED_ALGORITHM; - rc = xml_add_tag (xmlkey, "PKALGO", algo); - if (rc) - return rc; - - rc = xml_add_tag_uint_val (xmlkey, "KEYLEN", cdk_pk_get_nbits (pk)); - if (rc) - return rc; - - rc = xml_add_tag_uint_val (xmlkey, "CREATED", pk->timestamp); - if (rc) - return rc; - - if (pk->expiredate > 0) - { - rc = xml_add_tag_uint_val (xmlkey, "EXPIREDATE", pk->expiredate); - if (rc) - return rc; - } - - rc = xml_add_tag_uint_val (xmlkey, "REVOKED", pk->is_revoked); - if (rc) - return rc; - - if (ext) - { - rc = xml_add_key_mpi (xmlkey, pk); - if (rc) - return rc; - } - - s = sub ? " </SUBKEY>\n" : " </MAINKEY>\n"; - _gnutls_string_append_str (xmlkey, s); - - return 0; -} - - -static int -xml_add_userid (gnutls_string * xmlkey, int ext, - const char *dn, cdk_pkt_userid_t id) -{ - const char *s; - int rc; - - if (!xmlkey || !dn || !id) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - s = " <USERID>\n"; - _gnutls_string_append_str (xmlkey, s); - - rc = xml_add_tag (xmlkey, "NAME", dn); - if (rc) - return rc; - - if (ext) - { - rc = xml_add_tag_uint_val (xmlkey, "PRIMARY", id->is_primary); - if (!rc) - rc = xml_add_tag_uint_val (xmlkey, "REVOKED", id->is_revoked); - if (rc) - return rc; - } - - s = " </USERID>\n"; - _gnutls_string_append_str (xmlkey, s); - - return 0; -} - - -static int -xml_add_sig (gnutls_string * xmlkey, int ext, cdk_pkt_signature_t sig) -{ - const char *algo, *s; - char keyid[16+1]; - unsigned int kid[2]; - int rc; - - if (!xmlkey || !sig) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - s = " <SIGNATURE>\n"; - _gnutls_string_append_str (xmlkey, s); - - rc = xml_add_tag_uint_val (xmlkey, "VERSION", sig->version); - if (rc) - return rc; - - if (ext) - { - rc = xml_add_tag_uint_val (xmlkey, "SIGCLASS", sig->sig_class); - if (rc) - return rc; - } - - rc = xml_add_tag_uint_val (xmlkey, "EXPIRED", sig->flags.expired); - if (rc) - return rc; - - if (ext) - { - switch (sig->pubkey_algo) - { - case GCRY_PK_DSA: - algo = "DSA"; - break; - case GCRY_PK_RSA: - case GCRY_PK_RSA_E: - case GCRY_PK_RSA_S: - algo = "RSA"; - break; - default: - algo = "???"; /* unknown algorithm */ - } - rc = xml_add_tag (xmlkey, "PKALGO", algo); - if (rc) - return rc; - - switch (sig->digest_algo) - { - case GCRY_MD_SHA1: - algo = "SHA1"; - break; - case GCRY_MD_RMD160: - algo = "RMD160"; - break; - case GCRY_MD_MD5: - algo = "MD5"; - break; - case GCRY_MD_SHA256: - algo = "SHA256"; - break; - case GCRY_MD_SHA384: - algo = "SHA384"; - break; - case GCRY_MD_SHA512: - algo = "SHA512"; - break; - default: - algo = "???"; - } - rc = xml_add_tag (xmlkey, "MDALGO", algo); - if (rc) - return rc; - } - - rc = xml_add_tag_uint_val (xmlkey, "CREATED", sig->timestamp); - if (rc) - return rc; - - cdk_sig_get_keyid (sig, kid); - snprintf (keyid, 16, "%08lX%08lX", - (unsigned long)kid[0], (unsigned long)kid[1]); - rc = xml_add_tag (xmlkey, "KEYID", keyid); - if (rc) - return rc; - - s = " </SIGNATURE>\n"; - _gnutls_string_append_str (xmlkey, s); - - return 0; -} - - -/** - * gnutls_openpgp_key_to_xml - Return a certificate as a XML fragment - * @cert: the certificate which holds the whole OpenPGP key. - * @xmlkey: he datum struct to store the XML result. - * @ext: extension mode (1/0), 1 means include key signatures and key data. - * - * This function will return the all OpenPGP key information encapsulated as - * a XML string. - **/ -int -gnutls_openpgp_key_to_xml (gnutls_openpgp_key_t key, - gnutls_datum_t * xmlkey, int ext) -{ - cdk_kbnode_t node, ctx; - cdk_packet_t pkt; - char name[MAX_CN]; - size_t name_len; - const char *s; - int idx; - int rc = 0; - gnutls_string string_xml_key; - - if (!key || !xmlkey) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _gnutls_string_init (&string_xml_key, malloc, realloc, free); - memset (xmlkey, 0, sizeof *xmlkey); - - s = "<?xml version=\"1.0\"?>\n\n"; - _gnutls_string_append_str (&string_xml_key, s); - - s = "<gnutls:openpgp:key version=\"1.0\">\n"; - _gnutls_string_append_str (&string_xml_key, s); - - s = " <OPENPGPKEY>\n"; - _gnutls_string_append_str (&string_xml_key, s); - - ctx = NULL; - idx = 1; - while ((node = cdk_kbnode_walk (key->knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (node); - switch (pkt->pkttype) - { - case CDK_PKT_PUBLIC_KEY: - rc = xml_add_key (&string_xml_key, ext, pkt->pkt.public_key, 0); - break; - - case CDK_PKT_PUBLIC_SUBKEY: - rc = xml_add_key (&string_xml_key, ext, pkt->pkt.public_key, 1); - break; - - case CDK_PKT_USER_ID: - name_len = sizeof (name) / sizeof (name[0]); - gnutls_openpgp_key_get_name (key, idx, name, &name_len); - rc = xml_add_userid (&string_xml_key, ext, name, pkt->pkt.user_id); - idx++; - break; - - case CDK_PKT_SIGNATURE: - rc = xml_add_sig (&string_xml_key, ext, pkt->pkt.signature); - break; - - default: - break; - } - } - if (!rc) - { - s = " </OPENPGPKEY>\n"; - _gnutls_string_append_str (&string_xml_key, s); - } - s = "</gnutls:openpgp:key>\n"; - _gnutls_string_append_str (&string_xml_key, s); - _gnutls_string_append_data (&string_xml_key, "\n\0", 2); - - *xmlkey = _gnutls_string2datum (&string_xml_key); - xmlkey->size--; - - return rc; -} @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: gnutls 1.4.0\n" "Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n" -"POT-Creation-Date: 2006-05-12 00:21+0200\n" +"POT-Creation-Date: 2007-10-06 09:59+0300\n" "PO-Revision-Date: 2006-12-12 09:37+0100\n" "Last-Translator: Michael Piefel <piefel@informatik.hu-berlin.de>\n" "Language-Team: German <translation-team-de@lists.sourceforge.net>\n" @@ -42,8 +42,12 @@ msgstr "Ein großes TLS-Datensatzpaket wurde empfangen." msgid "A record packet with illegal version was received." msgstr "Ein Datensatzpaket mit illegaler Version wurde empfangen." -msgid "The Diffie Hellman prime sent by the server is not acceptable (not long enough)." -msgstr "Die Diffie-Hellman-Primzahl, die vom Server gesendet wurde, ist nicht akzeptabel (nicht lang genug)." +msgid "" +"The Diffie Hellman prime sent by the server is not acceptable (not long " +"enough)." +msgstr "" +"Die Diffie-Hellman-Primzahl, die vom Server gesendet wurde, ist nicht " +"akzeptabel (nicht lang genug)." msgid "A TLS packet with unexpected length was received." msgstr "Ein TLS-Paket mit unerwarteter Länge wurde empfangen." @@ -103,7 +107,8 @@ msgid "Public key signing has failed." msgstr "Das Signieren mittels öffentlichem Schlüssel schlug fehl." msgid "Public key signature verification has failed." -msgstr "Die Verifizierung der Signatur mittels öffentlichem Schlüssel schlug fehl." +msgstr "" +"Die Verifizierung der Signatur mittels öffentlichem Schlüssel schlug fehl." msgid "Decompression of the TLS record packet has failed." msgstr "Die Dekomprimierung des TLS-Datensatzpakets schlug fehl." @@ -115,7 +120,8 @@ msgid "Internal error in memory allocation." msgstr "Interner Fehler bei Speicheranfoderung." msgid "An unimplemented or disabled feature has been requested." -msgstr "Eine nicht implementierte oder deaktivierte Eigenschaft wurde abgefragt." +msgstr "" +"Eine nicht implementierte oder deaktivierte Eigenschaft wurde abgefragt." msgid "Insufficient credentials for that request." msgstr "Unzureichende Berechtigungsnachweise für diese Anfrage." @@ -150,7 +156,8 @@ msgstr "Fehler in der Pull-Funktion." msgid "Error in the push function." msgstr "Fehler in der Push-Funktion." -msgid "The upper limit of record packet sequence numbers has been reached. Wow!" +msgid "" +"The upper limit of record packet sequence numbers has been reached. Wow!" msgstr "Das obere Limit der Datensatzpaketsequenznummern wurde erreicht. Huch!" msgid "Error in the certificate." @@ -172,7 +179,9 @@ msgid "Rehandshake was requested by the peer." msgstr "Neuer Handshake wurde von der Gegenstelle gefordert." msgid "TLS Application data were received, while expecting handshake data." -msgstr "TLS-Anwendungsdaten wurden empfangen, während Handshake-Daten erwartet wurden." +msgstr "" +"TLS-Anwendungsdaten wurden empfangen, während Handshake-Daten erwartet " +"wurden." msgid "Error in Database backend." msgstr "Fehler im Datenbank-Backend." @@ -233,8 +242,11 @@ msgstr "Zu viele leere Datensatzpakete wurden empfangen." msgid "The initialization of GnuTLS-extra has failed." msgstr "Die Initialisierung von GnuTLS-extra schlug fehl." -msgid "The GnuTLS library version does not match the GnuTLS-extra library version." -msgstr "Die Version der GnuTLS-Bibliothek stimmt nicht mit der Version der GnuTLS-extra-Bibliothek überein." +msgid "" +"The GnuTLS library version does not match the GnuTLS-extra library version." +msgstr "" +"Die Version der GnuTLS-Bibliothek stimmt nicht mit der Version der GnuTLS-" +"extra-Bibliothek überein." msgid "The gcrypt library version is too old." msgstr "Die Version der Bibliothek gcrypt ist zu alt." @@ -242,8 +254,12 @@ msgstr "Die Version der Bibliothek gcrypt ist zu alt." msgid "The tasn1 library version is too old." msgstr "Die Version der Bibliothek tasn1 ist zu alt." -msgid "The specified GnuPG TrustDB version is not supported. TrustDB v4 is supported." -msgstr "Die angegebene Version von GnuPG-TrustDB wird nicht unterstützt. TrustDB Version 4 wird unterstützt." +msgid "" +"The specified GnuPG TrustDB version is not supported. TrustDB v4 is " +"supported." +msgstr "" +"Die angegebene Version von GnuPG-TrustDB wird nicht unterstützt. TrustDB " +"Version 4 wird unterstützt." msgid "Error loading the keyring." msgstr "Fehler beim Laden des Schlüsselrings." @@ -304,3 +320,256 @@ msgstr "Empfing eine »TLS/IA Final Phase Finished«-Mitteilung" msgid "Verifying TLS/IA phase checksum failed" msgstr "Verifizierung der TLS/IA-Phasenprüfsumme schlug fehl" + +#, c-format +msgid "\t\t\tPath Length Constraint: %d\n" +msgstr "" + +#, c-format +msgid "\t\t\tPolicy Language: %s" +msgstr "" + +msgid "" +"\t\t\tPolicy:\n" +"\t\t\t\tASCII: " +msgstr "" + +msgid "" +"\n" +"\t\t\t\tHexdump: " +msgstr "" + +msgid "\t\t\tDigital signature.\n" +msgstr "" + +msgid "\t\t\tNon repudiation.\n" +msgstr "" + +msgid "\t\t\tKey encipherment.\n" +msgstr "" + +msgid "\t\t\tData encipherment.\n" +msgstr "" + +msgid "\t\t\tKey agreement.\n" +msgstr "" + +msgid "\t\t\tCertificate signing.\n" +msgstr "" + +msgid "\t\t\tCRL signing.\n" +msgstr "" + +msgid "\t\t\tKey encipher only.\n" +msgstr "" + +msgid "\t\t\tKey decipher only.\n" +msgstr "" + +msgid "\t\t\tTLS WWW Server.\n" +msgstr "" + +msgid "\t\t\tTLS WWW Client.\n" +msgstr "" + +msgid "\t\t\tCode signing.\n" +msgstr "" + +msgid "\t\t\tEmail protection.\n" +msgstr "" + +msgid "\t\t\tTime stamping.\n" +msgstr "" + +msgid "\t\t\tOCSP signing.\n" +msgstr "" + +msgid "\t\t\tAny purpose.\n" +msgstr "" + +msgid "\t\t\tCertificate Authority (CA): FALSE\n" +msgstr "" + +msgid "\t\t\tCertificate Authority (CA): TRUE\n" +msgstr "" + +#, c-format +msgid "\t\t\tXMPP Address: %.*s\n" +msgstr "" + +#, c-format +msgid "\t\t\totherName OID: %.*s\n" +msgstr "" + +msgid "\t\t\totherName DER: " +msgstr "" + +msgid "" +"\n" +"\t\t\totherName ASCII: " +msgstr "" + +#, c-format +msgid "\tVersion: %d\n" +msgstr "" + +msgid "\tSerial Number (hex): " +msgstr "" + +#, c-format +msgid "\tIssuer: %s\n" +msgstr "" + +msgid "\tValidity:\n" +msgstr "" + +#, c-format +msgid "\t\tNot Before: %s\n" +msgstr "" + +#, c-format +msgid "\t\tNot After: %s\n" +msgstr "" + +#, c-format +msgid "\tSubject: %s\n" +msgstr "" + +#, c-format +msgid "\tSubject Public Key Algorithm: %s\n" +msgstr "" + +#, c-format +msgid "\t\tModulus (bits %d):\n" +msgstr "" + +msgid "\t\tExponent:\n" +msgstr "" + +#, c-format +msgid "\t\tPublic key (bits %d):\n" +msgstr "" + +msgid "\t\tP:\n" +msgstr "" + +msgid "\t\tQ:\n" +msgstr "" + +msgid "\t\tG:\n" +msgstr "" + +msgid "\tExtensions:\n" +msgstr "" + +#, c-format +msgid "\t\tBasic Constraints (%s):\n" +msgstr "" + +msgid "critical" +msgstr "" + +msgid "not critical" +msgstr "" + +#, c-format +msgid "\t\tSubject Key Identifier (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tAuthority Key Identifier (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tKey Usage (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tKey Purpose (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tSubject Alternative Name (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tCRL Distribution points (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tProxy Certificate Information (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tUnknown extension %s (%s):\n" +msgstr "" + +msgid "\t\t\tASCII: " +msgstr "" + +msgid "\t\t\tHexdump: " +msgstr "" + +#, c-format +msgid "\tSignature Algorithm: %s\n" +msgstr "" + +msgid "" +"warning: signed using a broken signature algorithm that can be forged.\n" +msgstr "" + +msgid "\tSignature:\n" +msgstr "" + +msgid "" +"\tMD5 fingerprint:\n" +"\t\t" +msgstr "" + +msgid "" +"\tSHA-1 fingerprint:\n" +"\t\t" +msgstr "" + +msgid "" +"\tPublic Key Id:\n" +"\t\t" +msgstr "" + +msgid "X.509 Certificate Information:\n" +msgstr "" + +msgid "Other Information:\n" +msgstr "" + +msgid "\tVersion: 1 (default)\n" +msgstr "" + +msgid "\tUpdate dates:\n" +msgstr "" + +#, c-format +msgid "\t\tIssued: %s\n" +msgstr "" + +#, c-format +msgid "\t\tNext at: %s\n" +msgstr "" + +#, c-format +msgid "\tRevoked certificates (%d):\n" +msgstr "" + +#, fuzzy +msgid "\tNo revoked certificates.\n" +msgstr "Fehler im Zertifikat." + +msgid "\t\tSerial Number (hex): " +msgstr "" + +#, c-format +msgid "\t\tRevoked at: %s\n" +msgstr "" + +msgid "X.509 Certificate Revocation List Information:\n" +msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: gnutls 1.4.0\n" "Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n" -"POT-Creation-Date: 2006-05-12 00:21+0200\n" +"POT-Creation-Date: 2007-10-06 09:59+0300\n" "PO-Revision-Date: 2007-06-24 19:29+0800\n" "Last-Translator: Sharuzzaman Ahmat Raslan <sharuzzaman@myrealbox.com>\n" "Language-Team: Malay <translation-team-ms@lists.sourceforge.net>\n" @@ -42,8 +42,12 @@ msgstr "Paket rekod TLS besar telah diterima." msgid "A record packet with illegal version was received." msgstr "Paket rekod dengan versi tidak sah telah diterima." -msgid "The Diffie Hellman prime sent by the server is not acceptable (not long enough)." -msgstr "Perdana Diffie Hellman yang dihantar oleh pelayan tidak boleh diterima (tidak cukup panjang)." +msgid "" +"The Diffie Hellman prime sent by the server is not acceptable (not long " +"enough)." +msgstr "" +"Perdana Diffie Hellman yang dihantar oleh pelayan tidak boleh diterima " +"(tidak cukup panjang)." msgid "A TLS packet with unexpected length was received." msgstr "Paket TLS dengan panjang tidak dijangka telah diterima." @@ -150,7 +154,8 @@ msgstr "Ralat dalam fungsi tarik." msgid "Error in the push function." msgstr "Ralat dalam fungsi tolak." -msgid "The upper limit of record packet sequence numbers has been reached. Wow!" +msgid "" +"The upper limit of record packet sequence numbers has been reached. Wow!" msgstr "Had atas nombor jujukan paket rakaman telah dicapai. Wow!" msgid "Error in the certificate." @@ -231,7 +236,8 @@ msgstr "Terlalu banyak paket rekod kosong telah diterima." msgid "The initialization of GnuTLS-extra has failed." msgstr "Pemulaan GnuTLS-extra telah gagal." -msgid "The GnuTLS library version does not match the GnuTLS-extra library version." +msgid "" +"The GnuTLS library version does not match the GnuTLS-extra library version." msgstr "Versi pustaka GnuTLS tidak sepadan dengan versi pustaka GnuTLS-extra." msgid "The gcrypt library version is too old." @@ -240,8 +246,12 @@ msgstr "Versi pustaka gcrypt terlalu lama." msgid "The tasn1 library version is too old." msgstr "Versi pustaka tasn1 terlalu lama." -msgid "The specified GnuPG TrustDB version is not supported. TrustDB v4 is supported." -msgstr "Versi GnuPG TrustDB yang dinyatakan tidak disokong. TrustDB v4 adalah disokong." +msgid "" +"The specified GnuPG TrustDB version is not supported. TrustDB v4 is " +"supported." +msgstr "" +"Versi GnuPG TrustDB yang dinyatakan tidak disokong. TrustDB v4 adalah " +"disokong." msgid "Error loading the keyring." msgstr "Ralat memuatkan cecincin kunci." @@ -299,3 +309,256 @@ msgstr "Menerima mesej TLS/IA Final Phase Finished" msgid "Verifying TLS/IA phase checksum failed" msgstr "Pengesahan checksum fasa TLS/IA gagal" + +#, c-format +msgid "\t\t\tPath Length Constraint: %d\n" +msgstr "" + +#, c-format +msgid "\t\t\tPolicy Language: %s" +msgstr "" + +msgid "" +"\t\t\tPolicy:\n" +"\t\t\t\tASCII: " +msgstr "" + +msgid "" +"\n" +"\t\t\t\tHexdump: " +msgstr "" + +msgid "\t\t\tDigital signature.\n" +msgstr "" + +msgid "\t\t\tNon repudiation.\n" +msgstr "" + +msgid "\t\t\tKey encipherment.\n" +msgstr "" + +msgid "\t\t\tData encipherment.\n" +msgstr "" + +msgid "\t\t\tKey agreement.\n" +msgstr "" + +msgid "\t\t\tCertificate signing.\n" +msgstr "" + +msgid "\t\t\tCRL signing.\n" +msgstr "" + +msgid "\t\t\tKey encipher only.\n" +msgstr "" + +msgid "\t\t\tKey decipher only.\n" +msgstr "" + +msgid "\t\t\tTLS WWW Server.\n" +msgstr "" + +msgid "\t\t\tTLS WWW Client.\n" +msgstr "" + +msgid "\t\t\tCode signing.\n" +msgstr "" + +msgid "\t\t\tEmail protection.\n" +msgstr "" + +msgid "\t\t\tTime stamping.\n" +msgstr "" + +msgid "\t\t\tOCSP signing.\n" +msgstr "" + +msgid "\t\t\tAny purpose.\n" +msgstr "" + +msgid "\t\t\tCertificate Authority (CA): FALSE\n" +msgstr "" + +msgid "\t\t\tCertificate Authority (CA): TRUE\n" +msgstr "" + +#, c-format +msgid "\t\t\tXMPP Address: %.*s\n" +msgstr "" + +#, c-format +msgid "\t\t\totherName OID: %.*s\n" +msgstr "" + +msgid "\t\t\totherName DER: " +msgstr "" + +msgid "" +"\n" +"\t\t\totherName ASCII: " +msgstr "" + +#, c-format +msgid "\tVersion: %d\n" +msgstr "" + +msgid "\tSerial Number (hex): " +msgstr "" + +#, c-format +msgid "\tIssuer: %s\n" +msgstr "" + +msgid "\tValidity:\n" +msgstr "" + +#, c-format +msgid "\t\tNot Before: %s\n" +msgstr "" + +#, c-format +msgid "\t\tNot After: %s\n" +msgstr "" + +#, c-format +msgid "\tSubject: %s\n" +msgstr "" + +#, c-format +msgid "\tSubject Public Key Algorithm: %s\n" +msgstr "" + +#, c-format +msgid "\t\tModulus (bits %d):\n" +msgstr "" + +msgid "\t\tExponent:\n" +msgstr "" + +#, c-format +msgid "\t\tPublic key (bits %d):\n" +msgstr "" + +msgid "\t\tP:\n" +msgstr "" + +msgid "\t\tQ:\n" +msgstr "" + +msgid "\t\tG:\n" +msgstr "" + +msgid "\tExtensions:\n" +msgstr "" + +#, c-format +msgid "\t\tBasic Constraints (%s):\n" +msgstr "" + +msgid "critical" +msgstr "" + +msgid "not critical" +msgstr "" + +#, c-format +msgid "\t\tSubject Key Identifier (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tAuthority Key Identifier (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tKey Usage (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tKey Purpose (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tSubject Alternative Name (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tCRL Distribution points (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tProxy Certificate Information (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tUnknown extension %s (%s):\n" +msgstr "" + +msgid "\t\t\tASCII: " +msgstr "" + +msgid "\t\t\tHexdump: " +msgstr "" + +#, c-format +msgid "\tSignature Algorithm: %s\n" +msgstr "" + +msgid "" +"warning: signed using a broken signature algorithm that can be forged.\n" +msgstr "" + +msgid "\tSignature:\n" +msgstr "" + +msgid "" +"\tMD5 fingerprint:\n" +"\t\t" +msgstr "" + +msgid "" +"\tSHA-1 fingerprint:\n" +"\t\t" +msgstr "" + +msgid "" +"\tPublic Key Id:\n" +"\t\t" +msgstr "" + +msgid "X.509 Certificate Information:\n" +msgstr "" + +msgid "Other Information:\n" +msgstr "" + +msgid "\tVersion: 1 (default)\n" +msgstr "" + +msgid "\tUpdate dates:\n" +msgstr "" + +#, c-format +msgid "\t\tIssued: %s\n" +msgstr "" + +#, c-format +msgid "\t\tNext at: %s\n" +msgstr "" + +#, c-format +msgid "\tRevoked certificates (%d):\n" +msgstr "" + +#, fuzzy +msgid "\tNo revoked certificates.\n" +msgstr "Ralat dalam sijil." + +msgid "\t\tSerial Number (hex): " +msgstr "" + +#, c-format +msgid "\t\tRevoked at: %s\n" +msgstr "" + +msgid "X.509 Certificate Revocation List Information:\n" +msgstr "" diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c index 2b154a61a4..2f2266e577 100644 --- a/src/certtool-gaa.c +++ b/src/certtool-gaa.c @@ -159,9 +159,9 @@ void gaa_help(void) __gaa_helpsingle(0, "hash", "STR ", "Hash algorithm to use for signing (MD5,SHA1,RMD160,SHA256,SHA384,SHA512)."); __gaa_helpsingle(0, "export-ciphers", "", "Use weak encryption algorithms."); __gaa_helpsingle(0, "inder", "", "Use DER format for input certificates and private keys."); - __gaa_helpsingle(0, "xml", "", "Use XML format for output certificates."); __gaa_helpsingle(0, "outder", "", "Use DER format for output certificates and private keys."); __gaa_helpsingle(0, "bits", "BITS ", "specify the number of bits for key generation."); + __gaa_helpsingle(0, "quick-random", "", "Use /dev/urandom for all operation, reducing the quality of randomness used."); __gaa_helpsingle(0, "outfile", "FILE ", "Output file."); __gaa_helpsingle(0, "infile", "FILE ", "Input file."); __gaa_helpsingle(0, "template", "FILE ", "Template file to use for non interactive operation."); @@ -191,11 +191,11 @@ struct _gaainfo #line 97 "certtool.gaa" char *outfile; #line 94 "certtool.gaa" - int bits; + int quick_random; #line 91 "certtool.gaa" - int outcert_format; + int bits; #line 88 "certtool.gaa" - int xml; + int outcert_format; #line 85 "certtool.gaa" int incert_format; #line 82 "certtool.gaa" @@ -283,9 +283,9 @@ static int gaa_error = 0; #define GAAOPTID_template 4 #define GAAOPTID_infile 5 #define GAAOPTID_outfile 6 -#define GAAOPTID_bits 7 -#define GAAOPTID_outder 8 -#define GAAOPTID_xml 9 +#define GAAOPTID_quick_random 7 +#define GAAOPTID_bits 8 +#define GAAOPTID_outder 9 #define GAAOPTID_inder 10 #define GAAOPTID_export_ciphers 11 #define GAAOPTID_hash 12 @@ -619,8 +619,8 @@ static int gaa_get_option_num(char *str, int status) #line 375 "gaa.skel" GAA_CHECK1STR("v", GAAOPTID_version); GAA_CHECK1STR("h", GAAOPTID_help); + GAA_CHECK1STR("", GAAOPTID_quick_random); GAA_CHECK1STR("", GAAOPTID_outder); - GAA_CHECK1STR("", GAAOPTID_xml); GAA_CHECK1STR("", GAAOPTID_inder); GAA_CHECK1STR("", GAAOPTID_export_ciphers); GAA_CHECK1STR("", GAAOPTID_dsa); @@ -654,9 +654,9 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("template", GAAOPTID_template); GAA_CHECKSTR("infile", GAAOPTID_infile); GAA_CHECKSTR("outfile", GAAOPTID_outfile); + GAA_CHECKSTR("quick-random", GAAOPTID_quick_random); GAA_CHECKSTR("bits", GAAOPTID_bits); GAA_CHECKSTR("outder", GAAOPTID_outder); - GAA_CHECKSTR("xml", GAAOPTID_xml); GAA_CHECKSTR("inder", GAAOPTID_inder); GAA_CHECKSTR("export-ciphers", GAAOPTID_export_ciphers); GAA_CHECKSTR("hash", GAAOPTID_hash); @@ -785,27 +785,27 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) return GAA_OK; break; - case GAAOPTID_bits: + case GAAOPTID_quick_random: OK = 0; - GAA_TESTMOREARGS; - GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1); - gaa_index++; #line 95 "certtool.gaa" -{ gaaval->bits = GAATMP_bits.arg1 ;}; +{ gaaval->quick_random = 1; ;}; return GAA_OK; break; - case GAAOPTID_outder: + case GAAOPTID_bits: OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1); + gaa_index++; #line 92 "certtool.gaa" -{ gaaval->outcert_format=1 ;}; +{ gaaval->bits = GAATMP_bits.arg1 ;}; return GAA_OK; break; - case GAAOPTID_xml: + case GAAOPTID_outder: OK = 0; #line 89 "certtool.gaa" -{ gaaval->xml=1 ;}; +{ gaaval->outcert_format=1 ;}; return GAA_OK; break; @@ -1068,7 +1068,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval) { gaaval->bits = 1024; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; - gaaval->export = 0; gaaval->template = NULL; gaaval->xml = 0; gaaval->hash=NULL; gaaval->fix_key = 0;;}; + gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=0; ;}; } inited = 1; @@ -1216,7 +1216,7 @@ static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc len++; a = fgetc( file); - if(a==EOF) return 0; /* a = ' '; */ + if(a==EOF) return 0; //a = ' '; } len += 1; diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h index 0c4b9c92f6..891360ef98 100644 --- a/src/certtool-gaa.h +++ b/src/certtool-gaa.h @@ -17,11 +17,11 @@ struct _gaainfo #line 97 "certtool.gaa" char *outfile; #line 94 "certtool.gaa" - int bits; + int quick_random; #line 91 "certtool.gaa" - int outcert_format; + int bits; #line 88 "certtool.gaa" - int xml; + int outcert_format; #line 85 "certtool.gaa" int incert_format; #line 82 "certtool.gaa" diff --git a/src/certtool.c b/src/certtool.c index 2524918cc9..0ecfca88e2 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -20,6 +20,7 @@ #include <config.h> #include <gnutls/gnutls.h> +#include <gcrypt.h> #include <stdio.h> #include <stdlib.h> @@ -137,6 +138,10 @@ generate_private_key_int (void) fprintf (stderr, "Generating a %d bit %s private key...\n", info.bits, gnutls_pk_algorithm_get_name (key_type)); + if (info.quick_random == 0) + fprintf (stderr, "This might take several minutes depending on availability of randomness" + " in /dev/random. You can consider using --quick-random option but this reduces the quality of randomness used.\n"); + ret = gnutls_x509_privkey_generate (key, key_type, info.bits, 0); if (ret < 0) error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret)); @@ -804,6 +809,9 @@ gaa_parser (int argc, char **argv) template_parse (info.template); } + if (info.quick_random != 0) + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (info.debug); @@ -918,8 +926,6 @@ certificate_info (void) if (info.outcert_format == GNUTLS_X509_FMT_PEM) print_certificate_info (crt[i], outfile, 1); - if (!info.xml) - { size = sizeof (buffer); ret = gnutls_x509_crt_export (crt[i], info.outcert_format, buffer, &size); @@ -927,19 +933,6 @@ certificate_info (void) error (EXIT_FAILURE, 0, "Export error: %s", gnutls_strerror (ret)); fwrite (buffer, 1, size, outfile); - } - else - { - gnutls_datum_t xml; - - ret = gnutls_x509_crt_to_xml (crt[i], &xml, GNUTLS_XML_SHOW_ALL); - if (ret < 0) - error (EXIT_FAILURE, 0, "XML encoding error: %s", - gnutls_strerror (ret)); - - fprintf (outfile, "\n%s\n", xml.data); - gnutls_free (xml.data); - } } } diff --git a/src/certtool.gaa b/src/certtool.gaa index 0c9dfb7b0a..828b3253f3 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -85,15 +85,15 @@ option (export-ciphers) { $export=1 } "Use weak encryption algorithms." #int incert_format; option (inder) { $incert_format=1 } "Use DER format for input certificates and private keys." -#int xml; -option (xml) { $xml=1 } "Use XML format for output certificates." - #int outcert_format; option (outder) { $outcert_format=1 } "Use DER format for output certificates and private keys." #int bits; option (bits) INT "BITS" { $bits = $1 } "specify the number of bits for key generation." +#int quick_random; +option (quick-random) { $quick_random = 1; } "Use /dev/urandom for all operation, reducing the quality of randomness used." + #char *outfile; option (outfile) STR "FILE" { $outfile = $1 } "Output file." @@ -114,5 +114,5 @@ option (v, version) { certtool_version(); exit(0); } "shows the program's versio init { $bits = 1024; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; - $export = 0; $template = NULL; $xml = 0; $hash=NULL; $fix_key = 0;} + $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=0; } diff --git a/src/cli-gaa.c b/src/cli-gaa.c index 24ccb9210c..990168818f 100644 --- a/src/cli-gaa.c +++ b/src/cli-gaa.c @@ -134,7 +134,6 @@ void gaa_help(void) __gaa_helpsingle(0, "x509fmtder", "", "Use DER format for certificates to read from."); __gaa_helpsingle('f', "fingerprint", "", "Send the openpgp fingerprint, instead of the key."); __gaa_helpsingle(0, "disable-extensions", "", "Disable all the TLS extensions."); - __gaa_helpsingle(0, "xml", "", "Print the certificate information in XML format."); __gaa_helpsingle(0, "print-cert", "", "Print the certificate in PEM format."); __gaa_helpsingle(0, "recordsize", "integer ", "The maximum record size to advertize."); __gaa_helpsingle('V', "verbose", "", "More verbose output."); @@ -179,74 +178,72 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 128 "cli.gaa" +#line 125 "cli.gaa" char *rest_args; -#line 119 "cli.gaa" - int insecure; #line 116 "cli.gaa" - char *port; + int insecure; #line 113 "cli.gaa" - char *opaque_prf_input; + char *port; #line 110 "cli.gaa" - char *authz_saml_assertion; + char *opaque_prf_input; #line 107 "cli.gaa" - char *authz_x509_attr_cert; + char *authz_saml_assertion; #line 104 "cli.gaa" - char *psk_key; + char *authz_x509_attr_cert; #line 101 "cli.gaa" - char *psk_username; + char *psk_key; #line 98 "cli.gaa" - char *srp_passwd; + char *psk_username; #line 95 "cli.gaa" - char *srp_username; + char *srp_passwd; #line 92 "cli.gaa" - char *x509_certfile; + char *srp_username; #line 89 "cli.gaa" - char *x509_keyfile; + char *x509_certfile; #line 86 "cli.gaa" - char *pgp_certfile; + char *x509_keyfile; #line 83 "cli.gaa" - char *pgp_trustdb; + char *pgp_certfile; #line 80 "cli.gaa" - char *pgp_keyring; + char *pgp_trustdb; #line 77 "cli.gaa" - char *pgp_keyfile; + char *pgp_keyring; #line 74 "cli.gaa" - char *x509_crlfile; + char *pgp_keyfile; #line 71 "cli.gaa" - char *x509_cafile; + char *x509_crlfile; #line 68 "cli.gaa" + char *x509_cafile; +#line 65 "cli.gaa" char **ctype; -#line 67 "cli.gaa" - int nctype; #line 64 "cli.gaa" + int nctype; +#line 61 "cli.gaa" char **kx; -#line 63 "cli.gaa" - int nkx; #line 60 "cli.gaa" + int nkx; +#line 57 "cli.gaa" char **macs; -#line 59 "cli.gaa" - int nmacs; #line 56 "cli.gaa" + int nmacs; +#line 53 "cli.gaa" char **comp; -#line 55 "cli.gaa" - int ncomp; #line 52 "cli.gaa" + int ncomp; +#line 49 "cli.gaa" char **proto; -#line 51 "cli.gaa" - int nproto; #line 48 "cli.gaa" + int nproto; +#line 45 "cli.gaa" char **ciphers; -#line 47 "cli.gaa" - int nciphers; #line 44 "cli.gaa" - int verbose; + int nciphers; #line 41 "cli.gaa" - int record_size; + int verbose; #line 38 "cli.gaa" - int print_cert; + int record_size; #line 35 "cli.gaa" - int xml; + int print_cert; #line 32 "cli.gaa" int disable_extensions; #line 29 "cli.gaa" @@ -315,7 +312,7 @@ static int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 38 +#define GAA_NB_OPTION 37 #define GAAOPTID_copyright 1 #define GAAOPTID_version 2 #define GAAOPTID_help 3 @@ -346,14 +343,13 @@ static int gaa_error = 0; #define GAAOPTID_verbose 28 #define GAAOPTID_recordsize 29 #define GAAOPTID_print_cert 30 -#define GAAOPTID_xml 31 -#define GAAOPTID_disable_extensions 32 -#define GAAOPTID_fingerprint 33 -#define GAAOPTID_x509fmtder 34 -#define GAAOPTID_crlf 35 -#define GAAOPTID_starttls 36 -#define GAAOPTID_resume 37 -#define GAAOPTID_debug 38 +#define GAAOPTID_disable_extensions 31 +#define GAAOPTID_fingerprint 32 +#define GAAOPTID_x509fmtder 33 +#define GAAOPTID_crlf 34 +#define GAAOPTID_starttls 35 +#define GAAOPTID_resume 36 +#define GAAOPTID_debug 37 #line 168 "gaa.skel" @@ -753,7 +749,6 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECK1STR("", GAAOPTID_insecure); GAA_CHECK1STR("V", GAAOPTID_verbose); GAA_CHECK1STR("", GAAOPTID_print_cert); - GAA_CHECK1STR("", GAAOPTID_xml); GAA_CHECK1STR("", GAAOPTID_disable_extensions); GAA_CHECK1STR("f", GAAOPTID_fingerprint); GAA_CHECK1STR("", GAAOPTID_x509fmtder); @@ -794,7 +789,6 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("verbose", GAAOPTID_verbose); GAA_CHECKSTR("recordsize", GAAOPTID_recordsize); GAA_CHECKSTR("print-cert", GAAOPTID_print_cert); - GAA_CHECKSTR("xml", GAAOPTID_xml); GAA_CHECKSTR("disable-extensions", GAAOPTID_disable_extensions); GAA_CHECKSTR("fingerprint", GAAOPTID_fingerprint); GAA_CHECKSTR("x509fmtder", GAAOPTID_x509fmtder); @@ -860,35 +854,35 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_copyright: OK = 0; -#line 126 "cli.gaa" +#line 123 "cli.gaa" { print_license(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_version: OK = 0; -#line 125 "cli.gaa" +#line 122 "cli.gaa" { cli_version(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_help: OK = 0; -#line 123 "cli.gaa" +#line 120 "cli.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_list: OK = 0; -#line 122 "cli.gaa" +#line 119 "cli.gaa" { print_list(gaaval->verbose); exit(0); ;}; return GAA_OK; break; case GAAOPTID_insecure: OK = 0; -#line 120 "cli.gaa" +#line 117 "cli.gaa" { gaaval->insecure = 1 ;}; return GAA_OK; @@ -898,7 +892,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_port.arg1, gaa_getstr, GAATMP_port.size1); gaa_index++; -#line 117 "cli.gaa" +#line 114 "cli.gaa" { gaaval->port = GAATMP_port.arg1 ;}; return GAA_OK; @@ -908,7 +902,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_opaque_prf_input.arg1, gaa_getstr, GAATMP_opaque_prf_input.size1); gaa_index++; -#line 114 "cli.gaa" +#line 111 "cli.gaa" { gaaval->opaque_prf_input = GAATMP_opaque_prf_input.arg1 ;}; return GAA_OK; @@ -918,7 +912,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_authz_saml_assertion.arg1, gaa_getstr, GAATMP_authz_saml_assertion.size1); gaa_index++; -#line 111 "cli.gaa" +#line 108 "cli.gaa" { gaaval->authz_saml_assertion = GAATMP_authz_saml_assertion.arg1 ;}; return GAA_OK; @@ -928,7 +922,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_authz_x509_attr_cert.arg1, gaa_getstr, GAATMP_authz_x509_attr_cert.size1); gaa_index++; -#line 108 "cli.gaa" +#line 105 "cli.gaa" { gaaval->authz_x509_attr_cert = GAATMP_authz_x509_attr_cert.arg1 ;}; return GAA_OK; @@ -938,7 +932,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pskkey.arg1, gaa_getstr, GAATMP_pskkey.size1); gaa_index++; -#line 105 "cli.gaa" +#line 102 "cli.gaa" { gaaval->psk_key = GAATMP_pskkey.arg1 ;}; return GAA_OK; @@ -948,7 +942,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pskusername.arg1, gaa_getstr, GAATMP_pskusername.size1); gaa_index++; -#line 102 "cli.gaa" +#line 99 "cli.gaa" { gaaval->psk_username = GAATMP_pskusername.arg1 ;}; return GAA_OK; @@ -958,7 +952,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr, GAATMP_srppasswd.size1); gaa_index++; -#line 99 "cli.gaa" +#line 96 "cli.gaa" { gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;}; return GAA_OK; @@ -968,7 +962,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_srpusername.arg1, gaa_getstr, GAATMP_srpusername.size1); gaa_index++; -#line 96 "cli.gaa" +#line 93 "cli.gaa" { gaaval->srp_username = GAATMP_srpusername.arg1 ;}; return GAA_OK; @@ -978,7 +972,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr, GAATMP_x509certfile.size1); gaa_index++; -#line 93 "cli.gaa" +#line 90 "cli.gaa" { gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;}; return GAA_OK; @@ -988,7 +982,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr, GAATMP_x509keyfile.size1); gaa_index++; -#line 90 "cli.gaa" +#line 87 "cli.gaa" { gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;}; return GAA_OK; @@ -998,7 +992,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr, GAATMP_pgpcertfile.size1); gaa_index++; -#line 87 "cli.gaa" +#line 84 "cli.gaa" { gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;}; return GAA_OK; @@ -1008,7 +1002,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgptrustdb.arg1, gaa_getstr, GAATMP_pgptrustdb.size1); gaa_index++; -#line 84 "cli.gaa" +#line 81 "cli.gaa" { gaaval->pgp_trustdb = GAATMP_pgptrustdb.arg1 ;}; return GAA_OK; @@ -1018,7 +1012,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr, GAATMP_pgpkeyring.size1); gaa_index++; -#line 81 "cli.gaa" +#line 78 "cli.gaa" { gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;}; return GAA_OK; @@ -1028,7 +1022,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr, GAATMP_pgpkeyfile.size1); gaa_index++; -#line 78 "cli.gaa" +#line 75 "cli.gaa" { gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;}; return GAA_OK; @@ -1038,7 +1032,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509crlfile.arg1, gaa_getstr, GAATMP_x509crlfile.size1); gaa_index++; -#line 75 "cli.gaa" +#line 72 "cli.gaa" { gaaval->x509_crlfile = GAATMP_x509crlfile.arg1 ;}; return GAA_OK; @@ -1048,7 +1042,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr, GAATMP_x509cafile.size1); gaa_index++; -#line 72 "cli.gaa" +#line 69 "cli.gaa" { gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;}; return GAA_OK; @@ -1056,7 +1050,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ctypes: OK = 0; GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1); -#line 69 "cli.gaa" +#line 66 "cli.gaa" { gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;}; return GAA_OK; @@ -1064,7 +1058,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_kx: OK = 0; GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1); -#line 65 "cli.gaa" +#line 62 "cli.gaa" { gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;}; return GAA_OK; @@ -1072,7 +1066,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_macs: OK = 0; GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1); -#line 61 "cli.gaa" +#line 58 "cli.gaa" { gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;}; return GAA_OK; @@ -1080,7 +1074,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_comp: OK = 0; GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1); -#line 57 "cli.gaa" +#line 54 "cli.gaa" { gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;}; return GAA_OK; @@ -1088,7 +1082,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_protocols: OK = 0; GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1); -#line 53 "cli.gaa" +#line 50 "cli.gaa" { gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;}; return GAA_OK; @@ -1096,14 +1090,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ciphers: OK = 0; GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1); -#line 49 "cli.gaa" +#line 46 "cli.gaa" { gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;}; return GAA_OK; break; case GAAOPTID_verbose: OK = 0; -#line 45 "cli.gaa" +#line 42 "cli.gaa" { gaaval->verbose = 1 ;}; return GAA_OK; @@ -1113,22 +1107,15 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_recordsize.arg1, gaa_getint, GAATMP_recordsize.size1); gaa_index++; -#line 42 "cli.gaa" +#line 39 "cli.gaa" { gaaval->record_size = GAATMP_recordsize.arg1 ;}; return GAA_OK; break; case GAAOPTID_print_cert: OK = 0; -#line 39 "cli.gaa" -{ gaaval->print_cert = 1 ;}; - - return GAA_OK; - break; - case GAAOPTID_xml: - OK = 0; #line 36 "cli.gaa" -{ gaaval->xml = 1 ;}; +{ gaaval->print_cert = 1 ;}; return GAA_OK; break; @@ -1188,7 +1175,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAAREST_tmp.arg1, gaa_getstr, GAAREST_tmp.size1); gaa_index++; -#line 129 "cli.gaa" +#line 126 "cli.gaa" { gaaval->rest_args = GAAREST_tmp.arg1; ;}; return GAA_OK; @@ -1217,13 +1204,13 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 131 "cli.gaa" +#line 128 "cli.gaa" { gaaval->resume=0; gaaval->port="443"; gaaval->rest_args=NULL; gaaval->ciphers=NULL; gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0; gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0; gaaval->fingerprint=0; gaaval->pgp_trustdb=NULL; gaaval->pgp_keyring=NULL; gaaval->x509_crlfile = NULL; gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL; gaaval->disable_extensions = 0; - gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->crlf = 0; gaaval->xml = 0; + gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->crlf = 0; gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; gaaval->fmtder = 0; gaaval->starttls =0; gaaval->debug = 0; gaaval->print_cert = 0; gaaval->verbose = 0; gaaval->psk_key = NULL; gaaval->psk_username = NULL; @@ -1376,7 +1363,7 @@ static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc len++; a = fgetc( file); - if(a==EOF) return 0; /* a = ' '; */ + if(a==EOF) return 0; //a = ' '; } len += 1; diff --git a/src/cli-gaa.h b/src/cli-gaa.h index 1548cc0ece..87fb4facff 100644 --- a/src/cli-gaa.h +++ b/src/cli-gaa.h @@ -8,74 +8,72 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 128 "cli.gaa" +#line 125 "cli.gaa" char *rest_args; -#line 119 "cli.gaa" - int insecure; #line 116 "cli.gaa" - char *port; + int insecure; #line 113 "cli.gaa" - char *opaque_prf_input; + char *port; #line 110 "cli.gaa" - char *authz_saml_assertion; + char *opaque_prf_input; #line 107 "cli.gaa" - char *authz_x509_attr_cert; + char *authz_saml_assertion; #line 104 "cli.gaa" - char *psk_key; + char *authz_x509_attr_cert; #line 101 "cli.gaa" - char *psk_username; + char *psk_key; #line 98 "cli.gaa" - char *srp_passwd; + char *psk_username; #line 95 "cli.gaa" - char *srp_username; + char *srp_passwd; #line 92 "cli.gaa" - char *x509_certfile; + char *srp_username; #line 89 "cli.gaa" - char *x509_keyfile; + char *x509_certfile; #line 86 "cli.gaa" - char *pgp_certfile; + char *x509_keyfile; #line 83 "cli.gaa" - char *pgp_trustdb; + char *pgp_certfile; #line 80 "cli.gaa" - char *pgp_keyring; + char *pgp_trustdb; #line 77 "cli.gaa" - char *pgp_keyfile; + char *pgp_keyring; #line 74 "cli.gaa" - char *x509_crlfile; + char *pgp_keyfile; #line 71 "cli.gaa" - char *x509_cafile; + char *x509_crlfile; #line 68 "cli.gaa" + char *x509_cafile; +#line 65 "cli.gaa" char **ctype; -#line 67 "cli.gaa" - int nctype; #line 64 "cli.gaa" + int nctype; +#line 61 "cli.gaa" char **kx; -#line 63 "cli.gaa" - int nkx; #line 60 "cli.gaa" + int nkx; +#line 57 "cli.gaa" char **macs; -#line 59 "cli.gaa" - int nmacs; #line 56 "cli.gaa" + int nmacs; +#line 53 "cli.gaa" char **comp; -#line 55 "cli.gaa" - int ncomp; #line 52 "cli.gaa" + int ncomp; +#line 49 "cli.gaa" char **proto; -#line 51 "cli.gaa" - int nproto; #line 48 "cli.gaa" + int nproto; +#line 45 "cli.gaa" char **ciphers; -#line 47 "cli.gaa" - int nciphers; #line 44 "cli.gaa" - int verbose; + int nciphers; #line 41 "cli.gaa" - int record_size; + int verbose; #line 38 "cli.gaa" - int print_cert; + int record_size; #line 35 "cli.gaa" - int xml; + int print_cert; #line 32 "cli.gaa" int disable_extensions; #line 29 "cli.gaa" @@ -66,7 +66,6 @@ int record_max_size; int fingerprint; int crlf; int verbose = 0; -extern int xml; extern int print_cert; char *srp_passwd = NULL; @@ -122,18 +121,19 @@ typedef struct int secure; char *hostname; char *ip; - char* service; + char *service; struct addrinfo *ptr; struct addrinfo *addr_info; } socket_st; -ssize_t socket_recv (const socket_st *socket, void *buffer, int buffer_size); -ssize_t socket_send (const socket_st *socket, const void *buffer, int buffer_size); -void socket_open( socket_st* hd, const char* hostname, const char* service); -void socket_connect( const socket_st* hd); +ssize_t socket_recv (const socket_st * socket, void *buffer, int buffer_size); +ssize_t socket_send (const socket_st * socket, const void *buffer, + int buffer_size); +void socket_open (socket_st * hd, const char *hostname, const char *service); +void socket_connect (const socket_st * hd); void socket_bye (socket_st * socket); -static void check_rehandshake (socket_st *socket, int ret); +static void check_rehandshake (socket_st * socket, int ret); static int do_handshake (socket_st * socket); static void init_global_tls_stuff (void); @@ -386,8 +386,7 @@ cert_callback (gnutls_session_t session, int authz_send_callback (gnutls_session_t session, - const int *client_formats, - const int *server_formats) + const int *client_formats, const int *server_formats) { size_t i; int ret; @@ -440,9 +439,8 @@ authz_send_callback (gnutls_session_t session, int authz_recv_callback (gnutls_session_t session, const int *authz_formats, - gnutls_datum_t *infos, - const int *hashtypes, - gnutls_datum_t *hash) + gnutls_datum_t * infos, + const int *hashtypes, gnutls_datum_t * hash) { size_t i, j; @@ -550,7 +548,7 @@ static void gaa_parser (int argc, char **argv); /* Returns zero if the error code was successfully handled. */ static int -handle_error (socket_st *hd, int err) +handle_error (socket_st * hd, int err) { int alert, ret; const char *err_type, *str; @@ -655,8 +653,8 @@ main (int argc, char **argv) init_global_tls_stuff (); - socket_open( &hd, hostname, service); - socket_connect( &hd); + socket_open (&hd, hostname, service); + socket_connect (&hd); hd.session = init_tls_session (hostname); if (starttls) @@ -713,8 +711,8 @@ main (int argc, char **argv) printf ("\n\n- Connecting again- trying to resume previous session\n"); - socket_open( &hd, hostname, service); - socket_connect(&hd); + socket_open (&hd, hostname, service); + socket_connect (&hd); } else { @@ -877,7 +875,6 @@ gaa_parser (int argc, char **argv) verbose = info.verbose; disable_extensions = info.disable_extensions; - xml = info.xml; print_cert = info.print_cert; starttls = info.starttls; resume = info.resume; @@ -937,7 +934,7 @@ cli_version (void) static void -check_rehandshake (socket_st *socket, int ret) +check_rehandshake (socket_st * socket, int ret) { if (socket->secure && ret == GNUTLS_E_REHANDSHAKE) { @@ -1007,7 +1004,7 @@ do_handshake (socket_st * socket) static int srp_username_callback (gnutls_session_t session, - unsigned int times, char **username, char **password) + char **username, char **password) { if (srp_username == NULL || srp_passwd == NULL) { @@ -1132,143 +1129,148 @@ init_global_tls_stuff (void) */ ssize_t - socket_recv (const socket_st* socket, void *buffer, int buffer_size) +socket_recv (const socket_st * socket, void *buffer, int buffer_size) { - int ret; + int ret; - if (socket->secure) - do - { - ret = gnutls_record_recv (socket->session, buffer, buffer_size); - } + if (socket->secure) + do + { + ret = gnutls_record_recv (socket->session, buffer, buffer_size); + } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); - else - do - { - ret = recv (socket->fd, buffer, buffer_size, 0); - } + else + do + { + ret = recv (socket->fd, buffer, buffer_size, 0); + } while (ret == -1 && errno == EINTR); - return ret; + return ret; } ssize_t - socket_send (const socket_st *socket, const void *buffer, int buffer_size) +socket_send (const socket_st * socket, const void *buffer, int buffer_size) { - int ret; + int ret; - if (socket->secure) - do - { - ret = gnutls_record_send (socket->session, buffer, buffer_size); - } + if (socket->secure) + do + { + ret = gnutls_record_send (socket->session, buffer, buffer_size); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); - else - do - { - ret = send (socket->fd, buffer, buffer_size, 0); - } + else + do + { + ret = send (socket->fd, buffer, buffer_size, 0); + } while (ret == -1 && errno == EINTR); - if (ret > 0 && ret != buffer_size && verbose) - fprintf (stderr, - "*** Only sent %d bytes instead of %d.\n", ret, buffer_size); + if (ret > 0 && ret != buffer_size && verbose) + fprintf (stderr, + "*** Only sent %d bytes instead of %d.\n", ret, buffer_size); - return ret; + return ret; } void - socket_bye (socket_st * socket) +socket_bye (socket_st * socket) { - int ret; - if (socket->secure) + int ret; + if (socket->secure) { - do - ret = gnutls_bye (socket->session, GNUTLS_SHUT_RDWR); - while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); - if (ret < 0) - fprintf (stderr, "*** gnutls_bye() error: %s\n", - gnutls_strerror (ret)); - gnutls_deinit (socket->session); - socket->session = NULL; + do + ret = gnutls_bye (socket->session, GNUTLS_SHUT_RDWR); + while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); + if (ret < 0) + fprintf (stderr, "*** gnutls_bye() error: %s\n", + gnutls_strerror (ret)); + gnutls_deinit (socket->session); + socket->session = NULL; } - freeaddrinfo( socket->addr_info); - socket->addr_info = socket->ptr = NULL; - - free( socket->ip); - free( socket->hostname); - free( socket->service); - - shutdown (socket->fd, SHUT_RDWR); /* no more receptions */ - close (socket->fd); - - socket->fd = -1; - socket->secure = 0; + freeaddrinfo (socket->addr_info); + socket->addr_info = socket->ptr = NULL; + + free (socket->ip); + free (socket->hostname); + free (socket->service); + + shutdown (socket->fd, SHUT_RDWR); /* no more receptions */ + close (socket->fd); + + socket->fd = -1; + socket->secure = 0; } -void socket_connect( const socket_st* hd) +void +socket_connect (const socket_st * hd) { - int err; + int err; - printf ("Connecting to '%s:%s'...\n", hd->ip, hd->service); + printf ("Connecting to '%s:%s'...\n", hd->ip, hd->service); - err = connect (hd->fd, hd->ptr->ai_addr, hd->ptr->ai_addrlen); - if (err < 0) + err = connect (hd->fd, hd->ptr->ai_addr, hd->ptr->ai_addrlen); + if (err < 0) { - fprintf (stderr, "Cannot connect to %s:%s: %s\n", hd->hostname, hd->service, - strerror (errno)); - exit (1); + fprintf (stderr, "Cannot connect to %s:%s: %s\n", hd->hostname, + hd->service, strerror (errno)); + exit (1); } } -void socket_open( socket_st* hd, const char* hostname, const char* service) +void +socket_open (socket_st * hd, const char *hostname, const char *service) { - struct addrinfo hints, *res, *ptr; - int sd, err; - char buffer[MAX_BUF + 1]; - char portname[16] = { 0 }; - - printf ("Resolving '%s'...\n", hostname); - /* get server name */ - memset (&hints, 0, sizeof (hints)); - hints.ai_socktype = SOCK_STREAM; - if ((err = getaddrinfo (hostname, service, &hints, &res))) + struct addrinfo hints, *res, *ptr; + int sd, err; + char buffer[MAX_BUF + 1]; + char portname[16] = { 0 }; + + printf ("Resolving '%s'...\n", hostname); + /* get server name */ + memset (&hints, 0, sizeof (hints)); + hints.ai_socktype = SOCK_STREAM; + if ((err = getaddrinfo (hostname, service, &hints, &res))) { - fprintf (stderr, "Cannot resolve %s:%s: %s\n", hostname, service, - gai_strerror (err)); - exit (1); + fprintf (stderr, "Cannot resolve %s:%s: %s\n", hostname, service, + gai_strerror (err)); + exit (1); } - sd = -1; - for (ptr = res; ptr != NULL; ptr = ptr->ai_next) + sd = -1; + for (ptr = res; ptr != NULL; ptr = ptr->ai_next) { - sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol); - if (sd == -1) continue; - - if ((err = getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF, - portname, sizeof (portname), NI_NUMERICHOST|NI_NUMERICSERV)) != 0) - { - fprintf (stderr, "getnameinfo(): %s\n", gai_strerror (err)); - freeaddrinfo (res); - exit (1); - } - - break; + sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol); + if (sd == -1) + continue; + + if ((err = getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF, + portname, sizeof (portname), + NI_NUMERICHOST | NI_NUMERICSERV)) != 0) + { + fprintf (stderr, "getnameinfo(): %s\n", gai_strerror (err)); + freeaddrinfo (res); + exit (1); + } + + break; } - if (sd==-1) { - fprintf (stderr, "socket(): %s\n", strerror (errno)); - exit (1); + if (sd == -1) + { + fprintf (stderr, "socket(): %s\n", strerror (errno)); + exit (1); } - - hd->secure = 0; - hd->fd = sd; - hd->hostname = strdup(hostname); - hd->ip = strdup(buffer); - hd->service = strdup(portname); - hd->ptr = ptr; - hd->addr_info = res; - - return; + + hd->secure = 0; + hd->fd = sd; + hd->hostname = strdup (hostname); + hd->ip = strdup (buffer); + hd->service = strdup (portname); + hd->ptr = ptr; + hd->addr_info = res; + + return; } diff --git a/src/cli.gaa b/src/cli.gaa index 560cab21fc..e22863e60c 100644 --- a/src/cli.gaa +++ b/src/cli.gaa @@ -32,9 +32,6 @@ option (f, fingerprint) { $fingerprint = 1 } "Send the openpgp fingerprint, inst #int disable_extensions; option ( disable-extensions) { $disable_extensions = 1 } "Disable all the TLS extensions." -#int xml; -option (xml) { $xml = 1 } "Print the certificate information in XML format." - #int print_cert; option (print-cert) { $print_cert = 1 } "Print the certificate in PEM format." @@ -133,7 +130,7 @@ init { $resume=0; $port="443"; $rest_args=NULL; $ciphers=NULL; $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $record_size=0; $fingerprint=0; $pgp_trustdb=NULL; $pgp_keyring=NULL; $x509_crlfile = NULL; $x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL; $disable_extensions = 0; - $x509_keyfile=NULL; $x509_certfile=NULL; $crlf = 0; $xml = 0; + $x509_keyfile=NULL; $x509_certfile=NULL; $crlf = 0; $srp_username=NULL; $srp_passwd=NULL; $fmtder = 0; $starttls =0; $debug = 0; $print_cert = 0; $verbose = 0; $psk_key = NULL; $psk_username = NULL; diff --git a/src/common.c b/src/common.c index 3ec841d270..961c229374 100644 --- a/src/common.c +++ b/src/common.c @@ -34,7 +34,6 @@ #define SU(x) (x!=NULL?x:"Unknown") -int xml = 0; int print_cert; extern int verbose; @@ -88,7 +87,7 @@ print_x509_info (gnutls_session_t session, const char *hostname) { gnutls_x509_crt_t crt; const gnutls_datum_t *cert_list; - size_t cert_list_size = 0; + unsigned int cert_list_size = 0; int ret; char digest[20]; char serial[40]; @@ -165,132 +164,111 @@ print_x509_info (gnutls_session_t session, const char *hostname) } - if (xml) - { -#ifdef ENABLE_PKI - gnutls_datum_t xml_data; + expiret = gnutls_x509_crt_get_expiration_time (crt); + activet = gnutls_x509_crt_get_activation_time (crt); - ret = gnutls_x509_crt_to_xml (crt, &xml_data, 0); - if (ret < 0) - { - fprintf (stderr, "XML encoding error: %s\n", - gnutls_strerror (ret)); - return; - } + printf (" # valid since: %s", my_ctime (&activet)); + printf (" # expires at: %s", my_ctime (&expiret)); - printf ("%s", xml_data.data); - gnutls_free (xml_data.data); -#endif + + /* Print the serial number of the certificate. + */ + if (verbose + && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0) + { + print = raw_to_string (serial, serial_size); + if (print != NULL) + printf (" # serial number: %s\n", print); + } + + /* Print the fingerprint of the certificate + */ + digest_size = sizeof (digest); + if ((ret = + gnutls_x509_crt_get_fingerprint (crt, + GNUTLS_DIG_MD5, + digest, &digest_size)) < 0) + { + fprintf (stderr, + "Error in fingerprint calculation: %s\n", + gnutls_strerror (ret)); } else { + print = raw_to_string (digest, digest_size); + if (print != NULL) + printf (" # fingerprint: %s\n", print); + } - expiret = gnutls_x509_crt_get_expiration_time (crt); - activet = gnutls_x509_crt_get_activation_time (crt); - - printf (" # valid since: %s", my_ctime (&activet)); - printf (" # expires at: %s", my_ctime (&expiret)); - + /* Print the version of the X.509 + * certificate. + */ + if (verbose) + { + printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt)); - /* Print the serial number of the certificate. - */ - if (verbose - && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0) - { - print = raw_to_string (serial, serial_size); - if (print != NULL) - printf (" # serial number: %s\n", print); - } + bits = 0; + algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits); + printf (" # public key algorithm: "); - /* Print the fingerprint of the certificate - */ - digest_size = sizeof (digest); - if ((ret = - gnutls_x509_crt_get_fingerprint (crt, - GNUTLS_DIG_MD5, - digest, &digest_size)) < 0) - { - fprintf (stderr, - "Error in fingerprint calculation: %s\n", - gnutls_strerror (ret)); - } - else - { - print = raw_to_string (digest, digest_size); - if (print != NULL) - printf (" # fingerprint: %s\n", print); - } + cstr = SU (gnutls_pk_algorithm_get_name (algo)); + printf ("%s (%d bits)\n", cstr, bits); - /* Print the version of the X.509 - * certificate. - */ - if (verbose) +#ifdef ENABLE_PKI + if (algo == GNUTLS_PK_RSA) { - printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt)); - - bits = 0; - algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits); - printf (" # public key algorithm: "); - - cstr = SU (gnutls_pk_algorithm_get_name (algo)); - printf ("%s (%d bits)\n", cstr, bits); + gnutls_datum_t e, m; -#ifdef ENABLE_PKI - if (algo == GNUTLS_PK_RSA) + ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e); + if (ret >= 0) { - gnutls_datum_t e, m; - - ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e); - if (ret >= 0) - { - print = SU (raw_to_string (e.data, e.size)); - printf (" # e [%d bits]: %s\n", e.size * 8, print); + print = SU (raw_to_string (e.data, e.size)); + printf (" # e [%d bits]: %s\n", e.size * 8, print); - print = SU (raw_to_string (m.data, m.size)); - printf (" # m [%d bits]: %s\n", m.size * 8, print); + print = SU (raw_to_string (m.data, m.size)); + printf (" # m [%d bits]: %s\n", m.size * 8, print); - gnutls_free (e.data); - gnutls_free (m.data); - } + gnutls_free (e.data); + gnutls_free (m.data); } - else if (algo == GNUTLS_PK_DSA) - { - gnutls_datum_t p, q, g, y; + } + else if (algo == GNUTLS_PK_DSA) + { + gnutls_datum_t p, q, g, y; - ret = gnutls_x509_crt_get_pk_dsa_raw (crt, &p, &q, &g, &y); - if (ret >= 0) - { - print = SU (raw_to_string (p.data, p.size)); - printf (" # p [%d bits]: %s\n", p.size * 8, print); + ret = gnutls_x509_crt_get_pk_dsa_raw (crt, &p, &q, &g, &y); + if (ret >= 0) + { + print = SU (raw_to_string (p.data, p.size)); + printf (" # p [%d bits]: %s\n", p.size * 8, print); - print = SU (raw_to_string (q.data, q.size)); - printf (" # q [%d bits]: %s\n", q.size * 8, print); + print = SU (raw_to_string (q.data, q.size)); + printf (" # q [%d bits]: %s\n", q.size * 8, print); - print = SU (raw_to_string (g.data, g.size)); - printf (" # g [%d bits]: %s\n", g.size * 8, print); + print = SU (raw_to_string (g.data, g.size)); + printf (" # g [%d bits]: %s\n", g.size * 8, print); - print = SU (raw_to_string (y.data, y.size)); - printf (" # y [%d bits]: %s\n", y.size * 8, print); + print = SU (raw_to_string (y.data, y.size)); + printf (" # y [%d bits]: %s\n", y.size * 8, print); - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - gnutls_free (y.data); - } + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + gnutls_free (y.data); } -#endif } +#endif + } - dn_size = sizeof (dn); - ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size); - if (ret >= 0) - printf (" # Subject's DN: %s\n", dn); + dn_size = sizeof (dn); + ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size); + if (ret >= 0) + printf (" # Subject's DN: %s\n", dn); - dn_size = sizeof (dn); - ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size); - if (ret >= 0) - printf (" # Issuer's DN: %s\n", dn); - } + dn_size = sizeof (dn); + ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size); + if (ret >= 0) + printf (" # Issuer's DN: %s\n", dn); gnutls_x509_crt_deinit (crt); @@ -372,24 +350,6 @@ print_openpgp_info (gnutls_session_t session, const char *hostname) } } - if (xml) - { - gnutls_datum_t xml_data; - - ret = gnutls_openpgp_key_to_xml (crt, &xml_data, 0); - if (ret < 0) - { - fprintf (stderr, "XML encoding error: %s\n", - gnutls_strerror (ret)); - return; - } - - printf ("%s", xml_data.data); - gnutls_free (xml_data.data); - - return; - } - activet = gnutls_openpgp_key_get_creation_time (crt); expiret = gnutls_openpgp_key_get_expiration_time (crt); @@ -576,8 +536,8 @@ void print_cert_info (gnutls_session_t session, const char *hostname) { - if (gnutls_certificate_client_get_request_status( session) != 0) - printf("- Server has requested a certificate.\n"); + if (gnutls_certificate_client_get_request_status (session) != 0) + printf ("- Server has requested a certificate.\n"); printf ("- Certificate type: "); switch (gnutls_certificate_type_get (session)) @@ -618,19 +578,18 @@ print_list (int verbose) if (verbose) printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n", gnutls_kx_get_name (kx), - gnutls_cipher_get_name (cipher), - gnutls_mac_get_name (mac)); + gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac)); } } { - const gnutls_certificate_type_t *p = gnutls_certificate_type_list(); + const gnutls_certificate_type_t *p = gnutls_certificate_type_list (); printf ("Certificate types: "); for (; *p; p++) { printf ("%s", gnutls_certificate_type_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); @@ -638,13 +597,13 @@ print_list (int verbose) } { - const gnutls_protocol_t *p = gnutls_protocol_list(); + const gnutls_protocol_t *p = gnutls_protocol_list (); printf ("Protocols: "); for (; *p; p++) { printf ("%s", gnutls_protocol_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); @@ -652,13 +611,13 @@ print_list (int verbose) } { - const gnutls_cipher_algorithm_t *p = gnutls_cipher_list(); + const gnutls_cipher_algorithm_t *p = gnutls_cipher_list (); printf ("Ciphers: "); for (; *p; p++) { printf ("%s", gnutls_cipher_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); @@ -666,13 +625,13 @@ print_list (int verbose) } { - const gnutls_mac_algorithm_t *p = gnutls_mac_list(); + const gnutls_mac_algorithm_t *p = gnutls_mac_list (); printf ("MACs: "); for (; *p; p++) { printf ("%s", gnutls_mac_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); @@ -680,13 +639,13 @@ print_list (int verbose) } { - const gnutls_kx_algorithm_t *p = gnutls_kx_list(); + const gnutls_kx_algorithm_t *p = gnutls_kx_list (); printf ("Key exchange algorithms: "); for (; *p; p++) { printf ("%s", gnutls_kx_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); @@ -694,13 +653,13 @@ print_list (int verbose) } { - const gnutls_compression_method_t *p = gnutls_compression_list(); + const gnutls_compression_method_t *p = gnutls_compression_list (); printf ("Compression: "); for (; *p; p++) { printf ("%s", gnutls_compression_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); |