diff options
Diffstat (limited to 'lib/x509')
-rw-r--r-- | lib/x509/Makefile.am | 1 | ||||
-rw-r--r-- | lib/x509/email-verify.c | 34 | ||||
-rw-r--r-- | lib/x509/gnutls-idna.h | 52 | ||||
-rw-r--r-- | lib/x509/hostname-verify.c | 37 | ||||
-rw-r--r-- | lib/x509/output.c | 15 | ||||
-rw-r--r-- | lib/x509/pkcs7-output.c | 1 |
6 files changed, 49 insertions, 91 deletions
diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am index dc7e827cb8..afcc230f3f 100644 --- a/lib/x509/Makefile.am +++ b/lib/x509/Makefile.am @@ -36,7 +36,6 @@ libgnutls_x509_la_SOURCES = \ common.c key_encode.c \ common.h key_decode.c \ time.c \ - gnutls-idna.h \ crl.c \ crl_write.c \ crq.c \ diff --git a/lib/x509/email-verify.c b/lib/x509/email-verify.c index e6a3b1773c..a96d5ca192 100644 --- a/lib/x509/email-verify.c +++ b/lib/x509/email-verify.c @@ -25,7 +25,6 @@ #include <common.h> #include "errors.h" #include <system.h> -#include <gnutls-idna.h> static int has_embedded_null(const char *str, unsigned size) { @@ -52,16 +51,19 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, char rfc822name[MAX_CN]; size_t rfc822namesize; int found_rfc822name = 0; - int ret = 0, rc; + int ret = 0; int i = 0; char *a_email; char *a_rfc822name; + gnutls_datum_t out; /* convert the provided email to ACE-Labels domain. */ - rc = idna_to_ascii_8z (email, &a_email, 0); - if (rc != IDNA_SUCCESS) { - _gnutls_debug_log("unable to convert email %s to IDNA format: %s\n", email, idna_strerror (rc)); + ret = gnutls_idna_map(email, strlen(email), &out, 0); + if (ret < 0) { + _gnutls_debug_log("unable to convert email %s to IDNA format\n", email); a_email = (char*)email; + } else { + a_email = (char*)out.data; } /* try matching against: @@ -92,14 +94,16 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, continue; } - rc = idna_to_ascii_8z (rfc822name, &a_rfc822name, 0); - if (rc != IDNA_SUCCESS) { - _gnutls_debug_log("unable to convert rfc822name %s to IDNA format: %s\n", rfc822name, idna_strerror (rc)); + ret = gnutls_idna_map(rfc822name, rfc822namesize, &out, 0); + if (ret < 0) { + _gnutls_debug_log("unable to convert rfc822name %s to IDNA format\n", rfc822name); continue; } + a_rfc822name = (char*)out.data; + ret = _gnutls_hostname_compare(a_rfc822name, strlen(a_rfc822name), a_email, GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS); - idn_free(a_rfc822name); + gnutls_free(a_rfc822name); if (ret != 0) { ret = 1; @@ -138,16 +142,18 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, goto cleanup; } - rc = idna_to_ascii_8z (rfc822name, &a_rfc822name, 0); - if (rc != IDNA_SUCCESS) { - _gnutls_debug_log("unable to convert EMAIL %s to IDNA format: %s\n", rfc822name, idna_strerror (rc)); + ret = gnutls_idna_map (rfc822name, rfc822namesize, &out, 0); + if (ret < 0) { + _gnutls_debug_log("unable to convert EMAIL %s to IDNA format\n", rfc822name); ret = 0; goto cleanup; } + a_rfc822name = (char*)out.data; + ret = _gnutls_hostname_compare(a_rfc822name, strlen(a_rfc822name), a_email, GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS); - idn_free(a_rfc822name); + gnutls_free(a_rfc822name); if (ret != 0) { ret = 1; @@ -160,7 +166,7 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert, ret = 0; cleanup: if (a_email != email) { - idn_free(a_email); + gnutls_free(a_email); } return ret; } diff --git a/lib/x509/gnutls-idna.h b/lib/x509/gnutls-idna.h deleted file mode 100644 index 291dddccd4..0000000000 --- a/lib/x509/gnutls-idna.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (C) 2014 Red Hat - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -#ifndef _GNUTLS_IDNA_H -# define _GNUTLS_IDNA_H - -#include <config.h> - -#ifdef HAVE_LIBIDN -# include <idna.h> -# include <idn-free.h> - -#else /* #ifndef HAVE_LIBIDN */ - -#define IDNA_SUCCESS 0 - -static inline -int idna_to_ascii_8z(const char * input, char ** output, int flags) -{ - *output = (char*)input; - return 0; -} - -#define idn_free(x) - -static inline -const char *idna_strerror(int ret) -{ - return ""; -} -#endif - -#endif diff --git a/lib/x509/hostname-verify.c b/lib/x509/hostname-verify.c index fcbb987e64..1491b0ac52 100644 --- a/lib/x509/hostname-verify.c +++ b/lib/x509/hostname-verify.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2003-2012 Free Software Foundation, Inc. + * Copyright (C) 2003-2016 Free Software Foundation, Inc. + * Copyright (C) 2015-2016 Red Hat, Inc. * Copyright (C) 2002 Andrew McDonald * * This file is part of GnuTLS. @@ -25,7 +26,6 @@ #include <common.h> #include "errors.h" #include <system.h> -#include <gnutls-idna.h> /** * gnutls_x509_crt_check_hostname: @@ -123,12 +123,13 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, char dnsname[MAX_CN]; size_t dnsnamesize; int found_dnsname = 0; - int ret = 0, rc; + int ret = 0; int i = 0; struct in_addr ipv4; char *p = NULL; char *a_hostname; char *a_dnsname; + gnutls_datum_t out; /* check whether @hostname is an ip address */ if ((p=strchr(hostname, ':')) != NULL || inet_aton(hostname, &ipv4) != 0) { @@ -156,10 +157,12 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, hostname_fallback: /* convert the provided hostname to ACE-Labels domain. */ - rc = idna_to_ascii_8z (hostname, &a_hostname, 0); - if (rc != IDNA_SUCCESS) { - _gnutls_debug_log("unable to convert hostname %s to IDNA format: %s\n", hostname, idna_strerror (rc)); + ret = gnutls_idna_map (hostname, strlen(hostname), &out, 0); + if (ret < 0) { + _gnutls_debug_log("unable to convert hostname %s to IDNA format\n", hostname); a_hostname = (char*)hostname; + } else { + a_hostname = (char*)out.data; } /* try matching against: @@ -192,14 +195,16 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, continue; } - rc = idna_to_ascii_8z (dnsname, &a_dnsname, 0); - if (rc != IDNA_SUCCESS) { - _gnutls_debug_log("unable to convert dnsname %s to IDNA format: %s\n", dnsname, idna_strerror (rc)); + ret = gnutls_idna_map (dnsname, dnsnamesize, &out, 0); + if (ret < 0) { + _gnutls_debug_log("unable to convert dnsname %s to IDNA format\n", dnsname); continue; } + a_dnsname = (char*)out.data; + ret = _gnutls_hostname_compare(a_dnsname, strlen(a_dnsname), a_hostname, flags); - idn_free(a_dnsname); + gnutls_free(a_dnsname); if (ret != 0) { ret = 1; @@ -241,16 +246,18 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, goto cleanup; } - rc = idna_to_ascii_8z (dnsname, &a_dnsname, 0); - if (rc != IDNA_SUCCESS) { - _gnutls_debug_log("unable to convert CN %s to IDNA format: %s\n", dnsname, idna_strerror (rc)); + ret = gnutls_idna_map (dnsname, dnsnamesize, &out, 0); + if (ret < 0) { + _gnutls_debug_log("unable to convert CN %s to IDNA format\n", dnsname); ret = 0; goto cleanup; } + a_dnsname = (char*)out.data; + ret = _gnutls_hostname_compare(a_dnsname, strlen(a_dnsname), a_hostname, flags); - idn_free(a_dnsname); + gnutls_free(a_dnsname); if (ret != 0) { ret = 1; @@ -263,7 +270,7 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, ret = 0; cleanup: if (a_hostname != hostname) { - idn_free(a_hostname); + gnutls_free(a_hostname); } return ret; } diff --git a/lib/x509/output.c b/lib/x509/output.c index bd4d3dba8c..a6b0b64e8a 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -32,7 +32,6 @@ #include "errors.h" #include <extras/randomart.h> #include <c-ctype.h> -#include <gnutls-idna.h> #include "extensions.h" #include "ip.h" @@ -52,6 +51,7 @@ unsigned non_ascii = 0; #ifdef HAVE_LIBIDN unsigned i; #endif +int ret; if ((type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_OTHERNAME_XMPP || type == GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL @@ -76,16 +76,15 @@ unsigned i; #endif if (non_ascii != 0) { - char *s; - int rc; + gnutls_datum_t out; - rc = idna_to_ascii_8z((char*)name->data, &s, 0); - if (rc == IDNA_SUCCESS) { - addf(str, _("%sDNSname: %.*s (%s)\n"), prefix, name->size, NON_NULL(name->data), s); - idn_free(s); - } else { + ret = gnutls_idna_map((char*)name->data, name->size, &out, 0); + if (ret < 0) { adds(str, _("note: DNSname is not in UTF-8.\n")); addf(str, _("%sDNSname: %.*s\n"), prefix, name->size, NON_NULL(name->data)); + } else { + addf(str, _("%sDNSname: %.*s (%s)\n"), prefix, name->size, NON_NULL(name->data), (char*)out.data); + gnutls_free(out.data); } } else { addf(str, _("%sDNSname: %.*s\n"), prefix, name->size, NON_NULL(name->data)); diff --git a/lib/x509/pkcs7-output.c b/lib/x509/pkcs7-output.c index 3042720108..26cdc1cb3e 100644 --- a/lib/x509/pkcs7-output.c +++ b/lib/x509/pkcs7-output.c @@ -28,7 +28,6 @@ #include "errors.h" #include <extras/randomart.h> #include <pkcs7_int.h> -#include <gnutls-idna.h> #define addf _gnutls_buffer_append_printf #define adds _gnutls_buffer_append_str |