summaryrefslogtreecommitdiff
path: root/lib/x509
diff options
context:
space:
mode:
Diffstat (limited to 'lib/x509')
-rw-r--r--lib/x509/Makefile.am1
-rw-r--r--lib/x509/email-verify.c34
-rw-r--r--lib/x509/gnutls-idna.h52
-rw-r--r--lib/x509/hostname-verify.c37
-rw-r--r--lib/x509/output.c15
-rw-r--r--lib/x509/pkcs7-output.c1
6 files changed, 49 insertions, 91 deletions
diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am
index dc7e827cb8..afcc230f3f 100644
--- a/lib/x509/Makefile.am
+++ b/lib/x509/Makefile.am
@@ -36,7 +36,6 @@ libgnutls_x509_la_SOURCES = \
common.c key_encode.c \
common.h key_decode.c \
time.c \
- gnutls-idna.h \
crl.c \
crl_write.c \
crq.c \
diff --git a/lib/x509/email-verify.c b/lib/x509/email-verify.c
index e6a3b1773c..a96d5ca192 100644
--- a/lib/x509/email-verify.c
+++ b/lib/x509/email-verify.c
@@ -25,7 +25,6 @@
#include <common.h>
#include "errors.h"
#include <system.h>
-#include <gnutls-idna.h>
static int has_embedded_null(const char *str, unsigned size)
{
@@ -52,16 +51,19 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
char rfc822name[MAX_CN];
size_t rfc822namesize;
int found_rfc822name = 0;
- int ret = 0, rc;
+ int ret = 0;
int i = 0;
char *a_email;
char *a_rfc822name;
+ gnutls_datum_t out;
/* convert the provided email to ACE-Labels domain. */
- rc = idna_to_ascii_8z (email, &a_email, 0);
- if (rc != IDNA_SUCCESS) {
- _gnutls_debug_log("unable to convert email %s to IDNA format: %s\n", email, idna_strerror (rc));
+ ret = gnutls_idna_map(email, strlen(email), &out, 0);
+ if (ret < 0) {
+ _gnutls_debug_log("unable to convert email %s to IDNA format\n", email);
a_email = (char*)email;
+ } else {
+ a_email = (char*)out.data;
}
/* try matching against:
@@ -92,14 +94,16 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
continue;
}
- rc = idna_to_ascii_8z (rfc822name, &a_rfc822name, 0);
- if (rc != IDNA_SUCCESS) {
- _gnutls_debug_log("unable to convert rfc822name %s to IDNA format: %s\n", rfc822name, idna_strerror (rc));
+ ret = gnutls_idna_map(rfc822name, rfc822namesize, &out, 0);
+ if (ret < 0) {
+ _gnutls_debug_log("unable to convert rfc822name %s to IDNA format\n", rfc822name);
continue;
}
+ a_rfc822name = (char*)out.data;
+
ret = _gnutls_hostname_compare(a_rfc822name, strlen(a_rfc822name), a_email, GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS);
- idn_free(a_rfc822name);
+ gnutls_free(a_rfc822name);
if (ret != 0) {
ret = 1;
@@ -138,16 +142,18 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
goto cleanup;
}
- rc = idna_to_ascii_8z (rfc822name, &a_rfc822name, 0);
- if (rc != IDNA_SUCCESS) {
- _gnutls_debug_log("unable to convert EMAIL %s to IDNA format: %s\n", rfc822name, idna_strerror (rc));
+ ret = gnutls_idna_map (rfc822name, rfc822namesize, &out, 0);
+ if (ret < 0) {
+ _gnutls_debug_log("unable to convert EMAIL %s to IDNA format\n", rfc822name);
ret = 0;
goto cleanup;
}
+ a_rfc822name = (char*)out.data;
+
ret = _gnutls_hostname_compare(a_rfc822name, strlen(a_rfc822name), a_email, GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS);
- idn_free(a_rfc822name);
+ gnutls_free(a_rfc822name);
if (ret != 0) {
ret = 1;
@@ -160,7 +166,7 @@ gnutls_x509_crt_check_email(gnutls_x509_crt_t cert,
ret = 0;
cleanup:
if (a_email != email) {
- idn_free(a_email);
+ gnutls_free(a_email);
}
return ret;
}
diff --git a/lib/x509/gnutls-idna.h b/lib/x509/gnutls-idna.h
deleted file mode 100644
index 291dddccd4..0000000000
--- a/lib/x509/gnutls-idna.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2014 Red Hat
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-#ifndef _GNUTLS_IDNA_H
-# define _GNUTLS_IDNA_H
-
-#include <config.h>
-
-#ifdef HAVE_LIBIDN
-# include <idna.h>
-# include <idn-free.h>
-
-#else /* #ifndef HAVE_LIBIDN */
-
-#define IDNA_SUCCESS 0
-
-static inline
-int idna_to_ascii_8z(const char * input, char ** output, int flags)
-{
- *output = (char*)input;
- return 0;
-}
-
-#define idn_free(x)
-
-static inline
-const char *idna_strerror(int ret)
-{
- return "";
-}
-#endif
-
-#endif
diff --git a/lib/x509/hostname-verify.c b/lib/x509/hostname-verify.c
index fcbb987e64..1491b0ac52 100644
--- a/lib/x509/hostname-verify.c
+++ b/lib/x509/hostname-verify.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2003-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2003-2016 Free Software Foundation, Inc.
+ * Copyright (C) 2015-2016 Red Hat, Inc.
* Copyright (C) 2002 Andrew McDonald
*
* This file is part of GnuTLS.
@@ -25,7 +26,6 @@
#include <common.h>
#include "errors.h"
#include <system.h>
-#include <gnutls-idna.h>
/**
* gnutls_x509_crt_check_hostname:
@@ -123,12 +123,13 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
char dnsname[MAX_CN];
size_t dnsnamesize;
int found_dnsname = 0;
- int ret = 0, rc;
+ int ret = 0;
int i = 0;
struct in_addr ipv4;
char *p = NULL;
char *a_hostname;
char *a_dnsname;
+ gnutls_datum_t out;
/* check whether @hostname is an ip address */
if ((p=strchr(hostname, ':')) != NULL || inet_aton(hostname, &ipv4) != 0) {
@@ -156,10 +157,12 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
hostname_fallback:
/* convert the provided hostname to ACE-Labels domain. */
- rc = idna_to_ascii_8z (hostname, &a_hostname, 0);
- if (rc != IDNA_SUCCESS) {
- _gnutls_debug_log("unable to convert hostname %s to IDNA format: %s\n", hostname, idna_strerror (rc));
+ ret = gnutls_idna_map (hostname, strlen(hostname), &out, 0);
+ if (ret < 0) {
+ _gnutls_debug_log("unable to convert hostname %s to IDNA format\n", hostname);
a_hostname = (char*)hostname;
+ } else {
+ a_hostname = (char*)out.data;
}
/* try matching against:
@@ -192,14 +195,16 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
continue;
}
- rc = idna_to_ascii_8z (dnsname, &a_dnsname, 0);
- if (rc != IDNA_SUCCESS) {
- _gnutls_debug_log("unable to convert dnsname %s to IDNA format: %s\n", dnsname, idna_strerror (rc));
+ ret = gnutls_idna_map (dnsname, dnsnamesize, &out, 0);
+ if (ret < 0) {
+ _gnutls_debug_log("unable to convert dnsname %s to IDNA format\n", dnsname);
continue;
}
+ a_dnsname = (char*)out.data;
+
ret = _gnutls_hostname_compare(a_dnsname, strlen(a_dnsname), a_hostname, flags);
- idn_free(a_dnsname);
+ gnutls_free(a_dnsname);
if (ret != 0) {
ret = 1;
@@ -241,16 +246,18 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
goto cleanup;
}
- rc = idna_to_ascii_8z (dnsname, &a_dnsname, 0);
- if (rc != IDNA_SUCCESS) {
- _gnutls_debug_log("unable to convert CN %s to IDNA format: %s\n", dnsname, idna_strerror (rc));
+ ret = gnutls_idna_map (dnsname, dnsnamesize, &out, 0);
+ if (ret < 0) {
+ _gnutls_debug_log("unable to convert CN %s to IDNA format\n", dnsname);
ret = 0;
goto cleanup;
}
+ a_dnsname = (char*)out.data;
+
ret = _gnutls_hostname_compare(a_dnsname, strlen(a_dnsname), a_hostname, flags);
- idn_free(a_dnsname);
+ gnutls_free(a_dnsname);
if (ret != 0) {
ret = 1;
@@ -263,7 +270,7 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
ret = 0;
cleanup:
if (a_hostname != hostname) {
- idn_free(a_hostname);
+ gnutls_free(a_hostname);
}
return ret;
}
diff --git a/lib/x509/output.c b/lib/x509/output.c
index bd4d3dba8c..a6b0b64e8a 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -32,7 +32,6 @@
#include "errors.h"
#include <extras/randomart.h>
#include <c-ctype.h>
-#include <gnutls-idna.h>
#include "extensions.h"
#include "ip.h"
@@ -52,6 +51,7 @@ unsigned non_ascii = 0;
#ifdef HAVE_LIBIDN
unsigned i;
#endif
+int ret;
if ((type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_OTHERNAME_XMPP
|| type == GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL
@@ -76,16 +76,15 @@ unsigned i;
#endif
if (non_ascii != 0) {
- char *s;
- int rc;
+ gnutls_datum_t out;
- rc = idna_to_ascii_8z((char*)name->data, &s, 0);
- if (rc == IDNA_SUCCESS) {
- addf(str, _("%sDNSname: %.*s (%s)\n"), prefix, name->size, NON_NULL(name->data), s);
- idn_free(s);
- } else {
+ ret = gnutls_idna_map((char*)name->data, name->size, &out, 0);
+ if (ret < 0) {
adds(str, _("note: DNSname is not in UTF-8.\n"));
addf(str, _("%sDNSname: %.*s\n"), prefix, name->size, NON_NULL(name->data));
+ } else {
+ addf(str, _("%sDNSname: %.*s (%s)\n"), prefix, name->size, NON_NULL(name->data), (char*)out.data);
+ gnutls_free(out.data);
}
} else {
addf(str, _("%sDNSname: %.*s\n"), prefix, name->size, NON_NULL(name->data));
diff --git a/lib/x509/pkcs7-output.c b/lib/x509/pkcs7-output.c
index 3042720108..26cdc1cb3e 100644
--- a/lib/x509/pkcs7-output.c
+++ b/lib/x509/pkcs7-output.c
@@ -28,7 +28,6 @@
#include "errors.h"
#include <extras/randomart.h>
#include <pkcs7_int.h>
-#include <gnutls-idna.h>
#define addf _gnutls_buffer_append_printf
#define adds _gnutls_buffer_append_str
View Lorry Controller Status