diff options
Diffstat (limited to 'src/cli.c')
| -rw-r--r-- | src/cli.c | 468 |
1 files changed, 266 insertions, 202 deletions
@@ -48,12 +48,16 @@ /* global stuff here */ int resume; -char* hostname; +char *hostname=NULL; int port; int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; -int kx_priority[16] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH, 0 }; -int cipher_priority[16] = { GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0}; +int kx_priority[16] = + { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, +GNUTLS_KX_ANON_DH, 0 }; +int cipher_priority[16] = + { GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC, +GNUTLS_CIPHER_ARCFOUR, 0 }; int comp_priority[16] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; int mac_priority[16] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; int cert_type_priority[16] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; @@ -73,49 +77,51 @@ int cert_type_priority[16] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; #define CLICERTFILE_PGP "openpgp/cli_pub.asc" #define CLIRINGFILE_PGP "openpgp/cli_ring.gpg" -static int cert_callback( GNUTLS_STATE state, const gnutls_datum *client_certs, int ncerts, const gnutls_datum* req_ca_cert, int nreqs) { +static int cert_callback(GNUTLS_STATE state, + const gnutls_datum * client_certs, int ncerts, + const gnutls_datum * req_ca_cert, int nreqs) +{ - if (client_certs==NULL) { - return 0; /* means the we will only be called again - * if the library cannot determine which - * certificate to send - */ + if (client_certs == NULL) { + return 0; /* means the we will only be called again + * if the library cannot determine which + * certificate to send + */ } - #if 0 /* here we should prompt the user and ask him * which certificate to choose. Too bored to * implement that. --nmav */ - for (i=0;i<ncerts;i++){ + for (i = 0; i < ncerts; i++) { fprintf(stderr, "%s.", client_cert->common_name); fprintf(stderr, "%s\n", issuer_cert->common_name); } - for (i=0;i<nreqs;i++){ + for (i = 0; i < nreqs; i++) { fprintf(stderr, "%s.", req_ca_cert->common_name); } fprintf(stderr, "\n"); return 0; #endif - return -1; /* send no certificate to the peer */ + return -1; /* send no certificate to the peer */ } -static void gaa_parser( int argc, char** argv); +static void gaa_parser(int argc, char **argv); -int main(int argc, char** argv) +int main(int argc, char **argv) { int err, ret; int sd, ii; struct sockaddr_in sa; GNUTLS_STATE state; - char buffer[MAX_BUF+1]; + char buffer[MAX_BUF + 1]; char *session; - char* session_id; + char *session_id; int session_size; int session_id_size; - char* tmp_session_id; + char *tmp_session_id; int tmp_session_id_size; fd_set rset; int maxfd; @@ -124,73 +130,84 @@ int main(int argc, char** argv) GNUTLS_SRP_CLIENT_CREDENTIALS cred; GNUTLS_ANON_CLIENT_CREDENTIALS anon_cred; GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS xcred; - struct hostent* server_host; - + struct hostent *server_host; + gaa_parser(argc, argv); - - signal( SIGPIPE, SIG_IGN); - + + signal(SIGPIPE, SIG_IGN); + if (gnutls_global_init() < 0) { fprintf(stderr, "global state initialization error\n"); exit(1); } + printf("Connecting to %s...\n", hostname); /* get server name */ - server_host = gethostbyname( hostname); - if (server_host==NULL) { + server_host = gethostbyname(hostname); + if (server_host == NULL) { fprintf(stderr, "Cannot resolve %s\n", hostname); exit(1); } /* X509 stuff */ - if (gnutls_certificate_allocate_client_sc( &xcred) < 0) { /* space for 2 certificates */ + if (gnutls_certificate_allocate_client_sc(&xcred) < 0) { /* space for 2 certificates */ fprintf(stderr, "memory error\n"); exit(1); } - ret=gnutls_certificate_set_x509_trust_file( xcred, CAFILE, CRLFILE); + ret = + gnutls_certificate_set_x509_trust_file(xcred, CAFILE, CRLFILE); if (ret < 0) { fprintf(stderr, "Error setting the x509 trust file\n"); exit(1); } - - ret=gnutls_certificate_set_x509_key_file( xcred, CLICERTFILE1, CLIKEYFILE1); + + ret = + gnutls_certificate_set_x509_key_file(xcred, CLICERTFILE1, + CLIKEYFILE1); if (ret < 0) { fprintf(stderr, "Error setting the x509 key file\n"); exit(1); } - ret=gnutls_certificate_set_x509_key_file( xcred, CLICERTFILE2, CLIKEYFILE2); + ret = + gnutls_certificate_set_x509_key_file(xcred, CLICERTFILE2, + CLIKEYFILE2); if (ret < 0) { fprintf(stderr, "Error setting the x509 key file\n"); exit(1); } - ret=gnutls_certificate_set_openpgp_key_file( xcred, CLICERTFILE_PGP, CLIKEYFILE_PGP); + ret = + gnutls_certificate_set_openpgp_key_file(xcred, CLICERTFILE_PGP, + CLIKEYFILE_PGP); if (ret < 0) { fprintf(stderr, "Error setting the OpenPGP key file\n"); exit(1); } - ret=gnutls_certificate_set_openpgp_keyring_file( xcred, CLIRINGFILE_PGP); + ret = + gnutls_certificate_set_openpgp_keyring_file(xcred, + CLIRINGFILE_PGP); if (ret < 0) { - fprintf(stderr, "Error setting the OpenPGP keyring file\n"); + fprintf(stderr, + "Error setting the OpenPGP keyring file\n"); exit(1); } /* gnutls_certificate_client_callback_func( xcred, cert_callback); */ /* SRP stuff */ - if (gnutls_srp_allocate_client_sc( &cred)<0) { + if (gnutls_srp_allocate_client_sc(&cred) < 0) { fprintf(stderr, "memory error\n"); exit(1); } - gnutls_srp_set_client_cred( cred, "test", "test"); + gnutls_srp_set_client_cred(cred, "test", "test"); /* ANON stuff */ - if (gnutls_anon_allocate_client_sc( &anon_cred)<0) { + if (gnutls_anon_allocate_client_sc(&anon_cred) < 0) { fprintf(stderr, "memory error\n"); exit(1); } - + sd = socket(AF_INET, SOCK_STREAM, 0); ERR(sd, "socket"); @@ -198,111 +215,120 @@ int main(int argc, char** argv) sa.sin_family = AF_INET; sa.sin_port = htons(port); - sa.sin_addr.s_addr = *((unsigned int*)server_host->h_addr); + sa.sin_addr.s_addr = *((unsigned int *) server_host->h_addr); - inet_ntop( AF_INET, &sa.sin_addr, buffer, MAX_BUF); + inet_ntop(AF_INET, &sa.sin_addr, buffer, MAX_BUF); fprintf(stderr, "Connecting to '%s'...\n", buffer); - + err = connect(sd, (SA *) & sa, sizeof(sa)); ERR(err, "connect"); - if (resume!=0) { - gnutls_init(&state, GNUTLS_CLIENT); - - gnutls_cipher_set_priority(state, cipher_priority); - gnutls_compression_set_priority(state, comp_priority); - gnutls_kx_set_priority(state, kx_priority); - gnutls_protocol_set_priority( state, protocol_priority); - gnutls_mac_set_priority(state, mac_priority); - gnutls_cert_type_set_priority(state, cert_type_priority); + if (resume != 0) { + gnutls_init(&state, GNUTLS_CLIENT); + + gnutls_cipher_set_priority(state, cipher_priority); + gnutls_compression_set_priority(state, comp_priority); + gnutls_kx_set_priority(state, kx_priority); + gnutls_protocol_set_priority(state, protocol_priority); + gnutls_mac_set_priority(state, mac_priority); + gnutls_cert_type_set_priority(state, cert_type_priority); + + gnutls_dh_set_prime_bits(state, 1024); + + gnutls_cred_set(state, GNUTLS_CRD_ANON, anon_cred); + gnutls_cred_set(state, GNUTLS_CRD_SRP, cred); + gnutls_cred_set(state, GNUTLS_CRD_CERTIFICATE, xcred); - gnutls_dh_set_prime_bits( state, 1024); - - gnutls_cred_set( state, GNUTLS_CRD_ANON, anon_cred); - gnutls_cred_set( state, GNUTLS_CRD_SRP, cred); - gnutls_cred_set( state, GNUTLS_CRD_CERTIFICATE, xcred); + /* use the max record size extension */ + gnutls_record_set_max_size(state, 2048); - /* use the max record size extension */ - gnutls_record_set_max_size( state, 2048); - /* This TLS extension may break old implementations. */ - gnutls_transport_set_ptr( state, sd); - do { - ret = gnutls_handshake( state); - } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); - - if (ret < 0) { - if (ret==GNUTLS_E_WARNING_ALERT_RECEIVED || ret==GNUTLS_E_FATAL_ALERT_RECEIVED) - printf("*** Received alert [%d]\n", gnutls_alert_get_last(state)); + gnutls_transport_set_ptr(state, sd); + do { + ret = gnutls_handshake(state); + } while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); + + if (ret < 0) { + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) + printf("*** Received alert [%d]\n", + gnutls_alert_get_last(state)); + + fprintf(stderr, "*** Handshake has failed\n"); + gnutls_perror(ret); + gnutls_deinit(state); + return 1; + } else { + printf("- Handshake was completed\n"); + } - fprintf(stderr, "*** Handshake has failed\n"); - gnutls_perror(ret); - gnutls_deinit(state); - return 1; - } else { - printf("- Handshake was completed\n"); - } - - gnutls_session_get_data( state, NULL, &session_size); - session = malloc(session_size); - gnutls_session_get_data( state, session, &session_size); + gnutls_session_get_data(state, NULL, &session_size); + session = malloc(session_size); + gnutls_session_get_data(state, session, &session_size); - gnutls_session_get_id( state, NULL, &session_id_size); - session_id = malloc(session_id_size); - gnutls_session_get_id( state, session_id, &session_id_size); + gnutls_session_get_id(state, NULL, &session_id_size); + session_id = malloc(session_id_size); + gnutls_session_get_id(state, session_id, &session_id_size); /* print some information */ - print_info( state); + print_info(state); - printf("- Disconnecting\n"); - do { - ret = gnutls_bye( state, GNUTLS_SHUT_RDWR); - } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); - - shutdown( sd, SHUT_WR); - close(sd); - gnutls_deinit( state); + printf("- Disconnecting\n"); + do { + ret = gnutls_bye(state, GNUTLS_SHUT_RDWR); + } while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); - printf("\n\n- Connecting again- trying to resume previous session\n"); - sd = socket(AF_INET, SOCK_STREAM, 0); - ERR(sd, "socket"); + shutdown(sd, SHUT_WR); + close(sd); - err = connect(sd, (SA *) & sa, sizeof(sa)); - ERR(err, "connect"); + gnutls_deinit(state); - } /* resume */ + printf + ("\n\n- Connecting again- trying to resume previous session\n"); + sd = socket(AF_INET, SOCK_STREAM, 0); + ERR(sd, "socket"); + err = connect(sd, (SA *) & sa, sizeof(sa)); + ERR(err, "connect"); + + } + + /* resume */ /* Begin handshake again */ gnutls_init(&state, GNUTLS_CLIENT); - + gnutls_cipher_set_priority(state, cipher_priority); gnutls_compression_set_priority(state, comp_priority); gnutls_kx_set_priority(state, kx_priority); - gnutls_protocol_set_priority( state, protocol_priority); + gnutls_protocol_set_priority(state, protocol_priority); gnutls_mac_set_priority(state, mac_priority); gnutls_cert_type_set_priority(state, cert_type_priority); - gnutls_dh_set_prime_bits( state, 1024); + gnutls_dh_set_prime_bits(state, 1024); - gnutls_cred_set( state, GNUTLS_CRD_ANON, anon_cred); - gnutls_cred_set( state, GNUTLS_CRD_SRP, cred); - gnutls_cred_set( state, GNUTLS_CRD_CERTIFICATE, xcred); + gnutls_cred_set(state, GNUTLS_CRD_ANON, anon_cred); + gnutls_cred_set(state, GNUTLS_CRD_SRP, cred); + gnutls_cred_set(state, GNUTLS_CRD_CERTIFICATE, xcred); -#ifdef RESUME - gnutls_session_set_data( state, session, session_size); - free(session); -#endif + if (resume != 0) { + gnutls_session_set_data(state, session, session_size); + free(session); + } - gnutls_transport_set_ptr( state, sd); + gnutls_transport_set_ptr(state, sd); do { - ret = gnutls_handshake( state); - } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); + ret = gnutls_handshake(state); + } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); if (ret < 0) { - if (ret==GNUTLS_E_WARNING_ALERT_RECEIVED || ret==GNUTLS_E_FATAL_ALERT_RECEIVED) - printf("*** Received alert [%d]\n", gnutls_alert_get_last(state)); + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) + printf("*** Received alert [%d]\n", + gnutls_alert_get_last(state)); fprintf(stderr, "*** Handshake failed\n"); gnutls_perror(ret); gnutls_deinit(state); @@ -311,117 +337,147 @@ int main(int argc, char** argv) printf("- Handshake was completed\n"); } - /* check if we actually resumed the previous session */ - gnutls_session_get_id( state, NULL, &tmp_session_id_size); - tmp_session_id = malloc(tmp_session_id_size); - gnutls_session_get_id( state, tmp_session_id, &tmp_session_id_size); - - if (memcmp( tmp_session_id, session_id, session_id_size)==0) { - printf("- Previous session was resumed\n"); - } else { - fprintf(stderr, "*** Previous session was NOT resumed\n"); + if (resume != 0) { + /* check if we actually resumed the previous session */ + gnutls_session_get_id(state, NULL, &tmp_session_id_size); + tmp_session_id = malloc(tmp_session_id_size); + gnutls_session_get_id(state, tmp_session_id, &tmp_session_id_size); + + if (memcmp(tmp_session_id, session_id, session_id_size) == + 0) { + printf("- Previous session was resumed\n"); + } else { + fprintf(stderr, + "*** Previous session was NOT resumed\n"); + } + free(tmp_session_id); + free(session_id); } - free(tmp_session_id); - free(session_id); - /* print some information */ - print_info( state); - + print_info(state); + printf("\n- Simple Client Mode:\n\n"); FD_ZERO(&rset); - for(;;) { + for (;;) { FD_SET(fileno(stdin), &rset); FD_SET(sd, &rset); - + maxfd = MAX(fileno(stdin), sd); tv.tv_sec = 3; tv.tv_usec = 0; - select(maxfd+1, &rset, NULL, NULL, &tv); + select(maxfd + 1, &rset, NULL, NULL, &tv); if (FD_ISSET(sd, &rset)) { - bzero(buffer, MAX_BUF+1); + bzero(buffer, MAX_BUF + 1); do { - ret = gnutls_read( state, buffer, MAX_BUF); - } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); + ret = gnutls_read(state, buffer, MAX_BUF); + } while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); /* remove new line */ - if (gnutls_error_is_fatal(ret) == 1 || ret==0) { + if (gnutls_error_is_fatal(ret) == 1 || ret == 0) { if (ret == 0) { - printf("- Peer has closed the GNUTLS connection\n"); + printf + ("- Peer has closed the GNUTLS connection\n"); break; } else { - fprintf(stderr, "*** Received corrupted data(%d) - server has terminated the connection abnormally\n", + fprintf(stderr, + "*** Received corrupted data(%d) - server has terminated the connection abnormally\n", ret); break; } } else { - if (ret==GNUTLS_E_WARNING_ALERT_RECEIVED || ret==GNUTLS_E_FATAL_ALERT_RECEIVED) - printf("* Received alert [%d]\n", gnutls_alert_get_last(state)); - if (ret==GNUTLS_E_REHANDSHAKE) { - - /* There is a race condition here. If application - * data is sent after the rehandshake request, - * the server thinks we ignored his request. - * This is a bad design of this client. - */ - printf("* Received rehandshake request\n"); + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == + GNUTLS_E_FATAL_ALERT_RECEIVED) + printf("* Received alert [%d]\n", + gnutls_alert_get_last + (state)); + if (ret == GNUTLS_E_REHANDSHAKE) { + + /* There is a race condition here. If application + * data is sent after the rehandshake request, + * the server thinks we ignored his request. + * This is a bad design of this client. + */ + printf + ("* Received rehandshake request\n"); /* gnutls_alert_send( state, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); */ do { - ret = gnutls_handshake( state); - } while( ret==GNUTLS_E_AGAIN || ret==GNUTLS_E_INTERRUPTED); - - if (ret==0) printf("* Rehandshake was performed\n"); + ret = + gnutls_handshake + (state); + } while (ret == GNUTLS_E_AGAIN + || ret == + GNUTLS_E_INTERRUPTED); + + if (ret == 0) + printf + ("* Rehandshake was performed\n"); else { - printf("* Rehandshake Failed [%d]\n", ret); + printf + ("* Rehandshake Failed [%d]\n", + ret); } } if (ret > 0) { printf("- Received[%d]: ", ret); - for (ii=0;ii<ret;ii++) { + for (ii = 0; ii < ret; ii++) { fputc(buffer[ii], stdout); } fputs("\n", stdout); } } - if (user_term!=0) break; + if (user_term != 0) + break; } if (FD_ISSET(fileno(stdin), &rset)) { - if( fgets(buffer, MAX_BUF, stdin) == NULL) { + if (fgets(buffer, MAX_BUF, stdin) == NULL) { do { - ret = gnutls_bye( state, GNUTLS_SHUT_WR); - } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); + ret = + gnutls_bye(state, + GNUTLS_SHUT_WR); + } while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); user_term = 1; continue; } do { - ret = gnutls_write( state, buffer, strlen(buffer)); - } while(ret==GNUTLS_E_AGAIN || ret==GNUTLS_E_INTERRUPTED); + ret = + gnutls_write(state, buffer, + strlen(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); printf("- Sent: %d bytes\n", ret); } } - if (user_term!=0) do ret = gnutls_bye( state, GNUTLS_SHUT_RDWR); - while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); + if (user_term != 0) + do + ret = gnutls_bye(state, GNUTLS_SHUT_RDWR); + while (ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_AGAIN); - shutdown( sd, SHUT_RDWR); /* no more receptions */ + shutdown(sd, SHUT_RDWR); /* no more receptions */ close(sd); - - gnutls_deinit( state); - gnutls_srp_free_client_sc( cred); - gnutls_certificate_free_client_sc( xcred); - gnutls_anon_free_client_sc( anon_cred); + gnutls_deinit(state); + + gnutls_srp_free_client_sc(cred); + gnutls_certificate_free_client_sc(xcred); + gnutls_anon_free_client_sc(anon_cred); gnutls_global_deinit(); - + return 0; } static gaainfo info; -void gaa_parser( int argc, char** argv) { -int i,j; +void gaa_parser(int argc, char **argv) +{ + int i, j; if (gaa(argc, argv, &info) != -1) { fprintf(stderr, "Error in the arguments.\n"); @@ -430,73 +486,80 @@ int i,j; resume = info.resume; port = info.port; - hostname = info.hostname; - - if (info.proto!=NULL && info.nproto > 0) { - for (j=i=0;i<info.nproto;i++) { - if (strncasecmp( info.proto[i], "SSL", 3)==0) + + if (info.nrest_args==0) hostname="localhost"; + else hostname = info.rest_args[0]; + + if (info.proto != NULL && info.nproto > 0) { + for (j = i = 0; i < info.nproto; i++) { + if (strncasecmp(info.proto[i], "SSL", 3) == 0) protocol_priority[j++] = GNUTLS_SSL3; - if (strncasecmp( info.proto[i], "TLS", 3)==0) + if (strncasecmp(info.proto[i], "TLS", 3) == 0) protocol_priority[j++] = GNUTLS_TLS1; } protocol_priority[j] = 0; } - if (info.ciphers!=NULL && info.nciphers > 0) { - for (j=i=0;i<info.nciphers;i++) { - if (strncasecmp( info.ciphers[i], "RIJ", 3)==0) - cipher_priority[j++] = GNUTLS_CIPHER_RIJNDAEL_128_CBC; - if (strncasecmp( info.ciphers[i], "TWO", 3)==0) - cipher_priority[j++] = GNUTLS_CIPHER_TWOFISH_128_CBC; - if (strncasecmp( info.ciphers[i], "3DE", 3)==0) - cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC; - if (strncasecmp( info.ciphers[i], "ARC", 3)==0) - cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR; + if (info.ciphers != NULL && info.nciphers > 0) { + for (j = i = 0; i < info.nciphers; i++) { + if (strncasecmp(info.ciphers[i], "RIJ", 3) == 0) + cipher_priority[j++] = + GNUTLS_CIPHER_RIJNDAEL_128_CBC; + if (strncasecmp(info.ciphers[i], "TWO", 3) == 0) + cipher_priority[j++] = + GNUTLS_CIPHER_TWOFISH_128_CBC; + if (strncasecmp(info.ciphers[i], "3DE", 3) == 0) + cipher_priority[j++] = + GNUTLS_CIPHER_3DES_CBC; + if (strncasecmp(info.ciphers[i], "ARC", 3) == 0) + cipher_priority[j++] = + GNUTLS_CIPHER_ARCFOUR; } cipher_priority[j] = 0; } - if (info.macs!=NULL && info.nmacs > 0) { - for (j=i=0;i<info.nmacs;i++) { - if (strncasecmp( info.macs[i], "MD5", 3)==0) + if (info.macs != NULL && info.nmacs > 0) { + for (j = i = 0; i < info.nmacs; i++) { + if (strncasecmp(info.macs[i], "MD5", 3) == 0) mac_priority[j++] = GNUTLS_MAC_MD5; - if (strncasecmp( info.macs[i], "SHA", 3)==0) + if (strncasecmp(info.macs[i], "SHA", 3) == 0) mac_priority[j++] = GNUTLS_MAC_SHA; } mac_priority[j] = 0; } - if (info.ctype!=NULL && info.nctype > 0) { - for (j=i=0;i<info.nctype;i++) { - if (strncasecmp( info.ctype[i], "OPE", 3)==0) - cert_type_priority[j++] = GNUTLS_CRT_OPENPGP; - if (strncasecmp( info.ctype[i], "X", 1)==0) + if (info.ctype != NULL && info.nctype > 0) { + for (j = i = 0; i < info.nctype; i++) { + if (strncasecmp(info.ctype[i], "OPE", 3) == 0) + cert_type_priority[j++] = + GNUTLS_CRT_OPENPGP; + if (strncasecmp(info.ctype[i], "X", 1) == 0) cert_type_priority[j++] = GNUTLS_CRT_X509; } cert_type_priority[j] = 0; } - if (info.kx!=NULL && info.nkx > 0) { - for (j=i=0;i<info.nkx;i++) { - if (strncasecmp( info.kx[i], "SRP", 3)==0) + if (info.kx != NULL && info.nkx > 0) { + for (j = i = 0; i < info.nkx; i++) { + if (strncasecmp(info.kx[i], "SRP", 3) == 0) kx_priority[j++] = GNUTLS_KX_SRP; - if (strncasecmp( info.kx[i], "RSA", 3)==0) + if (strncasecmp(info.kx[i], "RSA", 3) == 0) kx_priority[j++] = GNUTLS_KX_RSA; - if (strncasecmp( info.kx[i], "DHE_RSA", 7)==0) + if (strncasecmp(info.kx[i], "DHE_RSA", 7) == 0) kx_priority[j++] = GNUTLS_KX_DHE_RSA; - if (strncasecmp( info.kx[i], "DHE_DSS", 7)==0) + if (strncasecmp(info.kx[i], "DHE_DSS", 7) == 0) kx_priority[j++] = GNUTLS_KX_DHE_DSS; - if (strncasecmp( info.kx[i], "ANON", 4)==0) + if (strncasecmp(info.kx[i], "ANON", 4) == 0) kx_priority[j++] = GNUTLS_KX_ANON_DH; } kx_priority[j] = 0; } - if (info.comp!=NULL && info.ncomp > 0) { - for (j=i=0;i<info.ncomp;i++) { - if (strncasecmp( info.comp[i], "NUL", 3)==0) + if (info.comp != NULL && info.ncomp > 0) { + for (j = i = 0; i < info.ncomp; i++) { + if (strncasecmp(info.comp[i], "NUL", 3) == 0) comp_priority[j++] = GNUTLS_COMP_NULL; - if (strncasecmp( info.comp[i], "ZLI", 1)==0) + if (strncasecmp(info.comp[i], "ZLI", 1) == 0) comp_priority[j++] = GNUTLS_COMP_ZLIB; } comp_priority[j] = 0; @@ -504,7 +567,8 @@ int i,j; } -void print_list(void) { +void print_list(void) +{ /* FIXME: This is hard coded. Make it print all the supported * algorithms. */ |