diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-05 13:27:15 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-05 13:27:15 +0000 |
commit | 93330469787a8b39a6f8c82f65305c7625487806 (patch) | |
tree | 724430848112a788c91c4947d1ad1410eb8b8c73 | |
parent | 12c5c20a6e6e6f4a4ac741a9d44d57b57d2ea020 (diff) | |
download | gnutls-93330469787a8b39a6f8c82f65305c7625487806.tar.gz |
several cleanups. No longer export structures to the API, but a bunch of functions in order
to access them.
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | doc/tex/ex3.tex | 30 | ||||
-rw-r--r-- | doc/tex/serv1.tex | 2 | ||||
-rw-r--r-- | lib/Makefile.am | 4 | ||||
-rw-r--r-- | lib/auth_x509.c | 2 | ||||
-rw-r--r-- | lib/auth_x509.h | 1 | ||||
-rw-r--r-- | lib/gnutls.h.in | 70 | ||||
-rw-r--r-- | lib/gnutls_cert.h | 20 | ||||
-rw-r--r-- | lib/gnutls_errors_int.h | 3 | ||||
-rw-r--r-- | lib/gnutls_int.h | 10 | ||||
-rw-r--r-- | lib/gnutls_ui.c | 178 | ||||
-rw-r--r-- | lib/gnutls_ui.h | 64 | ||||
-rw-r--r-- | src/cli.c | 36 | ||||
-rw-r--r-- | src/serv.c | 8 |
14 files changed, 300 insertions, 130 deletions
diff --git a/configure.in b/configure.in index c2368560c7..ef6eedc90d 100644 --- a/configure.in +++ b/configure.in @@ -150,6 +150,8 @@ AC_SUBST(LIBGNUTLS_LIBS) AC_SUBST(LIBGNUTLS_CFLAGS) AC_CONFIG_COMMANDS([default],[[ + cat lib/gnutls_ui.h >> lib/gnutls.h + echo "" >> lib/gnutls.h cat lib/gnutls_errors_int.h >> lib/gnutls.h echo "" >> lib/gnutls.h cat lib/x509_asn1.h >> lib/gnutls.h diff --git a/doc/tex/ex3.tex b/doc/tex/ex3.tex index d6b451ddad..6eec57ddc6 100644 --- a/doc/tex/ex3.tex +++ b/doc/tex/ex3.tex @@ -1,17 +1,19 @@ \begin{verbatim} #define PRINTX(x,y) if (y[0]!=0) printf(" - %s %s\n", x, y) -#define PRINT_DN(X) PRINTX( "CN:", x509_info->X.common_name); \ - PRINTX( "OU:", x509_info->X.organizational_unit_name); \ - PRINTX( "O:", x509_info->X.organization); \ - PRINTX( "L:", x509_info->X.locality_name); \ - PRINTX( "S:", x509_info->X.state_or_province_name); \ - PRINTX( "C:", x509_info->X.country); +#define PRINT_DN(X) PRINTX( "CN:", X->common_name); \ + PRINTX( "OU:", X->organizational_unit_name); \ + PRINTX( "O:", X->organization); \ + PRINTX( "L:", X->locality_name); \ + PRINTX( "S:", X->state_or_province_name); \ + PRINTX( "C:", X->country); \ + PRINTX( "SAN:", gnutls_x509pki_client_get_subject_alt_name(x509_info)) int print_info(GNUTLS_STATE state) { const char *tmp; const X509PKI_CLIENT_AUTH_INFO *x509_info; + const gnutls_DN* dn; /* print the key exchange's algorithm name */ @@ -23,7 +25,7 @@ int print_info(GNUTLS_STATE state) if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) { x509_info = gnutls_get_auth_info(state); if (x509_info != NULL) { - switch (x509_info->peer_certificate_status) { + switch ( gnutls_x509pki_client_get_peer_certificate_status(x509_info)) { case GNUTLS_CERT_NOT_TRUSTED: printf("- Peer's X509 Certificate was NOT verified\n"); break; @@ -40,15 +42,17 @@ int print_info(GNUTLS_STATE state) } } - } - printf(" - Certificate info:\n"); - printf(" - Certificate version: #%d\n", x509_info->peer_certificate_version); + printf(" - Certificate info:\n"); + printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info)); - PRINT_DN(peer_dn); + dn = gnutls_x509pki_client_get_peer_dn( x509_info); + PRINT_DN(dn); - printf(" - Certificate Issuer's info:\n"); - PRINT_DN(issuer_dn); + printf(" - Certificate Issuer's info:\n"); + dn = gnutls_x509pki_client_get_issuer_dn( x509_info); + PRINT_DN(dn); + } tmp = gnutls_version_get_name(gnutls_get_current_version(state)); printf("- Version: %s\n", tmp); diff --git a/doc/tex/serv1.tex b/doc/tex/serv1.tex index c605ab435b..0cbdd96f5e 100644 --- a/doc/tex/serv1.tex +++ b/doc/tex/serv1.tex @@ -77,7 +77,7 @@ void print_info(GNUTLS_STATE state) srp_info = gnutls_get_auth_info(state); if (srp_info != NULL) printf("\n- User '%s' connected\n", - srp_info->username); + gnutls_srp_server_get_username(srp_info)); } /* print state information */ tmp = gnutls_version_get_name(gnutls_get_current_version(state)); diff --git a/lib/Makefile.am b/lib/Makefile.am index 429107ae2a..91b28492b1 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -16,7 +16,7 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h pkcs1.asn pkix.asn \ x509_asn1.h x509_der.h gnutls_datum.h auth_x509.h gnutls_gcry.h \ ext_dnsname.h gnutls_pk.h gnutls_record.h gnutls_cert.h \ gnutls_privkey.h gnutls_constate.h gnutls_global.h x509_verify.h \ - gnutls_sig.h gnutls_mem.h x509_extensions.h + gnutls_sig.h gnutls_mem.h x509_extensions.h gnutls_ui.h lib_LTLIBRARIES = libgnutls.la libgnutls_la_SOURCES = gnutls_record.c gnutls_compress.c debug.c \ gnutls_cipher.c gnutls_buffers.c gnutls_handshake.c gnutls_num.c \ @@ -30,7 +30,7 @@ libgnutls_la_SOURCES = gnutls_record.c gnutls_compress.c debug.c \ gnutls_gcry.c ext_dnsname.c gnutls_pk.c gnutls_cert.c x509_verify.c\ gnutls_global.c gnutls_privkey.c gnutls_constate.c gnutls_anon_cred.c \ gnutls_sig_check.c pkix_asn1_tab.c pkcs1_asn1_tab.c gnutls_mem.c \ - x509_extensions.c auth_x509.c + x509_extensions.c auth_x509.c gnutls_ui.c libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) diff --git a/lib/auth_x509.c b/lib/auth_x509.c index b2b0f56d90..3419c1d6cf 100644 --- a/lib/auth_x509.c +++ b/lib/auth_x509.c @@ -40,8 +40,6 @@ void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_ if ( cert->subjectAltName[0]!=0) strcpy( info->subjectAltName, cert->subjectAltName); - info->CA = cert->CA; - info->keyUsage = cert->keyUsage; info->peer_certificate_expiration_time = cert->expiration_time; diff --git a/lib/auth_x509.h b/lib/auth_x509.h index 4a9af88238..e8e139caab 100644 --- a/lib/auth_x509.h +++ b/lib/auth_x509.h @@ -42,7 +42,6 @@ typedef struct { time_t peer_certificate_expiration_time; char subjectAltName[X509_CN_SIZE]; unsigned char keyUsage; - int CA; } X509PKI_CLIENT_AUTH_INFO; void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_cert* cert, CertificateStatus verify); diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in index ebd6f959c0..4b294ca5f6 100644 --- a/lib/gnutls.h.in +++ b/lib/gnutls.h.in @@ -38,6 +38,7 @@ typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=1 GNUTLS_NO_RENEGOTIATION=100 } AlertDescription; typedef enum AlertLevel { GNUTLS_WARNING=1, GNUTLS_FATAL } AlertLevel; +typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID } CertificateStatus; typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version; @@ -172,67 +173,6 @@ int gnutls_allocate_anon_server_sc( ANON_SERVER_CREDENTIALS *sc); int gnutls_set_anon_server_cred( ANON_SERVER_CREDENTIALS res, int dh_bits); -/* auth structures */ - -typedef struct { - int dh_bits; -} ANON_CLIENT_AUTH_INFO; - -/* for now it's the same */ -typedef ANON_CLIENT_AUTH_INFO ANON_SERVER_AUTH_INFO; - -typedef struct { - char username[256]; -} SRP_SERVER_AUTH_INFO; - -typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID } CertificateStatus; - -#define X509_CN_SIZE 256 -#define X509_C_SIZE 3 -#define X509_O_SIZE 256 -#define X509_OU_SIZE 256 -#define X509_L_SIZE 256 -#define X509_S_SIZE 256 - -typedef struct { - char common_name[X509_CN_SIZE]; - char country[X509_C_SIZE]; - char organization[X509_O_SIZE]; - char organizational_unit_name[X509_OU_SIZE]; - char locality_name[X509_L_SIZE]; - char state_or_province_name[X509_S_SIZE]; -} gnutls_DN; - -/* For key Usage, test as: - * if (st.keyUsage & X509KEY_DIGITAL_SIGNATURE) ... - */ -#define X509KEY_DIGITAL_SIGNATURE 256 -#define X509KEY_NON_REPUDIATION 128 -#define X509KEY_KEY_ENCIPHERMENT 64 -#define X509KEY_DATA_ENCIPHERMENT 32 -#define X509KEY_KEY_AGREEMENT 16 -#define X509KEY_KEY_CERT_SIGN 8 -#define X509KEY_CRL_SIGN 4 -#define X509KEY_ENCIPHER_ONLY 2 -#define X509KEY_DECIPHER_ONLY 1 - -typedef struct { - gnutls_DN peer_dn; - gnutls_DN issuer_dn; - CertificateStatus peer_certificate_status; - int peer_certificate_version; - time_t peer_certificate_activation_time; - time_t peer_certificate_expiration_time; - char subjectAltName[X509_CN_SIZE]; /* this only contains dnsName if present, - * nothing else - */ - int CA; /* 1 if the certificate belongs - * to a CA. 0 otherwise. - */ - unsigned char keyUsage; /* 8 bits */ -} X509PKI_CLIENT_AUTH_INFO; - - /* CERTFILE is an x509 certificate in PEM form. * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). */ @@ -268,5 +208,11 @@ typedef void (*LOG_FUNC)( const char*); void gnutls_global_set_send_func( SEND_FUNC send_func); void gnutls_global_set_recv_func( RECV_FUNC recv_func); +/* Auth_Info structures */ + +typedef struct X509PKI_CLIENT_AUTH_INFO X509PKI_CLIENT_AUTH_INFO; +typedef struct SRP_CLIENT_AUTH_INFO SRP_CLIENT_AUTH_INFO; +typedef struct SRP_SERVER_AUTH_INFO SRP_SERVER_AUTH_INFO; +typedef struct ANON_CLIENT_AUTH_INFO ANON_CLIENT_AUTH_INFO; +typedef struct ANON_SERVER_AUTH_INFO ANON_SERVER_AUTH_INFO; -/* error codes appended here */ diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index b50c23fcf6..41057f94ae 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -3,25 +3,7 @@ #include <gnutls_pk.h> -typedef struct { - char common_name[X509_CN_SIZE]; - char country[X509_C_SIZE]; - char organization[X509_O_SIZE]; - char organizational_unit_name[X509_OU_SIZE]; - char locality_name[X509_L_SIZE]; - char state_or_province_name[X509_S_SIZE]; -} gnutls_DN; - -#define X509KEY_DIGITAL_SIGNATURE 256 -#define X509KEY_NON_REPUDIATION 128 -#define X509KEY_KEY_ENCIPHERMENT 64 -#define X509KEY_DATA_ENCIPHERMENT 32 -#define X509KEY_KEY_AGREEMENT 16 -#define X509KEY_KEY_CERT_SIGN 8 -#define X509KEY_CRL_SIGN 4 -#define X509KEY_ENCIPHER_ONLY 2 -#define X509KEY_DECIPHER_ONLY 1 - +#include <gnutls_ui.h> typedef struct { MPI *params; /* the size of params depends on the public diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h index 0ab5dffea1..896fef8c14 100644 --- a/lib/gnutls_errors_int.h +++ b/lib/gnutls_errors_int.h @@ -1,3 +1,6 @@ +/* error codes + */ + #define GNUTLS_E_SUCCESS 0 #define GNUTLS_E_MAC_FAILED -1 #define GNUTLS_E_UNKNOWN_CIPHER -2 diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 5e11398179..e3860ab844 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -62,14 +62,6 @@ #define HEADER_SIZE 5 #define MAX_RECV_SIZE 18432+HEADER_SIZE /* 2^14+2048+HEADER_SIZE */ -/* X509 - also in gnutls.h.in */ -#define X509_CN_SIZE 256 -#define X509_C_SIZE 3 -#define X509_O_SIZE 256 -#define X509_OU_SIZE 256 -#define X509_L_SIZE 256 -#define X509_S_SIZE 256 - #ifdef USE_DMALLOC # include <dmalloc.h> #endif @@ -98,7 +90,7 @@ typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=1 GNUTLS_NO_RENEGOTIATION=100 } AlertDescription; typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID } CertificateStatus; - + typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO, GNUTLS_CERTIFICATE=11, GNUTLS_SERVER_KEY_EXCHANGE, GNUTLS_CERTIFICATE_REQUEST, GNUTLS_SERVER_HELLO_DONE, diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c new file mode 100644 index 0000000000..d9ff103488 --- /dev/null +++ b/lib/gnutls_ui.c @@ -0,0 +1,178 @@ +/* + * Copyright (C) 2001 Nikos Mavroyanopoulos + * + * This file is part of GNUTLS. + * + * GNUTLS is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <gnutls_int.h> +#include <auth_srp.h> +#include <auth_anon.h> +#include <auth_x509.h> +#include <gnutls_errors.h> + +/* SRP */ + +/** + * gnutls_srp_server_get_username - This function returns the username of the peer + * @info: is a SRP_SERVER_AUTH_INFO structure + * + * This function will return the username of the peer. This should only be + * called in case of SRP authentication and in case of a server. + * + **/ +const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO* info) { + if (info==NULL) return NULL; + return info->username; +} + +/* ANON */ + +/** + * gnutls_anon_server_get_dh_bits - This function returns the bits used in DH authentication + * @info: is an ANON_SERVER_AUTH_INFO structure + * + * This function will return the bits used in the Diffie Hellman authentication + * with the peer. This should only be called in case of a server. + * + **/ +int gnutls_anon_server_get_dh_bits( const ANON_SERVER_AUTH_INFO* info) { + if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; + return info->dh_bits; +} + +/** + * gnutls_anon_client_get_dh_bits - This function returns the bits used in DH authentication + * @info: is an ANON_CLIENT_AUTH_INFO structure + * + * This function will return the bits used in the Diffie Hellman authentication + * with the peer. This should only be called in case of a client. + * + **/ +int gnutls_anon_client_get_dh_bits( const ANON_CLIENT_AUTH_INFO* info) { + if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; + return info->dh_bits; +} + + +/* X509PKI */ +/** + * gnutls_x509pki_client_get_peer_dn - This function returns the peer's distinguished name + * @info: is an X509PKI_CLIENT_AUTH_INFO structure + * + * This function will return the name of the peer. The name is gnutls_DN structure and + * is a obtained by the peer's certificate. + * + **/ +const gnutls_DN* gnutls_x509pki_client_get_peer_dn( const X509PKI_CLIENT_AUTH_INFO* info) { + if (info==NULL) return NULL; + return &info->peer_dn; +} + +/** + * gnutls_x509pki_client_get_issuer_dn - This function returns the peer's certificate issuer distinguished name + * @info: is an X509PKI_CLIENT_AUTH_INFO structure + * + * This function will return the name of the peer's certificate issuer. The name is gnutls_DN structure and + * is a obtained by the peer's certificate. + * + **/ +const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( const X509PKI_CLIENT_AUTH_INFO* info) { + if (info==NULL) return NULL; + return &info->issuer_dn; +} + +/** + * gnutls_x509pki_client_get_peer_certificate_status - This function returns the peer's certificate status + * @info: is an X509PKI_CLIENT_AUTH_INFO structure + * + * This function will return the peer's certificate status (TRUSTED, EXPIRED etc.). This is the output + * of the certificate verification function. However you must also check the peer's name in order + * to check if the verified certificate belongs to the actual peer. + * + **/ +CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( const X509PKI_CLIENT_AUTH_INFO* info) { + if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; + return info->peer_certificate_status; +} + +/** + * gnutls_x509pki_client_get_peer_certificate_version - This function returns the peer's certificate version + * @info: is an X509PKI_CLIENT_AUTH_INFO structure + * + * This function will return the peer's certificate version (1, 2, 3). This is obtained by the X509 Certificate + * Version field. + * + **/ +int gnutls_x509pki_client_get_peer_certificate_version( const X509PKI_CLIENT_AUTH_INFO* info) { + if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; + return info->peer_certificate_version; +} + +/** + * gnutls_x509pki_client_get_peer_certificate_activation_time - This function returns the peer's certificate activation time + * @info: is an X509PKI_CLIENT_AUTH_INFO structure + * + * This function will return the peer's certificate activation time in UNIX time (ie seconds since + * 00:00:00 UTC January 1, 1970). + * + **/ +time_t gnutls_x509pki_client_get_peer_certificate_activation_time( const X509PKI_CLIENT_AUTH_INFO* info) { + if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; + return info->peer_certificate_activation_time; +} + +/** + * gnutls_x509pki_client_get_peer_certificate_expiration_time - This function returns the peer's certificate expiration time + * @info: is an X509PKI_CLIENT_AUTH_INFO structure + * + * This function will return the peer's certificate expiration time in UNIX time (ie seconds since + * 00:00:00 UTC January 1, 1970). + * + **/ +time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( const X509PKI_CLIENT_AUTH_INFO* info) { + if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; + return info->peer_certificate_expiration_time; +} + + +/** + * gnutls_x509pki_client_get_key_usage - This function returns the peer's certificate key usage + * @info: is an X509PKI_CLIENT_AUTH_INFO structure + * + * This function will return the peer's certificate key usage. This is specified in X509v3 Certificate + * Extensions and is an 8bit string. + * + **/ +unsigned char gnutls_x509pki_client_get_key_usage( const X509PKI_CLIENT_AUTH_INFO* info) { + if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; + return info->keyUsage; +} + + +/** + * gnutls_x509pki_client_get_subject_alt_name - This function returns the peer's alternative name + * @info: is an X509PKI_CLIENT_AUTH_INFO structure + * + * This function will return the peer's alternative namee. This is specified in X509v3 Certificate + * Extensions. GNUTLS will only return the dnsName of the Alternative name, or a null string. + * + **/ +const char* gnutls_x509pki_client_get_subject_alt_name( const X509PKI_CLIENT_AUTH_INFO* info) { + if (info==NULL) return NULL; + return info->subjectAltName; +} + diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h new file mode 100644 index 0000000000..dd2935c55a --- /dev/null +++ b/lib/gnutls_ui.h @@ -0,0 +1,64 @@ +#ifndef GNUTLS_UI_H +# define GNUTLS_UI_H + + +/* Extra definitions */ + +#define X509_CN_SIZE 256 +#define X509_C_SIZE 3 +#define X509_O_SIZE 256 +#define X509_OU_SIZE 256 +#define X509_L_SIZE 256 +#define X509_S_SIZE 256 + +typedef struct { + char common_name[X509_CN_SIZE]; + char country[X509_C_SIZE]; + char organization[X509_O_SIZE]; + char organizational_unit_name[X509_OU_SIZE]; + char locality_name[X509_L_SIZE]; + char state_or_province_name[X509_S_SIZE]; +} gnutls_DN; + +/* For key Usage, test as: + * if (st.keyUsage & X509KEY_DIGITAL_SIGNATURE) ... + */ +#define X509KEY_DIGITAL_SIGNATURE 256 +#define X509KEY_NON_REPUDIATION 128 +#define X509KEY_KEY_ENCIPHERMENT 64 +#define X509KEY_DATA_ENCIPHERMENT 32 +#define X509KEY_KEY_AGREEMENT 16 +#define X509KEY_KEY_CERT_SIGN 8 +#define X509KEY_CRL_SIGN 4 +#define X509KEY_ENCIPHER_ONLY 2 +#define X509KEY_DECIPHER_ONLY 1 + + +# ifdef LIBGNUTLS_VERSION /* defined only in gnutls.h */ + +/* Functions that allow AUTH_INFO structures handling + */ + +/* SRP */ + +const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO* info); + +/* ANON */ + +int gnutls_anon_server_get_dh_bits( const ANON_SERVER_AUTH_INFO* info); +int gnutls_anon_client_get_dh_bits( const ANON_CLIENT_AUTH_INFO* info); + +/* X509PKI */ + + +const gnutls_DN* gnutls_x509pki_client_get_peer_dn( const X509PKI_CLIENT_AUTH_INFO* info); +const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( const X509PKI_CLIENT_AUTH_INFO* info); +CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( const X509PKI_CLIENT_AUTH_INFO* info); +int gnutls_x509pki_client_get_peer_certificate_version( const X509PKI_CLIENT_AUTH_INFO* info); +time_t gnutls_x509pki_client_get_peer_certificate_activation_time( const X509PKI_CLIENT_AUTH_INFO* info); +time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( const X509PKI_CLIENT_AUTH_INFO* info); +unsigned char gnutls_x509pki_client_get_key_usage( const X509PKI_CLIENT_AUTH_INFO* info); +const char* gnutls_x509pki_client_get_subject_alt_name( const X509PKI_CLIENT_AUTH_INFO* info); +# endif /* LIBGNUTLS_VERSION */ + +#endif @@ -41,18 +41,19 @@ #define CRLFILE NULL #define PRINTX(x,y) if (y[0]!=0) printf(" - %s %s\n", x, y) -#define PRINT_DN(X) PRINTX( "CN:", x509_info->X.common_name); \ - PRINTX( "OU:", x509_info->X.organizational_unit_name); \ - PRINTX( "O:", x509_info->X.organization); \ - PRINTX( "L:", x509_info->X.locality_name); \ - PRINTX( "S:", x509_info->X.state_or_province_name); \ - PRINTX( "C:", x509_info->X.country); \ - PRINTX( "SAN:", x509_info->subjectAltName); - +#define PRINT_DN(X) PRINTX( "CN:", X->common_name); \ + PRINTX( "OU:", X->organizational_unit_name); \ + PRINTX( "O:", X->organization); \ + PRINTX( "L:", X->locality_name); \ + PRINTX( "S:", X->state_or_province_name); \ + PRINTX( "C:", X->country); \ + PRINTX( "SAN:", gnutls_x509pki_client_get_subject_alt_name(x509_info)) + static int print_info( GNUTLS_STATE state) { const char *tmp; const ANON_CLIENT_AUTH_INFO *dh_info; const X509PKI_CLIENT_AUTH_INFO *x509_info; +const gnutls_DN* dn; tmp = gnutls_kx_get_name(gnutls_get_current_kx( state)); printf("- Key Exchange: %s\n", tmp); @@ -60,13 +61,13 @@ const X509PKI_CLIENT_AUTH_INFO *x509_info; dh_info = gnutls_get_auth_info(state); if (dh_info != NULL) printf("- Anonymous DH using prime of %d bits\n", - dh_info->dh_bits); + gnutls_anon_client_get_dh_bits(dh_info)); } if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) { x509_info = gnutls_get_auth_info(state); if (x509_info != NULL) { - switch( x509_info->peer_certificate_status) { + switch( gnutls_x509pki_client_get_peer_certificate_status(x509_info)) { case GNUTLS_CERT_NOT_TRUSTED: printf("- Peer's X509 Certificate was NOT verified\n"); break; @@ -83,16 +84,17 @@ const X509PKI_CLIENT_AUTH_INFO *x509_info; } } - } - printf(" - Certificate info:\n"); - printf(" - Certificate version: #%d\n", x509_info->peer_certificate_version); + printf(" - Certificate info:\n"); + printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info)); - PRINT_DN(peer_dn); - - printf(" - Certificate Issuer's info:\n"); - PRINT_DN(issuer_dn); + dn = gnutls_x509pki_client_get_peer_dn( x509_info); + PRINT_DN( dn); + dn = gnutls_x509pki_client_get_issuer_dn( x509_info); + printf(" - Certificate Issuer's info:\n"); + PRINT_DN( dn); + } tmp = gnutls_version_get_name(gnutls_get_current_version(state)); printf("- Version: %s\n", tmp); diff --git a/src/serv.c b/src/serv.c index 11d1cafdd9..cabe590b67 100644 --- a/src/serv.c +++ b/src/serv.c @@ -133,13 +133,13 @@ void print_info(GNUTLS_STATE state) srp_info = gnutls_get_auth_info(state); if (srp_info != NULL) printf("\n- User '%s' connected\n", - srp_info->username); + gnutls_srp_server_get_username(srp_info)); } if (gnutls_get_auth_info_type(state) == GNUTLS_ANON) { dh_info = gnutls_get_auth_info(state); if (dh_info != NULL) printf("\n- Anonymous DH using prime of %d bits\n", - dh_info->dh_bits); + gnutls_anon_server_get_dh_bits(dh_info)); } /* print state information */ @@ -195,14 +195,14 @@ void peer_print_info(int cd, GNUTLS_STATE state) srp_info = gnutls_get_auth_info(state); if (srp_info != NULL) { sprintf(tmp2, "<p>Connected as user '%s'.</p>\n", - srp_info->username); + gnutls_srp_server_get_username(srp_info)); } } if (gnutls_get_current_kx(state) == GNUTLS_KX_DH_ANON) { dh_info = gnutls_get_auth_info(state); if (dh_info != NULL) { sprintf(tmp2, "<p> Connect using anonymous DH (prime of %d bits)</p>\n", - dh_info->dh_bits); + gnutls_anon_server_get_dh_bits( dh_info)); } } |