several cleanups. No longer export structures to the API, but a bunch of functions in order

to access them.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-08-05 13:27:15 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-08-05 13:27:15 +0000
commit: 93330469787a8b39a6f8c82f65305c7625487806 (patch)
tree: 724430848112a788c91c4947d1ad1410eb8b8c73
parent: 12c5c20a6e6e6f4a4ac741a9d44d57b57d2ea020 (diff)
download: gnutls-93330469787a8b39a6f8c82f65305c7625487806.tar.gz
14 files changed, 300 insertions, 130 deletions
diff --git a/configure.in b/configure.in
index c2368560c7..ef6eedc90d 100644
--- a/configure.in
+++ b/configure.in
@@ -150,6 +150,8 @@ AC_SUBST(LIBGNUTLS_LIBS)
 AC_SUBST(LIBGNUTLS_CFLAGS)
 
 AC_CONFIG_COMMANDS([default],[[
+ cat lib/gnutls_ui.h >> lib/gnutls.h
+ echo "" >> lib/gnutls.h
  cat lib/gnutls_errors_int.h >> lib/gnutls.h
  echo "" >> lib/gnutls.h
  cat lib/x509_asn1.h >> lib/gnutls.h
diff --git a/doc/tex/ex3.tex b/doc/tex/ex3.tex
index d6b451ddad..6eec57ddc6 100644
--- a/doc/tex/ex3.tex
+++ b/doc/tex/ex3.tex
@@ -1,17 +1,19 @@
 \begin{verbatim}
 
 #define PRINTX(x,y) if (y[0]!=0) printf(" -   %s %s\n", x, y)
-#define PRINT_DN(X) PRINTX( "CN:", x509_info->X.common_name); \
-	PRINTX( "OU:", x509_info->X.organizational_unit_name); \
-	PRINTX( "O:", x509_info->X.organization); \
-	PRINTX( "L:", x509_info->X.locality_name); \
-	PRINTX( "S:", x509_info->X.state_or_province_name); \
-	PRINTX( "C:", x509_info->X.country);
+#define PRINT_DN(X) PRINTX( "CN:", X->common_name); \
+	PRINTX( "OU:", X->organizational_unit_name); \
+	PRINTX( "O:", X->organization); \
+	PRINTX( "L:", X->locality_name); \
+	PRINTX( "S:", X->state_or_province_name); \
+	PRINTX( "C:", X->country); \
+	PRINTX( "SAN:", gnutls_x509pki_client_get_subject_alt_name(x509_info))
 
 int print_info(GNUTLS_STATE state)
 {
    const char *tmp;
    const X509PKI_CLIENT_AUTH_INFO *x509_info;
+   const gnutls_DN* dn;
 
    /* print the key exchange's algorithm name
     */
@@ -23,7 +25,7 @@ int print_info(GNUTLS_STATE state)
    if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) {
       x509_info = gnutls_get_auth_info(state);
       if (x509_info != NULL) {
-         switch (x509_info->peer_certificate_status) {
+         switch ( gnutls_x509pki_client_get_peer_certificate_status(x509_info)) {
          case GNUTLS_CERT_NOT_TRUSTED:
             printf("- Peer's X509 Certificate was NOT verified\n");
             break;
@@ -40,15 +42,17 @@ int print_info(GNUTLS_STATE state)
 
          }
       }
-   }
-   printf(" - Certificate info:\n");
-   printf(" - Certificate version: #%d\n", x509_info->peer_certificate_version);
+      printf(" - Certificate info:\n");
+      printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info));
 
-   PRINT_DN(peer_dn);
+      dn = gnutls_x509pki_client_get_peer_dn( x509_info);
+      PRINT_DN(dn);
 
-   printf(" - Certificate Issuer's info:\n");
-   PRINT_DN(issuer_dn);
+      printf(" - Certificate Issuer's info:\n");
+      dn = gnutls_x509pki_client_get_issuer_dn( x509_info);
+      PRINT_DN(dn);
 
+   }
 
    tmp = gnutls_version_get_name(gnutls_get_current_version(state));
    printf("- Version: %s\n", tmp);
diff --git a/doc/tex/serv1.tex b/doc/tex/serv1.tex
index c605ab435b..0cbdd96f5e 100644
--- a/doc/tex/serv1.tex
+++ b/doc/tex/serv1.tex
@@ -77,7 +77,7 @@ void print_info(GNUTLS_STATE state)
       srp_info = gnutls_get_auth_info(state);
       if (srp_info != NULL)
          printf("\n- User '%s' connected\n",
-                srp_info->username);
+                gnutls_srp_server_get_username(srp_info));
    }
    /* print state information */
    tmp = gnutls_version_get_name(gnutls_get_current_version(state));
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 429107ae2a..91b28492b1 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -16,7 +16,7 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h pkcs1.asn pkix.asn \
 	x509_asn1.h x509_der.h gnutls_datum.h auth_x509.h gnutls_gcry.h \
 	ext_dnsname.h gnutls_pk.h gnutls_record.h gnutls_cert.h \
 	gnutls_privkey.h gnutls_constate.h gnutls_global.h x509_verify.h \
-	gnutls_sig.h gnutls_mem.h x509_extensions.h
+	gnutls_sig.h gnutls_mem.h x509_extensions.h gnutls_ui.h
 lib_LTLIBRARIES = libgnutls.la
 libgnutls_la_SOURCES = gnutls_record.c gnutls_compress.c debug.c \
 	gnutls_cipher.c gnutls_buffers.c gnutls_handshake.c gnutls_num.c \
@@ -30,7 +30,7 @@ libgnutls_la_SOURCES = gnutls_record.c gnutls_compress.c debug.c \
 	gnutls_gcry.c ext_dnsname.c gnutls_pk.c gnutls_cert.c x509_verify.c\
 	gnutls_global.c gnutls_privkey.c gnutls_constate.c gnutls_anon_cred.c \
 	gnutls_sig_check.c pkix_asn1_tab.c pkcs1_asn1_tab.c gnutls_mem.c \
-	x509_extensions.c auth_x509.c
+	x509_extensions.c auth_x509.c gnutls_ui.c
 
 libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
 
diff --git a/lib/auth_x509.c b/lib/auth_x509.c
index b2b0f56d90..3419c1d6cf 100644
--- a/lib/auth_x509.c
+++ b/lib/auth_x509.c
@@ -40,8 +40,6 @@ void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_
 	if ( cert->subjectAltName[0]!=0)
 		strcpy( info->subjectAltName, cert->subjectAltName);
 
-	info->CA = cert->CA;
-
 	info->keyUsage = cert->keyUsage;
 
 	info->peer_certificate_expiration_time = cert->expiration_time;
diff --git a/lib/auth_x509.h b/lib/auth_x509.h
index 4a9af88238..e8e139caab 100644
--- a/lib/auth_x509.h
+++ b/lib/auth_x509.h
@@ -42,7 +42,6 @@ typedef struct {
 	time_t		  peer_certificate_expiration_time;
 	char		  subjectAltName[X509_CN_SIZE];
 	unsigned char	  keyUsage;
-        int               CA;
 } X509PKI_CLIENT_AUTH_INFO;
 
 void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_cert* cert, CertificateStatus verify);
diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in
index ebd6f959c0..4b294ca5f6 100644
--- a/lib/gnutls.h.in
+++ b/lib/gnutls.h.in
@@ -38,6 +38,7 @@ typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=1
 			GNUTLS_NO_RENEGOTIATION=100
 			} AlertDescription;
 typedef enum AlertLevel { GNUTLS_WARNING=1, GNUTLS_FATAL } AlertLevel;
+typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID } CertificateStatus;
 
 typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version;
 
@@ -172,67 +173,6 @@ int gnutls_allocate_anon_server_sc( ANON_SERVER_CREDENTIALS *sc);
 int gnutls_set_anon_server_cred( ANON_SERVER_CREDENTIALS res, int dh_bits);
 
 
-/* auth structures */
-
-typedef struct {
-	int dh_bits;
-} ANON_CLIENT_AUTH_INFO;
-
-/* for now it's the same */
-typedef ANON_CLIENT_AUTH_INFO ANON_SERVER_AUTH_INFO;
-
-typedef struct {
-	char username[256];
-} SRP_SERVER_AUTH_INFO;
-
-typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID } CertificateStatus;
-
-#define X509_CN_SIZE 256
-#define X509_C_SIZE 3
-#define X509_O_SIZE 256
-#define X509_OU_SIZE 256
-#define X509_L_SIZE 256
-#define X509_S_SIZE 256
-
-typedef struct {
-	char common_name[X509_CN_SIZE];
-	char country[X509_C_SIZE];
-	char organization[X509_O_SIZE];
-	char organizational_unit_name[X509_OU_SIZE];
-	char locality_name[X509_L_SIZE];
-	char state_or_province_name[X509_S_SIZE];
-} gnutls_DN;
-
-/* For key Usage, test as:
- * if (st.keyUsage & X509KEY_DIGITAL_SIGNATURE) ...
- */
-#define X509KEY_DIGITAL_SIGNATURE 	256
-#define X509KEY_NON_REPUDIATION		128
-#define X509KEY_KEY_ENCIPHERMENT	64
-#define X509KEY_DATA_ENCIPHERMENT	32
-#define X509KEY_KEY_AGREEMENT		16
-#define X509KEY_KEY_CERT_SIGN		8
-#define X509KEY_CRL_SIGN		4
-#define X509KEY_ENCIPHER_ONLY		2
-#define X509KEY_DECIPHER_ONLY		1
-
-typedef struct {
-	gnutls_DN	  peer_dn;
-	gnutls_DN	  issuer_dn;
-	CertificateStatus peer_certificate_status;
-	int		  peer_certificate_version;
-	time_t		  peer_certificate_activation_time;
-	time_t		  peer_certificate_expiration_time;
-        char              subjectAltName[X509_CN_SIZE]; /* this only contains dnsName if present,
-                                                         * nothing else 
-                                                         */
-	int		  CA;       /* 1 if the certificate belongs
-                                     * to a CA. 0 otherwise.
-                                     */
-	unsigned char	  keyUsage; /* 8 bits */
-} X509PKI_CLIENT_AUTH_INFO;
-
-
 /* CERTFILE is an x509 certificate in PEM form.
  * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
  */
@@ -268,5 +208,11 @@ typedef void (*LOG_FUNC)( const char*);
 void gnutls_global_set_send_func( SEND_FUNC send_func);
 void gnutls_global_set_recv_func( RECV_FUNC recv_func);
 
+/* Auth_Info structures */
+
+typedef struct X509PKI_CLIENT_AUTH_INFO X509PKI_CLIENT_AUTH_INFO;
+typedef struct SRP_CLIENT_AUTH_INFO SRP_CLIENT_AUTH_INFO;
+typedef struct SRP_SERVER_AUTH_INFO SRP_SERVER_AUTH_INFO;
+typedef struct ANON_CLIENT_AUTH_INFO ANON_CLIENT_AUTH_INFO;
+typedef struct ANON_SERVER_AUTH_INFO ANON_SERVER_AUTH_INFO;
 
-/* error codes appended here */
diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h
index b50c23fcf6..41057f94ae 100644
--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -3,25 +3,7 @@
 
 #include <gnutls_pk.h>
 
-typedef struct {
-	char common_name[X509_CN_SIZE];
-	char country[X509_C_SIZE];
-	char organization[X509_O_SIZE];
-	char organizational_unit_name[X509_OU_SIZE];
-	char locality_name[X509_L_SIZE];
-	char state_or_province_name[X509_S_SIZE];
-} gnutls_DN;
-
-#define X509KEY_DIGITAL_SIGNATURE 	256
-#define X509KEY_NON_REPUDIATION		128
-#define X509KEY_KEY_ENCIPHERMENT	64
-#define X509KEY_DATA_ENCIPHERMENT	32
-#define X509KEY_KEY_AGREEMENT		16
-#define X509KEY_KEY_CERT_SIGN		8
-#define X509KEY_CRL_SIGN		4
-#define X509KEY_ENCIPHER_ONLY		2
-#define X509KEY_DECIPHER_ONLY		1
-
+#include <gnutls_ui.h>
 
 typedef struct {
 	MPI *params;		/* the size of params depends on the public 
diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h
index 0ab5dffea1..896fef8c14 100644
--- a/lib/gnutls_errors_int.h
+++ b/lib/gnutls_errors_int.h
@@ -1,3 +1,6 @@
+/* error codes 
+ */
+
 #define GNUTLS_E_SUCCESS 0
 #define	GNUTLS_E_MAC_FAILED  -1
 #define	GNUTLS_E_UNKNOWN_CIPHER -2
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 5e11398179..e3860ab844 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -62,14 +62,6 @@
 #define HEADER_SIZE 5
 #define MAX_RECV_SIZE 18432+HEADER_SIZE 	/* 2^14+2048+HEADER_SIZE */
 
-/* X509 - also in gnutls.h.in */
-#define X509_CN_SIZE 256
-#define X509_C_SIZE 3
-#define X509_O_SIZE 256
-#define X509_OU_SIZE 256
-#define X509_L_SIZE 256
-#define X509_S_SIZE 256
-
 #ifdef USE_DMALLOC
 # include <dmalloc.h>
 #endif
@@ -98,7 +90,7 @@ typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=1
 			GNUTLS_NO_RENEGOTIATION=100
 			} AlertDescription;
 typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID } CertificateStatus;
-		
+
 typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO,
 		     GNUTLS_CERTIFICATE=11, GNUTLS_SERVER_KEY_EXCHANGE,
 		     GNUTLS_CERTIFICATE_REQUEST, GNUTLS_SERVER_HELLO_DONE,
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
new file mode 100644
index 0000000000..d9ff103488
--- /dev/null
+++ b/lib/gnutls_ui.c
@@ -0,0 +1,178 @@
+/*
+ *      Copyright (C) 2001 Nikos Mavroyanopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <gnutls_int.h>
+#include <auth_srp.h>
+#include <auth_anon.h>
+#include <auth_x509.h>
+#include <gnutls_errors.h>
+
+/* SRP */
+
+/**
+  * gnutls_srp_server_get_username - This function returns the username of the peer
+  * @info: is a SRP_SERVER_AUTH_INFO structure
+  *
+  * This function will return the username of the peer. This should only be
+  * called in case of SRP authentication and in case of a server.
+  *
+  **/
+const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO* info) {
+	if (info==NULL) return NULL;
+	return info->username;
+}
+
+/* ANON */
+
+/**
+  * gnutls_anon_server_get_dh_bits - This function returns the bits used in DH authentication
+  * @info: is an ANON_SERVER_AUTH_INFO structure
+  *
+  * This function will return the bits used in the Diffie Hellman authentication
+  * with the peer. This should only be called in case of a server.
+  *
+  **/
+int gnutls_anon_server_get_dh_bits( const ANON_SERVER_AUTH_INFO* info) {
+	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
+	return info->dh_bits;
+}
+
+/**
+  * gnutls_anon_client_get_dh_bits - This function returns the bits used in DH authentication
+  * @info: is an ANON_CLIENT_AUTH_INFO structure
+  *
+  * This function will return the bits used in the Diffie Hellman authentication
+  * with the peer. This should only be called in case of a client.
+  *
+  **/
+int gnutls_anon_client_get_dh_bits( const ANON_CLIENT_AUTH_INFO* info) {
+	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
+	return info->dh_bits;
+}
+
+
+/* X509PKI */
+/**
+  * gnutls_x509pki_client_get_peer_dn - This function returns the peer's distinguished name
+  * @info: is an X509PKI_CLIENT_AUTH_INFO structure
+  *
+  * This function will return the name of the peer. The name is gnutls_DN structure and 
+  * is a obtained by the peer's certificate.
+  *
+  **/
+const gnutls_DN* gnutls_x509pki_client_get_peer_dn( const X509PKI_CLIENT_AUTH_INFO* info) {
+	if (info==NULL) return NULL;
+	return &info->peer_dn;
+}
+
+/**
+  * gnutls_x509pki_client_get_issuer_dn - This function returns the peer's certificate issuer distinguished name
+  * @info: is an X509PKI_CLIENT_AUTH_INFO structure
+  *
+  * This function will return the name of the peer's certificate issuer. The name is gnutls_DN structure and 
+  * is a obtained by the peer's certificate.
+  *
+  **/
+const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( const X509PKI_CLIENT_AUTH_INFO* info) {
+	if (info==NULL) return NULL;
+	return &info->issuer_dn;
+}
+
+/**
+  * gnutls_x509pki_client_get_peer_certificate_status - This function returns the peer's certificate status
+  * @info: is an X509PKI_CLIENT_AUTH_INFO structure
+  *
+  * This function will return the peer's certificate status (TRUSTED, EXPIRED etc.). This is the output
+  * of the certificate verification function. However you must also check the peer's name in order
+  * to check if the verified certificate belongs to the actual peer.
+  *
+  **/
+CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( const X509PKI_CLIENT_AUTH_INFO* info) {
+	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
+	return info->peer_certificate_status;
+}
+
+/**
+  * gnutls_x509pki_client_get_peer_certificate_version - This function returns the peer's certificate version
+  * @info: is an X509PKI_CLIENT_AUTH_INFO structure
+  *
+  * This function will return the peer's certificate version (1, 2, 3). This is obtained by the X509 Certificate
+  * Version field.
+  *
+  **/
+int gnutls_x509pki_client_get_peer_certificate_version( const X509PKI_CLIENT_AUTH_INFO* info) {
+	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
+	return info->peer_certificate_version;
+}
+
+/**
+  * gnutls_x509pki_client_get_peer_certificate_activation_time - This function returns the peer's certificate activation time
+  * @info: is an X509PKI_CLIENT_AUTH_INFO structure
+  *
+  * This function will return the peer's certificate activation time in UNIX time (ie seconds since
+  * 00:00:00 UTC January 1, 1970).
+  *
+  **/
+time_t gnutls_x509pki_client_get_peer_certificate_activation_time( const X509PKI_CLIENT_AUTH_INFO* info) {
+	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
+	return info->peer_certificate_activation_time;
+}
+
+/**
+  * gnutls_x509pki_client_get_peer_certificate_expiration_time - This function returns the peer's certificate expiration time
+  * @info: is an X509PKI_CLIENT_AUTH_INFO structure
+  *
+  * This function will return the peer's certificate expiration time in UNIX time (ie seconds since
+  * 00:00:00 UTC January 1, 1970).
+  *
+  **/
+time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( const X509PKI_CLIENT_AUTH_INFO* info) {
+	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
+	return info->peer_certificate_expiration_time;
+}
+
+
+/**
+  * gnutls_x509pki_client_get_key_usage - This function returns the peer's certificate key usage
+  * @info: is an X509PKI_CLIENT_AUTH_INFO structure
+  *
+  * This function will return the peer's certificate key usage. This is specified in X509v3 Certificate
+  * Extensions and is an 8bit string.
+  *
+  **/
+unsigned char gnutls_x509pki_client_get_key_usage( const X509PKI_CLIENT_AUTH_INFO* info) {
+	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
+	return info->keyUsage;
+}
+
+
+/**
+  * gnutls_x509pki_client_get_subject_alt_name - This function returns the peer's alternative name
+  * @info: is an X509PKI_CLIENT_AUTH_INFO structure
+  *
+  * This function will return the peer's alternative namee. This is specified in X509v3 Certificate
+  * Extensions. GNUTLS will only return the dnsName of the Alternative name, or a null string.
+  *
+  **/
+const char* gnutls_x509pki_client_get_subject_alt_name( const X509PKI_CLIENT_AUTH_INFO* info) {
+	if (info==NULL) return NULL;
+	return info->subjectAltName;
+}
+
diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h
new file mode 100644
index 0000000000..dd2935c55a
--- /dev/null
+++ b/lib/gnutls_ui.h
@@ -0,0 +1,64 @@
+#ifndef GNUTLS_UI_H
+# define GNUTLS_UI_H
+
+
+/* Extra definitions */
+
+#define X509_CN_SIZE 256
+#define X509_C_SIZE 3
+#define X509_O_SIZE 256
+#define X509_OU_SIZE 256
+#define X509_L_SIZE 256
+#define X509_S_SIZE 256
+
+typedef struct {
+	char common_name[X509_CN_SIZE];
+	char country[X509_C_SIZE];
+	char organization[X509_O_SIZE];
+	char organizational_unit_name[X509_OU_SIZE];
+	char locality_name[X509_L_SIZE];
+	char state_or_province_name[X509_S_SIZE];
+} gnutls_DN;
+
+/* For key Usage, test as:
+ * if (st.keyUsage & X509KEY_DIGITAL_SIGNATURE) ...
+ */
+#define X509KEY_DIGITAL_SIGNATURE 	256
+#define X509KEY_NON_REPUDIATION		128
+#define X509KEY_KEY_ENCIPHERMENT	64
+#define X509KEY_DATA_ENCIPHERMENT	32
+#define X509KEY_KEY_AGREEMENT		16
+#define X509KEY_KEY_CERT_SIGN		8
+#define X509KEY_CRL_SIGN		4
+#define X509KEY_ENCIPHER_ONLY		2
+#define X509KEY_DECIPHER_ONLY		1
+
+
+# ifdef LIBGNUTLS_VERSION /* defined only in gnutls.h */
+
+/* Functions that allow AUTH_INFO structures handling
+ */
+
+/* SRP */
+
+const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO* info);
+
+/* ANON */
+
+int gnutls_anon_server_get_dh_bits( const ANON_SERVER_AUTH_INFO* info);
+int gnutls_anon_client_get_dh_bits( const ANON_CLIENT_AUTH_INFO* info);
+
+/* X509PKI */
+
+
+const gnutls_DN* gnutls_x509pki_client_get_peer_dn( const X509PKI_CLIENT_AUTH_INFO* info);
+const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( const X509PKI_CLIENT_AUTH_INFO* info);
+CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( const X509PKI_CLIENT_AUTH_INFO* info);
+int gnutls_x509pki_client_get_peer_certificate_version( const X509PKI_CLIENT_AUTH_INFO* info);
+time_t gnutls_x509pki_client_get_peer_certificate_activation_time( const X509PKI_CLIENT_AUTH_INFO* info);
+time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( const X509PKI_CLIENT_AUTH_INFO* info);
+unsigned char gnutls_x509pki_client_get_key_usage( const X509PKI_CLIENT_AUTH_INFO* info);
+const char* gnutls_x509pki_client_get_subject_alt_name( const X509PKI_CLIENT_AUTH_INFO* info);
+# endif /* LIBGNUTLS_VERSION */
+
+#endif
diff --git a/src/cli.c b/src/cli.c
index c96c7cef9e..be62a3310f 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -41,18 +41,19 @@
 #define CRLFILE NULL
 
 #define PRINTX(x,y) if (y[0]!=0) printf(" -   %s %s\n", x, y)
-#define PRINT_DN(X) PRINTX( "CN:", x509_info->X.common_name); \
-	PRINTX( "OU:", x509_info->X.organizational_unit_name); \
-	PRINTX( "O:", x509_info->X.organization); \
-	PRINTX( "L:", x509_info->X.locality_name); \
-	PRINTX( "S:", x509_info->X.state_or_province_name); \
-	PRINTX( "C:", x509_info->X.country); \
-	PRINTX( "SAN:", x509_info->subjectAltName);
-	
+#define PRINT_DN(X) PRINTX( "CN:", X->common_name); \
+	PRINTX( "OU:", X->organizational_unit_name); \
+	PRINTX( "O:", X->organization); \
+	PRINTX( "L:", X->locality_name); \
+	PRINTX( "S:", X->state_or_province_name); \
+	PRINTX( "C:", X->country); \
+	PRINTX( "SAN:", gnutls_x509pki_client_get_subject_alt_name(x509_info))
+
 static int print_info( GNUTLS_STATE state) {
 const char *tmp;
 const ANON_CLIENT_AUTH_INFO *dh_info;
 const X509PKI_CLIENT_AUTH_INFO *x509_info;
+const gnutls_DN* dn;
 
 	tmp = gnutls_kx_get_name(gnutls_get_current_kx( state));
 	printf("- Key Exchange: %s\n", tmp);
@@ -60,13 +61,13 @@ const X509PKI_CLIENT_AUTH_INFO *x509_info;
 		dh_info = gnutls_get_auth_info(state);
 		if (dh_info != NULL)
 			printf("- Anonymous DH using prime of %d bits\n",
-			       dh_info->dh_bits);
+			       gnutls_anon_client_get_dh_bits(dh_info));
 	}
 
 	if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) {
 		x509_info = gnutls_get_auth_info(state);
 		if (x509_info != NULL) {
-			switch( x509_info->peer_certificate_status) {
+			switch( gnutls_x509pki_client_get_peer_certificate_status(x509_info)) {
 			case GNUTLS_CERT_NOT_TRUSTED:
 				printf("- Peer's X509 Certificate was NOT verified\n");
 				break;
@@ -83,16 +84,17 @@ const X509PKI_CLIENT_AUTH_INFO *x509_info;
 
 			}
 		}
-	}
 
-	printf(" - Certificate info:\n");
-	printf(" - Certificate version: #%d\n", x509_info->peer_certificate_version);
+		printf(" - Certificate info:\n");
+		printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info));
 
-	PRINT_DN(peer_dn);
-
-	printf(" - Certificate Issuer's info:\n");
-	PRINT_DN(issuer_dn);
+		dn = gnutls_x509pki_client_get_peer_dn( x509_info);
+		PRINT_DN( dn);
 
+		dn = gnutls_x509pki_client_get_issuer_dn( x509_info);
+		printf(" - Certificate Issuer's info:\n");
+		PRINT_DN( dn);
+	}
 
 	tmp = gnutls_version_get_name(gnutls_get_current_version(state));
 	printf("- Version: %s\n", tmp);
diff --git a/src/serv.c b/src/serv.c
index 11d1cafdd9..cabe590b67 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -133,13 +133,13 @@ void print_info(GNUTLS_STATE state)
 		srp_info = gnutls_get_auth_info(state);
 		if (srp_info != NULL)
 			printf("\n- User '%s' connected\n",
-			       srp_info->username);
+			       gnutls_srp_server_get_username(srp_info));
 	}
 	if (gnutls_get_auth_info_type(state) == GNUTLS_ANON) {
 		dh_info = gnutls_get_auth_info(state);
 		if (dh_info != NULL)
 			printf("\n- Anonymous DH using prime of %d bits\n",
-			       dh_info->dh_bits);
+			        gnutls_anon_server_get_dh_bits(dh_info));
 	}
 
 	/* print state information */
@@ -195,14 +195,14 @@ void peer_print_info(int cd, GNUTLS_STATE state)
 		srp_info = gnutls_get_auth_info(state);
 		if (srp_info != NULL) {
 			sprintf(tmp2, "<p>Connected as user '%s'.</p>\n",
-			       srp_info->username);
+			       gnutls_srp_server_get_username(srp_info));
 		}
 	}
 	if (gnutls_get_current_kx(state) == GNUTLS_KX_DH_ANON) {
 		dh_info = gnutls_get_auth_info(state);
 		if (dh_info != NULL) {
 			sprintf(tmp2, "<p> Connect using anonymous DH (prime of %d bits)</p>\n",
-			       dh_info->dh_bits);
+			       gnutls_anon_server_get_dh_bits( dh_info));
 		}
 
 	}
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-08-05 13:27:15 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-08-05 13:27:15 +0000
commit	93330469787a8b39a6f8c82f65305c7625487806 (patch)
tree	724430848112a788c91c4947d1ad1410eb8b8c73
parent	12c5c20a6e6e6f4a4ac741a9d44d57b57d2ea020 (diff)
download	gnutls-93330469787a8b39a6f8c82f65305c7625487806.tar.gz