diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-12-08 22:37:06 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-12-08 22:37:06 +0000 |
commit | 51c5be488bae246ab8bb33b50a377aaf554feca8 (patch) | |
tree | 72bf6ed5fab60739c99899d310e5369e69cafeeb | |
parent | c40c474082a518d54e4a4305e214ad00e4dda2f7 (diff) | |
download | gnutls-51c5be488bae246ab8bb33b50a377aaf554feca8.tar.gz |
remove dnsname (name_ind) extension
-rw-r--r-- | lib/Makefile.am | 4 | ||||
-rw-r--r-- | lib/auth_x509.c | 1 | ||||
-rw-r--r-- | lib/ext_dnsname.c | 153 | ||||
-rw-r--r-- | lib/ext_dnsname.h | 7 | ||||
-rw-r--r-- | lib/gnutls.h.in | 7 | ||||
-rw-r--r-- | lib/gnutls_extensions.c | 2 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 6 | ||||
-rw-r--r-- | src/cli.c | 6 | ||||
-rw-r--r-- | src/serv.c | 13 |
9 files changed, 5 insertions, 194 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 42ace9e549..0c44f4de2b 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -14,7 +14,7 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h pkcs1.asn pkix.asn \ x509_b64.h gnutls_srp.h auth_srp.h auth_srp_passwd.h gnutls_v2_compat.h \ crypt.h libgnutls-config.in libgnutls.m4 gnutls.h.in gnutls_errors_int.h \ x509_asn1.h x509_der.h gnutls_datum.h auth_x509.h gnutls_gcry.h \ - ext_dnsname.h gnutls_pk.h gnutls_record.h gnutls_cert.h \ + gnutls_pk.h gnutls_record.h gnutls_cert.h \ gnutls_privkey.h gnutls_constate.h gnutls_global.h x509_verify.h \ gnutls_sig.h gnutls_mem.h x509_extensions.h gnutls_ui.h \ gnutls-api.tex io_debug.h ext_max_record.h gnutls_session_pack.h @@ -31,7 +31,7 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c \ crypt_bcrypt.c crypt.c gnutls_random.c crypt_srpsha1.c gnutls_srp.c \ auth_srp.c auth_srp_passwd.c gnutls_v2_compat.c auth_srp_sb64.c \ gnutls_datum.c auth_rsa.c gnutls_session_pack.c \ - gnutls_gcry.c ext_dnsname.c gnutls_pk.c gnutls_cert.c x509_verify.c\ + gnutls_gcry.c gnutls_pk.c gnutls_cert.c x509_verify.c\ gnutls_global.c gnutls_privkey.c gnutls_constate.c gnutls_anon_cred.c \ x509_sig_check.c pkix_asn1_tab.c pkcs1_asn1_tab.c gnutls_mem.c \ x509_extensions.c auth_x509.c gnutls_ui.c gnutls_sig.c auth_dhe_rsa.c \ diff --git a/lib/auth_x509.c b/lib/auth_x509.c index d13cf8b672..b2de54efc9 100644 --- a/lib/auth_x509.c +++ b/lib/auth_x509.c @@ -35,7 +35,6 @@ #include <gnutls_record.h> #include <x509_verify.h> #include <gnutls_sig.h> -#include <ext_dnsname.h> #include <x509_extensions.h> /* Copies data from a internal certificate struct (gnutls_cert) to diff --git a/lib/ext_dnsname.c b/lib/ext_dnsname.c deleted file mode 100644 index f20f16779e..0000000000 --- a/lib/ext_dnsname.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright (C) 2001 Nikos Mavroyanopoulos - * - * This file is part of GNUTLS. - * - * GNUTLS is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * GNUTLS is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ - -#include "gnutls_int.h" -#include "gnutls_auth_int.h" -#include "auth_x509.h" -#include "gnutls_errors.h" -#include "gnutls_num.h" - -/* This file should have been called ext_name_ind.c - * - * In case of a server: if a DNSNAME extension type is received then it stores - * into the state the value of DNSNAME. The server may use gnutls_ext_get_name_ind(), - * in order to access it. - * - * In case of a client: If a proper DNSNAME extension type is found in the state then - * it sends the extension to the peer. - * - */ - -int _gnutls_name_ind_recv_params( GNUTLS_STATE state, const opaque* data, int data_size) { - uint16 len; - if (state->security_parameters.entity == GNUTLS_SERVER) { - if (data_size > 0) { - len = READuint16( data); - if (len > data_size || len >= MAX_DNSNAME_SIZE || len < 3) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - switch(data[2]) { - case 0: - if (sizeof( state->security_parameters.extensions.name.dnsname) > len-2) { - state->security_parameters.extensions.name.type = GNUTLS_DNSNAME; - /* note that dnsname is in UTF-8 - * format. - */ - memcpy( state->security_parameters.extensions.name.dnsname, &data[3], len-1); - state->security_parameters.extensions.name.dnsname[len-1]=0; /* null terminated */ - break; - } - } - } - } - return 0; -} - -/* returns data_size or a negative number on failure - * data is allocated localy - */ -int _gnutls_name_ind_send_params( GNUTLS_STATE state, opaque** data) { - uint16 len; - /* this function sends the client extension data (dnsname) */ - if (state->security_parameters.entity == GNUTLS_CLIENT) { - - switch (state->security_parameters.extensions.name.type) { - case GNUTLS_DNSNAME: - if ( (len = strlen(state->security_parameters.extensions.name.dnsname)) > 0) { /* send dnsname */ - (*data) = gnutls_malloc(len+3); /* hold the size and the type also */ - if (*data==NULL) return GNUTLS_E_MEMORY_ERROR; - - WRITEuint16( len+1, *data); - (*data)[2] = 0; - memcpy( &(*data)[3], state->security_parameters.extensions.name.dnsname, len); - return len + 3; - } - return 0; - default: - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - } - return GNUTLS_E_UNKNOWN_ERROR; -} - -/** - * gnutls_ext_get_name_ind - Used to get the name indicator send by a client - * @state: is a &GNUTLS_STATE structure. - * @ind: is a name indicator type - * - * This function will allow you to get the name indication (if any), - * a client has sent. The name indication may be any of the enumeration - * GNUTLS_NAME_IND. - * - * If 'ind' is GNUTLS_DNSNAME, then this function is to be used by servers - * that support virtual hosting. - * The client may give the server the dnsname they connected to. - * - * The return value depends on the 'ind' type. In case of GNUTLS_DNSNAME, - * it is a null terminated string. If no name indication was given (maybe the client - * does not support this extension) this function returns NULL. - * - **/ -const void* gnutls_ext_get_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind) { - if (state->security_parameters.entity==GNUTLS_CLIENT) return NULL; - - switch( ind) { - case GNUTLS_DNSNAME: - if ( state->security_parameters.extensions.name.dnsname[0] == 0 || - state->security_parameters.extensions.name.type!=ind) return NULL; - return state->security_parameters.extensions.name.dnsname; - } - - return NULL; -} - -/** - * gnutls_ext_set_name_ind - Used to set a name indicator to be sent as an extension - * @state: is a &GNUTLS_STATE structure. - * @name: is a null terminated string that contains the dns name. - * @ind: specified the indicator type - * - * This function is to be used by clients that want to inform - * ( via a TLS extension mechanism) the server of the name they - * connected to. This should be used by clients that connect - * to servers that do virtual hosting. - * - * The value of 'name' depends on the 'ind' type. In case of GNUTLS_DNSNAME, - * a null terminated string is expected. - * - **/ -int gnutls_ext_set_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind, const void* name) { -const char* dnsname; - - if (state->security_parameters.entity==GNUTLS_SERVER) return GNUTLS_E_UNIMPLEMENTED_FEATURE; - state->security_parameters.extensions.name.type = ind; - - switch(ind) { - case GNUTLS_DNSNAME: - dnsname = name; - if (strlen( dnsname) >= MAX_DNSNAME_SIZE) return GNUTLS_E_MEMORY_ERROR; - strcpy( state->security_parameters.extensions.name.dnsname, dnsname); - return 0; - } - - return GNUTLS_E_UNIMPLEMENTED_FEATURE; -} diff --git a/lib/ext_dnsname.h b/lib/ext_dnsname.h deleted file mode 100644 index 62ba86d5e3..0000000000 --- a/lib/ext_dnsname.h +++ /dev/null @@ -1,7 +0,0 @@ -int _gnutls_name_ind_recv_params( GNUTLS_STATE state, const opaque* data, int data_size); -int _gnutls_name_ind_send_params( GNUTLS_STATE state, opaque** data); - -const void* gnutls_ext_get_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind); -int gnutls_ext_set_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind, const void* name); - - diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in index d7d5fcf90e..2ca373d8fb 100644 --- a/lib/gnutls.h.in +++ b/lib/gnutls.h.in @@ -162,13 +162,6 @@ int gnutls_clear_creds( GNUTLS_STATE state); /* cred is a structure defined by the kx algorithm */ int gnutls_set_cred( GNUTLS_STATE, CredType type, void* cred); -/* A null terminated string containing the dnsname. - * This will only exist if the client supports the dnsname - * TLS extension. (draft-ietf-tls-extensions) - */ -const void* gnutls_ext_get_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind); - int gnutls_ext_set_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind, const void* name); - /* This will set the Common Name field in case of X509PKI * authentication. This will be used while verifying the * certificate diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 9f2f6f81f3..10ab5dc680 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -22,7 +22,6 @@ #include "gnutls_extensions.h" #include "gnutls_errors.h" #include "ext_srp.h" -#include "ext_dnsname.h" #include "ext_max_record.h" #include "gnutls_num.h" @@ -40,7 +39,6 @@ typedef struct { #define MAX_EXT 20 /* maximum supported extension */ static gnutls_extension_entry extensions[] = { GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_SRP, _gnutls_srp_recv_params, _gnutls_srp_send_params), - GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_DNSNAME, _gnutls_name_ind_recv_params, _gnutls_name_ind_send_params), GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_MAX_RECORD_SIZE, _gnutls_max_record_recv_params, _gnutls_max_record_send_params), {0} }; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 07b6c2fcd4..931633222e 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -38,7 +38,6 @@ #include "auth_x509.h" #include "gnutls_cert.h" #include "gnutls_constate.h" -#include <ext_dnsname.h> #include <gnutls_record.h> #ifdef HANDSHAKE_DEBUG @@ -496,7 +495,7 @@ static int _gnutls_server_SelectSuite(GNUTLS_STATE state, opaque ret[2], x = _gnutls_supported_ciphersuites(state, &ciphers); /* Here we remove any ciphersuite that does not conform - * the certificate requested (using dnsname), or to the + * the certificate requested, or to the * authentication requested (eg SRP). */ x = _gnutls_remove_unwanted_ciphersuites(state, &ciphers, x); @@ -1858,8 +1857,7 @@ int _gnutls_recv_hello_request( GNUTLS_STATE state, void *data, /* This function will remove algorithms that are not supported by * the requested authentication method. We only remove algorithm if - * we receive client hello extensions (dnsname), - * or if we have a certificate with keyUsage bits set. + * we have a certificate with keyUsage bits set. */ int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, GNUTLS_CipherSuite ** @@ -120,7 +120,7 @@ int cert_list_size = 0; return 0; } -int cert_callback( const gnutls_datum *client_certs, int ncerts, const gnutls_datum* req_ca_cert, int nreqs) { +static int cert_callback( GNUTLS_STATE state, const gnutls_datum *client_certs, int ncerts, const gnutls_datum* req_ca_cert, int nreqs) { if (client_certs==NULL) { return 0; /* means the we will only be called again @@ -241,8 +241,6 @@ int main(int argc, char** argv) /* This TLS extension may break old implementations. */ - gnutls_ext_set_name_ind( state, GNUTLS_DNSNAME, "localhost"); - gnutls_transport_set_ptr( state, sd); do { ret = gnutls_handshake( state); @@ -302,8 +300,6 @@ int main(int argc, char** argv) gnutls_set_cred( state, GNUTLS_SRP, cred); gnutls_set_cred( state, GNUTLS_X509PKI, xcred); - gnutls_ext_set_name_ind( state, GNUTLS_DNSNAME, "hello.server.org"); - #ifdef RESUME gnutls_session_set_data( state, session, session_size); free(session); diff --git a/src/serv.c b/src/serv.c index b876d134a6..693886ab7e 100644 --- a/src/serv.c +++ b/src/serv.c @@ -124,11 +124,6 @@ void print_info(GNUTLS_STATE state) printf("%.2X", sesid[i]); printf("\n"); - if ( gnutls_ext_get_name_ind(state, GNUTLS_DNSNAME) != NULL) { - printf("- DNSNAME: "); - printf("%s\n", (char*)gnutls_ext_get_name_ind(state, GNUTLS_DNSNAME)); - } - /* we could also use the KX algorithm to distinguish the functions * to call, but this is easier. */ @@ -226,14 +221,6 @@ void peer_print_info( GNUTLS_STATE state) sprintf(tmp2, "%.2X", sesid[i]); sprintf(tmp2, "</i></p>\n"); - /* if the client supports dnsname extension then - * print the hostname he connected to. - */ - if (gnutls_ext_get_name_ind(state, GNUTLS_DNSNAME)!=NULL) { - sprintf(tmp2, "\n<p>DNSNAME: "); - sprintf(tmp2, "<b>%s</b></p>\n", (char*)gnutls_ext_get_name_ind(state, GNUTLS_DNSNAME)); - } - /* Here unlike print_info() we use the kx algorithm to distinguish * the functions to call. */ |