remove dnsname (name_ind) extension

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-12-08 22:37:06 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-12-08 22:37:06 +0000
commit: 51c5be488bae246ab8bb33b50a377aaf554feca8 (patch)
tree: 72bf6ed5fab60739c99899d310e5369e69cafeeb
parent: c40c474082a518d54e4a4305e214ad00e4dda2f7 (diff)
download: gnutls-51c5be488bae246ab8bb33b50a377aaf554feca8.tar.gz
9 files changed, 5 insertions, 194 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 42ace9e549..0c44f4de2b 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -14,7 +14,7 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h pkcs1.asn pkix.asn \
 	x509_b64.h gnutls_srp.h auth_srp.h auth_srp_passwd.h gnutls_v2_compat.h \
 	crypt.h libgnutls-config.in libgnutls.m4 gnutls.h.in gnutls_errors_int.h \
 	x509_asn1.h x509_der.h gnutls_datum.h auth_x509.h gnutls_gcry.h \
-	ext_dnsname.h gnutls_pk.h gnutls_record.h gnutls_cert.h \
+	gnutls_pk.h gnutls_record.h gnutls_cert.h \
 	gnutls_privkey.h gnutls_constate.h gnutls_global.h x509_verify.h \
 	gnutls_sig.h gnutls_mem.h x509_extensions.h gnutls_ui.h \
 	gnutls-api.tex io_debug.h ext_max_record.h gnutls_session_pack.h
@@ -31,7 +31,7 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c \
 	crypt_bcrypt.c crypt.c gnutls_random.c crypt_srpsha1.c gnutls_srp.c \
 	auth_srp.c auth_srp_passwd.c gnutls_v2_compat.c auth_srp_sb64.c \
 	gnutls_datum.c auth_rsa.c gnutls_session_pack.c \
-	gnutls_gcry.c ext_dnsname.c gnutls_pk.c gnutls_cert.c x509_verify.c\
+	gnutls_gcry.c gnutls_pk.c gnutls_cert.c x509_verify.c\
 	gnutls_global.c gnutls_privkey.c gnutls_constate.c gnutls_anon_cred.c \
 	x509_sig_check.c pkix_asn1_tab.c pkcs1_asn1_tab.c gnutls_mem.c \
 	x509_extensions.c auth_x509.c gnutls_ui.c gnutls_sig.c auth_dhe_rsa.c \
diff --git a/lib/auth_x509.c b/lib/auth_x509.c
index d13cf8b672..b2de54efc9 100644
--- a/lib/auth_x509.c
+++ b/lib/auth_x509.c
@@ -35,7 +35,6 @@
 #include <gnutls_record.h>
 #include <x509_verify.h>
 #include <gnutls_sig.h>
-#include <ext_dnsname.h>
 #include <x509_extensions.h>
 
 /* Copies data from a internal certificate struct (gnutls_cert) to 
diff --git a/lib/ext_dnsname.c b/lib/ext_dnsname.c
deleted file mode 100644
index f20f16779e..0000000000
--- a/lib/ext_dnsname.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- *      Copyright (C) 2001 Nikos Mavroyanopoulos
- *
- * This file is part of GNUTLS.
- *
- * GNUTLS is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * GNUTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#include "gnutls_int.h"
-#include "gnutls_auth_int.h"
-#include "auth_x509.h"
-#include "gnutls_errors.h"
-#include "gnutls_num.h"
-
-/* This file should have been called ext_name_ind.c
- * 
- * In case of a server: if a DNSNAME extension type is received then it stores
- * into the state the value of DNSNAME. The server may use gnutls_ext_get_name_ind(),
- * in order to access it.
- *
- * In case of a client: If a proper DNSNAME extension type is found in the state then
- * it sends the extension to the peer.
- *
- */
-
-int _gnutls_name_ind_recv_params( GNUTLS_STATE state, const opaque* data, int data_size) {
-	uint16 len;
-	if (state->security_parameters.entity == GNUTLS_SERVER) {
-		if (data_size > 0) {
-			len = READuint16( data);
-			if (len > data_size || len >= MAX_DNSNAME_SIZE || len < 3) {
-				gnutls_assert();
-				return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-			}
-			
-			switch(data[2]) {
-				case 0:
-					if (sizeof( state->security_parameters.extensions.name.dnsname) > len-2) {
-						state->security_parameters.extensions.name.type = GNUTLS_DNSNAME;
-						/* note that dnsname is in UTF-8
-						 * format.
-						 */
-						memcpy( state->security_parameters.extensions.name.dnsname, &data[3], len-1);
-						state->security_parameters.extensions.name.dnsname[len-1]=0; /* null terminated */
-						break;
-					}
-			}
-		}
-	}
-	return 0;
-}
-
-/* returns data_size or a negative number on failure
- * data is allocated localy
- */
-int _gnutls_name_ind_send_params( GNUTLS_STATE state, opaque** data) {
-	uint16 len;
-	/* this function sends the client extension data (dnsname) */
-	if (state->security_parameters.entity == GNUTLS_CLIENT) {
-
-		switch (state->security_parameters.extensions.name.type) {
-			case GNUTLS_DNSNAME:
-				if ( (len = strlen(state->security_parameters.extensions.name.dnsname)) > 0) { /* send dnsname */
-					(*data) = gnutls_malloc(len+3); /* hold the size and the type also */
-					if (*data==NULL) return GNUTLS_E_MEMORY_ERROR;
-					
-					WRITEuint16( len+1, *data);
-					(*data)[2] = 0;
-					memcpy( &(*data)[3], state->security_parameters.extensions.name.dnsname, len);
-					return len + 3;
-				}
-				return 0;
-			default:
-				return GNUTLS_E_UNIMPLEMENTED_FEATURE;
-		}
-	}
-	return GNUTLS_E_UNKNOWN_ERROR;
-}
-
-/**
-  * gnutls_ext_get_name_ind - Used to get the name indicator send by a client
-  * @state: is a &GNUTLS_STATE structure.
-  * @ind: is a name indicator type
-  *
-  * This function will allow you to get the name indication (if any),
-  * a client has sent. The name indication may be any of the enumeration
-  * GNUTLS_NAME_IND.
-  *
-  * If 'ind' is GNUTLS_DNSNAME, then this function is to be used by servers 
-  * that support virtual hosting.
-  * The client may give the server the dnsname they connected to.
-  *
-  * The return value depends on the 'ind' type. In case of GNUTLS_DNSNAME,
-  * it is a null terminated string. If no name indication was given (maybe the client
-  * does not support this extension) this function returns NULL.
-  *
-  **/
-const void* gnutls_ext_get_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind) {
-	if (state->security_parameters.entity==GNUTLS_CLIENT) return NULL;
-
-	switch( ind) {
-		case GNUTLS_DNSNAME:
-			if ( state->security_parameters.extensions.name.dnsname[0] == 0 ||
-				state->security_parameters.extensions.name.type!=ind) return NULL;
-			return state->security_parameters.extensions.name.dnsname;
-	}
-	
-	return NULL;
-}
-
-/**
-  * gnutls_ext_set_name_ind - Used to set a name indicator to be sent as an extension
-  * @state: is a &GNUTLS_STATE structure.
-  * @name: is a null terminated string that contains the dns name.
-  * @ind: specified the indicator type
-  *
-  * This function is to be used by clients that want to inform 
-  * ( via a TLS extension mechanism) the server of the name they
-  * connected to. This should be used by clients that connect
-  * to servers that do virtual hosting.
-  *
-  * The value of 'name' depends on the 'ind' type. In case of GNUTLS_DNSNAME,
-  * a null terminated string is expected. 
-  *
-  **/
-int gnutls_ext_set_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind, const void* name) {
-const char* dnsname;
-
-	if (state->security_parameters.entity==GNUTLS_SERVER) return GNUTLS_E_UNIMPLEMENTED_FEATURE;
-	state->security_parameters.extensions.name.type = ind;
-	
-	switch(ind) {
-		case GNUTLS_DNSNAME:
-			dnsname = name;
-			if (strlen( dnsname) >= MAX_DNSNAME_SIZE) return GNUTLS_E_MEMORY_ERROR;
-			strcpy( state->security_parameters.extensions.name.dnsname, dnsname);
-			return 0;
-	}
-	
-	return GNUTLS_E_UNIMPLEMENTED_FEATURE;
-}
diff --git a/lib/ext_dnsname.h b/lib/ext_dnsname.h
deleted file mode 100644
index 62ba86d5e3..0000000000
--- a/lib/ext_dnsname.h
+++ /dev/null
@@ -1,7 +0,0 @@
-int _gnutls_name_ind_recv_params( GNUTLS_STATE state, const opaque* data, int data_size);
-int _gnutls_name_ind_send_params( GNUTLS_STATE state, opaque** data);
-
-const void* gnutls_ext_get_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind);
-int gnutls_ext_set_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind, const void* name);
-
-
diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in
index d7d5fcf90e..2ca373d8fb 100644
--- a/lib/gnutls.h.in
+++ b/lib/gnutls.h.in
@@ -162,13 +162,6 @@ int gnutls_clear_creds( GNUTLS_STATE state);
 /* cred is a structure defined by the kx algorithm */
 int gnutls_set_cred( GNUTLS_STATE, CredType type, void* cred);
 
-/* A null terminated string containing the dnsname.
- * This will only exist if the client supports the dnsname
- * TLS extension. (draft-ietf-tls-extensions)
- */
-const void* gnutls_ext_get_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind);
-        int gnutls_ext_set_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind, const void* name);
-
 /* This will set the Common Name field in case of X509PKI
  * authentication. This will be used while verifying the
  * certificate
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index 9f2f6f81f3..10ab5dc680 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -22,7 +22,6 @@
 #include "gnutls_extensions.h"
 #include "gnutls_errors.h"
 #include "ext_srp.h"
-#include "ext_dnsname.h"
 #include "ext_max_record.h"
 #include "gnutls_num.h"
 
@@ -40,7 +39,6 @@ typedef struct {
 #define MAX_EXT 20 /* maximum supported extension */
 static gnutls_extension_entry extensions[] = {
 	GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_SRP, _gnutls_srp_recv_params, _gnutls_srp_send_params),
-	GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_DNSNAME, _gnutls_name_ind_recv_params, _gnutls_name_ind_send_params),
 	GNUTLS_EXTENSION_ENTRY( GNUTLS_EXTENSION_MAX_RECORD_SIZE, _gnutls_max_record_recv_params, _gnutls_max_record_send_params),
 	{0}
 };
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 07b6c2fcd4..931633222e 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -38,7 +38,6 @@
 #include "auth_x509.h"
 #include "gnutls_cert.h"
 #include "gnutls_constate.h"
-#include <ext_dnsname.h>
 #include <gnutls_record.h>
 
 #ifdef HANDSHAKE_DEBUG
@@ -496,7 +495,7 @@ static int _gnutls_server_SelectSuite(GNUTLS_STATE state, opaque ret[2],
 	x = _gnutls_supported_ciphersuites(state, &ciphers);
 
 	/* Here we remove any ciphersuite that does not conform
-	 * the certificate requested (using dnsname), or to the
+	 * the certificate requested, or to the
 	 * authentication requested (eg SRP).
 	 */
 	x = _gnutls_remove_unwanted_ciphersuites(state, &ciphers, x);
@@ -1858,8 +1857,7 @@ int _gnutls_recv_hello_request( GNUTLS_STATE state, void *data,
 
 /* This function will remove algorithms that are not supported by
  * the requested authentication method. We only remove algorithm if
- * we receive client hello extensions (dnsname),
- * or if we have a certificate with keyUsage bits set.
+ * we have a certificate with keyUsage bits set.
  */
 int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state,
 					 GNUTLS_CipherSuite **
diff --git a/src/cli.c b/src/cli.c
index 4462c419a4..3f7454e776 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -120,7 +120,7 @@ int cert_list_size = 0;
 	return 0;
 }
 
-int cert_callback( const gnutls_datum *client_certs, int ncerts, const gnutls_datum* req_ca_cert, int nreqs) {
+static int cert_callback( GNUTLS_STATE state, const gnutls_datum *client_certs, int ncerts, const gnutls_datum* req_ca_cert, int nreqs) {
 
 	if (client_certs==NULL) {
 		return 0; /* means the we will only be called again
@@ -241,8 +241,6 @@ int main(int argc, char** argv)
 
 /* This TLS extension may break old implementations.
  */
-	gnutls_ext_set_name_ind( state, GNUTLS_DNSNAME, "localhost"); 
-
 	gnutls_transport_set_ptr( state, sd);
 	do {
 		ret = gnutls_handshake( state);
@@ -302,8 +300,6 @@ int main(int argc, char** argv)
 	gnutls_set_cred( state, GNUTLS_SRP, cred);
 	gnutls_set_cred( state, GNUTLS_X509PKI, xcred);
 
-	gnutls_ext_set_name_ind( state, GNUTLS_DNSNAME, "hello.server.org");
-
 #ifdef RESUME
 	gnutls_session_set_data( state, session, session_size);
 	free(session);
diff --git a/src/serv.c b/src/serv.c
index b876d134a6..693886ab7e 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -124,11 +124,6 @@ void print_info(GNUTLS_STATE state)
 		printf("%.2X", sesid[i]);
 	printf("\n");
 
-	if ( gnutls_ext_get_name_ind(state, GNUTLS_DNSNAME) != NULL) {
-		printf("- DNSNAME: ");
-		printf("%s\n", (char*)gnutls_ext_get_name_ind(state, GNUTLS_DNSNAME));
-	}
-	
 	/* we could also use the KX algorithm to distinguish the functions
 	 * to call, but this is easier.
 	 */
@@ -226,14 +221,6 @@ void peer_print_info( GNUTLS_STATE state)
 		sprintf(tmp2, "%.2X", sesid[i]);
 	sprintf(tmp2, "</i></p>\n");
 
-	/* if the client supports dnsname extension then
-	 * print the hostname he connected to.
-	 */
-	if (gnutls_ext_get_name_ind(state, GNUTLS_DNSNAME)!=NULL) {
-		sprintf(tmp2, "\n<p>DNSNAME: ");
-		sprintf(tmp2, "<b>%s</b></p>\n", (char*)gnutls_ext_get_name_ind(state, GNUTLS_DNSNAME));
-	}
-
 	/* Here unlike print_info() we use the kx algorithm to distinguish
 	 * the functions to call.
 	 */
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-12-08 22:37:06 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-12-08 22:37:06 +0000
commit	51c5be488bae246ab8bb33b50a377aaf554feca8 (patch)
tree	72bf6ed5fab60739c99899d310e5369e69cafeeb
parent	c40c474082a518d54e4a4305e214ad00e4dda2f7 (diff)
download	gnutls-51c5be488bae246ab8bb33b50a377aaf554feca8.tar.gz