diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-04 12:05:51 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-04 12:05:51 +0000 |
commit | faa84bc98ead2485c5ff7e57d9b7e208a8816364 (patch) | |
tree | 8413d914f1691ecc19d90e12ca9049f66fc95fcd | |
parent | 78fcf46acfef31b49960d2a7fee7c172a1116bf0 (diff) | |
download | gnutls-faa84bc98ead2485c5ff7e57d9b7e208a8816364.tar.gz |
updated documentation
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | doc/tex/ex3.tex | 145 | ||||
-rw-r--r-- | src/common.h | 31 |
3 files changed, 121 insertions, 56 deletions
@@ -3,6 +3,7 @@ Version ?.?.? - Added gnutls_fingerprint() - Added gnutls_x509pki_extract_certificate_serial() - Corrected behaviour in version advertizing +- Updated documentation Version 0.3.1 (21/12/2001) - Corrections in the configuration files diff --git a/doc/tex/ex3.tex b/doc/tex/ex3.tex index 4af335ed07..226fcdfdb7 100644 --- a/doc/tex/ex3.tex +++ b/doc/tex/ex3.tex @@ -1,87 +1,130 @@ \begin{verbatim} #define PRINTX(x,y) if (y[0]!=0) printf(" - %s %s\n", x, y) -#define PRINT_DN(X) PRINTX( "CN:", X->common_name); \ - PRINTX( "OU:", X->organizational_unit_name); \ - PRINTX( "O:", X->organization); \ - PRINTX( "L:", X->locality_name); \ - PRINTX( "S:", X->state_or_province_name); \ - PRINTX( "C:", X->country); \ - PRINTX( "E:", X->email) - +#define PRINT_DN(X) PRINTX( "CN:", X.common_name); \ + PRINTX( "OU:", X.organizational_unit_name); \ + PRINTX( "O:", X.organization); \ + PRINTX( "L:", X.locality_name); \ + PRINTX( "S:", X.state_or_province_name); \ + PRINTX( "C:", X.country); \ + PRINTX( "E:", X.email) + +/* This function will print some details of the + * given state. + */ int print_info(GNUTLS_STATE state) { const char *tmp; + GNUTLS_CredType cred; + gnutls_DN dn; + const gnutls_datum *cert_list; + GNUTLS_CertificateStatus status; + int cert_list_size = 0; + GNUTLS_KXAlgorithm kx; + /* print the key exchange's algorithm name */ - tmp = gnutls_kx_get_name( gnutls_kx_get_algo( state)); + kx = gnutls_kx_get_algo(state); + tmp = gnutls_kx_get_name(kx); printf("- Key Exchange: %s\n", tmp); - /* in case of X509 PKI - */ - if (gnutls_auth_get_type(state) == GNUTLS_X509PKI) { - const gnutls_DN* dn; - const gnutls_datum* cert_list; - int cert_list_size = 0; - CertificateStatus status; - KXAlgorithm kx; - - kx = gnutls_kx_get_algo(state); + cred = gnutls_auth_get_type(state); + switch (cred) { + case GNUTLS_ANON: + printf("- Anonymous DH using prime of %d bits\n", + gnutls_anon_client_get_dh_bits(state)); + break; + case GNUTLS_X509PKI: + /* in case of X509 PKI + */ + cert_list = gnutls_x509pki_client_get_peer_certificate_list(state, &cert_list_size); + status = gnutls_x509pki_client_get_peer_certificate_status(state); + + switch (status) { + case GNUTLS_CERT_NOT_TRUSTED: + printf("- Peer's X509 Certificate was NOT verified\n"); + break; + case GNUTLS_CERT_EXPIRED: + printf("- Peer's X509 Certificate was verified but is expired\n"); + break; + case GNUTLS_CERT_TRUSTED: + printf("- Peer's X509 Certificate was verified\n"); + break; + case GNUTLS_CERT_NONE: + printf("- Peer did not send any X509 Certificate.\n"); + break; + case GNUTLS_CERT_INVALID: + printf("- Peer's X509 Certificate was invalid\n"); + break; + } /* Check if we have been using ephemeral Diffie Hellman. */ if (kx == GNUTLS_KX_X509PKI_DHE_RSA || kx == GNUTLS_KX_X509PKI_DHE_DSS) { printf("\n- Ephemeral DH using prime of %d bits\n", - gnutls_x509pki_server_get_dh_bits( state)); + gnutls_x509pki_server_get_dh_bits(state)); } - - status = gnutls_x509pki_client_get_peer_certificate_status( state); - cert_list = gnutls_x509pki_client_get_peer_certificate_list( state, &cert_list_size); - - switch( status) { - case GNUTLS_CERT_NOT_TRUSTED: - printf("- Peer's X509 Certificate was NOT verified\n"); - break; - case GNUTLS_CERT_EXPIRED: - printf("- Peer's X509 Certificate was verified but is expired\n"); - break; - case GNUTLS_CERT_TRUSTED: - printf("- Peer's X509 Certificate was verified\n"); - break; - case GNUTLS_CERT_NONE: - printf("- Peer did not send any certificate.\n"); - break; - case GNUTLS_CERT_INVALID: - printf("- Peer's X509 Certificate was invalid\n"); - break; - } - - if ( cert_list_size > 0) { + /* if the certificate list is available, then + * print some information about it. + */ + if (cert_list_size > 0) { + char digest[20]; + char serial[40]; + int digest_size = sizeof(digest), i; + int serial_size = sizeof(serial); + char printable[120]; + char *print; printf(" - Certificate info:\n"); - printf(" - Certificate version: #%d\n", gnutls_x509pki_extract_certificate_version( &cert_list[0])); - gnutls_x509pki_extract_certificate_dn( &cert_list[0], &dn); - PRINT_DN( dn); + /* Print the fingerprint of the certificate + */ + if (gnutls_fingerprint(GNUTLS_DIG_MD5, &cert_list[0], digest, &digest_size) >= 0) { + print = printable; + for (i = 0; i < digest_size; i++) { + sprintf(print, "%.2x ", (unsigned char) digest[i]); + print += 3; + } + printf(" - Certificate fingerprint: %s\n", printable); + } + + /* Print the serial number of the certificate. + */ + if (gnutls_x509pki_extract_certificate_serial(&cert_list[0], serial, &serial_size) >= 0) { + print = printable; + for (i = 0; i < serial_size; i++) { + sprintf(print, "%.2x ", (unsigned char) serial[i]); + print += 3; + } + printf(" - Certificate serial number: %s\n", printable); + } + + /* Print the version of the X.509 + * certificate. + */ + printf(" - Certificate version: #%d\n", gnutls_x509pki_extract_certificate_version(&cert_list[0])); + + gnutls_x509pki_extract_certificate_dn(&cert_list[0], &dn); + PRINT_DN(dn); - gnutls_x509pki_extract_certificate_issuer_dn( &cert_list[0], &dn); + gnutls_x509pki_extract_certificate_issuer_dn(&cert_list[0], &dn); printf(" - Certificate Issuer's info:\n"); PRINT_DN(dn); } } - tmp = gnutls_protocol_get_name( gnutls_protocol_get_version( state)); + tmp = gnutls_protocol_get_name(gnutls_protocol_get_version(state)); printf("- Version: %s\n", tmp); - tmp = gnutls_compression_get_name( gnutls_compression_get_algo( state)); + tmp = gnutls_compression_get_name(gnutls_compression_get_algo(state)); printf("- Compression: %s\n", tmp); - tmp = gnutls_cipher_get_name( gnutls_cipher_get_algo( state)); + tmp = gnutls_cipher_get_name(gnutls_cipher_get_algo(state)); printf("- Cipher: %s\n", tmp); - tmp = gnutls_mac_get_name(gnutls_mac_get_algo( state)); + tmp = gnutls_mac_get_name(gnutls_mac_get_algo(state)); printf("- MAC: %s\n", tmp); return 0; diff --git a/src/common.h b/src/common.h index cc616c2494..9d2aee344f 100644 --- a/src/common.h +++ b/src/common.h @@ -12,13 +12,18 @@ static int print_info( GNUTLS_STATE state) { const char *tmp; -CredType cred; +GNUTLS_CredType cred; gnutls_DN dn; const gnutls_datum* cert_list; -CertificateStatus status; +GNUTLS_CertificateStatus status; int cert_list_size = 0; +GNUTLS_KXAlgorithm kx; - tmp = gnutls_kx_get_name(gnutls_kx_get_algo( state)); + + /* print the key exchange's algorithm name + */ + kx = gnutls_kx_get_algo(state); + tmp = gnutls_kx_get_name( kx); printf("- Key Exchange: %s\n", tmp); cred = gnutls_auth_get_type(state); @@ -28,6 +33,8 @@ int cert_list_size = 0; gnutls_anon_client_get_dh_bits( state)); break; case GNUTLS_X509PKI: + /* in case of X509 PKI + */ cert_list = gnutls_x509pki_client_get_peer_certificate_list( state, &cert_list_size); status = gnutls_x509pki_client_get_peer_certificate_status( state); @@ -48,7 +55,14 @@ int cert_list_size = 0; printf("- Peer's X509 Certificate was invalid\n"); break; } - + + /* Check if we have been using ephemeral Diffie Hellman. + */ + if (kx == GNUTLS_KX_X509PKI_DHE_RSA || kx == GNUTLS_KX_X509PKI_DHE_DSS) { + printf("\n- Ephemeral DH using prime of %d bits\n", + gnutls_x509pki_server_get_dh_bits( state)); + } + if (cert_list_size > 0) { char digest[20]; char serial[40]; @@ -59,6 +73,8 @@ int cert_list_size = 0; printf(" - Certificate info:\n"); + /* Print the fingerprint of the certificate + */ if ( gnutls_fingerprint( GNUTLS_DIG_MD5, &cert_list[0], digest, &digest_size) >= 0) { print = printable; for (i=0;i<digest_size;i++) { @@ -67,7 +83,9 @@ int cert_list_size = 0; } printf(" - Certificate fingerprint: %s\n", printable); } - + + /* Print the serial number of the certificate. + */ if ( gnutls_x509pki_extract_certificate_serial( &cert_list[0], serial, &serial_size) >= 0) { print = printable; for (i=0;i<serial_size;i++) { @@ -77,6 +95,9 @@ int cert_list_size = 0; printf(" - Certificate serial number: %s\n", printable); } + /* Print the version of the X.509 + * certificate. + */ printf(" - Certificate version: #%d\n", gnutls_x509pki_extract_certificate_version( &cert_list[0])); gnutls_x509pki_extract_certificate_dn( &cert_list[0], &dn); |