diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-02-22 00:40:23 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-02-22 00:40:23 +0000 |
commit | 1512dfb8069670fcc753f2c4175b308d829a691d (patch) | |
tree | e4a9586519c13ce9494fe63ac50dc71bc6f39374 | |
parent | f1996b73edb201964d301000e1e8997de859c9b9 (diff) | |
download | gnutls-1512dfb8069670fcc753f2c4175b308d829a691d.tar.gz |
Several alert protocol changes.
-rw-r--r-- | ChangeLog | 25 | ||||
-rw-r--r-- | doc/tex/ex1.tex | 4 | ||||
-rw-r--r-- | doc/tex/ex2.tex | 2 | ||||
-rw-r--r-- | doc/tex/layers.tex | 2 | ||||
-rw-r--r-- | doc/tex/serv1.tex | 4 | ||||
-rw-r--r-- | doc/tex/srp1.tex | 2 | ||||
-rw-r--r-- | lib/gnutls.h.in.in | 4 | ||||
-rw-r--r-- | lib/gnutls_alert.c | 128 | ||||
-rw-r--r-- | lib/gnutls_alert.h | 18 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 2 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 2 | ||||
-rw-r--r-- | lib/gnutls_int.h | 23 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 2 | ||||
-rw-r--r-- | lib/gnutls_record.c | 2 | ||||
-rw-r--r-- | src/cli.c | 6 | ||||
-rw-r--r-- | src/serv.c | 9 |
16 files changed, 116 insertions, 119 deletions
@@ -1,3 +1,28 @@ +2002-02-21 20:57 nmav <nmav@gnutls.org> + + * lib/: gnutls.h.in.in, gnutls_openpgp.c: + + set_key_server renamed to set_keyserver + +2002-02-21 20:42 nmav <nmav@gnutls.org> + + * ChangeLog, NEWS, doc/tex/ex1.tex, doc/tex/serv1.tex, lib/debug.c, + lib/debug.h, lib/gnutls.h.in.in, lib/gnutls_alert.c, src/cli.c: + + Added gnutls_alert_str (allows printing alert number descriptions) + +2002-02-21 13:49 twoaday <twoaday@gnutls.org> + + * lib/gnutls_openpgp.c: + + Fixed a segfault in the OpenPGP code. + +2002-02-21 09:55 nmav <nmav@gnutls.org> + + * lib/auth_cert.c: + + Updated the openpgp certificate message, fingerprint handling. + 2002-02-20 20:53 nmav <nmav@gnutls.org> * lib/x509_verify.c: diff --git a/doc/tex/ex1.tex b/doc/tex/ex1.tex index 9e3a9e5859..5af99eb899 100644 --- a/doc/tex/ex1.tex +++ b/doc/tex/ex1.tex @@ -144,8 +144,8 @@ int main() } } else { if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) - alert = gnutls_alert_get_last(state); - printf("* Received alert [%d]: %s\n", alert, gnutls_alert_str(alert)); + alert = gnutls_alert_get(state); + printf("* Received alert [%d]: %s\n", alert, gnutls_alert_get_name(alert)); if (ret == GNUTLS_E_REHANDSHAKE) { printf("* Received HelloRequest message (server asked to rehandshake)\n"); gnutls_alert_send_appropriate( state, ret); /* we don't want rehandshake */ diff --git a/doc/tex/ex2.tex b/doc/tex/ex2.tex index 46f0a051ce..cff3a29fd0 100644 --- a/doc/tex/ex2.tex +++ b/doc/tex/ex2.tex @@ -116,7 +116,7 @@ int main() } } else { if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) - printf("* Received alert [%d]\n", gnutls_alert_get_last(state)); + printf("* Received alert [%d]\n", gnutls_alert_get(state)); if (ret == GNUTLS_E_REHANDSHAKE) printf("* Received HelloRequest message (server asked to rehandshake)\n"); gnutls_alert_send_appropriate( state, ret); /* we don't want rehandshake */ diff --git a/doc/tex/layers.tex b/doc/tex/layers.tex index 3f43b8829d..dc1baa3471 100644 --- a/doc/tex/layers.tex +++ b/doc/tex/layers.tex @@ -18,7 +18,7 @@ conditions. See \hyperref{gnutls\_alert\_send()}{gnutls\_alert\_send() (see Section }{)}{gnutls_alert_send}, \hyperref{gnutls\_alert\_send\_appropriate()}{gnutls\_alert\_send\_appropriate() (see Section }{)}{gnutls_alert_send_appropriate} and -\hyperref{gnutls\_alert\_get\_last()}{gnutls\_alert\_get\_last() (see Section }{)}{gnutls_alert_get_last}. +\hyperref{gnutls\_alert\_get()}{gnutls\_alert\_get() (see Section }{)}{gnutls_alert_get}. \par The Handshake protocol is responsible for the security parameters' diff --git a/doc/tex/serv1.tex b/doc/tex/serv1.tex index 922e575ceb..af6c1bd64c 100644 --- a/doc/tex/serv1.tex +++ b/doc/tex/serv1.tex @@ -232,8 +232,8 @@ int main() strlen(buffer)); } if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { - ret = gnutls_alert_get_last(state); - printf("* Received alert '%d' - '%s'.\n", ret, gnutls_alert_str( ret)); + ret = gnutls_alert_get(state); + printf("* Received alert '%d' - '%s'.\n", ret, gnutls_alert_get_name( ret)); } } printf("\n"); diff --git a/doc/tex/srp1.tex b/doc/tex/srp1.tex index ee6103b3cb..13468ddac9 100644 --- a/doc/tex/srp1.tex +++ b/doc/tex/srp1.tex @@ -113,7 +113,7 @@ int main() } } else { if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) - printf("* Received alert [%d]\n", gnutls_alert_get_last(state)); + printf("* Received alert [%d]\n", gnutls_alert_get(state)); if (ret == GNUTLS_E_REHANDSHAKE) printf("* Received HelloRequest message (server asked to rehandshake)\n"); } diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 0d77e2b9f5..529f89b5c8 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -105,10 +105,10 @@ int gnutls_handshake( GNUTLS_STATE state); int gnutls_rehandshake( GNUTLS_STATE state); -GNUTLS_AlertDescription gnutls_alert_get_last( GNUTLS_STATE state); +GNUTLS_AlertDescription gnutls_alert_get( GNUTLS_STATE state); int gnutls_alert_send( GNUTLS_STATE, GNUTLS_AlertLevel, GNUTLS_AlertDescription); int gnutls_alert_send_appropriate( GNUTLS_STATE state, int err); -const char* gnutls_alert_str( int alert); +const char* gnutls_alert_get_name( int alert); /* get information on the current state */ GNUTLS_BulkCipherAlgorithm gnutls_cipher_get( GNUTLS_STATE state); diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c index 12745f5896..6fe9d04254 100644 --- a/lib/gnutls_alert.c +++ b/lib/gnutls_alert.c @@ -24,6 +24,46 @@ #include <gnutls_record.h> #include <debug.h> +typedef struct { + AlertDescription alert; + char *desc; +} gnutls_alert_entry; + +static const gnutls_alert_entry sup_alerts[] = { + { GNUTLS_A_CLOSE_NOTIFY, "Close notify" }, + { GNUTLS_A_UNEXPECTED_MESSAGE, "Unexpected message" }, + { GNUTLS_A_BAD_RECORD_MAC, "Bad record MAC" }, + { GNUTLS_A_DECRYPTION_FAILED, "Decryption failed" }, + { GNUTLS_A_RECORD_OVERFLOW, "Record overflow" }, + { GNUTLS_A_DECOMPRESSION_FAILURE, "Decompression failed" }, + { GNUTLS_A_HANDSHAKE_FAILURE, "Handshake failed" }, + { GNUTLS_A_BAD_CERTIFICATE, "Certificate is bad" }, + { GNUTLS_A_UNSUPPORTED_CERTIFICATE, "Certificate is not supported" }, + { GNUTLS_A_CERTIFICATE_REVOKED, "Certificate was revoked" }, + { GNUTLS_A_CERTIFICATE_EXPIRED, "Certificate is expired" }, + { GNUTLS_A_CERTIFICATE_UNKNOWN, "Unknown certificate" }, + { GNUTLS_A_ILLEGAL_PARAMETER, "Illegal parameter" }, + { GNUTLS_A_UNKNOWN_CA, "CA is unknown" }, + { GNUTLS_A_ACCESS_DENIED, "Access was denied" }, + { GNUTLS_A_DECODE_ERROR, "Decode error" }, + { GNUTLS_A_DECRYPT_ERROR, "Decrypt error" }, + { GNUTLS_A_EXPORT_RESTRICTION, "Export restriction" }, + { GNUTLS_A_PROTOCOL_VERSION, "Error in protocol version" }, + { GNUTLS_A_INSUFFICIENT_SECURITY,"Insufficient security" }, + { GNUTLS_A_USER_CANCELED, "User canceled" }, + { GNUTLS_A_NO_RENEGOTIATION, "No renegotiation is allowed" }, + {0, NULL} +}; + +#define GNUTLS_ALERT_LOOP(b) \ + const gnutls_alert_entry *p; \ + for(p = sup_alerts; p->desc != NULL; p++) { b ; } + +#define GNUTLS_ALERT_ID_LOOP(a) \ + GNUTLS_ALERT_LOOP( if(p->alert == alert) { a; break; }) + + + /** * gnutls_alert_send - This function sends an alert message to the peer * @state: is a &GNUTLS_STATE structure. @@ -45,7 +85,7 @@ int gnutls_alert_send( GNUTLS_STATE state, GNUTLS_AlertLevel level, GNUTLS_Alert data[0] = (uint8) level; data[1] = (uint8) desc; - _gnutls_record_log( "REC: Sending Alert[%d|%d] - %s\n", data[0], data[1], _gnutls_alert2str((int)data[1])); + _gnutls_record_log( "REC: Sending Alert[%d|%d] - %s\n", data[0], data[1], _gnutls_alert_get_name((int)data[1])); if ( (ret = gnutls_send_int( state, GNUTLS_ALERT, -1, data, 2)) >= 0) return 0; @@ -115,7 +155,7 @@ int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; } /** - * gnutls_alert_get_last - Returns the last alert number received. + * gnutls_alert_get - Returns the last alert number received. * @state: is a &GNUTLS_STATE structure. * * Returns the last alert number received. This function @@ -124,92 +164,22 @@ int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; * The peer may send alerts if he thinks some things were not * right. Check gnutls.h for the available alert descriptions. **/ -GNUTLS_AlertDescription gnutls_alert_get_last( GNUTLS_STATE state) { +GNUTLS_AlertDescription gnutls_alert_get( GNUTLS_STATE state) { return state->gnutls_internals.last_alert; } /** - * gnutls_alert_str - Returns a string describing the alert number given + * gnutls_alert_get_name - Returns a string describing the alert number given * @alert: is an alert number &GNUTLS_STATE structure. * * Returns a string that describes the given alert number. - * See. gnutls_alert_get_last(). + * See. gnutls_alert_get(). * **/ -const char* gnutls_alert_str( int alert) { - - switch(alert) { - case GNUTLS_A_CLOSE_NOTIFY: - return "Close notify"; - break; - case GNUTLS_A_UNEXPECTED_MESSAGE: - return "Unexpected message"; - break; - case GNUTLS_A_BAD_RECORD_MAC: - return "Bad record MAC"; - break; - - case GNUTLS_A_DECRYPTION_FAILED: - return "Decryption failed"; - break; - case GNUTLS_A_RECORD_OVERFLOW: - return "Record overflow"; - break; +const char* gnutls_alert_get_name( int alert) { +char* ret = NULL; - case GNUTLS_A_DECOMPRESSION_FAILURE: - return "Decompression failed"; - break; + GNUTLS_ALERT_ID_LOOP( ret = p->desc); - case GNUTLS_A_HANDSHAKE_FAILURE: - return "Handshake failed"; - break; - case GNUTLS_A_BAD_CERTIFICATE: - return "Certificate is bad"; - break; - case GNUTLS_A_UNSUPPORTED_CERTIFICATE: - return "Certificate is not supported"; - break; - case GNUTLS_A_CERTIFICATE_REVOKED: - return "Certificate was revoked"; - break; - case GNUTLS_A_CERTIFICATE_EXPIRED: - return "Certificate is expired"; - break; - case GNUTLS_A_CERTIFICATE_UNKNOWN: - return "Unknown certificate"; - break; - case GNUTLS_A_ILLEGAL_PARAMETER: - return "Illegal parameter"; - break; - case GNUTLS_A_UNKNOWN_CA: - return "CA is not known"; - break; - case GNUTLS_A_ACCESS_DENIED: - return "Access was denied"; - break; - case GNUTLS_A_DECODE_ERROR: - return "Decode error"; - break; - case GNUTLS_A_DECRYPT_ERROR: - return "Decrypt error"; - break; - case GNUTLS_A_EXPORT_RESTRICTION: - return "Export restriction"; - break; - case GNUTLS_A_PROTOCOL_VERSION: - return "Error in protocol version"; - break; - case GNUTLS_A_INSUFFICIENT_SECURITY: - return "Insufficient security"; - break; - case GNUTLS_A_USER_CANCELED: - return "User canceled"; - break; - case GNUTLS_A_NO_RENEGOTIATION: - return "No renegotiation is allowed"; - break; - default: - return "Unknown Alert"; - - } + return ret; } diff --git a/lib/gnutls_alert.h b/lib/gnutls_alert.h index 869f03fd67..2e97e82e04 100644 --- a/lib/gnutls_alert.h +++ b/lib/gnutls_alert.h @@ -1,2 +1,18 @@ -AlertDescription gnutls_alert_get_last( GNUTLS_STATE state); +typedef enum AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL +} AlertLevel; +#define GNUTLS_AlertLevel AlertLevel + +typedef enum AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20, + GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30, + GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_SSL3_NO_CERTIFICATE=41, + GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE, + GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED, GNUTLS_A_CERTIFICATE_UNKNOWN, + GNUTLS_A_ILLEGAL_PARAMETER, GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR=50, + GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70, + GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90, + GNUTLS_A_NO_RENEGOTIATION=100 +} AlertDescription; +#define GNUTLS_AlertDescription AlertDescription + +AlertDescription gnutls_alert_get( GNUTLS_STATE state); int gnutls_alert_send( GNUTLS_STATE state, AlertLevel level, AlertDescription desc); diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 34eb00bb88..106e06e806 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000 Nikos Mavroyanopoulos + * Copyright (C) 2000,2002 Nikos Mavroyanopoulos * * This file is part of GNUTLS. * diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index e8b9b1db91..a320c5cbe5 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1759,7 +1759,7 @@ int gnutls_rehandshake(GNUTLS_STATE state) static int _gnutls_abort_handshake( GNUTLS_STATE state, int ret) { if ( ((ret==GNUTLS_E_WARNING_ALERT_RECEIVED) && - ( gnutls_alert_get_last(state) == GNUTLS_A_NO_RENEGOTIATION)) + ( gnutls_alert_get(state) == GNUTLS_A_NO_RENEGOTIATION)) || ret==GNUTLS_E_GOT_APPLICATION_DATA) return 0; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 4a36bb21e6..1cf86f31a7 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -103,22 +103,6 @@ typedef struct { opaque pint[3]; } uint24; typedef enum crypt_algo { SRPSHA1_CRYPT, BLOWFISH_CRYPT=2 } crypt_algo; typedef enum ChangeCipherSpecType { GNUTLS_TYPE_CHANGE_CIPHER_SPEC=1 } ChangeCipherSpecType; -typedef enum AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL -} AlertLevel; -#define GNUTLS_AlertLevel AlertLevel - -typedef enum AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20, - GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30, - GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_SSL3_NO_CERTIFICATE=41, - GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE, - GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED, GNUTLS_A_CERTIFICATE_UNKNOWN, - GNUTLS_A_ILLEGAL_PARAMETER, GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR=50, - GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70, - GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90, - GNUTLS_A_NO_RENEGOTIATION=100 -} AlertDescription; -#define GNUTLS_AlertDescription AlertDescription - typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_VALID, GNUTLS_CERT_INVALID, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_REVOKED, GNUTLS_CERT_NONE @@ -154,11 +138,6 @@ typedef struct { } gnutls_datum; typedef gnutls_datum gnutls_sdatum; -typedef struct { - AlertLevel level; - AlertDescription description; -} Alert; - #define MAX_ALGOS 8 #define MAX_CIPHERSUITES 256 @@ -425,7 +404,7 @@ typedef struct { */ int may_write; - AlertDescription last_alert; /* last alert received */ + int last_alert; /* last alert received */ /* this is the compression method we are going to use */ CompressionMethod compression_method; /* priorities */ diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index a99b44b422..a6bff41459 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -525,7 +525,7 @@ int _gnutls_recv_client_certificate( GNUTLS_STATE state) if (optional == OPTIONAL_PACKET && ret==GNUTLS_E_WARNING_ALERT_RECEIVED && gnutls_protocol_get_version(state) == GNUTLS_SSL3 && - gnutls_alert_get_last(state)==GNUTLS_A_SSL3_NO_CERTIFICATE) { + gnutls_alert_get(state)==GNUTLS_A_SSL3_NO_CERTIFICATE) { /* SSL3 does not send an empty certificate, * but this alert. So we just ignore it. diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 3ffba7331d..27bfc4f3b8 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -568,7 +568,7 @@ static int _gnutls_record_check_type( GNUTLS_STATE state, ContentType recv_type, switch (recv_type) { case GNUTLS_ALERT: - _gnutls_record_log( "REC: Alert[%d|%d] - %s - was received\n", data[0], data[1], _gnutls_alert2str((int)data[1])); + _gnutls_record_log( "REC: Alert[%d|%d] - %s - was received\n", data[0], data[1], _gnutls_alert_get_name((int)data[1])); state->gnutls_internals.last_alert = data[1]; @@ -269,9 +269,9 @@ int main(int argc, char **argv) if (ret < 0) { if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) - alert = gnutls_alert_get_last( state); + alert = gnutls_alert_get( state); printf("*** Received alert [%d]: %s\n", - alert, gnutls_alert_str( alert)); + alert, gnutls_alert_get_name( alert)); fprintf(stderr, "*** Handshake has failed\n"); gnutls_perror(ret); @@ -377,7 +377,7 @@ int main(int argc, char **argv) || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) printf("* Received alert [%d]\n", - gnutls_alert_get_last + gnutls_alert_get (state)); if (ret == GNUTLS_E_REHANDSHAKE) { diff --git a/src/serv.c b/src/serv.c index 6020011fbd..0cac483406 100644 --- a/src/serv.c +++ b/src/serv.c @@ -286,7 +286,7 @@ void check_alert(GNUTLS_STATE state, int ret) if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { - last_alert = gnutls_alert_get_last(state); + last_alert = gnutls_alert_get(state); if (last_alert == GNUTLS_A_NO_RENEGOTIATION && ret == GNUTLS_E_WARNING_ALERT_RECEIVED) printf @@ -352,6 +352,13 @@ int main(int argc, char **argv) exit(1); } + if (gnutls_certificate_set_openpgp_keyserver + (cert_cred, "wwwkeys.pgp.net", 0) < 0) { + fprintf(stderr, + "PGP ERROR\n"); + exit(1); + } + if (gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE1, KEYFILE1) < 0) { fprintf(stderr, |