removed GNUTLS_CERT_NONE (replaced by GNUTLS_E_NO_CERTIFICATE_FOUND).

removed GNUTLS_CERT_VALID (it's valid if it's not invalid)
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-02-24 10:47:54 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-02-24 10:47:54 +0000
commit: 84d92bc431f9224ef9c76a3a773109b98f59338c (patch)
tree: a44ca893abf33560877a1f950f22d8bbc8cdcdd3
parent: 76c998dee4af3900b88084204d7d8e87ee80b151 (diff)
download: gnutls-84d92bc431f9224ef9c76a3a773109b98f59338c.tar.gz
9 files changed, 44 insertions, 48 deletions
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index 483d7dbab6..14e450a16e 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -57,11 +57,11 @@ typedef enum GNUTLS_AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTE
 } GNUTLS_AlertDescription;
 
 typedef enum GNUTLS_CertificateStatus { 
-	GNUTLS_CERT_NONE = 0, GNUTLS_CERT_TRUSTED=1, 
+	GNUTLS_CERT_TRUSTED=1, 
 	GNUTLS_CERT_NOT_TRUSTED=2, 
-	GNUTLS_CERT_VALID=4, GNUTLS_CERT_INVALID=8, /* for openpgp use */
-	GNUTLS_CERT_EXPIRED=16, GNUTLS_CERT_CORRUPTED=32,
-	GNUTLS_CERT_REVOKED=64
+	GNUTLS_CERT_INVALID=4, 
+	GNUTLS_CERT_EXPIRED=8, GNUTLS_CERT_CORRUPTED=16,
+	GNUTLS_CERT_REVOKED=32
 } GNUTLS_CertificateStatus;
 
 typedef enum GNUTLS_CertificateRequest { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } GNUTLS_CertificateRequest;
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 1c80811c0b..bd5da3d4c3 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -304,7 +304,7 @@ void gnutls_certificate_server_set_select_func(GNUTLS_STATE state,
   * This function will try to verify the peer's certificate and return it's status (TRUSTED, EXPIRED etc.). 
   * The return value (status) should be one of the CertificateStatus enumerated elements.
   * However you must also check the peer's name in order to check if the verified certificate belongs to the 
-  * actual peer. Returns a negative error code in case of an error, or GNUTLS_CERT_NONE if no certificate was sent.
+  * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
   *
   -*/
 int _gnutls_openpgp_cert_verify_peers(GNUTLS_STATE state)
@@ -328,7 +328,7 @@ int _gnutls_openpgp_cert_verify_peers(GNUTLS_STATE state)
 
 	if (info->raw_certificate_list == NULL || info->ncerts == 0) {
 		gnutls_assert();
-		return GNUTLS_CERT_NONE;
+		return GNUTLS_E_NO_CERTIFICATE_FOUND;
 	}
 	
 	/* generate a list of gnutls_certs based on the auth info
@@ -367,10 +367,8 @@ int _gnutls_openpgp_cert_verify_peers(GNUTLS_STATE state)
   * The return value (status) should be one or more of the CertificateStatus 
   * enumerated elements bitwise or'd.
   *
-  * GNUTLS_CERT_NONE: No certificate was sent by the peer.
   * GNUTLS_CERT_TRUSTED: the peer's certificate is trusted.
   * GNUTLS_CERT_NOT_TRUSTED: the peer's certificate is not trusted.
-  * GNUTLS_CERT_VALID: the certificate chain is ok.
   * GNUTLS_CERT_INVALID: the certificate chain is broken.
   * GNUTLS_CERT_REVOKED: the certificate has been revoked
   *  (not implemented yet).
@@ -378,6 +376,8 @@ int _gnutls_openpgp_cert_verify_peers(GNUTLS_STATE state)
   * GNUTLS_CERT_CORRUPTED: the certificate is corrupted.
   *
   * A negative error code is returned in case of an error.
+  * GNUTLS_E_NO_CERTIFICATE_FOUND is returned to indicate that
+  * no certificate was sent by the peer.
   *
   *
   **/
@@ -394,7 +394,7 @@ int gnutls_certificate_verify_peers(GNUTLS_STATE state)
 	}
 	
 	if (info->raw_certificate_list == NULL || info->ncerts == 0)
-		return GNUTLS_CERT_NONE;
+		return GNUTLS_E_NO_CERTIFICATE_FOUND;
 
 	switch( gnutls_cert_type_get( state)) {
 		case GNUTLS_CRT_X509:
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index a320c5cbe5..138aa4c342 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -272,7 +272,6 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data,
 	}
 	_gnutls_set_current_version(state, ver);
 
-
 	/* Read client random value.
 	 */
 	DECR_LEN(len, TLS_RANDOM_SIZE);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 98a9fc1b3b..a30b8ca51a 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -35,7 +35,6 @@
 #define RECORD_DEBUG*/
 #define DEBUG
 
-
 /* It might be a good idea to replace int with void*
  * here.
  */
@@ -104,11 +103,11 @@ typedef enum crypt_algo { SRPSHA1_CRYPT, BLOWFISH_CRYPT=2 } crypt_algo;
 typedef enum ChangeCipherSpecType { GNUTLS_TYPE_CHANGE_CIPHER_SPEC=1 } ChangeCipherSpecType;
 
 typedef enum CertificateStatus { 
-	GNUTLS_CERT_NONE = 0, GNUTLS_CERT_TRUSTED=1, 
+	GNUTLS_CERT_TRUSTED=1, 
 	GNUTLS_CERT_NOT_TRUSTED=2, 
-	GNUTLS_CERT_VALID=4, GNUTLS_CERT_INVALID=8, /* for openpgp use */
-	GNUTLS_CERT_EXPIRED=16, GNUTLS_CERT_CORRUPTED=32,
-	GNUTLS_CERT_REVOKED=64
+	GNUTLS_CERT_INVALID=4, 
+	GNUTLS_CERT_EXPIRED=8, GNUTLS_CERT_CORRUPTED=16,
+	GNUTLS_CERT_REVOKED=32
 } CertificateStatus;
 #define GNUTLS_CertificateStatus CertificateStatus
 
diff --git a/lib/gnutls_openpgp.c b/lib/gnutls_openpgp.c
index 3184ac7181..527017db6d 100644
--- a/lib/gnutls_openpgp.c
+++ b/lib/gnutls_openpgp.c
@@ -298,7 +298,7 @@ datum_to_openpgp_pkt( const gnutls_datum *raw, PKT *r_pkt )
   rc = cdk_pkt_parse(buf, &pkt);
   if ( rc != CDKERR_EOF )
     {
-      rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+      rc = GNUTLS_E_NO_CERTIFICATE_FOUND_FOUND;
       goto leave;
     }
   else
@@ -517,7 +517,7 @@ _gnutls_openpgp_key2gnutls_key(gnutls_private_key *pkey,
     }
   if (sk == NULL)
     {
-      rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+      rc = GNUTLS_E_NO_CERTIFICATE_FOUND_FOUND;
       goto leave;
     }
   
@@ -601,7 +601,7 @@ _gnutls_openpgp_cert2gnutls_cert(gnutls_cert *cert, gnutls_datum raw)
     }
   if (pk == NULL)
     {
-      rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+      rc = GNUTLS_E_NO_CERTIFICATE_FOUND_FOUND;
       goto leave;
     }
 
@@ -667,13 +667,13 @@ gnutls_openpgp_get_key(gnutls_datum *key, const gnutls_datum *keyring,
   rc = cdk_keydb_search_key(khd, &pk, &ks);
   if (rc)
     {
-      rc = GNUTLS_E_NO_CERTIFICATE_FOUND; 
+      rc = GNUTLS_E_NO_CERTIFICATE_FOUND_FOUND; 
       goto leave;
     }    
 
   if ( !pkt_find_type(pk, PKT_PUBKEY) )
     {
-      rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+      rc = GNUTLS_E_NO_CERTIFICATE_FOUND_FOUND;
       goto leave;
     }
 
@@ -1061,28 +1061,28 @@ _gnutls_openpgp_get_key_trust(const char *trustdb,
   IOBUF buf;
 
   if (!trustdb || !key || !r_success)
-    return GNUTLS_CERT_NONE;
+    return GNUTLS_E_NO_CERTIFICATE_FOUND;
 
   *r_success = 0;
   rc = datum_to_openpgp_pkt(key, &pkt);
   if (rc)
-    return GNUTLS_CERT_NONE;
+    return GNUTLS_E_NO_CERTIFICATE_FOUND;
   
   pk = openpgp_pkt_to_pk(pkt, 0);
   if (!pk)
-    return GNUTLS_CERT_NONE;
+    return GNUTLS_E_NO_CERTIFICATE_FOUND;
 
   rc = cdk_iobuf_open( &buf, trustdb, IOBUF_MODE_RD );
   if (rc == -1)
     {
-      trustval = GNUTLS_CERT_NONE;
+      trustval = GNUTLS_E_NO_CERTIFICATE_FOUND;
       goto leave;
     }
   rc = cdk_trustdb_find_ownertrust(buf, pk, &ot, &flags);
   cdk_iobuf_close(buf);
   if (rc)
     {
-      rc = GNUTLS_CERT_NONE;
+      rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
       goto leave;
     }
 
@@ -1645,7 +1645,7 @@ gnutls_openpgp_extract_key_expiration_time( const gnutls_datum *cert )
 }
 
 int
-gnutls_openpgp_verify_key(char* ign, const gnutls_datum* keyring,
+gnutls_openpgp_verify_key(const char* ign, const gnutls_datum* keyring,
                           const gnutls_datum* cert_list,
                           int cert_list_length)
 {
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index e29accfbf9..bfc5e7b2f6 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -571,7 +571,7 @@ static int _gnutls_record_check_type( GNUTLS_STATE state, ContentType recv_type,
 		switch (recv_type) {
 		case GNUTLS_ALERT:
 
-			_gnutls_record_log( "REC: Alert[%d|%d] - %s - was received\n", data[0], data[1], _gnutls_alert_get_name((int)data[1]));
+			_gnutls_record_log( "REC: Alert[%d|%d] - %s - was received\n", data[0], data[1], gnutls_alert_get_name((int)data[1]));
 
 			state->gnutls_internals.last_alert = data[1];
 
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 5591a7d5e1..5d97fcc822 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -698,7 +698,7 @@ int gnutls_x509_extract_certificate_version(const gnutls_datum * cert)
   * This function will try to verify the peer's certificate and return it's status (TRUSTED, EXPIRED etc.). 
   * The return value (status) should be one of the CertificateStatus enumerated elements.
   * However you must also check the peer's name in order to check if the verified certificate belongs to the 
-  * actual peer. Returns a negative error code in case of an error, or GNUTLS_CERT_NONE if no certificate was sent.
+  * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
   *
   -*/
 int _gnutls_x509_cert_verify_peers(GNUTLS_STATE state)
@@ -722,7 +722,7 @@ int _gnutls_x509_cert_verify_peers(GNUTLS_STATE state)
 	}
 
 	if (info->raw_certificate_list == NULL || info->ncerts == 0)
-		return GNUTLS_CERT_NONE;
+		return GNUTLS_E_NO_CERTIFICATE_FOUND;
 
 	/* generate a list of gnutls_certs based on the auth info
 	 * raw certs.
@@ -798,7 +798,7 @@ int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list
 	int peer_certificate_list_size, i, x, ret, ca_certificate_list_size;
 
 	if (cert_list == NULL || cert_list_length == 0)
-		return GNUTLS_CERT_NONE;
+		return GNUTLS_E_NO_CERTIFICATE_FOUND;
 
 	/* generate a list of gnutls_certs based on the auth info
 	 * raw certs.
diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c
index fc518f4c65..7a418c4e71 100644
--- a/lib/x509_sig_check.c
+++ b/lib/x509_sig_check.c
@@ -184,6 +184,7 @@ _pkcs1_rsa_verify_sig( const gnutls_datum* signature, gnutls_datum* text, MPI *p
 }
 
 /* verifies if the certificate is properly signed.
+ * returns 0 on success.
  */
 CertificateStatus gnutls_x509_verify_signature(gnutls_cert* cert, gnutls_cert* issuer) {
 gnutls_datum signature;
@@ -211,7 +212,7 @@ gnutls_datum tbs;
 			}
 
 			gnutls_free_datum(&tbs);
-			return GNUTLS_CERT_VALID;
+			return 0;
 			break;
 
 		case GNUTLS_PK_DSA:
@@ -222,7 +223,7 @@ gnutls_datum tbs;
 			}
 
 			gnutls_free_datum(&tbs);
-			return GNUTLS_CERT_VALID;
+			return 0;
 			break;
 
 	}
diff --git a/lib/x509_verify.c b/lib/x509_verify.c
index 40f9db16f4..819aef21cd 100644
--- a/lib/x509_verify.c
+++ b/lib/x509_verify.c
@@ -141,7 +141,7 @@ time_t _gnutls_generalTime2gtime(char *ttime)
 	return ret;
 }
 
-/* Returns VALID or EXPIRED. 
+/* Returns 0 or EXPIRED. 
  */
 static int check_if_expired(gnutls_cert * cert)
 {
@@ -151,12 +151,12 @@ static int check_if_expired(gnutls_cert * cert)
 	 */
 
 	if (time(NULL) < cert->expiration_time)
-		ret = GNUTLS_CERT_VALID;
+		ret = 0;
 
 	return ret;
 }
 
-/* Return GNUTLS_CERT_VALID or INVALID, if the issuer is a CA,
+/* Return 0 or INVALID, if the issuer is a CA,
  * or not.
  */
 static int check_if_ca(const gnutls_cert * cert, const gnutls_cert* issuer)
@@ -169,12 +169,12 @@ static int check_if_ca(const gnutls_cert * cert, const gnutls_cert* issuer)
 	 */
 	if (cert->raw.size == issuer->raw.size) {
 		if ( memcmp( cert->raw.data, issuer->raw.data, cert->raw.size)==0) {
-			return GNUTLS_CERT_VALID;
+			return 0;
 		}
 	}
 
 	if (issuer->CA==1) {
-		ret = GNUTLS_CERT_VALID;
+		ret = 0;
 	} else
 		gnutls_assert();
 
@@ -322,19 +322,19 @@ int gnutls_verify_certificate2(gnutls_cert * cert, gnutls_cert * trusted_cas, in
 	}
 
 	ret = check_if_ca( cert, issuer);
-	if (ret != GNUTLS_CERT_VALID) {
+	if (ret != 0) {
 		gnutls_assert();
 		return ret_else;
 	}
 
 	ret = check_if_expired( issuer);
-	if (ret != GNUTLS_CERT_VALID) {
+	if (ret != 0) {
 		gnutls_assert();
 		return ret_else;
 	}
 	
         ret = gnutls_x509_verify_signature(cert, issuer);
-        if (ret != GNUTLS_CERT_VALID) {
+        if (ret != 0) {
 	      gnutls_assert();
               return ret_else;
 	}
@@ -364,14 +364,14 @@ int _gnutls_x509_verify_certificate( gnutls_cert * certificate_list,
 			      int crls_size)
 {
 	int i = 0, ret;
-	CertificateStatus status=GNUTLS_CERT_NONE;
-
+	CertificateStatus status=0;
+	
 	if (tcas_size == 0 || clist_size == 0) {
-		return status;
+		return GNUTLS_E_NO_CERTIFICATE_FOUND;
 	}
 
 	ret = check_if_expired( &certificate_list[0]);
-	if (ret != GNUTLS_CERT_VALID) {
+	if (ret != 0) {
 		gnutls_assert();
 		status |= GNUTLS_CERT_EXPIRED;
 	}
@@ -382,7 +382,7 @@ int _gnutls_x509_verify_certificate( gnutls_cert * certificate_list,
 			break;
 
 		if ((ret = gnutls_verify_certificate2(&certificate_list[i], &certificate_list[i + 1], 
-			1, NULL, 0, GNUTLS_CERT_VALID, GNUTLS_CERT_INVALID)) != GNUTLS_CERT_VALID) {
+			1, NULL, 0, 0, GNUTLS_CERT_INVALID)) != 0) {
 			 /*
 			 * We only accept the first certificate to be
 			 * expired, revoked etc. If any of the certificates in the
@@ -399,9 +399,6 @@ int _gnutls_x509_verify_certificate( gnutls_cert * certificate_list,
 		}
 	}
 
-	if ( !(status & GNUTLS_CERT_INVALID))
-		status |= GNUTLS_CERT_VALID;
-
 	/* Now verify the last certificate in the certificate path
 	 * against the trusted CA certificate list.
 	 */
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-02-24 10:47:54 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-02-24 10:47:54 +0000
commit	84d92bc431f9224ef9c76a3a773109b98f59338c (patch)
tree	a44ca893abf33560877a1f950f22d8bbc8cdcdd3
parent	76c998dee4af3900b88084204d7d8e87ee80b151 (diff)
download	gnutls-84d92bc431f9224ef9c76a3a773109b98f59338c.tar.gz