diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-02-18 14:11:15 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-02-18 14:11:15 +0000 |
commit | aa8dc33b464d169332f6baabc226a39f31581bb7 (patch) | |
tree | 67cd21f0a9bd0882c8ae709f99796b13bc7d8b2e | |
parent | 402b1f27cd8e49ed6b23003447c5e99e3ab4729a (diff) | |
download | gnutls-aa8dc33b464d169332f6baabc226a39f31581bb7.tar.gz |
Added some stuff for the client to send the OpenPGP fingerprint.
-rw-r--r-- | ChangeLog | 74 | ||||
-rw-r--r-- | lib/auth_cert.c | 145 | ||||
-rw-r--r-- | lib/gnutls.h.in.in | 6 | ||||
-rw-r--r-- | lib/gnutls_int.h | 9 | ||||
-rw-r--r-- | lib/gnutls_state.c | 18 | ||||
-rw-r--r-- | lib/gnutls_state.h | 2 | ||||
-rw-r--r-- | src/cli-gaa.c | 76 | ||||
-rw-r--r-- | src/cli-gaa.h | 34 | ||||
-rw-r--r-- | src/cli.c | 7 | ||||
-rw-r--r-- | src/cli.gaa | 6 | ||||
-rw-r--r-- | src/common.c | 4 |
11 files changed, 293 insertions, 88 deletions
@@ -1,3 +1,77 @@ +2002-02-17 20:07 nmav <nmav@gnutls.org> + + * lib/: auth_rsa.c, gnutls_pk.c: + + Corrected bug in RSA authentication, responsible for random (very + very rare, and difficult to reproduce) failures. + +2002-02-17 13:14 nmav <nmav@gnutls.org> + + * lib/: gnutls_x509.c, x509_verify.c: + + Improved X.509 verification functions. They are still too primitive. + +2002-02-16 20:50 nmav <nmav@gnutls.org> + + * lib/auth_rsa.c: + + Some cleanups. + +2002-02-15 17:30 twoaday <twoaday@gnutls.org> + + * lib/gnutls_openpgp.c: + + Fixed some memory leaks. Code to handle ElGamal keys. Some minor + bug fixes. + +2002-02-15 17:04 nmav <nmav@gnutls.org> + + * lib/: gnutls.h.in.in, gnutls_record.c: + + renamed gnutls_read to gnutls_record_read and gnutls_write to + gnutls_record_write. + +2002-02-15 17:03 nmav <nmav@gnutls.org> + + * doc/tex/: Makefile.am, ciphersuites.tex, cover.tex.in, + errors.tex, ex1.tex, ex2.tex, gnutls.tex, layers.ps, layers.tex, + serv1.tex, srp1.tex: + + Added TLS Layers section. + +2002-02-15 11:34 nmav <nmav@gnutls.org> + + * src/: cli-gaa.c, cli-gaa.h, cli.c, cli.gaa, serv-gaa.c, serv.gaa: + + updated client and server + +2002-02-15 11:34 nmav <nmav@gnutls.org> + + * doc/protocol/draft-ietf-tls-openpgp-keys-00.txt: + + removed + +2002-02-15 11:23 nmav <nmav@gnutls.org> + + * lib/: gnutls.h.in.in, gnutls_extensions.c, gnutls_extensions.h, + gnutls_record.c: + + Extension types now use a 16 bit type field (following the current + draft). Some fixes in the max record size extension. + +2002-02-14 21:38 twoaday <twoaday@gnutls.org> + + * lib/: gnutls_openpgp.c, gnutls_openpgp.h: + + Basic HKP keyserver support. Function to retrieve the key from the + keyring by keyid, fingerprint. + +2002-02-14 11:52 nmav <nmav@gnutls.org> + + * lib/: gnutls_cert.c, x509_verify.c: + + Verification function returns the GNUTLS_CERT_VALID flag. + 2002-02-14 10:57 nmav <nmav@gnutls.org> * lib/: auth_srp_passwd.c, gnutls_int.h, gnutls_srp.c, gnutls_ui.h: diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 91516bca44..d9f9f68504 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -159,7 +159,7 @@ inline /* Locates the most appropriate x509 certificate using the * given DN */ -static int _find_x509_cert( const GNUTLS_CERTIFICATE_CREDENTIALS cred, +static int _find_x509_cert(const GNUTLS_CERTIFICATE_CREDENTIALS cred, opaque * _data, int _data_size, PKAlgorithm * pk_algos, int pk_algos_length, int *indx) @@ -227,7 +227,7 @@ static int _find_x509_cert( const GNUTLS_CERTIFICATE_CREDENTIALS cred, /* Locates the most appropriate openpgp cert */ -static int _find_openpgp_cert( const GNUTLS_CERTIFICATE_CREDENTIALS cred, +static int _find_openpgp_cert(const GNUTLS_CERTIFICATE_CREDENTIALS cred, PKAlgorithm * pk_algos, int pk_algos_length, int *indx) { @@ -303,14 +303,14 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, if (state->security_parameters.cert_type == GNUTLS_CRT_X509) result = - _find_x509_cert( cred, _data, _data_size, + _find_x509_cert(cred, _data, _data_size, pk_algos, pk_algos_length, &indx); if (state->security_parameters.cert_type == GNUTLS_CRT_OPENPGP) result = - _find_openpgp_cert( cred, pk_algos, + _find_openpgp_cert(cred, pk_algos, pk_algos_length, &indx); @@ -475,6 +475,8 @@ int _gnutls_gen_x509_client_certificate(GNUTLS_STATE state, opaque ** data) return ret; } +enum PGPKeyDescriptorType { PGP_KEY_FINGERPRINT, PGP_KEY }; + int _gnutls_gen_openpgp_client_certificate(GNUTLS_STATE state, opaque ** data) { @@ -509,7 +511,7 @@ int _gnutls_gen_openpgp_client_certificate(GNUTLS_STATE state, WRITEuint24(ret - 3, pdata); pdata += 3; - *pdata = 1; /* whole key */ + *pdata = PGP_KEY; /* whole key */ pdata++; if (apr_cert_list_length > 0) { @@ -521,15 +523,73 @@ int _gnutls_gen_openpgp_client_certificate(GNUTLS_STATE state, return ret; } +int _gnutls_gen_openpgp_client_certificate_fpr(GNUTLS_STATE state, + opaque ** data) +{ + int ret; + opaque *pdata; + gnutls_cert *apr_cert_list; + gnutls_private_key *apr_pkey; + int apr_cert_list_length; + + /* find the appropriate certificate */ + if ((ret = + _gnutls_find_apr_cert(state, &apr_cert_list, + &apr_cert_list_length, + &apr_pkey)) < 0) { + gnutls_assert(); + return ret; + } + + ret = 3 + 1; + + /* Only v4 fingerprints are sent + */ + if (apr_cert_list_length > 0 && apr_cert_list->version == 4) + ret += 20 + 1; + else /* empty certificate case */ + return _gnutls_gen_openpgp_client_certificate(state, data); + + (*data) = gnutls_malloc(ret); + pdata = (*data); + + if (pdata == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + WRITEuint24(ret - 3, pdata); + pdata += 3; + + *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */ + pdata++; + + *pdata = 20; + pdata++; + + memcpy(pdata, apr_cert_list[0].fingerprint, 20); + + return ret; +} + int _gnutls_gen_cert_client_certificate(GNUTLS_STATE state, opaque ** data) { switch (state->security_parameters.cert_type) { case GNUTLS_CRT_OPENPGP: - return _gnutls_gen_openpgp_client_certificate(state, data); + if (_gnutls_openpgp_send_fingerprint(state) == 0) + return + _gnutls_gen_openpgp_client_certificate(state, + data); + else + return + _gnutls_gen_openpgp_client_certificate_fpr + (state, data); + case GNUTLS_CRT_X509: return _gnutls_gen_x509_client_certificate(state, data); + default: gnutls_assert(); return GNUTLS_E_UNKNOWN_ERROR; @@ -843,43 +903,54 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state, /* Read PGPKeyDescriptor */ DECR_LEN(dsize, 1); - if (*p != 1) { /* only full certificate are accepted */ + if (*p == PGP_KEY_FINGERPRINT) { /* the fingerprint */ + + /* FIXME: Add stuff here to retrieve, and probably + * cache fingerprints and keys. + */ gnutls_assert(); return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - p++; - /* Read the actual certificate */ - DECR_LEN(dsize, 3); - len = READuint24(p); - p += 3; + } else if (*p == PGP_KEY) { /* the whole key */ - if (size == 0) { - gnutls_assert(); - /* no certificate was sent */ - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } + p++; - DECR_LEN(dsize, len); - peer_certificate_list_size++; + /* Read the actual certificate */ + DECR_LEN(dsize, 3); + len = READuint24(p); + p += 3; - if (peer_certificate_list_size == 0) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + if (size == 0) { + gnutls_assert(); + /* no certificate was sent */ + return GNUTLS_E_NO_CERTIFICATE_FOUND; + } - peer_certificate_list = - gnutls_calloc(1, sizeof(gnutls_cert) * - (peer_certificate_list_size)); + DECR_LEN(dsize, len); + peer_certificate_list_size++; - if (peer_certificate_list == NULL) { + if (peer_certificate_list_size == 0) { + gnutls_assert(); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + + peer_certificate_list = + gnutls_calloc(1, sizeof(gnutls_cert) * + (peer_certificate_list_size)); + + if (peer_certificate_list == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + tmp.size = len; + tmp.data = p; + + } else { gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_UNIMPLEMENTED_FEATURE; } - tmp.size = len; - tmp.data = p; - if ((ret = _gnutls_openpgp_cert2gnutls_cert(&peer_certificate_list[0], tmp)) < 0) { @@ -919,7 +990,7 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state, return 0; } -#endif /* HAVE_LIBOPENCDK */ +#endif /* HAVE_LIBOPENCDK */ int _gnutls_proc_cert_server_certificate(GNUTLS_STATE state, opaque * data, int data_size) @@ -929,7 +1000,7 @@ int _gnutls_proc_cert_server_certificate(GNUTLS_STATE state, opaque * data, case GNUTLS_CRT_OPENPGP: return _gnutls_proc_openpgp_server_certificate(state, data, data_size); -#endif /* HAVE_LIBOPENCDK */ +#endif /* HAVE_LIBOPENCDK */ case GNUTLS_CRT_X509: return _gnutls_proc_x509_server_certificate(state, data, data_size); @@ -940,8 +1011,8 @@ int _gnutls_proc_cert_server_certificate(GNUTLS_STATE state, opaque * data, } #define MAX_SIGN_ALGOS 2 -typedef enum CertificateSigType { RSA_SIGN = - 1, DSA_SIGN } CertificateSigType; +typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN +} CertificateSigType; /* Checks if we support the given signature algorithm * (RSA or DSA). Returns the corresponding PKAlgorithm @@ -1130,7 +1201,7 @@ int _gnutls_proc_cert_client_cert_vrfy(GNUTLS_STATE state, opaque * data, raw_certificate_list [0]); break; -#endif /* HAVE_LIBOPENCDK */ +#endif /* HAVE_LIBOPENCDK */ default: gnutls_assert(); return GNUTLS_E_UNKNOWN_ERROR; diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 2872175a98..3eaf66c8d2 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -68,6 +68,10 @@ typedef enum GNUTLS_CertificateStatus { GNUTLS_CERT_TRUSTED=1, typedef enum GNUTLS_CertificateRequest { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } GNUTLS_CertificateRequest; +typedef enum GNUTLS_OpenPGPKeyStatus { GNUTLS_OPENPGP_KEY, + GNUTLS_OPENPGP_KEY_FINGERPRINT +} GNUTLS_OpenPGPKeyStatus; + typedef enum GNUTLS_CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } GNUTLS_CloseRequest; typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version; @@ -266,5 +270,7 @@ ssize_t gnutls_record_set_max_size( GNUTLS_STATE state, size_t size); size_t gnutls_record_check_pending(GNUTLS_STATE state); +void gnutls_openpgp_send_key(GNUTLS_STATE state, GNUTLS_OpenPGPKeyStatus status); + int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* data, char* result, size_t* result_size); int gnutls_openpgp_fingerprint( const gnutls_datum* data, char* result, size_t* result_size); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 8604ab72cc..09ee8353a4 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -131,6 +131,10 @@ typedef enum CertificateRequest { GNUTLS_CERT_IGNORE, } CertificateRequest; #define GNUTLS_CertificateRequest CertificateRequest +typedef enum GNUTLS_OpenPGPKeyStatus { GNUTLS_OPENPGP_KEY, + GNUTLS_OPENPGP_KEY_FINGERPRINT +} GNUTLS_OpenPGPKeyStatus; + typedef enum CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } CloseRequest; #define GNUTLS_CloseRequest CloseRequest @@ -552,6 +556,11 @@ typedef struct { */ uint8 extensions_sent[MAX_EXT_TYPES]; uint8 extensions_sent_size; + + /* is 0 if we are to send the whole PGP key, or non zero + * if the fingerprint is to be sent. + */ + int pgp_fingerprint; } GNUTLS_INTERNALS; struct GNUTLS_STATE_INT { diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index dbef55fc90..8eb5eee06b 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -348,3 +348,21 @@ int _gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits) { return 0; } +/** + * gnutls_openpgp_send_key - This function will order gnutls to send the openpgp fingerprint instead of the key + * @state: is a pointer to a &GNUTLS_STATE structure. + * @status: is one of OPENPGP_KEY, or OPENPGP_KEY_FINGERPRINT + * + * This function will order gnutls to send the key fingerprint instead + * of the key in the initial handshake procedure. This should be used + * with care and only when there is indication or knowledge that the + * server can obtain the client's key. + * + **/ +void gnutls_openpgp_send_key(GNUTLS_STATE state, GNUTLS_OpenPGPKeyStatus status) { + state->gnutls_internals.pgp_fingerprint = status; +} + +int _gnutls_openpgp_send_fingerprint(GNUTLS_STATE state) { + return state->gnutls_internals.pgp_fingerprint; +} diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h index c9f058b35d..2d645395aa 100644 --- a/lib/gnutls_state.h +++ b/lib/gnutls_state.h @@ -21,4 +21,6 @@ int _gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits); int _gnutls_dh_get_prime_bits( GNUTLS_STATE state); void gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits); +int _gnutls_openpgp_send_fingerprint( GNUTLS_STATE state); + #define DEFAULT_CERT_TYPE GNUTLS_CRT_X509 diff --git a/src/cli-gaa.c b/src/cli-gaa.c index 72da9d35fc..fba30c7a8b 100644 --- a/src/cli-gaa.c +++ b/src/cli-gaa.c @@ -104,6 +104,7 @@ void gaa_help() { printf("cli help\nUsage: cli [options] hostname""\n"); __gaa_helpsingle('r', "resume", "", "Connect, establish a session. Connect again and resume this session."); + __gaa_helpsingle('f', "fingerprint", "", "Send the openpgp fingerprint, instead of the key."); __gaa_helpsingle('p', "port", """integer"" ", "The port to connect to."); __gaa_helpsingle(0, "recordsize", """integer"" ", "The maximum record size to advertize."); __gaa_helpsingle(0, "ciphers", """cipher1 cipher2..."" ", "Ciphers to enable."); @@ -128,38 +129,40 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 42 "cli.gaa" +#line 45 "cli.gaa" char **rest_args; -#line 41 "cli.gaa" +#line 44 "cli.gaa" int nrest_args; -#line 34 "cli.gaa" +#line 37 "cli.gaa" char **ctype; -#line 33 "cli.gaa" +#line 36 "cli.gaa" int nctype; -#line 30 "cli.gaa" +#line 33 "cli.gaa" char **kx; -#line 29 "cli.gaa" +#line 32 "cli.gaa" int nkx; -#line 26 "cli.gaa" +#line 29 "cli.gaa" char **macs; -#line 25 "cli.gaa" +#line 28 "cli.gaa" int nmacs; -#line 22 "cli.gaa" +#line 25 "cli.gaa" char **comp; -#line 21 "cli.gaa" +#line 24 "cli.gaa" int ncomp; -#line 18 "cli.gaa" +#line 21 "cli.gaa" char **proto; -#line 17 "cli.gaa" +#line 20 "cli.gaa" int nproto; -#line 14 "cli.gaa" +#line 17 "cli.gaa" char **ciphers; -#line 13 "cli.gaa" +#line 16 "cli.gaa" int nciphers; -#line 9 "cli.gaa" +#line 12 "cli.gaa" int record_size; -#line 6 "cli.gaa" +#line 9 "cli.gaa" int port; +#line 6 "cli.gaa" + int fingerprint; #line 3 "cli.gaa" int resume; @@ -216,7 +219,7 @@ int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 11 +#define GAA_NB_OPTION 12 #define GAAOPTID_help 1 #define GAAOPTID_list 2 #define GAAOPTID_ctypes 3 @@ -227,7 +230,8 @@ int gaa_error = 0; #define GAAOPTID_ciphers 8 #define GAAOPTID_recordsize 9 #define GAAOPTID_port 10 -#define GAAOPTID_resume 11 +#define GAAOPTID_fingerprint 11 +#define GAAOPTID_resume 12 #line 168 "gaa.skel" @@ -506,6 +510,7 @@ int gaa_get_option_num(char *str, int status) #line 375 "gaa.skel" GAA_CHECK1STR("h", GAAOPTID_help); GAA_CHECK1STR("l", GAAOPTID_list); + GAA_CHECK1STR("f", GAAOPTID_fingerprint); GAA_CHECK1STR("r", GAAOPTID_resume); #line 277 "gaa.skel" @@ -521,6 +526,7 @@ int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("ciphers", GAAOPTID_ciphers); GAA_CHECKSTR("recordsize", GAAOPTID_recordsize); GAA_CHECKSTR("port", GAAOPTID_port); + GAA_CHECKSTR("fingerprint", GAAOPTID_fingerprint); GAA_CHECKSTR("resume", GAAOPTID_resume); #line 281 "gaa.skel" @@ -564,14 +570,14 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_help: OK = 0; -#line 39 "cli.gaa" +#line 42 "cli.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_list: OK = 0; -#line 38 "cli.gaa" +#line 41 "cli.gaa" { print_list(); exit(0); ;}; return GAA_OK; @@ -579,7 +585,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ctypes: OK = 0; GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1); -#line 35 "cli.gaa" +#line 38 "cli.gaa" { gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;}; return GAA_OK; @@ -587,7 +593,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_kx: OK = 0; GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1); -#line 31 "cli.gaa" +#line 34 "cli.gaa" { gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;}; return GAA_OK; @@ -595,7 +601,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_macs: OK = 0; GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1); -#line 27 "cli.gaa" +#line 30 "cli.gaa" { gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;}; return GAA_OK; @@ -603,7 +609,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_comp: OK = 0; GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1); -#line 23 "cli.gaa" +#line 26 "cli.gaa" { gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;}; return GAA_OK; @@ -611,7 +617,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_protocols: OK = 0; GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1); -#line 19 "cli.gaa" +#line 22 "cli.gaa" { gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;}; return GAA_OK; @@ -619,7 +625,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ciphers: OK = 0; GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1); -#line 15 "cli.gaa" +#line 18 "cli.gaa" { gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;}; return GAA_OK; @@ -629,7 +635,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_recordsize.arg1, gaa_getint, GAATMP_recordsize.size1); gaa_index++; -#line 10 "cli.gaa" +#line 13 "cli.gaa" { gaaval->record_size = GAATMP_recordsize.arg1 ;}; return GAA_OK; @@ -639,11 +645,18 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_port.arg1, gaa_getint, GAATMP_port.size1); gaa_index++; -#line 7 "cli.gaa" +#line 10 "cli.gaa" { gaaval->port = GAATMP_port.arg1 ;}; return GAA_OK; break; + case GAAOPTID_fingerprint: + OK = 0; +#line 7 "cli.gaa" +{ gaaval->fingerprint = 1 ;}; + + return GAA_OK; + break; case GAAOPTID_resume: OK = 0; #line 4 "cli.gaa" @@ -653,7 +666,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) break; case GAA_REST: GAA_OPTIONALLIST_FILL(GAAREST_tmp.arg1, gaa_getstr, char*, GAAREST_tmp.size1); -#line 43 "cli.gaa" +#line 46 "cli.gaa" { gaaval->rest_args = GAAREST_tmp.arg1; gaaval->nrest_args = GAAREST_tmp.size1 ;}; return GAA_OK; @@ -681,10 +694,11 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 45 "cli.gaa" +#line 48 "cli.gaa" { gaaval->resume=0; gaaval->port=5556; gaaval->rest_args=NULL; gaaval->nrest_args=0; gaaval->ciphers=NULL; gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0; - gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0; ;}; + gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0; + gaaval->fingerprint=0; ;}; } inited = 1; diff --git a/src/cli-gaa.h b/src/cli-gaa.h index 16c73d2954..237fbd4764 100644 --- a/src/cli-gaa.h +++ b/src/cli-gaa.h @@ -8,38 +8,40 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 42 "cli.gaa" +#line 45 "cli.gaa" char **rest_args; -#line 41 "cli.gaa" +#line 44 "cli.gaa" int nrest_args; -#line 34 "cli.gaa" +#line 37 "cli.gaa" char **ctype; -#line 33 "cli.gaa" +#line 36 "cli.gaa" int nctype; -#line 30 "cli.gaa" +#line 33 "cli.gaa" char **kx; -#line 29 "cli.gaa" +#line 32 "cli.gaa" int nkx; -#line 26 "cli.gaa" +#line 29 "cli.gaa" char **macs; -#line 25 "cli.gaa" +#line 28 "cli.gaa" int nmacs; -#line 22 "cli.gaa" +#line 25 "cli.gaa" char **comp; -#line 21 "cli.gaa" +#line 24 "cli.gaa" int ncomp; -#line 18 "cli.gaa" +#line 21 "cli.gaa" char **proto; -#line 17 "cli.gaa" +#line 20 "cli.gaa" int nproto; -#line 14 "cli.gaa" +#line 17 "cli.gaa" char **ciphers; -#line 13 "cli.gaa" +#line 16 "cli.gaa" int nciphers; -#line 9 "cli.gaa" +#line 12 "cli.gaa" int record_size; -#line 6 "cli.gaa" +#line 9 "cli.gaa" int port; +#line 6 "cli.gaa" + int fingerprint; #line 3 "cli.gaa" int resume; @@ -51,6 +51,7 @@ int resume; char *hostname=NULL; int port; int record_max_size; +int fingerprint; int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; int kx_priority[16] = @@ -245,6 +246,9 @@ int main(int argc, char **argv) gnutls_cred_set(state, GNUTLS_CRD_SRP, cred); gnutls_cred_set(state, GNUTLS_CRD_CERTIFICATE, xcred); + /* send the fingerprint */ + if (fingerprint!=0) + gnutls_openpgp_send_key( state, GNUTLS_OPENPGP_KEY_FINGERPRINT); /* use the max record size extension */ if (record_max_size > 0) { @@ -467,7 +471,8 @@ void gaa_parser(int argc, char **argv) resume = info.resume; port = info.port; record_max_size = info.record_size; - + fingerprint = info.fingerprint; + if (info.nrest_args==0) hostname="localhost"; else hostname = info.rest_args[0]; diff --git a/src/cli.gaa b/src/cli.gaa index a9d85893cb..bf3e477065 100644 --- a/src/cli.gaa +++ b/src/cli.gaa @@ -3,6 +3,9 @@ helpnode "cli help\nUsage: cli [options] hostname" #int resume; option (r, resume) { $resume = 1 } "Connect, establish a session. Connect again and resume this session." +#int fingerprint; +option (f, fingerprint) { $fingerprint = 1 } "Send the openpgp fingerprint, instead of the key." + #int port; option (p, port) INT "integer" { $port = $1 } "The port to connect to." @@ -44,5 +47,6 @@ rest optional *STR "hostname" { $rest_args = $1; $nrest_args = @1 } init { $resume=0; $port=5556; $rest_args=NULL; $nrest_args=0; $ciphers=NULL; $kx=NULL; $comp=NULL; $macs=NULL; $ctype=NULL; $nciphers=0; - $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $record_size=0; } + $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $record_size=0; + $fingerprint=0; } diff --git a/src/common.c b/src/common.c index d9ff7ae3a1..d391c86f3d 100644 --- a/src/common.c +++ b/src/common.c @@ -230,8 +230,8 @@ void print_list(void) printf(", OPENPGP\n"); printf("Protocols:"); - printf(" TLS 1.0"); - printf(", SSL 3.0\n"); + printf(" TLS1.0"); + printf(", SSL3.0\n"); printf("Ciphers:"); printf(" RIJNDAEL_128_CBC"); |