Added some stuff for the client to send the OpenPGP fingerprint.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-02-18 14:11:15 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-02-18 14:11:15 +0000
commit: aa8dc33b464d169332f6baabc226a39f31581bb7 (patch)
tree: 67cd21f0a9bd0882c8ae709f99796b13bc7d8b2e
parent: 402b1f27cd8e49ed6b23003447c5e99e3ab4729a (diff)
download: gnutls-aa8dc33b464d169332f6baabc226a39f31581bb7.tar.gz
11 files changed, 293 insertions, 88 deletions
diff --git a/ChangeLog b/ChangeLog
index c4e0e1a107..740a6d682d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,77 @@
+2002-02-17 20:07  nmav <nmav@gnutls.org>
+
+	* lib/: auth_rsa.c, gnutls_pk.c:
+
+	Corrected bug in RSA authentication, responsible for random (very
+	very rare, and difficult to reproduce) failures.  
+
+2002-02-17 13:14  nmav <nmav@gnutls.org>
+
+	* lib/: gnutls_x509.c, x509_verify.c:
+
+	Improved X.509 verification functions. They are still too primitive.  
+
+2002-02-16 20:50  nmav <nmav@gnutls.org>
+
+	* lib/auth_rsa.c:
+
+	Some cleanups.  
+
+2002-02-15 17:30  twoaday <twoaday@gnutls.org>
+
+	* lib/gnutls_openpgp.c:
+
+	Fixed some memory leaks.  Code to handle ElGamal keys.  Some minor
+	bug fixes.  
+
+2002-02-15 17:04  nmav <nmav@gnutls.org>
+
+	* lib/: gnutls.h.in.in, gnutls_record.c:
+
+	renamed gnutls_read to gnutls_record_read and gnutls_write to 
+	gnutls_record_write.  
+
+2002-02-15 17:03  nmav <nmav@gnutls.org>
+
+	* doc/tex/: Makefile.am, ciphersuites.tex, cover.tex.in,
+	errors.tex, ex1.tex, ex2.tex, gnutls.tex, layers.ps, layers.tex,
+	serv1.tex, srp1.tex:
+
+	Added TLS Layers section.  
+
+2002-02-15 11:34  nmav <nmav@gnutls.org>
+
+	* src/: cli-gaa.c, cli-gaa.h, cli.c, cli.gaa, serv-gaa.c, serv.gaa:
+
+	updated client and server 
+
+2002-02-15 11:34  nmav <nmav@gnutls.org>
+
+	* doc/protocol/draft-ietf-tls-openpgp-keys-00.txt:
+
+	removed 
+
+2002-02-15 11:23  nmav <nmav@gnutls.org>
+
+	* lib/: gnutls.h.in.in, gnutls_extensions.c, gnutls_extensions.h,
+	gnutls_record.c:
+
+	Extension types now use a 16 bit type field (following the current
+	draft).  Some fixes in the max record size extension.  
+
+2002-02-14 21:38  twoaday <twoaday@gnutls.org>
+
+	* lib/: gnutls_openpgp.c, gnutls_openpgp.h:
+
+	Basic HKP keyserver support.  Function to retrieve the key from the
+	keyring by keyid, fingerprint.  
+
+2002-02-14 11:52  nmav <nmav@gnutls.org>
+
+	* lib/: gnutls_cert.c, x509_verify.c:
+
+	Verification function returns the GNUTLS_CERT_VALID flag.  
+
 2002-02-14 10:57  nmav <nmav@gnutls.org>
 
 	* lib/: auth_srp_passwd.c, gnutls_int.h, gnutls_srp.c, gnutls_ui.h:
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 91516bca44..d9f9f68504 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -159,7 +159,7 @@ inline
 /* Locates the most appropriate x509 certificate using the
  * given DN
  */
-static int _find_x509_cert( const GNUTLS_CERTIFICATE_CREDENTIALS cred,
+static int _find_x509_cert(const GNUTLS_CERTIFICATE_CREDENTIALS cred,
 			   opaque * _data, int _data_size,
 			   PKAlgorithm * pk_algos, int pk_algos_length,
 			   int *indx)
@@ -227,7 +227,7 @@ static int _find_x509_cert( const GNUTLS_CERTIFICATE_CREDENTIALS cred,
 
 /* Locates the most appropriate openpgp cert
  */
-static int _find_openpgp_cert( const GNUTLS_CERTIFICATE_CREDENTIALS cred,
+static int _find_openpgp_cert(const GNUTLS_CERTIFICATE_CREDENTIALS cred,
 			      PKAlgorithm * pk_algos, int pk_algos_length,
 			      int *indx)
 {
@@ -303,14 +303,14 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state,
 		if (state->security_parameters.cert_type ==
 		    GNUTLS_CRT_X509)
 			result =
-			    _find_x509_cert( cred, _data, _data_size,
+			    _find_x509_cert(cred, _data, _data_size,
 					    pk_algos, pk_algos_length,
 					    &indx);
 
 		if (state->security_parameters.cert_type ==
 		    GNUTLS_CRT_OPENPGP)
 			result =
-			    _find_openpgp_cert( cred, pk_algos,
+			    _find_openpgp_cert(cred, pk_algos,
 					       pk_algos_length, &indx);
 
 
@@ -475,6 +475,8 @@ int _gnutls_gen_x509_client_certificate(GNUTLS_STATE state, opaque ** data)
 	return ret;
 }
 
+enum PGPKeyDescriptorType { PGP_KEY_FINGERPRINT, PGP_KEY };
+
 int _gnutls_gen_openpgp_client_certificate(GNUTLS_STATE state,
 					   opaque ** data)
 {
@@ -509,7 +511,7 @@ int _gnutls_gen_openpgp_client_certificate(GNUTLS_STATE state,
 	WRITEuint24(ret - 3, pdata);
 	pdata += 3;
 
-	*pdata = 1;		/* whole key */
+	*pdata = PGP_KEY;	/* whole key */
 	pdata++;
 
 	if (apr_cert_list_length > 0) {
@@ -521,15 +523,73 @@ int _gnutls_gen_openpgp_client_certificate(GNUTLS_STATE state,
 	return ret;
 }
 
+int _gnutls_gen_openpgp_client_certificate_fpr(GNUTLS_STATE state,
+					       opaque ** data)
+{
+	int ret;
+	opaque *pdata;
+	gnutls_cert *apr_cert_list;
+	gnutls_private_key *apr_pkey;
+	int apr_cert_list_length;
+
+	/* find the appropriate certificate */
+	if ((ret =
+	     _gnutls_find_apr_cert(state, &apr_cert_list,
+				   &apr_cert_list_length,
+				   &apr_pkey)) < 0) {
+		gnutls_assert();
+		return ret;
+	}
+
+	ret = 3 + 1;
+
+	/* Only v4 fingerprints are sent 
+	 */
+	if (apr_cert_list_length > 0 && apr_cert_list->version == 4)
+		ret += 20 + 1;
+	else			/* empty certificate case */
+		return _gnutls_gen_openpgp_client_certificate(state, data);
+
+	(*data) = gnutls_malloc(ret);
+	pdata = (*data);
+
+	if (pdata == NULL) {
+		gnutls_assert();
+		return GNUTLS_E_MEMORY_ERROR;
+	}
+
+	WRITEuint24(ret - 3, pdata);
+	pdata += 3;
+
+	*pdata = PGP_KEY_FINGERPRINT;	/* key fingerprint */
+	pdata++;
+
+	*pdata = 20;
+	pdata++;
+
+	memcpy(pdata, apr_cert_list[0].fingerprint, 20);
+
+	return ret;
+}
+
 
 
 int _gnutls_gen_cert_client_certificate(GNUTLS_STATE state, opaque ** data)
 {
 	switch (state->security_parameters.cert_type) {
 	case GNUTLS_CRT_OPENPGP:
-		return _gnutls_gen_openpgp_client_certificate(state, data);
+		if (_gnutls_openpgp_send_fingerprint(state) == 0)
+			return
+			    _gnutls_gen_openpgp_client_certificate(state,
+								   data);
+		else
+			return
+			    _gnutls_gen_openpgp_client_certificate_fpr
+			    (state, data);
+
 	case GNUTLS_CRT_X509:
 		return _gnutls_gen_x509_client_certificate(state, data);
+
 	default:
 		gnutls_assert();
 		return GNUTLS_E_UNKNOWN_ERROR;
@@ -843,43 +903,54 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state,
 
 	/* Read PGPKeyDescriptor */
 	DECR_LEN(dsize, 1);
-	if (*p != 1) {		/* only full certificate are accepted */
+	if (*p == PGP_KEY_FINGERPRINT) { /* the fingerprint */
+	
+		/* FIXME: Add stuff here to retrieve, and probably
+		 * cache fingerprints and keys.
+		 */
 		gnutls_assert();
 		return GNUTLS_E_UNIMPLEMENTED_FEATURE;
-	}
-	p++;
 
-	/* Read the actual certificate */
-	DECR_LEN(dsize, 3);
-	len = READuint24(p);
-	p += 3;
+	} else if (*p == PGP_KEY) { /* the whole key */
 
-	if (size == 0) {
-		gnutls_assert();
-		/* no certificate was sent */
-		return GNUTLS_E_NO_CERTIFICATE_FOUND;
-	}
+		p++;
 
-	DECR_LEN(dsize, len);
-	peer_certificate_list_size++;
+		/* Read the actual certificate */
+		DECR_LEN(dsize, 3);
+		len = READuint24(p);
+		p += 3;
 
-	if (peer_certificate_list_size == 0) {
-		gnutls_assert();
-		return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-	}
+		if (size == 0) {
+			gnutls_assert();
+			/* no certificate was sent */
+			return GNUTLS_E_NO_CERTIFICATE_FOUND;
+		}
 
-	peer_certificate_list =
-	    gnutls_calloc(1, sizeof(gnutls_cert) *
-			  (peer_certificate_list_size));
+		DECR_LEN(dsize, len);
+		peer_certificate_list_size++;
 
-	if (peer_certificate_list == NULL) {
+		if (peer_certificate_list_size == 0) {
+			gnutls_assert();
+			return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+		}
+
+		peer_certificate_list =
+		    gnutls_calloc(1, sizeof(gnutls_cert) *
+				  (peer_certificate_list_size));
+
+		if (peer_certificate_list == NULL) {
+			gnutls_assert();
+			return GNUTLS_E_MEMORY_ERROR;
+		}
+
+		tmp.size = len;
+		tmp.data = p;
+
+	} else {
 		gnutls_assert();
-		return GNUTLS_E_MEMORY_ERROR;
+		return GNUTLS_E_UNIMPLEMENTED_FEATURE;
 	}
 
-	tmp.size = len;
-	tmp.data = p;
-
 	if ((ret =
 	     _gnutls_openpgp_cert2gnutls_cert(&peer_certificate_list[0],
 					      tmp)) < 0) {
@@ -919,7 +990,7 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state,
 
 	return 0;
 }
-#endif /* HAVE_LIBOPENCDK */
+#endif				/* HAVE_LIBOPENCDK */
 
 int _gnutls_proc_cert_server_certificate(GNUTLS_STATE state, opaque * data,
 					 int data_size)
@@ -929,7 +1000,7 @@ int _gnutls_proc_cert_server_certificate(GNUTLS_STATE state, opaque * data,
 	case GNUTLS_CRT_OPENPGP:
 		return _gnutls_proc_openpgp_server_certificate(state, data,
 							       data_size);
-#endif /* HAVE_LIBOPENCDK */
+#endif				/* HAVE_LIBOPENCDK */
 	case GNUTLS_CRT_X509:
 		return _gnutls_proc_x509_server_certificate(state, data,
 							    data_size);
@@ -940,8 +1011,8 @@ int _gnutls_proc_cert_server_certificate(GNUTLS_STATE state, opaque * data,
 }
 
 #define MAX_SIGN_ALGOS 2
-typedef enum CertificateSigType { RSA_SIGN =
-	    1, DSA_SIGN } CertificateSigType;
+typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN
+} CertificateSigType;
 
 /* Checks if we support the given signature algorithm 
  * (RSA or DSA). Returns the corresponding PKAlgorithm
@@ -1130,7 +1201,7 @@ int _gnutls_proc_cert_client_cert_vrfy(GNUTLS_STATE state, opaque * data,
 						     raw_certificate_list
 						     [0]);
 		break;
-#endif /* HAVE_LIBOPENCDK */
+#endif				/* HAVE_LIBOPENCDK */
 	default:
 		gnutls_assert();
 		return GNUTLS_E_UNKNOWN_ERROR;
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index 2872175a98..3eaf66c8d2 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -68,6 +68,10 @@ typedef enum GNUTLS_CertificateStatus { GNUTLS_CERT_TRUSTED=1,
 
 typedef enum GNUTLS_CertificateRequest { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } GNUTLS_CertificateRequest;
 
+typedef enum GNUTLS_OpenPGPKeyStatus { GNUTLS_OPENPGP_KEY, 
+	GNUTLS_OPENPGP_KEY_FINGERPRINT
+} GNUTLS_OpenPGPKeyStatus;
+
 typedef enum GNUTLS_CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } GNUTLS_CloseRequest;
 
 typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version;
@@ -266,5 +270,7 @@ ssize_t gnutls_record_set_max_size( GNUTLS_STATE state, size_t size);
 
 size_t gnutls_record_check_pending(GNUTLS_STATE state);
 
+void gnutls_openpgp_send_key(GNUTLS_STATE state, GNUTLS_OpenPGPKeyStatus status);
+
 int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* data, char* result, size_t* result_size);
 int gnutls_openpgp_fingerprint( const gnutls_datum* data, char* result, size_t* result_size);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 8604ab72cc..09ee8353a4 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -131,6 +131,10 @@ typedef enum CertificateRequest { GNUTLS_CERT_IGNORE,
 } CertificateRequest;
 #define GNUTLS_CertificateRequest CertificateRequest
 
+typedef enum GNUTLS_OpenPGPKeyStatus { GNUTLS_OPENPGP_KEY, 
+	GNUTLS_OPENPGP_KEY_FINGERPRINT
+} GNUTLS_OpenPGPKeyStatus;
+
 typedef enum CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 
 } CloseRequest;
 #define GNUTLS_CloseRequest CloseRequest
@@ -552,6 +556,11 @@ typedef struct {
 	 */
 	uint8			extensions_sent[MAX_EXT_TYPES];
 	uint8			extensions_sent_size;
+	
+	/* is 0 if we are to send the whole PGP key, or non zero
+	 * if the fingerprint is to be sent.
+	 */
+	int			pgp_fingerprint;
 } GNUTLS_INTERNALS;
 
 struct GNUTLS_STATE_INT {
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index dbef55fc90..8eb5eee06b 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -348,3 +348,21 @@ int _gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits) {
 	return 0;
 }
 
+/**
+  * gnutls_openpgp_send_key - This function will order gnutls to send the openpgp fingerprint instead of the key
+  * @state: is a pointer to a &GNUTLS_STATE structure.
+  * @status: is one of OPENPGP_KEY, or OPENPGP_KEY_FINGERPRINT
+  *
+  * This function will order gnutls to send the key fingerprint instead
+  * of the key in the initial handshake procedure. This should be used
+  * with care and only when there is indication or knowledge that the 
+  * server can obtain the client's key.
+  *
+  **/
+void gnutls_openpgp_send_key(GNUTLS_STATE state, GNUTLS_OpenPGPKeyStatus status) {
+	state->gnutls_internals.pgp_fingerprint = status;
+}
+
+int _gnutls_openpgp_send_fingerprint(GNUTLS_STATE state) {
+	return state->gnutls_internals.pgp_fingerprint;
+}
diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h
index c9f058b35d..2d645395aa 100644
--- a/lib/gnutls_state.h
+++ b/lib/gnutls_state.h
@@ -21,4 +21,6 @@ int _gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits);
 int _gnutls_dh_get_prime_bits( GNUTLS_STATE state);
 void gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits);
 
+int _gnutls_openpgp_send_fingerprint( GNUTLS_STATE state);
+
 #define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
diff --git a/src/cli-gaa.c b/src/cli-gaa.c
index 72da9d35fc..fba30c7a8b 100644
--- a/src/cli-gaa.c
+++ b/src/cli-gaa.c
@@ -104,6 +104,7 @@ void gaa_help()
 {
 	printf("cli help\nUsage: cli [options] hostname""\n");
 	__gaa_helpsingle('r', "resume", "", "Connect, establish a session. Connect again and resume this session.");
+	__gaa_helpsingle('f', "fingerprint", "", "Send the openpgp fingerprint, instead of the key.");
 	__gaa_helpsingle('p', "port", """integer"" ", "The port to connect to.");
 	__gaa_helpsingle(0, "recordsize", """integer"" ", "The maximum record size to advertize.");
 	__gaa_helpsingle(0, "ciphers", """cipher1 cipher2..."" ", "Ciphers to enable.");
@@ -128,38 +129,40 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 42 "cli.gaa"
+#line 45 "cli.gaa"
 	char **rest_args;
-#line 41 "cli.gaa"
+#line 44 "cli.gaa"
 	int nrest_args;
-#line 34 "cli.gaa"
+#line 37 "cli.gaa"
 	char **ctype;
-#line 33 "cli.gaa"
+#line 36 "cli.gaa"
 	int nctype;
-#line 30 "cli.gaa"
+#line 33 "cli.gaa"
 	char **kx;
-#line 29 "cli.gaa"
+#line 32 "cli.gaa"
 	int nkx;
-#line 26 "cli.gaa"
+#line 29 "cli.gaa"
 	char **macs;
-#line 25 "cli.gaa"
+#line 28 "cli.gaa"
 	int nmacs;
-#line 22 "cli.gaa"
+#line 25 "cli.gaa"
 	char **comp;
-#line 21 "cli.gaa"
+#line 24 "cli.gaa"
 	int ncomp;
-#line 18 "cli.gaa"
+#line 21 "cli.gaa"
 	char **proto;
-#line 17 "cli.gaa"
+#line 20 "cli.gaa"
 	int nproto;
-#line 14 "cli.gaa"
+#line 17 "cli.gaa"
 	char **ciphers;
-#line 13 "cli.gaa"
+#line 16 "cli.gaa"
 	int nciphers;
-#line 9 "cli.gaa"
+#line 12 "cli.gaa"
 	int record_size;
-#line 6 "cli.gaa"
+#line 9 "cli.gaa"
 	int port;
+#line 6 "cli.gaa"
+	int fingerprint;
 #line 3 "cli.gaa"
 	int resume;
 
@@ -216,7 +219,7 @@ int gaa_error = 0;
 #define GAA_MULTIPLE_OPTION     3
 
 #define GAA_REST                0
-#define GAA_NB_OPTION           11
+#define GAA_NB_OPTION           12
 #define GAAOPTID_help	1
 #define GAAOPTID_list	2
 #define GAAOPTID_ctypes	3
@@ -227,7 +230,8 @@ int gaa_error = 0;
 #define GAAOPTID_ciphers	8
 #define GAAOPTID_recordsize	9
 #define GAAOPTID_port	10
-#define GAAOPTID_resume	11
+#define GAAOPTID_fingerprint	11
+#define GAAOPTID_resume	12
 
 #line 168 "gaa.skel"
 
@@ -506,6 +510,7 @@ int gaa_get_option_num(char *str, int status)
 #line 375 "gaa.skel"
 			GAA_CHECK1STR("h", GAAOPTID_help);
 			GAA_CHECK1STR("l", GAAOPTID_list);
+			GAA_CHECK1STR("f", GAAOPTID_fingerprint);
 			GAA_CHECK1STR("r", GAAOPTID_resume);
 
 #line 277 "gaa.skel"
@@ -521,6 +526,7 @@ int gaa_get_option_num(char *str, int status)
 			GAA_CHECKSTR("ciphers", GAAOPTID_ciphers);
 			GAA_CHECKSTR("recordsize", GAAOPTID_recordsize);
 			GAA_CHECKSTR("port", GAAOPTID_port);
+			GAA_CHECKSTR("fingerprint", GAAOPTID_fingerprint);
 			GAA_CHECKSTR("resume", GAAOPTID_resume);
 
 #line 281 "gaa.skel"
@@ -564,14 +570,14 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
     {
 	case GAAOPTID_help:
 	OK = 0;
-#line 39 "cli.gaa"
+#line 42 "cli.gaa"
 { gaa_help(); exit(0); ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_list:
 	OK = 0;
-#line 38 "cli.gaa"
+#line 41 "cli.gaa"
 { print_list(); exit(0); ;};
 
 		return GAA_OK;
@@ -579,7 +585,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_ctypes:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1);
-#line 35 "cli.gaa"
+#line 38 "cli.gaa"
 { gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;};
 
 		return GAA_OK;
@@ -587,7 +593,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_kx:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1);
-#line 31 "cli.gaa"
+#line 34 "cli.gaa"
 { gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;};
 
 		return GAA_OK;
@@ -595,7 +601,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_macs:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1);
-#line 27 "cli.gaa"
+#line 30 "cli.gaa"
 { gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;};
 
 		return GAA_OK;
@@ -603,7 +609,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_comp:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1);
-#line 23 "cli.gaa"
+#line 26 "cli.gaa"
 { gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;};
 
 		return GAA_OK;
@@ -611,7 +617,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_protocols:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1);
-#line 19 "cli.gaa"
+#line 22 "cli.gaa"
 { gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;};
 
 		return GAA_OK;
@@ -619,7 +625,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 	case GAAOPTID_ciphers:
 	OK = 0;
 		GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1);
-#line 15 "cli.gaa"
+#line 18 "cli.gaa"
 { gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;};
 
 		return GAA_OK;
@@ -629,7 +635,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_recordsize.arg1, gaa_getint, GAATMP_recordsize.size1);
 		gaa_index++;
-#line 10 "cli.gaa"
+#line 13 "cli.gaa"
 { gaaval->record_size = GAATMP_recordsize.arg1 ;};
 
 		return GAA_OK;
@@ -639,11 +645,18 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_port.arg1, gaa_getint, GAATMP_port.size1);
 		gaa_index++;
-#line 7 "cli.gaa"
+#line 10 "cli.gaa"
 { gaaval->port = GAATMP_port.arg1 ;};
 
 		return GAA_OK;
 		break;
+	case GAAOPTID_fingerprint:
+	OK = 0;
+#line 7 "cli.gaa"
+{ gaaval->fingerprint = 1 ;};
+
+		return GAA_OK;
+		break;
 	case GAAOPTID_resume:
 	OK = 0;
 #line 4 "cli.gaa"
@@ -653,7 +666,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		break;
 	case GAA_REST:
 		GAA_OPTIONALLIST_FILL(GAAREST_tmp.arg1, gaa_getstr, char*, GAAREST_tmp.size1);
-#line 43 "cli.gaa"
+#line 46 "cli.gaa"
 { gaaval->rest_args = GAAREST_tmp.arg1; gaaval->nrest_args = GAAREST_tmp.size1 ;};
 
 		return GAA_OK;
@@ -681,10 +694,11 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
     if(inited == 0)
     {
 
-#line 45 "cli.gaa"
+#line 48 "cli.gaa"
 { gaaval->resume=0; gaaval->port=5556; gaaval->rest_args=NULL; gaaval->nrest_args=0; gaaval->ciphers=NULL;
 	gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0;
-	gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0; ;};
+	gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0; 
+	gaaval->fingerprint=0; ;};
 
     }
     inited = 1;
diff --git a/src/cli-gaa.h b/src/cli-gaa.h
index 16c73d2954..237fbd4764 100644
--- a/src/cli-gaa.h
+++ b/src/cli-gaa.h
@@ -8,38 +8,40 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 42 "cli.gaa"
+#line 45 "cli.gaa"
 	char **rest_args;
-#line 41 "cli.gaa"
+#line 44 "cli.gaa"
 	int nrest_args;
-#line 34 "cli.gaa"
+#line 37 "cli.gaa"
 	char **ctype;
-#line 33 "cli.gaa"
+#line 36 "cli.gaa"
 	int nctype;
-#line 30 "cli.gaa"
+#line 33 "cli.gaa"
 	char **kx;
-#line 29 "cli.gaa"
+#line 32 "cli.gaa"
 	int nkx;
-#line 26 "cli.gaa"
+#line 29 "cli.gaa"
 	char **macs;
-#line 25 "cli.gaa"
+#line 28 "cli.gaa"
 	int nmacs;
-#line 22 "cli.gaa"
+#line 25 "cli.gaa"
 	char **comp;
-#line 21 "cli.gaa"
+#line 24 "cli.gaa"
 	int ncomp;
-#line 18 "cli.gaa"
+#line 21 "cli.gaa"
 	char **proto;
-#line 17 "cli.gaa"
+#line 20 "cli.gaa"
 	int nproto;
-#line 14 "cli.gaa"
+#line 17 "cli.gaa"
 	char **ciphers;
-#line 13 "cli.gaa"
+#line 16 "cli.gaa"
 	int nciphers;
-#line 9 "cli.gaa"
+#line 12 "cli.gaa"
 	int record_size;
-#line 6 "cli.gaa"
+#line 9 "cli.gaa"
 	int port;
+#line 6 "cli.gaa"
+	int fingerprint;
 #line 3 "cli.gaa"
 	int resume;
 
diff --git a/src/cli.c b/src/cli.c
index 730e909941..83c5de8012 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -51,6 +51,7 @@ int resume;
 char *hostname=NULL;
 int port;
 int record_max_size;
+int fingerprint;
 
 int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
 int kx_priority[16] =
@@ -245,6 +246,9 @@ int main(int argc, char **argv)
 		gnutls_cred_set(state, GNUTLS_CRD_SRP, cred);
 		gnutls_cred_set(state, GNUTLS_CRD_CERTIFICATE, xcred);
 
+		/* send the fingerprint */
+		if (fingerprint!=0)
+			gnutls_openpgp_send_key( state, GNUTLS_OPENPGP_KEY_FINGERPRINT);
 
 		/* use the max record size extension */
 		if (record_max_size > 0) {
@@ -467,7 +471,8 @@ void gaa_parser(int argc, char **argv)
 	resume = info.resume;
 	port = info.port;
 	record_max_size = info.record_size;
-
+	fingerprint = info.fingerprint;
+	
 	if (info.nrest_args==0) hostname="localhost";
 	else hostname = info.rest_args[0];
 
diff --git a/src/cli.gaa b/src/cli.gaa
index a9d85893cb..bf3e477065 100644
--- a/src/cli.gaa
+++ b/src/cli.gaa
@@ -3,6 +3,9 @@ helpnode "cli help\nUsage: cli [options] hostname"
 #int resume;
 option (r, resume) { $resume = 1 } "Connect, establish a session. Connect again and resume this session."
 
+#int fingerprint;
+option (f, fingerprint) { $fingerprint = 1 } "Send the openpgp fingerprint, instead of the key."
+
 #int port;
 option (p, port) INT "integer" { $port = $1 } "The port to connect to."
 
@@ -44,5 +47,6 @@ rest optional *STR "hostname" { $rest_args = $1; $nrest_args = @1 }
 
 init { $resume=0; $port=5556; $rest_args=NULL; $nrest_args=0; $ciphers=NULL;
 	$kx=NULL; $comp=NULL; $macs=NULL; $ctype=NULL; $nciphers=0;
-	$nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $record_size=0; }
+	$nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $record_size=0; 
+	$fingerprint=0; }
 
diff --git a/src/common.c b/src/common.c
index d9ff7ae3a1..d391c86f3d 100644
--- a/src/common.c
+++ b/src/common.c
@@ -230,8 +230,8 @@ void print_list(void)
 	printf(", OPENPGP\n");
 
 	printf("Protocols:");
-	printf(" TLS 1.0");
-	printf(", SSL 3.0\n");
+	printf(" TLS1.0");
+	printf(", SSL3.0\n");
 
 	printf("Ciphers:");
 	printf(" RIJNDAEL_128_CBC");
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-02-18 14:11:15 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-02-18 14:11:15 +0000
commit	aa8dc33b464d169332f6baabc226a39f31581bb7 (patch)
tree	67cd21f0a9bd0882c8ae709f99796b13bc7d8b2e
parent	402b1f27cd8e49ed6b23003447c5e99e3ab4729a (diff)
download	gnutls-aa8dc33b464d169332f6baabc226a39f31581bb7.tar.gz