diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-10-07 16:15:59 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-10-07 16:15:59 +0000 |
| commit | be8d24a955195f64e6ea19a13e880036f4de852d (patch) | |
| tree | f8b3a36c14982e0a8b8af7779da54f6a9f435b68 | |
| parent | 2527a7991229bd084c5d43f6d94216f736915706 (diff) | |
| download | gnutls-be8d24a955195f64e6ea19a13e880036f4de852d.tar.gz | |
several cleanups
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | doc/TODO | 1 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 4 | ||||
| -rw-r--r-- | lib/gnutls_auth.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_errors.h | 2 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 1 | ||||
| -rw-r--r-- | lib/gnutls_kx.c | 1 | ||||
| -rw-r--r-- | src/cli.c | 178 | ||||
| -rw-r--r-- | src/cli.gaa | 2 |
9 files changed, 105 insertions, 88 deletions
@@ -3,6 +3,8 @@ Version 0.5.9 the private key type. - Corrected some code which worked fine in gcc 3.2, but not with any other compiler. +- Updated 'gnutls-cli' with the starttls parameter, to allow testing + starttls implementations. Version 0.5.8 (25/09/2002) - Updated documentation. @@ -13,6 +13,7 @@ Current list: * Add support for certificate CRLs in certificate verification * Audit the code * Add GPGSM certificate manager support +* Allow unexpected Client Hello messages - Add Kerberos support (+) Means high priority diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 983b2bb238..9a43064950 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -59,7 +59,9 @@ typedef enum gnutls_digest_algorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, GNUTLS #define GNUTLS_MAX_ALGORITHM_NUM 8 typedef enum gnutls_compression_method { GNUTLS_COMP_NULL=1, - GNUTLS_COMP_ZLIB, GNUTLS_COMP_LZO + GNUTLS_COMP_ZLIB, + GNUTLS_COMP_LZO /* only available if gnutls-extra has been initialized + */ } gnutls_compression_method; typedef enum gnutls_connection_end { GNUTLS_SERVER=1, GNUTLS_CLIENT } gnutls_connection_end; diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index ec293618bf..d3e3a036de 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -37,7 +37,7 @@ int gnutls_clear_creds( gnutls_session session) { AUTH_CRED * ccred, *ncred; - if (session->gnutls_key->cred!=NULL) { /* begining of the list */ + if (session->gnutls_key && session->gnutls_key->cred) { /* begining of the list */ ccred = session->gnutls_key->cred; while(ccred!=NULL) { ncred = ccred->next; diff --git a/lib/gnutls_errors.h b/lib/gnutls_errors.h index f47b100019..f265d47e3b 100644 --- a/lib/gnutls_errors.h +++ b/lib/gnutls_errors.h @@ -24,7 +24,7 @@ #ifdef DEBUG # ifdef __FILE__ # ifdef __LINE__ -# define gnutls_assert() fprintf(stderr, "GNUTLS_ASSERT: %s:%d\n", __FILE__,__LINE__); +# define gnutls_assert() _gnutls_log( "GNUTLS_ASSERT: %s:%d\n", __FILE__,__LINE__); # else # define gnutls_assert() # endif diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 1811ca6dad..b5d9fac045 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2380,7 +2380,6 @@ int _gnutls_remove_unwanted_ciphersuites(gnutls_session session, * the ciphersuite */ kx = _gnutls_cipher_suite_get_kx_algo((*cipherSuites)[i]); - keep = 0; /* if it is defined but had no credentials diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index b3e8be5256..8ae2c06d80 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -561,6 +561,7 @@ int _gnutls_recv_client_certificate( gnutls_session session) /* certificate was required */ if (optional==MANDATORY_PACKET) { gnutls_assert(); + return GNUTLS_E_NO_CERTIFICATE_FOUND; } return ret; } @@ -103,6 +103,7 @@ void socket_bye(socket_st socket); void check_rehandshake(socket_st socket, int ret); void check_alert(socket_st socket, int ret); int do_handshake(socket_st *socket); +void init_global_tls_stuff(void); #define MAX(X,Y) (X >= Y ? X : Y); @@ -187,85 +188,8 @@ int main(int argc, char **argv) signal(SIGPIPE, SIG_IGN); - if (gnutls_global_init() < 0) { - fprintf(stderr, "global state initialization error\n"); - exit(1); - } - - if (gnutls_global_init_extra() < 0) { - fprintf(stderr, "global state (extra) initialization error\n"); - exit(1); - } - - /* X509 stuff */ - if (gnutls_certificate_allocate_cred(&xcred) < 0) { - fprintf(stderr, "Certificate allocation memory error\n"); - exit(1); - } - - if (x509_cafile != NULL) { - ret = - gnutls_certificate_set_x509_trust_file(xcred, - x509_cafile, x509ctype); - if (ret < 0) { - fprintf(stderr, "Error setting the x509 trust file\n"); - } else { - printf("Processed %d CA certificate(s).\n", ret); - } - } - - if (x509_certfile != NULL) { - ret = - gnutls_certificate_set_x509_key_file(xcred, - x509_certfile, - x509_keyfile, x509ctype); - if (ret < 0) { - fprintf(stderr, - "Error setting the x509 key files ('%s', '%s')\n", - x509_certfile, x509_keyfile); - } - } - - if (pgp_certfile != NULL) { - ret = - gnutls_certificate_set_openpgp_key_file(xcred, - pgp_certfile, - pgp_keyfile); - if (ret < 0) { - fprintf(stderr, - "Error setting the x509 key files ('%s', '%s')\n", - pgp_certfile, pgp_keyfile); - } - } + init_global_tls_stuff(); - if (pgp_keyring != NULL) { - ret = - gnutls_certificate_set_openpgp_keyring_file(xcred, pgp_keyring); - if (ret < 0) { - fprintf(stderr, "Error setting the OpenPGP keyring file\n"); - } - } - - if (pgp_trustdb != NULL) { - ret = gnutls_certificate_set_openpgp_trustdb(xcred, pgp_trustdb); - if (ret < 0) { - fprintf(stderr, "Error setting the OpenPGP trustdb file\n"); - } - } -/* gnutls_certificate_client_callback_func( xcred, cert_callback); */ - - /* SRP stuff */ - if (srp_username != NULL) { - if (gnutls_srp_allocate_client_cred(&cred) < 0) { - fprintf(stderr, "SRP authentication error\n"); - } - gnutls_srp_set_client_cred(cred, srp_username, srp_passwd); - } - - /* ANON stuff */ - if (gnutls_anon_allocate_client_cred(&anon_cred) < 0) { - fprintf(stderr, "Anonymous authentication error\n"); - } printf("Resolving '%s'...\n", hostname); /* get server name */ @@ -309,7 +233,6 @@ int main(int argc, char **argv) /* This TLS extension may break old implementations. */ - ret = do_handshake(&hd); if (ret < 0) { @@ -360,8 +283,6 @@ int main(int argc, char **argv) } } -/* print some information */ - print_info(hd.session); after_handshake: @@ -395,6 +316,7 @@ int main(int argc, char **argv) for (ii = 0; ii < ret; ii++) { fputc(buffer[ii], stdout); } + fflush(stdout); } if (user_term != 0) @@ -409,7 +331,8 @@ int main(int argc, char **argv) if (ret < 0) { fprintf(stderr, "*** Handshake has failed\n"); gnutls_perror(ret); - gnutls_deinit(hd.session); + socket_bye(hd); + user_term = 1; } continue; } else { @@ -710,6 +633,95 @@ int do_handshake(socket_st* socket) ret = gnutls_handshake(socket->session); } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); - socket->secure = 1; + if (ret==0) { + socket->secure = 1; + /* print some information */ + print_info(socket->session); + } return ret; } + +void init_global_tls_stuff() +{ +int ret; + + if (gnutls_global_init() < 0) { + fprintf(stderr, "global state initialization error\n"); + exit(1); + } + + if (gnutls_global_init_extra() < 0) { + fprintf(stderr, "global state (extra) initialization error\n"); + exit(1); + } + + /* X509 stuff */ + if (gnutls_certificate_allocate_cred(&xcred) < 0) { + fprintf(stderr, "Certificate allocation memory error\n"); + exit(1); + } + + if (x509_cafile != NULL) { + ret = + gnutls_certificate_set_x509_trust_file(xcred, + x509_cafile, x509ctype); + if (ret < 0) { + fprintf(stderr, "Error setting the x509 trust file\n"); + } else { + printf("Processed %d CA certificate(s).\n", ret); + } + } + + if (x509_certfile != NULL) { + ret = + gnutls_certificate_set_x509_key_file(xcred, + x509_certfile, + x509_keyfile, x509ctype); + if (ret < 0) { + fprintf(stderr, + "Error setting the x509 key files ('%s', '%s')\n", + x509_certfile, x509_keyfile); + } + } + + if (pgp_certfile != NULL) { + ret = + gnutls_certificate_set_openpgp_key_file(xcred, + pgp_certfile, + pgp_keyfile); + if (ret < 0) { + fprintf(stderr, + "Error setting the x509 key files ('%s', '%s')\n", + pgp_certfile, pgp_keyfile); + } + } + + if (pgp_keyring != NULL) { + ret = + gnutls_certificate_set_openpgp_keyring_file(xcred, pgp_keyring); + if (ret < 0) { + fprintf(stderr, "Error setting the OpenPGP keyring file\n"); + } + } + + if (pgp_trustdb != NULL) { + ret = gnutls_certificate_set_openpgp_trustdb(xcred, pgp_trustdb); + if (ret < 0) { + fprintf(stderr, "Error setting the OpenPGP trustdb file\n"); + } + } +/* gnutls_certificate_client_callback_func( xcred, cert_callback); */ + + /* SRP stuff */ + if (srp_username != NULL) { + if (gnutls_srp_allocate_client_cred(&cred) < 0) { + fprintf(stderr, "SRP authentication error\n"); + } + gnutls_srp_set_client_cred(cred, srp_username, srp_passwd); + } + + /* ANON stuff */ + if (gnutls_anon_allocate_client_cred(&anon_cred) < 0) { + fprintf(stderr, "Anonymous authentication error\n"); + } +} diff --git a/src/cli.gaa b/src/cli.gaa index 0916057fb0..56ca952453 100644 --- a/src/cli.gaa +++ b/src/cli.gaa @@ -15,7 +15,7 @@ helpnode "GNU TLS test client\nUsage: gnutls-cli [options] hostname\n\n" option (r, resume) { $resume = 1 } "Connect, establish a session. Connect again and resume this session." #int starttls; -option (s, starttls) { $starttls = 1 } "Connect, establish a plain session and start TLS when EOF is sent." +option (s, starttls) { $starttls = 1 } "Connect, establish a plain session and start TLS when EOF is sent from the keyboard." #int crlf; option (crlf) { $crlf = 1 } "Send CR LF instead of LF." |