diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-05-03 09:11:51 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-05-03 09:11:51 +0000 |
commit | 76a8d8c37bc1130469b8b53cd08669a4153b4522 (patch) | |
tree | 889ab789edb46b75f65a9f49d8329a5fe8872095 | |
parent | 9a5a77c7bc92bcfdb9d027cbe7704947b5631f8a (diff) | |
download | gnutls-76a8d8c37bc1130469b8b53cd08669a4153b4522.tar.gz |
*** empty log message ***
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | src/common.c | 379 |
2 files changed, 190 insertions, 195 deletions
@@ -1,5 +1,7 @@ -Version 0.8.7 -- Some corrections in the Makefiles. +Version 0.8.7 (03/05/2003) +- Some corrections in the Makefiles, to prevent some build errors + in solaris. +- Corrections in the TLS layer openpgp certificate packet parser. Version 0.8.6 (25/03/2003) - Corrected a parsing error in the Certificate request message. diff --git a/src/common.c b/src/common.c index 0e36521430..60a4258603 100644 --- a/src/common.c +++ b/src/common.c @@ -3,7 +3,6 @@ #include <string.h> #include <gnutls/gnutls.h> #include <gnutls/extra.h> -#include <gnutls/x509.h> #include <time.h> #define TEST_STRING @@ -12,6 +11,13 @@ int xml = 0; void print_cert_info(gnutls_session session); #define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y) +#define PRINT_DN(X) PRINTX( "CN:", X.common_name); \ + PRINTX( "OU:", X.organizational_unit_name); \ + PRINTX( "O:", X.organization); \ + PRINTX( "L:", X.locality_name); \ + PRINTX( "S:", X.state_or_province_name); \ + PRINTX( "C:", X.country); \ + PRINTX( "E:", X.email) #define PRINT_PGP_NAME(X) PRINTX( "NAME:", X.name); \ PRINTX( "EMAIL:", X.email) @@ -29,114 +35,114 @@ static const char *my_ctime(time_t * tv) void print_x509_info(gnutls_session session) { - gnutls_x509_crt crt; + + gnutls_x509_dn dn; const gnutls_datum *cert_list; - int cert_list_size = 0, ret; + int cert_list_size = 0; char digest[20]; char serial[40]; - char dn[256]; - int dn_size; size_t digest_size = sizeof(digest); - int i, j; + int i; int serial_size = sizeof(serial); - char printable[256]; + char printable[120]; char *print; int bits, algo; - time_t expiret, activet; + time_t expiret = gnutls_certificate_expiration_time_peers(session); + time_t activet = gnutls_certificate_activation_time_peers(session); cert_list = gnutls_certificate_get_peers(session, &cert_list_size); - - if (cert_list_size <= 0) { - fprintf(stderr, "No certificates found!\n"); + if (cert_list_size <= 0) return; - } - printf(" - Got a certificate list of %d certificates.\n\n", - cert_list_size); + if (xml) { + gnutls_datum res; - for (j = 0; j < cert_list_size; j++) { + gnutls_x509_certificate_to_xml(&cert_list[0], &res, 0); + puts(res.data); - gnutls_x509_crt_init(&crt); - ret = - gnutls_x509_crt_import(crt, &cert_list[j], - GNUTLS_X509_FMT_DER); - if (ret < 0) { - fprintf(stderr, "Decoding error: %s\n", - gnutls_strerror(ret)); - return; - } + free(res.data); - printf(" - Certificate[%d] info:\n", j); + return; + } - expiret = gnutls_x509_crt_get_expiration_time(crt); - activet = gnutls_x509_crt_get_activation_time(crt); + printf(" - Certificate info:\n"); - printf(" # valid since: %s", my_ctime(&activet)); - printf(" # expires at: %s", my_ctime(&expiret)); + printf(" # Certificate is valid since: %s", my_ctime(&activet)); + printf(" # Certificate expires: %s", my_ctime(&expiret)); - /* Print the fingerprint of the certificate - */ - if (gnutls_fingerprint - (GNUTLS_DIG_MD5, &cert_list[j], digest, - &digest_size) >= 0) { - print = printable; - for (i = 0; i < digest_size; i++) { - sprintf(print, "%.2x ", - (unsigned char) digest[i]); - print += 3; - } - printf(" # fingerprint: %s\n", printable); + /* Print the fingerprint of the certificate + */ + if (gnutls_x509_fingerprint + (GNUTLS_DIG_MD5, &cert_list[0], digest, &digest_size) >= 0) { + print = printable; + for (i = 0; i < digest_size; i++) { + sprintf(print, "%.2x ", (unsigned char) digest[i]); + print += 3; } + printf(" # Certificate fingerprint: %s\n", printable); + } - /* Print the serial number of the certificate. - */ - - if (gnutls_x509_crt_get_serial(crt, serial, &serial_size) - >= 0) { - print = printable; - for (i = 0; i < serial_size; i++) { - sprintf(print, "%.2x ", - (unsigned char) serial[i]); - print += 3; - } - printf(" # serial number: %s\n", printable); - } + /* Print the serial number of the certificate. + */ - /* Print the version of the X.509 - * certificate. - */ - printf(" # version: #%d\n", - gnutls_x509_crt_get_version(crt)); - - algo = gnutls_x509_crt_get_pk_algorithm(crt, &bits); - printf(" # public key algorithm: "); - if (algo == GNUTLS_PK_RSA) { - printf("RSA\n"); - printf(" # Modulus: %d bits\n", bits); - } else if (algo == GNUTLS_PK_DSA) { - printf("DSA\n"); - printf(" # Exponent: %d bits\n", bits); - } else { - printf("UNKNOWN\n"); + if (gnutls_x509_extract_certificate_serial + (&cert_list[0], serial, &serial_size) >= 0) { + print = printable; + for (i = 0; i < serial_size; i++) { + sprintf(print, "%.2x ", (unsigned char) serial[i]); + print += 3; } + printf(" # Certificate serial number: %s\n", printable); + } - dn_size = sizeof(dn); - ret = gnutls_x509_crt_get_dn(crt, dn, &dn_size); - if (ret >= 0) - printf(" # Subject's DN: %s\n", dn); - - dn_size = sizeof(dn); - ret = gnutls_x509_crt_get_issuer_dn(crt, dn, &dn_size); - if (ret >= 0) - printf(" # Issuer's DN: %s\n", dn); - - gnutls_x509_crt_deinit(crt); - - printf("\n"); - + /* Print the version of the X.509 + * certificate. + */ + printf(" # Certificate version: #%d\n", + gnutls_x509_extract_certificate_version(&cert_list[0])); + + algo = + gnutls_x509_extract_certificate_pk_algorithm(&cert_list[0], + &bits); + printf(" # Certificate public key algorithm: "); + + if (algo == GNUTLS_PK_RSA) { + printf("RSA\n"); + printf(" # Modulus: %d bits\n", bits); + } else if (algo == GNUTLS_PK_DSA) { + printf("DSA\n"); + printf(" # Exponent: %d bits\n", bits); + } else { + printf("UNKNOWN\n"); } +#ifndef TEST_STRING + gnutls_x509_extract_certificate_dn(&cert_list[0], &dn); + PRINT_DN(dn); + + gnutls_x509_extract_certificate_issuer_dn(&cert_list[0], &dn); + printf(" # Certificate Issuer's info:\n"); + PRINT_DN(dn); +#else + { char buf[256]; + int buf_size = sizeof(buf); + int ret; + + ret = gnutls_x509_extract_certificate_dn_string( buf, buf_size, &cert_list[0], 0); + if (ret == 0) + printf( " # %s\n", buf); + else printf("gnutls_x509_extract_certificate_dn_string() returned %d\n", ret); + + ret = gnutls_x509_extract_certificate_dn_string( buf, buf_size, &cert_list[0], 1); + if (ret == 0) { + printf(" # Certificate Issuer's info:\n"); + printf( " # %s\n", buf); + } else printf("gnutls_x509_extract_certificate_dn_string() returned %d\n", ret); + + } +#endif + } void print_openpgp_info(gnutls_session session) @@ -157,7 +163,6 @@ void print_openpgp_info(gnutls_session session) if (cert_list_size > 0) { int algo, bits; -#if 0 if (xml) { gnutls_datum res; @@ -168,7 +173,6 @@ void print_openpgp_info(gnutls_session session) return; } -#endif printf(" # Key was created at: %s", my_ctime(&activet)); printf(" # Key expires: "); @@ -209,11 +213,8 @@ void print_openpgp_info(gnutls_session session) printf(" # PGP Key fingerprint: %s\n", printable); if (gnutls_openpgp_extract_key_name(&cert_list[0], - 0, - &pgp_name) < - 0) { - fprintf(stderr, - "Could not extract name\n"); + 0, &pgp_name) < 0) { + fprintf(stderr, "Could not extract name\n"); } else { PRINT_PGP_NAME(pgp_name); } @@ -241,7 +242,7 @@ void print_cert_vrfy(gnutls_session session) } if (status & GNUTLS_CERT_INVALID) - printf("- Peer's certificate chain is broken\n"); + printf("- Peer's certificate is invalid\n"); if (status & GNUTLS_CERT_NOT_TRUSTED) printf("- Peer's certificate is NOT trusted\n"); else @@ -288,8 +289,7 @@ int print_info(gnutls_session session) /* This fails in client side */ if (gnutls_get_server_name (session, dns, &dns_size, &type, 0) == 0) { - printf("- Given server name[%d]: %s\n", - type, dns); + printf("- Given server name[%d]: %s\n", type, dns); } } @@ -363,7 +363,7 @@ void print_list(void) printf(" RIJNDAEL-128-CBC"); printf(", TWOFISH-128-CBC"); printf(", 3DES-CBC"); - printf(", ARCFOUR\n"); + printf(", ARCFOUR"); printf(", ARCFOUR-40\n"); printf("MACs:"); @@ -404,118 +404,111 @@ void print_license(void) "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n"); } -void parse_protocols(char **protocols, int protocols_size, - int *protocol_priority) +void parse_protocols( char** protocols, int protocols_size, int* protocol_priority) { - int i, j; - - if (protocols != NULL && protocols_size > 0) { - for (j = i = 0; i < protocols_size; i++) { - if (strncasecmp(protocols[i], "SSL", 3) == 0) - protocol_priority[j++] = GNUTLS_SSL3; - if (strncasecmp(protocols[i], "TLS", 3) == 0) - protocol_priority[j++] = GNUTLS_TLS1; - } - protocol_priority[j] = 0; - } +int i,j; + + if (protocols != NULL && protocols_size > 0) { + for (j = i = 0; i < protocols_size; i++) { + if (strncasecmp(protocols[i], "SSL", 3) == 0) + protocol_priority[j++] = GNUTLS_SSL3; + if (strncasecmp(protocols[i], "TLS", 3) == 0) + protocol_priority[j++] = GNUTLS_TLS1; + } + protocol_priority[j] = 0; + } } -void parse_ciphers(char **ciphers, int nciphers, int *cipher_priority) -{ - int j, i; - - if (ciphers != NULL && nciphers > 0) { - for (j = i = 0; i < nciphers; i++) { - if (strncasecmp(ciphers[i], "RIJ", 3) == 0) - cipher_priority[j++] = - GNUTLS_CIPHER_RIJNDAEL_128_CBC; - if (strncasecmp(ciphers[i], "TWO", 3) == 0) - cipher_priority[j++] = - GNUTLS_CIPHER_TWOFISH_128_CBC; - if (strncasecmp(ciphers[i], "3DE", 3) == 0) - cipher_priority[j++] = - GNUTLS_CIPHER_3DES_CBC; - if (strcasecmp(ciphers[i], "ARCFOUR-40") == 0) - cipher_priority[j++] = - GNUTLS_CIPHER_ARCFOUR_40; - if (strcasecmp(ciphers[i], "ARCFOUR") == 0) - cipher_priority[j++] = - GNUTLS_CIPHER_ARCFOUR_128; - if (strncasecmp(ciphers[i], "NUL", 3) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_NULL; - } - cipher_priority[j] = 0; - } +void parse_ciphers( char** ciphers, int nciphers, int* cipher_priority) +{ +int j,i; + + if (ciphers != NULL && nciphers > 0) { + for (j = i = 0; i < nciphers; i++) { + if (strncasecmp(ciphers[i], "RIJ", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_RIJNDAEL_128_CBC; + if (strncasecmp(ciphers[i], "TWO", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_TWOFISH_128_CBC; + if (strncasecmp(ciphers[i], "3DE", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC; + if (strcasecmp(ciphers[i], "ARCFOUR-40") == 0) + cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40; + if (strcasecmp(ciphers[i], "ARCFOUR") == 0) + cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128; + if (strncasecmp(ciphers[i], "NUL", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_NULL; + } + cipher_priority[j] = 0; + } } -void parse_macs(char **macs, int nmacs, int *mac_priority) +void parse_macs( char** macs, int nmacs, int *mac_priority) { - int i, j; - if (macs != NULL && nmacs > 0) { - for (j = i = 0; i < nmacs; i++) { - if (strncasecmp(macs[i], "MD5", 3) == 0) - mac_priority[j++] = GNUTLS_MAC_MD5; - if (strncasecmp(macs[i], "SHA", 3) == 0) - mac_priority[j++] = GNUTLS_MAC_SHA; - } - mac_priority[j] = 0; - } +int i,j; + if (macs != NULL && nmacs > 0) { + for (j = i = 0; i < nmacs; i++) { + if (strncasecmp(macs[i], "MD5", 3) == 0) + mac_priority[j++] = GNUTLS_MAC_MD5; + if (strncasecmp(macs[i], "SHA", 3) == 0) + mac_priority[j++] = GNUTLS_MAC_SHA; + } + mac_priority[j] = 0; + } } -void parse_ctypes(char **ctype, int nctype, int *cert_type_priority) +void parse_ctypes( char** ctype, int nctype, int * cert_type_priority) { - int i, j; - if (ctype != NULL && nctype > 0) { - for (j = i = 0; i < nctype; i++) { - if (strncasecmp(ctype[i], "OPE", 3) == 0) - cert_type_priority[j++] = - GNUTLS_CRT_OPENPGP; - if (strncasecmp(ctype[i], "X", 1) == 0) - cert_type_priority[j++] = GNUTLS_CRT_X509; - } - cert_type_priority[j] = 0; - } +int i,j; + if (ctype != NULL && nctype > 0) { + for (j = i = 0; i < nctype; i++) { + if (strncasecmp(ctype[i], "OPE", 3) == 0) + cert_type_priority[j++] = GNUTLS_CRT_OPENPGP; + if (strncasecmp(ctype[i], "X", 1) == 0) + cert_type_priority[j++] = GNUTLS_CRT_X509; + } + cert_type_priority[j] = 0; + } } -void parse_kx(char **kx, int nkx, int *kx_priority) +void parse_kx( char** kx, int nkx, int* kx_priority) { - int i, j; - if (kx != NULL && nkx > 0) { - for (j = i = 0; i < nkx; i++) { - if (strcasecmp(kx[i], "SRP") == 0) - kx_priority[j++] = GNUTLS_KX_SRP; - if (strcasecmp(kx[i], "SRP-RSA") == 0) - kx_priority[j++] = GNUTLS_KX_SRP_RSA; - if (strcasecmp(kx[i], "SRP-DSS") == 0) - kx_priority[j++] = GNUTLS_KX_SRP_DSS; - if (strcasecmp(kx[i], "RSA") == 0) - kx_priority[j++] = GNUTLS_KX_RSA; - if (strcasecmp(kx[i], "RSA-EXPORT") == 0) - kx_priority[j++] = GNUTLS_KX_RSA_EXPORT; - if (strncasecmp(kx[i], "DHE-RSA", 7) == 0) - kx_priority[j++] = GNUTLS_KX_DHE_RSA; - if (strncasecmp(kx[i], "DHE-DSS", 7) == 0) - kx_priority[j++] = GNUTLS_KX_DHE_DSS; - if (strncasecmp(kx[i], "ANON", 4) == 0) - kx_priority[j++] = GNUTLS_KX_ANON_DH; - } - kx_priority[j] = 0; - } +int i,j; + if (kx != NULL && nkx > 0) { + for (j = i = 0; i < nkx; i++) { + if (strcasecmp(kx[i], "SRP") == 0) + kx_priority[j++] = GNUTLS_KX_SRP; + if (strcasecmp(kx[i], "SRP-RSA") == 0) + kx_priority[j++] = GNUTLS_KX_SRP_RSA; + if (strcasecmp(kx[i], "SRP-DSS") == 0) + kx_priority[j++] = GNUTLS_KX_SRP_DSS; + if (strcasecmp(kx[i], "RSA") == 0) + kx_priority[j++] = GNUTLS_KX_RSA; + if (strcasecmp(kx[i], "RSA-EXPORT") == 0) + kx_priority[j++] = GNUTLS_KX_RSA_EXPORT; + if (strncasecmp(kx[i], "DHE-RSA", 7) == 0) + kx_priority[j++] = GNUTLS_KX_DHE_RSA; + if (strncasecmp(kx[i], "DHE-DSS", 7) == 0) + kx_priority[j++] = GNUTLS_KX_DHE_DSS; + if (strncasecmp(kx[i], "ANON", 4) == 0) + kx_priority[j++] = GNUTLS_KX_ANON_DH; + } + kx_priority[j] = 0; + } } -void parse_comp(char **comp, int ncomp, int *comp_priority) +void parse_comp( char** comp, int ncomp, int* comp_priority) { - int i, j; - if (comp != NULL && ncomp > 0) { - for (j = i = 0; i < ncomp; i++) { - if (strncasecmp(comp[i], "NUL", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_NULL; - if (strncasecmp(comp[i], "ZLI", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_ZLIB; - if (strncasecmp(comp[i], "LZO", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_LZO; - } - comp_priority[j] = 0; - } +int i,j; + if (comp != NULL && ncomp > 0) { + for (j = i = 0; i < ncomp; i++) { + if (strncasecmp(comp[i], "NUL", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_NULL; + if (strncasecmp(comp[i], "ZLI", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_ZLIB; + if (strncasecmp(comp[i], "LZO", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_LZO; + } + comp_priority[j] = 0; + } } |