diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-06-06 13:50:15 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-06-06 13:50:15 +0000 |
| commit | 1c13b0dd740f3255f9a5bb0feb8a9718ced62127 (patch) | |
| tree | 8c128f40898f3e6105efe1dcc4d66ceeac8259ce | |
| parent | 560a706dfd8b93e625a58026bf17588a2e14bfb3 (diff) | |
| download | gnutls-1c13b0dd740f3255f9a5bb0feb8a9718ced62127.tar.gz | |
several improvements
| -rw-r--r-- | lib/gnutls_datum.c | 9 | ||||
| -rw-r--r-- | lib/gnutls_ui.c | 65 | ||||
| -rw-r--r-- | lib/x509/pkcs12_bag.c | 6 | ||||
| -rw-r--r-- | src/cli-gaa.c | 129 | ||||
| -rw-r--r-- | src/cli-gaa.h | 48 | ||||
| -rw-r--r-- | src/cli.c | 67 | ||||
| -rw-r--r-- | src/cli.gaa | 4 | ||||
| -rw-r--r-- | src/common.c | 370 | ||||
| -rwxr-xr-x | src/gnutls-http-serv | 1 | ||||
| -rw-r--r-- | src/serv-gaa.c | 137 | ||||
| -rw-r--r-- | src/serv-gaa.h | 32 | ||||
| -rw-r--r-- | src/serv.c | 32 | ||||
| -rw-r--r-- | src/serv.gaa | 7 | ||||
| -rw-r--r-- | src/tests.c | 184 | ||||
| -rw-r--r-- | src/tests.h | 72 | ||||
| -rw-r--r-- | src/tls_test.c | 36 |
16 files changed, 731 insertions, 468 deletions
diff --git a/lib/gnutls_datum.c b/lib/gnutls_datum.c index 007404a8ae..edd71b2a47 100644 --- a/lib/gnutls_datum.c +++ b/lib/gnutls_datum.c @@ -50,7 +50,14 @@ void _gnutls_write_datum8( opaque* dest, gnutls_datum dat) { int _gnutls_set_datum_m( gnutls_datum* dat, const void* data, int data_size, - gnutls_alloc_function galloc_func) { + gnutls_alloc_function galloc_func) +{ + if (data_size == 0) { + dat->data = NULL; + dat->size = 0; + return 0; + } + dat->data = galloc_func(data_size); if (dat->data==NULL) return GNUTLS_E_MEMORY_ERROR; diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index f9b607fafa..6871f38f5c 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -31,6 +31,7 @@ #include <gnutls_errors.h> #include <gnutls_auth_int.h> #include <gnutls_state.h> +#include <gnutls_datum.h> /* ANON & DHE */ @@ -59,12 +60,13 @@ void gnutls_dh_set_prime_bits(gnutls_session session, unsigned int bits) /** * gnutls_dh_get_group - This function returns the group of the DH authentication * @session: is a gnutls session - * @raw_gen: will hold the generator. To be treated as constant. - * @raw_prime: will hold the prime. To be treated as constant. + * @raw_gen: will hold the generator. + * @raw_prime: will hold the prime. * * This function will return the group parameters used in the last Diffie Hellman * authentication with the peer. These are the prime and the generator used. * This function should be used for both anonymous and ephemeral diffie Hellman. + * The output parameters must be freed with gnutls_free(). * * Returns a negative value in case of an error. * @@ -73,6 +75,7 @@ int gnutls_dh_get_group(gnutls_session session, gnutls_datum* raw_gen, gnutls_datum* raw_prime) { dh_info_t *dh; +int ret; anon_server_auth_info_t anon_info; cert_auth_info_t cert_info; @@ -94,11 +97,18 @@ cert_auth_info_t cert_info; return GNUTLS_E_INVALID_REQUEST; } - raw_prime->data = dh->prime; - raw_prime->size = dh->prime_size; + ret = _gnutls_set_datum( raw_prime, dh->prime, dh->prime_size); + if (ret < 0) { + gnutls_assert(); + return ret; + } - raw_gen->data = dh->generator; - raw_gen->size = dh->generator_size; + ret = _gnutls_set_datum( raw_gen, dh->generator, dh->generator_size); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum( raw_prime); + return ret; + } return 0; } @@ -106,15 +116,16 @@ cert_auth_info_t cert_info; /** * gnutls_dh_get_pubkey - This function returns the peer's public key used in DH authentication * @session: is a gnutls session - * @raw_key: will hold the public key. To be treated as constant. + * @raw_key: will hold the public key. * * This function will return the peer's public key used in the last Diffie Hellman authentication. * This function should be used for both anonymous and ephemeral diffie Hellman. + * The output parameters must be freed with gnutls_free(). * * Returns a negative value in case of an error. * **/ -int gnutls_dh_get_pubkey(gnutls_session session, gnutls_datum* key) +int gnutls_dh_get_pubkey(gnutls_session session, gnutls_datum* raw_key) { dh_info_t* dh; anon_server_auth_info_t anon_info; @@ -141,38 +152,46 @@ cert_auth_info_t cert_info; return GNUTLS_E_INVALID_REQUEST; } - key->data = dh->public_key; - key->size = dh->public_key_size; - - return 0; + return _gnutls_set_datum( raw_key, dh->public_key, dh->public_key_size); } /** * gnutls_rsa_export_get_modulus - This function returns the peer's modulus used in RSA-EXPORT authentication * @session: is a gnutls session - * @exp: will hold the exponent. To be treated as constant. - * @mod: will hold the modulus. To be treated as constant. + * @exp: will hold the exponent. + * @mod: will hold the modulus. * * This function will return the peer's modulus used in the last RSA-EXPORT authentication. + * The output parameters must be freed with gnutls_free(). * * Returns a negative value in case of an error. * **/ int gnutls_rsa_export_get_pubkey(gnutls_session session, gnutls_datum* exp, gnutls_datum* mod) { -cert_auth_info_t cert_info; +cert_auth_info_t info; +int ret; if ( gnutls_auth_get_type( session) == GNUTLS_CRD_CERTIFICATE) { - cert_info = _gnutls_get_auth_info(session); - if (cert_info == NULL) + info = _gnutls_get_auth_info(session); + if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; - - mod->data = cert_info->rsa_export.modulus; - mod->size = cert_info->rsa_export.modulus_size; - exp->data = cert_info->rsa_export.exponent; - exp->size = cert_info->rsa_export.exponent_size; - + ret = _gnutls_set_datum( mod, info->rsa_export.modulus, + info->rsa_export.modulus_size); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = _gnutls_set_datum( exp, info->rsa_export.exponent, + info->rsa_export.exponent_size); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum( mod); + return ret; + } + return 0; } diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index 622b225964..e27504bb01 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -131,7 +131,11 @@ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag bag) * @indx: The element of the bag to get the data from * @data: where the bag's data will be. Should be treated as constant. * - * This function will return the bag's data. + * This function will return the bag's data. The data is a constant + * that is stored into the bag. Should not be accessed after the bag + * is deleted. + * + * Returns 0 on success and a negative error code on error. * **/ int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag bag, int indx, gnutls_datum * data) diff --git a/src/cli-gaa.c b/src/cli-gaa.c index d52e78ed59..2b93916c42 100644 --- a/src/cli-gaa.c +++ b/src/cli-gaa.c @@ -138,6 +138,7 @@ void gaa_help(void) __gaa_helpsingle(0, "print-cert", "", "Print the certificate in PEM format."); __gaa_helpsingle('p', "port", "integer ", "The port to connect to."); __gaa_helpsingle(0, "recordsize", "integer ", "The maximum record size to advertize."); + __gaa_helpsingle('V', "verbose", "", "More verbose output."); __gaa_helpsingle(0, "ciphers", "cipher1 cipher2... ", "Ciphers to enable."); __gaa_helpsingle(0, "protocols", "protocol1 protocol2... ", "Protocols to enable."); __gaa_helpsingle(0, "comp", "comp1 comp2... ", "Compression methods to enable."); @@ -172,52 +173,54 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 109 "cli.gaa" +#line 111 "cli.gaa" char *rest_args; -#line 99 "cli.gaa" +#line 101 "cli.gaa" char *srp_passwd; -#line 96 "cli.gaa" +#line 98 "cli.gaa" char *srp_username; -#line 93 "cli.gaa" +#line 95 "cli.gaa" char *x509_certfile; -#line 90 "cli.gaa" +#line 92 "cli.gaa" char *x509_keyfile; -#line 87 "cli.gaa" +#line 89 "cli.gaa" char *pgp_certfile; -#line 84 "cli.gaa" +#line 86 "cli.gaa" char *pgp_trustdb; -#line 81 "cli.gaa" +#line 83 "cli.gaa" char *pgp_keyring; -#line 78 "cli.gaa" +#line 80 "cli.gaa" char *pgp_keyfile; -#line 75 "cli.gaa" +#line 77 "cli.gaa" char *x509_crlfile; -#line 72 "cli.gaa" +#line 74 "cli.gaa" char *x509_cafile; -#line 69 "cli.gaa" +#line 71 "cli.gaa" char **ctype; -#line 68 "cli.gaa" +#line 70 "cli.gaa" int nctype; -#line 65 "cli.gaa" +#line 67 "cli.gaa" char **kx; -#line 64 "cli.gaa" +#line 66 "cli.gaa" int nkx; -#line 61 "cli.gaa" +#line 63 "cli.gaa" char **macs; -#line 60 "cli.gaa" +#line 62 "cli.gaa" int nmacs; -#line 57 "cli.gaa" +#line 59 "cli.gaa" char **comp; -#line 56 "cli.gaa" +#line 58 "cli.gaa" int ncomp; -#line 53 "cli.gaa" +#line 55 "cli.gaa" char **proto; -#line 52 "cli.gaa" +#line 54 "cli.gaa" int nproto; -#line 49 "cli.gaa" +#line 51 "cli.gaa" char **ciphers; -#line 48 "cli.gaa" +#line 50 "cli.gaa" int nciphers; +#line 47 "cli.gaa" + int verbose; #line 44 "cli.gaa" int record_size; #line 41 "cli.gaa" @@ -294,7 +297,7 @@ static int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 31 +#define GAA_NB_OPTION 32 #define GAAOPTID_copyright 1 #define GAAOPTID_version 2 #define GAAOPTID_help 3 @@ -315,17 +318,18 @@ static int gaa_error = 0; #define GAAOPTID_comp 18 #define GAAOPTID_protocols 19 #define GAAOPTID_ciphers 20 -#define GAAOPTID_recordsize 21 -#define GAAOPTID_port 22 -#define GAAOPTID_print_cert 23 -#define GAAOPTID_xml 24 -#define GAAOPTID_disable_extensions 25 -#define GAAOPTID_fingerprint 26 -#define GAAOPTID_x509fmtder 27 -#define GAAOPTID_crlf 28 -#define GAAOPTID_starttls 29 -#define GAAOPTID_resume 30 -#define GAAOPTID_debug 31 +#define GAAOPTID_verbose 21 +#define GAAOPTID_recordsize 22 +#define GAAOPTID_port 23 +#define GAAOPTID_print_cert 24 +#define GAAOPTID_xml 25 +#define GAAOPTID_disable_extensions 26 +#define GAAOPTID_fingerprint 27 +#define GAAOPTID_x509fmtder 28 +#define GAAOPTID_crlf 29 +#define GAAOPTID_starttls 30 +#define GAAOPTID_resume 31 +#define GAAOPTID_debug 32 #line 168 "gaa.skel" @@ -687,6 +691,7 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECK1STR("v", GAAOPTID_version); GAA_CHECK1STR("h", GAAOPTID_help); GAA_CHECK1STR("l", GAAOPTID_list); + GAA_CHECK1STR("V", GAAOPTID_verbose); GAA_CHECK1STR("", GAAOPTID_print_cert); GAA_CHECK1STR("", GAAOPTID_xml); GAA_CHECK1STR("", GAAOPTID_disable_extensions); @@ -719,6 +724,7 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("comp", GAAOPTID_comp); GAA_CHECKSTR("protocols", GAAOPTID_protocols); GAA_CHECKSTR("ciphers", GAAOPTID_ciphers); + GAA_CHECKSTR("verbose", GAAOPTID_verbose); GAA_CHECKSTR("recordsize", GAAOPTID_recordsize); GAA_CHECKSTR("port", GAAOPTID_port); GAA_CHECKSTR("print-cert", GAAOPTID_print_cert); @@ -783,28 +789,28 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_copyright: OK = 0; -#line 107 "cli.gaa" +#line 109 "cli.gaa" { print_license(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_version: OK = 0; -#line 106 "cli.gaa" +#line 108 "cli.gaa" { cli_version(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_help: OK = 0; -#line 104 "cli.gaa" +#line 106 "cli.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_list: OK = 0; -#line 103 "cli.gaa" +#line 105 "cli.gaa" { print_list(); exit(0); ;}; return GAA_OK; @@ -814,7 +820,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr, GAATMP_srppasswd.size1); gaa_index++; -#line 100 "cli.gaa" +#line 102 "cli.gaa" { gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;}; return GAA_OK; @@ -824,7 +830,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_srpusername.arg1, gaa_getstr, GAATMP_srpusername.size1); gaa_index++; -#line 97 "cli.gaa" +#line 99 "cli.gaa" { gaaval->srp_username = GAATMP_srpusername.arg1 ;}; return GAA_OK; @@ -834,7 +840,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr, GAATMP_x509certfile.size1); gaa_index++; -#line 94 "cli.gaa" +#line 96 "cli.gaa" { gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;}; return GAA_OK; @@ -844,7 +850,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr, GAATMP_x509keyfile.size1); gaa_index++; -#line 91 "cli.gaa" +#line 93 "cli.gaa" { gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;}; return GAA_OK; @@ -854,7 +860,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr, GAATMP_pgpcertfile.size1); gaa_index++; -#line 88 "cli.gaa" +#line 90 "cli.gaa" { gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;}; return GAA_OK; @@ -864,7 +870,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgptrustdb.arg1, gaa_getstr, GAATMP_pgptrustdb.size1); gaa_index++; -#line 85 "cli.gaa" +#line 87 "cli.gaa" { gaaval->pgp_trustdb = GAATMP_pgptrustdb.arg1 ;}; return GAA_OK; @@ -874,7 +880,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr, GAATMP_pgpkeyring.size1); gaa_index++; -#line 82 "cli.gaa" +#line 84 "cli.gaa" { gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;}; return GAA_OK; @@ -884,7 +890,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr, GAATMP_pgpkeyfile.size1); gaa_index++; -#line 79 "cli.gaa" +#line 81 "cli.gaa" { gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;}; return GAA_OK; @@ -894,7 +900,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509crlfile.arg1, gaa_getstr, GAATMP_x509crlfile.size1); gaa_index++; -#line 76 "cli.gaa" +#line 78 "cli.gaa" { gaaval->x509_crlfile = GAATMP_x509crlfile.arg1 ;}; return GAA_OK; @@ -904,7 +910,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr, GAATMP_x509cafile.size1); gaa_index++; -#line 73 "cli.gaa" +#line 75 "cli.gaa" { gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;}; return GAA_OK; @@ -912,7 +918,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ctypes: OK = 0; GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1); -#line 70 "cli.gaa" +#line 72 "cli.gaa" { gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;}; return GAA_OK; @@ -920,7 +926,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_kx: OK = 0; GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1); -#line 66 "cli.gaa" +#line 68 "cli.gaa" { gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;}; return GAA_OK; @@ -928,7 +934,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_macs: OK = 0; GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1); -#line 62 "cli.gaa" +#line 64 "cli.gaa" { gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;}; return GAA_OK; @@ -936,7 +942,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_comp: OK = 0; GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1); -#line 58 "cli.gaa" +#line 60 "cli.gaa" { gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;}; return GAA_OK; @@ -944,7 +950,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_protocols: OK = 0; GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1); -#line 54 "cli.gaa" +#line 56 "cli.gaa" { gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;}; return GAA_OK; @@ -952,11 +958,18 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ciphers: OK = 0; GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1); -#line 50 "cli.gaa" +#line 52 "cli.gaa" { gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;}; return GAA_OK; break; + case GAAOPTID_verbose: + OK = 0; +#line 48 "cli.gaa" +{ gaaval->verbose = 1 ;}; + + return GAA_OK; + break; case GAAOPTID_recordsize: OK = 0; GAA_TESTMOREARGS; @@ -1047,7 +1060,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAAREST_tmp.arg1, gaa_getstr, GAAREST_tmp.size1); gaa_index++; -#line 110 "cli.gaa" +#line 112 "cli.gaa" { gaaval->rest_args = GAAREST_tmp.arg1; ;}; return GAA_OK; @@ -1076,7 +1089,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 112 "cli.gaa" +#line 114 "cli.gaa" { gaaval->resume=0; gaaval->port=443; gaaval->rest_args=NULL; gaaval->ciphers=NULL; gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0; gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0; @@ -1084,7 +1097,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval) gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL; gaaval->disable_extensions = 0; gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->crlf = 0; gaaval->xml = 0; gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; gaaval->fmtder = 0; gaaval->starttls =0; - gaaval->debug = 0; gaaval->print_cert = 0; ;}; + gaaval->debug = 0; gaaval->print_cert = 0; gaaval->verbose = 0; ;}; } inited = 1; diff --git a/src/cli-gaa.h b/src/cli-gaa.h index b8e94cb348..49fbdbab73 100644 --- a/src/cli-gaa.h +++ b/src/cli-gaa.h @@ -8,52 +8,54 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 109 "cli.gaa" +#line 111 "cli.gaa" char *rest_args; -#line 99 "cli.gaa" +#line 101 "cli.gaa" char *srp_passwd; -#line 96 "cli.gaa" +#line 98 "cli.gaa" char *srp_username; -#line 93 "cli.gaa" +#line 95 "cli.gaa" char *x509_certfile; -#line 90 "cli.gaa" +#line 92 "cli.gaa" char *x509_keyfile; -#line 87 "cli.gaa" +#line 89 "cli.gaa" char *pgp_certfile; -#line 84 "cli.gaa" +#line 86 "cli.gaa" char *pgp_trustdb; -#line 81 "cli.gaa" +#line 83 "cli.gaa" char *pgp_keyring; -#line 78 "cli.gaa" +#line 80 "cli.gaa" char *pgp_keyfile; -#line 75 "cli.gaa" +#line 77 "cli.gaa" char *x509_crlfile; -#line 72 "cli.gaa" +#line 74 "cli.gaa" char *x509_cafile; -#line 69 "cli.gaa" +#line 71 "cli.gaa" char **ctype; -#line 68 "cli.gaa" +#line 70 "cli.gaa" int nctype; -#line 65 "cli.gaa" +#line 67 "cli.gaa" char **kx; -#line 64 "cli.gaa" +#line 66 "cli.gaa" int nkx; -#line 61 "cli.gaa" +#line 63 "cli.gaa" char **macs; -#line 60 "cli.gaa" +#line 62 "cli.gaa" int nmacs; -#line 57 "cli.gaa" +#line 59 "cli.gaa" char **comp; -#line 56 "cli.gaa" +#line 58 "cli.gaa" int ncomp; -#line 53 "cli.gaa" +#line 55 "cli.gaa" char **proto; -#line 52 "cli.gaa" +#line 54 "cli.gaa" int nproto; -#line 49 "cli.gaa" +#line 51 "cli.gaa" char **ciphers; -#line 48 "cli.gaa" +#line 50 "cli.gaa" int nciphers; +#line 47 "cli.gaa" + int verbose; #line 44 "cli.gaa" int record_size; #line 41 "cli.gaa" @@ -59,7 +59,7 @@ int port; int record_max_size; int fingerprint; int crlf; -int quiet = 0; +int verbose = 0; extern int xml; extern int print_cert; @@ -86,9 +86,9 @@ int protocol_priority[PRI_MAX] = { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; int kx_priority[PRI_MAX] = { GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, - GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP, - /* Do not use anonymous authentication, unless you know what that means */ - GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_ANON_DH, 0 + GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP, + /* Do not use anonymous authentication, unless you know what that means */ + GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_ANON_DH, 0 }; int cipher_priority[PRI_MAX] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, @@ -207,19 +207,19 @@ static void load_keys(void) munmap_file(data); } - #ifdef USE_OPENPGP if (pgp_certfile != NULL && pgp_keyfile != NULL) { data = mmap_file(pgp_certfile); if (data.data == NULL) { - fprintf(stderr, "*** Error loading PGP cert file.\n"); + fprintf(stderr, + "*** Error loading PGP cert file.\n"); exit(1); } gnutls_openpgp_key_init(&pgp_crt); ret = gnutls_openpgp_key_import(pgp_crt, &data, - GNUTLS_OPENPGP_FMT_BASE64); + GNUTLS_OPENPGP_FMT_BASE64); if (ret < 0) { fprintf(stderr, "*** Error loading PGP cert file: %s\n", @@ -231,7 +231,8 @@ static void load_keys(void) data = mmap_file(x509_keyfile); if (data.data == NULL) { - fprintf(stderr, "*** Error loading PGP key file.\n"); + fprintf(stderr, + "*** Error loading PGP key file.\n"); exit(1); } @@ -239,9 +240,11 @@ static void load_keys(void) ret = gnutls_openpgp_privkey_import(pgp_key, &data, - GNUTLS_OPENPGP_FMT_BASE64, NULL, 0); + GNUTLS_OPENPGP_FMT_BASE64, + NULL, 0); if (ret < 0) { - fprintf(stderr, "*** Error loading PGP key file: %s\n", + fprintf(stderr, + "*** Error loading PGP key file: %s\n", gnutls_strerror(ret)); exit(1); } @@ -269,21 +272,26 @@ static int cert_callback(gnutls_session session, size_t len; gnutls_certificate_type type; - /* Print the server's trusted CAs - */ - if (nreqs > 0) - printf("- Server's trusted authorities:\n"); - else - printf - ("- Server did not send us any trusted authorities names.\n"); - - /* print the names (if any) */ - for (i = 0; i < nreqs; i++) { - len = sizeof(issuer_dn); - ret = gnutls_x509_rdn_get(&req_ca_rdn[i], issuer_dn, &len); - if (ret >= 0) { - printf(" [%d]: ", i); - printf("%s\n", issuer_dn); + if (verbose) { + + /* Print the server's trusted CAs + */ + if (nreqs > 0) + printf("- Server's trusted authorities:\n"); + else + printf + ("- Server did not send us any trusted authorities names.\n"); + + /* print the names (if any) */ + for (i = 0; i < nreqs; i++) { + len = sizeof(issuer_dn); + ret = + gnutls_x509_rdn_get(&req_ca_rdn[i], issuer_dn, + &len); + if (ret >= 0) { + printf(" [%d]: ", i); + printf("%s\n", issuer_dn); + } } } @@ -314,7 +322,7 @@ static int cert_callback(gnutls_session session, st->key.pgp = pgp_key; st->deinit_all = 0; - + return 0; } } @@ -616,7 +624,7 @@ int main(int argc, char **argv) "*** Server has terminated the connection abnormally.\n"); break; } else if (ret > 0) { - if (quiet != 0) + if (verbose != 0) printf("- Received[%d]: ", ret); for (ii = 0; ii < ret; ii++) { fputc(buffer[ii], stdout); @@ -655,7 +663,7 @@ int main(int argc, char **argv) ret = socket_send(hd, buffer, strlen(buffer)); if (ret > 0) { - if (quiet != 0) + if (verbose != 0) printf("- Sent: %d bytes\n", ret); } else handle_error(hd, ret); @@ -692,6 +700,7 @@ void gaa_parser(int argc, char **argv) } debug = info.debug; + verbose = info.verbose; disable_extensions = info.disable_extensions; xml = info.xml; print_cert = info.print_cert; @@ -782,7 +791,7 @@ ssize_t socket_send(socket_st socket, const void *buffer, int buffer_size) ret = send(socket.fd, buffer, buffer_size, 0); } while (ret == -1 && errno == EINTR); - if (ret > 0 && ret != buffer_size && quiet) + if (ret > 0 && ret != buffer_size && verbose) fprintf(stderr, "*** Only sent %d bytes instead of %d.\n", ret, buffer_size); diff --git a/src/cli.gaa b/src/cli.gaa index 412b412b67..e6e039da92 100644 --- a/src/cli.gaa +++ b/src/cli.gaa @@ -44,6 +44,8 @@ option (p, port) INT "integer" { $port = $1 } "The port to connect to." #int record_size; option (recordsize) INT "integer" { $record_size = $1 } "The maximum record size to advertize." +#int verbose; +option (V, verbose) { $verbose = 1 } "More verbose output." #int nciphers; #char **ciphers; @@ -116,6 +118,6 @@ init { $resume=0; $port=443; $rest_args=NULL; $ciphers=NULL; $x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL; $disable_extensions = 0; $x509_keyfile=NULL; $x509_certfile=NULL; $crlf = 0; $xml = 0; $srp_username=NULL; $srp_passwd=NULL; $fmtder = 0; $starttls =0; - $debug = 0; $print_cert = 0; } + $debug = 0; $print_cert = 0; $verbose = 0; } diff --git a/src/common.c b/src/common.c index 85b851b2f4..ba73386e6b 100644 --- a/src/common.c +++ b/src/common.c @@ -36,8 +36,9 @@ int xml = 0; int print_cert; +extern int verbose; -static char buffer[5*1024]; +static char buffer[5 * 1024]; #define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y) #define PRINT_PGP_NAME(X) PRINTX( "NAME:", name) @@ -50,13 +51,15 @@ const char *raw_to_string(const unsigned char *raw, size_t raw_size) { static char buf[1024]; size_t i; - if (raw_size == 0) return NULL; + if (raw_size == 0) + return NULL; if (raw_size * 3 + 1 >= sizeof(buf)) return NULL; for (i = 0; i < raw_size; i++) { - sprintf(&(buf[i * 3]), "%02X%s", raw[i], (i==raw_size-1)?"":":"); + sprintf(&(buf[i * 3]), "%02X%s", raw[i], + (i == raw_size - 1) ? "" : ":"); } buf[sizeof(buf) - 1] = '\0'; @@ -68,15 +71,16 @@ static const char *my_ctime(const time_t * tv) static char buf[256]; struct tm *tp; - if ( ( (tp = localtime(tv)) == NULL ) || - (!strftime(buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp)) ) - strcpy(buf, str_unknown);/* make sure buf text isn't garbage */ + if (((tp = localtime(tv)) == NULL) || + (!strftime(buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp))) + strcpy(buf, str_unknown); /* make sure buf text isn't garbage */ return buf; } -void print_x509_info(gnutls_session session, const char* hostname) + +void print_x509_info(gnutls_session session, const char *hostname) { gnutls_x509_crt crt; const gnutls_datum *cert_list; @@ -89,7 +93,7 @@ void print_x509_info(gnutls_session session, const char* hostname) unsigned int j; size_t serial_size = sizeof(serial); const char *print; - const char* cstr; + const char *cstr; unsigned int bits, algo; time_t expiret, activet; @@ -104,14 +108,15 @@ void print_x509_info(gnutls_session session, const char* hostname) printf(" - Got a certificate list of %d certificates.\n\n", cert_list_size); - for (j = 0; j < (unsigned int)cert_list_size; j++) { + for (j = 0; j < (unsigned int) cert_list_size; j++) { gnutls_x509_crt_init(&crt); ret = gnutls_x509_crt_import(crt, &cert_list[j], GNUTLS_X509_FMT_DER); if (ret < 0) { - fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret)); + fprintf(stderr, "Decoding error: %s\n", + gnutls_strerror(ret)); return; } @@ -119,28 +124,37 @@ void print_x509_info(gnutls_session session, const char* hostname) if (print_cert) { size_t size; - + size = sizeof(buffer); - - ret = gnutls_x509_crt_export( crt, GNUTLS_X509_FMT_PEM, buffer, &size); + + ret = + gnutls_x509_crt_export(crt, + GNUTLS_X509_FMT_PEM, + buffer, &size); if (ret < 0) { - fprintf(stderr, "Encoding error: %s\n", gnutls_strerror(ret)); + fprintf(stderr, "Encoding error: %s\n", + gnutls_strerror(ret)); return; } - fputs( "\n", stdout); - fputs( buffer, stdout); - fputs( "\n", stdout); + fputs("\n", stdout); + fputs(buffer, stdout); + fputs("\n", stdout); } - - if (j==0 && hostname != NULL) { /* Check the hostname of the first certificate - * if it matches the name of the host we - * connected to. - */ - if (gnutls_x509_crt_check_hostname( crt, hostname)==0) { - printf(" # The hostname in the certificate does NOT match '%s'.\n", hostname); - } else { - printf(" # The hostname in the certificate matches '%s'.\n", hostname); - } + + if (j == 0 && hostname != NULL) { /* Check the hostname of the first certificate + * if it matches the name of the host we + * connected to. + */ + if (gnutls_x509_crt_check_hostname(crt, hostname) + == 0) { + printf + (" # The hostname in the certificate does NOT match '%s'.\n", + hostname); + } else { + printf + (" # The hostname in the certificate matches '%s'.\n", + hostname); + } } @@ -148,15 +162,15 @@ void print_x509_info(gnutls_session session, const char* hostname) #ifdef ENABLE_PKI gnutls_datum xml_data; - ret = gnutls_x509_crt_to_xml( crt, &xml_data, 0); + ret = gnutls_x509_crt_to_xml(crt, &xml_data, 0); if (ret < 0) { fprintf(stderr, "XML encoding error: %s\n", gnutls_strerror(ret)); return; } - + printf("%s", xml_data.data); - gnutls_free( xml_data.data); + gnutls_free(xml_data.data); #endif } else { @@ -169,51 +183,128 @@ void print_x509_info(gnutls_session session, const char* hostname) /* Print the serial number of the certificate. */ - if (gnutls_x509_crt_get_serial(crt, serial, &serial_size) + if (verbose + && gnutls_x509_crt_get_serial(crt, serial, + &serial_size) >= 0) { - print = raw_to_string( serial, serial_size); - if (print!=NULL) - printf(" # serial number: %s\n", print); + print = raw_to_string(serial, serial_size); + if (print != NULL) + printf(" # serial number: %s\n", + print); } /* Print the fingerprint of the certificate */ digest_size = sizeof(digest); - if ((ret=gnutls_x509_crt_get_fingerprint(crt, GNUTLS_DIG_MD5, digest, &digest_size)) + if ((ret = + gnutls_x509_crt_get_fingerprint(crt, + GNUTLS_DIG_MD5, + digest, + &digest_size)) < 0) { - fprintf(stderr, "Error in fingerprint calculation: %s\n", gnutls_strerror(ret)); + fprintf(stderr, + "Error in fingerprint calculation: %s\n", + gnutls_strerror(ret)); } else { - print = raw_to_string( digest, digest_size); + print = raw_to_string(digest, digest_size); if (print != NULL) - printf(" # fingerprint: %s\n", print); + printf(" # fingerprint: %s\n", + print); } /* Print the version of the X.509 * certificate. */ - printf(" # version: #%d\n", - gnutls_x509_crt_get_version(crt)); - - bits = 0; - algo = gnutls_x509_crt_get_pk_algorithm(crt, &bits); - printf(" # public key algorithm: "); - - cstr = SU(gnutls_pk_algorithm_get_name( algo)); - printf("%s (%d bits)\n", cstr, bits); + if (verbose) { + printf(" # version: #%d\n", + gnutls_x509_crt_get_version(crt)); + + bits = 0; + algo = + gnutls_x509_crt_get_pk_algorithm(crt, + &bits); + printf(" # public key algorithm: "); + + cstr = + SU(gnutls_pk_algorithm_get_name(algo)); + printf("%s (%d bits)\n", cstr, bits); + + if (algo == GNUTLS_PK_RSA) { + gnutls_datum e, m; + + ret = + gnutls_x509_crt_get_pk_rsa_raw + (crt, &m, &e); + if (ret >= 0) { + print = + SU(raw_to_string + (e.data, e.size)); + printf(" # e [%d bits]: %s\n", + e.size*8, print); + + print = + SU(raw_to_string + (m.data, m.size)); + printf(" # m [%d bits]: %s\n", + m.size*8, print); + + gnutls_free(e.data); + gnutls_free(m.data); + } + } else if (algo == GNUTLS_PK_DSA) { + gnutls_datum p, q, g, y; + + ret = + gnutls_x509_crt_get_pk_dsa_raw + (crt, &p, &q, &g, &y); + if (ret >= 0) { + print = + SU(raw_to_string + (p.data, p.size)); + printf(" # p [%d bits]: %s\n", + p.size*8, print); + + print = + SU(raw_to_string + (q.data, q.size)); + printf(" # q [%d bits]: %s\n", + q.size*8, print); + + print = + SU(raw_to_string + (g.data, g.size)); + printf(" # g [%d bits]: %s\n", + g.size*8, print); + + print = + SU(raw_to_string + (y.data, y.size)); + printf(" # y [%d bits]: %s\n", + y.size*8, print); + + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + } + } + } dn_size = sizeof(dn); ret = gnutls_x509_crt_get_dn(crt, dn, &dn_size); if (ret >= 0) printf(" # Subject's DN: %s\n", dn); - + dn_size = sizeof(dn); - ret = gnutls_x509_crt_get_issuer_dn(crt, dn, &dn_size); + ret = + gnutls_x509_crt_get_issuer_dn(crt, dn, + &dn_size); if (ret >= 0) printf(" # Issuer's DN: %s\n", dn); } gnutls_x509_crt_deinit(crt); - + printf("\n"); } @@ -222,14 +313,14 @@ void print_x509_info(gnutls_session session, const char* hostname) #ifdef USE_OPENPGP -void print_openpgp_info(gnutls_session session, const char* hostname) +void print_openpgp_info(gnutls_session session, const char *hostname) { char digest[20]; size_t digest_size = sizeof(digest); int ret; const char *print; - const char* cstr; + const char *cstr; char name[256]; size_t name_len = sizeof(name); gnutls_openpgp_key crt; @@ -237,7 +328,7 @@ void print_openpgp_info(gnutls_session session, const char* hostname) int cert_list_size = 0; time_t expiret; time_t activet; - + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); if (cert_list_size > 0) { @@ -245,56 +336,67 @@ void print_openpgp_info(gnutls_session session, const char* hostname) gnutls_openpgp_key_init(&crt); ret = - gnutls_openpgp_key_import(crt, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW); + gnutls_openpgp_key_import(crt, &cert_list[0], + GNUTLS_OPENPGP_FMT_RAW); if (ret < 0) { - fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret)); + fprintf(stderr, "Decoding error: %s\n", + gnutls_strerror(ret)); return; } if (print_cert) { size_t size; - + size = sizeof(buffer); - ret = gnutls_openpgp_key_export( crt, GNUTLS_OPENPGP_FMT_BASE64, buffer, &size); + ret = + gnutls_openpgp_key_export(crt, + GNUTLS_OPENPGP_FMT_BASE64, + buffer, &size); if (ret < 0) { - fprintf(stderr, "Encoding error: %s\n", gnutls_strerror(ret)); + fprintf(stderr, "Encoding error: %s\n", + gnutls_strerror(ret)); return; } - fputs( "\n", stdout); - fputs( buffer, stdout); - fputs( "\n", stdout); + fputs("\n", stdout); + fputs(buffer, stdout); + fputs("\n", stdout); } - if (hostname != NULL) { /* Check the hostname of the first certificate - * if it matches the name of the host we - * connected to. - */ - if (gnutls_openpgp_key_check_hostname( crt, hostname)==0) { - printf(" # The hostname in the key does NOT match '%s'.\n", hostname); - } else { - printf(" # The hostname in the key matches '%s'.\n", hostname); - } + if (hostname != NULL) { /* Check the hostname of the first certificate + * if it matches the name of the host we + * connected to. + */ + if (gnutls_openpgp_key_check_hostname + (crt, hostname) == 0) { + printf + (" # The hostname in the key does NOT match '%s'.\n", + hostname); + } else { + printf + (" # The hostname in the key matches '%s'.\n", + hostname); + } } if (xml) { gnutls_datum xml_data; - ret = gnutls_openpgp_key_to_xml( crt, &xml_data, 0); + ret = gnutls_openpgp_key_to_xml(crt, &xml_data, 0); if (ret < 0) { fprintf(stderr, "XML encoding error: %s\n", gnutls_strerror(ret)); return; } - + printf("%s", xml_data.data); - gnutls_free( xml_data.data); + gnutls_free(xml_data.data); return; } - activet = gnutls_openpgp_key_get_creation_time( crt); - expiret = gnutls_openpgp_key_get_expiration_time( crt); + activet = gnutls_openpgp_key_get_creation_time(crt); + expiret = gnutls_openpgp_key_get_expiration_time(crt); printf(" # Key was created at: %s", my_ctime(&activet)); printf(" # Key expires: "); @@ -303,26 +405,29 @@ void print_openpgp_info(gnutls_session session, const char* hostname) else printf("Never\n"); - if (gnutls_openpgp_key_get_fingerprint(crt, digest, &digest_size) >= 0) - { - print = raw_to_string( digest, digest_size); + if (gnutls_openpgp_key_get_fingerprint + (crt, digest, &digest_size) >= 0) { + print = raw_to_string(digest, digest_size); printf(" # PGP Key version: %d\n", gnutls_openpgp_key_get_version(crt)); bits = 0; algo = - gnutls_openpgp_key_get_pk_algorithm(crt, &bits); + gnutls_openpgp_key_get_pk_algorithm(crt, + &bits); printf(" # PGP Key public key algorithm: "); - cstr = SU(gnutls_pk_algorithm_get_name( algo)); + cstr = SU(gnutls_pk_algorithm_get_name(algo)); printf("%s (%d bits)\n", cstr, bits); if (print != NULL) - printf(" # PGP Key fingerprint: %s\n", print); + printf(" # PGP Key fingerprint: %s\n", + print); name_len = sizeof(name); - if (gnutls_openpgp_key_get_name(crt, 0, name, &name_len) < 0) { + if (gnutls_openpgp_key_get_name + (crt, 0, name, &name_len) < 0) { fprintf(stderr, "Could not extract name\n"); } else { @@ -330,8 +435,8 @@ void print_openpgp_info(gnutls_session session, const char* hostname) } } - - gnutls_openpgp_key_deinit( crt); + + gnutls_openpgp_key_deinit(crt); } } @@ -355,7 +460,7 @@ void print_cert_vrfy(gnutls_session session) return; } - if (gnutls_certificate_type_get(session)==GNUTLS_CRT_X509) { + if (gnutls_certificate_type_get(session) == GNUTLS_CRT_X509) { if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) printf("- Peer's certificate issuer is unknown\n"); if (status & GNUTLS_CERT_INVALID) @@ -368,11 +473,12 @@ void print_cert_vrfy(gnutls_session session) else printf("- Peer's key is valid\n"); if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) - printf("- Could not find a signer of the peer's key\n"); + printf + ("- Could not find a signer of the peer's key\n"); } } -int print_info(gnutls_session session, const char* hostname) +int print_info(gnutls_session session, const char *hostname) { const char *tmp; gnutls_credentials_type cred; @@ -421,11 +527,12 @@ int print_info(gnutls_session session, const char* hostname) print_cert_info(session, hostname); print_cert_vrfy(session); - + } tmp = - SU(gnutls_protocol_get_name(gnutls_protocol_get_version(session))); + SU(gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); printf("- Version: %s\n", tmp); tmp = SU(gnutls_kx_get_name(kx)); @@ -437,15 +544,17 @@ int print_info(gnutls_session session, const char* hostname) tmp = SU(gnutls_mac_get_name(gnutls_mac_get(session))); printf("- MAC: %s\n", tmp); - tmp = SU(gnutls_compression_get_name(gnutls_compression_get(session))); + tmp = + SU(gnutls_compression_get_name + (gnutls_compression_get(session))); printf("- Compression: %s\n", tmp); - fflush (stdout); + fflush(stdout); return 0; } -void print_cert_info(gnutls_session session, const char* hostname) +void print_cert_info(gnutls_session session, const char *hostname) { printf("- Certificate type: "); @@ -508,19 +617,19 @@ void print_list(void) void print_license(void) { -fputs( "\nCopyright (C) 2004 Free Software Foundation\n" - "This program is free software; you can redistribute it and/or modify \n" - "it under the terms of the GNU General Public License as published by \n" - "the Free Software Foundation; either version 2 of the License, or \n" - "(at your option) any later version. \n" "\n" - "This program is distributed in the hope that it will be useful, \n" - "but WITHOUT ANY WARRANTY; without even the implied warranty of \n" - "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n" - "GNU General Public License for more details. \n" "\n" - "You should have received a copy of the GNU General Public License \n" - "along with this program; if not, write to the Free Software \n" - "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n", - stdout); + fputs("\nCopyright (C) 2004 Free Software Foundation\n" + "This program is free software; you can redistribute it and/or modify \n" + "it under the terms of the GNU General Public License as published by \n" + "the Free Software Foundation; either version 2 of the License, or \n" + "(at your option) any later version. \n" "\n" + "This program is distributed in the hope that it will be useful, \n" + "but WITHOUT ANY WARRANTY; without even the implied warranty of \n" + "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n" + "GNU General Public License for more details. \n" "\n" + "You should have received a copy of the GNU General Public License \n" + "along with this program; if not, write to the Free Software \n" + "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n", + stdout); } void parse_protocols(char **protocols, int protocols_size, @@ -532,11 +641,14 @@ void parse_protocols(char **protocols, int protocols_size, for (j = i = 0; i < protocols_size; i++) { if (strncasecmp(protocols[i], "SSL", 3) == 0) protocol_priority[j++] = GNUTLS_SSL3; - else if (strncasecmp(protocols[i], "TLS1.1", 6) == 0) + else if (strncasecmp(protocols[i], "TLS1.1", 6) == + 0) protocol_priority[j++] = GNUTLS_TLS1_1; else if (strncasecmp(protocols[i], "TLS", 3) == 0) protocol_priority[j++] = GNUTLS_TLS1_0; - else fprintf(stderr, "Unknown protocol: '%s'\n", protocols[i]); + else + fprintf(stderr, "Unknown protocol: '%s'\n", + protocols[i]); } protocol_priority[j] = 0; } @@ -562,7 +674,9 @@ void parse_ciphers(char **ciphers, int nciphers, int *cipher_priority) GNUTLS_CIPHER_ARCFOUR_128; else if (strncasecmp(ciphers[i], "NUL", 3) == 0) cipher_priority[j++] = GNUTLS_CIPHER_NULL; - else fprintf(stderr, "Unknown cipher: '%s'\n", ciphers[i]); + else + fprintf(stderr, "Unknown cipher: '%s'\n", + ciphers[i]); } cipher_priority[j] = 0; } @@ -579,7 +693,9 @@ void parse_macs(char **macs, int nmacs, int *mac_priority) mac_priority[j++] = GNUTLS_MAC_RMD160; else if (strncasecmp(macs[i], "SHA", 3) == 0) mac_priority[j++] = GNUTLS_MAC_SHA; - else fprintf(stderr, "Unknown MAC: '%s'\n", macs[i]); + else + fprintf(stderr, "Unknown MAC: '%s'\n", + macs[i]); } mac_priority[j] = 0; } @@ -595,7 +711,10 @@ void parse_ctypes(char **ctype, int nctype, int *cert_type_priority) GNUTLS_CRT_OPENPGP; else if (strncasecmp(ctype[i], "X", 1) == 0) cert_type_priority[j++] = GNUTLS_CRT_X509; - else fprintf(stderr, "Unknown certificate type: '%s'\n", ctype[i]); + else + fprintf(stderr, + "Unknown certificate type: '%s'\n", + ctype[i]); } cert_type_priority[j] = 0; } @@ -622,7 +741,10 @@ void parse_kx(char **kx, int nkx, int *kx_priority) kx_priority[j++] = GNUTLS_KX_DHE_DSS; else if (strncasecmp(kx[i], "ANON", 4) == 0) kx_priority[j++] = GNUTLS_KX_ANON_DH; - else fprintf(stderr, "Unknown key exchange: '%s'\n", kx[i]); + else + fprintf(stderr, + "Unknown key exchange: '%s'\n", + kx[i]); } kx_priority[j] = 0; } @@ -641,7 +763,10 @@ void parse_comp(char **comp, int ncomp, int *comp_priority) comp_priority[j++] = GNUTLS_COMP_DEFLATE; else if (strncasecmp(comp[i], "LZO", 3) == 0) comp_priority[j++] = GNUTLS_COMP_LZO; - else fprintf(stderr, "Unknown compression: '%s'\n", comp[i]); + else + fprintf(stderr, + "Unknown compression: '%s'\n", + comp[i]); } comp_priority[j] = 0; } @@ -658,31 +783,30 @@ void parse_comp(char **comp, int ncomp, int *comp_priority) # include <arpa/inet.h> #endif -const char *inet_ntop(int af, const void *src, - char *dst, size_t cnt) +const char *inet_ntop(int af, const void *src, char *dst, size_t cnt) { -char* ret; + char *ret; + + ret = inet_ntoa(*((struct in_addr *) src)); - ret = inet_ntoa( *((struct in_addr*)src)); - if (ret == NULL || strlen(ret) > cnt) { return NULL; } - strcpy( dst, ret); + strcpy(dst, ret); return dst; } #endif -void sockets_init( void) +void sockets_init(void) { #ifdef _WIN32 WORD wVersionRequested; WSADATA wsaData; - wVersionRequested = MAKEWORD(1, 1); - if (WSAStartup(wVersionRequested, &wsaData) != 0) { - perror("WSA_STARTUP_ERROR"); - } + wVersionRequested = MAKEWORD(1, 1); + if (WSAStartup(wVersionRequested, &wsaData) != 0) { + perror("WSA_STARTUP_ERROR"); + } #endif } diff --git a/src/gnutls-http-serv b/src/gnutls-http-serv index 396e3e5599..278cd177a0 100755 --- a/src/gnutls-http-serv +++ b/src/gnutls-http-serv @@ -1,6 +1,7 @@ #! /bin/sh ./gnutls-serv --http --x509certfile x509/cert.pem --x509keyfile x509/key.pem --x509cafile x509/ca.pem \ + --x509dsacertfile x509/cert-dsa.pem --x509dsakeyfile x509/key-dsa.pem \ --srppasswd srp/tpasswd --srppasswdconf srp/tpasswd.conf \ --pgpkeyfile openpgp/sec.asc --pgpcertfile openpgp/pub.asc $* diff --git a/src/serv-gaa.c b/src/serv-gaa.c index 584a1c2c0b..8cbda15bab 100644 --- a/src/serv-gaa.c +++ b/src/serv-gaa.c @@ -142,6 +142,8 @@ void gaa_help(void) __gaa_helpsingle(0, "pgpcertfile", "FILE ", "PGP Public Key (certificate) file to use."); __gaa_helpsingle(0, "x509keyfile", "FILE ", "X.509 key file to use."); __gaa_helpsingle(0, "x509certfile", "FILE ", "X.509 Certificate file to use."); + __gaa_helpsingle(0, "x509dsakeyfile", "FILE ", "Alternative X.509 key file to use."); + __gaa_helpsingle(0, "x509dsacertfile", "FILE ", "Alternative X.509 certificate file to use."); __gaa_helpsingle(0, "srppasswd", "FILE ", "SRP password file to use."); __gaa_helpsingle(0, "srppasswdconf", "FILE ", "SRP password conf file to use."); __gaa_helpsingle(0, "ciphers", "cipher1 cipher2... ", "Ciphers to enable."); @@ -168,34 +170,38 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 89 "serv.gaa" +#line 95 "serv.gaa" char **ctype; -#line 88 "serv.gaa" +#line 94 "serv.gaa" int nctype; -#line 85 "serv.gaa" +#line 91 "serv.gaa" char **kx; -#line 84 "serv.gaa" +#line 90 "serv.gaa" int nkx; -#line 81 "serv.gaa" +#line 87 "serv.gaa" char **macs; -#line 80 "serv.gaa" +#line 86 "serv.gaa" int nmacs; -#line 77 "serv.gaa" +#line 83 "serv.gaa" char **comp; -#line 76 "serv.gaa" +#line 82 "serv.gaa" int ncomp; -#line 73 "serv.gaa" +#line 79 "serv.gaa" char **proto; -#line 72 "serv.gaa" +#line 78 "serv.gaa" int nproto; -#line 69 "serv.gaa" +#line 75 "serv.gaa" char **ciphers; -#line 68 "serv.gaa" +#line 74 "serv.gaa" int nciphers; -#line 64 "serv.gaa" +#line 70 "serv.gaa" char *srp_passwd_conf; -#line 61 "serv.gaa" +#line 67 "serv.gaa" char *srp_passwd; +#line 64 "serv.gaa" + char *x509_dsacertfile; +#line 61 "serv.gaa" + char *x509_dsakeyfile; #line 58 "serv.gaa" char *x509_certfile; #line 55 "serv.gaa" @@ -282,7 +288,7 @@ static int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 29 +#define GAA_NB_OPTION 31 #define GAAOPTID_copyright 1 #define GAAOPTID_version 2 #define GAAOPTID_help 3 @@ -295,23 +301,25 @@ static int gaa_error = 0; #define GAAOPTID_ciphers 10 #define GAAOPTID_srppasswdconf 11 #define GAAOPTID_srppasswd 12 -#define GAAOPTID_x509certfile 13 -#define GAAOPTID_x509keyfile 14 -#define GAAOPTID_pgpcertfile 15 -#define GAAOPTID_pgpkeyfile 16 -#define GAAOPTID_pgptrustdb 17 -#define GAAOPTID_pgpkeyring 18 -#define GAAOPTID_x509crlfile 19 -#define GAAOPTID_x509cafile 20 -#define GAAOPTID_x509fmtder 21 -#define GAAOPTID_dhparams 22 -#define GAAOPTID_echo 23 -#define GAAOPTID_http 24 -#define GAAOPTID_nodb 25 -#define GAAOPTID_quiet 26 -#define GAAOPTID_port 27 -#define GAAOPTID_generate 28 -#define GAAOPTID_debug 29 +#define GAAOPTID_x509dsacertfile 13 +#define GAAOPTID_x509dsakeyfile 14 +#define GAAOPTID_x509certfile 15 +#define GAAOPTID_x509keyfile 16 +#define GAAOPTID_pgpcertfile 17 +#define GAAOPTID_pgpkeyfile 18 +#define GAAOPTID_pgptrustdb 19 +#define GAAOPTID_pgpkeyring 20 +#define GAAOPTID_x509crlfile 21 +#define GAAOPTID_x509cafile 22 +#define GAAOPTID_x509fmtder 23 +#define GAAOPTID_dhparams 24 +#define GAAOPTID_echo 25 +#define GAAOPTID_http 26 +#define GAAOPTID_nodb 27 +#define GAAOPTID_quiet 28 +#define GAAOPTID_port 29 +#define GAAOPTID_generate 30 +#define GAAOPTID_debug 31 #line 168 "gaa.skel" @@ -546,6 +554,18 @@ struct GAAOPTION_srppasswd int size1; }; +struct GAAOPTION_x509dsacertfile +{ + char* arg1; + int size1; +}; + +struct GAAOPTION_x509dsakeyfile +{ + char* arg1; + int size1; +}; + struct GAAOPTION_x509certfile { char* arg1; @@ -649,6 +669,8 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECK1STR("", GAAOPTID_ciphers); GAA_CHECK1STR("", GAAOPTID_srppasswdconf); GAA_CHECK1STR("", GAAOPTID_srppasswd); + GAA_CHECK1STR("", GAAOPTID_x509dsacertfile); + GAA_CHECK1STR("", GAAOPTID_x509dsakeyfile); GAA_CHECK1STR("", GAAOPTID_x509certfile); GAA_CHECK1STR("", GAAOPTID_x509keyfile); GAA_CHECK1STR("", GAAOPTID_pgpcertfile); @@ -688,6 +710,8 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("ciphers", GAAOPTID_ciphers); GAA_CHECKSTR("srppasswdconf", GAAOPTID_srppasswdconf); GAA_CHECKSTR("srppasswd", GAAOPTID_srppasswd); + GAA_CHECKSTR("x509dsacertfile", GAAOPTID_x509dsacertfile); + GAA_CHECKSTR("x509dsakeyfile", GAAOPTID_x509dsakeyfile); GAA_CHECKSTR("x509certfile", GAAOPTID_x509certfile); GAA_CHECKSTR("x509keyfile", GAAOPTID_x509keyfile); GAA_CHECKSTR("pgpcertfile", GAAOPTID_pgpcertfile); @@ -725,6 +749,8 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) struct GAAOPTION_ciphers GAATMP_ciphers; struct GAAOPTION_srppasswdconf GAATMP_srppasswdconf; struct GAAOPTION_srppasswd GAATMP_srppasswd; + struct GAAOPTION_x509dsacertfile GAATMP_x509dsacertfile; + struct GAAOPTION_x509dsakeyfile GAATMP_x509dsakeyfile; struct GAAOPTION_x509certfile GAATMP_x509certfile; struct GAAOPTION_x509keyfile GAATMP_x509keyfile; struct GAAOPTION_pgpcertfile GAATMP_pgpcertfile; @@ -758,28 +784,28 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_copyright: OK = 0; -#line 97 "serv.gaa" +#line 103 "serv.gaa" { print_serv_license(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_version: OK = 0; -#line 96 "serv.gaa" +#line 102 "serv.gaa" { serv_version(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_help: OK = 0; -#line 94 "serv.gaa" +#line 100 "serv.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_list: OK = 0; -#line 93 "serv.gaa" +#line 99 "serv.gaa" { print_list(); exit(0); ;}; return GAA_OK; @@ -787,7 +813,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ctypes: OK = 0; GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1); -#line 90 "serv.gaa" +#line 96 "serv.gaa" { gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;}; return GAA_OK; @@ -795,7 +821,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_kx: OK = 0; GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1); -#line 86 "serv.gaa" +#line 92 "serv.gaa" { gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;}; return GAA_OK; @@ -803,7 +829,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_macs: OK = 0; GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1); -#line 82 "serv.gaa" +#line 88 "serv.gaa" { gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;}; return GAA_OK; @@ -811,7 +837,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_comp: OK = 0; GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1); -#line 78 "serv.gaa" +#line 84 "serv.gaa" { gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;}; return GAA_OK; @@ -819,7 +845,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_protocols: OK = 0; GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1); -#line 74 "serv.gaa" +#line 80 "serv.gaa" { gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;}; return GAA_OK; @@ -827,7 +853,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ciphers: OK = 0; GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1); -#line 70 "serv.gaa" +#line 76 "serv.gaa" { gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;}; return GAA_OK; @@ -837,7 +863,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_srppasswdconf.arg1, gaa_getstr, GAATMP_srppasswdconf.size1); gaa_index++; -#line 65 "serv.gaa" +#line 71 "serv.gaa" { gaaval->srp_passwd_conf = GAATMP_srppasswdconf.arg1 ;}; return GAA_OK; @@ -847,11 +873,31 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr, GAATMP_srppasswd.size1); gaa_index++; -#line 62 "serv.gaa" +#line 68 "serv.gaa" { gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;}; return GAA_OK; break; + case GAAOPTID_x509dsacertfile: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_x509dsacertfile.arg1, gaa_getstr, GAATMP_x509dsacertfile.size1); + gaa_index++; +#line 65 "serv.gaa" +{ gaaval->x509_dsacertfile = GAATMP_x509dsacertfile.arg1 ;}; + + return GAA_OK; + break; + case GAAOPTID_x509dsakeyfile: + OK = 0; + GAA_TESTMOREARGS; + GAA_FILL(GAATMP_x509dsakeyfile.arg1, gaa_getstr, GAATMP_x509dsakeyfile.size1); + gaa_index++; +#line 62 "serv.gaa" +{ gaaval->x509_dsakeyfile = GAATMP_x509dsakeyfile.arg1 ;}; + + return GAA_OK; + break; case GAAOPTID_x509certfile: OK = 0; GAA_TESTMOREARGS; @@ -1028,12 +1074,13 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 100 "serv.gaa" +#line 106 "serv.gaa" { gaaval->generate=0; gaaval->port=5556; gaaval->http=0; gaaval->ciphers=NULL; gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0; gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->nodb = 0; gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL; gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->x509_crlfile = NULL; + gaaval->x509_dsakeyfile=NULL; gaaval->x509_dsacertfile=NULL; gaaval->srp_passwd=NULL; gaaval->srp_passwd_conf=NULL; gaaval->quiet = 0; gaaval->pgp_trustdb=NULL; gaaval->pgp_keyring=NULL; gaaval->fmtder = 0; gaaval->dh_params_file=NULL; gaaval->debug=0; ;}; diff --git a/src/serv-gaa.h b/src/serv-gaa.h index e837b7f160..373bfab9ed 100644 --- a/src/serv-gaa.h +++ b/src/serv-gaa.h @@ -8,34 +8,38 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 89 "serv.gaa" +#line 95 "serv.gaa" char **ctype; -#line 88 "serv.gaa" +#line 94 "serv.gaa" int nctype; -#line 85 "serv.gaa" +#line 91 "serv.gaa" char **kx; -#line 84 "serv.gaa" +#line 90 "serv.gaa" int nkx; -#line 81 "serv.gaa" +#line 87 "serv.gaa" char **macs; -#line 80 "serv.gaa" +#line 86 "serv.gaa" int nmacs; -#line 77 "serv.gaa" +#line 83 "serv.gaa" char **comp; -#line 76 "serv.gaa" +#line 82 "serv.gaa" int ncomp; -#line 73 "serv.gaa" +#line 79 "serv.gaa" char **proto; -#line 72 "serv.gaa" +#line 78 "serv.gaa" int nproto; -#line 69 "serv.gaa" +#line 75 "serv.gaa" char **ciphers; -#line 68 "serv.gaa" +#line 74 "serv.gaa" int nciphers; -#line 64 "serv.gaa" +#line 70 "serv.gaa" char *srp_passwd_conf; -#line 61 "serv.gaa" +#line 67 "serv.gaa" char *srp_passwd; +#line 64 "serv.gaa" + char *x509_dsacertfile; +#line 61 "serv.gaa" + char *x509_dsakeyfile; #line 58 "serv.gaa" char *x509_certfile; #line 55 "serv.gaa" diff --git a/src/serv.c b/src/serv.c index deaffdb6d3..a08ea06ab9 100644 --- a/src/serv.c +++ b/src/serv.c @@ -48,7 +48,7 @@ static int port = 0; static int x509ctype; static int debug; -static int quiet; +int verbose; static int nodb; char *srp_passwd; @@ -59,6 +59,8 @@ char *pgp_keyfile; char *pgp_certfile; char *x509_keyfile; char *x509_certfile; +char *x509_dsakeyfile; +char *x509_dsacertfile; char *x509_cafile; char *dh_params_file; char *x509_crlfile = NULL; @@ -331,7 +333,7 @@ char *peer_print_info(gnutls_session session, int *ret_length, if (http_buffer == NULL) return NULL; - if (quiet != 0) { + if (verbose != 0) { strcpy(http_buffer, HTTP_BEGIN); strcpy(&http_buffer[sizeof(HTTP_BEGIN) - 1], DEFAULT_DATA); @@ -668,6 +670,16 @@ int main(int argc, char **argv) exit(1); } + if (x509_dsacertfile != NULL) + if ((ret = gnutls_certificate_set_x509_key_file + (cert_cred, x509_dsacertfile, x509_dsakeyfile, x509ctype)) < 0) { + fprintf(stderr, + "Error reading '%s' or '%s'\n", x509_dsacertfile, + x509_dsakeyfile); + GERR(ret); + exit(1); + } + if (generate != 0 || read_dh_params != NULL) { gnutls_certificate_set_params_function( cert_cred, get_params); /* gnutls_certificate_set_dh_params(cert_cred, dh_params); @@ -777,7 +789,7 @@ int main(int argc, char **argv) gnutls_transport_set_ptr(tls_session, (gnutls_transport_ptr)accept_fd); j->handshake_ok = 0; - if (quiet == 0) { + if (verbose == 0) { tt = time(0); ctt = ctime(&tt); ctt[strlen(ctt) - 1] = 0; @@ -815,10 +827,10 @@ int main(int argc, char **argv) j->http_state = HTTP_STATE_CLOSING; } else if (r == 0) { if (gnutls_session_is_resumed(j->tls_session) != 0 - && quiet == 0) + && verbose == 0) printf("*** This is a resumed session\n"); - if (quiet == 0) { + if (verbose == 0) { printf("\n* connection from %s, port %d\n", inet_ntop(AF_INET, &client_address.sin_addr, topbuf, sizeof(topbuf)), @@ -890,9 +902,9 @@ int main(int argc, char **argv) } while (ret == GNUTLS_E_AGAIN); } else if (r == 0) { if (gnutls_session_is_resumed(j->tls_session) != 0 - && quiet == 0) + && verbose == 0) printf("*** This is a resumed session\n"); - if (quiet == 0) { + if (verbose == 0) { printf("- connection from %s, port %d\n", inet_ntop(AF_INET, &client_address.sin_addr, topbuf, sizeof(topbuf)), @@ -988,7 +1000,7 @@ void gaa_parser(int argc, char **argv) } debug = info.debug; - quiet = info.quiet; + verbose = info.quiet; nodb = info.nodb; if (info.http == 0) @@ -1012,6 +1024,8 @@ void gaa_parser(int argc, char **argv) x509_certfile = info.x509_certfile; x509_keyfile = info.x509_keyfile; + x509_dsacertfile = info.x509_dsacertfile; + x509_dsakeyfile = info.x509_dsakeyfile; x509_cafile = info.x509_cafile; x509_crlfile = info.x509_crlfile; pgp_certfile = info.pgp_certfile; @@ -1039,7 +1053,7 @@ void serv_version(void) /* session resuming support */ #define SESSION_ID_SIZE 32 -#define SESSION_DATA_SIZE 2048 +#define SESSION_DATA_SIZE 3*1024 typedef struct { char session_id[SESSION_ID_SIZE]; diff --git a/src/serv.gaa b/src/serv.gaa index c4dcf0c871..09f54e835c 100644 --- a/src/serv.gaa +++ b/src/serv.gaa @@ -58,6 +58,12 @@ option (x509keyfile) STR "FILE" { $x509_keyfile = $1 } "X.509 key file to use." #char *x509_certfile; option (x509certfile) STR "FILE" { $x509_certfile = $1 } "X.509 Certificate file to use." +#char *x509_dsakeyfile; +option (x509dsakeyfile) STR "FILE" { $x509_dsakeyfile = $1 } "Alternative X.509 key file to use." + +#char *x509_dsacertfile; +option (x509dsacertfile) STR "FILE" { $x509_dsacertfile = $1 } "Alternative X.509 certificate file to use." + #char *srp_passwd; option (srppasswd) STR "FILE" { $srp_passwd = $1 } "SRP password file to use." @@ -102,6 +108,7 @@ init { $generate=0; $port=5556; $http=0; $ciphers=NULL; $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $nodb = 0; $x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL; $x509_keyfile=NULL; $x509_certfile=NULL; $x509_crlfile = NULL; + $x509_dsakeyfile=NULL; $x509_dsacertfile=NULL; $srp_passwd=NULL; $srp_passwd_conf=NULL; $quiet = 0; $pgp_trustdb=NULL; $pgp_keyring=NULL; $fmtder = 0; $dh_params_file=NULL; $debug=0; } diff --git a/src/tests.c b/src/tests.c index 580bc5cc58..547ab392fe 100644 --- a/src/tests.c +++ b/src/tests.c @@ -41,8 +41,7 @@ extern gnutls_srp_client_credentials srp_cred; extern gnutls_anon_client_credentials anon_cred; extern gnutls_certificate_credentials xcred; -extern int more_info; -static int dh_bits; +extern int verbose; int tls1_ok = 0; int ssl3_ok = 0; @@ -65,7 +64,7 @@ int ret, alert; handshake_output = ret; - if (ret < 0 && more_info > 1) { + if (ret < 0 && verbose > 1) { if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { alert = gnutls_alert_get( session); @@ -75,7 +74,7 @@ int ret, alert; } } - if (ret < 0) return GFAILED; + if (ret < 0) return TEST_FAILED; gnutls_session_get_data(session, NULL, &session_data_size); @@ -94,7 +93,7 @@ int ret, alert; session_id_size = sizeof( session_id); gnutls_session_get_id(session, session_id, &session_id_size); - return SUCCEED; + return TEST_SUCCEED; } static int protocol_priority[16] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; @@ -197,7 +196,7 @@ int _test_srp_username_callback( gnutls_session session, unsigned int times, return -1; } -int test_srp( gnutls_session session) { +test_code_t test_srp( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); @@ -208,20 +207,25 @@ int ret; ADD_KX(session, GNUTLS_KX_SRP); srp_detected = 0; + + gnutls_srp_set_client_credentials_function(srp_cred, + _test_srp_username_callback); gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); ret = do_handshake( session); - if (srp_detected != 0) return SUCCEED; - else return GFAILED; + gnutls_srp_set_client_credentials_function(srp_cred, NULL); + + if (srp_detected != 0) return TEST_SUCCEED; + else return TEST_FAILED; } #endif static int export_true = 0; static gnutls_datum exp = { NULL, 0 }, mod = {NULL, 0}; -int test_export( gnutls_session session) +test_code_t test_export( gnutls_session session) { int ret; @@ -236,7 +240,7 @@ int ret; ret = do_handshake( session); - if (ret == SUCCEED) { + if (ret == TEST_SUCCEED) { export_true = 1; gnutls_rsa_export_get_pubkey( session, &exp, &mod); } @@ -244,15 +248,14 @@ int ret; return ret; } -int test_export_info( gnutls_session session) +test_code_t test_export_info( gnutls_session session) { int ret2, ret; gnutls_datum exp2, mod2; const char* print; - if (more_info == 0) return SUCCEED; - if (export_true == 0) return GFAILED; - + if (verbose == 0 || export_true==0) return TEST_IGNORE; + ADD_ALL_COMP(session); ADD_ALL_CERTTYPES(session); ADD_ALL_PROTOCOLS(session); @@ -264,7 +267,7 @@ const char* print; ret = do_handshake( session); - if (ret == SUCCEED) { + if (ret == TEST_SUCCEED) { ret2 = gnutls_rsa_export_get_pubkey( session, &exp2, &mod2); if (ret2 >= 0) { printf("\n"); @@ -291,7 +294,7 @@ const char* print; static gnutls_datum pubkey = { NULL , 0 }; -int test_dhe( gnutls_session session) +test_code_t test_dhe( gnutls_session session) { int ret; @@ -305,21 +308,19 @@ int ret; gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake( session); - dh_bits = gnutls_dh_get_prime_bits( session); - if (dh_bits < 0) dh_bits = 0; gnutls_dh_get_pubkey( session, &pubkey); return ret; } -int test_dhe_group( gnutls_session session) +test_code_t test_dhe_group( gnutls_session session) { int ret, ret2; gnutls_datum gen, prime, pubkey2; const char* print; - if (more_info == 0) return SUCCEED; + if (verbose == 0 || pubkey.data==NULL) return TEST_IGNORE; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -357,7 +358,7 @@ const char* print; return ret; } -int test_ssl3( gnutls_session session) +test_code_t test_ssl3( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); @@ -369,7 +370,7 @@ int ret; gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake( session); - if (ret==SUCCEED) ssl3_ok = 1; + if (ret==TEST_SUCCEED) ssl3_ok = 1; return ret; } @@ -380,7 +381,7 @@ void got_alarm(int k) alrm = 1; } -int test_bye( gnutls_session session) { +test_code_t test_bye( gnutls_session session) { int ret; char data[20]; int old, secs = 6; @@ -398,10 +399,10 @@ int old, secs = 6; gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake( session); - if (ret==GFAILED) return ret; + if (ret==TEST_FAILED) return ret; ret = gnutls_bye( session, GNUTLS_SHUT_WR); - if (ret<0) return GFAILED; + if (ret<0) return TEST_FAILED; #ifndef _WIN32 old = siginterrupt( SIGALRM, 1); @@ -421,16 +422,16 @@ int old, secs = 6; WSAGetLastError() == WSAECONNABORTED) alrm = 1; #endif - if (ret==0) return SUCCEED; + if (ret==0) return TEST_SUCCEED; - if (alrm == 0) return UNSURE; + if (alrm == 0) return TEST_UNSURE; - return GFAILED; + return TEST_FAILED; } -int test_aes( gnutls_session session) { +test_code_t test_aes( gnutls_session session) { int ret; ADD_CIPHER(session, GNUTLS_CIPHER_AES_128_CBC); ADD_ALL_COMP(session); @@ -444,7 +445,7 @@ int ret; return ret; } -int test_openpgp1( gnutls_session session) { +test_code_t test_openpgp1( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -455,15 +456,15 @@ int ret; gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake( session); - if (ret==GFAILED) return ret; + if (ret==TEST_FAILED) return ret; if ( gnutls_certificate_type_get(session) == GNUTLS_CRT_OPENPGP) - return SUCCEED; + return TEST_SUCCEED; - return GFAILED; + return TEST_FAILED; } -int test_unknown_ciphersuites( gnutls_session session) { +test_code_t test_unknown_ciphersuites( gnutls_session session) { int ret; ADD_CIPHER3(session, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128); @@ -478,7 +479,7 @@ int ret; return ret; } -int test_md5( gnutls_session session) { +test_code_t test_md5( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -493,7 +494,7 @@ int ret; } #ifdef HAVE_LIBZ -int test_zlib( gnutls_session session) { +test_code_t test_zlib( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); ADD_COMP(session, GNUTLS_COMP_ZLIB); @@ -508,7 +509,7 @@ int ret; } #endif -int test_lzo( gnutls_session session) { +test_code_t test_lzo( gnutls_session session) { int ret; gnutls_handshake_set_private_extensions( session, 1); @@ -525,7 +526,7 @@ int ret; return ret; } -int test_sha( gnutls_session session) +test_code_t test_sha( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); @@ -540,7 +541,7 @@ int ret; return ret; } -int test_rmd( gnutls_session session) +test_code_t test_rmd( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); @@ -555,7 +556,7 @@ int ret; return ret; } -int test_3des( gnutls_session session) +test_code_t test_3des( gnutls_session session) { int ret; ADD_CIPHER(session, GNUTLS_CIPHER_3DES_CBC); @@ -570,7 +571,7 @@ int ret; return ret; } -int test_arcfour( gnutls_session session) { +test_code_t test_arcfour( gnutls_session session) { int ret; ADD_CIPHER(session, GNUTLS_CIPHER_ARCFOUR_128); ADD_ALL_COMP(session); @@ -584,7 +585,7 @@ int ret; return ret; } -int test_arcfour_40( gnutls_session session) { +test_code_t test_arcfour_40( gnutls_session session) { int ret; ADD_CIPHER(session, GNUTLS_CIPHER_ARCFOUR_40); ADD_ALL_COMP(session); @@ -598,7 +599,7 @@ int ret; return ret; } -int test_tls1( gnutls_session session) +test_code_t test_tls1( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); @@ -610,13 +611,13 @@ int ret; gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake( session); - if (ret==SUCCEED) tls1_ok = 1; + if (ret==TEST_SUCCEED) tls1_ok = 1; return ret; } -int test_tls1_1( gnutls_session session) +test_code_t test_tls1_1( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); @@ -628,15 +629,17 @@ int ret; gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake( session); - if (ret==SUCCEED) tls1_1_ok = 1; + if (ret==TEST_SUCCEED) tls1_1_ok = 1; return ret; } -int test_tls1_1_fallback( gnutls_session session) +test_code_t test_tls1_1_fallback( gnutls_session session) { int ret; + if (tls1_1_ok) return TEST_IGNORE; + ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); ADD_ALL_CERTTYPES(session); @@ -645,25 +648,25 @@ int ret; ADD_ALL_KX(session); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); - if (tls1_1_ok) return UNSURE; - ret = do_handshake( session); - if (ret!=SUCCEED) return GFAILED; + if (ret!=TEST_SUCCEED) return TEST_FAILED; if (gnutls_protocol_get_version( session)==GNUTLS_TLS1) - return SUCCEED; + return TEST_SUCCEED; else if (gnutls_protocol_get_version( session)==GNUTLS_SSL3) - return UNSURE; + return TEST_UNSURE; - return GFAILED; + return TEST_FAILED; } /* Advertize both TLS 1.0 and SSL 3.0. If the connection fails, * but the previous SSL 3.0 test succeeded then disable TLS 1.0. */ -int test_tls_disable( gnutls_session session) { +test_code_t test_tls_disable( gnutls_session session) { int ret; + if (tls1_ok!=0) return TEST_IGNORE; + ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); ADD_ALL_CERTTYPES(session); @@ -673,7 +676,7 @@ int ret; gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake( session); - if (ret==GFAILED) { + if (ret==TEST_FAILED) { /* disable TLS 1.0 */ if (ssl3_ok!=0) { protocol_priority[0] = GNUTLS_SSL3; @@ -684,7 +687,7 @@ int ret; } -int test_rsa_pms( gnutls_session session) { +test_code_t test_rsa_pms( gnutls_session session) { int ret; /* here we enable both SSL 3.0 and TLS 1.0 @@ -701,13 +704,13 @@ int ret; gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake( session); - if (ret == GFAILED) return GFAILED; + if (ret == TEST_FAILED) return TEST_FAILED; - if (gnutls_protocol_get_version(session)==GNUTLS_TLS1) return SUCCEED; - return UNSURE; + if (gnutls_protocol_get_version(session)==GNUTLS_TLS1) return TEST_SUCCEED; + return TEST_UNSURE; } -int test_max_record_size( gnutls_session session) { +test_code_t test_max_record_size( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -719,15 +722,15 @@ int ret; gnutls_record_set_max_size( session, 512); ret = do_handshake( session); - if (ret == GFAILED) return ret; + if (ret == TEST_FAILED) return ret; ret = gnutls_record_get_max_size(session); - if (ret==512) return SUCCEED; + if (ret==512) return TEST_SUCCEED; - return GFAILED; + return TEST_FAILED; } -int test_hello_extension( gnutls_session session) { +test_code_t test_hello_extension( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -745,9 +748,10 @@ int ret; void _gnutls_record_set_default_version(gnutls_session session, unsigned char major, unsigned char minor); -int test_version_rollback( gnutls_session session) { +test_code_t test_version_rollback( gnutls_session session) +{ int ret; - if (tls1_ok==0) return UNSURE; + if (tls1_ok==0) return TEST_IGNORE; /* here we enable both SSL 3.0 and TLS 1.0 * and we connect using a 3.1 client hello version, @@ -766,19 +770,19 @@ int ret; _gnutls_record_set_default_version( session, 3, 0); ret = do_handshake( session); - if (ret!=SUCCEED) return ret; + if (ret!=TEST_SUCCEED) return ret; if (tls1_ok!=0 && gnutls_protocol_get_version( session)==GNUTLS_SSL3) - return GFAILED; + return TEST_FAILED; - return SUCCEED; + return TEST_SUCCEED; } /* See if the server tolerates out of bounds * record layer versions in the first client hello * message. */ -int test_version_oob( gnutls_session session) { +test_code_t test_version_oob( gnutls_session session) { int ret; /* here we enable both SSL 3.0 and TLS 1.0 * and we connect using a 5.5 record version. @@ -799,7 +803,7 @@ int ret; void _gnutls_rsa_pms_set_version(gnutls_session session, unsigned char major, unsigned char minor); -int test_rsa_pms_version_check( gnutls_session session) +test_code_t test_rsa_pms_version_check( gnutls_session session) { int ret; /* here we use an arbitary version in the RSA PMS @@ -822,7 +826,7 @@ int ret; } #ifdef ENABLE_ANON -int test_anonymous( gnutls_session session) { +test_code_t test_anonymous( gnutls_session session) { int ret; ADD_ALL_CIPHERS(session); @@ -834,20 +838,21 @@ int ret; gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred); ret = do_handshake( session); - dh_bits = gnutls_dh_get_prime_bits( session); - if (dh_bits < 0) dh_bits = 0; + + if (ret == TEST_SUCCEED) + gnutls_dh_get_pubkey( session, &pubkey); return ret; } #endif -int test_session_resume2( gnutls_session session) +test_code_t test_session_resume2( gnutls_session session) { int ret; char tmp_session_id[32]; int tmp_session_id_size; - if (session == NULL) return UNSURE; + if (session == NULL) return TEST_IGNORE; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -865,28 +870,29 @@ int tmp_session_id_size; tmp_session_id_size = session_id_size; ret = do_handshake( session); - if (ret == GFAILED) return ret; + if (ret == TEST_FAILED) return ret; /* check if we actually resumed the previous session */ session_id_size = sizeof(session_id); gnutls_session_get_id(session, session_id, &session_id_size); - if (gnutls_session_is_resumed( session)) return SUCCEED; + if (gnutls_session_is_resumed( session)) return TEST_SUCCEED; if (memcmp(tmp_session_id, session_id, tmp_session_id_size) == 0) - return SUCCEED; + return TEST_SUCCEED; else - return GFAILED; + return TEST_FAILED; } extern char* hostname; -int test_certificate( gnutls_session session) { +test_code_t test_certificate( gnutls_session session) +{ int ret; - if (more_info == 0) return SUCCEED; + if (verbose == 0) return TEST_IGNORE; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -898,12 +904,12 @@ int ret; gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake( session); - if (ret == GFAILED) return ret; + if (ret == TEST_FAILED) return ret; printf("\n"); print_cert_info( session, hostname); - return SUCCEED; + return TEST_SUCCEED; } /* A callback function to be used at the certificate selection time. @@ -917,7 +923,7 @@ char issuer_dn[256]; int i, ret; size_t len; - if (more_info == 0) return -1; + if (verbose == 0) return -1; /* Print the server's trusted CAs */ @@ -944,11 +950,11 @@ size_t len; /* Prints the trusted server's CAs. This is only * if the server sends a certificate request packet. */ -int test_server_cas( gnutls_session session) +test_code_t test_server_cas( gnutls_session session) { int ret; - if (more_info == 0) return SUCCEED; + if (verbose == 0) return TEST_IGNORE; ADD_ALL_CIPHERS(session); ADD_ALL_COMP(session); @@ -963,8 +969,8 @@ int ret; ret = do_handshake( session); gnutls_certificate_client_set_retrieve_function( xcred, NULL); - if (ret ==GFAILED) return ret; - return SUCCEED; + if (ret ==TEST_FAILED) return ret; + return TEST_SUCCEED; } diff --git a/src/tests.h b/src/tests.h index 8eafd3f775..e256f11686 100644 --- a/src/tests.h +++ b/src/tests.h @@ -1,40 +1,40 @@ -#define SUCCEED 1 -#define GFAILED 0 -#define UNSURE -1 +typedef enum { + TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE +} test_code_t; -int test_srp( gnutls_session state); -int test_export( gnutls_session state); -int test_export_info( gnutls_session state); -int test_hello_extension( gnutls_session state); -int test_dhe( gnutls_session state); -int test_dhe_group( gnutls_session state); -int test_ssl3( gnutls_session state); -int test_aes( gnutls_session state); -int test_md5( gnutls_session state); -int test_sha( gnutls_session state); -int test_rmd( gnutls_session state); -int test_3des( gnutls_session state); -int test_arcfour( gnutls_session state); -int test_arcfour_40( gnutls_session state); -int test_tls1( gnutls_session state); -int test_tls1_1( gnutls_session state); -int test_tls1_1_fallback( gnutls_session state); -int test_tls_disable( gnutls_session state); -int test_rsa_pms( gnutls_session state); -int test_max_record_size( gnutls_session state); -int test_version_rollback( gnutls_session state); -int test_anonymous( gnutls_session state); -int test_unknown_ciphersuites( gnutls_session state); -int test_openpgp1( gnutls_session state); -int test_bye( gnutls_session state); -int test_certificate( gnutls_session state); -int test_server_cas( gnutls_session state); -int test_session_resume2( gnutls_session state); -int test_rsa_pms_version_check( gnutls_session session); -int test_version_oob( gnutls_session session); -int test_zlib( gnutls_session session); -int test_lzo( gnutls_session session); +test_code_t test_srp( gnutls_session state); +test_code_t test_export( gnutls_session state); +test_code_t test_export_info( gnutls_session state); +test_code_t test_hello_extension( gnutls_session state); +test_code_t test_dhe( gnutls_session state); +test_code_t test_dhe_group( gnutls_session state); +test_code_t test_ssl3( gnutls_session state); +test_code_t test_aes( gnutls_session state); +test_code_t test_md5( gnutls_session state); +test_code_t test_sha( gnutls_session state); +test_code_t test_rmd( gnutls_session state); +test_code_t test_3des( gnutls_session state); +test_code_t test_arcfour( gnutls_session state); +test_code_t test_arcfour_40( gnutls_session state); +test_code_t test_tls1( gnutls_session state); +test_code_t test_tls1_1( gnutls_session state); +test_code_t test_tls1_1_fallback( gnutls_session state); +test_code_t test_tls_disable( gnutls_session state); +test_code_t test_rsa_pms( gnutls_session state); +test_code_t test_max_record_size( gnutls_session state); +test_code_t test_version_rollback( gnutls_session state); +test_code_t test_anonymous( gnutls_session state); +test_code_t test_unknown_ciphersuites( gnutls_session state); +test_code_t test_openpgp1( gnutls_session state); +test_code_t test_bye( gnutls_session state); +test_code_t test_certificate( gnutls_session state); +test_code_t test_server_cas( gnutls_session state); +test_code_t test_session_resume2( gnutls_session state); +test_code_t test_rsa_pms_version_check( gnutls_session session); +test_code_t test_version_oob( gnutls_session session); +test_code_t test_zlib( gnutls_session session); +test_code_t test_lzo( gnutls_session session); int _test_srp_username_callback( gnutls_session session, unsigned int times, - char** username, char** password); + char** username, char** password); diff --git a/src/tls_test.c b/src/tls_test.c index 10dc01e734..9ef546630b 100644 --- a/src/tls_test.c +++ b/src/tls_test.c @@ -59,7 +59,7 @@ gnutls_certificate_credentials xcred; /* end of global stuff */ -int more_info = 0; +int verbose = 0; extern int tls1_ok; extern int tls1_1_ok; @@ -70,7 +70,7 @@ static void tls_log_func( int level, const char* str) fprintf(stderr, "|<%d>| %s", level, str); } -typedef int (*TEST_FUNC)( gnutls_session); +typedef test_code_t (*TEST_FUNC)( gnutls_session); typedef struct { char* test_name; @@ -103,13 +103,13 @@ static const TLS_TEST tls_tests[] = { */ { "whether the server supports session resumption", test_session_resume2, "yes", "no", "dunno"}, { "for export-grade ciphersuite support", test_export, "yes", "no", "dunno" }, - { "for export-grade ciphersuite info", test_export_info, "", "N/A", "N/A" }, + { "RSA-export ciphersuite info", test_export_info, "", "N/A", "N/A" }, #ifdef ENABLE_ANON { "for anonymous authentication support", test_anonymous, "yes", "no", "dunno"}, - { "for anonymous Diffie Hellman group info", test_dhe_group, "", "N/A", "N/A" }, + { "anonymous Diffie Hellman group info", test_dhe_group, "", "N/A", "N/A" }, #endif { "for ephemeral Diffie Hellman support", test_dhe, "yes", "no", "dunno" }, - { "for ephemeral Diffie Hellman group info", test_dhe_group, "", "N/A", "N/A" }, + { "ephemeral Diffie Hellman group info", test_dhe_group, "", "N/A", "N/A" }, { "for AES cipher support (TLS extension)", test_aes, "yes", "no", "dunno"}, { "for 3DES cipher support", test_3des, "yes", "no", "dunno"}, { "for ARCFOUR 128 cipher support", test_arcfour, "yes", "no", "dunno"}, @@ -196,8 +196,6 @@ int main(int argc, char **argv) fprintf(stderr, "memory error\n"); exit(1); } - gnutls_srp_set_client_credentials_function(srp_cred, - _test_srp_username_callback); #endif #ifdef ENABLE_ANON @@ -225,15 +223,21 @@ int main(int argc, char **argv) gnutls_init(&state, GNUTLS_CLIENT); gnutls_transport_set_ptr(state, (gnutls_transport_ptr)sd); - printf("Checking %s...", tls_tests[i].test_name); + do { + printf("Checking %s...", tls_tests[i].test_name); - if ((ret=tls_tests[i].func( state)) == SUCCEED) { - printf(" %s\n", tls_tests[i].suc_str); - if (i==0) tls1_ok = 1; - if (i==1) ssl3_ok = 1; - } else if (ret==GFAILED) - printf(" %s\n", tls_tests[i].fail_str); - else printf(" %s\n", tls_tests[i].unsure_str); + ret = tls_tests[i].func( state); + + if (ret == TEST_SUCCEED) + printf(" %s\n", tls_tests[i].suc_str); + else if (ret==TEST_FAILED) + printf(" %s\n", tls_tests[i].fail_str); + else if (ret == TEST_UNSURE) printf(" %s\n", tls_tests[i].unsure_str); + else if (ret == TEST_IGNORE) { + printf(" N/A\n"); + i++; + } + } while( ret == TEST_IGNORE && tls_tests[i].test_name != NULL); gnutls_deinit(state); @@ -269,7 +273,7 @@ void gaa_parser(int argc, char **argv) debug = info.debug; - more_info = info.more_info; + verbose = info.more_info; } |