diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-28 15:17:50 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-28 15:17:50 +0000 |
commit | 291e102c0618d6c342e6d6abf4c4cc0be5d333f5 (patch) | |
tree | a6b20d1dc9fd0ae10daa36f9bf3ea552db6d8288 | |
parent | ff4c7c67a36b23114cbb9175820826ee048f5edb (diff) | |
download | gnutls-291e102c0618d6c342e6d6abf4c4cc0be5d333f5.tar.gz |
updated the client retrieval certificate callback.
-rw-r--r-- | lib/auth_cert.c | 20 | ||||
-rw-r--r-- | lib/auth_cert.h | 11 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 23 | ||||
-rw-r--r-- | lib/gnutls_random.c | 8 | ||||
-rw-r--r-- | lib/gnutls_ui.h | 9 |
5 files changed, 29 insertions, 42 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c index d069ac6685..de770cc358 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -110,10 +110,8 @@ int _gnutls_copy_certificate_auth_info(CERTIFICATE_AUTH_INFO info, * -1 otherwise. */ inline - static int _gnutls_check_pk_algo_in_list(gnutls_pk_algorithm * - pk_algos, int pk_algos_length, - gnutls_pk_algorithm - algo_to_check) +static int _gnutls_check_pk_algo_in_list(const gnutls_pk_algorithm *pk_algos, + int pk_algos_length, gnutls_pk_algorithm algo_to_check) { int i; for (i = 0; i < pk_algos_length; i++) { @@ -131,7 +129,7 @@ inline */ static int _find_x509_cert(const gnutls_certificate_credentials cred, opaque * _data, size_t _data_size, - gnutls_pk_algorithm * pk_algos, + const gnutls_pk_algorithm * pk_algos, int pk_algos_length, int *indx) { uint size; @@ -401,15 +399,17 @@ static int call_client_cert_callback(gnutls_session session, OPENPGP_KEY_DEINIT _E_gnutls_openpgp_key_deinit; OPENPGP_PRIVKEY_DEINIT _E_gnutls_openpgp_privkey_deinit; + /* Calls the client get callback. */ static int call_get_cert_callback( gnutls_session session, - gnutls_datum* issuers_dn, int issuers_dn_length) + gnutls_datum* issuers_dn, int issuers_dn_length, + gnutls_pk_algorithm* pk_algos, int pk_algos_length) { uint i; gnutls_cert *local_certs = NULL; gnutls_privkey *local_key = NULL; -retr_st st; +gnutls_retr_st st; int ret; gnutls_certificate_type type = gnutls_certificate_type_get(session); @@ -431,6 +431,7 @@ const gnutls_certificate_credentials cred; ret = cred->client_get_cert_callback(session, issuers_dn, issuers_dn_length, + pk_algos, pk_algos_length, &st); } @@ -547,7 +548,8 @@ static int _select_client_cert(gnutls_session session, } if (cred->client_get_cert_callback) { - result = call_get_cert_callback( session, issuers_dn, issuers_dn_length); + result = call_get_cert_callback( session, issuers_dn, issuers_dn_length, + pk_algos, pk_algos_length); goto cleanup; } @@ -1621,7 +1623,7 @@ int _gnutls_server_select_cert(gnutls_session session, */ if (cred->server_get_cert_callback != NULL) { - return call_get_cert_callback( session, NULL, 0); + return call_get_cert_callback( session, NULL, 0, NULL, 0); } else if (session->internals.server_cert_callback != NULL && cred->ncerts > 0) { diff --git a/lib/auth_cert.h b/lib/auth_cert.h index 3e26c21207..d99991a9b7 100644 --- a/lib/auth_cert.h +++ b/lib/auth_cert.h @@ -19,14 +19,15 @@ typedef struct retr_st { } key; uint deinit_all; -} retr_st; +} gnutls_retr_st; -typedef int gnutls_certificate_client_retrieve_function( - struct gnutls_session_int*, const gnutls_datum* req_ca_cert, int nreqs, - retr_st*); +typedef int gnutls_certificate_client_retrieve_function(gnutls_session, + const gnutls_datum* req_ca_rdn, int nreqs, + const gnutls_pk_algorithm* pk_algos, int pk_algos_length, + gnutls_retr_st *); typedef int gnutls_certificate_server_retrieve_function( - struct gnutls_session_int*, retr_st*); + struct gnutls_session_int*, gnutls_retr_st*); /* This structure may be complex, but it's the only way to * support a server that has multiple certificates diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index cf53a40ba7..62e1d71a87 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -327,14 +327,9 @@ void gnutls_certificate_server_set_select_function(gnutls_session session, * to be used in the handshake. * The callback's function prototype is: * int (*callback)(gnutls_session, const gnutls_datum* req_ca_dn, int nreqs, - * gnutls_datum **cert, unsigned int *ncerts, gnutls_key* key); + * gnutls_pk_algorithm* pk_algos, int pk_algos_length, gnutls_retr_st st); * - * @cert should contain @ncerts gnutls_datum structures which hold - * the raw certificates (DER for X.509 or binary for OpenPGP), of the - * client. Those should be allocated with gnutls_malloc(). The certificate - * type to be sent should be obtained using gnutls_certificate_type_get(); - * - * @key should contain a private key. + * @st should contain the certificates and private keys. * * @req_ca_cert, is only used in X.509 certificates. * Contains a list with the CA names that the server considers trusted. @@ -342,6 +337,9 @@ void gnutls_certificate_server_set_select_function(gnutls_session session, * by one of these CAs. These names are DER encoded. To get a more * meaningful value use the function gnutls_x509_rdn_get(). * + * @pk_algos, contains a list with server's acceptable signature algorithms. + * The certificate returned should support the server's given algorithms. + * * If the callback function is provided then gnutls will call it, in the * handshake, after the certificate request message has been received. * @@ -363,15 +361,10 @@ void gnutls_certificate_client_set_retrieve_function(gnutls_certificate_credenti * This function sets a callback to be called in order to retrieve the certificate * to be used in the handshake. * The callback's function prototype is: - * int (*callback)(gnutls_session, gnutls_datum **cert, unsigned int *ncerts - * gnutls_key* key); - * - * @cert should contain @ncerts gnutls_datum structures which hold - * the raw certificates (DER for X.509 or binary for OpenPGP), of the - * server. Those should be allocated with gnutls_malloc(). The certificate - * type to be sent should be obtained using gnutls_certificate_type_get(); + * int (*callback)(gnutls_session, const gnutls_datum* req_ca_dn, int nreqs, + * gnutls_pk_algorithm* pk_algos, int pk_algos_length, gnutls_retr_st st); * - * @key should contain a private key. + * @st should contain the certificates and private keys. * * If the callback function is provided then gnutls will call it, in the * handshake, after the certificate request message has been received. diff --git a/lib/gnutls_random.c b/lib/gnutls_random.c index 7500910cfa..01e61d4c54 100644 --- a/lib/gnutls_random.c +++ b/lib/gnutls_random.c @@ -26,14 +26,6 @@ #include <gnutls_int.h> #include <gnutls_random.h> #include <gnutls_errors.h> -#ifndef USE_GCRYPT -# ifdef HAVE_UNISTD_H -# include <unistd.h> -# endif -# include <sys/types.h> -# include <sys/stat.h> -# include <fcntl.h> -#endif /* fills the buffer 'res' with random bytes of 'bytes' long. * level is WEAK, STRONG, or VERY_STRONG (libgcrypt) diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index fbca386228..c9b52d443b 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -47,12 +47,11 @@ typedef struct gnutls_retr_st { } gnutls_retr_st; typedef int gnutls_certificate_client_retrieve_function(gnutls_session, - const gnutls_datum - * req_ca_rdn, - int nreqs, - gnutls_retr_st *); + const gnutls_datum* req_ca_rdn, int nreqs, + const gnutls_pk_algorithm* pk_algos, int pk_algos_length, + gnutls_retr_st *); typedef int gnutls_certificate_server_retrieve_function(gnutls_session, - gnutls_retr_st *); + gnutls_retr_st *); /* Functions that allow AUTH_INFO structures handling |