Added gnutls_alert_str (allows printing alert number descriptions)

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-02-21 20:42:27 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-02-21 20:42:27 +0000
commit: 281b955b43e5aea756d8757ddc92f4fbb68e15a6 (patch)
tree: 847f696feafc9623cf6ac2275a4d8140036e9267
parent: 9b0557dbf920e87da377907ebc850c8d14cd5730 (diff)
download: gnutls-281b955b43e5aea756d8757ddc92f4fbb68e15a6.tar.gz
9 files changed, 153 insertions, 99 deletions
diff --git a/ChangeLog b/ChangeLog
index 740a6d682d..12aec68190 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,46 @@
+2002-02-20 20:53  nmav <nmav@gnutls.org>
+
+	* lib/x509_verify.c:
+
+	some fixes in verification procedure 
+
+2002-02-19 18:57  twoaday <twoaday@gnutls.org>
+
+	* lib/: .cvsignore, gnutls_cert.h, gnutls_errors_int.h,
+	gnutls_openpgp.c, gnutls_openpgp.h:
+
+	Applied the patches to fix the GDOC problem.  Some bug fixes all
+	over the place and the implementation of some function stubs.  
+
+2002-02-19 08:17  nmav <nmav@gnutls.org>
+
+	* doc/tex/ex3.tex, lib/gnutls.h.in.in, lib/gnutls_cert.c,
+	lib/gnutls_int.h, lib/gnutls_x509.c, lib/x509_sig_check.c,
+	src/common.c:
+
+	removed CERT_CORRUPTED 
+
+2002-02-19 08:09  nmav <nmav@gnutls.org>
+
+	* lib/auth_cert.c:
+
+	openpgp fingerprint is calculated dynamically.  
+
+2002-02-18 20:31  nmav <nmav@gnutls.org>
+
+	* lib/: auth_cert.c, auth_cert.h, gnutls.h.in.in:
+
+	Added some support the OpenPGP Certificate message, with key
+	fingerprints.  
+
+2002-02-18 14:11  nmav <nmav@gnutls.org>
+
+	* ChangeLog, lib/auth_cert.c, lib/gnutls.h.in.in, lib/gnutls_int.h,
+	lib/gnutls_state.c, lib/gnutls_state.h, src/cli-gaa.c,
+	src/cli-gaa.h, src/cli.c, src/cli.gaa, src/common.c:
+
+	Added some stuff for the client to send the OpenPGP fingerprint.  
+
 2002-02-17 20:07  nmav <nmav@gnutls.org>
 
 	* lib/: auth_rsa.c, gnutls_pk.c:
diff --git a/NEWS b/NEWS
index 809b6b3162..3ee9e51dc6 100644
--- a/NEWS
+++ b/NEWS
@@ -3,17 +3,21 @@ Version ?.?.?
   less memory during a handshake
 - Added support for certificates with DSA parameters
 - Added DHE_DSS cipher suites
+- Key exchange methods changed so they do not depend on the 
+  certificate type.
+- Improved Diffie Hellman key exchange support.
+- Bug fixes in the RSA key exchange.
 - Added check for the requested TLS extensions
+- TLS extensions now use a 16 bit type field.
 - Added a minimal string library to assist in ASN.1 parsing
+- Changes in ASN.1 parser to work with the new bison
 - Added gnutls_x509_extract_subject_alt_name(), which deprecates 
   gnutls_x509_extract_subject_dns_name()
 - gnutls_x509_set_trust_(file/mem) can now be called multiple times
 - gnutls_srp_server_set_cred_file() can now be called multiple times
-- Key exchange methods changed so they do not depend on the 
-  certificate type.
-- Improved Diffie Hellman key exchange support.
-- Bug fixes in the RSA key exchange.
-- TLS extensions now use a 16 bit type field.
+
+
+OpenPGP:
 - Added openpgp key support (EXPERIMENTAL)
 
 Version 0.3.5 (25/01/2002)
diff --git a/doc/tex/ex1.tex b/doc/tex/ex1.tex
index 3ab3d9c8c2..9e3a9e5859 100644
--- a/doc/tex/ex1.tex
+++ b/doc/tex/ex1.tex
@@ -27,7 +27,7 @@ int main()
    const char *PORT = "443";
    const char *SERVER = "127.0.0.1";
    int err, ret;
-   int sd, ii;
+   int sd, ii, alert;
    struct sockaddr_in sa;
    GNUTLS_STATE state;
    char buffer[MAX_BUF + 1];
@@ -144,7 +144,8 @@ int main()
          }
       } else {
          if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
-            printf("* Received alert [%d]\n", gnutls_alert_get_last(state));
+            alert = gnutls_alert_get_last(state);
+            printf("* Received alert [%d]: %s\n", alert, gnutls_alert_str(alert));
          if (ret == GNUTLS_E_REHANDSHAKE) {
             printf("* Received HelloRequest message (server asked to rehandshake)\n");
             gnutls_alert_send_appropriate( state, ret); /* we don't want rehandshake */
diff --git a/doc/tex/serv1.tex b/doc/tex/serv1.tex
index cbbb84d6b9..922e575ceb 100644
--- a/doc/tex/serv1.tex
+++ b/doc/tex/serv1.tex
@@ -233,7 +233,7 @@ int main()
          }
          if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
             ret = gnutls_alert_get_last(state);
-            printf("* Received alert '%d'.\n", ret);
+            printf("* Received alert '%d' - '%s'.\n", ret, gnutls_alert_str( ret));
          }
       }
       printf("\n");
diff --git a/lib/debug.c b/lib/debug.c
index 32e65b3617..8e048153d2 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -1,5 +1,5 @@
 /*
- *      Copyright (C) 2000 Nikos Mavroyanopoulos
+ *      Copyright (C) 2000,2002 Nikos Mavroyanopoulos
  *
  * This file is part of GNUTLS.
  *
@@ -70,89 +70,8 @@ void _gnutls_print_state(GNUTLS_STATE state)
 
 }
 
-const char* _gnutls_alert2str( int alert) {
-static char str[512];
-
-	switch(alert) {
-		case GNUTLS_A_CLOSE_NOTIFY:
-			strcpy(str, "Close Notify");
-			break;
-		case GNUTLS_A_UNEXPECTED_MESSAGE:
-			strcpy(str, "Unexpected message");
-			break;
-		case GNUTLS_A_BAD_RECORD_MAC:
-			strcpy(str, "Bad record MAC");
-			break;
-
-		case GNUTLS_A_DECRYPTION_FAILED:
-			strcpy(str, "Decryption Failed");
-			break;
-		case GNUTLS_A_RECORD_OVERFLOW:
-			strcpy(str, "Record Overflow"); 
-			break;
-
-		case GNUTLS_A_DECOMPRESSION_FAILURE:
-			strcpy(str, "Decompression Failed");
-			break;
-
-		case GNUTLS_A_HANDSHAKE_FAILURE:
-			strcpy(str, "Handshake failed");
-			break;
-		case GNUTLS_A_BAD_CERTIFICATE:
-			strcpy(str, "Certificate is bad");
-			break;
-		case GNUTLS_A_UNSUPPORTED_CERTIFICATE:
-			strcpy(str, "Certificate is not supported");
-			break;
-		case GNUTLS_A_CERTIFICATE_REVOKED:
-			strcpy(str, "Certificate was revoked");
-			break;
-		case GNUTLS_A_CERTIFICATE_EXPIRED:
-			strcpy(str, "Certificate is expired");
-			break;
-		case GNUTLS_A_CERTIFICATE_UNKNOWN:
-			strcpy(str, "Unknown Certificate");
-			break;
-		case GNUTLS_A_ILLEGAL_PARAMETER:
-			strcpy(str, "Illegal Parameter");
-			break;
-		case GNUTLS_A_UNKNOWN_CA:
-			strcpy(str, "CA is not known");
-			break;
-		case GNUTLS_A_ACCESS_DENIED:
-			strcpy(str, "Access was denied");
-			break;
-		case GNUTLS_A_DECODE_ERROR:
-			strcpy(str, "Decode error");
-			break;
-		case GNUTLS_A_DECRYPT_ERROR:
-			strcpy(str, "Decrypt error");
-			break;
-		case GNUTLS_A_EXPORT_RESTRICTION:
-			strcpy(str, "Export Restriction");
-			break;
-		case GNUTLS_A_PROTOCOL_VERSION:
-			strcpy(str, "Error in protocol version");
-			break;
-		case GNUTLS_A_INSUFFICIENT_SECURITY:
-			strcpy(str, "Insufficient Security");
-			break;
-		case GNUTLS_A_USER_CANCELED:
-			strcpy(str, "User Canceled");
-			break;
-		case GNUTLS_A_NO_RENEGOTIATION:
-			strcpy(str, "No renegotiation is allowed");
-			break;
-		default:
-			strcpy(str, "Unknown Alert");
-			
-	}	
-	return str;	
-	
-}
-
 
-char* _gnutls_packet2str( int packet) {
+const char* _gnutls_packet2str( int packet) {
 static char str[512];
 
 	switch(packet) {
@@ -177,7 +96,7 @@ static char str[512];
 	
 }
 
-char* _gnutls_handshake2str( int handshake) {
+const char* _gnutls_handshake2str( int handshake) {
 static char str[512];
 
 	switch(handshake) {
diff --git a/lib/debug.h b/lib/debug.h
index f95145d84d..471f94f36d 100644
--- a/lib/debug.h
+++ b/lib/debug.h
@@ -22,8 +22,7 @@
 void _gnutls_print_state(GNUTLS_STATE state);
 char * _gnutls_bin2hex(const unsigned char *old, const size_t oldlen);
 void _gnutls_dump_mpi(char* prefix,MPI a);
-char* _gnutls_packet2str( int packet);
-char* _gnutls_alert2str( int alert);
-char* _gnutls_handshake2str( int handshake);
+const char* _gnutls_packet2str( int packet);
+const char* _gnutls_handshake2str( int handshake);
 char* GET_CN( gnutls_datum);
 #endif
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index ceff03b222..f936b7d436 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -108,6 +108,7 @@ int gnutls_rehandshake( GNUTLS_STATE state);
 GNUTLS_AlertDescription gnutls_alert_get_last( GNUTLS_STATE state);
 int 		 gnutls_alert_send( GNUTLS_STATE, GNUTLS_AlertLevel, GNUTLS_AlertDescription);
 int 		 gnutls_alert_send_appropriate(  GNUTLS_STATE state, int err);
+const char*	 gnutls_alert_str( int alert);
 
 /* get information on the current state */
 GNUTLS_BulkCipherAlgorithm	gnutls_cipher_get( GNUTLS_STATE state);
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index 1aa4bd6e2e..b8e8f6602e 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -1,5 +1,5 @@
 /*
- *      Copyright (C) 2000,2001 Nikos Mavroyanopoulos
+ *      Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos
  *
  * This file is part of GNUTLS.
  *
@@ -127,3 +127,89 @@ int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
 GNUTLS_AlertDescription gnutls_alert_get_last( GNUTLS_STATE state) {
 	return state->gnutls_internals.last_alert;
 }
+
+/**
+  * gnutls_alert_str - Returns a string describing the alert number given
+  * @alert: is an alert number &GNUTLS_STATE structure.
+  *
+  * Returns a string that describes the given alert number.
+  * See. gnutls_alert_get_last().
+  *
+  **/
+const char* gnutls_alert_str( int alert) {
+
+	switch(alert) {
+		case GNUTLS_A_CLOSE_NOTIFY:
+			return "Close Notify";
+			break;
+		case GNUTLS_A_UNEXPECTED_MESSAGE:
+			return "Unexpected message";
+			break;
+		case GNUTLS_A_BAD_RECORD_MAC:
+			return "Bad record MAC";
+			break;
+
+		case GNUTLS_A_DECRYPTION_FAILED:
+			return "Decryption Failed";
+			break;
+		case GNUTLS_A_RECORD_OVERFLOW:
+			return "Record Overflow"; 
+			break;
+
+		case GNUTLS_A_DECOMPRESSION_FAILURE:
+			return "Decompression Failed";
+			break;
+
+		case GNUTLS_A_HANDSHAKE_FAILURE:
+			return "Handshake failed";
+			break;
+		case GNUTLS_A_BAD_CERTIFICATE:
+			return "Certificate is bad";
+			break;
+		case GNUTLS_A_UNSUPPORTED_CERTIFICATE:
+			return "Certificate is not supported";
+			break;
+		case GNUTLS_A_CERTIFICATE_REVOKED:
+			return "Certificate was revoked";
+			break;
+		case GNUTLS_A_CERTIFICATE_EXPIRED:
+			return "Certificate is expired";
+			break;
+		case GNUTLS_A_CERTIFICATE_UNKNOWN:
+			return "Unknown Certificate";
+			break;
+		case GNUTLS_A_ILLEGAL_PARAMETER:
+			return "Illegal Parameter";
+			break;
+		case GNUTLS_A_UNKNOWN_CA:
+			return "CA is not known";
+			break;
+		case GNUTLS_A_ACCESS_DENIED:
+			return "Access was denied";
+			break;
+		case GNUTLS_A_DECODE_ERROR:
+			return "Decode error";
+			break;
+		case GNUTLS_A_DECRYPT_ERROR:
+			return "Decrypt error";
+			break;
+		case GNUTLS_A_EXPORT_RESTRICTION:
+			return "Export Restriction";
+			break;
+		case GNUTLS_A_PROTOCOL_VERSION:
+			return "Error in protocol version";
+			break;
+		case GNUTLS_A_INSUFFICIENT_SECURITY:
+			return "Insufficient Security";
+			break;
+		case GNUTLS_A_USER_CANCELED:
+			return "User Canceled";
+			break;
+		case GNUTLS_A_NO_RENEGOTIATION:
+			return "No renegotiation is allowed";
+			break;
+		default:
+			return "Unknown Alert";
+			
+	}	
+}
diff --git a/src/cli.c b/src/cli.c
index 83c5de8012..18bf464c84 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -121,7 +121,7 @@ int main(int argc, char **argv)
 	char buffer[MAX_BUF + 1];
 	char *session;
 	char *session_id;
-	int session_size;
+	int session_size, alert;
 	int session_id_size;
 	char *tmp_session_id;
 	int tmp_session_id_size;
@@ -269,8 +269,9 @@ int main(int argc, char **argv)
 		if (ret < 0) {
 			if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
 			    || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
-				printf("*** Received alert [%d]\n",
-				       gnutls_alert_get_last(state));
+				alert = gnutls_alert_get_last( state);
+				printf("*** Received alert [%d]: %s\n",
+				       alert, gnutls_alert_str( alert));
 
 			fprintf(stderr, "*** Handshake has failed\n");
 			gnutls_perror(ret);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-02-21 20:42:27 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-02-21 20:42:27 +0000
commit	281b955b43e5aea756d8757ddc92f4fbb68e15a6 (patch)
tree	847f696feafc9623cf6ac2275a4d8140036e9267
parent	9b0557dbf920e87da377907ebc850c8d14cd5730 (diff)
download	gnutls-281b955b43e5aea756d8757ddc92f4fbb68e15a6.tar.gz