diff options
author | Simon Josefsson <simon@josefsson.org> | 2011-11-12 10:24:18 +0100 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2011-11-12 10:24:18 +0100 |
commit | 0bc58b2bb637c30331133f713dd2f4d5da719f05 (patch) | |
tree | 3effe108747f2dcfd69766ba754eccd0712f9d02 | |
parent | 6877c6f746a7db88407f53646c290e8c44563bf4 (diff) | |
download | gnutls-0bc58b2bb637c30331133f713dd2f4d5da719f05.tar.gz |
Don't export verify-high structs internally.
-rw-r--r-- | lib/x509/verify-high.c | 62 | ||||
-rw-r--r-- | lib/x509/verify-high.h | 47 |
2 files changed, 84 insertions, 25 deletions
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index b0efe32d40..31eb1c07fd 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -20,7 +20,6 @@ * */ - #include <gnutls_int.h> #include <gnutls_errors.h> #include <libtasn1.h> @@ -34,6 +33,31 @@ #include <common.h> #include "verify-high.h" +struct named_cert_st { + gnutls_x509_crt_t cert; + uint8_t name[MAX_NAME_SIZE]; + unsigned int name_size; +}; + +struct node_st { + /* The trusted certificates */ + gnutls_x509_crt_t *trusted_cas; + unsigned int trusted_ca_size; + + struct named_cert_st *named_certs; + unsigned int named_cert_size; + + /* The trusted CRLs */ + gnutls_x509_crl_t *crls; + unsigned int crl_size; +}; + +struct gnutls_x509_trust_list_st { + int size; + struct node_st *node; +}; + +#define INIT_HASH 0x33a1 #define DEFAULT_SIZE 503 /** @@ -595,3 +619,39 @@ gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list, return 0; } + +int +_gnutls_trustlist_inlist_p (gnutls_x509_trust_list_t list, + gnutls_x509_crt_t cert) +{ + gnutls_datum_t dn; + int ret, i; + uint32_t hash; + + ret = gnutls_x509_crt_get_raw_dn (cert, &dn); + if (ret < 0) + { + gnutls_assert(); + return ret; + } + + hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH); + hash %= list->size; + + _gnutls_free_datum (&dn); + + for (i = 0; i < list->node[hash].trusted_ca_size; i++) + { + ret = check_if_same_cert (cert, list->node[hash].trusted_cas[i]); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + if (ret == 1) + return 1; + } + + return 0; +} diff --git a/lib/x509/verify-high.h b/lib/x509/verify-high.h index c241b08581..5272806802 100644 --- a/lib/x509/verify-high.h +++ b/lib/x509/verify-high.h @@ -1,25 +1,24 @@ -struct named_cert_st { - gnutls_x509_crt_t cert; - uint8_t name[MAX_NAME_SIZE]; - unsigned int name_size; -}; +/* + * Copyright (C) 2011 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 3 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ -struct node_st { - /* The trusted certificates */ - gnutls_x509_crt_t *trusted_cas; - unsigned int trusted_ca_size; - - struct named_cert_st *named_certs; - unsigned int named_cert_size; - - /* The trusted CRLs */ - gnutls_x509_crl_t *crls; - unsigned int crl_size; -}; - -struct gnutls_x509_trust_list_st { - int size; - struct node_st *node; -}; - -#define INIT_HASH 0x33a1 +int _gnutls_trustlist_inlist_p (gnutls_x509_trust_list_t list, + gnutls_x509_crt_t cert); |