diff options
| author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-12-29 12:49:16 +0300 |
|---|---|---|
| committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-12-29 14:08:48 +0300 |
| commit | e15d2a793bc864f2e56e8fabf8c4d6d02a7f3b00 (patch) | |
| tree | 63242b551219fca2698eba7231aee783be982bf5 | |
| parent | fb5035e58461cba9d22adc3c2b30e50358d8b307 (diff) | |
| download | gnutls-e15d2a793bc864f2e56e8fabf8c4d6d02a7f3b00.tar.gz | |
serv: support building with OCSP disabled
Support gnutls-serv when building GnuTLS with OCSP API disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| -rw-r--r-- | src/Makefile.am | 7 | ||||
| -rw-r--r-- | src/serv.c | 27 |
2 files changed, 32 insertions, 2 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 92762fa88a..2677fbd221 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -82,13 +82,13 @@ else LIBOPTS = $(LIBOPTS_LDADD) endif -bin_PROGRAMS = psktool gnutls-cli-debug certtool +bin_PROGRAMS = psktool gnutls-cli-debug certtool gnutls-serv if ENABLE_SRP bin_PROGRAMS += srptool endif if ENABLE_OCSP -bin_PROGRAMS += ocsptool gnutls-serv +bin_PROGRAMS += ocsptool if ENABLE_ANON bin_PROGRAMS += gnutls-cli endif @@ -140,6 +140,8 @@ noinst_LTLIBRARIES += libcmd-ocsp.la libcmd_ocsp_la_SOURCES = ocsptool-args.def nodist_libcmd_ocsp_la_SOURCES = ocsptool-args.h ocsptool-args.c +endif + gnutls_serv_SOURCES = \ list.h serv.c \ udp-serv.c udp-serv.h \ @@ -153,6 +155,7 @@ noinst_LTLIBRARIES += libcmd-serv.la libcmd_serv_la_SOURCES = serv-args.def nodist_libcmd_serv_la_SOURCES = serv-args.c serv-args.h +if ENABLE_OCSP if ENABLE_ANON BENCHMARK_SRCS = benchmark-cipher.c benchmark.c benchmark.h benchmark-tls.c diff --git a/src/serv.c b/src/serv.c index de5691261f..a4dd445da8 100644 --- a/src/serv.c +++ b/src/serv.c @@ -121,7 +121,9 @@ static void tcp_server(const char *name, int port); /* These are global */ gnutls_srp_server_credentials_t srp_cred = NULL; gnutls_psk_server_credentials_t psk_cred = NULL; +#ifdef ENABLE_ANON gnutls_anon_server_credentials_t dh_cred = NULL; +#endif gnutls_certificate_credentials_t cert_cred = NULL; const int ssl_session_cache = 2048; @@ -384,7 +386,9 @@ gnutls_session_t initialize_session(int dtls) int ret; unsigned i; const char *err; +#ifdef ENABLE_ALPN gnutls_datum_t alpn[MAX_ALPN_PROTOCOLS]; +#endif unsigned alpn_size; unsigned flags = GNUTLS_SERVER | GNUTLS_POST_HANDSHAKE_AUTH | GNUTLS_ENABLE_RAWPK; @@ -443,6 +447,12 @@ gnutls_session_t initialize_session(int dtls) } } +#ifndef ENABLE_ALPN + if (alpn_protos_size != 0) { + fprintf(stderr, "ALPN is not supported\n"); + exit(1); + } +#else alpn_size = MIN(MAX_ALPN_PROTOCOLS,alpn_protos_size); for (i=0;i<alpn_size;i++) { alpn[i].data = (void*)alpn_protos[i]; @@ -454,8 +464,11 @@ gnutls_session_t initialize_session(int dtls) fprintf(stderr, "Error setting ALPN protocols: %s\n", gnutls_strerror(ret)); exit(1); } +#endif +#ifdef ENABLE_ANON gnutls_credentials_set(session, GNUTLS_CRD_ANON, dh_cred); +#endif if (srp_cred != NULL) gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); @@ -705,11 +718,13 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, } #endif +#if defined(ENABLE_DHE) || defined(ENABLE_ANON) if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS) { snprintf(tmp_buffer, tmp_buffer_size, "Ephemeral DH using prime of <b>%d</b> bits.<br>\n", gnutls_dh_get_prime_bits(session)); } +#endif tmp = gnutls_compression_get_name(gnutls_compression_get(session)); if (tmp == NULL) @@ -1256,6 +1271,12 @@ int main(int argc, char **argv) "Warning: no private key and certificate pairs were set.\n"); } +#ifndef ENABLE_OCSP + if (HAVE_OPT(IGNORE_OCSP_RESPONSE_ERRORS) || ocsp_responses_size != 0) { + fprintf(stderr, "OCSP is not supported!\n"); + exit(1); + } +#else /* OCSP status-request TLS extension */ if (HAVE_OPT(IGNORE_OCSP_RESPONSE_ERRORS)) gnutls_certificate_set_flags(cert_cred, GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK); @@ -1271,13 +1292,19 @@ int main(int argc, char **argv) exit(1); } } +#endif if (use_static_dh_params) { +#if defined(ENABLE_DHE) || defined(ENABLE_ANON) ret = gnutls_certificate_set_known_dh_params(cert_cred, GNUTLS_SEC_PARAM_MEDIUM); if (ret < 0) { fprintf(stderr, "Error while setting DH parameters: %s\n", gnutls_strerror(ret)); exit(1); } +#else + fprintf(stderr, "Setting DH parameters is not supported\n"); + exit(1); +#endif } else { gnutls_certificate_set_params_function(cert_cred, get_params); } |