diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-16 10:58:23 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-16 15:31:52 +0200 |
| commit | 6b0c49a5fef008d65dad737c577ae1a3ac778ea7 (patch) | |
| tree | f138d9d3fa284d11b7158c487b69aefc30cbaaf4 | |
| parent | 313492841f5595bd07d0912909323f8519363259 (diff) | |
| download | gnutls-6b0c49a5fef008d65dad737c577ae1a3ac778ea7.tar.gz | |
Removed unnecessary certificate type functionality
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/priority.c | 37 | ||||
| -rw-r--r-- | lib/state.c | 61 | ||||
| -rw-r--r-- | lib/state.h | 5 |
3 files changed, 6 insertions, 97 deletions
diff --git a/lib/priority.c b/lib/priority.c index 761d0fe8b2..b19981b4b8 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -488,11 +488,6 @@ static const int cert_type_priority_default[] = { 0 }; -static const int cert_type_priority_all[] = { - GNUTLS_CRT_X509, - 0 -}; - typedef void (rmadd_func) (priority_st * priority_list, unsigned int alg); static void prio_remove(priority_st * priority_list, unsigned int algo) @@ -1386,27 +1381,10 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, else goto error; } - } /* now check if the element is something like -ALGO */ - else if (strncasecmp + } else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0) { - if (strncasecmp - (&broken_list[i][1], "CTYPE-ALL", - 9) == 0) { - bulk_fn(&(*priority_cache)-> - cert_type, - cert_type_priority_all); - } else { - if ((algo = - gnutls_certificate_type_get_id - (&broken_list[i][7])) != - GNUTLS_CRT_UNKNOWN) - fn(&(*priority_cache)-> - cert_type, algo); - else - goto error; - } - } /* now check if the element is something like -ALGO */ - else if (strncasecmp + continue; + } else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0) { if (strncasecmp (&broken_list[i][1], "SIGN-ALL", @@ -1424,19 +1402,16 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, else goto error; } - } else - if (strncasecmp + } else if (strncasecmp (&broken_list[i][1], "MAC-ALL", 7) == 0) { bulk_fn(&(*priority_cache)->mac, mac_priority_normal); - } else - if (strncasecmp + } else if (strncasecmp (&broken_list[i][1], "CIPHER-ALL", 10) == 0) { bulk_fn(&(*priority_cache)->cipher, cipher_priority_normal); - } else - if (strncasecmp + } else if (strncasecmp (&broken_list[i][1], "KX-ALL", 6) == 0) { bulk_fn(&(*priority_cache)->kx, kx_priority_secure); diff --git a/lib/state.c b/lib/state.c index c9e8d20085..27c4adb3b8 100644 --- a/lib/state.c +++ b/lib/state.c @@ -59,16 +59,6 @@ _gnutls_rsa_pms_set_version(gnutls_session_t session, unsigned char major, unsigned char minor); void -_gnutls_session_cert_type_set(gnutls_session_t session, - gnutls_certificate_type_t ct) -{ - _gnutls_handshake_log - ("HSK[%p]: Selected certificate type %s (%d)\n", session, - gnutls_certificate_type_get_name(ct), ct); - session->security_parameters.cert_type = ct; -} - -void _gnutls_session_ecc_curve_set(gnutls_session_t session, gnutls_ecc_curve_t c) { @@ -179,57 +169,6 @@ gnutls_compression_get(gnutls_session_t session) return record_params->compression_algorithm; } -/* Check if the given certificate type is supported. - * This means that it is enabled by the priority functions, - * and a matching certificate exists. - */ -int -_gnutls_session_cert_type_supported(gnutls_session_t session, - gnutls_certificate_type_t cert_type) -{ - unsigned i; - unsigned cert_found = 0; - gnutls_certificate_credentials_t cred; - - if (session->security_parameters.entity == GNUTLS_SERVER) { - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); - - if (cred == NULL) - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; - - if (cred->get_cert_callback == NULL && cred->get_cert_callback2 == NULL) { - for (i = 0; i < cred->ncerts; i++) { - if (cred->certs[i].cert_list[0].type == - cert_type) { - cert_found = 1; - break; - } - } - - if (cert_found == 0) - /* no certificate is of that type. - */ - return - GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; - } - } - - if (session->internals.priorities.cert_type.algorithms == 0 - && cert_type == DEFAULT_CERT_TYPE) - return 0; - - for (i = 0; i < session->internals.priorities.cert_type.algorithms; - i++) { - if (session->internals.priorities.cert_type.priority[i] == - cert_type) { - return 0; /* ok */ - } - } - - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; -} - static void deinit_keys(gnutls_session_t session) { gnutls_pk_params_release(&session->key.ecdh_params); diff --git a/lib/state.h b/lib/state.h index fd7b3f66d8..cefefad92c 100644 --- a/lib/state.h +++ b/lib/state.h @@ -25,9 +25,6 @@ #include "gnutls_int.h" -void _gnutls_session_cert_type_set(gnutls_session_t session, - gnutls_certificate_type_t); - inline static gnutls_ecc_curve_t _gnutls_session_ecc_curve_get(gnutls_session_t session) { @@ -59,8 +56,6 @@ _gnutls_hello_set_default_version(gnutls_session_t session, #endif -int _gnutls_session_cert_type_supported(gnutls_session_t, - gnutls_certificate_type_t); int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits); int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public); |