danetool is being built even without libgnutls-dane.

The --check functionality is not operational though. It can only generate tlsa records.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-11-21 22:23:30 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-11-21 22:23:59 +0100
commit: a7a64ea8eeabf0098f3af83a3ca7b84dbebbf969 (patch)
tree: 5178b769e4044cb66e55c40ed8c9e307bf79ef78
parent: 45bce4b8726edb9773c016125401500e7cace021 (diff)
download: gnutls-a7a64ea8eeabf0098f3af83a3ca7b84dbebbf969.tar.gz
7 files changed, 115 insertions, 108 deletions
diff --git a/NEWS b/NEWS
index dee4b166e8..971a3665e4 100644
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,9 @@ an easier to parse format.
 ** p11tool: After key generation, outputs the public key (useful in
 tokens that do not store the public key).
 
+** danetool: It is being built even without libgnutls-dane (the
+--check functionality is disabled though).
+
 ** API and ABI modifications:
 gnutls_pkcs11_privkey_generate2: Added
 gnutls_x509_crt_get_policy: Added
diff --git a/doc/invoke-danetool.texi b/doc/invoke-danetool.texi
index 79ff39794e..e03e609ff7 100644
--- a/doc/invoke-danetool.texi
+++ b/doc/invoke-danetool.texi
@@ -6,7 +6,7 @@
 # 
 # DO NOT EDIT THIS FILE   (invoke-danetool.texi)
 # 
-# It has been AutoGen-ed  November  8, 2012 at 11:40:20 PM by AutoGen 5.16
+# It has been AutoGen-ed  November 21, 2012 at 10:20:05 PM by AutoGen 5.16
 # From the definitions    ../src/danetool-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -105,7 +105,7 @@ Available hash functions are SHA1, RMD160, SHA256, SHA384, SHA512.
 @anchor{danetool check}
 @subheading check option
 
-This is the ``check dane tlsa entry.'' option.
+This is the ``check a host's dane tlsa entry.'' option.
 This option takes an argument string.
 Obtains the DANE TLSA entry from the given hostname and prints information.
 @anchor{danetool local-dns}
diff --git a/src/Makefile.am b/src/Makefile.am
index 8f5a4b1ab6..5aebf20655 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -46,9 +46,8 @@ endif
 if ENABLE_OCSP
 bin_PROGRAMS += ocsptool
 endif
-if ENABLE_DANE
+
 bin_PROGRAMS += danetool
-endif
 
 if ENABLE_TROUSERS
 bin_PROGRAMS += tpmtool
@@ -141,12 +140,12 @@ libcmd_certtool_la_LIBADD += $(LIBOPTS_LDADD) $(LTLIBINTL)
 libcmd_certtool_la_LIBADD += $(LTLIBREADLINE)
 libcmd_certtool_la_LIBADD += $(INET_PTON_LIB)
 
-if ENABLE_DANE
-
 danetool_SOURCES = danetool.c certtool-common.c certtool-extras.c common.c
 danetool_LDADD = ../lib/libgnutls.la 
 danetool_LDADD += libcmd-danetool.la ../gl/libgnu.la
+if ENABLE_DANE
 danetool_LDADD += ../libdane/libgnutls-dane.la
+endif
 
 noinst_LTLIBRARIES += libcmd-danetool.la
 libcmd_danetool_la_CFLAGS =
@@ -157,8 +156,6 @@ libcmd_danetool_la_LIBADD += $(LIBOPTS_LDADD) $(LTLIBINTL)
 libcmd_danetool_la_LIBADD += $(LTLIBREADLINE)
 libcmd_danetool_la_LIBADD += $(INET_PTON_LIB)
 
-endif #ENABLE_DANE
-
 # p11 tool
 if ENABLE_PKCS11
 
diff --git a/src/danetool-args.c b/src/danetool-args.c
index d9f305bcb4..2303e52520 100644
--- a/src/danetool-args.c
+++ b/src/danetool-args.c
@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (danetool-args.c)
  *  
- *  It has been AutoGen-ed  November  8, 2012 at 11:35:55 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  November 21, 2012 at 10:22:22 PM by AutoGen 5.16
  *  From the definitions    danetool-args.def
  *  and the template file   options
  *
@@ -67,7 +67,7 @@ extern FILE * option_usage_fp;
 /*
  *  danetool option static const strings
  */
-static char const danetool_opt_strs[2260] =
+static char const danetool_opt_strs[2269] =
 /*     0 */ "danetool @VERSION@\n"
             "Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.\n"
             "This is free software. It is licensed for use, modification and\n"
@@ -105,55 +105,55 @@ static char const danetool_opt_strs[2260] =
 /*  1110 */ "Hash algorithm to use for signing.\0"
 /*  1145 */ "HASH\0"
 /*  1150 */ "hash\0"
-/*  1155 */ "Check DANE TLSA entry.\0"
-/*  1178 */ "CHECK\0"
-/*  1184 */ "check\0"
-/*  1190 */ "Use the local DNS server for DNSSEC resolving.\0"
-/*  1237 */ "LOCAL_DNS\0"
-/*  1247 */ "no-local-dns\0"
-/*  1260 */ "no\0"
-/*  1263 */ "Use DER format for input certificates and private keys.\0"
-/*  1319 */ "INDER\0"
-/*  1325 */ "no-inder\0"
-/*  1334 */ "This is an alias for 'inder'\0"
-/*  1363 */ "inraw\0"
-/*  1369 */ "Print the DANE RR data on a certificate or public key\0"
-/*  1423 */ "TLSA_RR\0"
-/*  1431 */ "tlsa-rr\0"
-/*  1439 */ "Specify the hostname to be used in the DANE RR\0"
-/*  1486 */ "HOST\0"
-/*  1491 */ "host\0"
-/*  1496 */ "The protocol set for DANE data (tcp, udp etc.)\0"
-/*  1543 */ "PROTO\0"
-/*  1549 */ "proto\0"
-/*  1555 */ "Specify the port number for the DANE data.\0"
-/*  1598 */ "PORT\0"
-/*  1603 */ "port\0"
-/*  1608 */ "Whether the provided certificate or public key is a Certificate\n"
+/*  1155 */ "Check a host's DANE TLSA entry.\0"
+/*  1187 */ "CHECK\0"
+/*  1193 */ "check\0"
+/*  1199 */ "Use the local DNS server for DNSSEC resolving.\0"
+/*  1246 */ "LOCAL_DNS\0"
+/*  1256 */ "no-local-dns\0"
+/*  1269 */ "no\0"
+/*  1272 */ "Use DER format for input certificates and private keys.\0"
+/*  1328 */ "INDER\0"
+/*  1334 */ "no-inder\0"
+/*  1343 */ "This is an alias for 'inder'\0"
+/*  1372 */ "inraw\0"
+/*  1378 */ "Print the DANE RR data on a certificate or public key\0"
+/*  1432 */ "TLSA_RR\0"
+/*  1440 */ "tlsa-rr\0"
+/*  1448 */ "Specify the hostname to be used in the DANE RR\0"
+/*  1495 */ "HOST\0"
+/*  1500 */ "host\0"
+/*  1505 */ "The protocol set for DANE data (tcp, udp etc.)\0"
+/*  1552 */ "PROTO\0"
+/*  1558 */ "proto\0"
+/*  1564 */ "Specify the port number for the DANE data.\0"
+/*  1607 */ "PORT\0"
+/*  1612 */ "port\0"
+/*  1617 */ "Whether the provided certificate or public key is a Certificate\n"
             "Authority.\0"
-/*  1683 */ "CA\0"
-/*  1686 */ "ca\0"
-/*  1689 */ "Use the hash of the X.509 certificate, rather than the public key.\0"
-/*  1756 */ "X509\0"
-/*  1761 */ "x509\0"
-/*  1766 */ "The provided certificate or public key is a local entity.\0"
-/*  1824 */ "LOCAL\0"
-/*  1830 */ "local\0"
-/*  1836 */ "Display extended usage information and exit\0"
-/*  1880 */ "help\0"
-/*  1885 */ "Extended usage information passed thru pager\0"
-/*  1930 */ "more-help\0"
-/*  1940 */ "Output version information and exit\0"
-/*  1976 */ "version\0"
-/*  1984 */ "DANETOOL\0"
-/*  1993 */ "danetool - GnuTLS DANE tool - Ver. @VERSION@\n"
+/*  1692 */ "CA\0"
+/*  1695 */ "ca\0"
+/*  1698 */ "Use the hash of the X.509 certificate, rather than the public key.\0"
+/*  1765 */ "X509\0"
+/*  1770 */ "x509\0"
+/*  1775 */ "The provided certificate or public key is a local entity.\0"
+/*  1833 */ "LOCAL\0"
+/*  1839 */ "local\0"
+/*  1845 */ "Display extended usage information and exit\0"
+/*  1889 */ "help\0"
+/*  1894 */ "Extended usage information passed thru pager\0"
+/*  1939 */ "more-help\0"
+/*  1949 */ "Output version information and exit\0"
+/*  1985 */ "version\0"
+/*  1993 */ "DANETOOL\0"
+/*  2002 */ "danetool - GnuTLS DANE tool - Ver. @VERSION@\n"
             "USAGE:  %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/*  2096 */ "bug-gnutls@gnu.org\0"
-/*  2115 */ "\n\n\0"
-/*  2118 */ "\n"
+/*  2105 */ "bug-gnutls@gnu.org\0"
+/*  2124 */ "\n\n\0"
+/*  2127 */ "\n"
             "Tool to generate DNS resource records for the DANE protocol.\n\0"
-/*  2181 */ "danetool @VERSION@\0"
-/*  2200 */ "danetool [options]\n"
+/*  2190 */ "danetool @VERSION@\0"
+/*  2209 */ "danetool [options]\n"
             "danetool --help for usage instructions.\n";
 
 /*
@@ -222,46 +222,46 @@ static char const danetool_opt_strs[2260] =
  *  check option description:
  */
 #define CHECK_DESC      (danetool_opt_strs+1155)
-#define CHECK_NAME      (danetool_opt_strs+1178)
-#define CHECK_name      (danetool_opt_strs+1184)
+#define CHECK_NAME      (danetool_opt_strs+1187)
+#define CHECK_name      (danetool_opt_strs+1193)
 #define CHECK_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  local-dns option description:
  */
-#define LOCAL_DNS_DESC      (danetool_opt_strs+1190)
-#define LOCAL_DNS_NAME      (danetool_opt_strs+1237)
-#define NOT_LOCAL_DNS_name  (danetool_opt_strs+1247)
-#define NOT_LOCAL_DNS_PFX   (danetool_opt_strs+1260)
+#define LOCAL_DNS_DESC      (danetool_opt_strs+1199)
+#define LOCAL_DNS_NAME      (danetool_opt_strs+1246)
+#define NOT_LOCAL_DNS_name  (danetool_opt_strs+1256)
+#define NOT_LOCAL_DNS_PFX   (danetool_opt_strs+1269)
 #define LOCAL_DNS_name      (NOT_LOCAL_DNS_name + 3)
 #define LOCAL_DNS_FLAGS     (OPTST_DISABLED)
 
 /*
  *  inder option description:
  */
-#define INDER_DESC      (danetool_opt_strs+1263)
-#define INDER_NAME      (danetool_opt_strs+1319)
-#define NOT_INDER_name  (danetool_opt_strs+1325)
-#define NOT_INDER_PFX   (danetool_opt_strs+1260)
+#define INDER_DESC      (danetool_opt_strs+1272)
+#define INDER_NAME      (danetool_opt_strs+1328)
+#define NOT_INDER_name  (danetool_opt_strs+1334)
+#define NOT_INDER_PFX   (danetool_opt_strs+1269)
 #define INDER_name      (NOT_INDER_name + 3)
 #define INDER_FLAGS     (OPTST_DISABLED)
 
 /*
  *  inraw option description:
  */
-#define INRAW_DESC    (danetool_opt_strs+1334)
+#define INRAW_DESC    (danetool_opt_strs+1343)
 #define INRAW_NAME    NULL
-#define INRAW_name    (danetool_opt_strs+1363)
+#define INRAW_name    (danetool_opt_strs+1372)
 #define INRAW_FLAGS     (INDER_FLAGS | OPTST_ALIAS)
 
 /*
  *  tlsa-rr option description with
  *  "Must also have options" and "Incompatible options":
  */
-#define TLSA_RR_DESC      (danetool_opt_strs+1369)
-#define TLSA_RR_NAME      (danetool_opt_strs+1423)
-#define TLSA_RR_name      (danetool_opt_strs+1431)
+#define TLSA_RR_DESC      (danetool_opt_strs+1378)
+#define TLSA_RR_NAME      (danetool_opt_strs+1432)
+#define TLSA_RR_name      (danetool_opt_strs+1440)
 static int const aTlsa_RrMustList[] = {
     INDEX_OPT_HOST, NO_EQUIVALENT };
 #define TLSA_RR_FLAGS     (OPTST_DISABLED)
@@ -269,62 +269,62 @@ static int const aTlsa_RrMustList[] = {
 /*
  *  host option description:
  */
-#define HOST_DESC      (danetool_opt_strs+1439)
-#define HOST_NAME      (danetool_opt_strs+1486)
-#define HOST_name      (danetool_opt_strs+1491)
+#define HOST_DESC      (danetool_opt_strs+1448)
+#define HOST_NAME      (danetool_opt_strs+1495)
+#define HOST_name      (danetool_opt_strs+1500)
 #define HOST_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  proto option description:
  */
-#define PROTO_DESC      (danetool_opt_strs+1496)
-#define PROTO_NAME      (danetool_opt_strs+1543)
-#define PROTO_name      (danetool_opt_strs+1549)
+#define PROTO_DESC      (danetool_opt_strs+1505)
+#define PROTO_NAME      (danetool_opt_strs+1552)
+#define PROTO_name      (danetool_opt_strs+1558)
 #define PROTO_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
 
 /*
  *  port option description:
  */
-#define PORT_DESC      (danetool_opt_strs+1555)
-#define PORT_NAME      (danetool_opt_strs+1598)
-#define PORT_name      (danetool_opt_strs+1603)
+#define PORT_DESC      (danetool_opt_strs+1564)
+#define PORT_NAME      (danetool_opt_strs+1607)
+#define PORT_name      (danetool_opt_strs+1612)
 #define PORT_FLAGS     (OPTST_DISABLED \
         | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
 
 /*
  *  ca option description:
  */
-#define CA_DESC      (danetool_opt_strs+1608)
-#define CA_NAME      (danetool_opt_strs+1683)
-#define CA_name      (danetool_opt_strs+1686)
+#define CA_DESC      (danetool_opt_strs+1617)
+#define CA_NAME      (danetool_opt_strs+1692)
+#define CA_name      (danetool_opt_strs+1695)
 #define CA_FLAGS     (OPTST_DISABLED)
 
 /*
  *  x509 option description:
  */
-#define X509_DESC      (danetool_opt_strs+1689)
-#define X509_NAME      (danetool_opt_strs+1756)
-#define X509_name      (danetool_opt_strs+1761)
+#define X509_DESC      (danetool_opt_strs+1698)
+#define X509_NAME      (danetool_opt_strs+1765)
+#define X509_name      (danetool_opt_strs+1770)
 #define X509_FLAGS     (OPTST_DISABLED)
 
 /*
  *  local option description:
  */
-#define LOCAL_DESC      (danetool_opt_strs+1766)
-#define LOCAL_NAME      (danetool_opt_strs+1824)
-#define LOCAL_name      (danetool_opt_strs+1830)
+#define LOCAL_DESC      (danetool_opt_strs+1775)
+#define LOCAL_NAME      (danetool_opt_strs+1833)
+#define LOCAL_name      (danetool_opt_strs+1839)
 #define LOCAL_FLAGS     (OPTST_DISABLED)
 
 /*
  *  Help/More_Help/Version option descriptions:
  */
-#define HELP_DESC       (danetool_opt_strs+1836)
-#define HELP_name       (danetool_opt_strs+1880)
+#define HELP_DESC       (danetool_opt_strs+1845)
+#define HELP_name       (danetool_opt_strs+1889)
 #ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC  (danetool_opt_strs+1885)
-#define MORE_HELP_name  (danetool_opt_strs+1930)
+#define MORE_HELP_DESC  (danetool_opt_strs+1894)
+#define MORE_HELP_name  (danetool_opt_strs+1939)
 #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
 #else
 #define MORE_HELP_DESC  NULL
@@ -337,8 +337,8 @@ static int const aTlsa_RrMustList[] = {
 #  define VER_FLAGS     (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
                          OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
 #endif
-#define VER_DESC        (danetool_opt_strs+1940)
-#define VER_name        (danetool_opt_strs+1976)
+#define VER_DESC        (danetool_opt_strs+1949)
+#define VER_name        (danetool_opt_strs+1985)
 /*
  *  Declare option callback procedures
  */
@@ -618,14 +618,14 @@ static tOptDesc optDesc[OPTION_CT] = {
  *
  *  Define the danetool Option Environment
  */
-#define zPROGNAME       (danetool_opt_strs+1984)
-#define zUsageTitle     (danetool_opt_strs+1993)
+#define zPROGNAME       (danetool_opt_strs+1993)
+#define zUsageTitle     (danetool_opt_strs+2002)
 #define zRcName         NULL
 #define apzHomeList     NULL
-#define zBugsAddr       (danetool_opt_strs+2096)
-#define zExplain        (danetool_opt_strs+2115)
-#define zDetail         (danetool_opt_strs+2118)
-#define zFullVersion    (danetool_opt_strs+2181)
+#define zBugsAddr       (danetool_opt_strs+2105)
+#define zExplain        (danetool_opt_strs+2124)
+#define zDetail         (danetool_opt_strs+2127)
+#define zFullVersion    (danetool_opt_strs+2190)
 /* extracted from optcode.tlib near line 350 */
 
 #if defined(ENABLE_NLS)
@@ -639,7 +639,7 @@ static tOptDesc optDesc[OPTION_CT] = {
 
 #define danetool_full_usage (NULL)
 
-#define danetool_short_usage (danetool_opt_strs+2200)
+#define danetool_short_usage (danetool_opt_strs+2209)
 
 #endif /* not defined __doxygen__ */
 
diff --git a/src/danetool-args.def b/src/danetool-args.def
index e01dfdd9ee..e5ba03c81e 100644
--- a/src/danetool-args.def
+++ b/src/danetool-args.def
@@ -35,7 +35,7 @@ flag = {
 flag = {
     name      = check;
     arg-type  = string;
-    descrip   = "Check DANE TLSA entry.";
+    descrip   = "Check a host's DANE TLSA entry.";
     doc = "Obtains the DANE TLSA entry from the given hostname and prints information.";
 };
 
diff --git a/src/danetool-args.h b/src/danetool-args.h
index 0cb2354914..a233656289 100644
--- a/src/danetool-args.h
+++ b/src/danetool-args.h
@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (danetool-args.h)
  *  
- *  It has been AutoGen-ed  November  8, 2012 at 11:35:55 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  November 21, 2012 at 10:22:22 PM by AutoGen 5.16
  *  From the definitions    danetool-args.def
  *  and the template file   options
  *
diff --git a/src/danetool.c b/src/danetool.c
index cd8211ecd9..d2361e5c50 100644
--- a/src/danetool.c
+++ b/src/danetool.c
@@ -27,7 +27,10 @@
 #include <gnutls/pkcs11.h>
 #include <gnutls/abstract.h>
 #include <gnutls/crypto.h>
-#include <gnutls/dane.h>
+
+#ifdef HAVE_DANE
+# include <gnutls/dane.h>
+#endif
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -181,6 +184,7 @@ cmd_parser (int argc, char **argv)
 static void dane_check(const char* host, const char* proto, unsigned int port,
                        common_info_st * cinfo)
 {
+#ifdef HAVE_DANE
 dane_state_t s;
 dane_query_t q;
 int ret;
@@ -236,7 +240,7 @@ size_t size;
           ret = gnutls_x509_crt_list_import2( &clist, &clist_size, &file, cinfo->incert_format, 0);
           if (ret < 0)
             error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_import2: %s", gnutls_strerror (ret));
-          
+
           if (clist_size > 0)
             {
               gnutls_datum_t certs[clist_size];
@@ -249,7 +253,7 @@ size_t size;
                   if (ret < 0)
                     error (EXIT_FAILURE, 0, "gnutls_x509_crt_export2: %s", gnutls_strerror (ret));
                 }
-              
+
               ret = dane_verify_crt( s, certs, clist_size, GNUTLS_CRT_X509, 
                                      host, proto, port, 0, 0, &status);
               if (ret < 0)
@@ -275,7 +279,10 @@ size_t size;
 
   dane_query_deinit(q);
   dane_state_deinit(s);
-
+#else
+  fprintf(stderr, "This functionality was disabled (GnuTLS was not compiled with support for DANE).\n");
+  return;
+#endif
 }
 
 static void dane_info(const char* host, const char* proto, unsigned int port,
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-11-21 22:23:30 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-11-21 22:23:59 +0100
commit	a7a64ea8eeabf0098f3af83a3ca7b84dbebbf969 (patch)
tree	5178b769e4044cb66e55c40ed8c9e307bf79ef78
parent	45bce4b8726edb9773c016125401500e7cace021 (diff)
download	gnutls-a7a64ea8eeabf0098f3af83a3ca7b84dbebbf969.tar.gz