summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2013-11-08 22:14:07 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2013-11-08 22:17:10 +0100
commit76c93d23c073ef8b885503b7d28a31ffe2add6d8 (patch)
tree1dd2d22a197bc40c5330e516969a7cb1ae9bc96f /doc
parent559a144f6bbcbb611453f82e655dd7438c14d1a7 (diff)
downloadgnutls-76c93d23c073ef8b885503b7d28a31ffe2add6d8.tar.gz
reindented code
Diffstat (limited to 'doc')
-rw-r--r--doc/alert-printlist.c148
-rw-r--r--doc/common.c64
-rw-r--r--doc/common.h4
-rw-r--r--doc/errcodes.c177
-rw-r--r--doc/examples/ex-alert.c34
-rw-r--r--doc/examples/ex-cert-select-pkcs11.c251
-rw-r--r--doc/examples/ex-cert-select.c320
-rw-r--r--doc/examples/ex-client-anon.c168
-rw-r--r--doc/examples/ex-client-dtls.c201
-rw-r--r--doc/examples/ex-client-psk.c186
-rw-r--r--doc/examples/ex-client-resume.c261
-rw-r--r--doc/examples/ex-client-srp.c188
-rw-r--r--doc/examples/ex-client-x509.c292
-rw-r--r--doc/examples/ex-client-xssl1.c111
-rw-r--r--doc/examples/ex-client-xssl2.c143
-rw-r--r--doc/examples/ex-crq.c102
-rw-r--r--doc/examples/ex-ocsp-client.c448
-rw-r--r--doc/examples/ex-pkcs11-list.c56
-rw-r--r--doc/examples/ex-pkcs12.c218
-rw-r--r--doc/examples/ex-serv-anon.c250
-rw-r--r--doc/examples/ex-serv-dtls.c680
-rw-r--r--doc/examples/ex-serv-pgp.c265
-rw-r--r--doc/examples/ex-serv-psk.c319
-rw-r--r--doc/examples/ex-serv-srp.c261
-rw-r--r--doc/examples/ex-serv-x509.c295
-rw-r--r--doc/examples/ex-session-info.c220
-rw-r--r--doc/examples/ex-verify-ssh.c182
-rw-r--r--doc/examples/ex-verify.c209
-rw-r--r--doc/examples/ex-x509-info.c163
-rw-r--r--doc/examples/examples.h25
-rw-r--r--doc/examples/print-ciphersuites.c88
-rw-r--r--doc/examples/tcp.c57
-rw-r--r--doc/examples/udp.c59
-rw-r--r--doc/examples/verify.c74
-rw-r--r--doc/printlist.c355
35 files changed, 3388 insertions, 3486 deletions
diff --git a/doc/alert-printlist.c b/doc/alert-printlist.c
index 59d53193a3..ab746aa2f2 100644
--- a/doc/alert-printlist.c
+++ b/doc/alert-printlist.c
@@ -27,94 +27,96 @@
#include <gnutls/openpgp.h>
#include "common.h"
-static void main_texinfo (void);
+static void main_texinfo(void);
static void main_latex(void);
char buffer[1024];
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- if (argc > 1)
- main_latex();
- else
- main_texinfo();
-
- return 0;
+ if (argc > 1)
+ main_latex();
+ else
+ main_texinfo();
+
+ return 0;
}
-static void main_texinfo (void)
+static void main_texinfo(void)
{
- {
- size_t i;
- const char *name;
- gnutls_kx_algorithm_t kx;
- gnutls_cipher_algorithm_t cipher;
- gnutls_mac_algorithm_t mac;
- gnutls_protocol_t version;
-
- printf ("@multitable @columnfractions .55 .10 .30\n@anchor{tab:alerts}\n");
- printf ("@headitem Alert @tab ID @tab Description\n");
- for (i = 0; i<256;i++)
- {
- if (gnutls_alert_get_strname(i)==NULL) continue;
- printf ("@item %s\n@tab %d\n@tab %s\n",
- escape_texi_string(gnutls_alert_get_strname(i), buffer, sizeof(buffer)),
- (unsigned int) i, gnutls_alert_get_name (i));
- }
- printf ("@end multitable\n");
-
- }
+ {
+ size_t i;
+ const char *name;
+ gnutls_kx_algorithm_t kx;
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_mac_algorithm_t mac;
+ gnutls_protocol_t version;
+
+ printf
+ ("@multitable @columnfractions .55 .10 .30\n@anchor{tab:alerts}\n");
+ printf("@headitem Alert @tab ID @tab Description\n");
+ for (i = 0; i < 256; i++) {
+ if (gnutls_alert_get_strname(i) == NULL)
+ continue;
+ printf("@item %s\n@tab %d\n@tab %s\n",
+ escape_texi_string(gnutls_alert_get_strname
+ (i), buffer,
+ sizeof(buffer)),
+ (unsigned int) i, gnutls_alert_get_name(i));
+ }
+ printf("@end multitable\n");
+
+ }
}
static const char headers[] = "\\tablefirsthead{%\n"
- "\\hline\n"
- "Alert & ID & Description\\\\\n"
- "\\hline}\n"
+ "\\hline\n" "Alert & ID & Description\\\\\n" "\\hline}\n"
#if 0
- "\\tablehead{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
- "\\hline}\n"
- "\\tabletail{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
- "\\hline}\n"
+ "\\tablehead{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
+ "\\hline}\n"
+ "\\tabletail{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
+ "\\hline}\n"
#endif
- "\\tablelasttail{\\hline}\n"
- "\\bottomcaption{The TLS alert table}\n\n";
+ "\\tablelasttail{\\hline}\n"
+ "\\bottomcaption{The TLS alert table}\n\n";
static void main_latex(void)
{
-int i, j;
-const char* desc;
-const char* _name;
-
-puts( headers);
-
-printf("\\begin{supertabular}{|p{.50\\linewidth}|p{.07\\linewidth}|p{.34\\linewidth}|}\n\\label{tab:alerts}\n");
-
- {
- size_t i;
- const char *name;
- gnutls_kx_algorithm_t kx;
- gnutls_cipher_algorithm_t cipher;
- gnutls_mac_algorithm_t mac;
- gnutls_protocol_t version;
-
- for (i = 0; i<256;i++)
- {
- if (gnutls_alert_get_strname(i)==NULL) continue;
- printf ("{\\small{%s}} & \\code{%d} & %s",
- escape_string(gnutls_alert_get_strname(i), buffer, sizeof(buffer)),
- (unsigned int) i, gnutls_alert_get_name (i));
- printf( "\\\\\n");
- }
-
- printf("\\end{supertabular}\n\n");
-
- }
-
-return;
+ int i, j;
+ const char *desc;
+ const char *_name;
+
+ puts(headers);
+
+ printf
+ ("\\begin{supertabular}{|p{.50\\linewidth}|p{.07\\linewidth}|p{.34\\linewidth}|}\n\\label{tab:alerts}\n");
+
+ {
+ size_t i;
+ const char *name;
+ gnutls_kx_algorithm_t kx;
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_mac_algorithm_t mac;
+ gnutls_protocol_t version;
+
+ for (i = 0; i < 256; i++) {
+ if (gnutls_alert_get_strname(i) == NULL)
+ continue;
+ printf("{\\small{%s}} & \\code{%d} & %s",
+ escape_string(gnutls_alert_get_strname(i),
+ buffer, sizeof(buffer)),
+ (unsigned int) i, gnutls_alert_get_name(i));
+ printf("\\\\\n");
+ }
+
+ printf("\\end{supertabular}\n\n");
+
+ }
+
+ return;
}
diff --git a/doc/common.c b/doc/common.c
index 4ceaff80cb..492f9b969e 100644
--- a/doc/common.c
+++ b/doc/common.c
@@ -1,47 +1,47 @@
-char* escape_string( const char* str, char* buffer, int buffer_size)
+char *escape_string(const char *str, char *buffer, int buffer_size)
{
-int i = 0, j = 0;
+ int i = 0, j = 0;
-while( str[i] != 0 && j <buffer_size - 1) {
- if (str[i]=='_') {
- buffer[j++] = '\\';
- buffer[j++] = '_';
- buffer[j++] = '\\';
- buffer[j++] = '-';
- } else if (str[i]=='#') {
- buffer[j++] = '\\';
- buffer[j++] = '#';
- } else {
- buffer[j++] = str[i];
- }
- i++;
-};
+ while (str[i] != 0 && j < buffer_size - 1) {
+ if (str[i] == '_') {
+ buffer[j++] = '\\';
+ buffer[j++] = '_';
+ buffer[j++] = '\\';
+ buffer[j++] = '-';
+ } else if (str[i] == '#') {
+ buffer[j++] = '\\';
+ buffer[j++] = '#';
+ } else {
+ buffer[j++] = str[i];
+ }
+ i++;
+ };
-buffer[j] = 0;
+ buffer[j] = 0;
-return buffer;
+ return buffer;
}
-char* escape_texi_string( const char* str, char* buffer, int buffer_size)
+char *escape_texi_string(const char *str, char *buffer, int buffer_size)
{
-int i = 0, j = 0;
+ int i = 0, j = 0;
-while( str[i] != 0 && j <buffer_size - 1) {
- if (str[i]=='_') {
- buffer[j++] = '_';
- buffer[j++] = '@';
- buffer[j++] = '-';
- } else {
- buffer[j++] = str[i];
- }
- i++;
-};
+ while (str[i] != 0 && j < buffer_size - 1) {
+ if (str[i] == '_') {
+ buffer[j++] = '_';
+ buffer[j++] = '@';
+ buffer[j++] = '-';
+ } else {
+ buffer[j++] = str[i];
+ }
+ i++;
+ };
-buffer[j] = 0;
+ buffer[j] = 0;
-return buffer;
+ return buffer;
}
diff --git a/doc/common.h b/doc/common.h
index 2338a39ccd..85fd78e7fa 100644
--- a/doc/common.h
+++ b/doc/common.h
@@ -1,2 +1,2 @@
-char* escape_string( const char* str, char* buffer, int buffer_size);
-char* escape_texi_string( const char* str, char* buffer, int buffer_size);
+char *escape_string(const char *str, char *buffer, int buffer_size);
+char *escape_texi_string(const char *str, char *buffer, int buffer_size);
diff --git a/doc/errcodes.c b/doc/errcodes.c
index 93f3a63a25..defee3a19c 100644
--- a/doc/errcodes.c
+++ b/doc/errcodes.c
@@ -29,126 +29,129 @@
#include "common.h"
static void main_latex(void);
-static int main_texinfo (void);
+static int main_texinfo(void);
#define MAX_CODES 600
-typedef struct
-{
- char name[128];
- int error_index;
+typedef struct {
+ char name[128];
+ int error_index;
} error_name;
-static int
-compar (const void *_n1, const void *_n2)
+static int compar(const void *_n1, const void *_n2)
{
- const error_name *n1 = (const error_name *) _n1,
- *n2 = (const error_name *) _n2;
- return strcmp (n1->name, n2->name);
+ const error_name *n1 = (const error_name *) _n1,
+ *n2 = (const error_name *) _n2;
+ return strcmp(n1->name, n2->name);
}
static const char headers[] = "\\tablefirsthead{%\n"
- "\\hline\n"
- "\\multicolumn{1}{|c}{Code} &\n"
- "\\multicolumn{1}{c}{Name} &\n"
- "\\multicolumn{1}{c|}{Description} \\\\\n"
- "\\hline}\n"
+ "\\hline\n"
+ "\\multicolumn{1}{|c}{Code} &\n"
+ "\\multicolumn{1}{c}{Name} &\n"
+ "\\multicolumn{1}{c|}{Description} \\\\\n" "\\hline}\n"
#if 0
- "\\tablehead{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
- "\\hline}\n"
- "\\tabletail{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
- "\\hline}\n"
+ "\\tablehead{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
+ "\\hline}\n"
+ "\\tabletail{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
+ "\\hline}\n"
#endif
- "\\tablelasttail{\\hline}\n"
- "\\bottomcaption{The error codes table}\n\n";
+ "\\tablelasttail{\\hline}\n"
+ "\\bottomcaption{The error codes table}\n\n";
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- if (argc > 1)
- main_latex();
- else
- main_texinfo();
-
- return 0;
+ if (argc > 1)
+ main_latex();
+ else
+ main_texinfo();
+
+ return 0;
}
-static int main_texinfo (void)
+static int main_texinfo(void)
{
- int i, j;
- const char *desc;
- const char *_name;
- char buffer[500];
- error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */
+ int i, j;
+ const char *desc;
+ const char *_name;
+ char buffer[500];
+ error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */
- printf ("@multitable @columnfractions .15 .40 .37\n");
+ printf("@multitable @columnfractions .15 .40 .37\n");
- memset (names_to_sort, 0, sizeof (names_to_sort));
- j = 0;
- for (i = 0; i > -MAX_CODES; i--)
- {
- _name = gnutls_strerror_name (i);
- if (_name == NULL)
- continue;
+ memset(names_to_sort, 0, sizeof(names_to_sort));
+ j = 0;
+ for (i = 0; i > -MAX_CODES; i--) {
+ _name = gnutls_strerror_name(i);
+ if (_name == NULL)
+ continue;
- desc = gnutls_strerror (i);
+ desc = gnutls_strerror(i);
- printf ("@item %d @tab %s @tab %s\n", i, escape_texi_string(_name, buffer,sizeof(buffer)), desc);
+ printf("@item %d @tab %s @tab %s\n", i,
+ escape_texi_string(_name, buffer, sizeof(buffer)),
+ desc);
- strcpy (names_to_sort[j].name, _name);
- names_to_sort[j].error_index = i;
- j++;
- }
+ strcpy(names_to_sort[j].name, _name);
+ names_to_sort[j].error_index = i;
+ j++;
+ }
- printf ("@end multitable\n");
+ printf("@end multitable\n");
- return 0;
+ return 0;
}
static void main_latex(void)
{
-int i, j;
-static char buffer1[500];
-static char buffer2[500];
-const char* desc;
-const char* _name;
-error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */
-
-puts( headers);
-
-printf("\\begin{supertabular}{|p{.05\\linewidth}|p{.40\\linewidth}|p{.45\\linewidth}|}\n");
-
-memset( names_to_sort, 0, sizeof(names_to_sort));
-j=0;
-for (i=0;i>-MAX_CODES;i--)
-{
- _name = gnutls_strerror_name(i);
- if ( _name == NULL) continue;
-
- strcpy( names_to_sort[j].name, _name);
- names_to_sort[j].error_index = i;
- j++;
-}
+ int i, j;
+ static char buffer1[500];
+ static char buffer2[500];
+ const char *desc;
+ const char *_name;
+ error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */
+
+ puts(headers);
+
+ printf
+ ("\\begin{supertabular}{|p{.05\\linewidth}|p{.40\\linewidth}|p{.45\\linewidth}|}\n");
+
+ memset(names_to_sort, 0, sizeof(names_to_sort));
+ j = 0;
+ for (i = 0; i > -MAX_CODES; i--) {
+ _name = gnutls_strerror_name(i);
+ if (_name == NULL)
+ continue;
+
+ strcpy(names_to_sort[j].name, _name);
+ names_to_sort[j].error_index = i;
+ j++;
+ }
//qsort( names_to_sort, j, sizeof(error_name), compar);
-for (i=0;i<j;i++)
-{
- _name = names_to_sort[i].name;
- desc = gnutls_strerror( names_to_sort[i].error_index);
- if (desc == NULL || _name == NULL) continue;
+ for (i = 0; i < j; i++) {
+ _name = names_to_sort[i].name;
+ desc = gnutls_strerror(names_to_sort[i].error_index);
+ if (desc == NULL || _name == NULL)
+ continue;
- printf( "%d & {\\scriptsize{%s}} & %s", names_to_sort[i].error_index, escape_string(_name, buffer1, sizeof(buffer1)), escape_string(desc, buffer2, sizeof(buffer2)));
- printf( "\\\\\n");
-}
+ printf("%d & {\\scriptsize{%s}} & %s",
+ names_to_sort[i].error_index, escape_string(_name,
+ buffer1,
+ sizeof
+ (buffer1)),
+ escape_string(desc, buffer2, sizeof(buffer2)));
+ printf("\\\\\n");
+ }
-printf("\\end{supertabular}\n\n");
+ printf("\\end{supertabular}\n\n");
-return;
+ return;
}
diff --git a/doc/examples/ex-alert.c b/doc/examples/ex-alert.c
index 6bc14562fe..868771a681 100644
--- a/doc/examples/ex-alert.c
+++ b/doc/examples/ex-alert.c
@@ -14,25 +14,23 @@
* a gnutls function (recv/send), is an alert, and will print
* that alert.
*/
-void
-check_alert (gnutls_session_t session, int ret)
+void check_alert(gnutls_session_t session, int ret)
{
- int last_alert;
+ int last_alert;
- if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
- || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
- {
- last_alert = gnutls_alert_get (session);
+ if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
+ || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+ last_alert = gnutls_alert_get(session);
- /* The check for renegotiation is only useful if we are
- * a server, and we had requested a rehandshake.
- */
- if (last_alert == GNUTLS_A_NO_RENEGOTIATION &&
- ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
- printf ("* Received NO_RENEGOTIATION alert. "
- "Client Does not support renegotiation.\n");
- else
- printf ("* Received alert '%d': %s.\n", last_alert,
- gnutls_alert_get_name (last_alert));
- }
+ /* The check for renegotiation is only useful if we are
+ * a server, and we had requested a rehandshake.
+ */
+ if (last_alert == GNUTLS_A_NO_RENEGOTIATION &&
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED)
+ printf("* Received NO_RENEGOTIATION alert. "
+ "Client Does not support renegotiation.\n");
+ else
+ printf("* Received alert '%d': %s.\n", last_alert,
+ gnutls_alert_get_name(last_alert));
+ }
}
diff --git a/doc/examples/ex-cert-select-pkcs11.c b/doc/examples/ex-cert-select-pkcs11.c
index 8e29a2586f..aa76662ccf 100644
--- a/doc/examples/ex-cert-select-pkcs11.c
+++ b/doc/examples/ex-cert-select-pkcs11.c
@@ -17,7 +17,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <getpass.h> /* for getpass() */
+#include <getpass.h> /* for getpass() */
/* A TLS client that loads the certificate and key.
*/
@@ -36,138 +36,131 @@
#define CERT_URL "pkcs11:manufacturer=SomeManufacturer;object=Certificate;" \
"objecttype=cert;id=db%5b%3e%b5%72%33"
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
static int
-pin_callback (void *user, int attempt, const char *token_url,
- const char *token_label, unsigned int flags, char *pin,
- size_t pin_max)
+pin_callback(void *user, int attempt, const char *token_url,
+ const char *token_label, unsigned int flags, char *pin,
+ size_t pin_max)
{
- const char *password;
- int len;
-
- printf ("PIN required for token '%s' with URL '%s'\n", token_label,
- token_url);
- if (flags & GNUTLS_PIN_FINAL_TRY)
- printf ("*** This is the final try before locking!\n");
- if (flags & GNUTLS_PIN_COUNT_LOW)
- printf ("*** Only few tries left before locking!\n");
- if (flags & GNUTLS_PIN_WRONG)
- printf ("*** Wrong PIN\n");
-
- password = getpass ("Enter pin: ");
- if (password == NULL || password[0] == 0)
- {
- fprintf (stderr, "No password given\n");
- exit (1);
- }
-
- len = MIN (pin_max-1, strlen (password));
- memcpy (pin, password, len);
- pin[len] = 0;
-
- return 0;
+ const char *password;
+ int len;
+
+ printf("PIN required for token '%s' with URL '%s'\n", token_label,
+ token_url);
+ if (flags & GNUTLS_PIN_FINAL_TRY)
+ printf("*** This is the final try before locking!\n");
+ if (flags & GNUTLS_PIN_COUNT_LOW)
+ printf("*** Only few tries left before locking!\n");
+ if (flags & GNUTLS_PIN_WRONG)
+ printf("*** Wrong PIN\n");
+
+ password = getpass("Enter pin: ");
+ if (password == NULL || password[0] == 0) {
+ fprintf(stderr, "No password given\n");
+ exit(1);
+ }
+
+ len = MIN(pin_max - 1, strlen(password));
+ memcpy(pin, password, len);
+ pin[len] = 0;
+
+ return 0;
}
-int
-main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- gnutls_priority_t priorities_cache;
- char buffer[MAX_BUF + 1];
- gnutls_certificate_credentials_t xcred;
- /* Allow connections to servers that have OpenPGP keys as well.
- */
-
- gnutls_global_init ();
- /* PKCS11 private key operations might require PIN.
- * Register a callback.
- */
- gnutls_pkcs11_set_pin_function (pin_callback, NULL);
-
- /* X509 stuff */
- gnutls_certificate_allocate_credentials (&xcred);
-
- /* priorities */
- gnutls_priority_init (&priorities_cache, "NORMAL", NULL);
-
- /* sets the trusted cas file
- */
- gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_key_file (xcred, CERT_URL, KEY_URL, GNUTLS_X509_FMT_DER);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set (session, priorities_cache);
-
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- /* connect to the peer
- */
- sd = tcp_connect ();
-
- gnutls_transport_set_int (session, sd);
-
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
-end:
-
- tcp_close (sd);
-
- gnutls_deinit (session);
-
- gnutls_certificate_free_credentials (xcred);
- gnutls_priority_deinit (priorities_cache);
-
- gnutls_global_deinit ();
-
- return 0;
+ int ret, sd, ii;
+ gnutls_session_t session;
+ gnutls_priority_t priorities_cache;
+ char buffer[MAX_BUF + 1];
+ gnutls_certificate_credentials_t xcred;
+ /* Allow connections to servers that have OpenPGP keys as well.
+ */
+
+ gnutls_global_init();
+ /* PKCS11 private key operations might require PIN.
+ * Register a callback.
+ */
+ gnutls_pkcs11_set_pin_function(pin_callback, NULL);
+
+ /* X509 stuff */
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ /* priorities */
+ gnutls_priority_init(&priorities_cache, "NORMAL", NULL);
+
+ /* sets the trusted cas file
+ */
+ gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_key_file(xcred, CERT_URL, KEY_URL,
+ GNUTLS_X509_FMT_DER);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set(session, priorities_cache);
+
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ /* connect to the peer
+ */
+ sd = tcp_connect();
+
+ gnutls_transport_set_int(session, sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ end:
+
+ tcp_close(sd);
+
+ gnutls_deinit(session);
+
+ gnutls_certificate_free_credentials(xcred);
+ gnutls_priority_deinit(priorities_cache);
+
+ gnutls_global_deinit();
+
+ return 0;
}
diff --git a/doc/examples/ex-cert-select.c b/doc/examples/ex-cert-select.c
index 6e12a8d3a1..99cd126d91 100644
--- a/doc/examples/ex-cert-select.c
+++ b/doc/examples/ex-cert-select.c
@@ -28,163 +28,155 @@
#define KEY_FILE "key.pem"
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
static int
-cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_pcert_st ** pcert,
- unsigned int *pcert_length, gnutls_privkey_t * pkey);
+cert_callback(gnutls_session_t session,
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_pcert_st ** pcert,
+ unsigned int *pcert_length, gnutls_privkey_t * pkey);
gnutls_pcert_st pcrt;
gnutls_privkey_t key;
/* Load the certificate and the private key.
*/
-static void
-load_keys (void)
+static void load_keys(void)
{
- int ret;
- gnutls_datum_t data;
-
- ret = gnutls_load_file (CERT_FILE, &data);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading certificate file.\n");
- exit (1);
- }
-
- ret = gnutls_pcert_import_x509_raw (&pcrt, &data, GNUTLS_X509_FMT_PEM, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading certificate file: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_free(data.data);
-
- ret = gnutls_load_file (KEY_FILE, &data);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading key file.\n");
- exit (1);
- }
-
- gnutls_privkey_init (&key);
-
- ret = gnutls_privkey_import_x509_raw (key, &data, GNUTLS_X509_FMT_PEM, NULL, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading key file: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- gnutls_free(data.data);
+ int ret;
+ gnutls_datum_t data;
+
+ ret = gnutls_load_file(CERT_FILE, &data);
+ if (ret < 0) {
+ fprintf(stderr, "*** Error loading certificate file.\n");
+ exit(1);
+ }
+
+ ret =
+ gnutls_pcert_import_x509_raw(&pcrt, &data, GNUTLS_X509_FMT_PEM,
+ 0);
+ if (ret < 0) {
+ fprintf(stderr, "*** Error loading certificate file: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_free(data.data);
+
+ ret = gnutls_load_file(KEY_FILE, &data);
+ if (ret < 0) {
+ fprintf(stderr, "*** Error loading key file.\n");
+ exit(1);
+ }
+
+ gnutls_privkey_init(&key);
+
+ ret =
+ gnutls_privkey_import_x509_raw(key, &data, GNUTLS_X509_FMT_PEM,
+ NULL, 0);
+ if (ret < 0) {
+ fprintf(stderr, "*** Error loading key file: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ gnutls_free(data.data);
}
-int
-main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- gnutls_priority_t priorities_cache;
- char buffer[MAX_BUF + 1];
- gnutls_certificate_credentials_t xcred;
- /* Allow connections to servers that have OpenPGP keys as well.
- */
+ int ret, sd, ii;
+ gnutls_session_t session;
+ gnutls_priority_t priorities_cache;
+ char buffer[MAX_BUF + 1];
+ gnutls_certificate_credentials_t xcred;
+ /* Allow connections to servers that have OpenPGP keys as well.
+ */
- gnutls_global_init ();
+ gnutls_global_init();
- load_keys ();
+ load_keys();
- /* X509 stuff */
- gnutls_certificate_allocate_credentials (&xcred);
+ /* X509 stuff */
+ gnutls_certificate_allocate_credentials(&xcred);
- /* priorities */
- gnutls_priority_init (&priorities_cache, "NORMAL", NULL);
+ /* priorities */
+ gnutls_priority_init(&priorities_cache, "NORMAL", NULL);
- /* sets the trusted cas file
- */
- gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
+ /* sets the trusted cas file
+ */
+ gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_retrieve_function2 (xcred, cert_callback);
+ gnutls_certificate_set_retrieve_function2(xcred, cert_callback);
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
- /* Use default priorities */
- gnutls_priority_set (session, priorities_cache);
+ /* Use default priorities */
+ gnutls_priority_set(session, priorities_cache);
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
- /* connect to the peer
- */
- sd = tcp_connect ();
+ /* connect to the peer
+ */
+ sd = tcp_connect();
- gnutls_transport_set_int (session, sd);
+ gnutls_transport_set_int(session, sd);
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake(session);
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
- gnutls_record_send (session, MSG, strlen (MSG));
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
+ gnutls_record_send(session, MSG, strlen(MSG));
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
-end:
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
- tcp_close (sd);
+ end:
- gnutls_deinit (session);
+ tcp_close(sd);
- gnutls_certificate_free_credentials (xcred);
- gnutls_priority_deinit (priorities_cache);
+ gnutls_deinit(session);
- gnutls_global_deinit ();
+ gnutls_certificate_free_credentials(xcred);
+ gnutls_priority_deinit(priorities_cache);
- return 0;
+ gnutls_global_deinit();
+
+ return 0;
}
@@ -195,52 +187,48 @@ end:
*/
static int
-cert_callback (gnutls_session_t session,
- const gnutls_datum_t * req_ca_rdn, int nreqs,
- const gnutls_pk_algorithm_t * sign_algos,
- int sign_algos_length, gnutls_pcert_st ** pcert,
- unsigned int *pcert_length, gnutls_privkey_t * pkey)
+cert_callback(gnutls_session_t session,
+ const gnutls_datum_t * req_ca_rdn, int nreqs,
+ const gnutls_pk_algorithm_t * sign_algos,
+ int sign_algos_length, gnutls_pcert_st ** pcert,
+ unsigned int *pcert_length, gnutls_privkey_t * pkey)
{
- char issuer_dn[256];
- int i, ret;
- size_t len;
- gnutls_certificate_type_t type;
-
- /* Print the server's trusted CAs
- */
- if (nreqs > 0)
- printf ("- Server's trusted authorities:\n");
- else
- printf ("- Server did not send us any trusted authorities names.\n");
-
- /* print the names (if any) */
- for (i = 0; i < nreqs; i++)
- {
- len = sizeof (issuer_dn);
- ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
- if (ret >= 0)
- {
- printf (" [%d]: ", i);
- printf ("%s\n", issuer_dn);
+ char issuer_dn[256];
+ int i, ret;
+ size_t len;
+ gnutls_certificate_type_t type;
+
+ /* Print the server's trusted CAs
+ */
+ if (nreqs > 0)
+ printf("- Server's trusted authorities:\n");
+ else
+ printf
+ ("- Server did not send us any trusted authorities names.\n");
+
+ /* print the names (if any) */
+ for (i = 0; i < nreqs; i++) {
+ len = sizeof(issuer_dn);
+ ret = gnutls_x509_rdn_get(&req_ca_rdn[i], issuer_dn, &len);
+ if (ret >= 0) {
+ printf(" [%d]: ", i);
+ printf("%s\n", issuer_dn);
+ }
+ }
+
+ /* Select a certificate and return it.
+ * The certificate must be of any of the "sign algorithms"
+ * supported by the server.
+ */
+ type = gnutls_certificate_type_get(session);
+ if (type == GNUTLS_CRT_X509) {
+ *pcert_length = 1;
+ *pcert = &pcrt;
+ *pkey = key;
+ } else {
+ return -1;
}
- }
-
- /* Select a certificate and return it.
- * The certificate must be of any of the "sign algorithms"
- * supported by the server.
- */
- type = gnutls_certificate_type_get (session);
- if (type == GNUTLS_CRT_X509)
- {
- *pcert_length = 1;
- *pcert = &pcrt;
- *pkey = key;
- }
- else
- {
- return -1;
- }
-
- return 0;
+
+ return 0;
}
diff --git a/doc/examples/ex-client-anon.c b/doc/examples/ex-client-anon.c
index 4cb804e65d..e86e9302f5 100644
--- a/doc/examples/ex-client-anon.c
+++ b/doc/examples/ex-client-anon.c
@@ -19,103 +19,93 @@
#define MAX_BUF 1024
#define MSG "GET / HTTP/1.0\r\n\r\n"
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
-int
-main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_anon_client_credentials_t anoncred;
- /* Need to enable anonymous KX specifically. */
-
- gnutls_global_init ();
-
- gnutls_anon_allocate_client_credentials (&anoncred);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- gnutls_priority_set_direct (session, "PERFORMANCE:+ANON-ECDH:+ANON-DH",
- NULL);
-
- /* put the anonymous credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- /* connect to the peer
- */
- sd = tcp_connect ();
-
- gnutls_transport_set_int (session, sd);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
+ int ret, sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_anon_client_credentials_t anoncred;
+ /* Need to enable anonymous KX specifically. */
+
+ gnutls_global_init();
+
+ gnutls_anon_allocate_client_credentials(&anoncred);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ gnutls_priority_set_direct(session,
+ "PERFORMANCE:+ANON-ECDH:+ANON-DH",
+ NULL);
+
+ /* put the anonymous credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ /* connect to the peer
+ */
+ sd = tcp_connect();
+
+ gnutls_transport_set_int(session, sd);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
}
- fputs ("\n", stdout);
- }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
-end:
+ end:
- tcp_close (sd);
+ tcp_close(sd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_anon_free_client_credentials (anoncred);
+ gnutls_anon_free_client_credentials(anoncred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-client-dtls.c b/doc/examples/ex-client-dtls.c
index 9b8fd98c21..cb9375d2ab 100644
--- a/doc/examples/ex-client-dtls.c
+++ b/doc/examples/ex-client-dtls.c
@@ -21,121 +21,110 @@
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
-extern int udp_connect (void);
-extern void udp_close (int sd);
-extern int verify_certificate_callback (gnutls_session_t session);
+extern int udp_connect(void);
+extern void udp_close(int sd);
+extern int verify_certificate_callback(gnutls_session_t session);
-int
-main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- const char *err;
- gnutls_certificate_credentials_t xcred;
-
- gnutls_global_init ();
-
- /* X509 stuff */
- gnutls_certificate_allocate_credentials (&xcred);
-
- /* sets the trusted cas file */
- gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_verify_function (xcred, verify_certificate_callback);
-
- /* Initialize TLS session */
- gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
-
- /* Use default priorities */
- ret = gnutls_priority_set_direct (session, "NORMAL", &err);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
+ int ret, sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ const char *err;
+ gnutls_certificate_credentials_t xcred;
+
+ gnutls_global_init();
+
+ /* X509 stuff */
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ /* sets the trusted cas file */
+ gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_verify_function(xcred,
+ verify_certificate_callback);
+
+ /* Initialize TLS session */
+ gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
+
+ /* Use default priorities */
+ ret = gnutls_priority_set_direct(session, "NORMAL", &err);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_INVALID_REQUEST) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ }
+ exit(1);
}
- exit (1);
- }
-
- /* put the x509 credentials to the current session */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- gnutls_server_name_set (session, GNUTLS_NAME_DNS, "my_host_name",
- strlen("my_host_name"));
-
- /* connect to the peer */
- sd = udp_connect ();
-
- gnutls_transport_set_int (session, sd);
-
- /* set the connection MTU */
- gnutls_dtls_set_mtu (session, 1000);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
- /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET */
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
+
+ /* put the x509 credentials to the current session */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+ gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name",
+ strlen("my_host_name"));
+
+ /* connect to the peer */
+ sd = udp_connect();
+
+ gnutls_transport_set_int(session, sd);
+
+ /* set the connection MTU */
+ gnutls_dtls_set_mtu(session, 1000);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
+ /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET */
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
}
- fputs ("\n", stdout);
- }
- /* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS
- * connections because the peer's closure message might
- * be lost */
- gnutls_bye (session, GNUTLS_SHUT_WR);
+ /* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS
+ * connections because the peer's closure message might
+ * be lost */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
-end:
+ end:
- udp_close (sd);
+ udp_close(sd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_certificate_free_credentials (xcred);
+ gnutls_certificate_free_credentials(xcred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-client-psk.c b/doc/examples/ex-client-psk.c
index 60da53e66b..63a24a7247 100644
--- a/doc/examples/ex-client-psk.c
+++ b/doc/examples/ex-client-psk.c
@@ -19,113 +19,103 @@
#define MAX_BUF 1024
#define MSG "GET / HTTP/1.0\r\n\r\n"
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
-int
-main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- const char *err;
- gnutls_psk_client_credentials_t pskcred;
- const gnutls_datum_t key = { (void *) "DEADBEEF", 8 };
-
- gnutls_global_init ();
-
- gnutls_psk_allocate_client_credentials (&pskcred);
- gnutls_psk_set_client_credentials (pskcred, "test", &key,
- GNUTLS_PSK_KEY_HEX);
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- /* Use default priorities */
- ret = gnutls_priority_set_direct (session, "PERFORMANCE:+ECDHE-PSK:+DHE-PSK:+PSK", &err);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
+ int ret, sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ const char *err;
+ gnutls_psk_client_credentials_t pskcred;
+ const gnutls_datum_t key = { (void *) "DEADBEEF", 8 };
+
+ gnutls_global_init();
+
+ gnutls_psk_allocate_client_credentials(&pskcred);
+ gnutls_psk_set_client_credentials(pskcred, "test", &key,
+ GNUTLS_PSK_KEY_HEX);
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ ret =
+ gnutls_priority_set_direct(session,
+ "PERFORMANCE:+ECDHE-PSK:+DHE-PSK:+PSK",
+ &err);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_INVALID_REQUEST) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ }
+ exit(1);
}
- exit (1);
- }
-
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, pskcred);
-
- /* connect to the peer
- */
- sd = tcp_connect ();
-
- gnutls_transport_set_int (session, sd);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
+
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred);
+
+ /* connect to the peer
+ */
+ sd = tcp_connect();
+
+ gnutls_transport_set_int(session, sd);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
}
- fputs ("\n", stdout);
- }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
-end:
+ end:
- tcp_close (sd);
+ tcp_close(sd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_psk_free_client_credentials (pskcred);
+ gnutls_psk_free_client_credentials(pskcred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-client-resume.c b/doc/examples/ex-client-resume.c
index 1842c5e7a1..218cc4447a 100644
--- a/doc/examples/ex-client-resume.c
+++ b/doc/examples/ex-client-resume.c
@@ -11,145 +11,136 @@
/* Those functions are defined in other examples.
*/
-extern void check_alert (gnutls_session_t session, int ret);
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern void check_alert(gnutls_session_t session, int ret);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
#define MAX_BUF 1024
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
-int
-main (void)
+int main(void)
{
- int ret;
- int sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_certificate_credentials_t xcred;
-
- /* variables used in session resuming
- */
- int t;
- char *session_data = NULL;
- size_t session_data_size = 0;
-
- gnutls_global_init ();
-
- /* X509 stuff */
- gnutls_certificate_allocate_credentials (&xcred);
-
- gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
-
- for (t = 0; t < 2; t++)
- { /* connect 2 times to the server */
-
- sd = tcp_connect ();
-
- gnutls_init (&session, GNUTLS_CLIENT);
-
- gnutls_priority_set_direct (session, "PERFORMANCE:!ARCFOUR-128", NULL);
-
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- if (t > 0)
- {
- /* if this is not the first time we connect */
- gnutls_session_set_data (session, session_data, session_data_size);
- free (session_data);
- }
-
- gnutls_transport_set_int (session, sd);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- printf ("- Handshake was completed\n");
- }
-
- if (t == 0)
- { /* the first time we connect */
- /* get the session data size */
- gnutls_session_get_data (session, NULL, &session_data_size);
- session_data = malloc (session_data_size);
-
- /* put session data to the session variable */
- gnutls_session_get_data (session, session_data, &session_data_size);
-
- }
- else
- { /* the second time we connect */
-
- /* check if we actually resumed the previous session */
- if (gnutls_session_is_resumed (session) != 0)
- {
- printf ("- Previous session was resumed\n");
- }
- else
- {
- fprintf (stderr, "*** Previous session was NOT resumed\n");
- }
- }
-
- /* This function was defined in a previous example
- */
- /* print_info(session); */
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
- }
- fputs ("\n", stdout);
- }
-
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
-
- end:
-
- tcp_close (sd);
-
- gnutls_deinit (session);
-
- } /* for() */
-
- gnutls_certificate_free_credentials (xcred);
-
- gnutls_global_deinit ();
-
- return 0;
+ int ret;
+ int sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_certificate_credentials_t xcred;
+
+ /* variables used in session resuming
+ */
+ int t;
+ char *session_data = NULL;
+ size_t session_data_size = 0;
+
+ gnutls_global_init();
+
+ /* X509 stuff */
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ for (t = 0; t < 2; t++) { /* connect 2 times to the server */
+
+ sd = tcp_connect();
+
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ gnutls_priority_set_direct(session,
+ "PERFORMANCE:!ARCFOUR-128",
+ NULL);
+
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ xcred);
+
+ if (t > 0) {
+ /* if this is not the first time we connect */
+ gnutls_session_set_data(session, session_data,
+ session_data_size);
+ free(session_data);
+ }
+
+ gnutls_transport_set_int(session, sd);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ printf("- Handshake was completed\n");
+ }
+
+ if (t == 0) { /* the first time we connect */
+ /* get the session data size */
+ gnutls_session_get_data(session, NULL,
+ &session_data_size);
+ session_data = malloc(session_data_size);
+
+ /* put session data to the session variable */
+ gnutls_session_get_data(session, session_data,
+ &session_data_size);
+
+ } else { /* the second time we connect */
+
+ /* check if we actually resumed the previous session */
+ if (gnutls_session_is_resumed(session) != 0) {
+ printf("- Previous session was resumed\n");
+ } else {
+ fprintf(stderr,
+ "*** Previous session was NOT resumed\n");
+ }
+ }
+
+ /* This function was defined in a previous example
+ */
+ /* print_info(session); */
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n",
+ gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
+
+ end:
+
+ tcp_close(sd);
+
+ gnutls_deinit(session);
+
+ } /* for() */
+
+ gnutls_certificate_free_credentials(xcred);
+
+ gnutls_global_deinit();
+
+ return 0;
}
diff --git a/doc/examples/ex-client-srp.c b/doc/examples/ex-client-srp.c
index e828eb8eaa..722b79a0ae 100644
--- a/doc/examples/ex-client-srp.c
+++ b/doc/examples/ex-client-srp.c
@@ -11,9 +11,9 @@
/* Those functions are defined in other examples.
*/
-extern void check_alert (gnutls_session_t session, int ret);
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern void check_alert(gnutls_session_t session, int ret);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
#define MAX_BUF 1024
#define USERNAME "user"
@@ -21,109 +21,101 @@ extern void tcp_close (int sd);
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
-int
-main (void)
+int main(void)
{
- int ret;
- int sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- gnutls_srp_client_credentials_t srp_cred;
- gnutls_certificate_credentials_t cert_cred;
-
- gnutls_global_init ();
-
- gnutls_srp_allocate_client_credentials (&srp_cred);
- gnutls_certificate_allocate_credentials (&cert_cred);
-
- gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
- gnutls_srp_set_client_credentials (srp_cred, USERNAME, PASSWORD);
-
- /* connects to server
- */
- sd = tcp_connect ();
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
-
- /* Set the priorities.
- */
- gnutls_priority_set_direct (session, "NORMAL:+SRP:+SRP-RSA:+SRP-DSS", NULL);
-
- /* put the SRP credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred);
-
- gnutls_transport_set_int (session, sd);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (gnutls_error_is_fatal (ret) != 0 || ret == 0)
- {
- if (ret == 0)
- {
- printf ("- Peer has closed the GnuTLS connection\n");
- goto end;
+ int ret;
+ int sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ gnutls_srp_client_credentials_t srp_cred;
+ gnutls_certificate_credentials_t cert_cred;
+
+ gnutls_global_init();
+
+ gnutls_srp_allocate_client_credentials(&srp_cred);
+ gnutls_certificate_allocate_credentials(&cert_cred);
+
+ gnutls_certificate_set_x509_trust_file(cert_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_srp_set_client_credentials(srp_cred, USERNAME, PASSWORD);
+
+ /* connects to server
+ */
+ sd = tcp_connect();
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+
+ /* Set the priorities.
+ */
+ gnutls_priority_set_direct(session,
+ "NORMAL:+SRP:+SRP-RSA:+SRP-DSS", NULL);
+
+ /* put the SRP credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred);
+
+ gnutls_transport_set_int(session, sd);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
}
- else
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
}
- }
- else
- check_alert (session, ret);
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (gnutls_error_is_fatal(ret) != 0 || ret == 0) {
+ if (ret == 0) {
+ printf
+ ("- Peer has closed the GnuTLS connection\n");
+ goto end;
+ } else {
+ fprintf(stderr, "*** Error: %s\n",
+ gnutls_strerror(ret));
+ goto end;
+ }
+ } else
+ check_alert(session, ret);
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
}
- fputs ("\n", stdout);
- }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
-end:
+ end:
- tcp_close (sd);
+ tcp_close(sd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_srp_free_client_credentials (srp_cred);
- gnutls_certificate_free_credentials (cert_cred);
+ gnutls_srp_free_client_credentials(srp_cred);
+ gnutls_certificate_free_credentials(cert_cred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c
index bf8ae6bbef..4d1753ae7f 100644
--- a/doc/examples/ex-client-x509.c
+++ b/doc/examples/ex-client-x509.c
@@ -20,173 +20,161 @@
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
-static int _verify_certificate_callback (gnutls_session_t session);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
+static int _verify_certificate_callback(gnutls_session_t session);
-int main (void)
+int main(void)
{
- int ret, sd, ii;
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- const char *err;
- gnutls_certificate_credentials_t xcred;
-
- gnutls_global_init ();
-
- /* X509 stuff */
- gnutls_certificate_allocate_credentials (&xcred);
-
- /* sets the trusted cas file
- */
- gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_verify_function (xcred, _verify_certificate_callback);
-
- /* If client holds a certificate it can be set using the following:
- *
- gnutls_certificate_set_x509_key_file (xcred,
- "cert.pem", "key.pem",
- GNUTLS_X509_FMT_PEM);
- */
-
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
-
- gnutls_session_set_ptr (session, (void *) "my_host_name");
-
- gnutls_server_name_set (session, GNUTLS_NAME_DNS, "my_host_name",
- strlen("my_host_name"));
-
- /* Use default priorities */
- ret = gnutls_priority_set_direct (session, "NORMAL", &err);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_INVALID_REQUEST)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
+ int ret, sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ const char *err;
+ gnutls_certificate_credentials_t xcred;
+
+ gnutls_global_init();
+
+ /* X509 stuff */
+ gnutls_certificate_allocate_credentials(&xcred);
+
+ /* sets the trusted cas file
+ */
+ gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_verify_function(xcred,
+ _verify_certificate_callback);
+
+ /* If client holds a certificate it can be set using the following:
+ *
+ gnutls_certificate_set_x509_key_file (xcred,
+ "cert.pem", "key.pem",
+ GNUTLS_X509_FMT_PEM);
+ */
+
+ /* Initialize TLS session
+ */
+ gnutls_init(&session, GNUTLS_CLIENT);
+
+ gnutls_session_set_ptr(session, (void *) "my_host_name");
+
+ gnutls_server_name_set(session, GNUTLS_NAME_DNS, "my_host_name",
+ strlen("my_host_name"));
+
+ /* Use default priorities */
+ ret = gnutls_priority_set_direct(session, "NORMAL", &err);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_INVALID_REQUEST) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ }
+ exit(1);
}
- exit (1);
- }
-
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
-
- /* connect to the peer
- */
- sd = tcp_connect ();
-
- gnutls_transport_set_int (session, sd);
- gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
- /* Perform the TLS handshake
- */
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- fprintf (stderr, "*** Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else
- {
- char* desc;
-
- desc = gnutls_session_get_desc(session);
- printf ("- Session info: %s\n", desc);
- gnutls_free(desc);
- }
-
- gnutls_record_send (session, MSG, strlen (MSG));
-
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
- printf ("- Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
-
- if (ret > 0)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
- {
- fputc (buffer[ii], stdout);
+
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ /* connect to the peer
+ */
+ sd = tcp_connect();
+
+ gnutls_transport_set_int(session, sd);
+ gnutls_handshake_set_timeout(session,
+ GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+ /* Perform the TLS handshake
+ */
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ fprintf(stderr, "*** Handshake failed\n");
+ gnutls_perror(ret);
+ goto end;
+ } else {
+ char *desc;
+
+ desc = gnutls_session_get_desc(session);
+ printf("- Session info: %s\n", desc);
+ gnutls_free(desc);
+ }
+
+ gnutls_record_send(session, MSG, strlen(MSG));
+
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+ if (ret == 0) {
+ printf("- Peer has closed the TLS connection\n");
+ goto end;
+ } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
+ goto end;
+ }
+
+ if (ret > 0) {
+ printf("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++) {
+ fputc(buffer[ii], stdout);
+ }
+ fputs("\n", stdout);
}
- fputs ("\n", stdout);
- }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ gnutls_bye(session, GNUTLS_SHUT_RDWR);
-end:
+ end:
- tcp_close (sd);
+ tcp_close(sd);
- gnutls_deinit (session);
+ gnutls_deinit(session);
- gnutls_certificate_free_credentials (xcred);
+ gnutls_certificate_free_credentials(xcred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
/* This function will verify the peer's certificate, and check
* if the hostname matches, as well as the activation, expiration dates.
*/
-static int
-_verify_certificate_callback (gnutls_session_t session)
+static int _verify_certificate_callback(gnutls_session_t session)
{
- unsigned int status;
- int ret, type;
- const char *hostname;
- gnutls_datum_t out;
-
- /* read hostname */
- hostname = gnutls_session_get_ptr (session);
-
- /* This verification function uses the trusted CAs in the credentials
- * structure. So you must have installed one or more CA certificates.
- */
- ret = gnutls_certificate_verify_peers3 (session, hostname, &status);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- type = gnutls_certificate_type_get (session);
-
- ret = gnutls_certificate_verification_status_print( status, type, &out, 0);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- printf ("%s", out.data);
-
- gnutls_free(out.data);
-
- if (status != 0) /* Certificate is not trusted */
- return GNUTLS_E_CERTIFICATE_ERROR;
-
- /* notify gnutls to continue handshake normally */
- return 0;
-}
+ unsigned int status;
+ int ret, type;
+ const char *hostname;
+ gnutls_datum_t out;
+
+ /* read hostname */
+ hostname = gnutls_session_get_ptr(session);
+
+ /* This verification function uses the trusted CAs in the credentials
+ * structure. So you must have installed one or more CA certificates.
+ */
+ ret = gnutls_certificate_verify_peers3(session, hostname, &status);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ type = gnutls_certificate_type_get(session);
+
+ ret =
+ gnutls_certificate_verification_status_print(status, type,
+ &out, 0);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+ printf("%s", out.data);
+
+ gnutls_free(out.data);
+
+ if (status != 0) /* Certificate is not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+
+ /* notify gnutls to continue handshake normally */
+ return 0;
+}
diff --git a/doc/examples/ex-client-xssl1.c b/doc/examples/ex-client-xssl1.c
index f9d77e61c5..a50b4123a8 100644
--- a/doc/examples/ex-client-xssl1.c
+++ b/doc/examples/ex-client-xssl1.c
@@ -15,71 +15,68 @@
* is explicit.
*/
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
-int main (void)
+int main(void)
{
- int ret;
- char *line = NULL;
- size_t line_len;
- xssl_cred_t cred;
- xssl_t sb;
- unsigned int status;
- int fd;
-
- gnutls_global_init ();
-
- fd = tcp_connect ();
-
- ret = xssl_cred_init(&cred, GNUTLS_VMETHOD_SYSTEM_CAS, NULL, 0);
- if (ret < 0)
- exit(1);
-
- /* Initialize TLS session
- */
- ret = xssl_client_init(&sb, "www.example.com", NULL,
- (gnutls_transport_ptr_t)fd,
- NULL, cred, &status, 0);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_AUTH_ERROR)
- {
- gnutls_datum_t txt;
-
- gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509,
- &txt, 0);
-
- fprintf(stderr, "Verification error (%x): %s\n", status, txt.data);
- gnutls_free(txt.data);
- }
- exit(1);
- }
+ int ret;
+ char *line = NULL;
+ size_t line_len;
+ xssl_cred_t cred;
+ xssl_t sb;
+ unsigned int status;
+ int fd;
+
+ gnutls_global_init();
+
+ fd = tcp_connect();
+
+ ret = xssl_cred_init(&cred, GNUTLS_VMETHOD_SYSTEM_CAS, NULL, 0);
+ if (ret < 0)
+ exit(1);
+
+ /* Initialize TLS session
+ */
+ ret = xssl_client_init(&sb, "www.example.com", NULL,
+ (gnutls_transport_ptr_t) fd,
+ NULL, cred, &status, 0);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_AUTH_ERROR) {
+ gnutls_datum_t txt;
+ gnutls_certificate_verification_status_print
+ (status, GNUTLS_CRT_X509, &txt, 0);
+
+ fprintf(stderr, "Verification error (%x): %s\n",
+ status, txt.data);
+ gnutls_free(txt.data);
+ }
+ exit(1);
+ }
#define REQ "GET / HTTP/1.0\r\n"
- ret = xssl_write(sb, REQ, sizeof(REQ)-1);
- if (ret < 0)
- exit(1);
+ ret = xssl_write(sb, REQ, sizeof(REQ) - 1);
+ if (ret < 0)
+ exit(1);
+
+ do {
+ ret = xssl_getline(sb, &line, &line_len);
+ if (ret < 0)
+ exit(1);
+
+ fprintf(stderr, "received: %s\n", line);
+ }
+ while (ret >= 0);
- do
- {
- ret = xssl_getline(sb, &line, &line_len);
- if (ret < 0)
- exit(1);
-
- fprintf(stderr, "received: %s\n", line);
- }
- while (ret >= 0);
+ gnutls_free(line);
- gnutls_free(line);
+ xssl_deinit(sb);
- xssl_deinit(sb);
+ tcp_close(fd);
- tcp_close (fd);
+ xssl_cred_deinit(cred);
- xssl_cred_deinit (cred);
+ gnutls_global_deinit();
- gnutls_global_deinit ();
-
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-client-xssl2.c b/doc/examples/ex-client-xssl2.c
index d29735ce23..f457f315c4 100644
--- a/doc/examples/ex-client-xssl2.c
+++ b/doc/examples/ex-client-xssl2.c
@@ -15,86 +15,85 @@
* with a fixed CA, and trust on first use.
*/
-extern int tcp_connect (void);
-extern void tcp_close (int sd);
+extern int tcp_connect(void);
+extern void tcp_close(int sd);
-int main (void)
+int main(void)
{
- int ret;
- char *line = NULL;
- size_t line_len;
- xssl_cred_t cred;
- xssl_t sb;
- gnutls_cinput_st aux[2];
- unsigned aux_size = 0;
- unsigned int status;
- int fd;
-
- gnutls_global_init ();
-
- fd = tcp_connect ();
-
- aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
- aux[aux_size].contents = GNUTLS_CINPUT_CAS;
- aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
- aux[aux_size].i1.file = "/path/to/ca/file";
- aux_size++;
-
- /* This may be skipped to use the default DB file */
- aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
- aux[aux_size].contents = GNUTLS_CINPUT_TOFU_DB;
- aux[aux_size].i1.file = "/path/to/trust/db/file";
- aux_size++;
-
- ret = xssl_cred_init(&cred, GNUTLS_VMETHOD_GIVEN_CAS|GNUTLS_VMETHOD_TOFU,
- aux, aux_size);
- if (ret < 0)
- exit(1);
-
- /* Initialize TLS session
- */
- ret = xssl_client_init(&sb, "www.example.com", NULL,
- (gnutls_transport_ptr_t)fd,
- NULL, cred, &status, 0);
- if (ret < 0)
- {
- if (ret == GNUTLS_E_AUTH_ERROR)
- {
- gnutls_datum_t txt;
-
- gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509,
- &txt, 0);
-
- fprintf(stderr, "Verification error (%x): %s\n", status, txt.data);
- gnutls_free(txt.data);
+ int ret;
+ char *line = NULL;
+ size_t line_len;
+ xssl_cred_t cred;
+ xssl_t sb;
+ gnutls_cinput_st aux[2];
+ unsigned aux_size = 0;
+ unsigned int status;
+ int fd;
+
+ gnutls_global_init();
+
+ fd = tcp_connect();
+
+ aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
+ aux[aux_size].contents = GNUTLS_CINPUT_CAS;
+ aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
+ aux[aux_size].i1.file = "/path/to/ca/file";
+ aux_size++;
+
+ /* This may be skipped to use the default DB file */
+ aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
+ aux[aux_size].contents = GNUTLS_CINPUT_TOFU_DB;
+ aux[aux_size].i1.file = "/path/to/trust/db/file";
+ aux_size++;
+
+ ret =
+ xssl_cred_init(&cred,
+ GNUTLS_VMETHOD_GIVEN_CAS | GNUTLS_VMETHOD_TOFU,
+ aux, aux_size);
+ if (ret < 0)
+ exit(1);
+
+ /* Initialize TLS session
+ */
+ ret = xssl_client_init(&sb, "www.example.com", NULL,
+ (gnutls_transport_ptr_t) fd,
+ NULL, cred, &status, 0);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_AUTH_ERROR) {
+ gnutls_datum_t txt;
+
+ gnutls_certificate_verification_status_print
+ (status, GNUTLS_CRT_X509, &txt, 0);
+
+ fprintf(stderr, "Verification error (%x): %s\n",
+ status, txt.data);
+ gnutls_free(txt.data);
+ }
+ exit(1);
}
- exit(1);
- }
-
#define REQ "GET / HTTP/1.0\r\n"
- ret = xssl_write(sb, REQ, sizeof(REQ)-1);
- if (ret < 0)
- exit(1);
+ ret = xssl_write(sb, REQ, sizeof(REQ) - 1);
+ if (ret < 0)
+ exit(1);
+
+ do {
+ ret = xssl_getline(sb, &line, &line_len);
+ if (ret < 0)
+ exit(1);
+
+ fprintf(stderr, "received: %s\n", line);
+ }
+ while (ret >= 0);
- do
- {
- ret = xssl_getline(sb, &line, &line_len);
- if (ret < 0)
- exit(1);
-
- fprintf(stderr, "received: %s\n", line);
- }
- while (ret >= 0);
+ gnutls_free(line);
- gnutls_free(line);
+ xssl_deinit(sb);
- xssl_deinit(sb);
+ tcp_close(fd);
- tcp_close (fd);
+ xssl_cred_deinit(cred);
- xssl_cred_deinit (cred);
+ gnutls_global_deinit();
- gnutls_global_deinit ();
-
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-crq.c b/doc/examples/ex-crq.c
index f452460eab..448138573a 100644
--- a/doc/examples/ex-crq.c
+++ b/doc/examples/ex-crq.c
@@ -16,72 +16,76 @@
* request.
*/
-int
-main (void)
+int main(void)
{
- gnutls_x509_crq_t crq;
- gnutls_x509_privkey_t key;
- unsigned char buffer[10 * 1024];
- size_t buffer_size = sizeof (buffer);
- unsigned int bits;
+ gnutls_x509_crq_t crq;
+ gnutls_x509_privkey_t key;
+ unsigned char buffer[10 * 1024];
+ size_t buffer_size = sizeof(buffer);
+ unsigned int bits;
- gnutls_global_init ();
+ gnutls_global_init();
- /* Initialize an empty certificate request, and
- * an empty private key.
- */
- gnutls_x509_crq_init (&crq);
+ /* Initialize an empty certificate request, and
+ * an empty private key.
+ */
+ gnutls_x509_crq_init(&crq);
- gnutls_x509_privkey_init (&key);
+ gnutls_x509_privkey_init(&key);
- /* Generate an RSA key of moderate security.
- */
- bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_NORMAL);
- gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, bits, 0);
+ /* Generate an RSA key of moderate security.
+ */
+ bits =
+ gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA,
+ GNUTLS_SEC_PARAM_NORMAL);
+ gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, bits, 0);
- /* Add stuff to the distinguished name
- */
- gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COUNTRY_NAME,
- 0, "GR", 2);
+ /* Add stuff to the distinguished name
+ */
+ gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COUNTRY_NAME,
+ 0, "GR", 2);
- gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
- 0, "Nikos", strlen ("Nikos"));
+ gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME,
+ 0, "Nikos", strlen("Nikos"));
- /* Set the request version.
- */
- gnutls_x509_crq_set_version (crq, 1);
+ /* Set the request version.
+ */
+ gnutls_x509_crq_set_version(crq, 1);
- /* Set a challenge password.
- */
- gnutls_x509_crq_set_challenge_password (crq, "something to remember here");
+ /* Set a challenge password.
+ */
+ gnutls_x509_crq_set_challenge_password(crq,
+ "something to remember here");
- /* Associate the request with the private key
- */
- gnutls_x509_crq_set_key (crq, key);
+ /* Associate the request with the private key
+ */
+ gnutls_x509_crq_set_key(crq, key);
- /* Self sign the certificate request.
- */
- gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0);
+ /* Self sign the certificate request.
+ */
+ gnutls_x509_crq_sign2(crq, key, GNUTLS_DIG_SHA1, 0);
- /* Export the PEM encoded certificate request, and
- * display it.
- */
- gnutls_x509_crq_export (crq, GNUTLS_X509_FMT_PEM, buffer, &buffer_size);
+ /* Export the PEM encoded certificate request, and
+ * display it.
+ */
+ gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buffer,
+ &buffer_size);
- printf ("Certificate Request: \n%s", buffer);
+ printf("Certificate Request: \n%s", buffer);
- /* Export the PEM encoded private key, and
- * display it.
- */
- buffer_size = sizeof (buffer);
- gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &buffer_size);
+ /* Export the PEM encoded private key, and
+ * display it.
+ */
+ buffer_size = sizeof(buffer);
+ gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer,
+ &buffer_size);
- printf ("\n\nPrivate key: \n%s", buffer);
+ printf("\n\nPrivate key: \n%s", buffer);
- gnutls_x509_crq_deinit (crq);
- gnutls_x509_privkey_deinit (key);
+ gnutls_x509_crq_deinit(crq);
+ gnutls_x509_privkey_deinit(key);
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-ocsp-client.c b/doc/examples/ex-ocsp-client.c
index 6373fc24e6..a995c2c81f 100644
--- a/doc/examples/ex-ocsp-client.c
+++ b/doc/examples/ex-ocsp-client.c
@@ -15,16 +15,15 @@
#endif
#include "read-file.h"
-size_t get_data (void *buffer, size_t size, size_t nmemb,
- void *userp);
-static gnutls_x509_crt_t load_cert (const char *cert_file);
-static void _response_info (const gnutls_datum_t * data);
+size_t get_data(void *buffer, size_t size, size_t nmemb, void *userp);
+static gnutls_x509_crt_t load_cert(const char *cert_file);
+static void _response_info(const gnutls_datum_t * data);
static void
-_generate_request (gnutls_datum_t * rdata, gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer);
+_generate_request(gnutls_datum_t * rdata, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer);
static int
-_verify_response (gnutls_datum_t * data, gnutls_x509_crt_t cert,
- gnutls_x509_crt_t signer);
+_verify_response(gnutls_datum_t * data, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t signer);
/* This program queries an OCSP server.
It expects three files. argv[1] containing the certificate to
@@ -35,282 +34,273 @@ _verify_response (gnutls_datum_t * data, gnutls_x509_crt_t cert,
For simplicity the libcurl library is used.
*/
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- gnutls_datum_t ud, tmp;
- int ret;
- gnutls_datum_t req;
- gnutls_x509_crt_t cert, issuer, signer;
+ gnutls_datum_t ud, tmp;
+ int ret;
+ gnutls_datum_t req;
+ gnutls_x509_crt_t cert, issuer, signer;
#ifndef NO_LIBCURL
- CURL *handle;
- struct curl_slist *headers = NULL;
+ CURL *handle;
+ struct curl_slist *headers = NULL;
#endif
- int v, seq;
- const char *cert_file = argv[1];
- const char *issuer_file = argv[2];
- const char *signer_file = argv[3];
- char *hostname = NULL;
-
- gnutls_global_init ();
-
- if (argc > 4)
- hostname = argv[4];
-
- cert = load_cert (cert_file);
- issuer = load_cert (issuer_file);
- signer = load_cert (signer_file);
-
- if (hostname == NULL)
- {
-
- for (seq = 0;; seq++)
- {
- ret = gnutls_x509_crt_get_authority_info_access (cert, seq,
- GNUTLS_IA_OCSP_URI,
- &tmp,
- NULL);
- if (ret == GNUTLS_E_UNKNOWN_ALGORITHM)
- continue;
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- {
- fprintf (stderr,
- "No URI was found in the certificate.\n");
- exit (1);
- }
- if (ret < 0)
- {
- fprintf (stderr, "error: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- printf ("CA issuers URI: %.*s\n", tmp.size, tmp.data);
-
- hostname = malloc (tmp.size + 1);
- memcpy (hostname, tmp.data, tmp.size);
- hostname[tmp.size] = 0;
-
- gnutls_free (tmp.data);
- break;
- }
-
- }
-
- /* Note that the OCSP servers hostname might be available
- * using gnutls_x509_crt_get_authority_info_access() in the issuer's
- * certificate */
-
- memset (&ud, 0, sizeof (ud));
- fprintf (stderr, "Connecting to %s\n", hostname);
-
- _generate_request (&req, cert, issuer);
+ int v, seq;
+ const char *cert_file = argv[1];
+ const char *issuer_file = argv[2];
+ const char *signer_file = argv[3];
+ char *hostname = NULL;
+
+ gnutls_global_init();
+
+ if (argc > 4)
+ hostname = argv[4];
+
+ cert = load_cert(cert_file);
+ issuer = load_cert(issuer_file);
+ signer = load_cert(signer_file);
+
+ if (hostname == NULL) {
+
+ for (seq = 0;; seq++) {
+ ret =
+ gnutls_x509_crt_get_authority_info_access(cert,
+ seq,
+ GNUTLS_IA_OCSP_URI,
+ &tmp,
+ NULL);
+ if (ret == GNUTLS_E_UNKNOWN_ALGORITHM)
+ continue;
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ fprintf(stderr,
+ "No URI was found in the certificate.\n");
+ exit(1);
+ }
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n",
+ gnutls_strerror(ret));
+ exit(1);
+ }
+
+ printf("CA issuers URI: %.*s\n", tmp.size,
+ tmp.data);
+
+ hostname = malloc(tmp.size + 1);
+ memcpy(hostname, tmp.data, tmp.size);
+ hostname[tmp.size] = 0;
+
+ gnutls_free(tmp.data);
+ break;
+ }
+
+ }
+
+ /* Note that the OCSP servers hostname might be available
+ * using gnutls_x509_crt_get_authority_info_access() in the issuer's
+ * certificate */
+
+ memset(&ud, 0, sizeof(ud));
+ fprintf(stderr, "Connecting to %s\n", hostname);
+
+ _generate_request(&req, cert, issuer);
#ifndef NO_LIBCURL
- curl_global_init (CURL_GLOBAL_ALL);
-
- handle = curl_easy_init ();
- if (handle == NULL)
- exit (1);
-
- headers =
- curl_slist_append (headers,
- "Content-Type: application/ocsp-request");
-
- curl_easy_setopt (handle, CURLOPT_HTTPHEADER, headers);
- curl_easy_setopt (handle, CURLOPT_POSTFIELDS, (void *) req.data);
- curl_easy_setopt (handle, CURLOPT_POSTFIELDSIZE, req.size);
- curl_easy_setopt (handle, CURLOPT_URL, hostname);
- curl_easy_setopt (handle, CURLOPT_WRITEFUNCTION, get_data);
- curl_easy_setopt (handle, CURLOPT_WRITEDATA, &ud);
-
- ret = curl_easy_perform (handle);
- if (ret != 0)
- {
- fprintf (stderr, "curl[%d] error %d\n", __LINE__, ret);
- exit (1);
- }
-
- curl_easy_cleanup (handle);
+ curl_global_init(CURL_GLOBAL_ALL);
+
+ handle = curl_easy_init();
+ if (handle == NULL)
+ exit(1);
+
+ headers =
+ curl_slist_append(headers,
+ "Content-Type: application/ocsp-request");
+
+ curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers);
+ curl_easy_setopt(handle, CURLOPT_POSTFIELDS, (void *) req.data);
+ curl_easy_setopt(handle, CURLOPT_POSTFIELDSIZE, req.size);
+ curl_easy_setopt(handle, CURLOPT_URL, hostname);
+ curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, get_data);
+ curl_easy_setopt(handle, CURLOPT_WRITEDATA, &ud);
+
+ ret = curl_easy_perform(handle);
+ if (ret != 0) {
+ fprintf(stderr, "curl[%d] error %d\n", __LINE__, ret);
+ exit(1);
+ }
+
+ curl_easy_cleanup(handle);
#endif
- _response_info (&ud);
+ _response_info(&ud);
- v = _verify_response (&ud, cert, signer);
+ v = _verify_response(&ud, cert, signer);
- gnutls_x509_crt_deinit (cert);
- gnutls_x509_crt_deinit (issuer);
- gnutls_x509_crt_deinit (signer);
- gnutls_global_deinit ();
+ gnutls_x509_crt_deinit(cert);
+ gnutls_x509_crt_deinit(issuer);
+ gnutls_x509_crt_deinit(signer);
+ gnutls_global_deinit();
- return v;
+ return v;
}
-static void
-_response_info (const gnutls_datum_t * data)
+static void _response_info(const gnutls_datum_t * data)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- gnutls_datum buf;
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ gnutls_datum buf;
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_resp_import (resp, data);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_resp_import(resp, data);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_FULL, &buf);
- if (ret != 0)
- exit (1);
+ ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &buf);
+ if (ret != 0)
+ exit(1);
- printf ("%.*s", buf.size, buf.data);
- gnutls_free (buf.data);
+ printf("%.*s", buf.size, buf.data);
+ gnutls_free(buf.data);
- gnutls_ocsp_resp_deinit (resp);
+ gnutls_ocsp_resp_deinit(resp);
}
-static gnutls_x509_crt_t
-load_cert (const char *cert_file)
+static gnutls_x509_crt_t load_cert(const char *cert_file)
{
- gnutls_x509_crt_t crt;
- int ret;
- gnutls_datum_t data;
- size_t size;
-
- ret = gnutls_x509_crt_init (&crt);
- if (ret < 0)
- exit (1);
-
- data.data = (void *) read_binary_file (cert_file, &size);
- data.size = size;
-
- if (!data.data)
- {
- fprintf (stderr, "Cannot open file: %s\n", cert_file);
- exit (1);
- }
-
- ret = gnutls_x509_crt_import (crt, &data, GNUTLS_X509_FMT_PEM);
- free (data.data);
- if (ret < 0)
- {
- fprintf (stderr, "Cannot import certificate in %s: %s\n",
- cert_file, gnutls_strerror (ret));
- exit (1);
- }
-
- return crt;
+ gnutls_x509_crt_t crt;
+ int ret;
+ gnutls_datum_t data;
+ size_t size;
+
+ ret = gnutls_x509_crt_init(&crt);
+ if (ret < 0)
+ exit(1);
+
+ data.data = (void *) read_binary_file(cert_file, &size);
+ data.size = size;
+
+ if (!data.data) {
+ fprintf(stderr, "Cannot open file: %s\n", cert_file);
+ exit(1);
+ }
+
+ ret = gnutls_x509_crt_import(crt, &data, GNUTLS_X509_FMT_PEM);
+ free(data.data);
+ if (ret < 0) {
+ fprintf(stderr, "Cannot import certificate in %s: %s\n",
+ cert_file, gnutls_strerror(ret));
+ exit(1);
+ }
+
+ return crt;
}
static void
-_generate_request (gnutls_datum_t * rdata, gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer)
+_generate_request(gnutls_datum_t * rdata, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer)
{
- gnutls_ocsp_req_t req;
- int ret;
- unsigned char noncebuf[23];
- gnutls_datum_t nonce = { noncebuf, sizeof (noncebuf) };
+ gnutls_ocsp_req_t req;
+ int ret;
+ unsigned char noncebuf[23];
+ gnutls_datum_t nonce = { noncebuf, sizeof(noncebuf) };
- ret = gnutls_ocsp_req_init (&req);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_req_init(&req);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_req_add_cert (req, GNUTLS_DIG_SHA1, issuer, cert);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1, issuer, cert);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_rnd (GNUTLS_RND_RANDOM, nonce.data, nonce.size);
- if (ret < 0)
- exit (1);
+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, nonce.data, nonce.size);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_req_set_nonce (req, 0, &nonce);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_req_set_nonce(req, 0, &nonce);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_req_export (req, rdata);
- if (ret != 0)
- exit (1);
+ ret = gnutls_ocsp_req_export(req, rdata);
+ if (ret != 0)
+ exit(1);
- gnutls_ocsp_req_deinit (req);
+ gnutls_ocsp_req_deinit(req);
- return;
+ return;
}
static int
-_verify_response (gnutls_datum_t * data, gnutls_x509_crt_t cert,
- gnutls_x509_crt_t signer)
+_verify_response(gnutls_datum_t * data, gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t signer)
{
- gnutls_ocsp_resp_t resp;
- int ret;
- unsigned verify;
+ gnutls_ocsp_resp_t resp;
+ int ret;
+ unsigned verify;
+
+ ret = gnutls_ocsp_resp_init(&resp);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_resp_init (&resp);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_resp_import(resp, data);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_resp_import (resp, data);
- if (ret < 0)
- exit (1);
-
- ret = gnutls_ocsp_resp_check_crt (resp, 0, cert);
- if (ret < 0)
- exit(1);
+ ret = gnutls_ocsp_resp_check_crt(resp, 0, cert);
+ if (ret < 0)
+ exit(1);
- ret = gnutls_ocsp_resp_verify_direct (resp, signer, &verify, 0);
- if (ret < 0)
- exit (1);
+ ret = gnutls_ocsp_resp_verify_direct(resp, signer, &verify, 0);
+ if (ret < 0)
+ exit(1);
- printf ("Verifying OCSP Response: ");
- if (verify == 0)
- printf ("Verification success!\n");
- else
- printf ("Verification error!\n");
+ printf("Verifying OCSP Response: ");
+ if (verify == 0)
+ printf("Verification success!\n");
+ else
+ printf("Verification error!\n");
- if (verify & GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND)
- printf ("Signer cert not found\n");
+ if (verify & GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND)
+ printf("Signer cert not found\n");
- if (verify & GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR)
- printf ("Signer cert keyusage error\n");
+ if (verify & GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR)
+ printf("Signer cert keyusage error\n");
- if (verify & GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER)
- printf ("Signer cert is not trusted\n");
+ if (verify & GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER)
+ printf("Signer cert is not trusted\n");
- if (verify & GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM)
- printf ("Insecure algorithm\n");
+ if (verify & GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM)
+ printf("Insecure algorithm\n");
- if (verify & GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE)
- printf ("Signature failure\n");
+ if (verify & GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE)
+ printf("Signature failure\n");
- if (verify & GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED)
- printf ("Signer cert not yet activated\n");
+ if (verify & GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED)
+ printf("Signer cert not yet activated\n");
- if (verify & GNUTLS_OCSP_VERIFY_CERT_EXPIRED)
- printf ("Signer cert expired\n");
+ if (verify & GNUTLS_OCSP_VERIFY_CERT_EXPIRED)
+ printf("Signer cert expired\n");
- gnutls_ocsp_resp_deinit (resp);
+ gnutls_ocsp_resp_deinit(resp);
- return verify;
+ return verify;
}
-size_t
-get_data (void *buffer, size_t size, size_t nmemb, void *userp)
+size_t get_data(void *buffer, size_t size, size_t nmemb, void *userp)
{
- gnutls_datum_t *ud = userp;
+ gnutls_datum_t *ud = userp;
- size *= nmemb;
+ size *= nmemb;
- ud->data = realloc (ud->data, size + ud->size);
- if (ud->data == NULL)
- {
- fprintf (stderr, "Not enough memory for the request\n");
- exit (1);
- }
+ ud->data = realloc(ud->data, size + ud->size);
+ if (ud->data == NULL) {
+ fprintf(stderr, "Not enough memory for the request\n");
+ exit(1);
+ }
- memcpy (&ud->data[ud->size], buffer, size);
- ud->size += size;
+ memcpy(&ud->data[ud->size], buffer, size);
+ ud->size += size;
- return size;
+ return size;
}
diff --git a/doc/examples/ex-pkcs11-list.c b/doc/examples/ex-pkcs11-list.c
index 70849beada..5091161890 100644
--- a/doc/examples/ex-pkcs11-list.c
+++ b/doc/examples/ex-pkcs11-list.c
@@ -8,45 +8,43 @@
#define URL "pkcs11:URL"
-int
-main (int argc, char** argv)
+int main(int argc, char **argv)
{
- gnutls_pkcs11_obj_t *obj_list;
- gnutls_x509_crt_t xcrt;
- unsigned int obj_list_size = 0;
- gnutls_datum_t cinfo;
- int ret;
- unsigned int i;
-
- obj_list_size = 0;
- ret = gnutls_pkcs11_obj_list_import_url (NULL, &obj_list_size, URL,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY,
- 0);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- return -1;
+ gnutls_pkcs11_obj_t *obj_list;
+ gnutls_x509_crt_t xcrt;
+ unsigned int obj_list_size = 0;
+ gnutls_datum_t cinfo;
+ int ret;
+ unsigned int i;
+
+ obj_list_size = 0;
+ ret = gnutls_pkcs11_obj_list_import_url(NULL, &obj_list_size, URL,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY,
+ 0);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ return -1;
/* no error checking from now on */
- obj_list = malloc (sizeof (*obj_list) * obj_list_size);
+ obj_list = malloc(sizeof(*obj_list) * obj_list_size);
- gnutls_pkcs11_obj_list_import_url (obj_list, &obj_list_size, URL,
- GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY,
- 0);
+ gnutls_pkcs11_obj_list_import_url(obj_list, &obj_list_size, URL,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY,
+ 0);
/* now all certificates are in obj_list */
- for (i = 0; i < obj_list_size; i++)
- {
+ for (i = 0; i < obj_list_size; i++) {
- gnutls_x509_crt_init (&xcrt);
+ gnutls_x509_crt_init(&xcrt);
- gnutls_x509_crt_import_pkcs11 (xcrt, obj_list[i]);
+ gnutls_x509_crt_import_pkcs11(xcrt, obj_list[i]);
- gnutls_x509_crt_print (xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo);
+ gnutls_x509_crt_print(xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo);
- fprintf (stdout, "cert[%d]:\n %s\n\n", i, cinfo.data);
+ fprintf(stdout, "cert[%d]:\n %s\n\n", i, cinfo.data);
- gnutls_free (cinfo.data);
- gnutls_x509_crt_deinit (xcrt);
- }
+ gnutls_free(cinfo.data);
+ gnutls_x509_crt_deinit(xcrt);
+ }
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-pkcs12.c b/doc/examples/ex-pkcs12.c
index 69e7987618..7890518f94 100644
--- a/doc/examples/ex-pkcs12.c
+++ b/doc/examples/ex-pkcs12.c
@@ -20,115 +20,113 @@
* password: is the password used to encrypt the PKCS #12 packet.
*/
int
-write_pkcs12 (const gnutls_datum_t * cert,
- const gnutls_datum_t * pkcs8_key, const char *password)
+write_pkcs12(const gnutls_datum_t * cert,
+ const gnutls_datum_t * pkcs8_key, const char *password)
{
- gnutls_pkcs12_t pkcs12;
- int ret, bag_index;
- gnutls_pkcs12_bag_t bag, key_bag;
- char pkcs12_struct[10 * 1024];
- size_t pkcs12_struct_size;
- FILE *fd;
-
- /* A good idea might be to use gnutls_x509_privkey_get_key_id()
- * to obtain a unique ID.
- */
- gnutls_datum_t key_id = { (void *) "\x00\x00\x07", 3 };
-
- gnutls_global_init ();
-
- /* Firstly we create two helper bags, which hold the certificate,
- * and the (encrypted) key.
- */
-
- gnutls_pkcs12_bag_init (&bag);
- gnutls_pkcs12_bag_init (&key_bag);
-
- ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CERTIFICATE, cert);
- if (ret < 0)
- {
- fprintf (stderr, "ret: %s\n", gnutls_strerror (ret));
- return 1;
- }
-
- /* ret now holds the bag's index.
- */
- bag_index = ret;
-
- /* Associate a friendly name with the given certificate. Used
- * by browsers.
- */
- gnutls_pkcs12_bag_set_friendly_name (bag, bag_index, "My name");
-
- /* Associate the certificate with the key using a unique key
- * ID.
- */
- gnutls_pkcs12_bag_set_key_id (bag, bag_index, &key_id);
-
- /* use weak encryption for the certificate.
- */
- gnutls_pkcs12_bag_encrypt (bag, password, GNUTLS_PKCS_USE_PKCS12_RC2_40);
-
- /* Now the key.
- */
-
- ret = gnutls_pkcs12_bag_set_data (key_bag,
- GNUTLS_BAG_PKCS8_ENCRYPTED_KEY,
- pkcs8_key);
- if (ret < 0)
- {
- fprintf (stderr, "ret: %s\n", gnutls_strerror (ret));
- return 1;
- }
-
- /* Note that since the PKCS #8 key is already encrypted we don't
- * bother encrypting that bag.
- */
- bag_index = ret;
-
- gnutls_pkcs12_bag_set_friendly_name (key_bag, bag_index, "My name");
-
- gnutls_pkcs12_bag_set_key_id (key_bag, bag_index, &key_id);
-
-
- /* The bags were filled. Now create the PKCS #12 structure.
- */
- gnutls_pkcs12_init (&pkcs12);
-
- /* Insert the two bags in the PKCS #12 structure.
- */
-
- gnutls_pkcs12_set_bag (pkcs12, bag);
- gnutls_pkcs12_set_bag (pkcs12, key_bag);
-
-
- /* Generate a message authentication code for the PKCS #12
- * structure.
- */
- gnutls_pkcs12_generate_mac (pkcs12, password);
-
- pkcs12_struct_size = sizeof (pkcs12_struct);
- ret =
- gnutls_pkcs12_export (pkcs12, GNUTLS_X509_FMT_DER, pkcs12_struct,
- &pkcs12_struct_size);
- if (ret < 0)
- {
- fprintf (stderr, "ret: %s\n", gnutls_strerror (ret));
- return 1;
- }
-
- fd = fopen (OUTFILE, "w");
- if (fd == NULL)
- {
- fprintf (stderr, "cannot open file\n");
- return 1;
- }
- fwrite (pkcs12_struct, 1, pkcs12_struct_size, fd);
- fclose (fd);
-
- gnutls_pkcs12_bag_deinit (bag);
- gnutls_pkcs12_bag_deinit (key_bag);
- gnutls_pkcs12_deinit (pkcs12);
-
- return 0;
+ gnutls_pkcs12_t pkcs12;
+ int ret, bag_index;
+ gnutls_pkcs12_bag_t bag, key_bag;
+ char pkcs12_struct[10 * 1024];
+ size_t pkcs12_struct_size;
+ FILE *fd;
+
+ /* A good idea might be to use gnutls_x509_privkey_get_key_id()
+ * to obtain a unique ID.
+ */
+ gnutls_datum_t key_id = { (void *) "\x00\x00\x07", 3 };
+
+ gnutls_global_init();
+
+ /* Firstly we create two helper bags, which hold the certificate,
+ * and the (encrypted) key.
+ */
+
+ gnutls_pkcs12_bag_init(&bag);
+ gnutls_pkcs12_bag_init(&key_bag);
+
+ ret =
+ gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CERTIFICATE, cert);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ return 1;
+ }
+
+ /* ret now holds the bag's index.
+ */
+ bag_index = ret;
+
+ /* Associate a friendly name with the given certificate. Used
+ * by browsers.
+ */
+ gnutls_pkcs12_bag_set_friendly_name(bag, bag_index, "My name");
+
+ /* Associate the certificate with the key using a unique key
+ * ID.
+ */
+ gnutls_pkcs12_bag_set_key_id(bag, bag_index, &key_id);
+
+ /* use weak encryption for the certificate.
+ */
+ gnutls_pkcs12_bag_encrypt(bag, password,
+ GNUTLS_PKCS_USE_PKCS12_RC2_40);
+
+ /* Now the key.
+ */
+
+ ret = gnutls_pkcs12_bag_set_data(key_bag,
+ GNUTLS_BAG_PKCS8_ENCRYPTED_KEY,
+ pkcs8_key);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ return 1;
+ }
+
+ /* Note that since the PKCS #8 key is already encrypted we don't
+ * bother encrypting that bag.
+ */
+ bag_index = ret;
+
+ gnutls_pkcs12_bag_set_friendly_name(key_bag, bag_index, "My name");
+
+ gnutls_pkcs12_bag_set_key_id(key_bag, bag_index, &key_id);
+
+
+ /* The bags were filled. Now create the PKCS #12 structure.
+ */
+ gnutls_pkcs12_init(&pkcs12);
+
+ /* Insert the two bags in the PKCS #12 structure.
+ */
+
+ gnutls_pkcs12_set_bag(pkcs12, bag);
+ gnutls_pkcs12_set_bag(pkcs12, key_bag);
+
+
+ /* Generate a message authentication code for the PKCS #12
+ * structure.
+ */
+ gnutls_pkcs12_generate_mac(pkcs12, password);
+
+ pkcs12_struct_size = sizeof(pkcs12_struct);
+ ret =
+ gnutls_pkcs12_export(pkcs12, GNUTLS_X509_FMT_DER,
+ pkcs12_struct, &pkcs12_struct_size);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ return 1;
+ }
+
+ fd = fopen(OUTFILE, "w");
+ if (fd == NULL) {
+ fprintf(stderr, "cannot open file\n");
+ return 1;
+ }
+ fwrite(pkcs12_struct, 1, pkcs12_struct_size, fd);
+ fclose(fd);
+
+ gnutls_pkcs12_bag_deinit(bag);
+ gnutls_pkcs12_bag_deinit(key_bag);
+ gnutls_pkcs12_deinit(pkcs12);
+
+ return 0;
}
diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c
index 727ed16bd6..fd24cbfa1f 100644
--- a/doc/examples/ex-serv-anon.c
+++ b/doc/examples/ex-serv-anon.c
@@ -26,141 +26,137 @@
/* These are global */
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- unsigned int bits =
- gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, bits);
-
- return 0;
+ unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ GNUTLS_SEC_PARAM_LEGACY);
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_generate2(dh_params, bits);
+
+ return 0;
}
-int
-main (void)
+int main(void)
{
- int err, listen_sd;
- int sd, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- socklen_t client_len;
- char topbuf[512];
- gnutls_session_t session;
- gnutls_anon_server_credentials_t anoncred;
- char buffer[MAX_BUF + 1];
- int optval = 1;
+ int err, listen_sd;
+ int sd, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ socklen_t client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ gnutls_anon_server_credentials_t anoncred;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init();
+
+ gnutls_anon_allocate_server_credentials(&anoncred);
+
+ generate_dh_params();
+
+ gnutls_anon_set_server_dh_params(anoncred, dh_params);
+
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+ SOCKET_ERR(listen_sd, "socket");
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
+ sizeof(int));
+
+ err =
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+ SOCKET_ERR(err, "bind");
+ err = listen(listen_sd, 1024);
+ SOCKET_ERR(err, "listen");
+
+ printf("Server ready. Listening to port '%d'.\n\n", PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_priority_set_direct(session,
+ "NORMAL:+ANON-ECDH:+ANON-DH",
+ NULL);
+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
+
+ sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
+ &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+ gnutls_transport_set_int(session, sd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fprintf(stderr,
+ "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0
+ && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer, ret);
+ }
+ }
+ printf("\n");
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
- /* this must be called once in the program
- */
- gnutls_global_init ();
-
- gnutls_anon_allocate_server_credentials (&anoncred);
-
- generate_dh_params ();
-
- gnutls_anon_set_server_dh_params (anoncred, dh_params);
-
- /* Socket operations
- */
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
- SOCKET_ERR (listen_sd, "socket");
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
-
- setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
-
- err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
- SOCKET_ERR (err, "bind");
- err = listen (listen_sd, 1024);
- SOCKET_ERR (err, "listen");
-
- printf ("Server ready. Listening to port '%d'.\n\n", PORT);
-
- client_len = sizeof (sa_cli);
- for (;;)
- {
- gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-
- sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
-
- printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_int (session, sd);
-
- do
- {
- ret = gnutls_handshake (session);
}
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
- printf ("- Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, ret);
- }
- }
- printf ("\n");
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
-
- }
- close (listen_sd);
+ close(listen_sd);
- gnutls_anon_free_server_credentials (anoncred);
+ gnutls_anon_free_server_credentials(anoncred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-serv-dtls.c b/doc/examples/ex-serv-dtls.c
index 8b33a444bd..7e35bbca32 100644
--- a/doc/examples/ex-serv-dtls.c
+++ b/doc/examples/ex-serv-dtls.c
@@ -30,22 +30,22 @@
#define MAX_BUFFER 1024
#define PORT 5556
-typedef struct
-{
- gnutls_session_t session;
- int fd;
- struct sockaddr *cli_addr;
- socklen_t cli_addr_size;
+typedef struct {
+ gnutls_session_t session;
+ int fd;
+ struct sockaddr *cli_addr;
+ socklen_t cli_addr_size;
} priv_data_st;
-static int pull_timeout_func (gnutls_transport_ptr_t ptr, unsigned int ms);
-static ssize_t push_func (gnutls_transport_ptr_t p, const void *data,
- size_t size);
-static ssize_t pull_func (gnutls_transport_ptr_t p, void *data, size_t size);
-static const char *human_addr (const struct sockaddr *sa, socklen_t salen,
- char *buf, size_t buflen);
-static int wait_for_connection (int fd);
-static int generate_dh_params (void);
+static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms);
+static ssize_t push_func(gnutls_transport_ptr_t p, const void *data,
+ size_t size);
+static ssize_t pull_func(gnutls_transport_ptr_t p, void *data,
+ size_t size);
+static const char *human_addr(const struct sockaddr *sa, socklen_t salen,
+ char *buf, size_t buflen);
+static int wait_for_connection(int fd);
+static int generate_dh_params(void);
/* Use global credentials and parameters to simplify
* the example. */
@@ -53,386 +53,386 @@ static gnutls_certificate_credentials_t x509_cred;
static gnutls_priority_t priority_cache;
static gnutls_dh_params_t dh_params;
-int
-main (void)
+int main(void)
{
- int listen_sd;
- int sock, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in cli_addr;
- socklen_t cli_addr_size;
- gnutls_session_t session;
- char buffer[MAX_BUFFER];
- priv_data_st priv;
- gnutls_datum_t cookie_key;
- gnutls_dtls_prestate_st prestate;
- int mtu = 1400;
- unsigned char sequence[8];
-
- /* this must be called once in the program
- */
- gnutls_global_init ();
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
- GNUTLS_X509_FMT_PEM);
-
- ret = gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- printf("No certificate or key were found\n");
- exit(1);
- }
-
- generate_dh_params ();
-
- gnutls_certificate_set_dh_params (x509_cred, dh_params);
-
- gnutls_priority_init (&priority_cache,
- "PERFORMANCE:-VERS-TLS-ALL:+VERS-DTLS1.0:%SERVER_PRECEDENCE",
- NULL);
-
- gnutls_key_generate (&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
-
- /* Socket operations
- */
- listen_sd = socket (AF_INET, SOCK_DGRAM, 0);
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT);
-
- { /* DTLS requires the IP don't fragment (DF) bit to be set */
-#if defined(IP_DONTFRAG)
- int optval = 1;
- setsockopt (listen_sd, IPPROTO_IP, IP_DONTFRAG,
- (const void *) &optval, sizeof (optval));
-#elif defined(IP_MTU_DISCOVER)
- int optval = IP_PMTUDISC_DO;
- setsockopt(listen_sd, IPPROTO_IP, IP_MTU_DISCOVER,
- (const void*) &optval, sizeof (optval));
-#endif
- }
-
- bind (listen_sd, (struct sockaddr *) &sa_serv, sizeof (sa_serv));
-
- printf ("UDP server ready. Listening to port '%d'.\n\n", PORT);
-
- for (;;)
- {
- printf ("Waiting for connection...\n");
- sock = wait_for_connection (listen_sd);
- if (sock < 0)
- continue;
-
- cli_addr_size = sizeof (cli_addr);
- ret = recvfrom (sock, buffer, sizeof (buffer), MSG_PEEK,
- (struct sockaddr *) &cli_addr, &cli_addr_size);
- if (ret > 0)
- {
- memset (&prestate, 0, sizeof (prestate));
- ret = gnutls_dtls_cookie_verify (&cookie_key, &cli_addr,
- sizeof (cli_addr), buffer, ret,
- &prestate);
- if (ret < 0) /* cookie not valid */
- {
- priv_data_st s;
-
- memset (&s, 0, sizeof (s));
- s.fd = sock;
- s.cli_addr = (void *) &cli_addr;
- s.cli_addr_size = sizeof (cli_addr);
-
- printf ("Sending hello verify request to %s\n",
- human_addr ((struct sockaddr *) &cli_addr,
- sizeof (cli_addr), buffer,
- sizeof (buffer)));
-
- gnutls_dtls_cookie_send (&cookie_key, &cli_addr,
- sizeof (cli_addr), &prestate,
- (gnutls_transport_ptr_t) & s,
- push_func);
-
- /* discard peeked data */
- recvfrom (sock, buffer, sizeof (buffer), 0,
- (struct sockaddr *) &cli_addr, &cli_addr_size);
- usleep (100);
- continue;
- }
- printf ("Accepted connection from %s\n",
- human_addr ((struct sockaddr *)
- &cli_addr, sizeof (cli_addr), buffer,
- sizeof (buffer)));
+ int listen_sd;
+ int sock, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in cli_addr;
+ socklen_t cli_addr_size;
+ gnutls_session_t session;
+ char buffer[MAX_BUFFER];
+ priv_data_st priv;
+ gnutls_datum_t cookie_key;
+ gnutls_dtls_prestate_st prestate;
+ int mtu = 1400;
+ unsigned char sequence[8];
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init();
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ ret =
+ gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE,
+ KEYFILE,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ printf("No certificate or key were found\n");
+ exit(1);
}
- else
- continue;
- gnutls_init (&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
- gnutls_priority_set (session, priority_cache);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ generate_dh_params();
- gnutls_dtls_prestate_set (session, &prestate);
- gnutls_dtls_set_mtu (session, mtu);
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
- priv.session = session;
- priv.fd = sock;
- priv.cli_addr = (struct sockaddr *) &cli_addr;
- priv.cli_addr_size = sizeof (cli_addr);
+ gnutls_priority_init(&priority_cache,
+ "PERFORMANCE:-VERS-TLS-ALL:+VERS-DTLS1.0:%SERVER_PRECEDENCE",
+ NULL);
- gnutls_transport_set_ptr (session, &priv);
- gnutls_transport_set_push_function (session, push_func);
- gnutls_transport_set_pull_function (session, pull_func);
- gnutls_transport_set_pull_timeout_function (session, pull_timeout_func);
+ gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
- /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET.
- * In that case the MTU should be adjusted.
- */
-
- if (ret < 0)
- {
- fprintf (stderr, "Error in handshake(): %s\n",
- gnutls_strerror (ret));
- gnutls_deinit (session);
- continue;
- }
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_DGRAM, 0);
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT);
- printf ("- Handshake was completed\n");
-
- for (;;)
- {
- do
- {
- ret = gnutls_record_recv_seq (session, buffer, MAX_BUFFER,
- sequence);
- }
- while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-
- if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- continue;
- }
- else if (ret < 0)
- {
- fprintf (stderr, "Error in recv(): %s\n",
- gnutls_strerror (ret));
- break;
- }
-
- if (ret == 0)
- {
- printf ("EOF\n\n");
- break;
- }
-
- buffer[ret] = 0;
- printf ("received[%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x]: %s\n",
- sequence[0], sequence[1], sequence[2], sequence[3],
- sequence[4], sequence[5], sequence[6], sequence[7], buffer);
-
- /* reply back */
- ret = gnutls_record_send (session, buffer, ret);
- if (ret < 0)
- {
- fprintf (stderr, "Error in send(): %s\n",
- gnutls_strerror (ret));
- break;
- }
+ { /* DTLS requires the IP don't fragment (DF) bit to be set */
+#if defined(IP_DONTFRAG)
+ int optval = 1;
+ setsockopt(listen_sd, IPPROTO_IP, IP_DONTFRAG,
+ (const void *) &optval, sizeof(optval));
+#elif defined(IP_MTU_DISCOVER)
+ int optval = IP_PMTUDISC_DO;
+ setsockopt(listen_sd, IPPROTO_IP, IP_MTU_DISCOVER,
+ (const void *) &optval, sizeof(optval));
+#endif
}
- gnutls_bye (session, GNUTLS_SHUT_WR);
- gnutls_deinit (session);
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+
+ printf("UDP server ready. Listening to port '%d'.\n\n", PORT);
+
+ for (;;) {
+ printf("Waiting for connection...\n");
+ sock = wait_for_connection(listen_sd);
+ if (sock < 0)
+ continue;
+
+ cli_addr_size = sizeof(cli_addr);
+ ret = recvfrom(sock, buffer, sizeof(buffer), MSG_PEEK,
+ (struct sockaddr *) &cli_addr,
+ &cli_addr_size);
+ if (ret > 0) {
+ memset(&prestate, 0, sizeof(prestate));
+ ret =
+ gnutls_dtls_cookie_verify(&cookie_key,
+ &cli_addr,
+ sizeof(cli_addr),
+ buffer, ret,
+ &prestate);
+ if (ret < 0) { /* cookie not valid */
+ priv_data_st s;
+
+ memset(&s, 0, sizeof(s));
+ s.fd = sock;
+ s.cli_addr = (void *) &cli_addr;
+ s.cli_addr_size = sizeof(cli_addr);
+
+ printf
+ ("Sending hello verify request to %s\n",
+ human_addr((struct sockaddr *)
+ &cli_addr,
+ sizeof(cli_addr), buffer,
+ sizeof(buffer)));
+
+ gnutls_dtls_cookie_send(&cookie_key,
+ &cli_addr,
+ sizeof(cli_addr),
+ &prestate,
+ (gnutls_transport_ptr_t)
+ & s, push_func);
+
+ /* discard peeked data */
+ recvfrom(sock, buffer, sizeof(buffer), 0,
+ (struct sockaddr *) &cli_addr,
+ &cli_addr_size);
+ usleep(100);
+ continue;
+ }
+ printf("Accepted connection from %s\n",
+ human_addr((struct sockaddr *)
+ &cli_addr, sizeof(cli_addr),
+ buffer, sizeof(buffer)));
+ } else
+ continue;
+
+ gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM);
+ gnutls_priority_set(session, priority_cache);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ x509_cred);
+
+ gnutls_dtls_prestate_set(session, &prestate);
+ gnutls_dtls_set_mtu(session, mtu);
+
+ priv.session = session;
+ priv.fd = sock;
+ priv.cli_addr = (struct sockaddr *) &cli_addr;
+ priv.cli_addr_size = sizeof(cli_addr);
+
+ gnutls_transport_set_ptr(session, &priv);
+ gnutls_transport_set_push_function(session, push_func);
+ gnutls_transport_set_pull_function(session, pull_func);
+ gnutls_transport_set_pull_timeout_function(session,
+ pull_timeout_func);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret == GNUTLS_E_INTERRUPTED
+ || ret == GNUTLS_E_AGAIN);
+ /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET.
+ * In that case the MTU should be adjusted.
+ */
+
+ if (ret < 0) {
+ fprintf(stderr, "Error in handshake(): %s\n",
+ gnutls_strerror(ret));
+ gnutls_deinit(session);
+ continue;
+ }
+
+ printf("- Handshake was completed\n");
+
+ for (;;) {
+ do {
+ ret =
+ gnutls_record_recv_seq(session, buffer,
+ MAX_BUFFER,
+ sequence);
+ }
+ while (ret == GNUTLS_E_AGAIN
+ || ret == GNUTLS_E_INTERRUPTED);
+
+ if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ continue;
+ } else if (ret < 0) {
+ fprintf(stderr, "Error in recv(): %s\n",
+ gnutls_strerror(ret));
+ break;
+ }
+
+ if (ret == 0) {
+ printf("EOF\n\n");
+ break;
+ }
+
+ buffer[ret] = 0;
+ printf
+ ("received[%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x]: %s\n",
+ sequence[0], sequence[1], sequence[2],
+ sequence[3], sequence[4], sequence[5],
+ sequence[6], sequence[7], buffer);
+
+ /* reply back */
+ ret = gnutls_record_send(session, buffer, ret);
+ if (ret < 0) {
+ fprintf(stderr, "Error in send(): %s\n",
+ gnutls_strerror(ret));
+ break;
+ }
+ }
+
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+ gnutls_deinit(session);
- }
- close (listen_sd);
+ }
+ close(listen_sd);
- gnutls_certificate_free_credentials (x509_cred);
- gnutls_priority_deinit (priority_cache);
+ gnutls_certificate_free_credentials(x509_cred);
+ gnutls_priority_deinit(priority_cache);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
-static int
-wait_for_connection (int fd)
+static int wait_for_connection(int fd)
{
- fd_set rd, wr;
- int n;
+ fd_set rd, wr;
+ int n;
- FD_ZERO (&rd);
- FD_ZERO (&wr);
+ FD_ZERO(&rd);
+ FD_ZERO(&wr);
- FD_SET (fd, &rd);
+ FD_SET(fd, &rd);
- /* waiting part */
- n = select (fd + 1, &rd, &wr, NULL, NULL);
- if (n == -1 && errno == EINTR)
- return -1;
- if (n < 0)
- {
- perror ("select()");
- exit (1);
- }
+ /* waiting part */
+ n = select(fd + 1, &rd, &wr, NULL, NULL);
+ if (n == -1 && errno == EINTR)
+ return -1;
+ if (n < 0) {
+ perror("select()");
+ exit(1);
+ }
- return fd;
+ return fd;
}
/* Wait for data to be received within a timeout period in milliseconds
*/
-static int
-pull_timeout_func (gnutls_transport_ptr_t ptr, unsigned int ms)
+static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms)
{
- fd_set rfds;
- struct timeval tv;
- priv_data_st *priv = ptr;
- struct sockaddr_in cli_addr;
- socklen_t cli_addr_size;
- int ret;
- char c;
-
- FD_ZERO (&rfds);
- FD_SET (priv->fd, &rfds);
-
- tv.tv_sec = 0;
- tv.tv_usec = ms * 1000;
-
- while(tv.tv_usec >= 1000000)
- {
- tv.tv_usec -= 1000000;
- tv.tv_sec++;
- }
-
- ret = select (priv->fd + 1, &rfds, NULL, NULL, &tv);
-
- if (ret <= 0)
- return ret;
-
- /* only report ok if the next message is from the peer we expect
- * from
- */
- cli_addr_size = sizeof (cli_addr);
- ret =
- recvfrom (priv->fd, &c, 1, MSG_PEEK, (struct sockaddr *) &cli_addr,
- &cli_addr_size);
- if (ret > 0)
- {
- if (cli_addr_size == priv->cli_addr_size
- && memcmp (&cli_addr, priv->cli_addr, sizeof (cli_addr)) == 0)
- return 1;
- }
-
- return 0;
+ fd_set rfds;
+ struct timeval tv;
+ priv_data_st *priv = ptr;
+ struct sockaddr_in cli_addr;
+ socklen_t cli_addr_size;
+ int ret;
+ char c;
+
+ FD_ZERO(&rfds);
+ FD_SET(priv->fd, &rfds);
+
+ tv.tv_sec = 0;
+ tv.tv_usec = ms * 1000;
+
+ while (tv.tv_usec >= 1000000) {
+ tv.tv_usec -= 1000000;
+ tv.tv_sec++;
+ }
+
+ ret = select(priv->fd + 1, &rfds, NULL, NULL, &tv);
+
+ if (ret <= 0)
+ return ret;
+
+ /* only report ok if the next message is from the peer we expect
+ * from
+ */
+ cli_addr_size = sizeof(cli_addr);
+ ret =
+ recvfrom(priv->fd, &c, 1, MSG_PEEK,
+ (struct sockaddr *) &cli_addr, &cli_addr_size);
+ if (ret > 0) {
+ if (cli_addr_size == priv->cli_addr_size
+ && memcmp(&cli_addr, priv->cli_addr,
+ sizeof(cli_addr)) == 0)
+ return 1;
+ }
+
+ return 0;
}
static ssize_t
-push_func (gnutls_transport_ptr_t p, const void *data, size_t size)
+push_func(gnutls_transport_ptr_t p, const void *data, size_t size)
{
- priv_data_st *priv = p;
+ priv_data_st *priv = p;
- return sendto (priv->fd, data, size, 0, priv->cli_addr,
- priv->cli_addr_size);
+ return sendto(priv->fd, data, size, 0, priv->cli_addr,
+ priv->cli_addr_size);
}
-static ssize_t
-pull_func (gnutls_transport_ptr_t p, void *data, size_t size)
+static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, size_t size)
{
- priv_data_st *priv = p;
- struct sockaddr_in cli_addr;
- socklen_t cli_addr_size;
- char buffer[64];
- int ret;
-
- cli_addr_size = sizeof (cli_addr);
- ret =
- recvfrom (priv->fd, data, size, 0, (struct sockaddr *) &cli_addr,
- &cli_addr_size);
- if (ret == -1)
- return ret;
-
- if (cli_addr_size == priv->cli_addr_size
- && memcmp (&cli_addr, priv->cli_addr, sizeof (cli_addr)) == 0)
- return ret;
-
- printf ("Denied connection from %s\n",
- human_addr ((struct sockaddr *)
- &cli_addr, sizeof (cli_addr), buffer, sizeof (buffer)));
-
- gnutls_transport_set_errno (priv->session, EAGAIN);
- return -1;
+ priv_data_st *priv = p;
+ struct sockaddr_in cli_addr;
+ socklen_t cli_addr_size;
+ char buffer[64];
+ int ret;
+
+ cli_addr_size = sizeof(cli_addr);
+ ret =
+ recvfrom(priv->fd, data, size, 0,
+ (struct sockaddr *) &cli_addr, &cli_addr_size);
+ if (ret == -1)
+ return ret;
+
+ if (cli_addr_size == priv->cli_addr_size
+ && memcmp(&cli_addr, priv->cli_addr, sizeof(cli_addr)) == 0)
+ return ret;
+
+ printf("Denied connection from %s\n",
+ human_addr((struct sockaddr *)
+ &cli_addr, sizeof(cli_addr), buffer,
+ sizeof(buffer)));
+
+ gnutls_transport_set_errno(priv->session, EAGAIN);
+ return -1;
}
-static const char *
-human_addr (const struct sockaddr *sa, socklen_t salen,
- char *buf, size_t buflen)
+static const char *human_addr(const struct sockaddr *sa, socklen_t salen,
+ char *buf, size_t buflen)
{
- const char *save_buf = buf;
- size_t l;
+ const char *save_buf = buf;
+ size_t l;
- if (!buf || !buflen)
- return NULL;
+ if (!buf || !buflen)
+ return NULL;
- *buf = '\0';
+ *buf = '\0';
- switch (sa->sa_family)
- {
+ switch (sa->sa_family) {
#if HAVE_IPV6
- case AF_INET6:
- snprintf (buf, buflen, "IPv6 ");
- break;
+ case AF_INET6:
+ snprintf(buf, buflen, "IPv6 ");
+ break;
#endif
- case AF_INET:
- snprintf (buf, buflen, "IPv4 ");
- break;
- }
+ case AF_INET:
+ snprintf(buf, buflen, "IPv4 ");
+ break;
+ }
- l = strlen (buf);
- buf += l;
- buflen -= l;
+ l = strlen(buf);
+ buf += l;
+ buflen -= l;
- if (getnameinfo (sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) != 0)
- return NULL;
+ if (getnameinfo(sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) !=
+ 0)
+ return NULL;
- l = strlen (buf);
- buf += l;
- buflen -= l;
+ l = strlen(buf);
+ buf += l;
+ buflen -= l;
- strncat (buf, " port ", buflen);
+ strncat(buf, " port ", buflen);
- l = strlen (buf);
- buf += l;
- buflen -= l;
+ l = strlen(buf);
+ buf += l;
+ buflen -= l;
- if (getnameinfo (sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) != 0)
- return NULL;
+ if (getnameinfo(sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) !=
+ 0)
+ return NULL;
- return save_buf;
+ return save_buf;
}
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- int bits =
- gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
+ int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ GNUTLS_SEC_PARAM_LEGACY);
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. When short bit length is used, it might
- * be wise to regenerate parameters often.
- */
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, bits);
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. When short bit length is used, it might
+ * be wise to regenerate parameters often.
+ */
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_generate2(dh_params, bits);
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c
index 78e4c59e1f..b68a6bfec2 100644
--- a/doc/examples/ex-serv-pgp.c
+++ b/doc/examples/ex-serv-pgp.c
@@ -31,147 +31,144 @@
/* These are global */
gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- unsigned int bits =
- gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
-
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. These should be discarded and regenerated
- * once a day, once a week or once a month. Depending on the
- * security requirements.
- */
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, bits);
-
- return 0;
+ unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ GNUTLS_SEC_PARAM_LEGACY);
+
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. These should be discarded and regenerated
+ * once a day, once a week or once a month. Depending on the
+ * security requirements.
+ */
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_generate2(dh_params, bits);
+
+ return 0;
}
-int
-main (void)
+int main(void)
{
- int err, listen_sd;
- int sd, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- socklen_t client_len;
- char topbuf[512];
- gnutls_session_t session;
- gnutls_certificate_credentials_t cred;
- char buffer[MAX_BUF + 1];
- int optval = 1;
- char name[256];
-
- strcpy (name, "Echo Server");
-
- /* this must be called once in the program
- */
- gnutls_global_init ();
-
- gnutls_certificate_allocate_credentials (&cred);
- gnutls_certificate_set_openpgp_keyring_file (cred, RINGFILE,
- GNUTLS_OPENPGP_FMT_BASE64);
-
- gnutls_certificate_set_openpgp_key_file (cred, CERTFILE, KEYFILE,
- GNUTLS_OPENPGP_FMT_BASE64);
-
- generate_dh_params ();
-
- gnutls_certificate_set_dh_params (cred, dh_params);
-
- /* Socket operations
- */
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
- SOCKET_ERR (listen_sd, "socket");
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
-
- setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
-
- err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
- SOCKET_ERR (err, "bind");
- err = listen (listen_sd, 1024);
- SOCKET_ERR (err, "listen");
-
- printf ("%s ready. Listening to port '%d'.\n\n", name, PORT);
-
- client_len = sizeof (sa_cli);
- for (;;)
- {
- gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set_direct (session, "NORMAL:+CTYPE-OPENPGP", NULL);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
-
- sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
-
- printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
- printf ("- Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, ret);
- }
- }
- printf ("\n");
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
+ int err, listen_sd;
+ int sd, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ socklen_t client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+ char name[256];
+
+ strcpy(name, "Echo Server");
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init();
+
+ gnutls_certificate_allocate_credentials(&cred);
+ gnutls_certificate_set_openpgp_keyring_file(cred, RINGFILE,
+ GNUTLS_OPENPGP_FMT_BASE64);
+
+ gnutls_certificate_set_openpgp_key_file(cred, CERTFILE, KEYFILE,
+ GNUTLS_OPENPGP_FMT_BASE64);
+
+ generate_dh_params();
+
+ gnutls_certificate_set_dh_params(cred, dh_params);
+
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+ SOCKET_ERR(listen_sd, "socket");
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
+ sizeof(int));
+
+ err =
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+ SOCKET_ERR(err, "bind");
+ err = listen(listen_sd, 1024);
+ SOCKET_ERR(err, "listen");
+
+ printf("%s ready. Listening to port '%d'.\n\n", name, PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_priority_set_direct(session,
+ "NORMAL:+CTYPE-OPENPGP", NULL);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUEST);
+
+ sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
+ &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fprintf(stderr,
+ "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0
+ && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer, ret);
+ }
+ }
+ printf("\n");
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
- close (sd);
- gnutls_deinit (session);
-
- }
- close (listen_sd);
+ }
+ close(listen_sd);
- gnutls_certificate_free_credentials (cred);
+ gnutls_certificate_free_credentials(cred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c
index 2e025ca9ca..7244787619 100644
--- a/doc/examples/ex-serv-psk.c
+++ b/doc/examples/ex-serv-psk.c
@@ -32,180 +32,179 @@
/* These are global */
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. When short bit length is used, it might
- * be wise to regenerate parameters.
- *
- * Check the ex-serv-export.c example for using static
- * parameters.
- */
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, DH_BITS);
-
- return 0;
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. When short bit length is used, it might
+ * be wise to regenerate parameters.
+ *
+ * Check the ex-serv-export.c example for using static
+ * parameters.
+ */
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_generate2(dh_params, DH_BITS);
+
+ return 0;
}
static int
-pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key)
+pskfunc(gnutls_session_t session, const char *username,
+ gnutls_datum_t * key)
{
- printf ("psk: username %s\n", username);
- key->data = gnutls_malloc (4);
- key->data[0] = 0xDE;
- key->data[1] = 0xAD;
- key->data[2] = 0xBE;
- key->data[3] = 0xEF;
- key->size = 4;
- return 0;
+ printf("psk: username %s\n", username);
+ key->data = gnutls_malloc(4);
+ key->data[0] = 0xDE;
+ key->data[1] = 0xAD;
+ key->data[2] = 0xBE;
+ key->data[3] = 0xEF;
+ key->size = 4;
+ return 0;
}
-int
-main (void)
+int main(void)
{
- int err, listen_sd;
- int sd, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- socklen_t client_len;
- char topbuf[512];
- gnutls_session_t session;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_psk_server_credentials_t psk_cred;
- gnutls_priority_t priority_cache;
- char buffer[MAX_BUF + 1];
- int optval = 1;
- int kx;
-
- /* this must be called once in the program
- */
- gnutls_global_init ();
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_psk_allocate_server_credentials (&psk_cred);
- gnutls_psk_set_server_credentials_function (psk_cred, pskfunc);
-
- generate_dh_params ();
-
- gnutls_priority_init (&priority_cache, "NORMAL:+PSK:+ECDHE-PSK:+DHE-PSK", NULL);
-
- gnutls_certificate_set_dh_params (x509_cred, dh_params);
-
- /* Socket operations
- */
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
- SOCKET_ERR (listen_sd, "socket");
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
-
- setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
-
- err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
- SOCKET_ERR (err, "bind");
- err = listen (listen_sd, 1024);
- SOCKET_ERR (err, "listen");
-
- printf ("Server ready. Listening to port '%d'.\n\n", PORT);
-
- client_len = sizeof (sa_cli);
- for (;;)
- {
- gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set (session, priority_cache);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
-
- sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
-
- printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_int (session, sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
- printf ("- Handshake was completed\n");
-
- kx = gnutls_kx_get(session);
- if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK ||
- kx == GNUTLS_KX_ECDHE_PSK)
- {
- printf("- User %s was connected\n", gnutls_psk_server_get_username(session));
- }
+ int err, listen_sd;
+ int sd, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ socklen_t client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_psk_server_credentials_t psk_cred;
+ gnutls_priority_t priority_cache;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+ int kx;
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init();
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE, KEYFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_psk_allocate_server_credentials(&psk_cred);
+ gnutls_psk_set_server_credentials_function(psk_cred, pskfunc);
+
+ generate_dh_params();
+
+ gnutls_priority_init(&priority_cache,
+ "NORMAL:+PSK:+ECDHE-PSK:+DHE-PSK", NULL);
+
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
+
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+ SOCKET_ERR(listen_sd, "socket");
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
+ sizeof(int));
+
+ err =
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+ SOCKET_ERR(err, "bind");
+ err = listen(listen_sd, 1024);
+ SOCKET_ERR(err, "listen");
+
+ printf("Server ready. Listening to port '%d'.\n\n", PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_priority_set(session, priority_cache);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ x509_cred);
+ gnutls_credentials_set(session, GNUTLS_CRD_PSK, psk_cred);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_REQUEST);
+
+ sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
+ &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+ gnutls_transport_set_int(session, sd);
+ ret = gnutls_handshake(session);
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fprintf(stderr,
+ "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+
+ kx = gnutls_kx_get(session);
+ if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK ||
+ kx == GNUTLS_KX_ECDHE_PSK) {
+ printf("- User %s was connected\n",
+ gnutls_psk_server_get_username(session));
+ }
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0
+ && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer, ret);
+ }
+ }
+ printf("\n");
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, ret);
- }
}
- printf ("\n");
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
-
- close (sd);
- gnutls_deinit (session);
-
- }
- close (listen_sd);
+ close(listen_sd);
- gnutls_certificate_free_credentials (x509_cred);
- gnutls_psk_free_server_credentials (psk_cred);
+ gnutls_certificate_free_credentials(x509_cred);
+ gnutls_psk_free_server_credentials(psk_cred);
- gnutls_priority_deinit (priority_cache);
+ gnutls_priority_deinit(priority_cache);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c
index 3a95edd172..44b0a711ad 100644
--- a/doc/examples/ex-serv-srp.c
+++ b/doc/examples/ex-serv-srp.c
@@ -29,141 +29,140 @@
#define MAX_BUF 1024
#define PORT 5556 /* listen to 5556 port */
-int
-main (void)
+int main(void)
{
- int err, listen_sd;
- int sd, ret;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- socklen_t client_len;
- char topbuf[512];
- gnutls_session_t session;
- gnutls_srp_server_credentials_t srp_cred;
- gnutls_certificate_credentials_t cert_cred;
- char buffer[MAX_BUF + 1];
- int optval = 1;
- char name[256];
-
- strcpy (name, "Echo Server");
-
- gnutls_global_init ();
-
- /* SRP_PASSWD a password file (created with the included srptool utility)
- */
- gnutls_srp_allocate_server_credentials (&srp_cred);
- gnutls_srp_set_server_credentials_file (srp_cred, SRP_PASSWD,
- SRP_PASSWD_CONF);
-
- gnutls_certificate_allocate_credentials (&cert_cred);
- gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
-
- /* TCP socket operations
- */
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
- SOCKET_ERR (listen_sd, "socket");
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
-
- setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
-
- err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
- SOCKET_ERR (err, "bind");
- err = listen (listen_sd, 1024);
- SOCKET_ERR (err, "listen");
-
- printf ("%s ready. Listening to port '%d'.\n\n", name, PORT);
-
- client_len = sizeof (sa_cli);
- for (;;)
- {
- gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set_direct (session,
- "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA", NULL);
- gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
- /* for the certificate authenticated ciphersuites.
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred);
-
- /* request client certificate if any.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
-
- sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
-
- printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_int (session, sd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
- }
- printf ("- Handshake was completed\n");
- printf ("- User %s was connected\n", gnutls_srp_server_get_username(session));
-
- /* print_info(session); */
-
- for (;;)
- {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, ret);
- }
- }
- printf ("\n");
- /* do not wait for the peer to close the connection. */
- gnutls_bye (session, GNUTLS_SHUT_WR);
+ int err, listen_sd;
+ int sd, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ socklen_t client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ gnutls_srp_server_credentials_t srp_cred;
+ gnutls_certificate_credentials_t cert_cred;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+ char name[256];
+
+ strcpy(name, "Echo Server");
+
+ gnutls_global_init();
+
+ /* SRP_PASSWD a password file (created with the included srptool utility)
+ */
+ gnutls_srp_allocate_server_credentials(&srp_cred);
+ gnutls_srp_set_server_credentials_file(srp_cred, SRP_PASSWD,
+ SRP_PASSWD_CONF);
+
+ gnutls_certificate_allocate_credentials(&cert_cred);
+ gnutls_certificate_set_x509_trust_file(cert_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_x509_key_file(cert_cred, CERTFILE, KEYFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ /* TCP socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+ SOCKET_ERR(listen_sd, "socket");
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
+ sizeof(int));
+
+ err =
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+ SOCKET_ERR(err, "bind");
+ err = listen(listen_sd, 1024);
+ SOCKET_ERR(err, "listen");
+
+ printf("%s ready. Listening to port '%d'.\n\n", name, PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_priority_set_direct(session,
+ "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA",
+ NULL);
+ gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred);
+ /* for the certificate authenticated ciphersuites.
+ */
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ cert_cred);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_IGNORE);
+
+ sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
+ &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+ gnutls_transport_set_int(session, sd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fprintf(stderr,
+ "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+ printf("- User %s was connected\n",
+ gnutls_srp_server_get_username(session));
+
+ /* print_info(session); */
+
+ for (;;) {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0
+ && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer, ret);
+ }
+ }
+ printf("\n");
+ /* do not wait for the peer to close the connection. */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
- close (sd);
- gnutls_deinit (session);
-
- }
- close (listen_sd);
+ }
+ close(listen_sd);
- gnutls_srp_free_server_credentials (srp_cred);
- gnutls_certificate_free_credentials (cert_cred);
+ gnutls_srp_free_server_credentials(srp_cred);
+ gnutls_certificate_free_credentials(cert_cred);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-serv-x509.c b/doc/examples/ex-serv-x509.c
index 2060f80a8b..bc5b371877 100644
--- a/doc/examples/ex-serv-x509.c
+++ b/doc/examples/ex-serv-x509.c
@@ -38,165 +38,164 @@
/* These are global */
static gnutls_dh_params_t dh_params;
-static int
-generate_dh_params (void)
+static int generate_dh_params(void)
{
- unsigned int bits =
- gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
+ unsigned int bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+ GNUTLS_SEC_PARAM_LEGACY);
- /* Generate Diffie-Hellman parameters - for use with DHE
- * kx algorithms. When short bit length is used, it might
- * be wise to regenerate parameters often.
- */
- gnutls_dh_params_init (&dh_params);
- gnutls_dh_params_generate2 (dh_params, bits);
+ /* Generate Diffie-Hellman parameters - for use with DHE
+ * kx algorithms. When short bit length is used, it might
+ * be wise to regenerate parameters often.
+ */
+ gnutls_dh_params_init(&dh_params);
+ gnutls_dh_params_generate2(dh_params, bits);
- return 0;
+ return 0;
}
-int
-main (void)
+int main(void)
{
- int listen_sd;
- int sd, ret;
- gnutls_certificate_credentials_t x509_cred;
- gnutls_priority_t priority_cache;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- socklen_t client_len;
- char topbuf[512];
- gnutls_session_t session;
- char buffer[MAX_BUF + 1];
- int optval = 1;
-
- /* this must be called once in the program
- */
- gnutls_global_init ();
-
- gnutls_certificate_allocate_credentials (&x509_cred);
- /* gnutls_certificate_set_x509_system_trust(xcred); */
- gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
- GNUTLS_X509_FMT_PEM);
-
- gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
- GNUTLS_X509_FMT_PEM);
-
- ret = gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
- GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- printf("No certificate or key were found\n");
- exit(1);
- }
-
- /* loads an OCSP status request if available */
- gnutls_certificate_set_ocsp_status_request_file(x509_cred, OCSP_STATUS_FILE, 0);
-
- generate_dh_params ();
-
- gnutls_priority_init (&priority_cache, "PERFORMANCE:%SERVER_PRECEDENCE", NULL);
-
-
- gnutls_certificate_set_dh_params (x509_cred, dh_params);
-
- /* Socket operations
- */
- listen_sd = socket (AF_INET, SOCK_STREAM, 0);
-
- memset (&sa_serv, '\0', sizeof (sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (PORT); /* Server Port number */
-
- setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
- sizeof (int));
-
- bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
-
- listen (listen_sd, 1024);
-
- printf ("Server ready. Listening to port '%d'.\n\n", PORT);
-
- client_len = sizeof (sa_cli);
- for (;;)
- {
- gnutls_init (&session, GNUTLS_SERVER);
- gnutls_priority_set (session, priority_cache);
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
- /* We don't request any certificate from the client.
- * If we did we would need to verify it.
- */
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
-
- sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
-
- printf ("- connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_int (session, sd);
-
- do
- {
- ret = gnutls_handshake (session);
- }
- while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
-
- if (ret < 0)
- {
- close (sd);
- gnutls_deinit (session);
- fprintf (stderr, "*** Handshake has failed (%s)\n\n",
- gnutls_strerror (ret));
- continue;
+ int listen_sd;
+ int sd, ret;
+ gnutls_certificate_credentials_t x509_cred;
+ gnutls_priority_t priority_cache;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ socklen_t client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init();
+
+ gnutls_certificate_allocate_credentials(&x509_cred);
+ /* gnutls_certificate_set_x509_system_trust(xcred); */
+ gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ ret =
+ gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE,
+ KEYFILE,
+ GNUTLS_X509_FMT_PEM);
+ if (ret < 0) {
+ printf("No certificate or key were found\n");
+ exit(1);
}
- printf ("- Handshake was completed\n");
-
- /* see the Getting peer's information example */
- /* print_info(session); */
-
- for (;;)
- {
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
-
- if (ret == 0)
- {
- printf ("\n- Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
- {
- fprintf (stderr, "*** Warning: %s\n", gnutls_strerror (ret));
- }
- else if (ret < 0)
- {
- fprintf (stderr, "\n*** Received corrupted "
- "data(%d). Closing the connection.\n\n", ret);
- break;
- }
- else if (ret > 0)
- {
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, ret);
- }
- }
- printf ("\n");
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
- close (sd);
- gnutls_deinit (session);
+ /* loads an OCSP status request if available */
+ gnutls_certificate_set_ocsp_status_request_file(x509_cred,
+ OCSP_STATUS_FILE,
+ 0);
+
+ generate_dh_params();
+
+ gnutls_priority_init(&priority_cache,
+ "PERFORMANCE:%SERVER_PRECEDENCE", NULL);
+
+
+ gnutls_certificate_set_dh_params(x509_cred, dh_params);
+
+ /* Socket operations
+ */
+ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
+
+ memset(&sa_serv, '\0', sizeof(sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons(PORT); /* Server Port number */
+
+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
+ sizeof(int));
+
+ bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv));
+
+ listen(listen_sd, 1024);
+
+ printf("Server ready. Listening to port '%d'.\n\n", PORT);
+
+ client_len = sizeof(sa_cli);
+ for (;;) {
+ gnutls_init(&session, GNUTLS_SERVER);
+ gnutls_priority_set(session, priority_cache);
+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ x509_cred);
+ /* We don't request any certificate from the client.
+ * If we did we would need to verify it.
+ */
+ gnutls_certificate_server_set_request(session,
+ GNUTLS_CERT_IGNORE);
+
+ sd = accept(listen_sd, (struct sockaddr *) &sa_cli,
+ &client_len);
+
+ printf("- connection from %s, port %d\n",
+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof(topbuf)), ntohs(sa_cli.sin_port));
+
+ gnutls_transport_set_int(session, sd);
+
+ do {
+ ret = gnutls_handshake(session);
+ }
+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+ if (ret < 0) {
+ close(sd);
+ gnutls_deinit(session);
+ fprintf(stderr,
+ "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror(ret));
+ continue;
+ }
+ printf("- Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ for (;;) {
+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
+
+ if (ret == 0) {
+ printf
+ ("\n- Peer has closed the GnuTLS connection\n");
+ break;
+ } else if (ret < 0
+ && gnutls_error_is_fatal(ret) == 0) {
+ fprintf(stderr, "*** Warning: %s\n",
+ gnutls_strerror(ret));
+ } else if (ret < 0) {
+ fprintf(stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n",
+ ret);
+ break;
+ } else if (ret > 0) {
+ /* echo data back to the client
+ */
+ gnutls_record_send(session, buffer, ret);
+ }
+ }
+ printf("\n");
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye(session, GNUTLS_SHUT_WR);
+
+ close(sd);
+ gnutls_deinit(session);
- }
- close (listen_sd);
+ }
+ close(listen_sd);
- gnutls_certificate_free_credentials (x509_cred);
- gnutls_priority_deinit (priority_cache);
+ gnutls_certificate_free_credentials(x509_cred);
+ gnutls_priority_deinit(priority_cache);
- gnutls_global_deinit ();
+ gnutls_global_deinit();
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-session-info.c b/doc/examples/ex-session-info.c
index e5f0b545e7..7838e43105 100644
--- a/doc/examples/ex-session-info.c
+++ b/doc/examples/ex-session-info.c
@@ -14,119 +14,121 @@
/* This function will print some details of the
* given session.
*/
-int
-print_info (gnutls_session_t session)
+int print_info(gnutls_session_t session)
{
- const char *tmp;
- gnutls_credentials_type_t cred;
- gnutls_kx_algorithm_t kx;
- int dhe, ecdh;
-
- dhe = ecdh = 0;
-
- /* print the key exchange's algorithm name
- */
- kx = gnutls_kx_get (session);
- tmp = gnutls_kx_get_name (kx);
- printf ("- Key Exchange: %s\n", tmp);
-
- /* Check the authentication type used and switch
- * to the appropriate.
- */
- cred = gnutls_auth_get_type (session);
- switch (cred)
- {
- case GNUTLS_CRD_IA:
- printf ("- TLS/IA session\n");
- break;
+ const char *tmp;
+ gnutls_credentials_type_t cred;
+ gnutls_kx_algorithm_t kx;
+ int dhe, ecdh;
+
+ dhe = ecdh = 0;
+
+ /* print the key exchange's algorithm name
+ */
+ kx = gnutls_kx_get(session);
+ tmp = gnutls_kx_get_name(kx);
+ printf("- Key Exchange: %s\n", tmp);
+
+ /* Check the authentication type used and switch
+ * to the appropriate.
+ */
+ cred = gnutls_auth_get_type(session);
+ switch (cred) {
+ case GNUTLS_CRD_IA:
+ printf("- TLS/IA session\n");
+ break;
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:
- printf ("- SRP session with username %s\n",
- gnutls_srp_server_get_username (session));
- break;
+ case GNUTLS_CRD_SRP:
+ printf("- SRP session with username %s\n",
+ gnutls_srp_server_get_username(session));
+ break;
#endif
- case GNUTLS_CRD_PSK:
- /* This returns NULL in server side.
- */
- if (gnutls_psk_client_get_hint (session) != NULL)
- printf ("- PSK authentication. PSK hint '%s'\n",
- gnutls_psk_client_get_hint (session));
- /* This returns NULL in client side.
- */
- if (gnutls_psk_server_get_username (session) != NULL)
- printf ("- PSK authentication. Connected as '%s'\n",
- gnutls_psk_server_get_username (session));
-
- if (kx == GNUTLS_KX_ECDHE_PSK)
- ecdh = 1;
- else if (kx == GNUTLS_KX_DHE_PSK)
- dhe = 1;
- break;
-
- case GNUTLS_CRD_ANON: /* anonymous authentication */
-
- printf ("- Anonymous authentication.\n");
- if (kx == GNUTLS_KX_ANON_ECDH)
- ecdh = 1;
- else if (kx == GNUTLS_KX_ANON_DH)
- dhe = 1;
- break;
-
- case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */
-
- /* Check if we have been using ephemeral Diffie-Hellman.
- */
- if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
- dhe = 1;
- else if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA)
- ecdh = 1;
-
- /* if the certificate list is available, then
- * print some information about it.
- */
- print_x509_certificate_info (session);
-
- } /* switch */
-
- if (ecdh != 0)
- printf ("- Ephemeral ECDH using curve %s\n",
- gnutls_ecc_curve_get_name (gnutls_ecc_curve_get (session)));
- else if (dhe != 0)
- printf ("- Ephemeral DH using prime of %d bits\n",
- gnutls_dh_get_prime_bits (session));
-
- /* print the protocol's name (ie TLS 1.0)
- */
- tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session));
- printf ("- Protocol: %s\n", tmp);
-
- /* print the certificate type of the peer.
- * ie X.509
- */
- tmp =
- gnutls_certificate_type_get_name (gnutls_certificate_type_get (session));
-
- printf ("- Certificate Type: %s\n", tmp);
-
- /* print the compression algorithm (if any)
- */
- tmp = gnutls_compression_get_name (gnutls_compression_get (session));
- printf ("- Compression: %s\n", tmp);
-
- /* print the name of the cipher used.
- * ie 3DES.
- */
- tmp = gnutls_cipher_get_name (gnutls_cipher_get (session));
- printf ("- Cipher: %s\n", tmp);
-
- /* Print the MAC algorithms name.
- * ie SHA1
- */
- tmp = gnutls_mac_get_name (gnutls_mac_get (session));
- printf ("- MAC: %s\n", tmp);
-
- return 0;
+ case GNUTLS_CRD_PSK:
+ /* This returns NULL in server side.
+ */
+ if (gnutls_psk_client_get_hint(session) != NULL)
+ printf("- PSK authentication. PSK hint '%s'\n",
+ gnutls_psk_client_get_hint(session));
+ /* This returns NULL in client side.
+ */
+ if (gnutls_psk_server_get_username(session) != NULL)
+ printf("- PSK authentication. Connected as '%s'\n",
+ gnutls_psk_server_get_username(session));
+
+ if (kx == GNUTLS_KX_ECDHE_PSK)
+ ecdh = 1;
+ else if (kx == GNUTLS_KX_DHE_PSK)
+ dhe = 1;
+ break;
+
+ case GNUTLS_CRD_ANON: /* anonymous authentication */
+
+ printf("- Anonymous authentication.\n");
+ if (kx == GNUTLS_KX_ANON_ECDH)
+ ecdh = 1;
+ else if (kx == GNUTLS_KX_ANON_DH)
+ dhe = 1;
+ break;
+
+ case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */
+
+ /* Check if we have been using ephemeral Diffie-Hellman.
+ */
+ if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
+ dhe = 1;
+ else if (kx == GNUTLS_KX_ECDHE_RSA
+ || kx == GNUTLS_KX_ECDHE_ECDSA)
+ ecdh = 1;
+
+ /* if the certificate list is available, then
+ * print some information about it.
+ */
+ print_x509_certificate_info(session);
+
+ } /* switch */
+
+ if (ecdh != 0)
+ printf("- Ephemeral ECDH using curve %s\n",
+ gnutls_ecc_curve_get_name(gnutls_ecc_curve_get
+ (session)));
+ else if (dhe != 0)
+ printf("- Ephemeral DH using prime of %d bits\n",
+ gnutls_dh_get_prime_bits(session));
+
+ /* print the protocol's name (ie TLS 1.0)
+ */
+ tmp =
+ gnutls_protocol_get_name(gnutls_protocol_get_version(session));
+ printf("- Protocol: %s\n", tmp);
+
+ /* print the certificate type of the peer.
+ * ie X.509
+ */
+ tmp =
+ gnutls_certificate_type_get_name(gnutls_certificate_type_get
+ (session));
+
+ printf("- Certificate Type: %s\n", tmp);
+
+ /* print the compression algorithm (if any)
+ */
+ tmp = gnutls_compression_get_name(gnutls_compression_get(session));
+ printf("- Compression: %s\n", tmp);
+
+ /* print the name of the cipher used.
+ * ie 3DES.
+ */
+ tmp = gnutls_cipher_get_name(gnutls_cipher_get(session));
+ printf("- Cipher: %s\n", tmp);
+
+ /* Print the MAC algorithms name.
+ * ie SHA1
+ */
+ tmp = gnutls_mac_get_name(gnutls_mac_get(session));
+ printf("- MAC: %s\n", tmp);
+
+ return 0;
}
diff --git a/doc/examples/ex-verify-ssh.c b/doc/examples/ex-verify-ssh.c
index 474a3e6d1f..1bc0bfae72 100644
--- a/doc/examples/ex-verify-ssh.c
+++ b/doc/examples/ex-verify-ssh.c
@@ -16,97 +16,95 @@
* SSH-style authentication, where ultimately trusted keys
* are only the keys that have been seen before.
*/
-int
-_ssh_verify_certificate_callback (gnutls_session_t session)
+int _ssh_verify_certificate_callback(gnutls_session_t session)
{
- unsigned int status;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size;
- int ret, type;
- gnutls_datum_t out;
- const char *hostname;
-
- /* read hostname */
- hostname = gnutls_session_get_ptr (session);
-
- /* This verification function uses the trusted CAs in the credentials
- * structure. So you must have installed one or more CA certificates.
- */
- ret = gnutls_certificate_verify_peers3 (session, hostname, &status);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- type = gnutls_certificate_type_get (session);
-
- ret = gnutls_certificate_verification_status_print( status, type, &out, 0);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- printf ("%s", out.data);
-
- gnutls_free(out.data);
-
- if (status != 0) /* Certificate is not trusted */
- return GNUTLS_E_CERTIFICATE_ERROR;
-
- /* Do SSH verification */
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list == NULL)
- {
- printf ("No certificate was found!\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- /* service may be obtained alternatively using getservbyport() */
- ret = gnutls_verify_stored_pubkey(NULL, NULL, hostname, "https",
- type, &cert_list[0], 0);
- if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- printf("Host %s is not known.", hostname);
- if (status == 0)
- printf("Its certificate is valid for %s.\n", hostname);
-
- /* the certificate must be printed and user must be asked on
- * whether it is trustworthy. --see gnutls_x509_crt_print() */
-
- /* if not trusted */
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
- else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
- {
- printf("Warning: host %s is known but has another key associated.", hostname);
- printf("It might be that the server has multiple keys, or you are under attack\n");
- if (status == 0)
- printf("Its certificate is valid for %s.\n", hostname);
-
- /* the certificate must be printed and user must be asked on
- * whether it is trustworthy. --see gnutls_x509_crt_print() */
-
- /* if not trusted */
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
- else if (ret < 0)
- {
- printf("gnutls_verify_stored_pubkey: %s\n", gnutls_strerror(ret));
- return ret;
- }
-
- /* user trusts the key -> store it */
- if (ret != 0)
- {
- ret = gnutls_store_pubkey(NULL, NULL, hostname, "https",
- type, &cert_list[0], 0, 0);
- if (ret < 0)
- printf("gnutls_store_pubkey: %s\n", gnutls_strerror(ret));
- }
-
- /* notify gnutls to continue handshake normally */
- return 0;
-}
+ unsigned int status;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size;
+ int ret, type;
+ gnutls_datum_t out;
+ const char *hostname;
+
+ /* read hostname */
+ hostname = gnutls_session_get_ptr(session);
+
+ /* This verification function uses the trusted CAs in the credentials
+ * structure. So you must have installed one or more CA certificates.
+ */
+ ret = gnutls_certificate_verify_peers3(session, hostname, &status);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ type = gnutls_certificate_type_get(session);
+
+ ret =
+ gnutls_certificate_verification_status_print(status, type,
+ &out, 0);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ printf("%s", out.data);
+
+ gnutls_free(out.data);
+
+ if (status != 0) /* Certificate is not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ /* Do SSH verification */
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
+ if (cert_list == NULL) {
+ printf("No certificate was found!\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ /* service may be obtained alternatively using getservbyport() */
+ ret = gnutls_verify_stored_pubkey(NULL, NULL, hostname, "https",
+ type, &cert_list[0], 0);
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) {
+ printf("Host %s is not known.", hostname);
+ if (status == 0)
+ printf("Its certificate is valid for %s.\n",
+ hostname);
+
+ /* the certificate must be printed and user must be asked on
+ * whether it is trustworthy. --see gnutls_x509_crt_print() */
+
+ /* if not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ } else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
+ printf
+ ("Warning: host %s is known but has another key associated.",
+ hostname);
+ printf
+ ("It might be that the server has multiple keys, or you are under attack\n");
+ if (status == 0)
+ printf("Its certificate is valid for %s.\n",
+ hostname);
+
+ /* the certificate must be printed and user must be asked on
+ * whether it is trustworthy. --see gnutls_x509_crt_print() */
+
+ /* if not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ } else if (ret < 0) {
+ printf("gnutls_verify_stored_pubkey: %s\n",
+ gnutls_strerror(ret));
+ return ret;
+ }
+
+ /* user trusts the key -> store it */
+ if (ret != 0) {
+ ret = gnutls_store_pubkey(NULL, NULL, hostname, "https",
+ type, &cert_list[0], 0, 0);
+ if (ret < 0)
+ printf("gnutls_store_pubkey: %s\n",
+ gnutls_strerror(ret));
+ }
+
+ /* notify gnutls to continue handshake normally */
+ return 0;
+}
diff --git a/doc/examples/ex-verify.c b/doc/examples/ex-verify.c
index 0d52429e3a..45618b9fe9 100644
--- a/doc/examples/ex-verify.c
+++ b/doc/examples/ex-verify.c
@@ -22,126 +22,129 @@ int crl_list_size;
gnutls_x509_crt_t *ca_list;
int ca_list_size;
-static int print_details_func (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer,
- gnutls_x509_crl_t crl,
- unsigned int verification_output);
+static int print_details_func(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_crl_t crl,
+ unsigned int verification_output);
/* This function will try to verify the peer's certificate chain, and
* also check if the hostname matches.
*/
void
-verify_certificate_chain (const char *hostname,
- const gnutls_datum_t * cert_chain,
- int cert_chain_length)
+verify_certificate_chain(const char *hostname,
+ const gnutls_datum_t * cert_chain,
+ int cert_chain_length)
{
- int i;
- gnutls_x509_trust_list_t tlist;
- gnutls_x509_crt_t *cert;
-
- unsigned int output;
-
- /* Initialize the trusted certificate list. This should be done
- * once on initialization. gnutls_x509_crt_list_import2() and
- * gnutls_x509_crl_list_import2() can be used to load them.
- */
- gnutls_x509_trust_list_init (&tlist, 0);
-
- gnutls_x509_trust_list_add_cas (tlist, ca_list, ca_list_size, 0);
- gnutls_x509_trust_list_add_crls (tlist, crl_list, crl_list_size,
- GNUTLS_TL_VERIFY_CRL, 0);
-
- cert = malloc (sizeof (*cert) * cert_chain_length);
-
- /* Import all the certificates in the chain to
- * native certificate format.
- */
- for (i = 0; i < cert_chain_length; i++)
- {
- gnutls_x509_crt_init (&cert[i]);
- gnutls_x509_crt_import (cert[i], &cert_chain[i], GNUTLS_X509_FMT_DER);
- }
-
- gnutls_x509_trust_list_verify_named_crt (tlist, cert[0], hostname,
- strlen (hostname),
- GNUTLS_VERIFY_DISABLE_CRL_CHECKS,
- &output, print_details_func);
-
- /* if this certificate is not explicitly trusted verify against CAs
- */
- if (output != 0)
- {
- gnutls_x509_trust_list_verify_crt (tlist, cert, cert_chain_length, 0,
- &output, print_details_func);
- }
-
- if (output & GNUTLS_CERT_INVALID)
- {
- fprintf (stderr, "Not trusted");
-
- if (output & GNUTLS_CERT_SIGNER_NOT_FOUND)
- fprintf (stderr, ": no issuer was found");
- if (output & GNUTLS_CERT_SIGNER_NOT_CA)
- fprintf (stderr, ": issuer is not a CA");
- if (output & GNUTLS_CERT_NOT_ACTIVATED)
- fprintf (stderr, ": not yet activated\n");
- if (output & GNUTLS_CERT_EXPIRED)
- fprintf (stderr, ": expired\n");
-
- fprintf (stderr, "\n");
- }
- else
- fprintf (stderr, "Trusted\n");
-
- /* Check if the name in the first certificate matches our destination!
- */
- if (!gnutls_x509_crt_check_hostname (cert[0], hostname))
- {
- printf ("The certificate's owner does not match hostname '%s'\n",
- hostname);
- }
-
- gnutls_x509_trust_list_deinit (tlist, 1);
-
- return;
+ int i;
+ gnutls_x509_trust_list_t tlist;
+ gnutls_x509_crt_t *cert;
+
+ unsigned int output;
+
+ /* Initialize the trusted certificate list. This should be done
+ * once on initialization. gnutls_x509_crt_list_import2() and
+ * gnutls_x509_crl_list_import2() can be used to load them.
+ */
+ gnutls_x509_trust_list_init(&tlist, 0);
+
+ gnutls_x509_trust_list_add_cas(tlist, ca_list, ca_list_size, 0);
+ gnutls_x509_trust_list_add_crls(tlist, crl_list, crl_list_size,
+ GNUTLS_TL_VERIFY_CRL, 0);
+
+ cert = malloc(sizeof(*cert) * cert_chain_length);
+
+ /* Import all the certificates in the chain to
+ * native certificate format.
+ */
+ for (i = 0; i < cert_chain_length; i++) {
+ gnutls_x509_crt_init(&cert[i]);
+ gnutls_x509_crt_import(cert[i], &cert_chain[i],
+ GNUTLS_X509_FMT_DER);
+ }
+
+ gnutls_x509_trust_list_verify_named_crt(tlist, cert[0], hostname,
+ strlen(hostname),
+ GNUTLS_VERIFY_DISABLE_CRL_CHECKS,
+ &output,
+ print_details_func);
+
+ /* if this certificate is not explicitly trusted verify against CAs
+ */
+ if (output != 0) {
+ gnutls_x509_trust_list_verify_crt(tlist, cert,
+ cert_chain_length, 0,
+ &output,
+ print_details_func);
+ }
+
+ if (output & GNUTLS_CERT_INVALID) {
+ fprintf(stderr, "Not trusted");
+
+ if (output & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ fprintf(stderr, ": no issuer was found");
+ if (output & GNUTLS_CERT_SIGNER_NOT_CA)
+ fprintf(stderr, ": issuer is not a CA");
+ if (output & GNUTLS_CERT_NOT_ACTIVATED)
+ fprintf(stderr, ": not yet activated\n");
+ if (output & GNUTLS_CERT_EXPIRED)
+ fprintf(stderr, ": expired\n");
+
+ fprintf(stderr, "\n");
+ } else
+ fprintf(stderr, "Trusted\n");
+
+ /* Check if the name in the first certificate matches our destination!
+ */
+ if (!gnutls_x509_crt_check_hostname(cert[0], hostname)) {
+ printf
+ ("The certificate's owner does not match hostname '%s'\n",
+ hostname);
+ }
+
+ gnutls_x509_trust_list_deinit(tlist, 1);
+
+ return;
}
static int
-print_details_func (gnutls_x509_crt_t cert,
- gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl,
- unsigned int verification_output)
+print_details_func(gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl,
+ unsigned int verification_output)
{
- char name[512];
- char issuer_name[512];
- size_t name_size;
- size_t issuer_name_size;
+ char name[512];
+ char issuer_name[512];
+ size_t name_size;
+ size_t issuer_name_size;
- issuer_name_size = sizeof (issuer_name);
- gnutls_x509_crt_get_issuer_dn (cert, issuer_name, &issuer_name_size);
+ issuer_name_size = sizeof(issuer_name);
+ gnutls_x509_crt_get_issuer_dn(cert, issuer_name,
+ &issuer_name_size);
- name_size = sizeof (name);
- gnutls_x509_crt_get_dn (cert, name, &name_size);
+ name_size = sizeof(name);
+ gnutls_x509_crt_get_dn(cert, name, &name_size);
- fprintf (stdout, "\tSubject: %s\n", name);
- fprintf (stdout, "\tIssuer: %s\n", issuer_name);
+ fprintf(stdout, "\tSubject: %s\n", name);
+ fprintf(stdout, "\tIssuer: %s\n", issuer_name);
- if (issuer != NULL)
- {
- issuer_name_size = sizeof (issuer_name);
- gnutls_x509_crt_get_dn (issuer, issuer_name, &issuer_name_size);
+ if (issuer != NULL) {
+ issuer_name_size = sizeof(issuer_name);
+ gnutls_x509_crt_get_dn(issuer, issuer_name,
+ &issuer_name_size);
- fprintf (stdout, "\tVerified against: %s\n", issuer_name);
- }
+ fprintf(stdout, "\tVerified against: %s\n", issuer_name);
+ }
- if (crl != NULL)
- {
- issuer_name_size = sizeof (issuer_name);
- gnutls_x509_crl_get_issuer_dn (crl, issuer_name, &issuer_name_size);
+ if (crl != NULL) {
+ issuer_name_size = sizeof(issuer_name);
+ gnutls_x509_crl_get_issuer_dn(crl, issuer_name,
+ &issuer_name_size);
- fprintf (stdout, "\tVerified against CRL of: %s\n", issuer_name);
- }
+ fprintf(stdout, "\tVerified against CRL of: %s\n",
+ issuer_name);
+ }
- fprintf (stdout, "\tVerification output: %x\n\n", verification_output);
+ fprintf(stdout, "\tVerification output: %x\n\n",
+ verification_output);
- return 0;
+ return 0;
}
diff --git a/doc/examples/ex-x509-info.c b/doc/examples/ex-x509-info.c
index d2f39cf437..a54aeff468 100644
--- a/doc/examples/ex-x509-info.c
+++ b/doc/examples/ex-x509-info.c
@@ -11,112 +11,115 @@
#include "examples.h"
-static const char *
-bin2hex (const void *bin, size_t bin_size)
+static const char *bin2hex(const void *bin, size_t bin_size)
{
- static char printable[110];
- const unsigned char *_bin = bin;
- char *print;
- size_t i;
-
- if (bin_size > 50)
- bin_size = 50;
-
- print = printable;
- for (i = 0; i < bin_size; i++)
- {
- sprintf (print, "%.2x ", _bin[i]);
- print += 2;
- }
-
- return printable;
+ static char printable[110];
+ const unsigned char *_bin = bin;
+ char *print;
+ size_t i;
+
+ if (bin_size > 50)
+ bin_size = 50;
+
+ print = printable;
+ for (i = 0; i < bin_size; i++) {
+ sprintf(print, "%.2x ", _bin[i]);
+ print += 2;
+ }
+
+ return printable;
}
/* This function will print information about this session's peer
* certificate.
*/
-void
-print_x509_certificate_info (gnutls_session_t session)
+void print_x509_certificate_info(gnutls_session_t session)
{
- char serial[40];
- char dn[256];
- size_t size;
- unsigned int algo, bits;
- time_t expiration_time, activation_time;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- gnutls_x509_crt_t cert;
- gnutls_datum_t cinfo;
+ char serial[40];
+ char dn[256];
+ size_t size;
+ unsigned int algo, bits;
+ time_t expiration_time, activation_time;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+ gnutls_x509_crt_t cert;
+ gnutls_datum_t cinfo;
- /* This function only works for X.509 certificates.
- */
- if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
- return;
+ /* This function only works for X.509 certificates.
+ */
+ if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+ return;
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
- printf ("Peer provided %d certificates.\n", cert_list_size);
+ printf("Peer provided %d certificates.\n", cert_list_size);
- if (cert_list_size > 0)
- {
- int ret;
+ if (cert_list_size > 0) {
+ int ret;
- /* we only print information about the first certificate.
- */
- gnutls_x509_crt_init (&cert);
+ /* we only print information about the first certificate.
+ */
+ gnutls_x509_crt_init(&cert);
- gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER);
+ gnutls_x509_crt_import(cert, &cert_list[0],
+ GNUTLS_X509_FMT_DER);
- printf ("Certificate info:\n");
+ printf("Certificate info:\n");
- /* This is the preferred way of printing short information about
- a certificate. */
+ /* This is the preferred way of printing short information about
+ a certificate. */
- ret = gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
- if (ret == 0)
- {
- printf ("\t%s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
+ ret =
+ gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_ONELINE,
+ &cinfo);
+ if (ret == 0) {
+ printf("\t%s\n", cinfo.data);
+ gnutls_free(cinfo.data);
+ }
- /* If you want to extract fields manually for some other reason,
- below are popular example calls. */
+ /* If you want to extract fields manually for some other reason,
+ below are popular example calls. */
- expiration_time = gnutls_x509_crt_get_expiration_time (cert);
- activation_time = gnutls_x509_crt_get_activation_time (cert);
+ expiration_time =
+ gnutls_x509_crt_get_expiration_time(cert);
+ activation_time =
+ gnutls_x509_crt_get_activation_time(cert);
- printf ("\tCertificate is valid since: %s", ctime (&activation_time));
- printf ("\tCertificate expires: %s", ctime (&expiration_time));
+ printf("\tCertificate is valid since: %s",
+ ctime(&activation_time));
+ printf("\tCertificate expires: %s",
+ ctime(&expiration_time));
- /* Print the serial number of the certificate.
- */
- size = sizeof (serial);
- gnutls_x509_crt_get_serial (cert, serial, &size);
+ /* Print the serial number of the certificate.
+ */
+ size = sizeof(serial);
+ gnutls_x509_crt_get_serial(cert, serial, &size);
- printf ("\tCertificate serial number: %s\n", bin2hex (serial, size));
+ printf("\tCertificate serial number: %s\n",
+ bin2hex(serial, size));
- /* Extract some of the public key algorithm's parameters
- */
- algo = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
+ /* Extract some of the public key algorithm's parameters
+ */
+ algo = gnutls_x509_crt_get_pk_algorithm(cert, &bits);
- printf ("Certificate public key: %s",
- gnutls_pk_algorithm_get_name (algo));
+ printf("Certificate public key: %s",
+ gnutls_pk_algorithm_get_name(algo));
- /* Print the version of the X.509
- * certificate.
- */
- printf ("\tCertificate version: #%d\n",
- gnutls_x509_crt_get_version (cert));
+ /* Print the version of the X.509
+ * certificate.
+ */
+ printf("\tCertificate version: #%d\n",
+ gnutls_x509_crt_get_version(cert));
- size = sizeof (dn);
- gnutls_x509_crt_get_dn (cert, dn, &size);
- printf ("\tDN: %s\n", dn);
+ size = sizeof(dn);
+ gnutls_x509_crt_get_dn(cert, dn, &size);
+ printf("\tDN: %s\n", dn);
- size = sizeof (dn);
- gnutls_x509_crt_get_issuer_dn (cert, dn, &size);
- printf ("\tIssuer's DN: %s\n", dn);
+ size = sizeof(dn);
+ gnutls_x509_crt_get_issuer_dn(cert, dn, &size);
+ printf("\tIssuer's DN: %s\n", dn);
- gnutls_x509_crt_deinit (cert);
+ gnutls_x509_crt_deinit(cert);
- }
+ }
}
diff --git a/doc/examples/examples.h b/doc/examples/examples.h
index 0c2dbb3372..e5641a52e4 100644
--- a/doc/examples/examples.h
+++ b/doc/examples/examples.h
@@ -1,25 +1,24 @@
#ifndef EXAMPLES_H
#define EXAMPLES_H
-void check_alert (gnutls_session_t session, int ret);
+void check_alert(gnutls_session_t session, int ret);
-int write_pkcs12 (const gnutls_datum_t * cert,
- const gnutls_datum_t * pkcs8_key, const char *password);
+int write_pkcs12(const gnutls_datum_t * cert,
+ const gnutls_datum_t * pkcs8_key, const char *password);
-void verify_certificate (gnutls_session_t session, const char *hostname);
+void verify_certificate(gnutls_session_t session, const char *hostname);
-int print_info (gnutls_session_t session);
+int print_info(gnutls_session_t session);
-void print_x509_certificate_info (gnutls_session_t session);
+void print_x509_certificate_info(gnutls_session_t session);
-int
-_ssh_verify_certificate_callback (gnutls_session_t session);
+int _ssh_verify_certificate_callback(gnutls_session_t session);
void
-verify_certificate_chain (const char *hostname,
- const gnutls_datum_t * cert_chain,
- int cert_chain_length);
+verify_certificate_chain(const char *hostname,
+ const gnutls_datum_t * cert_chain,
+ int cert_chain_length);
-int verify_certificate_callback (gnutls_session_t session);
+int verify_certificate_callback(gnutls_session_t session);
-#endif /* EXAMPLES_H */
+#endif /* EXAMPLES_H */
diff --git a/doc/examples/print-ciphersuites.c b/doc/examples/print-ciphersuites.c
index a1f8ab3d1a..c0b83216dd 100644
--- a/doc/examples/print-ciphersuites.c
+++ b/doc/examples/print-ciphersuites.c
@@ -6,50 +6,54 @@
#include <string.h>
#include <gnutls/gnutls.h>
-static void
-print_cipher_suite_list (const char* priorities)
+static void print_cipher_suite_list(const char *priorities)
{
- size_t i;
- int ret;
- unsigned int idx;
- const char *name;
- const char *err;
- unsigned char id[2];
- gnutls_protocol_t version;
- gnutls_priority_t pcache;
-
- if (priorities != NULL)
- {
- printf ("Cipher suites for %s\n", priorities);
-
- ret = gnutls_priority_init(&pcache, priorities, &err);
- if (ret < 0)
- {
- fprintf (stderr, "Syntax error at: %s\n", err);
- exit(1);
- }
-
- for (i=0;;i++)
- {
- ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break;
- if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue;
-
- name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL, &version);
-
- if (name != NULL)
- printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
- name, (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- }
-
- return;
- }
+ size_t i;
+ int ret;
+ unsigned int idx;
+ const char *name;
+ const char *err;
+ unsigned char id[2];
+ gnutls_protocol_t version;
+ gnutls_priority_t pcache;
+
+ if (priorities != NULL) {
+ printf("Cipher suites for %s\n", priorities);
+
+ ret = gnutls_priority_init(&pcache, priorities, &err);
+ if (ret < 0) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ exit(1);
+ }
+
+ for (i = 0;; i++) {
+ ret =
+ gnutls_priority_get_cipher_suite_index(pcache,
+ i,
+ &idx);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
+ continue;
+
+ name =
+ gnutls_cipher_suite_info(idx, id, NULL, NULL,
+ NULL, &version);
+
+ if (name != NULL)
+ printf("%-50s\t0x%02x, 0x%02x\t%s\n",
+ name, (unsigned char) id[0],
+ (unsigned char) id[1],
+ gnutls_protocol_get_name(version));
+ }
+
+ return;
+ }
}
-int main(int argc, char** argv)
+int main(int argc, char **argv)
{
- if (argc > 1)
- print_cipher_suite_list (argv[1]);
- return 0;
+ if (argc > 1)
+ print_cipher_suite_list(argv[1]);
+ return 0;
}
diff --git a/doc/examples/tcp.c b/doc/examples/tcp.c
index fcf8441297..a9b2f0ddaf 100644
--- a/doc/examples/tcp.c
+++ b/doc/examples/tcp.c
@@ -14,44 +14,41 @@
#include <unistd.h>
/* tcp.c */
-int tcp_connect (void);
-void tcp_close (int sd);
+int tcp_connect(void);
+void tcp_close(int sd);
/* Connects to the peer and returns a socket
* descriptor.
*/
-extern int
-tcp_connect (void)
+extern int tcp_connect(void)
{
- const char *PORT = "5556";
- const char *SERVER = "127.0.0.1";
- int err, sd;
- struct sockaddr_in sa;
-
- /* connects to server
- */
- sd = socket (AF_INET, SOCK_STREAM, 0);
-
- memset (&sa, '\0', sizeof (sa));
- sa.sin_family = AF_INET;
- sa.sin_port = htons (atoi (PORT));
- inet_pton (AF_INET, SERVER, &sa.sin_addr);
-
- err = connect (sd, (struct sockaddr *) & sa, sizeof (sa));
- if (err < 0)
- {
- fprintf (stderr, "Connect error\n");
- exit (1);
- }
-
- return sd;
+ const char *PORT = "5556";
+ const char *SERVER = "127.0.0.1";
+ int err, sd;
+ struct sockaddr_in sa;
+
+ /* connects to server
+ */
+ sd = socket(AF_INET, SOCK_STREAM, 0);
+
+ memset(&sa, '\0', sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_port = htons(atoi(PORT));
+ inet_pton(AF_INET, SERVER, &sa.sin_addr);
+
+ err = connect(sd, (struct sockaddr *) &sa, sizeof(sa));
+ if (err < 0) {
+ fprintf(stderr, "Connect error\n");
+ exit(1);
+ }
+
+ return sd;
}
/* closes the given socket descriptor.
*/
-extern void
-tcp_close (int sd)
+extern void tcp_close(int sd)
{
- shutdown (sd, SHUT_RDWR); /* no more receptions */
- close (sd);
+ shutdown(sd, SHUT_RDWR); /* no more receptions */
+ close(sd);
}
diff --git a/doc/examples/udp.c b/doc/examples/udp.c
index 0c48ac1b5b..184f31718d 100644
--- a/doc/examples/udp.c
+++ b/doc/examples/udp.c
@@ -14,53 +14,50 @@
#include <unistd.h>
/* udp.c */
-int udp_connect (void);
-void udp_close (int sd);
+int udp_connect(void);
+void udp_close(int sd);
/* Connects to the peer and returns a socket
* descriptor.
*/
-extern int
-udp_connect (void)
+extern int udp_connect(void)
{
- const char *PORT = "5557";
- const char *SERVER = "127.0.0.1";
- int err, sd, optval;
- struct sockaddr_in sa;
+ const char *PORT = "5557";
+ const char *SERVER = "127.0.0.1";
+ int err, sd, optval;
+ struct sockaddr_in sa;
- /* connects to server
- */
- sd = socket (AF_INET, SOCK_DGRAM, 0);
+ /* connects to server
+ */
+ sd = socket(AF_INET, SOCK_DGRAM, 0);
- memset (&sa, '\0', sizeof (sa));
- sa.sin_family = AF_INET;
- sa.sin_port = htons (atoi (PORT));
- inet_pton (AF_INET, SERVER, &sa.sin_addr);
+ memset(&sa, '\0', sizeof(sa));
+ sa.sin_family = AF_INET;
+ sa.sin_port = htons(atoi(PORT));
+ inet_pton(AF_INET, SERVER, &sa.sin_addr);
#if defined(IP_DONTFRAG)
- optval = 1;
- setsockopt (sd, IPPROTO_IP, IP_DONTFRAG,
- (const void *) &optval, sizeof (optval));
+ optval = 1;
+ setsockopt(sd, IPPROTO_IP, IP_DONTFRAG,
+ (const void *) &optval, sizeof(optval));
#elif defined(IP_MTU_DISCOVER)
- optval = IP_PMTUDISC_DO;
- setsockopt(sd, IPPROTO_IP, IP_MTU_DISCOVER,
- (const void*) &optval, sizeof (optval));
+ optval = IP_PMTUDISC_DO;
+ setsockopt(sd, IPPROTO_IP, IP_MTU_DISCOVER,
+ (const void *) &optval, sizeof(optval));
#endif
- err = connect (sd, (struct sockaddr *) & sa, sizeof (sa));
- if (err < 0)
- {
- fprintf (stderr, "Connect error\n");
- exit (1);
- }
+ err = connect(sd, (struct sockaddr *) &sa, sizeof(sa));
+ if (err < 0) {
+ fprintf(stderr, "Connect error\n");
+ exit(1);
+ }
- return sd;
+ return sd;
}
/* closes the given socket descriptor.
*/
-extern void
-udp_close (int sd)
+extern void udp_close(int sd)
{
- close (sd);
+ close(sd);
}
diff --git a/doc/examples/verify.c b/doc/examples/verify.c
index bee8e6bdf4..4d0d059ea6 100644
--- a/doc/examples/verify.c
+++ b/doc/examples/verify.c
@@ -10,42 +10,42 @@
#include "examples.h"
-int verify_certificate_callback (gnutls_session_t session)
+int verify_certificate_callback(gnutls_session_t session)
{
- unsigned int status;
- int ret, type;
- const char *hostname;
- gnutls_datum_t out;
-
- /* read hostname */
- hostname = gnutls_session_get_ptr (session);
-
- /* This verification function uses the trusted CAs in the credentials
- * structure. So you must have installed one or more CA certificates.
- */
- ret = gnutls_certificate_verify_peers3 (session, hostname, &status);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- type = gnutls_certificate_type_get (session);
-
- ret = gnutls_certificate_verification_status_print( status, type, &out, 0);
- if (ret < 0)
- {
- printf ("Error\n");
- return GNUTLS_E_CERTIFICATE_ERROR;
- }
-
- printf ("%s", out.data);
-
- gnutls_free(out.data);
-
- if (status != 0) /* Certificate is not trusted */
- return GNUTLS_E_CERTIFICATE_ERROR;
-
- /* notify gnutls to continue handshake normally */
- return 0;
+ unsigned int status;
+ int ret, type;
+ const char *hostname;
+ gnutls_datum_t out;
+
+ /* read hostname */
+ hostname = gnutls_session_get_ptr(session);
+
+ /* This verification function uses the trusted CAs in the credentials
+ * structure. So you must have installed one or more CA certificates.
+ */
+ ret = gnutls_certificate_verify_peers3(session, hostname, &status);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ type = gnutls_certificate_type_get(session);
+
+ ret =
+ gnutls_certificate_verification_status_print(status, type,
+ &out, 0);
+ if (ret < 0) {
+ printf("Error\n");
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ printf("%s", out.data);
+
+ gnutls_free(out.data);
+
+ if (status != 0) /* Certificate is not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+
+ /* notify gnutls to continue handshake normally */
+ return 0;
}
diff --git a/doc/printlist.c b/doc/printlist.c
index de2796a774..a87f14c545 100644
--- a/doc/printlist.c
+++ b/doc/printlist.c
@@ -27,199 +27,198 @@
#include <gnutls/openpgp.h>
#include "common.h"
-static void main_texinfo (void);
+static void main_texinfo(void);
static void main_latex(void);
char buffer[1024];
-int
-main (int argc, char *argv[])
+int main(int argc, char *argv[])
{
- if (argc > 1)
- main_latex();
- else
- main_texinfo();
-
- return 0;
+ if (argc > 1)
+ main_latex();
+ else
+ main_texinfo();
+
+ return 0;
}
-static void main_texinfo (void)
+static void main_texinfo(void)
{
- {
- size_t i;
- const char *name;
- char id[2];
- gnutls_kx_algorithm_t kx;
- gnutls_cipher_algorithm_t cipher;
- gnutls_mac_algorithm_t mac;
- gnutls_protocol_t version;
-
- printf ("@heading Ciphersuites\n");
- printf ("@multitable @columnfractions .60 .20 .20\n");
- printf("@headitem Ciphersuite name @tab TLS ID @tab Since\n");
- for (i = 0; (name = gnutls_cipher_suite_info
- (i, id, &kx, &cipher, &mac, &version)); i++)
- {
- printf ("@item %s\n@tab 0x%02X 0x%02X\n@tab %s\n",
- escape_texi_string(name, buffer, sizeof(buffer)),
- (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- }
- printf ("@end multitable\n");
-
- }
-
- {
- const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
-
- printf ("\n\n@heading Certificate types\n");
- printf ("@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_certificate_type_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_protocol_t *p = gnutls_protocol_list ();
-
- printf ("\n@heading Protocols\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_protocol_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
-
- printf ("\n@heading Ciphers\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_cipher_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
-
- printf ("\n@heading MAC algorithms\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_mac_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
-
- printf ("\n@heading Key exchange methods\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_kx_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
-
- printf ("\n@heading Public key algorithms\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_pk_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
-
- printf ("\n@heading Public key signature algorithms\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_sign_get_name (*p));
- }
- printf ("@end table\n");
- }
-
- {
- const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
-
- printf ("\n@heading Elliptic curves\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_ecc_curve_get_name (*p));
- }
- printf ("@end table\n");
- }
-
-
- {
- const gnutls_compression_method_t *p = gnutls_compression_list ();
-
- printf ("\n@heading Compression methods\n@table @code\n");
- for (; *p; p++)
- {
- printf ("@item %s\n", gnutls_compression_get_name (*p));
- }
- printf ("@end table\n");
- }
+ {
+ size_t i;
+ const char *name;
+ char id[2];
+ gnutls_kx_algorithm_t kx;
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_mac_algorithm_t mac;
+ gnutls_protocol_t version;
+
+ printf("@heading Ciphersuites\n");
+ printf("@multitable @columnfractions .60 .20 .20\n");
+ printf
+ ("@headitem Ciphersuite name @tab TLS ID @tab Since\n");
+ for (i = 0;
+ (name =
+ gnutls_cipher_suite_info(i, id, &kx, &cipher, &mac,
+ &version)); i++) {
+ printf("@item %s\n@tab 0x%02X 0x%02X\n@tab %s\n",
+ escape_texi_string(name, buffer,
+ sizeof(buffer)),
+ (unsigned char) id[0],
+ (unsigned char) id[1],
+ gnutls_protocol_get_name(version));
+ }
+ printf("@end multitable\n");
+
+ }
+
+ {
+ const gnutls_certificate_type_t *p =
+ gnutls_certificate_type_list();
+
+ printf("\n\n@heading Certificate types\n");
+ printf("@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n",
+ gnutls_certificate_type_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_protocol_t *p = gnutls_protocol_list();
+
+ printf("\n@heading Protocols\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_protocol_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_cipher_algorithm_t *p = gnutls_cipher_list();
+
+ printf("\n@heading Ciphers\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_cipher_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_mac_algorithm_t *p = gnutls_mac_list();
+
+ printf("\n@heading MAC algorithms\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_mac_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_kx_algorithm_t *p = gnutls_kx_list();
+
+ printf("\n@heading Key exchange methods\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_kx_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_pk_algorithm_t *p = gnutls_pk_list();
+
+ printf("\n@heading Public key algorithms\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_pk_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_sign_algorithm_t *p = gnutls_sign_list();
+
+ printf
+ ("\n@heading Public key signature algorithms\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n", gnutls_sign_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+ {
+ const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list();
+
+ printf("\n@heading Elliptic curves\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n",
+ gnutls_ecc_curve_get_name(*p));
+ }
+ printf("@end table\n");
+ }
+
+
+ {
+ const gnutls_compression_method_t *p =
+ gnutls_compression_list();
+
+ printf("\n@heading Compression methods\n@table @code\n");
+ for (; *p; p++) {
+ printf("@item %s\n",
+ gnutls_compression_get_name(*p));
+ }
+ printf("@end table\n");
+ }
}
static const char headers[] = "\\tablefirsthead{%\n"
- "\\hline\n"
- "Ciphersuite name & TLS ID & Since\\\\\n"
- "\\hline}\n"
+ "\\hline\n" "Ciphersuite name & TLS ID & Since\\\\\n" "\\hline}\n"
#if 0
- "\\tablehead{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
- "\\hline}\n"
- "\\tabletail{%\n"
- "\\hline\n"
- "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
- "\\hline}\n"
+ "\\tablehead{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n"
+ "\\hline}\n"
+ "\\tabletail{%\n"
+ "\\hline\n"
+ "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n"
+ "\\hline}\n"
#endif
- "\\tablelasttail{\\hline}\n"
- "\\bottomcaption{The ciphersuites table}\n\n";
+ "\\tablelasttail{\\hline}\n"
+ "\\bottomcaption{The ciphersuites table}\n\n";
static void main_latex(void)
{
-int i, j;
-const char* desc;
-const char* _name;
-
-puts( headers);
-
-printf("\\begin{supertabular}{|p{.64\\linewidth}|p{.12\\linewidth}|p{.09\\linewidth}|}\n");
-
- {
- size_t i;
- const char *name;
- char id[2];
- gnutls_kx_algorithm_t kx;
- gnutls_cipher_algorithm_t cipher;
- gnutls_mac_algorithm_t mac;
- gnutls_protocol_t version;
-
- for (i = 0; (name = gnutls_cipher_suite_info
- (i, id, &kx, &cipher, &mac, &version)); i++)
- {
- printf ("{\\small{%s}} & \\code{0x%02X 0x%02X} & %s",
- escape_string(name, buffer, sizeof(buffer)),
- (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- printf( "\\\\\n");
- }
- printf("\\end{supertabular}\n\n");
-
- }
-
-return;
+ int i, j;
+ const char *desc;
+ const char *_name;
+
+ puts(headers);
+
+ printf
+ ("\\begin{supertabular}{|p{.64\\linewidth}|p{.12\\linewidth}|p{.09\\linewidth}|}\n");
+
+ {
+ size_t i;
+ const char *name;
+ char id[2];
+ gnutls_kx_algorithm_t kx;
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_mac_algorithm_t mac;
+ gnutls_protocol_t version;
+
+ for (i = 0; (name = gnutls_cipher_suite_info
+ (i, id, &kx, &cipher, &mac, &version)); i++) {
+ printf
+ ("{\\small{%s}} & \\code{0x%02X 0x%02X} & %s",
+ escape_string(name, buffer, sizeof(buffer)),
+ (unsigned char) id[0], (unsigned char) id[1],
+ gnutls_protocol_get_name(version));
+ printf("\\\\\n");
+ }
+ printf("\\end{supertabular}\n\n");
+
+ }
+
+ return;
}