cleanups in certificate copying

7 files changed, 68 insertions, 25 deletions

diff --git a/lib/Makefile.am b/lib/Makefile.am
index d8f18797fc..429107ae2a 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -30,7 +30,7 @@ libgnutls_la_SOURCES = gnutls_record.c gnutls_compress.c debug.c \
 	gnutls_gcry.c ext_dnsname.c gnutls_pk.c gnutls_cert.c x509_verify.c\
 	gnutls_global.c gnutls_privkey.c gnutls_constate.c gnutls_anon_cred.c \
 	gnutls_sig_check.c pkix_asn1_tab.c pkcs1_asn1_tab.c gnutls_mem.c \
-	x509_extensions.c
+	x509_extensions.c auth_x509.c
 
 libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
 
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index dd12b4f8e5..87b3f2bbc3 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -347,6 +347,7 @@ int proc_rsa_client_kx(GNUTLS_KEY key, opaque * data, int data_size)
 	return 0;
 }
 
+
 int proc_rsa_certificate(GNUTLS_KEY key, opaque * data, int data_size)
 {
 	int size, len, ret;
@@ -358,7 +359,8 @@ int proc_rsa_certificate(GNUTLS_KEY key, opaque * data, int data_size)
 	gnutls_cert* peer_certificate_list;
 	int peer_certificate_list_size = 0;
 	gnutls_datum tmp;
-
+	CertificateStatus verify;
+	
 	cred = _gnutls_get_cred(key, GNUTLS_X509PKI, NULL);
 	if (cred == NULL) {
 		gnutls_assert();
@@ -444,30 +446,14 @@ int proc_rsa_certificate(GNUTLS_KEY key, opaque * data, int data_size)
 		gnutls_free( peer_certificate_list);
 		return ret;
 	}
- 
- /* Copy peer's information to AUTH_INFO
-  */
-  	memcpy( &info->peer_dn, &peer_certificate_list[0].cert_info, sizeof(gnutls_DN));
-  	memcpy( &info->issuer_dn, &peer_certificate_list[0].issuer_info, sizeof(gnutls_DN));
-  	
-	/* FIXME: Verify certificate 
-	 */
-	ret = GNUTLS_CERT_NOT_TRUSTED;
-
-	ret = gnutls_verify_certificate( peer_certificate_list, peer_certificate_list_size, 
-		cred->ca_list, cred->ncas, NULL, 0);
 
-	info->peer_certificate_status = ret;
 
-	info->peer_certificate_version = peer_certificate_list[0].version;
-	
-	if ( peer_certificate_list[0].subjectAltName[0]!=0)
-	strcpy( info->subjectAltName, peer_certificate_list[0].subjectAltName);
-
-	info->keyUsage = peer_certificate_list[0].keyUsage;
-
-	info->peer_certificate_expiration_time = peer_certificate_list[0].expiration_time;
-	info->peer_certificate_activation_time = peer_certificate_list[0].activation_time;
+	/* Verify certificate 
+	 */
+	verify = gnutls_verify_certificate( peer_certificate_list, peer_certificate_list_size, 
+		cred->ca_list, cred->ncas, NULL, 0);
+ 
+        _gnutls_copy_x509_client_auth_info( info, &peer_certificate_list[0], verify);
 
 
 	gnutls_free( peer_certificate_list);
diff --git a/lib/auth_x509.c b/lib/auth_x509.c
new file mode 100644
index 0000000000..b2b0f56d90
--- /dev/null
+++ b/lib/auth_x509.c
@@ -0,0 +1,51 @@
+/*
+ *      Copyright (C) 2001 Nikos Mavroyanopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_cert.h>
+#include <auth_x509.h>
+
+
+/* Copies data from a internal certificate struct (gnutls_cert) to 
+ * exported certificate struct (X509PKI_CLIENT_AUTH_INFO)
+ */
+void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_cert* cert, CertificateStatus verify) {
+ /* Copy peer's information to AUTH_INFO
+  */
+  	memcpy( &info->peer_dn, &cert->cert_info, sizeof(gnutls_DN));
+  	memcpy( &info->issuer_dn, &cert->issuer_info, sizeof(gnutls_DN));
+  	
+
+	info->peer_certificate_status = verify;
+
+	info->peer_certificate_version = cert->version;
+	
+	if ( cert->subjectAltName[0]!=0)
+		strcpy( info->subjectAltName, cert->subjectAltName);
+
+	info->CA = cert->CA;
+
+	info->keyUsage = cert->keyUsage;
+
+	info->peer_certificate_expiration_time = cert->expiration_time;
+	info->peer_certificate_activation_time = cert->activation_time;
+
+	return;
+}
diff --git a/lib/auth_x509.h b/lib/auth_x509.h
index cb38e220af..4a9af88238 100644
--- a/lib/auth_x509.h
+++ b/lib/auth_x509.h
@@ -42,9 +42,10 @@ typedef struct {
 	time_t		  peer_certificate_expiration_time;
 	char		  subjectAltName[X509_CN_SIZE];
 	unsigned char	  keyUsage;
+        int               CA;
 } X509PKI_CLIENT_AUTH_INFO;
 
-
+void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_cert* cert, CertificateStatus verify);
 
 #endif
 
diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in
index 7e80d40113..7fa9a8c0de 100644
--- a/lib/gnutls.h.in
+++ b/lib/gnutls.h.in
@@ -224,6 +224,9 @@ typedef struct {
         char              subjectAltName[X509_CN_SIZE]; /* this only contains dnsName if present,
                                                          * nothing else 
                                                          */
+	int		  CA;       /* 1 if the certificate belongs
+                                     * to a CA. 0 otherwise.
+                                     */
 	unsigned char	  keyUsage; /* 8 bits */
 } X509PKI_CLIENT_AUTH_INFO;
 
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 43912d5caa..8a66fb4528 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -844,3 +844,4 @@ gnutls_cert *_gnutls_find_cert(gnutls_cert ** cert_list,
 	}
 	return cert;
 }
+
diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h
index d3a30b0ef8..b50c23fcf6 100644
--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -73,4 +73,5 @@ gnutls_cert* _gnutls_find_cert( gnutls_cert** cert_list, int cert_list_length, c
 #define MAX_INT_DIGITS 4
 void _gnutls_int2str(int k, char* data);
 
+
 #endif