diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-05 10:13:37 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-05 10:13:37 +0000 |
commit | 4663c744ad5a10c77d1b0eab865ec6cee60ac675 (patch) | |
tree | 89ba95d971a766359df10688b8911b86ef310d44 /lib | |
parent | a9153107a4c890199ee1672a7397ea3615d77516 (diff) | |
download | gnutls-4663c744ad5a10c77d1b0eab865ec6cee60ac675.tar.gz |
cleanups in certificate copying
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Makefile.am | 2 | ||||
-rw-r--r-- | lib/auth_rsa.c | 32 | ||||
-rw-r--r-- | lib/auth_x509.c | 51 | ||||
-rw-r--r-- | lib/auth_x509.h | 3 | ||||
-rw-r--r-- | lib/gnutls.h.in | 3 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 1 | ||||
-rw-r--r-- | lib/gnutls_cert.h | 1 |
7 files changed, 68 insertions, 25 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index d8f18797fc..429107ae2a 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -30,7 +30,7 @@ libgnutls_la_SOURCES = gnutls_record.c gnutls_compress.c debug.c \ gnutls_gcry.c ext_dnsname.c gnutls_pk.c gnutls_cert.c x509_verify.c\ gnutls_global.c gnutls_privkey.c gnutls_constate.c gnutls_anon_cred.c \ gnutls_sig_check.c pkix_asn1_tab.c pkcs1_asn1_tab.c gnutls_mem.c \ - x509_extensions.c + x509_extensions.c auth_x509.c libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index dd12b4f8e5..87b3f2bbc3 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -347,6 +347,7 @@ int proc_rsa_client_kx(GNUTLS_KEY key, opaque * data, int data_size) return 0; } + int proc_rsa_certificate(GNUTLS_KEY key, opaque * data, int data_size) { int size, len, ret; @@ -358,7 +359,8 @@ int proc_rsa_certificate(GNUTLS_KEY key, opaque * data, int data_size) gnutls_cert* peer_certificate_list; int peer_certificate_list_size = 0; gnutls_datum tmp; - + CertificateStatus verify; + cred = _gnutls_get_cred(key, GNUTLS_X509PKI, NULL); if (cred == NULL) { gnutls_assert(); @@ -444,30 +446,14 @@ int proc_rsa_certificate(GNUTLS_KEY key, opaque * data, int data_size) gnutls_free( peer_certificate_list); return ret; } - - /* Copy peer's information to AUTH_INFO - */ - memcpy( &info->peer_dn, &peer_certificate_list[0].cert_info, sizeof(gnutls_DN)); - memcpy( &info->issuer_dn, &peer_certificate_list[0].issuer_info, sizeof(gnutls_DN)); - - /* FIXME: Verify certificate - */ - ret = GNUTLS_CERT_NOT_TRUSTED; - - ret = gnutls_verify_certificate( peer_certificate_list, peer_certificate_list_size, - cred->ca_list, cred->ncas, NULL, 0); - info->peer_certificate_status = ret; - info->peer_certificate_version = peer_certificate_list[0].version; - - if ( peer_certificate_list[0].subjectAltName[0]!=0) - strcpy( info->subjectAltName, peer_certificate_list[0].subjectAltName); - - info->keyUsage = peer_certificate_list[0].keyUsage; - - info->peer_certificate_expiration_time = peer_certificate_list[0].expiration_time; - info->peer_certificate_activation_time = peer_certificate_list[0].activation_time; + /* Verify certificate + */ + verify = gnutls_verify_certificate( peer_certificate_list, peer_certificate_list_size, + cred->ca_list, cred->ncas, NULL, 0); + + _gnutls_copy_x509_client_auth_info( info, &peer_certificate_list[0], verify); gnutls_free( peer_certificate_list); diff --git a/lib/auth_x509.c b/lib/auth_x509.c new file mode 100644 index 0000000000..b2b0f56d90 --- /dev/null +++ b/lib/auth_x509.c @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2001 Nikos Mavroyanopoulos + * + * This file is part of GNUTLS. + * + * GNUTLS is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include <gnutls_int.h> +#include <gnutls_cert.h> +#include <auth_x509.h> + + +/* Copies data from a internal certificate struct (gnutls_cert) to + * exported certificate struct (X509PKI_CLIENT_AUTH_INFO) + */ +void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_cert* cert, CertificateStatus verify) { + /* Copy peer's information to AUTH_INFO + */ + memcpy( &info->peer_dn, &cert->cert_info, sizeof(gnutls_DN)); + memcpy( &info->issuer_dn, &cert->issuer_info, sizeof(gnutls_DN)); + + + info->peer_certificate_status = verify; + + info->peer_certificate_version = cert->version; + + if ( cert->subjectAltName[0]!=0) + strcpy( info->subjectAltName, cert->subjectAltName); + + info->CA = cert->CA; + + info->keyUsage = cert->keyUsage; + + info->peer_certificate_expiration_time = cert->expiration_time; + info->peer_certificate_activation_time = cert->activation_time; + + return; +} diff --git a/lib/auth_x509.h b/lib/auth_x509.h index cb38e220af..4a9af88238 100644 --- a/lib/auth_x509.h +++ b/lib/auth_x509.h @@ -42,9 +42,10 @@ typedef struct { time_t peer_certificate_expiration_time; char subjectAltName[X509_CN_SIZE]; unsigned char keyUsage; + int CA; } X509PKI_CLIENT_AUTH_INFO; - +void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_cert* cert, CertificateStatus verify); #endif diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in index 7e80d40113..7fa9a8c0de 100644 --- a/lib/gnutls.h.in +++ b/lib/gnutls.h.in @@ -224,6 +224,9 @@ typedef struct { char subjectAltName[X509_CN_SIZE]; /* this only contains dnsName if present, * nothing else */ + int CA; /* 1 if the certificate belongs + * to a CA. 0 otherwise. + */ unsigned char keyUsage; /* 8 bits */ } X509PKI_CLIENT_AUTH_INFO; diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 43912d5caa..8a66fb4528 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -844,3 +844,4 @@ gnutls_cert *_gnutls_find_cert(gnutls_cert ** cert_list, } return cert; } + diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index d3a30b0ef8..b50c23fcf6 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -73,4 +73,5 @@ gnutls_cert* _gnutls_find_cert( gnutls_cert** cert_list, int cert_list_length, c #define MAX_INT_DIGITS 4 void _gnutls_int2str(int k, char* data); + #endif |