diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-12-29 12:49:16 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-12-29 14:08:48 +0300 |
commit | 99f4ce1ec5e88a13a115547252c4395426f59cb6 (patch) | |
tree | 0b090dde63e4ac2023fd94d5c078086059c1c2cd /src | |
parent | e15d2a793bc864f2e56e8fabf8c4d6d02a7f3b00 (diff) | |
download | gnutls-99f4ce1ec5e88a13a115547252c4395426f59cb6.tar.gz |
cli: support building with OCSP and ANON disabled
Support gnutls-cli when building GnuTLS with OCSP and ANON
authentication API disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile.am | 15 | ||||
-rw-r--r-- | src/benchmark-tls.c | 20 | ||||
-rw-r--r-- | src/cli.c | 30 |
3 files changed, 52 insertions, 13 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 2677fbd221..94b701a512 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -82,16 +82,13 @@ else LIBOPTS = $(LIBOPTS_LDADD) endif -bin_PROGRAMS = psktool gnutls-cli-debug certtool gnutls-serv +bin_PROGRAMS = psktool gnutls-cli-debug certtool gnutls-serv gnutls-cli if ENABLE_SRP bin_PROGRAMS += srptool endif if ENABLE_OCSP bin_PROGRAMS += ocsptool -if ENABLE_ANON -bin_PROGRAMS += gnutls-cli -endif endif if ENABLE_DANE @@ -155,14 +152,14 @@ noinst_LTLIBRARIES += libcmd-serv.la libcmd_serv_la_SOURCES = serv-args.def nodist_libcmd_serv_la_SOURCES = serv-args.c serv-args.h -if ENABLE_OCSP -if ENABLE_ANON - BENCHMARK_SRCS = benchmark-cipher.c benchmark.c benchmark.h benchmark-tls.c gnutls_cli_SOURCES = cli.c common.h common.c \ - socket.c socket.h ocsptool-common.c inline_cmds.h \ + socket.c socket.h inline_cmds.h \ $(BENCHMARK_SRCS) +if ENABLE_OCSP +gnutls_cli_SOURCES += ocsptool-common.c +endif gnutls_cli_LDADD = ../lib/libgnutls.la -lm if ENABLE_DANE gnutls_cli_LDADD += ../libdane/libgnutls-dane.la @@ -173,8 +170,6 @@ gnutls_cli_LDADD += $(LIBSOCKET) $(GETADDRINFO_LIB) $(LIB_CLOCK_GETTIME) \ noinst_LTLIBRARIES += libcmd-cli.la libcmd_cli_la_SOURCES = cli-args.def nodist_libcmd_cli_la_SOURCES = cli-args.c cli-args.h -endif -endif gnutls_cli_debug_SOURCES = cli-debug.c tests.h tests.c \ socket.c socket.h common.h common.c diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c index 14a3d190cc..c9564e049f 100644 --- a/src/benchmark-tls.c +++ b/src/benchmark-tls.c @@ -292,7 +292,9 @@ static void test_ciphersuite(const char *cipher_prio, int size) const char *name; /* Init server */ +#ifdef ENABLE_ANON gnutls_anon_allocate_server_credentials(&s_anoncred); +#endif gnutls_certificate_allocate_credentials(&s_certcred); gnutls_certificate_set_x509_key_mem(s_certcred, &server_cert, @@ -313,7 +315,9 @@ static void test_ciphersuite(const char *cipher_prio, int size) fprintf(stderr, "Error in %s\n", str); exit(1); } +#ifdef ENABLE_ANON gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); +#endif gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_certcred); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); @@ -321,7 +325,9 @@ static void test_ciphersuite(const char *cipher_prio, int size) reset_buffers(); /* Init client */ +#ifdef ENABLE_ANON gnutls_anon_allocate_client_credentials(&c_anoncred); +#endif gnutls_certificate_allocate_credentials(&c_certcred); gnutls_init(&client, GNUTLS_CLIENT); @@ -330,7 +336,9 @@ static void test_ciphersuite(const char *cipher_prio, int size) fprintf(stderr, "Error in %s\n", str); exit(1); } +#ifdef ENABLE_ANON gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); +#endif gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_certcred); gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); @@ -386,8 +394,10 @@ static void test_ciphersuite(const char *cipher_prio, int size) gnutls_deinit(client); gnutls_deinit(server); +#ifdef ENABLE_ANON gnutls_anon_free_client_credentials(c_anoncred); gnutls_anon_free_server_credentials(s_anoncred); +#endif } static @@ -448,7 +458,9 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) /* Init server */ gnutls_certificate_allocate_credentials(&s_certcred); +#ifdef ENABLE_ANON gnutls_anon_allocate_server_credentials(&s_anoncred); +#endif ret = 0; if (pk == GNUTLS_PK_RSA_PSS) @@ -485,7 +497,9 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) } /* Init client */ +#ifdef ENABLE_ANON gnutls_anon_allocate_client_credentials(&c_anoncred); +#endif gnutls_certificate_allocate_credentials(&c_certcred); start_benchmark(&st); @@ -505,8 +519,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) fprintf(stderr, "Error in setting priority: %s\n", gnutls_strerror(ret)); exit(1); } +#ifdef ENABLE_ANON gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); +#endif gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_certcred); gnutls_transport_set_push_function(server, server_push); @@ -523,8 +539,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) fprintf(stderr, "Error in setting priority: %s\n", gnutls_strerror(ret)); exit(1); } +#ifdef ENABLE_ANON gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); +#endif gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_certcred); @@ -580,8 +598,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk) printf(" - avg. handshake time: %.2f %s\n - standard deviation: %.2f %s\n\n", avg, scale, sqrt(svar), scale); +#ifdef ENABLE_ANON gnutls_anon_free_client_credentials(c_anoncred); gnutls_anon_free_server_credentials(s_anoncred); +#endif } void benchmark_tls(int debug_level, int ciphers) @@ -389,6 +389,11 @@ static int cert_verify_callback(gnutls_session_t session) try_save_cert(session); } +#ifndef ENABLE_OCSP + if (HAVE_OPT(SAVE_OCSP) || HAVE_OPT(OCSP)) { + fprintf(stderr, "OCSP is not supported!\n"); + } +#else rc = gnutls_ocsp_status_request_get(session, &oresp); if (rc < 0) { oresp.data = NULL; @@ -403,6 +408,7 @@ static int cert_verify_callback(gnutls_session_t session) fclose(fp); } } +#endif print_cert_info(session, verbose, print_cert); @@ -413,7 +419,9 @@ static int cert_verify_callback(gnutls_session_t session) (stdout, "*** PKI verification of server certificate failed...\n"); if (!insecure && !ssh) return -1; - } else if (ENABLED_OPT(OCSP) && gnutls_ocsp_status_request_is_checked(session, 0) == 0) { /* off-line verification succeeded. Try OCSP */ + } +#ifdef ENABLE_OCSP + else if (ENABLED_OPT(OCSP) && gnutls_ocsp_status_request_is_checked(session, 0) == 0) { /* off-line verification succeeded. Try OCSP */ rc = cert_verify_ocsp(session); if (rc == -1) { log_msg @@ -425,6 +433,7 @@ static int cert_verify_callback(gnutls_session_t session) else log_msg(stdout, "*** OCSP: verified %d certificate(s).\n", rc); } +#endif } if (dane) { /* try DANE auth */ @@ -677,10 +686,21 @@ gnutls_session_t init_tls_session(const char *host) host, strlen(host)); } - if (HAVE_OPT(DH_BITS)) + if (HAVE_OPT(DH_BITS)) { +#if defined(ENABLE_DHE) || defined(ENABLE_ANON) gnutls_dh_set_prime_bits(session, OPT_VALUE_DH_BITS); +#else + fprintf(stderr, "Setting DH parameters is not supported\n"); + exit(1); +#endif + } + if (HAVE_OPT(ALPN)) { +#ifndef ENABLE_ALPN + fprintf(stderr, "ALPN is not supported\n"); + exit(1); +#else unsigned proto_n = STACKCT_OPT(ALPN); char **protos = (void *) STACKLST_OPT(ALPN); @@ -696,6 +716,7 @@ gnutls_session_t init_tls_session(const char *host) p[i].size = strlen(protos[i]); } gnutls_alpn_set_protocols(session, p, proto_n, 0); +#endif } gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred); @@ -1135,6 +1156,7 @@ int do_inline_command_processing(char *buffer_ptr, size_t curr_bytes, static void print_other_info(gnutls_session_t session) { +#ifdef ENABLE_OCSP int ret; gnutls_datum_t oresp; @@ -1175,7 +1197,7 @@ print_other_info(gnutls_session_t session) gnutls_free(p.data); } } - +#endif } int main(int argc, char **argv) @@ -1961,6 +1983,7 @@ static void init_global_tls_stuff(void) * -1: certificate chain could not be checked fully * >=0: number of certificates verified ok */ +#ifdef ENABLE_OCSP static int cert_verify_ocsp(gnutls_session_t session) { gnutls_x509_crt_t cert, issuer; @@ -2057,3 +2080,4 @@ cleanup: return -1; return ok >= 1 ? (int) ok : -1; } +#endif |