cli: support building with OCSP and ANON disabled

Support gnutls-cli when building GnuTLS with OCSP and ANON
authentication API disabled.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

3 files changed, 52 insertions, 13 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index 2677fbd221..94b701a512 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -82,16 +82,13 @@ else
 LIBOPTS = $(LIBOPTS_LDADD)
 endif
 
-bin_PROGRAMS = psktool gnutls-cli-debug certtool gnutls-serv
+bin_PROGRAMS = psktool gnutls-cli-debug certtool gnutls-serv gnutls-cli
 if ENABLE_SRP
 bin_PROGRAMS += srptool
 endif
 
 if ENABLE_OCSP
 bin_PROGRAMS += ocsptool
-if ENABLE_ANON
-bin_PROGRAMS += gnutls-cli
-endif
 endif
 
 if ENABLE_DANE
@@ -155,14 +152,14 @@ noinst_LTLIBRARIES += libcmd-serv.la
 libcmd_serv_la_SOURCES = serv-args.def
 nodist_libcmd_serv_la_SOURCES = serv-args.c serv-args.h
 
-if ENABLE_OCSP
-if ENABLE_ANON
-
 BENCHMARK_SRCS = benchmark-cipher.c benchmark.c benchmark.h benchmark-tls.c
 
 gnutls_cli_SOURCES = cli.c common.h common.c \
-	socket.c socket.h ocsptool-common.c inline_cmds.h \
+	socket.c socket.h inline_cmds.h \
 	$(BENCHMARK_SRCS)
+if ENABLE_OCSP
+gnutls_cli_SOURCES += ocsptool-common.c
+endif
 gnutls_cli_LDADD = ../lib/libgnutls.la -lm
 if ENABLE_DANE
 gnutls_cli_LDADD += ../libdane/libgnutls-dane.la
@@ -173,8 +170,6 @@ gnutls_cli_LDADD += $(LIBSOCKET) $(GETADDRINFO_LIB) $(LIB_CLOCK_GETTIME) \
 noinst_LTLIBRARIES += libcmd-cli.la
 libcmd_cli_la_SOURCES = cli-args.def
 nodist_libcmd_cli_la_SOURCES = cli-args.c cli-args.h
-endif
-endif
 
 gnutls_cli_debug_SOURCES = cli-debug.c tests.h tests.c \
 		socket.c socket.h common.h common.c
diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c
index 14a3d190cc..c9564e049f 100644
--- a/src/benchmark-tls.c
+++ b/src/benchmark-tls.c
@@ -292,7 +292,9 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 	const char *name;
 
 	/* Init server */
+#ifdef ENABLE_ANON
 	gnutls_anon_allocate_server_credentials(&s_anoncred);
+#endif
 	gnutls_certificate_allocate_credentials(&s_certcred);
 
 	gnutls_certificate_set_x509_key_mem(s_certcred, &server_cert,
@@ -313,7 +315,9 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 		fprintf(stderr, "Error in %s\n", str);
 		exit(1);
 	}
+#ifdef ENABLE_ANON
 	gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
+#endif
 	gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_certcred);
 	gnutls_transport_set_push_function(server, server_push);
 	gnutls_transport_set_pull_function(server, server_pull);
@@ -321,7 +325,9 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 	reset_buffers();
 
 	/* Init client */
+#ifdef ENABLE_ANON
 	gnutls_anon_allocate_client_credentials(&c_anoncred);
+#endif
 	gnutls_certificate_allocate_credentials(&c_certcred);
 	gnutls_init(&client, GNUTLS_CLIENT);
 
@@ -330,7 +336,9 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 		fprintf(stderr, "Error in %s\n", str);
 		exit(1);
 	}
+#ifdef ENABLE_ANON
 	gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
+#endif
 	gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_certcred);
 	gnutls_transport_set_push_function(client, client_push);
 	gnutls_transport_set_pull_function(client, client_pull);
@@ -386,8 +394,10 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 	gnutls_deinit(client);
 	gnutls_deinit(server);
 
+#ifdef ENABLE_ANON
 	gnutls_anon_free_client_credentials(c_anoncred);
 	gnutls_anon_free_server_credentials(s_anoncred);
+#endif
 }
 
 static
@@ -448,7 +458,9 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 
 	/* Init server */
 	gnutls_certificate_allocate_credentials(&s_certcred);
+#ifdef ENABLE_ANON
 	gnutls_anon_allocate_server_credentials(&s_anoncred);
+#endif
 
 	ret = 0;
 	if (pk == GNUTLS_PK_RSA_PSS)
@@ -485,7 +497,9 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 	}
 
 	/* Init client */
+#ifdef ENABLE_ANON
 	gnutls_anon_allocate_client_credentials(&c_anoncred);
+#endif
 	gnutls_certificate_allocate_credentials(&c_certcred);
 
 	start_benchmark(&st);
@@ -505,8 +519,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 			fprintf(stderr, "Error in setting priority: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
+#ifdef ENABLE_ANON
 		gnutls_credentials_set(server, GNUTLS_CRD_ANON,
 				       s_anoncred);
+#endif
 		gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
 				       s_certcred);
 		gnutls_transport_set_push_function(server, server_push);
@@ -523,8 +539,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 			fprintf(stderr, "Error in setting priority: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
+#ifdef ENABLE_ANON
 		gnutls_credentials_set(client, GNUTLS_CRD_ANON,
 				       c_anoncred);
+#endif
 		gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
 				       c_certcred);
 
@@ -580,8 +598,10 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 	printf(" - avg. handshake time: %.2f %s\n - standard deviation: %.2f %s\n\n",
 	       avg, scale, sqrt(svar), scale);
 
+#ifdef ENABLE_ANON
 	gnutls_anon_free_client_credentials(c_anoncred);
 	gnutls_anon_free_server_credentials(s_anoncred);
+#endif
 }
 
 void benchmark_tls(int debug_level, int ciphers)
diff --git a/src/cli.c b/src/cli.c
index 4f4a26c89f..26b6f74099 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -389,6 +389,11 @@ static int cert_verify_callback(gnutls_session_t session)
 		try_save_cert(session);
 	}
 
+#ifndef ENABLE_OCSP
+	if (HAVE_OPT(SAVE_OCSP) || HAVE_OPT(OCSP)) {
+		fprintf(stderr, "OCSP is not supported!\n");
+	}
+#else
 	rc = gnutls_ocsp_status_request_get(session, &oresp);
 	if (rc < 0) {
 		oresp.data = NULL;
@@ -403,6 +408,7 @@ static int cert_verify_callback(gnutls_session_t session)
 			fclose(fp);
 		}
 	}
+#endif
 
 	print_cert_info(session, verbose, print_cert);
 
@@ -413,7 +419,9 @@ static int cert_verify_callback(gnutls_session_t session)
 			    (stdout, "*** PKI verification of server certificate failed...\n");
 			if (!insecure && !ssh)
 				return -1;
-		} else if (ENABLED_OPT(OCSP) && gnutls_ocsp_status_request_is_checked(session, 0) == 0) {	/* off-line verification succeeded. Try OCSP */
+		}
+#ifdef ENABLE_OCSP
+		else if (ENABLED_OPT(OCSP) && gnutls_ocsp_status_request_is_checked(session, 0) == 0) {	/* off-line verification succeeded. Try OCSP */
 			rc = cert_verify_ocsp(session);
 			if (rc == -1) {
 				log_msg
@@ -425,6 +433,7 @@ static int cert_verify_callback(gnutls_session_t session)
 			else
 				log_msg(stdout, "*** OCSP: verified %d certificate(s).\n", rc);
 		}
+#endif
 	}
 
 	if (dane) {		/* try DANE auth */
@@ -677,10 +686,21 @@ gnutls_session_t init_tls_session(const char *host)
 					       host, strlen(host));
 	}
 
-	if (HAVE_OPT(DH_BITS))
+	if (HAVE_OPT(DH_BITS)) {
+#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
 		gnutls_dh_set_prime_bits(session, OPT_VALUE_DH_BITS);
+#else
+		fprintf(stderr, "Setting DH parameters is not supported\n");
+		exit(1);
+#endif
+	}
+
 
 	if (HAVE_OPT(ALPN)) {
+#ifndef ENABLE_ALPN
+		fprintf(stderr, "ALPN is not supported\n");
+		exit(1);
+#else
 		unsigned proto_n = STACKCT_OPT(ALPN);
 		char **protos = (void *) STACKLST_OPT(ALPN);
 
@@ -696,6 +716,7 @@ gnutls_session_t init_tls_session(const char *host)
 			p[i].size = strlen(protos[i]);
 		}
 		gnutls_alpn_set_protocols(session, p, proto_n, 0);
+#endif
 	}
 
 	gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred);
@@ -1135,6 +1156,7 @@ int do_inline_command_processing(char *buffer_ptr, size_t curr_bytes,
 static void
 print_other_info(gnutls_session_t session)
 {
+#ifdef ENABLE_OCSP
 	int ret;
 	gnutls_datum_t oresp;
 
@@ -1175,7 +1197,7 @@ print_other_info(gnutls_session_t session)
 			gnutls_free(p.data);
 		}
 	}
-
+#endif
 }
 
 int main(int argc, char **argv)
@@ -1961,6 +1983,7 @@ static void init_global_tls_stuff(void)
  * -1: certificate chain could not be checked fully
  * >=0: number of certificates verified ok
  */
+#ifdef ENABLE_OCSP
 static int cert_verify_ocsp(gnutls_session_t session)
 {
 	gnutls_x509_crt_t cert, issuer;
@@ -2057,3 +2080,4 @@ cleanup:
 		return -1;
 	return ok >= 1 ? (int) ok : -1;
 }
+#endif