diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-07 13:34:50 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-07 13:34:50 +0000 |
commit | 7aaa6349add1a1de05d8f8a3a8e01fce35b3f118 (patch) | |
tree | 1a9292b379dff2f7408c070ad4f85ca62b882979 /src | |
parent | ac2a96f653a8f83bca32307aa818a7cf7097e95a (diff) | |
download | gnutls-7aaa6349add1a1de05d8f8a3a8e01fce35b3f118.tar.gz |
server side client authentication worksgnutls_0_2_0
Diffstat (limited to 'src')
-rw-r--r-- | src/cli.c | 18 | ||||
-rw-r--r-- | src/serv.c | 46 |
2 files changed, 54 insertions, 10 deletions
@@ -85,17 +85,17 @@ const gnutls_DN* dn; break; } - } - printf(" - Certificate info:\n"); - printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info)); + printf(" - Certificate info:\n"); + printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info)); - dn = gnutls_x509pki_client_get_peer_dn( x509_info); - PRINT_DN( dn); + dn = gnutls_x509pki_client_get_peer_dn( x509_info); + PRINT_DN( dn); - dn = gnutls_x509pki_client_get_issuer_dn( x509_info); - printf(" - Certificate Issuer's info:\n"); - PRINT_DN( dn); + dn = gnutls_x509pki_client_get_issuer_dn( x509_info); + printf(" - Certificate Issuer's info:\n"); + PRINT_DN( dn); + } } tmp = gnutls_version_get_name(gnutls_get_current_version(state)); @@ -146,7 +146,7 @@ int main(int argc, char** argv) /* X509 stuff */ - if (gnutls_allocate_x509_client_sc( &xcred, 1) < 0) { + if (gnutls_allocate_x509_client_sc( &xcred, 1) < 0) { /* space for 1 certificate */ fprintf(stderr, "memory error\n"); exit(1); } diff --git a/src/serv.c b/src/serv.c index ab95803352..721cc7c7b9 100644 --- a/src/serv.c +++ b/src/serv.c @@ -105,18 +105,29 @@ GNUTLS_STATE initialize_state() gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); - gnutls_set_certificate_request( state, GNUTLS_CERT_REQUIRE); + gnutls_set_certificate_request( state, GNUTLS_CERT_REQUEST); return state; } +#define PRINTX(x,y) if (y[0]!=0) printf(" - %s %s\n", x, y) +#define PRINT_DN(X) PRINTX( "CN:", X->common_name); \ + PRINTX( "OU:", X->organizational_unit_name); \ + PRINTX( "O:", X->organization); \ + PRINTX( "L:", X->locality_name); \ + PRINTX( "S:", X->state_or_province_name); \ + PRINTX( "C:", X->country); \ + PRINTX( "SAN:", gnutls_x509pki_client_get_subject_alt_name(x509_info)) + void print_info(GNUTLS_STATE state) { SRP_SERVER_AUTH_INFO srp_info; ANON_SERVER_AUTH_INFO dh_info; + X509PKI_SERVER_AUTH_INFO x509_info; const char *tmp; unsigned char sesid[32]; int sesid_size, i; + const gnutls_DN* dn; /* print session_id specific data */ gnutls_get_current_session_id( state, sesid, &sesid_size); @@ -144,6 +155,39 @@ void print_info(GNUTLS_STATE state) gnutls_anon_server_get_dh_bits(dh_info)); } + if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) { + x509_info = gnutls_get_auth_info(state); + if (x509_info != NULL) { + switch( gnutls_x509pki_client_get_peer_certificate_status(x509_info)) { + case GNUTLS_CERT_NOT_TRUSTED: + printf("- Peer's X509 Certificate was NOT verified\n"); + break; + case GNUTLS_CERT_EXPIRED: + printf("- Peer's X509 Certificate was verified but is expired\n"); + break; + case GNUTLS_CERT_TRUSTED: + printf("- Peer's X509 Certificate was verified\n"); + break; + case GNUTLS_CERT_INVALID: + default: + printf("- Peer's X509 Certificate was invalid\n"); + break; + + } + + printf(" - Certificate info:\n"); + printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info)); + + dn = gnutls_x509pki_client_get_peer_dn( x509_info); + PRINT_DN( dn); + + dn = gnutls_x509pki_client_get_issuer_dn( x509_info); + printf(" - Certificate Issuer's info:\n"); + PRINT_DN( dn); + } + } + + /* print state information */ tmp = gnutls_version_get_name(gnutls_get_current_version(state)); |