added DHE_RSA ciphersuites

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-10-08 18:38:04 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-10-08 18:38:04 +0000
commit: 44c0124aa768d83c93cb6242619047bc0877f716 (patch)
tree: b584e48b07eb3ca8027fccda3d7d0d0d601612cf /src
parent: 767e33eba3d47cff204d1141453b64cac6bc7f82 (diff)
download: gnutls-44c0124aa768d83c93cb6242619047bc0877f716.tar.gz
2 files changed, 29 insertions, 27 deletions
diff --git a/src/cli.c b/src/cli.c
index c2e1d8a7df..29176821ce 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -78,7 +78,8 @@ const gnutls_DN* dn;
 	if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) {
 		x509_info = gnutls_get_auth_info(state);
 		if (x509_info != NULL) {
-			switch( gnutls_x509pki_client_get_peer_certificate_status(x509_info)) {
+			CertificateStatus status = gnutls_x509pki_client_get_peer_certificate_status(x509_info);
+			switch( status) {
 			case GNUTLS_CERT_NOT_TRUSTED:
 				printf("- Peer's X509 Certificate was NOT verified\n");
 				break;
@@ -92,21 +93,21 @@ const gnutls_DN* dn;
 				printf("- Peer did not send any X509 Certificate.\n");
 				break;
 			case GNUTLS_CERT_INVALID:
-			default:
 				printf("- Peer's X509 Certificate was invalid\n");
 				break;
-
 			}
 
-			printf(" - Certificate info:\n");
-			printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info));
+			if (status!=GNUTLS_CERT_NONE && status!=GNUTLS_CERT_INVALID) {
+				printf(" - Certificate info:\n");
+				printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info));
 
-			dn = gnutls_x509pki_client_get_peer_dn( x509_info);
-			PRINT_DN( dn);
+				dn = gnutls_x509pki_client_get_peer_dn( x509_info);
+				PRINT_DN( dn);
 
-			dn = gnutls_x509pki_client_get_issuer_dn( x509_info);
-			printf(" - Certificate Issuer's info:\n");
-			PRINT_DN( dn);
+				dn = gnutls_x509pki_client_get_issuer_dn( x509_info);
+				printf(" - Certificate Issuer's info:\n");
+				PRINT_DN( dn);
+			}
 		}
 	}
 
@@ -218,7 +219,7 @@ int main(int argc, char** argv)
 	gnutls_set_protocol_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0);
 	gnutls_set_cipher_priority( state, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, 0);
 	gnutls_set_compression_priority( state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0);
-	gnutls_set_kx_priority( state, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0);
+	gnutls_set_kx_priority( state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0);
 	gnutls_set_mac_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0);
 
 	gnutls_set_cred( state, GNUTLS_ANON, NULL);
diff --git a/src/serv.c b/src/serv.c
index 5cddf87155..f7878e0737 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -87,8 +87,7 @@ GNUTLS_STATE initialize_state()
 	gnutls_set_cipher_priority(state, GNUTLS_NULL_CIPHER, 
 				   GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0);
 	gnutls_set_compression_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0);
-	gnutls_set_kx_priority(state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP,
-			       GNUTLS_KX_DH_ANON, 0);
+	gnutls_set_kx_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, 0);
 	gnutls_set_protocol_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0);
 	
 	gnutls_set_cred(state, GNUTLS_ANON, dh_cred);
@@ -151,7 +150,8 @@ void print_info(GNUTLS_STATE state)
 	if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) {
 		x509_info = gnutls_get_auth_info(state);
 		if (x509_info != NULL) {
-			switch( gnutls_x509pki_client_get_peer_certificate_status(x509_info)) {
+			CertificateStatus status = gnutls_x509pki_client_get_peer_certificate_status(x509_info);
+			switch( status) {
 			case GNUTLS_CERT_NOT_TRUSTED:
 				printf("- Peer's X509 Certificate was NOT verified\n");
 				break;
@@ -165,23 +165,24 @@ void print_info(GNUTLS_STATE state)
 				printf("- Peer did not send any certificate.\n");
 				break;
 			case GNUTLS_CERT_INVALID:
-			default:
 				printf("- Peer's X509 Certificate was invalid\n");
 				break;
 
 			}
-
-			printf(" - Certificate info:\n");
-			printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info));
-
-			dn = gnutls_x509pki_client_get_peer_dn( x509_info);
-			if (dn!=NULL)
-				PRINT_DN( dn);
-
-			dn = gnutls_x509pki_client_get_issuer_dn( x509_info);
-			if (dn!=NULL) {
-				printf(" - Certificate Issuer's info:\n");
-				PRINT_DN( dn);
+			
+			if (status!=GNUTLS_CERT_NONE && status!=GNUTLS_CERT_INVALID) {
+				printf(" - Certificate info:\n");
+				printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info));
+
+				dn = gnutls_x509pki_client_get_peer_dn( x509_info);
+				if (dn!=NULL)
+					PRINT_DN( dn);
+	
+				dn = gnutls_x509pki_client_get_issuer_dn( x509_info);
+				if (dn!=NULL) {
+					printf(" - Certificate Issuer's info:\n");
+					PRINT_DN( dn);
+				}
 			}
 		}
 	}
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-10-08 18:38:04 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-10-08 18:38:04 +0000
commit	44c0124aa768d83c93cb6242619047bc0877f716 (patch)
tree	b584e48b07eb3ca8027fccda3d7d0d0d601612cf /src
parent	767e33eba3d47cff204d1141453b64cac6bc7f82 (diff)
download	gnutls-44c0124aa768d83c93cb6242619047bc0877f716.tar.gz