diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-10-08 18:38:04 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-10-08 18:38:04 +0000 |
commit | 44c0124aa768d83c93cb6242619047bc0877f716 (patch) | |
tree | b584e48b07eb3ca8027fccda3d7d0d0d601612cf /src | |
parent | 767e33eba3d47cff204d1141453b64cac6bc7f82 (diff) | |
download | gnutls-44c0124aa768d83c93cb6242619047bc0877f716.tar.gz |
added DHE_RSA ciphersuites
Diffstat (limited to 'src')
-rw-r--r-- | src/cli.c | 23 | ||||
-rw-r--r-- | src/serv.c | 33 |
2 files changed, 29 insertions, 27 deletions
@@ -78,7 +78,8 @@ const gnutls_DN* dn; if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) { x509_info = gnutls_get_auth_info(state); if (x509_info != NULL) { - switch( gnutls_x509pki_client_get_peer_certificate_status(x509_info)) { + CertificateStatus status = gnutls_x509pki_client_get_peer_certificate_status(x509_info); + switch( status) { case GNUTLS_CERT_NOT_TRUSTED: printf("- Peer's X509 Certificate was NOT verified\n"); break; @@ -92,21 +93,21 @@ const gnutls_DN* dn; printf("- Peer did not send any X509 Certificate.\n"); break; case GNUTLS_CERT_INVALID: - default: printf("- Peer's X509 Certificate was invalid\n"); break; - } - printf(" - Certificate info:\n"); - printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info)); + if (status!=GNUTLS_CERT_NONE && status!=GNUTLS_CERT_INVALID) { + printf(" - Certificate info:\n"); + printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info)); - dn = gnutls_x509pki_client_get_peer_dn( x509_info); - PRINT_DN( dn); + dn = gnutls_x509pki_client_get_peer_dn( x509_info); + PRINT_DN( dn); - dn = gnutls_x509pki_client_get_issuer_dn( x509_info); - printf(" - Certificate Issuer's info:\n"); - PRINT_DN( dn); + dn = gnutls_x509pki_client_get_issuer_dn( x509_info); + printf(" - Certificate Issuer's info:\n"); + PRINT_DN( dn); + } } } @@ -218,7 +219,7 @@ int main(int argc, char** argv) gnutls_set_protocol_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); gnutls_set_cipher_priority( state, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, 0); gnutls_set_compression_priority( state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); - gnutls_set_kx_priority( state, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); + gnutls_set_kx_priority( state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); gnutls_set_mac_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); gnutls_set_cred( state, GNUTLS_ANON, NULL); diff --git a/src/serv.c b/src/serv.c index 5cddf87155..f7878e0737 100644 --- a/src/serv.c +++ b/src/serv.c @@ -87,8 +87,7 @@ GNUTLS_STATE initialize_state() gnutls_set_cipher_priority(state, GNUTLS_NULL_CIPHER, GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); gnutls_set_compression_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); - gnutls_set_kx_priority(state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, - GNUTLS_KX_DH_ANON, 0); + gnutls_set_kx_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, 0); gnutls_set_protocol_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); gnutls_set_cred(state, GNUTLS_ANON, dh_cred); @@ -151,7 +150,8 @@ void print_info(GNUTLS_STATE state) if (gnutls_get_auth_info_type(state) == GNUTLS_X509PKI) { x509_info = gnutls_get_auth_info(state); if (x509_info != NULL) { - switch( gnutls_x509pki_client_get_peer_certificate_status(x509_info)) { + CertificateStatus status = gnutls_x509pki_client_get_peer_certificate_status(x509_info); + switch( status) { case GNUTLS_CERT_NOT_TRUSTED: printf("- Peer's X509 Certificate was NOT verified\n"); break; @@ -165,23 +165,24 @@ void print_info(GNUTLS_STATE state) printf("- Peer did not send any certificate.\n"); break; case GNUTLS_CERT_INVALID: - default: printf("- Peer's X509 Certificate was invalid\n"); break; } - - printf(" - Certificate info:\n"); - printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info)); - - dn = gnutls_x509pki_client_get_peer_dn( x509_info); - if (dn!=NULL) - PRINT_DN( dn); - - dn = gnutls_x509pki_client_get_issuer_dn( x509_info); - if (dn!=NULL) { - printf(" - Certificate Issuer's info:\n"); - PRINT_DN( dn); + + if (status!=GNUTLS_CERT_NONE && status!=GNUTLS_CERT_INVALID) { + printf(" - Certificate info:\n"); + printf(" - Certificate version: #%d\n", gnutls_x509pki_client_get_peer_certificate_version(x509_info)); + + dn = gnutls_x509pki_client_get_peer_dn( x509_info); + if (dn!=NULL) + PRINT_DN( dn); + + dn = gnutls_x509pki_client_get_issuer_dn( x509_info); + if (dn!=NULL) { + printf(" - Certificate Issuer's info:\n"); + PRINT_DN( dn); + } } } } |