diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-04 17:34:23 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-04 17:34:23 +0100 |
commit | 3a7536e2e12597b4e2831dd07f5dfba94a747aa9 (patch) | |
tree | 37e55df4d0facb07577553cf827f71a32f98147e /src | |
parent | 1fb6dfb37e249fcbfb3807aaa32db88e2d570502 (diff) | |
download | gnutls-3a7536e2e12597b4e2831dd07f5dfba94a747aa9.tar.gz |
verify all possible entries
Diffstat (limited to 'src')
-rw-r--r-- | src/danetool.c | 82 |
1 files changed, 41 insertions, 41 deletions
diff --git a/src/danetool.c b/src/danetool.c index edb52ce92e..1cf92ff924 100644 --- a/src/danetool.c +++ b/src/danetool.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2003-2012 Free Software Foundation, Inc. + * Copyright (C) 2012 Free Software Foundation, Inc. * * This file is part of GnuTLS. * @@ -220,55 +220,55 @@ size_t size; printf("Contents: %s\n", dane_match_type_name(match)); printf("Data: %s\n", buffer); - } - - /* Verify the DANE data */ - if (cinfo->cert) - { - gnutls_x509_crt_t *clist; - unsigned int clist_size, status; - - ret = gnutls_load_file(cinfo->cert, &file); - if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_load_file: %s", gnutls_strerror (ret)); - - ret = gnutls_x509_crt_list_import2( &clist, &clist_size, &file, cinfo->incert_format, 0); - if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_import2: %s", gnutls_strerror (ret)); - - if (clist_size > 0) + /* Verify the DANE data */ + if (cinfo->cert) { - gnutls_datum_t certs[clist_size]; - gnutls_datum_t out; - unsigned int i; + gnutls_x509_crt_t *clist; + unsigned int clist_size, status; - for (i=0;i<clist_size;i++) - { - ret = gnutls_x509_crt_export2( clist[i], GNUTLS_X509_FMT_DER, &certs[i]); - if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_export2: %s", gnutls_strerror (ret)); - } - - ret = dane_verify_crt( s, certs, clist_size, GNUTLS_CRT_X509, - host, proto, port, 0, 0, &status); + ret = gnutls_load_file(cinfo->cert, &file); if (ret < 0) - error (EXIT_FAILURE, 0, "dane_verify_crt: %s", dane_strerror (ret)); - - ret = dane_verification_status_print(status, &out, 0); + error (EXIT_FAILURE, 0, "gnutls_load_file: %s", gnutls_strerror (ret)); + + ret = gnutls_x509_crt_list_import2( &clist, &clist_size, &file, cinfo->incert_format, 0); if (ret < 0) - error (EXIT_FAILURE, 0, "dane_verification_status_print: %s", dane_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_import2: %s", gnutls_strerror (ret)); - printf("\nVerification: %s\n", out.data); - gnutls_free(out.data); - - for (i=0;i<clist_size;i++) + if (clist_size > 0) { - gnutls_free(certs[i].data); - gnutls_x509_crt_deinit(clist[i]); + gnutls_datum_t certs[clist_size]; + gnutls_datum_t out; + unsigned int i; + + for (i=0;i<clist_size;i++) + { + ret = gnutls_x509_crt_export2( clist[i], GNUTLS_X509_FMT_DER, &certs[i]); + if (ret < 0) + error (EXIT_FAILURE, 0, "gnutls_x509_crt_export2: %s", gnutls_strerror (ret)); + } + + ret = dane_verify_crt( s, certs, clist_size, GNUTLS_CRT_X509, + host, proto, port, 0, 0, &status); + if (ret < 0) + error (EXIT_FAILURE, 0, "dane_verify_crt: %s", dane_strerror (ret)); + + ret = dane_verification_status_print(status, &out, 0); + if (ret < 0) + error (EXIT_FAILURE, 0, "dane_verification_status_print: %s", dane_strerror (ret)); + + printf("\nVerification: %s\n", out.data); + gnutls_free(out.data); + + for (i=0;i<clist_size;i++) + { + gnutls_free(certs[i].data); + gnutls_x509_crt_deinit(clist[i]); + } + gnutls_free(clist); } - gnutls_free(clist); } } + dane_query_deinit(q); dane_state_deinit(s); |