diff options
| -rw-r--r-- | src/serv.c | 11 | ||||
| -rw-r--r-- | tests/anonself.c | 2 | ||||
| -rw-r--r-- | tests/openpgp_test.c | 250 | ||||
| -rw-r--r-- | tests/openssl.c | 10 | ||||
| -rw-r--r-- | tests/x509_test.c | 483 |
5 files changed, 399 insertions, 357 deletions
diff --git a/src/serv.c b/src/serv.c index 33040c913c..f6870b9d66 100644 --- a/src/serv.c +++ b/src/serv.c @@ -119,11 +119,12 @@ static int wrap_db_delete (void *dbf, gnutls_datum key); #define HTTP_STATE_RESPONSE 2 #define HTTP_STATE_CLOSING 3 -LIST_TYPE_DECLARE (listener_item, char *http_request; - char *http_response; int request_length; - int response_length; int response_written; - int http_state; - int fd; gnutls_session tls_session; int handshake_ok;); +LIST_TYPE_DECLARE (listener_item, char *http_request; char *http_response; + int request_length; int response_length; + int response_written; int http_state; int fd; + gnutls_session tls_session; + int handshake_ok; + ); static const char * safe_strerror (int value) diff --git a/tests/anonself.c b/tests/anonself.c index 52136cb9b2..94c39122a5 100644 --- a/tests/anonself.c +++ b/tests/anonself.c @@ -61,7 +61,7 @@ tcp_connect (void) sa.sin_port = htons (atoi (PORT)); inet_pton (AF_INET, SERVER, &sa.sin_addr); - err = connect (sd, (struct sockaddr *) & sa, sizeof (sa)); + err = connect (sd, (struct sockaddr *) &sa, sizeof (sa)); if (err < 0) { fprintf (stderr, "Connect error\n"); diff --git a/tests/openpgp_test.c b/tests/openpgp_test.c index 7bb00f5e2a..fa87b23270 100644 --- a/tests/openpgp_test.c +++ b/tests/openpgp_test.c @@ -1,5 +1,5 @@ /** t-openpgp.c -- OpenPGP regression test **/ - + #include "gnutls_int.h" #include "gnutls_errors.h" #include "gnutls_mpi.h" @@ -16,145 +16,149 @@ #include <assert.h> static const char * -get_pkalgo( int algo ) +get_pkalgo (int algo) { - switch( algo ) { - case GNUTLS_PK_DSA: return "DSA"; - case GNUTLS_PK_RSA: return "RSA"; + switch (algo) + { + case GNUTLS_PK_DSA: + return "DSA"; + case GNUTLS_PK_RSA: + return "RSA"; } - return NULL; + return NULL; } static const char * -get_pktime( long timestamp ) +get_pktime (long timestamp) { - static char buf[128]; - struct tm * tb; - - tb = localtime( ×tamp ); - sprintf( buf, "%04d-%02d-%02d", tb->tm_year+1900, tb->tm_mon+1, tb->tm_mday ); - return buf; + static char buf[128]; + struct tm *tb; + + tb = localtime (×tamp); + sprintf (buf, "%04d-%02d-%02d", tb->tm_year + 1900, tb->tm_mon + 1, + tb->tm_mday); + return buf; } int -get_pubkey( gnutls_datum *pk, const gnutls_datum *kr, unsigned long kid ) +get_pubkey (gnutls_datum * pk, const gnutls_datum * kr, unsigned long kid) { - unsigned char buf[4]; + unsigned char buf[4]; - buf[0] = kid >> 24; - buf[1] = kid >> 16; - buf[2] = kid >> 8; - buf[3] = kid; - return gnutls_openpgp_get_key( pk, kr, KEY_ATTR_SHORT_KEYID, buf ); + buf[0] = kid >> 24; + buf[1] = kid >> 16; + buf[2] = kid >> 8; + buf[3] = kid; + return gnutls_openpgp_get_key (pk, kr, KEY_ATTR_SHORT_KEYID, buf); } - + int -main( int argc, char ** argv ) +main (int argc, char **argv) { - gnutls_certificate_credentials ctx; - gnutls_datum dat, xml, pk; - gnutls_openpgp_name uid; - gnutls_privkey * pkey; - gnutls_cert * cert; - unsigned char fpr[20], keyid[8]; - char *s, *t; - size_t fprlen = 0; - int rc, nbits = 0, i; - - rc = gnutls_certificate_allocate_credentials( &ctx ); - assert( rc == 0 ); - - s = "../src/openpgp/cli_ring.gpg"; - rc = gnutls_certificate_set_openpgp_keyring_file( ctx, s ); - assert( rc == 0 ); - - s = "../src/openpgp/pub.asc"; - t = "../src/openpgp/sec.asc"; - rc = gnutls_certificate_set_openpgp_key_file( ctx, s, t); - assert( rc == 0 ); - - dat = ctx->cert_list[0]->raw; - assert( ctx->cert_list[0] ); - printf( "Key v%d\n", gnutls_openpgp_extract_key_version( &dat ) ); - rc = gnutls_openpgp_extract_key_name( &dat, 1, &uid ); - assert( rc == 0 ); - printf( "userID %s\n", uid.name ); - - rc = gnutls_openpgp_extract_key_pk_algorithm( &dat, &nbits ); - printf( "pk-algorithm %s %d bits\n", get_pkalgo( rc ), nbits ); - - rc = gnutls_openpgp_extract_key_creation_time( &dat ); - printf( "creation time %s\n", get_pktime( rc ) ); - - rc = gnutls_openpgp_extract_key_expiration_time( &dat ); - printf( "expiration time %lu\n", rc ); - - printf( "key fingerprint: " ); - rc = gnutls_openpgp_fingerprint( &dat, fpr, &fprlen ); - assert( rc == 0 ); - for( i = 0; i < fprlen/2; i++ ) - printf( "%02X%02X ", fpr[2*i], fpr[2*i+1] ); - printf( "\n" ); - - printf( "key id: " ); - rc = gnutls_openpgp_extract_key_id( &dat, keyid ); - assert( rc == 0 ); - for( i = 0; i < 8; i++ ) - printf( "%02X", keyid[i] ); - printf( "\n\n" ); - - printf( "Check MPIs\n" ); - cert = ctx->cert_list[0]; - printf( "number of certs %d\n", *ctx->cert_list_length ); - assert( *ctx->cert_list_length == 1 ); - printf( "number of items %d\n", cert->params_size ); - for( i = 0; i < cert->params_size; i++ ) { - nbits = gcry_mpi_get_nbits( cert->params[i] ); - printf( "mpi %d %d bits\n", i, nbits ); + gnutls_certificate_credentials ctx; + gnutls_datum dat, xml, pk; + gnutls_openpgp_name uid; + gnutls_privkey *pkey; + gnutls_cert *cert; + unsigned char fpr[20], keyid[8]; + char *s, *t; + size_t fprlen = 0; + int rc, nbits = 0, i; + + rc = gnutls_certificate_allocate_credentials (&ctx); + assert (rc == 0); + + s = "../src/openpgp/cli_ring.gpg"; + rc = gnutls_certificate_set_openpgp_keyring_file (ctx, s); + assert (rc == 0); + + s = "../src/openpgp/pub.asc"; + t = "../src/openpgp/sec.asc"; + rc = gnutls_certificate_set_openpgp_key_file (ctx, s, t); + assert (rc == 0); + + dat = ctx->cert_list[0]->raw; + assert (ctx->cert_list[0]); + printf ("Key v%d\n", gnutls_openpgp_extract_key_version (&dat)); + rc = gnutls_openpgp_extract_key_name (&dat, 1, &uid); + assert (rc == 0); + printf ("userID %s\n", uid.name); + + rc = gnutls_openpgp_extract_key_pk_algorithm (&dat, &nbits); + printf ("pk-algorithm %s %d bits\n", get_pkalgo (rc), nbits); + + rc = gnutls_openpgp_extract_key_creation_time (&dat); + printf ("creation time %s\n", get_pktime (rc)); + + rc = gnutls_openpgp_extract_key_expiration_time (&dat); + printf ("expiration time %lu\n", rc); + + printf ("key fingerprint: "); + rc = gnutls_openpgp_fingerprint (&dat, fpr, &fprlen); + assert (rc == 0); + for (i = 0; i < fprlen / 2; i++) + printf ("%02X%02X ", fpr[2 * i], fpr[2 * i + 1]); + printf ("\n"); + + printf ("key id: "); + rc = gnutls_openpgp_extract_key_id (&dat, keyid); + assert (rc == 0); + for (i = 0; i < 8; i++) + printf ("%02X", keyid[i]); + printf ("\n\n"); + + printf ("Check MPIs\n"); + cert = ctx->cert_list[0]; + printf ("number of certs %d\n", *ctx->cert_list_length); + assert (*ctx->cert_list_length == 1); + printf ("number of items %d\n", cert->params_size); + for (i = 0; i < cert->params_size; i++) + { + nbits = gcry_mpi_get_nbits (cert->params[i]); + printf ("mpi %d %d bits\n", i, nbits); } - printf( "\nCheck key\n" ); - rc = gnutls_openpgp_verify_key( NULL, &ctx->keyring, &dat, 1 ); - printf( "certifiacte status...%d\n", rc ); - - printf( "\nSeckey\n" ); - pkey = ctx->pkey; - assert( pkey ); - assert( pkey->params_size ); - nbits = gcry_mpi_get_nbits( pkey->params[0] ); - rc = pkey->pk_algorithm; - printf( "pk-algorithm %s %d bits\n", get_pkalgo( rc ), nbits ); - printf( "number of items %d\n", pkey->params_size ); - for( i = 0; i < pkey->params_size; i++ ) { - nbits = gcry_mpi_get_nbits( pkey->params[i] ); - printf( "mpi %d %d bits\n", i, nbits ); + printf ("\nCheck key\n"); + rc = gnutls_openpgp_verify_key (NULL, &ctx->keyring, &dat, 1); + printf ("certifiacte status...%d\n", rc); + + printf ("\nSeckey\n"); + pkey = ctx->pkey; + assert (pkey); + assert (pkey->params_size); + nbits = gcry_mpi_get_nbits (pkey->params[0]); + rc = pkey->pk_algorithm; + printf ("pk-algorithm %s %d bits\n", get_pkalgo (rc), nbits); + printf ("number of items %d\n", pkey->params_size); + for (i = 0; i < pkey->params_size; i++) + { + nbits = gcry_mpi_get_nbits (pkey->params[i]); + printf ("mpi %d %d bits\n", i, nbits); } - printf( "\nGet public key\n" ); - rc = get_pubkey( &pk, &ctx->keyring, 0xA7D93C3F ); - assert( rc == 0 ); - - printf( "key fingerprint: " ); - gnutls_openpgp_fingerprint( &pk, fpr, &fprlen ); - for( i = 0; i < fprlen/2; i++ ) - printf( "%02X%02X ", fpr[2*i], fpr[2*i+1] ); - printf( "\n" ); - _gnutls_free_datum( &pk ); - - #if 0 - rc = gnutls_openpgp_key_to_xml( &dat, &xml, 1 ); - printf( "rc=%d\n", rc ); - assert( rc == 0 ); - xml.data[xml.size] = '\0'; - printf( "%s\n", xml.data ); - _gnutls_free_datum( &xml ); - #endif - - _gnutls_free_datum( &dat ); - gnutls_certificate_free_credentials( ctx ); - - return 0; + printf ("\nGet public key\n"); + rc = get_pubkey (&pk, &ctx->keyring, 0xA7D93C3F); + assert (rc == 0); + + printf ("key fingerprint: "); + gnutls_openpgp_fingerprint (&pk, fpr, &fprlen); + for (i = 0; i < fprlen / 2; i++) + printf ("%02X%02X ", fpr[2 * i], fpr[2 * i + 1]); + printf ("\n"); + _gnutls_free_datum (&pk); + +#if 0 + rc = gnutls_openpgp_key_to_xml (&dat, &xml, 1); + printf ("rc=%d\n", rc); + assert (rc == 0); + xml.data[xml.size] = '\0'; + printf ("%s\n", xml.data); + _gnutls_free_datum (&xml); +#endif + + _gnutls_free_datum (&dat); + gnutls_certificate_free_credentials (ctx); + + return 0; } - - diff --git a/tests/openssl.c b/tests/openssl.c index cc98a67a22..1c841dd62d 100644 --- a/tests/openssl.c +++ b/tests/openssl.c @@ -39,14 +39,14 @@ doit (void) if (!gnutls_check_version (LIBGNUTLS_VERSION)) success ("gnutls_check_version ERROR\n"); - MD5_Init(&c); - MD5_Update(&c, "abc", 3); - MD5_Final(&(md[0]),&c); + MD5_Init (&c); + MD5_Update (&c, "abc", 3); + MD5_Final (&(md[0]), &c); if (memcmp (md, "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" - "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", sizeof(md)) != 0) + "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", sizeof (md)) != 0) { - hexprint (md, sizeof(md)); + hexprint (md, sizeof (md)); fail ("MD5 failure\n"); } else diff --git a/tests/x509_test.c b/tests/x509_test.c index f1390921fd..b3e96f5b35 100644 --- a/tests/x509_test.c +++ b/tests/x509_test.c @@ -5,93 +5,103 @@ #define MAX_FILE_SIZE 16*1024 -struct file_res { - char* test_file; - int result; +struct file_res +{ + char *test_file; + int result; }; static struct file_res test_files[] = { - { "test1.pem", 0 }, - { "test2.pem", GNUTLS_CERT_NOT_TRUSTED }, - { "test3.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, - { "test10.pem", 0 }, - { "test13.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, - { "test20.pem", GNUTLS_CERT_REVOKED | GNUTLS_CERT_NOT_TRUSTED }, - { "test21.pem", GNUTLS_CERT_REVOKED | GNUTLS_CERT_NOT_TRUSTED }, - { "test22.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, - { "test23.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, - { "test24.pem", 0 }, - { "test25.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED }, - { "test26.pem", 0 }, - { NULL, 0 } + {"test1.pem", 0}, + {"test2.pem", GNUTLS_CERT_NOT_TRUSTED}, + {"test3.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED}, + {"test10.pem", 0}, + {"test13.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED}, + {"test20.pem", GNUTLS_CERT_REVOKED | GNUTLS_CERT_NOT_TRUSTED}, + {"test21.pem", GNUTLS_CERT_REVOKED | GNUTLS_CERT_NOT_TRUSTED}, + {"test22.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED}, + {"test23.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED}, + {"test24.pem", 0}, + {"test25.pem", GNUTLS_CERT_INVALID | GNUTLS_CERT_NOT_TRUSTED}, + {"test26.pem", 0}, + {NULL, 0} }; #define CA_FILE "ca.pem" -int _verify_x509_file( const char* certfile, const char *cafile); +int _verify_x509_file (const char *certfile, const char *cafile); -static void print_res( int x) +static void +print_res (int x) { - if (x&GNUTLS_CERT_INVALID) - printf("- certificate is invalid\n"); - else - printf("- certificate is valid\n"); - if (x&GNUTLS_CERT_NOT_TRUSTED) - printf("- certificate is NOT trusted\n"); - else - printf("- certificate is trusted\n"); - - if (x&GNUTLS_CERT_CORRUPTED) - printf("- Found a corrupted certificate.\n"); - - if (x&GNUTLS_CERT_REVOKED) - printf("- certificate is revoked.\n"); + if (x & GNUTLS_CERT_INVALID) + printf ("- certificate is invalid\n"); + else + printf ("- certificate is valid\n"); + if (x & GNUTLS_CERT_NOT_TRUSTED) + printf ("- certificate is NOT trusted\n"); + else + printf ("- certificate is trusted\n"); + + if (x & GNUTLS_CERT_CORRUPTED) + printf ("- Found a corrupted certificate.\n"); + + if (x & GNUTLS_CERT_REVOKED) + printf ("- certificate is revoked.\n"); } -int main() +int +main () { -int x; -char* file; -int i = 0, exp_result; - - gnutls_global_init(); - - fprintf(stderr, "This test will perform some checks on X.509 certificate\n"); - fprintf(stderr, "verification functions.\n\n"); - - for (;;) { - exp_result = test_files[i].result; - file = test_files[i++].test_file; - - if (file==NULL) break; - x = _verify_x509_file( file, CA_FILE); - - if (x<0) { - fprintf(stderr, "Unexpected error: %d\n", x); - exit(1); - } - printf("Test %d, file %s: ", i, file); - - if ( x != exp_result) { - printf("failed.\n"); - fflush(stdout); - fprintf(stderr, "Unexpected error in verification.\n"); - fprintf(stderr, "Certificate was found to be: \n"); - print_res( x); - } else { - printf("ok."); - - printf("\n"); - } + int x; + char *file; + int i = 0, exp_result; + + gnutls_global_init (); + + fprintf (stderr, + "This test will perform some checks on X.509 certificate\n"); + fprintf (stderr, "verification functions.\n\n"); + + for (;;) + { + exp_result = test_files[i].result; + file = test_files[i++].test_file; + + if (file == NULL) + break; + x = _verify_x509_file (file, CA_FILE); + + if (x < 0) + { + fprintf (stderr, "Unexpected error: %d\n", x); + exit (1); } + printf ("Test %d, file %s: ", i, file); + + if (x != exp_result) + { + printf ("failed.\n"); + fflush (stdout); + fprintf (stderr, "Unexpected error in verification.\n"); + fprintf (stderr, "Certificate was found to be: \n"); + print_res (x); + } + else + { + printf ("ok."); + + printf ("\n"); + } + } - printf("\n"); + printf ("\n"); - gnutls_global_deinit(); + gnutls_global_deinit (); - return 0; + return 0; } @@ -100,181 +110,208 @@ int i = 0, exp_result; /* Verifies a base64 encoded certificate list from memory */ -int _verify_x509_mem( const char* cert, int cert_size, - const char *ca, int ca_size, const char* crl, int crl_size) +int +_verify_x509_mem (const char *cert, int cert_size, + const char *ca, int ca_size, const char *crl, int crl_size) { - int siz, i; - const char *ptr; - int ret; - unsigned int output; - gnutls_datum tmp; - gnutls_x509_crt *x509_cert_list = NULL; - gnutls_x509_crt x509_ca; - gnutls_x509_crl *x509_crl_list = NULL; - int x509_ncerts, x509_ncrls; - - /* Decode the CA certificate - */ - tmp.data = (char*)ca; - tmp.size = ca_size; - - ret = gnutls_x509_crt_init( &x509_ca); - if (ret < 0) { - fprintf(stderr, "Error parsing the CA certificate: %s\n", gnutls_strerror(ret)); - exit(1); + int siz, i; + const char *ptr; + int ret; + unsigned int output; + gnutls_datum tmp; + gnutls_x509_crt *x509_cert_list = NULL; + gnutls_x509_crt x509_ca; + gnutls_x509_crl *x509_crl_list = NULL; + int x509_ncerts, x509_ncrls; + + /* Decode the CA certificate + */ + tmp.data = (char *) ca; + tmp.size = ca_size; + + ret = gnutls_x509_crt_init (&x509_ca); + if (ret < 0) + { + fprintf (stderr, "Error parsing the CA certificate: %s\n", + gnutls_strerror (ret)); + exit (1); + } + + ret = gnutls_x509_crt_import (x509_ca, &tmp, GNUTLS_X509_FMT_PEM); + + if (ret < 0) + { + fprintf (stderr, "Error parsing the CA certificate: %s\n", + gnutls_strerror (ret)); + exit (1); + } + + /* Decode the CRL list + */ + siz = crl_size; + ptr = crl; + + i = 1; + + if (strstr (ptr, CRL_SEP) != NULL) /* if CRLs exist */ + do + { + x509_crl_list = + (gnutls_x509_crl *) realloc (x509_crl_list, + i * sizeof (gnutls_x509_crl)); + if (x509_crl_list == NULL) + { + fprintf (stderr, "memory error\n"); + exit (1); + } + + tmp.data = (char *) ptr; + tmp.size = siz; + + ret = gnutls_x509_crl_init (&x509_crl_list[i - 1]); + if (ret < 0) + { + fprintf (stderr, "Error parsing the CRL[%d]: %s\n", i, + gnutls_strerror (ret)); + exit (1); + } + + ret = + gnutls_x509_crl_import (x509_crl_list[i - 1], &tmp, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + { + fprintf (stderr, "Error parsing the CRL[%d]: %s\n", i, + gnutls_strerror (ret)); + exit (1); + } + + /* now we move ptr after the pem header */ + ptr = strstr (ptr, CRL_SEP); + if (ptr != NULL) + ptr++; + + i++; + } + while ((ptr = strstr (ptr, CRL_SEP)) != NULL); + + x509_ncrls = i - 1; + + + /* Decode the certificate chain. + */ + siz = cert_size; + ptr = cert; + + i = 1; + + do + { + x509_cert_list = + (gnutls_x509_crt *) realloc (x509_cert_list, + i * sizeof (gnutls_x509_crt)); + if (x509_cert_list == NULL) + { + fprintf (stderr, "memory error\n"); + exit (1); } - - ret = gnutls_x509_crt_import( x509_ca, &tmp, GNUTLS_X509_FMT_PEM); - if (ret < 0) { - fprintf(stderr, "Error parsing the CA certificate: %s\n", gnutls_strerror(ret)); - exit(1); - } + tmp.data = (char *) ptr; + tmp.size = siz; - /* Decode the CRL list - */ - siz = crl_size; - ptr = crl; - - i = 1; - - if (strstr(ptr, CRL_SEP)!=NULL) /* if CRLs exist */ - do { - x509_crl_list = - (gnutls_x509_crl *) realloc( x509_crl_list, - i * - sizeof(gnutls_x509_crl)); - if (x509_crl_list == NULL) { - fprintf(stderr, "memory error\n"); - exit(1); - } - - tmp.data = (char*)ptr; - tmp.size = siz; - - ret = gnutls_x509_crl_init( &x509_crl_list[i-1]); - if (ret < 0) { - fprintf(stderr, "Error parsing the CRL[%d]: %s\n", i, gnutls_strerror(ret)); - exit(1); - } - - ret = gnutls_x509_crl_import( x509_crl_list[i-1], &tmp, GNUTLS_X509_FMT_PEM); - if (ret < 0) { - fprintf(stderr, "Error parsing the CRL[%d]: %s\n", i, gnutls_strerror(ret)); - exit(1); - } - - /* now we move ptr after the pem header */ - ptr = strstr(ptr, CRL_SEP); - if (ptr!=NULL) - ptr++; - - i++; - } while ((ptr = strstr(ptr, CRL_SEP)) != NULL); - - x509_ncrls = i - 1; - - - /* Decode the certificate chain. - */ - siz = cert_size; - ptr = cert; - - i = 1; - - do { - x509_cert_list = - (gnutls_x509_crt *) realloc( x509_cert_list, - i * - sizeof(gnutls_x509_crt)); - if (x509_cert_list == NULL) { - fprintf(stderr, "memory error\n"); - exit(1); - } - - tmp.data = (char*)ptr; - tmp.size = siz; - - ret = gnutls_x509_crt_init( &x509_cert_list[i-1]); - if (ret < 0) { - fprintf(stderr, "Error parsing the certificate[%d]: %s\n", i, gnutls_strerror(ret)); - exit(1); - } - - ret = gnutls_x509_crt_import( x509_cert_list[i-1], &tmp, GNUTLS_X509_FMT_PEM); - if (ret < 0) { - fprintf(stderr, "Error parsing the certificate[%d]: %s\n", i, gnutls_strerror(ret)); - exit(1); - } - - /* now we move ptr after the pem header */ - ptr = strstr(ptr, CERT_SEP); - if (ptr!=NULL) - ptr++; - - i++; - } while ((ptr = strstr(ptr, CERT_SEP)) != NULL); - - x509_ncerts = i - 1; - - ret = gnutls_x509_crt_list_verify( x509_cert_list, x509_ncerts, - &x509_ca, 1, x509_crl_list, x509_ncrls, 0, &output); - - gnutls_x509_crt_deinit( x509_ca); - - for (i=0;i<x509_ncerts;i++) { - gnutls_x509_crt_deinit( x509_cert_list[i]); + ret = gnutls_x509_crt_init (&x509_cert_list[i - 1]); + if (ret < 0) + { + fprintf (stderr, "Error parsing the certificate[%d]: %s\n", i, + gnutls_strerror (ret)); + exit (1); } - for (i=0;i<x509_ncrls;i++) { - gnutls_x509_crl_deinit( x509_crl_list[i]); + ret = + gnutls_x509_crt_import (x509_cert_list[i - 1], &tmp, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + { + fprintf (stderr, "Error parsing the certificate[%d]: %s\n", i, + gnutls_strerror (ret)); + exit (1); } - free( x509_cert_list); - free( x509_crl_list); + /* now we move ptr after the pem header */ + ptr = strstr (ptr, CERT_SEP); + if (ptr != NULL) + ptr++; - if ( ret < 0) { - fprintf(stderr, "Error in verification: %s\n", gnutls_strerror(ret)); - exit(1); - } + i++; + } + while ((ptr = strstr (ptr, CERT_SEP)) != NULL); + + x509_ncerts = i - 1; - return output; + ret = gnutls_x509_crt_list_verify (x509_cert_list, x509_ncerts, + &x509_ca, 1, x509_crl_list, x509_ncrls, + 0, &output); + + gnutls_x509_crt_deinit (x509_ca); + + for (i = 0; i < x509_ncerts; i++) + { + gnutls_x509_crt_deinit (x509_cert_list[i]); + } + + for (i = 0; i < x509_ncrls; i++) + { + gnutls_x509_crl_deinit (x509_crl_list[i]); + } + + free (x509_cert_list); + free (x509_crl_list); + + if (ret < 0) + { + fprintf (stderr, "Error in verification: %s\n", gnutls_strerror (ret)); + exit (1); + } + + return output; } /* Reads and verifies a base64 encoded certificate file */ -int _verify_x509_file( const char* certfile, const char *cafile) +int +_verify_x509_file (const char *certfile, const char *cafile) { - int ca_size, cert_size; - char ca[MAX_FILE_SIZE]; - char cert[MAX_FILE_SIZE]; - FILE *fd1; - - fd1 = fopen(certfile, "rb"); - if (fd1 == NULL) { - fprintf(stderr, "error opening %s\n", certfile); - return GNUTLS_E_FILE_ERROR; - } + int ca_size, cert_size; + char ca[MAX_FILE_SIZE]; + char cert[MAX_FILE_SIZE]; + FILE *fd1; - cert_size = fread(cert, 1, sizeof(cert)-1, fd1); - fclose(fd1); + fd1 = fopen (certfile, "rb"); + if (fd1 == NULL) + { + fprintf (stderr, "error opening %s\n", certfile); + return GNUTLS_E_FILE_ERROR; + } - cert[cert_size] = 0; + cert_size = fread (cert, 1, sizeof (cert) - 1, fd1); + fclose (fd1); + cert[cert_size] = 0; - fd1 = fopen(cafile, "rb"); - if (fd1 == NULL) { - fprintf(stderr, "error opening %s\n", cafile); - return GNUTLS_E_FILE_ERROR; - } - ca_size = fread(ca, 1, sizeof(ca)-1, fd1); - fclose(fd1); - - ca[ca_size] = 0; + fd1 = fopen (cafile, "rb"); + if (fd1 == NULL) + { + fprintf (stderr, "error opening %s\n", cafile); + return GNUTLS_E_FILE_ERROR; + } - return _verify_x509_mem( cert, cert_size, ca, ca_size, cert, cert_size); -} + ca_size = fread (ca, 1, sizeof (ca) - 1, fd1); + fclose (fd1); + ca[ca_size] = 0; + + return _verify_x509_mem (cert, cert_size, ca, ca_size, cert, cert_size); +} |