diff options
| -rw-r--r-- | NEWS | 8 | ||||
| -rwxr-xr-x | build-aux/config.rpath | 102 | ||||
| -rw-r--r-- | doc/gnutls.texi | 308 | ||||
| -rw-r--r-- | includes/gnutls/openpgp.h | 3 | ||||
| -rw-r--r-- | includes/gnutls/x509.h | 8 | ||||
| -rw-r--r-- | lib/x509/Makefile.am | 2 | ||||
| -rw-r--r-- | lib/x509/xml.c | 762 | ||||
| -rw-r--r-- | libextra/openpgp/Makefile.am | 2 | ||||
| -rw-r--r-- | libextra/openpgp/xml.c | 442 | ||||
| -rw-r--r-- | po/de.po | 291 | ||||
| -rw-r--r-- | po/ms.po | 277 | ||||
| -rw-r--r-- | src/certtool-gaa.c | 111 | ||||
| -rw-r--r-- | src/certtool-gaa.h | 16 | ||||
| -rw-r--r-- | src/certtool.c | 15 | ||||
| -rw-r--r-- | src/certtool.gaa | 5 | ||||
| -rw-r--r-- | src/cli-gaa.c | 163 | ||||
| -rw-r--r-- | src/cli-gaa.h | 68 | ||||
| -rw-r--r-- | src/cli.c | 242 | ||||
| -rw-r--r-- | src/cli.gaa | 5 | ||||
| -rw-r--r-- | src/common.c | 235 |
20 files changed, 970 insertions, 2095 deletions
@@ -3,6 +3,14 @@ Copyright (C) 2004, 2005, 2006, 2007 Simon Josefsson Copyright (C) 2000, 2001, 2002, 2003, 2004 Nikos Mavroyanopoulos See the end for copying conditions. +* Version 2.1.2 + +** Removed all the xml related stubs and functions. + +** API and ABI modifications: +gnutls_x509_crt_to_xml: REMOVED +gnutls_openpgp_key_to_xml: REMOVED + * Version 2.1.1 (released 2007-09-24) ** Added support for Camellia cipher, thanks to Yoshisato YANAGISAWA. diff --git a/build-aux/config.rpath b/build-aux/config.rpath index c547c68825..c492a93b66 100755 --- a/build-aux/config.rpath +++ b/build-aux/config.rpath @@ -2,7 +2,7 @@ # Output a system dependent set of variables, describing how to set the # run time search path of shared libraries in an executable. # -# Copyright 1996-2007 Free Software Foundation, Inc. +# Copyright 1996-2006 Free Software Foundation, Inc. # Taken from GNU libtool, 2001 # Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996 # @@ -64,7 +64,7 @@ else ;; esac ;; - mingw* | cygwin* | pw32* | os2*) + mingw* | pw32* | os2*) ;; hpux9* | hpux10* | hpux11*) wl='-Wl,' @@ -74,7 +74,7 @@ else ;; newsos6) ;; - linux* | k*bsd*-gnu) + linux*) case $cc_basename in icc* | ecc*) wl='-Wl,' @@ -100,7 +100,7 @@ else osf3* | osf4* | osf5*) wl='-Wl,' ;; - rdos*) + sco3.2v5*) ;; solaris*) wl='-Wl,' @@ -108,14 +108,11 @@ else sunos4*) wl='-Qoption ld ' ;; - sysv4 | sysv4.2uw2* | sysv4.3*) + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) wl='-Wl,' ;; sysv4*MP*) ;; - sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) - wl='-Wl,' - ;; unicos*) wl='-Wl,' ;; @@ -192,11 +189,11 @@ if test "$with_gnu_ld" = yes; then ld_shlibs=no fi ;; - interix[3-9]*) + interix3*) hardcode_direct=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; - gnu* | linux* | k*bsd*-gnu) + linux*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else @@ -283,7 +280,7 @@ else strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 - : + hardcode_direct=yes else # We have old collect2 hardcode_direct=unsupported @@ -362,7 +359,7 @@ else hardcode_direct=yes hardcode_minus_L=yes ;; - freebsd* | dragonfly*) + freebsd* | kfreebsd*-gnu | dragonfly*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes ;; @@ -415,22 +412,18 @@ else hardcode_libdir_separator=: ;; openbsd*) - if test -f /usr/libexec/ld.so; then - hardcode_direct=yes - if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - else - case "$host_os" in - openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) - hardcode_libdir_flag_spec='-R$libdir' - ;; - *) - hardcode_libdir_flag_spec='${wl}-rpath,$libdir' - ;; - esac - fi + hardcode_direct=yes + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' else - ld_shlibs=no + case "$host_os" in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac fi ;; os2*) @@ -478,7 +471,7 @@ else ld_shlibs=yes fi ;; - sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) ;; sysv5* | sco3.2v5* | sco5v6*) hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' @@ -495,51 +488,33 @@ fi # Check dynamic linker characteristics # Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER. -# Unlike libtool.m4, here we don't care about _all_ names of the library, but -# only about the one the linker finds when passed -lNAME. This is the last -# element of library_names_spec in libtool.m4, or possibly two of them if the -# linker has special search rules. -library_names_spec= # the last element of library_names_spec in libtool.m4 libname_spec='lib$name' case "$host_os" in aix3*) - library_names_spec='$libname.a' ;; aix4* | aix5*) - library_names_spec='$libname$shrext' ;; amigaos*) - library_names_spec='$libname.a' ;; beos*) - library_names_spec='$libname$shrext' ;; bsdi[45]*) - library_names_spec='$libname$shrext' ;; cygwin* | mingw* | pw32*) shrext=.dll - library_names_spec='$libname.dll.a $libname.lib' ;; darwin* | rhapsody*) shrext=.dylib - library_names_spec='$libname$shrext' ;; dgux*) - library_names_spec='$libname$shrext' ;; freebsd1*) ;; + kfreebsd*-gnu) + ;; freebsd* | dragonfly*) - case "$host_os" in - freebsd[123]*) - library_names_spec='$libname$shrext$versuffix' ;; - *) - library_names_spec='$libname$shrext' ;; - esac ;; gnu*) - library_names_spec='$libname$shrext' ;; hpux9* | hpux10* | hpux11*) case $host_cpu in @@ -553,13 +528,10 @@ case "$host_os" in shrext=.sl ;; esac - library_names_spec='$libname$shrext' ;; - interix[3-9]*) - library_names_spec='$libname$shrext' + interix3*) ;; irix5* | irix6* | nonstopux*) - library_names_spec='$libname$shrext' case "$host_os" in irix5* | nonstopux*) libsuff= shlibsuff= @@ -576,59 +548,41 @@ case "$host_os" in ;; linux*oldld* | linux*aout* | linux*coff*) ;; - linux* | k*bsd*-gnu) - library_names_spec='$libname$shrext' + linux*) ;; knetbsd*-gnu) - library_names_spec='$libname$shrext' ;; netbsd*) - library_names_spec='$libname$shrext' ;; newsos6) - library_names_spec='$libname$shrext' ;; nto-qnx*) - library_names_spec='$libname$shrext' ;; openbsd*) - library_names_spec='$libname$shrext$versuffix' ;; os2*) libname_spec='$name' shrext=.dll - library_names_spec='$libname.a' ;; osf3* | osf4* | osf5*) - library_names_spec='$libname$shrext' - ;; - rdos*) ;; solaris*) - library_names_spec='$libname$shrext' ;; sunos4*) - library_names_spec='$libname$shrext$versuffix' ;; sysv4 | sysv4.3*) - library_names_spec='$libname$shrext' ;; sysv4*MP*) - library_names_spec='$libname$shrext' ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) - library_names_spec='$libname$shrext' ;; uts4*) - library_names_spec='$libname$shrext' ;; esac sed_quote_subst='s/\(["`$\\]\)/\\\1/g' escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"` shlibext=`echo "$shrext" | sed -e 's,^\.,,'` -escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` -escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF @@ -642,12 +596,6 @@ libext="$libext" # Shared library suffix (normally "so"). shlibext="$shlibext" -# Format of library name prefix. -libname_spec="$escaped_libname_spec" - -# Library names that the linker finds when passed -lNAME. -library_names_spec="$escaped_library_names_spec" - # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist. hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec" diff --git a/doc/gnutls.texi b/doc/gnutls.texi index d5b7026c1b..4971a9ef10 100644 --- a/doc/gnutls.texi +++ b/doc/gnutls.texi @@ -81,7 +81,6 @@ Documentation License''. * How to use GnuTLS in applications:: * Included programs:: * Function reference:: -* Certificate to XML Conversion Functions:: * All the supported ciphersuites in GnuTLS:: * Guile Bindings:: * Internal architecture of GnuTLS:: @@ -2498,8 +2497,6 @@ Usage: gnutls-cli [options] hostname -f, --fingerprint Send the openpgp fingerprint, instead of the key. --disable-extensions Disable all the TLS extensions. - --xml Print the certificate information in - XML format. --print-cert Print the certificate in PEM format. -p, --port integer The port to connect to. --recordsize integer The maximum record size to advertize. @@ -2865,7 +2862,6 @@ Usage: certtool [options] --export-ciphers Use weak encryption algorithms. --inder Use DER format for input certificates and private keys. - --xml Use XML format for output certificates. --outder Use DER format for output certificates and private keys. --bits BITS specify the number of bits for key @@ -3203,310 +3199,6 @@ expressions. @include error_codes.texi -@node Certificate to XML Conversion Functions -@chapter Certificate to @acronym{XML} Conversion Functions -@cindex Certificate to XML conversion - -This appendix contains some example output of the XML conversion -functions: - -@itemize - -@item @ref{gnutls_x509_crt_to_xml} - -@item @ref{gnutls_openpgp_key_to_xml} - -@end itemize - -@menu -* An X.509 certificate:: -* An OpenPGP key:: -@end menu - -@node An X.509 certificate -@section An @acronym{X.509} Certificate - -@smallexample -<?xml version="1.0" encoding="UTF-8"?> - -<gnutls:x509:certificate version="1.1"> - <certificate type="SEQUENCE"> - <tbsCertificate type="SEQUENCE"> - <version type="INTEGER" encoding="HEX">02</version> - <serialNumber type="INTEGER" encoding="HEX">01</serialNumber> - <signature type="SEQUENCE"> - <algorithm type="OBJECT ID">1.2.840.113549.1.1.4</algorithm> - <parameters type="ANY"> - <md5WithRSAEncryption encoding="HEX">0500</md5WithRSAEncryption> - </parameters> - </signature> - <issuer type="CHOICE"> - <rdnSequence type="SEQUENCE OF"> - <unnamed1 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.6</type> - <value type="ANY"> - <X520countryName>GR</X520countryName> - </value> - </unnamed1> - </unnamed1> - <unnamed2 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.8</type> - <value type="ANY"> - <X520StateOrProvinceName>Attiki</X520StateOrProvinceName> - </value> - </unnamed1> - </unnamed2> - <unnamed3 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.7</type> - <value type="ANY"> - <X520LocalityName>Athina</X520LocalityName> - </value> - </unnamed1> - </unnamed3> - <unnamed4 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.10</type> - <value type="ANY"> - <X520OrganizationName>GNUTLS</X520OrganizationName> - </value> - </unnamed1> - </unnamed4> - <unnamed5 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.11</type> - <value type="ANY"> - <X520OrganizationalUnitName>GNUTLS dev.</X520OrganizationalUnitName> - </value> - </unnamed1> - </unnamed5> - <unnamed6 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.3</type> - <value type="ANY"> - <X520CommonName>GNUTLS TEST CA</X520CommonName> - </value> - </unnamed1> - </unnamed6> - <unnamed7 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">1.2.840.113549.1.9.1</type> - <value type="ANY"> - <Pkcs9email>gnutls-dev@@gnupg.org</Pkcs9email> - </value> - </unnamed1> - </unnamed7> - </rdnSequence> - </issuer> - <validity type="SEQUENCE"> - <notBefore type="CHOICE"> - <utcTime type="TIME">010707101845Z</utcTime> - </notBefore> - <notAfter type="CHOICE"> - <utcTime type="TIME">020707101845Z</utcTime> - </notAfter> - </validity> - <subject type="CHOICE"> - <rdnSequence type="SEQUENCE OF"> - <unnamed1 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.6</type> - <value type="ANY"> - <X520countryName>GR</X520countryName> - </value> - </unnamed1> - </unnamed1> - <unnamed2 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.8</type> - <value type="ANY"> - <X520StateOrProvinceName>Attiki</X520StateOrProvinceName> - </value> - </unnamed1> - </unnamed2> - <unnamed3 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.7</type> - <value type="ANY"> - <X520LocalityName>Athina</X520LocalityName> - </value> - </unnamed1> - </unnamed3> - <unnamed4 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.10</type> - <value type="ANY"> - <X520OrganizationName>GNUTLS</X520OrganizationName> - </value> - </unnamed1> - </unnamed4> - <unnamed5 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.11</type> - <value type="ANY"> - <X520OrganizationalUnitName>GNUTLS dev.</X520OrganizationalUnitName> - </value> - </unnamed1> - </unnamed5> - <unnamed6 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">2.5.4.3</type> - <value type="ANY"> - <X520CommonName>localhost</X520CommonName> - </value> - </unnamed1> - </unnamed6> - <unnamed7 type="SET OF"> - <unnamed1 type="SEQUENCE"> - <type type="OBJECT ID">1.2.840.113549.1.9.1</type> - <value type="ANY"> - <Pkcs9email>root@@localhost</Pkcs9email> - </value> - </unnamed1> - </unnamed7> - </rdnSequence> - </subject> - <subjectPublicKeyInfo type="SEQUENCE"> - <algorithm type="SEQUENCE"> - <algorithm type="OBJECT ID">1.2.840.113549.1.1.1</algorithm> - <parameters type="ANY"> - <rsaEncryption encoding="HEX">0500</rsaEncryption> - </parameters> - </algorithm> - <subjectPublicKey type="BIT STRING" encoding="HEX" length="1120"> - 30818902818100D00B49EBB226D951F5CC57072199DDF287683D2DA1A0E - FCC96BFF73164777C78C3991E92EDA66584E7B97BAB4BE68D595D225557 - E01E7E57B5C35C04B491948C5C427AD588D8C6989764996D6D44E17B65C - CFC86F3B4842DE559B730C1DE3AEF1CE1A328AFF8A357EBA911E1F7E8FC - 1598E21E4BF721748C587F50CF46157D950203010001</subjectPublicKey> - </subjectPublicKeyInfo> - <extensions type="SEQUENCE OF"> - <unnamed1 type="SEQUENCE"> - <extnID type="OBJECT ID">2.5.29.35</extnID> - <critical type="BOOLEAN">FALSE</critical> - <extnValue type="SEQUENCE"> - <keyIdentifier type="OCTET STRING" encoding="HEX"> - EFEE94ABC8CA577F5313DB76DC1A950093BAF3C9</keyIdentifier> - </extnValue> - </unnamed1> - <unnamed2 type="SEQUENCE"> - <extnID type="OBJECT ID">2.5.29.37</extnID> - <critical type="BOOLEAN">FALSE</critical> - <extnValue type="SEQUENCE OF"> - <unnamed1 type="OBJECT ID">1.3.6.1.5.5.7.3.1</unnamed1> - <unnamed2 type="OBJECT ID">1.3.6.1.5.5.7.3.2</unnamed2> - <unnamed3 type="OBJECT ID">1.3.6.1.4.1.311.10.3.3</unnamed3> - <unnamed4 type="OBJECT ID">2.16.840.1.113730.4.1</unnamed4> - </extnValue> - </unnamed2> - <unnamed3 type="SEQUENCE"> - <extnID type="OBJECT ID">2.5.29.19</extnID> - <critical type="BOOLEAN">TRUE</critical> - <extnValue type="SEQUENCE"> - <cA type="BOOLEAN">FALSE</cA> - </extnValue> - </unnamed3> - </extensions> - </tbsCertificate> - <signatureAlgorithm type="SEQUENCE"> - <algorithm type="OBJECT ID">1.2.840.113549.1.1.4</algorithm> - <parameters type="ANY"> - <md5WithRSAEncryption encoding="HEX">0500</md5WithRSAEncryption> - </parameters> - </signatureAlgorithm> - <signature type="BIT STRING" encoding="HEX" length="1024"> - B73945273AF2A395EC54BF5DC669D953885A9D811A3B92909D24792D36A44EC - 27E1C463AF8738BEFD29B311CCE8C6D9661BEC30911DAABB39B8813382B32D2 - E259581EBCD26C495C083984763966FF35D1DEFE432891E610C85072578DA74 - 23244A8F5997B41A1F44E61F4F22C94375775055A5E72F25D5E4557467A91BD - 4251</signature> - </certificate> -</gnutls:x509:certificate> -@end smallexample - -@node An OpenPGP key -@section An @acronym{OpenPGP} Key - -@smallexample -<?xml version="1.0"?> - -<gnutls:openpgp:key version="1.0"> - <OPENPGPKEY> - <MAINKEY> - <KEYID>BD572CDCCCC07C3</KEYID> - <FINGERPRINT>BE615E88D6CFF27225B8A2E7BD572CDCCCC07C35</FINGERPRINT> - <PKALGO>DSA</PKALGO> - <KEYLEN>1024</KEYLEN> - <CREATED>1011533164</CREATED> - <REVOKED>0</REVOKED> - <KEY ENCODING="HEX"/> - <DSA-P>0400E72E76B62EEFA9A3BD594093292418050C02D7029D6CA2066E - FC34C86038627C643EB1A652A7AF1D37CF46FC505AC1E0C699B37895B4BCB - 3E53541FFDA4766D6168C2B8AAFD6AB22466D06D18034D5DAC698E6993BA5 - B350FF822E1CD8702A75114E8B73A6B09CB3B93CE44DBB516C9BB5F95BB66 - 6188602A0A1447236C0658F</DSA-P> - <DSA-Q>00A08F5B5E78D85F792CC2072F9474645726FB4D9373</DSA-Q> - <DSA-G>03FE3578D689D6606E9118E9F9A7042B963CF23F3D8F1377A273C0 - F0974DBF44B3CABCBE14DD64412555863E39A9C627662D77AC36662AE4497 - 92C3262D3F12E9832A7565309D67BA0AE4DF25F5EDA0937056AD5BE89F406 - 9EBD7EC76CE432441DF5D52FFFD06D39E5F61E36947B698A77CB62AB81E4A - 4122BF9050671D9946C865E</DSA-G> - <DSA-Y>0400D061437A964DDE318818C2B24DE008E60096B60DB8A684B85A - 838D119FC930311889AD57A3B927F448F84EB253C623EDA73B42FF78BCE63 - A6A531D75A64CE8540513808E9F5B10CE075D3417B801164918B131D3544C - 8765A8ECB9971F61A09FC73D509806106B5977D211CB0E1D04D0ED96BCE89 - BAE8F73D800B052139CBF8D</DSA-Y> - </MAINKEY> - <USERID> - <NAME>OpenCDK test key (Only intended for test purposes!)</NAME> - <EMAIL>opencdk@@foo-bar.org</EMAIL> - <PRIMARY>0</PRIMARY> - <REVOKED>0</REVOKED> - </USERID> - <SIGNATURE> - <VERSION>4</VERSION> - <SIGCLASS>19</SIGCLASS> - <EXPIRED>0</EXPIRED> - <PKALGO>DSA</PKALGO> - <MDALGO>SHA1</MDALGO> - <CREATED>1011533164</CREATED> - <KEYID>BD572CDCCCC07C3</KEYID> - </SIGNATURE> - <SUBKEY> - <KEYID>FCB0CF3A5261E06</KEYID> - <FINGERPRINT>297B48ACC09C0FF683CA1ED1FCB0CF3A5261E067</FINGERPRINT> - <PKALGO>ELG</PKALGO> - <KEYLEN>1024</KEYLEN> - <CREATED>1011533167</CREATED> - <REVOKED>0</REVOKED> - <KEY ENCODING="HEX"/> - <ELG-P>0400E20156526069D067D24F4D71E6D38658E08BE3BF246C1ADCE0 - 8DB69CD8D459C1ED335738410798755AFDB79F1797CF022E70C7960F12CA6 - 896D27CFD24A11CD316DDE1FBCC1EA615C5C31FEC656E467078C875FC509B - 1ECB99C8B56C2D875C50E2018B5B0FA378606EB6425A2533830F55FD21D64 - 9015615D49A1D09E9510F5F</ELG-P> - <ELG-G>000305</ELG-G> - <ELG-Y>0400D0BDADE40432758675C87D0730C360981467BAE1BEB6CC105A - 3C1F366BFDBEA12E378456513238B8AD414E52A2A9661D1DF1DB6BB5F33F6 - 906166107556C813224330B30932DB7C8CC8225672D7AE24AF2469750E539 - B661EA6475D2E03CD8D3838DC4A8AC4AFD213536FE3E96EC9D0AEA65164B5 - 76E01B37A8DCA89F2B257D0</ELG-Y> - </SUBKEY> - <SIGNATURE> - <VERSION>4</VERSION> - <SIGCLASS>24</SIGCLASS> - <EXPIRED>0</EXPIRED> - <PKALGO>DSA</PKALGO> - <MDALGO>SHA1</MDALGO> - <CREATED>1011533167</CREATED> - <KEYID>BD572CDCCCC07C3</KEYID> - </SIGNATURE> - </OPENPGPKEY> -</gnutls:openpgp:key> -@end smallexample - @node All the supported ciphersuites in GnuTLS @chapter All the Supported Ciphersuites in @acronym{GnuTLS} @anchor{ciphersuites} diff --git a/includes/gnutls/openpgp.h b/includes/gnutls/openpgp.h index 2d7a7d4ac0..5b2761068b 100644 --- a/includes/gnutls/openpgp.h +++ b/includes/gnutls/openpgp.h @@ -84,9 +84,6 @@ extern "C" int gnutls_openpgp_key_check_hostname (gnutls_openpgp_key_t key, const char *hostname); - int gnutls_openpgp_key_to_xml (gnutls_openpgp_key_t key, - gnutls_datum_t * xmlkey, int ext); - /* privkey stuff. */ int gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key); diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index 2955f75bf7..da1df88b38 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -231,14 +231,6 @@ extern "C" size_t sizeof_buf, unsigned int critical); - int gnutls_x509_crt_to_xml (gnutls_x509_crt_t cert, - gnutls_datum_t * res, int detail); - -/* Possible values for gnutls_x509_crt_to_xml() detail. - */ -#define GNUTLS_XML_SHOW_ALL 1 -#define GNUTLS_XML_NORMAL 0 - /* X.509 Certificate writing. */ int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am index 2cdc2f61a4..621066786f 100644 --- a/lib/x509/Makefile.am +++ b/lib/x509/Makefile.am @@ -30,7 +30,7 @@ noinst_LTLIBRARIES = libgnutls_x509.la libgnutls_x509_la_SOURCES = crl.c dn.c common.c x509.c extensions.c \ dsa.c rfc2818_hostname.c verify.c mpi.c privkey.c pkcs7.c \ - crq.c xml.c sign.c privkey_pkcs8.c pkcs12.c pkcs12_bag.c \ + crq.c sign.c privkey_pkcs8.c pkcs12.c pkcs12_bag.c \ pkcs12_encr.c x509_write.c crl_write.c dn.h common.h x509.h \ extensions.h pkcs7.h verify.h mpi.h crq.h sign.h privkey.h \ pkcs12.h rfc2818.h dsa.h output.c diff --git a/lib/x509/xml.c b/lib/x509/xml.c deleted file mode 100644 index d20f9ae42e..0000000000 --- a/lib/x509/xml.c +++ /dev/null @@ -1,762 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavroyanopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - - -/* This file has the required functions to convert an X.509 DER certificate - * to XML format. - */ - -#include <defines.h> - -#if 1 - -#include <gnutls_int.h> - -/* The function below rely on some internal libtasn1 functions. While - it would be easy to export them (or copy them) we prefer not to at - this point. If you need the XML functionality, simply build with - --with-included-libtasn1 and change the '1' above to '0', or help - us add XML export functions to libtasn1 proper. */ - -int -gnutls_x509_crt_to_xml (gnutls_x509_crt_t cert, gnutls_datum_t * res, - int detail) -{ - return GNUTLS_E_INTERNAL_ERROR; -} - -#else - -#ifdef ENABLE_PKI - -#include <int.h> -#include <errors.h> -#include <structure.h> -#include <parser_aux.h> -#include <gnutls_int.h> -#include <gnutls_datum.h> -#include <gnutls_global.h> -#include <gnutls_errors.h> -#include <gnutls_str.h> -#include <gnutls_x509.h> -#include <x509.h> -#include <common.h> - -static int _gnutls_x509_expand_extensions (ASN1_TYPE * rasn); - -static const void * -find_default_value (ASN1_TYPE x) -{ - ASN1_TYPE p = x; - - if (x->value == NULL && x->type & CONST_DEFAULT) - { - if (x->down) - { - x = x->down; - do - { - if (type_field (x->type) == TYPE_DEFAULT) - { - if (type_field (p->type) == TYPE_BOOLEAN) - { - if (x->type & CONST_TRUE) - return "TRUE"; - else - return "FALSE"; - } - else - return x->value; - } - x = x->right; - } - while (x != NULL); - - } - } - return NULL; -} - - -static int -is_node_printable (ASN1_TYPE x) -{ - switch (type_field (x->type)) - { - case TYPE_TAG: - case TYPE_SIZE: - case TYPE_DEFAULT: - return 0; - case TYPE_CONSTANT: - { - ASN1_TYPE up = _asn1_find_up (x); - - if (up != NULL && type_field (up->type) != TYPE_ANY && - up->value != NULL) - return 0; - } - return 1; - } - if (x->name == NULL && _asn1_find_up (x) != NULL) - return 0; - if (x->value == NULL && x->down == NULL) - return 0; - return 1; -} - -/* returns true if the node is the only one printable in - * the level down of it. - */ -static int -is_leaf (ASN1_TYPE p) -{ - ASN1_TYPE x; - - if (p == NULL) - return 1; - if (p->down == NULL) - return 1; - - x = p->down; - - while (x != NULL) - { - if (is_node_printable (x)) - return 0; - if (is_leaf (x) == 0) - return 0; - x = x->right; - } - - return 1; - -} - -#define APPEND(y, z) if (_gnutls_string_append_data( &str, y, z) < 0) { \ - _gnutls_string_clear( &str); \ - gnutls_assert(); \ - return GNUTLS_E_MEMORY_ERROR; \ - } -#define STR_APPEND(y) if (_gnutls_string_append_str( &str, y) < 0) { \ - _gnutls_string_clear( &str); \ - gnutls_assert(); \ - return GNUTLS_E_MEMORY_ERROR; \ - } - -#define UNNAMED "unnamed" -#define ROOT "certificate" -/* This function removes the '?' character from ASN.1 names - */ -static int -normalize_name (ASN1_TYPE p, char *output, int output_size) -{ - const char *name; - - if (output_size > 0) - output[0] = 0; - else - return GNUTLS_E_INTERNAL_ERROR; - - if (p == NULL) - return GNUTLS_E_INTERNAL_ERROR; - - name = p->name; - if (name == NULL) - name = ROOT; - - if (type_field (p->type) == TYPE_CONSTANT) - { - ASN1_TYPE up = _asn1_find_up (p); - const char *tmp; - - if (up && type_field (up->type) == TYPE_ANY && - up->left && up->left->value && - up->type & CONST_DEFINED_BY && - type_field (up->left->type) == TYPE_OBJECT_ID) - { - - tmp = - asn1_find_structure_from_oid (_gnutls_get_pkix (), - up->left->value); - if (tmp != NULL) - _gnutls_str_cpy (output, output_size, tmp); - else - { - _gnutls_str_cpy (output, output_size, "DEFINED_BY_"); - _gnutls_str_cat (output, output_size, name); - } - } - else - { - _gnutls_str_cpy (output, output_size, "DEFINED_BY_"); - _gnutls_str_cat (output, output_size, name); - } - - - return 0; - } - - if (name[0] == '?') - { - _gnutls_str_cpy (output, output_size, UNNAMED); - if (strlen (name) > 1) - _gnutls_str_cat (output, output_size, &name[1]); - } - else - { - _gnutls_str_cpy (output, output_size, name); - } - return 0; -} - -#define XML_HEADER "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n" \ - "<gnutls:x509:certificate version=\"1.1\">\n" - -#define XML_FOOTER "</gnutls:x509:certificate>\n" - -static int -_gnutls_asn1_get_structure_xml (ASN1_TYPE structure, - gnutls_datum_t * res, int detail) -{ - node_asn *p, *root; - int k, indent = 0, len, len2, len3; - opaque tmp[1024]; - char nname[256]; - int ret; - gnutls_string str; - - if (res == NULL || structure == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _gnutls_string_init (&str, malloc, realloc, free); - - STR_APPEND (XML_HEADER); - indent = 1; - - root = _asn1_find_node (structure, ""); - - if (root == NULL) - { - gnutls_assert (); - _gnutls_string_clear (&str); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (detail == GNUTLS_XML_SHOW_ALL) - ret = asn1_expand_any_defined_by (_gnutls_get_pkix (), &structure); - /* we don't need to check the error value - * here. - */ - - if (detail == GNUTLS_XML_SHOW_ALL) - { - ret = _gnutls_x509_expand_extensions (&structure); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } - - p = root; - while (p) - { - if (is_node_printable (p)) - { - for (k = 0; k < indent; k++) - APPEND (" ", 1); - - if ((ret = normalize_name (p, nname, sizeof (nname))) < 0) - { - _gnutls_string_clear (&str); - gnutls_assert (); - return ret; - } - - APPEND ("<", 1); - STR_APPEND (nname); - } - - if (is_node_printable (p)) - { - switch (type_field (p->type)) - { - case TYPE_DEFAULT: - STR_APPEND (" type=\"DEFAULT\""); - break; - case TYPE_NULL: - STR_APPEND (" type=\"NULL\""); - break; - case TYPE_IDENTIFIER: - STR_APPEND (" type=\"IDENTIFIER\""); - break; - case TYPE_INTEGER: - STR_APPEND (" type=\"INTEGER\""); - STR_APPEND (" encoding=\"HEX\""); - break; - case TYPE_ENUMERATED: - STR_APPEND (" type=\"ENUMERATED\""); - STR_APPEND (" encoding=\"HEX\""); - break; - case TYPE_TIME: - STR_APPEND (" type=\"TIME\""); - break; - case TYPE_BOOLEAN: - STR_APPEND (" type=\"BOOLEAN\""); - break; - case TYPE_SEQUENCE: - STR_APPEND (" type=\"SEQUENCE\""); - break; - case TYPE_BIT_STRING: - STR_APPEND (" type=\"BIT STRING\""); - STR_APPEND (" encoding=\"HEX\""); - break; - case TYPE_OCTET_STRING: - STR_APPEND (" type=\"OCTET STRING\""); - STR_APPEND (" encoding=\"HEX\""); - break; - case TYPE_SEQUENCE_OF: - STR_APPEND (" type=\"SEQUENCE OF\""); - break; - case TYPE_OBJECT_ID: - STR_APPEND (" type=\"OBJECT ID\""); - break; - case TYPE_ANY: - STR_APPEND (" type=\"ANY\""); - if (!p->down) - STR_APPEND (" encoding=\"HEX\""); - break; - case TYPE_CONSTANT: - { - ASN1_TYPE up = _asn1_find_up (p); - - if (up && type_field (up->type) == TYPE_ANY && - up->left && up->left->value && - up->type & CONST_DEFINED_BY && - type_field (up->left->type) == TYPE_OBJECT_ID) - { - - if (_gnutls_x509_oid_data_printable - (up->left->value) == 0) - { - STR_APPEND (" encoding=\"HEX\""); - } - - } - } - break; - case TYPE_SET: - STR_APPEND (" type=\"SET\""); - break; - case TYPE_SET_OF: - STR_APPEND (" type=\"SET OF\""); - break; - case TYPE_CHOICE: - STR_APPEND (" type=\"CHOICE\""); - break; - case TYPE_DEFINITIONS: - STR_APPEND (" type=\"DEFINITIONS\""); - break; - default: - break; - } - } - - - if (p->type == TYPE_BIT_STRING) - { - len2 = -1; - len = asn1_get_length_der (p->value, p->value_len, &len2); - snprintf (tmp, sizeof (tmp), " length=\"%i\"", - (len - 1) * 8 - (p->value[len2])); - STR_APPEND (tmp); - } - - if (is_node_printable (p)) - STR_APPEND (">"); - - if (is_node_printable (p)) - { - const unsigned char *value; - - if (p->value == NULL) - value = find_default_value (p); - else - value = p->value; - - switch (type_field (p->type)) - { - - case TYPE_DEFAULT: - if (value) - STR_APPEND (value); - break; - case TYPE_IDENTIFIER: - if (value) - STR_APPEND (value); - break; - case TYPE_INTEGER: - if (value) - { - len2 = -1; - len = asn1_get_length_der (value, p->value_len, &len2); - - for (k = 0; k < len; k++) - { - snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); - STR_APPEND (tmp); - } - - } - break; - case TYPE_ENUMERATED: - if (value) - { - len2 = -1; - len = asn1_get_length_der (value, p->value_len, &len2); - - for (k = 0; k < len; k++) - { - snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); - STR_APPEND (tmp); - } - } - break; - case TYPE_TIME: - if (value) - STR_APPEND (value); - break; - case TYPE_BOOLEAN: - if (value) - { - if (value[0] == 'T') - { - STR_APPEND ("TRUE"); - } - else if (value[0] == 'F') - { - STR_APPEND ("FALSE"); - } - } - break; - case TYPE_BIT_STRING: - if (value) - { - len2 = -1; - len = asn1_get_length_der (value, p->value_len, &len2); - - for (k = 1; k < len; k++) - { - snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); - STR_APPEND (tmp); - } - } - break; - case TYPE_OCTET_STRING: - if (value) - { - len2 = -1; - len = asn1_get_length_der (value, p->value_len, &len2); - for (k = 0; k < len; k++) - { - snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); - STR_APPEND (tmp); - } - } - break; - case TYPE_OBJECT_ID: - if (value) - STR_APPEND (value); - break; - case TYPE_ANY: - if (!p->down) - { - if (value) - { - len3 = -1; - len2 = asn1_get_length_der (value, p->value_len, &len3); - for (k = 0; k < len2; k++) - { - snprintf (tmp, sizeof (tmp), - "%02X", (value)[k + len3]); - STR_APPEND (tmp); - } - } - } - break; - case TYPE_CONSTANT: - { - ASN1_TYPE up = _asn1_find_up (p); - - if (up && type_field (up->type) == TYPE_ANY && - up->left && up->left->value && - up->type & CONST_DEFINED_BY && - type_field (up->left->type) == TYPE_OBJECT_ID) - { - - len2 = - asn1_get_length_der (up->value, up->value_len, &len3); - - if (len2 > 0 && strcmp (p->name, "type") == 0) - { - size_t tmp_len = sizeof (tmp); - ret = - _gnutls_x509_oid_data2string (up->left-> - value, - up->value + len3, - len2, tmp, &tmp_len); - - if (ret >= 0) - { - STR_APPEND (tmp); - } - } - else - { - for (k = 0; k < len2; k++) - { - snprintf (tmp, sizeof (tmp), - "%02X", (up->value)[k + len3]); - STR_APPEND (tmp); - } - - } - } - else - { - if (value) - STR_APPEND (value); - } - - } - break; - case TYPE_SET: - case TYPE_SET_OF: - case TYPE_CHOICE: - case TYPE_DEFINITIONS: - case TYPE_SEQUENCE_OF: - case TYPE_SEQUENCE: - case TYPE_NULL: - break; - default: - break; - } - } - - if (p->down && is_node_printable (p)) - { - ASN1_TYPE x; - p = p->down; - indent += 2; - x = p; - do - { - if (is_node_printable (x)) - { - STR_APPEND ("\n"); - break; - } - x = x->right; - } - while (x != NULL); - } - else if (p == root) - { - if (is_node_printable (p)) - { - if ((ret = normalize_name (p, nname, sizeof (nname))) < 0) - { - _gnutls_string_clear (&str); - gnutls_assert (); - return ret; - } - - APPEND ("</", 2); - STR_APPEND (nname); - APPEND (">\n", 2); - } - p = NULL; - break; - } - else - { - if (is_node_printable (p)) - { - if ((ret = normalize_name (p, nname, sizeof (nname))) < 0) - { - _gnutls_string_clear (&str); - gnutls_assert (); - return ret; - } - - APPEND ("</", 2); - STR_APPEND (nname); - APPEND (">\n", 2); - } - if (p->right) - p = p->right; - else - { - while (1) - { - ASN1_TYPE old_p; - - old_p = p; - - p = _asn1_find_up (p); - indent -= 2; - if (is_node_printable (p)) - { - if (!is_leaf (p)) /* XXX */ - for (k = 0; k < indent; k++) - STR_APPEND (" "); - - if ((ret = - normalize_name (p, nname, sizeof (nname))) < 0) - { - _gnutls_string_clear (&str); - gnutls_assert (); - return ret; - } - - APPEND ("</", 2); - STR_APPEND (nname); - APPEND (">\n", 2); - } - if (p == root) - { - p = NULL; - break; - } - - if (p->right) - { - p = p->right; - break; - } - } - } - } - } - - STR_APPEND (XML_FOOTER); - APPEND ("\n\0", 2); - - *res = _gnutls_string2datum (&str); - res->size -= 1; /* null is not included in size */ - - return 0; -} - -/** - * gnutls_x509_crt_to_xml - This function parses an RDN sequence - * @cert: should contain a gnutls_x509_crt_t structure - * @res: The datum that will hold the result - * @detail: The detail level (must be GNUTLS_XML_SHOW_ALL or GNUTLS_XML_NORMAL) - * - * This function will return the XML structures of the given X.509 - * certificate. The XML structures are allocated internally (with - * malloc) and stored into res. - * - * Returns a negative error code in case of an error. - * - * Deprecated: This function is currently not implemented. See the - * NEWS entry for GnuTLS version 1.3.5. - * - **/ -int -gnutls_x509_crt_to_xml (gnutls_x509_crt_t cert, gnutls_datum_t * res, - int detail) -{ - int result; - - res->data = NULL; - res->size = 0; - - result = _gnutls_asn1_get_structure_xml (cert->cert, res, detail); - if (result < 0) - { - gnutls_assert (); - return result; - } - - return 0; -} - -/* This function will attempt to parse Extensions in - * an X509v3 certificate - * - * If no_critical_ext is non zero, then unsupported critical extensions - * do not lead into a fatal error. - */ -static int -_gnutls_x509_expand_extensions (ASN1_TYPE * rasn) -{ - int k, result, len; - char name[128], name2[128], counter[MAX_INT_DIGITS]; - char name1[128]; - char extnID[128]; - - k = 0; - do - { - k++; - - _gnutls_str_cpy (name, sizeof (name), "tbsCertificate.extensions.?"); - _gnutls_int2str (k, counter); - _gnutls_str_cat (name, sizeof (name), counter); - - _gnutls_str_cpy (name2, sizeof (name2), name); - _gnutls_str_cat (name2, sizeof (name2), ".extnID"); - - _gnutls_str_cpy (name1, sizeof (name1), name); - _gnutls_str_cat (name1, sizeof (name1), ".extnValue"); - - len = sizeof (extnID) - 1; - - result = asn1_expand_octet_string (_gnutls_get_pkix (), - rasn, name1, name2); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - } - while (1); - - if (result == ASN1_ELEMENT_NOT_FOUND) - return 0; - else - return _gnutls_asn2err (result); -} - -#endif -#endif diff --git a/libextra/openpgp/Makefile.am b/libextra/openpgp/Makefile.am index 116f93ba96..a0ca2a509e 100644 --- a/libextra/openpgp/Makefile.am +++ b/libextra/openpgp/Makefile.am @@ -33,7 +33,7 @@ endif noinst_LTLIBRARIES = libgnutls_openpgp.la -COBJECTS = pgp.c xml.c pgpverify.c extras.c compat.c privkey.c +COBJECTS = pgp.c pgpverify.c extras.c compat.c privkey.c libgnutls_openpgp_la_SOURCES = $(COBJECTS) openpgp.h gnutls_openpgp.h diff --git a/libextra/openpgp/xml.c b/libextra/openpgp/xml.c deleted file mode 100644 index 3f16effd24..0000000000 --- a/libextra/openpgp/xml.c +++ /dev/null @@ -1,442 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Timo Schulz, Nikos Mavroyanopoulos - * - * This file is part of GNUTLS-EXTRA. - * - * GNUTLS-EXTRA is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of the - * License, or (at your option) any later version. - * - * GNUTLS-EXTRA is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with GNUTLS-EXTRA; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - * - */ - -#include <gnutls_int.h> -#include <gnutls_str.h> -#include <gnutls_errors.h> -#include <openpgp.h> -#include <x509/rfc2818.h> /* for MAX_CN */ - - -static int -xml_add_tag (gnutls_string * xmlkey, const char *tag, const char *val) -{ - if (!xmlkey || !tag || !val) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _gnutls_string_append_str (xmlkey, " <"); - _gnutls_string_append_str (xmlkey, tag); - _gnutls_string_append_str (xmlkey, ">"); - _gnutls_string_append_str (xmlkey, val); - _gnutls_string_append_str (xmlkey, "</"); - _gnutls_string_append_str (xmlkey, tag); - _gnutls_string_append_str (xmlkey, ">\n"); - - return 0; -} - - -/* Add a tag to the xml key with an unsigned integer based value. - We use the unsigned format, because no key attribute has a - negative values. */ -static int -xml_add_tag_uint_val (gnutls_string *xmlkey, const char *tag, unsigned int val) -{ - char tmp[32]; - - sprintf (tmp, "%lu", (unsigned long)val); - return xml_add_tag (xmlkey, tag, tmp); -} - - -static int -xml_add_mpi2 (gnutls_string * xmlkey, const uint8_t * data, size_t count, - const char *tag) -{ - char *p; - size_t i; - int rc; - - if (!xmlkey || !data || !tag) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - p = gnutls_calloc (1, 2 * (count + 3)); - if (!p) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - for (i = 0; i < count; i++) - sprintf (p + 2 * i, "%02X", data[i]); - p[2 * count] = '\0'; - - rc = xml_add_tag (xmlkey, tag, p); - gnutls_free (p); - - return rc; -} - - -static int -xml_add_mpi (gnutls_string * xmlkey, cdk_pkt_pubkey_t pk, int idx, - const char *tag) -{ - uint8_t buf[4096]; /* Maximal supported MPI of size 32786 bits */ - size_t nbytes; - - /* FIXME: we should not hardcode the buffer size. */ - nbytes = 4096; - if (cdk_pk_get_mpi (pk, idx, buf, nbytes, &nbytes, NULL)) - return GNUTLS_E_INTERNAL_ERROR; - return xml_add_mpi2 (xmlkey, buf, nbytes, tag); -} - - - -static int -xml_add_key_mpi (gnutls_string * xmlkey, cdk_pkt_pubkey_t pk) -{ - const char *s = " <KEY ENCODING=\"HEX\"/>\n"; - int rc = 0; - - if (!xmlkey || !pk) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _gnutls_string_append_str (xmlkey, s); - - if (is_RSA (pk->pubkey_algo)) - { - rc = xml_add_mpi (xmlkey, pk, 0, "RSA-N"); - if (!rc) - rc = xml_add_mpi (xmlkey, pk, 1, "RSA-E"); - } - else if (is_DSA (pk->pubkey_algo)) - { - rc = xml_add_mpi (xmlkey, pk, 0, "DSA-P"); - if (!rc) - rc = xml_add_mpi (xmlkey, pk, 1, "DSA-Q"); - if (!rc) - rc = xml_add_mpi (xmlkey, pk, 2, "DSA-G"); - if (!rc) - rc = xml_add_mpi (xmlkey, pk, 3, "DSA-Y"); - } - else - return GNUTLS_E_UNWANTED_ALGORITHM; - - return rc; -} - - -static int -xml_add_key (gnutls_string * xmlkey, int ext, cdk_pkt_pubkey_t pk, int sub) -{ - const char *algo, *s; - char keyid[32+1], strfpr[40+1]; - uint8_t keyfpr[20]; - unsigned int kid[2]; - int i = 0, rc = 0; - - if (!xmlkey || !pk) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - s = sub ? " <SUBKEY>\n" : " <MAINKEY>\n"; - _gnutls_string_append_str (xmlkey, s); - - cdk_pk_get_keyid (pk, kid); - snprintf (keyid, 32, "%08lX%08lX", - (unsigned long)kid[0], (unsigned long)kid[1]); - rc = xml_add_tag (xmlkey, "KEYID", keyid); - if (rc) - return rc; - - cdk_pk_get_fingerprint (pk, keyfpr); - for (i = 0; i < 20; i++) - sprintf (strfpr + 2 * i, "%02X", keyfpr[i]); - strfpr[40] = '\0'; - rc = xml_add_tag (xmlkey, "FINGERPRINT", strfpr); - if (rc) - return rc; - - if (is_DSA (pk->pubkey_algo)) - algo = "DSA"; - else if (is_RSA (pk->pubkey_algo)) - algo = "RSA"; - else - return GNUTLS_E_UNWANTED_ALGORITHM; - rc = xml_add_tag (xmlkey, "PKALGO", algo); - if (rc) - return rc; - - rc = xml_add_tag_uint_val (xmlkey, "KEYLEN", cdk_pk_get_nbits (pk)); - if (rc) - return rc; - - rc = xml_add_tag_uint_val (xmlkey, "CREATED", pk->timestamp); - if (rc) - return rc; - - if (pk->expiredate > 0) - { - rc = xml_add_tag_uint_val (xmlkey, "EXPIREDATE", pk->expiredate); - if (rc) - return rc; - } - - rc = xml_add_tag_uint_val (xmlkey, "REVOKED", pk->is_revoked); - if (rc) - return rc; - - if (ext) - { - rc = xml_add_key_mpi (xmlkey, pk); - if (rc) - return rc; - } - - s = sub ? " </SUBKEY>\n" : " </MAINKEY>\n"; - _gnutls_string_append_str (xmlkey, s); - - return 0; -} - - -static int -xml_add_userid (gnutls_string * xmlkey, int ext, - const char *dn, cdk_pkt_userid_t id) -{ - const char *s; - int rc; - - if (!xmlkey || !dn || !id) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - s = " <USERID>\n"; - _gnutls_string_append_str (xmlkey, s); - - rc = xml_add_tag (xmlkey, "NAME", dn); - if (rc) - return rc; - - if (ext) - { - rc = xml_add_tag_uint_val (xmlkey, "PRIMARY", id->is_primary); - if (!rc) - rc = xml_add_tag_uint_val (xmlkey, "REVOKED", id->is_revoked); - if (rc) - return rc; - } - - s = " </USERID>\n"; - _gnutls_string_append_str (xmlkey, s); - - return 0; -} - - -static int -xml_add_sig (gnutls_string * xmlkey, int ext, cdk_pkt_signature_t sig) -{ - const char *algo, *s; - char keyid[16+1]; - unsigned int kid[2]; - int rc; - - if (!xmlkey || !sig) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - s = " <SIGNATURE>\n"; - _gnutls_string_append_str (xmlkey, s); - - rc = xml_add_tag_uint_val (xmlkey, "VERSION", sig->version); - if (rc) - return rc; - - if (ext) - { - rc = xml_add_tag_uint_val (xmlkey, "SIGCLASS", sig->sig_class); - if (rc) - return rc; - } - - rc = xml_add_tag_uint_val (xmlkey, "EXPIRED", sig->flags.expired); - if (rc) - return rc; - - if (ext) - { - switch (sig->pubkey_algo) - { - case GCRY_PK_DSA: - algo = "DSA"; - break; - case GCRY_PK_RSA: - case GCRY_PK_RSA_E: - case GCRY_PK_RSA_S: - algo = "RSA"; - break; - default: - algo = "???"; /* unknown algorithm */ - } - rc = xml_add_tag (xmlkey, "PKALGO", algo); - if (rc) - return rc; - - switch (sig->digest_algo) - { - case GCRY_MD_SHA1: - algo = "SHA1"; - break; - case GCRY_MD_RMD160: - algo = "RMD160"; - break; - case GCRY_MD_MD5: - algo = "MD5"; - break; - case GCRY_MD_SHA256: - algo = "SHA256"; - break; - case GCRY_MD_SHA384: - algo = "SHA384"; - break; - case GCRY_MD_SHA512: - algo = "SHA512"; - break; - default: - algo = "???"; - } - rc = xml_add_tag (xmlkey, "MDALGO", algo); - if (rc) - return rc; - } - - rc = xml_add_tag_uint_val (xmlkey, "CREATED", sig->timestamp); - if (rc) - return rc; - - cdk_sig_get_keyid (sig, kid); - snprintf (keyid, 16, "%08lX%08lX", - (unsigned long)kid[0], (unsigned long)kid[1]); - rc = xml_add_tag (xmlkey, "KEYID", keyid); - if (rc) - return rc; - - s = " </SIGNATURE>\n"; - _gnutls_string_append_str (xmlkey, s); - - return 0; -} - - -/** - * gnutls_openpgp_key_to_xml - Return a certificate as a XML fragment - * @cert: the certificate which holds the whole OpenPGP key. - * @xmlkey: he datum struct to store the XML result. - * @ext: extension mode (1/0), 1 means include key signatures and key data. - * - * This function will return the all OpenPGP key information encapsulated as - * a XML string. - **/ -int -gnutls_openpgp_key_to_xml (gnutls_openpgp_key_t key, - gnutls_datum_t * xmlkey, int ext) -{ - cdk_kbnode_t node, ctx; - cdk_packet_t pkt; - char name[MAX_CN]; - size_t name_len; - const char *s; - int idx; - int rc = 0; - gnutls_string string_xml_key; - - if (!key || !xmlkey) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _gnutls_string_init (&string_xml_key, malloc, realloc, free); - memset (xmlkey, 0, sizeof *xmlkey); - - s = "<?xml version=\"1.0\"?>\n\n"; - _gnutls_string_append_str (&string_xml_key, s); - - s = "<gnutls:openpgp:key version=\"1.0\">\n"; - _gnutls_string_append_str (&string_xml_key, s); - - s = " <OPENPGPKEY>\n"; - _gnutls_string_append_str (&string_xml_key, s); - - ctx = NULL; - idx = 1; - while ((node = cdk_kbnode_walk (key->knode, &ctx, 0))) - { - pkt = cdk_kbnode_get_packet (node); - switch (pkt->pkttype) - { - case CDK_PKT_PUBLIC_KEY: - rc = xml_add_key (&string_xml_key, ext, pkt->pkt.public_key, 0); - break; - - case CDK_PKT_PUBLIC_SUBKEY: - rc = xml_add_key (&string_xml_key, ext, pkt->pkt.public_key, 1); - break; - - case CDK_PKT_USER_ID: - name_len = sizeof (name) / sizeof (name[0]); - gnutls_openpgp_key_get_name (key, idx, name, &name_len); - rc = xml_add_userid (&string_xml_key, ext, name, pkt->pkt.user_id); - idx++; - break; - - case CDK_PKT_SIGNATURE: - rc = xml_add_sig (&string_xml_key, ext, pkt->pkt.signature); - break; - - default: - break; - } - } - if (!rc) - { - s = " </OPENPGPKEY>\n"; - _gnutls_string_append_str (&string_xml_key, s); - } - s = "</gnutls:openpgp:key>\n"; - _gnutls_string_append_str (&string_xml_key, s); - _gnutls_string_append_data (&string_xml_key, "\n\0", 2); - - *xmlkey = _gnutls_string2datum (&string_xml_key); - xmlkey->size--; - - return rc; -} @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: gnutls 1.4.0\n" "Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n" -"POT-Creation-Date: 2006-05-12 00:21+0200\n" +"POT-Creation-Date: 2007-10-06 09:59+0300\n" "PO-Revision-Date: 2006-12-12 09:37+0100\n" "Last-Translator: Michael Piefel <piefel@informatik.hu-berlin.de>\n" "Language-Team: German <translation-team-de@lists.sourceforge.net>\n" @@ -42,8 +42,12 @@ msgstr "Ein großes TLS-Datensatzpaket wurde empfangen." msgid "A record packet with illegal version was received." msgstr "Ein Datensatzpaket mit illegaler Version wurde empfangen." -msgid "The Diffie Hellman prime sent by the server is not acceptable (not long enough)." -msgstr "Die Diffie-Hellman-Primzahl, die vom Server gesendet wurde, ist nicht akzeptabel (nicht lang genug)." +msgid "" +"The Diffie Hellman prime sent by the server is not acceptable (not long " +"enough)." +msgstr "" +"Die Diffie-Hellman-Primzahl, die vom Server gesendet wurde, ist nicht " +"akzeptabel (nicht lang genug)." msgid "A TLS packet with unexpected length was received." msgstr "Ein TLS-Paket mit unerwarteter Länge wurde empfangen." @@ -103,7 +107,8 @@ msgid "Public key signing has failed." msgstr "Das Signieren mittels öffentlichem Schlüssel schlug fehl." msgid "Public key signature verification has failed." -msgstr "Die Verifizierung der Signatur mittels öffentlichem Schlüssel schlug fehl." +msgstr "" +"Die Verifizierung der Signatur mittels öffentlichem Schlüssel schlug fehl." msgid "Decompression of the TLS record packet has failed." msgstr "Die Dekomprimierung des TLS-Datensatzpakets schlug fehl." @@ -115,7 +120,8 @@ msgid "Internal error in memory allocation." msgstr "Interner Fehler bei Speicheranfoderung." msgid "An unimplemented or disabled feature has been requested." -msgstr "Eine nicht implementierte oder deaktivierte Eigenschaft wurde abgefragt." +msgstr "" +"Eine nicht implementierte oder deaktivierte Eigenschaft wurde abgefragt." msgid "Insufficient credentials for that request." msgstr "Unzureichende Berechtigungsnachweise für diese Anfrage." @@ -150,7 +156,8 @@ msgstr "Fehler in der Pull-Funktion." msgid "Error in the push function." msgstr "Fehler in der Push-Funktion." -msgid "The upper limit of record packet sequence numbers has been reached. Wow!" +msgid "" +"The upper limit of record packet sequence numbers has been reached. Wow!" msgstr "Das obere Limit der Datensatzpaketsequenznummern wurde erreicht. Huch!" msgid "Error in the certificate." @@ -172,7 +179,9 @@ msgid "Rehandshake was requested by the peer." msgstr "Neuer Handshake wurde von der Gegenstelle gefordert." msgid "TLS Application data were received, while expecting handshake data." -msgstr "TLS-Anwendungsdaten wurden empfangen, während Handshake-Daten erwartet wurden." +msgstr "" +"TLS-Anwendungsdaten wurden empfangen, während Handshake-Daten erwartet " +"wurden." msgid "Error in Database backend." msgstr "Fehler im Datenbank-Backend." @@ -233,8 +242,11 @@ msgstr "Zu viele leere Datensatzpakete wurden empfangen." msgid "The initialization of GnuTLS-extra has failed." msgstr "Die Initialisierung von GnuTLS-extra schlug fehl." -msgid "The GnuTLS library version does not match the GnuTLS-extra library version." -msgstr "Die Version der GnuTLS-Bibliothek stimmt nicht mit der Version der GnuTLS-extra-Bibliothek überein." +msgid "" +"The GnuTLS library version does not match the GnuTLS-extra library version." +msgstr "" +"Die Version der GnuTLS-Bibliothek stimmt nicht mit der Version der GnuTLS-" +"extra-Bibliothek überein." msgid "The gcrypt library version is too old." msgstr "Die Version der Bibliothek gcrypt ist zu alt." @@ -242,8 +254,12 @@ msgstr "Die Version der Bibliothek gcrypt ist zu alt." msgid "The tasn1 library version is too old." msgstr "Die Version der Bibliothek tasn1 ist zu alt." -msgid "The specified GnuPG TrustDB version is not supported. TrustDB v4 is supported." -msgstr "Die angegebene Version von GnuPG-TrustDB wird nicht unterstützt. TrustDB Version 4 wird unterstützt." +msgid "" +"The specified GnuPG TrustDB version is not supported. TrustDB v4 is " +"supported." +msgstr "" +"Die angegebene Version von GnuPG-TrustDB wird nicht unterstützt. TrustDB " +"Version 4 wird unterstützt." msgid "Error loading the keyring." msgstr "Fehler beim Laden des Schlüsselrings." @@ -304,3 +320,256 @@ msgstr "Empfing eine »TLS/IA Final Phase Finished«-Mitteilung" msgid "Verifying TLS/IA phase checksum failed" msgstr "Verifizierung der TLS/IA-Phasenprüfsumme schlug fehl" + +#, c-format +msgid "\t\t\tPath Length Constraint: %d\n" +msgstr "" + +#, c-format +msgid "\t\t\tPolicy Language: %s" +msgstr "" + +msgid "" +"\t\t\tPolicy:\n" +"\t\t\t\tASCII: " +msgstr "" + +msgid "" +"\n" +"\t\t\t\tHexdump: " +msgstr "" + +msgid "\t\t\tDigital signature.\n" +msgstr "" + +msgid "\t\t\tNon repudiation.\n" +msgstr "" + +msgid "\t\t\tKey encipherment.\n" +msgstr "" + +msgid "\t\t\tData encipherment.\n" +msgstr "" + +msgid "\t\t\tKey agreement.\n" +msgstr "" + +msgid "\t\t\tCertificate signing.\n" +msgstr "" + +msgid "\t\t\tCRL signing.\n" +msgstr "" + +msgid "\t\t\tKey encipher only.\n" +msgstr "" + +msgid "\t\t\tKey decipher only.\n" +msgstr "" + +msgid "\t\t\tTLS WWW Server.\n" +msgstr "" + +msgid "\t\t\tTLS WWW Client.\n" +msgstr "" + +msgid "\t\t\tCode signing.\n" +msgstr "" + +msgid "\t\t\tEmail protection.\n" +msgstr "" + +msgid "\t\t\tTime stamping.\n" +msgstr "" + +msgid "\t\t\tOCSP signing.\n" +msgstr "" + +msgid "\t\t\tAny purpose.\n" +msgstr "" + +msgid "\t\t\tCertificate Authority (CA): FALSE\n" +msgstr "" + +msgid "\t\t\tCertificate Authority (CA): TRUE\n" +msgstr "" + +#, c-format +msgid "\t\t\tXMPP Address: %.*s\n" +msgstr "" + +#, c-format +msgid "\t\t\totherName OID: %.*s\n" +msgstr "" + +msgid "\t\t\totherName DER: " +msgstr "" + +msgid "" +"\n" +"\t\t\totherName ASCII: " +msgstr "" + +#, c-format +msgid "\tVersion: %d\n" +msgstr "" + +msgid "\tSerial Number (hex): " +msgstr "" + +#, c-format +msgid "\tIssuer: %s\n" +msgstr "" + +msgid "\tValidity:\n" +msgstr "" + +#, c-format +msgid "\t\tNot Before: %s\n" +msgstr "" + +#, c-format +msgid "\t\tNot After: %s\n" +msgstr "" + +#, c-format +msgid "\tSubject: %s\n" +msgstr "" + +#, c-format +msgid "\tSubject Public Key Algorithm: %s\n" +msgstr "" + +#, c-format +msgid "\t\tModulus (bits %d):\n" +msgstr "" + +msgid "\t\tExponent:\n" +msgstr "" + +#, c-format +msgid "\t\tPublic key (bits %d):\n" +msgstr "" + +msgid "\t\tP:\n" +msgstr "" + +msgid "\t\tQ:\n" +msgstr "" + +msgid "\t\tG:\n" +msgstr "" + +msgid "\tExtensions:\n" +msgstr "" + +#, c-format +msgid "\t\tBasic Constraints (%s):\n" +msgstr "" + +msgid "critical" +msgstr "" + +msgid "not critical" +msgstr "" + +#, c-format +msgid "\t\tSubject Key Identifier (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tAuthority Key Identifier (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tKey Usage (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tKey Purpose (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tSubject Alternative Name (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tCRL Distribution points (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tProxy Certificate Information (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tUnknown extension %s (%s):\n" +msgstr "" + +msgid "\t\t\tASCII: " +msgstr "" + +msgid "\t\t\tHexdump: " +msgstr "" + +#, c-format +msgid "\tSignature Algorithm: %s\n" +msgstr "" + +msgid "" +"warning: signed using a broken signature algorithm that can be forged.\n" +msgstr "" + +msgid "\tSignature:\n" +msgstr "" + +msgid "" +"\tMD5 fingerprint:\n" +"\t\t" +msgstr "" + +msgid "" +"\tSHA-1 fingerprint:\n" +"\t\t" +msgstr "" + +msgid "" +"\tPublic Key Id:\n" +"\t\t" +msgstr "" + +msgid "X.509 Certificate Information:\n" +msgstr "" + +msgid "Other Information:\n" +msgstr "" + +msgid "\tVersion: 1 (default)\n" +msgstr "" + +msgid "\tUpdate dates:\n" +msgstr "" + +#, c-format +msgid "\t\tIssued: %s\n" +msgstr "" + +#, c-format +msgid "\t\tNext at: %s\n" +msgstr "" + +#, c-format +msgid "\tRevoked certificates (%d):\n" +msgstr "" + +#, fuzzy +msgid "\tNo revoked certificates.\n" +msgstr "Fehler im Zertifikat." + +msgid "\t\tSerial Number (hex): " +msgstr "" + +#, c-format +msgid "\t\tRevoked at: %s\n" +msgstr "" + +msgid "X.509 Certificate Revocation List Information:\n" +msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: gnutls 1.4.0\n" "Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n" -"POT-Creation-Date: 2006-05-12 00:21+0200\n" +"POT-Creation-Date: 2007-10-06 09:59+0300\n" "PO-Revision-Date: 2007-06-24 19:29+0800\n" "Last-Translator: Sharuzzaman Ahmat Raslan <sharuzzaman@myrealbox.com>\n" "Language-Team: Malay <translation-team-ms@lists.sourceforge.net>\n" @@ -42,8 +42,12 @@ msgstr "Paket rekod TLS besar telah diterima." msgid "A record packet with illegal version was received." msgstr "Paket rekod dengan versi tidak sah telah diterima." -msgid "The Diffie Hellman prime sent by the server is not acceptable (not long enough)." -msgstr "Perdana Diffie Hellman yang dihantar oleh pelayan tidak boleh diterima (tidak cukup panjang)." +msgid "" +"The Diffie Hellman prime sent by the server is not acceptable (not long " +"enough)." +msgstr "" +"Perdana Diffie Hellman yang dihantar oleh pelayan tidak boleh diterima " +"(tidak cukup panjang)." msgid "A TLS packet with unexpected length was received." msgstr "Paket TLS dengan panjang tidak dijangka telah diterima." @@ -150,7 +154,8 @@ msgstr "Ralat dalam fungsi tarik." msgid "Error in the push function." msgstr "Ralat dalam fungsi tolak." -msgid "The upper limit of record packet sequence numbers has been reached. Wow!" +msgid "" +"The upper limit of record packet sequence numbers has been reached. Wow!" msgstr "Had atas nombor jujukan paket rakaman telah dicapai. Wow!" msgid "Error in the certificate." @@ -231,7 +236,8 @@ msgstr "Terlalu banyak paket rekod kosong telah diterima." msgid "The initialization of GnuTLS-extra has failed." msgstr "Pemulaan GnuTLS-extra telah gagal." -msgid "The GnuTLS library version does not match the GnuTLS-extra library version." +msgid "" +"The GnuTLS library version does not match the GnuTLS-extra library version." msgstr "Versi pustaka GnuTLS tidak sepadan dengan versi pustaka GnuTLS-extra." msgid "The gcrypt library version is too old." @@ -240,8 +246,12 @@ msgstr "Versi pustaka gcrypt terlalu lama." msgid "The tasn1 library version is too old." msgstr "Versi pustaka tasn1 terlalu lama." -msgid "The specified GnuPG TrustDB version is not supported. TrustDB v4 is supported." -msgstr "Versi GnuPG TrustDB yang dinyatakan tidak disokong. TrustDB v4 adalah disokong." +msgid "" +"The specified GnuPG TrustDB version is not supported. TrustDB v4 is " +"supported." +msgstr "" +"Versi GnuPG TrustDB yang dinyatakan tidak disokong. TrustDB v4 adalah " +"disokong." msgid "Error loading the keyring." msgstr "Ralat memuatkan cecincin kunci." @@ -299,3 +309,256 @@ msgstr "Menerima mesej TLS/IA Final Phase Finished" msgid "Verifying TLS/IA phase checksum failed" msgstr "Pengesahan checksum fasa TLS/IA gagal" + +#, c-format +msgid "\t\t\tPath Length Constraint: %d\n" +msgstr "" + +#, c-format +msgid "\t\t\tPolicy Language: %s" +msgstr "" + +msgid "" +"\t\t\tPolicy:\n" +"\t\t\t\tASCII: " +msgstr "" + +msgid "" +"\n" +"\t\t\t\tHexdump: " +msgstr "" + +msgid "\t\t\tDigital signature.\n" +msgstr "" + +msgid "\t\t\tNon repudiation.\n" +msgstr "" + +msgid "\t\t\tKey encipherment.\n" +msgstr "" + +msgid "\t\t\tData encipherment.\n" +msgstr "" + +msgid "\t\t\tKey agreement.\n" +msgstr "" + +msgid "\t\t\tCertificate signing.\n" +msgstr "" + +msgid "\t\t\tCRL signing.\n" +msgstr "" + +msgid "\t\t\tKey encipher only.\n" +msgstr "" + +msgid "\t\t\tKey decipher only.\n" +msgstr "" + +msgid "\t\t\tTLS WWW Server.\n" +msgstr "" + +msgid "\t\t\tTLS WWW Client.\n" +msgstr "" + +msgid "\t\t\tCode signing.\n" +msgstr "" + +msgid "\t\t\tEmail protection.\n" +msgstr "" + +msgid "\t\t\tTime stamping.\n" +msgstr "" + +msgid "\t\t\tOCSP signing.\n" +msgstr "" + +msgid "\t\t\tAny purpose.\n" +msgstr "" + +msgid "\t\t\tCertificate Authority (CA): FALSE\n" +msgstr "" + +msgid "\t\t\tCertificate Authority (CA): TRUE\n" +msgstr "" + +#, c-format +msgid "\t\t\tXMPP Address: %.*s\n" +msgstr "" + +#, c-format +msgid "\t\t\totherName OID: %.*s\n" +msgstr "" + +msgid "\t\t\totherName DER: " +msgstr "" + +msgid "" +"\n" +"\t\t\totherName ASCII: " +msgstr "" + +#, c-format +msgid "\tVersion: %d\n" +msgstr "" + +msgid "\tSerial Number (hex): " +msgstr "" + +#, c-format +msgid "\tIssuer: %s\n" +msgstr "" + +msgid "\tValidity:\n" +msgstr "" + +#, c-format +msgid "\t\tNot Before: %s\n" +msgstr "" + +#, c-format +msgid "\t\tNot After: %s\n" +msgstr "" + +#, c-format +msgid "\tSubject: %s\n" +msgstr "" + +#, c-format +msgid "\tSubject Public Key Algorithm: %s\n" +msgstr "" + +#, c-format +msgid "\t\tModulus (bits %d):\n" +msgstr "" + +msgid "\t\tExponent:\n" +msgstr "" + +#, c-format +msgid "\t\tPublic key (bits %d):\n" +msgstr "" + +msgid "\t\tP:\n" +msgstr "" + +msgid "\t\tQ:\n" +msgstr "" + +msgid "\t\tG:\n" +msgstr "" + +msgid "\tExtensions:\n" +msgstr "" + +#, c-format +msgid "\t\tBasic Constraints (%s):\n" +msgstr "" + +msgid "critical" +msgstr "" + +msgid "not critical" +msgstr "" + +#, c-format +msgid "\t\tSubject Key Identifier (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tAuthority Key Identifier (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tKey Usage (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tKey Purpose (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tSubject Alternative Name (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tCRL Distribution points (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tProxy Certificate Information (%s):\n" +msgstr "" + +#, c-format +msgid "\t\tUnknown extension %s (%s):\n" +msgstr "" + +msgid "\t\t\tASCII: " +msgstr "" + +msgid "\t\t\tHexdump: " +msgstr "" + +#, c-format +msgid "\tSignature Algorithm: %s\n" +msgstr "" + +msgid "" +"warning: signed using a broken signature algorithm that can be forged.\n" +msgstr "" + +msgid "\tSignature:\n" +msgstr "" + +msgid "" +"\tMD5 fingerprint:\n" +"\t\t" +msgstr "" + +msgid "" +"\tSHA-1 fingerprint:\n" +"\t\t" +msgstr "" + +msgid "" +"\tPublic Key Id:\n" +"\t\t" +msgstr "" + +msgid "X.509 Certificate Information:\n" +msgstr "" + +msgid "Other Information:\n" +msgstr "" + +msgid "\tVersion: 1 (default)\n" +msgstr "" + +msgid "\tUpdate dates:\n" +msgstr "" + +#, c-format +msgid "\t\tIssued: %s\n" +msgstr "" + +#, c-format +msgid "\t\tNext at: %s\n" +msgstr "" + +#, c-format +msgid "\tRevoked certificates (%d):\n" +msgstr "" + +#, fuzzy +msgid "\tNo revoked certificates.\n" +msgstr "Ralat dalam sijil." + +msgid "\t\tSerial Number (hex): " +msgstr "" + +#, c-format +msgid "\t\tRevoked at: %s\n" +msgstr "" + +msgid "X.509 Certificate Revocation List Information:\n" +msgstr "" diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c index fa2774fe0a..2f2266e577 100644 --- a/src/certtool-gaa.c +++ b/src/certtool-gaa.c @@ -159,7 +159,6 @@ void gaa_help(void) __gaa_helpsingle(0, "hash", "STR ", "Hash algorithm to use for signing (MD5,SHA1,RMD160,SHA256,SHA384,SHA512)."); __gaa_helpsingle(0, "export-ciphers", "", "Use weak encryption algorithms."); __gaa_helpsingle(0, "inder", "", "Use DER format for input certificates and private keys."); - __gaa_helpsingle(0, "xml", "", "Use XML format for output certificates."); __gaa_helpsingle(0, "outder", "", "Use DER format for output certificates and private keys."); __gaa_helpsingle(0, "bits", "BITS ", "specify the number of bits for key generation."); __gaa_helpsingle(0, "quick-random", "", "Use /dev/urandom for all operation, reducing the quality of randomness used."); @@ -183,22 +182,20 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 110 "certtool.gaa" +#line 107 "certtool.gaa" int debug; -#line 106 "certtool.gaa" - char *template; #line 103 "certtool.gaa" - char *infile; + char *template; #line 100 "certtool.gaa" - char *outfile; + char *infile; #line 97 "certtool.gaa" - int quick_random; + char *outfile; #line 94 "certtool.gaa" - int bits; + int quick_random; #line 91 "certtool.gaa" - int outcert_format; + int bits; #line 88 "certtool.gaa" - int xml; + int outcert_format; #line 85 "certtool.gaa" int incert_format; #line 82 "certtool.gaa" @@ -279,7 +276,7 @@ static int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 40 +#define GAA_NB_OPTION 39 #define GAAOPTID_version 1 #define GAAOPTID_help 2 #define GAAOPTID_debug 3 @@ -289,37 +286,36 @@ static int gaa_error = 0; #define GAAOPTID_quick_random 7 #define GAAOPTID_bits 8 #define GAAOPTID_outder 9 -#define GAAOPTID_xml 10 -#define GAAOPTID_inder 11 -#define GAAOPTID_export_ciphers 12 -#define GAAOPTID_hash 13 -#define GAAOPTID_dsa 14 -#define GAAOPTID_pkcs8 15 -#define GAAOPTID_to_p12 16 -#define GAAOPTID_fix_key 17 -#define GAAOPTID_key_info 18 -#define GAAOPTID_smime_to_p7 19 -#define GAAOPTID_p7_info 20 -#define GAAOPTID_p12_info 21 -#define GAAOPTID_crl_info 22 -#define GAAOPTID_certificate_info 23 -#define GAAOPTID_password 24 -#define GAAOPTID_load_ca_certificate 25 -#define GAAOPTID_load_ca_privkey 26 -#define GAAOPTID_load_certificate 27 -#define GAAOPTID_load_request 28 -#define GAAOPTID_load_privkey 29 -#define GAAOPTID_get_dh_params 30 -#define GAAOPTID_generate_dh_params 31 -#define GAAOPTID_verify_crl 32 -#define GAAOPTID_verify_chain 33 -#define GAAOPTID_generate_request 34 -#define GAAOPTID_generate_privkey 35 -#define GAAOPTID_update_certificate 36 -#define GAAOPTID_generate_crl 37 -#define GAAOPTID_generate_proxy 38 -#define GAAOPTID_generate_certificate 39 -#define GAAOPTID_generate_self_signed 40 +#define GAAOPTID_inder 10 +#define GAAOPTID_export_ciphers 11 +#define GAAOPTID_hash 12 +#define GAAOPTID_dsa 13 +#define GAAOPTID_pkcs8 14 +#define GAAOPTID_to_p12 15 +#define GAAOPTID_fix_key 16 +#define GAAOPTID_key_info 17 +#define GAAOPTID_smime_to_p7 18 +#define GAAOPTID_p7_info 19 +#define GAAOPTID_p12_info 20 +#define GAAOPTID_crl_info 21 +#define GAAOPTID_certificate_info 22 +#define GAAOPTID_password 23 +#define GAAOPTID_load_ca_certificate 24 +#define GAAOPTID_load_ca_privkey 25 +#define GAAOPTID_load_certificate 26 +#define GAAOPTID_load_request 27 +#define GAAOPTID_load_privkey 28 +#define GAAOPTID_get_dh_params 29 +#define GAAOPTID_generate_dh_params 30 +#define GAAOPTID_verify_crl 31 +#define GAAOPTID_verify_chain 32 +#define GAAOPTID_generate_request 33 +#define GAAOPTID_generate_privkey 34 +#define GAAOPTID_update_certificate 35 +#define GAAOPTID_generate_crl 36 +#define GAAOPTID_generate_proxy 37 +#define GAAOPTID_generate_certificate 38 +#define GAAOPTID_generate_self_signed 39 #line 168 "gaa.skel" @@ -625,7 +621,6 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECK1STR("h", GAAOPTID_help); GAA_CHECK1STR("", GAAOPTID_quick_random); GAA_CHECK1STR("", GAAOPTID_outder); - GAA_CHECK1STR("", GAAOPTID_xml); GAA_CHECK1STR("", GAAOPTID_inder); GAA_CHECK1STR("", GAAOPTID_export_ciphers); GAA_CHECK1STR("", GAAOPTID_dsa); @@ -662,7 +657,6 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("quick-random", GAAOPTID_quick_random); GAA_CHECKSTR("bits", GAAOPTID_bits); GAA_CHECKSTR("outder", GAAOPTID_outder); - GAA_CHECKSTR("xml", GAAOPTID_xml); GAA_CHECKSTR("inder", GAAOPTID_inder); GAA_CHECKSTR("export-ciphers", GAAOPTID_export_ciphers); GAA_CHECKSTR("hash", GAAOPTID_hash); @@ -739,14 +733,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_version: OK = 0; -#line 115 "certtool.gaa" +#line 112 "certtool.gaa" { certtool_version(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_help: OK = 0; -#line 113 "certtool.gaa" +#line 110 "certtool.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; @@ -756,7 +750,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1); gaa_index++; -#line 111 "certtool.gaa" +#line 108 "certtool.gaa" { gaaval->debug = GAATMP_debug.arg1 ;}; return GAA_OK; @@ -766,7 +760,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_template.arg1, gaa_getstr, GAATMP_template.size1); gaa_index++; -#line 107 "certtool.gaa" +#line 104 "certtool.gaa" { gaaval->template = GAATMP_template.arg1 ;}; return GAA_OK; @@ -776,7 +770,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1); gaa_index++; -#line 104 "certtool.gaa" +#line 101 "certtool.gaa" { gaaval->infile = GAATMP_infile.arg1 ;}; return GAA_OK; @@ -786,14 +780,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1); gaa_index++; -#line 101 "certtool.gaa" +#line 98 "certtool.gaa" { gaaval->outfile = GAATMP_outfile.arg1 ;}; return GAA_OK; break; case GAAOPTID_quick_random: OK = 0; -#line 98 "certtool.gaa" +#line 95 "certtool.gaa" { gaaval->quick_random = 1; ;}; return GAA_OK; @@ -803,22 +797,15 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1); gaa_index++; -#line 95 "certtool.gaa" +#line 92 "certtool.gaa" { gaaval->bits = GAATMP_bits.arg1 ;}; return GAA_OK; break; case GAAOPTID_outder: OK = 0; -#line 92 "certtool.gaa" -{ gaaval->outcert_format=1 ;}; - - return GAA_OK; - break; - case GAAOPTID_xml: - OK = 0; #line 89 "certtool.gaa" -{ gaaval->xml=1 ;}; +{ gaaval->outcert_format=1 ;}; return GAA_OK; break; @@ -1077,11 +1064,11 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 117 "certtool.gaa" +#line 114 "certtool.gaa" { gaaval->bits = 1024; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; - gaaval->export = 0; gaaval->template = NULL; gaaval->xml = 0; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=0; ;}; + gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=0; ;}; } inited = 1; diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h index 89c4a58f34..891360ef98 100644 --- a/src/certtool-gaa.h +++ b/src/certtool-gaa.h @@ -8,22 +8,20 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 110 "certtool.gaa" +#line 107 "certtool.gaa" int debug; -#line 106 "certtool.gaa" - char *template; #line 103 "certtool.gaa" - char *infile; + char *template; #line 100 "certtool.gaa" - char *outfile; + char *infile; #line 97 "certtool.gaa" - int quick_random; + char *outfile; #line 94 "certtool.gaa" - int bits; + int quick_random; #line 91 "certtool.gaa" - int outcert_format; + int bits; #line 88 "certtool.gaa" - int xml; + int outcert_format; #line 85 "certtool.gaa" int incert_format; #line 82 "certtool.gaa" diff --git a/src/certtool.c b/src/certtool.c index e637c1f14d..0ecfca88e2 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -926,8 +926,6 @@ certificate_info (void) if (info.outcert_format == GNUTLS_X509_FMT_PEM) print_certificate_info (crt[i], outfile, 1); - if (!info.xml) - { size = sizeof (buffer); ret = gnutls_x509_crt_export (crt[i], info.outcert_format, buffer, &size); @@ -935,19 +933,6 @@ certificate_info (void) error (EXIT_FAILURE, 0, "Export error: %s", gnutls_strerror (ret)); fwrite (buffer, 1, size, outfile); - } - else - { - gnutls_datum_t xml; - - ret = gnutls_x509_crt_to_xml (crt[i], &xml, GNUTLS_XML_SHOW_ALL); - if (ret < 0) - error (EXIT_FAILURE, 0, "XML encoding error: %s", - gnutls_strerror (ret)); - - fprintf (outfile, "\n%s\n", xml.data); - gnutls_free (xml.data); - } } } diff --git a/src/certtool.gaa b/src/certtool.gaa index dd1d941239..828b3253f3 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -85,9 +85,6 @@ option (export-ciphers) { $export=1 } "Use weak encryption algorithms." #int incert_format; option (inder) { $incert_format=1 } "Use DER format for input certificates and private keys." -#int xml; -option (xml) { $xml=1 } "Use XML format for output certificates." - #int outcert_format; option (outder) { $outcert_format=1 } "Use DER format for output certificates and private keys." @@ -117,5 +114,5 @@ option (v, version) { certtool_version(); exit(0); } "shows the program's versio init { $bits = 1024; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; - $export = 0; $template = NULL; $xml = 0; $hash=NULL; $fix_key = 0; $quick_random=0; } + $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=0; } diff --git a/src/cli-gaa.c b/src/cli-gaa.c index 24ccb9210c..990168818f 100644 --- a/src/cli-gaa.c +++ b/src/cli-gaa.c @@ -134,7 +134,6 @@ void gaa_help(void) __gaa_helpsingle(0, "x509fmtder", "", "Use DER format for certificates to read from."); __gaa_helpsingle('f', "fingerprint", "", "Send the openpgp fingerprint, instead of the key."); __gaa_helpsingle(0, "disable-extensions", "", "Disable all the TLS extensions."); - __gaa_helpsingle(0, "xml", "", "Print the certificate information in XML format."); __gaa_helpsingle(0, "print-cert", "", "Print the certificate in PEM format."); __gaa_helpsingle(0, "recordsize", "integer ", "The maximum record size to advertize."); __gaa_helpsingle('V', "verbose", "", "More verbose output."); @@ -179,74 +178,72 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 128 "cli.gaa" +#line 125 "cli.gaa" char *rest_args; -#line 119 "cli.gaa" - int insecure; #line 116 "cli.gaa" - char *port; + int insecure; #line 113 "cli.gaa" - char *opaque_prf_input; + char *port; #line 110 "cli.gaa" - char *authz_saml_assertion; + char *opaque_prf_input; #line 107 "cli.gaa" - char *authz_x509_attr_cert; + char *authz_saml_assertion; #line 104 "cli.gaa" - char *psk_key; + char *authz_x509_attr_cert; #line 101 "cli.gaa" - char *psk_username; + char *psk_key; #line 98 "cli.gaa" - char *srp_passwd; + char *psk_username; #line 95 "cli.gaa" - char *srp_username; + char *srp_passwd; #line 92 "cli.gaa" - char *x509_certfile; + char *srp_username; #line 89 "cli.gaa" - char *x509_keyfile; + char *x509_certfile; #line 86 "cli.gaa" - char *pgp_certfile; + char *x509_keyfile; #line 83 "cli.gaa" - char *pgp_trustdb; + char *pgp_certfile; #line 80 "cli.gaa" - char *pgp_keyring; + char *pgp_trustdb; #line 77 "cli.gaa" - char *pgp_keyfile; + char *pgp_keyring; #line 74 "cli.gaa" - char *x509_crlfile; + char *pgp_keyfile; #line 71 "cli.gaa" - char *x509_cafile; + char *x509_crlfile; #line 68 "cli.gaa" + char *x509_cafile; +#line 65 "cli.gaa" char **ctype; -#line 67 "cli.gaa" - int nctype; #line 64 "cli.gaa" + int nctype; +#line 61 "cli.gaa" char **kx; -#line 63 "cli.gaa" - int nkx; #line 60 "cli.gaa" + int nkx; +#line 57 "cli.gaa" char **macs; -#line 59 "cli.gaa" - int nmacs; #line 56 "cli.gaa" + int nmacs; +#line 53 "cli.gaa" char **comp; -#line 55 "cli.gaa" - int ncomp; #line 52 "cli.gaa" + int ncomp; +#line 49 "cli.gaa" char **proto; -#line 51 "cli.gaa" - int nproto; #line 48 "cli.gaa" + int nproto; +#line 45 "cli.gaa" char **ciphers; -#line 47 "cli.gaa" - int nciphers; #line 44 "cli.gaa" - int verbose; + int nciphers; #line 41 "cli.gaa" - int record_size; + int verbose; #line 38 "cli.gaa" - int print_cert; + int record_size; #line 35 "cli.gaa" - int xml; + int print_cert; #line 32 "cli.gaa" int disable_extensions; #line 29 "cli.gaa" @@ -315,7 +312,7 @@ static int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 38 +#define GAA_NB_OPTION 37 #define GAAOPTID_copyright 1 #define GAAOPTID_version 2 #define GAAOPTID_help 3 @@ -346,14 +343,13 @@ static int gaa_error = 0; #define GAAOPTID_verbose 28 #define GAAOPTID_recordsize 29 #define GAAOPTID_print_cert 30 -#define GAAOPTID_xml 31 -#define GAAOPTID_disable_extensions 32 -#define GAAOPTID_fingerprint 33 -#define GAAOPTID_x509fmtder 34 -#define GAAOPTID_crlf 35 -#define GAAOPTID_starttls 36 -#define GAAOPTID_resume 37 -#define GAAOPTID_debug 38 +#define GAAOPTID_disable_extensions 31 +#define GAAOPTID_fingerprint 32 +#define GAAOPTID_x509fmtder 33 +#define GAAOPTID_crlf 34 +#define GAAOPTID_starttls 35 +#define GAAOPTID_resume 36 +#define GAAOPTID_debug 37 #line 168 "gaa.skel" @@ -753,7 +749,6 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECK1STR("", GAAOPTID_insecure); GAA_CHECK1STR("V", GAAOPTID_verbose); GAA_CHECK1STR("", GAAOPTID_print_cert); - GAA_CHECK1STR("", GAAOPTID_xml); GAA_CHECK1STR("", GAAOPTID_disable_extensions); GAA_CHECK1STR("f", GAAOPTID_fingerprint); GAA_CHECK1STR("", GAAOPTID_x509fmtder); @@ -794,7 +789,6 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("verbose", GAAOPTID_verbose); GAA_CHECKSTR("recordsize", GAAOPTID_recordsize); GAA_CHECKSTR("print-cert", GAAOPTID_print_cert); - GAA_CHECKSTR("xml", GAAOPTID_xml); GAA_CHECKSTR("disable-extensions", GAAOPTID_disable_extensions); GAA_CHECKSTR("fingerprint", GAAOPTID_fingerprint); GAA_CHECKSTR("x509fmtder", GAAOPTID_x509fmtder); @@ -860,35 +854,35 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_copyright: OK = 0; -#line 126 "cli.gaa" +#line 123 "cli.gaa" { print_license(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_version: OK = 0; -#line 125 "cli.gaa" +#line 122 "cli.gaa" { cli_version(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_help: OK = 0; -#line 123 "cli.gaa" +#line 120 "cli.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_list: OK = 0; -#line 122 "cli.gaa" +#line 119 "cli.gaa" { print_list(gaaval->verbose); exit(0); ;}; return GAA_OK; break; case GAAOPTID_insecure: OK = 0; -#line 120 "cli.gaa" +#line 117 "cli.gaa" { gaaval->insecure = 1 ;}; return GAA_OK; @@ -898,7 +892,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_port.arg1, gaa_getstr, GAATMP_port.size1); gaa_index++; -#line 117 "cli.gaa" +#line 114 "cli.gaa" { gaaval->port = GAATMP_port.arg1 ;}; return GAA_OK; @@ -908,7 +902,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_opaque_prf_input.arg1, gaa_getstr, GAATMP_opaque_prf_input.size1); gaa_index++; -#line 114 "cli.gaa" +#line 111 "cli.gaa" { gaaval->opaque_prf_input = GAATMP_opaque_prf_input.arg1 ;}; return GAA_OK; @@ -918,7 +912,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_authz_saml_assertion.arg1, gaa_getstr, GAATMP_authz_saml_assertion.size1); gaa_index++; -#line 111 "cli.gaa" +#line 108 "cli.gaa" { gaaval->authz_saml_assertion = GAATMP_authz_saml_assertion.arg1 ;}; return GAA_OK; @@ -928,7 +922,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_authz_x509_attr_cert.arg1, gaa_getstr, GAATMP_authz_x509_attr_cert.size1); gaa_index++; -#line 108 "cli.gaa" +#line 105 "cli.gaa" { gaaval->authz_x509_attr_cert = GAATMP_authz_x509_attr_cert.arg1 ;}; return GAA_OK; @@ -938,7 +932,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pskkey.arg1, gaa_getstr, GAATMP_pskkey.size1); gaa_index++; -#line 105 "cli.gaa" +#line 102 "cli.gaa" { gaaval->psk_key = GAATMP_pskkey.arg1 ;}; return GAA_OK; @@ -948,7 +942,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pskusername.arg1, gaa_getstr, GAATMP_pskusername.size1); gaa_index++; -#line 102 "cli.gaa" +#line 99 "cli.gaa" { gaaval->psk_username = GAATMP_pskusername.arg1 ;}; return GAA_OK; @@ -958,7 +952,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr, GAATMP_srppasswd.size1); gaa_index++; -#line 99 "cli.gaa" +#line 96 "cli.gaa" { gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;}; return GAA_OK; @@ -968,7 +962,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_srpusername.arg1, gaa_getstr, GAATMP_srpusername.size1); gaa_index++; -#line 96 "cli.gaa" +#line 93 "cli.gaa" { gaaval->srp_username = GAATMP_srpusername.arg1 ;}; return GAA_OK; @@ -978,7 +972,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr, GAATMP_x509certfile.size1); gaa_index++; -#line 93 "cli.gaa" +#line 90 "cli.gaa" { gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;}; return GAA_OK; @@ -988,7 +982,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr, GAATMP_x509keyfile.size1); gaa_index++; -#line 90 "cli.gaa" +#line 87 "cli.gaa" { gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;}; return GAA_OK; @@ -998,7 +992,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr, GAATMP_pgpcertfile.size1); gaa_index++; -#line 87 "cli.gaa" +#line 84 "cli.gaa" { gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;}; return GAA_OK; @@ -1008,7 +1002,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgptrustdb.arg1, gaa_getstr, GAATMP_pgptrustdb.size1); gaa_index++; -#line 84 "cli.gaa" +#line 81 "cli.gaa" { gaaval->pgp_trustdb = GAATMP_pgptrustdb.arg1 ;}; return GAA_OK; @@ -1018,7 +1012,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr, GAATMP_pgpkeyring.size1); gaa_index++; -#line 81 "cli.gaa" +#line 78 "cli.gaa" { gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;}; return GAA_OK; @@ -1028,7 +1022,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr, GAATMP_pgpkeyfile.size1); gaa_index++; -#line 78 "cli.gaa" +#line 75 "cli.gaa" { gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;}; return GAA_OK; @@ -1038,7 +1032,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509crlfile.arg1, gaa_getstr, GAATMP_x509crlfile.size1); gaa_index++; -#line 75 "cli.gaa" +#line 72 "cli.gaa" { gaaval->x509_crlfile = GAATMP_x509crlfile.arg1 ;}; return GAA_OK; @@ -1048,7 +1042,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr, GAATMP_x509cafile.size1); gaa_index++; -#line 72 "cli.gaa" +#line 69 "cli.gaa" { gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;}; return GAA_OK; @@ -1056,7 +1050,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ctypes: OK = 0; GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1); -#line 69 "cli.gaa" +#line 66 "cli.gaa" { gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;}; return GAA_OK; @@ -1064,7 +1058,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_kx: OK = 0; GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1); -#line 65 "cli.gaa" +#line 62 "cli.gaa" { gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;}; return GAA_OK; @@ -1072,7 +1066,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_macs: OK = 0; GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1); -#line 61 "cli.gaa" +#line 58 "cli.gaa" { gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;}; return GAA_OK; @@ -1080,7 +1074,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_comp: OK = 0; GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1); -#line 57 "cli.gaa" +#line 54 "cli.gaa" { gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;}; return GAA_OK; @@ -1088,7 +1082,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_protocols: OK = 0; GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1); -#line 53 "cli.gaa" +#line 50 "cli.gaa" { gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;}; return GAA_OK; @@ -1096,14 +1090,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_ciphers: OK = 0; GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1); -#line 49 "cli.gaa" +#line 46 "cli.gaa" { gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;}; return GAA_OK; break; case GAAOPTID_verbose: OK = 0; -#line 45 "cli.gaa" +#line 42 "cli.gaa" { gaaval->verbose = 1 ;}; return GAA_OK; @@ -1113,22 +1107,15 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_recordsize.arg1, gaa_getint, GAATMP_recordsize.size1); gaa_index++; -#line 42 "cli.gaa" +#line 39 "cli.gaa" { gaaval->record_size = GAATMP_recordsize.arg1 ;}; return GAA_OK; break; case GAAOPTID_print_cert: OK = 0; -#line 39 "cli.gaa" -{ gaaval->print_cert = 1 ;}; - - return GAA_OK; - break; - case GAAOPTID_xml: - OK = 0; #line 36 "cli.gaa" -{ gaaval->xml = 1 ;}; +{ gaaval->print_cert = 1 ;}; return GAA_OK; break; @@ -1188,7 +1175,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAAREST_tmp.arg1, gaa_getstr, GAAREST_tmp.size1); gaa_index++; -#line 129 "cli.gaa" +#line 126 "cli.gaa" { gaaval->rest_args = GAAREST_tmp.arg1; ;}; return GAA_OK; @@ -1217,13 +1204,13 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 131 "cli.gaa" +#line 128 "cli.gaa" { gaaval->resume=0; gaaval->port="443"; gaaval->rest_args=NULL; gaaval->ciphers=NULL; gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0; gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0; gaaval->fingerprint=0; gaaval->pgp_trustdb=NULL; gaaval->pgp_keyring=NULL; gaaval->x509_crlfile = NULL; gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL; gaaval->disable_extensions = 0; - gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->crlf = 0; gaaval->xml = 0; + gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->crlf = 0; gaaval->srp_username=NULL; gaaval->srp_passwd=NULL; gaaval->fmtder = 0; gaaval->starttls =0; gaaval->debug = 0; gaaval->print_cert = 0; gaaval->verbose = 0; gaaval->psk_key = NULL; gaaval->psk_username = NULL; @@ -1376,7 +1363,7 @@ static int gaa_internal_get_next_str(FILE *file, gaa_str_node *tmp_str, int argc len++; a = fgetc( file); - if(a==EOF) return 0; /* a = ' '; */ + if(a==EOF) return 0; //a = ' '; } len += 1; diff --git a/src/cli-gaa.h b/src/cli-gaa.h index 1548cc0ece..87fb4facff 100644 --- a/src/cli-gaa.h +++ b/src/cli-gaa.h @@ -8,74 +8,72 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 128 "cli.gaa" +#line 125 "cli.gaa" char *rest_args; -#line 119 "cli.gaa" - int insecure; #line 116 "cli.gaa" - char *port; + int insecure; #line 113 "cli.gaa" - char *opaque_prf_input; + char *port; #line 110 "cli.gaa" - char *authz_saml_assertion; + char *opaque_prf_input; #line 107 "cli.gaa" - char *authz_x509_attr_cert; + char *authz_saml_assertion; #line 104 "cli.gaa" - char *psk_key; + char *authz_x509_attr_cert; #line 101 "cli.gaa" - char *psk_username; + char *psk_key; #line 98 "cli.gaa" - char *srp_passwd; + char *psk_username; #line 95 "cli.gaa" - char *srp_username; + char *srp_passwd; #line 92 "cli.gaa" - char *x509_certfile; + char *srp_username; #line 89 "cli.gaa" - char *x509_keyfile; + char *x509_certfile; #line 86 "cli.gaa" - char *pgp_certfile; + char *x509_keyfile; #line 83 "cli.gaa" - char *pgp_trustdb; + char *pgp_certfile; #line 80 "cli.gaa" - char *pgp_keyring; + char *pgp_trustdb; #line 77 "cli.gaa" - char *pgp_keyfile; + char *pgp_keyring; #line 74 "cli.gaa" - char *x509_crlfile; + char *pgp_keyfile; #line 71 "cli.gaa" - char *x509_cafile; + char *x509_crlfile; #line 68 "cli.gaa" + char *x509_cafile; +#line 65 "cli.gaa" char **ctype; -#line 67 "cli.gaa" - int nctype; #line 64 "cli.gaa" + int nctype; +#line 61 "cli.gaa" char **kx; -#line 63 "cli.gaa" - int nkx; #line 60 "cli.gaa" + int nkx; +#line 57 "cli.gaa" char **macs; -#line 59 "cli.gaa" - int nmacs; #line 56 "cli.gaa" + int nmacs; +#line 53 "cli.gaa" char **comp; -#line 55 "cli.gaa" - int ncomp; #line 52 "cli.gaa" + int ncomp; +#line 49 "cli.gaa" char **proto; -#line 51 "cli.gaa" - int nproto; #line 48 "cli.gaa" + int nproto; +#line 45 "cli.gaa" char **ciphers; -#line 47 "cli.gaa" - int nciphers; #line 44 "cli.gaa" - int verbose; + int nciphers; #line 41 "cli.gaa" - int record_size; + int verbose; #line 38 "cli.gaa" - int print_cert; + int record_size; #line 35 "cli.gaa" - int xml; + int print_cert; #line 32 "cli.gaa" int disable_extensions; #line 29 "cli.gaa" @@ -66,7 +66,6 @@ int record_max_size; int fingerprint; int crlf; int verbose = 0; -extern int xml; extern int print_cert; char *srp_passwd = NULL; @@ -122,18 +121,19 @@ typedef struct int secure; char *hostname; char *ip; - char* service; + char *service; struct addrinfo *ptr; struct addrinfo *addr_info; } socket_st; -ssize_t socket_recv (const socket_st *socket, void *buffer, int buffer_size); -ssize_t socket_send (const socket_st *socket, const void *buffer, int buffer_size); -void socket_open( socket_st* hd, const char* hostname, const char* service); -void socket_connect( const socket_st* hd); +ssize_t socket_recv (const socket_st * socket, void *buffer, int buffer_size); +ssize_t socket_send (const socket_st * socket, const void *buffer, + int buffer_size); +void socket_open (socket_st * hd, const char *hostname, const char *service); +void socket_connect (const socket_st * hd); void socket_bye (socket_st * socket); -static void check_rehandshake (socket_st *socket, int ret); +static void check_rehandshake (socket_st * socket, int ret); static int do_handshake (socket_st * socket); static void init_global_tls_stuff (void); @@ -386,8 +386,7 @@ cert_callback (gnutls_session_t session, int authz_send_callback (gnutls_session_t session, - const int *client_formats, - const int *server_formats) + const int *client_formats, const int *server_formats) { size_t i; int ret; @@ -440,9 +439,8 @@ authz_send_callback (gnutls_session_t session, int authz_recv_callback (gnutls_session_t session, const int *authz_formats, - gnutls_datum_t *infos, - const int *hashtypes, - gnutls_datum_t *hash) + gnutls_datum_t * infos, + const int *hashtypes, gnutls_datum_t * hash) { size_t i, j; @@ -550,7 +548,7 @@ static void gaa_parser (int argc, char **argv); /* Returns zero if the error code was successfully handled. */ static int -handle_error (socket_st *hd, int err) +handle_error (socket_st * hd, int err) { int alert, ret; const char *err_type, *str; @@ -655,8 +653,8 @@ main (int argc, char **argv) init_global_tls_stuff (); - socket_open( &hd, hostname, service); - socket_connect( &hd); + socket_open (&hd, hostname, service); + socket_connect (&hd); hd.session = init_tls_session (hostname); if (starttls) @@ -713,8 +711,8 @@ main (int argc, char **argv) printf ("\n\n- Connecting again- trying to resume previous session\n"); - socket_open( &hd, hostname, service); - socket_connect(&hd); + socket_open (&hd, hostname, service); + socket_connect (&hd); } else { @@ -877,7 +875,6 @@ gaa_parser (int argc, char **argv) verbose = info.verbose; disable_extensions = info.disable_extensions; - xml = info.xml; print_cert = info.print_cert; starttls = info.starttls; resume = info.resume; @@ -937,7 +934,7 @@ cli_version (void) static void -check_rehandshake (socket_st *socket, int ret) +check_rehandshake (socket_st * socket, int ret) { if (socket->secure && ret == GNUTLS_E_REHANDSHAKE) { @@ -1132,143 +1129,148 @@ init_global_tls_stuff (void) */ ssize_t - socket_recv (const socket_st* socket, void *buffer, int buffer_size) +socket_recv (const socket_st * socket, void *buffer, int buffer_size) { - int ret; + int ret; - if (socket->secure) - do - { - ret = gnutls_record_recv (socket->session, buffer, buffer_size); - } + if (socket->secure) + do + { + ret = gnutls_record_recv (socket->session, buffer, buffer_size); + } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); - else - do - { - ret = recv (socket->fd, buffer, buffer_size, 0); - } + else + do + { + ret = recv (socket->fd, buffer, buffer_size, 0); + } while (ret == -1 && errno == EINTR); - return ret; + return ret; } ssize_t - socket_send (const socket_st *socket, const void *buffer, int buffer_size) +socket_send (const socket_st * socket, const void *buffer, int buffer_size) { - int ret; + int ret; - if (socket->secure) - do - { - ret = gnutls_record_send (socket->session, buffer, buffer_size); - } + if (socket->secure) + do + { + ret = gnutls_record_send (socket->session, buffer, buffer_size); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); - else - do - { - ret = send (socket->fd, buffer, buffer_size, 0); - } + else + do + { + ret = send (socket->fd, buffer, buffer_size, 0); + } while (ret == -1 && errno == EINTR); - if (ret > 0 && ret != buffer_size && verbose) - fprintf (stderr, - "*** Only sent %d bytes instead of %d.\n", ret, buffer_size); + if (ret > 0 && ret != buffer_size && verbose) + fprintf (stderr, + "*** Only sent %d bytes instead of %d.\n", ret, buffer_size); - return ret; + return ret; } void - socket_bye (socket_st * socket) +socket_bye (socket_st * socket) { - int ret; - if (socket->secure) + int ret; + if (socket->secure) { - do - ret = gnutls_bye (socket->session, GNUTLS_SHUT_RDWR); - while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); - if (ret < 0) - fprintf (stderr, "*** gnutls_bye() error: %s\n", - gnutls_strerror (ret)); - gnutls_deinit (socket->session); - socket->session = NULL; + do + ret = gnutls_bye (socket->session, GNUTLS_SHUT_RDWR); + while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); + if (ret < 0) + fprintf (stderr, "*** gnutls_bye() error: %s\n", + gnutls_strerror (ret)); + gnutls_deinit (socket->session); + socket->session = NULL; } - freeaddrinfo( socket->addr_info); - socket->addr_info = socket->ptr = NULL; - - free( socket->ip); - free( socket->hostname); - free( socket->service); - - shutdown (socket->fd, SHUT_RDWR); /* no more receptions */ - close (socket->fd); - - socket->fd = -1; - socket->secure = 0; + freeaddrinfo (socket->addr_info); + socket->addr_info = socket->ptr = NULL; + + free (socket->ip); + free (socket->hostname); + free (socket->service); + + shutdown (socket->fd, SHUT_RDWR); /* no more receptions */ + close (socket->fd); + + socket->fd = -1; + socket->secure = 0; } -void socket_connect( const socket_st* hd) +void +socket_connect (const socket_st * hd) { - int err; + int err; - printf ("Connecting to '%s:%s'...\n", hd->ip, hd->service); + printf ("Connecting to '%s:%s'...\n", hd->ip, hd->service); - err = connect (hd->fd, hd->ptr->ai_addr, hd->ptr->ai_addrlen); - if (err < 0) + err = connect (hd->fd, hd->ptr->ai_addr, hd->ptr->ai_addrlen); + if (err < 0) { - fprintf (stderr, "Cannot connect to %s:%s: %s\n", hd->hostname, hd->service, - strerror (errno)); - exit (1); + fprintf (stderr, "Cannot connect to %s:%s: %s\n", hd->hostname, + hd->service, strerror (errno)); + exit (1); } } -void socket_open( socket_st* hd, const char* hostname, const char* service) +void +socket_open (socket_st * hd, const char *hostname, const char *service) { - struct addrinfo hints, *res, *ptr; - int sd, err; - char buffer[MAX_BUF + 1]; - char portname[16] = { 0 }; - - printf ("Resolving '%s'...\n", hostname); - /* get server name */ - memset (&hints, 0, sizeof (hints)); - hints.ai_socktype = SOCK_STREAM; - if ((err = getaddrinfo (hostname, service, &hints, &res))) + struct addrinfo hints, *res, *ptr; + int sd, err; + char buffer[MAX_BUF + 1]; + char portname[16] = { 0 }; + + printf ("Resolving '%s'...\n", hostname); + /* get server name */ + memset (&hints, 0, sizeof (hints)); + hints.ai_socktype = SOCK_STREAM; + if ((err = getaddrinfo (hostname, service, &hints, &res))) { - fprintf (stderr, "Cannot resolve %s:%s: %s\n", hostname, service, - gai_strerror (err)); - exit (1); + fprintf (stderr, "Cannot resolve %s:%s: %s\n", hostname, service, + gai_strerror (err)); + exit (1); } - sd = -1; - for (ptr = res; ptr != NULL; ptr = ptr->ai_next) + sd = -1; + for (ptr = res; ptr != NULL; ptr = ptr->ai_next) { - sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol); - if (sd == -1) continue; - - if ((err = getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF, - portname, sizeof (portname), NI_NUMERICHOST|NI_NUMERICSERV)) != 0) - { - fprintf (stderr, "getnameinfo(): %s\n", gai_strerror (err)); - freeaddrinfo (res); - exit (1); - } - - break; + sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol); + if (sd == -1) + continue; + + if ((err = getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF, + portname, sizeof (portname), + NI_NUMERICHOST | NI_NUMERICSERV)) != 0) + { + fprintf (stderr, "getnameinfo(): %s\n", gai_strerror (err)); + freeaddrinfo (res); + exit (1); + } + + break; } - if (sd==-1) { - fprintf (stderr, "socket(): %s\n", strerror (errno)); - exit (1); + if (sd == -1) + { + fprintf (stderr, "socket(): %s\n", strerror (errno)); + exit (1); } - - hd->secure = 0; - hd->fd = sd; - hd->hostname = strdup(hostname); - hd->ip = strdup(buffer); - hd->service = strdup(portname); - hd->ptr = ptr; - hd->addr_info = res; - - return; + + hd->secure = 0; + hd->fd = sd; + hd->hostname = strdup (hostname); + hd->ip = strdup (buffer); + hd->service = strdup (portname); + hd->ptr = ptr; + hd->addr_info = res; + + return; } diff --git a/src/cli.gaa b/src/cli.gaa index 560cab21fc..e22863e60c 100644 --- a/src/cli.gaa +++ b/src/cli.gaa @@ -32,9 +32,6 @@ option (f, fingerprint) { $fingerprint = 1 } "Send the openpgp fingerprint, inst #int disable_extensions; option ( disable-extensions) { $disable_extensions = 1 } "Disable all the TLS extensions." -#int xml; -option (xml) { $xml = 1 } "Print the certificate information in XML format." - #int print_cert; option (print-cert) { $print_cert = 1 } "Print the certificate in PEM format." @@ -133,7 +130,7 @@ init { $resume=0; $port="443"; $rest_args=NULL; $ciphers=NULL; $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $record_size=0; $fingerprint=0; $pgp_trustdb=NULL; $pgp_keyring=NULL; $x509_crlfile = NULL; $x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL; $disable_extensions = 0; - $x509_keyfile=NULL; $x509_certfile=NULL; $crlf = 0; $xml = 0; + $x509_keyfile=NULL; $x509_certfile=NULL; $crlf = 0; $srp_username=NULL; $srp_passwd=NULL; $fmtder = 0; $starttls =0; $debug = 0; $print_cert = 0; $verbose = 0; $psk_key = NULL; $psk_username = NULL; diff --git a/src/common.c b/src/common.c index 3ec841d270..961c229374 100644 --- a/src/common.c +++ b/src/common.c @@ -34,7 +34,6 @@ #define SU(x) (x!=NULL?x:"Unknown") -int xml = 0; int print_cert; extern int verbose; @@ -88,7 +87,7 @@ print_x509_info (gnutls_session_t session, const char *hostname) { gnutls_x509_crt_t crt; const gnutls_datum_t *cert_list; - size_t cert_list_size = 0; + unsigned int cert_list_size = 0; int ret; char digest[20]; char serial[40]; @@ -165,132 +164,111 @@ print_x509_info (gnutls_session_t session, const char *hostname) } - if (xml) - { -#ifdef ENABLE_PKI - gnutls_datum_t xml_data; + expiret = gnutls_x509_crt_get_expiration_time (crt); + activet = gnutls_x509_crt_get_activation_time (crt); - ret = gnutls_x509_crt_to_xml (crt, &xml_data, 0); - if (ret < 0) - { - fprintf (stderr, "XML encoding error: %s\n", - gnutls_strerror (ret)); - return; - } + printf (" # valid since: %s", my_ctime (&activet)); + printf (" # expires at: %s", my_ctime (&expiret)); - printf ("%s", xml_data.data); - gnutls_free (xml_data.data); -#endif + + /* Print the serial number of the certificate. + */ + if (verbose + && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0) + { + print = raw_to_string (serial, serial_size); + if (print != NULL) + printf (" # serial number: %s\n", print); + } + + /* Print the fingerprint of the certificate + */ + digest_size = sizeof (digest); + if ((ret = + gnutls_x509_crt_get_fingerprint (crt, + GNUTLS_DIG_MD5, + digest, &digest_size)) < 0) + { + fprintf (stderr, + "Error in fingerprint calculation: %s\n", + gnutls_strerror (ret)); } else { + print = raw_to_string (digest, digest_size); + if (print != NULL) + printf (" # fingerprint: %s\n", print); + } - expiret = gnutls_x509_crt_get_expiration_time (crt); - activet = gnutls_x509_crt_get_activation_time (crt); - - printf (" # valid since: %s", my_ctime (&activet)); - printf (" # expires at: %s", my_ctime (&expiret)); - + /* Print the version of the X.509 + * certificate. + */ + if (verbose) + { + printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt)); - /* Print the serial number of the certificate. - */ - if (verbose - && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0) - { - print = raw_to_string (serial, serial_size); - if (print != NULL) - printf (" # serial number: %s\n", print); - } + bits = 0; + algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits); + printf (" # public key algorithm: "); - /* Print the fingerprint of the certificate - */ - digest_size = sizeof (digest); - if ((ret = - gnutls_x509_crt_get_fingerprint (crt, - GNUTLS_DIG_MD5, - digest, &digest_size)) < 0) - { - fprintf (stderr, - "Error in fingerprint calculation: %s\n", - gnutls_strerror (ret)); - } - else - { - print = raw_to_string (digest, digest_size); - if (print != NULL) - printf (" # fingerprint: %s\n", print); - } + cstr = SU (gnutls_pk_algorithm_get_name (algo)); + printf ("%s (%d bits)\n", cstr, bits); - /* Print the version of the X.509 - * certificate. - */ - if (verbose) +#ifdef ENABLE_PKI + if (algo == GNUTLS_PK_RSA) { - printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt)); - - bits = 0; - algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits); - printf (" # public key algorithm: "); - - cstr = SU (gnutls_pk_algorithm_get_name (algo)); - printf ("%s (%d bits)\n", cstr, bits); + gnutls_datum_t e, m; -#ifdef ENABLE_PKI - if (algo == GNUTLS_PK_RSA) + ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e); + if (ret >= 0) { - gnutls_datum_t e, m; - - ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e); - if (ret >= 0) - { - print = SU (raw_to_string (e.data, e.size)); - printf (" # e [%d bits]: %s\n", e.size * 8, print); + print = SU (raw_to_string (e.data, e.size)); + printf (" # e [%d bits]: %s\n", e.size * 8, print); - print = SU (raw_to_string (m.data, m.size)); - printf (" # m [%d bits]: %s\n", m.size * 8, print); + print = SU (raw_to_string (m.data, m.size)); + printf (" # m [%d bits]: %s\n", m.size * 8, print); - gnutls_free (e.data); - gnutls_free (m.data); - } + gnutls_free (e.data); + gnutls_free (m.data); } - else if (algo == GNUTLS_PK_DSA) - { - gnutls_datum_t p, q, g, y; + } + else if (algo == GNUTLS_PK_DSA) + { + gnutls_datum_t p, q, g, y; - ret = gnutls_x509_crt_get_pk_dsa_raw (crt, &p, &q, &g, &y); - if (ret >= 0) - { - print = SU (raw_to_string (p.data, p.size)); - printf (" # p [%d bits]: %s\n", p.size * 8, print); + ret = gnutls_x509_crt_get_pk_dsa_raw (crt, &p, &q, &g, &y); + if (ret >= 0) + { + print = SU (raw_to_string (p.data, p.size)); + printf (" # p [%d bits]: %s\n", p.size * 8, print); - print = SU (raw_to_string (q.data, q.size)); - printf (" # q [%d bits]: %s\n", q.size * 8, print); + print = SU (raw_to_string (q.data, q.size)); + printf (" # q [%d bits]: %s\n", q.size * 8, print); - print = SU (raw_to_string (g.data, g.size)); - printf (" # g [%d bits]: %s\n", g.size * 8, print); + print = SU (raw_to_string (g.data, g.size)); + printf (" # g [%d bits]: %s\n", g.size * 8, print); - print = SU (raw_to_string (y.data, y.size)); - printf (" # y [%d bits]: %s\n", y.size * 8, print); + print = SU (raw_to_string (y.data, y.size)); + printf (" # y [%d bits]: %s\n", y.size * 8, print); - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - gnutls_free (y.data); - } + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + gnutls_free (y.data); } -#endif } +#endif + } - dn_size = sizeof (dn); - ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size); - if (ret >= 0) - printf (" # Subject's DN: %s\n", dn); + dn_size = sizeof (dn); + ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size); + if (ret >= 0) + printf (" # Subject's DN: %s\n", dn); - dn_size = sizeof (dn); - ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size); - if (ret >= 0) - printf (" # Issuer's DN: %s\n", dn); - } + dn_size = sizeof (dn); + ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size); + if (ret >= 0) + printf (" # Issuer's DN: %s\n", dn); gnutls_x509_crt_deinit (crt); @@ -372,24 +350,6 @@ print_openpgp_info (gnutls_session_t session, const char *hostname) } } - if (xml) - { - gnutls_datum_t xml_data; - - ret = gnutls_openpgp_key_to_xml (crt, &xml_data, 0); - if (ret < 0) - { - fprintf (stderr, "XML encoding error: %s\n", - gnutls_strerror (ret)); - return; - } - - printf ("%s", xml_data.data); - gnutls_free (xml_data.data); - - return; - } - activet = gnutls_openpgp_key_get_creation_time (crt); expiret = gnutls_openpgp_key_get_expiration_time (crt); @@ -576,8 +536,8 @@ void print_cert_info (gnutls_session_t session, const char *hostname) { - if (gnutls_certificate_client_get_request_status( session) != 0) - printf("- Server has requested a certificate.\n"); + if (gnutls_certificate_client_get_request_status (session) != 0) + printf ("- Server has requested a certificate.\n"); printf ("- Certificate type: "); switch (gnutls_certificate_type_get (session)) @@ -618,19 +578,18 @@ print_list (int verbose) if (verbose) printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n", gnutls_kx_get_name (kx), - gnutls_cipher_get_name (cipher), - gnutls_mac_get_name (mac)); + gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac)); } } { - const gnutls_certificate_type_t *p = gnutls_certificate_type_list(); + const gnutls_certificate_type_t *p = gnutls_certificate_type_list (); printf ("Certificate types: "); for (; *p; p++) { printf ("%s", gnutls_certificate_type_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); @@ -638,13 +597,13 @@ print_list (int verbose) } { - const gnutls_protocol_t *p = gnutls_protocol_list(); + const gnutls_protocol_t *p = gnutls_protocol_list (); printf ("Protocols: "); for (; *p; p++) { printf ("%s", gnutls_protocol_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); @@ -652,13 +611,13 @@ print_list (int verbose) } { - const gnutls_cipher_algorithm_t *p = gnutls_cipher_list(); + const gnutls_cipher_algorithm_t *p = gnutls_cipher_list (); printf ("Ciphers: "); for (; *p; p++) { printf ("%s", gnutls_cipher_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); @@ -666,13 +625,13 @@ print_list (int verbose) } { - const gnutls_mac_algorithm_t *p = gnutls_mac_list(); + const gnutls_mac_algorithm_t *p = gnutls_mac_list (); printf ("MACs: "); for (; *p; p++) { printf ("%s", gnutls_mac_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); @@ -680,13 +639,13 @@ print_list (int verbose) } { - const gnutls_kx_algorithm_t *p = gnutls_kx_list(); + const gnutls_kx_algorithm_t *p = gnutls_kx_list (); printf ("Key exchange algorithms: "); for (; *p; p++) { printf ("%s", gnutls_kx_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); @@ -694,13 +653,13 @@ print_list (int verbose) } { - const gnutls_compression_method_t *p = gnutls_compression_list(); + const gnutls_compression_method_t *p = gnutls_compression_list (); printf ("Compression: "); for (; *p; p++) { printf ("%s", gnutls_compression_get_name (*p)); - if (*(p+1)) + if (*(p + 1)) printf (", "); else printf ("\n"); |