diff options
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | doc/tex/ex1.tex | 10 | ||||
-rw-r--r-- | doc/tex/ex2.tex | 12 | ||||
-rw-r--r-- | doc/tex/ex3.tex | 12 | ||||
-rw-r--r-- | doc/tex/serv1.tex | 32 | ||||
-rw-r--r-- | doc/tex/srp1.tex | 18 | ||||
-rw-r--r-- | lib/auth_rsa.c | 2 | ||||
-rw-r--r-- | lib/auth_x509.c | 63 | ||||
-rw-r--r-- | lib/auth_x509.h | 2 | ||||
-rw-r--r-- | lib/gnutls.h.in | 38 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 4 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 61 | ||||
-rw-r--r-- | lib/gnutls_cert.h | 2 | ||||
-rw-r--r-- | lib/gnutls_errors_int.h | 18 | ||||
-rw-r--r-- | lib/gnutls_global.c | 8 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 20 | ||||
-rw-r--r-- | lib/gnutls_priority.h | 10 | ||||
-rw-r--r-- | lib/gnutls_record.c | 35 | ||||
-rw-r--r-- | lib/gnutls_record.h | 2 | ||||
-rw-r--r-- | src/cli.c | 35 | ||||
-rw-r--r-- | src/serv.c | 40 |
22 files changed, 217 insertions, 213 deletions
@@ -4,10 +4,10 @@ Version ?.?.? gnutls_set_transport_ptr(). - introduced gnutls_x509pki_get_peer_certificate_list(). This function returns a list containing peer's certificate and issuers DER encoded. -- Added callback to select the server certificate - Updated X.509 certificate handling API +- Added callback to select the server certificate +- More consistent function naming (changes in several function names) - Buffer overflow checking in ASN.1 structures parser -- More consistent function naming (changes several function names) Version 0.2.11 (16/11/2001) - Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value diff --git a/doc/tex/ex1.tex b/doc/tex/ex1.tex index 8757114919..3ac9d3ebf1 100644 --- a/doc/tex/ex1.tex +++ b/doc/tex/ex1.tex @@ -60,11 +60,11 @@ int main() exit(1); } gnutls_init(&state, GNUTLS_CLIENT); - gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_set_cipher_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); - gnutls_set_compression_priority(state, GNUTLS_NULL_COMPRESSION, 0); - gnutls_set_kx_priority(state, GNUTLS_KX_RSA, 0); - gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_protocol_set_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); + gnutls_cipher_set_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); + gnutls_compression_set_priority(state, GNUTLS_NULL_COMPRESSION, 0); + gnutls_kx_set_priority(state, GNUTLS_KX_RSA, 0); + gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); gnutls_set_cred(state, GNUTLS_X509PKI, xcred); diff --git a/doc/tex/ex2.tex b/doc/tex/ex2.tex index d68d49f758..e136e0b19c 100644 --- a/doc/tex/ex2.tex +++ b/doc/tex/ex2.tex @@ -58,24 +58,24 @@ int main() /* allow both SSL3 and TLS1 */ - gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); + gnutls_protocol_set_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); /* allow only ARCFOUR and 3DES ciphers * (3DES has the highest priority) */ - gnutls_set_cipher_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); + gnutls_cipher_set_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); /* only allow null compression */ - gnutls_set_compression_priority(state, GNUTLS_NULL_COMPRESSION, 0); + gnutls_compression_set_priority(state, GNUTLS_NULL_COMPRESSION, 0); /* use GNUTLS_KX_RSA */ - gnutls_set_kx_priority(state, GNUTLS_KX_RSA, 0); + gnutls_kx_set_priority(state, GNUTLS_KX_RSA, 0); /* allow the usage of both SHA and MD5 */ - gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); /* put the x509 credentials to the current state @@ -83,7 +83,7 @@ int main() gnutls_set_cred(state, GNUTLS_X509PKI, xcred); - gnutls_set_transport_ptr( state, sd); + gnutls_transport_set_ptr( state, sd); /* Perform the TLS handshake */ ret = gnutls_handshake( state); diff --git a/doc/tex/ex3.tex b/doc/tex/ex3.tex index 939fe55f5f..01a3caf008 100644 --- a/doc/tex/ex3.tex +++ b/doc/tex/ex3.tex @@ -15,7 +15,7 @@ int print_info(GNUTLS_STATE state) /* print the key exchange's algorithm name */ - tmp = gnutls_kx_get_name(gnutls_get_current_kx(state)); + tmp = gnutls_kx_get_name( gnutls_kx_get_algo( state)); printf("- Key Exchange: %s\n", tmp); /* in case of X509 PKI @@ -27,7 +27,7 @@ int print_info(GNUTLS_STATE state) CertificateStatus status; KXAlgorithm kx; - kx = gnutls_get_current_kx(state); + kx = gnutls_kx_get_algo(state); /* Check if we have been using ephemeral Diffie Hellman. */ @@ -72,16 +72,16 @@ int print_info(GNUTLS_STATE state) } } - tmp = gnutls_version_get_name(gnutls_get_current_version( state)); + tmp = gnutls_protocol_get_name( gnutls_protocol_get_version( state)); printf("- Version: %s\n", tmp); - tmp = gnutls_compression_get_name(gnutls_get_current_compression_method( state)); + tmp = gnutls_compression_get_name( gnutls_compression_get_algo( state)); printf("- Compression: %s\n", tmp); - tmp = gnutls_cipher_get_name(gnutls_get_current_cipher( state)); + tmp = gnutls_cipher_get_name( gnutls_cipher_get_algo( state)); printf("- Cipher: %s\n", tmp); - tmp = gnutls_mac_get_name(gnutls_get_current_mac_algorithm( state)); + tmp = gnutls_mac_get_name(gnutls_mac_get_algo( state)); printf("- MAC: %s\n", tmp); return 0; diff --git a/doc/tex/serv1.tex b/doc/tex/serv1.tex index fc20046606..8a36d7a159 100644 --- a/doc/tex/serv1.tex +++ b/doc/tex/serv1.tex @@ -45,11 +45,11 @@ GNUTLS_STATE initialize_state() if ((ret = gnutls_db_set_name(state, "gnutls-rsm.db")) < 0) fprintf(stderr, "*** DB error (%d)\n\n", ret); - gnutls_set_cipher_priority(state, GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, 0); - gnutls_set_compression_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); - gnutls_set_kx_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_SRP, 0); - gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_cipher_set_priority(state, GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, 0); + gnutls_compression_set_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); + gnutls_kx_set_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_SRP, 0); + gnutls_protocol_set_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); + gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); gnutls_set_cred(state, GNUTLS_SRP, srp_cred); gnutls_set_cred(state, GNUTLS_X509PKI, x509_cred); @@ -68,7 +68,7 @@ void print_info(GNUTLS_STATE state) int sesid_size, i; /* print session_id specific data */ - gnutls_get_session_get_id(state, sesid, &sesid_size); + gnutls_session_get_id(state, sesid, &sesid_size); printf("\n- Session ID: "); for (i = 0; i < sesid_size; i++) printf("%.2X", sesid[i]); @@ -81,21 +81,21 @@ void print_info(GNUTLS_STATE state) } /* print state information */ - tmp = gnutls_version_get_name(gnutls_get_current_version(state)); + tmp = gnutls_protocol_get_name(gnutls_protocol_get_version(state)); printf("- Version: %s\n", tmp); - tmp = gnutls_kx_get_name(gnutls_get_current_kx(state)); + tmp = gnutls_kx_get_name(gnutls_kx_get_algo(state)); printf("- Key Exchange: %s\n", tmp); tmp = gnutls_compression_get_name - (gnutls_get_current_compression_method(state)); + (gnutls_compression_get_algo(state)); printf("- Compression: %s\n", tmp); - tmp = gnutls_cipher_get_name(gnutls_get_current_cipher(state)); + tmp = gnutls_cipher_get_name(gnutls_cipher_get_algo(state)); printf("- Cipher: %s\n", tmp); - tmp = gnutls_mac_get_name(gnutls_get_current_mac_algorithm(state)); + tmp = gnutls_mac_get_name(gnutls_mac_get_algo(state)); printf("- MAC: %s\n", tmp); } @@ -172,8 +172,8 @@ int main() inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, sizeof(topbuf)), ntohs(sa_cli.sin_port)); - - ret = gnutls_handshake(sd, state); + gnutls_transport_set_ptr( state, sd); + ret = gnutls_handshake( state); if (ret < 0) { close(sd); gnutls_deinit(state); @@ -188,7 +188,7 @@ int main() i = 0; for (;;) { bzero(buffer, MAX_BUF + 1); - ret = gnutls_read(sd, state, buffer, MAX_BUF); + ret = gnutls_read( state, buffer, MAX_BUF); if (gnutls_is_fatal_error(ret) == 1 || ret == 0) { if (ret == 0) { @@ -206,7 +206,7 @@ int main() if (ret > 0) { /* echo data back to the client */ - gnutls_write(sd, state, buffer, + gnutls_write( state, buffer, strlen(buffer)); } if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { @@ -215,7 +215,7 @@ int main() } } printf("\n"); - gnutls_bye(sd, state, 1); /* do not wait for + gnutls_bye( state, 1); /* do not wait for * the peer to close the connection. */ diff --git a/doc/tex/srp1.tex b/doc/tex/srp1.tex index 365581652a..cbbcf5d779 100644 --- a/doc/tex/srp1.tex +++ b/doc/tex/srp1.tex @@ -29,11 +29,11 @@ int main() fprintf(stderr, "global state initialization error\n"); exit(1); } - if (gnutls_allocate_srp_client_sc(&xcred) < 0) { + if (gnutls_srp_allocate_client_sc(&xcred) < 0) { fprintf(stderr, "memory error\n"); exit(1); } - gnutls_set_srp_client_cred(xcred, USERNAME, PASSWORD); + gnutls_srp_set_client_cred(xcred, USERNAME, PASSWORD); /* connects to server */ @@ -55,31 +55,31 @@ int main() /* allow both SSL3 and TLS1 */ - gnutls_set_protocol_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); + gnutls_protocol_set_priority(state, GNUTLS_TLS1, GNUTLS_SSL3, 0); /* allow only ARCFOUR and 3DES ciphers * (3DES has the highest priority) */ - gnutls_set_cipher_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); + gnutls_cipher_set_priority(state, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); /* only allow null compression */ - gnutls_set_compression_priority(state, GNUTLS_NULL_COMPRESSION, 0); + gnutls_compression_set_priority(state, GNUTLS_NULL_COMPRESSION, 0); /* use GNUTLS_KX_RSA */ - gnutls_set_kx_priority(state, GNUTLS_KX_SRP, 0); + gnutls_kx_set_priority(state, GNUTLS_KX_SRP, 0); /* allow the usage of both SHA and MD5 */ - gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); /* put the SRP credentials to the current state */ gnutls_set_cred(state, GNUTLS_SRP, xcred); - gnutls_set_transport_ptr( state, sd); + gnutls_transport_set_ptr( state, sd); /* Perform the TLS handshake */ @@ -128,7 +128,7 @@ int main() gnutls_deinit(state); - gnutls_free_srp_client_sc(xcred); + gnutls_srp_free_client_sc(xcred); gnutls_global_deinit(); diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 1073fe7c9b..f34b96a4fa 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -80,7 +80,7 @@ int proc_rsa_client_kx(GNUTLS_STATE state, opaque * data, int data_size) gnutls_datum ciphertext; int ret, dsize; - if ( gnutls_get_current_version(state) == GNUTLS_SSL3) { + if ( gnutls_protocol_get_version(state) == GNUTLS_SSL3) { /* SSL 3.0 */ ciphertext.data = data; ciphertext.size = data_size; diff --git a/lib/auth_x509.c b/lib/auth_x509.c index f7ce5acc15..47039e911c 100644 --- a/lib/auth_x509.c +++ b/lib/auth_x509.c @@ -602,7 +602,7 @@ int _gnutls_proc_x509_server_certificate(GNUTLS_STATE state, opaque * data, if ((ret = _gnutls_check_x509pki_key_usage(&peer_certificate_list[0], - gnutls_get_current_kx(state))) + gnutls_kx_get_algo(state))) < 0) { gnutls_assert(); CLEAR_CERTS; @@ -1281,3 +1281,64 @@ int gnutls_x509pki_get_peer_certificate_status(GNUTLS_STATE state) return verify; } + +/* finds the most appropriate certificate in the cert list. + * The 'appropriate' is defined by the user. + * FIXME: provide user callback. + */ +const gnutls_cert *_gnutls_server_find_cert(GNUTLS_STATE state, + gnutls_cert ** cert_list, + int cert_list_length) +{ + int i; + + i = _gnutls_server_find_cert_list_index(state, cert_list, + cert_list_length); + if (i < 0) + return NULL; + + return &cert_list[i][0]; +} + +/* finds the most appropriate certificate in the cert list. + * The 'appropriate' is defined by the user. + */ +int _gnutls_server_find_cert_list_index(GNUTLS_STATE state, + gnutls_cert ** cert_list, + int cert_list_length) +{ + int i, index = -1; + const X509PKI_CREDENTIALS cred; + + cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); + if (cred == NULL) { + gnutls_assert(); + return GNUTLS_E_INSUFICIENT_CRED; + } + + if (cred->ncerts > 0) + index = 0; /* default is use the first certificate */ + + if (state->gnutls_internals.client_cert_callback != NULL && cred->ncerts > 0) { /* use the callback to get certificate */ + gnutls_datum *my_certs = NULL; + + my_certs = + gnutls_malloc(cred->ncerts * sizeof(gnutls_datum)); + if (my_certs == NULL) + goto clear; + + /* put our certificate's issuer and dn into cdn, idn + */ + for (i = 0; i < cred->ncerts; i++) { + my_certs[i] = cred->cert_list[i][0].raw; + } + index = + state->gnutls_internals.server_cert_callback(my_certs, + cred->ncerts); + + clear: + gnutls_free(my_certs); + } + + return index; +} diff --git a/lib/auth_x509.h b/lib/auth_x509.h index 3d85d4f34a..422f5ff35b 100644 --- a/lib/auth_x509.h +++ b/lib/auth_x509.h @@ -63,6 +63,8 @@ int _gnutls_proc_x509_client_cert_vrfy(GNUTLS_STATE, opaque *, int); int _gnutls_proc_x509_server_certificate(GNUTLS_STATE, opaque *, int); int _gnutls_find_apr_cert( GNUTLS_STATE state, gnutls_cert** apr_cert_list, int *apr_cert_list_length, gnutls_private_key** apr_pkey); int _gnutls_find_dn( gnutls_datum* odn, gnutls_cert* cert); +const gnutls_cert* _gnutls_server_find_cert( struct GNUTLS_STATE_INT*, gnutls_cert** cert_list, int cert_list_length); +int _gnutls_server_find_cert_list_index( struct GNUTLS_STATE_INT*, gnutls_cert ** cert_list, int cert_list_length); #define _gnutls_proc_x509_client_certificate _gnutls_proc_x509_server_certificate diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in index b3998bc868..e6f4f488f0 100644 --- a/lib/gnutls.h.in +++ b/lib/gnutls.h.in @@ -94,14 +94,14 @@ int gnutls_rehandshake( GNUTLS_STATE state); AlertDescription gnutls_get_last_alert( GNUTLS_STATE state); -int gnutls_send_alert(GNUTLS_SOCKET_PTR, GNUTLS_STATE, AlertLevel, AlertDescription); -int gnutls_send_appropriate_alert( GNUTLS_STATE state, int err); +int gnutls_send_alert(GNUTLS_SOCKET_PTR, GNUTLS_STATE, AlertLevel, AlertDescription); +int gnutls_send_appropriate_alert( GNUTLS_STATE state, int err); /* get information on the current state */ -BulkCipherAlgorithm gnutls_get_current_cipher( GNUTLS_STATE state); -KXAlgorithm gnutls_get_current_kx( GNUTLS_STATE state); -MACAlgorithm gnutls_get_current_mac_algorithm( GNUTLS_STATE state); -CompressionMethod gnutls_get_current_compression_method( GNUTLS_STATE state); +BulkCipherAlgorithm gnutls_cipher_get_algo( GNUTLS_STATE state); +KXAlgorithm gnutls_kx_get_algo( GNUTLS_STATE state); +MACAlgorithm gnutls_mac_get_algo( GNUTLS_STATE state); +CompressionMethod gnutls_compression_get_algo( GNUTLS_STATE state); /* the name of the specified algorithms */ const char *gnutls_cipher_get_name( BulkCipherAlgorithm); @@ -119,16 +119,16 @@ ssize_t gnutls_write( GNUTLS_STATE state, void *data, size_t sizeofdata); ssize_t gnutls_read( GNUTLS_STATE state, void *data, size_t sizeofdata); /* functions to set priority of cipher suites */ -int gnutls_set_cipher_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_set_mac_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_set_compression_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_set_kx_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_set_protocol_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST); /* set our version - 0 for TLS 1.0 and 1 for SSL3 */ -GNUTLS_Version gnutls_get_current_version(GNUTLS_STATE state); +GNUTLS_Version gnutls_protocol_get_version(GNUTLS_STATE state); -const char *gnutls_version_get_name(GNUTLS_Version version); +const char *gnutls_protocol_get_name(GNUTLS_Version version); /* get/set session */ @@ -231,16 +231,14 @@ void gnutls_global_deinit(); int gnutls_dh_replace_params( gnutls_datum prime, gnutls_datum generator, int bits); int gnutls_dh_generate_params( gnutls_datum* prime, gnutls_datum* generator, int bits); -typedef ssize_t (*PULL_FUNC)(GNUTLS_SOCKET_PTR, void*, size_t); -typedef ssize_t (*PUSH_FUNC)(GNUTLS_SOCKET_PTR, const void*, size_t); -void gnutls_set_transport_ptr(GNUTLS_STATE state, GNUTLS_SOCKET_PTR ptr); +typedef ssize_t (*GNUTLS_PULL_FUNC)(GNUTLS_SOCKET_PTR, void*, size_t); +typedef ssize_t (*GNUTLS_PUSH_FUNC)(GNUTLS_SOCKET_PTR, const void*, size_t); +void gnutls_transport_set_ptr(GNUTLS_STATE state, GNUTLS_SOCKET_PTR ptr); typedef void (*LOG_FUNC)( const char*); -void gnutls_set_push_function( GNUTLS_STATE, PUSH_FUNC push_func); -void gnutls_set_pull_function( GNUTLS_STATE, PULL_FUNC pull_func); -#define gnutls_set_push_func gnutls_set_push_function -#define gnutls_set_pull_func gnutls_set_pull_function +void gnutls_transport_set_push_function( GNUTLS_STATE, GNUTLS_PUSH_FUNC push_func); +void gnutls_transport_set_pull_function( GNUTLS_STATE, GNUTLS_PULL_FUNC pull_func); size_t gnutls_get_max_record_size( GNUTLS_STATE state); size_t gnutls_set_max_record_size( GNUTLS_STATE state, size_t size); diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index e5072e12fd..f0768967fa 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -761,13 +761,13 @@ GNUTLS_Version _gnutls_version_max(GNUTLS_STATE state) /** - * gnutls_version_get_name - Returns a string with the name of the specified SSL/TLS version + * gnutls_protocol_get_name - Returns a string with the name of the specified SSL/TLS version * @version: is a (gnutls) version number * * Returns a string that contains the name * of the specified TLS version. **/ -const char *gnutls_version_get_name(GNUTLS_Version version) +const char *gnutls_protocol_get_name(GNUTLS_Version version) { char *ret = NULL; diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 1df1ce3ba4..8281885e1c 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -33,7 +33,6 @@ #include <x509_extensions.h> #include <gnutls_algorithms.h> #include <gnutls_dh.h> -#include <gnutls_auth_int.h> #ifdef DEBUG # warning MAX ALGORITHM PARAMS == 2, ok for RSA @@ -1026,66 +1025,6 @@ int _gnutls_cert_supported_kx(const gnutls_cert * cert, KXAlgorithm ** alg, return 0; } -/* finds the most appropriate certificate in the cert list. - * The 'appropriate' is defined by the user. - * FIXME: provide user callback. - */ -const gnutls_cert *_gnutls_server_find_cert(GNUTLS_STATE state, - gnutls_cert ** cert_list, - int cert_list_length) -{ - int i; - - i = _gnutls_server_find_cert_list_index(state, cert_list, - cert_list_length); - if (i < 0) - return NULL; - - return &cert_list[i][0]; -} - -/* finds the most appropriate certificate in the cert list. - * The 'appropriate' is defined by the user. - */ -int _gnutls_server_find_cert_list_index(GNUTLS_STATE state, - gnutls_cert ** cert_list, - int cert_list_length) -{ - int i, index = -1; - const X509PKI_CREDENTIALS cred; - - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); - if (cred == NULL) { - gnutls_assert(); - return GNUTLS_E_INSUFICIENT_CRED; - } - - if (cred->ncerts > 0) - index = 0; /* default is use the first certificate */ - - if (state->gnutls_internals.client_cert_callback != NULL && cred->ncerts > 0) { /* use the callback to get certificate */ - gnutls_datum *my_certs = NULL; - - my_certs = - gnutls_malloc(cred->ncerts * sizeof(gnutls_datum)); - if (my_certs == NULL) - goto clear; - - /* put our certificate's issuer and dn into cdn, idn - */ - for (i = 0; i < cred->ncerts; i++) { - my_certs[i] = cred->cert_list[i][0].raw; - } - index = - state->gnutls_internals.server_cert_callback(my_certs, - cred->ncerts); - - clear: - gnutls_free(my_certs); - } - - return index; -} /** * gnutls_x509pki_server_set_cert_request - Used to set whether to request a client certificate diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index d15217122c..dca77b9a7a 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -49,8 +49,6 @@ struct GNUTLS_STATE_INT; /* because GNUTLS_STATE is not defined when this file i int _gnutls_cert_supported_kx( const gnutls_cert* cert, KXAlgorithm **alg, int *alg_size); PKAlgorithm _gnutls_map_pk_get_pk(KXAlgorithm kx_algorithm); int _gnutls_cert2gnutlsCert(gnutls_cert * gCert, gnutls_datum derCert); -const gnutls_cert* _gnutls_server_find_cert( struct GNUTLS_STATE_INT*, gnutls_cert** cert_list, int cert_list_length); -int _gnutls_server_find_cert_list_index( struct GNUTLS_STATE_INT*, gnutls_cert ** cert_list, int cert_list_length); #define MAX_INT_DIGITS 4 void _gnutls_int2str(int k, char* data); diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h index c1962a28d0..cd3758e4ea 100644 --- a/lib/gnutls_errors_int.h +++ b/lib/gnutls_errors_int.h @@ -2,7 +2,7 @@ */ #define GNUTLS_E_SUCCESS 0 -#define GNUTLS_E_MAC_FAILED -1 +#define GNUTLS_E_MAC_FAILED -1 /* GNUTLS_BAD_RECORD_MAC */ #define GNUTLS_E_UNKNOWN_CIPHER -2 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 #define GNUTLS_E_UNKNOWN_MAC_ALGORITHM -4 @@ -16,17 +16,17 @@ #define GNUTLS_E_FATAL_ALERT_RECEIVED -12 #define GNUTLS_E_RECEIVED_BAD_MESSAGE -13 #define GNUTLS_E_RECEIVED_MORE_DATA -14 -#define GNUTLS_E_UNEXPECTED_PACKET -15 +#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_UNEXPECTED_MESSAGE */ #define GNUTLS_E_WARNING_ALERT_RECEIVED -16 #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18 #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19 #define GNUTLS_E_UNKNOWN_KX_ALGORITHM -20 -#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 +#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_HANDSHAKE_FAILURE */ #define GNUTLS_E_UNWANTED_ALGORITHM -22 #define GNUTLS_E_MPI_SCAN_FAILED -23 -#define GNUTLS_E_DECRYPTION_FAILED -24 +#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_DECRYPTION_FAILED */ #define GNUTLS_E_MEMORY_ERROR -25 -#define GNUTLS_E_DECOMPRESSION_FAILED -26 +#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_DECOMPRESSION_FAILURE */ #define GNUTLS_E_COMPRESSION_FAILED -27 #define GNUTLS_E_AGAIN -28 #define GNUTLS_E_EXPIRED -29 @@ -36,25 +36,25 @@ #define GNUTLS_E_HASH_FAILED -33 #define GNUTLS_E_PARSING_ERROR -34 #define GNUTLS_E_MPI_PRINT_FAILED -35 -#define GNUTLS_E_REHANDSHAKE -37 +#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_NO_RENEGOTIATION */ #define GNUTLS_E_GOT_APPLICATION_DATA -38 #define GNUTLS_E_RECORD_LIMIT_REACHED -39 #define GNUTLS_E_ENCRYPTION_FAILED -40 #define GNUTLS_E_ASN1_ERROR -41 -#define GNUTLS_E_ASN1_PARSING_ERROR -42 +#define GNUTLS_E_ASN1_PARSING_ERROR -42 /* GNUTLS_BAD_CERTIFICATE */ #define GNUTLS_E_X509_CERTIFICATE_ERROR -43 #define GNUTLS_E_PK_ENCRYPTION_FAILED -44 #define GNUTLS_E_PK_DECRYPTION_FAILED -45 #define GNUTLS_E_PK_SIGNATURE_FAILED -46 #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47 #define GNUTLS_E_X509_KEY_USAGE_VIOLATION -48 -#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 +#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_BAD_CERTIFICATE */ #define GNUTLS_E_INVALID_PARAMETERS -50 #define GNUTLS_E_INVALID_REQUEST -51 #define GNUTLS_E_INTERRUPTED -52 #define GNUTLS_E_PUSH_ERROR -53 #define GNUTLS_E_PULL_ERROR -54 -#define GNUTLS_E_ILLEGAL_PARAMETER -55 +#define GNUTLS_E_ILLEGAL_PARAMETER -55 /* GNUTLS_ILLEGAL_PARAMETER */ #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56 #define GNUTLS_E_PKCS1_WRONG_PAD -57 diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index 5e62e94be7..5273faac5d 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -135,7 +135,7 @@ void gnutls_global_deinit() { */ /** - * gnutls_set_pull_function - This function sets a read like function + * gnutls_transport_set_pull_function - This function sets a read like function * @pull_func: it's a function like read * @state: gnutls state * @@ -147,12 +147,12 @@ void gnutls_global_deinit() { * PULL_FUNC is of the form, * ssize_t (*PULL_FUNC)(GNUTLS_SOCKET_PTR, const void*, size_t); **/ -void gnutls_set_pull_function( GNUTLS_STATE state, PULL_FUNC pull_func) { +void gnutls_transport_set_pull_function( GNUTLS_STATE state, PULL_FUNC pull_func) { state->gnutls_internals._gnutls_pull_func = pull_func; } /** - * gnutls_set_push_function - This function sets the function to send data + * gnutls_transport_set_push_function - This function sets the function to send data * @push_func: it's a function like write * @state: gnutls state * @@ -166,6 +166,6 @@ void gnutls_set_pull_function( GNUTLS_STATE state, PULL_FUNC pull_func) { * PUSH_FUNC is of the form, * ssize_t (*PUSH_FUNC)(GNUTLS_SOCKET_PTR, const void*, size_t); **/ -void gnutls_set_push_function( GNUTLS_STATE state, PUSH_FUNC push_func) { +void gnutls_transport_set_push_function( GNUTLS_STATE state, PUSH_FUNC push_func) { state->gnutls_internals._gnutls_push_func = push_func; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 0878fe398e..3674a5ae1c 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -502,7 +502,7 @@ svoid *gnutls_PRF( opaque * secret, int secret_size, uint8 * label, int label_size, opaque * seed, int seed_size, int total_bytes); void _gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version); -GNUTLS_Version gnutls_get_current_version(GNUTLS_STATE state); +GNUTLS_Version gnutls_protocol_get_version(GNUTLS_STATE state); void _gnutls_free_auth_info( GNUTLS_STATE state); /* These two macros return the advertized TLS version of diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index d20ac5a0b1..e2d556a9cd 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -25,7 +25,7 @@ /* the prototypes for these are in gnutls.h */ /** - * gnutls_set_cipher_priority - Sets the priority on the ciphers supported by gnutls. + * gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls. * @state: is a &GNUTLS_STATE structure. * @GNUTLS_LIST: is a 0 terminated list of BulkCipherAlgorithm elements. * @@ -36,7 +36,7 @@ * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_set_cipher_priority( GNUTLS_STATE state, GNUTLS_LIST) { +int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { va_list ap; int i,num=0; @@ -73,7 +73,7 @@ int gnutls_set_cipher_priority( GNUTLS_STATE state, GNUTLS_LIST) { } /** - * gnutls_set_kx_priority - Sets the priority on the key exchange algorithms supported by gnutls. + * gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls. * @state: is a &GNUTLS_STATE structure. * @GNUTLS_LIST: is a 0 terminated list of KXAlgorithm elements. * @@ -84,7 +84,7 @@ int gnutls_set_cipher_priority( GNUTLS_STATE state, GNUTLS_LIST) { * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_set_kx_priority( GNUTLS_STATE state, GNUTLS_LIST) { +int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { va_list ap; va_list _ap; @@ -118,7 +118,7 @@ int gnutls_set_kx_priority( GNUTLS_STATE state, GNUTLS_LIST) { } /** - * gnutls_set_mac_priority - Sets the priority on the mac algorithms supported by gnutls. + * gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls. * @state: is a &GNUTLS_STATE structure. * @GNUTLS_LIST: is a 0 terminated list of MACAlgorithm elements. * @@ -129,7 +129,7 @@ int gnutls_set_kx_priority( GNUTLS_STATE state, GNUTLS_LIST) { * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_set_mac_priority( GNUTLS_STATE state, GNUTLS_LIST) { +int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { va_list ap; int i, num=0; @@ -163,7 +163,7 @@ int gnutls_set_mac_priority( GNUTLS_STATE state, GNUTLS_LIST) { } /** - * gnutls_set_compression_priority - Sets the priority on the compression algorithms supported by gnutls. + * gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls. * @state: is a &GNUTLS_STATE structure. * @GNUTLS_LIST: is a 0 terminated list of CompressionMethod elements. * @@ -174,7 +174,7 @@ int gnutls_set_mac_priority( GNUTLS_STATE state, GNUTLS_LIST) { * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_set_compression_priority( GNUTLS_STATE state, GNUTLS_LIST) { +int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { va_list ap; int i,num=0; @@ -207,7 +207,7 @@ int gnutls_set_compression_priority( GNUTLS_STATE state, GNUTLS_LIST) { } /** - * gnutls_set_protocol_priority - Sets the priority on the protocol versions supported by gnutls. + * gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls. * @state: is a &GNUTLS_STATE structure. * @GNUTLS_LIST: is a 0 terminated list of GNUTLS_Version elements. * @@ -218,7 +218,7 @@ int gnutls_set_compression_priority( GNUTLS_STATE state, GNUTLS_LIST) { * not use the protocols's priority except for disabling * protocols that were not specified. **/ -int gnutls_set_protocol_priority( GNUTLS_STATE state, GNUTLS_LIST) { +int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST) { va_list ap; int i,num=0; diff --git a/lib/gnutls_priority.h b/lib/gnutls_priority.h index 37a7711ba1..4fb4bda645 100644 --- a/lib/gnutls_priority.h +++ b/lib/gnutls_priority.h @@ -18,8 +18,8 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int gnutls_set_cipher_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_set_kx_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_set_mac_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_set_compression_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_set_protocol_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST); diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index a49ca4b186..fd2e046bad 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -36,7 +36,14 @@ #include "gnutls_datum.h" #include "ext_max_record.h" -GNUTLS_Version gnutls_get_current_version(GNUTLS_STATE state) { +/** + * gnutls_protocol_get_version - Returns the version of the currently used protocol + * @state: is a &GNUTLS_STATE structure. + * + * Returns the version of the currently used protocol. + * + **/ +GNUTLS_Version gnutls_protocol_get_version(GNUTLS_STATE state) { GNUTLS_Version ver; ver = state->security_parameters.version; return ver; @@ -64,7 +71,7 @@ void gnutls_set_lowat(GNUTLS_STATE state, int num) { } /** - * gnutls_set_transport_ptr - Used to set first argument of the transport functions + * gnutls_transport_set_ptr - Used to set first argument of the transport functions * @state: is a &GNUTLS_STATE structure. * @ptr: is the value. * @@ -73,7 +80,7 @@ void gnutls_set_lowat(GNUTLS_STATE state, int num) { * handle. * **/ -void gnutls_set_transport_ptr(GNUTLS_STATE state, GNUTLS_SOCKET_PTR ptr) { +void gnutls_transport_set_ptr(GNUTLS_STATE state, GNUTLS_SOCKET_PTR ptr) { state->gnutls_internals.transport_ptr = ptr; } @@ -109,7 +116,7 @@ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end) (*state)->gnutls_internals.resumable = RESUME_TRUE; - gnutls_set_protocol_priority( *state, GNUTLS_TLS1, 0); /* default */ + gnutls_protocol_set_priority( *state, GNUTLS_TLS1, 0); /* default */ (*state)->gnutls_key = gnutls_calloc(1, sizeof(struct GNUTLS_KEY_INT)); if ( (*state)->gnutls_key == NULL) { @@ -547,7 +554,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } } else { /* send the current */ - lver = gnutls_get_current_version( state); + lver = gnutls_protocol_get_version( state); } headers[1]=_gnutls_version_get_major( lver); @@ -778,7 +785,7 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty * negotiated in the handshake. */ #ifdef CHECK_RECORD_VERSION - if ( (htype!=GNUTLS_CLIENT_HELLO && htype!=GNUTLS_SERVER_HELLO) && gnutls_get_current_version(state) != version) { + if ( (htype!=GNUTLS_CLIENT_HELLO && htype!=GNUTLS_SERVER_HELLO) && gnutls_protocol_get_version(state) != version) { gnutls_assert(); # ifdef RECORD_DEBUG _gnutls_log( "Record: INVALID VERSION PACKET: (%d/%d) %d.%d\n", headers[0], htype, headers[1], headers[2]); @@ -993,42 +1000,42 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty } /** - * gnutls_get_current_cipher - Returns the currently used cipher. + * gnutls_cipher_get_algo - Returns the currently used cipher. * @state: is a &GNUTLS_STATE structure. * * Returns the currently used cipher. **/ -BulkCipherAlgorithm gnutls_get_current_cipher( GNUTLS_STATE state) { +BulkCipherAlgorithm gnutls_cipher_get_algo( GNUTLS_STATE state) { return state->security_parameters.read_bulk_cipher_algorithm; } /** - * gnutls_get_current_kx - Returns the key exchange algorithm. + * gnutls_kx_get_algo - Returns the key exchange algorithm. * @state: is a &GNUTLS_STATE structure. * * Returns the key exchange algorithm used in the last handshake. **/ -KXAlgorithm gnutls_get_current_kx( GNUTLS_STATE state) { +KXAlgorithm gnutls_kx_get_algo( GNUTLS_STATE state) { return state->security_parameters.kx_algorithm; } /** - * gnutls_get_current_mac_algorithm - Returns the currently used mac algorithm. + * gnutls_mac_get_algo - Returns the currently used mac algorithm. * @state: is a &GNUTLS_STATE structure. * * Returns the currently used mac algorithm. **/ -MACAlgorithm gnutls_get_current_mac_algorithm( GNUTLS_STATE state) { +MACAlgorithm gnutls_mac_get_algo( GNUTLS_STATE state) { return state->security_parameters.read_mac_algorithm; } /** - * gnutls_get_current_compression_method - Returns the currently used compression algorithm. + * gnutls_compression_get_algo - Returns the currently used compression algorithm. * @state: is a &GNUTLS_STATE structure. * * Returns the currently used compression method. **/ -CompressionMethod gnutls_get_current_compression_method( GNUTLS_STATE state) { +CompressionMethod gnutls_compression_get_algo( GNUTLS_STATE state) { return state->security_parameters.read_compression_algorithm; } diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h index 04ee6ab137..15e70423f4 100644 --- a/lib/gnutls_record.h +++ b/lib/gnutls_record.h @@ -1,5 +1,5 @@ AlertDescription gnutls_get_last_alert( GNUTLS_STATE state); -KXAlgorithm gnutls_get_current_kx( GNUTLS_STATE state); +KXAlgorithm gnutls_kx_get_algo( GNUTLS_STATE state); ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, const void* data, size_t sizeofdata); ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType, char* data, size_t sizeofdata); ssize_t _gnutls_send_change_cipher_spec( GNUTLS_STATE state, int again); @@ -61,7 +61,7 @@ const gnutls_datum* cert_list; CertificateStatus status; int cert_list_size = 0; - tmp = gnutls_kx_get_name(gnutls_get_current_kx( state)); + tmp = gnutls_kx_get_name(gnutls_kx_get_algo( state)); printf("- Key Exchange: %s\n", tmp); cred = gnutls_get_auth_type(state); @@ -105,16 +105,16 @@ int cert_list_size = 0; } } - tmp = gnutls_version_get_name(gnutls_get_current_version(state)); + tmp = gnutls_protocol_get_name(gnutls_protocol_get_version(state)); printf("- Version: %s\n", tmp); - tmp = gnutls_compression_get_name(gnutls_get_current_compression_method( state)); + tmp = gnutls_compression_get_name(gnutls_compression_get_algo( state)); printf("- Compression: %s\n", tmp); - tmp = gnutls_cipher_get_name(gnutls_get_current_cipher( state)); + tmp = gnutls_cipher_get_name(gnutls_cipher_get_algo( state)); printf("- Cipher: %s\n", tmp); - tmp = gnutls_mac_get_name(gnutls_get_current_mac_algorithm( state)); + tmp = gnutls_mac_get_name(gnutls_mac_get_algo( state)); printf("- MAC: %s\n", tmp); return 0; @@ -222,11 +222,11 @@ int main(int argc, char** argv) #ifdef RESUME gnutls_init(&state, GNUTLS_CLIENT); - gnutls_set_protocol_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_set_cipher_priority( state, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, 0); - gnutls_set_compression_priority( state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); - gnutls_set_kx_priority( state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); - gnutls_set_mac_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_protocol_set_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); + gnutls_cipher_set_priority( state, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, 0); + gnutls_compression_set_priority( state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); + gnutls_kx_set_priority( state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); + gnutls_mac_set_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); gnutls_set_cred( state, GNUTLS_ANON, NULL); gnutls_set_cred( state, GNUTLS_SRP, cred); @@ -236,7 +236,7 @@ int main(int argc, char** argv) */ gnutls_ext_set_name_ind( state, GNUTLS_DNSNAME, "localhost"); - gnutls_set_transport_ptr( state, sd); + gnutls_transport_set_ptr( state, sd); do { ret = gnutls_handshake( state); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); @@ -285,10 +285,11 @@ int main(int argc, char** argv) /* Begin handshake again */ gnutls_init(&state, GNUTLS_CLIENT); - gnutls_set_protocol_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); - gnutls_set_cipher_priority( state, GNUTLS_3DES_CBC, GNUTLS_TWOFISH_CBC, GNUTLS_RIJNDAEL_CBC, 0); - gnutls_set_compression_priority( state, GNUTLS_NULL_COMPRESSION, 0); - gnutls_set_kx_priority( state, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); + gnutls_protocol_set_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); + gnutls_cipher_set_priority( state, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, 0); + gnutls_compression_set_priority( state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); + gnutls_kx_set_priority( state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); + gnutls_mac_set_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); gnutls_set_cred( state, GNUTLS_ANON, NULL); gnutls_set_cred( state, GNUTLS_SRP, cred); @@ -296,14 +297,12 @@ int main(int argc, char** argv) gnutls_ext_set_name_ind( state, GNUTLS_DNSNAME, "hello.server.org"); - gnutls_set_mac_priority( state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); - #ifdef RESUME gnutls_session_set_data( state, session, session_size); free(session); #endif - gnutls_set_transport_ptr( state, sd); + gnutls_transport_set_ptr( state, sd); do { ret = gnutls_handshake( state); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); diff --git a/src/serv.c b/src/serv.c index 0c119fd5d4..9f45819873 100644 --- a/src/serv.c +++ b/src/serv.c @@ -83,17 +83,17 @@ GNUTLS_STATE initialize_state() /* null cipher is here only for debuging * purposes. */ - gnutls_set_cipher_priority(state, GNUTLS_NULL_CIPHER, + gnutls_cipher_set_priority(state, GNUTLS_NULL_CIPHER, GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); - gnutls_set_compression_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); - gnutls_set_kx_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); - gnutls_set_protocol_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); + gnutls_compression_set_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); + gnutls_kx_set_priority(state, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); + gnutls_protocol_set_priority( state, GNUTLS_TLS1, GNUTLS_SSL3, 0); gnutls_set_cred(state, GNUTLS_ANON, dh_cred); gnutls_set_cred(state, GNUTLS_SRP, srp_cred); gnutls_set_cred(state, GNUTLS_X509PKI, x509_cred); - gnutls_set_mac_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); + gnutls_mac_set_priority(state, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0); gnutls_x509pki_server_set_cert_request( state, GNUTLS_CERT_REQUEST); @@ -162,7 +162,7 @@ void print_info(GNUTLS_STATE state) break; } - if (gnutls_get_current_kx(state) == GNUTLS_KX_DHE_RSA || gnutls_get_current_kx(state) == GNUTLS_KX_DHE_DSS) { + if (gnutls_kx_get_algo(state) == GNUTLS_KX_DHE_RSA || gnutls_kx_get_algo(state) == GNUTLS_KX_DHE_DSS) { printf("\n- Ephemeral DH using prime of %d bits\n", gnutls_x509pki_server_get_dh_bits( state)); } @@ -185,21 +185,21 @@ void print_info(GNUTLS_STATE state) /* print state information */ - tmp = gnutls_version_get_name(gnutls_get_current_version(state)); + tmp = gnutls_protocol_get_name( gnutls_protocol_get_version(state)); printf("- Version: %s\n", tmp); - tmp = gnutls_kx_get_name(gnutls_get_current_kx(state)); + tmp = gnutls_kx_get_name(gnutls_kx_get_algo(state)); printf("- Key Exchange: %s\n", tmp); tmp = gnutls_compression_get_name - (gnutls_get_current_compression_method(state)); + (gnutls_compression_get_algo(state)); printf("- Compression: %s\n", tmp); - tmp = gnutls_cipher_get_name(gnutls_get_current_cipher(state)); + tmp = gnutls_cipher_get_name(gnutls_cipher_get_algo(state)); printf("- Cipher: %s\n", tmp); - tmp = gnutls_mac_get_name(gnutls_get_current_mac_algorithm(state)); + tmp = gnutls_mac_get_name(gnutls_mac_get_algo(state)); printf("- MAC: %s\n", tmp); @@ -234,12 +234,12 @@ void peer_print_info( GNUTLS_STATE state) */ /* print srp specific data */ - if (gnutls_get_current_kx(state) == GNUTLS_KX_SRP) { + if (gnutls_kx_get_algo(state) == GNUTLS_KX_SRP) { sprintf(tmp2, "<p>Connected as user '%s'.</p>\n", gnutls_srp_server_get_username( state)); } - if (gnutls_get_current_kx(state) == GNUTLS_KX_DH_ANON) { + if (gnutls_kx_get_algo(state) == GNUTLS_KX_DH_ANON) { sprintf(tmp2, "<p> Connect using anonymous DH (prime of %d bits)</p>\n", gnutls_anon_server_get_dh_bits( state)); } @@ -247,26 +247,26 @@ void peer_print_info( GNUTLS_STATE state) /* print state information */ strcat( http_buffer, "<P>\n"); - tmp = gnutls_version_get_name(gnutls_get_current_version(state)); + tmp = gnutls_protocol_get_name(gnutls_protocol_get_version(state)); sprintf(tmp2, "Protocol version: <b>%s</b><br>\n", tmp); - tmp = gnutls_kx_get_name(gnutls_get_current_kx(state)); + tmp = gnutls_kx_get_name(gnutls_kx_get_algo(state)); sprintf(tmp2, "Key Exchange: <b>%s</b><br>\n", tmp); - if (gnutls_get_current_kx(state) == GNUTLS_KX_DHE_RSA || gnutls_get_current_kx(state) == GNUTLS_KX_DHE_DSS) { + if (gnutls_kx_get_algo(state) == GNUTLS_KX_DHE_RSA || gnutls_kx_get_algo(state) == GNUTLS_KX_DHE_DSS) { sprintf(tmp2, "Ephemeral DH using prime of <b>%d</b> bits.<br>\n", gnutls_x509pki_server_get_dh_bits( state)); } tmp = gnutls_compression_get_name - (gnutls_get_current_compression_method(state)); + (gnutls_compression_get_algo(state)); sprintf(tmp2, "Compression: <b>%s</b><br>\n", tmp); - tmp = gnutls_cipher_get_name(gnutls_get_current_cipher(state)); + tmp = gnutls_cipher_get_name(gnutls_cipher_get_algo(state)); sprintf(tmp2, "Cipher: <b>%s</b><br>\n", tmp); - tmp = gnutls_mac_get_name(gnutls_get_current_mac_algorithm(state)); + tmp = gnutls_mac_get_name(gnutls_mac_get_algo(state)); sprintf(tmp2, "MAC: <b>%s</b><br>\n", tmp); strcat( http_buffer, "</P>\n"); @@ -410,7 +410,7 @@ int main(int argc, char **argv) sizeof(topbuf)), ntohs(sa_cli.sin_port)); - gnutls_set_transport_ptr( state, sd); + gnutls_transport_set_ptr( state, sd); do { ret = gnutls_handshake( state); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); |