summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--AUTHORS4
-rw-r--r--NEWS3
-rw-r--r--configure.in2
-rw-r--r--doc/tex/cover.tex.in1
-rw-r--r--includes/Makefile.am2
-rw-r--r--includes/gnutls/Makefile.am2
-rw-r--r--includes/gnutls/openssl.h21
-rw-r--r--lib/auth_anon.c3
-rw-r--r--lib/auth_cert.c1
-rw-r--r--lib/auth_dh_common.c1
-rw-r--r--lib/auth_dhe.c1
-rw-r--r--lib/auth_rsa.c1
-rw-r--r--lib/auth_rsa_export.c1
-rw-r--r--lib/debug.c3
-rw-r--r--lib/ext_cert_type.c1
-rw-r--r--lib/ext_max_record.c3
-rw-r--r--lib/ext_server_name.c1
-rw-r--r--lib/gnutls_alert.c1
-rw-r--r--lib/gnutls_algorithms.c1
-rw-r--r--lib/gnutls_anon_cred.c1
-rw-r--r--lib/gnutls_auth.c1
-rw-r--r--lib/gnutls_buffers.c1
-rw-r--r--lib/gnutls_cert.c1
-rw-r--r--lib/gnutls_cipher.c1
-rw-r--r--lib/gnutls_cipher_int.c1
-rw-r--r--lib/gnutls_compress.c1
-rw-r--r--lib/gnutls_compress_int.c1
-rw-r--r--lib/gnutls_constate.c1
-rw-r--r--lib/gnutls_datum.c1
-rw-r--r--lib/gnutls_db.c1
-rw-r--r--lib/gnutls_dh.c1
-rw-r--r--lib/gnutls_dh_primes.c1
-rw-r--r--lib/gnutls_errors.c1
-rw-r--r--lib/gnutls_extensions.c1
-rw-r--r--lib/gnutls_global.c1
-rw-r--r--lib/gnutls_handshake.c1
-rw-r--r--lib/gnutls_hash_int.c1
-rw-r--r--lib/gnutls_kx.c1
-rw-r--r--lib/gnutls_mem.c1
-rw-r--r--lib/gnutls_mpi.c1
-rw-r--r--lib/gnutls_num.c1
-rw-r--r--lib/gnutls_pk.c1
-rw-r--r--lib/gnutls_priority.c1
-rw-r--r--lib/gnutls_random.c1
-rw-r--r--lib/gnutls_record.c1
-rw-r--r--lib/gnutls_rsa_export.c1
-rw-r--r--lib/gnutls_session.c3
-rw-r--r--lib/gnutls_session_pack.c1
-rw-r--r--lib/gnutls_sig.c1
-rw-r--r--lib/gnutls_state.c1
-rw-r--r--lib/gnutls_str.c1
-rw-r--r--lib/gnutls_ui.c1
-rw-r--r--lib/gnutls_v2_compat.c1
-rw-r--r--lib/gnutls_x509.c1
-rw-r--r--lib/strnstr.c1
-rw-r--r--lib/x509/common.c1
-rw-r--r--lib/x509/compat.c698
-rw-r--r--lib/x509/compat.h6
-rw-r--r--lib/x509/crl.c1
-rw-r--r--lib/x509/crq.c1
-rw-r--r--lib/x509/dn.c1
-rw-r--r--lib/x509/dsa.c1
-rw-r--r--lib/x509/extensions.c1
-rw-r--r--lib/x509/mpi.c1
-rw-r--r--lib/x509/pkcs12.c1
-rw-r--r--lib/x509/pkcs12_bag.c1
-rw-r--r--lib/x509/pkcs12_encr.c5
-rw-r--r--lib/x509/pkcs5.c1
-rw-r--r--lib/x509/pkcs7.c1
-rw-r--r--lib/x509/privkey.c1
-rw-r--r--lib/x509/privkey_pkcs8.c1
-rw-r--r--lib/x509/rc2.c1
-rw-r--r--lib/x509/rfc2818_hostname.c1
-rw-r--r--lib/x509/sign.c1
-rw-r--r--lib/x509/verify.c1
-rw-r--r--lib/x509/x509.c1
-rw-r--r--lib/x509/x509_write.c1
-rw-r--r--lib/x509/xml.c1
-rw-r--r--lib/x509_b64.c1
-rw-r--r--libextra/Makefile.am4
-rw-r--r--libextra/auth_srp.c1
-rw-r--r--libextra/auth_srp_passwd.c1
-rw-r--r--libextra/auth_srp_rsa.c1
-rw-r--r--libextra/auth_srp_sb64.c1
-rw-r--r--libextra/ext_srp.c1
-rw-r--r--libextra/gnutls_extra.c1
-rw-r--r--libextra/gnutls_openpgp.c1
-rw-r--r--libextra/gnutls_openssl.c3
-rw-r--r--libextra/gnutls_srp.c1
-rw-r--r--libextra/openpgp/compat.c1
-rw-r--r--libextra/openpgp/extras.c1
-rw-r--r--libextra/openpgp/openpgp.c5
-rw-r--r--libextra/openpgp/privkey.c3
-rw-r--r--libextra/openpgp/verify.c1
-rw-r--r--libextra/openpgp/xml.c1
-rw-r--r--libextra/openssl_compat.c796
-rw-r--r--libextra/openssl_compat.h (renamed from includes/gnutls/compat8.h)70
-rw-r--r--src/certtool-gaa.c109
-rw-r--r--src/certtool-gaa.h30
-rw-r--r--src/certtool.c93
-rw-r--r--src/certtool.gaa2
-rw-r--r--src/cli.c1
-rw-r--r--src/crypt.c1
-rw-r--r--src/prime.c1
-rw-r--r--src/serv.c1
-rw-r--r--src/tests.c1
-rw-r--r--src/tls_test.c1
107 files changed, 1111 insertions, 843 deletions
diff --git a/AUTHORS b/AUTHORS
index 2061454e25..8d8d9206ec 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,3 +1,7 @@
+/*
+ * The copyright holder for Gnutls is Free Software Foundation,
+ * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ */
N: Nikos Mavroyanopoulos
A: nmav
diff --git a/NEWS b/NEWS
index 5e9ba151b5..5141f2d907 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Version 1.1.2
+- Added CRL verification functionality to certtool.
+
Version 1.1.1 (26/12/2003)
- Added PKCS #7 support to certtool utility.
- Added support for reading and generating CRL distribution
diff --git a/configure.in b/configure.in
index dd5c286b9d..32dbd3fcec 100644
--- a/configure.in
+++ b/configure.in
@@ -12,7 +12,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os", [OS name])
dnl Gnutls Version
GNUTLS_MAJOR_VERSION=1
GNUTLS_MINOR_VERSION=1
-GNUTLS_MICRO_VERSION=1
+GNUTLS_MICRO_VERSION=2
GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION
AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION", [version of gnutls])
diff --git a/doc/tex/cover.tex.in b/doc/tex/cover.tex.in
index 48207ae20b..f82e494d02 100644
--- a/doc/tex/cover.tex.in
+++ b/doc/tex/cover.tex.in
@@ -54,6 +54,7 @@ Applies to GnuTLS @VERSION@
\begin{center}
\par
Copyright \copyright\ 2001,2002,2003 Nikos Mavroyanopoulos\\
+Copyright \copyright\ 2004 Free Software Foundation\\
\setlength{\parskip}{4mm}
\par
Permission is granted to copy, distribute and/or modify this document
diff --git a/includes/Makefile.am b/includes/Makefile.am
index 7b9ff9133d..cb35de5471 100644
--- a/includes/Makefile.am
+++ b/includes/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
nobase_include_HEADERS = gnutls/extra.h gnutls/gnutls.h $(OPENSSL_H) \
- gnutls/x509.h gnutls/compat8.h gnutls/pkcs12.h \
+ gnutls/x509.h gnutls/pkcs12.h \
gnutls/openpgp.h
if ENABLE_OPENSSL
diff --git a/includes/gnutls/Makefile.am b/includes/gnutls/Makefile.am
index e65e63205a..484ff83428 100644
--- a/includes/gnutls/Makefile.am
+++ b/includes/gnutls/Makefile.am
@@ -1 +1 @@
-EXTRA_DIST = extra.h openssl.h gnutls.h x509.h compat8.h pkcs12.h openpgp.h
+EXTRA_DIST = extra.h openssl.h gnutls.h x509.h pkcs12.h openpgp.h
diff --git a/includes/gnutls/openssl.h b/includes/gnutls/openssl.h
index eb4667af9c..07d2e510c3 100644
--- a/includes/gnutls/openssl.h
+++ b/includes/gnutls/openssl.h
@@ -36,6 +36,27 @@ extern "C" {
#include <gnutls/gnutls.h>
#include <gcrypt.h>
+/* Extra definitions that do not longer exist in gnutls.
+ */
+#define GNUTLS_X509_CN_SIZE 256
+#define GNUTLS_X509_C_SIZE 3
+#define GNUTLS_X509_O_SIZE 256
+#define GNUTLS_X509_OU_SIZE 256
+#define GNUTLS_X509_L_SIZE 256
+#define GNUTLS_X509_S_SIZE 256
+#define GNUTLS_X509_EMAIL_SIZE 256
+
+typedef struct {
+ char common_name[GNUTLS_X509_CN_SIZE];
+ char country[GNUTLS_X509_C_SIZE];
+ char organization[GNUTLS_X509_O_SIZE];
+ char organizational_unit_name[GNUTLS_X509_OU_SIZE];
+ char locality_name[GNUTLS_X509_L_SIZE];
+ char state_or_province_name[GNUTLS_X509_S_SIZE];
+ char email[GNUTLS_X509_EMAIL_SIZE];
+} gnutls_x509_dn;
+
+
#define OPENSSL_VERSION_NUMBER (0x0090604F)
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
#define OPENSSL_VERSION_TEXT ("GNUTLS " LIBGNUTLS_VERSION " ")
diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index 465dbdfb63..a49df2092c 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index e76ece4bfc..d069ac6685 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c
index 287c5c4191..7ae1ea1703 100644
--- a/lib/auth_dh_common.c
+++ b/lib/auth_dh_common.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index 9b8be03b8e..79f499156f 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index e5927e6925..5931460274 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c
index bd168d0a9a..340c7e5aa3 100644
--- a/lib/auth_rsa_export.c
+++ b/lib/auth_rsa_export.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/debug.c b/lib/debug.c
index cc3c9f72ab..d944fe6b3b 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2000,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2000,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c
index 7375646124..ba2998ff00 100644
--- a/lib/ext_cert_type.c
+++ b/lib/ext_cert_type.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c
index 59e31590f8..c0ccff7f58 100644
--- a/lib/ext_max_record.c
+++ b/lib/ext_max_record.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2001 Nikos Mavroyanopoulos
+ * Copyright (C) 2001 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c
index 2b5c4d3ddc..da278969eb 100644
--- a/lib/ext_server_name.c
+++ b/lib/ext_server_name.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index d8dc35c9a4..462bb795b6 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index a713060bdf..13e7e14c97 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index 578aef62af..42b61bdf74 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 2c5bef6f9a..deaed91266 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 2b80b9ad5b..02d22370c0 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 8366a5c392..13eb2180ec 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index cca6a8fed4..b0ca7a2311 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 05267fff1b..c0b97f2408 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c
index 0cf65e041e..06d5ccdef9 100644
--- a/lib/gnutls_compress.c
+++ b/lib/gnutls_compress.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_compress_int.c b/lib/gnutls_compress_int.c
index b246a72a0a..3bd2b0d5d3 100644
--- a/lib/gnutls_compress_int.c
+++ b/lib/gnutls_compress_int.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 53962844d8..fca9088d5b 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_datum.c b/lib/gnutls_datum.c
index b871ad09f1..007404a8ae 100644
--- a/lib/gnutls_datum.c
+++ b/lib/gnutls_datum.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c
index 4cb0b20394..f54f1307d1 100644
--- a/lib/gnutls_db.c
+++ b/lib/gnutls_db.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index 65617a3e98..5d749066b2 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
* someday was part of gsti
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index d0f22310af..31a786f189 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 0ea3581416..ca386ae735 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c
index 179f09cdf7..d13e89cd86 100644
--- a/lib/gnutls_extensions.c
+++ b/lib/gnutls_extensions.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index df5327877a..c89fd3332e 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 4abb19deb9..2a3026354f 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index 1746f963dc..b7dd519c16 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index 6d83c2ad78..dbb28b10d2 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c
index dc21b196e1..0762c6f1ae 100644
--- a/lib/gnutls_mem.c
+++ b/lib/gnutls_mem.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c
index 8dede95446..0f115578c6 100644
--- a/lib/gnutls_mpi.c
+++ b/lib/gnutls_mpi.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c
index b0856ca7ad..8d9ed1c8c4 100644
--- a/lib/gnutls_num.c
+++ b/lib/gnutls_num.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index c6d5db7be1..5a2d1e888d 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index ad898bc53d..3a6a6d9907 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_random.c b/lib/gnutls_random.c
index 849ac3cb91..7500910cfa 100644
--- a/lib/gnutls_random.c
+++ b/lib/gnutls_random.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 832cffdbda..ccb6ae99d0 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c
index 113867bd32..05e82535ef 100644
--- a/lib/gnutls_rsa_export.c
+++ b/lib/gnutls_rsa_export.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c
index 2c44748431..ca043c5b21 100644
--- a/lib/gnutls_session.c
+++ b/lib/gnutls_session.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2000 Nikos Mavroyanopoulos
+ * Copyright (C) 2000,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index 1a108d347d..f3b387d65f 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 87a541d473..bdcc35d135 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 711a2fdd31..aa06c0fbe4 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index 9a3918cb7a..50e7486e53 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2002 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index bf157596db..f29eab87d8 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c
index 0676b2dc1b..9db6516b2c 100644
--- a/lib/gnutls_v2_compat.c
+++ b/lib/gnutls_v2_compat.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index e6f0093d16..cf2aee981d 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/strnstr.c b/lib/strnstr.c
index 57aed55fb0..7eaa9d0dac 100644
--- a/lib/strnstr.c
+++ b/lib/strnstr.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/common.c b/lib/x509/common.c
index 003857a716..ebbdd11a24 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/compat.c b/lib/x509/compat.c
index 77c21d4da4..ac9e33c901 100644
--- a/lib/x509/compat.c
+++ b/lib/x509/compat.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
@@ -33,264 +34,6 @@
#include <gnutls/compat8.h>
/**
- * gnutls_x509_extract_dn - This function parses an RDN sequence
- * @idn: should contain a DER encoded RDN sequence
- * @rdn: a pointer to a structure to hold the name
- *
- * This function will return the name of the given RDN sequence.
- * The name will be returned as a gnutls_x509_dn structure.
- * Returns a negative error code in case of an error.
- *
- **/
-int gnutls_x509_extract_dn(const gnutls_datum * idn, gnutls_x509_dn * rdn)
-{
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
- int result;
- size_t len;
-
- if ((result =
- asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.Name", &dn
- )) != ASN1_SUCCESS) {
- return _gnutls_asn2err(result);
- }
-
- result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS) {
- /* couldn't decode DER */
- asn1_delete_structure(&dn);
- return _gnutls_asn2err(result);
- }
-
- memset( rdn, 0, sizeof(gnutls_x509_dn));
-
- len = sizeof(rdn->country);
- _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, rdn->country, &len);
-
- len = sizeof(rdn->organization);
- _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, rdn->organization, &len);
-
- len = sizeof(rdn->organizational_unit_name);
- _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, 0, rdn->organizational_unit_name, &len);
-
- len = sizeof(rdn->common_name);
- _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_COMMON_NAME, 0, 0, rdn->common_name, &len);
-
- len = sizeof(rdn->locality_name);
- _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, rdn->locality_name, &len);
-
- len = sizeof(rdn->state_or_province_name);
- _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0, rdn->state_or_province_name, &len);
-
- len = sizeof(rdn->email);
- _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_PKCS9_EMAIL, 0, 0, rdn->email, &len);
-
- asn1_delete_structure(&dn);
-
- return 0;
-}
-
-/**
- * gnutls_x509_extract_certificate_dn - This function returns the certificate's distinguished name
- * @cert: should contain an X.509 DER encoded certificate
- * @ret: a pointer to a structure to hold the peer's name
- *
- * This function will return the name of the certificate holder. The name is gnutls_x509_dn structure and
- * is a obtained by the peer's certificate. If the certificate send by the
- * peer is invalid, or in any other failure this function returns error.
- * Returns a negative error code in case of an error.
- *
- **/
-int gnutls_x509_extract_certificate_dn(const gnutls_datum * cert,
- gnutls_x509_dn * ret)
-{
- gnutls_x509_crt xcert;
- int result;
- size_t len;
-
- result = gnutls_x509_crt_init( &xcert);
- if (result < 0) return result;
-
- result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_x509_crt_deinit( xcert);
- return result;
- }
-
- len = sizeof( ret->country);
- gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_COUNTRY_NAME, 0, 0,
- ret->country, &len);
-
- len = sizeof( ret->organization);
- gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0,
- ret->organization, &len);
-
- len = sizeof( ret->organizational_unit_name);
- gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, 0,
- ret->organizational_unit_name, &len);
-
- len = sizeof( ret->common_name);
- gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
- ret->common_name, &len);
-
- len = sizeof( ret->locality_name);
- gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_LOCALITY_NAME, 0, 0,
- ret->locality_name, &len);
-
- len = sizeof( ret->state_or_province_name);
- gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0,
- ret->state_or_province_name, &len);
-
- len = sizeof( ret->email);
- gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0,
- ret->email, &len);
-
- gnutls_x509_crt_deinit( xcert);
-
- return 0;
-}
-
-/**
- * gnutls_x509_extract_certificate_issuer_dn - This function returns the certificate's issuer distinguished name
- * @cert: should contain an X.509 DER encoded certificate
- * @ret: a pointer to a structure to hold the issuer's name
- *
- * This function will return the name of the issuer stated in the certificate. The name is a gnutls_x509_dn structure and
- * is a obtained by the peer's certificate. If the certificate send by the
- * peer is invalid, or in any other failure this function returns error.
- * Returns a negative error code in case of an error.
- *
- **/
-int gnutls_x509_extract_certificate_issuer_dn(const gnutls_datum * cert,
- gnutls_x509_dn * ret)
-{
- gnutls_x509_crt xcert;
- int result;
- size_t len;
-
- result = gnutls_x509_crt_init( &xcert);
- if (result < 0) return result;
-
- result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_x509_crt_deinit( xcert);
- return result;
- }
-
- len = sizeof( ret->country);
- gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_COUNTRY_NAME, 0, 0,
- ret->country, &len);
-
- len = sizeof( ret->organization);
- gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0,
- ret->organization, &len);
-
- len = sizeof( ret->organizational_unit_name);
- gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, 0,
- ret->organizational_unit_name, &len);
-
- len = sizeof( ret->common_name);
- gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
- ret->common_name, &len);
-
- len = sizeof( ret->locality_name);
- gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_LOCALITY_NAME, 0, 0,
- ret->locality_name, &len);
-
- len = sizeof( ret->state_or_province_name);
- gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0,
- ret->state_or_province_name, &len);
-
- len = sizeof( ret->email);
- gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0,
- ret->email, &len);
-
- gnutls_x509_crt_deinit( xcert);
-
- return 0;
-}
-
-
-/**
- * gnutls_x509_extract_certificate_subject_alt_name - This function returns the certificate's alternative name, if any
- * @cert: should contain an X.509 DER encoded certificate
- * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
- * @ret: is the place where the alternative name will be copied to
- * @ret_size: holds the size of ret.
- *
- * This function will return the alternative names, contained in the
- * given certificate.
- *
- * This is specified in X509v3 Certificate Extensions.
- * GNUTLS will return the Alternative name, or a negative
- * error code.
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if ret_size is not enough to hold the alternative
- * name, or the type of alternative name if everything was ok. The type is
- * one of the enumerated GNUTLS_X509_SUBJECT_ALT_NAME.
- *
- * If the certificate does not have an Alternative name with the specified
- * sequence number then returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- *
- **/
-int gnutls_x509_extract_certificate_subject_alt_name(const gnutls_datum * cert, int seq, char *ret, int *ret_size)
-{
- gnutls_x509_crt xcert;
- int result;
- size_t size = *ret_size;
-
- result = gnutls_x509_crt_init( &xcert);
- if (result < 0) return result;
-
- result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_x509_crt_deinit( xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_subject_alt_name( xcert, seq, ret, &size, NULL);
- *ret_size = size;
-
- gnutls_x509_crt_deinit( xcert);
-
- return result;
-}
-
-/**
- * gnutls_x509_extract_certificate_ca_status - This function returns the certificate CA status
- * @cert: should contain an X.509 DER encoded certificate
- *
- * This function will return certificates CA status, by reading the
- * basicConstraints X.509 extension. If the certificate is a CA a positive
- * value will be returned, or zero if the certificate does not have
- * CA flag set.
- *
- * A negative value may be returned in case of parsing error.
- * If the certificate does not contain the basicConstraints extension
- * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
- *
- **/
-int gnutls_x509_extract_certificate_ca_status(const gnutls_datum * cert)
-{
- gnutls_x509_crt xcert;
- int result;
-
- result = gnutls_x509_crt_init( &xcert);
- if (result < 0) return result;
-
- result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_x509_crt_deinit( xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_ca_status( xcert, NULL);
-
- gnutls_x509_crt_deinit( xcert);
-
- return result;
-}
-
-/**
* gnutls_x509_extract_certificate_activation_time - This function returns the peer's certificate activation time
* @cert: should contain an X.509 DER encoded certificate
*
@@ -354,442 +97,3 @@ time_t gnutls_x509_extract_certificate_expiration_time(const
return result;
}
-/**
- * gnutls_x509_extract_certificate_version - This function returns the certificate's version
- * @cert: is an X.509 DER encoded certificate
- *
- * This function will return the X.509 certificate's version (1, 2, 3). This is obtained by the X509 Certificate
- * Version field. Returns a negative value in case of an error.
- *
- **/
-int gnutls_x509_extract_certificate_version(const gnutls_datum * cert)
-{
- gnutls_x509_crt xcert;
- int result;
-
- result = gnutls_x509_crt_init( &xcert);
- if (result < 0) return result;
-
- result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_x509_crt_deinit( xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_version( xcert);
-
- gnutls_x509_crt_deinit( xcert);
-
- return result;
-
-}
-
-/**
- * gnutls_x509_extract_certificate_serial - This function returns the certificate's serial number
- * @cert: is an X.509 DER encoded certificate
- * @result: The place where the serial number will be copied
- * @result_size: Holds the size of the result field.
- *
- * This function will return the X.509 certificate's serial number.
- * This is obtained by the X509 Certificate serialNumber
- * field. Serial is not always a 32 or 64bit number. Some CAs use
- * large serial numbers, thus it may be wise to handle it as something
- * opaque.
- * Returns a negative value in case of an error.
- *
- **/
-int gnutls_x509_extract_certificate_serial(const gnutls_datum * cert, char* result, int* result_size)
-{
- gnutls_x509_crt xcert;
- size_t size = *result_size;
- int ret;
-
- ret = gnutls_x509_crt_init( &xcert);
- if (ret < 0) return ret;
-
- ret = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- gnutls_x509_crt_deinit( xcert);
- return ret;
- }
-
- ret = gnutls_x509_crt_get_serial( xcert, result, &size);
- *result_size = size;
-
- gnutls_x509_crt_deinit( xcert);
-
- return ret;
-}
-
-
-/**
- * gnutls_x509_extract_certificate_pk_algorithm - This function returns the certificate's PublicKey algorithm
- * @cert: is a DER encoded X.509 certificate
- * @bits: if bits is non null it will hold the size of the parameters' in bits
- *
- * This function will return the public key algorithm of an X.509
- * certificate.
- *
- * If bits is non null, it should have enough size to hold the parameters
- * size in bits. For RSA the bits returned is the modulus.
- * For DSA the bits returned are of the public
- * exponent.
- *
- * Returns a member of the gnutls_pk_algorithm enumeration on success,
- * or a negative value on error.
- *
- **/
-int gnutls_x509_extract_certificate_pk_algorithm( const gnutls_datum * cert, int* bits)
-{
- gnutls_x509_crt xcert;
- int result;
-
- result = gnutls_x509_crt_init( &xcert);
- if (result < 0) return result;
-
- result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_x509_crt_deinit( xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_pk_algorithm( xcert, bits);
-
- gnutls_x509_crt_deinit( xcert);
-
- return result;
-}
-
-
-/**
- * gnutls_x509_extract_certificate_dn_string - This function returns the certificate's distinguished name
- * @cert: should contain an X.509 DER encoded certificate
- * @buf: a pointer to a structure to hold the peer's name
- * @sizeof_buf: holds the size of 'buf'
- * @issuer: if non zero, then extract the name of the issuer, instead of the holder
- *
- * This function will copy the name of the certificate holder in the provided buffer. The name
- * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough,
- * and 0 on success.
- *
- **/
-int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf,
- const gnutls_datum * cert, int issuer)
-{
- gnutls_x509_crt xcert;
- int result;
-
- result = gnutls_x509_crt_init( &xcert);
- if (result < 0) return result;
-
- result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_x509_crt_deinit( xcert);
- return result;
- }
-
- if (!issuer)
- result = gnutls_x509_crt_get_dn( xcert, buf, &sizeof_buf);
- else
- result = gnutls_x509_crt_get_issuer_dn( xcert, buf, &sizeof_buf);
-
- gnutls_x509_crt_deinit( xcert);
-
- return result;
-}
-
-/**
- * gnutls_x509_verify_certificate - This function verifies given certificate list
- * @cert_list: is the certificate list to be verified
- * @cert_list_length: holds the number of certificate in cert_list
- * @CA_list: is the CA list which will be used in verification
- * @CA_list_length: holds the number of CA certificate in CA_list
- * @CRL_list: not used
- * @CRL_list_length: not used
- *
- * This function will try to verify the given certificate list and return its status (TRUSTED, EXPIRED etc.).
- * The return value (status) should be one or more of the gnutls_certificate_status
- * enumerated elements bitwise or'd. Note that expiration and activation dates are not checked
- * by this function, you should check them using the appropriate functions.
- *
- * This function understands the basicConstraints (2.5.29.19) PKIX extension.
- * This means that only a certificate authority can sign a certificate.
- *
- * However you must also check the peer's name in order to check if the verified certificate belongs to the
- * actual peer.
- *
- * The return value (status) should be one or more of the gnutls_certificate_status
- * enumerated elements bitwise or'd.
- *
- * GNUTLS_CERT_INVALID\: the peer's certificate is not valid.
- *
- * GNUTLS_CERT_REVOKED\: the certificate has been revoked.
- *
- * A negative error code is returned in case of an error.
- * GNUTLS_E_NO_CERTIFICATE_FOUND is returned to indicate that
- * no certificate was sent by the peer.
- *
- *
- **/
-int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list_length,
- const gnutls_datum * CA_list, int CA_list_length,
- const gnutls_datum* CRL_list, int CRL_list_length)
-{
- unsigned int verify;
- gnutls_x509_crt *peer_certificate_list = NULL;
- gnutls_x509_crt *ca_certificate_list = NULL;
- gnutls_x509_crl *crl_list = NULL;
- int peer_certificate_list_size=0, i, x, ret;
- int ca_certificate_list_size=0, crl_list_size=0;
-
- if (cert_list == NULL || cert_list_length == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- /* generate a list of gnutls_certs based on the auth info
- * raw certs.
- */
- peer_certificate_list_size = cert_list_length;
- peer_certificate_list =
- gnutls_calloc(1,
- peer_certificate_list_size *
- sizeof(gnutls_x509_crt));
- if (peer_certificate_list == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ca_certificate_list_size = CA_list_length;
- ca_certificate_list =
- gnutls_calloc(1,
- ca_certificate_list_size *
- sizeof(gnutls_x509_crt));
- if (ca_certificate_list == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- /* allocate memory for CRL
- */
- crl_list_size = CRL_list_length;
- crl_list =
- gnutls_calloc(1,
- crl_list_size *
- sizeof(gnutls_x509_crl));
- if (crl_list == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- /* convert certA_list to gnutls_cert* list
- */
- for (i = 0; i < peer_certificate_list_size; i++) {
- ret = gnutls_x509_crt_init( &peer_certificate_list[i]);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret =
- gnutls_x509_crt_import(peer_certificate_list[i],
- &cert_list[i], GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- }
-
- /* convert CA_list to gnutls_x509_cert* list
- */
- for (i = 0; i < ca_certificate_list_size; i++) {
- ret = gnutls_x509_crt_init(&ca_certificate_list[i]);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret =
- gnutls_x509_crt_import(ca_certificate_list[i],
- &CA_list[i], GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- }
-
-#ifdef ENABLE_PKI
- /* convert CRL_list to gnutls_x509_crl* list
- */
- for (i = 0; i < crl_list_size; i++) {
- ret = gnutls_x509_crl_init( &crl_list[i]);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret =
- gnutls_x509_crl_import(crl_list[i],
- &CRL_list[i], GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- }
-#endif
-
- /* Verify certificate
- */
- ret =
- gnutls_x509_crt_list_verify(peer_certificate_list,
- peer_certificate_list_size,
- ca_certificate_list, ca_certificate_list_size,
- crl_list, crl_list_size, 0, &verify);
-
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
- ret = verify;
-
- cleanup:
-
- if (peer_certificate_list != NULL)
- for(x=0;x<peer_certificate_list_size;x++) {
- if (peer_certificate_list[x] != NULL)
- gnutls_x509_crt_deinit(peer_certificate_list[x]);
- }
-
- if (ca_certificate_list != NULL)
- for(x=0;x<ca_certificate_list_size;x++) {
- if (ca_certificate_list[x] != NULL)
- gnutls_x509_crt_deinit(ca_certificate_list[x]);
- }
-
-#ifdef ENABLE_PKI
- if (crl_list != NULL)
- for(x=0;x<crl_list_size;x++) {
- if (crl_list[x] != NULL)
- gnutls_x509_crl_deinit(crl_list[x]);
- }
-
- gnutls_free( crl_list);
-#endif
-
- gnutls_free( ca_certificate_list);
- gnutls_free( peer_certificate_list);
-
- return ret;
-}
-
-/**
- * gnutls_x509_extract_key_pk_algorithm - This function returns the keys's PublicKey algorithm
- * @cert: is a DER encoded private key
- *
- * This function will return the public key algorithm of a DER encoded private
- * key.
- *
- * Returns a member of the gnutls_pk_algorithm enumeration on success,
- * or GNUTLS_E_UNKNOWN_PK_ALGORITHM on error.
- *
- **/
-int gnutls_x509_extract_key_pk_algorithm( const gnutls_datum * key)
-{
- gnutls_x509_privkey pkey;
- int ret, pk;
-
- ret = gnutls_x509_privkey_init( &pkey);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret = gnutls_x509_privkey_import( pkey, key, GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- pk = gnutls_x509_privkey_get_pk_algorithm( pkey);
-
- gnutls_x509_privkey_deinit( pkey);
- return pk;
-}
-
-#ifdef ENABLE_PKI
-
-/**
- * gnutls_x509_pkcs7_extract_certificate - This function returns a certificate in a PKCS7 certificate set
- * @pkcs7_struct: should contain a PKCS7 DER formatted structure
- * @indx: contains the index of the certificate to extract
- * @certificate: the contents of the certificate will be copied there
- * @certificate_size: should hold the size of the certificate
- *
- * This function will return a certificate of the PKCS7 or RFC2630 certificate set.
- * Returns 0 on success. If the provided buffer is not long enough,
- * then GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
- *
- * After the last certificate has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
- * will be returned.
- *
- **/
-int gnutls_x509_pkcs7_extract_certificate(const gnutls_datum * pkcs7_struct, int indx, char* certificate, int* certificate_size)
-{
- gnutls_pkcs7 pkcs7;
- int result;
- size_t size = *certificate_size;
-
- result = gnutls_pkcs7_init( &pkcs7);
- if (result < 0) return result;
-
- result = gnutls_pkcs7_import( pkcs7, pkcs7_struct, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_pkcs7_deinit( pkcs7);
- return result;
- }
-
- result = gnutls_pkcs7_get_crt_raw( pkcs7, indx, certificate, &size);
- *certificate_size = size;
-
- gnutls_pkcs7_deinit( pkcs7);
-
- return result;
-}
-
-
-/**
- * gnutls_x509_pkcs7_extract_certificate_count - This function returns the number of certificates in a PKCS7 certificate set
- * @pkcs7_struct: should contain a PKCS7 DER formatted structure
- *
- * This function will return the number of certifcates in the PKCS7 or
- * RFC2630 certificate set.
- *
- * Returns a negative value on failure.
- *
- **/
-int gnutls_x509_pkcs7_extract_certificate_count(const gnutls_datum * pkcs7_struct)
-{
- gnutls_pkcs7 pkcs7;
- int result;
-
- result = gnutls_pkcs7_init( &pkcs7);
- if (result < 0) return result;
-
- result = gnutls_pkcs7_import( pkcs7, pkcs7_struct, GNUTLS_X509_FMT_DER);
- if (result < 0) {
- gnutls_pkcs7_deinit( pkcs7);
- return result;
- }
-
- result = gnutls_pkcs7_get_crt_count( pkcs7);
-
- gnutls_pkcs7_deinit( pkcs7);
-
- return result;
-}
-
-#endif
diff --git a/lib/x509/compat.h b/lib/x509/compat.h
index 7e60f131db..834c41caa9 100644
--- a/lib/x509/compat.h
+++ b/lib/x509/compat.h
@@ -2,9 +2,3 @@
time_t gnutls_x509_extract_certificate_activation_time( const gnutls_datum*);
time_t gnutls_x509_extract_certificate_expiration_time( const gnutls_datum*);
-
-int gnutls_x509_extract_certificate_subject_alt_name( const gnutls_datum*, int seq, char*, int*);
-int gnutls_x509_extract_certificate_dn( const gnutls_datum*, gnutls_x509_dn*);
-
-int gnutls_x509_pkcs7_extract_certificate(const gnutls_datum * pkcs7_struct, int indx, char* certificate, int* certificate_size);
-int gnutls_x509_pkcs7_extract_certificate_count(const gnutls_datum * pkcs7_struct);
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index be4edc4a1d..89f2738340 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 8ed79f331a..453c31f966 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 755f72ec55..ae3af42c0e 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/dsa.c b/lib/x509/dsa.c
index 174c0b31b2..6d2f25b72f 100644
--- a/lib/x509/dsa.c
+++ b/lib/x509/dsa.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index c4dbfe4a6d..921ea125b5 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index 007e728336..53d4e5e2f9 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 9f61e21d0d..db8245af90 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c
index 6b9ab32ba1..466f4e7970 100644
--- a/lib/x509/pkcs12_bag.c
+++ b/lib/x509/pkcs12_bag.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c
index c1501e62db..921bff9b86 100644
--- a/lib/x509/pkcs12_encr.c
+++ b/lib/x509/pkcs12_encr.c
@@ -1,7 +1,4 @@
-/* This is based on minip12.
- */
-
-/* minip12.c - A minilam pkcs-12 implementation.
+/* minip12.c - A mini pkcs-12 implementation (modified for gnutls)
* Copyright (C) 2002 Free Software Foundation, Inc.
*
* This file some day was part of GnuPG.
diff --git a/lib/x509/pkcs5.c b/lib/x509/pkcs5.c
index 15ce59c05c..c1c745b71e 100644
--- a/lib/x509/pkcs5.c
+++ b/lib/x509/pkcs5.c
@@ -1,5 +1,6 @@
/* pkcs5.c Implementation of Password-Based Cryptography as per PKCS#5
* Copyright (C) 2002,2003 Simon Josefsson
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index eb12fc1212..4eac6054d6 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 930640d6e1..4798e221dd 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 433436fa3b..412b855e01 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/rc2.c b/lib/x509/rc2.c
index b993d44793..982d556f25 100644
--- a/lib/x509/rc2.c
+++ b/lib/x509/rc2.c
@@ -1,5 +1,6 @@
/* rc2.c - The RC2 stream cipher
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c
index 249ec82622..bd3d7c5713 100644
--- a/lib/x509/rfc2818_hostname.c
+++ b/lib/x509/rfc2818_hostname.c
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2002 Andrew McDonald
* Portions Copyright 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index b32c21569b..73d9d56a9d 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos <nmav@hellug.gr>
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 7055debb2e..9b3f658b00 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos <nmav@hellug.gr>
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index c7f546a7b1..88051c0cc2 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index 8de1ff010c..b4c155b7bb 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509/xml.c b/lib/x509/xml.c
index 5c3ec65f94..24df070219 100644
--- a/lib/x509/xml.c
+++ b/lib/x509/xml.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/lib/x509_b64.c b/lib/x509_b64.c
index 7156bd2fb9..9b233af614 100644
--- a/lib/x509_b64.c
+++ b/lib/x509_b64.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2003 Nikos Mavroyanopoulos <nmav@hellug.gr>
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/Makefile.am b/libextra/Makefile.am
index 0db520f996..844b9f2c34 100644
--- a/libextra/Makefile.am
+++ b/libextra/Makefile.am
@@ -12,7 +12,7 @@ else
endif
EXTRA_DIST = ext_srp.h gnutls_srp.h libgnutls-extra.vers \
- auth_srp.h auth_srp_passwd.h \
+ auth_srp.h auth_srp_passwd.h openssl_compat.h \
gnutls-extra-api.tex gnutls_extra.h libgnutls-extra-config.in \
libgnutls-extra.m4 lzoconf.h minilzo.h
@@ -22,7 +22,7 @@ lib_LTLIBRARIES = libgnutls-extra.la libgnutls-openssl.la
libgnutls_openssl_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-libgnutls_openssl_la_SOURCES = gnutls_openssl.c
+libgnutls_openssl_la_SOURCES = gnutls_openssl.c openssl_compat.c
libgnutls_openssl_la_LIBADD = \
../lib/libgnutls.la
diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c
index 169949b270..17fe1d28b2 100644
--- a/libextra/auth_srp.c
+++ b/libextra/auth_srp.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c
index 67cdaf1732..580cc7f438 100644
--- a/libextra/auth_srp_passwd.c
+++ b/libextra/auth_srp_passwd.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/auth_srp_rsa.c b/libextra/auth_srp_rsa.c
index bd5a26df86..561465d71f 100644
--- a/libextra/auth_srp_rsa.c
+++ b/libextra/auth_srp_rsa.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/auth_srp_sb64.c b/libextra/auth_srp_sb64.c
index 9011ec1843..db8edb65b7 100644
--- a/libextra/auth_srp_sb64.c
+++ b/libextra/auth_srp_sb64.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002 Nikos Mavroyanopoulos <nmav@hellug.gr>
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/ext_srp.c b/libextra/ext_srp.c
index a9460a1e7d..2624b965b1 100644
--- a/libextra/ext_srp.c
+++ b/libextra/ext_srp.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/gnutls_extra.c b/libextra/gnutls_extra.c
index b4a8c78576..00c99b2c7e 100644
--- a/libextra/gnutls_extra.c
+++ b/libextra/gnutls_extra.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index 86c2daffe3..4ba3061bcb 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2002,2003 Timo Schulz <twoaday@freakmail.de>
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index b7ecaebb9e..31155e18eb 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2002 Andrew McDonald <andrew@mcdonald.org.uk>
+ * Copyright (C) 2004 Free Software Foundation
*
* GNUTLS-EXTRA is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
@@ -19,7 +20,7 @@
#include <config.h>
#include <gnutls/gnutls.h>
-#include <gnutls/compat8.h>
+#include <openssl_compat.h>
#include <gcrypt.h>
#include <stdio.h>
#include <stdlib.h>
diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c
index e80602b118..2befd82c12 100644
--- a/libextra/gnutls_srp.c
+++ b/libextra/gnutls_srp.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/openpgp/compat.c b/libextra/openpgp/compat.c
index 4faef21985..963efad620 100644
--- a/libextra/openpgp/compat.c
+++ b/libextra/openpgp/compat.c
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2002 Timo Schulz
* Portions Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright 2004 Free Software Foundation
*
* This file is part of GNUTLS-EXTRA.
*
diff --git a/libextra/openpgp/extras.c b/libextra/openpgp/extras.c
index 48a36ccb7f..1de1b2eb8b 100644
--- a/libextra/openpgp/extras.c
+++ b/libextra/openpgp/extras.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright 2004 Free Software Foundation
*
* This file is part of GNUTLS-EXTRA.
*
diff --git a/libextra/openpgp/openpgp.c b/libextra/openpgp/openpgp.c
index 22a28a9461..5ebdab7625 100644
--- a/libextra/openpgp/openpgp.c
+++ b/libextra/openpgp/openpgp.c
@@ -1,6 +1,7 @@
/*
- * Copyright (C) 2002 Timo Schulz
- * Portions Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2002 Timo Schulz
+ * Portions Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/openpgp/privkey.c b/libextra/openpgp/privkey.c
index 51a315fa82..0331ad1bf5 100644
--- a/libextra/openpgp/privkey.c
+++ b/libextra/openpgp/privkey.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/openpgp/verify.c b/libextra/openpgp/verify.c
index 481c558222..7472b4e353 100644
--- a/libextra/openpgp/verify.c
+++ b/libextra/openpgp/verify.c
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2002 Timo Schulz
* Portions Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright 2004 Free Software Foundation
*
* This file is part of GNUTLS-EXTRA.
*
diff --git a/libextra/openpgp/xml.c b/libextra/openpgp/xml.c
index aacad0830d..d95e10e85a 100644
--- a/libextra/openpgp/xml.c
+++ b/libextra/openpgp/xml.c
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2002 Timo Schulz <twoaday@freakmail.de>
* Portions Copyright 2003 Nikos Mavroyanopoulos <nmav@gnutls.org>
+ * Copyright 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/libextra/openssl_compat.c b/libextra/openssl_compat.c
new file mode 100644
index 0000000000..247cad1bdf
--- /dev/null
+++ b/libextra/openssl_compat.c
@@ -0,0 +1,796 @@
+/*
+ * Copyright (C) 2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ */
+
+/* This file includes all functions that were in the 0.5.x and 0.8.x
+ * gnutls API. They are now implemented over the new certificate parsing
+ * API.
+ */
+
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <string.h> /* memset */
+#include <x509/dn.h>
+#include <libtasn1.h>
+#include <gnutls/x509.h>
+#include <openssl_compat.h>
+
+/**
+ * gnutls_x509_extract_dn - This function parses an RDN sequence
+ * @idn: should contain a DER encoded RDN sequence
+ * @rdn: a pointer to a structure to hold the name
+ *
+ * This function will return the name of the given RDN sequence.
+ * The name will be returned as a gnutls_x509_dn structure.
+ * Returns a negative error code in case of an error.
+ *
+ **/
+int gnutls_x509_extract_dn(const gnutls_datum * idn, gnutls_x509_dn * rdn)
+{
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+ int result;
+ size_t len;
+
+ if ((result =
+ asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.Name", &dn
+ )) != ASN1_SUCCESS) {
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS) {
+ /* couldn't decode DER */
+ asn1_delete_structure(&dn);
+ return _gnutls_asn2err(result);
+ }
+
+ memset( rdn, 0, sizeof(gnutls_x509_dn));
+
+ len = sizeof(rdn->country);
+ _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, rdn->country, &len);
+
+ len = sizeof(rdn->organization);
+ _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, rdn->organization, &len);
+
+ len = sizeof(rdn->organizational_unit_name);
+ _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, 0, rdn->organizational_unit_name, &len);
+
+ len = sizeof(rdn->common_name);
+ _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_COMMON_NAME, 0, 0, rdn->common_name, &len);
+
+ len = sizeof(rdn->locality_name);
+ _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, rdn->locality_name, &len);
+
+ len = sizeof(rdn->state_or_province_name);
+ _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0, rdn->state_or_province_name, &len);
+
+ len = sizeof(rdn->email);
+ _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_PKCS9_EMAIL, 0, 0, rdn->email, &len);
+
+ asn1_delete_structure(&dn);
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_extract_certificate_dn - This function returns the certificate's distinguished name
+ * @cert: should contain an X.509 DER encoded certificate
+ * @ret: a pointer to a structure to hold the peer's name
+ *
+ * This function will return the name of the certificate holder. The name is gnutls_x509_dn structure and
+ * is a obtained by the peer's certificate. If the certificate send by the
+ * peer is invalid, or in any other failure this function returns error.
+ * Returns a negative error code in case of an error.
+ *
+ **/
+int gnutls_x509_extract_certificate_dn(const gnutls_datum * cert,
+ gnutls_x509_dn * ret)
+{
+ gnutls_x509_crt xcert;
+ int result;
+ size_t len;
+
+ result = gnutls_x509_crt_init( &xcert);
+ if (result < 0) return result;
+
+ result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit( xcert);
+ return result;
+ }
+
+ len = sizeof( ret->country);
+ gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_COUNTRY_NAME, 0, 0,
+ ret->country, &len);
+
+ len = sizeof( ret->organization);
+ gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0,
+ ret->organization, &len);
+
+ len = sizeof( ret->organizational_unit_name);
+ gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, 0,
+ ret->organizational_unit_name, &len);
+
+ len = sizeof( ret->common_name);
+ gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
+ ret->common_name, &len);
+
+ len = sizeof( ret->locality_name);
+ gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_LOCALITY_NAME, 0, 0,
+ ret->locality_name, &len);
+
+ len = sizeof( ret->state_or_province_name);
+ gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0,
+ ret->state_or_province_name, &len);
+
+ len = sizeof( ret->email);
+ gnutls_x509_crt_get_dn_by_oid( xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0,
+ ret->email, &len);
+
+ gnutls_x509_crt_deinit( xcert);
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_extract_certificate_issuer_dn - This function returns the certificate's issuer distinguished name
+ * @cert: should contain an X.509 DER encoded certificate
+ * @ret: a pointer to a structure to hold the issuer's name
+ *
+ * This function will return the name of the issuer stated in the certificate. The name is a gnutls_x509_dn structure and
+ * is a obtained by the peer's certificate. If the certificate send by the
+ * peer is invalid, or in any other failure this function returns error.
+ * Returns a negative error code in case of an error.
+ *
+ **/
+int gnutls_x509_extract_certificate_issuer_dn(const gnutls_datum * cert,
+ gnutls_x509_dn * ret)
+{
+ gnutls_x509_crt xcert;
+ int result;
+ size_t len;
+
+ result = gnutls_x509_crt_init( &xcert);
+ if (result < 0) return result;
+
+ result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit( xcert);
+ return result;
+ }
+
+ len = sizeof( ret->country);
+ gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_COUNTRY_NAME, 0, 0,
+ ret->country, &len);
+
+ len = sizeof( ret->organization);
+ gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0,
+ ret->organization, &len);
+
+ len = sizeof( ret->organizational_unit_name);
+ gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, 0,
+ ret->organizational_unit_name, &len);
+
+ len = sizeof( ret->common_name);
+ gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_COMMON_NAME, 0, 0,
+ ret->common_name, &len);
+
+ len = sizeof( ret->locality_name);
+ gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_LOCALITY_NAME, 0, 0,
+ ret->locality_name, &len);
+
+ len = sizeof( ret->state_or_province_name);
+ gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0,
+ ret->state_or_province_name, &len);
+
+ len = sizeof( ret->email);
+ gnutls_x509_crt_get_issuer_dn_by_oid( xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0,
+ ret->email, &len);
+
+ gnutls_x509_crt_deinit( xcert);
+
+ return 0;
+}
+
+
+/**
+ * gnutls_x509_extract_certificate_subject_alt_name - This function returns the certificate's alternative name, if any
+ * @cert: should contain an X.509 DER encoded certificate
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the alternative name will be copied to
+ * @ret_size: holds the size of ret.
+ *
+ * This function will return the alternative names, contained in the
+ * given certificate.
+ *
+ * This is specified in X509v3 Certificate Extensions.
+ * GNUTLS will return the Alternative name, or a negative
+ * error code.
+ * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if ret_size is not enough to hold the alternative
+ * name, or the type of alternative name if everything was ok. The type is
+ * one of the enumerated GNUTLS_X509_SUBJECT_ALT_NAME.
+ *
+ * If the certificate does not have an Alternative name with the specified
+ * sequence number then returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ *
+ **/
+int gnutls_x509_extract_certificate_subject_alt_name(const gnutls_datum * cert, int seq, char *ret, int *ret_size)
+{
+ gnutls_x509_crt xcert;
+ int result;
+ size_t size = *ret_size;
+
+ result = gnutls_x509_crt_init( &xcert);
+ if (result < 0) return result;
+
+ result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit( xcert);
+ return result;
+ }
+
+ result = gnutls_x509_crt_get_subject_alt_name( xcert, seq, ret, &size, NULL);
+ *ret_size = size;
+
+ gnutls_x509_crt_deinit( xcert);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_extract_certificate_ca_status - This function returns the certificate CA status
+ * @cert: should contain an X.509 DER encoded certificate
+ *
+ * This function will return certificates CA status, by reading the
+ * basicConstraints X.509 extension. If the certificate is a CA a positive
+ * value will be returned, or zero if the certificate does not have
+ * CA flag set.
+ *
+ * A negative value may be returned in case of parsing error.
+ * If the certificate does not contain the basicConstraints extension
+ * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ *
+ **/
+int gnutls_x509_extract_certificate_ca_status(const gnutls_datum * cert)
+{
+ gnutls_x509_crt xcert;
+ int result;
+
+ result = gnutls_x509_crt_init( &xcert);
+ if (result < 0) return result;
+
+ result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit( xcert);
+ return result;
+ }
+
+ result = gnutls_x509_crt_get_ca_status( xcert, NULL);
+
+ gnutls_x509_crt_deinit( xcert);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_extract_certificate_activation_time - This function returns the peer's certificate activation time
+ * @cert: should contain an X.509 DER encoded certificate
+ *
+ * This function will return the certificate's activation time in UNIX time
+ * (ie seconds since 00:00:00 UTC January 1, 1970).
+ * Returns a (time_t) -1 in case of an error.
+ *
+ **/
+time_t gnutls_x509_extract_certificate_activation_time(const
+ gnutls_datum *
+ cert)
+{
+ gnutls_x509_crt xcert;
+ time_t result;
+
+ result = gnutls_x509_crt_init( &xcert);
+ if (result < 0) return result;
+
+ result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit( xcert);
+ return result;
+ }
+
+ result = gnutls_x509_crt_get_activation_time( xcert);
+
+ gnutls_x509_crt_deinit( xcert);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_extract_certificate_expiration_time - This function returns the certificate's expiration time
+ * @cert: should contain an X.509 DER encoded certificate
+ *
+ * This function will return the certificate's expiration time in UNIX time
+ * (ie seconds since 00:00:00 UTC January 1, 1970).
+ * Returns a (time_t) -1 in case of an error.
+ *
+ **/
+time_t gnutls_x509_extract_certificate_expiration_time(const
+ gnutls_datum *
+ cert)
+{
+ gnutls_x509_crt xcert;
+ time_t result;
+
+ result = gnutls_x509_crt_init( &xcert);
+ if (result < 0) return result;
+
+ result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit( xcert);
+ return result;
+ }
+
+ result = gnutls_x509_crt_get_expiration_time( xcert);
+
+ gnutls_x509_crt_deinit( xcert);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_extract_certificate_version - This function returns the certificate's version
+ * @cert: is an X.509 DER encoded certificate
+ *
+ * This function will return the X.509 certificate's version (1, 2, 3). This is obtained by the X509 Certificate
+ * Version field. Returns a negative value in case of an error.
+ *
+ **/
+int gnutls_x509_extract_certificate_version(const gnutls_datum * cert)
+{
+ gnutls_x509_crt xcert;
+ int result;
+
+ result = gnutls_x509_crt_init( &xcert);
+ if (result < 0) return result;
+
+ result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit( xcert);
+ return result;
+ }
+
+ result = gnutls_x509_crt_get_version( xcert);
+
+ gnutls_x509_crt_deinit( xcert);
+
+ return result;
+
+}
+
+/**
+ * gnutls_x509_extract_certificate_serial - This function returns the certificate's serial number
+ * @cert: is an X.509 DER encoded certificate
+ * @result: The place where the serial number will be copied
+ * @result_size: Holds the size of the result field.
+ *
+ * This function will return the X.509 certificate's serial number.
+ * This is obtained by the X509 Certificate serialNumber
+ * field. Serial is not always a 32 or 64bit number. Some CAs use
+ * large serial numbers, thus it may be wise to handle it as something
+ * opaque.
+ * Returns a negative value in case of an error.
+ *
+ **/
+int gnutls_x509_extract_certificate_serial(const gnutls_datum * cert, char* result, int* result_size)
+{
+ gnutls_x509_crt xcert;
+ size_t size = *result_size;
+ int ret;
+
+ ret = gnutls_x509_crt_init( &xcert);
+ if (ret < 0) return ret;
+
+ ret = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_x509_crt_deinit( xcert);
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_get_serial( xcert, result, &size);
+ *result_size = size;
+
+ gnutls_x509_crt_deinit( xcert);
+
+ return ret;
+}
+
+
+/**
+ * gnutls_x509_extract_certificate_pk_algorithm - This function returns the certificate's PublicKey algorithm
+ * @cert: is a DER encoded X.509 certificate
+ * @bits: if bits is non null it will hold the size of the parameters' in bits
+ *
+ * This function will return the public key algorithm of an X.509
+ * certificate.
+ *
+ * If bits is non null, it should have enough size to hold the parameters
+ * size in bits. For RSA the bits returned is the modulus.
+ * For DSA the bits returned are of the public
+ * exponent.
+ *
+ * Returns a member of the gnutls_pk_algorithm enumeration on success,
+ * or a negative value on error.
+ *
+ **/
+int gnutls_x509_extract_certificate_pk_algorithm( const gnutls_datum * cert, int* bits)
+{
+ gnutls_x509_crt xcert;
+ int result;
+
+ result = gnutls_x509_crt_init( &xcert);
+ if (result < 0) return result;
+
+ result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit( xcert);
+ return result;
+ }
+
+ result = gnutls_x509_crt_get_pk_algorithm( xcert, bits);
+
+ gnutls_x509_crt_deinit( xcert);
+
+ return result;
+}
+
+
+/**
+ * gnutls_x509_extract_certificate_dn_string - This function returns the certificate's distinguished name
+ * @cert: should contain an X.509 DER encoded certificate
+ * @buf: a pointer to a structure to hold the peer's name
+ * @sizeof_buf: holds the size of 'buf'
+ * @issuer: if non zero, then extract the name of the issuer, instead of the holder
+ *
+ * This function will copy the name of the certificate holder in the provided buffer. The name
+ * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253.
+ *
+ * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough,
+ * and 0 on success.
+ *
+ **/
+int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf,
+ const gnutls_datum * cert, int issuer)
+{
+ gnutls_x509_crt xcert;
+ int result;
+
+ result = gnutls_x509_crt_init( &xcert);
+ if (result < 0) return result;
+
+ result = gnutls_x509_crt_import( xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_x509_crt_deinit( xcert);
+ return result;
+ }
+
+ if (!issuer)
+ result = gnutls_x509_crt_get_dn( xcert, buf, &sizeof_buf);
+ else
+ result = gnutls_x509_crt_get_issuer_dn( xcert, buf, &sizeof_buf);
+
+ gnutls_x509_crt_deinit( xcert);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_verify_certificate - This function verifies given certificate list
+ * @cert_list: is the certificate list to be verified
+ * @cert_list_length: holds the number of certificate in cert_list
+ * @CA_list: is the CA list which will be used in verification
+ * @CA_list_length: holds the number of CA certificate in CA_list
+ * @CRL_list: not used
+ * @CRL_list_length: not used
+ *
+ * This function will try to verify the given certificate list and return its status (TRUSTED, EXPIRED etc.).
+ * The return value (status) should be one or more of the gnutls_certificate_status
+ * enumerated elements bitwise or'd. Note that expiration and activation dates are not checked
+ * by this function, you should check them using the appropriate functions.
+ *
+ * This function understands the basicConstraints (2.5.29.19) PKIX extension.
+ * This means that only a certificate authority can sign a certificate.
+ *
+ * However you must also check the peer's name in order to check if the verified certificate belongs to the
+ * actual peer.
+ *
+ * The return value (status) should be one or more of the gnutls_certificate_status
+ * enumerated elements bitwise or'd.
+ *
+ * GNUTLS_CERT_INVALID\: the peer's certificate is not valid.
+ *
+ * GNUTLS_CERT_REVOKED\: the certificate has been revoked.
+ *
+ * A negative error code is returned in case of an error.
+ * GNUTLS_E_NO_CERTIFICATE_FOUND is returned to indicate that
+ * no certificate was sent by the peer.
+ *
+ *
+ **/
+int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list_length,
+ const gnutls_datum * CA_list, int CA_list_length,
+ const gnutls_datum* CRL_list, int CRL_list_length)
+{
+ unsigned int verify;
+ gnutls_x509_crt *peer_certificate_list = NULL;
+ gnutls_x509_crt *ca_certificate_list = NULL;
+ gnutls_x509_crl *crl_list = NULL;
+ int peer_certificate_list_size=0, i, x, ret;
+ int ca_certificate_list_size=0, crl_list_size=0;
+
+ if (cert_list == NULL || cert_list_length == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ /* generate a list of gnutls_certs based on the auth info
+ * raw certs.
+ */
+ peer_certificate_list_size = cert_list_length;
+ peer_certificate_list =
+ gnutls_calloc(1,
+ peer_certificate_list_size *
+ sizeof(gnutls_x509_crt));
+ if (peer_certificate_list == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ca_certificate_list_size = CA_list_length;
+ ca_certificate_list =
+ gnutls_calloc(1,
+ ca_certificate_list_size *
+ sizeof(gnutls_x509_crt));
+ if (ca_certificate_list == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ /* allocate memory for CRL
+ */
+ crl_list_size = CRL_list_length;
+ crl_list =
+ gnutls_calloc(1,
+ crl_list_size *
+ sizeof(gnutls_x509_crl));
+ if (crl_list == NULL) {
+ gnutls_assert();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ /* convert certA_list to gnutls_cert* list
+ */
+ for (i = 0; i < peer_certificate_list_size; i++) {
+ ret = gnutls_x509_crt_init( &peer_certificate_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_import(peer_certificate_list[i],
+ &cert_list[i], GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ /* convert CA_list to gnutls_x509_cert* list
+ */
+ for (i = 0; i < ca_certificate_list_size; i++) {
+ ret = gnutls_x509_crt_init(&ca_certificate_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_import(ca_certificate_list[i],
+ &CA_list[i], GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+#ifdef ENABLE_PKI
+ /* convert CRL_list to gnutls_x509_crl* list
+ */
+ for (i = 0; i < crl_list_size; i++) {
+ ret = gnutls_x509_crl_init( &crl_list[i]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crl_import(crl_list[i],
+ &CRL_list[i], GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+#endif
+
+ /* Verify certificate
+ */
+ ret =
+ gnutls_x509_crt_list_verify(peer_certificate_list,
+ peer_certificate_list_size,
+ ca_certificate_list, ca_certificate_list_size,
+ crl_list, crl_list_size, 0, &verify);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = verify;
+
+ cleanup:
+
+ if (peer_certificate_list != NULL)
+ for(x=0;x<peer_certificate_list_size;x++) {
+ if (peer_certificate_list[x] != NULL)
+ gnutls_x509_crt_deinit(peer_certificate_list[x]);
+ }
+
+ if (ca_certificate_list != NULL)
+ for(x=0;x<ca_certificate_list_size;x++) {
+ if (ca_certificate_list[x] != NULL)
+ gnutls_x509_crt_deinit(ca_certificate_list[x]);
+ }
+
+#ifdef ENABLE_PKI
+ if (crl_list != NULL)
+ for(x=0;x<crl_list_size;x++) {
+ if (crl_list[x] != NULL)
+ gnutls_x509_crl_deinit(crl_list[x]);
+ }
+
+ gnutls_free( crl_list);
+#endif
+
+ gnutls_free( ca_certificate_list);
+ gnutls_free( peer_certificate_list);
+
+ return ret;
+}
+
+/**
+ * gnutls_x509_extract_key_pk_algorithm - This function returns the keys's PublicKey algorithm
+ * @cert: is a DER encoded private key
+ *
+ * This function will return the public key algorithm of a DER encoded private
+ * key.
+ *
+ * Returns a member of the gnutls_pk_algorithm enumeration on success,
+ * or GNUTLS_E_UNKNOWN_PK_ALGORITHM on error.
+ *
+ **/
+int gnutls_x509_extract_key_pk_algorithm( const gnutls_datum * key)
+{
+ gnutls_x509_privkey pkey;
+ int ret, pk;
+
+ ret = gnutls_x509_privkey_init( &pkey);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ ret = gnutls_x509_privkey_import( pkey, key, GNUTLS_X509_FMT_DER);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ pk = gnutls_x509_privkey_get_pk_algorithm( pkey);
+
+ gnutls_x509_privkey_deinit( pkey);
+ return pk;
+}
+
+#ifdef ENABLE_PKI
+
+/**
+ * gnutls_x509_pkcs7_extract_certificate - This function returns a certificate in a PKCS7 certificate set
+ * @pkcs7_struct: should contain a PKCS7 DER formatted structure
+ * @indx: contains the index of the certificate to extract
+ * @certificate: the contents of the certificate will be copied there
+ * @certificate_size: should hold the size of the certificate
+ *
+ * This function will return a certificate of the PKCS7 or RFC2630 certificate set.
+ * Returns 0 on success. If the provided buffer is not long enough,
+ * then GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
+ *
+ * After the last certificate has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ *
+ **/
+int gnutls_x509_pkcs7_extract_certificate(const gnutls_datum * pkcs7_struct, int indx, char* certificate, int* certificate_size)
+{
+ gnutls_pkcs7 pkcs7;
+ int result;
+ size_t size = *certificate_size;
+
+ result = gnutls_pkcs7_init( &pkcs7);
+ if (result < 0) return result;
+
+ result = gnutls_pkcs7_import( pkcs7, pkcs7_struct, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_pkcs7_deinit( pkcs7);
+ return result;
+ }
+
+ result = gnutls_pkcs7_get_crt_raw( pkcs7, indx, certificate, &size);
+ *certificate_size = size;
+
+ gnutls_pkcs7_deinit( pkcs7);
+
+ return result;
+}
+
+
+/**
+ * gnutls_x509_pkcs7_extract_certificate_count - This function returns the number of certificates in a PKCS7 certificate set
+ * @pkcs7_struct: should contain a PKCS7 DER formatted structure
+ *
+ * This function will return the number of certifcates in the PKCS7 or
+ * RFC2630 certificate set.
+ *
+ * Returns a negative value on failure.
+ *
+ **/
+int gnutls_x509_pkcs7_extract_certificate_count(const gnutls_datum * pkcs7_struct)
+{
+ gnutls_pkcs7 pkcs7;
+ int result;
+
+ result = gnutls_pkcs7_init( &pkcs7);
+ if (result < 0) return result;
+
+ result = gnutls_pkcs7_import( pkcs7, pkcs7_struct, GNUTLS_X509_FMT_DER);
+ if (result < 0) {
+ gnutls_pkcs7_deinit( pkcs7);
+ return result;
+ }
+
+ result = gnutls_pkcs7_get_crt_count( pkcs7);
+
+ gnutls_pkcs7_deinit( pkcs7);
+
+ return result;
+}
+
+#endif
diff --git a/includes/gnutls/compat8.h b/libextra/openssl_compat.h
index 23e2b37b30..aa9f931c54 100644
--- a/includes/gnutls/compat8.h
+++ b/libextra/openssl_compat.h
@@ -2,71 +2,31 @@
# define GNUTLS_COMPAT8_H
/* Extra definitions */
+#include <gnutls/openssl.h>
-#define GNUTLS_X509_CN_SIZE 256
-#define GNUTLS_X509_C_SIZE 3
-#define GNUTLS_X509_O_SIZE 256
-#define GNUTLS_X509_OU_SIZE 256
-#define GNUTLS_X509_L_SIZE 256
-#define GNUTLS_X509_S_SIZE 256
-#define GNUTLS_X509_EMAIL_SIZE 256
-
-#ifdef __GNUC__
-
-#define _GT_GCC_VERSION (__GNUC__ * 10000 \
- + __GNUC_MINOR__ * 100 \
- + __GNUC_PATCHLEVEL__)
-
-#if _GT_GCC_VERSION >= 30100
-# ifndef DEPRECATED
-# define DEPRECATED __attribute__ ((__deprecated__))
-# endif
-#endif
-
-#endif
-
-#ifndef DEPRECATED
-# define DEPRECATED
-#endif
-
-typedef struct {
- char common_name[GNUTLS_X509_CN_SIZE];
- char country[GNUTLS_X509_C_SIZE];
- char organization[GNUTLS_X509_O_SIZE];
- char organizational_unit_name[GNUTLS_X509_OU_SIZE];
- char locality_name[GNUTLS_X509_L_SIZE];
- char state_or_province_name[GNUTLS_X509_S_SIZE];
- char email[GNUTLS_X509_EMAIL_SIZE];
-} gnutls_x509_dn;
-
-typedef struct {
- char name[GNUTLS_X509_CN_SIZE];
- char email[GNUTLS_X509_CN_SIZE];
-} gnutls_openpgp_name;
-
-int gnutls_x509_extract_dn( const gnutls_datum*, gnutls_x509_dn*) DEPRECATED;
+int gnutls_x509_extract_dn( const gnutls_datum*, gnutls_x509_dn*);
int gnutls_x509_extract_dn_string(const gnutls_datum * idn,
- char *buf, unsigned int sizeof_buf) DEPRECATED;
-int gnutls_x509_extract_certificate_dn( const gnutls_datum*, gnutls_x509_dn*) DEPRECATED;
+ char *buf, unsigned int sizeof_buf);
+int gnutls_x509_extract_certificate_dn( const gnutls_datum*, gnutls_x509_dn*);
int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf,
- const gnutls_datum * cert, int issuer) DEPRECATED;
-int gnutls_x509_extract_certificate_issuer_dn( const gnutls_datum*, gnutls_x509_dn *) DEPRECATED;
-int gnutls_x509_extract_certificate_version( const gnutls_datum*) DEPRECATED;
-int gnutls_x509_extract_certificate_serial(const gnutls_datum * cert, char* result, int* result_size) DEPRECATED;
+ const gnutls_datum * cert, int issuer);
+int gnutls_x509_extract_certificate_issuer_dn( const gnutls_datum*, gnutls_x509_dn *);
+int gnutls_x509_extract_certificate_version( const gnutls_datum*);
+int gnutls_x509_extract_certificate_serial(const gnutls_datum * cert, char* result, int* result_size);
time_t gnutls_x509_extract_certificate_activation_time( const gnutls_datum*);
time_t gnutls_x509_extract_certificate_expiration_time( const gnutls_datum*);
-int gnutls_x509_extract_certificate_subject_alt_name( const gnutls_datum*, int seq, char*, int*) DEPRECATED;
-int gnutls_x509_pkcs7_extract_certificate(const gnutls_datum * pkcs7_struct, int indx, char* certificate, int* certificate_size) DEPRECATED;
-int gnutls_x509_extract_certificate_pk_algorithm( const gnutls_datum * cert, int* bits) DEPRECATED;
-int gnutls_x509_extract_certificate_ca_status(const gnutls_datum * cert) DEPRECATED;
-int gnutls_x509_extract_key_pk_algorithm( const gnutls_datum * key) DEPRECATED;
+int gnutls_x509_extract_certificate_subject_alt_name( const gnutls_datum*, int seq, char*, int*);
+int gnutls_x509_pkcs7_extract_certificate(const gnutls_datum * pkcs7_struct, int indx, char* certificate, int* certificate_size);
+int gnutls_x509_extract_certificate_pk_algorithm( const gnutls_datum * cert, int* bits);
+int gnutls_x509_extract_certificate_ca_status(const gnutls_datum * cert);
+int gnutls_x509_extract_key_pk_algorithm( const gnutls_datum * key);
-int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length) DEPRECATED;
+int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length);
#define gnutls_x509_fingerprint gnutls_fingerprint
#define gnutls_x509_certificate_format gnutls_x509_crt_fmt
-int gnutls_x509_extract_key_pk_algorithm( const gnutls_datum * key) DEPRECATED;
+int gnutls_x509_extract_key_pk_algorithm( const gnutls_datum * key);
#define gnutls_certificate_set_rsa_params gnutls_certificate_set_rsa_export_params
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index 7ec736b7b0..ff62cddee2 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -137,6 +137,7 @@ void gaa_help(void)
__gaa_helpsingle('p', "generate-privkey", "", "Generate a private key.");
__gaa_helpsingle('q', "generate-request", "", "Generate a PKCS #10 certificate request.");
__gaa_helpsingle('e', "verify-chain", "", "Verify a PEM encoded certificate chain. The last certificate in the chain must be a self signed one.");
+ __gaa_helpsingle(0, "verify-crl", "", "Verify a CRL.");
__gaa_helpsingle(0, "generate-dh-params", "", "Generate PKCS #3 encoded Diffie Hellman parameters.");
__gaa_helpsingle(0, "load-privkey", "FILE ", "Private key file to use.");
__gaa_helpsingle(0, "load-request", "FILE ", "Certificate request file to use.");
@@ -176,35 +177,35 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 88 "certtool.gaa"
+#line 90 "certtool.gaa"
int debug;
-#line 85 "certtool.gaa"
+#line 87 "certtool.gaa"
char *infile;
-#line 82 "certtool.gaa"
+#line 84 "certtool.gaa"
char *outfile;
-#line 79 "certtool.gaa"
+#line 81 "certtool.gaa"
int bits;
-#line 76 "certtool.gaa"
+#line 78 "certtool.gaa"
int outcert_format;
-#line 73 "certtool.gaa"
+#line 75 "certtool.gaa"
int incert_format;
-#line 70 "certtool.gaa"
+#line 72 "certtool.gaa"
int export;
-#line 67 "certtool.gaa"
+#line 69 "certtool.gaa"
int dsa;
-#line 64 "certtool.gaa"
+#line 66 "certtool.gaa"
int pkcs8;
-#line 49 "certtool.gaa"
+#line 51 "certtool.gaa"
char *pass;
-#line 46 "certtool.gaa"
+#line 48 "certtool.gaa"
char *ca;
-#line 43 "certtool.gaa"
+#line 45 "certtool.gaa"
char *ca_privkey;
-#line 40 "certtool.gaa"
+#line 42 "certtool.gaa"
char *cert;
-#line 37 "certtool.gaa"
+#line 39 "certtool.gaa"
char *request;
-#line 34 "certtool.gaa"
+#line 36 "certtool.gaa"
char *privkey;
#line 17 "certtool.gaa"
int action;
@@ -262,7 +263,7 @@ int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 32
+#define GAA_NB_OPTION 33
#define GAAOPTID_copyright 1
#define GAAOPTID_version 2
#define GAAOPTID_help 3
@@ -288,13 +289,14 @@ int gaa_error = 0;
#define GAAOPTID_load_request 23
#define GAAOPTID_load_privkey 24
#define GAAOPTID_generate_dh_params 25
-#define GAAOPTID_verify_chain 26
-#define GAAOPTID_generate_request 27
-#define GAAOPTID_generate_privkey 28
-#define GAAOPTID_update_certificate 29
-#define GAAOPTID_generate_crl 30
-#define GAAOPTID_generate_certificate 31
-#define GAAOPTID_generate_self_signed 32
+#define GAAOPTID_verify_crl 26
+#define GAAOPTID_verify_chain 27
+#define GAAOPTID_generate_request 28
+#define GAAOPTID_generate_privkey 29
+#define GAAOPTID_update_certificate 30
+#define GAAOPTID_generate_crl 31
+#define GAAOPTID_generate_certificate 32
+#define GAAOPTID_generate_self_signed 33
#line 168 "gaa.skel"
@@ -597,6 +599,7 @@ int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("l", GAAOPTID_crl_info);
GAA_CHECK1STR("i", GAAOPTID_certificate_info);
GAA_CHECK1STR("", GAAOPTID_generate_dh_params);
+ GAA_CHECK1STR("", GAAOPTID_verify_crl);
GAA_CHECK1STR("e", GAAOPTID_verify_chain);
GAA_CHECK1STR("q", GAAOPTID_generate_request);
GAA_CHECK1STR("p", GAAOPTID_generate_privkey);
@@ -633,6 +636,7 @@ int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("load-request", GAAOPTID_load_request);
GAA_CHECKSTR("load-privkey", GAAOPTID_load_privkey);
GAA_CHECKSTR("generate-dh-params", GAAOPTID_generate_dh_params);
+ GAA_CHECKSTR("verify-crl", GAAOPTID_verify_crl);
GAA_CHECKSTR("verify-chain", GAAOPTID_verify_chain);
GAA_CHECKSTR("generate-request", GAAOPTID_generate_request);
GAA_CHECKSTR("generate-privkey", GAAOPTID_generate_privkey);
@@ -684,21 +688,21 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
{
case GAAOPTID_copyright:
OK = 0;
-#line 94 "certtool.gaa"
+#line 96 "certtool.gaa"
{ print_license(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_version:
OK = 0;
-#line 93 "certtool.gaa"
+#line 95 "certtool.gaa"
{ certtool_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 91 "certtool.gaa"
+#line 93 "certtool.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
@@ -708,7 +712,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
gaa_index++;
-#line 89 "certtool.gaa"
+#line 91 "certtool.gaa"
{ gaaval->debug = GAATMP_debug.arg1 ;};
return GAA_OK;
@@ -718,7 +722,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1);
gaa_index++;
-#line 86 "certtool.gaa"
+#line 88 "certtool.gaa"
{ gaaval->infile = GAATMP_infile.arg1 ;};
return GAA_OK;
@@ -728,7 +732,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
gaa_index++;
-#line 83 "certtool.gaa"
+#line 85 "certtool.gaa"
{ gaaval->outfile = GAATMP_outfile.arg1 ;};
return GAA_OK;
@@ -738,84 +742,84 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
gaa_index++;
-#line 80 "certtool.gaa"
+#line 82 "certtool.gaa"
{ gaaval->bits = GAATMP_bits.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_outder:
OK = 0;
-#line 77 "certtool.gaa"
+#line 79 "certtool.gaa"
{ gaaval->outcert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_inder:
OK = 0;
-#line 74 "certtool.gaa"
+#line 76 "certtool.gaa"
{ gaaval->incert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_export_ciphers:
OK = 0;
-#line 71 "certtool.gaa"
+#line 73 "certtool.gaa"
{ gaaval->export=1 ;};
return GAA_OK;
break;
case GAAOPTID_dsa:
OK = 0;
-#line 68 "certtool.gaa"
+#line 70 "certtool.gaa"
{ gaaval->dsa=1 ;};
return GAA_OK;
break;
case GAAOPTID_pkcs8:
OK = 0;
-#line 65 "certtool.gaa"
+#line 67 "certtool.gaa"
{ gaaval->pkcs8=1 ;};
return GAA_OK;
break;
case GAAOPTID_to_p12:
OK = 0;
-#line 62 "certtool.gaa"
+#line 64 "certtool.gaa"
{ gaaval->action = 8; ;};
return GAA_OK;
break;
case GAAOPTID_key_info:
OK = 0;
-#line 60 "certtool.gaa"
+#line 62 "certtool.gaa"
{ gaaval->action = 6; ;};
return GAA_OK;
break;
case GAAOPTID_p7_info:
OK = 0;
-#line 58 "certtool.gaa"
+#line 60 "certtool.gaa"
{ gaaval->action = 12; ;};
return GAA_OK;
break;
case GAAOPTID_p12_info:
OK = 0;
-#line 56 "certtool.gaa"
+#line 58 "certtool.gaa"
{ gaaval->action = 9; ;};
return GAA_OK;
break;
case GAAOPTID_crl_info:
OK = 0;
-#line 54 "certtool.gaa"
+#line 56 "certtool.gaa"
{ gaaval->action = 11; ;};
return GAA_OK;
break;
case GAAOPTID_certificate_info:
OK = 0;
-#line 52 "certtool.gaa"
+#line 54 "certtool.gaa"
{ gaaval->action = 2; ;};
return GAA_OK;
@@ -825,7 +829,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_password.arg1, gaa_getstr, GAATMP_password.size1);
gaa_index++;
-#line 50 "certtool.gaa"
+#line 52 "certtool.gaa"
{ gaaval->pass = GAATMP_password.arg1 ;};
return GAA_OK;
@@ -835,7 +839,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_ca_certificate.arg1, gaa_getstr, GAATMP_load_ca_certificate.size1);
gaa_index++;
-#line 47 "certtool.gaa"
+#line 49 "certtool.gaa"
{ gaaval->ca = GAATMP_load_ca_certificate.arg1 ;};
return GAA_OK;
@@ -845,7 +849,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_ca_privkey.arg1, gaa_getstr, GAATMP_load_ca_privkey.size1);
gaa_index++;
-#line 44 "certtool.gaa"
+#line 46 "certtool.gaa"
{ gaaval->ca_privkey = GAATMP_load_ca_privkey.arg1 ;};
return GAA_OK;
@@ -855,7 +859,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr, GAATMP_load_certificate.size1);
gaa_index++;
-#line 41 "certtool.gaa"
+#line 43 "certtool.gaa"
{ gaaval->cert = GAATMP_load_certificate.arg1 ;};
return GAA_OK;
@@ -865,7 +869,7 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_request.arg1, gaa_getstr, GAATMP_load_request.size1);
gaa_index++;
-#line 38 "certtool.gaa"
+#line 40 "certtool.gaa"
{ gaaval->request = GAATMP_load_request.arg1 ;};
return GAA_OK;
@@ -875,18 +879,25 @@ int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr, GAATMP_load_privkey.size1);
gaa_index++;
-#line 35 "certtool.gaa"
+#line 37 "certtool.gaa"
{ gaaval->privkey = GAATMP_load_privkey.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_generate_dh_params:
OK = 0;
-#line 32 "certtool.gaa"
+#line 34 "certtool.gaa"
{ gaaval->action=10; ;};
return GAA_OK;
break;
+ case GAAOPTID_verify_crl:
+ OK = 0;
+#line 32 "certtool.gaa"
+{ gaaval->action=14; ;};
+
+ return GAA_OK;
+ break;
case GAAOPTID_verify_chain:
OK = 0;
#line 30 "certtool.gaa"
@@ -960,7 +971,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 96 "certtool.gaa"
+#line 98 "certtool.gaa"
{ gaaval->bits = 1024; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL;
gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL;
gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL;
diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h
index 18cca0ca96..2bef4af05b 100644
--- a/src/certtool-gaa.h
+++ b/src/certtool-gaa.h
@@ -8,35 +8,35 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 88 "certtool.gaa"
+#line 90 "certtool.gaa"
int debug;
-#line 85 "certtool.gaa"
+#line 87 "certtool.gaa"
char *infile;
-#line 82 "certtool.gaa"
+#line 84 "certtool.gaa"
char *outfile;
-#line 79 "certtool.gaa"
+#line 81 "certtool.gaa"
int bits;
-#line 76 "certtool.gaa"
+#line 78 "certtool.gaa"
int outcert_format;
-#line 73 "certtool.gaa"
+#line 75 "certtool.gaa"
int incert_format;
-#line 70 "certtool.gaa"
+#line 72 "certtool.gaa"
int export;
-#line 67 "certtool.gaa"
+#line 69 "certtool.gaa"
int dsa;
-#line 64 "certtool.gaa"
+#line 66 "certtool.gaa"
int pkcs8;
-#line 49 "certtool.gaa"
+#line 51 "certtool.gaa"
char *pass;
-#line 46 "certtool.gaa"
+#line 48 "certtool.gaa"
char *ca;
-#line 43 "certtool.gaa"
+#line 45 "certtool.gaa"
char *ca_privkey;
-#line 40 "certtool.gaa"
+#line 42 "certtool.gaa"
char *cert;
-#line 37 "certtool.gaa"
+#line 39 "certtool.gaa"
char *request;
-#line 34 "certtool.gaa"
+#line 36 "certtool.gaa"
char *privkey;
#line 17 "certtool.gaa"
int action;
diff --git a/src/certtool.c b/src/certtool.c
index 0d62ed2f12..d587806454 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
@@ -38,6 +39,7 @@ void pkcs7_info( void);
void pkcs12_info( void);
void generate_pkcs12( void);
void verify_chain(void);
+void verify_crl(void);
gnutls_x509_privkey load_private_key(int mand);
gnutls_x509_crq load_request(void);
gnutls_x509_privkey load_ca_private_key(void);
@@ -772,6 +774,9 @@ int ret;
case 13:
generate_signed_crl();
break;
+ case 14:
+ verify_crl();
+ break;
default:
fprintf(stderr, "GnuTLS' certtool utility.\n");
fprintf(stderr, "Please use the --help to get help on this program.\n");
@@ -1114,6 +1119,7 @@ static void print_crl_info( gnutls_x509_crl crl, FILE* out, int all)
char *print, dn[256];
const char* cprint;
+ fprintf(out, "CRL information:\n");
fprintf(out, "Version: %d\n", gnutls_x509_crl_get_version(crl));
/* Issuer
@@ -1475,7 +1481,8 @@ static gnutls_x509_crt crt[MAX_CERTS];
char* ptr;
int ret, i;
gnutls_datum dat;
-size_t size, ptr_size;
+size_t size;
+int ptr_size;
*crt_size = 0;
fprintf(stderr, "Loading certificate list...\n");
@@ -1522,7 +1529,9 @@ size_t size, ptr_size;
ptr++;
ptr_size = size;
- ptr_size -= ((void*)ptr - (void*)buffer);
+ ptr_size -= (unsigned int)((unsigned char*)ptr - (unsigned char*)buffer);
+
+ if (ptr_size < 0) break;
(*crt_size)++;
}
@@ -1872,8 +1881,6 @@ time_t now = time(0);
comma = 1;
fprintf(outfile, "Revoked");
}
-
-
}
void verify_chain( void)
@@ -1881,11 +1888,89 @@ void verify_chain( void)
size_t size;
size = fread( buffer, 1, sizeof(buffer)-1, infile);
+ buffer[size] = 0;
_verify_x509_mem( buffer, size);
}
+void verify_crl( void)
+{
+size_t size, dn_size;
+char dn[128];
+unsigned int output;
+int comma=0;
+int ret;
+gnutls_datum pem;
+gnutls_x509_crl crl;
+time_t now = time(0);
+gnutls_x509_crt issuer;
+
+ issuer = load_ca_cert();
+
+ fprintf(outfile, "\nCA certificate:\n");
+ dn_size = sizeof(dn);
+ ret = gnutls_x509_crt_get_dn(issuer, dn, &dn_size);
+ if (ret >= 0)
+ fprintf(outfile, "\tSubject: %s\n\n", dn);
+
+ size = fread( buffer, 1, sizeof(buffer)-1, infile);
+ buffer[size] = 0;
+
+ pem.data = buffer;
+ pem.size = size;
+
+ gnutls_x509_crl_init( &crl);
+
+ ret = gnutls_x509_crl_import(crl, &pem, in_cert_format);
+ if (ret < 0) {
+ fprintf(stderr, "CRL decoding error: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ print_crl_info( crl, outfile, 1);
+
+
+ fprintf(outfile, "Verification output: ");
+ ret = gnutls_x509_crl_verify( crl, &issuer, 1, 0, &output);
+ if (ret < 0) {
+ fprintf(stderr, "Error in verification: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ if (output&GNUTLS_CERT_NOT_TRUSTED) {
+ fprintf(outfile, "Not verified");
+ comma = 1;
+ } else {
+ fprintf(outfile, "Verified");
+ comma = 1;
+ }
+
+ if (output&GNUTLS_CERT_SIGNER_NOT_CA) {
+ if (comma) fprintf(outfile, ", ");
+ fprintf(outfile, "Issuer is not a CA");
+ comma = 1;
+ }
+
+ /* Check expiration dates.
+ */
+
+ if (gnutls_x509_crl_get_this_update(crl) > now) {
+ if (comma) fprintf(outfile, ", ");
+ comma = 1;
+ fprintf(outfile, "Issued in the future!");
+ }
+
+ if (gnutls_x509_crl_get_next_update(crl) < now) {
+ if (comma) fprintf(outfile, ", ");
+ comma = 1;
+ fprintf(outfile, "CRL is not up to date");
+ }
+
+ fprintf(outfile, "\n");
+
+}
+
#include <gnutls/pkcs12.h>
#include <unistd.h>
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 5418c66f8c..9fb257e93f 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -29,6 +29,8 @@ option (q, generate-request) { $action=3; } "Generate a PKCS #10 certificate req
option (e, verify-chain) { $action=5; } "Verify a PEM encoded certificate chain. The last certificate in the chain must be a self signed one."
+option (verify-crl) { $action=14; } "Verify a CRL."
+
option (generate-dh-params) { $action=10; } "Generate PKCS #3 encoded Diffie Hellman parameters."
#char *privkey;
diff --git a/src/cli.c b/src/cli.c
index e9a2137fcb..d4a676c894 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/src/crypt.c b/src/crypt.c
index 893804f338..9fefb5d643 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/src/prime.c b/src/prime.c
index 72edcdf85c..afa4581109 100644
--- a/src/prime.c
+++ b/src/prime.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/src/serv.c b/src/serv.c
index bd43904a74..561e47664b 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2001,2002 Paul Sheer
* Portions Copyright (C) 2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/src/tests.c b/src/tests.c
index eba1297aab..74060bc69b 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
diff --git a/src/tls_test.c b/src/tls_test.c
index 83cf5eefad..bf7691b618 100644
--- a/src/tls_test.c
+++ b/src/tls_test.c
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*