diff options
Diffstat (limited to 'manual/html_node/Simple-client-example-with-SSH_002dstyle-certificate-verification.html')
-rw-r--r-- | manual/html_node/Simple-client-example-with-SSH_002dstyle-certificate-verification.html | 283 |
1 files changed, 0 insertions, 283 deletions
diff --git a/manual/html_node/Simple-client-example-with-SSH_002dstyle-certificate-verification.html b/manual/html_node/Simple-client-example-with-SSH_002dstyle-certificate-verification.html deleted file mode 100644 index 57f6fa7867..0000000000 --- a/manual/html_node/Simple-client-example-with-SSH_002dstyle-certificate-verification.html +++ /dev/null @@ -1,283 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<!-- This manual is last updated 4 March 2015 for version -3.5.4 of GnuTLS. - -Copyright (C) 2001-2015 Free Software Foundation, Inc.\\ -Copyright (C) 2001-2015 Nikos Mavrogiannopoulos - -Permission is granted to copy, distribute and/or modify this document -under the terms of the GNU Free Documentation License, Version 1.3 or -any later version published by the Free Software Foundation; with no -Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A -copy of the license is included in the section entitled "GNU Free -Documentation License". --> -<!-- Created by GNU Texinfo 6.1, http://www.gnu.org/software/texinfo/ --> -<head> -<title>GnuTLS 3.5.4: Simple client example with SSH-style certificate verification</title> - -<meta name="description" content="GnuTLS 3.5.4: Simple client example with SSH-style certificate verification"> -<meta name="keywords" content="GnuTLS 3.5.4: Simple client example with SSH-style certificate verification"> -<meta name="resource-type" content="document"> -<meta name="distribution" content="global"> -<meta name="Generator" content="makeinfo"> -<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> -<link href="index.html#Top" rel="start" title="Top"> -<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index"> -<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents"> -<link href="Client-examples.html#Client-examples" rel="up" title="Client examples"> -<link href="Simple-client-example-with-anonymous-authentication.html#Simple-client-example-with-anonymous-authentication" rel="next" title="Simple client example with anonymous authentication"> -<link href="Simple-client-example-with-X_002e509-certificate-support.html#Simple-client-example-with-X_002e509-certificate-support" rel="prev" title="Simple client example with X.509 certificate support"> -<style type="text/css"> -<!-- -a.summary-letter {text-decoration: none} -blockquote.indentedblock {margin-right: 0em} -blockquote.smallindentedblock {margin-right: 0em; font-size: smaller} -blockquote.smallquotation {font-size: smaller} -div.display {margin-left: 3.2em} -div.example {margin-left: 3.2em} -div.lisp {margin-left: 3.2em} -div.smalldisplay {margin-left: 3.2em} -div.smallexample {margin-left: 3.2em} -div.smalllisp {margin-left: 3.2em} -kbd {font-style: oblique} -pre.display {font-family: inherit} -pre.format {font-family: inherit} -pre.menu-comment {font-family: serif} -pre.menu-preformatted {font-family: serif} -pre.smalldisplay {font-family: inherit; font-size: smaller} -pre.smallexample {font-size: smaller} -pre.smallformat {font-family: inherit; font-size: smaller} -pre.smalllisp {font-size: smaller} -span.nolinebreak {white-space: nowrap} -span.roman {font-family: initial; font-weight: normal} -span.sansserif {font-family: sans-serif; font-weight: normal} -ul.no-bullet {list-style: none} -body { - margin: 2%; - padding: 0 5%; - background: #ffffff; -} -h1,h2,h3,h4,h5 { - font-weight: bold; - padding: 5px 5px 5px 5px; - background-color: #c2e0ff; - color: #336699; -} -h1 { - padding: 2em 2em 2em 5%; - color: white; - background: #336699; - text-align: center; - letter-spacing: 3px; -} -h2 { text-decoration: underline; } -pre { - margin: 0 5%; - padding: 0.5em; -} -pre.example,pre.verbatim { - padding-bottom: 1em; - - border: solid #c2e0ff; - background: #f0faff; - border-width: 1px 1px 1px 5px; - margin: 1em auto; - width: 90%; -} - -div.node { - margin: 0 -5% 0 -2%; - padding: 0.5em 0.5em; - margin-top: 0.5em; - margin-bottom: 0.5em; - font-weight: bold; -} -dd, li { - padding-top: 0.1em; - padding-bottom: 0.1em; -} -div.float { - - margin-bottom: 0.5em; - text-align: center; -} - -table { - text-align: left; - margin-left:auto; - margin-right:auto; - border-spacing: 7px; - width: 50%; -} - -th { - padding: 0; - color: #336699; - background-color: #c2e0ff; - border: solid #000000; - border-width: 0px; - margin: 1em auto; - text-align: center; - margin-left:auto; - margin-right:auto; -} - -td { - padding: 0; - border: solid #000000; - background-color: #f0faff; - border-width: 0px; - margin: 1em auto; - text-align: left; - margin-left:auto; - margin-right:auto; - padding-left: 1em; -} - -dl { - text-align: left; - margin-left:auto; - margin-right:auto; - width: 50%; - - padding-left: 1em; - border: solid #c2e0ff; - background: #f0faff; - border-width: 5px 1px 1px 1px; - margin: 1em auto; -} - ---> -</style> - - -</head> - -<body lang="en"> -<a name="Simple-client-example-with-SSH_002dstyle-certificate-verification"></a> -<div class="header"> -<p> -Next: <a href="Simple-client-example-with-anonymous-authentication.html#Simple-client-example-with-anonymous-authentication" accesskey="n" rel="next">Simple client example with anonymous authentication</a>, Previous: <a href="Simple-client-example-with-X_002e509-certificate-support.html#Simple-client-example-with-X_002e509-certificate-support" accesskey="p" rel="prev">Simple client example with X.509 certificate support</a>, Up: <a href="Client-examples.html#Client-examples" accesskey="u" rel="up">Client examples</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> -</div> -<hr> -<a name="Simple-client-example-with-SSH_002dstyle-certificate-verification-1"></a> -<h4 class="subsection">7.1.2 Simple client example with SSH-style certificate verification</h4> - -<p>This is an alternative verification function that will use the -X.509 certificate authorities for verification, but also assume an -trust on first use (SSH-like) authentication system. That is the user is -prompted on unknown public keys and known public keys are considered -trusted. -</p> -<pre class="verbatim">/* This example code is placed in the public domain. */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <gnutls/gnutls.h> -#include <gnutls/x509.h> -#include <assert.h> -#include "examples.h" - -#define CHECK(x) assert((x)>=0) - -/* This function will verify the peer's certificate, check - * if the hostname matches. In addition it will perform an - * SSH-style authentication, where ultimately trusted keys - * are only the keys that have been seen before. - */ -int _ssh_verify_certificate_callback(gnutls_session_t session) -{ - unsigned int status; - const gnutls_datum_t *cert_list; - unsigned int cert_list_size; - int ret, type; - gnutls_datum_t out; - const char *hostname; - - /* read hostname */ - hostname = gnutls_session_get_ptr(session); - - /* This verification function uses the trusted CAs in the credentials - * structure. So you must have installed one or more CA certificates. - */ - CHECK(gnutls_certificate_verify_peers3(session, hostname, &status)); - - type = gnutls_certificate_type_get(session); - - CHECK(gnutls_certificate_verification_status_print(status, - type, &out, 0)); - printf("%s", out.data); - - gnutls_free(out.data); - - if (status != 0) /* Certificate is not trusted */ - return GNUTLS_E_CERTIFICATE_ERROR; - - /* Do SSH verification */ - cert_list = gnutls_certificate_get_peers(session, &cert_list_size); - if (cert_list == NULL) { - printf("No certificate was found!\n"); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - /* service may be obtained alternatively using getservbyport() */ - ret = gnutls_verify_stored_pubkey(NULL, NULL, hostname, "https", - type, &cert_list[0], 0); - if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) { - printf("Host %s is not known.", hostname); - if (status == 0) - printf("Its certificate is valid for %s.\n", - hostname); - - /* the certificate must be printed and user must be asked on - * whether it is trustworthy. --see gnutls_x509_crt_print() */ - - /* if not trusted */ - return GNUTLS_E_CERTIFICATE_ERROR; - } else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { - printf - ("Warning: host %s is known but has another key associated.", - hostname); - printf - ("It might be that the server has multiple keys, or you are under attack\n"); - if (status == 0) - printf("Its certificate is valid for %s.\n", - hostname); - - /* the certificate must be printed and user must be asked on - * whether it is trustworthy. --see gnutls_x509_crt_print() */ - - /* if not trusted */ - return GNUTLS_E_CERTIFICATE_ERROR; - } else if (ret < 0) { - printf("gnutls_verify_stored_pubkey: %s\n", - gnutls_strerror(ret)); - return ret; - } - - /* user trusts the key -> store it */ - if (ret != 0) { - CHECK(gnutls_store_pubkey(NULL, NULL, hostname, "https", - type, &cert_list[0], 0, 0)); - } - - /* notify gnutls to continue handshake normally */ - return 0; -} -</pre> -<hr> -<div class="header"> -<p> -Next: <a href="Simple-client-example-with-anonymous-authentication.html#Simple-client-example-with-anonymous-authentication" accesskey="n" rel="next">Simple client example with anonymous authentication</a>, Previous: <a href="Simple-client-example-with-X_002e509-certificate-support.html#Simple-client-example-with-X_002e509-certificate-support" accesskey="p" rel="prev">Simple client example with X.509 certificate support</a>, Up: <a href="Client-examples.html#Client-examples" accesskey="u" rel="up">Client examples</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> -</div> - - - -</body> -</html> |