summaryrefslogtreecommitdiff
path: root/doc/tex/ex3.tex
blob: 63c9bdf657d5ec786878a2ab85d47d569aca103a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

\begin{verbatim}

#define PRINTX(x,y) if (y[0]!=0) printf(" -   %s %s\n", x, y)
#define PRINT_DN(X) PRINTX( "CN:", X.common_name); \
        PRINTX( "OU:", X.organizational_unit_name); \
        PRINTX( "O:", X.organization); \
        PRINTX( "L:", X.locality_name); \
        PRINTX( "S:", X.state_or_province_name); \
        PRINTX( "C:", X.country); \
        PRINTX( "E:", X.email)

/* This function will print some details of the
 * given state.
 */
int print_info(GNUTLS_STATE state)
{
   const char *tmp;
   GNUTLS_CredType cred;
   gnutls_x509_dn dn;
   const gnutls_datum *cert_list;
   int status;
   int cert_list_size = 0;
   GNUTLS_KXAlgorithm kx;
   time_t expiret = gnutls_certificate_expiration_time_peers(state);
   time_t activet = gnutls_certificate_activation_time_peers(state);

   /* print the key exchange's algorithm name
    */
   kx = gnutls_kx_get(state);
   tmp = gnutls_kx_get_name(kx);
   printf("- Key Exchange: %s\n", tmp);

   cred = gnutls_auth_get_type(state);
   switch (cred) {
   case GNUTLS_CRD_ANON:
      printf("- Anonymous DH using prime of %d bits\n",
             gnutls_dh_get_bits(state));
      break;
   case GNUTLS_CRD_CERTIFICATE:
      /* in case of certificate authentication
       */
      cert_list = gnutls_certificate_get_peers(state, &cert_list_size);
      status = gnutls_certificate_verify_peers(state);
      
      if ( status < 0) {
         if ( status == GNUTLS_E_NO_CERTIFICATE_FOUND)
            printf("- Peer did not send any X509 Certificate.\n");
         else
            printf("- Could not verify certificate\n");
      } else {

         if ( status & GNUTLS_CERT_INVALID)
            printf("- Peer's certificate is invalid\n");
         if ( status & GNUTLS_CERT_CORRUPTED)
            printf("- Peer's certificate is corrupted.\n");
         if ( status & GNUTLS_CERT_REVOKED)
            printf("- Peer's certificate is revoked\n");

         if ( status & GNUTLS_CERT_NOT_TRUSTED)
            printf("- Peer's certificate is not trusted\n");
         else
            printf("- Peer's certificate is trusted\n");
      }

      /* Check if we have been using ephemeral Diffie Hellman.
       */
      if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) {
         printf("\n- Ephemeral DH using prime of %d bits\n",
                gnutls_dh_get_bits(state));
      }

      /* if the certificate list is available, then
       * print some information about it.
       */
      if (cert_list_size > 0 && gnutls_cert_type_get(state) == GNUTLS_CRT_X509) {
         char digest[20];
         char serial[40];
         int digest_size = sizeof(digest), i;
         int serial_size = sizeof(serial);
         char printable[120];
         char *print;
         int algo, bits;

         printf(" - Certificate info:\n");

         printf(" - Certificate is valid since: %s", ctime( &activet));
         printf(" - Certificate expires: %s", ctime( &expiret));

         /* Print the fingerprint of the certificate
          */
         if (gnutls_x509_fingerprint(GNUTLS_DIG_MD5, &cert_list[0], digest, &digest_size) >= 0) {
            print = printable;
            for (i = 0; i < digest_size; i++) {
               sprintf(print, "%.2x ", (unsigned char) digest[i]);
               print += 3;
            }
            printf(" - Certificate fingerprint: %s\n", printable);
         }

         /* Print the serial number of the certificate.
          */
         if (gnutls_x509_extract_certificate_serial(&cert_list[0], serial, &serial_size) >= 0) {
            print = printable;
            for (i = 0; i < serial_size; i++) {
               sprintf(print, "%.2x ", (unsigned char) serial[i]);
               print += 3;
            }
            printf(" - Certificate serial number: %s\n", printable);
         }

         /* Extract some of the public key algorithm's parameters
          */
         algo = gnutls_x509_extract_certificate_pk_algorithm( &cert_list[0], &bits);
         printf("Certificate public key: ");

         if (algo==GNUTLS_PK_RSA) {
            printf("RSA\n");
            printf(" Modulus: %d bits\n", bits);
         } else if (algo==GNUTLS_PK_DSA) {
            printf("DSA\n");
            printf(" Exponent: %d bits\n", bits);
         } else {
            printf("UNKNOWN\n");
         }

         /* Print the version of the X.509 
          * certificate.
          */
         printf(" - Certificate version: #%d\n", gnutls_x509_extract_certificate_version(&cert_list[0]));

         gnutls_x509_extract_certificate_dn(&cert_list[0], &dn);
         PRINT_DN(dn);

         gnutls_x509_extract_certificate_issuer_dn(&cert_list[0], &dn);
         printf(" - Certificate Issuer's info:\n");
         PRINT_DN(dn);

      }
   }

   tmp = gnutls_protocol_get_name(gnutls_protocol_get_version(state));
   printf("- Protocol: %s\n", tmp);

   tmp = gnutls_cert_type_get_name( gnutls_cert_type_get(state));
   printf("- Certificate Type: %s\n", tmp);

   tmp = gnutls_compression_get_name(gnutls_compression_get(state));
   printf("- Compression: %s\n", tmp);

   tmp = gnutls_cipher_get_name(gnutls_cipher_get(state));
   printf("- Cipher: %s\n", tmp);

   tmp = gnutls_mac_get_name(gnutls_mac_get(state));
   printf("- MAC: %s\n", tmp);

   return 0;
}

\end{verbatim}
View Lorry Controller Status