diff options
author | Joe Orton <notroj@users.noreply.github.com> | 2008-03-28 15:05:53 +0000 |
---|---|---|
committer | Joe Orton <notroj@users.noreply.github.com> | 2008-03-28 15:05:53 +0000 |
commit | 6191bffde8b81a78d614059a5ab0ec0efb8a0d28 (patch) | |
tree | 80306b22fc287d6d44cadda763b807238ce89d38 /src/ne_gnutls.c | |
parent | a1e436f2851b0e054b61771612a1263067bd7e78 (diff) | |
download | neon-git-6191bffde8b81a78d614059a5ab0ec0efb8a0d28.tar.gz |
* src/ne_gnutls.c (provide_client_cert) [HAVE_NEW_DN_API]:
Properly map the CA names into ne_ssl_dname objects and pass
these through to the provided callback.
Diffstat (limited to 'src/ne_gnutls.c')
-rw-r--r-- | src/ne_gnutls.c | 50 |
1 files changed, 44 insertions, 6 deletions
diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c index 7b8dcea..9861f66 100644 --- a/src/ne_gnutls.c +++ b/src/ne_gnutls.c @@ -578,14 +578,52 @@ static int provide_client_cert(gnutls_session session, return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } + NE_DEBUG(NE_DBG_SSL, "ssl: Client cert provider callback; %d CA names.\n", + nreqs); + if (!sess->client_cert && sess->ssl_provide_fn) { - /* The dname array cannot be converted without better dname - * support from GNUTLS. */ - sess->ssl_provide_fn(sess->ssl_provide_ud, sess, - NULL, 0); - } +#ifdef HAVE_NEW_DN_API + const ne_ssl_dname **dns; + ne_ssl_dname *dnarray; + unsigned dncount = 0; + int n; + + dns = ne_malloc(nreqs * sizeof(ne_ssl_dname *)); + dnarray = ne_calloc(nreqs * sizeof(ne_ssl_dname)); + + for (n = 0; n < nreqs; n++) { + gnutls_x509_dn_t dn; + + if (gnutls_x509_dn_init(&dn) == 0) { + dnarray[n].dn = dn; + if (gnutls_x509_dn_import(dn, &req_ca_rdn[n]) == 0) { + dns[dncount++] = &dnarray[n]; + } + else { + gnutls_x509_dn_deinit(dn); + } + } + } + + NE_DEBUG(NE_DBG_SSL, "ssl: Mapped %d CA names to %u DN objects.\n", + nreqs, dncount); + + sess->ssl_provide_fn(sess->ssl_provide_ud, sess, dns, dncount); + + for (n = 0; n < nreqs; n++) { + if (dnarray[n].dn) { + gnutls_x509_dn_deinit(dnarray[n].dn); + } + } - NE_DEBUG(NE_DBG_SSL, "In client cert provider callback.\n"); + ne_free(dns); + ne_free(dnarray); +#else /* HAVE_NEW_DN_API */ + /* Nothing to do here other than pretend no CA names were + * given, and hope the caller can cope. */ + sess->ssl_provide_fn(sess->ssl_provide_ud, sess, NULL, 0); +#endif + } if (sess->client_cert) { gnutls_certificate_type type = gnutls_certificate_type_get(session); |