commit cf9ed7910a034b8b38f982a499af0cd7a53754fc
parent 8fa092106e3f8d0213f8a2c7252524dd340f443e
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 16 Nov 2008 05:13:26 +0000
more dce
Diffstat:
10 files changed, 0 insertions(+), 1023 deletions(-)
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
@@ -694,12 +694,6 @@ extern "C"
MHD_gnutls_certificate_request_t
req);
- /* get data from the session */
- time_t MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t
- session);
- time_t MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t
- session);
-
int MHD_gtls_pem_base64_encode (const char *msg,
const MHD_gnutls_datum_t * data,
char *result, size_t * result_size);
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c
@@ -361,153 +361,6 @@ void MHD_gtls_certificate_server_set_retrieve_function
cred->server_get_cert_callback = func;
}
-/*-
- * MHD__gnutls_x509_extract_certificate_activation_time - This function returns the peer's certificate activation time
- * @cert: should contain an X.509 DER encoded certificate
- *
- * This function will return the certificate's activation time in UNIX time
- * (ie seconds since 00:00:00 UTC January 1, 1970).
- *
- * Returns a (time_t) -1 in case of an error.
- *
- -*/
-static time_t
-MHD__gnutls_x509_get_raw_crt_activation_time (const MHD_gnutls_datum_t * cert)
-{
- MHD_gnutls_x509_crt_t xcert;
- time_t result;
-
- result = MHD_gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return (time_t) - 1;
-
- result = MHD_gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- MHD_gnutls_x509_crt_deinit (xcert);
- return (time_t) - 1;
- }
-
- result = MHD_gnutls_x509_crt_get_activation_time (xcert);
-
- MHD_gnutls_x509_crt_deinit (xcert);
-
- return result;
-}
-
-/*-
- * MHD_gnutls_x509_extract_certificate_expiration_time - This function returns the certificate's expiration time
- * @cert: should contain an X.509 DER encoded certificate
- *
- * This function will return the certificate's expiration time in UNIX
- * time (ie seconds since 00:00:00 UTC January 1, 1970). Returns a
- *
- * (time_t) -1 in case of an error.
- *
- -*/
-static time_t
-MHD__gnutls_x509_get_raw_crt_expiration_time (const MHD_gnutls_datum_t * cert)
-{
- MHD_gnutls_x509_crt_t xcert;
- time_t result;
-
- result = MHD_gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return (time_t) - 1;
-
- result = MHD_gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- MHD_gnutls_x509_crt_deinit (xcert);
- return (time_t) - 1;
- }
-
- result = MHD_gnutls_x509_crt_get_expiration_time (xcert);
-
- MHD_gnutls_x509_crt_deinit (xcert);
-
- return result;
-}
-
-/**
- * MHD_gtls_certificate_expiration_time_peers - This function returns the peer's certificate expiration time
- * @session: is a gnutls session
- *
- * This function will return the peer's certificate expiration time.
- *
- * Returns: (time_t)-1 on error.
- **/
-time_t
-MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t session)
-{
- cert_auth_info_t info;
-
- CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- {
- return (time_t) - 1;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- {
- MHD_gnutls_assert ();
- return (time_t) - 1;
- }
-
- switch (MHD_gnutls_certificate_type_get (session))
- {
- case MHD_GNUTLS_CRT_X509:
- return
- MHD__gnutls_x509_get_raw_crt_expiration_time (&info->
- raw_certificate_list
- [0]);
- default:
- return (time_t) - 1;
- }
-}
-
-/**
- * MHD_gtls_certificate_activation_time_peers - This function returns the peer's certificate activation time
- * @session: is a gnutls session
- *
- * This function will return the peer's certificate activation time.
- * This is the creation time for openpgp keys.
- *
- * Returns: (time_t)-1 on error.
- **/
-time_t
-MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t session)
-{
- cert_auth_info_t info;
-
- CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = MHD_gtls_get_auth_info (session);
- if (info == NULL)
- {
- return (time_t) - 1;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- {
- MHD_gnutls_assert ();
- return (time_t) - 1;
- }
-
- switch (MHD_gnutls_certificate_type_get (session))
- {
- case MHD_GNUTLS_CRT_X509:
- return
- MHD__gnutls_x509_get_raw_crt_activation_time (&info->
- raw_certificate_list
- [0]);
- default:
- return (time_t) - 1;
- }
-}
-
int
MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
enum MHD_GNUTLS_CertificateType type,
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c
@@ -35,692 +35,6 @@
#include <mpi.h>
#include <time.h>
-typedef struct _oid2string
-{
- const char *oid;
- const char *ldap_desc;
- int choice; /* of type DirectoryString */
- int printable;
-} oid2string;
-
-/* This list contains all the OIDs that may be
- * contained in a rdnSequence and are printable.
- */
-static const oid2string _oid2str[] = {
- /* PKIX
- */
- {"1.3.6.1.5.5.7.9.1",
- "dateOfBirth",
- 0,
- 1},
- {"1.3.6.1.5.5.7.9.2",
- "placeOfBirth",
- 0,
- 1},
- {"1.3.6.1.5.5.7.9.3",
- "gender",
- 0,
- 1},
- {"1.3.6.1.5.5.7.9.4",
- "countryOfCitizenship",
- 0,
- 1},
- {"1.3.6.1.5.5.7.9.5",
- "countryOfResidence",
- 0,
- 1},
-
- {"2.5.4.6",
- "C",
- 0,
- 1},
- {"2.5.4.9",
- "STREET",
- 1,
- 1},
- {"2.5.4.12",
- "T",
- 1,
- 1},
- {"2.5.4.10",
- "O",
- 1,
- 1},
- {"2.5.4.11",
- "OU",
- 1,
- 1},
- {"2.5.4.3",
- "CN",
- 1,
- 1},
- {"2.5.4.7",
- "L",
- 1,
- 1},
- {"2.5.4.8",
- "ST",
- 1,
- 1},
-
- {"2.5.4.5",
- "serialNumber",
- 0,
- 1},
- {"2.5.4.20",
- "telephoneNumber",
- 0,
- 1},
- {"2.5.4.4",
- "surName",
- 1,
- 1},
- {"2.5.4.43",
- "initials",
- 1,
- 1},
- {"2.5.4.44",
- "generationQualifier",
- 1,
- 1},
- {"2.5.4.42",
- "givenName",
- 1,
- 1},
- {"2.5.4.65",
- "pseudonym",
- 1,
- 1},
- {"2.5.4.46",
- "dnQualifier",
- 0,
- 1},
-
- {"0.9.2342.19200300.100.1.25",
- "DC",
- 0,
- 1},
- {"0.9.2342.19200300.100.1.1",
- "UID",
- 1,
- 1},
-
- /* PKCS #9
- */
- {"1.2.840.113549.1.9.1",
- "EMAIL",
- 0,
- 1},
- {"1.2.840.113549.1.9.7",
- NULL,
- 1,
- 1},
-
- /* friendly name */
- {"1.2.840.113549.1.9.20",
- NULL,
- 0,
- 1},
- {NULL,
- NULL,
- 0,
- 0}
-};
-
-/* Returns 1 if the data defined by the OID are printable.
- */
-int
-MHD__gnutls_x509_oid_data_printable (const char *oid)
-{
- int i = 0;
-
- do
- {
- if (strcmp (_oid2str[i].oid, oid) == 0)
- return _oid2str[i].printable;
- i++;
- }
- while (_oid2str[i].oid != NULL);
-
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_dn_oid_known - This function will return true if the given OID is known
- * @oid: holds an Object Identifier in a null terminated string
- *
- * This function will inform about known DN OIDs. This is useful since functions
- * like MHD_gnutls_x509_crt_set_dn_by_oid() use the information on known
- * OIDs to properly encode their input. Object Identifiers that are not
- * known are not encoded by these functions, and their input is stored directly
- * into the ASN.1 structure. In that case of unknown OIDs, you have
- * the responsibility of DER encoding your data.
- *
- * Returns 1 on known OIDs and 0 otherwise.
- *
- **/
-int
-MHD_gnutls_x509_dn_oid_known (const char *oid)
-{
- int i = 0;
-
- do
- {
- if (strcmp (_oid2str[i].oid, oid) == 0)
- return 1;
- i++;
- }
- while (_oid2str[i].oid != NULL);
-
- return 0;
-}
-
-/* Returns 1 if the data defined by the OID are of a choice
- * type.
- */
-static int
-MHD__gnutls_x509_oid_data_choice (const char *oid)
-{
- int i = 0;
-
- do
- {
- if (strcmp (_oid2str[i].oid, oid) == 0)
- return _oid2str[i].choice;
- i++;
- }
- while (_oid2str[i].oid != NULL);
-
- return 0;
-}
-
-const char *
-MHD__gnutls_x509_oid2ldap_string (const char *oid)
-{
- int i = 0;
-
- do
- {
- if (strcmp (_oid2str[i].oid, oid) == 0)
- return _oid2str[i].ldap_desc;
- i++;
- }
- while (_oid2str[i].oid != NULL);
-
- return NULL;
-}
-
-/* This function will convert an attribute value, specified by the OID,
- * to a string. The result will be a null terminated string.
- *
- * res may be null. This will just return the res_size, needed to
- * hold the string.
- */
-int
-MHD__gnutls_x509_oid_data2string (const char *oid,
- void *value,
- int value_size, char *res,
- size_t * res_size)
-{
- char str[MAX_STRING_LEN], tmpname[128];
- const char *ANAME = NULL;
- int CHOICE = -1, len = -1, result;
- ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
- char MHD__asn1_err[MAX_ERROR_DESCRIPTION_SIZE] = "";
-
- if (value == NULL || value_size <= 0 || res_size == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (MHD__gnutls_x509_oid_data_printable (oid) == 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ANAME = MHD__asn1_find_structure_from_oid (MHD__gnutls_get_pkix (), oid);
- CHOICE = MHD__gnutls_x509_oid_data_choice (oid);
-
- if (ANAME == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- MHD_gtls_str_cpy (str, sizeof (str), "PKIX1.");
- MHD_gtls_str_cat (str, sizeof (str), ANAME);
-
- if ((result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), str,
- &tmpasn)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- if ((result =
- MHD__asn1_der_decoding (&tmpasn, value, value_size,
- MHD__asn1_err)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_x509_log ("MHD__asn1_der_decoding: %s:%s\n", str,
- MHD__asn1_err);
- MHD__asn1_delete_structure (&tmpasn);
- return MHD_gtls_asn2err (result);
- }
-
- /* If this is a choice then we read the choice. Otherwise it
- * is the value;
- */
- len = sizeof (str) - 1;
- if ((result = MHD__asn1_read_value (tmpasn, "", str, &len)) != ASN1_SUCCESS)
- { /* CHOICE */
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&tmpasn);
- return MHD_gtls_asn2err (result);
- }
-
- if (CHOICE == 0)
- {
- str[len] = 0;
-
- if (res)
- MHD_gtls_str_cpy (res, *res_size, str);
- *res_size = len;
-
- MHD__asn1_delete_structure (&tmpasn);
- }
- else
- { /* CHOICE */
- int non_printable = 0, teletex = 0;
- str[len] = 0;
-
- /* Note that we do not support strings other than
- * UTF-8 (thus ASCII as well).
- */
- if (strcmp (str, "printableString") != 0
- && strcmp (str, "ia5String") != 0
- && strcmp (str, "utf8String") != 0)
- {
- non_printable = 1;
- }
- if (strcmp (str, "teletexString") == 0)
- teletex = 1;
-
- MHD_gtls_str_cpy (tmpname, sizeof (tmpname), str);
-
- len = sizeof (str) - 1;
- if ((result = MHD__asn1_read_value (tmpasn, tmpname, str, &len))
- != ASN1_SUCCESS)
- {
- MHD__asn1_delete_structure (&tmpasn);
- return MHD_gtls_asn2err (result);
- }
-
- MHD__asn1_delete_structure (&tmpasn);
-
- if (teletex != 0)
- {
- int ascii = 0, i;
- /* HACK: if the teletex string contains only ascii
- * characters then treat it as printable.
- */
- for (i = 0; i < len; i++)
- if (!isascii (str[i]))
- ascii = 1;
-
- if (ascii == 0)
- non_printable = 0;
- }
-
- if (res)
- {
- if (non_printable == 0)
- {
- str[len] = 0;
- MHD_gtls_str_cpy (res, *res_size, str);
- *res_size = len;
- }
- else
- {
- result =
- MHD__gnutls_x509_data2hex ((const unsigned char *) str, len,
- (unsigned char *) res, res_size);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
- }
- }
-
- }
-
- return 0;
-}
-
-/* Converts a data string to an LDAP rfc2253 hex string
- * something like '#01020304'
- */
-int
-MHD__gnutls_x509_data2hex (const opaque * data,
- size_t data_size, opaque * out,
- size_t * sizeof_out)
-{
- char *res;
- char escaped[MAX_STRING_LEN];
- unsigned int size;
-
- if (2 * data_size + 1 > MAX_STRING_LEN)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- res = MHD_gtls_bin2hex (data, data_size, escaped, sizeof (escaped));
- if (!res)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- size = strlen (res) + 1;
- if (size + 1 > *sizeof_out)
- {
- *sizeof_out = size;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- *sizeof_out = size; /* -1 for the null +1 for the '#' */
-
- if (out)
- {
- strcpy ((char*) out, "#");
- strcat ((char*) out, res);
- }
- return 0;
-}
-
-/* TIME functions
- * Convertions between generalized or UTC time to time_t
- *
- */
-
-/* This is an emulations of the struct tm.
- * Since we do not use libc's functions, we don't need to
- * depend on the libc structure.
- */
-typedef struct fake_tm
-{
- int tm_mon;
- int tm_year; /* FULL year - ie 1971 */
- int tm_mday;
- int tm_hour;
- int tm_min;
- int tm_sec;
-} fake_tm;
-
-/* The mktime_utc function is due to Russ Allbery (rra@stanford.edu),
- * who placed it under public domain:
- */
-
-/* The number of days in each month.
- */
-static const int MONTHDAYS[] = { 31,
- 28,
- 31,
- 30,
- 31,
- 30,
- 31,
- 31,
- 30,
- 31,
- 30,
- 31
-};
-
-/* Whether a given year is a leap year. */
-#define ISLEAP(year) \
- (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0))
-
-/*
- ** Given a struct tm representing a calendar time in UTC, convert it to
- ** seconds since epoch. Returns (time_t) -1 if the time is not
- ** convertable. Note that this function does not canonicalize the provided
- ** struct tm, nor does it allow out of range values or years before 1970.
- */
-static time_t
-mktime_utc (const struct fake_tm *tm)
-{
- time_t result = 0;
- int i;
-
- /* We do allow some ill-formed dates, but we don't do anything special
- * with them and our callers really shouldn't pass them to us. Do
- * explicitly disallow the ones that would cause invalid array accesses
- * or other algorithm problems.
- */
- if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
- return (time_t) - 1;
-
- /* Convert to a time_t.
- */
- for (i = 1970; i < tm->tm_year; i++)
- result += 365 + ISLEAP (i);
- for (i = 0; i < tm->tm_mon; i++)
- result += MONTHDAYS[i];
- if (tm->tm_mon > 1 && ISLEAP (tm->tm_year))
- result++;
- result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour;
- result = 60 * result + tm->tm_min;
- result = 60 * result + tm->tm_sec;
- return result;
-}
-
-/* this one will parse dates of the form:
- * month|day|hour|minute|sec* (2 chars each)
- * and year is given. Returns a time_t date.
- */
-static time_t
-MHD__gnutls_x509_time2gtime (const char *ttime, int year)
-{
- char xx[3];
- struct fake_tm etime;
- time_t ret;
-
- if (strlen (ttime) < 8)
- {
- MHD_gnutls_assert ();
- return (time_t) - 1;
- }
-
- etime.tm_year = year;
-
- /* In order to work with 32 bit
- * time_t.
- */
- if (sizeof (time_t) <= 4 && etime.tm_year >= 2038)
- return (time_t) 2145914603; /* 2037-12-31 23:23:23 */
-
- xx[2] = 0;
-
- /* get the month
- */
- memcpy (xx, ttime, 2); /* month */
- etime.tm_mon = atoi (xx) - 1;
- ttime += 2;
-
- /* get the day
- */
- memcpy (xx, ttime, 2); /* day */
- etime.tm_mday = atoi (xx);
- ttime += 2;
-
- /* get the hour
- */
- memcpy (xx, ttime, 2); /* hour */
- etime.tm_hour = atoi (xx);
- ttime += 2;
-
- /* get the minutes
- */
- memcpy (xx, ttime, 2); /* minutes */
- etime.tm_min = atoi (xx);
- ttime += 2;
-
- if (strlen (ttime) >= 2)
- {
- memcpy (xx, ttime, 2);
- etime.tm_sec = atoi (xx);
- ttime += 2;
- }
- else
- etime.tm_sec = 0;
-
- ret = mktime_utc (&etime);
-
- return ret;
-}
-
-/* returns a time_t value that contains the given time.
- * The given time is expressed as:
- * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
- *
- * (seconds are optional)
- */
-static time_t
-MHD__gnutls_x509_utcTime2gtime (const char *ttime)
-{
- char xx[3];
- int year;
-
- if (strlen (ttime) < 10)
- {
- MHD_gnutls_assert ();
- return (time_t) - 1;
- }
- xx[2] = 0;
- /* get the year
- */
- memcpy (xx, ttime, 2); /* year */
- year = atoi (xx);
- ttime += 2;
-
- if (year > 49)
- year += 1900;
- else
- year += 2000;
-
- return MHD__gnutls_x509_time2gtime (ttime, year);
-}
-
-/* returns a time_t value that contains the given time.
- * The given time is expressed as:
- * YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
- */
-static time_t
-MHD__gnutls_x509_generalTime2gtime (const char *ttime)
-{
- char xx[5];
- int year;
-
- if (strlen (ttime) < 12)
- {
- MHD_gnutls_assert ();
- return (time_t) - 1;
- }
-
- if (strchr (ttime, 'Z') == 0)
- {
- MHD_gnutls_assert ();
- /* sorry we don't support it yet
- */
- return (time_t) - 1;
- }
- xx[4] = 0;
-
- /* get the year
- */
- memcpy (xx, ttime, 4); /* year */
- year = atoi (xx);
- ttime += 4;
-
- return MHD__gnutls_x509_time2gtime (ttime, year);
-
-}
-
-/* Extracts the time in time_t from the ASN1_TYPE given. When should
- * be something like "tbsCertList.thisUpdate".
- */
-#define MAX_TIME 64
-time_t
-MHD__gnutls_x509_get_time (ASN1_TYPE c2, const char *when)
-{
- char ttime[MAX_TIME];
- char name[128];
- time_t c_time = (time_t) - 1;
- int len, result;
-
- MHD_gtls_str_cpy (name, sizeof (name), when);
-
- len = sizeof (ttime) - 1;
- if ((result = MHD__asn1_read_value (c2, name, ttime, &len)) < 0)
- {
- MHD_gnutls_assert ();
- return (time_t) (-1);
- }
-
- /* CHOICE */
- if (strcmp (ttime, "generalTime") == 0)
- {
-
- MHD_gtls_str_cat (name, sizeof (name), ".generalTime");
- len = sizeof (ttime) - 1;
- result = MHD__asn1_read_value (c2, name, ttime, &len);
- if (result == ASN1_SUCCESS)
- c_time = MHD__gnutls_x509_generalTime2gtime (ttime);
- }
- else
- { /* UTCTIME */
-
- MHD_gtls_str_cat (name, sizeof (name), ".utcTime");
- len = sizeof (ttime) - 1;
- result = MHD__asn1_read_value (c2, name, ttime, &len);
- if (result == ASN1_SUCCESS)
- c_time = MHD__gnutls_x509_utcTime2gtime (ttime);
- }
-
- /* We cannot handle dates after 2031 in 32 bit machines.
- * a time_t of 64bits has to be used.
- */
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return (time_t) (-1);
- }
- return c_time;
-}
-
-
-MHD_gnutls_x509_subject_alt_name_t
-MHD__gnutls_x509_san_find_type (char *str_type)
-{
- if (strcmp (str_type, "dNSName") == 0)
- return GNUTLS_SAN_DNSNAME;
- if (strcmp (str_type, "rfc822Name") == 0)
- return GNUTLS_SAN_RFC822NAME;
- if (strcmp (str_type, "uniformResourceIdentifier") == 0)
- return GNUTLS_SAN_URI;
- if (strcmp (str_type, "iPAddress") == 0)
- return GNUTLS_SAN_IPADDRESS;
- if (strcmp (str_type, "otherName") == 0)
- return GNUTLS_SAN_OTHERNAME;
- if (strcmp (str_type, "directoryName") == 0)
- return GNUTLS_SAN_DN;
- return (MHD_gnutls_x509_subject_alt_name_t) - 1;
-}
-
/* A generic export function. Will export the given ASN.1 encoded data
* to PEM or DER raw data.
*/
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h
@@ -58,21 +58,6 @@
#define SIG_GOST_R3410_94_OID "1.2.643.2.2.4"
#define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3"
-int MHD__gnutls_x509_oid_data2string (const char *OID, void *value,
- int value_size, char *res,
- size_t * res_size);
-int MHD__gnutls_x509_data2hex (const opaque * data, size_t data_size,
- opaque * out, size_t * sizeof_out);
-
-const char *MHD__gnutls_x509_oid2ldap_string (const char *OID);
-
-int MHD__gnutls_x509_oid_data_printable (const char *OID);
-
-time_t MHD__gnutls_x509_get_time (ASN1_TYPE c2, const char *when);
-
-MHD_gnutls_x509_subject_alt_name_t MHD__gnutls_x509_san_find_type (char
- *str_type);
-
int MHD__gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
MHD_gnutls_datum_t * res, int str);
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c
@@ -217,59 +217,3 @@ MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
return 0;
}
-/* extract the basicConstraints from the DER encoded extension
- */
-int
-MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
- int *pathLenConstraint,
- opaque * extnValue,
- int extnValueLen)
-{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- char str[128];
- int len, result;
-
- if ((result = MHD__asn1_create_element
- (MHD__gnutls_get_pkix (), "PKIX1.BasicConstraints",
- &ext)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
-
- if (pathLenConstraint)
- {
- result = MHD__gnutls_x509_read_uint (ext, "pathLenConstraint",
- (unsigned int *)
- pathLenConstraint);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- *pathLenConstraint = -1;
- else if (result != GNUTLS_E_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
- }
-
- /* the default value of cA is false.
- */
- len = sizeof (str) - 1;
- result = MHD__asn1_read_value (ext, "cA", str, &len);
- if (result == ASN1_SUCCESS && strcmp (str, "TRUE") == 0)
- *CA = 1;
- else
- *CA = 0;
-
- MHD__asn1_delete_structure (&ext);
-
- return 0;
-}
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h
@@ -33,7 +33,3 @@ int MHD__gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert,
int MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
opaque * extnValue,
int extnValueLen);
-int MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
- int *pathLenConstraint,
- opaque * extnValue,
- int extnValueLen);
diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c
@@ -211,57 +211,3 @@ cleanup:MHD__asn1_delete_structure (&spk);
return result;
}
-/* this function reads a (small) unsigned integer
- * from asn1 structs. Combines the read and the convertion
- * steps.
- */
-int
-MHD__gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
- unsigned int *ret)
-{
- int len, result;
- opaque *tmpstr;
-
- len = 0;
- result = MHD__asn1_read_value (node, value, NULL, &len);
- if (result != ASN1_MEM_ERROR)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- tmpstr = MHD_gnutls_alloca (len);
- if (tmpstr == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = MHD__asn1_read_value (node, value, tmpstr, &len);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_afree (tmpstr);
- return MHD_gtls_asn2err (result);
- }
-
- if (len == 1)
- *ret = tmpstr[0];
- else if (len == 2)
- *ret = MHD_gtls_read_uint16 (tmpstr);
- else if (len == 3)
- *ret = MHD_gtls_read_uint24 (tmpstr);
- else if (len == 4)
- *ret = MHD_gtls_read_uint32 (tmpstr);
- else
- {
- MHD_gnutls_assert ();
- MHD_gnutls_afree (tmpstr);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- MHD_gnutls_afree (tmpstr);
-
- return 0;
-}
diff --git a/src/daemon/https/x509/mpi.h b/src/daemon/https/x509/mpi.h
@@ -31,9 +31,6 @@ int MHD__gnutls_x509_read_rsa_params (opaque * der, int dersize,
mpi_t * params);
int MHD__gnutls_x509_write_rsa_params (mpi_t * params, int params_size,
MHD_gnutls_datum_t * der);
-int MHD__gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
- unsigned int *ret);
-
int MHD__gnutls_x509_read_int (ASN1_TYPE node, const char *value,
mpi_t * ret_mpi);
int MHD__gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi,
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c
@@ -213,50 +213,6 @@ MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert)
}
/**
- * MHD_gnutls_x509_crt_get_activation_time - This function returns the Certificate's activation time
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- *
- * This function will return the time this Certificate was or will be activated.
- *
- * Returns (time_t)-1 on error.
- *
- **/
-time_t
-MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert)
-{
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return (time_t) - 1;
- }
-
- return MHD__gnutls_x509_get_time (cert->cert,
- "tbsCertificate.validity.notBefore");
-}
-
-/**
- * MHD_gnutls_x509_crt_get_expiration_time - This function returns the Certificate's expiration time
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- *
- * This function will return the time this Certificate was or will be expired.
- *
- * Returns (time_t)-1 on error.
- *
- **/
-time_t
-MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert)
-{
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return (time_t) - 1;
- }
-
- return MHD__gnutls_x509_get_time (cert->cert,
- "tbsCertificate.validity.notAfter");
-}
-
-/**
* MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm
* @cert: should contain a MHD_gnutls_x509_crt_t structure
* @bits: if bits is non null it will hold the size of the parameters' in bits
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h
@@ -109,8 +109,6 @@ extern "C"
#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
- time_t MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert);
- time_t MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert);
int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert,
unsigned int *bits);
int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert,
@@ -124,8 +122,6 @@ extern "C"
int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt,
unsigned int usage);
- int MHD_gnutls_x509_dn_oid_known (const char *oid);
-
/* Read extensions by sequence number. */
int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt,
const char *oid,
@@ -168,10 +164,6 @@ extern "C"
MHD_gnutls_x509_privkey_t issuer_key,
enum MHD_GNUTLS_HashAlgorithm,
unsigned int flags);
- int MHD_gnutls_x509_crt_set_activation_time (MHD_gnutls_x509_crt_t cert,
- time_t act_time);
- int MHD_gnutls_x509_crt_set_expiration_time (MHD_gnutls_x509_crt_t cert,
- time_t exp_time);
int MHD_gnutls_x509_crt_set_serial (MHD_gnutls_x509_crt_t cert,
const void *serial, size_t serial_size);
