diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-11-16 04:33:30 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-11-16 04:33:30 +0000 |
commit | 3b9bb09488b3d5d03a9517c810539f5b9e985d96 (patch) | |
tree | daf27219d3a7bb26020541acf22942cadfd960f7 | |
parent | e81f372ed145575566e03120bc759360b66b1ffe (diff) | |
download | libmicrohttpd-3b9bb09488b3d5d03a9517c810539f5b9e985d96.tar.gz libmicrohttpd-3b9bb09488b3d5d03a9517c810539f5b9e985d96.zip |
more dce
-rw-r--r-- | src/daemon/https/x509/Makefile.am | 1 | ||||
-rw-r--r-- | src/daemon/https/x509/rfc2818.h | 26 | ||||
-rw-r--r-- | src/daemon/https/x509/rfc2818_hostname.c | 161 | ||||
-rw-r--r-- | src/daemon/https/x509/verify.h | 3 | ||||
-rw-r--r-- | src/daemon/https/x509/x509.h | 78 | ||||
-rw-r--r-- | src/daemon/https/x509/x509_verify.c | 64 |
6 files changed, 3 insertions, 330 deletions
diff --git a/src/daemon/https/x509/Makefile.am b/src/daemon/https/x509/Makefile.am index d1305b47..54982372 100644 --- a/src/daemon/https/x509/Makefile.am +++ b/src/daemon/https/x509/Makefile.am | |||
@@ -23,7 +23,6 @@ extensions.c extensions.h \ | |||
23 | mpi.c mpi.h \ | 23 | mpi.c mpi.h \ |
24 | pkcs12.h \ | 24 | pkcs12.h \ |
25 | x509_privkey.c privkey.h \ | 25 | x509_privkey.c privkey.h \ |
26 | rfc2818_hostname.c rfc2818.h \ | ||
27 | x509_verify.c verify.h \ | 26 | x509_verify.c verify.h \ |
28 | x509.c x509.h | 27 | x509.c x509.h |
29 | 28 | ||
diff --git a/src/daemon/https/x509/rfc2818.h b/src/daemon/https/x509/rfc2818.h deleted file mode 100644 index c38bd8a9..00000000 --- a/src/daemon/https/x509/rfc2818.h +++ /dev/null | |||
@@ -1,26 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int MHD__gnutls_hostname_compare (const char *certname, const char *hostname); | ||
26 | #define MAX_CN 256 | ||
diff --git a/src/daemon/https/x509/rfc2818_hostname.c b/src/daemon/https/x509/rfc2818_hostname.c deleted file mode 100644 index be49a778..00000000 --- a/src/daemon/https/x509/rfc2818_hostname.c +++ /dev/null | |||
@@ -1,161 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * Copyright (C) 2002 Andrew McDonald | ||
4 | * | ||
5 | * This file is part of GNUTLS. | ||
6 | * | ||
7 | * The GNUTLS library is free software; you can redistribute it and/or | ||
8 | * modify it under the terms of the GNU Lesser General Public License | ||
9 | * as published by the Free Software Foundation; either version 2.1 of | ||
10 | * the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
20 | * USA | ||
21 | * | ||
22 | */ | ||
23 | |||
24 | #include <gnutls_int.h> | ||
25 | #include <x509.h> | ||
26 | #include <dn.h> | ||
27 | #include <common.h> | ||
28 | #include <rfc2818.h> | ||
29 | #include <gnutls_errors.h> | ||
30 | |||
31 | /* compare hostname against certificate, taking account of wildcards | ||
32 | * return 1 on success or 0 on error | ||
33 | */ | ||
34 | int | ||
35 | MHD__gnutls_hostname_compare (const char *certname, const char *hostname) | ||
36 | { | ||
37 | const char *cmpstr1, *cmpstr2; | ||
38 | |||
39 | if (strlen (certname) == 0 || strlen (hostname) == 0) | ||
40 | return 0; | ||
41 | |||
42 | if (strlen (certname) > 2 && strncmp (certname, "*.", 2) == 0) | ||
43 | { | ||
44 | /* a wildcard certificate */ | ||
45 | |||
46 | cmpstr1 = certname + 1; | ||
47 | |||
48 | /* find the first dot in hostname, compare from there on */ | ||
49 | cmpstr2 = strchr (hostname, '.'); | ||
50 | |||
51 | if (cmpstr2 == NULL) | ||
52 | { | ||
53 | /* error, the hostname we're connecting to is only a local part */ | ||
54 | return 0; | ||
55 | } | ||
56 | |||
57 | if (strcasecmp (cmpstr1, cmpstr2) == 0) | ||
58 | { | ||
59 | return 1; | ||
60 | } | ||
61 | |||
62 | return 0; | ||
63 | } | ||
64 | |||
65 | if (strcasecmp (certname, hostname) == 0) | ||
66 | { | ||
67 | return 1; | ||
68 | } | ||
69 | |||
70 | return 0; | ||
71 | } | ||
72 | |||
73 | /** | ||
74 | * MHD_gnutls_x509_crt_check_hostname - This function compares the given hostname with the hostname in the certificate | ||
75 | * @cert: should contain an MHD_gnutls_x509_crt_t structure | ||
76 | * @hostname: A null terminated string that contains a DNS name | ||
77 | * | ||
78 | * This function will check if the given certificate's subject | ||
79 | * matches the given hostname. This is a basic implementation of the | ||
80 | * matching described in RFC2818 (HTTPS), which takes into account | ||
81 | * wildcards, and the DNSName/IPAddress subject alternative name PKIX | ||
82 | * extension. | ||
83 | * | ||
84 | * Returns non zero for a successful match, and zero on failure. | ||
85 | **/ | ||
86 | int | ||
87 | MHD_gnutls_x509_crt_check_hostname (MHD_gnutls_x509_crt_t cert, | ||
88 | const char *hostname) | ||
89 | { | ||
90 | |||
91 | char dnsname[MAX_CN]; | ||
92 | size_t dnsnamesize; | ||
93 | int found_dnsname = 0; | ||
94 | int ret = 0; | ||
95 | int i = 0; | ||
96 | |||
97 | /* try matching against: | ||
98 | * 1) a DNS name as an alternative name (subjectAltName) extension | ||
99 | * in the certificate | ||
100 | * 2) the common name (CN) in the certificate | ||
101 | * | ||
102 | * either of these may be of the form: *.domain.tld | ||
103 | * | ||
104 | * only try (2) if there is no subjectAltName extension of | ||
105 | * type dNSName | ||
106 | */ | ||
107 | |||
108 | /* Check through all included subjectAltName extensions, comparing | ||
109 | * against all those of type dNSName. | ||
110 | */ | ||
111 | for (i = 0; !(ret < 0); i++) | ||
112 | { | ||
113 | |||
114 | dnsnamesize = sizeof (dnsname); | ||
115 | ret = MHD_gnutls_x509_crt_get_subject_alt_name (cert, i, | ||
116 | dnsname, &dnsnamesize, | ||
117 | NULL); | ||
118 | |||
119 | if (ret == GNUTLS_SAN_DNSNAME) | ||
120 | { | ||
121 | found_dnsname = 1; | ||
122 | if (MHD__gnutls_hostname_compare (dnsname, hostname)) | ||
123 | { | ||
124 | return 1; | ||
125 | } | ||
126 | } | ||
127 | else if (ret == GNUTLS_SAN_IPADDRESS) | ||
128 | { | ||
129 | found_dnsname = 1; /* RFC 2818 is unclear whether the CN | ||
130 | should be compared for IP addresses | ||
131 | too, but we won't do it. */ | ||
132 | if (MHD__gnutls_hostname_compare (dnsname, hostname)) | ||
133 | { | ||
134 | return 1; | ||
135 | } | ||
136 | } | ||
137 | } | ||
138 | |||
139 | if (!found_dnsname) | ||
140 | { | ||
141 | /* not got the necessary extension, use CN instead | ||
142 | */ | ||
143 | dnsnamesize = sizeof (dnsname); | ||
144 | if (MHD_gnutls_x509_crt_get_dn_by_oid (cert, OID_X520_COMMON_NAME, 0, | ||
145 | 0, dnsname, &dnsnamesize) < 0) | ||
146 | { | ||
147 | /* got an error, can't find a name | ||
148 | */ | ||
149 | return 0; | ||
150 | } | ||
151 | |||
152 | if (MHD__gnutls_hostname_compare (dnsname, hostname)) | ||
153 | { | ||
154 | return 1; | ||
155 | } | ||
156 | } | ||
157 | |||
158 | /* not found a matching name | ||
159 | */ | ||
160 | return 0; | ||
161 | } | ||
diff --git a/src/daemon/https/x509/verify.h b/src/daemon/https/x509/verify.h index bd9978e3..8949d0b6 100644 --- a/src/daemon/https/x509/verify.h +++ b/src/daemon/https/x509/verify.h | |||
@@ -26,9 +26,6 @@ | |||
26 | 26 | ||
27 | int MHD_gnutls_x509_crt_is_issuer (MHD_gnutls_x509_crt_t cert, | 27 | int MHD_gnutls_x509_crt_is_issuer (MHD_gnutls_x509_crt_t cert, |
28 | MHD_gnutls_x509_crt_t issuer); | 28 | MHD_gnutls_x509_crt_t issuer); |
29 | int MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, | ||
30 | const MHD_gnutls_datum_t * signature, | ||
31 | MHD_gnutls_x509_crt_t issuer); | ||
32 | int MHD__gnutls_x509_privkey_verify_signature (const MHD_gnutls_datum_t * tbs, | 29 | int MHD__gnutls_x509_privkey_verify_signature (const MHD_gnutls_datum_t * tbs, |
33 | const MHD_gnutls_datum_t * | 30 | const MHD_gnutls_datum_t * |
34 | signature, | 31 | signature, |
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h index 624c7cb6..f48a7d69 100644 --- a/src/daemon/https/x509/x509.h +++ b/src/daemon/https/x509/x509.h | |||
@@ -97,9 +97,6 @@ extern "C" | |||
97 | MHD_gnutls_x509_crt_fmt_t format, | 97 | MHD_gnutls_x509_crt_fmt_t format, |
98 | void *output_data, | 98 | void *output_data, |
99 | size_t * output_data_size); | 99 | size_t * output_data_size); |
100 | int MHD_gnutls_x509_crt_check_hostname (MHD_gnutls_x509_crt_t cert, | ||
101 | const char *hostname); | ||
102 | |||
103 | int MHD_gnutls_x509_crt_get_signature_algorithm (MHD_gnutls_x509_crt_t | 100 | int MHD_gnutls_x509_crt_get_signature_algorithm (MHD_gnutls_x509_crt_t |
104 | cert); | 101 | cert); |
105 | int MHD_gnutls_x509_crt_get_signature (MHD_gnutls_x509_crt_t cert, | 102 | int MHD_gnutls_x509_crt_get_signature (MHD_gnutls_x509_crt_t cert, |
@@ -214,10 +211,6 @@ extern "C" | |||
214 | int MHD_gnutls_x509_crt_print (MHD_gnutls_x509_crt_t cert, | 211 | int MHD_gnutls_x509_crt_print (MHD_gnutls_x509_crt_t cert, |
215 | MHD_gnutls_certificate_print_formats_t | 212 | MHD_gnutls_certificate_print_formats_t |
216 | format, MHD_gnutls_datum_t * out); | 213 | format, MHD_gnutls_datum_t * out); |
217 | int MHD_gnutls_x509_crl_print (MHD_gnutls_x509_crl_t crl, | ||
218 | MHD_gnutls_certificate_print_formats_t | ||
219 | format, MHD_gnutls_datum_t * out); | ||
220 | |||
221 | /* Access to internal Certificate fields. | 214 | /* Access to internal Certificate fields. |
222 | */ | 215 | */ |
223 | int MHD_gnutls_x509_crt_get_raw_issuer_dn (MHD_gnutls_x509_crt_t cert, | 216 | int MHD_gnutls_x509_crt_get_raw_issuer_dn (MHD_gnutls_x509_crt_t cert, |
@@ -236,51 +229,6 @@ extern "C" | |||
236 | 229 | ||
237 | int MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert, | 230 | int MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert, |
238 | MHD_gnutls_x509_dn_t * dn); | 231 | MHD_gnutls_x509_dn_t * dn); |
239 | /* CRL handling functions. | ||
240 | */ | ||
241 | int MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl); | ||
242 | void MHD_gnutls_x509_crl_deinit (MHD_gnutls_x509_crl_t crl); | ||
243 | |||
244 | int MHD_gnutls_x509_crl_get_signature_algorithm (MHD_gnutls_x509_crl_t crl); | ||
245 | int MHD_gnutls_x509_crl_get_signature (MHD_gnutls_x509_crl_t crl, | ||
246 | char *sig, size_t * sizeof_sig); | ||
247 | int MHD_gnutls_x509_crl_get_crt_count (MHD_gnutls_x509_crl_t crl); | ||
248 | int MHD_gnutls_x509_crl_get_crt_serial (MHD_gnutls_x509_crl_t crl, | ||
249 | int indx, | ||
250 | unsigned char *serial, | ||
251 | size_t * serial_size, time_t * t); | ||
252 | #define MHD_gnutls_x509_crl_get_certificate_count MHD_gnutls_x509_crl_get_crt_count | ||
253 | #define MHD_gnutls_x509_crl_get_certificate MHD_gnutls_x509_crl_get_crt_serial | ||
254 | |||
255 | int MHD_gnutls_x509_crl_check_issuer (MHD_gnutls_x509_crl_t crl, | ||
256 | MHD_gnutls_x509_crt_t issuer); | ||
257 | |||
258 | /* CRL writing. | ||
259 | */ | ||
260 | int MHD_gnutls_x509_crl_set_version (MHD_gnutls_x509_crl_t crl, | ||
261 | unsigned int version); | ||
262 | int MHD_gnutls_x509_crl_sign (MHD_gnutls_x509_crl_t crl, | ||
263 | MHD_gnutls_x509_crt_t issuer, | ||
264 | MHD_gnutls_x509_privkey_t issuer_key); | ||
265 | int MHD_gnutls_x509_crl_sign2 (MHD_gnutls_x509_crl_t crl, | ||
266 | MHD_gnutls_x509_crt_t issuer, | ||
267 | MHD_gnutls_x509_privkey_t issuer_key, | ||
268 | enum MHD_GNUTLS_HashAlgorithm, | ||
269 | unsigned int flags); | ||
270 | int MHD_gnutls_x509_crl_set_this_update (MHD_gnutls_x509_crl_t crl, | ||
271 | time_t act_time); | ||
272 | int MHD_gnutls_x509_crl_set_next_update (MHD_gnutls_x509_crl_t crl, | ||
273 | time_t exp_time); | ||
274 | int MHD_gnutls_x509_crl_set_crt_serial (MHD_gnutls_x509_crl_t crl, | ||
275 | const void *serial, | ||
276 | size_t serial_size, | ||
277 | time_t revocation_time); | ||
278 | int MHD_gnutls_x509_crl_set_crt (MHD_gnutls_x509_crl_t crl, | ||
279 | MHD_gnutls_x509_crt_t crt, | ||
280 | time_t revocation_time); | ||
281 | |||
282 | /* PKCS7 structures handling | ||
283 | */ | ||
284 | struct MHD_gnutls_pkcs7_int; | 232 | struct MHD_gnutls_pkcs7_int; |
285 | typedef struct MHD_gnutls_pkcs7_int *MHD_gnutls_pkcs7_t; | 233 | typedef struct MHD_gnutls_pkcs7_int *MHD_gnutls_pkcs7_t; |
286 | 234 | ||
@@ -352,9 +300,6 @@ extern "C" | |||
352 | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 | 300 | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 |
353 | } MHD_gnutls_certificate_verify_flags; | 301 | } MHD_gnutls_certificate_verify_flags; |
354 | 302 | ||
355 | int MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert, | ||
356 | MHD_gnutls_x509_crt_t issuer); | ||
357 | |||
358 | int MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * | 303 | int MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * |
359 | cert_list, int cert_list_length, | 304 | cert_list, int cert_list_length, |
360 | const MHD_gnutls_x509_crt_t * CA_list, | 305 | const MHD_gnutls_x509_crt_t * CA_list, |
@@ -364,15 +309,6 @@ extern "C" | |||
364 | unsigned int flags, | 309 | unsigned int flags, |
365 | unsigned int *verify); | 310 | unsigned int *verify); |
366 | 311 | ||
367 | int MHD_gnutls_x509_crt_verify (MHD_gnutls_x509_crt_t cert, | ||
368 | const MHD_gnutls_x509_crt_t * CA_list, | ||
369 | int CA_list_length, | ||
370 | unsigned int flags, unsigned int *verify); | ||
371 | int MHD_gnutls_x509_crl_verify (MHD_gnutls_x509_crl_t crl, | ||
372 | const MHD_gnutls_x509_crt_t * CA_list, | ||
373 | int CA_list_length, | ||
374 | unsigned int flags, unsigned int *verify); | ||
375 | |||
376 | int MHD_gnutls_x509_crt_check_revocation (MHD_gnutls_x509_crt_t cert, | 312 | int MHD_gnutls_x509_crt_check_revocation (MHD_gnutls_x509_crt_t cert, |
377 | const MHD_gnutls_x509_crl_t * | 313 | const MHD_gnutls_x509_crl_t * |
378 | crl_list, int crl_list_length); | 314 | crl_list, int crl_list_length); |
@@ -555,20 +491,6 @@ int MHD_gnutls_x509_crt_check_revocation (MHD_gnutls_x509_crt_t cert, | |||
555 | const MHD_gnutls_x509_crl_t * | 491 | const MHD_gnutls_x509_crl_t * |
556 | crl_list, int crl_list_length); | 492 | crl_list, int crl_list_length); |
557 | 493 | ||
558 | int MHD__gnutls_x509_crl_get_raw_issuer_dn (MHD_gnutls_x509_crl_t crl, | ||
559 | MHD_gnutls_datum_t * dn); | ||
560 | int MHD_gnutls_x509_crl_get_crt_count (MHD_gnutls_x509_crl_t crl); | ||
561 | int MHD_gnutls_x509_crl_get_crt_serial (MHD_gnutls_x509_crl_t crl, | ||
562 | int indx, | ||
563 | unsigned char *serial, | ||
564 | size_t * serial_size, time_t * t); | ||
565 | |||
566 | void MHD_gnutls_x509_crl_deinit (MHD_gnutls_x509_crl_t crl); | ||
567 | int MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl); | ||
568 | int MHD_gnutls_x509_crl_import (MHD_gnutls_x509_crl_t crl, | ||
569 | const MHD_gnutls_datum_t * data, | ||
570 | MHD_gnutls_x509_crt_fmt_t format); | ||
571 | |||
572 | int MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert); | 494 | int MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert); |
573 | void MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert); | 495 | void MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert); |
574 | int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, | 496 | int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, |
diff --git a/src/daemon/https/x509/x509_verify.c b/src/daemon/https/x509/x509_verify.c index 3dc4c9f7..a3eea5e7 100644 --- a/src/daemon/https/x509/x509_verify.c +++ b/src/daemon/https/x509/x509_verify.c | |||
@@ -46,7 +46,7 @@ static int MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert, | |||
46 | trusted_cas, int tcas_size, | 46 | trusted_cas, int tcas_size, |
47 | unsigned int flags, | 47 | unsigned int flags, |
48 | unsigned int *output); | 48 | unsigned int *output); |
49 | int MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * signed_data, | 49 | static int MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * signed_data, |
50 | const MHD_gnutls_datum_t * signature, | 50 | const MHD_gnutls_datum_t * signature, |
51 | MHD_gnutls_x509_crt_t issuer); | 51 | MHD_gnutls_x509_crt_t issuer); |
52 | 52 | ||
@@ -351,7 +351,7 @@ cleanup:MHD__gnutls_free_datum (&cert_signed_data); | |||
351 | * A negative value is returned in case of an error. | 351 | * A negative value is returned in case of an error. |
352 | * | 352 | * |
353 | **/ | 353 | **/ |
354 | int | 354 | static int |
355 | MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert, | 355 | MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert, |
356 | MHD_gnutls_x509_crt_t issuer) | 356 | MHD_gnutls_x509_crt_t issuer) |
357 | { | 357 | { |
@@ -618,7 +618,7 @@ verify_sig (const MHD_gnutls_datum_t * tbs, | |||
618 | * 'tbs' is the signed data | 618 | * 'tbs' is the signed data |
619 | * 'signature' is the signature! | 619 | * 'signature' is the signature! |
620 | */ | 620 | */ |
621 | int | 621 | static int |
622 | MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, | 622 | MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, |
623 | const MHD_gnutls_datum_t * signature, | 623 | const MHD_gnutls_datum_t * signature, |
624 | MHD_gnutls_x509_crt_t issuer) | 624 | MHD_gnutls_x509_crt_t issuer) |
@@ -657,30 +657,6 @@ MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, | |||
657 | return ret; | 657 | return ret; |
658 | } | 658 | } |
659 | 659 | ||
660 | /* verifies if the certificate is properly signed. | ||
661 | * returns 0 on failure and 1 on success. | ||
662 | * | ||
663 | * 'tbs' is the signed data | ||
664 | * 'signature' is the signature! | ||
665 | */ | ||
666 | int | ||
667 | MHD__gnutls_x509_privkey_verify_signature (const MHD_gnutls_datum_t * tbs, | ||
668 | const MHD_gnutls_datum_t * | ||
669 | signature, | ||
670 | MHD_gnutls_x509_privkey_t issuer) | ||
671 | { | ||
672 | int ret; | ||
673 | |||
674 | ret = verify_sig (tbs, signature, issuer->pk_algorithm, issuer->params, | ||
675 | issuer->params_size); | ||
676 | if (ret < 0) | ||
677 | { | ||
678 | MHD_gnutls_assert (); | ||
679 | } | ||
680 | |||
681 | return ret; | ||
682 | } | ||
683 | |||
684 | /** | 660 | /** |
685 | * MHD_gnutls_x509_crt_list_verify - This function verifies the given certificate list | 661 | * MHD_gnutls_x509_crt_list_verify - This function verifies the given certificate list |
686 | * @cert_list: is the certificate list to be verified | 662 | * @cert_list: is the certificate list to be verified |
@@ -737,37 +713,3 @@ MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * cert_list, | |||
737 | return 0; | 713 | return 0; |
738 | } | 714 | } |
739 | 715 | ||
740 | /** | ||
741 | * MHD_gnutls_x509_crt_verify - This function verifies the given certificate against a given trusted one | ||
742 | * @cert: is the certificate to be verified | ||
743 | * @CA_list: is one certificate that is considered to be trusted one | ||
744 | * @CA_list_length: holds the number of CA certificate in CA_list | ||
745 | * @flags: Flags that may be used to change the verification algorithm. Use OR of the MHD_gnutls_certificate_verify_flags enumerations. | ||
746 | * @verify: will hold the certificate verification output. | ||
747 | * | ||
748 | * This function will try to verify the given certificate and return its status. | ||
749 | * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID. | ||
750 | * | ||
751 | * Returns 0 on success and a negative value in case of an error. | ||
752 | * | ||
753 | **/ | ||
754 | int | ||
755 | MHD_gnutls_x509_crt_verify (MHD_gnutls_x509_crt_t cert, | ||
756 | const MHD_gnutls_x509_crt_t * CA_list, | ||
757 | int CA_list_length, | ||
758 | unsigned int flags, unsigned int *verify) | ||
759 | { | ||
760 | int ret; | ||
761 | /* Verify certificate | ||
762 | */ | ||
763 | ret = MHD__gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, | ||
764 | verify); | ||
765 | if (ret < 0) | ||
766 | { | ||
767 | MHD_gnutls_assert (); | ||
768 | return ret; | ||
769 | } | ||
770 | |||
771 | return 0; | ||
772 | } | ||
773 | |||