resurrected some client side code

author: lv-426 <oxcafebaby@yahoo.com> 2008-09-10 20:12:49 +0000
committer: lv-426 <oxcafebaby@yahoo.com> 2008-09-10 20:12:49 +0000
commit: 61629ae386ea0f7efaccb6de7f3ca29b62bf90e6 (patch)
tree: e1644e61b48b9b3bb9a93b947d509ded0cc73405
parent: 04a3265002dbc3971c3ed0e552565d3c9e53754f (diff)
download: libmicrohttpd-61629ae386ea0f7efaccb6de7f3ca29b62bf90e6.tar.gz
libmicrohttpd-61629ae386ea0f7efaccb6de7f3ca29b62bf90e6.zip
10 files changed, 161 insertions, 28 deletions
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
index ed4fa1ac..ed939584 100644
--- a/src/daemon/https/gnutls.h
+++ b/src/daemon/https/gnutls.h
@@ -225,6 +225,9 @@ extern "C"
  int MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how);
  int MHD_gnutls_handshake (mhd_gtls_session_t session);
  int MHD_gnutls_rehandshake (mhd_gtls_session_t session);
+  int mhd_gtls_handshake_client (mhd_gtls_session_t session);
  gnutls_alert_description_t gnutls_alert_get (mhd_gtls_session_t session);
  int MHD_gnutls_alert_send (mhd_gtls_session_t session,
                             gnutls_alert_level_t level,
@@ -232,11 +235,11 @@ extern "C"
  int MHD_gnutls_alert_send_appropriate (mhd_gtls_session_t session, int err);
  const char *MHD_gnutls_alert_get_name (gnutls_alert_description_t alert);
+  enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get (mhd_gtls_session_t
+                                                        session);
 //  enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session);
 //  enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session);
 //  enum MHD_GNUTLS_HashAlgorithm gnutls_mac_get (mhd_gtls_session_t session);
-//  enum MHD_GNUTLS_CompressionMethod gnutls_compression_get (mhd_gtls_session_t
-//                                                      session);
 //  enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t
 //                                                         session);
@@ -250,7 +253,7 @@ extern "C"
                                          algorithm);
  const char *MHD_gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm
                                       algorithm);
-  const char *MHD_gnutls_compression_get_name (enum
+  const char *MHD_gtls_compression_get_name (enum
                                               MHD_GNUTLS_CompressionMethod
                                               algorithm);
  const char *MHD_gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c
index 2a855abf..9e00120c 100644
--- a/src/daemon/https/tls/ext_cert_type.c
+++ b/src/daemon/https/tls/ext_cert_type.c
@@ -84,6 +84,7 @@ mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session,
    }
  else
 #endif
    {                           /* SERVER SIDE - we must check if the sent cert type is the right one
                                 */
      if (data_size > 1)
diff --git a/src/daemon/https/tls/ext_oprfi.c b/src/daemon/https/tls/ext_oprfi.c
index 1922fa1c..b2dad0ff 100644
--- a/src/daemon/https/tls/ext_oprfi.c
+++ b/src/daemon/https/tls/ext_oprfi.c
@@ -27,12 +27,13 @@
 *
 */
+#include "MHD_config.h"
 #include <ext_oprfi.h>
 #include <gnutls_errors.h>
 #include <gnutls_num.h>
-int
+static int
 oprfi_recv_server (mhd_gtls_session_t session,
                   const opaque * data, size_t _data_size)
 {
@@ -68,7 +69,7 @@ oprfi_recv_server (mhd_gtls_session_t session,
  return 0;
 }
-int
+static int
 oprfi_recv_client (mhd_gtls_session_t session,
                   const opaque * data, size_t _data_size)
 {
@@ -122,7 +123,7 @@ mhd_gtls_oprfi_recv_params (mhd_gtls_session_t session,
    return oprfi_recv_server (session, data, data_size);
 }
-int
+static int
 oprfi_send_client (mhd_gtls_session_t session, opaque * data,
                   size_t _data_size)
 {
@@ -144,7 +145,7 @@ oprfi_send_client (mhd_gtls_session_t session, opaque * data,
  return 2 + oprf_size;
 }
-int
+static int
 oprfi_send_server (mhd_gtls_session_t session, opaque * data,
                   size_t _data_size)
 {
@@ -199,7 +200,12 @@ int
 mhd_gtls_oprfi_send_params (mhd_gtls_session_t session,
                            opaque * data, size_t data_size)
 {
-  return oprfi_send_server (session, data, data_size);
+#if MHD_DEBUG_TLS
+  if (session->security_parameters.entity == GNUTLS_CLIENT)
+           return oprfi_send_client (session, data, data_size);
+  else
+#endif
+       return oprfi_send_server (session, data, data_size);
 }
 /**
diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c
index 64ef0b06..c4aabf56 100644
--- a/src/daemon/https/tls/ext_server_name.c
+++ b/src/daemon/https/tls/ext_server_name.c
@@ -128,12 +128,13 @@ mhd_gtls_server_name_send_params (mhd_gtls_session_t session,
                                  opaque * data, size_t _data_size)
 {
  int total_size = 0;
-#if MHD_DEBUG_TLS
  uint16_t len;
  opaque *p;
  unsigned i;
  ssize_t data_size = _data_size;
+#if MHD_DEBUG_TLS
  /* this function sends the client extension data (dnsname) */
  if (session->security_parameters.entity == GNUTLS_CLIENT)
    {
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
index 6d25ff55..9558119b 100644
--- a/src/daemon/https/tls/gnutls_algorithms.c
+++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -914,7 +914,7 @@ mhd_gtls_compression_priority (mhd_gtls_session_t session,
 * specified compression algorithm, or %NULL.
 **/
 const char *
-MHD_gnutls_compression_get_name (enum MHD_GNUTLS_CompressionMethod algorithm)
+MHD_gtls_compression_get_name (enum MHD_GNUTLS_CompressionMethod algorithm)
 {
  const char *ret = NULL;
diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c
index d4dff6a9..9a2ee004 100644
--- a/src/daemon/https/tls/gnutls_constate.c
+++ b/src/daemon/https/tls/gnutls_constate.c
@@ -26,6 +26,7 @@
 * finished. These functions activate the established security parameters.
 */
+#include "MHD_config.h"
 #include <gnutls_int.h>
 #include <gnutls_constate.h>
 #include <gnutls_errors.h>
diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c
index c0f87013..4c9286d8 100644
--- a/src/daemon/https/tls/gnutls_extensions.c
+++ b/src/daemon/https/tls/gnutls_extensions.c
@@ -27,6 +27,7 @@
 * allow for extra functionality.
 */
+#include "MHD_config.h"
 #include "gnutls_int.h"
 #include "gnutls_extensions.h"
 #include "gnutls_errors.h"
@@ -147,7 +148,7 @@ mhd_gtls_parse_extensions (mhd_gtls_session_t session,
  mhd_gtls_ext_recv_func ext_recv;
  uint16_t size;
-#ifdef DEBUG
+#if MHD_DEBUG_TLS
  int i;
  if (session->security_parameters.entity == GNUTLS_CLIENT)
    for (i = 0; i < session->internals.extensions_sent_size; i++)
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index 601ce84a..daa39950 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -25,6 +25,7 @@
 /* Functions that relate to the TLS handshake procedure.
 */
+#include "MHD_config.h"
 #include "gnutls_int.h"
 #include "gnutls_errors.h"
 #include "gnutls_dh.h"
@@ -825,7 +826,7 @@ _gnutls_server_select_comp_method (mhd_gtls_session_t session,
              _gnutls_handshake_log
                ("HSK[%x]: Selected Compression Method: %s\n", session,
-                 MHD_gnutls_compression_get_name (session->internals.
+                 MHD_gtls_compression_get_name (session->internals.
                                                  compression_method));
@@ -1096,8 +1097,6 @@ _gnutls_recv_handshake_header (mhd_gtls_session_t session,
 #define _gnutls_handshake_header_buffer_clear( session) session->internals.handshake_header_buffer.header_size = 0
 /* This function will hash the handshake headers and the
 * handshake data.
 */
@@ -1144,7 +1143,6 @@ _gnutls_handshake_hash_add_recvd (mhd_gtls_session_t session,
  return 0;
 }
 /* This function will receive handshake messages of the given types,
 * and will pass the message to the right place in order to be processed.
 * E.g. for the SERVER_HELLO message (if it is expected), it will be
@@ -1612,7 +1610,6 @@ _gnutls_copy_ciphersuites (mhd_gtls_session_t session,
  return datalen;
 }
 /* This function copies the appropriate compression methods, to a locally allocated buffer
 * Needed in hello messages. Returns the new data length.
 */
@@ -1660,6 +1657,7 @@ _gnutls_copy_comp_methods (mhd_gtls_session_t session,
 */
 #define MAX_EXT_DATA_LENGTH 1024
+#if MHD_DEBUG_TLS
 /* This function sends the client hello handshake message.
 */
 static int
@@ -1844,6 +1842,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again)
  return ret;
 }
+#endif
 static int
 _gnutls_send_server_hello (mhd_gtls_session_t session, int again)
@@ -2061,10 +2060,6 @@ MHD_gnutls_rehandshake (mhd_gtls_session_t session)
 {
  int ret;
-  /* only server sends that handshake packet */
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    return GNUTLS_E_INVALID_REQUEST;
  ret =
    _gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST,
                                  AGAIN (STATE50));
@@ -2092,7 +2087,6 @@ _gnutls_abort_handshake (mhd_gtls_session_t session, int ret)
  return GNUTLS_E_INTERNAL_ERROR;
 }
 /* This function initialized the handshake hash session.
 * required for finished messages.
 */
@@ -2223,12 +2217,17 @@ MHD_gnutls_handshake (mhd_gtls_session_t session)
      gnutls_assert ();
      return ret;
    }
+#if MHD_DEBUG_TLS
  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
+      {
-      gnutls_assert ();
+        ret = mhd_gtls_handshake_client (session);
-      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+      }
-    }
+    else
-  ret = mhd_gtls_handshake_server (session);
+#endif
+      {
+        ret = mhd_gtls_handshake_server (session);
+      }
  if (ret < 0)
    {
      /* In the case of a rehandshake abort
@@ -2268,6 +2267,127 @@ MHD_gnutls_handshake (mhd_gtls_session_t session)
        } } while (0)
+#if MHD_DEBUG_TLS
+/*
+ * mhd_gtls_handshake_client
+ * This function performs the client side of the handshake of the TLS/SSL protocol.
+ */
+int
+mhd_gtls_handshake_client (mhd_gtls_session_t session)
+{
+  int ret = 0;
+#ifdef HANDSHAKE_DEBUG
+  char buf[64];
+  if (session->internals.resumed_security_parameters.session_id_size > 0)
+    _gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session,
+                           mhd_gtls_bin2hex (session->internals.
+                                             resumed_security_parameters.
+                                             session_id,
+                                             session->internals.
+                                             resumed_security_parameters.
+                                             session_id_size, buf,
+                                             sizeof (buf)));
+#endif
+  switch (STATE)
+    {
+    case STATE0:
+    case STATE1:
+      ret = mhd_gtls_send_hello (session, AGAIN (STATE1));
+      STATE = STATE1;
+      IMED_RET ("send hello", ret);
+    case STATE2:
+      /* receive the server hello */
+      ret =
+        mhd_gtls_recv_handshake (session, NULL, NULL,
+                                 GNUTLS_HANDSHAKE_SERVER_HELLO,
+                                 MANDATORY_PACKET);
+      STATE = STATE2;
+      IMED_RET ("recv hello", ret);
+    case STATE70:
+      if (session->security_parameters.extensions.do_recv_supplemental)
+        {
+          ret = _gnutls_recv_supplemental (session);
+          STATE = STATE70;
+          IMED_RET ("recv supplemental", ret);
+        }
+    case STATE3:
+      /* RECV CERTIFICATE */
+      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
+        ret = mhd_gtls_recv_server_certificate (session);
+      STATE = STATE3;
+      IMED_RET ("recv server certificate", ret);
+    case STATE4:
+      /* receive the server key exchange */
+      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
+        ret = mhd_gtls_recv_server_kx_message (session);
+      STATE = STATE4;
+      IMED_RET ("recv server kx message", ret);
+    case STATE5:
+      /* receive the server certificate request - if any
+       */
+      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
+        ret = mhd_gtls_recv_server_certificate_request (session);
+      STATE = STATE5;
+      IMED_RET ("recv server certificate request message", ret);
+    case STATE6:
+      /* receive the server hello done */
+      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
+        ret =
+          mhd_gtls_recv_handshake (session, NULL, NULL,
+                                   GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+                                   MANDATORY_PACKET);
+      STATE = STATE6;
+      IMED_RET ("recv server hello done", ret);
+    case STATE71:
+      if (session->security_parameters.extensions.do_send_supplemental)
+        {
+          ret = _gnutls_send_supplemental (session, AGAIN (STATE71));
+          STATE = STATE71;
+          IMED_RET ("send supplemental", ret);
+        }
+    case STATE7:
+      /* send our certificate - if any and if requested
+       */
+      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
+        ret = mhd_gtls_send_client_certificate (session, AGAIN (STATE7));
+      STATE = STATE7;
+      IMED_RET ("send client certificate", ret);
+    case STATE8:
+      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
+        ret = mhd_gtls_send_client_kx_message (session, AGAIN (STATE8));
+      STATE = STATE8;
+      IMED_RET ("send client kx", ret);
+    case STATE9:
+      /* send client certificate verify */
+      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
+        ret =
+          mhd_gtls_send_client_certificate_verify (session, AGAIN (STATE9));
+      STATE = STATE9;
+      IMED_RET ("send client certificate verify", ret);
+      STATE = STATE0;
+    default:
+      break;
+    }
+  return 0;
+}
+#endif
 /* This function sends the final handshake packets and initializes connection
 */
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c
index 3c6122d5..a9422c76 100644
--- a/src/daemon/https/tls/gnutls_record.c
+++ b/src/daemon/https/tls/gnutls_record.c
@@ -751,7 +751,7 @@ get_temp_recv_buffer (mhd_gtls_session_t session, gnutls_datum_t * tmp)
 {
  size_t max_record_size;
-  if (gnutls_compression_get (session) != MHD_GNUTLS_COMP_NULL)
+  if (MHD_gtls_compression_get (session) != MHD_GNUTLS_COMP_NULL)
    max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE;
  else
    max_record_size = MAX_RECORD_RECV_SIZE;
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
index d4a47d09..6eb01660 100644
--- a/src/daemon/https/tls/gnutls_state.c
+++ b/src/daemon/https/tls/gnutls_state.c
@@ -108,7 +108,7 @@ gnutls_mac_get (mhd_gtls_session_t session)
 * Returns: the currently used compression method.
 **/
 enum MHD_GNUTLS_CompressionMethod
-gnutls_compression_get (mhd_gtls_session_t session)
+MHD_gtls_compression_get (mhd_gtls_session_t session)
 {
  return session->security_parameters.read_compression_algorithm;
 }
author	lv-426 <oxcafebaby@yahoo.com>	2008-09-10 20:12:49 +0000
committer	lv-426 <oxcafebaby@yahoo.com>	2008-09-10 20:12:49 +0000
commit	61629ae386ea0f7efaccb6de7f3ca29b62bf90e6 (patch)
tree	e1644e61b48b9b3bb9a93b947d509ded0cc73405
parent	04a3265002dbc3971c3ed0e552565d3c9e53754f (diff)
download	libmicrohttpd-61629ae386ea0f7efaccb6de7f3ca29b62bf90e6.tar.gz libmicrohttpd-61629ae386ea0f7efaccb6de7f3ca29b62bf90e6.zip

diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h index ed4fa1ac..ed939584 100644 --- a/src/daemon/https/gnutls.h +++ b/src/daemon/https/gnutls.h
@@ -225,6 +225,9 @@ extern "C"
225	int MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how);	225	int MHD_gnutls_bye (mhd_gtls_session_t session, gnutls_close_request_t how);
226	int MHD_gnutls_handshake (mhd_gtls_session_t session);	226	int MHD_gnutls_handshake (mhd_gtls_session_t session);
227	int MHD_gnutls_rehandshake (mhd_gtls_session_t session);	227	int MHD_gnutls_rehandshake (mhd_gtls_session_t session);
		228
		229	int mhd_gtls_handshake_client (mhd_gtls_session_t session);
		230
228	gnutls_alert_description_t gnutls_alert_get (mhd_gtls_session_t session);	231	gnutls_alert_description_t gnutls_alert_get (mhd_gtls_session_t session);
229	int MHD_gnutls_alert_send (mhd_gtls_session_t session,	232	int MHD_gnutls_alert_send (mhd_gtls_session_t session,
230	gnutls_alert_level_t level,	233	gnutls_alert_level_t level,
@@ -232,11 +235,11 @@ extern "C"
232	int MHD_gnutls_alert_send_appropriate (mhd_gtls_session_t session, int err);	235	int MHD_gnutls_alert_send_appropriate (mhd_gtls_session_t session, int err);
233	const char *MHD_gnutls_alert_get_name (gnutls_alert_description_t alert);	236	const char *MHD_gnutls_alert_get_name (gnutls_alert_description_t alert);
234		237
		238	enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get (mhd_gtls_session_t
		239	session);
235	// enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session);	240	// enum MHD_GNUTLS_CipherAlgorithm gnutls_cipher_get (mhd_gtls_session_t session);
236	// enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session);	241	// enum MHD_GNUTLS_KeyExchangeAlgorithm gnutls_kx_get (mhd_gtls_session_t session);
237	// enum MHD_GNUTLS_HashAlgorithm gnutls_mac_get (mhd_gtls_session_t session);	242	// enum MHD_GNUTLS_HashAlgorithm gnutls_mac_get (mhd_gtls_session_t session);
238	// enum MHD_GNUTLS_CompressionMethod gnutls_compression_get (mhd_gtls_session_t
239	// session);
240	// enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t	243	// enum MHD_GNUTLS_CertificateType gnutls_certificate_type_get (mhd_gtls_session_t
241	// session);	244	// session);
242		245
@@ -250,7 +253,7 @@ extern "C"
250	algorithm);	253	algorithm);
251	const char *MHD_gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm	254	const char *MHD_gnutls_mac_get_name (enum MHD_GNUTLS_HashAlgorithm
252	algorithm);	255	algorithm);
253	const char *MHD_gnutls_compression_get_name (enum	256	const char *MHD_gtls_compression_get_name (enum
254	MHD_GNUTLS_CompressionMethod	257	MHD_GNUTLS_CompressionMethod
255	algorithm);	258	algorithm);
256	const char *MHD_gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm	259	const char *MHD_gnutls_kx_get_name (enum MHD_GNUTLS_KeyExchangeAlgorithm


diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c index 2a855abf..9e00120c 100644 --- a/src/daemon/https/tls/ext_cert_type.c +++ b/src/daemon/https/tls/ext_cert_type.c
@@ -84,6 +84,7 @@ mhd_gtls_cert_type_recv_params (mhd_gtls_session_t session,
84	}	84	}
85	else	85	else
86	#endif	86	#endif
		87
87	{ /* SERVER SIDE - we must check if the sent cert type is the right one	88	{ /* SERVER SIDE - we must check if the sent cert type is the right one
88	*/	89	*/
89	if (data_size > 1)	90	if (data_size > 1)


diff --git a/src/daemon/https/tls/ext_oprfi.c b/src/daemon/https/tls/ext_oprfi.c index 1922fa1c..b2dad0ff 100644 --- a/src/daemon/https/tls/ext_oprfi.c +++ b/src/daemon/https/tls/ext_oprfi.c
@@ -27,12 +27,13 @@
27	*	27	*
28	*/	28	*/
29		29
		30	#include "MHD_config.h"
30	#include <ext_oprfi.h>	31	#include <ext_oprfi.h>
31		32
32	#include <gnutls_errors.h>	33	#include <gnutls_errors.h>
33	#include <gnutls_num.h>	34	#include <gnutls_num.h>
34		35
35	int	36	static int
36	oprfi_recv_server (mhd_gtls_session_t session,	37	oprfi_recv_server (mhd_gtls_session_t session,
37	const opaque * data, size_t _data_size)	38	const opaque * data, size_t _data_size)
38	{	39	{
@@ -68,7 +69,7 @@ oprfi_recv_server (mhd_gtls_session_t session,
68	return 0;	69	return 0;
69	}	70	}
70		71
71	int	72	static int
72	oprfi_recv_client (mhd_gtls_session_t session,	73	oprfi_recv_client (mhd_gtls_session_t session,
73	const opaque * data, size_t _data_size)	74	const opaque * data, size_t _data_size)
74	{	75	{
@@ -122,7 +123,7 @@ mhd_gtls_oprfi_recv_params (mhd_gtls_session_t session,
122	return oprfi_recv_server (session, data, data_size);	123	return oprfi_recv_server (session, data, data_size);
123	}	124	}
124		125
125	int	126	static int
126	oprfi_send_client (mhd_gtls_session_t session, opaque * data,	127	oprfi_send_client (mhd_gtls_session_t session, opaque * data,
127	size_t _data_size)	128	size_t _data_size)
128	{	129	{
@@ -144,7 +145,7 @@ oprfi_send_client (mhd_gtls_session_t session, opaque * data,
144	return 2 + oprf_size;	145	return 2 + oprf_size;
145	}	146	}
146		147
147	int	148	static int
148	oprfi_send_server (mhd_gtls_session_t session, opaque * data,	149	oprfi_send_server (mhd_gtls_session_t session, opaque * data,
149	size_t _data_size)	150	size_t _data_size)
150	{	151	{
@@ -199,7 +200,12 @@ int
199	mhd_gtls_oprfi_send_params (mhd_gtls_session_t session,	200	mhd_gtls_oprfi_send_params (mhd_gtls_session_t session,
200	opaque * data, size_t data_size)	201	opaque * data, size_t data_size)
201	{	202	{
202	return oprfi_send_server (session, data, data_size);	203	#if MHD_DEBUG_TLS
		204	if (session->security_parameters.entity == GNUTLS_CLIENT)
		205	return oprfi_send_client (session, data, data_size);
		206	else
		207	#endif
		208	return oprfi_send_server (session, data, data_size);
203	}	209	}
204		210
205	/**	211	/**


diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c index 64ef0b06..c4aabf56 100644 --- a/src/daemon/https/tls/ext_server_name.c +++ b/src/daemon/https/tls/ext_server_name.c
@@ -128,12 +128,13 @@ mhd_gtls_server_name_send_params (mhd_gtls_session_t session,
128	opaque * data, size_t _data_size)	128	opaque * data, size_t _data_size)
129	{	129	{
130	int total_size = 0;	130	int total_size = 0;
131	#if MHD_DEBUG_TLS	131
132	uint16_t len;	132	uint16_t len;
133	opaque *p;	133	opaque *p;
134	unsigned i;	134	unsigned i;
135	ssize_t data_size = _data_size;	135	ssize_t data_size = _data_size;
136		136
		137	#if MHD_DEBUG_TLS
137	/* this function sends the client extension data (dnsname) */	138	/* this function sends the client extension data (dnsname) */
138	if (session->security_parameters.entity == GNUTLS_CLIENT)	139	if (session->security_parameters.entity == GNUTLS_CLIENT)
139	{	140	{


diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 6d25ff55..9558119b 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -914,7 +914,7 @@ mhd_gtls_compression_priority (mhd_gtls_session_t session,
914	* specified compression algorithm, or %NULL.	914	* specified compression algorithm, or %NULL.
915	**/	915	**/
916	const char *	916	const char *
917	MHD_gnutls_compression_get_name (enum MHD_GNUTLS_CompressionMethod algorithm)	917	MHD_gtls_compression_get_name (enum MHD_GNUTLS_CompressionMethod algorithm)
918	{	918	{
919	const char *ret = NULL;	919	const char *ret = NULL;
920		920


diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c index d4dff6a9..9a2ee004 100644 --- a/src/daemon/https/tls/gnutls_constate.c +++ b/src/daemon/https/tls/gnutls_constate.c
@@ -26,6 +26,7 @@
26	* finished. These functions activate the established security parameters.	26	* finished. These functions activate the established security parameters.
27	*/	27	*/
28		28
		29	#include "MHD_config.h"
29	#include <gnutls_int.h>	30	#include <gnutls_int.h>
30	#include <gnutls_constate.h>	31	#include <gnutls_constate.h>
31	#include <gnutls_errors.h>	32	#include <gnutls_errors.h>


diff --git a/src/daemon/https/tls/gnutls_extensions.c b/src/daemon/https/tls/gnutls_extensions.c index c0f87013..4c9286d8 100644 --- a/src/daemon/https/tls/gnutls_extensions.c +++ b/src/daemon/https/tls/gnutls_extensions.c
@@ -27,6 +27,7 @@
27	* allow for extra functionality.	27	* allow for extra functionality.
28	*/	28	*/
29		29
		30	#include "MHD_config.h"
30	#include "gnutls_int.h"	31	#include "gnutls_int.h"
31	#include "gnutls_extensions.h"	32	#include "gnutls_extensions.h"
32	#include "gnutls_errors.h"	33	#include "gnutls_errors.h"
@@ -147,7 +148,7 @@ mhd_gtls_parse_extensions (mhd_gtls_session_t session,
147	mhd_gtls_ext_recv_func ext_recv;	148	mhd_gtls_ext_recv_func ext_recv;
148	uint16_t size;	149	uint16_t size;
149		150
150	#ifdef DEBUG	151	#if MHD_DEBUG_TLS
151	int i;	152	int i;
152	if (session->security_parameters.entity == GNUTLS_CLIENT)	153	if (session->security_parameters.entity == GNUTLS_CLIENT)
153	for (i = 0; i < session->internals.extensions_sent_size; i++)	154	for (i = 0; i < session->internals.extensions_sent_size; i++)


diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index 601ce84a..daa39950 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -25,6 +25,7 @@
25	/* Functions that relate to the TLS handshake procedure.	25	/* Functions that relate to the TLS handshake procedure.
26	*/	26	*/
27		27
		28	#include "MHD_config.h"
28	#include "gnutls_int.h"	29	#include "gnutls_int.h"
29	#include "gnutls_errors.h"	30	#include "gnutls_errors.h"
30	#include "gnutls_dh.h"	31	#include "gnutls_dh.h"
@@ -825,7 +826,7 @@ _gnutls_server_select_comp_method (mhd_gtls_session_t session,
825		826
826	_gnutls_handshake_log	827	_gnutls_handshake_log
827	("HSK[%x]: Selected Compression Method: %s\n", session,	828	("HSK[%x]: Selected Compression Method: %s\n", session,
828	MHD_gnutls_compression_get_name (session->internals.	829	MHD_gtls_compression_get_name (session->internals.
829	compression_method));	830	compression_method));
830		831
831		832
@@ -1096,8 +1097,6 @@ _gnutls_recv_handshake_header (mhd_gtls_session_t session,
1096		1097
1097	#define _gnutls_handshake_header_buffer_clear( session) session->internals.handshake_header_buffer.header_size = 0	1098	#define _gnutls_handshake_header_buffer_clear( session) session->internals.handshake_header_buffer.header_size = 0
1098		1099
1099
1100
1101	/* This function will hash the handshake headers and the	1100	/* This function will hash the handshake headers and the
1102	* handshake data.	1101	* handshake data.
1103	*/	1102	*/
@@ -1144,7 +1143,6 @@ _gnutls_handshake_hash_add_recvd (mhd_gtls_session_t session,
1144	return 0;	1143	return 0;
1145	}	1144	}
1146		1145
1147
1148	/* This function will receive handshake messages of the given types,	1146	/* This function will receive handshake messages of the given types,
1149	* and will pass the message to the right place in order to be processed.	1147	* and will pass the message to the right place in order to be processed.
1150	* E.g. for the SERVER_HELLO message (if it is expected), it will be	1148	* E.g. for the SERVER_HELLO message (if it is expected), it will be
@@ -1612,7 +1610,6 @@ _gnutls_copy_ciphersuites (mhd_gtls_session_t session,
1612	return datalen;	1610	return datalen;
1613	}	1611	}
1614		1612
1615
1616	/* This function copies the appropriate compression methods, to a locally allocated buffer	1613	/* This function copies the appropriate compression methods, to a locally allocated buffer
1617	* Needed in hello messages. Returns the new data length.	1614	* Needed in hello messages. Returns the new data length.
1618	*/	1615	*/
@@ -1660,6 +1657,7 @@ _gnutls_copy_comp_methods (mhd_gtls_session_t session,
1660	*/	1657	*/
1661	#define MAX_EXT_DATA_LENGTH 1024	1658	#define MAX_EXT_DATA_LENGTH 1024
1662		1659
		1660	#if MHD_DEBUG_TLS
1663	/* This function sends the client hello handshake message.	1661	/* This function sends the client hello handshake message.
1664	*/	1662	*/
1665	static int	1663	static int
@@ -1844,6 +1842,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again)
1844		1842
1845	return ret;	1843	return ret;
1846	}	1844	}
		1845	#endif
1847		1846
1848	static int	1847	static int
1849	_gnutls_send_server_hello (mhd_gtls_session_t session, int again)	1848	_gnutls_send_server_hello (mhd_gtls_session_t session, int again)
@@ -2061,10 +2060,6 @@ MHD_gnutls_rehandshake (mhd_gtls_session_t session)
2061	{	2060	{
2062	int ret;	2061	int ret;
2063		2062
2064	/* only server sends that handshake packet */
2065	if (session->security_parameters.entity == GNUTLS_CLIENT)
2066	return GNUTLS_E_INVALID_REQUEST;
2067
2068	ret =	2063	ret =
2069	_gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST,	2064	_gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST,
2070	AGAIN (STATE50));	2065	AGAIN (STATE50));
@@ -2092,7 +2087,6 @@ _gnutls_abort_handshake (mhd_gtls_session_t session, int ret)
2092	return GNUTLS_E_INTERNAL_ERROR;	2087	return GNUTLS_E_INTERNAL_ERROR;
2093	}	2088	}
2094		2089
2095
2096	/* This function initialized the handshake hash session.	2090	/* This function initialized the handshake hash session.
2097	* required for finished messages.	2091	* required for finished messages.
2098	*/	2092	*/
@@ -2223,12 +2217,17 @@ MHD_gnutls_handshake (mhd_gtls_session_t session)
2223	gnutls_assert ();	2217	gnutls_assert ();
2224	return ret;	2218	return ret;
2225	}	2219	}
		2220	#if MHD_DEBUG_TLS
2226	if (session->security_parameters.entity == GNUTLS_CLIENT)	2221	if (session->security_parameters.entity == GNUTLS_CLIENT)
2227	{	2222	{
2228	gnutls_assert ();	2223	ret = mhd_gtls_handshake_client (session);
2229	return GNUTLS_E_UNIMPLEMENTED_FEATURE;	2224	}
2230	}	2225	else
2231	ret = mhd_gtls_handshake_server (session);	2226	#endif
		2227	{
		2228	ret = mhd_gtls_handshake_server (session);
		2229	}
		2230
2232	if (ret < 0)	2231	if (ret < 0)
2233	{	2232	{
2234	/* In the case of a rehandshake abort	2233	/* In the case of a rehandshake abort
@@ -2268,6 +2267,127 @@ MHD_gnutls_handshake (mhd_gtls_session_t session)
2268	} } while (0)	2267	} } while (0)
2269		2268
2270		2269
		2270	#if MHD_DEBUG_TLS
		2271	/*
		2272	* mhd_gtls_handshake_client
		2273	* This function performs the client side of the handshake of the TLS/SSL protocol.
		2274	*/
		2275	int
		2276	mhd_gtls_handshake_client (mhd_gtls_session_t session)
		2277	{
		2278	int ret = 0;
		2279
		2280	#ifdef HANDSHAKE_DEBUG
		2281	char buf[64];
		2282
		2283	if (session->internals.resumed_security_parameters.session_id_size > 0)
		2284	_gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session,
		2285	mhd_gtls_bin2hex (session->internals.
		2286	resumed_security_parameters.
		2287	session_id,
		2288	session->internals.
		2289	resumed_security_parameters.
		2290	session_id_size, buf,
		2291	sizeof (buf)));
		2292	#endif
		2293
		2294	switch (STATE)
		2295	{
		2296	case STATE0:
		2297	case STATE1:
		2298	ret = mhd_gtls_send_hello (session, AGAIN (STATE1));
		2299	STATE = STATE1;
		2300	IMED_RET ("send hello", ret);
		2301
		2302	case STATE2:
		2303	/* receive the server hello */
		2304	ret =
		2305	mhd_gtls_recv_handshake (session, NULL, NULL,
		2306	GNUTLS_HANDSHAKE_SERVER_HELLO,
		2307	MANDATORY_PACKET);
		2308	STATE = STATE2;
		2309	IMED_RET ("recv hello", ret);
		2310
		2311	case STATE70:
		2312	if (session->security_parameters.extensions.do_recv_supplemental)
		2313	{
		2314	ret = _gnutls_recv_supplemental (session);
		2315	STATE = STATE70;
		2316	IMED_RET ("recv supplemental", ret);
		2317	}
		2318
		2319	case STATE3:
		2320	/* RECV CERTIFICATE */
		2321	if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
		2322	ret = mhd_gtls_recv_server_certificate (session);
		2323	STATE = STATE3;
		2324	IMED_RET ("recv server certificate", ret);
		2325
		2326	case STATE4:
		2327	/* receive the server key exchange */
		2328	if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
		2329	ret = mhd_gtls_recv_server_kx_message (session);
		2330	STATE = STATE4;
		2331	IMED_RET ("recv server kx message", ret);
		2332
		2333	case STATE5:
		2334	/* receive the server certificate request - if any
		2335	*/
		2336
		2337	if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
		2338	ret = mhd_gtls_recv_server_certificate_request (session);
		2339	STATE = STATE5;
		2340	IMED_RET ("recv server certificate request message", ret);
		2341
		2342	case STATE6:
		2343	/* receive the server hello done */
		2344	if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
		2345	ret =
		2346	mhd_gtls_recv_handshake (session, NULL, NULL,
		2347	GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
		2348	MANDATORY_PACKET);
		2349	STATE = STATE6;
		2350	IMED_RET ("recv server hello done", ret);
		2351
		2352	case STATE71:
		2353	if (session->security_parameters.extensions.do_send_supplemental)
		2354	{
		2355	ret = _gnutls_send_supplemental (session, AGAIN (STATE71));
		2356	STATE = STATE71;
		2357	IMED_RET ("send supplemental", ret);
		2358	}
		2359
		2360	case STATE7:
		2361	/* send our certificate - if any and if requested
		2362	*/
		2363	if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
		2364	ret = mhd_gtls_send_client_certificate (session, AGAIN (STATE7));
		2365	STATE = STATE7;
		2366	IMED_RET ("send client certificate", ret);
		2367
		2368	case STATE8:
		2369	if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
		2370	ret = mhd_gtls_send_client_kx_message (session, AGAIN (STATE8));
		2371	STATE = STATE8;
		2372	IMED_RET ("send client kx", ret);
		2373
		2374	case STATE9:
		2375	/* send client certificate verify */
		2376	if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
		2377	ret =
		2378	mhd_gtls_send_client_certificate_verify (session, AGAIN (STATE9));
		2379	STATE = STATE9;
		2380	IMED_RET ("send client certificate verify", ret);
		2381
		2382	STATE = STATE0;
		2383	default:
		2384	break;
		2385	}
		2386
		2387
		2388	return 0;
		2389	}
		2390	#endif
2271		2391
2272	/* This function sends the final handshake packets and initializes connection	2392	/* This function sends the final handshake packets and initializes connection
2273	*/	2393	*/


diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c index 3c6122d5..a9422c76 100644 --- a/src/daemon/https/tls/gnutls_record.c +++ b/src/daemon/https/tls/gnutls_record.c
@@ -751,7 +751,7 @@ get_temp_recv_buffer (mhd_gtls_session_t session, gnutls_datum_t * tmp)
751	{	751	{
752	size_t max_record_size;	752	size_t max_record_size;
753		753
754	if (gnutls_compression_get (session) != MHD_GNUTLS_COMP_NULL)	754	if (MHD_gtls_compression_get (session) != MHD_GNUTLS_COMP_NULL)
755	max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE;	755	max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE;
756	else	756	else
757	max_record_size = MAX_RECORD_RECV_SIZE;	757	max_record_size = MAX_RECORD_RECV_SIZE;


diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c index d4a47d09..6eb01660 100644 --- a/src/daemon/https/tls/gnutls_state.c +++ b/src/daemon/https/tls/gnutls_state.c
@@ -108,7 +108,7 @@ gnutls_mac_get (mhd_gtls_session_t session)
108	* Returns: the currently used compression method.	108	* Returns: the currently used compression method.
109	**/	109	**/
110	enum MHD_GNUTLS_CompressionMethod	110	enum MHD_GNUTLS_CompressionMethod
111	gnutls_compression_get (mhd_gtls_session_t session)	111	MHD_gtls_compression_get (mhd_gtls_session_t session)
112	{	112	{
113	return session->security_parameters.read_compression_algorithm;	113	return session->security_parameters.read_compression_algorithm;
114	}	114	}