diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-11-16 05:13:26 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-11-16 05:13:26 +0000 |
commit | cf9ed7910a034b8b38f982a499af0cd7a53754fc (patch) | |
tree | 7e9808a44f6d9e03cda2fdb577333e1e3b317645 | |
parent | 8fa092106e3f8d0213f8a2c7252524dd340f443e (diff) | |
download | libmicrohttpd-cf9ed7910a034b8b38f982a499af0cd7a53754fc.tar.gz libmicrohttpd-cf9ed7910a034b8b38f982a499af0cd7a53754fc.zip |
more dce
-rw-r--r-- | src/daemon/https/gnutls.h | 6 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_cert.c | 147 | ||||
-rw-r--r-- | src/daemon/https/x509/common.c | 686 | ||||
-rw-r--r-- | src/daemon/https/x509/common.h | 15 | ||||
-rw-r--r-- | src/daemon/https/x509/extensions.c | 56 | ||||
-rw-r--r-- | src/daemon/https/x509/extensions.h | 4 | ||||
-rw-r--r-- | src/daemon/https/x509/mpi.c | 54 | ||||
-rw-r--r-- | src/daemon/https/x509/mpi.h | 3 | ||||
-rw-r--r-- | src/daemon/https/x509/x509.c | 44 | ||||
-rw-r--r-- | src/daemon/https/x509/x509.h | 8 |
10 files changed, 0 insertions, 1023 deletions
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h index a8f8d47f..87963eb6 100644 --- a/src/daemon/https/gnutls.h +++ b/src/daemon/https/gnutls.h | |||
@@ -694,12 +694,6 @@ extern "C" | |||
694 | MHD_gnutls_certificate_request_t | 694 | MHD_gnutls_certificate_request_t |
695 | req); | 695 | req); |
696 | 696 | ||
697 | /* get data from the session */ | ||
698 | time_t MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t | ||
699 | session); | ||
700 | time_t MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t | ||
701 | session); | ||
702 | |||
703 | int MHD_gtls_pem_base64_encode (const char *msg, | 697 | int MHD_gtls_pem_base64_encode (const char *msg, |
704 | const MHD_gnutls_datum_t * data, | 698 | const MHD_gnutls_datum_t * data, |
705 | char *result, size_t * result_size); | 699 | char *result, size_t * result_size); |
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c index f5d657d4..f0357840 100644 --- a/src/daemon/https/tls/gnutls_cert.c +++ b/src/daemon/https/tls/gnutls_cert.c | |||
@@ -361,153 +361,6 @@ void MHD_gtls_certificate_server_set_retrieve_function | |||
361 | cred->server_get_cert_callback = func; | 361 | cred->server_get_cert_callback = func; |
362 | } | 362 | } |
363 | 363 | ||
364 | /*- | ||
365 | * MHD__gnutls_x509_extract_certificate_activation_time - This function returns the peer's certificate activation time | ||
366 | * @cert: should contain an X.509 DER encoded certificate | ||
367 | * | ||
368 | * This function will return the certificate's activation time in UNIX time | ||
369 | * (ie seconds since 00:00:00 UTC January 1, 1970). | ||
370 | * | ||
371 | * Returns a (time_t) -1 in case of an error. | ||
372 | * | ||
373 | -*/ | ||
374 | static time_t | ||
375 | MHD__gnutls_x509_get_raw_crt_activation_time (const MHD_gnutls_datum_t * cert) | ||
376 | { | ||
377 | MHD_gnutls_x509_crt_t xcert; | ||
378 | time_t result; | ||
379 | |||
380 | result = MHD_gnutls_x509_crt_init (&xcert); | ||
381 | if (result < 0) | ||
382 | return (time_t) - 1; | ||
383 | |||
384 | result = MHD_gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); | ||
385 | if (result < 0) | ||
386 | { | ||
387 | MHD_gnutls_x509_crt_deinit (xcert); | ||
388 | return (time_t) - 1; | ||
389 | } | ||
390 | |||
391 | result = MHD_gnutls_x509_crt_get_activation_time (xcert); | ||
392 | |||
393 | MHD_gnutls_x509_crt_deinit (xcert); | ||
394 | |||
395 | return result; | ||
396 | } | ||
397 | |||
398 | /*- | ||
399 | * MHD_gnutls_x509_extract_certificate_expiration_time - This function returns the certificate's expiration time | ||
400 | * @cert: should contain an X.509 DER encoded certificate | ||
401 | * | ||
402 | * This function will return the certificate's expiration time in UNIX | ||
403 | * time (ie seconds since 00:00:00 UTC January 1, 1970). Returns a | ||
404 | * | ||
405 | * (time_t) -1 in case of an error. | ||
406 | * | ||
407 | -*/ | ||
408 | static time_t | ||
409 | MHD__gnutls_x509_get_raw_crt_expiration_time (const MHD_gnutls_datum_t * cert) | ||
410 | { | ||
411 | MHD_gnutls_x509_crt_t xcert; | ||
412 | time_t result; | ||
413 | |||
414 | result = MHD_gnutls_x509_crt_init (&xcert); | ||
415 | if (result < 0) | ||
416 | return (time_t) - 1; | ||
417 | |||
418 | result = MHD_gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); | ||
419 | if (result < 0) | ||
420 | { | ||
421 | MHD_gnutls_x509_crt_deinit (xcert); | ||
422 | return (time_t) - 1; | ||
423 | } | ||
424 | |||
425 | result = MHD_gnutls_x509_crt_get_expiration_time (xcert); | ||
426 | |||
427 | MHD_gnutls_x509_crt_deinit (xcert); | ||
428 | |||
429 | return result; | ||
430 | } | ||
431 | |||
432 | /** | ||
433 | * MHD_gtls_certificate_expiration_time_peers - This function returns the peer's certificate expiration time | ||
434 | * @session: is a gnutls session | ||
435 | * | ||
436 | * This function will return the peer's certificate expiration time. | ||
437 | * | ||
438 | * Returns: (time_t)-1 on error. | ||
439 | **/ | ||
440 | time_t | ||
441 | MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t session) | ||
442 | { | ||
443 | cert_auth_info_t info; | ||
444 | |||
445 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); | ||
446 | |||
447 | info = MHD_gtls_get_auth_info (session); | ||
448 | if (info == NULL) | ||
449 | { | ||
450 | return (time_t) - 1; | ||
451 | } | ||
452 | |||
453 | if (info->raw_certificate_list == NULL || info->ncerts == 0) | ||
454 | { | ||
455 | MHD_gnutls_assert (); | ||
456 | return (time_t) - 1; | ||
457 | } | ||
458 | |||
459 | switch (MHD_gnutls_certificate_type_get (session)) | ||
460 | { | ||
461 | case MHD_GNUTLS_CRT_X509: | ||
462 | return | ||
463 | MHD__gnutls_x509_get_raw_crt_expiration_time (&info-> | ||
464 | raw_certificate_list | ||
465 | [0]); | ||
466 | default: | ||
467 | return (time_t) - 1; | ||
468 | } | ||
469 | } | ||
470 | |||
471 | /** | ||
472 | * MHD_gtls_certificate_activation_time_peers - This function returns the peer's certificate activation time | ||
473 | * @session: is a gnutls session | ||
474 | * | ||
475 | * This function will return the peer's certificate activation time. | ||
476 | * This is the creation time for openpgp keys. | ||
477 | * | ||
478 | * Returns: (time_t)-1 on error. | ||
479 | **/ | ||
480 | time_t | ||
481 | MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t session) | ||
482 | { | ||
483 | cert_auth_info_t info; | ||
484 | |||
485 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); | ||
486 | |||
487 | info = MHD_gtls_get_auth_info (session); | ||
488 | if (info == NULL) | ||
489 | { | ||
490 | return (time_t) - 1; | ||
491 | } | ||
492 | |||
493 | if (info->raw_certificate_list == NULL || info->ncerts == 0) | ||
494 | { | ||
495 | MHD_gnutls_assert (); | ||
496 | return (time_t) - 1; | ||
497 | } | ||
498 | |||
499 | switch (MHD_gnutls_certificate_type_get (session)) | ||
500 | { | ||
501 | case MHD_GNUTLS_CRT_X509: | ||
502 | return | ||
503 | MHD__gnutls_x509_get_raw_crt_activation_time (&info-> | ||
504 | raw_certificate_list | ||
505 | [0]); | ||
506 | default: | ||
507 | return (time_t) - 1; | ||
508 | } | ||
509 | } | ||
510 | |||
511 | int | 364 | int |
512 | MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, | 365 | MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, |
513 | enum MHD_GNUTLS_CertificateType type, | 366 | enum MHD_GNUTLS_CertificateType type, |
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c index 2dabe3e9..9134597e 100644 --- a/src/daemon/https/x509/common.c +++ b/src/daemon/https/x509/common.c | |||
@@ -35,692 +35,6 @@ | |||
35 | #include <mpi.h> | 35 | #include <mpi.h> |
36 | #include <time.h> | 36 | #include <time.h> |
37 | 37 | ||
38 | typedef struct _oid2string | ||
39 | { | ||
40 | const char *oid; | ||
41 | const char *ldap_desc; | ||
42 | int choice; /* of type DirectoryString */ | ||
43 | int printable; | ||
44 | } oid2string; | ||
45 | |||
46 | /* This list contains all the OIDs that may be | ||
47 | * contained in a rdnSequence and are printable. | ||
48 | */ | ||
49 | static const oid2string _oid2str[] = { | ||
50 | /* PKIX | ||
51 | */ | ||
52 | {"1.3.6.1.5.5.7.9.1", | ||
53 | "dateOfBirth", | ||
54 | 0, | ||
55 | 1}, | ||
56 | {"1.3.6.1.5.5.7.9.2", | ||
57 | "placeOfBirth", | ||
58 | 0, | ||
59 | 1}, | ||
60 | {"1.3.6.1.5.5.7.9.3", | ||
61 | "gender", | ||
62 | 0, | ||
63 | 1}, | ||
64 | {"1.3.6.1.5.5.7.9.4", | ||
65 | "countryOfCitizenship", | ||
66 | 0, | ||
67 | 1}, | ||
68 | {"1.3.6.1.5.5.7.9.5", | ||
69 | "countryOfResidence", | ||
70 | 0, | ||
71 | 1}, | ||
72 | |||
73 | {"2.5.4.6", | ||
74 | "C", | ||
75 | 0, | ||
76 | 1}, | ||
77 | {"2.5.4.9", | ||
78 | "STREET", | ||
79 | 1, | ||
80 | 1}, | ||
81 | {"2.5.4.12", | ||
82 | "T", | ||
83 | 1, | ||
84 | 1}, | ||
85 | {"2.5.4.10", | ||
86 | "O", | ||
87 | 1, | ||
88 | 1}, | ||
89 | {"2.5.4.11", | ||
90 | "OU", | ||
91 | 1, | ||
92 | 1}, | ||
93 | {"2.5.4.3", | ||
94 | "CN", | ||
95 | 1, | ||
96 | 1}, | ||
97 | {"2.5.4.7", | ||
98 | "L", | ||
99 | 1, | ||
100 | 1}, | ||
101 | {"2.5.4.8", | ||
102 | "ST", | ||
103 | 1, | ||
104 | 1}, | ||
105 | |||
106 | {"2.5.4.5", | ||
107 | "serialNumber", | ||
108 | 0, | ||
109 | 1}, | ||
110 | {"2.5.4.20", | ||
111 | "telephoneNumber", | ||
112 | 0, | ||
113 | 1}, | ||
114 | {"2.5.4.4", | ||
115 | "surName", | ||
116 | 1, | ||
117 | 1}, | ||
118 | {"2.5.4.43", | ||
119 | "initials", | ||
120 | 1, | ||
121 | 1}, | ||
122 | {"2.5.4.44", | ||
123 | "generationQualifier", | ||
124 | 1, | ||
125 | 1}, | ||
126 | {"2.5.4.42", | ||
127 | "givenName", | ||
128 | 1, | ||
129 | 1}, | ||
130 | {"2.5.4.65", | ||
131 | "pseudonym", | ||
132 | 1, | ||
133 | 1}, | ||
134 | {"2.5.4.46", | ||
135 | "dnQualifier", | ||
136 | 0, | ||
137 | 1}, | ||
138 | |||
139 | {"0.9.2342.19200300.100.1.25", | ||
140 | "DC", | ||
141 | 0, | ||
142 | 1}, | ||
143 | {"0.9.2342.19200300.100.1.1", | ||
144 | "UID", | ||
145 | 1, | ||
146 | 1}, | ||
147 | |||
148 | /* PKCS #9 | ||
149 | */ | ||
150 | {"1.2.840.113549.1.9.1", | ||
151 | "EMAIL", | ||
152 | 0, | ||
153 | 1}, | ||
154 | {"1.2.840.113549.1.9.7", | ||
155 | NULL, | ||
156 | 1, | ||
157 | 1}, | ||
158 | |||
159 | /* friendly name */ | ||
160 | {"1.2.840.113549.1.9.20", | ||
161 | NULL, | ||
162 | 0, | ||
163 | 1}, | ||
164 | {NULL, | ||
165 | NULL, | ||
166 | 0, | ||
167 | 0} | ||
168 | }; | ||
169 | |||
170 | /* Returns 1 if the data defined by the OID are printable. | ||
171 | */ | ||
172 | int | ||
173 | MHD__gnutls_x509_oid_data_printable (const char *oid) | ||
174 | { | ||
175 | int i = 0; | ||
176 | |||
177 | do | ||
178 | { | ||
179 | if (strcmp (_oid2str[i].oid, oid) == 0) | ||
180 | return _oid2str[i].printable; | ||
181 | i++; | ||
182 | } | ||
183 | while (_oid2str[i].oid != NULL); | ||
184 | |||
185 | return 0; | ||
186 | } | ||
187 | |||
188 | /** | ||
189 | * MHD_gnutls_x509_dn_oid_known - This function will return true if the given OID is known | ||
190 | * @oid: holds an Object Identifier in a null terminated string | ||
191 | * | ||
192 | * This function will inform about known DN OIDs. This is useful since functions | ||
193 | * like MHD_gnutls_x509_crt_set_dn_by_oid() use the information on known | ||
194 | * OIDs to properly encode their input. Object Identifiers that are not | ||
195 | * known are not encoded by these functions, and their input is stored directly | ||
196 | * into the ASN.1 structure. In that case of unknown OIDs, you have | ||
197 | * the responsibility of DER encoding your data. | ||
198 | * | ||
199 | * Returns 1 on known OIDs and 0 otherwise. | ||
200 | * | ||
201 | **/ | ||
202 | int | ||
203 | MHD_gnutls_x509_dn_oid_known (const char *oid) | ||
204 | { | ||
205 | int i = 0; | ||
206 | |||
207 | do | ||
208 | { | ||
209 | if (strcmp (_oid2str[i].oid, oid) == 0) | ||
210 | return 1; | ||
211 | i++; | ||
212 | } | ||
213 | while (_oid2str[i].oid != NULL); | ||
214 | |||
215 | return 0; | ||
216 | } | ||
217 | |||
218 | /* Returns 1 if the data defined by the OID are of a choice | ||
219 | * type. | ||
220 | */ | ||
221 | static int | ||
222 | MHD__gnutls_x509_oid_data_choice (const char *oid) | ||
223 | { | ||
224 | int i = 0; | ||
225 | |||
226 | do | ||
227 | { | ||
228 | if (strcmp (_oid2str[i].oid, oid) == 0) | ||
229 | return _oid2str[i].choice; | ||
230 | i++; | ||
231 | } | ||
232 | while (_oid2str[i].oid != NULL); | ||
233 | |||
234 | return 0; | ||
235 | } | ||
236 | |||
237 | const char * | ||
238 | MHD__gnutls_x509_oid2ldap_string (const char *oid) | ||
239 | { | ||
240 | int i = 0; | ||
241 | |||
242 | do | ||
243 | { | ||
244 | if (strcmp (_oid2str[i].oid, oid) == 0) | ||
245 | return _oid2str[i].ldap_desc; | ||
246 | i++; | ||
247 | } | ||
248 | while (_oid2str[i].oid != NULL); | ||
249 | |||
250 | return NULL; | ||
251 | } | ||
252 | |||
253 | /* This function will convert an attribute value, specified by the OID, | ||
254 | * to a string. The result will be a null terminated string. | ||
255 | * | ||
256 | * res may be null. This will just return the res_size, needed to | ||
257 | * hold the string. | ||
258 | */ | ||
259 | int | ||
260 | MHD__gnutls_x509_oid_data2string (const char *oid, | ||
261 | void *value, | ||
262 | int value_size, char *res, | ||
263 | size_t * res_size) | ||
264 | { | ||
265 | char str[MAX_STRING_LEN], tmpname[128]; | ||
266 | const char *ANAME = NULL; | ||
267 | int CHOICE = -1, len = -1, result; | ||
268 | ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY; | ||
269 | char MHD__asn1_err[MAX_ERROR_DESCRIPTION_SIZE] = ""; | ||
270 | |||
271 | if (value == NULL || value_size <= 0 || res_size == NULL) | ||
272 | { | ||
273 | MHD_gnutls_assert (); | ||
274 | return GNUTLS_E_INVALID_REQUEST; | ||
275 | } | ||
276 | |||
277 | if (MHD__gnutls_x509_oid_data_printable (oid) == 0) | ||
278 | { | ||
279 | MHD_gnutls_assert (); | ||
280 | return GNUTLS_E_INTERNAL_ERROR; | ||
281 | } | ||
282 | |||
283 | ANAME = MHD__asn1_find_structure_from_oid (MHD__gnutls_get_pkix (), oid); | ||
284 | CHOICE = MHD__gnutls_x509_oid_data_choice (oid); | ||
285 | |||
286 | if (ANAME == NULL) | ||
287 | { | ||
288 | MHD_gnutls_assert (); | ||
289 | return GNUTLS_E_INTERNAL_ERROR; | ||
290 | } | ||
291 | |||
292 | MHD_gtls_str_cpy (str, sizeof (str), "PKIX1."); | ||
293 | MHD_gtls_str_cat (str, sizeof (str), ANAME); | ||
294 | |||
295 | if ((result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), str, | ||
296 | &tmpasn)) != ASN1_SUCCESS) | ||
297 | { | ||
298 | MHD_gnutls_assert (); | ||
299 | return MHD_gtls_asn2err (result); | ||
300 | } | ||
301 | |||
302 | if ((result = | ||
303 | MHD__asn1_der_decoding (&tmpasn, value, value_size, | ||
304 | MHD__asn1_err)) != ASN1_SUCCESS) | ||
305 | { | ||
306 | MHD_gnutls_assert (); | ||
307 | MHD__gnutls_x509_log ("MHD__asn1_der_decoding: %s:%s\n", str, | ||
308 | MHD__asn1_err); | ||
309 | MHD__asn1_delete_structure (&tmpasn); | ||
310 | return MHD_gtls_asn2err (result); | ||
311 | } | ||
312 | |||
313 | /* If this is a choice then we read the choice. Otherwise it | ||
314 | * is the value; | ||
315 | */ | ||
316 | len = sizeof (str) - 1; | ||
317 | if ((result = MHD__asn1_read_value (tmpasn, "", str, &len)) != ASN1_SUCCESS) | ||
318 | { /* CHOICE */ | ||
319 | MHD_gnutls_assert (); | ||
320 | MHD__asn1_delete_structure (&tmpasn); | ||
321 | return MHD_gtls_asn2err (result); | ||
322 | } | ||
323 | |||
324 | if (CHOICE == 0) | ||
325 | { | ||
326 | str[len] = 0; | ||
327 | |||
328 | if (res) | ||
329 | MHD_gtls_str_cpy (res, *res_size, str); | ||
330 | *res_size = len; | ||
331 | |||
332 | MHD__asn1_delete_structure (&tmpasn); | ||
333 | } | ||
334 | else | ||
335 | { /* CHOICE */ | ||
336 | int non_printable = 0, teletex = 0; | ||
337 | str[len] = 0; | ||
338 | |||
339 | /* Note that we do not support strings other than | ||
340 | * UTF-8 (thus ASCII as well). | ||
341 | */ | ||
342 | if (strcmp (str, "printableString") != 0 | ||
343 | && strcmp (str, "ia5String") != 0 | ||
344 | && strcmp (str, "utf8String") != 0) | ||
345 | { | ||
346 | non_printable = 1; | ||
347 | } | ||
348 | if (strcmp (str, "teletexString") == 0) | ||
349 | teletex = 1; | ||
350 | |||
351 | MHD_gtls_str_cpy (tmpname, sizeof (tmpname), str); | ||
352 | |||
353 | len = sizeof (str) - 1; | ||
354 | if ((result = MHD__asn1_read_value (tmpasn, tmpname, str, &len)) | ||
355 | != ASN1_SUCCESS) | ||
356 | { | ||
357 | MHD__asn1_delete_structure (&tmpasn); | ||
358 | return MHD_gtls_asn2err (result); | ||
359 | } | ||
360 | |||
361 | MHD__asn1_delete_structure (&tmpasn); | ||
362 | |||
363 | if (teletex != 0) | ||
364 | { | ||
365 | int ascii = 0, i; | ||
366 | /* HACK: if the teletex string contains only ascii | ||
367 | * characters then treat it as printable. | ||
368 | */ | ||
369 | for (i = 0; i < len; i++) | ||
370 | if (!isascii (str[i])) | ||
371 | ascii = 1; | ||
372 | |||
373 | if (ascii == 0) | ||
374 | non_printable = 0; | ||
375 | } | ||
376 | |||
377 | if (res) | ||
378 | { | ||
379 | if (non_printable == 0) | ||
380 | { | ||
381 | str[len] = 0; | ||
382 | MHD_gtls_str_cpy (res, *res_size, str); | ||
383 | *res_size = len; | ||
384 | } | ||
385 | else | ||
386 | { | ||
387 | result = | ||
388 | MHD__gnutls_x509_data2hex ((const unsigned char *) str, len, | ||
389 | (unsigned char *) res, res_size); | ||
390 | if (result < 0) | ||
391 | { | ||
392 | MHD_gnutls_assert (); | ||
393 | return result; | ||
394 | } | ||
395 | } | ||
396 | } | ||
397 | |||
398 | } | ||
399 | |||
400 | return 0; | ||
401 | } | ||
402 | |||
403 | /* Converts a data string to an LDAP rfc2253 hex string | ||
404 | * something like '#01020304' | ||
405 | */ | ||
406 | int | ||
407 | MHD__gnutls_x509_data2hex (const opaque * data, | ||
408 | size_t data_size, opaque * out, | ||
409 | size_t * sizeof_out) | ||
410 | { | ||
411 | char *res; | ||
412 | char escaped[MAX_STRING_LEN]; | ||
413 | unsigned int size; | ||
414 | |||
415 | if (2 * data_size + 1 > MAX_STRING_LEN) | ||
416 | { | ||
417 | MHD_gnutls_assert (); | ||
418 | return GNUTLS_E_INTERNAL_ERROR; | ||
419 | } | ||
420 | res = MHD_gtls_bin2hex (data, data_size, escaped, sizeof (escaped)); | ||
421 | if (!res) | ||
422 | { | ||
423 | MHD_gnutls_assert (); | ||
424 | return GNUTLS_E_INTERNAL_ERROR; | ||
425 | } | ||
426 | |||
427 | size = strlen (res) + 1; | ||
428 | if (size + 1 > *sizeof_out) | ||
429 | { | ||
430 | *sizeof_out = size; | ||
431 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
432 | } | ||
433 | *sizeof_out = size; /* -1 for the null +1 for the '#' */ | ||
434 | |||
435 | if (out) | ||
436 | { | ||
437 | strcpy ((char*) out, "#"); | ||
438 | strcat ((char*) out, res); | ||
439 | } | ||
440 | return 0; | ||
441 | } | ||
442 | |||
443 | /* TIME functions | ||
444 | * Convertions between generalized or UTC time to time_t | ||
445 | * | ||
446 | */ | ||
447 | |||
448 | /* This is an emulations of the struct tm. | ||
449 | * Since we do not use libc's functions, we don't need to | ||
450 | * depend on the libc structure. | ||
451 | */ | ||
452 | typedef struct fake_tm | ||
453 | { | ||
454 | int tm_mon; | ||
455 | int tm_year; /* FULL year - ie 1971 */ | ||
456 | int tm_mday; | ||
457 | int tm_hour; | ||
458 | int tm_min; | ||
459 | int tm_sec; | ||
460 | } fake_tm; | ||
461 | |||
462 | /* The mktime_utc function is due to Russ Allbery (rra@stanford.edu), | ||
463 | * who placed it under public domain: | ||
464 | */ | ||
465 | |||
466 | /* The number of days in each month. | ||
467 | */ | ||
468 | static const int MONTHDAYS[] = { 31, | ||
469 | 28, | ||
470 | 31, | ||
471 | 30, | ||
472 | 31, | ||
473 | 30, | ||
474 | 31, | ||
475 | 31, | ||
476 | 30, | ||
477 | 31, | ||
478 | 30, | ||
479 | 31 | ||
480 | }; | ||
481 | |||
482 | /* Whether a given year is a leap year. */ | ||
483 | #define ISLEAP(year) \ | ||
484 | (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0)) | ||
485 | |||
486 | /* | ||
487 | ** Given a struct tm representing a calendar time in UTC, convert it to | ||
488 | ** seconds since epoch. Returns (time_t) -1 if the time is not | ||
489 | ** convertable. Note that this function does not canonicalize the provided | ||
490 | ** struct tm, nor does it allow out of range values or years before 1970. | ||
491 | */ | ||
492 | static time_t | ||
493 | mktime_utc (const struct fake_tm *tm) | ||
494 | { | ||
495 | time_t result = 0; | ||
496 | int i; | ||
497 | |||
498 | /* We do allow some ill-formed dates, but we don't do anything special | ||
499 | * with them and our callers really shouldn't pass them to us. Do | ||
500 | * explicitly disallow the ones that would cause invalid array accesses | ||
501 | * or other algorithm problems. | ||
502 | */ | ||
503 | if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) | ||
504 | return (time_t) - 1; | ||
505 | |||
506 | /* Convert to a time_t. | ||
507 | */ | ||
508 | for (i = 1970; i < tm->tm_year; i++) | ||
509 | result += 365 + ISLEAP (i); | ||
510 | for (i = 0; i < tm->tm_mon; i++) | ||
511 | result += MONTHDAYS[i]; | ||
512 | if (tm->tm_mon > 1 && ISLEAP (tm->tm_year)) | ||
513 | result++; | ||
514 | result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour; | ||
515 | result = 60 * result + tm->tm_min; | ||
516 | result = 60 * result + tm->tm_sec; | ||
517 | return result; | ||
518 | } | ||
519 | |||
520 | /* this one will parse dates of the form: | ||
521 | * month|day|hour|minute|sec* (2 chars each) | ||
522 | * and year is given. Returns a time_t date. | ||
523 | */ | ||
524 | static time_t | ||
525 | MHD__gnutls_x509_time2gtime (const char *ttime, int year) | ||
526 | { | ||
527 | char xx[3]; | ||
528 | struct fake_tm etime; | ||
529 | time_t ret; | ||
530 | |||
531 | if (strlen (ttime) < 8) | ||
532 | { | ||
533 | MHD_gnutls_assert (); | ||
534 | return (time_t) - 1; | ||
535 | } | ||
536 | |||
537 | etime.tm_year = year; | ||
538 | |||
539 | /* In order to work with 32 bit | ||
540 | * time_t. | ||
541 | */ | ||
542 | if (sizeof (time_t) <= 4 && etime.tm_year >= 2038) | ||
543 | return (time_t) 2145914603; /* 2037-12-31 23:23:23 */ | ||
544 | |||
545 | xx[2] = 0; | ||
546 | |||
547 | /* get the month | ||
548 | */ | ||
549 | memcpy (xx, ttime, 2); /* month */ | ||
550 | etime.tm_mon = atoi (xx) - 1; | ||
551 | ttime += 2; | ||
552 | |||
553 | /* get the day | ||
554 | */ | ||
555 | memcpy (xx, ttime, 2); /* day */ | ||
556 | etime.tm_mday = atoi (xx); | ||
557 | ttime += 2; | ||
558 | |||
559 | /* get the hour | ||
560 | */ | ||
561 | memcpy (xx, ttime, 2); /* hour */ | ||
562 | etime.tm_hour = atoi (xx); | ||
563 | ttime += 2; | ||
564 | |||
565 | /* get the minutes | ||
566 | */ | ||
567 | memcpy (xx, ttime, 2); /* minutes */ | ||
568 | etime.tm_min = atoi (xx); | ||
569 | ttime += 2; | ||
570 | |||
571 | if (strlen (ttime) >= 2) | ||
572 | { | ||
573 | memcpy (xx, ttime, 2); | ||
574 | etime.tm_sec = atoi (xx); | ||
575 | ttime += 2; | ||
576 | } | ||
577 | else | ||
578 | etime.tm_sec = 0; | ||
579 | |||
580 | ret = mktime_utc (&etime); | ||
581 | |||
582 | return ret; | ||
583 | } | ||
584 | |||
585 | /* returns a time_t value that contains the given time. | ||
586 | * The given time is expressed as: | ||
587 | * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)* | ||
588 | * | ||
589 | * (seconds are optional) | ||
590 | */ | ||
591 | static time_t | ||
592 | MHD__gnutls_x509_utcTime2gtime (const char *ttime) | ||
593 | { | ||
594 | char xx[3]; | ||
595 | int year; | ||
596 | |||
597 | if (strlen (ttime) < 10) | ||
598 | { | ||
599 | MHD_gnutls_assert (); | ||
600 | return (time_t) - 1; | ||
601 | } | ||
602 | xx[2] = 0; | ||
603 | /* get the year | ||
604 | */ | ||
605 | memcpy (xx, ttime, 2); /* year */ | ||
606 | year = atoi (xx); | ||
607 | ttime += 2; | ||
608 | |||
609 | if (year > 49) | ||
610 | year += 1900; | ||
611 | else | ||
612 | year += 2000; | ||
613 | |||
614 | return MHD__gnutls_x509_time2gtime (ttime, year); | ||
615 | } | ||
616 | |||
617 | /* returns a time_t value that contains the given time. | ||
618 | * The given time is expressed as: | ||
619 | * YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)* | ||
620 | */ | ||
621 | static time_t | ||
622 | MHD__gnutls_x509_generalTime2gtime (const char *ttime) | ||
623 | { | ||
624 | char xx[5]; | ||
625 | int year; | ||
626 | |||
627 | if (strlen (ttime) < 12) | ||
628 | { | ||
629 | MHD_gnutls_assert (); | ||
630 | return (time_t) - 1; | ||
631 | } | ||
632 | |||
633 | if (strchr (ttime, 'Z') == 0) | ||
634 | { | ||
635 | MHD_gnutls_assert (); | ||
636 | /* sorry we don't support it yet | ||
637 | */ | ||
638 | return (time_t) - 1; | ||
639 | } | ||
640 | xx[4] = 0; | ||
641 | |||
642 | /* get the year | ||
643 | */ | ||
644 | memcpy (xx, ttime, 4); /* year */ | ||
645 | year = atoi (xx); | ||
646 | ttime += 4; | ||
647 | |||
648 | return MHD__gnutls_x509_time2gtime (ttime, year); | ||
649 | |||
650 | } | ||
651 | |||
652 | /* Extracts the time in time_t from the ASN1_TYPE given. When should | ||
653 | * be something like "tbsCertList.thisUpdate". | ||
654 | */ | ||
655 | #define MAX_TIME 64 | ||
656 | time_t | ||
657 | MHD__gnutls_x509_get_time (ASN1_TYPE c2, const char *when) | ||
658 | { | ||
659 | char ttime[MAX_TIME]; | ||
660 | char name[128]; | ||
661 | time_t c_time = (time_t) - 1; | ||
662 | int len, result; | ||
663 | |||
664 | MHD_gtls_str_cpy (name, sizeof (name), when); | ||
665 | |||
666 | len = sizeof (ttime) - 1; | ||
667 | if ((result = MHD__asn1_read_value (c2, name, ttime, &len)) < 0) | ||
668 | { | ||
669 | MHD_gnutls_assert (); | ||
670 | return (time_t) (-1); | ||
671 | } | ||
672 | |||
673 | /* CHOICE */ | ||
674 | if (strcmp (ttime, "generalTime") == 0) | ||
675 | { | ||
676 | |||
677 | MHD_gtls_str_cat (name, sizeof (name), ".generalTime"); | ||
678 | len = sizeof (ttime) - 1; | ||
679 | result = MHD__asn1_read_value (c2, name, ttime, &len); | ||
680 | if (result == ASN1_SUCCESS) | ||
681 | c_time = MHD__gnutls_x509_generalTime2gtime (ttime); | ||
682 | } | ||
683 | else | ||
684 | { /* UTCTIME */ | ||
685 | |||
686 | MHD_gtls_str_cat (name, sizeof (name), ".utcTime"); | ||
687 | len = sizeof (ttime) - 1; | ||
688 | result = MHD__asn1_read_value (c2, name, ttime, &len); | ||
689 | if (result == ASN1_SUCCESS) | ||
690 | c_time = MHD__gnutls_x509_utcTime2gtime (ttime); | ||
691 | } | ||
692 | |||
693 | /* We cannot handle dates after 2031 in 32 bit machines. | ||
694 | * a time_t of 64bits has to be used. | ||
695 | */ | ||
696 | |||
697 | if (result != ASN1_SUCCESS) | ||
698 | { | ||
699 | MHD_gnutls_assert (); | ||
700 | return (time_t) (-1); | ||
701 | } | ||
702 | return c_time; | ||
703 | } | ||
704 | |||
705 | |||
706 | MHD_gnutls_x509_subject_alt_name_t | ||
707 | MHD__gnutls_x509_san_find_type (char *str_type) | ||
708 | { | ||
709 | if (strcmp (str_type, "dNSName") == 0) | ||
710 | return GNUTLS_SAN_DNSNAME; | ||
711 | if (strcmp (str_type, "rfc822Name") == 0) | ||
712 | return GNUTLS_SAN_RFC822NAME; | ||
713 | if (strcmp (str_type, "uniformResourceIdentifier") == 0) | ||
714 | return GNUTLS_SAN_URI; | ||
715 | if (strcmp (str_type, "iPAddress") == 0) | ||
716 | return GNUTLS_SAN_IPADDRESS; | ||
717 | if (strcmp (str_type, "otherName") == 0) | ||
718 | return GNUTLS_SAN_OTHERNAME; | ||
719 | if (strcmp (str_type, "directoryName") == 0) | ||
720 | return GNUTLS_SAN_DN; | ||
721 | return (MHD_gnutls_x509_subject_alt_name_t) - 1; | ||
722 | } | ||
723 | |||
724 | /* A generic export function. Will export the given ASN.1 encoded data | 38 | /* A generic export function. Will export the given ASN.1 encoded data |
725 | * to PEM or DER raw data. | 39 | * to PEM or DER raw data. |
726 | */ | 40 | */ |
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h index 5fa84808..7b8421c7 100644 --- a/src/daemon/https/x509/common.h +++ b/src/daemon/https/x509/common.h | |||
@@ -58,21 +58,6 @@ | |||
58 | #define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" | 58 | #define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" |
59 | #define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" | 59 | #define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" |
60 | 60 | ||
61 | int MHD__gnutls_x509_oid_data2string (const char *OID, void *value, | ||
62 | int value_size, char *res, | ||
63 | size_t * res_size); | ||
64 | int MHD__gnutls_x509_data2hex (const opaque * data, size_t data_size, | ||
65 | opaque * out, size_t * sizeof_out); | ||
66 | |||
67 | const char *MHD__gnutls_x509_oid2ldap_string (const char *OID); | ||
68 | |||
69 | int MHD__gnutls_x509_oid_data_printable (const char *OID); | ||
70 | |||
71 | time_t MHD__gnutls_x509_get_time (ASN1_TYPE c2, const char *when); | ||
72 | |||
73 | MHD_gnutls_x509_subject_alt_name_t MHD__gnutls_x509_san_find_type (char | ||
74 | *str_type); | ||
75 | |||
76 | int MHD__gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, | 61 | int MHD__gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, |
77 | MHD_gnutls_datum_t * res, int str); | 62 | MHD_gnutls_datum_t * res, int str); |
78 | 63 | ||
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c index 1835f2ae..3c2b67ec 100644 --- a/src/daemon/https/x509/extensions.c +++ b/src/daemon/https/x509/extensions.c | |||
@@ -217,59 +217,3 @@ MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, | |||
217 | return 0; | 217 | return 0; |
218 | } | 218 | } |
219 | 219 | ||
220 | /* extract the basicConstraints from the DER encoded extension | ||
221 | */ | ||
222 | int | ||
223 | MHD__gnutls_x509_ext_extract_basicConstraints (int *CA, | ||
224 | int *pathLenConstraint, | ||
225 | opaque * extnValue, | ||
226 | int extnValueLen) | ||
227 | { | ||
228 | ASN1_TYPE ext = ASN1_TYPE_EMPTY; | ||
229 | char str[128]; | ||
230 | int len, result; | ||
231 | |||
232 | if ((result = MHD__asn1_create_element | ||
233 | (MHD__gnutls_get_pkix (), "PKIX1.BasicConstraints", | ||
234 | &ext)) != ASN1_SUCCESS) | ||
235 | { | ||
236 | MHD_gnutls_assert (); | ||
237 | return MHD_gtls_asn2err (result); | ||
238 | } | ||
239 | |||
240 | result = MHD__asn1_der_decoding (&ext, extnValue, extnValueLen, NULL); | ||
241 | if (result != ASN1_SUCCESS) | ||
242 | { | ||
243 | MHD_gnutls_assert (); | ||
244 | MHD__asn1_delete_structure (&ext); | ||
245 | return MHD_gtls_asn2err (result); | ||
246 | } | ||
247 | |||
248 | if (pathLenConstraint) | ||
249 | { | ||
250 | result = MHD__gnutls_x509_read_uint (ext, "pathLenConstraint", | ||
251 | (unsigned int *) | ||
252 | pathLenConstraint); | ||
253 | if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) | ||
254 | *pathLenConstraint = -1; | ||
255 | else if (result != GNUTLS_E_SUCCESS) | ||
256 | { | ||
257 | MHD_gnutls_assert (); | ||
258 | MHD__asn1_delete_structure (&ext); | ||
259 | return MHD_gtls_asn2err (result); | ||
260 | } | ||
261 | } | ||
262 | |||
263 | /* the default value of cA is false. | ||
264 | */ | ||
265 | len = sizeof (str) - 1; | ||
266 | result = MHD__asn1_read_value (ext, "cA", str, &len); | ||
267 | if (result == ASN1_SUCCESS && strcmp (str, "TRUE") == 0) | ||
268 | *CA = 1; | ||
269 | else | ||
270 | *CA = 0; | ||
271 | |||
272 | MHD__asn1_delete_structure (&ext); | ||
273 | |||
274 | return 0; | ||
275 | } | ||
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h index fe4372f8..5a945cb1 100644 --- a/src/daemon/https/x509/extensions.h +++ b/src/daemon/https/x509/extensions.h | |||
@@ -33,7 +33,3 @@ int MHD__gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert, | |||
33 | int MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, | 33 | int MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, |
34 | opaque * extnValue, | 34 | opaque * extnValue, |
35 | int extnValueLen); | 35 | int extnValueLen); |
36 | int MHD__gnutls_x509_ext_extract_basicConstraints (int *CA, | ||
37 | int *pathLenConstraint, | ||
38 | opaque * extnValue, | ||
39 | int extnValueLen); | ||
diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c index e8563967..43f1a633 100644 --- a/src/daemon/https/x509/mpi.c +++ b/src/daemon/https/x509/mpi.c | |||
@@ -211,57 +211,3 @@ cleanup:MHD__asn1_delete_structure (&spk); | |||
211 | return result; | 211 | return result; |
212 | } | 212 | } |
213 | 213 | ||
214 | /* this function reads a (small) unsigned integer | ||
215 | * from asn1 structs. Combines the read and the convertion | ||
216 | * steps. | ||
217 | */ | ||
218 | int | ||
219 | MHD__gnutls_x509_read_uint (ASN1_TYPE node, const char *value, | ||
220 | unsigned int *ret) | ||
221 | { | ||
222 | int len, result; | ||
223 | opaque *tmpstr; | ||
224 | |||
225 | len = 0; | ||
226 | result = MHD__asn1_read_value (node, value, NULL, &len); | ||
227 | if (result != ASN1_MEM_ERROR) | ||
228 | { | ||
229 | MHD_gnutls_assert (); | ||
230 | return MHD_gtls_asn2err (result); | ||
231 | } | ||
232 | |||
233 | tmpstr = MHD_gnutls_alloca (len); | ||
234 | if (tmpstr == NULL) | ||
235 | { | ||
236 | MHD_gnutls_assert (); | ||
237 | return GNUTLS_E_MEMORY_ERROR; | ||
238 | } | ||
239 | |||
240 | result = MHD__asn1_read_value (node, value, tmpstr, &len); | ||
241 | |||
242 | if (result != ASN1_SUCCESS) | ||
243 | { | ||
244 | MHD_gnutls_assert (); | ||
245 | MHD_gnutls_afree (tmpstr); | ||
246 | return MHD_gtls_asn2err (result); | ||
247 | } | ||
248 | |||
249 | if (len == 1) | ||
250 | *ret = tmpstr[0]; | ||
251 | else if (len == 2) | ||
252 | *ret = MHD_gtls_read_uint16 (tmpstr); | ||
253 | else if (len == 3) | ||
254 | *ret = MHD_gtls_read_uint24 (tmpstr); | ||
255 | else if (len == 4) | ||
256 | *ret = MHD_gtls_read_uint32 (tmpstr); | ||
257 | else | ||
258 | { | ||
259 | MHD_gnutls_assert (); | ||
260 | MHD_gnutls_afree (tmpstr); | ||
261 | return GNUTLS_E_INTERNAL_ERROR; | ||
262 | } | ||
263 | |||
264 | MHD_gnutls_afree (tmpstr); | ||
265 | |||
266 | return 0; | ||
267 | } | ||
diff --git a/src/daemon/https/x509/mpi.h b/src/daemon/https/x509/mpi.h index 8db519fd..651ebb46 100644 --- a/src/daemon/https/x509/mpi.h +++ b/src/daemon/https/x509/mpi.h | |||
@@ -31,9 +31,6 @@ int MHD__gnutls_x509_read_rsa_params (opaque * der, int dersize, | |||
31 | mpi_t * params); | 31 | mpi_t * params); |
32 | int MHD__gnutls_x509_write_rsa_params (mpi_t * params, int params_size, | 32 | int MHD__gnutls_x509_write_rsa_params (mpi_t * params, int params_size, |
33 | MHD_gnutls_datum_t * der); | 33 | MHD_gnutls_datum_t * der); |
34 | int MHD__gnutls_x509_read_uint (ASN1_TYPE node, const char *value, | ||
35 | unsigned int *ret); | ||
36 | |||
37 | int MHD__gnutls_x509_read_int (ASN1_TYPE node, const char *value, | 34 | int MHD__gnutls_x509_read_int (ASN1_TYPE node, const char *value, |
38 | mpi_t * ret_mpi); | 35 | mpi_t * ret_mpi); |
39 | int MHD__gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, | 36 | int MHD__gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, |
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c index 9ce1e76d..2fa84551 100644 --- a/src/daemon/https/x509/x509.c +++ b/src/daemon/https/x509/x509.c | |||
@@ -213,50 +213,6 @@ MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert) | |||
213 | } | 213 | } |
214 | 214 | ||
215 | /** | 215 | /** |
216 | * MHD_gnutls_x509_crt_get_activation_time - This function returns the Certificate's activation time | ||
217 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
218 | * | ||
219 | * This function will return the time this Certificate was or will be activated. | ||
220 | * | ||
221 | * Returns (time_t)-1 on error. | ||
222 | * | ||
223 | **/ | ||
224 | time_t | ||
225 | MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert) | ||
226 | { | ||
227 | if (cert == NULL) | ||
228 | { | ||
229 | MHD_gnutls_assert (); | ||
230 | return (time_t) - 1; | ||
231 | } | ||
232 | |||
233 | return MHD__gnutls_x509_get_time (cert->cert, | ||
234 | "tbsCertificate.validity.notBefore"); | ||
235 | } | ||
236 | |||
237 | /** | ||
238 | * MHD_gnutls_x509_crt_get_expiration_time - This function returns the Certificate's expiration time | ||
239 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
240 | * | ||
241 | * This function will return the time this Certificate was or will be expired. | ||
242 | * | ||
243 | * Returns (time_t)-1 on error. | ||
244 | * | ||
245 | **/ | ||
246 | time_t | ||
247 | MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert) | ||
248 | { | ||
249 | if (cert == NULL) | ||
250 | { | ||
251 | MHD_gnutls_assert (); | ||
252 | return (time_t) - 1; | ||
253 | } | ||
254 | |||
255 | return MHD__gnutls_x509_get_time (cert->cert, | ||
256 | "tbsCertificate.validity.notAfter"); | ||
257 | } | ||
258 | |||
259 | /** | ||
260 | * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm | 216 | * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm |
261 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | 217 | * @cert: should contain a MHD_gnutls_x509_crt_t structure |
262 | * @bits: if bits is non null it will hold the size of the parameters' in bits | 218 | * @bits: if bits is non null it will hold the size of the parameters' in bits |
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h index be14b784..11628186 100644 --- a/src/daemon/https/x509/x509.h +++ b/src/daemon/https/x509/x509.h | |||
@@ -109,8 +109,6 @@ extern "C" | |||
109 | #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 | 109 | #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 |
110 | #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 | 110 | #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 |
111 | 111 | ||
112 | time_t MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert); | ||
113 | time_t MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert); | ||
114 | int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, | 112 | int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, |
115 | unsigned int *bits); | 113 | unsigned int *bits); |
116 | int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert, | 114 | int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert, |
@@ -124,8 +122,6 @@ extern "C" | |||
124 | int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt, | 122 | int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt, |
125 | unsigned int usage); | 123 | unsigned int usage); |
126 | 124 | ||
127 | int MHD_gnutls_x509_dn_oid_known (const char *oid); | ||
128 | |||
129 | /* Read extensions by sequence number. */ | 125 | /* Read extensions by sequence number. */ |
130 | int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt, | 126 | int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt, |
131 | const char *oid, | 127 | const char *oid, |
@@ -168,10 +164,6 @@ extern "C" | |||
168 | MHD_gnutls_x509_privkey_t issuer_key, | 164 | MHD_gnutls_x509_privkey_t issuer_key, |
169 | enum MHD_GNUTLS_HashAlgorithm, | 165 | enum MHD_GNUTLS_HashAlgorithm, |
170 | unsigned int flags); | 166 | unsigned int flags); |
171 | int MHD_gnutls_x509_crt_set_activation_time (MHD_gnutls_x509_crt_t cert, | ||
172 | time_t act_time); | ||
173 | int MHD_gnutls_x509_crt_set_expiration_time (MHD_gnutls_x509_crt_t cert, | ||
174 | time_t exp_time); | ||
175 | int MHD_gnutls_x509_crt_set_serial (MHD_gnutls_x509_crt_t cert, | 167 | int MHD_gnutls_x509_crt_set_serial (MHD_gnutls_x509_crt_t cert, |
176 | const void *serial, size_t serial_size); | 168 | const void *serial, size_t serial_size); |
177 | 169 | ||