diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-09-12 20:47:06 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-09-12 20:47:06 +0000 |
commit | cfde43ff7ded40a9b1f23fa87088dcf99a95570c (patch) | |
tree | bd54252cb28a47780313b0412d8f17f2424e8ffd | |
parent | 824628a22f59c312bc0f664665ec8d25be37910c (diff) | |
download | libmicrohttpd-cfde43ff7ded40a9b1f23fa87088dcf99a95570c.tar.gz libmicrohttpd-cfde43ff7ded40a9b1f23fa87088dcf99a95570c.zip |
documenting all enums, functions and structs, removing support for key/cert files
-rw-r--r-- | doc/microhttpd.texi | 280 | ||||
-rw-r--r-- | src/daemon/connection_https.c | 10 | ||||
-rw-r--r-- | src/daemon/daemon.c | 54 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_cert.c | 6 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_rsa.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_algorithms.c | 96 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_cipher.c | 18 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_constate.c | 8 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_handshake.c | 22 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_kx.c | 8 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_priority.c | 6 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_sig.c | 12 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_state.c | 2 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_x509.c | 223 | ||||
-rw-r--r-- | src/daemon/internal.h | 4 | ||||
-rw-r--r-- | src/examples/https_fileserver_example.c | 12 | ||||
-rw-r--r-- | src/include/microhttpd.h | 37 | ||||
-rw-r--r-- | src/testcurl/https/mhds_session_info_test.c | 2 | ||||
-rw-r--r-- | src/testcurl/https/tls_daemon_options_test.c | 14 |
19 files changed, 372 insertions, 446 deletions
diff --git a/doc/microhttpd.texi b/doc/microhttpd.texi index 54ab252a..0c155e47 100644 --- a/doc/microhttpd.texi +++ b/doc/microhttpd.texi | |||
@@ -123,6 +123,7 @@ GNU libmicrohttpd is a GNU package. | |||
123 | * microhttpd-requests:: Handling requests. | 123 | * microhttpd-requests:: Handling requests. |
124 | * microhttpd-responses:: Building responses to requests. | 124 | * microhttpd-responses:: Building responses to requests. |
125 | * microhttpd-post:: Adding a @code{POST} processor. | 125 | * microhttpd-post:: Adding a @code{POST} processor. |
126 | * microhttpd-info:: Obtaining status information. | ||
126 | 127 | ||
127 | Appendices | 128 | Appendices |
128 | 129 | ||
@@ -291,20 +292,6 @@ the @code{struct sockaddr*} should point to a @code{struct sockaddr_in6}, | |||
291 | otherwise to a @code{struct sockaddr_in}. If this option is not specified, | 292 | otherwise to a @code{struct sockaddr_in}. If this option is not specified, |
292 | the daemon will listen to incomming connections from anywhere. | 293 | the daemon will listen to incomming connections from anywhere. |
293 | 294 | ||
294 | @item MHD_OPTION_HTTPS_KEY_PATH | ||
295 | Filename for the private key (key.pem) to be used by the | ||
296 | HTTPS daemon. This option should be followed by an | ||
297 | "const char*" argument. The memory of the filename must | ||
298 | not be released until the application terminates. | ||
299 | This should be used in conjunction with 'MHD_OPTION_HTTPS_CERT_PATH'. | ||
300 | |||
301 | @item MHD_OPTION_HTTPS_CERT_PATH | ||
302 | Filename for the certificate (cert.pem) to be used by the | ||
303 | HTTPS daemon. This option should be followed by an | ||
304 | "const char*" argument. The memory of the filename must | ||
305 | not be released until the application terminates. | ||
306 | This should be used in conjunction with 'MHD_OPTION_HTTPS_KEY_PATH'. | ||
307 | |||
308 | @item MHD_OPTION_HTTPS_MEM_KEY | 295 | @item MHD_OPTION_HTTPS_MEM_KEY |
309 | Memory pointer to the private key to be used by the | 296 | Memory pointer to the private key to be used by the |
310 | HTTPS daemon. This option should be followed by an | 297 | HTTPS daemon. This option should be followed by an |
@@ -416,6 +403,31 @@ We had to close the session since @mhd{} was being shut down. | |||
416 | List of symmetric ciphers. | 403 | List of symmetric ciphers. |
417 | Note that not all listed algorithms are necessarily supported by | 404 | Note that not all listed algorithms are necessarily supported by |
418 | all builds of MHD. | 405 | all builds of MHD. |
406 | |||
407 | @table @code | ||
408 | @item MHD_GNUTLS_CIPHER_UNKNOWN | ||
409 | |||
410 | @item MHD_GNUTLS_CIPHER_NULL | ||
411 | |||
412 | @item MHD_GNUTLS_CIPHER_ARCFOUR_128 | ||
413 | |||
414 | @item MHD_GNUTLS_CIPHER_3DES_CBC | ||
415 | |||
416 | @item MHD_GNUTLS_CIPHER_AES_128_CBC | ||
417 | |||
418 | @item MHD_GNUTLS_CIPHER_AES_256_CBC | ||
419 | |||
420 | @item MHD_GNUTLS_CIPHER_ARCFOUR_40 | ||
421 | |||
422 | @item MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC | ||
423 | |||
424 | @item MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC | ||
425 | |||
426 | @item MHD_GNUTLS_CIPHER_RC2_40_CBC | ||
427 | |||
428 | @item MHD_GNUTLS_CIPHER_DES_CBC | ||
429 | |||
430 | @end table | ||
419 | @end deftp | 431 | @end deftp |
420 | 432 | ||
421 | 433 | ||
@@ -423,6 +435,170 @@ all builds of MHD. | |||
423 | List of key exchange algorithms. | 435 | List of key exchange algorithms. |
424 | Note that not all listed algorithms are necessarily supported by | 436 | Note that not all listed algorithms are necessarily supported by |
425 | all builds of MHD. | 437 | all builds of MHD. |
438 | |||
439 | @table @code | ||
440 | |||
441 | @item MHD_GNUTLS_KX_UNKNOWN | ||
442 | |||
443 | @item MHD_GNUTLS_KX_RSA | ||
444 | |||
445 | @item MHD_GNUTLS_KX_DHE_DSS | ||
446 | |||
447 | @item MHD_GNUTLS_KX_DHE_RSA | ||
448 | |||
449 | @item MHD_GNUTLS_KX_ANON_DH | ||
450 | |||
451 | @item MHD_GNUTLS_KX_SRP | ||
452 | |||
453 | @item MHD_GNUTLS_KX_RSA_EXPORT | ||
454 | |||
455 | @item MHD_GNUTLS_KX_SRP_RSA | ||
456 | |||
457 | @item MHD_GNUTLS_KX_SRP_DSS | ||
458 | @end table | ||
459 | @end deftp | ||
460 | |||
461 | |||
462 | @deftp {Enumeration} MHD_GNUTLS_CredentialsType | ||
463 | Server credentials type (note that not all types | ||
464 | maybe supported by all MHD builds). | ||
465 | |||
466 | @table @code | ||
467 | @item MHD_GNUTLS_CRD_CERTIFICATE | ||
468 | We have a x.509 certificate. | ||
469 | |||
470 | @item MHD_GNUTLS_CRD_ANON | ||
471 | We have no certificate (anonymous). | ||
472 | |||
473 | @item MHD_GNUTLS_CRD_SRP | ||
474 | We are using password-based authentication. | ||
475 | |||
476 | @item MHD_GNUTLS_CRD_PSK | ||
477 | We are using pre-shared keys (PSK). | ||
478 | |||
479 | @end table | ||
480 | @end deftp | ||
481 | |||
482 | |||
483 | @deftp {Enumeration} MHD_GNUTLS_HashAlgorithm | ||
484 | Enumeration of possible cryptographic hash functions (for MAC and | ||
485 | Digest operations). Note that not all listed algorithms are | ||
486 | necessarily supported by all builds of MHD. | ||
487 | |||
488 | @table @code | ||
489 | @item MHD_GNUTLS_MAC_UNKNOWN | ||
490 | |||
491 | @item MHD_GNUTLS_MAC_NULL | ||
492 | |||
493 | @item MHD_GNUTLS_MAC_MD5 | ||
494 | |||
495 | @item MHD_GNUTLS_MAC_SHA1 | ||
496 | |||
497 | @item MHD_GNUTLS_MAC_SHA256 | ||
498 | |||
499 | @end table | ||
500 | @end deftp | ||
501 | |||
502 | |||
503 | @deftp {Enumeration} MHD_GNUTLS_CompressionMethod | ||
504 | List of compression methods. Note that not all listed algorithms are | ||
505 | necessarily supported by all builds of MHD. | ||
506 | |||
507 | @table @code | ||
508 | @item MHD_GNUTLS_COMP_UNKNOWN | ||
509 | |||
510 | @item MHD_GNUTLS_COMP_NULL | ||
511 | No compression. | ||
512 | |||
513 | @item MHD_GNUTLS_COMP_DEFLATE | ||
514 | gzip compression. | ||
515 | |||
516 | @end table | ||
517 | @end deftp | ||
518 | |||
519 | |||
520 | |||
521 | @deftp {Enumeration} MHD_GNUTLS_Protocol | ||
522 | SSL/TLS Protocol types. Note that not all listed algorithms are | ||
523 | necessarily supported by all builds of MHD. | ||
524 | |||
525 | @table @code | ||
526 | @item MHD_GNUTLS_PROTOCOL_END | ||
527 | @item MHD_GNUTLS_PROTOCOL_SSL3 | ||
528 | @item MHD_GNUTLS_PROTOCOL_TLS1_0 | ||
529 | @item MHD_GNUTLS_PROTOCOL_TLS1_1 | ||
530 | @item MHD_GNUTLS_PROTOCOL_TLS1_2 | ||
531 | @item MHD_GNUTLS_PROTOCOL_UNKNOWN | ||
532 | |||
533 | @end table | ||
534 | @end deftp | ||
535 | |||
536 | |||
537 | |||
538 | @deftp {Enumeration} MHD_GNUTLS_PublicKeyAlgorithm | ||
539 | List of public key algorithms. Note that not all listed algorithms | ||
540 | are necessarily supported by all builds of MHD. | ||
541 | |||
542 | @table @code | ||
543 | @item MHD_GNUTLS_PK_UNKNOWN | ||
544 | |||
545 | @item MHD_GNUTLS_PK_RSA | ||
546 | |||
547 | @end table | ||
548 | @end deftp | ||
549 | |||
550 | |||
551 | @deftp {Enumeration} MHD_ConnectionInfoType | ||
552 | Values of this enum are used to specify what information about a | ||
553 | connection is desired. | ||
554 | |||
555 | @table @code | ||
556 | |||
557 | @item MHD_CONNECTION_INFO_CIPHER_ALGO | ||
558 | What cipher algorithm is being used. | ||
559 | Takes no extra arguments. | ||
560 | |||
561 | @item MHD_CONNECTION_INFO_KX_ALGO | ||
562 | What key exchange algorithm is being used. | ||
563 | Takes no extra arguments. | ||
564 | |||
565 | @item MHD_CONNECTION_INFO_CREDENTIALS_TYPE | ||
566 | Takes no extra arguments. | ||
567 | |||
568 | @item MHD_CONNECTION_INFO_MAC_ALGO | ||
569 | Takes no extra arguments. | ||
570 | |||
571 | @item MHD_CONNECTION_INFO_COMPRESSION_METHOD, | ||
572 | What compression method is being used. | ||
573 | Takes no extra arguments. | ||
574 | |||
575 | @item MHD_CONNECTION_INFO_PROTOCOL, | ||
576 | Takes no extra arguments. | ||
577 | |||
578 | @item MHD_CONNECTION_INFO_CERT_TYPE | ||
579 | Takes no extra arguments. | ||
580 | |||
581 | @end table | ||
582 | @end deftp | ||
583 | |||
584 | |||
585 | |||
586 | |||
587 | @deftp {Enumeration} MHD_DaemonInfoType | ||
588 | Values of this enum are used to specify what | ||
589 | information about a deamon is desired. | ||
590 | @table @code | ||
591 | @item MHD_DAEMON_INFO_KEY_SIZE | ||
592 | Request information about the key size for a particular cipher | ||
593 | algorithm. The cipher algorithm should be passed as an extra argument | ||
594 | (of type 'enum MHD_GNUTLS_CipherAlgorithm'). | ||
595 | |||
596 | @item MHD_DAEMON_INFO_MAC_KEY_SIZE | ||
597 | Request information about the key size for a particular cipher | ||
598 | algorithm. The cipher algorithm should be passed as an extra argument | ||
599 | (of type 'enum MHD_GNUTLS_HashAlgorithm'). | ||
600 | |||
601 | @end table | ||
426 | @end deftp | 602 | @end deftp |
427 | 603 | ||
428 | 604 | ||
@@ -455,6 +631,16 @@ Handle for @code{POST} processing. | |||
455 | @end deftp | 631 | @end deftp |
456 | 632 | ||
457 | 633 | ||
634 | @deftp {C Union} MHD_ConnectionInfo | ||
635 | Information about a connection. | ||
636 | @end deftp | ||
637 | |||
638 | |||
639 | @deftp {C Union} MHD_DaemonInfo | ||
640 | Information about an MHD daemon. | ||
641 | @end deftp | ||
642 | |||
643 | |||
458 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | 644 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
459 | 645 | ||
460 | @c ------------------------------------------------------------ | 646 | @c ------------------------------------------------------------ |
@@ -1223,6 +1409,72 @@ of this function. | |||
1223 | @end deftypefun | 1409 | @end deftypefun |
1224 | 1410 | ||
1225 | 1411 | ||
1412 | |||
1413 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | ||
1414 | |||
1415 | @c ------------------------------------------------------------ | ||
1416 | @node microhttpd-info | ||
1417 | @chapter Obtaining status information. | ||
1418 | |||
1419 | |||
1420 | @menu | ||
1421 | * microhttpd-info daemon:: State information about an MHD daemon | ||
1422 | * microhttpd-info conn:: State information about a connection | ||
1423 | @end menu | ||
1424 | |||
1425 | |||
1426 | @c ------------------------------------------------------------ | ||
1427 | @node microhttpd-info daemon | ||
1428 | @section Obtaining state information about an MHD daemon | ||
1429 | |||
1430 | @deftypefun {const union MHD_DaemonInfo *} MHD_get_daemon_info (struct MHD_Daemon *daemon, enum MHD_DaemonInfoType infoType, ...) | ||
1431 | Obtain information about the given daemon. This function | ||
1432 | is currently not fully implemented. | ||
1433 | |||
1434 | @table @var | ||
1435 | @item daemon | ||
1436 | the daemon about which information is desired; | ||
1437 | |||
1438 | @item infoType | ||
1439 | type of information that is desired | ||
1440 | |||
1441 | @item ... | ||
1442 | additional arguments about the desired information (depending on | ||
1443 | infoType) | ||
1444 | @end table | ||
1445 | |||
1446 | Returns a union with the respective member (depending on | ||
1447 | infoType) set to the desired information), or NULL | ||
1448 | in case the desired information is not available or | ||
1449 | applicable. | ||
1450 | @end deftypefun | ||
1451 | |||
1452 | @c ------------------------------------------------------------ | ||
1453 | @node microhttpd-info conn | ||
1454 | @section Obtaining state information about a connection | ||
1455 | |||
1456 | |||
1457 | @deftypefun {const union MHD_ConnectionInfo *} MHD_get_connection_info (struct MHD_Connection *daemon, enum MHD_ConnectionInfoType infoType, ...) | ||
1458 | Obtain information about the given connection. | ||
1459 | |||
1460 | @table @var | ||
1461 | @item connection | ||
1462 | the connection about which information is desired; | ||
1463 | |||
1464 | @item infoType | ||
1465 | type of information that is desired | ||
1466 | |||
1467 | @item ... | ||
1468 | additional arguments about the desired information (depending on | ||
1469 | infoType) | ||
1470 | @end table | ||
1471 | |||
1472 | Returns a union with the respective member (depending on | ||
1473 | infoType) set to the desired information), or NULL | ||
1474 | in case the desired information is not available or | ||
1475 | applicable. | ||
1476 | @end deftypefun | ||
1477 | |||
1226 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | 1478 | @c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1227 | 1479 | ||
1228 | 1480 | ||
diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c index 20baa770..e9a2226f 100644 --- a/src/daemon/connection_https.c +++ b/src/daemon/connection_https.c | |||
@@ -152,7 +152,7 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection) | |||
152 | return MHD_NO; | 152 | return MHD_NO; |
153 | case MHD_TLS_HANDSHAKE_FAILED: | 153 | case MHD_TLS_HANDSHAKE_FAILED: |
154 | MHD_tls_connection_close (connection, | 154 | MHD_tls_connection_close (connection, |
155 | MHD_TLS_REQUEST_TERMINATED_WITH_ERROR); | 155 | MHD_REQUEST_TERMINATED_WITH_ERROR); |
156 | return MHD_NO; | 156 | return MHD_NO; |
157 | /* some HTTP state */ | 157 | /* some HTTP state */ |
158 | default: | 158 | default: |
@@ -237,14 +237,14 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) | |||
237 | "Error: received handshake message out of context\n"); | 237 | "Error: received handshake message out of context\n"); |
238 | #endif | 238 | #endif |
239 | MHD_tls_connection_close (connection, | 239 | MHD_tls_connection_close (connection, |
240 | MHD_TLS_REQUEST_TERMINATED_WITH_ERROR); | 240 | MHD_REQUEST_TERMINATED_WITH_ERROR); |
241 | return MHD_NO; | 241 | return MHD_NO; |
242 | } | 242 | } |
243 | 243 | ||
244 | /* ignore any out of bound change chiper spec messages */ | 244 | /* ignore any out of bound change chiper spec messages */ |
245 | case GNUTLS_CHANGE_CIPHER_SPEC: | 245 | case GNUTLS_CHANGE_CIPHER_SPEC: |
246 | MHD_tls_connection_close (connection, | 246 | MHD_tls_connection_close (connection, |
247 | MHD_TLS_REQUEST_TERMINATED_WITH_ERROR); | 247 | MHD_REQUEST_TERMINATED_WITH_ERROR); |
248 | return MHD_NO; | 248 | return MHD_NO; |
249 | 249 | ||
250 | case GNUTLS_ALERT: | 250 | case GNUTLS_ALERT: |
@@ -279,7 +279,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) | |||
279 | GNUTLS_AL_FATAL) | 279 | GNUTLS_AL_FATAL) |
280 | { | 280 | { |
281 | MHD_tls_connection_close (connection, | 281 | MHD_tls_connection_close (connection, |
282 | MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT); | 282 | MHD_REQUEST_TERMINATED_WITH_ERROR); |
283 | return MHD_NO; | 283 | return MHD_NO; |
284 | } | 284 | } |
285 | /* this should never execute */ | 285 | /* this should never execute */ |
@@ -308,7 +308,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) | |||
308 | #endif | 308 | #endif |
309 | /* close connection upon reception of unrecognized message type */ | 309 | /* close connection upon reception of unrecognized message type */ |
310 | MHD_tls_connection_close (connection, | 310 | MHD_tls_connection_close (connection, |
311 | MHD_TLS_REQUEST_TERMINATED_WITH_ERROR); | 311 | MHD_REQUEST_TERMINATED_WITH_ERROR); |
312 | return MHD_NO; | 312 | return MHD_NO; |
313 | } | 313 | } |
314 | 314 | ||
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index 950239a6..7e3e7e3e 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of libmicrohttpd | 2 | This file is part of libmicrohttpd |
3 | (C) 2007 Daniel Pittman and Christian Grothoff | 3 | (C) 2007, 2008 Daniel Pittman and Christian Grothoff |
4 | 4 | ||
5 | This library is free software; you can redistribute it and/or | 5 | This library is free software; you can redistribute it and/or |
6 | modify it under the terms of the GNU Lesser General Public | 6 | modify it under the terms of the GNU Lesser General Public |
@@ -125,55 +125,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) | |||
125 | gnutls_datum_t key; | 125 | gnutls_datum_t key; |
126 | gnutls_datum_t cert; | 126 | gnutls_datum_t cert; |
127 | 127 | ||
128 | /* certificate & key loaded from file */ | ||
129 | if (daemon->https_cert_path && daemon->https_key_path) | ||
130 | { | ||
131 | if (daemon->https_mem_cert || daemon->https_mem_key) | ||
132 | { | ||
133 | #if HAVE_MESSAGES | ||
134 | MHD_DLOG (daemon, "You specified certificates both in memory and on disk!", | ||
135 | daemon->https_cert_path, | ||
136 | strerror(errno)); | ||
137 | #endif | ||
138 | return -1; | ||
139 | } | ||
140 | /* test for private key & certificate file exsitance */ | ||
141 | if (access (daemon->https_cert_path, R_OK)) | ||
142 | { | ||
143 | #if HAVE_MESSAGES | ||
144 | MHD_DLOG (daemon, "Missing X.509 certificate file `%s': %s\n", | ||
145 | daemon->https_cert_path, | ||
146 | strerror(errno)); | ||
147 | #endif | ||
148 | return -1; | ||
149 | } | ||
150 | |||
151 | if (access (daemon->https_key_path, R_OK)) | ||
152 | { | ||
153 | #if HAVE_MESSAGES | ||
154 | MHD_DLOG (daemon, "Missing X.509 key file `%s': %s\n", | ||
155 | daemon->https_key_path, | ||
156 | strerror(errno)); | ||
157 | #endif | ||
158 | return -1; | ||
159 | } | ||
160 | return MHD_gnutls_certificate_set_x509_key_file (daemon->x509_cred, | ||
161 | daemon->https_cert_path, | ||
162 | daemon->https_key_path, | ||
163 | GNUTLS_X509_FMT_PEM); | ||
164 | } | ||
165 | /* certificate & key loaded from memory */ | 128 | /* certificate & key loaded from memory */ |
166 | if (daemon->https_mem_cert && daemon->https_mem_key) | 129 | if (daemon->https_mem_cert && daemon->https_mem_key) |
167 | { | 130 | { |
168 | if (daemon->https_cert_path || daemon->https_key_path) | ||
169 | { | ||
170 | #if HAVE_MESSAGES | ||
171 | MHD_DLOG (daemon, "You specified certificates both in memory and on disk!", | ||
172 | daemon->https_cert_path, | ||
173 | strerror(errno)); | ||
174 | #endif | ||
175 | return -1; | ||
176 | } | ||
177 | key.data = (unsigned char *) daemon->https_mem_key; | 131 | key.data = (unsigned char *) daemon->https_mem_key; |
178 | key.size = strlen (daemon->https_mem_key); | 132 | key.size = strlen (daemon->https_mem_key); |
179 | cert.data = (unsigned char *) daemon->https_mem_cert; | 133 | cert.data = (unsigned char *) daemon->https_mem_cert; |
@@ -928,12 +882,6 @@ MHD_start_daemon_va (unsigned int options, | |||
928 | _set_priority (&retVal->priority_cache->protocol, | 882 | _set_priority (&retVal->priority_cache->protocol, |
929 | va_arg (ap, const int *)); | 883 | va_arg (ap, const int *)); |
930 | break; | 884 | break; |
931 | case MHD_OPTION_HTTPS_KEY_PATH: | ||
932 | retVal->https_key_path = va_arg (ap, const char *); | ||
933 | break; | ||
934 | case MHD_OPTION_HTTPS_CERT_PATH: | ||
935 | retVal->https_cert_path = va_arg (ap, const char *); | ||
936 | break; | ||
937 | case MHD_OPTION_HTTPS_MEM_KEY: | 885 | case MHD_OPTION_HTTPS_MEM_KEY: |
938 | retVal->https_mem_key = va_arg (ap, const char *); | 886 | retVal->https_mem_key = va_arg (ap, const char *); |
939 | break; | 887 | break; |
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c index ae6ef698..7f0369ca 100644 --- a/src/daemon/https/tls/auth_cert.c +++ b/src/daemon/https/tls/auth_cert.c | |||
@@ -870,7 +870,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | |||
870 | return GNUTLS_E_UNKNOWN_PK_ALGORITHM; | 870 | return GNUTLS_E_UNKNOWN_PK_ALGORITHM; |
871 | } | 871 | } |
872 | 872 | ||
873 | if (ver == MHD_GNUTLS_TLS1_2) | 873 | if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) |
874 | { | 874 | { |
875 | /* read supported hashes */ | 875 | /* read supported hashes */ |
876 | int hash_num; | 876 | int hash_num; |
@@ -1039,7 +1039,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) | |||
1039 | session->internals.ignore_rdn_sequence == 0) | 1039 | session->internals.ignore_rdn_sequence == 0) |
1040 | size += cred->x509_rdn_sequence.size; | 1040 | size += cred->x509_rdn_sequence.size; |
1041 | 1041 | ||
1042 | if (ver == MHD_GNUTLS_TLS1_2) | 1042 | if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) |
1043 | /* Need at least one byte to announce the number of supported hash | 1043 | /* Need at least one byte to announce the number of supported hash |
1044 | functions (see below). */ | 1044 | functions (see below). */ |
1045 | size += 1; | 1045 | size += 1; |
@@ -1059,7 +1059,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) | |||
1059 | pdata[2] = DSA_SIGN; /* only these for now */ | 1059 | pdata[2] = DSA_SIGN; /* only these for now */ |
1060 | pdata += CERTTYPE_SIZE; | 1060 | pdata += CERTTYPE_SIZE; |
1061 | 1061 | ||
1062 | if (ver == MHD_GNUTLS_TLS1_2) | 1062 | if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) |
1063 | { | 1063 | { |
1064 | /* Supported hashes (nothing for now -- FIXME). */ | 1064 | /* Supported hashes (nothing for now -- FIXME). */ |
1065 | *pdata = 0; | 1065 | *pdata = 0; |
diff --git a/src/daemon/https/tls/auth_rsa.c b/src/daemon/https/tls/auth_rsa.c index 4c909bcc..b3833814 100644 --- a/src/daemon/https/tls/auth_rsa.c +++ b/src/daemon/https/tls/auth_rsa.c | |||
@@ -217,7 +217,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data, | |||
217 | int randomize_key = 0; | 217 | int randomize_key = 0; |
218 | ssize_t data_size = _data_size; | 218 | ssize_t data_size = _data_size; |
219 | 219 | ||
220 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) | 220 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) |
221 | { | 221 | { |
222 | /* SSL 3.0 | 222 | /* SSL 3.0 |
223 | */ | 223 | */ |
@@ -385,7 +385,7 @@ _gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data) | |||
385 | for (i = 0; i < params_len; i++) | 385 | for (i = 0; i < params_len; i++) |
386 | mhd_gtls_mpi_release (¶ms[i]); | 386 | mhd_gtls_mpi_release (¶ms[i]); |
387 | 387 | ||
388 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) | 388 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) |
389 | { | 389 | { |
390 | /* SSL 3.0 */ | 390 | /* SSL 3.0 */ |
391 | *data = sdata.data; | 391 | *data = sdata.data; |
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 9558119b..c3daa08b 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c | |||
@@ -138,22 +138,22 @@ typedef struct | |||
138 | 138 | ||
139 | static const gnutls_version_entry mhd_gtls_sup_versions[] = { | 139 | static const gnutls_version_entry mhd_gtls_sup_versions[] = { |
140 | {"SSL3.0", | 140 | {"SSL3.0", |
141 | MHD_GNUTLS_SSL3, | 141 | MHD_GNUTLS_PROTOCOL_SSL3, |
142 | 3, | 142 | 3, |
143 | 0, | 143 | 0, |
144 | 1}, | 144 | 1}, |
145 | {"TLS1.0", | 145 | {"TLS1.0", |
146 | MHD_GNUTLS_TLS1_0, | 146 | MHD_GNUTLS_PROTOCOL_TLS1_0, |
147 | 3, | 147 | 3, |
148 | 1, | 148 | 1, |
149 | 1}, | 149 | 1}, |
150 | {"TLS1.1", | 150 | {"TLS1.1", |
151 | MHD_GNUTLS_TLS1_1, | 151 | MHD_GNUTLS_PROTOCOL_TLS1_1, |
152 | 3, | 152 | 3, |
153 | 2, | 153 | 2, |
154 | 1}, | 154 | 1}, |
155 | {"TLS1.2", | 155 | {"TLS1.2", |
156 | MHD_GNUTLS_TLS1_2, | 156 | MHD_GNUTLS_PROTOCOL_TLS1_2, |
157 | 3, | 157 | 3, |
158 | 3, | 158 | 3, |
159 | 1}, | 159 | 1}, |
@@ -166,10 +166,10 @@ static const gnutls_version_entry mhd_gtls_sup_versions[] = { | |||
166 | 166 | ||
167 | /* Keep the contents of this struct the same as the previous one. */ | 167 | /* Keep the contents of this struct the same as the previous one. */ |
168 | static const enum MHD_GNUTLS_Protocol mhd_gtls_supported_protocols[] = | 168 | static const enum MHD_GNUTLS_Protocol mhd_gtls_supported_protocols[] = |
169 | { MHD_GNUTLS_SSL3, | 169 | { MHD_GNUTLS_PROTOCOL_SSL3, |
170 | MHD_GNUTLS_TLS1_0, | 170 | MHD_GNUTLS_PROTOCOL_TLS1_0, |
171 | MHD_GNUTLS_TLS1_1, | 171 | MHD_GNUTLS_PROTOCOL_TLS1_1, |
172 | MHD_GNUTLS_TLS1_2, | 172 | MHD_GNUTLS_PROTOCOL_TLS1_2, |
173 | 0 | 173 | 0 |
174 | }; | 174 | }; |
175 | 175 | ||
@@ -593,159 +593,159 @@ static const mhd_gtls_cipher_suite_entry mhd_gtls_cs_algorithms[] = { | |||
593 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5, | 593 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5, |
594 | MHD_GNUTLS_CIPHER_ARCFOUR_128, | 594 | MHD_GNUTLS_CIPHER_ARCFOUR_128, |
595 | MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5, | 595 | MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5, |
596 | MHD_GNUTLS_SSL3), | 596 | MHD_GNUTLS_PROTOCOL_SSL3), |
597 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1, | 597 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1, |
598 | MHD_GNUTLS_CIPHER_3DES_CBC, | 598 | MHD_GNUTLS_CIPHER_3DES_CBC, |
599 | MHD_GNUTLS_KX_ANON_DH, | 599 | MHD_GNUTLS_KX_ANON_DH, |
600 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 600 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
601 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1, | 601 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1, |
602 | MHD_GNUTLS_CIPHER_AES_128_CBC, | 602 | MHD_GNUTLS_CIPHER_AES_128_CBC, |
603 | MHD_GNUTLS_KX_ANON_DH, | 603 | MHD_GNUTLS_KX_ANON_DH, |
604 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 604 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
605 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1, | 605 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1, |
606 | MHD_GNUTLS_CIPHER_AES_256_CBC, | 606 | MHD_GNUTLS_CIPHER_AES_256_CBC, |
607 | MHD_GNUTLS_KX_ANON_DH, | 607 | MHD_GNUTLS_KX_ANON_DH, |
608 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 608 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
609 | #ifdef ENABLE_CAMELLIA | 609 | #ifdef ENABLE_CAMELLIA |
610 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1, | 610 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1, |
611 | MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, | 611 | MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, |
612 | MHD_GNUTLS_KX_ANON_DH, | 612 | MHD_GNUTLS_KX_ANON_DH, |
613 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 613 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
614 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1, | 614 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1, |
615 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, | 615 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, |
616 | MHD_GNUTLS_KX_ANON_DH, | 616 | MHD_GNUTLS_KX_ANON_DH, |
617 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 617 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
618 | #endif | 618 | #endif |
619 | 619 | ||
620 | /* SRP */ | 620 | /* SRP */ |
621 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, | 621 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, |
622 | MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP, | 622 | MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP, |
623 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 623 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
624 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1, | 624 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1, |
625 | MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_SRP, | 625 | MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_SRP, |
626 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 626 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
627 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1, | 627 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1, |
628 | MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_SRP, | 628 | MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_SRP, |
629 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 629 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
630 | 630 | ||
631 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, | 631 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, |
632 | MHD_GNUTLS_CIPHER_3DES_CBC, | 632 | MHD_GNUTLS_CIPHER_3DES_CBC, |
633 | MHD_GNUTLS_KX_SRP_DSS, | 633 | MHD_GNUTLS_KX_SRP_DSS, |
634 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 634 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
635 | 635 | ||
636 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, | 636 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, |
637 | MHD_GNUTLS_CIPHER_3DES_CBC, | 637 | MHD_GNUTLS_CIPHER_3DES_CBC, |
638 | MHD_GNUTLS_KX_SRP_RSA, | 638 | MHD_GNUTLS_KX_SRP_RSA, |
639 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 639 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
640 | 640 | ||
641 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, | 641 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, |
642 | MHD_GNUTLS_CIPHER_AES_128_CBC, | 642 | MHD_GNUTLS_CIPHER_AES_128_CBC, |
643 | MHD_GNUTLS_KX_SRP_DSS, | 643 | MHD_GNUTLS_KX_SRP_DSS, |
644 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 644 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
645 | 645 | ||
646 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, | 646 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, |
647 | MHD_GNUTLS_CIPHER_AES_128_CBC, | 647 | MHD_GNUTLS_CIPHER_AES_128_CBC, |
648 | MHD_GNUTLS_KX_SRP_RSA, | 648 | MHD_GNUTLS_KX_SRP_RSA, |
649 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 649 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
650 | 650 | ||
651 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, | 651 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, |
652 | MHD_GNUTLS_CIPHER_AES_256_CBC, | 652 | MHD_GNUTLS_CIPHER_AES_256_CBC, |
653 | MHD_GNUTLS_KX_SRP_DSS, | 653 | MHD_GNUTLS_KX_SRP_DSS, |
654 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 654 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
655 | 655 | ||
656 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, | 656 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, |
657 | MHD_GNUTLS_CIPHER_AES_256_CBC, | 657 | MHD_GNUTLS_CIPHER_AES_256_CBC, |
658 | MHD_GNUTLS_KX_SRP_RSA, | 658 | MHD_GNUTLS_KX_SRP_RSA, |
659 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 659 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
660 | 660 | ||
661 | /* DHE_DSS */ | 661 | /* DHE_DSS */ |
662 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1, | 662 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1, |
663 | MHD_GNUTLS_CIPHER_ARCFOUR_128, | 663 | MHD_GNUTLS_CIPHER_ARCFOUR_128, |
664 | MHD_GNUTLS_KX_DHE_DSS, | 664 | MHD_GNUTLS_KX_DHE_DSS, |
665 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 665 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
666 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, | 666 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, |
667 | MHD_GNUTLS_CIPHER_3DES_CBC, | 667 | MHD_GNUTLS_CIPHER_3DES_CBC, |
668 | MHD_GNUTLS_KX_DHE_DSS, | 668 | MHD_GNUTLS_KX_DHE_DSS, |
669 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 669 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
670 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1, | 670 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1, |
671 | MHD_GNUTLS_CIPHER_AES_128_CBC, | 671 | MHD_GNUTLS_CIPHER_AES_128_CBC, |
672 | MHD_GNUTLS_KX_DHE_DSS, | 672 | MHD_GNUTLS_KX_DHE_DSS, |
673 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 673 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
674 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1, | 674 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1, |
675 | MHD_GNUTLS_CIPHER_AES_256_CBC, | 675 | MHD_GNUTLS_CIPHER_AES_256_CBC, |
676 | MHD_GNUTLS_KX_DHE_DSS, | 676 | MHD_GNUTLS_KX_DHE_DSS, |
677 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 677 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
678 | #ifdef ENABLE_CAMELLIA | 678 | #ifdef ENABLE_CAMELLIA |
679 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, | 679 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, |
680 | MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, | 680 | MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, |
681 | MHD_GNUTLS_KX_DHE_DSS, | 681 | MHD_GNUTLS_KX_DHE_DSS, |
682 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 682 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
683 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, | 683 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, |
684 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, | 684 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, |
685 | MHD_GNUTLS_KX_DHE_DSS, | 685 | MHD_GNUTLS_KX_DHE_DSS, |
686 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 686 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
687 | #endif | 687 | #endif |
688 | /* DHE_RSA */ | 688 | /* DHE_RSA */ |
689 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, | 689 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, |
690 | MHD_GNUTLS_CIPHER_3DES_CBC, | 690 | MHD_GNUTLS_CIPHER_3DES_CBC, |
691 | MHD_GNUTLS_KX_DHE_RSA, | 691 | MHD_GNUTLS_KX_DHE_RSA, |
692 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 692 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
693 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1, | 693 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1, |
694 | MHD_GNUTLS_CIPHER_AES_128_CBC, | 694 | MHD_GNUTLS_CIPHER_AES_128_CBC, |
695 | MHD_GNUTLS_KX_DHE_RSA, | 695 | MHD_GNUTLS_KX_DHE_RSA, |
696 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 696 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
697 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1, | 697 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1, |
698 | MHD_GNUTLS_CIPHER_AES_256_CBC, | 698 | MHD_GNUTLS_CIPHER_AES_256_CBC, |
699 | MHD_GNUTLS_KX_DHE_RSA, | 699 | MHD_GNUTLS_KX_DHE_RSA, |
700 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 700 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
701 | #ifdef ENABLE_CAMELLIA | 701 | #ifdef ENABLE_CAMELLIA |
702 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, | 702 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, |
703 | MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, | 703 | MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, |
704 | MHD_GNUTLS_KX_DHE_RSA, | 704 | MHD_GNUTLS_KX_DHE_RSA, |
705 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 705 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
706 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, | 706 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, |
707 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, | 707 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, |
708 | MHD_GNUTLS_KX_DHE_RSA, | 708 | MHD_GNUTLS_KX_DHE_RSA, |
709 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 709 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
710 | #endif | 710 | #endif |
711 | /* RSA */ | 711 | /* RSA */ |
712 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5, | 712 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5, |
713 | MHD_GNUTLS_CIPHER_NULL, | 713 | MHD_GNUTLS_CIPHER_NULL, |
714 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, | 714 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, |
715 | MHD_GNUTLS_SSL3), | 715 | MHD_GNUTLS_PROTOCOL_SSL3), |
716 | 716 | ||
717 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5, | 717 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5, |
718 | MHD_GNUTLS_CIPHER_ARCFOUR_40, | 718 | MHD_GNUTLS_CIPHER_ARCFOUR_40, |
719 | MHD_GNUTLS_KX_RSA_EXPORT, MHD_GNUTLS_MAC_MD5, | 719 | MHD_GNUTLS_KX_RSA_EXPORT, MHD_GNUTLS_MAC_MD5, |
720 | MHD_GNUTLS_SSL3), | 720 | MHD_GNUTLS_PROTOCOL_SSL3), |
721 | 721 | ||
722 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, | 722 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, |
723 | MHD_GNUTLS_CIPHER_ARCFOUR_128, | 723 | MHD_GNUTLS_CIPHER_ARCFOUR_128, |
724 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, | 724 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, |
725 | MHD_GNUTLS_SSL3), | 725 | MHD_GNUTLS_PROTOCOL_SSL3), |
726 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5, | 726 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5, |
727 | MHD_GNUTLS_CIPHER_ARCFOUR_128, | 727 | MHD_GNUTLS_CIPHER_ARCFOUR_128, |
728 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, | 728 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, |
729 | MHD_GNUTLS_SSL3), | 729 | MHD_GNUTLS_PROTOCOL_SSL3), |
730 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, | 730 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, |
731 | MHD_GNUTLS_CIPHER_3DES_CBC, | 731 | MHD_GNUTLS_CIPHER_3DES_CBC, |
732 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, | 732 | MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, |
733 | MHD_GNUTLS_SSL3), | 733 | MHD_GNUTLS_PROTOCOL_SSL3), |
734 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, | 734 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, |
735 | MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_RSA, | 735 | MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_RSA, |
736 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 736 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
737 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, | 737 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, |
738 | MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_RSA, | 738 | MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_RSA, |
739 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), | 739 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), |
740 | #ifdef ENABLE_CAMELLIA | 740 | #ifdef ENABLE_CAMELLIA |
741 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, | 741 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, |
742 | MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, | 742 | MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, |
743 | MHD_GNUTLS_KX_RSA, | 743 | MHD_GNUTLS_KX_RSA, |
744 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 744 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
745 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, | 745 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, |
746 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, | 746 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, |
747 | MHD_GNUTLS_KX_RSA, | 747 | MHD_GNUTLS_KX_RSA, |
748 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), | 748 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), |
749 | #endif | 749 | #endif |
750 | {0, | 750 | {0, |
751 | { | 751 | { |
@@ -1299,7 +1299,7 @@ mhd_gtls_version_lowest (mhd_gtls_session_t session) | |||
1299 | 1299 | ||
1300 | if (session->internals.priorities.protocol.priority == NULL) | 1300 | if (session->internals.priorities.protocol.priority == NULL) |
1301 | { | 1301 | { |
1302 | return MHD_GNUTLS_VERSION_UNKNOWN; | 1302 | return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; |
1303 | } | 1303 | } |
1304 | else | 1304 | else |
1305 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; | 1305 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; |
@@ -1310,7 +1310,7 @@ mhd_gtls_version_lowest (mhd_gtls_session_t session) | |||
1310 | } | 1310 | } |
1311 | 1311 | ||
1312 | if (min == 0xff) | 1312 | if (min == 0xff) |
1313 | return MHD_GNUTLS_VERSION_UNKNOWN; /* unknown version */ | 1313 | return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */ |
1314 | 1314 | ||
1315 | return min; | 1315 | return min; |
1316 | } | 1316 | } |
@@ -1322,7 +1322,7 @@ mhd_gtls_version_max (mhd_gtls_session_t session) | |||
1322 | 1322 | ||
1323 | if (session->internals.priorities.protocol.priority == NULL) | 1323 | if (session->internals.priorities.protocol.priority == NULL) |
1324 | { | 1324 | { |
1325 | return MHD_GNUTLS_VERSION_UNKNOWN; | 1325 | return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; |
1326 | } | 1326 | } |
1327 | else | 1327 | else |
1328 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; | 1328 | for (i = 0; i < session->internals.priorities.protocol.num_algorithms; |
@@ -1333,7 +1333,7 @@ mhd_gtls_version_max (mhd_gtls_session_t session) | |||
1333 | } | 1333 | } |
1334 | 1334 | ||
1335 | if (max == 0x00) | 1335 | if (max == 0x00) |
1336 | return MHD_GNUTLS_VERSION_UNKNOWN; /* unknown version */ | 1336 | return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */ |
1337 | 1337 | ||
1338 | return max; | 1338 | return max; |
1339 | } | 1339 | } |
@@ -1367,7 +1367,7 @@ MHD_gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version) | |||
1367 | enum MHD_GNUTLS_Protocol | 1367 | enum MHD_GNUTLS_Protocol |
1368 | MHD_gtls_protocol_get_id (const char *name) | 1368 | MHD_gtls_protocol_get_id (const char *name) |
1369 | { | 1369 | { |
1370 | enum MHD_GNUTLS_Protocol ret = MHD_GNUTLS_VERSION_UNKNOWN; | 1370 | enum MHD_GNUTLS_Protocol ret = MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; |
1371 | 1371 | ||
1372 | GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id) | 1372 | GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id) |
1373 | ; | 1373 | ; |
diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c index 872abdf0..69b62d16 100644 --- a/src/daemon/https/tls/gnutls_cipher.c +++ b/src/daemon/https/tls/gnutls_cipher.c | |||
@@ -202,7 +202,7 @@ mac_init (enum MHD_GNUTLS_HashAlgorithm mac, opaque * secret, int secret_size, | |||
202 | if (mac == MHD_GNUTLS_MAC_NULL) | 202 | if (mac == MHD_GNUTLS_MAC_NULL) |
203 | return GNUTLS_MAC_FAILED; | 203 | return GNUTLS_MAC_FAILED; |
204 | 204 | ||
205 | if (ver == MHD_GNUTLS_SSL3) | 205 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) |
206 | { /* SSL 3.0 */ | 206 | { /* SSL 3.0 */ |
207 | td = mhd_gnutls_mac_init_ssl3 (mac, secret, secret_size); | 207 | td = mhd_gnutls_mac_init_ssl3 (mac, secret, secret_size); |
208 | } | 208 | } |
@@ -217,7 +217,7 @@ mac_init (enum MHD_GNUTLS_HashAlgorithm mac, opaque * secret, int secret_size, | |||
217 | inline static void | 217 | inline static void |
218 | mac_deinit (mac_hd_t td, opaque * res, int ver) | 218 | mac_deinit (mac_hd_t td, opaque * res, int ver) |
219 | { | 219 | { |
220 | if (ver == MHD_GNUTLS_SSL3) | 220 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) |
221 | { /* SSL 3.0 */ | 221 | { /* SSL 3.0 */ |
222 | mhd_gnutls_mac_deinit_ssl3 (td, res); | 222 | mhd_gnutls_mac_deinit_ssl3 (td, res); |
223 | } | 223 | } |
@@ -251,7 +251,7 @@ calc_enc_length (mhd_gtls_session_t session, int data_size, | |||
251 | } | 251 | } |
252 | 252 | ||
253 | /* make rnd a multiple of blocksize */ | 253 | /* make rnd a multiple of blocksize */ |
254 | if (session->security_parameters.version == MHD_GNUTLS_SSL3 || | 254 | if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3 || |
255 | random_pad == 0) | 255 | random_pad == 0) |
256 | { | 256 | { |
257 | rnd = 0; | 257 | rnd = 0; |
@@ -271,7 +271,7 @@ calc_enc_length (mhd_gtls_session_t session, int data_size, | |||
271 | *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd; | 271 | *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd; |
272 | 272 | ||
273 | length += *pad; | 273 | length += *pad; |
274 | if (session->security_parameters.version >= MHD_GNUTLS_TLS1_1) | 274 | if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) |
275 | length += blocksize; /* for the IV */ | 275 | length += blocksize; /* for the IV */ |
276 | 276 | ||
277 | break; | 277 | break; |
@@ -341,7 +341,7 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, | |||
341 | write_sequence_number), 8); | 341 | write_sequence_number), 8); |
342 | 342 | ||
343 | mhd_gnutls_hash (td, &type, 1); | 343 | mhd_gnutls_hash (td, &type, 1); |
344 | if (ver >= MHD_GNUTLS_TLS1_0) | 344 | if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0) |
345 | { /* TLS 1.0 or higher */ | 345 | { /* TLS 1.0 or higher */ |
346 | mhd_gnutls_hash (td, &major, 1); | 346 | mhd_gnutls_hash (td, &major, 1); |
347 | mhd_gnutls_hash (td, &minor, 1); | 347 | mhd_gnutls_hash (td, &minor, 1); |
@@ -373,7 +373,7 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, | |||
373 | 373 | ||
374 | data_ptr = cipher_data; | 374 | data_ptr = cipher_data; |
375 | if (block_algo == CIPHER_BLOCK && | 375 | if (block_algo == CIPHER_BLOCK && |
376 | session->security_parameters.version >= MHD_GNUTLS_TLS1_1) | 376 | session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) |
377 | { | 377 | { |
378 | /* copy the random IV. | 378 | /* copy the random IV. |
379 | */ | 379 | */ |
@@ -494,7 +494,7 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, | |||
494 | 494 | ||
495 | /* ignore the IV in TLS 1.1. | 495 | /* ignore the IV in TLS 1.1. |
496 | */ | 496 | */ |
497 | if (session->security_parameters.version >= MHD_GNUTLS_TLS1_1) | 497 | if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) |
498 | { | 498 | { |
499 | ciphertext.size -= blocksize; | 499 | ciphertext.size -= blocksize; |
500 | ciphertext.data += blocksize; | 500 | ciphertext.data += blocksize; |
@@ -521,7 +521,7 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, | |||
521 | 521 | ||
522 | /* Check the pading bytes (TLS 1.x) | 522 | /* Check the pading bytes (TLS 1.x) |
523 | */ | 523 | */ |
524 | if (ver >= MHD_GNUTLS_TLS1_0 && pad_failed == 0) | 524 | if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0 && pad_failed == 0) |
525 | for (i = 2; i < pad; i++) | 525 | for (i = 2; i < pad; i++) |
526 | { | 526 | { |
527 | if (ciphertext.data[ciphertext.size - i] != | 527 | if (ciphertext.data[ciphertext.size - i] != |
@@ -548,7 +548,7 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, | |||
548 | read_sequence_number), 8); | 548 | read_sequence_number), 8); |
549 | 549 | ||
550 | mhd_gnutls_hash (td, &type, 1); | 550 | mhd_gnutls_hash (td, &type, 1); |
551 | if (ver >= MHD_GNUTLS_TLS1_0) | 551 | if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0) |
552 | { /* TLS 1.x */ | 552 | { /* TLS 1.x */ |
553 | mhd_gnutls_hash (td, &major, 1); | 553 | mhd_gnutls_hash (td, &major, 1); |
554 | mhd_gnutls_hash (td, &minor, 1); | 554 | mhd_gnutls_hash (td, &minor, 1); |
diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c index 9a2ee004..9ace3533 100644 --- a/src/daemon/https/tls/gnutls_constate.c +++ b/src/daemon/https/tls/gnutls_constate.c | |||
@@ -97,7 +97,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
97 | memcpy (&rrnd[TLS_RANDOM_SIZE], | 97 | memcpy (&rrnd[TLS_RANDOM_SIZE], |
98 | session->security_parameters.server_random, TLS_RANDOM_SIZE); | 98 | session->security_parameters.server_random, TLS_RANDOM_SIZE); |
99 | 99 | ||
100 | if (session->security_parameters.version == MHD_GNUTLS_SSL3) | 100 | if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) |
101 | { /* SSL 3 */ | 101 | { /* SSL 3 */ |
102 | ret = | 102 | ret = |
103 | mhd_gnutls_ssl3_generate_random | 103 | mhd_gnutls_ssl3_generate_random |
@@ -187,7 +187,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
187 | 187 | ||
188 | /* generate the final keys */ | 188 | /* generate the final keys */ |
189 | 189 | ||
190 | if (session->security_parameters.version == MHD_GNUTLS_SSL3) | 190 | if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) |
191 | { /* SSL 3 */ | 191 | { /* SSL 3 */ |
192 | ret = | 192 | ret = |
193 | mhd_gnutls_ssl3_hash_md5 (&key_block[pos], | 193 | mhd_gnutls_ssl3_hash_md5 (&key_block[pos], |
@@ -219,7 +219,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
219 | client_write_key_size = EXPORT_FINAL_KEY_SIZE; | 219 | client_write_key_size = EXPORT_FINAL_KEY_SIZE; |
220 | pos += key_size; | 220 | pos += key_size; |
221 | 221 | ||
222 | if (session->security_parameters.version == MHD_GNUTLS_SSL3) | 222 | if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) |
223 | { /* SSL 3 */ | 223 | { /* SSL 3 */ |
224 | ret = | 224 | ret = |
225 | mhd_gnutls_ssl3_hash_md5 (&key_block[pos], key_size, | 225 | mhd_gnutls_ssl3_hash_md5 (&key_block[pos], key_size, |
@@ -321,7 +321,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, | |||
321 | return GNUTLS_E_MEMORY_ERROR; | 321 | return GNUTLS_E_MEMORY_ERROR; |
322 | } | 322 | } |
323 | 323 | ||
324 | if (session->security_parameters.version == MHD_GNUTLS_SSL3) | 324 | if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) |
325 | { /* SSL 3 */ | 325 | { /* SSL 3 */ |
326 | ret = mhd_gnutls_ssl3_hash_md5 ("", 0, | 326 | ret = mhd_gnutls_ssl3_hash_md5 ("", 0, |
327 | rrnd, TLS_RANDOM_SIZE * 2, | 327 | rrnd, TLS_RANDOM_SIZE * 2, |
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index 08d423b5..e53d6985 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -195,7 +195,7 @@ _gnutls_finished (mhd_gtls_session_t session, int type, void *ret) | |||
195 | mac_hd_t td_sha; | 195 | mac_hd_t td_sha; |
196 | enum MHD_GNUTLS_Protocol ver = MHD_gnutls_protocol_get_version (session); | 196 | enum MHD_GNUTLS_Protocol ver = MHD_gnutls_protocol_get_version (session); |
197 | 197 | ||
198 | if (ver < MHD_GNUTLS_TLS1_2) | 198 | if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) |
199 | { | 199 | { |
200 | td_md5 = | 200 | td_md5 = |
201 | mhd_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); | 201 | mhd_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); |
@@ -215,7 +215,7 @@ _gnutls_finished (mhd_gtls_session_t session, int type, void *ret) | |||
215 | return GNUTLS_E_HASH_FAILED; | 215 | return GNUTLS_E_HASH_FAILED; |
216 | } | 216 | } |
217 | 217 | ||
218 | if (ver < MHD_GNUTLS_TLS1_2) | 218 | if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) |
219 | { | 219 | { |
220 | mhd_gnutls_hash_deinit (td_md5, concat); | 220 | mhd_gnutls_hash_deinit (td_md5, concat); |
221 | mhd_gnutls_hash_deinit (td_sha, &concat[16]); | 221 | mhd_gnutls_hash_deinit (td_sha, &concat[16]); |
@@ -281,7 +281,7 @@ mhd_gtls_negotiate_version (mhd_gtls_session_t session, | |||
281 | * then we send him the highest we support. | 281 | * then we send him the highest we support. |
282 | */ | 282 | */ |
283 | ret = mhd_gtls_version_max (session); | 283 | ret = mhd_gtls_version_max (session); |
284 | if (ret == MHD_GNUTLS_VERSION_UNKNOWN) | 284 | if (ret == MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN) |
285 | { | 285 | { |
286 | /* this check is not really needed. | 286 | /* this check is not really needed. |
287 | */ | 287 | */ |
@@ -420,7 +420,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data, | |||
420 | 420 | ||
421 | /* Parse the extensions (if any) | 421 | /* Parse the extensions (if any) |
422 | */ | 422 | */ |
423 | if (neg_version >= MHD_GNUTLS_TLS1_0) | 423 | if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0) |
424 | { | 424 | { |
425 | ret = mhd_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ | 425 | ret = mhd_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ |
426 | if (ret < 0) | 426 | if (ret < 0) |
@@ -437,7 +437,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data, | |||
437 | return ret; | 437 | return ret; |
438 | } | 438 | } |
439 | 439 | ||
440 | if (neg_version >= MHD_GNUTLS_TLS1_0) | 440 | if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0) |
441 | { | 441 | { |
442 | ret = mhd_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ | 442 | ret = mhd_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ |
443 | if (ret < 0) | 443 | if (ret < 0) |
@@ -529,7 +529,7 @@ _gnutls_send_finished (mhd_gtls_session_t session, int again) | |||
529 | return ret; | 529 | return ret; |
530 | } | 530 | } |
531 | 531 | ||
532 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) | 532 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) |
533 | { | 533 | { |
534 | ret = | 534 | ret = |
535 | _gnutls_ssl3_finished (session, | 535 | _gnutls_ssl3_finished (session, |
@@ -581,7 +581,7 @@ _gnutls_recv_finished (mhd_gtls_session_t session) | |||
581 | } | 581 | } |
582 | 582 | ||
583 | 583 | ||
584 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) | 584 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) |
585 | { | 585 | { |
586 | data_size = 36; | 586 | data_size = 36; |
587 | } | 587 | } |
@@ -597,7 +597,7 @@ _gnutls_recv_finished (mhd_gtls_session_t session) | |||
597 | return GNUTLS_E_ERROR_IN_FINISHED_PACKET; | 597 | return GNUTLS_E_ERROR_IN_FINISHED_PACKET; |
598 | } | 598 | } |
599 | 599 | ||
600 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) | 600 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) |
601 | { | 601 | { |
602 | ret = | 602 | ret = |
603 | _gnutls_ssl3_finished (session, | 603 | _gnutls_ssl3_finished (session, |
@@ -1530,7 +1530,7 @@ _gnutls_read_server_hello (mhd_gtls_session_t session, | |||
1530 | 1530 | ||
1531 | /* Parse extensions. | 1531 | /* Parse extensions. |
1532 | */ | 1532 | */ |
1533 | if (version >= MHD_GNUTLS_TLS1_0) | 1533 | if (version >= MHD_GNUTLS_PROTOCOL_TLS1_0) |
1534 | { | 1534 | { |
1535 | ret = mhd_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ | 1535 | ret = mhd_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ |
1536 | if (ret < 0) | 1536 | if (ret < 0) |
@@ -1706,7 +1706,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again) | |||
1706 | hver = session->internals.resumed_security_parameters.version; | 1706 | hver = session->internals.resumed_security_parameters.version; |
1707 | } | 1707 | } |
1708 | 1708 | ||
1709 | if (hver == MHD_GNUTLS_VERSION_UNKNOWN || hver == 0) | 1709 | if (hver == MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN || hver == 0) |
1710 | { | 1710 | { |
1711 | gnutls_assert (); | 1711 | gnutls_assert (); |
1712 | gnutls_free (data); | 1712 | gnutls_free (data); |
@@ -1810,7 +1810,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again) | |||
1810 | 1810 | ||
1811 | /* Generate and copy TLS extensions. | 1811 | /* Generate and copy TLS extensions. |
1812 | */ | 1812 | */ |
1813 | if (hver >= MHD_GNUTLS_TLS1_0) | 1813 | if (hver >= MHD_GNUTLS_PROTOCOL_TLS1_0) |
1814 | { | 1814 | { |
1815 | extdatalen = | 1815 | extdatalen = |
1816 | mhd_gtls_gen_extensions (session, extdata, sizeof (extdata)); | 1816 | mhd_gtls_gen_extensions (session, extdata, sizeof (extdata)); |
diff --git a/src/daemon/https/tls/gnutls_kx.c b/src/daemon/https/tls/gnutls_kx.c index 024af674..45717b4f 100644 --- a/src/daemon/https/tls/gnutls_kx.c +++ b/src/daemon/https/tls/gnutls_kx.c | |||
@@ -71,7 +71,7 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) | |||
71 | mhd_gtls_bin2hex (session->security_parameters. | 71 | mhd_gtls_bin2hex (session->security_parameters. |
72 | server_random, 32, buf, sizeof (buf))); | 72 | server_random, 32, buf, sizeof (buf))); |
73 | 73 | ||
74 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) | 74 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) |
75 | { | 75 | { |
76 | opaque rnd[2 * TLS_RANDOM_SIZE + 1]; | 76 | opaque rnd[2 * TLS_RANDOM_SIZE + 1]; |
77 | 77 | ||
@@ -504,7 +504,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again) | |||
504 | 504 | ||
505 | if (again == 0) | 505 | if (again == 0) |
506 | { | 506 | { |
507 | if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_SSL3 || | 507 | if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_PROTOCOL_SSL3 || |
508 | session->internals.selected_cert_list_length > 0) | 508 | session->internals.selected_cert_list_length > 0) |
509 | { | 509 | { |
510 | /* TLS 1.0 or SSL 3.0 with a valid certificate | 510 | /* TLS 1.0 or SSL 3.0 with a valid certificate |
@@ -525,7 +525,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again) | |||
525 | * no certificate alert instead of an | 525 | * no certificate alert instead of an |
526 | * empty certificate. | 526 | * empty certificate. |
527 | */ | 527 | */ |
528 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3 && | 528 | if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 && |
529 | session->internals.selected_cert_list_length == 0) | 529 | session->internals.selected_cert_list_length == 0) |
530 | { | 530 | { |
531 | ret = | 531 | ret = |
@@ -632,7 +632,7 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session) | |||
632 | */ | 632 | */ |
633 | if (optional == OPTIONAL_PACKET && | 633 | if (optional == OPTIONAL_PACKET && |
634 | ret == GNUTLS_E_WARNING_ALERT_RECEIVED && | 634 | ret == GNUTLS_E_WARNING_ALERT_RECEIVED && |
635 | MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3 && | 635 | MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 && |
636 | gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE) | 636 | gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE) |
637 | { | 637 | { |
638 | 638 | ||
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c index bbdce41c..f0a91bd6 100644 --- a/src/daemon/https/tls/gnutls_priority.c +++ b/src/daemon/https/tls/gnutls_priority.c | |||
@@ -201,9 +201,9 @@ MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session, | |||
201 | #endif | 201 | #endif |
202 | } | 202 | } |
203 | 203 | ||
204 | static const int mhd_gtls_protocol_priority[] = { MHD_GNUTLS_TLS1_1, | 204 | static const int mhd_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1, |
205 | MHD_GNUTLS_TLS1_0, | 205 | MHD_GNUTLS_PROTOCOL_TLS1_0, |
206 | MHD_GNUTLS_SSL3, | 206 | MHD_GNUTLS_PROTOCOL_SSL3, |
207 | 0 | 207 | 0 |
208 | }; | 208 | }; |
209 | 209 | ||
diff --git a/src/daemon/https/tls/gnutls_sig.c b/src/daemon/https/tls/gnutls_sig.c index 07ceb21b..3a41999d 100644 --- a/src/daemon/https/tls/gnutls_sig.c +++ b/src/daemon/https/tls/gnutls_sig.c | |||
@@ -65,7 +65,7 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, | |||
65 | return GNUTLS_E_HASH_FAILED; | 65 | return GNUTLS_E_HASH_FAILED; |
66 | } | 66 | } |
67 | 67 | ||
68 | if (ver == MHD_GNUTLS_SSL3) | 68 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) |
69 | { | 69 | { |
70 | ret = mhd_gtls_generate_master (session, 1); | 70 | ret = mhd_gtls_generate_master (session, 1); |
71 | if (ret < 0) | 71 | if (ret < 0) |
@@ -92,7 +92,7 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, | |||
92 | return GNUTLS_E_HASH_FAILED; | 92 | return GNUTLS_E_HASH_FAILED; |
93 | } | 93 | } |
94 | 94 | ||
95 | if (ver == MHD_GNUTLS_SSL3) | 95 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) |
96 | mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, | 96 | mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, |
97 | session->security_parameters. | 97 | session->security_parameters. |
98 | master_secret, TLS_MASTER_SIZE); | 98 | master_secret, TLS_MASTER_SIZE); |
@@ -146,7 +146,7 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session, | |||
146 | switch (cert->subject_pk_algorithm) | 146 | switch (cert->subject_pk_algorithm) |
147 | { | 147 | { |
148 | case MHD_GNUTLS_PK_RSA: | 148 | case MHD_GNUTLS_PK_RSA: |
149 | if (ver < MHD_GNUTLS_TLS1_2) | 149 | if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) |
150 | { | 150 | { |
151 | mac_hd_t td_md5 = mhd_gtls_hash_init (MHD_GNUTLS_MAC_MD5); | 151 | mac_hd_t td_md5 = mhd_gtls_hash_init (MHD_GNUTLS_MAC_MD5); |
152 | if (td_md5 == NULL) | 152 | if (td_md5 == NULL) |
@@ -352,7 +352,7 @@ mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, | |||
352 | return GNUTLS_E_HASH_FAILED; | 352 | return GNUTLS_E_HASH_FAILED; |
353 | } | 353 | } |
354 | 354 | ||
355 | if (ver == MHD_GNUTLS_SSL3) | 355 | if (ver == MHD_GNUTLS_PROTOCOL_SSL3) |
356 | { | 356 | { |
357 | ret = mhd_gtls_generate_master (session, 1); | 357 | ret = mhd_gtls_generate_master (session, 1); |
358 | if (ret < 0) | 358 | if (ret < 0) |
@@ -404,7 +404,7 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session, | |||
404 | opaque concat[36]; | 404 | opaque concat[36]; |
405 | enum MHD_GNUTLS_Protocol ver = MHD_gnutls_protocol_get_version (session); | 405 | enum MHD_GNUTLS_Protocol ver = MHD_gnutls_protocol_get_version (session); |
406 | 406 | ||
407 | if (ver < MHD_GNUTLS_TLS1_2) | 407 | if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) |
408 | { | 408 | { |
409 | td_md5 = mhd_gtls_hash_init (MHD_GNUTLS_MAC_MD5); | 409 | td_md5 = mhd_gtls_hash_init (MHD_GNUTLS_MAC_MD5); |
410 | if (td_md5 == NULL) | 410 | if (td_md5 == NULL) |
@@ -435,7 +435,7 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session, | |||
435 | TLS_RANDOM_SIZE); | 435 | TLS_RANDOM_SIZE); |
436 | mhd_gnutls_hash (td_sha, params->data, params->size); | 436 | mhd_gnutls_hash (td_sha, params->data, params->size); |
437 | 437 | ||
438 | if (ver < MHD_GNUTLS_TLS1_2) | 438 | if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) |
439 | { | 439 | { |
440 | mhd_gnutls_hash_deinit (td_md5, concat); | 440 | mhd_gnutls_hash_deinit (td_md5, concat); |
441 | mhd_gnutls_hash_deinit (td_sha, &concat[16]); | 441 | mhd_gnutls_hash_deinit (td_sha, &concat[16]); |
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c index 6eb01660..ae793ee0 100644 --- a/src/daemon/https/tls/gnutls_state.c +++ b/src/daemon/https/tls/gnutls_state.c | |||
@@ -812,7 +812,7 @@ mhd_gtls_PRF (mhd_gtls_session_t session, | |||
812 | memcpy (s_seed, label, label_size); | 812 | memcpy (s_seed, label, label_size); |
813 | memcpy (&s_seed[label_size], seed, seed_size); | 813 | memcpy (&s_seed[label_size], seed, seed_size); |
814 | 814 | ||
815 | if (ver >= MHD_GNUTLS_TLS1_2) | 815 | if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_2) |
816 | { | 816 | { |
817 | result = | 817 | result = |
818 | _gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, secret, secret_size, s_seed, | 818 | _gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, secret, secret_size, s_seed, |
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 49e093cc..f854b710 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
@@ -202,7 +202,7 @@ _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session, | |||
202 | } | 202 | } |
203 | 203 | ||
204 | /* | 204 | /* |
205 | * Read certificates and private keys, from files, memory etc. | 205 | * Read certificates and private keys, from memory etc. |
206 | */ | 206 | */ |
207 | 207 | ||
208 | /* returns error if the certificate has different algorithm than | 208 | /* returns error if the certificate has different algorithm than |
@@ -605,82 +605,6 @@ read_key_mem (mhd_gtls_cert_credentials_t res, | |||
605 | return 0; | 605 | return 0; |
606 | } | 606 | } |
607 | 607 | ||
608 | static char * | ||
609 | read_file (const char *filename, size_t * length) | ||
610 | { | ||
611 | struct stat st; | ||
612 | char *out; | ||
613 | int fd; | ||
614 | |||
615 | fd = open (filename, O_RDONLY); | ||
616 | if (-1 == fd) | ||
617 | return NULL; | ||
618 | if (0 != fstat(fd, &st)) | ||
619 | goto ERR; | ||
620 | out = malloc(st.st_size); | ||
621 | if (out == NULL) | ||
622 | goto ERR; | ||
623 | if (st.st_size != read(fd, out, st.st_size)) | ||
624 | { | ||
625 | free(out); | ||
626 | goto ERR; | ||
627 | } | ||
628 | *length = st.st_size; | ||
629 | close(fd); | ||
630 | return out; | ||
631 | ERR: | ||
632 | close(fd); | ||
633 | return NULL; | ||
634 | } | ||
635 | |||
636 | /* Reads a certificate file | ||
637 | */ | ||
638 | static int | ||
639 | read_cert_file (mhd_gtls_cert_credentials_t res, | ||
640 | const char *certfile, gnutls_x509_crt_fmt_t type) | ||
641 | { | ||
642 | int ret; | ||
643 | size_t size; | ||
644 | char *data = read_file (certfile, &size); | ||
645 | |||
646 | if (data == NULL) | ||
647 | { | ||
648 | gnutls_assert (); | ||
649 | return GNUTLS_E_FILE_ERROR; | ||
650 | } | ||
651 | |||
652 | ret = read_cert_mem (res, data, size, type); | ||
653 | free (data); | ||
654 | |||
655 | return ret; | ||
656 | |||
657 | } | ||
658 | |||
659 | |||
660 | |||
661 | /* Reads PKCS-1 RSA private key file or a DSA file (in the format openssl | ||
662 | * stores it). | ||
663 | */ | ||
664 | static int | ||
665 | read_key_file (mhd_gtls_cert_credentials_t res, | ||
666 | const char *keyfile, gnutls_x509_crt_fmt_t type) | ||
667 | { | ||
668 | int ret; | ||
669 | size_t size; | ||
670 | char *data = read_file (keyfile, &size); | ||
671 | |||
672 | if (data == NULL) | ||
673 | { | ||
674 | gnutls_assert (); | ||
675 | return GNUTLS_E_FILE_ERROR; | ||
676 | } | ||
677 | |||
678 | ret = read_key_mem (res, data, size, type); | ||
679 | free (data); | ||
680 | |||
681 | return ret; | ||
682 | } | ||
683 | |||
684 | /** | 608 | /** |
685 | * MHD_gnutls_certificate_set_x509_key_mem - Used to set keys in a mhd_gtls_cert_credentials_t structure | 609 | * MHD_gnutls_certificate_set_x509_key_mem - Used to set keys in a mhd_gtls_cert_credentials_t structure |
686 | * @res: is an #mhd_gtls_cert_credentials_t structure. | 610 | * @res: is an #mhd_gtls_cert_credentials_t structure. |
@@ -739,51 +663,6 @@ MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t | |||
739 | return 0; | 663 | return 0; |
740 | } | 664 | } |
741 | 665 | ||
742 | /** | ||
743 | * MHD_gnutls_certificate_set_x509_key_file - Used to set keys in a mhd_gtls_cert_credentials_t structure | ||
744 | * @res: is an #mhd_gtls_cert_credentials_t structure. | ||
745 | * @CERTFILE: is a file that containing the certificate list (path) for | ||
746 | * the specified private key, in PKCS7 format, or a list of certificates | ||
747 | * @KEYFILE: is a file that contains the private key | ||
748 | * @type: is PEM or DER | ||
749 | * | ||
750 | * This function sets a certificate/private key pair in the | ||
751 | * mhd_gtls_cert_credentials_t structure. This function may be | ||
752 | * called more than once (in case multiple keys/certificates exist | ||
753 | * for the server). | ||
754 | * | ||
755 | * Currently only PKCS-1 encoded RSA and DSA private keys are accepted by | ||
756 | * this function. | ||
757 | * | ||
758 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
759 | **/ | ||
760 | int | ||
761 | MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t | ||
762 | res, const char *CERTFILE, | ||
763 | const char *KEYFILE, | ||
764 | gnutls_x509_crt_fmt_t type) | ||
765 | { | ||
766 | int ret; | ||
767 | |||
768 | /* this should be first | ||
769 | */ | ||
770 | if ((ret = read_key_file (res, KEYFILE, type)) < 0) | ||
771 | return ret; | ||
772 | |||
773 | if ((ret = read_cert_file (res, CERTFILE, type)) < 0) | ||
774 | return ret; | ||
775 | |||
776 | res->ncerts++; | ||
777 | |||
778 | if ((ret = _gnutls_check_key_cert_match (res)) < 0) | ||
779 | { | ||
780 | gnutls_assert (); | ||
781 | return ret; | ||
782 | } | ||
783 | |||
784 | return 0; | ||
785 | } | ||
786 | |||
787 | static int | 666 | static int |
788 | generate_rdn_seq (mhd_gtls_cert_credentials_t res) | 667 | generate_rdn_seq (mhd_gtls_cert_credentials_t res) |
789 | { | 668 | { |
@@ -1085,59 +964,6 @@ MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t | |||
1085 | return ret; | 964 | return ret; |
1086 | } | 965 | } |
1087 | 966 | ||
1088 | /** | ||
1089 | * MHD_gnutls_certificate_set_x509_trust_file - Used to add trusted CAs in a mhd_gtls_cert_credentials_t structure | ||
1090 | * @res: is an #mhd_gtls_cert_credentials_t structure. | ||
1091 | * @cafile: is a file containing the list of trusted CAs (DER or PEM list) | ||
1092 | * @type: is PEM or DER | ||
1093 | * | ||
1094 | * This function adds the trusted CAs in order to verify client or | ||
1095 | * server certificates. In case of a client this is not required to | ||
1096 | * be called if the certificates are not verified using | ||
1097 | * MHD_gtls_certificate_verify_peers2(). This function may be called | ||
1098 | * multiple times. | ||
1099 | * | ||
1100 | * In case of a server the names of the CAs set here will be sent to | ||
1101 | * the client if a certificate request is sent. This can be disabled | ||
1102 | * using MHD_gnutls_certificate_send_x509_rdn_sequence(). | ||
1103 | * | ||
1104 | * Returns: number of certificates processed, or a negative value on | ||
1105 | * error. | ||
1106 | **/ | ||
1107 | int | ||
1108 | MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t | ||
1109 | res, const char *cafile, | ||
1110 | gnutls_x509_crt_fmt_t type) | ||
1111 | { | ||
1112 | int ret, ret2; | ||
1113 | size_t size; | ||
1114 | unsigned char *data = (unsigned char*) read_file (cafile, &size); | ||
1115 | |||
1116 | if (data == NULL) | ||
1117 | { | ||
1118 | gnutls_assert (); | ||
1119 | return GNUTLS_E_FILE_ERROR; | ||
1120 | } | ||
1121 | |||
1122 | if (type == GNUTLS_X509_FMT_DER) | ||
1123 | ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size); | ||
1124 | else | ||
1125 | ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size); | ||
1126 | |||
1127 | free (data); | ||
1128 | |||
1129 | if (ret < 0) | ||
1130 | { | ||
1131 | gnutls_assert (); | ||
1132 | return ret; | ||
1133 | } | ||
1134 | |||
1135 | if ((ret2 = generate_rdn_seq (res)) < 0) | ||
1136 | return ret2; | ||
1137 | |||
1138 | return ret; | ||
1139 | } | ||
1140 | |||
1141 | #ifdef ENABLE_PKI | 967 | #ifdef ENABLE_PKI |
1142 | 968 | ||
1143 | static int | 969 | static int |
@@ -1333,53 +1159,6 @@ MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t | |||
1333 | return ret; | 1159 | return ret; |
1334 | } | 1160 | } |
1335 | 1161 | ||
1336 | /** | ||
1337 | * MHD_gnutls_certificate_set_x509_crl_file - Used to add CRLs in a mhd_gtls_cert_credentials_t structure | ||
1338 | * @res: is an #mhd_gtls_cert_credentials_t structure. | ||
1339 | * @crlfile: is a file containing the list of verified CRLs (DER or PEM list) | ||
1340 | * @type: is PEM or DER | ||
1341 | * | ||
1342 | * This function adds the trusted CRLs in order to verify client or server | ||
1343 | * certificates. In case of a client this is not required | ||
1344 | * to be called if the certificates are not verified using | ||
1345 | * MHD_gtls_certificate_verify_peers2(). | ||
1346 | * This function may be called multiple times. | ||
1347 | * | ||
1348 | * Returns: number of CRLs processed or a negative value on error. | ||
1349 | **/ | ||
1350 | int | ||
1351 | MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t | ||
1352 | res, const char *crlfile, | ||
1353 | gnutls_x509_crt_fmt_t type) | ||
1354 | { | ||
1355 | int ret; | ||
1356 | size_t size; | ||
1357 | unsigned char *data = (unsigned char*) read_file (crlfile, &size); | ||
1358 | |||
1359 | if (data == NULL) | ||
1360 | { | ||
1361 | gnutls_assert (); | ||
1362 | return GNUTLS_E_FILE_ERROR; | ||
1363 | } | ||
1364 | |||
1365 | if (type == GNUTLS_X509_FMT_DER) | ||
1366 | ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls, | ||
1367 | data, size); | ||
1368 | else | ||
1369 | ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls, | ||
1370 | data, size); | ||
1371 | |||
1372 | free (data); | ||
1373 | |||
1374 | if (ret < 0) | ||
1375 | { | ||
1376 | gnutls_assert (); | ||
1377 | return ret; | ||
1378 | } | ||
1379 | |||
1380 | return ret; | ||
1381 | } | ||
1382 | |||
1383 | #include <pkcs12.h> | 1162 | #include <pkcs12.h> |
1384 | 1163 | ||
1385 | /** | 1164 | /** |
diff --git a/src/daemon/internal.h b/src/daemon/internal.h index 39886187..47d2963f 100644 --- a/src/daemon/internal.h +++ b/src/daemon/internal.h | |||
@@ -663,10 +663,6 @@ struct MHD_Daemon | |||
663 | /* Diffie-Hellman parameters */ | 663 | /* Diffie-Hellman parameters */ |
664 | mhd_gtls_dh_params_t dh_params; | 664 | mhd_gtls_dh_params_t dh_params; |
665 | 665 | ||
666 | const char *https_key_path; | ||
667 | |||
668 | const char *https_cert_path; | ||
669 | |||
670 | const char *https_mem_key; | 666 | const char *https_mem_key; |
671 | 667 | ||
672 | const char *https_mem_cert; | 668 | const char *https_mem_cert; |
diff --git a/src/examples/https_fileserver_example.c b/src/examples/https_fileserver_example.c index 55201ce2..a8897a8d 100644 --- a/src/examples/https_fileserver_example.c +++ b/src/examples/https_fileserver_example.c | |||
@@ -170,19 +170,9 @@ main (int argc, char *const *argv) | |||
170 | 170 | ||
171 | MHD_OPTION_END); | 171 | MHD_OPTION_END); |
172 | } | 172 | } |
173 | else if (argc == 5){ | ||
174 | TLS_daemon = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_DEBUG | ||
175 | | MHD_USE_SSL, atoi (argv[1]), | ||
176 | NULL, | ||
177 | NULL, &http_ahc, | ||
178 | NULL, MHD_OPTION_CONNECTION_TIMEOUT, 256, | ||
179 | MHD_OPTION_HTTPS_CERT_PATH, argv[3], | ||
180 | MHD_OPTION_HTTPS_KEY_PATH, argv[4], | ||
181 | MHD_OPTION_END); | ||
182 | } | ||
183 | else { | 173 | else { |
184 | printf | 174 | printf |
185 | ("Usage : %s HTTP-PORT SECONDS-TO-RUN [CERTIFICATE PATH, KEY PATH]\n", argv[0]); | 175 | ("Usage : %s HTTP-PORT SECONDS-TO-RUN\n", argv[0]); |
186 | return 1; | 176 | return 1; |
187 | } | 177 | } |
188 | 178 | ||
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 9c98433c..ce1bdd9d 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -349,24 +349,6 @@ enum MHD_OPTION | |||
349 | MHD_OPTION_SOCK_ADDR = 6, | 349 | MHD_OPTION_SOCK_ADDR = 6, |
350 | 350 | ||
351 | /** | 351 | /** |
352 | * Filename for the private key (key.pem) to be used by the | ||
353 | * HTTPS daemon. This option should be followed by an | ||
354 | * "const char*" argument. The memory of the filename must | ||
355 | * not be released until the application terminates. | ||
356 | * This should be used in conjunction with 'MHD_OPTION_HTTPS_CERT_PATH'. | ||
357 | */ | ||
358 | MHD_OPTION_HTTPS_KEY_PATH = 7, | ||
359 | |||
360 | /** | ||
361 | * Filename for the certificate (cert.pem) to be used by the | ||
362 | * HTTPS daemon. This option should be followed by an | ||
363 | * "const char*" argument. The memory of the filename must | ||
364 | * not be released until the application terminates. | ||
365 | * This should be used in conjunction with 'MHD_OPTION_HTTPS_KEY_PATH'. | ||
366 | */ | ||
367 | MHD_OPTION_HTTPS_CERT_PATH = 8, | ||
368 | |||
369 | /** | ||
370 | * Memory pointer for the private key (key.pem) to be used by the | 352 | * Memory pointer for the private key (key.pem) to be used by the |
371 | * HTTPS daemon. This option should be followed by an | 353 | * HTTPS daemon. This option should be followed by an |
372 | * "const char*" argument. | 354 | * "const char*" argument. |
@@ -515,15 +497,6 @@ enum MHD_RequestTerminationCode | |||
515 | */ | 497 | */ |
516 | MHD_REQUEST_TERMINATED_DAEMON_SHUTDOWN = 3, | 498 | MHD_REQUEST_TERMINATED_DAEMON_SHUTDOWN = 3, |
517 | 499 | ||
518 | /* FIXME: add TLS-specific error codes, | ||
519 | but only those that are useful! */ | ||
520 | /** | ||
521 | * Processing of this secure connection encountered | ||
522 | * an error. | ||
523 | */ | ||
524 | MHD_TLS_REQUEST_TERMINATED_WITH_ERROR, | ||
525 | |||
526 | MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT | ||
527 | }; | 500 | }; |
528 | 501 | ||
529 | /** | 502 | /** |
@@ -640,11 +613,11 @@ enum MHD_GNUTLS_CompressionMethod | |||
640 | enum MHD_GNUTLS_Protocol | 613 | enum MHD_GNUTLS_Protocol |
641 | { | 614 | { |
642 | MHD_GNUTLS_PROTOCOL_END = 0, | 615 | MHD_GNUTLS_PROTOCOL_END = 0, |
643 | MHD_GNUTLS_SSL3 = 1, | 616 | MHD_GNUTLS_PROTOCOL_SSL3 = 1, |
644 | MHD_GNUTLS_TLS1_0, | 617 | MHD_GNUTLS_PROTOCOL_TLS1_0, |
645 | MHD_GNUTLS_TLS1_1, | 618 | MHD_GNUTLS_PROTOCOL_TLS1_1, |
646 | MHD_GNUTLS_TLS1_2, | 619 | MHD_GNUTLS_PROTOCOL_TLS1_2, |
647 | MHD_GNUTLS_VERSION_UNKNOWN = 0xff | 620 | MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN = 0xff |
648 | }; | 621 | }; |
649 | 622 | ||
650 | /** | 623 | /** |
diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c index d57c6037..2f25f312 100644 --- a/src/testcurl/https/mhds_session_info_test.c +++ b/src/testcurl/https/mhds_session_info_test.c | |||
@@ -105,7 +105,7 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, | |||
105 | } | 105 | } |
106 | 106 | ||
107 | if (MHD_get_connection_info (connection, MHD_CONNECTION_INFO_PROTOCOL)->protocol != | 107 | if (MHD_get_connection_info (connection, MHD_CONNECTION_INFO_PROTOCOL)->protocol != |
108 | MHD_GNUTLS_SSL3) | 108 | MHD_GNUTLS_PROTOCOL_SSL3) |
109 | { | 109 | { |
110 | fprintf (stderr, "Error: requested compression mismatch. %s\n", | 110 | fprintf (stderr, "Error: requested compression mismatch. %s\n", |
111 | strerror (errno)); | 111 | strerror (errno)); |
diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c index 38a8c1d5..5817c9c5 100644 --- a/src/testcurl/https/tls_daemon_options_test.c +++ b/src/testcurl/https/tls_daemon_options_test.c | |||
@@ -356,8 +356,6 @@ main (int argc, char *const *argv) | |||
356 | { | 356 | { |
357 | FILE *test_fd; | 357 | FILE *test_fd; |
358 | unsigned int errorCount = 0; | 358 | unsigned int errorCount = 0; |
359 | char * cur_dir; | ||
360 | char cert_path[255], key_path[255]; | ||
361 | 359 | ||
362 | MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL); | 360 | MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL); |
363 | 361 | ||
@@ -379,7 +377,7 @@ main (int argc, char *const *argv) | |||
379 | } | 377 | } |
380 | 378 | ||
381 | int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 }; | 379 | int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 }; |
382 | int p[] = { MHD_GNUTLS_SSL3, 0 }; | 380 | int p[] = { MHD_GNUTLS_PROTOCOL_SSL3, 0 }; |
383 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; | 381 | int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; |
384 | int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 }; | 382 | int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 }; |
385 | 383 | ||
@@ -390,16 +388,6 @@ main (int argc, char *const *argv) | |||
390 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, | 388 | MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, |
391 | MHD_OPTION_END); | 389 | MHD_OPTION_END); |
392 | 390 | ||
393 | cur_dir = get_current_dir_name (); | ||
394 | sprintf (cert_path, "%s/%s", cur_dir, "cert.pem"); | ||
395 | sprintf (key_path, "%s/%s", cur_dir, "key.pem"); | ||
396 | |||
397 | errorCount += | ||
398 | test_wrap ("file certificates", &test_https_transfer, test_fd, | ||
399 | "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_CERT_PATH, cert_path, | ||
400 | MHD_OPTION_HTTPS_KEY_PATH, key_path, MHD_OPTION_END); | ||
401 | free (cur_dir); | ||
402 | |||
403 | errorCount += | 391 | errorCount += |
404 | test_wrap ("protocol_version", &test_protocol_version, test_fd, | 392 | test_wrap ("protocol_version", &test_protocol_version, test_fd, |
405 | "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, | 393 | "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, |