diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-08-24 18:03:05 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-08-24 18:03:05 +0000 |
commit | 9181dd0a072670d61a2e6839f23d7e33165ca089 (patch) | |
tree | 88806884c43d3579c3a357d8b26d1843e009ceab /src/daemon/https/tls/auth_cert.c | |
parent | 484e65d76e26874485e906f5221156442bb52467 (diff) | |
download | libmicrohttpd-9181dd0a072670d61a2e6839f23d7e33165ca089.tar.gz libmicrohttpd-9181dd0a072670d61a2e6839f23d7e33165ca089.zip |
indenting
Diffstat (limited to 'src/daemon/https/tls/auth_cert.c')
-rw-r--r-- | src/daemon/https/tls/auth_cert.c | 123 |
1 files changed, 65 insertions, 58 deletions
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c index 69a581ab..e007517c 100644 --- a/src/daemon/https/tls/auth_cert.c +++ b/src/daemon/https/tls/auth_cert.c | |||
@@ -50,7 +50,7 @@ static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, | |||
50 | static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); | 50 | static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); |
51 | 51 | ||
52 | 52 | ||
53 | /* Copies data from a internal certificate struct (gnutls_cert) to | 53 | /* Copies data from a internal certificate struct (gnutls_cert) to |
54 | * exported certificate struct (cert_auth_info_t) | 54 | * exported certificate struct (cert_auth_info_t) |
55 | */ | 55 | */ |
56 | static int | 56 | static int |
@@ -81,8 +81,7 @@ _gnutls_copy_certificate_auth_info (cert_auth_info_t info, | |||
81 | if (cert->raw.size > 0) | 81 | if (cert->raw.size > 0) |
82 | { | 82 | { |
83 | ret = | 83 | ret = |
84 | _gnutls_set_datum (&info-> | 84 | _gnutls_set_datum (&info->raw_certificate_list[i], |
85 | raw_certificate_list[i], | ||
86 | cert[i].raw.data, cert[i].raw.size); | 85 | cert[i].raw.data, cert[i].raw.size); |
87 | if (ret < 0) | 86 | if (ret < 0) |
88 | { | 87 | { |
@@ -113,9 +112,10 @@ clear: | |||
113 | * -1 otherwise. | 112 | * -1 otherwise. |
114 | */ | 113 | */ |
115 | inline static int | 114 | inline static int |
116 | _gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm * | 115 | _gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm |
117 | pk_algos, int pk_algos_length, | 116 | *pk_algos, int pk_algos_length, |
118 | enum MHD_GNUTLS_PublicKeyAlgorithm algo_to_check) | 117 | enum MHD_GNUTLS_PublicKeyAlgorithm |
118 | algo_to_check) | ||
119 | { | 119 | { |
120 | int i; | 120 | int i; |
121 | for (i = 0; i < pk_algos_length; i++) | 121 | for (i = 0; i < pk_algos_length; i++) |
@@ -129,7 +129,7 @@ _gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm * | |||
129 | } | 129 | } |
130 | 130 | ||
131 | 131 | ||
132 | /* Returns the issuer's Distinguished name in odn, of the certificate | 132 | /* Returns the issuer's Distinguished name in odn, of the certificate |
133 | * specified in cert. | 133 | * specified in cert. |
134 | */ | 134 | */ |
135 | static int | 135 | static int |
@@ -179,13 +179,13 @@ _gnutls_cert_get_issuer_dn (gnutls_cert * cert, gnutls_datum_t * odn) | |||
179 | /* Locates the most appropriate x509 certificate using the | 179 | /* Locates the most appropriate x509 certificate using the |
180 | * given DN. If indx == -1 then no certificate was found. | 180 | * given DN. If indx == -1 then no certificate was found. |
181 | * | 181 | * |
182 | * That is to guess which certificate to use, based on the | 182 | * That is to guess which certificate to use, based on the |
183 | * CAs and sign algorithms supported by the peer server. | 183 | * CAs and sign algorithms supported by the peer server. |
184 | */ | 184 | */ |
185 | static int | 185 | static int |
186 | _find_x509_cert (const mhd_gtls_cert_credentials_t cred, | 186 | _find_x509_cert (const mhd_gtls_cert_credentials_t cred, |
187 | opaque * _data, size_t _data_size, | 187 | opaque * _data, size_t _data_size, |
188 | const enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, | 188 | const enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, |
189 | int pk_algos_length, int *indx) | 189 | int pk_algos_length, int *indx) |
190 | { | 190 | { |
191 | unsigned size; | 191 | unsigned size; |
@@ -210,8 +210,8 @@ _find_x509_cert (const mhd_gtls_cert_credentials_t cred, | |||
210 | for (j = 0; j < cred->cert_list_length[i]; j++) | 210 | for (j = 0; j < cred->cert_list_length[i]; j++) |
211 | { | 211 | { |
212 | if ((result = | 212 | if ((result = |
213 | _gnutls_cert_get_issuer_dn (&cred-> | 213 | _gnutls_cert_get_issuer_dn (&cred->cert_list[i][j], |
214 | cert_list[i][j], &odn)) < 0) | 214 | &odn)) < 0) |
215 | { | 215 | { |
216 | gnutls_assert (); | 216 | gnutls_assert (); |
217 | return result; | 217 | return result; |
@@ -271,7 +271,7 @@ get_issuers_num (mhd_gtls_session_t session, opaque * data, ssize_t data_size) | |||
271 | if (data_size > 0) | 271 | if (data_size > 0) |
272 | do | 272 | do |
273 | { | 273 | { |
274 | /* This works like DECR_LEN() | 274 | /* This works like DECR_LEN() |
275 | */ | 275 | */ |
276 | result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | 276 | result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; |
277 | DECR_LENGTH_COM (data_size, 2, goto error); | 277 | DECR_LENGTH_COM (data_size, 2, goto error); |
@@ -348,14 +348,16 @@ static int | |||
348 | call_get_cert_callback (mhd_gtls_session_t session, | 348 | call_get_cert_callback (mhd_gtls_session_t session, |
349 | gnutls_datum_t * issuers_dn, | 349 | gnutls_datum_t * issuers_dn, |
350 | int issuers_dn_length, | 350 | int issuers_dn_length, |
351 | enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, int pk_algos_length) | 351 | enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, |
352 | int pk_algos_length) | ||
352 | { | 353 | { |
353 | unsigned i; | 354 | unsigned i; |
354 | gnutls_cert *local_certs = NULL; | 355 | gnutls_cert *local_certs = NULL; |
355 | gnutls_privkey *local_key = NULL; | 356 | gnutls_privkey *local_key = NULL; |
356 | gnutls_retr_st st; | 357 | gnutls_retr_st st; |
357 | int ret; | 358 | int ret; |
358 | enum MHD_GNUTLS_CertificateType type = gnutls_certificate_type_get (session); | 359 | enum MHD_GNUTLS_CertificateType type = |
360 | gnutls_certificate_type_get (session); | ||
359 | mhd_gtls_cert_credentials_t cred; | 361 | mhd_gtls_cert_credentials_t cred; |
360 | 362 | ||
361 | cred = (mhd_gtls_cert_credentials_t) | 363 | cred = (mhd_gtls_cert_credentials_t) |
@@ -411,8 +413,8 @@ call_get_cert_callback (mhd_gtls_session_t session, | |||
411 | } | 413 | } |
412 | 414 | ||
413 | mhd_gtls_selected_certs_set (session, local_certs, | 415 | mhd_gtls_selected_certs_set (session, local_certs, |
414 | (local_certs != NULL) ? st.ncerts : 0, | 416 | (local_certs != NULL) ? st.ncerts : 0, |
415 | local_key, 1); | 417 | local_key, 1); |
416 | 418 | ||
417 | ret = 0; | 419 | ret = 0; |
418 | 420 | ||
@@ -443,7 +445,8 @@ cleanup: | |||
443 | static int | 445 | static int |
444 | _select_client_cert (mhd_gtls_session_t session, | 446 | _select_client_cert (mhd_gtls_session_t session, |
445 | opaque * _data, size_t _data_size, | 447 | opaque * _data, size_t _data_size, |
446 | enum MHD_GNUTLS_PublicKeyAlgorithm * pk_algos, int pk_algos_length) | 448 | enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, |
449 | int pk_algos_length) | ||
447 | { | 450 | { |
448 | int result; | 451 | int result; |
449 | int indx = -1; | 452 | int indx = -1; |
@@ -464,7 +467,7 @@ _select_client_cert (mhd_gtls_session_t session, | |||
464 | if (cred->client_get_cert_callback != NULL) | 467 | if (cred->client_get_cert_callback != NULL) |
465 | { | 468 | { |
466 | 469 | ||
467 | /* use a callback to get certificate | 470 | /* use a callback to get certificate |
468 | */ | 471 | */ |
469 | if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509) | 472 | if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509) |
470 | issuers_dn_length = 0; | 473 | issuers_dn_length = 0; |
@@ -523,9 +526,9 @@ _select_client_cert (mhd_gtls_session_t session, | |||
523 | if (indx >= 0) | 526 | if (indx >= 0) |
524 | { | 527 | { |
525 | mhd_gtls_selected_certs_set (session, | 528 | mhd_gtls_selected_certs_set (session, |
526 | &cred->cert_list[indx][0], | 529 | &cred->cert_list[indx][0], |
527 | cred->cert_list_length[indx], | 530 | cred->cert_list_length[indx], |
528 | &cred->pkey[indx], 0); | 531 | &cred->pkey[indx], 0); |
529 | } | 532 | } |
530 | else | 533 | else |
531 | { | 534 | { |
@@ -553,11 +556,11 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) | |||
553 | gnutls_privkey *apr_pkey; | 556 | gnutls_privkey *apr_pkey; |
554 | int apr_cert_list_length; | 557 | int apr_cert_list_length; |
555 | 558 | ||
556 | /* find the appropriate certificate | 559 | /* find the appropriate certificate |
557 | */ | 560 | */ |
558 | if ((ret = | 561 | if ((ret = |
559 | mhd_gtls_get_selected_cert (session, &apr_cert_list, | 562 | mhd_gtls_get_selected_cert (session, &apr_cert_list, |
560 | &apr_cert_list_length, &apr_pkey)) < 0) | 563 | &apr_cert_list_length, &apr_pkey)) < 0) |
561 | { | 564 | { |
562 | gnutls_assert (); | 565 | gnutls_assert (); |
563 | return ret; | 566 | return ret; |
@@ -576,7 +579,7 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) | |||
576 | * instead of: | 579 | * instead of: |
577 | * 0B 00 00 00 // empty certificate handshake | 580 | * 0B 00 00 00 // empty certificate handshake |
578 | * | 581 | * |
579 | * ( the above is the whole handshake message, not | 582 | * ( the above is the whole handshake message, not |
580 | * the one produced here ) | 583 | * the one produced here ) |
581 | */ | 584 | */ |
582 | 585 | ||
@@ -600,7 +603,8 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) | |||
600 | } | 603 | } |
601 | 604 | ||
602 | int | 605 | int |
603 | mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data) | 606 | mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, |
607 | opaque ** data) | ||
604 | { | 608 | { |
605 | switch (session->security_parameters.cert_type) | 609 | switch (session->security_parameters.cert_type) |
606 | { | 610 | { |
@@ -614,7 +618,8 @@ mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data | |||
614 | } | 618 | } |
615 | 619 | ||
616 | int | 620 | int |
617 | mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data) | 621 | mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, |
622 | opaque ** data) | ||
618 | { | 623 | { |
619 | switch (session->security_parameters.cert_type) | 624 | switch (session->security_parameters.cert_type) |
620 | { | 625 | { |
@@ -632,7 +637,7 @@ mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data | |||
632 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x]) | 637 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x]) |
633 | int | 638 | int |
634 | mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, | 639 | mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, |
635 | opaque * data, size_t data_size) | 640 | opaque * data, size_t data_size) |
636 | { | 641 | { |
637 | int size, len, ret; | 642 | int size, len, ret; |
638 | opaque *p = data; | 643 | opaque *p = data; |
@@ -655,7 +660,7 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, | |||
655 | 660 | ||
656 | if ((ret = | 661 | if ((ret = |
657 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | 662 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, |
658 | sizeof (cert_auth_info_st), 1)) < 0) | 663 | sizeof (cert_auth_info_st), 1)) < 0) |
659 | { | 664 | { |
660 | gnutls_assert (); | 665 | gnutls_assert (); |
661 | return ret; | 666 | return ret; |
@@ -703,7 +708,7 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, | |||
703 | } | 708 | } |
704 | 709 | ||
705 | /* Ok we now allocate the memory to hold the | 710 | /* Ok we now allocate the memory to hold the |
706 | * certificate list | 711 | * certificate list |
707 | */ | 712 | */ |
708 | 713 | ||
709 | peer_certificate_list = | 714 | peer_certificate_list = |
@@ -734,8 +739,8 @@ mhd_gtls_proc_x509_server_certificate (mhd_gtls_session_t session, | |||
734 | 739 | ||
735 | if ((ret = | 740 | if ((ret = |
736 | mhd_gtls_x509_raw_cert_to_gcert (&peer_certificate_list | 741 | mhd_gtls_x509_raw_cert_to_gcert (&peer_certificate_list |
737 | [j], &tmp, | 742 | [j], &tmp, |
738 | CERT_ONLY_EXTENSIONS)) < 0) | 743 | CERT_ONLY_EXTENSIONS)) < 0) |
739 | { | 744 | { |
740 | gnutls_assert (); | 745 | gnutls_assert (); |
741 | goto cleanup; | 746 | goto cleanup; |
@@ -775,7 +780,7 @@ cleanup: | |||
775 | 780 | ||
776 | int | 781 | int |
777 | mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, | 782 | mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, |
778 | opaque * data, size_t data_size) | 783 | opaque * data, size_t data_size) |
779 | { | 784 | { |
780 | switch (session->security_parameters.cert_type) | 785 | switch (session->security_parameters.cert_type) |
781 | { | 786 | { |
@@ -792,7 +797,7 @@ typedef enum CertificateSigType | |||
792 | { RSA_SIGN = 1, DSA_SIGN | 797 | { RSA_SIGN = 1, DSA_SIGN |
793 | } CertificateSigType; | 798 | } CertificateSigType; |
794 | 799 | ||
795 | /* Checks if we support the given signature algorithm | 800 | /* Checks if we support the given signature algorithm |
796 | * (RSA or DSA). Returns the corresponding enum MHD_GNUTLS_PublicKeyAlgorithm | 801 | * (RSA or DSA). Returns the corresponding enum MHD_GNUTLS_PublicKeyAlgorithm |
797 | * if true; | 802 | * if true; |
798 | */ | 803 | */ |
@@ -810,7 +815,7 @@ _gnutls_check_supported_sign_algo (CertificateSigType algo) | |||
810 | 815 | ||
811 | int | 816 | int |
812 | mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | 817 | mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, |
813 | size_t data_size) | 818 | size_t data_size) |
814 | { | 819 | { |
815 | int size, ret; | 820 | int size, ret; |
816 | opaque *p; | 821 | opaque *p; |
@@ -832,7 +837,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | |||
832 | 837 | ||
833 | if ((ret = | 838 | if ((ret = |
834 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | 839 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, |
835 | sizeof (cert_auth_info_st), 0)) < 0) | 840 | sizeof (cert_auth_info_st), 0)) < 0) |
836 | { | 841 | { |
837 | gnutls_assert (); | 842 | gnutls_assert (); |
838 | return ret; | 843 | return ret; |
@@ -898,7 +903,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | |||
898 | return ret; | 903 | return ret; |
899 | } | 904 | } |
900 | 905 | ||
901 | /* We should reply with a certificate message, | 906 | /* We should reply with a certificate message, |
902 | * even if we have no certificate to send. | 907 | * even if we have no certificate to send. |
903 | */ | 908 | */ |
904 | session->key->certificate_requested = 1; | 909 | session->key->certificate_requested = 1; |
@@ -907,7 +912,8 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | |||
907 | } | 912 | } |
908 | 913 | ||
909 | int | 914 | int |
910 | mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) | 915 | mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, |
916 | opaque ** data) | ||
911 | { | 917 | { |
912 | int ret; | 918 | int ret; |
913 | gnutls_cert *apr_cert_list; | 919 | gnutls_cert *apr_cert_list; |
@@ -920,7 +926,7 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) | |||
920 | /* find the appropriate certificate */ | 926 | /* find the appropriate certificate */ |
921 | if ((ret = | 927 | if ((ret = |
922 | mhd_gtls_get_selected_cert (session, &apr_cert_list, | 928 | mhd_gtls_get_selected_cert (session, &apr_cert_list, |
923 | &apr_cert_list_length, &apr_pkey)) < 0) | 929 | &apr_cert_list_length, &apr_pkey)) < 0) |
924 | { | 930 | { |
925 | gnutls_assert (); | 931 | gnutls_assert (); |
926 | return ret; | 932 | return ret; |
@@ -930,8 +936,8 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) | |||
930 | { | 936 | { |
931 | if ((ret = | 937 | if ((ret = |
932 | mhd_gtls_tls_sign_hdata (session, | 938 | mhd_gtls_tls_sign_hdata (session, |
933 | &apr_cert_list[0], | 939 | &apr_cert_list[0], |
934 | apr_pkey, &signature)) < 0) | 940 | apr_pkey, &signature)) < 0) |
935 | { | 941 | { |
936 | gnutls_assert (); | 942 | gnutls_assert (); |
937 | return ret; | 943 | return ret; |
@@ -960,7 +966,7 @@ mhd_gtls_gen_cert_client_cert_vrfy (mhd_gtls_session_t session, opaque ** data) | |||
960 | 966 | ||
961 | int | 967 | int |
962 | mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session, | 968 | mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session, |
963 | opaque * data, size_t data_size) | 969 | opaque * data, size_t data_size) |
964 | { | 970 | { |
965 | int size, ret; | 971 | int size, ret; |
966 | ssize_t dsize = data_size; | 972 | ssize_t dsize = data_size; |
@@ -986,9 +992,9 @@ mhd_gtls_proc_cert_client_cert_vrfy (mhd_gtls_session_t session, | |||
986 | sig.size = size; | 992 | sig.size = size; |
987 | 993 | ||
988 | ret = mhd_gtls_raw_cert_to_gcert (&peer_cert, | 994 | ret = mhd_gtls_raw_cert_to_gcert (&peer_cert, |
989 | session->security_parameters.cert_type, | 995 | session->security_parameters.cert_type, |
990 | &info->raw_certificate_list[0], | 996 | &info->raw_certificate_list[0], |
991 | CERT_NO_COPY); | 997 | CERT_NO_COPY); |
992 | 998 | ||
993 | if (ret < 0) | 999 | if (ret < 0) |
994 | { | 1000 | { |
@@ -1029,7 +1035,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) | |||
1029 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | 1035 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
1030 | } | 1036 | } |
1031 | 1037 | ||
1032 | size = CERTTYPE_SIZE + 2; /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq | 1038 | size = CERTTYPE_SIZE + 2; /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq |
1033 | */ | 1039 | */ |
1034 | 1040 | ||
1035 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && | 1041 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && |
@@ -1079,7 +1085,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) | |||
1079 | } | 1085 | } |
1080 | 1086 | ||
1081 | 1087 | ||
1082 | /* This function will return the appropriate certificate to use. | 1088 | /* This function will return the appropriate certificate to use. |
1083 | * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey. | 1089 | * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey. |
1084 | * The return value is a negative value on error. | 1090 | * The return value is a negative value on error. |
1085 | * | 1091 | * |
@@ -1088,9 +1094,9 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) | |||
1088 | */ | 1094 | */ |
1089 | int | 1095 | int |
1090 | mhd_gtls_get_selected_cert (mhd_gtls_session_t session, | 1096 | mhd_gtls_get_selected_cert (mhd_gtls_session_t session, |
1091 | gnutls_cert ** apr_cert_list, | 1097 | gnutls_cert ** apr_cert_list, |
1092 | int *apr_cert_list_length, | 1098 | int *apr_cert_list_length, |
1093 | gnutls_privkey ** apr_pkey) | 1099 | gnutls_privkey ** apr_pkey) |
1094 | { | 1100 | { |
1095 | if (session->security_parameters.entity == GNUTLS_SERVER) | 1101 | if (session->security_parameters.entity == GNUTLS_SERVER) |
1096 | { | 1102 | { |
@@ -1110,7 +1116,7 @@ mhd_gtls_get_selected_cert (mhd_gtls_session_t session, | |||
1110 | 1116 | ||
1111 | } | 1117 | } |
1112 | else | 1118 | else |
1113 | { /* CLIENT SIDE | 1119 | { /* CLIENT SIDE |
1114 | */ | 1120 | */ |
1115 | 1121 | ||
1116 | /* we have already decided which certificate | 1122 | /* we have already decided which certificate |
@@ -1223,8 +1229,8 @@ mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session) | |||
1223 | 1229 | ||
1224 | void | 1230 | void |
1225 | mhd_gtls_selected_certs_set (mhd_gtls_session_t session, | 1231 | mhd_gtls_selected_certs_set (mhd_gtls_session_t session, |
1226 | gnutls_cert * certs, int ncerts, | 1232 | gnutls_cert * certs, int ncerts, |
1227 | gnutls_privkey * key, int need_free) | 1233 | gnutls_privkey * key, int need_free) |
1228 | { | 1234 | { |
1229 | mhd_gtls_selected_certs_deinit (session); | 1235 | mhd_gtls_selected_certs_deinit (session); |
1230 | 1236 | ||
@@ -1248,7 +1254,8 @@ mhd_gtls_selected_certs_set (mhd_gtls_session_t session, | |||
1248 | */ | 1254 | */ |
1249 | int | 1255 | int |
1250 | mhd_gtls_server_select_cert (mhd_gtls_session_t session, | 1256 | mhd_gtls_server_select_cert (mhd_gtls_session_t session, |
1251 | enum MHD_GNUTLS_PublicKeyAlgorithm requested_algo) | 1257 | enum MHD_GNUTLS_PublicKeyAlgorithm |
1258 | requested_algo) | ||
1252 | { | 1259 | { |
1253 | unsigned i; | 1260 | unsigned i; |
1254 | int idx, ret; | 1261 | int idx, ret; |
@@ -1276,12 +1283,12 @@ mhd_gtls_server_select_cert (mhd_gtls_session_t session, | |||
1276 | 1283 | ||
1277 | for (i = 0; i < cred->ncerts; i++) | 1284 | for (i = 0; i < cred->ncerts; i++) |
1278 | { | 1285 | { |
1279 | /* find one compatible certificate | 1286 | /* find one compatible certificate |
1280 | */ | 1287 | */ |
1281 | if (requested_algo == GNUTLS_PK_ANY || | 1288 | if (requested_algo == GNUTLS_PK_ANY || |
1282 | requested_algo == cred->cert_list[i][0].subject_pk_algorithm) | 1289 | requested_algo == cred->cert_list[i][0].subject_pk_algorithm) |
1283 | { | 1290 | { |
1284 | /* if cert type matches | 1291 | /* if cert type matches |
1285 | */ | 1292 | */ |
1286 | if (session->security_parameters.cert_type == | 1293 | if (session->security_parameters.cert_type == |
1287 | cred->cert_list[i][0].cert_type) | 1294 | cred->cert_list[i][0].cert_type) |
@@ -1298,9 +1305,9 @@ mhd_gtls_server_select_cert (mhd_gtls_session_t session, | |||
1298 | if (idx >= 0 && ret == 0) | 1305 | if (idx >= 0 && ret == 0) |
1299 | { | 1306 | { |
1300 | mhd_gtls_selected_certs_set (session, | 1307 | mhd_gtls_selected_certs_set (session, |
1301 | &cred->cert_list[idx][0], | 1308 | &cred->cert_list[idx][0], |
1302 | cred->cert_list_length[idx], | 1309 | cred->cert_list_length[idx], |
1303 | &cred->pkey[idx], 0); | 1310 | &cred->pkey[idx], 0); |
1304 | } | 1311 | } |
1305 | else | 1312 | else |
1306 | /* Certificate does not support REQUESTED_ALGO. */ | 1313 | /* Certificate does not support REQUESTED_ALGO. */ |