diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-08-24 15:34:34 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-08-24 15:34:34 +0000 |
commit | bde481fb521f299d9c5bf654573f73a7958d461a (patch) | |
tree | 0a23772d9f4e564baee6cababcbb047aef0e6937 /src/daemon/https/tls/auth_cert.c | |
parent | 2bdfce2c5a5348faa69ca52f1721a911d527c9fa (diff) | |
download | libmicrohttpd-bde481fb521f299d9c5bf654573f73a7958d461a.tar.gz libmicrohttpd-bde481fb521f299d9c5bf654573f73a7958d461a.zip |
removing more -- hopefully all -- openpgp related code
Diffstat (limited to 'src/daemon/https/tls/auth_cert.c')
-rw-r--r-- | src/daemon/https/tls/auth_cert.c | 468 |
1 files changed, 3 insertions, 465 deletions
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c index 308c3878..643b32cb 100644 --- a/src/daemon/https/tls/auth_cert.c +++ b/src/daemon/https/tls/auth_cert.c | |||
@@ -43,15 +43,11 @@ | |||
43 | #include <gnutls_state.h> | 43 | #include <gnutls_state.h> |
44 | #include <gnutls_pk.h> | 44 | #include <gnutls_pk.h> |
45 | #include <gnutls_x509.h> | 45 | #include <gnutls_x509.h> |
46 | #include <gnutls_extra_hooks.h> | ||
47 | #include "debug.h" | 46 | #include "debug.h" |
48 | 47 | ||
49 | static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, | 48 | static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, |
50 | unsigned); | 49 | unsigned); |
51 | static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); | 50 | static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); |
52 | static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert); | ||
53 | static gnutls_privkey *alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t | ||
54 | key); | ||
55 | 51 | ||
56 | 52 | ||
57 | /* Copies data from a internal certificate struct (gnutls_cert) to | 53 | /* Copies data from a internal certificate struct (gnutls_cert) to |
@@ -255,41 +251,6 @@ _find_x509_cert (const mhd_gtls_cert_credentials_t cred, | |||
255 | 251 | ||
256 | } | 252 | } |
257 | 253 | ||
258 | /* Locates the most appropriate openpgp cert | ||
259 | */ | ||
260 | static int | ||
261 | _find_openpgp_cert (const mhd_gtls_cert_credentials_t cred, | ||
262 | gnutls_pk_algorithm_t * pk_algos, | ||
263 | int pk_algos_length, int *indx) | ||
264 | { | ||
265 | unsigned i, j; | ||
266 | |||
267 | *indx = -1; | ||
268 | |||
269 | for (i = 0; i < cred->ncerts; i++) | ||
270 | { | ||
271 | for (j = 0; j < cred->cert_list_length[i]; j++) | ||
272 | { | ||
273 | |||
274 | /* If the *_SIGN algorithm matches | ||
275 | * the cert is our cert! | ||
276 | */ | ||
277 | if ((_gnutls_check_pk_algo_in_list | ||
278 | (pk_algos, pk_algos_length, | ||
279 | cred->cert_list[i][0].subject_pk_algorithm) == 0) | ||
280 | && (cred->cert_list[i][0].cert_type == MHD_GNUTLS_CRT_OPENPGP)) | ||
281 | { | ||
282 | *indx = i; | ||
283 | break; | ||
284 | } | ||
285 | } | ||
286 | if (*indx != -1) | ||
287 | break; | ||
288 | } | ||
289 | |||
290 | return 0; | ||
291 | } | ||
292 | |||
293 | /* Returns the number of issuers in the server's | 254 | /* Returns the number of issuers in the server's |
294 | * certificate request packet. | 255 | * certificate request packet. |
295 | */ | 256 | */ |
@@ -444,17 +405,9 @@ call_get_cert_callback (mhd_gtls_session_t session, | |||
444 | } | 405 | } |
445 | else | 406 | else |
446 | { /* PGP */ | 407 | { /* PGP */ |
447 | if (st.ncerts > 1) | 408 | gnutls_assert (); |
448 | { | 409 | ret = GNUTLS_E_INVALID_REQUEST; |
449 | gnutls_assert (); | 410 | goto cleanup; |
450 | ret = GNUTLS_E_INVALID_REQUEST; | ||
451 | goto cleanup; | ||
452 | } | ||
453 | |||
454 | local_certs = alloc_and_load_pgp_certs (st.cert.pgp); | ||
455 | if (local_certs != NULL) | ||
456 | local_key = alloc_and_load_pgp_key (st.key.pgp); | ||
457 | |||
458 | } | 411 | } |
459 | 412 | ||
460 | mhd_gtls_selected_certs_set (session, local_certs, | 413 | mhd_gtls_selected_certs_set (session, local_certs, |
@@ -477,22 +430,6 @@ cleanup: | |||
477 | gnutls_x509_privkey_deinit (st.key.x509); | 430 | gnutls_x509_privkey_deinit (st.key.x509); |
478 | } | 431 | } |
479 | } | 432 | } |
480 | else | ||
481 | { | ||
482 | if (st.deinit_all) | ||
483 | { | ||
484 | if (_E_gnutls_openpgp_crt_deinit == NULL || | ||
485 | _E_gnutls_openpgp_privkey_deinit == NULL) | ||
486 | { | ||
487 | gnutls_assert (); | ||
488 | return GNUTLS_E_INIT_LIBEXTRA; | ||
489 | } | ||
490 | |||
491 | _E_gnutls_openpgp_crt_deinit (st.cert.pgp); | ||
492 | _E_gnutls_openpgp_privkey_deinit (st.key.pgp); | ||
493 | } | ||
494 | } | ||
495 | |||
496 | return ret; | 433 | return ret; |
497 | } | 434 | } |
498 | 435 | ||
@@ -577,11 +514,6 @@ _select_client_cert (mhd_gtls_session_t session, | |||
577 | result = | 514 | result = |
578 | _find_x509_cert (cred, _data, _data_size, | 515 | _find_x509_cert (cred, _data, _data_size, |
579 | pk_algos, pk_algos_length, &indx); | 516 | pk_algos, pk_algos_length, &indx); |
580 | |||
581 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP) | ||
582 | result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx); | ||
583 | |||
584 | |||
585 | if (result < 0) | 517 | if (result < 0) |
586 | { | 518 | { |
587 | gnutls_assert (); | 519 | gnutls_assert (); |
@@ -667,136 +599,11 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) | |||
667 | return ret; | 599 | return ret; |
668 | } | 600 | } |
669 | 601 | ||
670 | enum PGPKeyDescriptorType | ||
671 | { PGP_KEY_FINGERPRINT, PGP_KEY }; | ||
672 | |||
673 | int | ||
674 | mhd_gtls_gen_openpgp_certificate (mhd_gtls_session_t session, opaque ** data) | ||
675 | { | ||
676 | int ret; | ||
677 | opaque *pdata; | ||
678 | gnutls_cert *apr_cert_list; | ||
679 | gnutls_privkey *apr_pkey; | ||
680 | int apr_cert_list_length; | ||
681 | |||
682 | /* find the appropriate certificate */ | ||
683 | if ((ret = | ||
684 | mhd_gtls_get_selected_cert (session, &apr_cert_list, | ||
685 | &apr_cert_list_length, &apr_pkey)) < 0) | ||
686 | { | ||
687 | gnutls_assert (); | ||
688 | return ret; | ||
689 | } | ||
690 | |||
691 | ret = 3 + 1 + 3; | ||
692 | |||
693 | if (apr_cert_list_length > 0) | ||
694 | ret += apr_cert_list[0].raw.size; | ||
695 | |||
696 | (*data) = gnutls_malloc (ret); | ||
697 | pdata = (*data); | ||
698 | |||
699 | if (pdata == NULL) | ||
700 | { | ||
701 | gnutls_assert (); | ||
702 | return GNUTLS_E_MEMORY_ERROR; | ||
703 | } | ||
704 | |||
705 | mhd_gtls_write_uint24 (ret - 3, pdata); | ||
706 | pdata += 3; | ||
707 | |||
708 | *pdata = PGP_KEY; /* whole key */ | ||
709 | pdata++; | ||
710 | |||
711 | if (apr_cert_list_length > 0) | ||
712 | { | ||
713 | mhd_gtls_write_datum24 (pdata, apr_cert_list[0].raw); | ||
714 | pdata += (3 + apr_cert_list[0].raw.size); | ||
715 | } | ||
716 | else /* empty - no certificate */ | ||
717 | mhd_gtls_write_uint24 (0, pdata); | ||
718 | |||
719 | return ret; | ||
720 | } | ||
721 | |||
722 | int | ||
723 | mhd_gtls_gen_openpgp_certificate_fpr (mhd_gtls_session_t session, opaque ** data) | ||
724 | { | ||
725 | int ret, packet_size; | ||
726 | size_t fpr_size; | ||
727 | opaque *pdata; | ||
728 | gnutls_cert *apr_cert_list; | ||
729 | gnutls_privkey *apr_pkey; | ||
730 | int apr_cert_list_length; | ||
731 | |||
732 | /* find the appropriate certificate */ | ||
733 | if ((ret = | ||
734 | mhd_gtls_get_selected_cert (session, &apr_cert_list, | ||
735 | &apr_cert_list_length, &apr_pkey)) < 0) | ||
736 | { | ||
737 | gnutls_assert (); | ||
738 | return ret; | ||
739 | } | ||
740 | |||
741 | packet_size = 3 + 1; | ||
742 | |||
743 | /* Only v4 fingerprints are sent | ||
744 | */ | ||
745 | if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4) | ||
746 | packet_size += 20 + 1; | ||
747 | else /* empty certificate case */ | ||
748 | return mhd_gtls_gen_openpgp_certificate (session, data); | ||
749 | |||
750 | (*data) = gnutls_malloc (packet_size); | ||
751 | pdata = (*data); | ||
752 | |||
753 | if (pdata == NULL) | ||
754 | { | ||
755 | gnutls_assert (); | ||
756 | return GNUTLS_E_MEMORY_ERROR; | ||
757 | } | ||
758 | |||
759 | mhd_gtls_write_uint24 (packet_size - 3, pdata); | ||
760 | pdata += 3; | ||
761 | |||
762 | *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */ | ||
763 | pdata++; | ||
764 | |||
765 | *pdata = 20; | ||
766 | pdata++; | ||
767 | |||
768 | fpr_size = 20; | ||
769 | |||
770 | if (_E_gnutls_openpgp_fingerprint == NULL) | ||
771 | { | ||
772 | gnutls_assert (); | ||
773 | return GNUTLS_E_INIT_LIBEXTRA; | ||
774 | } | ||
775 | |||
776 | if ((ret = | ||
777 | _E_gnutls_openpgp_fingerprint (&apr_cert_list[0].raw, pdata, | ||
778 | &fpr_size)) < 0) | ||
779 | { | ||
780 | gnutls_assert (); | ||
781 | return ret; | ||
782 | } | ||
783 | |||
784 | return packet_size; | ||
785 | } | ||
786 | |||
787 | |||
788 | |||
789 | int | 602 | int |
790 | mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data) | 603 | mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data) |
791 | { | 604 | { |
792 | switch (session->security_parameters.cert_type) | 605 | switch (session->security_parameters.cert_type) |
793 | { | 606 | { |
794 | case MHD_GNUTLS_CRT_OPENPGP: | ||
795 | if (mhd_gtls_openpgp_send_fingerprint (session) == 0) | ||
796 | return mhd_gtls_gen_openpgp_certificate (session, data); | ||
797 | else | ||
798 | return mhd_gtls_gen_openpgp_certificate_fpr (session, data); | ||
799 | |||
800 | case MHD_GNUTLS_CRT_X509: | 607 | case MHD_GNUTLS_CRT_X509: |
801 | return mhd_gtls_gen_x509_crt (session, data); | 608 | return mhd_gtls_gen_x509_crt (session, data); |
802 | 609 | ||
@@ -811,8 +618,6 @@ mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data | |||
811 | { | 618 | { |
812 | switch (session->security_parameters.cert_type) | 619 | switch (session->security_parameters.cert_type) |
813 | { | 620 | { |
814 | case MHD_GNUTLS_CRT_OPENPGP: | ||
815 | return mhd_gtls_gen_openpgp_certificate (session, data); | ||
816 | case MHD_GNUTLS_CRT_X509: | 621 | case MHD_GNUTLS_CRT_X509: |
817 | return mhd_gtls_gen_x509_crt (session, data); | 622 | return mhd_gtls_gen_x509_crt (session, data); |
818 | default: | 623 | default: |
@@ -967,184 +772,6 @@ cleanup: | |||
967 | } | 772 | } |
968 | 773 | ||
969 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x]) | 774 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x]) |
970 | int | ||
971 | mhd_gtls_proc_openpgp_server_certificate (mhd_gtls_session_t session, | ||
972 | opaque * data, size_t data_size) | ||
973 | { | ||
974 | int size, ret, len; | ||
975 | opaque *p = data; | ||
976 | cert_auth_info_t info; | ||
977 | mhd_gtls_cert_credentials_t cred; | ||
978 | ssize_t dsize = data_size; | ||
979 | int i, x; | ||
980 | gnutls_cert *peer_certificate_list = NULL; | ||
981 | int peer_certificate_list_size = 0; | ||
982 | gnutls_datum_t tmp, akey = { NULL, 0 }; | ||
983 | |||
984 | cred = (mhd_gtls_cert_credentials_t) | ||
985 | mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
986 | if (cred == NULL) | ||
987 | { | ||
988 | gnutls_assert (); | ||
989 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
990 | } | ||
991 | |||
992 | if ((ret = | ||
993 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | ||
994 | sizeof (cert_auth_info_st), 1)) < 0) | ||
995 | { | ||
996 | gnutls_assert (); | ||
997 | return ret; | ||
998 | } | ||
999 | |||
1000 | info = mhd_gtls_get_auth_info (session); | ||
1001 | |||
1002 | if (data == NULL || data_size == 0) | ||
1003 | { | ||
1004 | gnutls_assert (); | ||
1005 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
1006 | } | ||
1007 | |||
1008 | DECR_LEN (dsize, 3); | ||
1009 | size = mhd_gtls_read_uint24 (p); | ||
1010 | p += 3; | ||
1011 | |||
1012 | if (size == 0) | ||
1013 | { | ||
1014 | gnutls_assert (); | ||
1015 | /* no certificate was sent */ | ||
1016 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
1017 | } | ||
1018 | i = dsize; | ||
1019 | |||
1020 | /* Read PGPKeyDescriptor */ | ||
1021 | DECR_LEN (dsize, 1); | ||
1022 | if (*p == PGP_KEY_FINGERPRINT) | ||
1023 | { /* the fingerprint */ | ||
1024 | p++; | ||
1025 | |||
1026 | DECR_LEN (dsize, 1); | ||
1027 | len = (uint8_t) * p; | ||
1028 | p++; | ||
1029 | |||
1030 | if (len != 20) | ||
1031 | { | ||
1032 | gnutls_assert (); | ||
1033 | return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED; | ||
1034 | } | ||
1035 | |||
1036 | DECR_LEN (dsize, 20); | ||
1037 | |||
1038 | /* request the actual key from our database, or | ||
1039 | * a key server or anything. | ||
1040 | */ | ||
1041 | if (_E_gnutls_openpgp_request_key == NULL) | ||
1042 | { | ||
1043 | gnutls_assert (); | ||
1044 | return GNUTLS_E_INIT_LIBEXTRA; | ||
1045 | } | ||
1046 | if ((ret = | ||
1047 | _E_gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0) | ||
1048 | { | ||
1049 | gnutls_assert (); | ||
1050 | return ret; | ||
1051 | } | ||
1052 | tmp = akey; | ||
1053 | peer_certificate_list_size++; | ||
1054 | |||
1055 | } | ||
1056 | else if (*p == PGP_KEY) | ||
1057 | { /* the whole key */ | ||
1058 | |||
1059 | p++; | ||
1060 | |||
1061 | /* Read the actual certificate */ | ||
1062 | DECR_LEN (dsize, 3); | ||
1063 | len = mhd_gtls_read_uint24 (p); | ||
1064 | p += 3; | ||
1065 | |||
1066 | if (len == 0) | ||
1067 | { | ||
1068 | gnutls_assert (); | ||
1069 | /* no certificate was sent */ | ||
1070 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
1071 | } | ||
1072 | |||
1073 | DECR_LEN (dsize, len); | ||
1074 | peer_certificate_list_size++; | ||
1075 | |||
1076 | tmp.size = len; | ||
1077 | tmp.data = p; | ||
1078 | |||
1079 | } | ||
1080 | else | ||
1081 | { | ||
1082 | gnutls_assert (); | ||
1083 | return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; | ||
1084 | } | ||
1085 | |||
1086 | /* ok we now have the peer's key in tmp datum | ||
1087 | */ | ||
1088 | |||
1089 | if (peer_certificate_list_size == 0) | ||
1090 | { | ||
1091 | gnutls_assert (); | ||
1092 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
1093 | } | ||
1094 | |||
1095 | peer_certificate_list = | ||
1096 | gnutls_alloca (sizeof (gnutls_cert) * (peer_certificate_list_size)); | ||
1097 | if (peer_certificate_list == NULL) | ||
1098 | { | ||
1099 | gnutls_assert (); | ||
1100 | ret = GNUTLS_E_MEMORY_ERROR; | ||
1101 | goto cleanup; | ||
1102 | } | ||
1103 | memset (peer_certificate_list, 0, sizeof (gnutls_cert) * | ||
1104 | peer_certificate_list_size); | ||
1105 | |||
1106 | if (_E_gnutls_openpgp_raw_key_to_gcert == NULL) | ||
1107 | { | ||
1108 | gnutls_assert (); | ||
1109 | ret = GNUTLS_E_INIT_LIBEXTRA; | ||
1110 | goto cleanup; | ||
1111 | } | ||
1112 | |||
1113 | if ((ret = | ||
1114 | _E_gnutls_openpgp_raw_key_to_gcert (&peer_certificate_list[0], | ||
1115 | &tmp)) < 0) | ||
1116 | { | ||
1117 | gnutls_assert (); | ||
1118 | goto cleanup; | ||
1119 | } | ||
1120 | |||
1121 | if ((ret = | ||
1122 | _gnutls_copy_certificate_auth_info (info, | ||
1123 | peer_certificate_list, | ||
1124 | peer_certificate_list_size)) < 0) | ||
1125 | { | ||
1126 | gnutls_assert (); | ||
1127 | goto cleanup; | ||
1128 | } | ||
1129 | |||
1130 | if ((ret = | ||
1131 | _gnutls_check_key_usage (&peer_certificate_list[0], | ||
1132 | gnutls_kx_get (session))) < 0) | ||
1133 | { | ||
1134 | gnutls_assert (); | ||
1135 | goto cleanup; | ||
1136 | } | ||
1137 | |||
1138 | ret = 0; | ||
1139 | |||
1140 | cleanup: | ||
1141 | |||
1142 | _gnutls_free_datum (&akey); | ||
1143 | CLEAR_CERTS; | ||
1144 | gnutls_afree (peer_certificate_list); | ||
1145 | return ret; | ||
1146 | |||
1147 | } | ||
1148 | 775 | ||
1149 | int | 776 | int |
1150 | mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, | 777 | mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, |
@@ -1152,9 +779,6 @@ mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, | |||
1152 | { | 779 | { |
1153 | switch (session->security_parameters.cert_type) | 780 | switch (session->security_parameters.cert_type) |
1154 | { | 781 | { |
1155 | case MHD_GNUTLS_CRT_OPENPGP: | ||
1156 | return mhd_gtls_proc_openpgp_server_certificate (session, | ||
1157 | data, data_size); | ||
1158 | case MHD_GNUTLS_CRT_X509: | 782 | case MHD_GNUTLS_CRT_X509: |
1159 | return mhd_gtls_proc_x509_server_certificate (session, data, data_size); | 783 | return mhd_gtls_proc_x509_server_certificate (session, data, data_size); |
1160 | default: | 784 | default: |
@@ -1262,13 +886,6 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | |||
1262 | size = mhd_gtls_read_uint16 (p); | 886 | size = mhd_gtls_read_uint16 (p); |
1263 | p += 2; | 887 | p += 2; |
1264 | 888 | ||
1265 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP | ||
1266 | && size != 0) | ||
1267 | { | ||
1268 | gnutls_assert (); // size should be zero | ||
1269 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
1270 | } | ||
1271 | |||
1272 | DECR_LEN (dsize, size); | 889 | DECR_LEN (dsize, size); |
1273 | 890 | ||
1274 | /* now we ask the user to tell which one | 891 | /* now we ask the user to tell which one |
@@ -1578,85 +1195,6 @@ alloc_and_load_x509_key (gnutls_x509_privkey_t key) | |||
1578 | return local_key; | 1195 | return local_key; |
1579 | } | 1196 | } |
1580 | 1197 | ||
1581 | /* converts the given pgp certificate to gnutls_cert* and allocates | ||
1582 | * space for them. | ||
1583 | */ | ||
1584 | static gnutls_cert * | ||
1585 | alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert) | ||
1586 | { | ||
1587 | gnutls_cert *local_certs; | ||
1588 | int ret = 0; | ||
1589 | |||
1590 | if (cert == NULL) | ||
1591 | return NULL; | ||
1592 | |||
1593 | local_certs = gnutls_malloc (sizeof (gnutls_cert)); | ||
1594 | if (local_certs == NULL) | ||
1595 | { | ||
1596 | gnutls_assert (); | ||
1597 | return NULL; | ||
1598 | } | ||
1599 | |||
1600 | if (_E_gnutls_openpgp_crt_to_gcert == NULL) | ||
1601 | { | ||
1602 | gnutls_assert (); | ||
1603 | return NULL; | ||
1604 | } | ||
1605 | |||
1606 | ret = _E_gnutls_openpgp_crt_to_gcert (local_certs, cert); | ||
1607 | if (ret < 0) | ||
1608 | { | ||
1609 | gnutls_assert (); | ||
1610 | return NULL; | ||
1611 | } | ||
1612 | |||
1613 | if (ret < 0) | ||
1614 | { | ||
1615 | gnutls_assert (); | ||
1616 | mhd_gtls_gcert_deinit (local_certs); | ||
1617 | gnutls_free (local_certs); | ||
1618 | return NULL; | ||
1619 | } | ||
1620 | |||
1621 | return local_certs; | ||
1622 | } | ||
1623 | |||
1624 | /* converts the given raw key to gnutls_privkey* and allocates | ||
1625 | * space for it. | ||
1626 | */ | ||
1627 | static gnutls_privkey * | ||
1628 | alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t key) | ||
1629 | { | ||
1630 | gnutls_privkey *local_key; | ||
1631 | int ret = 0; | ||
1632 | |||
1633 | if (key == NULL) | ||
1634 | return NULL; | ||
1635 | |||
1636 | local_key = gnutls_malloc (sizeof (gnutls_privkey)); | ||
1637 | if (local_key == NULL) | ||
1638 | { | ||
1639 | gnutls_assert (); | ||
1640 | return NULL; | ||
1641 | } | ||
1642 | |||
1643 | if (_E_gnutls_openpgp_privkey_to_gkey == NULL) | ||
1644 | { | ||
1645 | gnutls_assert (); | ||
1646 | return NULL; | ||
1647 | } | ||
1648 | |||
1649 | ret = _E_gnutls_openpgp_privkey_to_gkey (local_key, key); | ||
1650 | if (ret < 0) | ||
1651 | { | ||
1652 | gnutls_assert (); | ||
1653 | return NULL; | ||
1654 | } | ||
1655 | |||
1656 | return local_key; | ||
1657 | } | ||
1658 | |||
1659 | |||
1660 | void | 1198 | void |
1661 | mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session) | 1199 | mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session) |
1662 | { | 1200 | { |