diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-08-24 15:34:34 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-08-24 15:34:34 +0000 |
commit | bde481fb521f299d9c5bf654573f73a7958d461a (patch) | |
tree | 0a23772d9f4e564baee6cababcbb047aef0e6937 /src/daemon | |
parent | 2bdfce2c5a5348faa69ca52f1721a911d527c9fa (diff) | |
download | libmicrohttpd-bde481fb521f299d9c5bf654573f73a7958d461a.tar.gz libmicrohttpd-bde481fb521f299d9c5bf654573f73a7958d461a.zip |
removing more -- hopefully all -- openpgp related code
Diffstat (limited to 'src/daemon')
-rw-r--r-- | src/daemon/https/gnutls.h | 25 | ||||
-rw-r--r-- | src/daemon/https/tls/Makefile.am | 1 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_cert.c | 468 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_cert.h | 2 | ||||
-rw-r--r-- | src/daemon/https/tls/ext_cert_type.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/ext_inner_application.c | 2 | ||||
-rw-r--r-- | src/daemon/https/tls/ext_server_name.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_alert.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_algorithms.c | 11 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_cert.c | 106 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_errors.c | 7 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_extra_hooks.c | 78 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_extra_hooks.h | 106 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_int.h | 1 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_state.c | 23 |
15 files changed, 9 insertions, 833 deletions
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h index 9cb0821f..c7383ef3 100644 --- a/src/daemon/https/gnutls.h +++ b/src/daemon/https/gnutls.h | |||
@@ -128,9 +128,6 @@ extern "C" | |||
128 | GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23 | 128 | GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23 |
129 | } gnutls_handshake_description_t; | 129 | } gnutls_handshake_description_t; |
130 | 130 | ||
131 | /* Note that the status bits have different meanings | ||
132 | * in openpgp keys and x.509 certificate verification. | ||
133 | */ | ||
134 | typedef enum | 131 | typedef enum |
135 | { | 132 | { |
136 | GNUTLS_CERT_INVALID = 2, /* will be set if the certificate | 133 | GNUTLS_CERT_INVALID = 2, /* will be set if the certificate |
@@ -156,11 +153,6 @@ extern "C" | |||
156 | } gnutls_certificate_request_t; | 153 | } gnutls_certificate_request_t; |
157 | 154 | ||
158 | typedef enum | 155 | typedef enum |
159 | { GNUTLS_OPENPGP_CERT, | ||
160 | GNUTLS_OPENPGP_CERT_FINGERPRINT | ||
161 | } gnutls_openpgp_crt_status_t; | ||
162 | |||
163 | typedef enum | ||
164 | { | 156 | { |
165 | GNUTLS_SHUT_RDWR = 0, | 157 | GNUTLS_SHUT_RDWR = 0, |
166 | GNUTLS_SHUT_WR = 1 | 158 | GNUTLS_SHUT_WR = 1 |
@@ -639,9 +631,6 @@ extern "C" | |||
639 | void MHD_gnutls_session_set_ptr (mhd_gtls_session_t session, void *ptr); | 631 | void MHD_gnutls_session_set_ptr (mhd_gtls_session_t session, void *ptr); |
640 | void * MHD_gtls_session_get_ptr (mhd_gtls_session_t session); | 632 | void * MHD_gtls_session_get_ptr (mhd_gtls_session_t session); |
641 | 633 | ||
642 | void MHD_gtls_openpgp_send_cert (mhd_gtls_session_t session, | ||
643 | gnutls_openpgp_crt_status_t status); | ||
644 | |||
645 | /* | 634 | /* |
646 | * this function returns the hash of the given data. | 635 | * this function returns the hash of the given data. |
647 | */ | 636 | */ |
@@ -798,26 +787,18 @@ extern "C" | |||
798 | GNUTLS_SAN_OTHERNAME_XMPP = 1000 | 787 | GNUTLS_SAN_OTHERNAME_XMPP = 1000 |
799 | } gnutls_x509_subject_alt_name_t; | 788 | } gnutls_x509_subject_alt_name_t; |
800 | 789 | ||
801 | struct gnutls_openpgp_crt_int; | ||
802 | typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t; | ||
803 | |||
804 | struct gnutls_openpgp_privkey_int; | ||
805 | typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t; | ||
806 | |||
807 | typedef struct gnutls_retr_st | 790 | typedef struct gnutls_retr_st |
808 | { | 791 | { |
809 | gnutls_certificate_type_t type; | 792 | gnutls_certificate_type_t type; |
810 | union cert | 793 | union cert |
811 | { | 794 | { |
812 | gnutls_x509_crt_t *x509; | 795 | gnutls_x509_crt_t *x509; |
813 | gnutls_openpgp_crt_t pgp; | ||
814 | } cert; | 796 | } cert; |
815 | unsigned int ncerts; /* one for pgp keys */ | 797 | unsigned int ncerts; |
816 | 798 | ||
817 | union key | 799 | union key |
818 | { | 800 | { |
819 | gnutls_x509_privkey_t x509; | 801 | gnutls_x509_privkey_t x509; |
820 | gnutls_openpgp_privkey_t pgp; | ||
821 | } key; | 802 | } key; |
822 | 803 | ||
823 | unsigned int deinit_all; /* if non zero all keys will be deinited */ | 804 | unsigned int deinit_all; /* if non zero all keys will be deinited */ |
@@ -1026,7 +1007,6 @@ extern "C" | |||
1026 | #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86 | 1007 | #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86 |
1027 | #define GNUTLS_E_NO_CIPHER_SUITES -87 | 1008 | #define GNUTLS_E_NO_CIPHER_SUITES -87 |
1028 | 1009 | ||
1029 | #define GNUTLS_E_OPENPGP_GETKEY_FAILED -88 | ||
1030 | #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89 | 1010 | #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89 |
1031 | 1011 | ||
1032 | #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90 | 1012 | #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90 |
@@ -1046,13 +1026,11 @@ extern "C" | |||
1046 | #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75 | 1026 | #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75 |
1047 | #define GNUTLS_E_ASN1_SYNTAX_ERROR -76 | 1027 | #define GNUTLS_E_ASN1_SYNTAX_ERROR -76 |
1048 | #define GNUTLS_E_ASN1_DER_OVERFLOW -77 | 1028 | #define GNUTLS_E_ASN1_DER_OVERFLOW -77 |
1049 | #define GNUTLS_E_OPENPGP_UID_REVOKED -79 | ||
1050 | #define GNUTLS_E_CERTIFICATE_ERROR -43 | 1029 | #define GNUTLS_E_CERTIFICATE_ERROR -43 |
1051 | #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR | 1030 | #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR |
1052 | #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60 | 1031 | #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60 |
1053 | #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */ | 1032 | #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */ |
1054 | #define GNUTLS_E_X509_UNKNOWN_SAN -62 | 1033 | #define GNUTLS_E_X509_UNKNOWN_SAN -62 |
1055 | #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94 | ||
1056 | #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95 | 1034 | #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95 |
1057 | #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96 | 1035 | #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96 |
1058 | #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97 | 1036 | #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97 |
@@ -1073,7 +1051,6 @@ extern "C" | |||
1073 | #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202 | 1051 | #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202 |
1074 | #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 | 1052 | #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 |
1075 | 1053 | ||
1076 | #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204 | ||
1077 | #define GNUTLS_E_X509_UNSUPPORTED_OID -205 | 1054 | #define GNUTLS_E_X509_UNSUPPORTED_OID -205 |
1078 | 1055 | ||
1079 | #define GNUTLS_E_RANDOM_FAILED -206 | 1056 | #define GNUTLS_E_RANDOM_FAILED -206 |
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am index 275fef0d..8e7cd953 100644 --- a/src/daemon/https/tls/Makefile.am +++ b/src/daemon/https/tls/Makefile.am | |||
@@ -47,7 +47,6 @@ gnutls_dh.c \ | |||
47 | gnutls_dh_primes.c \ | 47 | gnutls_dh_primes.c \ |
48 | gnutls_errors.c \ | 48 | gnutls_errors.c \ |
49 | gnutls_extensions.c \ | 49 | gnutls_extensions.c \ |
50 | gnutls_extra_hooks.c \ | ||
51 | gnutls_global.c \ | 50 | gnutls_global.c \ |
52 | gnutls_handshake.c \ | 51 | gnutls_handshake.c \ |
53 | gnutls_hash_int.c \ | 52 | gnutls_hash_int.c \ |
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c index 308c3878..643b32cb 100644 --- a/src/daemon/https/tls/auth_cert.c +++ b/src/daemon/https/tls/auth_cert.c | |||
@@ -43,15 +43,11 @@ | |||
43 | #include <gnutls_state.h> | 43 | #include <gnutls_state.h> |
44 | #include <gnutls_pk.h> | 44 | #include <gnutls_pk.h> |
45 | #include <gnutls_x509.h> | 45 | #include <gnutls_x509.h> |
46 | #include <gnutls_extra_hooks.h> | ||
47 | #include "debug.h" | 46 | #include "debug.h" |
48 | 47 | ||
49 | static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, | 48 | static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, |
50 | unsigned); | 49 | unsigned); |
51 | static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); | 50 | static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key); |
52 | static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert); | ||
53 | static gnutls_privkey *alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t | ||
54 | key); | ||
55 | 51 | ||
56 | 52 | ||
57 | /* Copies data from a internal certificate struct (gnutls_cert) to | 53 | /* Copies data from a internal certificate struct (gnutls_cert) to |
@@ -255,41 +251,6 @@ _find_x509_cert (const mhd_gtls_cert_credentials_t cred, | |||
255 | 251 | ||
256 | } | 252 | } |
257 | 253 | ||
258 | /* Locates the most appropriate openpgp cert | ||
259 | */ | ||
260 | static int | ||
261 | _find_openpgp_cert (const mhd_gtls_cert_credentials_t cred, | ||
262 | gnutls_pk_algorithm_t * pk_algos, | ||
263 | int pk_algos_length, int *indx) | ||
264 | { | ||
265 | unsigned i, j; | ||
266 | |||
267 | *indx = -1; | ||
268 | |||
269 | for (i = 0; i < cred->ncerts; i++) | ||
270 | { | ||
271 | for (j = 0; j < cred->cert_list_length[i]; j++) | ||
272 | { | ||
273 | |||
274 | /* If the *_SIGN algorithm matches | ||
275 | * the cert is our cert! | ||
276 | */ | ||
277 | if ((_gnutls_check_pk_algo_in_list | ||
278 | (pk_algos, pk_algos_length, | ||
279 | cred->cert_list[i][0].subject_pk_algorithm) == 0) | ||
280 | && (cred->cert_list[i][0].cert_type == MHD_GNUTLS_CRT_OPENPGP)) | ||
281 | { | ||
282 | *indx = i; | ||
283 | break; | ||
284 | } | ||
285 | } | ||
286 | if (*indx != -1) | ||
287 | break; | ||
288 | } | ||
289 | |||
290 | return 0; | ||
291 | } | ||
292 | |||
293 | /* Returns the number of issuers in the server's | 254 | /* Returns the number of issuers in the server's |
294 | * certificate request packet. | 255 | * certificate request packet. |
295 | */ | 256 | */ |
@@ -444,17 +405,9 @@ call_get_cert_callback (mhd_gtls_session_t session, | |||
444 | } | 405 | } |
445 | else | 406 | else |
446 | { /* PGP */ | 407 | { /* PGP */ |
447 | if (st.ncerts > 1) | 408 | gnutls_assert (); |
448 | { | 409 | ret = GNUTLS_E_INVALID_REQUEST; |
449 | gnutls_assert (); | 410 | goto cleanup; |
450 | ret = GNUTLS_E_INVALID_REQUEST; | ||
451 | goto cleanup; | ||
452 | } | ||
453 | |||
454 | local_certs = alloc_and_load_pgp_certs (st.cert.pgp); | ||
455 | if (local_certs != NULL) | ||
456 | local_key = alloc_and_load_pgp_key (st.key.pgp); | ||
457 | |||
458 | } | 411 | } |
459 | 412 | ||
460 | mhd_gtls_selected_certs_set (session, local_certs, | 413 | mhd_gtls_selected_certs_set (session, local_certs, |
@@ -477,22 +430,6 @@ cleanup: | |||
477 | gnutls_x509_privkey_deinit (st.key.x509); | 430 | gnutls_x509_privkey_deinit (st.key.x509); |
478 | } | 431 | } |
479 | } | 432 | } |
480 | else | ||
481 | { | ||
482 | if (st.deinit_all) | ||
483 | { | ||
484 | if (_E_gnutls_openpgp_crt_deinit == NULL || | ||
485 | _E_gnutls_openpgp_privkey_deinit == NULL) | ||
486 | { | ||
487 | gnutls_assert (); | ||
488 | return GNUTLS_E_INIT_LIBEXTRA; | ||
489 | } | ||
490 | |||
491 | _E_gnutls_openpgp_crt_deinit (st.cert.pgp); | ||
492 | _E_gnutls_openpgp_privkey_deinit (st.key.pgp); | ||
493 | } | ||
494 | } | ||
495 | |||
496 | return ret; | 433 | return ret; |
497 | } | 434 | } |
498 | 435 | ||
@@ -577,11 +514,6 @@ _select_client_cert (mhd_gtls_session_t session, | |||
577 | result = | 514 | result = |
578 | _find_x509_cert (cred, _data, _data_size, | 515 | _find_x509_cert (cred, _data, _data_size, |
579 | pk_algos, pk_algos_length, &indx); | 516 | pk_algos, pk_algos_length, &indx); |
580 | |||
581 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP) | ||
582 | result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx); | ||
583 | |||
584 | |||
585 | if (result < 0) | 517 | if (result < 0) |
586 | { | 518 | { |
587 | gnutls_assert (); | 519 | gnutls_assert (); |
@@ -667,136 +599,11 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data) | |||
667 | return ret; | 599 | return ret; |
668 | } | 600 | } |
669 | 601 | ||
670 | enum PGPKeyDescriptorType | ||
671 | { PGP_KEY_FINGERPRINT, PGP_KEY }; | ||
672 | |||
673 | int | ||
674 | mhd_gtls_gen_openpgp_certificate (mhd_gtls_session_t session, opaque ** data) | ||
675 | { | ||
676 | int ret; | ||
677 | opaque *pdata; | ||
678 | gnutls_cert *apr_cert_list; | ||
679 | gnutls_privkey *apr_pkey; | ||
680 | int apr_cert_list_length; | ||
681 | |||
682 | /* find the appropriate certificate */ | ||
683 | if ((ret = | ||
684 | mhd_gtls_get_selected_cert (session, &apr_cert_list, | ||
685 | &apr_cert_list_length, &apr_pkey)) < 0) | ||
686 | { | ||
687 | gnutls_assert (); | ||
688 | return ret; | ||
689 | } | ||
690 | |||
691 | ret = 3 + 1 + 3; | ||
692 | |||
693 | if (apr_cert_list_length > 0) | ||
694 | ret += apr_cert_list[0].raw.size; | ||
695 | |||
696 | (*data) = gnutls_malloc (ret); | ||
697 | pdata = (*data); | ||
698 | |||
699 | if (pdata == NULL) | ||
700 | { | ||
701 | gnutls_assert (); | ||
702 | return GNUTLS_E_MEMORY_ERROR; | ||
703 | } | ||
704 | |||
705 | mhd_gtls_write_uint24 (ret - 3, pdata); | ||
706 | pdata += 3; | ||
707 | |||
708 | *pdata = PGP_KEY; /* whole key */ | ||
709 | pdata++; | ||
710 | |||
711 | if (apr_cert_list_length > 0) | ||
712 | { | ||
713 | mhd_gtls_write_datum24 (pdata, apr_cert_list[0].raw); | ||
714 | pdata += (3 + apr_cert_list[0].raw.size); | ||
715 | } | ||
716 | else /* empty - no certificate */ | ||
717 | mhd_gtls_write_uint24 (0, pdata); | ||
718 | |||
719 | return ret; | ||
720 | } | ||
721 | |||
722 | int | ||
723 | mhd_gtls_gen_openpgp_certificate_fpr (mhd_gtls_session_t session, opaque ** data) | ||
724 | { | ||
725 | int ret, packet_size; | ||
726 | size_t fpr_size; | ||
727 | opaque *pdata; | ||
728 | gnutls_cert *apr_cert_list; | ||
729 | gnutls_privkey *apr_pkey; | ||
730 | int apr_cert_list_length; | ||
731 | |||
732 | /* find the appropriate certificate */ | ||
733 | if ((ret = | ||
734 | mhd_gtls_get_selected_cert (session, &apr_cert_list, | ||
735 | &apr_cert_list_length, &apr_pkey)) < 0) | ||
736 | { | ||
737 | gnutls_assert (); | ||
738 | return ret; | ||
739 | } | ||
740 | |||
741 | packet_size = 3 + 1; | ||
742 | |||
743 | /* Only v4 fingerprints are sent | ||
744 | */ | ||
745 | if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4) | ||
746 | packet_size += 20 + 1; | ||
747 | else /* empty certificate case */ | ||
748 | return mhd_gtls_gen_openpgp_certificate (session, data); | ||
749 | |||
750 | (*data) = gnutls_malloc (packet_size); | ||
751 | pdata = (*data); | ||
752 | |||
753 | if (pdata == NULL) | ||
754 | { | ||
755 | gnutls_assert (); | ||
756 | return GNUTLS_E_MEMORY_ERROR; | ||
757 | } | ||
758 | |||
759 | mhd_gtls_write_uint24 (packet_size - 3, pdata); | ||
760 | pdata += 3; | ||
761 | |||
762 | *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */ | ||
763 | pdata++; | ||
764 | |||
765 | *pdata = 20; | ||
766 | pdata++; | ||
767 | |||
768 | fpr_size = 20; | ||
769 | |||
770 | if (_E_gnutls_openpgp_fingerprint == NULL) | ||
771 | { | ||
772 | gnutls_assert (); | ||
773 | return GNUTLS_E_INIT_LIBEXTRA; | ||
774 | } | ||
775 | |||
776 | if ((ret = | ||
777 | _E_gnutls_openpgp_fingerprint (&apr_cert_list[0].raw, pdata, | ||
778 | &fpr_size)) < 0) | ||
779 | { | ||
780 | gnutls_assert (); | ||
781 | return ret; | ||
782 | } | ||
783 | |||
784 | return packet_size; | ||
785 | } | ||
786 | |||
787 | |||
788 | |||
789 | int | 602 | int |
790 | mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data) | 603 | mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data) |
791 | { | 604 | { |
792 | switch (session->security_parameters.cert_type) | 605 | switch (session->security_parameters.cert_type) |
793 | { | 606 | { |
794 | case MHD_GNUTLS_CRT_OPENPGP: | ||
795 | if (mhd_gtls_openpgp_send_fingerprint (session) == 0) | ||
796 | return mhd_gtls_gen_openpgp_certificate (session, data); | ||
797 | else | ||
798 | return mhd_gtls_gen_openpgp_certificate_fpr (session, data); | ||
799 | |||
800 | case MHD_GNUTLS_CRT_X509: | 607 | case MHD_GNUTLS_CRT_X509: |
801 | return mhd_gtls_gen_x509_crt (session, data); | 608 | return mhd_gtls_gen_x509_crt (session, data); |
802 | 609 | ||
@@ -811,8 +618,6 @@ mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data | |||
811 | { | 618 | { |
812 | switch (session->security_parameters.cert_type) | 619 | switch (session->security_parameters.cert_type) |
813 | { | 620 | { |
814 | case MHD_GNUTLS_CRT_OPENPGP: | ||
815 | return mhd_gtls_gen_openpgp_certificate (session, data); | ||
816 | case MHD_GNUTLS_CRT_X509: | 621 | case MHD_GNUTLS_CRT_X509: |
817 | return mhd_gtls_gen_x509_crt (session, data); | 622 | return mhd_gtls_gen_x509_crt (session, data); |
818 | default: | 623 | default: |
@@ -967,184 +772,6 @@ cleanup: | |||
967 | } | 772 | } |
968 | 773 | ||
969 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x]) | 774 | #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x]) |
970 | int | ||
971 | mhd_gtls_proc_openpgp_server_certificate (mhd_gtls_session_t session, | ||
972 | opaque * data, size_t data_size) | ||
973 | { | ||
974 | int size, ret, len; | ||
975 | opaque *p = data; | ||
976 | cert_auth_info_t info; | ||
977 | mhd_gtls_cert_credentials_t cred; | ||
978 | ssize_t dsize = data_size; | ||
979 | int i, x; | ||
980 | gnutls_cert *peer_certificate_list = NULL; | ||
981 | int peer_certificate_list_size = 0; | ||
982 | gnutls_datum_t tmp, akey = { NULL, 0 }; | ||
983 | |||
984 | cred = (mhd_gtls_cert_credentials_t) | ||
985 | mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
986 | if (cred == NULL) | ||
987 | { | ||
988 | gnutls_assert (); | ||
989 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
990 | } | ||
991 | |||
992 | if ((ret = | ||
993 | mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | ||
994 | sizeof (cert_auth_info_st), 1)) < 0) | ||
995 | { | ||
996 | gnutls_assert (); | ||
997 | return ret; | ||
998 | } | ||
999 | |||
1000 | info = mhd_gtls_get_auth_info (session); | ||
1001 | |||
1002 | if (data == NULL || data_size == 0) | ||
1003 | { | ||
1004 | gnutls_assert (); | ||
1005 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
1006 | } | ||
1007 | |||
1008 | DECR_LEN (dsize, 3); | ||
1009 | size = mhd_gtls_read_uint24 (p); | ||
1010 | p += 3; | ||
1011 | |||
1012 | if (size == 0) | ||
1013 | { | ||
1014 | gnutls_assert (); | ||
1015 | /* no certificate was sent */ | ||
1016 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
1017 | } | ||
1018 | i = dsize; | ||
1019 | |||
1020 | /* Read PGPKeyDescriptor */ | ||
1021 | DECR_LEN (dsize, 1); | ||
1022 | if (*p == PGP_KEY_FINGERPRINT) | ||
1023 | { /* the fingerprint */ | ||
1024 | p++; | ||
1025 | |||
1026 | DECR_LEN (dsize, 1); | ||
1027 | len = (uint8_t) * p; | ||
1028 | p++; | ||
1029 | |||
1030 | if (len != 20) | ||
1031 | { | ||
1032 | gnutls_assert (); | ||
1033 | return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED; | ||
1034 | } | ||
1035 | |||
1036 | DECR_LEN (dsize, 20); | ||
1037 | |||
1038 | /* request the actual key from our database, or | ||
1039 | * a key server or anything. | ||
1040 | */ | ||
1041 | if (_E_gnutls_openpgp_request_key == NULL) | ||
1042 | { | ||
1043 | gnutls_assert (); | ||
1044 | return GNUTLS_E_INIT_LIBEXTRA; | ||
1045 | } | ||
1046 | if ((ret = | ||
1047 | _E_gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0) | ||
1048 | { | ||
1049 | gnutls_assert (); | ||
1050 | return ret; | ||
1051 | } | ||
1052 | tmp = akey; | ||
1053 | peer_certificate_list_size++; | ||
1054 | |||
1055 | } | ||
1056 | else if (*p == PGP_KEY) | ||
1057 | { /* the whole key */ | ||
1058 | |||
1059 | p++; | ||
1060 | |||
1061 | /* Read the actual certificate */ | ||
1062 | DECR_LEN (dsize, 3); | ||
1063 | len = mhd_gtls_read_uint24 (p); | ||
1064 | p += 3; | ||
1065 | |||
1066 | if (len == 0) | ||
1067 | { | ||
1068 | gnutls_assert (); | ||
1069 | /* no certificate was sent */ | ||
1070 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
1071 | } | ||
1072 | |||
1073 | DECR_LEN (dsize, len); | ||
1074 | peer_certificate_list_size++; | ||
1075 | |||
1076 | tmp.size = len; | ||
1077 | tmp.data = p; | ||
1078 | |||
1079 | } | ||
1080 | else | ||
1081 | { | ||
1082 | gnutls_assert (); | ||
1083 | return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; | ||
1084 | } | ||
1085 | |||
1086 | /* ok we now have the peer's key in tmp datum | ||
1087 | */ | ||
1088 | |||
1089 | if (peer_certificate_list_size == 0) | ||
1090 | { | ||
1091 | gnutls_assert (); | ||
1092 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
1093 | } | ||
1094 | |||
1095 | peer_certificate_list = | ||
1096 | gnutls_alloca (sizeof (gnutls_cert) * (peer_certificate_list_size)); | ||
1097 | if (peer_certificate_list == NULL) | ||
1098 | { | ||
1099 | gnutls_assert (); | ||
1100 | ret = GNUTLS_E_MEMORY_ERROR; | ||
1101 | goto cleanup; | ||
1102 | } | ||
1103 | memset (peer_certificate_list, 0, sizeof (gnutls_cert) * | ||
1104 | peer_certificate_list_size); | ||
1105 | |||
1106 | if (_E_gnutls_openpgp_raw_key_to_gcert == NULL) | ||
1107 | { | ||
1108 | gnutls_assert (); | ||
1109 | ret = GNUTLS_E_INIT_LIBEXTRA; | ||
1110 | goto cleanup; | ||
1111 | } | ||
1112 | |||
1113 | if ((ret = | ||
1114 | _E_gnutls_openpgp_raw_key_to_gcert (&peer_certificate_list[0], | ||
1115 | &tmp)) < 0) | ||
1116 | { | ||
1117 | gnutls_assert (); | ||
1118 | goto cleanup; | ||
1119 | } | ||
1120 | |||
1121 | if ((ret = | ||
1122 | _gnutls_copy_certificate_auth_info (info, | ||
1123 | peer_certificate_list, | ||
1124 | peer_certificate_list_size)) < 0) | ||
1125 | { | ||
1126 | gnutls_assert (); | ||
1127 | goto cleanup; | ||
1128 | } | ||
1129 | |||
1130 | if ((ret = | ||
1131 | _gnutls_check_key_usage (&peer_certificate_list[0], | ||
1132 | gnutls_kx_get (session))) < 0) | ||
1133 | { | ||
1134 | gnutls_assert (); | ||
1135 | goto cleanup; | ||
1136 | } | ||
1137 | |||
1138 | ret = 0; | ||
1139 | |||
1140 | cleanup: | ||
1141 | |||
1142 | _gnutls_free_datum (&akey); | ||
1143 | CLEAR_CERTS; | ||
1144 | gnutls_afree (peer_certificate_list); | ||
1145 | return ret; | ||
1146 | |||
1147 | } | ||
1148 | 775 | ||
1149 | int | 776 | int |
1150 | mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, | 777 | mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, |
@@ -1152,9 +779,6 @@ mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session, | |||
1152 | { | 779 | { |
1153 | switch (session->security_parameters.cert_type) | 780 | switch (session->security_parameters.cert_type) |
1154 | { | 781 | { |
1155 | case MHD_GNUTLS_CRT_OPENPGP: | ||
1156 | return mhd_gtls_proc_openpgp_server_certificate (session, | ||
1157 | data, data_size); | ||
1158 | case MHD_GNUTLS_CRT_X509: | 782 | case MHD_GNUTLS_CRT_X509: |
1159 | return mhd_gtls_proc_x509_server_certificate (session, data, data_size); | 783 | return mhd_gtls_proc_x509_server_certificate (session, data, data_size); |
1160 | default: | 784 | default: |
@@ -1262,13 +886,6 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, | |||
1262 | size = mhd_gtls_read_uint16 (p); | 886 | size = mhd_gtls_read_uint16 (p); |
1263 | p += 2; | 887 | p += 2; |
1264 | 888 | ||
1265 | if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP | ||
1266 | && size != 0) | ||
1267 | { | ||
1268 | gnutls_assert (); // size should be zero | ||
1269 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
1270 | } | ||
1271 | |||
1272 | DECR_LEN (dsize, size); | 889 | DECR_LEN (dsize, size); |
1273 | 890 | ||
1274 | /* now we ask the user to tell which one | 891 | /* now we ask the user to tell which one |
@@ -1578,85 +1195,6 @@ alloc_and_load_x509_key (gnutls_x509_privkey_t key) | |||
1578 | return local_key; | 1195 | return local_key; |
1579 | } | 1196 | } |
1580 | 1197 | ||
1581 | /* converts the given pgp certificate to gnutls_cert* and allocates | ||
1582 | * space for them. | ||
1583 | */ | ||
1584 | static gnutls_cert * | ||
1585 | alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert) | ||
1586 | { | ||
1587 | gnutls_cert *local_certs; | ||
1588 | int ret = 0; | ||
1589 | |||
1590 | if (cert == NULL) | ||
1591 | return NULL; | ||
1592 | |||
1593 | local_certs = gnutls_malloc (sizeof (gnutls_cert)); | ||
1594 | if (local_certs == NULL) | ||
1595 | { | ||
1596 | gnutls_assert (); | ||
1597 | return NULL; | ||
1598 | } | ||
1599 | |||
1600 | if (_E_gnutls_openpgp_crt_to_gcert == NULL) | ||
1601 | { | ||
1602 | gnutls_assert (); | ||
1603 | return NULL; | ||
1604 | } | ||
1605 | |||
1606 | ret = _E_gnutls_openpgp_crt_to_gcert (local_certs, cert); | ||
1607 | if (ret < 0) | ||
1608 | { | ||
1609 | gnutls_assert (); | ||
1610 | return NULL; | ||
1611 | } | ||
1612 | |||
1613 | if (ret < 0) | ||
1614 | { | ||
1615 | gnutls_assert (); | ||
1616 | mhd_gtls_gcert_deinit (local_certs); | ||
1617 | gnutls_free (local_certs); | ||
1618 | return NULL; | ||
1619 | } | ||
1620 | |||
1621 | return local_certs; | ||
1622 | } | ||
1623 | |||
1624 | /* converts the given raw key to gnutls_privkey* and allocates | ||
1625 | * space for it. | ||
1626 | */ | ||
1627 | static gnutls_privkey * | ||
1628 | alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t key) | ||
1629 | { | ||
1630 | gnutls_privkey *local_key; | ||
1631 | int ret = 0; | ||
1632 | |||
1633 | if (key == NULL) | ||
1634 | return NULL; | ||
1635 | |||
1636 | local_key = gnutls_malloc (sizeof (gnutls_privkey)); | ||
1637 | if (local_key == NULL) | ||
1638 | { | ||
1639 | gnutls_assert (); | ||
1640 | return NULL; | ||
1641 | } | ||
1642 | |||
1643 | if (_E_gnutls_openpgp_privkey_to_gkey == NULL) | ||
1644 | { | ||
1645 | gnutls_assert (); | ||
1646 | return NULL; | ||
1647 | } | ||
1648 | |||
1649 | ret = _E_gnutls_openpgp_privkey_to_gkey (local_key, key); | ||
1650 | if (ret < 0) | ||
1651 | { | ||
1652 | gnutls_assert (); | ||
1653 | return NULL; | ||
1654 | } | ||
1655 | |||
1656 | return local_key; | ||
1657 | } | ||
1658 | |||
1659 | |||
1660 | void | 1198 | void |
1661 | mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session) | 1199 | mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session) |
1662 | { | 1200 | { |
diff --git a/src/daemon/https/tls/auth_cert.h b/src/daemon/https/tls/auth_cert.h index c77d1f32..e6234242 100644 --- a/src/daemon/https/tls/auth_cert.h +++ b/src/daemon/https/tls/auth_cert.h | |||
@@ -29,8 +29,6 @@ | |||
29 | #include "gnutls_auth.h" | 29 | #include "gnutls_auth.h" |
30 | #include "auth_dh_common.h" | 30 | #include "auth_dh_common.h" |
31 | #include "x509.h" | 31 | #include "x509.h" |
32 | #include "openpgp.h" | ||
33 | #include "extra.h" | ||
34 | 32 | ||
35 | /* This structure may be complex, but it's the only way to | 33 | /* This structure may be complex, but it's the only way to |
36 | * support a server that has multiple certificates | 34 | * support a server that has multiple certificates |
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c index 8d37abae..3b47fdbb 100644 --- a/src/daemon/https/tls/ext_cert_type.c +++ b/src/daemon/https/tls/ext_cert_type.c | |||
@@ -221,8 +221,6 @@ _gnutls_num2cert_type (int num) | |||
221 | { | 221 | { |
222 | case 0: | 222 | case 0: |
223 | return MHD_GNUTLS_CRT_X509; | 223 | return MHD_GNUTLS_CRT_X509; |
224 | case 1: | ||
225 | return MHD_GNUTLS_CRT_OPENPGP; | ||
226 | default: | 224 | default: |
227 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | 225 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; |
228 | } | 226 | } |
@@ -238,8 +236,6 @@ _gnutls_cert_type2num (int cert_type) | |||
238 | { | 236 | { |
239 | case MHD_GNUTLS_CRT_X509: | 237 | case MHD_GNUTLS_CRT_X509: |
240 | return 0; | 238 | return 0; |
241 | case MHD_GNUTLS_CRT_OPENPGP: | ||
242 | return 1; | ||
243 | default: | 239 | default: |
244 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | 240 | return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; |
245 | } | 241 | } |
diff --git a/src/daemon/https/tls/ext_inner_application.c b/src/daemon/https/tls/ext_inner_application.c index f4fafb0b..24dd265f 100644 --- a/src/daemon/https/tls/ext_inner_application.c +++ b/src/daemon/https/tls/ext_inner_application.c | |||
@@ -86,7 +86,7 @@ mhd_gtls_inner_app_send_params (mhd_gtls_session_t session, | |||
86 | else | 86 | else |
87 | #endif | 87 | #endif |
88 | { | 88 | { |
89 | gnutls_ia_server_credentials_t cred = (gnutls_ia_server_credentials_t) | 89 | struct gnutls_ia_server_credentials_st * cred = (struct gnutls_ia_server_credentials_st*) |
90 | mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL); | 90 | mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL); |
91 | 91 | ||
92 | if (cred) | 92 | if (cred) |
diff --git a/src/daemon/https/tls/ext_server_name.c b/src/daemon/https/tls/ext_server_name.c index e0816259..8c045ae3 100644 --- a/src/daemon/https/tls/ext_server_name.c +++ b/src/daemon/https/tls/ext_server_name.c | |||
@@ -127,14 +127,14 @@ int | |||
127 | mhd_gtls_server_name_send_params (mhd_gtls_session_t session, | 127 | mhd_gtls_server_name_send_params (mhd_gtls_session_t session, |
128 | opaque * data, size_t _data_size) | 128 | opaque * data, size_t _data_size) |
129 | { | 129 | { |
130 | int total_size = 0; | ||
131 | #if MHD_DEBUG_TLS | ||
130 | uint16_t len; | 132 | uint16_t len; |
131 | opaque *p; | 133 | opaque *p; |
132 | unsigned i; | 134 | unsigned i; |
133 | ssize_t data_size = _data_size; | 135 | ssize_t data_size = _data_size; |
134 | int total_size = 0; | ||
135 | 136 | ||
136 | /* this function sends the client extension data (dnsname) */ | 137 | /* this function sends the client extension data (dnsname) */ |
137 | #if MHD_DEBUG_TLS | ||
138 | if (session->security_parameters.entity == GNUTLS_CLIENT) | 138 | if (session->security_parameters.entity == GNUTLS_CLIENT) |
139 | { | 139 | { |
140 | 140 | ||
diff --git a/src/daemon/https/tls/gnutls_alert.c b/src/daemon/https/tls/gnutls_alert.c index cbea7b09..36c65362 100644 --- a/src/daemon/https/tls/gnutls_alert.c +++ b/src/daemon/https/tls/gnutls_alert.c | |||
@@ -231,10 +231,6 @@ MHD_gtls_error_to_alert (int err, int *level) | |||
231 | ret = GNUTLS_A_INTERNAL_ERROR; | 231 | ret = GNUTLS_A_INTERNAL_ERROR; |
232 | _level = GNUTLS_AL_FATAL; | 232 | _level = GNUTLS_AL_FATAL; |
233 | break; | 233 | break; |
234 | case GNUTLS_E_OPENPGP_GETKEY_FAILED: | ||
235 | ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE; | ||
236 | _level = GNUTLS_AL_FATAL; | ||
237 | break; | ||
238 | case GNUTLS_E_DH_PRIME_UNACCEPTABLE: | 234 | case GNUTLS_E_DH_PRIME_UNACCEPTABLE: |
239 | case GNUTLS_E_NO_CERTIFICATE_FOUND: | 235 | case GNUTLS_E_NO_CERTIFICATE_FOUND: |
240 | ret = GNUTLS_A_INSUFFICIENT_SECURITY; | 236 | ret = GNUTLS_A_INSUFFICIENT_SECURITY; |
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 5f0eb4cb..2f5f32fe 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c | |||
@@ -1866,9 +1866,6 @@ MHD_gnutls_certificate_type_get_name (gnutls_certificate_type_t type) | |||
1866 | 1866 | ||
1867 | if (type == MHD_GNUTLS_CRT_X509) | 1867 | if (type == MHD_GNUTLS_CRT_X509) |
1868 | ret = "X.509"; | 1868 | ret = "X.509"; |
1869 | if (type == MHD_GNUTLS_CRT_OPENPGP) | ||
1870 | ret = "OPENPGP"; | ||
1871 | |||
1872 | return ret; | 1869 | return ret; |
1873 | } | 1870 | } |
1874 | 1871 | ||
@@ -1888,24 +1885,18 @@ MHD_gtls_certificate_type_get_id (const char *name) | |||
1888 | 1885 | ||
1889 | if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0) | 1886 | if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0) |
1890 | return MHD_GNUTLS_CRT_X509; | 1887 | return MHD_GNUTLS_CRT_X509; |
1891 | if (strcasecmp (name, "OPENPGP") == 0) | ||
1892 | return MHD_GNUTLS_CRT_OPENPGP; | ||
1893 | |||
1894 | return ret; | 1888 | return ret; |
1895 | } | 1889 | } |
1896 | 1890 | ||
1897 | static const gnutls_certificate_type_t mhd_gtls_supported_certificate_types[] = | 1891 | static const gnutls_certificate_type_t mhd_gtls_supported_certificate_types[] = |
1898 | { MHD_GNUTLS_CRT_X509, | 1892 | { MHD_GNUTLS_CRT_X509, |
1899 | MHD_GNUTLS_CRT_OPENPGP, | ||
1900 | 0 | 1893 | 0 |
1901 | }; | 1894 | }; |
1902 | 1895 | ||
1903 | /** | 1896 | /** |
1904 | * MHD_gtls_certificate_type_list: | 1897 | * MHD_gtls_certificate_type_list: |
1905 | * | 1898 | * |
1906 | * Get a list of certificate types. Note that to be able to use | 1899 | * Get a list of certificate types. |
1907 | * OpenPGP certificates, you must link to libgnutls-extra and call | ||
1908 | * gnutls_global_init_extra(). | ||
1909 | * | 1900 | * |
1910 | * Returns: a zero-terminated list of %gnutls_certificate_type_t | 1901 | * Returns: a zero-terminated list of %gnutls_certificate_type_t |
1911 | * integers indicating the available certificate types. | 1902 | * integers indicating the available certificate types. |
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c index 47d6ae09..42de27e9 100644 --- a/src/daemon/https/tls/gnutls_cert.c +++ b/src/daemon/https/tls/gnutls_cert.c | |||
@@ -40,7 +40,6 @@ | |||
40 | #include <gnutls_state.h> | 40 | #include <gnutls_state.h> |
41 | #include <gnutls_auth_int.h> | 41 | #include <gnutls_auth_int.h> |
42 | #include <gnutls_x509.h> | 42 | #include <gnutls_x509.h> |
43 | #include <gnutls_extra_hooks.h> | ||
44 | /* x509 */ | 43 | /* x509 */ |
45 | #include "x509.h" | 44 | #include "x509.h" |
46 | #include "mpi.h" | 45 | #include "mpi.h" |
@@ -192,10 +191,7 @@ MHD_gnutls_certificate_free_credentials (mhd_gtls_cert_credentials_t sc) | |||
192 | MHD_gnutls_certificate_free_crls (sc); | 191 | MHD_gnutls_certificate_free_crls (sc); |
193 | #endif | 192 | #endif |
194 | 193 | ||
195 | #ifndef KEYRING_HACK | 194 | #ifdef KEYRING_HACK |
196 | if (_E_gnutls_openpgp_keyring_deinit) | ||
197 | _E_gnutls_openpgp_keyring_deinit (sc->keyring); | ||
198 | #else | ||
199 | _gnutls_free_datum (&sc->keyring); | 195 | _gnutls_free_datum (&sc->keyring); |
200 | #endif | 196 | #endif |
201 | 197 | ||
@@ -437,74 +433,6 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert) | |||
437 | return result; | 433 | return result; |
438 | } | 434 | } |
439 | 435 | ||
440 | /*- | ||
441 | * _gnutls_openpgp_crt_verify_peers - This function returns the peer's certificate status | ||
442 | * @session: is a gnutls session | ||
443 | * | ||
444 | * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.). | ||
445 | * Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. | ||
446 | * | ||
447 | -*/ | ||
448 | int | ||
449 | _gnutls_openpgp_crt_verify_peers (mhd_gtls_session_t session, | ||
450 | unsigned int *status) | ||
451 | { | ||
452 | cert_auth_info_t info; | ||
453 | mhd_gtls_cert_credentials_t cred; | ||
454 | int peer_certificate_list_size, ret; | ||
455 | |||
456 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); | ||
457 | |||
458 | info = mhd_gtls_get_auth_info (session); | ||
459 | if (info == NULL) | ||
460 | return GNUTLS_E_INVALID_REQUEST; | ||
461 | |||
462 | cred = (mhd_gtls_cert_credentials_t) | ||
463 | mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
464 | if (cred == NULL) | ||
465 | { | ||
466 | gnutls_assert (); | ||
467 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
468 | } | ||
469 | |||
470 | if (info->raw_certificate_list == NULL || info->ncerts == 0) | ||
471 | { | ||
472 | gnutls_assert (); | ||
473 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
474 | } | ||
475 | |||
476 | /* generate a list of gnutls_certs based on the auth info | ||
477 | * raw certs. | ||
478 | */ | ||
479 | peer_certificate_list_size = info->ncerts; | ||
480 | |||
481 | if (peer_certificate_list_size != 1) | ||
482 | { | ||
483 | gnutls_assert (); | ||
484 | return GNUTLS_E_INTERNAL_ERROR; | ||
485 | } | ||
486 | |||
487 | /* Verify certificate | ||
488 | */ | ||
489 | if (_E_gnutls_openpgp_verify_key == NULL) | ||
490 | { | ||
491 | gnutls_assert (); | ||
492 | return GNUTLS_E_INIT_LIBEXTRA; | ||
493 | } | ||
494 | ret = | ||
495 | _E_gnutls_openpgp_verify_key (cred, &info->raw_certificate_list[0], | ||
496 | peer_certificate_list_size, status); | ||
497 | |||
498 | if (ret < 0) | ||
499 | { | ||
500 | gnutls_assert (); | ||
501 | return ret; | ||
502 | } | ||
503 | |||
504 | return 0; | ||
505 | } | ||
506 | |||
507 | |||
508 | /** | 436 | /** |
509 | * MHD_gtls_certificate_verify_peers2 - This function returns the peer's certificate verification status | 437 | * MHD_gtls_certificate_verify_peers2 - This function returns the peer's certificate verification status |
510 | * @session: is a gnutls session | 438 | * @session: is a gnutls session |
@@ -552,8 +480,6 @@ MHD_gtls_certificate_verify_peers2 (mhd_gtls_session_t session, | |||
552 | { | 480 | { |
553 | case MHD_GNUTLS_CRT_X509: | 481 | case MHD_GNUTLS_CRT_X509: |
554 | return _gnutls_x509_cert_verify_peers (session, status); | 482 | return _gnutls_x509_cert_verify_peers (session, status); |
555 | case MHD_GNUTLS_CRT_OPENPGP: | ||
556 | return _gnutls_openpgp_crt_verify_peers (session, status); | ||
557 | default: | 483 | default: |
558 | return GNUTLS_E_INVALID_REQUEST; | 484 | return GNUTLS_E_INVALID_REQUEST; |
559 | } | 485 | } |
@@ -626,12 +552,6 @@ MHD_gtls_certificate_expiration_time_peers (mhd_gtls_session_t session) | |||
626 | return _gnutls_x509_get_raw_crt_expiration_time (&info-> | 552 | return _gnutls_x509_get_raw_crt_expiration_time (&info-> |
627 | raw_certificate_list | 553 | raw_certificate_list |
628 | [0]); | 554 | [0]); |
629 | case MHD_GNUTLS_CRT_OPENPGP: | ||
630 | if (_E_gnutls_openpgp_get_raw_key_expiration_time == NULL) | ||
631 | return (time_t) - 1; | ||
632 | return _E_gnutls_openpgp_get_raw_key_expiration_time (&info-> | ||
633 | raw_certificate_list | ||
634 | [0]); | ||
635 | default: | 555 | default: |
636 | return (time_t) - 1; | 556 | return (time_t) - 1; |
637 | } | 557 | } |
@@ -671,12 +591,6 @@ MHD_gtls_certificate_activation_time_peers (mhd_gtls_session_t session) | |||
671 | return _gnutls_x509_get_raw_crt_activation_time (&info-> | 591 | return _gnutls_x509_get_raw_crt_activation_time (&info-> |
672 | raw_certificate_list | 592 | raw_certificate_list |
673 | [0]); | 593 | [0]); |
674 | case MHD_GNUTLS_CRT_OPENPGP: | ||
675 | if (_E_gnutls_openpgp_get_raw_key_creation_time == NULL) | ||
676 | return (time_t) - 1; | ||
677 | return _E_gnutls_openpgp_get_raw_key_creation_time (&info-> | ||
678 | raw_certificate_list | ||
679 | [0]); | ||
680 | default: | 594 | default: |
681 | return (time_t) - 1; | 595 | return (time_t) - 1; |
682 | } | 596 | } |
@@ -692,13 +606,6 @@ mhd_gtls_raw_cert_to_gcert (gnutls_cert * gcert, | |||
692 | { | 606 | { |
693 | case MHD_GNUTLS_CRT_X509: | 607 | case MHD_GNUTLS_CRT_X509: |
694 | return mhd_gtls_x509_raw_cert_to_gcert (gcert, raw_cert, flags); | 608 | return mhd_gtls_x509_raw_cert_to_gcert (gcert, raw_cert, flags); |
695 | case MHD_GNUTLS_CRT_OPENPGP: | ||
696 | if (_E_gnutls_openpgp_raw_key_to_gcert == NULL) | ||
697 | { | ||
698 | gnutls_assert (); | ||
699 | return GNUTLS_E_INIT_LIBEXTRA; | ||
700 | } | ||
701 | return _E_gnutls_openpgp_raw_key_to_gcert (gcert, raw_cert); | ||
702 | default: | 609 | default: |
703 | gnutls_assert (); | 610 | gnutls_assert (); |
704 | return GNUTLS_E_INTERNAL_ERROR; | 611 | return GNUTLS_E_INTERNAL_ERROR; |
@@ -715,17 +622,6 @@ mhd_gtls_raw_privkey_to_gkey (gnutls_privkey * key, | |||
715 | { | 622 | { |
716 | case MHD_GNUTLS_CRT_X509: | 623 | case MHD_GNUTLS_CRT_X509: |
717 | return _gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc); | 624 | return _gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc); |
718 | #if ENABLE_OPENPGP | ||
719 | case MHD_GNUTLS_CRT_OPENPGP: | ||
720 | if (_E_gnutls_openpgp_raw_privkey_to_gkey == NULL) | ||
721 | { | ||
722 | gnutls_assert (); | ||
723 | return GNUTLS_E_INIT_LIBEXTRA; | ||
724 | } | ||
725 | return _E_gnutls_openpgp_raw_privkey_to_gkey (key, raw_key, | ||
726 | (gnutls_openpgp_crt_fmt_t) | ||
727 | key_enc); | ||
728 | #endif | ||
729 | default: | 625 | default: |
730 | gnutls_assert (); | 626 | gnutls_assert (); |
731 | return GNUTLS_E_INTERNAL_ERROR; | 627 | return GNUTLS_E_INTERNAL_ERROR; |
diff --git a/src/daemon/https/tls/gnutls_errors.c b/src/daemon/https/tls/gnutls_errors.c index f4436ece..d9b05a5a 100644 --- a/src/daemon/https/tls/gnutls_errors.c +++ b/src/daemon/https/tls/gnutls_errors.c | |||
@@ -205,22 +205,15 @@ static const gnutls_error_entry mhd_gtls_error_algorithms[] = { | |||
205 | ERROR_ENTRY (N_("The tasn1 library version is too old."), | 205 | ERROR_ENTRY (N_("The tasn1 library version is too old."), |
206 | GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1), | 206 | GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1), |
207 | 207 | ||
208 | ERROR_ENTRY (N_("Error loading the keyring."), | ||
209 | GNUTLS_E_OPENPGP_KEYRING_ERROR, 1), | ||
210 | ERROR_ENTRY (N_("The initialization of LZO has failed."), | 208 | ERROR_ENTRY (N_("The initialization of LZO has failed."), |
211 | GNUTLS_E_LZO_INIT_FAILED, 1), | 209 | GNUTLS_E_LZO_INIT_FAILED, 1), |
212 | ERROR_ENTRY (N_("No supported compression algorithms have been found."), | 210 | ERROR_ENTRY (N_("No supported compression algorithms have been found."), |
213 | GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1), | 211 | GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1), |
214 | ERROR_ENTRY (N_("No supported cipher suites have been found."), | 212 | ERROR_ENTRY (N_("No supported cipher suites have been found."), |
215 | GNUTLS_E_NO_CIPHER_SUITES, 1), | 213 | GNUTLS_E_NO_CIPHER_SUITES, 1), |
216 | ERROR_ENTRY (N_("Could not get OpenPGP key."), | ||
217 | GNUTLS_E_OPENPGP_GETKEY_FAILED, 1), | ||
218 | |||
219 | ERROR_ENTRY (N_("The SRP username supplied is illegal."), | 214 | ERROR_ENTRY (N_("The SRP username supplied is illegal."), |
220 | GNUTLS_E_ILLEGAL_SRP_USERNAME, 1), | 215 | GNUTLS_E_ILLEGAL_SRP_USERNAME, 1), |
221 | 216 | ||
222 | ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."), | ||
223 | GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1), | ||
224 | ERROR_ENTRY (N_("The certificate has unsupported attributes."), | 217 | ERROR_ENTRY (N_("The certificate has unsupported attributes."), |
225 | GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1), | 218 | GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1), |
226 | ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID, | 219 | ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID, |
diff --git a/src/daemon/https/tls/gnutls_extra_hooks.c b/src/daemon/https/tls/gnutls_extra_hooks.c deleted file mode 100644 index f7852f64..00000000 --- a/src/daemon/https/tls/gnutls_extra_hooks.c +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Simon Josefsson | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include <gnutls_int.h> | ||
26 | #include <gnutls_extra_hooks.h> | ||
27 | |||
28 | /* Variables used by libgnutls, set by | ||
29 | _gnutls_add_openpgp_functions(), typically invoked by | ||
30 | libgnutls_extra. */ | ||
31 | _gnutls_openpgp_verify_key_func _E_gnutls_openpgp_verify_key = NULL; | ||
32 | _gnutls_openpgp_crt_creation_time_func | ||
33 | _E_gnutls_openpgp_get_raw_key_creation_time = NULL; | ||
34 | _gnutls_openpgp_crt_expiration_time_func | ||
35 | _E_gnutls_openpgp_get_raw_key_expiration_time = NULL; | ||
36 | _gnutls_openpgp_fingerprint_func _E_gnutls_openpgp_fingerprint = NULL; | ||
37 | _gnutls_openpgp_crt_request_func _E_gnutls_openpgp_request_key = NULL; | ||
38 | _gnutls_openpgp_raw_key_to_gcert_func _E_gnutls_openpgp_raw_key_to_gcert = | ||
39 | NULL; | ||
40 | _gnutls_openpgp_raw_privkey_to_gkey_func _E_gnutls_openpgp_raw_privkey_to_gkey | ||
41 | = NULL; | ||
42 | _gnutls_openpgp_crt_to_gcert_func _E_gnutls_openpgp_crt_to_gcert = NULL; | ||
43 | _gnutls_openpgp_privkey_to_gkey_func _E_gnutls_openpgp_privkey_to_gkey = NULL; | ||
44 | _gnutls_openpgp_crt_deinit_func _E_gnutls_openpgp_crt_deinit = NULL; | ||
45 | _gnutls_openpgp_keyring_deinit_func _E_gnutls_openpgp_keyring_deinit = NULL; | ||
46 | _gnutls_openpgp_privkey_deinit_func _E_gnutls_openpgp_privkey_deinit = NULL; | ||
47 | |||
48 | /* Called by libgnutls_extra to set the OpenPGP functions that are | ||
49 | needed by GnuTLS. */ | ||
50 | extern void | ||
51 | _gnutls_add_openpgp_functions | ||
52 | (_gnutls_openpgp_verify_key_func verify_key, | ||
53 | _gnutls_openpgp_crt_creation_time_func key_creation_time, | ||
54 | _gnutls_openpgp_crt_expiration_time_func key_expiration_time, | ||
55 | _gnutls_openpgp_fingerprint_func fingerprint, | ||
56 | _gnutls_openpgp_crt_request_func request_key, | ||
57 | _gnutls_openpgp_raw_key_to_gcert_func raw_key_to_gcert, | ||
58 | _gnutls_openpgp_raw_privkey_to_gkey_func raw_privkey_to_gkey, | ||
59 | _gnutls_openpgp_crt_to_gcert_func key_to_gcert, | ||
60 | _gnutls_openpgp_privkey_to_gkey_func privkey_to_gkey, | ||
61 | _gnutls_openpgp_crt_deinit_func key_deinit, | ||
62 | _gnutls_openpgp_keyring_deinit_func keyring_deinit, | ||
63 | _gnutls_openpgp_privkey_deinit_func privkey_deinit) | ||
64 | { | ||
65 | _E_gnutls_openpgp_verify_key = verify_key; | ||
66 | _E_gnutls_openpgp_get_raw_key_creation_time = key_creation_time; | ||
67 | _E_gnutls_openpgp_get_raw_key_expiration_time = key_expiration_time; | ||
68 | _E_gnutls_openpgp_fingerprint = fingerprint; | ||
69 | _E_gnutls_openpgp_request_key = request_key; | ||
70 | _E_gnutls_openpgp_raw_key_to_gcert = raw_key_to_gcert; | ||
71 | _E_gnutls_openpgp_raw_privkey_to_gkey = raw_privkey_to_gkey; | ||
72 | _E_gnutls_openpgp_crt_to_gcert = key_to_gcert; | ||
73 | _E_gnutls_openpgp_privkey_to_gkey = privkey_to_gkey; | ||
74 | _E_gnutls_openpgp_crt_deinit = key_deinit; | ||
75 | _E_gnutls_openpgp_keyring_deinit = keyring_deinit; | ||
76 | _E_gnutls_openpgp_privkey_deinit = privkey_deinit; | ||
77 | |||
78 | } | ||
diff --git a/src/daemon/https/tls/gnutls_extra_hooks.h b/src/daemon/https/tls/gnutls_extra_hooks.h deleted file mode 100644 index b4e83bad..00000000 --- a/src/daemon/https/tls/gnutls_extra_hooks.h +++ /dev/null | |||
@@ -1,106 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Simon Josefsson | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file is included by libgnutls-extra, and it will call the | ||
26 | _gnutls_add_openpgp_functions() function to register its OpenPGP | ||
27 | functions. */ | ||
28 | |||
29 | #include <auth_cert.h> | ||
30 | |||
31 | typedef int (*_gnutls_openpgp_verify_key_func) | ||
32 | (const mhd_gtls_cert_credentials_t, | ||
33 | const gnutls_datum_t *, int, | ||
34 | unsigned int *); | ||
35 | |||
36 | typedef time_t (*_gnutls_openpgp_crt_creation_time_func) | ||
37 | (const gnutls_datum_t *); | ||
38 | |||
39 | typedef time_t (*_gnutls_openpgp_crt_expiration_time_func) | ||
40 | (const gnutls_datum_t *); | ||
41 | |||
42 | typedef int (*_gnutls_openpgp_crt_request_func) | ||
43 | (mhd_gtls_session_t, gnutls_datum_t *, | ||
44 | const mhd_gtls_cert_credentials_t, | ||
45 | opaque *, int); | ||
46 | |||
47 | typedef int (*_gnutls_openpgp_fingerprint_func) | ||
48 | (const gnutls_datum_t *, | ||
49 | unsigned char *, size_t *); | ||
50 | |||
51 | typedef int (*_gnutls_openpgp_raw_key_to_gcert_func) | ||
52 | (gnutls_cert *, | ||
53 | const gnutls_datum_t *); | ||
54 | typedef int (*_gnutls_openpgp_raw_privkey_to_gkey_func) | ||
55 | (gnutls_privkey *, | ||
56 | const gnutls_datum_t *, | ||
57 | gnutls_openpgp_crt_fmt_t); | ||
58 | |||
59 | typedef int (*_gnutls_openpgp_crt_to_gcert_func) | ||
60 | (gnutls_cert *, gnutls_openpgp_crt_t); | ||
61 | |||
62 | typedef int (*_gnutls_openpgp_privkey_to_gkey_func) | ||
63 | (gnutls_privkey *, | ||
64 | gnutls_openpgp_privkey_t); | ||
65 | |||
66 | typedef void (*_gnutls_openpgp_crt_deinit_func) | ||
67 | (gnutls_openpgp_crt_t); | ||
68 | |||
69 | typedef void (*_gnutls_openpgp_keyring_deinit_func) | ||
70 | (gnutls_openpgp_keyring_t); | ||
71 | |||
72 | typedef void (*_gnutls_openpgp_privkey_deinit_func) | ||
73 | (gnutls_openpgp_privkey_t); | ||
74 | |||
75 | /* These are defined in libgnutls, but not exported from libgnutls, | ||
76 | and not intended to be used by libgnutls-extra or elsewhere. They | ||
77 | are declared here, because this file is included by auth_cert.c and | ||
78 | gnutls_cert.c too. */ | ||
79 | extern _gnutls_openpgp_verify_key_func _E_gnutls_openpgp_verify_key; | ||
80 | extern _gnutls_openpgp_crt_creation_time_func | ||
81 | _E_gnutls_openpgp_get_raw_key_creation_time; | ||
82 | extern _gnutls_openpgp_crt_expiration_time_func | ||
83 | _E_gnutls_openpgp_get_raw_key_expiration_time; | ||
84 | extern _gnutls_openpgp_fingerprint_func _E_gnutls_openpgp_fingerprint; | ||
85 | extern _gnutls_openpgp_crt_request_func _E_gnutls_openpgp_request_key; | ||
86 | extern _gnutls_openpgp_raw_key_to_gcert_func _E_gnutls_openpgp_raw_key_to_gcert; | ||
87 | extern _gnutls_openpgp_raw_privkey_to_gkey_func _E_gnutls_openpgp_raw_privkey_to_gkey; | ||
88 | extern _gnutls_openpgp_crt_to_gcert_func _E_gnutls_openpgp_crt_to_gcert; | ||
89 | extern _gnutls_openpgp_privkey_to_gkey_func _E_gnutls_openpgp_privkey_to_gkey; | ||
90 | extern _gnutls_openpgp_crt_deinit_func _E_gnutls_openpgp_crt_deinit; | ||
91 | extern _gnutls_openpgp_keyring_deinit_func _E_gnutls_openpgp_keyring_deinit; | ||
92 | extern _gnutls_openpgp_privkey_deinit_func _E_gnutls_openpgp_privkey_deinit; | ||
93 | |||
94 | extern void _gnutls_add_openpgp_functions | ||
95 | (_gnutls_openpgp_verify_key_func verify_key, | ||
96 | _gnutls_openpgp_crt_creation_time_func key_creation_time, | ||
97 | _gnutls_openpgp_crt_expiration_time_func key_expiration_time, | ||
98 | _gnutls_openpgp_fingerprint_func fingerprint, | ||
99 | _gnutls_openpgp_crt_request_func request_key, | ||
100 | _gnutls_openpgp_raw_key_to_gcert_func raw_key_to_gcert, | ||
101 | _gnutls_openpgp_raw_privkey_to_gkey_func raw_privkey_to_gkey, | ||
102 | _gnutls_openpgp_crt_to_gcert_func key_to_gcert, | ||
103 | _gnutls_openpgp_privkey_to_gkey_func privkey_to_gkey, | ||
104 | _gnutls_openpgp_crt_deinit_func key_deinit, | ||
105 | _gnutls_openpgp_keyring_deinit_func keyring_deinit, | ||
106 | _gnutls_openpgp_privkey_deinit_func privkey_deinit); | ||
diff --git a/src/daemon/https/tls/gnutls_int.h b/src/daemon/https/tls/gnutls_int.h index 019cbc04..10f5ef34 100644 --- a/src/daemon/https/tls/gnutls_int.h +++ b/src/daemon/https/tls/gnutls_int.h | |||
@@ -28,7 +28,6 @@ | |||
28 | #include <defines.h> | 28 | #include <defines.h> |
29 | 29 | ||
30 | #include "gnutls.h" | 30 | #include "gnutls.h" |
31 | #include "extra.h" | ||
32 | #include "microhttpd.h" | 31 | #include "microhttpd.h" |
33 | 32 | ||
34 | #include "gnutls_mem.h" | 33 | #include "gnutls_mem.h" |
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c index 02d87e05..48596e75 100644 --- a/src/daemon/https/tls/gnutls_state.c +++ b/src/daemon/https/tls/gnutls_state.c | |||
@@ -594,23 +594,6 @@ mhd_gtls_dh_set_group (mhd_gtls_session_t session, mpi_t gen, mpi_t prime) | |||
594 | } | 594 | } |
595 | 595 | ||
596 | /** | 596 | /** |
597 | * MHD_gtls_openpgp_send_cert - This function will order gnutls to send the openpgp fingerprint instead of the key | ||
598 | * @session: is a pointer to a #mhd_gtls_session_t structure. | ||
599 | * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT | ||
600 | * | ||
601 | * This function will order gnutls to send the key fingerprint | ||
602 | * instead of the key in the initial handshake procedure. This should | ||
603 | * be used with care and only when there is indication or knowledge | ||
604 | * that the server can obtain the client's key. | ||
605 | **/ | ||
606 | void | ||
607 | MHD_gtls_openpgp_send_cert (mhd_gtls_session_t session, | ||
608 | gnutls_openpgp_crt_status_t status) | ||
609 | { | ||
610 | session->internals.pgp_fingerprint = status; | ||
611 | } | ||
612 | |||
613 | /** | ||
614 | * MHD_gnutls_certificate_send_x509_rdn_sequence - This function will order gnutls to send or not the x.509 rdn sequence | 597 | * MHD_gnutls_certificate_send_x509_rdn_sequence - This function will order gnutls to send or not the x.509 rdn sequence |
615 | * @session: is a pointer to a #mhd_gtls_session_t structure. | 598 | * @session: is a pointer to a #mhd_gtls_session_t structure. |
616 | * @status: is 0 or 1 | 599 | * @status: is 0 or 1 |
@@ -631,12 +614,6 @@ MHD_gnutls_certificate_send_x509_rdn_sequence (mhd_gtls_session_t session, | |||
631 | session->internals.ignore_rdn_sequence = status; | 614 | session->internals.ignore_rdn_sequence = status; |
632 | } | 615 | } |
633 | 616 | ||
634 | int | ||
635 | mhd_gtls_openpgp_send_fingerprint (mhd_gtls_session_t session) | ||
636 | { | ||
637 | return session->internals.pgp_fingerprint; | ||
638 | } | ||
639 | |||
640 | /*- | 617 | /*- |
641 | * _gnutls_record_set_default_version - Used to set the default version for the first record packet | 618 | * _gnutls_record_set_default_version - Used to set the default version for the first record packet |
642 | * @session: is a #mhd_gtls_session_t structure. | 619 | * @session: is a #mhd_gtls_session_t structure. |