diff options
author | lv-426 <oxcafebaby@yahoo.com> | 2008-07-05 00:42:25 +0000 |
---|---|---|
committer | lv-426 <oxcafebaby@yahoo.com> | 2008-07-05 00:42:25 +0000 |
commit | ff4e3e20a72efa956ab1e2685fb63ad23a357d4d (patch) | |
tree | a6338819618c22c9f3d7a68d124fe4ba466ae5ae /src/daemon | |
parent | 0876373669fb00839ccd125c9529364128d445dc (diff) | |
download | libmicrohttpd-ff4e3e20a72efa956ab1e2685fb63ad23a357d4d.tar.gz libmicrohttpd-ff4e3e20a72efa956ab1e2685fb63ad23a357d4d.zip |
partial support for users to query SSL/TLS sessions for negotiated settings
added querying test
removed SSLv2 code
Diffstat (limited to 'src/daemon')
-rw-r--r-- | src/daemon/connection.c | 24 | ||||
-rw-r--r-- | src/daemon/daemon.c | 12 | ||||
-rw-r--r-- | src/daemon/https/Makefile.am | 1 | ||||
-rw-r--r-- | src/daemon/https/includes/gnutlsxx.h | 393 | ||||
-rw-r--r-- | src/daemon/https/tls/Makefile.am | 2 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_handshake.c | 77 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_priority.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_v2_compat.c | 259 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_v2_compat.h | 26 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutlsxx.cpp | 907 | ||||
-rw-r--r-- | src/daemon/https/tls/io_debug.h | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/libgnutlsxx.vers | 30 | ||||
-rw-r--r-- | src/daemon/https/x509/x509_privkey.c | 19 |
13 files changed, 71 insertions, 1687 deletions
diff --git a/src/daemon/connection.c b/src/daemon/connection.c index 1cfd4029..b12ac705 100644 --- a/src/daemon/connection.c +++ b/src/daemon/connection.c | |||
@@ -33,6 +33,7 @@ | |||
33 | 33 | ||
34 | // get opaque type | 34 | // get opaque type |
35 | #include "gnutls_int.h" | 35 | #include "gnutls_int.h" |
36 | |||
36 | // TODO clean | 37 | // TODO clean |
37 | #undef MAX | 38 | #undef MAX |
38 | #define MAX(a,b) ((a)<(b)) ? (b) : (a) | 39 | #define MAX(a,b) ((a)<(b)) ? (b) : (a) |
@@ -160,6 +161,23 @@ MHD_get_connection_values (struct MHD_Connection *connection, | |||
160 | return ret; | 161 | return ret; |
161 | } | 162 | } |
162 | 163 | ||
164 | #if HTTPS_SUPPORT | ||
165 | /* get cipher spec for this connection */ | ||
166 | gnutls_cipher_algorithm_t MHDS_get_session_cipher (struct MHD_Connection * session ){ | ||
167 | return gnutls_cipher_get(session->tls_session); | ||
168 | } | ||
169 | |||
170 | gnutls_mac_algorithm_t MHDS_get_session_mac (struct MHD_Connection * session ){ | ||
171 | return gnutls_mac_get(session->tls_session); | ||
172 | } | ||
173 | gnutls_compression_method_t MHDS_get_session_compression (struct MHD_Connection * session ){ | ||
174 | return gnutls_compression_get(session->tls_session); | ||
175 | } | ||
176 | gnutls_certificate_type_t MHDS_get_session_cert_type (struct MHD_Connection * session ){ | ||
177 | return gnutls_certificate_type_get(session->tls_session); | ||
178 | } | ||
179 | #endif | ||
180 | |||
163 | /** | 181 | /** |
164 | * Get a particular header value. If multiple | 182 | * Get a particular header value. If multiple |
165 | * values match the kind, return any one of them. | 183 | * values match the kind, return any one of them. |
@@ -1546,7 +1564,7 @@ MHDS_connection_handle_read (struct MHD_Connection *connection) | |||
1546 | 1564 | ||
1547 | break; | 1565 | break; |
1548 | case GNUTLS_ALERT: | 1566 | case GNUTLS_ALERT: |
1549 | /* | 1567 | /* |
1550 | * this call of _gnutls_recv_int expects 0 bytes read. | 1568 | * this call of _gnutls_recv_int expects 0 bytes read. |
1551 | * done to decrypt alert message | 1569 | * done to decrypt alert message |
1552 | */ | 1570 | */ |
@@ -1601,7 +1619,7 @@ MHDS_connection_handle_read (struct MHD_Connection *connection) | |||
1601 | /* forward application level content to MHD */ | 1619 | /* forward application level content to MHD */ |
1602 | case GNUTLS_APPLICATION_DATA: | 1620 | case GNUTLS_APPLICATION_DATA: |
1603 | return MHD_connection_handle_read (connection); | 1621 | return MHD_connection_handle_read (connection); |
1604 | // TODO impl | 1622 | // TODO impl |
1605 | case GNUTLS_HANDSHAKE: | 1623 | case GNUTLS_HANDSHAKE: |
1606 | break; | 1624 | break; |
1607 | case GNUTLS_INNER_APPLICATION: | 1625 | case GNUTLS_INNER_APPLICATION: |
@@ -1823,7 +1841,7 @@ MHDS_connection_handle_write (struct MHD_Connection *connection) | |||
1823 | connection->s_state = MHDS_REPLY_SENDING; | 1841 | connection->s_state = MHDS_REPLY_SENDING; |
1824 | do_write (connection); | 1842 | do_write (connection); |
1825 | break; | 1843 | break; |
1826 | 1844 | ||
1827 | case MHDS_CONNECTION_CLOSED: | 1845 | case MHDS_CONNECTION_CLOSED: |
1828 | if (connection->socket_fd != -1) | 1846 | if (connection->socket_fd != -1) |
1829 | connection_close_error (connection); | 1847 | connection_close_error (connection); |
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index ecc70a02..83e1c8bc 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c | |||
@@ -220,7 +220,7 @@ MHDS_handle_connection (void *data) | |||
220 | con->daemon->x509_cret); | 220 | con->daemon->x509_cret); |
221 | 221 | ||
222 | /* avoid gnutls blocking recv / write calls */ | 222 | /* avoid gnutls blocking recv / write calls */ |
223 | gnutls_transport_set_pull_function(tls_session, &recv); | 223 | // gnutls_transport_set_pull_function(tls_session, &recv); |
224 | // gnutls_transport_set_push_function(tls_session, &send); | 224 | // gnutls_transport_set_push_function(tls_session, &send); |
225 | 225 | ||
226 | gnutls_transport_set_ptr (tls_session, con->socket_fd); | 226 | gnutls_transport_set_ptr (tls_session, con->socket_fd); |
@@ -240,9 +240,9 @@ MHDS_handle_connection (void *data) | |||
240 | con->s_state = MHDS_HANDSHAKE_FAILED; | 240 | con->s_state = MHDS_HANDSHAKE_FAILED; |
241 | gnutls_bye (con->tls_session, GNUTLS_SHUT_WR); | 241 | gnutls_bye (con->tls_session, GNUTLS_SHUT_WR); |
242 | gnutls_deinit (tls_session); | 242 | gnutls_deinit (tls_session); |
243 | con->socket_fd = 1; | 243 | con->socket_fd = -1; |
244 | return MHD_NO; | 244 | return MHD_NO; |
245 | 245 | ||
246 | } | 246 | } |
247 | 247 | ||
248 | MHD_handle_connection (data); | 248 | MHD_handle_connection (data); |
@@ -338,7 +338,7 @@ MHD_accept_connection (struct MHD_Daemon *daemon) | |||
338 | CLOSE (s); | 338 | CLOSE (s); |
339 | return MHD_NO; | 339 | return MHD_NO; |
340 | } | 340 | } |
341 | 341 | ||
342 | /* apply connection acceptance policy if present */ | 342 | /* apply connection acceptance policy if present */ |
343 | if ((daemon->apc != NULL) | 343 | if ((daemon->apc != NULL) |
344 | && (MHD_NO == daemon->apc (daemon->apc_cls, addr, addrlen))) | 344 | && (MHD_NO == daemon->apc (daemon->apc_cls, addr, addrlen))) |
@@ -415,7 +415,7 @@ MHD_accept_connection (struct MHD_Daemon *daemon) | |||
415 | &MHDS_handle_connection, | 415 | &MHDS_handle_connection, |
416 | connection); | 416 | connection); |
417 | else | 417 | else |
418 | #endif | 418 | #endif |
419 | { | 419 | { |
420 | res_thread_create = pthread_create (&connection->pid, NULL, | 420 | res_thread_create = pthread_create (&connection->pid, NULL, |
421 | &MHD_handle_connection, | 421 | &MHD_handle_connection, |
@@ -607,7 +607,7 @@ MHD_select (struct MHD_Daemon *daemon, int may_block) | |||
607 | ds = daemon->socket_fd; | 607 | ds = daemon->socket_fd; |
608 | if (ds == -1) | 608 | if (ds == -1) |
609 | return MHD_YES; | 609 | return MHD_YES; |
610 | 610 | ||
611 | /* select connection thread handling type */ | 611 | /* select connection thread handling type */ |
612 | if (__FD_ISSET (ds, &rs)) | 612 | if (__FD_ISSET (ds, &rs)) |
613 | MHD_accept_connection (daemon); | 613 | MHD_accept_connection (daemon); |
diff --git a/src/daemon/https/Makefile.am b/src/daemon/https/Makefile.am index 33f46f1b..ec37f95b 100644 --- a/src/daemon/https/Makefile.am +++ b/src/daemon/https/Makefile.am | |||
@@ -6,6 +6,7 @@ AM_CPPFLAGS = -I./includes \ | |||
6 | -I$(top_srcdir)/src/daemon/https/openpgp \ | 6 | -I$(top_srcdir)/src/daemon/https/openpgp \ |
7 | -I$(top_srcdir)/src/daemon/https/opencdk \ | 7 | -I$(top_srcdir)/src/daemon/https/opencdk \ |
8 | -I$(top_srcdir)/src/daemon/https/tls \ | 8 | -I$(top_srcdir)/src/daemon/https/tls \ |
9 | -I$(top_srcdir)/src/daemon/https/includes \ | ||
9 | -I$(top_srcdir)/src/daemon/https/cfg | 10 | -I$(top_srcdir)/src/daemon/https/cfg |
10 | 11 | ||
11 | noinst_LTLIBRARIES = libhttps.la | 12 | noinst_LTLIBRARIES = libhttps.la |
diff --git a/src/daemon/https/includes/gnutlsxx.h b/src/daemon/https/includes/gnutlsxx.h deleted file mode 100644 index 3e98da12..00000000 --- a/src/daemon/https/includes/gnutlsxx.h +++ /dev/null | |||
@@ -1,393 +0,0 @@ | |||
1 | #ifndef GNUTLSXX_H | ||
2 | # define GNUTLSXX_H | ||
3 | |||
4 | #include <exception> | ||
5 | #include <vector> | ||
6 | #include <gnutls.h> | ||
7 | |||
8 | namespace gnutls { | ||
9 | |||
10 | class exception: public std::exception | ||
11 | { | ||
12 | public: | ||
13 | exception( int x); | ||
14 | const char* what() const throw(); | ||
15 | int get_code(); | ||
16 | protected: | ||
17 | int retcode; | ||
18 | }; | ||
19 | |||
20 | class dh_params | ||
21 | { | ||
22 | public: | ||
23 | dh_params(); | ||
24 | ~dh_params(); | ||
25 | void import_raw( const gnutls_datum_t & prime, | ||
26 | const gnutls_datum_t & generator); | ||
27 | void import_pkcs3( const gnutls_datum_t & pkcs3_params, | ||
28 | gnutls_x509_crt_fmt_t format); | ||
29 | void generate( unsigned int bits); | ||
30 | |||
31 | void export_pkcs3( gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t * params_data_size); | ||
32 | void export_raw( gnutls_datum_t& prime, gnutls_datum_t &generator); | ||
33 | |||
34 | gnutls_dh_params_t get_params_t() const; | ||
35 | dh_params & operator=(const dh_params& src); | ||
36 | protected: | ||
37 | gnutls_dh_params_t params; | ||
38 | }; | ||
39 | |||
40 | |||
41 | class rsa_params | ||
42 | { | ||
43 | public: | ||
44 | rsa_params(); | ||
45 | ~rsa_params(); | ||
46 | void import_raw( const gnutls_datum_t & m, | ||
47 | const gnutls_datum_t & e, | ||
48 | const gnutls_datum_t & d, | ||
49 | const gnutls_datum_t & p, | ||
50 | const gnutls_datum_t & q, | ||
51 | const gnutls_datum_t & u); | ||
52 | void import_pkcs1( const gnutls_datum_t & pkcs1_params, | ||
53 | gnutls_x509_crt_fmt_t format); | ||
54 | void generate( unsigned int bits); | ||
55 | |||
56 | void export_pkcs1( gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t * params_data_size); | ||
57 | void export_raw( gnutls_datum_t & m, gnutls_datum_t & e, | ||
58 | gnutls_datum_t & d, gnutls_datum_t & p, | ||
59 | gnutls_datum_t & q, gnutls_datum_t & u); | ||
60 | gnutls_rsa_params_t get_params_t() const; | ||
61 | rsa_params & operator=(const rsa_params& src); | ||
62 | |||
63 | protected: | ||
64 | gnutls_rsa_params_t params; | ||
65 | }; | ||
66 | |||
67 | class session | ||
68 | { | ||
69 | protected: | ||
70 | gnutls_session_t s; | ||
71 | public: | ||
72 | session( gnutls_connection_end_t); | ||
73 | session( session& s); | ||
74 | virtual ~session(); | ||
75 | |||
76 | int bye( gnutls_close_request_t how); | ||
77 | int handshake (); | ||
78 | |||
79 | gnutls_alert_description_t get_alert() const; | ||
80 | |||
81 | int send_alert ( gnutls_alert_level_t level, | ||
82 | gnutls_alert_description_t desc); | ||
83 | int send_appropriate_alert (int err); | ||
84 | |||
85 | gnutls_cipher_algorithm_t get_cipher() const; | ||
86 | gnutls_kx_algorithm_t get_kx () const; | ||
87 | gnutls_mac_algorithm_t get_mac () const; | ||
88 | gnutls_compression_method_t get_compression () const; | ||
89 | gnutls_certificate_type_t get_certificate_type() const; | ||
90 | |||
91 | // for the handshake | ||
92 | void set_private_extensions ( bool allow); | ||
93 | |||
94 | gnutls_handshake_description_t get_handshake_last_out() const; | ||
95 | gnutls_handshake_description_t get_handshake_last_in() const; | ||
96 | |||
97 | ssize_t send (const void *data, size_t sizeofdata); | ||
98 | ssize_t recv (void *data, size_t sizeofdata); | ||
99 | |||
100 | bool get_record_direction() const; | ||
101 | |||
102 | // maximum packet size | ||
103 | size_t get_max_size() const; | ||
104 | void set_max_size(size_t size); | ||
105 | |||
106 | size_t check_pending() const; | ||
107 | |||
108 | void prf (size_t label_size, const char *label, | ||
109 | int server_random_first, | ||
110 | size_t extra_size, const char *extra, | ||
111 | size_t outsize, char *out); | ||
112 | |||
113 | void prf_raw ( size_t label_size, const char *label, | ||
114 | size_t seed_size, const char *seed, | ||
115 | size_t outsize, char *out); | ||
116 | |||
117 | void set_cipher_priority (const int *list); | ||
118 | void set_mac_priority (const int *list); | ||
119 | void set_compression_priority (const int *list); | ||
120 | void set_kx_priority (const int *list); | ||
121 | void set_protocol_priority (const int *list); | ||
122 | void set_certificate_type_priority (const int *list); | ||
123 | |||
124 | /* if you just want some defaults, use the following. | ||
125 | */ | ||
126 | void set_priority (const char* prio, const char** err_pos); | ||
127 | void set_priority (gnutls_priority_t p); | ||
128 | |||
129 | gnutls_protocol_t get_protocol_version() const; | ||
130 | |||
131 | // for resuming sessions | ||
132 | void set_data ( const void *session_data, | ||
133 | size_t session_data_size); | ||
134 | void get_data (void *session_data, | ||
135 | size_t * session_data_size) const; | ||
136 | void get_data(gnutls_session_t session, | ||
137 | gnutls_datum_t & data) const; | ||
138 | void get_id ( void *session_id, | ||
139 | size_t * session_id_size) const; | ||
140 | |||
141 | bool is_resumed () const; | ||
142 | |||
143 | void set_max_handshake_packet_length ( size_t max); | ||
144 | |||
145 | void clear_credentials(); | ||
146 | void set_credentials( class credentials & cred); | ||
147 | |||
148 | void set_transport_ptr( gnutls_transport_ptr_t ptr); | ||
149 | void set_transport_ptr( gnutls_transport_ptr_t recv_ptr, gnutls_transport_ptr_t send_ptr); | ||
150 | gnutls_transport_ptr_t get_transport_ptr() const; | ||
151 | void get_transport_ptr(gnutls_transport_ptr_t & recv_ptr, | ||
152 | gnutls_transport_ptr_t & send_ptr) const; | ||
153 | |||
154 | void set_transport_lowat (size_t num); | ||
155 | void set_transport_push_function( gnutls_push_func push_func); | ||
156 | void set_transport_pull_function( gnutls_pull_func pull_func); | ||
157 | |||
158 | void set_user_ptr( void* ptr); | ||
159 | void *get_user_ptr() const; | ||
160 | |||
161 | void send_openpgp_cert( gnutls_openpgp_crt_status_t status); | ||
162 | |||
163 | gnutls_credentials_type_t get_auth_type() const; | ||
164 | gnutls_credentials_type_t get_server_auth_type() const; | ||
165 | gnutls_credentials_type_t get_client_auth_type() const; | ||
166 | |||
167 | // informational stuff | ||
168 | void set_dh_prime_bits( unsigned int bits); | ||
169 | unsigned int get_dh_secret_bits() const; | ||
170 | unsigned int get_dh_peers_public_bits() const; | ||
171 | unsigned int get_dh_prime_bits() const; | ||
172 | void get_dh_group( gnutls_datum_t & gen, gnutls_datum_t & prime) const; | ||
173 | void get_dh_pubkey( gnutls_datum_t & raw_key) const; | ||
174 | void get_rsa_export_pubkey( gnutls_datum_t& exponent, gnutls_datum_t& modulus) const; | ||
175 | unsigned int get_rsa_export_modulus_bits() const; | ||
176 | |||
177 | void get_our_certificate(gnutls_datum_t & cert) const; | ||
178 | bool get_peers_certificate(std::vector<gnutls_datum_t> &out_certs) const; | ||
179 | bool get_peers_certificate(const gnutls_datum_t** certs, unsigned int *certs_size) const; | ||
180 | |||
181 | time_t get_peers_certificate_activation_time() const; | ||
182 | time_t get_peers_certificate_expiration_time() const; | ||
183 | void verify_peers_certificate( unsigned int& status) const; | ||
184 | |||
185 | }; | ||
186 | |||
187 | // interface for databases | ||
188 | class DB | ||
189 | { | ||
190 | public: | ||
191 | virtual ~DB()=0; | ||
192 | virtual bool store( const gnutls_datum_t& key, const gnutls_datum_t& data)=0; | ||
193 | virtual bool retrieve( const gnutls_datum_t& key, gnutls_datum_t& data)=0; | ||
194 | virtual bool remove( const gnutls_datum_t& key)=0; | ||
195 | }; | ||
196 | |||
197 | class server_session: public session | ||
198 | { | ||
199 | public: | ||
200 | server_session(); | ||
201 | void db_remove() const; | ||
202 | |||
203 | void set_db_cache_expiration (unsigned int seconds); | ||
204 | void set_db( const DB& db); | ||
205 | |||
206 | // returns true if session is expired | ||
207 | bool db_check_entry ( gnutls_datum_t &session_data) const; | ||
208 | |||
209 | // server side only | ||
210 | const char *get_srp_username() const; | ||
211 | const char *get_psk_username() const; | ||
212 | |||
213 | void get_server_name (void *data, size_t * data_length, | ||
214 | unsigned int *type, unsigned int indx) const; | ||
215 | |||
216 | int rehandshake(); | ||
217 | void set_certificate_request( gnutls_certificate_request_t); | ||
218 | }; | ||
219 | |||
220 | class client_session: public session | ||
221 | { | ||
222 | public: | ||
223 | client_session(); | ||
224 | void set_server_name (gnutls_server_name_type_t type, | ||
225 | const void *name, size_t name_length); | ||
226 | |||
227 | bool get_request_status(); | ||
228 | }; | ||
229 | |||
230 | |||
231 | class credentials | ||
232 | { | ||
233 | public: | ||
234 | credentials(gnutls_credentials_type_t t); | ||
235 | #if defined(__APPLE__) || defined(__MACOS__) | ||
236 | /* FIXME: This #if is due to a compile bug in Mac OS X. Give | ||
237 | it some time and then remove this cruft. See also | ||
238 | lib/gnutlsxx.cpp. */ | ||
239 | credentials( credentials& c) { | ||
240 | type = c.type; | ||
241 | set_ptr( c.ptr()); | ||
242 | } | ||
243 | #else | ||
244 | credentials( credentials& c); | ||
245 | #endif | ||
246 | virtual ~credentials() { } | ||
247 | gnutls_credentials_type_t get_type() const; | ||
248 | protected: | ||
249 | friend class session; | ||
250 | virtual void* ptr() const=0; | ||
251 | virtual void set_ptr(void* ptr)=0; | ||
252 | gnutls_credentials_type_t type; | ||
253 | }; | ||
254 | |||
255 | class certificate_credentials: public credentials | ||
256 | { | ||
257 | public: | ||
258 | ~certificate_credentials(); | ||
259 | certificate_credentials(); | ||
260 | |||
261 | void free_keys (); | ||
262 | void free_cas (); | ||
263 | void free_ca_names (); | ||
264 | void free_crls (); | ||
265 | |||
266 | void set_dh_params ( const dh_params ¶ms); | ||
267 | void set_rsa_export_params ( const rsa_params& params); | ||
268 | void set_verify_flags ( unsigned int flags); | ||
269 | void set_verify_limits ( unsigned int max_bits, unsigned int max_depth); | ||
270 | |||
271 | void set_x509_trust_file(const char *cafile, gnutls_x509_crt_fmt_t type); | ||
272 | void set_x509_trust(const gnutls_datum_t & CA, gnutls_x509_crt_fmt_t type); | ||
273 | // FIXME: use classes instead of gnutls_x509_crt_t | ||
274 | void set_x509_trust ( gnutls_x509_crt_t * ca_list, int ca_list_size); | ||
275 | |||
276 | void set_x509_crl_file( const char *crlfile, gnutls_x509_crt_fmt_t type); | ||
277 | void set_x509_crl(const gnutls_datum_t & CRL, gnutls_x509_crt_fmt_t type); | ||
278 | void set_x509_crl ( gnutls_x509_crl_t * crl_list, int crl_list_size); | ||
279 | |||
280 | void set_x509_key_file(const char *certfile, const char *KEYFILE, gnutls_x509_crt_fmt_t type); | ||
281 | void set_x509_key(const gnutls_datum_t & CERT, const gnutls_datum_t & KEY, gnutls_x509_crt_fmt_t type); | ||
282 | // FIXME: use classes | ||
283 | void set_x509_key ( gnutls_x509_crt_t * cert_list, int cert_list_size, | ||
284 | gnutls_x509_privkey_t key); | ||
285 | |||
286 | |||
287 | void set_simple_pkcs12_file( const char *pkcs12file, | ||
288 | gnutls_x509_crt_fmt_t type, const char *password); | ||
289 | |||
290 | protected: | ||
291 | void* ptr() const; | ||
292 | void set_ptr(void* p); | ||
293 | gnutls_certificate_credentials_t cred; | ||
294 | }; | ||
295 | |||
296 | class certificate_server_credentials: public certificate_credentials | ||
297 | { | ||
298 | certificate_server_credentials() { } | ||
299 | public: | ||
300 | void set_retrieve_function( gnutls_certificate_server_retrieve_function* func); | ||
301 | void set_params_function( gnutls_params_function* func); | ||
302 | }; | ||
303 | |||
304 | class certificate_client_credentials: public certificate_credentials | ||
305 | { | ||
306 | public: | ||
307 | certificate_client_credentials() { } | ||
308 | void set_retrieve_function( gnutls_certificate_client_retrieve_function* func); | ||
309 | }; | ||
310 | |||
311 | |||
312 | |||
313 | |||
314 | class anon_server_credentials: public credentials | ||
315 | { | ||
316 | public: | ||
317 | anon_server_credentials(); | ||
318 | ~anon_server_credentials(); | ||
319 | void set_dh_params ( const dh_params ¶ms); | ||
320 | void set_params_function ( gnutls_params_function * func); | ||
321 | protected: | ||
322 | gnutls_anon_server_credentials_t cred; | ||
323 | }; | ||
324 | |||
325 | class anon_client_credentials: public credentials | ||
326 | { | ||
327 | public: | ||
328 | anon_client_credentials(); | ||
329 | ~anon_client_credentials(); | ||
330 | protected: | ||
331 | gnutls_anon_client_credentials_t cred; | ||
332 | }; | ||
333 | |||
334 | |||
335 | class srp_server_credentials: public credentials | ||
336 | { | ||
337 | public: | ||
338 | srp_server_credentials(); | ||
339 | ~srp_server_credentials(); | ||
340 | void set_credentials_file (const char *password_file, const char *password_conf_file); | ||
341 | void set_credentials_function( gnutls_srp_server_credentials_function *func); | ||
342 | protected: | ||
343 | void* ptr() const; | ||
344 | void set_ptr(void* p); | ||
345 | gnutls_srp_server_credentials_t cred; | ||
346 | }; | ||
347 | |||
348 | class srp_client_credentials: public credentials | ||
349 | { | ||
350 | public: | ||
351 | srp_client_credentials(); | ||
352 | ~srp_client_credentials(); | ||
353 | void set_credentials (const char *username, const char *password); | ||
354 | void set_credentials_function( gnutls_srp_client_credentials_function* func); | ||
355 | protected: | ||
356 | void* ptr() const; | ||
357 | void set_ptr(void* p); | ||
358 | gnutls_srp_client_credentials_t cred; | ||
359 | }; | ||
360 | |||
361 | |||
362 | class psk_server_credentials: public credentials | ||
363 | { | ||
364 | public: | ||
365 | psk_server_credentials(); | ||
366 | ~psk_server_credentials(); | ||
367 | void set_credentials_file(const char* password_file); | ||
368 | void set_credentials_function( gnutls_psk_server_credentials_function* func); | ||
369 | void set_dh_params ( const dh_params ¶ms); | ||
370 | void set_params_function (gnutls_params_function * func); | ||
371 | protected: | ||
372 | void* ptr() const; | ||
373 | void set_ptr(void* p); | ||
374 | gnutls_psk_server_credentials_t cred; | ||
375 | }; | ||
376 | |||
377 | class psk_client_credentials: public credentials | ||
378 | { | ||
379 | public: | ||
380 | psk_client_credentials(); | ||
381 | ~psk_client_credentials(); | ||
382 | void set_credentials (const char *username, const gnutls_datum_t& key, gnutls_psk_key_flags flags); | ||
383 | void set_credentials_function( gnutls_psk_client_credentials_function* func); | ||
384 | protected: | ||
385 | void* ptr() const; | ||
386 | void set_ptr(void* p); | ||
387 | gnutls_psk_client_credentials_t cred; | ||
388 | }; | ||
389 | |||
390 | |||
391 | }; /* namespace */ | ||
392 | |||
393 | #endif /* GNUTLSXX_H */ | ||
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am index 309080ea..ca847aa2 100644 --- a/src/daemon/https/tls/Makefile.am +++ b/src/daemon/https/tls/Makefile.am | |||
@@ -64,10 +64,8 @@ gnutls_state.c \ | |||
64 | gnutls_str.c \ | 64 | gnutls_str.c \ |
65 | gnutls_supplemental.c \ | 65 | gnutls_supplemental.c \ |
66 | gnutls_ui.c \ | 66 | gnutls_ui.c \ |
67 | gnutls_v2_compat.c \ | ||
68 | gnutls_x509.c \ | 67 | gnutls_x509.c \ |
69 | pkix_asn1_tab.c \ | 68 | pkix_asn1_tab.c \ |
70 | x509_b64.c | 69 | x509_b64.c |
71 | 70 | ||
72 | # gnutlsxx.cpp | ||
73 | 71 | ||
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index 1af07a91..f943a669 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -41,15 +41,14 @@ | |||
41 | #include "gnutls_extensions.h" | 41 | #include "gnutls_extensions.h" |
42 | #include "gnutls_supplemental.h" | 42 | #include "gnutls_supplemental.h" |
43 | #include "gnutls_auth_int.h" | 43 | #include "gnutls_auth_int.h" |
44 | #include "gnutls_v2_compat.h" | ||
45 | #include "auth_cert.h" | 44 | #include "auth_cert.h" |
46 | #include "gnutls_cert.h" | 45 | #include "gnutls_cert.h" |
47 | #include "gnutls_constate.h" | 46 | #include "gnutls_constate.h" |
48 | #include <gnutls_record.h> | 47 | #include "gnutls_record.h" |
49 | #include <gnutls_state.h> | 48 | #include "gnutls_state.h" |
50 | #include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */ | 49 | #include "gnutls_rsa_export.h" /* for gnutls_get_rsa_params() */ |
51 | #include <auth_anon.h> /* for gnutls_anon_server_credentials_t */ | 50 | #include "auth_anon.h" /* for gnutls_anon_server_credentials_t */ |
52 | #include <gc.h> | 51 | #include "gc.h" |
53 | 52 | ||
54 | #ifdef HANDSHAKE_DEBUG | 53 | #ifdef HANDSHAKE_DEBUG |
55 | #define ERR(x, y) _gnutls_handshake_log( "HSK[%x]: %s (%d)\n", session, x,y) | 54 | #define ERR(x, y) _gnutls_handshake_log( "HSK[%x]: %s (%d)\n", session, x,y) |
@@ -76,7 +75,7 @@ _gnutls_handshake_hash_buffers_clear (gnutls_session_t session) | |||
76 | _gnutls_handshake_buffer_clear (session); | 75 | _gnutls_handshake_buffer_clear (session); |
77 | } | 76 | } |
78 | 77 | ||
79 | /* this will copy the required values for resuming to | 78 | /* this will copy the required values for resuming to |
80 | * internals, and to security_parameters. | 79 | * internals, and to security_parameters. |
81 | * this will keep as less data to security_parameters. | 80 | * this will keep as less data to security_parameters. |
82 | */ | 81 | */ |
@@ -91,7 +90,7 @@ resume_copy_required_values (gnutls_session_t session) | |||
91 | client_random, | 90 | client_random, |
92 | session->security_parameters.client_random, TLS_RANDOM_SIZE); | 91 | session->security_parameters.client_random, TLS_RANDOM_SIZE); |
93 | 92 | ||
94 | /* keep the ciphersuite and compression | 93 | /* keep the ciphersuite and compression |
95 | * That is because the client must see these in our | 94 | * That is because the client must see these in our |
96 | * hello message. | 95 | * hello message. |
97 | */ | 96 | */ |
@@ -135,8 +134,7 @@ _gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd) | |||
135 | memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE); | 134 | memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE); |
136 | } | 135 | } |
137 | 136 | ||
138 | /* Calculate The SSL3 Finished message | 137 | /* Calculate The SSL3 Finished message */ |
139 | */ | ||
140 | #define SSL3_CLIENT_MSG "CLNT" | 138 | #define SSL3_CLIENT_MSG "CLNT" |
141 | #define SSL3_SERVER_MSG "SRVR" | 139 | #define SSL3_SERVER_MSG "SRVR" |
142 | #define SSL_MSG_LEN 4 | 140 | #define SSL_MSG_LEN 4 |
@@ -185,8 +183,7 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret) | |||
185 | return 0; | 183 | return 0; |
186 | } | 184 | } |
187 | 185 | ||
188 | /* Hash the handshake messages as required by TLS 1.0 | 186 | /* Hash the handshake messages as required by TLS 1.0 */ |
189 | */ | ||
190 | #define SERVER_MSG "server finished" | 187 | #define SERVER_MSG "server finished" |
191 | #define CLIENT_MSG "client finished" | 188 | #define CLIENT_MSG "client finished" |
192 | #define TLS_MSG_LEN 15 | 189 | #define TLS_MSG_LEN 15 |
@@ -331,7 +328,7 @@ _gnutls_user_hello_func (gnutls_session session, | |||
331 | return 0; | 328 | return 0; |
332 | } | 329 | } |
333 | 330 | ||
334 | /* Read a client hello packet. | 331 | /* Read a client hello packet. |
335 | * A client hello must be a known version client hello | 332 | * A client hello must be a known version client hello |
336 | * or version 2.0 client hello (only for compatibility | 333 | * or version 2.0 client hello (only for compatibility |
337 | * since SSL version 2.0 is not supported). | 334 | * since SSL version 2.0 is not supported). |
@@ -348,10 +345,6 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, | |||
348 | int len = datalen; | 345 | int len = datalen; |
349 | opaque rnd[TLS_RANDOM_SIZE], *suite_ptr, *comp_ptr; | 346 | opaque rnd[TLS_RANDOM_SIZE], *suite_ptr, *comp_ptr; |
350 | 347 | ||
351 | if (session->internals.v2_hello != 0) | ||
352 | { /* version 2.0 */ | ||
353 | return _gnutls_read_client_hello_v2 (session, data, datalen); | ||
354 | } | ||
355 | DECR_LEN (len, 2); | 348 | DECR_LEN (len, 2); |
356 | 349 | ||
357 | _gnutls_handshake_log ("HSK[%x]: Client's version: %d.%d\n", session, | 350 | _gnutls_handshake_log ("HSK[%x]: Client's version: %d.%d\n", session, |
@@ -382,8 +375,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, | |||
382 | DECR_LEN (len, 1); | 375 | DECR_LEN (len, 1); |
383 | session_id_len = data[pos++]; | 376 | session_id_len = data[pos++]; |
384 | 377 | ||
385 | /* RESUME SESSION | 378 | /* RESUME SESSION */ |
386 | */ | ||
387 | if (session_id_len > TLS_MAX_SESSION_ID_SIZE) | 379 | if (session_id_len > TLS_MAX_SESSION_ID_SIZE) |
388 | { | 380 | { |
389 | gnutls_assert (); | 381 | gnutls_assert (); |
@@ -478,7 +470,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, | |||
478 | return 0; | 470 | return 0; |
479 | } | 471 | } |
480 | 472 | ||
481 | /* here we hash all pending data. | 473 | /* here we hash all pending data. |
482 | */ | 474 | */ |
483 | inline static int | 475 | inline static int |
484 | _gnutls_handshake_hash_pending (gnutls_session_t session) | 476 | _gnutls_handshake_hash_pending (gnutls_session_t session) |
@@ -569,7 +561,7 @@ _gnutls_send_finished (gnutls_session_t session, int again) | |||
569 | } | 561 | } |
570 | 562 | ||
571 | /* This is to be called after sending our finished message. If everything | 563 | /* This is to be called after sending our finished message. If everything |
572 | * went fine we have negotiated a secure connection | 564 | * went fine we have negotiated a secure connection |
573 | */ | 565 | */ |
574 | int | 566 | int |
575 | _gnutls_recv_finished (gnutls_session_t session) | 567 | _gnutls_recv_finished (gnutls_session_t session) |
@@ -803,7 +795,7 @@ finish: | |||
803 | } | 795 | } |
804 | 796 | ||
805 | 797 | ||
806 | /* This selects the best supported compression method from the ones provided | 798 | /* This selects the best supported compression method from the ones provided |
807 | */ | 799 | */ |
808 | int | 800 | int |
809 | _gnutls_server_select_comp_method (gnutls_session_t session, | 801 | _gnutls_server_select_comp_method (gnutls_session_t session, |
@@ -875,8 +867,7 @@ _gnutls_send_empty_handshake (gnutls_session_t session, | |||
875 | } | 867 | } |
876 | 868 | ||
877 | 869 | ||
878 | /* This function will hash the handshake message we sent. | 870 | /* This function will hash the handshake message we sent. */ |
879 | */ | ||
880 | static int | 871 | static int |
881 | _gnutls_handshake_hash_add_sent (gnutls_session_t session, | 872 | _gnutls_handshake_hash_add_sent (gnutls_session_t session, |
882 | gnutls_handshake_description_t type, | 873 | gnutls_handshake_description_t type, |
@@ -904,7 +895,7 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, | |||
904 | 895 | ||
905 | /* This function sends a handshake message of type 'type' containing the | 896 | /* This function sends a handshake message of type 'type' containing the |
906 | * data specified here. If the previous _gnutls_send_handshake() returned | 897 | * data specified here. If the previous _gnutls_send_handshake() returned |
907 | * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again | 898 | * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again |
908 | * (until it returns ok), with NULL parameters. | 899 | * (until it returns ok), with NULL parameters. |
909 | */ | 900 | */ |
910 | int | 901 | int |
@@ -1533,8 +1524,7 @@ _gnutls_read_server_hello (gnutls_session_t session, | |||
1533 | 1524 | ||
1534 | 1525 | ||
1535 | 1526 | ||
1536 | /* move to compression | 1527 | /* move to compression */ |
1537 | */ | ||
1538 | DECR_LEN (len, 1); | 1528 | DECR_LEN (len, 1); |
1539 | 1529 | ||
1540 | ret = _gnutls_client_set_comp_method (session, data[pos++]); | 1530 | ret = _gnutls_client_set_comp_method (session, data[pos++]); |
@@ -1628,7 +1618,7 @@ _gnutls_copy_ciphersuites (gnutls_session_t session, | |||
1628 | } | 1618 | } |
1629 | 1619 | ||
1630 | 1620 | ||
1631 | /* This function copies the appropriate compression methods, to a locally allocated buffer | 1621 | /* This function copies the appropriate compression methods, to a locally allocated buffer |
1632 | * Needed in hello messages. Returns the new data length. | 1622 | * Needed in hello messages. Returns the new data length. |
1633 | */ | 1623 | */ |
1634 | static int | 1624 | static int |
@@ -1701,7 +1691,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) | |||
1701 | { | 1691 | { |
1702 | 1692 | ||
1703 | datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE; | 1693 | datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE; |
1704 | /* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE) | 1694 | /* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE) |
1705 | */ | 1695 | */ |
1706 | 1696 | ||
1707 | data = gnutls_malloc (datalen); | 1697 | data = gnutls_malloc (datalen); |
@@ -1731,7 +1721,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) | |||
1731 | data[pos++] = _gnutls_version_get_major (hver); | 1721 | data[pos++] = _gnutls_version_get_major (hver); |
1732 | data[pos++] = _gnutls_version_get_minor (hver); | 1722 | data[pos++] = _gnutls_version_get_minor (hver); |
1733 | 1723 | ||
1734 | /* Set the version we advertized as maximum | 1724 | /* Set the version we advertized as maximum |
1735 | * (RSA uses it). | 1725 | * (RSA uses it). |
1736 | */ | 1726 | */ |
1737 | _gnutls_set_adv_version (session, hver); | 1727 | _gnutls_set_adv_version (session, hver); |
@@ -1740,8 +1730,8 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) | |||
1740 | * different version in the record layer. | 1730 | * different version in the record layer. |
1741 | * It seems they prefer to read the record's version | 1731 | * It seems they prefer to read the record's version |
1742 | * as the one we actually requested. | 1732 | * as the one we actually requested. |
1743 | * The proper behaviour is to use the one in the client hello | 1733 | * The proper behaviour is to use the one in the client hello |
1744 | * handshake packet and ignore the one in the packet's record | 1734 | * handshake packet and ignore the one in the packet's record |
1745 | * header. | 1735 | * header. |
1746 | */ | 1736 | */ |
1747 | _gnutls_set_current_version (session, hver); | 1737 | _gnutls_set_current_version (session, hver); |
@@ -1750,7 +1740,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) | |||
1750 | */ | 1740 | */ |
1751 | session->security_parameters.timestamp = time (NULL); | 1741 | session->security_parameters.timestamp = time (NULL); |
1752 | 1742 | ||
1753 | /* Generate random data | 1743 | /* Generate random data |
1754 | */ | 1744 | */ |
1755 | _gnutls_tls_create_random (rnd); | 1745 | _gnutls_tls_create_random (rnd); |
1756 | _gnutls_set_client_random (session, rnd); | 1746 | _gnutls_set_client_random (session, rnd); |
@@ -1758,8 +1748,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) | |||
1758 | memcpy (&data[pos], rnd, TLS_RANDOM_SIZE); | 1748 | memcpy (&data[pos], rnd, TLS_RANDOM_SIZE); |
1759 | pos += TLS_RANDOM_SIZE; | 1749 | pos += TLS_RANDOM_SIZE; |
1760 | 1750 | ||
1761 | /* Copy the Session ID | 1751 | /* Copy the Session ID */ |
1762 | */ | ||
1763 | data[pos++] = session_id_len; | 1752 | data[pos++] = session_id_len; |
1764 | 1753 | ||
1765 | if (session_id_len > 0) | 1754 | if (session_id_len > 0) |
@@ -2286,7 +2275,7 @@ gnutls_handshake (gnutls_session_t session) | |||
2286 | 2275 | ||
2287 | 2276 | ||
2288 | /* | 2277 | /* |
2289 | * _gnutls_handshake_client | 2278 | * _gnutls_handshake_client |
2290 | * This function performs the client side of the handshake of the TLS/SSL protocol. | 2279 | * This function performs the client side of the handshake of the TLS/SSL protocol. |
2291 | */ | 2280 | */ |
2292 | int | 2281 | int |
@@ -2348,7 +2337,7 @@ _gnutls_handshake_client (gnutls_session_t session) | |||
2348 | IMED_RET ("recv server kx message", ret); | 2337 | IMED_RET ("recv server kx message", ret); |
2349 | 2338 | ||
2350 | case STATE5: | 2339 | case STATE5: |
2351 | /* receive the server certificate request - if any | 2340 | /* receive the server certificate request - if any |
2352 | */ | 2341 | */ |
2353 | 2342 | ||
2354 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ | 2343 | if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ |
@@ -2405,7 +2394,7 @@ _gnutls_handshake_client (gnutls_session_t session) | |||
2405 | return 0; | 2394 | return 0; |
2406 | } | 2395 | } |
2407 | 2396 | ||
2408 | /* This function sends the final handshake packets and initializes connection | 2397 | /* This function sends the final handshake packets and initializes connection |
2409 | */ | 2398 | */ |
2410 | static int | 2399 | static int |
2411 | _gnutls_send_handshake_final (gnutls_session_t session, int init) | 2400 | _gnutls_send_handshake_final (gnutls_session_t session, int init) |
@@ -2427,7 +2416,7 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init) | |||
2427 | return ret; | 2416 | return ret; |
2428 | } | 2417 | } |
2429 | 2418 | ||
2430 | /* Initialize the connection session (start encryption) - in case of client | 2419 | /* Initialize the connection session (start encryption) - in case of client |
2431 | */ | 2420 | */ |
2432 | if (init == TRUE) | 2421 | if (init == TRUE) |
2433 | { | 2422 | { |
@@ -2465,7 +2454,7 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init) | |||
2465 | return 0; | 2454 | return 0; |
2466 | } | 2455 | } |
2467 | 2456 | ||
2468 | /* This function receives the final handshake packets | 2457 | /* This function receives the final handshake packets |
2469 | * And executes the appropriate function to initialize the | 2458 | * And executes the appropriate function to initialize the |
2470 | * read session. | 2459 | * read session. |
2471 | */ | 2460 | */ |
@@ -2525,7 +2514,7 @@ _gnutls_recv_handshake_final (gnutls_session_t session, int init) | |||
2525 | } | 2514 | } |
2526 | 2515 | ||
2527 | /* | 2516 | /* |
2528 | * _gnutls_handshake_server | 2517 | * _gnutls_handshake_server |
2529 | * This function does the server stuff of the handshake protocol. | 2518 | * This function does the server stuff of the handshake protocol. |
2530 | */ | 2519 | */ |
2531 | 2520 | ||
@@ -2846,7 +2835,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, | |||
2846 | gnutls_kx_algorithm_t *alg = NULL; | 2835 | gnutls_kx_algorithm_t *alg = NULL; |
2847 | int alg_size = 0; | 2836 | int alg_size = 0; |
2848 | 2837 | ||
2849 | /* if we should use a specific certificate, | 2838 | /* if we should use a specific certificate, |
2850 | * we should remove all algorithms that are not supported | 2839 | * we should remove all algorithms that are not supported |
2851 | * by that certificate and are on the same authentication | 2840 | * by that certificate and are on the same authentication |
2852 | * method (CERTIFICATE). | 2841 | * method (CERTIFICATE). |
@@ -2873,7 +2862,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, | |||
2873 | } | 2862 | } |
2874 | } | 2863 | } |
2875 | 2864 | ||
2876 | /* get all the key exchange algorithms that are | 2865 | /* get all the key exchange algorithms that are |
2877 | * supported by the X509 certificate parameters. | 2866 | * supported by the X509 certificate parameters. |
2878 | */ | 2867 | */ |
2879 | if ((ret = | 2868 | if ((ret = |
@@ -2902,7 +2891,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, | |||
2902 | */ | 2891 | */ |
2903 | kx = _gnutls_cipher_suite_get_kx_algo (&(*cipherSuites)[i]); | 2892 | kx = _gnutls_cipher_suite_get_kx_algo (&(*cipherSuites)[i]); |
2904 | 2893 | ||
2905 | /* if it is defined but had no credentials | 2894 | /* if it is defined but had no credentials |
2906 | */ | 2895 | */ |
2907 | if (_gnutls_get_kx_cred (session, kx, NULL) == NULL) | 2896 | if (_gnutls_get_kx_cred (session, kx, NULL) == NULL) |
2908 | { | 2897 | { |
diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c index 69019191..1b20cd1a 100644 --- a/src/daemon/https/tls/gnutls_priority.c +++ b/src/daemon/https/tls/gnutls_priority.c | |||
@@ -193,7 +193,7 @@ gnutls_protocol_set_priority (gnutls_session_t session, const int *list) | |||
193 | * Sets the priority on the certificate types supported by gnutls. | 193 | * Sets the priority on the certificate types supported by gnutls. |
194 | * Priority is higher for elements specified before others. | 194 | * Priority is higher for elements specified before others. |
195 | * After specifying the types you want, you must append a 0. | 195 | * After specifying the types you want, you must append a 0. |
196 | * Note that the certificate type priority is set on the client. | 196 | * Note that the certificate type priority is set on the client. |
197 | * The server does not use the cert type priority except for disabling | 197 | * The server does not use the cert type priority except for disabling |
198 | * types that were not specified. | 198 | * types that were not specified. |
199 | * | 199 | * |
@@ -215,7 +215,7 @@ gnutls_certificate_type_set_priority (gnutls_session_t session, | |||
215 | } | 215 | } |
216 | 216 | ||
217 | static const int protocol_priority[] = { GNUTLS_TLS1_1, | 217 | static const int protocol_priority[] = { GNUTLS_TLS1_1, |
218 | GNUTLS_TLS1_0, | 218 | GNUTLS_TLS1_0, GNUTLS_SSL3, |
219 | 0 | 219 | 0 |
220 | }; | 220 | }; |
221 | 221 | ||
diff --git a/src/daemon/https/tls/gnutls_v2_compat.c b/src/daemon/https/tls/gnutls_v2_compat.c deleted file mode 100644 index ecf8c936..00000000 --- a/src/daemon/https/tls/gnutls_v2_compat.c +++ /dev/null | |||
@@ -1,259 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2004, 2005, 2006 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* Functions to parse the SSLv2.0 hello message. | ||
26 | */ | ||
27 | |||
28 | #include "gnutls_int.h" | ||
29 | #include "gnutls_errors.h" | ||
30 | #include "gnutls_dh.h" | ||
31 | #include "debug.h" | ||
32 | #include "gnutls_algorithms.h" | ||
33 | #include "gnutls_compress.h" | ||
34 | #include "gnutls_cipher.h" | ||
35 | #include "gnutls_buffers.h" | ||
36 | #include "gnutls_kx.h" | ||
37 | #include "gnutls_handshake.h" | ||
38 | #include "gnutls_num.h" | ||
39 | #include "gnutls_hash_int.h" | ||
40 | #include "gnutls_db.h" | ||
41 | #include "gnutls_extensions.h" | ||
42 | #include "gnutls_auth_int.h" | ||
43 | |||
44 | /* This selects the best supported ciphersuite from the ones provided */ | ||
45 | static int | ||
46 | _gnutls_handshake_select_v2_suite (gnutls_session_t session, | ||
47 | opaque * data, int datalen) | ||
48 | { | ||
49 | int i, j, ret; | ||
50 | opaque *_data; | ||
51 | int _datalen; | ||
52 | |||
53 | _gnutls_handshake_log ("HSK[%x]: Parsing a version 2.0 client hello.\n", | ||
54 | session); | ||
55 | |||
56 | _data = gnutls_malloc (datalen); | ||
57 | if (_data == NULL) | ||
58 | { | ||
59 | gnutls_assert (); | ||
60 | return GNUTLS_E_MEMORY_ERROR; | ||
61 | } | ||
62 | |||
63 | if (datalen % 3 != 0) | ||
64 | { | ||
65 | gnutls_assert (); | ||
66 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
67 | } | ||
68 | |||
69 | i = _datalen = 0; | ||
70 | for (j = 0; j < datalen; j += 3) | ||
71 | { | ||
72 | if (data[j] == 0) | ||
73 | { | ||
74 | memcpy (&_data[i], &data[j + 1], 2); | ||
75 | i += 2; | ||
76 | _datalen += 2; | ||
77 | } | ||
78 | } | ||
79 | |||
80 | ret = _gnutls_server_select_suite (session, _data, _datalen); | ||
81 | gnutls_free (_data); | ||
82 | |||
83 | return ret; | ||
84 | |||
85 | } | ||
86 | |||
87 | |||
88 | /* Read a v2 client hello. Some browsers still use that beast! | ||
89 | * However they set their version to 3.0 or 3.1. | ||
90 | */ | ||
91 | int | ||
92 | _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, | ||
93 | int datalen) | ||
94 | { | ||
95 | uint16_t session_id_len = 0; | ||
96 | int pos = 0; | ||
97 | int ret = 0; | ||
98 | uint16_t sizeOfSuites; | ||
99 | gnutls_protocol_t adv_version; | ||
100 | opaque rnd[TLS_RANDOM_SIZE]; | ||
101 | int len = datalen; | ||
102 | int err; | ||
103 | uint16_t challenge; | ||
104 | opaque session_id[TLS_MAX_SESSION_ID_SIZE]; | ||
105 | |||
106 | /* we only want to get here once - only in client hello */ | ||
107 | session->internals.v2_hello = 0; | ||
108 | |||
109 | DECR_LEN (len, 2); | ||
110 | |||
111 | _gnutls_handshake_log | ||
112 | ("HSK[%x]: SSL 2.0 Hello: Client's version: %d.%d\n", session, | ||
113 | data[pos], data[pos + 1]); | ||
114 | |||
115 | set_adv_version (session, data[pos], data[pos + 1]); | ||
116 | |||
117 | adv_version = _gnutls_version_get (data[pos], data[pos + 1]); | ||
118 | |||
119 | ret = _gnutls_negotiate_version (session, adv_version); | ||
120 | if (ret < 0) | ||
121 | { | ||
122 | gnutls_assert (); | ||
123 | return ret; | ||
124 | } | ||
125 | |||
126 | pos += 2; | ||
127 | |||
128 | /* Read uint16_t cipher_spec_length */ | ||
129 | DECR_LEN (len, 2); | ||
130 | sizeOfSuites = _gnutls_read_uint16 (&data[pos]); | ||
131 | pos += 2; | ||
132 | |||
133 | /* read session id length */ | ||
134 | DECR_LEN (len, 2); | ||
135 | session_id_len = _gnutls_read_uint16 (&data[pos]); | ||
136 | pos += 2; | ||
137 | |||
138 | if (session_id_len > TLS_MAX_SESSION_ID_SIZE) | ||
139 | { | ||
140 | gnutls_assert (); | ||
141 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | ||
142 | } | ||
143 | |||
144 | /* read challenge length */ | ||
145 | DECR_LEN (len, 2); | ||
146 | challenge = _gnutls_read_uint16 (&data[pos]); | ||
147 | pos += 2; | ||
148 | |||
149 | if (challenge < 16 || challenge > TLS_RANDOM_SIZE) | ||
150 | { | ||
151 | gnutls_assert (); | ||
152 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; | ||
153 | } | ||
154 | |||
155 | /* call the user hello callback | ||
156 | */ | ||
157 | ret = _gnutls_user_hello_func (session, adv_version); | ||
158 | if (ret < 0) | ||
159 | { | ||
160 | gnutls_assert (); | ||
161 | return ret; | ||
162 | } | ||
163 | |||
164 | /* find an appropriate cipher suite */ | ||
165 | |||
166 | DECR_LEN (len, sizeOfSuites); | ||
167 | ret = _gnutls_handshake_select_v2_suite (session, &data[pos], sizeOfSuites); | ||
168 | |||
169 | pos += sizeOfSuites; | ||
170 | if (ret < 0) | ||
171 | { | ||
172 | gnutls_assert (); | ||
173 | return ret; | ||
174 | } | ||
175 | |||
176 | /* check if the credentials (username, public key etc.) are ok | ||
177 | */ | ||
178 | if (_gnutls_get_kx_cred | ||
179 | (session, | ||
180 | _gnutls_cipher_suite_get_kx_algo (&session->security_parameters. | ||
181 | current_cipher_suite), | ||
182 | &err) == NULL && err != 0) | ||
183 | { | ||
184 | gnutls_assert (); | ||
185 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
186 | } | ||
187 | |||
188 | /* set the mod_auth_st to the appropriate struct | ||
189 | * according to the KX algorithm. This is needed since all the | ||
190 | * handshake functions are read from there; | ||
191 | */ | ||
192 | session->internals.auth_struct = | ||
193 | _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo | ||
194 | (&session->security_parameters. | ||
195 | current_cipher_suite)); | ||
196 | if (session->internals.auth_struct == NULL) | ||
197 | { | ||
198 | |||
199 | _gnutls_handshake_log | ||
200 | ("HSK[%x]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n", | ||
201 | session); | ||
202 | |||
203 | gnutls_assert (); | ||
204 | return GNUTLS_E_INTERNAL_ERROR; | ||
205 | } | ||
206 | |||
207 | |||
208 | |||
209 | /* read random new values -skip session id for now */ | ||
210 | DECR_LEN (len, session_id_len); /* skip session id for now */ | ||
211 | memcpy (session_id, &data[pos], session_id_len); | ||
212 | pos += session_id_len; | ||
213 | |||
214 | DECR_LEN (len, challenge); | ||
215 | memset (rnd, 0, TLS_RANDOM_SIZE); | ||
216 | |||
217 | memcpy (&rnd[TLS_RANDOM_SIZE - challenge], &data[pos], challenge); | ||
218 | |||
219 | _gnutls_set_client_random (session, rnd); | ||
220 | |||
221 | /* generate server random value */ | ||
222 | |||
223 | _gnutls_tls_create_random (rnd); | ||
224 | _gnutls_set_server_random (session, rnd); | ||
225 | |||
226 | session->security_parameters.timestamp = time (NULL); | ||
227 | |||
228 | |||
229 | /* RESUME SESSION */ | ||
230 | |||
231 | DECR_LEN (len, session_id_len); | ||
232 | ret = _gnutls_server_restore_session (session, session_id, session_id_len); | ||
233 | |||
234 | if (ret == 0) | ||
235 | { /* resumed! */ | ||
236 | /* get the new random values */ | ||
237 | memcpy (session->internals.resumed_security_parameters. | ||
238 | server_random, session->security_parameters.server_random, | ||
239 | TLS_RANDOM_SIZE); | ||
240 | memcpy (session->internals.resumed_security_parameters. | ||
241 | client_random, session->security_parameters.client_random, | ||
242 | TLS_RANDOM_SIZE); | ||
243 | |||
244 | session->internals.resumed = RESUME_TRUE; | ||
245 | return 0; | ||
246 | } | ||
247 | else | ||
248 | { | ||
249 | _gnutls_generate_session_id (session->security_parameters. | ||
250 | session_id, | ||
251 | &session->security_parameters. | ||
252 | session_id_size); | ||
253 | session->internals.resumed = RESUME_FALSE; | ||
254 | } | ||
255 | |||
256 | session->internals.compression_method = GNUTLS_COMP_NULL; | ||
257 | |||
258 | return 0; | ||
259 | } | ||
diff --git a/src/daemon/https/tls/gnutls_v2_compat.h b/src/daemon/https/tls/gnutls_v2_compat.h deleted file mode 100644 index 59ee6130..00000000 --- a/src/daemon/https/tls/gnutls_v2_compat.h +++ /dev/null | |||
@@ -1,26 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | int _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, | ||
26 | int datalen); | ||
diff --git a/src/daemon/https/tls/gnutlsxx.cpp b/src/daemon/https/tls/gnutlsxx.cpp deleted file mode 100644 index 70621a43..00000000 --- a/src/daemon/https/tls/gnutlsxx.cpp +++ /dev/null | |||
@@ -1,907 +0,0 @@ | |||
1 | #include <gnutlsxx.h> | ||
2 | |||
3 | using namespace gnutls; | ||
4 | |||
5 | inline int RETWRAP_NET(int ret) | ||
6 | { | ||
7 | if (gnutls_error_is_fatal(ret)) throw(exception(ret)); | ||
8 | else return ret; | ||
9 | } | ||
10 | |||
11 | inline int RETWRAP(int ret) | ||
12 | { | ||
13 | if (ret < 0) throw(exception(ret)); | ||
14 | return ret; | ||
15 | } | ||
16 | |||
17 | session::session( gnutls_connection_end_t end) | ||
18 | { | ||
19 | RETWRAP(gnutls_init( &this->s, end)); | ||
20 | } | ||
21 | |||
22 | session::session( session& s) | ||
23 | { | ||
24 | this->s = s.s; | ||
25 | } | ||
26 | |||
27 | session::~session() | ||
28 | { | ||
29 | gnutls_deinit( this->s); | ||
30 | } | ||
31 | |||
32 | int session::bye( gnutls_close_request_t how) | ||
33 | { | ||
34 | return RETWRAP_NET( gnutls_bye( this->s, how)); | ||
35 | } | ||
36 | |||
37 | int session::handshake () | ||
38 | { | ||
39 | return RETWRAP_NET( gnutls_handshake( this->s)); | ||
40 | } | ||
41 | |||
42 | |||
43 | server_session::server_session() : session( GNUTLS_SERVER) | ||
44 | { | ||
45 | } | ||
46 | |||
47 | int server_session::rehandshake() | ||
48 | { | ||
49 | return RETWRAP_NET( gnutls_rehandshake( this->s)); | ||
50 | } | ||
51 | |||
52 | gnutls_alert_description_t session::get_alert() const | ||
53 | { | ||
54 | return gnutls_alert_get( this->s); | ||
55 | } | ||
56 | |||
57 | int session::send_alert ( gnutls_alert_level_t level, | ||
58 | gnutls_alert_description_t desc) | ||
59 | { | ||
60 | return RETWRAP_NET(gnutls_alert_send( this->s, level, desc)); | ||
61 | } | ||
62 | |||
63 | int session::send_appropriate_alert (int err) | ||
64 | { | ||
65 | return RETWRAP_NET(gnutls_alert_send_appropriate( this->s, err)); | ||
66 | } | ||
67 | |||
68 | gnutls_cipher_algorithm_t session::get_cipher() const | ||
69 | { | ||
70 | return gnutls_cipher_get( this->s); | ||
71 | } | ||
72 | |||
73 | gnutls_kx_algorithm_t session::get_kx () const | ||
74 | { | ||
75 | return gnutls_kx_get( this->s); | ||
76 | } | ||
77 | |||
78 | gnutls_mac_algorithm_t session::get_mac () const | ||
79 | { | ||
80 | return gnutls_mac_get( this->s); | ||
81 | } | ||
82 | |||
83 | gnutls_compression_method_t session::get_compression() const | ||
84 | { | ||
85 | return gnutls_compression_get( this->s); | ||
86 | } | ||
87 | |||
88 | gnutls_certificate_type_t session::get_certificate_type() const | ||
89 | { | ||
90 | return gnutls_certificate_type_get( this->s); | ||
91 | } | ||
92 | |||
93 | void session::set_private_extensions ( bool allow) | ||
94 | { | ||
95 | gnutls_handshake_set_private_extensions( this->s, (int)allow); | ||
96 | } | ||
97 | |||
98 | gnutls_handshake_description_t session::get_handshake_last_out() const | ||
99 | { | ||
100 | return gnutls_handshake_get_last_out( this->s); | ||
101 | } | ||
102 | |||
103 | gnutls_handshake_description_t session::get_handshake_last_in() const | ||
104 | { | ||
105 | return gnutls_handshake_get_last_in( this->s); | ||
106 | } | ||
107 | |||
108 | ssize_t session::send (const void *data, size_t sizeofdata) | ||
109 | { | ||
110 | return RETWRAP_NET(gnutls_record_send( this->s, data, sizeofdata)); | ||
111 | } | ||
112 | |||
113 | ssize_t session::recv (void *data, size_t sizeofdata) | ||
114 | { | ||
115 | return RETWRAP_NET(gnutls_record_recv( this->s, data, sizeofdata)); | ||
116 | } | ||
117 | |||
118 | bool session::get_record_direction() const | ||
119 | { | ||
120 | return gnutls_record_get_direction(this->s); | ||
121 | } | ||
122 | |||
123 | // maximum packet size | ||
124 | size_t session::get_max_size () const | ||
125 | { | ||
126 | return gnutls_record_get_max_size( this->s); | ||
127 | } | ||
128 | |||
129 | void session::set_max_size(size_t size) | ||
130 | { | ||
131 | RETWRAP( gnutls_record_set_max_size( this->s, size)); | ||
132 | } | ||
133 | |||
134 | size_t session::check_pending () const | ||
135 | { | ||
136 | return gnutls_record_check_pending( this->s); | ||
137 | } | ||
138 | |||
139 | |||
140 | void session::prf (size_t label_size, const char *label, | ||
141 | int server_random_first, | ||
142 | size_t extra_size, const char *extra, | ||
143 | size_t outsize, char *out) | ||
144 | { | ||
145 | RETWRAP(gnutls_prf( this->s, label_size, label, server_random_first, | ||
146 | extra_size, extra, outsize, out)); | ||
147 | } | ||
148 | |||
149 | void session::prf_raw ( size_t label_size, const char *label, | ||
150 | size_t seed_size, const char *seed, | ||
151 | size_t outsize, char *out) | ||
152 | { | ||
153 | RETWRAP( gnutls_prf_raw( this->s, label_size, label, seed_size, seed, outsize, out)); | ||
154 | } | ||
155 | |||
156 | |||
157 | void session::set_cipher_priority (const int *list) | ||
158 | { | ||
159 | RETWRAP( gnutls_cipher_set_priority( this->s, list)); | ||
160 | } | ||
161 | |||
162 | void session::set_mac_priority (const int *list) | ||
163 | { | ||
164 | RETWRAP( gnutls_mac_set_priority( this->s, list)); | ||
165 | } | ||
166 | |||
167 | void session::set_compression_priority (const int *list) | ||
168 | { | ||
169 | RETWRAP( gnutls_compression_set_priority( this->s, list)); | ||
170 | } | ||
171 | |||
172 | void session::set_kx_priority (const int *list) | ||
173 | { | ||
174 | RETWRAP( gnutls_kx_set_priority( this->s, list)); | ||
175 | } | ||
176 | |||
177 | void session::set_protocol_priority (const int *list) | ||
178 | { | ||
179 | RETWRAP( gnutls_protocol_set_priority( this->s, list)); | ||
180 | } | ||
181 | |||
182 | void session::set_certificate_type_priority (const int *list) | ||
183 | { | ||
184 | RETWRAP( gnutls_certificate_type_set_priority( this->s, list)); | ||
185 | } | ||
186 | |||
187 | |||
188 | /* if you just want some defaults, use the following. | ||
189 | */ | ||
190 | void session::set_priority(const char* prio, const char** err_pos) | ||
191 | { | ||
192 | RETWRAP(gnutls_priority_set_direct( this->s, prio, err_pos)); | ||
193 | } | ||
194 | |||
195 | void session::set_priority(gnutls_priority_t p) | ||
196 | { | ||
197 | RETWRAP(gnutls_priority_set( this->s, p)); | ||
198 | } | ||
199 | |||
200 | gnutls_protocol_t session::get_protocol_version() const | ||
201 | { | ||
202 | return gnutls_protocol_get_version( this->s); | ||
203 | } | ||
204 | |||
205 | void session::set_data ( const void *session_data, | ||
206 | size_t session_data_size) | ||
207 | { | ||
208 | RETWRAP(gnutls_session_set_data( this->s, session_data, session_data_size)); | ||
209 | } | ||
210 | |||
211 | void session::get_data (void *session_data, | ||
212 | size_t * session_data_size) const | ||
213 | { | ||
214 | RETWRAP(gnutls_session_get_data( this->s, session_data, session_data_size)); | ||
215 | } | ||
216 | |||
217 | void session::get_data(gnutls_session_t session, | ||
218 | gnutls_datum_t & data) const | ||
219 | { | ||
220 | RETWRAP(gnutls_session_get_data2( this->s, &data)); | ||
221 | |||
222 | } | ||
223 | |||
224 | void session::get_id ( void *session_id, | ||
225 | size_t * session_id_size) const | ||
226 | { | ||
227 | RETWRAP( gnutls_session_get_id( this->s, session_id, session_id_size)); | ||
228 | } | ||
229 | |||
230 | bool session::is_resumed() const | ||
231 | { | ||
232 | int ret = gnutls_session_is_resumed( this->s); | ||
233 | |||
234 | if (ret != 0) return true; | ||
235 | return false; | ||
236 | } | ||
237 | |||
238 | |||
239 | bool session::get_peers_certificate(std::vector<gnutls_datum_t> &out_certs) const | ||
240 | { | ||
241 | const gnutls_datum_t *certs; | ||
242 | unsigned int certs_size; | ||
243 | |||
244 | certs = gnutls_certificate_get_peers (this->s, &certs_size); | ||
245 | |||
246 | if (certs==NULL) return false; | ||
247 | |||
248 | for(unsigned int i=0;i<certs_size;i++) | ||
249 | out_certs.push_back( certs[i]); | ||
250 | |||
251 | return true; | ||
252 | } | ||
253 | |||
254 | bool session::get_peers_certificate(const gnutls_datum_t** certs, unsigned int *certs_size) const | ||
255 | { | ||
256 | *certs = gnutls_certificate_get_peers (this->s, certs_size); | ||
257 | |||
258 | if (*certs==NULL) return false; | ||
259 | return true; | ||
260 | } | ||
261 | |||
262 | void session::get_our_certificate(gnutls_datum_t& cert) const | ||
263 | { | ||
264 | const gnutls_datum_t *d; | ||
265 | |||
266 | d = gnutls_certificate_get_ours(this->s); | ||
267 | if (d==NULL) | ||
268 | throw(exception( GNUTLS_E_INVALID_REQUEST)); | ||
269 | cert = *d; | ||
270 | } | ||
271 | |||
272 | time_t session::get_peers_certificate_activation_time() const | ||
273 | { | ||
274 | return gnutls_certificate_activation_time_peers( this->s); | ||
275 | } | ||
276 | |||
277 | time_t session::get_peers_certificate_expiration_time() const | ||
278 | { | ||
279 | return gnutls_certificate_expiration_time_peers( this->s); | ||
280 | } | ||
281 | void session::verify_peers_certificate( unsigned int& status) const | ||
282 | { | ||
283 | RETWRAP( gnutls_certificate_verify_peers2( this->s, &status)); | ||
284 | } | ||
285 | |||
286 | |||
287 | client_session::client_session() : session( GNUTLS_CLIENT) | ||
288 | { | ||
289 | } | ||
290 | |||
291 | // client session | ||
292 | void client_session::set_server_name (gnutls_server_name_type_t type, | ||
293 | const void *name, size_t name_length) | ||
294 | { | ||
295 | RETWRAP( gnutls_server_name_set( this->s, type, name, name_length)); | ||
296 | } | ||
297 | |||
298 | bool client_session::get_request_status() | ||
299 | { | ||
300 | return RETWRAP(gnutls_certificate_client_get_request_status (this->s)); | ||
301 | } | ||
302 | |||
303 | // server_session | ||
304 | void server_session::get_server_name (void *data, size_t * data_length, | ||
305 | unsigned int *type, unsigned int indx) const | ||
306 | { | ||
307 | RETWRAP( gnutls_server_name_get( this->s, data, data_length, type, indx)); | ||
308 | } | ||
309 | |||
310 | // internal DB stuff | ||
311 | static int store_function(void *_db, gnutls_datum_t key, gnutls_datum_t data) | ||
312 | { | ||
313 | try { | ||
314 | DB* db = static_cast<DB*>(_db); | ||
315 | |||
316 | if (db->store( key, data)==false) return -1; | ||
317 | } catch(...) { | ||
318 | return -1; | ||
319 | } | ||
320 | |||
321 | return 0; | ||
322 | } | ||
323 | |||
324 | const static gnutls_datum_t null_datum = { NULL, 0 }; | ||
325 | |||
326 | static gnutls_datum_t retrieve_function(void *_db, gnutls_datum_t key) | ||
327 | { | ||
328 | gnutls_datum_t data; | ||
329 | |||
330 | try { | ||
331 | DB* db = static_cast<DB*>(_db); | ||
332 | |||
333 | if (db->retrieve( key, data)==false) return null_datum; | ||
334 | |||
335 | } catch(...) { | ||
336 | return null_datum; | ||
337 | } | ||
338 | |||
339 | return data; | ||
340 | } | ||
341 | |||
342 | static int remove_function(void *_db, gnutls_datum_t key) | ||
343 | { | ||
344 | try { | ||
345 | DB* db = static_cast<DB*>(_db); | ||
346 | |||
347 | if (db->remove( key)==false) return -1; | ||
348 | } catch(...) { | ||
349 | return -1; | ||
350 | } | ||
351 | |||
352 | return 0; | ||
353 | } | ||
354 | |||
355 | void server_session::set_db( const DB& db) | ||
356 | { | ||
357 | gnutls_db_set_ptr( this->s, const_cast<DB*>(&db)); | ||
358 | gnutls_db_set_store_function( this->s, store_function); | ||
359 | gnutls_db_set_retrieve_function( this->s, retrieve_function); | ||
360 | gnutls_db_set_remove_function( this->s, remove_function); | ||
361 | } | ||
362 | |||
363 | void server_session::set_db_cache_expiration (unsigned int seconds) | ||
364 | { | ||
365 | gnutls_db_set_cache_expiration( this->s, seconds); | ||
366 | } | ||
367 | |||
368 | void server_session::db_remove () const | ||
369 | { | ||
370 | gnutls_db_remove_session( this->s); | ||
371 | } | ||
372 | |||
373 | bool server_session::db_check_entry ( gnutls_datum_t &session_data) const | ||
374 | { | ||
375 | int ret = gnutls_db_check_entry( this->s, session_data); | ||
376 | |||
377 | if (ret != 0) return true; | ||
378 | return false; | ||
379 | } | ||
380 | |||
381 | void session::set_max_handshake_packet_length ( size_t max) | ||
382 | { | ||
383 | gnutls_handshake_set_max_packet_length( this->s, max); | ||
384 | } | ||
385 | |||
386 | void session::clear_credentials() | ||
387 | { | ||
388 | gnutls_credentials_clear( this->s); | ||
389 | } | ||
390 | |||
391 | void session::set_credentials( credentials &cred) | ||
392 | { | ||
393 | RETWRAP(gnutls_credentials_set( this->s, cred.get_type(), cred.ptr())); | ||
394 | } | ||
395 | |||
396 | const char* server_session::get_srp_username() const | ||
397 | { | ||
398 | return gnutls_srp_server_get_username( this->s); | ||
399 | } | ||
400 | |||
401 | const char* server_session::get_psk_username() const | ||
402 | { | ||
403 | return gnutls_psk_server_get_username( this->s); | ||
404 | } | ||
405 | |||
406 | |||
407 | void session::set_transport_ptr( gnutls_transport_ptr_t ptr) | ||
408 | { | ||
409 | gnutls_transport_set_ptr( this->s, ptr); | ||
410 | } | ||
411 | |||
412 | void session::set_transport_ptr( gnutls_transport_ptr_t recv_ptr, gnutls_transport_ptr_t send_ptr) | ||
413 | { | ||
414 | gnutls_transport_set_ptr2( this->s, recv_ptr, send_ptr); | ||
415 | } | ||
416 | |||
417 | |||
418 | gnutls_transport_ptr_t session::get_transport_ptr () const | ||
419 | { | ||
420 | return gnutls_transport_get_ptr (this->s); | ||
421 | } | ||
422 | |||
423 | void session::get_transport_ptr( gnutls_transport_ptr_t & recv_ptr, | ||
424 | gnutls_transport_ptr_t & send_ptr) const | ||
425 | { | ||
426 | gnutls_transport_get_ptr2 (this->s, &recv_ptr, &send_ptr); | ||
427 | } | ||
428 | |||
429 | void session::set_transport_lowat( size_t num) | ||
430 | { | ||
431 | gnutls_transport_set_lowat (this->s, num); | ||
432 | } | ||
433 | |||
434 | void session::set_transport_push_function( gnutls_push_func push_func) | ||
435 | { | ||
436 | gnutls_transport_set_push_function ( this->s, push_func); | ||
437 | } | ||
438 | |||
439 | void session::set_transport_pull_function( gnutls_pull_func pull_func) | ||
440 | { | ||
441 | gnutls_transport_set_pull_function ( this->s, pull_func); | ||
442 | } | ||
443 | |||
444 | void session::set_user_ptr( void* ptr) | ||
445 | { | ||
446 | gnutls_session_set_ptr( this->s, ptr); | ||
447 | } | ||
448 | |||
449 | void* session::get_user_ptr( ) const | ||
450 | { | ||
451 | return gnutls_session_get_ptr(this->s); | ||
452 | } | ||
453 | |||
454 | void session::send_openpgp_cert( gnutls_openpgp_crt_status_t status) | ||
455 | { | ||
456 | gnutls_openpgp_send_cert(this->s, status); | ||
457 | } | ||
458 | |||
459 | |||
460 | void session::set_dh_prime_bits( unsigned int bits) | ||
461 | { | ||
462 | gnutls_dh_set_prime_bits( this->s, bits); | ||
463 | } | ||
464 | |||
465 | unsigned int session::get_dh_secret_bits() const | ||
466 | { | ||
467 | return RETWRAP( gnutls_dh_get_secret_bits( this->s)); | ||
468 | } | ||
469 | |||
470 | unsigned int session::get_dh_peers_public_bits() const | ||
471 | { | ||
472 | return RETWRAP(gnutls_dh_get_peers_public_bits( this->s)); | ||
473 | } | ||
474 | |||
475 | unsigned int session::get_dh_prime_bits() const | ||
476 | { | ||
477 | return RETWRAP( gnutls_dh_get_prime_bits( this->s)); | ||
478 | } | ||
479 | |||
480 | void session::get_dh_group( gnutls_datum_t & gen, gnutls_datum_t & prime) const | ||
481 | { | ||
482 | RETWRAP( gnutls_dh_get_group( this->s, &gen, &prime)); | ||
483 | } | ||
484 | |||
485 | void session::get_dh_pubkey( gnutls_datum_t & raw_key) const | ||
486 | { | ||
487 | RETWRAP(gnutls_dh_get_pubkey( this->s, &raw_key)); | ||
488 | } | ||
489 | |||
490 | void session::get_rsa_export_pubkey( gnutls_datum_t& exponent, gnutls_datum_t& modulus) const | ||
491 | { | ||
492 | RETWRAP( gnutls_rsa_export_get_pubkey( this->s, &exponent, &modulus)); | ||
493 | } | ||
494 | |||
495 | unsigned int session::get_rsa_export_modulus_bits() const | ||
496 | { | ||
497 | return RETWRAP(gnutls_rsa_export_get_modulus_bits( this->s)); | ||
498 | } | ||
499 | |||
500 | void server_session::set_certificate_request( gnutls_certificate_request_t req) | ||
501 | { | ||
502 | gnutls_certificate_server_set_request (this->s, req); | ||
503 | } | ||
504 | |||
505 | |||
506 | |||
507 | |||
508 | gnutls_credentials_type_t session::get_auth_type() const | ||
509 | { | ||
510 | return gnutls_auth_get_type( this->s); | ||
511 | } | ||
512 | |||
513 | gnutls_credentials_type_t session::get_server_auth_type() const | ||
514 | { | ||
515 | return gnutls_auth_server_get_type( this->s); | ||
516 | } | ||
517 | |||
518 | gnutls_credentials_type_t session::get_client_auth_type() const | ||
519 | { | ||
520 | return gnutls_auth_client_get_type( this->s); | ||
521 | } | ||
522 | |||
523 | |||
524 | void* certificate_credentials::ptr() const | ||
525 | { | ||
526 | return this->cred; | ||
527 | } | ||
528 | |||
529 | void certificate_credentials::set_ptr(void* p) | ||
530 | { | ||
531 | this->cred = static_cast<gnutls_certificate_credentials_t> (p); | ||
532 | } | ||
533 | |||
534 | certificate_credentials::~certificate_credentials() | ||
535 | { | ||
536 | gnutls_certificate_free_credentials (this->cred); | ||
537 | } | ||
538 | |||
539 | certificate_credentials::certificate_credentials() : credentials(GNUTLS_CRD_CERTIFICATE) | ||
540 | { | ||
541 | RETWRAP(gnutls_certificate_allocate_credentials ( &this->cred)); | ||
542 | } | ||
543 | |||
544 | void certificate_server_credentials::set_params_function( gnutls_params_function* func) | ||
545 | { | ||
546 | gnutls_certificate_set_params_function( this->cred, func); | ||
547 | } | ||
548 | |||
549 | anon_server_credentials::anon_server_credentials() : credentials(GNUTLS_CRD_ANON) | ||
550 | { | ||
551 | RETWRAP(gnutls_anon_allocate_server_credentials( &this->cred)); | ||
552 | } | ||
553 | |||
554 | anon_server_credentials::~anon_server_credentials() | ||
555 | { | ||
556 | gnutls_anon_free_server_credentials( this->cred); | ||
557 | } | ||
558 | |||
559 | void anon_server_credentials::set_dh_params( const dh_params& params) | ||
560 | { | ||
561 | gnutls_anon_set_server_dh_params (this->cred, params.get_params_t()); | ||
562 | } | ||
563 | |||
564 | void anon_server_credentials::set_params_function ( gnutls_params_function * func) | ||
565 | { | ||
566 | gnutls_anon_set_server_params_function ( this->cred, func); | ||
567 | } | ||
568 | |||
569 | anon_client_credentials::anon_client_credentials() : credentials(GNUTLS_CRD_ANON) | ||
570 | { | ||
571 | RETWRAP(gnutls_anon_allocate_client_credentials( &this->cred)); | ||
572 | } | ||
573 | |||
574 | anon_client_credentials::~anon_client_credentials() | ||
575 | { | ||
576 | gnutls_anon_free_client_credentials( this->cred); | ||
577 | } | ||
578 | |||
579 | void certificate_credentials::free_keys () | ||
580 | { | ||
581 | gnutls_certificate_free_keys( this->cred); | ||
582 | } | ||
583 | |||
584 | void certificate_credentials::free_cas () | ||
585 | { | ||
586 | gnutls_certificate_free_cas( this->cred); | ||
587 | } | ||
588 | |||
589 | void certificate_credentials::free_ca_names () | ||
590 | { | ||
591 | gnutls_certificate_free_ca_names( this->cred); | ||
592 | } | ||
593 | |||
594 | void certificate_credentials::free_crls () | ||
595 | { | ||
596 | gnutls_certificate_free_crls( this->cred); | ||
597 | } | ||
598 | |||
599 | |||
600 | void certificate_credentials::set_dh_params ( const dh_params& params) | ||
601 | { | ||
602 | gnutls_certificate_set_dh_params( this->cred, params.get_params_t()); | ||
603 | } | ||
604 | |||
605 | void certificate_credentials::set_rsa_export_params ( const rsa_params & params) | ||
606 | { | ||
607 | gnutls_certificate_set_rsa_export_params( this->cred, params.get_params_t()); | ||
608 | } | ||
609 | |||
610 | void certificate_credentials::set_verify_flags ( unsigned int flags) | ||
611 | { | ||
612 | gnutls_certificate_set_verify_flags( this->cred, flags); | ||
613 | } | ||
614 | |||
615 | void certificate_credentials::set_verify_limits ( unsigned int max_bits, unsigned int max_depth) | ||
616 | { | ||
617 | gnutls_certificate_set_verify_limits( this->cred, max_bits, max_depth); | ||
618 | } | ||
619 | |||
620 | void certificate_credentials::set_x509_trust_file(const char *cafile, gnutls_x509_crt_fmt_t type) | ||
621 | { | ||
622 | RETWRAP( gnutls_certificate_set_x509_trust_file( this->cred, cafile, type)); | ||
623 | } | ||
624 | |||
625 | void certificate_credentials::set_x509_trust(const gnutls_datum_t & CA, gnutls_x509_crt_fmt_t type) | ||
626 | { | ||
627 | RETWRAP( gnutls_certificate_set_x509_trust_mem( this->cred, &CA, type)); | ||
628 | } | ||
629 | |||
630 | |||
631 | void certificate_credentials::set_x509_crl_file( const char *crlfile, gnutls_x509_crt_fmt_t type) | ||
632 | { | ||
633 | RETWRAP( gnutls_certificate_set_x509_crl_file( this->cred, crlfile, type)); | ||
634 | } | ||
635 | |||
636 | void certificate_credentials::set_x509_crl(const gnutls_datum_t & CRL, gnutls_x509_crt_fmt_t type) | ||
637 | { | ||
638 | RETWRAP( gnutls_certificate_set_x509_crl_mem( this->cred, &CRL, type)); | ||
639 | } | ||
640 | |||
641 | void certificate_credentials::set_x509_key_file(const char *certfile, const char *keyfile, gnutls_x509_crt_fmt_t type) | ||
642 | { | ||
643 | RETWRAP( gnutls_certificate_set_x509_key_file( this->cred, certfile, keyfile, type)); | ||
644 | } | ||
645 | |||
646 | void certificate_credentials::set_x509_key(const gnutls_datum_t & CERT, const gnutls_datum_t & KEY, gnutls_x509_crt_fmt_t type) | ||
647 | { | ||
648 | RETWRAP( gnutls_certificate_set_x509_key_mem( this->cred, &CERT, &KEY, type)); | ||
649 | } | ||
650 | |||
651 | void certificate_credentials::set_simple_pkcs12_file( const char *pkcs12file, | ||
652 | gnutls_x509_crt_fmt_t type, const char *password) | ||
653 | { | ||
654 | RETWRAP( gnutls_certificate_set_x509_simple_pkcs12_file( this->cred, pkcs12file, type, password)); | ||
655 | } | ||
656 | |||
657 | void certificate_credentials::set_x509_key ( gnutls_x509_crt_t * cert_list, int cert_list_size, | ||
658 | gnutls_x509_privkey_t key) | ||
659 | { | ||
660 | RETWRAP( gnutls_certificate_set_x509_key( this->cred, cert_list, cert_list_size, key)); | ||
661 | } | ||
662 | |||
663 | void certificate_credentials::set_x509_trust ( gnutls_x509_crt_t * ca_list, int ca_list_size) | ||
664 | { | ||
665 | RETWRAP( gnutls_certificate_set_x509_trust( this->cred, ca_list, ca_list_size)); | ||
666 | } | ||
667 | |||
668 | void certificate_credentials::set_x509_crl ( gnutls_x509_crl_t * crl_list, int crl_list_size) | ||
669 | { | ||
670 | RETWRAP( gnutls_certificate_set_x509_crl( this->cred, crl_list, crl_list_size)); | ||
671 | } | ||
672 | |||
673 | void certificate_server_credentials::set_retrieve_function( gnutls_certificate_server_retrieve_function* func) | ||
674 | { | ||
675 | gnutls_certificate_server_set_retrieve_function( this->cred, func); | ||
676 | } | ||
677 | |||
678 | void certificate_client_credentials::set_retrieve_function( gnutls_certificate_client_retrieve_function* func) | ||
679 | { | ||
680 | gnutls_certificate_client_set_retrieve_function( this->cred, func); | ||
681 | } | ||
682 | |||
683 | // SRP | ||
684 | |||
685 | srp_server_credentials::srp_server_credentials() : credentials(GNUTLS_CRD_SRP) | ||
686 | { | ||
687 | RETWRAP(gnutls_srp_allocate_server_credentials( &this->cred)); | ||
688 | } | ||
689 | |||
690 | srp_server_credentials::~srp_server_credentials() | ||
691 | { | ||
692 | gnutls_srp_free_server_credentials( this->cred); | ||
693 | } | ||
694 | |||
695 | void* srp_server_credentials::ptr() const | ||
696 | { | ||
697 | return this->cred; | ||
698 | } | ||
699 | |||
700 | void srp_server_credentials::set_ptr(void* p) | ||
701 | { | ||
702 | this->cred = static_cast<gnutls_srp_server_credentials_t> (p); | ||
703 | } | ||
704 | |||
705 | srp_client_credentials::srp_client_credentials() : credentials(GNUTLS_CRD_SRP) | ||
706 | { | ||
707 | RETWRAP(gnutls_srp_allocate_client_credentials( &this->cred)); | ||
708 | } | ||
709 | |||
710 | srp_client_credentials::~srp_client_credentials() | ||
711 | { | ||
712 | gnutls_srp_free_client_credentials( this->cred); | ||
713 | } | ||
714 | |||
715 | void* srp_client_credentials::ptr() const | ||
716 | { | ||
717 | return this->cred; | ||
718 | } | ||
719 | |||
720 | void srp_client_credentials::set_ptr(void* p) | ||
721 | { | ||
722 | this->cred = static_cast<gnutls_srp_client_credentials_t> (p); | ||
723 | } | ||
724 | |||
725 | void srp_client_credentials::set_credentials( const char* username, const char* password) | ||
726 | { | ||
727 | RETWRAP(gnutls_srp_set_client_credentials (this->cred, username, password)); | ||
728 | } | ||
729 | |||
730 | void srp_server_credentials::set_credentials_file ( | ||
731 | const char *password_file, const char *password_conf_file) | ||
732 | { | ||
733 | RETWRAP( gnutls_srp_set_server_credentials_file( this->cred, password_file, password_conf_file)); | ||
734 | } | ||
735 | |||
736 | |||
737 | void srp_server_credentials::set_credentials_function(gnutls_srp_server_credentials_function * func) | ||
738 | { | ||
739 | gnutls_srp_set_server_credentials_function( this->cred, func); | ||
740 | } | ||
741 | |||
742 | void srp_client_credentials::set_credentials_function(gnutls_srp_client_credentials_function * func) | ||
743 | { | ||
744 | gnutls_srp_set_client_credentials_function( this->cred, func); | ||
745 | } | ||
746 | |||
747 | credentials::credentials(gnutls_credentials_type_t t) : type(t) | ||
748 | { | ||
749 | } | ||
750 | |||
751 | #if !(defined(__APPLE__) || defined(__MACOS__)) | ||
752 | /* FIXME: This #if is due to a compile bug in Mac OS X. Give it some | ||
753 | time and then remove this cruft. See also | ||
754 | includes/gnutls/gnutlsxx.h. */ | ||
755 | credentials::credentials( credentials& c) | ||
756 | { | ||
757 | this->type = c.type; | ||
758 | this->set_ptr( c.ptr()); | ||
759 | } | ||
760 | #endif | ||
761 | |||
762 | gnutls_credentials_type_t credentials::get_type() const | ||
763 | { | ||
764 | return type; | ||
765 | } | ||
766 | |||
767 | exception::exception( int x) | ||
768 | { | ||
769 | retcode = x; | ||
770 | } | ||
771 | |||
772 | int exception::get_code() | ||
773 | { | ||
774 | return retcode; | ||
775 | } | ||
776 | |||
777 | const char* exception::what() const throw() | ||
778 | { | ||
779 | return gnutls_strerror(retcode); | ||
780 | } | ||
781 | |||
782 | |||
783 | |||
784 | |||
785 | dh_params::dh_params() | ||
786 | { | ||
787 | RETWRAP(gnutls_dh_params_init( ¶ms)); | ||
788 | } | ||
789 | |||
790 | dh_params::~dh_params() | ||
791 | { | ||
792 | gnutls_dh_params_deinit(params); | ||
793 | } | ||
794 | |||
795 | void dh_params::import_raw( const gnutls_datum_t & prime, | ||
796 | const gnutls_datum_t & generator) | ||
797 | { | ||
798 | RETWRAP( gnutls_dh_params_import_raw( params, &prime, &generator)); | ||
799 | } | ||
800 | |||
801 | void dh_params::import_pkcs3( const gnutls_datum_t & pkcs3_params, | ||
802 | gnutls_x509_crt_fmt_t format) | ||
803 | { | ||
804 | RETWRAP(gnutls_dh_params_import_pkcs3( params, &pkcs3_params, format)); | ||
805 | } | ||
806 | |||
807 | void dh_params::generate( unsigned int bits) | ||
808 | { | ||
809 | RETWRAP(gnutls_dh_params_generate2( params, bits)); | ||
810 | } | ||
811 | |||
812 | void dh_params::export_pkcs3( gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t * params_data_size) | ||
813 | { | ||
814 | RETWRAP( gnutls_dh_params_export_pkcs3( params, format, params_data, params_data_size)); | ||
815 | } | ||
816 | |||
817 | void dh_params::export_raw( gnutls_datum_t& prime, gnutls_datum_t &generator) | ||
818 | { | ||
819 | RETWRAP( gnutls_dh_params_export_raw( params, &prime, &generator, NULL)); | ||
820 | } | ||
821 | |||
822 | gnutls_dh_params_t dh_params::get_params_t() const | ||
823 | { | ||
824 | return params; | ||
825 | } | ||
826 | |||
827 | dh_params & dh_params::operator=(const dh_params& src) | ||
828 | { | ||
829 | dh_params* dst = new dh_params; | ||
830 | int ret; | ||
831 | |||
832 | ret = gnutls_dh_params_cpy( dst->params, src.params); | ||
833 | |||
834 | if (ret < 0) { | ||
835 | delete dst; | ||
836 | throw(ret); | ||
837 | } | ||
838 | |||
839 | return *dst; | ||
840 | } | ||
841 | |||
842 | |||
843 | // RSA | ||
844 | |||
845 | rsa_params::rsa_params() | ||
846 | { | ||
847 | RETWRAP(gnutls_rsa_params_init( ¶ms)); | ||
848 | } | ||
849 | |||
850 | rsa_params::~rsa_params() | ||
851 | { | ||
852 | gnutls_rsa_params_deinit(params); | ||
853 | } | ||
854 | |||
855 | void rsa_params::import_pkcs1( const gnutls_datum_t & pkcs1_params, | ||
856 | gnutls_x509_crt_fmt_t format) | ||
857 | { | ||
858 | RETWRAP(gnutls_rsa_params_import_pkcs1( params, &pkcs1_params, format)); | ||
859 | } | ||
860 | |||
861 | void rsa_params::generate( unsigned int bits) | ||
862 | { | ||
863 | RETWRAP(gnutls_rsa_params_generate2( params, bits)); | ||
864 | } | ||
865 | |||
866 | void rsa_params::export_pkcs1( gnutls_x509_crt_fmt_t format, unsigned char *params_data, size_t * params_data_size) | ||
867 | { | ||
868 | RETWRAP( gnutls_rsa_params_export_pkcs1( params, format, params_data, params_data_size)); | ||
869 | } | ||
870 | |||
871 | gnutls_rsa_params_t rsa_params::get_params_t() const | ||
872 | { | ||
873 | return params; | ||
874 | } | ||
875 | |||
876 | rsa_params & rsa_params::operator=(const rsa_params& src) | ||
877 | { | ||
878 | rsa_params* dst = new rsa_params; | ||
879 | int ret; | ||
880 | |||
881 | ret = gnutls_rsa_params_cpy( dst->params, src.params); | ||
882 | |||
883 | if (ret < 0) | ||
884 | delete dst; | ||
885 | throw(ret); | ||
886 | |||
887 | return *dst; | ||
888 | } | ||
889 | |||
890 | void rsa_params::import_raw( const gnutls_datum_t & m, | ||
891 | const gnutls_datum_t & e, | ||
892 | const gnutls_datum_t & d, | ||
893 | const gnutls_datum_t & p, | ||
894 | const gnutls_datum_t & q, | ||
895 | const gnutls_datum_t & u) | ||
896 | { | ||
897 | |||
898 | RETWRAP(gnutls_rsa_params_import_raw ( params, &m, &e, &d, &p, &q, &u)); | ||
899 | } | ||
900 | |||
901 | |||
902 | void rsa_params::export_raw( gnutls_datum_t & m, gnutls_datum_t & e, | ||
903 | gnutls_datum_t & d, gnutls_datum_t & p, | ||
904 | gnutls_datum_t & q, gnutls_datum_t & u) | ||
905 | { | ||
906 | RETWRAP( gnutls_rsa_params_export_raw ( params, &m, &e, &d, &p, &q, &u, NULL)); | ||
907 | } | ||
diff --git a/src/daemon/https/tls/io_debug.h b/src/daemon/https/tls/io_debug.h index 9800565e..53d9c371 100644 --- a/src/daemon/https/tls/io_debug.h +++ b/src/daemon/https/tls/io_debug.h | |||
@@ -22,9 +22,9 @@ | |||
22 | * | 22 | * |
23 | */ | 23 | */ |
24 | 24 | ||
25 | /* This debug file was contributed by | 25 | /* This debug file was contributed by |
26 | * Paul Sheer <psheer@icon.co.za>. Some changes were made by nmav. | 26 | * Paul Sheer <psheer@icon.co.za>. Some changes were made by nmav. |
27 | * Its purpose is to debug non blocking behaviour of gnutls. The included | 27 | * Its purpose is to debug non blocking behavior of gnutls. The included |
28 | * send() and recv() functions return EAGAIN errors in random. | 28 | * send() and recv() functions return EAGAIN errors in random. |
29 | * | 29 | * |
30 | */ | 30 | */ |
diff --git a/src/daemon/https/tls/libgnutlsxx.vers b/src/daemon/https/tls/libgnutlsxx.vers deleted file mode 100644 index 8b8af51d..00000000 --- a/src/daemon/https/tls/libgnutlsxx.vers +++ /dev/null | |||
@@ -1,30 +0,0 @@ | |||
1 | # libgnutlsxx.vers -- Versioning script to control what symbols to export. | ||
2 | # Copyright (C) 2005, 2006 Free Software Foundation | ||
3 | # | ||
4 | # Author: Simon Josefsson | ||
5 | # | ||
6 | # This file is part of GNUTLS. | ||
7 | # | ||
8 | # The GNUTLS library is free software; you can redistribute it and/or | ||
9 | # modify it under the terms of the GNU Lesser General Public License | ||
10 | # as published by the Free Software Foundation; either version 2.1 of | ||
11 | # the License, or (at your option) any later version. | ||
12 | # | ||
13 | # The GNUTLS library is distributed in the hope that it will be | ||
14 | #useful, but WITHOUT ANY WARRANTY; without even the implied warranty | ||
15 | #of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | #Lesser General Public License for more details. | ||
17 | # | ||
18 | # You should have received a copy of the GNU Lesser General Public | ||
19 | # License along with the GNUTLS library; if not, write to the Free | ||
20 | # Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | ||
21 | # MA 02110-1301, USA | ||
22 | |||
23 | GNUTLS_1_6 | ||
24 | { | ||
25 | global: | ||
26 | extern "C++" { | ||
27 | gnutls*; | ||
28 | }; | ||
29 | local: *; | ||
30 | }; | ||
diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c index f5c64dee..ff295fcd 100644 --- a/src/daemon/https/x509/x509_privkey.c +++ b/src/daemon/https/x509/x509_privkey.c | |||
@@ -51,7 +51,7 @@ int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); | |||
51 | * gnutls_x509_privkey_init - This function initializes a gnutls_crl structure | 51 | * gnutls_x509_privkey_init - This function initializes a gnutls_crl structure |
52 | * @key: The structure to be initialized | 52 | * @key: The structure to be initialized |
53 | * | 53 | * |
54 | * This function will initialize an private key structure. | 54 | * This function will initialize an private key structure. |
55 | * | 55 | * |
56 | * Returns 0 on success. | 56 | * Returns 0 on success. |
57 | * | 57 | * |
@@ -75,7 +75,7 @@ gnutls_x509_privkey_init (gnutls_x509_privkey_t * key) | |||
75 | * gnutls_x509_privkey_deinit - This function deinitializes memory used by a gnutls_x509_privkey_t structure | 75 | * gnutls_x509_privkey_deinit - This function deinitializes memory used by a gnutls_x509_privkey_t structure |
76 | * @key: The structure to be initialized | 76 | * @key: The structure to be initialized |
77 | * | 77 | * |
78 | * This function will deinitialize a private key structure. | 78 | * This function will deinitialize a private key structure. |
79 | * | 79 | * |
80 | **/ | 80 | **/ |
81 | void | 81 | void |
@@ -357,8 +357,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, | |||
357 | 357 | ||
358 | key->pk_algorithm = GNUTLS_PK_UNKNOWN; | 358 | key->pk_algorithm = GNUTLS_PK_UNKNOWN; |
359 | 359 | ||
360 | /* If the Certificate is in PEM format then decode it | 360 | /* If the Certificate is in PEM format then decode it */ |
361 | */ | ||
362 | if (format == GNUTLS_X509_FMT_PEM) | 361 | if (format == GNUTLS_X509_FMT_PEM) |
363 | { | 362 | { |
364 | opaque *out; | 363 | opaque *out; |
@@ -399,9 +398,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, | |||
399 | } | 398 | } |
400 | else | 399 | else |
401 | { | 400 | { |
402 | /* Try decoding with both, and accept the one that | 401 | /* Try decoding with both, and accept the one that succeeds. */ |
403 | * succeeds. | ||
404 | */ | ||
405 | key->pk_algorithm = GNUTLS_PK_RSA; | 402 | key->pk_algorithm = GNUTLS_PK_RSA; |
406 | key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); | 403 | key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); |
407 | 404 | ||
@@ -419,7 +416,8 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, | |||
419 | { | 416 | { |
420 | gnutls_assert (); | 417 | gnutls_assert (); |
421 | result = GNUTLS_E_ASN1_DER_ERROR; | 418 | result = GNUTLS_E_ASN1_DER_ERROR; |
422 | goto cleanup; | 419 | key->pk_algorithm = GNUTLS_PK_UNKNOWN; |
420 | return result; | ||
423 | } | 421 | } |
424 | 422 | ||
425 | if (need_free) | 423 | if (need_free) |
@@ -429,11 +427,6 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, | |||
429 | */ | 427 | */ |
430 | 428 | ||
431 | return 0; | 429 | return 0; |
432 | |||
433 | cleanup:key->pk_algorithm = GNUTLS_PK_UNKNOWN; | ||
434 | if (need_free) | ||
435 | _gnutls_free_datum (&_data); | ||
436 | return result; | ||
437 | } | 430 | } |
438 | 431 | ||
439 | #define FREE_RSA_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \ | 432 | #define FREE_RSA_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \ |