aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/https_common.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/https_common.c')
-rw-r--r--src/daemon/https/https_common.c877
1 files changed, 877 insertions, 0 deletions
diff --git a/src/daemon/https/https_common.c b/src/daemon/https/https_common.c
new file mode 100644
index 00000000..748bc5bc
--- /dev/null
+++ b/src/daemon/https/https_common.c
@@ -0,0 +1,877 @@
1/*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
3 * Author: Nikos Mavrogiannopoulos
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21#include <config.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <string.h>
25#include <gnutls.h>
26#include <extra.h>
27//#include "openpgp.h"
28#include <time.h>
29#include "https_common.h"
30
31#define TEST_STRING
32#define SU(x) (x!=NULL?x:"Unknown")
33
34// TODO clean - originaly from tls_test extern int verbose;
35int print_cert;
36int verbose = 0;
37
38static char buffer[5 * 1024];
39
40#define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y)
41#define PRINT_PGP_NAME(X) PRINTX( "NAME:", name)
42
43const char str_unknown[] = "(unknown)";
44
45/* Hex encodes the given data.
46 */
47const char *
48raw_to_string (const unsigned char *raw, size_t raw_size)
49{
50 static char buf[1024];
51 size_t i;
52 if (raw_size == 0)
53 return NULL;
54
55 if (raw_size * 3 + 1 >= sizeof (buf))
56 return NULL;
57
58 for (i = 0; i < raw_size; i++)
59 {
60 sprintf (&(buf[i * 3]), "%02X%s", raw[i], (i == raw_size - 1) ? ""
61 : ":");
62 }
63 buf[sizeof (buf) - 1] = '\0';
64
65 return buf;
66}
67
68static const char *
69my_ctime (const time_t * tv)
70{
71 static char buf[256];
72 struct tm *tp;
73
74 if (((tp = localtime (tv)) == NULL) || (!strftime (buf, sizeof buf,
75 "%a %b %e %H:%M:%S %Z %Y\n",
76 tp)))
77 strcpy (buf, str_unknown); /* make sure buf text isn't garbage */
78
79 return buf;
80
81}
82
83void
84print_x509_info (gnutls_session_t session, const char *hostname)
85{
86 gnutls_x509_crt_t crt;
87 const gnutls_datum_t *cert_list;
88 unsigned int cert_list_size = 0;
89 int ret;
90 char digest[20];
91 char serial[40];
92 char dn[256];
93 size_t dn_size;
94 size_t digest_size = sizeof (digest);
95 unsigned int j;
96 size_t serial_size = sizeof (serial);
97 const char *print;
98 const char *cstr;
99 unsigned int bits, algo;
100 time_t expiret, activet;
101
102 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
103
104 if (cert_list_size == 0)
105 {
106 fprintf (stderr, "No certificates found!\n");
107 return;
108 }
109
110 printf (" - Got a certificate list of %d certificates.\n\n",
111 cert_list_size);
112
113 for (j = 0; j < (unsigned int) cert_list_size; j++)
114 {
115
116 gnutls_x509_crt_init (&crt);
117 ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
118 if (ret < 0)
119 {
120 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
121 return;
122 }
123
124 printf (" - Certificate[%d] info:\n", j);
125
126 if (print_cert)
127 {
128 size_t size;
129
130 size = sizeof (buffer);
131
132 ret =
133 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, buffer, &size);
134 if (ret < 0)
135 {
136 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
137 return;
138 }
139 fputs ("\n", stdout);
140 fputs (buffer, stdout);
141 fputs ("\n", stdout);
142 }
143
144 if (j == 0 && hostname != NULL)
145 { /* Check the hostname of the first certificate
146 * if it matches the name of the host we
147 * connected to.
148 */
149 if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
150 {
151 printf
152 (" # The hostname in the certificate does NOT match '%s'.\n",
153 hostname);
154 }
155 else
156 {
157 printf (" # The hostname in the certificate matches '%s'.\n",
158 hostname);
159 }
160 }
161
162 expiret = gnutls_x509_crt_get_expiration_time (crt);
163 activet = gnutls_x509_crt_get_activation_time (crt);
164
165 printf (" # valid since: %s", my_ctime (&activet));
166 printf (" # expires at: %s", my_ctime (&expiret));
167
168 /* Print the serial number of the certificate.
169 */
170 if (verbose
171 && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0)
172 {
173 print = raw_to_string (serial, serial_size);
174 if (print != NULL)
175 printf (" # serial number: %s\n", print);
176 }
177
178 /* Print the fingerprint of the certificate
179 */
180 digest_size = sizeof (digest);
181 if ((ret = gnutls_x509_crt_get_fingerprint (crt, GNUTLS_DIG_MD5, digest,
182 &digest_size)) < 0)
183 {
184 fprintf (stderr,
185 "Error in fingerprint calculation: %s\n",
186 gnutls_strerror (ret));
187 }
188 else
189 {
190 print = raw_to_string (digest, digest_size);
191 if (print != NULL)
192 printf (" # fingerprint: %s\n", print);
193 }
194
195 /* Print the version of the X.509
196 * certificate.
197 */
198 if (verbose)
199 {
200 printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt));
201
202 bits = 0;
203 algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits);
204 printf (" # public key algorithm: ");
205
206 cstr = SU (gnutls_pk_algorithm_get_name (algo));
207 printf ("%s (%d bits)\n", cstr, bits);
208
209#ifdef ENABLE_PKI
210 if (algo == GNUTLS_PK_RSA)
211 {
212 gnutls_datum_t e, m;
213
214 ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e);
215 if (ret >= 0)
216 {
217 print = SU (raw_to_string (e.data, e.size));
218 printf (" # e [%d bits]: %s\n", e.size * 8, print);
219
220 print = SU (raw_to_string (m.data, m.size));
221 printf (" # m [%d bits]: %s\n", m.size * 8, print);
222
223 gnutls_free (e.data);
224 gnutls_free (m.data);
225 }
226 }
227#endif
228 }
229
230 dn_size = sizeof (dn);
231 ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size);
232 if (ret >= 0)
233 printf (" # Subject's DN: %s\n", dn);
234
235 dn_size = sizeof (dn);
236 ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size);
237 if (ret >= 0)
238 printf (" # Issuer's DN: %s\n", dn);
239
240 gnutls_x509_crt_deinit (crt);
241
242 printf ("\n");
243
244 }
245
246}
247
248#ifdef ENABLE_OPENPGP
249
250void
251print_openpgp_info (gnutls_session_t session, const char *hostname)
252{
253
254 char digest[20];
255 size_t digest_size = sizeof (digest);
256 int ret;
257 const char *print;
258 const char *cstr;
259 char name[256];
260 size_t name_len = sizeof (name);
261 gnutls_openpgp_crt_t crt;
262 const gnutls_datum_t *cert_list;
263 int cert_list_size = 0;
264 time_t expiret;
265 time_t activet;
266
267 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
268
269 if (cert_list_size > 0)
270 {
271 unsigned int algo, bits;
272
273 gnutls_openpgp_crt_init (&crt);
274 ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
275 GNUTLS_OPENPGP_FMT_RAW);
276 if (ret < 0)
277 {
278 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
279 return;
280 }
281
282 if (print_cert)
283 {
284 size_t size;
285
286 size = sizeof (buffer);
287
288 ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
289 buffer, &size);
290 if (ret < 0)
291 {
292 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
293 return;
294 }
295 fputs ("\n", stdout);
296 fputs (buffer, stdout);
297 fputs ("\n", stdout);
298 }
299
300 if (hostname != NULL)
301 { /* Check the hostname of the first certificate
302 * if it matches the name of the host we
303 * connected to.
304 */
305 if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
306 {
307 printf (" # The hostname in the key does NOT match '%s'.\n",
308 hostname);
309 }
310 else
311 {
312 printf (" # The hostname in the key matches '%s'.\n", hostname);
313 }
314 }
315
316 activet = gnutls_openpgp_crt_get_creation_time (crt);
317 expiret = gnutls_openpgp_crt_get_expiration_time (crt);
318
319 printf (" # Key was created at: %s", my_ctime (&activet));
320 printf (" # Key expires: ");
321 if (expiret != 0)
322 printf ("%s", my_ctime (&expiret));
323 else
324 printf ("Never\n");
325
326 if (gnutls_openpgp_crt_get_fingerprint (crt, digest, &digest_size) >= 0)
327 {
328 print = raw_to_string (digest, digest_size);
329
330 printf (" # PGP Key version: %d\n",
331 gnutls_openpgp_crt_get_version (crt));
332
333 bits = 0;
334 algo = gnutls_openpgp_crt_get_pk_algorithm (crt, &bits);
335
336 printf (" # PGP Key public key algorithm: ");
337 cstr = SU (gnutls_pk_algorithm_get_name (algo));
338 printf ("%s (%d bits)\n", cstr, bits);
339
340 if (print != NULL)
341 printf (" # PGP Key fingerprint: %s\n", print);
342
343 name_len = sizeof (name);
344 if (gnutls_openpgp_crt_get_name (crt, 0, name, &name_len) < 0)
345 {
346 fprintf (stderr, "Could not extract name\n");
347 }
348 else
349 {
350 PRINT_PGP_NAME (name);
351 }
352
353 }
354
355 gnutls_openpgp_crt_deinit (crt);
356
357 }
358}
359
360#endif
361
362void
363print_cert_vrfy (gnutls_session_t session)
364{
365 int rc;
366 unsigned int status;
367
368 rc = gnutls_certificate_verify_peers2 (session, &status);
369 printf ("\n");
370
371 if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
372 {
373 printf ("- Peer did not send any certificate.\n");
374 return;
375 }
376
377 if (rc < 0)
378 {
379 printf ("- Could not verify certificate (err: %s)\n",
380 gnutls_strerror (rc));
381 return;
382 }
383
384 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
385 {
386 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
387 printf ("- Peer's certificate issuer is unknown\n");
388 if (status & GNUTLS_CERT_INVALID)
389 printf ("- Peer's certificate is NOT trusted\n");
390 else
391 printf ("- Peer's certificate is trusted\n");
392 }
393 else
394 {
395 if (status & GNUTLS_CERT_INVALID)
396 printf ("- Peer's key is invalid\n");
397 else
398 printf ("- Peer's key is valid\n");
399 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
400 printf ("- Could not find a signer of the peer's key\n");
401 }
402}
403
404int
405print_info (gnutls_session_t session, const char *hostname)
406{
407 const char *tmp;
408 gnutls_credentials_type_t cred;
409 gnutls_kx_algorithm_t kx;
410
411 /* print the key exchange's algorithm name
412 */
413 kx = gnutls_kx_get (session);
414
415 cred = gnutls_auth_get_type (session);
416 switch (cred)
417 {
418#ifdef ENABLE_ANON
419 case GNUTLS_CRD_ANON:
420 printf ("- Anonymous DH using prime of %d bits, secret key "
421 "of %d bits, and peer's public key is %d bits.\n",
422 gnutls_dh_get_prime_bits (session),
423 gnutls_dh_get_secret_bits (session),
424 gnutls_dh_get_peers_public_bits (session));
425 break;
426#endif
427#ifdef ENABLE_SRP
428 case GNUTLS_CRD_SRP:
429 /* This should be only called in server
430 * side.
431 */
432 if (gnutls_srp_server_get_username (session) != NULL)
433 printf ("- SRP authentication. Connected as '%s'\n",
434 gnutls_srp_server_get_username (session));
435 break;
436#endif
437#ifdef ENABLE_PSK
438 case GNUTLS_CRD_PSK:
439 /* This should be only called in server
440 * side.
441 */
442 if (gnutls_psk_server_get_username (session) != NULL)
443 printf ("- PSK authentication. Connected as '%s'\n",
444 gnutls_psk_server_get_username (session));
445 if (kx == GNUTLS_KX_DHE_PSK)
446 {
447 printf ("- DH using prime of %d bits, secret key "
448 "of %d bits, and peer's public key is %d bits.\n",
449 gnutls_dh_get_prime_bits (session),
450 gnutls_dh_get_secret_bits (session),
451 gnutls_dh_get_peers_public_bits (session));
452 }
453 break;
454#endif
455 case GNUTLS_CRD_IA:
456 printf ("- TLS/IA authentication\n");
457 break;
458 case GNUTLS_CRD_CERTIFICATE:
459 {
460 char dns[256];
461 size_t dns_size = sizeof (dns);
462 unsigned int type;
463
464 /* This fails in client side */
465 if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
466 {
467 printf ("- Given server name[%d]: %s\n", type, dns);
468 }
469 }
470
471 if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
472 {
473 printf ("- Ephemeral DH using prime of %d bits, secret key "
474 "of %d bits, and peer's public key is %d bits.\n",
475 gnutls_dh_get_prime_bits (session),
476 gnutls_dh_get_secret_bits (session),
477 gnutls_dh_get_peers_public_bits (session));
478 }
479
480 print_cert_info (session, hostname);
481
482 print_cert_vrfy (session);
483
484 }
485
486 tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
487 printf ("- Version: %s\n", tmp);
488
489 tmp = SU (gnutls_kx_get_name (kx));
490 printf ("- Key Exchange: %s\n", tmp);
491
492 tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
493 printf ("- Cipher: %s\n", tmp);
494
495 tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
496 printf ("- MAC: %s\n", tmp);
497
498 tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
499 printf ("- Compression: %s\n", tmp);
500
501 if (verbose)
502 {
503 char id[32];
504 size_t id_size = sizeof (id);
505 gnutls_session_get_id (session, id, &id_size);
506 printf ("- Session ID: %s\n", raw_to_string (id, id_size));
507 }
508
509 fflush (stdout);
510
511 return 0;
512}
513
514void
515print_cert_info (gnutls_session_t session, const char *hostname)
516{
517
518 if (gnutls_certificate_client_get_request_status (session) != 0)
519 printf ("- Server has requested a certificate.\n");
520
521 printf ("- Certificate type: ");
522 switch (gnutls_certificate_type_get (session))
523 {
524 case GNUTLS_CRT_X509:
525 printf ("X.509\n");
526 print_x509_info (session, hostname);
527 break;
528#ifdef ENABLE_OPENPGP
529 case GNUTLS_CRT_OPENPGP:
530 printf ("OpenPGP\n");
531 print_openpgp_info (session, hostname);
532 break;
533#endif
534 }
535}
536
537void
538print_list (int verbose)
539{
540 {
541 size_t i;
542 const char *name;
543 char id[2];
544 gnutls_kx_algorithm_t kx;
545 gnutls_cipher_algorithm_t cipher;
546 gnutls_mac_algorithm_t mac;
547 gnutls_protocol_t version;
548
549 printf ("Cipher suites:\n");
550 for (i = 0; (name = gnutls_cipher_suite_info (i, id, &kx, &cipher, &mac,
551 &version)); i++)
552 {
553 printf ("%-50s\t0x%02x, 0x%02x\t%s\n", name, (unsigned char) id[0],
554 (unsigned char) id[1], gnutls_protocol_get_name (version));
555 if (verbose)
556 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
557 gnutls_kx_get_name (kx), gnutls_cipher_get_name (cipher),
558 gnutls_mac_get_name (mac));
559 }
560 }
561
562 {
563 const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
564
565 printf ("Certificate types: ");
566 for (; *p; p++)
567 {
568 printf ("%s", gnutls_certificate_type_get_name (*p));
569 if (*(p + 1))
570 printf (", ");
571 else
572 printf ("\n");
573 }
574 }
575
576 {
577 const gnutls_protocol_t *p = gnutls_protocol_list ();
578
579 printf ("Protocols: ");
580 for (; *p; p++)
581 {
582 printf ("%s", gnutls_protocol_get_name (*p));
583 if (*(p + 1))
584 printf (", ");
585 else
586 printf ("\n");
587 }
588 }
589
590 {
591 const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
592
593 printf ("Ciphers: ");
594 for (; *p; p++)
595 {
596 printf ("%s", gnutls_cipher_get_name (*p));
597 if (*(p + 1))
598 printf (", ");
599 else
600 printf ("\n");
601 }
602 }
603
604 {
605 const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
606
607 printf ("MACs: ");
608 for (; *p; p++)
609 {
610 printf ("%s", gnutls_mac_get_name (*p));
611 if (*(p + 1))
612 printf (", ");
613 else
614 printf ("\n");
615 }
616 }
617
618 {
619 const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
620
621 printf ("Key exchange algorithms: ");
622 for (; *p; p++)
623 {
624 printf ("%s", gnutls_kx_get_name (*p));
625 if (*(p + 1))
626 printf (", ");
627 else
628 printf ("\n");
629 }
630 }
631
632 {
633 const gnutls_compression_method_t *p = gnutls_compression_list ();
634
635 printf ("Compression: ");
636 for (; *p; p++)
637 {
638 printf ("%s", gnutls_compression_get_name (*p));
639 if (*(p + 1))
640 printf (", ");
641 else
642 printf ("\n");
643 }
644 }
645}
646
647void
648print_license (void)
649{
650 fputs ("\nCopyright (C) 2004,2005,2006,2007 Free Software Foundation\n"
651 "This program is free software; you can redistribute it and/or modify \n"
652 "it under the terms of the GNU General Public License as published by \n"
653 "the Free Software Foundation; either version 3 of the License, or \n"
654 "(at your option) any later version. \n" "\n"
655 "This program is distributed in the hope that it will be useful, \n"
656 "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
657 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
658 "GNU General Public License for more details. \n" "\n"
659 "You should have received a copy of the GNU General Public License \n"
660 "along with this program; if not, write to the Free Software \n"
661 "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n",
662 stdout);
663}
664
665static int depr_printed = 0;
666#define DEPRECATED if (depr_printed==0) { \
667 fprintf(stderr, "This method of specifying algorithms is deprecated. Please use the --priority option.\n"); \
668 depr_printed = 1; \
669 }
670
671void
672parse_protocols (char **protocols, int protocols_size, int *protocol_priority)
673{
674 int i, j;
675
676 if (protocols != NULL && protocols_size > 0)
677 {
678 DEPRECATED;
679
680 for (j = i = 0; i < protocols_size; i++)
681 {
682 if (strncasecmp (protocols[i], "SSL", 3) == 0)
683 protocol_priority[j++] = GNUTLS_SSL3;
684 else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
685 protocol_priority[j++] = GNUTLS_TLS1_1;
686 else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
687 protocol_priority[j++] = GNUTLS_TLS1_2;
688 else if (strncasecmp (protocols[i], "TLS", 3) == 0)
689 protocol_priority[j++] = GNUTLS_TLS1_0;
690 else
691 fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
692 }
693 protocol_priority[j] = 0;
694 }
695}
696
697void
698parse_ciphers (char **ciphers, int nciphers, int *cipher_priority)
699{
700 int j, i;
701
702 if (ciphers != NULL && nciphers > 0)
703 {
704 DEPRECATED;
705 for (j = i = 0; i < nciphers; i++)
706 {
707 if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
708 cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
709 else if (strncasecmp (ciphers[i], "AES", 3) == 0)
710 cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
711 else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
712 cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
713 else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
714 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
715 else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
716 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
717#ifdef ENABLE_CAMELLIA
718 else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
719 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
720 else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
721 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
722#endif
723 else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
724 cipher_priority[j++] = GNUTLS_CIPHER_NULL;
725 else
726 fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
727 }
728 cipher_priority[j] = 0;
729 }
730}
731
732void
733parse_macs (char **macs, int nmacs, int *mac_priority)
734{
735 int i, j;
736
737 if (macs != NULL && nmacs > 0)
738 {
739 DEPRECATED;
740 for (j = i = 0; i < nmacs; i++)
741 {
742 if (strncasecmp (macs[i], "MD5", 3) == 0)
743 mac_priority[j++] = GNUTLS_MAC_MD5;
744 else if (strncasecmp (macs[i], "SHA256", 6) == 0)
745 mac_priority[j++] = GNUTLS_MAC_SHA256;
746 else if (strncasecmp (macs[i], "SHA", 3) == 0)
747 mac_priority[j++] = GNUTLS_MAC_SHA1;
748 else
749 fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
750 }
751 mac_priority[j] = 0;
752 }
753}
754
755void
756parse_ctypes (char **ctype, int nctype, int *cert_type_priority)
757{
758 int i, j;
759
760 if (ctype != NULL && nctype > 0)
761 {
762 DEPRECATED;
763 for (j = i = 0; i < nctype; i++)
764 {
765 if (strncasecmp (ctype[i], "OPE", 3) == 0)
766 cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
767 else if (strncasecmp (ctype[i], "X", 1) == 0)
768 cert_type_priority[j++] = GNUTLS_CRT_X509;
769 else
770 fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
771 }
772 cert_type_priority[j] = 0;
773 }
774}
775
776void
777parse_kx (char **kx, int nkx, int *kx_priority)
778{
779 int i, j;
780
781 if (kx != NULL && nkx > 0)
782 {
783 DEPRECATED;
784 for (j = i = 0; i < nkx; i++)
785 {
786 if (strcasecmp (kx[i], "SRP") == 0)
787 kx_priority[j++] = GNUTLS_KX_SRP;
788 else if (strcasecmp (kx[i], "SRP-RSA") == 0)
789 kx_priority[j++] = GNUTLS_KX_SRP_RSA;
790 else if (strcasecmp (kx[i], "SRP-DSS") == 0)
791 kx_priority[j++] = GNUTLS_KX_SRP_DSS;
792 else if (strcasecmp (kx[i], "RSA") == 0)
793 kx_priority[j++] = GNUTLS_KX_RSA;
794 else if (strcasecmp (kx[i], "PSK") == 0)
795 kx_priority[j++] = GNUTLS_KX_PSK;
796 else if (strcasecmp (kx[i], "DHE-PSK") == 0)
797 kx_priority[j++] = GNUTLS_KX_DHE_PSK;
798 else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
799 kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
800 else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
801 kx_priority[j++] = GNUTLS_KX_DHE_RSA;
802 else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
803 kx_priority[j++] = GNUTLS_KX_DHE_DSS;
804 else if (strncasecmp (kx[i], "ANON", 4) == 0)
805 kx_priority[j++] = GNUTLS_KX_ANON_DH;
806 else
807 fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
808 }
809 kx_priority[j] = 0;
810 }
811}
812
813void
814parse_comp (char **comp, int ncomp, int *comp_priority)
815{
816 int i, j;
817
818 if (comp != NULL && ncomp > 0)
819 {
820 DEPRECATED;
821 for (j = i = 0; i < ncomp; i++)
822 {
823 if (strncasecmp (comp[i], "NUL", 3) == 0)
824 comp_priority[j++] = GNUTLS_COMP_NULL;
825 else if (strncasecmp (comp[i], "ZLI", 3) == 0)
826 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
827 else if (strncasecmp (comp[i], "DEF", 3) == 0)
828 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
829 else if (strncasecmp (comp[i], "LZO", 3) == 0)
830 comp_priority[j++] = GNUTLS_COMP_LZO;
831 else
832 fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
833 }
834 comp_priority[j] = 0;
835 }
836}
837
838void
839sockets_init (void)
840{
841#ifdef _WIN32
842 WORD wVersionRequested;
843 WSADATA wsaData;
844
845 wVersionRequested = MAKEWORD (1, 1);
846 if (WSAStartup (wVersionRequested, &wsaData) != 0)
847 {
848 perror ("WSA_STARTUP_ERROR");
849 }
850#endif
851}
852
853/* converts a service name or a port (in string) to a
854 * port number. The protocol is assumed to be TCP.
855 *
856 * returns -1 on error;
857 */
858int
859service_to_port (const char *service)
860{
861 int port;
862 struct servent *server_port;
863
864 port = atoi (service);
865 if (port != 0)
866 return port;
867
868 server_port = getservbyname (service, "tcp");
869 if (server_port == NULL)
870 {
871 perror ("getservbyname()");
872 return (-1);
873 }
874
875 return ntohs (server_port->s_port);
876
877}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 12:29:22 +0000