diff options
Diffstat (limited to 'src/daemon/https/https_common.c')
-rw-r--r-- | src/daemon/https/https_common.c | 877 |
1 files changed, 877 insertions, 0 deletions
diff --git a/src/daemon/https/https_common.c b/src/daemon/https/https_common.c new file mode 100644 index 00000000..748bc5bc --- /dev/null +++ b/src/daemon/https/https_common.c | |||
@@ -0,0 +1,877 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * Author: Nikos Mavrogiannopoulos | ||
4 | * | ||
5 | * This file is part of GNUTLS. | ||
6 | * | ||
7 | * GNUTLS is free software: you can redistribute it and/or modify | ||
8 | * it under the terms of the GNU General Public License as published by | ||
9 | * the Free Software Foundation, either version 3 of the License, or | ||
10 | * (at your option) any later version. | ||
11 | * | ||
12 | * GNUTLS is distributed in the hope that it will be useful, | ||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
15 | * GNU General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU General Public License | ||
18 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
19 | */ | ||
20 | |||
21 | #include <config.h> | ||
22 | #include <stdio.h> | ||
23 | #include <stdlib.h> | ||
24 | #include <string.h> | ||
25 | #include <gnutls.h> | ||
26 | #include <extra.h> | ||
27 | //#include "openpgp.h" | ||
28 | #include <time.h> | ||
29 | #include "https_common.h" | ||
30 | |||
31 | #define TEST_STRING | ||
32 | #define SU(x) (x!=NULL?x:"Unknown") | ||
33 | |||
34 | // TODO clean - originaly from tls_test extern int verbose; | ||
35 | int print_cert; | ||
36 | int verbose = 0; | ||
37 | |||
38 | static char buffer[5 * 1024]; | ||
39 | |||
40 | #define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y) | ||
41 | #define PRINT_PGP_NAME(X) PRINTX( "NAME:", name) | ||
42 | |||
43 | const char str_unknown[] = "(unknown)"; | ||
44 | |||
45 | /* Hex encodes the given data. | ||
46 | */ | ||
47 | const char * | ||
48 | raw_to_string (const unsigned char *raw, size_t raw_size) | ||
49 | { | ||
50 | static char buf[1024]; | ||
51 | size_t i; | ||
52 | if (raw_size == 0) | ||
53 | return NULL; | ||
54 | |||
55 | if (raw_size * 3 + 1 >= sizeof (buf)) | ||
56 | return NULL; | ||
57 | |||
58 | for (i = 0; i < raw_size; i++) | ||
59 | { | ||
60 | sprintf (&(buf[i * 3]), "%02X%s", raw[i], (i == raw_size - 1) ? "" | ||
61 | : ":"); | ||
62 | } | ||
63 | buf[sizeof (buf) - 1] = '\0'; | ||
64 | |||
65 | return buf; | ||
66 | } | ||
67 | |||
68 | static const char * | ||
69 | my_ctime (const time_t * tv) | ||
70 | { | ||
71 | static char buf[256]; | ||
72 | struct tm *tp; | ||
73 | |||
74 | if (((tp = localtime (tv)) == NULL) || (!strftime (buf, sizeof buf, | ||
75 | "%a %b %e %H:%M:%S %Z %Y\n", | ||
76 | tp))) | ||
77 | strcpy (buf, str_unknown); /* make sure buf text isn't garbage */ | ||
78 | |||
79 | return buf; | ||
80 | |||
81 | } | ||
82 | |||
83 | void | ||
84 | print_x509_info (gnutls_session_t session, const char *hostname) | ||
85 | { | ||
86 | gnutls_x509_crt_t crt; | ||
87 | const gnutls_datum_t *cert_list; | ||
88 | unsigned int cert_list_size = 0; | ||
89 | int ret; | ||
90 | char digest[20]; | ||
91 | char serial[40]; | ||
92 | char dn[256]; | ||
93 | size_t dn_size; | ||
94 | size_t digest_size = sizeof (digest); | ||
95 | unsigned int j; | ||
96 | size_t serial_size = sizeof (serial); | ||
97 | const char *print; | ||
98 | const char *cstr; | ||
99 | unsigned int bits, algo; | ||
100 | time_t expiret, activet; | ||
101 | |||
102 | cert_list = gnutls_certificate_get_peers (session, &cert_list_size); | ||
103 | |||
104 | if (cert_list_size == 0) | ||
105 | { | ||
106 | fprintf (stderr, "No certificates found!\n"); | ||
107 | return; | ||
108 | } | ||
109 | |||
110 | printf (" - Got a certificate list of %d certificates.\n\n", | ||
111 | cert_list_size); | ||
112 | |||
113 | for (j = 0; j < (unsigned int) cert_list_size; j++) | ||
114 | { | ||
115 | |||
116 | gnutls_x509_crt_init (&crt); | ||
117 | ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER); | ||
118 | if (ret < 0) | ||
119 | { | ||
120 | fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret)); | ||
121 | return; | ||
122 | } | ||
123 | |||
124 | printf (" - Certificate[%d] info:\n", j); | ||
125 | |||
126 | if (print_cert) | ||
127 | { | ||
128 | size_t size; | ||
129 | |||
130 | size = sizeof (buffer); | ||
131 | |||
132 | ret = | ||
133 | gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, buffer, &size); | ||
134 | if (ret < 0) | ||
135 | { | ||
136 | fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret)); | ||
137 | return; | ||
138 | } | ||
139 | fputs ("\n", stdout); | ||
140 | fputs (buffer, stdout); | ||
141 | fputs ("\n", stdout); | ||
142 | } | ||
143 | |||
144 | if (j == 0 && hostname != NULL) | ||
145 | { /* Check the hostname of the first certificate | ||
146 | * if it matches the name of the host we | ||
147 | * connected to. | ||
148 | */ | ||
149 | if (gnutls_x509_crt_check_hostname (crt, hostname) == 0) | ||
150 | { | ||
151 | printf | ||
152 | (" # The hostname in the certificate does NOT match '%s'.\n", | ||
153 | hostname); | ||
154 | } | ||
155 | else | ||
156 | { | ||
157 | printf (" # The hostname in the certificate matches '%s'.\n", | ||
158 | hostname); | ||
159 | } | ||
160 | } | ||
161 | |||
162 | expiret = gnutls_x509_crt_get_expiration_time (crt); | ||
163 | activet = gnutls_x509_crt_get_activation_time (crt); | ||
164 | |||
165 | printf (" # valid since: %s", my_ctime (&activet)); | ||
166 | printf (" # expires at: %s", my_ctime (&expiret)); | ||
167 | |||
168 | /* Print the serial number of the certificate. | ||
169 | */ | ||
170 | if (verbose | ||
171 | && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0) | ||
172 | { | ||
173 | print = raw_to_string (serial, serial_size); | ||
174 | if (print != NULL) | ||
175 | printf (" # serial number: %s\n", print); | ||
176 | } | ||
177 | |||
178 | /* Print the fingerprint of the certificate | ||
179 | */ | ||
180 | digest_size = sizeof (digest); | ||
181 | if ((ret = gnutls_x509_crt_get_fingerprint (crt, GNUTLS_DIG_MD5, digest, | ||
182 | &digest_size)) < 0) | ||
183 | { | ||
184 | fprintf (stderr, | ||
185 | "Error in fingerprint calculation: %s\n", | ||
186 | gnutls_strerror (ret)); | ||
187 | } | ||
188 | else | ||
189 | { | ||
190 | print = raw_to_string (digest, digest_size); | ||
191 | if (print != NULL) | ||
192 | printf (" # fingerprint: %s\n", print); | ||
193 | } | ||
194 | |||
195 | /* Print the version of the X.509 | ||
196 | * certificate. | ||
197 | */ | ||
198 | if (verbose) | ||
199 | { | ||
200 | printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt)); | ||
201 | |||
202 | bits = 0; | ||
203 | algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits); | ||
204 | printf (" # public key algorithm: "); | ||
205 | |||
206 | cstr = SU (gnutls_pk_algorithm_get_name (algo)); | ||
207 | printf ("%s (%d bits)\n", cstr, bits); | ||
208 | |||
209 | #ifdef ENABLE_PKI | ||
210 | if (algo == GNUTLS_PK_RSA) | ||
211 | { | ||
212 | gnutls_datum_t e, m; | ||
213 | |||
214 | ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e); | ||
215 | if (ret >= 0) | ||
216 | { | ||
217 | print = SU (raw_to_string (e.data, e.size)); | ||
218 | printf (" # e [%d bits]: %s\n", e.size * 8, print); | ||
219 | |||
220 | print = SU (raw_to_string (m.data, m.size)); | ||
221 | printf (" # m [%d bits]: %s\n", m.size * 8, print); | ||
222 | |||
223 | gnutls_free (e.data); | ||
224 | gnutls_free (m.data); | ||
225 | } | ||
226 | } | ||
227 | #endif | ||
228 | } | ||
229 | |||
230 | dn_size = sizeof (dn); | ||
231 | ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size); | ||
232 | if (ret >= 0) | ||
233 | printf (" # Subject's DN: %s\n", dn); | ||
234 | |||
235 | dn_size = sizeof (dn); | ||
236 | ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size); | ||
237 | if (ret >= 0) | ||
238 | printf (" # Issuer's DN: %s\n", dn); | ||
239 | |||
240 | gnutls_x509_crt_deinit (crt); | ||
241 | |||
242 | printf ("\n"); | ||
243 | |||
244 | } | ||
245 | |||
246 | } | ||
247 | |||
248 | #ifdef ENABLE_OPENPGP | ||
249 | |||
250 | void | ||
251 | print_openpgp_info (gnutls_session_t session, const char *hostname) | ||
252 | { | ||
253 | |||
254 | char digest[20]; | ||
255 | size_t digest_size = sizeof (digest); | ||
256 | int ret; | ||
257 | const char *print; | ||
258 | const char *cstr; | ||
259 | char name[256]; | ||
260 | size_t name_len = sizeof (name); | ||
261 | gnutls_openpgp_crt_t crt; | ||
262 | const gnutls_datum_t *cert_list; | ||
263 | int cert_list_size = 0; | ||
264 | time_t expiret; | ||
265 | time_t activet; | ||
266 | |||
267 | cert_list = gnutls_certificate_get_peers (session, &cert_list_size); | ||
268 | |||
269 | if (cert_list_size > 0) | ||
270 | { | ||
271 | unsigned int algo, bits; | ||
272 | |||
273 | gnutls_openpgp_crt_init (&crt); | ||
274 | ret = gnutls_openpgp_crt_import (crt, &cert_list[0], | ||
275 | GNUTLS_OPENPGP_FMT_RAW); | ||
276 | if (ret < 0) | ||
277 | { | ||
278 | fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret)); | ||
279 | return; | ||
280 | } | ||
281 | |||
282 | if (print_cert) | ||
283 | { | ||
284 | size_t size; | ||
285 | |||
286 | size = sizeof (buffer); | ||
287 | |||
288 | ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64, | ||
289 | buffer, &size); | ||
290 | if (ret < 0) | ||
291 | { | ||
292 | fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret)); | ||
293 | return; | ||
294 | } | ||
295 | fputs ("\n", stdout); | ||
296 | fputs (buffer, stdout); | ||
297 | fputs ("\n", stdout); | ||
298 | } | ||
299 | |||
300 | if (hostname != NULL) | ||
301 | { /* Check the hostname of the first certificate | ||
302 | * if it matches the name of the host we | ||
303 | * connected to. | ||
304 | */ | ||
305 | if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0) | ||
306 | { | ||
307 | printf (" # The hostname in the key does NOT match '%s'.\n", | ||
308 | hostname); | ||
309 | } | ||
310 | else | ||
311 | { | ||
312 | printf (" # The hostname in the key matches '%s'.\n", hostname); | ||
313 | } | ||
314 | } | ||
315 | |||
316 | activet = gnutls_openpgp_crt_get_creation_time (crt); | ||
317 | expiret = gnutls_openpgp_crt_get_expiration_time (crt); | ||
318 | |||
319 | printf (" # Key was created at: %s", my_ctime (&activet)); | ||
320 | printf (" # Key expires: "); | ||
321 | if (expiret != 0) | ||
322 | printf ("%s", my_ctime (&expiret)); | ||
323 | else | ||
324 | printf ("Never\n"); | ||
325 | |||
326 | if (gnutls_openpgp_crt_get_fingerprint (crt, digest, &digest_size) >= 0) | ||
327 | { | ||
328 | print = raw_to_string (digest, digest_size); | ||
329 | |||
330 | printf (" # PGP Key version: %d\n", | ||
331 | gnutls_openpgp_crt_get_version (crt)); | ||
332 | |||
333 | bits = 0; | ||
334 | algo = gnutls_openpgp_crt_get_pk_algorithm (crt, &bits); | ||
335 | |||
336 | printf (" # PGP Key public key algorithm: "); | ||
337 | cstr = SU (gnutls_pk_algorithm_get_name (algo)); | ||
338 | printf ("%s (%d bits)\n", cstr, bits); | ||
339 | |||
340 | if (print != NULL) | ||
341 | printf (" # PGP Key fingerprint: %s\n", print); | ||
342 | |||
343 | name_len = sizeof (name); | ||
344 | if (gnutls_openpgp_crt_get_name (crt, 0, name, &name_len) < 0) | ||
345 | { | ||
346 | fprintf (stderr, "Could not extract name\n"); | ||
347 | } | ||
348 | else | ||
349 | { | ||
350 | PRINT_PGP_NAME (name); | ||
351 | } | ||
352 | |||
353 | } | ||
354 | |||
355 | gnutls_openpgp_crt_deinit (crt); | ||
356 | |||
357 | } | ||
358 | } | ||
359 | |||
360 | #endif | ||
361 | |||
362 | void | ||
363 | print_cert_vrfy (gnutls_session_t session) | ||
364 | { | ||
365 | int rc; | ||
366 | unsigned int status; | ||
367 | |||
368 | rc = gnutls_certificate_verify_peers2 (session, &status); | ||
369 | printf ("\n"); | ||
370 | |||
371 | if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND) | ||
372 | { | ||
373 | printf ("- Peer did not send any certificate.\n"); | ||
374 | return; | ||
375 | } | ||
376 | |||
377 | if (rc < 0) | ||
378 | { | ||
379 | printf ("- Could not verify certificate (err: %s)\n", | ||
380 | gnutls_strerror (rc)); | ||
381 | return; | ||
382 | } | ||
383 | |||
384 | if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509) | ||
385 | { | ||
386 | if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) | ||
387 | printf ("- Peer's certificate issuer is unknown\n"); | ||
388 | if (status & GNUTLS_CERT_INVALID) | ||
389 | printf ("- Peer's certificate is NOT trusted\n"); | ||
390 | else | ||
391 | printf ("- Peer's certificate is trusted\n"); | ||
392 | } | ||
393 | else | ||
394 | { | ||
395 | if (status & GNUTLS_CERT_INVALID) | ||
396 | printf ("- Peer's key is invalid\n"); | ||
397 | else | ||
398 | printf ("- Peer's key is valid\n"); | ||
399 | if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) | ||
400 | printf ("- Could not find a signer of the peer's key\n"); | ||
401 | } | ||
402 | } | ||
403 | |||
404 | int | ||
405 | print_info (gnutls_session_t session, const char *hostname) | ||
406 | { | ||
407 | const char *tmp; | ||
408 | gnutls_credentials_type_t cred; | ||
409 | gnutls_kx_algorithm_t kx; | ||
410 | |||
411 | /* print the key exchange's algorithm name | ||
412 | */ | ||
413 | kx = gnutls_kx_get (session); | ||
414 | |||
415 | cred = gnutls_auth_get_type (session); | ||
416 | switch (cred) | ||
417 | { | ||
418 | #ifdef ENABLE_ANON | ||
419 | case GNUTLS_CRD_ANON: | ||
420 | printf ("- Anonymous DH using prime of %d bits, secret key " | ||
421 | "of %d bits, and peer's public key is %d bits.\n", | ||
422 | gnutls_dh_get_prime_bits (session), | ||
423 | gnutls_dh_get_secret_bits (session), | ||
424 | gnutls_dh_get_peers_public_bits (session)); | ||
425 | break; | ||
426 | #endif | ||
427 | #ifdef ENABLE_SRP | ||
428 | case GNUTLS_CRD_SRP: | ||
429 | /* This should be only called in server | ||
430 | * side. | ||
431 | */ | ||
432 | if (gnutls_srp_server_get_username (session) != NULL) | ||
433 | printf ("- SRP authentication. Connected as '%s'\n", | ||
434 | gnutls_srp_server_get_username (session)); | ||
435 | break; | ||
436 | #endif | ||
437 | #ifdef ENABLE_PSK | ||
438 | case GNUTLS_CRD_PSK: | ||
439 | /* This should be only called in server | ||
440 | * side. | ||
441 | */ | ||
442 | if (gnutls_psk_server_get_username (session) != NULL) | ||
443 | printf ("- PSK authentication. Connected as '%s'\n", | ||
444 | gnutls_psk_server_get_username (session)); | ||
445 | if (kx == GNUTLS_KX_DHE_PSK) | ||
446 | { | ||
447 | printf ("- DH using prime of %d bits, secret key " | ||
448 | "of %d bits, and peer's public key is %d bits.\n", | ||
449 | gnutls_dh_get_prime_bits (session), | ||
450 | gnutls_dh_get_secret_bits (session), | ||
451 | gnutls_dh_get_peers_public_bits (session)); | ||
452 | } | ||
453 | break; | ||
454 | #endif | ||
455 | case GNUTLS_CRD_IA: | ||
456 | printf ("- TLS/IA authentication\n"); | ||
457 | break; | ||
458 | case GNUTLS_CRD_CERTIFICATE: | ||
459 | { | ||
460 | char dns[256]; | ||
461 | size_t dns_size = sizeof (dns); | ||
462 | unsigned int type; | ||
463 | |||
464 | /* This fails in client side */ | ||
465 | if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0) | ||
466 | { | ||
467 | printf ("- Given server name[%d]: %s\n", type, dns); | ||
468 | } | ||
469 | } | ||
470 | |||
471 | if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) | ||
472 | { | ||
473 | printf ("- Ephemeral DH using prime of %d bits, secret key " | ||
474 | "of %d bits, and peer's public key is %d bits.\n", | ||
475 | gnutls_dh_get_prime_bits (session), | ||
476 | gnutls_dh_get_secret_bits (session), | ||
477 | gnutls_dh_get_peers_public_bits (session)); | ||
478 | } | ||
479 | |||
480 | print_cert_info (session, hostname); | ||
481 | |||
482 | print_cert_vrfy (session); | ||
483 | |||
484 | } | ||
485 | |||
486 | tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session))); | ||
487 | printf ("- Version: %s\n", tmp); | ||
488 | |||
489 | tmp = SU (gnutls_kx_get_name (kx)); | ||
490 | printf ("- Key Exchange: %s\n", tmp); | ||
491 | |||
492 | tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session))); | ||
493 | printf ("- Cipher: %s\n", tmp); | ||
494 | |||
495 | tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session))); | ||
496 | printf ("- MAC: %s\n", tmp); | ||
497 | |||
498 | tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session))); | ||
499 | printf ("- Compression: %s\n", tmp); | ||
500 | |||
501 | if (verbose) | ||
502 | { | ||
503 | char id[32]; | ||
504 | size_t id_size = sizeof (id); | ||
505 | gnutls_session_get_id (session, id, &id_size); | ||
506 | printf ("- Session ID: %s\n", raw_to_string (id, id_size)); | ||
507 | } | ||
508 | |||
509 | fflush (stdout); | ||
510 | |||
511 | return 0; | ||
512 | } | ||
513 | |||
514 | void | ||
515 | print_cert_info (gnutls_session_t session, const char *hostname) | ||
516 | { | ||
517 | |||
518 | if (gnutls_certificate_client_get_request_status (session) != 0) | ||
519 | printf ("- Server has requested a certificate.\n"); | ||
520 | |||
521 | printf ("- Certificate type: "); | ||
522 | switch (gnutls_certificate_type_get (session)) | ||
523 | { | ||
524 | case GNUTLS_CRT_X509: | ||
525 | printf ("X.509\n"); | ||
526 | print_x509_info (session, hostname); | ||
527 | break; | ||
528 | #ifdef ENABLE_OPENPGP | ||
529 | case GNUTLS_CRT_OPENPGP: | ||
530 | printf ("OpenPGP\n"); | ||
531 | print_openpgp_info (session, hostname); | ||
532 | break; | ||
533 | #endif | ||
534 | } | ||
535 | } | ||
536 | |||
537 | void | ||
538 | print_list (int verbose) | ||
539 | { | ||
540 | { | ||
541 | size_t i; | ||
542 | const char *name; | ||
543 | char id[2]; | ||
544 | gnutls_kx_algorithm_t kx; | ||
545 | gnutls_cipher_algorithm_t cipher; | ||
546 | gnutls_mac_algorithm_t mac; | ||
547 | gnutls_protocol_t version; | ||
548 | |||
549 | printf ("Cipher suites:\n"); | ||
550 | for (i = 0; (name = gnutls_cipher_suite_info (i, id, &kx, &cipher, &mac, | ||
551 | &version)); i++) | ||
552 | { | ||
553 | printf ("%-50s\t0x%02x, 0x%02x\t%s\n", name, (unsigned char) id[0], | ||
554 | (unsigned char) id[1], gnutls_protocol_get_name (version)); | ||
555 | if (verbose) | ||
556 | printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n", | ||
557 | gnutls_kx_get_name (kx), gnutls_cipher_get_name (cipher), | ||
558 | gnutls_mac_get_name (mac)); | ||
559 | } | ||
560 | } | ||
561 | |||
562 | { | ||
563 | const gnutls_certificate_type_t *p = gnutls_certificate_type_list (); | ||
564 | |||
565 | printf ("Certificate types: "); | ||
566 | for (; *p; p++) | ||
567 | { | ||
568 | printf ("%s", gnutls_certificate_type_get_name (*p)); | ||
569 | if (*(p + 1)) | ||
570 | printf (", "); | ||
571 | else | ||
572 | printf ("\n"); | ||
573 | } | ||
574 | } | ||
575 | |||
576 | { | ||
577 | const gnutls_protocol_t *p = gnutls_protocol_list (); | ||
578 | |||
579 | printf ("Protocols: "); | ||
580 | for (; *p; p++) | ||
581 | { | ||
582 | printf ("%s", gnutls_protocol_get_name (*p)); | ||
583 | if (*(p + 1)) | ||
584 | printf (", "); | ||
585 | else | ||
586 | printf ("\n"); | ||
587 | } | ||
588 | } | ||
589 | |||
590 | { | ||
591 | const gnutls_cipher_algorithm_t *p = gnutls_cipher_list (); | ||
592 | |||
593 | printf ("Ciphers: "); | ||
594 | for (; *p; p++) | ||
595 | { | ||
596 | printf ("%s", gnutls_cipher_get_name (*p)); | ||
597 | if (*(p + 1)) | ||
598 | printf (", "); | ||
599 | else | ||
600 | printf ("\n"); | ||
601 | } | ||
602 | } | ||
603 | |||
604 | { | ||
605 | const gnutls_mac_algorithm_t *p = gnutls_mac_list (); | ||
606 | |||
607 | printf ("MACs: "); | ||
608 | for (; *p; p++) | ||
609 | { | ||
610 | printf ("%s", gnutls_mac_get_name (*p)); | ||
611 | if (*(p + 1)) | ||
612 | printf (", "); | ||
613 | else | ||
614 | printf ("\n"); | ||
615 | } | ||
616 | } | ||
617 | |||
618 | { | ||
619 | const gnutls_kx_algorithm_t *p = gnutls_kx_list (); | ||
620 | |||
621 | printf ("Key exchange algorithms: "); | ||
622 | for (; *p; p++) | ||
623 | { | ||
624 | printf ("%s", gnutls_kx_get_name (*p)); | ||
625 | if (*(p + 1)) | ||
626 | printf (", "); | ||
627 | else | ||
628 | printf ("\n"); | ||
629 | } | ||
630 | } | ||
631 | |||
632 | { | ||
633 | const gnutls_compression_method_t *p = gnutls_compression_list (); | ||
634 | |||
635 | printf ("Compression: "); | ||
636 | for (; *p; p++) | ||
637 | { | ||
638 | printf ("%s", gnutls_compression_get_name (*p)); | ||
639 | if (*(p + 1)) | ||
640 | printf (", "); | ||
641 | else | ||
642 | printf ("\n"); | ||
643 | } | ||
644 | } | ||
645 | } | ||
646 | |||
647 | void | ||
648 | print_license (void) | ||
649 | { | ||
650 | fputs ("\nCopyright (C) 2004,2005,2006,2007 Free Software Foundation\n" | ||
651 | "This program is free software; you can redistribute it and/or modify \n" | ||
652 | "it under the terms of the GNU General Public License as published by \n" | ||
653 | "the Free Software Foundation; either version 3 of the License, or \n" | ||
654 | "(at your option) any later version. \n" "\n" | ||
655 | "This program is distributed in the hope that it will be useful, \n" | ||
656 | "but WITHOUT ANY WARRANTY; without even the implied warranty of \n" | ||
657 | "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n" | ||
658 | "GNU General Public License for more details. \n" "\n" | ||
659 | "You should have received a copy of the GNU General Public License \n" | ||
660 | "along with this program; if not, write to the Free Software \n" | ||
661 | "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n", | ||
662 | stdout); | ||
663 | } | ||
664 | |||
665 | static int depr_printed = 0; | ||
666 | #define DEPRECATED if (depr_printed==0) { \ | ||
667 | fprintf(stderr, "This method of specifying algorithms is deprecated. Please use the --priority option.\n"); \ | ||
668 | depr_printed = 1; \ | ||
669 | } | ||
670 | |||
671 | void | ||
672 | parse_protocols (char **protocols, int protocols_size, int *protocol_priority) | ||
673 | { | ||
674 | int i, j; | ||
675 | |||
676 | if (protocols != NULL && protocols_size > 0) | ||
677 | { | ||
678 | DEPRECATED; | ||
679 | |||
680 | for (j = i = 0; i < protocols_size; i++) | ||
681 | { | ||
682 | if (strncasecmp (protocols[i], "SSL", 3) == 0) | ||
683 | protocol_priority[j++] = GNUTLS_SSL3; | ||
684 | else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0) | ||
685 | protocol_priority[j++] = GNUTLS_TLS1_1; | ||
686 | else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0) | ||
687 | protocol_priority[j++] = GNUTLS_TLS1_2; | ||
688 | else if (strncasecmp (protocols[i], "TLS", 3) == 0) | ||
689 | protocol_priority[j++] = GNUTLS_TLS1_0; | ||
690 | else | ||
691 | fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]); | ||
692 | } | ||
693 | protocol_priority[j] = 0; | ||
694 | } | ||
695 | } | ||
696 | |||
697 | void | ||
698 | parse_ciphers (char **ciphers, int nciphers, int *cipher_priority) | ||
699 | { | ||
700 | int j, i; | ||
701 | |||
702 | if (ciphers != NULL && nciphers > 0) | ||
703 | { | ||
704 | DEPRECATED; | ||
705 | for (j = i = 0; i < nciphers; i++) | ||
706 | { | ||
707 | if (strncasecmp (ciphers[i], "AES-2", 5) == 0) | ||
708 | cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC; | ||
709 | else if (strncasecmp (ciphers[i], "AES", 3) == 0) | ||
710 | cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC; | ||
711 | else if (strncasecmp (ciphers[i], "3DE", 3) == 0) | ||
712 | cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC; | ||
713 | else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0) | ||
714 | cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40; | ||
715 | else if (strcasecmp (ciphers[i], "ARCFOUR") == 0) | ||
716 | cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128; | ||
717 | #ifdef ENABLE_CAMELLIA | ||
718 | else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0) | ||
719 | cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC; | ||
720 | else if (strncasecmp (ciphers[i], "CAM", 3) == 0) | ||
721 | cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC; | ||
722 | #endif | ||
723 | else if (strncasecmp (ciphers[i], "NUL", 3) == 0) | ||
724 | cipher_priority[j++] = GNUTLS_CIPHER_NULL; | ||
725 | else | ||
726 | fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]); | ||
727 | } | ||
728 | cipher_priority[j] = 0; | ||
729 | } | ||
730 | } | ||
731 | |||
732 | void | ||
733 | parse_macs (char **macs, int nmacs, int *mac_priority) | ||
734 | { | ||
735 | int i, j; | ||
736 | |||
737 | if (macs != NULL && nmacs > 0) | ||
738 | { | ||
739 | DEPRECATED; | ||
740 | for (j = i = 0; i < nmacs; i++) | ||
741 | { | ||
742 | if (strncasecmp (macs[i], "MD5", 3) == 0) | ||
743 | mac_priority[j++] = GNUTLS_MAC_MD5; | ||
744 | else if (strncasecmp (macs[i], "SHA256", 6) == 0) | ||
745 | mac_priority[j++] = GNUTLS_MAC_SHA256; | ||
746 | else if (strncasecmp (macs[i], "SHA", 3) == 0) | ||
747 | mac_priority[j++] = GNUTLS_MAC_SHA1; | ||
748 | else | ||
749 | fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]); | ||
750 | } | ||
751 | mac_priority[j] = 0; | ||
752 | } | ||
753 | } | ||
754 | |||
755 | void | ||
756 | parse_ctypes (char **ctype, int nctype, int *cert_type_priority) | ||
757 | { | ||
758 | int i, j; | ||
759 | |||
760 | if (ctype != NULL && nctype > 0) | ||
761 | { | ||
762 | DEPRECATED; | ||
763 | for (j = i = 0; i < nctype; i++) | ||
764 | { | ||
765 | if (strncasecmp (ctype[i], "OPE", 3) == 0) | ||
766 | cert_type_priority[j++] = GNUTLS_CRT_OPENPGP; | ||
767 | else if (strncasecmp (ctype[i], "X", 1) == 0) | ||
768 | cert_type_priority[j++] = GNUTLS_CRT_X509; | ||
769 | else | ||
770 | fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]); | ||
771 | } | ||
772 | cert_type_priority[j] = 0; | ||
773 | } | ||
774 | } | ||
775 | |||
776 | void | ||
777 | parse_kx (char **kx, int nkx, int *kx_priority) | ||
778 | { | ||
779 | int i, j; | ||
780 | |||
781 | if (kx != NULL && nkx > 0) | ||
782 | { | ||
783 | DEPRECATED; | ||
784 | for (j = i = 0; i < nkx; i++) | ||
785 | { | ||
786 | if (strcasecmp (kx[i], "SRP") == 0) | ||
787 | kx_priority[j++] = GNUTLS_KX_SRP; | ||
788 | else if (strcasecmp (kx[i], "SRP-RSA") == 0) | ||
789 | kx_priority[j++] = GNUTLS_KX_SRP_RSA; | ||
790 | else if (strcasecmp (kx[i], "SRP-DSS") == 0) | ||
791 | kx_priority[j++] = GNUTLS_KX_SRP_DSS; | ||
792 | else if (strcasecmp (kx[i], "RSA") == 0) | ||
793 | kx_priority[j++] = GNUTLS_KX_RSA; | ||
794 | else if (strcasecmp (kx[i], "PSK") == 0) | ||
795 | kx_priority[j++] = GNUTLS_KX_PSK; | ||
796 | else if (strcasecmp (kx[i], "DHE-PSK") == 0) | ||
797 | kx_priority[j++] = GNUTLS_KX_DHE_PSK; | ||
798 | else if (strcasecmp (kx[i], "RSA-EXPORT") == 0) | ||
799 | kx_priority[j++] = GNUTLS_KX_RSA_EXPORT; | ||
800 | else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0) | ||
801 | kx_priority[j++] = GNUTLS_KX_DHE_RSA; | ||
802 | else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0) | ||
803 | kx_priority[j++] = GNUTLS_KX_DHE_DSS; | ||
804 | else if (strncasecmp (kx[i], "ANON", 4) == 0) | ||
805 | kx_priority[j++] = GNUTLS_KX_ANON_DH; | ||
806 | else | ||
807 | fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]); | ||
808 | } | ||
809 | kx_priority[j] = 0; | ||
810 | } | ||
811 | } | ||
812 | |||
813 | void | ||
814 | parse_comp (char **comp, int ncomp, int *comp_priority) | ||
815 | { | ||
816 | int i, j; | ||
817 | |||
818 | if (comp != NULL && ncomp > 0) | ||
819 | { | ||
820 | DEPRECATED; | ||
821 | for (j = i = 0; i < ncomp; i++) | ||
822 | { | ||
823 | if (strncasecmp (comp[i], "NUL", 3) == 0) | ||
824 | comp_priority[j++] = GNUTLS_COMP_NULL; | ||
825 | else if (strncasecmp (comp[i], "ZLI", 3) == 0) | ||
826 | comp_priority[j++] = GNUTLS_COMP_DEFLATE; | ||
827 | else if (strncasecmp (comp[i], "DEF", 3) == 0) | ||
828 | comp_priority[j++] = GNUTLS_COMP_DEFLATE; | ||
829 | else if (strncasecmp (comp[i], "LZO", 3) == 0) | ||
830 | comp_priority[j++] = GNUTLS_COMP_LZO; | ||
831 | else | ||
832 | fprintf (stderr, "Unknown compression: '%s'\n", comp[i]); | ||
833 | } | ||
834 | comp_priority[j] = 0; | ||
835 | } | ||
836 | } | ||
837 | |||
838 | void | ||
839 | sockets_init (void) | ||
840 | { | ||
841 | #ifdef _WIN32 | ||
842 | WORD wVersionRequested; | ||
843 | WSADATA wsaData; | ||
844 | |||
845 | wVersionRequested = MAKEWORD (1, 1); | ||
846 | if (WSAStartup (wVersionRequested, &wsaData) != 0) | ||
847 | { | ||
848 | perror ("WSA_STARTUP_ERROR"); | ||
849 | } | ||
850 | #endif | ||
851 | } | ||
852 | |||
853 | /* converts a service name or a port (in string) to a | ||
854 | * port number. The protocol is assumed to be TCP. | ||
855 | * | ||
856 | * returns -1 on error; | ||
857 | */ | ||
858 | int | ||
859 | service_to_port (const char *service) | ||
860 | { | ||
861 | int port; | ||
862 | struct servent *server_port; | ||
863 | |||
864 | port = atoi (service); | ||
865 | if (port != 0) | ||
866 | return port; | ||
867 | |||
868 | server_port = getservbyname (service, "tcp"); | ||
869 | if (server_port == NULL) | ||
870 | { | ||
871 | perror ("getservbyname()"); | ||
872 | return (-1); | ||
873 | } | ||
874 | |||
875 | return ntohs (server_port->s_port); | ||
876 | |||
877 | } | ||