diff options
Diffstat (limited to 'src/daemon/https/tls/auth_cert.c')
-rw-r--r-- | src/daemon/https/tls/auth_cert.c | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c index 6f34a120..d0191f24 100644 --- a/src/daemon/https/tls/auth_cert.c +++ b/src/daemon/https/tls/auth_cert.c | |||
@@ -45,9 +45,10 @@ | |||
45 | #include <gnutls_x509.h> | 45 | #include <gnutls_x509.h> |
46 | #include "debug.h" | 46 | #include "debug.h" |
47 | 47 | ||
48 | static MHD_gnutls_cert *alloc_and_load_x509_certs (MHD_gnutls_x509_crt_t * certs, | 48 | static MHD_gnutls_cert *alloc_and_load_x509_certs (MHD_gnutls_x509_crt_t * |
49 | unsigned); | 49 | certs, unsigned); |
50 | static MHD_gnutls_privkey *alloc_and_load_x509_key (MHD_gnutls_x509_privkey_t key); | 50 | static MHD_gnutls_privkey *alloc_and_load_x509_key (MHD_gnutls_x509_privkey_t |
51 | key); | ||
51 | 52 | ||
52 | 53 | ||
53 | /* Copies data from a internal certificate struct (MHD_gnutls_cert) to | 54 | /* Copies data from a internal certificate struct (MHD_gnutls_cert) to |
@@ -55,7 +56,7 @@ static MHD_gnutls_privkey *alloc_and_load_x509_key (MHD_gnutls_x509_privkey_t ke | |||
55 | */ | 56 | */ |
56 | static int | 57 | static int |
57 | MHD__gnutls_copy_certificate_auth_info (cert_auth_info_t info, | 58 | MHD__gnutls_copy_certificate_auth_info (cert_auth_info_t info, |
58 | MHD_gnutls_cert * cert, int ncerts) | 59 | MHD_gnutls_cert * cert, int ncerts) |
59 | { | 60 | { |
60 | /* Copy peer's information to auth_info_t | 61 | /* Copy peer's information to auth_info_t |
61 | */ | 62 | */ |
@@ -82,7 +83,7 @@ MHD__gnutls_copy_certificate_auth_info (cert_auth_info_t info, | |||
82 | { | 83 | { |
83 | ret = | 84 | ret = |
84 | MHD__gnutls_set_datum (&info->raw_certificate_list[i], | 85 | MHD__gnutls_set_datum (&info->raw_certificate_list[i], |
85 | cert[i].raw.data, cert[i].raw.size); | 86 | cert[i].raw.data, cert[i].raw.size); |
86 | if (ret < 0) | 87 | if (ret < 0) |
87 | { | 88 | { |
88 | MHD_gnutls_assert (); | 89 | MHD_gnutls_assert (); |
@@ -113,9 +114,9 @@ clear: | |||
113 | */ | 114 | */ |
114 | inline static int | 115 | inline static int |
115 | MHD__gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm | 116 | MHD__gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm |
116 | *pk_algos, int pk_algos_length, | 117 | *pk_algos, int pk_algos_length, |
117 | enum MHD_GNUTLS_PublicKeyAlgorithm | 118 | enum MHD_GNUTLS_PublicKeyAlgorithm |
118 | algo_to_check) | 119 | algo_to_check) |
119 | { | 120 | { |
120 | int i; | 121 | int i; |
121 | for (i = 0; i < pk_algos_length; i++) | 122 | for (i = 0; i < pk_algos_length; i++) |
@@ -133,7 +134,8 @@ MHD__gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm | |||
133 | * specified in cert. | 134 | * specified in cert. |
134 | */ | 135 | */ |
135 | static int | 136 | static int |
136 | MHD__gnutls_cert_get_issuer_dn (MHD_gnutls_cert * cert, MHD_gnutls_datum_t * odn) | 137 | MHD__gnutls_cert_get_issuer_dn (MHD_gnutls_cert * cert, |
138 | MHD_gnutls_datum_t * odn) | ||
137 | { | 139 | { |
138 | ASN1_TYPE dn; | 140 | ASN1_TYPE dn; |
139 | int len, result; | 141 | int len, result; |
@@ -155,8 +157,9 @@ MHD__gnutls_cert_get_issuer_dn (MHD_gnutls_cert * cert, MHD_gnutls_datum_t * odn | |||
155 | return MHD_gtls_asn2err (result); | 157 | return MHD_gtls_asn2err (result); |
156 | } | 158 | } |
157 | 159 | ||
158 | result = MHD__asn1_der_decoding_startEnd (dn, cert->raw.data, cert->raw.size, | 160 | result = |
159 | "tbsCertificate.issuer", &start, &end); | 161 | MHD__asn1_der_decoding_startEnd (dn, cert->raw.data, cert->raw.size, |
162 | "tbsCertificate.issuer", &start, &end); | ||
160 | 163 | ||
161 | if (result != ASN1_SUCCESS) | 164 | if (result != ASN1_SUCCESS) |
162 | { | 165 | { |
@@ -211,7 +214,7 @@ _find_x509_cert (const MHD_gtls_cert_credentials_t cred, | |||
211 | { | 214 | { |
212 | if ((result = | 215 | if ((result = |
213 | MHD__gnutls_cert_get_issuer_dn (&cred->cert_list[i][j], | 216 | MHD__gnutls_cert_get_issuer_dn (&cred->cert_list[i][j], |
214 | &odn)) < 0) | 217 | &odn)) < 0) |
215 | { | 218 | { |
216 | MHD_gnutls_assert (); | 219 | MHD_gnutls_assert (); |
217 | return result; | 220 | return result; |
@@ -483,7 +486,8 @@ _select_client_cert (MHD_gtls_session_t session, | |||
483 | if (issuers_dn_length > 0) | 486 | if (issuers_dn_length > 0) |
484 | { | 487 | { |
485 | issuers_dn = | 488 | issuers_dn = |
486 | MHD_gnutls_malloc (sizeof (MHD_gnutls_datum_t) * issuers_dn_length); | 489 | MHD_gnutls_malloc (sizeof (MHD_gnutls_datum_t) * |
490 | issuers_dn_length); | ||
487 | if (issuers_dn == NULL) | 491 | if (issuers_dn == NULL) |
488 | { | 492 | { |
489 | MHD_gnutls_assert (); | 493 | MHD_gnutls_assert (); |
@@ -712,7 +716,8 @@ MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session, | |||
712 | */ | 716 | */ |
713 | 717 | ||
714 | peer_certificate_list = | 718 | peer_certificate_list = |
715 | MHD_gnutls_malloc (sizeof (MHD_gnutls_cert) * (peer_certificate_list_size)); | 719 | MHD_gnutls_malloc (sizeof (MHD_gnutls_cert) * |
720 | (peer_certificate_list_size)); | ||
716 | 721 | ||
717 | if (peer_certificate_list == NULL) | 722 | if (peer_certificate_list == NULL) |
718 | { | 723 | { |
@@ -752,8 +757,9 @@ MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session, | |||
752 | 757 | ||
753 | if ((ret = | 758 | if ((ret = |
754 | MHD__gnutls_copy_certificate_auth_info (info, | 759 | MHD__gnutls_copy_certificate_auth_info (info, |
755 | peer_certificate_list, | 760 | peer_certificate_list, |
756 | peer_certificate_list_size)) < 0) | 761 | peer_certificate_list_size)) < |
762 | 0) | ||
757 | { | 763 | { |
758 | MHD_gnutls_assert (); | 764 | MHD_gnutls_assert (); |
759 | goto cleanup; | 765 | goto cleanup; |
@@ -761,7 +767,7 @@ MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session, | |||
761 | 767 | ||
762 | if ((ret = | 768 | if ((ret = |
763 | MHD__gnutls_check_key_usage (&peer_certificate_list[0], | 769 | MHD__gnutls_check_key_usage (&peer_certificate_list[0], |
764 | MHD_gnutls_kx_get (session))) < 0) | 770 | MHD_gnutls_kx_get (session))) < 0) |
765 | { | 771 | { |
766 | MHD_gnutls_assert (); | 772 | MHD_gnutls_assert (); |
767 | goto cleanup; | 773 | goto cleanup; |