diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_cert.c')
-rw-r--r-- | src/daemon/https/tls/gnutls_cert.c | 86 |
1 files changed, 0 insertions, 86 deletions
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c index 201557b3..f5d657d4 100644 --- a/src/daemon/https/tls/gnutls_cert.c +++ b/src/daemon/https/tls/gnutls_cert.c | |||
@@ -430,92 +430,6 @@ MHD__gnutls_x509_get_raw_crt_expiration_time (const MHD_gnutls_datum_t * cert) | |||
430 | } | 430 | } |
431 | 431 | ||
432 | /** | 432 | /** |
433 | * MHD_gtls_certificate_verify_peers2 - This function returns the peer's certificate verification status | ||
434 | * @session: is a gnutls session | ||
435 | * @status: is the output of the verification | ||
436 | * | ||
437 | * This function will try to verify the peer's certificate and return | ||
438 | * its status (trusted, invalid etc.). The value of @status should | ||
439 | * be one or more of the MHD_gnutls_certificate_status_t enumerated | ||
440 | * elements bitwise or'd. To avoid denial of service attacks some | ||
441 | * default upper limits regarding the certificate key size and chain | ||
442 | * size are set. To override them use | ||
443 | * MHD__gnutls_certificate_set_verify_limits(). | ||
444 | * | ||
445 | * Note that you must also check the peer's name in order to check if | ||
446 | * the verified certificate belongs to the actual peer. | ||
447 | * | ||
448 | * This is the same as MHD_gnutls_x509_crt_list_verify() and uses the | ||
449 | * loaded CAs in the credentials as trusted CAs. | ||
450 | * | ||
451 | * Note that some commonly used X.509 Certificate Authorities are | ||
452 | * still using Version 1 certificates. If you want to accept them, | ||
453 | * you need to call MHD__gnutls_certificate_set_verify_flags() with, e.g., | ||
454 | * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT parameter. | ||
455 | * | ||
456 | * Returns: a negative error code on error and zero on success. | ||
457 | **/ | ||
458 | int | ||
459 | MHD_gtls_certificate_verify_peers2 (MHD_gtls_session_t session, | ||
460 | unsigned int *status) | ||
461 | { | ||
462 | cert_auth_info_t info; | ||
463 | |||
464 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); | ||
465 | |||
466 | info = MHD_gtls_get_auth_info (session); | ||
467 | if (info == NULL) | ||
468 | { | ||
469 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
470 | } | ||
471 | |||
472 | if (info->raw_certificate_list == NULL || info->ncerts == 0) | ||
473 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
474 | |||
475 | switch (MHD_gnutls_certificate_type_get (session)) | ||
476 | { | ||
477 | case MHD_GNUTLS_CRT_X509: | ||
478 | return MHD__gnutls_x509_cert_verify_peers (session, status); | ||
479 | default: | ||
480 | return GNUTLS_E_INVALID_REQUEST; | ||
481 | } | ||
482 | } | ||
483 | |||
484 | /** | ||
485 | * MHD_gtls_certificate_verify_peers - This function returns the peer's certificate verification status | ||
486 | * @session: is a gnutls session | ||
487 | * | ||
488 | * This function will try to verify the peer's certificate and return | ||
489 | * its status (trusted, invalid etc.). However you must also check | ||
490 | * the peer's name in order to check if the verified certificate | ||
491 | * belongs to the actual peer. | ||
492 | * | ||
493 | * The return value should be one or more of the | ||
494 | * MHD_gnutls_certificate_status_t enumerated elements bitwise or'd, or a | ||
495 | * negative value on error. | ||
496 | * | ||
497 | * This is the same as MHD_gnutls_x509_crt_list_verify(). | ||
498 | * | ||
499 | * Deprecated: Use MHD_gtls_certificate_verify_peers2() instead. | ||
500 | **/ | ||
501 | int | ||
502 | MHD_gtls_certificate_verify_peers (MHD_gtls_session_t session) | ||
503 | { | ||
504 | unsigned int status; | ||
505 | int ret; | ||
506 | |||
507 | ret = MHD_gtls_certificate_verify_peers2 (session, &status); | ||
508 | |||
509 | if (ret < 0) | ||
510 | { | ||
511 | MHD_gnutls_assert (); | ||
512 | return ret; | ||
513 | } | ||
514 | |||
515 | return status; | ||
516 | } | ||
517 | |||
518 | /** | ||
519 | * MHD_gtls_certificate_expiration_time_peers - This function returns the peer's certificate expiration time | 433 | * MHD_gtls_certificate_expiration_time_peers - This function returns the peer's certificate expiration time |
520 | * @session: is a gnutls session | 434 | * @session: is a gnutls session |
521 | * | 435 | * |