aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/tls/gnutls_cert.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/tls/gnutls_cert.c')
-rw-r--r--src/daemon/https/tls/gnutls_cert.c86
1 files changed, 0 insertions, 86 deletions
diff --git a/src/daemon/https/tls/gnutls_cert.c b/src/daemon/https/tls/gnutls_cert.c
index 201557b3..f5d657d4 100644
--- a/src/daemon/https/tls/gnutls_cert.c
+++ b/src/daemon/https/tls/gnutls_cert.c
@@ -430,92 +430,6 @@ MHD__gnutls_x509_get_raw_crt_expiration_time (const MHD_gnutls_datum_t * cert)
430} 430}
431 431
432/** 432/**
433 * MHD_gtls_certificate_verify_peers2 - This function returns the peer's certificate verification status
434 * @session: is a gnutls session
435 * @status: is the output of the verification
436 *
437 * This function will try to verify the peer's certificate and return
438 * its status (trusted, invalid etc.). The value of @status should
439 * be one or more of the MHD_gnutls_certificate_status_t enumerated
440 * elements bitwise or'd. To avoid denial of service attacks some
441 * default upper limits regarding the certificate key size and chain
442 * size are set. To override them use
443 * MHD__gnutls_certificate_set_verify_limits().
444 *
445 * Note that you must also check the peer's name in order to check if
446 * the verified certificate belongs to the actual peer.
447 *
448 * This is the same as MHD_gnutls_x509_crt_list_verify() and uses the
449 * loaded CAs in the credentials as trusted CAs.
450 *
451 * Note that some commonly used X.509 Certificate Authorities are
452 * still using Version 1 certificates. If you want to accept them,
453 * you need to call MHD__gnutls_certificate_set_verify_flags() with, e.g.,
454 * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT parameter.
455 *
456 * Returns: a negative error code on error and zero on success.
457 **/
458int
459MHD_gtls_certificate_verify_peers2 (MHD_gtls_session_t session,
460 unsigned int *status)
461{
462 cert_auth_info_t info;
463
464 CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
465
466 info = MHD_gtls_get_auth_info (session);
467 if (info == NULL)
468 {
469 return GNUTLS_E_NO_CERTIFICATE_FOUND;
470 }
471
472 if (info->raw_certificate_list == NULL || info->ncerts == 0)
473 return GNUTLS_E_NO_CERTIFICATE_FOUND;
474
475 switch (MHD_gnutls_certificate_type_get (session))
476 {
477 case MHD_GNUTLS_CRT_X509:
478 return MHD__gnutls_x509_cert_verify_peers (session, status);
479 default:
480 return GNUTLS_E_INVALID_REQUEST;
481 }
482}
483
484/**
485 * MHD_gtls_certificate_verify_peers - This function returns the peer's certificate verification status
486 * @session: is a gnutls session
487 *
488 * This function will try to verify the peer's certificate and return
489 * its status (trusted, invalid etc.). However you must also check
490 * the peer's name in order to check if the verified certificate
491 * belongs to the actual peer.
492 *
493 * The return value should be one or more of the
494 * MHD_gnutls_certificate_status_t enumerated elements bitwise or'd, or a
495 * negative value on error.
496 *
497 * This is the same as MHD_gnutls_x509_crt_list_verify().
498 *
499 * Deprecated: Use MHD_gtls_certificate_verify_peers2() instead.
500 **/
501int
502MHD_gtls_certificate_verify_peers (MHD_gtls_session_t session)
503{
504 unsigned int status;
505 int ret;
506
507 ret = MHD_gtls_certificate_verify_peers2 (session, &status);
508
509 if (ret < 0)
510 {
511 MHD_gnutls_assert ();
512 return ret;
513 }
514
515 return status;
516}
517
518/**
519 * MHD_gtls_certificate_expiration_time_peers - This function returns the peer's certificate expiration time 433 * MHD_gtls_certificate_expiration_time_peers - This function returns the peer's certificate expiration time
520 * @session: is a gnutls session 434 * @session: is a gnutls session
521 * 435 *