diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_kx.c')
| -rw-r--r-- | src/daemon/https/tls/gnutls_kx.c | 119 |
1 files changed, 67 insertions, 52 deletions
diff --git a/src/daemon/https/tls/gnutls_kx.c b/src/daemon/https/tls/gnutls_kx.c index 5f0966f8..58850318 100644 --- a/src/daemon/https/tls/gnutls_kx.c +++ b/src/daemon/https/tls/gnutls_kx.c | |||
| @@ -62,14 +62,16 @@ generate_normal_master (MHD_gtls_session_t session, int keep_premaster) | |||
| 62 | char buf[512]; | 62 | char buf[512]; |
| 63 | 63 | ||
| 64 | MHD__gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, | 64 | MHD__gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, |
| 65 | MHD_gtls_bin2hex (PREMASTER.data, PREMASTER.size, buf, | 65 | MHD_gtls_bin2hex (PREMASTER.data, PREMASTER.size, buf, |
| 66 | sizeof (buf))); | 66 | sizeof (buf))); |
| 67 | MHD__gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32, | 67 | MHD__gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32, |
| 68 | MHD_gtls_bin2hex (session->security_parameters. | 68 | MHD_gtls_bin2hex (session-> |
| 69 | client_random, 32, buf, sizeof (buf))); | 69 | security_parameters.client_random, |
| 70 | 32, buf, sizeof (buf))); | ||
| 70 | MHD__gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32, | 71 | MHD__gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32, |
| 71 | MHD_gtls_bin2hex (session->security_parameters. | 72 | MHD_gtls_bin2hex (session-> |
| 72 | server_random, 32, buf, sizeof (buf))); | 73 | security_parameters.server_random, |
| 74 | 32, buf, sizeof (buf))); | ||
| 73 | 75 | ||
| 74 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) | 76 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) |
| 75 | { | 77 | { |
| @@ -84,8 +86,8 @@ generate_normal_master (MHD_gtls_session_t session, int keep_premaster) | |||
| 84 | MHD_gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size, | 86 | MHD_gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size, |
| 85 | rnd, 2 * TLS_RANDOM_SIZE, | 87 | rnd, 2 * TLS_RANDOM_SIZE, |
| 86 | TLS_MASTER_SIZE, | 88 | TLS_MASTER_SIZE, |
| 87 | session->security_parameters. | 89 | session-> |
| 88 | master_secret); | 90 | security_parameters.master_secret); |
| 89 | 91 | ||
| 90 | } | 92 | } |
| 91 | else if (session->security_parameters.extensions.oprfi_client_len > 0 && | 93 | else if (session->security_parameters.extensions.oprfi_client_len > 0 && |
| @@ -105,21 +107,25 @@ generate_normal_master (MHD_gtls_session_t session, int keep_premaster) | |||
| 105 | } | 107 | } |
| 106 | 108 | ||
| 107 | MHD__gnutls_hard_log ("INT: CLIENT OPRFI[%d]: %s\n", | 109 | MHD__gnutls_hard_log ("INT: CLIENT OPRFI[%d]: %s\n", |
| 108 | session->security_parameters. | 110 | session->security_parameters.extensions. |
| 109 | extensions.oprfi_server_len, | 111 | oprfi_server_len, |
| 110 | MHD_gtls_bin2hex (session->security_parameters. | 112 | MHD_gtls_bin2hex (session-> |
| 111 | extensions.oprfi_client, | 113 | security_parameters.extensions. |
| 112 | session->security_parameters. | 114 | oprfi_client, |
| 113 | extensions.oprfi_client_len, buf, | 115 | session-> |
| 114 | sizeof (buf))); | 116 | security_parameters.extensions. |
| 117 | oprfi_client_len, buf, | ||
| 118 | sizeof (buf))); | ||
| 115 | MHD__gnutls_hard_log ("INT: SERVER OPRFI[%d]: %s\n", | 119 | MHD__gnutls_hard_log ("INT: SERVER OPRFI[%d]: %s\n", |
| 116 | session->security_parameters. | 120 | session->security_parameters.extensions. |
| 117 | extensions.oprfi_server_len, | 121 | oprfi_server_len, |
| 118 | MHD_gtls_bin2hex (session->security_parameters. | 122 | MHD_gtls_bin2hex (session-> |
| 119 | extensions.oprfi_server, | 123 | security_parameters.extensions. |
| 120 | session->security_parameters. | 124 | oprfi_server, |
| 121 | extensions.oprfi_server_len, buf, | 125 | session-> |
| 122 | sizeof (buf))); | 126 | security_parameters.extensions. |
| 127 | oprfi_server_len, buf, | ||
| 128 | sizeof (buf))); | ||
| 123 | 129 | ||
| 124 | memcpy (rnd, session->security_parameters.client_random, | 130 | memcpy (rnd, session->security_parameters.client_random, |
| 125 | TLS_RANDOM_SIZE); | 131 | TLS_RANDOM_SIZE); |
| @@ -169,9 +175,10 @@ generate_normal_master (MHD_gtls_session_t session, int keep_premaster) | |||
| 169 | return ret; | 175 | return ret; |
| 170 | 176 | ||
| 171 | MHD__gnutls_hard_log ("INT: MASTER SECRET: %s\n", | 177 | MHD__gnutls_hard_log ("INT: MASTER SECRET: %s\n", |
| 172 | MHD_gtls_bin2hex (session->security_parameters. | 178 | MHD_gtls_bin2hex (session-> |
| 173 | master_secret, TLS_MASTER_SIZE, buf, | 179 | security_parameters.master_secret, |
| 174 | sizeof (buf))); | 180 | TLS_MASTER_SIZE, buf, |
| 181 | sizeof (buf))); | ||
| 175 | 182 | ||
| 176 | return ret; | 183 | return ret; |
| 177 | } | 184 | } |
| @@ -237,8 +244,8 @@ MHD_gtls_send_server_certificate_request (MHD_gtls_session_t session, | |||
| 237 | int data_size = 0; | 244 | int data_size = 0; |
| 238 | int ret = 0; | 245 | int ret = 0; |
| 239 | 246 | ||
| 240 | if (session->internals.auth_struct-> | 247 | if (session->internals. |
| 241 | MHD_gtls_gen_server_certificate_request == NULL) | 248 | auth_struct->MHD_gtls_gen_server_certificate_request == NULL) |
| 242 | return 0; | 249 | return 0; |
| 243 | 250 | ||
| 244 | if (session->internals.send_cert_req <= 0) | 251 | if (session->internals.send_cert_req <= 0) |
| @@ -250,8 +257,8 @@ MHD_gtls_send_server_certificate_request (MHD_gtls_session_t session, | |||
| 250 | if (again == 0) | 257 | if (again == 0) |
| 251 | { | 258 | { |
| 252 | data_size = | 259 | data_size = |
| 253 | session->internals.auth_struct-> | 260 | session->internals. |
| 254 | MHD_gtls_gen_server_certificate_request (session, &data); | 261 | auth_struct->MHD_gtls_gen_server_certificate_request (session, &data); |
| 255 | 262 | ||
| 256 | if (data_size < 0) | 263 | if (data_size < 0) |
| 257 | { | 264 | { |
| @@ -350,8 +357,8 @@ MHD_gtls_send_client_certificate_verify (MHD_gtls_session_t session, | |||
| 350 | if (again == 0) | 357 | if (again == 0) |
| 351 | { | 358 | { |
| 352 | data_size = | 359 | data_size = |
| 353 | session->internals.auth_struct-> | 360 | session->internals. |
| 354 | MHD_gtls_gen_client_cert_vrfy (session, &data); | 361 | auth_struct->MHD_gtls_gen_client_cert_vrfy (session, &data); |
| 355 | if (data_size < 0) | 362 | if (data_size < 0) |
| 356 | { | 363 | { |
| 357 | MHD_gnutls_assert (); | 364 | MHD_gnutls_assert (); |
| @@ -423,8 +430,8 @@ MHD_gtls_recv_server_certificate_request (MHD_gtls_session_t session) | |||
| 423 | int datasize; | 430 | int datasize; |
| 424 | int ret = 0; | 431 | int ret = 0; |
| 425 | 432 | ||
| 426 | if (session->internals.auth_struct-> | 433 | if (session->internals. |
| 427 | MHD_gtls_process_server_certificate_request != NULL) | 434 | auth_struct->MHD_gtls_process_server_certificate_request != NULL) |
| 428 | { | 435 | { |
| 429 | 436 | ||
| 430 | ret = | 437 | ret = |
| @@ -439,8 +446,10 @@ MHD_gtls_recv_server_certificate_request (MHD_gtls_session_t session) | |||
| 439 | return 0; /* ignored */ | 446 | return 0; /* ignored */ |
| 440 | 447 | ||
| 441 | ret = | 448 | ret = |
| 442 | session->internals.auth_struct-> | 449 | session->internals. |
| 443 | MHD_gtls_process_server_certificate_request (session, data, datasize); | 450 | auth_struct->MHD_gtls_process_server_certificate_request (session, |
| 451 | data, | ||
| 452 | datasize); | ||
| 444 | MHD_gnutls_free (data); | 453 | MHD_gnutls_free (data); |
| 445 | if (ret < 0) | 454 | if (ret < 0) |
| 446 | return ret; | 455 | return ret; |
| @@ -504,14 +513,15 @@ MHD_gtls_send_client_certificate (MHD_gtls_session_t session, int again) | |||
| 504 | 513 | ||
| 505 | if (again == 0) | 514 | if (again == 0) |
| 506 | { | 515 | { |
| 507 | if (MHD__gnutls_protocol_get_version (session) != MHD_GNUTLS_PROTOCOL_SSL3 || | 516 | if (MHD__gnutls_protocol_get_version (session) != |
| 508 | session->internals.selected_cert_list_length > 0) | 517 | MHD_GNUTLS_PROTOCOL_SSL3 |
| 518 | || session->internals.selected_cert_list_length > 0) | ||
| 509 | { | 519 | { |
| 510 | /* TLS 1.0 or SSL 3.0 with a valid certificate | 520 | /* TLS 1.0 or SSL 3.0 with a valid certificate |
| 511 | */ | 521 | */ |
| 512 | data_size = | 522 | data_size = |
| 513 | session->internals.auth_struct-> | 523 | session->internals. |
| 514 | MHD_gtls_gen_client_certificate (session, &data); | 524 | auth_struct->MHD_gtls_gen_client_certificate (session, &data); |
| 515 | 525 | ||
| 516 | if (data_size < 0) | 526 | if (data_size < 0) |
| 517 | { | 527 | { |
| @@ -525,12 +535,12 @@ MHD_gtls_send_client_certificate (MHD_gtls_session_t session, int again) | |||
| 525 | * no certificate alert instead of an | 535 | * no certificate alert instead of an |
| 526 | * empty certificate. | 536 | * empty certificate. |
| 527 | */ | 537 | */ |
| 528 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 && | 538 | if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 |
| 529 | session->internals.selected_cert_list_length == 0) | 539 | && session->internals.selected_cert_list_length == 0) |
| 530 | { | 540 | { |
| 531 | ret = | 541 | ret = |
| 532 | MHD__gnutls_alert_send (session, GNUTLS_AL_WARNING, | 542 | MHD__gnutls_alert_send (session, GNUTLS_AL_WARNING, |
| 533 | GNUTLS_A_SSL3_NO_CERTIFICATE); | 543 | GNUTLS_A_SSL3_NO_CERTIFICATE); |
| 534 | 544 | ||
| 535 | } | 545 | } |
| 536 | else | 546 | else |
| @@ -571,8 +581,8 @@ MHD_gtls_send_server_certificate (MHD_gtls_session_t session, int again) | |||
| 571 | if (again == 0) | 581 | if (again == 0) |
| 572 | { | 582 | { |
| 573 | data_size = | 583 | data_size = |
| 574 | session->internals.auth_struct-> | 584 | session->internals. |
| 575 | MHD_gtls_gen_server_certificate (session, &data); | 585 | auth_struct->MHD_gtls_gen_server_certificate (session, &data); |
| 576 | 586 | ||
| 577 | if (data_size < 0) | 587 | if (data_size < 0) |
| 578 | { | 588 | { |
| @@ -632,8 +642,10 @@ MHD_gtls_recv_client_certificate (MHD_gtls_session_t session) | |||
| 632 | */ | 642 | */ |
| 633 | if (optional == OPTIONAL_PACKET && | 643 | if (optional == OPTIONAL_PACKET && |
| 634 | ret == GNUTLS_E_WARNING_ALERT_RECEIVED && | 644 | ret == GNUTLS_E_WARNING_ALERT_RECEIVED && |
| 635 | MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 && | 645 | MHD__gnutls_protocol_get_version (session) == |
| 636 | MHD_gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE) | 646 | MHD_GNUTLS_PROTOCOL_SSL3 |
| 647 | && MHD_gnutls_alert_get (session) == | ||
| 648 | GNUTLS_A_SSL3_NO_CERTIFICATE) | ||
| 637 | { | 649 | { |
| 638 | 650 | ||
| 639 | /* SSL3 does not send an empty certificate, | 651 | /* SSL3 does not send an empty certificate, |
| @@ -666,8 +678,9 @@ MHD_gtls_recv_client_certificate (MHD_gtls_session_t session) | |||
| 666 | return 0; | 678 | return 0; |
| 667 | } | 679 | } |
| 668 | ret = | 680 | ret = |
| 669 | session->internals.auth_struct-> | 681 | session->internals. |
| 670 | MHD_gtls_process_client_certificate (session, data, datasize); | 682 | auth_struct->MHD_gtls_process_client_certificate (session, data, |
| 683 | datasize); | ||
| 671 | 684 | ||
| 672 | MHD_gnutls_free (data); | 685 | MHD_gnutls_free (data); |
| 673 | if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) | 686 | if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) |
| @@ -711,8 +724,9 @@ MHD_gtls_recv_server_certificate (MHD_gtls_session_t session) | |||
| 711 | } | 724 | } |
| 712 | 725 | ||
| 713 | ret = | 726 | ret = |
| 714 | session->internals.auth_struct-> | 727 | session->internals. |
| 715 | MHD_gtls_process_server_certificate (session, data, datasize); | 728 | auth_struct->MHD_gtls_process_server_certificate (session, data, |
| 729 | datasize); | ||
| 716 | MHD_gnutls_free (data); | 730 | MHD_gnutls_free (data); |
| 717 | if (ret < 0) | 731 | if (ret < 0) |
| 718 | { | 732 | { |
| @@ -763,8 +777,9 @@ MHD_gtls_recv_client_certificate_verify_message (MHD_gtls_session_t session) | |||
| 763 | } | 777 | } |
| 764 | 778 | ||
| 765 | ret = | 779 | ret = |
| 766 | session->internals.auth_struct-> | 780 | session->internals. |
| 767 | MHD_gtls_process_client_cert_vrfy (session, data, datasize); | 781 | auth_struct->MHD_gtls_process_client_cert_vrfy (session, data, |
| 782 | datasize); | ||
| 768 | MHD_gnutls_free (data); | 783 | MHD_gnutls_free (data); |
| 769 | if (ret < 0) | 784 | if (ret < 0) |
| 770 | return ret; | 785 | return ret; |