diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_x509.c')
-rw-r--r-- | src/daemon/https/tls/gnutls_x509.c | 110 |
1 files changed, 0 insertions, 110 deletions
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 3ec47e94..1e479fe5 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
@@ -48,7 +48,6 @@ | |||
48 | /* x509 */ | 48 | /* x509 */ |
49 | #include "common.h" | 49 | #include "common.h" |
50 | #include "x509.h" | 50 | #include "x509.h" |
51 | #include "verify.h" | ||
52 | #include "mpi.h" | 51 | #include "mpi.h" |
53 | #include "privkey.h" | 52 | #include "privkey.h" |
54 | 53 | ||
@@ -89,115 +88,6 @@ check_bits (MHD_gnutls_x509_crt_t crt, unsigned int max_bits) | |||
89 | } \ | 88 | } \ |
90 | MHD_gnutls_free( peer_certificate_list) | 89 | MHD_gnutls_free( peer_certificate_list) |
91 | 90 | ||
92 | /*- | ||
93 | * MHD__gnutls_x509_cert_verify_peers - This function returns the peer's certificate status | ||
94 | * @session: is a gnutls session | ||
95 | * | ||
96 | * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). | ||
97 | * The return value (status) should be one of the MHD_gnutls_certificate_status_t enumerated elements. | ||
98 | * However you must also check the peer's name in order to check if the verified certificate belongs to the | ||
99 | * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. | ||
100 | * | ||
101 | -*/ | ||
102 | int | ||
103 | MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, | ||
104 | unsigned int *status) | ||
105 | { | ||
106 | cert_auth_info_t info; | ||
107 | MHD_gtls_cert_credentials_t cred; | ||
108 | MHD_gnutls_x509_crt_t *peer_certificate_list; | ||
109 | int peer_certificate_list_size, i, x, ret; | ||
110 | |||
111 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); | ||
112 | |||
113 | info = MHD_gtls_get_auth_info (session); | ||
114 | if (info == NULL) | ||
115 | { | ||
116 | MHD_gnutls_assert (); | ||
117 | return GNUTLS_E_INVALID_REQUEST; | ||
118 | } | ||
119 | |||
120 | cred = (MHD_gtls_cert_credentials_t) | ||
121 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
122 | if (cred == NULL) | ||
123 | { | ||
124 | MHD_gnutls_assert (); | ||
125 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
126 | } | ||
127 | |||
128 | if (info->raw_certificate_list == NULL || info->ncerts == 0) | ||
129 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | ||
130 | |||
131 | if (info->ncerts > cred->verify_depth && cred->verify_depth > 0) | ||
132 | { | ||
133 | MHD_gnutls_assert (); | ||
134 | return GNUTLS_E_CONSTRAINT_ERROR; | ||
135 | } | ||
136 | |||
137 | /* generate a list of MHD_gnutls_certs based on the auth info | ||
138 | * raw certs. | ||
139 | */ | ||
140 | peer_certificate_list_size = info->ncerts; | ||
141 | peer_certificate_list = | ||
142 | MHD_gnutls_calloc (peer_certificate_list_size, | ||
143 | sizeof (MHD_gnutls_x509_crt_t)); | ||
144 | if (peer_certificate_list == NULL) | ||
145 | { | ||
146 | MHD_gnutls_assert (); | ||
147 | return GNUTLS_E_MEMORY_ERROR; | ||
148 | } | ||
149 | |||
150 | for (i = 0; i < peer_certificate_list_size; i++) | ||
151 | { | ||
152 | ret = MHD_gnutls_x509_crt_init (&peer_certificate_list[i]); | ||
153 | if (ret < 0) | ||
154 | { | ||
155 | MHD_gnutls_assert (); | ||
156 | CLEAR_CERTS; | ||
157 | return ret; | ||
158 | } | ||
159 | |||
160 | ret = | ||
161 | MHD_gnutls_x509_crt_import (peer_certificate_list[i], | ||
162 | &info->raw_certificate_list[i], | ||
163 | GNUTLS_X509_FMT_DER); | ||
164 | if (ret < 0) | ||
165 | { | ||
166 | MHD_gnutls_assert (); | ||
167 | CLEAR_CERTS; | ||
168 | return ret; | ||
169 | } | ||
170 | |||
171 | ret = check_bits (peer_certificate_list[i], cred->verify_bits); | ||
172 | if (ret < 0) | ||
173 | { | ||
174 | MHD_gnutls_assert (); | ||
175 | CLEAR_CERTS; | ||
176 | return ret; | ||
177 | } | ||
178 | |||
179 | } | ||
180 | |||
181 | /* Verify certificate | ||
182 | */ | ||
183 | ret = | ||
184 | MHD_gnutls_x509_crt_list_verify (peer_certificate_list, | ||
185 | peer_certificate_list_size, | ||
186 | cred->x509_ca_list, cred->x509_ncas, | ||
187 | cred->x509_crl_list, cred->x509_ncrls, | ||
188 | cred->verify_flags, status); | ||
189 | |||
190 | CLEAR_CERTS; | ||
191 | |||
192 | if (ret < 0) | ||
193 | { | ||
194 | MHD_gnutls_assert (); | ||
195 | return ret; | ||
196 | } | ||
197 | |||
198 | return 0; | ||
199 | } | ||
200 | |||
201 | /* | 91 | /* |
202 | * Read certificates and private keys, from memory etc. | 92 | * Read certificates and private keys, from memory etc. |
203 | */ | 93 | */ |