1 files changed, 0 insertions, 110 deletions
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c
index 3ec47e94..1e479fe5 100644
--- a/src/daemon/https/tls/gnutls_x509.c
+++ b/src/daemon/https/tls/gnutls_x509.c
@@ -48,7 +48,6 @@
 /* x509 */
 #include "common.h"
 #include "x509.h"
-#include "verify.h"
 #include "mpi.h"
 #include "privkey.h"
@@ -89,115 +88,6 @@ check_bits (MHD_gnutls_x509_crt_t crt, unsigned int max_bits)
        } \
        MHD_gnutls_free( peer_certificate_list)
-/*-
-  * MHD__gnutls_x509_cert_verify_peers - This function returns the peer's certificate status
-  * @session: is a gnutls session
-  *
-  * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.).
-  * The return value (status) should be one of the MHD_gnutls_certificate_status_t enumerated elements.
-  * However you must also check the peer's name in order to check if the verified certificate belongs to the
-  * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
-  *
-  -*/
-int
-MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session,
-                                    unsigned int *status)
-{
-  cert_auth_info_t info;
-  MHD_gtls_cert_credentials_t cred;
-  MHD_gnutls_x509_crt_t *peer_certificate_list;
-  int peer_certificate_list_size, i, x, ret;
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-  if (info->raw_certificate_list == NULL || info->ncerts == 0)
-    return GNUTLS_E_NO_CERTIFICATE_FOUND;
-  if (info->ncerts > cred->verify_depth && cred->verify_depth > 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_CONSTRAINT_ERROR;
-    }
-  /* generate a list of MHD_gnutls_certs based on the auth info
-   * raw certs.
-   */
-  peer_certificate_list_size = info->ncerts;
-  peer_certificate_list =
-    MHD_gnutls_calloc (peer_certificate_list_size,
-                       sizeof (MHD_gnutls_x509_crt_t));
-  if (peer_certificate_list == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  for (i = 0; i < peer_certificate_list_size; i++)
-    {
-      ret = MHD_gnutls_x509_crt_init (&peer_certificate_list[i]);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          CLEAR_CERTS;
-          return ret;
-        }
-      ret =
-        MHD_gnutls_x509_crt_import (peer_certificate_list[i],
-                                    &info->raw_certificate_list[i],
-                                    GNUTLS_X509_FMT_DER);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          CLEAR_CERTS;
-          return ret;
-        }
-      ret = check_bits (peer_certificate_list[i], cred->verify_bits);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          CLEAR_CERTS;
-          return ret;
-        }
-    }
-  /* Verify certificate
-   */
-  ret =
-    MHD_gnutls_x509_crt_list_verify (peer_certificate_list,
-                                     peer_certificate_list_size,
-                                     cred->x509_ca_list, cred->x509_ncas,
-                                     cred->x509_crl_list, cred->x509_ncrls,
-                                     cred->verify_flags, status);
-  CLEAR_CERTS;
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  return 0;
-}
 /*
 * Read certificates and private keys, from memory etc.
 */

diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 3ec47e94..1e479fe5 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c
@@ -48,7 +48,6 @@
48	/* x509 */	48	/* x509 */
49	#include "common.h"	49	#include "common.h"
50	#include "x509.h"	50	#include "x509.h"
51	#include "verify.h"
52	#include "mpi.h"	51	#include "mpi.h"
53	#include "privkey.h"	52	#include "privkey.h"
54		53
@@ -89,115 +88,6 @@ check_bits (MHD_gnutls_x509_crt_t crt, unsigned int max_bits)
89	} \	88	} \
90	MHD_gnutls_free( peer_certificate_list)	89	MHD_gnutls_free( peer_certificate_list)
91		90
92	/*-
93	* MHD__gnutls_x509_cert_verify_peers - This function returns the peer's certificate status
94	* @session: is a gnutls session
95	*
96	* This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.).
97	* The return value (status) should be one of the MHD_gnutls_certificate_status_t enumerated elements.
98	* However you must also check the peer's name in order to check if the verified certificate belongs to the
99	* actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
100	*
101	-*/
102	int
103	MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session,
104	unsigned int *status)
105	{
106	cert_auth_info_t info;
107	MHD_gtls_cert_credentials_t cred;
108	MHD_gnutls_x509_crt_t *peer_certificate_list;
109	int peer_certificate_list_size, i, x, ret;
110
111	CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
112
113	info = MHD_gtls_get_auth_info (session);
114	if (info == NULL)
115	{
116	MHD_gnutls_assert ();
117	return GNUTLS_E_INVALID_REQUEST;
118	}
119
120	cred = (MHD_gtls_cert_credentials_t)
121	MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
122	if (cred == NULL)
123	{
124	MHD_gnutls_assert ();
125	return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
126	}
127
128	if (info->raw_certificate_list == NULL \|\| info->ncerts == 0)
129	return GNUTLS_E_NO_CERTIFICATE_FOUND;
130
131	if (info->ncerts > cred->verify_depth && cred->verify_depth > 0)
132	{
133	MHD_gnutls_assert ();
134	return GNUTLS_E_CONSTRAINT_ERROR;
135	}
136
137	/* generate a list of MHD_gnutls_certs based on the auth info
138	* raw certs.
139	*/
140	peer_certificate_list_size = info->ncerts;
141	peer_certificate_list =
142	MHD_gnutls_calloc (peer_certificate_list_size,
143	sizeof (MHD_gnutls_x509_crt_t));
144	if (peer_certificate_list == NULL)
145	{
146	MHD_gnutls_assert ();
147	return GNUTLS_E_MEMORY_ERROR;
148	}
149
150	for (i = 0; i < peer_certificate_list_size; i++)
151	{
152	ret = MHD_gnutls_x509_crt_init (&peer_certificate_list[i]);
153	if (ret < 0)
154	{
155	MHD_gnutls_assert ();
156	CLEAR_CERTS;
157	return ret;
158	}
159
160	ret =
161	MHD_gnutls_x509_crt_import (peer_certificate_list[i],
162	&info->raw_certificate_list[i],
163	GNUTLS_X509_FMT_DER);
164	if (ret < 0)
165	{
166	MHD_gnutls_assert ();
167	CLEAR_CERTS;
168	return ret;
169	}
170
171	ret = check_bits (peer_certificate_list[i], cred->verify_bits);
172	if (ret < 0)
173	{
174	MHD_gnutls_assert ();
175	CLEAR_CERTS;
176	return ret;
177	}
178
179	}
180
181	/* Verify certificate
182	*/
183	ret =
184	MHD_gnutls_x509_crt_list_verify (peer_certificate_list,
185	peer_certificate_list_size,
186	cred->x509_ca_list, cred->x509_ncas,
187	cred->x509_crl_list, cred->x509_ncrls,
188	cred->verify_flags, status);
189
190	CLEAR_CERTS;
191
192	if (ret < 0)
193	{
194	MHD_gnutls_assert ();
195	return ret;
196	}
197
198	return 0;
199	}
200
201	/*	91	/*
202	* Read certificates and private keys, from memory etc.	92	* Read certificates and private keys, from memory etc.
203	*/	93	*/