diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_x509.c')
-rw-r--r-- | src/daemon/https/tls/gnutls_x509.c | 247 |
1 files changed, 0 insertions, 247 deletions
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 1e479fe5..0f8adfaa 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
@@ -546,69 +546,6 @@ MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t | |||
546 | return 0; | 546 | return 0; |
547 | } | 547 | } |
548 | 548 | ||
549 | static int | ||
550 | generate_rdn_seq (MHD_gtls_cert_credentials_t res) | ||
551 | { | ||
552 | MHD_gnutls_datum_t tmp; | ||
553 | int ret; | ||
554 | unsigned size, i; | ||
555 | opaque *pdata; | ||
556 | |||
557 | /* Generate the RDN sequence | ||
558 | * This will be sent to clients when a certificate | ||
559 | * request message is sent. | ||
560 | */ | ||
561 | |||
562 | /* FIXME: in case of a client it is not needed | ||
563 | * to do that. This would save time and memory. | ||
564 | * However we don't have that information available | ||
565 | * here. | ||
566 | */ | ||
567 | |||
568 | size = 0; | ||
569 | for (i = 0; i < res->x509_ncas; i++) | ||
570 | { | ||
571 | if ((ret = | ||
572 | MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) | ||
573 | { | ||
574 | MHD_gnutls_assert (); | ||
575 | return ret; | ||
576 | } | ||
577 | size += (2 + tmp.size); | ||
578 | MHD__gnutls_free_datum (&tmp); | ||
579 | } | ||
580 | |||
581 | if (res->x509_rdn_sequence.data != NULL) | ||
582 | MHD_gnutls_free (res->x509_rdn_sequence.data); | ||
583 | |||
584 | res->x509_rdn_sequence.data = MHD_gnutls_malloc (size); | ||
585 | if (res->x509_rdn_sequence.data == NULL) | ||
586 | { | ||
587 | MHD_gnutls_assert (); | ||
588 | return GNUTLS_E_MEMORY_ERROR; | ||
589 | } | ||
590 | res->x509_rdn_sequence.size = size; | ||
591 | |||
592 | pdata = res->x509_rdn_sequence.data; | ||
593 | |||
594 | for (i = 0; i < res->x509_ncas; i++) | ||
595 | { | ||
596 | if ((ret = | ||
597 | MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) | ||
598 | { | ||
599 | MHD__gnutls_free_datum (&res->x509_rdn_sequence); | ||
600 | MHD_gnutls_assert (); | ||
601 | return ret; | ||
602 | } | ||
603 | |||
604 | MHD_gtls_write_datum16 (pdata, tmp); | ||
605 | pdata += (2 + tmp.size); | ||
606 | MHD__gnutls_free_datum (&tmp); | ||
607 | } | ||
608 | |||
609 | return 0; | ||
610 | } | ||
611 | |||
612 | /* Returns 0 if it's ok to use the enum MHD_GNUTLS_KeyExchangeAlgorithm with this | 549 | /* Returns 0 if it's ok to use the enum MHD_GNUTLS_KeyExchangeAlgorithm with this |
613 | * certificate (uses the KeyUsage field). | 550 | * certificate (uses the KeyUsage field). |
614 | */ | 551 | */ |
@@ -668,187 +605,3 @@ MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert, | |||
668 | 605 | ||
669 | 606 | ||
670 | 607 | ||
671 | static int | ||
672 | parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | ||
673 | const opaque * input_cert, int input_cert_size) | ||
674 | { | ||
675 | int i, size; | ||
676 | const opaque *ptr; | ||
677 | MHD_gnutls_datum_t tmp; | ||
678 | int ret, count; | ||
679 | |||
680 | /* move to the certificate | ||
681 | */ | ||
682 | ptr = memmem (input_cert, input_cert_size, | ||
683 | PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); | ||
684 | if (ptr == NULL) | ||
685 | ptr = memmem (input_cert, input_cert_size, | ||
686 | PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); | ||
687 | |||
688 | if (ptr == NULL) | ||
689 | { | ||
690 | MHD_gnutls_assert (); | ||
691 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
692 | } | ||
693 | size = input_cert_size - (ptr - input_cert); | ||
694 | |||
695 | i = *ncerts + 1; | ||
696 | count = 0; | ||
697 | |||
698 | do | ||
699 | { | ||
700 | |||
701 | *cert_list = | ||
702 | (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list, | ||
703 | i * | ||
704 | sizeof | ||
705 | (MHD_gnutls_x509_crt_t)); | ||
706 | |||
707 | if (*cert_list == NULL) | ||
708 | { | ||
709 | MHD_gnutls_assert (); | ||
710 | return GNUTLS_E_MEMORY_ERROR; | ||
711 | } | ||
712 | |||
713 | ret = MHD_gnutls_x509_crt_init (&cert_list[0][i - 1]); | ||
714 | if (ret < 0) | ||
715 | { | ||
716 | MHD_gnutls_assert (); | ||
717 | return ret; | ||
718 | } | ||
719 | |||
720 | tmp.data = (opaque *) ptr; | ||
721 | tmp.size = size; | ||
722 | |||
723 | ret = | ||
724 | MHD_gnutls_x509_crt_import (cert_list[0][i - 1], | ||
725 | &tmp, GNUTLS_X509_FMT_PEM); | ||
726 | if (ret < 0) | ||
727 | { | ||
728 | MHD_gnutls_assert (); | ||
729 | return ret; | ||
730 | } | ||
731 | |||
732 | /* now we move ptr after the pem header | ||
733 | */ | ||
734 | ptr++; | ||
735 | size--; | ||
736 | /* find the next certificate (if any) | ||
737 | */ | ||
738 | |||
739 | if (size > 0) | ||
740 | { | ||
741 | char *ptr3; | ||
742 | |||
743 | ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); | ||
744 | if (ptr3 == NULL) | ||
745 | ptr3 = memmem (ptr, size, | ||
746 | PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); | ||
747 | |||
748 | ptr = (const opaque *) ptr3; | ||
749 | size = input_cert_size - (ptr - input_cert); | ||
750 | } | ||
751 | else | ||
752 | ptr = NULL; | ||
753 | |||
754 | i++; | ||
755 | count++; | ||
756 | |||
757 | } | ||
758 | while (ptr != NULL); | ||
759 | |||
760 | *ncerts = i - 1; | ||
761 | |||
762 | return count; | ||
763 | } | ||
764 | |||
765 | /* Reads a DER encoded certificate list from memory and stores it to | ||
766 | * a MHD_gnutls_cert structure. | ||
767 | * returns the number of certificates parsed. | ||
768 | */ | ||
769 | static int | ||
770 | parse_der_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | ||
771 | const void *input_cert, int input_cert_size) | ||
772 | { | ||
773 | int i; | ||
774 | MHD_gnutls_datum_t tmp; | ||
775 | int ret; | ||
776 | |||
777 | i = *ncerts + 1; | ||
778 | |||
779 | *cert_list = | ||
780 | (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list, | ||
781 | i * | ||
782 | sizeof | ||
783 | (MHD_gnutls_x509_crt_t)); | ||
784 | |||
785 | if (*cert_list == NULL) | ||
786 | { | ||
787 | MHD_gnutls_assert (); | ||
788 | return GNUTLS_E_MEMORY_ERROR; | ||
789 | } | ||
790 | |||
791 | tmp.data = (opaque *) input_cert; | ||
792 | tmp.size = input_cert_size; | ||
793 | |||
794 | ret = MHD_gnutls_x509_crt_init (&cert_list[0][i - 1]); | ||
795 | if (ret < 0) | ||
796 | { | ||
797 | MHD_gnutls_assert (); | ||
798 | return ret; | ||
799 | } | ||
800 | |||
801 | ret = | ||
802 | MHD_gnutls_x509_crt_import (cert_list[0][i - 1], &tmp, | ||
803 | GNUTLS_X509_FMT_DER); | ||
804 | if (ret < 0) | ||
805 | { | ||
806 | MHD_gnutls_assert (); | ||
807 | return ret; | ||
808 | } | ||
809 | |||
810 | *ncerts = i; | ||
811 | |||
812 | return 1; /* one certificate parsed */ | ||
813 | } | ||
814 | |||
815 | /** | ||
816 | * MHD__gnutls_certificate_set_x509_trust_mem - Used to add trusted CAs in a MHD_gtls_cert_credentials_t structure | ||
817 | * @res: is an #MHD_gtls_cert_credentials_t structure. | ||
818 | * @ca: is a list of trusted CAs or a DER certificate | ||
819 | * @type: is DER or PEM | ||
820 | * | ||
821 | * This function adds the trusted CAs in order to verify client or | ||
822 | * server certificates. In case of a client this is not required to | ||
823 | * be called if the certificates are not verified using | ||
824 | * MHD_gtls_certificate_verify_peers2(). This function may be called | ||
825 | * multiple times. | ||
826 | * | ||
827 | * In case of a server the CAs set here will be sent to the client if | ||
828 | * a certificate request is sent. This can be disabled using | ||
829 | * MHD__gnutls_certificate_send_x509_rdn_sequence(). | ||
830 | * | ||
831 | * Returns: the number of certificates processed or a negative value | ||
832 | * on error. | ||
833 | **/ | ||
834 | int | ||
835 | MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t | ||
836 | res, | ||
837 | const MHD_gnutls_datum_t * ca, | ||
838 | MHD_gnutls_x509_crt_fmt_t type) | ||
839 | { | ||
840 | int ret, ret2; | ||
841 | |||
842 | if (type == GNUTLS_X509_FMT_DER) | ||
843 | ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, | ||
844 | ca->data, ca->size); | ||
845 | else | ||
846 | ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, | ||
847 | ca->data, ca->size); | ||
848 | |||
849 | if ((ret2 = generate_rdn_seq (res)) < 0) | ||
850 | return ret2; | ||
851 | |||
852 | return ret; | ||
853 | } | ||
854 | |||