aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/tls/gnutls_x509.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/tls/gnutls_x509.c')
-rw-r--r--src/daemon/https/tls/gnutls_x509.c247
1 files changed, 0 insertions, 247 deletions
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c
index 1e479fe5..0f8adfaa 100644
--- a/src/daemon/https/tls/gnutls_x509.c
+++ b/src/daemon/https/tls/gnutls_x509.c
@@ -546,69 +546,6 @@ MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t
546 return 0; 546 return 0;
547} 547}
548 548
549static int
550generate_rdn_seq (MHD_gtls_cert_credentials_t res)
551{
552 MHD_gnutls_datum_t tmp;
553 int ret;
554 unsigned size, i;
555 opaque *pdata;
556
557 /* Generate the RDN sequence
558 * This will be sent to clients when a certificate
559 * request message is sent.
560 */
561
562 /* FIXME: in case of a client it is not needed
563 * to do that. This would save time and memory.
564 * However we don't have that information available
565 * here.
566 */
567
568 size = 0;
569 for (i = 0; i < res->x509_ncas; i++)
570 {
571 if ((ret =
572 MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0)
573 {
574 MHD_gnutls_assert ();
575 return ret;
576 }
577 size += (2 + tmp.size);
578 MHD__gnutls_free_datum (&tmp);
579 }
580
581 if (res->x509_rdn_sequence.data != NULL)
582 MHD_gnutls_free (res->x509_rdn_sequence.data);
583
584 res->x509_rdn_sequence.data = MHD_gnutls_malloc (size);
585 if (res->x509_rdn_sequence.data == NULL)
586 {
587 MHD_gnutls_assert ();
588 return GNUTLS_E_MEMORY_ERROR;
589 }
590 res->x509_rdn_sequence.size = size;
591
592 pdata = res->x509_rdn_sequence.data;
593
594 for (i = 0; i < res->x509_ncas; i++)
595 {
596 if ((ret =
597 MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0)
598 {
599 MHD__gnutls_free_datum (&res->x509_rdn_sequence);
600 MHD_gnutls_assert ();
601 return ret;
602 }
603
604 MHD_gtls_write_datum16 (pdata, tmp);
605 pdata += (2 + tmp.size);
606 MHD__gnutls_free_datum (&tmp);
607 }
608
609 return 0;
610}
611
612/* Returns 0 if it's ok to use the enum MHD_GNUTLS_KeyExchangeAlgorithm with this 549/* Returns 0 if it's ok to use the enum MHD_GNUTLS_KeyExchangeAlgorithm with this
613 * certificate (uses the KeyUsage field). 550 * certificate (uses the KeyUsage field).
614 */ 551 */
@@ -668,187 +605,3 @@ MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert,
668 605
669 606
670 607
671static int
672parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
673 const opaque * input_cert, int input_cert_size)
674{
675 int i, size;
676 const opaque *ptr;
677 MHD_gnutls_datum_t tmp;
678 int ret, count;
679
680 /* move to the certificate
681 */
682 ptr = memmem (input_cert, input_cert_size,
683 PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
684 if (ptr == NULL)
685 ptr = memmem (input_cert, input_cert_size,
686 PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
687
688 if (ptr == NULL)
689 {
690 MHD_gnutls_assert ();
691 return GNUTLS_E_BASE64_DECODING_ERROR;
692 }
693 size = input_cert_size - (ptr - input_cert);
694
695 i = *ncerts + 1;
696 count = 0;
697
698 do
699 {
700
701 *cert_list =
702 (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list,
703 i *
704 sizeof
705 (MHD_gnutls_x509_crt_t));
706
707 if (*cert_list == NULL)
708 {
709 MHD_gnutls_assert ();
710 return GNUTLS_E_MEMORY_ERROR;
711 }
712
713 ret = MHD_gnutls_x509_crt_init (&cert_list[0][i - 1]);
714 if (ret < 0)
715 {
716 MHD_gnutls_assert ();
717 return ret;
718 }
719
720 tmp.data = (opaque *) ptr;
721 tmp.size = size;
722
723 ret =
724 MHD_gnutls_x509_crt_import (cert_list[0][i - 1],
725 &tmp, GNUTLS_X509_FMT_PEM);
726 if (ret < 0)
727 {
728 MHD_gnutls_assert ();
729 return ret;
730 }
731
732 /* now we move ptr after the pem header
733 */
734 ptr++;
735 size--;
736 /* find the next certificate (if any)
737 */
738
739 if (size > 0)
740 {
741 char *ptr3;
742
743 ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
744 if (ptr3 == NULL)
745 ptr3 = memmem (ptr, size,
746 PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
747
748 ptr = (const opaque *) ptr3;
749 size = input_cert_size - (ptr - input_cert);
750 }
751 else
752 ptr = NULL;
753
754 i++;
755 count++;
756
757 }
758 while (ptr != NULL);
759
760 *ncerts = i - 1;
761
762 return count;
763}
764
765/* Reads a DER encoded certificate list from memory and stores it to
766 * a MHD_gnutls_cert structure.
767 * returns the number of certificates parsed.
768 */
769static int
770parse_der_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
771 const void *input_cert, int input_cert_size)
772{
773 int i;
774 MHD_gnutls_datum_t tmp;
775 int ret;
776
777 i = *ncerts + 1;
778
779 *cert_list =
780 (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list,
781 i *
782 sizeof
783 (MHD_gnutls_x509_crt_t));
784
785 if (*cert_list == NULL)
786 {
787 MHD_gnutls_assert ();
788 return GNUTLS_E_MEMORY_ERROR;
789 }
790
791 tmp.data = (opaque *) input_cert;
792 tmp.size = input_cert_size;
793
794 ret = MHD_gnutls_x509_crt_init (&cert_list[0][i - 1]);
795 if (ret < 0)
796 {
797 MHD_gnutls_assert ();
798 return ret;
799 }
800
801 ret =
802 MHD_gnutls_x509_crt_import (cert_list[0][i - 1], &tmp,
803 GNUTLS_X509_FMT_DER);
804 if (ret < 0)
805 {
806 MHD_gnutls_assert ();
807 return ret;
808 }
809
810 *ncerts = i;
811
812 return 1; /* one certificate parsed */
813}
814
815/**
816 * MHD__gnutls_certificate_set_x509_trust_mem - Used to add trusted CAs in a MHD_gtls_cert_credentials_t structure
817 * @res: is an #MHD_gtls_cert_credentials_t structure.
818 * @ca: is a list of trusted CAs or a DER certificate
819 * @type: is DER or PEM
820 *
821 * This function adds the trusted CAs in order to verify client or
822 * server certificates. In case of a client this is not required to
823 * be called if the certificates are not verified using
824 * MHD_gtls_certificate_verify_peers2(). This function may be called
825 * multiple times.
826 *
827 * In case of a server the CAs set here will be sent to the client if
828 * a certificate request is sent. This can be disabled using
829 * MHD__gnutls_certificate_send_x509_rdn_sequence().
830 *
831 * Returns: the number of certificates processed or a negative value
832 * on error.
833 **/
834int
835MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t
836 res,
837 const MHD_gnutls_datum_t * ca,
838 MHD_gnutls_x509_crt_fmt_t type)
839{
840 int ret, ret2;
841
842 if (type == GNUTLS_X509_FMT_DER)
843 ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas,
844 ca->data, ca->size);
845 else
846 ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas,
847 ca->data, ca->size);
848
849 if ((ret2 = generate_rdn_seq (res)) < 0)
850 return ret2;
851
852 return ret;
853}
854