1 files changed, 1 insertions, 222 deletions
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c
index 49e093cc..f854b710 100644
--- a/src/daemon/https/tls/gnutls_x509.c
+++ b/src/daemon/https/tls/gnutls_x509.c
@@ -202,7 +202,7 @@ _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session,
 }
 /*
- * Read certificates and private keys, from files, memory etc.
+ * Read certificates and private keys, from memory etc.
 */
 /* returns error if the certificate has different algorithm than
@@ -605,82 +605,6 @@ read_key_mem (mhd_gtls_cert_credentials_t res,
  return 0;
 }
-static char *
-read_file (const char *filename, size_t * length)
-{
-  struct stat st;
-  char *out;
-  int fd;
-  fd = open (filename, O_RDONLY);
-  if (-1 == fd)
-    return NULL;
-  if (0 != fstat(fd, &st))
-    goto ERR;
-  out = malloc(st.st_size);
-  if (out == NULL)
-    goto ERR;
-  if (st.st_size != read(fd, out, st.st_size))
-    {
-      free(out);
-      goto ERR;
-    }
-  *length = st.st_size;
-  close(fd);
-  return out;
- ERR:
-  close(fd);
-  return NULL;
-}
-/* Reads a certificate file
- */
-static int
-read_cert_file (mhd_gtls_cert_credentials_t res,
-                const char *certfile, gnutls_x509_crt_fmt_t type)
-{
-  int ret;
-  size_t size;
-  char *data = read_file (certfile, &size);
-  if (data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_FILE_ERROR;
-    }
-  ret = read_cert_mem (res, data, size, type);
-  free (data);
-  return ret;
-}
-/* Reads PKCS-1 RSA private key file or a DSA file (in the format openssl
- * stores it).
- */
-static int
-read_key_file (mhd_gtls_cert_credentials_t res,
-               const char *keyfile, gnutls_x509_crt_fmt_t type)
-{
-  int ret;
-  size_t size;
-  char *data = read_file (keyfile, &size);
-  if (data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_FILE_ERROR;
-    }
-  ret = read_key_mem (res, data, size, type);
-  free (data);
-  return ret;
-}
 /**
  * MHD_gnutls_certificate_set_x509_key_mem - Used to set keys in a mhd_gtls_cert_credentials_t structure
  * @res: is an #mhd_gtls_cert_credentials_t structure.
@@ -739,51 +663,6 @@ MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t
  return 0;
 }
-/**
-  * MHD_gnutls_certificate_set_x509_key_file - Used to set keys in a mhd_gtls_cert_credentials_t structure
-  * @res: is an #mhd_gtls_cert_credentials_t structure.
-  * @CERTFILE: is a file that containing the certificate list (path) for
-  * the specified private key, in PKCS7 format, or a list of certificates
-  * @KEYFILE: is a file that contains the private key
-  * @type: is PEM or DER
-  *
-  * This function sets a certificate/private key pair in the
-  * mhd_gtls_cert_credentials_t structure.  This function may be
-  * called more than once (in case multiple keys/certificates exist
-  * for the server).
-  *
-  * Currently only PKCS-1 encoded RSA and DSA private keys are accepted by
-  * this function.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
-int
-MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t
-                                          res, const char *CERTFILE,
-                                          const char *KEYFILE,
-                                          gnutls_x509_crt_fmt_t type)
-{
-  int ret;
-  /* this should be first
-   */
-  if ((ret = read_key_file (res, KEYFILE, type)) < 0)
-    return ret;
-  if ((ret = read_cert_file (res, CERTFILE, type)) < 0)
-    return ret;
-  res->ncerts++;
-  if ((ret = _gnutls_check_key_cert_match (res)) < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-  return 0;
-}
 static int
 generate_rdn_seq (mhd_gtls_cert_credentials_t res)
 {
@@ -1085,59 +964,6 @@ MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t
  return ret;
 }
-/**
-  * MHD_gnutls_certificate_set_x509_trust_file - Used to add trusted CAs in a mhd_gtls_cert_credentials_t structure
-  * @res: is an #mhd_gtls_cert_credentials_t structure.
-  * @cafile: is a file containing the list of trusted CAs (DER or PEM list)
-  * @type: is PEM or DER
-  *
-  * This function adds the trusted CAs in order to verify client or
-  * server certificates. In case of a client this is not required to
-  * be called if the certificates are not verified using
-  * MHD_gtls_certificate_verify_peers2().  This function may be called
-  * multiple times.
-  *
-  * In case of a server the names of the CAs set here will be sent to
-  * the client if a certificate request is sent. This can be disabled
-  * using MHD_gnutls_certificate_send_x509_rdn_sequence().
-  *
-  * Returns: number of certificates processed, or a negative value on
-  * error.
-  **/
-int
-MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t
-                                            res, const char *cafile,
-                                            gnutls_x509_crt_fmt_t type)
-{
-  int ret, ret2;
-  size_t size;
-  unsigned char *data = (unsigned char*) read_file (cafile, &size);
-  if (data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_FILE_ERROR;
-    }
-  if (type == GNUTLS_X509_FMT_DER)
-    ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size);
-  else
-    ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size);
-  free (data);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-  if ((ret2 = generate_rdn_seq (res)) < 0)
-    return ret2;
-  return ret;
-}
 #ifdef ENABLE_PKI
 static int
@@ -1333,53 +1159,6 @@ MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t
  return ret;
 }
-/**
-  * MHD_gnutls_certificate_set_x509_crl_file - Used to add CRLs in a mhd_gtls_cert_credentials_t structure
-  * @res: is an #mhd_gtls_cert_credentials_t structure.
-  * @crlfile: is a file containing the list of verified CRLs (DER or PEM list)
-  * @type: is PEM or DER
-  *
-  * This function adds the trusted CRLs in order to verify client or server
-  * certificates.  In case of a client this is not required
-  * to be called if the certificates are not verified using
-  * MHD_gtls_certificate_verify_peers2().
-  * This function may be called multiple times.
-  *
-  * Returns: number of CRLs processed or a negative value on error.
-  **/
-int
-MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t
-                                          res, const char *crlfile,
-                                          gnutls_x509_crt_fmt_t type)
-{
-  int ret;
-  size_t size;
-  unsigned char *data = (unsigned char*) read_file (crlfile, &size);
-  if (data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_FILE_ERROR;
-    }
-  if (type == GNUTLS_X509_FMT_DER)
-    ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
-                             data, size);
-  else
-    ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
-                             data, size);
-  free (data);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-  return ret;
-}
 #include <pkcs12.h>
 /**

diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 49e093cc..f854b710 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c
@@ -202,7 +202,7 @@ _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session,
202	}	202	}
203		203
204	/*	204	/*
205	* Read certificates and private keys, from files, memory etc.	205	* Read certificates and private keys, from memory etc.
206	*/	206	*/
207		207
208	/* returns error if the certificate has different algorithm than	208	/* returns error if the certificate has different algorithm than
@@ -605,82 +605,6 @@ read_key_mem (mhd_gtls_cert_credentials_t res,
605	return 0;	605	return 0;
606	}	606	}
607		607
608	static char *
609	read_file (const char filename, size_t length)
610	{
611	struct stat st;
612	char *out;
613	int fd;
614
615	fd = open (filename, O_RDONLY);
616	if (-1 == fd)
617	return NULL;
618	if (0 != fstat(fd, &st))
619	goto ERR;
620	out = malloc(st.st_size);
621	if (out == NULL)
622	goto ERR;
623	if (st.st_size != read(fd, out, st.st_size))
624	{
625	free(out);
626	goto ERR;
627	}
628	*length = st.st_size;
629	close(fd);
630	return out;
631	ERR:
632	close(fd);
633	return NULL;
634	}
635
636	/* Reads a certificate file
637	*/
638	static int
639	read_cert_file (mhd_gtls_cert_credentials_t res,
640	const char *certfile, gnutls_x509_crt_fmt_t type)
641	{
642	int ret;
643	size_t size;
644	char *data = read_file (certfile, &size);
645
646	if (data == NULL)
647	{
648	gnutls_assert ();
649	return GNUTLS_E_FILE_ERROR;
650	}
651
652	ret = read_cert_mem (res, data, size, type);
653	free (data);
654
655	return ret;
656
657	}
658
659
660
661	/* Reads PKCS-1 RSA private key file or a DSA file (in the format openssl
662	* stores it).
663	*/
664	static int
665	read_key_file (mhd_gtls_cert_credentials_t res,
666	const char *keyfile, gnutls_x509_crt_fmt_t type)
667	{
668	int ret;
669	size_t size;
670	char *data = read_file (keyfile, &size);
671
672	if (data == NULL)
673	{
674	gnutls_assert ();
675	return GNUTLS_E_FILE_ERROR;
676	}
677
678	ret = read_key_mem (res, data, size, type);
679	free (data);
680
681	return ret;
682	}
683
684	/**	608	/**
685	* MHD_gnutls_certificate_set_x509_key_mem - Used to set keys in a mhd_gtls_cert_credentials_t structure	609	* MHD_gnutls_certificate_set_x509_key_mem - Used to set keys in a mhd_gtls_cert_credentials_t structure
686	* @res: is an #mhd_gtls_cert_credentials_t structure.	610	* @res: is an #mhd_gtls_cert_credentials_t structure.
@@ -739,51 +663,6 @@ MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t
739	return 0;	663	return 0;
740	}	664	}
741		665
742	/**
743	* MHD_gnutls_certificate_set_x509_key_file - Used to set keys in a mhd_gtls_cert_credentials_t structure
744	* @res: is an #mhd_gtls_cert_credentials_t structure.
745	* @CERTFILE: is a file that containing the certificate list (path) for
746	* the specified private key, in PKCS7 format, or a list of certificates
747	* @KEYFILE: is a file that contains the private key
748	* @type: is PEM or DER
749	*
750	* This function sets a certificate/private key pair in the
751	* mhd_gtls_cert_credentials_t structure. This function may be
752	* called more than once (in case multiple keys/certificates exist
753	* for the server).
754	*
755	* Currently only PKCS-1 encoded RSA and DSA private keys are accepted by
756	* this function.
757	*
758	* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
759	**/
760	int
761	MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t
762	res, const char *CERTFILE,
763	const char *KEYFILE,
764	gnutls_x509_crt_fmt_t type)
765	{
766	int ret;
767
768	/* this should be first
769	*/
770	if ((ret = read_key_file (res, KEYFILE, type)) < 0)
771	return ret;
772
773	if ((ret = read_cert_file (res, CERTFILE, type)) < 0)
774	return ret;
775
776	res->ncerts++;
777
778	if ((ret = _gnutls_check_key_cert_match (res)) < 0)
779	{
780	gnutls_assert ();
781	return ret;
782	}
783
784	return 0;
785	}
786
787	static int	666	static int
788	generate_rdn_seq (mhd_gtls_cert_credentials_t res)	667	generate_rdn_seq (mhd_gtls_cert_credentials_t res)
789	{	668	{
@@ -1085,59 +964,6 @@ MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t
1085	return ret;	964	return ret;
1086	}	965	}
1087		966
1088	/**
1089	* MHD_gnutls_certificate_set_x509_trust_file - Used to add trusted CAs in a mhd_gtls_cert_credentials_t structure
1090	* @res: is an #mhd_gtls_cert_credentials_t structure.
1091	* @cafile: is a file containing the list of trusted CAs (DER or PEM list)
1092	* @type: is PEM or DER
1093	*
1094	* This function adds the trusted CAs in order to verify client or
1095	* server certificates. In case of a client this is not required to
1096	* be called if the certificates are not verified using
1097	* MHD_gtls_certificate_verify_peers2(). This function may be called
1098	* multiple times.
1099	*
1100	* In case of a server the names of the CAs set here will be sent to
1101	* the client if a certificate request is sent. This can be disabled
1102	* using MHD_gnutls_certificate_send_x509_rdn_sequence().
1103	*
1104	* Returns: number of certificates processed, or a negative value on
1105	* error.
1106	**/
1107	int
1108	MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t
1109	res, const char *cafile,
1110	gnutls_x509_crt_fmt_t type)
1111	{
1112	int ret, ret2;
1113	size_t size;
1114	unsigned char data = (unsigned char) read_file (cafile, &size);
1115
1116	if (data == NULL)
1117	{
1118	gnutls_assert ();
1119	return GNUTLS_E_FILE_ERROR;
1120	}
1121
1122	if (type == GNUTLS_X509_FMT_DER)
1123	ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size);
1124	else
1125	ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size);
1126
1127	free (data);
1128
1129	if (ret < 0)
1130	{
1131	gnutls_assert ();
1132	return ret;
1133	}
1134
1135	if ((ret2 = generate_rdn_seq (res)) < 0)
1136	return ret2;
1137
1138	return ret;
1139	}
1140
1141	#ifdef ENABLE_PKI	967	#ifdef ENABLE_PKI
1142		968
1143	static int	969	static int
@@ -1333,53 +1159,6 @@ MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t
1333	return ret;	1159	return ret;
1334	}	1160	}
1335		1161
1336	/**
1337	* MHD_gnutls_certificate_set_x509_crl_file - Used to add CRLs in a mhd_gtls_cert_credentials_t structure
1338	* @res: is an #mhd_gtls_cert_credentials_t structure.
1339	* @crlfile: is a file containing the list of verified CRLs (DER or PEM list)
1340	* @type: is PEM or DER
1341	*
1342	* This function adds the trusted CRLs in order to verify client or server
1343	* certificates. In case of a client this is not required
1344	* to be called if the certificates are not verified using
1345	* MHD_gtls_certificate_verify_peers2().
1346	* This function may be called multiple times.
1347	*
1348	* Returns: number of CRLs processed or a negative value on error.
1349	**/
1350	int
1351	MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t
1352	res, const char *crlfile,
1353	gnutls_x509_crt_fmt_t type)
1354	{
1355	int ret;
1356	size_t size;
1357	unsigned char data = (unsigned char) read_file (crlfile, &size);
1358
1359	if (data == NULL)
1360	{
1361	gnutls_assert ();
1362	return GNUTLS_E_FILE_ERROR;
1363	}
1364
1365	if (type == GNUTLS_X509_FMT_DER)
1366	ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
1367	data, size);
1368	else
1369	ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
1370	data, size);
1371
1372	free (data);
1373
1374	if (ret < 0)
1375	{
1376	gnutls_assert ();
1377	return ret;
1378	}
1379
1380	return ret;
1381	}
1382
1383	#include <pkcs12.h>	1162	#include <pkcs12.h>
1384		1163
1385	/**	1164	/**