diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_x509.c')
-rw-r--r-- | src/daemon/https/tls/gnutls_x509.c | 223 |
1 files changed, 1 insertions, 222 deletions
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 49e093cc..f854b710 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
@@ -202,7 +202,7 @@ _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session, | |||
202 | } | 202 | } |
203 | 203 | ||
204 | /* | 204 | /* |
205 | * Read certificates and private keys, from files, memory etc. | 205 | * Read certificates and private keys, from memory etc. |
206 | */ | 206 | */ |
207 | 207 | ||
208 | /* returns error if the certificate has different algorithm than | 208 | /* returns error if the certificate has different algorithm than |
@@ -605,82 +605,6 @@ read_key_mem (mhd_gtls_cert_credentials_t res, | |||
605 | return 0; | 605 | return 0; |
606 | } | 606 | } |
607 | 607 | ||
608 | static char * | ||
609 | read_file (const char *filename, size_t * length) | ||
610 | { | ||
611 | struct stat st; | ||
612 | char *out; | ||
613 | int fd; | ||
614 | |||
615 | fd = open (filename, O_RDONLY); | ||
616 | if (-1 == fd) | ||
617 | return NULL; | ||
618 | if (0 != fstat(fd, &st)) | ||
619 | goto ERR; | ||
620 | out = malloc(st.st_size); | ||
621 | if (out == NULL) | ||
622 | goto ERR; | ||
623 | if (st.st_size != read(fd, out, st.st_size)) | ||
624 | { | ||
625 | free(out); | ||
626 | goto ERR; | ||
627 | } | ||
628 | *length = st.st_size; | ||
629 | close(fd); | ||
630 | return out; | ||
631 | ERR: | ||
632 | close(fd); | ||
633 | return NULL; | ||
634 | } | ||
635 | |||
636 | /* Reads a certificate file | ||
637 | */ | ||
638 | static int | ||
639 | read_cert_file (mhd_gtls_cert_credentials_t res, | ||
640 | const char *certfile, gnutls_x509_crt_fmt_t type) | ||
641 | { | ||
642 | int ret; | ||
643 | size_t size; | ||
644 | char *data = read_file (certfile, &size); | ||
645 | |||
646 | if (data == NULL) | ||
647 | { | ||
648 | gnutls_assert (); | ||
649 | return GNUTLS_E_FILE_ERROR; | ||
650 | } | ||
651 | |||
652 | ret = read_cert_mem (res, data, size, type); | ||
653 | free (data); | ||
654 | |||
655 | return ret; | ||
656 | |||
657 | } | ||
658 | |||
659 | |||
660 | |||
661 | /* Reads PKCS-1 RSA private key file or a DSA file (in the format openssl | ||
662 | * stores it). | ||
663 | */ | ||
664 | static int | ||
665 | read_key_file (mhd_gtls_cert_credentials_t res, | ||
666 | const char *keyfile, gnutls_x509_crt_fmt_t type) | ||
667 | { | ||
668 | int ret; | ||
669 | size_t size; | ||
670 | char *data = read_file (keyfile, &size); | ||
671 | |||
672 | if (data == NULL) | ||
673 | { | ||
674 | gnutls_assert (); | ||
675 | return GNUTLS_E_FILE_ERROR; | ||
676 | } | ||
677 | |||
678 | ret = read_key_mem (res, data, size, type); | ||
679 | free (data); | ||
680 | |||
681 | return ret; | ||
682 | } | ||
683 | |||
684 | /** | 608 | /** |
685 | * MHD_gnutls_certificate_set_x509_key_mem - Used to set keys in a mhd_gtls_cert_credentials_t structure | 609 | * MHD_gnutls_certificate_set_x509_key_mem - Used to set keys in a mhd_gtls_cert_credentials_t structure |
686 | * @res: is an #mhd_gtls_cert_credentials_t structure. | 610 | * @res: is an #mhd_gtls_cert_credentials_t structure. |
@@ -739,51 +663,6 @@ MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t | |||
739 | return 0; | 663 | return 0; |
740 | } | 664 | } |
741 | 665 | ||
742 | /** | ||
743 | * MHD_gnutls_certificate_set_x509_key_file - Used to set keys in a mhd_gtls_cert_credentials_t structure | ||
744 | * @res: is an #mhd_gtls_cert_credentials_t structure. | ||
745 | * @CERTFILE: is a file that containing the certificate list (path) for | ||
746 | * the specified private key, in PKCS7 format, or a list of certificates | ||
747 | * @KEYFILE: is a file that contains the private key | ||
748 | * @type: is PEM or DER | ||
749 | * | ||
750 | * This function sets a certificate/private key pair in the | ||
751 | * mhd_gtls_cert_credentials_t structure. This function may be | ||
752 | * called more than once (in case multiple keys/certificates exist | ||
753 | * for the server). | ||
754 | * | ||
755 | * Currently only PKCS-1 encoded RSA and DSA private keys are accepted by | ||
756 | * this function. | ||
757 | * | ||
758 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
759 | **/ | ||
760 | int | ||
761 | MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t | ||
762 | res, const char *CERTFILE, | ||
763 | const char *KEYFILE, | ||
764 | gnutls_x509_crt_fmt_t type) | ||
765 | { | ||
766 | int ret; | ||
767 | |||
768 | /* this should be first | ||
769 | */ | ||
770 | if ((ret = read_key_file (res, KEYFILE, type)) < 0) | ||
771 | return ret; | ||
772 | |||
773 | if ((ret = read_cert_file (res, CERTFILE, type)) < 0) | ||
774 | return ret; | ||
775 | |||
776 | res->ncerts++; | ||
777 | |||
778 | if ((ret = _gnutls_check_key_cert_match (res)) < 0) | ||
779 | { | ||
780 | gnutls_assert (); | ||
781 | return ret; | ||
782 | } | ||
783 | |||
784 | return 0; | ||
785 | } | ||
786 | |||
787 | static int | 666 | static int |
788 | generate_rdn_seq (mhd_gtls_cert_credentials_t res) | 667 | generate_rdn_seq (mhd_gtls_cert_credentials_t res) |
789 | { | 668 | { |
@@ -1085,59 +964,6 @@ MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t | |||
1085 | return ret; | 964 | return ret; |
1086 | } | 965 | } |
1087 | 966 | ||
1088 | /** | ||
1089 | * MHD_gnutls_certificate_set_x509_trust_file - Used to add trusted CAs in a mhd_gtls_cert_credentials_t structure | ||
1090 | * @res: is an #mhd_gtls_cert_credentials_t structure. | ||
1091 | * @cafile: is a file containing the list of trusted CAs (DER or PEM list) | ||
1092 | * @type: is PEM or DER | ||
1093 | * | ||
1094 | * This function adds the trusted CAs in order to verify client or | ||
1095 | * server certificates. In case of a client this is not required to | ||
1096 | * be called if the certificates are not verified using | ||
1097 | * MHD_gtls_certificate_verify_peers2(). This function may be called | ||
1098 | * multiple times. | ||
1099 | * | ||
1100 | * In case of a server the names of the CAs set here will be sent to | ||
1101 | * the client if a certificate request is sent. This can be disabled | ||
1102 | * using MHD_gnutls_certificate_send_x509_rdn_sequence(). | ||
1103 | * | ||
1104 | * Returns: number of certificates processed, or a negative value on | ||
1105 | * error. | ||
1106 | **/ | ||
1107 | int | ||
1108 | MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t | ||
1109 | res, const char *cafile, | ||
1110 | gnutls_x509_crt_fmt_t type) | ||
1111 | { | ||
1112 | int ret, ret2; | ||
1113 | size_t size; | ||
1114 | unsigned char *data = (unsigned char*) read_file (cafile, &size); | ||
1115 | |||
1116 | if (data == NULL) | ||
1117 | { | ||
1118 | gnutls_assert (); | ||
1119 | return GNUTLS_E_FILE_ERROR; | ||
1120 | } | ||
1121 | |||
1122 | if (type == GNUTLS_X509_FMT_DER) | ||
1123 | ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size); | ||
1124 | else | ||
1125 | ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size); | ||
1126 | |||
1127 | free (data); | ||
1128 | |||
1129 | if (ret < 0) | ||
1130 | { | ||
1131 | gnutls_assert (); | ||
1132 | return ret; | ||
1133 | } | ||
1134 | |||
1135 | if ((ret2 = generate_rdn_seq (res)) < 0) | ||
1136 | return ret2; | ||
1137 | |||
1138 | return ret; | ||
1139 | } | ||
1140 | |||
1141 | #ifdef ENABLE_PKI | 967 | #ifdef ENABLE_PKI |
1142 | 968 | ||
1143 | static int | 969 | static int |
@@ -1333,53 +1159,6 @@ MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t | |||
1333 | return ret; | 1159 | return ret; |
1334 | } | 1160 | } |
1335 | 1161 | ||
1336 | /** | ||
1337 | * MHD_gnutls_certificate_set_x509_crl_file - Used to add CRLs in a mhd_gtls_cert_credentials_t structure | ||
1338 | * @res: is an #mhd_gtls_cert_credentials_t structure. | ||
1339 | * @crlfile: is a file containing the list of verified CRLs (DER or PEM list) | ||
1340 | * @type: is PEM or DER | ||
1341 | * | ||
1342 | * This function adds the trusted CRLs in order to verify client or server | ||
1343 | * certificates. In case of a client this is not required | ||
1344 | * to be called if the certificates are not verified using | ||
1345 | * MHD_gtls_certificate_verify_peers2(). | ||
1346 | * This function may be called multiple times. | ||
1347 | * | ||
1348 | * Returns: number of CRLs processed or a negative value on error. | ||
1349 | **/ | ||
1350 | int | ||
1351 | MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t | ||
1352 | res, const char *crlfile, | ||
1353 | gnutls_x509_crt_fmt_t type) | ||
1354 | { | ||
1355 | int ret; | ||
1356 | size_t size; | ||
1357 | unsigned char *data = (unsigned char*) read_file (crlfile, &size); | ||
1358 | |||
1359 | if (data == NULL) | ||
1360 | { | ||
1361 | gnutls_assert (); | ||
1362 | return GNUTLS_E_FILE_ERROR; | ||
1363 | } | ||
1364 | |||
1365 | if (type == GNUTLS_X509_FMT_DER) | ||
1366 | ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls, | ||
1367 | data, size); | ||
1368 | else | ||
1369 | ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls, | ||
1370 | data, size); | ||
1371 | |||
1372 | free (data); | ||
1373 | |||
1374 | if (ret < 0) | ||
1375 | { | ||
1376 | gnutls_assert (); | ||
1377 | return ret; | ||
1378 | } | ||
1379 | |||
1380 | return ret; | ||
1381 | } | ||
1382 | |||
1383 | #include <pkcs12.h> | 1162 | #include <pkcs12.h> |
1384 | 1163 | ||
1385 | /** | 1164 | /** |