aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/tls/gnutls_x509.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/tls/gnutls_x509.c')
-rw-r--r--src/daemon/https/tls/gnutls_x509.c232
1 files changed, 0 insertions, 232 deletions
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c
index a326ac01..3ec47e94 100644
--- a/src/daemon/https/tls/gnutls_x509.c
+++ b/src/daemon/https/tls/gnutls_x509.c
@@ -50,7 +50,6 @@
50#include "x509.h" 50#include "x509.h"
51#include "verify.h" 51#include "verify.h"
52#include "mpi.h" 52#include "mpi.h"
53#include "pkcs7.h"
54#include "privkey.h" 53#include "privkey.h"
55 54
56 55
@@ -536,15 +535,6 @@ MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey,
536 } 535 }
537 536
538 ret = MHD_gnutls_x509_privkey_import (tmpkey, raw_key, type); 537 ret = MHD_gnutls_x509_privkey_import (tmpkey, raw_key, type);
539
540#ifdef ENABLE_PKI
541 /* If normal key decoding doesn't work try decoding a plain PKCS #8 key */
542 if (ret < 0)
543 ret =
544 MHD_gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type, NULL,
545 GNUTLS_PKCS_PLAIN);
546#endif
547
548 if (ret < 0) 538 if (ret < 0)
549 { 539 {
550 MHD_gnutls_assert (); 540 MHD_gnutls_assert ();
@@ -972,225 +962,3 @@ MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t
972 return ret; 962 return ret;
973} 963}
974 964
975#ifdef ENABLE_PKI
976
977static int
978parse_pem_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
979 const opaque * input_crl, int input_crl_size)
980{
981 int size, i;
982 const opaque *ptr;
983 MHD_gnutls_datum_t tmp;
984 int ret, count;
985
986 /* move to the certificate
987 */
988 ptr = memmem (input_crl, input_crl_size,
989 PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
990 if (ptr == NULL)
991 {
992 MHD_gnutls_assert ();
993 return GNUTLS_E_BASE64_DECODING_ERROR;
994 }
995
996 size = input_crl_size - (ptr - input_crl);
997
998 i = *ncrls + 1;
999 count = 0;
1000
1001 do
1002 {
1003
1004 *crl_list =
1005 (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list,
1006 i *
1007 sizeof
1008 (MHD_gnutls_x509_crl_t));
1009
1010 if (*crl_list == NULL)
1011 {
1012 MHD_gnutls_assert ();
1013 return GNUTLS_E_MEMORY_ERROR;
1014 }
1015
1016 ret = MHD_gnutls_x509_crl_init (&crl_list[0][i - 1]);
1017 if (ret < 0)
1018 {
1019 MHD_gnutls_assert ();
1020 return ret;
1021 }
1022
1023 tmp.data = (unsigned char *) ptr;
1024 tmp.size = size;
1025
1026 ret =
1027 MHD_gnutls_x509_crl_import (crl_list[0][i - 1],
1028 &tmp, GNUTLS_X509_FMT_PEM);
1029 if (ret < 0)
1030 {
1031 MHD_gnutls_assert ();
1032 return ret;
1033 }
1034
1035 /* now we move ptr after the pem header
1036 */
1037 ptr++;
1038 /* find the next certificate (if any)
1039 */
1040
1041 size = input_crl_size - (ptr - input_crl);
1042
1043 if (size > 0)
1044 ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
1045 else
1046 ptr = NULL;
1047 i++;
1048 count++;
1049
1050 }
1051 while (ptr != NULL);
1052
1053 *ncrls = i - 1;
1054
1055 return count;
1056}
1057
1058/* Reads a DER encoded certificate list from memory and stores it to
1059 * a MHD_gnutls_cert structure.
1060 * returns the number of certificates parsed.
1061 */
1062static int
1063parse_der_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
1064 const void *input_crl, int input_crl_size)
1065{
1066 int i;
1067 MHD_gnutls_datum_t tmp;
1068 int ret;
1069
1070 i = *ncrls + 1;
1071
1072 *crl_list =
1073 (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list,
1074 i *
1075 sizeof
1076 (MHD_gnutls_x509_crl_t));
1077
1078 if (*crl_list == NULL)
1079 {
1080 MHD_gnutls_assert ();
1081 return GNUTLS_E_MEMORY_ERROR;
1082 }
1083
1084 tmp.data = (opaque *) input_crl;
1085 tmp.size = input_crl_size;
1086
1087 ret = MHD_gnutls_x509_crl_init (&crl_list[0][i - 1]);
1088 if (ret < 0)
1089 {
1090 MHD_gnutls_assert ();
1091 return ret;
1092 }
1093
1094 ret =
1095 MHD_gnutls_x509_crl_import (crl_list[0][i - 1], &tmp,
1096 GNUTLS_X509_FMT_DER);
1097 if (ret < 0)
1098 {
1099 MHD_gnutls_assert ();
1100 return ret;
1101 }
1102
1103 *ncrls = i;
1104
1105 return 1; /* one certificate parsed */
1106}
1107
1108
1109/* Reads a DER or PEM CRL from memory
1110 */
1111static int
1112read_crl_mem (MHD_gtls_cert_credentials_t res, const void *crl,
1113 int crl_size, MHD_gnutls_x509_crt_fmt_t type)
1114{
1115 int ret;
1116
1117 /* allocate space for the certificate to add
1118 */
1119 res->x509_crl_list = MHD_gtls_realloc_fast (res->x509_crl_list,
1120 (1 +
1121 res->x509_ncrls) *
1122 sizeof (MHD_gnutls_x509_crl_t));
1123 if (res->x509_crl_list == NULL)
1124 {
1125 MHD_gnutls_assert ();
1126 return GNUTLS_E_MEMORY_ERROR;
1127 }
1128
1129 if (type == GNUTLS_X509_FMT_DER)
1130 ret = parse_der_crl_mem (&res->x509_crl_list,
1131 &res->x509_ncrls, crl, crl_size);
1132 else
1133 ret = parse_pem_crl_mem (&res->x509_crl_list,
1134 &res->x509_ncrls, crl, crl_size);
1135
1136 if (ret < 0)
1137 {
1138 MHD_gnutls_assert ();
1139 return ret;
1140 }
1141
1142 return ret;
1143}
1144
1145/**
1146 * MHD__gnutls_certificate_set_x509_crl_mem - Used to add CRLs in a MHD_gtls_cert_credentials_t structure
1147 * @res: is an #MHD_gtls_cert_credentials_t structure.
1148 * @CRL: is a list of trusted CRLs. They should have been verified before.
1149 * @type: is DER or PEM
1150 *
1151 * This function adds the trusted CRLs in order to verify client or
1152 * server certificates. In case of a client this is not required to
1153 * be called if the certificates are not verified using
1154 * MHD_gtls_certificate_verify_peers2(). This function may be called
1155 * multiple times.
1156 *
1157 * Returns: number of CRLs processed, or a negative value on error.
1158 **/
1159int
1160MHD__gnutls_certificate_set_x509_crl_mem (MHD_gtls_cert_credentials_t
1161 res, const MHD_gnutls_datum_t * CRL,
1162 MHD_gnutls_x509_crt_fmt_t type)
1163{
1164 int ret;
1165
1166 if ((ret = read_crl_mem (res, CRL->data, CRL->size, type)) < 0)
1167 return ret;
1168
1169 return ret;
1170}
1171
1172/**
1173 * MHD__gnutls_certificate_free_crls - Used to free all the CRLs from a MHD_gtls_cert_credentials_t structure
1174 * @sc: is an #MHD_gtls_cert_credentials_t structure.
1175 *
1176 * This function will delete all the CRLs associated
1177 * with the given credentials.
1178 *
1179 **/
1180void
1181MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc)
1182{
1183 unsigned j;
1184
1185 for (j = 0; j < sc->x509_ncrls; j++)
1186 {
1187 MHD_gnutls_x509_crl_deinit (sc->x509_crl_list[j]);
1188 }
1189
1190 sc->x509_ncrls = 0;
1191
1192 MHD_gnutls_free (sc->x509_crl_list);
1193 sc->x509_crl_list = NULL;
1194}
1195
1196#endif