diff options
Diffstat (limited to 'src/daemon/https/x509/x509.c')
-rw-r--r-- | src/daemon/https/x509/x509.c | 110 |
1 files changed, 0 insertions, 110 deletions
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c index e64d34b2..21c27371 100644 --- a/src/daemon/https/x509/x509.c +++ b/src/daemon/https/x509/x509.c | |||
@@ -1111,113 +1111,3 @@ MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, | |||
1111 | output_data, output_data_size); | 1111 | output_data, output_data_size); |
1112 | } | 1112 | } |
1113 | 1113 | ||
1114 | #ifdef ENABLE_PKI | ||
1115 | |||
1116 | /** | ||
1117 | * MHD_gnutls_x509_crt_check_revocation - This function checks if the given certificate is revoked | ||
1118 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
1119 | * @crl_list: should contain a list of MHD_gnutls_x509_crl_t structures | ||
1120 | * @crl_list_length: the length of the crl_list | ||
1121 | * | ||
1122 | * This function will return check if the given certificate is | ||
1123 | * revoked. It is assumed that the CRLs have been verified before. | ||
1124 | * | ||
1125 | * Returns: 0 if the certificate is NOT revoked, and 1 if it is. A | ||
1126 | * negative value is returned on error. | ||
1127 | **/ | ||
1128 | int | ||
1129 | MHD_gnutls_x509_crt_check_revocation (MHD_gnutls_x509_crt_t cert, | ||
1130 | const MHD_gnutls_x509_crl_t * crl_list, | ||
1131 | int crl_list_length) | ||
1132 | { | ||
1133 | opaque serial[64]; | ||
1134 | opaque cert_serial[64]; | ||
1135 | size_t serial_size, cert_serial_size; | ||
1136 | int ncerts, ret, i, j; | ||
1137 | MHD_gnutls_datum_t dn1, dn2; | ||
1138 | |||
1139 | if (cert == NULL) | ||
1140 | { | ||
1141 | MHD_gnutls_assert (); | ||
1142 | return GNUTLS_E_INVALID_REQUEST; | ||
1143 | } | ||
1144 | |||
1145 | for (j = 0; j < crl_list_length; j++) | ||
1146 | { /* do for all the crls */ | ||
1147 | |||
1148 | /* Step 1. check if issuer's DN match | ||
1149 | */ | ||
1150 | ret = MHD__gnutls_x509_crl_get_raw_issuer_dn (crl_list[j], &dn1); | ||
1151 | if (ret < 0) | ||
1152 | { | ||
1153 | MHD_gnutls_assert (); | ||
1154 | return ret; | ||
1155 | } | ||
1156 | |||
1157 | ret = MHD_gnutls_x509_crt_get_raw_issuer_dn (cert, &dn2); | ||
1158 | if (ret < 0) | ||
1159 | { | ||
1160 | MHD_gnutls_assert (); | ||
1161 | return ret; | ||
1162 | } | ||
1163 | |||
1164 | ret = MHD__gnutls_x509_compare_raw_dn (&dn1, &dn2); | ||
1165 | MHD__gnutls_free_datum (&dn1); | ||
1166 | MHD__gnutls_free_datum (&dn2); | ||
1167 | if (ret == 0) | ||
1168 | { | ||
1169 | /* issuers do not match so don't even | ||
1170 | * bother checking. | ||
1171 | */ | ||
1172 | continue; | ||
1173 | } | ||
1174 | |||
1175 | /* Step 2. Read the certificate's serial number | ||
1176 | */ | ||
1177 | cert_serial_size = sizeof (cert_serial); | ||
1178 | ret = | ||
1179 | MHD_gnutls_x509_crt_get_serial (cert, cert_serial, &cert_serial_size); | ||
1180 | if (ret < 0) | ||
1181 | { | ||
1182 | MHD_gnutls_assert (); | ||
1183 | return ret; | ||
1184 | } | ||
1185 | |||
1186 | /* Step 3. cycle through the CRL serials and compare with | ||
1187 | * certificate serial we have. | ||
1188 | */ | ||
1189 | |||
1190 | ncerts = MHD_gnutls_x509_crl_get_crt_count (crl_list[j]); | ||
1191 | if (ncerts < 0) | ||
1192 | { | ||
1193 | MHD_gnutls_assert (); | ||
1194 | return ncerts; | ||
1195 | } | ||
1196 | |||
1197 | for (i = 0; i < ncerts; i++) | ||
1198 | { | ||
1199 | serial_size = sizeof (serial); | ||
1200 | ret = MHD_gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial, | ||
1201 | &serial_size, NULL); | ||
1202 | |||
1203 | if (ret < 0) | ||
1204 | { | ||
1205 | MHD_gnutls_assert (); | ||
1206 | return ret; | ||
1207 | } | ||
1208 | |||
1209 | if (serial_size == cert_serial_size) | ||
1210 | { | ||
1211 | if (memcmp (serial, cert_serial, serial_size) == 0) | ||
1212 | { | ||
1213 | /* serials match */ | ||
1214 | return 1; /* revoked! */ | ||
1215 | } | ||
1216 | } | ||
1217 | } | ||
1218 | |||
1219 | } | ||
1220 | return 0; /* not revoked. */ | ||
1221 | } | ||
1222 | |||
1223 | #endif | ||