aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/x509/x509_verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/x509/x509_verify.c')
-rw-r--r--src/daemon/https/x509/x509_verify.c64
1 files changed, 3 insertions, 61 deletions
diff --git a/src/daemon/https/x509/x509_verify.c b/src/daemon/https/x509/x509_verify.c
index 3dc4c9f7..a3eea5e7 100644
--- a/src/daemon/https/x509/x509_verify.c
+++ b/src/daemon/https/x509/x509_verify.c
@@ -46,7 +46,7 @@ static int MHD__gnutls_verify_certificate2 (MHD_gnutls_x509_crt_t cert,
46 trusted_cas, int tcas_size, 46 trusted_cas, int tcas_size,
47 unsigned int flags, 47 unsigned int flags,
48 unsigned int *output); 48 unsigned int *output);
49int MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * signed_data, 49static int MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * signed_data,
50 const MHD_gnutls_datum_t * signature, 50 const MHD_gnutls_datum_t * signature,
51 MHD_gnutls_x509_crt_t issuer); 51 MHD_gnutls_x509_crt_t issuer);
52 52
@@ -351,7 +351,7 @@ cleanup:MHD__gnutls_free_datum (&cert_signed_data);
351 * A negative value is returned in case of an error. 351 * A negative value is returned in case of an error.
352 * 352 *
353 **/ 353 **/
354int 354static int
355MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert, 355MHD_gnutls_x509_crt_check_issuer (MHD_gnutls_x509_crt_t cert,
356 MHD_gnutls_x509_crt_t issuer) 356 MHD_gnutls_x509_crt_t issuer)
357{ 357{
@@ -618,7 +618,7 @@ verify_sig (const MHD_gnutls_datum_t * tbs,
618 * 'tbs' is the signed data 618 * 'tbs' is the signed data
619 * 'signature' is the signature! 619 * 'signature' is the signature!
620 */ 620 */
621int 621static int
622MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs, 622MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs,
623 const MHD_gnutls_datum_t * signature, 623 const MHD_gnutls_datum_t * signature,
624 MHD_gnutls_x509_crt_t issuer) 624 MHD_gnutls_x509_crt_t issuer)
@@ -657,30 +657,6 @@ MHD__gnutls_x509_verify_signature (const MHD_gnutls_datum_t * tbs,
657 return ret; 657 return ret;
658} 658}
659 659
660/* verifies if the certificate is properly signed.
661 * returns 0 on failure and 1 on success.
662 *
663 * 'tbs' is the signed data
664 * 'signature' is the signature!
665 */
666int
667MHD__gnutls_x509_privkey_verify_signature (const MHD_gnutls_datum_t * tbs,
668 const MHD_gnutls_datum_t *
669 signature,
670 MHD_gnutls_x509_privkey_t issuer)
671{
672 int ret;
673
674 ret = verify_sig (tbs, signature, issuer->pk_algorithm, issuer->params,
675 issuer->params_size);
676 if (ret < 0)
677 {
678 MHD_gnutls_assert ();
679 }
680
681 return ret;
682}
683
684/** 660/**
685 * MHD_gnutls_x509_crt_list_verify - This function verifies the given certificate list 661 * MHD_gnutls_x509_crt_list_verify - This function verifies the given certificate list
686 * @cert_list: is the certificate list to be verified 662 * @cert_list: is the certificate list to be verified
@@ -737,37 +713,3 @@ MHD_gnutls_x509_crt_list_verify (const MHD_gnutls_x509_crt_t * cert_list,
737 return 0; 713 return 0;
738} 714}
739 715
740/**
741 * MHD_gnutls_x509_crt_verify - This function verifies the given certificate against a given trusted one
742 * @cert: is the certificate to be verified
743 * @CA_list: is one certificate that is considered to be trusted one
744 * @CA_list_length: holds the number of CA certificate in CA_list
745 * @flags: Flags that may be used to change the verification algorithm. Use OR of the MHD_gnutls_certificate_verify_flags enumerations.
746 * @verify: will hold the certificate verification output.
747 *
748 * This function will try to verify the given certificate and return its status.
749 * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID.
750 *
751 * Returns 0 on success and a negative value in case of an error.
752 *
753 **/
754int
755MHD_gnutls_x509_crt_verify (MHD_gnutls_x509_crt_t cert,
756 const MHD_gnutls_x509_crt_t * CA_list,
757 int CA_list_length,
758 unsigned int flags, unsigned int *verify)
759{
760 int ret;
761 /* Verify certificate
762 */
763 ret = MHD__gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags,
764 verify);
765 if (ret < 0)
766 {
767 MHD_gnutls_assert ();
768 return ret;
769 }
770
771 return 0;
772}
773