From cfde43ff7ded40a9b1f23fa87088dcf99a95570c Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 12 Sep 2008 20:47:06 +0000 Subject: documenting all enums, functions and structs, removing support for key/cert files --- src/daemon/connection_https.c | 10 +- src/daemon/daemon.c | 54 +------ src/daemon/https/tls/auth_cert.c | 6 +- src/daemon/https/tls/auth_rsa.c | 4 +- src/daemon/https/tls/gnutls_algorithms.c | 96 ++++++------ src/daemon/https/tls/gnutls_cipher.c | 18 +-- src/daemon/https/tls/gnutls_constate.c | 8 +- src/daemon/https/tls/gnutls_handshake.c | 22 +-- src/daemon/https/tls/gnutls_kx.c | 8 +- src/daemon/https/tls/gnutls_priority.c | 6 +- src/daemon/https/tls/gnutls_sig.c | 12 +- src/daemon/https/tls/gnutls_state.c | 2 +- src/daemon/https/tls/gnutls_x509.c | 223 +-------------------------- src/daemon/internal.h | 4 - src/examples/https_fileserver_example.c | 12 +- src/include/microhttpd.h | 37 +---- src/testcurl/https/mhds_session_info_test.c | 2 +- src/testcurl/https/tls_daemon_options_test.c | 14 +- 18 files changed, 106 insertions(+), 432 deletions(-) (limited to 'src') diff --git a/src/daemon/connection_https.c b/src/daemon/connection_https.c index 20baa770..e9a2226f 100644 --- a/src/daemon/connection_https.c +++ b/src/daemon/connection_https.c @@ -152,7 +152,7 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection) return MHD_NO; case MHD_TLS_HANDSHAKE_FAILED: MHD_tls_connection_close (connection, - MHD_TLS_REQUEST_TERMINATED_WITH_ERROR); + MHD_REQUEST_TERMINATED_WITH_ERROR); return MHD_NO; /* some HTTP state */ default: @@ -237,14 +237,14 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) "Error: received handshake message out of context\n"); #endif MHD_tls_connection_close (connection, - MHD_TLS_REQUEST_TERMINATED_WITH_ERROR); + MHD_REQUEST_TERMINATED_WITH_ERROR); return MHD_NO; } /* ignore any out of bound change chiper spec messages */ case GNUTLS_CHANGE_CIPHER_SPEC: MHD_tls_connection_close (connection, - MHD_TLS_REQUEST_TERMINATED_WITH_ERROR); + MHD_REQUEST_TERMINATED_WITH_ERROR); return MHD_NO; case GNUTLS_ALERT: @@ -279,7 +279,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) GNUTLS_AL_FATAL) { MHD_tls_connection_close (connection, - MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT); + MHD_REQUEST_TERMINATED_WITH_ERROR); return MHD_NO; } /* this should never execute */ @@ -308,7 +308,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection) #endif /* close connection upon reception of unrecognized message type */ MHD_tls_connection_close (connection, - MHD_TLS_REQUEST_TERMINATED_WITH_ERROR); + MHD_REQUEST_TERMINATED_WITH_ERROR); return MHD_NO; } diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index 950239a6..7e3e7e3e 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c @@ -1,6 +1,6 @@ /* This file is part of libmicrohttpd - (C) 2007 Daniel Pittman and Christian Grothoff + (C) 2007, 2008 Daniel Pittman and Christian Grothoff This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -125,55 +125,9 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon) gnutls_datum_t key; gnutls_datum_t cert; - /* certificate & key loaded from file */ - if (daemon->https_cert_path && daemon->https_key_path) - { - if (daemon->https_mem_cert || daemon->https_mem_key) - { -#if HAVE_MESSAGES - MHD_DLOG (daemon, "You specified certificates both in memory and on disk!", - daemon->https_cert_path, - strerror(errno)); -#endif - return -1; - } - /* test for private key & certificate file exsitance */ - if (access (daemon->https_cert_path, R_OK)) - { -#if HAVE_MESSAGES - MHD_DLOG (daemon, "Missing X.509 certificate file `%s': %s\n", - daemon->https_cert_path, - strerror(errno)); -#endif - return -1; - } - - if (access (daemon->https_key_path, R_OK)) - { -#if HAVE_MESSAGES - MHD_DLOG (daemon, "Missing X.509 key file `%s': %s\n", - daemon->https_key_path, - strerror(errno)); -#endif - return -1; - } - return MHD_gnutls_certificate_set_x509_key_file (daemon->x509_cred, - daemon->https_cert_path, - daemon->https_key_path, - GNUTLS_X509_FMT_PEM); - } /* certificate & key loaded from memory */ if (daemon->https_mem_cert && daemon->https_mem_key) { - if (daemon->https_cert_path || daemon->https_key_path) - { -#if HAVE_MESSAGES - MHD_DLOG (daemon, "You specified certificates both in memory and on disk!", - daemon->https_cert_path, - strerror(errno)); -#endif - return -1; - } key.data = (unsigned char *) daemon->https_mem_key; key.size = strlen (daemon->https_mem_key); cert.data = (unsigned char *) daemon->https_mem_cert; @@ -928,12 +882,6 @@ MHD_start_daemon_va (unsigned int options, _set_priority (&retVal->priority_cache->protocol, va_arg (ap, const int *)); break; - case MHD_OPTION_HTTPS_KEY_PATH: - retVal->https_key_path = va_arg (ap, const char *); - break; - case MHD_OPTION_HTTPS_CERT_PATH: - retVal->https_cert_path = va_arg (ap, const char *); - break; case MHD_OPTION_HTTPS_MEM_KEY: retVal->https_mem_key = va_arg (ap, const char *); break; diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c index ae6ef698..7f0369ca 100644 --- a/src/daemon/https/tls/auth_cert.c +++ b/src/daemon/https/tls/auth_cert.c @@ -870,7 +870,7 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data, return GNUTLS_E_UNKNOWN_PK_ALGORITHM; } - if (ver == MHD_GNUTLS_TLS1_2) + if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) { /* read supported hashes */ int hash_num; @@ -1039,7 +1039,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) session->internals.ignore_rdn_sequence == 0) size += cred->x509_rdn_sequence.size; - if (ver == MHD_GNUTLS_TLS1_2) + if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) /* Need at least one byte to announce the number of supported hash functions (see below). */ size += 1; @@ -1059,7 +1059,7 @@ mhd_gtls_gen_cert_server_cert_req (mhd_gtls_session_t session, opaque ** data) pdata[2] = DSA_SIGN; /* only these for now */ pdata += CERTTYPE_SIZE; - if (ver == MHD_GNUTLS_TLS1_2) + if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) { /* Supported hashes (nothing for now -- FIXME). */ *pdata = 0; diff --git a/src/daemon/https/tls/auth_rsa.c b/src/daemon/https/tls/auth_rsa.c index 4c909bcc..b3833814 100644 --- a/src/daemon/https/tls/auth_rsa.c +++ b/src/daemon/https/tls/auth_rsa.c @@ -217,7 +217,7 @@ _gnutls_proc_rsa_client_kx (mhd_gtls_session_t session, opaque * data, int randomize_key = 0; ssize_t data_size = _data_size; - if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) + if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) { /* SSL 3.0 */ @@ -385,7 +385,7 @@ _gnutls_gen_rsa_client_kx (mhd_gtls_session_t session, opaque ** data) for (i = 0; i < params_len; i++) mhd_gtls_mpi_release (¶ms[i]); - if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) + if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) { /* SSL 3.0 */ *data = sdata.data; diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 9558119b..c3daa08b 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c @@ -138,22 +138,22 @@ typedef struct static const gnutls_version_entry mhd_gtls_sup_versions[] = { {"SSL3.0", - MHD_GNUTLS_SSL3, + MHD_GNUTLS_PROTOCOL_SSL3, 3, 0, 1}, {"TLS1.0", - MHD_GNUTLS_TLS1_0, + MHD_GNUTLS_PROTOCOL_TLS1_0, 3, 1, 1}, {"TLS1.1", - MHD_GNUTLS_TLS1_1, + MHD_GNUTLS_PROTOCOL_TLS1_1, 3, 2, 1}, {"TLS1.2", - MHD_GNUTLS_TLS1_2, + MHD_GNUTLS_PROTOCOL_TLS1_2, 3, 3, 1}, @@ -166,10 +166,10 @@ static const gnutls_version_entry mhd_gtls_sup_versions[] = { /* Keep the contents of this struct the same as the previous one. */ static const enum MHD_GNUTLS_Protocol mhd_gtls_supported_protocols[] = -{ MHD_GNUTLS_SSL3, - MHD_GNUTLS_TLS1_0, - MHD_GNUTLS_TLS1_1, - MHD_GNUTLS_TLS1_2, +{ MHD_GNUTLS_PROTOCOL_SSL3, + MHD_GNUTLS_PROTOCOL_TLS1_0, + MHD_GNUTLS_PROTOCOL_TLS1_1, + MHD_GNUTLS_PROTOCOL_TLS1_2, 0 }; @@ -593,159 +593,159 @@ static const mhd_gtls_cipher_suite_entry mhd_gtls_cs_algorithms[] = { GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5, MHD_GNUTLS_CIPHER_ARCFOUR_128, MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5, - MHD_GNUTLS_SSL3), + MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1, MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_ANON_DH, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_ANON_DH, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_ANON_DH, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1, MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, MHD_GNUTLS_KX_ANON_DH, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1, MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, MHD_GNUTLS_KX_ANON_DH, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), #endif /* SRP */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_SRP, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_SRP, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP_DSS, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_SRP_DSS, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_SRP_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_SRP_DSS, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_SRP_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), /* DHE_DSS */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1, MHD_GNUTLS_CIPHER_ARCFOUR_128, MHD_GNUTLS_KX_DHE_DSS, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_DHE_DSS, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_DHE_DSS, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_DHE_DSS, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, MHD_GNUTLS_KX_DHE_DSS, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, MHD_GNUTLS_KX_DHE_DSS, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), #endif /* DHE_RSA */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_DHE_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_DHE_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_DHE_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, MHD_GNUTLS_KX_DHE_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, MHD_GNUTLS_KX_DHE_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), #endif /* RSA */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5, MHD_GNUTLS_CIPHER_NULL, MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, - MHD_GNUTLS_SSL3), + MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5, MHD_GNUTLS_CIPHER_ARCFOUR_40, MHD_GNUTLS_KX_RSA_EXPORT, MHD_GNUTLS_MAC_MD5, - MHD_GNUTLS_SSL3), + MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, MHD_GNUTLS_CIPHER_ARCFOUR_128, MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, - MHD_GNUTLS_SSL3), + MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5, MHD_GNUTLS_CIPHER_ARCFOUR_128, MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, - MHD_GNUTLS_SSL3), + MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, - MHD_GNUTLS_SSL3), + MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_SSL3), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, MHD_GNUTLS_KX_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, MHD_GNUTLS_KX_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_TLS1_0), + MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), #endif {0, { @@ -1299,7 +1299,7 @@ mhd_gtls_version_lowest (mhd_gtls_session_t session) if (session->internals.priorities.protocol.priority == NULL) { - return MHD_GNUTLS_VERSION_UNKNOWN; + return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; } else for (i = 0; i < session->internals.priorities.protocol.num_algorithms; @@ -1310,7 +1310,7 @@ mhd_gtls_version_lowest (mhd_gtls_session_t session) } if (min == 0xff) - return MHD_GNUTLS_VERSION_UNKNOWN; /* unknown version */ + return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */ return min; } @@ -1322,7 +1322,7 @@ mhd_gtls_version_max (mhd_gtls_session_t session) if (session->internals.priorities.protocol.priority == NULL) { - return MHD_GNUTLS_VERSION_UNKNOWN; + return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; } else for (i = 0; i < session->internals.priorities.protocol.num_algorithms; @@ -1333,7 +1333,7 @@ mhd_gtls_version_max (mhd_gtls_session_t session) } if (max == 0x00) - return MHD_GNUTLS_VERSION_UNKNOWN; /* unknown version */ + return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */ return max; } @@ -1367,7 +1367,7 @@ MHD_gnutls_protocol_get_name (enum MHD_GNUTLS_Protocol version) enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name) { - enum MHD_GNUTLS_Protocol ret = MHD_GNUTLS_VERSION_UNKNOWN; + enum MHD_GNUTLS_Protocol ret = MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id) ; diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c index 872abdf0..69b62d16 100644 --- a/src/daemon/https/tls/gnutls_cipher.c +++ b/src/daemon/https/tls/gnutls_cipher.c @@ -202,7 +202,7 @@ mac_init (enum MHD_GNUTLS_HashAlgorithm mac, opaque * secret, int secret_size, if (mac == MHD_GNUTLS_MAC_NULL) return GNUTLS_MAC_FAILED; - if (ver == MHD_GNUTLS_SSL3) + if (ver == MHD_GNUTLS_PROTOCOL_SSL3) { /* SSL 3.0 */ td = mhd_gnutls_mac_init_ssl3 (mac, secret, secret_size); } @@ -217,7 +217,7 @@ mac_init (enum MHD_GNUTLS_HashAlgorithm mac, opaque * secret, int secret_size, inline static void mac_deinit (mac_hd_t td, opaque * res, int ver) { - if (ver == MHD_GNUTLS_SSL3) + if (ver == MHD_GNUTLS_PROTOCOL_SSL3) { /* SSL 3.0 */ mhd_gnutls_mac_deinit_ssl3 (td, res); } @@ -251,7 +251,7 @@ calc_enc_length (mhd_gtls_session_t session, int data_size, } /* make rnd a multiple of blocksize */ - if (session->security_parameters.version == MHD_GNUTLS_SSL3 || + if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3 || random_pad == 0) { rnd = 0; @@ -271,7 +271,7 @@ calc_enc_length (mhd_gtls_session_t session, int data_size, *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd; length += *pad; - if (session->security_parameters.version >= MHD_GNUTLS_TLS1_1) + if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) length += blocksize; /* for the IV */ break; @@ -341,7 +341,7 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, write_sequence_number), 8); mhd_gnutls_hash (td, &type, 1); - if (ver >= MHD_GNUTLS_TLS1_0) + if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0) { /* TLS 1.0 or higher */ mhd_gnutls_hash (td, &major, 1); mhd_gnutls_hash (td, &minor, 1); @@ -373,7 +373,7 @@ mhd_gtls_compressed2ciphertext (mhd_gtls_session_t session, data_ptr = cipher_data; if (block_algo == CIPHER_BLOCK && - session->security_parameters.version >= MHD_GNUTLS_TLS1_1) + session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) { /* copy the random IV. */ @@ -494,7 +494,7 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, /* ignore the IV in TLS 1.1. */ - if (session->security_parameters.version >= MHD_GNUTLS_TLS1_1) + if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) { ciphertext.size -= blocksize; ciphertext.data += blocksize; @@ -521,7 +521,7 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, /* Check the pading bytes (TLS 1.x) */ - if (ver >= MHD_GNUTLS_TLS1_0 && pad_failed == 0) + if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0 && pad_failed == 0) for (i = 2; i < pad; i++) { if (ciphertext.data[ciphertext.size - i] != @@ -548,7 +548,7 @@ mhd_gtls_ciphertext2compressed (mhd_gtls_session_t session, read_sequence_number), 8); mhd_gnutls_hash (td, &type, 1); - if (ver >= MHD_GNUTLS_TLS1_0) + if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0) { /* TLS 1.x */ mhd_gnutls_hash (td, &major, 1); mhd_gnutls_hash (td, &minor, 1); diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c index 9a2ee004..9ace3533 100644 --- a/src/daemon/https/tls/gnutls_constate.c +++ b/src/daemon/https/tls/gnutls_constate.c @@ -97,7 +97,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, memcpy (&rrnd[TLS_RANDOM_SIZE], session->security_parameters.server_random, TLS_RANDOM_SIZE); - if (session->security_parameters.version == MHD_GNUTLS_SSL3) + if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) { /* SSL 3 */ ret = mhd_gnutls_ssl3_generate_random @@ -187,7 +187,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, /* generate the final keys */ - if (session->security_parameters.version == MHD_GNUTLS_SSL3) + if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) { /* SSL 3 */ ret = mhd_gnutls_ssl3_hash_md5 (&key_block[pos], @@ -219,7 +219,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, client_write_key_size = EXPORT_FINAL_KEY_SIZE; pos += key_size; - if (session->security_parameters.version == MHD_GNUTLS_SSL3) + if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) { /* SSL 3 */ ret = mhd_gnutls_ssl3_hash_md5 (&key_block[pos], key_size, @@ -321,7 +321,7 @@ _gnutls_set_keys (mhd_gtls_session_t session, int hash_size, int IV_size, return GNUTLS_E_MEMORY_ERROR; } - if (session->security_parameters.version == MHD_GNUTLS_SSL3) + if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) { /* SSL 3 */ ret = mhd_gnutls_ssl3_hash_md5 ("", 0, rrnd, TLS_RANDOM_SIZE * 2, diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index 08d423b5..e53d6985 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c @@ -195,7 +195,7 @@ _gnutls_finished (mhd_gtls_session_t session, int type, void *ret) mac_hd_t td_sha; enum MHD_GNUTLS_Protocol ver = MHD_gnutls_protocol_get_version (session); - if (ver < MHD_GNUTLS_TLS1_2) + if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) { td_md5 = mhd_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); @@ -215,7 +215,7 @@ _gnutls_finished (mhd_gtls_session_t session, int type, void *ret) return GNUTLS_E_HASH_FAILED; } - if (ver < MHD_GNUTLS_TLS1_2) + if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) { mhd_gnutls_hash_deinit (td_md5, concat); mhd_gnutls_hash_deinit (td_sha, &concat[16]); @@ -281,7 +281,7 @@ mhd_gtls_negotiate_version (mhd_gtls_session_t session, * then we send him the highest we support. */ ret = mhd_gtls_version_max (session); - if (ret == MHD_GNUTLS_VERSION_UNKNOWN) + if (ret == MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN) { /* this check is not really needed. */ @@ -420,7 +420,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data, /* Parse the extensions (if any) */ - if (neg_version >= MHD_GNUTLS_TLS1_0) + if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0) { ret = mhd_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) @@ -437,7 +437,7 @@ _gnutls_read_client_hello (mhd_gtls_session_t session, opaque * data, return ret; } - if (neg_version >= MHD_GNUTLS_TLS1_0) + if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0) { ret = mhd_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) @@ -529,7 +529,7 @@ _gnutls_send_finished (mhd_gtls_session_t session, int again) return ret; } - if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) + if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) { ret = _gnutls_ssl3_finished (session, @@ -581,7 +581,7 @@ _gnutls_recv_finished (mhd_gtls_session_t session) } - if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) + if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) { data_size = 36; } @@ -597,7 +597,7 @@ _gnutls_recv_finished (mhd_gtls_session_t session) return GNUTLS_E_ERROR_IN_FINISHED_PACKET; } - if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) + if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) { ret = _gnutls_ssl3_finished (session, @@ -1530,7 +1530,7 @@ _gnutls_read_server_hello (mhd_gtls_session_t session, /* Parse extensions. */ - if (version >= MHD_GNUTLS_TLS1_0) + if (version >= MHD_GNUTLS_PROTOCOL_TLS1_0) { ret = mhd_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) @@ -1706,7 +1706,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again) hver = session->internals.resumed_security_parameters.version; } - if (hver == MHD_GNUTLS_VERSION_UNKNOWN || hver == 0) + if (hver == MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN || hver == 0) { gnutls_assert (); gnutls_free (data); @@ -1810,7 +1810,7 @@ _gnutls_send_client_hello (mhd_gtls_session_t session, int again) /* Generate and copy TLS extensions. */ - if (hver >= MHD_GNUTLS_TLS1_0) + if (hver >= MHD_GNUTLS_PROTOCOL_TLS1_0) { extdatalen = mhd_gtls_gen_extensions (session, extdata, sizeof (extdata)); diff --git a/src/daemon/https/tls/gnutls_kx.c b/src/daemon/https/tls/gnutls_kx.c index 024af674..45717b4f 100644 --- a/src/daemon/https/tls/gnutls_kx.c +++ b/src/daemon/https/tls/gnutls_kx.c @@ -71,7 +71,7 @@ generate_normal_master (mhd_gtls_session_t session, int keep_premaster) mhd_gtls_bin2hex (session->security_parameters. server_random, 32, buf, sizeof (buf))); - if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3) + if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) { opaque rnd[2 * TLS_RANDOM_SIZE + 1]; @@ -504,7 +504,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again) if (again == 0) { - if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_SSL3 || + if (MHD_gnutls_protocol_get_version (session) != MHD_GNUTLS_PROTOCOL_SSL3 || session->internals.selected_cert_list_length > 0) { /* TLS 1.0 or SSL 3.0 with a valid certificate @@ -525,7 +525,7 @@ mhd_gtls_send_client_certificate (mhd_gtls_session_t session, int again) * no certificate alert instead of an * empty certificate. */ - if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3 && + if (MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 && session->internals.selected_cert_list_length == 0) { ret = @@ -632,7 +632,7 @@ mhd_gtls_recv_client_certificate (mhd_gtls_session_t session) */ if (optional == OPTIONAL_PACKET && ret == GNUTLS_E_WARNING_ALERT_RECEIVED && - MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_SSL3 && + MHD_gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 && gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE) { diff --git a/src/daemon/https/tls/gnutls_priority.c b/src/daemon/https/tls/gnutls_priority.c index bbdce41c..f0a91bd6 100644 --- a/src/daemon/https/tls/gnutls_priority.c +++ b/src/daemon/https/tls/gnutls_priority.c @@ -201,9 +201,9 @@ MHD_gnutls_certificate_type_set_priority (mhd_gtls_session_t session, #endif } -static const int mhd_gtls_protocol_priority[] = { MHD_GNUTLS_TLS1_1, - MHD_GNUTLS_TLS1_0, - MHD_GNUTLS_SSL3, +static const int mhd_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1, + MHD_GNUTLS_PROTOCOL_TLS1_0, + MHD_GNUTLS_PROTOCOL_SSL3, 0 }; diff --git a/src/daemon/https/tls/gnutls_sig.c b/src/daemon/https/tls/gnutls_sig.c index 07ceb21b..3a41999d 100644 --- a/src/daemon/https/tls/gnutls_sig.c +++ b/src/daemon/https/tls/gnutls_sig.c @@ -65,7 +65,7 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, return GNUTLS_E_HASH_FAILED; } - if (ver == MHD_GNUTLS_SSL3) + if (ver == MHD_GNUTLS_PROTOCOL_SSL3) { ret = mhd_gtls_generate_master (session, 1); if (ret < 0) @@ -92,7 +92,7 @@ mhd_gtls_tls_sign_hdata (mhd_gtls_session_t session, return GNUTLS_E_HASH_FAILED; } - if (ver == MHD_GNUTLS_SSL3) + if (ver == MHD_GNUTLS_PROTOCOL_SSL3) mhd_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, session->security_parameters. master_secret, TLS_MASTER_SIZE); @@ -146,7 +146,7 @@ mhd_gtls_tls_sign_params (mhd_gtls_session_t session, switch (cert->subject_pk_algorithm) { case MHD_GNUTLS_PK_RSA: - if (ver < MHD_GNUTLS_TLS1_2) + if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) { mac_hd_t td_md5 = mhd_gtls_hash_init (MHD_GNUTLS_MAC_MD5); if (td_md5 == NULL) @@ -352,7 +352,7 @@ mhd_gtls_verify_sig_hdata (mhd_gtls_session_t session, return GNUTLS_E_HASH_FAILED; } - if (ver == MHD_GNUTLS_SSL3) + if (ver == MHD_GNUTLS_PROTOCOL_SSL3) { ret = mhd_gtls_generate_master (session, 1); if (ret < 0) @@ -404,7 +404,7 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session, opaque concat[36]; enum MHD_GNUTLS_Protocol ver = MHD_gnutls_protocol_get_version (session); - if (ver < MHD_GNUTLS_TLS1_2) + if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) { td_md5 = mhd_gtls_hash_init (MHD_GNUTLS_MAC_MD5); if (td_md5 == NULL) @@ -435,7 +435,7 @@ mhd_gtls_verify_sig_params (mhd_gtls_session_t session, TLS_RANDOM_SIZE); mhd_gnutls_hash (td_sha, params->data, params->size); - if (ver < MHD_GNUTLS_TLS1_2) + if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) { mhd_gnutls_hash_deinit (td_md5, concat); mhd_gnutls_hash_deinit (td_sha, &concat[16]); diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c index 6eb01660..ae793ee0 100644 --- a/src/daemon/https/tls/gnutls_state.c +++ b/src/daemon/https/tls/gnutls_state.c @@ -812,7 +812,7 @@ mhd_gtls_PRF (mhd_gtls_session_t session, memcpy (s_seed, label, label_size); memcpy (&s_seed[label_size], seed, seed_size); - if (ver >= MHD_GNUTLS_TLS1_2) + if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_2) { result = _gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, secret, secret_size, s_seed, diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 49e093cc..f854b710 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c @@ -202,7 +202,7 @@ _gnutls_x509_cert_verify_peers (mhd_gtls_session_t session, } /* - * Read certificates and private keys, from files, memory etc. + * Read certificates and private keys, from memory etc. */ /* returns error if the certificate has different algorithm than @@ -605,82 +605,6 @@ read_key_mem (mhd_gtls_cert_credentials_t res, return 0; } -static char * -read_file (const char *filename, size_t * length) -{ - struct stat st; - char *out; - int fd; - - fd = open (filename, O_RDONLY); - if (-1 == fd) - return NULL; - if (0 != fstat(fd, &st)) - goto ERR; - out = malloc(st.st_size); - if (out == NULL) - goto ERR; - if (st.st_size != read(fd, out, st.st_size)) - { - free(out); - goto ERR; - } - *length = st.st_size; - close(fd); - return out; - ERR: - close(fd); - return NULL; -} - -/* Reads a certificate file - */ -static int -read_cert_file (mhd_gtls_cert_credentials_t res, - const char *certfile, gnutls_x509_crt_fmt_t type) -{ - int ret; - size_t size; - char *data = read_file (certfile, &size); - - if (data == NULL) - { - gnutls_assert (); - return GNUTLS_E_FILE_ERROR; - } - - ret = read_cert_mem (res, data, size, type); - free (data); - - return ret; - -} - - - -/* Reads PKCS-1 RSA private key file or a DSA file (in the format openssl - * stores it). - */ -static int -read_key_file (mhd_gtls_cert_credentials_t res, - const char *keyfile, gnutls_x509_crt_fmt_t type) -{ - int ret; - size_t size; - char *data = read_file (keyfile, &size); - - if (data == NULL) - { - gnutls_assert (); - return GNUTLS_E_FILE_ERROR; - } - - ret = read_key_mem (res, data, size, type); - free (data); - - return ret; -} - /** * MHD_gnutls_certificate_set_x509_key_mem - Used to set keys in a mhd_gtls_cert_credentials_t structure * @res: is an #mhd_gtls_cert_credentials_t structure. @@ -739,51 +663,6 @@ MHD_gnutls_certificate_set_x509_key_mem (mhd_gtls_cert_credentials_t return 0; } -/** - * MHD_gnutls_certificate_set_x509_key_file - Used to set keys in a mhd_gtls_cert_credentials_t structure - * @res: is an #mhd_gtls_cert_credentials_t structure. - * @CERTFILE: is a file that containing the certificate list (path) for - * the specified private key, in PKCS7 format, or a list of certificates - * @KEYFILE: is a file that contains the private key - * @type: is PEM or DER - * - * This function sets a certificate/private key pair in the - * mhd_gtls_cert_credentials_t structure. This function may be - * called more than once (in case multiple keys/certificates exist - * for the server). - * - * Currently only PKCS-1 encoded RSA and DSA private keys are accepted by - * this function. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ -int -MHD_gnutls_certificate_set_x509_key_file (mhd_gtls_cert_credentials_t - res, const char *CERTFILE, - const char *KEYFILE, - gnutls_x509_crt_fmt_t type) -{ - int ret; - - /* this should be first - */ - if ((ret = read_key_file (res, KEYFILE, type)) < 0) - return ret; - - if ((ret = read_cert_file (res, CERTFILE, type)) < 0) - return ret; - - res->ncerts++; - - if ((ret = _gnutls_check_key_cert_match (res)) < 0) - { - gnutls_assert (); - return ret; - } - - return 0; -} - static int generate_rdn_seq (mhd_gtls_cert_credentials_t res) { @@ -1085,59 +964,6 @@ MHD_gnutls_certificate_set_x509_trust_mem (mhd_gtls_cert_credentials_t return ret; } -/** - * MHD_gnutls_certificate_set_x509_trust_file - Used to add trusted CAs in a mhd_gtls_cert_credentials_t structure - * @res: is an #mhd_gtls_cert_credentials_t structure. - * @cafile: is a file containing the list of trusted CAs (DER or PEM list) - * @type: is PEM or DER - * - * This function adds the trusted CAs in order to verify client or - * server certificates. In case of a client this is not required to - * be called if the certificates are not verified using - * MHD_gtls_certificate_verify_peers2(). This function may be called - * multiple times. - * - * In case of a server the names of the CAs set here will be sent to - * the client if a certificate request is sent. This can be disabled - * using MHD_gnutls_certificate_send_x509_rdn_sequence(). - * - * Returns: number of certificates processed, or a negative value on - * error. - **/ -int -MHD_gnutls_certificate_set_x509_trust_file (mhd_gtls_cert_credentials_t - res, const char *cafile, - gnutls_x509_crt_fmt_t type) -{ - int ret, ret2; - size_t size; - unsigned char *data = (unsigned char*) read_file (cafile, &size); - - if (data == NULL) - { - gnutls_assert (); - return GNUTLS_E_FILE_ERROR; - } - - if (type == GNUTLS_X509_FMT_DER) - ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size); - else - ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size); - - free (data); - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - if ((ret2 = generate_rdn_seq (res)) < 0) - return ret2; - - return ret; -} - #ifdef ENABLE_PKI static int @@ -1333,53 +1159,6 @@ MHD_gnutls_certificate_set_x509_crl_mem (mhd_gtls_cert_credentials_t return ret; } -/** - * MHD_gnutls_certificate_set_x509_crl_file - Used to add CRLs in a mhd_gtls_cert_credentials_t structure - * @res: is an #mhd_gtls_cert_credentials_t structure. - * @crlfile: is a file containing the list of verified CRLs (DER or PEM list) - * @type: is PEM or DER - * - * This function adds the trusted CRLs in order to verify client or server - * certificates. In case of a client this is not required - * to be called if the certificates are not verified using - * MHD_gtls_certificate_verify_peers2(). - * This function may be called multiple times. - * - * Returns: number of CRLs processed or a negative value on error. - **/ -int -MHD_gnutls_certificate_set_x509_crl_file (mhd_gtls_cert_credentials_t - res, const char *crlfile, - gnutls_x509_crt_fmt_t type) -{ - int ret; - size_t size; - unsigned char *data = (unsigned char*) read_file (crlfile, &size); - - if (data == NULL) - { - gnutls_assert (); - return GNUTLS_E_FILE_ERROR; - } - - if (type == GNUTLS_X509_FMT_DER) - ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls, - data, size); - else - ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls, - data, size); - - free (data); - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - return ret; -} - #include /** diff --git a/src/daemon/internal.h b/src/daemon/internal.h index 39886187..47d2963f 100644 --- a/src/daemon/internal.h +++ b/src/daemon/internal.h @@ -663,10 +663,6 @@ struct MHD_Daemon /* Diffie-Hellman parameters */ mhd_gtls_dh_params_t dh_params; - const char *https_key_path; - - const char *https_cert_path; - const char *https_mem_key; const char *https_mem_cert; diff --git a/src/examples/https_fileserver_example.c b/src/examples/https_fileserver_example.c index 55201ce2..a8897a8d 100644 --- a/src/examples/https_fileserver_example.c +++ b/src/examples/https_fileserver_example.c @@ -170,19 +170,9 @@ main (int argc, char *const *argv) MHD_OPTION_END); } - else if (argc == 5){ - TLS_daemon = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_DEBUG - | MHD_USE_SSL, atoi (argv[1]), - NULL, - NULL, &http_ahc, - NULL, MHD_OPTION_CONNECTION_TIMEOUT, 256, - MHD_OPTION_HTTPS_CERT_PATH, argv[3], - MHD_OPTION_HTTPS_KEY_PATH, argv[4], - MHD_OPTION_END); - } else { printf - ("Usage : %s HTTP-PORT SECONDS-TO-RUN [CERTIFICATE PATH, KEY PATH]\n", argv[0]); + ("Usage : %s HTTP-PORT SECONDS-TO-RUN\n", argv[0]); return 1; } diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 9c98433c..ce1bdd9d 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h @@ -348,24 +348,6 @@ enum MHD_OPTION */ MHD_OPTION_SOCK_ADDR = 6, - /** - * Filename for the private key (key.pem) to be used by the - * HTTPS daemon. This option should be followed by an - * "const char*" argument. The memory of the filename must - * not be released until the application terminates. - * This should be used in conjunction with 'MHD_OPTION_HTTPS_CERT_PATH'. - */ - MHD_OPTION_HTTPS_KEY_PATH = 7, - - /** - * Filename for the certificate (cert.pem) to be used by the - * HTTPS daemon. This option should be followed by an - * "const char*" argument. The memory of the filename must - * not be released until the application terminates. - * This should be used in conjunction with 'MHD_OPTION_HTTPS_KEY_PATH'. - */ - MHD_OPTION_HTTPS_CERT_PATH = 8, - /** * Memory pointer for the private key (key.pem) to be used by the * HTTPS daemon. This option should be followed by an @@ -515,15 +497,6 @@ enum MHD_RequestTerminationCode */ MHD_REQUEST_TERMINATED_DAEMON_SHUTDOWN = 3, - /* FIXME: add TLS-specific error codes, - but only those that are useful! */ - /** - * Processing of this secure connection encountered - * an error. - */ - MHD_TLS_REQUEST_TERMINATED_WITH_ERROR, - - MHD_TLS_REQUEST_TERMINATED_WITH_FATAL_ALERT }; /** @@ -640,11 +613,11 @@ enum MHD_GNUTLS_CompressionMethod enum MHD_GNUTLS_Protocol { MHD_GNUTLS_PROTOCOL_END = 0, - MHD_GNUTLS_SSL3 = 1, - MHD_GNUTLS_TLS1_0, - MHD_GNUTLS_TLS1_1, - MHD_GNUTLS_TLS1_2, - MHD_GNUTLS_VERSION_UNKNOWN = 0xff + MHD_GNUTLS_PROTOCOL_SSL3 = 1, + MHD_GNUTLS_PROTOCOL_TLS1_0, + MHD_GNUTLS_PROTOCOL_TLS1_1, + MHD_GNUTLS_PROTOCOL_TLS1_2, + MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN = 0xff }; /** diff --git a/src/testcurl/https/mhds_session_info_test.c b/src/testcurl/https/mhds_session_info_test.c index d57c6037..2f25f312 100644 --- a/src/testcurl/https/mhds_session_info_test.c +++ b/src/testcurl/https/mhds_session_info_test.c @@ -105,7 +105,7 @@ query_session_ahc (void *cls, struct MHD_Connection *connection, } if (MHD_get_connection_info (connection, MHD_CONNECTION_INFO_PROTOCOL)->protocol != - MHD_GNUTLS_SSL3) + MHD_GNUTLS_PROTOCOL_SSL3) { fprintf (stderr, "Error: requested compression mismatch. %s\n", strerror (errno)); diff --git a/src/testcurl/https/tls_daemon_options_test.c b/src/testcurl/https/tls_daemon_options_test.c index 38a8c1d5..5817c9c5 100644 --- a/src/testcurl/https/tls_daemon_options_test.c +++ b/src/testcurl/https/tls_daemon_options_test.c @@ -356,8 +356,6 @@ main (int argc, char *const *argv) { FILE *test_fd; unsigned int errorCount = 0; - char * cur_dir; - char cert_path[255], key_path[255]; MHD_gtls_global_set_log_level (DEBUG_GNUTLS_LOG_LEVEL); @@ -379,7 +377,7 @@ main (int argc, char *const *argv) } int mac[] = { MHD_GNUTLS_MAC_SHA1, 0 }; - int p[] = { MHD_GNUTLS_SSL3, 0 }; + int p[] = { MHD_GNUTLS_PROTOCOL_SSL3, 0 }; int cipher[] = { MHD_GNUTLS_CIPHER_3DES_CBC, 0 }; int kx[] = { MHD_GNUTLS_KX_ANON_DH, 0 }; @@ -390,16 +388,6 @@ main (int argc, char *const *argv) MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem, MHD_OPTION_END); - cur_dir = get_current_dir_name (); - sprintf (cert_path, "%s/%s", cur_dir, "cert.pem"); - sprintf (key_path, "%s/%s", cur_dir, "key.pem"); - - errorCount += - test_wrap ("file certificates", &test_https_transfer, test_fd, - "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_CERT_PATH, cert_path, - MHD_OPTION_HTTPS_KEY_PATH, key_path, MHD_OPTION_END); - free (cur_dir); - errorCount += test_wrap ("protocol_version", &test_protocol_version, test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY, -- cgit v1.2.3