__gaa_helpsingle(0, "print-cert", "", "Print the certificate in PEM format.");
__gaa_helpsingle(0, "recordsize", "integer ", "The maximum record size to advertize.");
__gaa_helpsingle('V', "verbose", "", "More verbose output.");
- __gaa_helpsingle(0, "ciphers", "cipher1 cipher2... ", "Ciphers to enable.");
- __gaa_helpsingle(0, "protocols", "protocol1 protocol2... ", "Protocols to enable.");
- __gaa_helpsingle(0, "comp", "comp1 comp2... ", "Compression methods to enable.");
- __gaa_helpsingle(0, "macs", "mac1 mac2... ", "MACs to enable.");
- __gaa_helpsingle(0, "kx", "kx1 kx2... ", "Key exchange methods to enable.");
- __gaa_helpsingle(0, "ctypes", "certType1 certType2... ", "Certificate types to enable.");
__gaa_helpsingle(0, "priority", "PRIORITY STRING ", "Priorities string.");
__gaa_helpsingle(0, "x509cafile", "FILE ", "Certificate file or PKCS #11 URL to use.");
__gaa_helpsingle(0, "x509crlfile", "FILE ", "CRL file to use.");
struct _gaainfo
{
-#line 127 "cli.gaa"
+#line 103 "cli.gaa"
char *rest_args;
-#line 119 "cli.gaa"
+#line 95 "cli.gaa"
int insecure;
-#line 116 "cli.gaa"
+#line 92 "cli.gaa"
char *port;
-#line 113 "cli.gaa"
+#line 89 "cli.gaa"
char *opaque_prf_input;
-#line 110 "cli.gaa"
+#line 86 "cli.gaa"
char *psk_key;
-#line 107 "cli.gaa"
+#line 83 "cli.gaa"
char *psk_username;
-#line 104 "cli.gaa"
+#line 80 "cli.gaa"
char *srp_passwd;
-#line 101 "cli.gaa"
+#line 77 "cli.gaa"
char *srp_username;
-#line 98 "cli.gaa"
+#line 74 "cli.gaa"
char *x509_certfile;
-#line 95 "cli.gaa"
+#line 71 "cli.gaa"
char *x509_keyfile;
-#line 92 "cli.gaa"
+#line 68 "cli.gaa"
char *pgp_subkey;
-#line 89 "cli.gaa"
+#line 65 "cli.gaa"
char *pgp_certfile;
-#line 86 "cli.gaa"
+#line 62 "cli.gaa"
char *pgp_keyring;
-#line 83 "cli.gaa"
+#line 59 "cli.gaa"
char *pgp_keyfile;
-#line 80 "cli.gaa"
+#line 56 "cli.gaa"
char *x509_crlfile;
-#line 77 "cli.gaa"
+#line 53 "cli.gaa"
char *x509_cafile;
-#line 74 "cli.gaa"
- char *priorities;
-#line 71 "cli.gaa"
- char **ctype;
-#line 70 "cli.gaa"
- int nctype;
-#line 67 "cli.gaa"
- char **kx;
-#line 66 "cli.gaa"
- int nkx;
-#line 63 "cli.gaa"
- char **macs;
-#line 62 "cli.gaa"
- int nmacs;
-#line 59 "cli.gaa"
- char **comp;
-#line 58 "cli.gaa"
- int ncomp;
-#line 55 "cli.gaa"
- char **proto;
-#line 54 "cli.gaa"
- int nproto;
-#line 51 "cli.gaa"
- char **ciphers;
#line 50 "cli.gaa"
- int nciphers;
+ char *priorities;
#line 47 "cli.gaa"
int verbose;
#line 44 "cli.gaa"
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 37
+#define GAA_NB_OPTION 31
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_list 3
#define GAAOPTID_x509crlfile 17
#define GAAOPTID_x509cafile 18
#define GAAOPTID_priority 19
-#define GAAOPTID_ctypes 20
-#define GAAOPTID_kx 21
-#define GAAOPTID_macs 22
-#define GAAOPTID_comp 23
-#define GAAOPTID_protocols 24
-#define GAAOPTID_ciphers 25
-#define GAAOPTID_verbose 26
-#define GAAOPTID_recordsize 27
-#define GAAOPTID_print_cert 28
-#define GAAOPTID_disable_extensions 29
-#define GAAOPTID_fingerprint 30
-#define GAAOPTID_x509fmtder 31
-#define GAAOPTID_crlf 32
-#define GAAOPTID_starttls 33
-#define GAAOPTID_noticket 34
-#define GAAOPTID_rehandshake 35
-#define GAAOPTID_resume 36
-#define GAAOPTID_debug 37
+#define GAAOPTID_verbose 20
+#define GAAOPTID_recordsize 21
+#define GAAOPTID_print_cert 22
+#define GAAOPTID_disable_extensions 23
+#define GAAOPTID_fingerprint 24
+#define GAAOPTID_x509fmtder 25
+#define GAAOPTID_crlf 26
+#define GAAOPTID_starttls 27
+#define GAAOPTID_noticket 28
+#define GAAOPTID_rehandshake 29
+#define GAAOPTID_resume 30
+#define GAAOPTID_debug 31
#line 168 "gaa.skel"
int size1;
};
-struct GAAOPTION_ctypes
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_kx
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_macs
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_comp
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_protocols
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_ciphers
-{
- char** arg1;
- int size1;
-};
-
struct GAAOPTION_recordsize
{
int arg1;
GAA_CHECK1STR("", GAAOPTID_x509crlfile);
GAA_CHECK1STR("", GAAOPTID_x509cafile);
GAA_CHECK1STR("", GAAOPTID_priority);
- GAA_CHECK1STR("", GAAOPTID_ctypes);
- GAA_CHECK1STR("", GAAOPTID_kx);
- GAA_CHECK1STR("", GAAOPTID_macs);
- GAA_CHECK1STR("", GAAOPTID_comp);
- GAA_CHECK1STR("", GAAOPTID_protocols);
- GAA_CHECK1STR("", GAAOPTID_ciphers);
GAA_CHECK1STR("", GAAOPTID_recordsize);
GAA_CHECK1STR("d", GAAOPTID_debug);
case GAA_MULTIPLE_OPTION:
GAA_CHECKSTR("x509crlfile", GAAOPTID_x509crlfile);
GAA_CHECKSTR("x509cafile", GAAOPTID_x509cafile);
GAA_CHECKSTR("priority", GAAOPTID_priority);
- GAA_CHECKSTR("ctypes", GAAOPTID_ctypes);
- GAA_CHECKSTR("kx", GAAOPTID_kx);
- GAA_CHECKSTR("macs", GAAOPTID_macs);
- GAA_CHECKSTR("comp", GAAOPTID_comp);
- GAA_CHECKSTR("protocols", GAAOPTID_protocols);
- GAA_CHECKSTR("ciphers", GAAOPTID_ciphers);
GAA_CHECKSTR("verbose", GAAOPTID_verbose);
GAA_CHECKSTR("recordsize", GAAOPTID_recordsize);
GAA_CHECKSTR("print-cert", GAAOPTID_print_cert);
struct GAAOPTION_x509crlfile GAATMP_x509crlfile;
struct GAAOPTION_x509cafile GAATMP_x509cafile;
struct GAAOPTION_priority GAATMP_priority;
- struct GAAOPTION_ctypes GAATMP_ctypes;
- struct GAAOPTION_kx GAATMP_kx;
- struct GAAOPTION_macs GAATMP_macs;
- struct GAAOPTION_comp GAATMP_comp;
- struct GAAOPTION_protocols GAATMP_protocols;
- struct GAAOPTION_ciphers GAATMP_ciphers;
struct GAAOPTION_recordsize GAATMP_recordsize;
struct GAAOPTION_debug GAATMP_debug;
{
case GAAOPTID_version:
OK = 0;
-#line 125 "cli.gaa"
+#line 101 "cli.gaa"
{ cli_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 123 "cli.gaa"
+#line 99 "cli.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_list:
OK = 0;
-#line 122 "cli.gaa"
+#line 98 "cli.gaa"
{ print_list(gaaval->verbose); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_insecure:
OK = 0;
-#line 120 "cli.gaa"
+#line 96 "cli.gaa"
{ gaaval->insecure = 1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_port.arg1, gaa_getstr, GAATMP_port.size1);
gaa_index++;
-#line 117 "cli.gaa"
+#line 93 "cli.gaa"
{ gaaval->port = GAATMP_port.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_opaque_prf_input.arg1, gaa_getstr, GAATMP_opaque_prf_input.size1);
gaa_index++;
-#line 114 "cli.gaa"
+#line 90 "cli.gaa"
{ gaaval->opaque_prf_input = GAATMP_opaque_prf_input.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pskkey.arg1, gaa_getstr, GAATMP_pskkey.size1);
gaa_index++;
-#line 111 "cli.gaa"
+#line 87 "cli.gaa"
{ gaaval->psk_key = GAATMP_pskkey.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pskusername.arg1, gaa_getstr, GAATMP_pskusername.size1);
gaa_index++;
-#line 108 "cli.gaa"
+#line 84 "cli.gaa"
{ gaaval->psk_username = GAATMP_pskusername.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_srppasswd.arg1, gaa_getstr, GAATMP_srppasswd.size1);
gaa_index++;
-#line 105 "cli.gaa"
+#line 81 "cli.gaa"
{ gaaval->srp_passwd = GAATMP_srppasswd.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_srpusername.arg1, gaa_getstr, GAATMP_srpusername.size1);
gaa_index++;
-#line 102 "cli.gaa"
+#line 78 "cli.gaa"
{ gaaval->srp_username = GAATMP_srpusername.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509certfile.arg1, gaa_getstr, GAATMP_x509certfile.size1);
gaa_index++;
-#line 99 "cli.gaa"
+#line 75 "cli.gaa"
{ gaaval->x509_certfile = GAATMP_x509certfile.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509keyfile.arg1, gaa_getstr, GAATMP_x509keyfile.size1);
gaa_index++;
-#line 96 "cli.gaa"
+#line 72 "cli.gaa"
{ gaaval->x509_keyfile = GAATMP_x509keyfile.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpsubkey.arg1, gaa_getstr, GAATMP_pgpsubkey.size1);
gaa_index++;
-#line 93 "cli.gaa"
+#line 69 "cli.gaa"
{ gaaval->pgp_subkey = GAATMP_pgpsubkey.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpcertfile.arg1, gaa_getstr, GAATMP_pgpcertfile.size1);
gaa_index++;
-#line 90 "cli.gaa"
+#line 66 "cli.gaa"
{ gaaval->pgp_certfile = GAATMP_pgpcertfile.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpkeyring.arg1, gaa_getstr, GAATMP_pgpkeyring.size1);
gaa_index++;
-#line 87 "cli.gaa"
+#line 63 "cli.gaa"
{ gaaval->pgp_keyring = GAATMP_pgpkeyring.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pgpkeyfile.arg1, gaa_getstr, GAATMP_pgpkeyfile.size1);
gaa_index++;
-#line 84 "cli.gaa"
+#line 60 "cli.gaa"
{ gaaval->pgp_keyfile = GAATMP_pgpkeyfile.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509crlfile.arg1, gaa_getstr, GAATMP_x509crlfile.size1);
gaa_index++;
-#line 81 "cli.gaa"
+#line 57 "cli.gaa"
{ gaaval->x509_crlfile = GAATMP_x509crlfile.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_x509cafile.arg1, gaa_getstr, GAATMP_x509cafile.size1);
gaa_index++;
-#line 78 "cli.gaa"
+#line 54 "cli.gaa"
{ gaaval->x509_cafile = GAATMP_x509cafile.arg1 ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_priority.arg1, gaa_getstr, GAATMP_priority.size1);
gaa_index++;
-#line 75 "cli.gaa"
+#line 51 "cli.gaa"
{ gaaval->priorities = GAATMP_priority.arg1 ;};
- return GAA_OK;
- break;
- case GAAOPTID_ctypes:
- OK = 0;
- GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1);
-#line 72 "cli.gaa"
-{ gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_kx:
- OK = 0;
- GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1);
-#line 68 "cli.gaa"
-{ gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_macs:
- OK = 0;
- GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1);
-#line 64 "cli.gaa"
-{ gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_comp:
- OK = 0;
- GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1);
-#line 60 "cli.gaa"
-{ gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_protocols:
- OK = 0;
- GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1);
-#line 56 "cli.gaa"
-{ gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_ciphers:
- OK = 0;
- GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1);
-#line 52 "cli.gaa"
-{ gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;};
-
return GAA_OK;
break;
case GAAOPTID_verbose:
GAA_TESTMOREARGS;
GAA_FILL(GAAREST_tmp.arg1, gaa_getstr, GAAREST_tmp.size1);
gaa_index++;
-#line 128 "cli.gaa"
+#line 104 "cli.gaa"
{ gaaval->rest_args = GAAREST_tmp.arg1; ;};
return GAA_OK;
if(inited == 0)
{
-#line 130 "cli.gaa"
-{ gaaval->resume=0; gaaval->noticket=0; gaaval->port="443"; gaaval->rest_args=NULL; gaaval->ciphers=NULL;
- gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0;
- gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->record_size=0;
+#line 106 "cli.gaa"
+{ gaaval->resume=0; gaaval->noticket=0; gaaval->port="443"; gaaval->rest_args=NULL;
+ gaaval->record_size=0;
gaaval->fingerprint=0; gaaval->pgp_keyring=NULL; gaaval->x509_crlfile = NULL;
gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL; gaaval->disable_extensions = 0;
gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->crlf = 0;
struct _gaainfo
{
-#line 127 "cli.gaa"
+#line 103 "cli.gaa"
char *rest_args;
-#line 119 "cli.gaa"
+#line 95 "cli.gaa"
int insecure;
-#line 116 "cli.gaa"
+#line 92 "cli.gaa"
char *port;
-#line 113 "cli.gaa"
+#line 89 "cli.gaa"
char *opaque_prf_input;
-#line 110 "cli.gaa"
+#line 86 "cli.gaa"
char *psk_key;
-#line 107 "cli.gaa"
+#line 83 "cli.gaa"
char *psk_username;
-#line 104 "cli.gaa"
+#line 80 "cli.gaa"
char *srp_passwd;
-#line 101 "cli.gaa"
+#line 77 "cli.gaa"
char *srp_username;
-#line 98 "cli.gaa"
+#line 74 "cli.gaa"
char *x509_certfile;
-#line 95 "cli.gaa"
+#line 71 "cli.gaa"
char *x509_keyfile;
-#line 92 "cli.gaa"
+#line 68 "cli.gaa"
char *pgp_subkey;
-#line 89 "cli.gaa"
+#line 65 "cli.gaa"
char *pgp_certfile;
-#line 86 "cli.gaa"
+#line 62 "cli.gaa"
char *pgp_keyring;
-#line 83 "cli.gaa"
+#line 59 "cli.gaa"
char *pgp_keyfile;
-#line 80 "cli.gaa"
+#line 56 "cli.gaa"
char *x509_crlfile;
-#line 77 "cli.gaa"
+#line 53 "cli.gaa"
char *x509_cafile;
-#line 74 "cli.gaa"
- char *priorities;
-#line 71 "cli.gaa"
- char **ctype;
-#line 70 "cli.gaa"
- int nctype;
-#line 67 "cli.gaa"
- char **kx;
-#line 66 "cli.gaa"
- int nkx;
-#line 63 "cli.gaa"
- char **macs;
-#line 62 "cli.gaa"
- int nmacs;
-#line 59 "cli.gaa"
- char **comp;
-#line 58 "cli.gaa"
- int ncomp;
-#line 55 "cli.gaa"
- char **proto;
-#line 54 "cli.gaa"
- int nproto;
-#line 51 "cli.gaa"
- char **ciphers;
#line 50 "cli.gaa"
- int nciphers;
+ char *priorities;
#line 47 "cli.gaa"
int verbose;
#line 44 "cli.gaa"
hostname = "localhost";
else
hostname = info.rest_args;
-
- parse_protocols (info.proto, info.nproto, protocol_priority);
- parse_ciphers (info.ciphers, info.nciphers, cipher_priority);
- parse_macs (info.macs, info.nmacs, mac_priority);
- parse_ctypes (info.ctype, info.nctype, cert_type_priority);
- parse_kx (info.kx, info.nkx, kx_priority);
- parse_comp (info.comp, info.ncomp, comp_priority);
}
void cli_version (void);
#int verbose;
option (V, verbose) { $verbose = 1 } "More verbose output."
-#int nciphers;
-#char **ciphers;
-option (ciphers) *STR "cipher1 cipher2..." { $ciphers = $1; $nciphers = @1 } "Ciphers to enable."
-
-#int nproto;
-#char **proto;
-option (protocols) *STR "protocol1 protocol2..." { $proto = $1; $nproto = @1 } "Protocols to enable."
-
-#int ncomp;
-#char **comp;
-option (comp) *STR "comp1 comp2..." { $comp = $1; $ncomp = @1 } "Compression methods to enable."
-
-#int nmacs;
-#char **macs;
-option (macs) *STR "mac1 mac2..." { $macs = $1; $nmacs = @1 } "MACs to enable."
-
-#int nkx;
-#char **kx;
-option (kx) *STR "kx1 kx2..." { $kx = $1; $nkx = @1 } "Key exchange methods to enable."
-
-#int nctype;
-#char **ctype;
-option (ctypes) *STR "certType1 certType2..." { $ctype = $1; $nctype = @1 } "Certificate types to enable."
-
#char *priorities;
option (priority) STR "PRIORITY STRING" { $priorities = $1 } "Priorities string."
#char *rest_args;
rest STR "hostname" { $rest_args = $1; }
-init { $resume=0; $noticket=0; $port="443"; $rest_args=NULL; $ciphers=NULL;
- $kx=NULL; $comp=NULL; $macs=NULL; $ctype=NULL; $nciphers=0;
- $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $record_size=0;
+init { $resume=0; $noticket=0; $port="443"; $rest_args=NULL;
+ $record_size=0;
$fingerprint=0; $pgp_keyring=NULL; $x509_crlfile = NULL;
$x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL; $disable_extensions = 0;
$x509_keyfile=NULL; $x509_certfile=NULL; $crlf = 0;
}
}
-static int depr_printed = 0;
-#define DEPRECATED if (depr_printed==0) { \
- fprintf(stderr, "This method of specifying algorithms is deprecated. Please use the --priority option.\n"); \
- depr_printed = 1; \
- }
-
-void
-parse_protocols (char **protocols, int protocols_size, int *protocol_priority)
-{
- int i, j;
-
- if (protocols != NULL && protocols_size > 0)
- {
- DEPRECATED;
-
- for (j = i = 0; i < protocols_size; i++)
- {
- if (strncasecmp (protocols[i], "SSL", 3) == 0)
- protocol_priority[j++] = GNUTLS_SSL3;
- else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
- protocol_priority[j++] = GNUTLS_TLS1_1;
- else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
- protocol_priority[j++] = GNUTLS_TLS1_2;
- else if (strncasecmp (protocols[i], "TLS", 3) == 0)
- protocol_priority[j++] = GNUTLS_TLS1_0;
- else
- fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
- }
- protocol_priority[j] = 0;
- }
-}
-
-void
-parse_ciphers (char **ciphers, int nciphers, int *cipher_priority)
-{
- int j, i;
-
-
- if (ciphers != NULL && nciphers > 0)
- {
- DEPRECATED;
- for (j = i = 0; i < nciphers; i++)
- {
- if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
- else if (strncasecmp (ciphers[i], "AES", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
- else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
- else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
- else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
-#ifdef ENABLE_CAMELLIA
- else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
- else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
-#endif
- else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
- cipher_priority[j++] = GNUTLS_CIPHER_NULL;
- else
- fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
- }
- cipher_priority[j] = 0;
- }
-}
-
-void
-parse_macs (char **macs, int nmacs, int *mac_priority)
-{
- int i, j;
-
-
- if (macs != NULL && nmacs > 0)
- {
- DEPRECATED;
- for (j = i = 0; i < nmacs; i++)
- {
- if (strncasecmp (macs[i], "MD5", 3) == 0)
- mac_priority[j++] = GNUTLS_MAC_MD5;
- else if (strncasecmp (macs[i], "RMD", 3) == 0)
- mac_priority[j++] = GNUTLS_MAC_RMD160;
- else if (strncasecmp (macs[i], "SHA512", 6) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA512;
- else if (strncasecmp (macs[i], "SHA384", 6) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA384;
- else if (strncasecmp (macs[i], "SHA256", 6) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA256;
- else if (strncasecmp (macs[i], "SHA", 3) == 0)
- mac_priority[j++] = GNUTLS_MAC_SHA1;
- else
- fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
- }
- mac_priority[j] = 0;
- }
-}
-
-void
-parse_ctypes (char **ctype, int nctype, int *cert_type_priority)
-{
- int i, j;
-
- if (ctype != NULL && nctype > 0)
- {
- DEPRECATED;
- for (j = i = 0; i < nctype; i++)
- {
- if (strncasecmp (ctype[i], "OPE", 3) == 0)
- cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
- else if (strncasecmp (ctype[i], "X", 1) == 0)
- cert_type_priority[j++] = GNUTLS_CRT_X509;
- else
- fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
- }
- cert_type_priority[j] = 0;
- }
-}
-
-void
-parse_kx (char **kx, int nkx, int *kx_priority)
-{
- int i, j;
-
-
- if (kx != NULL && nkx > 0)
- {
- DEPRECATED;
- for (j = i = 0; i < nkx; i++)
- {
- if (strcasecmp (kx[i], "SRP") == 0)
- kx_priority[j++] = GNUTLS_KX_SRP;
- else if (strcasecmp (kx[i], "SRP-RSA") == 0)
- kx_priority[j++] = GNUTLS_KX_SRP_RSA;
- else if (strcasecmp (kx[i], "SRP-DSS") == 0)
- kx_priority[j++] = GNUTLS_KX_SRP_DSS;
- else if (strcasecmp (kx[i], "RSA") == 0)
- kx_priority[j++] = GNUTLS_KX_RSA;
- else if (strcasecmp (kx[i], "PSK") == 0)
- kx_priority[j++] = GNUTLS_KX_PSK;
- else if (strcasecmp (kx[i], "DHE-PSK") == 0)
- kx_priority[j++] = GNUTLS_KX_DHE_PSK;
- else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
- kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
- else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
- kx_priority[j++] = GNUTLS_KX_DHE_RSA;
- else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
- kx_priority[j++] = GNUTLS_KX_DHE_DSS;
- else if (strncasecmp (kx[i], "ANON", 4) == 0)
- kx_priority[j++] = GNUTLS_KX_ANON_DH;
- else
- fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
- }
- kx_priority[j] = 0;
- }
-}
-
-void
-parse_comp (char **comp, int ncomp, int *comp_priority)
-{
- int i, j;
-
- if (comp != NULL && ncomp > 0)
- {
- DEPRECATED;
- for (j = i = 0; i < ncomp; i++)
- {
- if (strncasecmp (comp[i], "NUL", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_NULL;
- else if (strncasecmp (comp[i], "ZLI", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_DEFLATE;
- else if (strncasecmp (comp[i], "DEF", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_DEFLATE;
- else if (strncasecmp (comp[i], "LZO", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_LZO;
- else
- fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
- }
- comp_priority[j] = 0;
- }
-}
-
void
sockets_init (void)
{
int insecure);
void print_list (int verbose);
-void parse_comp (char **comp, int ncomp, int *comp_priority);
-void parse_kx (char **kx, int nkx, int *kx_priority);
-void parse_ctypes (char **ctype, int nctype, int *cert_type_priority);
-void parse_macs (char **macs, int nmacs, int *mac_priority);
-void parse_ciphers (char **ciphers, int nciphers, int *cipher_priority);
-void parse_protocols (char **protocols, int protocols_size,
- int *protocol_priority);
const char *raw_to_string (const unsigned char *raw, size_t raw_size);
int service_to_port (const char *service);
void pkcs11_common (void);
__gaa_helpsingle(0, "srppasswd", "FILE ", "SRP password file to use.");
__gaa_helpsingle(0, "srppasswdconf", "FILE ", "SRP password conf file to use.");
__gaa_helpsingle(0, "opaque-prf-input", "DATA ", "Use Opaque PRF Input DATA.");
- __gaa_helpsingle(0, "ciphers", "cipher1 cipher2... ", "Ciphers to enable.");
- __gaa_helpsingle(0, "protocols", "protocol1 protocol2... ", "Protocols to enable.");
- __gaa_helpsingle(0, "comp", "comp1 comp2... ", "Compression methods to enable.");
- __gaa_helpsingle(0, "macs", "mac1 mac2... ", "MACs to enable.");
- __gaa_helpsingle(0, "kx", "kx1 kx2... ", "Key exchange methods to enable.");
- __gaa_helpsingle(0, "ctypes", "certType1 certType2... ", "Certificate types to enable.");
__gaa_helpsingle(0, "priority", "PRIORITY STRING ", "Priorities string.");
__gaa_helpsingle('l', "list", "", "Print a list of the supported algorithms and modes.");
__gaa_helpsingle('h', "help", "", "prints this help");
struct _gaainfo
{
-#line 115 "serv.gaa"
- char *priorities;
-#line 112 "serv.gaa"
- char **ctype;
-#line 111 "serv.gaa"
- int nctype;
-#line 108 "serv.gaa"
- char **kx;
-#line 107 "serv.gaa"
- int nkx;
-#line 104 "serv.gaa"
- char **macs;
-#line 103 "serv.gaa"
- int nmacs;
-#line 100 "serv.gaa"
- char **comp;
-#line 99 "serv.gaa"
- int ncomp;
-#line 96 "serv.gaa"
- char **proto;
-#line 95 "serv.gaa"
- int nproto;
-#line 92 "serv.gaa"
- char **ciphers;
#line 91 "serv.gaa"
- int nciphers;
+ char *priorities;
#line 88 "serv.gaa"
char *opaque_prf_input;
#line 85 "serv.gaa"
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 37
+#define GAA_NB_OPTION 31
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_list 3
#define GAAOPTID_priority 4
-#define GAAOPTID_ctypes 5
-#define GAAOPTID_kx 6
-#define GAAOPTID_macs 7
-#define GAAOPTID_comp 8
-#define GAAOPTID_protocols 9
-#define GAAOPTID_ciphers 10
-#define GAAOPTID_opaque_prf_input 11
-#define GAAOPTID_srppasswdconf 12
-#define GAAOPTID_srppasswd 13
-#define GAAOPTID_pskhint 14
-#define GAAOPTID_pskpasswd 15
-#define GAAOPTID_disable_client_cert 16
-#define GAAOPTID_require_cert 17
-#define GAAOPTID_x509dsacertfile 18
-#define GAAOPTID_x509dsakeyfile 19
-#define GAAOPTID_x509certfile 20
-#define GAAOPTID_x509keyfile 21
-#define GAAOPTID_pgpsubkey 22
-#define GAAOPTID_pgpcertfile 23
-#define GAAOPTID_pgpkeyfile 24
-#define GAAOPTID_pgpkeyring 25
-#define GAAOPTID_x509crlfile 26
-#define GAAOPTID_x509cafile 27
-#define GAAOPTID_x509fmtder 28
-#define GAAOPTID_dhparams 29
-#define GAAOPTID_echo 30
-#define GAAOPTID_http 31
-#define GAAOPTID_noticket 32
-#define GAAOPTID_nodb 33
-#define GAAOPTID_quiet 34
-#define GAAOPTID_port 35
-#define GAAOPTID_generate 36
-#define GAAOPTID_debug 37
+#define GAAOPTID_opaque_prf_input 5
+#define GAAOPTID_srppasswdconf 6
+#define GAAOPTID_srppasswd 7
+#define GAAOPTID_pskhint 8
+#define GAAOPTID_pskpasswd 9
+#define GAAOPTID_disable_client_cert 10
+#define GAAOPTID_require_cert 11
+#define GAAOPTID_x509dsacertfile 12
+#define GAAOPTID_x509dsakeyfile 13
+#define GAAOPTID_x509certfile 14
+#define GAAOPTID_x509keyfile 15
+#define GAAOPTID_pgpsubkey 16
+#define GAAOPTID_pgpcertfile 17
+#define GAAOPTID_pgpkeyfile 18
+#define GAAOPTID_pgpkeyring 19
+#define GAAOPTID_x509crlfile 20
+#define GAAOPTID_x509cafile 21
+#define GAAOPTID_x509fmtder 22
+#define GAAOPTID_dhparams 23
+#define GAAOPTID_echo 24
+#define GAAOPTID_http 25
+#define GAAOPTID_noticket 26
+#define GAAOPTID_nodb 27
+#define GAAOPTID_quiet 28
+#define GAAOPTID_port 29
+#define GAAOPTID_generate 30
+#define GAAOPTID_debug 31
#line 168 "gaa.skel"
int size1;
};
-struct GAAOPTION_ctypes
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_kx
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_macs
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_comp
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_protocols
-{
- char** arg1;
- int size1;
-};
-
-struct GAAOPTION_ciphers
-{
- char** arg1;
- int size1;
-};
-
struct GAAOPTION_opaque_prf_input
{
char* arg1;
{
case GAA_LETTER_OPTION:
GAA_CHECK1STR("", GAAOPTID_priority);
- GAA_CHECK1STR("", GAAOPTID_ctypes);
- GAA_CHECK1STR("", GAAOPTID_kx);
- GAA_CHECK1STR("", GAAOPTID_macs);
- GAA_CHECK1STR("", GAAOPTID_comp);
- GAA_CHECK1STR("", GAAOPTID_protocols);
- GAA_CHECK1STR("", GAAOPTID_ciphers);
GAA_CHECK1STR("", GAAOPTID_opaque_prf_input);
GAA_CHECK1STR("", GAAOPTID_srppasswdconf);
GAA_CHECK1STR("", GAAOPTID_srppasswd);
GAA_CHECKSTR("help", GAAOPTID_help);
GAA_CHECKSTR("list", GAAOPTID_list);
GAA_CHECKSTR("priority", GAAOPTID_priority);
- GAA_CHECKSTR("ctypes", GAAOPTID_ctypes);
- GAA_CHECKSTR("kx", GAAOPTID_kx);
- GAA_CHECKSTR("macs", GAAOPTID_macs);
- GAA_CHECKSTR("comp", GAAOPTID_comp);
- GAA_CHECKSTR("protocols", GAAOPTID_protocols);
- GAA_CHECKSTR("ciphers", GAAOPTID_ciphers);
GAA_CHECKSTR("opaque-prf-input", GAAOPTID_opaque_prf_input);
GAA_CHECKSTR("srppasswdconf", GAAOPTID_srppasswdconf);
GAA_CHECKSTR("srppasswd", GAAOPTID_srppasswd);
int OK = 0;
int gaa_last_non_option;
struct GAAOPTION_priority GAATMP_priority;
- struct GAAOPTION_ctypes GAATMP_ctypes;
- struct GAAOPTION_kx GAATMP_kx;
- struct GAAOPTION_macs GAATMP_macs;
- struct GAAOPTION_comp GAATMP_comp;
- struct GAAOPTION_protocols GAATMP_protocols;
- struct GAAOPTION_ciphers GAATMP_ciphers;
struct GAAOPTION_opaque_prf_input GAATMP_opaque_prf_input;
struct GAAOPTION_srppasswdconf GAATMP_srppasswdconf;
struct GAAOPTION_srppasswd GAATMP_srppasswd;
{
case GAAOPTID_version:
OK = 0;
-#line 121 "serv.gaa"
+#line 97 "serv.gaa"
{ serv_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 119 "serv.gaa"
+#line 95 "serv.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_list:
OK = 0;
-#line 118 "serv.gaa"
+#line 94 "serv.gaa"
{ print_list(0); exit(0); ;};
return GAA_OK;
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_priority.arg1, gaa_getstr, GAATMP_priority.size1);
gaa_index++;
-#line 116 "serv.gaa"
+#line 92 "serv.gaa"
{ gaaval->priorities = GAATMP_priority.arg1 ;};
- return GAA_OK;
- break;
- case GAAOPTID_ctypes:
- OK = 0;
- GAA_LIST_FILL(GAATMP_ctypes.arg1, gaa_getstr, char*, GAATMP_ctypes.size1);
-#line 113 "serv.gaa"
-{ gaaval->ctype = GAATMP_ctypes.arg1; gaaval->nctype = GAATMP_ctypes.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_kx:
- OK = 0;
- GAA_LIST_FILL(GAATMP_kx.arg1, gaa_getstr, char*, GAATMP_kx.size1);
-#line 109 "serv.gaa"
-{ gaaval->kx = GAATMP_kx.arg1; gaaval->nkx = GAATMP_kx.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_macs:
- OK = 0;
- GAA_LIST_FILL(GAATMP_macs.arg1, gaa_getstr, char*, GAATMP_macs.size1);
-#line 105 "serv.gaa"
-{ gaaval->macs = GAATMP_macs.arg1; gaaval->nmacs = GAATMP_macs.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_comp:
- OK = 0;
- GAA_LIST_FILL(GAATMP_comp.arg1, gaa_getstr, char*, GAATMP_comp.size1);
-#line 101 "serv.gaa"
-{ gaaval->comp = GAATMP_comp.arg1; gaaval->ncomp = GAATMP_comp.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_protocols:
- OK = 0;
- GAA_LIST_FILL(GAATMP_protocols.arg1, gaa_getstr, char*, GAATMP_protocols.size1);
-#line 97 "serv.gaa"
-{ gaaval->proto = GAATMP_protocols.arg1; gaaval->nproto = GAATMP_protocols.size1 ;};
-
- return GAA_OK;
- break;
- case GAAOPTID_ciphers:
- OK = 0;
- GAA_LIST_FILL(GAATMP_ciphers.arg1, gaa_getstr, char*, GAATMP_ciphers.size1);
-#line 93 "serv.gaa"
-{ gaaval->ciphers = GAATMP_ciphers.arg1; gaaval->nciphers = GAATMP_ciphers.size1 ;};
-
return GAA_OK;
break;
case GAAOPTID_opaque_prf_input:
if(inited == 0)
{
-#line 125 "serv.gaa"
-{ gaaval->generate=0; gaaval->port=5556; gaaval->http=0; gaaval->ciphers=NULL;
- gaaval->kx=NULL; gaaval->comp=NULL; gaaval->macs=NULL; gaaval->ctype=NULL; gaaval->nciphers=0;
- gaaval->nkx=0; gaaval->ncomp=0; gaaval->nmacs=0; gaaval->nctype = 0; gaaval->nodb = 0; gaaval->noticket = 0;
+#line 101 "serv.gaa"
+{ gaaval->generate=0; gaaval->port=5556; gaaval->http=0; gaaval->nodb = 0; gaaval->noticket = 0;
gaaval->x509_cafile = NULL; gaaval->pgp_keyfile=NULL; gaaval->pgp_certfile=NULL;
gaaval->x509_keyfile=NULL; gaaval->x509_certfile=NULL; gaaval->x509_crlfile = NULL;
gaaval->x509_dsakeyfile=NULL; gaaval->x509_dsacertfile=NULL;
struct _gaainfo
{
-#line 115 "serv.gaa"
- char *priorities;
-#line 112 "serv.gaa"
- char **ctype;
-#line 111 "serv.gaa"
- int nctype;
-#line 108 "serv.gaa"
- char **kx;
-#line 107 "serv.gaa"
- int nkx;
-#line 104 "serv.gaa"
- char **macs;
-#line 103 "serv.gaa"
- int nmacs;
-#line 100 "serv.gaa"
- char **comp;
-#line 99 "serv.gaa"
- int ncomp;
-#line 96 "serv.gaa"
- char **proto;
-#line 95 "serv.gaa"
- int nproto;
-#line 92 "serv.gaa"
- char **ciphers;
#line 91 "serv.gaa"
- int nciphers;
+ char *priorities;
#line 88 "serv.gaa"
char *opaque_prf_input;
#line 85 "serv.gaa"
psk_passwd = info.psk_passwd;
pgp_keyring = info.pgp_keyring;
-
- parse_protocols (info.proto, info.nproto, protocol_priority);
- parse_ciphers (info.ciphers, info.nciphers, cipher_priority);
- parse_macs (info.macs, info.nmacs, mac_priority);
- parse_ctypes (info.ctype, info.nctype, cert_type_priority);
- parse_kx (info.kx, info.nkx, kx_priority);
- parse_comp (info.comp, info.ncomp, comp_priority);
}
extern void serv_version (void);
#char *opaque_prf_input;
option (opaque-prf-input) STR "DATA" { $opaque_prf_input = $1 } "Use Opaque PRF Input DATA."
-#int nciphers;
-#char **ciphers;
-option (ciphers) *STR "cipher1 cipher2..." { $ciphers = $1; $nciphers = @1 } "Ciphers to enable."
-
-#int nproto;
-#char **proto;
-option (protocols) *STR "protocol1 protocol2..." { $proto = $1; $nproto = @1 } "Protocols to enable."
-
-#int ncomp;
-#char **comp;
-option (comp) *STR "comp1 comp2..." { $comp = $1; $ncomp = @1 } "Compression methods to enable."
-
-#int nmacs;
-#char **macs;
-option (macs) *STR "mac1 mac2..." { $macs = $1; $nmacs = @1 } "MACs to enable."
-
-#int nkx;
-#char **kx;
-option (kx) *STR "kx1 kx2..." { $kx = $1; $nkx = @1 } "Key exchange methods to enable."
-
-#int nctype;
-#char **ctype;
-option (ctypes) *STR "certType1 certType2..." { $ctype = $1; $nctype = @1 } "Certificate types to enable."
-
#char *priorities;
option (priority) STR "PRIORITY STRING" { $priorities = $1 } "Priorities string."
INCOMP ra
-init { $generate=0; $port=5556; $http=0; $ciphers=NULL;
- $kx=NULL; $comp=NULL; $macs=NULL; $ctype=NULL; $nciphers=0;
- $nkx=0; $ncomp=0; $nmacs=0; $nctype = 0; $nodb = 0; $noticket = 0;
+init { $generate=0; $port=5556; $http=0; $nodb = 0; $noticket = 0;
$x509_cafile = NULL; $pgp_keyfile=NULL; $pgp_certfile=NULL;
$x509_keyfile=NULL; $x509_certfile=NULL; $x509_crlfile = NULL;
$x509_dsakeyfile=NULL; $x509_dsacertfile=NULL;