several fixes cleanups etc.

diff --git a/doc/TODO b/doc/TODO
index fed626e92b4a896d2198543787b3bb6696c85480..a782aa31df589403939c2bfe4b3672845200f3aa 100644 (file)
--- a/doc/TODO
+++ b/doc/TODO
@@ -2,4 +2,5 @@
 * Add Kerberos support (who wants that?)
 * Audit the code (volunteers?)
 * Tools for processing/generating certificates
+* Add certificate extensions support (x509v3)
 * Documentation (of existing functions + Manual)

diff --git a/lib/Makefile.am b/lib/Makefile.am
index 489eb01c6f428d39c8185f7d83b814ee91cd301c..35e2e1c29b7e21cfe994a3b8356bd52e572737cc 100644 (file)
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -29,7 +29,8 @@ libgnutls_la_SOURCES = gnutls_record.c gnutls_compress.c debug.c \
        cert_ASN.y cert_asn1.c cert_der.c gnutls_datum.c auth_rsa.c \
        gnutls_gcry.c ext_dnsname.c gnutls_pk.c gnutls_cert.c cert_verify.c\
        gnutls_global.c gnutls_privkey.c gnutls_constate.c gnutls_anon_cred.c \
-       gnutls_sig_check.c  pkix_asn1_tab.c pkcs1_asn1_tab.c
+       gnutls_sig_check.c pkix_asn1_tab.c pkcs1_asn1_tab.c
+
 libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
 
 pkix_asn1_tab.c: pkix.asn

diff --git a/lib/cert_asn1.h b/lib/cert_asn1.h
index 0011b7af5d7074951b6ae043a64bdf95e690431c..06a0e194e3f7694b98189737c37db58a1181b94b 100755 (executable)
--- a/lib/cert_asn1.h
+++ b/lib/cert_asn1.h
@@ -179,15 +179,3 @@ asn1_create_tree(static_asn *root,node_asn **pointer);
 
 #endif
 
-
-
-
-
-
-
-
-
-
-
-
-

diff --git a/lib/cert_verify.c b/lib/cert_verify.c
index 4f78e502bd96c1f710bcd6e7f4c3dcbb1a7be868..81b10a09cb9b1b7d30bf8bee0647696da82cef9e 100644 (file)
--- a/lib/cert_verify.c
+++ b/lib/cert_verify.c
@@ -155,22 +155,25 @@ static int check_if_expired(gnutls_cert * cert)
 
 
 
+void _gnutls_int2str(int k, char* data);
 
-#define MAX_DN 10*1024
+#define MAX_DN_ELEM 1024
 
 /* This function checks if 'certs' issuer is 'issuer_cert'.
- * This does a straight compare of the DER rdnSequence. 
+ * This does a compare of every element of the rdnSequence
  */
 static
 int compare_dn(gnutls_cert * cert, gnutls_cert * issuer_cert)
 {
-       node_asn *c2;
+       node_asn *c2, *c3;
        int result, len;
        int issuer_len;
-       opaque issuer_dn[MAX_DN];
-       opaque dn[MAX_DN];
+       int i, ok, finish;
+       opaque issuer_dn[MAX_DN_ELEM];
+       opaque issuer_own_dn[MAX_DN_ELEM];
 
-fprintf(stderr, "XXX: %s\nIII: %s\n", cert->issuer_info.common_name, issuer_cert->cert_info.common_name);
+fprintf(stderr, "XXX: %s - III: %s\n", cert->issuer_info.common_name, issuer_cert->issuer_info.common_name);
+fprintf(stderr, "XXX: %s - III: %s\n", cert->cert_info.common_name, issuer_cert->cert_info.common_name);
        /* get the issuer of 'cert'
         */
        if (asn1_create_structure(_gnutls_get_pkix(), "PKIX1Implicit88.Certificate", &c2, "certificate2") != ASN_OK) {
@@ -186,45 +189,77 @@ fprintf(stderr, "XXX: %s\nIII: %s\n", cert->issuer_info.common_name, issuer_cert
                return GNUTLS_E_ASN1_PARSING_ERROR;
        }
        
-       issuer_len = sizeof(issuer_dn) - 1;
-       if ((result =
-            asn1_read_value(c2, "certificate2.tbsCertificate.issuer.rdnSequence", issuer_dn, &issuer_len)) < 0) {
-               gnutls_assert();
-               asn1_delete_structure(c2);
-               return GNUTLS_E_ASN1_PARSING_ERROR;
-       }
-       asn1_delete_structure(c2);
 
 
        /* get the 'subject' info of 'issuer_cert'
         */
-       if (asn1_create_structure(_gnutls_get_pkix(), "PKIX1Implicit88.Certificate", &c2, "certificate2") != ASN_OK) {
+       if (asn1_create_structure(_gnutls_get_pkix(), "PKIX1Implicit88.Certificate", &c3, "certificate2") != ASN_OK) {
                gnutls_assert();
+               asn1_delete_structure(c2);
                return GNUTLS_E_ASN1_ERROR;
        }
        
-       result = asn1_get_der(c2, issuer_cert->raw.data, issuer_cert->raw.size);
+       result = asn1_get_der(c3, issuer_cert->raw.data, issuer_cert->raw.size);
        if (result != ASN_OK) {
                /* couldn't decode DER */
                gnutls_assert();
                asn1_delete_structure(c2);
                return GNUTLS_E_ASN1_PARSING_ERROR;
        }
+
+       i=1;
+       ok=finish=0;
+       for (;;) {
+               char tmpstr[512];
+               char intstr[4];
+
+               strcpy( tmpstr, "certificate2.tbsCertificate.issuer.rdnSequence");
+               _gnutls_int2str( i, intstr);
+               strcat( tmpstr, intstr);
+               
+               issuer_len = sizeof(issuer_dn) - 1;
+               if ((result =
+                    asn1_read_value(c2, tmpstr, issuer_dn, &issuer_len)) != ASN_OK) {
+                       if (result!=ASN_ELEMENT_NOT_FOUND) {
+                               gnutls_assert();
+                               ok = 1;
+                               break;
+                       }
+                       finish = 1;
+               }
        
-       len = sizeof(dn) - 1;
-       if ((result =
-            asn1_read_value(c2, "certificate2.tbsCertificate.subject.rdnSequence", dn, &len)) < 0) {
-               gnutls_assert();
-               asn1_delete_structure(c2);
-               return GNUTLS_E_ASN1_PARSING_ERROR;
+               len = sizeof(issuer_own_dn) - 1;
+               if ((result =
+                    asn1_read_value(c3, tmpstr, issuer_own_dn, &len)) != ASN_OK) {
+                       if (result!=ASN_ELEMENT_NOT_FOUND) {
+                               gnutls_assert();
+                               ok = 1;
+                               break;
+                       }
+               }
+
+               if (finish!=0 && result==ASN_ELEMENT_NOT_FOUND)
+                       break; /* finished comparing */
+                               
+               if (memcmp(issuer_own_dn, issuer_dn, GMAX(len, issuer_len)) != 0) {
+                       gnutls_assert();
+                       ok = 1;
+                       break;
+               }
+               
+               i++;
+               if (i>999) {
+                       gnutls_assert();
+                       ok=1;
+                       break;
+               }
        }
+       
        asn1_delete_structure(c2);
+       asn1_delete_structure(c3);
 
-fprintf(stderr, "len: %d\nisslen: %d\n", len,issuer_len);
-
-       if (memcmp(dn, issuer_dn, GMAX(len, issuer_len)) == 0)
-               return 0;
-
+       if (ok==0) return 0;
+       
        gnutls_assert();
        return GNUTLS_E_UNKNOWN_ERROR;  /* do not match */
 
@@ -269,7 +304,6 @@ int gnutls_verify_certificate2(gnutls_cert * cert, gnutls_cert * trusted_cas, in
                gnutls_assert();
                return GNUTLS_CERT_NOT_TRUSTED;
        }
-fprintf(stderr, "XXXissuer: %d\n", issuer->subject_pk_algorithm);
        
         ret = gnutls_verify_signature(cert, issuer);
         if (ret != GNUTLS_CERT_TRUSTED)

diff --git a/lib/ext_srp.c b/lib/ext_srp.c
index a623f4a8c0e7b389604b1202d142959ba5cce94c..c19b81e75d5dcc2f9a331add0349cdb9806ddba8 100644 (file)
--- a/lib/ext_srp.c
+++ b/lib/ext_srp.c
@@ -22,9 +22,18 @@
 #include "gnutls_auth_int.h"
 #include "auth_srp.h"
 #include "gnutls_errors.h"
+#include "gnutls_algorithms.h"
 
 int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_size) {
        uint8 len;
+
+       if (_gnutls_kx_priority( state, GNUTLS_KX_SRP) < 0) {
+               /* algorithm was not allowed in this state
+                */
+               gnutls_assert();
+               return 0;
+       }
+       
        if (state->security_parameters.entity == GNUTLS_SERVER) {
                if (data_size > 0) {
                        state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(SRP_SERVER_AUTH_INFO));
@@ -80,8 +89,11 @@ int _gnutls_srp_send_params( GNUTLS_STATE state, opaque** data) {
                }
        } else { /* SERVER SIDE sending (g,n,s) */
                /* We only send the packet if we are NOT
-                * resuming
+                * resuming AND we are using SRP
                 */
+               if (state->security_parameters.kx_algorithm!=GNUTLS_KX_SRP)
+                       return 0; /* no data to send */
+               
                if (state->gnutls_internals.resumed==RESUME_FALSE)
                        return gen_srp_server_hello( state->gnutls_key, data);
                else

diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in
index 17938fcd01044249a55361e885940a0f30f40e41..3ca2c23bdb0a2e3f324e2c033dde7c96980c328e 100644 (file)
--- a/lib/gnutls.h.in
+++ b/lib/gnutls.h.in
@@ -65,8 +65,7 @@ typedef struct gnutls_private_key gnutls_private_key;
 
 int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end);
 int gnutls_deinit(GNUTLS_STATE state);
-int gnutls_bye(SOCKET cd, GNUTLS_STATE state);
-int gnutls_bye_nowait(SOCKET cd, GNUTLS_STATE state);
+int gnutls_bye(SOCKET cd, GNUTLS_STATE state, int wait);
 
 int gnutls_handshake(SOCKET cd, GNUTLS_STATE state);
 int gnutls_check_pending(GNUTLS_STATE state);

diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index b670332c10bc7c12b01cccf0dca30d9fe1767f04..749665e7b8820f5039f5a576d28000bc72ae03ba 100644 (file)
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -154,9 +154,11 @@ int ret;
                res->cert_list[res->ncerts] =
                    (gnutls_cert *) gnutls_realloc( res->cert_list[res->ncerts], i * sizeof(gnutls_cert));
 
-               if (res->cert_list[res->ncerts] == NULL)
+               if (res->cert_list[res->ncerts] == NULL) {
+                       gnutls_assert();
                        return GNUTLS_E_MEMORY_ERROR;
-
+               }
+               
                tmp.data = b64;
                tmp.size = siz2;
                if ((ret =
@@ -193,9 +195,11 @@ int ret;
 gnutls_datum tmp;
 
        fd1 = fopen(cafile, "r");
-       if (fd1 == NULL)
+       if (fd1 == NULL) {
+               gnutls_assert();
                return GNUTLS_E_UNKNOWN_ERROR;
-
+       }
+       
        siz = fread(x, 1, sizeof(x), fd1);
        fclose(fd1);
 
@@ -217,10 +221,12 @@ gnutls_datum tmp;
                ptr = strstr( ptr, CERT_SEP)+1;
 
                res->ca_list =
-                   (gnutls_cert *) gnutls_realloc(res->ca_list, i * sizeof(gnutls_cert));
-               if (res->ca_list == NULL)
+                   (gnutls_cert *) gnutls_realloc( res->ca_list, i * sizeof(gnutls_cert));
+               if (res->ca_list == NULL) {
+                       gnutls_assert();
                        return GNUTLS_E_MEMORY_ERROR;
-
+               }
+               
                tmp.data = b64;
                tmp.size = siz2;
                if ((ret =
@@ -369,7 +375,7 @@ int ret;
 
 static int _read_rsa_params(opaque * der, int dersize, MPI ** params)
 {
-       opaque str[5 * 1024];
+       opaque str[MAX_X509_CERT_SIZE];
        int len, result;
        node_asn *spk;
 
@@ -474,7 +480,7 @@ static int _read_rsa_params(opaque * der, int dersize, MPI ** params)
 /* this function will convert up to 3 digit
  * numbers to characters.
  */
-static void int2str(int k, char* data) {
+void _gnutls_int2str(int k, char* data) {
     if (k > 999) data[0] = 0;
     else sprintf( data, "%d", k);
 }
@@ -494,7 +500,7 @@ static int _get_Name_type( node_asn *rasn, char *root, gnutls_DN * dn)
                
                strcpy(name, root);
                strcat(name, ".rdnSequence.?");
-               int2str(k, counter);
+               _gnutls_int2str(k, counter);
                strcat(name, counter);
 
                len = sizeof(str) - 1;
@@ -511,7 +517,7 @@ static int _get_Name_type( node_asn *rasn, char *root, gnutls_DN * dn)
 
                        strcpy(name2, name);
                        strcat(name2, ".?");
-                       int2str(k2, counter);
+                       _gnutls_int2str(k2, counter);
                        strcat(name2, counter);
 
                        len = sizeof(str) - 1;
@@ -633,7 +639,7 @@ int _gnutls_cert2gnutlsCert(gnutls_cert * gCert, gnutls_datum derCert)
 {
        int result;
        node_asn *c2;
-       opaque str[5 * 1024];
+       opaque str[MAX_X509_CERT_SIZE];
        int len = sizeof(str);
 
        gCert->valid = 1;
@@ -647,6 +653,9 @@ int _gnutls_cert2gnutlsCert(gnutls_cert * gCert, gnutls_datum derCert)
        result = asn1_get_der( c2, derCert.data, derCert.size);
        if (result != ASN_OK) {
                /* couldn't decode DER */
+#ifdef DEBUG
+               fprintf(stderr, "Decoding error %d\n", result);
+#endif         
                gnutls_assert();
                return GNUTLS_E_ASN1_PARSING_ERROR;
        }
@@ -691,21 +700,26 @@ int _gnutls_cert2gnutlsCert(gnutls_cert * gCert, gnutls_datum derCert)
                 * currently not supported
                 */
                gnutls_assert();
+fprintf(stderr, "ALGORITHM: %s\n", str);
+return GNUTLS_E_UNIMPLEMENTED_FEATURE;
                gCert->subject_pk_algorithm = GNUTLS_PK_UNKNOWN;
                gCert->params = NULL;
                
        }
 
        len = sizeof( gCert->signature);
+
        result =
            asn1_read_value
                    (c2, "certificate2.signature",
                     gCert->signature, &len);
+
        if ((len % 8) !=0) {
                gnutls_assert();
                asn1_delete_structure(c2);
                return GNUTLS_E_UNIMPLEMENTED_FEATURE;          
        }
+       len /= 8; /* convert to bytes */
        gCert->signature_size = len;
 
 

diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h
index b76ff71fb250ca64ff10c236c935187887562edd..f660327d3c10da909821d968d7f05bd4fbf3e14f 100644 (file)
--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -22,7 +22,7 @@ typedef struct {
        gnutls_DN  cert_info;
        gnutls_DN  issuer_info;
 
-       opaque     signature[MAX_HASH_SIZE];
+       opaque     signature[1024];
        int        signature_size;
        
        time_t     expiration_time;

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 663e3689cd9a1ee4b2d1dd854cc873d35062e312..04e4892f6dd91a6d7893f74f9e97da5a149ce084 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -30,9 +30,9 @@
 #define HARD_DEBUG
 #define BUFFERS_DEBUG
 #define RECORD_DEBUG
-#define HANDSHAKE_DEBUG*/
+#define HANDSHAKE_DEBUG
 #define DEBUG
-
+*/
 
 #define SOCKET int
 #define LIST ...
@@ -46,6 +46,8 @@
 #define TLS_MASTER_SIZE 48
 #define MAX_HASH_SIZE 20
 
+#define MAX_X509_CERT_SIZE 10*1024
+
 #define MAX_DNSNAME_SIZE 256
 
 /* the default for TCP */

diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 9dc87eb08c7e8da71f14e2d7571ee85c4dddaa3a..4ddf7d1e0a1a0125b5cda9e7be441848d613f81b 100644 (file)
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -35,7 +35,7 @@
  */
 int _gnutls_pkcs1key2gnutlsKey(gnutls_private_key * pkey, gnutls_datum cert) {
        int result;
-       opaque str[5*1024];
+       opaque str[MAX_X509_CERT_SIZE];
        int len = sizeof(str);
        node_asn *pkcs_asn;
        

diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 22b0c4d3f38f742d00bf70bc3ecb5edc89ce56bc..a7036c023da451485abeed12cf2438bf0d706990 100644 (file)
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -352,51 +352,22 @@ int _gnutls_send_alert(SOCKET cd, GNUTLS_STATE state, AlertLevel level, AlertDes
   * gnutls_bye - This function terminates the current TLS/SSL connection.
   * @cd: is a connection descriptor.
   * @state: is a &GNUTLS_STATE structure.
+  * @wait: is an integer
   *
   * Terminates the current TLS/SSL connection. If the return value is 0
   * you may continue using the TCP connection. The connection should
   * have been initiated using gnutls_handshake() or similar function.
+  * If 'wait' is non-zero then we will not wait for the other peer to 
+  * close the TLS connection.
   **/
-int gnutls_bye(SOCKET cd, GNUTLS_STATE state)
+int gnutls_bye(SOCKET cd, GNUTLS_STATE state, int wait)
 {
        int ret;
 
        ret = _gnutls_send_alert(cd, state, GNUTLS_WARNING, GNUTLS_CLOSE_NOTIFY);
 
        /* receive the closure alert */
-       gnutls_recv_int(cd, state, GNUTLS_ALERT, NULL, 0, 0); 
-
-       state->gnutls_internals.valid_connection = VALID_FALSE;
-
-       return ret;
-}
-
-/**
-  * gnutls_bye_nowait - This function terminates the current TLS/SSL connection.
-  * @cd: is a connection descriptor.
-  * @state: is a &GNUTLS_STATE structure.
-  *
-  * Terminates the current TLS/SSL connection. The connection should
-  * have been initiated using gnutls_handshake() or similar function.
-  * This function does not wait for the other peer to close the TLS
-  * connection.
-  **/
-int gnutls_bye_nowait(SOCKET cd, GNUTLS_STATE state)
-{
-       int ret;
-
-       ret = _gnutls_send_alert(cd, state, GNUTLS_WARNING, GNUTLS_CLOSE_NOTIFY);
-
-       state->gnutls_internals.valid_connection = VALID_FALSE;
-
-       return ret;
-}
-
-int gnutls_close_nowait(SOCKET cd, GNUTLS_STATE state)
-{
-       int ret;
-
-       ret = _gnutls_send_alert(cd, state, GNUTLS_WARNING, GNUTLS_CLOSE_NOTIFY);
+       if (wait==0) gnutls_recv_int(cd, state, GNUTLS_ALERT, NULL, 0, 0); 
 
        state->gnutls_internals.valid_connection = VALID_FALSE;
 
@@ -778,7 +749,7 @@ ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, char *d
                                 * not call close().
                                 */
                                if (type != GNUTLS_ALERT)
-                                       gnutls_close_nowait(cd, state);
+                                       gnutls_bye(cd, state, 1);
                                
                                gnutls_free(tmpdata);
                                

diff --git a/lib/gnutls_sig_check.c b/lib/gnutls_sig_check.c
index c96e17fa6acf6c71d70271c33e7c8bb84f8cc944..e5afd94dd8a10457955849bf27cd71e2f33da85d 100644 (file)
--- a/lib/gnutls_sig_check.c
+++ b/lib/gnutls_sig_check.c
@@ -34,10 +34,10 @@
 static gnutls_datum* _gnutls_get_tbs( gnutls_cert* cert) {
 node_asn *c2;
 gnutls_datum * ret;
-opaque str[10*1024];
+opaque str[MAX_X509_CERT_SIZE];
 int result, len;
 
-       if (asn1_create_structure( _gnutls_get_pkix(), "Certificate", &c2, "certificate")!=ASN_OK) {
+       if (asn1_create_structure( _gnutls_get_pkix(), "PKIX1Implicit88.Certificate", &c2, "certificate")!=ASN_OK) {
                gnutls_assert();
                return NULL;
        }
@@ -53,6 +53,9 @@ int result, len;
        result =
            asn1_read_value( c2, "certificate.tbsCertificate", str, &len);
        if (result != ASN_OK) {
+#ifdef DEBUG
+               fprintf(stderr, "ASN.1 failure number %d\n", result);
+#endif
                gnutls_assert();
                asn1_delete_structure(c2);
                return NULL;

diff --git a/src/.cvsignore b/src/.cvsignore
index 5ec147f85407cb7eeb07c79e9478a624e016b835..2e6fe98fc69855f00fa9702521db76e519596bd5 100644 (file)
--- a/src/.cvsignore
+++ b/src/.cvsignore
@@ -8,4 +8,5 @@ Makefile.in
 .deps
 .libs
 crypt
+asn1c
 CertificateExample
\ No newline at end of file

diff --git a/src/asn1c.c b/src/asn1c.c
index 547332a87187575f9daccd3e4e762ca226036c4c..508d145c3d13beb0beeca607155cd6a7b9f90e20 100644 (file)
--- a/src/asn1c.c
+++ b/src/asn1c.c
@@ -34,14 +34,17 @@ int
 main(int argc,char *argv[])
 {
   int result;
-  FILE* tmp;
+  char* outfile;
   
-  if(argc!=3) {
+  if(argc<2||argc>3) {
        fprintf(stderr, "Usage: %s: input.asn output.c\n", argv[0]);
        exit(1);
   }
  
-  result=asn1_parser_asn1_file_c( argv[1], argv[2]);
+  if (argc==3) outfile=argv[2];
+  else outfile=NULL;
+  
+  result=asn1_parser_asn1_file_c( argv[1], outfile);
 
   if(result==ASN_SYNTAX_ERROR){
     printf("PARSE ERROR\n");

diff --git a/src/ca.pem b/src/ca.pem
deleted file mode 100644 (file)
index 8a77d91..0000000
--- a/src/ca.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC2jCCAkOgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCR1Ix
-DzANBgNVBAgTBkF0dGlraTEPMA0GA1UEBxMGQXRoaW5hMRcwFQYDVQQKEw5HTlVU
-TFMgVEVTVCBDQTEWMBQGA1UECxMNR05VVExTIERFVkVMLjEXMBUGA1UEAxMOR05V
-VExTIFRFU1QgQ0ExHTAbBgkqhkiG9w0BCQEWDm5tYXZAaGVsbHVnLmdyMB4XDTAx
-MDcyMDA3MTMyMFoXDTExMDcxODA3MTMyMFowgZgxCzAJBgNVBAYTAkdSMQ8wDQYD
-VQQIEwZBdHRpa2kxDzANBgNVBAcTBkF0aGluYTEXMBUGA1UEChMOR05VVExTIFRF
-U1QgQ0ExFjAUBgNVBAsTDUdOVVRMUyBERVZFTC4xFzAVBgNVBAMTDkdOVVRMUyBU
-RVNUIENBMR0wGwYJKoZIhvcNAQkBFg5ubWF2QGhlbGx1Zy5ncjCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAu3HbtQcFB+lQ/2OPEd14LKLRh3OzTNWZsem2rj6x
-oHTuMaIWGuzgIrJAF92wfx5+qcNJ1ZttbfhHR84dbR8wISxeoTN8jA2vy6w6qsfk
-/kuiZQb7NZML1l2tW+PzESnSxBuJSywoM6nu3Q17UeoZ4l2qgdY90iDI0lxh/0JK
-Oi0CAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUhJDoDTbwcum9
-BaWIOdcRxlpWRbwwDQYJKoZIhvcNAQEEBQADgYEAcDd/j9F8F0AOPu1LnsS1DquV
-7LNRApEj5OTw6tR7Xih9S8eDY2wzMi9szEykEIQ0qxOamA6V443xq4qDoturX1mg
-E60rHVHNRmy9qcqvMKn7bt+11fgXE4Ya4do+hcBMwjuI4wmXDD160mFiiMHaVmUx
-fy3Pa7F8RfUIMieurAU=
------END CERTIFICATE-----

diff --git a/src/cli.c b/src/cli.c
index e57a541d8ca30ae82e404c2820bede6c96dacf08..8a39929433ba56982bf42212a62dc41d94702e7b 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -37,7 +37,7 @@
 #define RESUME
 
 #define MAX(X,Y) (X >= Y ? X : Y);
-#define CAFILE "ca.pem"
+#define CAFILE "x509/ca.pem"
 #define CRLFILE NULL
 
 #define PRINTX(x,y) if (y[0]!=0) printf(" -   %s %s\n", x, y)
@@ -202,7 +202,7 @@ int main(int argc, char** argv)
        print_info( state);
 
        printf("- Disconnecting\n");
-       gnutls_bye(sd, state);
+       gnutls_bye(sd, state, 0);
        shutdown( sd, SHUT_WR);
        close(sd);      
        gnutls_deinit( state);  
@@ -312,7 +312,7 @@ int main(int argc, char** argv)
                if (FD_ISSET(fileno(stdin), &rset)) {
        
                        if( fgets(buffer, MAX_BUF, stdin) == NULL) {
-                               gnutls_bye(sd, state);
+                               gnutls_bye(sd, state, 0);
                                user_term = 1;
                                continue;
                        }
@@ -320,7 +320,7 @@ int main(int argc, char** argv)
                        printf("- Sent: %d bytes\n", strlen(buffer));
                }
        }
-       if (user_term!=0) gnutls_bye(sd, state);
+       if (user_term!=0) gnutls_bye(sd, state, 0);
        
        shutdown( sd, SHUT_RDWR); /* no more receptions */
        close(sd);

diff --git a/src/pkcs1.asn b/src/pkcs1.asn
index c162b5fd462892cc5b7bc78d4314adc6d8b488a6..d04dacabbcb3bcc296c4dd9d8a8a5ca2fa07acd2 100644 (file)
--- a/src/pkcs1.asn
+++ b/src/pkcs1.asn
@@ -1,10 +1,5 @@
 PKCS-1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)  modules(0) pkcs-1(1)}
 
--- $Revision$
-
--- This module has been checked for conformance with the ASN.1 
--- standard by the OSS ASN.1 Tools
-
 DEFINITIONS EXPLICIT TAGS ::=
 
 BEGIN
@@ -45,11 +40,13 @@ OtherPrimeInfo ::= SEQUENCE {
        coefficient INTEGER -- ti 
 }
 
--- for signature calculation -nmav
+-- for signature calculation
+-- added by nmav
 
-AlgorithmIdentifier  ::=  SEQUENCE  {
+AlgorithmIdentifier ::= SEQUENCE  {
      algorithm               OBJECT IDENTIFIER,
-     parameters              ANY DEFINED BY algorithm OPTIONAL  }
+     parameters              ANY DEFINED BY algorithm OPTIONAL  
+}
                                 -- contains a value of the type
                                 -- registered for use with the
                                 -- algorithm object identifier value

diff --git a/src/serv.c b/src/serv.c
index 772023725aa32e1ffcdd36afc449ff4e4db70184..78a05a2428d24dc1c148b5a9f6f3b39ebc4109ec 100644 (file)
--- a/src/serv.c
+++ b/src/serv.c
@@ -302,17 +302,19 @@ int main(int argc, char **argv)
                exit(1);
        }
 
-       if (gnutls_set_x509_server_key( x509_cred, CERTFILE, KEYFILE) < 0) {
-               fprintf(stderr, "X509 PARSE ERROR\nDid you have key.pem and cert.pem?\n");
+       if (gnutls_set_x509_server_trust( x509_cred, CAFILE, CRLFILE) < 0) {
+               fprintf(stderr, "X509 PARSE ERROR\nDid you have ca.pem?\n");
                exit(1);
        }
 
-       if (gnutls_set_x509_server_trust( x509_cred, CAFILE, CRLFILE) < 0) {
-               fprintf(stderr, "X509 PARSE ERROR\nDid you have ca.pem?\n");
+       if (gnutls_set_x509_server_key( x509_cred, CERTFILE, KEYFILE) < 0) {
+               fprintf(stderr, "X509 PARSE ERROR\nDid you have key.pem and cert.pem?\n");
                exit(1);
        }
 
 
+
+
        listen_sd = socket(AF_INET, SOCK_STREAM, 0);
        ERR(listen_sd, "socket");
 
@@ -406,7 +408,9 @@ int main(int argc, char **argv)
                        }
                }
                printf("\n");
-               gnutls_bye_nowait(sd, state);
+               gnutls_bye(sd, state, 1); /* do not wait for
+                * the peer to close the connection.
+                */
                close(sd);
                gnutls_deinit(state);
        }