]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
The xssl experimental library was removed.
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 10 Mar 2014 12:09:54 +0000 (13:09 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 10 Mar 2014 12:21:49 +0000 (13:21 +0100)
While the idea of a high level library is nice, there are no resources
to maintain an additional library.

16 files changed:
doc/Makefile.am
doc/cha-functions.texi
doc/cha-gtls-examples.texi
doc/doc.mk
doc/examples/Makefile.am
doc/examples/ex-client-xssl1.c [deleted file]
doc/examples/ex-client-xssl2.c [deleted file]
doc/manpages/Makefile.am
lib/Makefile.am
lib/includes/Makefile.am
lib/includes/gnutls/xssl.h [deleted file]
lib/xssl.c [deleted file]
lib/xssl.h [deleted file]
lib/xssl_getline.c [deleted file]
tests/Makefile.am
tests/mini-xssl.c [deleted file]

index 73fe6817132ea5c6f732ee6a2e5d53113a1ac57f..aa1f2feb5addd0fb57a68c4f6e20455c80d9195d 100644 (file)
@@ -202,8 +202,7 @@ MAINTAINERCLEANFILES =
 
 API_FILES=gnutls-api.texi x509-api.texi pgp-api.texi pkcs12-api.texi \
        tpm-api.texi pkcs11-api.texi abstract-api.texi compat-api.texi \
-       dtls-api.texi crypto-api.texi ocsp-api.texi tpm-api.texi dane-api.texi \
-       xssl-api.texi
+       dtls-api.texi crypto-api.texi ocsp-api.texi tpm-api.texi dane-api.texi
 
 clean-local:
        -rm -f stamp_enums stamp_functions
@@ -247,17 +246,6 @@ x509-api.texi: $(top_srcdir)/lib/includes/gnutls/x509.h
        done
        mv -f $@-tmp $@
 
-xssl-api.texi: $(top_srcdir)/lib/includes/gnutls/xssl.h
-       echo "" > $@-tmp
-       for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \
-               echo $(ECHO_N) "Creating documentation for $$i... " && \
-               $(srcdir)/scripts/gdoc -texinfo \
-                       -function $$i \
-                       $(C_SOURCE_FILES) >> $@-tmp 2>/dev/null && \
-               echo "ok"; \
-       done
-       mv -f $@-tmp $@
-
 pgp-api.texi: $(top_srcdir)/lib/includes/gnutls/openpgp.h
        echo "" > $@-tmp
        for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \
@@ -432,11 +420,11 @@ $(FUNCS): stamp_functions
 compare-exported:
        rm -f tmp-exp-$@ tmp-head-$@
        for i in ../libdane/includes/gnutls/*.h ../lib/includes/gnutls/*.h;do perl scripts/getfuncs.pl <$$i >>tmp-head-$@;done
-       sort -u tmp-head-$@|grep -v ^xssl > tmp2-head-$@
+       sort -u tmp-head-$@ > tmp2-head-$@
        mv tmp2-head-$@ tmp-head-$@
        scripts/getfuncs-map.pl <../lib/libgnutls.map >tmp-exp-$@
        scripts/getfuncs-map.pl <../libdane/libdane.map >>tmp-exp-$@
-       sort -u tmp-exp-$@|grep -v ^xssl > tmp2-exp-$@
+       sort -u tmp-exp-$@ > tmp2-exp-$@
        mv tmp2-exp-$@ tmp-exp-$@
        diff -u tmp-exp-$@ tmp-head-$@
        rm -f tmp-exp-$@ tmp-head-$@
@@ -2379,27 +2367,3 @@ FUNCS += functions/gnutls_x509_trust_list_verify_crt
 FUNCS += functions/gnutls_x509_trust_list_verify_crt.short
 FUNCS += functions/gnutls_x509_trust_list_verify_named_crt
 FUNCS += functions/gnutls_x509_trust_list_verify_named_crt.short
-FUNCS += functions/xssl_client_init
-FUNCS += functions/xssl_client_init.short
-FUNCS += functions/xssl_cred_deinit
-FUNCS += functions/xssl_cred_deinit.short
-FUNCS += functions/xssl_cred_init
-FUNCS += functions/xssl_cred_init.short
-FUNCS += functions/xssl_deinit
-FUNCS += functions/xssl_deinit.short
-FUNCS += functions/xssl_flush
-FUNCS += functions/xssl_flush.short
-FUNCS += functions/xssl_getdelim
-FUNCS += functions/xssl_getdelim.short
-FUNCS += functions/xssl_get_session
-FUNCS += functions/xssl_get_session.short
-FUNCS += functions/xssl_printf
-FUNCS += functions/xssl_printf.short
-FUNCS += functions/xssl_read
-FUNCS += functions/xssl_read.short
-FUNCS += functions/xssl_server_init
-FUNCS += functions/xssl_server_init.short
-FUNCS += functions/xssl_sinit
-FUNCS += functions/xssl_sinit.short
-FUNCS += functions/xssl_write
-FUNCS += functions/xssl_write.short
index 6af6ded8cbffff0963b0b9c6662621bea4d590d7..da86cc4b2c5bc4b76c2520cf7d1f3c0210d9b533 100644 (file)
@@ -4,7 +4,6 @@
 
 @menu
 * Core TLS API::
-* High level TLS API::
 * Datagram TLS API::
 * X509 certificate API::
 * OCSP API::
@@ -26,14 +25,6 @@ The prototypes for the following functions lie in
 
 @include gnutls-api.texi
 
-@node High level TLS API
-@section High level TLS API
-
-The prototypes for the following functions lie in
-@file{gnutls/xssl.h}.
-
-@include xssl-api.texi
-
 @node Datagram TLS API
 @section Datagram TLS API
 
index e01c078602af13af1079cfcd5d3da4b532b79553..7615f920414d96f0c711c8cfdb152c0e520d3b58 100644 (file)
@@ -13,7 +13,6 @@ no error checking.
 * Server examples::
 * OCSP example::
 * Miscellaneous examples::
-* XSSL examples::
 @end menu
 
 @node Client examples
@@ -290,29 +289,3 @@ such a structure.
 
 @verbatiminclude examples/ex-pkcs12.c
 
-@node XSSL examples
-@section XSSL examples
-
-XSSL is an experimental API available in the @code{gnutls-xssl} library
-and in @code{gnutls/xssl.h} header. It is intended to be a very simple
-to use API avoid the GnuTLS API. The API however has the following limitations
-@itemize
-@item It is applicable to blocking sockets only.
-@item The server verification is based on its DNS name.
-@end itemize
-
-@menu
-* Example client with X.509 certificate authentication::
-* Example client with X.509 certificate authentication and TOFU::
-@end menu
-
-@node Example client with X.509 certificate authentication
-@subsection Example client with X.509 certificate authentication
-
-@verbatiminclude examples/ex-client-xssl1.c
-
-@node Example client with X.509 certificate authentication and TOFU
-@subsection Example client with X.509 certificate authentication and TOFU
-
-@verbatiminclude examples/ex-client-xssl2.c
-
index ac24d17e0b4ce959525a0deddac88d1175262bd9..6f67f61d9d7fb7937fd5a1ce88ef1ce41b5c500d 100644 (file)
@@ -24,6 +24,6 @@ HEADER_FILES = $(top_srcdir)/lib/includes/gnutls/gnutls.h.in \
        $(top_srcdir)/lib/includes/gnutls/abstract.h $(top_srcdir)/lib/includes/gnutls/compat.h \
        $(top_srcdir)/lib/includes/gnutls/dtls.h $(top_srcdir)/lib/includes/gnutls/crypto.h \
        $(top_srcdir)/lib/includes/gnutls/ocsp.h $(top_srcdir)/lib/includes/gnutls/tpm.h \
-       $(top_srcdir)/libdane/includes/gnutls/dane.h $(top_srcdir)/lib/includes/gnutls/xssl.h
+       $(top_srcdir)/libdane/includes/gnutls/dane.h
 
 C_SOURCE_FILES = $(top_srcdir)/lib/*/*.c $(top_srcdir)/lib/*.c  $(top_srcdir)/libdane/*.c 
index 959a9e52cb9859f0356361ee41b83146411f8af0..ce0ef191112ec4b978df39f2bdab4c211241ac55 100644 (file)
@@ -44,15 +44,12 @@ CXX_LDADD = ../../lib/libgnutlsxx.la \
 
 noinst_PROGRAMS = ex-client-resume ex-client-dtls
 noinst_PROGRAMS += ex-cert-select ex-client-x509
-noinst_PROGRAMS += ex-serv-dtls ex-client-xssl1 ex-client-xssl2
+noinst_PROGRAMS += ex-serv-dtls
 noinst_PROGRAMS += print-ciphersuites
 if ENABLE_OCSP
 noinst_PROGRAMS += ex-serv-x509
 endif
 
-ex_client_xssl1_LDADD = $(LDADD) ../../lib/libgnutls-xssl.la
-ex_client_xssl2_LDADD = $(LDADD) ../../lib/libgnutls-xssl.la
-
 if ENABLE_CXX
 ex_cxx_SOURCES = ex-cxx.cpp
 ex_cxx_LDADD = $(CXX_LDADD)
diff --git a/doc/examples/ex-client-xssl1.c b/doc/examples/ex-client-xssl1.c
deleted file mode 100644 (file)
index a50b412..0000000
+++ /dev/null
@@ -1,82 +0,0 @@
-/* This example code is placed in the public domain. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/xssl.h>
-#include "examples.h"
-
-/* A simple TLS client, with X.509 authentication. Certificate verification
- * is explicit.
- */
-
-extern int tcp_connect(void);
-extern void tcp_close(int sd);
-
-int main(void)
-{
-        int ret;
-        char *line = NULL;
-        size_t line_len;
-        xssl_cred_t cred;
-        xssl_t sb;
-        unsigned int status;
-        int fd;
-
-        gnutls_global_init();
-
-        fd = tcp_connect();
-
-        ret = xssl_cred_init(&cred, GNUTLS_VMETHOD_SYSTEM_CAS, NULL, 0);
-        if (ret < 0)
-                exit(1);
-
-        /* Initialize TLS session
-         */
-        ret = xssl_client_init(&sb, "www.example.com", NULL,
-                               (gnutls_transport_ptr_t) fd,
-                               NULL, cred, &status, 0);
-        if (ret < 0) {
-                if (ret == GNUTLS_E_AUTH_ERROR) {
-                        gnutls_datum_t txt;
-
-                        gnutls_certificate_verification_status_print
-                            (status, GNUTLS_CRT_X509, &txt, 0);
-
-                        fprintf(stderr, "Verification error (%x): %s\n",
-                                status, txt.data);
-                        gnutls_free(txt.data);
-                }
-                exit(1);
-        }
-#define REQ "GET / HTTP/1.0\r\n"
-        ret = xssl_write(sb, REQ, sizeof(REQ) - 1);
-        if (ret < 0)
-                exit(1);
-
-        do {
-                ret = xssl_getline(sb, &line, &line_len);
-                if (ret < 0)
-                        exit(1);
-
-                fprintf(stderr, "received: %s\n", line);
-        }
-        while (ret >= 0);
-
-        gnutls_free(line);
-
-        xssl_deinit(sb);
-
-        tcp_close(fd);
-
-        xssl_cred_deinit(cred);
-
-        gnutls_global_deinit();
-
-        return 0;
-}
diff --git a/doc/examples/ex-client-xssl2.c b/doc/examples/ex-client-xssl2.c
deleted file mode 100644 (file)
index f457f31..0000000
+++ /dev/null
@@ -1,99 +0,0 @@
-/* This example code is placed in the public domain. */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/xssl.h>
-#include "examples.h"
-
-/* A simple TLS client, with X.509 authentication. Certificate verification
- * with a fixed CA, and trust on first use. 
- */
-
-extern int tcp_connect(void);
-extern void tcp_close(int sd);
-
-int main(void)
-{
-        int ret;
-        char *line = NULL;
-        size_t line_len;
-        xssl_cred_t cred;
-        xssl_t sb;
-        gnutls_cinput_st aux[2];
-        unsigned aux_size = 0;
-        unsigned int status;
-        int fd;
-
-        gnutls_global_init();
-
-        fd = tcp_connect();
-
-        aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
-        aux[aux_size].contents = GNUTLS_CINPUT_CAS;
-        aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
-        aux[aux_size].i1.file = "/path/to/ca/file";
-        aux_size++;
-
-        /* This may be skipped to use the default DB file */
-        aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
-        aux[aux_size].contents = GNUTLS_CINPUT_TOFU_DB;
-        aux[aux_size].i1.file = "/path/to/trust/db/file";
-        aux_size++;
-
-        ret =
-            xssl_cred_init(&cred,
-                           GNUTLS_VMETHOD_GIVEN_CAS | GNUTLS_VMETHOD_TOFU,
-                           aux, aux_size);
-        if (ret < 0)
-                exit(1);
-
-        /* Initialize TLS session
-         */
-        ret = xssl_client_init(&sb, "www.example.com", NULL,
-                               (gnutls_transport_ptr_t) fd,
-                               NULL, cred, &status, 0);
-        if (ret < 0) {
-                if (ret == GNUTLS_E_AUTH_ERROR) {
-                        gnutls_datum_t txt;
-
-                        gnutls_certificate_verification_status_print
-                            (status, GNUTLS_CRT_X509, &txt, 0);
-
-                        fprintf(stderr, "Verification error (%x): %s\n",
-                                status, txt.data);
-                        gnutls_free(txt.data);
-                }
-                exit(1);
-        }
-#define REQ "GET / HTTP/1.0\r\n"
-        ret = xssl_write(sb, REQ, sizeof(REQ) - 1);
-        if (ret < 0)
-                exit(1);
-
-        do {
-                ret = xssl_getline(sb, &line, &line_len);
-                if (ret < 0)
-                        exit(1);
-
-                fprintf(stderr, "received: %s\n", line);
-        }
-        while (ret >= 0);
-
-        gnutls_free(line);
-
-        xssl_deinit(sb);
-
-        tcp_close(fd);
-
-        xssl_cred_deinit(cred);
-
-        gnutls_global_deinit();
-
-        return 0;
-}
index dfdf9abe22a800a08b40fd130e96a1d9cf518074..c7acbd2adb9abd8c8d9b415fa3d8fac825c0e7ee 100644 (file)
@@ -977,18 +977,6 @@ APIMANS += gnutls_x509_trust_list_remove_trust_file.3
 APIMANS += gnutls_x509_trust_list_remove_trust_mem.3
 APIMANS += gnutls_x509_trust_list_verify_crt.3
 APIMANS += gnutls_x509_trust_list_verify_named_crt.3
-APIMANS += xssl_client_init.3
-APIMANS += xssl_cred_deinit.3
-APIMANS += xssl_cred_init.3
-APIMANS += xssl_deinit.3
-APIMANS += xssl_flush.3
-APIMANS += xssl_getdelim.3
-APIMANS += xssl_get_session.3
-APIMANS += xssl_printf.3
-APIMANS += xssl_read.3
-APIMANS += xssl_server_init.3
-APIMANS += xssl_sinit.3
-APIMANS += xssl_write.3
 
 dist_man_MANS += $(APIMANS)
 
index 395ac7cdbea245513c9bb968745cf6bc900e10e1..e2432dc2c42d646abdb07a8f7cff483a1018e484 100644 (file)
@@ -207,19 +207,3 @@ gnutls_asn1_tab.c: $(srcdir)/gnutls.asn
 priority_options.h: $(srcdir)/priority_options.gperf
        -gperf -t $^ > $@
 
-libgnutls_xssl_la_LDFLAGS = -no-undefined -export-symbols-regex '^xssl.*'
-
-lib_LTLIBRARIES += libgnutls-xssl.la
-
-libgnutls_xssl_la_SOURCES = xssl.c xssl_getline.c xssl.h vasprintf.c vasprintf.h
-
-libgnutls_xssl_la_LIBADD = ../gl/libgnu.la libgnutls.la
-
-libgnutls_xssl_la_LDFLAGS += -version-info $(LT_XSSL_CURRENT):$(LT_XSSL_REVISION):$(LT_XSSL_AGE)
-
-if HAVE_LD_OUTPUT_DEF
-libgnutls_xssl_la_LDFLAGS += \
-       -Wl,--output-def,libgnutls-xssl-$(DLL_VERSION).def
-libgnutls-xssl-$(DLL_VERSION).def: libgnutls-xssl.la
-defexec_DATA += libgnutls-xssl-$(DLL_VERSION).def
-endif
index 2fb86094c6ead6aa93cefb6f2d54874694275664..bf32cdb4c8478ea5114e362910d3f102fdc20abd 100644 (file)
@@ -20,8 +20,7 @@
 
 nobase_include_HEADERS = gnutls/x509.h gnutls/pkcs12.h gnutls/compat.h \
        gnutls/openpgp.h gnutls/crypto.h gnutls/pkcs11.h                \
-       gnutls/abstract.h gnutls/dtls.h gnutls/ocsp.h gnutls/tpm.h      \
-       gnutls/xssl.h
+       gnutls/abstract.h gnutls/dtls.h gnutls/ocsp.h gnutls/tpm.h
 
 if ENABLE_CXX
 nobase_include_HEADERS += gnutls/gnutlsxx.h
diff --git a/lib/includes/gnutls/xssl.h b/lib/includes/gnutls/xssl.h
deleted file mode 100644 (file)
index f9d2bce..0000000
+++ /dev/null
@@ -1,125 +0,0 @@
-/* -*- c -*-
- * Copyright (C) 2013 Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-#ifndef GNUTLS_SBUF_H
-#define GNUTLS_SBUF_H
-
-/* *INDENT-OFF* */
-#ifdef __cplusplus
-extern "C" {
-#endif
-/* *INDENT-ON* */
-
-#include <gnutls/gnutls.h>
-
-/* Buffered session I/O */
-typedef struct xssl_st *xssl_t;
-typedef struct xssl_cred_st *xssl_cred_t;
-
-ssize_t xssl_printf(xssl_t sb, const char *fmt, ...)
-#ifdef __GNUC__
-    __attribute__ ((format(printf, 2, 3)))
-#endif
-    ;
-
-ssize_t xssl_write(xssl_t sb, const void *data, size_t data_size);
-
-ssize_t xssl_flush(xssl_t sb);
-
-ssize_t xssl_read(xssl_t sb, void *data, size_t data_size);
-
-ssize_t
-xssl_getdelim(xssl_t sbuf, char **lineptr, size_t * n, int delimiter);
-
-#define xssl_getline(sbuf, ptr, n) xssl_getdelim(sbuf, ptr, n, '\n')
-
-void xssl_deinit(xssl_t sb);
-
-#define GNUTLS_SBUF_WRITE_FLUSHES (1<<0)
-int xssl_sinit(xssl_t * isb, gnutls_session_t session, unsigned int flags);
-
-gnutls_session_t xssl_get_session(xssl_t sb);
-
-int xssl_client_init(xssl_t * isb, const char *hostname,
-                    const char *service,
-                    gnutls_transport_ptr fd,
-                    const char *priority, xssl_cred_t cred,
-                    unsigned int *status, unsigned int flags);
-
-int xssl_server_init(xssl_t * isb,
-                    gnutls_transport_ptr fd,
-                    const char *priority, xssl_cred_t cred,
-                    unsigned int *status, unsigned int flags);
-
-/* High level credential structures */
-typedef enum {
-       GNUTLS_VMETHOD_NO_AUTH = 0,
-       GNUTLS_VMETHOD_TOFU = 1 << 0,
-       GNUTLS_VMETHOD_GIVEN_CAS = 1 << 1,
-       GNUTLS_VMETHOD_SYSTEM_CAS = 1 << 2
-} gnutls_vmethod_t;
-
-typedef enum {
-       GNUTLS_CINPUT_TYPE_FILE = 0,
-       GNUTLS_CINPUT_TYPE_MEM = 1,
-       GNUTLS_CINPUT_TYPE_PIN_FUNC = 2,
-} gnutls_cinput_type_t;
-
-typedef enum {
-       GNUTLS_CINPUT_CAS = 1,  /* i1 contains the CAs */
-       GNUTLS_CINPUT_CRLS = 2, /* i1 contains the CRLs */
-       GNUTLS_CINPUT_TOFU_DB = 3,      /* i1 contains the DB filename */
-       GNUTLS_CINPUT_KEYPAIR = 4,      /* i1 contains the certificate, i2 the key 
-                                        * or i1.pin_fn contains the pin function, 
-                                        * and i2.udata the user pointer */
-} gnutls_cinput_contents_t;
-
-typedef struct gnutls_cinput_st {
-       gnutls_cinput_type_t type;
-       gnutls_cinput_contents_t contents;
-       gnutls_x509_crt_fmt_t fmt;      /* if applicable */
-
-       union {
-               gnutls_pin_callback_t pin_fn;
-               const char *file;
-               gnutls_datum_t mem;
-       } i1;
-
-       union {
-               void *udata;
-               const char *file;
-               gnutls_datum_t mem;
-       } i2;
-
-       unsigned long future_pad[8];
-} gnutls_cinput_st;
-
-int xssl_cred_init(xssl_cred_t * c, unsigned vflags,
-                  gnutls_cinput_st * aux, unsigned aux_size);
-void xssl_cred_deinit(xssl_cred_t cred);
-
-
-/* *INDENT-OFF* */
-#ifdef __cplusplus
-}
-#endif
-/* *INDENT-ON* */
-
-#endif                         /* GNUTLS_SBUF_H */
diff --git a/lib/xssl.c b/lib/xssl.c
deleted file mode 100644 (file)
index 237c686..0000000
+++ /dev/null
@@ -1,739 +0,0 @@
-/*
- * Copyright (C) 2013 Nikos Mavrogiannopoulos
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The gnutls library is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_num.h>
-#include <gnutls/xssl.h>
-#include <auth/cert.h>
-#include <fips.h>
-#include "vasprintf.h"
-
-#include <xssl.h>
-
-/**
- * xssl_cred_deinit:
- * @cred: is a #xssl_cred_t structure.
- *
- * This function deinitializes a #xssl_cred_t structure.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- *
- * Since: 3.1.7
- **/
-void xssl_cred_deinit(xssl_cred_t cred)
-{
-       if (cred->xcred)
-               gnutls_certificate_free_credentials(cred->xcred);
-       gnutls_free(cred);
-}
-
-
-static int _verify_certificate_callback(gnutls_session_t session)
-{
-       unsigned int status;
-       xssl_t sb;
-       int ret, type;
-       const char *hostname = NULL;
-       const char *service = NULL;
-       const char *tofu_file = NULL;
-
-       sb = gnutls_session_get_ptr(session);
-       if (sb == NULL)
-               return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
-       if (sb->cred == NULL)
-               return
-                   gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
-       if (sb->server_name[0] != 0)
-               hostname = sb->server_name;
-
-       if (sb->service_name[0] != 0)
-               service = sb->service_name;
-
-       if (sb->cred->tofu_file[0] != 0)
-               tofu_file = sb->cred->tofu_file;
-
-       /* This verification function uses the trusted CAs in the credentials
-        * structure. So you must have installed one or more CA certificates.
-        */
-       sb->vstatus = 0;
-       if (sb->cred->vflags & GNUTLS_VMETHOD_SYSTEM_CAS
-           || sb->cred->vflags & GNUTLS_VMETHOD_GIVEN_CAS) {
-               ret =
-                   gnutls_certificate_verify_peers3(session, hostname,
-                                                    &status);
-               if (ret < 0)
-                       return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
-
-               sb->vstatus = status;
-
-               if (status != 0)        /* Certificate is not trusted */
-                       return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
-       }
-
-       if (hostname && sb->cred->vflags & GNUTLS_VMETHOD_TOFU) {
-               const gnutls_datum_t *cert_list;
-               unsigned int cert_list_size;
-
-               type = gnutls_certificate_type_get(session);
-
-               /* Do SSH verification */
-               cert_list =
-                   gnutls_certificate_get_peers(session, &cert_list_size);
-               if (cert_list == NULL) {
-                       sb->vstatus |= GNUTLS_CERT_INVALID;
-                       return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
-               }
-
-               /* service may be obtained alternatively using getservbyport() */
-               ret =
-                   gnutls_verify_stored_pubkey(tofu_file, NULL, hostname,
-                                               service, type,
-                                               &cert_list[0], 0);
-               if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) {
-                       /* host was not seen before. Store the key */
-                       gnutls_store_pubkey(tofu_file, NULL, hostname,
-                                           service, type, &cert_list[0],
-                                           0, 0);
-               } else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) {
-                       sb->vstatus |= GNUTLS_CERT_MISMATCH;
-                       return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
-               } else if (ret < 0) {
-                       sb->vstatus |= GNUTLS_CERT_INVALID;
-                       return gnutls_assert_val(GNUTLS_E_AUTH_ERROR);
-               }
-       }
-
-       /* notify gnutls to continue handshake normally */
-       return 0;
-}
-
-/**
- * xssl_cred_init:
- * @c: is a pointer to #xssl_cred_t structure.
- * @vflags: the requested peer verification methods
- * @aux: Auxilary data to input any required CA certificate etc.
- * @aux_size: the number of the auxillary data provided
- *
- * This function initializes X.509 certificates in 
- * a #xssl_cred_t structure.
- *
- * The @ca_file and @crl_file are required only if @vflags includes
- * %GNUTLS_VMETHOD_GIVEN_CAS. The @tofu_file may be set if 
- * %GNUTLS_VMETHOD_TOFU is specified.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- *
- * Since: 3.1.7
- **/
-int xssl_cred_init(xssl_cred_t * c, unsigned vflags,
-                  gnutls_cinput_st * aux, unsigned aux_size)
-{
-       int ret;
-       unsigned len, i;
-       xssl_cred_t cred;
-
-       *c = gnutls_calloc(1, sizeof(*cred));
-       if (*c == NULL)
-               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
-       cred = *c;
-       cred->vflags = vflags;
-
-       if (cred->xcred == NULL) {
-               ret =
-                   gnutls_certificate_allocate_credentials(&cred->xcred);
-               if (ret < 0)
-                       return gnutls_assert_val(ret);
-       }
-
-       if (vflags & GNUTLS_VMETHOD_SYSTEM_CAS) {
-               ret =
-                   gnutls_certificate_set_x509_system_trust(cred->xcred);
-               if (ret < 0) {
-                       gnutls_assert();
-                       goto fail1;
-               }
-       }
-
-       for (i = 0; i < aux_size; i++) {
-               if (aux[i].contents == GNUTLS_CINPUT_KEYPAIR) {
-                       if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
-                               ret =
-                                   gnutls_certificate_set_x509_key_file
-                                   (cred->xcred, aux[i].i1.file,
-                                    aux[i].i2.file, aux[i].fmt);
-                       else if (aux[i].type == GNUTLS_CINPUT_TYPE_MEM)
-                               ret =
-                                   gnutls_certificate_set_x509_key_mem
-                                   (cred->xcred, &aux[i].i1.mem,
-                                    &aux[i].i2.mem, aux[i].fmt);
-                       else if (aux[i].type ==
-                                GNUTLS_CINPUT_TYPE_PIN_FUNC) {
-                               ret = 0;
-                               gnutls_certificate_set_pin_function(cred->
-                                                                   xcred,
-                                                                   aux[i].
-                                                                   i1.
-                                                                   pin_fn,
-                                                                   aux[i].
-                                                                   i2.
-                                                                   udata);
-                       } else
-                               ret =
-                                   gnutls_assert_val
-                                   (GNUTLS_E_INVALID_REQUEST);
-
-                       if (ret < 0) {
-                               gnutls_assert();
-                               goto fail1;
-                       }
-               }
-
-               if (aux[i].contents == GNUTLS_CINPUT_CAS
-                   && (vflags & GNUTLS_VMETHOD_GIVEN_CAS)) {
-                       if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
-                               ret =
-                                   gnutls_certificate_set_x509_trust_file
-                                   (cred->xcred, aux[i].i1.file,
-                                    aux[i].fmt);
-                       else
-                               ret =
-                                   gnutls_certificate_set_x509_trust_mem
-                                   (cred->xcred, &aux[i].i1.mem,
-                                    aux[i].fmt);
-
-                       if (ret < 0) {
-                               gnutls_assert();
-                               goto fail1;
-                       }
-               }
-
-               if (aux[i].contents == GNUTLS_CINPUT_CRLS
-                   && (vflags & GNUTLS_VMETHOD_GIVEN_CAS)) {
-                       if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE)
-                               ret =
-                                   gnutls_certificate_set_x509_crl_file
-                                   (cred->xcred, aux[i].i1.file,
-                                    aux[i].fmt);
-                       else
-                               ret =
-                                   gnutls_certificate_set_x509_crl_mem
-                                   (cred->xcred, &aux[i].i1.mem,
-                                    aux[i].fmt);
-
-                       if (ret < 0) {
-                               gnutls_assert();
-                               goto fail1;
-                       }
-               }
-
-               if (aux[i].contents == GNUTLS_CINPUT_TOFU_DB
-                   && (vflags & GNUTLS_VMETHOD_TOFU)) {
-                       if (aux[i].type == GNUTLS_CINPUT_TYPE_FILE) {
-                               len = strlen(aux[i].i1.file);
-                               if (len >= sizeof(cred->tofu_file)) {
-                                       ret =
-                                           gnutls_assert_val
-                                           (GNUTLS_E_INVALID_REQUEST);
-                                       goto fail1;
-                               }
-                               memcpy(cred->tofu_file, aux[i].i1.file,
-                                      len + 1);
-                               ret = 0;
-                       } else
-                               ret = GNUTLS_E_INVALID_REQUEST;
-
-                       if (ret < 0) {
-                               gnutls_assert();
-                               goto fail1;
-                       }
-               }
-       }
-
-       gnutls_certificate_set_verify_function(cred->xcred,
-                                              _verify_certificate_callback);
-
-       return 0;
-      fail1:
-       gnutls_certificate_free_credentials(cred->xcred);
-       cred->xcred = NULL;
-       gnutls_free(*c);
-
-       return ret;
-}
-
-/**
- * xssl_sinit:
- * @isb: is a pointer to a #xssl_t structure.
- * @session: a GnuTLS session
- * @flags: should be zero or %GNUTLS_SBUF_WRITE_FLUSHES
- *
- * This function initializes a #xssl_t structure associated
- * with the provided session. If the flag %GNUTLS_SBUF_WRITE_FLUSHES
- * is set then xssl_queue() will flush when the maximum
- * data size for a record is reached.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- *
- * Since: 3.1.7
- **/
-int xssl_sinit(xssl_t * isb, gnutls_session_t session, unsigned int flags)
-{
-       struct xssl_st *sb;
-       
-       sb = gnutls_calloc(1, sizeof(*sb));
-       if (sb == NULL)
-               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
-       _gnutls_buffer_init(&sb->buf);
-       sb->session = session;
-       sb->flags = flags;
-
-       *isb = sb;
-
-       return 0;
-}
-
-/**
- * xssl_client_init:
- * @isb: is a pointer to a #xssl_t structure.
- * @hostname: The name of the host to connect to
- * @service: The name of the host to connect to
- * @fd: a socket descriptor
- * @priority: A priority string to use (use %NULL for default)
- * @cred: A credentials structure
- * @status: An authentication failure status
- * @flags: should be zero or %GNUTLS_SBUF_WRITE_FLUSHES
- *
- * This function initializes a #xssl_t structure.
- * If the flag %GNUTLS_SBUF_WRITE_FLUSHES
- * is set then xssl_queue() will flush when the maximum
- * data size for a record is reached.
- *
- * If peer verification fails then %GNUTLS_E_AUTH_ERROR is returned.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- *
- * Since: 3.1.7
- **/
-int xssl_client_init(xssl_t * isb, const char *hostname,
-                    const char *service,
-                    gnutls_transport_ptr fd,
-                    const char *priority, xssl_cred_t cred,
-                    unsigned int *status, unsigned int flags)
-{
-       struct xssl_st *sb;
-       gnutls_session_t session;
-       int ret;
-       unsigned len;
-       
-       ret = gnutls_init(&session, GNUTLS_CLIENT);
-       if (ret < 0)
-               return gnutls_assert_val(ret);
-
-       sb = gnutls_calloc(1, sizeof(*sb));
-       if (sb == NULL) {
-               gnutls_deinit(session);
-               ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-               goto fail1;
-       }
-       _gnutls_buffer_init(&sb->buf);
-       sb->session = session;
-       sb->flags = flags;
-       sb->cred = cred;
-
-       /* set session/handshake info 
-        */
-       gnutls_handshake_set_timeout(session,
-                                    GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
-       if (priority == NULL)
-               priority = "NORMAL:%COMPAT";
-       ret = gnutls_priority_set_direct(session, priority, NULL);
-       if (ret < 0) {
-               gnutls_assert();
-               goto fail1;
-       }
-
-       if (cred->xcred) {
-               ret =
-                   gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
-                                          cred->xcred);
-               if (ret < 0) {
-                       gnutls_assert();
-                       goto fail1;
-               }
-       }
-
-       if (hostname) {
-               len = strlen(hostname);
-
-               if (len >= sizeof(sb->server_name))
-                       return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-               memcpy(sb->server_name, hostname, len + 1);
-
-               ret =
-                   gnutls_server_name_set(session, GNUTLS_NAME_DNS,
-                                          hostname, len);
-               if (ret < 0) {
-                       gnutls_assert();
-                       goto fail1;
-               }
-       }
-
-       if (service) {
-               len = strlen(service);
-
-               if (len >= sizeof(sb->service_name))
-                       return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-               memcpy(sb->service_name, service, len + 1);
-       }
-
-       gnutls_transport_set_ptr(session, fd);
-       gnutls_session_set_ptr(session, sb);
-
-       do {
-               ret = gnutls_handshake(session);
-       }
-       while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-       if (status)
-               *status = sb->vstatus;
-
-       if (ret < 0) {
-               int ret2;
-               do {
-                       ret2 =
-                           gnutls_alert_send_appropriate(sb->session,
-                                                         ret);
-               }
-               while (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0);
-
-               return gnutls_assert_val(ret);
-
-               gnutls_assert();
-               goto fail1;
-       }
-
-       *isb = sb;
-
-       return 0;
-
-      fail1:
-       if (sb)
-               xssl_deinit(sb);
-
-       return ret;
-}
-
-/**
- * xssl_server_init:
- * @isb: is a pointer to a #xssl_t structure.
- * @fd: a socket descriptor
- * @priority: A priority string to use (use %NULL for default)
- * @cred: A credentials structure
- * @status: An authentication failure status
- * @flags: should be zero or %GNUTLS_SBUF_WRITE_FLUSHES
- *
- * This function initializes a #xssl_t structure.
- * If the flag %GNUTLS_SBUF_WRITE_FLUSHES
- * is set then xssl_queue() will flush when the maximum
- * data size for a record is reached.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- *
- * Since: 3.1.7
- **/
-int xssl_server_init(xssl_t * isb,
-                    gnutls_transport_ptr fd,
-                    const char *priority, xssl_cred_t cred,
-                    unsigned int *status, unsigned int flags)
-{
-       struct xssl_st *sb;
-       gnutls_session_t session;
-       int ret;
-
-       ret = gnutls_init(&session, GNUTLS_SERVER);
-       if (ret < 0)
-               return gnutls_assert_val(ret);
-
-       sb = gnutls_calloc(1, sizeof(*sb));
-       if (sb == NULL) {
-               gnutls_deinit(session);
-               ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-               goto fail1;
-       }
-       _gnutls_buffer_init(&sb->buf);
-       sb->session = session;
-       sb->flags = flags;
-       sb->cred = cred;
-
-       /* set session/handshake info 
-        */
-       gnutls_handshake_set_timeout(session,
-                                    GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
-
-       if (priority == NULL)
-               priority = "NORMAL:%COMPAT";
-       ret = gnutls_priority_set_direct(session, priority, NULL);
-       if (ret < 0) {
-               gnutls_assert();
-               goto fail1;
-       }
-
-       if (cred->xcred) {
-               if (cred->xcred->ncerts == 0
-                   && cred->xcred->get_cert_callback2 == NULL) {
-                       ret =
-                           gnutls_assert_val
-                           (GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-                       goto fail1;
-               }
-
-               ret =
-                   gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
-                                          cred->xcred);
-               if (ret < 0) {
-                       gnutls_assert();
-                       goto fail1;
-               }
-
-       }
-
-       if (cred->vflags & GNUTLS_VMETHOD_GIVEN_CAS)
-               gnutls_certificate_server_set_request(session,
-                                                     GNUTLS_CERT_REQUIRE);
-
-       gnutls_transport_set_ptr(session, fd);
-       gnutls_session_set_ptr(session, sb);
-
-       do {
-               ret = gnutls_handshake(session);
-       }
-       while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-       if (status)
-               *status = sb->vstatus;
-
-       if (ret < 0) {
-               int ret2;
-               do {
-                       ret2 =
-                           gnutls_alert_send_appropriate(sb->session,
-                                                         ret);
-               }
-               while (ret2 < 0 && gnutls_error_is_fatal(ret2) == 0);
-
-               return gnutls_assert_val(ret);
-
-               gnutls_assert();
-               goto fail1;
-       }
-
-       *isb = sb;
-
-       return 0;
-
-      fail1:
-       if (sb)
-               xssl_deinit(sb);
-
-       return ret;
-}
-
-/**
- * xssl_deinit:
- * @sb: is a #xssl_t structure.
- *
- * This function clears all buffers associated with the @sb
- * structure. The GnuTLS session associated with the structure
- * is left intact.
- *
- * Since: 3.1.7
- **/
-void xssl_deinit(xssl_t sb)
-{
-       if (sb->session) {
-               gnutls_bye(sb->session, GNUTLS_SHUT_WR);
-               gnutls_deinit(sb->session);
-       }
-       _gnutls_buffer_clear(&sb->buf);
-       gnutls_free(sb);
-}
-
-/**
- * xssl_write:
- * @sb: is a #xssl_t structure.
- * @data: contains the data to send
- * @data_size: is the length of the data
- *
- * This function is the buffered equivalent of gnutls_record_send().
- * Instead of sending the data immediately the data are buffered
- * until xssl_queue() is called, or if the flag %GNUTLS_SBUF_WRITE_FLUSHES
- * is set, until the number of bytes for a full record is reached.
- *
- * This function must only be used with blocking sockets.
- *
- * Returns: On success, the number of bytes written is returned, otherwise
- *  an error code is returned.
- *
- * Since: 3.1.7
- **/
-ssize_t xssl_write(xssl_t sb, const void *data, size_t data_size)
-{
-       int ret;
-
-       ret = _gnutls_buffer_append_data(&sb->buf, data, data_size);
-       if (ret < 0)
-               return gnutls_assert_val(ret);
-
-       while ((sb->flags & GNUTLS_SBUF_WRITE_FLUSHES) &&
-              sb->buf.length >= MAX_RECORD_SEND_SIZE(sb->session)) {
-               do {
-                       ret =
-                           gnutls_record_send(sb->session, sb->buf.data,
-                                              sb->buf.length);
-               }
-               while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-               if (ret < 0)
-                       return gnutls_assert_val(ret);
-
-               sb->buf.data += ret;
-               sb->buf.length -= ret;
-       }
-
-       return data_size;
-}
-
-/**
- * xssl_printf:
- * @sb: is a #xssl_t structure.
- * @fmt: printf-style format 
- *
- * This function allows writing to a %xssl_t using printf
- * style arguments.
- *
- * This function must only be used with blocking sockets.
- *
- * Returns: On success, the number of bytes written is returned, otherwise
- *  an error code is returned.
- *
- * Since: 3.1.7
- **/
-ssize_t xssl_printf(xssl_t sb, const char *fmt, ...)
-{
-       int ret;
-       va_list args;
-       int len;
-       char *str;
-
-       va_start(args, fmt);
-       len = vasprintf(&str, fmt, args);
-       va_end(args);
-
-       if (len < 0 || !str)
-               return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-
-       ret = xssl_write(sb, str, len);
-
-       gnutls_free(str);
-
-       return ret;
-}
-
-/**
- * xssl_flush:
- * @sb: is a #xssl_t structure.
- *
- * This function flushes the buffer @sb. All the data stored are transmitted.
- *
- * This function must only be used with blocking sockets.
- *
- * Returns: On success, the number of bytes sent, otherwise a negative error code.
- *
- * Since: 3.1.7
- **/
-ssize_t xssl_flush(xssl_t sb)
-{
-       int ret;
-       ssize_t total = 0;
-
-       while (sb->buf.length > 0) {
-               do {
-                       ret =
-                           gnutls_record_send(sb->session, sb->buf.data,
-                                              sb->buf.length);
-               }
-               while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-               if (ret < 0)
-                       return gnutls_assert_val(ret);
-
-               sb->buf.data += ret;
-               sb->buf.length -= ret;
-               total += ret;
-       }
-
-       return total;
-}
-
-/**
- * xssl_read:
- * @sb: is a #xssl_t structure.
- * @data: the buffer that the data will be read into
- * @data_size: the number of requested bytes
- *
- * This function receives data from the underlying session.
- * Only fatal errors are returned by this function.
- *
- * Returns: The number of bytes received and zero on EOF (for stream
- * connections) or a negative error code.
- *
- * Since: 3.1.7
- **/
-ssize_t xssl_read(xssl_t sb, void *data, size_t data_size)
-{
-       int ret;
-
-       do {
-               ret = gnutls_record_recv(sb->session, data, data_size);
-       }
-       while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-
-       if (ret < 0)
-               return gnutls_assert_val(ret);
-
-       return 0;
-}
-
-/**
- * xssl_get_session:
- * @sb: is a #xssl_t structure.
- *
- * Returns: The associated session or %NULL.
- *
- * Since: 3.1.7
- **/
-gnutls_session_t xssl_get_session(xssl_t sb)
-{
-       return sb->session;
-}
diff --git a/lib/xssl.h b/lib/xssl.h
deleted file mode 100644 (file)
index aac26a9..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#ifndef SBUF_H
-#define SBUF_H
-
-#include <gnutls_str.h>
-#include <gnutls/gnutls.h>
-
-struct xssl_cred_st {
-       gnutls_certificate_credentials_t xcred;
-       char tofu_file[MAX_FILENAME];
-       unsigned vflags;
-};
-
-struct xssl_st {
-       gnutls_session_t session;
-       gnutls_buffer_st buf;
-
-       char server_name[MAX_SERVER_NAME_SIZE];
-       char service_name[MAX_SERVER_NAME_SIZE];
-
-       xssl_cred_t cred;
-
-       unsigned int vstatus;   /* the verification status reason */
-       unsigned int flags;
-};
-
-#endif
diff --git a/lib/xssl_getline.c b/lib/xssl_getline.c
deleted file mode 100644 (file)
index aa5677f..0000000
+++ /dev/null
@@ -1,125 +0,0 @@
-/* getdelim.c --- Implementation of replacement getdelim function.
- * Copyright (C) 1994, 1996-1998, 2001, 2003, 2005-2012 Free Software
- * Foundation, Inc.
- *
- * This file is part of GnuTLS.
- *
- * The gnutls library is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- */
-
-/* Ported from glibc by Simon Josefsson. */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls/xssl.h>
-#include <xssl.h>
-
-#ifndef SSIZE_MAX
-#define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2))
-#endif
-
-/**
- * xssl_get_delim:
- * @sb: is a #xssl_t structure.
- * @lineptr: a pointer.
- * @n: The size of @lineptr.
- * @delimiter: The delimiter to stop reading at.
- *
- * Read up to (and including) a @delimiter from &sb into *LINEPTR (and
- * NUL-terminate it).  @lineptr is a pointer returned from gnutls_malloc() 
- * (or %NULL), pointing to @n characters of space.  It is realloc'ed as
- * necessary.  
- *
- * Only fatal errors are returned by this function.
- *
- * Returns the number of characters read (not including
- * the null terminator), or a negative error code on error. 
- *
- * Since: 3.1.7
- **/
-ssize_t
-xssl_getdelim(xssl_t sbuf, char **lineptr, size_t * n, int delimiter)
-{
-       ssize_t result;
-       size_t cur_len = 0;
-
-       if (lineptr == NULL || n == NULL || sbuf == NULL) {
-               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-       }
-
-       if (*lineptr == NULL || *n == 0) {
-               char *new_lineptr;
-               *n = 120;
-               new_lineptr = (char *) gnutls_realloc_fast(*lineptr, *n);
-               if (new_lineptr == NULL) {
-                       result = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-                       goto fail;
-               }
-               *lineptr = new_lineptr;
-       }
-
-       for (;;) {
-               char c;
-
-               result = xssl_read(sbuf, &c, 1);
-               if (result < 0) {
-                       gnutls_assert();
-                       break;
-               }
-
-               /* Make enough space for len+1 (for final NUL) bytes.  */
-               if (cur_len + 1 >= *n) {
-                       size_t needed_max =
-                           SSIZE_MAX <
-                           SIZE_MAX ? (size_t) SSIZE_MAX + 1 : SIZE_MAX;
-                       size_t needed = 2 * *n + 1;     /* Be generous. */
-                       char *new_lineptr;
-
-                       if (needed_max < needed)
-                               needed = needed_max;
-                       if (cur_len + 1 >= needed) {
-                               result =
-                                   gnutls_assert_val
-                                   (GNUTLS_E_LARGE_PACKET);
-                               goto fail;
-                       }
-
-                       new_lineptr =
-                           (char *) gnutls_realloc_fast(*lineptr, needed);
-                       if (new_lineptr == NULL) {
-                               result =
-                                   gnutls_assert_val
-                                   (GNUTLS_E_MEMORY_ERROR);
-                               goto fail;
-                       }
-
-                       *lineptr = new_lineptr;
-                       *n = needed;
-               }
-
-               (*lineptr)[cur_len] = c;
-               cur_len++;
-
-               if (c == delimiter)
-                       break;
-       }
-       (*lineptr)[cur_len] = '\0';
-
-       if (cur_len != 0)
-               result = cur_len;
-
-      fail:
-
-       return result;
-}
index 8e9cdde20dd5974b1b87d5c1358d042aad054d28..49e1d7f0c2fbd964878d4ef6bd1047cd9626c2ef 100644 (file)
@@ -71,7 +71,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred certder certuniqueid \
         mini-termination mini-x509-cas mini-x509-2 pkcs12_simple \
         mini-emsgsize-dtls chainverify-unsorted mini-overhead \
         mini-dtls-heartbeat mini-x509-callbacks key-openssl priorities \
-        mini-dtls-srtp mini-xssl rsa-encrypt-decrypt mini-loss-time \
+        mini-dtls-srtp rsa-encrypt-decrypt mini-loss-time \
         mini-record mini-dtls-record mini-handshake-timeout mini-record-range \
         mini-cert-status mini-rsa-psk global-init sec-params \
         fips-test mini-global-load name-constraints
diff --git a/tests/mini-xssl.c b/tests/mini-xssl.c
deleted file mode 100644 (file)
index 1834353..0000000
+++ /dev/null
@@ -1,397 +0,0 @@
-/*
- * Copyright (C) 2013 Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * GnuTLS is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuTLS is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with GnuTLS; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* Tests for the xssl interface */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#if defined(_WIN32) || !defined(ENABLE_NON_SUITEB_CURVES)
-
-int main()
-{
-       exit(77);
-}
-
-#else
-
-#include <string.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <sys/socket.h>
-#include <sys/wait.h>
-#include <arpa/inet.h>
-#include <unistd.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/xssl.h>
-#include <signal.h>
-
-#include "utils.h"
-
-#define TOFU_DB_FILE "tofu.tmp.db"
-
-static void terminate(void);
-
-/* This program tests the robustness of record
- * decoding.
- */
-
-static time_t mytime(time_t * t)
-{
-       time_t then = 1359304177;
-
-       if (t)
-               *t = then;
-
-       return then;
-}
-
-
-static void server_log_func(int level, const char *str)
-{
-  fprintf (stderr, "server|<%d>| %s", level, str);
-}
-
-static void client_log_func(int level, const char *str)
-{
-       fprintf(stderr, "client|<%d>| %s", level, str);
-}
-
-static unsigned char ca_pem[] =
-    "-----BEGIN CERTIFICATE-----\n"
-    "MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU\n"
-    "TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV\n"
-    "BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB\n"
-    "OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL\n"
-    "dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb\n"
-    "HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08\n"
-    "WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3\n"
-    "F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3\n"
-    "a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe\n"
-    "oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/\n"
-    "MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P\n"
-    "MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH\n"
-    "VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc\n"
-    "4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s\n"
-    "V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK\n"
-    "VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u\n"
-    "f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv\n"
-    "ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k\n"
-    "-----END CERTIFICATE-----\n";
-
-const gnutls_datum_t ca_cert = { ca_pem,
-       sizeof(ca_pem) - 1
-};
-
-static unsigned char server_cert_pem[] =
-    "-----BEGIN CERTIFICATE-----\n"
-    "MIICsDCCAWigAwIBAgIETeC0kjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H\n"
-    "bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM4NDNaFw0zODEwMTIwODM4NDZaMDEx\n"
-    "LzAtBgNVBAMTJkdudVRMUyBUZXN0IHNlcnZlciAoRUNEU0EgY2VydGlmaWNhdGUp\n"
-    "ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE0vMmf/W0rRoUqBxH5Uq+c/sR76ElmyZM\n"
-    "e2zj3U9PRJ0maKstEOHkpaDaSU6s2Hyi9L88wS1ZX0ijgY0wgYowDAYDVR0TAQH/\n"
-    "BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEw\n"
-    "DwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUJ97Q83IFpLgqeOnT1rX/JzCvlTQw\n"
-    "HwYDVR0jBBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQAD\n"
-    "ggExAErP9z8CCwt7YwA+SHoulNjqcXsngeKAKN9fVgV/XuspG6L2nU1WZvCjjFj6\n"
-    "jggMbJSElyCuLZJKlTC/DihXUgRXyswOzg9qQ7dDv+V/Qi95XH5slXNzYxMQSdoA\n"
-    "IaULVVDZcMFMVSc+TyAchJ6XwUY9umiysz3lSOioMQCch4MA366ZNqqnq5OD4moH\n"
-    "1SUX8CbRjA6SLpvffexLTB2Af+mFi8ReTkXCwB1LGEH1HRp/XzBc+/F9mavy3g/6\n"
-    "Hnjf2E1h2GDYXcJCVfE+ArjNS+R94jJwRMFBvwD/x2hsvpSajDpO0+GIxlGGKdyh\n"
-    "7o4puz/BqHwSzX9h7I7RvFEogDUNUzLgHMdcjq5usnmQpdWNUP8Xs/WqLjML+/PT\n"
-    "+jyCwmll0lPlC2RqAx3pM1XrjjQ=\n" "-----END CERTIFICATE-----\n";
-
-const gnutls_datum_t server_cert = { server_cert_pem,
-       sizeof(server_cert_pem) - 1
-};
-
-static unsigned char server_key_pem[] =
-    "-----BEGIN EC PRIVATE KEY-----\n"
-    "MGgCAQEEHHX3xeBOGgIxxtuhhpbwdwZnJztR7+uZTHnYuL+gBwYFK4EEACGhPAM6\n"
-    "AATS8yZ/9bStGhSoHEflSr5z+xHvoSWbJkx7bOPdT09EnSZoqy0Q4eSloNpJTqzY\n"
-    "fKL0vzzBLVlfSA==\n" "-----END EC PRIVATE KEY-----\n";
-
-const gnutls_datum_t server_key = { server_key_pem,
-       sizeof(server_key_pem) - 1
-};
-
-#define LINE1 "hello there people\n"
-#define LINE2 "how are you doing today, all well?\n"
-
-static const char *test = NULL;
-
-#define err_quit(r) {fail("%s: Error in line %d: %s\n", test, __LINE__, gnutls_strerror(r)); exit(1);}
-
-static void client(int fd, unsigned int vmethod, unsigned use_cert)
-{
-       int ret;
-       char *line = NULL;
-       size_t line_len;
-       xssl_cred_t cred;
-       xssl_t sb;
-       gnutls_cinput_st aux[6];
-       unsigned int status;
-       unsigned aux_size = 0;
-
-       global_init();
-       gnutls_global_set_time_function(mytime);
-
-       if (debug) {
-               gnutls_global_set_log_function(client_log_func);
-               gnutls_global_set_log_level(7);
-       }
-
-       if (vmethod & GNUTLS_VMETHOD_GIVEN_CAS) {
-               aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
-               aux[aux_size].contents = GNUTLS_CINPUT_CAS;
-               aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
-               aux[aux_size].i1.mem = ca_cert;
-               aux_size++;
-       }
-
-       if (use_cert != 0) {
-               aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
-               aux[aux_size].contents = GNUTLS_CINPUT_KEYPAIR;
-               aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
-               aux[aux_size].i1.mem = server_cert;
-               aux[aux_size].i2.mem = server_key;
-               aux_size++;
-       }
-
-       if (vmethod & GNUTLS_VMETHOD_TOFU) {
-               aux[aux_size].type = GNUTLS_CINPUT_TYPE_FILE;
-               aux[aux_size].contents = GNUTLS_CINPUT_TOFU_DB;
-               aux[aux_size].i1.file = TOFU_DB_FILE;
-               aux_size++;
-       }
-
-       ret = xssl_cred_init(&cred, vmethod, aux, aux_size);
-       if (ret < 0)
-               err_quit(ret);
-
-       /* Initialize TLS session
-        */
-       ret =
-           xssl_client_init(&sb, "localhost", NULL,
-                            (gnutls_transport_ptr_t) (long) fd, NULL,
-                            cred, &status, 0);
-       if (ret < 0) {
-               if (ret == GNUTLS_E_AUTH_ERROR) {
-                       gnutls_datum_t txt;
-
-                       gnutls_certificate_verification_status_print
-                           (status, GNUTLS_CRT_X509, &txt, 0);
-
-                       fprintf(stderr, "auth[%x]: %s\n", status,
-                               txt.data);
-                       gnutls_free(txt.data);
-               }
-               err_quit(ret);
-       }
-
-       ret = xssl_getline(sb, &line, &line_len);
-       if (ret < 0)
-               err_quit(ret);
-
-       if (strcmp(line, LINE1) != 0) {
-               fail("Error comparing first line\n");
-               exit(1);
-       }
-
-       ret = xssl_getline(sb, &line, &line_len);
-       if (ret < 0)
-               err_quit(ret);
-
-       if (strcmp(line, LINE2) != 0) {
-               fail("Error comparing first line\n");
-               exit(1);
-       }
-
-       gnutls_free(line);
-
-       xssl_deinit(sb);
-
-       close(fd);
-
-       xssl_cred_deinit(cred);
-
-       gnutls_global_deinit();
-}
-
-
-/* These are global */
-pid_t child;
-
-static void terminate(void)
-{
-       kill(child, SIGTERM);
-       exit(1);
-}
-
-static void server(int fd, unsigned vmethod)
-{
-       int ret;
-       xssl_cred_t cred;
-       xssl_t sb;
-       gnutls_cinput_st aux[6];
-       unsigned aux_size = 0;
-
-       if (debug) {
-               gnutls_global_set_log_function(server_log_func);
-               gnutls_global_set_log_level(7);
-       }
-
-       global_init();
-
-       aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
-       aux[aux_size].contents = GNUTLS_CINPUT_KEYPAIR;
-       aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
-       aux[aux_size].i1.mem = server_cert;
-       aux[aux_size].i2.mem = server_key;
-       aux_size++;
-
-       if (vmethod & GNUTLS_VMETHOD_GIVEN_CAS) {
-               aux[aux_size].type = GNUTLS_CINPUT_TYPE_MEM;
-               aux[aux_size].contents = GNUTLS_CINPUT_CAS;
-               aux[aux_size].fmt = GNUTLS_X509_FMT_PEM;
-               aux[aux_size].i1.mem = ca_cert;
-               aux_size++;
-       }
-
-       ret = xssl_cred_init(&cred, vmethod, aux, aux_size);
-       if (ret < 0)
-               err_quit(ret);
-
-       /* Initialize TLS session
-        */
-       ret = xssl_server_init(&sb, (gnutls_transport_ptr_t) (long) fd,
-                              NULL, cred, NULL, 0);
-       if (ret < 0)
-               err_quit(ret);
-
-       ret = xssl_write(sb, LINE1, sizeof(LINE1) - 1);
-       if (ret < 0)
-               err_quit(ret);
-
-       ret = xssl_write(sb, LINE2, sizeof(LINE2) - 1);
-       if (ret < 0)
-               err_quit(ret);
-
-       ret = xssl_flush(sb);
-       if (ret < 0)
-               err_quit(ret);
-
-       xssl_deinit(sb);
-
-       close(fd);
-
-       xssl_cred_deinit(cred);
-
-       gnutls_global_deinit();
-
-}
-
-static void start(unsigned vc, unsigned vs, unsigned ccert)
-{
-       int fd[2];
-       int ret;
-
-       ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
-       if (ret < 0) {
-               perror("socketpair");
-               exit(1);
-       }
-
-       child = fork();
-       if (child < 0) {
-               perror("fork");
-               fail("fork");
-               exit(1);
-       }
-
-       if (child) {
-               /* parent */
-               close(fd[1]);
-               server(fd[0], vs);
-               waitpid(-1, NULL, 0);
-               //kill(child, SIGTERM);
-       } else {
-               close(fd[0]);
-               client(fd[1], vc, ccert);
-               exit(0);
-       }
-}
-
-static void ch_handler(int sig)
-{
-       int status = 0;
-
-       waitpid(-1, &status, 0);
-       if (WEXITSTATUS(status) != 0 ||
-           (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
-               if (WIFSIGNALED(status))
-                       fail("Child died with sigsegv\n");
-               else
-                       fail("Child died with status %d\n",
-                            WEXITSTATUS(status));
-               terminate();
-       }
-       return;
-}
-
-void doit(void)
-{
-       signal(SIGCHLD, ch_handler);
-       signal(SIGPIPE, SIG_IGN);
-
-       test = "test1: no auth";
-       if (debug)
-               fprintf(stderr, "running %s", test);
-       start(GNUTLS_VMETHOD_NO_AUTH, GNUTLS_VMETHOD_NO_AUTH, 0);
-
-       test = "test2: server auth";
-       if (debug)
-               fprintf(stderr, "running %s", test);
-       start(GNUTLS_VMETHOD_GIVEN_CAS, GNUTLS_VMETHOD_NO_AUTH, 0);
-
-       test = "test3: mutual auth";
-       if (debug)
-               fprintf(stderr, "running %s", test);
-       start(GNUTLS_VMETHOD_GIVEN_CAS, GNUTLS_VMETHOD_GIVEN_CAS, 1);
-
-       remove(TOFU_DB_FILE);
-       test = "test4: trust on first use p1";
-       if (debug)
-               fprintf(stderr, "running %s", test);
-       start(GNUTLS_VMETHOD_TOFU, GNUTLS_VMETHOD_NO_AUTH, 0);
-
-       test = "test5: trust on first use p2";
-       if (debug)
-               fprintf(stderr, "running %s", test);
-       start(GNUTLS_VMETHOD_TOFU, GNUTLS_VMETHOD_NO_AUTH, 0);
-       remove(TOFU_DB_FILE);
-
-}
-
-#endif                         /* _WIN32 */