typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
} CertificateSigType;
-/* Moves data from a internal certificate struct (gnutls_pcert_st) to
+/* Moves data from a internal certificate struct (gnutls_pcert_st) to
* another internal certificate struct (cert_auth_info_t), and deinitializes
* the former.
*/
return -1;
}
-/* Returns the issuer's Distinguished name in odn, of the certificate
+/* Returns the issuer's Distinguished name in odn, of the certificate
* specified in cert.
*/
static int cert_get_issuer_dn(gnutls_pcert_st * cert, gnutls_datum_t * odn)
/* Locates the most appropriate x509 certificate using the
* given DN. If indx == -1 then no certificate was found.
*
- * That is to guess which certificate to use, based on the
+ * That is to guess which certificate to use, based on the
* CAs and sign algorithms supported by the peer server.
*/
static int
if (data_size > 0)
do {
- /* This works like DECR_LEN()
+ /* This works like DECR_LEN()
*/
result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
DECR_LENGTH_COM(data_size, 2, goto error);
cred->certs[indx].ocsp_data,
cred->certs[indx].ocsp_data_length,
cred->certs[indx].pkey, 0,
- NULL, 0);
+ NULL, NULL);
} else {
selected_certs_set(session, NULL, 0, NULL, 0,
NULL, 0, NULL, NULL);
int apr_cert_list_length;
unsigned init_pos = data->length;
- /* find the appropriate certificate
+ /* find the appropriate certificate
*/
if ((ret =
_gnutls_get_selected_cert(session, &apr_cert_list,
* instead of:
* 0B 00 00 00 // empty certificate handshake
*
- * ( the above is the whole handshake message, not
+ * ( the above is the whole handshake message, not
* the one produced here )
*/
}
/* Ok we now allocate the memory to hold the
- * certificate list
+ * certificate list
*/
peer_certificate_list =
DECR_LEN_FINAL(dsize, size);
- /* We should reply with a certificate message,
+ /* We should reply with a certificate message,
* even if we have no certificate to send.
*/
session->internals.hsk_flags |= HSK_CRT_ASKED;
return data->length - init_pos;
}
-/* This function will return the appropriate certificate to use.
+/* This function will return the appropriate certificate to use.
* Fills in the apr_cert_list, apr_cert_list_length and apr_pkey.
* The return value is a negative error code on error.
*
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- } else { /* CLIENT SIDE
+ } else { /* CLIENT SIDE
*/
/* _gnutls_select_client_cert() must have been called before.
*/
*
*/
-/* This file contains the code the Certificate Type TLS extension.
+/* This file contains the code for the Signature Algorithms TLS extension.
* This extension is currently gnutls specific.
*/
size_t data_size);
static int _gnutls_signature_algorithm_send_params(gnutls_session_t
session,
- gnutls_buffer_st *
- extdata);
+ gnutls_buffer_st * extdata);
static void signature_algorithms_deinit_data(gnutls_ext_priv_data_t priv);
static int signature_algorithms_pack(gnutls_ext_priv_data_t epriv,
gnutls_buffer_st * ps);
gnutls_sign_get_name(sig));
if (sig != GNUTLS_SIGN_UNKNOWN) {
- if (priv->sign_algorithms_size ==
- MAX_ALGOS)
+ if (priv->sign_algorithms_size == MAX_ALGOS)
break;
priv->sign_algorithms[priv->
- sign_algorithms_size++] =
- sig;
+ sign_algorithms_size++] = sig;
}
}
*/
/* return GNUTLS_E_UNEXPECTED_PACKET; */
} else {
- /* SERVER SIDE - we must check if the sent cert type is the right one
+ /* SERVER SIDE
*/
if (data_size >= 2) {
uint16_t len;
}
/* Returns a requested by the peer signature algorithm that
- * matches the given certificate's public key algorithm.
+ * matches the given certificate's public key algorithm.
*
* When the @client_cert flag is not set, then this function will
* also check whether the signature algorithm is allowed to be
}
}
- for (i = 0; i < session->internals.priorities->sigalg.size;
- i++) {
- if (session->internals.priorities->sigalg.entry[i]->id ==
- sig) {
+ for (i = 0; i < session->internals.priorities->sigalg.size; i++) {
+ if (session->internals.priorities->sigalg.entry[i]->id == sig) {
return 0; /* ok */
}
}
disallowed:
- _gnutls_handshake_log("signature algorithm %s is not enabled\n", gnutls_sign_algorithm_get_name(sig));
+ _gnutls_handshake_log("Signature algorithm %s is not enabled\n", gnutls_sign_algorithm_get_name(sig));
return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
* gnutls_sign_algorithm_get:
* @session: is a #gnutls_session_t type.
*
- * Returns the signature algorithm that is (or will be) used in this
+ * Returns the signature algorithm that is (or will be) used in this
* session by the server to sign data. This function should be
* used only with TLS 1.2 or later.
*
* gnutls_sign_algorithm_get_client:
* @session: is a #gnutls_session_t type.
*
- * Returns the signature algorithm that is (or will be) used in this
+ * Returns the signature algorithm that is (or will be) used in this
* session by the client to sign data. This function should be
* used only with TLS 1.2 or later.
*
projects / thirdparty / gnutls.git / commitdiff
