static const char* bin2hex( const void* bin, size_t bin_size)
{
-static char printable[120];
-unsigned char *_bin;
+static char printable[110];
+unsigned char *_bin = bin;
char* print;
+ if (bin_size > 50) bin_size = 50;
+
print = printable;
for (i = 0; i < bin_size; i++) {
sprintf(print, "%.2x ", _bin[i]);
int cert_list_size = 0;
gnutls_x509_crt cert;
+ /* This function only works for X.509 certificates.
+ */
+ if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+ return;
+
cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
- if (cert_list_size > 0
- && gnutls_certificate_type_get(session) == GNUTLS_CRT_X509) {
+ printf("Peer provided %d certificates.\n", cert_list_size);
+
+ if (cert_list_size > 0) {
- /* no error checking
+ /* we only print information about the first certificate.
*/
gnutls_x509_crt_init( &cert);
gnutls_x509_crt_import( cert, &cert_list[0]);
- printf(" - Certificate info:\n");
+ printf("Certificate info:\n");
expiration_time = gnutls_x509_crt_get_expiration_time( cert);
activation_time = gnutls_x509_crt_get_activation_time( cert);
- printf(" - Certificate is valid since: %s", ctime(&activation_time));
- printf(" - Certificate expires: %s", ctime(&expiration_time));
+ printf("\tCertificate is valid since: %s", ctime(&activation_time));
+ printf("\tCertificate expires: %s", ctime(&expiration_time));
/* Print the serial number of the certificate.
*/
size = sizeof(serial);
gnutls_x509_crt_get_serial(cert, serial, &size);
- printf(" - Certificate serial number: %s\n",
- bin2hex( serial, serial_size));
+ size = sizeof( serial);
+ printf("\tCertificate serial number: %s\n",
+ bin2hex( serial, size));
/* Extract some of the public key algorithm's parameters
*/
/* Print the version of the X.509
* certificate.
*/
- printf(" - Certificate version: #%d\n",
+ printf("\tCertificate version: #%d\n",
gnutls_x509_crt_get_version( cert));
size = sizeof(dn);
gnutls_x509_crt_get_dn( cert, dn, &size);
- printf(" - DN: %s\n", dn);
+ printf("\tDN: %s\n", dn);
size = sizeof(dn);
gnutls_x509_crt_get_issuer_dn( cert, dn, &size);
- printf(" - Certificate Issuer's DN: %s\n", dn);
+ printf("\tIssuer's DN: %s\n", dn);
gnutls_x509_crt_deinit( cert);
--- /dev/null
+/*
+ * Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ */
+
+/* This file contains code for DSA keys.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <debug.h>
+
+/* resarr will contain: p(0), q(1), g(2), y(3), x(4).
+ */
+int _gnutls_dsa_generate_params(GNUTLS_MPI* resarr, int* resarr_len, int bits)
+{
+
+ int ret;
+ gcry_sexp_t parms, key, list;
+
+ if (bits > 1024) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gcry_sexp_build( &parms, NULL, "(genkey(dsa(nbits %d)))", bits);
+ if (ret != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* generate the DSA key
+ */
+ ret = gcry_pk_genkey( &key, parms);
+ gcry_sexp_release( parms);
+
+ if (ret != 0) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ list = gcry_sexp_find_token( key, "p", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release( key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[0] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+ list = gcry_sexp_find_token( key, "q", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release( key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[1] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+ list = gcry_sexp_find_token( key, "g", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release( key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[2] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+ list = gcry_sexp_find_token( key, "y", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release( key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[3] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+
+ list = gcry_sexp_find_token( key, "x", 0);
+ if (list == NULL) {
+ gnutls_assert();
+ gcry_sexp_release( key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[4] = gcry_sexp_nth_mpi(list, 1, 0);
+ gcry_sexp_release(list);
+
+
+ gcry_sexp_release(key);
+
+ _gnutls_dump_mpi( "p: ", resarr[0]);
+ _gnutls_dump_mpi( "q: ", resarr[1]);
+ _gnutls_dump_mpi( "g: ", resarr[2]);
+ _gnutls_dump_mpi( "y: ", resarr[3]);
+ _gnutls_dump_mpi( "x: ", resarr[4]);
+
+ *resarr_len = 5;
+
+ return 0;
+
+}
+
+/*
+ * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
gnutls_x509_crt_import(crt, &cert_list[j],
GNUTLS_X509_FMT_DER);
if (ret < 0) {
- const char* str = gnutls_strerror(ret);
- if (str == NULL) str = str_unknown;
- fprintf(stderr, "Decoding error: %s\n", str);
+ fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret));
return;
}
ret = gnutls_x509_crt_to_xml( crt, &xml_data, 0);
if (ret < 0) {
- const char* str = gnutls_strerror(ret);
- if (str == NULL) str = str_unknown;
fprintf(stderr, "XML encoding error: %s\n",
- str);
+ gnutls_strerror(ret));
return;
}
digest_size = sizeof(digest);
if ((ret=gnutls_x509_crt_get_fingerprint(crt, GNUTLS_DIG_MD5, digest, &digest_size))
< 0) {
- const char* str = gnutls_strerror(ret);
- if (str == NULL) str = str_unknown;
- fprintf(stderr, "Error in fingerprint calculation: %s\n", str);
+ fprintf(stderr, "Error in fingerprint calculation: %s\n", gnutls_strerror(ret));
} else {
print = printable;
for (i = 0; i < digest_size; i++) {
ret =
gnutls_openpgp_key_import(crt, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW);
if (ret < 0) {
- const char* str = gnutls_strerror(ret);
- if (str == NULL) str = str_unknown;
- fprintf(stderr, "Decoding error: %s\n", str);
+ fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret));
return;
}
ret = gnutls_openpgp_key_to_xml( crt, &xml_data, 0);
if (ret < 0) {
- const char* str = gnutls_strerror(ret);
- if (str == NULL) str = str_unknown;
fprintf(stderr, "XML encoding error: %s\n",
- str);
+ gnutls_strerror(ret));
return;
}
printf(", ANON-DH\n");
printf("Compression methods:");
- printf(" ZLIB");
+ printf(" DEFLATE");
printf(", LZO");
printf(", NULL\n");
}
void print_license(void)
{
- fprintf(stdout,
- "\nCopyright (C) 2001-2003 Nikos Mavroyanopoulos\n"
- "This program is free software; you can redistribute it and/or modify \n"
- "it under the terms of the GNU General Public License as published by \n"
- "the Free Software Foundation; either version 2 of the License, or \n"
- "(at your option) any later version. \n" "\n"
- "This program is distributed in the hope that it will be useful, \n"
- "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
- "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
- "GNU General Public License for more details. \n" "\n"
- "You should have received a copy of the GNU General Public License \n"
- "along with this program; if not, write to the Free Software \n"
- "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n");
+fputs( "\nCopyright (C) 2004 Free Software Foundation\n"
+ "This program is free software; you can redistribute it and/or modify \n"
+ "it under the terms of the GNU General Public License as published by \n"
+ "the Free Software Foundation; either version 2 of the License, or \n"
+ "(at your option) any later version. \n" "\n"
+ "This program is distributed in the hope that it will be useful, \n"
+ "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
+ "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
+ "GNU General Public License for more details. \n" "\n"
+ "You should have received a copy of the GNU General Public License \n"
+ "along with this program; if not, write to the Free Software \n"
+ "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n",
+ stdout);
}
void parse_protocols(char **protocols, int protocols_size,
for (j = i = 0; i < protocols_size; i++) {
if (strncasecmp(protocols[i], "SSL", 3) == 0)
protocol_priority[j++] = GNUTLS_SSL3;
- if (strncasecmp(protocols[i], "TLS", 3) == 0)
+ else if (strncasecmp(protocols[i], "TLS", 3) == 0)
protocol_priority[j++] = GNUTLS_TLS1;
+ else fprintf(stderr, "Unknown protocol: '%s'\n", protocols[i]);
}
protocol_priority[j] = 0;
}
if (strncasecmp(ciphers[i], "AES", 3) == 0)
cipher_priority[j++] =
GNUTLS_CIPHER_AES_128_CBC;
- if (strncasecmp(ciphers[i], "3DE", 3) == 0)
+ else if (strncasecmp(ciphers[i], "3DE", 3) == 0)
cipher_priority[j++] =
GNUTLS_CIPHER_3DES_CBC;
- if (strcasecmp(ciphers[i], "ARCFOUR-40") == 0)
+ else if (strcasecmp(ciphers[i], "ARCFOUR-40") == 0)
cipher_priority[j++] =
GNUTLS_CIPHER_ARCFOUR_40;
- if (strcasecmp(ciphers[i], "ARCFOUR") == 0)
+ else if (strcasecmp(ciphers[i], "ARCFOUR") == 0)
cipher_priority[j++] =
GNUTLS_CIPHER_ARCFOUR_128;
- if (strncasecmp(ciphers[i], "NUL", 3) == 0)
+ else if (strncasecmp(ciphers[i], "NUL", 3) == 0)
cipher_priority[j++] = GNUTLS_CIPHER_NULL;
+ else fprintf(stderr, "Unknown cipher: '%s'\n", ciphers[i]);
}
cipher_priority[j] = 0;
}
for (j = i = 0; i < nmacs; i++) {
if (strncasecmp(macs[i], "MD5", 3) == 0)
mac_priority[j++] = GNUTLS_MAC_MD5;
- if (strncasecmp(macs[i], "RMD", 3) == 0)
+ else if (strncasecmp(macs[i], "RMD", 3) == 0)
mac_priority[j++] = GNUTLS_MAC_RMD160;
- if (strncasecmp(macs[i], "SHA", 3) == 0)
+ else if (strncasecmp(macs[i], "SHA", 3) == 0)
mac_priority[j++] = GNUTLS_MAC_SHA;
+ else fprintf(stderr, "Unknown MAC: '%s'\n", macs[i]);
}
mac_priority[j] = 0;
}
if (strncasecmp(ctype[i], "OPE", 3) == 0)
cert_type_priority[j++] =
GNUTLS_CRT_OPENPGP;
- if (strncasecmp(ctype[i], "X", 1) == 0)
+ else if (strncasecmp(ctype[i], "X", 1) == 0)
cert_type_priority[j++] = GNUTLS_CRT_X509;
+ else fprintf(stderr, "Unknown certificate type: '%s'\n", ctype[i]);
}
cert_type_priority[j] = 0;
}
for (j = i = 0; i < nkx; i++) {
if (strcasecmp(kx[i], "SRP") == 0)
kx_priority[j++] = GNUTLS_KX_SRP;
- if (strcasecmp(kx[i], "SRP-RSA") == 0)
+ else if (strcasecmp(kx[i], "SRP-RSA") == 0)
kx_priority[j++] = GNUTLS_KX_SRP_RSA;
- if (strcasecmp(kx[i], "SRP-DSS") == 0)
+ else if (strcasecmp(kx[i], "SRP-DSS") == 0)
kx_priority[j++] = GNUTLS_KX_SRP_DSS;
- if (strcasecmp(kx[i], "RSA") == 0)
+ else if (strcasecmp(kx[i], "RSA") == 0)
kx_priority[j++] = GNUTLS_KX_RSA;
- if (strcasecmp(kx[i], "RSA-EXPORT") == 0)
+ else if (strcasecmp(kx[i], "RSA-EXPORT") == 0)
kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
- if (strncasecmp(kx[i], "DHE-RSA", 7) == 0)
+ else if (strncasecmp(kx[i], "DHE-RSA", 7) == 0)
kx_priority[j++] = GNUTLS_KX_DHE_RSA;
- if (strncasecmp(kx[i], "DHE-DSS", 7) == 0)
+ else if (strncasecmp(kx[i], "DHE-DSS", 7) == 0)
kx_priority[j++] = GNUTLS_KX_DHE_DSS;
- if (strncasecmp(kx[i], "ANON", 4) == 0)
+ else if (strncasecmp(kx[i], "ANON", 4) == 0)
kx_priority[j++] = GNUTLS_KX_ANON_DH;
+ else fprintf(stderr, "Unknown key exchange: '%s'\n", kx[i]);
}
kx_priority[j] = 0;
}
for (j = i = 0; i < ncomp; i++) {
if (strncasecmp(comp[i], "NUL", 3) == 0)
comp_priority[j++] = GNUTLS_COMP_NULL;
- if (strncasecmp(comp[i], "ZLI", 3) == 0)
- comp_priority[j++] = GNUTLS_COMP_ZLIB;
- if (strncasecmp(comp[i], "LZO", 3) == 0)
+ else if (strncasecmp(comp[i], "ZLI", 3) == 0)
+ comp_priority[j++] = GNUTLS_COMP_DEFLATE;
+ else if (strncasecmp(comp[i], "DEF", 3) == 0)
+ comp_priority[j++] = GNUTLS_COMP_DEFLATE;
+ else if (strncasecmp(comp[i], "LZO", 3) == 0)
comp_priority[j++] = GNUTLS_COMP_LZO;
+ else fprintf(stderr, "Unknown compression: '%s'\n", comp[i]);
}
comp_priority[j] = 0;
}
ret = inet_ntoa( *((struct in_addr*)src));
- if (strlen(ret) > cnt) {
+ if (ret == NULL || strlen(ret) > cnt) {
return NULL;
}
strcpy( dst, ret);
-
+
return dst;
}
#endif
projects / thirdparty / gnutls.git / commitdiff
