[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r7446 - in libmicrohttpd: . src/daemon src/daemon/https src
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r7446 - in libmicrohttpd: . src/daemon src/daemon/https src/daemon/https/openpgp src/daemon/https/tls src/daemon/https/x509 src/examples src/include src/testcurl src/testcurl/https |
|
Date: |
Thu, 17 Jul 2008 21:53:28 -0600 (MDT) |
Author: lv-426
Date: 2008-07-17 21:53:27 -0600 (Thu, 17 Jul 2008)
New Revision: 7446
Added:
libmicrohttpd/src/daemon/https/compat.h
libmicrohttpd/src/daemon/https/extra.h
libmicrohttpd/src/daemon/https/gnutls.h
libmicrohttpd/src/testcurl/https/tls_alert_test.c
Removed:
libmicrohttpd/src/daemon/https/https_common.c
libmicrohttpd/src/daemon/https/https_common.h
libmicrohttpd/src/daemon/https/includes/
Modified:
libmicrohttpd/
libmicrohttpd/configure.ac
libmicrohttpd/src/daemon/
libmicrohttpd/src/daemon/Makefile.am
libmicrohttpd/src/daemon/connection_https.c
libmicrohttpd/src/daemon/daemon.c
libmicrohttpd/src/daemon/https/openpgp/Makefile.am
libmicrohttpd/src/daemon/https/tls/Makefile.am
libmicrohttpd/src/daemon/https/x509/Makefile.am
libmicrohttpd/src/examples/
libmicrohttpd/src/examples/Makefile.am
libmicrohttpd/src/examples/authorization_example.c
libmicrohttpd/src/examples/https_server_example.c
libmicrohttpd/src/include/microhttpsd.h
libmicrohttpd/src/testcurl/
libmicrohttpd/src/testcurl/Makefile.am
libmicrohttpd/src/testcurl/https/
libmicrohttpd/src/testcurl/https/Makefile.am
libmicrohttpd/src/testcurl/https/mhds_get_test.c
libmicrohttpd/src/testcurl/https/mhds_multi_daemon_test.c
libmicrohttpd/src/testcurl/https/mhds_session_info_test.c
Log:
fixed some memory leaks
removed includes dir
Property changes on: libmicrohttpd
___________________________________________________________________
Name: svn:ignore
+ debug
exclude
autom4te.cache
scripts
keys
doc.tmp
config.h
.project
config.guess
.cproject
configure
libtool
install-sh
aclocal.m4
missing
config.sub
config.status
compile
stamp-h1
.pydevproject
config.h.in
ltmain.sh
depcomp
Modified: libmicrohttpd/configure.ac
===================================================================
--- libmicrohttpd/configure.ac 2008-07-17 22:09:55 UTC (rev 7445)
+++ libmicrohttpd/configure.ac 2008-07-18 03:53:27 UTC (rev 7446)
@@ -277,7 +277,6 @@
src/daemon/https/openpgp/Makefile
src/daemon/https/opencdk/Makefile
src/daemon/https/minitasn1/Makefile
-src/daemon/https/includes/Makefile
src/examples/Makefile
src/testcurl/Makefile
src/testcurl/https/Makefile
Property changes on: libmicrohttpd/src/daemon
___________________________________________________________________
Name: svn:ignore
- .libs
.deps
daemon.loT
daemon_test
libmicrohttpd_la-internal.loT
libmicrohttpd_la-connection.loT
libmicrohttpd_la-postprocessor.loT
libmicrohttpd_la-daemon.loT
Makefile
Makefile.in
+ .libs
.deps
daemon.loT
daemon_test
libmicrohttpd_la-internal.loT
libmicrohttpd_la-connection.loT
libmicrohttpd_la-postprocessor.loT
libmicrohttpd_la-daemon.loT
Makefile
Makefile.in
postprocessor_large_test
postprocessor_test
gmon.out
Modified: libmicrohttpd/src/daemon/Makefile.am
===================================================================
--- libmicrohttpd/src/daemon/Makefile.am 2008-07-17 22:09:55 UTC (rev
7445)
+++ libmicrohttpd/src/daemon/Makefile.am 2008-07-18 03:53:27 UTC (rev
7446)
@@ -6,7 +6,7 @@
-I$(top_srcdir)/src/daemon/https/openpgp \
-I$(top_srcdir)/src/daemon/https/opencdk \
-I$(top_srcdir)/src/daemon/https/tls \
--I$(top_srcdir)/src/daemon/https/includes \
+-I$(top_srcdir)/src/daemon/https \
-I$(top_srcdir)/src/daemon/https/cfg \
-I$(GCRYPT_CPPFLAGS)
Modified: libmicrohttpd/src/daemon/connection_https.c
===================================================================
--- libmicrohttpd/src/daemon/connection_https.c 2008-07-17 22:09:55 UTC (rev
7445)
+++ libmicrohttpd/src/daemon/connection_https.c 2008-07-18 03:53:27 UTC (rev
7446)
@@ -71,24 +71,37 @@
}
union MHD_SessionInfo
-MHD_get_session_info (struct MHD_Connection *con, enum MHD_InfoType infoType)
+MHD_get_tls_session_info (struct MHD_Connection *con,
+ enum MHD_InfoType infoType)
{
+ /* return NULL if this isn't a SSL/TLS type connection */
+ if (con->tls_session == NULL)
+ {
+ /* TODO clean */
+ return (union MHD_SessionInfo) 0;
+ }
switch (infoType)
{
case MHS_INFO_CIPHER_ALGO:
- return (union MHD_SessionInfo)
con->tls_session->security_parameters.read_bulk_cipher_algorithm;
+ return (union MHD_SessionInfo) con->tls_session->security_parameters.
+ read_bulk_cipher_algorithm;
case MHD_INFO_KX_ALGO:
- return (union MHD_SessionInfo)
con->tls_session->security_parameters.kx_algorithm;
+ return (union MHD_SessionInfo) con->tls_session->security_parameters.
+ kx_algorithm;
case MHD_INFO_CREDENTIALS_TYPE:
return (union MHD_SessionInfo) con->tls_session->key->cred->algorithm;
case MHD_INFO_MAC_ALGO:
- return (union MHD_SessionInfo)
con->tls_session->security_parameters.read_mac_algorithm;
+ return (union MHD_SessionInfo) con->tls_session->security_parameters.
+ read_mac_algorithm;
case MHD_INFO_COMPRESSION_METHOD:
- return (union MHD_SessionInfo)
con->tls_session->security_parameters.read_compression_algorithm;
+ return (union MHD_SessionInfo) con->tls_session->security_parameters.
+ read_compression_algorithm;
case MHD_INFO_PROTOCOL:
- return (union MHD_SessionInfo)
con->tls_session->security_parameters.version;
+ return (union MHD_SessionInfo) con->tls_session->security_parameters.
+ version;
case MHD_INFO_CERT_TYPE:
- return (union MHD_SessionInfo)
con->tls_session->security_parameters.cert_type;
+ return (union MHD_SessionInfo) con->tls_session->security_parameters.
+ cert_type;
};
}
@@ -280,24 +293,21 @@
{
connection->last_activity = time (NULL);
- while (1)
- {
#if HAVE_MESSAGES
- MHD_DLOG (connection->daemon, "MHD write: %d. f: %s, l: %d\n",
- connection->state, __FUNCTION__, __LINE__);
+ MHD_DLOG (connection->daemon, "MHD write: %d. f: %s, l: %d\n",
+ connection->state, __FUNCTION__, __LINE__);
#endif
- switch (connection->state)
- {
- case MHD_CONNECTION_CLOSED:
- MHD_tls_connection_close (connection);
- return MHD_NO;
- case MHD_TLS_HANDSHAKE_FAILED:
- MHD_tls_connection_close (connection);
- return MHD_NO;
- /* some HTTP state */
- default:
- return MHD_connection_handle_write (connection);
- }
+ switch (connection->state)
+ {
+ case MHD_CONNECTION_CLOSED:
+ MHD_tls_connection_close (connection);
+ return MHD_NO;
+ case MHD_TLS_HANDSHAKE_FAILED:
+ MHD_tls_connection_close (connection);
+ return MHD_NO;
+ /* some HTTP state */
+ default:
+ return MHD_connection_handle_write (connection);
}
}
Modified: libmicrohttpd/src/daemon/daemon.c
===================================================================
--- libmicrohttpd/src/daemon/daemon.c 2008-07-17 22:09:55 UTC (rev 7445)
+++ libmicrohttpd/src/daemon/daemon.c 2008-07-18 03:53:27 UTC (rev 7446)
@@ -29,10 +29,11 @@
#include "connection.h"
#include "memorypool.h"
+#if HTTPS_SUPPORT
#include "gnutls.h"
#include "gnutls_int.h"
-#include "gnutls_datum.h"
#include "gnutls_global.h"
+#endif
/**
* Default connection limit.
@@ -59,86 +60,86 @@
#if HTTPS_SUPPORT
/* initialize security aspects of the HTTPS daemon */
static int
-MHDS_init (struct MHD_Daemon *daemon){
+MHDS_init (struct MHD_Daemon *daemon)
+{
+ int i;
+ priority_st st;
+ gnutls_datum_t key;
+ gnutls_datum_t cert;
- int i;
- priority_st st;
+ gnutls_global_set_log_function (MHD_tls_log_func);
- gnutls_global_set_log_function (MHD_tls_log_func);
+ /* setup server certificate */
+ gnutls_certificate_allocate_credentials (&daemon->x509_cret);
- /* setup server certificate */
- gnutls_certificate_allocate_credentials (&daemon->x509_cret);
+ /* TODO remove if unused
+ gnutls_certificate_set_x509_trust_file(x509_cret,
CAFILE,GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE,
GNUTLS_X509_FMT_PEM); */
- /* TODO remove if unused
- gnutls_certificate_set_x509_trust_file(x509_cret,
CAFILE,GNUTLS_X509_FMT_PEM);
- gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE,
GNUTLS_X509_FMT_PEM); */
+ /* sets a certificate private key pair */
+ if (daemon->https_cert_path && daemon->https_key_path)
+ {
+ /* test for private key & certificate file exsitance */
+ if (access (daemon->https_cert_path, R_OK))
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (daemon, "Missing X.509 certificate file\n");
+#endif
+ free (daemon);
+ CLOSE (daemon->socket_fd);
+ return -1;
+ }
- /* sets a certificate private key pair */
- if (daemon->https_cert_path && daemon->https_key_path)
- {
- /* test for private key & certificate file exsitance */
- if (access (daemon->https_cert_path, R_OK))
- {
- #if HAVE_MESSAGES
- MHD_DLOG (daemon, "Missing X.509 certificate file\n");
- #endif
- free (daemon);
- CLOSE (daemon->socket_fd);
- return -1;
- }
+ if (access (daemon->https_key_path, R_OK))
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (daemon, "Missing X.509 key file\n");
+#endif
+ free (daemon);
+ CLOSE (daemon->socket_fd);
+ return -1;
+ }
+ gnutls_certificate_set_x509_key_file (daemon->x509_cret,
+ daemon->https_cert_path,
+ daemon->https_key_path,
+ GNUTLS_X509_FMT_PEM);
+ }
+ else if (daemon->https_mem_cert && daemon->https_mem_key)
+ {
+ key.data = daemon->https_mem_key;
+ key.size = strlen (daemon->https_mem_key);
+ cert.data = daemon->https_mem_cert;
+ cert.size = strlen (daemon->https_mem_cert);
- if (access (daemon->https_key_path, R_OK))
- {
- #if HAVE_MESSAGES
- MHD_DLOG (daemon, "Missing X.509 key file\n");
- #endif
- free (daemon);
- CLOSE (daemon->socket_fd);
- return -1;
- }
- gnutls_certificate_set_x509_key_file (daemon->x509_cret,
- daemon->https_cert_path,
- daemon->https_key_path,
- GNUTLS_X509_FMT_PEM);
- }
- else if (daemon->https_mem_cert && daemon->https_mem_key)
- {
- gnutls_datum_t key ;
- gnutls_datum_t cert ;
+ gnutls_certificate_set_x509_key_mem (daemon->x509_cret, &cert, &key,
+ GNUTLS_X509_FMT_PEM);
+ }
+ else
+ {
+#if HAVE_MESSAGES
+ MHD_DLOG (daemon, "Failed to load certificate\n");
+#endif
+ return MHD_NO;
+ }
- _gnutls_set_datum_m (&key, daemon->https_mem_key,
- strlen (daemon->https_mem_key), &malloc);
- _gnutls_set_datum_m (&cert, daemon->https_mem_cert,
- strlen (daemon->https_mem_cert), &malloc);
-
- gnutls_certificate_set_x509_key_mem (daemon->x509_cret, &cert, &key,
- GNUTLS_X509_FMT_PEM);
- }
- else
- {
- #if HAVE_MESSAGES
- MHD_DLOG (daemon, "Failed to load certificate\n");
- #endif
- return MHD_NO;
- }
-
- /* generate DH parameters if necessary */
- st = daemon->priority_cache->kx;
- for (i = 0; i < st.algorithms; i++)
+ /* generate DH parameters if necessary */
+ st = daemon->priority_cache->kx;
+ for (i = 0; i < st.algorithms; i++)
+ {
+ /* initialize Diffie Hellman parameters if necessary */
+ /* TODO add other cipher suits */
+ if (st.priority[i] == GNUTLS_KX_DHE_RSA)
{
- /* initialize Diffie Hellman parameters if necessary */
- /* TODO add other cipher suits */
- if (st.priority[i] == GNUTLS_KX_DHE_RSA ){
- gnutls_dh_params_init (&daemon->dh_params);
- gnutls_dh_params_generate2 (daemon->dh_params, 1024);
- break;
- }
+ gnutls_dh_params_init (&daemon->dh_params);
+ gnutls_dh_params_generate2 (daemon->dh_params, 1024);
+ break;
}
+ }
- gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params);
+ gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params);
- /* TODO address error case return value */
- return MHD_YES;
+ /* TODO address error case return value */
+ return MHD_YES;
}
/* TODO unite with code in gnutls_priority.c */
@@ -322,9 +323,9 @@
con->daemon->x509_cret);
/* TODO avoid gnutls blocking recv / write calls
- gnutls_transport_set_pull_function(tls_session, &recv);
- gnutls_transport_set_push_function(tls_session, &send);
- */
+ gnutls_transport_set_pull_function(tls_session, &recv);
+ gnutls_transport_set_push_function(tls_session, &send);
+ */
gnutls_transport_set_ptr (con->tls_session, con->socket_fd);
@@ -546,14 +547,15 @@
}
MHD_destroy_response (pos->response);
MHD_pool_destroy (pos->pool);
+#if HTTPS_SUPPORT
+ if (pos->tls_session != 0)
+ {
+ gnutls_deinit (pos->tls_session);
+ }
+#endif
free (pos->addr);
free (pos);
daemon->max_connections++;
-#if HTTPS_SUPPORT
- if(pos->tls_session != 0){
- gnutls_deinit (pos->tls_session);
- }
-#endif
if (prev == NULL)
pos = daemon->connections;
else
@@ -770,7 +772,7 @@
MHD_AccessHandlerCallback dh, void *dh_cls, ...)
{
const int on = 1;
- struct MHD_Daemon * retVal;
+ struct MHD_Daemon *retVal;
/* listeningss sockets used by the daemon */
int socket_fd;
@@ -915,22 +917,26 @@
retVal->https_mem_cert = va_arg (ap, const char *);
break;
case MHD_OPTION_KX_PRIORITY:
- _set_priority (&retVal->priority_cache->cipher, va_arg (ap, const
int *));
+ _set_priority (&retVal->priority_cache->cipher,
+ va_arg (ap, const int *));
break;
case MHD_OPTION_CIPHER_ALGORITHM:
- _set_priority (&retVal->priority_cache->cipher, va_arg (ap, const
int *));
+ _set_priority (&retVal->priority_cache->cipher,
+ va_arg (ap, const int *));
break;
#endif
default:
#if HAVE_MESSAGES
- if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END) {
- fprintf (stderr,
- "Error: HTTPS option given while compiling without HTTPS
support\n");
- }
- else {
- fprintf (stderr,
- "Invalid MHD_OPTION argument! (Did you terminate the list
with MHD_OPTION_END?)\n");
- }
+ if (opt > MHD_HTTPS_OPTION_START && opt < MHD_HTTPS_OPTION_END)
+ {
+ fprintf (stderr,
+ "Error: HTTPS option given while compiling without
HTTPS support\n");
+ }
+ else
+ {
+ fprintf (stderr,
+ "Invalid MHD_OPTION argument! (Did you terminate the
list with MHD_OPTION_END?)\n");
+ }
#endif
abort ();
}
@@ -1021,6 +1027,8 @@
{
gnutls_priority_deinit (daemon->priority_cache);
+ gnutls_certificate_free_credentials (daemon->x509_cret);
+
/* lock gnutls_global mutex since it uses reference counting */
pthread_mutex_lock (&gnutls_init_mutex);
gnutls_global_deinit ();
Copied: libmicrohttpd/src/daemon/https/compat.h (from rev 7372,
libmicrohttpd/src/daemon/https/includes/compat.h)
===================================================================
--- libmicrohttpd/src/daemon/https/compat.h (rev 0)
+++ libmicrohttpd/src/daemon/https/compat.h 2008-07-18 03:53:27 UTC (rev
7446)
@@ -0,0 +1,98 @@
+/* Typedefs to be fully compatible with the types of
+ * GnuTLS 1.0.x.
+ */
+
+#include "gnutls.h"
+
+#ifndef GCOMPAT_H
+# define GCOMPAT_H
+
+#ifdef __GNUC__
+
+#define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 +
__GNUC_PATCHLEVEL__)
+
+#if _GNUTLS_GCC_VERSION >= 30100
+#define _GNUTLS_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__))
+#endif
+
+#endif /* __GNUC__ */
+
+#ifndef _GNUTLS_GCC_ATTR_DEPRECATED
+#define _GNUTLS_GCC_ATTR_DEPRECATED
+#endif
+
+#define gnutls_cipher_algorithm gnutls_cipher_algorithm_t
+#define gnutls_kx_algorithm gnutls_kx_algorithm_t
+#define gnutls_paramsype gnutls_paramsype_t
+#define gnutls_mac_algorithm gnutls_mac_algorithm_t
+#define gnutls_digest_algorithm gnutls_digest_algorithm_t
+#define gnutls_compression_method gnutls_compression_method_t
+#define gnutls_connection_end gnutls_connection_end_t
+#define gnutls_credentialsype gnutls_credentialsype_t
+#define gnutls_certificateype gnutls_certificateype_t
+#define gnutls_x509_crt_fmt gnutls_x509_crt_fmt_t
+#define gnutls_openpgp_key_fmt gnutls_openpgp_key_fmt_t
+#define gnutls_pk_algorithm gnutls_pk_algorithm_t
+#define gnutls_sign_algorithm gnutls_sign_algorithm_t
+#define gnutls_server_name gnutls_server_nameype_t
+#define gnutls_protocol gnutls_protocol_version_t
+#define gnutls_close_request gnutls_close_request_t
+#define gnutls_openpgp_key_status gnutls_openpgp_key_status_t
+#define gnutls_certificate_request gnutls_certificate_request_t
+#define gnutls_certificate_status gnutls_certificate_status_t
+#define gnutls_session gnutls_session_t
+#define gnutls_alert_level gnutls_alert_level_t
+#define gnutls_alert_description gnutls_alert_description_t
+#define gnutls_x509_subject_alt_name gnutls_x509_subject_alt_name_t
+#define gnutls_openpgp_key gnutls_openpgp_key_t
+#define gnutls_openpgp_privkey gnutls_openpgp_privkey_t
+#define gnutls_openpgp_keyring gnutls_openpgp_keyring_t
+#define gnutls_x509_crt gnutls_x509_crt_t
+#define gnutls_x509_privkey gnutls_x509_privkey_t
+#define gnutls_x509_crl gnutls_x509_crl_t
+#define gnutls_pkcs7 gnutls_pkcs7_t
+#define gnutls_x509_crq gnutls_x509_crq_t
+#define gnutls_pkcs_encrypt_flags gnutls_pkcs_encrypt_flags_t
+#define gnutls_pkcs12_bag_type gnutls_pkcs12_bag_type_t
+#define gnutls_pkcs12_bag gnutls_pkcs12_bag_t
+#define gnutls_pkcs12 gnutls_pkcs12_t
+#define gnutls_certificate_credentials gnutls_certificate_credentials_t
+#define gnutls_anon_server_credentials gnutls_anon_server_credentials_t
+#define gnutls_anon_client_credentials gnutls_anon_client_credentials_t
+#define gnutls_srp_client_credentials gnutls_srp_client_credentials_t
+#define gnutls_srp_server_credentials gnutls_srp_server_credentials_t
+#define gnutls_dh_params gnutls_dh_params_t
+#define gnutls_rsa_params gnutls_rsa_params_t
+#define gnutls_params_type gnutls_params_type_t
+#define gnutls_credentials_type gnutls_credentials_type_t
+#define gnutls_certificate_type gnutls_certificate_type_t
+#define gnutls_datum gnutls_datum_t
+#define gnutls_transport_ptr gnutls_transport_ptr_t
+
+/* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was
+ modified to use the PSK alert. */
+#define GNUTLS_A_MISSING_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
+#define GNUTLS_A_UNKNOWN_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
+
+/* OpenPGP stuff renamed in 2.1.x. */
+#define gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t
+#define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
+#define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
+#define gnutls_openpgp_send_key gnutls_openpgp_send_cert
+#define gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t
+#define gnutls_openpgp_key_t gnutls_openpgp_crt_t
+#define gnutls_openpgp_key_init gnutls_openpgp_crt_init
+#define gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
+#define gnutls_openpgp_key_import gnutls_openpgp_crt_import
+#define gnutls_openpgp_key_export gnutls_openpgp_crt_export
+#define gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
+#define gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
+#define gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
+#define gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
+#define gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
+#define gnutls_openpgp_key_get_creation_time
gnutls_openpgp_crt_get_creation_time
+#define gnutls_openpgp_key_get_expiration_time
gnutls_openpgp_crt_get_expiration_time
+#define gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
+#define gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
+
+#endif /* GCOMPAT_H */
Property changes on: libmicrohttpd/src/daemon/https/compat.h
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Copied: libmicrohttpd/src/daemon/https/extra.h (from rev 7395,
libmicrohttpd/src/daemon/https/includes/extra.h)
===================================================================
--- libmicrohttpd/src/daemon/https/extra.h (rev 0)
+++ libmicrohttpd/src/daemon/https/extra.h 2008-07-18 03:53:27 UTC (rev
7446)
@@ -0,0 +1,185 @@
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS-EXTRA.
+ *
+ * GNUTLS-EXTRA is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * GNUTLS-EXTRA is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GNUTLS-EXTRA; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ */
+
+/* Note the libgnutls-extra is not a standalone library. It requires
+ * to link also against libgnutls.
+ */
+
+#ifndef GNUTLS_EXTRA_H
+#define GNUTLS_EXTRA_H
+
+#include "gnutls.h"
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#define LIBGNUTLS_EXTRA_VERSION LIBGNUTLS_VERSION
+
+/* Openpgp certificate stuff
+ */
+
+ typedef enum gnutls_openpgp_crt_fmt
+ { GNUTLS_OPENPGP_FMT_RAW,
+ GNUTLS_OPENPGP_FMT_BASE64
+ } gnutls_openpgp_crt_fmt_t;
+
+/**
+ * gnutls_openpgp_recv_key_func - Callback prototype to get OpenPGP keys
+ * @session: a TLS session
+ * @keyfpr: key fingerprint
+ * @keyfpr_length: length of key fingerprint
+ * @key: output key.
+ *
+ * A callback of this type is used to retrieve OpenPGP keys. Only
+ * useful on the server, and will only be used if the peer send a key
+ * fingerprint instead of a full key. See also
+ * gnutls_openpgp_set_recv_key_function().
+ *
+ */
+ typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t session,
+ const unsigned char *keyfpr,
+ unsigned int keyfpr_length,
+ gnutls_datum_t * key);
+
+ void gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
+ gnutls_openpgp_recv_key_func
+ func);
+
+ int
+ gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t
+ res, const char *CERTFILE,
+ const char *KEYFILE,
gnutls_openpgp_crt_fmt_t);
+ int gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t
+ res,
+ const gnutls_datum_t * CERT,
+ const gnutls_datum_t * KEY,
gnutls_openpgp_crt_fmt_t);
+
+ int
+ gnutls_certificate_set_openpgp_keyring_mem
+ (gnutls_certificate_credentials_t c, const unsigned char *data,
+ size_t dlen, gnutls_openpgp_crt_fmt_t);
+
+ int
+ gnutls_certificate_set_openpgp_keyring_file
+ (gnutls_certificate_credentials_t c, const char *file,
gnutls_openpgp_crt_fmt_t);
+
+ /* TLS/IA stuff
+ */
+
+ typedef enum
+ {
+ GNUTLS_IA_APPLICATION_PAYLOAD = 0,
+ GNUTLS_IA_INTERMEDIATE_PHASE_FINISHED = 1,
+ GNUTLS_IA_FINAL_PHASE_FINISHED = 2
+ } gnutls_ia_apptype_t;
+
+ /* TLS/IA credential
+ */
+
+ typedef int (*gnutls_ia_avp_func) (gnutls_session_t session, void *ptr,
+ const char *last, size_t lastlen,
+ char **next, size_t * nextlen);
+
+ typedef struct gnutls_ia_server_credentials_st
+ *gnutls_ia_server_credentials_t;
+ typedef struct gnutls_ia_client_credentials_st
+ *gnutls_ia_client_credentials_t;
+
+ /* Allocate and free TLS/IA credentials. */
+ extern void
+ gnutls_ia_free_client_credentials (gnutls_ia_client_credentials_t sc);
+ extern int
+ gnutls_ia_allocate_client_credentials (gnutls_ia_client_credentials_t *
+ sc);
+
+ extern void
+ gnutls_ia_free_server_credentials (gnutls_ia_server_credentials_t sc);
+ extern int
+ gnutls_ia_allocate_server_credentials (gnutls_ia_server_credentials_t *
+ sc);
+
+ /* Client TLS/IA credential functions. */
+ extern void
+ gnutls_ia_set_client_avp_function (gnutls_ia_client_credentials_t cred,
+ gnutls_ia_avp_func avp_func);
+ extern void
+ gnutls_ia_set_client_avp_ptr (gnutls_ia_client_credentials_t cred,
+ void *ptr);
+ extern void *gnutls_ia_get_client_avp_ptr (gnutls_ia_client_credentials_t
+ cred);
+
+ /* Server TLS/IA credential functions. */
+ extern void
+ gnutls_ia_set_server_avp_function (gnutls_ia_server_credentials_t cred,
+ gnutls_ia_avp_func avp_func);
+ extern void
+ gnutls_ia_set_server_avp_ptr (gnutls_ia_server_credentials_t cred,
+ void *ptr);
+ extern void *gnutls_ia_get_server_avp_ptr (gnutls_ia_server_credentials_t
+ cred);
+
+ /* TLS/IA handshake. */
+ extern int gnutls_ia_handshake_p (gnutls_session_t session);
+
+ extern int gnutls_ia_handshake (gnutls_session_t session);
+
+ /* TLS/IA low level interface. */
+ extern int
+ gnutls_ia_permute_inner_secret (gnutls_session_t session,
+ size_t session_keys_size,
+ const char *session_keys);
+ extern int gnutls_ia_endphase_send (gnutls_session_t session,
+ int final_p);
+
+ extern int gnutls_ia_verify_endphase (gnutls_session_t session,
+ const char *checksum);
+
+ extern ssize_t gnutls_ia_send (gnutls_session_t session,
+ const char *data, size_t sizeofdata);
+ extern ssize_t gnutls_ia_recv (gnutls_session_t session,
+ char *data, size_t sizeofdata);
+
+ /* Utility stuff. */
+ extern int gnutls_ia_generate_challenge (gnutls_session_t session,
+ size_t buffer_size,
+ char *buffer);
+ extern void gnutls_ia_extract_inner_secret (gnutls_session_t session,
+ char *buffer);
+
+ /* Define whether inner phases are wanted. */
+ extern void gnutls_ia_enable (gnutls_session_t session,
+ int allow_skip_on_resume);
+
+ int gnutls_global_init_extra (void);
+
+/* returns libgnutls-extra version (call it with a NULL argument)
+ */
+ const char *gnutls_extra_check_version (const char *req_version);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Property changes on: libmicrohttpd/src/daemon/https/extra.h
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Copied: libmicrohttpd/src/daemon/https/gnutls.h (from rev 7395,
libmicrohttpd/src/daemon/https/includes/gnutls.h)
===================================================================
--- libmicrohttpd/src/daemon/https/gnutls.h (rev 0)
+++ libmicrohttpd/src/daemon/https/gnutls.h 2008-07-18 03:53:27 UTC (rev
7446)
@@ -0,0 +1,1190 @@
+/* -*- c -*-
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software
Foundation
+ *
+ * Author: Nikos Mavroyanopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
+ * USA
+ *
+ */
+
+/* This file contains the types and prototypes for all the
+ * high level functionality of gnutls main library. For the
+ * extra functionality (which is under the GNU GPL license) check
+ * the gnutls/extra.h header. The openssl compatibility layer is
+ * in gnutls/openssl.h.
+ *
+ * The low level cipher functionality is in libgcrypt. Check
+ * gcrypt.h
+ */
+
+#ifndef GNUTLS_H
+#define GNUTLS_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#define LIBGNUTLS_VERSION "2.2.3"
+
+#define LIBGNUTLS_VERSION_MAJOR 2
+#define LIBGNUTLS_VERSION_MINOR 2
+#define LIBGNUTLS_VERSION_PATCH 3
+
+#define LIBGNUTLS_VERSION_NUMBER 0x020203
+
+/* Get size_t. */
+#include <stddef.h>
+/* Get ssize_t. */
+#ifndef HAVE_SSIZE_T
+# define HAVE_SSIZE_T
+#include <sys/types.h>
+#endif
+/* Get time_t. */
+#include <time.h>
+#include <compat.h>
+
+#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
+#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
+#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
+#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
+
+#include "microhttpsd.h"
+
+ typedef enum
+ {
+ GNUTLS_PARAMS_RSA_EXPORT = 1,
+ GNUTLS_PARAMS_DH
+ } gnutls_params_type_t;
+
+/* TODO clean
+#define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
+#define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
+*/
+
+ /* exported for other gnutls headers. This is the maximum number of
+ * algorithms (ciphers, kx or macs).
+ */
+#define GNUTLS_MAX_ALGORITHM_NUM 16
+#define GNUTLS_COMP_ZLIB GNUTLS_COMP_DEFLATE
+
+ typedef enum
+ {
+ GNUTLS_SERVER = 1,
+ GNUTLS_CLIENT
+ } gnutls_connection_end_t;
+
+ typedef enum
+ {
+ GNUTLS_AL_WARNING = 1,
+ GNUTLS_AL_FATAL
+ } gnutls_alert_level_t;
+
+ typedef enum
+ {
+ GNUTLS_A_CLOSE_NOTIFY,
+ GNUTLS_A_UNEXPECTED_MESSAGE = 10,
+ GNUTLS_A_BAD_RECORD_MAC = 20,
+ GNUTLS_A_DECRYPTION_FAILED,
+ GNUTLS_A_RECORD_OVERFLOW,
+ GNUTLS_A_DECOMPRESSION_FAILURE = 30,
+ GNUTLS_A_HANDSHAKE_FAILURE = 40,
+ GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
+ GNUTLS_A_BAD_CERTIFICATE = 42,
+ GNUTLS_A_UNSUPPORTED_CERTIFICATE,
+ GNUTLS_A_CERTIFICATE_REVOKED,
+ GNUTLS_A_CERTIFICATE_EXPIRED,
+ GNUTLS_A_CERTIFICATE_UNKNOWN,
+ GNUTLS_A_ILLEGAL_PARAMETER,
+ GNUTLS_A_UNKNOWN_CA,
+ GNUTLS_A_ACCESS_DENIED,
+ GNUTLS_A_DECODE_ERROR = 50,
+ GNUTLS_A_DECRYPT_ERROR,
+ GNUTLS_A_EXPORT_RESTRICTION = 60,
+ GNUTLS_A_PROTOCOL_VERSION = 70,
+ GNUTLS_A_INSUFFICIENT_SECURITY,
+ GNUTLS_A_INTERNAL_ERROR = 80,
+ GNUTLS_A_USER_CANCELED = 90,
+ GNUTLS_A_NO_RENEGOTIATION = 100,
+ GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
+ GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
+ GNUTLS_A_UNRECOGNIZED_NAME = 112,
+ GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
+ GNUTLS_A_INNER_APPLICATION_FAILURE = 208,
+ GNUTLS_A_INNER_APPLICATION_VERIFICATION = 209
+ } gnutls_alert_description_t;
+
+ typedef enum
+ { GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
+ GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
+ GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
+ GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
+ GNUTLS_HANDSHAKE_FINISHED = 20,
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23
+ } gnutls_handshake_description_t;
+
+/* Note that the status bits have different meanings
+ * in openpgp keys and x.509 certificate verification.
+ */
+ typedef enum
+ {
+ GNUTLS_CERT_INVALID = 2, /* will be set if the certificate
+ * was not verified.
+ */
+ GNUTLS_CERT_REVOKED = 32, /* in X.509 this will be set only if CRLs are
checked
+ */
+
+ /* Those are extra information about the verification
+ * process. Will be set only if the certificate was
+ * not verified.
+ */
+ GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
+ GNUTLS_CERT_SIGNER_NOT_CA = 128,
+ GNUTLS_CERT_INSECURE_ALGORITHM = 256
+ } gnutls_certificate_status_t;
+
+ typedef enum
+ {
+ GNUTLS_CERT_IGNORE,
+ GNUTLS_CERT_REQUEST = 1,
+ GNUTLS_CERT_REQUIRE
+ } gnutls_certificate_request_t;
+
+ typedef enum
+ { GNUTLS_OPENPGP_CERT,
+ GNUTLS_OPENPGP_CERT_FINGERPRINT
+ } gnutls_openpgp_crt_status_t;
+
+ typedef enum
+ {
+ GNUTLS_SHUT_RDWR = 0,
+ GNUTLS_SHUT_WR = 1
+ } gnutls_close_request_t;
+
+ typedef enum
+ {
+ GNUTLS_X509_FMT_DER,
+ GNUTLS_X509_FMT_PEM
+ } gnutls_x509_crt_fmt_t;
+
+ const char *gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm);
+
+#define GNUTLS_SIGN_RSA_SHA GNUTLS_SIGN_RSA_SHA1
+#define GNUTLS_SIGN_DSA_SHA GNUTLS_SIGN_DSA_SHA1
+ typedef enum
+ {
+ GNUTLS_SIGN_UNKNOWN = 0,
+ GNUTLS_SIGN_RSA_SHA1 = 1,
+ GNUTLS_SIGN_DSA_SHA1,
+ GNUTLS_SIGN_RSA_MD5,
+ GNUTLS_SIGN_RSA_MD2,
+ GNUTLS_SIGN_RSA_RMD160,
+ GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_RSA_SHA512
+ } gnutls_sign_algorithm_t;
+
+ const char *gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t
+ algorithm);
+
+/* If you want to change this, then also change the define in
+ * gnutls_int.h, and recompile.
+ */
+ typedef void * gnutls_transport_ptr_t;
+
+ struct gnutls_session_int;
+ typedef struct gnutls_session_int * gnutls_session_t;
+
+ struct gnutls_dh_params_int;
+ typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
+
+ struct gnutls_x509_privkey_int; /* XXX ugly. */
+ typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t; /* XXX ugly. */
+
+ struct gnutls_priority_st;
+ typedef struct gnutls_priority_st * gnutls_priority_t;
+
+ typedef struct
+ {
+ unsigned char *data;
+ unsigned int size;
+ } gnutls_datum_t;
+
+
+ typedef struct gnutls_params_st
+ {
+ gnutls_params_type_t type;
+ union params
+ {
+ gnutls_dh_params_t dh;
+ gnutls_rsa_params_t rsa_export;
+ } params;
+ int deinit;
+ } gnutls_params_st;
+
+ typedef int gnutls_params_function (gnutls_session_t, gnutls_params_type_t,
+ gnutls_params_st *);
+
+/* internal functions */
+
+ int gnutls_init (gnutls_session_t * session,
+ gnutls_connection_end_t con_end);
+ void gnutls_deinit (gnutls_session_t session);
+#define _gnutls_deinit(x) gnutls_deinit(x)
+
+ int gnutls_bye (gnutls_session_t session, gnutls_close_request_t how);
+
+ int gnutls_handshake (gnutls_session_t session);
+ int gnutls_rehandshake (gnutls_session_t session);
+
+ gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session);
+ int gnutls_alert_send (gnutls_session_t session,
+ gnutls_alert_level_t level,
+ gnutls_alert_description_t desc);
+ int gnutls_alert_send_appropriate (gnutls_session_t session, int err);
+ const char *gnutls_alert_get_name (gnutls_alert_description_t alert);
+
+/* get information on the current session */
+ gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session);
+ gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session);
+ gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session);
+ gnutls_compression_method_t gnutls_compression_get (gnutls_session_t
+ session);
+ gnutls_certificate_type_t gnutls_certificate_type_get (gnutls_session_t
+ session);
+
+ size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm);
+ size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm);
+
+/* the name of the specified algorithms */
+ const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
+ const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
+ const char *gnutls_compression_get_name (gnutls_compression_method_t
+ algorithm);
+ const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm);
+ const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t
+ type);
+
+ gnutls_mac_algorithm_t gnutls_mac_get_id (const char* name);
+ gnutls_compression_method_t gnutls_compression_get_id (const char* name);
+ gnutls_cipher_algorithm_t gnutls_cipher_get_id (const char* name);
+ gnutls_kx_algorithm_t gnutls_kx_get_id (const char* name);
+ gnutls_protocol_t gnutls_protocol_get_id (const char* name);
+ gnutls_certificate_type_t gnutls_certificate_type_get_id (const char* name);
+
+
+ /* list supported algorithms */
+ const gnutls_cipher_algorithm_t *gnutls_cipher_list (void);
+ const gnutls_mac_algorithm_t *gnutls_mac_list (void);
+ const gnutls_compression_method_t *gnutls_compression_list (void);
+ const gnutls_protocol_t *gnutls_protocol_list (void);
+ const gnutls_certificate_type_t *gnutls_certificate_type_list (void);
+ const gnutls_kx_algorithm_t *gnutls_kx_list (void);
+ const char *gnutls_cipher_suite_info (size_t i,
+ char *id,
+ gnutls_kx_algorithm_t *kx,
+ gnutls_cipher_algorithm_t *cipher,
+ gnutls_mac_algorithm_t *mac,
+ gnutls_protocol_t *version);
+
+ /* error functions */
+ int gnutls_error_is_fatal (int error);
+ int gnutls_error_to_alert (int err, int *level);
+
+ void gnutls_perror (int error);
+ const char *gnutls_strerror (int error);
+
+/* Semi-internal functions.
+ */
+ void gnutls_handshake_set_private_extensions (gnutls_session_t session,
+ int allow);
+ gnutls_handshake_description_t
+ gnutls_handshake_get_last_out (gnutls_session_t session);
+ gnutls_handshake_description_t
+ gnutls_handshake_get_last_in (gnutls_session_t session);
+
+/* Record layer functions.
+ */
+ ssize_t gnutls_record_send (gnutls_session_t session, const void *data,
+ size_t sizeofdata);
+ ssize_t gnutls_record_recv (gnutls_session_t session, void *data,
+ size_t sizeofdata);
+#define gnutls_read gnutls_record_recv
+#define gnutls_write gnutls_record_send
+
+ void gnutls_session_enable_compatibility_mode (gnutls_session_t session);
+
+ void gnutls_record_disable_padding (gnutls_session_t session);
+
+ int gnutls_record_get_direction (gnutls_session_t session);
+
+ size_t gnutls_record_get_max_size (gnutls_session_t session);
+ ssize_t gnutls_record_set_max_size (gnutls_session_t session, size_t size);
+
+ size_t gnutls_record_check_pending (gnutls_session_t session);
+
+ int gnutls_prf (gnutls_session_t session,
+ size_t label_size, const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra,
+ size_t outsize, char *out);
+
+ int gnutls_prf_raw (gnutls_session_t session,
+ size_t label_size, const char *label,
+ size_t seed_size, const char *seed,
+ size_t outsize, char *out);
+
+/* TLS Extensions */
+
+ typedef enum
+ {
+ GNUTLS_NAME_DNS = 1
+ } gnutls_server_name_type_t;
+
+ int gnutls_server_name_set (gnutls_session_t session,
+ gnutls_server_name_type_t type,
+ const void *name, size_t name_length);
+
+ int gnutls_server_name_get (gnutls_session_t session,
+ void *data, size_t * data_length,
+ unsigned int *type, unsigned int indx);
+
+ /* Opaque PRF Input
+ * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt
+ */
+
+ void
+ gnutls_oprfi_enable_client (gnutls_session_t session,
+ size_t len,
+ unsigned char *data);
+
+ typedef int (*gnutls_oprfi_callback_func) (gnutls_session_t session,
+ void *userdata,
+ size_t oprfi_len,
+ const unsigned char *in_oprfi,
+ unsigned char *out_oprfi);
+
+ void
+ gnutls_oprfi_enable_server (gnutls_session_t session,
+ gnutls_oprfi_callback_func cb,
+ void *userdata);
+
+ /* Supplemental data, RFC 4680. */
+ typedef enum
+ {
+ GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
+ } gnutls_supplemental_data_format_type_t;
+
+ const char *gnutls_supplemental_get_name
+ (gnutls_supplemental_data_format_type_t type);
+
+/* functions to set priority of cipher suites
+ */
+ int gnutls_cipher_set_priority (gnutls_session_t session, const int *list);
+ int gnutls_mac_set_priority (gnutls_session_t session, const int *list);
+ int gnutls_compression_set_priority (gnutls_session_t session,
+ const int *list);
+ int gnutls_kx_set_priority (gnutls_session_t session, const int *list);
+ int gnutls_protocol_set_priority (gnutls_session_t session,
+ const int *list);
+ int gnutls_certificate_type_set_priority (gnutls_session_t session,
+ const int *list);
+
+/* if you just want some defaults, use the following.
+ */
+ int gnutls_priority_init( gnutls_priority_t * , const char *priority, const
char** err_pos);
+ void gnutls_priority_deinit( gnutls_priority_t);
+
+ int gnutls_priority_set(gnutls_session_t session, gnutls_priority_t);
+ int gnutls_priority_set_direct(gnutls_session_t session, const char
*priority, const char** err_pos);
+
+ /* for compatibility
+ */
+ int gnutls_set_default_priority (gnutls_session_t session);
+ int gnutls_set_default_export_priority (gnutls_session_t session);
+
+/* Returns the name of a cipher suite */
+ const char *gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t
+ kx_algorithm,
+ gnutls_cipher_algorithm_t
+ cipher_algorithm,
+ gnutls_mac_algorithm_t
+ mac_algorithm);
+
+/* get the currently used protocol version */
+ gnutls_protocol_t gnutls_protocol_get_version (gnutls_session_t session);
+
+ const char *gnutls_protocol_get_name (gnutls_protocol_t version);
+
+
+/* get/set session
+ */
+ int gnutls_session_set_data (gnutls_session_t session,
+ const void *session_data,
+ size_t session_data_size);
+ int gnutls_session_get_data (gnutls_session_t session, void *session_data,
+ size_t * session_data_size);
+ int gnutls_session_get_data2 (gnutls_session_t session,
+ gnutls_datum_t * data);
+
+/* returns the session ID */
+#define GNUTLS_MAX_SESSION_ID 32
+ int gnutls_session_get_id (gnutls_session_t session, void *session_id,
+ size_t * session_id_size);
+
+/* returns security values.
+ * Do not use them unless you know what you're doing.
+ */
+#define TLS_MASTER_SIZE 48
+#define TLS_RANDOM_SIZE 32
+ const void *gnutls_session_get_server_random (gnutls_session_t session);
+ const void *gnutls_session_get_client_random (gnutls_session_t session);
+ const void *gnutls_session_get_master_secret (gnutls_session_t session);
+
+/* checks if this session is a resumed one
+ */
+ int gnutls_session_is_resumed (gnutls_session_t session);
+
+ typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
+ gnutls_datum_t data);
+ typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
+ typedef gnutls_datum_t (*gnutls_db_retr_func) (void *, gnutls_datum_t key);
+
+ void gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds);
+
+ void gnutls_db_remove_session (gnutls_session_t session);
+ void gnutls_db_set_retrieve_function (gnutls_session_t session,
+ gnutls_db_retr_func retr_func);
+ void gnutls_db_set_remove_function (gnutls_session_t session,
+ gnutls_db_remove_func rem_func);
+ void gnutls_db_set_store_function (gnutls_session_t session,
+ gnutls_db_store_func store_func);
+ void gnutls_db_set_ptr (gnutls_session_t session, void *ptr);
+ void *gnutls_db_get_ptr (gnutls_session_t session);
+ int gnutls_db_check_entry (gnutls_session_t session,
+ gnutls_datum_t session_entry);
+
+ typedef int (*gnutls_handshake_post_client_hello_func)(gnutls_session_t);
+ void gnutls_handshake_set_post_client_hello_function(gnutls_session_t,
+ gnutls_handshake_post_client_hello_func);
+
+ void gnutls_handshake_set_max_packet_length (gnutls_session_t session,
+ size_t max);
+
+/* returns libgnutls version (call it with a NULL argument)
+ */
+ const char *gnutls_check_version (const char *req_version);
+
+/* Functions for setting/clearing credentials
+ */
+ void gnutls_credentials_clear (gnutls_session_t session);
+
+/* cred is a structure defined by the kx algorithm
+ */
+ int gnutls_credentials_set (gnutls_session_t session,
+ gnutls_credentials_type_t type, void *cred);
+#define gnutls_cred_set gnutls_credentials_set
+
+/* Credential structures - used in gnutls_credentials_set(); */
+
+ struct gnutls_certificate_credentials_st;
+ typedef struct gnutls_certificate_credentials_st
+ *gnutls_certificate_credentials_t;
+ typedef gnutls_certificate_credentials_t
+ gnutls_certificate_server_credentials;
+ typedef gnutls_certificate_credentials_t
+ gnutls_certificate_client_credentials;
+
+ typedef struct gnutls_anon_server_credentials_st
+ *gnutls_anon_server_credentials_t;
+ typedef struct gnutls_anon_client_credentials_st
+ *gnutls_anon_client_credentials_t;
+
+ void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t
sc);
+ int gnutls_anon_allocate_server_credentials
(gnutls_anon_server_credentials_t * sc);
+
+ void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
+ gnutls_dh_params_t dh_params);
+
+ void
+ gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t
+ res,
+ gnutls_params_function * func);
+
+ void gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t
+ sc);
+ int
+ gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t
+ * sc);
+
+/* CERTFILE is an x509 certificate in PEM form.
+ * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
+ */
+ void gnutls_certificate_free_credentials (gnutls_certificate_credentials_t
+ sc);
+ int
+ gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t
+ * res);
+
+ void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc);
+ void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc);
+ void gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc);
+ void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc);
+
+ void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
+ gnutls_dh_params_t dh_params);
+ void
+ gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
+ res,
+ gnutls_rsa_params_t rsa_params);
+ void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
+ res, unsigned int flags);
+ void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
+ res, unsigned int max_bits,
+ unsigned int max_depth);
+
+ int gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t
+ res, const char *CAFILE,
+ gnutls_x509_crt_fmt_t type);
+ int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * CA,
+ gnutls_x509_crt_fmt_t type);
+
+ int gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t
+ res, const char *crlfile,
+ gnutls_x509_crt_fmt_t type);
+ int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * CRL,
+ gnutls_x509_crt_fmt_t type);
+
+ int gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
+ res, const char *CERTFILE,
+ const char *KEYFILE,
+ gnutls_x509_crt_fmt_t type);
+ int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * CERT,
+ const gnutls_datum_t * KEY,
+ gnutls_x509_crt_fmt_t type);
+
+ void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
+ int status);
+
+
+ extern int
+ gnutls_certificate_set_x509_simple_pkcs12_file
+ (gnutls_certificate_credentials_t res, const char *pkcs12file,
+ gnutls_x509_crt_fmt_t type, const char *password);
+
+/* New functions to allow setting already parsed X.509 stuff.
+ */
+ struct gnutls_x509_privkey_int;
+ typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
+
+ struct gnutls_x509_crl_int;
+ typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
+
+ struct gnutls_x509_crt_int;
+ typedef struct gnutls_x509_crt_int * gnutls_x509_crt_t;
+
+ int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey_t key);
+ int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * ca_list,
+ int ca_list_size);
+ int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
+ gnutls_x509_crl_t * crl_list,
+ int crl_list_size);
+
+/* global state functions
+ */
+ int gnutls_global_init (void);
+ void gnutls_global_deinit (void);
+
+ typedef void *(*gnutls_alloc_function) (size_t);
+ typedef void *(*gnutls_calloc_function) (size_t, size_t);
+ typedef int (*gnutls_is_secure_function) (const void *);
+ typedef void (*gnutls_free_function) (void *);
+ typedef void *(*gnutls_realloc_function) (void *, size_t);
+
+ extern void
+ gnutls_global_set_mem_functions (gnutls_alloc_function gt_alloc_func,
+ gnutls_alloc_function
+ gt_secure_alloc_func,
+ gnutls_is_secure_function
+ gt_is_secure_func,
+ gnutls_realloc_function gt_realloc_func,
+ gnutls_free_function gt_free_func);
+
+/* For use in callbacks */
+ extern gnutls_alloc_function gnutls_malloc;
+ extern gnutls_alloc_function gnutls_secure_malloc;
+ extern gnutls_realloc_function gnutls_realloc;
+ extern gnutls_calloc_function gnutls_calloc;
+ extern gnutls_free_function gnutls_free;
+
+ extern char *(*gnutls_strdup) (const char *);
+
+ typedef void (*gnutls_log_func) (int, const char *);
+ void gnutls_global_set_log_function (gnutls_log_func log_func);
+ void gnutls_global_set_log_level (int level);
+
+/* Diffie Hellman parameter handling.
+ */
+ int gnutls_dh_params_init (gnutls_dh_params_t * dh_params);
+ void gnutls_dh_params_deinit (gnutls_dh_params_t dh_params);
+ int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
+ const gnutls_datum_t * prime,
+ const gnutls_datum_t * generator);
+ int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
+ const gnutls_datum_t * pkcs3_params,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_dh_params_generate2 (gnutls_dh_params_t params,
+ unsigned int bits);
+ int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size);
+ int gnutls_dh_params_export_raw (gnutls_dh_params_t params,
+ gnutls_datum_t * prime,
+ gnutls_datum_t * generator,
+ unsigned int *bits);
+ int gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src);
+
+
+/* RSA params
+ */
+ int gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params);
+ void gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params);
+ int gnutls_rsa_params_cpy (gnutls_rsa_params_t dst,
+ gnutls_rsa_params_t src);
+ int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u);
+ int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params,
+ unsigned int bits);
+ int gnutls_rsa_params_export_raw (gnutls_rsa_params_t params,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ unsigned int *bits);
+ int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size);
+ int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
+ const gnutls_datum_t * pkcs1_params,
+ gnutls_x509_crt_fmt_t format);
+
+/* Session stuff
+ */
+ typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
+ size_t);
+ typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
+ size_t);
+ void gnutls_transport_set_ptr (gnutls_session_t session,
+ gnutls_transport_ptr_t ptr);
+ void gnutls_transport_set_ptr2 (gnutls_session_t session,
+ gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr);
+
+ gnutls_transport_ptr_t gnutls_transport_get_ptr (gnutls_session_t session);
+ void gnutls_transport_get_ptr2 (gnutls_session_t session,
+ gnutls_transport_ptr_t * recv_ptr,
+ gnutls_transport_ptr_t * send_ptr);
+
+ void gnutls_transport_set_lowat (gnutls_session_t session, int num);
+
+
+ void gnutls_transport_set_push_function (gnutls_session_t session,
+ gnutls_push_func push_func);
+ void gnutls_transport_set_pull_function (gnutls_session_t session,
+ gnutls_pull_func pull_func);
+
+ void gnutls_transport_set_errno (gnutls_session_t session, int err);
+ void gnutls_transport_set_global_errno (int err);
+
+/* session specific
+ */
+ void gnutls_session_set_ptr (gnutls_session_t session, void *ptr);
+ void *gnutls_session_get_ptr (gnutls_session_t session);
+
+ void gnutls_openpgp_send_cert (gnutls_session_t session,
+ gnutls_openpgp_crt_status_t status);
+
+/* fingerprint
+ * Actually this function returns the hash of the given data.
+ */
+ int gnutls_fingerprint (gnutls_digest_algorithm_t algo,
+ const gnutls_datum_t * data, void *result,
+ size_t * result_size);
+
+
+/* SRP
+ */
+
+ typedef struct gnutls_srp_server_credentials_st
+ *gnutls_srp_server_credentials_t;
+ typedef struct gnutls_srp_client_credentials_st
+ *gnutls_srp_client_credentials_t;
+
+ void gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t
+ sc);
+ int gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t
+ * sc);
+ int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
+ const char *username, const char
*password);
+
+ void gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t
+ sc);
+ int gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t
+ * sc);
+ int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t
+ res, const char *password_file,
+ const char *password_conf_file);
+
+ const char *gnutls_srp_server_get_username (gnutls_session_t session);
+
+ extern int gnutls_srp_verifier (const char *username,
+ const char *password,
+ const gnutls_datum_t * salt,
+ const gnutls_datum_t * generator,
+ const gnutls_datum_t * prime,
+ gnutls_datum_t * res);
+
+/* The static parameters defined in draft-ietf-tls-srp-05
+ * Those should be used as input to gnutls_srp_verifier().
+ */
+ extern const gnutls_datum_t gnutls_srp_2048_group_prime;
+ extern const gnutls_datum_t gnutls_srp_2048_group_generator;
+
+ extern const gnutls_datum_t gnutls_srp_1536_group_prime;
+ extern const gnutls_datum_t gnutls_srp_1536_group_generator;
+
+ extern const gnutls_datum_t gnutls_srp_1024_group_prime;
+ extern const gnutls_datum_t gnutls_srp_1024_group_generator;
+
+ typedef int gnutls_srp_server_credentials_function (gnutls_session_t,
+ const char *username,
+ gnutls_datum_t * salt,
+ gnutls_datum_t *
+ verifier,
+ gnutls_datum_t *
+ generator,
+ gnutls_datum_t * prime);
+ void
+ gnutls_srp_set_server_credentials_function
+ (gnutls_srp_server_credentials_t cred,
+ gnutls_srp_server_credentials_function * func);
+
+ typedef int gnutls_srp_client_credentials_function (gnutls_session_t,
+ char **, char **);
+ void
+ gnutls_srp_set_client_credentials_function
+ (gnutls_srp_client_credentials_t cred,
+ gnutls_srp_client_credentials_function * func);
+
+ int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
+ size_t * result_size);
+ int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
+ gnutls_datum_t * result);
+
+ int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
+ size_t * result_size);
+ int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result);
+
+/* PSK stuff */
+ typedef struct gnutls_psk_server_credentials_st
+ *gnutls_psk_server_credentials_t;
+ typedef struct gnutls_psk_client_credentials_st
+ *gnutls_psk_client_credentials_t;
+
+ typedef enum gnutls_psk_key_flags
+ {
+ GNUTLS_PSK_KEY_RAW = 0,
+ GNUTLS_PSK_KEY_HEX
+ } gnutls_psk_key_flags;
+
+ void gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t
+ sc);
+ int gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t
+ * sc);
+ int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
+ const char *username,
+ const gnutls_datum_t * key,
+ gnutls_psk_key_flags format);
+
+ void gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t
+ sc);
+ int gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t
+ * sc);
+ int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
+ res, const char *password_file);
+
+ const char *gnutls_psk_server_get_username (gnutls_session_t session);
+
+ typedef int gnutls_psk_server_credentials_function (gnutls_session_t,
+ const char *username,
+ gnutls_datum_t * key);
+ void
+ gnutls_psk_set_server_credentials_function
+ (gnutls_psk_server_credentials_t cred,
+ gnutls_psk_server_credentials_function * func);
+
+ typedef int gnutls_psk_client_credentials_function (gnutls_session_t,
+ char **username,
+ gnutls_datum_t * key);
+ void
+ gnutls_psk_set_client_credentials_function
+ (gnutls_psk_client_credentials_t cred,
+ gnutls_psk_client_credentials_function * func);
+
+ int gnutls_hex_encode (const gnutls_datum_t * data, char *result,
+ size_t * result_size);
+ int gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
+ size_t * result_size);
+
+ void gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
+ gnutls_dh_params_t dh_params);
+
+ void gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t
+ res,
+ gnutls_params_function * func);
+
+ typedef enum gnutls_x509_subject_alt_name_t
+ {
+ GNUTLS_SAN_DNSNAME = 1,
+ GNUTLS_SAN_RFC822NAME,
+ GNUTLS_SAN_URI,
+ GNUTLS_SAN_IPADDRESS,
+ GNUTLS_SAN_OTHERNAME,
+ GNUTLS_SAN_DN,
+ /* The following are "virtual" subject alternative name types, in
+ that they are represented by an otherName value and an OID.
+ Used by gnutls_x509_crt_get_subject_alt_othername_oid(). */
+ GNUTLS_SAN_OTHERNAME_XMPP = 1000
+ } gnutls_x509_subject_alt_name_t;
+
+ struct gnutls_openpgp_crt_int;
+ typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
+
+ struct gnutls_openpgp_privkey_int;
+ typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
+
+ typedef struct gnutls_retr_st
+ {
+ gnutls_certificate_type_t type;
+ union cert
+ {
+ gnutls_x509_crt_t *x509;
+ gnutls_openpgp_crt_t pgp;
+ } cert;
+ unsigned int ncerts; /* one for pgp keys */
+
+ union key
+ {
+ gnutls_x509_privkey_t x509;
+ gnutls_openpgp_privkey_t pgp;
+ } key;
+
+ unsigned int deinit_all; /* if non zero all keys will be deinited */
+ } gnutls_retr_st;
+
+ typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t,
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs,
+ const
+ gnutls_pk_algorithm_t
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_retr_st *);
+ typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t,
+ gnutls_retr_st *);
+
+
+ /* Functions that allow auth_info_t structures handling
+ */
+
+ gnutls_credentials_type_t gnutls_auth_get_type (gnutls_session_t session);
+ gnutls_credentials_type_t
+ gnutls_auth_server_get_type (gnutls_session_t session);
+ gnutls_credentials_type_t
+ gnutls_auth_client_get_type (gnutls_session_t session);
+
+ /* DH */
+
+ void gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits);
+ int gnutls_dh_get_secret_bits (gnutls_session_t session);
+ int gnutls_dh_get_peers_public_bits (gnutls_session_t session);
+ int gnutls_dh_get_prime_bits (gnutls_session_t session);
+
+ int gnutls_dh_get_group (gnutls_session_t session, gnutls_datum_t * raw_gen,
+ gnutls_datum_t * raw_prime);
+ int gnutls_dh_get_pubkey (gnutls_session_t session,
+ gnutls_datum_t * raw_key);
+
+ /* RSA */
+ int gnutls_rsa_export_get_pubkey (gnutls_session_t session,
+ gnutls_datum_t * exponent,
+ gnutls_datum_t * modulus);
+ int gnutls_rsa_export_get_modulus_bits (gnutls_session_t session);
+
+ /* X509PKI */
+
+ /* External signing callback. Experimental. */
+ typedef int (*gnutls_sign_func) (gnutls_session_t session,
+ void *userdata,
+ gnutls_certificate_type_t cert_type,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
+
+ void gnutls_sign_callback_set (gnutls_session_t session,
+ gnutls_sign_func sign_func,
+ void *userdata);
+ gnutls_sign_func
+ gnutls_sign_callback_get (gnutls_session_t session,
+ void **userdata);
+
+ /* These are set on the credentials structure.
+ */
+ void gnutls_certificate_client_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_client_retrieve_function * func);
+ void gnutls_certificate_server_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_server_retrieve_function * func);
+
+ void gnutls_certificate_server_set_request (gnutls_session_t session,
+ gnutls_certificate_request_t
+ req);
+
+ /* get data from the session
+ */
+ const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t
+ session,
+ unsigned int
+ *list_size);
+ const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t
+ session);
+
+ time_t gnutls_certificate_activation_time_peers (gnutls_session_t session);
+ time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session);
+
+ int gnutls_certificate_client_get_request_status (gnutls_session_t session);
+ int gnutls_certificate_verify_peers2 (gnutls_session_t session,
+ unsigned int *status);
+
+ /* this is obsolete (?). */
+ int gnutls_certificate_verify_peers (gnutls_session_t session);
+
+ int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
+ char *result, size_t * result_size);
+ int gnutls_pem_base64_decode (const char *header,
+ const gnutls_datum_t * b64_data,
+ unsigned char *result, size_t * result_size);
+
+ int gnutls_pem_base64_encode_alloc (const char *msg,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * result);
+ int gnutls_pem_base64_decode_alloc (const char *header,
+ const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result);
+
+ int gnutls_global_init (void);
+
+ /* key_usage will be an OR of the following values:
+ */
+
+ /* when the key is to be used for signing: */
+#define GNUTLS_KEY_DIGITAL_SIGNATURE 128
+#define GNUTLS_KEY_NON_REPUDIATION 64
+ /* when the key is to be used for encryption: */
+#define GNUTLS_KEY_KEY_ENCIPHERMENT 32
+#define GNUTLS_KEY_DATA_ENCIPHERMENT 16
+#define GNUTLS_KEY_KEY_AGREEMENT 8
+#define GNUTLS_KEY_KEY_CERT_SIGN 4
+#define GNUTLS_KEY_CRL_SIGN 2
+#define GNUTLS_KEY_ENCIPHER_ONLY 1
+#define GNUTLS_KEY_DECIPHER_ONLY 32768
+
+ void
+ gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res,
+ gnutls_params_function * func);
+ void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
+ gnutls_params_function * func);
+ void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
+ gnutls_params_function * func);
+
+ /* Gnutls error codes. The mapping to a TLS alert is also shown in
+ * comments.
+ */
+
+#define GNUTLS_E_SUCCESS 0
+#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
+#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
+#define GNUTLS_E_LARGE_PACKET -7
+#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
+#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
+#define GNUTLS_E_INVALID_SESSION -10
+#define GNUTLS_E_FATAL_ALERT_RECEIVED -12
+#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
+#define GNUTLS_E_WARNING_ALERT_RECEIVED -16
+#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
+#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
+#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /*
GNUTLS_A_HANDSHAKE_FAILURE */
+#define GNUTLS_E_UNWANTED_ALGORITHM -22
+#define GNUTLS_E_MPI_SCAN_FAILED -23
+#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED,
GNUTLS_A_BAD_RECORD_MAC */
+#define GNUTLS_E_MEMORY_ERROR -25
+#define GNUTLS_E_DECOMPRESSION_FAILED -26 /*
GNUTLS_A_DECOMPRESSION_FAILURE */
+#define GNUTLS_E_COMPRESSION_FAILED -27
+#define GNUTLS_E_AGAIN -28
+#define GNUTLS_E_EXPIRED -29
+#define GNUTLS_E_DB_ERROR -30
+#define GNUTLS_E_SRP_PWD_ERROR -31
+#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
+#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS
/* for backwards compatibility only */
+#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
+#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for
backwards compatibility only */
+
+#define GNUTLS_E_HASH_FAILED -33
+#define GNUTLS_E_BASE64_DECODING_ERROR -34
+
+#define GNUTLS_E_MPI_PRINT_FAILED -35
+#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
+#define GNUTLS_E_GOT_APPLICATION_DATA -38
+#define GNUTLS_E_RECORD_LIMIT_REACHED -39
+#define GNUTLS_E_ENCRYPTION_FAILED -40
+
+#define GNUTLS_E_PK_ENCRYPTION_FAILED -44
+#define GNUTLS_E_PK_DECRYPTION_FAILED -45
+#define GNUTLS_E_PK_SIGN_FAILED -46
+#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
+#define GNUTLS_E_KEY_USAGE_VIOLATION -48
+#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
+#define GNUTLS_E_INVALID_REQUEST -50
+#define GNUTLS_E_SHORT_MEMORY_BUFFER -51
+#define GNUTLS_E_INTERRUPTED -52
+#define GNUTLS_E_PUSH_ERROR -53
+#define GNUTLS_E_PULL_ERROR -54
+#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /*
GNUTLS_A_ILLEGAL_PARAMETER */
+#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
+#define GNUTLS_E_PKCS1_WRONG_PAD -57
+#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
+#define GNUTLS_E_INTERNAL_ERROR -59
+#define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
+#define GNUTLS_E_FILE_ERROR -64
+#define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
+#define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
+
+
+ /* returned if libextra functionality was requested but
+ * gnutls_global_init_extra() was not called.
+ */
+#define GNUTLS_E_INIT_LIBEXTRA -82
+#define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83
+
+
+ /* returned if you need to generate temporary RSA
+ * parameters. These are needed for export cipher suites.
+ */
+#define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
+
+#define GNUTLS_E_LZO_INIT_FAILED -85
+#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
+#define GNUTLS_E_NO_CIPHER_SUITES -87
+
+#define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
+#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
+
+#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
+#define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
+#define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
+
+ /* For certificate and key stuff
+ */
+#define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
+#define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
+#define GNUTLS_E_ASN1_DER_ERROR -69
+#define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
+#define GNUTLS_E_ASN1_GENERIC_ERROR -71
+#define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
+#define GNUTLS_E_ASN1_TAG_ERROR -73
+#define GNUTLS_E_ASN1_TAG_IMPLICIT -74
+#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
+#define GNUTLS_E_ASN1_SYNTAX_ERROR -76
+#define GNUTLS_E_ASN1_DER_OVERFLOW -77
+#define GNUTLS_E_OPENPGP_UID_REVOKED -79
+#define GNUTLS_E_CERTIFICATE_ERROR -43
+#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
+#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
+#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /*
GNUTLS_A_UNSUPPORTED_CERTIFICATE */
+#define GNUTLS_E_X509_UNKNOWN_SAN -62
+#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
+#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
+#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
+#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
+#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
+#define GNUTLS_E_INVALID_PASSWORD -99
+#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
+#define GNUTLS_E_CONSTRAINT_ERROR -101
+
+#define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
+#define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
+
+#define GNUTLS_E_IA_VERIFY_FAILED -104
+
+#define GNUTLS_E_UNKNOWN_ALGORITHM -105
+
+#define GNUTLS_E_BASE64_ENCODING_ERROR -201
+#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
+#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
+#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
+
+#define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
+#define GNUTLS_E_X509_UNSUPPORTED_OID -205
+
+#define GNUTLS_E_RANDOM_FAILED -206
+#define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
+
+
+#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
+
+#define GNUTLS_E_APPLICATION_ERROR_MAX -65000
+#define GNUTLS_E_APPLICATION_ERROR_MIN -65500
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GNUTLS_H */
Property changes on: libmicrohttpd/src/daemon/https/gnutls.h
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Deleted: libmicrohttpd/src/daemon/https/https_common.c
===================================================================
--- libmicrohttpd/src/daemon/https/https_common.c 2008-07-17 22:09:55 UTC
(rev 7445)
+++ libmicrohttpd/src/daemon/https/https_common.c 2008-07-18 03:53:27 UTC
(rev 7446)
@@ -1,702 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software
Foundation
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * GNUTLS is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * GNUTLS is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <gnutls.h>
-#include <extra.h>
-#include <time.h>
-#include "https_common.h"
-
-#define TEST_STRING
-#define SU(x) (x!=NULL?x:"Unknown")
-
-// TODO clean - originaly from tls_test extern int verbose;
-int print_cert;
-int verbose = 0;
-
-static char buffer[5 * 1024];
-
-#define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y)
-#define PRINT_PGP_NAME(X) PRINTX( "NAME:", name)
-
-const char str_unknown[] = "(unknown)";
-
-/* Hex encodes the given data.
- */
-const char *
-raw_to_string (const unsigned char *raw, size_t raw_size)
-{
- static char buf[1024];
- size_t i;
- if (raw_size == 0)
- return NULL;
-
- if (raw_size * 3 + 1 >= sizeof (buf))
- return NULL;
-
- for (i = 0; i < raw_size; i++)
- {
- sprintf (&(buf[i * 3]), "%02X%s", raw[i], (i == raw_size - 1) ? ""
- : ":");
- }
- buf[sizeof (buf) - 1] = '\0';
-
- return buf;
-}
-
-static const char *
-my_ctime (const time_t * tv)
-{
- static char buf[256];
- struct tm *tp;
-
- if (((tp = localtime (tv)) == NULL) || (!strftime (buf, sizeof buf,
- "%a %b %e %H:%M:%S %Z
%Y\n",
- tp)))
- strcpy (buf, str_unknown); /* make sure buf text isn't garbage */
-
- return buf;
-
-}
-
-void
-print_x509_info (gnutls_session_t session, const char *hostname)
-{
- gnutls_x509_crt_t crt;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- int ret;
- char digest[20];
- char serial[40];
- char dn[256];
- size_t dn_size;
- size_t digest_size = sizeof (digest);
- unsigned int j;
- size_t serial_size = sizeof (serial);
- const char *print;
- const char *cstr;
- unsigned int bits, algo;
- time_t expiret, activet;
-
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
-
- if (cert_list_size == 0)
- {
- fprintf (stderr, "No certificates found!\n");
- return;
- }
-
- printf (" - Got a certificate list of %d certificates.\n\n",
- cert_list_size);
-
- for (j = 0; j < (unsigned int) cert_list_size; j++)
- {
-
- gnutls_x509_crt_init (&crt);
- ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
- return;
- }
-
- printf (" - Certificate[%d] info:\n", j);
-
- if (print_cert)
- {
- size_t size;
-
- size = sizeof (buffer);
-
- ret =
- gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, buffer, &size);
- if (ret < 0)
- {
- fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
- return;
- }
- fputs ("\n", stdout);
- fputs (buffer, stdout);
- fputs ("\n", stdout);
- }
-
- if (j == 0 && hostname != NULL)
- { /* Check the hostname of the first certificate
- * if it matches the name of the host we
- * connected to.
- */
- if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
- {
- printf
- (" # The hostname in the certificate does NOT match '%s'.\n",
- hostname);
- }
- else
- {
- printf (" # The hostname in the certificate matches '%s'.\n",
- hostname);
- }
- }
-
- expiret = gnutls_x509_crt_get_expiration_time (crt);
- activet = gnutls_x509_crt_get_activation_time (crt);
-
- printf (" # valid since: %s", my_ctime (&activet));
- printf (" # expires at: %s", my_ctime (&expiret));
-
- /* Print the serial number of the certificate.
- */
- if (verbose
- && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0)
- {
- print = raw_to_string (serial, serial_size);
- if (print != NULL)
- printf (" # serial number: %s\n", print);
- }
-
- /* Print the fingerprint of the certificate
- */
- digest_size = sizeof (digest);
- if ((ret = gnutls_x509_crt_get_fingerprint (crt, GNUTLS_DIG_MD5, digest,
- &digest_size)) < 0)
- {
- fprintf (stderr,
- "Error in fingerprint calculation: %s\n",
- gnutls_strerror (ret));
- }
- else
- {
- print = raw_to_string (digest, digest_size);
- if (print != NULL)
- printf (" # fingerprint: %s\n", print);
- }
-
- /* Print the version of the X.509
- * certificate.
- */
- if (verbose)
- {
- printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt));
-
- bits = 0;
- algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits);
- printf (" # public key algorithm: ");
-
- cstr = SU (gnutls_pk_algorithm_get_name (algo));
- printf ("%s (%d bits)\n", cstr, bits);
-
-#ifdef ENABLE_PKI
- if (algo == GNUTLS_PK_RSA)
- {
- gnutls_datum_t e, m;
-
- ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e);
- if (ret >= 0)
- {
- print = SU (raw_to_string (e.data, e.size));
- printf (" # e [%d bits]: %s\n", e.size * 8, print);
-
- print = SU (raw_to_string (m.data, m.size));
- printf (" # m [%d bits]: %s\n", m.size * 8, print);
-
- gnutls_free (e.data);
- gnutls_free (m.data);
- }
- }
-#endif
- }
-
- dn_size = sizeof (dn);
- ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size);
- if (ret >= 0)
- printf (" # Subject's DN: %s\n", dn);
-
- dn_size = sizeof (dn);
- ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size);
- if (ret >= 0)
- printf (" # Issuer's DN: %s\n", dn);
-
- gnutls_x509_crt_deinit (crt);
-
- printf ("\n");
-
- }
-
-}
-
-#if ENABLE_OPENPGP
-void
-print_openpgp_info (gnutls_session_t session, const char *hostname)
-{
-
- char digest[20];
- size_t digest_size = sizeof (digest);
- int ret;
- const char *print;
- const char *cstr;
- char name[256];
- size_t name_len = sizeof (name);
- gnutls_openpgp_crt_t crt;
- const gnutls_datum_t *cert_list;
- int cert_list_size = 0;
- time_t expiret;
- time_t activet;
-
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
-
- if (cert_list_size > 0)
- {
- unsigned int algo, bits;
-
- gnutls_openpgp_crt_init (&crt);
- ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
- GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
- return;
- }
-
- if (print_cert)
- {
- size_t size;
-
- size = sizeof (buffer);
-
- ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
- buffer, &size);
- if (ret < 0)
- {
- fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
- return;
- }
- fputs ("\n", stdout);
- fputs (buffer, stdout);
- fputs ("\n", stdout);
- }
-
- if (hostname != NULL)
- { /* Check the hostname of the first certificate
- * if it matches the name of the host we
- * connected to.
- */
- if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
- {
- printf (" # The hostname in the key does NOT match '%s'.\n",
- hostname);
- }
- else
- {
- printf (" # The hostname in the key matches '%s'.\n", hostname);
- }
- }
-
- activet = gnutls_openpgp_crt_get_creation_time (crt);
- expiret = gnutls_openpgp_crt_get_expiration_time (crt);
-
- printf (" # Key was created at: %s", my_ctime (&activet));
- printf (" # Key expires: ");
- if (expiret != 0)
- printf ("%s", my_ctime (&expiret));
- else
- printf ("Never\n");
-
- if (gnutls_openpgp_crt_get_fingerprint (crt, digest, &digest_size) >= 0)
- {
- print = raw_to_string (digest, digest_size);
-
- printf (" # PGP Key version: %d\n",
- gnutls_openpgp_crt_get_version (crt));
-
- bits = 0;
- algo = gnutls_openpgp_crt_get_pk_algorithm (crt, &bits);
-
- printf (" # PGP Key public key algorithm: ");
- cstr = SU (gnutls_pk_algorithm_get_name (algo));
- printf ("%s (%d bits)\n", cstr, bits);
-
- if (print != NULL)
- printf (" # PGP Key fingerprint: %s\n", print);
-
- name_len = sizeof (name);
- if (gnutls_openpgp_crt_get_name (crt, 0, name, &name_len) < 0)
- {
- fprintf (stderr, "Could not extract name\n");
- }
- else
- {
- PRINT_PGP_NAME (name);
- }
-
- }
-
- gnutls_openpgp_crt_deinit (crt);
-
- }
-}
-#endif
-
-void
-print_cert_vrfy (gnutls_session_t session)
-{
- int rc;
- unsigned int status;
-
- rc = gnutls_certificate_verify_peers2 (session, &status);
- printf ("\n");
-
- if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- printf ("- Peer did not send any certificate.\n");
- return;
- }
-
- if (rc < 0)
- {
- printf ("- Could not verify certificate (err: %s)\n",
- gnutls_strerror (rc));
- return;
- }
-
- if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
- {
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- printf ("- Peer's certificate issuer is unknown\n");
- if (status & GNUTLS_CERT_INVALID)
- printf ("- Peer's certificate is NOT trusted\n");
- else
- printf ("- Peer's certificate is trusted\n");
- }
- else
- {
- if (status & GNUTLS_CERT_INVALID)
- printf ("- Peer's key is invalid\n");
- else
- printf ("- Peer's key is valid\n");
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- printf ("- Could not find a signer of the peer's key\n");
- }
-}
-
-int
-print_info (gnutls_session_t session, const char *hostname)
-{
- const char *tmp;
- gnutls_credentials_type_t cred;
- gnutls_kx_algorithm_t kx;
-
- /* print the key exchange's algorithm name
- */
- kx = gnutls_kx_get (session);
-
- cred = gnutls_auth_get_type (session);
- switch (cred)
- {
-#ifdef ENABLE_ANON
- case GNUTLS_CRD_ANON:
- printf ("- Anonymous DH using prime of %d bits, secret key "
- "of %d bits, and peer's public key is %d bits.\n",
- gnutls_dh_get_prime_bits (session),
- gnutls_dh_get_secret_bits (session),
- gnutls_dh_get_peers_public_bits (session));
- break;
-#endif
-#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:
- /* This should be only called in server
- * side.
- */
- if (gnutls_srp_server_get_username (session) != NULL)
- printf ("- SRP authentication. Connected as '%s'\n",
- gnutls_srp_server_get_username (session));
- break;
-#endif
-#ifdef ENABLE_PSK
- case GNUTLS_CRD_PSK:
- /* This should be only called in server
- * side.
- */
- if (gnutls_psk_server_get_username (session) != NULL)
- printf ("- PSK authentication. Connected as '%s'\n",
- gnutls_psk_server_get_username (session));
- if (kx == GNUTLS_KX_DHE_PSK)
- {
- printf ("- DH using prime of %d bits, secret key "
- "of %d bits, and peer's public key is %d bits.\n",
- gnutls_dh_get_prime_bits (session),
- gnutls_dh_get_secret_bits (session),
- gnutls_dh_get_peers_public_bits (session));
- }
- break;
-#endif
- case GNUTLS_CRD_IA:
- printf ("- TLS/IA authentication\n");
- break;
- case GNUTLS_CRD_CERTIFICATE:
- {
- char dns[256];
- size_t dns_size = sizeof (dns);
- unsigned int type;
-
- /* This fails in client side */
- if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
- {
- printf ("- Given server name[%d]: %s\n", type, dns);
- }
- }
-
- if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
- {
- printf ("- Ephemeral DH using prime of %d bits, secret key "
- "of %d bits, and peer's public key is %d bits.\n",
- gnutls_dh_get_prime_bits (session),
- gnutls_dh_get_secret_bits (session),
- gnutls_dh_get_peers_public_bits (session));
- }
-
- print_cert_info (session, hostname);
-
- print_cert_vrfy (session);
-
- }
-
- tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
- printf ("- Version: %s\n", tmp);
-
- tmp = SU (gnutls_kx_get_name (kx));
- printf ("- Key Exchange: %s\n", tmp);
-
- tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
- printf ("- Cipher: %s\n", tmp);
-
- tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
- printf ("- MAC: %s\n", tmp);
-
- tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
- printf ("- Compression: %s\n", tmp);
-
- if (verbose)
- {
- char id[32];
- size_t id_size = sizeof (id);
- gnutls_session_get_id (session, id, &id_size);
- printf ("- Session ID: %s\n", raw_to_string (id, id_size));
- }
-
- fflush (stdout);
-
- return 0;
-}
-
-void
-print_cert_info (gnutls_session_t session, const char *hostname)
-{
-
- if (gnutls_certificate_client_get_request_status (session) != 0)
- printf ("- Server has requested a certificate.\n");
-
- printf ("- Certificate type: ");
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_X509:
- printf ("X.509\n");
- print_x509_info (session, hostname);
- break;
-#if ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- printf ("OpenPGP\n");
- print_openpgp_info (session, hostname);
- break;
-#endif
- }
-}
-
-void
-print_list (int verbose)
-{
- {
- size_t i;
- const char *name;
- char id[2];
- gnutls_kx_algorithm_t kx;
- gnutls_cipher_algorithm_t cipher;
- gnutls_mac_algorithm_t mac;
- gnutls_protocol_t version;
-
- printf ("Cipher suites:\n");
- for (i = 0; (name = gnutls_cipher_suite_info (i, id, &kx, &cipher, &mac,
- &version)); i++)
- {
- printf ("%-50s\t0x%02x, 0x%02x\t%s\n", name, (unsigned char) id[0],
- (unsigned char) id[1], gnutls_protocol_get_name (version));
- if (verbose)
- printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
- gnutls_kx_get_name (kx), gnutls_cipher_get_name (cipher),
- gnutls_mac_get_name (mac));
- }
- }
-
- {
- const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
-
- printf ("Certificate types: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_certificate_type_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_protocol_t *p = gnutls_protocol_list ();
-
- printf ("Protocols: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_protocol_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
-
- printf ("Ciphers: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_cipher_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
-
- printf ("MACs: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_mac_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
-
- printf ("Key exchange algorithms: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_kx_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-
- {
- const gnutls_compression_method_t *p = gnutls_compression_list ();
-
- printf ("Compression: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_compression_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
-}
-
-void
-print_license (void)
-{
- fputs ("\nCopyright (C) 2004,2005,2006,2007 Free Software Foundation\n"
- "This program is free software; you can redistribute it and/or modify
\n"
- "it under the terms of the GNU General Public License as published by
\n"
- "the Free Software Foundation; either version 3 of the License, or \n"
- "(at your option) any later version. \n" "\n"
- "This program is distributed in the hope that it will be useful, \n"
- "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
- "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
- "GNU General Public License for more details. \n" "\n"
- "You should have received a copy of the GNU General Public License \n"
- "along with this program; if not, write to the Free Software \n"
- "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n",
- stdout);
-}
-
-void
-sockets_init (void)
-{
-#ifdef _WIN32
- WORD wVersionRequested;
- WSADATA wsaData;
-
- wVersionRequested = MAKEWORD (1, 1);
- if (WSAStartup (wVersionRequested, &wsaData) != 0)
- {
- perror ("WSA_STARTUP_ERROR");
- }
-#endif
-}
-
-/* converts a service name or a port (in string) to a
- * port number. The protocol is assumed to be TCP.
- *
- * returns -1 on error;
- */
-int
-service_to_port (const char *service)
-{
- int port;
- struct servent *server_port;
-
- port = atoi (service);
- if (port != 0)
- return port;
-
- server_port = getservbyname (service, "tcp");
- if (server_port == NULL)
- {
- perror ("getservbyname()");
- return (-1);
- }
-
- return ntohs (server_port->s_port);
-
-}
Deleted: libmicrohttpd/src/daemon/https/https_common.h
===================================================================
--- libmicrohttpd/src/daemon/https/https_common.h 2008-07-17 22:09:55 UTC
(rev 7445)
+++ libmicrohttpd/src/daemon/https/https_common.h 2008-07-18 03:53:27 UTC
(rev 7446)
@@ -1,40 +0,0 @@
-#define PORT 5556
-#define SERVER "127.0.0.1"
-
-#include <config.h>
-#include <gnutls.h>
-
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#ifdef _WIN32
-# include <io.h>
-# include <winbase.h>
-# define close closesocket
-#else
-# include <netinet/in.h>
-# include <unistd.h>
-# include <netdb.h>
-# include <signal.h>
-#endif
-
-/* the number of elements in the priority structures.
- */
-#define PRI_MAX 16
-
-extern const char str_unknown[];
-
-int print_info (gnutls_session_t state, const char *hostname);
-void print_cert_info (gnutls_session_t state, const char *hostname);
-void print_list (int verbose);
-
-void parse_comp (char **comp, int ncomp, int *comp_priority);
-void parse_kx (char **kx, int nkx, int *kx_priority);
-void parse_ctypes (char **ctype, int nctype, int *cert_type_priority);
-void parse_macs (char **macs, int nmacs, int *mac_priority);
-void parse_ciphers (char **ciphers, int nciphers, int *cipher_priority);
-void parse_protocols (char **protocols, int protocols_size,
- int *protocol_priority);
-const char *raw_to_string (const unsigned char *raw, size_t raw_size);
-int service_to_port (const char *service);
-
-void sockets_init (void);
Modified: libmicrohttpd/src/daemon/https/openpgp/Makefile.am
===================================================================
--- libmicrohttpd/src/daemon/https/openpgp/Makefile.am 2008-07-17 22:09:55 UTC
(rev 7445)
+++ libmicrohttpd/src/daemon/https/openpgp/Makefile.am 2008-07-18 03:53:27 UTC
(rev 7446)
@@ -2,7 +2,7 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
--I$(top_srcdir)/src/daemon/https/includes \
+-I$(top_srcdir)/src/daemon/https \
-I$(top_srcdir)/src/daemon/https/lgl \
-I$(top_srcdir)/src/daemon/https/x509 \
-I$(top_srcdir)/src/daemon/https/tls \
Modified: libmicrohttpd/src/daemon/https/tls/Makefile.am
===================================================================
--- libmicrohttpd/src/daemon/https/tls/Makefile.am 2008-07-17 22:09:55 UTC
(rev 7445)
+++ libmicrohttpd/src/daemon/https/tls/Makefile.am 2008-07-18 03:53:27 UTC
(rev 7446)
@@ -3,12 +3,12 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
-I$(top_srcdir)/src/daemon/ \
+-I$(top_srcdir)/src/daemon/https \
-I$(top_srcdir)/src/daemon/https/tls \
-I$(top_srcdir)/src/daemon/https/lgl \
-I$(top_srcdir)/src/daemon/https/x509 \
-I$(top_srcdir)/src/daemon/https/openpgp \
-I$(top_srcdir)/src/daemon/https/opencdk \
--I$(top_srcdir)/src/daemon/https/includes \
-I$(GCRYPT_CPPFLAGS)
noinst_LTLIBRARIES = libtls.la
Modified: libmicrohttpd/src/daemon/https/x509/Makefile.am
===================================================================
--- libmicrohttpd/src/daemon/https/x509/Makefile.am 2008-07-17 22:09:55 UTC
(rev 7445)
+++ libmicrohttpd/src/daemon/https/x509/Makefile.am 2008-07-18 03:53:27 UTC
(rev 7446)
@@ -1,7 +1,7 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
--I$(top_srcdir)/src/daemon/https/includes \
+-I$(top_srcdir)/src/daemon/https \
-I$(top_srcdir)/src/daemon/https/minitasn1 \
-I$(top_srcdir)/src/daemon/https/lgl \
-I$(top_srcdir)/src/daemon/https/x509 \
Property changes on: libmicrohttpd/src/examples
___________________________________________________________________
Name: svn:ignore
- .deps
.libs
X.509
Makefile
https_server_example
querystring_example
Makefile.in
minimal_example
fileserver_example
fileserver_example_external_select
https_echo_server_example.c
https_echo_client_example.c
+ .deps
.libs
X.509
Makefile
https_server_example
querystring_example
Makefile.in
minimal_example
fileserver_example
fileserver_example_external_select
https_echo_server_example.c
https_echo_client_example.c
authorization_example
Modified: libmicrohttpd/src/examples/Makefile.am
===================================================================
--- libmicrohttpd/src/examples/Makefile.am 2008-07-17 22:09:55 UTC (rev
7445)
+++ libmicrohttpd/src/examples/Makefile.am 2008-07-18 03:53:27 UTC (rev
7446)
@@ -2,7 +2,7 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
--I$(top_srcdir)/src/daemon/https/includes
+-I$(top_srcdir)/src/daemon/https
# example programs
noinst_PROGRAMS = \
@@ -43,9 +43,5 @@
https_server_example_SOURCES = \
https_server_example.c
-https_server_example_CPPFLAGS = \
- -I$(top_srcdir)/src/daemon/https/includes \
- -I$(top_srcdir)/src/daemon \
- -I$(top_srcdir)/src/include
https_server_example_LDADD = \
$(top_builddir)/src/daemon/libmicrohttpd.la
Modified: libmicrohttpd/src/examples/authorization_example.c
===================================================================
--- libmicrohttpd/src/examples/authorization_example.c 2008-07-17 22:09:55 UTC
(rev 7445)
+++ libmicrohttpd/src/examples/authorization_example.c 2008-07-18 03:53:27 UTC
(rev 7446)
@@ -51,7 +51,7 @@
struct MHD_Response *response;
int ret;
int code;
- const char * auth;
+ const char *auth;
if (0 != strcmp (method, "GET"))
return MHD_NO; /* unexpected method */
@@ -62,25 +62,24 @@
return MHD_YES;
}
*ptr = NULL; /* reset when done */
- auth = MHD_lookup_connection_value(connection,
- MHD_HEADER_KIND,
- MHD_HTTP_HEADER_AUTHORIZATION);
- if ( (auth == NULL) ||
- (0 != strcmp(auth,
- "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==") ) )
+ auth = MHD_lookup_connection_value (connection,
+ MHD_HEADER_KIND,
+ MHD_HTTP_HEADER_AUTHORIZATION);
+ if ((auth == NULL) ||
+ (0 != strcmp (auth, "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==")))
{
/* require: "Aladdin" with password "open sesame" */
response = MHD_create_response_from_data (strlen (DENIED),
- (void *) DENIED, MHD_NO,
MHD_NO);
- MHD_add_response_header(response,
- MHD_HTTP_HEADER_WWW_AUTHENTICATE,
- "Basic realm=\"TestRealm\"");
+ (void *) DENIED, MHD_NO,
+ MHD_NO);
+ MHD_add_response_header (response, MHD_HTTP_HEADER_WWW_AUTHENTICATE,
+ "Basic realm=\"TestRealm\"");
code = MHD_HTTP_UNAUTHORIZED;
}
else
{
response = MHD_create_response_from_data (strlen (me),
- (void *) me, MHD_NO, MHD_NO);
+ (void *) me, MHD_NO, MHD_NO);
code = MHD_HTTP_OK;
}
ret = MHD_queue_response (connection, code, response);
Modified: libmicrohttpd/src/examples/https_server_example.c
===================================================================
--- libmicrohttpd/src/examples/https_server_example.c 2008-07-17 22:09:55 UTC
(rev 7445)
+++ libmicrohttpd/src/examples/https_server_example.c 2008-07-18 03:53:27 UTC
(rev 7446)
@@ -18,13 +18,15 @@
*/
/**
* @file https_server_example.c
- * @brief a simple https file server using TLS.
+ * @brief a simple HTTPS file server using TLS.
*
- * This example assumes the existence of a private key file named "key.pem"
- * and a server certificate file named "cert.pem". File path for these should
be
- * provided as command-line arguments. 'certtool' may be used to generate
these if
- * missing.
+ * Server may be supplied either with included hard coded certificates or using
+ * external ones, which are to be supplied through command line arguments.
+ * A private key file named "key.pem" and a server certificate file named
"cert.pem".
+ * are necessary to run the server in this way.
*
+ * 'certtool' may be used to generate these if required.
+ *
* Access server with your browser of choice or with curl :
*
* curl --insecure --tlsv1 --ciphers AES256-SHA <url>
@@ -33,7 +35,7 @@
*/
#include "config.h"
-#include <microhttpd.h>
+#include <microhttpsd.h>
#include <sys/stat.h>
#include <stdlib.h>
@@ -167,8 +169,7 @@
if (argc < 5)
{
printf
- ("Usage : %s HTTP-PORT SECONDS-TO-RUN HTTPS-PORT KEY-FILE CERT-FILE\n",
- argv[0]);
+ ("Usage : %s HTTP-PORT SECONDS-TO-RUN KEY-FILE CERT-FILE\n", argv[0]);
return 1;
}
Modified: libmicrohttpd/src/include/microhttpsd.h
===================================================================
--- libmicrohttpd/src/include/microhttpsd.h 2008-07-17 22:09:55 UTC (rev
7445)
+++ libmicrohttpd/src/include/microhttpsd.h 2008-07-18 03:53:27 UTC (rev
7446)
@@ -133,6 +133,7 @@
gnutls_protocol_t protocol;
gnutls_certificate_type_t certificate_type;
gnutls_pk_algorithm_t pk_algorithm;
+ int null_info;
};
enum MHD_InfoType
@@ -146,7 +147,7 @@
MHD_INFO_CERT_TYPE,
};
-union MHD_SessionInfo MHD_get_session_info (struct MHD_Connection *con,
+union MHD_SessionInfo MHD_get_tls_session_info (struct MHD_Connection *con,
enum MHD_InfoType infoType);
//TODO impl
Property changes on: libmicrohttpd/src/testcurl
___________________________________________________________________
Name: svn:ignore
+ daemontest_put11
daemontest_put_chunked
daemontest_put
daemontest_large_put11
daemontest_postform11
daemontest_postform
daemontest_post
gmon.out
daemontest_large_put
daemontest_get
daemontest_post_loop11
daemontest_post11
daemontest_get_chunked
daemontest_long_header
daemontest_post_loop
daemontest_get11
Modified: libmicrohttpd/src/testcurl/Makefile.am
===================================================================
--- libmicrohttpd/src/testcurl/Makefile.am 2008-07-17 22:09:55 UTC (rev
7445)
+++ libmicrohttpd/src/testcurl/Makefile.am 2008-07-18 03:53:27 UTC (rev
7446)
@@ -5,7 +5,7 @@
endif
AM_CPPFLAGS = \
--I$(top_srcdir)/src/daemon/https/includes \
+-I$(top_srcdir)/src/daemon/https \
-I$(top_srcdir)/src/daemon \
-I$(top_srcdir)/src/include
Property changes on: libmicrohttpd/src/testcurl/https
___________________________________________________________________
Name: svn:ignore
+ mhds_get_test
mhds_test_session_info
gmon.out
mhds_session_info_test
mhds_multi_daemon_test
valgrind.out
tls_authentication_test
Modified: libmicrohttpd/src/testcurl/https/Makefile.am
===================================================================
--- libmicrohttpd/src/testcurl/https/Makefile.am 2008-07-17 22:09:55 UTC
(rev 7445)
+++ libmicrohttpd/src/testcurl/https/Makefile.am 2008-07-18 03:53:27 UTC
(rev 7446)
@@ -2,18 +2,27 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
--I$(top_srcdir)/src/daemon/https/includes \
+-I$(top_srcdir)/src/daemon/https \
+-I$(top_srcdir)/src/daemon/https/tls \
+-I$(top_srcdir)/src/daemon/https/lgl \
+-I$(top_srcdir)/src/daemon/https/x509 \
-I$(top_srcdir)/src/daemon
check_PROGRAMS = \
+ mhds_get_test \
tls_authentication_test \
- mhds_get_test \
- mhds_session_info_test \
- mhds_multi_daemon_test
-
+ mhds_multi_daemon_test \
+ mhds_session_info_test
+
TESTS = $(check_PROGRAMS)
+tls_alert_test_SOURCES = \
+ tls_alert_test.c
+tls_alert_test_LDADD = \
+ $(top_builddir)/src/daemon/libmicrohttpd.la \
+ @LIBCURL@
+
tls_authentication_test_SOURCES = \
tls_authentication_test.c
tls_authentication_test_LDADD = \
Modified: libmicrohttpd/src/testcurl/https/mhds_get_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/mhds_get_test.c 2008-07-17 22:09:55 UTC
(rev 7445)
+++ libmicrohttpd/src/testcurl/https/mhds_get_test.c 2008-07-18 03:53:27 UTC
(rev 7446)
@@ -235,7 +235,8 @@
MHD_USE_DEBUG, 42433,
NULL, NULL, &http_ahc, NULL,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_END);
if (d == NULL)
{
@@ -255,11 +256,14 @@
int ret;
struct MHD_Daemon *d;
FILE *cert_fd, *key_fd;
- char cert_path[255], key_path[255];
+ char cert_path[255], key_path[255], *cur_dir;
- sprintf (cert_path, "%s/%s", get_current_dir_name (), "cert.pem");
- sprintf (key_path, "%s/%s", get_current_dir_name (), "key.pem");
+ cur_dir = get_current_dir_name ();
+ sprintf (cert_path, "%s/%s", cur_dir, "cert.pem");
+ sprintf (key_path, "%s/%s", cur_dir, "key.pem");
+
+
if (NULL == (key_fd = fopen (key_path, "w+")))
{
fprintf (stderr, MHD_E_KEY_FILE_CREAT);
@@ -272,7 +276,8 @@
}
fwrite (srv_key_pem, strlen (srv_key_pem), sizeof (char), key_fd);
- fwrite (srv_self_signed_cert_pem, strlen (srv_self_signed_cert_pem), sizeof
(char), cert_fd);
+ fwrite (srv_self_signed_cert_pem, strlen (srv_self_signed_cert_pem),
+ sizeof (char), cert_fd);
fclose (key_fd);
fclose (cert_fd);
@@ -292,6 +297,7 @@
ret = test_daemon_get (test_fd, cipher_suite, proto_version);
MHD_stop_daemon (d);
+ free (cur_dir);
remove (cert_path);
remove (key_path);
return ret;
@@ -412,6 +418,8 @@
FILE *test_fd;
unsigned int errorCount = 0;
+ // gnutls_global_set_log_level(11);
+
if ((test_fd = setupTestFile ()) == NULL)
{
fprintf (stderr, MHD_E_TEST_FILE_CREAT);
@@ -420,18 +428,16 @@
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
- fprintf (stderr, "Error (code: %u)\n", errorCount);
+ fprintf (stderr, "Error: %s\n", strerror (errno));
return -1;
}
errorCount +=
test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
-
errorCount +=
test_secure_get (test_fd, "AES256-SHA", CURL_SSLVERSION_SSLv3);
errorCount +=
test_file_certificates (test_fd, "AES256-SHA", CURL_SSLVERSION_TLSv1);
-
/* TODO resolve cipher setting issue when compiling against GNU TLS */
errorCount +=
test_cipher_option (test_fd, "DES-CBC3-SHA", CURL_SSLVERSION_SSLv3);
@@ -439,9 +445,6 @@
test_kx_option (test_fd, "EDH-RSA-DES-CBC3-SHA", CURL_SSLVERSION_SSLv3);
- if (errorCount != 0)
- fprintf (stderr, "Error (code: %u)\n", errorCount);
-
curl_global_cleanup ();
fclose (test_fd);
Modified: libmicrohttpd/src/testcurl/https/mhds_multi_daemon_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/mhds_multi_daemon_test.c 2008-07-17
22:09:55 UTC (rev 7445)
+++ libmicrohttpd/src/testcurl/https/mhds_multi_daemon_test.c 2008-07-18
03:53:27 UTC (rev 7446)
@@ -236,7 +236,8 @@
MHD_USE_DEBUG, 42433,
NULL, NULL, &http_ahc, NULL,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_END);
if (d1 == NULL)
{
@@ -248,7 +249,8 @@
MHD_USE_DEBUG, 42434,
NULL, NULL, &http_ahc, NULL,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_END);
if (d2 == NULL)
{
Modified: libmicrohttpd/src/testcurl/https/mhds_session_info_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/mhds_session_info_test.c 2008-07-17
22:09:55 UTC (rev 7445)
+++ libmicrohttpd/src/testcurl/https/mhds_session_info_test.c 2008-07-18
03:53:27 UTC (rev 7446)
@@ -75,54 +75,61 @@
int ret;
/* assert actual connection cipher is the one negotiated */
- if (MHD_get_session_info (connection,MHS_INFO_CIPHER_ALGO).cipher_algorithm
!= GNUTLS_CIPHER_AES_256_CBC)
+ if (MHD_get_tls_session_info (connection, MHS_INFO_CIPHER_ALGO).
+ cipher_algorithm != GNUTLS_CIPHER_AES_256_CBC)
{
fprintf (stderr, "Error: requested cipher mismatch. %s\n",
strerror (errno));
return -1;
}
- if (MHD_get_session_info (connection,MHD_INFO_KX_ALGO).kx_algorithm !=
GNUTLS_KX_RSA)
- {
- fprintf (stderr, "Error: requested key exchange mismatch. %s\n",
- strerror (errno));
- return -1;
- }
+ if (MHD_get_tls_session_info (connection, MHD_INFO_KX_ALGO).kx_algorithm !=
+ GNUTLS_KX_RSA)
+ {
+ fprintf (stderr, "Error: requested key exchange mismatch. %s\n",
+ strerror (errno));
+ return -1;
+ }
- if (MHD_get_session_info (connection,MHD_INFO_MAC_ALGO).mac_algorithm !=
GNUTLS_MAC_SHA1)
+ if (MHD_get_tls_session_info (connection, MHD_INFO_MAC_ALGO).
+ mac_algorithm != GNUTLS_MAC_SHA1)
{
fprintf (stderr, "Error: requested mac algorithm mismatch. %s\n",
strerror (errno));
return -1;
}
- if (MHD_get_session_info
(connection,MHD_INFO_COMPRESSION_METHOD).compression_method != GNUTLS_COMP_NULL)
+ if (MHD_get_tls_session_info (connection, MHD_INFO_COMPRESSION_METHOD).
+ compression_method != GNUTLS_COMP_NULL)
{
fprintf (stderr, "Error: requested compression mismatch. %s\n",
strerror (errno));
return -1;
}
- if (MHD_get_session_info (connection,MHD_INFO_PROTOCOL).protocol !=
GNUTLS_SSL3)
- {
- fprintf (stderr, "Error: requested compression mismatch. %s\n",
- strerror (errno));
- return -1;
- }
+ if (MHD_get_tls_session_info (connection, MHD_INFO_PROTOCOL).protocol !=
+ GNUTLS_SSL3)
+ {
+ fprintf (stderr, "Error: requested compression mismatch. %s\n",
+ strerror (errno));
+ return -1;
+ }
- if (MHD_get_session_info (connection,MHD_INFO_CERT_TYPE).certificate_type !=
GNUTLS_CRT_X509)
+ if (MHD_get_tls_session_info (connection, MHD_INFO_CERT_TYPE).
+ certificate_type != GNUTLS_CRT_X509)
{
fprintf (stderr, "Error: requested certificate mismatch. %s\n",
strerror (errno));
return -1;
}
- if (MHD_get_session_info
(connection,MHD_INFO_CREDENTIALS_TYPE).credentials_type !=
GNUTLS_CRD_CERTIFICATE)
- {
- fprintf (stderr, "Error: requested certificate mismatch. %s\n",
- strerror (errno));
- return -1;
- }
+ if (MHD_get_tls_session_info (connection, MHD_INFO_CREDENTIALS_TYPE).
+ credentials_type != GNUTLS_CRD_CERTIFICATE)
+ {
+ fprintf (stderr, "Error: requested certificate mismatch. %s\n",
+ strerror (errno));
+ return -1;
+ }
response = MHD_create_response_from_data (strlen (EMPTY_PAGE),
(void *) EMPTY_PAGE,
@@ -154,7 +161,8 @@
MHD_USE_DEBUG, 42433,
NULL, NULL, &query_session_ahc, NULL,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
- MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_END);
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_END);
if (d == NULL)
return 2;
Added: libmicrohttpd/src/testcurl/https/tls_alert_test.c
===================================================================
--- libmicrohttpd/src/testcurl/https/tls_alert_test.c
(rev 0)
+++ libmicrohttpd/src/testcurl/https/tls_alert_test.c 2008-07-18 03:53:27 UTC
(rev 7446)
@@ -0,0 +1,188 @@
+/*
+ This file is part of libmicrohttpd
+ (C) 2007 Christian Grothoff
+
+ libmicrohttpd is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 2, or (at your
+ option) any later version.
+
+ libmicrohttpd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with libmicrohttpd; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+ */
+
+/**
+ * @file mhds_get_test.c
+ * @brief Testcase for libmicrohttpd HTTPS GET operations
+ * @author Sagie Amir
+ */
+
+#include "config.h"
+#include "plibc.h"
+#include "microhttpsd.h"
+#include <errno.h>
+
+#include <curl/curl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+
+#define MHD_E_MEM "Error: memory error\n"
+#define MHD_E_SERVER_INIT "Error: failed to start server\n"
+
+#include "gnutls_int.h"
+#include "gnutls_datum.h"
+#include "tls_test_keys.h"
+
+const char *ca_cert_file_name = "ca_cert_pem";
+const char *test_file_name = "https_test_file";
+const char test_file_data[] = "Hello World\n";
+
+struct CBC
+{
+ char *buf;
+ size_t pos;
+ size_t size;
+};
+
+static int
+file_reader (void *cls, size_t pos, char *buf, int max)
+{
+ FILE *file = cls;
+ fseek (file, pos, SEEK_SET);
+ return fread (buf, 1, max, file);
+}
+
+/* HTTP access handler call back */
+static int
+http_ahc (void *cls, struct MHD_Connection *connection,
+ const char *url, const char *method, const char *upload_data,
+ const char *version, unsigned int *upload_data_size, void **ptr)
+{
+ return 0;
+}
+
+static int
+test_alert_response ()
+{
+
+
+ int sd, ret;
+ char *err_pos;
+ struct sockaddr_in sa;
+ gnutls_priority_t priority_cache;
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t xcred;
+
+
+ gnutls_global_init ();
+
+ gnutls_datum_t key;
+ gnutls_datum_t cert;
+
+
+ gnutls_certificate_allocate_credentials (&xcred);
+
+ _gnutls_set_datum_m (&key, srv_key_pem, strlen (srv_key_pem), &malloc);
+ _gnutls_set_datum_m (&cert, srv_self_signed_cert_pem,
+ strlen (srv_self_signed_cert_pem), &malloc);
+
+ gnutls_certificate_set_x509_key_mem (xcred, &cert, &key,
+ GNUTLS_X509_FMT_PEM);
+
+ ret = gnutls_priority_init (&priority_cache,
+
"NONE:+VERS-TLS1.0:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL",
+ &err_pos);
+ if (ret < 0)
+ {
+ // ...
+ }
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+
+ sd = socket (AF_INET, SOCK_STREAM, 0);
+ memset (&sa, '\0', sizeof (struct sockaddr_in));
+ sa.sin_family = AF_INET;
+ sa.sin_port = htons (42433);
+ inet_pton (AF_INET, "127.0.0.1", &sa.sin_addr);
+
+ ret = connect (sd, &sa, sizeof (struct sockaddr_in));
+
+ if (ret < 0)
+ {
+ // ...
+ }
+
+ ret = gnutls_handshake (session);
+
+ if (ret < 0)
+ {
+ // ...
+ }
+
+ gnutls_alert_send (session, GNUTLS_AL_FATAL, GNUTLS_A_CLOSE_NOTIFY);
+
+ /* check server responds with a 'close-notify' */
+ _gnutls_recv_int (session, GNUTLS_ALERT, GNUTLS_HANDSHAKE_FINISHED, 0, 0);
+
+ /* CLOSE_NOTIFY */
+ if (session->internals.last_alert != GNUTLS_A_CLOSE_NOTIFY)
+ {
+ return -1;
+ }
+
+ close (sd);
+
+ gnutls_deinit (session);
+
+ gnutls_certificate_free_credentials (xcred);
+
+ gnutls_global_deinit ();
+
+ return 0;
+
+}
+
+
+
+int
+main (int argc, char *const *argv)
+{
+ int ret, errorCount = 0;;
+ struct MHD_Daemon *d;
+
+ d = MHD_start_daemon (MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL |
+ MHD_USE_DEBUG, 42433,
+ NULL, NULL, &http_ahc, NULL,
+ MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
+ MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
+ MHD_OPTION_END);
+
+ if (d == NULL)
+ {
+ fprintf (stderr, MHD_E_SERVER_INIT);
+ return -1;
+ }
+
+ errorCount += test_alert_response ();
+
+ if (errorCount != 0)
+ fprintf (stderr, "Error (code: %u)\n", errorCount);
+
+ MHD_stop_daemon (d);
+ return errorCount != 0;
+}
Property changes on: libmicrohttpd/src/testcurl/https/tls_alert_test.c
___________________________________________________________________
Name: svn:mime-type
+ text/plain
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r7446 - in libmicrohttpd: . src/daemon src/daemon/https src/daemon/https/openpgp src/daemon/https/tls src/daemon/https/x509 src/examples src/include src/testcurl src/testcurl/https,
gnunet <=