[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_7-13-ga3285
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_7-13-ga32853d |
|
Date: |
Tue, 15 Mar 2011 22:44:40 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=a32853d3da525ceb4211e869b6dfa4e5a469e7c8
The branch, gnutls_2_12_x has been updated
via a32853d3da525ceb4211e869b6dfa4e5a469e7c8 (commit)
via a7e2d0836f52d4fb641aae20c91def82973653a7 (commit)
via fb263ce0282f989d2af4a55c67ddb1f1790bea15 (commit)
from 9c1e792b98084471c53a682f282009233e1c63a8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a32853d3da525ceb4211e869b6dfa4e5a469e7c8
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Mar 15 23:42:52 2011 +0100
Test openpgp authentication with DSA-2048 bit keys as well.
commit a7e2d0836f52d4fb641aae20c91def82973653a7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Mar 15 23:22:36 2011 +0100
gnutls_openpgp_crt_get_auth_subkey() will no longer return an unsupported
subkey.
commit fb263ce0282f989d2af4a55c67ddb1f1790bea15
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Mar 15 22:18:53 2011 +0100
Corrected verification of DSA-2048 keys. Reported by address@hidden
-----------------------------------------------------------------------
Summary of changes:
lib/openpgp/pgp.c | 9 +-
lib/x509/verify.c | 11 +-
tests/openpgpself.c | 381 ++++++++++++++++++++++++++++++++++-----------------
3 files changed, 271 insertions(+), 130 deletions(-)
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index efef9d2..9d25adc 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -388,7 +388,7 @@ gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
* For DSA the bits returned are of the public exponent.
*
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
- * success, or a negative value on error.
+ * success, or GNUTLS_PK_UNKNOWN on error.
**/
gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
@@ -850,7 +850,7 @@ gnutls_openpgp_crt_get_subkey_revoked_status
(gnutls_openpgp_crt_t key,
* For DSA the bits returned are of the public exponent.
*
* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
- * success, or a negative value on error.
+ * success, or GNUTLS_PK_UNKNOWN on error.
*
* Since: 2.4.0
**/
@@ -1646,7 +1646,10 @@ gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t
crt,
*/
for (i = 0; i < subkeys; i++)
{
-
+ ret = gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, i, NULL);
+ if (ret == GNUTLS_PK_UNKNOWN)
+ continue;
+
ret = gnutls_openpgp_crt_get_subkey_revoked_status (crt, i);
if (ret != 0) /* it is revoked. ignore it */
continue;
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 4c2ada7..4d1c782 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -797,10 +797,14 @@ dsa_verify_sig (const gnutls_datum_t * text,
opaque _digest[MAX_HASH_SIZE];
gnutls_datum_t digest;
digest_hd_st hd;
+ gnutls_digest_algorithm_t algo;
+
+ algo = _gnutls_dsa_q_to_hash (params[1]);
if (hash)
{
- if (!hash->data || hash->size != 20)
+ /* SHA1 or better allowed */
+ if (!hash->data || hash->size != _gnutls_hash_get_algo_len(algo))
{
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
@@ -809,7 +813,8 @@ dsa_verify_sig (const gnutls_datum_t * text,
}
else
{
- ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+
+ ret = _gnutls_hash_init (&hd, algo);
if (ret < 0)
{
gnutls_assert ();
@@ -820,7 +825,7 @@ dsa_verify_sig (const gnutls_datum_t * text,
_gnutls_hash_deinit (&hd, _digest);
digest.data = _digest;
- digest.size = 20;
+ digest.size = _gnutls_hash_get_algo_len(algo);
}
ret = _gnutls_dsa_verify (&digest, signature, params, params_len);
diff --git a/tests/openpgpself.c b/tests/openpgpself.c
index e3f2c9f..bbaf61d 100644
--- a/tests/openpgpself.c
+++ b/tests/openpgpself.c
@@ -100,12 +100,14 @@ static unsigned char key_txt[] =
"AAULBwoDBAMVAwIDFgIBAheAAAoJEDUUXOqn2Tw/llgAnjBPQdWxIqBCQGlcI2K/\n"
"gLkZR1ARAJ9kaAeJYERc0bV/vlm0ot7UDdr+bQ==\n"
"=4M0W\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
+
const gnutls_datum_t key = { key_txt, sizeof (key_txt) };
+
static void
client (void)
{
- int ret, sd, ii;
+ int ret, sd, ii, j;
gnutls_session_t session;
char buffer[MAX_BUF + 1];
gnutls_certificate_credentials_t xcred;
@@ -114,7 +116,7 @@ client (void)
gnutls_global_set_log_function (tls_log_func);
if (debug)
- gnutls_global_set_log_level (2);
+ gnutls_global_set_log_level (5);
gnutls_certificate_allocate_credentials (&xcred);
@@ -124,87 +126,95 @@ client (void)
success ("Setting key files...\n");
ret = gnutls_certificate_set_openpgp_key_mem (xcred, &cert, &key,
- GNUTLS_OPENPGP_FMT_BASE64);
+
GNUTLS_OPENPGP_FMT_BASE64);
if (ret < 0)
{
fail ("Could not set key files...\n");
+ return;
}
- /* Initialize TLS session
- */
- gnutls_init (&session, GNUTLS_CLIENT);
+ for (j = 0; j < 2; j++)
+ {
- /* Use default priorities */
- gnutls_set_default_priority (session);
- /* put the x509 credentials to the current session
- */
- gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
+ /* Initialize TLS session
+ */
+ gnutls_init (&session, GNUTLS_CLIENT);
- /* connect to the peer
- */
- if (debug)
- success ("Connecting...\n");
- sd = tcp_connect ();
+ /* Use default priorities */
+ gnutls_priority_set_direct (session, "NORMAL", NULL);
- gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);
- /* Perform the TLS handshake
- */
- ret = gnutls_handshake (session);
+ /* connect to the peer
+ */
+ if (debug)
+ success ("Connecting...\n");
+ sd = tcp_connect ();
- if (ret < 0)
- {
- fail ("client: Handshake failed\n");
- gnutls_perror (ret);
- goto end;
- }
- else if (debug)
- {
- success ("client: Handshake was completed\n");
- }
+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
- if (debug)
- success ("client: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake (session);
- /* see the Getting peer's information example */
- if (debug)
- print_info (session);
+ if (ret < 0)
+ {
+ fail ("client: Handshake %d failed\n", j);
+ gnutls_perror (ret);
+ goto end;
+ }
+ else if (debug)
+ {
+ success ("client: Handshake %d was completed\n", j);
+ }
- gnutls_record_send (session, MSG, strlen (MSG));
+ if (debug)
+ success ("client: TLS version is: %s\n",
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
- if (ret == 0)
- {
+ /* see the Getting peer's information example */
if (debug)
- success ("client: Peer has closed the TLS connection\n");
- goto end;
- }
- else if (ret < 0)
- {
- fail ("client: Error: %s\n", gnutls_strerror (ret));
- goto end;
- }
+ print_info (session);
- if (debug)
- {
- printf ("- Received %d bytes: ", ret);
- for (ii = 0; ii < ret; ii++)
+ gnutls_record_send (session, MSG, strlen (MSG));
+
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+ if (ret == 0)
{
- fputc (buffer[ii], stdout);
+ if (debug)
+ success ("client: Peer has closed the TLS connection\n");
+ goto end;
+ }
+ else if (ret < 0)
+ {
+ fail ("client: Error: %s\n", gnutls_strerror (ret));
+ goto end;
+ }
+
+ if (debug)
+ {
+ printf ("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ {
+ fputc (buffer[ii], stdout);
+ }
+ fputs ("\n", stdout);
}
- fputs ("\n", stdout);
- }
- gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ gnutls_bye (session, GNUTLS_SHUT_RDWR);
-end:
- tcp_close (sd);
+ tcp_close (sd);
- gnutls_deinit (session);
+ gnutls_deinit (session);
+
+ }
+
+end:
gnutls_certificate_free_credentials (xcred);
@@ -232,7 +242,7 @@ initialize_tls_session (void)
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
- gnutls_set_default_priority (session);
+ gnutls_priority_set_direct (session, "NORMAL", NULL);
gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, pgp_cred);
@@ -345,6 +355,111 @@ static unsigned char server_key_txt[] =
"=mZnW\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
const gnutls_datum_t server_key = { server_key_txt, sizeof (server_key_txt) };
+static unsigned char cert2048_txt[] =
+"-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+"Version: GnuPG v1.4.10 (GNU/Linux)\n"
+"Comment: Test key for GnuTLS\n"
+"\n"
+"mQMuBE1/6bQRCAD8TQlwbkkX3bLJvemSA/BqT/z0OrJsuXKFQqK5Pp0BRTwC4iCg\n"
+"wnUFrr012up66YTzaA0aQpkf48gqxZ1XTGZtZ13+aAArChqKiffR7OS+BnROd+D3\n"
+"NkPF0tWDAqRFsybIej1GcdSyPw+neExSfoeYzNpUW9oX2iLh5QZC/xt++kE8tOr8\n"
+"BXiDW/+rudjf8Rc0ZI10vi12rb64eYd7szE49crS2YsjqarnncN+J7RX3jSifKrZ\n"
+"XqP/F5s/0a1Nfd4xQU2fsnbQwiIuKTQjU6BHD/2ILnhZImEUn4KqZvbEt6yIJiLy\n"
+"u+KerhTiuAhl+sx2DQf3EVxD8EpCwzFqXtF3AQD9Nf9OFJ2Cchwuz8Q5VDBoRFhP\n"
+"4p/hGWqAsmRSZlxdQQf/Q5R15CMDtCrZnuSeptfgdZUfB0gi0aYeKE2TWto5JEVP\n"
+"i24IXSF2l1qF9IM2i9Fv7FBwZuLQj6s+vOsq0TSATvaTGdCpvqKOCHKBZtfqD/rv\n"
+"XJ5o3oEOtDzXdxrW1f8yVbSeWRGT2iNDPNYCnz4d+njAK1q21Qs1TRC/MKPP2EqB\n"
+"fjy7VE0k4mFCOCLqfEnEh5hmBzegNo6+pq/i7VHuDG/w6oMUILsf+IM+JlRqeTtJ\n"
+"iDDj6yVxBdW/0jSn8Wb2CeJ+S9Jf8zLeOaxtNuD9MbRG4KjnGzmh256FpA3S8E6x\n"
+"ffx7LdqHGkIPEf9wFY5+7C70fbfLvIbYcFf6UdGofAf+I/NtpVMVm1ZbINIcky24\n"
+"T0Y8NtYY4UsGaq5Lv+YQZc8DzGvjTCUMVcfPTn0g2C2l/nv3H+Po5QOjXgCGmq2U\n"
+"NtoJ/GYr/lrN0j7GCLXWyJCWpAv0VqkzFX5HtiuC1/3R8ONpb0wtGcKaVPYm3jZM\n"
+"fZLKlqG+yZABldKgVOoTmvWEsGQhP+OKho8grmiaAqOVHSfd9qofMH/V53wH03JB\n"
+"E5BqdQR6mP2Jq/q8OLlg8VrlSWLi+0dFP1QrNN0u87UBQ9FtpYnRnF0k/3tFdTQL\n"
+"GfjE9BdBO3vwSPg8EEQKUDxgeL5RoQT1ANi/iXBxfYoULVNQysTPwXIg9YauTU0f\n"
+"V7QJbG9jYWxob3N0iHoEExEIACIFAk1/6bQCGyMGCwkIBwMCBhUIAgkKCwQWAgMB\n"
+"Ah4BAheAAAoJEHv/KcoLO9+4imwA/3z+QK0W9yffh/yFKRYYyfyLyF+q/ECKhXn8\n"
+"fb4TUc9CAP9fGN3pHujv2Upk9d3igY2w7jIuO78PA8dRfIKs5QEXFrkDLgRNf+m0\n"
+"EQgAqJc+Kyx+F5Ol4nTQlddVhw0sLUeM+bOWvxIiZUSjkwFQ4Qu32a1JelJ8ne12\n"
+"pBIwvXA9/oa/JyDh14iFoxO4u1aBJUheVo0yeRupjo92gU6bwbLTZHJlTqRo0vne\n"
+"dYpPCnVez5CNSJB9TMugZLygG4/WO3zcBjLgkR/wrebb3tKAmS/RMUuBpFxGjNnL\n"
+"MZOzCqB4LPFQECErOWpg6ddwLXwtP4VjaBE9RYP1uVP1Bhyc28LMQjQW1l5vzVcN\n"
+"0DQmyBA6WX2QBeiVrALrxGq1CdcACIyYw6zzch6J2pB5IumH+IOHQMc4r67dZjIS\n"
+"ISS8T9Xit251J0ssilw4m3rZzwEApK4jhYn2R1KS2ihLlb+7h01YVcUA1sG6Kj4s\n"
+"Oxk3zlEH/RWZurelE5gMT6M3GGe6WTkE1PEBtlnvZvMQu+rllxe/rIQkp5JkHOjP\n"
+"tEX/Wi68ET7yMKDjIQq9joFnRI70scPf3a2MHwc0OL7PGdf13PUmUwOwlqcP4Rme\n"
+"kA2MpDDl9Qn9pT40fUZLoR0lVusJNbrC8fW9MIcg/JAFp7U/zxnbZUESTF0+k486\n"
+"bF6q5QK4kaHjoUOvzX0encs+0xY7tAY+cSgQkn37z2G/K5OUMQXUQ7hQ+LRvQNM/\n"
+"qXRjwsBuW+4D+4bglGLJxT9PINiZ8cgbfCF6E9B+QmsY7KSVYYB955LsCi+8G/tq\n"
+"wdmHDYAKV9OXZfb54UKqLh3R0JkdMpEH/0rPbsxhwFXLE+ixAs5HTu0ILXwj6uCR\n"
+"9PGBR6skB8ONfaXAtq+92O/4aegCxbC9SNWuTvYBKkBdMGSGcO7LwvwjUA2kujEV\n"
+"66In56DCQJS+K19AR+fRYPro8+MavAQlirEK1uOjidoKykVziqO7B6Z4DAaZZBDP\n"
+"h8HwYANauwlfapGuZ5/rLPNCFi5VEJjX/9t0ECCgPOOEK8qWA5ljw35K6W/3CVX7\n"
+"hKNflAx1BGBr0GfrJo/EsneeBEsKPk/hge5uPr+wkDqdXq/7qxCSHhT3OQpiOW65\n"
+"dyBX/44XAVQaWtf6DJc84nWDYsCgscEZzGAUyBY8Fw9S7We5OFLNcYWIwQQYEQgA\n"
+"CQUCTX/ptAIbIgBqCRB7/ynKCzvfuF8gBBkRCAAGBQJNf+m0AAoJEEPv0WrPxcc9\n"
+"aJwA/0zWQ0RfRhlC1nbf7ISEOF36WQjslGKXjf6z6rSNgphoAP4119FDX9jaW0B8\n"
+"HL9p+XRZTOTSo5GMLUTH5zo+zpTbB2cxAP9moc/i1z2D8AXTnUk7YfSm+o7rFThu\n"
+"2Cx0oO7h1g0MjQD6A/6e68DhK9altb/xqtHeG0jbLmvFRtkC0zu7WZjvSbc=\n"
+"=v3gg\n"
+"-----END PGP PUBLIC KEY BLOCK-----\n";
+
+const gnutls_datum_t cert2048 = { cert2048_txt, sizeof (cert2048_txt) };
+
+static unsigned char key2048_txt[] =
+"-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+"Version: GnuPG v1.4.10 (GNU/Linux)\n"
+"Comment: Test key for GnuTLS\n"
+"\n"
+"lQNTBE1/6bQRCAD8TQlwbkkX3bLJvemSA/BqT/z0OrJsuXKFQqK5Pp0BRTwC4iCg\n"
+"wnUFrr012up66YTzaA0aQpkf48gqxZ1XTGZtZ13+aAArChqKiffR7OS+BnROd+D3\n"
+"NkPF0tWDAqRFsybIej1GcdSyPw+neExSfoeYzNpUW9oX2iLh5QZC/xt++kE8tOr8\n"
+"BXiDW/+rudjf8Rc0ZI10vi12rb64eYd7szE49crS2YsjqarnncN+J7RX3jSifKrZ\n"
+"XqP/F5s/0a1Nfd4xQU2fsnbQwiIuKTQjU6BHD/2ILnhZImEUn4KqZvbEt6yIJiLy\n"
+"u+KerhTiuAhl+sx2DQf3EVxD8EpCwzFqXtF3AQD9Nf9OFJ2Cchwuz8Q5VDBoRFhP\n"
+"4p/hGWqAsmRSZlxdQQf/Q5R15CMDtCrZnuSeptfgdZUfB0gi0aYeKE2TWto5JEVP\n"
+"i24IXSF2l1qF9IM2i9Fv7FBwZuLQj6s+vOsq0TSATvaTGdCpvqKOCHKBZtfqD/rv\n"
+"XJ5o3oEOtDzXdxrW1f8yVbSeWRGT2iNDPNYCnz4d+njAK1q21Qs1TRC/MKPP2EqB\n"
+"fjy7VE0k4mFCOCLqfEnEh5hmBzegNo6+pq/i7VHuDG/w6oMUILsf+IM+JlRqeTtJ\n"
+"iDDj6yVxBdW/0jSn8Wb2CeJ+S9Jf8zLeOaxtNuD9MbRG4KjnGzmh256FpA3S8E6x\n"
+"ffx7LdqHGkIPEf9wFY5+7C70fbfLvIbYcFf6UdGofAf+I/NtpVMVm1ZbINIcky24\n"
+"T0Y8NtYY4UsGaq5Lv+YQZc8DzGvjTCUMVcfPTn0g2C2l/nv3H+Po5QOjXgCGmq2U\n"
+"NtoJ/GYr/lrN0j7GCLXWyJCWpAv0VqkzFX5HtiuC1/3R8ONpb0wtGcKaVPYm3jZM\n"
+"fZLKlqG+yZABldKgVOoTmvWEsGQhP+OKho8grmiaAqOVHSfd9qofMH/V53wH03JB\n"
+"E5BqdQR6mP2Jq/q8OLlg8VrlSWLi+0dFP1QrNN0u87UBQ9FtpYnRnF0k/3tFdTQL\n"
+"GfjE9BdBO3vwSPg8EEQKUDxgeL5RoQT1ANi/iXBxfYoULVNQysTPwXIg9YauTU0f\n"
+"VwAA/RnOgKKKmJo6d4E+mAa0Pl1QKayWKgSsDoww0kUoUTgHDU20CWxvY2FsaG9z\n"
+"dIh6BBMRCAAiBQJNf+m0AhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRB7\n"
+"/ynKCzvfuIpsAP98/kCtFvcn34f8hSkWGMn8i8hfqvxAioV5/H2+E1HPQgD/Xxjd\n"
+"6R7o79lKZPXd4oGNsO4yLju/DwPHUXyCrOUBFxadA1METX/ptBEIAKiXPissfheT\n"
+"peJ00JXXVYcNLC1HjPmzlr8SImVEo5MBUOELt9mtSXpSfJ3tdqQSML1wPf6Gvycg\n"
+"4deIhaMTuLtWgSVIXlaNMnkbqY6PdoFOm8Gy02RyZU6kaNL53nWKTwp1Xs+QjUiQ\n"
+"fUzLoGS8oBuP1jt83AYy4JEf8K3m297SgJkv0TFLgaRcRozZyzGTswqgeCzxUBAh\n"
+"KzlqYOnXcC18LT+FY2gRPUWD9blT9QYcnNvCzEI0FtZeb81XDdA0JsgQOll9kAXo\n"
+"lawC68RqtQnXAAiMmMOs83IeidqQeSLph/iDh0DHOK+u3WYyEiEkvE/V4rdudSdL\n"
+"LIpcOJt62c8BAKSuI4WJ9kdSktooS5W/u4dNWFXFANbBuio+LDsZN85RB/0Vmbq3\n"
+"pROYDE+jNxhnulk5BNTxAbZZ72bzELvq5ZcXv6yEJKeSZBzoz7RF/1ouvBE+8jCg\n"
+"4yEKvY6BZ0SO9LHD392tjB8HNDi+zxnX9dz1JlMDsJanD+EZnpANjKQw5fUJ/aU+\n"
+"NH1GS6EdJVbrCTW6wvH1vTCHIPyQBae1P88Z22VBEkxdPpOPOmxequUCuJGh46FD\n"
+"r819Hp3LPtMWO7QGPnEoEJJ9+89hvyuTlDEF1EO4UPi0b0DTP6l0Y8LAblvuA/uG\n"
+"4JRiycU/TyDYmfHIG3whehPQfkJrGOyklWGAfeeS7AovvBv7asHZhw2AClfTl2X2\n"
+"+eFCqi4d0dCZHTKRB/9Kz27MYcBVyxPosQLOR07tCC18I+rgkfTxgUerJAfDjX2l\n"
+"wLavvdjv+GnoAsWwvUjVrk72ASpAXTBkhnDuy8L8I1ANpLoxFeuiJ+egwkCUvitf\n"
+"QEfn0WD66PPjGrwEJYqxCtbjo4naCspFc4qjuwemeAwGmWQQz4fB8GADWrsJX2qR\n"
+"rmef6yzzQhYuVRCY1//bdBAgoDzjhCvKlgOZY8N+Sulv9wlV+4SjX5QMdQRga9Bn\n"
+"6yaPxLJ3ngRLCj5P4YHubj6/sJA6nV6v+6sQkh4U9zkKYjluuXcgV/+OFwFUGlrX\n"
+"+gyXPOJ1g2LAoLHBGcxgFMgWPBcPUu1nuThSzXGFAAEAgj6e0tgxENBORrJkBCl6\n"
+"xfV6iTNXa3HDArTNTyURRzEN0YjBBBgRCAAJBQJNf+m0AhsiAGoJEHv/KcoLO9+4\n"
+"XyAEGREIAAYFAk1/6bQACgkQQ+/Ras/Fxz1onAD/W3lWDopZrH9R66tiyjYOX4sV\n"
+"b1SoPlKRJngsHouxc4oA/RYoFGrhoY+nL22eza/Ku/SUnVrufZ/jIvQakhpmrLD/\n"
+"ZzEBAJ1w0ez3wUJbsfGlWBkb16pYpIh68/qvTTj84v5N0picAQC1p8JjouN88BJw\n"
+"9UquUquXdK1TY965biHIQ70uaOU4Hw==\n"
+"=Rrkw\n"
+"-----END PGP PRIVATE KEY BLOCK-----\n";
+
+const gnutls_datum_t key2048 = { key2048_txt, sizeof (key2048_txt) };
+
+
static void
server_start (void)
{
@@ -389,94 +504,112 @@ server_start (void)
static void
server (void)
{
+ int j;
/* this must be called once in the program
*/
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
if (debug)
- gnutls_global_set_log_level (2);
-
- gnutls_certificate_allocate_credentials (&pgp_cred);
-
- ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &server_crt,
- &server_key, "auto",
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err < 0)
- {
- fail ("Could not set server key files...\n");
- }
+ gnutls_global_set_log_level (5);
if (debug)
success ("Launched, setting DH parameters...\n");
generate_dh_params ();
- gnutls_certificate_set_dh_params (pgp_cred, dh_params);
-
client_len = sizeof (sa_cli);
- session = initialize_tls_session ();
-
- sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
-
- if (debug)
- success ("server: connection from %s, port %d\n",
- inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
- sizeof (topbuf)), ntohs (sa_cli.sin_port));
-
- gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
- ret = gnutls_handshake (session);
- if (ret < 0)
+ for (j = 0; j < 2; j++)
{
- close (sd);
- gnutls_deinit (session);
- fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
- return;
- }
- if (debug)
- success ("server: Handshake was completed\n");
+ if (j==0)
+ {
+ gnutls_certificate_allocate_credentials (&pgp_cred);
+ ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &server_crt,
+ &server_key, "auto",
+ GNUTLS_OPENPGP_FMT_BASE64);
+ }
+ else
+ {
+ gnutls_certificate_free_credentials (pgp_cred);
+ gnutls_certificate_allocate_credentials (&pgp_cred);
+ ret =
+ gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &cert2048,
&key2048,
+ "auto", GNUTLS_OPENPGP_FMT_BASE64);
+ }
+
+ if (ret < 0)
+ {
+ fail ("Could not set server key files...\n");
+ goto end;
+ }
- if (debug)
- success ("server: TLS version is: %s\n",
- gnutls_protocol_get_name (gnutls_protocol_get_version
- (session)));
+ gnutls_certificate_set_dh_params (pgp_cred, dh_params);
- /* see the Getting peer's information example */
- if (debug)
- print_info (session);
+ session = initialize_tls_session ();
- i = 0;
- for (;;)
- {
- memset (buffer, 0, MAX_BUF + 1);
- ret = gnutls_record_recv (session, buffer, MAX_BUF);
+ sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
- if (ret == 0)
- {
- if (debug)
- success ("server: Peer has closed the GnuTLS connection\n");
- break;
- }
- else if (ret < 0)
+ if (debug)
+ success ("server: connection from %s, port %d\n",
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
+
+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
+ ret = gnutls_handshake (session);
+ if (ret < 0)
{
- fail ("server: Received corrupted data(%d). Closing...\n", ret);
- break;
+ close (sd);
+ gnutls_deinit (session);
+ fail ("server: Handshake %d has failed (%s)\n\n",
+ j, gnutls_strerror (ret));
+ goto end;
}
- else if (ret > 0)
+ if (debug)
+ success ("server: Handshake %d was completed\n", j);
+
+ if (debug)
+ success ("server: TLS version is: %s\n",
+ gnutls_protocol_get_name (gnutls_protocol_get_version
+ (session)));
+
+ /* see the Getting peer's information example */
+ if (debug)
+ print_info (session);
+
+ i = 0;
+ for (;;)
{
- /* echo data back to the client
- */
- gnutls_record_send (session, buffer, strlen (buffer));
+ memset (buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+
+ if (ret == 0)
+ {
+ if (debug)
+ success ("server: Peer has closed the GnuTLS connection\n");
+ break;
+ }
+ else if (ret < 0)
+ {
+ fail ("server: Received corrupted data(%d). Closing...\n", ret);
+ goto end;
+ }
+ else if (ret > 0)
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
}
- }
- /* do not wait for the peer to close the connection.
- */
- gnutls_bye (session, GNUTLS_SHUT_WR);
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye (session, GNUTLS_SHUT_WR);
- close (sd);
- gnutls_deinit (session);
+ close (sd);
+ gnutls_deinit (session);
+ }
+end:
close (listen_sd);
gnutls_certificate_free_credentials (pgp_cred);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_7-13-ga32853d,
Nikos Mavrogiannopoulos <=