commit fd769761a5236eeead5f7895aa5209b1ffad7028
parent 19db7f74f4f6e37dc645f8363fd1259422a01462
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 12 Oct 2008 21:40:47 +0000
removing dead extension code
Diffstat:
9 files changed, 119 insertions(+), 2756 deletions(-)
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c
@@ -381,7 +381,7 @@ MHD__gnutls_x509_oid_data2string (const char *oid,
}
else
{
- result = MHD__gnutls_x509_data2hex (str, len, res, res_size);
+ result = MHD__gnutls_x509_data2hex ((const unsigned char*) str, len, (unsigned char*) res, res_size);
if (result < 0)
{
MHD_gnutls_assert ();
@@ -425,8 +425,8 @@ MHD__gnutls_x509_data2hex (const opaque * data,
if (out)
{
- strcpy (out, "#");
- strcat (out, res);
+ strcpy ((char*) out, "#");
+ strcat ((char*) out, res);
}
return 0;
@@ -521,7 +521,7 @@ mktime_utc (const struct fake_tm *tm)
* month|day|hour|minute|sec* (2 chars each)
* and year is given. Returns a time_t date.
*/
-time_t
+static time_t
MHD__gnutls_x509_time2gtime (const char *ttime, int year)
{
char xx[3];
@@ -588,7 +588,7 @@ MHD__gnutls_x509_time2gtime (const char *ttime, int year)
*
* (seconds are optional)
*/
-time_t
+static time_t
MHD__gnutls_x509_utcTime2gtime (const char *ttime)
{
char xx[3];
@@ -614,44 +614,11 @@ MHD__gnutls_x509_utcTime2gtime (const char *ttime)
return MHD__gnutls_x509_time2gtime (ttime, year);
}
-/* returns a time value that contains the given time.
- * The given time is expressed as:
- * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)
- */
-int
-MHD__gnutls_x509_gtime2utcTime (time_t gtime, char *str_time, int str_time_size)
-{
- size_t ret;
-
-#ifdef HAVE_GMTIME_R
- struct tm _tm;
-
- gmtime_r (>ime, &_tm);
-
- ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm);
-#else
- struct tm *_tm;
-
- _tm = gmtime (>ime);
-
- ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", _tm);
-#endif
-
- if (!ret)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- return 0;
-
-}
-
/* returns a time_t value that contains the given time.
* The given time is expressed as:
* YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
*/
-time_t
+static time_t
MHD__gnutls_x509_generalTime2gtime (const char *ttime)
{
char xx[5];
@@ -735,43 +702,6 @@ MHD__gnutls_x509_get_time (ASN1_TYPE c2, const char *when)
return c_time;
}
-/* Sets the time in time_t in the ASN1_TYPE given. Where should
- * be something like "tbsCertList.thisUpdate".
- */
-int
-MHD__gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim)
-{
- char str_time[MAX_TIME];
- char name[128];
- int result, len;
-
- MHD_gtls_str_cpy (name, sizeof (name), where);
-
- if ((result = MHD__asn1_write_value (c2, name, "utcTime", 1)) < 0)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_x509_gtime2utcTime (tim, str_time, sizeof (str_time));
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- MHD_gtls_str_cat (name, sizeof (name), ".utcTime");
-
- len = strlen (str_time);
- result = MHD__asn1_write_value (c2, name, str_time, len);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- return 0;
-}
MHD_gnutls_x509_subject_alt_name_t
MHD__gnutls_x509_san_find_type (char *str_type)
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h
@@ -58,10 +58,6 @@
#define SIG_GOST_R3410_94_OID "1.2.643.2.2.4"
#define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3"
-time_t MHD__gnutls_x509_utcTime2gtime (const char *ttime);
-time_t MHD__gnutls_x509_generalTime2gtime (const char *ttime);
-int MHD__gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim);
-
int MHD__gnutls_x509_decode_octet_string (const char *string_type,
const opaque * der, size_t der_size,
opaque * output, size_t * output_size);
diff --git a/src/daemon/https/x509/dn.c b/src/daemon/https/x509/dn.c
@@ -273,7 +273,7 @@ MHD__gnutls_x509_parse_dn (ASN1_TYPE MHD__asn1_struct,
if (!printable || result < 0)
result =
- MHD__gnutls_x509_data2hex (value2, len, string, &sizeof_string);
+ MHD__gnutls_x509_data2hex ((const unsigned char*) value2, len, (unsigned char*) string, &sizeof_string);
if (result < 0)
{
@@ -477,7 +477,7 @@ MHD__gnutls_x509_parse_dn_oid (ASN1_TYPE MHD__asn1_struct,
cbuf, sizeof_buf);
else
result =
- MHD__gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf);
+ MHD__gnutls_x509_data2hex (buf, len, (unsigned char*) cbuf, sizeof_buf);
if (result < 0)
{
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c
@@ -259,191 +259,6 @@ MHD__gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert,
}
}
-/* This function will attempt to set the requested extension in
- * the given X509v3 certificate.
- *
- * Critical will be either 0 or 1.
- */
-static int
-set_extension (ASN1_TYPE asn, const char *extension_id,
- const MHD_gnutls_datum_t * ext_data, unsigned int critical)
-{
- int result;
- const char *str;
-
- /* Add a new extension in the list.
- */
- result = MHD__asn1_write_value (asn, "tbsCertificate.extensions", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result =
- MHD__asn1_write_value (asn, "tbsCertificate.extensions.?LAST.extnID",
- extension_id, 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- if (critical == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
-
- result =
- MHD__asn1_write_value (asn, "tbsCertificate.extensions.?LAST.critical",
- str, 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result =
- MHD__gnutls_x509_write_value (asn,
- "tbsCertificate.extensions.?LAST.extnValue",
- ext_data, 0);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/* Overwrite the given extension (using the index)
- * index here starts from one.
- */
-static int
-overwrite_extension (ASN1_TYPE asn, unsigned int indx,
- const MHD_gnutls_datum_t * ext_data, unsigned int critical)
-{
- char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE];
- const char *str;
- int result;
-
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u", indx);
-
- if (critical == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- MHD_gtls_str_cpy (name2, sizeof (name2), name);
- MHD_gtls_str_cat (name2, sizeof (name2), ".critical");
-
- result = MHD__asn1_write_value (asn, name2, str, 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- MHD_gtls_str_cpy (name2, sizeof (name2), name);
- MHD_gtls_str_cat (name2, sizeof (name2), ".extnValue");
-
- result = MHD__gnutls_x509_write_value (asn, name2, ext_data, 0);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/* This function will attempt to overwrite the requested extension with
- * the given one.
- *
- * Critical will be either 0 or 1.
- */
-int
-MHD__gnutls_x509_crt_set_extension (MHD_gnutls_x509_crt_t cert,
- const char *ext_id,
- const MHD_gnutls_datum_t * ext_data,
- unsigned int critical)
-{
- int result;
- int k, len;
- char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE];
- char extnID[128];
-
- /* Find the index of the given extension.
- */
- k = 0;
- do
- {
- k++;
-
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u", k);
-
- len = sizeof (extnID) - 1;
- result = MHD__asn1_read_value (cert->cert, name, extnID, &len);
-
- /* move to next
- */
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
-
- do
- {
-
- MHD_gtls_str_cpy (name2, sizeof (name2), name);
- MHD_gtls_str_cat (name2, sizeof (name2), ".extnID");
-
- len = sizeof (extnID) - 1;
- result = MHD__asn1_read_value (cert->cert, name2, extnID, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- MHD_gnutls_assert ();
- break;
- }
- else if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- /* Handle Extension
- */
- if (strcmp (extnID, ext_id) == 0)
- {
- /* extension was found
- */
- return overwrite_extension (cert->cert, k, ext_data, critical);
- }
-
-
- }
- while (0);
- }
- while (1);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- return set_extension (cert->cert, ext_id, ext_data, critical);
- }
- else
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
-
- return 0;
-}
-
-
/* Here we only extract the KeyUsage field, from the DER encoded
* extension.
*/
@@ -520,7 +335,7 @@ MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
if (pathLenConstraint)
{
result = MHD__gnutls_x509_read_uint (ext, "pathLenConstraint",
- pathLenConstraint);
+ (unsigned int*) pathLenConstraint);
if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
*pathLenConstraint = -1;
else if (result != GNUTLS_E_SUCCESS)
@@ -544,552 +359,3 @@ MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
return 0;
}
-
-/* generate the basicConstraints in a DER encoded extension
- * Use 0 or 1 (TRUE) for CA.
- * Use negative values for pathLenConstraint to indicate that the field
- * should not be present, >= 0 to indicate set values.
- */
-int
-MHD__gnutls_x509_ext_gen_basicConstraints (int CA,
- int pathLenConstraint,
- MHD_gnutls_datum_t * der_ext)
-{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- const char *str;
- int result;
-
- if (CA == 0)
- str = "FALSE";
- else
- str = "TRUE";
-
- result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_write_value (ext, "cA", str, 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
-
- if (pathLenConstraint < 0)
- {
- result = MHD__asn1_write_value (ext, "pathLenConstraint", NULL, 0);
- if (result < 0)
- result = MHD_gtls_asn2err (result);
- }
- else
- result = MHD__gnutls_x509_write_uint32 (ext, "pathLenConstraint",
- pathLenConstraint);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return result;
- }
-
- result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- MHD__asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/* generate the keyUsage in a DER encoded extension
- * Use an ORed SEQUENCE of GNUTLS_KEY_* for usage.
- */
-int
-MHD__gnutls_x509_ext_gen_keyUsage (uint16_t usage, MHD_gnutls_datum_t * der_ext)
-{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- uint8_t str[2];
-
- result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.KeyUsage", &ext);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- str[0] = usage & 0xff;
- str[1] = usage >> 8;
-
- result = MHD__asn1_write_value (ext, "", str, 9);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- MHD__asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-static int
-write_new_general_name (ASN1_TYPE ext, const char *ext_name,
- MHD_gnutls_x509_subject_alt_name_t type,
- const char *data_string)
-{
- const char *str;
- int result;
- char name[128];
-
- result = MHD__asn1_write_value (ext, ext_name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- switch (type)
- {
- case GNUTLS_SAN_DNSNAME:
- str = "dNSName";
- break;
- case GNUTLS_SAN_RFC822NAME:
- str = "rfc822Name";
- break;
- case GNUTLS_SAN_URI:
- str = "uniformResourceIdentifier";
- break;
- case GNUTLS_SAN_IPADDRESS:
- str = "iPAddress";
- break;
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (ext_name[0] == 0)
- { /* no dot */
- MHD_gtls_str_cpy (name, sizeof (name), "?LAST");
- }
- else
- {
- MHD_gtls_str_cpy (name, sizeof (name), ext_name);
- MHD_gtls_str_cat (name, sizeof (name), ".?LAST");
- }
-
- result = MHD__asn1_write_value (ext, name, str, 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- MHD_gtls_str_cat (name, sizeof (name), ".");
- MHD_gtls_str_cat (name, sizeof (name), str);
-
- result = MHD__asn1_write_value (ext, name, data_string, strlen (data_string));
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
-
- return 0;
-}
-
-/* Convert the given name to GeneralNames in a DER encoded extension.
- * This is the same as subject alternative name.
- */
-int
-MHD__gnutls_x509_ext_gen_subject_alt_name (MHD_gnutls_x509_subject_alt_name_t
- type, const char *data_string,
- MHD_gnutls_datum_t * der_ext)
-{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.GeneralNames", &ext);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = write_new_general_name (ext, "", type, data_string);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return result;
- }
-
- result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- MHD__asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/* generate the SubjectKeyID in a DER encoded extension
- */
-int
-MHD__gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
- MHD_gnutls_datum_t * der_ext)
-{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (),
- "PKIX1.SubjectKeyIdentifier", &ext);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_write_value (ext, "", id, id_size);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- MHD__asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/* generate the AuthorityKeyID in a DER encoded extension
- */
-int
-MHD__gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
- MHD_gnutls_datum_t * der_ext)
-{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (),
- "PKIX1.AuthorityKeyIdentifier", &ext);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_write_value (ext, "keyIdentifier", id, id_size);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
-
- MHD__asn1_write_value (ext, "authorityCertIssuer", NULL, 0);
- MHD__asn1_write_value (ext, "authorityCertSerialNumber", NULL, 0);
-
- result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- MHD__asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-
-/* Creates and encodes the CRL Distribution points. data_string should be a name
- * and type holds the type of the name.
- * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*.
- *
- */
-int
-MHD__gnutls_x509_ext_gen_crl_dist_points (MHD_gnutls_x509_subject_alt_name_t
- type, const void *data_string,
- unsigned int reason_flags,
- MHD_gnutls_datum_t * der_ext)
-{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- MHD_gnutls_datum_t gnames = { NULL, 0 };
- int result;
- uint8_t reasons[2];
-
- reasons[0] = reason_flags & 0xff;
- reasons[1] = reason_flags >> 8;
-
- result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (),
- "PKIX1.CRLDistributionPoints", &ext);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- result = MHD__asn1_write_value (ext, "", "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- if (reason_flags)
- {
- result = MHD__asn1_write_value (ext, "?LAST.reasons", reasons, 9);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
- }
- else
- {
- result = MHD__asn1_write_value (ext, "?LAST.reasons", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
- }
-
- result = MHD__asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- /* When used as type CHOICE.
- */
- result = MHD__asn1_write_value (ext, "?LAST.distributionPoint", "fullName", 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
-#if 0
- /* only needed in old code (where defined as SEQUENCE OF) */
- MHD__asn1_write_value (ext,
- "?LAST.distributionPoint.nameRelativeToCRLIssuer",
- NULL, 0);
-#endif
-
- result =
- write_new_general_name (ext, "?LAST.distributionPoint.fullName",
- type, data_string);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- MHD__gnutls_free_datum (&gnames);
- MHD__asn1_delete_structure (&ext);
-
- return result;
-}
-
-/* extract the proxyCertInfo from the DER encoded extension
- */
-int
-MHD__gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
- char **policyLanguage,
- char **policy,
- size_t * sizeof_policy,
- opaque * extnValue, int extnValueLen)
-{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
- MHD_gnutls_datum_t value;
-
- if ((result = MHD__asn1_create_element
- (MHD__gnutls_get_pkix (), "PKIX1.ProxyCertInfo", &ext)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
-
- if (pathLenConstraint)
- {
- result = MHD__gnutls_x509_read_uint (ext, "pCPathLenConstraint",
- pathLenConstraint);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- *pathLenConstraint = -1;
- else if (result != GNUTLS_E_SUCCESS)
- {
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
- }
-
- result = MHD__gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage",
- &value, 0);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return result;
- }
-
- if (policyLanguage)
- *policyLanguage = MHD_gnutls_strdup (value.data);
-
- result = MHD__gnutls_x509_read_value (ext, "proxyPolicy.policy", &value, 0);
- if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
- {
- if (policy)
- *policy = NULL;
- if (sizeof_policy)
- *sizeof_policy = 0;
- }
- else if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return result;
- }
- else
- {
- if (policy)
- *policy = value.data;
- if (sizeof_policy)
- *sizeof_policy = value.size;
- }
-
- MHD__asn1_delete_structure (&ext);
-
- return 0;
-}
-
-/* generate the proxyCertInfo in a DER encoded extension
- */
-int
-MHD__gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
- const char *policyLanguage,
- const char *policy,
- size_t sizeof_policy,
- MHD_gnutls_datum_t * der_ext)
-{
- ASN1_TYPE ext = ASN1_TYPE_EMPTY;
- int result;
-
- result = MHD__asn1_create_element (MHD__gnutls_get_pkix (),
- "PKIX1.ProxyCertInfo", &ext);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- if (pathLenConstraint < 0)
- {
- result = MHD__asn1_write_value (ext, "pCPathLenConstraint", NULL, 0);
- if (result < 0)
- result = MHD_gtls_asn2err (result);
- }
- else
- result = MHD__gnutls_x509_write_uint32 (ext, "pCPathLenConstraint",
- pathLenConstraint);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return result;
- }
-
- result = MHD__asn1_write_value (ext, "proxyPolicy.policyLanguage",
- policyLanguage, 1);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_write_value (ext, "proxyPolicy.policy",
- policy, sizeof_policy);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&ext);
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
- MHD__asn1_delete_structure (&ext);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h
@@ -36,33 +36,3 @@ int MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
int *pathLenConstraint,
opaque * extnValue,
int extnValueLen);
-int MHD__gnutls_x509_crt_set_extension (MHD_gnutls_x509_crt_t cert,
- const char *extension_id,
- const MHD_gnutls_datum_t * ext_data,
- unsigned int critical);
-int MHD__gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
- MHD_gnutls_datum_t * der_ext);
-int MHD__gnutls_x509_ext_gen_keyUsage (uint16_t usage, MHD_gnutls_datum_t * der_ext);
-int MHD__gnutls_x509_ext_gen_subject_alt_name (MHD_gnutls_x509_subject_alt_name_t
- type, const char *data_string,
- MHD_gnutls_datum_t * der_ext);
-int MHD__gnutls_x509_ext_gen_crl_dist_points (MHD_gnutls_x509_subject_alt_name_t
- type, const void *data_string,
- unsigned int reason_flags,
- MHD_gnutls_datum_t * der_ext);
-int MHD__gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
- MHD_gnutls_datum_t * der_data);
-int MHD__gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
- MHD_gnutls_datum_t * der_data);
-
-int MHD__gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
- char **policyLanguage,
- char **policy,
- size_t * sizeof_policy,
- opaque * extnValue,
- int extnValueLen);
-int MHD__gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
- const char *policyLanguage,
- const char *policy,
- size_t sizeof_policy,
- MHD_gnutls_datum_t * der_ext);
diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c
@@ -103,7 +103,7 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash,
}
info->size = 0;
- MHD__asn1_der_coding (dinfo, "", NULL, &info->size, NULL);
+ MHD__asn1_der_coding (dinfo, "", NULL, (int*) &info->size, NULL);
info->data = MHD_gnutls_malloc (info->size);
if (info->data == NULL)
@@ -113,7 +113,7 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash,
return GNUTLS_E_MEMORY_ERROR;
}
- result = MHD__asn1_der_coding (dinfo, "", info->data, &info->size, NULL);
+ result = MHD__asn1_der_coding (dinfo, "", info->data, (int*) &info->size, NULL);
if (result != ASN1_SUCCESS)
{
MHD_gnutls_assert ();
@@ -185,7 +185,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash,
* 'signature' will hold the signature!
* 'hash' is only used in PKCS1 RSA signing.
*/
-int
+static int
MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs,
enum MHD_GNUTLS_HashAlgorithm hash,
MHD_gnutls_x509_privkey_t signer, MHD_gnutls_datum_t * signature)
@@ -255,93 +255,5 @@ MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name,
return result;
}
-/*-
- * MHD__gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key
- * @src: should contain an ASN1_TYPE
- * @issuer: is the certificate of the certificate issuer
- * @issuer_key: holds the issuer's private key
- *
- * This function will sign a CRL or a certificate with the issuer's private key, and
- * will copy the issuer's information into the CRL or certificate.
- *
- * Returns 0 on success.
- *
- -*/
-int
-MHD__gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
- enum MHD_GNUTLS_HashAlgorithm dig,
- MHD_gnutls_x509_crt_t issuer,
- MHD_gnutls_x509_privkey_t issuer_key)
-{
- int result;
- MHD_gnutls_datum_t signature;
- char name[128];
-
- /* Step 1. Copy the issuer's name into the certificate.
- */
- MHD_gtls_str_cpy (name, sizeof (name), src_name);
- MHD_gtls_str_cat (name, sizeof (name), ".issuer");
-
- result = MHD__asn1_copy_node (src, name, issuer->cert, "tbsCertificate.subject");
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- /* Step 1.5. Write the signature stuff in the tbsCertificate.
- */
- MHD_gtls_str_cpy (name, sizeof (name), src_name);
- MHD_gtls_str_cat (name, sizeof (name), ".signature");
-
- result = MHD__gnutls_x509_write_sig_params (src, name,
- issuer_key->pk_algorithm, dig,
- issuer_key->params,
- issuer_key->params_size);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- /* Step 2. Sign the certificate.
- */
- result = MHD__gnutls_x509_sign_tbs (src, src_name, dig, issuer_key, &signature);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- /* write the signature (bits)
- */
- result =
- MHD__asn1_write_value (src, "signature", signature.data, signature.size * 8);
-
- MHD__gnutls_free_datum (&signature);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- /* Step 3. Move up and write the AlgorithmIdentifier, which is also
- * the same.
- */
-
- result = MHD__gnutls_x509_write_sig_params (src, "signatureAlgorithm",
- issuer_key->pk_algorithm, dig,
- issuer_key->params,
- issuer_key->params_size);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
#endif
diff --git a/src/daemon/https/x509/sign.h b/src/daemon/https/x509/sign.h
@@ -22,15 +22,7 @@
*
*/
-int MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs,
- enum MHD_GNUTLS_HashAlgorithm hash,
- MHD_gnutls_x509_privkey_t signer,
- MHD_gnutls_datum_t * signature);
int MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name,
enum MHD_GNUTLS_HashAlgorithm hash,
MHD_gnutls_x509_privkey_t signer,
MHD_gnutls_datum_t * signature);
-int MHD__gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
- enum MHD_GNUTLS_HashAlgorithm,
- MHD_gnutls_x509_crt_t issuer,
- MHD_gnutls_x509_privkey_t issuer_key);
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c
@@ -71,62 +71,6 @@ MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert)
return 0; /* success */
}
-/*-
- * MHD__gnutls_x509_crt_cpy - This function copies a MHD_gnutls_x509_crt_t structure
- * @dest: The structure where to copy
- * @src: The structure to be copied
- *
- * This function will copy an X.509 certificate structure.
- *
- * Returns 0 on success.
- *
- -*/
-int
-MHD__gnutls_x509_crt_cpy (MHD_gnutls_x509_crt_t dest, MHD_gnutls_x509_crt_t src)
-{
- int ret;
- size_t der_size;
- opaque *der;
- MHD_gnutls_datum_t tmp;
-
- ret = MHD_gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- der = MHD_gnutls_alloca (der_size);
- if (der == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = MHD_gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_afree (der);
- return ret;
- }
-
- tmp.data = der;
- tmp.size = der_size;
- ret = MHD_gnutls_x509_crt_import (dest, &tmp, GNUTLS_X509_FMT_DER);
-
- MHD_gnutls_afree (der);
-
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- return 0;
-
-}
-
/**
* MHD_gnutls_x509_crt_deinit - This function deinitializes memory used by a MHD_gnutls_x509_crt_t structure
* @cert: The structure to be initialized
@@ -233,149 +177,6 @@ cleanup:MHD_gnutls_free (signature);
}
/**
- * MHD_gnutls_x509_crt_get_issuer_dn - This function returns the Certificate's issuer distinguished name
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @buf: a pointer to a structure to hold the name (may be null)
- * @sizeof_buf: initially holds the size of @buf
- *
- * This function will copy the name of the Certificate issuer in the
- * provided buffer. The name will be in the form
- * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
- * will be ASCII or UTF-8 encoded, depending on the certificate data.
- *
- * If @buf is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_buf will be updated with
- * the required size. On success 0 is returned.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_issuer_dn (MHD_gnutls_x509_crt_t cert,
- char *buf, size_t * sizeof_buf)
-{
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_parse_dn (cert->cert,
- "tbsCertificate.issuer.rdnSequence", buf,
- sizeof_buf);
-}
-
-/**
- * MHD_gnutls_x509_crt_get_issuer_dn_by_oid - This function returns the Certificate's issuer distinguished name
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @oid: holds an Object Identified in null terminated string
- * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
- * @raw_flag: If non zero returns the raw DER data of the DN part.
- * @buf: a pointer to a structure to hold the name (may be null)
- * @sizeof_buf: initially holds the size of @buf
- *
- * This function will extract the part of the name of the Certificate
- * issuer specified by the given OID. The output, if the raw flag is not
- * used, will be encoded as described in RFC2253. Thus a string that is
- * ASCII or UTF-8 encoded, depending on the certificate data.
- *
- * Some helper macros with popular OIDs can be found in gnutls/x509.h
- * If raw flag is zero, this function will only return known OIDs as
- * text. Other OIDs will be DER encoded, as described in RFC2253 --
- * in hex format with a '\#' prefix. You can check about known OIDs
- * using MHD_gnutls_x509_dn_oid_known().
- *
- * If @buf is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_buf will be updated with
- * the required size. On success 0 is returned.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_issuer_dn_by_oid (MHD_gnutls_x509_crt_t cert,
- const char *oid,
- int indx,
- unsigned int raw_flag,
- void *buf, size_t * sizeof_buf)
-{
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_parse_dn_oid (cert->cert,
- "tbsCertificate.issuer.rdnSequence", oid,
- indx, raw_flag, buf, sizeof_buf);
-}
-
-/**
- * MHD_gnutls_x509_crt_get_issuer_dn_oid - This function returns the Certificate's issuer distinguished name OIDs
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @indx: This specifies which OID to return. Use zero to get the first one.
- * @oid: a pointer to a buffer to hold the OID (may be null)
- * @sizeof_oid: initially holds the size of @oid
- *
- * This function will extract the OIDs of the name of the Certificate
- * issuer specified by the given index.
- *
- * If @oid is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_oid will be updated with
- * the required size. On success 0 is returned.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_issuer_dn_oid (MHD_gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
-{
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_get_dn_oid (cert->cert,
- "tbsCertificate.issuer.rdnSequence", indx,
- oid, sizeof_oid);
-}
-
-/**
- * MHD_gnutls_x509_crt_get_dn - This function returns the Certificate's distinguished name
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @buf: a pointer to a structure to hold the name (may be null)
- * @sizeof_buf: initially holds the size of @buf
- *
- * This function will copy the name of the Certificate in the
- * provided buffer. The name will be in the form
- * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
- * will be ASCII or UTF-8 encoded, depending on the certificate data.
- *
- * If @buf is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_buf will be updated with
- * the required size. On success 0 is returned.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_dn (MHD_gnutls_x509_crt_t cert,
- char *buf, size_t * sizeof_buf)
-{
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_parse_dn (cert->cert,
- "tbsCertificate.subject.rdnSequence", buf,
- sizeof_buf);
-}
-
-/**
* MHD_gnutls_x509_crt_get_dn_by_oid - This function returns the Certificate's distinguished name
* @cert: should contain a MHD_gnutls_x509_crt_t structure
* @oid: holds an Object Identified in null terminated string
@@ -421,38 +222,6 @@ MHD_gnutls_x509_crt_get_dn_by_oid (MHD_gnutls_x509_crt_t cert,
}
/**
- * MHD_gnutls_x509_crt_get_dn_oid - This function returns the Certificate's subject distinguished name OIDs
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @indx: This specifies which OID to return. Use zero to get the first one.
- * @oid: a pointer to a buffer to hold the OID (may be null)
- * @sizeof_oid: initially holds the size of @oid
- *
- * This function will extract the OIDs of the name of the Certificate
- * subject specified by the given index.
- *
- * If oid is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_oid will be updated with
- * the required size. On success 0 is returned.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_dn_oid (MHD_gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
-{
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_get_dn_oid (cert->cert,
- "tbsCertificate.subject.rdnSequence", indx,
- oid, sizeof_oid);
-}
-
-/**
* MHD_gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm
* @cert: should contain a MHD_gnutls_x509_crt_t structure
*
@@ -671,28 +440,28 @@ MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert,
return 0;
}
+
/**
- * MHD_gnutls_x509_crt_get_subject_key_id - This function returns the certificate's key identifier
+ * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm
* @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @ret: The place where the identifier will be copied
- * @ret_size: Holds the size of the result field.
- * @critical: will be non zero if the extension is marked as critical (may be null)
+ * @bits: if bits is non null it will hold the size of the parameters' in bits
*
- * This function will return the X.509v3 certificate's subject key identifier.
- * This is obtained by the X.509 Subject Key identifier extension
- * field (2.5.29.14).
+ * This function will return the public key algorithm of an X.509
+ * certificate.
*
- * Returns 0 on success and a negative value in case of an error.
+ * If bits is non null, it should have enough size to hold the parameters
+ * size in bits. For RSA the bits returned is the modulus.
+ * For DSA the bits returned are of the public
+ * exponent.
+ *
+ * Returns a member of the enum MHD_GNUTLS_PublicKeyAlgorithm enumeration on success,
+ * or a negative value on error.
*
**/
int
-MHD_gnutls_x509_crt_get_subject_key_id (MHD_gnutls_x509_crt_t cert,
- void *ret,
- size_t * ret_size, unsigned int *critical)
+MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, unsigned int *bits)
{
- int result, len;
- MHD_gnutls_datum_t id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
if (cert == NULL)
{
@@ -700,48 +469,58 @@ MHD_gnutls_x509_crt_get_subject_key_id (MHD_gnutls_x509_crt_t cert,
return GNUTLS_E_INVALID_REQUEST;
}
- if (ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
+ result = MHD__gnutls_x509_get_pk_algorithm (cert->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ bits);
- if ((result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id,
- critical)) < 0)
+ if (result < 0)
{
+ MHD_gnutls_assert ();
return result;
}
- if (id.size == 0 || id.data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
+ return result;
- result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.SubjectKeyIdentifier",
- &c2);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (&id);
- return MHD_gtls_asn2err (result);
- }
+}
+
+inline static int
+is_type_printable (int type)
+{
+ if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME || type
+ == GNUTLS_SAN_URI)
+ return 1;
+ else
+ return 0;
+}
- result = MHD__asn1_der_decoding (&c2, id.data, id.size, NULL);
- MHD__gnutls_free_datum (&id);
+#define XMPP_OID "1.3.6.1.5.5.7.8.5"
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&c2);
- return MHD_gtls_asn2err (result);
- }
+/* returns the type and the name on success.
+ * Type is also returned as a parameter in case of an error.
+ */
+static int
+parse_general_name (ASN1_TYPE src,
+ const char *src_name,
+ int seq,
+ void *name,
+ size_t * name_size,
+ unsigned int *ret_type, int othername_oid)
+{
+ int len;
+ char nptr[MAX_NAME_SIZE];
+ int result;
+ opaque choice_type[128];
+ MHD_gnutls_x509_subject_alt_name_t type;
- len = *ret_size;
- result = MHD__asn1_read_value (c2, "", ret, &len);
+ seq++; /* 0->1, 1->2 etc */
- *ret_size = len;
- MHD__asn1_delete_structure (&c2);
+ if (src_name[0] != 0)
+ snprintf (nptr, sizeof (nptr), "%s.?%u", src_name, seq);
+ else
+ snprintf (nptr, sizeof (nptr), "?%u", seq);
+
+ len = sizeof (choice_type);
+ result = MHD__asn1_read_value (src, nptr, choice_type, &len);
if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
{
@@ -754,191 +533,8 @@ MHD_gnutls_x509_crt_get_subject_key_id (MHD_gnutls_x509_crt_t cert,
return MHD_gtls_asn2err (result);
}
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_crt_get_authority_key_id - This function returns the certificate authority's identifier
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @result: The place where the identifier will be copied
- * @result_size: Holds the size of the result field.
- * @critical: will be non zero if the extension is marked as critical (may be null)
- *
- * This function will return the X.509v3 certificate authority's key identifier.
- * This is obtained by the X.509 Authority Key identifier extension
- * field (2.5.29.35). Note that this function only returns the keyIdentifier
- * field of the extension.
- *
- * Returns 0 on success and a negative value in case of an error.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_authority_key_id (MHD_gnutls_x509_crt_t cert,
- void *ret,
- size_t * ret_size,
- unsigned int *critical)
-{
- int result, len;
- MHD_gnutls_datum_t id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
-
- if ((result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id,
- critical)) < 0)
- {
- return result;
- }
-
- if (id.size == 0 || id.data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier",
- &c2);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (&id);
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_der_decoding (&c2, id.data, id.size, NULL);
- MHD__gnutls_free_datum (&id);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&c2);
- return MHD_gtls_asn2err (result);
- }
-
- len = *ret_size;
- result = MHD__asn1_read_value (c2, "keyIdentifier", ret, &len);
-
- *ret_size = len;
- MHD__asn1_delete_structure (&c2);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @bits: if bits is non null it will hold the size of the parameters' in bits
- *
- * This function will return the public key algorithm of an X.509
- * certificate.
- *
- * If bits is non null, it should have enough size to hold the parameters
- * size in bits. For RSA the bits returned is the modulus.
- * For DSA the bits returned are of the public
- * exponent.
- *
- * Returns a member of the enum MHD_GNUTLS_PublicKeyAlgorithm enumeration on success,
- * or a negative value on error.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, unsigned int *bits)
-{
- int result;
-
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = MHD__gnutls_x509_get_pk_algorithm (cert->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- bits);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return result;
-
-}
-
-inline static int
-is_type_printable (int type)
-{
- if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME || type
- == GNUTLS_SAN_URI)
- return 1;
- else
- return 0;
-}
-
-#define XMPP_OID "1.3.6.1.5.5.7.8.5"
-
-/* returns the type and the name on success.
- * Type is also returned as a parameter in case of an error.
- */
-static int
-parse_general_name (ASN1_TYPE src,
- const char *src_name,
- int seq,
- void *name,
- size_t * name_size,
- unsigned int *ret_type, int othername_oid)
-{
- int len;
- char nptr[MAX_NAME_SIZE];
- int result;
- opaque choice_type[128];
- MHD_gnutls_x509_subject_alt_name_t type;
-
- seq++; /* 0->1, 1->2 etc */
-
- if (src_name[0] != 0)
- snprintf (nptr, sizeof (nptr), "%s.?%u", src_name, seq);
- else
- snprintf (nptr, sizeof (nptr), "?%u", seq);
-
- len = sizeof (choice_type);
- result = MHD__asn1_read_value (src, nptr, choice_type, &len);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- type = MHD__gnutls_x509_san_find_type (choice_type);
- if (type == (MHD_gnutls_x509_subject_alt_name_t) - 1)
+ type = MHD__gnutls_x509_san_find_type (choice_type);
+ if (type == (MHD_gnutls_x509_subject_alt_name_t) - 1)
{
MHD_gnutls_assert ();
return GNUTLS_E_X509_UNKNOWN_SAN;
@@ -1194,70 +790,6 @@ MHD_gnutls_x509_crt_get_subject_alt_name (MHD_gnutls_x509_crt_t cert,
}
/**
- * MHD_gnutls_x509_crt_get_subject_alt_name2 - Get certificate's alternative name, if any
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
- * @ret: is the place where the alternative name will be copied to
- * @ret_size: holds the size of ret.
- * @ret_type: holds the type of the alternative name (one of MHD_gnutls_x509_subject_alt_name_t).
- * @critical: will be non zero if the extension is marked as critical (may be null)
- *
- * This function will return the alternative names, contained in the
- * given certificate. It is the same as MHD_gnutls_x509_crt_get_subject_alt_name()
- * except for the fact that it will return the type of the alternative
- * name in @ret_type even if the function fails for some reason (i.e.
- * the buffer provided is not enough).
- *
- * The return values are the same as with MHD_gnutls_x509_crt_get_subject_alt_name().
- *
- **/
-int
-MHD_gnutls_x509_crt_get_subject_alt_name2 (MHD_gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical)
-{
- return get_subject_alt_name (cert, seq, ret, ret_size, ret_type, critical,
- 0);
-}
-
-/**
- * MHD_gnutls_x509_crt_get_subject_alt_othername_oid - Get SAN otherName OID
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
- * @ret: is the place where the otherName OID will be copied to
- * @ret_size: holds the size of ret.
- *
- * This function will extract the type OID of an otherName Subject
- * Alternative Name, contained in the given certificate, and return
- * the type as an enumerated element.
- *
- * This function is only useful if
- * MHD_gnutls_x509_crt_get_subject_alt_name() returned
- * %GNUTLS_SAN_OTHERNAME.
- *
- * Returns the alternative subject name type on success. The type is
- * one of the enumerated MHD_gnutls_x509_subject_alt_name_t. For
- * supported OIDs, it will return one of the virtual
- * (GNUTLS_SAN_OTHERNAME_*) types, e.g. %GNUTLS_SAN_OTHERNAME_XMPP,
- * and %GNUTLS_SAN_OTHERNAME for unknown OIDs. It will return
- * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough to
- * hold the value. In that case @ret_size will be updated with the
- * required size. If the certificate does not have an Alternative
- * name with the specified sequence number and with the otherName type
- * then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
- **/
-int
-MHD_gnutls_x509_crt_get_subject_alt_othername_oid (MHD_gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret, size_t * ret_size)
-{
- return get_subject_alt_name (cert, seq, ret, ret_size, NULL, NULL, 1);
-}
-
-/**
* MHD_gnutls_x509_crt_get_basic_constraints - This function returns the certificate basic constraints
* @cert: should contain a MHD_gnutls_x509_crt_t structure
* @critical: will be non zero if the extension is marked as critical
@@ -1277,7 +809,7 @@ MHD_gnutls_x509_crt_get_subject_alt_othername_oid (MHD_gnutls_x509_crt_t cert,
* certificate does not contain the basicConstraints extension
* GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
**/
-int
+static int
MHD_gnutls_x509_crt_get_basic_constraints (MHD_gnutls_x509_crt_t cert,
unsigned int *critical,
int *ca, int *pathlen)
@@ -1409,66 +941,6 @@ MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert,
return 0;
}
-/**
- * MHD_gnutls_x509_crt_get_proxy - This function returns the proxy certificate info
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @critical: will be non zero if the extension is marked as critical
- * @pathlen: pointer to output integer indicating path length (may be
- * NULL), non-negative values indicate a present pCPathLenConstraint
- * field and the actual value, -1 indicate that the field is absent.
- *
- * This function will read the certificate's basic constraints, and
- * return the certificates CA status. It reads the basicConstraints
- * X.509 extension (2.5.29.19).
- *
- * Return value: If the certificate is a CA a positive value will be
- * returned, or zero if the certificate does not have CA flag set. A
- * negative value may be returned in case of errors. If the
- * certificate does not contain the basicConstraints extension
- * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
- **/
-int
-MHD_gnutls_x509_crt_get_proxy (MHD_gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *pathlen,
- char **policyLanguage,
- char **policy, size_t * sizeof_policy)
-{
- int result;
- MHD_gnutls_datum_t proxyCertInfo;
-
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result = MHD__gnutls_x509_crt_get_extension (cert, "1.3.6.1.5.5.7.1.14", 0,
- &proxyCertInfo,
- critical)) < 0)
- {
- return result;
- }
-
- if (proxyCertInfo.size == 0 || proxyCertInfo.data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result = MHD__gnutls_x509_ext_extract_proxyCertInfo (pathlen, policyLanguage,
- policy, sizeof_policy,
- proxyCertInfo.data,
- proxyCertInfo.size);
- MHD__gnutls_free_datum (&proxyCertInfo);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
/**
* MHD_gnutls_x509_crt_get_extension_by_oid - This function returns the specified extension
@@ -1488,7 +960,7 @@ MHD_gnutls_x509_crt_get_proxy (MHD_gnutls_x509_crt_t cert,
* GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
*
**/
-int
+static int
MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert,
const char *oid,
int indx,
@@ -1536,194 +1008,33 @@ MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert,
}
-/**
- * MHD_gnutls_x509_crt_get_extension_oid - This function returns the specified extension OID
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @indx: Specifies which extension OID to send. Use zero to get the first one.
- * @oid: a pointer to a structure to hold the OID (may be null)
- * @sizeof_oid: initially holds the size of @oid
- *
- * This function will return the requested extension OID in the certificate.
- * The extension OID will be stored as a string in the provided buffer.
- *
- * A negative value may be returned in case of parsing error.
- * If your have reached the last extension available
- * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
+static int
+MHD__gnutls_x509_crt_get_raw_dn2 (MHD_gnutls_x509_crt_t cert,
+ const char *whom, MHD_gnutls_datum_t * start)
{
- int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len1;
+ int start1, end1;
+ MHD_gnutls_datum_t signed_data = { NULL,
+ 0
+ };
- if (cert == NULL)
+ /* get the issuer of 'cert'
+ */
+ if ((result =
+ MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.TBSCertificate",
+ &c2)) != ASN1_SUCCESS)
{
MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
+ return MHD_gtls_asn2err (result);
}
- result = MHD__gnutls_x509_crt_get_extension_oid (cert, indx, oid, sizeof_oid);
+ result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
+ &signed_data);
if (result < 0)
{
- return result;
- }
-
- return 0;
-
-}
-
-/**
- * MHD_gnutls_x509_crt_get_extension_info - Get extension id and criticality
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @indx: Specifies which extension OID to send. Use zero to get the first one.
- * @oid: a pointer to a structure to hold the OID
- * @sizeof_oid: initially holds the size of @oid
- * @critical: output variable with critical flag, may be NULL.
- *
- * This function will return the requested extension OID in the
- * certificate, and the critical flag for it. The extension OID will
- * be stored as a string in the provided buffer. Use
- * MHD_gnutls_x509_crt_get_extension_data() to extract the data.
- *
- * Return 0 on success. A negative value may be returned in case of
- * parsing error. If you have reached the last extension available
- * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_extension_info (MHD_gnutls_x509_crt_t cert,
- int indx,
- void *oid,
- size_t * sizeof_oid, int *critical)
-{
- int result;
- char str_critical[10];
- char name[MAX_NAME_SIZE];
- int len;
-
- if (!cert)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID",
- indx + 1);
-
- len = *sizeof_oid;
- result = MHD__asn1_read_value (cert->cert, name, oid, &len);
- *sizeof_oid = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.critical",
- indx + 1);
- len = sizeof (str_critical);
- result = MHD__asn1_read_value (cert->cert, name, str_critical, &len);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- if (critical)
- {
- if (str_critical[0] == 'T')
- *critical = 1;
- else
- *critical = 0;
- }
-
- return 0;
-
-}
-
-/**
- * MHD_gnutls_x509_crt_get_extension_data - Get the specified extension data
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @indx: Specifies which extension OID to send. Use zero to get the first one.
- * @data: a pointer to a structure to hold the data (may be null)
- * @sizeof_data: initially holds the size of @oid
- *
- * This function will return the requested extension data in the
- * certificate. The extension data will be stored as a string in the
- * provided buffer.
- *
- * Use MHD_gnutls_x509_crt_get_extension_info() to extract the OID and
- * critical flag. Use MHD_gnutls_x509_crt_get_extension_by_oid() instead,
- * if you want to get data indexed by the extension OID rather than
- * sequence.
- *
- * Return 0 on success. A negative value may be returned in case of
- * parsing error. If you have reached the last extension available
- * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
- **/
-int
-MHD_gnutls_x509_crt_get_extension_data (MHD_gnutls_x509_crt_t cert,
- int indx,
- void *data, size_t * sizeof_data)
-{
- int result, len;
- char name[MAX_NAME_SIZE];
-
- if (!cert)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnValue",
- indx + 1);
-
- len = *sizeof_data;
- result = MHD__asn1_read_value (cert->cert, name, data, &len);
- *sizeof_data = len;
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- else if (result < 0)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- return 0;
-}
-
-static int
-MHD__gnutls_x509_crt_get_raw_dn2 (MHD_gnutls_x509_crt_t cert,
- const char *whom, MHD_gnutls_datum_t * start)
-{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len1;
- int start1, end1;
- MHD_gnutls_datum_t signed_data = { NULL,
- 0
- };
-
- /* get the issuer of 'cert'
- */
- if ((result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.TBSCertificate",
- &c2)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
- &signed_data);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
+ MHD_gnutls_assert ();
+ goto cleanup;
}
result = MHD__asn1_der_decoding (&c2, signed_data.data, signed_data.size, NULL);
@@ -1817,171 +1128,6 @@ MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert, MHD_gnutls_x509_dn_
}
/**
- * MHD_gnutls_x509_crt_get_issuer: get opaque issuer DN pointer
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @dn: output variable with pointer to opaque DN
- *
- * Return the Certificate's Issuer DN as an opaque data type. You may
- * use MHD_gnutls_x509_dn_get_rdn_ava() to decode the DN.
- *
- * Note that @dn points into the @cert object, and thus you may not
- * deallocate @cert and continue to access @dn.
- *
- * Returns: Returns 0 on success, or an error code.
- **/
-int
-MHD_gnutls_x509_crt_get_issuer (MHD_gnutls_x509_crt_t cert, MHD_gnutls_x509_dn_t * dn)
-{
- return get_dn (cert, "tbsCertificate.issuer.rdnSequence", dn);
-}
-
-/**
- * MHD_gnutls_x509_dn_get_rdn_ava:
- * @dn: input variable with opaque DN pointer
- * @irdn: index of RDN
- * @iava: index of AVA.
- * @ava: Pointer to structure which will hold output information.
- *
- * Get pointers to data within the DN.
- *
- * Note that @ava will contain pointers into the @dn structure, so you
- * should not modify any data or deallocate it. Note also that the DN
- * in turn points into the original certificate structure, and thus
- * you may not deallocate the certificate and continue to access @dn.
- *
- * Returns: Returns 0 on success, or an error code.
- **/
-int
-MHD_gnutls_x509_dn_get_rdn_ava (MHD_gnutls_x509_dn_t dn,
- int irdn, int iava, MHD_gnutls_x509_ava_st * ava)
-{
- ASN1_TYPE rdn, elem;
- long len;
- int lenlen, remlen, ret;
- char rbuf[MAX_NAME_SIZE];
- unsigned char cls, *ptr;
-
- iava++;
- irdn++; /* 0->1, 1->2 etc */
-
- snprintf (rbuf, sizeof (rbuf), "rdnSequence.?%d.?%d", irdn, iava);
- rdn = MHD__asn1_find_node (dn, rbuf);
- if (!rdn)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- snprintf (rbuf, sizeof (rbuf), "?%d.type", iava);
- elem = MHD__asn1_find_node (rdn, rbuf);
- if (!elem)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- ava->oid.data = elem->value;
- ava->oid.size = elem->value_len;
-
- snprintf (rbuf, sizeof (rbuf), "?%d.value", iava);
- elem = MHD__asn1_find_node (rdn, rbuf);
- if (!elem)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
- }
-
- /* The value still has the previous tag's length bytes, plus the
- * current value's tag and length bytes. Decode them.
- */
-
- ptr = elem->value;
- remlen = elem->value_len;
- len = MHD__asn1_get_length_der (ptr, remlen, &lenlen);
- if (len < 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_ASN1_DER_ERROR;
- }
-
- ptr += lenlen;
- remlen -= lenlen;
- ret = MHD__asn1_get_tag_der (ptr, remlen, &cls, &lenlen, &ava->value_tag);
- if (ret)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (ret);
- }
-
- ptr += lenlen;
- remlen -= lenlen;
-
- ava->value.size = MHD__asn1_get_length_der (ptr, remlen, &lenlen);
- ava->value.data = ptr + lenlen;
-
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_crt_get_fingerprint - This function returns the Certificate's fingerprint
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @algo: is a digest algorithm
- * @buf: a pointer to a structure to hold the fingerprint (may be null)
- * @sizeof_buf: initially holds the size of @buf
- *
- * This function will calculate and copy the certificate's fingerprint
- * in the provided buffer.
- *
- * If the buffer is null then only the size will be filled.
- *
- * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
- * not long enough, and in that case the *sizeof_buf will be updated
- * with the required size. On success 0 is returned.
- **/
-int
-MHD_gnutls_x509_crt_get_fingerprint (MHD_gnutls_x509_crt_t cert,
- enum MHD_GNUTLS_HashAlgorithm algo,
- void *buf, size_t * sizeof_buf)
-{
- opaque *cert_buf;
- int cert_buf_size;
- int result;
- MHD_gnutls_datum_t tmp;
-
- if (sizeof_buf == 0 || cert == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- cert_buf_size = 0;
- MHD__asn1_der_coding (cert->cert, "", NULL, &cert_buf_size, NULL);
-
- cert_buf = MHD_gnutls_alloca (cert_buf_size);
- if (cert_buf == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = MHD__asn1_der_coding (cert->cert, "", cert_buf, &cert_buf_size, NULL);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_afree (cert_buf);
- return MHD_gtls_asn2err (result);
- }
-
- tmp.data = cert_buf;
- tmp.size = cert_buf_size;
-
- result = MHD__gnutls_fingerprint (algo, &tmp, buf, sizeof_buf);
- MHD_gnutls_afree (cert_buf);
-
- return result;
-}
-
-/**
* MHD_gnutls_x509_crt_export - This function will export the certificate
* @cert: Holds the certificate
* @format: the format of output params. One of PEM or DER.
@@ -2016,200 +1162,48 @@ MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert,
output_data, output_data_size);
}
-static int
-rsadsa_get_key_id (MHD_gnutls_x509_crt_t crt,
- int pk,
- unsigned char *output_data, size_t * output_data_size)
-{
- mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
- int params_size = MAX_PUBLIC_PARAMS_SIZE;
- int i, result = 0;
- MHD_gnutls_datum_t der = { NULL,
- 0
- };
- GNUTLS_HASH_HANDLE hd;
-
- result = MHD__gnutls_x509_crt_get_mpis (crt, params, ¶ms_size);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- if (pk == MHD_GNUTLS_PK_RSA)
- {
- result = MHD__gnutls_x509_write_rsa_params (params, params_size, &der);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
- }
- else
- return GNUTLS_E_INTERNAL_ERROR;
-
- hd = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
- if (hd == GNUTLS_HASH_FAILED)
- {
- MHD_gnutls_assert ();
- result = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- MHD_gnutls_hash (hd, der.data, der.size);
-
- MHD_gnutls_hash_deinit (hd, output_data);
- *output_data_size = 20;
-
- result = 0;
-
-cleanup:
-
- MHD__gnutls_free_datum (&der);
-
- /* release all allocated MPIs
- */
- for (i = 0; i < params_size; i++)
- {
- MHD_gtls_mpi_release (¶ms[i]);
- }
- return result;
-}
+#ifdef ENABLE_PKI
/**
- * MHD_gnutls_x509_crt_get_key_id - Return unique ID of public key's parameters
- * @crt: Holds the certificate
- * @flags: should be 0 for now
- * @output_data: will contain the key ID
- * @output_data_size: holds the size of output_data (and will be
- * replaced by the actual size of parameters)
- *
- * This function will return a unique ID the depends on the public
- * key parameters. This ID can be used in checking whether a
- * certificate corresponds to the given private key.
+ * MHD_gnutls_x509_crt_check_revocation - This function checks if the given certificate is revoked
+ * @cert: should contain a MHD_gnutls_x509_crt_t structure
+ * @crl_list: should contain a list of MHD_gnutls_x509_crl_t structures
+ * @crl_list_length: the length of the crl_list
*
- * If the buffer provided is not long enough to hold the output, then
- * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
- * be returned. The output will normally be a SHA-1 hash output,
- * which is 20 bytes.
+ * This function will return check if the given certificate is
+ * revoked. It is assumed that the CRLs have been verified before.
*
- * Return value: In case of failure a negative value will be
- * returned, and 0 on success.
+ * Returns: 0 if the certificate is NOT revoked, and 1 if it is. A
+ * negative value is returned on error.
**/
int
-MHD_gnutls_x509_crt_get_key_id (MHD_gnutls_x509_crt_t crt,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+MHD_gnutls_x509_crt_check_revocation (MHD_gnutls_x509_crt_t cert,
+ const MHD_gnutls_x509_crl_t * crl_list,
+ int crl_list_length)
{
- int pk, result = 0;
- MHD_gnutls_datum_t pubkey;
+ opaque serial[64];
+ opaque cert_serial[64];
+ size_t serial_size, cert_serial_size;
+ int ncerts, ret, i, j;
+ MHD_gnutls_datum_t dn1, dn2;
- if (crt == NULL)
+ if (cert == NULL)
{
MHD_gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
- if (*output_data_size < 20)
- {
- MHD_gnutls_assert ();
- *output_data_size = 20;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- pk = MHD_gnutls_x509_crt_get_pk_algorithm (crt, NULL);
- if (pk < 0)
- {
- MHD_gnutls_assert ();
- return pk;
- }
+ for (j = 0; j < crl_list_length; j++)
+ { /* do for all the crls */
- if (pk == MHD_GNUTLS_PK_RSA)
- {
- /* This is for compatibility with what GnuTLS has printed for
- RSA/DSA before the code below was added. The code below is
- applicable to all types, and it would probably be a better
- idea to use it for RSA/DSA too, but doing so would break
- backwards compatibility. */
- return rsadsa_get_key_id (crt, pk, output_data, output_data_size);
- }
-
- pubkey.size = 0;
- result = MHD__asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- NULL, &pubkey.size, NULL);
- if (result != ASN1_MEM_ERROR)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- pubkey.data = MHD_gnutls_alloca (pubkey.size);
- if (pubkey.data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = MHD__asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- pubkey.data, &pubkey.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_afree (pubkey.data);
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data,
- output_data_size);
-
- MHD_gnutls_afree (pubkey.data);
-
- return result;
-}
-
-#ifdef ENABLE_PKI
-
-/**
- * MHD_gnutls_x509_crt_check_revocation - This function checks if the given certificate is revoked
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @crl_list: should contain a list of MHD_gnutls_x509_crl_t structures
- * @crl_list_length: the length of the crl_list
- *
- * This function will return check if the given certificate is
- * revoked. It is assumed that the CRLs have been verified before.
- *
- * Returns: 0 if the certificate is NOT revoked, and 1 if it is. A
- * negative value is returned on error.
- **/
-int
-MHD_gnutls_x509_crt_check_revocation (MHD_gnutls_x509_crt_t cert,
- const MHD_gnutls_x509_crl_t * crl_list,
- int crl_list_length)
-{
- opaque serial[64];
- opaque cert_serial[64];
- size_t serial_size, cert_serial_size;
- int ncerts, ret, i, j;
- MHD_gnutls_datum_t dn1, dn2;
-
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- for (j = 0; j < crl_list_length; j++)
- { /* do for all the crls */
-
- /* Step 1. check if issuer's DN match
- */
- ret = MHD__gnutls_x509_crl_get_raw_issuer_dn (crl_list[j], &dn1);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
+ /* Step 1. check if issuer's DN match
+ */
+ ret = MHD__gnutls_x509_crl_get_raw_issuer_dn (crl_list[j], &dn1);
+ if (ret < 0)
+ {
+ MHD_gnutls_assert ();
+ return ret;
+ }
ret = MHD_gnutls_x509_crt_get_raw_issuer_dn (cert, &dn2);
if (ret < 0)
@@ -2276,571 +1270,5 @@ MHD_gnutls_x509_crt_check_revocation (MHD_gnutls_x509_crt_t cert,
return 0; /* not revoked. */
}
-/**
- * MHD_gnutls_x509_crt_verify_data - This function will verify the given signed data.
- * @crt: Holds the certificate
- * @flags: should be 0 for now
- * @data: holds the data to be signed
- * @signature: contains the signature
- *
- * This function will verify the given signed data, using the
- * parameters from the certificate.
- *
- * Returns: In case of a verification failure 0 is returned, and 1 on
- * success.
- **/
-int
-MHD_gnutls_x509_crt_verify_data (MHD_gnutls_x509_crt_t crt,
- unsigned int flags,
- const MHD_gnutls_datum_t * data,
- const MHD_gnutls_datum_t * signature)
-{
- int result;
-
- if (crt == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = MHD__gnutls_x509_verify_signature (data, signature, crt);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return 0;
- }
-
- return result;
-}
-
-/**
- * MHD_gnutls_x509_crt_get_crl_dist_points - This function returns the CRL distribution points
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @seq: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.)
- * @ret: is the place where the distribution point will be copied to
- * @ret_size: holds the size of ret.
- * @reason_flags: Revocation reasons flags.
- * @critical: will be non zero if the extension is marked as critical (may be null)
- *
- * This function will return the CRL distribution points (2.5.29.31),
- * contained in the given certificate.
- *
- * @reason_flags should be an ORed sequence of
- * GNUTLS_CRL_REASON_UNUSED, GNUTLS_CRL_REASON_KEY_COMPROMISE,
- * GNUTLS_CRL_REASON_CA_COMPROMISE,
- * GNUTLS_CRL_REASON_AFFILIATION_CHANGED,
- * GNUTLS_CRL_REASON_SUPERSEEDED,
- * GNUTLS_CRL_REASON_CESSATION_OF_OPERATION,
- * GNUTLS_CRL_REASON_CERTIFICATE_HOLD,
- * GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN,
- * GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons.
- *
- * This is specified in X509v3 Certificate Extensions. GNUTLS will
- * return the distribution point type, or a negative error code on
- * error.
- *
- * Returns %GNUTLS_E_SHORT_MEMORY_BUFFER and updates &@ret_size if
- * &@ret_size is not enough to hold the distribution point, or the
- * type of the distribution point if everything was ok. The type is
- * one of the enumerated %MHD_gnutls_x509_subject_alt_name_t. If the
- * certificate does not have an Alternative name with the specified
- * sequence number then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is
- * returned.
- **/
-int
-MHD_gnutls_x509_crt_get_crl_dist_points (MHD_gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret,
- size_t * ret_size,
- unsigned int *reason_flags,
- unsigned int *critical)
-{
- int result;
- MHD_gnutls_datum_t dist_points = { NULL,
- 0
- };
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- char name[MAX_NAME_SIZE];
- int len;
- MHD_gnutls_x509_subject_alt_name_t type;
- uint8_t reasons[2];
-
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (*ret_size > 0 && ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
-
- if (reason_flags)
- *reason_flags = 0;
-
- result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points,
- critical);
- if (result < 0)
- {
- return result;
- }
-
- if (dist_points.size == 0 || dist_points.data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.CRLDistributionPoints",
- &c2);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (&dist_points);
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_der_decoding (&c2, dist_points.data, dist_points.size, NULL);
- MHD__gnutls_free_datum (&dist_points);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&c2);
- return MHD_gtls_asn2err (result);
- }
-
- /* Return the different names from the first CRLDistr. point.
- * The whole thing is a mess.
- */
- MHD_gtls_str_cpy (name, sizeof (name), "?1.distributionPoint.fullName");
-
- result = parse_general_name (c2, name, seq, ret, ret_size, NULL, 0);
- if (result < 0)
- {
- MHD__asn1_delete_structure (&c2);
- return result;
- }
-
- type = result;
-
- /* Read the CRL reasons.
- */
- if (reason_flags)
- {
- MHD_gtls_str_cpy (name, sizeof (name), "?1.reasons");
-
- reasons[0] = reasons[1] = 0;
-
- len = sizeof (reasons);
- result = MHD__asn1_read_value (c2, name, reasons, &len);
-
- if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&c2);
- return MHD_gtls_asn2err (result);
- }
-
- *reason_flags = reasons[0] | (reasons[1] << 8);
- }
-
- return type;
-}
-
-/**
- * MHD_gnutls_x509_crt_get_key_purpose_oid - This function returns the Certificate's key purpose OIDs
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @indx: This specifies which OID to return. Use zero to get the first one.
- * @oid: a pointer to a buffer to hold the OID (may be null)
- * @sizeof_oid: initially holds the size of @oid
- *
- * This function will extract the key purpose OIDs of the Certificate
- * specified by the given index. These are stored in the Extended Key
- * Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for
- * human readable names.
- *
- * If @oid is null then only the size will be filled.
- *
- * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
- * not long enough, and in that case the *sizeof_oid will be updated
- * with the required size. On success 0 is returned.
- **/
-int
-MHD_gnutls_x509_crt_get_key_purpose_oid (MHD_gnutls_x509_crt_t cert,
- int indx,
- void *oid,
- size_t * sizeof_oid,
- unsigned int *critical)
-{
- char tmpstr[MAX_NAME_SIZE];
- int result, len;
- MHD_gnutls_datum_t id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
-
- if (cert == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (oid)
- memset (oid, 0, *sizeof_oid);
- else
- *sizeof_oid = 0;
-
- if ((result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id,
- critical)) < 0)
- {
- return result;
- }
-
- if (id.size == 0 || id.data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (&id);
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_der_decoding (&c2, id.data, id.size, NULL);
- MHD__gnutls_free_datum (&id);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&c2);
- return MHD_gtls_asn2err (result);
- }
-
- indx++;
- /* create a string like "?1"
- */
- snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
-
- len = *sizeof_oid;
- result = MHD__asn1_read_value (c2, tmpstr, oid, &len);
-
- *sizeof_oid = len;
- MHD__asn1_delete_structure (&c2);
-
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- {
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- }
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- return 0;
-
-}
-
-/**
- * MHD_gnutls_x509_crt_get_pk_rsa_raw - This function will export the RSA public key
- * @crt: Holds the certificate
- * @m: will hold the modulus
- * @e: will hold the public exponent
- *
- * This function will export the RSA public key's parameters found in
- * the given structure. The new parameters will be allocated using
- * MHD_gnutls_malloc() and will be stored in the appropriate datum.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
- **/
-int
-MHD_gnutls_x509_crt_get_pk_rsa_raw (MHD_gnutls_x509_crt_t crt,
- MHD_gnutls_datum_t * m, MHD_gnutls_datum_t * e)
-{
- int ret;
- mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
- int params_size = MAX_PUBLIC_PARAMS_SIZE;
- int i;
-
- if (crt == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = MHD_gnutls_x509_crt_get_pk_algorithm (crt, NULL);
- if (ret != MHD_GNUTLS_PK_RSA)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = MHD__gnutls_x509_crt_get_mpis (crt, params, ¶ms_size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- ret = MHD_gtls_mpi_dprint (m, params[0]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- ret = MHD_gtls_mpi_dprint (e, params[1]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (m);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:for (i = 0; i < params_size; i++)
- {
- MHD_gtls_mpi_release (¶ms[i]);
- }
- return ret;
-}
-
-/**
- * MHD_gnutls_x509_crt_get_pk_dsa_raw - This function will export the DSA public key
- * @crt: Holds the certificate
- * @p: will hold the p
- * @q: will hold the q
- * @g: will hold the g
- * @y: will hold the y
- *
- * This function will export the DSA public key's parameters found in
- * the given certificate. The new parameters will be allocated using
- * MHD_gnutls_malloc() and will be stored in the appropriate datum.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
- **/
-int
-MHD_gnutls_x509_crt_get_pk_dsa_raw (MHD_gnutls_x509_crt_t crt,
- MHD_gnutls_datum_t * p,
- MHD_gnutls_datum_t * q,
- MHD_gnutls_datum_t * g, MHD_gnutls_datum_t * y)
-{
- int ret;
- mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
- int params_size = MAX_PUBLIC_PARAMS_SIZE;
- int i;
-
- if (crt == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = MHD_gnutls_x509_crt_get_pk_algorithm (crt, NULL);
-
- ret = MHD__gnutls_x509_crt_get_mpis (crt, params, ¶ms_size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- /* P */
- ret = MHD_gtls_mpi_dprint (p, params[0]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- /* Q */
- ret = MHD_gtls_mpi_dprint (q, params[1]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (p);
- goto cleanup;
- }
-
- /* G */
- ret = MHD_gtls_mpi_dprint (g, params[2]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (p);
- MHD__gnutls_free_datum (q);
- goto cleanup;
- }
-
- /* Y */
- ret = MHD_gtls_mpi_dprint (y, params[3]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_free_datum (p);
- MHD__gnutls_free_datum (g);
- MHD__gnutls_free_datum (q);
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:for (i = 0; i < params_size; i++)
- {
- MHD_gtls_mpi_release (¶ms[i]);
- }
- return ret;
-
-}
-
#endif
-/**
- * MHD_gnutls_x509_crt_list_import - This function will import a PEM encoded certificate list
- * @certs: The structures to store the parsed certificate. Must not be initialized.
- * @cert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
- * @data: The PEM encoded certificate.
- * @format: One of DER or PEM.
- * @flags: must be zero or an OR'd sequence of MHD_gnutls_certificate_import_flags.
- *
- * This function will convert the given PEM encoded certificate list
- * to the native MHD_gnutls_x509_crt_t format. The output will be stored
- * in @certs. They will be automatically initialized.
- *
- * If the Certificate is PEM encoded it should have a header of "X509
- * CERTIFICATE", or "CERTIFICATE".
- *
- * Returns: the number of certificates read or a negative error value.
- **/
-int
-MHD_gnutls_x509_crt_list_import (MHD_gnutls_x509_crt_t * certs,
- unsigned int *cert_max,
- const MHD_gnutls_datum_t * data,
- MHD_gnutls_x509_crt_fmt_t format, unsigned int flags)
-{
- int size;
- const char *ptr;
- MHD_gnutls_datum_t tmp;
- int ret, nocopy = 0;
- unsigned int count = 0, j;
-
- if (format == GNUTLS_X509_FMT_DER)
- {
- if (*cert_max < 1)
- {
- *cert_max = 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- count = 1; /* import only the first one */
-
- ret = MHD_gnutls_x509_crt_init (&certs[0]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
-
- ret = MHD_gnutls_x509_crt_import (certs[0], data, format);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
-
- *cert_max = 1;
- return 1;
- }
-
- /* move to the certificate
- */
- ptr = MHD_memmem (data->data, data->size,
- PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr == NULL)
- ptr = MHD_memmem (data->data, data->size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
-
- if (ptr == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
- size = data->size - (ptr - (char *) data->data);
-
- count = 0;
-
- do
- {
- if (count >= *cert_max)
- {
- if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
- break;
- else
- nocopy = 1;
- }
-
- if (!nocopy)
- {
- ret = MHD_gnutls_x509_crt_init (&certs[count]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
-
- tmp.data = (void *) ptr;
- tmp.size = size;
-
- ret =
- MHD_gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto error;
- }
- }
-
- /* now we move ptr after the pem header
- */
- ptr++;
- /* find the next certificate (if any)
- */
- size = data->size - (ptr - (char *) data->data);
-
- if (size > 0)
- {
- char *ptr2;
-
- ptr2 = MHD_memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr2 == NULL)
- ptr2 =
- MHD_memmem (ptr, size, PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
-
- ptr = ptr2;
- }
- else
- ptr = NULL;
-
- count++;
- }
- while (ptr != NULL);
-
- *cert_max = count;
-
- if (nocopy == 0)
- return count;
- else
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
-error:for (j = 0; j < count; j++)
- MHD_gnutls_x509_crt_deinit (certs[j]);
- return ret;
-}
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h
@@ -92,33 +92,9 @@ extern "C"
int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert,
const MHD_gnutls_datum_t * data,
MHD_gnutls_x509_crt_fmt_t format);
- int MHD_gnutls_x509_crt_list_import (MHD_gnutls_x509_crt_t * certs,
- unsigned int *cert_max,
- const MHD_gnutls_datum_t * data,
- MHD_gnutls_x509_crt_fmt_t format,
- unsigned int flags);
int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert,
MHD_gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
- int MHD_gnutls_x509_crt_get_issuer_dn (MHD_gnutls_x509_crt_t cert,
- char *buf, size_t * sizeof_buf);
- int MHD_gnutls_x509_crt_get_issuer_dn_oid (MHD_gnutls_x509_crt_t cert,
- int indx,
- void *oid, size_t * sizeof_oid);
- int MHD_gnutls_x509_crt_get_issuer_dn_by_oid (MHD_gnutls_x509_crt_t cert,
- const char *oid,
- int indx,
- unsigned int raw_flag,
- void *buf, size_t * sizeof_buf);
- int MHD_gnutls_x509_crt_get_dn (MHD_gnutls_x509_crt_t cert,
- char *buf, size_t * sizeof_buf);
- int MHD_gnutls_x509_crt_get_dn_oid (MHD_gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid);
- int MHD_gnutls_x509_crt_get_dn_by_oid (MHD_gnutls_x509_crt_t cert,
- const char *oid,
- int indx,
- unsigned int raw_flag,
- void *buf, size_t * sizeof_buf);
int MHD_gnutls_x509_crt_check_hostname (MHD_gnutls_x509_crt_t cert,
const char *hostname);
@@ -126,22 +102,6 @@ extern "C"
int MHD_gnutls_x509_crt_get_signature (MHD_gnutls_x509_crt_t cert,
char *sig, size_t * sizeof_sig);
int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert);
- int MHD_gnutls_x509_crt_get_key_id (MHD_gnutls_x509_crt_t crt,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size);
-
- int MHD_gnutls_x509_crt_set_authority_key_id (MHD_gnutls_x509_crt_t cert,
- const void *id, size_t id_size);
- int MHD_gnutls_x509_crt_get_authority_key_id (MHD_gnutls_x509_crt_t cert,
- void *ret,
- size_t * ret_size,
- unsigned int *critical);
-
- int MHD_gnutls_x509_crt_get_subject_key_id (MHD_gnutls_x509_crt_t cert,
- void *ret,
- size_t * ret_size,
- unsigned int *critical);
#define GNUTLS_CRL_REASON_UNUSED 128
#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
@@ -153,20 +113,6 @@ extern "C"
#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
- int MHD_gnutls_x509_crt_get_crl_dist_points (MHD_gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret,
- size_t * ret_size,
- unsigned int *reason_flags,
- unsigned int *critical);
- int MHD_gnutls_x509_crt_set_crl_dist_points (MHD_gnutls_x509_crt_t crt,
- MHD_gnutls_x509_subject_alt_name_t
- type,
- const void *data_string,
- unsigned int reason_flags);
- int MHD_gnutls_x509_crt_cpy_crl_dist_points (MHD_gnutls_x509_crt_t dst,
- MHD_gnutls_x509_crt_t src);
-
time_t MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert);
time_t MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert);
int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert,
@@ -174,36 +120,13 @@ extern "C"
int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert,
unsigned int *bits);
- int MHD_gnutls_x509_crt_get_pk_rsa_raw (MHD_gnutls_x509_crt_t crt,
- MHD_gnutls_datum_t * m, MHD_gnutls_datum_t * e);
- int MHD_gnutls_x509_crt_get_pk_dsa_raw (MHD_gnutls_x509_crt_t crt,
- MHD_gnutls_datum_t * p,
- MHD_gnutls_datum_t * q,
- MHD_gnutls_datum_t * g, MHD_gnutls_datum_t * y);
-
int MHD_gnutls_x509_crt_get_subject_alt_name (MHD_gnutls_x509_crt_t cert,
unsigned int seq,
void *ret,
size_t * ret_size,
unsigned int *critical);
- int MHD_gnutls_x509_crt_get_subject_alt_name2 (MHD_gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
- unsigned int *critical);
-
- int MHD_gnutls_x509_crt_get_subject_alt_othername_oid (MHD_gnutls_x509_crt_t cert,
- unsigned int seq,
- void *ret,
- size_t * ret_size);
-
int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert,
unsigned int *critical);
- int MHD_gnutls_x509_crt_get_basic_constraints (MHD_gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *ca, int *pathlen);
-
/* The key_usage flags are defined in gnutls.h. They are the
* GNUTLS_KEY_* definitions.
*/
@@ -213,34 +136,9 @@ extern "C"
int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt,
unsigned int usage);
- int MHD_gnutls_x509_crt_get_proxy (MHD_gnutls_x509_crt_t cert,
- unsigned int *critical,
- int *pathlen,
- char **policyLanguage,
- char **policy, size_t * sizeof_policy);
-
int MHD_gnutls_x509_dn_oid_known (const char *oid);
-/* Read extensions by OID. */
- int MHD_gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert,
- int indx,
- void *oid, size_t * sizeof_oid);
- int MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert,
- const char *oid,
- int indx,
- void *buf,
- size_t * sizeof_buf,
- unsigned int *critical);
-
/* Read extensions by sequence number. */
- int MHD_gnutls_x509_crt_get_extension_info (MHD_gnutls_x509_crt_t cert,
- int indx,
- void *oid,
- size_t * sizeof_oid, int *critical);
- int MHD_gnutls_x509_crt_get_extension_data (MHD_gnutls_x509_crt_t cert,
- int indx,
- void *data, size_t * sizeof_data);
-
int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt,
const char *oid,
const void *buf,
@@ -344,12 +242,6 @@ extern "C"
int MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert,
MHD_gnutls_x509_dn_t * dn);
- int MHD_gnutls_x509_crt_get_issuer (MHD_gnutls_x509_crt_t cert,
- MHD_gnutls_x509_dn_t * dn);
- int MHD_gnutls_x509_dn_get_rdn_ava (MHD_gnutls_x509_dn_t dn,
- int irdn,
- int iava, MHD_gnutls_x509_ava_st * avast);
-
/* CRL handling functions.
*/
int MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl);
@@ -362,8 +254,6 @@ extern "C"
MHD_gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
- int MHD_gnutls_x509_crl_get_issuer_dn (const MHD_gnutls_x509_crl_t crl,
- char *buf, size_t * sizeof_buf);
int MHD_gnutls_x509_crl_get_issuer_dn_by_oid (MHD_gnutls_x509_crl_t crl,
const char *oid,
int indx,
@@ -508,21 +398,6 @@ extern "C"
const MHD_gnutls_x509_crl_t *
crl_list, int crl_list_length);
- int MHD_gnutls_x509_crt_get_fingerprint (MHD_gnutls_x509_crt_t cert,
- enum MHD_GNUTLS_HashAlgorithm algo,
- void *buf, size_t * sizeof_buf);
-
- int MHD_gnutls_x509_crt_get_key_purpose_oid (MHD_gnutls_x509_crt_t cert,
- int indx,
- void *oid,
- size_t * sizeof_oid,
- unsigned int *critical);
- int MHD_gnutls_x509_crt_set_key_purpose_oid (MHD_gnutls_x509_crt_t cert,
- const void *oid,
- unsigned int critical);
-
-/* Private key handling.
- */
/* Flags for the MHD_gnutls_x509_privkey_export_pkcs8() function.
*/
@@ -601,10 +476,6 @@ extern "C"
unsigned int flags,
const MHD_gnutls_datum_t * data,
const MHD_gnutls_datum_t * signature);
- int MHD_gnutls_x509_crt_verify_data (MHD_gnutls_x509_crt_t crt,
- unsigned int flags,
- const MHD_gnutls_datum_t * data,
- const MHD_gnutls_datum_t * signature);
/* Certificate request stuff.
*/
@@ -753,8 +624,6 @@ int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert,
int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert,
unsigned int *bits);
-int MHD__gnutls_x509_crt_cpy (MHD_gnutls_x509_crt_t dest, MHD_gnutls_x509_crt_t src);
-
int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert,
void *result, size_t * result_size);
