search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix indent bug.
[gnutls.git] / src / common.c
blob64aeb0196007aac6afa148927a406ba253e00fea
1 /*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
3 * 2009, 2010 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * GNUTLS is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * GNUTLS is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include <config.h>
23
24 /* Work around problem reported in
25 <http://permalink.gmane.org/gmane.comp.lib.gnulib.bugs/15755>.*/
26 #if GETTIMEOFDAY_CLOBBERS_LOCALTIME
27 #undef localtime
28 #endif
29
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <gnutls/gnutls.h>
34 #include <gnutls/extra.h>
35 #include <gnutls/x509.h>
36 #include <gnutls/openpgp.h>
37 #include <time.h>
38 #include <common.h>
39
40 #define SU(x) (x!=NULL?x:"Unknown")
41
42 int print_cert;
43 extern int verbose;
44
45 static char buffer[5 * 1024];
46
47 const char str_unknown[] = "(unknown)";
48
49 /* Hex encodes the given data.
50 */
51 const char *
52 raw_to_string (const unsigned char *raw, size_t raw_size)
53 {
54 static char buf[1024];
55 size_t i;
56 if (raw_size == 0)
57 return NULL;
58
59 if (raw_size * 3 + 1 >= sizeof (buf))
60 return NULL;
61
62 for (i = 0; i < raw_size; i++)
63 {
64 sprintf (&(buf[i * 3]), "%02X%s", raw[i],
65 (i == raw_size - 1) ? "" : ":");
66 }
67 buf[sizeof (buf) - 1] = '\0';
68
69 return buf;
70 }
71
72 static void
73 print_x509_info (gnutls_session_t session, const char *hostname, int insecure)
74 {
75 gnutls_x509_crt_t crt;
76 const gnutls_datum_t *cert_list;
77 unsigned int cert_list_size = 0, j;
78 int hostname_ok = 0;
79 int ret;
80
81 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
82 if (cert_list_size == 0)
83 {
84 fprintf (stderr, "No certificates found!\n");
85 return;
86 }
87
88 printf (" - Got a certificate list of %d certificates.\n", cert_list_size);
89
90 for (j = 0; j < cert_list_size; j++)
91 {
92 gnutls_datum_t cinfo;
93
94 gnutls_x509_crt_init (&crt);
95 ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
96 if (ret < 0)
97 {
98 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
99 return;
100 }
101
102 printf (" - Certificate[%d] info:\n - ", j);
103
104 if (verbose)
105 ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
106 else
107 ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
108 if (ret == 0)
109 {
110 printf ("%s\n", cinfo.data);
111 gnutls_free (cinfo.data);
112 }
113
114 if (print_cert)
115 {
116 size_t size;
117
118 size = sizeof (buffer);
119
120 ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
121 buffer, &size);
122 if (ret < 0)
123 {
124 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
125 return;
126 }
127
128 fputs ("\n", stdout);
129 fputs (buffer, stdout);
130 fputs ("\n", stdout);
131 }
132
133 if (j == 0 && hostname != NULL)
134 {
135 /* Check the hostname of the first certificate if it matches
136 * the name of the host we connected to.
137 */
138 if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
139 hostname_ok = 1;
140 else
141 hostname_ok = 2;
142 }
143
144 gnutls_x509_crt_deinit (crt);
145 }
146
147 if (hostname_ok == 1)
148 {
149 printf ("- The hostname in the certificate does NOT match '%s'\n",
150 hostname);
151 if (!insecure)
152 exit (1);
153 }
154 else if (hostname_ok == 2)
155 {
156 printf ("- The hostname in the certificate matches '%s'.\n", hostname);
157 }
158 }
159
160 #ifdef ENABLE_OPENPGP
161
162 static void
163 print_openpgp_info (gnutls_session_t session, const char *hostname,
164 int insecure)
165 {
166
167 gnutls_openpgp_crt_t crt;
168 const gnutls_datum_t *cert_list;
169 int cert_list_size = 0;
170 int hostname_ok = 0;
171 int ret;
172
173 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
174
175 if (cert_list_size > 0)
176 {
177 gnutls_datum_t cinfo;
178
179 gnutls_openpgp_crt_init (&crt);
180 ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
181 GNUTLS_OPENPGP_FMT_RAW);
182 if (ret < 0)
183 {
184 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
185 return;
186 }
187
188 if (verbose)
189 ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
190 else
191 ret =
192 gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
193 if (ret == 0)
194 {
195 printf (" - %s\n", cinfo.data);
196 gnutls_free (cinfo.data);
197 }
198
199 if (print_cert)
200 {
201 size_t size;
202
203 size = sizeof (buffer);
204
205 ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
206 buffer, &size);
207 if (ret < 0)
208 {
209 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
210 return;
211 }
212 fputs (buffer, stdout);
213 fputs ("\n", stdout);
214 }
215
216 if (hostname != NULL)
217 {
218 /* Check the hostname of the first certificate if it matches
219 * the name of the host we connected to.
220 */
221 if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
222 hostname_ok = 1;
223 else
224 hostname_ok = 2;
225 }
226
227 gnutls_openpgp_crt_deinit (crt);
228 }
229
230 if (hostname_ok == 1)
231 {
232 printf ("- The hostname in the certificate does NOT match '%s'\n",
233 hostname);
234 if (!insecure)
235 exit (1);
236 }
237 else if (hostname_ok == 2)
238 {
239 printf ("- The hostname in the certificate matches '%s'.\n", hostname);
240 }
241 }
242
243 #endif
244
245 static void
246 print_cert_vrfy (gnutls_session_t session)
247 {
248 int rc;
249 unsigned int status;
250
251 rc = gnutls_certificate_verify_peers2 (session, &status);
252 if (rc < 0)
253 {
254 printf ("- Could not verify certificate (err: %s)\n",
255 gnutls_strerror (rc));
256 return;
257 }
258
259 if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
260 {
261 printf ("- Peer did not send any certificate.\n");
262 return;
263 }
264
265 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
266 {
267 if (status & GNUTLS_CERT_REVOKED)
268 printf ("- Peer's certificate chain revoked\n");
269 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
270 printf ("- Peer's certificate issuer is unknown\n");
271 if (status & GNUTLS_CERT_SIGNER_NOT_CA)
272 printf ("- Peer's certificate issuer is not a CA\n");
273 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
274 printf ("- Peer's certificate chain uses insecure algorithm\n");
275 if (status & GNUTLS_CERT_NOT_ACTIVATED)
276 printf
277 ("- Peer's certificate chain uses not yet valid certificate\n");
278 if (status & GNUTLS_CERT_EXPIRED)
279 printf ("- Peer's certificate chain uses expired certificate\n");
280 if (status & GNUTLS_CERT_INVALID)
281 printf ("- Peer's certificate is NOT trusted\n");
282 else
283 printf ("- Peer's certificate is trusted\n");
284 }
285 else
286 {
287 if (status & GNUTLS_CERT_INVALID)
288 printf ("- Peer's key is invalid\n");
289 else
290 printf ("- Peer's key is valid\n");
291 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
292 printf ("- Could not find a signer of the peer's key\n");
293 }
294 }
295
296 static void
297 print_dh_info (gnutls_session_t session, const char *str)
298 {
299 printf ("- %sDiffie-Hellman parameters\n", str);
300 printf (" - Using prime: %d bits\n", gnutls_dh_get_prime_bits (session));
301 printf (" - Secret key: %d bits\n", gnutls_dh_get_secret_bits (session));
302 printf (" - Peer's public key: %d bits\n",
303 gnutls_dh_get_peers_public_bits (session));
304
305 if (print_cert)
306 {
307 int ret;
308 gnutls_datum_t raw_gen = { NULL, 0 };
309 gnutls_datum_t raw_prime = { NULL, 0 };
310 gnutls_dh_params_t dh_params = NULL;
311 unsigned char *params_data = NULL;
312 size_t params_data_size = 0;
313
314 ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
315 if (ret)
316 {
317 fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
318 goto out;
319 }
320
321 ret = gnutls_dh_params_init (&dh_params);
322 if (ret)
323 {
324 fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
325 goto out;
326 }
327
328 ret = gnutls_dh_params_import_raw (dh_params, &raw_prime, &raw_gen);
329 if (ret)
330 {
331 fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
332 goto out;
333 }
334
335 ret = gnutls_dh_params_export_pkcs3 (dh_params,
336 GNUTLS_X509_FMT_PEM,
337 params_data, &params_data_size);
338 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
339 {
340 fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
341 goto out;
342 }
343
344 params_data = gnutls_malloc (params_data_size);
345 if (!params_data)
346 {
347 fprintf (stderr, "gnutls_malloc %d\n", ret);
348 goto out;
349 }
350
351 ret = gnutls_dh_params_export_pkcs3 (dh_params,
352 GNUTLS_X509_FMT_PEM,
353 params_data, &params_data_size);
354 if (ret)
355 {
356 fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
357 goto out;
358 }
359
360 printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
361 params_data);
362
363 out:
364 gnutls_free (params_data);
365 gnutls_free (raw_prime.data);
366 gnutls_free (raw_gen.data);
367 gnutls_dh_params_deinit (dh_params);
368 }
369 }
370
371 int
372 print_info (gnutls_session_t session, const char *hostname, int insecure)
373 {
374 const char *tmp;
375 gnutls_credentials_type_t cred;
376 gnutls_kx_algorithm_t kx;
377
378
379 /* print the key exchange's algorithm name
380 */
381 kx = gnutls_kx_get (session);
382
383 cred = gnutls_auth_get_type (session);
384 switch (cred)
385 {
386 #ifdef ENABLE_ANON
387 case GNUTLS_CRD_ANON:
388 print_dh_info (session, "Anonymous ");
389 break;
390 #endif
391 #ifdef ENABLE_SRP
392 case GNUTLS_CRD_SRP:
393 /* This should be only called in server
394 * side.
395 */
396 if (gnutls_srp_server_get_username (session) != NULL)
397 printf ("- SRP authentication. Connected as '%s'\n",
398 gnutls_srp_server_get_username (session));
399 break;
400 #endif
401 #ifdef ENABLE_PSK
402 case GNUTLS_CRD_PSK:
403 /* This returns NULL in server side.
404 */
405 if (gnutls_psk_client_get_hint (session) != NULL)
406 printf ("- PSK authentication. PSK hint '%s'\n",
407 gnutls_psk_client_get_hint (session));
408 /* This returns NULL in client side.
409 */
410 if (gnutls_psk_server_get_username (session) != NULL)
411 printf ("- PSK authentication. Connected as '%s'\n",
412 gnutls_psk_server_get_username (session));
413 if (kx == GNUTLS_KX_DHE_PSK)
414 print_dh_info (session, "Ephemeral ");
415 break;
416 #endif
417 case GNUTLS_CRD_IA:
418 printf ("- TLS/IA authentication\n");
419 break;
420 case GNUTLS_CRD_CERTIFICATE:
421 {
422 char dns[256];
423 size_t dns_size = sizeof (dns);
424 unsigned int type;
425
426 /* This fails in client side */
427 if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
428 {
429 printf ("- Given server name[%d]: %s\n", type, dns);
430 }
431 }
432
433 if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
434 print_dh_info (session, "Ephemeral ");
435
436 print_cert_info (session, hostname, insecure);
437
438 print_cert_vrfy (session);
439
440 }
441
442 tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
443 printf ("- Version: %s\n", tmp);
444
445 tmp = SU (gnutls_kx_get_name (kx));
446 printf ("- Key Exchange: %s\n", tmp);
447
448 tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
449 printf ("- Cipher: %s\n", tmp);
450
451 tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
452 printf ("- MAC: %s\n", tmp);
453
454 tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
455 printf ("- Compression: %s\n", tmp);
456
457 if (verbose)
458 {
459 char id[32];
460 size_t id_size = sizeof (id);
461 gnutls_session_get_id (session, id, &id_size);
462 printf ("- Session ID: %s\n", raw_to_string (id, id_size));
463 }
464
465
466 fflush (stdout);
467
468 return 0;
469 }
470
471 void
472 print_cert_info (gnutls_session_t session, const char *hostname, int insecure)
473 {
474
475 if (gnutls_certificate_client_get_request_status (session) != 0)
476 printf ("- Server has requested a certificate.\n");
477
478 printf ("- Certificate type: ");
479 switch (gnutls_certificate_type_get (session))
480 {
481 case GNUTLS_CRT_UNKNOWN:
482 printf ("Unknown\n");
483
484 if (!insecure)
485 exit (1);
486 break;
487 case GNUTLS_CRT_X509:
488 printf ("X.509\n");
489 print_x509_info (session, hostname, insecure);
490 break;
491 #ifdef ENABLE_OPENPGP
492 case GNUTLS_CRT_OPENPGP:
493 printf ("OpenPGP\n");
494 print_openpgp_info (session, hostname, insecure);
495 break;
496 #endif
497 }
498 }
499
500 void
501 print_list (int verbose)
502 {
503 {
504 size_t i;
505 const char *name;
506 char id[2];
507 gnutls_kx_algorithm_t kx;
508 gnutls_cipher_algorithm_t cipher;
509 gnutls_mac_algorithm_t mac;
510 gnutls_protocol_t version;
511
512 printf ("Cipher suites:\n");
513 for (i = 0; (name = gnutls_cipher_suite_info
514 (i, id, &kx, &cipher, &mac, &version)); i++)
515 {
516 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
517 name,
518 (unsigned char) id[0], (unsigned char) id[1],
519 gnutls_protocol_get_name (version));
520 if (verbose)
521 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
522 gnutls_kx_get_name (kx),
523 gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
524 }
525 }
526
527 {
528 const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
529
530 printf ("Certificate types: ");
531 for (; *p; p++)
532 {
533 printf ("%s", gnutls_certificate_type_get_name (*p));
534 if (*(p + 1))
535 printf (", ");
536 else
537 printf ("\n");
538 }
539 }
540
541 {
542 const gnutls_protocol_t *p = gnutls_protocol_list ();
543
544 printf ("Protocols: ");
545 for (; *p; p++)
546 {
547 printf ("%s", gnutls_protocol_get_name (*p));
548 if (*(p + 1))
549 printf (", ");
550 else
551 printf ("\n");
552 }
553 }
554
555 {
556 const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
557
558 printf ("Ciphers: ");
559 for (; *p; p++)
560 {
561 printf ("%s", gnutls_cipher_get_name (*p));
562 if (*(p + 1))
563 printf (", ");
564 else
565 printf ("\n");
566 }
567 }
568
569 {
570 const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
571
572 printf ("MACs: ");
573 for (; *p; p++)
574 {
575 printf ("%s", gnutls_mac_get_name (*p));
576 if (*(p + 1))
577 printf (", ");
578 else
579 printf ("\n");
580 }
581 }
582
583 {
584 const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
585
586 printf ("Key exchange algorithms: ");
587 for (; *p; p++)
588 {
589 printf ("%s", gnutls_kx_get_name (*p));
590 if (*(p + 1))
591 printf (", ");
592 else
593 printf ("\n");
594 }
595 }
596
597 {
598 const gnutls_compression_method_t *p = gnutls_compression_list ();
599
600 printf ("Compression: ");
601 for (; *p; p++)
602 {
603 printf ("%s", gnutls_compression_get_name (*p));
604 if (*(p + 1))
605 printf (", ");
606 else
607 printf ("\n");
608 }
609 }
610
611 {
612 const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
613
614 printf ("Public Key Systems: ");
615 for (; *p; p++)
616 {
617 printf ("%s", gnutls_pk_algorithm_get_name (*p));
618 if (*(p + 1))
619 printf (", ");
620 else
621 printf ("\n");
622 }
623 }
624
625 {
626 const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
627
628 printf ("PK-signatures: ");
629 for (; *p; p++)
630 {
631 printf ("%s", gnutls_sign_algorithm_get_name (*p));
632 if (*(p + 1))
633 printf (", ");
634 else
635 printf ("\n");
636 }
637 }
638 }
639
640 static int depr_printed = 0;
641 #define DEPRECATED if (depr_printed==0) { \
642 fprintf(stderr, "This method of specifying algorithms is deprecated. Please use the --priority option.\n"); \
643 depr_printed = 1; \
644 }
645
646 void
647 parse_protocols (char **protocols, int protocols_size, int *protocol_priority)
648 {
649 int i, j;
650
651 if (protocols != NULL && protocols_size > 0)
652 {
653 DEPRECATED;
654
655 for (j = i = 0; i < protocols_size; i++)
656 {
657 if (strncasecmp (protocols[i], "SSL", 3) == 0)
658 protocol_priority[j++] = GNUTLS_SSL3;
659 else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
660 protocol_priority[j++] = GNUTLS_TLS1_1;
661 else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
662 protocol_priority[j++] = GNUTLS_TLS1_2;
663 else if (strncasecmp (protocols[i], "TLS", 3) == 0)
664 protocol_priority[j++] = GNUTLS_TLS1_0;
665 else
666 fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
667 }
668 protocol_priority[j] = 0;
669 }
670 }
671
672 void
673 parse_ciphers (char **ciphers, int nciphers, int *cipher_priority)
674 {
675 int j, i;
676
677
678 if (ciphers != NULL && nciphers > 0)
679 {
680 DEPRECATED;
681 for (j = i = 0; i < nciphers; i++)
682 {
683 if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
684 cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
685 else if (strncasecmp (ciphers[i], "AES", 3) == 0)
686 cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
687 else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
688 cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
689 else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
690 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
691 else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
692 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
693 #ifdef ENABLE_CAMELLIA
694 else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
695 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
696 else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
697 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
698 #endif
699 else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
700 cipher_priority[j++] = GNUTLS_CIPHER_NULL;
701 else
702 fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
703 }
704 cipher_priority[j] = 0;
705 }
706 }
707
708 void
709 parse_macs (char **macs, int nmacs, int *mac_priority)
710 {
711 int i, j;
712
713
714 if (macs != NULL && nmacs > 0)
715 {
716 DEPRECATED;
717 for (j = i = 0; i < nmacs; i++)
718 {
719 if (strncasecmp (macs[i], "MD5", 3) == 0)
720 mac_priority[j++] = GNUTLS_MAC_MD5;
721 else if (strncasecmp (macs[i], "RMD", 3) == 0)
722 mac_priority[j++] = GNUTLS_MAC_RMD160;
723 else if (strncasecmp (macs[i], "SHA512", 6) == 0)
724 mac_priority[j++] = GNUTLS_MAC_SHA512;
725 else if (strncasecmp (macs[i], "SHA384", 6) == 0)
726 mac_priority[j++] = GNUTLS_MAC_SHA384;
727 else if (strncasecmp (macs[i], "SHA256", 6) == 0)
728 mac_priority[j++] = GNUTLS_MAC_SHA256;
729 else if (strncasecmp (macs[i], "SHA", 3) == 0)
730 mac_priority[j++] = GNUTLS_MAC_SHA1;
731 else
732 fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
733 }
734 mac_priority[j] = 0;
735 }
736 }
737
738 void
739 parse_ctypes (char **ctype, int nctype, int *cert_type_priority)
740 {
741 int i, j;
742
743 if (ctype != NULL && nctype > 0)
744 {
745 DEPRECATED;
746 for (j = i = 0; i < nctype; i++)
747 {
748 if (strncasecmp (ctype[i], "OPE", 3) == 0)
749 cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
750 else if (strncasecmp (ctype[i], "X", 1) == 0)
751 cert_type_priority[j++] = GNUTLS_CRT_X509;
752 else
753 fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
754 }
755 cert_type_priority[j] = 0;
756 }
757 }
758
759 void
760 parse_kx (char **kx, int nkx, int *kx_priority)
761 {
762 int i, j;
763
764
765 if (kx != NULL && nkx > 0)
766 {
767 DEPRECATED;
768 for (j = i = 0; i < nkx; i++)
769 {
770 if (strcasecmp (kx[i], "SRP") == 0)
771 kx_priority[j++] = GNUTLS_KX_SRP;
772 else if (strcasecmp (kx[i], "SRP-RSA") == 0)
773 kx_priority[j++] = GNUTLS_KX_SRP_RSA;
774 else if (strcasecmp (kx[i], "SRP-DSS") == 0)
775 kx_priority[j++] = GNUTLS_KX_SRP_DSS;
776 else if (strcasecmp (kx[i], "RSA") == 0)
777 kx_priority[j++] = GNUTLS_KX_RSA;
778 else if (strcasecmp (kx[i], "PSK") == 0)
779 kx_priority[j++] = GNUTLS_KX_PSK;
780 else if (strcasecmp (kx[i], "DHE-PSK") == 0)
781 kx_priority[j++] = GNUTLS_KX_DHE_PSK;
782 else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
783 kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
784 else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
785 kx_priority[j++] = GNUTLS_KX_DHE_RSA;
786 else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
787 kx_priority[j++] = GNUTLS_KX_DHE_DSS;
788 else if (strncasecmp (kx[i], "ANON", 4) == 0)
789 kx_priority[j++] = GNUTLS_KX_ANON_DH;
790 else
791 fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
792 }
793 kx_priority[j] = 0;
794 }
795 }
796
797 void
798 parse_comp (char **comp, int ncomp, int *comp_priority)
799 {
800 int i, j;
801
802 if (comp != NULL && ncomp > 0)
803 {
804 DEPRECATED;
805 for (j = i = 0; i < ncomp; i++)
806 {
807 if (strncasecmp (comp[i], "NUL", 3) == 0)
808 comp_priority[j++] = GNUTLS_COMP_NULL;
809 else if (strncasecmp (comp[i], "ZLI", 3) == 0)
810 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
811 else if (strncasecmp (comp[i], "DEF", 3) == 0)
812 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
813 else if (strncasecmp (comp[i], "LZO", 3) == 0)
814 comp_priority[j++] = GNUTLS_COMP_LZO;
815 else
816 fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
817 }
818 comp_priority[j] = 0;
819 }
820 }
821
822 void
823 sockets_init (void)
824 {
825 #ifdef _WIN32
826 WORD wVersionRequested;
827 WSADATA wsaData;
828
829 wVersionRequested = MAKEWORD (1, 1);
830 if (WSAStartup (wVersionRequested, &wsaData) != 0)
831 {
832 perror ("WSA_STARTUP_ERROR");
833 }
834 #endif
835 }
836
837 /* converts a service name or a port (in string) to a
838 * port number. The protocol is assumed to be TCP.
839 *
840 * returns -1 on error;
841 */
842 int
843 service_to_port (const char *service)
844 {
845 int port;
846 struct servent *server_port;
847
848 port = atoi (service);
849 if (port != 0)
850 return port;
851
852 server_port = getservbyname (service, "tcp");
853 if (server_port == NULL)
854 {
855 perror ("getservbyname()");
856 return (-1);
857 }
858
859 return ntohs (server_port->s_port);
860 }
Implementation of the SSL/TLS protocol