search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update.
[gnutls.git] / src / common.c
blobf7cfebfdad6c388b8cac41a9a63f00856086a028
1 /*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
3 * Author: Nikos Mavroyanopoulos
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
20 */
21
22 #include <config.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <gnutls/gnutls.h>
27 #include <gnutls/extra.h>
28 #include <gnutls/x509.h>
29 #include <gnutls/openpgp.h>
30 #include <time.h>
31 #include <common.h>
32
33 #define TEST_STRING
34
35 #define SU(x) (x!=NULL?x:"Unknown")
36
37 int xml = 0;
38 int print_cert;
39 extern int verbose;
40
41 static char buffer[5 * 1024];
42
43 #define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y)
44 #define PRINT_PGP_NAME(X) PRINTX( "NAME:", name)
45
46 const char str_unknown[] = "(unknown)";
47
48 /* Hex encodes the given data.
49 */
50 const char *
51 raw_to_string (const unsigned char *raw, size_t raw_size)
52 {
53 static char buf[1024];
54 size_t i;
55 if (raw_size == 0)
56 return NULL;
57
58 if (raw_size * 3 + 1 >= sizeof (buf))
59 return NULL;
60
61 for (i = 0; i < raw_size; i++)
62 {
63 sprintf (&(buf[i * 3]), "%02X%s", raw[i],
64 (i == raw_size - 1) ? "" : ":");
65 }
66 buf[sizeof (buf) - 1] = '\0';
67
68 return buf;
69 }
70
71 static const char *
72 my_ctime (const time_t * tv)
73 {
74 static char buf[256];
75 struct tm *tp;
76
77 if (((tp = localtime (tv)) == NULL) ||
78 (!strftime (buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp)))
79 strcpy (buf, str_unknown); /* make sure buf text isn't garbage */
80
81 return buf;
82
83 }
84
85
86 void
87 print_x509_info (gnutls_session session, const char *hostname)
88 {
89 gnutls_x509_crt crt;
90 const gnutls_datum *cert_list;
91 size_t cert_list_size = 0;
92 int ret;
93 char digest[20];
94 char serial[40];
95 char dn[256];
96 size_t dn_size;
97 size_t digest_size = sizeof (digest);
98 unsigned int j;
99 size_t serial_size = sizeof (serial);
100 const char *print;
101 const char *cstr;
102 unsigned int bits, algo;
103 time_t expiret, activet;
104
105 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
106
107
108 if (cert_list_size == 0)
109 {
110 fprintf (stderr, "No certificates found!\n");
111 return;
112 }
113
114 printf (" - Got a certificate list of %d certificates.\n\n",
115 cert_list_size);
116
117 for (j = 0; j < (unsigned int) cert_list_size; j++)
118 {
119
120 gnutls_x509_crt_init (&crt);
121 ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
122 if (ret < 0)
123 {
124 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
125 return;
126 }
127
128 printf (" - Certificate[%d] info:\n", j);
129
130 if (print_cert)
131 {
132 size_t size;
133
134 size = sizeof (buffer);
135
136 ret =
137 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, buffer, &size);
138 if (ret < 0)
139 {
140 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
141 return;
142 }
143 fputs ("\n", stdout);
144 fputs (buffer, stdout);
145 fputs ("\n", stdout);
146 }
147
148 if (j == 0 && hostname != NULL)
149 { /* Check the hostname of the first certificate
150 * if it matches the name of the host we
151 * connected to.
152 */
153 if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
154 {
155 printf
156 (" # The hostname in the certificate does NOT match '%s'.\n",
157 hostname);
158 }
159 else
160 {
161 printf
162 (" # The hostname in the certificate matches '%s'.\n",
163 hostname);
164 }
165 }
166
167
168 if (xml)
169 {
170 #ifdef ENABLE_PKI
171 gnutls_datum xml_data;
172
173 ret = gnutls_x509_crt_to_xml (crt, &xml_data, 0);
174 if (ret < 0)
175 {
176 fprintf (stderr, "XML encoding error: %s\n",
177 gnutls_strerror (ret));
178 return;
179 }
180
181 printf ("%s", xml_data.data);
182 gnutls_free (xml_data.data);
183 #endif
184 }
185 else
186 {
187
188 expiret = gnutls_x509_crt_get_expiration_time (crt);
189 activet = gnutls_x509_crt_get_activation_time (crt);
190
191 printf (" # valid since: %s", my_ctime (&activet));
192 printf (" # expires at: %s", my_ctime (&expiret));
193
194
195 /* Print the serial number of the certificate.
196 */
197 if (verbose
198 && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0)
199 {
200 print = raw_to_string (serial, serial_size);
201 if (print != NULL)
202 printf (" # serial number: %s\n", print);
203 }
204
205 /* Print the fingerprint of the certificate
206 */
207 digest_size = sizeof (digest);
208 if ((ret =
209 gnutls_x509_crt_get_fingerprint (crt,
210 GNUTLS_DIG_MD5,
211 digest, &digest_size)) < 0)
212 {
213 fprintf (stderr,
214 "Error in fingerprint calculation: %s\n",
215 gnutls_strerror (ret));
216 }
217 else
218 {
219 print = raw_to_string (digest, digest_size);
220 if (print != NULL)
221 printf (" # fingerprint: %s\n", print);
222 }
223
224 /* Print the version of the X.509
225 * certificate.
226 */
227 if (verbose)
228 {
229 printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt));
230
231 bits = 0;
232 algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits);
233 printf (" # public key algorithm: ");
234
235 cstr = SU (gnutls_pk_algorithm_get_name (algo));
236 printf ("%s (%d bits)\n", cstr, bits);
237
238 #ifdef ENABLE_PKI
239 if (algo == GNUTLS_PK_RSA)
240 {
241 gnutls_datum e, m;
242
243 ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e);
244 if (ret >= 0)
245 {
246 print = SU (raw_to_string (e.data, e.size));
247 printf (" # e [%d bits]: %s\n", e.size * 8, print);
248
249 print = SU (raw_to_string (m.data, m.size));
250 printf (" # m [%d bits]: %s\n", m.size * 8, print);
251
252 gnutls_free (e.data);
253 gnutls_free (m.data);
254 }
255 }
256 else if (algo == GNUTLS_PK_DSA)
257 {
258 gnutls_datum p, q, g, y;
259
260 ret = gnutls_x509_crt_get_pk_dsa_raw (crt, &p, &q, &g, &y);
261 if (ret >= 0)
262 {
263 print = SU (raw_to_string (p.data, p.size));
264 printf (" # p [%d bits]: %s\n", p.size * 8, print);
265
266 print = SU (raw_to_string (q.data, q.size));
267 printf (" # q [%d bits]: %s\n", q.size * 8, print);
268
269 print = SU (raw_to_string (g.data, g.size));
270 printf (" # g [%d bits]: %s\n", g.size * 8, print);
271
272 print = SU (raw_to_string (y.data, y.size));
273 printf (" # y [%d bits]: %s\n", y.size * 8, print);
274
275 gnutls_free (p.data);
276 gnutls_free (q.data);
277 gnutls_free (g.data);
278 gnutls_free (y.data);
279 }
280 }
281 #endif
282 }
283
284 dn_size = sizeof (dn);
285 ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size);
286 if (ret >= 0)
287 printf (" # Subject's DN: %s\n", dn);
288
289 dn_size = sizeof (dn);
290 ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size);
291 if (ret >= 0)
292 printf (" # Issuer's DN: %s\n", dn);
293 }
294
295 gnutls_x509_crt_deinit (crt);
296
297 printf ("\n");
298
299 }
300
301 }
302
303 #ifdef ENABLE_OPENPGP
304
305 void
306 print_openpgp_info (gnutls_session session, const char *hostname)
307 {
308
309 char digest[20];
310 size_t digest_size = sizeof (digest);
311 int ret;
312 const char *print;
313 const char *cstr;
314 char name[256];
315 size_t name_len = sizeof (name);
316 gnutls_openpgp_key crt;
317 const gnutls_datum *cert_list;
318 int cert_list_size = 0;
319 time_t expiret;
320 time_t activet;
321
322 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
323
324 if (cert_list_size > 0)
325 {
326 unsigned int algo, bits;
327
328 gnutls_openpgp_key_init (&crt);
329 ret =
330 gnutls_openpgp_key_import (crt, &cert_list[0],
331 GNUTLS_OPENPGP_FMT_RAW);
332 if (ret < 0)
333 {
334 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
335 return;
336 }
337
338 if (print_cert)
339 {
340 size_t size;
341
342 size = sizeof (buffer);
343
344 ret =
345 gnutls_openpgp_key_export (crt,
346 GNUTLS_OPENPGP_FMT_BASE64,
347 buffer, &size);
348 if (ret < 0)
349 {
350 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
351 return;
352 }
353 fputs ("\n", stdout);
354 fputs (buffer, stdout);
355 fputs ("\n", stdout);
356 }
357
358 if (hostname != NULL)
359 { /* Check the hostname of the first certificate
360 * if it matches the name of the host we
361 * connected to.
362 */
363 if (gnutls_openpgp_key_check_hostname (crt, hostname) == 0)
364 {
365 printf
366 (" # The hostname in the key does NOT match '%s'.\n",
367 hostname);
368 }
369 else
370 {
371 printf (" # The hostname in the key matches '%s'.\n", hostname);
372 }
373 }
374
375 if (xml)
376 {
377 gnutls_datum xml_data;
378
379 ret = gnutls_openpgp_key_to_xml (crt, &xml_data, 0);
380 if (ret < 0)
381 {
382 fprintf (stderr, "XML encoding error: %s\n",
383 gnutls_strerror (ret));
384 return;
385 }
386
387 printf ("%s", xml_data.data);
388 gnutls_free (xml_data.data);
389
390 return;
391 }
392
393 activet = gnutls_openpgp_key_get_creation_time (crt);
394 expiret = gnutls_openpgp_key_get_expiration_time (crt);
395
396 printf (" # Key was created at: %s", my_ctime (&activet));
397 printf (" # Key expires: ");
398 if (expiret != 0)
399 printf ("%s", my_ctime (&expiret));
400 else
401 printf ("Never\n");
402
403 if (gnutls_openpgp_key_get_fingerprint (crt, digest, &digest_size) >= 0)
404 {
405 print = raw_to_string (digest, digest_size);
406
407 printf (" # PGP Key version: %d\n",
408 gnutls_openpgp_key_get_version (crt));
409
410 bits = 0;
411 algo = gnutls_openpgp_key_get_pk_algorithm (crt, &bits);
412
413 printf (" # PGP Key public key algorithm: ");
414 cstr = SU (gnutls_pk_algorithm_get_name (algo));
415 printf ("%s (%d bits)\n", cstr, bits);
416
417 if (print != NULL)
418 printf (" # PGP Key fingerprint: %s\n", print);
419
420 name_len = sizeof (name);
421 if (gnutls_openpgp_key_get_name (crt, 0, name, &name_len) < 0)
422 {
423 fprintf (stderr, "Could not extract name\n");
424 }
425 else
426 {
427 PRINT_PGP_NAME (name);
428 }
429
430 }
431
432 gnutls_openpgp_key_deinit (crt);
433
434 }
435 }
436
437 #endif
438
439 void
440 print_cert_vrfy (gnutls_session session)
441 {
442 int rc;
443 unsigned int status;
444
445 rc = gnutls_certificate_verify_peers2 (session, &status);
446 printf ("\n");
447
448 if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
449 {
450 printf ("- Peer did not send any certificate.\n");
451 return;
452 }
453
454 if (rc < 0)
455 {
456 printf ("- Could not verify certificate (err: %s)\n",
457 gnutls_strerror (rc));
458 return;
459 }
460
461 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
462 {
463 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
464 printf ("- Peer's certificate issuer is unknown\n");
465 if (status & GNUTLS_CERT_INVALID)
466 printf ("- Peer's certificate is NOT trusted\n");
467 else
468 printf ("- Peer's certificate is trusted\n");
469 }
470 else
471 {
472 if (status & GNUTLS_CERT_INVALID)
473 printf ("- Peer's key is invalid\n");
474 else
475 printf ("- Peer's key is valid\n");
476 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
477 printf ("- Could not find a signer of the peer's key\n");
478 }
479 }
480
481 int
482 print_info (gnutls_session session, const char *hostname)
483 {
484 const char *tmp;
485 gnutls_credentials_type cred;
486 gnutls_kx_algorithm kx;
487
488
489 /* print the key exchange's algorithm name
490 */
491 kx = gnutls_kx_get (session);
492
493 cred = gnutls_auth_get_type (session);
494 switch (cred)
495 {
496 #ifdef ENABLE_ANON
497 case GNUTLS_CRD_ANON:
498 printf ("- Anonymous DH using prime of %d bits, secret key "
499 "of %d bits, and peer's public key is %d bits.\n",
500 gnutls_dh_get_prime_bits (session),
501 gnutls_dh_get_secret_bits (session),
502 gnutls_dh_get_peers_public_bits (session));
503 break;
504 #endif
505 #ifdef ENABLE_SRP
506 case GNUTLS_CRD_SRP:
507 /* This should be only called in server
508 * side.
509 */
510 if (gnutls_srp_server_get_username (session) != NULL)
511 printf ("- SRP authentication. Connected as '%s'\n",
512 gnutls_srp_server_get_username (session));
513 break;
514 #endif
515 #ifdef ENABLE_PSK
516 case GNUTLS_CRD_PSK:
517 /* This should be only called in server
518 * side.
519 */
520 if (gnutls_psk_server_get_username (session) != NULL)
521 printf ("- PSK authentication. Connected as '%s'\n",
522 gnutls_psk_server_get_username (session));
523 if (kx == GNUTLS_KX_DHE_PSK)
524 {
525 printf ("- DH using prime of %d bits, secret key "
526 "of %d bits, and peer's public key is %d bits.\n",
527 gnutls_dh_get_prime_bits (session),
528 gnutls_dh_get_secret_bits (session),
529 gnutls_dh_get_peers_public_bits (session));
530 }
531 break;
532 #endif
533 case GNUTLS_CRD_CERTIFICATE:
534 {
535 char dns[256];
536 size_t dns_size = sizeof (dns);
537 unsigned int type;
538
539 /* This fails in client side */
540 if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
541 {
542 printf ("- Given server name[%d]: %s\n", type, dns);
543 }
544 }
545
546 print_cert_info (session, hostname);
547
548 print_cert_vrfy (session);
549
550 }
551
552 tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
553 printf ("- Version: %s\n", tmp);
554
555 tmp = SU (gnutls_kx_get_name (kx));
556 printf ("- Key Exchange: %s\n", tmp);
557
558 tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
559 printf ("- Cipher: %s\n", tmp);
560
561 tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
562 printf ("- MAC: %s\n", tmp);
563
564 tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
565 printf ("- Compression: %s\n", tmp);
566
567 fflush (stdout);
568
569 return 0;
570 }
571
572 void
573 print_cert_info (gnutls_session session, const char *hostname)
574 {
575
576 if (gnutls_certificate_client_get_request_status( session) != 0)
577 printf("- Server has requested a certificate.\n");
578
579 printf ("- Certificate type: ");
580 switch (gnutls_certificate_type_get (session))
581 {
582 case GNUTLS_CRT_X509:
583 printf ("X.509\n");
584 print_x509_info (session, hostname);
585 break;
586 #ifdef ENABLE_OPENPGP
587 case GNUTLS_CRT_OPENPGP:
588 printf ("OpenPGP\n");
589 print_openpgp_info (session, hostname);
590 break;
591 #endif
592 }
593 }
594
595 void
596 print_list (int verbose)
597 {
598 {
599 size_t i;
600 const char *name;
601 char id[2];
602 gnutls_kx_algorithm_t kx;
603 gnutls_cipher_algorithm_t cipher;
604 gnutls_mac_algorithm_t mac;
605 gnutls_protocol_t version;
606
607 printf ("Cipher suites:\n");
608 for (i = 0; (name = gnutls_cipher_suite_info
609 (i, id, &kx, &cipher, &mac, &version)); i++)
610 {
611 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
612 name,
613 (unsigned char) id[0], (unsigned char) id[1],
614 gnutls_protocol_get_name (version));
615 if (verbose)
616 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
617 gnutls_kx_get_name (kx),
618 gnutls_cipher_get_name (cipher),
619 gnutls_mac_get_name (mac));
620 }
621 }
622
623 {
624 const gnutls_certificate_type_t *p = gnutls_certificate_type_list();
625
626 printf ("Certificate types: ");
627 for (; *p; p++)
628 {
629 printf ("%s", gnutls_certificate_type_get_name (*p));
630 if (*(p+1))
631 printf (", ");
632 else
633 printf ("\n");
634 }
635 }
636
637 {
638 const gnutls_protocol_t *p = gnutls_protocol_list();
639
640 printf ("Protocols: ");
641 for (; *p; p++)
642 {
643 printf ("%s", gnutls_protocol_get_name (*p));
644 if (*(p+1))
645 printf (", ");
646 else
647 printf ("\n");
648 }
649 }
650
651 {
652 const gnutls_cipher_algorithm_t *p = gnutls_cipher_list();
653
654 printf ("Ciphers: ");
655 for (; *p; p++)
656 {
657 printf ("%s", gnutls_cipher_get_name (*p));
658 if (*(p+1))
659 printf (", ");
660 else
661 printf ("\n");
662 }
663 }
664
665 {
666 const gnutls_mac_algorithm_t *p = gnutls_mac_list();
667
668 printf ("MACs: ");
669 for (; *p; p++)
670 {
671 printf ("%s", gnutls_mac_get_name (*p));
672 if (*(p+1))
673 printf (", ");
674 else
675 printf ("\n");
676 }
677 }
678
679 {
680 const gnutls_kx_algorithm_t *p = gnutls_kx_list();
681
682 printf ("Key exchange algorithms: ");
683 for (; *p; p++)
684 {
685 printf ("%s", gnutls_kx_get_name (*p));
686 if (*(p+1))
687 printf (", ");
688 else
689 printf ("\n");
690 }
691 }
692
693 {
694 const gnutls_compression_method_t *p = gnutls_compression_list();
695
696 printf ("Compression: ");
697 for (; *p; p++)
698 {
699 printf ("%s", gnutls_compression_get_name (*p));
700 if (*(p+1))
701 printf (", ");
702 else
703 printf ("\n");
704 }
705 }
706 }
707
708 void
709 print_license (void)
710 {
711 fputs ("\nCopyright (C) 2004 Free Software Foundation\n"
712 "This program is free software; you can redistribute it and/or modify \n"
713 "it under the terms of the GNU General Public License as published by \n"
714 "the Free Software Foundation; either version 2 of the License, or \n"
715 "(at your option) any later version. \n" "\n"
716 "This program is distributed in the hope that it will be useful, \n"
717 "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
718 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
719 "GNU General Public License for more details. \n" "\n"
720 "You should have received a copy of the GNU General Public License \n"
721 "along with this program; if not, write to the Free Software \n"
722 "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n",
723 stdout);
724 }
725
726 void
727 parse_protocols (char **protocols, int protocols_size, int *protocol_priority)
728 {
729 int i, j;
730
731 if (protocols != NULL && protocols_size > 0)
732 {
733 for (j = i = 0; i < protocols_size; i++)
734 {
735 if (strncasecmp (protocols[i], "SSL", 3) == 0)
736 protocol_priority[j++] = GNUTLS_SSL3;
737 else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
738 protocol_priority[j++] = GNUTLS_TLS1_1;
739 else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
740 protocol_priority[j++] = GNUTLS_TLS1_2;
741 else if (strncasecmp (protocols[i], "TLS", 3) == 0)
742 protocol_priority[j++] = GNUTLS_TLS1_0;
743 else
744 fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
745 }
746 protocol_priority[j] = 0;
747 }
748 }
749
750 void
751 parse_ciphers (char **ciphers, int nciphers, int *cipher_priority)
752 {
753 int j, i;
754
755 if (ciphers != NULL && nciphers > 0)
756 {
757 for (j = i = 0; i < nciphers; i++)
758 {
759 if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
760 cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
761 else if (strncasecmp (ciphers[i], "AES", 3) == 0)
762 cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
763 else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
764 cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
765 else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
766 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
767 else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
768 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
769 else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
770 cipher_priority[j++] = GNUTLS_CIPHER_NULL;
771 else
772 fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
773 }
774 cipher_priority[j] = 0;
775 }
776 }
777
778 void
779 parse_macs (char **macs, int nmacs, int *mac_priority)
780 {
781 int i, j;
782 if (macs != NULL && nmacs > 0)
783 {
784 for (j = i = 0; i < nmacs; i++)
785 {
786 if (strncasecmp (macs[i], "MD5", 3) == 0)
787 mac_priority[j++] = GNUTLS_MAC_MD5;
788 else if (strncasecmp (macs[i], "RMD", 3) == 0)
789 mac_priority[j++] = GNUTLS_MAC_RMD160;
790 else if (strncasecmp (macs[i], "SHA512", 6) == 0)
791 mac_priority[j++] = GNUTLS_MAC_SHA512;
792 else if (strncasecmp (macs[i], "SHA384", 6) == 0)
793 mac_priority[j++] = GNUTLS_MAC_SHA384;
794 else if (strncasecmp (macs[i], "SHA256", 6) == 0)
795 mac_priority[j++] = GNUTLS_MAC_SHA256;
796 else if (strncasecmp (macs[i], "SHA", 3) == 0)
797 mac_priority[j++] = GNUTLS_MAC_SHA1;
798 else
799 fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
800 }
801 mac_priority[j] = 0;
802 }
803 }
804
805 void
806 parse_ctypes (char **ctype, int nctype, int *cert_type_priority)
807 {
808 int i, j;
809 if (ctype != NULL && nctype > 0)
810 {
811 for (j = i = 0; i < nctype; i++)
812 {
813 if (strncasecmp (ctype[i], "OPE", 3) == 0)
814 cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
815 else if (strncasecmp (ctype[i], "X", 1) == 0)
816 cert_type_priority[j++] = GNUTLS_CRT_X509;
817 else
818 fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
819 }
820 cert_type_priority[j] = 0;
821 }
822 }
823
824 void
825 parse_kx (char **kx, int nkx, int *kx_priority)
826 {
827 int i, j;
828 if (kx != NULL && nkx > 0)
829 {
830 for (j = i = 0; i < nkx; i++)
831 {
832 if (strcasecmp (kx[i], "SRP") == 0)
833 kx_priority[j++] = GNUTLS_KX_SRP;
834 else if (strcasecmp (kx[i], "SRP-RSA") == 0)
835 kx_priority[j++] = GNUTLS_KX_SRP_RSA;
836 else if (strcasecmp (kx[i], "SRP-DSS") == 0)
837 kx_priority[j++] = GNUTLS_KX_SRP_DSS;
838 else if (strcasecmp (kx[i], "RSA") == 0)
839 kx_priority[j++] = GNUTLS_KX_RSA;
840 else if (strcasecmp (kx[i], "PSK") == 0)
841 kx_priority[j++] = GNUTLS_KX_PSK;
842 else if (strcasecmp (kx[i], "DHE-PSK") == 0)
843 kx_priority[j++] = GNUTLS_KX_DHE_PSK;
844 else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
845 kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
846 else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
847 kx_priority[j++] = GNUTLS_KX_DHE_RSA;
848 else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
849 kx_priority[j++] = GNUTLS_KX_DHE_DSS;
850 else if (strncasecmp (kx[i], "ANON", 4) == 0)
851 kx_priority[j++] = GNUTLS_KX_ANON_DH;
852 else
853 fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
854 }
855 kx_priority[j] = 0;
856 }
857 }
858
859 void
860 parse_comp (char **comp, int ncomp, int *comp_priority)
861 {
862 int i, j;
863 if (comp != NULL && ncomp > 0)
864 {
865 for (j = i = 0; i < ncomp; i++)
866 {
867 if (strncasecmp (comp[i], "NUL", 3) == 0)
868 comp_priority[j++] = GNUTLS_COMP_NULL;
869 else if (strncasecmp (comp[i], "ZLI", 3) == 0)
870 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
871 else if (strncasecmp (comp[i], "DEF", 3) == 0)
872 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
873 else if (strncasecmp (comp[i], "LZO", 3) == 0)
874 comp_priority[j++] = GNUTLS_COMP_LZO;
875 else
876 fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
877 }
878 comp_priority[j] = 0;
879 }
880 }
881
882 void
883 sockets_init (void)
884 {
885 #ifdef _WIN32
886 WORD wVersionRequested;
887 WSADATA wsaData;
888
889 wVersionRequested = MAKEWORD (1, 1);
890 if (WSAStartup (wVersionRequested, &wsaData) != 0)
891 {
892 perror ("WSA_STARTUP_ERROR");
893 }
894 #endif
895 }
896
897 /* converts a service name or a port (in string) to a
898 * port number. The protocol is assumed to be TCP.
899 *
900 * returns -1 on error;
901 */
902 int
903 service_to_port (const char *service)
904 {
905 int port;
906 struct servent *server_port;
907
908 port = atoi (service);
909 if (port != 0)
910 return port;
911
912 server_port = getservbyname (service, "tcp");
913 if (server_port == NULL)
914 {
915 perror ("getservbyname()");
916 return (-1);
917 }
918
919 return ntohs (server_port->s_port);
920
921 }
Implementation of the SSL/TLS protocol