search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix expired cert.
[gnutls.git] / src / common.c
blob1e726e6e6f0b9e00698512c9ee2404ec681b4799
1 /*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation
3 * Author: Nikos Mavrogiannopoulos
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22
23 /* Work around problem reported in
24 <http://permalink.gmane.org/gmane.comp.lib.gnulib.bugs/15755>.*/
25 #if GETTIMEOFDAY_CLOBBERS_LOCALTIME
26 #undef localtime
27 #endif
28
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <gnutls/gnutls.h>
33 #include <gnutls/extra.h>
34 #include <gnutls/x509.h>
35 #include <gnutls/openpgp.h>
36 #include <time.h>
37 #include <common.h>
38
39 #define SU(x) (x!=NULL?x:"Unknown")
40
41 int print_cert;
42 extern int verbose;
43
44 static char buffer[5 * 1024];
45
46 const char str_unknown[] = "(unknown)";
47
48 /* Hex encodes the given data.
49 */
50 const char *
51 raw_to_string (const unsigned char *raw, size_t raw_size)
52 {
53 static char buf[1024];
54 size_t i;
55 if (raw_size == 0)
56 return NULL;
57
58 if (raw_size * 3 + 1 >= sizeof (buf))
59 return NULL;
60
61 for (i = 0; i < raw_size; i++)
62 {
63 sprintf (&(buf[i * 3]), "%02X%s", raw[i],
64 (i == raw_size - 1) ? "" : ":");
65 }
66 buf[sizeof (buf) - 1] = '\0';
67
68 return buf;
69 }
70
71 static void
72 print_x509_info (gnutls_session_t session, const char *hostname, int insecure)
73 {
74 gnutls_x509_crt_t crt;
75 const gnutls_datum_t *cert_list;
76 unsigned int cert_list_size = 0, j;
77 int hostname_ok = 0;
78 int ret;
79
80 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
81 if (cert_list_size == 0)
82 {
83 fprintf (stderr, "No certificates found!\n");
84 return;
85 }
86
87 printf (" - Got a certificate list of %d certificates.\n", cert_list_size);
88
89 for (j = 0; j < cert_list_size; j++)
90 {
91 gnutls_datum_t cinfo;
92
93 gnutls_x509_crt_init (&crt);
94 ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
95 if (ret < 0)
96 {
97 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
98 return;
99 }
100
101 printf (" - Certificate[%d] info:\n - ", j);
102
103 if (verbose)
104 ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
105 else
106 ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
107 if (ret == 0)
108 {
109 printf ("%s\n", cinfo.data);
110 gnutls_free (cinfo.data);
111 }
112
113 if (print_cert)
114 {
115 size_t size;
116
117 size = sizeof (buffer);
118
119 ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
120 buffer, &size);
121 if (ret < 0)
122 {
123 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
124 return;
125 }
126
127 fputs ("\n", stdout);
128 fputs (buffer, stdout);
129 fputs ("\n", stdout);
130 }
131
132 if (j == 0 && hostname != NULL)
133 {
134 /* Check the hostname of the first certificate if it matches
135 * the name of the host we connected to.
136 */
137 if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
138 hostname_ok = 1;
139 else
140 hostname_ok = 2;
141 }
142
143 gnutls_x509_crt_deinit (crt);
144 }
145
146 if (hostname_ok == 1)
147 {
148 printf ("- The hostname in the certificate does NOT match '%s'\n",
149 hostname);
150 if (!insecure)
151 exit (1);
152 }
153 else if (hostname_ok == 2)
154 {
155 printf ("- The hostname in the certificate matches '%s'.\n",
156 hostname);
157 }
158 }
159
160 #ifdef ENABLE_OPENPGP
161
162 static void
163 print_openpgp_info (gnutls_session_t session, const char *hostname,
164 int insecure)
165 {
166
167 gnutls_openpgp_crt_t crt;
168 const gnutls_datum_t *cert_list;
169 int cert_list_size = 0;
170 int hostname_ok = 0;
171 int ret;
172
173 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
174
175 if (cert_list_size > 0)
176 {
177 gnutls_datum_t cinfo;
178
179 gnutls_openpgp_crt_init (&crt);
180 ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
181 GNUTLS_OPENPGP_FMT_RAW);
182 if (ret < 0)
183 {
184 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
185 return;
186 }
187
188 if (verbose)
189 ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
190 else
191 ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
192 if (ret == 0)
193 {
194 printf (" - %s\n", cinfo.data);
195 gnutls_free (cinfo.data);
196 }
197
198 if (print_cert)
199 {
200 size_t size;
201
202 size = sizeof (buffer);
203
204 ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
205 buffer, &size);
206 if (ret < 0)
207 {
208 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
209 return;
210 }
211 fputs (buffer, stdout);
212 fputs ("\n", stdout);
213 }
214
215 if (hostname != NULL)
216 {
217 /* Check the hostname of the first certificate if it matches
218 * the name of the host we connected to.
219 */
220 if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
221 hostname_ok = 1;
222 else
223 hostname_ok = 2;
224 }
225
226 gnutls_openpgp_crt_deinit (crt);
227 }
228
229 if (hostname_ok == 1)
230 {
231 printf ("- The hostname in the certificate does NOT match '%s'\n",
232 hostname);
233 if (!insecure)
234 exit (1);
235 }
236 else if (hostname_ok == 2)
237 {
238 printf ("- The hostname in the certificate matches '%s'.\n",
239 hostname);
240 }
241 }
242
243 #endif
244
245 static void
246 print_cert_vrfy (gnutls_session_t session)
247 {
248 int rc;
249 unsigned int status;
250
251 rc = gnutls_certificate_verify_peers2 (session, &status);
252 if (rc < 0)
253 {
254 printf ("- Could not verify certificate (err: %s)\n",
255 gnutls_strerror (rc));
256 return;
257 }
258
259 if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
260 {
261 printf ("- Peer did not send any certificate.\n");
262 return;
263 }
264
265 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
266 {
267 if (status & GNUTLS_CERT_REVOKED)
268 printf ("- Peer's certificate chain revoked\n");
269 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
270 printf ("- Peer's certificate issuer is unknown\n");
271 if (status & GNUTLS_CERT_SIGNER_NOT_CA)
272 printf ("- Peer's certificate issuer is not a CA\n");
273 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
274 printf ("- Peer's certificate chain uses insecure algorithm\n");
275 if (status & GNUTLS_CERT_NOT_ACTIVATED)
276 printf ("- Peer's certificate chain uses not yet valid certificate\n");
277 if (status & GNUTLS_CERT_EXPIRED)
278 printf ("- Peer's certificate chain uses expired certificate\n");
279 if (status & GNUTLS_CERT_INVALID)
280 printf ("- Peer's certificate is NOT trusted\n");
281 else
282 printf ("- Peer's certificate is trusted\n");
283 }
284 else
285 {
286 if (status & GNUTLS_CERT_INVALID)
287 printf ("- Peer's key is invalid\n");
288 else
289 printf ("- Peer's key is valid\n");
290 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
291 printf ("- Could not find a signer of the peer's key\n");
292 }
293 }
294
295 static void
296 print_dh_info (gnutls_session_t session, const char *str)
297 {
298 printf ("- %sDiffie-Hellman parameters\n", str);
299 printf (" - Using prime: %d bits\n", gnutls_dh_get_prime_bits (session));
300 printf (" - Secret key: %d bits\n", gnutls_dh_get_secret_bits (session));
301 printf (" - Peer's public key: %d bits\n",
302 gnutls_dh_get_peers_public_bits (session));
303
304 if (print_cert)
305 {
306 int ret;
307 gnutls_datum_t raw_gen = { NULL, 0 };
308 gnutls_datum_t raw_prime = { NULL, 0 };
309 gnutls_dh_params_t dh_params = NULL;
310 unsigned char *params_data = NULL;
311 size_t params_data_size = 0;
312
313 ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
314 if (ret)
315 {
316 fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
317 goto out;
318 }
319
320 ret = gnutls_dh_params_init (&dh_params);
321 if (ret)
322 {
323 fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
324 goto out;
325 }
326
327 ret = gnutls_dh_params_import_raw (dh_params, &raw_prime, &raw_gen);
328 if (ret)
329 {
330 fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
331 goto out;
332 }
333
334 ret = gnutls_dh_params_export_pkcs3 (dh_params,
335 GNUTLS_X509_FMT_PEM,
336 params_data, &params_data_size);
337 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
338 {
339 fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
340 goto out;
341 }
342
343 params_data = gnutls_malloc (params_data_size);
344 if (!params_data)
345 {
346 fprintf (stderr, "gnutls_malloc %d\n", ret);
347 goto out;
348 }
349
350 ret = gnutls_dh_params_export_pkcs3 (dh_params,
351 GNUTLS_X509_FMT_PEM,
352 params_data, &params_data_size);
353 if (ret)
354 {
355 fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
356 goto out;
357 }
358
359 printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
360 params_data);
361
362 out:
363 gnutls_free (params_data);
364 gnutls_free (raw_prime.data);
365 gnutls_free (raw_gen.data);
366 gnutls_dh_params_deinit (dh_params);
367 }
368 }
369
370 int
371 print_info (gnutls_session_t session, const char *hostname, int insecure)
372 {
373 const char *tmp;
374 gnutls_credentials_type_t cred;
375 gnutls_kx_algorithm_t kx;
376
377
378 /* print the key exchange's algorithm name
379 */
380 kx = gnutls_kx_get (session);
381
382 cred = gnutls_auth_get_type (session);
383 switch (cred)
384 {
385 #ifdef ENABLE_ANON
386 case GNUTLS_CRD_ANON:
387 print_dh_info (session, "Anonymous ");
388 break;
389 #endif
390 #ifdef ENABLE_SRP
391 case GNUTLS_CRD_SRP:
392 /* This should be only called in server
393 * side.
394 */
395 if (gnutls_srp_server_get_username (session) != NULL)
396 printf ("- SRP authentication. Connected as '%s'\n",
397 gnutls_srp_server_get_username (session));
398 break;
399 #endif
400 #ifdef ENABLE_PSK
401 case GNUTLS_CRD_PSK:
402 /* This returns NULL in server side.
403 */
404 if (gnutls_psk_client_get_hint (session) != NULL)
405 printf ("- PSK authentication. PSK hint '%s'\n",
406 gnutls_psk_client_get_hint (session));
407 /* This returns NULL in client side.
408 */
409 if (gnutls_psk_server_get_username (session) != NULL)
410 printf ("- PSK authentication. Connected as '%s'\n",
411 gnutls_psk_server_get_username (session));
412 if (kx == GNUTLS_KX_DHE_PSK)
413 print_dh_info (session, "Ephemeral ");
414 break;
415 #endif
416 case GNUTLS_CRD_IA:
417 printf ("- TLS/IA authentication\n");
418 break;
419 case GNUTLS_CRD_CERTIFICATE:
420 {
421 char dns[256];
422 size_t dns_size = sizeof (dns);
423 unsigned int type;
424
425 /* This fails in client side */
426 if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
427 {
428 printf ("- Given server name[%d]: %s\n", type, dns);
429 }
430 }
431
432 if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
433 print_dh_info (session, "Ephemeral ");
434
435 print_cert_info (session, hostname, insecure);
436
437 print_cert_vrfy (session);
438
439 }
440
441 tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
442 printf ("- Version: %s\n", tmp);
443
444 tmp = SU (gnutls_kx_get_name (kx));
445 printf ("- Key Exchange: %s\n", tmp);
446
447 tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
448 printf ("- Cipher: %s\n", tmp);
449
450 tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
451 printf ("- MAC: %s\n", tmp);
452
453 tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
454 printf ("- Compression: %s\n", tmp);
455
456 if (verbose)
457 {
458 char id[32];
459 size_t id_size = sizeof (id);
460 gnutls_session_get_id (session, id, &id_size);
461 printf ("- Session ID: %s\n", raw_to_string (id, id_size));
462 }
463
464
465 fflush (stdout);
466
467 return 0;
468 }
469
470 void
471 print_cert_info (gnutls_session_t session, const char *hostname, int insecure)
472 {
473
474 if (gnutls_certificate_client_get_request_status (session) != 0)
475 printf ("- Server has requested a certificate.\n");
476
477 printf ("- Certificate type: ");
478 switch (gnutls_certificate_type_get (session))
479 {
480 case GNUTLS_CRT_UNKNOWN:
481 printf ("Unknown\n");
482
483 if (!insecure)
484 exit (1);
485 break;
486 case GNUTLS_CRT_X509:
487 printf ("X.509\n");
488 print_x509_info (session, hostname, insecure);
489 break;
490 #ifdef ENABLE_OPENPGP
491 case GNUTLS_CRT_OPENPGP:
492 printf ("OpenPGP\n");
493 print_openpgp_info (session, hostname, insecure);
494 break;
495 #endif
496 }
497 }
498
499 void
500 print_list (int verbose)
501 {
502 {
503 size_t i;
504 const char *name;
505 char id[2];
506 gnutls_kx_algorithm_t kx;
507 gnutls_cipher_algorithm_t cipher;
508 gnutls_mac_algorithm_t mac;
509 gnutls_protocol_t version;
510
511 printf ("Cipher suites:\n");
512 for (i = 0; (name = gnutls_cipher_suite_info
513 (i, id, &kx, &cipher, &mac, &version)); i++)
514 {
515 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
516 name,
517 (unsigned char) id[0], (unsigned char) id[1],
518 gnutls_protocol_get_name (version));
519 if (verbose)
520 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
521 gnutls_kx_get_name (kx),
522 gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
523 }
524 }
525
526 {
527 const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
528
529 printf ("Certificate types: ");
530 for (; *p; p++)
531 {
532 printf ("%s", gnutls_certificate_type_get_name (*p));
533 if (*(p + 1))
534 printf (", ");
535 else
536 printf ("\n");
537 }
538 }
539
540 {
541 const gnutls_protocol_t *p = gnutls_protocol_list ();
542
543 printf ("Protocols: ");
544 for (; *p; p++)
545 {
546 printf ("%s", gnutls_protocol_get_name (*p));
547 if (*(p + 1))
548 printf (", ");
549 else
550 printf ("\n");
551 }
552 }
553
554 {
555 const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
556
557 printf ("Ciphers: ");
558 for (; *p; p++)
559 {
560 printf ("%s", gnutls_cipher_get_name (*p));
561 if (*(p + 1))
562 printf (", ");
563 else
564 printf ("\n");
565 }
566 }
567
568 {
569 const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
570
571 printf ("MACs: ");
572 for (; *p; p++)
573 {
574 printf ("%s", gnutls_mac_get_name (*p));
575 if (*(p + 1))
576 printf (", ");
577 else
578 printf ("\n");
579 }
580 }
581
582 {
583 const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
584
585 printf ("Key exchange algorithms: ");
586 for (; *p; p++)
587 {
588 printf ("%s", gnutls_kx_get_name (*p));
589 if (*(p + 1))
590 printf (", ");
591 else
592 printf ("\n");
593 }
594 }
595
596 {
597 const gnutls_compression_method_t *p = gnutls_compression_list ();
598
599 printf ("Compression: ");
600 for (; *p; p++)
601 {
602 printf ("%s", gnutls_compression_get_name (*p));
603 if (*(p + 1))
604 printf (", ");
605 else
606 printf ("\n");
607 }
608 }
609
610 {
611 const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
612
613 printf ("Public Key Systems: ");
614 for (; *p; p++)
615 {
616 printf ("%s", gnutls_pk_algorithm_get_name (*p));
617 if (*(p + 1))
618 printf (", ");
619 else
620 printf ("\n");
621 }
622 }
623
624 {
625 const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
626
627 printf ("PK-signatures: ");
628 for (; *p; p++)
629 {
630 printf ("%s", gnutls_sign_algorithm_get_name (*p));
631 if (*(p + 1))
632 printf (", ");
633 else
634 printf ("\n");
635 }
636 }
637 }
638
639 static int depr_printed = 0;
640 #define DEPRECATED if (depr_printed==0) { \
641 fprintf(stderr, "This method of specifying algorithms is deprecated. Please use the --priority option.\n"); \
642 depr_printed = 1; \
643 }
644
645 void
646 parse_protocols (char **protocols, int protocols_size, int *protocol_priority)
647 {
648 int i, j;
649
650 if (protocols != NULL && protocols_size > 0)
651 {
652 DEPRECATED;
653
654 for (j = i = 0; i < protocols_size; i++)
655 {
656 if (strncasecmp (protocols[i], "SSL", 3) == 0)
657 protocol_priority[j++] = GNUTLS_SSL3;
658 else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
659 protocol_priority[j++] = GNUTLS_TLS1_1;
660 else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
661 protocol_priority[j++] = GNUTLS_TLS1_2;
662 else if (strncasecmp (protocols[i], "TLS", 3) == 0)
663 protocol_priority[j++] = GNUTLS_TLS1_0;
664 else
665 fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
666 }
667 protocol_priority[j] = 0;
668 }
669 }
670
671 void
672 parse_ciphers (char **ciphers, int nciphers, int *cipher_priority)
673 {
674 int j, i;
675
676
677 if (ciphers != NULL && nciphers > 0)
678 {
679 DEPRECATED;
680 for (j = i = 0; i < nciphers; i++)
681 {
682 if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
683 cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
684 else if (strncasecmp (ciphers[i], "AES", 3) == 0)
685 cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
686 else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
687 cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
688 else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
689 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
690 else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
691 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
692 #ifdef ENABLE_CAMELLIA
693 else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
694 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
695 else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
696 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
697 #endif
698 else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
699 cipher_priority[j++] = GNUTLS_CIPHER_NULL;
700 else
701 fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
702 }
703 cipher_priority[j] = 0;
704 }
705 }
706
707 void
708 parse_macs (char **macs, int nmacs, int *mac_priority)
709 {
710 int i, j;
711
712
713 if (macs != NULL && nmacs > 0)
714 {
715 DEPRECATED;
716 for (j = i = 0; i < nmacs; i++)
717 {
718 if (strncasecmp (macs[i], "MD5", 3) == 0)
719 mac_priority[j++] = GNUTLS_MAC_MD5;
720 else if (strncasecmp (macs[i], "RMD", 3) == 0)
721 mac_priority[j++] = GNUTLS_MAC_RMD160;
722 else if (strncasecmp (macs[i], "SHA512", 6) == 0)
723 mac_priority[j++] = GNUTLS_MAC_SHA512;
724 else if (strncasecmp (macs[i], "SHA384", 6) == 0)
725 mac_priority[j++] = GNUTLS_MAC_SHA384;
726 else if (strncasecmp (macs[i], "SHA256", 6) == 0)
727 mac_priority[j++] = GNUTLS_MAC_SHA256;
728 else if (strncasecmp (macs[i], "SHA", 3) == 0)
729 mac_priority[j++] = GNUTLS_MAC_SHA1;
730 else
731 fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
732 }
733 mac_priority[j] = 0;
734 }
735 }
736
737 void
738 parse_ctypes (char **ctype, int nctype, int *cert_type_priority)
739 {
740 int i, j;
741
742 if (ctype != NULL && nctype > 0)
743 {
744 DEPRECATED;
745 for (j = i = 0; i < nctype; i++)
746 {
747 if (strncasecmp (ctype[i], "OPE", 3) == 0)
748 cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
749 else if (strncasecmp (ctype[i], "X", 1) == 0)
750 cert_type_priority[j++] = GNUTLS_CRT_X509;
751 else
752 fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
753 }
754 cert_type_priority[j] = 0;
755 }
756 }
757
758 void
759 parse_kx (char **kx, int nkx, int *kx_priority)
760 {
761 int i, j;
762
763
764 if (kx != NULL && nkx > 0)
765 {
766 DEPRECATED;
767 for (j = i = 0; i < nkx; i++)
768 {
769 if (strcasecmp (kx[i], "SRP") == 0)
770 kx_priority[j++] = GNUTLS_KX_SRP;
771 else if (strcasecmp (kx[i], "SRP-RSA") == 0)
772 kx_priority[j++] = GNUTLS_KX_SRP_RSA;
773 else if (strcasecmp (kx[i], "SRP-DSS") == 0)
774 kx_priority[j++] = GNUTLS_KX_SRP_DSS;
775 else if (strcasecmp (kx[i], "RSA") == 0)
776 kx_priority[j++] = GNUTLS_KX_RSA;
777 else if (strcasecmp (kx[i], "PSK") == 0)
778 kx_priority[j++] = GNUTLS_KX_PSK;
779 else if (strcasecmp (kx[i], "DHE-PSK") == 0)
780 kx_priority[j++] = GNUTLS_KX_DHE_PSK;
781 else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
782 kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
783 else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
784 kx_priority[j++] = GNUTLS_KX_DHE_RSA;
785 else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
786 kx_priority[j++] = GNUTLS_KX_DHE_DSS;
787 else if (strncasecmp (kx[i], "ANON", 4) == 0)
788 kx_priority[j++] = GNUTLS_KX_ANON_DH;
789 else
790 fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
791 }
792 kx_priority[j] = 0;
793 }
794 }
795
796 void
797 parse_comp (char **comp, int ncomp, int *comp_priority)
798 {
799 int i, j;
800
801 if (comp != NULL && ncomp > 0)
802 {
803 DEPRECATED;
804 for (j = i = 0; i < ncomp; i++)
805 {
806 if (strncasecmp (comp[i], "NUL", 3) == 0)
807 comp_priority[j++] = GNUTLS_COMP_NULL;
808 else if (strncasecmp (comp[i], "ZLI", 3) == 0)
809 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
810 else if (strncasecmp (comp[i], "DEF", 3) == 0)
811 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
812 else if (strncasecmp (comp[i], "LZO", 3) == 0)
813 comp_priority[j++] = GNUTLS_COMP_LZO;
814 else
815 fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
816 }
817 comp_priority[j] = 0;
818 }
819 }
820
821 void
822 sockets_init (void)
823 {
824 #ifdef _WIN32
825 WORD wVersionRequested;
826 WSADATA wsaData;
827
828 wVersionRequested = MAKEWORD (1, 1);
829 if (WSAStartup (wVersionRequested, &wsaData) != 0)
830 {
831 perror ("WSA_STARTUP_ERROR");
832 }
833 #endif
834 }
835
836 /* converts a service name or a port (in string) to a
837 * port number. The protocol is assumed to be TCP.
838 *
839 * returns -1 on error;
840 */
841 int
842 service_to_port (const char *service)
843 {
844 int port;
845 struct servent *server_port;
846
847 port = atoi (service);
848 if (port != 0)
849 return port;
850
851 server_port = getservbyname (service, "tcp");
852 if (server_port == NULL)
853 {
854 perror ("getservbyname()");
855 return (-1);
856 }
857
858 return ntohs (server_port->s_port);
859 }
Implementation of the SSL/TLS protocol