2 * Copyright (C) 2002, 2003, 2004, 2005, 2010 Free Software Foundation,
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GNUTLS.
9 * The GNUTLS library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
26 /* This file contains the code the Certificate Type TLS extension.
27 * This extension is currently gnutls specific.
30 #include "gnutls_int.h"
31 #include "gnutls_errors.h"
32 #include "gnutls_num.h"
33 #include "ext_cert_type.h"
34 #include <gnutls_state.h>
35 #include <gnutls_num.h>
37 inline static int _gnutls_num2cert_type (int num
);
38 inline static int _gnutls_cert_type2num (int record_size
);
41 * In case of a server: if a CERT_TYPE extension type is received then it stores
42 * into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(),
45 * In case of a client: If a cert_types have been specified then we send the extension.
50 _gnutls_cert_type_recv_params (gnutls_session_t session
,
51 const opaque
* data
, size_t _data_size
)
53 int new_type
= -1, ret
, i
;
54 ssize_t data_size
= _data_size
;
56 if (session
->security_parameters
.entity
== GNUTLS_CLIENT
)
63 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
66 new_type
= _gnutls_num2cert_type (data
[0]);
74 /* Check if we support this cert_type */
76 _gnutls_session_cert_type_supported (session
, new_type
)) < 0)
82 _gnutls_session_cert_type_set (session
, new_type
);
86 { /* SERVER SIDE - we must check if the sent cert type is the right one
92 DECR_LEN (data_size
, 1);
94 DECR_LEN (data_size
, len
);
96 for (i
= 0; i
< len
; i
++)
98 new_type
= _gnutls_num2cert_type (data
[i
+ 1]);
103 /* Check if we support this cert_type */
105 _gnutls_session_cert_type_supported (session
,
119 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
;
123 _gnutls_session_cert_type_supported (session
, new_type
)) < 0)
126 /* The peer has requested unsupported certificate
127 * types. Instead of failing, procceed normally.
128 * (the ciphersuite selection would fail, or a
129 * non certificate ciphersuite will be selected).
134 _gnutls_session_cert_type_set (session
, new_type
);
143 /* returns data_size or a negative number on failure
146 _gnutls_cert_type_send_params (gnutls_session_t session
, opaque
* data
,
151 /* this function sends the client extension data (dnsname) */
152 if (session
->security_parameters
.entity
== GNUTLS_CLIENT
)
155 if (session
->internals
.priorities
.cert_type
.algorithms
> 0)
158 len
= session
->internals
.priorities
.cert_type
.algorithms
;
161 session
->internals
.priorities
.cert_type
.priority
[0] ==
164 /* We don't use this extension if X.509 certificates
170 if (data_size
< len
+ 1)
173 return GNUTLS_E_SHORT_MEMORY_BUFFER
;
178 data
[0] = (uint8_t) len
;
180 for (i
= 0; i
< len
; i
++)
183 _gnutls_cert_type2num (session
->internals
.
184 priorities
.cert_type
.priority
[i
]);
192 if (session
->security_parameters
.cert_type
!= DEFAULT_CERT_TYPE
)
198 return GNUTLS_E_SHORT_MEMORY_BUFFER
;
202 _gnutls_cert_type2num (session
->security_parameters
.cert_type
);
212 /* Maps numbers to record sizes according to the
216 _gnutls_num2cert_type (int num
)
221 return GNUTLS_CRT_X509
;
223 return GNUTLS_CRT_OPENPGP
;
225 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
;
229 /* Maps record size to numbers according to the
233 _gnutls_cert_type2num (int cert_type
)
237 case GNUTLS_CRT_X509
:
239 case GNUTLS_CRT_OPENPGP
:
242 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
;