search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
We reverted the ABI bump.
[gnutls.git] / src / common.c
bloba181597598ff2608a031e9a7428ec7b5ddf9b1a6
1 /*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation
3 * Author: Nikos Mavrogiannopoulos
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <gnutls/gnutls.h>
26 #include <gnutls/extra.h>
27 #include <gnutls/x509.h>
28 #include <gnutls/openpgp.h>
29 #include <time.h>
30 #include <common.h>
31
32 #define TEST_STRING
33
34 #define SU(x) (x!=NULL?x:"Unknown")
35
36 int print_cert;
37 extern int verbose;
38
39 static char buffer[5 * 1024];
40
41 #define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y)
42 #define PRINT_PGP_NAME(X) PRINTX( "NAME:", name)
43
44 const char str_unknown[] = "(unknown)";
45
46 /* Hex encodes the given data.
47 */
48 const char *
49 raw_to_string (const unsigned char *raw, size_t raw_size)
50 {
51 static char buf[1024];
52 size_t i;
53 if (raw_size == 0)
54 return NULL;
55
56 if (raw_size * 3 + 1 >= sizeof (buf))
57 return NULL;
58
59 for (i = 0; i < raw_size; i++)
60 {
61 sprintf (&(buf[i * 3]), "%02X%s", raw[i],
62 (i == raw_size - 1) ? "" : ":");
63 }
64 buf[sizeof (buf) - 1] = '\0';
65
66 return buf;
67 }
68
69 static const char *
70 my_ctime (const time_t * tv)
71 {
72 static char buf[256];
73 struct tm *tp;
74
75 if (((tp = localtime (tv)) == NULL) ||
76 (!strftime (buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp)))
77 strcpy (buf, str_unknown); /* make sure buf text isn't garbage */
78
79 return buf;
80
81 }
82
83
84 void
85 print_x509_info (gnutls_session_t session, const char *hostname, int insecure)
86 {
87 gnutls_x509_crt_t crt;
88 const gnutls_datum_t *cert_list;
89 unsigned int cert_list_size = 0;
90 int ret;
91 char digest[20];
92 char serial[40];
93 char dn[256];
94 size_t dn_size;
95 size_t digest_size = sizeof (digest);
96 unsigned int j;
97 size_t serial_size = sizeof (serial);
98 const char *print;
99 const char *cstr;
100 unsigned int bits, algo;
101 time_t expiret, activet;
102
103 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
104
105
106 if (cert_list_size == 0)
107 {
108 fprintf (stderr, "No certificates found!\n");
109 return;
110 }
111
112 printf (" - Got a certificate list of %d certificates.\n\n",
113 cert_list_size);
114
115 for (j = 0; j < (unsigned int) cert_list_size; j++)
116 {
117
118 gnutls_x509_crt_init (&crt);
119 ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
120 if (ret < 0)
121 {
122 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
123 return;
124 }
125
126 printf (" - Certificate[%d] info:\n", j);
127
128 if (print_cert)
129 {
130 size_t size;
131
132 size = sizeof (buffer);
133
134 ret =
135 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, buffer, &size);
136 if (ret < 0)
137 {
138 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
139 return;
140 }
141 fputs ("\n", stdout);
142 fputs (buffer, stdout);
143 fputs ("\n", stdout);
144 }
145
146 if (j == 0 && hostname != NULL)
147 { /* Check the hostname of the first certificate
148 * if it matches the name of the host we
149 * connected to.
150 */
151 if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
152 {
153 printf
154 (" # The hostname in the certificate does NOT match '%s'.\n",
155 hostname);
156 if (!insecure)
157 exit(1);
158 }
159 else
160 {
161 printf
162 (" # The hostname in the certificate matches '%s'.\n",
163 hostname);
164 }
165 }
166
167
168 expiret = gnutls_x509_crt_get_expiration_time (crt);
169 activet = gnutls_x509_crt_get_activation_time (crt);
170
171 printf (" # valid since: %s", my_ctime (&activet));
172 printf (" # expires at: %s", my_ctime (&expiret));
173
174
175 /* Print the serial number of the certificate.
176 */
177 if (verbose
178 && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0)
179 {
180 print = raw_to_string (serial, serial_size);
181 if (print != NULL)
182 printf (" # serial number: %s\n", print);
183 }
184
185 /* Print the fingerprint of the certificate
186 */
187 digest_size = sizeof (digest);
188 if ((ret =
189 gnutls_x509_crt_get_fingerprint (crt,
190 GNUTLS_DIG_MD5,
191 digest, &digest_size)) < 0)
192 {
193 fprintf (stderr,
194 "Error in fingerprint calculation: %s\n",
195 gnutls_strerror (ret));
196 }
197 else
198 {
199 print = raw_to_string (digest, digest_size);
200 if (print != NULL)
201 printf (" # fingerprint: %s\n", print);
202 }
203
204 /* Print the version of the X.509
205 * certificate.
206 */
207 if (verbose)
208 {
209 printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt));
210
211 bits = 0;
212 algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits);
213 printf (" # public key algorithm: ");
214
215 cstr = SU (gnutls_pk_algorithm_get_name (algo));
216 printf ("%s (%d bits)\n", cstr, bits);
217
218 #ifdef ENABLE_PKI
219 if (algo == GNUTLS_PK_RSA)
220 {
221 gnutls_datum_t e, m;
222
223 ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e);
224 if (ret >= 0)
225 {
226 print = SU (raw_to_string (e.data, e.size));
227 printf (" # e [%d bits]: %s\n", e.size * 8, print);
228
229 print = SU (raw_to_string (m.data, m.size));
230 printf (" # m [%d bits]: %s\n", m.size * 8, print);
231
232 gnutls_free (e.data);
233 gnutls_free (m.data);
234 }
235 }
236 else if (algo == GNUTLS_PK_DSA)
237 {
238 gnutls_datum_t p, q, g, y;
239
240 ret = gnutls_x509_crt_get_pk_dsa_raw (crt, &p, &q, &g, &y);
241 if (ret >= 0)
242 {
243 print = SU (raw_to_string (p.data, p.size));
244 printf (" # p [%d bits]: %s\n", p.size * 8, print);
245
246 print = SU (raw_to_string (q.data, q.size));
247 printf (" # q [%d bits]: %s\n", q.size * 8, print);
248
249 print = SU (raw_to_string (g.data, g.size));
250 printf (" # g [%d bits]: %s\n", g.size * 8, print);
251
252 print = SU (raw_to_string (y.data, y.size));
253 printf (" # y [%d bits]: %s\n", y.size * 8, print);
254
255 gnutls_free (p.data);
256 gnutls_free (q.data);
257 gnutls_free (g.data);
258 gnutls_free (y.data);
259 }
260 }
261 #endif
262 }
263
264 dn_size = sizeof (dn);
265 ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size);
266 if (ret >= 0)
267 printf (" # Subject's DN: %s\n", dn);
268
269 dn_size = sizeof (dn);
270 ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size);
271 if (ret >= 0)
272 printf (" # Issuer's DN: %s\n", dn);
273
274 gnutls_x509_crt_deinit (crt);
275
276 printf ("\n");
277
278 }
279
280 }
281
282 #ifdef ENABLE_OPENPGP
283
284 void
285 print_openpgp_info (gnutls_session_t session, const char *hostname, int insecure)
286 {
287
288 char digest[20];
289 size_t digest_size = sizeof (digest);
290 int ret;
291 const char *print;
292 const char *cstr;
293 char name[256];
294 size_t name_len = sizeof (name);
295 gnutls_openpgp_crt_t crt;
296 const gnutls_datum_t *cert_list;
297 int cert_list_size = 0;
298 time_t expiret;
299 time_t activet;
300
301 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
302
303 if (cert_list_size > 0)
304 {
305 unsigned int algo, bits;
306
307 gnutls_openpgp_crt_init (&crt);
308 ret =
309 gnutls_openpgp_crt_import (crt, &cert_list[0],
310 GNUTLS_OPENPGP_FMT_RAW);
311 if (ret < 0)
312 {
313 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
314 return;
315 }
316
317 if (print_cert)
318 {
319 size_t size;
320
321 size = sizeof (buffer);
322
323 ret =
324 gnutls_openpgp_crt_export (crt,
325 GNUTLS_OPENPGP_FMT_BASE64,
326 buffer, &size);
327 if (ret < 0)
328 {
329 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
330 return;
331 }
332 fputs ("\n", stdout);
333 fputs (buffer, stdout);
334 fputs ("\n", stdout);
335 }
336
337 if (hostname != NULL)
338 { /* Check the hostname of the first certificate
339 * if it matches the name of the host we
340 * connected to.
341 */
342 if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
343 {
344 printf
345 (" # The hostname in the certificate does NOT match '%s'.\n",
346 hostname);
347 if (!insecure)
348 exit(1);
349 }
350 else
351 {
352 printf (" # The hostname in the certificate matches '%s'.\n", hostname);
353 }
354 }
355
356 activet = gnutls_openpgp_crt_get_creation_time (crt);
357 expiret = gnutls_openpgp_crt_get_expiration_time (crt);
358
359 printf (" # Key was created at: %s", my_ctime (&activet));
360 printf (" # Key expires: ");
361 if (expiret != 0)
362 printf ("%s", my_ctime (&expiret));
363 else
364 printf ("Never\n");
365
366 if (gnutls_openpgp_crt_get_fingerprint (crt, digest, &digest_size) >= 0)
367 {
368 print = raw_to_string (digest, digest_size);
369
370 printf (" # PGP Key version: %d\n",
371 gnutls_openpgp_crt_get_version (crt));
372
373 bits = 0;
374 algo = gnutls_openpgp_crt_get_pk_algorithm (crt, &bits);
375
376 printf (" # PGP Key public key algorithm: ");
377 cstr = SU (gnutls_pk_algorithm_get_name (algo));
378 printf ("%s (%d bits)\n", cstr, bits);
379
380 if (print != NULL)
381 printf (" # PGP Key fingerprint: %s\n", print);
382
383 name_len = sizeof (name);
384 if (gnutls_openpgp_crt_get_name (crt, 0, name, &name_len) < 0)
385 {
386 fprintf (stderr, "Could not extract name\n");
387 }
388 else
389 {
390 PRINT_PGP_NAME (name);
391 }
392
393 }
394
395 gnutls_openpgp_crt_deinit (crt);
396
397 }
398 }
399
400 #endif
401
402 void
403 print_cert_vrfy (gnutls_session_t session)
404 {
405 int rc;
406 unsigned int status;
407
408 rc = gnutls_certificate_verify_peers2 (session, &status);
409 printf ("\n");
410
411 if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
412 {
413 printf ("- Peer did not send any certificate.\n");
414 return;
415 }
416
417 if (rc < 0)
418 {
419 printf ("- Could not verify certificate (err: %s)\n",
420 gnutls_strerror (rc));
421 return;
422 }
423
424 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
425 {
426 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
427 printf ("- Peer's certificate issuer is unknown\n");
428 if (status & GNUTLS_CERT_INVALID)
429 printf ("- Peer's certificate is NOT trusted\n");
430 else
431 printf ("- Peer's certificate is trusted\n");
432 }
433 else
434 {
435 if (status & GNUTLS_CERT_INVALID)
436 printf ("- Peer's key is invalid\n");
437 else
438 printf ("- Peer's key is valid\n");
439 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
440 printf ("- Could not find a signer of the peer's key\n");
441 }
442 }
443
444 void
445 print_dh_info (gnutls_session_t session, const char *str)
446 {
447 printf ("- %sDiffie-Hellman parameters\n", str);
448 printf (" - Using prime: %d bits\n",
449 gnutls_dh_get_prime_bits (session));
450 printf (" - Secret key: %d bits\n",
451 gnutls_dh_get_secret_bits (session));
452 printf (" - Peer's public key: %d bits\n",
453 gnutls_dh_get_peers_public_bits (session));
454
455 if (print_cert)
456 {
457 int ret;
458 gnutls_datum_t raw_gen = { NULL, 0 };
459 gnutls_datum_t raw_prime = { NULL, 0 };
460 gnutls_dh_params_t dh_params = NULL;
461 unsigned char *params_data = NULL;
462 size_t params_data_size = 0;
463
464 ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
465 if (ret)
466 {
467 fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
468 goto out;
469 }
470
471 ret = gnutls_dh_params_init (&dh_params);
472 if (ret)
473 {
474 fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
475 goto out;
476 }
477
478 ret = gnutls_dh_params_import_raw (dh_params, &raw_prime,
479 &raw_gen);
480 if (ret)
481 {
482 fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
483 goto out;
484 }
485
486 ret = gnutls_dh_params_export_pkcs3 (dh_params,
487 GNUTLS_X509_FMT_PEM,
488 params_data,
489 &params_data_size);
490 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
491 {
492 fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
493 goto out;
494 }
495
496 params_data = gnutls_malloc (params_data_size);
497 if (!params_data)
498 {
499 fprintf (stderr, "gnutls_malloc %d\n", ret);
500 goto out;
501 }
502
503 ret = gnutls_dh_params_export_pkcs3 (dh_params,
504 GNUTLS_X509_FMT_PEM,
505 params_data,
506 &params_data_size);
507 if (ret)
508 {
509 fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
510 goto out;
511 }
512
513 printf (" - PKCS#3 format:\n\n%.*s\n", params_data_size, params_data);
514
515 out:
516 gnutls_free (params_data);
517 gnutls_free (raw_prime.data);
518 gnutls_free (raw_gen.data);
519 gnutls_dh_params_deinit (dh_params);
520 }
521 }
522
523 int
524 print_info (gnutls_session_t session, const char *hostname, int insecure)
525 {
526 const char *tmp;
527 gnutls_credentials_type_t cred;
528 gnutls_kx_algorithm_t kx;
529
530
531 /* print the key exchange's algorithm name
532 */
533 kx = gnutls_kx_get (session);
534
535 cred = gnutls_auth_get_type (session);
536 switch (cred)
537 {
538 #ifdef ENABLE_ANON
539 case GNUTLS_CRD_ANON:
540 print_dh_info (session, "Anonymous ");
541 break;
542 #endif
543 #ifdef ENABLE_SRP
544 case GNUTLS_CRD_SRP:
545 /* This should be only called in server
546 * side.
547 */
548 if (gnutls_srp_server_get_username (session) != NULL)
549 printf ("- SRP authentication. Connected as '%s'\n",
550 gnutls_srp_server_get_username (session));
551 break;
552 #endif
553 #ifdef ENABLE_PSK
554 case GNUTLS_CRD_PSK:
555 /* This returns NULL in server side.
556 */
557 if (gnutls_psk_client_get_hint (session) != NULL)
558 printf ("- PSK authentication. PSK hint '%s'\n",
559 gnutls_psk_client_get_hint (session));
560 /* This returns NULL in client side.
561 */
562 if (gnutls_psk_server_get_username (session) != NULL)
563 printf ("- PSK authentication. Connected as '%s'\n",
564 gnutls_psk_server_get_username (session));
565 if (kx == GNUTLS_KX_DHE_PSK)
566 print_dh_info (session, "Ephemeral ");
567 break;
568 #endif
569 case GNUTLS_CRD_IA:
570 printf ("- TLS/IA authentication\n");
571 break;
572 case GNUTLS_CRD_CERTIFICATE:
573 {
574 char dns[256];
575 size_t dns_size = sizeof (dns);
576 unsigned int type;
577
578 /* This fails in client side */
579 if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
580 {
581 printf ("- Given server name[%d]: %s\n", type, dns);
582 }
583 }
584
585 if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
586 print_dh_info (session, "Ephemeral ");
587
588 print_cert_info (session, hostname, insecure);
589
590 print_cert_vrfy (session);
591
592 }
593
594 tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
595 printf ("- Version: %s\n", tmp);
596
597 tmp = SU (gnutls_kx_get_name (kx));
598 printf ("- Key Exchange: %s\n", tmp);
599
600 tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
601 printf ("- Cipher: %s\n", tmp);
602
603 tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
604 printf ("- MAC: %s\n", tmp);
605
606 tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
607 printf ("- Compression: %s\n", tmp);
608
609 if (verbose) {
610 char id[32];
611 size_t id_size = sizeof(id);
612 gnutls_session_get_id (session, id, &id_size);
613 printf("- Session ID: %s\n", raw_to_string(id, id_size) );
614 }
615
616
617 fflush (stdout);
618
619 return 0;
620 }
621
622 void
623 print_cert_info (gnutls_session_t session, const char *hostname, int insecure)
624 {
625
626 if (gnutls_certificate_client_get_request_status (session) != 0)
627 printf ("- Server has requested a certificate.\n");
628
629 printf ("- Certificate type: ");
630 switch (gnutls_certificate_type_get (session))
631 {
632 case GNUTLS_CRT_UNKNOWN:
633 printf ("Unknown\n");
634
635 if (!insecure)
636 exit(1);
637 break;
638 case GNUTLS_CRT_X509:
639 printf ("X.509\n");
640 print_x509_info (session, hostname, insecure);
641 break;
642 #ifdef ENABLE_OPENPGP
643 case GNUTLS_CRT_OPENPGP:
644 printf ("OpenPGP\n");
645 print_openpgp_info (session, hostname, insecure);
646 break;
647 #endif
648 }
649 }
650
651 void
652 print_list (int verbose)
653 {
654 {
655 size_t i;
656 const char *name;
657 char id[2];
658 gnutls_kx_algorithm_t kx;
659 gnutls_cipher_algorithm_t cipher;
660 gnutls_mac_algorithm_t mac;
661 gnutls_protocol_t version;
662
663 printf ("Cipher suites:\n");
664 for (i = 0; (name = gnutls_cipher_suite_info
665 (i, id, &kx, &cipher, &mac, &version)); i++)
666 {
667 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
668 name,
669 (unsigned char) id[0], (unsigned char) id[1],
670 gnutls_protocol_get_name (version));
671 if (verbose)
672 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
673 gnutls_kx_get_name (kx),
674 gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
675 }
676 }
677
678 {
679 const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
680
681 printf ("Certificate types: ");
682 for (; *p; p++)
683 {
684 printf ("%s", gnutls_certificate_type_get_name (*p));
685 if (*(p + 1))
686 printf (", ");
687 else
688 printf ("\n");
689 }
690 }
691
692 {
693 const gnutls_protocol_t *p = gnutls_protocol_list ();
694
695 printf ("Protocols: ");
696 for (; *p; p++)
697 {
698 printf ("%s", gnutls_protocol_get_name (*p));
699 if (*(p + 1))
700 printf (", ");
701 else
702 printf ("\n");
703 }
704 }
705
706 {
707 const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
708
709 printf ("Ciphers: ");
710 for (; *p; p++)
711 {
712 printf ("%s", gnutls_cipher_get_name (*p));
713 if (*(p + 1))
714 printf (", ");
715 else
716 printf ("\n");
717 }
718 }
719
720 {
721 const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
722
723 printf ("MACs: ");
724 for (; *p; p++)
725 {
726 printf ("%s", gnutls_mac_get_name (*p));
727 if (*(p + 1))
728 printf (", ");
729 else
730 printf ("\n");
731 }
732 }
733
734 {
735 const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
736
737 printf ("Key exchange algorithms: ");
738 for (; *p; p++)
739 {
740 printf ("%s", gnutls_kx_get_name (*p));
741 if (*(p + 1))
742 printf (", ");
743 else
744 printf ("\n");
745 }
746 }
747
748 {
749 const gnutls_compression_method_t *p = gnutls_compression_list ();
750
751 printf ("Compression: ");
752 for (; *p; p++)
753 {
754 printf ("%s", gnutls_compression_get_name (*p));
755 if (*(p + 1))
756 printf (", ");
757 else
758 printf ("\n");
759 }
760 }
761 }
762
763 void
764 print_license (void)
765 {
766 fputs ("\nCopyright (C) 2004,2005,2006,2007 Free Software Foundation\n"
767 "This program is free software; you can redistribute it and/or modify \n"
768 "it under the terms of the GNU General Public License as published by \n"
769 "the Free Software Foundation; either version 3 of the License, or \n"
770 "(at your option) any later version. \n" "\n"
771 "This program is distributed in the hope that it will be useful, \n"
772 "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
773 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
774 "GNU General Public License for more details. \n" "\n"
775 "You should have received a copy of the GNU General Public License \n"
776 "along with this program; if not, write to the Free Software \n"
777 "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n",
778 stdout);
779 }
780
781 static int depr_printed = 0;
782 #define DEPRECATED if (depr_printed==0) { \
783 fprintf(stderr, "This method of specifying algorithms is deprecated. Please use the --priority option.\n"); \
784 depr_printed = 1; \
785 }
786
787 void
788 parse_protocols (char **protocols, int protocols_size, int *protocol_priority)
789 {
790 int i, j;
791
792 if (protocols != NULL && protocols_size > 0)
793 {
794 DEPRECATED;
795
796 for (j = i = 0; i < protocols_size; i++)
797 {
798 if (strncasecmp (protocols[i], "SSL", 3) == 0)
799 protocol_priority[j++] = GNUTLS_SSL3;
800 else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
801 protocol_priority[j++] = GNUTLS_TLS1_1;
802 else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
803 protocol_priority[j++] = GNUTLS_TLS1_2;
804 else if (strncasecmp (protocols[i], "TLS", 3) == 0)
805 protocol_priority[j++] = GNUTLS_TLS1_0;
806 else
807 fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
808 }
809 protocol_priority[j] = 0;
810 }
811 }
812
813 void
814 parse_ciphers (char **ciphers, int nciphers, int *cipher_priority)
815 {
816 int j, i;
817
818
819 if (ciphers != NULL && nciphers > 0)
820 {
821 DEPRECATED;
822 for (j = i = 0; i < nciphers; i++)
823 {
824 if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
825 cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
826 else if (strncasecmp (ciphers[i], "AES", 3) == 0)
827 cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
828 else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
829 cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
830 else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
831 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
832 else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
833 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
834 #ifdef ENABLE_CAMELLIA
835 else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
836 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
837 else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
838 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
839 #endif
840 else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
841 cipher_priority[j++] = GNUTLS_CIPHER_NULL;
842 else
843 fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
844 }
845 cipher_priority[j] = 0;
846 }
847 }
848
849 void
850 parse_macs (char **macs, int nmacs, int *mac_priority)
851 {
852 int i, j;
853
854
855 if (macs != NULL && nmacs > 0)
856 {
857 DEPRECATED;
858 for (j = i = 0; i < nmacs; i++)
859 {
860 if (strncasecmp (macs[i], "MD5", 3) == 0)
861 mac_priority[j++] = GNUTLS_MAC_MD5;
862 else if (strncasecmp (macs[i], "RMD", 3) == 0)
863 mac_priority[j++] = GNUTLS_MAC_RMD160;
864 else if (strncasecmp (macs[i], "SHA512", 6) == 0)
865 mac_priority[j++] = GNUTLS_MAC_SHA512;
866 else if (strncasecmp (macs[i], "SHA384", 6) == 0)
867 mac_priority[j++] = GNUTLS_MAC_SHA384;
868 else if (strncasecmp (macs[i], "SHA256", 6) == 0)
869 mac_priority[j++] = GNUTLS_MAC_SHA256;
870 else if (strncasecmp (macs[i], "SHA", 3) == 0)
871 mac_priority[j++] = GNUTLS_MAC_SHA1;
872 else
873 fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
874 }
875 mac_priority[j] = 0;
876 }
877 }
878
879 void
880 parse_ctypes (char **ctype, int nctype, int *cert_type_priority)
881 {
882 int i, j;
883
884 if (ctype != NULL && nctype > 0)
885 {
886 DEPRECATED;
887 for (j = i = 0; i < nctype; i++)
888 {
889 if (strncasecmp (ctype[i], "OPE", 3) == 0)
890 cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
891 else if (strncasecmp (ctype[i], "X", 1) == 0)
892 cert_type_priority[j++] = GNUTLS_CRT_X509;
893 else
894 fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
895 }
896 cert_type_priority[j] = 0;
897 }
898 }
899
900 void
901 parse_kx (char **kx, int nkx, int *kx_priority)
902 {
903 int i, j;
904
905
906 if (kx != NULL && nkx > 0)
907 {
908 DEPRECATED;
909 for (j = i = 0; i < nkx; i++)
910 {
911 if (strcasecmp (kx[i], "SRP") == 0)
912 kx_priority[j++] = GNUTLS_KX_SRP;
913 else if (strcasecmp (kx[i], "SRP-RSA") == 0)
914 kx_priority[j++] = GNUTLS_KX_SRP_RSA;
915 else if (strcasecmp (kx[i], "SRP-DSS") == 0)
916 kx_priority[j++] = GNUTLS_KX_SRP_DSS;
917 else if (strcasecmp (kx[i], "RSA") == 0)
918 kx_priority[j++] = GNUTLS_KX_RSA;
919 else if (strcasecmp (kx[i], "PSK") == 0)
920 kx_priority[j++] = GNUTLS_KX_PSK;
921 else if (strcasecmp (kx[i], "DHE-PSK") == 0)
922 kx_priority[j++] = GNUTLS_KX_DHE_PSK;
923 else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
924 kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
925 else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
926 kx_priority[j++] = GNUTLS_KX_DHE_RSA;
927 else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
928 kx_priority[j++] = GNUTLS_KX_DHE_DSS;
929 else if (strncasecmp (kx[i], "ANON", 4) == 0)
930 kx_priority[j++] = GNUTLS_KX_ANON_DH;
931 else
932 fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
933 }
934 kx_priority[j] = 0;
935 }
936 }
937
938 void
939 parse_comp (char **comp, int ncomp, int *comp_priority)
940 {
941 int i, j;
942
943 if (comp != NULL && ncomp > 0)
944 {
945 DEPRECATED;
946 for (j = i = 0; i < ncomp; i++)
947 {
948 if (strncasecmp (comp[i], "NUL", 3) == 0)
949 comp_priority[j++] = GNUTLS_COMP_NULL;
950 else if (strncasecmp (comp[i], "ZLI", 3) == 0)
951 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
952 else if (strncasecmp (comp[i], "DEF", 3) == 0)
953 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
954 else if (strncasecmp (comp[i], "LZO", 3) == 0)
955 comp_priority[j++] = GNUTLS_COMP_LZO;
956 else
957 fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
958 }
959 comp_priority[j] = 0;
960 }
961 }
962
963 void
964 sockets_init (void)
965 {
966 #ifdef _WIN32
967 WORD wVersionRequested;
968 WSADATA wsaData;
969
970 wVersionRequested = MAKEWORD (1, 1);
971 if (WSAStartup (wVersionRequested, &wsaData) != 0)
972 {
973 perror ("WSA_STARTUP_ERROR");
974 }
975 #endif
976 }
977
978 /* converts a service name or a port (in string) to a
979 * port number. The protocol is assumed to be TCP.
980 *
981 * returns -1 on error;
982 */
983 int
984 service_to_port (const char *service)
985 {
986 int port;
987 struct servent *server_port;
988
989 port = atoi (service);
990 if (port != 0)
991 return port;
992
993 server_port = getservbyname (service, "tcp");
994 if (server_port == NULL)
995 {
996 perror ("getservbyname()");
997 return (-1);
998 }
999
1000 return ntohs (server_port->s_port);
1001
1002 }
Implementation of the SSL/TLS protocol