2 * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GNUTLS.
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
25 /* This file contains the code the Certificate Type TLS extension.
26 * This extension is currently gnutls specific.
29 #include "gnutls_int.h"
30 #include "gnutls_errors.h"
31 #include "gnutls_num.h"
32 #include "ext_cert_type.h"
33 #include <gnutls_state.h>
34 #include <gnutls_num.h>
36 inline static int _gnutls_num2cert_type (int num
);
37 inline static int _gnutls_cert_type2num (int record_size
);
40 * In case of a server: if a CERT_TYPE extension type is received then it stores
41 * into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(),
44 * In case of a client: If a cert_types have been specified then we send the extension.
49 _gnutls_cert_type_recv_params (gnutls_session_t session
,
50 const opaque
* data
, size_t _data_size
)
52 int new_type
= -1, ret
, i
;
53 ssize_t data_size
= _data_size
;
55 if (session
->security_parameters
.entity
== GNUTLS_CLIENT
)
62 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH
;
65 new_type
= _gnutls_num2cert_type (data
[0]);
73 /* Check if we support this cert_type */
75 _gnutls_session_cert_type_supported (session
, new_type
)) < 0)
81 _gnutls_session_cert_type_set (session
, new_type
);
85 { /* SERVER SIDE - we must check if the sent cert type is the right one
91 DECR_LEN (data_size
, 1);
93 DECR_LEN (data_size
, len
);
95 for (i
= 0; i
< len
; i
++)
97 new_type
= _gnutls_num2cert_type (data
[i
+ 1]);
102 /* Check if we support this cert_type */
104 _gnutls_session_cert_type_supported (session
,
118 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
;
122 _gnutls_session_cert_type_supported (session
, new_type
)) < 0)
125 /* The peer has requested unsupported certificate
126 * types. Instead of failing, procceed normally.
127 * (the ciphersuite selection would fail, or a
128 * non certificate ciphersuite will be selected).
133 _gnutls_session_cert_type_set (session
, new_type
);
142 /* returns data_size or a negative number on failure
145 _gnutls_cert_type_send_params (gnutls_session_t session
, opaque
* data
,
150 /* this function sends the client extension data (dnsname) */
151 if (session
->security_parameters
.entity
== GNUTLS_CLIENT
)
154 if (session
->internals
.priorities
.cert_type
.algorithms
> 0)
157 len
= session
->internals
.priorities
.cert_type
.algorithms
;
160 session
->internals
.priorities
.cert_type
.priority
[0] ==
163 /* We don't use this extension if X.509 certificates
169 if (data_size
< len
+ 1)
172 return GNUTLS_E_SHORT_MEMORY_BUFFER
;
177 data
[0] = (uint8_t) len
;
179 for (i
= 0; i
< len
; i
++)
182 _gnutls_cert_type2num (session
->internals
.
183 priorities
.cert_type
.priority
[i
]);
191 if (session
->security_parameters
.cert_type
!= DEFAULT_CERT_TYPE
)
197 return GNUTLS_E_SHORT_MEMORY_BUFFER
;
201 _gnutls_cert_type2num (session
->security_parameters
.cert_type
);
211 /* Maps numbers to record sizes according to the
215 _gnutls_num2cert_type (int num
)
220 return GNUTLS_CRT_X509
;
222 return GNUTLS_CRT_OPENPGP
;
224 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
;
228 /* Maps record size to numbers according to the
232 _gnutls_cert_type2num (int cert_type
)
236 case GNUTLS_CRT_X509
:
238 case GNUTLS_CRT_OPENPGP
:
241 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
;