2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation
3 * Author: Nikos Mavrogiannopoulos
5 * This file is part of GNUTLS.
7 * GNUTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include <gnutls/gnutls.h>
26 #include <gnutls/extra.h>
27 #include <gnutls/x509.h>
28 #include <gnutls/openpgp.h>
34 #define SU(x) (x!=NULL?x:"Unknown")
39 static char buffer
[5 * 1024];
41 #define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y)
42 #define PRINT_PGP_NAME(X) PRINTX( "NAME:", name)
44 const char str_unknown
[] = "(unknown)";
46 /* Hex encodes the given data.
49 raw_to_string (const unsigned char *raw
, size_t raw_size
)
51 static char buf
[1024];
56 if (raw_size
* 3 + 1 >= sizeof (buf
))
59 for (i
= 0; i
< raw_size
; i
++)
61 sprintf (&(buf
[i
* 3]), "%02X%s", raw
[i
],
62 (i
== raw_size
- 1) ? "" : ":");
64 buf
[sizeof (buf
) - 1] = '\0';
70 my_ctime (const time_t * tv
)
75 if (((tp
= localtime (tv
)) == NULL
) ||
76 (!strftime (buf
, sizeof buf
, "%a %b %e %H:%M:%S %Z %Y\n", tp
)))
77 strcpy (buf
, str_unknown
); /* make sure buf text isn't garbage */
85 print_x509_info (gnutls_session_t session
, const char *hostname
)
87 gnutls_x509_crt_t crt
;
88 const gnutls_datum_t
*cert_list
;
89 unsigned int cert_list_size
= 0;
95 size_t digest_size
= sizeof (digest
);
97 size_t serial_size
= sizeof (serial
);
100 unsigned int bits
, algo
;
101 time_t expiret
, activet
;
103 cert_list
= gnutls_certificate_get_peers (session
, &cert_list_size
);
106 if (cert_list_size
== 0)
108 fprintf (stderr
, "No certificates found!\n");
112 printf (" - Got a certificate list of %d certificates.\n\n",
115 for (j
= 0; j
< (unsigned int) cert_list_size
; j
++)
118 gnutls_x509_crt_init (&crt
);
119 ret
= gnutls_x509_crt_import (crt
, &cert_list
[j
], GNUTLS_X509_FMT_DER
);
122 fprintf (stderr
, "Decoding error: %s\n", gnutls_strerror (ret
));
126 printf (" - Certificate[%d] info:\n", j
);
132 size
= sizeof (buffer
);
135 gnutls_x509_crt_export (crt
, GNUTLS_X509_FMT_PEM
, buffer
, &size
);
138 fprintf (stderr
, "Encoding error: %s\n", gnutls_strerror (ret
));
141 fputs ("\n", stdout
);
142 fputs (buffer
, stdout
);
143 fputs ("\n", stdout
);
146 if (j
== 0 && hostname
!= NULL
)
147 { /* Check the hostname of the first certificate
148 * if it matches the name of the host we
151 if (gnutls_x509_crt_check_hostname (crt
, hostname
) == 0)
154 (" # The hostname in the certificate does NOT match '%s'.\n",
160 (" # The hostname in the certificate matches '%s'.\n",
166 expiret
= gnutls_x509_crt_get_expiration_time (crt
);
167 activet
= gnutls_x509_crt_get_activation_time (crt
);
169 printf (" # valid since: %s", my_ctime (&activet
));
170 printf (" # expires at: %s", my_ctime (&expiret
));
173 /* Print the serial number of the certificate.
176 && gnutls_x509_crt_get_serial (crt
, serial
, &serial_size
) >= 0)
178 print
= raw_to_string (serial
, serial_size
);
180 printf (" # serial number: %s\n", print
);
183 /* Print the fingerprint of the certificate
185 digest_size
= sizeof (digest
);
187 gnutls_x509_crt_get_fingerprint (crt
,
189 digest
, &digest_size
)) < 0)
192 "Error in fingerprint calculation: %s\n",
193 gnutls_strerror (ret
));
197 print
= raw_to_string (digest
, digest_size
);
199 printf (" # fingerprint: %s\n", print
);
202 /* Print the version of the X.509
207 printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt
));
210 algo
= gnutls_x509_crt_get_pk_algorithm (crt
, &bits
);
211 printf (" # public key algorithm: ");
213 cstr
= SU (gnutls_pk_algorithm_get_name (algo
));
214 printf ("%s (%d bits)\n", cstr
, bits
);
217 if (algo
== GNUTLS_PK_RSA
)
221 ret
= gnutls_x509_crt_get_pk_rsa_raw (crt
, &m
, &e
);
224 print
= SU (raw_to_string (e
.data
, e
.size
));
225 printf (" # e [%d bits]: %s\n", e
.size
* 8, print
);
227 print
= SU (raw_to_string (m
.data
, m
.size
));
228 printf (" # m [%d bits]: %s\n", m
.size
* 8, print
);
230 gnutls_free (e
.data
);
231 gnutls_free (m
.data
);
234 else if (algo
== GNUTLS_PK_DSA
)
236 gnutls_datum_t p
, q
, g
, y
;
238 ret
= gnutls_x509_crt_get_pk_dsa_raw (crt
, &p
, &q
, &g
, &y
);
241 print
= SU (raw_to_string (p
.data
, p
.size
));
242 printf (" # p [%d bits]: %s\n", p
.size
* 8, print
);
244 print
= SU (raw_to_string (q
.data
, q
.size
));
245 printf (" # q [%d bits]: %s\n", q
.size
* 8, print
);
247 print
= SU (raw_to_string (g
.data
, g
.size
));
248 printf (" # g [%d bits]: %s\n", g
.size
* 8, print
);
250 print
= SU (raw_to_string (y
.data
, y
.size
));
251 printf (" # y [%d bits]: %s\n", y
.size
* 8, print
);
253 gnutls_free (p
.data
);
254 gnutls_free (q
.data
);
255 gnutls_free (g
.data
);
256 gnutls_free (y
.data
);
262 dn_size
= sizeof (dn
);
263 ret
= gnutls_x509_crt_get_dn (crt
, dn
, &dn_size
);
265 printf (" # Subject's DN: %s\n", dn
);
267 dn_size
= sizeof (dn
);
268 ret
= gnutls_x509_crt_get_issuer_dn (crt
, dn
, &dn_size
);
270 printf (" # Issuer's DN: %s\n", dn
);
272 gnutls_x509_crt_deinit (crt
);
280 #ifdef ENABLE_OPENPGP
283 print_openpgp_info (gnutls_session_t session
, const char *hostname
)
287 size_t digest_size
= sizeof (digest
);
292 size_t name_len
= sizeof (name
);
293 gnutls_openpgp_crt_t crt
;
294 const gnutls_datum_t
*cert_list
;
295 int cert_list_size
= 0;
299 cert_list
= gnutls_certificate_get_peers (session
, &cert_list_size
);
301 if (cert_list_size
> 0)
303 unsigned int algo
, bits
;
305 gnutls_openpgp_crt_init (&crt
);
307 gnutls_openpgp_crt_import (crt
, &cert_list
[0],
308 GNUTLS_OPENPGP_FMT_RAW
);
311 fprintf (stderr
, "Decoding error: %s\n", gnutls_strerror (ret
));
319 size
= sizeof (buffer
);
322 gnutls_openpgp_crt_export (crt
,
323 GNUTLS_OPENPGP_FMT_BASE64
,
327 fprintf (stderr
, "Encoding error: %s\n", gnutls_strerror (ret
));
330 fputs ("\n", stdout
);
331 fputs (buffer
, stdout
);
332 fputs ("\n", stdout
);
335 if (hostname
!= NULL
)
336 { /* Check the hostname of the first certificate
337 * if it matches the name of the host we
340 if (gnutls_openpgp_crt_check_hostname (crt
, hostname
) == 0)
343 (" # The hostname in the key does NOT match '%s'.\n",
348 printf (" # The hostname in the key matches '%s'.\n", hostname
);
352 activet
= gnutls_openpgp_crt_get_creation_time (crt
);
353 expiret
= gnutls_openpgp_crt_get_expiration_time (crt
);
355 printf (" # Key was created at: %s", my_ctime (&activet
));
356 printf (" # Key expires: ");
358 printf ("%s", my_ctime (&expiret
));
362 if (gnutls_openpgp_crt_get_fingerprint (crt
, digest
, &digest_size
) >= 0)
364 print
= raw_to_string (digest
, digest_size
);
366 printf (" # PGP Key version: %d\n",
367 gnutls_openpgp_crt_get_version (crt
));
370 algo
= gnutls_openpgp_crt_get_pk_algorithm (crt
, &bits
);
372 printf (" # PGP Key public key algorithm: ");
373 cstr
= SU (gnutls_pk_algorithm_get_name (algo
));
374 printf ("%s (%d bits)\n", cstr
, bits
);
377 printf (" # PGP Key fingerprint: %s\n", print
);
379 name_len
= sizeof (name
);
380 if (gnutls_openpgp_crt_get_name (crt
, 0, name
, &name_len
) < 0)
382 fprintf (stderr
, "Could not extract name\n");
386 PRINT_PGP_NAME (name
);
391 gnutls_openpgp_crt_deinit (crt
);
399 print_cert_vrfy (gnutls_session_t session
)
404 rc
= gnutls_certificate_verify_peers2 (session
, &status
);
407 if (rc
== GNUTLS_E_NO_CERTIFICATE_FOUND
)
409 printf ("- Peer did not send any certificate.\n");
415 printf ("- Could not verify certificate (err: %s)\n",
416 gnutls_strerror (rc
));
420 if (gnutls_certificate_type_get (session
) == GNUTLS_CRT_X509
)
422 if (status
& GNUTLS_CERT_SIGNER_NOT_FOUND
)
423 printf ("- Peer's certificate issuer is unknown\n");
424 if (status
& GNUTLS_CERT_INVALID
)
425 printf ("- Peer's certificate is NOT trusted\n");
427 printf ("- Peer's certificate is trusted\n");
431 if (status
& GNUTLS_CERT_INVALID
)
432 printf ("- Peer's key is invalid\n");
434 printf ("- Peer's key is valid\n");
435 if (status
& GNUTLS_CERT_SIGNER_NOT_FOUND
)
436 printf ("- Could not find a signer of the peer's key\n");
441 print_dh_info (gnutls_session_t session
, const char *str
)
443 printf ("- %sDiffie-Hellman parameters\n", str
);
444 printf (" - Using prime: %d bits\n",
445 gnutls_dh_get_prime_bits (session
));
446 printf (" - Secret key: %d bits\n",
447 gnutls_dh_get_secret_bits (session
));
448 printf (" - Peer's public key: %d bits\n",
449 gnutls_dh_get_peers_public_bits (session
));
454 gnutls_datum_t raw_gen
= { NULL
, 0 };
455 gnutls_datum_t raw_prime
= { NULL
, 0 };
456 gnutls_dh_params_t dh_params
= NULL
;
457 unsigned char *params_data
= NULL
;
458 size_t params_data_size
= 0;
460 ret
= gnutls_dh_get_group (session
, &raw_gen
, &raw_prime
);
463 fprintf (stderr
, "gnutls_dh_get_group %d\n", ret
);
467 ret
= gnutls_dh_params_init (&dh_params
);
470 fprintf (stderr
, "gnutls_dh_params_init %d\n", ret
);
474 ret
= gnutls_dh_params_import_raw (dh_params
, &raw_prime
,
478 fprintf (stderr
, "gnutls_dh_params_import_raw %d\n", ret
);
482 ret
= gnutls_dh_params_export_pkcs3 (dh_params
,
486 if (ret
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
488 fprintf (stderr
, "gnutls_dh_params_export_pkcs3 %d\n", ret
);
492 params_data
= gnutls_malloc (params_data_size
);
495 fprintf (stderr
, "gnutls_malloc %d\n", ret
);
499 ret
= gnutls_dh_params_export_pkcs3 (dh_params
,
505 fprintf (stderr
, "gnutls_dh_params_export_pkcs3-2 %d\n", ret
);
509 printf (" - PKCS#3 format:\n\n%.*s\n", params_data_size
, params_data
);
512 gnutls_free (params_data
);
513 gnutls_free (raw_prime
.data
);
514 gnutls_free (raw_gen
.data
);
515 gnutls_dh_params_deinit (dh_params
);
520 print_info (gnutls_session_t session
, const char *hostname
)
523 gnutls_credentials_type_t cred
;
524 gnutls_kx_algorithm_t kx
;
527 /* print the key exchange's algorithm name
529 kx
= gnutls_kx_get (session
);
531 cred
= gnutls_auth_get_type (session
);
535 case GNUTLS_CRD_ANON
:
536 print_dh_info (session
, "Anonymous ");
541 /* This should be only called in server
544 if (gnutls_srp_server_get_username (session
) != NULL
)
545 printf ("- SRP authentication. Connected as '%s'\n",
546 gnutls_srp_server_get_username (session
));
551 /* This returns NULL in server side.
553 if (gnutls_psk_client_get_hint (session
) != NULL
)
554 printf ("- PSK authentication. PSK hint '%s'\n",
555 gnutls_psk_client_get_hint (session
));
556 /* This returns NULL in client side.
558 if (gnutls_psk_server_get_username (session
) != NULL
)
559 printf ("- PSK authentication. Connected as '%s'\n",
560 gnutls_psk_server_get_username (session
));
561 if (kx
== GNUTLS_KX_DHE_PSK
)
562 print_dh_info (session
, "Ephemeral ");
566 printf ("- TLS/IA authentication\n");
568 case GNUTLS_CRD_CERTIFICATE
:
571 size_t dns_size
= sizeof (dns
);
574 /* This fails in client side */
575 if (gnutls_server_name_get (session
, dns
, &dns_size
, &type
, 0) == 0)
577 printf ("- Given server name[%d]: %s\n", type
, dns
);
581 if (kx
== GNUTLS_KX_DHE_RSA
|| kx
== GNUTLS_KX_DHE_DSS
)
582 print_dh_info (session
, "Ephemeral ");
584 print_cert_info (session
, hostname
);
586 print_cert_vrfy (session
);
590 tmp
= SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session
)));
591 printf ("- Version: %s\n", tmp
);
593 tmp
= SU (gnutls_kx_get_name (kx
));
594 printf ("- Key Exchange: %s\n", tmp
);
596 tmp
= SU (gnutls_cipher_get_name (gnutls_cipher_get (session
)));
597 printf ("- Cipher: %s\n", tmp
);
599 tmp
= SU (gnutls_mac_get_name (gnutls_mac_get (session
)));
600 printf ("- MAC: %s\n", tmp
);
602 tmp
= SU (gnutls_compression_get_name (gnutls_compression_get (session
)));
603 printf ("- Compression: %s\n", tmp
);
607 size_t id_size
= sizeof(id
);
608 gnutls_session_get_id (session
, id
, &id_size
);
609 printf("- Session ID: %s\n", raw_to_string(id
, id_size
) );
619 print_cert_info (gnutls_session_t session
, const char *hostname
)
622 if (gnutls_certificate_client_get_request_status (session
) != 0)
623 printf ("- Server has requested a certificate.\n");
625 printf ("- Certificate type: ");
626 switch (gnutls_certificate_type_get (session
))
628 case GNUTLS_CRT_UNKNOWN
:
629 printf ("Unknown\n");
631 case GNUTLS_CRT_X509
:
633 print_x509_info (session
, hostname
);
635 #ifdef ENABLE_OPENPGP
636 case GNUTLS_CRT_OPENPGP
:
637 printf ("OpenPGP\n");
638 print_openpgp_info (session
, hostname
);
645 print_list (int verbose
)
651 gnutls_kx_algorithm_t kx
;
652 gnutls_cipher_algorithm_t cipher
;
653 gnutls_mac_algorithm_t mac
;
654 gnutls_protocol_t version
;
656 printf ("Cipher suites:\n");
657 for (i
= 0; (name
= gnutls_cipher_suite_info
658 (i
, id
, &kx
, &cipher
, &mac
, &version
)); i
++)
660 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
662 (unsigned char) id
[0], (unsigned char) id
[1],
663 gnutls_protocol_get_name (version
));
665 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
666 gnutls_kx_get_name (kx
),
667 gnutls_cipher_get_name (cipher
), gnutls_mac_get_name (mac
));
672 const gnutls_certificate_type_t
*p
= gnutls_certificate_type_list ();
674 printf ("Certificate types: ");
677 printf ("%s", gnutls_certificate_type_get_name (*p
));
686 const gnutls_protocol_t
*p
= gnutls_protocol_list ();
688 printf ("Protocols: ");
691 printf ("%s", gnutls_protocol_get_name (*p
));
700 const gnutls_cipher_algorithm_t
*p
= gnutls_cipher_list ();
702 printf ("Ciphers: ");
705 printf ("%s", gnutls_cipher_get_name (*p
));
714 const gnutls_mac_algorithm_t
*p
= gnutls_mac_list ();
719 printf ("%s", gnutls_mac_get_name (*p
));
728 const gnutls_kx_algorithm_t
*p
= gnutls_kx_list ();
730 printf ("Key exchange algorithms: ");
733 printf ("%s", gnutls_kx_get_name (*p
));
742 const gnutls_compression_method_t
*p
= gnutls_compression_list ();
744 printf ("Compression: ");
747 printf ("%s", gnutls_compression_get_name (*p
));
759 fputs ("\nCopyright (C) 2004,2005,2006,2007 Free Software Foundation\n"
760 "This program is free software; you can redistribute it and/or modify \n"
761 "it under the terms of the GNU General Public License as published by \n"
762 "the Free Software Foundation; either version 3 of the License, or \n"
763 "(at your option) any later version. \n" "\n"
764 "This program is distributed in the hope that it will be useful, \n"
765 "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
766 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
767 "GNU General Public License for more details. \n" "\n"
768 "You should have received a copy of the GNU General Public License \n"
769 "along with this program; if not, write to the Free Software \n"
770 "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n",
774 static int depr_printed
= 0;
775 #define DEPRECATED if (depr_printed==0) { \
776 fprintf(stderr, "This method of specifying algorithms is deprecated. Please use the --priority option.\n"); \
781 parse_protocols (char **protocols
, int protocols_size
, int *protocol_priority
)
785 if (protocols
!= NULL
&& protocols_size
> 0)
789 for (j
= i
= 0; i
< protocols_size
; i
++)
791 if (strncasecmp (protocols
[i
], "SSL", 3) == 0)
792 protocol_priority
[j
++] = GNUTLS_SSL3
;
793 else if (strncasecmp (protocols
[i
], "TLS1.1", 6) == 0)
794 protocol_priority
[j
++] = GNUTLS_TLS1_1
;
795 else if (strncasecmp (protocols
[i
], "TLS1.2", 6) == 0)
796 protocol_priority
[j
++] = GNUTLS_TLS1_2
;
797 else if (strncasecmp (protocols
[i
], "TLS", 3) == 0)
798 protocol_priority
[j
++] = GNUTLS_TLS1_0
;
800 fprintf (stderr
, "Unknown protocol: '%s'\n", protocols
[i
]);
802 protocol_priority
[j
] = 0;
807 parse_ciphers (char **ciphers
, int nciphers
, int *cipher_priority
)
812 if (ciphers
!= NULL
&& nciphers
> 0)
815 for (j
= i
= 0; i
< nciphers
; i
++)
817 if (strncasecmp (ciphers
[i
], "AES-2", 5) == 0)
818 cipher_priority
[j
++] = GNUTLS_CIPHER_AES_256_CBC
;
819 else if (strncasecmp (ciphers
[i
], "AES", 3) == 0)
820 cipher_priority
[j
++] = GNUTLS_CIPHER_AES_128_CBC
;
821 else if (strncasecmp (ciphers
[i
], "3DE", 3) == 0)
822 cipher_priority
[j
++] = GNUTLS_CIPHER_3DES_CBC
;
823 else if (strcasecmp (ciphers
[i
], "ARCFOUR-40") == 0)
824 cipher_priority
[j
++] = GNUTLS_CIPHER_ARCFOUR_40
;
825 else if (strcasecmp (ciphers
[i
], "ARCFOUR") == 0)
826 cipher_priority
[j
++] = GNUTLS_CIPHER_ARCFOUR_128
;
827 #ifdef ENABLE_CAMELLIA
828 else if (strncasecmp (ciphers
[i
], "CAMELLIA-2", 10) == 0)
829 cipher_priority
[j
++] = GNUTLS_CIPHER_CAMELLIA_256_CBC
;
830 else if (strncasecmp (ciphers
[i
], "CAM", 3) == 0)
831 cipher_priority
[j
++] = GNUTLS_CIPHER_CAMELLIA_128_CBC
;
833 else if (strncasecmp (ciphers
[i
], "NUL", 3) == 0)
834 cipher_priority
[j
++] = GNUTLS_CIPHER_NULL
;
836 fprintf (stderr
, "Unknown cipher: '%s'\n", ciphers
[i
]);
838 cipher_priority
[j
] = 0;
843 parse_macs (char **macs
, int nmacs
, int *mac_priority
)
848 if (macs
!= NULL
&& nmacs
> 0)
851 for (j
= i
= 0; i
< nmacs
; i
++)
853 if (strncasecmp (macs
[i
], "MD5", 3) == 0)
854 mac_priority
[j
++] = GNUTLS_MAC_MD5
;
855 else if (strncasecmp (macs
[i
], "RMD", 3) == 0)
856 mac_priority
[j
++] = GNUTLS_MAC_RMD160
;
857 else if (strncasecmp (macs
[i
], "SHA512", 6) == 0)
858 mac_priority
[j
++] = GNUTLS_MAC_SHA512
;
859 else if (strncasecmp (macs
[i
], "SHA384", 6) == 0)
860 mac_priority
[j
++] = GNUTLS_MAC_SHA384
;
861 else if (strncasecmp (macs
[i
], "SHA256", 6) == 0)
862 mac_priority
[j
++] = GNUTLS_MAC_SHA256
;
863 else if (strncasecmp (macs
[i
], "SHA", 3) == 0)
864 mac_priority
[j
++] = GNUTLS_MAC_SHA1
;
866 fprintf (stderr
, "Unknown MAC: '%s'\n", macs
[i
]);
873 parse_ctypes (char **ctype
, int nctype
, int *cert_type_priority
)
877 if (ctype
!= NULL
&& nctype
> 0)
880 for (j
= i
= 0; i
< nctype
; i
++)
882 if (strncasecmp (ctype
[i
], "OPE", 3) == 0)
883 cert_type_priority
[j
++] = GNUTLS_CRT_OPENPGP
;
884 else if (strncasecmp (ctype
[i
], "X", 1) == 0)
885 cert_type_priority
[j
++] = GNUTLS_CRT_X509
;
887 fprintf (stderr
, "Unknown certificate type: '%s'\n", ctype
[i
]);
889 cert_type_priority
[j
] = 0;
894 parse_kx (char **kx
, int nkx
, int *kx_priority
)
899 if (kx
!= NULL
&& nkx
> 0)
902 for (j
= i
= 0; i
< nkx
; i
++)
904 if (strcasecmp (kx
[i
], "SRP") == 0)
905 kx_priority
[j
++] = GNUTLS_KX_SRP
;
906 else if (strcasecmp (kx
[i
], "SRP-RSA") == 0)
907 kx_priority
[j
++] = GNUTLS_KX_SRP_RSA
;
908 else if (strcasecmp (kx
[i
], "SRP-DSS") == 0)
909 kx_priority
[j
++] = GNUTLS_KX_SRP_DSS
;
910 else if (strcasecmp (kx
[i
], "RSA") == 0)
911 kx_priority
[j
++] = GNUTLS_KX_RSA
;
912 else if (strcasecmp (kx
[i
], "PSK") == 0)
913 kx_priority
[j
++] = GNUTLS_KX_PSK
;
914 else if (strcasecmp (kx
[i
], "DHE-PSK") == 0)
915 kx_priority
[j
++] = GNUTLS_KX_DHE_PSK
;
916 else if (strcasecmp (kx
[i
], "RSA-EXPORT") == 0)
917 kx_priority
[j
++] = GNUTLS_KX_RSA_EXPORT
;
918 else if (strncasecmp (kx
[i
], "DHE-RSA", 7) == 0)
919 kx_priority
[j
++] = GNUTLS_KX_DHE_RSA
;
920 else if (strncasecmp (kx
[i
], "DHE-DSS", 7) == 0)
921 kx_priority
[j
++] = GNUTLS_KX_DHE_DSS
;
922 else if (strncasecmp (kx
[i
], "ANON", 4) == 0)
923 kx_priority
[j
++] = GNUTLS_KX_ANON_DH
;
925 fprintf (stderr
, "Unknown key exchange: '%s'\n", kx
[i
]);
932 parse_comp (char **comp
, int ncomp
, int *comp_priority
)
936 if (comp
!= NULL
&& ncomp
> 0)
939 for (j
= i
= 0; i
< ncomp
; i
++)
941 if (strncasecmp (comp
[i
], "NUL", 3) == 0)
942 comp_priority
[j
++] = GNUTLS_COMP_NULL
;
943 else if (strncasecmp (comp
[i
], "ZLI", 3) == 0)
944 comp_priority
[j
++] = GNUTLS_COMP_DEFLATE
;
945 else if (strncasecmp (comp
[i
], "DEF", 3) == 0)
946 comp_priority
[j
++] = GNUTLS_COMP_DEFLATE
;
947 else if (strncasecmp (comp
[i
], "LZO", 3) == 0)
948 comp_priority
[j
++] = GNUTLS_COMP_LZO
;
950 fprintf (stderr
, "Unknown compression: '%s'\n", comp
[i
]);
952 comp_priority
[j
] = 0;
960 WORD wVersionRequested
;
963 wVersionRequested
= MAKEWORD (1, 1);
964 if (WSAStartup (wVersionRequested
, &wsaData
) != 0)
966 perror ("WSA_STARTUP_ERROR");
971 /* converts a service name or a port (in string) to a
972 * port number. The protocol is assumed to be TCP.
974 * returns -1 on error;
977 service_to_port (const char *service
)
980 struct servent
*server_port
;
982 port
= atoi (service
);
986 server_port
= getservbyname (service
, "tcp");
987 if (server_port
== NULL
)
989 perror ("getservbyname()");
993 return ntohs (server_port
->s_port
);