search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update `NEWS'.
[gnutls.git] / src / common.c
blob961c229374c39b259177dfe38b98dacdf292d842
1 /*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
3 * Author: Nikos Mavroyanopoulos
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
20 */
21
22 #include <config.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <gnutls/gnutls.h>
27 #include <gnutls/extra.h>
28 #include <gnutls/x509.h>
29 #include <gnutls/openpgp.h>
30 #include <time.h>
31 #include <common.h>
32
33 #define TEST_STRING
34
35 #define SU(x) (x!=NULL?x:"Unknown")
36
37 int print_cert;
38 extern int verbose;
39
40 static char buffer[5 * 1024];
41
42 #define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y)
43 #define PRINT_PGP_NAME(X) PRINTX( "NAME:", name)
44
45 const char str_unknown[] = "(unknown)";
46
47 /* Hex encodes the given data.
48 */
49 const char *
50 raw_to_string (const unsigned char *raw, size_t raw_size)
51 {
52 static char buf[1024];
53 size_t i;
54 if (raw_size == 0)
55 return NULL;
56
57 if (raw_size * 3 + 1 >= sizeof (buf))
58 return NULL;
59
60 for (i = 0; i < raw_size; i++)
61 {
62 sprintf (&(buf[i * 3]), "%02X%s", raw[i],
63 (i == raw_size - 1) ? "" : ":");
64 }
65 buf[sizeof (buf) - 1] = '\0';
66
67 return buf;
68 }
69
70 static const char *
71 my_ctime (const time_t * tv)
72 {
73 static char buf[256];
74 struct tm *tp;
75
76 if (((tp = localtime (tv)) == NULL) ||
77 (!strftime (buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp)))
78 strcpy (buf, str_unknown); /* make sure buf text isn't garbage */
79
80 return buf;
81
82 }
83
84
85 void
86 print_x509_info (gnutls_session_t session, const char *hostname)
87 {
88 gnutls_x509_crt_t crt;
89 const gnutls_datum_t *cert_list;
90 unsigned int cert_list_size = 0;
91 int ret;
92 char digest[20];
93 char serial[40];
94 char dn[256];
95 size_t dn_size;
96 size_t digest_size = sizeof (digest);
97 unsigned int j;
98 size_t serial_size = sizeof (serial);
99 const char *print;
100 const char *cstr;
101 unsigned int bits, algo;
102 time_t expiret, activet;
103
104 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
105
106
107 if (cert_list_size == 0)
108 {
109 fprintf (stderr, "No certificates found!\n");
110 return;
111 }
112
113 printf (" - Got a certificate list of %d certificates.\n\n",
114 cert_list_size);
115
116 for (j = 0; j < (unsigned int) cert_list_size; j++)
117 {
118
119 gnutls_x509_crt_init (&crt);
120 ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
121 if (ret < 0)
122 {
123 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
124 return;
125 }
126
127 printf (" - Certificate[%d] info:\n", j);
128
129 if (print_cert)
130 {
131 size_t size;
132
133 size = sizeof (buffer);
134
135 ret =
136 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, buffer, &size);
137 if (ret < 0)
138 {
139 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
140 return;
141 }
142 fputs ("\n", stdout);
143 fputs (buffer, stdout);
144 fputs ("\n", stdout);
145 }
146
147 if (j == 0 && hostname != NULL)
148 { /* Check the hostname of the first certificate
149 * if it matches the name of the host we
150 * connected to.
151 */
152 if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
153 {
154 printf
155 (" # The hostname in the certificate does NOT match '%s'.\n",
156 hostname);
157 }
158 else
159 {
160 printf
161 (" # The hostname in the certificate matches '%s'.\n",
162 hostname);
163 }
164 }
165
166
167 expiret = gnutls_x509_crt_get_expiration_time (crt);
168 activet = gnutls_x509_crt_get_activation_time (crt);
169
170 printf (" # valid since: %s", my_ctime (&activet));
171 printf (" # expires at: %s", my_ctime (&expiret));
172
173
174 /* Print the serial number of the certificate.
175 */
176 if (verbose
177 && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0)
178 {
179 print = raw_to_string (serial, serial_size);
180 if (print != NULL)
181 printf (" # serial number: %s\n", print);
182 }
183
184 /* Print the fingerprint of the certificate
185 */
186 digest_size = sizeof (digest);
187 if ((ret =
188 gnutls_x509_crt_get_fingerprint (crt,
189 GNUTLS_DIG_MD5,
190 digest, &digest_size)) < 0)
191 {
192 fprintf (stderr,
193 "Error in fingerprint calculation: %s\n",
194 gnutls_strerror (ret));
195 }
196 else
197 {
198 print = raw_to_string (digest, digest_size);
199 if (print != NULL)
200 printf (" # fingerprint: %s\n", print);
201 }
202
203 /* Print the version of the X.509
204 * certificate.
205 */
206 if (verbose)
207 {
208 printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt));
209
210 bits = 0;
211 algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits);
212 printf (" # public key algorithm: ");
213
214 cstr = SU (gnutls_pk_algorithm_get_name (algo));
215 printf ("%s (%d bits)\n", cstr, bits);
216
217 #ifdef ENABLE_PKI
218 if (algo == GNUTLS_PK_RSA)
219 {
220 gnutls_datum_t e, m;
221
222 ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e);
223 if (ret >= 0)
224 {
225 print = SU (raw_to_string (e.data, e.size));
226 printf (" # e [%d bits]: %s\n", e.size * 8, print);
227
228 print = SU (raw_to_string (m.data, m.size));
229 printf (" # m [%d bits]: %s\n", m.size * 8, print);
230
231 gnutls_free (e.data);
232 gnutls_free (m.data);
233 }
234 }
235 else if (algo == GNUTLS_PK_DSA)
236 {
237 gnutls_datum_t p, q, g, y;
238
239 ret = gnutls_x509_crt_get_pk_dsa_raw (crt, &p, &q, &g, &y);
240 if (ret >= 0)
241 {
242 print = SU (raw_to_string (p.data, p.size));
243 printf (" # p [%d bits]: %s\n", p.size * 8, print);
244
245 print = SU (raw_to_string (q.data, q.size));
246 printf (" # q [%d bits]: %s\n", q.size * 8, print);
247
248 print = SU (raw_to_string (g.data, g.size));
249 printf (" # g [%d bits]: %s\n", g.size * 8, print);
250
251 print = SU (raw_to_string (y.data, y.size));
252 printf (" # y [%d bits]: %s\n", y.size * 8, print);
253
254 gnutls_free (p.data);
255 gnutls_free (q.data);
256 gnutls_free (g.data);
257 gnutls_free (y.data);
258 }
259 }
260 #endif
261 }
262
263 dn_size = sizeof (dn);
264 ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size);
265 if (ret >= 0)
266 printf (" # Subject's DN: %s\n", dn);
267
268 dn_size = sizeof (dn);
269 ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size);
270 if (ret >= 0)
271 printf (" # Issuer's DN: %s\n", dn);
272
273 gnutls_x509_crt_deinit (crt);
274
275 printf ("\n");
276
277 }
278
279 }
280
281 #ifdef ENABLE_OPENPGP
282
283 void
284 print_openpgp_info (gnutls_session_t session, const char *hostname)
285 {
286
287 char digest[20];
288 size_t digest_size = sizeof (digest);
289 int ret;
290 const char *print;
291 const char *cstr;
292 char name[256];
293 size_t name_len = sizeof (name);
294 gnutls_openpgp_key_t crt;
295 const gnutls_datum_t *cert_list;
296 int cert_list_size = 0;
297 time_t expiret;
298 time_t activet;
299
300 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
301
302 if (cert_list_size > 0)
303 {
304 unsigned int algo, bits;
305
306 gnutls_openpgp_key_init (&crt);
307 ret =
308 gnutls_openpgp_key_import (crt, &cert_list[0],
309 GNUTLS_OPENPGP_FMT_RAW);
310 if (ret < 0)
311 {
312 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
313 return;
314 }
315
316 if (print_cert)
317 {
318 size_t size;
319
320 size = sizeof (buffer);
321
322 ret =
323 gnutls_openpgp_key_export (crt,
324 GNUTLS_OPENPGP_FMT_BASE64,
325 buffer, &size);
326 if (ret < 0)
327 {
328 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
329 return;
330 }
331 fputs ("\n", stdout);
332 fputs (buffer, stdout);
333 fputs ("\n", stdout);
334 }
335
336 if (hostname != NULL)
337 { /* Check the hostname of the first certificate
338 * if it matches the name of the host we
339 * connected to.
340 */
341 if (gnutls_openpgp_key_check_hostname (crt, hostname) == 0)
342 {
343 printf
344 (" # The hostname in the key does NOT match '%s'.\n",
345 hostname);
346 }
347 else
348 {
349 printf (" # The hostname in the key matches '%s'.\n", hostname);
350 }
351 }
352
353 activet = gnutls_openpgp_key_get_creation_time (crt);
354 expiret = gnutls_openpgp_key_get_expiration_time (crt);
355
356 printf (" # Key was created at: %s", my_ctime (&activet));
357 printf (" # Key expires: ");
358 if (expiret != 0)
359 printf ("%s", my_ctime (&expiret));
360 else
361 printf ("Never\n");
362
363 if (gnutls_openpgp_key_get_fingerprint (crt, digest, &digest_size) >= 0)
364 {
365 print = raw_to_string (digest, digest_size);
366
367 printf (" # PGP Key version: %d\n",
368 gnutls_openpgp_key_get_version (crt));
369
370 bits = 0;
371 algo = gnutls_openpgp_key_get_pk_algorithm (crt, &bits);
372
373 printf (" # PGP Key public key algorithm: ");
374 cstr = SU (gnutls_pk_algorithm_get_name (algo));
375 printf ("%s (%d bits)\n", cstr, bits);
376
377 if (print != NULL)
378 printf (" # PGP Key fingerprint: %s\n", print);
379
380 name_len = sizeof (name);
381 if (gnutls_openpgp_key_get_name (crt, 0, name, &name_len) < 0)
382 {
383 fprintf (stderr, "Could not extract name\n");
384 }
385 else
386 {
387 PRINT_PGP_NAME (name);
388 }
389
390 }
391
392 gnutls_openpgp_key_deinit (crt);
393
394 }
395 }
396
397 #endif
398
399 void
400 print_cert_vrfy (gnutls_session_t session)
401 {
402 int rc;
403 unsigned int status;
404
405 rc = gnutls_certificate_verify_peers2 (session, &status);
406 printf ("\n");
407
408 if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
409 {
410 printf ("- Peer did not send any certificate.\n");
411 return;
412 }
413
414 if (rc < 0)
415 {
416 printf ("- Could not verify certificate (err: %s)\n",
417 gnutls_strerror (rc));
418 return;
419 }
420
421 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
422 {
423 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
424 printf ("- Peer's certificate issuer is unknown\n");
425 if (status & GNUTLS_CERT_INVALID)
426 printf ("- Peer's certificate is NOT trusted\n");
427 else
428 printf ("- Peer's certificate is trusted\n");
429 }
430 else
431 {
432 if (status & GNUTLS_CERT_INVALID)
433 printf ("- Peer's key is invalid\n");
434 else
435 printf ("- Peer's key is valid\n");
436 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
437 printf ("- Could not find a signer of the peer's key\n");
438 }
439 }
440
441 int
442 print_info (gnutls_session_t session, const char *hostname)
443 {
444 const char *tmp;
445 gnutls_credentials_type_t cred;
446 gnutls_kx_algorithm_t kx;
447
448
449 /* print the key exchange's algorithm name
450 */
451 kx = gnutls_kx_get (session);
452
453 cred = gnutls_auth_get_type (session);
454 switch (cred)
455 {
456 #ifdef ENABLE_ANON
457 case GNUTLS_CRD_ANON:
458 printf ("- Anonymous DH using prime of %d bits, secret key "
459 "of %d bits, and peer's public key is %d bits.\n",
460 gnutls_dh_get_prime_bits (session),
461 gnutls_dh_get_secret_bits (session),
462 gnutls_dh_get_peers_public_bits (session));
463 break;
464 #endif
465 #ifdef ENABLE_SRP
466 case GNUTLS_CRD_SRP:
467 /* This should be only called in server
468 * side.
469 */
470 if (gnutls_srp_server_get_username (session) != NULL)
471 printf ("- SRP authentication. Connected as '%s'\n",
472 gnutls_srp_server_get_username (session));
473 break;
474 #endif
475 #ifdef ENABLE_PSK
476 case GNUTLS_CRD_PSK:
477 /* This should be only called in server
478 * side.
479 */
480 if (gnutls_psk_server_get_username (session) != NULL)
481 printf ("- PSK authentication. Connected as '%s'\n",
482 gnutls_psk_server_get_username (session));
483 if (kx == GNUTLS_KX_DHE_PSK)
484 {
485 printf ("- DH using prime of %d bits, secret key "
486 "of %d bits, and peer's public key is %d bits.\n",
487 gnutls_dh_get_prime_bits (session),
488 gnutls_dh_get_secret_bits (session),
489 gnutls_dh_get_peers_public_bits (session));
490 }
491 break;
492 #endif
493 case GNUTLS_CRD_IA:
494 printf ("- TLS/IA authentication\n");
495 break;
496 case GNUTLS_CRD_CERTIFICATE:
497 {
498 char dns[256];
499 size_t dns_size = sizeof (dns);
500 unsigned int type;
501
502 /* This fails in client side */
503 if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
504 {
505 printf ("- Given server name[%d]: %s\n", type, dns);
506 }
507 }
508
509 print_cert_info (session, hostname);
510
511 print_cert_vrfy (session);
512
513 }
514
515 tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
516 printf ("- Version: %s\n", tmp);
517
518 tmp = SU (gnutls_kx_get_name (kx));
519 printf ("- Key Exchange: %s\n", tmp);
520
521 tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
522 printf ("- Cipher: %s\n", tmp);
523
524 tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
525 printf ("- MAC: %s\n", tmp);
526
527 tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
528 printf ("- Compression: %s\n", tmp);
529
530 fflush (stdout);
531
532 return 0;
533 }
534
535 void
536 print_cert_info (gnutls_session_t session, const char *hostname)
537 {
538
539 if (gnutls_certificate_client_get_request_status (session) != 0)
540 printf ("- Server has requested a certificate.\n");
541
542 printf ("- Certificate type: ");
543 switch (gnutls_certificate_type_get (session))
544 {
545 case GNUTLS_CRT_X509:
546 printf ("X.509\n");
547 print_x509_info (session, hostname);
548 break;
549 #ifdef ENABLE_OPENPGP
550 case GNUTLS_CRT_OPENPGP:
551 printf ("OpenPGP\n");
552 print_openpgp_info (session, hostname);
553 break;
554 #endif
555 }
556 }
557
558 void
559 print_list (int verbose)
560 {
561 {
562 size_t i;
563 const char *name;
564 char id[2];
565 gnutls_kx_algorithm_t kx;
566 gnutls_cipher_algorithm_t cipher;
567 gnutls_mac_algorithm_t mac;
568 gnutls_protocol_t version;
569
570 printf ("Cipher suites:\n");
571 for (i = 0; (name = gnutls_cipher_suite_info
572 (i, id, &kx, &cipher, &mac, &version)); i++)
573 {
574 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
575 name,
576 (unsigned char) id[0], (unsigned char) id[1],
577 gnutls_protocol_get_name (version));
578 if (verbose)
579 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
580 gnutls_kx_get_name (kx),
581 gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
582 }
583 }
584
585 {
586 const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
587
588 printf ("Certificate types: ");
589 for (; *p; p++)
590 {
591 printf ("%s", gnutls_certificate_type_get_name (*p));
592 if (*(p + 1))
593 printf (", ");
594 else
595 printf ("\n");
596 }
597 }
598
599 {
600 const gnutls_protocol_t *p = gnutls_protocol_list ();
601
602 printf ("Protocols: ");
603 for (; *p; p++)
604 {
605 printf ("%s", gnutls_protocol_get_name (*p));
606 if (*(p + 1))
607 printf (", ");
608 else
609 printf ("\n");
610 }
611 }
612
613 {
614 const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
615
616 printf ("Ciphers: ");
617 for (; *p; p++)
618 {
619 printf ("%s", gnutls_cipher_get_name (*p));
620 if (*(p + 1))
621 printf (", ");
622 else
623 printf ("\n");
624 }
625 }
626
627 {
628 const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
629
630 printf ("MACs: ");
631 for (; *p; p++)
632 {
633 printf ("%s", gnutls_mac_get_name (*p));
634 if (*(p + 1))
635 printf (", ");
636 else
637 printf ("\n");
638 }
639 }
640
641 {
642 const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
643
644 printf ("Key exchange algorithms: ");
645 for (; *p; p++)
646 {
647 printf ("%s", gnutls_kx_get_name (*p));
648 if (*(p + 1))
649 printf (", ");
650 else
651 printf ("\n");
652 }
653 }
654
655 {
656 const gnutls_compression_method_t *p = gnutls_compression_list ();
657
658 printf ("Compression: ");
659 for (; *p; p++)
660 {
661 printf ("%s", gnutls_compression_get_name (*p));
662 if (*(p + 1))
663 printf (", ");
664 else
665 printf ("\n");
666 }
667 }
668 }
669
670 void
671 print_license (void)
672 {
673 fputs ("\nCopyright (C) 2004 Free Software Foundation\n"
674 "This program is free software; you can redistribute it and/or modify \n"
675 "it under the terms of the GNU General Public License as published by \n"
676 "the Free Software Foundation; either version 2 of the License, or \n"
677 "(at your option) any later version. \n" "\n"
678 "This program is distributed in the hope that it will be useful, \n"
679 "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
680 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
681 "GNU General Public License for more details. \n" "\n"
682 "You should have received a copy of the GNU General Public License \n"
683 "along with this program; if not, write to the Free Software \n"
684 "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n",
685 stdout);
686 }
687
688 void
689 parse_protocols (char **protocols, int protocols_size, int *protocol_priority)
690 {
691 int i, j;
692
693 if (protocols != NULL && protocols_size > 0)
694 {
695 for (j = i = 0; i < protocols_size; i++)
696 {
697 if (strncasecmp (protocols[i], "SSL", 3) == 0)
698 protocol_priority[j++] = GNUTLS_SSL3;
699 else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
700 protocol_priority[j++] = GNUTLS_TLS1_1;
701 else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
702 protocol_priority[j++] = GNUTLS_TLS1_2;
703 else if (strncasecmp (protocols[i], "TLS", 3) == 0)
704 protocol_priority[j++] = GNUTLS_TLS1_0;
705 else
706 fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
707 }
708 protocol_priority[j] = 0;
709 }
710 }
711
712 void
713 parse_ciphers (char **ciphers, int nciphers, int *cipher_priority)
714 {
715 int j, i;
716
717 if (ciphers != NULL && nciphers > 0)
718 {
719 for (j = i = 0; i < nciphers; i++)
720 {
721 if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
722 cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
723 else if (strncasecmp (ciphers[i], "AES", 3) == 0)
724 cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
725 else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
726 cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
727 else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
728 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
729 else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
730 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
731 #ifdef ENABLE_CAMELLIA
732 else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
733 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
734 else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
735 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
736 #endif
737 else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
738 cipher_priority[j++] = GNUTLS_CIPHER_NULL;
739 else
740 fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
741 }
742 cipher_priority[j] = 0;
743 }
744 }
745
746 void
747 parse_macs (char **macs, int nmacs, int *mac_priority)
748 {
749 int i, j;
750 if (macs != NULL && nmacs > 0)
751 {
752 for (j = i = 0; i < nmacs; i++)
753 {
754 if (strncasecmp (macs[i], "MD5", 3) == 0)
755 mac_priority[j++] = GNUTLS_MAC_MD5;
756 else if (strncasecmp (macs[i], "RMD", 3) == 0)
757 mac_priority[j++] = GNUTLS_MAC_RMD160;
758 else if (strncasecmp (macs[i], "SHA512", 6) == 0)
759 mac_priority[j++] = GNUTLS_MAC_SHA512;
760 else if (strncasecmp (macs[i], "SHA384", 6) == 0)
761 mac_priority[j++] = GNUTLS_MAC_SHA384;
762 else if (strncasecmp (macs[i], "SHA256", 6) == 0)
763 mac_priority[j++] = GNUTLS_MAC_SHA256;
764 else if (strncasecmp (macs[i], "SHA", 3) == 0)
765 mac_priority[j++] = GNUTLS_MAC_SHA1;
766 else
767 fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
768 }
769 mac_priority[j] = 0;
770 }
771 }
772
773 void
774 parse_ctypes (char **ctype, int nctype, int *cert_type_priority)
775 {
776 int i, j;
777 if (ctype != NULL && nctype > 0)
778 {
779 for (j = i = 0; i < nctype; i++)
780 {
781 if (strncasecmp (ctype[i], "OPE", 3) == 0)
782 cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
783 else if (strncasecmp (ctype[i], "X", 1) == 0)
784 cert_type_priority[j++] = GNUTLS_CRT_X509;
785 else
786 fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
787 }
788 cert_type_priority[j] = 0;
789 }
790 }
791
792 void
793 parse_kx (char **kx, int nkx, int *kx_priority)
794 {
795 int i, j;
796 if (kx != NULL && nkx > 0)
797 {
798 for (j = i = 0; i < nkx; i++)
799 {
800 if (strcasecmp (kx[i], "SRP") == 0)
801 kx_priority[j++] = GNUTLS_KX_SRP;
802 else if (strcasecmp (kx[i], "SRP-RSA") == 0)
803 kx_priority[j++] = GNUTLS_KX_SRP_RSA;
804 else if (strcasecmp (kx[i], "SRP-DSS") == 0)
805 kx_priority[j++] = GNUTLS_KX_SRP_DSS;
806 else if (strcasecmp (kx[i], "RSA") == 0)
807 kx_priority[j++] = GNUTLS_KX_RSA;
808 else if (strcasecmp (kx[i], "PSK") == 0)
809 kx_priority[j++] = GNUTLS_KX_PSK;
810 else if (strcasecmp (kx[i], "DHE-PSK") == 0)
811 kx_priority[j++] = GNUTLS_KX_DHE_PSK;
812 else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
813 kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
814 else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
815 kx_priority[j++] = GNUTLS_KX_DHE_RSA;
816 else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
817 kx_priority[j++] = GNUTLS_KX_DHE_DSS;
818 else if (strncasecmp (kx[i], "ANON", 4) == 0)
819 kx_priority[j++] = GNUTLS_KX_ANON_DH;
820 else
821 fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
822 }
823 kx_priority[j] = 0;
824 }
825 }
826
827 void
828 parse_comp (char **comp, int ncomp, int *comp_priority)
829 {
830 int i, j;
831 if (comp != NULL && ncomp > 0)
832 {
833 for (j = i = 0; i < ncomp; i++)
834 {
835 if (strncasecmp (comp[i], "NUL", 3) == 0)
836 comp_priority[j++] = GNUTLS_COMP_NULL;
837 else if (strncasecmp (comp[i], "ZLI", 3) == 0)
838 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
839 else if (strncasecmp (comp[i], "DEF", 3) == 0)
840 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
841 else if (strncasecmp (comp[i], "LZO", 3) == 0)
842 comp_priority[j++] = GNUTLS_COMP_LZO;
843 else
844 fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
845 }
846 comp_priority[j] = 0;
847 }
848 }
849
850 void
851 sockets_init (void)
852 {
853 #ifdef _WIN32
854 WORD wVersionRequested;
855 WSADATA wsaData;
856
857 wVersionRequested = MAKEWORD (1, 1);
858 if (WSAStartup (wVersionRequested, &wsaData) != 0)
859 {
860 perror ("WSA_STARTUP_ERROR");
861 }
862 #endif
863 }
864
865 /* converts a service name or a port (in string) to a
866 * port number. The protocol is assumed to be TCP.
867 *
868 * returns -1 on error;
869 */
870 int
871 service_to_port (const char *service)
872 {
873 int port;
874 struct servent *server_port;
875
876 port = atoi (service);
877 if (port != 0)
878 return port;
879
880 server_port = getservbyname (service, "tcp");
881 if (server_port == NULL)
882 {
883 perror ("getservbyname()");
884 return (-1);
885 }
886
887 return ntohs (server_port->s_port);
888
889 }
Implementation of the SSL/TLS protocol