search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
provide accurate value to select
[gnutls.git] / src / common.c
blobf35f16f9f7451d8ae84badf443f4ebd3d58d7eec
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 * Author: Nikos Mavrogiannopoulos
4 *
5 * This file is part of GnuTLS.
6 *
7 * GnuTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22
23 /* Work around problem reported in
24 <http://permalink.gmane.org/gmane.comp.lib.gnulib.bugs/15755>.*/
25 #if GETTIMEOFDAY_CLOBBERS_LOCALTIME
26 #undef localtime
27 #endif
28
29 #include <getpass.h>
30
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <gnutls/gnutls.h>
35 #include <gnutls/x509.h>
36 #include <gnutls/openpgp.h>
37 #include <time.h>
38 #include <common.h>
39
40 #define SU(x) (x!=NULL?x:"Unknown")
41
42 extern int verbose;
43
44 const char str_unknown[] = "(unknown)";
45
46 /* Hex encodes the given data.
47 */
48 const char *
49 raw_to_string (const unsigned char *raw, size_t raw_size)
50 {
51 static char buf[1024];
52 size_t i;
53 if (raw_size == 0)
54 return NULL;
55
56 if (raw_size * 3 + 1 >= sizeof (buf))
57 return NULL;
58
59 for (i = 0; i < raw_size; i++)
60 {
61 sprintf (&(buf[i * 3]), "%02X%s", raw[i],
62 (i == raw_size - 1) ? "" : ":");
63 }
64 buf[sizeof (buf) - 1] = '\0';
65
66 return buf;
67 }
68
69 static void
70 print_x509_info_compact (gnutls_session_t session)
71 {
72 gnutls_x509_crt_t crt;
73 const gnutls_datum_t *cert_list;
74 unsigned int cert_list_size = 0;
75 int ret;
76 gnutls_datum_t cinfo;
77
78 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
79 if (cert_list_size == 0)
80 {
81 fprintf (stderr, "No certificates found!\n");
82 return;
83 }
84
85 gnutls_x509_crt_init (&crt);
86 ret =
87 gnutls_x509_crt_import (crt, &cert_list[0],
88 GNUTLS_X509_FMT_DER);
89 if (ret < 0)
90 {
91 fprintf (stderr, "Decoding error: %s\n",
92 gnutls_strerror (ret));
93 return;
94 }
95
96 ret =
97 gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
98 if (ret == 0)
99 {
100 printf ("- X.509 cert: %s\n", cinfo.data);
101 gnutls_free (cinfo.data);
102 }
103
104 gnutls_x509_crt_deinit (crt);
105 }
106
107 static void
108 print_x509_info (gnutls_session_t session, int flag, int print_cert)
109 {
110 gnutls_x509_crt_t crt;
111 const gnutls_datum_t *cert_list;
112 unsigned int cert_list_size = 0, j;
113 int ret;
114
115 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
116 if (cert_list_size == 0)
117 {
118 fprintf (stderr, "No certificates found!\n");
119 return;
120 }
121
122 printf ("- Certificate type: X.509\n");
123 printf ("- Got a certificate list of %d certificates.\n",
124 cert_list_size);
125
126 for (j = 0; j < cert_list_size; j++)
127 {
128 gnutls_datum_t cinfo;
129
130 gnutls_x509_crt_init (&crt);
131 ret =
132 gnutls_x509_crt_import (crt, &cert_list[j],
133 GNUTLS_X509_FMT_DER);
134 if (ret < 0)
135 {
136 fprintf (stderr, "Decoding error: %s\n",
137 gnutls_strerror (ret));
138 return;
139 }
140
141 printf ("- Certificate[%d] info:\n - ", j);
142
143 ret =
144 gnutls_x509_crt_print (crt, flag, &cinfo);
145 if (ret == 0)
146 {
147 printf ("%s\n", cinfo.data);
148 gnutls_free (cinfo.data);
149 }
150
151 if (print_cert)
152 {
153 size_t size = 0;
154 char *p = NULL;
155
156 ret =
157 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p,
158 &size);
159 if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
160 {
161 p = malloc (size);
162 if (!p)
163 {
164 fprintf (stderr, "gnutls_malloc\n");
165 exit (1);
166 }
167
168 ret =
169 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
170 p, &size);
171 }
172 if (ret < 0)
173 {
174 fprintf (stderr, "Encoding error: %s\n",
175 gnutls_strerror (ret));
176 return;
177 }
178
179 fputs ("\n", stdout);
180 fputs (p, stdout);
181 fputs ("\n", stdout);
182
183 gnutls_free (p);
184 }
185
186 gnutls_x509_crt_deinit (crt);
187 }
188 }
189
190 /* returns true or false, depending on whether the hostname
191 * matches to certificate */
192 static int
193 verify_x509_hostname (gnutls_session_t session, const char *hostname)
194 {
195 gnutls_x509_crt_t crt;
196 const gnutls_datum_t *cert_list;
197 unsigned int cert_list_size = 0;
198 int ret;
199
200 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
201 if (cert_list_size == 0)
202 {
203 fprintf (stderr, "No certificates found!\n");
204 return 0;
205 }
206
207 gnutls_x509_crt_init (&crt);
208 ret =
209 gnutls_x509_crt_import (crt, &cert_list[0],
210 GNUTLS_X509_FMT_DER);
211 if (ret < 0)
212 {
213 fprintf (stderr, "Decoding error: %s\n",
214 gnutls_strerror (ret));
215 return 0;
216 }
217
218 /* Check the hostname of the first certificate if it matches
219 * the name of the host we connected to.
220 */
221 if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
222 {
223 printf
224 ("- The hostname in the certificate does NOT match '%s'\n",
225 hostname);
226 ret = 0;
227 }
228 else
229 {
230 printf ("- The hostname in the certificate matches '%s'.\n",
231 hostname);
232 ret = 1;
233 }
234
235 gnutls_x509_crt_deinit (crt);
236
237 return ret;
238 }
239
240 #ifdef ENABLE_OPENPGP
241 /* returns true or false, depending on whether the hostname
242 * matches to certificate */
243 static int
244 verify_openpgp_hostname (gnutls_session_t session, const char *hostname)
245 {
246 gnutls_openpgp_crt_t crt;
247 const gnutls_datum_t *cert_list;
248 unsigned int cert_list_size = 0;
249 int ret;
250
251 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
252 if (cert_list_size == 0)
253 {
254 fprintf (stderr, "No certificates found!\n");
255 return 0;
256 }
257
258 gnutls_openpgp_crt_init (&crt);
259 ret =
260 gnutls_openpgp_crt_import (crt, &cert_list[0],
261 GNUTLS_OPENPGP_FMT_RAW);
262 if (ret < 0)
263 {
264 fprintf (stderr, "Decoding error: %s\n",
265 gnutls_strerror (ret));
266 return 0;
267 }
268
269 /* Check the hostname of the first certificate if it matches
270 * the name of the host we connected to.
271 */
272 if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
273 {
274 printf
275 ("- The hostname in the certificate does NOT match '%s'\n",
276 hostname);
277 ret = 0;
278 }
279 else
280 {
281 printf ("- The hostname in the certificate matches '%s'.\n",
282 hostname);
283 ret = 1;
284 }
285
286 gnutls_openpgp_crt_deinit (crt);
287
288 return ret;
289 }
290
291 static void
292 print_openpgp_info_compact (gnutls_session_t session)
293 {
294
295 gnutls_openpgp_crt_t crt;
296 const gnutls_datum_t *cert_list;
297 unsigned int cert_list_size = 0;
298 int ret;
299
300 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
301
302 if (cert_list_size > 0)
303 {
304 gnutls_datum_t cinfo;
305
306 gnutls_openpgp_crt_init (&crt);
307 ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
308 GNUTLS_OPENPGP_FMT_RAW);
309 if (ret < 0)
310 {
311 fprintf (stderr, "Decoding error: %s\n",
312 gnutls_strerror (ret));
313 return;
314 }
315
316 ret =
317 gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
318 if (ret == 0)
319 {
320 printf ("- OpenPGP cert: %s\n", cinfo.data);
321 gnutls_free (cinfo.data);
322 }
323
324 gnutls_openpgp_crt_deinit (crt);
325 }
326 }
327
328 static void
329 print_openpgp_info (gnutls_session_t session, int flag, int print_cert)
330 {
331
332 gnutls_openpgp_crt_t crt;
333 const gnutls_datum_t *cert_list;
334 unsigned int cert_list_size = 0;
335 int ret;
336
337 printf ("- Certificate type: OpenPGP\n");
338
339 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
340
341 if (cert_list_size > 0)
342 {
343 gnutls_datum_t cinfo;
344
345 gnutls_openpgp_crt_init (&crt);
346 ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
347 GNUTLS_OPENPGP_FMT_RAW);
348 if (ret < 0)
349 {
350 fprintf (stderr, "Decoding error: %s\n",
351 gnutls_strerror (ret));
352 return;
353 }
354
355 ret =
356 gnutls_openpgp_crt_print (crt, flag, &cinfo);
357 if (ret == 0)
358 {
359 printf ("- %s\n", cinfo.data);
360 gnutls_free (cinfo.data);
361 }
362
363 if (print_cert)
364 {
365 size_t size = 0;
366 char *p = NULL;
367
368 ret =
369 gnutls_openpgp_crt_export (crt,
370 GNUTLS_OPENPGP_FMT_BASE64,
371 p, &size);
372 if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
373 {
374 p = malloc (size);
375 if (!p)
376 {
377 fprintf (stderr, "gnutls_malloc\n");
378 exit (1);
379 }
380
381 ret =
382 gnutls_openpgp_crt_export (crt,
383 GNUTLS_OPENPGP_FMT_BASE64,
384 p, &size);
385 }
386 if (ret < 0)
387 {
388 fprintf (stderr, "Encoding error: %s\n",
389 gnutls_strerror (ret));
390 return;
391 }
392
393 fputs (p, stdout);
394 fputs ("\n", stdout);
395
396 gnutls_free (p);
397 }
398
399 gnutls_openpgp_crt_deinit (crt);
400 }
401 }
402
403 #endif
404
405 /* returns false (0) if not verified, or true (1) otherwise
406 */
407 int
408 cert_verify (gnutls_session_t session, const char* hostname)
409 {
410 int rc;
411 unsigned int status = 0;
412 int type;
413
414 rc = gnutls_certificate_verify_peers2 (session, &status);
415 if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
416 {
417 printf ("- Peer did not send any certificate.\n");
418 return 0;
419 }
420
421 if (rc < 0)
422 {
423 printf ("- Could not verify certificate (err: %s)\n",
424 gnutls_strerror (rc));
425 return 0;
426 }
427
428 type = gnutls_certificate_type_get (session);
429 if (type == GNUTLS_CRT_X509)
430 {
431
432 if (status & GNUTLS_CERT_REVOKED)
433 printf ("- Peer's certificate chain revoked\n");
434 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
435 printf ("- Peer's certificate issuer is unknown\n");
436 if (status & GNUTLS_CERT_SIGNER_NOT_CA)
437 printf ("- Peer's certificate issuer is not a CA\n");
438 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
439 printf
440 ("- Peer's certificate chain uses insecure algorithm\n");
441 if (status & GNUTLS_CERT_NOT_ACTIVATED)
442 printf
443 ("- Peer's certificate chain uses not yet valid certificate\n");
444 if (status & GNUTLS_CERT_EXPIRED)
445 printf
446 ("- Peer's certificate chain uses expired certificate\n");
447 if (status & GNUTLS_CERT_INVALID)
448 printf ("- Peer's certificate is NOT trusted\n");
449 else
450 printf ("- Peer's certificate is trusted\n");
451
452 rc = verify_x509_hostname (session, hostname);
453 if (rc == 0) status |= GNUTLS_CERT_INVALID;
454 }
455 else if (type == GNUTLS_CRT_OPENPGP)
456 {
457 if (status & GNUTLS_CERT_INVALID)
458 printf ("- Peer's key is invalid\n");
459 else
460 printf ("- Peer's key is valid\n");
461 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
462 printf ("- Could not find a signer of the peer's key\n");
463
464 rc = verify_openpgp_hostname (session, hostname);
465 if (rc == 0) status |= GNUTLS_CERT_INVALID;
466 }
467 else
468 {
469 fprintf(stderr, "Unknown certificate type\n");
470 status |= GNUTLS_CERT_INVALID;
471 }
472
473 if (status)
474 return 0;
475
476 return 1;
477 }
478
479 static void
480 print_dh_info (gnutls_session_t session, const char *str, int print)
481 {
482 printf ("- %sDiffie-Hellman parameters\n", str);
483 printf (" - Using prime: %d bits\n",
484 gnutls_dh_get_prime_bits (session));
485 printf (" - Secret key: %d bits\n",
486 gnutls_dh_get_secret_bits (session));
487 printf (" - Peer's public key: %d bits\n",
488 gnutls_dh_get_peers_public_bits (session));
489
490 if (print)
491 {
492 int ret;
493 gnutls_datum_t raw_gen = { NULL, 0 };
494 gnutls_datum_t raw_prime = { NULL, 0 };
495 gnutls_dh_params_t dh_params = NULL;
496 unsigned char *params_data = NULL;
497 size_t params_data_size = 0;
498
499 ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
500 if (ret)
501 {
502 fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
503 goto out;
504 }
505
506 ret = gnutls_dh_params_init (&dh_params);
507 if (ret)
508 {
509 fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
510 goto out;
511 }
512
513 ret =
514 gnutls_dh_params_import_raw (dh_params, &raw_prime,
515 &raw_gen);
516 if (ret)
517 {
518 fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
519 goto out;
520 }
521
522 ret = gnutls_dh_params_export_pkcs3 (dh_params,
523 GNUTLS_X509_FMT_PEM,
524 params_data,
525 &params_data_size);
526 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
527 {
528 fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n",
529 ret);
530 goto out;
531 }
532
533 params_data = gnutls_malloc (params_data_size);
534 if (!params_data)
535 {
536 fprintf (stderr, "gnutls_malloc %d\n", ret);
537 goto out;
538 }
539
540 ret = gnutls_dh_params_export_pkcs3 (dh_params,
541 GNUTLS_X509_FMT_PEM,
542 params_data,
543 &params_data_size);
544 if (ret)
545 {
546 fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n",
547 ret);
548 goto out;
549 }
550
551 printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
552 params_data);
553
554 out:
555 gnutls_free (params_data);
556 gnutls_free (raw_prime.data);
557 gnutls_free (raw_gen.data);
558 gnutls_dh_params_deinit (dh_params);
559 }
560 }
561
562 static void
563 print_ecdh_info (gnutls_session_t session, const char *str)
564 {
565 int curve;
566
567 printf ("- %sEC Diffie-Hellman parameters\n", str);
568
569 curve = gnutls_ecc_curve_get (session);
570
571 printf (" - Using curve: %s\n", gnutls_ecc_curve_get_name (curve));
572 printf (" - Curve size: %d bits\n",
573 gnutls_ecc_curve_get_size (curve) * 8);
574
575 }
576
577 int
578 print_info (gnutls_session_t session, int print_cert)
579 {
580 const char *tmp;
581 gnutls_credentials_type_t cred;
582 gnutls_kx_algorithm_t kx;
583 unsigned char session_id[33];
584 size_t session_id_size = sizeof (session_id);
585
586 /* print session ID */
587 gnutls_session_get_id (session, session_id, &session_id_size);
588 printf ("- Session ID: %s\n",
589 raw_to_string (session_id, session_id_size));
590
591 /* print the key exchange's algorithm name
592 */
593 kx = gnutls_kx_get (session);
594
595 cred = gnutls_auth_get_type (session);
596 switch (cred)
597 {
598 #ifdef ENABLE_ANON
599 case GNUTLS_CRD_ANON:
600 if (kx == GNUTLS_KX_ANON_ECDH)
601 print_ecdh_info (session, "Anonymous ");
602 else
603 print_dh_info (session, "Anonymous ", verbose);
604 break;
605 #endif
606 #ifdef ENABLE_SRP
607 case GNUTLS_CRD_SRP:
608 /* This should be only called in server
609 * side.
610 */
611 if (gnutls_srp_server_get_username (session) != NULL)
612 printf ("- SRP authentication. Connected as '%s'\n",
613 gnutls_srp_server_get_username (session));
614 break;
615 #endif
616 #ifdef ENABLE_PSK
617 case GNUTLS_CRD_PSK:
618 /* This returns NULL in server side.
619 */
620 if (gnutls_psk_client_get_hint (session) != NULL)
621 printf ("- PSK authentication. PSK hint '%s'\n",
622 gnutls_psk_client_get_hint (session));
623 /* This returns NULL in client side.
624 */
625 if (gnutls_psk_server_get_username (session) != NULL)
626 printf ("- PSK authentication. Connected as '%s'\n",
627 gnutls_psk_server_get_username (session));
628 if (kx == GNUTLS_KX_DHE_PSK)
629 print_dh_info (session, "Ephemeral ", verbose);
630 if (kx == GNUTLS_KX_ECDHE_PSK)
631 print_ecdh_info (session, "Ephemeral ");
632 break;
633 #endif
634 case GNUTLS_CRD_IA:
635 printf ("- TLS/IA authentication\n");
636 break;
637 case GNUTLS_CRD_CERTIFICATE:
638 {
639 char dns[256];
640 size_t dns_size = sizeof (dns);
641 unsigned int type;
642
643 /* This fails in client side */
644 if (gnutls_server_name_get
645 (session, dns, &dns_size, &type, 0) == 0)
646 {
647 printf ("- Given server name[%d]: %s\n", type, dns);
648 }
649 }
650
651 print_cert_info (session,
652 verbose?GNUTLS_CRT_PRINT_FULL:GNUTLS_CRT_PRINT_COMPACT,
653 print_cert);
654
655 if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
656 print_dh_info (session, "Ephemeral ", verbose);
657 else if (kx == GNUTLS_KX_ECDHE_RSA
658 || kx == GNUTLS_KX_ECDHE_ECDSA)
659 print_ecdh_info (session, "Ephemeral ");
660 }
661
662 tmp =
663 SU (gnutls_protocol_get_name
664 (gnutls_protocol_get_version (session)));
665 printf ("- Version: %s\n", tmp);
666
667 tmp = SU (gnutls_kx_get_name (kx));
668 printf ("- Key Exchange: %s\n", tmp);
669
670 tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
671 printf ("- Cipher: %s\n", tmp);
672
673 tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
674 printf ("- MAC: %s\n", tmp);
675
676 tmp =
677 SU (gnutls_compression_get_name
678 (gnutls_compression_get (session)));
679 printf ("- Compression: %s\n", tmp);
680
681 if (verbose)
682 {
683 gnutls_datum_t cb;
684 int rc;
685
686 rc = gnutls_session_channel_binding (session,
687 GNUTLS_CB_TLS_UNIQUE, &cb);
688 if (rc)
689 fprintf (stderr, "Channel binding error: %s\n",
690 gnutls_strerror (rc));
691 else
692 {
693 size_t i;
694
695 printf ("- Channel binding 'tls-unique': ");
696 for (i = 0; i < cb.size; i++)
697 printf ("%02x", cb.data[i]);
698 printf ("\n");
699 }
700 }
701
702 /* Warning: Do not print anything more here. The 'Compression:'
703 output MUST be the last non-verbose output. This is used by
704 Emacs starttls.el code. */
705
706 fflush (stdout);
707
708 return 0;
709 }
710
711 void
712 print_cert_info (gnutls_session_t session, int flag, int print_cert)
713 {
714
715 if (gnutls_certificate_client_get_request_status (session) != 0)
716 printf ("- Server has requested a certificate.\n");
717
718 switch (gnutls_certificate_type_get (session))
719 {
720 case GNUTLS_CRT_X509:
721 print_x509_info (session, flag, print_cert);
722 break;
723 #ifdef ENABLE_OPENPGP
724 case GNUTLS_CRT_OPENPGP:
725 print_openpgp_info (session, flag, print_cert);
726 break;
727 #endif
728 default:
729 printf ("Unknown type\n");
730 break;
731 }
732 }
733
734 void
735 print_cert_info_compact (gnutls_session_t session)
736 {
737
738 if (gnutls_certificate_client_get_request_status (session) != 0)
739 printf ("- Server has requested a certificate.\n");
740
741 switch (gnutls_certificate_type_get (session))
742 {
743 case GNUTLS_CRT_X509:
744 print_x509_info_compact (session);
745 break;
746 #ifdef ENABLE_OPENPGP
747 case GNUTLS_CRT_OPENPGP:
748 print_openpgp_info_compact (session);
749 break;
750 #endif
751 default:
752 printf ("Unknown type\n");
753 break;
754 }
755 }
756
757 void
758 print_list (const char *priorities, int verbose)
759 {
760 size_t i;
761 int ret;
762 unsigned int idx;
763 const char *name;
764 const char *err;
765 unsigned char id[2];
766 gnutls_kx_algorithm_t kx;
767 gnutls_cipher_algorithm_t cipher;
768 gnutls_mac_algorithm_t mac;
769 gnutls_protocol_t version;
770 gnutls_priority_t pcache;
771 const unsigned int *list;
772
773 if (priorities != NULL)
774 {
775 printf ("Cipher suites for %s\n", priorities);
776
777 ret = gnutls_priority_init (&pcache, priorities, &err);
778 if (ret < 0)
779 {
780 fprintf (stderr, "Syntax error at: %s\n", err);
781 exit (1);
782 }
783
784 for (i = 0;; i++)
785 {
786 ret =
787 gnutls_priority_get_cipher_suite_index (pcache, i,
788 &idx);
789 if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
790 break;
791 if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
792 continue;
793
794 name =
795 gnutls_cipher_suite_info (idx, id, NULL, NULL, NULL,
796 &version);
797
798 if (name != NULL)
799 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
800 name, (unsigned char) id[0],
801 (unsigned char) id[1],
802 gnutls_protocol_get_name (version));
803 }
804
805 printf("\n");
806 {
807 ret = gnutls_priority_certificate_type_list (pcache, &list);
808
809 printf ("Certificate types: ");
810 if (ret == 0) printf("none\n");
811 for (i = 0; i < (unsigned)ret; i++)
812 {
813 printf ("CTYPE-%s",
814 gnutls_certificate_type_get_name (list[i]));
815 if (i+1!=(unsigned)ret)
816 printf (", ");
817 else
818 printf ("\n");
819 }
820 }
821
822 {
823 ret = gnutls_priority_protocol_list (pcache, &list);
824
825 printf ("Protocols: ");
826 if (ret == 0) printf("none\n");
827 for (i = 0; i < (unsigned)ret; i++)
828 {
829 printf ("VERS-%s", gnutls_protocol_get_name (list[i]));
830 if (i+1!=(unsigned)ret)
831 printf (", ");
832 else
833 printf ("\n");
834 }
835 }
836
837 {
838 ret = gnutls_priority_compression_list (pcache, &list);
839
840 printf ("Compression: ");
841 if (ret == 0) printf("none\n");
842 for (i = 0; i < (unsigned)ret; i++)
843 {
844 printf ("COMP-%s",
845 gnutls_compression_get_name (list[i]));
846 if (i+1!=(unsigned)ret)
847 printf (", ");
848 else
849 printf ("\n");
850 }
851 }
852
853 {
854 ret = gnutls_priority_ecc_curve_list (pcache, &list);
855
856 printf ("Elliptic curves: ");
857 if (ret == 0) printf("none\n");
858 for (i = 0; i < (unsigned)ret; i++)
859 {
860 printf ("CURVE-%s",
861 gnutls_ecc_curve_get_name (list[i]));
862 if (i+1!=(unsigned)ret)
863 printf (", ");
864 else
865 printf ("\n");
866 }
867 }
868
869 {
870 ret = gnutls_priority_sign_list (pcache, &list);
871
872 printf ("PK-signatures: ");
873 if (ret == 0) printf("none\n");
874 for (i = 0; i < (unsigned)ret; i++)
875 {
876 printf ("SIGN-%s",
877 gnutls_sign_algorithm_get_name (list[i]));
878 if (i+1!=(unsigned)ret)
879 printf (", ");
880 else
881 printf ("\n");
882 }
883 }
884
885 return;
886 }
887
888 printf ("Cipher suites:\n");
889 for (i = 0; (name = gnutls_cipher_suite_info
890 (i, id, &kx, &cipher, &mac, &version)); i++)
891 {
892 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
893 name,
894 (unsigned char) id[0], (unsigned char) id[1],
895 gnutls_protocol_get_name (version));
896 if (verbose)
897 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
898 gnutls_kx_get_name (kx),
899 gnutls_cipher_get_name (cipher),
900 gnutls_mac_get_name (mac));
901 }
902
903 printf("\n");
904 {
905 const gnutls_certificate_type_t *p =
906 gnutls_certificate_type_list ();
907
908 printf ("Certificate types: ");
909 for (; *p; p++)
910 {
911 printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
912 if (*(p + 1))
913 printf (", ");
914 else
915 printf ("\n");
916 }
917 }
918
919 {
920 const gnutls_protocol_t *p = gnutls_protocol_list ();
921
922 printf ("Protocols: ");
923 for (; *p; p++)
924 {
925 printf ("VERS-%s", gnutls_protocol_get_name (*p));
926 if (*(p + 1))
927 printf (", ");
928 else
929 printf ("\n");
930 }
931 }
932
933 {
934 const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
935
936 printf ("Ciphers: ");
937 for (; *p; p++)
938 {
939 printf ("%s", gnutls_cipher_get_name (*p));
940 if (*(p + 1))
941 printf (", ");
942 else
943 printf ("\n");
944 }
945 }
946
947 {
948 const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
949
950 printf ("MACs: ");
951 for (; *p; p++)
952 {
953 printf ("%s", gnutls_mac_get_name (*p));
954 if (*(p + 1))
955 printf (", ");
956 else
957 printf ("\n");
958 }
959 }
960
961 {
962 const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
963
964 printf ("Key exchange algorithms: ");
965 for (; *p; p++)
966 {
967 printf ("%s", gnutls_kx_get_name (*p));
968 if (*(p + 1))
969 printf (", ");
970 else
971 printf ("\n");
972 }
973 }
974
975 {
976 const gnutls_compression_method_t *p = gnutls_compression_list ();
977
978 printf ("Compression: ");
979 for (; *p; p++)
980 {
981 printf ("COMP-%s", gnutls_compression_get_name (*p));
982 if (*(p + 1))
983 printf (", ");
984 else
985 printf ("\n");
986 }
987 }
988
989 {
990 const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
991
992 printf ("Elliptic curves: ");
993 for (; *p; p++)
994 {
995 printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p));
996 if (*(p + 1))
997 printf (", ");
998 else
999 printf ("\n");
1000 }
1001 }
1002
1003 {
1004 const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
1005
1006 printf ("Public Key Systems: ");
1007 for (; *p; p++)
1008 {
1009 printf ("%s", gnutls_pk_algorithm_get_name (*p));
1010 if (*(p + 1))
1011 printf (", ");
1012 else
1013 printf ("\n");
1014 }
1015 }
1016
1017 {
1018 const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
1019
1020 printf ("PK-signatures: ");
1021 for (; *p; p++)
1022 {
1023 printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
1024 if (*(p + 1))
1025 printf (", ");
1026 else
1027 printf ("\n");
1028 }
1029 }
1030 }
1031
Implementation of the SSL/TLS protocol