search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MAX_ENTRIES increased to 128.
[gnutls.git] / src / common.c
blobc2f30a001cc6b7eca8d633b60f344ace14afdd55
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 * Author: Nikos Mavrogiannopoulos
4 *
5 * This file is part of GnuTLS.
6 *
7 * GnuTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22
23 /* Work around problem reported in
24 <http://permalink.gmane.org/gmane.comp.lib.gnulib.bugs/15755>.*/
25 #if GETTIMEOFDAY_CLOBBERS_LOCALTIME
26 #undef localtime
27 #endif
28
29 #include <getpass.h>
30
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <gnutls/gnutls.h>
35 #include <gnutls/x509.h>
36 #include <gnutls/openpgp.h>
37 #include <time.h>
38 #include <common.h>
39
40 #define SU(x) (x!=NULL?x:"Unknown")
41
42 extern int verbose;
43
44 const char str_unknown[] = "(unknown)";
45
46 /* Hex encodes the given data.
47 */
48 const char *
49 raw_to_string (const unsigned char *raw, size_t raw_size)
50 {
51 static char buf[1024];
52 size_t i;
53 if (raw_size == 0)
54 return "(empty)";
55
56 if (raw_size * 3 + 1 >= sizeof (buf))
57 return "(too large)";
58
59 for (i = 0; i < raw_size; i++)
60 {
61 sprintf (&(buf[i * 3]), "%02X%s", raw[i],
62 (i == raw_size - 1) ? "" : ":");
63 }
64 buf[sizeof (buf) - 1] = '\0';
65
66 return buf;
67 }
68
69 static void
70 print_x509_info_compact (gnutls_session_t session)
71 {
72 gnutls_x509_crt_t crt;
73 const gnutls_datum_t *cert_list;
74 unsigned int cert_list_size = 0;
75 int ret;
76 gnutls_datum_t cinfo;
77
78 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
79 if (cert_list_size == 0)
80 {
81 fprintf (stderr, "No certificates found!\n");
82 return;
83 }
84
85 gnutls_x509_crt_init (&crt);
86 ret =
87 gnutls_x509_crt_import (crt, &cert_list[0],
88 GNUTLS_X509_FMT_DER);
89 if (ret < 0)
90 {
91 fprintf (stderr, "Decoding error: %s\n",
92 gnutls_strerror (ret));
93 return;
94 }
95
96 ret =
97 gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
98 if (ret == 0)
99 {
100 printf ("- X.509 cert: %s\n", cinfo.data);
101 gnutls_free (cinfo.data);
102 }
103
104 gnutls_x509_crt_deinit (crt);
105 }
106
107 static void
108 print_x509_info (gnutls_session_t session, int flag, int print_cert)
109 {
110 gnutls_x509_crt_t crt;
111 const gnutls_datum_t *cert_list;
112 unsigned int cert_list_size = 0, j;
113 int ret;
114
115 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
116 if (cert_list_size == 0)
117 {
118 fprintf (stderr, "No certificates found!\n");
119 return;
120 }
121
122 printf ("- Certificate type: X.509\n");
123 printf ("- Got a certificate list of %d certificates.\n",
124 cert_list_size);
125
126 for (j = 0; j < cert_list_size; j++)
127 {
128 gnutls_datum_t cinfo;
129
130 gnutls_x509_crt_init (&crt);
131 ret =
132 gnutls_x509_crt_import (crt, &cert_list[j],
133 GNUTLS_X509_FMT_DER);
134 if (ret < 0)
135 {
136 fprintf (stderr, "Decoding error: %s\n",
137 gnutls_strerror (ret));
138 return;
139 }
140
141 printf ("- Certificate[%d] info:\n - ", j);
142
143 ret =
144 gnutls_x509_crt_print (crt, flag, &cinfo);
145 if (ret == 0)
146 {
147 printf ("%s\n", cinfo.data);
148 gnutls_free (cinfo.data);
149 }
150
151 if (print_cert)
152 {
153 size_t size = 0;
154 char *p = NULL;
155
156 ret =
157 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p,
158 &size);
159 if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
160 {
161 p = malloc (size);
162 if (!p)
163 {
164 fprintf (stderr, "gnutls_malloc\n");
165 exit (1);
166 }
167
168 ret =
169 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
170 p, &size);
171 }
172 if (ret < 0)
173 {
174 fprintf (stderr, "Encoding error: %s\n",
175 gnutls_strerror (ret));
176 return;
177 }
178
179 fputs ("\n", stdout);
180 fputs (p, stdout);
181 fputs ("\n", stdout);
182
183 gnutls_free (p);
184 }
185
186 gnutls_x509_crt_deinit (crt);
187 }
188 }
189
190 /* returns true or false, depending on whether the hostname
191 * matches to certificate */
192 static int
193 verify_x509_hostname (gnutls_session_t session, const char *hostname)
194 {
195 gnutls_x509_crt_t crt;
196 const gnutls_datum_t *cert_list;
197 unsigned int cert_list_size = 0;
198 int ret;
199
200 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
201 if (cert_list_size == 0)
202 {
203 fprintf (stderr, "No certificates found!\n");
204 return 0;
205 }
206
207 gnutls_x509_crt_init (&crt);
208 ret =
209 gnutls_x509_crt_import (crt, &cert_list[0],
210 GNUTLS_X509_FMT_DER);
211 if (ret < 0)
212 {
213 fprintf (stderr, "Decoding error: %s\n",
214 gnutls_strerror (ret));
215 return 0;
216 }
217
218 /* Check the hostname of the first certificate if it matches
219 * the name of the host we connected to.
220 */
221 if (hostname != NULL)
222 {
223 if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
224 {
225 printf
226 ("- The hostname in the certificate does NOT match '%s'\n",
227 hostname);
228 ret = 0;
229 }
230 else
231 {
232 printf ("- The hostname in the certificate matches '%s'.\n",
233 hostname);
234 ret = 1;
235 }
236 }
237
238 gnutls_x509_crt_deinit (crt);
239
240 return ret;
241 }
242
243 #ifdef ENABLE_OPENPGP
244 /* returns true or false, depending on whether the hostname
245 * matches to certificate */
246 static int
247 verify_openpgp_hostname (gnutls_session_t session, const char *hostname)
248 {
249 gnutls_openpgp_crt_t crt;
250 const gnutls_datum_t *cert_list;
251 unsigned int cert_list_size = 0;
252 int ret;
253
254 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
255 if (cert_list_size == 0)
256 {
257 fprintf (stderr, "No certificates found!\n");
258 return 0;
259 }
260
261 gnutls_openpgp_crt_init (&crt);
262 ret =
263 gnutls_openpgp_crt_import (crt, &cert_list[0],
264 GNUTLS_OPENPGP_FMT_RAW);
265 if (ret < 0)
266 {
267 fprintf (stderr, "Decoding error: %s\n",
268 gnutls_strerror (ret));
269 return 0;
270 }
271
272 /* Check the hostname of the first certificate if it matches
273 * the name of the host we connected to.
274 */
275 if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
276 {
277 printf
278 ("- The hostname in the certificate does NOT match '%s'\n",
279 hostname);
280 ret = 0;
281 }
282 else
283 {
284 printf ("- The hostname in the certificate matches '%s'.\n",
285 hostname);
286 ret = 1;
287 }
288
289 gnutls_openpgp_crt_deinit (crt);
290
291 return ret;
292 }
293
294 static void
295 print_openpgp_info_compact (gnutls_session_t session)
296 {
297
298 gnutls_openpgp_crt_t crt;
299 const gnutls_datum_t *cert_list;
300 unsigned int cert_list_size = 0;
301 int ret;
302
303 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
304
305 if (cert_list_size > 0)
306 {
307 gnutls_datum_t cinfo;
308
309 gnutls_openpgp_crt_init (&crt);
310 ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
311 GNUTLS_OPENPGP_FMT_RAW);
312 if (ret < 0)
313 {
314 fprintf (stderr, "Decoding error: %s\n",
315 gnutls_strerror (ret));
316 return;
317 }
318
319 ret =
320 gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
321 if (ret == 0)
322 {
323 printf ("- OpenPGP cert: %s\n", cinfo.data);
324 gnutls_free (cinfo.data);
325 }
326
327 gnutls_openpgp_crt_deinit (crt);
328 }
329 }
330
331 static void
332 print_openpgp_info (gnutls_session_t session, int flag, int print_cert)
333 {
334
335 gnutls_openpgp_crt_t crt;
336 const gnutls_datum_t *cert_list;
337 unsigned int cert_list_size = 0;
338 int ret;
339
340 printf ("- Certificate type: OpenPGP\n");
341
342 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
343
344 if (cert_list_size > 0)
345 {
346 gnutls_datum_t cinfo;
347
348 gnutls_openpgp_crt_init (&crt);
349 ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
350 GNUTLS_OPENPGP_FMT_RAW);
351 if (ret < 0)
352 {
353 fprintf (stderr, "Decoding error: %s\n",
354 gnutls_strerror (ret));
355 return;
356 }
357
358 ret =
359 gnutls_openpgp_crt_print (crt, flag, &cinfo);
360 if (ret == 0)
361 {
362 printf ("- %s\n", cinfo.data);
363 gnutls_free (cinfo.data);
364 }
365
366 if (print_cert)
367 {
368 size_t size = 0;
369 char *p = NULL;
370
371 ret =
372 gnutls_openpgp_crt_export (crt,
373 GNUTLS_OPENPGP_FMT_BASE64,
374 p, &size);
375 if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
376 {
377 p = malloc (size);
378 if (!p)
379 {
380 fprintf (stderr, "gnutls_malloc\n");
381 exit (1);
382 }
383
384 ret =
385 gnutls_openpgp_crt_export (crt,
386 GNUTLS_OPENPGP_FMT_BASE64,
387 p, &size);
388 }
389 if (ret < 0)
390 {
391 fprintf (stderr, "Encoding error: %s\n",
392 gnutls_strerror (ret));
393 return;
394 }
395
396 fputs (p, stdout);
397 fputs ("\n", stdout);
398
399 gnutls_free (p);
400 }
401
402 gnutls_openpgp_crt_deinit (crt);
403 }
404 }
405
406 #endif
407
408 /* returns false (0) if not verified, or true (1) otherwise
409 */
410 int
411 cert_verify (gnutls_session_t session, const char* hostname)
412 {
413 int rc;
414 unsigned int status = 0;
415 int type;
416
417 rc = gnutls_certificate_verify_peers2 (session, &status);
418 if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
419 {
420 printf ("- Peer did not send any certificate.\n");
421 return 0;
422 }
423
424 if (rc < 0)
425 {
426 printf ("- Could not verify certificate (err: %s)\n",
427 gnutls_strerror (rc));
428 return 0;
429 }
430
431 type = gnutls_certificate_type_get (session);
432 if (type == GNUTLS_CRT_X509)
433 {
434
435 if (status & GNUTLS_CERT_REVOKED)
436 printf ("- Peer's certificate chain revoked\n");
437 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
438 printf ("- Peer's certificate issuer is unknown\n");
439 if (status & GNUTLS_CERT_SIGNER_NOT_CA)
440 printf ("- Peer's certificate issuer is not a CA\n");
441 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
442 printf
443 ("- Peer's certificate chain uses insecure algorithm\n");
444 if (status & GNUTLS_CERT_NOT_ACTIVATED)
445 printf
446 ("- Peer's certificate chain uses not yet valid certificate\n");
447 if (status & GNUTLS_CERT_EXPIRED)
448 printf
449 ("- Peer's certificate chain uses expired certificate\n");
450 if (status & GNUTLS_CERT_INVALID)
451 printf ("- Peer's certificate is NOT trusted\n");
452 else
453 printf ("- Peer's certificate is trusted\n");
454
455 rc = verify_x509_hostname (session, hostname);
456 if (rc == 0) status |= GNUTLS_CERT_INVALID;
457 }
458 else if (type == GNUTLS_CRT_OPENPGP)
459 {
460 if (status & GNUTLS_CERT_INVALID)
461 printf ("- Peer's key is invalid\n");
462 else
463 printf ("- Peer's key is valid\n");
464 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
465 printf ("- Could not find a signer of the peer's key\n");
466
467 rc = verify_openpgp_hostname (session, hostname);
468 if (rc == 0) status |= GNUTLS_CERT_INVALID;
469 }
470 else
471 {
472 fprintf(stderr, "Unknown certificate type\n");
473 status |= GNUTLS_CERT_INVALID;
474 }
475
476 if (status)
477 return 0;
478
479 return 1;
480 }
481
482 static void
483 print_dh_info (gnutls_session_t session, const char *str, int print)
484 {
485 printf ("- %sDiffie-Hellman parameters\n", str);
486 printf (" - Using prime: %d bits\n",
487 gnutls_dh_get_prime_bits (session));
488 printf (" - Secret key: %d bits\n",
489 gnutls_dh_get_secret_bits (session));
490 printf (" - Peer's public key: %d bits\n",
491 gnutls_dh_get_peers_public_bits (session));
492
493 if (print)
494 {
495 int ret;
496 gnutls_datum_t raw_gen = { NULL, 0 };
497 gnutls_datum_t raw_prime = { NULL, 0 };
498 gnutls_dh_params_t dh_params = NULL;
499 unsigned char *params_data = NULL;
500 size_t params_data_size = 0;
501
502 ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
503 if (ret)
504 {
505 fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
506 goto out;
507 }
508
509 ret = gnutls_dh_params_init (&dh_params);
510 if (ret)
511 {
512 fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
513 goto out;
514 }
515
516 ret =
517 gnutls_dh_params_import_raw (dh_params, &raw_prime,
518 &raw_gen);
519 if (ret)
520 {
521 fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
522 goto out;
523 }
524
525 ret = gnutls_dh_params_export_pkcs3 (dh_params,
526 GNUTLS_X509_FMT_PEM,
527 params_data,
528 &params_data_size);
529 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
530 {
531 fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n",
532 ret);
533 goto out;
534 }
535
536 params_data = gnutls_malloc (params_data_size);
537 if (!params_data)
538 {
539 fprintf (stderr, "gnutls_malloc %d\n", ret);
540 goto out;
541 }
542
543 ret = gnutls_dh_params_export_pkcs3 (dh_params,
544 GNUTLS_X509_FMT_PEM,
545 params_data,
546 &params_data_size);
547 if (ret)
548 {
549 fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n",
550 ret);
551 goto out;
552 }
553
554 printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
555 params_data);
556
557 out:
558 gnutls_free (params_data);
559 gnutls_free (raw_prime.data);
560 gnutls_free (raw_gen.data);
561 gnutls_dh_params_deinit (dh_params);
562 }
563 }
564
565 static void
566 print_ecdh_info (gnutls_session_t session, const char *str)
567 {
568 int curve;
569
570 printf ("- %sEC Diffie-Hellman parameters\n", str);
571
572 curve = gnutls_ecc_curve_get (session);
573
574 printf (" - Using curve: %s\n", gnutls_ecc_curve_get_name (curve));
575 printf (" - Curve size: %d bits\n",
576 gnutls_ecc_curve_get_size (curve) * 8);
577
578 }
579
580 int
581 print_info (gnutls_session_t session, int print_cert)
582 {
583 const char *tmp;
584 gnutls_credentials_type_t cred;
585 gnutls_kx_algorithm_t kx;
586 unsigned char session_id[33];
587 size_t session_id_size = sizeof (session_id);
588
589 /* print session ID */
590 gnutls_session_get_id (session, session_id, &session_id_size);
591 printf ("- Session ID: %s\n",
592 raw_to_string (session_id, session_id_size));
593
594 /* print the key exchange's algorithm name
595 */
596 kx = gnutls_kx_get (session);
597
598 cred = gnutls_auth_get_type (session);
599 switch (cred)
600 {
601 #ifdef ENABLE_ANON
602 case GNUTLS_CRD_ANON:
603 if (kx == GNUTLS_KX_ANON_ECDH)
604 print_ecdh_info (session, "Anonymous ");
605 else
606 print_dh_info (session, "Anonymous ", verbose);
607 break;
608 #endif
609 #ifdef ENABLE_SRP
610 case GNUTLS_CRD_SRP:
611 /* This should be only called in server
612 * side.
613 */
614 if (gnutls_srp_server_get_username (session) != NULL)
615 printf ("- SRP authentication. Connected as '%s'\n",
616 gnutls_srp_server_get_username (session));
617 break;
618 #endif
619 #ifdef ENABLE_PSK
620 case GNUTLS_CRD_PSK:
621 /* This returns NULL in server side.
622 */
623 if (gnutls_psk_client_get_hint (session) != NULL)
624 printf ("- PSK authentication. PSK hint '%s'\n",
625 gnutls_psk_client_get_hint (session));
626 /* This returns NULL in client side.
627 */
628 if (gnutls_psk_server_get_username (session) != NULL)
629 printf ("- PSK authentication. Connected as '%s'\n",
630 gnutls_psk_server_get_username (session));
631 if (kx == GNUTLS_KX_DHE_PSK)
632 print_dh_info (session, "Ephemeral ", verbose);
633 if (kx == GNUTLS_KX_ECDHE_PSK)
634 print_ecdh_info (session, "Ephemeral ");
635 break;
636 #endif
637 case GNUTLS_CRD_IA:
638 printf ("- TLS/IA authentication\n");
639 break;
640 case GNUTLS_CRD_CERTIFICATE:
641 {
642 char dns[256];
643 size_t dns_size = sizeof (dns);
644 unsigned int type;
645
646 /* This fails in client side */
647 if (gnutls_server_name_get
648 (session, dns, &dns_size, &type, 0) == 0)
649 {
650 printf ("- Given server name[%d]: %s\n", type, dns);
651 }
652 }
653
654 print_cert_info (session, verbose, print_cert);
655
656 if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
657 print_dh_info (session, "Ephemeral ", verbose);
658 else if (kx == GNUTLS_KX_ECDHE_RSA
659 || kx == GNUTLS_KX_ECDHE_ECDSA)
660 print_ecdh_info (session, "Ephemeral ");
661 }
662
663 tmp =
664 SU (gnutls_protocol_get_name
665 (gnutls_protocol_get_version (session)));
666 printf ("- Version: %s\n", tmp);
667
668 tmp = SU (gnutls_kx_get_name (kx));
669 printf ("- Key Exchange: %s\n", tmp);
670
671 tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
672 printf ("- Cipher: %s\n", tmp);
673
674 tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
675 printf ("- MAC: %s\n", tmp);
676
677 tmp =
678 SU (gnutls_compression_get_name
679 (gnutls_compression_get (session)));
680 printf ("- Compression: %s\n", tmp);
681
682 if (verbose)
683 {
684 gnutls_datum_t cb;
685 int rc;
686
687 rc = gnutls_session_channel_binding (session,
688 GNUTLS_CB_TLS_UNIQUE, &cb);
689 if (rc)
690 fprintf (stderr, "Channel binding error: %s\n",
691 gnutls_strerror (rc));
692 else
693 {
694 size_t i;
695
696 printf ("- Channel binding 'tls-unique': ");
697 for (i = 0; i < cb.size; i++)
698 printf ("%02x", cb.data[i]);
699 printf ("\n");
700 }
701 }
702
703 /* Warning: Do not print anything more here. The 'Compression:'
704 output MUST be the last non-verbose output. This is used by
705 Emacs starttls.el code. */
706
707 fflush (stdout);
708
709 return 0;
710 }
711
712 void
713 print_cert_info (gnutls_session_t session, int verbose, int print_cert)
714 {
715 int flag;
716
717 if (verbose) flag = GNUTLS_CRT_PRINT_FULL;
718 else flag = GNUTLS_CRT_PRINT_COMPACT;
719
720 if (gnutls_certificate_client_get_request_status (session) != 0)
721 printf ("- Server has requested a certificate.\n");
722
723 switch (gnutls_certificate_type_get (session))
724 {
725 case GNUTLS_CRT_X509:
726 print_x509_info (session, flag, print_cert);
727 break;
728 #ifdef ENABLE_OPENPGP
729 case GNUTLS_CRT_OPENPGP:
730 print_openpgp_info (session, flag, print_cert);
731 break;
732 #endif
733 default:
734 printf ("Unknown type\n");
735 break;
736 }
737 }
738
739 void
740 print_cert_info_compact (gnutls_session_t session)
741 {
742
743 if (gnutls_certificate_client_get_request_status (session) != 0)
744 printf ("- Server has requested a certificate.\n");
745
746 switch (gnutls_certificate_type_get (session))
747 {
748 case GNUTLS_CRT_X509:
749 print_x509_info_compact (session);
750 break;
751 #ifdef ENABLE_OPENPGP
752 case GNUTLS_CRT_OPENPGP:
753 print_openpgp_info_compact (session);
754 break;
755 #endif
756 default:
757 printf ("Unknown type\n");
758 break;
759 }
760 }
761
762 void
763 print_list (const char *priorities, int verbose)
764 {
765 size_t i;
766 int ret;
767 unsigned int idx;
768 const char *name;
769 const char *err;
770 unsigned char id[2];
771 gnutls_kx_algorithm_t kx;
772 gnutls_cipher_algorithm_t cipher;
773 gnutls_mac_algorithm_t mac;
774 gnutls_protocol_t version;
775 gnutls_priority_t pcache;
776 const unsigned int *list;
777
778 if (priorities != NULL)
779 {
780 printf ("Cipher suites for %s\n", priorities);
781
782 ret = gnutls_priority_init (&pcache, priorities, &err);
783 if (ret < 0)
784 {
785 fprintf (stderr, "Syntax error at: %s\n", err);
786 exit (1);
787 }
788
789 for (i = 0;; i++)
790 {
791 ret =
792 gnutls_priority_get_cipher_suite_index (pcache, i,
793 &idx);
794 if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
795 break;
796 if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
797 continue;
798
799 name =
800 gnutls_cipher_suite_info (idx, id, NULL, NULL, NULL,
801 &version);
802
803 if (name != NULL)
804 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
805 name, (unsigned char) id[0],
806 (unsigned char) id[1],
807 gnutls_protocol_get_name (version));
808 }
809
810 printf("\n");
811 {
812 ret = gnutls_priority_certificate_type_list (pcache, &list);
813
814 printf ("Certificate types: ");
815 if (ret == 0) printf("none\n");
816 for (i = 0; i < (unsigned)ret; i++)
817 {
818 printf ("CTYPE-%s",
819 gnutls_certificate_type_get_name (list[i]));
820 if (i+1!=(unsigned)ret)
821 printf (", ");
822 else
823 printf ("\n");
824 }
825 }
826
827 {
828 ret = gnutls_priority_protocol_list (pcache, &list);
829
830 printf ("Protocols: ");
831 if (ret == 0) printf("none\n");
832 for (i = 0; i < (unsigned)ret; i++)
833 {
834 printf ("VERS-%s", gnutls_protocol_get_name (list[i]));
835 if (i+1!=(unsigned)ret)
836 printf (", ");
837 else
838 printf ("\n");
839 }
840 }
841
842 {
843 ret = gnutls_priority_compression_list (pcache, &list);
844
845 printf ("Compression: ");
846 if (ret == 0) printf("none\n");
847 for (i = 0; i < (unsigned)ret; i++)
848 {
849 printf ("COMP-%s",
850 gnutls_compression_get_name (list[i]));
851 if (i+1!=(unsigned)ret)
852 printf (", ");
853 else
854 printf ("\n");
855 }
856 }
857
858 {
859 ret = gnutls_priority_ecc_curve_list (pcache, &list);
860
861 printf ("Elliptic curves: ");
862 if (ret == 0) printf("none\n");
863 for (i = 0; i < (unsigned)ret; i++)
864 {
865 printf ("CURVE-%s",
866 gnutls_ecc_curve_get_name (list[i]));
867 if (i+1!=(unsigned)ret)
868 printf (", ");
869 else
870 printf ("\n");
871 }
872 }
873
874 {
875 ret = gnutls_priority_sign_list (pcache, &list);
876
877 printf ("PK-signatures: ");
878 if (ret == 0) printf("none\n");
879 for (i = 0; i < (unsigned)ret; i++)
880 {
881 printf ("SIGN-%s",
882 gnutls_sign_algorithm_get_name (list[i]));
883 if (i+1!=(unsigned)ret)
884 printf (", ");
885 else
886 printf ("\n");
887 }
888 }
889
890 return;
891 }
892
893 printf ("Cipher suites:\n");
894 for (i = 0; (name = gnutls_cipher_suite_info
895 (i, id, &kx, &cipher, &mac, &version)); i++)
896 {
897 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
898 name,
899 (unsigned char) id[0], (unsigned char) id[1],
900 gnutls_protocol_get_name (version));
901 if (verbose)
902 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
903 gnutls_kx_get_name (kx),
904 gnutls_cipher_get_name (cipher),
905 gnutls_mac_get_name (mac));
906 }
907
908 printf("\n");
909 {
910 const gnutls_certificate_type_t *p =
911 gnutls_certificate_type_list ();
912
913 printf ("Certificate types: ");
914 for (; *p; p++)
915 {
916 printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
917 if (*(p + 1))
918 printf (", ");
919 else
920 printf ("\n");
921 }
922 }
923
924 {
925 const gnutls_protocol_t *p = gnutls_protocol_list ();
926
927 printf ("Protocols: ");
928 for (; *p; p++)
929 {
930 printf ("VERS-%s", gnutls_protocol_get_name (*p));
931 if (*(p + 1))
932 printf (", ");
933 else
934 printf ("\n");
935 }
936 }
937
938 {
939 const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
940
941 printf ("Ciphers: ");
942 for (; *p; p++)
943 {
944 printf ("%s", gnutls_cipher_get_name (*p));
945 if (*(p + 1))
946 printf (", ");
947 else
948 printf ("\n");
949 }
950 }
951
952 {
953 const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
954
955 printf ("MACs: ");
956 for (; *p; p++)
957 {
958 printf ("%s", gnutls_mac_get_name (*p));
959 if (*(p + 1))
960 printf (", ");
961 else
962 printf ("\n");
963 }
964 }
965
966 {
967 const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
968
969 printf ("Key exchange algorithms: ");
970 for (; *p; p++)
971 {
972 printf ("%s", gnutls_kx_get_name (*p));
973 if (*(p + 1))
974 printf (", ");
975 else
976 printf ("\n");
977 }
978 }
979
980 {
981 const gnutls_compression_method_t *p = gnutls_compression_list ();
982
983 printf ("Compression: ");
984 for (; *p; p++)
985 {
986 printf ("COMP-%s", gnutls_compression_get_name (*p));
987 if (*(p + 1))
988 printf (", ");
989 else
990 printf ("\n");
991 }
992 }
993
994 {
995 const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
996
997 printf ("Elliptic curves: ");
998 for (; *p; p++)
999 {
1000 printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p));
1001 if (*(p + 1))
1002 printf (", ");
1003 else
1004 printf ("\n");
1005 }
1006 }
1007
1008 {
1009 const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
1010
1011 printf ("Public Key Systems: ");
1012 for (; *p; p++)
1013 {
1014 printf ("%s", gnutls_pk_algorithm_get_name (*p));
1015 if (*(p + 1))
1016 printf (", ");
1017 else
1018 printf ("\n");
1019 }
1020 }
1021
1022 {
1023 const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
1024
1025 printf ("PK-signatures: ");
1026 for (; *p; p++)
1027 {
1028 printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
1029 if (*(p + 1))
1030 printf (", ");
1031 else
1032 printf ("\n");
1033 }
1034 }
1035 }
1036
1037 int check_command(gnutls_session_t session, const char* str)
1038 {
1039 int len = strlen(str);
1040
1041 if (len > 2 && str[0] == str[1] && str[0] == '*')
1042 {
1043 if (strncmp(str, "**REHANDSHAKE**",
1044 sizeof ("**REHANDSHAKE**") - 1) == 0)
1045 {
1046 fprintf (stderr, "*** Sending rehandshake request\n");
1047 gnutls_rehandshake (session);
1048 return 1;
1049 }
1050 }
1051 return 0;
1052 }
Implementation of the SSL/TLS protocol