[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r7587 - in libmicrohttpd/src: daemon/https daemon/https/tls
From: |
gnunet |
Subject: |
[GNUnet-SVN] r7587 - in libmicrohttpd/src: daemon/https daemon/https/tls include |
Date: |
Sun, 24 Aug 2008 09:34:35 -0600 (MDT) |
Author: grothoff
Date: 2008-08-24 09:34:34 -0600 (Sun, 24 Aug 2008)
New Revision: 7587
Removed:
libmicrohttpd/src/daemon/https/tls/gnutls_extra_hooks.c
libmicrohttpd/src/daemon/https/tls/gnutls_extra_hooks.h
Modified:
libmicrohttpd/src/daemon/https/gnutls.h
libmicrohttpd/src/daemon/https/tls/Makefile.am
libmicrohttpd/src/daemon/https/tls/auth_cert.c
libmicrohttpd/src/daemon/https/tls/auth_cert.h
libmicrohttpd/src/daemon/https/tls/ext_cert_type.c
libmicrohttpd/src/daemon/https/tls/ext_inner_application.c
libmicrohttpd/src/daemon/https/tls/ext_server_name.c
libmicrohttpd/src/daemon/https/tls/gnutls_alert.c
libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c
libmicrohttpd/src/daemon/https/tls/gnutls_cert.c
libmicrohttpd/src/daemon/https/tls/gnutls_errors.c
libmicrohttpd/src/daemon/https/tls/gnutls_int.h
libmicrohttpd/src/daemon/https/tls/gnutls_state.c
libmicrohttpd/src/include/microhttpd.h
Log:
removing more -- hopefully all -- openpgp related code
Modified: libmicrohttpd/src/daemon/https/gnutls.h
===================================================================
--- libmicrohttpd/src/daemon/https/gnutls.h 2008-08-24 15:17:11 UTC (rev
7586)
+++ libmicrohttpd/src/daemon/https/gnutls.h 2008-08-24 15:34:34 UTC (rev
7587)
@@ -128,9 +128,6 @@
GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23
} gnutls_handshake_description_t;
-/* Note that the status bits have different meanings
- * in openpgp keys and x.509 certificate verification.
- */
typedef enum
{
GNUTLS_CERT_INVALID = 2, /* will be set if the certificate
@@ -156,11 +153,6 @@
} gnutls_certificate_request_t;
typedef enum
- { GNUTLS_OPENPGP_CERT,
- GNUTLS_OPENPGP_CERT_FINGERPRINT
- } gnutls_openpgp_crt_status_t;
-
- typedef enum
{
GNUTLS_SHUT_RDWR = 0,
GNUTLS_SHUT_WR = 1
@@ -639,9 +631,6 @@
void MHD_gnutls_session_set_ptr (mhd_gtls_session_t session, void *ptr);
void * MHD_gtls_session_get_ptr (mhd_gtls_session_t session);
- void MHD_gtls_openpgp_send_cert (mhd_gtls_session_t session,
- gnutls_openpgp_crt_status_t status);
-
/*
* this function returns the hash of the given data.
*/
@@ -798,26 +787,18 @@
GNUTLS_SAN_OTHERNAME_XMPP = 1000
} gnutls_x509_subject_alt_name_t;
- struct gnutls_openpgp_crt_int;
- typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
-
- struct gnutls_openpgp_privkey_int;
- typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
-
typedef struct gnutls_retr_st
{
gnutls_certificate_type_t type;
union cert
{
gnutls_x509_crt_t *x509;
- gnutls_openpgp_crt_t pgp;
} cert;
- unsigned int ncerts; /* one for pgp keys */
+ unsigned int ncerts;
union key
{
gnutls_x509_privkey_t x509;
- gnutls_openpgp_privkey_t pgp;
} key;
unsigned int deinit_all; /* if non zero all keys will be deinited */
@@ -1026,7 +1007,6 @@
#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
#define GNUTLS_E_NO_CIPHER_SUITES -87
-#define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
@@ -1046,13 +1026,11 @@
#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
#define GNUTLS_E_ASN1_SYNTAX_ERROR -76
#define GNUTLS_E_ASN1_DER_OVERFLOW -77
-#define GNUTLS_E_OPENPGP_UID_REVOKED -79
#define GNUTLS_E_CERTIFICATE_ERROR -43
#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /*
GNUTLS_A_UNSUPPORTED_CERTIFICATE */
#define GNUTLS_E_X509_UNKNOWN_SAN -62
-#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
@@ -1073,7 +1051,6 @@
#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
-#define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
#define GNUTLS_E_X509_UNSUPPORTED_OID -205
#define GNUTLS_E_RANDOM_FAILED -206
Modified: libmicrohttpd/src/daemon/https/tls/Makefile.am
===================================================================
--- libmicrohttpd/src/daemon/https/tls/Makefile.am 2008-08-24 15:17:11 UTC
(rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/Makefile.am 2008-08-24 15:34:34 UTC
(rev 7587)
@@ -47,7 +47,6 @@
gnutls_dh_primes.c \
gnutls_errors.c \
gnutls_extensions.c \
-gnutls_extra_hooks.c \
gnutls_global.c \
gnutls_handshake.c \
gnutls_hash_int.c \
Modified: libmicrohttpd/src/daemon/https/tls/auth_cert.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/auth_cert.c 2008-08-24 15:17:11 UTC
(rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/auth_cert.c 2008-08-24 15:34:34 UTC
(rev 7587)
@@ -43,15 +43,11 @@
#include <gnutls_state.h>
#include <gnutls_pk.h>
#include <gnutls_x509.h>
-#include <gnutls_extra_hooks.h>
#include "debug.h"
static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs,
unsigned);
static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key);
-static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert);
-static gnutls_privkey *alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t
- key);
/* Copies data from a internal certificate struct (gnutls_cert) to
@@ -255,41 +251,6 @@
}
-/* Locates the most appropriate openpgp cert
- */
-static int
-_find_openpgp_cert (const mhd_gtls_cert_credentials_t cred,
- gnutls_pk_algorithm_t * pk_algos,
- int pk_algos_length, int *indx)
-{
- unsigned i, j;
-
- *indx = -1;
-
- for (i = 0; i < cred->ncerts; i++)
- {
- for (j = 0; j < cred->cert_list_length[i]; j++)
- {
-
- /* If the *_SIGN algorithm matches
- * the cert is our cert!
- */
- if ((_gnutls_check_pk_algo_in_list
- (pk_algos, pk_algos_length,
- cred->cert_list[i][0].subject_pk_algorithm) == 0)
- && (cred->cert_list[i][0].cert_type == MHD_GNUTLS_CRT_OPENPGP))
- {
- *indx = i;
- break;
- }
- }
- if (*indx != -1)
- break;
- }
-
- return 0;
-}
-
/* Returns the number of issuers in the server's
* certificate request packet.
*/
@@ -444,17 +405,9 @@
}
else
{ /* PGP */
- if (st.ncerts > 1)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INVALID_REQUEST;
- goto cleanup;
- }
-
- local_certs = alloc_and_load_pgp_certs (st.cert.pgp);
- if (local_certs != NULL)
- local_key = alloc_and_load_pgp_key (st.key.pgp);
-
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
}
mhd_gtls_selected_certs_set (session, local_certs,
@@ -477,22 +430,6 @@
gnutls_x509_privkey_deinit (st.key.x509);
}
}
- else
- {
- if (st.deinit_all)
- {
- if (_E_gnutls_openpgp_crt_deinit == NULL ||
- _E_gnutls_openpgp_privkey_deinit == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
-
- _E_gnutls_openpgp_crt_deinit (st.cert.pgp);
- _E_gnutls_openpgp_privkey_deinit (st.key.pgp);
- }
- }
-
return ret;
}
@@ -577,11 +514,6 @@
result =
_find_x509_cert (cred, _data, _data_size,
pk_algos, pk_algos_length, &indx);
-
- if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP)
- result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx);
-
-
if (result < 0)
{
gnutls_assert ();
@@ -667,136 +599,11 @@
return ret;
}
-enum PGPKeyDescriptorType
-{ PGP_KEY_FINGERPRINT, PGP_KEY };
-
int
-mhd_gtls_gen_openpgp_certificate (mhd_gtls_session_t session, opaque ** data)
-{
- int ret;
- opaque *pdata;
- gnutls_cert *apr_cert_list;
- gnutls_privkey *apr_pkey;
- int apr_cert_list_length;
-
- /* find the appropriate certificate */
- if ((ret =
- mhd_gtls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = 3 + 1 + 3;
-
- if (apr_cert_list_length > 0)
- ret += apr_cert_list[0].raw.size;
-
- (*data) = gnutls_malloc (ret);
- pdata = (*data);
-
- if (pdata == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- mhd_gtls_write_uint24 (ret - 3, pdata);
- pdata += 3;
-
- *pdata = PGP_KEY; /* whole key */
- pdata++;
-
- if (apr_cert_list_length > 0)
- {
- mhd_gtls_write_datum24 (pdata, apr_cert_list[0].raw);
- pdata += (3 + apr_cert_list[0].raw.size);
- }
- else /* empty - no certificate */
- mhd_gtls_write_uint24 (0, pdata);
-
- return ret;
-}
-
-int
-mhd_gtls_gen_openpgp_certificate_fpr (mhd_gtls_session_t session, opaque **
data)
-{
- int ret, packet_size;
- size_t fpr_size;
- opaque *pdata;
- gnutls_cert *apr_cert_list;
- gnutls_privkey *apr_pkey;
- int apr_cert_list_length;
-
- /* find the appropriate certificate */
- if ((ret =
- mhd_gtls_get_selected_cert (session, &apr_cert_list,
- &apr_cert_list_length, &apr_pkey)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- packet_size = 3 + 1;
-
- /* Only v4 fingerprints are sent
- */
- if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4)
- packet_size += 20 + 1;
- else /* empty certificate case */
- return mhd_gtls_gen_openpgp_certificate (session, data);
-
- (*data) = gnutls_malloc (packet_size);
- pdata = (*data);
-
- if (pdata == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- mhd_gtls_write_uint24 (packet_size - 3, pdata);
- pdata += 3;
-
- *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */
- pdata++;
-
- *pdata = 20;
- pdata++;
-
- fpr_size = 20;
-
- if (_E_gnutls_openpgp_fingerprint == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
-
- if ((ret =
- _E_gnutls_openpgp_fingerprint (&apr_cert_list[0].raw, pdata,
- &fpr_size)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return packet_size;
-}
-
-
-
-int
mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque **
data)
{
switch (session->security_parameters.cert_type)
{
- case MHD_GNUTLS_CRT_OPENPGP:
- if (mhd_gtls_openpgp_send_fingerprint (session) == 0)
- return mhd_gtls_gen_openpgp_certificate (session, data);
- else
- return mhd_gtls_gen_openpgp_certificate_fpr (session, data);
-
case MHD_GNUTLS_CRT_X509:
return mhd_gtls_gen_x509_crt (session, data);
@@ -811,8 +618,6 @@
{
switch (session->security_parameters.cert_type)
{
- case MHD_GNUTLS_CRT_OPENPGP:
- return mhd_gtls_gen_openpgp_certificate (session, data);
case MHD_GNUTLS_CRT_X509:
return mhd_gtls_gen_x509_crt (session, data);
default:
@@ -967,194 +772,13 @@
}
#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++)
mhd_gtls_gcert_deinit(&peer_certificate_list[x])
-int
-mhd_gtls_proc_openpgp_server_certificate (mhd_gtls_session_t session,
- opaque * data, size_t data_size)
-{
- int size, ret, len;
- opaque *p = data;
- cert_auth_info_t info;
- mhd_gtls_cert_credentials_t cred;
- ssize_t dsize = data_size;
- int i, x;
- gnutls_cert *peer_certificate_list = NULL;
- int peer_certificate_list_size = 0;
- gnutls_datum_t tmp, akey = { NULL, 0 };
- cred = (mhd_gtls_cert_credentials_t)
- mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if ((ret =
- mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
- sizeof (cert_auth_info_st), 1)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- info = mhd_gtls_get_auth_info (session);
-
- if (data == NULL || data_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- DECR_LEN (dsize, 3);
- size = mhd_gtls_read_uint24 (p);
- p += 3;
-
- if (size == 0)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
- i = dsize;
-
- /* Read PGPKeyDescriptor */
- DECR_LEN (dsize, 1);
- if (*p == PGP_KEY_FINGERPRINT)
- { /* the fingerprint */
- p++;
-
- DECR_LEN (dsize, 1);
- len = (uint8_t) * p;
- p++;
-
- if (len != 20)
- {
- gnutls_assert ();
- return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
- }
-
- DECR_LEN (dsize, 20);
-
- /* request the actual key from our database, or
- * a key server or anything.
- */
- if (_E_gnutls_openpgp_request_key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
- if ((ret =
- _E_gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- tmp = akey;
- peer_certificate_list_size++;
-
- }
- else if (*p == PGP_KEY)
- { /* the whole key */
-
- p++;
-
- /* Read the actual certificate */
- DECR_LEN (dsize, 3);
- len = mhd_gtls_read_uint24 (p);
- p += 3;
-
- if (len == 0)
- {
- gnutls_assert ();
- /* no certificate was sent */
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- DECR_LEN (dsize, len);
- peer_certificate_list_size++;
-
- tmp.size = len;
- tmp.data = p;
-
- }
- else
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
- }
-
- /* ok we now have the peer's key in tmp datum
- */
-
- if (peer_certificate_list_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
- peer_certificate_list =
- gnutls_alloca (sizeof (gnutls_cert) * (peer_certificate_list_size));
- if (peer_certificate_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
- memset (peer_certificate_list, 0, sizeof (gnutls_cert) *
- peer_certificate_list_size);
-
- if (_E_gnutls_openpgp_raw_key_to_gcert == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INIT_LIBEXTRA;
- goto cleanup;
- }
-
- if ((ret =
- _E_gnutls_openpgp_raw_key_to_gcert (&peer_certificate_list[0],
- &tmp)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((ret =
- _gnutls_copy_certificate_auth_info (info,
- peer_certificate_list,
- peer_certificate_list_size)) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- if ((ret =
- _gnutls_check_key_usage (&peer_certificate_list[0],
- gnutls_kx_get (session))) < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
-
- _gnutls_free_datum (&akey);
- CLEAR_CERTS;
- gnutls_afree (peer_certificate_list);
- return ret;
-
-}
-
int
mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session,
opaque * data, size_t data_size)
{
switch (session->security_parameters.cert_type)
{
- case MHD_GNUTLS_CRT_OPENPGP:
- return mhd_gtls_proc_openpgp_server_certificate (session,
- data, data_size);
case MHD_GNUTLS_CRT_X509:
return mhd_gtls_proc_x509_server_certificate (session, data, data_size);
default:
@@ -1262,13 +886,6 @@
size = mhd_gtls_read_uint16 (p);
p += 2;
- if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP
- && size != 0)
- {
- gnutls_assert (); // size should be zero
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
DECR_LEN (dsize, size);
/* now we ask the user to tell which one
@@ -1578,85 +1195,6 @@
return local_key;
}
-/* converts the given pgp certificate to gnutls_cert* and allocates
- * space for them.
- */
-static gnutls_cert *
-alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert)
-{
- gnutls_cert *local_certs;
- int ret = 0;
-
- if (cert == NULL)
- return NULL;
-
- local_certs = gnutls_malloc (sizeof (gnutls_cert));
- if (local_certs == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- if (_E_gnutls_openpgp_crt_to_gcert == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret = _E_gnutls_openpgp_crt_to_gcert (local_certs, cert);
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- if (ret < 0)
- {
- gnutls_assert ();
- mhd_gtls_gcert_deinit (local_certs);
- gnutls_free (local_certs);
- return NULL;
- }
-
- return local_certs;
-}
-
-/* converts the given raw key to gnutls_privkey* and allocates
- * space for it.
- */
-static gnutls_privkey *
-alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t key)
-{
- gnutls_privkey *local_key;
- int ret = 0;
-
- if (key == NULL)
- return NULL;
-
- local_key = gnutls_malloc (sizeof (gnutls_privkey));
- if (local_key == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- if (_E_gnutls_openpgp_privkey_to_gkey == NULL)
- {
- gnutls_assert ();
- return NULL;
- }
-
- ret = _E_gnutls_openpgp_privkey_to_gkey (local_key, key);
- if (ret < 0)
- {
- gnutls_assert ();
- return NULL;
- }
-
- return local_key;
-}
-
-
void
mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session)
{
Modified: libmicrohttpd/src/daemon/https/tls/auth_cert.h
===================================================================
--- libmicrohttpd/src/daemon/https/tls/auth_cert.h 2008-08-24 15:17:11 UTC
(rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/auth_cert.h 2008-08-24 15:34:34 UTC
(rev 7587)
@@ -29,8 +29,6 @@
#include "gnutls_auth.h"
#include "auth_dh_common.h"
#include "x509.h"
-#include "openpgp.h"
-#include "extra.h"
/* This structure may be complex, but it's the only way to
* support a server that has multiple certificates
Modified: libmicrohttpd/src/daemon/https/tls/ext_cert_type.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/ext_cert_type.c 2008-08-24 15:17:11 UTC
(rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/ext_cert_type.c 2008-08-24 15:34:34 UTC
(rev 7587)
@@ -221,8 +221,6 @@
{
case 0:
return MHD_GNUTLS_CRT_X509;
- case 1:
- return MHD_GNUTLS_CRT_OPENPGP;
default:
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
@@ -238,8 +236,6 @@
{
case MHD_GNUTLS_CRT_X509:
return 0;
- case MHD_GNUTLS_CRT_OPENPGP:
- return 1;
default:
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
Modified: libmicrohttpd/src/daemon/https/tls/ext_inner_application.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/ext_inner_application.c 2008-08-24
15:17:11 UTC (rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/ext_inner_application.c 2008-08-24
15:34:34 UTC (rev 7587)
@@ -86,7 +86,7 @@
else
#endif
{
- gnutls_ia_server_credentials_t cred = (gnutls_ia_server_credentials_t)
+ struct gnutls_ia_server_credentials_st * cred = (struct
gnutls_ia_server_credentials_st*)
mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_IA, NULL);
if (cred)
Modified: libmicrohttpd/src/daemon/https/tls/ext_server_name.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/ext_server_name.c 2008-08-24
15:17:11 UTC (rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/ext_server_name.c 2008-08-24
15:34:34 UTC (rev 7587)
@@ -127,14 +127,14 @@
mhd_gtls_server_name_send_params (mhd_gtls_session_t session,
opaque * data, size_t _data_size)
{
+ int total_size = 0;
+#if MHD_DEBUG_TLS
uint16_t len;
opaque *p;
unsigned i;
ssize_t data_size = _data_size;
- int total_size = 0;
/* this function sends the client extension data (dnsname) */
-#if MHD_DEBUG_TLS
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_alert.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_alert.c 2008-08-24 15:17:11 UTC
(rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_alert.c 2008-08-24 15:34:34 UTC
(rev 7587)
@@ -231,10 +231,6 @@
ret = GNUTLS_A_INTERNAL_ERROR;
_level = GNUTLS_AL_FATAL;
break;
- case GNUTLS_E_OPENPGP_GETKEY_FAILED:
- ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
- _level = GNUTLS_AL_FATAL;
- break;
case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
case GNUTLS_E_NO_CERTIFICATE_FOUND:
ret = GNUTLS_A_INSUFFICIENT_SECURITY;
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c 2008-08-24
15:17:11 UTC (rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c 2008-08-24
15:34:34 UTC (rev 7587)
@@ -1866,9 +1866,6 @@
if (type == MHD_GNUTLS_CRT_X509)
ret = "X.509";
- if (type == MHD_GNUTLS_CRT_OPENPGP)
- ret = "OPENPGP";
-
return ret;
}
@@ -1888,24 +1885,18 @@
if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0)
return MHD_GNUTLS_CRT_X509;
- if (strcasecmp (name, "OPENPGP") == 0)
- return MHD_GNUTLS_CRT_OPENPGP;
-
return ret;
}
static const gnutls_certificate_type_t mhd_gtls_supported_certificate_types[] =
{ MHD_GNUTLS_CRT_X509,
- MHD_GNUTLS_CRT_OPENPGP,
0
};
/**
* MHD_gtls_certificate_type_list:
*
- * Get a list of certificate types. Note that to be able to use
- * OpenPGP certificates, you must link to libgnutls-extra and call
- * gnutls_global_init_extra().
+ * Get a list of certificate types.
*
* Returns: a zero-terminated list of %gnutls_certificate_type_t
* integers indicating the available certificate types.
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_cert.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_cert.c 2008-08-24 15:17:11 UTC
(rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_cert.c 2008-08-24 15:34:34 UTC
(rev 7587)
@@ -40,7 +40,6 @@
#include <gnutls_state.h>
#include <gnutls_auth_int.h>
#include <gnutls_x509.h>
-#include <gnutls_extra_hooks.h>
/* x509 */
#include "x509.h"
#include "mpi.h"
@@ -192,10 +191,7 @@
MHD_gnutls_certificate_free_crls (sc);
#endif
-#ifndef KEYRING_HACK
- if (_E_gnutls_openpgp_keyring_deinit)
- _E_gnutls_openpgp_keyring_deinit (sc->keyring);
-#else
+#ifdef KEYRING_HACK
_gnutls_free_datum (&sc->keyring);
#endif
@@ -437,74 +433,6 @@
return result;
}
-/*-
- * _gnutls_openpgp_crt_verify_peers - This function returns the peer's
certificate status
- * @session: is a gnutls session
- *
- * This function will try to verify the peer's certificate and return its
status (TRUSTED, INVALID etc.).
- * Returns a negative error code in case of an error, or
GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
- *
- -*/
-int
-_gnutls_openpgp_crt_verify_peers (mhd_gtls_session_t session,
- unsigned int *status)
-{
- cert_auth_info_t info;
- mhd_gtls_cert_credentials_t cred;
- int peer_certificate_list_size, ret;
-
- CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
-
- info = mhd_gtls_get_auth_info (session);
- if (info == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- cred = (mhd_gtls_cert_credentials_t)
- mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
- }
-
- if (info->raw_certificate_list == NULL || info->ncerts == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
- }
-
- /* generate a list of gnutls_certs based on the auth info
- * raw certs.
- */
- peer_certificate_list_size = info->ncerts;
-
- if (peer_certificate_list_size != 1)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* Verify certificate
- */
- if (_E_gnutls_openpgp_verify_key == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
- ret =
- _E_gnutls_openpgp_verify_key (cred, &info->raw_certificate_list[0],
- peer_certificate_list_size, status);
-
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- return 0;
-}
-
-
/**
* MHD_gtls_certificate_verify_peers2 - This function returns the peer's
certificate verification status
* @session: is a gnutls session
@@ -552,8 +480,6 @@
{
case MHD_GNUTLS_CRT_X509:
return _gnutls_x509_cert_verify_peers (session, status);
- case MHD_GNUTLS_CRT_OPENPGP:
- return _gnutls_openpgp_crt_verify_peers (session, status);
default:
return GNUTLS_E_INVALID_REQUEST;
}
@@ -626,12 +552,6 @@
return _gnutls_x509_get_raw_crt_expiration_time (&info->
raw_certificate_list
[0]);
- case MHD_GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_get_raw_key_expiration_time == NULL)
- return (time_t) - 1;
- return _E_gnutls_openpgp_get_raw_key_expiration_time (&info->
-
raw_certificate_list
- [0]);
default:
return (time_t) - 1;
}
@@ -671,12 +591,6 @@
return _gnutls_x509_get_raw_crt_activation_time (&info->
raw_certificate_list
[0]);
- case MHD_GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_get_raw_key_creation_time == NULL)
- return (time_t) - 1;
- return _E_gnutls_openpgp_get_raw_key_creation_time (&info->
- raw_certificate_list
- [0]);
default:
return (time_t) - 1;
}
@@ -692,13 +606,6 @@
{
case MHD_GNUTLS_CRT_X509:
return mhd_gtls_x509_raw_cert_to_gcert (gcert, raw_cert, flags);
- case MHD_GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_raw_key_to_gcert == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
- return _E_gnutls_openpgp_raw_key_to_gcert (gcert, raw_cert);
default:
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
@@ -715,17 +622,6 @@
{
case MHD_GNUTLS_CRT_X509:
return _gnutls_x509_raw_privkey_to_gkey (key, raw_key, key_enc);
-#if ENABLE_OPENPGP
- case MHD_GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_raw_privkey_to_gkey == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
- return _E_gnutls_openpgp_raw_privkey_to_gkey (key, raw_key,
- (gnutls_openpgp_crt_fmt_t)
- key_enc);
-#endif
default:
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_errors.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_errors.c 2008-08-24 15:17:11 UTC
(rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_errors.c 2008-08-24 15:34:34 UTC
(rev 7587)
@@ -205,22 +205,15 @@
ERROR_ENTRY (N_("The tasn1 library version is too old."),
GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
- ERROR_ENTRY (N_("Error loading the keyring."),
- GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
ERROR_ENTRY (N_("The initialization of LZO has failed."),
GNUTLS_E_LZO_INIT_FAILED, 1),
ERROR_ENTRY (N_("No supported compression algorithms have been found."),
GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
ERROR_ENTRY (N_("No supported cipher suites have been found."),
GNUTLS_E_NO_CIPHER_SUITES, 1),
- ERROR_ENTRY (N_("Could not get OpenPGP key."),
- GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
-
ERROR_ENTRY (N_("The SRP username supplied is illegal."),
GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
- ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
- GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
ERROR_ENTRY (N_("The certificate has unsupported attributes."),
GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
Deleted: libmicrohttpd/src/daemon/https/tls/gnutls_extra_hooks.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_extra_hooks.c 2008-08-24
15:17:11 UTC (rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_extra_hooks.c 2008-08-24
15:34:34 UTC (rev 7587)
@@ -1,78 +0,0 @@
-/*
- * Copyright (C) 2007 Free Software Foundation
- *
- * Author: Simon Josefsson
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_extra_hooks.h>
-
-/* Variables used by libgnutls, set by
- _gnutls_add_openpgp_functions(), typically invoked by
- libgnutls_extra. */
-_gnutls_openpgp_verify_key_func _E_gnutls_openpgp_verify_key = NULL;
-_gnutls_openpgp_crt_creation_time_func
- _E_gnutls_openpgp_get_raw_key_creation_time = NULL;
-_gnutls_openpgp_crt_expiration_time_func
- _E_gnutls_openpgp_get_raw_key_expiration_time = NULL;
-_gnutls_openpgp_fingerprint_func _E_gnutls_openpgp_fingerprint = NULL;
-_gnutls_openpgp_crt_request_func _E_gnutls_openpgp_request_key = NULL;
-_gnutls_openpgp_raw_key_to_gcert_func _E_gnutls_openpgp_raw_key_to_gcert =
- NULL;
-_gnutls_openpgp_raw_privkey_to_gkey_func _E_gnutls_openpgp_raw_privkey_to_gkey
- = NULL;
-_gnutls_openpgp_crt_to_gcert_func _E_gnutls_openpgp_crt_to_gcert = NULL;
-_gnutls_openpgp_privkey_to_gkey_func _E_gnutls_openpgp_privkey_to_gkey = NULL;
-_gnutls_openpgp_crt_deinit_func _E_gnutls_openpgp_crt_deinit = NULL;
-_gnutls_openpgp_keyring_deinit_func _E_gnutls_openpgp_keyring_deinit = NULL;
-_gnutls_openpgp_privkey_deinit_func _E_gnutls_openpgp_privkey_deinit = NULL;
-
-/* Called by libgnutls_extra to set the OpenPGP functions that are
- needed by GnuTLS. */
-extern void
- _gnutls_add_openpgp_functions
- (_gnutls_openpgp_verify_key_func verify_key,
- _gnutls_openpgp_crt_creation_time_func key_creation_time,
- _gnutls_openpgp_crt_expiration_time_func key_expiration_time,
- _gnutls_openpgp_fingerprint_func fingerprint,
- _gnutls_openpgp_crt_request_func request_key,
- _gnutls_openpgp_raw_key_to_gcert_func raw_key_to_gcert,
- _gnutls_openpgp_raw_privkey_to_gkey_func raw_privkey_to_gkey,
- _gnutls_openpgp_crt_to_gcert_func key_to_gcert,
- _gnutls_openpgp_privkey_to_gkey_func privkey_to_gkey,
- _gnutls_openpgp_crt_deinit_func key_deinit,
- _gnutls_openpgp_keyring_deinit_func keyring_deinit,
- _gnutls_openpgp_privkey_deinit_func privkey_deinit)
-{
- _E_gnutls_openpgp_verify_key = verify_key;
- _E_gnutls_openpgp_get_raw_key_creation_time = key_creation_time;
- _E_gnutls_openpgp_get_raw_key_expiration_time = key_expiration_time;
- _E_gnutls_openpgp_fingerprint = fingerprint;
- _E_gnutls_openpgp_request_key = request_key;
- _E_gnutls_openpgp_raw_key_to_gcert = raw_key_to_gcert;
- _E_gnutls_openpgp_raw_privkey_to_gkey = raw_privkey_to_gkey;
- _E_gnutls_openpgp_crt_to_gcert = key_to_gcert;
- _E_gnutls_openpgp_privkey_to_gkey = privkey_to_gkey;
- _E_gnutls_openpgp_crt_deinit = key_deinit;
- _E_gnutls_openpgp_keyring_deinit = keyring_deinit;
- _E_gnutls_openpgp_privkey_deinit = privkey_deinit;
-
-}
Deleted: libmicrohttpd/src/daemon/https/tls/gnutls_extra_hooks.h
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_extra_hooks.h 2008-08-24
15:17:11 UTC (rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_extra_hooks.h 2008-08-24
15:34:34 UTC (rev 7587)
@@ -1,106 +0,0 @@
-/*
- * Copyright (C) 2007 Free Software Foundation
- *
- * Author: Simon Josefsson
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file is included by libgnutls-extra, and it will call the
- _gnutls_add_openpgp_functions() function to register its OpenPGP
- functions. */
-
-#include <auth_cert.h>
-
-typedef int (*_gnutls_openpgp_verify_key_func)
-(const mhd_gtls_cert_credentials_t,
- const gnutls_datum_t *, int,
- unsigned int *);
-
-typedef time_t (*_gnutls_openpgp_crt_creation_time_func)
-(const gnutls_datum_t *);
-
-typedef time_t (*_gnutls_openpgp_crt_expiration_time_func)
-(const gnutls_datum_t *);
-
-typedef int (*_gnutls_openpgp_crt_request_func)
-(mhd_gtls_session_t, gnutls_datum_t *,
- const mhd_gtls_cert_credentials_t,
- opaque *, int);
-
-typedef int (*_gnutls_openpgp_fingerprint_func)
-(const gnutls_datum_t *,
- unsigned char *, size_t *);
-
-typedef int (*_gnutls_openpgp_raw_key_to_gcert_func)
-(gnutls_cert *,
- const gnutls_datum_t *);
-typedef int (*_gnutls_openpgp_raw_privkey_to_gkey_func)
-(gnutls_privkey *,
- const gnutls_datum_t *,
- gnutls_openpgp_crt_fmt_t);
-
-typedef int (*_gnutls_openpgp_crt_to_gcert_func)
-(gnutls_cert *, gnutls_openpgp_crt_t);
-
-typedef int (*_gnutls_openpgp_privkey_to_gkey_func)
-(gnutls_privkey *,
- gnutls_openpgp_privkey_t);
-
-typedef void (*_gnutls_openpgp_crt_deinit_func)
-(gnutls_openpgp_crt_t);
-
-typedef void (*_gnutls_openpgp_keyring_deinit_func)
-(gnutls_openpgp_keyring_t);
-
-typedef void (*_gnutls_openpgp_privkey_deinit_func)
-(gnutls_openpgp_privkey_t);
-
-/* These are defined in libgnutls, but not exported from libgnutls,
- and not intended to be used by libgnutls-extra or elsewhere. They
- are declared here, because this file is included by auth_cert.c and
- gnutls_cert.c too. */
-extern _gnutls_openpgp_verify_key_func _E_gnutls_openpgp_verify_key;
-extern _gnutls_openpgp_crt_creation_time_func
-_E_gnutls_openpgp_get_raw_key_creation_time;
-extern _gnutls_openpgp_crt_expiration_time_func
-_E_gnutls_openpgp_get_raw_key_expiration_time;
-extern _gnutls_openpgp_fingerprint_func _E_gnutls_openpgp_fingerprint;
-extern _gnutls_openpgp_crt_request_func _E_gnutls_openpgp_request_key;
-extern _gnutls_openpgp_raw_key_to_gcert_func
_E_gnutls_openpgp_raw_key_to_gcert;
-extern _gnutls_openpgp_raw_privkey_to_gkey_func
_E_gnutls_openpgp_raw_privkey_to_gkey;
-extern _gnutls_openpgp_crt_to_gcert_func _E_gnutls_openpgp_crt_to_gcert;
-extern _gnutls_openpgp_privkey_to_gkey_func _E_gnutls_openpgp_privkey_to_gkey;
-extern _gnutls_openpgp_crt_deinit_func _E_gnutls_openpgp_crt_deinit;
-extern _gnutls_openpgp_keyring_deinit_func _E_gnutls_openpgp_keyring_deinit;
-extern _gnutls_openpgp_privkey_deinit_func _E_gnutls_openpgp_privkey_deinit;
-
-extern void _gnutls_add_openpgp_functions
-(_gnutls_openpgp_verify_key_func verify_key,
- _gnutls_openpgp_crt_creation_time_func key_creation_time,
- _gnutls_openpgp_crt_expiration_time_func key_expiration_time,
- _gnutls_openpgp_fingerprint_func fingerprint,
- _gnutls_openpgp_crt_request_func request_key,
- _gnutls_openpgp_raw_key_to_gcert_func raw_key_to_gcert,
- _gnutls_openpgp_raw_privkey_to_gkey_func raw_privkey_to_gkey,
- _gnutls_openpgp_crt_to_gcert_func key_to_gcert,
- _gnutls_openpgp_privkey_to_gkey_func privkey_to_gkey,
- _gnutls_openpgp_crt_deinit_func key_deinit,
- _gnutls_openpgp_keyring_deinit_func keyring_deinit,
- _gnutls_openpgp_privkey_deinit_func privkey_deinit);
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_int.h
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_int.h 2008-08-24 15:17:11 UTC
(rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_int.h 2008-08-24 15:34:34 UTC
(rev 7587)
@@ -28,7 +28,6 @@
#include <defines.h>
#include "gnutls.h"
-#include "extra.h"
#include "microhttpd.h"
#include "gnutls_mem.h"
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_state.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_state.c 2008-08-24 15:17:11 UTC
(rev 7586)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_state.c 2008-08-24 15:34:34 UTC
(rev 7587)
@@ -594,23 +594,6 @@
}
/**
- * MHD_gtls_openpgp_send_cert - This function will order gnutls to send the
openpgp fingerprint instead of the key
- * @session: is a pointer to a #mhd_gtls_session_t structure.
- * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
- *
- * This function will order gnutls to send the key fingerprint
- * instead of the key in the initial handshake procedure. This should
- * be used with care and only when there is indication or knowledge
- * that the server can obtain the client's key.
- **/
-void
-MHD_gtls_openpgp_send_cert (mhd_gtls_session_t session,
- gnutls_openpgp_crt_status_t status)
-{
- session->internals.pgp_fingerprint = status;
-}
-
-/**
* MHD_gnutls_certificate_send_x509_rdn_sequence - This function will order
gnutls to send or not the x.509 rdn sequence
* @session: is a pointer to a #mhd_gtls_session_t structure.
* @status: is 0 or 1
@@ -631,12 +614,6 @@
session->internals.ignore_rdn_sequence = status;
}
-int
-mhd_gtls_openpgp_send_fingerprint (mhd_gtls_session_t session)
-{
- return session->internals.pgp_fingerprint;
-}
-
/*-
* _gnutls_record_set_default_version - Used to set the default version for
the first record packet
* @session: is a #mhd_gtls_session_t structure.
Modified: libmicrohttpd/src/include/microhttpd.h
===================================================================
--- libmicrohttpd/src/include/microhttpd.h 2008-08-24 15:17:11 UTC (rev
7586)
+++ libmicrohttpd/src/include/microhttpd.h 2008-08-24 15:34:34 UTC (rev
7587)
@@ -1094,8 +1094,7 @@
typedef enum
{
MHD_GNUTLS_CRT_UNKNOWN = 0,
- MHD_GNUTLS_CRT_X509 = 1,
- MHD_GNUTLS_CRT_OPENPGP
+ MHD_GNUTLS_CRT_X509 = 1
} gnutls_certificate_type_t;
typedef enum
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r7587 - in libmicrohttpd/src: daemon/https daemon/https/tls include,
gnunet <=