[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-147-g30fbfb
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-147-g30fbfb4 |
|
Date: |
Fri, 19 Aug 2011 15:17:37 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=30fbfb463e354eb02689254bb103a3dc3897ea0a
The branch, gnutls_3_0_x has been updated
via 30fbfb463e354eb02689254bb103a3dc3897ea0a (commit)
via 92113c658c0e22f0cccaea94631dd0aa03d00155 (commit)
via a48fe1a59ed9e455e00809ff95a42cb801b98a41 (commit)
via 8dc10ad0653df5b18400d8ab6eee5f9674e543ad (commit)
via e38bbdaf103a1c8339701d83edb1989e626eff7e (commit)
via 5827d11f30a112811c6e3af9db9f8e06f8d9db82 (commit)
via a2ab2dd8f15ff20bf6c047a8f65c07371cdea410 (commit)
via 8170275c4a00f7aaaabf64deb02caafa88388837 (commit)
from a43a5f434ddf24f8bc63beb42abb632b67ad2a14 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 30fbfb463e354eb02689254bb103a3dc3897ea0a
Merge: a43a5f4 92113c6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 19 17:17:33 2011 +0200
Merge branch 'master' into gnutls_3_0_x
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 33 ++++++++++
NEWS | 3 +-
configure.ac | 2 +-
doc/cha-auth.texi | 16 +++---
gl/Makefile.am | 2 +-
gl/m4/gnulib-cache.m4 | 3 +-
lib/Makefile.am | 2 +-
lib/auth/cert.c | 3 +-
lib/auth/cert.h | 6 +-
lib/gnutls_cert.c | 3 +-
lib/gnutls_str_array.h | 113 +++++++++++++++++++++++++++++++++++
lib/gnutls_x509.c | 135 ++++++++++++++++++++++++++++-------------
lib/openpgp/gnutls_openpgp.c | 53 +++++++++++------
tests/resume.c | 36 ++++++-----
tests/utils.c | 10 ++-
15 files changed, 320 insertions(+), 100 deletions(-)
create mode 100644 lib/gnutls_str_array.h
diff --git a/.gitignore b/.gitignore
index ba6569d..4cc3497 100644
--- a/.gitignore
+++ b/.gitignore
@@ -191,6 +191,39 @@ gl/tests/test-ftell
gl/tests/test-ftell3
gl/tests/test-intprops
gl/tests/test-inttypes
+gl/tests/test-argp
+gl/tests/test-dirent
+gl/tests/test-dup2
+gl/tests/test-environ
+gl/tests/test-frexp-nolibm
+gl/tests/test-frexpl-nolibm
+gl/tests/test-fseeko3
+gl/tests/test-fseterr
+gl/tests/test-getcwd-lgpl
+gl/tests/test-getopt
+gl/tests/test-ignore-value
+gl/tests/test-isnand-nolibm
+gl/tests/test-isnanf-nolibm
+gl/tests/test-isnanl-nolibm
+gl/tests/test-lstat
+gl/tests/test-malloc-gnu
+gl/tests/test-malloca
+gl/tests/test-math
+gl/tests/test-open
+gl/tests/test-printf-frexp
+gl/tests/test-printf-frexpl
+gl/tests/test-rawmemchr
+gl/tests/test-setenv
+gl/tests/test-signbit
+gl/tests/test-sleep
+gl/tests/test-stat
+gl/tests/test-strchrnul
+gl/tests/test-strnlen
+gl/tests/test-symlink
+gl/tests/test-sysexits
+gl/tests/test-unsetenv
+gl/tests/test-vfprintf-posix
+gl/tests/test-vprintf-posix
gl/time.h
gl/unistd.h
gl/warn-on-use.h
diff --git a/NEWS b/NEWS
index f11ca36..330f031 100644
--- a/NEWS
+++ b/NEWS
@@ -7,8 +7,7 @@ See the end for copying conditions.
** libgnutls: gnutls_certificate_set_x509_key_file() and
friends support server name indication. If multiple
certificates are set using these functions the proper one
-will be selected during a handshake, with the limitation
-of a single name per certificate.
+will be selected during a handshake.
** libgnutls: Added AES-256-GCM which was left out from
the previous release. Reported by Benjamin Hof.
diff --git a/configure.ac b/configure.ac
index 141c39f..6971470 100644
--- a/configure.ac
+++ b/configure.ac
@@ -125,7 +125,7 @@ AC_ARG_WITH(p11-kit,
[Build without p11-kit and PKCS#11 support]))
AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
if test "$with_p11_kit" != "no"; then
- PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= 0.2])
+ PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= 0.4])
AC_DEFINE([ENABLE_PKCS11], 1, [Build PKCS#11 support])
CFLAGS="$CFLAGS $P11_KIT_CFLAGS"
LIBS="$LIBS $P11_KIT_LIBS"
diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi
index 92bb12c..0b20115 100644
--- a/doc/cha-auth.texi
+++ b/doc/cha-auth.texi
@@ -186,13 +186,12 @@ algorithm.
@section Anonymous authentication
@cindex anonymous authentication
-The anonymous key exchange performs encryption but there is no
-indication of the identity of the peer. This kind of authentication
-is vulnerable to a man in the middle attack, but this protocol can be
-used even if there is no prior communication and trusted parties with
-the peer, or when full anonymity is required. Unless really required,
-do not use anonymous authentication. Available key exchange methods
-are shown below.
+The anonymous key exchange offers encryption without any
+indication of the peer's identity. This kind of authentication
+is vulnerable to a man in the middle attack, but can be
+used even if there is no prior communication or shared trusted parties
+with the peer. Moreover it is useful when complete anonymity is required.
+Unless in one of the above cases, do not use anonymous authentication.
Note that the key exchange methods for anonymous authentication
require Diffie-Hellman parameters to be generated by the server and
@@ -204,7 +203,8 @@ The initialization functions for the credentials are shown
below.
@showfuncD{gnutls_anon_allocate_server_credentials,gnutls_anon_allocate_client_credentials,gnutls_anon_free_server_credentials,gnutls_anon_free_client_credentials}
-The supported anonymous key exchange algorithms are:
+The available key exchange algorithms for anonymous authentication are
+shown below.
@table @code
diff --git a/gl/Makefile.am b/gl/Makefile.am
index 1843279..7ccc3b5 100644
--- a/gl/Makefile.am
+++ b/gl/Makefile.am
@@ -9,7 +9,7 @@
# the same distribution terms as the rest of that program.
#
# Generated by gnulib-tool.
-# Reproduce by: gnulib-tool --import --dir=. --local-dir=gl/override
--lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc
--tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests
--avoid=lseek-tests --no-conditional-dependencies --libtool --macro-prefix=gl
--no-vc-files alloca alphasort argp byteswap c-ctype crypto/hmac-md5 crypto/md5
error extensions func getpass getsubopt gettext gettime havelib lib-msvc-compat
lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb
netinet_in progname read-file scandir snprintf sockets socklen stdint strcase
strverscmp sys_socket sys_stat time_r timespec u64 unistd valgrind-tests
vasprintf version-etc version-etc-fsf vprintf-posix vsnprintf warnings
+# Reproduce by: gnulib-tool --import --dir=. --local-dir=gl/override
--lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc
--tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests
--avoid=lseek-tests --no-conditional-dependencies --libtool --macro-prefix=gl
--no-vc-files alloca alphasort argp byteswap c-ctype crypto/hmac-md5 crypto/md5
error extensions func getpass getsubopt gettext gettime havelib lib-msvc-compat
lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb
netinet_in progname read-file scandir snprintf sockets socklen stdint strcase
strverscmp sys_socket sys_stat time_r timespec u64 unistd valgrind-tests
vasprintf version-etc version-etc-fsf vfprintf-posix vprintf-posix vsnprintf
warnings
AUTOMAKE_OPTIONS = 1.5 gnits
diff --git a/gl/m4/gnulib-cache.m4 b/gl/m4/gnulib-cache.m4
index 8635147..950e51b 100644
--- a/gl/m4/gnulib-cache.m4
+++ b/gl/m4/gnulib-cache.m4
@@ -15,7 +15,7 @@
# Specification in the form of a command-line invocation:
-# gnulib-tool --import --dir=. --local-dir=gl/override --lib=libgnu
--source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests
--aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lseek-tests
--no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca
alphasort argp byteswap c-ctype crypto/hmac-md5 crypto/md5 error extensions
func getpass getsubopt gettext gettime havelib lib-msvc-compat
lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb
netinet_in progname read-file scandir snprintf sockets socklen stdint strcase
strverscmp sys_socket sys_stat time_r timespec u64 unistd valgrind-tests
vasprintf version-etc version-etc-fsf vprintf-posix vsnprintf warnings
+# gnulib-tool --import --dir=. --local-dir=gl/override --lib=libgnu
--source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests
--aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lseek-tests
--no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca
alphasort argp byteswap c-ctype crypto/hmac-md5 crypto/md5 error extensions
func getpass getsubopt gettext gettime havelib lib-msvc-compat
lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb
netinet_in progname read-file scandir snprintf sockets socklen stdint strcase
strverscmp sys_socket sys_stat time_r timespec u64 unistd valgrind-tests
vasprintf version-etc version-etc-fsf vfprintf-posix vprintf-posix vsnprintf
warnings
# Specification in the form of a few gnulib-tool.m4 macro invocations:
gl_LOCAL_DIR([gl/override])
@@ -62,6 +62,7 @@ gl_MODULES([
vasprintf
version-etc
version-etc-fsf
+ vfprintf-posix
vprintf-posix
vsnprintf
warnings
diff --git a/lib/Makefile.am b/lib/Makefile.am
index a6879c2..f03274e 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -89,7 +89,7 @@ HFILES = abstract_int.h debug.h gnutls_compress.h
gnutls_cipher.h \
x509_b64.h gnutls_v2_compat.h gnutls_datum.h \
gnutls_mpi.h gnutls_pk.h gnutls_record.h \
gnutls_constate.h gnutls_global.h gnutls_sig.h gnutls_mem.h \
- gnutls_session_pack.h gnutls_str.h \
+ gnutls_session_pack.h gnutls_str.h gnutls_str_arrary.h \
gnutls_state.h gnutls_x509.h crypto-backend.h \
gnutls_rsa_export.h gnutls_srp.h auth/srp.h auth/srp_passwd.h \
gnutls_helper.h gnutls_supplemental.h crypto.h random.h system.h\
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 6aa37b9..e692797 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -2146,8 +2146,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
{
for (i = 0; i < cred->ncerts; i++)
{
-fprintf(stderr, "\n*** name[i]: %s, req: %s\n\n", cred->certs[i].name,
server_name);
- if (cred->certs[i].name != NULL && strcasecmp(cred->certs[i].name,
server_name) == 0)
+ if (cred->certs[i].names != NULL &&
_gnutls_str_array_match(cred->certs[i].names, server_name) != 0)
{
/* if requested algorithms are also compatible select it */
gnutls_pk_algorithm pk =
diff --git a/lib/auth/cert.h b/lib/auth/cert.h
index 5b0d15f..176d214 100644
--- a/lib/auth/cert.h
+++ b/lib/auth/cert.h
@@ -28,11 +28,12 @@
#include "openpgp/openpgp_int.h"
#include <gnutls/abstract.h>
#include <gnutls/compat.h>
+#include <gnutls_str_array.h>
typedef struct {
gnutls_pcert_st * cert_list; /* a certificate chain */
unsigned int cert_list_length; /* its length */
- char* name; /* the name of the first certificate - only 1 allowed*/
+ gnutls_str_array_t names; /* the names in the first certificate */
} certs_st;
/* This structure may be complex, but it's the only way to
@@ -153,7 +154,8 @@ int _gnutls_get_auth_info_pcert (gnutls_pcert_st* gcert,
cert_auth_info_t info);
int certificate_credential_append_crt_list (gnutls_certificate_credentials_t
- res, const char* name,
gnutls_pcert_st* crt, int nr);
+ res, gnutls_str_array_t names,
+ gnutls_pcert_st* crt, int nr);
int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
gnutls_privkey_t pkey);
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index c5a872f..e72a662 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -37,6 +37,7 @@
#include <gnutls_state.h>
#include <gnutls_auth.h>
#include <gnutls_x509.h>
+#include <gnutls_str_array.h>
#include "x509/x509_int.h"
#ifdef ENABLE_OPENPGP
#include "openpgp/gnutls_openpgp.h"
@@ -63,7 +64,7 @@ gnutls_certificate_free_keys
(gnutls_certificate_credentials_t sc)
gnutls_pcert_deinit (&sc->certs[i].cert_list[j]);
}
gnutls_free (sc->certs[i].cert_list);
- gnutls_free (sc->certs[i].name);
+ _gnutls_str_array_clear (&sc->certs[i].names);
}
gnutls_free (sc->certs);
diff --git a/lib/gnutls_str_array.h b/lib/gnutls_str_array.h
new file mode 100644
index 0000000..7cc1ec2
--- /dev/null
+++ b/lib/gnutls_str_array.h
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2011 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef GNUTLS_STR_ARRAY_H
+#define GNUTLS_STR_ARRAY_H
+
+#include <gnutls_int.h>
+
+/* Functionality to allow an array of strings. Strings
+ * are allowed to be added to the list and matched against it.
+ */
+
+typedef struct gnutls_str_array_st
+{
+ char* str;
+ int len;
+ struct gnutls_str_array_st* next;
+} *gnutls_str_array_t;
+
+inline static void _gnutls_str_array_init(gnutls_str_array_t* head)
+{
+ *head = NULL;
+}
+
+inline static void _gnutls_str_array_clear (gnutls_str_array_t *head)
+{
+ gnutls_str_array_t prev, array = *head;
+
+ while(array != NULL)
+ {
+ prev = array;
+ array = prev->next;
+ gnutls_free(prev);
+ }
+ *head = NULL;
+}
+
+inline static int _gnutls_str_array_match (gnutls_str_array_t head, const
char* str)
+{
+ gnutls_str_array_t array = head;
+
+ while(array != NULL)
+ {
+ if (strcmp(array->str, str) == 0) return 1;
+ array = array->next;
+ }
+
+ return 0;
+}
+
+inline static void append(gnutls_str_array_t array, const char* str, int len)
+{
+ array->str = ((uint8_t*)array) + sizeof(struct gnutls_str_array_st);
+ memcpy(array->str, str, len);
+ array->str[len] = 0;
+ array->len = len;
+ array->next = NULL;
+}
+
+inline static int _gnutls_str_array_append (gnutls_str_array_t* head, const
char* str, int len)
+{
+ gnutls_str_array_t prev, array;
+ if (*head == NULL)
+ {
+ *head = gnutls_malloc(len + 1 + sizeof(struct gnutls_str_array_st));
+ if (*head == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ array = *head;
+ append(array, str, len);
+ }
+ else
+ {
+ array = *head;
+ prev = array;
+ while(array != NULL)
+ {
+ prev = array;
+ array = prev->next;
+ }
+ prev->next = gnutls_malloc(len + 1 + sizeof(struct gnutls_str_array_st));
+
+ array = prev->next;
+
+ if (array == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ append(array, str, len);
+ }
+
+ return 0;
+}
+
+#endif
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 774454a..96d280d 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -41,6 +41,7 @@
#include <gnutls_x509.h>
#include "x509/common.h"
#include "x509/x509_int.h"
+#include <gnutls_str_array.h>
#include "read-file.h"
/*
@@ -210,38 +211,53 @@ _gnutls_check_key_cert_match
(gnutls_certificate_credentials_t res)
/* Returns the name of the certificate of a null name
*/
-static void get_x509_name(gnutls_x509_crt_t crt, char* name, size_t
max_name_size)
+static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t *names)
{
size_t max_size;
-int i, ret = 0;
-
- name[0] = 0;
+int i, ret = 0, ret2;
+char name[MAX_CN];
for (i = 0; !(ret < 0); i++)
{
- max_size = max_name_size;
+ max_size = sizeof(name);
- ret = gnutls_x509_crt_get_subject_alt_name(crt, 0, name, &max_size,
NULL);
+ ret = gnutls_x509_crt_get_subject_alt_name(crt, i, name, &max_size,
NULL);
if (ret == GNUTLS_SAN_DNSNAME)
- return;
+ {
+ ret2 = _gnutls_str_array_append(names, name, max_size);
+ if (ret2 < 0)
+ {
+ _gnutls_str_array_clear(names);
+ return gnutls_assert_val(ret2);
+ }
+ }
}
- max_size = max_name_size;
- gnutls_x509_crt_get_dn_by_oid (crt, OID_X520_COMMON_NAME, 0, 0, name,
&max_size);
+ max_size = sizeof(name);
+ ret = gnutls_x509_crt_get_dn_by_oid (crt, OID_X520_COMMON_NAME, 0, 0, name,
&max_size);
+ if (ret >= 0)
+ {
+ ret = _gnutls_str_array_append(names, name, max_size);
+ if (ret < 0)
+ {
+ _gnutls_str_array_clear(names);
+ return gnutls_assert_val(ret);
+ }
+ }
+
+ return 0;
}
-static void get_x509_name_raw(gnutls_datum_t *raw, gnutls_x509_crt_fmt_t type,
char* name, size_t max_name_size)
+static int get_x509_name_raw(gnutls_datum_t *raw, gnutls_x509_crt_fmt_t type,
gnutls_str_array_t *names)
{
int ret;
gnutls_x509_crt_t crt;
- name[0] = 0;
-
ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
{
gnutls_assert ();
- return;
+ return ret;
}
ret = gnutls_x509_crt_import (crt, raw, type);
@@ -249,12 +265,12 @@ gnutls_x509_crt_t crt;
{
gnutls_assert ();
gnutls_x509_crt_deinit (crt);
- return;
+ return ret;
}
- get_x509_name(crt, name, max_name_size);
+ ret = get_x509_name(crt, names);
gnutls_x509_crt_deinit (crt);
- return;
+ return ret;
}
/* Reads a DER encoded certificate list from memory and stores it to a
@@ -268,7 +284,9 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
gnutls_x509_crt_t crt;
gnutls_pcert_st *ccert;
int ret;
- char name[MAX_CN];
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
ccert = gnutls_malloc (sizeof (*ccert));
if (ccert == NULL)
@@ -295,7 +313,13 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
goto cleanup;
}
- get_x509_name(crt, name, sizeof(name));
+ ret = get_x509_name(crt, &names);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ gnutls_x509_crt_deinit (crt);
+ goto cleanup;
+ }
ret = gnutls_pcert_import_x509 (ccert, crt, 0);
gnutls_x509_crt_deinit (crt);
@@ -306,7 +330,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
goto cleanup;
}
- ret = certificate_credential_append_crt_list (res, name, ccert, 1);
+ ret = certificate_credential_append_crt_list (res, names, ccert, 1);
if (ret < 0)
{
gnutls_assert ();
@@ -316,6 +340,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
return ret;
cleanup:
+ _gnutls_str_array_clear(&names);
gnutls_free (ccert);
return ret;
}
@@ -332,7 +357,9 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
gnutls_datum_t tmp;
int ret, count, i;
gnutls_pcert_st *certs = NULL;
- char name[MAX_CN];
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
/* move to the certificate
*/
@@ -365,7 +392,15 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
tmp.data = (void*)ptr;
tmp.size = size;
- if (count == 0) get_x509_name_raw(&tmp, GNUTLS_X509_FMT_PEM, name,
sizeof(name));
+ if (count == 0)
+ {
+ ret = get_x509_name_raw(&tmp, GNUTLS_X509_FMT_PEM, &names);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
ret = gnutls_pcert_import_x509_raw (&certs[count], &tmp,
GNUTLS_X509_FMT_PEM, 0);
if (ret < 0)
@@ -400,7 +435,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
}
while (ptr != NULL);
- ret = certificate_credential_append_crt_list (res, name, certs, count);
+ ret = certificate_credential_append_crt_list (res, names, certs, count);
if (ret < 0)
{
gnutls_assert ();
@@ -410,6 +445,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
return count;
cleanup:
+ _gnutls_str_array_clear(&names);
for (i=0;i<count;i++)
gnutls_pcert_deinit(&certs[i]);
gnutls_free(certs);
@@ -675,7 +711,9 @@ read_cert_url (gnutls_certificate_credentials_t res, const
char *url)
int ret;
gnutls_x509_crt_t crt;
gnutls_pcert_st *ccert;
- char name[MAX_CN];
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
ccert = gnutls_malloc (sizeof (*ccert));
if (ccert == NULL)
@@ -688,8 +726,7 @@ read_cert_url (gnutls_certificate_credentials_t res, const
char *url)
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
ret = gnutls_x509_crt_import_pkcs11_url (crt, url, 0);
@@ -701,12 +738,17 @@ read_cert_url (gnutls_certificate_credentials_t res,
const char *url)
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
gnutls_x509_crt_deinit (crt);
- return ret;
+ goto cleanup;
}
- get_x509_name(crt, name, sizeof(name));
+ ret = get_x509_name(crt, &names);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crt_deinit (crt);
+ goto cleanup;
+ }
ret = gnutls_pcert_import_x509 (ccert, crt, 0);
gnutls_x509_crt_deinit (crt);
@@ -714,20 +756,22 @@ read_cert_url (gnutls_certificate_credentials_t res,
const char *url)
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
- ret = certificate_credential_append_crt_list (res, name, ccert, 1);
+ ret = certificate_credential_append_crt_list (res, names, ccert, 1);
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
return 0;
+cleanup:
+ _gnutls_str_array_clear(&names);
+ gnutls_free (ccert);
+ return ret;
}
#endif /* ENABLE_PKCS11 */
@@ -913,7 +957,7 @@ cleanup:
int
certificate_credential_append_crt_list (gnutls_certificate_credentials_t res,
- const char* name, gnutls_pcert_st *
crt, int nr)
+ gnutls_str_array_t names,
gnutls_pcert_st * crt, int nr)
{
int ret;
@@ -932,10 +976,7 @@ int ret;
res->certs[res->ncerts].cert_list = crt;
res->certs[res->ncerts].cert_list_length = nr;
- if (name[0] != 0)
- res->certs[res->ncerts].name = gnutls_strdup(name);
- else
- res->certs[res->ncerts].name = NULL;
+ res->certs[res->ncerts].names = names;
return 0;
@@ -987,7 +1028,9 @@ gnutls_certificate_set_x509_key
(gnutls_certificate_credentials_t res,
int ret, i;
gnutls_privkey_t pkey;
gnutls_pcert_st *pcerts = NULL;
- char name[MAX_CN];
+ gnutls_str_array_t names;
+
+ _gnutls_str_array_init(&names);
/* this should be first
*/
@@ -1020,7 +1063,9 @@ gnutls_certificate_set_x509_key
(gnutls_certificate_credentials_t res,
return GNUTLS_E_MEMORY_ERROR;
}
- get_x509_name(cert_list[0], name, sizeof(name));
+ ret = get_x509_name(cert_list[0], &names);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
for (i = 0; i < cert_list_size; i++)
{
@@ -1028,15 +1073,15 @@ gnutls_certificate_set_x509_key
(gnutls_certificate_credentials_t res,
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto cleanup;
}
}
- ret = certificate_credential_append_crt_list (res, name, pcerts,
cert_list_size);
+ ret = certificate_credential_append_crt_list (res, names, pcerts,
cert_list_size);
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto cleanup;
}
res->ncerts++;
@@ -1048,6 +1093,10 @@ gnutls_certificate_set_x509_key
(gnutls_certificate_credentials_t res,
}
return 0;
+
+cleanup:
+ _gnutls_str_array_clear(&names);
+ return ret;
}
/**
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index 9696e67..2d2afd5 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -87,12 +87,15 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
gnutls_openpgp_crt_t crt,
gnutls_openpgp_privkey_t pkey)
{
- int ret;
+ int ret, ret2, i;
gnutls_privkey_t privkey;
- gnutls_pcert_st *ccert;
+ gnutls_pcert_st *ccert = NULL;
char name[MAX_CN];
- size_t name_size = sizeof(name);
+ size_t max_size;
+ gnutls_str_array_t names;
+ _gnutls_str_array_init(&names);
+
/* this should be first */
ret = gnutls_privkey_init (&privkey);
@@ -107,42 +110,50 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
{
- gnutls_privkey_deinit (privkey);
gnutls_assert ();
- return ret;
+ goto cleanup;
}
- ret = gnutls_openpgp_crt_get_name(crt, 0, name, &name_size);
- if (ret < 0)
- name[0] = 0;
-
ccert = gnutls_calloc (1, sizeof (gnutls_pcert_st));
if (ccert == NULL)
{
gnutls_assert ();
- gnutls_privkey_deinit (privkey);
- return GNUTLS_E_MEMORY_ERROR;
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ max_size = sizeof(name);
+ ret = 0;
+ for (i = 0; !(ret < 0); i++)
+ {
+ ret = gnutls_openpgp_crt_get_name(crt, i, name, &max_size);
+ if (ret >= 0)
+ {
+ ret2 = _gnutls_str_array_append(&names, name, max_size);
+ if (ret2 < 0)
+ {
+ gnutls_assert();
+ ret = ret2;
+ goto cleanup;
+ }
+ }
}
ret = gnutls_pcert_import_openpgp (ccert, crt, 0);
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- gnutls_privkey_deinit (privkey);
- return ret;
+ goto cleanup;
}
ret = certificate_credentials_append_pkey (res, privkey);
if (ret >= 0)
- ret = certificate_credential_append_crt_list (res, name, ccert, 1);
+ ret = certificate_credential_append_crt_list (res, names, ccert, 1);
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- gnutls_privkey_deinit (privkey);
- return ret;
+ goto cleanup;
}
res->ncerts++;
@@ -150,6 +161,12 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
/* FIXME: Check if the keys match. */
return 0;
+
+cleanup:
+ gnutls_privkey_deinit (privkey);
+ gnutls_free (ccert);
+ _gnutls_str_array_clear(&names);
+ return ret;
}
/*-
diff --git a/tests/resume.c b/tests/resume.c
index 6037989..129a9d8 100644
--- a/tests/resume.c
+++ b/tests/resume.c
@@ -65,18 +65,16 @@ pid_t child;
struct params_res resume_tests[] = {
{"try to resume from db", 50, 0, 0, 1},
-#ifdef ENABLE_SESSION_TICKET
{"try to resume from session ticket", 0, 1, 1, 1},
{"try to resume from session ticket (server only)", 0, 1, 0, 0},
{"try to resume from session ticket (client only)", 0, 0, 1, 0},
-#endif
{NULL, -1}
};
/* A very basic TLS client, with anonymous authentication.
*/
-#define MAX_BUF 1024
+#define MAX_BUF 5*1024
#define MSG "Hello TLS"
static void
@@ -119,16 +117,14 @@ client (struct params_res *params)
gnutls_init (&session, GNUTLS_CLIENT);
/* Use default priorities */
- gnutls_priority_set_direct (session,
"NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
+ gnutls_priority_set_direct (session,
"NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
-#ifdef ENABLE_SESSION_TICKET
if (params->enable_session_ticket_client)
gnutls_session_ticket_enable_client (session);
-#endif
if (t > 0)
{
@@ -180,7 +176,9 @@ client (struct params_res *params)
else
{
if (params->expect_resume)
- fail ("*** Previous session was NOT resumed\n");
+ {
+ fail ("*** Previous session was NOT resumed\n");
+ }
else
{
if (debug)
@@ -205,7 +203,7 @@ client (struct params_res *params)
goto end;
}
- if (debug)
+ if (debug )
{
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
@@ -231,13 +229,12 @@ end:
*/
#define SA struct sockaddr
-#define MAX_BUF 1024
#define PORT 5556 /* listen to 5556 port */
#define DH_BITS 1024
/* These are global */
gnutls_anon_server_credentials_t anoncred;
-gnutls_datum_t session_ticket_key = { NULL, 0 };
+static gnutls_datum_t session_ticket_key = { NULL, 0 };
static gnutls_session_t
initialize_tls_session (struct params_res *params)
@@ -262,10 +259,9 @@ initialize_tls_session (struct params_res *params)
gnutls_db_set_store_function (session, wrap_db_store);
gnutls_db_set_ptr (session, NULL);
}
-#ifdef ENABLE_SESSION_TICKET
+
if (params->enable_session_ticket_server)
gnutls_session_ticket_enable_server (session, &session_ticket_key);
-#endif
return session;
}
@@ -378,10 +374,9 @@ server (struct params_res *params)
{
wrap_db_init ();
}
-#ifdef ENABLE_SESSION_TICKET
+
if (params->enable_session_ticket_server)
gnutls_session_ticket_key_generate (&session_ticket_key);
-#endif
for (t = 0; t < 2; t++)
{
@@ -466,8 +461,7 @@ doit (void)
for (i = 0; resume_tests[i].desc; i++)
{
- if (debug)
- printf ("%s\n", resume_tests[i].desc);
+ printf ("%s\n", resume_tests[i].desc);
global_start ();
if (error_count)
@@ -487,12 +481,16 @@ doit (void)
/* parent */
server (&resume_tests[i]);
wait (&status);
+ if (WEXITSTATUS(status) > 0)
+ error_count++;
global_stop ();
}
else
{
client (&resume_tests[i]);
gnutls_global_deinit ();
+ if (error_count)
+ exit(1);
exit (0);
}
}
@@ -504,7 +502,7 @@ doit (void)
*/
#define MAX_SESSION_ID_SIZE 32
-#define MAX_SESSION_DATA_SIZE 512
+#define MAX_SESSION_DATA_SIZE 1024
typedef struct
{
@@ -566,6 +564,7 @@ wrap_db_store (void *dbf, gnutls_datum_t key,
gnutls_datum_t data)
if (key.size > MAX_SESSION_ID_SIZE)
return -1;
+
if (data.size > MAX_SESSION_DATA_SIZE)
return -1;
@@ -637,6 +636,9 @@ wrap_db_fetch (void *dbf, gnutls_datum_t key)
return res;
}
}
+
+ if (debug)
+ success ("resume db fetch... NOT FOUND\n");
return res;
}
diff --git a/tests/utils.c b/tests/utils.c
index c8ed853..f4b8c4a 100644
--- a/tests/utils.c
+++ b/tests/utils.c
@@ -22,7 +22,7 @@
*/
#ifdef HAVE_CONFIG_H
-#include "config.h"
+#include <config.h>
#endif
#include <stdio.h>
@@ -44,11 +44,13 @@ const char *pkcs3 =
void
fail (const char *format, ...)
{
+ char str[1024];
va_list arg_ptr;
va_start (arg_ptr, format);
- vfprintf (stderr, format, arg_ptr);
+ vsnprintf ( str, sizeof(str), format, arg_ptr);
va_end (arg_ptr);
+ fputs(str, stderr);
error_count++;
if (break_on_error)
exit (1);
@@ -57,11 +59,13 @@ fail (const char *format, ...)
void
success (const char *format, ...)
{
+ char str[1024];
va_list arg_ptr;
va_start (arg_ptr, format);
- vfprintf (stderr, format, arg_ptr);
+ vsnprintf ( str, sizeof(str), format, arg_ptr);
va_end (arg_ptr);
+ fputs(str, stderr);
}
void
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-147-g30fbfb4,
Nikos Mavrogiannopoulos <=