[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-24-g547996d
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-24-g547996d |
|
Date: |
Sat, 21 Jan 2012 10:42:14 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=547996d1eef7aced45c2d94a90fa9a03aa03596b
The branch, master has been updated
via 547996d1eef7aced45c2d94a90fa9a03aa03596b (commit)
via 3ab6c438f5ede67b955074711002f9d64ef821ed (commit)
via b2f8a10a352a41f72e7faf3fa2ee87b2c3c3b892 (commit)
via c1cbb1c9dff9468adad6f6f5915ae887a703229c (commit)
via 558bd61dd76c064be9aff0be8ef5c7240bd81747 (commit)
from b399c12ca778ce35764c794918eca4c7bbed6ed2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 547996d1eef7aced45c2d94a90fa9a03aa03596b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jan 21 11:45:53 2012 +0100
Do not store auto-generated manpages to git.
commit 3ab6c438f5ede67b955074711002f9d64ef821ed
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jan 21 11:42:01 2012 +0100
uploaded for new legacy sec level
commit b2f8a10a352a41f72e7faf3fa2ee87b2c3c3b892
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jan 21 11:34:02 2012 +0100
Added missing files.
commit c1cbb1c9dff9468adad6f6f5915ae887a703229c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jan 21 11:33:37 2012 +0100
Added functions to parse authority key identifiers when stored as a
'general name' and serial combo.
commit 558bd61dd76c064be9aff0be8ef5c7240bd81747
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jan 21 09:52:09 2012 +0100
Corrected bug in _gnutls_parse_aia()
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 10 +-
NEWS | 6 +-
README-alpha | 1 +
configure.ac | 2 +-
doc/manpages/gnutls-cli-debug.1 | 81 ------
doc/manpages/gnutls-serv.1 | 201 --------------
doc/manpages/psktool.1 | 95 -------
doc/manpages/srptool.1 | 130 ---------
lib/gnutls_errors.c | 2 +
lib/includes/gnutls/gnutls.h.in | 1 +
lib/includes/gnutls/x509.h | 8 +
lib/x509/crl.c | 173 +++++++++----
lib/x509/output.c | 166 +++++++++----
lib/x509/x509.c | 276 ++++++++++++-------
src/cli-args.c | 2 +-
src/cli-args.h | 2 +-
src/{srptool-args.c => cli-debug-args.c} | 281 +++++++-------------
src/{srptool-args.h => cli-debug-args.h} | 92 +++----
src/{srptool-args.c => psk-args.c} | 219 ++++++----------
src/{srptool-args.h => psk-args.h} | 90 +++----
src/serv-args.c | 2 +-
src/serv-args.h | 2 +-
src/srptool-args.c | 2 +-
src/srptool-args.h | 2 +-
tests/Makefile.am | 2 +-
tests/{pathlen => cert-tests}/Makefile.am | 6 +-
tests/{userid/userid => cert-tests/aki} | 23 +-
tests/cert-tests/aki-cert.pem | 117 ++++++++
tests/{pathlen => cert-tests}/ca-no-pathlen.pem | 2 +-
tests/{pathlen => cert-tests}/no-ca-or-pathlen.pem | 2 +-
tests/{pathlen => cert-tests}/pathlen | 0
31 files changed, 849 insertions(+), 1149 deletions(-)
delete mode 100644 doc/manpages/gnutls-cli-debug.1
delete mode 100644 doc/manpages/gnutls-serv.1
delete mode 100644 doc/manpages/psktool.1
delete mode 100644 doc/manpages/srptool.1
copy src/{srptool-args.c => cli-debug-args.c} (60%)
copy src/{srptool-args.h => cli-debug-args.h} (67%)
copy src/{srptool-args.c => psk-args.c} (70%)
copy src/{srptool-args.h => psk-args.h} (68%)
rename tests/{pathlen => cert-tests}/Makefile.am (88%)
copy tests/{userid/userid => cert-tests/aki} (75%)
create mode 100644 tests/cert-tests/aki-cert.pem
rename tests/{pathlen => cert-tests}/ca-no-pathlen.pem (97%)
rename tests/{pathlen => cert-tests}/no-ca-or-pathlen.pem (99%)
rename tests/{pathlen => cert-tests}/pathlen (100%)
diff --git a/.gitignore b/.gitignore
index a80e064..6a73e0b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -421,12 +421,8 @@ po/quot.sed
po/remove-potcdate.sed
po/remove-potcdate.sin
po/stamp-po
-src/cli-debug-args.c
src/cli-debug-args.def
-src/cli-debug-args.h
-src/psk-args.c
src/psk-args.def
-src/psk-args.h
src/cli-args.def
src/srptool-args.def
src/Makefile
@@ -555,9 +551,13 @@ tests/slow/keygen
tests/slow/gendh
doc/reference/*.bak
doc/manpages/gnutls_*.3
+doc/manpages/gnutls-cli.1
+doc/manpages/gnutls-cli-debug.1
+doc/manpages/gnutls-serv.1
+doc/manpages/psktool.1
+doc/manpages/srptool.1
doc/examples/ex-ocsp-client
doc/examples/ex-ocsp-verify
-doc/manpages/gnutls-cli.1
doc/examples/ex-client-anon
doc/examples/ex-client-dtls
doc/examples/ex-client-x509
diff --git a/NEWS b/NEWS
index 90bf462..1c32bc8 100644
--- a/NEWS
+++ b/NEWS
@@ -11,8 +11,12 @@ to account for security level of 96-bits.
known CAs and only a single certificate is set in the credentials,
sent that one.
+** libgnutls: Added functions to parse authority key identifiers
+when stored as a 'general name' and serial combo.
+
** API and ABI modifications:
-No changes since last version.
+gnutls_x509_crt_get_authority_key_an_serial: Added
+gnutls_x509_crl_get_authority_key_an_serial: Added
* Version 3.0.12 (released 2012-01-20)
diff --git a/README-alpha b/README-alpha
index fe8ab71..3412e5d 100644
--- a/README-alpha
+++ b/README-alpha
@@ -10,6 +10,7 @@ We require several tools to build the software, including:
- Make <http://www.gnu.org/software/make/>
- Automake <http://www.gnu.org/software/automake/>
- Autoconf <http://www.gnu.org/software/autoconf/>
+- Autogen <http://www.gnu.org/software/autogen/>
- Libtool <http://www.gnu.org/software/libtool/>
- Gettext <http://www.gnu.org/software/gettext/>
- Texinfo <http://www.gnu.org/software/texinfo/>
diff --git a/configure.ac b/configure.ac
index c0a4a0f..1917e12 100644
--- a/configure.ac
+++ b/configure.ac
@@ -501,7 +501,7 @@ AC_CONFIG_FILES([
tests/ecdsa/Makefile
tests/key-id/Makefile
tests/openpgp-certs/Makefile
- tests/pathlen/Makefile
+ tests/cert-tests/Makefile
tests/pkcs1-padding/Makefile
tests/pkcs12-decode/Makefile
tests/pkcs8-decode/Makefile
diff --git a/doc/manpages/gnutls-cli-debug.1 b/doc/manpages/gnutls-cli-debug.1
deleted file mode 100644
index 95ab9f3..0000000
--- a/doc/manpages/gnutls-cli-debug.1
+++ /dev/null
@@ -1,81 +0,0 @@
-.TH gnutls-cli-debug 1 "21 Jan 2012" "3.0.12" "User Commands"
-.\"
-.\" DO NOT EDIT THIS FILE (cli-debug-args.man)
-.\"
-.\" It has been AutoGen-ed January 21, 2012 at 02:00:25 AM by AutoGen 5.12
-.\" From the definitions ../../src/cli-debug-args.def
-.\" and the template file agman-cmd.tpl
-.\"
-.SH NAME
-gnutls-cli-debug \- GnuTLS debug client
-.SH SYNOPSIS
-.B gnutls-cli-debug
-.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=|
]\fIvalue\fP]]..."
-.PP
-Operands and options may be intermixed. They will be reordered.
-.SH "DESCRIPTION"
-TLS debug client. It sets up multiple TLS connections to
-a server and queries its capabilities. Can be used to check for servers with
-special needs or bugs.
-.SH "OPTIONS"
-.TP
-.BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP
-Enable debugging.
-This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
-.in +4
-.nf
-.na
-in the range 0 through 9999
-.fi
-.in -4
-.sp
-.TP
-.BR \-V ", " -\-verbose
-More verbose output.
-This option may appear an unlimited number of times.
-.sp
-.TP
-.BR \-p " \fInumber\fP, " \-\-port "=" \fInumber\fP
-The port to connect to.
-This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
-.in +4
-.nf
-.na
-in the range 0 through 65536
-.fi
-.in -4
-.sp
-.TP
-.BR \-? , " \-\-help"
-Display usage information and exit.
-.TP
-.BR \-! , " \-\-more-help"
-Pass the extended usage information through a pager.
-.TP
-.BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
-Output version of program and exit. The default mode is `v', a simple
-version. The `c' mode will print copyright information and `n' will
-print the full copyright notice.
-.SH "EXIT STATUS"
-One of the following exit values will be returned:
-.TP
-.BR 0
-Successful program execution.
-.TP
-.BR 1
-The operation failed or the command syntax was not valid.
-.SH "SEE ALSO"
-gnutls-cli(1), gnutls-serv(1)
-.SH "AUTHORS"
-Nikos Mavrogiannopoulos and Simon Josefsson
-.SH "COPYRIGHT"
-Copyright (C) 2000-2012 Free Software Foundation all rights reserved.
-This program is released under the terms of the GNU General Public License,
version 3 or later.
-.SH "BUGS"
-Please send bug reports to: address@hidden
-.SH "NOTES"
-This manual page was \fIAutoGen\fP-erated from the \fBgnutls-cli-debug\fP
-option definitions.
diff --git a/doc/manpages/gnutls-serv.1 b/doc/manpages/gnutls-serv.1
deleted file mode 100644
index fda8e23..0000000
--- a/doc/manpages/gnutls-serv.1
+++ /dev/null
@@ -1,201 +0,0 @@
-.TH gnutls-serv 1 "21 Jan 2012" "3.0.12" "User Commands"
-.\"
-.\" DO NOT EDIT THIS FILE (serv-args.man)
-.\"
-.\" It has been AutoGen-ed January 21, 2012 at 01:58:11 AM by AutoGen 5.12
-.\" From the definitions ../../src/serv-args.def
-.\" and the template file agman-cmd.tpl
-.\"
-.SH NAME
-gnutls-serv \- GnuTLS server
-.SH SYNOPSIS
-.B gnutls-serv
-.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=|
]\fIvalue\fP]]..."
-.PP
-Operands and options may be intermixed. They will be reordered.
-.SH "DESCRIPTION"
-Server program that listens to incoming TLS connections.
-.SH "OPTIONS"
-.TP
-.BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP
-Enable debugging.
-This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
-.in +4
-.nf
-.na
-in the range 0 through 9999
-.fi
-.in -4
-.sp
-.TP
-.BR \-\-noticket
-Don't accept session tickets.
-.sp
-.TP
-.BR \-g ", " -\-generate
-Generate Diffie-Hellman and RSA-export parameters.
-.sp
-.TP
-.BR \-q ", " -\-quiet
-Suppress some messages.
-.sp
-.TP
-.BR \-\-nodb
-Do not use a resumption database.
-.sp
-.TP
-.BR \-\-http
-Act as an HTTP server.
-.sp
-.TP
-.BR \-\-echo
-Act as an Echo server.
-.sp
-.TP
-.BR \-u ", " -\-udp
-Use DTLS (datagram TLS) over UDP.
-.sp
-.TP
-.BR \-\-mtu "=\fInumber\fP"
-Set MTU for datagram TLS.
-This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
-.in +4
-.nf
-.na
-in the range 0 through 17000
-.fi
-.in -4
-.sp
-.TP
-.BR \-a ", " -\-disable\-client\-cert
-Do not request a client certificate.
-.sp
-.TP
-.BR \-r ", " -\-require\-client\-cert
-Require a client certificate.
-.sp
-.TP
-.BR \-\-x509fmtder
-Use DER format for certificates to read from.
-.sp
-.TP
-.BR \-\-priority "=\fIstring\fP"
-Priorities string.
-.sp
-TLS algorithms and protocols to enable. You can
-use predefined sets of ciphersuites such as PERFORMANCE,
-NORMAL, SECURE128, SECURE256.
-Check the GnuTLS manual on section ``Priority strings'' for more
-information on allowed keywords
-.TP
-.BR \-\-dhparams "=\fIfile\fP"
-DH params file to use.
-.sp
-.TP
-.BR \-\-x509cafile "=\fIfile\fP"
-Certificate file or PKCS #11 URL to use.
-.sp
-.TP
-.BR \-\-x509crlfile "=\fIfile\fP"
-CRL file to use.
-.sp
-.TP
-.BR \-\-pgpkeyfile "=\fIfile\fP"
-PGP Key file to use.
-.sp
-.TP
-.BR \-\-pgpkeyring "=\fIfile\fP"
-PGP Key ring file to use.
-.sp
-.TP
-.BR \-\-pgpcertfile "=\fIfile\fP"
-PGP Public Key (certificate) file to use.
-.sp
-.TP
-.BR \-\-x509keyfile "=\fIfile\fP"
-X.509 key file or PKCS #11 URL to use.
-.sp
-.TP
-.BR \-\-x509certfile "=\fIfile\fP"
-X.509 Certificate file or PKCS #11 URL to use.
-.sp
-.TP
-.BR \-\-x509dsakeyfile "=\fIfile\fP"
-Alternative X.509 key file or PKCS #11 URL to use.
-.sp
-.TP
-.BR \-\-x509dsacertfile "=\fIfile\fP"
-Alternative X.509 Certificate file or PKCS #11 URL to use.
-.sp
-.TP
-.BR \-\-x509ecckeyfile "=\fIfile\fP"
-Alternative X.509 key file or PKCS #11 URL to use.
-.sp
-.TP
-.BR \-\-x509ecccertfile "=\fIfile\fP"
-Alternative X.509 Certificate file or PKCS #11 URL to use.
-.sp
-.TP
-.BR \-\-pgpsubkey "=\fIstring\fP"
-PGP subkey to use (hex or auto).
-.sp
-.TP
-.BR \-\-srppasswd "=\fIfile\fP"
-SRP password file to use.
-.sp
-.TP
-.BR \-\-srppasswdconf "=\fIfile\fP"
-SRP password configuration file to use.
-.sp
-.TP
-.BR \-\-pskpasswd "=\fIfile\fP"
-PSK password file to use.
-.sp
-.TP
-.BR \-\-pskhint "=\fIstring\fP"
-PSK identity hint to use.
-.sp
-.TP
-.BR \-p " \fInumber\fP, " \-\-port "=" \fInumber\fP
-The port to connect to.
-This option takes an integer number as its argument.
-.sp
-.TP
-.BR \-l " \fIstring\fP, " \-\-list "=" \fIstring\fP
-Print a list of the supported algorithms and modes.
-.sp
-Print a list of the supported algorithms and modes. If a priority string is
given then only the enabled ciphersuites are shown.
-.TP
-.BR \-? , " \-\-help"
-Display usage information and exit.
-.TP
-.BR \-! , " \-\-more-help"
-Pass the extended usage information through a pager.
-.TP
-.BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
-Output version of program and exit. The default mode is `v', a simple
-version. The `c' mode will print copyright information and `n' will
-print the full copyright notice.
-.SH "EXIT STATUS"
-One of the following exit values will be returned:
-.TP
-.BR 0
-Successful program execution.
-.TP
-.BR 1
-The operation failed or the command syntax was not valid.
-.SH "SEE ALSO"
-gnutls-cli-debug(1), gnutls-cli(1)
-.SH "AUTHORS"
-Nikos Mavrogiannopoulos and Simon Josefsson
-.SH "COPYRIGHT"
-Copyright (C) 2000-2012 Free Software Foundation all rights reserved.
-This program is released under the terms of the GNU General Public License,
version 3 or later.
-.SH "BUGS"
-Please send bug reports to: address@hidden
-.SH "NOTES"
-This manual page was \fIAutoGen\fP-erated from the \fBgnutls-serv\fP
-option definitions.
diff --git a/doc/manpages/psktool.1 b/doc/manpages/psktool.1
deleted file mode 100644
index e976db6..0000000
--- a/doc/manpages/psktool.1
+++ /dev/null
@@ -1,95 +0,0 @@
-.TH psktool 1 "21 Jan 2012" "3.0.12" "User Commands"
-.\"
-.\" DO NOT EDIT THIS FILE (psk-args.man)
-.\"
-.\" It has been AutoGen-ed January 21, 2012 at 02:00:25 AM by AutoGen 5.12
-.\" From the definitions ../../src/psk-args.def
-.\" and the template file agman-cmd.tpl
-.\"
-.SH NAME
-psktool \- GnuTLS PSK tool
-.SH SYNOPSIS
-.B psktool
-.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=|
]\fIvalue\fP]]..."
-.PP
-Operands and options may be intermixed. They will be reordered.
-.SH "DESCRIPTION"
-Program that generates random keys for use with TLS-PSK. The
-keys are stored in hexadecimal format in a key file.
-.SH "OPTIONS"
-.TP
-.BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP
-Enable debugging..
-This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
-.in +4
-.nf
-.na
-in the range 0 through 9999
-.fi
-.in -4
-.sp
-Specifies the debug level.
-.TP
-.BR \-s " \fInumber\fP, " \-\-keysize "=" \fInumber\fP
-specify the key size in bytes.
-This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
-.in +4
-.nf
-.na
-in the range 0 through 512
-.fi
-.in -4
-.sp
-.TP
-.BR \-u " \fIstring\fP, " \-\-username "=" \fIstring\fP
-specify a username.
-.sp
-.TP
-.BR \-p " \fIstring\fP, " \-\-passwd "=" \fIstring\fP
-specify a password file..
-.sp
-.TP
-.BR \-? , " \-\-help"
-Display usage information and exit.
-.TP
-.BR \-! , " \-\-more-help"
-Pass the extended usage information through a pager.
-.TP
-.BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
-Output version of program and exit. The default mode is `v', a simple
-version. The `c' mode will print copyright information and `n' will
-print the full copyright notice.
-.SH EXAMPLES
-To add a user 'test' in \fIpasswd.psk\fP for use with GnuTLS run:
-.br
-.in +4
-.nf
-$ psktool \-\-passwd /etc/passwd.psk \-u test
-.in -4
-.fi
-.sp
-This command will create \fI/etc/passwd.psk\fP if it does not exist
-and will add user 'test' (you will also be prompted for a password).
-.SH "EXIT STATUS"
-One of the following exit values will be returned:
-.TP
-.BR 0
-Successful program execution.
-.TP
-.BR 1
-The operation failed or the command syntax was not valid.
-.SH "SEE ALSO"
- gnutls-cli-debug (1), gnutls-serv (1), srptool (1), certtool (1)
-.SH "AUTHORS"
-Nikos Mavrogiannopoulos and Simon Josefsson
-.SH "COPYRIGHT"
-Copyright (C) 2000-2012 Free Software Foundation all rights reserved.
-This program is released under the terms of the GNU General Public License,
version 3 or later.
-.SH "BUGS"
-Please send bug reports to: address@hidden
-.SH "NOTES"
-This manual page was \fIAutoGen\fP-erated from the \fBpsktool\fP
-option definitions.
diff --git a/doc/manpages/srptool.1 b/doc/manpages/srptool.1
deleted file mode 100644
index 12f2154..0000000
--- a/doc/manpages/srptool.1
+++ /dev/null
@@ -1,130 +0,0 @@
-.TH srptool 1 "21 Jan 2012" "3.0.12" "User Commands"
-.\"
-.\" DO NOT EDIT THIS FILE (srptool-args.man)
-.\"
-.\" It has been AutoGen-ed January 21, 2012 at 02:00:25 AM by AutoGen 5.12
-.\" From the definitions ../../src/srptool-args.def
-.\" and the template file agman-cmd.tpl
-.\"
-.SH NAME
-srptool \- GnuTLS SRP tool
-.SH SYNOPSIS
-.B srptool
-.\" Mixture of short (flag) options and long options
-.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=|
]\fIvalue\fP]]..."
-.PP
-Operands and options may be intermixed. They will be reordered.
-.SH "DESCRIPTION"
-Simple program that emulates the programs in the Stanford SRP (Secure
-Remote Password) libraries using GnuTLS. It is intended for use in places
-where you don't expect SRP authentication to be the used for system users.
-In brief, to use SRP you need to create two files. These are the password
-file that holds the users and the verifiers associated with them and the
-configuration file to hold the group parameters (called tpasswd.conf).
-.SH "OPTIONS"
-.TP
-.BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP
-Enable debugging..
-This option takes an integer number as its argument.
-The value of \fInumber\fP is constrained to being:
-.in +4
-.nf
-.na
-in the range 0 through 9999
-.fi
-.in -4
-.sp
-Specifies the debug level.
-.TP
-.BR \-i ", " -\-index
-specify the index of the group parameters in tpasswd.conf to use..
-.sp
-.TP
-.BR \-u " \fIstring\fP, " \-\-username "=" \fIstring\fP
-specify a username.
-.sp
-.TP
-.BR \-p " \fIstring\fP, " \-\-passwd "=" \fIstring\fP
-specify a password file..
-.sp
-.TP
-.BR \-s " \fInumber\fP, " \-\-salt "=" \fInumber\fP
-specify salt size for crypt algorithm..
-This option takes an integer number as its argument.
-.sp
-.TP
-.BR \-\-verify
-just verify the password..
-.sp
-Verifies the password provided against the password file.
-.TP
-.BR \-v " \fIfile\fP, " \-\-passwd\-conf "=" \fIfile\fP
-specify a password conf file..
-.sp
-Specify a filename or a PKCS #11 URL to read the CAs from.
-.TP
-.BR \-\-create\-conf "=\fIfile\fP"
-Generate a password configuration file..
-.sp
-This generates a password configuration file (tpasswd.conf)
-containing the required for TLS parameters.
-.TP
-.BR \-? , " \-\-help"
-Display usage information and exit.
-.TP
-.BR \-! , " \-\-more-help"
-Pass the extended usage information through a pager.
-.TP
-.BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
-Output version of program and exit. The default mode is `v', a simple
-version. The `c' mode will print copyright information and `n' will
-print the full copyright notice.
-.SH EXAMPLES
-To create \fItpasswd.conf\fP which holds the g and n values for SRP protocol
-(generator and a large prime), run:
-.br
-.in +4
-.nf
-$ srptool \-\-create\-conf /etc/tpasswd.conf
-.in -4
-.fi
-.sp
-This command will create \fI/etc/tpasswd\fP and will add user 'test' (you
-will also be prompted for a password). Verifiers are stored by default
-in the way libsrp expects.
-.br
-.in +4
-.nf
-srptool \-\-passwd /etc/tpasswd \-\-passwd\-conf /etc/tpasswd.conf \-u test
-.in -4
-.fi
-.sp
-.sp
-This command will check against a password. If the password matches
-the one in \fI/etc/tpasswd\fP you will get an ok.
-.br
-.in +4
-.nf
-$ srptool \-\-passwd /etc/tpasswd \-\-passwd\-conf /etc/tpasswd.conf
\-\-verify \-u test
-.in -4
-.fi
-.SH "EXIT STATUS"
-One of the following exit values will be returned:
-.TP
-.BR 0
-Successful program execution.
-.TP
-.BR 1
-The operation failed or the command syntax was not valid.
-.SH "SEE ALSO"
- gnutls-cli-debug (1), gnutls-serv (1), srptool (1), psktool (1), certtool
(1)
-.SH "AUTHORS"
-Nikos Mavrogiannopoulos and Simon Josefsson
-.SH "COPYRIGHT"
-Copyright (C) 2000-2012 Free Software Foundation all rights reserved.
-This program is released under the terms of the GNU General Public License,
version 3 or later.
-.SH "BUGS"
-Please send bug reports to: address@hidden
-.SH "NOTES"
-This manual page was \fIAutoGen\fP-erated from the \fBsrptool\fP
-option definitions.
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index d228cc3..31bbe35 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -158,6 +158,8 @@ static const gnutls_error_entry error_algorithms[] = {
ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
+ ERROR_ENTRY (N_("Unsupported extension in X.509 certificate."),
+ GNUTLS_E_X509_UNSUPPORTED_EXTENSION, 1),
ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
GNUTLS_E_KEY_USAGE_VIOLATION, 1),
ERROR_ENTRY (N_("Resource temporarily unavailable, try again."),
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index e1eaeb2..c989eec 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1813,6 +1813,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
#define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
#define GNUTLS_E_ILLEGAL_PARAMETER -325
#define GNUTLS_E_NO_PRIORITIES_WERE_SET -326
+#define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327
#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index c001142..7fa0ced 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -155,6 +155,10 @@ extern "C"
int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
void *ret, size_t * ret_size,
unsigned int *critical);
+ int gnutls_x509_crt_get_authority_key_gn_serial (gnutls_x509_crt_t cert,
unsigned int seq,
+ void *alt, size_t * alt_size, unsigned int
*alt_type,
+ void* serial, size_t *serial_size,
+ unsigned int *critical);
int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,
void *ret, size_t * ret_size,
@@ -499,6 +503,10 @@ extern "C"
int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret,
size_t * ret_size,
unsigned int *critical);
+ int gnutls_x509_crl_get_authority_key_gn_serial (gnutls_x509_crl_t crl,
unsigned int seq, void *alt,
+ size_t * alt_size, unsigned int *alt_type,
+ void* serial, size_t *serial_size,
+ unsigned int *critical);
int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
size_t * ret_size, unsigned int *critical);
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index 3b744a9..9045c45 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -702,50 +702,26 @@ _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest,
gnutls_x509_crl_t src)
}
-/**
- * gnutls_x509_crl_get_authority_key_id:
- * @crl: should contain a #gnutls_x509_crl_t structure
- * @ret: The place where the identifier will be copied
- * @ret_size: Holds the size of the result field.
- * @critical: will be non (0) if the extension is marked as critical
- * (may be null)
- *
- * This function will return the CRL authority's key identifier. This
- * is obtained by the X.509 Authority Key identifier extension field
- * (2.5.29.35). Note that this function only returns the
- * keyIdentifier field of the extension.
- *
- * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
- * negative error code in case of an error.
- *
- * Since: 2.8.0
- **/
-int
-gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret,
- size_t * ret_size,
- unsigned int *critical)
+static int
+_get_authority_key_id (gnutls_x509_crl_t cert, ASN1_TYPE *c2,
+ unsigned int *critical)
{
- int result, len;
+ int ret;
gnutls_datum_t id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ *c2 = ASN1_TYPE_EMPTY;
- if (crl == NULL)
+ if (cert == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
-
- if (ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
-
- if ((result =
- _gnutls_x509_crl_get_extension (crl, "2.5.29.35", 0, &id,
+ if ((ret =
+ _gnutls_x509_crl_get_extension (cert, "2.5.29.35", 0, &id,
critical)) < 0)
{
- return result;
+ return gnutls_assert_val(ret);
}
if (id.size == 0 || id.data == NULL)
@@ -754,36 +730,137 @@ gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t
crl, void *ret,
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", &c2);
- if (result != ASN1_SUCCESS)
+ ret = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", c2);
+ if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
_gnutls_free_datum (&id);
- return _gnutls_asn2err (result);
+ return _gnutls_asn2err (ret);
}
- result = asn1_der_decoding (&c2, id.data, id.size, NULL);
+ ret = asn1_der_decoding (c2, id.data, id.size, NULL);
_gnutls_free_datum (&id);
- if (result != ASN1_SUCCESS)
+ if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
+ asn1_delete_structure (c2);
+ return _gnutls_asn2err (ret);
}
- len = *ret_size;
- result = asn1_read_value (c2, "keyIdentifier", ret, &len);
+ return 0;
+}
- *ret_size = len;
- asn1_delete_structure (&c2);
+/**
+ * gnutls_x509_crl_get_authority_key_gn_serial:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1
for the second etc.)
+ * @alt: is the place where the alternative name will be copied to
+ * @alt_size: holds the size of alt.
+ * @alt_type: holds the type of the alternative name (one of
gnutls_x509_subject_alt_name_t).
+ * @serial: buffer to store the serial number (may be null)
+ * @serial_size: Holds the size of the serial field (may be null)
+ * @critical: will be non (0) if the extension is marked as critical (may be
null)
+ *
+ * This function will return the X.509 authority key
+ * identifier when stored as a general name (authorityCertIssuer)
+ * and serial number.
+ *
+ * Because more than one general names might be stored
+ * @seq can be used as a counter to request them all until
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ *
+ * Returns: Returns 0 on success, or an error code.
+ **/
+int
+gnutls_x509_crl_get_authority_key_gn_serial (gnutls_x509_crl_t crl, unsigned
int seq, void *alt,
+ size_t * alt_size, unsigned int *alt_type,
+ void* serial, size_t *serial_size,
+ unsigned int *critical)
+{
+int ret, result, len;
+ASN1_TYPE c2;
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
+ ret = _get_authority_key_id(crl, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_parse_general_name (c2, "authorityCertIssuer", seq, alt, alt_size,
alt_type,
+ 0);
+ if (ret < 0)
{
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ ret = gnutls_assert_val(ret);
+ goto fail;
}
+ if (serial)
+ {
+ len = *serial_size;
+ result = asn1_read_value (c2, "authorityCertSerialNumber", serial, &len);
+
+ *serial_size = len;
+
+ if (result < 0)
+ {
+ ret = _gnutls_asn2err(result);
+ goto fail;
+ }
+
+ }
+
+ ret = 0;
+
+fail:
+ asn1_delete_structure (&c2);
+
+ return ret;
+}
+
+
+/**
+ * gnutls_x509_crl_get_authority_key_id:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ * @id: The place where the identifier will be copied
+ * @id_size: Holds the size of the result field.
+ * @critical: will be non (0) if the extension is marked as critical
+ * (may be null)
+ *
+ * This function will return the CRL authority's key identifier. This
+ * is obtained by the X.509 Authority Key identifier extension field
+ * (2.5.29.35). Note that this function
+ * only returns the keyIdentifier field of the extension and
+ * %GNUTLS_E_X509_UNSUPPORTED_EXTENSION, if the extension contains
+ * the name and serial number of the certificate. In that case
+ * gnutls_x509_crl_get_authority_key_gn_serial() may be used.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error code in case of an error.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *id,
+ size_t * id_size,
+ unsigned int *critical)
+{
+ int result, len, ret;
+ ASN1_TYPE c2;
+
+ ret = _get_authority_key_id(crl, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ len = *id_size;
+ result = asn1_read_value (c2, "keyIdentifier", id, &len);
+
+ *id_size = len;
+ asn1_delete_structure (&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
+ return gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION);
+
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 98d3ea8..12d7ea4 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -81,6 +81,54 @@ ip_to_string (void *_ip, int ip_size, char *string, int
string_size)
return string;
}
+static void add_altname(gnutls_buffer_st * str, const char* prefix, unsigned
int alt_type,
+ char* name, size_t name_size)
+{
+char str_ip[64];
+char *p;
+
+ if ((alt_type == GNUTLS_SAN_DNSNAME
+ || alt_type == GNUTLS_SAN_RFC822NAME
+ || alt_type == GNUTLS_SAN_URI) && strlen (name) != name_size)
+ {
+ adds (str, _("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen (name) < name_size)
+ name[strlen (name)] = '!';
+ }
+
+ switch (alt_type)
+ {
+ case GNUTLS_SAN_DNSNAME:
+ addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) name_size, name);
+ break;
+
+ case GNUTLS_SAN_RFC822NAME:
+ addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) name_size,
+ name);
+ break;
+
+ case GNUTLS_SAN_URI:
+ addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) name_size, name);
+ break;
+
+ case GNUTLS_SAN_IPADDRESS:
+ p = ip_to_string (name, name_size, str_ip, sizeof (str_ip));
+ if (p == NULL)
+ p = ERROR_STR;
+ addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
+ break;
+
+ case GNUTLS_SAN_DN:
+ addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
+ (int) name_size, name);
+ break;
+ default:
+ addf (str, "error: unknown altname\n");
+ break;
+ }
+}
+
static void
print_proxy (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
@@ -228,6 +276,67 @@ typedef union
} cert_type_t;
static void
+print_aki_gn_serial (gnutls_buffer_st * str, int type, cert_type_t cert)
+{
+ char *buffer = NULL;
+ char serial[128];
+ size_t size = 0, serial_size = sizeof(serial);
+ unsigned int alt_type;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_gn_serial(cert.crt, 0, NULL, &size,
+ &alt_type, serial,
&serial_size, NULL);
+ else if (type == TYPE_CRL)
+ err =
+ gnutls_x509_crl_get_authority_key_gn_serial(cert.crl, 0, NULL, &size,
+ &alt_type, serial,
&serial_size, NULL);
+ else
+ {
+ gnutls_assert ();
+ return;
+ }
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ addf (str, "error: get_authority_key_gn_serial: %s\n", gnutls_strerror
(err));
+ return;
+ }
+
+ buffer = gnutls_malloc (size);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_gn_serial(cert.crt, 0, buffer, &size,
+ &alt_type, serial,
&serial_size, NULL);
+ else
+ err =
+ gnutls_x509_crl_get_authority_key_gn_serial(cert.crl, 0, buffer, &size,
+ &alt_type, serial,
&serial_size, NULL);
+
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_authority_key_gn_serial2: %s\n", gnutls_strerror
(err));
+ return;
+ }
+
+ add_altname(str, "", alt_type, buffer, size);
+ adds (str, "\t\t\tserial: ");
+ _gnutls_buffer_hexprint (str, serial, serial_size);
+ adds (str, "\n");
+
+ gnutls_free (buffer);
+}
+
+static void
print_aki (gnutls_buffer_st * str, int type, cert_type_t cert)
{
char *buffer = NULL;
@@ -245,6 +354,13 @@ print_aki (gnutls_buffer_st * str, int type, cert_type_t
cert)
gnutls_assert ();
return;
}
+
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ /* Check if an alternative name is there */
+ print_aki_gn_serial(str, type, cert);
+ return;
+ }
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
{
@@ -519,12 +635,10 @@ print_basic (gnutls_buffer_st * str, const char *prefix,
int type,
static void
-print_altname (gnutls_buffer_st * str, const char *prefix, int altname_type,
+print_altname (gnutls_buffer_st * str, const char *prefix, unsigned int
altname_type,
cert_type_t cert)
{
unsigned int altname_idx;
- char str_ip[64];
- char *p;
for (altname_idx = 0;; altname_idx++)
{
@@ -584,45 +698,9 @@ print_altname (gnutls_buffer_st * str, const char *prefix,
int altname_type,
return;
}
- if ((err == GNUTLS_SAN_DNSNAME
- || err == GNUTLS_SAN_RFC822NAME
- || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
- {
- adds (str, _("warning: altname contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (buffer) < size)
- buffer[strlen (buffer)] = '!';
- }
- switch (err)
+ if (err == GNUTLS_SAN_OTHERNAME)
{
- case GNUTLS_SAN_DNSNAME:
- addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) size, buffer);
- break;
-
- case GNUTLS_SAN_RFC822NAME:
- addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) size,
- buffer);
- break;
-
- case GNUTLS_SAN_URI:
- addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) size, buffer);
- break;
-
- case GNUTLS_SAN_IPADDRESS:
- p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
- if (p == NULL)
- p = ERROR_STR;
- addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
- break;
-
- case GNUTLS_SAN_DN:
- addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
- (int) size, buffer);
- break;
-
- case GNUTLS_SAN_OTHERNAME:
- {
char *oid = NULL;
size_t oidsize;
@@ -699,12 +777,8 @@ print_altname (gnutls_buffer_st * str, const char *prefix,
int altname_type,
}
gnutls_free (oid);
}
- break;
-
- default:
- addf (str, "error: unknown altname\n");
- break;
- }
+ else
+ add_altname(str, prefix, err, buffer, size);
gnutls_free (buffer);
}
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 5fd2476..7c9da66 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -746,29 +746,14 @@ gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t
cert, void *ret,
return 0;
}
-/**
- * gnutls_x509_crt_get_authority_key_id:
- * @cert: should contain a #gnutls_x509_crt_t structure
- * @ret: The place where the identifier will be copied
- * @ret_size: Holds the size of the result field.
- * @critical: will be non (0) if the extension is marked as critical (may be
null)
- *
- * This function will return the X.509v3 certificate authority's key
- * identifier. This is obtained by the X.509 Authority Key
- * identifier extension field (2.5.29.35). Note that this function
- * only returns the keyIdentifier field of the extension.
- *
- * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
- * negative error value.
- **/
-int
-gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret,
- size_t * ret_size,
- unsigned int *critical)
+static int
+_get_authority_key_id (gnutls_x509_crt_t cert, ASN1_TYPE *c2,
+ unsigned int *critical)
{
- int result, len;
+ int ret;
gnutls_datum_t id;
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ *c2 = ASN1_TYPE_EMPTY;
if (cert == NULL)
{
@@ -776,17 +761,11 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t
cert, void *ret,
return GNUTLS_E_INVALID_REQUEST;
}
-
- if (ret)
- memset (ret, 0, *ret_size);
- else
- *ret_size = 0;
-
- if ((result =
+ if ((ret =
_gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id,
critical)) < 0)
{
- return result;
+ return gnutls_assert_val(ret);
}
if (id.size == 0 || id.data == NULL)
@@ -795,35 +774,132 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t
cert, void *ret,
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", &c2);
- if (result != ASN1_SUCCESS)
+ ret = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", c2);
+ if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
_gnutls_free_datum (&id);
- return _gnutls_asn2err (result);
+ return _gnutls_asn2err (ret);
}
- result = asn1_der_decoding (&c2, id.data, id.size, NULL);
+ ret = asn1_der_decoding (c2, id.data, id.size, NULL);
_gnutls_free_datum (&id);
- if (result != ASN1_SUCCESS)
+ if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
+ asn1_delete_structure (c2);
+ return _gnutls_asn2err (ret);
}
- len = *ret_size;
- result = asn1_read_value (c2, "keyIdentifier", ret, &len);
+ return 0;
+}
- *ret_size = len;
- asn1_delete_structure (&c2);
+/**
+ * gnutls_x509_crt_get_authority_key_gn_serial:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1
for the second etc.)
+ * @alt: is the place where the alternative name will be copied to
+ * @alt_size: holds the size of alt.
+ * @alt_type: holds the type of the alternative name (one of
gnutls_x509_subject_alt_name_t).
+ * @serial: buffer to store the serial number (may be null)
+ * @serial_size: Holds the size of the serial field (may be null)
+ * @critical: will be non (0) if the extension is marked as critical (may be
null)
+ *
+ * This function will return the X.509 authority key
+ * identifier when stored as a general name (authorityCertIssuer)
+ * and serial number.
+ *
+ * Because more than one general names might be stored
+ * @seq can be used as a counter to request them all until
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ *
+ * Returns: Returns 0 on success, or an error code.
+ **/
+int
+gnutls_x509_crt_get_authority_key_gn_serial (gnutls_x509_crt_t cert, unsigned
int seq, void *alt,
+ size_t * alt_size, unsigned int *alt_type,
+ void* serial, size_t *serial_size,
+ unsigned int *critical)
+{
+int ret, result, len;
+ASN1_TYPE c2;
- if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
+ ret = _get_authority_key_id(cert, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret =
+ _gnutls_parse_general_name (c2, "authorityCertIssuer", seq, alt, alt_size,
alt_type,
+ 0);
+ if (ret < 0)
{
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ ret = gnutls_assert_val(ret);
+ goto fail;
+ }
+
+ if (serial)
+ {
+ len = *serial_size;
+ result = asn1_read_value (c2, "authorityCertSerialNumber", serial, &len);
+
+ *serial_size = len;
+
+ if (result < 0)
+ {
+ ret = _gnutls_asn2err(result);
+ goto fail;
+ }
+
}
+
+ ret = 0;
+
+fail:
+ asn1_delete_structure (&c2);
+
+ return ret;
+}
+
+/**
+ * gnutls_x509_crt_get_authority_key_id:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @id: The place where the identifier will be copied
+ * @id_size: Holds the size of the id field.
+ * @critical: will be non (0) if the extension is marked as critical (may be
null)
+ *
+ * This function will return the X.509v3 certificate authority's key
+ * identifier. This is obtained by the X.509 Authority Key
+ * identifier extension field (2.5.29.35). Note that this function
+ * only returns the keyIdentifier field of the extension and
+ * %GNUTLS_E_X509_UNSUPPORTED_EXTENSION, if the extension contains
+ * the name and serial number of the certificate. In that case
+ * gnutls_x509_crt_get_authority_key_gn_serial() may be used.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *id,
+ size_t * id_size,
+ unsigned int *critical)
+{
+ int ret, result, len;
+ ASN1_TYPE c2;
+
+ ret = _get_authority_key_id(cert, &c2, critical);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ len = *id_size;
+ result = asn1_read_value (c2, "keyIdentifier", id, &len);
+
+ *id_size = len;
+ asn1_delete_structure (&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
+ return gnutls_assert_val(GNUTLS_E_X509_UNSUPPORTED_EXTENSION);
if (result != ASN1_SUCCESS)
{
@@ -1083,14 +1159,13 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char
*src_name,
static int
get_alt_name (gnutls_x509_crt_t cert, const char *extension_id,
- unsigned int seq, void *ret,
- size_t * ret_size, unsigned int *ret_type,
+ unsigned int seq, void *alt,
+ size_t * alt_size, unsigned int *alt_type,
unsigned int *critical, int othername_oid)
{
int result;
gnutls_datum_t dnsname;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- gnutls_x509_subject_alt_name_t type;
if (cert == NULL)
{
@@ -1098,10 +1173,10 @@ get_alt_name (gnutls_x509_crt_t cert, const char
*extension_id,
return GNUTLS_E_INVALID_REQUEST;
}
- if (ret)
- memset (ret, 0, *ret_size);
+ if (alt)
+ memset (alt, 0, *alt_size);
else
- *ret_size = 0;
+ *alt_size = 0;
if ((result =
_gnutls_x509_crt_get_extension (cert, extension_id, 0, &dnsname,
@@ -1146,7 +1221,7 @@ get_alt_name (gnutls_x509_crt_t cert, const char
*extension_id,
}
result =
- _gnutls_parse_general_name (c2, "", seq, ret, ret_size, ret_type,
+ _gnutls_parse_general_name (c2, "", seq, alt, alt_size, alt_type,
othername_oid);
asn1_delete_structure (&c2);
@@ -1157,17 +1232,15 @@ get_alt_name (gnutls_x509_crt_t cert, const char
*extension_id,
return result;
}
- type = result;
-
- return type;
+ return result;
}
/**
* gnutls_x509_crt_get_subject_alt_name:
* @cert: should contain a #gnutls_x509_crt_t structure
* @seq: specifies the sequence number of the alt name (0 for the first one, 1
for the second etc.)
- * @ret: is the place where the alternative name will be copied to
- * @ret_size: holds the size of ret.
+ * @san: is the place where the alternative name will be copied to
+ * @san_size: holds the size of san.
* @critical: will be non (0) if the extension is marked as critical (may be
null)
*
* This function retrieves the Alternative Name (2.5.29.17), contained
@@ -1186,19 +1259,19 @@ get_alt_name (gnutls_x509_crt_t cert, const char
*extension_id,
*
* Returns: the alternative subject name type on success, one of the
* enumerated #gnutls_x509_subject_alt_name_t. It will return
- * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough to
- * hold the value. In that case @ret_size will be updated with the
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER if @san_size is not large enough to
+ * hold the value. In that case @san_size will be updated with the
* required size. If the certificate does not have an Alternative
* name with the specified sequence number then
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
**/
int
gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
+ unsigned int seq, void *san,
+ size_t * san_size,
unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, NULL, critical,
+ return get_alt_name (cert, "2.5.29.17", seq, san, san_size, NULL, critical,
0);
}
@@ -1206,8 +1279,8 @@ gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t
cert,
* gnutls_x509_crt_get_issuer_alt_name:
* @cert: should contain a #gnutls_x509_crt_t structure
* @seq: specifies the sequence number of the alt name (0 for the first one, 1
for the second etc.)
- * @ret: is the place where the alternative name will be copied to
- * @ret_size: holds the size of ret.
+ * @ian: is the place where the alternative name will be copied to
+ * @ian_size: holds the size of ian.
* @critical: will be non (0) if the extension is marked as critical (may be
null)
*
* This function retrieves the Issuer Alternative Name (2.5.29.18),
@@ -1227,8 +1300,8 @@ gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t
cert,
*
* Returns: the alternative issuer name type on success, one of the
* enumerated #gnutls_x509_subject_alt_name_t. It will return
- * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough
- * to hold the value. In that case @ret_size will be updated with
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ian_size is not large enough
+ * to hold the value. In that case @ian_size will be updated with
* the required size. If the certificate does not have an
* Alternative name with the specified sequence number then
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
@@ -1237,11 +1310,11 @@ gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t
cert,
**/
int
gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
+ unsigned int seq, void *ian,
+ size_t * ian_size,
unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, NULL, critical,
+ return get_alt_name (cert, "2.5.29.18", seq, ian, ian_size, NULL, critical,
0);
}
@@ -1249,34 +1322,34 @@ gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t
cert,
* gnutls_x509_crt_get_subject_alt_name2:
* @cert: should contain a #gnutls_x509_crt_t structure
* @seq: specifies the sequence number of the alt name (0 for the first one, 1
for the second etc.)
- * @ret: is the place where the alternative name will be copied to
- * @ret_size: holds the size of ret.
- * @ret_type: holds the type of the alternative name (one of
gnutls_x509_subject_alt_name_t).
+ * @san: is the place where the alternative name will be copied to
+ * @san_size: holds the size of ret.
+ * @san_type: holds the type of the alternative name (one of
gnutls_x509_subject_alt_name_t).
* @critical: will be non (0) if the extension is marked as critical (may be
null)
*
* This function will return the alternative names, contained in the
* given certificate. It is the same as
* gnutls_x509_crt_get_subject_alt_name() except for the fact that it
- * will return the type of the alternative name in @ret_type even if
+ * will return the type of the alternative name in @san_type even if
* the function fails for some reason (i.e. the buffer provided is
* not enough).
*
* Returns: the alternative subject name type on success, one of the
* enumerated #gnutls_x509_subject_alt_name_t. It will return
- * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough
- * to hold the value. In that case @ret_size will be updated with
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER if @san_size is not large enough
+ * to hold the value. In that case @san_size will be updated with
* the required size. If the certificate does not have an
* Alternative name with the specified sequence number then
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
**/
int
gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
+ unsigned int seq, void *san,
+ size_t * san_size,
+ unsigned int *san_type,
unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, ret_type,
+ return get_alt_name (cert, "2.5.29.17", seq, san, san_size, san_type,
critical, 0);
}
@@ -1284,22 +1357,22 @@ gnutls_x509_crt_get_subject_alt_name2
(gnutls_x509_crt_t cert,
* gnutls_x509_crt_get_issuer_alt_name2:
* @cert: should contain a #gnutls_x509_crt_t structure
* @seq: specifies the sequence number of the alt name (0 for the first one, 1
for the second etc.)
- * @ret: is the place where the alternative name will be copied to
- * @ret_size: holds the size of ret.
- * @ret_type: holds the type of the alternative name (one of
gnutls_x509_subject_alt_name_t).
+ * @ian: is the place where the alternative name will be copied to
+ * @ian_size: holds the size of ret.
+ * @ian_type: holds the type of the alternative name (one of
gnutls_x509_subject_alt_name_t).
* @critical: will be non (0) if the extension is marked as critical (may be
null)
*
* This function will return the alternative names, contained in the
* given certificate. It is the same as
* gnutls_x509_crt_get_issuer_alt_name() except for the fact that it
- * will return the type of the alternative name in @ret_type even if
+ * will return the type of the alternative name in @ian_type even if
* the function fails for some reason (i.e. the buffer provided is
* not enough).
*
* Returns: the alternative issuer name type on success, one of the
* enumerated #gnutls_x509_subject_alt_name_t. It will return
- * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough
- * to hold the value. In that case @ret_size will be updated with
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ian_size is not large enough
+ * to hold the value. In that case @ian_size will be updated with
* the required size. If the certificate does not have an
* Alternative name with the specified sequence number then
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
@@ -1309,12 +1382,12 @@ gnutls_x509_crt_get_subject_alt_name2
(gnutls_x509_crt_t cert,
**/
int
gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
- unsigned int seq, void *ret,
- size_t * ret_size,
- unsigned int *ret_type,
+ unsigned int seq, void *ian,
+ size_t * ian_size,
+ unsigned int *ian_type,
unsigned int *critical)
{
- return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, ret_type,
+ return get_alt_name (cert, "2.5.29.18", seq, ian, ian_size, ian_type,
critical, 0);
}
@@ -1342,8 +1415,8 @@ gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t
cert,
* will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
* e.g. %GNUTLS_SAN_OTHERNAME_XMPP, and %GNUTLS_SAN_OTHERNAME for
* unknown OIDs. It will return %GNUTLS_E_SHORT_MEMORY_BUFFER if
- * @ret_size is not large enough to hold the value. In that case
- * @ret_size will be updated with the required size. If the
+ * @ian_size is not large enough to hold the value. In that case
+ * @ian_size will be updated with the required size. If the
* certificate does not have an Alternative name with the specified
* sequence number and with the otherName type then
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
@@ -3344,19 +3417,21 @@ _gnutls_parse_aia (ASN1_TYPE src,
if (oid == NULL)
oid = GNUTLS_OID_AD_OCSP;
{
- char *tmpoid[20];
+ char tmpoid[20];
snprintf (nptr, sizeof (nptr), "?%u.accessMethod", seq);
len = sizeof (tmpoid);
result = asn1_read_value (src, nptr, tmpoid, &len);
+
if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
if ((unsigned)len != strlen (oid) + 1 || memcmp (tmpoid, oid, len) != 0)
- return GNUTLS_E_UNKNOWN_ALGORITHM;
+ return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
}
/* fall through */
@@ -3366,26 +3441,26 @@ _gnutls_parse_aia (ASN1_TYPE src,
break;
default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
len = 0;
result = asn1_read_value (src, nptr, NULL, &len);
if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
+
if (result != ASN1_MEM_ERROR)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
+
d.size = len;
+
d.data = gnutls_malloc (d.size);
if (d.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
result = asn1_read_value (src, nptr, d.data, &len);
if (result != ASN1_SUCCESS)
{
@@ -3402,7 +3477,7 @@ _gnutls_parse_aia (ASN1_TYPE src,
else
gnutls_free (d.data);
- return GNUTLS_E_SUCCESS;
+ return 0;
}
/**
@@ -3524,6 +3599,7 @@ gnutls_x509_crt_get_authority_info_access
(gnutls_x509_crt_t crt,
}
ret = _gnutls_parse_aia (c2, seq, what, data);
+
asn1_delete_structure (&c2);
if (ret < 0)
gnutls_assert ();
diff --git a/src/cli-args.c b/src/cli-args.c
index ade11ab..ad9d162 100644
--- a/src/cli-args.c
+++ b/src/cli-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (cli-args.c)
*
- * It has been AutoGen-ed January 21, 2012 at 02:15:53 AM by AutoGen 5.12
+ * It has been AutoGen-ed January 21, 2012 at 11:30:16 AM by AutoGen 5.12
* From the definitions cli-args.def
* and the template file options
*
diff --git a/src/cli-args.h b/src/cli-args.h
index 49cf445..1540c63 100644
--- a/src/cli-args.h
+++ b/src/cli-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (cli-args.h)
*
- * It has been AutoGen-ed January 21, 2012 at 02:15:53 AM by AutoGen 5.12
+ * It has been AutoGen-ed January 21, 2012 at 11:30:16 AM by AutoGen 5.12
* From the definitions cli-args.def
* and the template file options
*
diff --git a/src/srptool-args.c b/src/cli-debug-args.c
similarity index 60%
copy from src/srptool-args.c
copy to src/cli-debug-args.c
index 2fc0990..3d0568b 100644
--- a/src/srptool-args.c
+++ b/src/cli-debug-args.c
@@ -1,16 +1,16 @@
/* -*- buffer-read-only: t -*- vi: set ro:
*
- * DO NOT EDIT THIS FILE (srptool-args.c)
+ * DO NOT EDIT THIS FILE (cli-debug-args.c)
*
- * It has been AutoGen-ed January 21, 2012 at 02:15:51 AM by AutoGen 5.12
- * From the definitions srptool-args.def
+ * It has been AutoGen-ed January 21, 2012 at 11:30:18 AM by AutoGen 5.12
+ * From the definitions cli-debug-args.def
* and the template file options
*
* Generated from AutoOpts 35:0:10 templates.
*
* AutoOpts is a copyrighted work. This source file is not encumbered
* by AutoOpts licensing, but is provided under the licensing terms chosen
- * by the srptool author or copyright holder. AutoOpts is
+ * by the gnutls-cli-debug author or copyright holder. AutoOpts is
* licensed under the terms of the LGPL. The redistributable library
* (``libopts'') is licensed under the terms of either the LGPL or, at the
* users discretion, the BSD license. See the AutoOpts and/or libopts sources
@@ -24,12 +24,12 @@
* GNU General Public License, version 3 or later
* <http://gnu.org/licenses/gpl.html>
*
-PFX>srptool is free software: you can redistribute it and/or modify it
+PFX>gnutls-cli-debug is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
- * srptool is distributed in the hope that it will be useful, but
+ * gnutls-cli-debug is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
@@ -45,7 +45,7 @@ PFX>srptool is free software: you can redistribute it and/or
modify it
#include <stdlib.h>
#include <errno.h>
#define OPTION_CODE_COMPILE 1
-#include "srptool-args.h"
+#include "cli-debug-args.h"
#ifdef __cplusplus
extern "C" {
@@ -54,21 +54,21 @@ extern FILE * option_usage_fp;
/* TRANSLATORS: choose the translation for option names wisely because you
cannot ever change your mind. */
-static char const zCopyright[275] =
-"srptool 3.0.12\n\
+static char const zCopyright[284] =
+"gnutls-cli-debug 3.0.12\n\
Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the\n\
GNU General Public License, version 3 or later\n\
<http://gnu.org/licenses/gpl.html>\n";
-static char const zLicenseDescrip[603] =
-"srptool is free software: you can redistribute it and/or modify it under\n\
-the terms of the GNU General Public License as published by the Free\n\
-Software Foundation, either version 3 of the License, or (at your option)\n\
-any later version.\n\n\
-srptool is distributed in the hope that it will be useful, but WITHOUT\n\
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or\n\
-FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License\n\
+static char const zLicenseDescrip[621] =
+"gnutls-cli-debug is free software: you can redistribute it and/or modify\n\
+it under the terms of the GNU General Public License as published by\n\
+the Free Software Foundation, either version 3 of the License, or (at\n\
+your option) any later version.\n\n\
+gnutls-cli-debug is distributed in the hope that it will be useful, but\n\
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY\n\
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License\n\
for more details.\n\n\
You should have received a copy of the GNU General Public License along\n\
with this program. If not, see <http://www.gnu.org/licenses/>.\n";
@@ -83,81 +83,32 @@ extern tUsageProc optionUsage;
* Debug option description:
*/
static char const zDebugText[] =
- "Enable debugging.";
+ "Enable debugging";
static char const zDebug_NAME[] = "DEBUG";
static char const zDebug_Name[] = "debug";
#define DEBUG_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
- * Index option description:
+ * Verbose option description:
*/
-static char const zIndexText[] =
- "specify the index of the group parameters in tpasswd.conf to use.";
-static char const zIndex_NAME[] = "INDEX";
-static char const zIndex_Name[] = "index";
-#define INDEX_FLAGS (OPTST_DISABLED)
+static char const zVerboseText[] =
+ "More verbose output";
+static char const zVerbose_NAME[] = "VERBOSE";
+static char const zVerbose_Name[] = "verbose";
+#define VERBOSE_FLAGS (OPTST_DISABLED)
/*
- * Username option description:
+ * Port option description:
*/
-static char const zUsernameText[] =
- "specify a username";
-static char const zUsername_NAME[] = "USERNAME";
-static char const zUsername_Name[] = "username";
-#define USERNAME_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
-
-/*
- * Passwd option description:
- */
-static char const zPasswdText[] =
- "specify a password file.";
-static char const zPasswd_NAME[] = "PASSWD";
-static char const zPasswd_Name[] = "passwd";
-#define PASSWD_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
-
-/*
- * Salt option description:
- */
-static char const zSaltText[] =
- "specify salt size for crypt algorithm.";
-static char const zSalt_NAME[] = "SALT";
-static char const zSalt_Name[] = "salt";
-#define SALT_FLAGS (OPTST_DISABLED \
+static char const zPortText[] =
+ "The port to connect to";
+static char const zPort_NAME[] = "PORT";
+static char const zPort_Name[] = "port";
+#define PORT_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
- * Verify option description:
- */
-static char const zVerifyText[] =
- "just verify the password.";
-static char const zVerify_NAME[] = "VERIFY";
-static char const zVerify_Name[] = "verify";
-#define VERIFY_FLAGS (OPTST_DISABLED)
-
-/*
- * Passwd_Conf option description:
- */
-static char const zPasswd_ConfText[] =
- "specify a password conf file.";
-static char const zPasswd_Conf_NAME[] = "PASSWD_CONF";
-static char const zPasswd_Conf_Name[] = "passwd-conf";
-#define PASSWD_CONF_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
-
-/*
- * Create_Conf option description:
- */
-static char const zCreate_ConfText[] =
- "Generate a password configuration file.";
-static char const zCreate_Conf_NAME[] = "CREATE_CONF";
-static char const zCreate_Conf_Name[] = "create-conf";
-#define CREATE_CONF_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
-
-/*
* Help/More_Help/Version option descriptions:
*/
static char const zHelpText[] = "Display extended usage information
and exit";
@@ -189,11 +140,11 @@ extern tOptProc
optionStackArg, optionTimeDate, optionTimeVal,
optionUnstackArg, optionVersionStderr;
static tOptProc
- doOptDebug, doUsageOpt;
+ doOptDebug, doOptPort, doUsageOpt;
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
- * Define the Srptool Option Descriptions.
+ * Define the Gnutls_Cli_Debug Option Descriptions.
*/
static tOptDesc optDesc[OPTION_CT] = {
{ /* entry idx, value */ 0, VALUE_OPT_DEBUG,
@@ -208,88 +159,28 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zDebugText, zDebug_NAME, zDebug_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 1, VALUE_OPT_INDEX,
- /* equiv idx, value */ 1, VALUE_OPT_INDEX,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ INDEX_FLAGS, 0,
- /* last opt argumnt */ { NULL },
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ zIndexText, zIndex_NAME, zIndex_Name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 2, VALUE_OPT_USERNAME,
- /* equiv idx, value */ 2, VALUE_OPT_USERNAME,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ USERNAME_FLAGS, 0,
- /* last opt argumnt */ { NULL },
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ zUsernameText, zUsername_NAME, zUsername_Name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 3, VALUE_OPT_PASSWD,
- /* equiv idx, value */ 3, VALUE_OPT_PASSWD,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ PASSWD_FLAGS, 0,
- /* last opt argumnt */ { NULL },
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ zPasswdText, zPasswd_NAME, zPasswd_Name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 4, VALUE_OPT_SALT,
- /* equiv idx, value */ 4, VALUE_OPT_SALT,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ SALT_FLAGS, 0,
- /* last opt argumnt */ { NULL },
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ optionNumericVal,
- /* desc, NAME, name */ zSaltText, zSalt_NAME, zSalt_Name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 5, VALUE_OPT_VERIFY,
- /* equiv idx, value */ 5, VALUE_OPT_VERIFY,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ VERIFY_FLAGS, 0,
- /* last opt argumnt */ { NULL },
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ zVerifyText, zVerify_NAME, zVerify_Name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 6, VALUE_OPT_PASSWD_CONF,
- /* equiv idx, value */ 6, VALUE_OPT_PASSWD_CONF,
+ { /* entry idx, value */ 1, VALUE_OPT_VERBOSE,
+ /* equiv idx, value */ 1, VALUE_OPT_VERBOSE,
/* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ PASSWD_CONF_FLAGS, 0,
+ /* min, max, act ct */ 0, NOLIMIT, 0,
+ /* opt state flags */ VERBOSE_FLAGS, 0,
/* last opt argumnt */ { NULL },
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ zPasswd_ConfText, zPasswd_Conf_NAME,
zPasswd_Conf_Name,
+ /* desc, NAME, name */ zVerboseText, zVerbose_NAME, zVerbose_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 7, VALUE_OPT_CREATE_CONF,
- /* equiv idx, value */ 7, VALUE_OPT_CREATE_CONF,
+ { /* entry idx, value */ 2, VALUE_OPT_PORT,
+ /* equiv idx, value */ 2, VALUE_OPT_PORT,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ CREATE_CONF_FLAGS, 0,
+ /* opt state flags */ PORT_FLAGS, 0,
/* last opt argumnt */ { NULL },
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ zCreate_ConfText, zCreate_Conf_NAME,
zCreate_Conf_Name,
+ /* option proc */ doOptPort,
+ /* desc, NAME, name */ zPortText, zPort_NAME, zPort_Name,
/* disablement strs */ NULL, NULL },
{ /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
@@ -333,27 +224,22 @@ static tOptDesc optDesc[OPTION_CT] = {
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
- * Define the Srptool Option Environment
+ * Define the Gnutls_Cli_Debug Option Environment
*/
-static char const zPROGNAME[8] = "SRPTOOL";
-static char const zUsageTitle[99] =
-"srptool - GnuTLS SRP tool - Ver. 3.0.12\n\
+static char const zPROGNAME[17] = "GNUTLS_CLI_DEBUG";
+static char const zUsageTitle[112] =
+"gnutls-cli-debug - GnuTLS debug client - Ver. 3.0.12\n\
USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \n";
#define zRcName NULL
#define apzHomeList NULL
static char const zBugsAddr[19] = "address@hidden";
#define zExplain NULL
-static char const zDetail[473] = "\n\
-Simple program that emulates the programs in the Stanford SRP (Secure\n\
-Remote Password) libraries using GnuTLS. It is intended for use in\n\
-places where you don't expect SRP authentication to be the used for\n\
-system users.\n\n\
-In brief, to use SRP you need to create two files. These are the\n\
-password file that holds the users and the verifiers associated with\n\
-them and the configuration file to hold the group parameters (called\n\
-tpasswd.conf).\n";
-static char const zFullVersion[] = SRPTOOL_FULL_VERSION;
+static char const zDetail[171] = "\n\
+TLS debug client. It sets up multiple TLS connections to a server and\n\
+queries its capabilities. Can be used to check for servers with special\n\
+needs or bugs.\n";
+static char const zFullVersion[] = GNUTLS_CLI_DEBUG_FULL_VERSION;
/* extracted from optcode.tlib near line 515 */
#if defined(ENABLE_NLS)
@@ -365,19 +251,19 @@ static char const zFullVersion[] = SRPTOOL_FULL_VERSION;
#endif /* ENABLE_NLS */
-#define srptool_full_usage NULL
-static char const srptool_short_usage[] =
- "srptool [options]\n\
-srptool --help for usage instructions.\n";
+#define gnutls_cli_debug_full_usage NULL
+static char const gnutls_cli_debug_short_usage[] =
+ "Usage: gnutls-cli-debug [options] hostname\n\
+gnutls-cli --help for usage instructions.\n";
#ifndef PKGDATADIR
# define PKGDATADIR ""
#endif
#ifndef WITH_PACKAGER
-# define srptool_packager_info NULL
+# define gnutls_cli_debug_packager_info NULL
#else
-static char const srptool_packager_info[] =
+static char const gnutls_cli_debug_packager_info[] =
"Packaged by " WITH_PACKAGER
# ifdef WITH_PACKAGER_VERSION
@@ -385,12 +271,12 @@ static char const srptool_packager_info[] =
# endif
# ifdef WITH_PACKAGER_BUG_REPORTS
- "\nReport srptool bugs to " WITH_PACKAGER_BUG_REPORTS
+ "\nReport gnutls_cli_debug bugs to " WITH_PACKAGER_BUG_REPORTS
# endif
"\n";
#endif
-tOptions srptoolOptions = {
+tOptions gnutls_cli_debugOptions = {
OPTIONS_STRUCT_VERSION,
0, NULL, /* original argc + argv */
( OPTPROC_BASE
@@ -419,10 +305,10 @@ tOptions srptoolOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 11 /* full option count */, 8 /* user option count */,
- srptool_full_usage, srptool_short_usage,
+ 6 /* full option count */, 3 /* user option count */,
+ gnutls_cli_debug_full_usage, gnutls_cli_debug_short_usage,
NULL, NULL,
- PKGDATADIR, srptool_packager_info
+ PKGDATADIR, gnutls_cli_debug_packager_info
};
/*
@@ -432,7 +318,7 @@ static void
doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc)
{
(void)pOptions;
- USAGE(SRPTOOL_EXIT_SUCCESS);
+ USAGE(GNUTLS_CLI_DEBUG_EXIT_SUCCESS);
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
@@ -467,6 +353,39 @@ emit_ranges:
optionShowRange(pOptions, pOptDesc, (void *)rng, 1);
}
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+ *
+ * For the port option.
+ */
+static void
+doOptPort(tOptions* pOptions, tOptDesc* pOptDesc)
+{
+ static const struct {long const rmin, rmax;} rng[1] = {
+ { 0 , 65536 } };
+ int ix;
+
+ if (pOptions <= OPTPROC_EMIT_LIMIT)
+ goto emit_ranges;
+ optionNumericVal(pOptions, pOptDesc);
+
+ for (ix = 0; ix < 1; ix++) {
+ if (pOptDesc->optArg.argInt < rng[ix].rmin)
+ continue; /* ranges need not be ordered. */
+ if (pOptDesc->optArg.argInt == rng[ix].rmin)
+ return;
+ if (rng[ix].rmax == LONG_MIN)
+ continue;
+ if (pOptDesc->optArg.argInt <= rng[ix].rmax)
+ return;
+ }
+
+ option_usage_fp = stderr;
+
+emit_ranges:
+
+ optionShowRange(pOptions, pOptDesc, (void *)rng, 1);
+}
/* extracted from optcode.tlib near line 666 */
#if ENABLE_NLS
@@ -491,7 +410,7 @@ AO_gettext(char const* pz)
pzRes = strdup(pzRes);
if (pzRes == NULL) {
fputs(_("No memory for duping translated strings\n"), stderr);
- exit(SRPTOOL_EXIT_FAILURE);
+ exit(GNUTLS_CLI_DEBUG_EXIT_FAILURE);
}
return pzRes;
}
@@ -505,7 +424,7 @@ static void coerce_it(void** s) { *s = AO_gettext(*s);
static void
translate_option_strings(void)
{
- tOptions * const pOpt = &srptoolOptions;
+ tOptions * const pOpt = &gnutls_cli_debugOptions;
/*
* Guard against re-translation. It won't work. The strings will have
@@ -549,7 +468,7 @@ translate_option_strings(void)
coerce_it((void*)&(pOD->pz_DisablePfx));
}
/* prevent re-translation */
- srptoolOptions.fOptSet |= OPTPROC_NXLAT_OPT_CFG | OPTPROC_NXLAT_OPT;
+ gnutls_cli_debugOptions.fOptSet |= OPTPROC_NXLAT_OPT_CFG |
OPTPROC_NXLAT_OPT;
}
}
@@ -558,4 +477,4 @@ translate_option_strings(void)
#ifdef __cplusplus
}
#endif
-/* srptool-args.c ends here */
+/* cli-debug-args.c ends here */
diff --git a/src/srptool-args.h b/src/cli-debug-args.h
similarity index 67%
copy from src/srptool-args.h
copy to src/cli-debug-args.h
index 7eb07cd..537d1b2 100644
--- a/src/srptool-args.h
+++ b/src/cli-debug-args.h
@@ -1,16 +1,16 @@
/* -*- buffer-read-only: t -*- vi: set ro:
*
- * DO NOT EDIT THIS FILE (srptool-args.h)
+ * DO NOT EDIT THIS FILE (cli-debug-args.h)
*
- * It has been AutoGen-ed January 21, 2012 at 02:15:51 AM by AutoGen 5.12
- * From the definitions srptool-args.def
+ * It has been AutoGen-ed January 21, 2012 at 11:30:18 AM by AutoGen 5.12
+ * From the definitions cli-debug-args.def
* and the template file options
*
* Generated from AutoOpts 35:0:10 templates.
*
* AutoOpts is a copyrighted work. This header file is not encumbered
* by AutoOpts licensing, but is provided under the licensing terms chosen
- * by the srptool author or copyright holder. AutoOpts is
+ * by the gnutls-cli-debug author or copyright holder. AutoOpts is
* licensed under the terms of the LGPL. The redistributable library
* (``libopts'') is licensed under the terms of either the LGPL or, at the
* users discretion, the BSD license. See the AutoOpts and/or libopts sources
@@ -24,12 +24,12 @@
* GNU General Public License, version 3 or later
* <http://gnu.org/licenses/gpl.html>
*
-PFX>srptool is free software: you can redistribute it and/or modify it
+PFX>gnutls-cli-debug is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
- * srptool is distributed in the hope that it will be useful, but
+ * gnutls-cli-debug is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
@@ -39,12 +39,12 @@ PFX>srptool is free software: you can redistribute it
and/or modify it
*/
/*
* This file contains the programmatic interface to the Automated
- * Options generated for the srptool program.
+ * Options generated for the gnutls-cli-debug program.
* These macros are documented in the AutoGen info file in the
* "AutoOpts" chapter. Please refer to that doc for usage help.
*/
-#ifndef AUTOOPTS_SRPTOOL_ARGS_H_GUARD
-#define AUTOOPTS_SRPTOOL_ARGS_H_GUARD 1
+#ifndef AUTOOPTS_CLI_DEBUG_ARGS_H_GUARD
+#define AUTOOPTS_CLI_DEBUG_ARGS_H_GUARD 1
#include "config.h"
#include <autoopts/options.h>
@@ -66,29 +66,24 @@ PFX>srptool is free software: you can redistribute it
and/or modify it
* Enumeration of each option:
*/
typedef enum {
- INDEX_OPT_DEBUG = 0,
- INDEX_OPT_INDEX = 1,
- INDEX_OPT_USERNAME = 2,
- INDEX_OPT_PASSWD = 3,
- INDEX_OPT_SALT = 4,
- INDEX_OPT_VERIFY = 5,
- INDEX_OPT_PASSWD_CONF = 6,
- INDEX_OPT_CREATE_CONF = 7,
- INDEX_OPT_VERSION = 8,
- INDEX_OPT_HELP = 9,
- INDEX_OPT_MORE_HELP = 10
+ INDEX_OPT_DEBUG = 0,
+ INDEX_OPT_VERBOSE = 1,
+ INDEX_OPT_PORT = 2,
+ INDEX_OPT_VERSION = 3,
+ INDEX_OPT_HELP = 4,
+ INDEX_OPT_MORE_HELP = 5
} teOptIndex;
-#define OPTION_CT 11
-#define SRPTOOL_VERSION "3.0.12"
-#define SRPTOOL_FULL_VERSION "srptool 3.0.12"
+#define OPTION_CT 6
+#define GNUTLS_CLI_DEBUG_VERSION "3.0.12"
+#define GNUTLS_CLI_DEBUG_FULL_VERSION "gnutls-cli-debug 3.0.12"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
* option name (as in the teOptIndex enumeration above).
* e.g. HAVE_OPT(DEBUG)
*/
-#define DESC(n) (srptoolOptions.pOptDesc[INDEX_OPT_## n])
+#define DESC(n) (gnutls_cli_debugOptions.pOptDesc[INDEX_OPT_## n])
#define HAVE_OPT(n) (! UNUSED_OPT(& DESC(n)))
#define OPT_ARG(n) (DESC(n).optArg.argString)
#define STATE_OPT(n) (DESC(n).fOptState & OPTST_SET_MASK)
@@ -106,12 +101,12 @@ typedef enum {
/* * * * * *
*
- * Enumeration of srptool exit codes
+ * Enumeration of gnutls-cli-debug exit codes
*/
typedef enum {
- SRPTOOL_EXIT_SUCCESS = 0,
- SRPTOOL_EXIT_FAILURE = 1
-} srptool_exit_code_t;
+ GNUTLS_CLI_DEBUG_EXIT_SUCCESS = 0,
+ GNUTLS_CLI_DEBUG_EXIT_FAILURE = 1
+} gnutls_cli_debug_exit_code_t;
/* * * * * *
*
* Interface defines for specific options.
@@ -119,28 +114,23 @@ typedef enum {
#define VALUE_OPT_DEBUG 'd'
#define OPT_VALUE_DEBUG (DESC(DEBUG).optArg.argInt)
-#define VALUE_OPT_INDEX 'i'
-#define VALUE_OPT_USERNAME 'u'
-#define VALUE_OPT_PASSWD 'p'
-#define VALUE_OPT_SALT 's'
-
-#define OPT_VALUE_SALT (DESC(SALT).optArg.argInt)
-#define VALUE_OPT_VERIFY 5
-#define VALUE_OPT_PASSWD_CONF 'v'
-#define VALUE_OPT_CREATE_CONF 7
+#define VALUE_OPT_VERBOSE 'V'
+#define VALUE_OPT_PORT 'p'
+
+#define OPT_VALUE_PORT (DESC(PORT).optArg.argInt)
#define VALUE_OPT_HELP '?'
#define VALUE_OPT_MORE_HELP '!'
#define VALUE_OPT_VERSION 'v'
/*
* Interface defines not associated with particular options
*/
-#define ERRSKIP_OPTERR STMTS(srptoolOptions.fOptSet &= ~OPTPROC_ERRSTOP)
-#define ERRSTOP_OPTERR STMTS(srptoolOptions.fOptSet |= OPTPROC_ERRSTOP)
+#define ERRSKIP_OPTERR STMTS(gnutls_cli_debugOptions.fOptSet &=
~OPTPROC_ERRSTOP)
+#define ERRSTOP_OPTERR STMTS(gnutls_cli_debugOptions.fOptSet |=
OPTPROC_ERRSTOP)
#define RESTART_OPT(n) STMTS( \
- srptoolOptions.curOptIdx = (n); \
- srptoolOptions.pzCurOpt = NULL)
+ gnutls_cli_debugOptions.curOptIdx = (n); \
+ gnutls_cli_debugOptions.pzCurOpt = NULL)
#define START_OPT RESTART_OPT(1)
-#define USAGE(c) (*srptoolOptions.pUsageProc)(&srptoolOptions, c)
+#define USAGE(c)
(*gnutls_cli_debugOptions.pUsageProc)(&gnutls_cli_debugOptions, c)
/* extracted from opthead.tlib near line 451 */
#ifdef __cplusplus
@@ -149,15 +139,15 @@ extern "C" {
/* * * * * *
*
- * Globals exported from the GnuTLS SRP tool option definitions
+ * Globals exported from the GnuTLS debug client option definitions
*/
#include <gettext.h>
/* * * * * *
*
- * Declare the srptool option descriptor.
+ * Declare the gnutls-cli-debug option descriptor.
*/
-extern tOptions srptoolOptions;
+extern tOptions gnutls_cli_debugOptions;
#if defined(ENABLE_NLS)
# ifndef _
@@ -169,14 +159,14 @@ static inline char* aoGetsText(char const* pz) {
# define _(s) aoGetsText(s)
# endif /* _() */
-# define OPT_NO_XLAT_CFG_NAMES STMTS(srptoolOptions.fOptSet |= \
+# define OPT_NO_XLAT_CFG_NAMES STMTS(gnutls_cli_debugOptions.fOptSet |= \
OPTPROC_NXLAT_OPT_CFG;)
-# define OPT_NO_XLAT_OPT_NAMES STMTS(srptoolOptions.fOptSet |= \
+# define OPT_NO_XLAT_OPT_NAMES STMTS(gnutls_cli_debugOptions.fOptSet |= \
OPTPROC_NXLAT_OPT|OPTPROC_NXLAT_OPT_CFG;)
-# define OPT_XLAT_CFG_NAMES STMTS(srptoolOptions.fOptSet &= \
+# define OPT_XLAT_CFG_NAMES STMTS(gnutls_cli_debugOptions.fOptSet &= \
~(OPTPROC_NXLAT_OPT|OPTPROC_NXLAT_OPT_CFG);)
-# define OPT_XLAT_OPT_NAMES STMTS(srptoolOptions.fOptSet &= \
+# define OPT_XLAT_OPT_NAMES STMTS(gnutls_cli_debugOptions.fOptSet &= \
~OPTPROC_NXLAT_OPT;)
#else /* ENABLE_NLS */
@@ -194,5 +184,5 @@ static inline char* aoGetsText(char const* pz) {
#ifdef __cplusplus
}
#endif
-#endif /* AUTOOPTS_SRPTOOL_ARGS_H_GUARD */
-/* srptool-args.h ends here */
+#endif /* AUTOOPTS_CLI_DEBUG_ARGS_H_GUARD */
+/* cli-debug-args.h ends here */
diff --git a/src/srptool-args.c b/src/psk-args.c
similarity index 70%
copy from src/srptool-args.c
copy to src/psk-args.c
index 2fc0990..b594153 100644
--- a/src/srptool-args.c
+++ b/src/psk-args.c
@@ -1,16 +1,16 @@
/* -*- buffer-read-only: t -*- vi: set ro:
*
- * DO NOT EDIT THIS FILE (srptool-args.c)
+ * DO NOT EDIT THIS FILE (psk-args.c)
*
- * It has been AutoGen-ed January 21, 2012 at 02:15:51 AM by AutoGen 5.12
- * From the definitions srptool-args.def
+ * It has been AutoGen-ed January 21, 2012 at 11:33:02 AM by AutoGen 5.12
+ * From the definitions psk-args.def
* and the template file options
*
* Generated from AutoOpts 35:0:10 templates.
*
* AutoOpts is a copyrighted work. This source file is not encumbered
* by AutoOpts licensing, but is provided under the licensing terms chosen
- * by the srptool author or copyright holder. AutoOpts is
+ * by the psktool author or copyright holder. AutoOpts is
* licensed under the terms of the LGPL. The redistributable library
* (``libopts'') is licensed under the terms of either the LGPL or, at the
* users discretion, the BSD license. See the AutoOpts and/or libopts sources
@@ -24,12 +24,12 @@
* GNU General Public License, version 3 or later
* <http://gnu.org/licenses/gpl.html>
*
-PFX>srptool is free software: you can redistribute it and/or modify it
+PFX>psktool is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
- * srptool is distributed in the hope that it will be useful, but
+ * psktool is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
@@ -45,7 +45,7 @@ PFX>srptool is free software: you can redistribute it and/or
modify it
#include <stdlib.h>
#include <errno.h>
#define OPTION_CODE_COMPILE 1
-#include "srptool-args.h"
+#include "psk-args.h"
#ifdef __cplusplus
extern "C" {
@@ -55,18 +55,18 @@ extern FILE * option_usage_fp;
/* TRANSLATORS: choose the translation for option names wisely because you
cannot ever change your mind. */
static char const zCopyright[275] =
-"srptool 3.0.12\n\
+"psktool 3.0.12\n\
Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the\n\
GNU General Public License, version 3 or later\n\
<http://gnu.org/licenses/gpl.html>\n";
static char const zLicenseDescrip[603] =
-"srptool is free software: you can redistribute it and/or modify it under\n\
+"psktool is free software: you can redistribute it and/or modify it under\n\
the terms of the GNU General Public License as published by the Free\n\
Software Foundation, either version 3 of the License, or (at your option)\n\
any later version.\n\n\
-srptool is distributed in the hope that it will be useful, but WITHOUT\n\
+psktool is distributed in the hope that it will be useful, but WITHOUT\n\
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or\n\
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License\n\
for more details.\n\n\
@@ -90,13 +90,14 @@ static char const zDebug_Name[] = "debug";
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
- * Index option description:
+ * Keysize option description:
*/
-static char const zIndexText[] =
- "specify the index of the group parameters in tpasswd.conf to use.";
-static char const zIndex_NAME[] = "INDEX";
-static char const zIndex_Name[] = "index";
-#define INDEX_FLAGS (OPTST_DISABLED)
+static char const zKeysizeText[] =
+ "specify the key size in bytes";
+static char const zKeysize_NAME[] = "KEYSIZE";
+static char const zKeysize_Name[] = "keysize";
+#define KEYSIZE_FLAGS (OPTST_DISABLED \
+ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
* Username option description:
@@ -119,45 +120,6 @@ static char const zPasswd_Name[] = "passwd";
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
- * Salt option description:
- */
-static char const zSaltText[] =
- "specify salt size for crypt algorithm.";
-static char const zSalt_NAME[] = "SALT";
-static char const zSalt_Name[] = "salt";
-#define SALT_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
-
-/*
- * Verify option description:
- */
-static char const zVerifyText[] =
- "just verify the password.";
-static char const zVerify_NAME[] = "VERIFY";
-static char const zVerify_Name[] = "verify";
-#define VERIFY_FLAGS (OPTST_DISABLED)
-
-/*
- * Passwd_Conf option description:
- */
-static char const zPasswd_ConfText[] =
- "specify a password conf file.";
-static char const zPasswd_Conf_NAME[] = "PASSWD_CONF";
-static char const zPasswd_Conf_Name[] = "passwd-conf";
-#define PASSWD_CONF_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
-
-/*
- * Create_Conf option description:
- */
-static char const zCreate_ConfText[] =
- "Generate a password configuration file.";
-static char const zCreate_Conf_NAME[] = "CREATE_CONF";
-static char const zCreate_Conf_Name[] = "create-conf";
-#define CREATE_CONF_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
-
-/*
* Help/More_Help/Version option descriptions:
*/
static char const zHelpText[] = "Display extended usage information
and exit";
@@ -189,11 +151,11 @@ extern tOptProc
optionStackArg, optionTimeDate, optionTimeVal,
optionUnstackArg, optionVersionStderr;
static tOptProc
- doOptDebug, doUsageOpt;
+ doOptDebug, doOptKeysize, doUsageOpt;
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
- * Define the Srptool Option Descriptions.
+ * Define the Psktool Option Descriptions.
*/
static tOptDesc optDesc[OPTION_CT] = {
{ /* entry idx, value */ 0, VALUE_OPT_DEBUG,
@@ -208,16 +170,16 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zDebugText, zDebug_NAME, zDebug_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 1, VALUE_OPT_INDEX,
- /* equiv idx, value */ 1, VALUE_OPT_INDEX,
+ { /* entry idx, value */ 1, VALUE_OPT_KEYSIZE,
+ /* equiv idx, value */ 1, VALUE_OPT_KEYSIZE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ INDEX_FLAGS, 0,
+ /* opt state flags */ KEYSIZE_FLAGS, 0,
/* last opt argumnt */ { NULL },
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ zIndexText, zIndex_NAME, zIndex_Name,
+ /* option proc */ doOptKeysize,
+ /* desc, NAME, name */ zKeysizeText, zKeysize_NAME, zKeysize_Name,
/* disablement strs */ NULL, NULL },
{ /* entry idx, value */ 2, VALUE_OPT_USERNAME,
@@ -244,54 +206,6 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ zPasswdText, zPasswd_NAME, zPasswd_Name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 4, VALUE_OPT_SALT,
- /* equiv idx, value */ 4, VALUE_OPT_SALT,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ SALT_FLAGS, 0,
- /* last opt argumnt */ { NULL },
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ optionNumericVal,
- /* desc, NAME, name */ zSaltText, zSalt_NAME, zSalt_Name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 5, VALUE_OPT_VERIFY,
- /* equiv idx, value */ 5, VALUE_OPT_VERIFY,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ VERIFY_FLAGS, 0,
- /* last opt argumnt */ { NULL },
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ zVerifyText, zVerify_NAME, zVerify_Name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 6, VALUE_OPT_PASSWD_CONF,
- /* equiv idx, value */ 6, VALUE_OPT_PASSWD_CONF,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ PASSWD_CONF_FLAGS, 0,
- /* last opt argumnt */ { NULL },
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ zPasswd_ConfText, zPasswd_Conf_NAME,
zPasswd_Conf_Name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 7, VALUE_OPT_CREATE_CONF,
- /* equiv idx, value */ 7, VALUE_OPT_CREATE_CONF,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ CREATE_CONF_FLAGS, 0,
- /* last opt argumnt */ { NULL },
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ zCreate_ConfText, zCreate_Conf_NAME,
zCreate_Conf_Name,
- /* disablement strs */ NULL, NULL },
-
{ /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
/* equiv idx value */ NO_EQUIVALENT, 0,
/* equivalenced to */ NO_EQUIVALENT,
@@ -333,27 +247,21 @@ static tOptDesc optDesc[OPTION_CT] = {
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
- * Define the Srptool Option Environment
+ * Define the Psktool Option Environment
*/
-static char const zPROGNAME[8] = "SRPTOOL";
+static char const zPROGNAME[8] = "PSKTOOL";
static char const zUsageTitle[99] =
-"srptool - GnuTLS SRP tool - Ver. 3.0.12\n\
+"psktool - GnuTLS PSK tool - Ver. 3.0.12\n\
USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \n";
#define zRcName NULL
#define apzHomeList NULL
static char const zBugsAddr[19] = "address@hidden";
#define zExplain NULL
-static char const zDetail[473] = "\n\
-Simple program that emulates the programs in the Stanford SRP (Secure\n\
-Remote Password) libraries using GnuTLS. It is intended for use in\n\
-places where you don't expect SRP authentication to be the used for\n\
-system users.\n\n\
-In brief, to use SRP you need to create two files. These are the\n\
-password file that holds the users and the verifiers associated with\n\
-them and the configuration file to hold the group parameters (called\n\
-tpasswd.conf).\n";
-static char const zFullVersion[] = SRPTOOL_FULL_VERSION;
+static char const zDetail[126] = "\n\
+Program that generates random keys for use with TLS-PSK. The keys are\n\
+stored in hexadecimal format in a key file.\n";
+static char const zFullVersion[] = PSKTOOL_FULL_VERSION;
/* extracted from optcode.tlib near line 515 */
#if defined(ENABLE_NLS)
@@ -365,19 +273,19 @@ static char const zFullVersion[] = SRPTOOL_FULL_VERSION;
#endif /* ENABLE_NLS */
-#define srptool_full_usage NULL
-static char const srptool_short_usage[] =
- "srptool [options]\n\
-srptool --help for usage instructions.\n";
+#define psktool_full_usage NULL
+static char const psktool_short_usage[] =
+ "psktool [options]\n\
+psktool --help for usage instructions.\n";
#ifndef PKGDATADIR
# define PKGDATADIR ""
#endif
#ifndef WITH_PACKAGER
-# define srptool_packager_info NULL
+# define psktool_packager_info NULL
#else
-static char const srptool_packager_info[] =
+static char const psktool_packager_info[] =
"Packaged by " WITH_PACKAGER
# ifdef WITH_PACKAGER_VERSION
@@ -385,12 +293,12 @@ static char const srptool_packager_info[] =
# endif
# ifdef WITH_PACKAGER_BUG_REPORTS
- "\nReport srptool bugs to " WITH_PACKAGER_BUG_REPORTS
+ "\nReport psktool bugs to " WITH_PACKAGER_BUG_REPORTS
# endif
"\n";
#endif
-tOptions srptoolOptions = {
+tOptions psktoolOptions = {
OPTIONS_STRUCT_VERSION,
0, NULL, /* original argc + argv */
( OPTPROC_BASE
@@ -419,10 +327,10 @@ tOptions srptoolOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 11 /* full option count */, 8 /* user option count */,
- srptool_full_usage, srptool_short_usage,
+ 7 /* full option count */, 4 /* user option count */,
+ psktool_full_usage, psktool_short_usage,
NULL, NULL,
- PKGDATADIR, srptool_packager_info
+ PKGDATADIR, psktool_packager_info
};
/*
@@ -432,7 +340,7 @@ static void
doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc)
{
(void)pOptions;
- USAGE(SRPTOOL_EXIT_SUCCESS);
+ USAGE(PSKTOOL_EXIT_SUCCESS);
}
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
@@ -467,6 +375,39 @@ emit_ranges:
optionShowRange(pOptions, pOptDesc, (void *)rng, 1);
}
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+ *
+ * For the keysize option.
+ */
+static void
+doOptKeysize(tOptions* pOptions, tOptDesc* pOptDesc)
+{
+ static const struct {long const rmin, rmax;} rng[1] = {
+ { 0 , 512 } };
+ int ix;
+
+ if (pOptions <= OPTPROC_EMIT_LIMIT)
+ goto emit_ranges;
+ optionNumericVal(pOptions, pOptDesc);
+
+ for (ix = 0; ix < 1; ix++) {
+ if (pOptDesc->optArg.argInt < rng[ix].rmin)
+ continue; /* ranges need not be ordered. */
+ if (pOptDesc->optArg.argInt == rng[ix].rmin)
+ return;
+ if (rng[ix].rmax == LONG_MIN)
+ continue;
+ if (pOptDesc->optArg.argInt <= rng[ix].rmax)
+ return;
+ }
+
+ option_usage_fp = stderr;
+
+emit_ranges:
+
+ optionShowRange(pOptions, pOptDesc, (void *)rng, 1);
+}
/* extracted from optcode.tlib near line 666 */
#if ENABLE_NLS
@@ -491,7 +432,7 @@ AO_gettext(char const* pz)
pzRes = strdup(pzRes);
if (pzRes == NULL) {
fputs(_("No memory for duping translated strings\n"), stderr);
- exit(SRPTOOL_EXIT_FAILURE);
+ exit(PSKTOOL_EXIT_FAILURE);
}
return pzRes;
}
@@ -505,7 +446,7 @@ static void coerce_it(void** s) { *s = AO_gettext(*s);
static void
translate_option_strings(void)
{
- tOptions * const pOpt = &srptoolOptions;
+ tOptions * const pOpt = &psktoolOptions;
/*
* Guard against re-translation. It won't work. The strings will have
@@ -549,7 +490,7 @@ translate_option_strings(void)
coerce_it((void*)&(pOD->pz_DisablePfx));
}
/* prevent re-translation */
- srptoolOptions.fOptSet |= OPTPROC_NXLAT_OPT_CFG | OPTPROC_NXLAT_OPT;
+ psktoolOptions.fOptSet |= OPTPROC_NXLAT_OPT_CFG | OPTPROC_NXLAT_OPT;
}
}
@@ -558,4 +499,4 @@ translate_option_strings(void)
#ifdef __cplusplus
}
#endif
-/* srptool-args.c ends here */
+/* psk-args.c ends here */
diff --git a/src/srptool-args.h b/src/psk-args.h
similarity index 68%
copy from src/srptool-args.h
copy to src/psk-args.h
index 7eb07cd..c9d4d90 100644
--- a/src/srptool-args.h
+++ b/src/psk-args.h
@@ -1,16 +1,16 @@
/* -*- buffer-read-only: t -*- vi: set ro:
*
- * DO NOT EDIT THIS FILE (srptool-args.h)
+ * DO NOT EDIT THIS FILE (psk-args.h)
*
- * It has been AutoGen-ed January 21, 2012 at 02:15:51 AM by AutoGen 5.12
- * From the definitions srptool-args.def
+ * It has been AutoGen-ed January 21, 2012 at 11:33:02 AM by AutoGen 5.12
+ * From the definitions psk-args.def
* and the template file options
*
* Generated from AutoOpts 35:0:10 templates.
*
* AutoOpts is a copyrighted work. This header file is not encumbered
* by AutoOpts licensing, but is provided under the licensing terms chosen
- * by the srptool author or copyright holder. AutoOpts is
+ * by the psktool author or copyright holder. AutoOpts is
* licensed under the terms of the LGPL. The redistributable library
* (``libopts'') is licensed under the terms of either the LGPL or, at the
* users discretion, the BSD license. See the AutoOpts and/or libopts sources
@@ -24,12 +24,12 @@
* GNU General Public License, version 3 or later
* <http://gnu.org/licenses/gpl.html>
*
-PFX>srptool is free software: you can redistribute it and/or modify it
+PFX>psktool is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
- * srptool is distributed in the hope that it will be useful, but
+ * psktool is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
@@ -39,12 +39,12 @@ PFX>srptool is free software: you can redistribute it
and/or modify it
*/
/*
* This file contains the programmatic interface to the Automated
- * Options generated for the srptool program.
+ * Options generated for the psktool program.
* These macros are documented in the AutoGen info file in the
* "AutoOpts" chapter. Please refer to that doc for usage help.
*/
-#ifndef AUTOOPTS_SRPTOOL_ARGS_H_GUARD
-#define AUTOOPTS_SRPTOOL_ARGS_H_GUARD 1
+#ifndef AUTOOPTS_PSK_ARGS_H_GUARD
+#define AUTOOPTS_PSK_ARGS_H_GUARD 1
#include "config.h"
#include <autoopts/options.h>
@@ -66,29 +66,25 @@ PFX>srptool is free software: you can redistribute it
and/or modify it
* Enumeration of each option:
*/
typedef enum {
- INDEX_OPT_DEBUG = 0,
- INDEX_OPT_INDEX = 1,
- INDEX_OPT_USERNAME = 2,
- INDEX_OPT_PASSWD = 3,
- INDEX_OPT_SALT = 4,
- INDEX_OPT_VERIFY = 5,
- INDEX_OPT_PASSWD_CONF = 6,
- INDEX_OPT_CREATE_CONF = 7,
- INDEX_OPT_VERSION = 8,
- INDEX_OPT_HELP = 9,
- INDEX_OPT_MORE_HELP = 10
+ INDEX_OPT_DEBUG = 0,
+ INDEX_OPT_KEYSIZE = 1,
+ INDEX_OPT_USERNAME = 2,
+ INDEX_OPT_PASSWD = 3,
+ INDEX_OPT_VERSION = 4,
+ INDEX_OPT_HELP = 5,
+ INDEX_OPT_MORE_HELP = 6
} teOptIndex;
-#define OPTION_CT 11
-#define SRPTOOL_VERSION "3.0.12"
-#define SRPTOOL_FULL_VERSION "srptool 3.0.12"
+#define OPTION_CT 7
+#define PSKTOOL_VERSION "3.0.12"
+#define PSKTOOL_FULL_VERSION "psktool 3.0.12"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
* option name (as in the teOptIndex enumeration above).
* e.g. HAVE_OPT(DEBUG)
*/
-#define DESC(n) (srptoolOptions.pOptDesc[INDEX_OPT_## n])
+#define DESC(n) (psktoolOptions.pOptDesc[INDEX_OPT_## n])
#define HAVE_OPT(n) (! UNUSED_OPT(& DESC(n)))
#define OPT_ARG(n) (DESC(n).optArg.argString)
#define STATE_OPT(n) (DESC(n).fOptState & OPTST_SET_MASK)
@@ -106,12 +102,12 @@ typedef enum {
/* * * * * *
*
- * Enumeration of srptool exit codes
+ * Enumeration of psktool exit codes
*/
typedef enum {
- SRPTOOL_EXIT_SUCCESS = 0,
- SRPTOOL_EXIT_FAILURE = 1
-} srptool_exit_code_t;
+ PSKTOOL_EXIT_SUCCESS = 0,
+ PSKTOOL_EXIT_FAILURE = 1
+} psktool_exit_code_t;
/* * * * * *
*
* Interface defines for specific options.
@@ -119,28 +115,24 @@ typedef enum {
#define VALUE_OPT_DEBUG 'd'
#define OPT_VALUE_DEBUG (DESC(DEBUG).optArg.argInt)
-#define VALUE_OPT_INDEX 'i'
+#define VALUE_OPT_KEYSIZE 's'
+
+#define OPT_VALUE_KEYSIZE (DESC(KEYSIZE).optArg.argInt)
#define VALUE_OPT_USERNAME 'u'
#define VALUE_OPT_PASSWD 'p'
-#define VALUE_OPT_SALT 's'
-
-#define OPT_VALUE_SALT (DESC(SALT).optArg.argInt)
-#define VALUE_OPT_VERIFY 5
-#define VALUE_OPT_PASSWD_CONF 'v'
-#define VALUE_OPT_CREATE_CONF 7
#define VALUE_OPT_HELP '?'
#define VALUE_OPT_MORE_HELP '!'
#define VALUE_OPT_VERSION 'v'
/*
* Interface defines not associated with particular options
*/
-#define ERRSKIP_OPTERR STMTS(srptoolOptions.fOptSet &= ~OPTPROC_ERRSTOP)
-#define ERRSTOP_OPTERR STMTS(srptoolOptions.fOptSet |= OPTPROC_ERRSTOP)
+#define ERRSKIP_OPTERR STMTS(psktoolOptions.fOptSet &= ~OPTPROC_ERRSTOP)
+#define ERRSTOP_OPTERR STMTS(psktoolOptions.fOptSet |= OPTPROC_ERRSTOP)
#define RESTART_OPT(n) STMTS( \
- srptoolOptions.curOptIdx = (n); \
- srptoolOptions.pzCurOpt = NULL)
+ psktoolOptions.curOptIdx = (n); \
+ psktoolOptions.pzCurOpt = NULL)
#define START_OPT RESTART_OPT(1)
-#define USAGE(c) (*srptoolOptions.pUsageProc)(&srptoolOptions, c)
+#define USAGE(c) (*psktoolOptions.pUsageProc)(&psktoolOptions, c)
/* extracted from opthead.tlib near line 451 */
#ifdef __cplusplus
@@ -149,15 +141,15 @@ extern "C" {
/* * * * * *
*
- * Globals exported from the GnuTLS SRP tool option definitions
+ * Globals exported from the GnuTLS PSK tool option definitions
*/
#include <gettext.h>
/* * * * * *
*
- * Declare the srptool option descriptor.
+ * Declare the psktool option descriptor.
*/
-extern tOptions srptoolOptions;
+extern tOptions psktoolOptions;
#if defined(ENABLE_NLS)
# ifndef _
@@ -169,14 +161,14 @@ static inline char* aoGetsText(char const* pz) {
# define _(s) aoGetsText(s)
# endif /* _() */
-# define OPT_NO_XLAT_CFG_NAMES STMTS(srptoolOptions.fOptSet |= \
+# define OPT_NO_XLAT_CFG_NAMES STMTS(psktoolOptions.fOptSet |= \
OPTPROC_NXLAT_OPT_CFG;)
-# define OPT_NO_XLAT_OPT_NAMES STMTS(srptoolOptions.fOptSet |= \
+# define OPT_NO_XLAT_OPT_NAMES STMTS(psktoolOptions.fOptSet |= \
OPTPROC_NXLAT_OPT|OPTPROC_NXLAT_OPT_CFG;)
-# define OPT_XLAT_CFG_NAMES STMTS(srptoolOptions.fOptSet &= \
+# define OPT_XLAT_CFG_NAMES STMTS(psktoolOptions.fOptSet &= \
~(OPTPROC_NXLAT_OPT|OPTPROC_NXLAT_OPT_CFG);)
-# define OPT_XLAT_OPT_NAMES STMTS(srptoolOptions.fOptSet &= \
+# define OPT_XLAT_OPT_NAMES STMTS(psktoolOptions.fOptSet &= \
~OPTPROC_NXLAT_OPT;)
#else /* ENABLE_NLS */
@@ -194,5 +186,5 @@ static inline char* aoGetsText(char const* pz) {
#ifdef __cplusplus
}
#endif
-#endif /* AUTOOPTS_SRPTOOL_ARGS_H_GUARD */
-/* srptool-args.h ends here */
+#endif /* AUTOOPTS_PSK_ARGS_H_GUARD */
+/* psk-args.h ends here */
diff --git a/src/serv-args.c b/src/serv-args.c
index 8311611..2fc66a7 100644
--- a/src/serv-args.c
+++ b/src/serv-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (serv-args.c)
*
- * It has been AutoGen-ed January 21, 2012 at 02:14:19 AM by AutoGen 5.12
+ * It has been AutoGen-ed January 21, 2012 at 11:30:09 AM by AutoGen 5.12
* From the definitions serv-args.def
* and the template file options
*
diff --git a/src/serv-args.h b/src/serv-args.h
index b34ea76..a8c1a23 100644
--- a/src/serv-args.h
+++ b/src/serv-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (serv-args.h)
*
- * It has been AutoGen-ed January 21, 2012 at 02:14:19 AM by AutoGen 5.12
+ * It has been AutoGen-ed January 21, 2012 at 11:30:09 AM by AutoGen 5.12
* From the definitions serv-args.def
* and the template file options
*
diff --git a/src/srptool-args.c b/src/srptool-args.c
index 2fc0990..86780d4 100644
--- a/src/srptool-args.c
+++ b/src/srptool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (srptool-args.c)
*
- * It has been AutoGen-ed January 21, 2012 at 02:15:51 AM by AutoGen 5.12
+ * It has been AutoGen-ed January 21, 2012 at 11:30:11 AM by AutoGen 5.12
* From the definitions srptool-args.def
* and the template file options
*
diff --git a/src/srptool-args.h b/src/srptool-args.h
index 7eb07cd..b1309bb 100644
--- a/src/srptool-args.h
+++ b/src/srptool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (srptool-args.h)
*
- * It has been AutoGen-ed January 21, 2012 at 02:15:51 AM by AutoGen 5.12
+ * It has been AutoGen-ed January 21, 2012 at 11:30:11 AM by AutoGen 5.12
* From the definitions srptool-args.def
* and the template file options
*
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 70f8946..30ceb9f 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -20,7 +20,7 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
SUBDIRS = . rsa-md5-collision pkcs1-padding pkcs8-decode pkcs12-decode \
- userid pathlen key-id sha2 safe-renegotiation dsa scripts ecdsa \
+ userid cert-tests key-id sha2 safe-renegotiation dsa scripts ecdsa \
slow
if ENABLE_OPENPGP
diff --git a/tests/pathlen/Makefile.am b/tests/cert-tests/Makefile.am
similarity index 88%
rename from tests/pathlen/Makefile.am
rename to tests/cert-tests/Makefile.am
index 1f57827..81042b9 100644
--- a/tests/pathlen/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -19,10 +19,10 @@
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem
+EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem
-dist_check_SCRIPTS = pathlen
+dist_check_SCRIPTS = pathlen aki
-TESTS = pathlen
+TESTS = pathlen aki
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT)
diff --git a/tests/userid/userid b/tests/cert-tests/aki
similarity index 75%
copy from tests/userid/userid
copy to tests/cert-tests/aki
index 5374227..e0722a0 100755
--- a/tests/userid/userid
+++ b/tests/cert-tests/aki
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright (C) 2006, 2008, 2010, 2012 Free Software Foundation, Inc.
+# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc.
#
# Author: Simon Josefsson
#
@@ -20,17 +20,22 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+set -e
+
srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
-$CERTTOOL --certificate-info --infile $srcdir/userid.pem >out 2>&1
-RET=$?
-if [ $RET != 0 ];then
- echo "Error in userid:"
- cat out
- exit 1
-fi
+$CERTTOOL --certificate-info --infile $srcdir/aki-cert.pem \
+ --outfile tmp-aki.pem
+
+diff $srcdir/aki-cert.pem tmp-aki.pem
+rc=$?
-rm -f out
+rm -f tmp-aki.pem
+
+# We're done.
+if test "$rc" != "0"; then
+ exit $rc
+fi
exit 0
diff --git a/tests/cert-tests/aki-cert.pem b/tests/cert-tests/aki-cert.pem
new file mode 100644
index 0000000..b7a4c32
--- /dev/null
+++ b/tests/cert-tests/aki-cert.pem
@@ -0,0 +1,117 @@
+X.509 Certificate Information:
+ Version: 3
+ Serial Number (hex): 6e4ffab3c5e669c4d167c992abe858c4
+ Issuer: C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification
Authority - G2,OU=(c) 1998 VeriSign\, Inc. - For authorized use
only,OU=VeriSign Trust Network
+ Validity:
+ Not Before: Wed Mar 25 00:00:00 UTC 2009
+ Not After: Sun Mar 24 23:59:59 UTC 2019
+ Subject: C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of
use at https://www.verisign.com/rpa (c)09,CN=VeriSign Class 3 Secure Server CA
- G2
+ Subject Public Key Algorithm: RSA
+ Certificate Security Level: Legacy (2048 bits)
+ Modulus (bits 2048):
+ 00:d4:56:8f:57:3b:37:28:a6:40:63:d2:95:d5:05:74
+ da:b5:19:6a:96:d6:71:57:2f:e2:c0:34:8c:a0:95:b3
+ 8c:e1:37:24:f3:2e:ed:43:45:05:8e:89:d7:fa:da:4a
+ b5:f8:3e:8d:4e:c7:f9:49:50:45:37:40:9f:74:aa:a0
+ 51:55:61:f1:60:84:89:a5:9e:80:8d:2f:b0:21:aa:45
+ 82:c4:cf:b4:14:7f:47:15:20:28:82:b0:68:12:c0:ae
+ 5c:07:d7:f6:59:cc:cb:62:56:5c:4d:49:ff:26:88:ab
+ 54:51:3a:2f:4a:da:0e:98:e2:89:72:b9:fc:f7:68:3c
+ c4:1f:39:7a:cb:17:81:f3:0c:ad:0f:dc:61:62:1b:10
+ 0b:04:1e:29:18:71:5e:62:cb:43:de:be:31:ba:71:02
+ 19:4e:26:a9:51:da:8c:64:69:03:de:9c:fd:7d:fd:7b
+ 61:bc:fc:84:7c:88:5c:b4:c3:7b:ed:5f:2b:46:12:f1
+ fd:00:01:9a:8b:5b:e9:a3:05:2e:8f:2e:5b:de:f3:1b
+ 78:f8:66:91:08:c0:5e:ce:d5:b0:36:ca:d4:a8:7b:a0
+ 7d:f9:30:7a:bf:f8:dd:19:51:2b:20:ba:fe:a7:cf:a1
+ 4e:b0:67:f5:80:aa:2b:83:2e:d2:8e:54:89:8e:1e:29
+ 0b
+ Exponent (bits 24):
+ 01:00:01
+ Extensions:
+ Authority Information Access (not critical):
+ Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
+ Access Location URI: http://ocsp.verisign.com
+ Basic Constraints (critical):
+ Certificate Authority (CA): TRUE
+ Path Length Constraint: 0
+ Unknown extension 2.5.29.32 (not critical):
+ ASCII:
0g0e..`.H...E....0V0(..+.........https://www.verisign.com/cps0*..+.......0...https://www.verisign.com/rpa
+ Hexdump:
30673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061
+ CRL Distribution points (not critical):
+ URI: http://crl.verisign.com/pca3-g2.crl
+ Key Usage (critical):
+ Certificate signing.
+ CRL signing.
+ Unknown extension 1.3.6.1.5.5.7.1.12 (not critical):
+ ASCII:
0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
+ Hexdump:
305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966
+ Subject Alternative Name (not critical):
+ directoryName: CN=Class3CA2048-1-52
+ Subject Key Identifier (not critical):
+ a5ef0b11cec04103a34a659048b21ce0572d7d47
+ Authority Key Identifier (not critical):
+error: get_authority_key_id: Unsupported extension in X.509 certificate.
+ Signature Algorithm: RSA-SHA1
+ Signature:
+ 63:74:2f:3d:53:aa:2f:97:ec:26:11:66:1a:fe:f1:de
+ 41:27:19:d2:7f:d8:c1:1c:f9:e2:38:56:3a:1f:90:ae
+ 39:c5:20:75:ab:f8:6c:2d:67:1f:29:c2:21:d7:14:88
+ 63:4b:b0:9b:27:63:91:f8:f0:a3:01:24:b6:fb:8f:e3
+ 3d:02:0b:6f:54:fe:d4:cc:db:d6:85:bf:7c:95:1e:5e
+ 62:11:c1:d9:09:9c:42:b9:b2:d4:aa:2d:98:3a:23:60
+ cc:a2:9a:f1:6e:e8:cf:8e:d1:1a:3c:5e:19:c5:d7:9b
+ 35:b0:02:23:24:e5:05:b8:d5:88:e3:e0:fa:b9:f4:5f
+Other Information:
+ SHA-1 fingerprint:
+ 62f3c89771da4ce01a91fc13e02b6057b4547a1d
+ Public Key Id:
+ df622ed0fe6a65a8df5b62840c826ac5b372235f
+ Public key's random art:
+ +--[ RSA 2048]----+
+ | |
+ | .. |
+ | .+. . |
+ | .. o. o . |
+ |.+ + E .S.. |
+ |. = o . ooo. |
+ | . + o* o |
+ | . += + |
+ | oo+=. |
+ +-----------------+
+
+-----BEGIN CERTIFICATE-----
+MIIGLDCCBZWgAwIBAgIQbk/6s8XmacTRZ8mSq+hYxDANBgkqhkiG9w0BAQUFADCB
+wTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQL
+EzNDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
+cmswHhcNMDkwMzI1MDAwMDAwWhcNMTkwMzI0MjM1OTU5WjCBtTELMAkGA1UEBhMC
+VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU
+cnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93
+d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xh
+c3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDUVo9XOzcopkBj0pXVBXTatRlqltZxVy/iwDSMoJWzjOE3JPMu
+7UNFBY6J1/raSrX4Po1Ox/lJUEU3QJ90qqBRVWHxYISJpZ6AjS+wIapFgsTPtBR/
+RxUgKIKwaBLArlwH1/ZZzMtiVlxNSf8miKtUUTovStoOmOKJcrn892g8xB85essX
+gfMMrQ/cYWIbEAsEHikYcV5iy0PevjG6cQIZTiapUdqMZGkD3pz9ff17Ybz8hHyI
+XLTDe+1fK0YS8f0AAZqLW+mjBS6PLlve8xt4+GaRCMBeztWwNsrUqHugffkwer/4
+3RlRKyC6/qfPoU6wZ/WAqiuDLtKOVImOHikLAgMBAAGjggKpMIICpTA0BggrBgEF
+BQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTAS
+BgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4RQEHFwMwVjAo
+BggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAqBggrBgEF
+BQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1UdHwQtMCsw
+KaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzIuY3JsMA4GA1Ud
+DwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYw
+ITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9n
+by52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEaMBgGA1UE
+AxMRQ2xhc3MzQ0EyMDQ4LTEtNTIwHQYDVR0OBBYEFKXvCxHOwEEDo0plkEiyHOBX
+LX1HMIHnBgNVHSMEgd8wgdyhgcekgcQwgcExCzAJBgNVBAYTAlVTMRcwFQYDVQQK
+Ew5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFy
+eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5
+OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYD
+VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrghB92f4Hz6getxB5Z/uniTTGMA0G
+CSqGSIb3DQEBBQUAA4GBAGN0Lz1Tqi+X7CYRZhr+8d5BJxnSf9jBHPniOFY6H5Cu
+OcUgdav4bC1nHynCIdcUiGNLsJsnY5H48KMBJLb7j+M9AgtvVP7UzNvWhb98lR5e
+YhHB2QmcQrmy1KotmDojYMyimvFu6M+O0Ro8XhnF15s1sAIjJOUFuNWI4+D6ufRf
+-----END CERTIFICATE-----
diff --git a/tests/pathlen/ca-no-pathlen.pem
b/tests/cert-tests/ca-no-pathlen.pem
similarity index 97%
rename from tests/pathlen/ca-no-pathlen.pem
rename to tests/cert-tests/ca-no-pathlen.pem
index 76ec72b..b2f6448 100644
--- a/tests/pathlen/ca-no-pathlen.pem
+++ b/tests/cert-tests/ca-no-pathlen.pem
@@ -7,7 +7,7 @@ X.509 Certificate Information:
Not After: Sat Jan 27 10:00:06 UTC 2007
Subject: O=GnuTLS test certificate
Subject Public Key Algorithm: RSA
- Certificate Security Level: Weak (512 bits)
+ Certificate Security Level: Low (512 bits)
Modulus (bits 512):
00:a1:63:53:6b:54:95:ac:3c:a4:4b:4b:6a:ba:c0:9c
11:ad:28:dd:03:a8:c0:f4:17:bf:18:cd:9f:b3:5a:d1
diff --git a/tests/pathlen/no-ca-or-pathlen.pem
b/tests/cert-tests/no-ca-or-pathlen.pem
similarity index 99%
rename from tests/pathlen/no-ca-or-pathlen.pem
rename to tests/cert-tests/no-ca-or-pathlen.pem
index 086feb4..258e61e 100644
--- a/tests/pathlen/no-ca-or-pathlen.pem
+++ b/tests/cert-tests/no-ca-or-pathlen.pem
@@ -7,7 +7,7 @@ X.509 Certificate Information:
Not After: Fri Aug 25 23:59:59 UTC 2000
Subject: O=VeriSign\, Inc.,OU=VeriSign Trust
Network,OU=www.verisign.com/repository/RPA Incorp. by
Ref.\,LIAB.LTD(c)98,OU=Persona Not Validated,OU=Digital ID Class 1 -
Netscape,CN=Simon Josefsson,address@hidden
Subject Public Key Algorithm: RSA
- Certificate Security Level: Weak (1024 bits)
+ Certificate Security Level: Low (1024 bits)
Modulus (bits 1024):
00:c9:0c:ce:8a:fe:71:46:9b:ca:1d:e5:90:12:a5:11
0b:c6:2d:c4:33:c6:19:e8:60:59:4e:3f:64:3d:e4:f7
diff --git a/tests/pathlen/pathlen b/tests/cert-tests/pathlen
similarity index 100%
rename from tests/pathlen/pathlen
rename to tests/cert-tests/pathlen
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-24-g547996d,
Nikos Mavrogiannopoulos <=