[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-69-g172edf8
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-69-g172edf8 |
|
Date: |
Tue, 24 Jan 2012 19:57:07 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=172edf8fe210e6c6554b95d6f0de3c849019d1a4
The branch, master has been updated
via 172edf8fe210e6c6554b95d6f0de3c849019d1a4 (commit)
via 1a6cc0534fec3023e94878a9bd89918bb84244cb (commit)
via fb282b57d621c83bbb1a816c0820d0df9191c688 (commit)
from 6431d64b6115b150353dfbac84e9d7c4a753ab96 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 172edf8fe210e6c6554b95d6f0de3c849019d1a4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Jan 24 20:58:09 2012 +0100
Added functions to allow quering a priority structure.
That is to allow more information being extracted than only the
ciphersuites.
gnutls_priority_certificate_type_list: Added
gnutls_priority_sign_list: Added
gnutls_priority_protocol_list: Added
gnutls_priority_compression_list: Added
gnutls_priority_ecc_curve_list: Added
commit 1a6cc0534fec3023e94878a9bd89918bb84244cb
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Jan 24 20:27:57 2012 +0100
Allow quering available elliptic curves by adding gnutls_ecc_curve_list().
commit fb282b57d621c83bbb1a816c0820d0df9191c688
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Jan 24 20:16:23 2012 +0100
updated
-----------------------------------------------------------------------
Summary of changes:
NEWS | 7 +
doc/cha-gtls-app.texi | 4 +-
doc/cha-programs.texi | 18 +-
doc/printlist.c | 12 +
lib/algorithms/ecc.c | 28 +
lib/gnutls_priority.c | 105 ++++
lib/includes/gnutls/gnutls.h.in | 7 +
lib/libgnutls.map | 6 +
src/common.c | 1270 ++++++++++++++++++++++-----------------
9 files changed, 889 insertions(+), 568 deletions(-)
diff --git a/NEWS b/NEWS
index 6c78c4e..098c30b 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,13 @@ a fork.
gnutls_x509_crt_get_authority_key_gn_serial: Added
gnutls_x509_crl_get_authority_key_gn_serial: Added
gnutls_pkcs11_reinit: Added
+gnutls_ecc_list: Added
+gnutls_priority_certificate_type_list: Added
+gnutls_priority_sign_list: Added
+gnutls_priority_protocol_list: Added
+gnutls_priority_compression_list: Added
+gnutls_priority_ecc_curve_list: Added
+
* Version 3.0.12 (released 2012-01-20)
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 7f3d338..f716bb8 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -940,8 +940,8 @@ or by using the priority functions as in @ref{Listing the
ciphersuites in a prio
Example priority strings are:
@example
-The default priority:
- "NORMAL"
+The default priority without the HMAC-MD5:
+ "NORMAL:-MD5"
Specifying RSA with AES-128-CBC:
"NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
diff --git a/doc/cha-programs.texi b/doc/cha-programs.texi
index 4009261..02d0d49 100644
--- a/doc/cha-programs.texi
+++ b/doc/cha-programs.texi
@@ -107,12 +107,18 @@ the handshake.
@example
$ ./gnutls-cli --priority SECURE192 -l
Cipher suites for SECURE192
-TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2
-TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2e TLS1.2
-TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
-TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
-TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
-TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2
+TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2
+TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2e TLS1.2
+TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
+TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
+TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
+TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2
+
+Certificate types: CTYPE-X.509
+Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-SSL3.0, VERS-DTLS1.0
+Compression: COMP-NULL
+Elliptic curves: CURVE-SECP384R1, CURVE-SECP521R1
+PK-signatures: SIGN-RSA-SHA384, SIGN-ECDSA-SHA384, SIGN-RSA-SHA512,
SIGN-ECDSA-SHA512
@end example
diff --git a/doc/printlist.c b/doc/printlist.c
index d52b5c8..87d0ca3 100644
--- a/doc/printlist.c
+++ b/doc/printlist.c
@@ -145,6 +145,18 @@ static void main_texinfo (void)
}
{
+ const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
+
+ printf ("address@hidden Elliptic address@hidden @code\n");
+ for (; *p; p++)
+ {
+ printf ("@item %s\n", gnutls_ecc_curve_get_name (*p));
+ }
+ printf ("@end table\n");
+ }
+
+
+ {
const gnutls_compression_method_t *p = gnutls_compression_list ();
printf ("address@hidden Compression address@hidden @code\n");
diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c
index ea0b830..0431450 100644
--- a/lib/algorithms/ecc.c
+++ b/lib/algorithms/ecc.c
@@ -121,6 +121,34 @@ _gnutls_tls_id_to_ecc_curve (int num)
return ret;
}
+/**
+ * gnutls_ecc_curve_list:
+ *
+ * Get the list of supported elliptic curves.
+ *
+ * This function is not thread safe.
+ *
+ * Returns: Return a (0)-terminated list of #gnutls_ecc_curve_t
+ * integers indicating the available curves.
+ **/
+const gnutls_ecc_curve_t *
+gnutls_ecc_curve_list (void)
+{
+static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 };
+
+ if (supported_curves[0] == 0)
+ {
+ int i = 0;
+
+ GNUTLS_ECC_CURVE_LOOP (
+ supported_curves[i++]=p->id;
+ );
+ supported_curves[i++]=0;
+ }
+
+ return supported_curves;
+}
+
/* Maps numbers to TLS NamedCurve IDs (RFC4492).
* Returns a negative number on error.
*/
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 2848a60..59f4327 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -1128,3 +1128,108 @@ void _gnutls_priority_prefer_aes_gcm(void)
cipher_priority_performance = cipher_priority_performance_hw_aes;
cipher_priority_normal = cipher_priority_normal_hw_aes;
}
+
+/**
+ * gnutls_priority_ecc_curve_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available elliptic curves in the priority
+ * structure.
+ *
+ * Returns: the number of curves, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_ecc_curve_list (gnutls_priority_t pcache, const unsigned int**
list)
+{
+ if (pcache->supported_ecc.algorithms == 0)
+ return 0;
+
+ *list = pcache->supported_ecc.priority;
+ return pcache->supported_ecc.algorithms;
+}
+
+/**
+ * gnutls_priority_compression_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available compression method in the priority
+ * structure.
+ *
+ * Returns: the number of methods, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_compression_list (gnutls_priority_t pcache, const unsigned
int** list)
+{
+ if (pcache->compression.algorithms == 0)
+ return 0;
+
+ *list = pcache->compression.priority;
+ return pcache->compression.algorithms;
+}
+
+/**
+ * gnutls_priority_protocol_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available TLS version numbers in the priority
+ * structure.
+ *
+ * Returns: the number of protocols, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_protocol_list (gnutls_priority_t pcache, const unsigned int**
list)
+{
+ if (pcache->protocol.algorithms == 0)
+ return 0;
+
+ *list = pcache->protocol.priority;
+ return pcache->protocol.algorithms;
+}
+
+/**
+ * gnutls_priority_sign_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available signature algorithms in the priority
+ * structure.
+ *
+ * Returns: the number of algorithms, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_sign_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+ if (pcache->sign_algo.algorithms == 0)
+ return 0;
+
+ *list = pcache->sign_algo.priority;
+ return pcache->sign_algo.algorithms;
+}
+
+/**
+ * gnutls_priority_certificate_type_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available certificate types in the priority
+ * structure.
+ *
+ * Returns: the number of certificate types, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_certificate_type_list (gnutls_priority_t pcache, const
unsigned int** list)
+{
+ if (pcache->cert_type.algorithms == 0)
+ return 0;
+
+ *list = pcache->cert_type.priority;
+ return pcache->cert_type.algorithms;
+}
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 92acaaa..6730306 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -797,6 +797,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
gnutls_sign_algorithm_t gnutls_sign_get_id (const char *name);
/* list supported algorithms */
+ const gnutls_ecc_curve_t * gnutls_ecc_curve_list (void);
const gnutls_cipher_algorithm_t *gnutls_cipher_list (void);
const gnutls_mac_algorithm_t *gnutls_mac_list (void);
const gnutls_compression_method_t *gnutls_compression_list (void);
@@ -920,6 +921,12 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
const char *priorities,
const char **err_pos);
+ int gnutls_priority_get_certificate_type_list (gnutls_priority_t pcache,
const unsigned int** list);
+ int gnutls_priority_get_sign_list (gnutls_priority_t pcache, const unsigned
int** list);
+ int gnutls_priority_get_protocol_list (gnutls_priority_t pcache, const
unsigned int** list);
+ int gnutls_priority_get_compression_list (gnutls_priority_t pcache, const
unsigned int** list);
+ int gnutls_priority_get_ecc_curve_list (gnutls_priority_t pcache, const
unsigned int** list);
+
/* for compatibility
*/
int gnutls_set_default_priority (gnutls_session_t session);
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index cf3792c..e169a06 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -765,6 +765,12 @@ GNUTLS_3_0_0 {
gnutls_pkcs11_reinit;
gnutls_x509_crt_get_authority_key_gn_serial;
gnutls_x509_crl_get_authority_key_gn_serial;
+ gnutls_ecc_curve_list;
+ gnutls_priority_certificate_type_list;
+ gnutls_priority_sign_list;
+ gnutls_priority_protocol_list;
+ gnutls_priority_compression_list;
+ gnutls_priority_ecc_curve_list;
} GNUTLS_2_12;
GNUTLS_PRIVATE {
diff --git a/src/common.c b/src/common.c
index bd03a54..dcaf421 100644
--- a/src/common.c
+++ b/src/common.c
@@ -49,122 +49,137 @@ const char str_unknown[] = "(unknown)";
const char *
raw_to_string (const unsigned char *raw, size_t raw_size)
{
- static char buf[1024];
- size_t i;
- if (raw_size == 0)
- return NULL;
+ static char buf[1024];
+ size_t i;
+ if (raw_size == 0)
+ return NULL;
- if (raw_size * 3 + 1 >= sizeof (buf))
- return NULL;
+ if (raw_size * 3 + 1 >= sizeof (buf))
+ return NULL;
- for (i = 0; i < raw_size; i++)
- {
- sprintf (&(buf[i * 3]), "%02X%s", raw[i],
- (i == raw_size - 1) ? "" : ":");
- }
- buf[sizeof (buf) - 1] = '\0';
+ for (i = 0; i < raw_size; i++)
+ {
+ sprintf (&(buf[i * 3]), "%02X%s", raw[i],
+ (i == raw_size - 1) ? "" : ":");
+ }
+ buf[sizeof (buf) - 1] = '\0';
- return buf;
+ return buf;
}
static void
-print_x509_info (gnutls_session_t session, const char *hostname, int insecure)
+print_x509_info (gnutls_session_t session, const char *hostname,
+ int insecure)
{
- gnutls_x509_crt_t crt;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0, j;
- int hostname_ok = 0;
- int ret;
-
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list_size == 0)
- {
- fprintf (stderr, "No certificates found!\n");
- return;
- }
+ gnutls_x509_crt_t crt;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0, j;
+ int hostname_ok = 0;
+ int ret;
- printf (" - Got a certificate list of %d certificates.\n", cert_list_size);
+ cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
+ if (cert_list_size == 0)
+ {
+ fprintf (stderr, "No certificates found!\n");
+ return;
+ }
- for (j = 0; j < cert_list_size; j++)
- {
- gnutls_datum_t cinfo;
+ printf (" - Got a certificate list of %d certificates.\n",
+ cert_list_size);
- gnutls_x509_crt_init (&crt);
- ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
- return;
- }
-
- printf (" - Certificate[%d] info:\n - ", j);
-
- if (verbose)
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
- else
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
- if (ret == 0)
- {
- printf ("%s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
-
- if (print_cert)
- {
- size_t size = 0;
- char *p = NULL;
-
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p, &size);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- p = malloc (size);
- if (!p)
- {
- fprintf (stderr, "gnutls_malloc\n");
- exit (1);
- }
+ for (j = 0; j < cert_list_size; j++)
+ {
+ gnutls_datum_t cinfo;
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
- p, &size);
- }
+ gnutls_x509_crt_init (&crt);
+ ret =
+ gnutls_x509_crt_import (crt, &cert_list[j],
+ GNUTLS_X509_FMT_DER);
if (ret < 0)
{
- fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
- return;
+ fprintf (stderr, "Decoding error: %s\n",
+ gnutls_strerror (ret));
+ return;
}
- fputs ("\n", stdout);
- fputs (p, stdout);
- fputs ("\n", stdout);
-
- gnutls_free (p);
- }
+ printf (" - Certificate[%d] info:\n - ", j);
- if (j == 0 && hostname != NULL)
- {
- /* Check the hostname of the first certificate if it matches
- * the name of the host we connected to.
- */
- if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
- hostname_ok = 1;
+ if (verbose)
+ ret =
+ gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL,
+ &cinfo);
else
- hostname_ok = 2;
- }
+ ret =
+ gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE,
+ &cinfo);
+ if (ret == 0)
+ {
+ printf ("%s\n", cinfo.data);
+ gnutls_free (cinfo.data);
+ }
- gnutls_x509_crt_deinit (crt);
- }
+ if (print_cert)
+ {
+ size_t size = 0;
+ char *p = NULL;
+
+ ret =
+ gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p,
+ &size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ p = malloc (size);
+ if (!p)
+ {
+ fprintf (stderr, "gnutls_malloc\n");
+ exit (1);
+ }
+
+ ret =
+ gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
+ p, &size);
+ }
+ if (ret < 0)
+ {
+ fprintf (stderr, "Encoding error: %s\n",
+ gnutls_strerror (ret));
+ return;
+ }
+
+ fputs ("\n", stdout);
+ fputs (p, stdout);
+ fputs ("\n", stdout);
+
+ gnutls_free (p);
+ }
- if (hostname_ok == 1)
- {
- printf ("- The hostname in the certificate does NOT match '%s'\n",
- hostname);
- if (!insecure)
- exit (1);
- }
- else if (hostname_ok == 2)
- {
- printf ("- The hostname in the certificate matches '%s'.\n", hostname);
- }
+ if (j == 0 && hostname != NULL)
+ {
+ /* Check the hostname of the first certificate if it matches
+ * the name of the host we connected to.
+ */
+ if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
+ hostname_ok = 1;
+ else
+ hostname_ok = 2;
+ }
+
+ gnutls_x509_crt_deinit (crt);
+ }
+
+ if (hostname_ok == 1)
+ {
+ printf
+ ("- The hostname in the certificate does NOT match '%s'\n",
+ hostname);
+ if (!insecure)
+ exit (1);
+ }
+ else if (hostname_ok == 2)
+ {
+ printf ("- The hostname in the certificate matches '%s'.\n",
+ hostname);
+ }
}
#ifdef ENABLE_OPENPGP
@@ -174,94 +189,105 @@ print_openpgp_info (gnutls_session_t session, const char
*hostname,
int insecure)
{
- gnutls_openpgp_crt_t crt;
- const gnutls_datum_t *cert_list;
- unsigned int cert_list_size = 0;
- int hostname_ok = 0;
- int ret;
+ gnutls_openpgp_crt_t crt;
+ const gnutls_datum_t *cert_list;
+ unsigned int cert_list_size = 0;
+ int hostname_ok = 0;
+ int ret;
- cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
+ cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
- if (cert_list_size > 0)
- {
- gnutls_datum_t cinfo;
-
- gnutls_openpgp_crt_init (&crt);
- ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
- GNUTLS_OPENPGP_FMT_RAW);
- if (ret < 0)
- {
- fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
- return;
- }
-
- if (verbose)
- ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
- else
- ret =
- gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
- if (ret == 0)
- {
- printf (" - %s\n", cinfo.data);
- gnutls_free (cinfo.data);
- }
-
- if (print_cert)
- {
- size_t size = 0;
- char *p = NULL;
-
- ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
- p, &size);
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- p = malloc (size);
- if (!p)
- {
- fprintf (stderr, "gnutls_malloc\n");
- exit (1);
- }
+ if (cert_list_size > 0)
+ {
+ gnutls_datum_t cinfo;
- ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
- p, &size);
- }
+ gnutls_openpgp_crt_init (&crt);
+ ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
+ GNUTLS_OPENPGP_FMT_RAW);
if (ret < 0)
{
- fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
- return;
+ fprintf (stderr, "Decoding error: %s\n",
+ gnutls_strerror (ret));
+ return;
}
- fputs (p, stdout);
- fputs ("\n", stdout);
+ if (verbose)
+ ret =
+ gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL,
+ &cinfo);
+ else
+ ret =
+ gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE,
+ &cinfo);
+ if (ret == 0)
+ {
+ printf (" - %s\n", cinfo.data);
+ gnutls_free (cinfo.data);
+ }
- gnutls_free (p);
- }
+ if (print_cert)
+ {
+ size_t size = 0;
+ char *p = NULL;
- if (hostname != NULL)
- {
- /* Check the hostname of the first certificate if it matches
- * the name of the host we connected to.
- */
- if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
- hostname_ok = 1;
- else
- hostname_ok = 2;
- }
+ ret =
+ gnutls_openpgp_crt_export (crt,
+ GNUTLS_OPENPGP_FMT_BASE64,
+ p, &size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ p = malloc (size);
+ if (!p)
+ {
+ fprintf (stderr, "gnutls_malloc\n");
+ exit (1);
+ }
+
+ ret =
+ gnutls_openpgp_crt_export (crt,
+ GNUTLS_OPENPGP_FMT_BASE64,
+ p, &size);
+ }
+ if (ret < 0)
+ {
+ fprintf (stderr, "Encoding error: %s\n",
+ gnutls_strerror (ret));
+ return;
+ }
+
+ fputs (p, stdout);
+ fputs ("\n", stdout);
+
+ gnutls_free (p);
+ }
- gnutls_openpgp_crt_deinit (crt);
- }
+ if (hostname != NULL)
+ {
+ /* Check the hostname of the first certificate if it matches
+ * the name of the host we connected to.
+ */
+ if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
+ hostname_ok = 1;
+ else
+ hostname_ok = 2;
+ }
- if (hostname_ok == 1)
- {
- printf ("- The hostname in the certificate does NOT match '%s'\n",
- hostname);
- if (!insecure)
- exit (1);
- }
- else if (hostname_ok == 2)
- {
- printf ("- The hostname in the certificate matches '%s'.\n", hostname);
- }
+ gnutls_openpgp_crt_deinit (crt);
+ }
+
+ if (hostname_ok == 1)
+ {
+ printf
+ ("- The hostname in the certificate does NOT match '%s'\n",
+ hostname);
+ if (!insecure)
+ exit (1);
+ }
+ else if (hostname_ok == 2)
+ {
+ printf ("- The hostname in the certificate matches '%s'.\n",
+ hostname);
+ }
}
#endif
@@ -269,300 +295,320 @@ print_openpgp_info (gnutls_session_t session, const
char *hostname,
static void
print_cert_vrfy (gnutls_session_t session)
{
- int rc;
- unsigned int status;
+ int rc;
+ unsigned int status;
- rc = gnutls_certificate_verify_peers2 (session, &status);
- if (rc < 0)
- {
- printf ("- Could not verify certificate (err: %s)\n",
- gnutls_strerror (rc));
- return;
- }
+ rc = gnutls_certificate_verify_peers2 (session, &status);
+ if (rc < 0)
+ {
+ printf ("- Could not verify certificate (err: %s)\n",
+ gnutls_strerror (rc));
+ return;
+ }
- if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
- {
- printf ("- Peer did not send any certificate.\n");
- return;
- }
+ if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
+ {
+ printf ("- Peer did not send any certificate.\n");
+ return;
+ }
- if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
- {
- if (status & GNUTLS_CERT_REVOKED)
- printf ("- Peer's certificate chain revoked\n");
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- printf ("- Peer's certificate issuer is unknown\n");
- if (status & GNUTLS_CERT_SIGNER_NOT_CA)
- printf ("- Peer's certificate issuer is not a CA\n");
- if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
- printf ("- Peer's certificate chain uses insecure algorithm\n");
- if (status & GNUTLS_CERT_NOT_ACTIVATED)
- printf
- ("- Peer's certificate chain uses not yet valid certificate\n");
- if (status & GNUTLS_CERT_EXPIRED)
- printf ("- Peer's certificate chain uses expired certificate\n");
- if (status & GNUTLS_CERT_INVALID)
- printf ("- Peer's certificate is NOT trusted\n");
- else
- printf ("- Peer's certificate is trusted\n");
- }
- else
- {
- if (status & GNUTLS_CERT_INVALID)
- printf ("- Peer's key is invalid\n");
- else
- printf ("- Peer's key is valid\n");
- if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
- printf ("- Could not find a signer of the peer's key\n");
- }
+ if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
+ {
+ if (status & GNUTLS_CERT_REVOKED)
+ printf ("- Peer's certificate chain revoked\n");
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ printf ("- Peer's certificate issuer is unknown\n");
+ if (status & GNUTLS_CERT_SIGNER_NOT_CA)
+ printf ("- Peer's certificate issuer is not a CA\n");
+ if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+ printf
+ ("- Peer's certificate chain uses insecure algorithm\n");
+ if (status & GNUTLS_CERT_NOT_ACTIVATED)
+ printf
+ ("- Peer's certificate chain uses not yet valid
certificate\n");
+ if (status & GNUTLS_CERT_EXPIRED)
+ printf
+ ("- Peer's certificate chain uses expired certificate\n");
+ if (status & GNUTLS_CERT_INVALID)
+ printf ("- Peer's certificate is NOT trusted\n");
+ else
+ printf ("- Peer's certificate is trusted\n");
+ }
+ else
+ {
+ if (status & GNUTLS_CERT_INVALID)
+ printf ("- Peer's key is invalid\n");
+ else
+ printf ("- Peer's key is valid\n");
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ printf ("- Could not find a signer of the peer's key\n");
+ }
}
static void
print_dh_info (gnutls_session_t session, const char *str)
{
- printf ("- %sDiffie-Hellman parameters\n", str);
- printf (" - Using prime: %d bits\n", gnutls_dh_get_prime_bits (session));
- printf (" - Secret key: %d bits\n", gnutls_dh_get_secret_bits (session));
- printf (" - Peer's public key: %d bits\n",
- gnutls_dh_get_peers_public_bits (session));
+ printf ("- %sDiffie-Hellman parameters\n", str);
+ printf (" - Using prime: %d bits\n",
+ gnutls_dh_get_prime_bits (session));
+ printf (" - Secret key: %d bits\n",
+ gnutls_dh_get_secret_bits (session));
+ printf (" - Peer's public key: %d bits\n",
+ gnutls_dh_get_peers_public_bits (session));
+
+ if (print_cert)
+ {
+ int ret;
+ gnutls_datum_t raw_gen = { NULL, 0 };
+ gnutls_datum_t raw_prime = { NULL, 0 };
+ gnutls_dh_params_t dh_params = NULL;
+ unsigned char *params_data = NULL;
+ size_t params_data_size = 0;
+
+ ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
+ if (ret)
+ {
+ fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
+ goto out;
+ }
- if (print_cert)
- {
- int ret;
- gnutls_datum_t raw_gen = { NULL, 0 };
- gnutls_datum_t raw_prime = { NULL, 0 };
- gnutls_dh_params_t dh_params = NULL;
- unsigned char *params_data = NULL;
- size_t params_data_size = 0;
-
- ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_init (&dh_params);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_import_raw (dh_params, &raw_prime, &raw_gen);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_export_pkcs3 (dh_params,
- GNUTLS_X509_FMT_PEM,
- params_data, ¶ms_data_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
- goto out;
- }
-
- params_data = gnutls_malloc (params_data_size);
- if (!params_data)
- {
- fprintf (stderr, "gnutls_malloc %d\n", ret);
- goto out;
- }
-
- ret = gnutls_dh_params_export_pkcs3 (dh_params,
- GNUTLS_X509_FMT_PEM,
- params_data, ¶ms_data_size);
- if (ret)
- {
- fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
- goto out;
- }
-
- printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
- params_data);
-
- out:
- gnutls_free (params_data);
- gnutls_free (raw_prime.data);
- gnutls_free (raw_gen.data);
- gnutls_dh_params_deinit (dh_params);
- }
+ ret = gnutls_dh_params_init (&dh_params);
+ if (ret)
+ {
+ fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
+ goto out;
+ }
+
+ ret =
+ gnutls_dh_params_import_raw (dh_params, &raw_prime,
+ &raw_gen);
+ if (ret)
+ {
+ fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
+ goto out;
+ }
+
+ ret = gnutls_dh_params_export_pkcs3 (dh_params,
+ GNUTLS_X509_FMT_PEM,
+ params_data,
+ ¶ms_data_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n",
+ ret);
+ goto out;
+ }
+
+ params_data = gnutls_malloc (params_data_size);
+ if (!params_data)
+ {
+ fprintf (stderr, "gnutls_malloc %d\n", ret);
+ goto out;
+ }
+
+ ret = gnutls_dh_params_export_pkcs3 (dh_params,
+ GNUTLS_X509_FMT_PEM,
+ params_data,
+ ¶ms_data_size);
+ if (ret)
+ {
+ fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n",
+ ret);
+ goto out;
+ }
+
+ printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
+ params_data);
+
+ out:
+ gnutls_free (params_data);
+ gnutls_free (raw_prime.data);
+ gnutls_free (raw_gen.data);
+ gnutls_dh_params_deinit (dh_params);
+ }
}
static void
print_ecdh_info (gnutls_session_t session, const char *str)
{
-int curve;
+ int curve;
+
+ printf ("- %sEC Diffie-Hellman parameters\n", str);
- printf ("- %sEC Diffie-Hellman parameters\n", str);
-
- curve = gnutls_ecc_curve_get(session);
-
- printf (" - Using curve: %s\n", gnutls_ecc_curve_get_name (curve));
- printf (" - Curve size: %d bits\n", gnutls_ecc_curve_get_size(curve)*8);
+ curve = gnutls_ecc_curve_get (session);
+
+ printf (" - Using curve: %s\n", gnutls_ecc_curve_get_name (curve));
+ printf (" - Curve size: %d bits\n",
+ gnutls_ecc_curve_get_size (curve) * 8);
}
int
print_info (gnutls_session_t session, const char *hostname, int insecure)
{
- const char *tmp;
- gnutls_credentials_type_t cred;
- gnutls_kx_algorithm_t kx;
- unsigned char session_id[33];
- size_t session_id_size = sizeof(session_id);
-
- /* print session ID */
- gnutls_session_get_id (session, session_id, &session_id_size);
- printf("- Session ID: %s\n", raw_to_string(session_id, session_id_size));
-
- /* print the key exchange's algorithm name
- */
- kx = gnutls_kx_get (session);
-
- cred = gnutls_auth_get_type (session);
- switch (cred)
- {
+ const char *tmp;
+ gnutls_credentials_type_t cred;
+ gnutls_kx_algorithm_t kx;
+ unsigned char session_id[33];
+ size_t session_id_size = sizeof (session_id);
+
+ /* print session ID */
+ gnutls_session_get_id (session, session_id, &session_id_size);
+ printf ("- Session ID: %s\n",
+ raw_to_string (session_id, session_id_size));
+
+ /* print the key exchange's algorithm name
+ */
+ kx = gnutls_kx_get (session);
+
+ cred = gnutls_auth_get_type (session);
+ switch (cred)
+ {
#ifdef ENABLE_ANON
- case GNUTLS_CRD_ANON:
- if (kx == GNUTLS_KX_ANON_ECDH)
- print_ecdh_info(session, "Anonymous ");
- else
- print_dh_info (session, "Anonymous ");
- break;
+ case GNUTLS_CRD_ANON:
+ if (kx == GNUTLS_KX_ANON_ECDH)
+ print_ecdh_info (session, "Anonymous ");
+ else
+ print_dh_info (session, "Anonymous ");
+ break;
#endif
#ifdef ENABLE_SRP
- case GNUTLS_CRD_SRP:
- /* This should be only called in server
- * side.
- */
- if (gnutls_srp_server_get_username (session) != NULL)
- printf ("- SRP authentication. Connected as '%s'\n",
- gnutls_srp_server_get_username (session));
- break;
+ case GNUTLS_CRD_SRP:
+ /* This should be only called in server
+ * side.
+ */
+ if (gnutls_srp_server_get_username (session) != NULL)
+ printf ("- SRP authentication. Connected as '%s'\n",
+ gnutls_srp_server_get_username (session));
+ break;
#endif
#ifdef ENABLE_PSK
- case GNUTLS_CRD_PSK:
- /* This returns NULL in server side.
- */
- if (gnutls_psk_client_get_hint (session) != NULL)
- printf ("- PSK authentication. PSK hint '%s'\n",
- gnutls_psk_client_get_hint (session));
- /* This returns NULL in client side.
- */
- if (gnutls_psk_server_get_username (session) != NULL)
- printf ("- PSK authentication. Connected as '%s'\n",
- gnutls_psk_server_get_username (session));
- if (kx == GNUTLS_KX_DHE_PSK)
- print_dh_info (session, "Ephemeral ");
- if (kx == GNUTLS_KX_ECDHE_PSK)
- print_ecdh_info(session, "Ephemeral ");
- break;
+ case GNUTLS_CRD_PSK:
+ /* This returns NULL in server side.
+ */
+ if (gnutls_psk_client_get_hint (session) != NULL)
+ printf ("- PSK authentication. PSK hint '%s'\n",
+ gnutls_psk_client_get_hint (session));
+ /* This returns NULL in client side.
+ */
+ if (gnutls_psk_server_get_username (session) != NULL)
+ printf ("- PSK authentication. Connected as '%s'\n",
+ gnutls_psk_server_get_username (session));
+ if (kx == GNUTLS_KX_DHE_PSK)
+ print_dh_info (session, "Ephemeral ");
+ if (kx == GNUTLS_KX_ECDHE_PSK)
+ print_ecdh_info (session, "Ephemeral ");
+ break;
#endif
- case GNUTLS_CRD_IA:
- printf ("- TLS/IA authentication\n");
- break;
- case GNUTLS_CRD_CERTIFICATE:
- {
- char dns[256];
- size_t dns_size = sizeof (dns);
- unsigned int type;
-
- /* This fails in client side */
- if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
+ case GNUTLS_CRD_IA:
+ printf ("- TLS/IA authentication\n");
+ break;
+ case GNUTLS_CRD_CERTIFICATE:
{
- printf ("- Given server name[%d]: %s\n", type, dns);
+ char dns[256];
+ size_t dns_size = sizeof (dns);
+ unsigned int type;
+
+ /* This fails in client side */
+ if (gnutls_server_name_get
+ (session, dns, &dns_size, &type, 0) == 0)
+ {
+ printf ("- Given server name[%d]: %s\n", type, dns);
+ }
}
- }
- print_cert_info (session, hostname, insecure);
+ print_cert_info (session, hostname, insecure);
- print_cert_vrfy (session);
+ print_cert_vrfy (session);
- if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
- print_dh_info (session, "Ephemeral ");
- else if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA)
- print_ecdh_info(session, "Ephemeral ");
- }
+ if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
+ print_dh_info (session, "Ephemeral ");
+ else if (kx == GNUTLS_KX_ECDHE_RSA
+ || kx == GNUTLS_KX_ECDHE_ECDSA)
+ print_ecdh_info (session, "Ephemeral ");
+ }
- tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
- printf ("- Version: %s\n", tmp);
+ tmp =
+ SU (gnutls_protocol_get_name
+ (gnutls_protocol_get_version (session)));
+ printf ("- Version: %s\n", tmp);
- tmp = SU (gnutls_kx_get_name (kx));
- printf ("- Key Exchange: %s\n", tmp);
+ tmp = SU (gnutls_kx_get_name (kx));
+ printf ("- Key Exchange: %s\n", tmp);
- tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
- printf ("- Cipher: %s\n", tmp);
+ tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
+ printf ("- Cipher: %s\n", tmp);
- tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
- printf ("- MAC: %s\n", tmp);
+ tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
+ printf ("- MAC: %s\n", tmp);
- tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
- printf ("- Compression: %s\n", tmp);
+ tmp =
+ SU (gnutls_compression_get_name
+ (gnutls_compression_get (session)));
+ printf ("- Compression: %s\n", tmp);
- if (verbose)
- {
- gnutls_datum_t cb;
- int rc;
-
- rc =
- gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb);
- if (rc)
- fprintf (stderr, "Channel binding error: %s\n", gnutls_strerror (rc));
- else
- {
- size_t i;
-
- printf ("- Channel binding 'tls-unique': ");
- for (i = 0; i < cb.size; i++)
- printf ("%02x", cb.data[i]);
- printf ("\n");
- }
- }
+ if (verbose)
+ {
+ gnutls_datum_t cb;
+ int rc;
+
+ rc = gnutls_session_channel_binding (session,
+ GNUTLS_CB_TLS_UNIQUE, &cb);
+ if (rc)
+ fprintf (stderr, "Channel binding error: %s\n",
+ gnutls_strerror (rc));
+ else
+ {
+ size_t i;
- /* Warning: Do not print anything more here. The 'Compression:'
- output MUST be the last non-verbose output. This is used by
- Emacs starttls.el code. */
+ printf ("- Channel binding 'tls-unique': ");
+ for (i = 0; i < cb.size; i++)
+ printf ("%02x", cb.data[i]);
+ printf ("\n");
+ }
+ }
- fflush (stdout);
+ /* Warning: Do not print anything more here. The 'Compression:'
+ output MUST be the last non-verbose output. This is used by
+ Emacs starttls.el code. */
- return 0;
+ fflush (stdout);
+
+ return 0;
}
void
-print_cert_info (gnutls_session_t session, const char *hostname, int insecure)
+print_cert_info (gnutls_session_t session, const char *hostname,
+ int insecure)
{
- if (gnutls_certificate_client_get_request_status (session) != 0)
- printf ("- Server has requested a certificate.\n");
+ if (gnutls_certificate_client_get_request_status (session) != 0)
+ printf ("- Server has requested a certificate.\n");
- printf ("- Certificate type: ");
- switch (gnutls_certificate_type_get (session))
- {
- case GNUTLS_CRT_UNKNOWN:
- printf ("Unknown\n");
-
- if (!insecure)
- exit (1);
- break;
- case GNUTLS_CRT_X509:
- printf ("X.509\n");
- print_x509_info (session, hostname, insecure);
- break;
+ printf ("- Certificate type: ");
+ switch (gnutls_certificate_type_get (session))
+ {
+ case GNUTLS_CRT_UNKNOWN:
+ printf ("Unknown\n");
+
+ if (!insecure)
+ exit (1);
+ break;
+ case GNUTLS_CRT_X509:
+ printf ("X.509\n");
+ print_x509_info (session, hostname, insecure);
+ break;
#ifdef ENABLE_OPENPGP
- case GNUTLS_CRT_OPENPGP:
- printf ("OpenPGP\n");
- print_openpgp_info (session, hostname, insecure);
- break;
+ case GNUTLS_CRT_OPENPGP:
+ printf ("OpenPGP\n");
+ print_openpgp_info (session, hostname, insecure);
+ break;
#endif
- }
+ }
}
void
-print_list (const char* priorities, int verbose)
+print_list (const char *priorities, int verbose)
{
size_t i;
int ret;
@@ -575,174 +621,279 @@ print_list (const char* priorities, int verbose)
gnutls_mac_algorithm_t mac;
gnutls_protocol_t version;
gnutls_priority_t pcache;
+ const unsigned int *list;
if (priorities != NULL)
{
- printf ("Cipher suites for %s\n", priorities);
-
- ret = gnutls_priority_init(&pcache, priorities, &err);
- if (ret < 0)
+ printf ("Cipher suites for %s\n", priorities);
+
+ ret = gnutls_priority_init (&pcache, priorities, &err);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Syntax error at: %s\n", err);
+ exit (1);
+ }
+
+ for (i = 0;; i++)
+ {
+ ret =
+ gnutls_priority_get_cipher_suite_index (pcache, i,
+ &idx);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
+ continue;
+
+ name =
+ gnutls_cipher_suite_info (idx, id, NULL, NULL, NULL,
+ &version);
+
+ if (name != NULL)
+ printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
+ name, (unsigned char) id[0],
+ (unsigned char) id[1],
+ gnutls_protocol_get_name (version));
+ }
+
+ printf("\n");
{
- fprintf (stderr, "Syntax error at: %s\n", err);
- exit(1);
+ ret = gnutls_priority_certificate_type_list (pcache, &list);
+
+ printf ("Certificate types: ");
+ if (ret == 0) printf("none\n");
+ for (i = 0; i < (unsigned)ret; i++)
+ {
+ printf ("CTYPE-%s",
+ gnutls_certificate_type_get_name (list[i]));
+ if (i+1!=(unsigned)ret)
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
+
+ {
+ ret = gnutls_priority_protocol_list (pcache, &list);
+
+ printf ("Protocols: ");
+ if (ret == 0) printf("none\n");
+ for (i = 0; i < (unsigned)ret; i++)
+ {
+ printf ("VERS-%s", gnutls_protocol_get_name (list[i]));
+ if (i+1!=(unsigned)ret)
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
+
+ {
+ ret = gnutls_priority_compression_list (pcache, &list);
+
+ printf ("Compression: ");
+ if (ret == 0) printf("none\n");
+ for (i = 0; i < (unsigned)ret; i++)
+ {
+ printf ("COMP-%s",
+ gnutls_compression_get_name (list[i]));
+ if (i+1!=(unsigned)ret)
+ printf (", ");
+ else
+ printf ("\n");
+ }
}
-
- for (i=0;;i++)
+
{
- ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
- if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break;
- if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue;
-
- name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL,
&version);
-
- if (name != NULL)
- printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
- name, (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
+ ret = gnutls_priority_ecc_curve_list (pcache, &list);
+
+ printf ("Elliptic curves: ");
+ if (ret == 0) printf("none\n");
+ for (i = 0; i < (unsigned)ret; i++)
+ {
+ printf ("CURVE-%s",
+ gnutls_ecc_curve_get_name (list[i]));
+ if (i+1!=(unsigned)ret)
+ printf (", ");
+ else
+ printf ("\n");
+ }
}
-
- return;
+
+ {
+ ret = gnutls_priority_sign_list (pcache, &list);
+
+ printf ("PK-signatures: ");
+ if (ret == 0) printf("none\n");
+ for (i = 0; i < (unsigned)ret; i++)
+ {
+ printf ("SIGN-%s",
+ gnutls_sign_algorithm_get_name (list[i]));
+ if (i+1!=(unsigned)ret)
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
+
+ return;
}
printf ("Cipher suites:\n");
for (i = 0; (name = gnutls_cipher_suite_info
(i, id, &kx, &cipher, &mac, &version)); i++)
{
- printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
- name,
- (unsigned char) id[0], (unsigned char) id[1],
- gnutls_protocol_get_name (version));
- if (verbose)
- printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
- gnutls_kx_get_name (kx),
- gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
+ printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
+ name,
+ (unsigned char) id[0], (unsigned char) id[1],
+ gnutls_protocol_get_name (version));
+ if (verbose)
+ printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
+ gnutls_kx_get_name (kx),
+ gnutls_cipher_get_name (cipher),
+ gnutls_mac_get_name (mac));
}
- {
- const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
+ printf("\n");
+ {
+ const gnutls_certificate_type_t *p =
+ gnutls_certificate_type_list ();
- printf ("Certificate types: ");
- for (; *p; p++)
- {
- printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Certificate types: ");
+ for (; *p; p++)
+ {
+ printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_protocol_t *p = gnutls_protocol_list ();
+ {
+ const gnutls_protocol_t *p = gnutls_protocol_list ();
- printf ("Protocols: ");
- for (; *p; p++)
- {
- printf ("VERS-%s", gnutls_protocol_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Protocols: ");
+ for (; *p; p++)
+ {
+ printf ("VERS-%s", gnutls_protocol_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
+ {
+ const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
- printf ("Ciphers: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_cipher_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Ciphers: ");
+ for (; *p; p++)
+ {
+ printf ("%s", gnutls_cipher_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
+ {
+ const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
- printf ("MACs: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_mac_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("MACs: ");
+ for (; *p; p++)
+ {
+ printf ("%s", gnutls_mac_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
+ {
+ const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
- printf ("Key exchange algorithms: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_kx_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Key exchange algorithms: ");
+ for (; *p; p++)
+ {
+ printf ("%s", gnutls_kx_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_compression_method_t *p = gnutls_compression_list ();
+ {
+ const gnutls_compression_method_t *p = gnutls_compression_list ();
- printf ("Compression: ");
- for (; *p; p++)
- {
- printf ("COMP-%s", gnutls_compression_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Compression: ");
+ for (; *p; p++)
+ {
+ printf ("COMP-%s", gnutls_compression_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
+ {
+ const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
- printf ("Public Key Systems: ");
- for (; *p; p++)
- {
- printf ("%s", gnutls_pk_algorithm_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Elliptic curves: ");
+ for (; *p; p++)
+ {
+ printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
- {
- const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
+ {
+ const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
- printf ("PK-signatures: ");
- for (; *p; p++)
- {
- printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
- if (*(p + 1))
- printf (", ");
- else
- printf ("\n");
- }
- }
+ printf ("Public Key Systems: ");
+ for (; *p; p++)
+ {
+ printf ("%s", gnutls_pk_algorithm_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
+
+ {
+ const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
+
+ printf ("PK-signatures: ");
+ for (; *p; p++)
+ {
+ printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
+ if (*(p + 1))
+ printf (", ");
+ else
+ printf ("\n");
+ }
+ }
}
void
sockets_init (void)
{
#ifdef _WIN32
- WORD wVersionRequested;
- WSADATA wsaData;
+ WORD wVersionRequested;
+ WSADATA wsaData;
- wVersionRequested = MAKEWORD (1, 1);
- if (WSAStartup (wVersionRequested, &wsaData) != 0)
- {
- perror ("WSA_STARTUP_ERROR");
- }
+ wVersionRequested = MAKEWORD (1, 1);
+ if (WSAStartup (wVersionRequested, &wsaData) != 0)
+ {
+ perror ("WSA_STARTUP_ERROR");
+ }
#endif
}
@@ -754,20 +905,19 @@ sockets_init (void)
int
service_to_port (const char *service)
{
- int port;
- struct servent *server_port;
+ int port;
+ struct servent *server_port;
- port = atoi (service);
- if (port != 0)
- return port;
+ port = atoi (service);
+ if (port != 0)
+ return port;
- server_port = getservbyname (service, "tcp");
- if (server_port == NULL)
- {
- perror ("getservbyname()");
- return (-1);
- }
+ server_port = getservbyname (service, "tcp");
+ if (server_port == NULL)
+ {
+ perror ("getservbyname()");
+ return (-1);
+ }
- return ntohs (server_port->s_port);
+ return ntohs (server_port->s_port);
}
-
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-69-g172edf8,
Nikos Mavrogiannopoulos <=