gnutls-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-127-g0c081da

From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-127-g0c081da
Date: Mon, 30 Jan 2012 21:00:36 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=0c081da36e6bd14daf2e9471a330678e32cdf3ce

The branch, master has been updated
       via  0c081da36e6bd14daf2e9471a330678e32cdf3ce (commit)
       via  26ec6f40ae4856e20e2b28119ed4afd73b320af0 (commit)
       via  8a52dc869a949065db689c0809f9dcc70507c4b9 (commit)
       via  e782cabed905d9fb3277c74b297f74b21efebaf3 (commit)
      from  23597aaf450f0db4e639ed3012c9837661c4a541 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0c081da36e6bd14daf2e9471a330678e32cdf3ce
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jan 30 22:04:37 2012 +0100

    Correct export of openpgp packets that have no private keying material in 
it's primary key.
    Patch by Sean Buckheister.

commit 26ec6f40ae4856e20e2b28119ed4afd73b320af0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jan 30 20:59:08 2012 +0100

    added print_cert_info_compact().

commit 8a52dc869a949065db689c0809f9dcc70507c4b9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Jan 29 21:36:11 2012 +0100

    send_ocsp_request is more tolerant on errors.

commit e782cabed905d9fb3277c74b297f74b21efebaf3
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Jan 29 21:13:53 2012 +0100

    updated doc

-----------------------------------------------------------------------

Summary of changes:
 NEWS                       |    2 +-
 lib/opencdk/write-packet.c |    3 ++
 src/cli.c                  |    4 +-
 src/common.c               |   47 +++++++++++++++++++++++++++++--------------
 src/common.h               |    2 +
 src/ocsptool-common.c      |    9 ++++---
 6 files changed, 45 insertions(+), 22 deletions(-)

diff --git a/NEWS b/NEWS
index 55c60cc..24642d6 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ the peer's certificate with OCSP.
 will use an ssh-style authentication method.
 
 ** gnutls-cli: if no --x509cafile is provided a default is
-assumed (/etc/ssl/certs/ca-certificates.crt).
+assumed (/etc/ssl/certs/ca-certificates.crt), if it exists.
 
 ** ocsptool: Added --ask parameter, to verify a certificate's
 status from an ocsp server.
diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c
index 9fb9de9..d698af4 100644
--- a/lib/opencdk/write-packet.c
+++ b/lib/opencdk/write-packet.c
@@ -487,6 +487,9 @@ calc_s2ksize (cdk_pkt_seckey_t sk)
     case CDK_S2K_ITERSALTED:
       nbytes = 11;
       break;
+       case CDK_S2K_GNU_EXT:
+         nbytes = 2;
+         break;
     }
   nbytes += sk->protect.ivlen;
   nbytes++;                     /* single cipher byte */
diff --git a/src/cli.c b/src/cli.c
index bfe9851..a2d653b 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -492,7 +492,7 @@ cert_verify_callback (gnutls_session_t session)
                                        cert, 0);
       if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
         {
-          print_cert_info(session, GNUTLS_CRT_PRINT_COMPACT, 0);
+          print_cert_info_compact(session);
           fprintf(stderr, "Host %s has never been contacted before and is not 
in the trusted list.\n", hostname);
           if (status == 0)
             fprintf(stderr, "Its certificate is valid for %s.\n", hostname);
@@ -503,7 +503,7 @@ cert_verify_callback (gnutls_session_t session)
         }
       else if (rc == GNUTLS_E_CERTIFICATE_KEY_MISMATCH)
         {
-          print_cert_info(session, GNUTLS_CRT_PRINT_COMPACT, 0);
+          print_cert_info_compact(session);
           fprintf(stderr, "Warning: host %s is known and it is associated with 
a different key.\n", hostname);
           fprintf(stderr, "It might be that the server has multiple keys, or 
an attacker replaced the key to eavesdrop this connection .\n");
           if (status == 0)
diff --git a/src/common.c b/src/common.c
index c98ad04..f35f16f 100644
--- a/src/common.c
+++ b/src/common.c
@@ -67,7 +67,7 @@ raw_to_string (const unsigned char *raw, size_t raw_size)
 }
 
 static void
-print_x509_info_compact (gnutls_session_t session, int flag)
+print_x509_info_compact (gnutls_session_t session)
 {
     gnutls_x509_crt_t crt;
     const gnutls_datum_t *cert_list;
@@ -94,7 +94,7 @@ print_x509_info_compact (gnutls_session_t session, int flag)
       }
 
     ret =
-      gnutls_x509_crt_print (crt, flag, &cinfo);
+      gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
     if (ret == 0)
       {
         printf ("- X.509 cert: %s\n", cinfo.data);
@@ -112,9 +112,6 @@ print_x509_info (gnutls_session_t session, int flag, int 
print_cert)
     unsigned int cert_list_size = 0, j;
     int ret;
     
-    if (flag == GNUTLS_CRT_PRINT_COMPACT && print_cert == 0)
-      return print_x509_info_compact(session, flag);
-
     cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
     if (cert_list_size == 0)
       {
@@ -122,8 +119,8 @@ print_x509_info (gnutls_session_t session, int flag, int 
print_cert)
           return;
       }
 
-    printf (" - Certificate type: X.509\n");
-    printf (" - Got a certificate list of %d certificates.\n",
+    printf ("- Certificate type: X.509\n");
+    printf ("- Got a certificate list of %d certificates.\n",
             cert_list_size);
 
     for (j = 0; j < cert_list_size; j++)
@@ -141,7 +138,7 @@ print_x509_info (gnutls_session_t session, int flag, int 
print_cert)
                 return;
             }
 
-          printf (" - Certificate[%d] info:\n  - ", j);
+          printf ("- Certificate[%d] info:\n - ", j);
 
           ret =
             gnutls_x509_crt_print (crt, flag, &cinfo);
@@ -292,7 +289,7 @@ verify_openpgp_hostname (gnutls_session_t session, const 
char *hostname)
 }
 
 static void
-print_openpgp_info_compact (gnutls_session_t session, int flag)
+print_openpgp_info_compact (gnutls_session_t session)
 {
 
     gnutls_openpgp_crt_t crt;
@@ -317,7 +314,7 @@ print_openpgp_info_compact (gnutls_session_t session, int 
flag)
             }
 
           ret =
-              gnutls_openpgp_crt_print (crt, flag, &cinfo);
+              gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
           if (ret == 0)
             {
                 printf ("- OpenPGP cert: %s\n", cinfo.data);
@@ -337,10 +334,7 @@ print_openpgp_info (gnutls_session_t session, int flag, 
int print_cert)
     unsigned int cert_list_size = 0;
     int ret;
 
-    if (flag == GNUTLS_CRT_PRINT_COMPACT && print_cert == 0)
-      print_openpgp_info_compact(session, flag);
-    
-    printf (" - Certificate type: OpenPGP\n");
+    printf ("- Certificate type: OpenPGP\n");
 
     cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
 
@@ -362,7 +356,7 @@ print_openpgp_info (gnutls_session_t session, int flag, int 
print_cert)
               gnutls_openpgp_crt_print (crt, flag, &cinfo);
           if (ret == 0)
             {
-                printf (" - %s\n", cinfo.data);
+                printf ("- %s\n", cinfo.data);
                 gnutls_free (cinfo.data);
             }
 
@@ -738,6 +732,29 @@ print_cert_info (gnutls_session_t session, int flag, int 
print_cert)
 }
 
 void
+print_cert_info_compact (gnutls_session_t session)
+{
+
+    if (gnutls_certificate_client_get_request_status (session) != 0)
+        printf ("- Server has requested a certificate.\n");
+
+    switch (gnutls_certificate_type_get (session))
+      {
+      case GNUTLS_CRT_X509:
+          print_x509_info_compact (session);
+          break;
+#ifdef ENABLE_OPENPGP
+      case GNUTLS_CRT_OPENPGP:
+          print_openpgp_info_compact (session);
+          break;
+#endif
+      default:
+          printf ("Unknown type\n");
+          break;
+      }
+}
+
+void
 print_list (const char *priorities, int verbose)
 {
     size_t i;
diff --git a/src/common.h b/src/common.h
index 1e6ca37..da42835 100644
--- a/src/common.h
+++ b/src/common.h
@@ -51,6 +51,8 @@ extern const char str_unknown[];
 
 int print_info (gnutls_session_t state, int print_cert);
 void print_cert_info (gnutls_session_t, int flag, int print_cert);
+void print_cert_info_compact (gnutls_session_t session);
+
 void print_list (const char* priorities, int verbose);
 int cert_verify (gnutls_session_t session, const char* hostname);
 
diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c
index d74e553..4436fd7 100644
--- a/src/ocsptool-common.c
+++ b/src/ocsptool-common.c
@@ -134,6 +134,7 @@ gnutls_datum_t *ud = userp;
   return size;
 }
 
+/* Returns 0 on ok, and -1 on error */
 int send_ocsp_request(const char* server,
                        gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
                        gnutls_datum_t * resp_data, int nonce)
@@ -165,7 +166,7 @@ socket_st hd;
       if (ret < 0)
         {
           fprintf(stderr, "Cannot find URL from issuer: %s\n", 
gnutls_strerror(ret));
-          exit(1);  
+          return -1;
         }
       
       url = malloc(data.size+1);
@@ -203,7 +204,7 @@ socket_st hd;
   if (ret < 0 || ud.size == 0)
     {
       perror("recv");
-      exit(1);
+      return -1;
     }
   
   socket_bye(&hd);
@@ -212,14 +213,14 @@ socket_st hd;
   if (p == NULL)
     {
       fprintf(stderr, "Cannot interpret HTTP response\n");
-      exit(1);
+      return -1;
     }
   
   p += 4;
   resp_data->size = ud.size - (p - ud.data);
   resp_data->data = malloc(resp_data->size);
   if (resp_data->data == NULL)
-    exit(1);
+    return -1;
   
   memcpy(resp_data->data, p, resp_data->size);
 


hooks/post-receive
-- 
GNU gnutls
reply via email to
[Prev in Thread] Current Thread [Next in Thread]