[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-126-g472ff03
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-126-g472ff03 |
|
Date: |
Tue, 30 Aug 2011 15:51:26 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=472ff0313a14a66f7e546e08278cfc1912d24b18
The branch, master has been updated
via 472ff0313a14a66f7e546e08278cfc1912d24b18 (commit)
via ac86423bab8b724e91ba0d0d320c38d6857cfd9f (commit)
from 51a2e5f73c0d211a8a5243cd6d84451f26b39837 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
lib/includes/gnutls/x509.h | 8 +-
lib/x509/crl.c | 2 +-
lib/x509/crq.c | 16 +-
lib/x509/extensions.c | 6 +-
lib/x509/key_decode.c | 2 +-
lib/x509/output.c | 6 +-
lib/x509/privkey.c | 2 +-
lib/x509/x509.c | 20 +-
lib/x509/x509_int.h | 2 +-
libextra/gnutls_openssl.c | 6 +-
libextra/openssl_compat.c | 660 --------------------------------------------
libextra/openssl_compat.h | 37 ---
src/crywrap/crywrap.c | 2 +-
13 files changed, 38 insertions(+), 731 deletions(-)
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 0a0617b..35a8b94 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -244,7 +244,7 @@ extern "C"
unsigned int *critical);
int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
unsigned int *critical,
- int *ca, int *pathlen);
+ unsigned int *ca, int *pathlen);
/* The key_usage flags are defined in gnutls.h. They are the
* GNUTLS_KEY_* definitions.
@@ -275,7 +275,7 @@ extern "C"
/* Read extensions by sequence number. */
int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
void *oid, size_t * sizeof_oid,
- int *critical);
+ unsigned int *critical);
int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
void *data, size_t * sizeof_data);
@@ -818,7 +818,7 @@ extern "C"
void *data, size_t * sizeof_data);
int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
void *oid, size_t * sizeof_oid,
- int *critical);
+ unsigned int *critical);
int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
void *data, size_t * sizeof_data);
int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
@@ -838,7 +838,7 @@ extern "C"
unsigned int *critical);
int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
unsigned int *critical,
- int *ca, int *pathlen);
+ unsigned int *ca, int *pathlen);
int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
unsigned int seq, void *ret,
size_t * ret_size,
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index 6a54cf9..d8056d3 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -328,7 +328,7 @@ gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
{
int result;
int bits;
- unsigned int len;
+ int len;
if (crl == NULL)
{
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 9d80027..ba7a7c6 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -1275,7 +1275,7 @@ gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t
crq, int indx,
int
gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
void *oid, size_t * sizeof_oid,
- int *critical)
+ unsigned int *critical)
{
int result;
char str_critical[10];
@@ -1564,10 +1564,10 @@ gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
int
gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
unsigned int *critical,
- int *ca, int *pathlen)
+ unsigned int *ca, int *pathlen)
{
int result;
- int tmp_ca;
+ unsigned int tmp_ca;
opaque buf[256];
size_t buf_size = sizeof (buf);
@@ -2340,7 +2340,7 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq,
unsigned int flags,
unsigned char *output_data,
size_t * output_data_size)
{
- int pk, result = 0;
+ int pk, result = 0, len;
gnutls_datum_t pubkey;
if (crq == NULL)
@@ -2375,14 +2375,14 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq,
unsigned int flags,
pubkey.size = 0;
result =
asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", NULL,
- &pubkey.size, NULL);
+ &len, NULL);
if (result != ASN1_MEM_ERROR)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
- pubkey.data = gnutls_malloc (pubkey.size);
+ pubkey.data = gnutls_malloc (len);
if (pubkey.data == NULL)
{
gnutls_assert ();
@@ -2391,7 +2391,7 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq,
unsigned int flags,
result =
asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo",
- pubkey.data, &pubkey.size, NULL);
+ pubkey.data, &len, NULL);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
@@ -2399,6 +2399,8 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq,
unsigned int flags,
return _gnutls_asn2err (result);
}
+ pubkey.size = len;
+
result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey,
output_data, output_data_size);
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index 00fc57f..025c38c 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -660,7 +660,7 @@ _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
/* extract the basicConstraints from the DER encoded extension
*/
int
-_gnutls_x509_ext_extract_basicConstraints (int *CA,
+_gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
int *pathLenConstraint,
opaque * extnValue,
int extnValueLen)
@@ -687,7 +687,7 @@ _gnutls_x509_ext_extract_basicConstraints (int *CA,
if (pathLenConstraint)
{
result = _gnutls_x509_read_uint (ext, "pathLenConstraint",
- pathLenConstraint);
+ (unsigned int*)pathLenConstraint);
if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
*pathLenConstraint = -1;
else if (result != GNUTLS_E_SUCCESS)
@@ -1247,7 +1247,7 @@ _gnutls_x509_ext_extract_proxyCertInfo (int
*pathLenConstraint,
if (pathLenConstraint)
{
result = _gnutls_x509_read_uint (ext, "pCPathLenConstraint",
- pathLenConstraint);
+ (unsigned int*)pathLenConstraint);
if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
*pathLenConstraint = -1;
else if (result != GNUTLS_E_SUCCESS)
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c
index f3541d6..0690a49 100644
--- a/lib/x509/key_decode.c
+++ b/lib/x509/key_decode.c
@@ -186,7 +186,7 @@ _gnutls_x509_read_ecc_params (opaque * der, int dersize,
gnutls_pk_params_st * p
int ret;
ASN1_TYPE spk = ASN1_TYPE_EMPTY;
char oid[MAX_OID_SIZE];
- unsigned int oid_size;
+ int oid_size;
if ((ret = asn1_create_element
(_gnutls_get_gnutls_asn (), "GNUTLS.ECParameters", &spk)) !=
ASN1_SUCCESS)
diff --git a/lib/x509/output.c b/lib/x509/output.c
index e2985d7..39b0ea7 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -785,7 +785,7 @@ print_extensions (gnutls_buffer_st * str, const char
*prefix, int type,
{
char oid[MAX_OID_SIZE] = "";
size_t sizeof_oid = sizeof (oid);
- int critical;
+ unsigned int critical;
if (type == TYPE_CRT)
err = gnutls_x509_crt_get_extension_info (cert.crt, i,
@@ -1440,7 +1440,7 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t
cert)
/* Key algorithm and size. */
{
- int bits;
+ unsigned int bits;
const char *name = gnutls_pk_algorithm_get_name
(gnutls_x509_crt_get_pk_algorithm (cert, &bits));
if (name == NULL)
@@ -1701,7 +1701,7 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl,
int notsigned)
{
char oid[MAX_OID_SIZE] = "";
size_t sizeof_oid = sizeof (oid);
- int critical;
+ unsigned int critical;
err = gnutls_x509_crl_get_extension_info (crl, i,
oid, &sizeof_oid,
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index ba5e234..31762da 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -240,7 +240,7 @@ _gnutls_privkey_decode_ecc_key (const gnutls_datum_t *
raw_key,
ASN1_TYPE pkey_asn;
unsigned int version;
char oid[MAX_OID_SIZE];
- unsigned int oid_size;
+ int oid_size;
gnutls_datum out;
gnutls_pk_params_init(&pkey->params);
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 5011c58..606d44f 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -903,7 +903,7 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char
*src_name,
int seq, void *name, size_t * name_size,
unsigned int *ret_type, int othername_oid)
{
- unsigned int len;
+ int len;
char nptr[ASN1_MAX_NAME_SIZE];
int result;
opaque choice_type[128];
@@ -1422,11 +1422,11 @@ gnutls_x509_crt_get_issuer_alt_othername_oid
(gnutls_x509_crt_t cert,
int
gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
unsigned int *critical,
- int *ca, int *pathlen)
+ unsigned int *ca, int *pathlen)
{
int result;
gnutls_datum_t basicConstraints;
- int tmp_ca;
+ unsigned int tmp_ca;
if (cert == NULL)
{
@@ -1485,7 +1485,8 @@ gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t
cert,
int
gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical)
{
- int ca, pathlen;
+ int pathlen;
+ unsigned int ca;
return gnutls_x509_crt_get_basic_constraints (cert, critical, &ca,
&pathlen);
}
@@ -1742,7 +1743,7 @@ gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t
cert, int indx,
int
gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
void *oid, size_t * oid_size,
- int *critical)
+ unsigned int *critical)
{
int result;
char str_critical[10];
@@ -2282,7 +2283,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
unsigned int flags,
unsigned char *output_data,
size_t * output_data_size)
{
- int pk, result = 0;
+ int pk, result = 0, len;
gnutls_datum_t pubkey;
if (crt == NULL)
@@ -2320,14 +2321,14 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
unsigned int flags,
*/
pubkey.size = 0;
result = asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- NULL, &pubkey.size, NULL);
+ NULL, &len, NULL);
if (result != ASN1_MEM_ERROR)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
- pubkey.data = gnutls_malloc (pubkey.size);
+ pubkey.data = gnutls_malloc (len);
if (pubkey.data == NULL)
{
gnutls_assert ();
@@ -2335,7 +2336,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
unsigned int flags,
}
result = asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- pubkey.data, &pubkey.size, NULL);
+ pubkey.data, &len, NULL);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
@@ -2343,6 +2344,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
unsigned int flags,
return _gnutls_asn2err (result);
}
+ pubkey.size = len;
result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey,
output_data, output_data_size);
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 57d7cea..c5d466a 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -215,7 +215,7 @@ int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t
cert,
size_t * ret_size);
int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
opaque * extnValue, int extnValueLen);
-int _gnutls_x509_ext_extract_basicConstraints (int *CA,
+int _gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
int *pathLenConstraint,
opaque * extnValue,
int extnValueLen);
diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c
index 88752a9..14121da 100644
--- a/libextra/gnutls_openssl.c
+++ b/libextra/gnutls_openssl.c
@@ -344,7 +344,7 @@ const X509 *
SSL_get_peer_certificate (SSL * ssl)
{
const gnutls_datum_t *cert_list;
- int cert_list_size = 0;
+ unsigned int cert_list_size = 0;
cert_list = gnutls_certificate_get_peers (ssl->gnutls_state,
&cert_list_size);
@@ -358,7 +358,7 @@ int
SSL_connect (SSL * ssl)
{
X509_STORE_CTX *store;
- int cert_list_size = 0;
+ unsigned int cert_list_size = 0;
int err;
char x_priority[256];
/* take options into account before connecting */
@@ -407,7 +407,7 @@ int
SSL_accept (SSL * ssl)
{
X509_STORE_CTX *store;
- int cert_list_size = 0;
+ unsigned int cert_list_size = 0;
int err;
char x_priority[256];
/* take options into account before connecting */
diff --git a/libextra/openssl_compat.c b/libextra/openssl_compat.c
index 83b8a16..4ce4bf0 100644
--- a/libextra/openssl_compat.c
+++ b/libextra/openssl_compat.c
@@ -36,75 +36,6 @@
#include <openssl_compat.h>
/*-
- * gnutls_x509_extract_dn:
- * @idn: should contain a DER encoded RDN sequence
- * @rdn: a pointer to a structure to hold the name
- *
- * This function will return the name of the given RDN sequence.
- * The name will be returned as a gnutls_x509_dn structure.
- * Returns a negative error code in case of an error.
- *
- -*/
-int
-gnutls_x509_extract_dn (const gnutls_datum_t * idn, gnutls_x509_dn * rdn)
-{
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
- int result;
- size_t len;
-
- if ((result =
- asn1_create_element (_gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
- {
- return _gnutls_asn2err (result);
- }
-
- result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- asn1_delete_structure (&dn);
- return _gnutls_asn2err (result);
- }
-
- memset (rdn, 0, sizeof (gnutls_x509_dn));
-
- len = sizeof (rdn->country);
- _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_COUNTRY_NAME, 0, 0,
- rdn->country, &len);
-
- len = sizeof (rdn->organization);
- _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_ORGANIZATION_NAME, 0,
- 0, rdn->organization, &len);
-
- len = sizeof (rdn->organizational_unit_name);
- _gnutls_x509_parse_dn_oid (dn, "",
- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0,
- 0, rdn->organizational_unit_name, &len);
-
- len = sizeof (rdn->common_name);
- _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_COMMON_NAME, 0, 0,
- rdn->common_name, &len);
-
- len = sizeof (rdn->locality_name);
- _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_LOCALITY_NAME, 0, 0,
- rdn->locality_name, &len);
-
- len = sizeof (rdn->state_or_province_name);
- _gnutls_x509_parse_dn_oid (dn, "",
- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0,
- rdn->state_or_province_name, &len);
-
- len = sizeof (rdn->email);
- _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_PKCS9_EMAIL, 0, 0,
- rdn->email, &len);
-
- asn1_delete_structure (&dn);
-
- return 0;
-}
-
-/*-
* gnutls_x509_extract_certificate_dn:
* @cert: should contain an X.509 DER encoded certificate
* @ret: a pointer to a structure to hold the peer's name
@@ -239,594 +170,3 @@ gnutls_x509_extract_certificate_issuer_dn (const
gnutls_datum_t * cert,
}
-/*-
- * gnutls_x509_extract_certificate_subject_alt_name:
- * @cert: should contain an X.509 DER encoded certificate
- * @seq: specifies the sequence number of the alt name (0 for the first one, 1
for the second etc.)
- * @ret: is the place where the alternative name will be copied to
- * @ret_size: holds the size of ret.
- *
- * This function will return the alternative names, contained in the
- * given certificate.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if ret_size is not enough to hold the
alternative
- * name, or the type of alternative name if everything was ok. The type is
- * one of the enumerated GNUTLS_X509_SUBJECT_ALT_NAME.
- *
- * If the certificate does not have an Alternative name with the specified
- * sequence number then returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- -*/
-int
-gnutls_x509_extract_certificate_subject_alt_name (const gnutls_datum_t *
- cert, int seq,
- char *ret, int *ret_size)
-{
- gnutls_x509_crt_t xcert;
- int result;
- size_t size = *ret_size;
-
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return result;
-
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return result;
- }
-
- result =
- gnutls_x509_crt_get_subject_alt_name (xcert, seq, ret, &size, NULL);
- *ret_size = size;
-
- gnutls_x509_crt_deinit (xcert);
-
- return result;
-}
-
-/*-
- * gnutls_x509_extract_certificate_ca_status:
- * @cert: should contain an X.509 DER encoded certificate
- *
- * This function will return certificates CA status, by reading the
- * basicConstraints X.509 extension. If the certificate is a CA a positive
- * value will be returned, or zero if the certificate does not have
- * CA flag set.
- *
- * A negative value may be returned in case of parsing error.
- * If the certificate does not contain the basicConstraints extension
- * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
- -*/
-int
-gnutls_x509_extract_certificate_ca_status (const gnutls_datum_t * cert)
-{
- gnutls_x509_crt_t xcert;
- int result;
-
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return result;
-
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_ca_status (xcert, NULL);
-
- gnutls_x509_crt_deinit (xcert);
-
- return result;
-}
-
-/*-
- * gnutls_x509_extract_certificate_activation_time:
- * @cert: should contain an X.509 DER encoded certificate
- *
- * This function will return the certificate's activation time in UNIX time
- * (ie seconds since 00:00:00 UTC January 1, 1970).
- * Returns a (time_t) -1 in case of an error.
- -*/
-time_t
-gnutls_x509_extract_certificate_activation_time (const gnutls_datum_t * cert)
-{
- gnutls_x509_crt_t xcert;
- time_t result;
-
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return result;
-
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_activation_time (xcert);
-
- gnutls_x509_crt_deinit (xcert);
-
- return result;
-}
-
-/*-
- * gnutls_x509_extract_certificate_expiration_time:
- * @cert: should contain an X.509 DER encoded certificate
- *
- * This function will return the certificate's expiration time in UNIX time
- * (ie seconds since 00:00:00 UTC January 1, 1970).
- * Returns a (time_t) -1 in case of an error.
- -*/
-time_t
-gnutls_x509_extract_certificate_expiration_time (const gnutls_datum_t * cert)
-{
- gnutls_x509_crt_t xcert;
- time_t result;
-
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return result;
-
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_expiration_time (xcert);
-
- gnutls_x509_crt_deinit (xcert);
-
- return result;
-}
-
-/*-
- * gnutls_x509_extract_certificate_version:
- * @cert: is an X.509 DER encoded certificate
- *
- * This function will return the X.509 certificate's version (1, 2, 3). This
is obtained by the X509 Certificate
- * Version field. Returns a negative value in case of an error.
- -*/
-int
-gnutls_x509_extract_certificate_version (const gnutls_datum_t * cert)
-{
- gnutls_x509_crt_t xcert;
- int result;
-
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return result;
-
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_version (xcert);
-
- gnutls_x509_crt_deinit (xcert);
-
- return result;
-
-}
-
-/*-
- * gnutls_x509_extract_certificate_serial:
- * @cert: is an X.509 DER encoded certificate
- * @result: The place where the serial number will be copied
- * @result_size: Holds the size of the result field.
- *
- * This function will return the X.509 certificate's serial number.
- * This is obtained by the X509 Certificate serialNumber
- * field. Serial is not always a 32 or 64bit number. Some CAs use
- * large serial numbers, thus it may be wise to handle it as something
- * opaque.
- *
- * Returns a negative value in case of an error.
- -*/
-int
-gnutls_x509_extract_certificate_serial (const gnutls_datum_t * cert,
- char *result, int *result_size)
-{
- gnutls_x509_crt_t xcert;
- size_t size = *result_size;
- int ret;
-
- ret = gnutls_x509_crt_init (&xcert);
- if (ret < 0)
- return ret;
-
- ret = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return ret;
- }
-
- ret = gnutls_x509_crt_get_serial (xcert, result, &size);
- *result_size = size;
-
- gnutls_x509_crt_deinit (xcert);
-
- return ret;
-}
-
-
-/*-
- * gnutls_x509_extract_certificate_pk_algorithm:
- * @cert: is a DER encoded X.509 certificate
- * @bits: if bits is non null it will hold the size of the parameters' in bits
- *
- * This function will return the public key algorithm of an X.509
- * certificate.
- *
- * If bits is non null, it should have enough size to hold the parameters
- * size in bits. For RSA the bits returned is the modulus.
- * For DSA the bits returned are of the public
- * exponent.
- *
- * Returns a member of the gnutls_pk_algorithm_t enumeration on success,
- * or a negative value on error.
- -*/
-int
-gnutls_x509_extract_certificate_pk_algorithm (const gnutls_datum_t *
- cert, int *bits)
-{
- gnutls_x509_crt_t xcert;
- int result;
-
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return result;
-
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return result;
- }
-
- result = gnutls_x509_crt_get_pk_algorithm (xcert, bits);
-
- gnutls_x509_crt_deinit (xcert);
-
- return result;
-}
-
-
-/*-
- * gnutls_x509_extract_certificate_dn_string:
- * @cert: should contain an X.509 DER encoded certificate
- * @buf: a pointer to a structure to hold the peer's name
- * @sizeof_buf: holds the size of 'buf'
- * @issuer: if non zero, then extract the name of the issuer, instead of the
holder
- *
- * This function will copy the name of the certificate holder in the
- * provided buffer. The name will be in the form
- * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and 0 on success.
- -*/
-int
-gnutls_x509_extract_certificate_dn_string (char *buf,
- unsigned int sizeof_buf,
- const gnutls_datum_t * cert,
- int issuer)
-{
- gnutls_x509_crt_t xcert;
- int result;
- size_t size;
-
- result = gnutls_x509_crt_init (&xcert);
- if (result < 0)
- return result;
-
- result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_x509_crt_deinit (xcert);
- return result;
- }
-
- size = sizeof_buf;
- if (!issuer)
- result = gnutls_x509_crt_get_dn (xcert, buf, &size);
- else
- result = gnutls_x509_crt_get_issuer_dn (xcert, buf, &size);
-
- gnutls_x509_crt_deinit (xcert);
-
- return result;
-}
-
-/*-
- * gnutls_x509_verify_certificate:
- * @cert_list: is the certificate list to be verified
- * @cert_list_length: holds the number of certificate in cert_list
- * @CA_list: is the CA list which will be used in verification
- * @CA_list_length: holds the number of CA certificate in CA_list
- * @CRL_list: not used
- * @CRL_list_length: not used
- *
- * This function will try to verify the given certificate list and
- * return its status (TRUSTED, EXPIRED etc.). The return value
- * (status) should be one or more of the gnutls_certificate_status_t
- * enumerated elements bitwise or'd. Note that expiration and
- * activation dates are not checked by this function, you should
- * check them using the appropriate functions.
- *
- * This function understands the basicConstraints (2.5.29.19) PKIX
- * extension. This means that only a certificate authority can sign
- * a certificate.
- *
- * However you must also check the peer's name in order to check if
- * the verified certificate belongs to the actual peer.
- *
- * The return value (status) should be one or more of the
- * gnutls_certificate_status_t enumerated elements bitwise or'd.
- *
- * GNUTLS_CERT_INVALID: the peer's certificate is not valid.
- *
- * GNUTLS_CERT_REVOKED: the certificate has been revoked.
- *
- * A negative error code is returned in case of an error.
- * GNUTLS_E_NO_CERTIFICATE_FOUND is returned to indicate that
- * no certificate was sent by the peer.
- -*/
-int
-gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list,
- int cert_list_length,
- const gnutls_datum_t * CA_list,
- int CA_list_length,
- const gnutls_datum_t * CRL_list,
- int CRL_list_length)
-{
- unsigned int verify;
- gnutls_x509_crt_t *peer_certificate_list = NULL;
- gnutls_x509_crt_t *ca_certificate_list = NULL;
- gnutls_x509_crl_t *crl_list = NULL;
- int peer_certificate_list_size = 0, i, x, ret;
- int ca_certificate_list_size = 0, crl_list_size = 0;
-
- if (cert_list == NULL || cert_list_length == 0)
- return GNUTLS_E_NO_CERTIFICATE_FOUND;
-
- /* generate a list of gnutls_certs based on the auth info
- * raw certs.
- */
- peer_certificate_list_size = cert_list_length;
- peer_certificate_list =
- gnutls_calloc (peer_certificate_list_size, sizeof (gnutls_x509_crt_t));
- if (peer_certificate_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ca_certificate_list_size = CA_list_length;
- ca_certificate_list =
- gnutls_calloc (ca_certificate_list_size, sizeof (gnutls_x509_crt_t));
- if (ca_certificate_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- /* allocate memory for CRL
- */
- crl_list_size = CRL_list_length;
- crl_list = gnutls_calloc (crl_list_size, sizeof (gnutls_x509_crl_t));
- if (crl_list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- /* convert certA_list to gnutls_cert* list
- */
- for (i = 0; i < peer_certificate_list_size; i++)
- {
- ret = gnutls_x509_crt_init (&peer_certificate_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret =
- gnutls_x509_crt_import (peer_certificate_list[i],
- &cert_list[i], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
- /* convert CA_list to gnutls_x509_cert* list
- */
- for (i = 0; i < ca_certificate_list_size; i++)
- {
- ret = gnutls_x509_crt_init (&ca_certificate_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret =
- gnutls_x509_crt_import (ca_certificate_list[i],
- &CA_list[i], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-
-#ifdef ENABLE_PKI
- /* convert CRL_list to gnutls_x509_crl* list
- */
- for (i = 0; i < crl_list_size; i++)
- {
- ret = gnutls_x509_crl_init (&crl_list[i]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret =
- gnutls_x509_crl_import (crl_list[i],
- &CRL_list[i], GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
-#endif
-
- /* Verify certificate
- */
- ret =
- gnutls_x509_crt_list_verify (peer_certificate_list,
- peer_certificate_list_size,
- ca_certificate_list,
- ca_certificate_list_size, crl_list,
- crl_list_size, 0, &verify);
-
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = verify;
-
-cleanup:
-
- if (peer_certificate_list != NULL)
- for (x = 0; x < peer_certificate_list_size; x++)
- {
- if (peer_certificate_list[x] != NULL)
- gnutls_x509_crt_deinit (peer_certificate_list[x]);
- }
-
- if (ca_certificate_list != NULL)
- for (x = 0; x < ca_certificate_list_size; x++)
- {
- if (ca_certificate_list[x] != NULL)
- gnutls_x509_crt_deinit (ca_certificate_list[x]);
- }
-#ifdef ENABLE_PKI
- if (crl_list != NULL)
- for (x = 0; x < crl_list_size; x++)
- {
- if (crl_list[x] != NULL)
- gnutls_x509_crl_deinit (crl_list[x]);
- }
-
- gnutls_free (crl_list);
-#endif
-
- gnutls_free (ca_certificate_list);
- gnutls_free (peer_certificate_list);
-
- return ret;
-}
-
-/*-
- * gnutls_x509_extract_key_pk_algorithm:
- * @cert: is a DER encoded private key
- *
- * This function will return the public key algorithm of a DER encoded private
- * key.
- *
- * Returns a member of the gnutls_pk_algorithm_t enumeration on success,
- * or GNUTLS_E_UNKNOWN_PK_ALGORITHM on error.
- -*/
-int
-gnutls_x509_extract_key_pk_algorithm (const gnutls_datum_t * key)
-{
- gnutls_x509_privkey_t pkey;
- int ret, pk;
-
- ret = gnutls_x509_privkey_init (&pkey);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- ret = gnutls_x509_privkey_import (pkey, key, GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- pk = gnutls_x509_privkey_get_pk_algorithm (pkey);
-
- gnutls_x509_privkey_deinit (pkey);
- return pk;
-}
-
-#ifdef ENABLE_PKI
-
-/*-
- * gnutls_x509_pkcs7_extract_certificate:
- * @pkcs7_struct: should contain a PKCS7 DER formatted structure
- * @indx: contains the index of the certificate to extract
- * @certificate: the contents of the certificate will be copied there
- * @certificate_size: should hold the size of the certificate
- *
- * This function will return a certificate of the PKCS7 or RFC2630
- * certificate set. Returns 0 on success. If the provided buffer is
- * not long enough, then GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
- *
- * After the last certificate has been read
- * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
- -*/
-int
-gnutls_x509_pkcs7_extract_certificate (const gnutls_datum_t *
- pkcs7_struct, int indx,
- char *certificate,
- int *certificate_size)
-{
- gnutls_pkcs7_t pkcs7;
- int result;
- size_t size = *certificate_size;
-
- result = gnutls_pkcs7_init (&pkcs7);
- if (result < 0)
- return result;
-
- result = gnutls_pkcs7_import (pkcs7, pkcs7_struct, GNUTLS_X509_FMT_DER);
- if (result < 0)
- {
- gnutls_pkcs7_deinit (pkcs7);
- return result;
- }
-
- result = gnutls_pkcs7_get_crt_raw (pkcs7, indx, certificate, &size);
- *certificate_size = size;
-
- gnutls_pkcs7_deinit (pkcs7);
-
- return result;
-}
-
-#endif
diff --git a/libextra/openssl_compat.h b/libextra/openssl_compat.h
index 52484f2..d467ee0 100644
--- a/libextra/openssl_compat.h
+++ b/libextra/openssl_compat.h
@@ -29,46 +29,9 @@
/* Extra definitions */
#include <gnutls/openssl.h>
-int gnutls_x509_extract_dn (const gnutls_datum_t *, gnutls_x509_dn *);
-int gnutls_x509_extract_dn_string (const gnutls_datum_t * idn,
- char *buf, unsigned int sizeof_buf);
int gnutls_x509_extract_certificate_dn (const gnutls_datum_t *,
gnutls_x509_dn *);
-int gnutls_x509_extract_certificate_dn_string (char *buf,
- unsigned int sizeof_buf,
- const gnutls_datum_t * cert,
- int issuer);
int gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t *,
gnutls_x509_dn *);
-int gnutls_x509_extract_certificate_version (const gnutls_datum_t *);
-int gnutls_x509_extract_certificate_serial (const gnutls_datum_t * cert,
- char *result, int *result_size);
-time_t gnutls_x509_extract_certificate_activation_time (const gnutls_datum_t
- *);
-time_t gnutls_x509_extract_certificate_expiration_time (const gnutls_datum_t
- *);
-int gnutls_x509_extract_certificate_subject_alt_name (const gnutls_datum_t
- *, int seq, char *,
- int *);
-int gnutls_x509_pkcs7_extract_certificate (const gnutls_datum_t *
- pkcs7_struct, int indx,
- char *certificate,
- int *certificate_size);
-int gnutls_x509_extract_certificate_pk_algorithm (const gnutls_datum_t *
- cert, int *bits);
-int gnutls_x509_extract_certificate_ca_status (const gnutls_datum_t * cert);
-int gnutls_x509_extract_key_pk_algorithm (const gnutls_datum_t * key);
-
-int gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list,
- int cert_list_length,
- const gnutls_datum_t * CA_list,
- int CA_list_length,
- const gnutls_datum_t * CRL_list,
- int CRL_list_length);
-
-#define gnutls_x509_fingerprint gnutls_fingerprint
-#define gnutls_x509_certificate_format gnutls_x509_crt_fmt_t
-
-#define gnutls_certificate_set_rsa_params
gnutls_certificate_set_rsa_export_params
#endif
diff --git a/src/crywrap/crywrap.c b/src/crywrap/crywrap.c
index 1c51d63..da41f85 100644
--- a/src/crywrap/crywrap.c
+++ b/src/crywrap/crywrap.c
@@ -188,7 +188,7 @@ static void
_crywrap_sigchld_handler (int sig)
{
pid_t child;
-unsigned int status;
+int status;
while ((child = waitpid (-1, &status, WNOHANG)) > (pid_t) 0)
signal (sig, _crywrap_sigchld_handler);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-126-g472ff03,
Nikos Mavrogiannopoulos <=