[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-48-g531bac4
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-48-g531bac4 |
|
Date: |
Sun, 07 Oct 2012 08:42:35 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=531bac41a0ee19158f0722937d0c9efafbc3bb14
The branch, master has been updated
via 531bac41a0ee19158f0722937d0c9efafbc3bb14 (commit)
via 5afff3b04637ee2d0fa29bf783428e7fc43ea722 (commit)
from bf9dcee9d08fdce76306331f85ed48fa682fce09 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 531bac41a0ee19158f0722937d0c9efafbc3bb14
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Oct 7 10:33:55 2012 +0200
Added functions to export structures in an allocated buffer.
commit 5afff3b04637ee2d0fa29bf783428e7fc43ea722
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Oct 7 00:19:40 2012 +0200
Added command-line option to disable CA verification.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 15 +
doc/cha-cert-auth2.texi | 4 +-
doc/cha-tokens.texi | 2 +-
doc/invoke-gnutls-cli.texi | 19 +-
lib/gnutls_dh_primes.c | 116 ++++----
lib/gnutls_pubkey.c | 67 ++++
lib/includes/gnutls/abstract.h | 4 +
lib/includes/gnutls/gnutls.h.in | 3 +
lib/includes/gnutls/openpgp.h | 8 +
lib/includes/gnutls/pkcs11.h | 3 +-
lib/includes/gnutls/pkcs12.h | 3 +
lib/includes/gnutls/x509.h | 23 ++
lib/libgnutls.map | 13 +
lib/openpgp/openpgp_int.h | 6 +-
lib/openpgp/pgp.c | 55 +++-
lib/openpgp/privkey.c | 25 ++
lib/pkcs11.c | 32 ++
lib/x509/common.c | 117 +++----
lib/x509/common.h | 14 +-
lib/x509/crl.c | 59 ++--
lib/x509/crq.c | 32 ++
lib/x509/dn.c | 32 ++
lib/x509/pkcs12.c | 31 ++
lib/x509/pkcs7.c | 26 ++
lib/x509/privkey.c | 59 +++-
lib/x509/privkey_pkcs8.c | 89 ++++++
lib/x509/x509.c | 30 ++
libdane/dane.c | 18 +-
src/cli-args.c | 659 ++++++++++++++++++++-------------------
src/cli-args.def | 8 +
src/cli-args.h | 140 +++++----
src/cli.c | 28 +-
32 files changed, 1156 insertions(+), 584 deletions(-)
diff --git a/NEWS b/NEWS
index caafbbd..a7f8d3f 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,8 @@ certificate status extension in verification.
** libgnutls: Fixed the receipt of session tickets during session resumption.
Reported by danblack at http://savannah.gnu.org/support/?108146
+** libgnutls: Added functions to export structures in an allocated buffer.
+
** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP
response corresponds to the given certificate.
@@ -25,6 +27,19 @@ gnutls_certificate_set_ocsp_status_request_file: Added
gnutls_ocsp_status_request_enable_client: Added
gnutls_ocsp_status_request_get: Added
gnutls_ocsp_resp_check_crt: Added
+gnutls_dh_params_export2_pkcs3: Added
+gnutls_pubkey_export2: Added
+gnutls_x509_crt_export2: Added
+gnutls_x509_dn_export2: Added
+gnutls_x509_crl_export2: Added
+gnutls_pkcs7_export2: Added
+gnutls_x509_privkey_export2: Added
+gnutls_x509_privkey_export2_pkcs8: Added
+gnutls_x509_crq_export2: Added
+gnutls_openpgp_crt_export2: Added
+gnutls_openpgp_privkey_export2: Added
+gnutls_pkcs11_obj_export2: Added
+gnutls_pkcs12_export2: Added
dane_query_init: Added
dane_query_deinit: Added
dane_query_resolve_tlsa: Added
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index e375050..6ce6d7a 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -99,7 +99,7 @@ Optional CRL structure extensions.
The basic CRL structure functions follow.
address@hidden,gnutls_x509_crl_import,gnutls_x509_crl_export}
address@hidden,gnutls_x509_crl_import,gnutls_x509_crl_export,gnutls_x509_crl_export}
@subheading Reading a CRL
@@ -322,7 +322,7 @@ enumeration. Note however, that GnuTLS only supports the
PKCS #5 PBES2
encryption scheme. Keys encrypted with the obsolete PBES1 scheme cannot
be decrypted.
address@hidden,gnutls_x509_privkey_export_pkcs8}
address@hidden,gnutls_x509_privkey_export_pkcs8,gnutls_x509_privkey_export2_pkcs8}
@showenumdesc{gnutls_pkcs_encrypt_flags_t,Encryption flags}
diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi
index 936cf6d..b290ff5 100644
--- a/doc/cha-tokens.texi
+++ b/doc/cha-tokens.texi
@@ -71,7 +71,7 @@ sequence.
@showfuncC{gnutls_pubkey_import_url,gnutls_pubkey_import_privkey,gnutls_pubkey_import}
address@hidden
address@hidden,gnutls_pubkey_export2}
An important function is @funcref{gnutls_pubkey_import_url} which will import
public keys from URLs that identify objects stored in tokens (see @ref{Smart
cards and HSMs} and @ref{Trusted Platform Module}).
diff --git a/doc/invoke-gnutls-cli.texi b/doc/invoke-gnutls-cli.texi
index 91f5970..ade332a 100644
--- a/doc/invoke-gnutls-cli.texi
+++ b/doc/invoke-gnutls-cli.texi
@@ -7,7 +7,7 @@
#
# DO NOT EDIT THIS FILE (invoke-gnutls-cli.texi)
#
-# It has been AutoGen-ed October 6, 2012 at 03:27:13 AM by AutoGen 5.16
+# It has been AutoGen-ed October 7, 2012 at 10:36:28 AM by AutoGen 5.16
# From the definitions ../src/cli-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@@ -47,6 +47,9 @@ USAGE: gnutls-cli [ -<flag> [<val>] |
--<name>address@hidden| @}<val>] ]... [hostname]
- disabled as --no-tofu
--dane Enable DANE certificate verification (DNSSEC)
- disabled as --no-dane
+ --ca-verification Disable CA certificate verification
+ - disabled as --no-ca-verification
+ - enabled by default
--ocsp Enable OCSP certificate verification
- disabled as --no-ocsp
-r, --resume Establish a session and resume
@@ -133,6 +136,20 @@ This is the ``enable dane certificate verification
(dnssec)'' option.
This option will, in addition to certificate authentication using
the trusted CAs, verify the server certificates using on the DANE information
available via DNSSEC.
address@hidden ca-verification}
address@hidden ca-verification option
address@hidden gnutls-cli-ca-verification
+
+This is the ``disable ca certificate verification'' option.
+
address@hidden
+This option has some usage constraints. It:
address@hidden @bullet
address@hidden
+is enabled by default.
address@hidden itemize
+
+This option will disable CA certificate verification. It is to be used with
the --dane or --tofu options.
@anchor{gnutls-cli ocsp}
@subheading ocsp option
@cindex gnutls-cli-ocsp
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index caa9fe8..4eb1638 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -27,6 +27,7 @@
#include <gnutls_global.h>
#include <gnutls_dh.h>
#include <gnutls_pk.h>
+#include <x509/common.h>
#include <gnutls/crypto.h>
#include "x509/x509_int.h"
#include "debug.h"
@@ -341,8 +342,56 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
unsigned char *params_data,
size_t * params_data_size)
{
+gnutls_datum_t out;
+int ret;
+
+ ret = gnutls_dh_params_export2_pkcs3( params, format, &out);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (*params_data_size < (unsigned) out.size+1)
+ {
+ gnutls_assert ();
+ gnutls_free (out.data);
+ *params_data_size = out.size + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *params_data_size = out.size;
+ if (params_data)
+ {
+ memcpy( params_data, out.data, out.size);
+ params_data[out.size] = 0;
+ }
+
+ gnutls_free(out.data);
+
+ return 0;
+}
+
+/**
+ * gnutls_dh_params_export2_pkcs3:
+ * @params: Holds the DH parameters
+ * @format: the format of output params. One of PEM or DER.
+ * @out: will contain a PKCS3 DHParams structure PEM or DER encoded
+ *
+ * This function will export the given dh parameters to a PKCS3
+ * DHParams structure. This is the format generated by "openssl dhparam" tool.
+ * The data in @out will be allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN DH PARAMETERS".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
+ * otherwise a negative error code is returned.
+ **/
+int
+gnutls_dh_params_export2_pkcs3 (gnutls_dh_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out)
+{
ASN1_TYPE c2;
- int result, _params_data_size;
+ int result;
size_t g_size, p_size;
uint8_t *p_data, *g_data;
uint8_t *all_data;
@@ -395,6 +444,7 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
if (result < 0)
{
gnutls_assert ();
+ gnutls_free (all_data);
asn1_delete_structure (&c2);
return _gnutls_asn2err (result);
}
@@ -415,78 +465,34 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
if (format == GNUTLS_X509_FMT_DER)
{
- if (params_data == NULL)
- *params_data_size = 0;
+ result = _gnutls_x509_der_encode(c2, "", out, 0);
- _params_data_size = *params_data_size;
- result =
- asn1_der_coding (c2, "", params_data, &_params_data_size, NULL);
- *params_data_size = _params_data_size;
asn1_delete_structure (&c2);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- if (result == ASN1_MEM_ERROR)
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
-
- return _gnutls_asn2err (result);
- }
+ if (result < 0)
+ return gnutls_assert_val (result);
}
else
{ /* PEM */
- uint8_t *tmp;
- gnutls_datum_t out;
- int len;
+ gnutls_datum_t t;
- len = 0;
- asn1_der_coding (c2, "", NULL, &len, NULL);
-
- tmp = gnutls_malloc (len);
- if (tmp == NULL)
- {
- gnutls_assert ();
- asn1_delete_structure (&c2);
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- if ((result =
- asn1_der_coding (c2, "", tmp, &len, NULL)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- gnutls_free (tmp);
- asn1_delete_structure (&c2);
- return _gnutls_asn2err (result);
- }
+ result = _gnutls_x509_der_encode(c2, "", &t, 0);
asn1_delete_structure (&c2);
- result = _gnutls_fbase64_encode ("DH PARAMETERS", tmp, len, &out);
+ if (result < 0)
+ return gnutls_assert_val (result);
+
+ result = _gnutls_fbase64_encode("DH PARAMETERS", t.data, t.size, out);
- gnutls_free (tmp);
+ gnutls_free (t.data);
if (result < 0)
{
gnutls_assert ();
return result;
}
-
- if ((unsigned) out.size > *params_data_size)
- {
- gnutls_assert ();
- gnutls_free (out.data);
- *params_data_size = out.size + 1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *params_data_size = out.size;
-
- if (params_data)
- memcpy (params_data, out.data, out.size);
-
- gnutls_free (out.data);
-
}
return 0;
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index c145562..21bea55 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -540,7 +540,74 @@ cleanup:
asn1_delete_structure (&spk);
return result;
+}
+
+/**
+ * gnutls_pubkey_export2:
+ * @key: Holds the certificate
+ * @format: the format of output params. One of PEM or DER.
+ * @out: will contain a certificate PEM or DER encoded
+ *
+ * This function will export the public key to DER or PEM format.
+ * The contents of the exported data is the SubjectPublicKeyInfo
+ * X.509 structure.
+ *
+ * The output buffer will be allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN CERTIFICATE".
+ *
+ * Returns: In case of failure a negative error code will be
+ * returned, and 0 on success.
+ *
+ * Since: 3.1.3
+ **/
+int
+gnutls_pubkey_export2 (gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out)
+{
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+ result =
+ _gnutls_x509_encode_and_copy_PKI_params (spk, "",
+ key->pk_algorithm,
+ &key->params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_export_int_named2 (spk, "",
+ format, PK_PEM_HEADER, out);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ asn1_delete_structure (&spk);
+
+ return result;
}
/**
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 245af87..b96d630 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -108,6 +108,10 @@ int gnutls_pubkey_export (gnutls_pubkey_t key,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
+int gnutls_pubkey_export2 (gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
+
int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
unsigned char *output_data,
size_t * output_data_size);
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index e7de530..51e594e 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1291,6 +1291,9 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
gnutls_x509_crt_fmt_t format,
unsigned char *params_data,
size_t * params_data_size);
+ int gnutls_dh_params_export2_pkcs3 (gnutls_dh_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t *out);
int gnutls_dh_params_export_raw (gnutls_dh_params_t params,
gnutls_datum_t * prime,
gnutls_datum_t * generator,
diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h
index 1d4e0cd..bed8101 100644
--- a/lib/includes/gnutls/openpgp.h
+++ b/lib/includes/gnutls/openpgp.h
@@ -68,6 +68,9 @@ extern "C"
gnutls_openpgp_crt_fmt_t format,
void *output_data,
size_t * output_data_size);
+ int gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t * out);
int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
gnutls_certificate_print_formats_t format,
@@ -241,6 +244,11 @@ extern "C"
unsigned int flags,
void *output_data,
size_t * output_data_size);
+ int gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ gnutls_datum_t * out);
int
gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index 84af6f2..0e486ce 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -120,7 +120,8 @@ void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj);
int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
void *output_data, size_t * output_data_size);
-
+int gnutls_pkcs11_obj_export2 (gnutls_pkcs11_obj_t obj,
+ gnutls_datum_t *out);
int gnutls_pkcs11_copy_x509_crt (const char *token_url, gnutls_x509_crt_t crt,
const char *label, unsigned int flags
diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h
index 09b75e9..02f6351 100644
--- a/lib/includes/gnutls/pkcs12.h
+++ b/lib/includes/gnutls/pkcs12.h
@@ -46,6 +46,9 @@ extern "C"
int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
+ int gnutls_pkcs12_export2 (gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t *out);
int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
int indx, gnutls_pkcs12_bag_t bag);
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 94e01a4..7845f22 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -123,6 +123,9 @@ extern "C"
int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
+ int gnutls_x509_crt_export2 (gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t* out);
int gnutls_x509_crt_get_private_key_usage_period (gnutls_x509_crt_t cert,
time_t* activation, time_t* expiration,
unsigned int *critical);
@@ -463,6 +466,9 @@ extern "C"
int gnutls_x509_dn_export (gnutls_x509_dn_t dn,
gnutls_x509_crt_fmt_t format, void *output_data,
size_t * output_data_size);
+ int gnutls_x509_dn_export2 (gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn);
@@ -478,6 +484,9 @@ extern "C"
int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
+ int gnutls_x509_crl_export2 (gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t *out);
int
gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
@@ -580,6 +589,9 @@ extern "C"
int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
+ int gnutls_pkcs7_export2 (gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t *out);
int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7);
int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx,
@@ -803,12 +815,20 @@ extern "C"
gnutls_x509_crt_fmt_t format,
void *output_data,
size_t * output_data_size);
+ int gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
gnutls_x509_crt_fmt_t format,
const char *password,
unsigned int flags,
void *output_data,
size_t * output_data_size);
+ int gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ gnutls_datum_t * out);
int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
gnutls_datum_t * m,
gnutls_datum_t * e,
@@ -887,6 +907,9 @@ extern "C"
int gnutls_x509_crq_export (gnutls_x509_crq_t crq,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
+ int gnutls_x509_crq_export2 (gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out);
int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 9cfe3d3..578e159 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -841,6 +841,19 @@ GNUTLS_3_1_0 {
gnutls_certificate_set_ocsp_status_request_file;
gnutls_ocsp_status_request_enable_client;
gnutls_ocsp_status_request_get;
+ gnutls_dh_params_export2_pkcs3;
+ gnutls_pubkey_export2;
+ gnutls_x509_crt_export2;
+ gnutls_x509_dn_export2;
+ gnutls_x509_crl_export2;
+ gnutls_pkcs7_export2;
+ gnutls_x509_privkey_export2;
+ gnutls_x509_privkey_export2_pkcs8;
+ gnutls_x509_crq_export2;
+ gnutls_openpgp_crt_export2;
+ gnutls_openpgp_privkey_export2;
+ gnutls_pkcs11_obj_export2;
+ gnutls_pkcs12_export2;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {
diff --git a/lib/openpgp/openpgp_int.h b/lib/openpgp/openpgp_int.h
index 9f6b3a5..a144793 100644
--- a/lib/openpgp/openpgp_int.h
+++ b/lib/openpgp/openpgp_int.h
@@ -63,7 +63,11 @@ int _gnutls_map_cdk_rc (int rc);
int _gnutls_openpgp_export (cdk_kbnode_t node,
gnutls_openpgp_crt_fmt_t format,
void *output_data, size_t * output_data_size,
- int private);
+ int priv);
+
+int _gnutls_openpgp_export2 (cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t* out, int priv);
cdk_packet_t _gnutls_get_valid_subkey (cdk_kbnode_t knode, int key_type);
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index dc6cadc..78ef788 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -119,13 +119,39 @@ gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
return 0;
}
+int _gnutls_openpgp_export2 (cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t* out, int priv)
+{
+int ret;
+size_t size = 0;
+
+ ret = _gnutls_openpgp_export(node, format, NULL, &size, priv);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ out->data = gnutls_malloc(size);
+
+ ret = _gnutls_openpgp_export(node, format, out->data, &size, priv);
+ if (ret < 0)
+ {
+ gnutls_free(out->data);
+ return gnutls_assert_val(ret);
+ }
+ out->size = size;
+ }
+ else if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ return 0;
+}
+
/* internal version of export
*/
int
_gnutls_openpgp_export (cdk_kbnode_t node,
gnutls_openpgp_crt_fmt_t format,
void *output_data,
- size_t * output_data_size, int private)
+ size_t * output_data_size, int priv)
{
size_t input_data_size = *output_data_size;
size_t calc_size;
@@ -141,7 +167,7 @@ _gnutls_openpgp_export (cdk_kbnode_t node,
/* If the caller uses output_data == NULL then return what he expects.
*/
- if (!output_data)
+ if (!output_data && format != GNUTLS_OPENPGP_FMT_BASE64)
{
gnutls_assert ();
return GNUTLS_E_SHORT_MEMORY_BUFFER;
@@ -156,7 +182,7 @@ _gnutls_openpgp_export (cdk_kbnode_t node,
buffer is large enough. */
rc = cdk_armor_encode_buffer (in, *output_data_size,
NULL, 0, &calc_size,
- private ? CDK_ARMOR_SECKEY :
+ priv ? CDK_ARMOR_SECKEY :
CDK_ARMOR_PUBKEY);
if (rc || calc_size > input_data_size)
{
@@ -168,7 +194,7 @@ _gnutls_openpgp_export (cdk_kbnode_t node,
rc = cdk_armor_encode_buffer (in, *output_data_size,
output_data, input_data_size, &calc_size,
- private ? CDK_ARMOR_SECKEY :
+ priv ? CDK_ARMOR_SECKEY :
CDK_ARMOR_PUBKEY);
gnutls_free (in);
*output_data_size = calc_size;
@@ -189,7 +215,7 @@ _gnutls_openpgp_export (cdk_kbnode_t node,
* gnutls_openpgp_crt_export:
* @key: Holds the key.
* @format: One of gnutls_openpgp_crt_fmt_t elements.
- * @output_data: will contain the key base64 encoded or raw
+ * @output_data: will contain the raw or base64 encoded key
* @output_data_size: holds the size of output_data (and will
* be replaced by the actual size of parameters)
*
@@ -209,6 +235,25 @@ gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
}
/**
+ * gnutls_openpgp_crt_export2:
+ * @key: Holds the key.
+ * @format: One of gnutls_openpgp_crt_fmt_t elements.
+ * @out: will contain the raw or base64 encoded key
+ *
+ * This function will convert the given key to RAW or Base64 format.
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ gnutls_datum_t *out)
+{
+ return _gnutls_openpgp_export2 (key->knode, format, out, 0);
+}
+
+/**
* gnutls_openpgp_crt_get_fingerprint:
* @key: the raw data that contains the OpenPGP public key.
* @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index bd04b21..461aa9d 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -230,6 +230,31 @@ gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t
key,
output_data_size, 1);
}
+/**
+ * gnutls_openpgp_privkey_export2:
+ * @key: Holds the key.
+ * @format: One of gnutls_openpgp_crt_fmt_t elements.
+ * @password: the password that will be used to encrypt the key. (unused for
now)
+ * @flags: (0) for future compatibility
+ * @out: will contain the raw or based64 encoded key
+ *
+ * This function will convert the given key to RAW or Base64 format.
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 3.1
+ **/
+int
+gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags,
+ gnutls_datum_t *out)
+{
+ /* FIXME for now we do not export encrypted keys */
+ return _gnutls_openpgp_export2 (key->knode, format, out, 1);
+}
+
/**
* gnutls_openpgp_privkey_get_pk_algorithm:
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 48dcd03..0357c7a 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -832,6 +832,38 @@ gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
return 0;
}
+/**
+ * gnutls_pkcs11_obj_export2:
+ * @obj: Holds the object
+ * @out: will contain a certificate PEM or DER encoded
+ *
+ * This function will export the PKCS11 object data. It is normal for
+ * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST
+ * will be returned.
+ *
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN CERTIFICATE".
+ *
+ * Returns: In case of failure a negative error code will be
+ * returned, and %GNUTLS_E_SUCCESS (0) on success.
+ *
+ * Since: 3.1
+ **/
+int
+gnutls_pkcs11_obj_export2 (gnutls_pkcs11_obj_t obj,
+ gnutls_datum_t *out)
+{
+ if (obj == NULL || obj->raw.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_set_datum(out, obj->raw.data, obj->raw.size);
+}
+
int
pkcs11_find_object (struct pkcs11_session_info* sinfo,
struct pin_info_st * pin_info,
diff --git a/lib/x509/common.c b/lib/x509/common.c
index fd4b815..d577f8a 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -776,91 +776,78 @@ _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const
char *name,
unsigned char *output_data,
size_t * output_data_size)
{
- int result, len;
+ int ret;
+ gnutls_datum_t out;
+ size_t size;
- if (format == GNUTLS_X509_FMT_DER)
+ ret = _gnutls_x509_export_int_named2 (asn1_data, name,
+ format, pem_header, &out);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (format == GNUTLS_X509_FMT_PEM)
+ size = out.size+1;
+ else
+ size = out.size;
+
+ if (*output_data_size < size)
{
+ *output_data_size = size;
+ ret = gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ goto cleanup;
+ }
- if (output_data == NULL)
- *output_data_size = 0;
+ *output_data_size = (size_t)out.size;
+ if (output_data)
+ {
+ memcpy (output_data, out.data, (size_t)out.size);
+ if (format == GNUTLS_X509_FMT_PEM)
+ output_data[out.size] = 0;
+ }
- len = *output_data_size;
+ ret = 0;
- if ((result =
- asn1_der_coding (asn1_data, name, output_data, &len,
- NULL)) != ASN1_SUCCESS)
- {
- *output_data_size = (size_t)len;
- if (result == ASN1_MEM_ERROR)
- {
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+cleanup:
+ gnutls_free (out.data);
- *output_data_size = (size_t)len;
+ return ret;
+}
+/* A generic export function. Will export the given ASN.1 encoded data
+ * to PEM or DER raw data.
+ */
+int
+_gnutls_x509_export_int_named2 (ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ gnutls_datum_t *out)
+{
+ int ret;
+
+ if (format == GNUTLS_X509_FMT_DER)
+ {
+ ret = _gnutls_x509_der_encode(asn1_data, name, out, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
}
else
{ /* PEM */
- gnutls_datum_t out;
gnutls_datum_t tmp;
- result = _gnutls_x509_der_encode (asn1_data, name, &tmp, 0);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_fbase64_encode (pem_header, tmp.data, tmp.size, &out);
+ ret = _gnutls_x509_der_encode (asn1_data, name, &tmp, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ ret = _gnutls_fbase64_encode (pem_header, tmp.data, tmp.size, out);
_gnutls_free_datum (&tmp);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- if ((size_t) out.size > *output_data_size)
- {
- gnutls_assert ();
- gnutls_free (out.data);
- *output_data_size = (size_t)out.size+1;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *output_data_size = (size_t)out.size;
-
- if (output_data)
- {
- memcpy (output_data, out.data, (size_t)out.size);
-
- /* do not include the null character into output size.
- */
- *output_data_size = (size_t)result - 1;
- }
- gnutls_free (out.data);
-
+ if (ret < 0)
+ return gnutls_assert_val(ret);
}
return 0;
}
-int
-_gnutls_x509_export_int (ASN1_TYPE asn1_data,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- unsigned char *output_data,
- size_t * output_data_size)
-{
- return _gnutls_x509_export_int_named (asn1_data, "",
- format, pem_header, output_data,
- output_data_size);
-}
-
/* Decodes an octet string. Leave string_type null for a normal
* octet string. Otherwise put something like BMPString, PrintableString
* etc.
diff --git a/lib/x509/common.h b/lib/x509/common.h
index e48e0f8..1ee9194 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -95,11 +95,8 @@ int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const
char *src_name,
int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
gnutls_datum_t * res, int str);
-int _gnutls_x509_export_int (ASN1_TYPE asn1_data,
- gnutls_x509_crt_fmt_t format,
- const char *pem_header,
- unsigned char *output_data,
- size_t * output_data_size);
+#define _gnutls_x509_export_int(asn1, format, header, out, out_size) \
+ _gnutls_x509_export_int_named(asn1, "", format, header, out, out_size)
int _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name,
gnutls_x509_crt_fmt_t format,
@@ -107,6 +104,13 @@ int _gnutls_x509_export_int_named (ASN1_TYPE asn1_data,
const char *name,
unsigned char *output_data,
size_t * output_data_size);
+#define _gnutls_x509_export_int2(asn1, format, header, out) \
+ _gnutls_x509_export_int_named2(asn1, "", format, header, out)
+int _gnutls_x509_export_int_named2 (ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ gnutls_datum_t * out);
+
int _gnutls_x509_read_value (ASN1_TYPE c, const char *root,
gnutls_datum_t * ret, int str);
int _gnutls_x509_write_value (ASN1_TYPE c, const char *root,
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index b0e1fd8..2565e9c 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -637,6 +637,37 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl,
output_data, output_data_size);
}
+/**
+ * gnutls_x509_crl_export2:
+ * @crl: Holds the revocation list
+ * @format: the format of output params. One of PEM or DER.
+ * @out: will contain a private key PEM or DER encoded
+ *
+ * This function will export the revocation list to DER or PEM format.
+ *
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN X509 CRL".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value. and a negative error code on failure.
+ *
+ * Since 3.1
+ **/
+int
+gnutls_x509_crl_export2 (gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+{
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int2 (crl->crl, format, PEM_CRL, out);
+}
+
/*-
* _gnutls_x509_crl_cpy - This function copies a gnutls_x509_crl_t structure
* @dest: The structure where to copy
@@ -651,37 +682,15 @@ int
_gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src)
{
int ret;
- size_t der_size;
- uint8_t *der;
gnutls_datum_t tmp;
- ret = gnutls_x509_crl_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_assert ();
- return ret;
- }
-
- der = gnutls_malloc (der_size);
- if (der == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = gnutls_x509_crl_export (src, GNUTLS_X509_FMT_DER, der, &der_size);
+ ret = gnutls_x509_crl_export2 (src, GNUTLS_X509_FMT_DER, &tmp);
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_free (der);
- return ret;
- }
+ return gnutls_assert_val(ret);
- tmp.data = der;
- tmp.size = der_size;
ret = gnutls_x509_crl_import (dest, &tmp, GNUTLS_X509_FMT_DER);
- gnutls_free (der);
+ gnutls_free (tmp.data);
if (ret < 0)
{
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index c4dec27..5651cb0 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -1156,6 +1156,38 @@ gnutls_x509_crq_export (gnutls_x509_crq_t crq,
}
/**
+ * gnutls_x509_crq_export2:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @format: the format of output params. One of PEM or DER.
+ * @out: will contain a certificate request PEM or DER encoded
+ *
+ * This function will export the certificate request to a PEM or DER
+ * encoded PKCS10 structure.
+ *
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header of "BEGIN
+ * NEW CERTIFICATE REQUEST".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since 3.1
+ **/
+int
+gnutls_x509_crq_export2 (gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+{
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int2 (crq->crq, format, PEM_CRQ, out);
+}
+
+/**
* gnutls_x509_crq_get_pk_algorithm:
* @crq: should contain a #gnutls_x509_crq_t structure
* @bits: if bits is non-%NULL it will hold the size of the parameters' in bits
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 5152691..9c60961 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -1241,3 +1241,35 @@ gnutls_x509_dn_export (gnutls_x509_dn_t dn,
format, "NAME",
output_data, output_data_size);
}
+
+/**
+ * gnutls_x509_dn_export2:
+ * @dn: Holds the uint8_t DN object
+ * @format: the format of output params. One of PEM or DER.
+ * @out: will contain a DN PEM or DER encoded
+ *
+ * This function will export the DN to DER or PEM format.
+ *
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN NAME".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_dn_export2 (gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+{
+ ASN1_TYPE asn1 = dn;
+
+ if (asn1 == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int_named2 (asn1, "rdnSequence",
+ format, "NAME", out);
+}
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index d06fea4..380f3fc 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -276,6 +276,37 @@ gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
output_data, output_data_size);
}
+/**
+ * gnutls_pkcs12_export2:
+ * @pkcs12: Holds the pkcs12 structure
+ * @format: the format of output params. One of PEM or DER.
+ * @out: will contain a structure PEM or DER encoded
+ *
+ * This function will export the pkcs12 structure to DER or PEM format.
+ *
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN PKCS12".
+ *
+ * Returns: In case of failure a negative error code will be
+ * returned, and 0 on success.
+ *
+ * Since: 3.1
+ **/
+int
+gnutls_pkcs12_export2 (gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+{
+ if (pkcs12 == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int2 (pkcs12->pkcs12, format, PEM_PKCS12, out);
+}
+
static int
oid2bag (const char *oid)
{
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 16e4d3b..5149f5c 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -432,6 +432,32 @@ gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
output_data, output_data_size);
}
+/**
+ * gnutls_pkcs7_export2:
+ * @pkcs7: Holds the pkcs7 structure
+ * @format: the format of output params. One of PEM or DER.
+ * @out: will contain a structure PEM or DER encoded
+ *
+ * This function will export the pkcs7 structure to DER or PEM format.
+ *
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN PKCS7".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_export2 (gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
+{
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ return _gnutls_x509_export_int2 (pkcs7->pkcs7, format, PEM_PKCS7, out);
+}
+
/* Creates an empty signed data structure in the pkcs7
* structure and returns a handle to the signed data.
*/
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index b903972..875d1f4 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1016,6 +1016,18 @@ int ret;
return key->pk_algorithm;
}
+static const char* set_msg(gnutls_x509_privkey_t key)
+{
+ if (key->pk_algorithm == GNUTLS_PK_RSA)
+ return PEM_KEY_RSA;
+ else if (key->pk_algorithm == GNUTLS_PK_DSA)
+ return PEM_KEY_DSA;
+ else if (key->pk_algorithm == GNUTLS_PK_EC)
+ return PEM_KEY_ECC;
+ else
+ return "UNKNOWN";
+}
+
/**
* gnutls_x509_privkey_export:
* @key: Holds the key
@@ -1051,20 +1063,51 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
return GNUTLS_E_INVALID_REQUEST;
}
- if (key->pk_algorithm == GNUTLS_PK_RSA)
- msg = PEM_KEY_RSA;
- else if (key->pk_algorithm == GNUTLS_PK_DSA)
- msg = PEM_KEY_DSA;
- else if (key->pk_algorithm == GNUTLS_PK_EC)
- msg = PEM_KEY_ECC;
- else
- msg = "UNKNOWN";
+ msg = set_msg(key);
return _gnutls_x509_export_int (key->key, format, msg,
output_data, output_data_size);
}
/**
+ * gnutls_x509_privkey_export2:
+ * @key: Holds the key
+ * @format: the format of output params. One of PEM or DER.
+ * @out: will contain a private key PEM or DER encoded
+ *
+ * This function will export the private key to a PKCS1 structure for
+ * RSA keys, or an integer sequence for DSA keys. The DSA keys are in
+ * the same format with the parameters used by openssl.
+ *
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN RSA PRIVATE KEY".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since 3.1
+ **/
+int
+gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t * out)
+{
+ const char *msg;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ msg = set_msg(key);
+
+ return _gnutls_x509_export_int2 (key->key, format, msg, out);
+}
+
+/**
* gnutls_x509_privkey_sec_param:
* @key: a key structure
*
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 2ccb5f9..42d3c51 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -660,6 +660,95 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t
key,
return ret;
}
+/**
+ * gnutls_x509_privkey_export2_pkcs8:
+ * @key: Holds the key
+ * @format: the format of output params. One of PEM or DER.
+ * @password: the password that will be used to encrypt the key.
+ * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
+ * @out: will contain a private key PEM or DER encoded
+ *
+ * This function will export the private key to a PKCS8 structure.
+ * Both RSA and DSA keys can be exported. For DSA keys we use
+ * PKCS #11 definitions. If the flags do not specify the encryption
+ * cipher, then the default 3DES (PBES2) will be used.
+ *
+ * The @password can be either ASCII or UTF-8 in the default PBES2
+ * encryption schemas, or ASCII for the PKCS12 schemas.
+ *
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
+ * encryption is not used.
+ *
+ * Returns: In case of failure a negative error code will be
+ * returned, and 0 on success.
+ *
+ * Since 3.1
+ **/
+int
+gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ gnutls_datum_t *out)
+{
+ ASN1_TYPE pkcs8_asn, pkey_info;
+ int ret;
+ gnutls_datum_t tmp;
+ schema_id schema;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Get the private key info
+ * tmp holds the DER encoding.
+ */
+ ret = encode_to_private_key_info (key, &tmp, &pkey_info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ schema = _gnutls_pkcs_flags_to_schema (flags);
+
+ if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags &
GNUTLS_PKCS_NULL_PASSWORD))
+ {
+ _gnutls_free_datum (&tmp);
+
+ ret =
+ _gnutls_x509_export_int2 (pkey_info, format,
+ PEM_UNENCRYPTED_PKCS8, out);
+
+ asn1_delete_structure (&pkey_info);
+ }
+ else
+ {
+ asn1_delete_structure (&pkey_info); /* we don't need it */
+
+ ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
+ _gnutls_free_datum (&tmp);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_export_int2 (pkcs8_asn, format, PEM_PKCS8, out);
+
+ asn1_delete_structure (&pkcs8_asn);
+ }
+
+ return ret;
+}
+
/* Read the parameters cipher, IV, salt etc using the given
* schema ID.
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 0e1430d..308047f 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2340,6 +2340,36 @@ gnutls_x509_crt_export (gnutls_x509_crt_t cert,
output_data, output_data_size);
}
+/**
+ * gnutls_x509_crt_export2:
+ * @cert: Holds the certificate
+ * @format: the format of output params. One of PEM or DER.
+ * @out: will contain a certificate PEM or DER encoded
+ *
+ * This function will export the certificate to DER or PEM format.
+ * The output buffer is allocated using gnutls_malloc().
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN CERTIFICATE".
+ *
+ * Returns: In case of failure a negative error code will be
+ * returned, and 0 on success.
+ *
+ * Since: 3.1
+ **/
+int
+gnutls_x509_crt_export2 (gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int2 (cert->cert, format, "CERTIFICATE", out);
+}
+
int
_gnutls_get_key_id (gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params,
unsigned char *output_data,
diff --git a/libdane/dane.c b/libdane/dane.c
index 6f9a2db..ebf362c 100644
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -306,7 +306,6 @@ static int crt_to_pubkey(const gnutls_datum_t *raw_crt,
gnutls_datum_t * out)
gnutls_pubkey_t pub = NULL;
gnutls_x509_crt_t crt = NULL;
int ret;
-size_t size;
out->data = NULL;
@@ -332,27 +331,12 @@ size_t size;
goto cleanup;
}
- size = 0;
- ret = gnutls_pubkey_export(pub, GNUTLS_X509_FMT_DER, NULL, &size);
- if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
- ret = DANE_E_PUBKEY_ERROR;
- goto cleanup;
- }
-
- out->data = malloc(size);
- if (out->data == NULL) {
- ret = DANE_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = gnutls_pubkey_export(pub, GNUTLS_X509_FMT_DER, out->data, &size);
+ ret = gnutls_pubkey_export2(pub, GNUTLS_X509_FMT_DER, out);
if (ret < 0) {
ret = DANE_E_PUBKEY_ERROR;
goto cleanup;
}
- out->size = size;
-
ret = 0;
goto clean_certs;
diff --git a/src/cli-args.c b/src/cli-args.c
index 05f8af5..5855918 100644
--- a/src/cli-args.c
+++ b/src/cli-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (cli-args.c)
*
- * It has been AutoGen-ed October 6, 2012 at 03:20:01 AM by AutoGen 5.16
+ * It has been AutoGen-ed October 7, 2012 at 12:14:56 AM by AutoGen 5.16
* From the definitions cli-args.def
* and the template file options
*
@@ -67,7 +67,7 @@ extern FILE * option_usage_fp;
/*
* gnutls-cli option static const strings
*/
-static char const gnutls_cli_opt_strs[3667] =
+static char const gnutls_cli_opt_strs[3738] =
/* 0 */ "gnutls-cli @address@hidden"
"Copyright (C) 2000-2012 Free Software Foundation, all rights
reserved.\n"
"This is free software. It is licensed for use, modification and\n"
@@ -97,131 +97,134 @@ static char const gnutls_cli_opt_strs[3667] =
/* 1013 */ "Enable DANE certificate verification (DNSSEC)\0"
/* 1059 */ "DANE\0"
/* 1064 */ "no-dane\0"
-/* 1072 */ "Enable OCSP certificate verification\0"
-/* 1109 */ "OCSP\0"
-/* 1114 */ "no-ocsp\0"
-/* 1122 */ "Establish a session and resume\0"
-/* 1153 */ "RESUME\0"
-/* 1160 */ "resume\0"
-/* 1167 */ "Activate heartbeat support\0"
-/* 1194 */ "HEARTBEAT\0"
-/* 1204 */ "heartbeat\0"
-/* 1214 */ "Establish a session and rehandshake\0"
-/* 1250 */ "REHANDSHAKE\0"
-/* 1262 */ "rehandshake\0"
-/* 1274 */ "Don't accept session tickets\0"
-/* 1303 */ "NOTICKET\0"
-/* 1312 */ "noticket\0"
-/* 1321 */ "Enable OCSP status request\0"
-/* 1348 */ "OCSP_STATUS_REQUEST\0"
-/* 1368 */ "no-ocsp-status-request\0"
-/* 1391 */ "Connect, establish a plain session and start TLS.\0"
-/* 1441 */ "STARTTLS\0"
-/* 1450 */ "starttls\0"
-/* 1459 */ "Use DTLS (datagram TLS) over UDP\0"
-/* 1492 */ "UDP\0"
-/* 1496 */ "udp\0"
-/* 1500 */ "Set MTU for datagram TLS\0"
-/* 1525 */ "MTU\0"
-/* 1529 */ "mtu\0"
-/* 1533 */ "Send CR LF instead of LF\0"
-/* 1558 */ "CRLF\0"
-/* 1563 */ "crlf\0"
-/* 1568 */ "Use DER format for certificates to read from\0"
-/* 1613 */ "X509FMTDER\0"
-/* 1624 */ "x509fmtder\0"
-/* 1635 */ "Send the openpgp fingerprint, instead of the key\0"
-/* 1684 */ "FINGERPRINT\0"
-/* 1696 */ "fingerprint\0"
-/* 1708 */ "Disable all the TLS extensions\0"
-/* 1739 */ "DISABLE_EXTENSIONS\0"
-/* 1758 */ "disable-extensions\0"
-/* 1777 */ "Print peer's certificate in PEM format\0"
-/* 1816 */ "PRINT_CERT\0"
-/* 1827 */ "print-cert\0"
-/* 1838 */ "The maximum record size to advertize\0"
-/* 1875 */ "RECORDSIZE\0"
-/* 1886 */ "recordsize\0"
-/* 1897 */ "The minimum number of bits allowed for DH\0"
-/* 1939 */ "DH_BITS\0"
-/* 1947 */ "dh-bits\0"
-/* 1955 */ "Priorities string\0"
-/* 1973 */ "PRIORITY\0"
-/* 1982 */ "priority\0"
-/* 1991 */ "Certificate file or PKCS #11 URL to use\0"
-/* 2031 */ "X509CAFILE\0"
-/* 2042 */ "x509cafile\0"
-/* 2053 */ "CRL file to use\0"
-/* 2069 */ "X509CRLFILE\0"
-/* 2081 */ "x509crlfile\0"
-/* 2093 */ "PGP Key file to use\0"
-/* 2113 */ "PGPKEYFILE\0"
-/* 2124 */ "pgpkeyfile\0"
-/* 2135 */ "PGP Key ring file to use\0"
-/* 2160 */ "PGPKEYRING\0"
-/* 2171 */ "pgpkeyring\0"
-/* 2182 */ "PGP Public Key (certificate) file to use\0"
-/* 2223 */ "PGPCERTFILE\0"
-/* 2235 */ "pgpcertfile\0"
-/* 2247 */ "X.509 key file or PKCS #11 URL to use\0"
-/* 2285 */ "X509KEYFILE\0"
-/* 2297 */ "x509keyfile\0"
-/* 2309 */ "X.509 Certificate file or PKCS #11 URL to use\0"
-/* 2355 */ "X509CERTFILE\0"
-/* 2368 */ "x509certfile\0"
-/* 2381 */ "PGP subkey to use (hex or auto)\0"
-/* 2413 */ "PGPSUBKEY\0"
-/* 2423 */ "pgpsubkey\0"
-/* 2433 */ "SRP username to use\0"
-/* 2453 */ "SRPUSERNAME\0"
-/* 2465 */ "srpusername\0"
-/* 2477 */ "SRP password to use\0"
-/* 2497 */ "SRPPASSWD\0"
-/* 2507 */ "srppasswd\0"
-/* 2517 */ "PSK username to use\0"
-/* 2537 */ "PSKUSERNAME\0"
-/* 2549 */ "pskusername\0"
-/* 2561 */ "PSK key (in hex) to use\0"
-/* 2585 */ "PSKKEY\0"
-/* 2592 */ "pskkey\0"
-/* 2599 */ "The port or service to connect to\0"
-/* 2633 */ "PORT\0"
-/* 2638 */ "port\0"
-/* 2643 */ "Don't abort program if server certificate can't be validated\0"
-/* 2704 */ "INSECURE\0"
-/* 2713 */ "insecure\0"
-/* 2722 */ "Benchmark individual ciphers\0"
-/* 2751 */ "BENCHMARK_CIPHERS\0"
-/* 2769 */ "benchmark-ciphers\0"
-/* 2787 */ "Benchmark individual software ciphers (no hw acceleration)\0"
-/* 2846 */ "BENCHMARK_SOFT_CIPHERS\0"
-/* 2869 */ "benchmark-soft-ciphers\0"
-/* 2892 */ "Benchmark TLS key exchange methods\0"
-/* 2927 */ "BENCHMARK_TLS_KX\0"
-/* 2944 */ "benchmark-tls-kx\0"
-/* 2961 */ "Benchmark TLS ciphers\0"
-/* 2983 */ "BENCHMARK_TLS_CIPHERS\0"
-/* 3005 */ "benchmark-tls-ciphers\0"
-/* 3027 */ "Print a list of the supported algorithms and modes\0"
-/* 3078 */ "LIST\0"
-/* 3083 */ "list\0"
-/* 3088 */ "Display extended usage information and exit\0"
-/* 3132 */ "help\0"
-/* 3137 */ "Extended usage information passed thru pager\0"
-/* 3182 */ "more-help\0"
-/* 3192 */ "Output version information and exit\0"
-/* 3228 */ "version\0"
-/* 3236 */ "GNUTLS_CLI\0"
-/* 3247 */ "gnutls-cli - GnuTLS client - Ver. @address@hidden"
+/* 1072 */ "Disable CA certificate verification\0"
+/* 1108 */ "CA_VERIFICATION\0"
+/* 1124 */ "no-ca-verification\0"
+/* 1143 */ "Enable OCSP certificate verification\0"
+/* 1180 */ "OCSP\0"
+/* 1185 */ "no-ocsp\0"
+/* 1193 */ "Establish a session and resume\0"
+/* 1224 */ "RESUME\0"
+/* 1231 */ "resume\0"
+/* 1238 */ "Activate heartbeat support\0"
+/* 1265 */ "HEARTBEAT\0"
+/* 1275 */ "heartbeat\0"
+/* 1285 */ "Establish a session and rehandshake\0"
+/* 1321 */ "REHANDSHAKE\0"
+/* 1333 */ "rehandshake\0"
+/* 1345 */ "Don't accept session tickets\0"
+/* 1374 */ "NOTICKET\0"
+/* 1383 */ "noticket\0"
+/* 1392 */ "Enable OCSP status request\0"
+/* 1419 */ "OCSP_STATUS_REQUEST\0"
+/* 1439 */ "no-ocsp-status-request\0"
+/* 1462 */ "Connect, establish a plain session and start TLS.\0"
+/* 1512 */ "STARTTLS\0"
+/* 1521 */ "starttls\0"
+/* 1530 */ "Use DTLS (datagram TLS) over UDP\0"
+/* 1563 */ "UDP\0"
+/* 1567 */ "udp\0"
+/* 1571 */ "Set MTU for datagram TLS\0"
+/* 1596 */ "MTU\0"
+/* 1600 */ "mtu\0"
+/* 1604 */ "Send CR LF instead of LF\0"
+/* 1629 */ "CRLF\0"
+/* 1634 */ "crlf\0"
+/* 1639 */ "Use DER format for certificates to read from\0"
+/* 1684 */ "X509FMTDER\0"
+/* 1695 */ "x509fmtder\0"
+/* 1706 */ "Send the openpgp fingerprint, instead of the key\0"
+/* 1755 */ "FINGERPRINT\0"
+/* 1767 */ "fingerprint\0"
+/* 1779 */ "Disable all the TLS extensions\0"
+/* 1810 */ "DISABLE_EXTENSIONS\0"
+/* 1829 */ "disable-extensions\0"
+/* 1848 */ "Print peer's certificate in PEM format\0"
+/* 1887 */ "PRINT_CERT\0"
+/* 1898 */ "print-cert\0"
+/* 1909 */ "The maximum record size to advertize\0"
+/* 1946 */ "RECORDSIZE\0"
+/* 1957 */ "recordsize\0"
+/* 1968 */ "The minimum number of bits allowed for DH\0"
+/* 2010 */ "DH_BITS\0"
+/* 2018 */ "dh-bits\0"
+/* 2026 */ "Priorities string\0"
+/* 2044 */ "PRIORITY\0"
+/* 2053 */ "priority\0"
+/* 2062 */ "Certificate file or PKCS #11 URL to use\0"
+/* 2102 */ "X509CAFILE\0"
+/* 2113 */ "x509cafile\0"
+/* 2124 */ "CRL file to use\0"
+/* 2140 */ "X509CRLFILE\0"
+/* 2152 */ "x509crlfile\0"
+/* 2164 */ "PGP Key file to use\0"
+/* 2184 */ "PGPKEYFILE\0"
+/* 2195 */ "pgpkeyfile\0"
+/* 2206 */ "PGP Key ring file to use\0"
+/* 2231 */ "PGPKEYRING\0"
+/* 2242 */ "pgpkeyring\0"
+/* 2253 */ "PGP Public Key (certificate) file to use\0"
+/* 2294 */ "PGPCERTFILE\0"
+/* 2306 */ "pgpcertfile\0"
+/* 2318 */ "X.509 key file or PKCS #11 URL to use\0"
+/* 2356 */ "X509KEYFILE\0"
+/* 2368 */ "x509keyfile\0"
+/* 2380 */ "X.509 Certificate file or PKCS #11 URL to use\0"
+/* 2426 */ "X509CERTFILE\0"
+/* 2439 */ "x509certfile\0"
+/* 2452 */ "PGP subkey to use (hex or auto)\0"
+/* 2484 */ "PGPSUBKEY\0"
+/* 2494 */ "pgpsubkey\0"
+/* 2504 */ "SRP username to use\0"
+/* 2524 */ "SRPUSERNAME\0"
+/* 2536 */ "srpusername\0"
+/* 2548 */ "SRP password to use\0"
+/* 2568 */ "SRPPASSWD\0"
+/* 2578 */ "srppasswd\0"
+/* 2588 */ "PSK username to use\0"
+/* 2608 */ "PSKUSERNAME\0"
+/* 2620 */ "pskusername\0"
+/* 2632 */ "PSK key (in hex) to use\0"
+/* 2656 */ "PSKKEY\0"
+/* 2663 */ "pskkey\0"
+/* 2670 */ "The port or service to connect to\0"
+/* 2704 */ "PORT\0"
+/* 2709 */ "port\0"
+/* 2714 */ "Don't abort program if server certificate can't be validated\0"
+/* 2775 */ "INSECURE\0"
+/* 2784 */ "insecure\0"
+/* 2793 */ "Benchmark individual ciphers\0"
+/* 2822 */ "BENCHMARK_CIPHERS\0"
+/* 2840 */ "benchmark-ciphers\0"
+/* 2858 */ "Benchmark individual software ciphers (no hw acceleration)\0"
+/* 2917 */ "BENCHMARK_SOFT_CIPHERS\0"
+/* 2940 */ "benchmark-soft-ciphers\0"
+/* 2963 */ "Benchmark TLS key exchange methods\0"
+/* 2998 */ "BENCHMARK_TLS_KX\0"
+/* 3015 */ "benchmark-tls-kx\0"
+/* 3032 */ "Benchmark TLS ciphers\0"
+/* 3054 */ "BENCHMARK_TLS_CIPHERS\0"
+/* 3076 */ "benchmark-tls-ciphers\0"
+/* 3098 */ "Print a list of the supported algorithms and modes\0"
+/* 3149 */ "LIST\0"
+/* 3154 */ "list\0"
+/* 3159 */ "Display extended usage information and exit\0"
+/* 3203 */ "help\0"
+/* 3208 */ "Extended usage information passed thru pager\0"
+/* 3253 */ "more-help\0"
+/* 3263 */ "Output version information and exit\0"
+/* 3299 */ "version\0"
+/* 3307 */ "GNUTLS_CLI\0"
+/* 3318 */ "gnutls-cli - GnuTLS client - Ver. @address@hidden"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
[hostname]\n\0"
-/* 3360 */ "address@hidden"
-/* 3379 */ "\n\n\0"
-/* 3382 */ "\n"
+/* 3431 */ "address@hidden"
+/* 3450 */ "\n\n\0"
+/* 3453 */ "\n"
"Simple client program to set up a TLS connection to some other
computer. It\n"
"sets up a TLS connection and forwards data from the standard
input to the\n"
"secured socket and vice versa.\n\0"
-/* 3566 */ "gnutls-cli @address@hidden"
-/* 3587 */ "Usage: gnutls-cli [options] hostname\n"
+/* 3637 */ "gnutls-cli @address@hidden"
+/* 3658 */ "Usage: gnutls-cli [options] hostname\n"
"gnutls-cli --help for usage instructions.\n";
/*
@@ -262,11 +265,21 @@ static char const gnutls_cli_opt_strs[3667] =
#define DANE_FLAGS (OPTST_DISABLED)
/*
+ * ca-verification option description:
+ */
+#define CA_VERIFICATION_DESC (gnutls_cli_opt_strs+1072)
+#define CA_VERIFICATION_NAME (gnutls_cli_opt_strs+1108)
+#define NOT_CA_VERIFICATION_name (gnutls_cli_opt_strs+1124)
+#define NOT_CA_VERIFICATION_PFX (gnutls_cli_opt_strs+1010)
+#define CA_VERIFICATION_name (NOT_CA_VERIFICATION_name + 3)
+#define CA_VERIFICATION_FLAGS (OPTST_INITENABLED)
+
+/*
* ocsp option description:
*/
-#define OCSP_DESC (gnutls_cli_opt_strs+1072)
-#define OCSP_NAME (gnutls_cli_opt_strs+1109)
-#define NOT_OCSP_name (gnutls_cli_opt_strs+1114)
+#define OCSP_DESC (gnutls_cli_opt_strs+1143)
+#define OCSP_NAME (gnutls_cli_opt_strs+1180)
+#define NOT_OCSP_name (gnutls_cli_opt_strs+1185)
#define NOT_OCSP_PFX (gnutls_cli_opt_strs+1010)
#define OCSP_name (NOT_OCSP_name + 3)
#define OCSP_FLAGS (OPTST_DISABLED)
@@ -274,41 +287,41 @@ static char const gnutls_cli_opt_strs[3667] =
/*
* resume option description:
*/
-#define RESUME_DESC (gnutls_cli_opt_strs+1122)
-#define RESUME_NAME (gnutls_cli_opt_strs+1153)
-#define RESUME_name (gnutls_cli_opt_strs+1160)
+#define RESUME_DESC (gnutls_cli_opt_strs+1193)
+#define RESUME_NAME (gnutls_cli_opt_strs+1224)
+#define RESUME_name (gnutls_cli_opt_strs+1231)
#define RESUME_FLAGS (OPTST_DISABLED)
/*
* heartbeat option description:
*/
-#define HEARTBEAT_DESC (gnutls_cli_opt_strs+1167)
-#define HEARTBEAT_NAME (gnutls_cli_opt_strs+1194)
-#define HEARTBEAT_name (gnutls_cli_opt_strs+1204)
+#define HEARTBEAT_DESC (gnutls_cli_opt_strs+1238)
+#define HEARTBEAT_NAME (gnutls_cli_opt_strs+1265)
+#define HEARTBEAT_name (gnutls_cli_opt_strs+1275)
#define HEARTBEAT_FLAGS (OPTST_DISABLED)
/*
* rehandshake option description:
*/
-#define REHANDSHAKE_DESC (gnutls_cli_opt_strs+1214)
-#define REHANDSHAKE_NAME (gnutls_cli_opt_strs+1250)
-#define REHANDSHAKE_name (gnutls_cli_opt_strs+1262)
+#define REHANDSHAKE_DESC (gnutls_cli_opt_strs+1285)
+#define REHANDSHAKE_NAME (gnutls_cli_opt_strs+1321)
+#define REHANDSHAKE_name (gnutls_cli_opt_strs+1333)
#define REHANDSHAKE_FLAGS (OPTST_DISABLED)
/*
* noticket option description:
*/
-#define NOTICKET_DESC (gnutls_cli_opt_strs+1274)
-#define NOTICKET_NAME (gnutls_cli_opt_strs+1303)
-#define NOTICKET_name (gnutls_cli_opt_strs+1312)
+#define NOTICKET_DESC (gnutls_cli_opt_strs+1345)
+#define NOTICKET_NAME (gnutls_cli_opt_strs+1374)
+#define NOTICKET_name (gnutls_cli_opt_strs+1383)
#define NOTICKET_FLAGS (OPTST_DISABLED)
/*
* ocsp-status-request option description:
*/
-#define OCSP_STATUS_REQUEST_DESC (gnutls_cli_opt_strs+1321)
-#define OCSP_STATUS_REQUEST_NAME (gnutls_cli_opt_strs+1348)
-#define NOT_OCSP_STATUS_REQUEST_name (gnutls_cli_opt_strs+1368)
+#define OCSP_STATUS_REQUEST_DESC (gnutls_cli_opt_strs+1392)
+#define OCSP_STATUS_REQUEST_NAME (gnutls_cli_opt_strs+1419)
+#define NOT_OCSP_STATUS_REQUEST_name (gnutls_cli_opt_strs+1439)
#define NOT_OCSP_STATUS_REQUEST_PFX (gnutls_cli_opt_strs+1010)
#define OCSP_STATUS_REQUEST_name (NOT_OCSP_STATUS_REQUEST_name + 3)
#define OCSP_STATUS_REQUEST_FLAGS (OPTST_INITENABLED)
@@ -316,268 +329,268 @@ static char const gnutls_cli_opt_strs[3667] =
/*
* starttls option description:
*/
-#define STARTTLS_DESC (gnutls_cli_opt_strs+1391)
-#define STARTTLS_NAME (gnutls_cli_opt_strs+1441)
-#define STARTTLS_name (gnutls_cli_opt_strs+1450)
+#define STARTTLS_DESC (gnutls_cli_opt_strs+1462)
+#define STARTTLS_NAME (gnutls_cli_opt_strs+1512)
+#define STARTTLS_name (gnutls_cli_opt_strs+1521)
#define STARTTLS_FLAGS (OPTST_DISABLED)
/*
* udp option description:
*/
-#define UDP_DESC (gnutls_cli_opt_strs+1459)
-#define UDP_NAME (gnutls_cli_opt_strs+1492)
-#define UDP_name (gnutls_cli_opt_strs+1496)
+#define UDP_DESC (gnutls_cli_opt_strs+1530)
+#define UDP_NAME (gnutls_cli_opt_strs+1563)
+#define UDP_name (gnutls_cli_opt_strs+1567)
#define UDP_FLAGS (OPTST_DISABLED)
/*
* mtu option description:
*/
-#define MTU_DESC (gnutls_cli_opt_strs+1500)
-#define MTU_NAME (gnutls_cli_opt_strs+1525)
-#define MTU_name (gnutls_cli_opt_strs+1529)
+#define MTU_DESC (gnutls_cli_opt_strs+1571)
+#define MTU_NAME (gnutls_cli_opt_strs+1596)
+#define MTU_name (gnutls_cli_opt_strs+1600)
#define MTU_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
* crlf option description:
*/
-#define CRLF_DESC (gnutls_cli_opt_strs+1533)
-#define CRLF_NAME (gnutls_cli_opt_strs+1558)
-#define CRLF_name (gnutls_cli_opt_strs+1563)
+#define CRLF_DESC (gnutls_cli_opt_strs+1604)
+#define CRLF_NAME (gnutls_cli_opt_strs+1629)
+#define CRLF_name (gnutls_cli_opt_strs+1634)
#define CRLF_FLAGS (OPTST_DISABLED)
/*
* x509fmtder option description:
*/
-#define X509FMTDER_DESC (gnutls_cli_opt_strs+1568)
-#define X509FMTDER_NAME (gnutls_cli_opt_strs+1613)
-#define X509FMTDER_name (gnutls_cli_opt_strs+1624)
+#define X509FMTDER_DESC (gnutls_cli_opt_strs+1639)
+#define X509FMTDER_NAME (gnutls_cli_opt_strs+1684)
+#define X509FMTDER_name (gnutls_cli_opt_strs+1695)
#define X509FMTDER_FLAGS (OPTST_DISABLED)
/*
* fingerprint option description:
*/
-#define FINGERPRINT_DESC (gnutls_cli_opt_strs+1635)
-#define FINGERPRINT_NAME (gnutls_cli_opt_strs+1684)
-#define FINGERPRINT_name (gnutls_cli_opt_strs+1696)
+#define FINGERPRINT_DESC (gnutls_cli_opt_strs+1706)
+#define FINGERPRINT_NAME (gnutls_cli_opt_strs+1755)
+#define FINGERPRINT_name (gnutls_cli_opt_strs+1767)
#define FINGERPRINT_FLAGS (OPTST_DISABLED)
/*
* disable-extensions option description:
*/
-#define DISABLE_EXTENSIONS_DESC (gnutls_cli_opt_strs+1708)
-#define DISABLE_EXTENSIONS_NAME (gnutls_cli_opt_strs+1739)
-#define DISABLE_EXTENSIONS_name (gnutls_cli_opt_strs+1758)
+#define DISABLE_EXTENSIONS_DESC (gnutls_cli_opt_strs+1779)
+#define DISABLE_EXTENSIONS_NAME (gnutls_cli_opt_strs+1810)
+#define DISABLE_EXTENSIONS_name (gnutls_cli_opt_strs+1829)
#define DISABLE_EXTENSIONS_FLAGS (OPTST_DISABLED)
/*
* print-cert option description:
*/
-#define PRINT_CERT_DESC (gnutls_cli_opt_strs+1777)
-#define PRINT_CERT_NAME (gnutls_cli_opt_strs+1816)
-#define PRINT_CERT_name (gnutls_cli_opt_strs+1827)
+#define PRINT_CERT_DESC (gnutls_cli_opt_strs+1848)
+#define PRINT_CERT_NAME (gnutls_cli_opt_strs+1887)
+#define PRINT_CERT_name (gnutls_cli_opt_strs+1898)
#define PRINT_CERT_FLAGS (OPTST_DISABLED)
/*
* recordsize option description:
*/
-#define RECORDSIZE_DESC (gnutls_cli_opt_strs+1838)
-#define RECORDSIZE_NAME (gnutls_cli_opt_strs+1875)
-#define RECORDSIZE_name (gnutls_cli_opt_strs+1886)
+#define RECORDSIZE_DESC (gnutls_cli_opt_strs+1909)
+#define RECORDSIZE_NAME (gnutls_cli_opt_strs+1946)
+#define RECORDSIZE_name (gnutls_cli_opt_strs+1957)
#define RECORDSIZE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
* dh-bits option description:
*/
-#define DH_BITS_DESC (gnutls_cli_opt_strs+1897)
-#define DH_BITS_NAME (gnutls_cli_opt_strs+1939)
-#define DH_BITS_name (gnutls_cli_opt_strs+1947)
+#define DH_BITS_DESC (gnutls_cli_opt_strs+1968)
+#define DH_BITS_NAME (gnutls_cli_opt_strs+2010)
+#define DH_BITS_name (gnutls_cli_opt_strs+2018)
#define DH_BITS_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
* priority option description:
*/
-#define PRIORITY_DESC (gnutls_cli_opt_strs+1955)
-#define PRIORITY_NAME (gnutls_cli_opt_strs+1973)
-#define PRIORITY_name (gnutls_cli_opt_strs+1982)
+#define PRIORITY_DESC (gnutls_cli_opt_strs+2026)
+#define PRIORITY_NAME (gnutls_cli_opt_strs+2044)
+#define PRIORITY_name (gnutls_cli_opt_strs+2053)
#define PRIORITY_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* x509cafile option description:
*/
-#define X509CAFILE_DESC (gnutls_cli_opt_strs+1991)
-#define X509CAFILE_NAME (gnutls_cli_opt_strs+2031)
-#define X509CAFILE_name (gnutls_cli_opt_strs+2042)
+#define X509CAFILE_DESC (gnutls_cli_opt_strs+2062)
+#define X509CAFILE_NAME (gnutls_cli_opt_strs+2102)
+#define X509CAFILE_name (gnutls_cli_opt_strs+2113)
#define X509CAFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* x509crlfile option description:
*/
-#define X509CRLFILE_DESC (gnutls_cli_opt_strs+2053)
-#define X509CRLFILE_NAME (gnutls_cli_opt_strs+2069)
-#define X509CRLFILE_name (gnutls_cli_opt_strs+2081)
+#define X509CRLFILE_DESC (gnutls_cli_opt_strs+2124)
+#define X509CRLFILE_NAME (gnutls_cli_opt_strs+2140)
+#define X509CRLFILE_name (gnutls_cli_opt_strs+2152)
#define X509CRLFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
/*
* pgpkeyfile option description:
*/
-#define PGPKEYFILE_DESC (gnutls_cli_opt_strs+2093)
-#define PGPKEYFILE_NAME (gnutls_cli_opt_strs+2113)
-#define PGPKEYFILE_name (gnutls_cli_opt_strs+2124)
+#define PGPKEYFILE_DESC (gnutls_cli_opt_strs+2164)
+#define PGPKEYFILE_NAME (gnutls_cli_opt_strs+2184)
+#define PGPKEYFILE_name (gnutls_cli_opt_strs+2195)
#define PGPKEYFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
/*
* pgpkeyring option description:
*/
-#define PGPKEYRING_DESC (gnutls_cli_opt_strs+2135)
-#define PGPKEYRING_NAME (gnutls_cli_opt_strs+2160)
-#define PGPKEYRING_name (gnutls_cli_opt_strs+2171)
+#define PGPKEYRING_DESC (gnutls_cli_opt_strs+2206)
+#define PGPKEYRING_NAME (gnutls_cli_opt_strs+2231)
+#define PGPKEYRING_name (gnutls_cli_opt_strs+2242)
#define PGPKEYRING_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
/*
* pgpcertfile option description:
*/
-#define PGPCERTFILE_DESC (gnutls_cli_opt_strs+2182)
-#define PGPCERTFILE_NAME (gnutls_cli_opt_strs+2223)
-#define PGPCERTFILE_name (gnutls_cli_opt_strs+2235)
+#define PGPCERTFILE_DESC (gnutls_cli_opt_strs+2253)
+#define PGPCERTFILE_NAME (gnutls_cli_opt_strs+2294)
+#define PGPCERTFILE_name (gnutls_cli_opt_strs+2306)
#define PGPCERTFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
/*
* x509keyfile option description:
*/
-#define X509KEYFILE_DESC (gnutls_cli_opt_strs+2247)
-#define X509KEYFILE_NAME (gnutls_cli_opt_strs+2285)
-#define X509KEYFILE_name (gnutls_cli_opt_strs+2297)
+#define X509KEYFILE_DESC (gnutls_cli_opt_strs+2318)
+#define X509KEYFILE_NAME (gnutls_cli_opt_strs+2356)
+#define X509KEYFILE_name (gnutls_cli_opt_strs+2368)
#define X509KEYFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* x509certfile option description:
*/
-#define X509CERTFILE_DESC (gnutls_cli_opt_strs+2309)
-#define X509CERTFILE_NAME (gnutls_cli_opt_strs+2355)
-#define X509CERTFILE_name (gnutls_cli_opt_strs+2368)
+#define X509CERTFILE_DESC (gnutls_cli_opt_strs+2380)
+#define X509CERTFILE_NAME (gnutls_cli_opt_strs+2426)
+#define X509CERTFILE_name (gnutls_cli_opt_strs+2439)
#define X509CERTFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* pgpsubkey option description:
*/
-#define PGPSUBKEY_DESC (gnutls_cli_opt_strs+2381)
-#define PGPSUBKEY_NAME (gnutls_cli_opt_strs+2413)
-#define PGPSUBKEY_name (gnutls_cli_opt_strs+2423)
+#define PGPSUBKEY_DESC (gnutls_cli_opt_strs+2452)
+#define PGPSUBKEY_NAME (gnutls_cli_opt_strs+2484)
+#define PGPSUBKEY_name (gnutls_cli_opt_strs+2494)
#define PGPSUBKEY_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* srpusername option description:
*/
-#define SRPUSERNAME_DESC (gnutls_cli_opt_strs+2433)
-#define SRPUSERNAME_NAME (gnutls_cli_opt_strs+2453)
-#define SRPUSERNAME_name (gnutls_cli_opt_strs+2465)
+#define SRPUSERNAME_DESC (gnutls_cli_opt_strs+2504)
+#define SRPUSERNAME_NAME (gnutls_cli_opt_strs+2524)
+#define SRPUSERNAME_name (gnutls_cli_opt_strs+2536)
#define SRPUSERNAME_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* srppasswd option description:
*/
-#define SRPPASSWD_DESC (gnutls_cli_opt_strs+2477)
-#define SRPPASSWD_NAME (gnutls_cli_opt_strs+2497)
-#define SRPPASSWD_name (gnutls_cli_opt_strs+2507)
+#define SRPPASSWD_DESC (gnutls_cli_opt_strs+2548)
+#define SRPPASSWD_NAME (gnutls_cli_opt_strs+2568)
+#define SRPPASSWD_name (gnutls_cli_opt_strs+2578)
#define SRPPASSWD_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* pskusername option description:
*/
-#define PSKUSERNAME_DESC (gnutls_cli_opt_strs+2517)
-#define PSKUSERNAME_NAME (gnutls_cli_opt_strs+2537)
-#define PSKUSERNAME_name (gnutls_cli_opt_strs+2549)
+#define PSKUSERNAME_DESC (gnutls_cli_opt_strs+2588)
+#define PSKUSERNAME_NAME (gnutls_cli_opt_strs+2608)
+#define PSKUSERNAME_name (gnutls_cli_opt_strs+2620)
#define PSKUSERNAME_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* pskkey option description:
*/
-#define PSKKEY_DESC (gnutls_cli_opt_strs+2561)
-#define PSKKEY_NAME (gnutls_cli_opt_strs+2585)
-#define PSKKEY_name (gnutls_cli_opt_strs+2592)
+#define PSKKEY_DESC (gnutls_cli_opt_strs+2632)
+#define PSKKEY_NAME (gnutls_cli_opt_strs+2656)
+#define PSKKEY_name (gnutls_cli_opt_strs+2663)
#define PSKKEY_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* port option description:
*/
-#define PORT_DESC (gnutls_cli_opt_strs+2599)
-#define PORT_NAME (gnutls_cli_opt_strs+2633)
-#define PORT_name (gnutls_cli_opt_strs+2638)
+#define PORT_DESC (gnutls_cli_opt_strs+2670)
+#define PORT_NAME (gnutls_cli_opt_strs+2704)
+#define PORT_name (gnutls_cli_opt_strs+2709)
#define PORT_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* insecure option description:
*/
-#define INSECURE_DESC (gnutls_cli_opt_strs+2643)
-#define INSECURE_NAME (gnutls_cli_opt_strs+2704)
-#define INSECURE_name (gnutls_cli_opt_strs+2713)
+#define INSECURE_DESC (gnutls_cli_opt_strs+2714)
+#define INSECURE_NAME (gnutls_cli_opt_strs+2775)
+#define INSECURE_name (gnutls_cli_opt_strs+2784)
#define INSECURE_FLAGS (OPTST_DISABLED)
/*
* benchmark-ciphers option description:
*/
-#define BENCHMARK_CIPHERS_DESC (gnutls_cli_opt_strs+2722)
-#define BENCHMARK_CIPHERS_NAME (gnutls_cli_opt_strs+2751)
-#define BENCHMARK_CIPHERS_name (gnutls_cli_opt_strs+2769)
+#define BENCHMARK_CIPHERS_DESC (gnutls_cli_opt_strs+2793)
+#define BENCHMARK_CIPHERS_NAME (gnutls_cli_opt_strs+2822)
+#define BENCHMARK_CIPHERS_name (gnutls_cli_opt_strs+2840)
#define BENCHMARK_CIPHERS_FLAGS (OPTST_DISABLED)
/*
* benchmark-soft-ciphers option description:
*/
-#define BENCHMARK_SOFT_CIPHERS_DESC (gnutls_cli_opt_strs+2787)
-#define BENCHMARK_SOFT_CIPHERS_NAME (gnutls_cli_opt_strs+2846)
-#define BENCHMARK_SOFT_CIPHERS_name (gnutls_cli_opt_strs+2869)
+#define BENCHMARK_SOFT_CIPHERS_DESC (gnutls_cli_opt_strs+2858)
+#define BENCHMARK_SOFT_CIPHERS_NAME (gnutls_cli_opt_strs+2917)
+#define BENCHMARK_SOFT_CIPHERS_name (gnutls_cli_opt_strs+2940)
#define BENCHMARK_SOFT_CIPHERS_FLAGS (OPTST_DISABLED)
/*
* benchmark-tls-kx option description:
*/
-#define BENCHMARK_TLS_KX_DESC (gnutls_cli_opt_strs+2892)
-#define BENCHMARK_TLS_KX_NAME (gnutls_cli_opt_strs+2927)
-#define BENCHMARK_TLS_KX_name (gnutls_cli_opt_strs+2944)
+#define BENCHMARK_TLS_KX_DESC (gnutls_cli_opt_strs+2963)
+#define BENCHMARK_TLS_KX_NAME (gnutls_cli_opt_strs+2998)
+#define BENCHMARK_TLS_KX_name (gnutls_cli_opt_strs+3015)
#define BENCHMARK_TLS_KX_FLAGS (OPTST_DISABLED)
/*
* benchmark-tls-ciphers option description:
*/
-#define BENCHMARK_TLS_CIPHERS_DESC (gnutls_cli_opt_strs+2961)
-#define BENCHMARK_TLS_CIPHERS_NAME (gnutls_cli_opt_strs+2983)
-#define BENCHMARK_TLS_CIPHERS_name (gnutls_cli_opt_strs+3005)
+#define BENCHMARK_TLS_CIPHERS_DESC (gnutls_cli_opt_strs+3032)
+#define BENCHMARK_TLS_CIPHERS_NAME (gnutls_cli_opt_strs+3054)
+#define BENCHMARK_TLS_CIPHERS_name (gnutls_cli_opt_strs+3076)
#define BENCHMARK_TLS_CIPHERS_FLAGS (OPTST_DISABLED)
/*
* list option description:
*/
-#define LIST_DESC (gnutls_cli_opt_strs+3027)
-#define LIST_NAME (gnutls_cli_opt_strs+3078)
-#define LIST_name (gnutls_cli_opt_strs+3083)
+#define LIST_DESC (gnutls_cli_opt_strs+3098)
+#define LIST_NAME (gnutls_cli_opt_strs+3149)
+#define LIST_name (gnutls_cli_opt_strs+3154)
#define LIST_FLAGS (OPTST_DISABLED)
/*
* Help/More_Help/Version option descriptions:
*/
-#define HELP_DESC (gnutls_cli_opt_strs+3088)
-#define HELP_name (gnutls_cli_opt_strs+3132)
+#define HELP_DESC (gnutls_cli_opt_strs+3159)
+#define HELP_name (gnutls_cli_opt_strs+3203)
#ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC (gnutls_cli_opt_strs+3137)
-#define MORE_HELP_name (gnutls_cli_opt_strs+3182)
+#define MORE_HELP_DESC (gnutls_cli_opt_strs+3208)
+#define MORE_HELP_name (gnutls_cli_opt_strs+3253)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC NULL
@@ -590,8 +603,8 @@ static char const gnutls_cli_opt_strs[3667] =
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
-#define VER_DESC (gnutls_cli_opt_strs+3192)
-#define VER_name (gnutls_cli_opt_strs+3228)
+#define VER_DESC (gnutls_cli_opt_strs+3263)
+#define VER_name (gnutls_cli_opt_strs+3299)
/*
* Declare option callback procedures
*/
@@ -660,8 +673,20 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DANE_DESC, DANE_NAME, DANE_name,
/* disablement strs */ NOT_DANE_name, NOT_DANE_PFX },
- { /* entry idx, value */ 4, VALUE_OPT_OCSP,
- /* equiv idx, value */ 4, VALUE_OPT_OCSP,
+ { /* entry idx, value */ 4, VALUE_OPT_CA_VERIFICATION,
+ /* equiv idx, value */ 4, VALUE_OPT_CA_VERIFICATION,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ CA_VERIFICATION_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --ca-verification */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ CA_VERIFICATION_DESC, CA_VERIFICATION_NAME,
CA_VERIFICATION_name,
+ /* disablement strs */ NOT_CA_VERIFICATION_name, NOT_CA_VERIFICATION_PFX
},
+
+ { /* entry idx, value */ 5, VALUE_OPT_OCSP,
+ /* equiv idx, value */ 5, VALUE_OPT_OCSP,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ OCSP_FLAGS, 0,
@@ -672,8 +697,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ OCSP_DESC, OCSP_NAME, OCSP_name,
/* disablement strs */ NOT_OCSP_name, NOT_OCSP_PFX },
- { /* entry idx, value */ 5, VALUE_OPT_RESUME,
- /* equiv idx, value */ 5, VALUE_OPT_RESUME,
+ { /* entry idx, value */ 6, VALUE_OPT_RESUME,
+ /* equiv idx, value */ 6, VALUE_OPT_RESUME,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ RESUME_FLAGS, 0,
@@ -684,8 +709,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ RESUME_DESC, RESUME_NAME, RESUME_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 6, VALUE_OPT_HEARTBEAT,
- /* equiv idx, value */ 6, VALUE_OPT_HEARTBEAT,
+ { /* entry idx, value */ 7, VALUE_OPT_HEARTBEAT,
+ /* equiv idx, value */ 7, VALUE_OPT_HEARTBEAT,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ HEARTBEAT_FLAGS, 0,
@@ -696,8 +721,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ HEARTBEAT_DESC, HEARTBEAT_NAME, HEARTBEAT_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 7, VALUE_OPT_REHANDSHAKE,
- /* equiv idx, value */ 7, VALUE_OPT_REHANDSHAKE,
+ { /* entry idx, value */ 8, VALUE_OPT_REHANDSHAKE,
+ /* equiv idx, value */ 8, VALUE_OPT_REHANDSHAKE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ REHANDSHAKE_FLAGS, 0,
@@ -708,8 +733,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ REHANDSHAKE_DESC, REHANDSHAKE_NAME,
REHANDSHAKE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 8, VALUE_OPT_NOTICKET,
- /* equiv idx, value */ 8, VALUE_OPT_NOTICKET,
+ { /* entry idx, value */ 9, VALUE_OPT_NOTICKET,
+ /* equiv idx, value */ 9, VALUE_OPT_NOTICKET,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ NOTICKET_FLAGS, 0,
@@ -720,8 +745,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ NOTICKET_DESC, NOTICKET_NAME, NOTICKET_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 9, VALUE_OPT_OCSP_STATUS_REQUEST,
- /* equiv idx, value */ 9, VALUE_OPT_OCSP_STATUS_REQUEST,
+ { /* entry idx, value */ 10, VALUE_OPT_OCSP_STATUS_REQUEST,
+ /* equiv idx, value */ 10, VALUE_OPT_OCSP_STATUS_REQUEST,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ OCSP_STATUS_REQUEST_FLAGS, 0,
@@ -732,8 +757,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ OCSP_STATUS_REQUEST_DESC,
OCSP_STATUS_REQUEST_NAME, OCSP_STATUS_REQUEST_name,
/* disablement strs */ NOT_OCSP_STATUS_REQUEST_name,
NOT_OCSP_STATUS_REQUEST_PFX },
- { /* entry idx, value */ 10, VALUE_OPT_STARTTLS,
- /* equiv idx, value */ 10, VALUE_OPT_STARTTLS,
+ { /* entry idx, value */ 11, VALUE_OPT_STARTTLS,
+ /* equiv idx, value */ 11, VALUE_OPT_STARTTLS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ STARTTLS_FLAGS, 0,
@@ -744,8 +769,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ STARTTLS_DESC, STARTTLS_NAME, STARTTLS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 11, VALUE_OPT_UDP,
- /* equiv idx, value */ 11, VALUE_OPT_UDP,
+ { /* entry idx, value */ 12, VALUE_OPT_UDP,
+ /* equiv idx, value */ 12, VALUE_OPT_UDP,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ UDP_FLAGS, 0,
@@ -756,8 +781,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ UDP_DESC, UDP_NAME, UDP_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 12, VALUE_OPT_MTU,
- /* equiv idx, value */ 12, VALUE_OPT_MTU,
+ { /* entry idx, value */ 13, VALUE_OPT_MTU,
+ /* equiv idx, value */ 13, VALUE_OPT_MTU,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ MTU_FLAGS, 0,
@@ -768,8 +793,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ MTU_DESC, MTU_NAME, MTU_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 13, VALUE_OPT_CRLF,
- /* equiv idx, value */ 13, VALUE_OPT_CRLF,
+ { /* entry idx, value */ 14, VALUE_OPT_CRLF,
+ /* equiv idx, value */ 14, VALUE_OPT_CRLF,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CRLF_FLAGS, 0,
@@ -780,8 +805,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CRLF_DESC, CRLF_NAME, CRLF_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 14, VALUE_OPT_X509FMTDER,
- /* equiv idx, value */ 14, VALUE_OPT_X509FMTDER,
+ { /* entry idx, value */ 15, VALUE_OPT_X509FMTDER,
+ /* equiv idx, value */ 15, VALUE_OPT_X509FMTDER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ X509FMTDER_FLAGS, 0,
@@ -792,8 +817,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ X509FMTDER_DESC, X509FMTDER_NAME, X509FMTDER_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 15, VALUE_OPT_FINGERPRINT,
- /* equiv idx, value */ 15, VALUE_OPT_FINGERPRINT,
+ { /* entry idx, value */ 16, VALUE_OPT_FINGERPRINT,
+ /* equiv idx, value */ 16, VALUE_OPT_FINGERPRINT,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ FINGERPRINT_FLAGS, 0,
@@ -804,8 +829,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ FINGERPRINT_DESC, FINGERPRINT_NAME,
FINGERPRINT_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 16, VALUE_OPT_DISABLE_EXTENSIONS,
- /* equiv idx, value */ 16, VALUE_OPT_DISABLE_EXTENSIONS,
+ { /* entry idx, value */ 17, VALUE_OPT_DISABLE_EXTENSIONS,
+ /* equiv idx, value */ 17, VALUE_OPT_DISABLE_EXTENSIONS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DISABLE_EXTENSIONS_FLAGS, 0,
@@ -816,8 +841,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DISABLE_EXTENSIONS_DESC, DISABLE_EXTENSIONS_NAME,
DISABLE_EXTENSIONS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 17, VALUE_OPT_PRINT_CERT,
- /* equiv idx, value */ 17, VALUE_OPT_PRINT_CERT,
+ { /* entry idx, value */ 18, VALUE_OPT_PRINT_CERT,
+ /* equiv idx, value */ 18, VALUE_OPT_PRINT_CERT,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PRINT_CERT_FLAGS, 0,
@@ -828,8 +853,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PRINT_CERT_DESC, PRINT_CERT_NAME, PRINT_CERT_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 18, VALUE_OPT_RECORDSIZE,
- /* equiv idx, value */ 18, VALUE_OPT_RECORDSIZE,
+ { /* entry idx, value */ 19, VALUE_OPT_RECORDSIZE,
+ /* equiv idx, value */ 19, VALUE_OPT_RECORDSIZE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ RECORDSIZE_FLAGS, 0,
@@ -840,8 +865,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ RECORDSIZE_DESC, RECORDSIZE_NAME, RECORDSIZE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 19, VALUE_OPT_DH_BITS,
- /* equiv idx, value */ 19, VALUE_OPT_DH_BITS,
+ { /* entry idx, value */ 20, VALUE_OPT_DH_BITS,
+ /* equiv idx, value */ 20, VALUE_OPT_DH_BITS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DH_BITS_FLAGS, 0,
@@ -852,8 +877,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DH_BITS_DESC, DH_BITS_NAME, DH_BITS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 20, VALUE_OPT_PRIORITY,
- /* equiv idx, value */ 20, VALUE_OPT_PRIORITY,
+ { /* entry idx, value */ 21, VALUE_OPT_PRIORITY,
+ /* equiv idx, value */ 21, VALUE_OPT_PRIORITY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PRIORITY_FLAGS, 0,
@@ -864,8 +889,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PRIORITY_DESC, PRIORITY_NAME, PRIORITY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 21, VALUE_OPT_X509CAFILE,
- /* equiv idx, value */ 21, VALUE_OPT_X509CAFILE,
+ { /* entry idx, value */ 22, VALUE_OPT_X509CAFILE,
+ /* equiv idx, value */ 22, VALUE_OPT_X509CAFILE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ X509CAFILE_FLAGS, 0,
@@ -876,8 +901,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ X509CAFILE_DESC, X509CAFILE_NAME, X509CAFILE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 22, VALUE_OPT_X509CRLFILE,
- /* equiv idx, value */ 22, VALUE_OPT_X509CRLFILE,
+ { /* entry idx, value */ 23, VALUE_OPT_X509CRLFILE,
+ /* equiv idx, value */ 23, VALUE_OPT_X509CRLFILE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ X509CRLFILE_FLAGS, 0,
@@ -888,8 +913,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ X509CRLFILE_DESC, X509CRLFILE_NAME,
X509CRLFILE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 23, VALUE_OPT_PGPKEYFILE,
- /* equiv idx, value */ 23, VALUE_OPT_PGPKEYFILE,
+ { /* entry idx, value */ 24, VALUE_OPT_PGPKEYFILE,
+ /* equiv idx, value */ 24, VALUE_OPT_PGPKEYFILE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGPKEYFILE_FLAGS, 0,
@@ -900,8 +925,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGPKEYFILE_DESC, PGPKEYFILE_NAME, PGPKEYFILE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 24, VALUE_OPT_PGPKEYRING,
- /* equiv idx, value */ 24, VALUE_OPT_PGPKEYRING,
+ { /* entry idx, value */ 25, VALUE_OPT_PGPKEYRING,
+ /* equiv idx, value */ 25, VALUE_OPT_PGPKEYRING,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGPKEYRING_FLAGS, 0,
@@ -912,8 +937,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGPKEYRING_DESC, PGPKEYRING_NAME, PGPKEYRING_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 25, VALUE_OPT_PGPCERTFILE,
- /* equiv idx, value */ 25, VALUE_OPT_PGPCERTFILE,
+ { /* entry idx, value */ 26, VALUE_OPT_PGPCERTFILE,
+ /* equiv idx, value */ 26, VALUE_OPT_PGPCERTFILE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGPCERTFILE_FLAGS, 0,
@@ -924,8 +949,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGPCERTFILE_DESC, PGPCERTFILE_NAME,
PGPCERTFILE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 26, VALUE_OPT_X509KEYFILE,
- /* equiv idx, value */ 26, VALUE_OPT_X509KEYFILE,
+ { /* entry idx, value */ 27, VALUE_OPT_X509KEYFILE,
+ /* equiv idx, value */ 27, VALUE_OPT_X509KEYFILE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ X509KEYFILE_FLAGS, 0,
@@ -936,8 +961,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ X509KEYFILE_DESC, X509KEYFILE_NAME,
X509KEYFILE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 27, VALUE_OPT_X509CERTFILE,
- /* equiv idx, value */ 27, VALUE_OPT_X509CERTFILE,
+ { /* entry idx, value */ 28, VALUE_OPT_X509CERTFILE,
+ /* equiv idx, value */ 28, VALUE_OPT_X509CERTFILE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ X509CERTFILE_FLAGS, 0,
@@ -948,8 +973,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ X509CERTFILE_DESC, X509CERTFILE_NAME,
X509CERTFILE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 28, VALUE_OPT_PGPSUBKEY,
- /* equiv idx, value */ 28, VALUE_OPT_PGPSUBKEY,
+ { /* entry idx, value */ 29, VALUE_OPT_PGPSUBKEY,
+ /* equiv idx, value */ 29, VALUE_OPT_PGPSUBKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGPSUBKEY_FLAGS, 0,
@@ -960,8 +985,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGPSUBKEY_DESC, PGPSUBKEY_NAME, PGPSUBKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 29, VALUE_OPT_SRPUSERNAME,
- /* equiv idx, value */ 29, VALUE_OPT_SRPUSERNAME,
+ { /* entry idx, value */ 30, VALUE_OPT_SRPUSERNAME,
+ /* equiv idx, value */ 30, VALUE_OPT_SRPUSERNAME,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SRPUSERNAME_FLAGS, 0,
@@ -972,8 +997,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SRPUSERNAME_DESC, SRPUSERNAME_NAME,
SRPUSERNAME_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 30, VALUE_OPT_SRPPASSWD,
- /* equiv idx, value */ 30, VALUE_OPT_SRPPASSWD,
+ { /* entry idx, value */ 31, VALUE_OPT_SRPPASSWD,
+ /* equiv idx, value */ 31, VALUE_OPT_SRPPASSWD,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SRPPASSWD_FLAGS, 0,
@@ -984,8 +1009,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SRPPASSWD_DESC, SRPPASSWD_NAME, SRPPASSWD_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 31, VALUE_OPT_PSKUSERNAME,
- /* equiv idx, value */ 31, VALUE_OPT_PSKUSERNAME,
+ { /* entry idx, value */ 32, VALUE_OPT_PSKUSERNAME,
+ /* equiv idx, value */ 32, VALUE_OPT_PSKUSERNAME,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PSKUSERNAME_FLAGS, 0,
@@ -996,8 +1021,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PSKUSERNAME_DESC, PSKUSERNAME_NAME,
PSKUSERNAME_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 32, VALUE_OPT_PSKKEY,
- /* equiv idx, value */ 32, VALUE_OPT_PSKKEY,
+ { /* entry idx, value */ 33, VALUE_OPT_PSKKEY,
+ /* equiv idx, value */ 33, VALUE_OPT_PSKKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PSKKEY_FLAGS, 0,
@@ -1008,8 +1033,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PSKKEY_DESC, PSKKEY_NAME, PSKKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 33, VALUE_OPT_PORT,
- /* equiv idx, value */ 33, VALUE_OPT_PORT,
+ { /* entry idx, value */ 34, VALUE_OPT_PORT,
+ /* equiv idx, value */ 34, VALUE_OPT_PORT,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PORT_FLAGS, 0,
@@ -1020,8 +1045,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PORT_DESC, PORT_NAME, PORT_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 34, VALUE_OPT_INSECURE,
- /* equiv idx, value */ 34, VALUE_OPT_INSECURE,
+ { /* entry idx, value */ 35, VALUE_OPT_INSECURE,
+ /* equiv idx, value */ 35, VALUE_OPT_INSECURE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ INSECURE_FLAGS, 0,
@@ -1032,8 +1057,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ INSECURE_DESC, INSECURE_NAME, INSECURE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 35, VALUE_OPT_BENCHMARK_CIPHERS,
- /* equiv idx, value */ 35, VALUE_OPT_BENCHMARK_CIPHERS,
+ { /* entry idx, value */ 36, VALUE_OPT_BENCHMARK_CIPHERS,
+ /* equiv idx, value */ 36, VALUE_OPT_BENCHMARK_CIPHERS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ BENCHMARK_CIPHERS_FLAGS, 0,
@@ -1044,8 +1069,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ BENCHMARK_CIPHERS_DESC, BENCHMARK_CIPHERS_NAME,
BENCHMARK_CIPHERS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 36, VALUE_OPT_BENCHMARK_SOFT_CIPHERS,
- /* equiv idx, value */ 36, VALUE_OPT_BENCHMARK_SOFT_CIPHERS,
+ { /* entry idx, value */ 37, VALUE_OPT_BENCHMARK_SOFT_CIPHERS,
+ /* equiv idx, value */ 37, VALUE_OPT_BENCHMARK_SOFT_CIPHERS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ BENCHMARK_SOFT_CIPHERS_FLAGS, 0,
@@ -1056,8 +1081,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ BENCHMARK_SOFT_CIPHERS_DESC,
BENCHMARK_SOFT_CIPHERS_NAME, BENCHMARK_SOFT_CIPHERS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 37, VALUE_OPT_BENCHMARK_TLS_KX,
- /* equiv idx, value */ 37, VALUE_OPT_BENCHMARK_TLS_KX,
+ { /* entry idx, value */ 38, VALUE_OPT_BENCHMARK_TLS_KX,
+ /* equiv idx, value */ 38, VALUE_OPT_BENCHMARK_TLS_KX,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ BENCHMARK_TLS_KX_FLAGS, 0,
@@ -1068,8 +1093,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ BENCHMARK_TLS_KX_DESC, BENCHMARK_TLS_KX_NAME,
BENCHMARK_TLS_KX_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 38, VALUE_OPT_BENCHMARK_TLS_CIPHERS,
- /* equiv idx, value */ 38, VALUE_OPT_BENCHMARK_TLS_CIPHERS,
+ { /* entry idx, value */ 39, VALUE_OPT_BENCHMARK_TLS_CIPHERS,
+ /* equiv idx, value */ 39, VALUE_OPT_BENCHMARK_TLS_CIPHERS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ BENCHMARK_TLS_CIPHERS_FLAGS, 0,
@@ -1080,8 +1105,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ BENCHMARK_TLS_CIPHERS_DESC,
BENCHMARK_TLS_CIPHERS_NAME, BENCHMARK_TLS_CIPHERS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 39, VALUE_OPT_LIST,
- /* equiv idx, value */ 39, VALUE_OPT_LIST,
+ { /* entry idx, value */ 40, VALUE_OPT_LIST,
+ /* equiv idx, value */ 40, VALUE_OPT_LIST,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ LIST_FLAGS, 0,
@@ -1136,14 +1161,14 @@ static tOptDesc optDesc[OPTION_CT] = {
*
* Define the gnutls-cli Option Environment
*/
-#define zPROGNAME (gnutls_cli_opt_strs+3236)
-#define zUsageTitle (gnutls_cli_opt_strs+3247)
+#define zPROGNAME (gnutls_cli_opt_strs+3307)
+#define zUsageTitle (gnutls_cli_opt_strs+3318)
#define zRcName NULL
#define apzHomeList NULL
-#define zBugsAddr (gnutls_cli_opt_strs+3360)
-#define zExplain (gnutls_cli_opt_strs+3379)
-#define zDetail (gnutls_cli_opt_strs+3382)
-#define zFullVersion (gnutls_cli_opt_strs+3566)
+#define zBugsAddr (gnutls_cli_opt_strs+3431)
+#define zExplain (gnutls_cli_opt_strs+3450)
+#define zDetail (gnutls_cli_opt_strs+3453)
+#define zFullVersion (gnutls_cli_opt_strs+3637)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -1157,7 +1182,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define gnutls_cli_full_usage (NULL)
-#define gnutls_cli_short_usage (gnutls_cli_opt_strs+3587)
+#define gnutls_cli_short_usage (gnutls_cli_opt_strs+3658)
#endif /* not defined __doxygen__ */
@@ -1435,7 +1460,7 @@ tOptions gnutls_cliOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 43 /* full option count */, 40 /* user option count */,
+ 44 /* full option count */, 41 /* user option count */,
gnutls_cli_full_usage, gnutls_cli_short_usage,
NULL, NULL,
PKGDATADIR, gnutls_cli_packager_info
diff --git a/src/cli-args.def b/src/cli-args.def
index 954faea..a23e0a5 100644
--- a/src/cli-args.def
+++ b/src/cli-args.def
@@ -31,6 +31,14 @@ available via DNSSEC.";
};
flag = {
+ name = ca-verification;
+ descrip = "Disable CA certificate verification";
+ enabled;
+ disable = "no";
+ doc = "This option will disable CA certificate verification. It is
to be used with the --dane or --tofu options.";
+};
+
+flag = {
name = ocsp;
descrip = "Enable OCSP certificate verification";
disabled;
diff --git a/src/cli-args.h b/src/cli-args.h
index adc0730..55d2138 100644
--- a/src/cli-args.h
+++ b/src/cli-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (cli-args.h)
*
- * It has been AutoGen-ed October 6, 2012 at 03:20:01 AM by AutoGen 5.16
+ * It has been AutoGen-ed October 7, 2012 at 12:14:56 AM by AutoGen 5.16
* From the definitions cli-args.def
* and the template file options
*
@@ -71,48 +71,49 @@ typedef enum {
INDEX_OPT_VERBOSE = 1,
INDEX_OPT_TOFU = 2,
INDEX_OPT_DANE = 3,
- INDEX_OPT_OCSP = 4,
- INDEX_OPT_RESUME = 5,
- INDEX_OPT_HEARTBEAT = 6,
- INDEX_OPT_REHANDSHAKE = 7,
- INDEX_OPT_NOTICKET = 8,
- INDEX_OPT_OCSP_STATUS_REQUEST = 9,
- INDEX_OPT_STARTTLS = 10,
- INDEX_OPT_UDP = 11,
- INDEX_OPT_MTU = 12,
- INDEX_OPT_CRLF = 13,
- INDEX_OPT_X509FMTDER = 14,
- INDEX_OPT_FINGERPRINT = 15,
- INDEX_OPT_DISABLE_EXTENSIONS = 16,
- INDEX_OPT_PRINT_CERT = 17,
- INDEX_OPT_RECORDSIZE = 18,
- INDEX_OPT_DH_BITS = 19,
- INDEX_OPT_PRIORITY = 20,
- INDEX_OPT_X509CAFILE = 21,
- INDEX_OPT_X509CRLFILE = 22,
- INDEX_OPT_PGPKEYFILE = 23,
- INDEX_OPT_PGPKEYRING = 24,
- INDEX_OPT_PGPCERTFILE = 25,
- INDEX_OPT_X509KEYFILE = 26,
- INDEX_OPT_X509CERTFILE = 27,
- INDEX_OPT_PGPSUBKEY = 28,
- INDEX_OPT_SRPUSERNAME = 29,
- INDEX_OPT_SRPPASSWD = 30,
- INDEX_OPT_PSKUSERNAME = 31,
- INDEX_OPT_PSKKEY = 32,
- INDEX_OPT_PORT = 33,
- INDEX_OPT_INSECURE = 34,
- INDEX_OPT_BENCHMARK_CIPHERS = 35,
- INDEX_OPT_BENCHMARK_SOFT_CIPHERS = 36,
- INDEX_OPT_BENCHMARK_TLS_KX = 37,
- INDEX_OPT_BENCHMARK_TLS_CIPHERS = 38,
- INDEX_OPT_LIST = 39,
- INDEX_OPT_VERSION = 40,
- INDEX_OPT_HELP = 41,
- INDEX_OPT_MORE_HELP = 42
+ INDEX_OPT_CA_VERIFICATION = 4,
+ INDEX_OPT_OCSP = 5,
+ INDEX_OPT_RESUME = 6,
+ INDEX_OPT_HEARTBEAT = 7,
+ INDEX_OPT_REHANDSHAKE = 8,
+ INDEX_OPT_NOTICKET = 9,
+ INDEX_OPT_OCSP_STATUS_REQUEST = 10,
+ INDEX_OPT_STARTTLS = 11,
+ INDEX_OPT_UDP = 12,
+ INDEX_OPT_MTU = 13,
+ INDEX_OPT_CRLF = 14,
+ INDEX_OPT_X509FMTDER = 15,
+ INDEX_OPT_FINGERPRINT = 16,
+ INDEX_OPT_DISABLE_EXTENSIONS = 17,
+ INDEX_OPT_PRINT_CERT = 18,
+ INDEX_OPT_RECORDSIZE = 19,
+ INDEX_OPT_DH_BITS = 20,
+ INDEX_OPT_PRIORITY = 21,
+ INDEX_OPT_X509CAFILE = 22,
+ INDEX_OPT_X509CRLFILE = 23,
+ INDEX_OPT_PGPKEYFILE = 24,
+ INDEX_OPT_PGPKEYRING = 25,
+ INDEX_OPT_PGPCERTFILE = 26,
+ INDEX_OPT_X509KEYFILE = 27,
+ INDEX_OPT_X509CERTFILE = 28,
+ INDEX_OPT_PGPSUBKEY = 29,
+ INDEX_OPT_SRPUSERNAME = 30,
+ INDEX_OPT_SRPPASSWD = 31,
+ INDEX_OPT_PSKUSERNAME = 32,
+ INDEX_OPT_PSKKEY = 33,
+ INDEX_OPT_PORT = 34,
+ INDEX_OPT_INSECURE = 35,
+ INDEX_OPT_BENCHMARK_CIPHERS = 36,
+ INDEX_OPT_BENCHMARK_SOFT_CIPHERS = 37,
+ INDEX_OPT_BENCHMARK_TLS_KX = 38,
+ INDEX_OPT_BENCHMARK_TLS_CIPHERS = 39,
+ INDEX_OPT_LIST = 40,
+ INDEX_OPT_VERSION = 41,
+ INDEX_OPT_HELP = 42,
+ INDEX_OPT_MORE_HELP = 43
} teOptIndex;
-#define OPTION_CT 43
+#define OPTION_CT 44
#define GNUTLS_CLI_VERSION "@VERSION@"
#define GNUTLS_CLI_FULL_VERSION "gnutls-cli @VERSION@"
@@ -156,47 +157,48 @@ typedef enum {
#define VALUE_OPT_VERBOSE 'V'
#define VALUE_OPT_TOFU 2
#define VALUE_OPT_DANE 3
-#define VALUE_OPT_OCSP 4
+#define VALUE_OPT_CA_VERIFICATION 4
+#define VALUE_OPT_OCSP 5
#define VALUE_OPT_RESUME 'r'
#define VALUE_OPT_HEARTBEAT 'b'
#define VALUE_OPT_REHANDSHAKE 'e'
-#define VALUE_OPT_NOTICKET 8
-#define VALUE_OPT_OCSP_STATUS_REQUEST 9
+#define VALUE_OPT_NOTICKET 9
+#define VALUE_OPT_OCSP_STATUS_REQUEST 10
#define VALUE_OPT_STARTTLS 's'
#define VALUE_OPT_UDP 'u'
-#define VALUE_OPT_MTU 12
+#define VALUE_OPT_MTU 13
#define OPT_VALUE_MTU (DESC(MTU).optArg.argInt)
-#define VALUE_OPT_CRLF 13
-#define VALUE_OPT_X509FMTDER 14
+#define VALUE_OPT_CRLF 14
+#define VALUE_OPT_X509FMTDER 15
#define VALUE_OPT_FINGERPRINT 'f'
-#define VALUE_OPT_DISABLE_EXTENSIONS 16
-#define VALUE_OPT_PRINT_CERT 17
-#define VALUE_OPT_RECORDSIZE 18
+#define VALUE_OPT_DISABLE_EXTENSIONS 17
+#define VALUE_OPT_PRINT_CERT 18
+#define VALUE_OPT_RECORDSIZE 19
#define OPT_VALUE_RECORDSIZE (DESC(RECORDSIZE).optArg.argInt)
-#define VALUE_OPT_DH_BITS 19
+#define VALUE_OPT_DH_BITS 20
#define OPT_VALUE_DH_BITS (DESC(DH_BITS).optArg.argInt)
-#define VALUE_OPT_PRIORITY 20
-#define VALUE_OPT_X509CAFILE 21
-#define VALUE_OPT_X509CRLFILE 22
-#define VALUE_OPT_PGPKEYFILE 23
-#define VALUE_OPT_PGPKEYRING 24
-#define VALUE_OPT_PGPCERTFILE 25
-#define VALUE_OPT_X509KEYFILE 26
-#define VALUE_OPT_X509CERTFILE 27
-#define VALUE_OPT_PGPSUBKEY 28
-#define VALUE_OPT_SRPUSERNAME 29
-#define VALUE_OPT_SRPPASSWD 30
-#define VALUE_OPT_PSKUSERNAME 31
-#define VALUE_OPT_PSKKEY 32
+#define VALUE_OPT_PRIORITY 21
+#define VALUE_OPT_X509CAFILE 22
+#define VALUE_OPT_X509CRLFILE 23
+#define VALUE_OPT_PGPKEYFILE 24
+#define VALUE_OPT_PGPKEYRING 25
+#define VALUE_OPT_PGPCERTFILE 26
+#define VALUE_OPT_X509KEYFILE 27
+#define VALUE_OPT_X509CERTFILE 28
+#define VALUE_OPT_PGPSUBKEY 29
+#define VALUE_OPT_SRPUSERNAME 30
+#define VALUE_OPT_SRPPASSWD 31
+#define VALUE_OPT_PSKUSERNAME 32
+#define VALUE_OPT_PSKKEY 129
#define VALUE_OPT_PORT 'p'
-#define VALUE_OPT_INSECURE 130
-#define VALUE_OPT_BENCHMARK_CIPHERS 131
-#define VALUE_OPT_BENCHMARK_SOFT_CIPHERS 132
-#define VALUE_OPT_BENCHMARK_TLS_KX 133
-#define VALUE_OPT_BENCHMARK_TLS_CIPHERS 134
+#define VALUE_OPT_INSECURE 131
+#define VALUE_OPT_BENCHMARK_CIPHERS 132
+#define VALUE_OPT_BENCHMARK_SOFT_CIPHERS 133
+#define VALUE_OPT_BENCHMARK_TLS_KX 134
+#define VALUE_OPT_BENCHMARK_TLS_CIPHERS 135
#define VALUE_OPT_LIST 'l'
#define VALUE_OPT_HELP 'h'
#define VALUE_OPT_MORE_HELP '!'
diff --git a/src/cli.c b/src/cli.c
index 786156a..179e274 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -399,28 +399,32 @@ cert_verify_callback (gnutls_session_t session)
unsigned int status = 0;
int ssh = ENABLED_OPT(TOFU);
int dane = ENABLED_OPT(DANE);
+ int ca_verify = ENABLED_OPT(CA_VERIFICATION);
const char* txt_service;
print_cert_info (session, verbose, print_cert);
- rc = cert_verify(session, hostname);
- if (rc == 0)
+ if (ca_verify)
{
- printf ("*** Verifying server certificate failed...\n");
- if (!insecure && !ssh)
- return -1;
- }
- else if (ENABLED_OPT(OCSP))
- { /* off-line verification succeeded. Try OCSP */
- rc = cert_verify_ocsp(session);
+ rc = cert_verify(session, hostname);
if (rc == 0)
{
- printf ("*** Verifying (with OCSP) server certificate failed...\n");
+ printf ("*** Verifying server certificate failed...\n");
if (!insecure && !ssh)
return -1;
}
- else if (rc == -1)
- printf("*** OCSP response ignored\n");
+ else if (ENABLED_OPT(OCSP))
+ { /* off-line verification succeeded. Try OCSP */
+ rc = cert_verify_ocsp(session);
+ if (rc == 0)
+ {
+ printf ("*** Verifying (with OCSP) server certificate
failed...\n");
+ if (!insecure && !ssh)
+ return -1;
+ }
+ else if (rc == -1)
+ printf("*** OCSP response ignored\n");
+ }
}
if (ssh) /* try ssh auth */
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-48-g531bac4,
Nikos Mavrogiannopoulos <=