[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-80-g8d222b5
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-80-g8d222b5 |
Date: |
Fri, 12 Oct 2012 15:05:04 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=8d222b51800e1070ff91b53eb2000690d07b1c35
The branch, master has been updated
via 8d222b51800e1070ff91b53eb2000690d07b1c35 (commit)
via 556c1fc956903ec0cd6013ed9ca1b64399bbb9ba (commit)
via 796708dfb6126aec71a2d354df41510637cf22ec (commit)
via 6e3eb1752a8928b54269c387f0deebc52bd396ea (commit)
from 730868e3af71e691aa9b26467e72977f0d69c66f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8d222b51800e1070ff91b53eb2000690d07b1c35
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Oct 12 16:39:30 2012 +0200
doc updates
commit 556c1fc956903ec0cd6013ed9ca1b64399bbb9ba
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Oct 12 10:09:26 2012 +0200
remove files that are not generated
commit 796708dfb6126aec71a2d354df41510637cf22ec
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Oct 12 10:05:22 2012 +0200
use common definitions for generating docs.
commit 6e3eb1752a8928b54269c387f0deebc52bd396ea
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Oct 12 09:24:54 2012 +0200
Separated DANE functionality from certtool and added danetool.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 +
NEWS | 2 +-
doc/Makefile.am | 128 +++++--
doc/cha-cert-auth.texi | 2 +-
doc/cha-cert-auth2.texi | 2 +
tests/dtls/Makefile.am => doc/doc.mk | 35 +--
doc/invoke-certtool.texi | 88 +----
doc/invoke-danetool.texi | 224 ++++++++++
doc/manpages/Makefile.am | 59 ++-
doc/reference/Makefile.am | 105 +-----
doc/reference/gnutls-docs.sgml | 5 +-
lib/gnutls_global.c | 2 +-
lib/x509/privkey_openssl.c | 3 +-
src/Makefile.am | 22 +
src/certtool-args.c | 226 ++---------
src/certtool-args.def | 76 +----
src/certtool-args.h | 26 +-
src/certtool.c | 115 ------
src/{tpmtool-args.c => danetool-args.c} | 657 ++++++++++++++++--------------
src/danetool-args.def | 150 +++++++
src/{ocsptool-args.h => danetool-args.h} | 126 +++---
src/danetool.c | 288 +++++++++++++
22 files changed, 1307 insertions(+), 1036 deletions(-)
copy tests/dtls/Makefile.am => doc/doc.mk (55%)
create mode 100644 doc/invoke-danetool.texi
copy src/{tpmtool-args.c => danetool-args.c} (54%)
create mode 100644 src/danetool-args.def
copy src/{ocsptool-args.h => danetool-args.h} (63%)
create mode 100644 src/danetool.c
diff --git a/.gitignore b/.gitignore
index 3d9f114..743a7f9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -598,3 +598,5 @@ tests/mini-x509-callbacks
doc/manpages/stamp_mans
libdane/libgnutls-dane.la
doc/latex/dane-api.tex
+src/libcmd-danetool.la
+src/danetool
diff --git a/NEWS b/NEWS
index bee8f68..fe4326a 100644
--- a/NEWS
+++ b/NEWS
@@ -36,7 +36,7 @@ certificate verification.
** gnutls-cli: Added --dane option to enable DANE certificate verification.
-** certtool: The --dane-tlsa-rr option generates DANE TLSA Resource Records
(RR).
+** danetool: Added tool to generate DANE TLSA Resource Records (RR).
** API and ABI modifications:
gnutls_certificate_get_peers_subkey_id: Added
diff --git a/doc/Makefile.am b/doc/Makefile.am
index ac4ee64..7f4a8a6 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -21,18 +21,22 @@
EXTRA_DIST = TODO certtool.cfg gnutls.pdf gnutls.html \
doxygen/Doxyfile.in doxygen/Doxyfile.orig texinfo.css \
- gnutls-guile.pdf gnutls-guile.html stamp_enums stamp_functions
+ gnutls-guile.pdf gnutls-guile.html stamp_enums stamp_functions \
+ doc.mk
SUBDIRS = examples cyclo scripts manpages credentials latex
if ENABLE_GTK_DOC
SUBDIRS += reference
endif
+-include $(top_srcdir)/doc/doc.mk
+
SRC_DEF_CLI =
SRC_DEF_CLI_DEBUG =
SRC_DEF_SERV =
SRC_DEF_CERTTOOL =
SRC_DEF_OCSPTOOL =
+SRC_DEF_DANETOOL =
SRC_DEF_SRPTOOL =
SRC_DEF_PSKTOOL =
SRC_DEF_P11TOOL =
@@ -43,6 +47,7 @@ SRC_DEF_CLI_DEBUG += ../src/cli-debug-args.def
SRC_DEF_SERV += ../src/serv-args.def
SRC_DEF_CERTTOOL += ../src/certtool-args.def
SRC_DEF_OCSPTOOL += ../src/ocsptool-args.def
+SRC_DEF_DANETOOL += ../src/danetool-args.def
SRC_DEF_SRPTOOL += ../src/srptool-args.def
SRC_DEF_PSKTOOL += ../src/psk-args.def
SRC_DEF_P11TOOL += ../src/p11tool-args.def
@@ -84,6 +89,13 @@ invoke-ocsptool.texi: $(SRC_DEF_OCSPTOOL)
mv -f ../doc/address@hidden ../doc/$@ && \
rm -f ../src/$@
+invoke-danetool.texi: $(SRC_DEF_DANETOOL)
+ @-cd ../src/ && autogen -Tagtexi-cmd.tpl $< && \
+ rm -f ../doc/$@ && \
+ ../doc/scripts/cleanup-autogen.pl <../src/$@ >../doc/address@hidden && \
+ mv -f ../doc/address@hidden ../doc/$@ && \
+ rm -f ../src/$@
+
invoke-srptool.texi: $(SRC_DEF_SRPTOOL)
@-cd ../src/ && autogen -Tagtexi-cmd.tpl $< && \
rm -f ../doc/$@ && \
@@ -133,7 +145,7 @@ gnutls_TEXINFOS = gnutls.texi fdl-1.3.texi
\
gnutls_TEXINFOS += invoke-gnutls-cli.texi invoke-gnutls-cli-debug.texi \
invoke-gnutls-serv.texi invoke-certtool.texi invoke-srptool.texi \
invoke-ocsptool.texi invoke-psktool.texi invoke-p11tool.texi \
- invoke-tpmtool.texi
+ invoke-tpmtool.texi invoke-danetool.texi
gnutls_TEXINFOS += stamp_functions
@@ -198,13 +210,6 @@ MAINTAINERCLEANFILES += gnutls-api.texi x509-api.texi
pgp-api.texi \
compat-api.texi dtls-api.texi crypto-api.texi ocsp-api.texi \
dane-api.texi
-HEADER_FILES = $(top_srcdir)/lib/includes/gnutls/gnutls.h.in \
- $(top_srcdir)/lib/includes/gnutls/x509.h
$(top_srcdir)/lib/includes/gnutls/openpgp.h \
- $(top_srcdir)/lib/includes/gnutls/pkcs12.h
$(top_srcdir)/lib/includes/gnutls/pkcs11.h \
- $(top_srcdir)/lib/includes/gnutls/abstract.h
$(top_srcdir)/lib/includes/gnutls/compat.h \
- $(top_srcdir)/lib/includes/gnutls/dtls.h
$(top_srcdir)/lib/includes/gnutls/crypto.h \
- $(top_srcdir)/lib/includes/gnutls/ocsp.h
$(top_srcdir)/lib/includes/gnutls/tpm.h \
- $(top_srcdir)/libdane/includes/gnutls/dane.h
gnutls-api.texi: $(top_srcdir)/lib/includes/gnutls/gnutls.h.in
echo "" > address@hidden
@@ -212,7 +217,7 @@ gnutls-api.texi:
$(top_srcdir)/lib/includes/gnutls/gnutls.h.in
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -223,7 +228,7 @@ dane-api.texi: $(top_srcdir)/libdane/includes/gnutls/dane.h
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/libdane/*.c >> address@hidden 2>/dev/null
&& \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -234,7 +239,7 @@ x509-api.texi: $(top_srcdir)/lib/includes/gnutls/x509.h
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -245,7 +250,7 @@ pgp-api.texi: $(top_srcdir)/lib/includes/gnutls/openpgp.h
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -257,7 +262,7 @@ pkcs12-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs12.h
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -268,7 +273,7 @@ pkcs11-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs11.h
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -279,7 +284,7 @@ tpm-api.texi: $(top_srcdir)/lib/includes/gnutls/tpm.h
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -290,7 +295,7 @@ abstract-api.texi:
$(top_srcdir)/lib/includes/gnutls/abstract.h
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -301,7 +306,7 @@ compat-api.texi: $(top_srcdir)/lib/includes/gnutls/compat.h
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -312,7 +317,7 @@ dtls-api.texi: $(top_srcdir)/lib/includes/gnutls/dtls.h
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -323,7 +328,7 @@ crypto-api.texi: $(top_srcdir)/lib/includes/gnutls/crypto.h
echo -n "Creating documentation for $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -334,7 +339,7 @@ ocsp-api.texi: $(top_srcdir)/lib/includes/gnutls/ocsp.h
echo -n "Creating documentation for file $$i... " && \
$(srcdir)/scripts/gdoc -texinfo \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c >>
address@hidden 2>/dev/null && \
+ $(C_SOURCE_FILES) >> address@hidden 2>/dev/null && \
echo "ok"; \
done
mv -f address@hidden $@
@@ -409,7 +414,7 @@ $(ENUMS): stamp_enums
$(FUNCS): stamp_functions
compare-makefile: enums.texi
- ENUMS=`grep 'address@hidden ' $(srcdir)/enums.texi | sed 's/@c //g' |
sort`; \
+ ENUMS=`grep 'address@hidden ' $(srcdir)/enums.texi | sed 's/@c //g' |
sort -d`; \
STR=""; \
for i in $$ENUMS; do \
STR="$$STR\nENUMS += enums/$$i"; \
@@ -418,7 +423,7 @@ compare-makefile: enums.texi
perl -p -e "s,^ENUMS =,ENUMS =$$STR," > tmp-$@; \
diff -u $(srcdir)/Makefile.am tmp-$@
rm -f tmp-$@
- FUNCS=`cat $(HEADER_FILES) |
$(top_srcdir)/doc/scripts/getfuncs.pl|sort`; \
+ FUNCS=`cat $(HEADER_FILES) | $(top_srcdir)/doc/scripts/getfuncs.pl|sort
-d`; \
MANS=""; \
for i in $$FUNCS; do \
MANS="$$MANS\nFUNCS += functions/$$i\nFUNCS +=
functions/$$i.short"; \
@@ -473,6 +478,12 @@ gnutls.epub: gnutls.xml
epub-fix --delete-unmanifested gnutls.epub
ENUMS =
+ENUMS += enums/dane_cert_type_t
+ENUMS += enums/dane_cert_usage_t
+ENUMS += enums/dane_match_type_t
+ENUMS += enums/dane_query_status_t
+ENUMS += enums/dane_verify_flags_t
+ENUMS += enums/dane_verify_status_t
ENUMS += enums/gnutls_alert_description_t
ENUMS += enums/gnutls_alert_level_t
ENUMS += enums/gnutls_certificate_import_flags
@@ -491,6 +502,10 @@ ENUMS += enums/gnutls_ecc_curve_t
ENUMS += enums/gnutls_handshake_description_t
ENUMS += enums/gnutls_kx_algorithm_t
ENUMS += enums/gnutls_mac_algorithm_t
+ENUMS += enums/gnutls_ocsp_cert_status_t
+ENUMS += enums/gnutls_ocsp_print_formats_t
+ENUMS += enums/gnutls_ocsp_resp_status_t
+ENUMS += enums/gnutls_ocsp_verify_reason_t
ENUMS += enums/gnutls_openpgp_crt_fmt_t
ENUMS += enums/gnutls_openpgp_crt_status_t
ENUMS += enums/gnutls_params_type_t
@@ -511,10 +526,31 @@ ENUMS += enums/gnutls_server_name_type_t
ENUMS += enums/gnutls_sign_algorithm_t
ENUMS += enums/gnutls_supplemental_data_format_type_t
ENUMS += enums/gnutls_tpmkey_fmt_t
+ENUMS += enums/gnutls_x509_crl_reason_t
ENUMS += enums/gnutls_x509_crt_fmt_t
ENUMS += enums/gnutls_x509_subject_alt_name_t
FUNCS =
+FUNCS += functions/dane_query_data
+FUNCS += functions/dane_query_data.short
+FUNCS += functions/dane_query_deinit
+FUNCS += functions/dane_query_deinit.short
+FUNCS += functions/dane_query_entries
+FUNCS += functions/dane_query_entries.short
+FUNCS += functions/dane_query_status
+FUNCS += functions/dane_query_status.short
+FUNCS += functions/dane_query_tlsa
+FUNCS += functions/dane_query_tlsa.short
+FUNCS += functions/dane_state_deinit
+FUNCS += functions/dane_state_deinit.short
+FUNCS += functions/dane_state_init
+FUNCS += functions/dane_state_init.short
+FUNCS += functions/dane_strerror
+FUNCS += functions/dane_strerror.short
+FUNCS += functions/dane_verify_crt
+FUNCS += functions/dane_verify_crt.short
+FUNCS += functions/dane_verify_session_crt
+FUNCS += functions/dane_verify_session_crt.short
FUNCS += functions/gnutls_alert_get
FUNCS += functions/gnutls_alert_get.short
FUNCS += functions/gnutls_alert_get_name
@@ -571,6 +607,8 @@ FUNCS += functions/gnutls_certificate_get_ours
FUNCS += functions/gnutls_certificate_get_ours.short
FUNCS += functions/gnutls_certificate_get_peers
FUNCS += functions/gnutls_certificate_get_peers.short
+FUNCS += functions/gnutls_certificate_get_peers_subkey_id
+FUNCS += functions/gnutls_certificate_get_peers_subkey_id.short
FUNCS += functions/gnutls_certificate_send_x509_rdn_sequence
FUNCS += functions/gnutls_certificate_send_x509_rdn_sequence.short
FUNCS += functions/gnutls_certificate_server_set_request
@@ -579,6 +617,10 @@ FUNCS += functions/gnutls_certificate_set_dh_params
FUNCS += functions/gnutls_certificate_set_dh_params.short
FUNCS += functions/gnutls_certificate_set_key
FUNCS += functions/gnutls_certificate_set_key.short
+FUNCS += functions/gnutls_certificate_set_ocsp_status_request_file
+FUNCS += functions/gnutls_certificate_set_ocsp_status_request_file.short
+FUNCS += functions/gnutls_certificate_set_ocsp_status_request_function
+FUNCS += functions/gnutls_certificate_set_ocsp_status_request_function.short
FUNCS += functions/gnutls_certificate_set_openpgp_key
FUNCS += functions/gnutls_certificate_set_openpgp_key.short
FUNCS += functions/gnutls_certificate_set_openpgp_key_file
@@ -729,6 +771,8 @@ FUNCS += functions/gnutls_dh_params_cpy
FUNCS += functions/gnutls_dh_params_cpy.short
FUNCS += functions/gnutls_dh_params_deinit
FUNCS += functions/gnutls_dh_params_deinit.short
+FUNCS += functions/gnutls_dh_params_export2_pkcs3
+FUNCS += functions/gnutls_dh_params_export2_pkcs3.short
FUNCS += functions/gnutls_dh_params_export_pkcs3
FUNCS += functions/gnutls_dh_params_export_pkcs3.short
FUNCS += functions/gnutls_dh_params_export_raw
@@ -903,6 +947,8 @@ FUNCS += functions/gnutls_ocsp_req_set_extension
FUNCS += functions/gnutls_ocsp_req_set_extension.short
FUNCS += functions/gnutls_ocsp_req_set_nonce
FUNCS += functions/gnutls_ocsp_req_set_nonce.short
+FUNCS += functions/gnutls_ocsp_resp_check_crt
+FUNCS += functions/gnutls_ocsp_resp_check_crt.short
FUNCS += functions/gnutls_ocsp_resp_deinit
FUNCS += functions/gnutls_ocsp_resp_deinit.short
FUNCS += functions/gnutls_ocsp_resp_export
@@ -939,12 +985,18 @@ FUNCS += functions/gnutls_ocsp_resp_verify
FUNCS += functions/gnutls_ocsp_resp_verify.short
FUNCS += functions/gnutls_ocsp_resp_verify_direct
FUNCS += functions/gnutls_ocsp_resp_verify_direct.short
+FUNCS += functions/gnutls_ocsp_status_request_enable_client
+FUNCS += functions/gnutls_ocsp_status_request_enable_client.short
+FUNCS += functions/gnutls_ocsp_status_request_get
+FUNCS += functions/gnutls_ocsp_status_request_get.short
FUNCS += functions/gnutls_openpgp_crt_check_hostname
FUNCS += functions/gnutls_openpgp_crt_check_hostname.short
FUNCS += functions/gnutls_openpgp_crt_deinit
FUNCS += functions/gnutls_openpgp_crt_deinit.short
FUNCS += functions/gnutls_openpgp_crt_export
FUNCS += functions/gnutls_openpgp_crt_export.short
+FUNCS += functions/gnutls_openpgp_crt_export2
+FUNCS += functions/gnutls_openpgp_crt_export2.short
FUNCS += functions/gnutls_openpgp_crt_get_auth_subkey
FUNCS += functions/gnutls_openpgp_crt_get_auth_subkey.short
FUNCS += functions/gnutls_openpgp_crt_get_creation_time
@@ -1021,6 +1073,8 @@ FUNCS += functions/gnutls_openpgp_privkey_deinit
FUNCS += functions/gnutls_openpgp_privkey_deinit.short
FUNCS += functions/gnutls_openpgp_privkey_export
FUNCS += functions/gnutls_openpgp_privkey_export.short
+FUNCS += functions/gnutls_openpgp_privkey_export2
+FUNCS += functions/gnutls_openpgp_privkey_export2.short
FUNCS += functions/gnutls_openpgp_privkey_export_dsa_raw
FUNCS += functions/gnutls_openpgp_privkey_export_dsa_raw.short
FUNCS += functions/gnutls_openpgp_privkey_export_rsa_raw
@@ -1113,6 +1167,8 @@ FUNCS += functions/gnutls_pkcs11_obj_deinit
FUNCS += functions/gnutls_pkcs11_obj_deinit.short
FUNCS += functions/gnutls_pkcs11_obj_export
FUNCS += functions/gnutls_pkcs11_obj_export.short
+FUNCS += functions/gnutls_pkcs11_obj_export2
+FUNCS += functions/gnutls_pkcs11_obj_export2.short
FUNCS += functions/gnutls_pkcs11_obj_export_url
FUNCS += functions/gnutls_pkcs11_obj_export_url.short
FUNCS += functions/gnutls_pkcs11_obj_get_info
@@ -1197,6 +1253,8 @@ FUNCS += functions/gnutls_pkcs12_deinit
FUNCS += functions/gnutls_pkcs12_deinit.short
FUNCS += functions/gnutls_pkcs12_export
FUNCS += functions/gnutls_pkcs12_export.short
+FUNCS += functions/gnutls_pkcs12_export2
+FUNCS += functions/gnutls_pkcs12_export2.short
FUNCS += functions/gnutls_pkcs12_generate_mac
FUNCS += functions/gnutls_pkcs12_generate_mac.short
FUNCS += functions/gnutls_pkcs12_get_bag
@@ -1219,6 +1277,8 @@ FUNCS += functions/gnutls_pkcs7_delete_crt
FUNCS += functions/gnutls_pkcs7_delete_crt.short
FUNCS += functions/gnutls_pkcs7_export
FUNCS += functions/gnutls_pkcs7_export.short
+FUNCS += functions/gnutls_pkcs7_export2
+FUNCS += functions/gnutls_pkcs7_export2.short
FUNCS += functions/gnutls_pkcs7_get_crl_count
FUNCS += functions/gnutls_pkcs7_get_crl_count.short
FUNCS += functions/gnutls_pkcs7_get_crl_raw
@@ -1353,6 +1413,8 @@ FUNCS += functions/gnutls_pubkey_encrypt_data
FUNCS += functions/gnutls_pubkey_encrypt_data.short
FUNCS += functions/gnutls_pubkey_export
FUNCS += functions/gnutls_pubkey_export.short
+FUNCS += functions/gnutls_pubkey_export2
+FUNCS += functions/gnutls_pubkey_export2.short
FUNCS += functions/gnutls_pubkey_get_key_id
FUNCS += functions/gnutls_pubkey_get_key_id.short
FUNCS += functions/gnutls_pubkey_get_key_usage
@@ -1383,6 +1445,8 @@ FUNCS += functions/gnutls_pubkey_import_ecc_x962
FUNCS += functions/gnutls_pubkey_import_ecc_x962.short
FUNCS += functions/gnutls_pubkey_import_openpgp
FUNCS += functions/gnutls_pubkey_import_openpgp.short
+FUNCS += functions/gnutls_pubkey_import_openpgp_raw
+FUNCS += functions/gnutls_pubkey_import_openpgp_raw.short
FUNCS += functions/gnutls_pubkey_import_pkcs11
FUNCS += functions/gnutls_pubkey_import_pkcs11.short
FUNCS += functions/gnutls_pubkey_import_pkcs11_url
@@ -1399,6 +1463,8 @@ FUNCS += functions/gnutls_pubkey_import_url
FUNCS += functions/gnutls_pubkey_import_url.short
FUNCS += functions/gnutls_pubkey_import_x509
FUNCS += functions/gnutls_pubkey_import_x509.short
+FUNCS += functions/gnutls_pubkey_import_x509_raw
+FUNCS += functions/gnutls_pubkey_import_x509_raw.short
FUNCS += functions/gnutls_pubkey_init
FUNCS += functions/gnutls_pubkey_init.short
FUNCS += functions/gnutls_pubkey_set_key_usage
@@ -1549,10 +1615,6 @@ FUNCS +=
functions/gnutls_srp_set_server_credentials_function
FUNCS += functions/gnutls_srp_set_server_credentials_function.short
FUNCS += functions/gnutls_srp_verifier
FUNCS += functions/gnutls_srp_verifier.short
-FUNCS += functions/gnutls_status_request_ocsp_client
-FUNCS += functions/gnutls_status_request_ocsp_client.short
-FUNCS += functions/gnutls_status_request_ocsp_server
-FUNCS += functions/gnutls_status_request_ocsp_server.short
FUNCS += functions/gnutls_store_commitment
FUNCS += functions/gnutls_store_commitment.short
FUNCS += functions/gnutls_store_pubkey
@@ -1613,6 +1675,8 @@ FUNCS += functions/gnutls_x509_crl_deinit
FUNCS += functions/gnutls_x509_crl_deinit.short
FUNCS += functions/gnutls_x509_crl_export
FUNCS += functions/gnutls_x509_crl_export.short
+FUNCS += functions/gnutls_x509_crl_export2
+FUNCS += functions/gnutls_x509_crl_export2.short
FUNCS += functions/gnutls_x509_crl_get_authority_key_gn_serial
FUNCS += functions/gnutls_x509_crl_get_authority_key_gn_serial.short
FUNCS += functions/gnutls_x509_crl_get_authority_key_id
@@ -1683,6 +1747,8 @@ FUNCS += functions/gnutls_x509_crq_deinit
FUNCS += functions/gnutls_x509_crq_deinit.short
FUNCS += functions/gnutls_x509_crq_export
FUNCS += functions/gnutls_x509_crq_export.short
+FUNCS += functions/gnutls_x509_crq_export2
+FUNCS += functions/gnutls_x509_crq_export2.short
FUNCS += functions/gnutls_x509_crq_get_attribute_by_oid
FUNCS += functions/gnutls_x509_crq_get_attribute_by_oid.short
FUNCS += functions/gnutls_x509_crq_get_attribute_data
@@ -1773,6 +1839,8 @@ FUNCS += functions/gnutls_x509_crt_deinit
FUNCS += functions/gnutls_x509_crt_deinit.short
FUNCS += functions/gnutls_x509_crt_export
FUNCS += functions/gnutls_x509_crt_export.short
+FUNCS += functions/gnutls_x509_crt_export2
+FUNCS += functions/gnutls_x509_crt_export2.short
FUNCS += functions/gnutls_x509_crt_get_activation_time
FUNCS += functions/gnutls_x509_crt_get_activation_time.short
FUNCS += functions/gnutls_x509_crt_get_authority_info_access
@@ -1951,6 +2019,8 @@ FUNCS += functions/gnutls_x509_dn_deinit
FUNCS += functions/gnutls_x509_dn_deinit.short
FUNCS += functions/gnutls_x509_dn_export
FUNCS += functions/gnutls_x509_dn_export.short
+FUNCS += functions/gnutls_x509_dn_export2
+FUNCS += functions/gnutls_x509_dn_export2.short
FUNCS += functions/gnutls_x509_dn_get_rdn_ava
FUNCS += functions/gnutls_x509_dn_get_rdn_ava.short
FUNCS += functions/gnutls_x509_dn_import
@@ -1967,6 +2037,10 @@ FUNCS += functions/gnutls_x509_privkey_deinit
FUNCS += functions/gnutls_x509_privkey_deinit.short
FUNCS += functions/gnutls_x509_privkey_export
FUNCS += functions/gnutls_x509_privkey_export.short
+FUNCS += functions/gnutls_x509_privkey_export2
+FUNCS += functions/gnutls_x509_privkey_export2.short
+FUNCS += functions/gnutls_x509_privkey_export2_pkcs8
+FUNCS += functions/gnutls_x509_privkey_export2_pkcs8.short
FUNCS += functions/gnutls_x509_privkey_export_dsa_raw
FUNCS += functions/gnutls_x509_privkey_export_dsa_raw.short
FUNCS += functions/gnutls_x509_privkey_export_ecc_raw
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 10f0ef9..7e62365 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -516,7 +516,7 @@ indicate the status of the verification.
@showenumdesc{dane_verify_status_t,The DANE verification status flags.}
In order to generate a DANE TLSA entry to use in a DNS server
-you may use certtool's DANE commands (see @ref{certtool Invocation}).
+you may use danetool (see @ref{danetool Invocation}).
@node Digital signatures
@section Digital signatures
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index a89b2ed..fe10087 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -14,6 +14,7 @@ structures, etc., are discussed in this chapter.
* Managing encrypted keys::
* certtool Invocation:: Invoking certtool
* ocsptool Invocation:: Invoking ocsptool
+* danetool Invocation:: Invoking danetool
@end menu
@node PKCS 10 certificate requests
@@ -379,3 +380,4 @@ Generic and higher level private key import functions are
also available.
@include invoke-ocsptool.texi
address@hidden invoke-danetool.texi
diff --git a/tests/dtls/Makefile.am b/doc/doc.mk
similarity index 55%
copy from tests/dtls/Makefile.am
copy to doc/doc.mk
index 559a0d4..6f67f61 100644
--- a/tests/dtls/Makefile.am
+++ b/doc/doc.mk
@@ -1,4 +1,3 @@
-## Process this file with automake to produce Makefile.in
# Copyright (C) 2012 Free Software Foundation, Inc.
#
# Author: Nikos Mavrogiannopoulos
@@ -19,30 +18,12 @@
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-dist_check_SCRIPTS = dtls dtls-nb
+HEADER_FILES = $(top_srcdir)/lib/includes/gnutls/gnutls.h.in \
+ $(top_srcdir)/lib/includes/gnutls/x509.h
$(top_srcdir)/lib/includes/gnutls/openpgp.h \
+ $(top_srcdir)/lib/includes/gnutls/pkcs12.h
$(top_srcdir)/lib/includes/gnutls/pkcs11.h \
+ $(top_srcdir)/lib/includes/gnutls/abstract.h
$(top_srcdir)/lib/includes/gnutls/compat.h \
+ $(top_srcdir)/lib/includes/gnutls/dtls.h
$(top_srcdir)/lib/includes/gnutls/crypto.h \
+ $(top_srcdir)/lib/includes/gnutls/ocsp.h
$(top_srcdir)/lib/includes/gnutls/tpm.h \
+ $(top_srcdir)/libdane/includes/gnutls/dane.h
-AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
-AM_CPPFLAGS = \
- -I$(top_srcdir)/gl \
- -I$(top_builddir)/gl \
- -I$(top_srcdir)/lib/includes \
- -I$(top_builddir)/lib/includes \
- -I$(top_srcdir)/extra/includes \
- -I$(top_builddir)/extra/includes \
- -I$(top_srcdir)/lib \
- -I$(top_srcdir)/doc/examples
-
-AM_LDFLAGS = -no-install
-LDADD = ../../lib/libgnutls.la \
- ../../gl/libgnu.la \
- $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) \
- $(LIB_TIMER_TIME)
-
-if !WINDOWS
-
-check_PROGRAMS = dtls-stress
-TESTS = dtls
-
-endif
-
-TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT)
+C_SOURCE_FILES = $(top_srcdir)/lib/*/*.c $(top_srcdir)/lib/*.c
$(top_srcdir)/libdane/*.c
diff --git a/doc/invoke-certtool.texi b/doc/invoke-certtool.texi
index 8228754..56dfb14 100644
--- a/doc/invoke-certtool.texi
+++ b/doc/invoke-certtool.texi
@@ -1,13 +1,13 @@
@node certtool Invocation
@section Invoking certtool
@pindex certtool
address@hidden GnuTLS PKCS #11 tool
address@hidden GnuTLS certificate tool
@ignore
# -*- buffer-read-only: t -*- vi: set ro:
#
# DO NOT EDIT THIS FILE (invoke-certtool.texi)
#
-# It has been AutoGen-ed October 9, 2012 at 10:59:40 PM by AutoGen 5.16
+# It has been AutoGen-ed October 12, 2012 at 09:21:29 AM by AutoGen 5.16
# From the definitions ../src/certtool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@@ -36,7 +36,7 @@ with a status code of 0.
@exampleindent 0
@example
-certtool - GnuTLS PKCS #11 tool - Ver. @@VERSION@@
+certtool - GnuTLS certificate tool - Ver. @@VERSION@@
USAGE: certtool [ -<flag> [<val>] | --<name>address@hidden| @}<val>] ]...
-d, --debug=num Enable debugging.
@@ -108,16 +108,6 @@ USAGE: certtool [ -<flag> [<val>] |
--<name>address@hidden| @}<val>] ]...
--template=file Template file to use for non-interactive
operation
- file must pre-exist
--pkcs-cipher=str Cipher to use for PKCS #8 and #12 operations
- --dane-tlsa-rr Print the DANE RR data on a certificate or
public key
- - requires these options:
- dane-host
- --dane-host=str Specify the hostname to be used in the DANE RR
- --dane-proto=str The protocol set for DANE data (tcp, udp etc.)
- --dane-port=num Specify the port number for the DANE data.
- --dane-ca Whether the provided certificate or public key
is a Certificate
-authority.
- --dane-x509 Use the hash of the X.509 certificate, rather
than the public key.
- --dane-local The provided certificate or public key is a
local entity.
-v, --version[=arg] Output version information and exit
-h, --help Display extended usage information and exit
-!, --more-help Extended usage information passed thru pager
@@ -290,53 +280,6 @@ This is alternative to the bits option.
This is the ``cipher to use for pkcs #8 and #12 operations'' option.
This option takes an argument string @file{Cipher}.
Cipher may be one of 3des, 3des-pkcs12, aes-128, aes-192, aes-256, rc2-40,
arcfour.
address@hidden dane-tlsa-rr}
address@hidden dane-tlsa-rr option
address@hidden certtool-dane-tlsa-rr
-
-This is the ``print the dane rr data on a certificate or public key'' option.
-
address@hidden
-This option has some usage constraints. It:
address@hidden @bullet
address@hidden
-must appear in combination with the following options:
-dane-host.
address@hidden itemize
-
-This command prints the DANE RR data needed to enable DANE on a DNS server.
address@hidden dane-host}
address@hidden dane-host option
address@hidden certtool-dane-host
-
-This is the ``specify the hostname to be used in the dane rr'' option.
-This option takes an argument string @file{Hostname}.
-This command sets the hostname for the DANE RR.
address@hidden dane-proto}
address@hidden dane-proto option
address@hidden certtool-dane-proto
-
-This is the ``the protocol set for dane data (tcp, udp etc.)'' option.
-This option takes an argument string @file{Protocol}.
-This command specifies the protocol for the service set in the DANE data.
address@hidden dane-ca}
address@hidden dane-ca option
address@hidden certtool-dane-ca
-
-This is the ``whether the provided certificate or public key is a certificate
authority.'' option.
-Marks the DANE RR as a CA certificate if specified.
address@hidden dane-x509}
address@hidden dane-x509 option
address@hidden certtool-dane-x509
-
-This is the ``use the hash of the x.509 certificate, rather than the public
key.'' option.
-This option forces the generated record to contain the hash of the full X.509
certificate. By default only the hash of the public key is used.
address@hidden dane-local}
address@hidden dane-local option
address@hidden certtool-dane-local
-
-This is the ``the provided certificate or public key is a local entity.''
option.
-DANE distinguishes certificates and public keys offered via the DNSSEC to
trusted and local entities. Use this flag if this is a local (and possibly
unsigned) entity.
@anchor{certtool exit status}
@subheading certtool exit status
@@ -470,31 +413,6 @@ To verify a Certificate Revocation List (CRL) do:
$ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem
@end example
address@hidden DANE TLSA RR generation
-
-
-To create a DANE TLSA resource record for a CA signed certificate use the
following commands.
-
address@hidden
-$ certtool --dane-tlsa-rr --dane-host www.example.com --load-certificate
cert.pem
address@hidden example
-
-For a self signed certificate use:
address@hidden
-$ certtool --dane-tlsa-rr --dane-host www.example.com --load-certificate
cert.pem \
- --dane-local
address@hidden example
-
-The latter is useful to add in your DNS entry even if your certificate is
signed
-by a CA. That way even users who do not trust your CA will be able to verify
your
-certificate using DANE.
-
-In order to create a record for the signer of your certificate use:
address@hidden
-$ certtool --dane-tlsa-rr --dane-host www.example.com --load-certificate
cert.pem \
- --dane-ca
address@hidden example
-
@anchor{certtool Files}
@subheading certtool Files
@subheading Certtool's template file format
diff --git a/doc/invoke-danetool.texi b/doc/invoke-danetool.texi
new file mode 100644
index 0000000..63b90ce
--- /dev/null
+++ b/doc/invoke-danetool.texi
@@ -0,0 +1,224 @@
address@hidden danetool Invocation
address@hidden Invoking danetool
address@hidden danetool
address@hidden GnuTLS DANE tool
address@hidden
+# -*- buffer-read-only: t -*- vi: set ro:
+#
+# DO NOT EDIT THIS FILE (invoke-danetool.texi)
+#
+# It has been AutoGen-ed October 12, 2012 at 09:27:38 AM by AutoGen 5.16
+# From the definitions ../src/danetool-args.def
+# and the template file agtexi-cmd.tpl
address@hidden ignore
+
+
+Tool generate DNS resource records for the DANE protocol.
+
+This section was generated by @strong{AutoGen},
+using the @code{agtexi-cmd} template and the option descriptions for the
@code{danetool} program.
+This software is released under the GNU General Public License, version 3 or
later.
+
+
address@hidden usage}
address@hidden danetool help/usage (-h)
address@hidden danetool help
+
+This is the automatically generated usage text for danetool.
+The text printed is the same whether for the @code{help} option (-h) or the
@code{more-help} option (-!). @code{more-help} will print
+the usage text by passing it through a pager program.
address@hidden is disabled on platforms without a working
address@hidden(2)} function. The @code{PAGER} environment variable is
+used to select the program, defaulting to @file{more}. Both will exit
+with a status code of 0.
+
address@hidden 0
address@hidden
+danetool - GnuTLS DANE tool - Ver. @@VERSION@@
+USAGE: danetool [ -<flag> [<val>] | --<name>address@hidden| @}<val>] ]...
+
+ -d, --debug=num Enable debugging.
+ - It must be in the range:
+ 0 to 9999
+ -V, --verbose More verbose output
+ - may appear multiple times
+ --infile=file Input file
+ - file must pre-exist
+ --outfile=str Output file
+ --load-pubkey=str Loads a public key file
+ --load-certificate=str Loads a certificate file
+ --hash=str Hash algorithm to use for signing.
+ --inder Use DER format for input certificates and
private keys.
+ - disabled as --no-inder
+ --inraw This is an alias for 'inder'
+ --outder Use DER format for output certificates and
private keys
+ - disabled as --no-outder
+ --outraw This is an alias for 'outder'
+ --tlsa-rr Print the DANE RR data on a certificate or
public key
+ - requires these options:
+ host
+ --host=str Specify the hostname to be used in the DANE RR
+ --proto=str The protocol set for DANE data (tcp, udp etc.)
+ --port=num Specify the port number for the DANE data.
+ --ca Whether the provided certificate or public key
is a Certificate
+authority.
+ --x509 Use the hash of the X.509 certificate, rather
than the public key.
+ --local The provided certificate or public key is a
local entity.
+ -v, --version[=arg] Output version information and exit
+ -h, --help Display extended usage information and exit
+ -!, --more-help Extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+
+
+Tool generate DNS resource records for the DANE protocol.
+
+please send bug reports to: bug-gnutls@@gnu.org
address@hidden example
address@hidden 4
+
address@hidden debug}
address@hidden debug option (-d)
address@hidden danetool-debug
+
+This is the ``enable debugging.'' option.
+This option takes an argument number.
+Specifies the debug level.
address@hidden load-pubkey}
address@hidden load-pubkey option
address@hidden danetool-load-pubkey
+
+This is the ``loads a public key file'' option.
+This option takes an argument string.
+This can be either a file or a PKCS #11 URL
address@hidden load-certificate}
address@hidden load-certificate option
address@hidden danetool-load-certificate
+
+This is the ``loads a certificate file'' option.
+This option takes an argument string.
+This can be either a file or a PKCS #11 URL
address@hidden hash}
address@hidden hash option
address@hidden danetool-hash
+
+This is the ``hash algorithm to use for signing.'' option.
+This option takes an argument string.
+Available hash functions are SHA1, RMD160, SHA256, SHA384, SHA512.
address@hidden inder}
address@hidden inder option
address@hidden danetool-inder
+
+This is the ``use der format for input certificates and private keys.'' option.
+The input files will be assumed to be in DER or RAW format.
+Unlike options that in PEM input would allow multiple input data (e.g.
multiple
+certificates), when reading in DER format a single data structure is read.
address@hidden inraw}
address@hidden inraw option
address@hidden danetool-inraw
+
+This is an alias for the inder option,
address@hidden inder, the inder option documentation}.
+
address@hidden outder}
address@hidden outder option
address@hidden danetool-outder
+
+This is the ``use der format for output certificates and private keys'' option.
+The output will be in DER or RAW format.
address@hidden outraw}
address@hidden outraw option
address@hidden danetool-outraw
+
+This is an alias for the outder option,
address@hidden outder, the outder option documentation}.
+
address@hidden tlsa-rr}
address@hidden tlsa-rr option
address@hidden danetool-tlsa-rr
+
+This is the ``print the dane rr data on a certificate or public key'' option.
+
address@hidden
+This option has some usage constraints. It:
address@hidden @bullet
address@hidden
+must appear in combination with the following options:
+host.
address@hidden itemize
+
+This command prints the DANE RR data needed to enable DANE on a DNS server.
address@hidden host}
address@hidden host option
address@hidden danetool-host
+
+This is the ``specify the hostname to be used in the dane rr'' option.
+This option takes an argument string @file{Hostname}.
+This command sets the hostname for the DANE RR.
address@hidden proto}
address@hidden proto option
address@hidden danetool-proto
+
+This is the ``the protocol set for dane data (tcp, udp etc.)'' option.
+This option takes an argument string @file{Protocol}.
+This command specifies the protocol for the service set in the DANE data.
address@hidden ca}
address@hidden ca option
address@hidden danetool-ca
+
+This is the ``whether the provided certificate or public key is a certificate
authority.'' option.
+Marks the DANE RR as a CA certificate if specified.
address@hidden x509}
address@hidden x509 option
address@hidden danetool-x509
+
+This is the ``use the hash of the x.509 certificate, rather than the public
key.'' option.
+This option forces the generated record to contain the hash of the full X.509
certificate. By default only the hash of the public key is used.
address@hidden local}
address@hidden local option
address@hidden danetool-local
+
+This is the ``the provided certificate or public key is a local entity.''
option.
+DANE distinguishes certificates and public keys offered via the DNSSEC to
trusted and local entities. Use this flag if this is a local (and possibly
unsigned) entity.
address@hidden exit status}
address@hidden danetool exit status
+
+One of the following exit values will be returned:
address@hidden @samp
address@hidden 0 (EXIT_SUCCESS)
+Successful program execution.
address@hidden 1 (EXIT_FAILURE)
+The operation failed or the command syntax was not valid.
address@hidden table
address@hidden See Also}
address@hidden danetool See Also
+ p11tool (1)
+
address@hidden Examples}
address@hidden danetool Examples
address@hidden DANE TLSA RR generation
+
+To create a DANE TLSA resource record for a CA signed certificate use the
following commands.
+
address@hidden
+$ certtool --tlsa-rr --host www.example.com --load-certificate cert.pem
address@hidden example
+
+For a self signed certificate use:
address@hidden
+$ certtool --tlsa-rr --host www.example.com --load-certificate cert.pem \
+ --local
address@hidden example
+
+The latter is useful to add in your DNS entry even if your certificate is
signed
+by a CA. That way even users who do not trust your CA will be able to verify
your
+certificate using DANE.
+
+In order to create a record for the signer of your certificate use:
address@hidden
+$ certtool --tlsa-rr --host www.example.com --load-certificate cert.pem \
+ --ca
address@hidden example
+
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 47dade5..ab2566a 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -22,18 +22,12 @@
dist_man_MANS = gnutls-cli.1 gnutls-cli-debug.1 gnutls-serv.1 \
certtool.1 psktool.1 p11tool.1 ocsptool.1 tpmtool.1
+-include $(top_srcdir)/doc/doc.mk
+
if ENABLE_SRP
dist_man_MANS += srptool.1
endif
-HEADER_FILES = $(top_srcdir)/lib/includes/gnutls/gnutls.h.in \
- $(top_srcdir)/lib/includes/gnutls/x509.h
$(top_srcdir)/lib/includes/gnutls/openpgp.h \
- $(top_srcdir)/lib/includes/gnutls/pkcs12.h
$(top_srcdir)/lib/includes/gnutls/pkcs11.h \
- $(top_srcdir)/lib/includes/gnutls/abstract.h
$(top_srcdir)/lib/includes/gnutls/compat.h \
- $(top_srcdir)/lib/includes/gnutls/dtls.h
$(top_srcdir)/lib/includes/gnutls/crypto.h \
- $(top_srcdir)/lib/includes/gnutls/ocsp.h
$(top_srcdir)/lib/includes/gnutls/tpm.h \
- $(top_srcdir)/libdane/includes/gnutls/dane.h
-
# Note that our .def files depend on autogen
# supporting the @subheading texi keyword. This
# is not currently the case so we do remove it
@@ -114,10 +108,13 @@ APIMANS += gnutls_certificate_free_keys.3
APIMANS += gnutls_certificate_get_issuer.3
APIMANS += gnutls_certificate_get_ours.3
APIMANS += gnutls_certificate_get_peers.3
+APIMANS += gnutls_certificate_get_peers_subkey_id.3
APIMANS += gnutls_certificate_send_x509_rdn_sequence.3
APIMANS += gnutls_certificate_server_set_request.3
APIMANS += gnutls_certificate_set_dh_params.3
APIMANS += gnutls_certificate_set_key.3
+APIMANS += gnutls_certificate_set_ocsp_status_request_file.3
+APIMANS += gnutls_certificate_set_ocsp_status_request_function.3
APIMANS += gnutls_certificate_set_openpgp_key.3
APIMANS += gnutls_certificate_set_openpgp_key_file.3
APIMANS += gnutls_certificate_set_openpgp_key_file2.3
@@ -193,6 +190,7 @@ APIMANS += gnutls_dh_get_pubkey.3
APIMANS += gnutls_dh_get_secret_bits.3
APIMANS += gnutls_dh_params_cpy.3
APIMANS += gnutls_dh_params_deinit.3
+APIMANS += gnutls_dh_params_export2_pkcs3.3
APIMANS += gnutls_dh_params_export_pkcs3.3
APIMANS += gnutls_dh_params_export_raw.3
APIMANS += gnutls_dh_params_generate2.3
@@ -280,6 +278,7 @@ APIMANS += gnutls_ocsp_req_print.3
APIMANS += gnutls_ocsp_req_randomize_nonce.3
APIMANS += gnutls_ocsp_req_set_extension.3
APIMANS += gnutls_ocsp_req_set_nonce.3
+APIMANS += gnutls_ocsp_resp_check_crt.3
APIMANS += gnutls_ocsp_resp_deinit.3
APIMANS += gnutls_ocsp_resp_export.3
APIMANS += gnutls_ocsp_resp_get_certs.3
@@ -298,9 +297,12 @@ APIMANS += gnutls_ocsp_resp_init.3
APIMANS += gnutls_ocsp_resp_print.3
APIMANS += gnutls_ocsp_resp_verify.3
APIMANS += gnutls_ocsp_resp_verify_direct.3
+APIMANS += gnutls_ocsp_status_request_enable_client.3
+APIMANS += gnutls_ocsp_status_request_get.3
APIMANS += gnutls_openpgp_crt_check_hostname.3
APIMANS += gnutls_openpgp_crt_deinit.3
APIMANS += gnutls_openpgp_crt_export.3
+APIMANS += gnutls_openpgp_crt_export2.3
APIMANS += gnutls_openpgp_crt_get_auth_subkey.3
APIMANS += gnutls_openpgp_crt_get_creation_time.3
APIMANS += gnutls_openpgp_crt_get_expiration_time.3
@@ -339,6 +341,7 @@ APIMANS += gnutls_openpgp_keyring_import.3
APIMANS += gnutls_openpgp_keyring_init.3
APIMANS += gnutls_openpgp_privkey_deinit.3
APIMANS += gnutls_openpgp_privkey_export.3
+APIMANS += gnutls_openpgp_privkey_export2.3
APIMANS += gnutls_openpgp_privkey_export_dsa_raw.3
APIMANS += gnutls_openpgp_privkey_export_rsa_raw.3
APIMANS += gnutls_openpgp_privkey_export_subkey_dsa_raw.3
@@ -385,6 +388,7 @@ APIMANS += gnutls_pkcs11_get_pin_function.3
APIMANS += gnutls_pkcs11_init.3
APIMANS += gnutls_pkcs11_obj_deinit.3
APIMANS += gnutls_pkcs11_obj_export.3
+APIMANS += gnutls_pkcs11_obj_export2.3
APIMANS += gnutls_pkcs11_obj_export_url.3
APIMANS += gnutls_pkcs11_obj_get_info.3
APIMANS += gnutls_pkcs11_obj_get_type.3
@@ -427,6 +431,7 @@ APIMANS += gnutls_pkcs12_bag_set_friendly_name.3
APIMANS += gnutls_pkcs12_bag_set_key_id.3
APIMANS += gnutls_pkcs12_deinit.3
APIMANS += gnutls_pkcs12_export.3
+APIMANS += gnutls_pkcs12_export2.3
APIMANS += gnutls_pkcs12_generate_mac.3
APIMANS += gnutls_pkcs12_get_bag.3
APIMANS += gnutls_pkcs12_import.3
@@ -438,6 +443,7 @@ APIMANS += gnutls_pkcs7_deinit.3
APIMANS += gnutls_pkcs7_delete_crl.3
APIMANS += gnutls_pkcs7_delete_crt.3
APIMANS += gnutls_pkcs7_export.3
+APIMANS += gnutls_pkcs7_export2.3
APIMANS += gnutls_pkcs7_get_crl_count.3
APIMANS += gnutls_pkcs7_get_crl_raw.3
APIMANS += gnutls_pkcs7_get_crt_count.3
@@ -505,6 +511,7 @@ APIMANS += gnutls_psk_set_server_params_function.3
APIMANS += gnutls_pubkey_deinit.3
APIMANS += gnutls_pubkey_encrypt_data.3
APIMANS += gnutls_pubkey_export.3
+APIMANS += gnutls_pubkey_export2.3
APIMANS += gnutls_pubkey_get_key_id.3
APIMANS += gnutls_pubkey_get_key_usage.3
APIMANS += gnutls_pubkey_get_openpgp_key_id.3
@@ -520,6 +527,7 @@ APIMANS += gnutls_pubkey_import_dsa_raw.3
APIMANS += gnutls_pubkey_import_ecc_raw.3
APIMANS += gnutls_pubkey_import_ecc_x962.3
APIMANS += gnutls_pubkey_import_openpgp.3
+APIMANS += gnutls_pubkey_import_openpgp_raw.3
APIMANS += gnutls_pubkey_import_pkcs11.3
APIMANS += gnutls_pubkey_import_pkcs11_url.3
APIMANS += gnutls_pubkey_import_privkey.3
@@ -528,6 +536,7 @@ APIMANS += gnutls_pubkey_import_tpm_raw.3
APIMANS += gnutls_pubkey_import_tpm_url.3
APIMANS += gnutls_pubkey_import_url.3
APIMANS += gnutls_pubkey_import_x509.3
+APIMANS += gnutls_pubkey_import_x509_raw.3
APIMANS += gnutls_pubkey_init.3
APIMANS += gnutls_pubkey_set_key_usage.3
APIMANS += gnutls_pubkey_set_pin_function.3
@@ -603,8 +612,6 @@ APIMANS += gnutls_srp_set_prime_bits.3
APIMANS += gnutls_srp_set_server_credentials_file.3
APIMANS += gnutls_srp_set_server_credentials_function.3
APIMANS += gnutls_srp_verifier.3
-APIMANS += gnutls_status_request_ocsp_client.3
-APIMANS += gnutls_status_request_ocsp_server.3
APIMANS += gnutls_store_commitment.3
APIMANS += gnutls_store_pubkey.3
APIMANS += gnutls_strerror.3
@@ -635,6 +642,7 @@ APIMANS += gnutls_verify_stored_pubkey.3
APIMANS += gnutls_x509_crl_check_issuer.3
APIMANS += gnutls_x509_crl_deinit.3
APIMANS += gnutls_x509_crl_export.3
+APIMANS += gnutls_x509_crl_export2.3
APIMANS += gnutls_x509_crl_get_authority_key_gn_serial.3
APIMANS += gnutls_x509_crl_get_authority_key_id.3
APIMANS += gnutls_x509_crl_get_crt_count.3
@@ -670,6 +678,7 @@ APIMANS += gnutls_x509_crl_sign2.3
APIMANS += gnutls_x509_crl_verify.3
APIMANS += gnutls_x509_crq_deinit.3
APIMANS += gnutls_x509_crq_export.3
+APIMANS += gnutls_x509_crq_export2.3
APIMANS += gnutls_x509_crq_get_attribute_by_oid.3
APIMANS += gnutls_x509_crq_get_attribute_data.3
APIMANS += gnutls_x509_crq_get_attribute_info.3
@@ -715,6 +724,7 @@ APIMANS += gnutls_x509_crt_check_revocation.3
APIMANS += gnutls_x509_crt_cpy_crl_dist_points.3
APIMANS += gnutls_x509_crt_deinit.3
APIMANS += gnutls_x509_crt_export.3
+APIMANS += gnutls_x509_crt_export2.3
APIMANS += gnutls_x509_crt_get_activation_time.3
APIMANS += gnutls_x509_crt_get_authority_info_access.3
APIMANS += gnutls_x509_crt_get_authority_key_gn_serial.3
@@ -804,6 +814,7 @@ APIMANS += gnutls_x509_crt_verify_data.3
APIMANS += gnutls_x509_crt_verify_hash.3
APIMANS += gnutls_x509_dn_deinit.3
APIMANS += gnutls_x509_dn_export.3
+APIMANS += gnutls_x509_dn_export2.3
APIMANS += gnutls_x509_dn_get_rdn_ava.3
APIMANS += gnutls_x509_dn_import.3
APIMANS += gnutls_x509_dn_init.3
@@ -812,6 +823,8 @@ APIMANS += gnutls_x509_dn_oid_name.3
APIMANS += gnutls_x509_privkey_cpy.3
APIMANS += gnutls_x509_privkey_deinit.3
APIMANS += gnutls_x509_privkey_export.3
+APIMANS += gnutls_x509_privkey_export2.3
+APIMANS += gnutls_x509_privkey_export2_pkcs8.3
APIMANS += gnutls_x509_privkey_export_dsa_raw.3
APIMANS += gnutls_x509_privkey_export_ecc_raw.3
APIMANS += gnutls_x509_privkey_export_pkcs8.3
@@ -855,7 +868,7 @@ dist_man_MANS += $(APIMANS)
$(APIMANS): stamp_mans
compare-makefile:
- FUNCS=`cat $(top_srcdir)/lib/includes/gnutls/*.h |
$(top_srcdir)/doc/scripts/getfuncs.pl|sort`; \
+ FUNCS=`cat $(top_srcdir)/lib/includes/gnutls/*.h |
$(top_srcdir)/doc/scripts/getfuncs.pl|sort -d`; \
MANS=""; \
for i in $$FUNCS; do \
MANS="$$MANS\nAPIMANS += $$i.3"; \
@@ -875,7 +888,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -889,7 +902,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -903,7 +916,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/libdane/*.c > $$i.3 2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -917,7 +930,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -931,7 +944,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -945,7 +958,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -959,7 +972,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -973,7 +986,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -987,7 +1000,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -1001,7 +1014,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -1015,7 +1028,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
@@ -1029,7 +1042,7 @@ stamp_mans: $(HEADER_FILES)
-seeinfo $(PACKAGE) -verbatimcopying \
-copyright "2012 Free Software Foundation, Inc." \
-function $$i \
- $(top_srcdir)/lib/*.c $(top_srcdir)/lib/*/*.c > $$i.3
2>/dev/null && \
+ $(C_SOURCE_FILES) > $$i.3 2>/dev/null && \
echo -n "."; \
done
@echo ""
diff --git a/doc/reference/Makefile.am b/doc/reference/Makefile.am
index 0022f7d..b3719c9 100644
--- a/doc/reference/Makefile.am
+++ b/doc/reference/Makefile.am
@@ -47,15 +47,13 @@ MKHTML_OPTIONS=
# e.g. FIXXREF_OPTIONS=--extra-dir=../gdk-pixbuf/html --extra-dir=../gdk/html
FIXXREF_OPTIONS=
+-include $(top_srcdir)/doc/doc.mk
+
# Used for dependencies. The docs will be rebuilt if any of these change.
# e.g. HFILE_GLOB=$(top_srcdir)/gtk/*.h
# e.g. CFILE_GLOB=$(top_srcdir)/gtk/*.c
-HFILE_GLOB=$(top_srcdir)/lib/includes/gnutls/*.h \
- $(top_builddir)/lib/includes/gnutls/*.h
-CFILE_GLOB=$(top_srcdir)/lib/*.c \
- $(top_srcdir)/lib/x509/*.c \
- $(top_srcdir)/lib/openpgp/*.c \
- $(top_srcdir)/lib/minitasn1/*.c
+HFILE_GLOB=$(HEADER_FILES)
+CFILE_GLOB=$(C_SOURCE_FILES)
# Extra header to include when scanning, which are not under DOC_SOURCE_DIR
# e.g. EXTRA_HFILES=$(top_srcdir}/contrib/extra.h
@@ -66,100 +64,7 @@ EXTRA_HFILES=
IGNORE_HFILES=
# find lib -name \*.h -exec basename {} \; | grep -v -e ^abstract.h$ -e
^crypto.h$ -e ^dtls.h$ -e ^gnutls.h$ -e ^openpgp.h$ -e ^pkcs11.h$ -e ^pkcs12.h$
-e ^x509.h$ -e ^ocsp.h$ -e ^tpm.h$ | sort | uniq | sed -e 's/^/\t/' -e 's/$/
\\/'
-IGNORE_HFILES += \
- abstract_int.h \
- accelerated.h \
- aes-padlock.h \
- aes-x86.h \
- algorithms.h \
- anon.h \
- cert.h \
- cert_type.h \
- common.h \
- compat.h \
- context.h \
- crypto-backend.h \
- cryptodev.h \
- debug.h \
- dh_common.h \
- ecc.h \
- ecdh_common.h \
- egd.h \
- element.h \
- filters.h \
- gnettle.h \
- gnutls_auth.h \
- gnutls_buffers.h \
- gnutls_cipher.h \
- gnutls_cipher_int.h \
- gnutls_compress.h \
- gnutls_constate.h \
- gnutls_datum.h \
- gnutls_db.h \
- gnutls_dh.h \
- gnutls_dtls.h \
- gnutls_ecc.h \
- gnutls_errors.h \
- gnutls_extensions.h \
- gnutls_global.h \
- gnutls_handshake.h \
- gnutls_hash_int.h \
- gnutls_helper.h \
- gnutls_int.h \
- gnutls_kx.h \
- gnutls_mbuffers.h \
- gnutls_mem.h \
- gnutls_mpi.h \
- gnutls_num.h \
- gnutls_openpgp.h \
- gnutls_pk.h \
- gnutls_record.h \
- gnutls_rsa_export.h \
- gnutls_session_pack.h \
- gnutls_sig.h \
- gnutls_srp.h \
- gnutls_state.h \
- gnutls_str_array.h \
- gnutls_str.h \
- gnutls_supplemental.h \
- gnutls_v2_compat.h \
- gnutls_x509.h \
- gnutlsxx.h \
- gstr.h \
- hash.h \
- heartbeat.h \
- int.h \
- keydb.h \
- libtasn1.h \
- locks.h \
- main.h \
- max_record.h \
- opencdk.h \
- openpgp_int.h \
- packet.h \
- parser_aux.h \
- pbkdf2-sha1.h \
- pin.h \
- pkcs11_int.h \
- psk.h \
- psk_passwd.h \
- randomart.h \
- random.h \
- safe_renegotiation.h \
- server_name.h \
- session_ticket.h \
- sha-padlock.h \
- signature.h \
- srp.h \
- srp_passwd.h \
- stream.h \
- structure.h \
- system.h \
- types.h \
- verify-high.h \
- x509_b64.h \
- x509_int.h \
- x86.h
+IGNORE_HFILES += $(top_srcdir)/lib/*.h $(top_srcdir)/lib/*/*.h
$(top_srcdir)/libdane/*.h
# Images to copy into HTML directory.
# e.g. HTML_IMAGES=$(top_srcdir)/gtk/stock-icons/stock_about_24.png
diff --git a/doc/reference/gnutls-docs.sgml b/doc/reference/gnutls-docs.sgml
index d22ef5e..936adf6 100644
--- a/doc/reference/gnutls-docs.sgml
+++ b/doc/reference/gnutls-docs.sgml
@@ -33,12 +33,13 @@
<xi:include href="xml/abstract.xml"/>
<xi:include href="xml/x509.xml"/>
<xi:include href="xml/openpgp.xml"/>
- <xi:include href="xml/dtls.xml"/>
<xi:include href="xml/crypto.xml"/>
<xi:include href="xml/pkcs11.xml"/>
<xi:include href="xml/pkcs12.xml"/>
- <xi:include href="xml/ocsp.xml"/>
+<!-- <xi:include href="xml/ocsp.xml"/>
+ <xi:include href="xml/dtls.xml"/>
<xi:include href="xml/tpm.xml"/>
+ <xi:include href="xml/dane.xml"/> -->
</chapter>
<index id="api-index-full">
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index 4c9eabf..4efab71 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -79,7 +79,7 @@ gnutls_global_set_log_function (gnutls_log_func log_func)
* that session might be null if there is no corresponding TLS session.
*
* @gnutls_audit_log_func is of the form,
- * void (*gnutls_audit_log_func)( gnutls_session_t, int level, const char*);
+ * void (*gnutls_audit_log_func)( gnutls_session_t, const char*);
*
* Since: 3.0
**/
diff --git a/lib/x509/privkey_openssl.c b/lib/x509/privkey_openssl.c
index 1c055ad..8d3094c 100644
--- a/lib/x509/privkey_openssl.c
+++ b/lib/x509/privkey_openssl.c
@@ -117,7 +117,8 @@ static const struct pem_cipher {
* the native gnutls_x509_privkey_t format. The
* output will be stored in @key.
*
- * The @password should be in ASCII.
+ * The @password should be in ASCII. If the password is not provided
+ * or wrong then %GNUTLS_E_DECRYPTION_FAILED will be returned.
*
* If the Certificate is PEM encoded it should have a header of
* "PRIVATE KEY" and the "DEK-Info" header.
diff --git a/src/Makefile.am b/src/Makefile.am
index 4796c70..5d5f4e6 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -46,6 +46,9 @@ endif
if ENABLE_OCSP
bin_PROGRAMS += ocsptool
endif
+if ENABLE_DANE
+bin_PROGRAMS += danetool
+endif
if ENABLE_TROUSERS
bin_PROGRAMS += tpmtool
@@ -138,6 +141,23 @@ libcmd_certtool_la_LIBADD += $(LIBOPTS_LDADD) $(LTLIBINTL)
libcmd_certtool_la_LIBADD += $(LTLIBREADLINE)
libcmd_certtool_la_LIBADD += $(INET_PTON_LIB)
+if ENABLE_DANE
+
+danetool_SOURCES = danetool.c certtool-common.c certtool-extras.c common.c
+danetool_LDADD = ../lib/libgnutls.la
+danetool_LDADD += libcmd-danetool.la ../gl/libgnu.la
+
+noinst_LTLIBRARIES += libcmd-danetool.la
+libcmd_danetool_la_CFLAGS =
+libcmd_danetool_la_SOURCES = danetool-args.c danetool-args.def danetool-args.h
\
+ certtool-cfg.h certtool-cfg.c
+libcmd_danetool_la_LIBADD = ../gl/libgnu.la ../lib/libgnutls.la
+libcmd_danetool_la_LIBADD += $(LIBOPTS_LDADD) $(LTLIBINTL)
+libcmd_danetool_la_LIBADD += $(LTLIBREADLINE)
+libcmd_danetool_la_LIBADD += $(INET_PTON_LIB)
+
+endif #ENABLE_DANE
+
# p11 tool
if ENABLE_PKCS11
@@ -175,6 +195,8 @@ endif # ENABLE_TROUSERS
BUILT_SOURCES = ocsptool-args.c p11tool-args.c psk-args.c cli-debug-args.c \
cli-args.c serv-args.c srptool-args.c certtool-args.c
+danetool-args.c: $(srcdir)/args-std.def $(srcdir)/danetool-args.def
+ -autogen danetool-args.def
ocsptool-args.c: $(srcdir)/args-std.def $(srcdir)/ocsptool-args.def
-autogen ocsptool-args.def
tpmtool-args.c: $(srcdir)/args-std.def $(srcdir)/tpmtool-args.def
diff --git a/src/certtool-args.c b/src/certtool-args.c
index 8d75122..b71148b 100644
--- a/src/certtool-args.c
+++ b/src/certtool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (certtool-args.c)
*
- * It has been AutoGen-ed October 9, 2012 at 10:58:10 PM by AutoGen 5.16
+ * It has been AutoGen-ed October 12, 2012 at 09:17:49 AM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
@@ -67,7 +67,7 @@ extern FILE * option_usage_fp;
/*
* certtool option static const strings
*/
-static char const certtool_opt_strs[5231] =
+static char const certtool_opt_strs[4697] =
/* 0 */ "certtool @address@hidden"
"Copyright (C) 2000-2012 Free Software Foundation, all rights
reserved.\n"
"This is free software. It is licensed for use, modification and\n"
@@ -248,45 +248,23 @@ static char const certtool_opt_strs[5231] =
/* 4080 */ "Cipher to use for PKCS #8 and #12 operations\0"
/* 4125 */ "PKCS_CIPHER\0"
/* 4137 */ "pkcs-cipher\0"
-/* 4149 */ "Print the DANE RR data on a certificate or public key\0"
-/* 4203 */ "DANE_TLSA_RR\0"
-/* 4216 */ "dane-tlsa-rr\0"
-/* 4229 */ "Specify the hostname to be used in the DANE RR\0"
-/* 4276 */ "DANE_HOST\0"
-/* 4286 */ "dane-host\0"
-/* 4296 */ "The protocol set for DANE data (tcp, udp etc.)\0"
-/* 4343 */ "DANE_PROTO\0"
-/* 4354 */ "dane-proto\0"
-/* 4365 */ "Specify the port number for the DANE data.\0"
-/* 4408 */ "DANE_PORT\0"
-/* 4418 */ "dane-port\0"
-/* 4428 */ "Whether the provided certificate or public key is a Certificate\n"
- "authority.\0"
-/* 4503 */ "DANE_CA\0"
-/* 4511 */ "dane-ca\0"
-/* 4519 */ "Use the hash of the X.509 certificate, rather than the public
key.\0"
-/* 4586 */ "DANE_X509\0"
-/* 4596 */ "dane-x509\0"
-/* 4606 */ "The provided certificate or public key is a local entity.\0"
-/* 4664 */ "DANE_LOCAL\0"
-/* 4675 */ "dane-local\0"
-/* 4686 */ "Display extended usage information and exit\0"
-/* 4730 */ "help\0"
-/* 4735 */ "Extended usage information passed thru pager\0"
-/* 4780 */ "more-help\0"
-/* 4790 */ "Output version information and exit\0"
-/* 4826 */ "version\0"
-/* 4834 */ "CERTTOOL\0"
-/* 4843 */ "certtool - GnuTLS PKCS #11 tool - Ver. @address@hidden"
+/* 4149 */ "Display extended usage information and exit\0"
+/* 4193 */ "help\0"
+/* 4198 */ "Extended usage information passed thru pager\0"
+/* 4243 */ "more-help\0"
+/* 4253 */ "Output version information and exit\0"
+/* 4289 */ "version\0"
+/* 4297 */ "CERTTOOL\0"
+/* 4306 */ "certtool - GnuTLS certificate tool - Ver. @address@hidden"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/* 4950 */ "address@hidden"
-/* 4969 */ "\n\n\0"
-/* 4972 */ "\n"
+/* 4416 */ "address@hidden"
+/* 4435 */ "\n\n\0"
+/* 4438 */ "\n"
"Tool to parse and generate X.509 certificates, requests and
private keys.\n"
"It can be used interactively or non interactively by specifying
the\n"
"template command line option.\n\0"
-/* 5146 */ "certtool @address@hidden"
-/* 5165 */ "certtool [options] [url]\n"
+/* 4612 */ "certtool @address@hidden"
+/* 4631 */ "certtool [options] [url]\n"
"certtool --help for usage instructions.\n";
/*
@@ -758,75 +736,13 @@ static int const aTo_P12MustList[] = {
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
- * dane-tlsa-rr option description with
- * "Must also have options" and "Incompatible options":
- */
-#define DANE_TLSA_RR_DESC (certtool_opt_strs+4149)
-#define DANE_TLSA_RR_NAME (certtool_opt_strs+4203)
-#define DANE_TLSA_RR_name (certtool_opt_strs+4216)
-static int const aDane_Tlsa_RrMustList[] = {
- INDEX_OPT_DANE_HOST, NO_EQUIVALENT };
-#define DANE_TLSA_RR_FLAGS (OPTST_DISABLED)
-
-/*
- * dane-host option description:
- */
-#define DANE_HOST_DESC (certtool_opt_strs+4229)
-#define DANE_HOST_NAME (certtool_opt_strs+4276)
-#define DANE_HOST_name (certtool_opt_strs+4286)
-#define DANE_HOST_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
-
-/*
- * dane-proto option description:
- */
-#define DANE_PROTO_DESC (certtool_opt_strs+4296)
-#define DANE_PROTO_NAME (certtool_opt_strs+4343)
-#define DANE_PROTO_name (certtool_opt_strs+4354)
-#define DANE_PROTO_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
-
-/*
- * dane-port option description:
- */
-#define DANE_PORT_DESC (certtool_opt_strs+4365)
-#define DANE_PORT_NAME (certtool_opt_strs+4408)
-#define DANE_PORT_name (certtool_opt_strs+4418)
-#define DANE_PORT_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
-
-/*
- * dane-ca option description:
- */
-#define DANE_CA_DESC (certtool_opt_strs+4428)
-#define DANE_CA_NAME (certtool_opt_strs+4503)
-#define DANE_CA_name (certtool_opt_strs+4511)
-#define DANE_CA_FLAGS (OPTST_DISABLED)
-
-/*
- * dane-x509 option description:
- */
-#define DANE_X509_DESC (certtool_opt_strs+4519)
-#define DANE_X509_NAME (certtool_opt_strs+4586)
-#define DANE_X509_name (certtool_opt_strs+4596)
-#define DANE_X509_FLAGS (OPTST_DISABLED)
-
-/*
- * dane-local option description:
- */
-#define DANE_LOCAL_DESC (certtool_opt_strs+4606)
-#define DANE_LOCAL_NAME (certtool_opt_strs+4664)
-#define DANE_LOCAL_name (certtool_opt_strs+4675)
-#define DANE_LOCAL_FLAGS (OPTST_DISABLED)
-
-/*
* Help/More_Help/Version option descriptions:
*/
-#define HELP_DESC (certtool_opt_strs+4686)
-#define HELP_name (certtool_opt_strs+4730)
+#define HELP_DESC (certtool_opt_strs+4149)
+#define HELP_name (certtool_opt_strs+4193)
#ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC (certtool_opt_strs+4735)
-#define MORE_HELP_name (certtool_opt_strs+4780)
+#define MORE_HELP_DESC (certtool_opt_strs+4198)
+#define MORE_HELP_name (certtool_opt_strs+4243)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC NULL
@@ -839,8 +755,8 @@ static int const aDane_Tlsa_RrMustList[] = {
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
-#define VER_DESC (certtool_opt_strs+4790)
-#define VER_name (certtool_opt_strs+4826)
+#define VER_DESC (certtool_opt_strs+4253)
+#define VER_name (certtool_opt_strs+4289)
/*
* Declare option callback procedures
*/
@@ -1522,90 +1438,6 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PKCS_CIPHER_DESC, PKCS_CIPHER_NAME,
PKCS_CIPHER_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 55, VALUE_OPT_DANE_TLSA_RR,
- /* equiv idx, value */ 55, VALUE_OPT_DANE_TLSA_RR,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ DANE_TLSA_RR_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --dane-tlsa-rr */
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ aDane_Tlsa_RrMustList, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ DANE_TLSA_RR_DESC, DANE_TLSA_RR_NAME,
DANE_TLSA_RR_name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 56, VALUE_OPT_DANE_HOST,
- /* equiv idx, value */ 56, VALUE_OPT_DANE_HOST,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ DANE_HOST_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --dane-host */
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ DANE_HOST_DESC, DANE_HOST_NAME, DANE_HOST_name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 57, VALUE_OPT_DANE_PROTO,
- /* equiv idx, value */ 57, VALUE_OPT_DANE_PROTO,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ DANE_PROTO_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --dane-proto */
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ DANE_PROTO_DESC, DANE_PROTO_NAME, DANE_PROTO_name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 58, VALUE_OPT_DANE_PORT,
- /* equiv idx, value */ 58, VALUE_OPT_DANE_PORT,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ DANE_PORT_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --dane-port */
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ optionNumericVal,
- /* desc, NAME, name */ DANE_PORT_DESC, DANE_PORT_NAME, DANE_PORT_name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 59, VALUE_OPT_DANE_CA,
- /* equiv idx, value */ 59, VALUE_OPT_DANE_CA,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ DANE_CA_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --dane-ca */
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ DANE_CA_DESC, DANE_CA_NAME, DANE_CA_name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 60, VALUE_OPT_DANE_X509,
- /* equiv idx, value */ 60, VALUE_OPT_DANE_X509,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ DANE_X509_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --dane-x509 */
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ DANE_X509_DESC, DANE_X509_NAME, DANE_X509_name,
- /* disablement strs */ NULL, NULL },
-
- { /* entry idx, value */ 61, VALUE_OPT_DANE_LOCAL,
- /* equiv idx, value */ 61, VALUE_OPT_DANE_LOCAL,
- /* equivalenced to */ NO_EQUIVALENT,
- /* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ DANE_LOCAL_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --dane-local */
- /* arg list/cookie */ NULL,
- /* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ DANE_LOCAL_DESC, DANE_LOCAL_NAME, DANE_LOCAL_name,
- /* disablement strs */ NULL, NULL },
-
{ /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
/* equiv idx value */ NO_EQUIVALENT, VALUE_OPT_VERSION,
/* equivalenced to */ NO_EQUIVALENT,
@@ -1650,14 +1482,14 @@ static tOptDesc optDesc[OPTION_CT] = {
*
* Define the certtool Option Environment
*/
-#define zPROGNAME (certtool_opt_strs+4834)
-#define zUsageTitle (certtool_opt_strs+4843)
+#define zPROGNAME (certtool_opt_strs+4297)
+#define zUsageTitle (certtool_opt_strs+4306)
#define zRcName NULL
#define apzHomeList NULL
-#define zBugsAddr (certtool_opt_strs+4950)
-#define zExplain (certtool_opt_strs+4969)
-#define zDetail (certtool_opt_strs+4972)
-#define zFullVersion (certtool_opt_strs+5146)
+#define zBugsAddr (certtool_opt_strs+4416)
+#define zExplain (certtool_opt_strs+4435)
+#define zDetail (certtool_opt_strs+4438)
+#define zFullVersion (certtool_opt_strs+4612)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -1671,7 +1503,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define certtool_full_usage (NULL)
-#define certtool_short_usage (certtool_opt_strs+5165)
+#define certtool_short_usage (certtool_opt_strs+4631)
#endif /* not defined __doxygen__ */
@@ -1888,7 +1720,7 @@ tOptions certtoolOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 65 /* full option count */, 62 /* user option count */,
+ 58 /* full option count */, 55 /* user option count */,
certtool_full_usage, certtool_short_usage,
NULL, NULL,
PKGDATADIR, certtool_packager_info
diff --git a/src/certtool-args.def b/src/certtool-args.def
index 50a69ad..c4d8a53 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -1,6 +1,6 @@
AutoGen Definitions options;
prog-name = certtool;
-prog-title = "GnuTLS PKCS #11 tool";
+prog-title = "GnuTLS certificate tool";
prog-desc = "Manipulate certificates and private keys.";
detail = "Tool to parse and generate X.509 certificates, requests and
private keys.
It can be used interactively or non interactively by
@@ -354,55 +354,6 @@ flag = {
doc = "Cipher may be one of 3des, 3des-pkcs12, aes-128, aes-192,
aes-256, rc2-40, arcfour.";
};
-flag = {
- name = dane-tlsa-rr;
- descrip = "Print the DANE RR data on a certificate or public key";
- flags_must = dane-host;
- doc = "This command prints the DANE RR data needed to enable DANE on a DNS
server.";
-};
-
-flag = {
- name = dane-host;
- descrip = "Specify the hostname to be used in the DANE RR";
- arg-type = string;
- arg-name = "Hostname";
- doc = "This command sets the hostname for the DANE RR.";
-};
-
-flag = {
- name = dane-proto;
- descrip = "The protocol set for DANE data (tcp, udp etc.)";
- arg-type = string;
- arg-name = "Protocol";
- doc = "This command specifies the protocol for the service set in the DANE
data.";
-};
-
-flag = {
- name = dane-port;
- arg-type = number;
- descrip = "Specify the port number for the DANE data.";
- default-value = 443;
- doc = "";
-};
-
-flag = {
- name = dane-ca;
- descrip = "Whether the provided certificate or public key is a
Certificate authority.";
- doc = "Marks the DANE RR as a CA certificate if specified.";
-};
-
-flag = {
- name = dane-x509;
- descrip = "Use the hash of the X.509 certificate, rather than the public
key.";
- doc = "This option forces the generated record to contain the hash of
the full X.509 certificate. By default only the hash of the public key is
used.";
-};
-
-flag = {
- name = dane-local;
- descrip = "The provided certificate or public key is a local entity.";
- doc = "DANE distinguishes certificates and public keys offered via
the DNSSEC to trusted and local entities. Use this flag if this is a local (and
possibly unsigned) entity.";
-};
-
doc-section = {
ds-type = 'SEE ALSO';
ds-format = 'texi';
@@ -531,31 +482,6 @@ To verify a Certificate Revocation List (CRL) do:
@example
$ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem
@end example
-
address@hidden DANE TLSA RR generation
-
-
-To create a DANE TLSA resource record for a CA signed certificate use the
following commands.
-
address@hidden
-$ certtool --dane-tlsa-rr --dane-host www.example.com --load-certificate
cert.pem
address@hidden example
-
-For a self signed certificate use:
address@hidden
-$ certtool --dane-tlsa-rr --dane-host www.example.com --load-certificate
cert.pem \
- --dane-local
address@hidden example
-
-The latter is useful to add in your DNS entry even if your certificate is
signed
-by a CA. That way even users who do not trust your CA will be able to verify
your
-certificate using DANE.
-
-In order to create a record for the signer of your certificate use:
address@hidden
-$ certtool --dane-tlsa-rr --dane-host www.example.com --load-certificate
cert.pem \
- --dane-ca
address@hidden example
_EOT_;
};
diff --git a/src/certtool-args.h b/src/certtool-args.h
index 92b384c..c328d59 100644
--- a/src/certtool-args.h
+++ b/src/certtool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (certtool-args.h)
*
- * It has been AutoGen-ed October 9, 2012 at 10:58:10 PM by AutoGen 5.16
+ * It has been AutoGen-ed October 12, 2012 at 09:17:49 AM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
@@ -122,19 +122,12 @@ typedef enum {
INDEX_OPT_DISABLE_QUICK_RANDOM = 52,
INDEX_OPT_TEMPLATE = 53,
INDEX_OPT_PKCS_CIPHER = 54,
- INDEX_OPT_DANE_TLSA_RR = 55,
- INDEX_OPT_DANE_HOST = 56,
- INDEX_OPT_DANE_PROTO = 57,
- INDEX_OPT_DANE_PORT = 58,
- INDEX_OPT_DANE_CA = 59,
- INDEX_OPT_DANE_X509 = 60,
- INDEX_OPT_DANE_LOCAL = 61,
- INDEX_OPT_VERSION = 62,
- INDEX_OPT_HELP = 63,
- INDEX_OPT_MORE_HELP = 64
+ INDEX_OPT_VERSION = 55,
+ INDEX_OPT_HELP = 56,
+ INDEX_OPT_MORE_HELP = 57
} teOptIndex;
-#define OPTION_CT 65
+#define OPTION_CT 58
#define CERTTOOL_VERSION "@VERSION@"
#define CERTTOOL_FULL_VERSION "certtool @VERSION@"
@@ -231,15 +224,6 @@ typedef enum {
#define VALUE_OPT_DISABLE_QUICK_RANDOM 148
#define VALUE_OPT_TEMPLATE 149
#define VALUE_OPT_PKCS_CIPHER 150
-#define VALUE_OPT_DANE_TLSA_RR 151
-#define VALUE_OPT_DANE_HOST 152
-#define VALUE_OPT_DANE_PROTO 153
-#define VALUE_OPT_DANE_PORT 154
-
-#define OPT_VALUE_DANE_PORT (DESC(DANE_PORT).optArg.argInt)
-#define VALUE_OPT_DANE_CA 155
-#define VALUE_OPT_DANE_X509 156
-#define VALUE_OPT_DANE_LOCAL 157
#define VALUE_OPT_HELP 'h'
#define VALUE_OPT_MORE_HELP '!'
#define VALUE_OPT_VERSION 'v'
diff --git a/src/certtool.c b/src/certtool.c
index 10e0478..81ec142 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -73,8 +73,6 @@ void generate_request (common_info_st *);
static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out,
unsigned int all);
static void verify_certificate (common_info_st * cinfo);
-static void dane_info(const char* host, const char* proto, unsigned int port,
- unsigned int ca, unsigned int local, common_info_st *
cinfo);
FILE *outfile;
FILE *infile;
@@ -1081,9 +1079,6 @@ cmd_parser (int argc, char **argv)
#endif
else if (HAVE_OPT(CRQ_INFO))
crq_info ();
- else if (HAVE_OPT(DANE_TLSA_RR))
- dane_info (OPT_ARG(DANE_HOST), OPT_ARG(DANE_PROTO), OPT_VALUE_DANE_PORT,
- HAVE_OPT(DANE_CA), HAVE_OPT(DANE_LOCAL), &cinfo);
else
USAGE(1);
@@ -1095,116 +1090,6 @@ cmd_parser (int argc, char **argv)
gnutls_global_deinit ();
}
-static void dane_info(const char* host, const char* proto, unsigned int port,
- unsigned int ca, unsigned int local, common_info_st *
cinfo)
-{
- gnutls_pubkey_t pubkey;
- gnutls_x509_crt_t crt;
- unsigned char digest[64];
- gnutls_datum_t t;
- int ret;
- unsigned int usage, selector, type;
- size_t size;
-
- if (proto == NULL)
- proto = "tcp";
- if (port == 0)
- port = 443;
-
- crt = load_cert (0, cinfo);
- if (crt != NULL && HAVE_OPT(DANE_X509))
- {
- selector = 0; /* X.509 */
-
- size = buffer_size;
- ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, buffer, &size);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-
- gnutls_x509_crt_deinit (crt);
- }
- else /* use public key only */
- {
- selector = 1;
-
- ret = gnutls_pubkey_init (&pubkey);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret));
-
- if (crt != NULL)
- {
-
- ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
- if (ret < 0)
- {
- error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
- gnutls_strerror (ret));
- }
-
- size = buffer_size;
- ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer,
&size);
- if (ret < 0)
- {
- error (EXIT_FAILURE, 0, "pubkey_export: %s",
- gnutls_strerror (ret));
- }
-
- gnutls_x509_crt_deinit(crt);
- }
- else
- {
- pubkey = load_pubkey (1, cinfo);
-
- size = buffer_size;
- ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer,
&size);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
- }
-
- gnutls_pubkey_deinit (pubkey);
- }
-
- if (default_dig != GNUTLS_DIG_SHA256 && default_dig != GNUTLS_DIG_SHA512)
- {
- if (default_dig != GNUTLS_DIG_UNKNOWN) fprintf(stderr, "Unsupported
digest. Assuming SHA256.\n");
- default_dig = GNUTLS_DIG_SHA256;
- }
-
- ret = gnutls_hash_fast(default_dig, buffer, size, digest);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "hash error: %s", gnutls_strerror (ret));
-
- if (default_dig == GNUTLS_DIG_SHA256)
- type = 1;
- else type = 2;
-
- /* DANE certificate classification crap */
- if (local==0)
- {
- if (ca) usage = 0;
- else usage = 1;
- }
- else
- {
- if (ca) usage = 2;
- else usage = 3;
- }
-
- t.data = digest;
- t.size = gnutls_hash_get_len(default_dig);
-
- size = buffer_size;
- ret = gnutls_hex_encode(&t, (void*)buffer, &size);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "hex encode error: %s", gnutls_strerror (ret));
-
- fprintf(outfile, "_%u._%s.%s. IN TLSA ( %x %x %x %s )\n", port, proto, host,
usage, selector, type, buffer);
-
-
-
-}
-
-
#define MAX_CRTS 500
void
certificate_info (int pubkey, common_info_st * cinfo)
diff --git a/src/tpmtool-args.c b/src/danetool-args.c
similarity index 54%
copy from src/tpmtool-args.c
copy to src/danetool-args.c
index 886e522..c89443c 100644
--- a/src/tpmtool-args.c
+++ b/src/danetool-args.c
@@ -1,22 +1,22 @@
/* -*- buffer-read-only: t -*- vi: set ro:
*
- * DO NOT EDIT THIS FILE (tpmtool-args.c)
+ * DO NOT EDIT THIS FILE (danetool-args.c)
*
- * It has been AutoGen-ed July 21, 2012 at 10:09:08 PM by AutoGen 5.16
- * From the definitions tpmtool-args.def
+ * It has been AutoGen-ed October 12, 2012 at 09:16:57 AM by AutoGen 5.16
+ * From the definitions danetool-args.def
* and the template file options
*
* Generated from AutoOpts 36:4:11 templates.
*
* AutoOpts is a copyrighted work. This source file is not encumbered
* by AutoOpts licensing, but is provided under the licensing terms chosen
- * by the tpmtool author or copyright holder. AutoOpts is
+ * by the danetool author or copyright holder. AutoOpts is
* licensed under the terms of the LGPL. The redistributable library
* (``libopts'') is licensed under the terms of either the LGPL or, at the
* users discretion, the BSD license. See the AutoOpts and/or libopts sources
* for details.
*
- * The tpmtool program is copyrighted and licensed
+ * The danetool program is copyrighted and licensed
* under the following terms:
*
* Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.
@@ -25,12 +25,12 @@
* GNU General Public License, version 3 or later
* <http://gnu.org/licenses/gpl.html>
*
- * tpmtool is free software: you can redistribute it and/or modify it
+ * danetool is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
- * tpmtool is distributed in the hope that it will be useful, but
+ * danetool is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
@@ -41,7 +41,7 @@
#ifndef __doxygen__
#define OPTION_CODE_COMPILE 1
-#include "tpmtool-args.h"
+#include "danetool-args.h"
#include <sys/types.h>
#include <limits.h>
@@ -56,8 +56,8 @@ extern FILE * option_usage_fp;
/* TRANSLATORS: choose the translation for option names wisely because you
cannot ever change your mind. */
-#define zCopyright (tpmtool_opt_strs+0)
-#define zLicenseDescrip (tpmtool_opt_strs+278)
+#define zCopyright (danetool_opt_strs+0)
+#define zLicenseDescrip (danetool_opt_strs+279)
#ifndef NULL
@@ -65,261 +65,264 @@ extern FILE * option_usage_fp;
#endif
/*
- * tpmtool option static const strings
+ * danetool option static const strings
*/
-static char const tpmtool_opt_strs[2126] =
-/* 0 */ "tpmtool @address@hidden"
+static char const danetool_opt_strs[2268] =
+/* 0 */ "danetool @address@hidden"
"Copyright (C) 2000-2012 Free Software Foundation, all rights
reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the\n"
"GNU General Public License, version 3 or later\n"
" <http://gnu.org/licenses/gpl.html>\n\0"
-/* 278 */ "tpmtool is free software: you can redistribute it and/or modify
it under\n"
+/* 279 */ "danetool is free software: you can redistribute it and/or modify
it under\n"
"the terms of the GNU General Public License as published by the
Free\n"
"Software Foundation, either version 3 of the License, or (at your
option)\n"
"any later version.\n\n"
- "tpmtool is distributed in the hope that it will be useful, but
WITHOUT ANY\n"
+ "danetool is distributed in the hope that it will be useful, but
WITHOUT ANY\n"
"WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS\n"
"FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more\n"
"details.\n\n"
"You should have received a copy of the GNU General Public License
along\n"
"with this program. If not, see
<http://www.gnu.org/licenses/>.\n\0"
-/* 881 */ "Enable debugging.\0"
-/* 899 */ "DEBUG\0"
-/* 905 */ "debug\0"
-/* 911 */ "Input file\0"
-/* 922 */ "INFILE\0"
-/* 929 */ "infile\0"
-/* 936 */ "Output file\0"
-/* 948 */ "OUTFILE\0"
-/* 956 */ "outfile\0"
-/* 964 */ "Generate an RSA private-public key pair\0"
-/* 1004 */ "GENERATE_RSA\0"
-/* 1017 */ "generate-rsa\0"
-/* 1030 */ "Any generated key will be registered in the TPM\0"
-/* 1078 */ "REGISTER\0"
-/* 1087 */ "register\0"
-/* 1096 */ "Any generated key will be a signing key\0"
-/* 1136 */ "SIGNING\0"
-/* 1144 */ "signing\0"
-/* 1152 */ "Any generated key will be a legacy key\0"
-/* 1191 */ "LEGACY\0"
-/* 1198 */ "legacy\0"
-/* 1205 */ "Any registered key will be a user key\0"
-/* 1243 */ "USER\0"
-/* 1248 */ "user\0"
-/* 1253 */ "Any registred key will be a system key\0"
-/* 1292 */ "SYSTEM\0"
-/* 1299 */ "system\0"
-/* 1306 */ "Prints the public key of the provided key\0"
-/* 1348 */ "PUBKEY\0"
-/* 1355 */ "pubkey\0"
-/* 1362 */ "Lists all stored keys in the TPM\0"
-/* 1395 */ "LIST\0"
-/* 1400 */ "list\0"
-/* 1405 */ "Delete the key identified by the given URL (UUID).\0"
-/* 1456 */ "DELETE\0"
-/* 1463 */ "delete\0"
-/* 1470 */ "Specify the security level [low, legacy, normal, high, ultra].\0"
-/* 1533 */ "SEC_PARAM\0"
-/* 1543 */ "sec-param\0"
-/* 1553 */ "Specify the number of bits for key generate\0"
-/* 1597 */ "BITS\0"
-/* 1602 */ "bits\0"
-/* 1607 */ "Use the DER format for keys.\0"
-/* 1636 */ "INDER\0"
-/* 1642 */ "no-inder\0"
-/* 1651 */ "no\0"
-/* 1654 */ "Use DER format for output keys\0"
-/* 1685 */ "OUTDER\0"
-/* 1692 */ "no-outder\0"
-/* 1702 */ "Display extended usage information and exit\0"
-/* 1746 */ "help\0"
-/* 1751 */ "Extended usage information passed thru pager\0"
-/* 1796 */ "more-help\0"
-/* 1806 */ "Output version information and exit\0"
-/* 1842 */ "version\0"
-/* 1850 */ "TPMTOOL\0"
-/* 1858 */ "tpmtool - GnuTLS TPM tool - Ver. @address@hidden"
+/* 884 */ "Enable debugging.\0"
+/* 902 */ "DEBUG\0"
+/* 908 */ "debug\0"
+/* 914 */ "More verbose output\0"
+/* 934 */ "VERBOSE\0"
+/* 942 */ "verbose\0"
+/* 950 */ "Input file\0"
+/* 961 */ "INFILE\0"
+/* 968 */ "infile\0"
+/* 975 */ "Output file\0"
+/* 987 */ "OUTFILE\0"
+/* 995 */ "outfile\0"
+/* 1003 */ "Loads a public key file\0"
+/* 1027 */ "LOAD_PUBKEY\0"
+/* 1039 */ "load-pubkey\0"
+/* 1051 */ "Loads a certificate file\0"
+/* 1076 */ "LOAD_CERTIFICATE\0"
+/* 1093 */ "load-certificate\0"
+/* 1110 */ "Hash algorithm to use for signing.\0"
+/* 1145 */ "HASH\0"
+/* 1150 */ "hash\0"
+/* 1155 */ "Use DER format for input certificates and private keys.\0"
+/* 1211 */ "INDER\0"
+/* 1217 */ "no-inder\0"
+/* 1226 */ "no\0"
+/* 1229 */ "This is an alias for 'inder'\0"
+/* 1258 */ "inraw\0"
+/* 1264 */ "Use DER format for output certificates and private keys\0"
+/* 1320 */ "OUTDER\0"
+/* 1327 */ "no-outder\0"
+/* 1337 */ "This is an alias for 'outder'\0"
+/* 1367 */ "outraw\0"
+/* 1374 */ "Print the DANE RR data on a certificate or public key\0"
+/* 1428 */ "TLSA_RR\0"
+/* 1436 */ "tlsa-rr\0"
+/* 1444 */ "Specify the hostname to be used in the DANE RR\0"
+/* 1491 */ "HOST\0"
+/* 1496 */ "host\0"
+/* 1501 */ "The protocol set for DANE data (tcp, udp etc.)\0"
+/* 1548 */ "PROTO\0"
+/* 1554 */ "proto\0"
+/* 1560 */ "Specify the port number for the DANE data.\0"
+/* 1603 */ "PORT\0"
+/* 1608 */ "port\0"
+/* 1613 */ "Whether the provided certificate or public key is a Certificate\n"
+ "authority.\0"
+/* 1688 */ "CA\0"
+/* 1691 */ "ca\0"
+/* 1694 */ "Use the hash of the X.509 certificate, rather than the public
key.\0"
+/* 1761 */ "X509\0"
+/* 1766 */ "x509\0"
+/* 1771 */ "The provided certificate or public key is a local entity.\0"
+/* 1829 */ "LOCAL\0"
+/* 1835 */ "local\0"
+/* 1841 */ "Display extended usage information and exit\0"
+/* 1885 */ "help\0"
+/* 1890 */ "Extended usage information passed thru pager\0"
+/* 1935 */ "more-help\0"
+/* 1945 */ "Output version information and exit\0"
+/* 1981 */ "version\0"
+/* 1989 */ "DANETOOL\0"
+/* 1998 */ "danetool - GnuTLS DANE tool - Ver. @address@hidden"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/* 1959 */ "address@hidden"
-/* 1978 */ "\n\n\0"
-/* 1981 */ "\n"
- "Program that allows handling cryptographic data from the TPM
chip.\n\0"
-/* 2050 */ "tpmtool @address@hidden"
-/* 2068 */ "tpmtool [options]\n"
- "tpmtool --help for usage instructions.\n";
+/* 2101 */ "address@hidden"
+/* 2120 */ "\n\n\0"
+/* 2123 */ "\n"
+ "Tool generate DNS resource records for the DANE protocol.\n\0"
+/* 2183 */ "danetool @address@hidden"
+/* 2202 */ "danetool [options] [url]\n"
+ "danetool --help for usage instructions.\n";
/*
* debug option description:
*/
-#define DEBUG_DESC (tpmtool_opt_strs+881)
-#define DEBUG_NAME (tpmtool_opt_strs+899)
-#define DEBUG_name (tpmtool_opt_strs+905)
+#define DEBUG_DESC (danetool_opt_strs+884)
+#define DEBUG_NAME (danetool_opt_strs+902)
+#define DEBUG_name (danetool_opt_strs+908)
#define DEBUG_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
+ * verbose option description:
+ */
+#define VERBOSE_DESC (danetool_opt_strs+914)
+#define VERBOSE_NAME (danetool_opt_strs+934)
+#define VERBOSE_name (danetool_opt_strs+942)
+#define VERBOSE_FLAGS (OPTST_DISABLED)
+
+/*
* infile option description:
*/
-#define INFILE_DESC (tpmtool_opt_strs+911)
-#define INFILE_NAME (tpmtool_opt_strs+922)
-#define INFILE_name (tpmtool_opt_strs+929)
+#define INFILE_DESC (danetool_opt_strs+950)
+#define INFILE_NAME (danetool_opt_strs+961)
+#define INFILE_name (danetool_opt_strs+968)
#define INFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
/*
* outfile option description:
*/
-#define OUTFILE_DESC (tpmtool_opt_strs+936)
-#define OUTFILE_NAME (tpmtool_opt_strs+948)
-#define OUTFILE_name (tpmtool_opt_strs+956)
+#define OUTFILE_DESC (danetool_opt_strs+975)
+#define OUTFILE_NAME (danetool_opt_strs+987)
+#define OUTFILE_name (danetool_opt_strs+995)
#define OUTFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
- * generate-rsa option description:
+ * load-pubkey option description:
*/
-#define GENERATE_RSA_DESC (tpmtool_opt_strs+964)
-#define GENERATE_RSA_NAME (tpmtool_opt_strs+1004)
-#define GENERATE_RSA_name (tpmtool_opt_strs+1017)
-#define GENERATE_RSA_FLAGS (OPTST_DISABLED)
+#define LOAD_PUBKEY_DESC (danetool_opt_strs+1003)
+#define LOAD_PUBKEY_NAME (danetool_opt_strs+1027)
+#define LOAD_PUBKEY_name (danetool_opt_strs+1039)
+#define LOAD_PUBKEY_FLAGS (OPTST_DISABLED \
+ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
- * register option description with
- * "Must also have options" and "Incompatible options":
+ * load-certificate option description:
*/
-#define REGISTER_DESC (tpmtool_opt_strs+1030)
-#define REGISTER_NAME (tpmtool_opt_strs+1078)
-#define REGISTER_name (tpmtool_opt_strs+1087)
-static int const aRegisterMustList[] = {
- INDEX_OPT_GENERATE_RSA, NO_EQUIVALENT };
-#define REGISTER_FLAGS (OPTST_DISABLED)
+#define LOAD_CERTIFICATE_DESC (danetool_opt_strs+1051)
+#define LOAD_CERTIFICATE_NAME (danetool_opt_strs+1076)
+#define LOAD_CERTIFICATE_name (danetool_opt_strs+1093)
+#define LOAD_CERTIFICATE_FLAGS (OPTST_DISABLED \
+ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
- * signing option description with
- * "Must also have options" and "Incompatible options":
+ * hash option description:
*/
-#define SIGNING_DESC (tpmtool_opt_strs+1096)
-#define SIGNING_NAME (tpmtool_opt_strs+1136)
-#define SIGNING_name (tpmtool_opt_strs+1144)
-static int const aSigningMustList[] = {
- INDEX_OPT_GENERATE_RSA, NO_EQUIVALENT };
-static int const aSigningCantList[] = {
- INDEX_OPT_LEGACY, NO_EQUIVALENT };
-#define SIGNING_FLAGS (OPTST_DISABLED)
+#define HASH_DESC (danetool_opt_strs+1110)
+#define HASH_NAME (danetool_opt_strs+1145)
+#define HASH_name (danetool_opt_strs+1150)
+#define HASH_FLAGS (OPTST_DISABLED \
+ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
- * legacy option description with
- * "Must also have options" and "Incompatible options":
+ * inder option description:
*/
-#define LEGACY_DESC (tpmtool_opt_strs+1152)
-#define LEGACY_NAME (tpmtool_opt_strs+1191)
-#define LEGACY_name (tpmtool_opt_strs+1198)
-static int const aLegacyMustList[] = {
- INDEX_OPT_GENERATE_RSA, NO_EQUIVALENT };
-static int const aLegacyCantList[] = {
- INDEX_OPT_SIGNING, NO_EQUIVALENT };
-#define LEGACY_FLAGS (OPTST_DISABLED)
+#define INDER_DESC (danetool_opt_strs+1155)
+#define INDER_NAME (danetool_opt_strs+1211)
+#define NOT_INDER_name (danetool_opt_strs+1217)
+#define NOT_INDER_PFX (danetool_opt_strs+1226)
+#define INDER_name (NOT_INDER_name + 3)
+#define INDER_FLAGS (OPTST_DISABLED)
/*
- * user option description with
- * "Must also have options" and "Incompatible options":
+ * inraw option description:
*/
-#define USER_DESC (tpmtool_opt_strs+1205)
-#define USER_NAME (tpmtool_opt_strs+1243)
-#define USER_name (tpmtool_opt_strs+1248)
-static int const aUserMustList[] = {
- INDEX_OPT_REGISTER, NO_EQUIVALENT };
-static int const aUserCantList[] = {
- INDEX_OPT_SYSTEM, NO_EQUIVALENT };
-#define USER_FLAGS (OPTST_DISABLED)
+#define INRAW_DESC (danetool_opt_strs+1229)
+#define INRAW_NAME NULL
+#define INRAW_name (danetool_opt_strs+1258)
+#define INRAW_FLAGS (INDER_FLAGS | OPTST_ALIAS)
/*
- * system option description with
- * "Must also have options" and "Incompatible options":
+ * outder option description:
*/
-#define SYSTEM_DESC (tpmtool_opt_strs+1253)
-#define SYSTEM_NAME (tpmtool_opt_strs+1292)
-#define SYSTEM_name (tpmtool_opt_strs+1299)
-static int const aSystemMustList[] = {
- INDEX_OPT_REGISTER, NO_EQUIVALENT };
-static int const aSystemCantList[] = {
- INDEX_OPT_USER, NO_EQUIVALENT };
-#define SYSTEM_FLAGS (OPTST_DISABLED)
+#define OUTDER_DESC (danetool_opt_strs+1264)
+#define OUTDER_NAME (danetool_opt_strs+1320)
+#define NOT_OUTDER_name (danetool_opt_strs+1327)
+#define NOT_OUTDER_PFX (danetool_opt_strs+1226)
+#define OUTDER_name (NOT_OUTDER_name + 3)
+#define OUTDER_FLAGS (OPTST_DISABLED)
/*
- * pubkey option description:
+ * outraw option description:
*/
-#define PUBKEY_DESC (tpmtool_opt_strs+1306)
-#define PUBKEY_NAME (tpmtool_opt_strs+1348)
-#define PUBKEY_name (tpmtool_opt_strs+1355)
-#define PUBKEY_FLAGS (OPTST_DISABLED \
- | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
+#define OUTRAW_DESC (danetool_opt_strs+1337)
+#define OUTRAW_NAME NULL
+#define OUTRAW_name (danetool_opt_strs+1367)
+#define OUTRAW_FLAGS (OUTDER_FLAGS | OPTST_ALIAS)
/*
- * list option description:
+ * tlsa-rr option description with
+ * "Must also have options" and "Incompatible options":
*/
-#define LIST_DESC (tpmtool_opt_strs+1362)
-#define LIST_NAME (tpmtool_opt_strs+1395)
-#define LIST_name (tpmtool_opt_strs+1400)
-#define LIST_FLAGS (OPTST_DISABLED)
+#define TLSA_RR_DESC (danetool_opt_strs+1374)
+#define TLSA_RR_NAME (danetool_opt_strs+1428)
+#define TLSA_RR_name (danetool_opt_strs+1436)
+static int const aTlsa_RrMustList[] = {
+ INDEX_OPT_HOST, NO_EQUIVALENT };
+#define TLSA_RR_FLAGS (OPTST_DISABLED)
/*
- * delete option description:
+ * host option description:
*/
-#define DELETE_DESC (tpmtool_opt_strs+1405)
-#define DELETE_NAME (tpmtool_opt_strs+1456)
-#define DELETE_name (tpmtool_opt_strs+1463)
-#define DELETE_FLAGS (OPTST_DISABLED \
+#define HOST_DESC (danetool_opt_strs+1444)
+#define HOST_NAME (danetool_opt_strs+1491)
+#define HOST_name (danetool_opt_strs+1496)
+#define HOST_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
- * sec-param option description:
+ * proto option description:
*/
-#define SEC_PARAM_DESC (tpmtool_opt_strs+1470)
-#define SEC_PARAM_NAME (tpmtool_opt_strs+1533)
-#define SEC_PARAM_name (tpmtool_opt_strs+1543)
-#define SEC_PARAM_FLAGS (OPTST_DISABLED \
+#define PROTO_DESC (danetool_opt_strs+1501)
+#define PROTO_NAME (danetool_opt_strs+1548)
+#define PROTO_name (danetool_opt_strs+1554)
+#define PROTO_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
- * bits option description:
+ * port option description:
*/
-#define BITS_DESC (tpmtool_opt_strs+1553)
-#define BITS_NAME (tpmtool_opt_strs+1597)
-#define BITS_name (tpmtool_opt_strs+1602)
-#define BITS_FLAGS (OPTST_DISABLED \
+#define PORT_DESC (danetool_opt_strs+1560)
+#define PORT_NAME (danetool_opt_strs+1603)
+#define PORT_name (danetool_opt_strs+1608)
+#define PORT_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
- * inder option description:
+ * ca option description:
*/
-#define INDER_DESC (tpmtool_opt_strs+1607)
-#define INDER_NAME (tpmtool_opt_strs+1636)
-#define NOT_INDER_name (tpmtool_opt_strs+1642)
-#define NOT_INDER_PFX (tpmtool_opt_strs+1651)
-#define INDER_name (NOT_INDER_name + 3)
-#define INDER_FLAGS (OPTST_DISABLED)
+#define CA_DESC (danetool_opt_strs+1613)
+#define CA_NAME (danetool_opt_strs+1688)
+#define CA_name (danetool_opt_strs+1691)
+#define CA_FLAGS (OPTST_DISABLED)
/*
- * outder option description:
+ * x509 option description:
*/
-#define OUTDER_DESC (tpmtool_opt_strs+1654)
-#define OUTDER_NAME (tpmtool_opt_strs+1685)
-#define NOT_OUTDER_name (tpmtool_opt_strs+1692)
-#define NOT_OUTDER_PFX (tpmtool_opt_strs+1651)
-#define OUTDER_name (NOT_OUTDER_name + 3)
-#define OUTDER_FLAGS (OPTST_DISABLED)
+#define X509_DESC (danetool_opt_strs+1694)
+#define X509_NAME (danetool_opt_strs+1761)
+#define X509_name (danetool_opt_strs+1766)
+#define X509_FLAGS (OPTST_DISABLED)
+
+/*
+ * local option description:
+ */
+#define LOCAL_DESC (danetool_opt_strs+1771)
+#define LOCAL_NAME (danetool_opt_strs+1829)
+#define LOCAL_name (danetool_opt_strs+1835)
+#define LOCAL_FLAGS (OPTST_DISABLED)
/*
* Help/More_Help/Version option descriptions:
*/
-#define HELP_DESC (tpmtool_opt_strs+1702)
-#define HELP_name (tpmtool_opt_strs+1746)
+#define HELP_DESC (danetool_opt_strs+1841)
+#define HELP_name (danetool_opt_strs+1885)
#ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC (tpmtool_opt_strs+1751)
-#define MORE_HELP_name (tpmtool_opt_strs+1796)
+#define MORE_HELP_DESC (danetool_opt_strs+1890)
+#define MORE_HELP_name (danetool_opt_strs+1935)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC NULL
@@ -332,8 +335,8 @@ static int const aSystemCantList[] = {
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
-#define VER_DESC (tpmtool_opt_strs+1806)
-#define VER_name (tpmtool_opt_strs+1842)
+#define VER_DESC (danetool_opt_strs+1945)
+#define VER_name (danetool_opt_strs+1981)
/*
* Declare option callback procedures
*/
@@ -343,14 +346,14 @@ extern tOptProc
optionStackArg, optionTimeDate, optionTimeVal,
optionUnstackArg, optionVendorOption;
static tOptProc
- doOptDebug, doOptInfile, doUsageOpt;
+ doOptDebug, doOptInfile, doOptInraw, doOptOutraw, doUsageOpt;
#define VER_PROC optionPrintVersion
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
/**
- * Define the tpmtool Option Descriptions.
+ * Define the danetool Option Descriptions.
* This is an array of OPTION_CT entries, one for each
- * option that the tpmtool program responds to.
+ * option that the danetool program responds to.
*/
static tOptDesc optDesc[OPTION_CT] = {
{ /* entry idx, value */ 0, VALUE_OPT_DEBUG,
@@ -365,8 +368,20 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DEBUG_DESC, DEBUG_NAME, DEBUG_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 1, VALUE_OPT_INFILE,
- /* equiv idx, value */ 1, VALUE_OPT_INFILE,
+ { /* entry idx, value */ 1, VALUE_OPT_VERBOSE,
+ /* equiv idx, value */ 1, VALUE_OPT_VERBOSE,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, NOLIMIT, 0,
+ /* opt state flags */ VERBOSE_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --verbose */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ VERBOSE_DESC, VERBOSE_NAME, VERBOSE_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 2, VALUE_OPT_INFILE,
+ /* equiv idx, value */ 2, VALUE_OPT_INFILE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ INFILE_FLAGS, 0,
@@ -377,8 +392,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ INFILE_DESC, INFILE_NAME, INFILE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 2, VALUE_OPT_OUTFILE,
- /* equiv idx, value */ 2, VALUE_OPT_OUTFILE,
+ { /* entry idx, value */ 3, VALUE_OPT_OUTFILE,
+ /* equiv idx, value */ 3, VALUE_OPT_OUTFILE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ OUTFILE_FLAGS, 0,
@@ -389,161 +404,173 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ OUTFILE_DESC, OUTFILE_NAME, OUTFILE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 3, VALUE_OPT_GENERATE_RSA,
- /* equiv idx, value */ 3, VALUE_OPT_GENERATE_RSA,
+ { /* entry idx, value */ 4, VALUE_OPT_LOAD_PUBKEY,
+ /* equiv idx, value */ 4, VALUE_OPT_LOAD_PUBKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ GENERATE_RSA_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --generate-rsa */
+ /* opt state flags */ LOAD_PUBKEY_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --load-pubkey */
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ GENERATE_RSA_DESC, GENERATE_RSA_NAME,
GENERATE_RSA_name,
+ /* desc, NAME, name */ LOAD_PUBKEY_DESC, LOAD_PUBKEY_NAME,
LOAD_PUBKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 4, VALUE_OPT_REGISTER,
- /* equiv idx, value */ 4, VALUE_OPT_REGISTER,
+ { /* entry idx, value */ 5, VALUE_OPT_LOAD_CERTIFICATE,
+ /* equiv idx, value */ 5, VALUE_OPT_LOAD_CERTIFICATE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ REGISTER_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --register */
+ /* opt state flags */ LOAD_CERTIFICATE_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --load-certificate */
/* arg list/cookie */ NULL,
- /* must/cannot opts */ aRegisterMustList, NULL,
+ /* must/cannot opts */ NULL, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ REGISTER_DESC, REGISTER_NAME, REGISTER_name,
+ /* desc, NAME, name */ LOAD_CERTIFICATE_DESC, LOAD_CERTIFICATE_NAME,
LOAD_CERTIFICATE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 5, VALUE_OPT_SIGNING,
- /* equiv idx, value */ 5, VALUE_OPT_SIGNING,
+ { /* entry idx, value */ 6, VALUE_OPT_HASH,
+ /* equiv idx, value */ 6, VALUE_OPT_HASH,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ SIGNING_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --signing */
+ /* opt state flags */ HASH_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --hash */
/* arg list/cookie */ NULL,
- /* must/cannot opts */ aSigningMustList, aSigningCantList,
+ /* must/cannot opts */ NULL, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ SIGNING_DESC, SIGNING_NAME, SIGNING_name,
+ /* desc, NAME, name */ HASH_DESC, HASH_NAME, HASH_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 6, VALUE_OPT_LEGACY,
- /* equiv idx, value */ 6, VALUE_OPT_LEGACY,
+ { /* entry idx, value */ 7, VALUE_OPT_INDER,
+ /* equiv idx, value */ 7, VALUE_OPT_INDER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ LEGACY_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --legacy */
+ /* opt state flags */ INDER_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --inder */
/* arg list/cookie */ NULL,
- /* must/cannot opts */ aLegacyMustList, aLegacyCantList,
+ /* must/cannot opts */ NULL, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ LEGACY_DESC, LEGACY_NAME, LEGACY_name,
- /* disablement strs */ NULL, NULL },
+ /* desc, NAME, name */ INDER_DESC, INDER_NAME, INDER_name,
+ /* disablement strs */ NOT_INDER_name, NOT_INDER_PFX },
- { /* entry idx, value */ 7, VALUE_OPT_USER,
- /* equiv idx, value */ 7, VALUE_OPT_USER,
+ { /* entry idx, value */ 8, VALUE_OPT_INRAW,
+ /* equiv idx, value */ 8, VALUE_OPT_INRAW,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ USER_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --user */
+ /* opt state flags */ INRAW_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --inraw */
/* arg list/cookie */ NULL,
- /* must/cannot opts */ aUserMustList, aUserCantList,
- /* option proc */ NULL,
- /* desc, NAME, name */ USER_DESC, USER_NAME, USER_name,
- /* disablement strs */ NULL, NULL },
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ doOptInraw,
+ /* desc, NAME, name */ INRAW_DESC, INRAW_NAME, INRAW_name,
+ /* disablement strs */ 0, 0 },
- { /* entry idx, value */ 8, VALUE_OPT_SYSTEM,
- /* equiv idx, value */ 8, VALUE_OPT_SYSTEM,
+ { /* entry idx, value */ 9, VALUE_OPT_OUTDER,
+ /* equiv idx, value */ 9, VALUE_OPT_OUTDER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ SYSTEM_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --system */
+ /* opt state flags */ OUTDER_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --outder */
/* arg list/cookie */ NULL,
- /* must/cannot opts */ aSystemMustList, aSystemCantList,
+ /* must/cannot opts */ NULL, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ SYSTEM_DESC, SYSTEM_NAME, SYSTEM_name,
- /* disablement strs */ NULL, NULL },
+ /* desc, NAME, name */ OUTDER_DESC, OUTDER_NAME, OUTDER_name,
+ /* disablement strs */ NOT_OUTDER_name, NOT_OUTDER_PFX },
- { /* entry idx, value */ 9, VALUE_OPT_PUBKEY,
- /* equiv idx, value */ 9, VALUE_OPT_PUBKEY,
+ { /* entry idx, value */ 10, VALUE_OPT_OUTRAW,
+ /* equiv idx, value */ 10, VALUE_OPT_OUTRAW,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ PUBKEY_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --pubkey */
+ /* opt state flags */ OUTRAW_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --outraw */
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
+ /* option proc */ doOptOutraw,
+ /* desc, NAME, name */ OUTRAW_DESC, OUTRAW_NAME, OUTRAW_name,
+ /* disablement strs */ 0, 0 },
+
+ { /* entry idx, value */ 11, VALUE_OPT_TLSA_RR,
+ /* equiv idx, value */ 11, VALUE_OPT_TLSA_RR,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ TLSA_RR_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --tlsa-rr */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ aTlsa_RrMustList, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ PUBKEY_DESC, PUBKEY_NAME, PUBKEY_name,
+ /* desc, NAME, name */ TLSA_RR_DESC, TLSA_RR_NAME, TLSA_RR_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 10, VALUE_OPT_LIST,
- /* equiv idx, value */ 10, VALUE_OPT_LIST,
+ { /* entry idx, value */ 12, VALUE_OPT_HOST,
+ /* equiv idx, value */ 12, VALUE_OPT_HOST,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ LIST_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --list */
+ /* opt state flags */ HOST_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --host */
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ LIST_DESC, LIST_NAME, LIST_name,
+ /* desc, NAME, name */ HOST_DESC, HOST_NAME, HOST_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 11, VALUE_OPT_DELETE,
- /* equiv idx, value */ 11, VALUE_OPT_DELETE,
+ { /* entry idx, value */ 13, VALUE_OPT_PROTO,
+ /* equiv idx, value */ 13, VALUE_OPT_PROTO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ DELETE_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --delete */
+ /* opt state flags */ PROTO_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --proto */
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ DELETE_DESC, DELETE_NAME, DELETE_name,
+ /* desc, NAME, name */ PROTO_DESC, PROTO_NAME, PROTO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 12, VALUE_OPT_SEC_PARAM,
- /* equiv idx, value */ 12, VALUE_OPT_SEC_PARAM,
+ { /* entry idx, value */ 14, VALUE_OPT_PORT,
+ /* equiv idx, value */ 14, VALUE_OPT_PORT,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ SEC_PARAM_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --sec-param */
+ /* opt state flags */ PORT_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --port */
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
- /* option proc */ NULL,
- /* desc, NAME, name */ SEC_PARAM_DESC, SEC_PARAM_NAME, SEC_PARAM_name,
+ /* option proc */ optionNumericVal,
+ /* desc, NAME, name */ PORT_DESC, PORT_NAME, PORT_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 13, VALUE_OPT_BITS,
- /* equiv idx, value */ 13, VALUE_OPT_BITS,
+ { /* entry idx, value */ 15, VALUE_OPT_CA,
+ /* equiv idx, value */ 15, VALUE_OPT_CA,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ BITS_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --bits */
+ /* opt state flags */ CA_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --ca */
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
- /* option proc */ optionNumericVal,
- /* desc, NAME, name */ BITS_DESC, BITS_NAME, BITS_name,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ CA_DESC, CA_NAME, CA_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 14, VALUE_OPT_INDER,
- /* equiv idx, value */ 14, VALUE_OPT_INDER,
+ { /* entry idx, value */ 16, VALUE_OPT_X509,
+ /* equiv idx, value */ 16, VALUE_OPT_X509,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ INDER_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --inder */
+ /* opt state flags */ X509_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --x509 */
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ INDER_DESC, INDER_NAME, INDER_name,
- /* disablement strs */ NOT_INDER_name, NOT_INDER_PFX },
+ /* desc, NAME, name */ X509_DESC, X509_NAME, X509_name,
+ /* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 15, VALUE_OPT_OUTDER,
- /* equiv idx, value */ 15, VALUE_OPT_OUTDER,
+ { /* entry idx, value */ 17, VALUE_OPT_LOCAL,
+ /* equiv idx, value */ 17, VALUE_OPT_LOCAL,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
- /* opt state flags */ OUTDER_FLAGS, 0,
- /* last opt argumnt */ { NULL }, /* --outder */
+ /* opt state flags */ LOCAL_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --local */
/* arg list/cookie */ NULL,
/* must/cannot opts */ NULL, NULL,
/* option proc */ NULL,
- /* desc, NAME, name */ OUTDER_DESC, OUTDER_NAME, OUTDER_name,
- /* disablement strs */ NOT_OUTDER_name, NOT_OUTDER_PFX },
+ /* desc, NAME, name */ LOCAL_DESC, LOCAL_NAME, LOCAL_name,
+ /* disablement strs */ NULL, NULL },
{ /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
/* equiv idx value */ NO_EQUIVALENT, VALUE_OPT_VERSION,
@@ -587,16 +614,16 @@ static tOptDesc optDesc[OPTION_CT] = {
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
- * Define the tpmtool Option Environment
+ * Define the danetool Option Environment
*/
-#define zPROGNAME (tpmtool_opt_strs+1850)
-#define zUsageTitle (tpmtool_opt_strs+1858)
+#define zPROGNAME (danetool_opt_strs+1989)
+#define zUsageTitle (danetool_opt_strs+1998)
#define zRcName NULL
#define apzHomeList NULL
-#define zBugsAddr (tpmtool_opt_strs+1959)
-#define zExplain (tpmtool_opt_strs+1978)
-#define zDetail (tpmtool_opt_strs+1981)
-#define zFullVersion (tpmtool_opt_strs+2050)
+#define zBugsAddr (danetool_opt_strs+2101)
+#define zExplain (danetool_opt_strs+2120)
+#define zDetail (danetool_opt_strs+2123)
+#define zFullVersion (danetool_opt_strs+2183)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -608,9 +635,9 @@ static tOptDesc optDesc[OPTION_CT] = {
#endif /* ENABLE_NLS */
-#define tpmtool_full_usage (NULL)
+#define danetool_full_usage (NULL)
-#define tpmtool_short_usage (tpmtool_opt_strs+2068)
+#define danetool_short_usage (danetool_opt_strs+2202)
#endif /* not defined __doxygen__ */
@@ -627,7 +654,7 @@ static tOptDesc optDesc[OPTION_CT] = {
static void
doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc)
{
- optionUsage(&tpmtoolOptions, TPMTOOL_EXIT_SUCCESS);
+ optionUsage(&danetoolOptions, DANETOOL_EXIT_SUCCESS);
/* NOTREACHED */
(void)pOptDesc;
(void)pOptions;
@@ -637,7 +664,7 @@ doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc)
/**
* Code to handle the debug option.
*
- * @param pOptions the tpmtool options data structure
+ * @param pOptions the danetool options data structure
* @param pOptDesc the option descriptor for this option.
*/
static void
@@ -673,7 +700,7 @@ emit_ranges:
/**
* Code to handle the infile option.
*
- * @param pOptions the tpmtool options data structure
+ * @param pOptions the danetool options data structure
* @param pOptDesc the option descriptor for this option.
*/
static void
@@ -689,23 +716,55 @@ doOptInfile(tOptions* pOptions, tOptDesc* pOptDesc)
optionFileCheck(pOptions, pOptDesc, type, mode);
}
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/**
+ * Code to handle the inraw option.
+ *
+ * @param pOptions the danetool options data structure
+ * @param pOptDesc the option descriptor for this option.
+ */
+static void
+doOptInraw(tOptions* pOptions, tOptDesc* pOptDesc)
+{
+ int res = optionAlias(pOptions, pOptDesc, INDEX_OPT_INDER);
+ if ((res != 0) && ((pOptions->fOptSet & OPTPROC_ERRSTOP) != 0))
+ USAGE(DANETOOL_EXIT_FAILURE);
+
+}
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+/**
+ * Code to handle the outraw option.
+ *
+ * @param pOptions the danetool options data structure
+ * @param pOptDesc the option descriptor for this option.
+ */
+static void
+doOptOutraw(tOptions* pOptions, tOptDesc* pOptDesc)
+{
+ int res = optionAlias(pOptions, pOptDesc, INDEX_OPT_OUTDER);
+ if ((res != 0) && ((pOptions->fOptSet & OPTPROC_ERRSTOP) != 0))
+ USAGE(DANETOOL_EXIT_FAILURE);
+
+}
/* extracted from optmain.tlib near line 1113 */
/**
- * The directory containing the data associated with tpmtool.
+ * The directory containing the data associated with danetool.
*/
#ifndef PKGDATADIR
# define PKGDATADIR ""
#endif
/**
- * Information about the person or institution that packaged tpmtool
+ * Information about the person or institution that packaged danetool
* for the current distribution.
*/
#ifndef WITH_PACKAGER
-# define tpmtool_packager_info NULL
+# define danetool_packager_info NULL
#else
-static char const tpmtool_packager_info[] =
+static char const danetool_packager_info[] =
"Packaged by " WITH_PACKAGER
# ifdef WITH_PACKAGER_VERSION
@@ -713,7 +772,7 @@ static char const tpmtool_packager_info[] =
# endif
# ifdef WITH_PACKAGER_BUG_REPORTS
- "\nReport tpmtool bugs to " WITH_PACKAGER_BUG_REPORTS
+ "\nReport danetool bugs to " WITH_PACKAGER_BUG_REPORTS
# endif
"\n";
#endif
@@ -721,10 +780,10 @@ static char const tpmtool_packager_info[] =
#endif /* __doxygen__ */
/**
- * The option definitions for tpmtool. The one structure that
+ * The option definitions for danetool. The one structure that
* binds them all.
*/
-tOptions tpmtoolOptions = {
+tOptions danetoolOptions = {
OPTIONS_STRUCT_VERSION,
0, NULL, /* original argc + argv */
( OPTPROC_BASE
@@ -753,10 +812,10 @@ tOptions tpmtoolOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 19 /* full option count */, 16 /* user option count */,
- tpmtool_full_usage, tpmtool_short_usage,
+ 21 /* full option count */, 18 /* user option count */,
+ danetool_full_usage, danetool_short_usage,
NULL, NULL,
- PKGDATADIR, tpmtool_packager_info
+ PKGDATADIR, danetool_packager_info
};
#if ENABLE_NLS
@@ -790,7 +849,7 @@ AO_gettext(char const* pz)
pzRes = strdup(pzRes);
if (pzRes == NULL) {
fputs(_("No memory for duping translated strings\n"), stderr);
- exit(TPMTOOL_EXIT_FAILURE);
+ exit(DANETOOL_EXIT_FAILURE);
}
return pzRes;
}
@@ -799,13 +858,13 @@ static void coerce_it(void** s) { *s = AO_gettext(*s);
}
/**
- * Translate all the translatable strings in the tpmtoolOptions
+ * Translate all the translatable strings in the danetoolOptions
* structure defined above. This is done only once.
*/
static void
translate_option_strings(void)
{
- tOptions * const pOpt = &tpmtoolOptions;
+ tOptions * const pOpt = &danetoolOptions;
/*
* Guard against re-translation. It won't work. The strings will have
@@ -849,7 +908,7 @@ translate_option_strings(void)
coerce_it((void*)&(pOD->pz_DisablePfx));
}
/* prevent re-translation */
- tpmtoolOptions.fOptSet |= OPTPROC_NXLAT_OPT_CFG | OPTPROC_NXLAT_OPT;
+ danetoolOptions.fOptSet |= OPTPROC_NXLAT_OPT_CFG | OPTPROC_NXLAT_OPT;
}
}
@@ -858,4 +917,4 @@ translate_option_strings(void)
#ifdef __cplusplus
}
#endif
-/* tpmtool-args.c ends here */
+/* danetool-args.c ends here */
diff --git a/src/danetool-args.def b/src/danetool-args.def
new file mode 100644
index 0000000..0e8f74f
--- /dev/null
+++ b/src/danetool-args.def
@@ -0,0 +1,150 @@
+AutoGen Definitions options;
+prog-name = danetool;
+prog-title = "GnuTLS DANE tool";
+prog-desc = "Generate DANE TLSA RR entries.";
+detail = "Tool generate DNS resource records for the DANE protocol.";
+short-usage = "danetool [options] [url]\ndanetool --help for usage
instructions.\n";
+explain = "";
+
+#define INFILE_OPT 1
+#define OUTFILE_OPT 1
+#define VERBOSE_OPT 1
+#include args-std.def
+
+flag = {
+ name = load-pubkey;
+ descrip = "Loads a public key file";
+ arg-type = string;
+ doc = "This can be either a file or a PKCS #11 URL";
+};
+
+flag = {
+ name = load-certificate;
+ descrip = "Loads a certificate file";
+ arg-type = string;
+ doc = "This can be either a file or a PKCS #11 URL";
+};
+
+flag = {
+ name = hash;
+ arg-type = string;
+ descrip = "Hash algorithm to use for signing.";
+ doc = "Available hash functions are SHA1, RMD160, SHA256, SHA384, SHA512.";
+};
+
+flag = {
+ name = inder;
+ descrip = "Use DER format for input certificates and private keys.";
+ disabled;
+ disable = "no";
+ doc = "The input files will be assumed to be in DER or RAW format.
+Unlike options that in PEM input would allow multiple input data (e.g.
multiple
+certificates), when reading in DER format a single data structure is read.";
+};
+
+flag = {
+ name = inraw;
+ aliases = inder;
+};
+
+flag = {
+ name = outder;
+ descrip = "Use DER format for output certificates and private keys";
+ disabled;
+ disable = "no";
+ doc = "The output will be in DER or RAW format.";
+};
+
+flag = {
+ name = outraw;
+ aliases = outder;
+};
+
+flag = {
+ name = tlsa-rr;
+ descrip = "Print the DANE RR data on a certificate or public key";
+ flags_must = host;
+ doc = "This command prints the DANE RR data needed to enable DANE on a DNS
server.";
+};
+
+flag = {
+ name = host;
+ descrip = "Specify the hostname to be used in the DANE RR";
+ arg-type = string;
+ arg-name = "Hostname";
+ doc = "This command sets the hostname for the DANE RR.";
+};
+
+flag = {
+ name = proto;
+ descrip = "The protocol set for DANE data (tcp, udp etc.)";
+ arg-type = string;
+ arg-name = "Protocol";
+ doc = "This command specifies the protocol for the service set in the DANE
data.";
+};
+
+flag = {
+ name = port;
+ arg-type = number;
+ descrip = "Specify the port number for the DANE data.";
+ default-value = 443;
+ doc = "";
+};
+
+flag = {
+ name = ca;
+ descrip = "Whether the provided certificate or public key is a
Certificate authority.";
+ doc = "Marks the DANE RR as a CA certificate if specified.";
+};
+
+flag = {
+ name = x509;
+ descrip = "Use the hash of the X.509 certificate, rather than the public
key.";
+ doc = "This option forces the generated record to contain the hash of
the full X.509 certificate. By default only the hash of the public key is
used.";
+};
+
+flag = {
+ name = local;
+ descrip = "The provided certificate or public key is a local entity.";
+ doc = "DANE distinguishes certificates and public keys offered via
the DNSSEC to trusted and local entities. Use this flag if this is a local (and
possibly unsigned) entity.";
+};
+
+doc-section = {
+ ds-type = 'SEE ALSO';
+ ds-format = 'texi';
+ ds-text = <<-_EOT_
+ p11tool (1)
+_EOT_;
+};
+
+doc-section = {
+ ds-type = 'EXAMPLES';
+ ds-format = 'texi';
+ ds-text = <<-_EOT_
address@hidden DANE TLSA RR generation
+
+To create a DANE TLSA resource record for a CA signed certificate use the
following commands.
+
address@hidden
+$ certtool --tlsa-rr --host www.example.com --load-certificate cert.pem
address@hidden example
+
+For a self signed certificate use:
address@hidden
+$ certtool --tlsa-rr --host www.example.com --load-certificate cert.pem \
+ --local
address@hidden example
+
+The latter is useful to add in your DNS entry even if your certificate is
signed
+by a CA. That way even users who do not trust your CA will be able to verify
your
+certificate using DANE.
+
+In order to create a record for the signer of your certificate use:
address@hidden
+$ certtool --tlsa-rr --host www.example.com --load-certificate cert.pem \
+ --ca
address@hidden example
+_EOT_;
+};
+
+
diff --git a/src/ocsptool-args.h b/src/danetool-args.h
similarity index 63%
copy from src/ocsptool-args.h
copy to src/danetool-args.h
index 0367f1b..cb4ad97 100644
--- a/src/ocsptool-args.h
+++ b/src/danetool-args.h
@@ -1,22 +1,22 @@
/* -*- buffer-read-only: t -*- vi: set ro:
*
- * DO NOT EDIT THIS FILE (ocsptool-args.h)
+ * DO NOT EDIT THIS FILE (danetool-args.h)
*
- * It has been AutoGen-ed May 9, 2012 at 08:04:44 PM by AutoGen 5.16
- * From the definitions ocsptool-args.def
+ * It has been AutoGen-ed October 12, 2012 at 09:16:57 AM by AutoGen 5.16
+ * From the definitions danetool-args.def
* and the template file options
*
* Generated from AutoOpts 36:4:11 templates.
*
* AutoOpts is a copyrighted work. This header file is not encumbered
* by AutoOpts licensing, but is provided under the licensing terms chosen
- * by the ocsptool author or copyright holder. AutoOpts is
+ * by the danetool author or copyright holder. AutoOpts is
* licensed under the terms of the LGPL. The redistributable library
* (``libopts'') is licensed under the terms of either the LGPL or, at the
* users discretion, the BSD license. See the AutoOpts and/or libopts sources
* for details.
*
- * The ocsptool program is copyrighted and licensed
+ * The danetool program is copyrighted and licensed
* under the following terms:
*
* Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.
@@ -25,12 +25,12 @@
* GNU General Public License, version 3 or later
* <http://gnu.org/licenses/gpl.html>
*
- * ocsptool is free software: you can redistribute it and/or modify it
+ * danetool is free software: you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
- * ocsptool is distributed in the hope that it will be useful, but
+ * danetool is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
@@ -40,12 +40,12 @@
*/
/*
* This file contains the programmatic interface to the Automated
- * Options generated for the ocsptool program.
+ * Options generated for the danetool program.
* These macros are documented in the AutoGen info file in the
* "AutoOpts" chapter. Please refer to that doc for usage help.
*/
-#ifndef AUTOOPTS_OCSPTOOL_ARGS_H_GUARD
-#define AUTOOPTS_OCSPTOOL_ARGS_H_GUARD 1
+#ifndef AUTOOPTS_DANETOOL_ARGS_H_GUARD
+#define AUTOOPTS_DANETOOL_ARGS_H_GUARD 1
#include "config.h"
#include <autoopts/options.h>
@@ -71,34 +71,35 @@ typedef enum {
INDEX_OPT_VERBOSE = 1,
INDEX_OPT_INFILE = 2,
INDEX_OPT_OUTFILE = 3,
- INDEX_OPT_ASK = 4,
- INDEX_OPT_VERIFY_RESPONSE = 5,
- INDEX_OPT_REQUEST_INFO = 6,
- INDEX_OPT_RESPONSE_INFO = 7,
- INDEX_OPT_GENERATE_REQUEST = 8,
- INDEX_OPT_NONCE = 9,
- INDEX_OPT_LOAD_ISSUER = 10,
- INDEX_OPT_LOAD_CERT = 11,
- INDEX_OPT_LOAD_TRUST = 12,
- INDEX_OPT_LOAD_SIGNER = 13,
- INDEX_OPT_INDER = 14,
- INDEX_OPT_LOAD_REQUEST = 15,
- INDEX_OPT_LOAD_RESPONSE = 16,
- INDEX_OPT_VERSION = 17,
- INDEX_OPT_HELP = 18,
- INDEX_OPT_MORE_HELP = 19
+ INDEX_OPT_LOAD_PUBKEY = 4,
+ INDEX_OPT_LOAD_CERTIFICATE = 5,
+ INDEX_OPT_HASH = 6,
+ INDEX_OPT_INDER = 7,
+ INDEX_OPT_INRAW = 8,
+ INDEX_OPT_OUTDER = 9,
+ INDEX_OPT_OUTRAW = 10,
+ INDEX_OPT_TLSA_RR = 11,
+ INDEX_OPT_HOST = 12,
+ INDEX_OPT_PROTO = 13,
+ INDEX_OPT_PORT = 14,
+ INDEX_OPT_CA = 15,
+ INDEX_OPT_X509 = 16,
+ INDEX_OPT_LOCAL = 17,
+ INDEX_OPT_VERSION = 18,
+ INDEX_OPT_HELP = 19,
+ INDEX_OPT_MORE_HELP = 20
} teOptIndex;
-#define OPTION_CT 20
-#define OCSPTOOL_VERSION "@VERSION@"
-#define OCSPTOOL_FULL_VERSION "ocsptool @VERSION@"
+#define OPTION_CT 21
+#define DANETOOL_VERSION "@VERSION@"
+#define DANETOOL_FULL_VERSION "danetool @VERSION@"
/*
* Interface defines for all options. Replace "n" with the UPPER_CASED
* option name (as in the teOptIndex enumeration above).
* e.g. HAVE_OPT(DEBUG)
*/
-#define DESC(n) (ocsptoolOptions.pOptDesc[INDEX_OPT_## n])
+#define DESC(n) (danetoolOptions.pOptDesc[INDEX_OPT_## n])
#define HAVE_OPT(n) (! UNUSED_OPT(& DESC(n)))
#define OPT_ARG(n) (DESC(n).optArg.argString)
#define STATE_OPT(n) (DESC(n).fOptState & OPTST_SET_MASK)
@@ -116,13 +117,13 @@ typedef enum {
/* * * * * *
*
- * Enumeration of ocsptool exit codes
+ * Enumeration of danetool exit codes
*/
typedef enum {
- OCSPTOOL_EXIT_SUCCESS = 0,
- OCSPTOOL_EXIT_FAILURE = 1,
- OCSPTOOL_EXIT_LIBOPTS_FAILURE = 70
-} ocsptool_exit_code_t;
+ DANETOOL_EXIT_SUCCESS = 0,
+ DANETOOL_EXIT_FAILURE = 1,
+ DANETOOL_EXIT_LIBOPTS_FAILURE = 70
+} danetool_exit_code_t;
/* * * * * *
*
* Interface defines for specific options.
@@ -133,32 +134,35 @@ typedef enum {
#define VALUE_OPT_VERBOSE 'V'
#define VALUE_OPT_INFILE 2
#define VALUE_OPT_OUTFILE 3
-#define VALUE_OPT_ASK 4
-#define VALUE_OPT_VERIFY_RESPONSE 'e'
-#define VALUE_OPT_REQUEST_INFO 'i'
-#define VALUE_OPT_RESPONSE_INFO 'j'
-#define VALUE_OPT_GENERATE_REQUEST 'q'
-#define VALUE_OPT_NONCE 9
-#define VALUE_OPT_LOAD_ISSUER 10
-#define VALUE_OPT_LOAD_CERT 11
-#define VALUE_OPT_LOAD_TRUST 12
-#define VALUE_OPT_LOAD_SIGNER 13
-#define VALUE_OPT_INDER 14
-#define VALUE_OPT_LOAD_REQUEST 'Q'
-#define VALUE_OPT_LOAD_RESPONSE 'S'
+#define VALUE_OPT_LOAD_PUBKEY 4
+#define VALUE_OPT_LOAD_CERTIFICATE 5
+#define VALUE_OPT_HASH 6
+#define VALUE_OPT_INDER 7
+#define VALUE_OPT_INRAW 8
+#define VALUE_OPT_OUTDER 9
+#define VALUE_OPT_OUTRAW 10
+#define VALUE_OPT_TLSA_RR 11
+#define VALUE_OPT_HOST 12
+#define VALUE_OPT_PROTO 13
+#define VALUE_OPT_PORT 14
+
+#define OPT_VALUE_PORT (DESC(PORT).optArg.argInt)
+#define VALUE_OPT_CA 15
+#define VALUE_OPT_X509 16
+#define VALUE_OPT_LOCAL 17
#define VALUE_OPT_HELP 'h'
#define VALUE_OPT_MORE_HELP '!'
#define VALUE_OPT_VERSION 'v'
/*
* Interface defines not associated with particular options
*/
-#define ERRSKIP_OPTERR STMTS(ocsptoolOptions.fOptSet &= ~OPTPROC_ERRSTOP)
-#define ERRSTOP_OPTERR STMTS(ocsptoolOptions.fOptSet |= OPTPROC_ERRSTOP)
+#define ERRSKIP_OPTERR STMTS(danetoolOptions.fOptSet &= ~OPTPROC_ERRSTOP)
+#define ERRSTOP_OPTERR STMTS(danetoolOptions.fOptSet |= OPTPROC_ERRSTOP)
#define RESTART_OPT(n) STMTS( \
- ocsptoolOptions.curOptIdx = (n); \
- ocsptoolOptions.pzCurOpt = NULL)
+ danetoolOptions.curOptIdx = (n); \
+ danetoolOptions.pzCurOpt = NULL)
#define START_OPT RESTART_OPT(1)
-#define USAGE(c) (*ocsptoolOptions.pUsageProc)(&ocsptoolOptions, c)
+#define USAGE(c) (*danetoolOptions.pUsageProc)(&danetoolOptions, c)
/* extracted from opthead.tlib near line 484 */
#ifdef __cplusplus
@@ -172,9 +176,9 @@ extern "C" {
/* * * * * *
*
- * Declare the ocsptool option descriptor.
+ * Declare the danetool option descriptor.
*/
-extern tOptions ocsptoolOptions;
+extern tOptions danetoolOptions;
#if defined(ENABLE_NLS)
# ifndef _
@@ -186,14 +190,14 @@ static inline char* aoGetsText(char const* pz) {
# define _(s) aoGetsText(s)
# endif /* _() */
-# define OPT_NO_XLAT_CFG_NAMES STMTS(ocsptoolOptions.fOptSet |= \
+# define OPT_NO_XLAT_CFG_NAMES STMTS(danetoolOptions.fOptSet |= \
OPTPROC_NXLAT_OPT_CFG;)
-# define OPT_NO_XLAT_OPT_NAMES STMTS(ocsptoolOptions.fOptSet |= \
+# define OPT_NO_XLAT_OPT_NAMES STMTS(danetoolOptions.fOptSet |= \
OPTPROC_NXLAT_OPT|OPTPROC_NXLAT_OPT_CFG;)
-# define OPT_XLAT_CFG_NAMES STMTS(ocsptoolOptions.fOptSet &= \
+# define OPT_XLAT_CFG_NAMES STMTS(danetoolOptions.fOptSet &= \
~(OPTPROC_NXLAT_OPT|OPTPROC_NXLAT_OPT_CFG);)
-# define OPT_XLAT_OPT_NAMES STMTS(ocsptoolOptions.fOptSet &= \
+# define OPT_XLAT_OPT_NAMES STMTS(danetoolOptions.fOptSet &= \
~OPTPROC_NXLAT_OPT;)
#else /* ENABLE_NLS */
@@ -211,5 +215,5 @@ static inline char* aoGetsText(char const* pz) {
#ifdef __cplusplus
}
#endif
-#endif /* AUTOOPTS_OCSPTOOL_ARGS_H_GUARD */
-/* ocsptool-args.h ends here */
+#endif /* AUTOOPTS_DANETOOL_ARGS_H_GUARD */
+/* danetool-args.h ends here */
diff --git a/src/danetool.c b/src/danetool.c
new file mode 100644
index 0000000..52fd032
--- /dev/null
+++ b/src/danetool.c
@@ -0,0 +1,288 @@
+/*
+ * Copyright (C) 2003-2012 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/openpgp.h>
+#include <gnutls/pkcs12.h>
+#include <gnutls/pkcs11.h>
+#include <gnutls/abstract.h>
+#include <gnutls/crypto.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <time.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <error.h>
+
+/* Gnulib portability files. */
+#include <read-file.h>
+#include <progname.h>
+#include <version-etc.h>
+
+#include <common.h>
+#include "danetool-args.h"
+#include "certtool-common.h"
+
+static void cmd_parser (int argc, char **argv);
+static void dane_info(const char* host, const char* proto, unsigned int port,
+ unsigned int ca, unsigned int local, common_info_st *
cinfo);
+
+FILE *outfile;
+FILE *infile;
+static gnutls_digest_algorithm_t default_dig;
+static unsigned int incert_format, outcert_format;
+
+/* non interactive operation if set
+ */
+int batch;
+
+
+static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
+int
+main (int argc, char **argv)
+{
+ set_program_name (argv[0]);
+ cmd_parser (argc, argv);
+
+ return 0;
+}
+
+
+static void
+cmd_parser (int argc, char **argv)
+{
+ int ret, privkey_op = 0;
+ common_info_st cinfo;
+
+ optionProcess( &danetoolOptions, argc, argv);
+
+ if (HAVE_OPT(OUTFILE))
+ {
+ outfile = safe_open_rw (OPT_ARG(OUTFILE), privkey_op);
+ if (outfile == NULL)
+ error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
+ }
+ else
+ outfile = stdout;
+
+ if (HAVE_OPT(INFILE))
+ {
+ infile = fopen (OPT_ARG(INFILE), "rb");
+ if (infile == NULL)
+ error (EXIT_FAILURE, errno, "%s", OPT_ARG(INFILE));
+ }
+ else
+ infile = stdin;
+
+ if (HAVE_OPT(INDER) || HAVE_OPT(INRAW))
+ incert_format = GNUTLS_X509_FMT_DER;
+ else
+ incert_format = GNUTLS_X509_FMT_PEM;
+
+ if (HAVE_OPT(OUTDER) || HAVE_OPT(OUTRAW))
+ outcert_format = GNUTLS_X509_FMT_DER;
+ else
+ outcert_format = GNUTLS_X509_FMT_PEM;
+
+ default_dig = GNUTLS_DIG_UNKNOWN;
+ if (HAVE_OPT(HASH))
+ {
+ if (strcasecmp (OPT_ARG(HASH), "md5") == 0)
+ {
+ fprintf (stderr,
+ "Warning: MD5 is broken, and should not be used any more
for digital signatures.\n");
+ default_dig = GNUTLS_DIG_MD5;
+ }
+ else if (strcasecmp (OPT_ARG(HASH), "sha1") == 0)
+ default_dig = GNUTLS_DIG_SHA1;
+ else if (strcasecmp (OPT_ARG(HASH), "sha256") == 0)
+ default_dig = GNUTLS_DIG_SHA256;
+ else if (strcasecmp (OPT_ARG(HASH), "sha224") == 0)
+ default_dig = GNUTLS_DIG_SHA224;
+ else if (strcasecmp (OPT_ARG(HASH), "sha384") == 0)
+ default_dig = GNUTLS_DIG_SHA384;
+ else if (strcasecmp (OPT_ARG(HASH), "sha512") == 0)
+ default_dig = GNUTLS_DIG_SHA512;
+ else if (strcasecmp (OPT_ARG(HASH), "rmd160") == 0)
+ default_dig = GNUTLS_DIG_RMD160;
+ else
+ error (EXIT_FAILURE, 0, "invalid hash: %s", OPT_ARG(HASH));
+ }
+
+ gnutls_global_set_log_function (tls_log_func);
+
+ if (HAVE_OPT(DEBUG))
+ {
+ gnutls_global_set_log_level (OPT_VALUE_DEBUG);
+ printf ("Setting log level to %d\n", (int)OPT_VALUE_DEBUG);
+ }
+
+ if ((ret = gnutls_global_init ()) < 0)
+ error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
+
+#ifdef ENABLE_PKCS11
+ pkcs11_common();
+#endif
+
+ memset (&cinfo, 0, sizeof (cinfo));
+
+ if (HAVE_OPT(VERBOSE))
+ cinfo.verbose = 1;
+
+ if (HAVE_OPT(LOAD_PUBKEY))
+ cinfo.pubkey = OPT_ARG(LOAD_PUBKEY);
+
+ if (HAVE_OPT(LOAD_CERTIFICATE))
+ cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
+
+ if (HAVE_OPT(TLSA_RR))
+ dane_info (OPT_ARG(HOST), OPT_ARG(PROTO), OPT_VALUE_PORT,
+ HAVE_OPT(CA), HAVE_OPT(LOCAL), &cinfo);
+ else
+ USAGE(1);
+
+ fclose (outfile);
+
+#ifdef ENABLE_PKCS11
+ gnutls_pkcs11_deinit ();
+#endif
+ gnutls_global_deinit ();
+}
+
+static void dane_info(const char* host, const char* proto, unsigned int port,
+ unsigned int ca, unsigned int local, common_info_st *
cinfo)
+{
+ gnutls_pubkey_t pubkey;
+ gnutls_x509_crt_t crt;
+ unsigned char digest[64];
+ gnutls_datum_t t;
+ int ret;
+ unsigned int usage, selector, type;
+ size_t size;
+
+ if (proto == NULL)
+ proto = "tcp";
+ if (port == 0)
+ port = 443;
+
+ crt = load_cert (0, cinfo);
+ if (crt != NULL && HAVE_OPT(X509))
+ {
+ selector = 0; /* X.509 */
+
+ size = buffer_size;
+ ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, buffer, &size);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+
+ gnutls_x509_crt_deinit (crt);
+ }
+ else /* use public key only */
+ {
+ selector = 1;
+
+ ret = gnutls_pubkey_init (&pubkey);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret));
+
+ if (crt != NULL)
+ {
+
+ ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
+ if (ret < 0)
+ {
+ error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
+ gnutls_strerror (ret));
+ }
+
+ size = buffer_size;
+ ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer,
&size);
+ if (ret < 0)
+ {
+ error (EXIT_FAILURE, 0, "pubkey_export: %s",
+ gnutls_strerror (ret));
+ }
+
+ gnutls_x509_crt_deinit(crt);
+ }
+ else
+ {
+ pubkey = load_pubkey (1, cinfo);
+
+ size = buffer_size;
+ ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer,
&size);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+ }
+
+ gnutls_pubkey_deinit (pubkey);
+ }
+
+ if (default_dig != GNUTLS_DIG_SHA256 && default_dig != GNUTLS_DIG_SHA512)
+ {
+ if (default_dig != GNUTLS_DIG_UNKNOWN) fprintf(stderr, "Unsupported
digest. Assuming SHA256.\n");
+ default_dig = GNUTLS_DIG_SHA256;
+ }
+
+ ret = gnutls_hash_fast(default_dig, buffer, size, digest);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "hash error: %s", gnutls_strerror (ret));
+
+ if (default_dig == GNUTLS_DIG_SHA256)
+ type = 1;
+ else type = 2;
+
+ /* DANE certificate classification crap */
+ if (local==0)
+ {
+ if (ca) usage = 0;
+ else usage = 1;
+ }
+ else
+ {
+ if (ca) usage = 2;
+ else usage = 3;
+ }
+
+ t.data = digest;
+ t.size = gnutls_hash_get_len(default_dig);
+
+ size = buffer_size;
+ ret = gnutls_hex_encode(&t, (void*)buffer, &size);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "hex encode error: %s", gnutls_strerror (ret));
+
+ fprintf(outfile, "_%u._%s.%s. IN TLSA ( %.2x %.2x %.2x %s )\n", port, proto,
host, usage, selector, type, buffer);
+
+}
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-80-g8d222b5,
Nikos Mavrogiannopoulos <=