|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2007-2016 Free Software Foundation, Inc.
|
|
Packit Service |
4684c1 |
* Copyright (C) 2015-2017 Red Hat, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Author: Simon Josefsson, Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
4684c1 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
4684c1 |
* the License, or (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* Lesser General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Functions for printing X.509 Certificate structures
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include "gnutls_int.h"
|
|
Packit Service |
4684c1 |
#include <common.h>
|
|
Packit Service |
4684c1 |
#include <x509.h>
|
|
Packit Service |
4684c1 |
#include <x509_int.h>
|
|
Packit Service |
4684c1 |
#include <num.h>
|
|
Packit Service |
4684c1 |
#include "errors.h"
|
|
Packit Service |
4684c1 |
#include "hello_ext.h"
|
|
Packit Service |
4684c1 |
#include "ip.h"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define addf _gnutls_buffer_append_printf
|
|
Packit Service |
4684c1 |
#define adds _gnutls_buffer_append_str
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define NON_NULL(x) (((x)!=NULL)?((char*)(x)):"")
|
|
Packit Service |
4684c1 |
#define ERROR_STR (char*) "(error)"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_idn_name(gnutls_buffer_st *str, const char *prefix, const char *type, gnutls_datum_t *name)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned printable = 1;
|
|
Packit Service |
4684c1 |
unsigned is_printed = 0;
|
|
Packit Service |
4684c1 |
gnutls_datum_t out = {NULL, 0};
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (!_gnutls_str_is_print((char*)name->data, name->size))
|
|
Packit Service |
4684c1 |
printable = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
is_printed = 0;
|
|
Packit Service |
4684c1 |
if (!printable) {
|
|
Packit Service |
4684c1 |
addf(str, _("%s%s: %.*s (contains illegal chars)\n"), prefix, type, name->size, NON_NULL(name->data));
|
|
Packit Service |
4684c1 |
is_printed = 1;
|
|
Packit Service |
4684c1 |
} else if (name->data != NULL) {
|
|
Packit Service |
4684c1 |
if (strstr((char*)name->data, "xn--") != NULL) {
|
|
Packit Service |
4684c1 |
ret = gnutls_idna_reverse_map((char*)name->data, name->size, &out, 0);
|
|
Packit Service |
4684c1 |
if (ret >= 0) {
|
|
Packit Service |
4684c1 |
addf(str, _("%s%s: %.*s (%s)\n"), prefix, type, name->size, NON_NULL(name->data), out.data);
|
|
Packit Service |
4684c1 |
is_printed = 1;
|
|
Packit Service |
4684c1 |
gnutls_free(out.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (is_printed == 0) {
|
|
Packit Service |
4684c1 |
addf(str, _("%s%s: %.*s\n"), prefix, type, name->size, NON_NULL(name->data));
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_idn_email(gnutls_buffer_st *str, const char *prefix, const char *type, gnutls_datum_t *name)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned printable = 1;
|
|
Packit Service |
4684c1 |
unsigned is_printed = 0;
|
|
Packit Service |
4684c1 |
gnutls_datum_t out = {NULL, 0};
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (!_gnutls_str_is_print((char*)name->data, name->size))
|
|
Packit Service |
4684c1 |
printable = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
is_printed = 0;
|
|
Packit Service |
4684c1 |
if (!printable) {
|
|
Packit Service |
4684c1 |
addf(str, _("%s%s: %.*s (contains illegal chars)\n"), prefix, type, name->size, NON_NULL(name->data));
|
|
Packit Service |
4684c1 |
is_printed = 1;
|
|
Packit Service |
4684c1 |
} else if (name->data != NULL) {
|
|
Packit Service |
4684c1 |
if (strstr((char*)name->data, "xn--") != NULL) {
|
|
Packit Service |
4684c1 |
ret = _gnutls_idna_email_reverse_map((char*)name->data, name->size, &out;;
|
|
Packit Service |
4684c1 |
if (ret >= 0) {
|
|
Packit Service |
4684c1 |
addf(str, _("%s%s: %.*s (%s)\n"), prefix, type, name->size, NON_NULL(name->data), out.data);
|
|
Packit Service |
4684c1 |
is_printed = 1;
|
|
Packit Service |
4684c1 |
gnutls_free(out.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (is_printed == 0) {
|
|
Packit Service |
4684c1 |
addf(str, _("%s%s: %.*s\n"), prefix, type, name->size, NON_NULL(name->data));
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_name(gnutls_buffer_st *str, const char *prefix, unsigned type, gnutls_datum_t *name, unsigned ip_is_cidr)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char *sname = (char*)name->data;
|
|
Packit Service |
4684c1 |
char str_ip[64];
|
|
Packit Service |
4684c1 |
const char *p;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_OTHERNAME_XMPP
|
|
Packit Service |
4684c1 |
|| type == GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL
|
|
Packit Service |
4684c1 |
|| type == GNUTLS_SAN_RFC822NAME
|
|
Packit Service |
4684c1 |
|| type == GNUTLS_SAN_URI) && sname != NULL && strlen(sname) != name->size) {
|
|
Packit Service |
4684c1 |
adds(str,
|
|
Packit Service |
4684c1 |
_("warning: SAN contains an embedded NUL, "
|
|
Packit Service |
4684c1 |
"replacing with '!'\n"));
|
|
Packit Service |
4684c1 |
while (strlen(sname) < name->size)
|
|
Packit Service |
4684c1 |
name->data[strlen(sname)] = '!';
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
switch (type) {
|
|
Packit Service |
4684c1 |
case GNUTLS_SAN_DNSNAME:
|
|
Packit Service |
4684c1 |
print_idn_name(str, prefix, "DNSname", name);
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
case GNUTLS_SAN_RFC822NAME:
|
|
Packit Service |
4684c1 |
print_idn_email(str, prefix, "RFC822Name", name);
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
case GNUTLS_SAN_URI:
|
|
Packit Service |
4684c1 |
addf(str, _("%sURI: %.*s\n"), prefix, name->size, NON_NULL(name->data));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
case GNUTLS_SAN_IPADDRESS:
|
|
Packit Service |
4684c1 |
if (!ip_is_cidr)
|
|
Packit Service |
4684c1 |
p = _gnutls_ip_to_string(name->data, name->size, str_ip, sizeof(str_ip));
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
p = _gnutls_cidr_to_string(name->data, name->size, str_ip, sizeof(str_ip));
|
|
Packit Service |
4684c1 |
if (p == NULL)
|
|
Packit Service |
4684c1 |
p = ERROR_STR;
|
|
Packit Service |
4684c1 |
addf(str, "%sIPAddress: %s\n", prefix, p);
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
case GNUTLS_SAN_DN:
|
|
Packit Service |
4684c1 |
addf(str, _("%sdirectoryName: %.*s\n"), prefix, name->size, NON_NULL(name->data));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
case GNUTLS_SAN_REGISTERED_ID:
|
|
Packit Service |
4684c1 |
addf(str, _("%sRegistered ID: %.*s\n"), prefix, name->size, NON_NULL(name->data));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
case GNUTLS_SAN_OTHERNAME_XMPP:
|
|
Packit Service |
4684c1 |
addf(str, _("%sXMPP Address: %.*s\n"), prefix, name->size, NON_NULL(name->data));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
case GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL:
|
|
Packit Service |
4684c1 |
addf(str, _("%sKRB5Principal: %.*s\n"), prefix, name->size, NON_NULL(name->data));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
default:
|
|
Packit Service |
4684c1 |
addf(str, _("%sUnknown name: "), prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, name->data, name->size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static char *get_pk_name(gnutls_x509_crt_t cert, unsigned *bits)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char oid[MAX_OID_SIZE];
|
|
Packit Service |
4684c1 |
size_t oid_size;
|
|
Packit Service |
4684c1 |
oid_size = sizeof(oid);
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crt_get_pk_algorithm(cert, bits);
|
|
Packit Service |
4684c1 |
if (ret > 0) {
|
|
Packit Service |
4684c1 |
const char *name = gnutls_pk_algorithm_get_name(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (name != NULL)
|
|
Packit Service |
4684c1 |
return gnutls_strdup(name);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crt_get_pk_oid(cert, oid, &oid_size);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return NULL;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return gnutls_strdup(oid);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static char *crq_get_pk_name(gnutls_x509_crq_t crq)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char oid[MAX_OID_SIZE];
|
|
Packit Service |
4684c1 |
size_t oid_size;
|
|
Packit Service |
4684c1 |
oid_size = sizeof(oid);
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crq_get_pk_algorithm(crq, NULL);
|
|
Packit Service |
4684c1 |
if (ret > 0) {
|
|
Packit Service |
4684c1 |
const char *name = gnutls_pk_algorithm_get_name(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (name != NULL)
|
|
Packit Service |
4684c1 |
return gnutls_strdup(name);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crq_get_pk_oid(crq, oid, &oid_size);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return NULL;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return gnutls_strdup(oid);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static char *get_sign_name(gnutls_x509_crt_t cert, int *algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char oid[MAX_OID_SIZE];
|
|
Packit Service |
4684c1 |
size_t oid_size;
|
|
Packit Service |
4684c1 |
oid_size = sizeof(oid);
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
*algo = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crt_get_signature_algorithm(cert);
|
|
Packit Service |
4684c1 |
if (ret > 0) {
|
|
Packit Service |
4684c1 |
const char *name = gnutls_sign_get_name(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
*algo = ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (name != NULL)
|
|
Packit Service |
4684c1 |
return gnutls_strdup(name);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crt_get_signature_oid(cert, oid, &oid_size);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return NULL;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return gnutls_strdup(oid);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static char *crq_get_sign_name(gnutls_x509_crq_t crq)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char oid[MAX_OID_SIZE];
|
|
Packit Service |
4684c1 |
size_t oid_size;
|
|
Packit Service |
4684c1 |
oid_size = sizeof(oid);
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crq_get_signature_algorithm(crq);
|
|
Packit Service |
4684c1 |
if (ret > 0) {
|
|
Packit Service |
4684c1 |
const char *name = gnutls_sign_get_name(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (name != NULL)
|
|
Packit Service |
4684c1 |
return gnutls_strdup(name);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crq_get_signature_oid(crq, oid, &oid_size);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return NULL;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return gnutls_strdup(oid);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static char *crl_get_sign_name(gnutls_x509_crl_t crl, int *algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char oid[MAX_OID_SIZE];
|
|
Packit Service |
4684c1 |
size_t oid_size;
|
|
Packit Service |
4684c1 |
oid_size = sizeof(oid);
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
*algo = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crl_get_signature_algorithm(crl);
|
|
Packit Service |
4684c1 |
if (ret > 0) {
|
|
Packit Service |
4684c1 |
const char *name = gnutls_sign_get_name(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
*algo = ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (name != NULL)
|
|
Packit Service |
4684c1 |
return gnutls_strdup(name);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crl_get_signature_oid(crl, oid, &oid_size);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return NULL;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return gnutls_strdup(oid);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_proxy(gnutls_buffer_st * str, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int pathlen;
|
|
Packit Service |
4684c1 |
char *policyLanguage;
|
|
Packit Service |
4684c1 |
char *policy;
|
|
Packit Service |
4684c1 |
size_t npolicy;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_proxy(der, &pathlen, &policyLanguage,
|
|
Packit Service |
4684c1 |
&policy, &npolicy);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_proxy: %s\n", gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (pathlen >= 0)
|
|
Packit Service |
4684c1 |
addf(str, _("\t\t\tPath Length Constraint: %d\n"),
|
|
Packit Service |
4684c1 |
pathlen);
|
|
Packit Service |
4684c1 |
addf(str, _("\t\t\tPolicy Language: %s"), policyLanguage);
|
|
Packit Service |
4684c1 |
if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
|
|
Packit Service |
4684c1 |
adds(str, " (id-ppl-inheritALL)\n");
|
|
Packit Service |
4684c1 |
else if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
|
|
Packit Service |
4684c1 |
adds(str, " (id-ppl-independent)\n");
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
if (npolicy) {
|
|
Packit Service |
4684c1 |
adds(str, _("\t\t\tPolicy:\n\t\t\t\tASCII: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_asciiprint(str, policy, npolicy);
|
|
Packit Service |
4684c1 |
adds(str, _("\n\t\t\t\tHexdump: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, policy, npolicy);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
gnutls_free(policy);
|
|
Packit Service |
4684c1 |
gnutls_free(policyLanguage);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_nc(gnutls_buffer_st * str, const char* prefix, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_x509_name_constraints_t nc;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
unsigned idx = 0;
|
|
Packit Service |
4684c1 |
gnutls_datum_t name;
|
|
Packit Service |
4684c1 |
unsigned type;
|
|
Packit Service |
4684c1 |
char new_prefix[16];
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_name_constraints_init(&nc);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_ext_import_name_constraints(der, nc, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
snprintf(new_prefix, sizeof(new_prefix), "%s\t\t\t\t", prefix);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
do {
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_name_constraints_get_permitted(nc, idx++, &type, &name);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ret >= 0) {
|
|
Packit Service |
4684c1 |
if (idx == 1)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tPermitted:\n"), prefix);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_name(str, new_prefix, type, &name, 1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} while (ret == 0);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
idx = 0;
|
|
Packit Service |
4684c1 |
do {
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_name_constraints_get_excluded(nc, idx++, &type, &name);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ret >= 0) {
|
|
Packit Service |
4684c1 |
if (idx == 1)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tExcluded:\n"), prefix);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_name(str, new_prefix, type, &name, 1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} while (ret == 0);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_x509_name_constraints_deinit(nc);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_aia(gnutls_buffer_st * str, const gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
int seq;
|
|
Packit Service |
4684c1 |
gnutls_datum_t san = { NULL, 0 }, oid = {NULL, 0};
|
|
Packit Service |
4684c1 |
gnutls_x509_aia_t aia;
|
|
Packit Service |
4684c1 |
unsigned int san_type;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_aia_init(&aia);
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_aia(der, aia, 0);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_aia: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (seq=0;;seq++) {
|
|
Packit Service |
4684c1 |
err = gnutls_x509_aia_get(aia, seq, &oid, &san_type, &san;;
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: aia_get: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (strcmp((char*)oid.data, GNUTLS_OID_AD_OCSP) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("\t\t\tAccess Method: %s (%s)\n"), GNUTLS_OID_AD_OCSP, "id-ad-ocsp");
|
|
Packit Service |
4684c1 |
else if (strcmp((char*)oid.data, GNUTLS_OID_AD_CAISSUERS) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("\t\t\tAccess Method: %s (%s)\n"), GNUTLS_OID_AD_CAISSUERS, "id-ad-caIssuers");
|
|
Packit Service |
4684c1 |
else {
|
|
Packit Service |
4684c1 |
addf(str, _("\t\t\tAccess Method: %s (%s)\n"), (char*)oid.data, "UNKNOWN");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, "\t\t\tAccess Location ");
|
|
Packit Service |
4684c1 |
print_name(str, "", san_type, &san, 0);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_x509_aia_deinit(aia);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_ski(gnutls_buffer_st * str, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t id = {NULL, 0};
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_subject_key_id(der, &id;;
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_subject_key_id: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, "\t\t\t");
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, id.data, id.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(id.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define TYPE_CRT 2
|
|
Packit Service |
4684c1 |
#define TYPE_CRQ 3
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef union {
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_t crt;
|
|
Packit Service |
4684c1 |
gnutls_x509_crq_t crq;
|
|
Packit Service |
4684c1 |
} cert_type_t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_aki_gn_serial(gnutls_buffer_st * str, gnutls_x509_aki_t aki)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t san, other_oid, serial;
|
|
Packit Service |
4684c1 |
unsigned int alt_type;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_aki_get_cert_issuer(aki,
|
|
Packit Service |
4684c1 |
0, &alt_type, &san, &other_oid, &serial);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
} else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_x509_aki_get_cert_issuer: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_name(str, "\t\t\t", alt_type, &san, 0);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, "\t\t\tserial: ");
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, serial.data, serial.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_aki(gnutls_buffer_st * str, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
gnutls_x509_aki_t aki;
|
|
Packit Service |
4684c1 |
gnutls_datum_t id;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_aki_init(&aki);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_x509_aki_init: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_authority_key_id(der, aki, 0);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_x509_ext_import_authority_key_id: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Check if an alternative name is there */
|
|
Packit Service |
4684c1 |
print_aki_gn_serial(str, aki);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_aki_get_id(aki, &id;;
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
} else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_x509_aki_get_id: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, "\t\t\t");
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, id.data, id.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_x509_aki_deinit(aki);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_key_usage2(gnutls_buffer_st * str, const char *prefix, unsigned int key_usage)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
|
|
Packit Service |
4684c1 |
addf(str, _("%sDigital signature.\n"), prefix);
|
|
Packit Service |
4684c1 |
if (key_usage & GNUTLS_KEY_NON_REPUDIATION)
|
|
Packit Service |
4684c1 |
addf(str, _("%sNon repudiation.\n"), prefix);
|
|
Packit Service |
4684c1 |
if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
|
|
Packit Service |
4684c1 |
addf(str, _("%sKey encipherment.\n"), prefix);
|
|
Packit Service |
4684c1 |
if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
|
|
Packit Service |
4684c1 |
addf(str, _("%sData encipherment.\n"), prefix);
|
|
Packit Service |
4684c1 |
if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
|
|
Packit Service |
4684c1 |
addf(str, _("%sKey agreement.\n"), prefix);
|
|
Packit Service |
4684c1 |
if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
|
|
Packit Service |
4684c1 |
addf(str, _("%sCertificate signing.\n"), prefix);
|
|
Packit Service |
4684c1 |
if (key_usage & GNUTLS_KEY_CRL_SIGN)
|
|
Packit Service |
4684c1 |
addf(str, _("%sCRL signing.\n"), prefix);
|
|
Packit Service |
4684c1 |
if (key_usage & GNUTLS_KEY_ENCIPHER_ONLY)
|
|
Packit Service |
4684c1 |
addf(str, _("%sKey encipher only.\n"), prefix);
|
|
Packit Service |
4684c1 |
if (key_usage & GNUTLS_KEY_DECIPHER_ONLY)
|
|
Packit Service |
4684c1 |
addf(str, _("%sKey decipher only.\n"), prefix);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_key_usage(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned int key_usage;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_key_usage(der, &key_usage);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_key_usage: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_key_usage2(str, prefix, key_usage);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_private_key_usage_period(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
time_t activation, expiration;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
char s[42];
|
|
Packit Service |
4684c1 |
struct tm t;
|
|
Packit Service |
4684c1 |
size_t max;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_private_key_usage_period(der, &activation, &expiration);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_private_key_usage_period: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
max = sizeof(s);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gmtime_r(&activation, &t) == NULL)
|
|
Packit Service |
4684c1 |
addf(str, "error: gmtime_r (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) activation);
|
|
Packit Service |
4684c1 |
else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: strftime (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) activation);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("\t\t\tNot Before: %s\n"), s);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gmtime_r(&expiration, &t) == NULL)
|
|
Packit Service |
4684c1 |
addf(str, "error: gmtime_r (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) expiration);
|
|
Packit Service |
4684c1 |
else if (strftime(s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: strftime (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) expiration);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("\t\t\tNot After: %s\n"), s);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_crldist(gnutls_buffer_st * str, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
int indx;
|
|
Packit Service |
4684c1 |
gnutls_x509_crl_dist_points_t dp;
|
|
Packit Service |
4684c1 |
unsigned int flags, type;
|
|
Packit Service |
4684c1 |
gnutls_datum_t dist;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crl_dist_points_init(&dp;;
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_x509_crl_dist_points_init: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_crl_dist_points(der, dp, 0);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_x509_ext_import_crl_dist_points: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (indx = 0;; indx++) {
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crl_dist_points_get(dp, indx, &type, &dist, &flags);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_crl_dist_points: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_name(str, "\t\t\t", type, &dist, 0);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_x509_crl_dist_points_deinit(dp);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_key_purpose(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int indx;
|
|
Packit Service |
4684c1 |
gnutls_datum_t oid;
|
|
Packit Service |
4684c1 |
char *p;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
gnutls_x509_key_purposes_t purposes;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_key_purpose_init(&purposes);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_x509_key_purpose_init: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_key_purposes(der, purposes, 0);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_x509_ext_import_key_purposes: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (indx = 0;; indx++) {
|
|
Packit Service |
4684c1 |
err = gnutls_x509_key_purpose_get(purposes, indx, &oid;;
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_x509_key_purpose_get: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
p = (void*)oid.data;
|
|
Packit Service |
4684c1 |
if (strcmp(p, GNUTLS_KP_TLS_WWW_SERVER) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tTLS WWW Server.\n"), prefix);
|
|
Packit Service |
4684c1 |
else if (strcmp(p, GNUTLS_KP_TLS_WWW_CLIENT) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tTLS WWW Client.\n"), prefix);
|
|
Packit Service |
4684c1 |
else if (strcmp(p, GNUTLS_KP_CODE_SIGNING) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tCode signing.\n"), prefix);
|
|
Packit Service |
4684c1 |
else if (strcmp(p, GNUTLS_KP_EMAIL_PROTECTION) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tEmail protection.\n"),
|
|
Packit Service |
4684c1 |
prefix);
|
|
Packit Service |
4684c1 |
else if (strcmp(p, GNUTLS_KP_TIME_STAMPING) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tTime stamping.\n"), prefix);
|
|
Packit Service |
4684c1 |
else if (strcmp(p, GNUTLS_KP_OCSP_SIGNING) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tOCSP signing.\n"), prefix);
|
|
Packit Service |
4684c1 |
else if (strcmp(p, GNUTLS_KP_IPSEC_IKE) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tIpsec IKE.\n"), prefix);
|
|
Packit Service |
4684c1 |
else if (strcmp(p, GNUTLS_KP_ANY) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tAny purpose.\n"), prefix);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, "%s\t\t\t%s\n", prefix, p);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_x509_key_purpose_deinit(purposes);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_basic(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int pathlen;
|
|
Packit Service |
4684c1 |
unsigned ca;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_basic_constraints(der, &ca, &pathlen);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_basic_constraints: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ca == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tCertificate Authority (CA): FALSE\n"),
|
|
Packit Service |
4684c1 |
prefix);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tCertificate Authority (CA): TRUE\n"),
|
|
Packit Service |
4684c1 |
prefix);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (pathlen >= 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tPath Length Constraint: %d\n"),
|
|
Packit Service |
4684c1 |
prefix, pathlen);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_altname(gnutls_buffer_st * str, const char *prefix, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned int altname_idx;
|
|
Packit Service |
4684c1 |
gnutls_subject_alt_names_t names;
|
|
Packit Service |
4684c1 |
unsigned int type;
|
|
Packit Service |
4684c1 |
gnutls_datum_t san;
|
|
Packit Service |
4684c1 |
gnutls_datum_t othername;
|
|
Packit Service |
4684c1 |
char pfx[16];
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_subject_alt_names_init(&names);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_subject_alt_names_init: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_subject_alt_names(der, names, 0);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: gnutls_x509_ext_import_subject_alt_names: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (altname_idx = 0;; altname_idx++) {
|
|
Packit Service |
4684c1 |
err = gnutls_subject_alt_names_get(names, altname_idx,
|
|
Packit Service |
4684c1 |
&type, &san, &othername);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: gnutls_subject_alt_names_get: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (type == GNUTLS_SAN_OTHERNAME) {
|
|
Packit Service |
4684c1 |
unsigned vtype;
|
|
Packit Service |
4684c1 |
gnutls_datum_t virt;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_othername_to_virtual((char*)othername.data, &san, &vtype, &virt);
|
|
Packit Service |
4684c1 |
if (err >= 0) {
|
|
Packit Service |
4684c1 |
snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix);
|
|
Packit Service |
4684c1 |
print_name(str, pfx, vtype, &virt, 0);
|
|
Packit Service |
4684c1 |
gnutls_free(virt.data);
|
|
Packit Service |
4684c1 |
continue;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("%s\t\t\totherName OID: %.*s\n"),
|
|
Packit Service |
4684c1 |
prefix, (int)othername.size, (char*)othername.data);
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\totherName DER: "),
|
|
Packit Service |
4684c1 |
prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, san.data, san.size);
|
|
Packit Service |
4684c1 |
addf(str, _("\n%s\t\t\totherName ASCII: "),
|
|
Packit Service |
4684c1 |
prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_asciiprint(str, (char*)san.data, san.size);
|
|
Packit Service |
4684c1 |
addf(str, "\n");
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix);
|
|
Packit Service |
4684c1 |
print_name(str, pfx, type, &san, 0);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_subject_alt_names_deinit(names);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
guiddump(gnutls_buffer_st * str, const char *data, size_t len,
|
|
Packit Service |
4684c1 |
const char *spc)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
size_t j;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (spc)
|
|
Packit Service |
4684c1 |
adds(str, spc);
|
|
Packit Service |
4684c1 |
addf(str, "{");
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[3]);
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[2]);
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[1]);
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[0]);
|
|
Packit Service |
4684c1 |
addf(str, "-");
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[5]);
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[4]);
|
|
Packit Service |
4684c1 |
addf(str, "-");
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[7]);
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[6]);
|
|
Packit Service |
4684c1 |
addf(str, "-");
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[8]);
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[9]);
|
|
Packit Service |
4684c1 |
addf(str, "-");
|
|
Packit Service |
4684c1 |
for (j = 10; j < 16; j++) {
|
|
Packit Service |
4684c1 |
addf(str, "%.2X", (unsigned char) data[j]);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
addf(str, "}\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_unique_ids(gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int result;
|
|
Packit Service |
4684c1 |
char buf[256]; /* if its longer, we won't bother to print it */
|
|
Packit Service |
4684c1 |
size_t buf_size = 256;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result =
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_get_issuer_unique_id(cert, buf, &buf_size);
|
|
Packit Service |
4684c1 |
if (result >= 0) {
|
|
Packit Service |
4684c1 |
addf(str, ("\tIssuer Unique ID:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, buf, buf_size, "\t\t\t");
|
|
Packit Service |
4684c1 |
if (buf_size == 16) { /* this could be a GUID */
|
|
Packit Service |
4684c1 |
guiddump(str, buf, buf_size, "\t\t\t");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
buf_size = 256;
|
|
Packit Service |
4684c1 |
result =
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_get_subject_unique_id(cert, buf, &buf_size);
|
|
Packit Service |
4684c1 |
if (result >= 0) {
|
|
Packit Service |
4684c1 |
addf(str, ("\tSubject Unique ID:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, buf, buf_size, "\t\t\t");
|
|
Packit Service |
4684c1 |
if (buf_size == 16) { /* this could be a GUID */
|
|
Packit Service |
4684c1 |
guiddump(str, buf, buf_size, "\t\t\t");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_tlsfeatures(gnutls_buffer_st * str, const char *prefix, const gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
int seq;
|
|
Packit Service |
4684c1 |
gnutls_x509_tlsfeatures_t features;
|
|
Packit Service |
4684c1 |
const char *name;
|
|
Packit Service |
4684c1 |
unsigned int feature;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_tlsfeatures_init(&features);
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_tlsfeatures(der, features, 0);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_tlsfeatures: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (seq=0;;seq++) {
|
|
Packit Service |
4684c1 |
err = gnutls_x509_tlsfeatures_get(features, seq, &feature);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_tlsfeatures: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
name = gnutls_ext_get_name(feature);
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
addf(str, "%s\t\t\t%u\n", prefix, feature);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, "%s\t\t\t%s(%u)\n", prefix, name, feature);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_x509_tlsfeatures_deinit(features);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_subject_sign_tool(gnutls_buffer_st * str, const char *prefix, const gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
gnutls_datum_t tmp = {NULL, 0};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_decode_string(ASN1_ETYPE_UTF8_STRING, der->data, der->size, &tmp, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tASCII: "), prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_asciiprint(str, (char*)der->data, der->size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, "\n");
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tHexdump: "), prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, (char*)der->data, der->size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\t%.*s\n"), prefix, tmp.size, NON_NULL(tmp.data));
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(&tmp);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_issuer_sign_tool(gnutls_buffer_st * str, const char *prefix, const gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret, result;
|
|
Packit Service |
4684c1 |
ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
|
|
Packit Service |
4684c1 |
char asn1_err[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = "";
|
|
Packit Service |
4684c1 |
gnutls_datum_t tmp;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.IssuerSignTool",
|
|
Packit Service |
4684c1 |
&tmpasn)) != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto hexdump;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((result = _asn1_strict_der_decode(&tmpasn, der->data, der->size, asn1_err)) != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_debug_log("_asn1_strict_der_decode: %s\n", asn1_err);
|
|
Packit Service |
4684c1 |
goto hexdump;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_read_value(tmpasn, "signTool", &tmp);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto hexdump;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tSignTool: %.*s\n"), prefix, tmp.size, NON_NULL(tmp.data));
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(&tmp);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_read_value(tmpasn, "cATool", &tmp);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto hexdump;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tCATool: %.*s\n"), prefix, tmp.size, NON_NULL(tmp.data));
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(&tmp);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_read_value(tmpasn, "signToolCert", &tmp);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto hexdump;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tSignToolCert: %.*s\n"), prefix, tmp.size, NON_NULL(tmp.data));
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(&tmp);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_read_value(tmpasn, "cAToolCert", &tmp);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto hexdump;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tCAToolCert: %.*s\n"), prefix, tmp.size, NON_NULL(tmp.data));
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(&tmp);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&tmpasn);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
hexdump:
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&tmpasn);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tASCII: "), prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_asciiprint(str, (char*)der->data, der->size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, "\n");
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tHexdump: "), prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, (char*)der->data, der->size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define ENTRY(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, 0}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static const struct oid_to_string cp_oid2str[] = {
|
|
Packit Service |
4684c1 |
ENTRY("2.5.29.32.0", "anyPolicy"),
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ENTRY("2.23.140.1.2.1", "CA/B Domain Validated"),
|
|
Packit Service |
4684c1 |
ENTRY("2.23.140.1.2.2", "CA/B Organization Validated"),
|
|
Packit Service |
4684c1 |
ENTRY("2.23.140.1.2.3", "CA/B Individual Validated"),
|
|
Packit Service |
4684c1 |
ENTRY("2.23.140.1.1", "CA/B Extended Validation"),
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* draft-deremin-rfc4491-bis */
|
|
Packit Service |
4684c1 |
ENTRY("1.2.643.100.113.1", "Russian security class KC1"),
|
|
Packit Service |
4684c1 |
ENTRY("1.2.643.100.113.2", "Russian security class KC2"),
|
|
Packit Service |
4684c1 |
ENTRY("1.2.643.100.113.3", "Russian security class KC3"),
|
|
Packit Service |
4684c1 |
ENTRY("1.2.643.100.113.4", "Russian security class KB1"),
|
|
Packit Service |
4684c1 |
ENTRY("1.2.643.100.113.5", "Russian security class KB2"),
|
|
Packit Service |
4684c1 |
ENTRY("1.2.643.100.113.6", "Russian security class KA1"),
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
{NULL, 0, NULL, 0},
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
struct ext_indexes_st {
|
|
Packit Service |
4684c1 |
int san;
|
|
Packit Service |
4684c1 |
int ian;
|
|
Packit Service |
4684c1 |
int proxy;
|
|
Packit Service |
4684c1 |
int basic;
|
|
Packit Service |
4684c1 |
int keyusage;
|
|
Packit Service |
4684c1 |
int keypurpose;
|
|
Packit Service |
4684c1 |
int ski;
|
|
Packit Service |
4684c1 |
int aki, nc;
|
|
Packit Service |
4684c1 |
int crldist, pkey_usage_period;
|
|
Packit Service |
4684c1 |
int tlsfeatures;
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_extension(gnutls_buffer_st * str, const char *prefix,
|
|
Packit Service |
4684c1 |
struct ext_indexes_st *idx, const char *oid,
|
|
Packit Service |
4684c1 |
unsigned critical, gnutls_datum_t *der)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
unsigned j;
|
|
Packit Service |
4684c1 |
char pfx[16];
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (strcmp(oid, "2.5.29.19") == 0) {
|
|
Packit Service |
4684c1 |
if (idx->basic) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one basic constraint\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\tBasic Constraints (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_basic(str, prefix, der);
|
|
Packit Service |
4684c1 |
idx->basic++;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.14") == 0) {
|
|
Packit Service |
4684c1 |
if (idx->ski) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one SKI extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("%s\t\tSubject Key Identifier (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_ski(str, der);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
idx->ski++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.32") == 0) {
|
|
Packit Service |
4684c1 |
struct gnutls_x509_policy_st policy;
|
|
Packit Service |
4684c1 |
gnutls_x509_policies_t policies;
|
|
Packit Service |
4684c1 |
const char *name;
|
|
Packit Service |
4684c1 |
const struct oid_to_string *entry;
|
|
Packit Service |
4684c1 |
int x;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_policies_init(&policies);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: certificate policies: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_policies(der, policies, 0);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: certificate policies import: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
gnutls_x509_policies_deinit(policies);
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (x = 0;; x++) {
|
|
Packit Service |
4684c1 |
err = gnutls_x509_policies_get(policies, x, &policy);
|
|
Packit Service |
4684c1 |
if (err ==
|
|
Packit Service |
4684c1 |
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: certificate policy: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (x == 0)
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"%s\t\tCertificate Policies (%s):\n",
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") :
|
|
Packit Service |
4684c1 |
_("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
entry = _gnutls_oid_get_entry(cp_oid2str, policy.oid);
|
|
Packit Service |
4684c1 |
if (entry != NULL && entry->name_desc != NULL)
|
|
Packit Service |
4684c1 |
addf(str, "%s\t\t\t%s (%s)\n", prefix, policy.oid, entry->name_desc);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, "%s\t\t\t%s\n", prefix, policy.oid);
|
|
Packit Service |
4684c1 |
for (j = 0; j < policy.qualifiers; j++) {
|
|
Packit Service |
4684c1 |
if (policy.qualifier[j].type ==
|
|
Packit Service |
4684c1 |
GNUTLS_X509_QUALIFIER_URI)
|
|
Packit Service |
4684c1 |
name = "URI";
|
|
Packit Service |
4684c1 |
else if (policy.qualifier[j].
|
|
Packit Service |
4684c1 |
type ==
|
|
Packit Service |
4684c1 |
GNUTLS_X509_QUALIFIER_NOTICE)
|
|
Packit Service |
4684c1 |
name = "Note";
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
name = "Unknown qualifier";
|
|
Packit Service |
4684c1 |
addf(str, "%s\t\t\t\t%s: %s\n",
|
|
Packit Service |
4684c1 |
prefix, name,
|
|
Packit Service |
4684c1 |
policy.qualifier[j].data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
gnutls_x509_policies_deinit(policies);
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.54") == 0) {
|
|
Packit Service |
4684c1 |
unsigned int skipcerts;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_ext_import_inhibit_anypolicy(der, &skipcerts);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: certificate inhibit any policy import: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"%s\t\tInhibit anyPolicy skip certs: %u (%s)\n",
|
|
Packit Service |
4684c1 |
prefix, skipcerts,
|
|
Packit Service |
4684c1 |
critical ? _("critical") :
|
|
Packit Service |
4684c1 |
_("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.35") == 0) {
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (idx->aki) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one AKI extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("%s\t\tAuthority Key Identifier (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_aki(str, der);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
idx->aki++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.15") == 0) {
|
|
Packit Service |
4684c1 |
if (idx->keyusage) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one key usage extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\tKey Usage (%s):\n"), prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix);
|
|
Packit Service |
4684c1 |
print_key_usage(str, pfx, der);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
idx->keyusage++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.16") == 0) {
|
|
Packit Service |
4684c1 |
if (idx->pkey_usage_period) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one private key usage period extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("%s\t\tPrivate Key Usage Period (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_private_key_usage_period(str, prefix, der);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
idx->pkey_usage_period++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.37") == 0) {
|
|
Packit Service |
4684c1 |
if (idx->keypurpose) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one key purpose extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\tKey Purpose (%s):\n"), prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_key_purpose(str, prefix, der);
|
|
Packit Service |
4684c1 |
idx->keypurpose++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.17") == 0) {
|
|
Packit Service |
4684c1 |
if (idx->san) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one SKI extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("%s\t\tSubject Alternative Name (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
print_altname(str, prefix, der);
|
|
Packit Service |
4684c1 |
idx->san++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.18") == 0) {
|
|
Packit Service |
4684c1 |
if (idx->ian) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one Issuer AltName extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("%s\t\tIssuer Alternative Name (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_altname(str, prefix, der);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
idx->ian++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.31") == 0) {
|
|
Packit Service |
4684c1 |
if (idx->crldist) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one CRL distribution point\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("%s\t\tCRL Distribution points (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_crldist(str, der);
|
|
Packit Service |
4684c1 |
idx->crldist++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "1.3.6.1.5.5.7.1.14") == 0) {
|
|
Packit Service |
4684c1 |
if (idx->proxy) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one proxy extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_
|
|
Packit Service |
4684c1 |
("%s\t\tProxy Certificate Information (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_proxy(str, der);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
idx->proxy++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "1.3.6.1.5.5.7.1.1") == 0) {
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\tAuthority Information "
|
|
Packit Service |
4684c1 |
"Access (%s):\n"), prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_aia(str, der);
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.30") == 0) {
|
|
Packit Service |
4684c1 |
if (idx->nc) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one name constraints extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
idx->nc++;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\tName Constraints (%s):\n"), prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_nc(str, prefix, der);
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, GNUTLS_X509EXT_OID_TLSFEATURES) == 0) {
|
|
Packit Service |
4684c1 |
if (idx->tlsfeatures) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one tlsfeatures extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\tTLS Features (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_tlsfeatures(str, prefix, der);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
idx->tlsfeatures++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "1.2.643.100.111") == 0) {
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\tSubject Signing Tool(%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_subject_sign_tool(str, prefix, der);
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "1.2.643.100.112") == 0) {
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\tIssuer Signing Tool(%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_issuer_sign_tool(str, prefix, der);
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.4.3") == 0) {
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
gnutls_datum_t tmp = {NULL, 0};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\tCommon Name (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_decode_string(ASN1_ETYPE_PRINTABLE_STRING, der->data, der->size, &tmp, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: x509_decode_string: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, "%s\t\t\t%s\n", prefix, tmp.data);
|
|
Packit Service |
4684c1 |
gnutls_free(tmp.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\tUnknown extension %s (%s):\n"),
|
|
Packit Service |
4684c1 |
prefix, oid,
|
|
Packit Service |
4684c1 |
critical ? _("critical") : _("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tASCII: "), prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_asciiprint(str, (char*)der->data, der->size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, "\n");
|
|
Packit Service |
4684c1 |
addf(str, _("%s\t\t\tHexdump: "), prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, (char*)der->data, der->size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_extensions(gnutls_buffer_st * str, const char *prefix, int type,
|
|
Packit Service |
4684c1 |
cert_type_t cert)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned i;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
gnutls_datum_t der = {NULL, 0};
|
|
Packit Service |
4684c1 |
struct ext_indexes_st idx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memset(&idx, 0, sizeof(idx));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (i = 0;; i++) {
|
|
Packit Service |
4684c1 |
char oid[MAX_OID_SIZE] = "";
|
|
Packit Service |
4684c1 |
size_t sizeof_oid = sizeof(oid);
|
|
Packit Service |
4684c1 |
unsigned int critical;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (type == TYPE_CRT)
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_get_extension_info(cert.crt, i,
|
|
Packit Service |
4684c1 |
oid,
|
|
Packit Service |
4684c1 |
&sizeof_oid,
|
|
Packit Service |
4684c1 |
&critical);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
else if (type == TYPE_CRQ)
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crq_get_extension_info(cert.crq, i,
|
|
Packit Service |
4684c1 |
oid,
|
|
Packit Service |
4684c1 |
&sizeof_oid,
|
|
Packit Service |
4684c1 |
&critical);
|
|
Packit Service |
4684c1 |
else {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_extension_info: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (i == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("%s\tExtensions:\n"), prefix);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (type == TYPE_CRT)
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_extension_data2(cert.crt, i, &der;;
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crq_get_extension_data2(cert.crq, i, &der;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
der.data = NULL;
|
|
Packit Service |
4684c1 |
der.size = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_extension(str, prefix, &idx, oid, critical, &der;;
|
|
Packit Service |
4684c1 |
gnutls_free(der.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void reverse_datum(gnutls_datum_t *d)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned int i;
|
|
Packit Service |
4684c1 |
unsigned char c;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (i = 0; i < d->size / 2; i++) {
|
|
Packit Service |
4684c1 |
c = d->data[i];
|
|
Packit Service |
4684c1 |
d->data[i] = d->data[d->size - i - 1];
|
|
Packit Service |
4684c1 |
d->data[d->size - i - 1] = c;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_pubkey(gnutls_buffer_st * str, const char *key_name,
|
|
Packit Service |
4684c1 |
gnutls_pubkey_t pubkey, gnutls_x509_spki_st *spki,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
const char *name;
|
|
Packit Service |
4684c1 |
unsigned bits;
|
|
Packit Service |
4684c1 |
unsigned pk;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_pubkey_get_pk_algorithm(pubkey, &bits);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_pk_algorithm: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pk = err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
name = gnutls_pk_algorithm_get_name(pk);
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
name = _("unknown");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("\t%sPublic Key Algorithm: %s\n"), key_name, name);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("\tAlgorithm Security Level: %s (%d bits)\n"),
|
|
Packit Service |
4684c1 |
gnutls_sec_param_get_name(gnutls_pk_bits_to_sec_param
|
|
Packit Service |
4684c1 |
(err, bits)), bits);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (spki && pk == GNUTLS_PK_RSA_PSS && spki->pk == pk) {
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tParameters:\n"));
|
|
Packit Service |
4684c1 |
addf(str, "\t\t\tHash Algorithm: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_digest_get_name(spki->rsa_pss_dig));
|
|
Packit Service |
4684c1 |
addf(str, "\t\t\tSalt Length: %d\n", spki->salt_size);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
switch (pk) {
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_RSA:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_RSA_PSS:
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t m, e;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_pubkey_get_pk_rsa_raw(pubkey, &m, &e);
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: get_pk_rsa_raw: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
else {
|
|
Packit Service |
4684c1 |
if (format ==
|
|
Packit Service |
4684c1 |
GNUTLS_CRT_PRINT_FULL_NUMBERS) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("\t\tModulus (bits %d): "),
|
|
Packit Service |
4684c1 |
bits);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str,
|
|
Packit Service |
4684c1 |
m.data,
|
|
Packit Service |
4684c1 |
m.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("\t\tExponent (bits %d): "),
|
|
Packit Service |
4684c1 |
e.size * 8);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str,
|
|
Packit Service |
4684c1 |
e.data,
|
|
Packit Service |
4684c1 |
e.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("\t\tModulus (bits %d):\n"),
|
|
Packit Service |
4684c1 |
bits);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, m.data,
|
|
Packit Service |
4684c1 |
m.size,
|
|
Packit Service |
4684c1 |
"\t\t\t");
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_
|
|
Packit Service |
4684c1 |
("\t\tExponent (bits %d):\n"),
|
|
Packit Service |
4684c1 |
e.size * 8);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, e.data,
|
|
Packit Service |
4684c1 |
e.size,
|
|
Packit Service |
4684c1 |
"\t\t\t");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(m.data);
|
|
Packit Service |
4684c1 |
gnutls_free(e.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_EDDSA_ED25519:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_EDDSA_ED448:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_ECDSA:
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t x, y;
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t curve;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_pubkey_get_pk_ecc_raw(pubkey, &curve,
|
|
Packit Service |
4684c1 |
&x, &y);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_pk_ecc_raw: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tCurve:\t%s\n"),
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_get_name(curve));
|
|
Packit Service |
4684c1 |
if (format ==
|
|
Packit Service |
4684c1 |
GNUTLS_CRT_PRINT_FULL_NUMBERS) {
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tX: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str,
|
|
Packit Service |
4684c1 |
x.data,
|
|
Packit Service |
4684c1 |
x.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
if (y.size > 0) {
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tY: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str,
|
|
Packit Service |
4684c1 |
y.data,
|
|
Packit Service |
4684c1 |
y.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tX:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, x.data,
|
|
Packit Service |
4684c1 |
x.size,
|
|
Packit Service |
4684c1 |
"\t\t\t");
|
|
Packit Service |
4684c1 |
if (y.size > 0) {
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tY:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, y.data,
|
|
Packit Service |
4684c1 |
y.size,
|
|
Packit Service |
4684c1 |
"\t\t\t");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(x.data);
|
|
Packit Service |
4684c1 |
gnutls_free(y.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_DSA:
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t p, q, g, y;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_pubkey_get_pk_dsa_raw(pubkey, &p, &q,
|
|
Packit Service |
4684c1 |
&g, &y);
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: get_pk_dsa_raw: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
else {
|
|
Packit Service |
4684c1 |
if (format ==
|
|
Packit Service |
4684c1 |
GNUTLS_CRT_PRINT_FULL_NUMBERS) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_
|
|
Packit Service |
4684c1 |
("\t\tPublic key (bits %d): "),
|
|
Packit Service |
4684c1 |
bits);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str,
|
|
Packit Service |
4684c1 |
y.data,
|
|
Packit Service |
4684c1 |
y.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tP: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str,
|
|
Packit Service |
4684c1 |
p.data,
|
|
Packit Service |
4684c1 |
p.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tQ: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str,
|
|
Packit Service |
4684c1 |
q.data,
|
|
Packit Service |
4684c1 |
q.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tG: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str,
|
|
Packit Service |
4684c1 |
g.data,
|
|
Packit Service |
4684c1 |
g.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_
|
|
Packit Service |
4684c1 |
("\t\tPublic key (bits %d):\n"),
|
|
Packit Service |
4684c1 |
bits);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, y.data,
|
|
Packit Service |
4684c1 |
y.size,
|
|
Packit Service |
4684c1 |
"\t\t\t");
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tP:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, p.data,
|
|
Packit Service |
4684c1 |
p.size,
|
|
Packit Service |
4684c1 |
"\t\t\t");
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tQ:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, q.data,
|
|
Packit Service |
4684c1 |
q.size,
|
|
Packit Service |
4684c1 |
"\t\t\t");
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tG:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, g.data,
|
|
Packit Service |
4684c1 |
g.size,
|
|
Packit Service |
4684c1 |
"\t\t\t");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(p.data);
|
|
Packit Service |
4684c1 |
gnutls_free(q.data);
|
|
Packit Service |
4684c1 |
gnutls_free(g.data);
|
|
Packit Service |
4684c1 |
gnutls_free(y.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_GOST_01:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_GOST_12_256:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_GOST_12_512:
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t x, y;
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t curve;
|
|
Packit Service |
4684c1 |
gnutls_digest_algorithm_t digest;
|
|
Packit Service |
4684c1 |
gnutls_gost_paramset_t param;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_pubkey_export_gost_raw2(pubkey, &curve,
|
|
Packit Service |
4684c1 |
&digest,
|
|
Packit Service |
4684c1 |
¶m,
|
|
Packit Service |
4684c1 |
&x, &y, 0);
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: get_pk_gost_raw: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
else {
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tCurve:\t%s\n"),
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_get_name(curve));
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tDigest:\t%s\n"),
|
|
Packit Service |
4684c1 |
gnutls_digest_get_name(digest));
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tParamSet: %s\n"),
|
|
Packit Service |
4684c1 |
gnutls_gost_paramset_get_name(param));
|
|
Packit Service |
4684c1 |
reverse_datum(&x);
|
|
Packit Service |
4684c1 |
reverse_datum(&y);
|
|
Packit Service |
4684c1 |
if (format ==
|
|
Packit Service |
4684c1 |
GNUTLS_CRT_PRINT_FULL_NUMBERS) {
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tX: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str,
|
|
Packit Service |
4684c1 |
x.data,
|
|
Packit Service |
4684c1 |
x.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tY: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str,
|
|
Packit Service |
4684c1 |
y.data,
|
|
Packit Service |
4684c1 |
y.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tX:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, x.data,
|
|
Packit Service |
4684c1 |
x.size,
|
|
Packit Service |
4684c1 |
"\t\t\t");
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tY:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, y.data,
|
|
Packit Service |
4684c1 |
y.size,
|
|
Packit Service |
4684c1 |
"\t\t\t");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(x.data);
|
|
Packit Service |
4684c1 |
gnutls_free(y.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
default:
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
print_crt_sig_params(gnutls_buffer_st * str, gnutls_x509_crt_t crt,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t pk;
|
|
Packit Service |
4684c1 |
gnutls_x509_spki_st params;
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
sign = gnutls_x509_crt_get_signature_algorithm(crt);
|
|
Packit Service |
4684c1 |
pk = gnutls_sign_get_pk_algorithm(sign);
|
|
Packit Service |
4684c1 |
if (pk == GNUTLS_PK_RSA_PSS) {
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_read_sign_params(crt->cert,
|
|
Packit Service |
4684c1 |
"signatureAlgorithm",
|
|
Packit Service |
4684c1 |
¶ms);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: read_pss_params: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
} else
|
|
Packit Service |
4684c1 |
addf(str, "\t\tSalt Length: %d\n", params.salt_size);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_pk_name(gnutls_buffer_st * str, gnutls_x509_crt_t crt)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const char *p;
|
|
Packit Service |
4684c1 |
char *name = get_pk_name(crt, NULL);
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
p = _("unknown");
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
p = name;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, "\tSubject Public Key Algorithm: %s\n", p);
|
|
Packit Service |
4684c1 |
gnutls_free(name);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
print_crt_pubkey(gnutls_buffer_st * str, gnutls_x509_crt_t crt,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_pubkey_t pubkey = NULL;
|
|
Packit Service |
4684c1 |
gnutls_x509_spki_st params;
|
|
Packit Service |
4684c1 |
int ret, pk;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_crt_read_spki_params(crt, ¶ms);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pk = gnutls_x509_crt_get_pk_algorithm(crt, NULL);
|
|
Packit Service |
4684c1 |
if (pk < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
pk = GNUTLS_PK_UNKNOWN;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (pk == GNUTLS_PK_UNKNOWN) {
|
|
Packit Service |
4684c1 |
print_pk_name(str, crt); /* print basic info only */
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_init(&pubkey);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
if (ret != GNUTLS_E_UNIMPLEMENTED_FEATURE)
|
|
Packit Service |
4684c1 |
addf(str, "error importing public key: %s\n", gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
print_pk_name(str, crt); /* print basic info only */
|
|
Packit Service |
4684c1 |
ret = 0;
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_pubkey(str, _("Subject "), pubkey, ¶ms, format);
|
|
Packit Service |
4684c1 |
ret = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_pubkey_deinit(pubkey);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_cert(gnutls_buffer_st * str, gnutls_x509_crt_t cert,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
/* Version. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int version = gnutls_x509_crt_get_version(cert);
|
|
Packit Service |
4684c1 |
if (version < 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: get_version: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(version));
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("\tVersion: %d\n"), version);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Serial. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char serial[128];
|
|
Packit Service |
4684c1 |
size_t serial_size = sizeof(serial);
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_get_serial(cert, serial, &serial_size);
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: get_serial: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
else {
|
|
Packit Service |
4684c1 |
adds(str, _("\tSerial Number (hex): "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, serial, serial_size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Issuer. */
|
|
Packit Service |
4684c1 |
if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) {
|
|
Packit Service |
4684c1 |
gnutls_datum_t dn;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_issuer_dn3(cert, &dn, 0);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
|
|
Packit Service |
4684c1 |
addf(str, _("\tIssuer:\n"));
|
|
Packit Service |
4684c1 |
} else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_issuer_dn: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, _("\tIssuer: %s\n"), dn.data);
|
|
Packit Service |
4684c1 |
gnutls_free(dn.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Validity. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
time_t tim;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\tValidity:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
tim = gnutls_x509_crt_get_activation_time(cert);
|
|
Packit Service |
4684c1 |
if (tim != -1) {
|
|
Packit Service |
4684c1 |
char s[42];
|
|
Packit Service |
4684c1 |
size_t max = sizeof(s);
|
|
Packit Service |
4684c1 |
struct tm t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gmtime_r(&tim, &t) == NULL)
|
|
Packit Service |
4684c1 |
addf(str, "error: gmtime_r (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else if (strftime
|
|
Packit Service |
4684c1 |
(s, max, "%a %b %d %H:%M:%S UTC %Y",
|
|
Packit Service |
4684c1 |
&t) == 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: strftime (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tNot Before: %s\n"), s);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tNot Before: %s\n"), _("unknown"));
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
tim = gnutls_x509_crt_get_expiration_time(cert);
|
|
Packit Service |
4684c1 |
if (tim != -1) {
|
|
Packit Service |
4684c1 |
char s[42];
|
|
Packit Service |
4684c1 |
size_t max = sizeof(s);
|
|
Packit Service |
4684c1 |
struct tm t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gmtime_r(&tim, &t) == NULL)
|
|
Packit Service |
4684c1 |
addf(str, "error: gmtime_r (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else if (strftime
|
|
Packit Service |
4684c1 |
(s, max, "%a %b %d %H:%M:%S UTC %Y",
|
|
Packit Service |
4684c1 |
&t) == 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: strftime (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tNot After: %s\n"), s);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tNot After: %s\n"), _("unknown"));
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Subject. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dn;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_dn3(cert, &dn, 0);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
|
|
Packit Service |
4684c1 |
addf(str, _("\tSubject:\n"));
|
|
Packit Service |
4684c1 |
} else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_dn: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, _("\tSubject: %s\n"), dn.data);
|
|
Packit Service |
4684c1 |
gnutls_free(dn.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* SubjectPublicKeyInfo. */
|
|
Packit Service |
4684c1 |
print_crt_pubkey(str, cert, format);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_unique_ids(str, cert);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Extensions. */
|
|
Packit Service |
4684c1 |
if (gnutls_x509_crt_get_version(cert) >= 3) {
|
|
Packit Service |
4684c1 |
cert_type_t ccert;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ccert.crt = cert;
|
|
Packit Service |
4684c1 |
print_extensions(str, "", TYPE_CRT, ccert);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Signature. */
|
|
Packit Service |
4684c1 |
if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) {
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
size_t size = 0;
|
|
Packit Service |
4684c1 |
char *buffer = NULL;
|
|
Packit Service |
4684c1 |
char *name;
|
|
Packit Service |
4684c1 |
const char *p;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
name = get_sign_name(cert, &err;;
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
p = _("unknown");
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
p = name;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("\tSignature Algorithm: %s\n"), p);
|
|
Packit Service |
4684c1 |
gnutls_free(name);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_crt_sig_params(str, cert, format);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure2(err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) {
|
|
Packit Service |
4684c1 |
adds(str,
|
|
Packit Service |
4684c1 |
_("warning: signed using a broken signature "
|
|
Packit Service |
4684c1 |
"algorithm that can be forged.\n"));
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_signature(cert, buffer, &size);
|
|
Packit Service |
4684c1 |
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_signature: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
buffer = gnutls_malloc(size);
|
|
Packit Service |
4684c1 |
if (!buffer) {
|
|
Packit Service |
4684c1 |
addf(str, "error: malloc: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_signature(cert, buffer, &size);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
gnutls_free(buffer);
|
|
Packit Service |
4684c1 |
addf(str, "error: get_signature2: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\tSignature:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, buffer, size, "\t\t");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(buffer);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_fingerprint(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
char buffer[MAX_HASH_SIZE];
|
|
Packit Service |
4684c1 |
size_t size = sizeof(buffer);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\tFingerprint:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA1, buffer, &size);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_fingerprint: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tsha1:"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, buffer, size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
size = sizeof(buffer);
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_SHA256, buffer, &size);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_fingerprint: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tsha256:"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, buffer, size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef int get_id_func(void *obj, unsigned, unsigned char*, size_t*);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_obj_id(gnutls_buffer_st *str, const char *prefix, void *obj, get_id_func *get_id)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned char sha1_buffer[MAX_HASH_SIZE];
|
|
Packit Service |
4684c1 |
unsigned char sha2_buffer[MAX_HASH_SIZE];
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
size_t sha1_size, sha2_size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
sha1_size = sizeof(sha1_buffer);
|
|
Packit Service |
4684c1 |
err = get_id(obj, GNUTLS_KEYID_USE_SHA1, sha1_buffer, &sha1_size);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_UNIMPLEMENTED_FEATURE) /* unsupported algo */
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_key_id(sha1): %s\n", gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
sha2_size = sizeof(sha2_buffer);
|
|
Packit Service |
4684c1 |
err = get_id(obj, GNUTLS_KEYID_USE_SHA256, sha2_buffer, &sha2_size);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_UNIMPLEMENTED_FEATURE) /* unsupported algo */
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_key_id(sha256): %s\n", gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%sPublic Key ID:\n%s\tsha1:"), prefix, prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, sha1_buffer, sha1_size);
|
|
Packit Service |
4684c1 |
addf(str, "\n%s\tsha256:", prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, sha2_buffer, sha2_size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("%sPublic Key PIN:\n%s\tpin-sha256:"), prefix, prefix);
|
|
Packit Service |
4684c1 |
_gnutls_buffer_base64print(str, sha2_buffer, sha2_size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_keyid(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
const char *name;
|
|
Packit Service |
4684c1 |
unsigned int bits;
|
|
Packit Service |
4684c1 |
unsigned char sha1_buffer[MAX_HASH_SIZE];
|
|
Packit Service |
4684c1 |
size_t sha1_size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_pk_algorithm(cert, &bits);
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_obj_id(str, "\t", cert, (get_id_func*)gnutls_x509_crt_get_key_id);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (IS_EC(err)) {
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t curve;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_pk_ecc_raw(cert, &curve, NULL, NULL);
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
name = gnutls_ecc_curve_get_name(curve);
|
|
Packit Service |
4684c1 |
bits = 0;
|
|
Packit Service |
4684c1 |
} else if (IS_GOSTEC(err)) {
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t curve;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_pk_gost_raw(cert, &curve, NULL, NULL, NULL, NULL);
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
name = gnutls_ecc_curve_get_name(curve);
|
|
Packit Service |
4684c1 |
bits = 0;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
name = gnutls_pk_get_name(err);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
sha1_size = sizeof(sha1_buffer);
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA1, sha1_buffer, &sha1_size);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_UNIMPLEMENTED_FEATURE) /* unsupported algo */
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_other(gnutls_buffer_st * str, gnutls_x509_crt_t cert,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL) {
|
|
Packit Service |
4684c1 |
print_fingerprint(str, cert);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
print_keyid(str, cert);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Subject. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dn;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_dn3(cert, &dn, 0);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
|
|
Packit Service |
4684c1 |
addf(str, _("no subject,"));
|
|
Packit Service |
4684c1 |
} else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "unknown subject (%s), ",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, "subject `%s', ", dn.data);
|
|
Packit Service |
4684c1 |
gnutls_free(dn.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Issuer. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dn;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_issuer_dn3(cert, &dn, 0);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
|
|
Packit Service |
4684c1 |
addf(str, _("no issuer,"));
|
|
Packit Service |
4684c1 |
} else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "unknown issuer (%s), ",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, "issuer `%s', ", dn.data);
|
|
Packit Service |
4684c1 |
gnutls_free(dn.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char serial[128];
|
|
Packit Service |
4684c1 |
size_t serial_size = sizeof(serial);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_get_serial(cert, serial, &serial_size);
|
|
Packit Service |
4684c1 |
if (err >= 0) {
|
|
Packit Service |
4684c1 |
adds(str, "serial 0x");
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, serial, serial_size);
|
|
Packit Service |
4684c1 |
adds(str, ", ");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Key algorithm and size. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned int bits;
|
|
Packit Service |
4684c1 |
const char *p;
|
|
Packit Service |
4684c1 |
char *name = get_pk_name(cert, &bits);
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
p = _("unknown");
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
p = name;
|
|
Packit Service |
4684c1 |
addf(str, "%s key %d bits, ", p, bits);
|
|
Packit Service |
4684c1 |
gnutls_free(name);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Signature Algorithm. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char *name = get_sign_name(cert, &err;;
|
|
Packit Service |
4684c1 |
const char *p;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
p = _("unknown");
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
p = name;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure2(err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0)
|
|
Packit Service |
4684c1 |
addf(str, _("signed using %s (broken!), "), p);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("signed using %s, "), p);
|
|
Packit Service |
4684c1 |
gnutls_free(name);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Validity. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
time_t tim;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
tim = gnutls_x509_crt_get_activation_time(cert);
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char s[42];
|
|
Packit Service |
4684c1 |
size_t max = sizeof(s);
|
|
Packit Service |
4684c1 |
struct tm t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gmtime_r(&tim, &t) == NULL)
|
|
Packit Service |
4684c1 |
addf(str, "unknown activation (%ld), ",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else if (strftime
|
|
Packit Service |
4684c1 |
(s, max, "%Y-%m-%d %H:%M:%S UTC",
|
|
Packit Service |
4684c1 |
&t) == 0)
|
|
Packit Service |
4684c1 |
addf(str, "failed activation (%ld), ",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, "activated `%s', ", s);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
tim = gnutls_x509_crt_get_expiration_time(cert);
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char s[42];
|
|
Packit Service |
4684c1 |
size_t max = sizeof(s);
|
|
Packit Service |
4684c1 |
struct tm t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gmtime_r(&tim, &t) == NULL)
|
|
Packit Service |
4684c1 |
addf(str, "unknown expiry (%ld), ",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else if (strftime
|
|
Packit Service |
4684c1 |
(s, max, "%Y-%m-%d %H:%M:%S UTC",
|
|
Packit Service |
4684c1 |
&t) == 0)
|
|
Packit Service |
4684c1 |
addf(str, "failed expiry (%ld), ",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, "expires `%s', ", s);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int pathlen;
|
|
Packit Service |
4684c1 |
char *policyLanguage;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_proxy(cert, NULL,
|
|
Packit Service |
4684c1 |
&pathlen, &policyLanguage,
|
|
Packit Service |
4684c1 |
NULL, NULL);
|
|
Packit Service |
4684c1 |
if (err == 0) {
|
|
Packit Service |
4684c1 |
addf(str, "proxy certificate (policy=");
|
|
Packit Service |
4684c1 |
if (strcmp(policyLanguage, "1.3.6.1.5.5.7.21.1") ==
|
|
Packit Service |
4684c1 |
0)
|
|
Packit Service |
4684c1 |
addf(str, "id-ppl-inheritALL");
|
|
Packit Service |
4684c1 |
else if (strcmp
|
|
Packit Service |
4684c1 |
(policyLanguage,
|
|
Packit Service |
4684c1 |
"1.3.6.1.5.5.7.21.2") == 0)
|
|
Packit Service |
4684c1 |
addf(str, "id-ppl-independent");
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, "%s", policyLanguage);
|
|
Packit Service |
4684c1 |
if (pathlen >= 0)
|
|
Packit Service |
4684c1 |
addf(str, ", pathlen=%d), ", pathlen);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, "), ");
|
|
Packit Service |
4684c1 |
gnutls_free(policyLanguage);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned char buffer[MAX_HASH_SIZE];
|
|
Packit Service |
4684c1 |
size_t size = sizeof(buffer);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256,
|
|
Packit Service |
4684c1 |
buffer, &size);
|
|
Packit Service |
4684c1 |
if (err >= 0) {
|
|
Packit Service |
4684c1 |
addf(str, "pin-sha256=\"");
|
|
Packit Service |
4684c1 |
_gnutls_buffer_base64print(str, buffer, size);
|
|
Packit Service |
4684c1 |
adds(str, "\"");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_x509_crt_print:
|
|
Packit Service |
4684c1 |
* @cert: The data to be printed
|
|
Packit Service |
4684c1 |
* @format: Indicate the format to use
|
|
Packit Service |
4684c1 |
* @out: Newly allocated datum with null terminated string.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will pretty print a X.509 certificate, suitable for
|
|
Packit Service |
4684c1 |
* display to a human.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* If the format is %GNUTLS_CRT_PRINT_FULL then all fields of the
|
|
Packit Service |
4684c1 |
* certificate will be output, on multiple lines. The
|
|
Packit Service |
4684c1 |
* %GNUTLS_CRT_PRINT_ONELINE format will generate one line with some
|
|
Packit Service |
4684c1 |
* selected fields, which is useful for logging purposes.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The output @out needs to be deallocated using gnutls_free().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
* negative error value.
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
gnutls_x509_crt_print(gnutls_x509_crt_t cert,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * out)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_buffer_st str;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (format == GNUTLS_CRT_PRINT_COMPACT) {
|
|
Packit Service |
4684c1 |
_gnutls_buffer_init(&str);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_oneline(&str, cert);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_buffer_append_data(&str, "\n", 1);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_keyid(&str, cert);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return _gnutls_buffer_to_datum(&str, out, 1);
|
|
Packit Service |
4684c1 |
} else if (format == GNUTLS_CRT_PRINT_ONELINE) {
|
|
Packit Service |
4684c1 |
_gnutls_buffer_init(&str);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_oneline(&str, cert);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return _gnutls_buffer_to_datum(&str, out, 1);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
_gnutls_buffer_init(&str);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_append_str(&str,
|
|
Packit Service |
4684c1 |
_
|
|
Packit Service |
4684c1 |
("X.509 Certificate Information:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_cert(&str, cert, format);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_append_str(&str, _("Other Information:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_other(&str, cert, format);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return _gnutls_buffer_to_datum(&str, out, 1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_crl(gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
/* Version. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int version = gnutls_x509_crl_get_version(crl);
|
|
Packit Service |
4684c1 |
if (version < 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: get_version: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(version));
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("\tVersion: %d\n"), version);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Issuer. */
|
|
Packit Service |
4684c1 |
if (!notsigned) {
|
|
Packit Service |
4684c1 |
gnutls_datum_t dn;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crl_get_issuer_dn3(crl, &dn, 0);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
|
|
Packit Service |
4684c1 |
addf(str, _("\tIssuer:\n"));
|
|
Packit Service |
4684c1 |
} else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_issuer_dn: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, _("\tIssuer: %s\n"), dn.data);
|
|
Packit Service |
4684c1 |
gnutls_free(dn.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Validity. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
time_t tim;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\tUpdate dates:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
tim = gnutls_x509_crl_get_this_update(crl);
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char s[42];
|
|
Packit Service |
4684c1 |
size_t max = sizeof(s);
|
|
Packit Service |
4684c1 |
struct tm t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gmtime_r(&tim, &t) == NULL)
|
|
Packit Service |
4684c1 |
addf(str, "error: gmtime_r (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else if (strftime
|
|
Packit Service |
4684c1 |
(s, max, "%a %b %d %H:%M:%S UTC %Y",
|
|
Packit Service |
4684c1 |
&t) == 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: strftime (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tIssued: %s\n"), s);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
tim = gnutls_x509_crl_get_next_update(crl);
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char s[42];
|
|
Packit Service |
4684c1 |
size_t max = sizeof(s);
|
|
Packit Service |
4684c1 |
struct tm t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (tim == -1)
|
|
Packit Service |
4684c1 |
addf(str, "\t\tNo next update time.\n");
|
|
Packit Service |
4684c1 |
else if (gmtime_r(&tim, &t) == NULL)
|
|
Packit Service |
4684c1 |
addf(str, "error: gmtime_r (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else if (strftime
|
|
Packit Service |
4684c1 |
(s, max, "%a %b %d %H:%M:%S UTC %Y",
|
|
Packit Service |
4684c1 |
&t) == 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: strftime (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tNext at: %s\n"), s);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Extensions. */
|
|
Packit Service |
4684c1 |
if (gnutls_x509_crl_get_version(crl) >= 2) {
|
|
Packit Service |
4684c1 |
size_t i;
|
|
Packit Service |
4684c1 |
int err = 0;
|
|
Packit Service |
4684c1 |
int aki_idx = 0;
|
|
Packit Service |
4684c1 |
int crl_nr = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (i = 0;; i++) {
|
|
Packit Service |
4684c1 |
char oid[MAX_OID_SIZE] = "";
|
|
Packit Service |
4684c1 |
size_t sizeof_oid = sizeof(oid);
|
|
Packit Service |
4684c1 |
unsigned int critical;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crl_get_extension_info(crl, i,
|
|
Packit Service |
4684c1 |
oid,
|
|
Packit Service |
4684c1 |
&sizeof_oid,
|
|
Packit Service |
4684c1 |
&critical);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: get_extension_info: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (i == 0)
|
|
Packit Service |
4684c1 |
adds(str, _("\tExtensions:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (strcmp(oid, "2.5.29.20") == 0) {
|
|
Packit Service |
4684c1 |
char nr[128];
|
|
Packit Service |
4684c1 |
size_t nr_size = sizeof(nr);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (crl_nr) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one CRL number\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crl_get_number(crl, nr,
|
|
Packit Service |
4684c1 |
&nr_size,
|
|
Packit Service |
4684c1 |
&critical);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tCRL Number (%s): "),
|
|
Packit Service |
4684c1 |
critical ? _("critical") :
|
|
Packit Service |
4684c1 |
_("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: get_number: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
else {
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, nr,
|
|
Packit Service |
4684c1 |
nr_size);
|
|
Packit Service |
4684c1 |
addf(str, "\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
crl_nr++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "2.5.29.35") == 0) {
|
|
Packit Service |
4684c1 |
gnutls_datum_t der;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (aki_idx) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one AKI extension\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_
|
|
Packit Service |
4684c1 |
("\t\tAuthority Key Identifier (%s):\n"),
|
|
Packit Service |
4684c1 |
critical ? _("critical") :
|
|
Packit Service |
4684c1 |
_("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crl_get_extension_data2(crl, i, &der;;
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: get_extension_data2: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
continue;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
print_aki(str, &der;;
|
|
Packit Service |
4684c1 |
gnutls_free(der.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
aki_idx++;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
gnutls_datum_t der;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("\t\tUnknown extension %s (%s):\n"),
|
|
Packit Service |
4684c1 |
oid,
|
|
Packit Service |
4684c1 |
critical ? _("critical") :
|
|
Packit Service |
4684c1 |
_("not critical"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crl_get_extension_data2(crl,
|
|
Packit Service |
4684c1 |
i,
|
|
Packit Service |
4684c1 |
&der;;
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: get_extension_data2: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
continue;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\t\t\tASCII: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_asciiprint(str, (char*)der.data, der.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\t\t\tHexdump: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, der.data, der.size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(der.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Revoked certificates. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int num = gnutls_x509_crl_get_crt_count(crl);
|
|
Packit Service |
4684c1 |
gnutls_x509_crl_iter_t iter = NULL;
|
|
Packit Service |
4684c1 |
int j;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (num)
|
|
Packit Service |
4684c1 |
addf(str, _("\tRevoked certificates (%d):\n"),
|
|
Packit Service |
4684c1 |
num);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
adds(str, _("\tNo revoked certificates.\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (j = 0; j < num; j++) {
|
|
Packit Service |
4684c1 |
unsigned char serial[128];
|
|
Packit Service |
4684c1 |
size_t serial_size = sizeof(serial);
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
time_t tim;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crl_iter_crt_serial(crl, &iter, serial,
|
|
Packit Service |
4684c1 |
&serial_size,
|
|
Packit Service |
4684c1 |
&tim);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: iter_crt_serial: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
char s[42];
|
|
Packit Service |
4684c1 |
size_t max = sizeof(s);
|
|
Packit Service |
4684c1 |
struct tm t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\t\tSerial Number (hex): "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, serial,
|
|
Packit Service |
4684c1 |
serial_size);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gmtime_r(&tim, &t) == NULL)
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: gmtime_r (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else if (strftime
|
|
Packit Service |
4684c1 |
(s, max,
|
|
Packit Service |
4684c1 |
"%a %b %d %H:%M:%S UTC %Y",
|
|
Packit Service |
4684c1 |
&t) == 0)
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: strftime (%ld)\n",
|
|
Packit Service |
4684c1 |
(unsigned long) tim);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_("\t\tRevoked at: %s\n"), s);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
gnutls_x509_crl_iter_deinit(iter);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Signature. */
|
|
Packit Service |
4684c1 |
if (!notsigned) {
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
size_t size = 0;
|
|
Packit Service |
4684c1 |
char *buffer = NULL;
|
|
Packit Service |
4684c1 |
char *name;
|
|
Packit Service |
4684c1 |
const char *p;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
name = crl_get_sign_name(crl, &err;;
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
p = _("unknown");
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
p = name;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("\tSignature Algorithm: %s\n"), p);
|
|
Packit Service |
4684c1 |
gnutls_free(name);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (err != GNUTLS_SIGN_UNKNOWN && gnutls_sign_is_secure2(err, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0) {
|
|
Packit Service |
4684c1 |
adds(str,
|
|
Packit Service |
4684c1 |
_("warning: signed using a broken signature "
|
|
Packit Service |
4684c1 |
"algorithm that can be forged.\n"));
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crl_get_signature(crl, buffer, &size);
|
|
Packit Service |
4684c1 |
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_signature: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
buffer = gnutls_malloc(size);
|
|
Packit Service |
4684c1 |
if (!buffer) {
|
|
Packit Service |
4684c1 |
addf(str, "error: malloc: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crl_get_signature(crl, buffer, &size);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
gnutls_free(buffer);
|
|
Packit Service |
4684c1 |
addf(str, "error: get_signature2: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\tSignature:\n"));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexdump(str, buffer, size, "\t\t");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(buffer);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_x509_crl_print:
|
|
Packit Service |
4684c1 |
* @crl: The data to be printed
|
|
Packit Service |
4684c1 |
* @format: Indicate the format to use
|
|
Packit Service |
4684c1 |
* @out: Newly allocated datum with null terminated string.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will pretty print a X.509 certificate revocation
|
|
Packit Service |
4684c1 |
* list, suitable for display to a human.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The output @out needs to be deallocated using gnutls_free().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
* negative error value.
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
gnutls_x509_crl_print(gnutls_x509_crl_t crl,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * out)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_buffer_st str;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_init(&str);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_append_str
|
|
Packit Service |
4684c1 |
(&str, _("X.509 Certificate Revocation List Information:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_crl(&str, crl, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return _gnutls_buffer_to_datum(&str, out, 1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
print_crq_sig_params(gnutls_buffer_st * str, gnutls_x509_crq_t crt,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t pk;
|
|
Packit Service |
4684c1 |
gnutls_x509_spki_st params;
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
sign = gnutls_x509_crq_get_signature_algorithm(crt);
|
|
Packit Service |
4684c1 |
pk = gnutls_sign_get_pk_algorithm(sign);
|
|
Packit Service |
4684c1 |
if (pk == GNUTLS_PK_RSA_PSS) {
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_read_sign_params(crt->crq,
|
|
Packit Service |
4684c1 |
"signatureAlgorithm",
|
|
Packit Service |
4684c1 |
¶ms);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: read_pss_params: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
} else
|
|
Packit Service |
4684c1 |
addf(str, "\t\tSalt Length: %d\n", params.salt_size);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
print_crq_pubkey(gnutls_buffer_st * str, gnutls_x509_crq_t crq,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_pubkey_t pubkey;
|
|
Packit Service |
4684c1 |
gnutls_x509_spki_st params;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_crq_read_spki_params(crq, ¶ms);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_init(&pubkey);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_import_x509_crq(pubkey, crq, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_pubkey(str, _("Subject "), pubkey, ¶ms, format);
|
|
Packit Service |
4684c1 |
ret = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_pubkey_deinit(pubkey);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ret < 0) { /* print only name */
|
|
Packit Service |
4684c1 |
const char *p;
|
|
Packit Service |
4684c1 |
char *name = crq_get_pk_name(crq);
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
p = _("unknown");
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
p = name;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, "\tSubject Public Key Algorithm: %s\n", p);
|
|
Packit Service |
4684c1 |
gnutls_free(name);
|
|
Packit Service |
4684c1 |
ret = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
/* Version. */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int version = gnutls_x509_crq_get_version(cert);
|
|
Packit Service |
4684c1 |
if (version < 0)
|
|
Packit Service |
4684c1 |
addf(str, "error: get_version: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(version));
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str, _("\tVersion: %d\n"), version);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Subject */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dn;
|
|
Packit Service |
4684c1 |
int err;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err = gnutls_x509_crq_get_dn3(cert, &dn, 0);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
|
|
Packit Service |
4684c1 |
addf(str, _("\tSubject:\n"));
|
|
Packit Service |
4684c1 |
} else if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_dn: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
addf(str, _("\tSubject: %s\n"), dn.data);
|
|
Packit Service |
4684c1 |
gnutls_free(dn.data);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
char *name;
|
|
Packit Service |
4684c1 |
const char *p;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_crq_pubkey(str, cert, format);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
name = crq_get_sign_name(cert);
|
|
Packit Service |
4684c1 |
if (name == NULL)
|
|
Packit Service |
4684c1 |
p = _("unknown");
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
p = name;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("\tSignature Algorithm: %s\n"), p);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(name);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_crq_sig_params(str, cert, format);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* parse attributes */
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
size_t i;
|
|
Packit Service |
4684c1 |
int err = 0;
|
|
Packit Service |
4684c1 |
int extensions = 0;
|
|
Packit Service |
4684c1 |
int challenge = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (i = 0;; i++) {
|
|
Packit Service |
4684c1 |
char oid[MAX_OID_SIZE] = "";
|
|
Packit Service |
4684c1 |
size_t sizeof_oid = sizeof(oid);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crq_get_attribute_info(cert, i,
|
|
Packit Service |
4684c1 |
oid,
|
|
Packit Service |
4684c1 |
&sizeof_oid);
|
|
Packit Service |
4684c1 |
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: get_extension_info: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (i == 0)
|
|
Packit Service |
4684c1 |
adds(str, _("\tAttributes:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (strcmp(oid, "1.2.840.113549.1.9.14") == 0) {
|
|
Packit Service |
4684c1 |
cert_type_t ccert;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (extensions) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"warning: more than one extensionsRequest\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ccert.crq = cert;
|
|
Packit Service |
4684c1 |
print_extensions(str, "\t", TYPE_CRQ,
|
|
Packit Service |
4684c1 |
ccert);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
extensions++;
|
|
Packit Service |
4684c1 |
} else if (strcmp(oid, "1.2.840.113549.1.9.7") ==
|
|
Packit Service |
4684c1 |
0) {
|
|
Packit Service |
4684c1 |
char *pass;
|
|
Packit Service |
4684c1 |
size_t size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (challenge) {
|
|
Packit Service |
4684c1 |
adds(str,
|
|
Packit Service |
4684c1 |
"warning: more than one Challenge password attribute\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crq_get_challenge_password
|
|
Packit Service |
4684c1 |
(cert, NULL, &size);
|
|
Packit Service |
4684c1 |
if (err < 0
|
|
Packit Service |
4684c1 |
&& err !=
|
|
Packit Service |
4684c1 |
GNUTLS_E_SHORT_MEMORY_BUFFER) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: get_challenge_password: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
continue;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
size++;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pass = gnutls_malloc(size);
|
|
Packit Service |
4684c1 |
if (!pass) {
|
|
Packit Service |
4684c1 |
addf(str, "error: malloc: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror
|
|
Packit Service |
4684c1 |
(GNUTLS_E_MEMORY_ERROR));
|
|
Packit Service |
4684c1 |
continue;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crq_get_challenge_password
|
|
Packit Service |
4684c1 |
(cert, pass, &size);
|
|
Packit Service |
4684c1 |
if (err < 0)
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: get_challenge_password: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
_
|
|
Packit Service |
4684c1 |
("\t\tChallenge password: %s\n"),
|
|
Packit Service |
4684c1 |
pass);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(pass);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
challenge++;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
char *buffer;
|
|
Packit Service |
4684c1 |
size_t extlen = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
addf(str, _("\t\tUnknown attribute %s:\n"),
|
|
Packit Service |
4684c1 |
oid);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crq_get_attribute_data
|
|
Packit Service |
4684c1 |
(cert, i, NULL, &extlen);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: get_attribute_data: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
continue;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
buffer = gnutls_malloc(extlen);
|
|
Packit Service |
4684c1 |
if (!buffer) {
|
|
Packit Service |
4684c1 |
addf(str, "error: malloc: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror
|
|
Packit Service |
4684c1 |
(GNUTLS_E_MEMORY_ERROR));
|
|
Packit Service |
4684c1 |
continue;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
err =
|
|
Packit Service |
4684c1 |
gnutls_x509_crq_get_attribute_data
|
|
Packit Service |
4684c1 |
(cert, i, buffer, &extlen);
|
|
Packit Service |
4684c1 |
if (err < 0) {
|
|
Packit Service |
4684c1 |
gnutls_free(buffer);
|
|
Packit Service |
4684c1 |
addf(str,
|
|
Packit Service |
4684c1 |
"error: get_attribute_data2: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(err));
|
|
Packit Service |
4684c1 |
continue;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\t\t\tASCII: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_asciiprint(str, buffer,
|
|
Packit Service |
4684c1 |
extlen);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, _("\t\t\tHexdump: "));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_hexprint(str, buffer,
|
|
Packit Service |
4684c1 |
extlen);
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(buffer);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void print_crq_other(gnutls_buffer_st * str, gnutls_x509_crq_t crq)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* on unknown public key algorithms don't print the key ID */
|
|
Packit Service |
4684c1 |
ret = gnutls_x509_crq_get_pk_algorithm(crq, NULL);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_obj_id(str, "\t", crq, (get_id_func*)gnutls_x509_crq_get_key_id);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_x509_crq_print:
|
|
Packit Service |
4684c1 |
* @crq: The data to be printed
|
|
Packit Service |
4684c1 |
* @format: Indicate the format to use
|
|
Packit Service |
4684c1 |
* @out: Newly allocated datum with null terminated string.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will pretty print a certificate request, suitable for
|
|
Packit Service |
4684c1 |
* display to a human.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The output @out needs to be deallocated using gnutls_free().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
* negative error value.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 2.8.0
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
gnutls_x509_crq_print(gnutls_x509_crq_t crq,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * out)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_buffer_st str;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_init(&str);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_append_str
|
|
Packit Service |
4684c1 |
(&str, _("PKCS #10 Certificate Request Information:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_crq(&str, crq, format);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_append_str(&str, _("Other Information:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_crq_other(&str, crq);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return _gnutls_buffer_to_datum(&str, out, 1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
print_pubkey_other(gnutls_buffer_st * str, gnutls_pubkey_t pubkey,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
unsigned int usage;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_get_key_usage(pubkey, &usage);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
addf(str, "error: get_key_usage: %s\n",
|
|
Packit Service |
4684c1 |
gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
adds(str, "\n");
|
|
Packit Service |
4684c1 |
if (pubkey->key_usage) {
|
|
Packit Service |
4684c1 |
adds(str, _("Public Key Usage:\n"));
|
|
Packit Service |
4684c1 |
print_key_usage2(str, "\t", pubkey->key_usage);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* on unknown public key algorithms don't print the key ID */
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_get_pk_algorithm(pubkey, NULL);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_obj_id(str, "", pubkey, (get_id_func*)gnutls_pubkey_get_key_id);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_pubkey_print:
|
|
Packit Service |
4684c1 |
* @pubkey: The data to be printed
|
|
Packit Service |
4684c1 |
* @format: Indicate the format to use
|
|
Packit Service |
4684c1 |
* @out: Newly allocated datum with null terminated string.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will pretty print public key information, suitable for
|
|
Packit Service |
4684c1 |
* display to a human.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Only %GNUTLS_CRT_PRINT_FULL and %GNUTLS_CRT_PRINT_FULL_NUMBERS
|
|
Packit Service |
4684c1 |
* are implemented.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The output @out needs to be deallocated using gnutls_free().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
* negative error value.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.1.5
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
gnutls_pubkey_print(gnutls_pubkey_t pubkey,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * out)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_buffer_st str;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_init(&str);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_append_str(&str, _("Public Key Information:\n"));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
print_pubkey(&str, "", pubkey, NULL, format);
|
|
Packit Service |
4684c1 |
print_pubkey_other(&str, pubkey, format);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return _gnutls_buffer_to_datum(&str, out, 1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_x509_ext_print:
|
|
Packit Service |
4684c1 |
* @exts: The data to be printed
|
|
Packit Service |
4684c1 |
* @exts_size: the number of available structures
|
|
Packit Service |
4684c1 |
* @format: Indicate the format to use
|
|
Packit Service |
4684c1 |
* @out: Newly allocated datum with null terminated string.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will pretty print X.509 certificate extensions,
|
|
Packit Service |
4684c1 |
* suitable for display to a human.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The output @out needs to be deallocated using gnutls_free().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
* negative error value.
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
gnutls_x509_ext_print(gnutls_x509_ext_st *exts, unsigned int exts_size,
|
|
Packit Service |
4684c1 |
gnutls_certificate_print_formats_t format,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * out)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_buffer_st str;
|
|
Packit Service |
4684c1 |
struct ext_indexes_st idx;
|
|
Packit Service |
4684c1 |
unsigned i;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memset(&idx, 0, sizeof(idx));
|
|
Packit Service |
4684c1 |
_gnutls_buffer_init(&str);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (i=0;i
|
|
Packit Service |
4684c1 |
print_extension(&str, "", &idx, (char*)exts[i].oid, exts[i].critical, &exts[i].data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return _gnutls_buffer_to_datum(&str, out, 1);
|
|
Packit Service |
4684c1 |
}
|