|
Packit |
aea12f |
/*
|
|
Packit |
aea12f |
* Copyright (C) 2000-2012 Free Software Foundation, Inc.
|
|
Packit |
aea12f |
* Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This file is part of GnuTLS.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* GnuTLS is free software: you can redistribute it and/or modify
|
|
Packit |
aea12f |
* it under the terms of the GNU General Public License as published by
|
|
Packit |
aea12f |
* the Free Software Foundation, either version 3 of the License, or
|
|
Packit |
aea12f |
* (at your option) any later version.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* GnuTLS is distributed in the hope that it will be useful,
|
|
Packit |
aea12f |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
aea12f |
* GNU General Public License for more details.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* You should have received a copy of the GNU General Public License
|
|
Packit |
aea12f |
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include <config.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Work around problem reported in
|
|
Packit |
aea12f |
<https://permalink.gmane.org/gmane.comp.lib.gnulib.bugs/15755>.*/
|
|
Packit |
aea12f |
#if GETTIMEOFDAY_CLOBBERS_LOCALTIME
|
|
Packit |
aea12f |
#undef localtime
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include <getpass.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include <stdio.h>
|
|
Packit |
aea12f |
#include <stdlib.h>
|
|
Packit |
aea12f |
#include <string.h>
|
|
Packit |
aea12f |
#include <gnutls/gnutls.h>
|
|
Packit |
aea12f |
#include <gnutls/x509.h>
|
|
Packit |
aea12f |
#include <gnutls/crypto.h>
|
|
Packit |
aea12f |
#include <time.h>
|
|
Packit |
aea12f |
#include <common.h>
|
|
Packit |
aea12f |
#include <unistd.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifndef _WIN32
|
|
Packit |
aea12f |
# include <signal.h>
|
|
Packit |
aea12f |
#else
|
|
Packit |
aea12f |
#include <ws2tcpip.h>
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifdef ENABLE_PKCS11
|
|
Packit |
aea12f |
#include <gnutls/pkcs11.h>
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define SU(x) (x!=NULL?x:"Unknown")
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
const char str_unknown[] = "(unknown)";
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static FILE *logfile = NULL;
|
|
Packit |
aea12f |
/* Hex encodes the given data adding a semicolon between hex bytes.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
const char *raw_to_string(const unsigned char *raw, size_t raw_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
static char buf[1024];
|
|
Packit |
aea12f |
size_t i;
|
|
Packit |
aea12f |
if (raw_size == 0)
|
|
Packit |
aea12f |
return "(empty)";
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (raw_size * 3 + 1 >= sizeof(buf))
|
|
Packit |
aea12f |
return "(too large)";
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for (i = 0; i < raw_size; i++) {
|
|
Packit |
aea12f |
sprintf(&(buf[i * 3]), "%02X%s", raw[i],
|
|
Packit |
aea12f |
(i == raw_size - 1) ? "" : ":");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
buf[sizeof(buf) - 1] = '\0';
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return buf;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Hex encodes the given data.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
const char *raw_to_hex(const unsigned char *raw, size_t raw_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
static char buf[1024];
|
|
Packit |
aea12f |
size_t i;
|
|
Packit |
aea12f |
if (raw_size == 0)
|
|
Packit |
aea12f |
return "(empty)";
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (raw_size * 2 + 1 >= sizeof(buf))
|
|
Packit |
aea12f |
return "(too large)";
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for (i = 0; i < raw_size; i++) {
|
|
Packit |
aea12f |
sprintf(&(buf[i * 2]), "%02x", raw[i]);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
buf[sizeof(buf) - 1] = '\0';
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return buf;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
const char *raw_to_base64(const unsigned char *raw, size_t raw_size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
static char buf[1024];
|
|
Packit |
aea12f |
gnutls_datum_t data = {(unsigned char*)raw, raw_size};
|
|
Packit |
aea12f |
size_t buf_size;
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (raw_size == 0)
|
|
Packit |
aea12f |
return "(empty)";
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
buf_size = sizeof(buf);
|
|
Packit |
aea12f |
ret = gnutls_pem_base64_encode(NULL, &data, buf, &buf_size);
|
|
Packit |
aea12f |
if (ret < 0)
|
|
Packit |
aea12f |
return "(error)";
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
buf[sizeof(buf) - 1] = '\0';
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return buf;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
print_x509_info(gnutls_session_t session, FILE *out, int flag, int print_cert, int print_crt_status)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gnutls_x509_crt_t crt;
|
|
Packit |
aea12f |
const gnutls_datum_t *cert_list;
|
|
Packit |
aea12f |
unsigned int cert_list_size = 0, j;
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
|
|
Packit |
aea12f |
if (cert_list_size == 0) {
|
|
Packit |
aea12f |
if (print_crt_status)
|
|
Packit |
aea12f |
fprintf(stderr, "No certificates found!\n");
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(out, "- Certificate type: X.509\n");
|
|
Packit |
aea12f |
log_msg(out, "- Got a certificate list of %d certificates.\n",
|
|
Packit |
aea12f |
cert_list_size);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for (j = 0; j < cert_list_size; j++) {
|
|
Packit |
aea12f |
gnutls_datum_t cinfo;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_x509_crt_init(&crt;;
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fprintf(stderr, "Memory error\n");
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
gnutls_x509_crt_import(crt, &cert_list[j],
|
|
Packit |
aea12f |
GNUTLS_X509_FMT_DER);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fprintf(stderr, "Decoding error: %s\n",
|
|
Packit |
aea12f |
gnutls_strerror(ret));
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(out, "- Certificate[%d] info:\n - ", j);
|
|
Packit |
aea12f |
if (flag == GNUTLS_CRT_PRINT_COMPACT && j > 0)
|
|
Packit |
aea12f |
flag = GNUTLS_CRT_PRINT_ONELINE;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_x509_crt_print(crt, flag, &cinfo);
|
|
Packit |
aea12f |
if (ret == 0) {
|
|
Packit |
aea12f |
log_msg(out, "%s\n", cinfo.data);
|
|
Packit |
aea12f |
gnutls_free(cinfo.data);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (print_cert) {
|
|
Packit |
aea12f |
gnutls_datum_t pem;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
gnutls_x509_crt_export2(crt,
|
|
Packit |
aea12f |
GNUTLS_X509_FMT_PEM, &pem;;
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fprintf(stderr, "Encoding error: %s\n",
|
|
Packit |
aea12f |
gnutls_strerror(ret));
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(out, "\n%s\n", (char*)pem.data);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_free(pem.data);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_x509_crt_deinit(crt);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* returns false (0) if not verified, or true (1) otherwise
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
int cert_verify(gnutls_session_t session, const char *hostname, const char *purpose)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
int rc;
|
|
Packit |
aea12f |
unsigned int status = 0;
|
|
Packit |
aea12f |
gnutls_datum_t out;
|
|
Packit |
aea12f |
int type;
|
|
Packit |
aea12f |
gnutls_typed_vdata_st data[2];
|
|
Packit |
aea12f |
unsigned elements = 0;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
memset(data, 0, sizeof(data));
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (hostname) {
|
|
Packit |
aea12f |
data[elements].type = GNUTLS_DT_DNS_HOSTNAME;
|
|
Packit |
aea12f |
data[elements].data = (void*)hostname;
|
|
Packit |
aea12f |
elements++;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (purpose) {
|
|
Packit |
aea12f |
data[elements].type = GNUTLS_DT_KEY_PURPOSE_OID;
|
|
Packit |
aea12f |
data[elements].data = (void*)purpose;
|
|
Packit |
aea12f |
elements++;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
rc = gnutls_certificate_verify_peers(session, data, elements, &status);
|
|
Packit |
aea12f |
if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND) {
|
|
Packit |
aea12f |
log_msg(stdout, "- Peer did not send any certificate.\n");
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (rc < 0) {
|
|
Packit |
aea12f |
log_msg(stdout, "- Could not verify certificate (err: %s)\n",
|
|
Packit |
aea12f |
gnutls_strerror(rc));
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
type = gnutls_certificate_type_get(session);
|
|
Packit |
aea12f |
rc = gnutls_certificate_verification_status_print(status, type,
|
|
Packit |
aea12f |
&out, 0);
|
|
Packit |
aea12f |
if (rc < 0) {
|
|
Packit |
aea12f |
log_msg(stdout, "- Could not print verification flags (err: %s)\n",
|
|
Packit |
aea12f |
gnutls_strerror(rc));
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "- Status: %s\n", out.data);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_free(out.data);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (status)
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 1;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void
|
|
Packit |
aea12f |
print_dh_info(gnutls_session_t session, const char *str, int print)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
#if defined(ENABLE_DHE) || defined(ENABLE_ANON)
|
|
Packit |
aea12f |
unsigned group;
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
gnutls_datum_t raw_gen = { NULL, 0 };
|
|
Packit |
aea12f |
gnutls_datum_t raw_prime = { NULL, 0 };
|
|
Packit |
aea12f |
gnutls_dh_params_t dh_params = NULL;
|
|
Packit |
aea12f |
unsigned char *params_data = NULL;
|
|
Packit |
aea12f |
size_t params_data_size = 0;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (!print)
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
group = gnutls_group_get(session);
|
|
Packit |
aea12f |
if (group != 0) {
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "- %sDiffie-Hellman parameters\n", str);
|
|
Packit |
aea12f |
log_msg(stdout, " - Using prime: %d bits\n",
|
|
Packit |
aea12f |
gnutls_dh_get_prime_bits(session));
|
|
Packit |
aea12f |
log_msg(stdout, " - Secret key: %d bits\n",
|
|
Packit |
aea12f |
gnutls_dh_get_secret_bits(session));
|
|
Packit |
aea12f |
log_msg(stdout, " - Peer's public key: %d bits\n",
|
|
Packit |
aea12f |
gnutls_dh_get_peers_public_bits(session));
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_dh_get_group(session, &raw_gen, &raw_prime);
|
|
Packit |
aea12f |
if (ret) {
|
|
Packit |
aea12f |
fprintf(stderr, "gnutls_dh_get_group %d\n", ret);
|
|
Packit |
aea12f |
goto out;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_dh_params_init(&dh_params);
|
|
Packit |
aea12f |
if (ret) {
|
|
Packit |
aea12f |
fprintf(stderr, "gnutls_dh_params_init %d\n", ret);
|
|
Packit |
aea12f |
goto out;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
gnutls_dh_params_import_raw(dh_params, &raw_prime,
|
|
Packit |
aea12f |
&raw_gen);
|
|
Packit |
aea12f |
if (ret) {
|
|
Packit |
aea12f |
fprintf(stderr, "gnutls_dh_params_import_raw %d\n",
|
|
Packit |
aea12f |
ret);
|
|
Packit |
aea12f |
goto out;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_dh_params_export_pkcs3(dh_params,
|
|
Packit |
aea12f |
GNUTLS_X509_FMT_PEM,
|
|
Packit |
aea12f |
params_data,
|
|
Packit |
aea12f |
¶ms_data_size);
|
|
Packit |
aea12f |
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
|
|
Packit |
aea12f |
fprintf(stderr,
|
|
Packit |
aea12f |
"gnutls_dh_params_export_pkcs3 %d\n", ret);
|
|
Packit |
aea12f |
goto out;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
params_data = gnutls_malloc(params_data_size);
|
|
Packit |
aea12f |
if (!params_data) {
|
|
Packit |
aea12f |
fprintf(stderr, "gnutls_malloc %d\n", ret);
|
|
Packit |
aea12f |
goto out;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_dh_params_export_pkcs3(dh_params,
|
|
Packit |
aea12f |
GNUTLS_X509_FMT_PEM,
|
|
Packit |
aea12f |
params_data,
|
|
Packit |
aea12f |
¶ms_data_size);
|
|
Packit |
aea12f |
if (ret) {
|
|
Packit |
aea12f |
fprintf(stderr,
|
|
Packit |
aea12f |
"gnutls_dh_params_export_pkcs3-2 %d\n",
|
|
Packit |
aea12f |
ret);
|
|
Packit |
aea12f |
goto out;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, " - PKCS#3 format:\n\n%.*s\n",
|
|
Packit |
aea12f |
(int) params_data_size, params_data);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
out:
|
|
Packit |
aea12f |
gnutls_free(params_data);
|
|
Packit |
aea12f |
gnutls_free(raw_prime.data);
|
|
Packit |
aea12f |
gnutls_free(raw_gen.data);
|
|
Packit |
aea12f |
gnutls_dh_params_deinit(dh_params);
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void print_ecdh_info(gnutls_session_t session, const char *str, int print)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
int curve;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (!print)
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "- %sEC Diffie-Hellman parameters\n", str);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
curve = gnutls_ecc_curve_get(session);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, " - Using curve: %s\n", gnutls_ecc_curve_get_name(curve));
|
|
Packit |
aea12f |
log_msg(stdout, " - Curve size: %d bits\n",
|
|
Packit |
aea12f |
gnutls_ecc_curve_get_size(curve) * 8);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int print_info(gnutls_session_t session, int verbose, int flags)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const char *tmp;
|
|
Packit |
aea12f |
gnutls_credentials_type_t cred;
|
|
Packit |
aea12f |
gnutls_kx_algorithm_t kx;
|
|
Packit |
aea12f |
unsigned char session_id[33];
|
|
Packit |
aea12f |
size_t session_id_size = sizeof(session_id);
|
|
Packit |
aea12f |
gnutls_srtp_profile_t srtp_profile;
|
|
Packit |
aea12f |
gnutls_datum_t p;
|
|
Packit |
aea12f |
char *desc;
|
|
Packit |
aea12f |
gnutls_protocol_t version;
|
|
Packit |
aea12f |
int rc;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
desc = gnutls_session_get_desc(session);
|
|
Packit |
aea12f |
log_msg(stdout, "- Description: %s\n", desc);
|
|
Packit |
aea12f |
gnutls_free(desc);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* print session ID */
|
|
Packit |
aea12f |
gnutls_session_get_id(session, session_id, &session_id_size);
|
|
Packit |
aea12f |
if (session_id_size > 0) {
|
|
Packit |
aea12f |
log_msg(stdout, "- Session ID: %s\n",
|
|
Packit |
aea12f |
raw_to_string(session_id, session_id_size));
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* print the key exchange's algorithm name
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
kx = gnutls_kx_get(session);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
cred = gnutls_auth_get_type(session);
|
|
Packit |
aea12f |
switch (cred) {
|
|
Packit |
aea12f |
#ifdef ENABLE_ANON
|
|
Packit |
aea12f |
case GNUTLS_CRD_ANON:
|
|
Packit |
aea12f |
if (kx == GNUTLS_KX_ANON_ECDH)
|
|
Packit |
aea12f |
print_ecdh_info(session, "Anonymous ", verbose);
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
print_dh_info(session, "Anonymous ", verbose);
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
#ifdef ENABLE_SRP
|
|
Packit |
aea12f |
case GNUTLS_CRD_SRP:
|
|
Packit |
aea12f |
/* This should be only called in server
|
|
Packit |
aea12f |
* side.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
if (gnutls_srp_server_get_username(session) != NULL)
|
|
Packit |
aea12f |
log_msg(stdout, "- SRP authentication. Connected as '%s'\n",
|
|
Packit |
aea12f |
gnutls_srp_server_get_username(session));
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
#ifdef ENABLE_PSK
|
|
Packit |
aea12f |
case GNUTLS_CRD_PSK:
|
|
Packit |
aea12f |
/* This returns NULL in server side.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
if (gnutls_psk_client_get_hint(session) != NULL)
|
|
Packit |
aea12f |
log_msg(stdout, "- PSK authentication. PSK hint '%s'\n",
|
|
Packit |
aea12f |
gnutls_psk_client_get_hint(session));
|
|
Packit |
aea12f |
/* This returns NULL in client side.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
if (gnutls_psk_server_get_username(session) != NULL)
|
|
Packit |
aea12f |
log_msg(stdout, "- PSK authentication. Connected as '%s'\n",
|
|
Packit |
aea12f |
gnutls_psk_server_get_username(session));
|
|
Packit |
aea12f |
if (kx == GNUTLS_KX_DHE_PSK)
|
|
Packit |
aea12f |
print_dh_info(session, "Ephemeral ", verbose);
|
|
Packit |
aea12f |
if (kx == GNUTLS_KX_ECDHE_PSK)
|
|
Packit |
aea12f |
print_ecdh_info(session, "Ephemeral ", verbose);
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
case GNUTLS_CRD_IA:
|
|
Packit |
aea12f |
log_msg(stdout, "- TLS/IA authentication\n");
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
case GNUTLS_CRD_CERTIFICATE:
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
char dns[256];
|
|
Packit |
aea12f |
size_t dns_size = sizeof(dns);
|
|
Packit |
aea12f |
unsigned int type;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* This fails in client side */
|
|
Packit |
aea12f |
if (gnutls_server_name_get
|
|
Packit |
aea12f |
(session, dns, &dns_size, &type, 0) == 0) {
|
|
Packit |
aea12f |
log_msg(stdout, "- Given server name[%d]: %s\n",
|
|
Packit |
aea12f |
type, dns);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ((flags & P_WAIT_FOR_CERT) && gnutls_certificate_get_ours(session) == 0)
|
|
Packit |
aea12f |
log_msg(stdout, "- No certificate was sent to peer\n");
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (flags& P_PRINT_CERT)
|
|
Packit |
aea12f |
print_cert_info(session, verbose, (flags&P_PRINT_CERT));
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
|
|
Packit |
aea12f |
print_dh_info(session, "Ephemeral ", verbose);
|
|
Packit |
aea12f |
else if (kx == GNUTLS_KX_ECDHE_RSA
|
|
Packit |
aea12f |
|| kx == GNUTLS_KX_ECDHE_ECDSA)
|
|
Packit |
aea12f |
print_ecdh_info(session, "Ephemeral ", verbose);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (verbose) {
|
|
Packit |
aea12f |
version = gnutls_protocol_get_version(session);
|
|
Packit |
aea12f |
tmp =
|
|
Packit |
aea12f |
SU(gnutls_protocol_get_name(version));
|
|
Packit |
aea12f |
log_msg(stdout, "- Version: %s\n", tmp);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (version < GNUTLS_TLS1_3) {
|
|
Packit |
aea12f |
tmp = SU(gnutls_kx_get_name(kx));
|
|
Packit |
aea12f |
log_msg(stdout, "- Key Exchange: %s\n", tmp);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (gnutls_sign_algorithm_get(session) != GNUTLS_SIGN_UNKNOWN) {
|
|
Packit |
aea12f |
tmp =
|
|
Packit |
aea12f |
SU(gnutls_sign_get_name
|
|
Packit |
aea12f |
(gnutls_sign_algorithm_get(session)));
|
|
Packit |
aea12f |
log_msg(stdout, "- Server Signature: %s\n", tmp);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (gnutls_sign_algorithm_get_client(session) !=
|
|
Packit |
aea12f |
GNUTLS_SIGN_UNKNOWN) {
|
|
Packit |
aea12f |
tmp =
|
|
Packit |
aea12f |
SU(gnutls_sign_get_name
|
|
Packit |
aea12f |
(gnutls_sign_algorithm_get_client(session)));
|
|
Packit |
aea12f |
log_msg(stdout, "- Client Signature: %s\n", tmp);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
tmp = SU(gnutls_cipher_get_name(gnutls_cipher_get(session)));
|
|
Packit |
aea12f |
log_msg(stdout, "- Cipher: %s\n", tmp);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
tmp = SU(gnutls_mac_get_name(gnutls_mac_get(session)));
|
|
Packit |
aea12f |
log_msg(stdout, "- MAC: %s\n", tmp);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "- Options:");
|
|
Packit |
aea12f |
if (gnutls_session_ext_master_secret_status(session)!=0)
|
|
Packit |
aea12f |
log_msg(stdout, " extended master secret,");
|
|
Packit |
aea12f |
if (gnutls_safe_renegotiation_status(session)!=0)
|
|
Packit |
aea12f |
log_msg(stdout, " safe renegotiation,");
|
|
Packit |
aea12f |
if (gnutls_session_etm_status(session)!=0)
|
|
Packit |
aea12f |
log_msg(stdout, " EtM,");
|
|
Packit |
aea12f |
#ifdef ENABLE_OCSP
|
|
Packit |
aea12f |
if (gnutls_ocsp_status_request_is_checked(session, GNUTLS_OCSP_SR_IS_AVAIL)!=0) {
|
|
Packit |
aea12f |
log_msg(stdout, " OCSP status request%s,", gnutls_ocsp_status_request_is_checked(session,0)!=0?"":"[ignored]");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifdef ENABLE_DTLS_SRTP
|
|
Packit |
aea12f |
rc = gnutls_srtp_get_selected_profile(session, &srtp_profile);
|
|
Packit |
aea12f |
if (rc == 0)
|
|
Packit |
aea12f |
log_msg(stdout, "- SRTP profile: %s\n",
|
|
Packit |
aea12f |
gnutls_srtp_get_profile_name(srtp_profile));
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifdef ENABLE_ALPN
|
|
Packit |
aea12f |
rc = gnutls_alpn_get_selected_protocol(session, &p);
|
|
Packit |
aea12f |
if (rc == 0)
|
|
Packit |
aea12f |
log_msg(stdout, "- Application protocol: %.*s\n", p.size, p.data);
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (verbose) {
|
|
Packit |
aea12f |
gnutls_datum_t cb;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
rc = gnutls_session_channel_binding(session,
|
|
Packit |
aea12f |
GNUTLS_CB_TLS_UNIQUE,
|
|
Packit |
aea12f |
&cb;;
|
|
Packit |
aea12f |
if (rc)
|
|
Packit |
aea12f |
fprintf(stderr, "Channel binding error: %s\n",
|
|
Packit |
aea12f |
gnutls_strerror(rc));
|
|
Packit |
aea12f |
else {
|
|
Packit |
aea12f |
size_t i;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "- Channel binding 'tls-unique': ");
|
|
Packit |
aea12f |
for (i = 0; i < cb.size; i++)
|
|
Packit |
aea12f |
log_msg(stdout, "%02x", cb.data[i]);
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
gnutls_free(cb.data);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
fflush(stdout);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void print_cert_info(gnutls_session_t session, int verbose, int print_cert)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
print_cert_info2(session, verbose, stdout, print_cert);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void print_cert_info2(gnutls_session_t session, int verbose, FILE *out, int print_cert)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
int flag, print_crt_status = 0;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (verbose)
|
|
Packit |
aea12f |
flag = GNUTLS_CRT_PRINT_FULL;
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
flag = GNUTLS_CRT_PRINT_COMPACT;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (gnutls_certificate_client_get_request_status(session) != 0) {
|
|
Packit |
aea12f |
log_msg(stdout, "- Server has requested a certificate.\n");
|
|
Packit |
aea12f |
print_crt_status = 1;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
switch (gnutls_certificate_type_get(session)) {
|
|
Packit |
aea12f |
case GNUTLS_CRT_X509:
|
|
Packit |
aea12f |
print_x509_info(session, out, flag, print_cert, print_crt_status);
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
default:
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void print_list(const char *priorities, int verbose)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
size_t i;
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
unsigned int idx;
|
|
Packit |
aea12f |
const char *name;
|
|
Packit |
aea12f |
const char *err;
|
|
Packit |
aea12f |
unsigned char id[2];
|
|
Packit |
aea12f |
gnutls_kx_algorithm_t kx;
|
|
Packit |
aea12f |
gnutls_cipher_algorithm_t cipher;
|
|
Packit |
aea12f |
gnutls_mac_algorithm_t mac;
|
|
Packit |
aea12f |
gnutls_protocol_t version;
|
|
Packit |
aea12f |
gnutls_priority_t pcache;
|
|
Packit |
aea12f |
const unsigned int *list;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (priorities != NULL) {
|
|
Packit |
aea12f |
log_msg(stdout, "Cipher suites for %s\n", priorities);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_priority_init(&pcache, priorities, &err;;
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
if (ret == GNUTLS_E_INVALID_REQUEST)
|
|
Packit |
aea12f |
fprintf(stderr, "Syntax error at: %s\n", err);
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
fprintf(stderr, "Error in priorities: %s\n", gnutls_strerror(ret));
|
|
Packit |
aea12f |
exit(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for (i = 0;; i++) {
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
gnutls_priority_get_cipher_suite_index(pcache,
|
|
Packit |
aea12f |
i,
|
|
Packit |
aea12f |
&idx);
|
|
Packit |
aea12f |
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
|
|
Packit |
aea12f |
continue;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
name =
|
|
Packit |
aea12f |
gnutls_cipher_suite_info(idx, id, NULL, NULL,
|
|
Packit |
aea12f |
NULL, &version);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (name != NULL)
|
|
Packit |
aea12f |
log_msg(stdout, "%-50s\t0x%02x, 0x%02x\t%s\n",
|
|
Packit |
aea12f |
name, (unsigned char) id[0],
|
|
Packit |
aea12f |
(unsigned char) id[1],
|
|
Packit |
aea12f |
gnutls_protocol_get_name(version));
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
#if 0
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
gnutls_priority_certificate_type_list2(pcache,
|
|
Packit |
aea12f |
&list,
|
|
Packit |
aea12f |
GNUTLS_CTYPE_CLIENT);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Certificate types: ");
|
|
Packit |
aea12f |
if (ret == 0)
|
|
Packit |
aea12f |
log_msg(stdout, "none\n");
|
|
Packit |
aea12f |
for (i = 0; i < (unsigned) ret; i++) {
|
|
Packit |
aea12f |
log_msg(stdout, "CTYPE-%s",
|
|
Packit |
aea12f |
gnutls_certificate_type_get_name
|
|
Packit |
aea12f |
(list[i]));
|
|
Packit |
aea12f |
if (i + 1 != (unsigned) ret)
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
ret = gnutls_priority_protocol_list(pcache, &list);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Protocols: ");
|
|
Packit |
aea12f |
if (ret == 0)
|
|
Packit |
aea12f |
log_msg(stdout, "none\n");
|
|
Packit |
aea12f |
for (i = 0; i < (unsigned) ret; i++) {
|
|
Packit |
aea12f |
log_msg(stdout, "VERS-%s",
|
|
Packit |
aea12f |
gnutls_protocol_get_name(list[i]));
|
|
Packit |
aea12f |
if (i + 1 != (unsigned) ret)
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
ret = gnutls_priority_cipher_list(pcache, &list);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Ciphers: ");
|
|
Packit |
aea12f |
if (ret == 0)
|
|
Packit |
aea12f |
log_msg(stdout, "none\n");
|
|
Packit |
aea12f |
for (i = 0; i < (unsigned) ret; i++) {
|
|
Packit |
aea12f |
log_msg(stdout, "%s",
|
|
Packit |
aea12f |
gnutls_cipher_get_name(list[i]));
|
|
Packit |
aea12f |
if (i + 1 != (unsigned) ret)
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
ret = gnutls_priority_mac_list(pcache, &list);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "MACs: ");
|
|
Packit |
aea12f |
if (ret == 0)
|
|
Packit |
aea12f |
log_msg(stdout, "none\n");
|
|
Packit |
aea12f |
for (i = 0; i < (unsigned) ret; i++) {
|
|
Packit |
aea12f |
log_msg(stdout, "%s",
|
|
Packit |
aea12f |
gnutls_mac_get_name(list[i]));
|
|
Packit |
aea12f |
if (i + 1 != (unsigned) ret)
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
ret = gnutls_priority_kx_list(pcache, &list);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Key Exchange Algorithms: ");
|
|
Packit |
aea12f |
if (ret == 0)
|
|
Packit |
aea12f |
log_msg(stdout, "none\n");
|
|
Packit |
aea12f |
for (i = 0; i < (unsigned) ret; i++) {
|
|
Packit |
aea12f |
log_msg(stdout, "%s",
|
|
Packit |
aea12f |
gnutls_kx_get_name(list[i]));
|
|
Packit |
aea12f |
if (i + 1 != (unsigned) ret)
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
gnutls_priority_group_list(pcache, &list);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Groups: ");
|
|
Packit |
aea12f |
if (ret == 0)
|
|
Packit |
aea12f |
log_msg(stdout, "none\n");
|
|
Packit |
aea12f |
for (i = 0; i < (unsigned) ret; i++) {
|
|
Packit |
aea12f |
log_msg(stdout, "GROUP-%s",
|
|
Packit |
aea12f |
gnutls_group_get_name(list[i]));
|
|
Packit |
aea12f |
if (i + 1 != (unsigned) ret)
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
ret = gnutls_priority_sign_list(pcache, &list);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "PK-signatures: ");
|
|
Packit |
aea12f |
if (ret == 0)
|
|
Packit |
aea12f |
log_msg(stdout, "none\n");
|
|
Packit |
aea12f |
for (i = 0; i < (unsigned) ret; i++) {
|
|
Packit |
aea12f |
log_msg(stdout, "SIGN-%s",
|
|
Packit |
aea12f |
gnutls_sign_algorithm_get_name(list
|
|
Packit |
aea12f |
[i]));
|
|
Packit |
aea12f |
if (i + 1 != (unsigned) ret)
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_priority_deinit(pcache);
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Cipher suites:\n");
|
|
Packit |
aea12f |
for (i = 0; (name = gnutls_cipher_suite_info
|
|
Packit |
aea12f |
(i, id, &kx, &cipher, &mac, &version)); i++) {
|
|
Packit |
aea12f |
log_msg(stdout, "%-50s\t0x%02x, 0x%02x\t%s\n",
|
|
Packit |
aea12f |
name,
|
|
Packit |
aea12f |
(unsigned char) id[0], (unsigned char) id[1],
|
|
Packit |
aea12f |
gnutls_protocol_get_name(version));
|
|
Packit |
aea12f |
if (verbose)
|
|
Packit |
aea12f |
log_msg
|
|
Packit |
aea12f |
(stdout, "\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
|
|
Packit |
aea12f |
gnutls_kx_get_name(kx),
|
|
Packit |
aea12f |
gnutls_cipher_get_name(cipher),
|
|
Packit |
aea12f |
gnutls_mac_get_name(mac));
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_certificate_type_t *p =
|
|
Packit |
aea12f |
gnutls_certificate_type_list();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Certificate types: ");
|
|
Packit |
aea12f |
for (; *p; p++) {
|
|
Packit |
aea12f |
log_msg(stdout, "CTYPE-%s",
|
|
Packit |
aea12f |
gnutls_certificate_type_get_name(*p));
|
|
Packit |
aea12f |
if (*(p + 1))
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_protocol_t *p = gnutls_protocol_list();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Protocols: ");
|
|
Packit |
aea12f |
for (; *p; p++) {
|
|
Packit |
aea12f |
log_msg(stdout, "VERS-%s", gnutls_protocol_get_name(*p));
|
|
Packit |
aea12f |
if (*(p + 1))
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_cipher_algorithm_t *p = gnutls_cipher_list();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Ciphers: ");
|
|
Packit |
aea12f |
for (; *p; p++) {
|
|
Packit |
aea12f |
log_msg(stdout, "%s", gnutls_cipher_get_name(*p));
|
|
Packit |
aea12f |
if (*(p + 1))
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_mac_algorithm_t *p = gnutls_mac_list();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "MACs: ");
|
|
Packit |
aea12f |
for (; *p; p++) {
|
|
Packit |
aea12f |
log_msg(stdout, "%s", gnutls_mac_get_name(*p));
|
|
Packit |
aea12f |
if (*(p + 1))
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_digest_algorithm_t *p = gnutls_digest_list();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Digests: ");
|
|
Packit |
aea12f |
for (; *p; p++) {
|
|
Packit |
aea12f |
log_msg(stdout, "%s", gnutls_digest_get_name(*p));
|
|
Packit |
aea12f |
if (*(p + 1))
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_kx_algorithm_t *p = gnutls_kx_list();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Key exchange algorithms: ");
|
|
Packit |
aea12f |
for (; *p; p++) {
|
|
Packit |
aea12f |
log_msg(stdout, "%s", gnutls_kx_get_name(*p));
|
|
Packit |
aea12f |
if (*(p + 1))
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_compression_method_t *p =
|
|
Packit |
aea12f |
gnutls_compression_list();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Compression: ");
|
|
Packit |
aea12f |
for (; *p; p++) {
|
|
Packit |
aea12f |
log_msg(stdout, "COMP-%s", gnutls_compression_get_name(*p));
|
|
Packit |
aea12f |
if (*(p + 1))
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_group_t *p = gnutls_group_list();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Groups: ");
|
|
Packit |
aea12f |
for (; *p; p++) {
|
|
Packit |
aea12f |
log_msg(stdout, "GROUP-%s", gnutls_group_get_name(*p));
|
|
Packit |
aea12f |
if (*(p + 1))
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_pk_algorithm_t *p = gnutls_pk_list();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "Public Key Systems: ");
|
|
Packit |
aea12f |
for (; *p; p++) {
|
|
Packit |
aea12f |
log_msg(stdout, "%s", gnutls_pk_algorithm_get_name(*p));
|
|
Packit |
aea12f |
if (*(p + 1))
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_sign_algorithm_t *p = gnutls_sign_list();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
log_msg(stdout, "PK-signatures: ");
|
|
Packit |
aea12f |
for (; *p; p++) {
|
|
Packit |
aea12f |
log_msg(stdout, "SIGN-%s",
|
|
Packit |
aea12f |
gnutls_sign_algorithm_get_name(*p));
|
|
Packit |
aea12f |
if (*(p + 1))
|
|
Packit |
aea12f |
log_msg(stdout, ", ");
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
log_msg(stdout, "\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void
|
|
Packit |
aea12f |
print_key_material(gnutls_session_t session, const char *label, size_t size)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gnutls_datum_t bin = { NULL, 0 }, hex = { NULL, 0 };
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
bin.data = gnutls_malloc(size);
|
|
Packit |
aea12f |
if (!bin.data) {
|
|
Packit |
aea12f |
fprintf(stderr, "Error in gnutls_malloc: %s\n",
|
|
Packit |
aea12f |
gnutls_strerror(GNUTLS_E_MEMORY_ERROR));
|
|
Packit |
aea12f |
goto out;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
bin.size = size;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_prf_rfc5705(session, strlen(label), label,
|
|
Packit |
aea12f |
0, NULL, size, (char *)bin.data);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fprintf(stderr, "Error in gnutls_prf_rfc5705: %s\n",
|
|
Packit |
aea12f |
gnutls_strerror(ret));
|
|
Packit |
aea12f |
goto out;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_hex_encode2(&bin, &hex;;
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fprintf(stderr, "Error in hex encoding: %s\n",
|
|
Packit |
aea12f |
gnutls_strerror(ret));
|
|
Packit |
aea12f |
goto out;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
log_msg(stdout, "- Key material: %s\n", hex.data);
|
|
Packit |
aea12f |
fflush(stdout);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
out:
|
|
Packit |
aea12f |
gnutls_free(bin.data);
|
|
Packit |
aea12f |
gnutls_free(hex.data);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int check_command(gnutls_session_t session, const char *str, unsigned no_cli_cert)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
size_t len = strnlen(str, 128);
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
fprintf(stderr, "*** Processing %u bytes command: %s\n", (unsigned)len,
|
|
Packit |
aea12f |
str);
|
|
Packit |
aea12f |
if (len > 2 && str[0] == str[1] && str[0] == '*') {
|
|
Packit |
aea12f |
if (strncmp
|
|
Packit |
aea12f |
(str, "**REHANDSHAKE**",
|
|
Packit |
aea12f |
sizeof("**REHANDSHAKE**") - 1) == 0) {
|
|
Packit |
aea12f |
fprintf(stderr,
|
|
Packit |
aea12f |
"*** Sending rehandshake request\n");
|
|
Packit |
aea12f |
gnutls_rehandshake(session);
|
|
Packit |
aea12f |
return 1;
|
|
Packit |
aea12f |
} else if (strncmp
|
|
Packit |
aea12f |
(str, "**REAUTH**",
|
|
Packit |
aea12f |
sizeof("**REAUTH**") - 1) == 0) {
|
|
Packit |
aea12f |
/* in case we have a re-auth cmd prepare for it */
|
|
Packit |
aea12f |
if (no_cli_cert)
|
|
Packit |
aea12f |
gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
fprintf(stderr,
|
|
Packit |
aea12f |
"*** Sending re-auth request\n");
|
|
Packit |
aea12f |
do {
|
|
Packit |
aea12f |
ret = gnutls_reauth(session, 0);
|
|
Packit |
aea12f |
} while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fprintf(stderr, "reauth: %s\n",
|
|
Packit |
aea12f |
gnutls_strerror(ret));
|
|
Packit |
aea12f |
exit(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
return 1;
|
|
Packit |
aea12f |
} else
|
|
Packit |
aea12f |
if (strncmp
|
|
Packit |
aea12f |
(str, "**HEARTBEAT**",
|
|
Packit |
aea12f |
sizeof("**HEARTBEAT**") - 1) == 0) {
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
gnutls_heartbeat_ping(session, 300, 5,
|
|
Packit |
aea12f |
GNUTLS_HEARTBEAT_WAIT);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
if (ret == GNUTLS_E_INVALID_REQUEST) {
|
|
Packit |
aea12f |
fprintf(stderr,
|
|
Packit |
aea12f |
"No heartbeat in this session\n");
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
fprintf(stderr, "ping: %s\n",
|
|
Packit |
aea12f |
gnutls_strerror(ret));
|
|
Packit |
aea12f |
exit(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
return 2;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* error is indicated by returning an empty string */
|
|
Packit |
aea12f |
void getpass_copy(char *pass, size_t max_pass_size, const char *prompt)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
char *tmp;
|
|
Packit |
aea12f |
size_t len;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
tmp = getpass(prompt);
|
|
Packit |
aea12f |
if (tmp == NULL) {
|
|
Packit |
aea12f |
pass[0] = 0;
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
len = strlen(tmp);
|
|
Packit |
aea12f |
if (len >= max_pass_size) {
|
|
Packit |
aea12f |
gnutls_memset(tmp, 0, len);
|
|
Packit |
aea12f |
pass[0] = 0;
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
strcpy(pass, tmp);
|
|
Packit |
aea12f |
gnutls_memset(tmp, 0, len);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* error is indicated by returning an empty string */
|
|
Packit |
aea12f |
void getenv_copy(char *str, size_t max_str_size, const char *envvar)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
char *tmp;
|
|
Packit |
aea12f |
size_t len;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
tmp = getenv(envvar);
|
|
Packit |
aea12f |
if (tmp == NULL) {
|
|
Packit |
aea12f |
str[0] = 0;
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
len = strlen(tmp);
|
|
Packit |
aea12f |
if (len >= max_str_size) {
|
|
Packit |
aea12f |
str[0] = 0;
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
strcpy(str, tmp);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define MIN(x,y) ((x)<(y))?(x):(y)
|
|
Packit |
aea12f |
#define MAX_CACHE_TRIES 5
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
pin_callback(void *user, int attempt, const char *token_url,
|
|
Packit |
aea12f |
const char *token_label, unsigned int flags, char *pin,
|
|
Packit |
aea12f |
size_t pin_max)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
char password[MAX_PIN_LEN] = "";
|
|
Packit |
aea12f |
common_info_st *info = user;
|
|
Packit |
aea12f |
const char *desc;
|
|
Packit |
aea12f |
int cache = MAX_CACHE_TRIES;
|
|
Packit |
aea12f |
unsigned len;
|
|
Packit |
aea12f |
/* allow caching of PIN */
|
|
Packit |
aea12f |
static char *cached_url = NULL;
|
|
Packit |
aea12f |
static char cached_pin[MAX_PIN_LEN] = "";
|
|
Packit |
aea12f |
const char *env;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (flags & GNUTLS_PIN_SO) {
|
|
Packit |
aea12f |
env = "GNUTLS_SO_PIN";
|
|
Packit |
aea12f |
desc = "security officer";
|
|
Packit |
aea12f |
if (info && info->so_pin)
|
|
Packit |
aea12f |
snprintf(password, sizeof(password), "%s", info->so_pin);
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
env = "GNUTLS_PIN";
|
|
Packit |
aea12f |
desc = "user";
|
|
Packit |
aea12f |
if (info && info->pin)
|
|
Packit |
aea12f |
snprintf(password, sizeof(password), "%s", info->pin);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (flags & GNUTLS_PIN_FINAL_TRY) {
|
|
Packit |
aea12f |
cache = 0;
|
|
Packit |
aea12f |
log_msg(stdout, "*** This is the final try before locking!\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
if (flags & GNUTLS_PIN_COUNT_LOW) {
|
|
Packit |
aea12f |
cache = 0;
|
|
Packit |
aea12f |
log_msg(stdout, "*** Only few tries left before locking!\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (flags & GNUTLS_PIN_WRONG) {
|
|
Packit |
aea12f |
cache = 0;
|
|
Packit |
aea12f |
log_msg(stdout, "*** Wrong PIN has been provided!\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (cache > 0 && cached_url != NULL) {
|
|
Packit |
aea12f |
if (token_url != NULL
|
|
Packit |
aea12f |
&& strcmp(cached_url, token_url) == 0) {
|
|
Packit |
aea12f |
if (strlen(cached_pin) >= pin_max) {
|
|
Packit |
aea12f |
fprintf(stderr, "Too long PIN given\n");
|
|
Packit |
aea12f |
exit(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (info && info->verbose) {
|
|
Packit |
aea12f |
fprintf(stderr,
|
|
Packit |
aea12f |
"Re-using cached PIN for token '%s'\n",
|
|
Packit |
aea12f |
token_label);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
strcpy(pin, cached_pin);
|
|
Packit |
aea12f |
cache--;
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (password[0] == 0) {
|
|
Packit |
aea12f |
getenv_copy(password, sizeof(password), env);
|
|
Packit |
aea12f |
if (password[0] == 0) /* compatibility */
|
|
Packit |
aea12f |
getenv_copy(password, sizeof(password), "GNUTLS_PIN");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (password[0] == 0 && (info == NULL || info->batch == 0 || info->ask_pass != 0)) {
|
|
Packit |
aea12f |
if (token_label && token_label[0] != 0) {
|
|
Packit |
aea12f |
fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);
|
|
Packit |
aea12f |
fprintf(stderr, "requires %s PIN\n", desc);
|
|
Packit |
aea12f |
getpass_copy(password, sizeof(password), "Enter PIN: ");
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
getpass_copy(password, sizeof(password), "Enter password: ");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
} else {
|
|
Packit |
aea12f |
if (flags & GNUTLS_PIN_WRONG) {
|
|
Packit |
aea12f |
if (token_label && token_label[0] != 0) {
|
|
Packit |
aea12f |
fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);
|
|
Packit |
aea12f |
fprintf(stderr, "requires %s PIN\n", desc);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
fprintf(stderr, "Cannot continue with a wrong password in the environment.\n");
|
|
Packit |
aea12f |
exit(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (password[0] == 0 || password[0] == '\n') {
|
|
Packit |
aea12f |
fprintf(stderr, "No PIN given.\n");
|
|
Packit |
aea12f |
if (info != NULL && info->batch != 0) {
|
|
Packit |
aea12f |
fprintf(stderr, "note: when operating in batch mode, set the GNUTLS_PIN or GNUTLS_SO_PIN environment variables\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
exit(1);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
len = MIN(pin_max - 1, strlen(password));
|
|
Packit |
aea12f |
memcpy(pin, password, len);
|
|
Packit |
aea12f |
pin[len] = 0;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* cache */
|
|
Packit |
aea12f |
if (len < sizeof(cached_pin)) {
|
|
Packit |
aea12f |
memcpy(cached_pin, pin, len);
|
|
Packit |
aea12f |
cached_pin[len] = 0;
|
|
Packit |
aea12f |
} else
|
|
Packit |
aea12f |
cached_pin[0] = 0;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
free(cached_url);
|
|
Packit |
aea12f |
if (token_url)
|
|
Packit |
aea12f |
cached_url = strdup(token_url);
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
cached_url = NULL;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifdef ENABLE_PKCS11
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static int
|
|
Packit |
aea12f |
token_callback(void *user, const char *label, const unsigned retry)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
char buf[32];
|
|
Packit |
aea12f |
common_info_st *info = user;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (retry > 0 || (info != NULL && info->batch != 0)) {
|
|
Packit |
aea12f |
fprintf(stderr, "Could not find token %s\n", label);
|
|
Packit |
aea12f |
return -1;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
log_msg(stdout, "Please insert token '%s' in slot and press enter\n",
|
|
Packit |
aea12f |
label);
|
|
Packit |
aea12f |
if (fgets(buf, sizeof(buf), stdin) == NULL) {
|
|
Packit |
aea12f |
fprintf(stderr, "error reading input\n");
|
|
Packit |
aea12f |
return -1;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void pkcs11_common(common_info_st *c)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs11_set_pin_function(pin_callback, c);
|
|
Packit |
aea12f |
gnutls_pkcs11_set_token_function(token_callback, c);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void sockets_init(void)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
#ifdef _WIN32
|
|
Packit |
aea12f |
WORD wVersionRequested;
|
|
Packit |
aea12f |
WSADATA wsaData;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
wVersionRequested = MAKEWORD(1, 1);
|
|
Packit |
aea12f |
if (WSAStartup(wVersionRequested, &wsaData) != 0) {
|
|
Packit |
aea12f |
perror("WSA_STARTUP_ERROR");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
#else
|
|
Packit |
aea12f |
signal(SIGPIPE, SIG_IGN);
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int log_msg(FILE *file, const char *message, ...)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
va_list args;
|
|
Packit |
aea12f |
int rv;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
va_start(args, message);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
rv = vfprintf(logfile ? logfile : file, message, args);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
va_end(args);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return rv;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void log_set(FILE *file)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
logfile = file;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* This is very similar to ctime() but it does not force a newline.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
char *simple_ctime(const time_t *t, char out[SIMPLE_CTIME_BUF_SIZE])
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
struct tm tm;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (localtime_r(t, &tm) == NULL)
|
|
Packit |
aea12f |
goto error;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (!strftime(out, SIMPLE_CTIME_BUF_SIZE, "%c", &tm))
|
|
Packit |
aea12f |
goto error;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return out;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
error:
|
|
Packit |
aea12f |
snprintf(out, SIMPLE_CTIME_BUF_SIZE, "[error]");
|
|
Packit |
aea12f |
return out;
|
|
Packit |
aea12f |
}
|