/* Load the certificate and the private key.
* (This code is largely taken from GnuTLS).
*/
static void
load_keys(const char *hostname,
const char *CERT_FILE,
const char *KEY_FILE)
{
int ret;
gnutls_datum_t data;
struct Hosts *host;
host = malloc (sizeof (struct Hosts));
if (NULL == host)
abort ();
host->hostname = hostname;
host->next = hosts;
hosts = host;
ret = gnutls_load_file (CERT_FILE, &data);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading certificate file %s.\n",
CERT_FILE);
exit (1);
}
ret =
gnutls_pcert_import_x509_raw (&host->pcrt, &data, GNUTLS_X509_FMT_PEM,
0);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading certificate file: %s\n",
gnutls_strerror (ret));
exit (1);
}
gnutls_free (data.data);
ret = gnutls_load_file (KEY_FILE, &data);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading key file %s.\n",
KEY_FILE);
exit (1);
}
gnutls_privkey_init (&host->key);
ret =
gnutls_privkey_import_x509_raw (host->key,
&data, GNUTLS_X509_FMT_PEM,
NULL, 0);
if (ret < 0)
{
fprintf (stderr,
"*** Error loading key file: %s\n",
gnutls_strerror (ret));
exit (1);
}
gnutls_free (data.data);
}
static int
cert_callback(gnutls_session_t session,
const gnutls_datum_t * req_ca_rdn, int nreqs,
const gnutls_pk_algorithm_t * sign_algos,
int sign_algos_length, gnutls_pcert_st ** pcert,
unsigned int *pcert_length, gnutls_privkey_t * pkey)
{
int ret;
gnutls_pcert_st *p;
gnutls_privkey_t lkey;
if (gnutls_certificate_client_get_request_status(session) == 0) {
fail("gnutls_certificate_client_get_request_status failed\n");
return -1;
}
p = gnutls_malloc(sizeof(*p));
if (p==NULL)
return -1;
if (g_pkey == NULL) {
ret = gnutls_pcert_import_x509_raw(p, &cli_cert, GNUTLS_X509_FMT_PEM, 0);
if (ret < 0)
return -1;
ret = gnutls_privkey_init(&lkey);
if (ret < 0)
return -1;
ret = gnutls_privkey_import_x509_raw(lkey, &cli_key, GNUTLS_X509_FMT_PEM, NULL, 0);
if (ret < 0)
return -1;
g_pcert = p;
g_pkey = lkey;
*pcert = p;
*pcert_length = 1;
*pkey = lkey;
} else {
*pcert = g_pcert;
*pcert_length = 1;
if (gnutls_certificate_client_get_request_status(session) == 0) {
fail("gnutls_certificate_client_get_request_status failed\n");
return -1;
}
*pkey = g_pkey;
}
return 0;
}
static int
cert_callback(gnutls_session_t session,
const gnutls_datum_t * req_ca_rdn, int nreqs,
const gnutls_pk_algorithm_t * sign_algos,
int sign_algos_length, gnutls_pcert_st ** pcert,
unsigned int *pcert_length, gnutls_privkey_t * pkey)
{
int ret;
gnutls_pcert_st *p;
gnutls_privkey_t lkey;
p = gnutls_malloc(sizeof(*p));
if (p==NULL)
return -1;
if (g_pkey == NULL) {
ret = gnutls_pcert_import_x509_raw(p, &server_cert, GNUTLS_X509_FMT_PEM, 0);
if (ret < 0)
return -1;
ret = gnutls_privkey_init(&lkey);
if (ret < 0)
return -1;
ret = gnutls_privkey_import_x509_raw(lkey, &server_key, GNUTLS_X509_FMT_PEM, NULL, 0);
if (ret < 0)
return -1;
g_pcert = p;
g_pkey = lkey;
*pcert = p;
*pcert_length = 1;
*pkey = lkey;
} else {
*pcert = g_pcert;
*pcert_length = 1;
}
*pkey = g_pkey;
return 0;
}
/* Load the certificate and the private key.
*/
static void
load_keys (void)
{
int ret;
gnutls_datum_t data;
ret = gnutls_load_file (CERT_FILE, &data);
if (ret < 0)
{
fprintf (stderr, "*** Error loading certificate file.\n");
exit (1);
}
ret = gnutls_pcert_import_x509_raw (&pcrt, &data, GNUTLS_X509_FMT_PEM, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading certificate file: %s\n",
gnutls_strerror (ret));
exit (1);
}
gnutls_free(data.data);
ret = gnutls_load_file (KEY_FILE, &data);
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file.\n");
exit (1);
}
gnutls_privkey_init (&key);
ret = gnutls_privkey_import_x509_raw (key, &data, GNUTLS_X509_FMT_PEM, NULL, 0);
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file: %s\n",
gnutls_strerror (ret));
exit (1);
}
gnutls_free(data.data);
}
/* Converts the first certificate for the cert_auth_info structure
* to a pcert.
*/
int
_gnutls_get_auth_info_pcert (gnutls_pcert_st* pcert,
gnutls_certificate_type_t type,
cert_auth_info_t info)
{
switch (type)
{
case GNUTLS_CRT_X509:
return gnutls_pcert_import_x509_raw(pcert, &info->raw_certificate_list[0],
GNUTLS_X509_FMT_DER, GNUTLS_PCERT_NO_CERT);
#ifdef ENABLE_OPENPGP
case GNUTLS_CRT_OPENPGP:
return gnutls_pcert_import_openpgp_raw(pcert,
&info->raw_certificate_list[0],
GNUTLS_OPENPGP_FMT_RAW,
info->use_subkey ? info->
subkey_id : NULL, GNUTLS_PCERT_NO_CERT);
#endif
default:
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
}
