/* Load the certificate and the private key. * (This code is largely taken from GnuTLS). */ static void load_keys(const char *hostname, const char *CERT_FILE, const char *KEY_FILE) { int ret; gnutls_datum_t data; struct Hosts *host; host = malloc (sizeof (struct Hosts)); if (NULL == host) abort (); host->hostname = hostname; host->next = hosts; hosts = host; ret = gnutls_load_file (CERT_FILE, &data); if (ret < 0) { fprintf (stderr, "*** Error loading certificate file %s.\n", CERT_FILE); exit (1); } ret = gnutls_pcert_import_x509_raw (&host->pcrt, &data, GNUTLS_X509_FMT_PEM, 0); if (ret < 0) { fprintf (stderr, "*** Error loading certificate file: %s\n", gnutls_strerror (ret)); exit (1); } gnutls_free (data.data); ret = gnutls_load_file (KEY_FILE, &data); if (ret < 0) { fprintf (stderr, "*** Error loading key file %s.\n", KEY_FILE); exit (1); } gnutls_privkey_init (&host->key); ret = gnutls_privkey_import_x509_raw (host->key, &data, GNUTLS_X509_FMT_PEM, NULL, 0); if (ret < 0) { fprintf (stderr, "*** Error loading key file: %s\n", gnutls_strerror (ret)); exit (1); } gnutls_free (data.data); }
static int cert_callback(gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_pcert_st ** pcert, unsigned int *pcert_length, gnutls_privkey_t * pkey) { int ret; gnutls_pcert_st *p; gnutls_privkey_t lkey; if (gnutls_certificate_client_get_request_status(session) == 0) { fail("gnutls_certificate_client_get_request_status failed\n"); return -1; } p = gnutls_malloc(sizeof(*p)); if (p==NULL) return -1; if (g_pkey == NULL) { ret = gnutls_pcert_import_x509_raw(p, &cli_cert, GNUTLS_X509_FMT_PEM, 0); if (ret < 0) return -1; ret = gnutls_privkey_init(&lkey); if (ret < 0) return -1; ret = gnutls_privkey_import_x509_raw(lkey, &cli_key, GNUTLS_X509_FMT_PEM, NULL, 0); if (ret < 0) return -1; g_pcert = p; g_pkey = lkey; *pcert = p; *pcert_length = 1; *pkey = lkey; } else { *pcert = g_pcert; *pcert_length = 1; if (gnutls_certificate_client_get_request_status(session) == 0) { fail("gnutls_certificate_client_get_request_status failed\n"); return -1; } *pkey = g_pkey; } return 0; }
static int cert_callback(gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_pcert_st ** pcert, unsigned int *pcert_length, gnutls_privkey_t * pkey) { int ret; gnutls_pcert_st *p; gnutls_privkey_t lkey; p = gnutls_malloc(sizeof(*p)); if (p==NULL) return -1; if (g_pkey == NULL) { ret = gnutls_pcert_import_x509_raw(p, &server_cert, GNUTLS_X509_FMT_PEM, 0); if (ret < 0) return -1; ret = gnutls_privkey_init(&lkey); if (ret < 0) return -1; ret = gnutls_privkey_import_x509_raw(lkey, &server_key, GNUTLS_X509_FMT_PEM, NULL, 0); if (ret < 0) return -1; g_pcert = p; g_pkey = lkey; *pcert = p; *pcert_length = 1; *pkey = lkey; } else { *pcert = g_pcert; *pcert_length = 1; } *pkey = g_pkey; return 0; }
/* Load the certificate and the private key. */ static void load_keys (void) { int ret; gnutls_datum_t data; ret = gnutls_load_file (CERT_FILE, &data); if (ret < 0) { fprintf (stderr, "*** Error loading certificate file.\n"); exit (1); } ret = gnutls_pcert_import_x509_raw (&pcrt, &data, GNUTLS_X509_FMT_PEM, 0); if (ret < 0) { fprintf (stderr, "*** Error loading certificate file: %s\n", gnutls_strerror (ret)); exit (1); } gnutls_free(data.data); ret = gnutls_load_file (KEY_FILE, &data); if (ret < 0) { fprintf (stderr, "*** Error loading key file.\n"); exit (1); } gnutls_privkey_init (&key); ret = gnutls_privkey_import_x509_raw (key, &data, GNUTLS_X509_FMT_PEM, NULL, 0); if (ret < 0) { fprintf (stderr, "*** Error loading key file: %s\n", gnutls_strerror (ret)); exit (1); } gnutls_free(data.data); }
/* Converts the first certificate for the cert_auth_info structure * to a pcert. */ int _gnutls_get_auth_info_pcert (gnutls_pcert_st* pcert, gnutls_certificate_type_t type, cert_auth_info_t info) { switch (type) { case GNUTLS_CRT_X509: return gnutls_pcert_import_x509_raw(pcert, &info->raw_certificate_list[0], GNUTLS_X509_FMT_DER, GNUTLS_PCERT_NO_CERT); #ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return gnutls_pcert_import_openpgp_raw(pcert, &info->raw_certificate_list[0], GNUTLS_OPENPGP_FMT_RAW, info->use_subkey ? info-> subkey_id : NULL, GNUTLS_PCERT_NO_CERT); #endif default: gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } }