/* Load the certificate and the private key. */ static void load_keys (void) { unsigned int crt_num; int ret; gnutls_datum_t data; if (x509_certfile != NULL && x509_keyfile != NULL) { data = load_file (x509_certfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading cert file.\n"); exit (1); } crt_num = MAX_CRT; ret = gnutls_x509_crt_list_import (x509_crt, &crt_num, &data, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); if (ret < 0) { if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { fprintf (stderr, "*** Error loading cert file: Too many certs %d\n", crt_num); } else { fprintf (stderr, "*** Error loading cert file: %s\n", gnutls_strerror (ret)); } exit (1); } x509_crt_size = ret; fprintf (stderr, "Processed %d client certificates...\n", ret); unload_file (data); data = load_file (x509_keyfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading key file.\n"); exit (1); } gnutls_x509_privkey_init (&x509_key); ret = gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM); if (ret < 0) { fprintf (stderr, "*** Error loading key file: %s\n", gnutls_strerror (ret)); exit (1); } unload_file (data); fprintf (stderr, "Processed %d client X.509 certificates...\n", x509_crt_size); } #ifdef ENABLE_OPENPGP if (pgp_certfile != NULL && pgp_keyfile != NULL) { data = load_file (pgp_certfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading PGP cert file.\n"); exit (1); } gnutls_openpgp_crt_init (&pgp_crt); ret = gnutls_openpgp_crt_import (pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64); if (ret < 0) { fprintf (stderr, "*** Error loading PGP cert file: %s\n", gnutls_strerror (ret)); exit (1); } unload_file (data); data = load_file (pgp_keyfile); if (data.data == NULL) { fprintf (stderr, "*** Error loading PGP key file.\n"); exit (1); } gnutls_openpgp_privkey_init (&pgp_key); ret = gnutls_openpgp_privkey_import (pgp_key, &data, GNUTLS_OPENPGP_FMT_BASE64, NULL, 0); if (ret < 0) { fprintf (stderr, "*** Error loading PGP key file: %s\n", gnutls_strerror (ret)); exit (1); } unload_file (data); if (info.pgp_subkey != NULL) { gnutls_openpgp_keyid_t keyid; if (strcasecmp (info.pgp_subkey, "auto") == 0) { ret = gnutls_openpgp_crt_get_auth_subkey (pgp_crt, keyid, 1); if (ret < 0) { fprintf (stderr, "*** Error setting preferred sub key id (%s): %s\n", info.pgp_subkey, gnutls_strerror (ret)); exit (1); } } else get_keyid (keyid, info.pgp_subkey); ret = gnutls_openpgp_crt_set_preferred_key_id (pgp_crt, keyid); if (ret >= 0) ret = gnutls_openpgp_privkey_set_preferred_key_id (pgp_key, keyid); if (ret < 0) { fprintf (stderr, "*** Error setting preferred sub key id (%s): %s\n", info.pgp_subkey, gnutls_strerror (ret)); exit (1); } } fprintf (stderr, "Processed 1 client PGP certificate...\n"); } #endif }
/** * gnutls_certificate_set_openpgp_key_mem2 - Used to set OpenPGP keys * @res: the destination context to save the data. * @cert: the datum that contains the public key. * @key: the datum that contains the secret key. * @subkey_id: a hex encoded subkey id * @format: the format of the keys * * This funtion is used to load OpenPGP keys into the GnuTLS * credentials structure. The files should only contain one key which * is not encrypted. * * The special keyword "auto" is also accepted as @subkey_id. In that * case the gnutls_openpgp_crt_get_auth_subkey() will be used to * retrieve the subkey. * * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. * * Since: 2.4.0 **/ int gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, const gnutls_datum_t * cert, const gnutls_datum_t * key, const char *subkey_id, gnutls_openpgp_crt_fmt_t format) { gnutls_openpgp_privkey_t pkey; gnutls_openpgp_crt_t crt; int ret; ret = gnutls_openpgp_privkey_init (&pkey); if (ret < 0) { gnutls_assert (); return ret; } ret = gnutls_openpgp_privkey_import (pkey, key, format, NULL, 0); if (ret < 0) { gnutls_assert (); gnutls_openpgp_privkey_deinit (pkey); return ret; } ret = gnutls_openpgp_crt_init (&crt); if (ret < 0) { gnutls_assert (); gnutls_openpgp_privkey_deinit (pkey); return ret; } ret = gnutls_openpgp_crt_import (crt, cert, format); if (ret < 0) { gnutls_assert (); gnutls_openpgp_privkey_deinit (pkey); gnutls_openpgp_crt_deinit (crt); return ret; } if (subkey_id != NULL) { gnutls_openpgp_keyid_t keyid; if (strcasecmp (subkey_id, "auto") == 0) ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1); else ret = get_keyid (keyid, subkey_id); if (ret >= 0) { ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid); if (ret >= 0) ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid); } if (ret < 0) { gnutls_assert (); gnutls_openpgp_privkey_deinit (pkey); gnutls_openpgp_crt_deinit (crt); return ret; } } ret = gnutls_certificate_set_openpgp_key (res, crt, pkey); gnutls_openpgp_privkey_deinit (pkey); gnutls_openpgp_crt_deinit (crt); return ret; }