static void
try_prio (const char* prio, unsigned expected_cs, unsigned expected_ciphers)
{
int ret;
gnutls_priority_t p;
const char* err;
const unsigned int * t;
unsigned i, si, count = 0;
/* this must be called once in the program
*/
global_init ();
ret = gnutls_priority_init(&p, prio, &err);
if (ret < 0)
{
fprintf(stderr, "error: %s: %s\n", gnutls_strerror(ret), err);
exit(1);
}
for (i=0;;i++)
{
ret = gnutls_priority_get_cipher_suite_index(p, i, &si);
if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
continue;
else if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
else if (ret == 0)
{
count++;
/* fprintf(stderr, "%s\n", gnutls_cipher_suite_info(si, NULL, NULL, NULL, NULL, NULL)); */
}
}
ret = gnutls_priority_cipher_list (p, &t);
if ((unsigned)ret != expected_ciphers)
{
#if 0
for (i=0;i<ret;i++)
fprintf(stderr, "%s\n", gnutls_cipher_get_name(t[i]));
#endif
fail("expected %d ciphers, found %d\n", expected_ciphers, ret);
exit(1);
}
gnutls_priority_deinit(p);
/* fprintf(stderr, "count: %d\n", count); */
if (debug)
success ("finished: %s\n", prio);
if (count != expected_cs)
{
fail("expected %d ciphersuites, found %d\n", expected_cs, count);
exit(1);
}
}
wxString CTlsSocket::ListTlsCiphers(wxString priority)
{
if (priority.IsEmpty())
priority = wxString::FromUTF8(ciphers);
wxString list = wxString::Format(_T("Ciphers for %s:\n"), priority.c_str());
#if GNUTLS_VERSION_NUMBER >= 0x030009
gnutls_priority_t pcache;
const char *err = 0;
int ret = gnutls_priority_init(&pcache, priority.mb_str(), &err);
if (ret < 0)
{
list += wxString::Format(_T("gnutls_priority_init failed with code %d: %s"), ret, wxString::FromUTF8(err ? err : "").c_str());
return list;
}
else
{
for (size_t i = 0; ; i++)
{
unsigned int idx;
ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
continue;
gnutls_protocol_t version;
unsigned char id[2];
const char* name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL, &version);
if (name != 0)
{
list += wxString::Format(
_T("%-50s 0x%02x, 0x%02x %s\n"),
wxString::FromUTF8(name).c_str(),
(unsigned char)id[0],
(unsigned char)id[1],
wxString::FromUTF8(gnutls_protocol_get_name(version)).c_str());
}
}
}
#else
list += _T("Unknown\n");
#endif
return list;
}
static void print_cipher_suite_list(const char *priorities)
{
size_t i;
int ret;
unsigned int idx;
const char *name;
const char *err;
unsigned char id[2];
gnutls_protocol_t version;
gnutls_priority_t pcache;
if (priorities != NULL) {
printf("Cipher suites for %s\n", priorities);
ret = gnutls_priority_init(&pcache, priorities, &err);
if (ret < 0) {
fprintf(stderr, "Syntax error at: %s\n", err);
exit(1);
}
for (i = 0;; i++) {
ret =
gnutls_priority_get_cipher_suite_index(pcache,
i,
&idx);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
continue;
name =
gnutls_cipher_suite_info(idx, id, NULL, NULL,
NULL, &version);
if (name != NULL)
printf("%-50s\t0x%02x, 0x%02x\t%s\n",
name, (unsigned char) id[0],
(unsigned char) id[1],
gnutls_protocol_get_name(version));
}
return;
}
}
void
print_list (const char *priorities, int verbose)
{
size_t i;
int ret;
unsigned int idx;
const char *name;
const char *err;
unsigned char id[2];
gnutls_kx_algorithm_t kx;
gnutls_cipher_algorithm_t cipher;
gnutls_mac_algorithm_t mac;
gnutls_protocol_t version;
gnutls_priority_t pcache;
const unsigned int *list;
if (priorities != NULL)
{
printf ("Cipher suites for %s\n", priorities);
ret = gnutls_priority_init (&pcache, priorities, &err);
if (ret < 0)
{
fprintf (stderr, "Syntax error at: %s\n", err);
exit (1);
}
for (i = 0;; i++)
{
ret =
gnutls_priority_get_cipher_suite_index (pcache, i,
&idx);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
continue;
name =
gnutls_cipher_suite_info (idx, id, NULL, NULL, NULL,
&version);
if (name != NULL)
printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
name, (unsigned char) id[0],
(unsigned char) id[1],
gnutls_protocol_get_name (version));
}
printf("\n");
{
ret = gnutls_priority_certificate_type_list (pcache, &list);
printf ("Certificate types: ");
if (ret == 0) printf("none\n");
for (i = 0; i < (unsigned)ret; i++)
{
printf ("CTYPE-%s",
gnutls_certificate_type_get_name (list[i]));
if (i+1!=(unsigned)ret)
printf (", ");
else
printf ("\n");
}
}
{
ret = gnutls_priority_protocol_list (pcache, &list);
printf ("Protocols: ");
if (ret == 0) printf("none\n");
for (i = 0; i < (unsigned)ret; i++)
{
printf ("VERS-%s", gnutls_protocol_get_name (list[i]));
if (i+1!=(unsigned)ret)
printf (", ");
else
printf ("\n");
}
}
{
ret = gnutls_priority_compression_list (pcache, &list);
printf ("Compression: ");
if (ret == 0) printf("none\n");
for (i = 0; i < (unsigned)ret; i++)
{
printf ("COMP-%s",
gnutls_compression_get_name (list[i]));
if (i+1!=(unsigned)ret)
printf (", ");
else
printf ("\n");
}
}
{
ret = gnutls_priority_ecc_curve_list (pcache, &list);
printf ("Elliptic curves: ");
if (ret == 0) printf("none\n");
for (i = 0; i < (unsigned)ret; i++)
{
printf ("CURVE-%s",
gnutls_ecc_curve_get_name (list[i]));
if (i+1!=(unsigned)ret)
printf (", ");
else
printf ("\n");
}
}
{
ret = gnutls_priority_sign_list (pcache, &list);
printf ("PK-signatures: ");
if (ret == 0) printf("none\n");
for (i = 0; i < (unsigned)ret; i++)
{
printf ("SIGN-%s",
gnutls_sign_algorithm_get_name (list[i]));
if (i+1!=(unsigned)ret)
printf (", ");
else
printf ("\n");
}
}
return;
}
printf ("Cipher suites:\n");
for (i = 0; (name = gnutls_cipher_suite_info
(i, id, &kx, &cipher, &mac, &version)); i++)
{
printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
name,
(unsigned char) id[0], (unsigned char) id[1],
gnutls_protocol_get_name (version));
if (verbose)
printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
gnutls_kx_get_name (kx),
gnutls_cipher_get_name (cipher),
gnutls_mac_get_name (mac));
}
printf("\n");
{
const gnutls_certificate_type_t *p =
gnutls_certificate_type_list ();
printf ("Certificate types: ");
for (; *p; p++)
{
printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
if (*(p + 1))
printf (", ");
else
printf ("\n");
}
}
{
const gnutls_protocol_t *p = gnutls_protocol_list ();
printf ("Protocols: ");
for (; *p; p++)
{
printf ("VERS-%s", gnutls_protocol_get_name (*p));
if (*(p + 1))
printf (", ");
else
printf ("\n");
}
}
{
const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
printf ("Ciphers: ");
for (; *p; p++)
{
printf ("%s", gnutls_cipher_get_name (*p));
if (*(p + 1))
printf (", ");
else
printf ("\n");
}
}
{
const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
printf ("MACs: ");
for (; *p; p++)
{
printf ("%s", gnutls_mac_get_name (*p));
if (*(p + 1))
printf (", ");
else
printf ("\n");
}
}
{
const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
printf ("Key exchange algorithms: ");
for (; *p; p++)
{
printf ("%s", gnutls_kx_get_name (*p));
if (*(p + 1))
printf (", ");
else
printf ("\n");
}
}
{
const gnutls_compression_method_t *p = gnutls_compression_list ();
printf ("Compression: ");
for (; *p; p++)
{
printf ("COMP-%s", gnutls_compression_get_name (*p));
if (*(p + 1))
printf (", ");
else
printf ("\n");
}
}
{
const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
printf ("Elliptic curves: ");
for (; *p; p++)
{
printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p));
if (*(p + 1))
printf (", ");
else
printf ("\n");
}
}
{
const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
printf ("Public Key Systems: ");
for (; *p; p++)
{
printf ("%s", gnutls_pk_algorithm_get_name (*p));
if (*(p + 1))
printf (", ");
else
printf ("\n");
}
}
{
const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
printf ("PK-signatures: ");
for (; *p; p++)
{
printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
if (*(p + 1))
printf (", ");
else
printf ("\n");
}
}
}
