int ufwissl_ssl_context_set_dh_file(ufwissl_ssl_context * ctx, const char *filename) { gnutls_datum_t datum_dh; int ret; datum_dh.data = NULL; if (!filename) return UFWISSL_ERROR; /* read CRL and CA */ ret = read_to_datum(filename, &datum_dh); if (ret != 0) return UFWISSL_ERROR; if (gnutls_dh_params_init(&ctx->dh) < 0) { free(datum_dh.data); return UFWISSL_ERROR; } if (gnutls_dh_params_import_pkcs3(ctx->dh, &datum_dh, GNUTLS_X509_FMT_PEM) < 0) { free(datum_dh.data); return UFWISSL_ERROR; } free(datum_dh.data); return UFWISSL_OK; }
ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) { int ret; gnutls_datum data; gnutls_pkcs12 p12; ne_ssl_client_cert *cc; char *friendly_name = NULL; gnutls_x509_crt cert = NULL; gnutls_x509_privkey pkey = NULL; if (read_to_datum(filename, &data)) return NULL; if (gnutls_pkcs12_init(&p12) != 0) { return NULL; } ret = gnutls_pkcs12_import(p12, &data, GNUTLS_X509_FMT_DER, 0); ne_free(data.data); if (ret < 0) { gnutls_pkcs12_deinit(p12); return NULL; } if (gnutls_pkcs12_verify_mac(p12, "") == 0) { if (pkcs12_parse(p12, &pkey, &cert, &friendly_name, "") != 0 || !cert || !pkey) { gnutls_pkcs12_deinit(p12); return NULL; } cc = ne_calloc(sizeof *cc); cc->pkey = pkey; cc->decrypted = 1; cc->friendly_name = friendly_name; populate_cert(&cc->cert, cert); gnutls_pkcs12_deinit(p12); cc->p12 = NULL; return cc; } else { /* TODO: calling pkcs12_parse() here to find the friendly_name * seems to break horribly. */ cc = ne_calloc(sizeof *cc); cc->p12 = p12; return cc; } }
ne_ssl_certificate *ne_ssl_cert_read(const char *filename) { int ret; gnutls_datum data; gnutls_x509_crt x5; if (read_to_datum(filename, &data)) return NULL; if (gnutls_x509_crt_init(&x5) != 0) return NULL; ret = gnutls_x509_crt_import(x5, &data, GNUTLS_X509_FMT_PEM); ne_free(data.data); if (ret < 0) { gnutls_x509_crt_deinit(x5); return NULL; } return populate_cert(ne_calloc(sizeof(struct ne_ssl_certificate_s)), x5); }