int ufwissl_ssl_context_set_dh_file(ufwissl_ssl_context * ctx,
const char *filename)
{
gnutls_datum_t datum_dh;
int ret;
datum_dh.data = NULL;
if (!filename)
return UFWISSL_ERROR;
/* read CRL and CA */
ret = read_to_datum(filename, &datum_dh);
if (ret != 0)
return UFWISSL_ERROR;
if (gnutls_dh_params_init(&ctx->dh) < 0) {
free(datum_dh.data);
return UFWISSL_ERROR;
}
if (gnutls_dh_params_import_pkcs3(ctx->dh, &datum_dh, GNUTLS_X509_FMT_PEM) < 0) {
free(datum_dh.data);
return UFWISSL_ERROR;
}
free(datum_dh.data);
return UFWISSL_OK;
}
ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
{
int ret;
gnutls_datum data;
gnutls_pkcs12 p12;
ne_ssl_client_cert *cc;
char *friendly_name = NULL;
gnutls_x509_crt cert = NULL;
gnutls_x509_privkey pkey = NULL;
if (read_to_datum(filename, &data))
return NULL;
if (gnutls_pkcs12_init(&p12) != 0) {
return NULL;
}
ret = gnutls_pkcs12_import(p12, &data, GNUTLS_X509_FMT_DER, 0);
ne_free(data.data);
if (ret < 0) {
gnutls_pkcs12_deinit(p12);
return NULL;
}
if (gnutls_pkcs12_verify_mac(p12, "") == 0) {
if (pkcs12_parse(p12, &pkey, &cert, &friendly_name, "") != 0
|| !cert || !pkey) {
gnutls_pkcs12_deinit(p12);
return NULL;
}
cc = ne_calloc(sizeof *cc);
cc->pkey = pkey;
cc->decrypted = 1;
cc->friendly_name = friendly_name;
populate_cert(&cc->cert, cert);
gnutls_pkcs12_deinit(p12);
cc->p12 = NULL;
return cc;
} else {
/* TODO: calling pkcs12_parse() here to find the friendly_name
* seems to break horribly. */
cc = ne_calloc(sizeof *cc);
cc->p12 = p12;
return cc;
}
}
ne_ssl_certificate *ne_ssl_cert_read(const char *filename)
{
int ret;
gnutls_datum data;
gnutls_x509_crt x5;
if (read_to_datum(filename, &data))
return NULL;
if (gnutls_x509_crt_init(&x5) != 0)
return NULL;
ret = gnutls_x509_crt_import(x5, &data, GNUTLS_X509_FMT_PEM);
ne_free(data.data);
if (ret < 0) {
gnutls_x509_crt_deinit(x5);
return NULL;
}
return populate_cert(ne_calloc(sizeof(struct ne_ssl_certificate_s)), x5);
}
