static int
cert_callback (gnutls_session_t session,
const gnutls_datum_t * req_ca_rdn, int nreqs,
const gnutls_pk_algorithm_t * sign_algos,
int sign_algos_length, gnutls_retr_st * st)
{
char issuer_dn[256];
int i, ret;
size_t len;
gnutls_certificate_type_t type;
/* Print the server's trusted CAs
*/
if (nreqs > 0)
printf ("- Server's trusted authorities:\n");
else
printf ("- Server did not send us any trusted authorities names.\n");
/* print the names (if any) */
for (i = 0; i < nreqs; i++)
{
len = sizeof (issuer_dn);
ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
if (ret >= 0)
{
printf (" [%d]: ", i);
printf ("%s\n", issuer_dn);
}
}
/* Select a certificate and return it.
* The certificate must be of any of the "sign algorithms"
* supported by the server.
*/
type = gnutls_certificate_type_get (session);
if (type == GNUTLS_CRT_X509)
{
st->type = type;
st->ncerts = 1;
st->cert.x509 = &crt;
st->key.x509 = key;
st->deinit_all = 0;
}
else
{
return -1;
}
return 0;
}
/* A callback function to be used at the certificate selection time.
*/
static int
cert_callback (gnutls_session session,
const gnutls_datum * req_ca_rdn, int nreqs,
const gnutls_pk_algorithm * sign_algos,
int sign_algos_length, gnutls_retr_st * st)
{
char issuer_dn[256];
int i, ret;
size_t len;
if (verbose == 0)
return -1;
/* Print the server's trusted CAs
*/
printf ("\n");
if (nreqs > 0)
printf ("- Server's trusted authorities:\n");
else
printf ("- Server did not send us any trusted authorities names.\n");
/* print the names (if any) */
for (i = 0; i < nreqs; i++)
{
len = sizeof (issuer_dn);
ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
if (ret >= 0)
{
printf (" [%d]: ", i);
printf ("%s\n", issuer_dn);
}
}
return -1;
}
static int
cert_callback (gnutls_session_t session,
const gnutls_datum_t * req_ca_rdn, int nreqs,
const gnutls_pk_algorithm_t * sign_algos,
int sign_algos_length, gnutls_retr_st * st)
{
char issuer_dn[256];
int i, ret;
size_t len;
if (verbose)
{
/* Print the server's trusted CAs
*/
if (nreqs > 0)
printf ("- Server's trusted authorities:\n");
else
printf ("- Server did not send us any trusted authorities names.\n");
/* print the names (if any) */
for (i = 0; i < nreqs; i++)
{
len = sizeof (issuer_dn);
ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
if (ret >= 0)
{
printf (" [%d]: ", i);
printf ("%s\n", issuer_dn);
}
}
}
/* Select a certificate and return it.
* The certificate must be of any of the "sign algorithms"
* supported by the server.
*/
st->type = gnutls_certificate_type_get (session);
st->ncerts = 0;
if (st->type == GNUTLS_CRT_X509)
{
gnutls_sign_algorithm_t cert_algo, req_algo;
int i, match = 0;
if (x509_crt[0] != NULL)
{
ret = gnutls_x509_crt_get_signature_algorithm (x509_crt[0]);
if (ret < 0)
{
/* error reading signature algorithm */
return -1;
}
cert_algo = ret;
i = 0;
do
{
ret =
gnutls_sign_algorithm_get_requested (session, i, &req_algo);
if (ret >= 0 && cert_algo == req_algo)
{
match = 1;
break;
}
/* server has not requested anything specific */
if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
{
match = 1;
break;
}
i++;
}
while (ret >= 0);
if (match == 0)
{
printf
("- Could not find a suitable certificate to send to server\n");
return -1;
}
}
if (x509_crt != NULL && x509_key != NULL)
{
st->ncerts = x509_crt_size;
st->cert.x509 = x509_crt;
st->key.x509 = x509_key;
st->deinit_all = 0;
return 0;
}
}
else if (st->type == GNUTLS_CRT_OPENPGP)
{
if (pgp_key != NULL && pgp_crt != NULL)
{
st->ncerts = 1;
st->cert.pgp = pgp_crt;
st->key.pgp = pgp_key;
st->deinit_all = 0;
return 0;
}
}
printf ("- Successfully sent %d certificate(s) to server.\n", st->ncerts);
return 0;
}
static int
cert_callback (gnutls_session_t session,
const gnutls_datum_t * req_ca_rdn, int nreqs,
const gnutls_pk_algorithm_t * sign_algos,
int sign_algos_length, gnutls_pcert_st **pcert,
unsigned int *pcert_length, gnutls_privkey_t * pkey)
{
char issuer_dn[256];
int i, ret, cert_type;
size_t len;
if (verbose)
{
/* Print the server's trusted CAs
*/
if (nreqs > 0)
printf ("- Server's trusted authorities:\n");
else
printf ("- Server did not send us any trusted authorities names.\n");
/* print the names (if any) */
for (i = 0; i < nreqs; i++)
{
len = sizeof (issuer_dn);
ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
if (ret >= 0)
{
printf (" [%d]: ", i);
printf ("%s\n", issuer_dn);
}
}
}
/* Select a certificate and return it.
* The certificate must be of any of the "sign algorithms"
* supported by the server.
*/
cert_type = gnutls_certificate_type_get (session);
*pcert_length = 0;
if (cert_type == GNUTLS_CRT_X509)
{
if (x509_crt_size > 0)
{
if (x509_key != NULL)
{
*pkey = x509_key;
}
else
{
printf ("- Could not find a suitable key to send to server\n");
return -1;
}
*pcert_length = x509_crt_size;
*pcert = x509_crt;
}
}
else if (cert_type == GNUTLS_CRT_OPENPGP)
{
if (pgp_key != NULL)
{
*pkey = pgp_key;
*pcert_length = 1;
*pcert = &pgp_crt;
}
}
printf ("- Successfully sent %u certificate(s) to server.\n", *pcert_length);
return 0;
}
static int
cert_callback (gnutls_session session,
const gnutls_datum * req_ca_rdn, int nreqs,
const gnutls_pk_algorithm * sign_algos,
int sign_algos_length, gnutls_retr_st * st)
{
char issuer_dn[256];
int i, ret;
size_t len;
if (verbose)
{
/* Print the server's trusted CAs
*/
if (nreqs > 0)
printf ("- Server's trusted authorities:\n");
else
printf ("- Server did not send us any trusted authorities names.\n");
/* print the names (if any) */
for (i = 0; i < nreqs; i++)
{
len = sizeof (issuer_dn);
ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
if (ret >= 0)
{
printf (" [%d]: ", i);
printf ("%s\n", issuer_dn);
}
}
}
/* Select a certificate and return it.
* The certificate must be of any of the "sign algorithms"
* supported by the server.
*/
st->type = gnutls_certificate_type_get (session);
st->ncerts = 0;
if (st->type == GNUTLS_CRT_X509)
{
if (x509_crt != NULL && x509_key != NULL)
{
st->ncerts = x509_crt_size;
st->cert.x509 = x509_crt;
st->key.x509 = x509_key;
st->deinit_all = 0;
return 0;
}
}
else if (st->type == GNUTLS_CRT_OPENPGP)
{
if (pgp_key != NULL && pgp_crt != NULL)
{
st->ncerts = 1;
st->cert.pgp = pgp_crt;
st->key.pgp = pgp_key;
st->deinit_all = 0;
return 0;
}
}
printf ("- Successfully sent %d certificate(s) to server.\n", st->ncerts);
return 0;
}
