Exemplo n.º 1
0
static int
cert_callback (gnutls_session_t session,
               const gnutls_datum_t * req_ca_rdn, int nreqs,
               const gnutls_pk_algorithm_t * sign_algos,
               int sign_algos_length, gnutls_retr_st * st)
{
    char issuer_dn[256];
    int i, ret;
    size_t len;
    gnutls_certificate_type_t type;

    /* Print the server's trusted CAs
     */
    if (nreqs > 0)
        printf ("- Server's trusted authorities:\n");
    else
        printf ("- Server did not send us any trusted authorities names.\n");

    /* print the names (if any) */
    for (i = 0; i < nreqs; i++)
    {
        len = sizeof (issuer_dn);
        ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
        if (ret >= 0)
        {
            printf ("   [%d]: ", i);
            printf ("%s\n", issuer_dn);
        }
    }

    /* Select a certificate and return it.
     * The certificate must be of any of the "sign algorithms"
     * supported by the server.
     */

    type = gnutls_certificate_type_get (session);
    if (type == GNUTLS_CRT_X509)
    {
        st->type = type;
        st->ncerts = 1;

        st->cert.x509 = &crt;
        st->key.x509 = key;

        st->deinit_all = 0;
    }
    else
    {
        return -1;
    }

    return 0;

}
Exemplo n.º 2
0
/* A callback function to be used at the certificate selection time.
 */
static int
cert_callback (gnutls_session session,
	       const gnutls_datum * req_ca_rdn, int nreqs,
	       const gnutls_pk_algorithm * sign_algos,
	       int sign_algos_length, gnutls_retr_st * st)
{
  char issuer_dn[256];
  int i, ret;
  size_t len;

  if (verbose == 0)
    return -1;

  /* Print the server's trusted CAs
   */
  printf ("\n");
  if (nreqs > 0)
    printf ("- Server's trusted authorities:\n");
  else
    printf ("- Server did not send us any trusted authorities names.\n");

  /* print the names (if any) */
  for (i = 0; i < nreqs; i++)
    {
      len = sizeof (issuer_dn);
      ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
      if (ret >= 0)
	{
	  printf ("   [%d]: ", i);
	  printf ("%s\n", issuer_dn);
	}
    }

  return -1;

}
Exemplo n.º 3
0
static int
cert_callback (gnutls_session_t session,
	       const gnutls_datum_t * req_ca_rdn, int nreqs,
	       const gnutls_pk_algorithm_t * sign_algos,
	       int sign_algos_length, gnutls_retr_st * st)
{
  char issuer_dn[256];
  int i, ret;
  size_t len;

  if (verbose)
    {

      /* Print the server's trusted CAs
       */
      if (nreqs > 0)
	printf ("- Server's trusted authorities:\n");
      else
	printf ("- Server did not send us any trusted authorities names.\n");

      /* print the names (if any) */
      for (i = 0; i < nreqs; i++)
	{
	  len = sizeof (issuer_dn);
	  ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
	  if (ret >= 0)
	    {
	      printf ("   [%d]: ", i);
	      printf ("%s\n", issuer_dn);
	    }
	}
    }

  /* Select a certificate and return it.
   * The certificate must be of any of the "sign algorithms"
   * supported by the server.
   */

  st->type = gnutls_certificate_type_get (session);


  st->ncerts = 0;

  if (st->type == GNUTLS_CRT_X509)
    {
      gnutls_sign_algorithm_t cert_algo, req_algo;
      int i, match = 0;

      if (x509_crt[0] != NULL)
	{
	  ret = gnutls_x509_crt_get_signature_algorithm (x509_crt[0]);
	  if (ret < 0)
	    {
	      /* error reading signature algorithm */
	      return -1;
	    }
	  cert_algo = ret;

	  i = 0;
	  do
	    {
	      ret =
		gnutls_sign_algorithm_get_requested (session, i, &req_algo);
	      if (ret >= 0 && cert_algo == req_algo)
		{
		  match = 1;
		  break;
		}

	      /* server has not requested anything specific */
	      if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
		{
		  match = 1;
		  break;
		}
	      i++;
	    }
	  while (ret >= 0);

	  if (match == 0)
	    {
	      printf
		("- Could not find a suitable certificate to send to server\n");
	      return -1;
	    }
	}

      if (x509_crt != NULL && x509_key != NULL)
	{
	  st->ncerts = x509_crt_size;

	  st->cert.x509 = x509_crt;
	  st->key.x509 = x509_key;

	  st->deinit_all = 0;

	  return 0;
	}
    }
  else if (st->type == GNUTLS_CRT_OPENPGP)
    {
      if (pgp_key != NULL && pgp_crt != NULL)
	{
	  st->ncerts = 1;

	  st->cert.pgp = pgp_crt;
	  st->key.pgp = pgp_key;

	  st->deinit_all = 0;

	  return 0;
	}
    }

  printf ("- Successfully sent %d certificate(s) to server.\n", st->ncerts);
  return 0;

}
Exemplo n.º 4
0
static int
cert_callback (gnutls_session_t session,
               const gnutls_datum_t * req_ca_rdn, int nreqs,
               const gnutls_pk_algorithm_t * sign_algos,
               int sign_algos_length, gnutls_pcert_st **pcert,
               unsigned int *pcert_length, gnutls_privkey_t * pkey)
{
  char issuer_dn[256];
  int i, ret, cert_type;
  size_t len;

  if (verbose)
    {
      /* Print the server's trusted CAs
       */
      if (nreqs > 0)
        printf ("- Server's trusted authorities:\n");
      else
        printf ("- Server did not send us any trusted authorities names.\n");

      /* print the names (if any) */
      for (i = 0; i < nreqs; i++)
        {
          len = sizeof (issuer_dn);
          ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
          if (ret >= 0)
            {
              printf ("   [%d]: ", i);
              printf ("%s\n", issuer_dn);
            }
        }
    }

  /* Select a certificate and return it.
   * The certificate must be of any of the "sign algorithms"
   * supported by the server.
   */

  cert_type = gnutls_certificate_type_get (session);

  *pcert_length = 0;

  if (cert_type == GNUTLS_CRT_X509)
    {
      if (x509_crt_size > 0)
        {
          if (x509_key != NULL)
            {
              *pkey = x509_key;
            }
          else
            {
              printf ("- Could not find a suitable key to send to server\n");
              return -1;
            }

          *pcert_length = x509_crt_size;
          *pcert = x509_crt;
        }

    }
  else if (cert_type == GNUTLS_CRT_OPENPGP)
    {
      if (pgp_key != NULL)
        {
          *pkey = pgp_key;

          *pcert_length = 1;
          *pcert = &pgp_crt;
        }
    }

  printf ("- Successfully sent %u certificate(s) to server.\n", *pcert_length);
  return 0;

}
Exemplo n.º 5
0
static int
cert_callback (gnutls_session session,
	       const gnutls_datum * req_ca_rdn, int nreqs,
	       const gnutls_pk_algorithm * sign_algos,
	       int sign_algos_length, gnutls_retr_st * st)
{
  char issuer_dn[256];
  int i, ret;
  size_t len;

  if (verbose)
    {

      /* Print the server's trusted CAs
       */
      if (nreqs > 0)
	printf ("- Server's trusted authorities:\n");
      else
	printf ("- Server did not send us any trusted authorities names.\n");

      /* print the names (if any) */
      for (i = 0; i < nreqs; i++)
	{
	  len = sizeof (issuer_dn);
	  ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len);
	  if (ret >= 0)
	    {
	      printf ("   [%d]: ", i);
	      printf ("%s\n", issuer_dn);
	    }
	}
    }

  /* Select a certificate and return it.
   * The certificate must be of any of the "sign algorithms"
   * supported by the server.
   */

  st->type = gnutls_certificate_type_get (session);

  st->ncerts = 0;

  if (st->type == GNUTLS_CRT_X509)
    {
      if (x509_crt != NULL && x509_key != NULL)
	{
	  st->ncerts = x509_crt_size;

	  st->cert.x509 = x509_crt;
	  st->key.x509 = x509_key;

	  st->deinit_all = 0;

	  return 0;
	}
    }
  else if (st->type == GNUTLS_CRT_OPENPGP)
    {
      if (pgp_key != NULL && pgp_crt != NULL)
	{
	  st->ncerts = 1;

	  st->cert.pgp = pgp_crt;
	  st->key.pgp = pgp_key;

	  st->deinit_all = 0;

	  return 0;
	}
    }

  printf ("- Successfully sent %d certificate(s) to server.\n", st->ncerts);
  return 0;

}