void doit(void)
{
gnutls_certificate_credentials_t x509_cred;
gnutls_certificate_credentials_t clicred;
int ret;
unsigned idx;
#if !defined(HAVE_LIBIDN2)
exit(77);
#endif
/* this must be called once in the program
*/
global_init();
gnutls_global_set_time_function(mytime);
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(6);
assert(gnutls_certificate_allocate_credentials(&clicred) >= 0);
assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0);
gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_API_V2);
ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret));
idx = import_key(x509_cred, &server_ca3_key, &server_ca3_localhost_cert_chain);
assert(idx == 0);
idx = import_key(x509_cred, &server_ca3_key, &server_ca3_localhost_utf8_cert);
assert(idx == 1);
test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL);
test_cli_serv(x509_cred, clicred, "NORMAL", "www.xn--kxawhku.com", NULL, NULL, NULL); /* the previous name in IDNA format */
test_cli_serv(x509_cred, clicred, "NORMAL", "简体中文.εξτρα.com", NULL, NULL, NULL); /* the second DNS name of cert */
test_cli_serv(x509_cred, clicred, "NORMAL", "xn--fiqu1az03c18t.xn--mxah1amo.com", NULL, NULL, NULL); /* its IDNA equivalent */
test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "raw:简体中文.εξτρα.com", GNUTLS_E_RECEIVED_DISALLOWED_NAME, GNUTLS_E_AGAIN);
gnutls_certificate_free_credentials(x509_cred);
gnutls_certificate_free_credentials(clicred);
gnutls_global_deinit();
if (debug)
success("success");
}
static void auto_parse(void)
{
gnutls_certificate_credentials_t x509_cred, clicred;
gnutls_pcert_st pcert_list[16];
gnutls_privkey_t key;
gnutls_pcert_st second_pcert[2];
gnutls_privkey_t second_key;
unsigned pcert_list_size;
int ret;
/* this must be called once in the program
*/
global_init();
gnutls_global_set_time_function(mytime);
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(6);
assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0);
assert(gnutls_privkey_init(&key)>=0);
assert(gnutls_certificate_allocate_credentials(&clicred) >= 0);
ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret));
pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]);
ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size,
&server_ca3_localhost_cert_chain, GNUTLS_X509_FMT_PEM, 0);
if (ret < 0) {
fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret));
}
ret = gnutls_privkey_import_x509_raw(key, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0);
if (ret < 0) {
fail("error in key import: %s\n", gnutls_strerror(ret));
}
ret = gnutls_certificate_set_key(x509_cred, NULL, 0, pcert_list,
pcert_list_size, key);
if (ret < 0) {
fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret));
exit(1);
}
/* set the key with UTF8 names */
assert(gnutls_privkey_init(&second_key)>=0);
pcert_list_size = 2;
ret = gnutls_pcert_list_import_x509_raw(second_pcert, &pcert_list_size,
&server_ca3_localhost_inv_utf8_cert, GNUTLS_X509_FMT_PEM, 0);
if (ret < 0) {
fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret));
}
ret = gnutls_privkey_import_x509_raw(second_key, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0);
if (ret < 0) {
fail("error in key import: %s\n", gnutls_strerror(ret));
}
ret = gnutls_certificate_set_key(x509_cred, NULL, 0, second_pcert,
1, second_key);
if (ret < 0) {
fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret));
exit(1);
}
test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "localhost", 0, 0);
test_cli_serv_vf(x509_cred, clicred, "NORMAL", "www.νίκοσ.com");
test_cli_serv_vf(x509_cred, clicred, "NORMAL", "www.νίκος.com");
test_cli_serv_vf(x509_cred, clicred, "NORMAL", "raw:www.νίκος.com");
gnutls_certificate_free_credentials(x509_cred);
gnutls_certificate_free_credentials(clicred);
gnutls_global_deinit();
if (debug)
success("success");
}
