/**
* gnutls_server_name_set:
* @session: is a #gnutls_session_t type.
* @type: specifies the indicator type
* @name: is a string that contains the server name.
* @name_length: holds the length of name
*
* This function is to be used by clients that want to inform (via a
* TLS extension mechanism) the server of the name they connected to.
* This should be used by clients that connect to servers that do
* virtual hosting.
*
* The value of @name depends on the @type type. In case of
* %GNUTLS_NAME_DNS, a UTF-8 null-terminated domain name string,
* without the trailing dot, is expected.
*
* IPv4 or IPv6 addresses are not permitted to be set by this function.
* If the function is called with a name of @name_length zero it will clear
* all server names set.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
* otherwise a negative error code is returned.
**/
int
gnutls_server_name_set(gnutls_session_t session,
gnutls_server_name_type_t type,
const void *name, size_t name_length)
{
int ret;
gnutls_datum_t idn_name = {NULL,0};
if (session->security_parameters.entity == GNUTLS_SERVER) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
if (name_length == 0) { /* unset extension */
_gnutls_ext_unset_session_data(session, GNUTLS_EXTENSION_SERVER_NAME);
return 0;
}
ret = gnutls_idna_map(name, name_length, &idn_name, 0);
if (ret < 0) {
_gnutls_debug_log("unable to convert name %s to IDNA2003 format\n", (char*)name);
return ret;
}
name = idn_name.data;
name_length = idn_name.size;
ret = _gnutls_server_name_set_raw(session, type, name, name_length);
gnutls_free(idn_name.data);
return ret;
}
/* if @host is NULL certificate check is skipped */
static int
_test_cli_serv(gnutls_certificate_credentials_t server_cred,
gnutls_certificate_credentials_t client_cred,
const char *serv_prio, const char *cli_prio,
const char *host,
void *priv, callback_func *client_cb, callback_func *server_cb,
unsigned expect_verification_failure,
unsigned require_cert,
int serv_err,
int cli_err)
{
int exit_code = EXIT_SUCCESS;
int ret;
/* Server stuff. */
gnutls_session_t server;
int sret = GNUTLS_E_AGAIN;
/* Client stuff. */
gnutls_session_t client;
int cret = GNUTLS_E_AGAIN;
/* General init. */
reset_buffers();
/* Init server */
gnutls_init(&server, GNUTLS_SERVER);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
server_cred);
gnutls_priority_set_direct(server, serv_prio, NULL);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, server);
if (require_cert)
gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE);
ret = gnutls_init(&client, GNUTLS_CLIENT);
if (ret < 0)
exit(1);
if (host) {
if (strncmp(host, "raw:", 4) == 0) {
assert(_gnutls_server_name_set_raw(client, GNUTLS_NAME_DNS, host+4, strlen(host+4))>=0);
host += 4;
} else {
assert(gnutls_server_name_set(client, GNUTLS_NAME_DNS, host, strlen(host))>=0);
}
}
ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
client_cred);
if (ret < 0)
exit(1);
gnutls_priority_set_direct(client, cli_prio, NULL);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, client);
if (cli_err == 0 && serv_err == 0) {
HANDSHAKE(client, server);
} else {
HANDSHAKE_EXPECT(client, server, cli_err, serv_err);
}
/* check the number of certificates received and verify */
if (host) {
gnutls_typed_vdata_st data[2];
unsigned status;
memset(data, 0, sizeof(data));
data[0].type = GNUTLS_DT_DNS_HOSTNAME;
data[0].data = (void*)host;
data[1].type = GNUTLS_DT_KEY_PURPOSE_OID;
data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER;
ret = gnutls_certificate_verify_peers(client, data, 2, &status);
if (ret < 0) {
fail("could not verify certificate: %s\n", gnutls_strerror(ret));
exit(1);
}
if (expect_verification_failure && status != 0) {
ret = status;
goto cleanup;
} else if (expect_verification_failure && status == 0) {
fail("expected verification failure but verification succeeded!\n");
}
if (status != 0) {
gnutls_datum_t t;
assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0);
fail("could not verify certificate for '%s': %.4x: %s\n", host, status, t.data);
gnutls_free(t.data);
exit(1);
}
/* check gnutls_certificate_verify_peers3 */
ret = gnutls_certificate_verify_peers3(client, host, &status);
if (ret < 0) {
fail("could not verify certificate: %s\n", gnutls_strerror(ret));
exit(1);
}
if (status != 0) {
gnutls_datum_t t;
assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0);
fail("could not verify certificate3: %.4x: %s\n", status, t.data);
gnutls_free(t.data);
exit(1);
}
}
ret = 0;
cleanup:
if (client_cb)
client_cb(client, priv);
if (server_cb)
server_cb(server, priv);
gnutls_bye(client, GNUTLS_SHUT_RDWR);
gnutls_bye(server, GNUTLS_SHUT_RDWR);
gnutls_deinit(client);
gnutls_deinit(server);
if (debug > 0) {
if (exit_code == 0)
puts("Self-test successful");
else
puts("Self-test failed");
}
return ret;
}
