#include <gnutls_int.h>
#include "gnutls_auth_int.h"
#include "gnutls_errors.h"
#include <gnutls_cert.h>
#include <auth_cert.h>
#include "gnutls_dh.h"
#include "gnutls_num.h"
#include "gnutls_datum.h"
#include <gnutls_pk.h>
#include <gnutls_algorithms.h>
#include <gnutls_global.h>
#include <gnutls_record.h>
#include <gnutls_sig.h>
#include <gnutls_state.h>
#include <gnutls_str.h>
#include <debug.h>
#include <x509_b64.h>
#include <gnutls_x509.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include "common.h"
#include "x509.h"
#include "mpi.h"
#include "privkey.h"
Go to the source code of this file.
#define CLEAR_CERTS |
for(x=0;x<peer_certificate_list_size;x++) { \ if (peer_certificate_list[x]) \ MHD_gnutls_x509_crt_deinit(peer_certificate_list[x]); \ } \ MHD_gnutls_free( peer_certificate_list)
Definition at line 85 of file gnutls_x509.c.
static int check_bits | ( | MHD_gnutls_x509_crt_t | crt, | |
unsigned int | max_bits | |||
) | [inline, static] |
Definition at line 63 of file gnutls_x509.c.
References GNUTLS_E_CONSTRAINT_ERROR, MHD_gnutls_assert, and MHD_gnutls_x509_crt_get_pk_algorithm().
int MHD__gnutls_certificate_set_x509_key_mem | ( | MHD_gtls_cert_credentials_t | res, | |
const MHD_gnutls_datum_t * | cert, | |||
const MHD_gnutls_datum_t * | key, | |||
MHD_gnutls_x509_crt_fmt_t | type | |||
) |
MHD__gnutls_certificate_set_x509_key_mem - Used to set keys in a MHD_gtls_cert_credentials_t structure : is an MHD_gtls_cert_credentials_t structure. : contains a certificate list (path) for the specified private key : is the private key, or NULL : is PEM or DER
This function sets a certificate/private key pair in the MHD_gtls_cert_credentials_t structure. This function may be called more than once (in case multiple keys/certificates exist for the server).
Currently are supported: RSA PKCS-1 encoded private keys, DSA private keys.
DSA private keys are encoded the OpenSSL way, which is an ASN.1 DER sequence of 6 INTEGERs - version, p, q, g, pub, priv.
Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates is supported. This means that certificates intended for signing cannot be used for ciphersuites that require encryption.
If the certificate and the private key are given in PEM encoding then the strings that hold their values must be null terminated.
The may be NULL if you are using a sign callback, see MHD_gtls_sign_callback_set().
Returns: GNUTLS_E_SUCCESS on success, or an error code.
Definition at line 521 of file gnutls_x509.c.
References MHD_gnutls_datum_t::data, MHD__gnutls_check_key_cert_match(), MHD_gnutls_assert, MHD_gtls_certificate_credentials_st::ncerts, read_cert_mem(), read_key_mem(), and MHD_gnutls_datum_t::size.
Referenced by MHD_init_daemon_certificate().
static int MHD__gnutls_check_key_cert_match | ( | MHD_gtls_cert_credentials_t | res | ) | [static] |
Definition at line 99 of file gnutls_x509.c.
References MHD_gtls_certificate_credentials_st::cert_list, MHD_gnutls_datum_t::data, GNUTLS_E_CERTIFICATE_KEY_MISMATCH, MHD__gnutls_free_datum, MHD__gnutls_x509_write_rsa_params(), MHD_gnutls_assert, MHD_gtls_certificate_credentials_st::ncerts, MHD_gnutls_privkey_int::params, MHD_gnutls_cert::params_size, MHD_gnutls_privkey_int::params_size, MHD_gnutls_privkey_int::pk_algorithm, MHD_gtls_certificate_credentials_st::pkey, MHD_gnutls_datum_t::size, and MHD_gnutls_cert::subject_pk_algorithm.
Referenced by MHD__gnutls_certificate_set_x509_key_mem().
int MHD__gnutls_check_key_usage | ( | const MHD_gnutls_cert * | cert, | |
enum MHD_GNUTLS_KeyExchangeAlgorithm | alg | |||
) |
Definition at line 553 of file gnutls_x509.c.
References CIPHER_ENCRYPT, CIPHER_IGN, CIPHER_SIGN, GNUTLS_E_INTERNAL_ERROR, GNUTLS_E_KEY_USAGE_VIOLATION, KEY_DIGITAL_SIGNATURE, KEY_KEY_ENCIPHERMENT, MHD_gnutls_cert::key_usage, MHD_gnutls_assert, MHD_GNUTLS_CRD_CERTIFICATE, MHD_gtls_kx_encipher_type(), and MHD_gtls_map_kx_get_cred().
Referenced by MHD_gtls_proc_x509_server_certificate(), and MHD_gtls_selected_cert_supported_kx().
int MHD__gnutls_x509_privkey_to_gkey | ( | MHD_gnutls_privkey * | dest, | |
MHD_gnutls_x509_privkey_t | src | |||
) |
Definition at line 367 of file gnutls_x509.c.
References GNUTLS_E_MEMORY_ERROR, MHD__gnutls_mpi_copy, MHD_gnutls_assert, MHD_gtls_mpi_release(), MHD_gtls_x509_privkey_int::params, MHD_gnutls_privkey_int::params, MHD_gnutls_privkey_int::params_size, MHD_gtls_x509_privkey_int::params_size, MHD_gtls_x509_privkey_int::pk_algorithm, and MHD_gnutls_privkey_int::pk_algorithm.
Referenced by alloc_and_load_x509_key(), and MHD__gnutls_x509_raw_privkey_to_gkey().
int MHD__gnutls_x509_raw_privkey_to_gkey | ( | MHD_gnutls_privkey * | privkey, | |
const MHD_gnutls_datum_t * | raw_key, | |||
MHD_gnutls_x509_crt_fmt_t | type | |||
) |
Definition at line 413 of file gnutls_x509.c.
References MHD__gnutls_x509_privkey_to_gkey(), MHD_gnutls_assert, MHD_gnutls_x509_privkey_deinit(), MHD_gnutls_x509_privkey_import(), and MHD_gnutls_x509_privkey_init().
Referenced by read_key_mem().
void MHD_gtls_gkey_deinit | ( | MHD_gnutls_privkey * | key | ) |
Definition at line 400 of file gnutls_x509.c.
References MHD_gtls_mpi_release(), MHD_gnutls_privkey_int::params, and MHD_gnutls_privkey_int::params_size.
Referenced by MHD__gnutls_certificate_free_keys(), and MHD_gtls_selected_certs_deinit().
static int parse_crt_mem | ( | MHD_gnutls_cert ** | cert_list, | |
unsigned * | ncerts, | |||
MHD_gnutls_x509_crt_t | cert | |||
) | [static] |
Definition at line 147 of file gnutls_x509.c.
References GNUTLS_E_MEMORY_ERROR, MHD_gnutls_assert, MHD_gtls_realloc_fast(), and MHD_gtls_x509_crt_to_gcert().
Referenced by parse_der_cert_mem().
static int parse_der_cert_mem | ( | MHD_gnutls_cert ** | cert_list, | |
unsigned * | ncerts, | |||
const void * | input_cert, | |||
int | input_cert_size | |||
) | [static] |
Definition at line 182 of file gnutls_x509.c.
References MHD_gnutls_datum_t::data, GNUTLS_X509_FMT_DER, MHD_gnutls_assert, MHD_gnutls_x509_crt_deinit(), MHD_gnutls_x509_crt_import(), MHD_gnutls_x509_crt_init(), parse_crt_mem(), and MHD_gnutls_datum_t::size.
Referenced by read_cert_mem().
static int parse_pem_cert_mem | ( | MHD_gnutls_cert ** | cert_list, | |
unsigned * | ncerts, | |||
const char * | input_cert, | |||
int | input_cert_size | |||
) | [static] |
Definition at line 217 of file gnutls_x509.c.
References MHD_gnutls_datum_t::data, GNUTLS_E_BASE64_DECODING_ERROR, GNUTLS_E_MEMORY_ERROR, MHD__gnutls_fbase64_decode(), MHD__gnutls_free_datum, MHD_gnutls_assert, MHD_gtls_realloc_fast(), MHD_gtls_x509_raw_cert_to_gcert(), PEM_CERT_SEP, PEM_CERT_SEP2, and MHD_gnutls_datum_t::size.
Referenced by read_cert_mem().
static int read_cert_mem | ( | MHD_gtls_cert_credentials_t | res, | |
const void * | cert, | |||
int | cert_size, | |||
MHD_gnutls_x509_crt_fmt_t | type | |||
) | [static] |
Definition at line 316 of file gnutls_x509.c.
References MHD_gtls_certificate_credentials_st::cert_list, MHD_gtls_certificate_credentials_st::cert_list_length, GNUTLS_E_MEMORY_ERROR, GNUTLS_X509_FMT_DER, MHD_gnutls_assert, MHD_gtls_realloc_fast(), MHD_gtls_certificate_credentials_st::ncerts, parse_der_cert_mem(), and parse_pem_cert_mem().
Referenced by MHD__gnutls_certificate_set_x509_key_mem().
static int read_key_mem | ( | MHD_gtls_cert_credentials_t | res, | |
const void * | key, | |||
int | key_size, | |||
MHD_gnutls_x509_crt_fmt_t | type | |||
) | [static] |
Definition at line 453 of file gnutls_x509.c.
References MHD_gnutls_datum_t::data, GNUTLS_E_MEMORY_ERROR, MHD__gnutls_x509_raw_privkey_to_gkey(), MHD_gnutls_assert, MHD_gtls_realloc_fast(), MHD_gtls_certificate_credentials_st::ncerts, MHD_gtls_certificate_credentials_st::pkey, and MHD_gnutls_datum_t::size.
Referenced by MHD__gnutls_certificate_set_x509_key_mem().