[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r33589 - in gnunet-gtk: . src/namestore
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r33589 - in gnunet-gtk: . src/namestore |
|
Date: |
Sat, 7 Jun 2014 19:11:29 +0200 |
Author: grothoff
Date: 2014-06-07 19:11:29 +0200 (Sat, 07 Jun 2014)
New Revision: 33589
Modified:
gnunet-gtk/configure.ac
gnunet-gtk/src/namestore/Makefile.am
gnunet-gtk/src/namestore/plugin_gtk_namestore_box.c
gnunet-gtk/src/namestore/plugin_gtk_namestore_tlsa.c
Log:
finishing TLSA validation logic
Modified: gnunet-gtk/configure.ac
===================================================================
--- gnunet-gtk/configure.ac 2014-06-07 15:15:53 UTC (rev 33588)
+++ gnunet-gtk/configure.ac 2014-06-07 17:11:29 UTC (rev 33589)
@@ -338,6 +338,40 @@
AC_SUBST(GLADE_LIBS)
+# gnutls
+gnutls=0
+gnutls_dane=0
+AC_MSG_CHECKING(for gnutls)
+AC_ARG_WITH(gnutls,
+ [ --with-gnutls=PFX base of gnutls installation],
+ [AC_MSG_RESULT([$with_gnutls])
+ case $with_gnutls in
+ no)
+ ;;
+ yes)
+ AC_CHECK_HEADERS([gnutls/abstract.h],
+ AC_CHECK_LIB([gnutls], [gnutls_pubkey_import],
+ gnutls=true))
+ ;;
+ *)
+ LDFLAGS="-L$with_gnutls/lib $LDFLAGS"
+ CPPFLAGS="-I$with_gnutls/include $CPPFLAGS"
+ AC_CHECK_HEADERS([gnutls/abstract.h],
+ AC_CHECK_LIB([gnutls], [gnutls_pubkey_import],
+ EXT_LIB_PATH="-L$with_gnutls/lib $EXT_LIB_PATH"
+ gnutls=true))
+ ;;
+ esac
+ ],
+ [AC_MSG_RESULT([--with-gnutls not specified])
+ AC_CHECK_HEADERS([gnutls/abstract.h],
+ AC_CHECK_LIB([gnutls], [gnutls_pubkey_import],
+ gnutls=true))
+ ])
+AM_CONDITIONAL(HAVE_GNUTLS, test x$gnutls = xtrue)
+AC_DEFINE_UNQUOTED([HAVE_GNUTLS], $gnutls, [We have GnuTLS])
+
+
# Adam shostack suggests the following for Windows:
# -D_FORTIFY_SOURCE=2 -fstack-protector-all
AC_ARG_ENABLE(gcc-hardening,
Modified: gnunet-gtk/src/namestore/Makefile.am
===================================================================
--- gnunet-gtk/src/namestore/Makefile.am 2014-06-07 15:15:53 UTC (rev
33588)
+++ gnunet-gtk/src/namestore/Makefile.am 2014-06-07 17:11:29 UTC (rev
33589)
@@ -36,6 +36,9 @@
gnunet_namestore_gtk_LDFLAGS = \
-export-dynamic
+if HAVE_GNUTLS
+NAMESTORE_TLSA = libgnunet_plugin_gtk_namestore_tlsa.la
+endif
plugin_LTLIBRARIES = \
libgnunet_plugin_gtk_namestore_a.la \
@@ -50,7 +53,7 @@
libgnunet_plugin_gtk_namestore_ptr.la \
libgnunet_plugin_gtk_namestore_soa.la \
libgnunet_plugin_gtk_namestore_srv.la \
- libgnunet_plugin_gtk_namestore_tlsa.la \
+ $(NAMESTORE_TLSA) \
libgnunet_plugin_gtk_namestore_txt.la \
libgnunet_plugin_gtk_namestore_vpn.la
Modified: gnunet-gtk/src/namestore/plugin_gtk_namestore_box.c
===================================================================
--- gnunet-gtk/src/namestore/plugin_gtk_namestore_box.c 2014-06-07 15:15:53 UTC
(rev 33588)
+++ gnunet-gtk/src/namestore/plugin_gtk_namestore_box.c 2014-06-07 17:11:29 UTC
(rev 33589)
@@ -33,8 +33,10 @@
*/
#include "gnunet_gtk.h"
#include "gnunet_gtk_namestore_plugin.h"
+#if HAVE_GNUTLS
+#include <gnutls/gnutls.h>
+#endif
-
#ifndef EDP_CBC_DEF
#define EDP_CBC_DEF
/**
@@ -56,9 +58,10 @@
/* We simply include the code for boxed plugins directly here */
#include "plugin_gtk_namestore_srv.c"
+#if HAVE_GNUTLS
#include "plugin_gtk_namestore_tlsa.c"
+#endif
-
/**
* Context for the box.
*/
@@ -120,6 +123,7 @@
n_value,
builder);
break;
+#if HAVE_GNUTLS
case GNUNET_DNSPARSER_TYPE_TLSA:
gtk_widget_show (GTK_WIDGET (gtk_builder_get_object (builder,
"edit_dialog_tlsa_frame")));
@@ -127,6 +131,7 @@
n_value,
builder);
break;
+#endif
default:
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
_("Boxed record type %u not supported\n"),
@@ -155,9 +160,11 @@
case GNUNET_DNSPARSER_TYPE_SRV:
return srv_store (bc->env,
builder);
+#if HAVE_GNUTLS
case GNUNET_DNSPARSER_TYPE_TLSA:
return tlsa_store (bc->env,
builder);
+#endif
default:
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
_("Boxed record type %u not supported\n"),
@@ -189,9 +196,11 @@
case GNUNET_DNSPARSER_TYPE_SRV:
return srv_validate (bc->env,
builder);
+#if HAVE_GNUTLS
case GNUNET_DNSPARSER_TYPE_TLSA:
return tlsa_validate (bc->env,
builder);
+#endif
default:
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
_("Boxed record type %u not supported\n"),
@@ -216,6 +225,7 @@
/* SRV plugin */
{ "GNS_edit_dialog_srv_target_entry_changed_cb",
G_CALLBACK (GNS_edit_dialog_srv_target_entry_changed_cb) },
+#if HAVE_GNUTLS
/* TLSA plugin */
{ "tlsa_value_textbuffer_changed_cb",
G_CALLBACK (tlsa_value_textbuffer_changed_cb) },
@@ -229,6 +239,7 @@
G_CALLBACK (tlsa_import_button_clicked_cb) },
{ "edit_dialog_tlsa_import_entry_changed_cb",
G_CALLBACK (edit_dialog_tlsa_import_entry_changed_cb) },
+#endif
/* generic CBs */
{ "edit_dialog_protocol_combobox_changed_cb",
G_CALLBACK (edit_dialog_protocol_combobox_changed_cb) },
@@ -237,6 +248,9 @@
};
struct BoxContext *bc;
+#if HAVE_GNUTLS
+ gnutls_global_init ();
+#endif
bc = GNUNET_new (struct BoxContext);
bc->env = env;
plugin = GNUNET_new (struct GNUNET_GTK_NAMESTORE_PluginFunctions);
@@ -265,6 +279,9 @@
GNUNET_free (bc);
GNUNET_free (plugin);
+#if HAVE_GNUTLS
+ gnutls_global_deinit ();
+#endif
return NULL;
}
Modified: gnunet-gtk/src/namestore/plugin_gtk_namestore_tlsa.c
===================================================================
--- gnunet-gtk/src/namestore/plugin_gtk_namestore_tlsa.c 2014-06-07
15:15:53 UTC (rev 33588)
+++ gnunet-gtk/src/namestore/plugin_gtk_namestore_tlsa.c 2014-06-07
17:11:29 UTC (rev 33589)
@@ -31,6 +31,7 @@
#include "gnunet_gtk_namestore_plugin.h"
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
+#include <gnutls/abstract.h>
/**
@@ -445,19 +446,18 @@
GtkTextIter ti_start;
GtkTextIter ti_end;
gnutls_datum_t datum;
- gnutls_pkcs7_t pkcs7;
+ gnutls_x509_crt_t cert;
+ gnutls_pubkey_t pk;
int ret;
unsigned int matching_type;
+ unsigned int selector;
+ int err;
- fprintf (stderr,
- "Validating...\n");
cb = GTK_COMBO_BOX (gtk_builder_get_object (builder,
"edit_dialog_protocol_combobox"));
if (! gtk_combo_box_get_active_iter (cb,
&iter))
{
- fprintf (stderr,
- "No protocol selected...\n");
return GNUNET_SYSERR;
}
@@ -479,31 +479,74 @@
bin))
{
/* not hex */
- fprintf (stderr,
- "Certificate value is not in hex...\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("Certificate value is not in hex...\n"));
return GNUNET_SYSERR;
}
matching_type = get_selected_radio_value (builder,
matching_type_buttons);
-
+ selector = get_selected_radio_value (builder,
+ selector_buttons);
switch (matching_type)
{
case 0: /* exact match */
datum.size = sizeof (bin);
datum.data = bin;
- gnutls_pkcs7_init (&pkcs7);
- if (GNUTLS_E_SUCCESS !=
- gnutls_pkcs7_import (pkcs7,
- &datum,
- GNUTLS_X509_FMT_DER))
+ switch (selector)
{
- fprintf (stderr,
- "Certificate value is not PKCS7...\n");
+ case 0: /* full Cert */
+ if (GNUTLS_E_SUCCESS !=
+ (err = gnutls_x509_crt_init (&cert)))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("Failed to initialize CERT: %s\n"),
+ gnutls_strerror_name (err));
+ ret = GNUNET_SYSERR;
+ break;
+ }
+ if (GNUTLS_E_SUCCESS !=
+ (err = gnutls_x509_crt_import (cert,
+ &datum,
+ GNUTLS_X509_FMT_DER)))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("Failed to parse CERT: %s\n"),
+ gnutls_strerror_name (err));
+ ret = GNUNET_SYSERR;
+ }
+ else
+ ret = GNUNET_OK;
+ gnutls_x509_crt_deinit (cert);
+ break;
+ case 1: /* subject public key only */
+ if (GNUTLS_E_SUCCESS !=
+ (err = gnutls_pubkey_init (&pk)))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("Failed to initialize PK: %s\n"),
+ gnutls_strerror_name (err));
+ ret = GNUNET_SYSERR;
+ break;
+ }
+ if (GNUTLS_E_SUCCESS !=
+ (err = gnutls_pubkey_import (pk,
+ &datum,
+ GNUTLS_X509_FMT_DER)))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ _("Failed to parse PK: %s\n"),
+ gnutls_strerror_name (err));
+ ret = GNUNET_SYSERR;
+ }
+ else
+ ret = GNUNET_OK;
+ gnutls_pubkey_deinit (pk);
+ break;
+ default:
+ GNUNET_break (0);
ret = GNUNET_SYSERR;
+ break;
}
- else
- ret = GNUNET_OK;
- gnutls_pkcs7_deinit (pkcs7);
break;
case 1: /* SHA-256 hash */
ret = (256 / 8 == slen / 2) ? GNUNET_OK : GNUNET_SYSERR;
@@ -513,6 +556,7 @@
break;
default:
GNUNET_break (0);
+ ret = GNUNET_SYSERR;
break;
}
}
@@ -593,6 +637,7 @@
{ NULL, NULL }
};
+ gnutls_global_init ();
plugin = GNUNET_new (struct GNUNET_GTK_NAMESTORE_PluginFunctions);
plugin->cls = env;
plugin->dialog_glade_filename = "gnunet_namestore_edit_tlsa.glade";
@@ -619,6 +664,7 @@
struct GNUNET_GTK_NAMESTORE_PluginFunctions *plugin = cls;
GNUNET_free (plugin);
+ gnutls_global_deinit ();
return NULL;
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r33589 - in gnunet-gtk: . src/namestore,
gnunet <=