[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-139-gb94eac8
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-139-gb94eac8 |
|
Date: |
Sat, 09 Jun 2012 09:48:40 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=b94eac86706bdcce08db411ac245efca74339669
The branch, master has been updated
via b94eac86706bdcce08db411ac245efca74339669 (commit)
via 93493da862b12e1379bbbcf1707c657b7e55f724 (commit)
via 6c82bf34969ba76c19a8dbda1239d48e552e6bc1 (commit)
via 2576a9d933e4f29f69a7182faa9c4210eeec8fee (commit)
via 81320d370f51b6bd9f9997fce6642ccb4a96b868 (commit)
via 088f9d305b8df030e0c005eff4f9576404ff8535 (commit)
from a649e5caa8eeacef0369a788f10fbf71649639dd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b94eac86706bdcce08db411ac245efca74339669
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jun 9 11:48:26 2012 +0200
removed entry which was included in 3.0.20
commit 93493da862b12e1379bbbcf1707c657b7e55f724
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jun 9 11:48:02 2012 +0200
Fixed leaks in PKCS #8 decoding
commit 6c82bf34969ba76c19a8dbda1239d48e552e6bc1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jun 9 11:02:07 2012 +0200
Changed prototype for gnutls_pkcs12_simple_parse() to simplify chain
building.
commit 2576a9d933e4f29f69a7182faa9c4210eeec8fee
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 8 09:20:32 2012 +0200
documented pin_callback expectations.
commit 81320d370f51b6bd9f9997fce6642ccb4a96b868
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 7 22:20:26 2012 +0200
removed unused functions.
commit 088f9d305b8df030e0c005eff4f9576404ff8535
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 7 22:17:16 2012 +0200
simplified check for win32
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 -
doc/examples/ex-cert-select-pkcs11.c | 5 +
lib/gnutls_x509.c | 66 ++++----------
lib/includes/gnutls/pkcs12.h | 17 ++--
lib/x509/pkcs12.c | 156 ++++++++++++++++++++++++--------
lib/x509/privkey_pkcs8.c | 6 +-
src/certtool.c | 10 --
src/cli.c | 15 +---
src/psk.c | 11 ---
src/serv.c | 12 ---
src/srptool.c | 11 ---
src/tls_test.c | 11 ---
tests/Makefile.am | 3 +-
tests/pkcs12-decode/Makefile.am | 3 +-
tests/pkcs12-decode/pkcs12_5certs.p12 | Bin 0 -> 7338 bytes
tests/pkcs12_simple.c | 121 +++++++++++++++++++++++++
16 files changed, 277 insertions(+), 173 deletions(-)
create mode 100644 tests/pkcs12-decode/pkcs12_5certs.p12
create mode 100644 tests/pkcs12_simple.c
diff --git a/NEWS b/NEWS
index a62b9c2..4fd8c55 100644
--- a/NEWS
+++ b/NEWS
@@ -21,9 +21,6 @@ for encryption and signatures.
is assumed to be a file that stores the pin. Based on patch
by David Smith.
-** libgnutls: introduce gnutls_certificate_set_x509_system_trust
-which imports the trusted root CA's from a compile time defined location.
-
** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between
generic errors and signature verification errors in the verification
functions.
diff --git a/doc/examples/ex-cert-select-pkcs11.c
b/doc/examples/ex-cert-select-pkcs11.c
index e8cb21e..83c2e64 100644
--- a/doc/examples/ex-cert-select-pkcs11.c
+++ b/doc/examples/ex-cert-select-pkcs11.c
@@ -46,6 +46,11 @@ pin_callback (void *user, int attempt, const char *token_url,
{
const char *password;
int len;
+
+ /* Note that a PIN callback may be called multiple times during a
+ * session. It is expected to cache and return the same PIN for
+ * the same token_url, unless flags is set to GNUTLS_PKCS11_PIN_WRONG.
+ */
printf ("PIN required for token '%s' with URL '%s'\n", token_label,
token_url);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 407568c..62d547c 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -42,8 +42,8 @@
#include "x509/x509_int.h"
#include <gnutls_str_array.h>
#include "read-file.h"
-#if defined _WIN32 || defined __WIN32__
-#include <wincrypt.h>
+#ifdef _WIN32
+# include <wincrypt.h>
#endif
/*
@@ -1888,8 +1888,6 @@ int
return ret;
}
-#define MAX_CERT_LIST 16
-
/**
* gnutls_certificate_set_x509_simple_pkcs12_mem:
* @res: is a #gnutls_certificate_credentials_t structure.
@@ -1928,10 +1926,9 @@ int
{
gnutls_pkcs12_t p12;
gnutls_x509_privkey_t key = NULL;
- gnutls_x509_crt_t cert = NULL;
- gnutls_x509_crt_t *extra_certs = NULL;
+ gnutls_x509_crt_t *chain = NULL;
gnutls_x509_crl_t crl = NULL;
- unsigned int extra_certs_size = 0, i;
+ unsigned int chain_size = 0, i;
int ret;
ret = gnutls_pkcs12_init (&p12);
@@ -1960,8 +1957,8 @@ int
}
}
- ret = gnutls_pkcs12_simple_parse (p12, password, &key, &cert,
- &extra_certs, &extra_certs_size, &crl);
+ ret = gnutls_pkcs12_simple_parse (p12, password, &key, &chain, &chain_size,
+ NULL, NULL, &crl, 0);
gnutls_pkcs12_deinit (p12);
if (ret < 0)
{
@@ -1969,41 +1966,8 @@ int
return ret;
}
- if (key && cert)
+ if (key && chain)
{
- gnutls_x509_crt_t chain[MAX_CERT_LIST];
- unsigned int chain_size = 1, j;
- unsigned int done = 0;
-
- j = 0;
- chain[j] = cert;
-
- if (extra_certs_size > 0 && extra_certs_size < MAX_CERT_LIST-1)
- {
- do
- {
- for (i=0;i<extra_certs_size;i++)
- {
- if (gnutls_x509_crt_check_issuer(chain[j], extra_certs[i])
!= 0 &&
- gnutls_x509_crt_check_issuer(extra_certs[i], chain[j])
== 0)
- {
- if (gnutls_x509_crt_check_issuer(extra_certs[i],
extra_certs[i]) != 0)
- { /* we found a self-signed one. We are done. */
- done = 1;
- break;
- }
- chain[++j] = extra_certs[i];
- chain_size++;
- break;
- }
-
- if (i==extra_certs_size - 1)
- done = 1;
- }
- }
- while(done == 0);
- }
-
ret = gnutls_certificate_set_x509_key (res, chain, chain_size, key);
if (ret < 0)
{
@@ -2011,6 +1975,12 @@ int
goto done;
}
}
+ else
+ {
+ gnutls_assert();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto done;
+ }
if (crl)
{
@@ -2025,14 +1995,12 @@ int
ret = 0;
done:
- if (extra_certs)
+ if (chain)
{
- for (i=0;i<extra_certs_size;i++)
- gnutls_x509_crt_deinit (extra_certs[i]);
- gnutls_free(extra_certs);
+ for (i=0;i<chain_size;i++)
+ gnutls_x509_crt_deinit (chain[i]);
+ gnutls_free(chain);
}
- if (cert)
- gnutls_x509_crt_deinit (cert);
if (key)
gnutls_x509_privkey_deinit (key);
if (crl)
diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h
index dde5b84..14b45f8 100644
--- a/lib/includes/gnutls/pkcs12.h
+++ b/lib/includes/gnutls/pkcs12.h
@@ -57,14 +57,15 @@ extern "C"
int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass);
int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
unsigned int flags);
- int gnutls_pkcs12_simple_parse (
- gnutls_pkcs12_t p12,
- const char *password,
- gnutls_x509_privkey_t * key,
- gnutls_x509_crt_t * cert,
- gnutls_x509_crt_t ** extra_certs_ret,
- unsigned int * extra_certs_ret_len,
- gnutls_x509_crl_t * crl);
+ int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
+ const char *password,
+ gnutls_x509_privkey_t * key,
+ gnutls_x509_crt_t ** chain,
+ unsigned int * chain_len,
+ gnutls_x509_crt_t ** extra_certs,
+ unsigned int * extra_certs_len,
+ gnutls_x509_crl_t * crl,
+ unsigned int flags);
/**
* gnutls_pkcs12_bag_type_t:
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 78e4075..a595488 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -1328,20 +1328,61 @@ cleanup:
}
+/* Checks if the extra_certs contain certificates that may form a chain
+ * with the first certificate in chain (it is expected that chain_len==1)
+ * and appends those in the chain.
+ */
+static int make_chain(gnutls_x509_crt_t **chain, unsigned int *chain_len,
+ gnutls_x509_crt_t **extra_certs, unsigned int
*extra_certs_len)
+{
+unsigned int i;
+
+ if (*chain_len != 1)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ i = 0;
+ while(i<*extra_certs_len)
+ {
+ /* if it is an issuer but not a self-signed one */
+ if (gnutls_x509_crt_check_issuer((*chain)[*chain_len - 1],
(*extra_certs)[i]) != 0 &&
+ gnutls_x509_crt_check_issuer((*extra_certs)[i], (*extra_certs)[i])
== 0)
+ {
+ *chain = gnutls_realloc (*chain, sizeof((*chain)[0]) *
+ ++(*chain_len));
+ if (*chain == NULL)
+ {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ (*chain)[*chain_len - 1] = (*extra_certs)[i];
+
+ (*extra_certs)[i] = (*extra_certs)[*extra_certs_len-1];
+ (*extra_certs_len)--;
+
+ i=0;
+ continue;
+ }
+ i++;
+ }
+ return 0;
+}
+
/**
* gnutls_pkcs12_simple_parse:
* @p12: the PKCS#12 blob.
* @password: optional password used to decrypt PKCS#12 blob, bags and keys.
* @key: a structure to store the parsed private key.
- * @cert: a structure to store the parsed certificate.
- * @extra_certs_ret: optional pointer to receive an array of additional
+ * @chain: the corresponding to key certificate chain
+ * @chain_len: will be updated with the number of additional
+ * @extra_certs: optional pointer to receive an array of additional
* certificates found in the PKCS#12 blob.
- * @extra_certs_ret_len: will be updated with the number of additional
+ * @extra_certs_len: will be updated with the number of additional
* certs.
- * @crl: a structure to store the parsed CRL.
+ * @crl: an optional structure to store the parsed CRL.
+ * @flags: should be zero
*
* This function parses a PKCS#12 blob in @p12blob and extracts the
- * private key, the corresponding certificate, and any additional
+ * private key, the corresponding certificate chain, and any additional
* certificates and a CRL.
*
* The @extra_certs_ret and @extra_certs_ret_len parameters are optional
@@ -1378,14 +1419,18 @@ int
gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
const char *password,
gnutls_x509_privkey_t * key,
- gnutls_x509_crt_t * cert,
- gnutls_x509_crt_t ** extra_certs_ret,
- unsigned int * extra_certs_ret_len,
- gnutls_x509_crl_t * crl)
+ gnutls_x509_crt_t ** chain,
+ unsigned int * chain_len,
+ gnutls_x509_crt_t ** extra_certs,
+ unsigned int * extra_certs_len,
+ gnutls_x509_crl_t * crl,
+ unsigned int flags)
{
gnutls_pkcs12_bag_t bag = NULL;
- gnutls_x509_crt_t *extra_certs = NULL;
- unsigned int extra_certs_len = 0;
+ gnutls_x509_crt_t *_extra_certs = NULL;
+ unsigned int _extra_certs_len = 0;
+ gnutls_x509_crt_t *_chain = NULL;
+ unsigned int _chain_len = 0;
int idx = 0;
int ret;
size_t cert_id_size = 0;
@@ -1394,9 +1439,10 @@ gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
uint8_t key_id[20];
int privkey_ok = 0;
- *cert = NULL;
*key = NULL;
- *crl = NULL;
+
+ if (crl)
+ *crl = NULL;
/* find the first private key */
for (;;)
@@ -1635,41 +1681,49 @@ gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
}
if (memcmp (cert_id, key_id, cert_id_size) != 0)
- { /* they don't match - skip the certificate */
- if (extra_certs_ret)
+ { /* they don't match - skip the certificate */
+ if (extra_certs)
{
- extra_certs = gnutls_realloc (extra_certs,
- sizeof(extra_certs[0]) *
- ++extra_certs_len);
- if (!extra_certs)
+ _extra_certs = gnutls_realloc (_extra_certs,
+ sizeof(_extra_certs[0]) *
+ ++_extra_certs_len);
+ if (!_extra_certs)
{
gnutls_assert ();
ret = GNUTLS_E_MEMORY_ERROR;
goto done;
}
- extra_certs[extra_certs_len - 1] = this_cert;
+ _extra_certs[_extra_certs_len - 1] = this_cert;
this_cert = NULL;
}
else
{
gnutls_x509_crt_deinit (this_cert);
}
- break;
}
else
{
- if (*cert != NULL) /* no need to set it again */
- {
- gnutls_assert ();
- break;
- }
- *cert = this_cert;
- this_cert = NULL;
+ if (_chain_len == 0)
+ {
+ _chain = gnutls_malloc (sizeof(_chain[0]) *
(++_chain_len));
+ if (!_chain)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto done;
+ }
+ _chain[_chain_len - 1] = this_cert;
+ this_cert = NULL;
+ }
+ else
+ {
+ gnutls_x509_crt_deinit (this_cert);
+ }
}
break;
case GNUTLS_BAG_CRL:
- if (*crl != NULL)
+ if (crl == NULL || *crl != NULL)
{
gnutls_assert ();
break;
@@ -1704,30 +1758,54 @@ gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12,
gnutls_pkcs12_bag_deinit (bag);
}
+ if (_chain_len != 1)
+ {
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto done;
+ }
+
+ ret = make_chain(&_chain, &_chain_len, &_extra_certs, &_extra_certs_len);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto done;
+ }
+
ret = 0;
done:
if (bag)
gnutls_pkcs12_bag_deinit (bag);
- if (ret)
+ if (ret < 0)
{
if (*key)
gnutls_x509_privkey_deinit(*key);
- if (*cert)
- gnutls_x509_crt_deinit(*cert);
- if (extra_certs_len)
+ if (_extra_certs_len && _extra_certs != NULL)
+ {
+ unsigned int i;
+ for (i = 0; i < _extra_certs_len; i++)
+ gnutls_x509_crt_deinit(_extra_certs[i]);
+ gnutls_free(_extra_certs);
+ }
+ if (_chain_len && chain != NULL)
{
unsigned int i;
- for (i = 0; i < extra_certs_len; i++)
- gnutls_x509_crt_deinit(extra_certs[i]);
- gnutls_free(extra_certs);
+ for (i = 0; i < _chain_len; i++)
+ gnutls_x509_crt_deinit(_chain[i]);
+ gnutls_free(_chain);
}
}
- else if (extra_certs_ret)
+ else
{
- *extra_certs_ret = extra_certs;
- *extra_certs_ret_len = extra_certs_len;
+ if (extra_certs)
+ {
+ *extra_certs = _extra_certs;
+ *extra_certs_len = _extra_certs_len;
+ }
+
+ *chain = _chain;
+ *chain_len = _chain_len;
}
return ret;
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index f83582a..0d90f29 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1385,7 +1385,7 @@ read_pbkdf2_params (ASN1_TYPE pbes2_asn,
/* We don't read the PRF. We only use the default.
*/
- return 0;
+ result = 0;
error:
asn1_delete_structure (&pbkdf2_asn);
@@ -1593,8 +1593,8 @@ read_pbe_enc_params (ASN1_TYPE pbes2_asn,
goto error;
}
_gnutls_hard_log ("IV.size: %d\n", params->iv_size);
-
- return 0;
+
+ result = 0;
error:
asn1_delete_structure (&pbe_asn);
diff --git a/src/certtool.c b/src/certtool.c
index d0bfba1..d68700b 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -2851,16 +2851,6 @@ smime_to_pkcs7 (void)
free (lineptr);
}
-void
-certtool_version (void)
-{
- const char *p = PACKAGE_NAME;
- if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
- p = PACKAGE_STRING;
- version_etc (stdout, program_name, p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", "Simon Josefsson", (char *) NULL);
-}
-
static void
print_key_usage (FILE * outfile, unsigned int usage)
{
diff --git a/src/cli.c b/src/cli.c
index bc4d731..864a537 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -965,7 +965,7 @@ after_handshake:
fflush (stderr);
/* do not buffer */
-#if !(defined _WIN32 || defined __WIN32__)
+#ifndef _WIN32
setbuf (stdin, NULL);
#endif
setbuf (stdout, NULL);
@@ -1228,19 +1228,6 @@ const char* rest = NULL;
}
}
-void cli_version (void);
-
-void
-cli_version (void)
-{
- const char *p = PACKAGE_NAME;
- if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
- p = PACKAGE_STRING;
- version_etc (stdout, program_name, p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", (char *) NULL);
-}
-
-
static void
check_rehandshake (socket_st * socket, int ret)
{
diff --git a/src/psk.c b/src/psk.c
index 207e850..8c9e349 100644
--- a/src/psk.c
+++ b/src/psk.c
@@ -284,14 +284,3 @@ write_key (const char *username, const char *key, int
key_size,
#endif /* ENABLE_PSK */
-void psktool_version (void);
-
-void
-psktool_version (void)
-{
- const char *p = PACKAGE_NAME;
- if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
- p = PACKAGE_STRING;
- version_etc (stdout, "psktool", p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", (char *) NULL);
-}
diff --git a/src/serv.c b/src/serv.c
index 52fcdde..c60e1b6 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -1611,18 +1611,6 @@ static void cmd_parser (int argc, char **argv)
}
-extern void serv_version (void);
-
-void
-serv_version (void)
-{
- const char *p = PACKAGE_NAME;
- if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
- p = PACKAGE_STRING;
- version_etc (stdout, program_name, p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", (char *) NULL);
-}
-
/* session resuming support */
#define SESSION_ID_SIZE 32
diff --git a/src/srptool.c b/src/srptool.c
index b653034..90adfc7 100644
--- a/src/srptool.c
+++ b/src/srptool.c
@@ -747,14 +747,3 @@ read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n,
char *str)
return index;
}
-extern void srptool_version (void);
-
-void
-srptool_version (void)
-{
- const char *p = PACKAGE_NAME;
- if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
- p = PACKAGE_STRING;
- version_etc (stdout, "srptool", p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", (char *) NULL);
-}
diff --git a/src/tls_test.c b/src/tls_test.c
index 46a1718..7552bf8 100644
--- a/src/tls_test.c
+++ b/src/tls_test.c
@@ -350,14 +350,3 @@ static void cmd_parser (int argc, char **argv)
}
-void tls_test_version (void);
-
-void
-tls_test_version (void)
-{
- const char *p = PACKAGE_NAME;
- if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
- p = PACKAGE_STRING;
- version_etc (stdout, "gnutls-cli-debug", p, gnutls_check_version (NULL),
- "Nikos Mavrogiannopoulos", (char *) NULL);
-}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 8437924..70b343a 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -68,7 +68,7 @@ ctests = mini-deflate simple gc set_pkcs12_cred certder
certuniqueid \
mini-rehandshake rng-fork mini-eagain-dtls resume-dtls \
x509cert x509cert-tl infoaccess rsa-encrypt-decrypt \
mini-loss-time mini-tdb mini-dtls-rehandshake mini-record \
- mini-termination mini-x509-cas mini-x509-2
+ mini-termination mini-x509-cas mini-x509-2 pkcs12_simple
if ENABLE_OCSP
ctests += ocsp
@@ -100,6 +100,7 @@ TESTS = $(ctests) $(dist_check_SCRIPTS)
TESTS_ENVIRONMENT = \
CAFILE=$(srcdir)/cert-tests/ca-certs.pem \
+ PKCS12_MANY_CERTS_FILE=$(srcdir)/pkcs12-decode/pkcs12_5certs.p12
\
PKCS12FILE=$(srcdir)/pkcs12-decode/client.p12 \
PKCS12PASSWORD=foobar \
PKCS12FILE_2=$(srcdir)/pkcs12-decode/pkcs12_2certs.p12 \
diff --git a/tests/pkcs12-decode/Makefile.am b/tests/pkcs12-decode/Makefile.am
index 4e9dd89..e7fabcd 100644
--- a/tests/pkcs12-decode/Makefile.am
+++ b/tests/pkcs12-decode/Makefile.am
@@ -19,7 +19,8 @@
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-EXTRA_DIST = client.p12 noclient.p12 unclient.p12 pkcs12_2certs.p12
+EXTRA_DIST = client.p12 noclient.p12 unclient.p12 pkcs12_2certs.p12 \
+ pkcs12_5certs.p12
dist_check_SCRIPTS = pkcs12
diff --git a/tests/pkcs12-decode/pkcs12_5certs.p12
b/tests/pkcs12-decode/pkcs12_5certs.p12
new file mode 100644
index 0000000..5fc9cd3
Binary files /dev/null and b/tests/pkcs12-decode/pkcs12_5certs.p12 differ
diff --git a/tests/pkcs12_simple.c b/tests/pkcs12_simple.c
new file mode 100644
index 0000000..ad17c0e
--- /dev/null
+++ b/tests/pkcs12_simple.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2005-2012 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
+#include <read-file.h>
+#include <gnutls/pkcs12.h>
+#include <gnutls/x509.h>
+#include "utils.h"
+
+void
+doit (void)
+{
+ const char *filename, *password = "1234";
+ gnutls_pkcs12_t pkcs12;
+ unsigned char* file_data;
+ size_t file_size;
+ gnutls_datum_t data;
+ gnutls_x509_crt_t * chain, * extras;
+ unsigned int chain_size, extras_size, i;
+ gnutls_x509_privkey_t pkey;
+ int ret;
+
+ ret = gnutls_global_init ();
+ if (ret < 0)
+ fail ("gnutls_global_init failed %d\n", ret);
+
+ ret = gnutls_pkcs12_init(&pkcs12);
+ if (ret < 0)
+ fail ("initialization failed: %s\n", gnutls_strerror(ret));
+
+ filename = getenv ("PKCS12_MANY_CERTS_FILE");
+
+ if (!filename)
+ filename = "pkcs12-decode/pkcs12_5certs.p12";
+
+ if (debug)
+ success ("Reading PKCS#12 blob from `%s' using password `%s'.\n",
+ filename, password);
+
+ file_data = (void*)read_binary_file( filename, &file_size);
+ if (file_data == NULL)
+ fail("cannot open file");
+
+ data.data = file_data;
+ data.size = file_size;
+ ret = gnutls_pkcs12_import(pkcs12, &data, GNUTLS_X509_FMT_DER, 0);
+ if (ret < 0)
+ fail ("pkcs12_import failed %d: %s\n", ret, gnutls_strerror (ret));
+
+ free(file_data);
+
+ if (debug)
+ success ("Read file OK\n");
+
+ ret = gnutls_pkcs12_simple_parse (pkcs12, password, &pkey, &chain,
&chain_size,
+ &extras, &extras_size, NULL, 0);
+ if (ret < 0)
+ fail ("pkcs12_simple_parse failed %d: %s\n", ret, gnutls_strerror (ret));
+
+ if (chain_size != 1)
+ fail("chain size (%u) should have been 1\n", chain_size);
+
+ if (extras_size != 4)
+ fail("extras size (%u) should have been 4\n", extras_size);
+
+ if (debug)
+ {
+ char dn[512];
+ size_t dn_size;
+
+ dn_size = sizeof(dn);
+ ret = gnutls_x509_crt_get_dn(chain[0], dn, &dn_size);
+ if (ret < 0)
+ fail ("crt_get_dn failed %d: %s\n", ret, gnutls_strerror (ret));
+
+ success("dn: %s\n", dn);
+
+ dn_size = sizeof(dn);
+ ret = gnutls_x509_crt_get_issuer_dn(chain[0], dn, &dn_size);
+ if (ret < 0)
+ fail ("crt_get_dn failed %d: %s\n", ret, gnutls_strerror (ret));
+
+ success("issuer dn: %s\n", dn);
+ }
+
+ gnutls_pkcs12_deinit(pkcs12);
+ gnutls_x509_privkey_deinit(pkey);
+
+ for (i=0;i<chain_size;i++)
+ gnutls_x509_crt_deinit(chain[i]);
+ gnutls_free(chain);
+
+ for (i=0;i<extras_size;i++)
+ gnutls_x509_crt_deinit(extras[i]);
+ gnutls_free(extras);
+
+ gnutls_global_deinit ();
+}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-139-gb94eac8,
Nikos Mavrogiannopoulos <=