Lines 83-89
Link Here
|
83 |
}; |
83 |
}; |
84 |
|
84 |
|
85 |
struct ne_ssl_client_cert_s { |
85 |
struct ne_ssl_client_cert_s { |
86 |
gnutls_pkcs12 p12; |
86 |
gnutls_pkcs12_t p12; |
87 |
int decrypted; /* non-zero if successfully decrypted. */ |
87 |
int decrypted; /* non-zero if successfully decrypted. */ |
88 |
int keyless; |
88 |
int keyless; |
89 |
ne_ssl_certificate cert; |
89 |
ne_ssl_certificate cert; |
Lines 697-703
Link Here
|
697 |
ne_free(ctx); |
697 |
ne_free(ctx); |
698 |
} |
698 |
} |
699 |
|
699 |
|
700 |
#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS |
700 |
#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) |
701 |
/* Return the issuer of the given certificate, or NULL if none can be |
701 |
/* Return the issuer of the given certificate, or NULL if none can be |
702 |
* found. */ |
702 |
* found. */ |
703 |
static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list, |
703 |
static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list, |
Lines 752-771
Link Here
|
752 |
} |
752 |
} |
753 |
} |
753 |
} |
754 |
|
754 |
|
755 |
#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS |
755 |
#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) |
756 |
/* GnuTLS only returns the peers which were *sent* by the server |
756 |
/* GnuTLS only returns the peers which were *sent* by the server |
757 |
* in the Certificate list during the handshake. Fill in the |
757 |
* in the Certificate list during the handshake. Fill in the |
758 |
* complete chain manually against the certs we trust: */ |
758 |
* complete chain manually against the certs we trust: */ |
759 |
if (current->issuer == NULL) { |
759 |
if (current->issuer == NULL) { |
760 |
gnutls_x509_crt issuer; |
760 |
gnutls_x509_crt issuer; |
|
|
761 |
|
762 |
#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER |
761 |
gnutls_x509_crt *ca_list; |
763 |
gnutls_x509_crt *ca_list; |
762 |
unsigned int num_cas; |
764 |
unsigned int num_cas; |
763 |
|
765 |
|
764 |
gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); |
766 |
gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); |
|
|
767 |
#endif |
765 |
|
768 |
|
766 |
do { |
769 |
do { |
767 |
/* Look up the issuer. */ |
770 |
/* Look up the issuer. */ |
|
|
771 |
#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER |
768 |
issuer = find_issuer(ca_list, num_cas, current->subject); |
772 |
issuer = find_issuer(ca_list, num_cas, current->subject); |
|
|
773 |
#else |
774 |
if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0)) |
775 |
issuer = NULL; |
776 |
#endif |
777 |
|
769 |
if (issuer) { |
778 |
if (issuer) { |
770 |
issuer = x509_crt_copy(issuer); |
779 |
issuer = x509_crt_copy(issuer); |
771 |
cert = populate_cert(ne_calloc(sizeof *cert), issuer); |
780 |
cert = populate_cert(ne_calloc(sizeof *cert), issuer); |
Lines 1037-1047
Link Here
|
1037 |
/* Parses a PKCS#12 structure and loads the certificate, private key |
1046 |
/* Parses a PKCS#12 structure and loads the certificate, private key |
1038 |
* and friendly name if possible. Returns zero on success, non-zero |
1047 |
* and friendly name if possible. Returns zero on success, non-zero |
1039 |
* on error. */ |
1048 |
* on error. */ |
1040 |
static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, |
1049 |
static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey, |
1041 |
gnutls_x509_crt *x5, char **friendly_name, |
1050 |
gnutls_x509_crt *x5, char **friendly_name, |
1042 |
const char *password) |
1051 |
const char *password) |
1043 |
{ |
1052 |
{ |
1044 |
gnutls_pkcs12_bag bag = NULL; |
1053 |
gnutls_pkcs12_bag_t bag = NULL; |
1045 |
int i, j, ret = 0; |
1054 |
int i, j, ret = 0; |
1046 |
|
1055 |
|
1047 |
for (i = 0; ret == 0; ++i) { |
1056 |
for (i = 0; ret == 0; ++i) { |
Lines 1056-1062
Link Here
|
1056 |
gnutls_pkcs12_bag_decrypt(bag, password); |
1065 |
gnutls_pkcs12_bag_decrypt(bag, password); |
1057 |
|
1066 |
|
1058 |
for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) { |
1067 |
for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) { |
1059 |
gnutls_pkcs12_bag_type type; |
1068 |
gnutls_pkcs12_bag_type_t type; |
1060 |
gnutls_datum data; |
1069 |
gnutls_datum data; |
1061 |
|
1070 |
|
1062 |
if (friendly_name && *friendly_name == NULL) { |
1071 |
if (friendly_name && *friendly_name == NULL) { |
Lines 1141-1147
Link Here
|
1141 |
{ |
1150 |
{ |
1142 |
int ret; |
1151 |
int ret; |
1143 |
gnutls_datum data; |
1152 |
gnutls_datum data; |
1144 |
gnutls_pkcs12 p12; |
1153 |
gnutls_pkcs12_t p12; |
1145 |
ne_ssl_client_cert *cc; |
1154 |
ne_ssl_client_cert *cc; |
1146 |
char *friendly_name = NULL; |
1155 |
char *friendly_name = NULL; |
1147 |
gnutls_x509_crt cert = NULL; |
1156 |
gnutls_x509_crt cert = NULL; |