From: Jakub Bogusz Date: Tue, 26 Apr 2005 17:41:51 +0000 (+0000) Subject: - obsolete at last X-Git-Tag: auto/ac/gnutls-1_2_5-1~4 X-Git-Url: https://git.pld-linux.org/?a=commitdiff_plain;ds=sidebyside;h=9e39ff357fac7bab68ba3514ba27c91f87fcd49a;p=packages%2Fgnutls.git - obsolete at last Changed files: gnutls-fix.patch -> 1.6 --- diff --git a/gnutls-fix.patch b/gnutls-fix.patch deleted file mode 100644 index adcae42..0000000 --- a/gnutls-fix.patch +++ /dev/null @@ -1,383 +0,0 @@ -diff -Nur gnutls-1.2.0/doc/examples.orig/ex-client1.c gnutls-1.2.0/doc/examples/ex-client1.c ---- gnutls-1.2.0/doc/examples.orig/ex-client1.c 1970-01-01 01:00:00.000000000 +0100 -+++ gnutls-1.2.0/doc/examples/ex-client1.c 2005-02-28 19:46:21.821264960 +0100 -@@ -0,0 +1,128 @@ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+/* A very basic TLS client, with anonymous authentication. -+ */ -+ -+#define MAX_BUF 1024 -+#define SA struct sockaddr -+#define MSG "GET / HTTP/1.0\r\n\r\n" -+ -+/* Connects to the peer and returns a socket -+ * descriptor. -+ */ -+int tcp_connect(void) -+{ -+ const char *PORT = "5556"; -+ const char *SERVER = "127.0.0.1"; -+ int err, sd; -+ struct sockaddr_in sa; -+ -+ /* connects to server -+ */ -+ sd = socket(AF_INET, SOCK_STREAM, 0); -+ -+ memset(&sa, '\0', sizeof(sa)); -+ sa.sin_family = AF_INET; -+ sa.sin_port = htons(atoi(PORT)); -+ inet_pton(AF_INET, SERVER, &sa.sin_addr); -+ -+ err = connect(sd, (SA *) & sa, sizeof(sa)); -+ if (err < 0) { -+ fprintf(stderr, "Connect error\n"); -+ exit(1); -+ } -+ -+ return sd; -+} -+ -+/* closes the given socket descriptor. -+ */ -+void tcp_close(int sd) -+{ -+ shutdown(sd, SHUT_RDWR); /* no more receptions */ -+ close(sd); -+} -+ -+int main() -+{ -+ int ret, sd, ii; -+ gnutls_session_t session; -+ char buffer[MAX_BUF + 1]; -+ gnutls_anon_client_credentials_t anoncred; -+ /* Need to enable anonymous KX specifically. */ -+ const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 }; -+ -+ gnutls_global_init(); -+ -+ gnutls_anon_allocate_client_credentials(&anoncred); -+ -+ /* Initialize TLS session -+ */ -+ gnutls_init(&session, GNUTLS_CLIENT); -+ -+ /* Use default priorities */ -+ gnutls_set_default_priority(session); -+ gnutls_kx_set_priority (session, kx_prio); -+ -+ /* put the anonymous credentials to the current session -+ */ -+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); -+ -+ /* connect to the peer -+ */ -+ sd = tcp_connect(); -+ -+ gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd); -+ -+ /* Perform the TLS handshake -+ */ -+ ret = gnutls_handshake(session); -+ -+ if (ret < 0) { -+ fprintf(stderr, "*** Handshake failed\n"); -+ gnutls_perror(ret); -+ goto end; -+ } else { -+ printf("- Handshake was completed\n"); -+ } -+ -+ gnutls_record_send(session, MSG, strlen(MSG)); -+ -+ ret = gnutls_record_recv(session, buffer, MAX_BUF); -+ if (ret == 0) { -+ printf("- Peer has closed the TLS connection\n"); -+ goto end; -+ } else if (ret < 0) { -+ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); -+ goto end; -+ } -+ -+ printf("- Received %d bytes: ", ret); -+ for (ii = 0; ii < ret; ii++) { -+ fputc(buffer[ii], stdout); -+ } -+ fputs("\n", stdout); -+ -+ gnutls_bye(session, GNUTLS_SHUT_RDWR); -+ -+ end: -+ -+ tcp_close(sd); -+ -+ gnutls_deinit(session); -+ -+ gnutls_anon_free_client_credentials (anoncred); -+ -+ gnutls_global_deinit(); -+ -+ return 0; -+} -diff -Nur gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c gnutls-1.2.0/doc/examples/ex-rfc2818.c ---- gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c 1970-01-01 01:00:00.000000000 +0100 -+++ gnutls-1.2.0/doc/examples/ex-rfc2818.c 2005-02-28 19:46:21.822264808 +0100 -@@ -0,0 +1,81 @@ -+#include -+#include -+ -+/* This function will try to verify the peer's certificate, and -+ * also check if the hostname matches, and the activation, expiration dates. -+ */ -+void verify_certificate( gnutls_session_t session, const char* hostname) -+{ -+ unsigned int status; -+ const gnutls_datum_t* cert_list; -+ int cert_list_size, ret; -+ gnutls_x509_crt_t cert; -+ -+ -+ /* This verification function uses the trusted CAs in the credentials -+ * structure. So you must have installed one or more CA certificates. -+ */ -+ ret = gnutls_certificate_verify_peers2(session, &status); -+ -+ if (ret < 0) { -+ printf("Error\n"); -+ return; -+ } -+ -+ if (status & GNUTLS_CERT_INVALID) -+ printf("The certificate is not trusted.\n"); -+ -+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) -+ printf("The certificate hasn't got a known issuer.\n"); -+ -+ if (status & GNUTLS_CERT_REVOKED) -+ printf("The certificate has been revoked.\n"); -+ -+ -+ /* Up to here the process is the same for X.509 certificates and -+ * OpenPGP keys. From now on X.509 certificates are assumed. This can -+ * be easily extended to work with openpgp keys as well. -+ */ -+ if ( gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) -+ return; -+ -+ if ( gnutls_x509_crt_init( &cert) < 0) { -+ printf("error in initialization\n"); -+ return; -+ } -+ -+ cert_list = gnutls_certificate_get_peers( session, &cert_list_size); -+ if ( cert_list == NULL) { -+ printf("No certificate was found!\n"); -+ return; -+ } -+ -+ /* This is not a real world example, since we only check the first -+ * certificate in the given chain. -+ */ -+ if ( gnutls_x509_crt_import( cert, &cert_list[0], GNUTLS_X509_FMT_DER) < 0) { -+ printf("error parsing certificate\n"); -+ return; -+ } -+ -+ /* Beware here we do not check for errors. -+ */ -+ if ( gnutls_x509_crt_get_expiration( cert) < time(0)) { -+ printf("The certificate has expired\n"); -+ return; -+ } -+ -+ if ( gnutls_x509_crt_get_activation_time( cert) > time(0)) { -+ printf("The certificate is not yet activated\n"); -+ return; -+ } -+ -+ if ( !gnutls_x509_crt_check_hostname( cert, hostname)) { -+ printf("The certificate's owner does not match hostname '%s'\n", hostname); -+ return; -+ } -+ -+ gnutls_x509_crt_deinit( cert); -+ -+ return; -+} -diff -Nur gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c gnutls-1.2.0/doc/examples/ex-serv-anon.c ---- gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c 1970-01-01 01:00:00.000000000 +0100 -+++ gnutls-1.2.0/doc/examples/ex-serv-anon.c 2005-02-28 19:46:21.822264808 +0100 -@@ -0,0 +1,162 @@ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+/* This is a sample TLS 1.0 echo server, for anonymous authentication only. -+ */ -+ -+ -+#define SA struct sockaddr -+#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} -+#define MAX_BUF 1024 -+#define PORT 5556 /* listen to 5556 port */ -+#define DH_BITS 1024 -+ -+/* These are global */ -+gnutls_anon_server_credentials_t anoncred; -+ -+gnutls_session_t initialize_tls_session() -+{ -+ gnutls_session_t session; -+ const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 }; -+ -+ gnutls_init(&session, GNUTLS_SERVER); -+ -+ /* avoid calling all the priority functions, since the defaults -+ * are adequate. -+ */ -+ gnutls_set_default_priority(session); -+ gnutls_kx_set_priority (session, kx_prio); -+ -+ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); -+ -+ gnutls_dh_set_prime_bits(session, DH_BITS); -+ -+ return session; -+} -+ -+static gnutls_dh_params_t dh_params; -+ -+static int generate_dh_params(void) -+{ -+ -+ /* Generate Diffie Hellman parameters - for use with DHE -+ * kx algorithms. These should be discarded and regenerated -+ * once a day, once a week or once a month. Depending on the -+ * security requirements. -+ */ -+ gnutls_dh_params_init(&dh_params); -+ gnutls_dh_params_generate2(dh_params, DH_BITS); -+ -+ return 0; -+} -+ -+int main() -+{ -+ int err, listen_sd, i; -+ int sd, ret; -+ struct sockaddr_in sa_serv; -+ struct sockaddr_in sa_cli; -+ int client_len; -+ char topbuf[512]; -+ gnutls_session_t session; -+ char buffer[MAX_BUF + 1]; -+ int optval = 1; -+ -+ /* this must be called once in the program -+ */ -+ gnutls_global_init(); -+ -+ gnutls_anon_allocate_server_credentials (&anoncred); -+ -+ generate_dh_params(); -+ -+ gnutls_anon_set_server_dh_params (anoncred, dh_params); -+ -+ /* Socket operations -+ */ -+ listen_sd = socket(AF_INET, SOCK_STREAM, 0); -+ SOCKET_ERR(listen_sd, "socket"); -+ -+ memset(&sa_serv, '\0', sizeof(sa_serv)); -+ sa_serv.sin_family = AF_INET; -+ sa_serv.sin_addr.s_addr = INADDR_ANY; -+ sa_serv.sin_port = htons(PORT); /* Server Port number */ -+ -+ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(int)); -+ -+ err = bind(listen_sd, (SA *) & sa_serv, sizeof(sa_serv)); -+ SOCKET_ERR(err, "bind"); -+ err = listen(listen_sd, 1024); -+ SOCKET_ERR(err, "listen"); -+ -+ printf("Server ready. Listening to port '%d'.\n\n", PORT); -+ -+ client_len = sizeof(sa_cli); -+ for (;;) { -+ session = initialize_tls_session(); -+ -+ sd = accept(listen_sd, (SA *) & sa_cli, &client_len); -+ -+ printf("- connection from %s, port %d\n", -+ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, -+ sizeof(topbuf)), ntohs(sa_cli.sin_port)); -+ -+ gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd); -+ ret = gnutls_handshake(session); -+ if (ret < 0) { -+ close(sd); -+ gnutls_deinit(session); -+ fprintf(stderr, "*** Handshake has failed (%s)\n\n", -+ gnutls_strerror(ret)); -+ continue; -+ } -+ printf("- Handshake was completed\n"); -+ -+ /* see the Getting peer's information example */ -+ /* print_info(session); */ -+ -+ i = 0; -+ for (;;) { -+ bzero(buffer, MAX_BUF + 1); -+ ret = gnutls_record_recv(session, buffer, MAX_BUF); -+ -+ if (ret == 0) { -+ printf("\n- Peer has closed the GNUTLS connection\n"); -+ break; -+ } else if (ret < 0) { -+ fprintf(stderr, "\n*** Received corrupted " -+ "data(%d). Closing the connection.\n\n", ret); -+ break; -+ } else if (ret > 0) { -+ /* echo data back to the client -+ */ -+ gnutls_record_send(session, buffer, strlen(buffer)); -+ } -+ } -+ printf("\n"); -+ /* do not wait for the peer to close the connection. -+ */ -+ gnutls_bye(session, GNUTLS_SHUT_WR); -+ -+ close(sd); -+ gnutls_deinit(session); -+ -+ } -+ close(listen_sd); -+ -+ gnutls_anon_free_client_credentials (anoncred); -+ -+ gnutls_global_deinit(); -+ -+ return 0; -+ -+}