101
#ifdef HAVE_GNUTLS_X509_DN_GET_RDN_AVA
102
/* New-style RDN handling introduced in GnuTLS 1.7.x. */
105
static void convert_dirstring(ne_buffer *buf, const char *charset,
108
iconv_t id = iconv_open("UTF-8", charset);
109
size_t inlen = data->size, outlen = buf->length - buf->used;
110
char *inbuf = (char *)data->data;
111
char *outbuf = buf->data + buf->used - 1;
113
if (id == (iconv_t)-1) {
114
char err[128], err2[128];
116
ne_snprintf(err, sizeof err, "[unprintable in %s: %s]",
117
charset, ne_strerror(errno, err2, sizeof err2));
118
ne_buffer_zappend(buf, err);
122
ne_buffer_grow(buf, buf->used + 64);
124
while (inlen && outlen
125
&& iconv(id, &inbuf, &inlen, &outbuf, &outlen) == 0)
129
buf->used += buf->length - buf->used - outlen;
130
buf->data[buf->used - 1] = '\0';
134
/* From section 11.13 of the Dubuisson ASN.1 bible: */
135
#define TAG_UTF8 (12)
136
#define TAG_PRINTABLE (19)
139
#define TAG_VISIBLE (26)
140
#define TAG_UNIVERSAL (28)
143
static void append_dirstring(ne_buffer *buf, gnutls_datum *data, unsigned long tag)
150
ne_buffer_append(buf, (char *)data->data, data->size);
154
convert_dirstring(buf, "ISO-8859-1", data);
157
convert_dirstring(buf, "UCS-2BE", data);
162
ne_snprintf(tmp, sizeof tmp, _("[unprintable:#%lu]"), tag);
163
ne_buffer_zappend(buf, tmp);
168
/* OIDs to not include in readable DNs by default: */
169
#define OID_emailAddress "1.2.840.113549.1.9.1"
170
#define OID_commonName "2.5.4.3"
172
#define CMPOID(a,o) ((a)->oid.size == sizeof(o) \
173
&& memcmp((a)->oid.data, o, strlen(o)) == 0)
175
char *ne_ssl_readable_dname(const ne_ssl_dname *name)
178
int ret, rdn = 0, flag = 0;
180
gnutls_x509_ava_st val;
183
ret = gnutls_x509_crt_get_subject(name->cert, &dn);
185
ret = gnutls_x509_crt_get_issuer(name->cert, &dn);
188
return ne_strdup(_("[unprintable]"));
190
buf = ne_buffer_create();
192
/* Find the highest rdn... */
193
while (gnutls_x509_dn_get_rdn_ava(dn, rdn++, 0, &val) == 0)
196
/* ..then iterate back to the first: */
200
/* Iterate through all AVAs for multivalued AVAs; better than
201
* ne_openssl can do! */
203
ret = gnutls_x509_dn_get_rdn_ava(dn, rdn, ava, &val);
205
/* If the *only* attribute to append is the common name or
206
* email address, use it; otherwise skip those
208
if (ret == 0 && val.value.size > 0
209
&& ((!CMPOID(&val, OID_emailAddress)
210
&& !CMPOID(&val, OID_commonName))
211
|| (buf->used == 1 && rdn == 0))) {
213
if (buf->used > 1) ne_buffer_append(buf, ", ", 2);
215
append_dirstring(buf, &val.value, val.value_tag);
222
return ne_buffer_finish(buf);
225
#else /* !HAVE_GNUTLS_X509_DN_GET_RDN_AVA */
96
227
/* Appends the value of RDN with given oid from certitifcate x5
97
228
* subject (if subject is non-zero), or issuer DN to buffer 'buf': */
98
229
static void append_rdn(ne_buffer *buf, gnutls_x509_crt x5, int subject, const char *oid)
766
cc = ne_calloc(sizeof *cc);
767
cc->friendly_name = friendly_name;
771
gnutls_pkcs12_deinit(p12);
951
/* TODO: calling pkcs12_parse() here to find the friendly_name
952
* seems to break horribly. */
953
cc = ne_calloc(sizeof *cc);
959
ne_ssl_client_cert *ne__ssl_clicert_exkey_import(const unsigned char *der,
962
ne_ssl_client_cert *cc;
966
datum.data = (unsigned char *)der;
967
datum.size = der_len;
969
if (gnutls_x509_crt_init(&x5)
970
|| gnutls_x509_crt_import(x5, &datum, GNUTLS_X509_FMT_DER)) {
971
NE_DEBUG(NE_DBG_SSL, "ssl: crt_import failed.\n");
975
cc = ne_calloc(sizeof *cc);
978
populate_cert(&cc->cert, x5);
777
983
int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *cc)
958
1170
#ifdef NE_HAVE_TS_SSL
959
1171
gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
1173
gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
961
1174
return gnutls_global_init();
964
1177
void ne__ssl_exit(void)
966
1179
/* No way to unregister the thread callbacks. Doomed. */
1180
#if LIBGNUTLS_VERSION_MAJOR > 1 || LIBGNUTLS_VERSION_MINOR > 3 \
1181
|| (LIBGNUTLS_VERSION_MINOR == 3 && LIBGNUTLS_VERSION_PATCH >= 3)
968
1182
/* It's safe to call gnutls_global_deinit() here only with
969
* gnutls >= 1.3, since older versions don't refcount and
1183
* gnutls >= 1.3., since older versions don't refcount and
970
1184
* doing so would prevent any other use of gnutls within
971
1185
* the process. */
972
1186
gnutls_global_deinit();