94
93
gnutls_x509_crt_init (&crt);
95
94
ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
98
fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
97
fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
102
101
printf (" - Certificate[%d] info:\n - ", j);
105
ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
104
ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
107
ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
106
ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
110
printf ("%s\n", cinfo.data);
111
gnutls_free (cinfo.data);
109
printf ("%s\n", cinfo.data);
110
gnutls_free (cinfo.data);
118
size = sizeof (buffer);
120
ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
124
fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
128
fputs ("\n", stdout);
129
fputs (buffer, stdout);
130
fputs ("\n", stdout);
118
ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p, &size);
119
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
124
fprintf (stderr, "gnutls_malloc\n");
128
ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
133
fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
137
fputs ("\n", stdout);
139
fputs ("\n", stdout);
133
144
if (j == 0 && hostname != NULL)
135
/* Check the hostname of the first certificate if it matches
136
* the name of the host we connected to.
138
if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
146
/* Check the hostname of the first certificate if it matches
147
* the name of the host we connected to.
149
if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
144
155
gnutls_x509_crt_deinit (crt);
179
190
gnutls_openpgp_crt_init (&crt);
180
191
ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
181
GNUTLS_OPENPGP_FMT_RAW);
192
GNUTLS_OPENPGP_FMT_RAW);
184
fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
195
fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
189
ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
200
ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
192
gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
203
gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
195
printf (" - %s\n", cinfo.data);
196
gnutls_free (cinfo.data);
206
printf (" - %s\n", cinfo.data);
207
gnutls_free (cinfo.data);
203
size = sizeof (buffer);
205
ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
209
fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
212
fputs (buffer, stdout);
213
fputs ("\n", stdout);
215
ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
217
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
222
fprintf (stderr, "gnutls_malloc\n");
226
ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
231
fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
236
fputs ("\n", stdout);
216
241
if (hostname != NULL)
218
/* Check the hostname of the first certificate if it matches
219
* the name of the host we connected to.
221
if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
243
/* Check the hostname of the first certificate if it matches
244
* the name of the host we connected to.
246
if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
227
252
gnutls_openpgp_crt_deinit (crt);
265
290
if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
267
292
if (status & GNUTLS_CERT_REVOKED)
268
printf ("- Peer's certificate chain revoked\n");
293
printf ("- Peer's certificate chain revoked\n");
269
294
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
270
printf ("- Peer's certificate issuer is unknown\n");
295
printf ("- Peer's certificate issuer is unknown\n");
271
296
if (status & GNUTLS_CERT_SIGNER_NOT_CA)
272
printf ("- Peer's certificate issuer is not a CA\n");
297
printf ("- Peer's certificate issuer is not a CA\n");
273
298
if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
274
printf ("- Peer's certificate chain uses insecure algorithm\n");
299
printf ("- Peer's certificate chain uses insecure algorithm\n");
275
300
if (status & GNUTLS_CERT_NOT_ACTIVATED)
277
("- Peer's certificate chain uses not yet valid certificate\n");
302
("- Peer's certificate chain uses not yet valid certificate\n");
278
303
if (status & GNUTLS_CERT_EXPIRED)
279
printf ("- Peer's certificate chain uses expired certificate\n");
304
printf ("- Peer's certificate chain uses expired certificate\n");
280
305
if (status & GNUTLS_CERT_INVALID)
281
printf ("- Peer's certificate is NOT trusted\n");
306
printf ("- Peer's certificate is NOT trusted\n");
283
printf ("- Peer's certificate is trusted\n");
308
printf ("- Peer's certificate is trusted\n");
287
312
if (status & GNUTLS_CERT_INVALID)
288
printf ("- Peer's key is invalid\n");
313
printf ("- Peer's key is invalid\n");
290
printf ("- Peer's key is valid\n");
315
printf ("- Peer's key is valid\n");
291
316
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
292
printf ("- Could not find a signer of the peer's key\n");
317
printf ("- Could not find a signer of the peer's key\n");
314
339
ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
317
fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
342
fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
321
346
ret = gnutls_dh_params_init (&dh_params);
324
fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
349
fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
328
353
ret = gnutls_dh_params_import_raw (dh_params, &raw_prime, &raw_gen);
331
fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
356
fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
335
360
ret = gnutls_dh_params_export_pkcs3 (dh_params,
337
params_data, ¶ms_data_size);
362
params_data, ¶ms_data_size);
338
363
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
340
fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
365
fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
344
369
params_data = gnutls_malloc (params_data_size);
345
370
if (!params_data)
347
fprintf (stderr, "gnutls_malloc %d\n", ret);
372
fprintf (stderr, "gnutls_malloc %d\n", ret);
351
376
ret = gnutls_dh_params_export_pkcs3 (dh_params,
353
params_data, ¶ms_data_size);
378
params_data, ¶ms_data_size);
356
fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
381
fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
360
385
printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
364
389
gnutls_free (params_data);
628
676
printf ("PK-signatures: ");
631
printf ("%s", gnutls_sign_algorithm_get_name (*p));
679
printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
640
static int depr_printed = 0;
641
#define DEPRECATED if (depr_printed==0) { \
642
fprintf(stderr, "This method of specifying algorithms is deprecated. Please use the --priority option.\n"); \
647
parse_protocols (char **protocols, int protocols_size, int *protocol_priority)
651
if (protocols != NULL && protocols_size > 0)
655
for (j = i = 0; i < protocols_size; i++)
657
if (strncasecmp (protocols[i], "SSL", 3) == 0)
658
protocol_priority[j++] = GNUTLS_SSL3;
659
else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
660
protocol_priority[j++] = GNUTLS_TLS1_1;
661
else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
662
protocol_priority[j++] = GNUTLS_TLS1_2;
663
else if (strncasecmp (protocols[i], "TLS", 3) == 0)
664
protocol_priority[j++] = GNUTLS_TLS1_0;
666
fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
668
protocol_priority[j] = 0;
673
parse_ciphers (char **ciphers, int nciphers, int *cipher_priority)
678
if (ciphers != NULL && nciphers > 0)
681
for (j = i = 0; i < nciphers; i++)
683
if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
684
cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
685
else if (strncasecmp (ciphers[i], "AES", 3) == 0)
686
cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
687
else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
688
cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
689
else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
690
cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
691
else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
692
cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
693
#ifdef ENABLE_CAMELLIA
694
else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
695
cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
696
else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
697
cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
699
else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
700
cipher_priority[j++] = GNUTLS_CIPHER_NULL;
702
fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
704
cipher_priority[j] = 0;
709
parse_macs (char **macs, int nmacs, int *mac_priority)
714
if (macs != NULL && nmacs > 0)
717
for (j = i = 0; i < nmacs; i++)
719
if (strncasecmp (macs[i], "MD5", 3) == 0)
720
mac_priority[j++] = GNUTLS_MAC_MD5;
721
else if (strncasecmp (macs[i], "RMD", 3) == 0)
722
mac_priority[j++] = GNUTLS_MAC_RMD160;
723
else if (strncasecmp (macs[i], "SHA512", 6) == 0)
724
mac_priority[j++] = GNUTLS_MAC_SHA512;
725
else if (strncasecmp (macs[i], "SHA384", 6) == 0)
726
mac_priority[j++] = GNUTLS_MAC_SHA384;
727
else if (strncasecmp (macs[i], "SHA256", 6) == 0)
728
mac_priority[j++] = GNUTLS_MAC_SHA256;
729
else if (strncasecmp (macs[i], "SHA", 3) == 0)
730
mac_priority[j++] = GNUTLS_MAC_SHA1;
732
fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
739
parse_ctypes (char **ctype, int nctype, int *cert_type_priority)
743
if (ctype != NULL && nctype > 0)
746
for (j = i = 0; i < nctype; i++)
748
if (strncasecmp (ctype[i], "OPE", 3) == 0)
749
cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
750
else if (strncasecmp (ctype[i], "X", 1) == 0)
751
cert_type_priority[j++] = GNUTLS_CRT_X509;
753
fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
755
cert_type_priority[j] = 0;
760
parse_kx (char **kx, int nkx, int *kx_priority)
765
if (kx != NULL && nkx > 0)
768
for (j = i = 0; i < nkx; i++)
770
if (strcasecmp (kx[i], "SRP") == 0)
771
kx_priority[j++] = GNUTLS_KX_SRP;
772
else if (strcasecmp (kx[i], "SRP-RSA") == 0)
773
kx_priority[j++] = GNUTLS_KX_SRP_RSA;
774
else if (strcasecmp (kx[i], "SRP-DSS") == 0)
775
kx_priority[j++] = GNUTLS_KX_SRP_DSS;
776
else if (strcasecmp (kx[i], "RSA") == 0)
777
kx_priority[j++] = GNUTLS_KX_RSA;
778
else if (strcasecmp (kx[i], "PSK") == 0)
779
kx_priority[j++] = GNUTLS_KX_PSK;
780
else if (strcasecmp (kx[i], "DHE-PSK") == 0)
781
kx_priority[j++] = GNUTLS_KX_DHE_PSK;
782
else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
783
kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
784
else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
785
kx_priority[j++] = GNUTLS_KX_DHE_RSA;
786
else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
787
kx_priority[j++] = GNUTLS_KX_DHE_DSS;
788
else if (strncasecmp (kx[i], "ANON", 4) == 0)
789
kx_priority[j++] = GNUTLS_KX_ANON_DH;
791
fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
798
parse_comp (char **comp, int ncomp, int *comp_priority)
802
if (comp != NULL && ncomp > 0)
805
for (j = i = 0; i < ncomp; i++)
807
if (strncasecmp (comp[i], "NUL", 3) == 0)
808
comp_priority[j++] = GNUTLS_COMP_NULL;
809
else if (strncasecmp (comp[i], "ZLI", 3) == 0)
810
comp_priority[j++] = GNUTLS_COMP_DEFLATE;
811
else if (strncasecmp (comp[i], "DEF", 3) == 0)
812
comp_priority[j++] = GNUTLS_COMP_DEFLATE;
813
else if (strncasecmp (comp[i], "LZO", 3) == 0)
814
comp_priority[j++] = GNUTLS_COMP_LZO;
816
fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
818
comp_priority[j] = 0;
823
689
sockets_init (void)