Adding upstream version 3.7.9.upstream/3.7.9upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 172 insertions, 0 deletions

diff --git a/extra/openssl_compat.c b/extra/openssl_compat.c
new file mode 100644
index 0000000..d8c60d4
--- /dev/null
+++ b/extra/openssl_compat.c
@@ -0,0 +1,172 @@
+/*
+ * Copyright (C) 2002-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS-EXTRA.
+ *
+ * GnuTLS-extra is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *               
+ * GnuTLS-extra is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *                               
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/* This file includes all functions that were in the 0.5.x and 0.8.x
+ * gnutls API. They are now implemented over the new certificate parsing
+ * API.
+ */
+
+#include "gnutls_int.h"
+
+#include <string.h>		/* memset */
+#include <x509/x509_int.h>
+#include <libtasn1.h>
+#include <gnutls/x509.h>
+#include <openssl_compat.h>
+
+/*-
+ * gnutls_x509_extract_certificate_dn:
+ * @cert: should contain an X.509 DER encoded certificate
+ * @ret: a pointer to a structure to hold the peer's name
+ *
+ * This function will return the name of the certificate holder. The name is gnutls_x509_dn structure and
+ * is a obtained by the peer's certificate. If the certificate send by the
+ * peer is invalid, or in any other failure this function returns error.
+ * Returns a negative error code in case of an error.
+ -*/
+int
+gnutls_x509_extract_certificate_dn(const gnutls_datum_t * cert,
+				   gnutls_x509_dn * ret)
+{
+	gnutls_x509_crt_t xcert;
+	int result;
+	size_t len;
+
+	result = gnutls_x509_crt_init(&xcert);
+	if (result < 0)
+		return result;
+
+	result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);
+	if (result < 0) {
+		gnutls_x509_crt_deinit(xcert);
+		return result;
+	}
+
+	len = sizeof(ret->country);
+	gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_X520_COUNTRY_NAME,
+				      0, 0, ret->country, &len);
+
+	len = sizeof(ret->organization);
+	gnutls_x509_crt_get_dn_by_oid(xcert,
+				      GNUTLS_OID_X520_ORGANIZATION_NAME, 0,
+				      0, ret->organization, &len);
+
+	len = sizeof(ret->organizational_unit_name);
+	gnutls_x509_crt_get_dn_by_oid(xcert,
+				      GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+				      0, 0, ret->organizational_unit_name,
+				      &len);
+
+	len = sizeof(ret->common_name);
+	gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_X520_COMMON_NAME,
+				      0, 0, ret->common_name, &len);
+
+	len = sizeof(ret->locality_name);
+	gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_X520_LOCALITY_NAME,
+				      0, 0, ret->locality_name, &len);
+
+	len = sizeof(ret->state_or_province_name);
+	gnutls_x509_crt_get_dn_by_oid(xcert,
+				      GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
+				      0, 0, ret->state_or_province_name,
+				      &len);
+
+	len = sizeof(ret->email);
+	gnutls_x509_crt_get_dn_by_oid(xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0,
+				      ret->email, &len);
+
+	gnutls_x509_crt_deinit(xcert);
+
+	return 0;
+}
+
+/*-
+ * gnutls_x509_extract_certificate_issuer_dn:
+ * @cert: should contain an X.509 DER encoded certificate
+ * @ret: a pointer to a structure to hold the issuer's name
+ *
+ * This function will return the name of the issuer stated in the certificate. The name is a gnutls_x509_dn structure and
+ * is a obtained by the peer's certificate. If the certificate send by the
+ * peer is invalid, or in any other failure this function returns error.
+ * Returns a negative error code in case of an error.
+ -*/
+int
+gnutls_x509_extract_certificate_issuer_dn(const gnutls_datum_t * cert,
+					  gnutls_x509_dn * ret)
+{
+	gnutls_x509_crt_t xcert;
+	int result;
+	size_t len;
+
+	result = gnutls_x509_crt_init(&xcert);
+	if (result < 0)
+		return result;
+
+	result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER);
+	if (result < 0) {
+		gnutls_x509_crt_deinit(xcert);
+		return result;
+	}
+
+	len = sizeof(ret->country);
+	gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+					     GNUTLS_OID_X520_COUNTRY_NAME,
+					     0, 0, ret->country, &len);
+
+	len = sizeof(ret->organization);
+	gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+					     GNUTLS_OID_X520_ORGANIZATION_NAME,
+					     0, 0, ret->organization,
+					     &len);
+
+	len = sizeof(ret->organizational_unit_name);
+	gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+					     GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+					     0, 0,
+					     ret->organizational_unit_name,
+					     &len);
+
+	len = sizeof(ret->common_name);
+	gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+					     GNUTLS_OID_X520_COMMON_NAME,
+					     0, 0, ret->common_name, &len);
+
+	len = sizeof(ret->locality_name);
+	gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+					     GNUTLS_OID_X520_LOCALITY_NAME,
+					     0, 0, ret->locality_name,
+					     &len);
+
+	len = sizeof(ret->state_or_province_name);
+	gnutls_x509_crt_get_issuer_dn_by_oid(xcert,
+					     GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME,
+					     0, 0,
+					     ret->state_or_province_name,
+					     &len);
+
+	len = sizeof(ret->email);
+	gnutls_x509_crt_get_issuer_dn_by_oid(xcert, GNUTLS_OID_PKCS9_EMAIL,
+					     0, 0, ret->email, &len);
+
+	gnutls_x509_crt_deinit(xcert);
+
+	return 0;
+}