diff --git a/Makefile.in b/Makefile.in index bc4ad622..c0ccf605 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2001-2008 Joe Orton +# Copyright (C) 2001-2006 Joe Orton # Copyright (C) 1994, 1995-8, 1999, 2000 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -59,11 +59,10 @@ MSGMERGE = msgmerge LINGUAS = @ALL_LINGUAS@ # The headers to distribute - making up the public interface of neon -DIST_HEADERS = ne_request.h ne_session.h ne_utils.h ne_uri.h \ - ne_socket.h ne_basic.h ne_207.h ne_props.h ne_xml.h ne_dates.h \ - ne_string.h ne_defs.h ne_locks.h ne_alloc.h ne_md5.h ne_i18n.h \ - ne_redirect.h ne_auth.h ne_compress.h ne_acl.h ne_ssl.h \ - ne_xmlreq.h ne_gnutls.h +DIST_HEADERS = ne_request.h ne_session.h ne_utils.h ne_uri.h ne_socket.h \ + ne_basic.h ne_207.h ne_props.h ne_xml.h ne_dates.h ne_string.h \ + ne_defs.h ne_locks.h ne_alloc.h ne_md5.h ne_i18n.h ne_redirect.h \ + ne_auth.h ne_compress.h ne_acl.h ne_ssl.h ne_xmlreq.h all: subdirs @@ -149,8 +148,7 @@ install-memleak: @echo "ERROR: purposes only; this copy of neon must not be installed." @false -install-yes: install-lib install-headers install-config install-docs install-nls \ - install-lib-ssl-@NE_SSL_LIBNAME@ +install-yes: install-lib install-headers install-config install-docs install-nls # libtool does all the necessary magic here install-lib: subdirs @@ -158,13 +156,6 @@ install-lib: subdirs $(LIBTOOL) --mode=install $(INSTALL) src/libneon.la \ $(DESTDIR)$(libdir)/libneon.la -install-lib-ssl-none: -install-lib-ssl-gnutls: - $(LIBTOOL) --mode=install $(INSTALL) src/libneon-@NE_SSL_LIBNAME@.la \ - $(DESTDIR)$(libdir)/libneon-@NE_SSL_LIBNAME@.la - $(INSTALL_DATA) neon-@NE_SSL_LIBNAME@.pc \ - $(DESTDIR)$(pkgconfigdir)/neon-@NE_SSL_LIBNAME@.pc - install-headers: $(INSTALL) -d $(DESTDIR)$(neonincludes) @for h in $(DIST_HEADERS); do \ diff --git a/configure.in b/configure.in index fdaf0a20..690c0362 100644 --- a/configure.in +++ b/configure.in @@ -6,7 +6,7 @@ m4_define(ne_version, [m4_translit(m4_include(.version), [ AC_INIT(neon, ne_version, [neon@webdav.org]) -AC_COPYRIGHT([Copyright 2000-2008 Joe Orton and others +AC_COPYRIGHT([Copyright 2000-2005 Joe Orton and others This configure script may be copied, distributed and modified under the terms of the GNU Library General Public license; see src/COPYING.LIB for more details.]) @@ -138,17 +138,15 @@ fi AC_SUBST(NEON_PC_LIBS) # Pass the interface version on to libtool when linking libneon.la -NE_LIBNEON_LTFLAGS="-version-info ${NE_LIBTOOL_VERSINFO}" +NEON_LINK_FLAGS="-version-info ${NE_LIBTOOL_VERSINFO}" # If any non-default ABI variations are used, add them to the SONAME: if test "x${NE_LIBTOOL_RELEASE}y" != "xy"; then - NE_LIBNEON_LTFLAGS="${NE_LIBNEON_LTFLAGS} -release ${NE_LIBTOOL_RELEASE}" + NEON_LINK_FLAGS="${NEON_LINK_FLAGS} -release ${NE_LIBTOOL_RELEASE}" fi # Library-internal symbols are in the ne__ namespace: tell libtool # to not export these from the built library if possible. -NE_LIBNEON_LTFLAGS="$NE_LIBNEON_LTFLAGS -export-symbols-regex '^ne_[[^_]]'" - -NE_LIBSSL_LTFLAGS="-version-info 1:0:0" +NEON_LINK_FLAGS="$NEON_LINK_FLAGS -export-symbols-regex '^ne_[[^_]]'" # Bundled language catalogs ALL_LINGUAS="cs de fr ja nn pl ru tr zh" @@ -156,9 +154,6 @@ AC_SUBST(ALL_LINGUAS) AC_CONFIG_FILES([neon-config], [chmod +x neon-config]) AC_CONFIG_FILES([Makefile src/Makefile test/Makefile neon.pc]) -if test x$NE_SSL_LIBNAME = xgnutls; then - AC_CONFIG_FILES([neon-gnutls.pc]) -fi AC_SUBST(NEON_VERSION) AC_SUBST(NEON_BUILD_BUNDLED) diff --git a/macros/neon.m4 b/macros/neon.m4 index 6d7c08eb..8e17632e 100644 --- a/macros/neon.m4 +++ b/macros/neon.m4 @@ -777,19 +777,18 @@ else NE_ENABLE_SUPPORT(DAV, [WebDAV support is enabled]) fi -AC_SUBST(NEON_LIBEXT) +AC_SUBST(NEON_TARGET) AC_SUBST(NEON_OBJEXT) AC_SUBST(NEONOBJS) AC_SUBST(NEON_EXTRAOBJS) -AC_SUBST(NE_LIBNEON_LTFLAGS) -AC_SUBST(NE_LIBSSL_LTFLAGS) +AC_SUBST(NEON_LINK_FLAGS) ]) # The libtoolized build case: AC_DEFUN([NEON_LIBTOOL_BUILD], [ -NEON_LIBEXT=la +NEON_TARGET=libneon.la NEON_OBJEXT=lo NEON_COMMON_BUILD($#, $*) @@ -812,7 +811,7 @@ AC_PATH_TOOL(RANLIB, ranlib, :, $ne_PATH) # The non-libtool build case: AC_DEFUN([NEON_NORMAL_BUILD], [ -NEON_LIBEXT=a +NEON_TARGET=libneon.a NEON_OBJEXT=o AC_REQUIRE([NE_FIND_AR]) @@ -882,8 +881,6 @@ AC_ARG_WITH(ssl, AC_ARG_WITH(egd, [[ --with-egd[=PATH] enable EGD support [using EGD socket at PATH]]]) -NE_SSL_LIBNAME=none - case $with_ssl in /*) AC_MSG_NOTICE([to use SSL libraries in non-standard locations, try --with-ssl --with-libs=$with_ssl]) @@ -952,8 +949,7 @@ gnutls) ;; esac - NE_SSL_CFLAGS=`$GNUTLS_CONFIG --cflags` - CPPFLAGS="$CPPFLAGS $NE_SSL_CFLAGS" + CPPFLAGS="$CPPFLAGS `$GNUTLS_CONFIG --cflags`" AC_CHECK_HEADER([gnutls/gnutls.h],, [AC_MSG_ERROR([could not find gnutls/gnutls.h in include path])]) @@ -964,15 +960,12 @@ gnutls) AC_DEFINE([HAVE_GNUTLS], 1, [Define if GnuTLS support is enabled]) # Check for functions in later releases - NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \ - gnutls_sign_callback_set]) + NE_CHECK_FUNCS(gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava) # Check for iconv support if using the new RDN access functions: if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then AC_CHECK_FUNCS(iconv) fi - - NE_SSL_LIBNAME=gnutls ;; *) # Default to off; only create crypto-enabled binaries if requested. NE_DISABLE_SUPPORT(SSL, [SSL support is not enabled]) @@ -980,9 +973,7 @@ gnutls) NEON_EXTRAOBJS="$NEON_EXTRAOBJS ne_stubssl" ;; esac - -AC_SUBST(NE_SSL_LIBNAME) -AC_SUBST(NE_SSL_CFLAGS) +AC_SUBST(NEON_SUPPORTS_SSL) AC_ARG_WITH(ca-bundle, AS_HELP_STRING(--with-ca-bundle, specify filename of an SSL CA root bundle),, diff --git a/neon-config.in b/neon-config.in index 1114cde3..34751223 100644 --- a/neon-config.in +++ b/neon-config.in @@ -1,6 +1,6 @@ #! /bin/sh # Originally from libxml, Copyright (C) Daniel Veillard -# Adapted for neon, Copyright (C) 2000-2008 Joe Orton. +# Modifications for neon Copyright (C) 2000-2006 Joe Orton. prefix=@prefix@ exec_prefix=@exec_prefix@ @@ -17,9 +17,7 @@ Known values for OPTION are: --prefix=DIR change neon prefix [default $prefix] --libs print library linking information --la-file print location of libtool .la file - --la-file=gnutls print location of libneon-gnutls .la file --cflags print pre-processor and compiler flags - --cflags-gnutls print additional CFLAGS needed by ne_gnutls.h --help display this help and exit --version output version information --support FEATURE exit with success if feature is supported @@ -70,14 +68,6 @@ while test $# -gt 0; do usage 0 ;; - --cflags=gnutls) - if [ "x@NE_SSL_LIBNAME@" = "xgnutls" ]; then - echo @NE_SSL_CFLAGS@ - else - echo neon-config: GnuTLS toolkit interface not supported - fi - ;; - --cflags) echo -I${includedir}/neon @NEON_CFLAGS@ ;; @@ -95,14 +85,6 @@ while test $# -gt 0; do echo ${libdir}/libneon.la ;; - --la-file=gnutls) - if [ "x@NE_SSL_LIBNAME@" = "xgnutls" ]; then - echo ${libdir}/libneon-gnutls.la - else - echo neon-config: GnuTLS toolkit interface not supported - fi - ;; - --support) shift @@ -119,8 +101,7 @@ while test $# -gt 0; do ;; *) - echo "neon-config: unrecognized option $1, see --help" 1>&2 - exit 1 + usage 1 1>&2 ;; esac shift diff --git a/neon-gnutls.pc.in b/neon-gnutls.pc.in deleted file mode 100644 index 31661c71..00000000 --- a/neon-gnutls.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: neon-gnutls -Description: neon/GnuTLS integration layer -Version: @NEON_VERSION@ -Requires: neon = @NEON_VERSION@, gnutls -Libs: -L${libdir} -lneon-gnutls -Cflags: -I${includedir}/neon @NE_SSL_CFLAGS@ diff --git a/src/Makefile.in b/src/Makefile.in index 6a63c9ac..4f8af46e 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -27,8 +27,7 @@ LIBTOOL = @LIBTOOL@ CPPFLAGS = @DEFS@ @CPPFLAGS@ CFLAGS = @CFLAGS@ LDFLAGS = @LDFLAGS@ -NE_LIBNEON_LTFLAGS = @NE_LIBNEON_LTFLAGS@ -NE_LIBSSL_LTFLAGS = @NE_LIBSSL_LTFLAGS@ +NEON_LINK_FLAGS = @NEON_LINK_FLAGS@ # Note: don't substitute @LIBS@ in here; during a bundled # build of this directory, @LIBS@ may include -lneon. LIBS = @NEON_LIBS@ @NEON_LTLIBS@ @@ -36,12 +35,12 @@ LIBS = @NEON_LIBS@ @NEON_LTLIBS@ COMPILE = $(CC) $(CPPFLAGS) $(CFLAGS) LINK = $(LIBTOOL) --quiet --mode=link $(CC) -no-undefined $(LDFLAGS) -NEON_BASEOBJS = ne_request.@NEON_OBJEXT@ ne_session.@NEON_OBJEXT@ \ - ne_basic.@NEON_OBJEXT@ ne_string.@NEON_OBJEXT@ \ - ne_uri.@NEON_OBJEXT@ ne_dates.@NEON_OBJEXT@ ne_alloc.@NEON_OBJEXT@ \ - ne_md5.@NEON_OBJEXT@ ne_utils.@NEON_OBJEXT@ \ - ne_socket.@NEON_OBJEXT@ ne_auth.@NEON_OBJEXT@ \ - ne_redirect.@NEON_OBJEXT@ ne_compress.@NEON_OBJEXT@ \ +NEON_BASEOBJS = ne_request.@NEON_OBJEXT@ ne_session.@NEON_OBJEXT@ \ + ne_basic.@NEON_OBJEXT@ ne_string.@NEON_OBJEXT@ \ + ne_uri.@NEON_OBJEXT@ ne_dates.@NEON_OBJEXT@ ne_alloc.@NEON_OBJEXT@ \ + ne_md5.@NEON_OBJEXT@ ne_utils.@NEON_OBJEXT@ \ + ne_socket.@NEON_OBJEXT@ ne_auth.@NEON_OBJEXT@ \ + ne_redirect.@NEON_OBJEXT@ ne_compress.@NEON_OBJEXT@ \ ne_i18n.@NEON_OBJEXT@ NEON_DAVOBJS = $(NEON_BASEOBJS) \ @@ -54,41 +53,30 @@ OBJECTS = @NEONOBJS@ @NEON_EXTRAOBJS@ .SUFFIXES: .SUFFIXES: .c .lo .o -.PHONY: all all-yes all-no libneon-gnutls libneon-none check-incl \ - clean check-c++ update-deps +NEON_TARGET = @NEON_TARGET@ +# Thanks to gettext for this neat trick. all: all-@NEON_BUILD_BUNDLED@ -all-yes: libneon.@NEON_LIBEXT@ libneon-@NE_SSL_LIBNAME@ + +all-yes: $(NEON_TARGET) all-no: @echo "Bundled neon build not being used." -libneon-gnutls: libneon-gnutls.@NEON_LIBEXT@ -libneon-none: - @: - .c.lo: $(LIBTOOL) --quiet --mode=compile $(COMPILE) -c $< -o $@ .c.o: $(COMPILE) -c $< -o $@ libneon.la: $(OBJECTS) - $(LINK) -rpath $(libdir) $(NE_LIBNEON_LTFLAGS) -o $@ $(OBJECTS) $(LIBS) + $(LINK) -rpath $(libdir) $(NEON_LINK_FLAGS) -o $@ $(OBJECTS) $(LIBS) libneon.a: $(OBJECTS) @rm -f $@ $(AR) cru $@ $(OBJECTS) $(RANLIB) $@ -libneon-@NE_SSL_LIBNAME@.a: lib_@NE_SSL_LIBNAME@.lo - @rm -f $@ - $(AR) cru $@ @NE_SSL_LIBNAME@.lo - $(RANLIB) $@ - -libneon-@NE_SSL_LIBNAME@.la: libneon.la lib_@NE_SSL_LIBNAME@.lo - $(LINK) -rpath $(libdir) $(NE_LIBSSL_LTFLAGS) -o $@ lib_@NE_SSL_LIBNAME@.lo ./libneon.la - clean: - rm -f *.la *.o *.lo *.bbg *.bb *.gc* + rm -f $(NEON_TARGET) *.o *.lo *.bbg *.bb *.gc* rm -rf .libs c++.c: @@ -106,21 +94,13 @@ check-incl: # Update generated dependencies below; requires cc -MM as in gcc. update-deps: - for f in `echo $(OBJECTS) | sed 's/\\.@NEON_OBJEXT@/.c/g;s/ne_gnutls.c//;s/ne_openssl.c//'`; do \ + for f in `echo $(OBJECTS) | sed 's/\\.@NEON_OBJEXT@/.c/g'`; do \ $(CC) $(CPPFLAGS) -MM -c $$f; \ done | sed 's, \.\./, $$(top_builddir)/,g;s/\.o: /.@NEON''_OBJEXT@: /' > new-deps sed '/[-]--CUT---/q' Makefile.in > Makefile.new cat Makefile.new new-deps > Makefile.in rm new-deps Makefile.new -ne_openssl.@NEON_OBJEXT@: ne_openssl.c $(top_builddir)/config.h ne_ssl.h ne_defs.h ne_string.h \ - ne_alloc.h ne_session.h ne_uri.h ne_socket.h ne_internal.h ne_private.h \ - ne_request.h ne_utils.h ne_privssl.h -ne_gnutls.@NEON_OBJEXT@: ne_gnutls.c $(top_builddir)/config.h ne_ssl.h ne_defs.h ne_string.h \ - ne_alloc.h ne_session.h ne_uri.h ne_socket.h ne_internal.h ne_private.h \ - ne_request.h ne_utils.h ne_privssl.h -lib_gnutls.@NEON_OBJEXT@: lib_gnutls.c $(top_builddir)/config.h ne_privssl.h ne_defs.h \ - ne_socket.h ne_gnutls.h #### ---CUT--- DO NOT REMOVE THIS LINE. Generated dependencies follow. #### ne_request.@NEON_OBJEXT@: ne_request.c $(top_builddir)/config.h ne_internal.h ne_defs.h ne_alloc.h \ ne_request.h ne_utils.h ne_string.h ne_session.h ne_ssl.h ne_uri.h \ @@ -137,11 +117,10 @@ ne_dates.@NEON_OBJEXT@: ne_dates.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_string.h ne_alloc.@NEON_OBJEXT@: ne_alloc.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_md5.@NEON_OBJEXT@: ne_md5.c $(top_builddir)/config.h ne_md5.h ne_defs.h ne_string.h ne_alloc.h -ne_utils.@NEON_OBJEXT@: ne_utils.c $(top_builddir)/config.h ne_utils.h ne_defs.h \ - ne_string.h ne_alloc.h ne_dates.h -ne_socket.@NEON_OBJEXT@: ne_socket.c $(top_builddir)/config.h ne_privssl.h ne_ssl.h \ - ne_defs.h ne_socket.h ne_internal.h ne_utils.h ne_string.h ne_alloc.h \ - ne_sspi.h +ne_utils.@NEON_OBJEXT@: ne_utils.c $(top_builddir)/config.h ne_utils.h ne_defs.h ne_string.h \ + ne_alloc.h ne_dates.h +ne_socket.@NEON_OBJEXT@: ne_socket.c $(top_builddir)/config.h ne_privssl.h ne_ssl.h ne_defs.h \ + ne_socket.h ne_internal.h ne_utils.h ne_string.h ne_alloc.h ne_sspi.h ne_auth.@NEON_OBJEXT@: ne_auth.c $(top_builddir)/config.h ne_md5.h ne_defs.h ne_dates.h \ ne_request.h ne_utils.h ne_string.h ne_alloc.h ne_session.h ne_ssl.h \ ne_uri.h ne_socket.h ne_auth.h ne_internal.h @@ -170,3 +149,9 @@ ne_xmlreq.@NEON_OBJEXT@: ne_xmlreq.c $(top_builddir)/config.h ne_internal.h ne_d ne_acl.@NEON_OBJEXT@: ne_acl.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h ne_socket.h \ ne_locks.h ne_acl.h ne_xml.h +ne_openssl.@NEON_OBJEXT@: ne_openssl.c $(top_builddir)/config.h ne_ssl.h ne_defs.h ne_string.h \ + ne_alloc.h ne_session.h ne_uri.h ne_socket.h ne_internal.h ne_private.h \ + ne_request.h ne_utils.h ne_privssl.h +ne_gnutls.@NEON_OBJEXT@: ne_gnutls.c $(top_builddir)/config.h ne_ssl.h ne_defs.h ne_string.h \ + ne_alloc.h ne_session.h ne_uri.h ne_socket.h ne_internal.h ne_private.h \ + ne_request.h ne_utils.h ne_privssl.h diff --git a/src/lib_gnutls.c b/src/lib_gnutls.c deleted file mode 100644 index 963227fc..00000000 --- a/src/lib_gnutls.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - neon GnuTLS support library - Copyright (C) 2008, Joe Orton - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA -*/ - -#include "config.h" - -#include "ne_gnutls.h" -#include "ne_private.h" -#include "ne_privssl.h" - -#ifdef HAVE_GNUTLS_SIGN_CALLBACK_SET -void ne_ssl_set_gnutls_signcb(ne_session *sess, - gnutls_sign_func func, - void *userdata) -{ - sess->ssl_context->sign_func = func; - sess->ssl_context->sign_data = userdata; -} -#endif diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c index 924f6358..c807ff78 100644 --- a/src/ne_gnutls.c +++ b/src/ne_gnutls.c @@ -1,6 +1,6 @@ /* neon SSL/TLS support using GNU TLS - Copyright (C) 2002-2008, Joe Orton + Copyright (C) 2002-2007, Joe Orton Copyright (C) 2004, Aleix Conchillo Flaque This library is free software; you can redistribute it and/or @@ -69,7 +69,6 @@ struct ne_ssl_certificate_s { struct ne_ssl_client_cert_s { gnutls_pkcs12 p12; int decrypted; /* non-zero if successfully decrypted. */ - int keyless; ne_ssl_certificate cert; gnutls_x509_privkey pkey; char *friendly_name; @@ -503,18 +502,13 @@ static ne_ssl_client_cert *dup_client_cert(const ne_ssl_client_cert *cc) ne_ssl_client_cert *newcc = ne_calloc(sizeof *newcc); newcc->decrypted = 1; - - if (cc->keyless) { - newcc->keyless = 1; - } - else { - ret = gnutls_x509_privkey_init(&newcc->pkey); - if (ret != 0) goto dup_error; - - ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey); - if (ret != 0) goto dup_error; - } + ret = gnutls_x509_privkey_init(&newcc->pkey); + if (ret != 0) goto dup_error; + + ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey); + if (ret != 0) goto dup_error; + newcc->cert.subject = x509_crt_copy(cc->cert.subject); if (!newcc->cert.subject) goto dup_error; @@ -820,8 +814,7 @@ static int read_to_datum(const char *filename, gnutls_datum *datum) /* Parses a PKCS#12 structure and loads the certificate, private key * and friendly name if possible. Returns zero on success, non-zero - * on error. pkey may be NULL, in which case any contained private key - * is ignored. */ + * on error. */ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, gnutls_x509_crt *x5, char **friendly_name, const char *password) @@ -857,8 +850,6 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, switch (type) { case GNUTLS_BAG_PKCS8_KEY: case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: - if (!pkey) continue; - gnutls_x509_privkey_init(pkey); ret = gnutls_pkcs12_bag_get_data(bag, j, &data); @@ -900,7 +891,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, return ret; } -static ne_ssl_client_cert *read_client_cert(const char *filename, int key_required) +ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) { int ret; gnutls_datum data; @@ -925,15 +916,7 @@ static ne_ssl_client_cert *read_client_cert(const char *filename, int key_requir } if (gnutls_pkcs12_verify_mac(p12, "") == 0) { - if (pkcs12_parse(p12, key_required ? &pkey : NULL, &cert, - &friendly_name, "") != 0) { - gnutls_pkcs12_deinit(p12); - return NULL; - } - - if (!cert || (!pkey && key_required)) { - if (cert) gnutls_x509_crt_deinit(cert); - if (pkey) gnutls_x509_privkey_deinit(pkey); + if (pkcs12_parse(p12, &pkey, &cert, &friendly_name, "") != 0) { gnutls_pkcs12_deinit(p12); return NULL; } @@ -941,7 +924,6 @@ static ne_ssl_client_cert *read_client_cert(const char *filename, int key_requir cc = ne_calloc(sizeof *cc); cc->pkey = pkey; cc->decrypted = 1; - cc->keyless = !key_required; cc->friendly_name = friendly_name; populate_cert(&cc->cert, cert); gnutls_pkcs12_deinit(p12); @@ -952,21 +934,10 @@ static ne_ssl_client_cert *read_client_cert(const char *filename, int key_requir * seems to break horribly. */ cc = ne_calloc(sizeof *cc); cc->p12 = p12; - cc->keyless = !key_required; return cc; } } -ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) -{ - return read_client_cert(filename, 1); -} - -ne_ssl_client_cert *ne_ssl_clicert_exkey_read(const char *filename) -{ - return read_client_cert(filename, 0); -} - int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *cc) { return !cc->decrypted; @@ -985,12 +956,6 @@ int ne_ssl_clicert_decrypt(ne_ssl_client_cert *cc, const char *password) ret = pkcs12_parse(cc->p12, &pkey, &cert, NULL, password); if (ret < 0) return ret; - - if (!cert || (!pkey && !cc->keyless)) { - if (cert) gnutls_x509_crt_deinit(cert); - if (pkey) gnutls_x509_privkey_deinit(pkey); - return -1; - } gnutls_pkcs12_deinit(cc->p12); populate_cert(&cc->cert, cert); diff --git a/src/ne_gnutls.h b/src/ne_gnutls.h deleted file mode 100644 index 3cccdb1a..00000000 --- a/src/ne_gnutls.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - Direct GnuTLS interfaces for neon - Copyright (C) 2008, Joe Orton - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA - -*/ - -/* ne_gnutls.h defines an interface for direct access to GnuTLS - * functions with neon. This interface is implemented by a separate - * library to libneon itself, named libneon-gnutls. Any applications - * using interfaces defined in this header file must link against - * libneon-gnutls in addition to libneon. */ - -/* N.B. These interfaces exist essentially to allow layering - * violations; for interfaces to the SSL toolkit where no - * toolkit-independent abstraction is possible. */ - -#ifndef NE_GNUTLS_H -#define NE_GNUTLS_H 1 - -#include -#include - -#include "ne_defs.h" -#include "ne_session.h" - -NE_BEGIN_DECLS - -#if LIBGNUTLS_VERSION_NUMBER >= 0x010711 -#define NE_HAVE_SSL_SET_GNUTLS_SIGNCB 1 -#endif - -#ifdef NE_HAVE_SSL_SET_GNUTLS_SIGNCB -/* Install 'func' as an external signing function; see GnuTLS - * documentation for gnutls_sign_callback_set(). */ -void ne_ssl_set_gnutls_signcb(ne_session *sess, - gnutls_sign_func func, - void *userdata); -#endif - -NE_END_DECLS - -#endif /* NE_GNUTLS_H */ diff --git a/src/ne_openssl.c b/src/ne_openssl.c index dcdafb55..5f480ac4 100644 --- a/src/ne_openssl.c +++ b/src/ne_openssl.c @@ -1,6 +1,6 @@ /* neon SSL/TLS support using OpenSSL - Copyright (C) 2002-2008, Joe Orton + Copyright (C) 2002-2007, Joe Orton Portions are: Copyright (C) 1999-2000 Tommi Komulainen @@ -797,14 +797,7 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) if (PKCS12_parse(p12, NULL, &pkey, &cert, NULL) == 1) { /* Success - no password needed for decryption. */ int len = 0; - unsigned char *name; - - if (!cert || !pkey) { - PKCS12_free(p12); - return NULL; - } - - name = X509_alias_get0(cert, &len); + unsigned char *name = X509_alias_get0(cert, &len); cc = ne_calloc(sizeof *cc); cc->pkey = pkey; @@ -833,11 +826,6 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) } } -ne_ssl_client_cert *ne_ssl_clicert_exkey_read(const char *filename) -{ - return NULL; -} - int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *cc) { return !cc->decrypted; diff --git a/src/ne_privssl.h b/src/ne_privssl.h index 46c28cb5..7222688b 100644 --- a/src/ne_privssl.h +++ b/src/ne_privssl.h @@ -1,6 +1,6 @@ /* SSL interface definitions internal to neon. - Copyright (C) 2003-2005, 2008, Joe Orton + Copyright (C) 2003-2005, Joe Orton Copyright (C) 2004, Aleix Conchillo Flaque This library is free software; you can redistribute it and/or @@ -70,11 +70,6 @@ struct ne_ssl_context_s { } client; #endif } cache; - -#ifdef HAVE_GNUTLS_SIGN_CALLBACK_SET - gnutls_sign_func sign_func; - void *sign_data; -#endif }; typedef gnutls_session ne_ssl_socket; diff --git a/src/ne_socket.c b/src/ne_socket.c index 9700a1c3..fd3f5506 100644 --- a/src/ne_socket.c +++ b/src/ne_socket.c @@ -1534,11 +1534,6 @@ int ne_sock_connect_ssl(ne_socket *sock, ne_ssl_context *ctx, void *userdata) gnutls_session_set_ptr(sock->ssl, userdata); gnutls_credentials_set(sock->ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); -#ifdef HAVE_GNUTLS_SIGN_CALLBACK_SET - if (ctx->sign_func) - gnutls_sign_callback_set(sock->ssl, ctx->sign_func, ctx->sign_data); -#endif - if (ctx->hostname) { gnutls_server_name_set(sock->ssl, GNUTLS_NAME_DNS, ctx->hostname, strlen(ctx->hostname)); diff --git a/src/ne_ssl.h b/src/ne_ssl.h index 2184ec8a..d50eff65 100644 --- a/src/ne_ssl.h +++ b/src/ne_ssl.h @@ -1,6 +1,6 @@ /* SSL/TLS abstraction layer for neon - Copyright (C) 2003-2008, Joe Orton + Copyright (C) 2003-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -119,21 +119,11 @@ void ne_ssl_cert_free(ne_ssl_certificate *cert); /* A client certificate (and private key). */ typedef struct ne_ssl_client_cert_s ne_ssl_client_cert; -/* Read a client certificate and private key from a PKCS#12-format - * file; returns NULL if the file could not be parsed, otherwise - * returns a client certificate object. */ +/* Read a client certificate and private key from a PKCS12 file; + * returns NULL if the file could not be parsed, or otherwise + * returning a client certificate object. */ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename); -/* Read a client certificate from a PKCS#12-format file which does not - * contain a private key; returns NULL if the file could not be - * parsed, or otherwise returns a client certificate object. (Even if - * the file does contain a private key, it will be ignored). - * - * The client cert object returned here must only be passed to - * ne_ssl_set_clicert if an external signing callback is also used - * (see ne_ssl_set_gnutls_signcb). */ -ne_ssl_client_cert *ne_ssl_clicert_exkey_read(const char *filename); - /* Returns the "friendly name" given for the client cert, or NULL if * none given. This can be called before or after the client cert has * been decrypted. Returns a NUL-terminated, UTF-8-encoded string. */ diff --git a/src/ne_stubssl.c b/src/ne_stubssl.c index d025f253..77f90558 100644 --- a/src/ne_stubssl.c +++ b/src/ne_stubssl.c @@ -1,6 +1,6 @@ /* Stubs for SSL support when no SSL library has been configured - Copyright (C) 2002-2006, 2008, Joe Orton + Copyright (C) 2002-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -63,11 +63,6 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) return NULL; } -ne_ssl_client_cert *ne_ssl_clicert_exkey_read(const char *filename) -{ - return NULL; -} - const ne_ssl_certificate *ne_ssl_clicert_owner(const ne_ssl_client_cert *ccert) { return NULL; diff --git a/test/makekeys.sh b/test/makekeys.sh index 21d0f441..dff78362 100755 --- a/test/makekeys.sh +++ b/test/makekeys.sh @@ -167,15 +167,6 @@ echo | ${MKPKCS12} -name "An Unencrypted Neon Client Cert" -out unclient.p12 # generate a PKCS#12 cert with no friendly name echo | ${MKPKCS12} -out noclient.p12 -# generate a PKCS#12 cert with no private keys -echo | ${MKPKCS12} -nokeys -out nkclient.p12 - -# generate a PKCS#12 cert without the cert -echo | ${MKPKCS12} -nokeys -out ncclient.p12 - -# generate an encoded PKCS#12 cert with no private keys -echo foobar | ${MKPKCS12} -nokeys -out enkclient.p12 - # a PKCS#12 cert including a bundled CA cert echo foobar | ${MKPKCS12} -certfile ca/cert.pem -name "A Neon Client Cert With CA" -out clientca.p12 diff --git a/test/ssl.c b/test/ssl.c index 61471906..f3c6c8cd 100644 --- a/test/ssl.c +++ b/test/ssl.c @@ -1,6 +1,6 @@ /* neon test suite - Copyright (C) 2002-2008, Joe Orton + Copyright (C) 2002-2007, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -294,11 +294,8 @@ static int load_client_cert(void) ONN("could not load client.p12", cc == NULL); ONN("client.p12 not encrypted!?", !ne_ssl_clicert_encrypted(cc)); name = ne_ssl_clicert_name(cc); - if (name == NULL) { - t_warning("no friendly name given"); - } else { - ONV(strcmp(name, CC_NAME), ("friendly name was %s not %s", name, CC_NAME)); - } + ONN("no friendly name given", name == NULL); + ONV(strcmp(name, CC_NAME), ("friendly name was %s not %s", name, CC_NAME)); ONN("failed to decrypt", ne_ssl_clicert_decrypt(cc, "foobar")); ne_ssl_clicert_free(cc); @@ -328,31 +325,13 @@ static int load_client_cert(void) ONV(name != NULL, ("noclient.p12 had friendly name `%s'", name)); ne_ssl_clicert_free(cc); - /* test for ccert with a bundled CA. */ + /* test for ccert without a friendly name, noclient.p12 */ cc = ne_ssl_clicert_read("clientca.p12"); ONN("could not load clientca.p12", cc == NULL); ONN("encrypted cert marked unencrypted?", !ne_ssl_clicert_encrypted(cc)); ONN("could not decrypt clientca.p12", ne_ssl_clicert_decrypt(cc, "foobar")); ne_ssl_clicert_free(cc); - /* test for ccert without a private key, nkclient.p12 */ - cc = ne_ssl_clicert_read("nkclient.p12"); - ONN("did not fail to load clicert without pkey", cc != NULL); - - cc = ne_ssl_clicert_exkey_read("nkclient.p12"); - ONN("failed to load clicert without pkey", cc == NULL); - ONN("unencrypted cert marked encrypted?", ne_ssl_clicert_encrypted(cc)); - ne_ssl_clicert_free(cc); - - /* test for ccert without a cert, ncclient.p12 */ - cc = ne_ssl_clicert_read("ncclient.p12"); - ONN("did not fail to load clicert without cert", cc != NULL); - - cc = ne_ssl_clicert_exkey_read("enkclient.p12"); - ONN("failed to load clicert without pkey", cc == NULL); - ONN("encrypted cert marked unencrypted?", !ne_ssl_clicert_encrypted(cc)); - ne_ssl_clicert_free(cc); - /* tests for loading bogus files. */ cc = ne_ssl_clicert_read("Makefile"); ONN("loaded Makefile as client cert!?", cc != NULL);