Author: qboosh Date: Mon Feb 28 22:15:17 2005 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- updated for 1.2.0 (remove gnutls-srpcrypt references), add missing files
(from CVS)
---- Files affected:
SOURCES:
gnutls-fix.patch (1.3 -> 1.4)
---- Diffs:
================================================================
Index: SOURCES/gnutls-fix.patch
diff -u SOURCES/gnutls-fix.patch:1.3 SOURCES/gnutls-fix.patch:1.4
--- SOURCES/gnutls-fix.patch:1.3 Mon Jun 21 22:02:36 2004
+++ SOURCES/gnutls-fix.patch Mon Feb 28 23:15:12 2005
@@ -1,15 +1,17 @@
---- gnutls-1.0.14/doc/manpages/srptool.1.orig 2004-05-08 12:52:29.000000000
+0200
-+++ gnutls-1.0.14/doc/manpages/srptool.1 2004-06-21 21:48:33.859329624
+0200
-@@ -2,6 +2,8 @@
+--- gnutls-1.2.0/doc/manpages/srptool.1.orig 2004-10-28 14:14:54.000000000
+0200
++++ gnutls-1.2.0/doc/manpages/srptool.1 2005-02-28 19:28:25.317918344
+0100
+@@ -1,8 +1,8 @@
+-.TH gnutls\-srpcrypt 1 "December 1st 2003"
++.TH srptool 1 "December 1st 2003"
.SH NAME
srptool \- Simple SRP password tool
.SH SYNOPSIS
+-gnutls\-srpcrypt [\fIoptions\fR]
+srptool [\fIoptions\fR]
-+.PP
- gnutls\-srpcrypt [\fIoptions\fR]
.SH DESCRIPTION
Very simple program that emulates the programs in the Stanford SRP
-@@ -34,7 +36,7 @@
+ (Secure Remote Password) libraries using GNU TLS.
+@@ -34,7 +34,7 @@
.RS
.nf
@@ -18,7 +20,7 @@
.fi
.RE
-@@ -44,7 +46,7 @@
+@@ -44,7 +44,7 @@
.RS
.nf
@@ -27,7 +29,7 @@
\-\-passwd\-conf /etc/tpasswd.conf \-u test
.fi
.RE
-@@ -54,7 +56,7 @@
+@@ -54,7 +54,7 @@
.RS
.nf
@@ -36,3 +38,386 @@
\-\-passwd\-conf /etc/tpasswd.conf \-\-verify \-u test
.fi
.RE
+diff -Nur gnutls-1.2.0/doc/examples.orig/ex-client1.c
gnutls-1.2.0/doc/examples/ex-client1.c
+--- gnutls-1.2.0/doc/examples.orig/ex-client1.c 1970-01-01
01:00:00.000000000 +0100
++++ gnutls-1.2.0/doc/examples/ex-client1.c 2005-02-28 19:46:21.821264960
+0100
+@@ -0,0 +1,128 @@
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++#include <unistd.h>
++#include <gnutls/gnutls.h>
++
++/* A very basic TLS client, with anonymous authentication.
++ */
++
++#define MAX_BUF 1024
++#define SA struct sockaddr
++#define MSG "GET / HTTP/1.0\r\n\r\n"
++
++/* Connects to the peer and returns a socket
++ * descriptor.
++ */
++int tcp_connect(void)
++{
++ const char *PORT = "5556";
++ const char *SERVER = "127.0.0.1";
++ int err, sd;
++ struct sockaddr_in sa;
++
++ /* connects to server
++ */
++ sd = socket(AF_INET, SOCK_STREAM, 0);
++
++ memset(&sa, '\0', sizeof(sa));
++ sa.sin_family = AF_INET;
++ sa.sin_port = htons(atoi(PORT));
++ inet_pton(AF_INET, SERVER, &sa.sin_addr);
++
++ err = connect(sd, (SA *) & sa, sizeof(sa));
++ if (err < 0) {
++ fprintf(stderr, "Connect error\n");
++ exit(1);
++ }
++
++ return sd;
++}
++
++/* closes the given socket descriptor.
++ */
++void tcp_close(int sd)
++{
++ shutdown(sd, SHUT_RDWR); /* no more receptions */
++ close(sd);
++}
++
++int main()
++{
++ int ret, sd, ii;
++ gnutls_session_t session;
++ char buffer[MAX_BUF + 1];
++ gnutls_anon_client_credentials_t anoncred;
++ /* Need to enable anonymous KX specifically. */
++ const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
++
++ gnutls_global_init();
++
++ gnutls_anon_allocate_client_credentials(&anoncred);
++
++ /* Initialize TLS session
++ */
++ gnutls_init(&session, GNUTLS_CLIENT);
++
++ /* Use default priorities */
++ gnutls_set_default_priority(session);
++ gnutls_kx_set_priority (session, kx_prio);
++
++ /* put the anonymous credentials to the current session
++ */
++ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
++
++ /* connect to the peer
++ */
++ sd = tcp_connect();
++
++ gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd);
++
++ /* Perform the TLS handshake
++ */
++ ret = gnutls_handshake(session);
++
++ if (ret < 0) {
++ fprintf(stderr, "*** Handshake failed\n");
++ gnutls_perror(ret);
++ goto end;
++ } else {
++ printf("- Handshake was completed\n");
++ }
++
++ gnutls_record_send(session, MSG, strlen(MSG));
++
++ ret = gnutls_record_recv(session, buffer, MAX_BUF);
++ if (ret == 0) {
++ printf("- Peer has closed the TLS connection\n");
++ goto end;
++ } else if (ret < 0) {
++ fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
++ goto end;
++ }
++
++ printf("- Received %d bytes: ", ret);
++ for (ii = 0; ii < ret; ii++) {
++ fputc(buffer[ii], stdout);
++ }
++ fputs("\n", stdout);
++
++ gnutls_bye(session, GNUTLS_SHUT_RDWR);
++
++ end:
++
++ tcp_close(sd);
++
++ gnutls_deinit(session);
++
++ gnutls_anon_free_client_credentials (anoncred);
++
++ gnutls_global_deinit();
++
++ return 0;
++}
+diff -Nur gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c
gnutls-1.2.0/doc/examples/ex-rfc2818.c
+--- gnutls-1.2.0/doc/examples.orig/ex-rfc2818.c 1970-01-01
01:00:00.000000000 +0100
++++ gnutls-1.2.0/doc/examples/ex-rfc2818.c 2005-02-28 19:46:21.822264808
+0100
+@@ -0,0 +1,81 @@
++#include <gnutls/gnutls.h>
++#include <gnutls/x509.h>
++
++/* This function will try to verify the peer's certificate, and
++ * also check if the hostname matches, and the activation, expiration dates.
++ */
++void verify_certificate( gnutls_session_t session, const char* hostname)
++{
++ unsigned int status;
++ const gnutls_datum_t* cert_list;
++ int cert_list_size, ret;
++ gnutls_x509_crt_t cert;
++
++
++ /* This verification function uses the trusted CAs in the credentials
++ * structure. So you must have installed one or more CA certificates.
++ */
++ ret = gnutls_certificate_verify_peers2(session, &status);
++
++ if (ret < 0) {
++ printf("Error\n");
++ return;
++ }
++
++ if (status & GNUTLS_CERT_INVALID)
++ printf("The certificate is not trusted.\n");
++
++ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
++ printf("The certificate hasn't got a known issuer.\n");
++
++ if (status & GNUTLS_CERT_REVOKED)
++ printf("The certificate has been revoked.\n");
++
++
++ /* Up to here the process is the same for X.509 certificates and
++ * OpenPGP keys. From now on X.509 certificates are assumed. This can
++ * be easily extended to work with openpgp keys as well.
++ */
++ if ( gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
++ return;
++
++ if ( gnutls_x509_crt_init( &cert) < 0) {
++ printf("error in initialization\n");
++ return;
++ }
++
++ cert_list = gnutls_certificate_get_peers( session, &cert_list_size);
++ if ( cert_list == NULL) {
++ printf("No certificate was found!\n");
++ return;
++ }
++
++ /* This is not a real world example, since we only check the first
++ * certificate in the given chain.
++ */
++ if ( gnutls_x509_crt_import( cert, &cert_list[0], GNUTLS_X509_FMT_DER) <
0) {
++ printf("error parsing certificate\n");
++ return;
++ }
++
++ /* Beware here we do not check for errors.
++ */
++ if ( gnutls_x509_crt_get_expiration( cert) < time(0)) {
++ printf("The certificate has expired\n");
++ return;
++ }
++
++ if ( gnutls_x509_crt_get_activation_time( cert) > time(0)) {
++ printf("The certificate is not yet activated\n");
++ return;
++ }
++
++ if ( !gnutls_x509_crt_check_hostname( cert, hostname)) {
++ printf("The certificate's owner does not match hostname '%s'\n",
hostname);
++ return;
++ }
++
++ gnutls_x509_crt_deinit( cert);
++
++ return;
++}
+diff -Nur gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c
gnutls-1.2.0/doc/examples/ex-serv-anon.c
+--- gnutls-1.2.0/doc/examples.orig/ex-serv-anon.c 1970-01-01
01:00:00.000000000 +0100
++++ gnutls-1.2.0/doc/examples/ex-serv-anon.c 2005-02-28 19:46:21.822264808
+0100
+@@ -0,0 +1,162 @@
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <errno.h>
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++#include <string.h>
++#include <unistd.h>
++#include <gnutls/gnutls.h>
++
++/* This is a sample TLS 1.0 echo server, for anonymous authentication only.
++ */
++
++
++#define SA struct sockaddr
++#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
++#define MAX_BUF 1024
++#define PORT 5556 /* listen to 5556 port */
++#define DH_BITS 1024
++
++/* These are global */
++gnutls_anon_server_credentials_t anoncred;
++
++gnutls_session_t initialize_tls_session()
++{
++ gnutls_session_t session;
++ const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
++
++ gnutls_init(&session, GNUTLS_SERVER);
++
++ /* avoid calling all the priority functions, since the defaults
++ * are adequate.
++ */
++ gnutls_set_default_priority(session);
++ gnutls_kx_set_priority (session, kx_prio);
++
++ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
++
++ gnutls_dh_set_prime_bits(session, DH_BITS);
++
++ return session;
++}
++
++static gnutls_dh_params_t dh_params;
++
++static int generate_dh_params(void)
++{
++
++ /* Generate Diffie Hellman parameters - for use with DHE
++ * kx algorithms. These should be discarded and regenerated
++ * once a day, once a week or once a month. Depending on the
++ * security requirements.
++ */
++ gnutls_dh_params_init(&dh_params);
++ gnutls_dh_params_generate2(dh_params, DH_BITS);
++
++ return 0;
++}
++
++int main()
++{
++ int err, listen_sd, i;
++ int sd, ret;
++ struct sockaddr_in sa_serv;
++ struct sockaddr_in sa_cli;
++ int client_len;
++ char topbuf[512];
++ gnutls_session_t session;
++ char buffer[MAX_BUF + 1];
++ int optval = 1;
++
++ /* this must be called once in the program
++ */
++ gnutls_global_init();
++
++ gnutls_anon_allocate_server_credentials (&anoncred);
++
++ generate_dh_params();
++
++ gnutls_anon_set_server_dh_params (anoncred, dh_params);
++
++ /* Socket operations
++ */
++ listen_sd = socket(AF_INET, SOCK_STREAM, 0);
++ SOCKET_ERR(listen_sd, "socket");
++
++ memset(&sa_serv, '\0', sizeof(sa_serv));
++ sa_serv.sin_family = AF_INET;
++ sa_serv.sin_addr.s_addr = INADDR_ANY;
++ sa_serv.sin_port = htons(PORT); /* Server Port number */
++
++ setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(int));
++
++ err = bind(listen_sd, (SA *) & sa_serv, sizeof(sa_serv));
++ SOCKET_ERR(err, "bind");
++ err = listen(listen_sd, 1024);
++ SOCKET_ERR(err, "listen");
++
++ printf("Server ready. Listening to port '%d'.\n\n", PORT);
++
++ client_len = sizeof(sa_cli);
++ for (;;) {
++ session = initialize_tls_session();
++
++ sd = accept(listen_sd, (SA *) & sa_cli, &client_len);
++
++ printf("- connection from %s, port %d\n",
++ inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf,
++ sizeof(topbuf)), ntohs(sa_cli.sin_port));
++
++ gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) sd);
++ ret = gnutls_handshake(session);
++ if (ret < 0) {
++ close(sd);
++ gnutls_deinit(session);
++ fprintf(stderr, "*** Handshake has failed (%s)\n\n",
++ gnutls_strerror(ret));
++ continue;
++ }
++ printf("- Handshake was completed\n");
++
++ /* see the Getting peer's information example */
++ /* print_info(session); */
++
++ i = 0;
++ for (;;) {
++ bzero(buffer, MAX_BUF + 1);
++ ret = gnutls_record_recv(session, buffer, MAX_BUF);
++
++ if (ret == 0) {
++ printf("\n- Peer has closed the GNUTLS connection\n");
++ break;
++ } else if (ret < 0) {
++ fprintf(stderr, "\n*** Received corrupted "
++ "data(%d). Closing the connection.\n\n", ret);
++ break;
++ } else if (ret > 0) {
++ /* echo data back to the client
++ */
++ gnutls_record_send(session, buffer, strlen(buffer));
++ }
++ }
++ printf("\n");
++ /* do not wait for the peer to close the connection.
++ */
++ gnutls_bye(session, GNUTLS_SHUT_WR);
++
++ close(sd);
++ gnutls_deinit(session);
++
++ }
++ close(listen_sd);
++
++ gnutls_anon_free_client_credentials (anoncred);
++
++ gnutls_global_deinit();
++
++ return 0;
++
++}
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/gnutls-fix.patch?r1=1.3&r2=1.4&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
