removing dead extension code

src/daemon/https/x509/common.c

@@ -381,7 +381,7 @@ MHD__gnutls_x509_oid_data2string (const char *oid,
             }
           else
             {
-              result = MHD__gnutls_x509_data2hex (str, len, res, res_size);
+              result = MHD__gnutls_x509_data2hex ((const unsigned char*) str, len, (unsigned char*) res, res_size);
               if (result < 0)
                 {
                   MHD_gnutls_assert ();
@@ -425,8 +425,8 @@ MHD__gnutls_x509_data2hex (const opaque * data,
 
       if (out)
         {
-          strcpy (out, "#");
-          strcat (out, res);
+          strcpy ((char*) out, "#");
+          strcat ((char*) out, res);
         }
 
       return 0;
@@ -521,7 +521,7 @@ mktime_utc (const struct fake_tm *tm)
  * month|day|hour|minute|sec* (2 chars each)
  * and year is given. Returns a time_t date.
  */
-time_t
+static time_t
 MHD__gnutls_x509_time2gtime (const char *ttime, int year)
 {
   char xx[3];
@@ -588,7 +588,7 @@ MHD__gnutls_x509_time2gtime (const char *ttime, int year)
  *
  * (seconds are optional)
  */
-time_t
+static time_t
 MHD__gnutls_x509_utcTime2gtime (const char *ttime)
 {
   char xx[3];
@@ -614,44 +614,11 @@ MHD__gnutls_x509_utcTime2gtime (const char *ttime)
   return MHD__gnutls_x509_time2gtime (ttime, year);
 }
 
-/* returns a time value that contains the given time.
- * The given time is expressed as:
- * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)
- */
-int
-MHD__gnutls_x509_gtime2utcTime (time_t gtime, char *str_time, int str_time_size)
-{
-  size_t ret;
-
-#ifdef HAVE_GMTIME_R
-  struct tm _tm;
-
-  gmtime_r (&gtime, &_tm);
-
-  ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm);
-#else
-  struct tm *_tm;
-
-  _tm = gmtime (&gtime);
-
-  ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", _tm);
-#endif
-
-  if (!ret)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-
-  return 0;
-
-}
-
 /* returns a time_t value that contains the given time.
  * The given time is expressed as:
  * YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
  */
-time_t
+static time_t
 MHD__gnutls_x509_generalTime2gtime (const char *ttime)
 {
   char xx[5];
@@ -735,43 +702,6 @@ MHD__gnutls_x509_get_time (ASN1_TYPE c2, const char *when)
   return c_time;
 }
 
-/* Sets the time in time_t in the ASN1_TYPE given. Where should
- * be something like "tbsCertList.thisUpdate".
- */
-int
-MHD__gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim)
-{
-  char str_time[MAX_TIME];
-  char name[128];
-  int result, len;
-
-  MHD_gtls_str_cpy (name, sizeof (name), where);
-
-  if ((result = MHD__asn1_write_value (c2, name, "utcTime", 1)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = MHD__gnutls_x509_gtime2utcTime (tim, str_time, sizeof (str_time));
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  MHD_gtls_str_cat (name, sizeof (name), ".utcTime");
-
-  len = strlen (str_time);
-  result = MHD__asn1_write_value (c2, name, str_time, len);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  return 0;
-}
 
 MHD_gnutls_x509_subject_alt_name_t
 MHD__gnutls_x509_san_find_type (char *str_type)

src/daemon/https/x509/common.h

@@ -58,10 +58,6 @@
 #define SIG_GOST_R3410_94_OID "1.2.643.2.2.4"
 #define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3"
 
-time_t MHD__gnutls_x509_utcTime2gtime (const char *ttime);
-time_t MHD__gnutls_x509_generalTime2gtime (const char *ttime);
-int MHD__gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim);
-
 int MHD__gnutls_x509_decode_octet_string (const char *string_type,
                                       const opaque * der, size_t der_size,
                                       opaque * output, size_t * output_size);

src/daemon/https/x509/dn.c

@@ -273,7 +273,7 @@ MHD__gnutls_x509_parse_dn (ASN1_TYPE MHD__asn1_struct,
 
           if (!printable || result < 0)
             result =
-              MHD__gnutls_x509_data2hex (value2, len, string, &sizeof_string);
+              MHD__gnutls_x509_data2hex ((const unsigned char*) value2, len, (unsigned char*) string, &sizeof_string);
 
           if (result < 0)
             {
@@ -477,7 +477,7 @@ MHD__gnutls_x509_parse_dn_oid (ASN1_TYPE MHD__asn1_struct,
                                                     cbuf, sizeof_buf);
                   else
                     result =
-                      MHD__gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf);
+                      MHD__gnutls_x509_data2hex (buf, len, (unsigned char*) cbuf, sizeof_buf);
 
                   if (result < 0)
                     {

src/daemon/https/x509/extensions.c

@@ -259,191 +259,6 @@ MHD__gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert,
     }
 }
 
-/* This function will attempt to set the requested extension in
- * the given X509v3 certificate.
- *
- * Critical will be either 0 or 1.
- */
-static int
-set_extension (ASN1_TYPE asn, const char *extension_id,
-               const MHD_gnutls_datum_t * ext_data, unsigned int critical)
-{
-  int result;
-  const char *str;
-
-  /* Add a new extension in the list.
-   */
-  result = MHD__asn1_write_value (asn, "tbsCertificate.extensions", "NEW", 1);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  result =
-    MHD__asn1_write_value (asn, "tbsCertificate.extensions.?LAST.extnID",
-                      extension_id, 1);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  if (critical == 0)
-    str = "FALSE";
-  else
-    str = "TRUE";
-
-
-  result =
-    MHD__asn1_write_value (asn, "tbsCertificate.extensions.?LAST.critical",
-                      str, 1);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  result =
-    MHD__gnutls_x509_write_value (asn,
-                              "tbsCertificate.extensions.?LAST.extnValue",
-                              ext_data, 0);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  return 0;
-}
-
-/* Overwrite the given extension (using the index)
- * index here starts from one.
- */
-static int
-overwrite_extension (ASN1_TYPE asn, unsigned int indx,
-                     const MHD_gnutls_datum_t * ext_data, unsigned int critical)
-{
-  char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE];
-  const char *str;
-  int result;
-
-  snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u", indx);
-
-  if (critical == 0)
-    str = "FALSE";
-  else
-    str = "TRUE";
-
-  MHD_gtls_str_cpy (name2, sizeof (name2), name);
-  MHD_gtls_str_cat (name2, sizeof (name2), ".critical");
-
-  result = MHD__asn1_write_value (asn, name2, str, 1);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  MHD_gtls_str_cpy (name2, sizeof (name2), name);
-  MHD_gtls_str_cat (name2, sizeof (name2), ".extnValue");
-
-  result = MHD__gnutls_x509_write_value (asn, name2, ext_data, 0);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  return 0;
-}
-
-/* This function will attempt to overwrite the requested extension with
- * the given one.
- *
- * Critical will be either 0 or 1.
- */
-int
-MHD__gnutls_x509_crt_set_extension (MHD_gnutls_x509_crt_t cert,
-                                const char *ext_id,
-                                const MHD_gnutls_datum_t * ext_data,
-                                unsigned int critical)
-{
-  int result;
-  int k, len;
-  char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE];
-  char extnID[128];
-
-  /* Find the index of the given extension.
-   */
-  k = 0;
-  do
-    {
-      k++;
-
-      snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u", k);
-
-      len = sizeof (extnID) - 1;
-      result = MHD__asn1_read_value (cert->cert, name, extnID, &len);
-
-      /* move to next
-       */
-
-      if (result == ASN1_ELEMENT_NOT_FOUND)
-        {
-          break;
-        }
-
-      do
-        {
-
-          MHD_gtls_str_cpy (name2, sizeof (name2), name);
-          MHD_gtls_str_cat (name2, sizeof (name2), ".extnID");
-
-          len = sizeof (extnID) - 1;
-          result = MHD__asn1_read_value (cert->cert, name2, extnID, &len);
-
-          if (result == ASN1_ELEMENT_NOT_FOUND)
-            {
-              MHD_gnutls_assert ();
-              break;
-            }
-          else if (result != ASN1_SUCCESS)
-            {
-              MHD_gnutls_assert ();
-              return MHD_gtls_asn2err (result);
-            }
-
-          /* Handle Extension
-           */
-          if (strcmp (extnID, ext_id) == 0)
-            {
-              /* extension was found
-               */
-              return overwrite_extension (cert->cert, k, ext_data, critical);
-            }
-
-
-        }
-      while (0);
-    }
-  while (1);
-
-  if (result == ASN1_ELEMENT_NOT_FOUND)
-    {
-      return set_extension (cert->cert, ext_id, ext_data, critical);
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-
-  return 0;
-}
-
-
 /* Here we only extract the KeyUsage field, from the DER encoded
  * extension.
  */
@@ -520,7 +335,7 @@ MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
   if (pathLenConstraint)
     {
       result = MHD__gnutls_x509_read_uint (ext, "pathLenConstraint",
-                                       pathLenConstraint);
+					   (unsigned int*) pathLenConstraint);
       if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
         *pathLenConstraint = -1;
       else if (result != GNUTLS_E_SUCCESS)
@@ -544,552 +359,3 @@ MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
 
   return 0;
 }
-
-/* generate the basicConstraints in a DER encoded extension
- * Use 0 or 1 (TRUE) for CA.
- * Use negative values for pathLenConstraint to indicate that the field
- * should not be present, >= 0 to indicate set values.
- */
-int
-MHD__gnutls_x509_ext_gen_basicConstraints (int CA,
-                                       int pathLenConstraint,
-                                       MHD_gnutls_datum_t * der_ext)
-{
-  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
-  const char *str;
-  int result;
-
-  if (CA == 0)
-    str = "FALSE";
-  else
-    str = "TRUE";
-
-  result =
-    MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = MHD__asn1_write_value (ext, "cA", str, 1);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return MHD_gtls_asn2err (result);
-    }
-
-  if (pathLenConstraint < 0)
-    {
-      result = MHD__asn1_write_value (ext, "pathLenConstraint", NULL, 0);
-      if (result < 0)
-        result = MHD_gtls_asn2err (result);
-    }
-  else
-    result = MHD__gnutls_x509_write_uint32 (ext, "pathLenConstraint",
-                                        pathLenConstraint);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return result;
-    }
-
-  result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
-  MHD__asn1_delete_structure (&ext);
-
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  return 0;
-}
-
-/* generate the keyUsage in a DER encoded extension
- * Use an ORed SEQUENCE of GNUTLS_KEY_* for usage.
- */
-int
-MHD__gnutls_x509_ext_gen_keyUsage (uint16_t usage, MHD_gnutls_datum_t * der_ext)
-{
-  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
-  int result;
-  uint8_t str[2];
-
-  result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.KeyUsage", &ext);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  str[0] = usage & 0xff;
-  str[1] = usage >> 8;
-
-  result = MHD__asn1_write_value (ext, "", str, 9);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
-  MHD__asn1_delete_structure (&ext);
-
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  return 0;
-}
-
-static int
-write_new_general_name (ASN1_TYPE ext, const char *ext_name,
-                        MHD_gnutls_x509_subject_alt_name_t type,
-                        const char *data_string)
-{
-  const char *str;
-  int result;
-  char name[128];
-
-  result = MHD__asn1_write_value (ext, ext_name, "NEW", 1);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  switch (type)
-    {
-    case GNUTLS_SAN_DNSNAME:
-      str = "dNSName";
-      break;
-    case GNUTLS_SAN_RFC822NAME:
-      str = "rfc822Name";
-      break;
-    case GNUTLS_SAN_URI:
-      str = "uniformResourceIdentifier";
-      break;
-    case GNUTLS_SAN_IPADDRESS:
-      str = "iPAddress";
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  if (ext_name[0] == 0)
-    {                           /* no dot */
-      MHD_gtls_str_cpy (name, sizeof (name), "?LAST");
-    }
-  else
-    {
-      MHD_gtls_str_cpy (name, sizeof (name), ext_name);
-      MHD_gtls_str_cat (name, sizeof (name), ".?LAST");
-    }
-
-  result = MHD__asn1_write_value (ext, name, str, 1);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  MHD_gtls_str_cat (name, sizeof (name), ".");
-  MHD_gtls_str_cat (name, sizeof (name), str);
-
-  result = MHD__asn1_write_value (ext, name, data_string, strlen (data_string));
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return MHD_gtls_asn2err (result);
-    }
-
-  return 0;
-}
-
-/* Convert the given name to GeneralNames in a DER encoded extension.
- * This is the same as subject alternative name.
- */
-int
-MHD__gnutls_x509_ext_gen_subject_alt_name (MHD_gnutls_x509_subject_alt_name_t
-                                       type, const char *data_string,
-                                       MHD_gnutls_datum_t * der_ext)
-{
-  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
-  int result;
-
-  result =
-    MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.GeneralNames", &ext);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = write_new_general_name (ext, "", type, data_string);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return result;
-    }
-
-  result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
-  MHD__asn1_delete_structure (&ext);
-
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  return 0;
-}
-
-/* generate the SubjectKeyID in a DER encoded extension
- */
-int
-MHD__gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
-                             MHD_gnutls_datum_t * der_ext)
-{
-  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
-  int result;
-
-  result =
-    MHD__asn1_create_element (MHD__gnutls_get_pkix (),
-                         "PKIX1.SubjectKeyIdentifier", &ext);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = MHD__asn1_write_value (ext, "", id, id_size);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
-  MHD__asn1_delete_structure (&ext);
-
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  return 0;
-}
-
-/* generate the AuthorityKeyID in a DER encoded extension
- */
-int
-MHD__gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
-                                  MHD_gnutls_datum_t * der_ext)
-{
-  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
-  int result;
-
-  result =
-    MHD__asn1_create_element (MHD__gnutls_get_pkix (),
-                         "PKIX1.AuthorityKeyIdentifier", &ext);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = MHD__asn1_write_value (ext, "keyIdentifier", id, id_size);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return MHD_gtls_asn2err (result);
-    }
-
-  MHD__asn1_write_value (ext, "authorityCertIssuer", NULL, 0);
-  MHD__asn1_write_value (ext, "authorityCertSerialNumber", NULL, 0);
-
-  result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
-  MHD__asn1_delete_structure (&ext);
-
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  return 0;
-}
-
-
-/* Creates and encodes the CRL Distribution points. data_string should be a name
- * and type holds the type of the name.
- * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*.
- *
- */
-int
-MHD__gnutls_x509_ext_gen_crl_dist_points (MHD_gnutls_x509_subject_alt_name_t
-                                      type, const void *data_string,
-                                      unsigned int reason_flags,
-                                      MHD_gnutls_datum_t * der_ext)
-{
-  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
-  MHD_gnutls_datum_t gnames = { NULL, 0 };
-  int result;
-  uint8_t reasons[2];
-
-  reasons[0] = reason_flags & 0xff;
-  reasons[1] = reason_flags >> 8;
-
-  result =
-    MHD__asn1_create_element (MHD__gnutls_get_pkix (),
-                         "PKIX1.CRLDistributionPoints", &ext);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      result = MHD_gtls_asn2err (result);
-      goto cleanup;
-    }
-
-  result = MHD__asn1_write_value (ext, "", "NEW", 1);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      result = MHD_gtls_asn2err (result);
-      goto cleanup;
-    }
-
-  if (reason_flags)
-    {
-      result = MHD__asn1_write_value (ext, "?LAST.reasons", reasons, 9);
-      if (result != ASN1_SUCCESS)
-        {
-          MHD_gnutls_assert ();
-          result = MHD_gtls_asn2err (result);
-          goto cleanup;
-        }
-    }
-  else
-    {
-      result = MHD__asn1_write_value (ext, "?LAST.reasons", NULL, 0);
-      if (result != ASN1_SUCCESS)
-        {
-          MHD_gnutls_assert ();
-          result = MHD_gtls_asn2err (result);
-          goto cleanup;
-        }
-    }
-
-  result = MHD__asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      result = MHD_gtls_asn2err (result);
-      goto cleanup;
-    }
-
-  /* When used as type CHOICE.
-   */
-  result = MHD__asn1_write_value (ext, "?LAST.distributionPoint", "fullName", 1);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      result = MHD_gtls_asn2err (result);
-      goto cleanup;
-    }
-
-#if 0
-  /* only needed in old code (where defined as SEQUENCE OF) */
-  MHD__asn1_write_value (ext,
-                    "?LAST.distributionPoint.nameRelativeToCRLIssuer",
-                    NULL, 0);
-#endif
-
-  result =
-    write_new_general_name (ext, "?LAST.distributionPoint.fullName",
-                            type, data_string);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      goto cleanup;
-    }
-
-  result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      goto cleanup;
-    }
-
-  result = 0;
-
-cleanup:
-  MHD__gnutls_free_datum (&gnames);
-  MHD__asn1_delete_structure (&ext);
-
-  return result;
-}
-
-/* extract the proxyCertInfo from the DER encoded extension
- */
-int
-MHD__gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
-                                        char **policyLanguage,
-                                        char **policy,
-                                        size_t * sizeof_policy,
-                                        opaque * extnValue, int extnValueLen)
-{
-  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
-  int result;
-  MHD_gnutls_datum_t value;
-
-  if ((result = MHD__asn1_create_element
-       (MHD__gnutls_get_pkix (), "PKIX1.ProxyCertInfo", &ext)) != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = MHD__asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return MHD_gtls_asn2err (result);
-    }
-
-  if (pathLenConstraint)
-    {
-      result = MHD__gnutls_x509_read_uint (ext, "pCPathLenConstraint",
-                                       pathLenConstraint);
-      if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
-        *pathLenConstraint = -1;
-      else if (result != GNUTLS_E_SUCCESS)
-        {
-          MHD__asn1_delete_structure (&ext);
-          return MHD_gtls_asn2err (result);
-        }
-    }
-
-  result = MHD__gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage",
-                                    &value, 0);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return result;
-    }
-
-  if (policyLanguage)
-    *policyLanguage = MHD_gnutls_strdup (value.data);
-
-  result = MHD__gnutls_x509_read_value (ext, "proxyPolicy.policy", &value, 0);
-  if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
-    {
-      if (policy)
-        *policy = NULL;
-      if (sizeof_policy)
-        *sizeof_policy = 0;
-    }
-  else if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return result;
-    }
-  else
-    {
-      if (policy)
-        *policy = value.data;
-      if (sizeof_policy)
-        *sizeof_policy = value.size;
-    }
-
-  MHD__asn1_delete_structure (&ext);
-
-  return 0;
-}
-
-/* generate the proxyCertInfo in a DER encoded extension
- */
-int
-MHD__gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
-                                    const char *policyLanguage,
-                                    const char *policy,
-                                    size_t sizeof_policy,
-                                    MHD_gnutls_datum_t * der_ext)
-{
-  ASN1_TYPE ext = ASN1_TYPE_EMPTY;
-  int result;
-
-  result = MHD__asn1_create_element (MHD__gnutls_get_pkix (),
-                                "PKIX1.ProxyCertInfo", &ext);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  if (pathLenConstraint < 0)
-    {
-      result = MHD__asn1_write_value (ext, "pCPathLenConstraint", NULL, 0);
-      if (result < 0)
-        result = MHD_gtls_asn2err (result);
-    }
-  else
-    result = MHD__gnutls_x509_write_uint32 (ext, "pCPathLenConstraint",
-                                        pathLenConstraint);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return result;
-    }
-
-  result = MHD__asn1_write_value (ext, "proxyPolicy.policyLanguage",
-                             policyLanguage, 1);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = MHD__asn1_write_value (ext, "proxyPolicy.policy",
-                             policy, sizeof_policy);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&ext);
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0);
-
-  MHD__asn1_delete_structure (&ext);
-
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  return 0;
-}

src/daemon/https/x509/extensions.h

@@ -36,33 +36,3 @@ int MHD__gnutls_x509_ext_extract_basicConstraints (int *CA,
                                                int *pathLenConstraint,
                                                opaque * extnValue,
                                                int extnValueLen);
-int MHD__gnutls_x509_crt_set_extension (MHD_gnutls_x509_crt_t cert,
-                                    const char *extension_id,
-                                    const MHD_gnutls_datum_t * ext_data,
-                                    unsigned int critical);
-int MHD__gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
-                                           MHD_gnutls_datum_t * der_ext);
-int MHD__gnutls_x509_ext_gen_keyUsage (uint16_t usage, MHD_gnutls_datum_t * der_ext);
-int MHD__gnutls_x509_ext_gen_subject_alt_name (MHD_gnutls_x509_subject_alt_name_t
-                                           type, const char *data_string,
-                                           MHD_gnutls_datum_t * der_ext);
-int MHD__gnutls_x509_ext_gen_crl_dist_points (MHD_gnutls_x509_subject_alt_name_t
-                                          type, const void *data_string,
-                                          unsigned int reason_flags,
-                                          MHD_gnutls_datum_t * der_ext);
-int MHD__gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
-                                 MHD_gnutls_datum_t * der_data);
-int MHD__gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
-                                      MHD_gnutls_datum_t * der_data);
-
-int MHD__gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
-                                            char **policyLanguage,
-                                            char **policy,
-                                            size_t * sizeof_policy,
-                                            opaque * extnValue,
-                                            int extnValueLen);
-int MHD__gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
-                                        const char *policyLanguage,
-                                        const char *policy,
-                                        size_t sizeof_policy,
-                                        MHD_gnutls_datum_t * der_ext);

src/daemon/https/x509/sign.c

@@ -103,7 +103,7 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash,
     }
 
   info->size = 0;
-  MHD__asn1_der_coding (dinfo, "", NULL, &info->size, NULL);
+  MHD__asn1_der_coding (dinfo, "", NULL, (int*) &info->size, NULL);
 
   info->data = MHD_gnutls_malloc (info->size);
   if (info->data == NULL)
@@ -113,7 +113,7 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash,
       return GNUTLS_E_MEMORY_ERROR;
     }
 
-  result = MHD__asn1_der_coding (dinfo, "", info->data, &info->size, NULL);
+  result = MHD__asn1_der_coding (dinfo, "", info->data, (int*) &info->size, NULL);
   if (result != ASN1_SUCCESS)
     {
       MHD_gnutls_assert ();
@@ -185,7 +185,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash,
  * 'signature' will hold the signature!
  * 'hash' is only used in PKCS1 RSA signing.
  */
-int
+static int
 MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs,
                    enum MHD_GNUTLS_HashAlgorithm hash,
                    MHD_gnutls_x509_privkey_t signer, MHD_gnutls_datum_t * signature)
@@ -255,93 +255,5 @@ MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name,
   return result;
 }
 
-/*-
- * MHD__gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key
- * @src: should contain an ASN1_TYPE
- * @issuer: is the certificate of the certificate issuer
- * @issuer_key: holds the issuer's private key
- *
- * This function will sign a CRL or a certificate with the issuer's private key, and
- * will copy the issuer's information into the CRL or certificate.
- *
- * Returns 0 on success.
- *
- -*/
-int
-MHD__gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
-                        enum MHD_GNUTLS_HashAlgorithm dig,
-                        MHD_gnutls_x509_crt_t issuer,
-                        MHD_gnutls_x509_privkey_t issuer_key)
-{
-  int result;
-  MHD_gnutls_datum_t signature;
-  char name[128];
-
-  /* Step 1. Copy the issuer's name into the certificate.
-   */
-  MHD_gtls_str_cpy (name, sizeof (name), src_name);
-  MHD_gtls_str_cat (name, sizeof (name), ".issuer");
-
-  result = MHD__asn1_copy_node (src, name, issuer->cert, "tbsCertificate.subject");
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  /* Step 1.5. Write the signature stuff in the tbsCertificate.
-   */
-  MHD_gtls_str_cpy (name, sizeof (name), src_name);
-  MHD_gtls_str_cat (name, sizeof (name), ".signature");
-
-  result = MHD__gnutls_x509_write_sig_params (src, name,
-                                          issuer_key->pk_algorithm, dig,
-                                          issuer_key->params,
-                                          issuer_key->params_size);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  /* Step 2. Sign the certificate.
-   */
-  result = MHD__gnutls_x509_sign_tbs (src, src_name, dig, issuer_key, &signature);
-
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  /* write the signature (bits)
-   */
-  result =
-    MHD__asn1_write_value (src, "signature", signature.data, signature.size * 8);
-
-  MHD__gnutls_free_datum (&signature);
-
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  /* Step 3. Move up and write the AlgorithmIdentifier, which is also
-   * the same.
-   */
-
-  result = MHD__gnutls_x509_write_sig_params (src, "signatureAlgorithm",
-                                          issuer_key->pk_algorithm, dig,
-                                          issuer_key->params,
-                                          issuer_key->params_size);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  return 0;
-}
 
 #endif

src/daemon/https/x509/sign.h

@@ -22,15 +22,7 @@
  *
  */
 
-int MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs,
-                       enum MHD_GNUTLS_HashAlgorithm hash,
-                       MHD_gnutls_x509_privkey_t signer,
-                       MHD_gnutls_datum_t * signature);
 int MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name,
                            enum MHD_GNUTLS_HashAlgorithm hash,
                            MHD_gnutls_x509_privkey_t signer,
                            MHD_gnutls_datum_t * signature);
-int MHD__gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
-                            enum MHD_GNUTLS_HashAlgorithm,
-                            MHD_gnutls_x509_crt_t issuer,
-                            MHD_gnutls_x509_privkey_t issuer_key);

src/daemon/https/x509/x509.h

@@ -92,33 +92,9 @@ extern "C"
   int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert,
                               const MHD_gnutls_datum_t * data,
                               MHD_gnutls_x509_crt_fmt_t format);
-  int MHD_gnutls_x509_crt_list_import (MHD_gnutls_x509_crt_t * certs,
-                                   unsigned int *cert_max,
-                                   const MHD_gnutls_datum_t * data,
-                                   MHD_gnutls_x509_crt_fmt_t format,
-                                   unsigned int flags);
   int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert,
                               MHD_gnutls_x509_crt_fmt_t format,
                               void *output_data, size_t * output_data_size);
-  int MHD_gnutls_x509_crt_get_issuer_dn (MHD_gnutls_x509_crt_t cert,
-                                     char *buf, size_t * sizeof_buf);
-  int MHD_gnutls_x509_crt_get_issuer_dn_oid (MHD_gnutls_x509_crt_t cert,
-                                         int indx,
-                                         void *oid, size_t * sizeof_oid);
-  int MHD_gnutls_x509_crt_get_issuer_dn_by_oid (MHD_gnutls_x509_crt_t cert,
-                                            const char *oid,
-                                            int indx,
-                                            unsigned int raw_flag,
-                                            void *buf, size_t * sizeof_buf);
-  int MHD_gnutls_x509_crt_get_dn (MHD_gnutls_x509_crt_t cert,
-                              char *buf, size_t * sizeof_buf);
-  int MHD_gnutls_x509_crt_get_dn_oid (MHD_gnutls_x509_crt_t cert,
-                                  int indx, void *oid, size_t * sizeof_oid);
-  int MHD_gnutls_x509_crt_get_dn_by_oid (MHD_gnutls_x509_crt_t cert,
-                                     const char *oid,
-                                     int indx,
-                                     unsigned int raw_flag,
-                                     void *buf, size_t * sizeof_buf);
   int MHD_gnutls_x509_crt_check_hostname (MHD_gnutls_x509_crt_t cert,
                                       const char *hostname);
 
@@ -126,22 +102,6 @@ extern "C"
   int MHD_gnutls_x509_crt_get_signature (MHD_gnutls_x509_crt_t cert,
                                      char *sig, size_t * sizeof_sig);
   int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert);
-  int MHD_gnutls_x509_crt_get_key_id (MHD_gnutls_x509_crt_t crt,
-                                  unsigned int flags,
-                                  unsigned char *output_data,
-                                  size_t * output_data_size);
-
-  int MHD_gnutls_x509_crt_set_authority_key_id (MHD_gnutls_x509_crt_t cert,
-                                            const void *id, size_t id_size);
-  int MHD_gnutls_x509_crt_get_authority_key_id (MHD_gnutls_x509_crt_t cert,
-                                            void *ret,
-                                            size_t * ret_size,
-                                            unsigned int *critical);
-
-  int MHD_gnutls_x509_crt_get_subject_key_id (MHD_gnutls_x509_crt_t cert,
-                                          void *ret,
-                                          size_t * ret_size,
-                                          unsigned int *critical);
 
 #define GNUTLS_CRL_REASON_UNUSED 128
 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
@@ -153,20 +113,6 @@ extern "C"
 #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
 #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
 
-  int MHD_gnutls_x509_crt_get_crl_dist_points (MHD_gnutls_x509_crt_t cert,
-                                           unsigned int seq,
-                                           void *ret,
-                                           size_t * ret_size,
-                                           unsigned int *reason_flags,
-                                           unsigned int *critical);
-  int MHD_gnutls_x509_crt_set_crl_dist_points (MHD_gnutls_x509_crt_t crt,
-                                           MHD_gnutls_x509_subject_alt_name_t
-                                           type,
-                                           const void *data_string,
-                                           unsigned int reason_flags);
-  int MHD_gnutls_x509_crt_cpy_crl_dist_points (MHD_gnutls_x509_crt_t dst,
-                                           MHD_gnutls_x509_crt_t src);
-
   time_t MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert);
   time_t MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert);
   int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert,
@@ -174,36 +120,13 @@ extern "C"
 
   int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert,
                                         unsigned int *bits);
-  int MHD_gnutls_x509_crt_get_pk_rsa_raw (MHD_gnutls_x509_crt_t crt,
-                                      MHD_gnutls_datum_t * m, MHD_gnutls_datum_t * e);
-  int MHD_gnutls_x509_crt_get_pk_dsa_raw (MHD_gnutls_x509_crt_t crt,
-                                      MHD_gnutls_datum_t * p,
-                                      MHD_gnutls_datum_t * q,
-                                      MHD_gnutls_datum_t * g, MHD_gnutls_datum_t * y);
-
   int MHD_gnutls_x509_crt_get_subject_alt_name (MHD_gnutls_x509_crt_t cert,
                                             unsigned int seq,
                                             void *ret,
                                             size_t * ret_size,
                                             unsigned int *critical);
-  int MHD_gnutls_x509_crt_get_subject_alt_name2 (MHD_gnutls_x509_crt_t cert,
-                                             unsigned int seq,
-                                             void *ret,
-                                             size_t * ret_size,
-                                             unsigned int *ret_type,
-                                             unsigned int *critical);
-
-  int MHD_gnutls_x509_crt_get_subject_alt_othername_oid (MHD_gnutls_x509_crt_t cert,
-                                                     unsigned int seq,
-                                                     void *ret,
-                                                     size_t * ret_size);
-
   int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert,
                                      unsigned int *critical);
-  int MHD_gnutls_x509_crt_get_basic_constraints (MHD_gnutls_x509_crt_t cert,
-                                             unsigned int *critical,
-                                             int *ca, int *pathlen);
-
 /* The key_usage flags are defined in gnutls.h. They are the
  * GNUTLS_KEY_* definitions.
  */
@@ -213,34 +136,9 @@ extern "C"
   int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt,
                                      unsigned int usage);
 
-  int MHD_gnutls_x509_crt_get_proxy (MHD_gnutls_x509_crt_t cert,
-                                 unsigned int *critical,
-                                 int *pathlen,
-                                 char **policyLanguage,
-                                 char **policy, size_t * sizeof_policy);
-
   int MHD_gnutls_x509_dn_oid_known (const char *oid);
 
-/* Read extensions by OID. */
-  int MHD_gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert,
-                                         int indx,
-                                         void *oid, size_t * sizeof_oid);
-  int MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert,
-                                            const char *oid,
-                                            int indx,
-                                            void *buf,
-                                            size_t * sizeof_buf,
-                                            unsigned int *critical);
-
 /* Read extensions by sequence number. */
-  int MHD_gnutls_x509_crt_get_extension_info (MHD_gnutls_x509_crt_t cert,
-                                          int indx,
-                                          void *oid,
-                                          size_t * sizeof_oid, int *critical);
-  int MHD_gnutls_x509_crt_get_extension_data (MHD_gnutls_x509_crt_t cert,
-                                          int indx,
-                                          void *data, size_t * sizeof_data);
-
   int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt,
                                             const char *oid,
                                             const void *buf,
@@ -344,12 +242,6 @@ extern "C"
 
   int MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert,
                                    MHD_gnutls_x509_dn_t * dn);
-  int MHD_gnutls_x509_crt_get_issuer (MHD_gnutls_x509_crt_t cert,
-                                  MHD_gnutls_x509_dn_t * dn);
-  int MHD_gnutls_x509_dn_get_rdn_ava (MHD_gnutls_x509_dn_t dn,
-                                  int irdn,
-                                  int iava, MHD_gnutls_x509_ava_st * avast);
-
 /* CRL handling functions.
  */
   int MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl);
@@ -362,8 +254,6 @@ extern "C"
                               MHD_gnutls_x509_crt_fmt_t format,
                               void *output_data, size_t * output_data_size);
 
-  int MHD_gnutls_x509_crl_get_issuer_dn (const MHD_gnutls_x509_crl_t crl,
-                                     char *buf, size_t * sizeof_buf);
   int MHD_gnutls_x509_crl_get_issuer_dn_by_oid (MHD_gnutls_x509_crl_t crl,
                                             const char *oid,
                                             int indx,
@@ -508,21 +398,6 @@ extern "C"
                                         const MHD_gnutls_x509_crl_t *
                                         crl_list, int crl_list_length);
 
-  int MHD_gnutls_x509_crt_get_fingerprint (MHD_gnutls_x509_crt_t cert,
-                                       enum MHD_GNUTLS_HashAlgorithm algo,
-                                       void *buf, size_t * sizeof_buf);
-
-  int MHD_gnutls_x509_crt_get_key_purpose_oid (MHD_gnutls_x509_crt_t cert,
-                                           int indx,
-                                           void *oid,
-                                           size_t * sizeof_oid,
-                                           unsigned int *critical);
-  int MHD_gnutls_x509_crt_set_key_purpose_oid (MHD_gnutls_x509_crt_t cert,
-                                           const void *oid,
-                                           unsigned int critical);
-
-/* Private key handling.
- */
 
 /* Flags for the MHD_gnutls_x509_privkey_export_pkcs8() function.
  */
@@ -601,10 +476,6 @@ extern "C"
                                        unsigned int flags,
                                        const MHD_gnutls_datum_t * data,
                                        const MHD_gnutls_datum_t * signature);
-  int MHD_gnutls_x509_crt_verify_data (MHD_gnutls_x509_crt_t crt,
-                                   unsigned int flags,
-                                   const MHD_gnutls_datum_t * data,
-                                   const MHD_gnutls_datum_t * signature);
 
 /* Certificate request stuff.
  */
@@ -753,8 +624,6 @@ int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert,
 int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert,
                                       unsigned int *bits);
 
-int MHD__gnutls_x509_crt_cpy (MHD_gnutls_x509_crt_t dest, MHD_gnutls_x509_crt_t src);
-
 int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert,
                                 void *result, size_t * result_size);