=== removed file 'bad-ca.pem' --- bad-ca.pem 2007-10-20 21:38:25 +0000 +++ bad-ca.pem 1970-01-01 00:00:00 +0000 @@ -1,40 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHCDCCBPCgAwIBAgIJAOCeaR840z9tMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD -VQQGEwJTRTELMAkGA1UECBMCQkwxEzARBgNVBAcTCkthcmxza3JvbmExFTATBgNV -BAoTDEV2aWwgbW9ua2V5czEUMBIGA1UECxMLRXZpbCB3ZSBhcmUxEzARBgNVBAMT -CmludmFsaWQgQ0ExHDAaBgkqhkiG9w0BCQEWDWV2aWxAY2VydC5iYWQwHhcNMDcx -MDE2MTM1ODU5WhcNMTcxMDEzMTM1ODU5WjCBjzELMAkGA1UEBhMCU0UxCzAJBgNV -BAgTAkJMMRMwEQYDVQQHEwpLYXJsc2tyb25hMRUwEwYDVQQKEwxFdmlsIG1vbmtl -eXMxFDASBgNVBAsTC0V2aWwgd2UgYXJlMRMwEQYDVQQDEwppbnZhbGlkIENBMRww -GgYJKoZIhvcNAQkBFg1ldmlsQGNlcnQuYmFkMIICIjANBgkqhkiG9w0BAQEFAAOC -Ag8AMIICCgKCAgEA25V8NcAgmofl+dcL1WRMsw98Ma5zU7ZsEL1Es8l1GVq5KUnn -LcrVoD2RvgDK28AWwlg0vvlRb652oAlbUdfMIbqrPzgY98LpXZpSWYtSWR8l/lIw -XC67HScxlGGQSXa1ikat4F2/TYuTMgaqhX3xpsHfANqFzucCjHb+CvSUfSKMHmUc -lmfxFGZaOHlDhF2uw1PGlhBpEu0JNMEkH+DiT0XSDNu+TPWqRKPYwoY1kHyVkfi0 -hSVSrULHwGHdKcKS2QGScQmNNgkhtXFEdYWaQNVoE48R8mUHHA7OdtwGpVMickDe -EzdZNQTI7/y1fa1wyGgMM8Vd8XFis5+ynCsjO1LJFrieObsu1UAr09eujaqMJeGi -LubtSY3AarxUuJsgV5hvqnFnwyEQVvLDJ7BVREXTREelY93xvEr1kWHYvuv1+7iF -uTHQqYbpGDzYAI2KVCrn/uRBKuaJ2eFZXuQ2Ag9TuS7hwgf2OynFwd6qhUzNzO9Y -Q9dtmcXuGGJsK8L1kwlMm6Mr+Qg+WvsWQLcuSSL/6D8uF1Y22EdZXNBNFcY8dY/j -JcXgdbYd9ugsBpRgkF/6Oi0bwXYS8alebP5t+XDNrONy8AwjzOmu2mf0kuwcOvoj -GvEE8UyS/iE6H3dc0phQ76VLJMGtlN8gXklo++JFGi4w/UJ4l9rw3ejckAkCAwEA -AaOCAWMwggFfMB0GA1UdDgQWBBSvCm4Xh0lucON3WqKrCK1orNs8KjCBxAYDVR0j -BIG8MIG5gBSvCm4Xh0lucON3WqKrCK1orNs8KqGBlaSBkjCBjzELMAkGA1UEBhMC -U0UxCzAJBgNVBAgTAkJMMRMwEQYDVQQHEwpLYXJsc2tyb25hMRUwEwYDVQQKEwxF -dmlsIG1vbmtleXMxFDASBgNVBAsTC0V2aWwgd2UgYXJlMRMwEQYDVQQDEwppbnZh -bGlkIENBMRwwGgYJKoZIhvcNAQkBFg1ldmlsQGNlcnQuYmFkggkA4J5pHzjTP20w -DwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAQYwCQYDVR0SBAIwADAe -BglghkgBhvhCAQ0EERYPV2UgYXJlIGFsbCBldmlsMBgGA1UdEQQRMA+BDWV2aWxA -Y2VydC5iYWQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4ICAQAnhOba -piEEs423K1qkhsJsywN0MhHbo0ZpwpEq1ZX5llEukTs3Xwb7PCNvUBInlFKbCGQu -P68YK7MoZPWkMhYCR7rrvBH1xZiqOpDCt+rQtRnEd6mtefAtbBidzOu4Go4HmYl8 -D280pXmBeNYdqH4O8K+AR+f3ZJprTny9pUw3cW6viAAIjDi15y3HGEsy/9S2dt7q -BkA941Ke9ZFvXIJusEqc/HRCGSaTKU4SSmgh/0RbYikb4/O/JNW39Q383bdab4eo -gOPXlgylYh/ZdjnVJ+M3K1LbRReT1MeI+lctMNEGBpDvgo1j+nStO87hXyomQC8v -pX/3KDa9+PnoLeinuUbaZd8IMm47fj+mdolPY6+1FCCkk8B1RC/fKif1OMqwcVEQ -ySUi017BBFQuNwimQUX2Kug2S9cGEPRMrkmIOCAIEDJA+LvczAbD+YOsJXEJyTSe -0skMVAz5MwaL9fp4mnWYeBVsNI/MJdCtGIdu4kCEZkIeeBJbtP4Xp1BxDTbd+LDV -WtUKexWfGJqAWfRp72cJy++QsSr1fn+aa07Hjlz0QYvKkY/ikTLV53uZzCie2mfN -cOgSgOvc+9BAyiDe4JE8kf2PW5Yqbx8hcumeIHQV0XsQcaEqUYt9NjxXOlUQJZua -YECR0qG15JD8TKJzZ6pLeK882aYvlBa0CN2png== ------END CERTIFICATE----- === removed file 'bad-cert.pem' --- bad-cert.pem 2007-10-20 21:38:25 +0000 +++ bad-cert.pem 1970-01-01 00:00:00 +0000 @@ -1,40 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIG/zCCBOegAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCU0Ux -CzAJBgNVBAgTAkJMMRMwEQYDVQQHEwpLYXJsc2tyb25hMRUwEwYDVQQKEwxFdmls -IG1vbmtleXMxFDASBgNVBAsTC0V2aWwgd2UgYXJlMRMwEQYDVQQDEwppbnZhbGlk -IENBMRwwGgYJKoZIhvcNAQkBFg1ldmlsQGNlcnQuYmFkMB4XDTA3MTAxNjE0NDQ1 -NVoXDTA4MTAxNTE0NDQ1NVowgYoxCzAJBgNVBAYTAlNFMQswCQYDVQQIEwJCTDET -MBEGA1UEBxMKS2FybHNrcm9uYTEVMBMGA1UEChMMRXZpbCBtb25rZXlzMRQwEgYD -VQQLEwtFdmlsIHdlIGFyZTEQMA4GA1UEAxQHYmFkX3NydjEaMBgGCSqGSIb3DQEJ -ARYLYmFkQHNydi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr -wxupCaTuPevXGPEKtAyOR/TGlWC8rlEhKCUCaYGiXZdXBQRkBIdhGxIysp4Klz3h -eXGOf8+z3RvTGyfLm93xYjx+t6c6UaTRUwb7blRHZS7ps+LmjbfyrPoPHMzZaoP+ -iUmA4xsJQMqJyco9nKRdsXDOfGyaSrf0gzXqns2J1bpwZ1cuAT/PRiucK8Ka8ELv -gucCoTfSs2YYxLAV7eP791+YilxCt9BEXnDrQQln9u6YKB4qZ/sH5UPN6meKN35q -Q7y/QseqHG9Ha9xxlj7+UjrbDRFyw62Usi2AujJ93LDAalQYC5Ap4QKF/SzyOvLP -4eKCYVukuB+dZ5VNcT1swcJe0GIDxw/S1PGqa4RLTeGkDCZJMbzmOl7I8Pp/2A2r -IGQjAsr71e3dSInkw20LF1XbYbCYF1JCuwMw/y4MFddfV6ndxs3wBOMhFNPucqio -gw8FYK92I8AAerFltCqcmyt8Ni5ykOxrrF5lf5a3oq4rM/7nLwcoROLggcCBWg54 -uhuqII3v7X5mIOUg1H041l/dc1lqFqPHy3faXuWnBU0WyFiWKNoHNxG94tHhf/RD -uw+Ts9x3gasQFdlEy4ltTUHhfmw+hM3WLJ7N7+LYFs242+u6WnKjBQLU3oeQMPxp -xPFVnVhT/3awHIxzCeKaTZMwk3XVykQ4vHtavu6tGwIDAQABo4IBZzCCAWMwCQYD -VR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwKwYJYIZIAYb4QgENBB4WHFRpbnlD -QSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIu8dJhoq/SqEs/TLbGg -KNP7l/NFMIHEBgNVHSMEgbwwgbmAFK8KbheHSW5w43daoqsIrWis2zwqoYGVpIGS -MIGPMQswCQYDVQQGEwJTRTELMAkGA1UECBMCQkwxEzARBgNVBAcTCkthcmxza3Jv -bmExFTATBgNVBAoTDEV2aWwgbW9ua2V5czEUMBIGA1UECxMLRXZpbCB3ZSBhcmUx -EzARBgNVBAMTCmludmFsaWQgQ0ExHDAaBgkqhkiG9w0BCQEWDWV2aWxAY2VydC5i -YWSCCQDgnmkfONM/bTAYBgNVHRIEETAPgQ1ldmlsQGNlcnQuYmFkMBYGA1UdEQQP -MA2BC2JhZEBzcnYuY29tMA0GCSqGSIb3DQEBBQUAA4ICAQA9nM7aQHtkx0ykgW1U -yJOzB/oEnUfM4NBl8oTicMv+tao8bobohCRBED6yEyjj9TUyqpJzB++fqkyj3sTM -+lTAPyco3Ptt41qP80xoRVUU9THeRIW7/1PKmuZvi0MUoqJ7KHtwQYRVWzIdCgR1 -CTSlCHPKG2PoCkzFMZq+j7f1z4voXDCaC1QJ2ArjNWZUII3SW+WEhEMjiPQEVSNv -ngPpZRQ9atoVI8MvVeAoKDCFYd7lAM8cUN1BaHejOpHawgPp73nSFHMC7Xm7roVI -8KecZHsoPskhS1jB3+TZTIMLyVQTADmqZ/yLTIYbl4/24NvTkWSYvKvuLcZn0m3a -xTmW6VeXsHlQxKkevh9Y61zB0aBnA2NaWW+/cKODEbZytjEee5yG6ZF1KriS2wCx -6hREiOlZ7ad8iX/b/SNgtZQyhZe9adotRX3+q2Uini9pRYILrQzDkq+xkzMZam+G -Hcdsc9y7JAmz69nDdD7mYR+I7lf3H23IDlma64KC5U5JnCxVoUVHZw7BemeM1E1D -v2vUH9SSbi9tu58wjEYTMOkk+qtDcUR7Ju4aCUJFeG9SXCQSPX+PrMZByGODlEEx -Vl8eDAShiUt2yUwg4wzIpH94K0df+TC0PfYmr6goim7ewIhcUzb2SPkN5X+VDkKA -EHN2JwZCBCN2fo+4r+CfOZm23g== ------END CERTIFICATE----- === removed file 'bad-client-cert.pem' --- bad-client-cert.pem 2007-10-20 21:38:25 +0000 +++ bad-client-cert.pem 1970-01-01 00:00:00 +0000 @@ -1,40 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHEjCCBPqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCU0Ux -CzAJBgNVBAgTAkJMMRMwEQYDVQQHEwpLYXJsc2tyb25hMRUwEwYDVQQKEwxFdmls -IG1vbmtleXMxFDASBgNVBAsTC0V2aWwgd2UgYXJlMRMwEQYDVQQDEwppbnZhbGlk -IENBMRwwGgYJKoZIhvcNAQkBFg1ldmlsQGNlcnQuYmFkMB4XDTA3MTAxNjEzNTk0 -MVoXDTA4MTAxNTEzNTk0MVowgY4xCzAJBgNVBAYTAlNFMQswCQYDVQQIEwJCTDET -MBEGA1UEBxMKS2FybHNrcm9uYTEVMBMGA1UEChMMRXZpbCBtb25rZXlzMRQwEgYD -VQQLEwtFdmlsIHdlIGFyZTESMBAGA1UEAxQJRXZpbF9jZXJ0MRwwGgYJKoZIhvcN -AQkBFg1ldmlsQGNlcnQuYmFkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC -AgEA59+lmXRec7Ro/SWlcw8UVpFS4U/ITlGtyd8mjyfVekY69A7gtC5s7cp/YHTe -OTB6piYcSmzADeaugNzz7Jg95bw9uBY+QcckTD3E06CjkRX27NTOY+0g2r1nlSdg -+ceYLHv6FmE9vE7cSDXWFCs0EuI39l0SiSQVqaeT2g9QY/f6L9FnZQnQz5USZqcc -g4ojYblybyi6dKQs8ToLicszBWwq9LyaFncq64df4rUINZSUzwHG3on5zJ6yYgpG -LWq6NSpAzjP1xk73aZqrj9J4eb9TTpgDiHwsdnoDsPeneTsJvyMlYJjEoP1KA0Sz -HDuO99BHU3GfprhCnXHzZL6LvfWO4A8oRI3To6zeTNOITL+SNfPLXvF5JQTAFHMU -6ZXUgXlOk9NLQ0KXmyaANurFAIcAmcPuf2NhWfd92ZlCbe9ZMVEe49WwvCVP8QrZ -Tk5O3xQ1ycd7Np5oyaDc+FT3VSPXpuMEV6BzVXB5/MEgSb+oVM3kC14lXQRj3G9T -9yvBXr5iNdgq4Mf2jmxsG9m/HhYzLsq05bqyHrHTmanWIxPsHy0Xk2bx9As3K7rd -O55ZRVVkAFPClv2wyLcHlVaUsL5zcM/l910wY8Wp46nidDujMbYwC6t+07FhoCiY -O/p3urT8zKa10R1hjcEjvmHnDzIaICk2U1cb82DKQfGdc+sCAwEAAaOCAXYwggFy -MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgSwMCsGCWCGSAGG+EIBDQQeFhxU -aW55Q0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRpk+NyHyWMbmj7 -6oQgWKpZLnMcTzCBxAYDVR0jBIG8MIG5gBSvCm4Xh0lucON3WqKrCK1orNs8KqGB -laSBkjCBjzELMAkGA1UEBhMCU0UxCzAJBgNVBAgTAkJMMRMwEQYDVQQHEwpLYXJs -c2tyb25hMRUwEwYDVQQKEwxFdmlsIG1vbmtleXMxFDASBgNVBAsTC0V2aWwgd2Ug -YXJlMRMwEQYDVQQDEwppbnZhbGlkIENBMRwwGgYJKoZIhvcNAQkBFg1ldmlsQGNl -cnQuYmFkggkA4J5pHzjTP20wGAYDVR0SBBEwD4ENZXZpbEBjZXJ0LmJhZDAYBgNV -HREEETAPgQ1ldmlsQGNlcnQuYmFkMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQUF -AAOCAgEAUPoa11yhVE6+/8TMhpNbderJ5ptfzBLbOEqBg4MW+w6lQTRcRuTL0YbC -J0lQahID0BxCiWxdNUoLj9BkiE2DpKDTcK/KKS7zxfdmlUmavbfNIPLxYXFsc3OG -eUbC0sG1YdsSc4JZTPBI5bwvIzED3/fJnvA4LNmmLeF/b+3wGY94IhhIZzXsW0KF -7nx3Rq7er6mom22Xwmc/xYrl+jqrzqEQjIVMtOPO77e44Gr9A1vZ5CM28WS+Fv43 -TDGoeB5y93uyjw8DjTtW2de1xb40CBAr/qmgIvFDxB3SpuXXPjoOarDckOS4rE0R -kinp/h7ddeOZsMEujsVGhNKx41pjUpnPAJzqHWC6fkwOyzDL6EjbwCQH6fJZb4/H -grLyhVrqMRQofRSdRc2dspF3OdIXlkjhZeohfAT3gXuchjyGijL4YXiu/X/Zdhxz -rpE+Og0FA9sZX1Lzv4xH3XjZWR9I+JzHe0ih3Lyt7UQpo1G95F2cmETrEyQrNxiD -56nz3G2x03btchbVM7AwEZ7T5F9gf2YZ2yXlvmvvoSM8qcG2+j6v1PPydCXaCviw -SOwIUYcAS/P/YDapMaUuImmbs+ZMeECi/052slB7lZdNzWit1Nw+cHgevHz2lX5p -pjPOT9FWd+w4+ebiww4BOK04X8h9zbb+4mn4dCitKdiEpVhGR9w= ------END CERTIFICATE----- === removed file 'bad-client-key.pem' --- bad-client-key.pem 2007-10-20 21:38:25 +0000 +++ bad-client-key.pem 1970-01-01 00:00:00 +0000 @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEA59+lmXRec7Ro/SWlcw8UVpFS4U/ITlGtyd8mjyfVekY69A7g -tC5s7cp/YHTeOTB6piYcSmzADeaugNzz7Jg95bw9uBY+QcckTD3E06CjkRX27NTO -Y+0g2r1nlSdg+ceYLHv6FmE9vE7cSDXWFCs0EuI39l0SiSQVqaeT2g9QY/f6L9Fn -ZQnQz5USZqccg4ojYblybyi6dKQs8ToLicszBWwq9LyaFncq64df4rUINZSUzwHG -3on5zJ6yYgpGLWq6NSpAzjP1xk73aZqrj9J4eb9TTpgDiHwsdnoDsPeneTsJvyMl -YJjEoP1KA0SzHDuO99BHU3GfprhCnXHzZL6LvfWO4A8oRI3To6zeTNOITL+SNfPL -XvF5JQTAFHMU6ZXUgXlOk9NLQ0KXmyaANurFAIcAmcPuf2NhWfd92ZlCbe9ZMVEe -49WwvCVP8QrZTk5O3xQ1ycd7Np5oyaDc+FT3VSPXpuMEV6BzVXB5/MEgSb+oVM3k -C14lXQRj3G9T9yvBXr5iNdgq4Mf2jmxsG9m/HhYzLsq05bqyHrHTmanWIxPsHy0X -k2bx9As3K7rdO55ZRVVkAFPClv2wyLcHlVaUsL5zcM/l910wY8Wp46nidDujMbYw -C6t+07FhoCiYO/p3urT8zKa10R1hjcEjvmHnDzIaICk2U1cb82DKQfGdc+sCAwEA -AQKCAgAc/L+WFI8uRdKOOyOY47y2KcrDshane9yPDR+j6+XrOFZsZmO/AsLJY3RT -GakiWyYqGT+WKkxEMJ+GKpkv7cRnMQZCOj2kOYIXKe2uSznHjIhnCR+YLG/cCKun -YNnlwAcNIJ6eJ5/xJ6awPFK8CL6k0bUPTolfrawrnnCEZT+2j6yuR652WijJmqhH -PwL4is9riyR8MwpERLX9njUND+Mb/W7NU7qrrlAmS7E4BUu2bxG/Y0h6T6Nz6i8A -xKoLSXln5hVd8e760KprgFOMUlKPXdTLUYO3j1Z7pTtK51r/c9r/EyS8E70ZJzEW -gYMmt2djIZ2ZF+5OiGCDkFhOMugDJXZ8MDcH+S6dIbnY+TNTUoDZ86rT/zgkkPxh -ksVB37H2qR8IHeP+nxydzbLjJDn/Xt0cIn5zvbnSVYllxXKNFmElj4XkseCHrqxl -BDI7Rz4h00O2t0XQ85v017SNZoSAZ5mUNPPl1ToKwykyl/5btAWF4dUEaiXPf6WQ -GHi4eDtwBamOLC+lab5QAtGboq7sLABxJewpfwrZ/3IqQV5qYgsR62/8fXxe7/uT -SiQUDj1+2mn5N4Tsz0UU6Jbe3qEY/QiacRUIR262utcLcLU8li8RLVcN74S9D0zp -VPYWr1Jy9IfsVIOD0R/6JU2+yHKTTC7sB6Owecqipt9++xCjAQKCAQEA/SV7HCJr -5b829hPbw9r2REdyLRrvR62x0zOoDBbBi97aNOY+sbhQf7l5ih8WpUV4UHbf4o0r -qdwkrE7V4swlhjYSAjpBygcHiDpibHuQ2DD2zIRnn4Z7RL4r/m7WDY0pqiP/sVDE -KtcMM/4kVoa/ZahI8BXRtIlinPub1oku5XY+SinfQlCR9JEhpWOspakFIP+484pQ -UXe3h7R8qdAnqAL8SGh8LHd/ULZwR8ebJ++mVo1JJnIMfc3BKJHpjKqMsa4tzSVl -bqAYJODk6UYiiZjbOoJCalNtHghuHpL5Eb3XYFCFcBeYq1d9ShdhRW/u2OM33b5R -cNQmY5NO6fbVawKCAQEA6nzHIlqcgED4z7HUPDGOKuvjGY+bYAyi3wdsFcoMgzMq -f6DxdU9wxhQgmeOteCzWBTdsdvf1Iw1ojrcM/2lsiJBEYGB0buzOCqmEefTk8RbH -9YejngTJDdW4rEqqipjao2p7BtQUKJexd5pRbUnXRI7oLBSVfWuOvx0FAmD0DU2m -VzyfxaJDyJ/06bpmAgsydQKOK313eIckcdORwBqcwzLI42/hyF8iMkDjRBwmr6ts -MSaHotu7hMu+210I4wGeX+XuL+tdtHorBV+nzU6BxSyChwuUHj8ZVXNcKbjoIEcU -s0pLYv4SzhjV1qI/u9dHYezg5zVjD2WggomZnfT7gQKCAQEA9bfx/eczkHjA4q93 -/G6H6NLo8vtYE9135KgZkFJuYFRavkpXxK5CBRiF7xoqIxaBqKkavI+HOIOlXVPQ -rSq3qcTGSj8+KNoV55e0fdSbTh6JEQ/cfa5N7PYjQf9X6yOAs9Ppl7XsFCFViQpB -P3PgSM7GrbSgL3vDqtlX9TCHwte5ssdeHMKUSi6t2BoeNVcQ0W0nm85AFDP+g80f -zL1uINl1BNvW3FrJzBCqgCIyattmPFE8FgNSOLMFsVmgt5e8paOKdby87lqb1QAv -cndPgvxKoEpcKVT9b8+DBE5pUV1St/yw6ZMd8AMmbEqxcnMqBoDXc3gPGVP0R2dv -jA66LQKCAQBk+u1K1xi0hsZfsyZB8dlWlJUNSfHQkECHqYubapKu4Zb4tZemPFrF -gp9zhkALE8vrHS4hobC4sqqHYz8+sujherdnhcI+js5AezYoyxTY2kWscAg/IbJv -uc04rUL6Qs9NNqraivRPctwjNJrCZN1GkgBcE1U5WNt1ZArnNleDbyAmS15G3xUv -zerLyNDrKmVFTJ9rDTIo/pHsTv9ialN+IF2wzFrATm/MknMMvs7OMhV6qSwaL2R2 -0MNVdqBAGk9Y3w0PJ94HveDPBJ2f5aIvBncDrzHPQL8pNG/JK+8TD2lTuLf0XpQ8 -mydjsiWeQBxmiHtmNnB9jfdsn9M+2eSBAoIBAAiu3W8lSHSohqGhuPvcSYIxzWVd -fvbR86990QankDAi+2oisIDrtJpTX8kqy0uIfCIPq+IwTs7UtjBwrd1KPNdDSBVU -riyVIpyh3TC4Rr5jbG6R6emzbcqBEJOkjMnlEPFutUozUxCG2TJnnhJZAVc+ogrf -aXD6TKqjK0S5DgLTkc5BLxowLEZZhSFA9pbHEXu5kiTfK+heeAyQHM8qc4GtAY3G -fYtyuudLWUH3IQPN4Q7day1kCdqmaoB89Iz3xxW+8nOit9p+v/3Mqfz/KwHpnNr8 -bCJbSgSNdaK1Qj7+caf4m1RyV8KtLsj5t2tmrqyTbiMgHcmuf/OqYBeVYHM= ------END RSA PRIVATE KEY----- === removed file 'bad-crl.pem' --- bad-crl.pem 2007-10-20 21:38:25 +0000 +++ bad-crl.pem 1970-01-01 00:00:00 +0000 @@ -1,18 +0,0 @@ ------BEGIN X509 CRL----- -MIIC1jCBvzANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCU0UxCzAJBgNVBAgT -AkJMMRMwEQYDVQQHEwpLYXJsc2tyb25hMRUwEwYDVQQKEwxFdmlsIG1vbmtleXMx -FDASBgNVBAsTC0V2aWwgd2UgYXJlMRMwEQYDVQQDEwppbnZhbGlkIENBMRwwGgYJ -KoZIhvcNAQkBFg1ldmlsQGNlcnQuYmFkFw0wNzEwMTYxNDQxMTVaFw0wNzExMTUx -NDQxMTVaMA0GCSqGSIb3DQEBBQUAA4ICAQCfNVz+uVzX2TaHb3YtAzVFrrjysuL/ -ltA2DAv4cpQSAYi6Gt5xDqcXE8ZonEA26taHYpXYnStnVsrrbK44sGFuvJc/y0jM -AdA3Ook/ECTPmnJMU3jUbtK6dqFmF0425dDVPAdVqxlB2+wlA+tk/RHSfKMVi44X -VCLPReQFpHUqMBdpqdfmxmtV4QXDgYAE5ramDiC0Eh9IZ1yEIKrFPx6VDUqph+uh -uM3lusqW3afqaNPLWNf2+hJoeHAYd+b0Gd/W9epONJ2hI8jdo3QrdGHgOxlKRyJa -3U4DDzi5rOy1eivxLo+OIzaxrff9Sw2yj0SvR7U9Tpkd3zIFBFxGujgNpA3g4NrK -xGk1cQtx96siwkt6hvfnsPY5HjtUedOxOlVs2Rji9fxFAu7t5q10HHIHgHpTTSaU -8GUmN8uiibndrrKEask6L0O48wg5fnjm7W1oOJG30z2N0zKV+HMSv146MoBUZFrK -xSDjHP5qjL6H3GCZPIIvNqEFbHeOafWcqQAsusvxiMgM73ZwBs68hZDvQ1VcYKAL -bsOwbzo/T3jh1shtpR2xL0pdTg+olqvgPlhLB07G4rCucVvrZnuw9YrtjBOEbIeH -w7Lgq2CmpEK5tH+Zv8wt+k6rkdafaGe7G+fN48ZXfJ2dHIH37ZmIjC6t0UjybEmy -e0R0/SpWZspsSQ== ------END X509 CRL----- === removed file 'bad-key.pem' --- bad-key.pem 2007-10-20 21:38:25 +0000 +++ bad-key.pem 1970-01-01 00:00:00 +0000 @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAq8MbqQmk7j3r1xjxCrQMjkf0xpVgvK5RISglAmmBol2XVwUE -ZASHYRsSMrKeCpc94Xlxjn/Ps90b0xsny5vd8WI8frenOlGk0VMG+25UR2Uu6bPi -5o238qz6DxzM2WqD/olJgOMbCUDKicnKPZykXbFwznxsmkq39IM16p7NidW6cGdX -LgE/z0YrnCvCmvBC74LnAqE30rNmGMSwFe3j+/dfmIpcQrfQRF5w60EJZ/bumCge -Kmf7B+VDzepnijd+akO8v0LHqhxvR2vccZY+/lI62w0RcsOtlLItgLoyfdywwGpU -GAuQKeEChf0s8jryz+HigmFbpLgfnWeVTXE9bMHCXtBiA8cP0tTxqmuES03hpAwm -STG85jpeyPD6f9gNqyBkIwLK+9Xt3UiJ5MNtCxdV22GwmBdSQrsDMP8uDBXXX1ep -3cbN8ATjIRTT7nKoqIMPBWCvdiPAAHqxZbQqnJsrfDYucpDsa6xeZX+Wt6KuKzP+ -5y8HKETi4IHAgVoOeLobqiCN7+1+ZiDlINR9ONZf3XNZahajx8t32l7lpwVNFshY -lijaBzcRveLR4X/0Q7sPk7Pcd4GrEBXZRMuJbU1B4X5sPoTN1iyeze/i2BbNuNvr -ulpyowUC1N6HkDD8acTxVZ1YU/92sByMcwnimk2TMJN11cpEOLx7Wr7urRsCAwEA -AQKCAgBVuaIjgrm7YlJD36HmKqidlpI3TrSiVwoM12FpS8k0hSuUdd+UH6KFt6Ik -hXtVY9ixoRApA+dhKLjLayE4gMmLwPDaecTP2ZG+G4c/k/giTgDVCT/0u8SULPr8 -8e3XkU7hihmSZ0bGHn03uevjRjvOu1HG7NizRRl8wsP1Hl8NLQvJL/qV7m+vfqEj -Z7/P3pw5uAaeDGK1GW6abAhKWZnQ1szycBPOBLnAdbY75BDSv66jaFpt5cmnTijC -K/yTQlEorjgU6TqHz3tGlTHHyyoTemz/iQ0tTzZiIW+OcN/ka3IYBrmD6rl//Vpq -D0sQdpVbZazMT9USaAb3Y4xjw2HZBXQ1zU7r6Frd8Eveh5Q15hSOWsiCDli70bR0 -la4OK+Hb5XH0m7pPSZ1fGA0/gv0byzNCiGvFBQAjuYwWRvFL7DnXa1EupTO4Za4w -4cJxF9aejAM/Mn2WBMpMgtGb0ZvhSODJHEuyly3aomQFY9rnzdz797Rut/+MpZRp -qf8qOsvmZFoY9riOfAcpX2AcDYcxDnKqvcvPXrnrzPVpeu9vA7akqK7EPmayEFQk -gGrxnzXtD3GFhrItRhbs5EIMEVUUK6KFdBRIRZjfyeBmeMJy2ET89a33MJAz+vl4 -HVvoTQWjYEsarVC7OZ4XpLOpiGUG8fbV+poZpAVGHawAC//MoQKCAQEA2wDgQwhS -W9bfgFpIBwUr/4+scZjtJBoJZdoedBOM/gdj5fO5Ktp1BRpgLbecv45vGNd8hz8i -/xbg+VHCGicMa2Ot7tV6ZG9qKcrxF5BogKWOZYqy1P1W1Ocy5Xt6uv+1Nw/fdLK3 -9u9dWEO+1b608igua57t1pzaJISUgfALC40vaRy5iLC8ygf80njhrMq9iQSQKa4P -tBaSNAfRs/dJBGtErZvOGXjWWabMp/V0XGM5eMpNBuJg867Gay4ssVwrG9NPxhI8 -Ux4DguNKaNky92xDDPdz19rseq2VLo8Nl10+zmhlni4b2uUB37W7EzrtFkr8yiE5 -QqaMvWTaFNn10QKCAQEAyMc2rS7rRVXwGscevmsXHfbEsmihcemBD1c69zoNdGlh -Wd8yzTO9xE5mV3uO6hN6zJNBA1Oyfv5uNg9ylKrPcS3D4weDBi9M5Akh7OFS+fVX -AFFGmLaOVUUg6WJ6PMSqeoPMzXei8VRs+T11JURPSktKEJ55Tok3FX0pvTQZx+7/ -gnjEHbnccFSM5cEJYaKy2691s1742IUAwVLqXkU0IUlxH2ISZU7rg2cJxQ07jmcw -bR/dfg8OR6N2wxZ48g54/0QP81W5hG2rZiH6D1qjPxRn1S1LDaEDvY/2kpzvEcKq -h3jInCvFxyf8/43b6RxQTHhoHpO/JVSKA4hRsG3zKwKCAQAA9YUF5iBuNIewCTUt -irFBokBwEupe8Ro/bvAZNAi3CBNA64tRC7nddtsa+CXglOAZrL/n27fshA4iKWB/ -OtKMGdimJhsuG2rMmg3qO4Cpp4/zE+NqmV1q+0Q2yw6jiQEjJ5ej7DBwDWZMP6ez -Se2C7fgeEokaGn++DzKTSxjRSSH/BNgvKA77l4Nc7JiYaB7iXbm/5Po+oKatQaeC -cT/JnCql0/vYErZlmBxnU+TZjrmutLwXnqAsEQTfbUlW0X+C1K8Rv/yxpH0Bcrtd -sC3P9ZJpmR/Rvyyv8NipZoj5s7fVsZFYWv1WPRCACUyzbduh8FwhCno0t4QARFPM -KZQxAoIBAD02p4/jhy2LhvnTDaeGpPSowM2YIujFBWk08jBgDawZWOn6p9VyWgAY -2xD/BdKN/9mRZ7fo87nOPrHSwd9buIVMK7XzG1puX2YC9snu5Mp6p3zcSsbSmdCb -k+4z7QrL9yIFPxLBz/b+A3914lprWjVPgRRSDLAKG7Y8g9ZApT+UuWgBA+IAQZop -3Q9LbF3NKfTaqOr4IKx62IEYk4YMWVlwt8GWt/8VMa7NYmgmoarIATa0CWaeln72 -8oWGO3epO/CvwqEw2K/sc95eq4u02aKoyQNwnLpaBfbshoOqvyTOEgndpGQg4FrY -8UTE7nBDBqRZ7XytFRD/llh/XlCJJSMCggEBAKp5YxKeyW4m35cDiJysfsgLAp8h -k1Y1GcYULwHbY5y2GwLxZL2SCFy/zpOjvBsG+2BwzTOGFxsf8w1baDczT9tFfDWO -swH8vaD8+7XlEGrvqSb7stciJl3Yh3LEV2tktn7FND4udn4IP/rMqQX4eTyiDbp4 -dQRzd6sn9AGqNI0O7QHzpTOlBiomK1J7CIWEotWpoir8A352vZioIMeHq+gOH4OJ -SR1yYhB/ufRYCg7LApnExR/Vz40MBQoBN87RQNN3iOUfg8zF1gm8x1Zd053tbXbV -4CHST6lP+D1zcOWpyNX8lzzgPEpzl9cxGWe6HM/GSBlob3OaybBhnkBH6zQ= ------END RSA PRIVATE KEY----- === modified file 'client.cpp' --- client.cpp 2007-10-28 17:59:38 +0000 +++ client.cpp 2008-01-18 21:18:26 +0000 @@ -3,22 +3,27 @@ // connect #include // getaddrinfo, gai_strerror, socket, inet_pton // connect -#include // close +#include // close, STDIN_FILENO, STDOUT_FILENO #include // getaddrinfo, gai_strerror #include // inet_pton #include // select #include +#include // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS +#include // ioctl, ifreq, SIOCGIFFLAGS, IFF_UP, SIOCSIFFLAGS +#include // struct termios, tcsetattr, tcgetattr, TCSAFLUSH, ECHO } -#include // fprintf #include // perror #include // memset +#include // std::string, std::getline +#include // cin, cout, cerr +#include // << -#define SOCKET_ERR(err,s) if(err<0) {perror(s);return(1);} +#define SOCKET_ERR(err,s) if(err<0) {perror(s); status = 1; goto quit;} #define PORT 49001 -#define CERTFILE "client-cert.pem" -#define KEYFILE "client-key.pem" -#define CAFILE "ca.pem" +#define CERTFILE "/conf/conf.d/cryptkeyreq/client-cert.pem" +#define KEYFILE "/conf/conf.d/cryptkeyreq/client-key.pem" +#define CAFILE "/conf/conf.d/cryptkeyreq/ca.pem" gnutls_certificate_credentials_t x509_cred; @@ -26,6 +31,10 @@ initgnutls(){ gnutls_session_t session; +#ifdef DEBUG + std::cerr << "Initiate certificates\n"; +#endif + gnutls_global_init (); /* X509 stuff */ @@ -43,7 +52,7 @@ int main (){ - int sd, ret; + int udp_sd, tcp_sd, ret; char buffer[4096]; struct sockaddr_in6 to; struct sockaddr_in6 from; @@ -51,97 +60,150 @@ fd_set rfds_orig; struct timeval timeout; + struct termios t_old, t_new; + int status = 0; + session = initgnutls (); - sd = socket(PF_INET6, SOCK_DGRAM, 0); - SOCKET_ERR(sd,"socket"); - +#ifdef DEBUG + std::cerr << "Open ipv6 UDP\n"; +#endif + + udp_sd = socket(PF_INET6, SOCK_DGRAM, 0); + SOCKET_ERR(udp_sd,"socket"); + +#ifdef DEBUG + std::cerr << "Open socket with socket nr: " << udp_sd << '\n'; +#endif + { int flag = 1; - ret = setsockopt(sd, SOL_SOCKET, SO_BROADCAST, & flag, sizeof(flag)); + ret = setsockopt(udp_sd, SOL_SOCKET, SO_BROADCAST, & flag, sizeof(flag)); SOCKET_ERR(ret,"setsockopt broadcast"); } - setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5); + ret = setsockopt(udp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5); SOCKET_ERR(ret,"setsockopt bindtodevice"); memset (&to, '\0', sizeof (to)); to.sin6_family = AF_INET6; ret = inet_pton(AF_INET6, "ff02::1" , &to.sin6_addr); - SOCKET_ERR(ret,"setsockopt bindtodevice"); + SOCKET_ERR(ret,"inet_pton"); to.sin6_port = htons (PORT); // Server Port number + struct ifreq network; + + strcpy(network.ifr_name, "eth0"); + + ret = ioctl(udp_sd, SIOCGIFFLAGS, &network); + SOCKET_ERR(ret,"ioctl SIOCGIFFLAGS"); + + network.ifr_flags |= IFF_UP; + + ret = ioctl(udp_sd, SIOCSIFFLAGS, &network); + SOCKET_ERR(ret,"ioctl SIOCSIFFLAGS"); + FD_ZERO(&rfds_orig); - FD_SET(sd, &rfds_orig); - - timeout.tv_sec = 10; - timeout.tv_usec = 0; - - + FD_SET(udp_sd, &rfds_orig); + FD_SET(STDIN_FILENO, &rfds_orig); + + + if (tcgetattr (STDIN_FILENO, &t_old) != 0){ + return 1; + } + t_new = t_old; + t_new.c_lflag &= ~ECHO; + if (tcsetattr (STDIN_FILENO, TCSAFLUSH, &t_new) != 0){ + return 1; + } + for(;;){ - sendto(sd, "Marco", 5, 0, reinterpret_cast(&to), sizeof(to)); - - fd_set rfds = rfds_orig; - - ret = select(sd+1, &rfds, 0, 0, & timeout); - SOCKET_ERR(sd,"select"); - - if (ret){ - socklen_t from_len = sizeof(from); - ret = recvfrom(sd,buffer,512,0, reinterpret_cast(& from), - & from_len); - SOCKET_ERR(ret,"recv"); - - if (strncmp(buffer,"Polo", 4) == 0){ - break; - } - } + for(;;){ + +#ifdef DEBUG + std::cerr << "Sending Marco on UDP\n"; +#endif + ret = sendto(udp_sd, "Marco", 5, 0, reinterpret_cast(&to), sizeof(to)); + if (ret < 0){ + perror("sendto"); + } + + fd_set rfds = rfds_orig; + timeout.tv_sec = 10; + timeout.tv_usec = 0; + + std::cerr << "Password: "; + + ret = select(udp_sd+1, &rfds, 0, 0, & timeout); + SOCKET_ERR(udp_sd,"select"); + + if (ret){ + if (FD_ISSET(STDIN_FILENO, &rfds)){ + std::string buffer; + std::getline(std::cin, buffer); + std::cerr << '\n'; + std::cout << buffer; + goto quit; + } + + socklen_t from_len = sizeof(from); + ret = recvfrom(udp_sd,buffer,512,0, reinterpret_cast(& from), + & from_len); + SOCKET_ERR(ret,"recv"); + + if (strncmp(buffer,"Polo", 4) == 0){ + break; + } + } + std::cerr << '\r'; + } + + + tcp_sd = socket(PF_INET6, SOCK_STREAM, 0); + SOCKET_ERR(tcp_sd,"socket"); + + setsockopt(tcp_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5); + SOCKET_ERR(ret,"setsockopt bindtodevice"); + + memset(&to,0,sizeof(to)); + to.sin6_family = from.sin6_family; + to.sin6_port = from.sin6_port; + to.sin6_addr = from.sin6_addr; + to.sin6_scope_id = from.sin6_scope_id; + + ret = connect(tcp_sd,reinterpret_cast(&to),sizeof(to)); + if (ret < 0){ + perror("connect"); + continue; + } + + gnutls_transport_set_ptr (session, reinterpret_cast (tcp_sd)); + + ret = gnutls_handshake (session); + + if (ret < 0) + { + std::cerr << "\n*** Handshake failed ***\n"; + gnutls_perror (ret); + continue; + } + + //retrive password + ret = gnutls_record_recv (session, buffer, sizeof(buffer)); + + write(STDOUT_FILENO,buffer,ret); + + //shutdown procedure + gnutls_bye (session, GNUTLS_SHUT_RDWR); + close(tcp_sd); + gnutls_deinit (session); + gnutls_certificate_free_credentials (x509_cred); + gnutls_global_deinit (); + break; } - - //shutdown procedure - close(sd); - - sleep(1); - - sd = socket(PF_INET6, SOCK_STREAM, 0); - SOCKET_ERR(sd,"socket"); - - setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5); - SOCKET_ERR(ret,"setsockopt bindtodevice"); - - memset(&to,0,sizeof(to)); - to.sin6_family = from.sin6_family; - to.sin6_port = from.sin6_port; - to.sin6_addr = from.sin6_addr; - to.sin6_scope_id = from.sin6_scope_id; - - ret = connect(sd,reinterpret_cast(&to),sizeof(to)); - SOCKET_ERR(ret,"connect"); - - gnutls_transport_set_ptr (session, reinterpret_cast (sd)); - - ret = gnutls_handshake (session); - - if (ret < 0) - { - fprintf (stderr, "*** Handshake failed\n"); - gnutls_perror (ret); - return 1; - } - - //retrive password - ret = gnutls_record_recv (session, buffer, sizeof(buffer)); - - write(1,buffer,ret); - - //shutdown procedure - gnutls_bye (session, GNUTLS_SHUT_RDWR); - close(sd); - gnutls_deinit (session); - gnutls_certificate_free_credentials (x509_cred); - gnutls_global_deinit (); - - close(sd); - - return 0; + close(udp_sd); + + quit: + tcsetattr (STDIN_FILENO, TCSAFLUSH, &t_old); + return status; } === removed file 'clients.conf' --- clients.conf 2007-10-28 17:59:38 +0000 +++ clients.conf 1970-01-01 00:00:00 +0000 @@ -1,3 +0,0 @@ -C=SE,ST=BL,L=Ronneby,O=gnustuff,CN=braxen_client,EMAIL=belorn@fukt.bsnet.se -The secret message is "squeamish ossifrage" -asdjiadsjadsads === removed file 'server.cpp' --- server.cpp 2007-10-28 17:59:38 +0000 +++ server.cpp 1970-01-01 00:00:00 +0000 @@ -1,361 +0,0 @@ -extern "C" { -#include //socket, setsockopt, bind, listen, accept, - // inet_ntop, -#include //socket, setsockopt, bind, listen, accept, - // inet_ntop -#include //ioctl, sockaddr_ll, ifreq -#include //write, close -#include // sockaddr_in -#include -#include // gnutls_x509_crt_init, gnutls_x509_crt_import, gnutls_x509_crt_get_dn -#include // inet_ntop, htons -#include //ifreq -} - -#include -#include -#include -#include // std::max -#include // exit() -#include // std::ifstream -#include // std::string -#include // std::map -#include // cout -#include // << - -#define SOCKET_ERR(err,s) if(err<0) {perror(s);exit(1);} - -#define PORT 49001 -#define KEYFILE "key.pem" -#define CERTFILE "cert.pem" -#define CAFILE "ca.pem" -#define CRLFILE "crl.pem" -#define DH_BITS 1024 - -using std::string; -using std::ifstream; -using std::map; -using std::cout; - -/* These are global */ -gnutls_certificate_credentials_t x509_cred; -map table; - -static gnutls_dh_params_t dh_params; - -static int -generate_dh_params () -{ - - /* Generate Diffie Hellman parameters - for use with DHE - * kx algorithms. These should be discarded and regenerated - * once a day, once a week or once a month. Depending on the - * security requirements. - */ - gnutls_dh_params_init (&dh_params); - gnutls_dh_params_generate2 (dh_params, DH_BITS); - - return 0; -} - -gnutls_session_t -initialize_tls_session () -{ - gnutls_session_t session; - - gnutls_global_init (); - - gnutls_certificate_allocate_credentials (&x509_cred); - gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE, - GNUTLS_X509_FMT_PEM); - gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE, - GNUTLS_X509_FMT_PEM); - gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE, - GNUTLS_X509_FMT_PEM); - - generate_dh_params (); - gnutls_certificate_set_dh_params (x509_cred, dh_params); - - gnutls_init (&session, GNUTLS_SERVER); - gnutls_set_default_priority (session); - gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred); - - // request client certificate if any. - - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); - gnutls_dh_set_prime_bits (session, DH_BITS); - - return session; -} - - -void udpreply(int &sd){ - struct sockaddr_in6 sa_cli; - int ret; - char buffer[512]; - - { - socklen_t sa_cli_len = sizeof(sa_cli); - ret = recvfrom(sd, buffer, 512,0, - reinterpret_cast(& sa_cli), & sa_cli_len); - SOCKET_ERR (ret, "recvfrom"); - } - - if (strncmp(buffer,"Marco", 5) == 0){ - ret = sendto(sd, "Polo", 4, 0, reinterpret_cast(& sa_cli), - sizeof(sa_cli)); - SOCKET_ERR (ret, "sendto"); - } - -} - -void tcpreply(int sd, struct sockaddr_in6 *sa_cli, gnutls_session_t session){ - - int ret; - unsigned int status; - char buffer[512]; - int exit_status = 0; - char dn[128]; - -#define DIE(s){ exit_status = s; goto tcpreply_die; } - - printf ("- TCP connection from %s, port %d\n", - inet_ntop (AF_INET6, &(sa_cli->sin6_addr), buffer, - sizeof (buffer)), ntohs (sa_cli->sin6_port)); - - - gnutls_transport_set_ptr (session, reinterpret_cast (sd)); - - - ret = gnutls_handshake (session); - if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - DIE(1); - } - printf ("- Handshake was completed\n"); - - //time to validate - - if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509){ - printf("Recived certificate not X.509\n"); - DIE(1); - } - { - const gnutls_datum_t *cert_list; - unsigned int cert_list_size = 0; - gnutls_x509_crt_t cert; - size_t size; - - cert_list = gnutls_certificate_get_peers (session, &cert_list_size); - - printf ("Peer provided %d certificates.\n", cert_list_size); - - if (cert_list_size == 0){ - printf("No certificates recived\n"); - DIE(1); - } - - gnutls_x509_crt_init (&cert); - - // XXX -Checking only first cert, might want to check them all - gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER); - - size = sizeof (dn); - gnutls_x509_crt_get_dn (cert, dn, &size); - - printf ("DN: %s\n", dn); - } - - ret = gnutls_certificate_verify_peers2 (session, &status); - - if (ret < 0){ - printf ("Verify failed\n"); - DIE(1); - } - - if (status & (GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_REVOKED)) { - if (status & GNUTLS_CERT_INVALID) { - printf ("The certificate is not trusted.\n"); - } - - if (status & GNUTLS_CERT_SIGNER_NOT_FOUND){ - printf ("The certificate hasn't got a known issuer.\n"); - } - - if (status & GNUTLS_CERT_REVOKED){ - printf ("The certificate has been revoked.\n"); - } - DIE(1); - } - - if (table.find(dn) != table.end()){ - gnutls_record_send (session, table[dn].c_str(), table[dn].size()); - printf("Password sent to client\n"); - } - else { - printf("dn not in list of allowed clients\n"); - } - - - tcpreply_die: - gnutls_bye (session, GNUTLS_SHUT_WR); - close(sd); - gnutls_deinit (session); - gnutls_certificate_free_credentials (x509_cred); - gnutls_global_deinit (); - exit(exit_status); -} - - -void badconfigparser(string file){ - - string dn; - string pw; - string pwfile; - ifstream infile (file.c_str()); - - while(infile){ - getline(infile, dn, '\n'); - if(not infile){ - break; - } - getline(infile, pw, '\n'); - if(not infile){ - break; - } - getline(infile, pwfile, '\n'); - if(not infile){ - break; - } - if(pw.empty()){ - ifstream pwf(pwfile.c_str()); - std::string tmp; - - while(true){ - getline(pwf,tmp); - if (not pwf){ - break; - } - pw = pw + tmp + '\n'; - } - - } - table[dn]=pw; - } - infile.close(); -} - - - -int main (){ - int ret, err, udp_listen_sd, tcp_listen_sd; - struct sockaddr_in6 sa_serv; - struct sockaddr_in6 sa_cli; - - int optval = 1; - socklen_t client_len; - - gnutls_session_t session; - - fd_set rfds_orig; - - badconfigparser(string("clients.conf")); - - session = initialize_tls_session (); - - //UDP IPv6 socket creation - udp_listen_sd = socket (PF_INET6, SOCK_DGRAM, 0); - SOCKET_ERR (udp_listen_sd, "socket"); - - memset (&sa_serv, '\0', sizeof (sa_serv)); - sa_serv.sin6_family = AF_INET6; - sa_serv.sin6_addr = in6addr_any; //XXX only listen to link local? - sa_serv.sin6_port = htons (PORT); /* Server Port number */ - - ret = setsockopt (udp_listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (optval)); - SOCKET_ERR(ret,"setsockopt reuseaddr"); - - ret = setsockopt(udp_listen_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5); - SOCKET_ERR(ret,"setsockopt bindtodevice"); - - { - int flag = 1; - ret = setsockopt(udp_listen_sd, SOL_SOCKET, SO_BROADCAST, & flag, sizeof(flag)); - SOCKET_ERR(ret,"setsockopt broadcast"); - } - - err = bind (udp_listen_sd, reinterpret_cast (& sa_serv), - sizeof (sa_serv)); - SOCKET_ERR (err, "bind"); - - //UDP socket creation done - - - //TCP IPv6 socket creation - - tcp_listen_sd = socket(PF_INET6, SOCK_STREAM, 0); - SOCKET_ERR(tcp_listen_sd,"socket"); - - setsockopt(tcp_listen_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5); - SOCKET_ERR(ret,"setsockopt bindtodevice"); - - ret = setsockopt (tcp_listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (optval)); - SOCKET_ERR(ret,"setsockopt reuseaddr"); - - err = bind (tcp_listen_sd, reinterpret_cast (& sa_serv), - sizeof (sa_serv)); - SOCKET_ERR (err, "bind"); - - err = listen (tcp_listen_sd, 1024); - SOCKET_ERR (err, "listen"); - - //TCP IPv6 sockets creation done - - FD_ZERO(&rfds_orig); - FD_SET(udp_listen_sd, &rfds_orig); - FD_SET(tcp_listen_sd, &rfds_orig); - - printf ("Server ready. Listening to port '%d' on UDP and TCP.\n\n", PORT); - - for(;;){ - fd_set rfds = rfds_orig; - - ret = select(std::max(udp_listen_sd, tcp_listen_sd)+1, &rfds, 0, 0, 0); - SOCKET_ERR(ret,"select"); - - if (FD_ISSET(udp_listen_sd, &rfds)){ - udpreply(udp_listen_sd); - } - - if (FD_ISSET(tcp_listen_sd, &rfds)){ - client_len = sizeof(sa_cli); - int sd = accept (tcp_listen_sd, - reinterpret_cast (& sa_cli), - &client_len); - SOCKET_ERR(sd,"accept"); //xxx not dieing when just connection abort - switch(fork()){ - case 0: - tcpreply(sd, &sa_cli, session); - return 0; - break; - case -1: - perror("fork"); - close(tcp_listen_sd); - close(udp_listen_sd); - return 1; - break; - default: - break; - } - } - } - - close(tcp_listen_sd); - close(udp_listen_sd); - return 0; - -}