[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-295-g37689ff
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-295-g37689ff |
Date: |
Mon, 05 Jul 2010 06:32:22 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=37689ff93340703204cfaa8b44ebe398677d88d5
The branch, master has been updated
via 37689ff93340703204cfaa8b44ebe398677d88d5 (commit)
via 0d004a210db5d220c896456a165c81264fa4454a (commit)
from b422230d1b846155b64a9e8cdcf8ed2563f442cc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 37689ff93340703204cfaa8b44ebe398677d88d5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Jul 5 08:32:00 2010 +0200
Do not crash if input is redirected from /dev/null.
commit 0d004a210db5d220c896456a165c81264fa4454a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Jul 5 08:21:07 2010 +0200
Changed the default pkcs-cipher to AES-128. Allowed specifying the
3des-pkcs12
cipher with the --pkcs-cipher option.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 5 ++++-
src/certtool-cfg.c | 4 ++++
src/certtool-gaa.c | 4 ++--
src/certtool.c | 8 ++++++++
src/certtool.gaa | 4 ++--
5 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/NEWS b/NEWS
index 89fcf94..32702d8 100644
--- a/NEWS
+++ b/NEWS
@@ -57,6 +57,10 @@ sizes for private keys using a human understandable scale.
--pkcs11-list-all-certs, --pkcs11-list-trusted, --pkcs11-list-certs,
--pkcs11-delete-url, --pkcs11-write
+certtool: The --pkcs-cipher is taken into account when generating a
+private key. The default cipher used now is aes-128. The old behavior can
+be simulated by specifying "--pkcs-cipher 3des-pkcs12".
+
** gnutls-cli/gnutls-serv: --x509cafile, --x509certfile and --x509keyfile
can now accept a PKCS #11 URL in addition to a file. This will allow for
example to use the Gnome-keyring trusted certificate list to verify
@@ -142,7 +146,6 @@ gnutls_pkcs11_copy_x509_crt: ADDED
gnutls_pkcs11_copy_x509_privkey: ADDED
gnutls_pkcs11_delete_url: ADDED
-
* Version 2.9.10 (released 2010-04-22)
** libgnutls: Time verification extended to trusted certificate list.
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index d6988ec..41bcc17 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -250,6 +250,10 @@ read_int_with_default (const char *input_str, int def)
printf (input_str, def);
in = readline ("");
+ if (in == NULL)
+ {
+ return def;
+ }
l = strtol (in, &endptr, 0);
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index 3d5bda8..17fd5f6 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -177,7 +177,7 @@ void gaa_help(void)
__gaa_helpsingle(0, "outfile", "FILE ", "Output file.");
__gaa_helpsingle(0, "infile", "FILE ", "Input file.");
__gaa_helpsingle(0, "template", "FILE ", "Template file to use for non
interactive operation.");
- __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs
operations (3des,aes-128,aes-192,aes-256,rc2-40).");
+ __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs
operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour).");
__gaa_helpsingle(0, "pkcs11-provider", "Library ", "Specify the pkcs11
provider library");
__gaa_helpsingle(0, "pkcs11-export-url", "URL ", "Export data specified
a pkcs11 URL");
__gaa_helpsingle(0, "pkcs11-list-certs", "", "List certificates that
have a private key specified by a PKCS#11 URL");
@@ -1459,7 +1459,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL;
gaaval->outfile = NULL; gaaval->cert = NULL;
gaaval->incert_format = 0; gaaval->outcert_format = 0;
gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL;
gaaval->fix_key = 0; gaaval->quick_random=1;
- gaaval->privkey_op = 0; gaaval->pkcs_cipher = "3des";
gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL;
+ gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128";
gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL;
gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK;
gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL;
gaaval->pkcs11_trusted=0; gaaval->sec_param = NULL;
gaaval->pkcs11_login = 0; ;};
diff --git a/src/certtool.c b/src/certtool.c
index dcca2fa..8a5c79e 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -267,6 +267,14 @@ cipher_to_flags (const char *cipher)
{
return GNUTLS_PKCS_USE_PBES2_3DES;
}
+ else if (strcasecmp (cipher, "3des-pkcs12") == 0)
+ {
+ return GNUTLS_PKCS_USE_PKCS12_3DES;
+ }
+ else if (strcasecmp (cipher, "arcfour") == 0)
+ {
+ return GNUTLS_PKCS_USE_PKCS12_ARCFOUR;
+ }
else if (strcasecmp (cipher, "aes-128") == 0)
{
return GNUTLS_PKCS_USE_PBES2_AES_128;
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 1fcdc20..28dcf29 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -133,7 +133,7 @@ option (infile) STR "FILE" { $infile = $1 } "Input file."
option (template) STR "FILE" { $template = $1 } "Template file to use for non
interactive operation."
#char *pkcs_cipher;
-option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for
pkcs operations (3des,aes-128,aes-192,aes-256,rc2-40)."
+option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for
pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)."
#char* pkcs11_provider;
option (pkcs11-provider) STR "Library" { $pkcs11_provider = $1 } "Specify the
pkcs11 provider library"
@@ -171,6 +171,6 @@ init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL;
$ca_privkey = NULL;
$debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert =
NULL;
$incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL;
$v1_cert = 0;
$export = 0; $template = NULL; $hash=NULL; $fix_key = 0;
$quick_random=1;
- $privkey_op = 0; $pkcs_cipher = "3des"; $crq_extensions=1;
$pkcs11_provider= NULL;
+ $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1;
$pkcs11_provider= NULL;
$pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL;
$pkcs11_label = NULL;
$pkcs11_trusted=0; $sec_param = NULL; $pkcs11_login = 0; }
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-295-g37689ff,
Nikos Mavrogiannopoulos <=