[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-14-g16b5528
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-14-g16b5528 |
|
Date: |
Tue, 02 Aug 2011 19:53:33 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=16b552803790c0f1b393b6f143b166429c51e9f2
The branch, gnutls_3_0_x has been updated
via 16b552803790c0f1b393b6f143b166429c51e9f2 (commit)
via 455a190128afa0c529f4d924889b4a1ee0a99607 (commit)
via ce4693bffe4ecc38257a246c606327988150e675 (commit)
via eabf392d3ea8afbad5aa7d991ee67c9166d63f1e (commit)
via fe102a44a80086fb9738add0bbce785b2cba36df (commit)
via 2c8c93b102e291161ba48747cf2c3f6c4decbc1a (commit)
via 8e1b1e872a6a689ec92736f387410c564d78024e (commit)
via 89f3af846aed3431d5ff50df95f26eed970ab7e3 (commit)
via 7256e8dd788f58dc2618e093570c7b2b045eb280 (commit)
via bb92933e0fe930912a353727da1a345ee7972dde (commit)
from d73f4b89b7cc9866028203d8c00953cc0256db3c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 16b552803790c0f1b393b6f143b166429c51e9f2
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Aug 1 22:16:09 2011 +0200
detect premature termination of connection
commit 455a190128afa0c529f4d924889b4a1ee0a99607
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Aug 1 20:39:18 2011 +0200
the deprecated_config_file from 2.12.x was incorporated.
commit ce4693bffe4ecc38257a246c606327988150e675
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Aug 1 20:27:41 2011 +0200
documentation update
commit eabf392d3ea8afbad5aa7d991ee67c9166d63f1e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Aug 1 18:21:14 2011 +0200
added asserts.
commit fe102a44a80086fb9738add0bbce785b2cba36df
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Aug 1 18:08:11 2011 +0200
Refer to nettle alone and p11-kit.
commit 2c8c93b102e291161ba48747cf2c3f6c4decbc1a
Author: Stef Walter <address@hidden>
Date: Mon Aug 1 11:12:57 2011 +0200
Don't try to do PKCS#11 login if session is already logged in.
* It is possible for new PKCS#11 sessions to be logged in if
another logged in session already exists.
* In these cases, don't log in, but detect the condition and
return success.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
commit 8e1b1e872a6a689ec92736f387410c564d78024e
Author: Stef Walter <address@hidden>
Date: Mon Aug 1 11:11:01 2011 +0200
When finding private keys fail, return error code.
* Previously this would result in an endless loop.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
commit 89f3af846aed3431d5ff50df95f26eed970ab7e3
Author: Stef Walter <address@hidden>
Date: Mon Aug 1 09:45:44 2011 +0200
Mark the config argument of gnutls_pkcs11_init() as unused
* Since its no longer used.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
commit 7256e8dd788f58dc2618e093570c7b2b045eb280
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jul 31 21:11:49 2011 +0200
Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
gnutls_x509_crt_list_import.
It checks whether the list to be imported is properly sorted.
commit bb92933e0fe930912a353727da1a345ee7972dde
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Aug 2 21:44:20 2011 +0200
updated
-----------------------------------------------------------------------
Summary of changes:
NEWS | 9 +++-
README | 7 +--
README-alpha | 1 +
lib/gnutls_record.c | 2 +-
lib/gnutls_str.h | 1 +
lib/gnutls_x509.c | 4 +-
lib/includes/gnutls/gnutls.h.in | 4 +-
lib/includes/gnutls/pkcs11.h | 2 +-
lib/includes/gnutls/x509.h | 6 ++-
lib/pkcs11.c | 92 +++++++++++++++++++++++++--------------
lib/pkcs11_privkey.c | 9 ++--
lib/x509/x509.c | 62 ++++++++++++++++++++++++++
tests/x509cert.c | 36 +++++++++++----
13 files changed, 176 insertions(+), 59 deletions(-)
diff --git a/NEWS b/NEWS
index 6c694bb..639fb20 100644
--- a/NEWS
+++ b/NEWS
@@ -5,12 +5,19 @@ See the end for copying conditions.
* Version 3.0.1 (unreleased)
+** libgnutls: The config file at gnutls_pkcs11_init()
+is being read if provided.
+
** libgnutls: Verify that a certificate liste specified
using gnutls_certificate_set_x509_key*(), is sorted
according to TLS specification (from subject to issuer).
+** libgnutls: Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
+gnutls_x509_crt_list_import. It checks whether the list to be
+imported is properly sorted.
+
** API and ABI modifications:
-No changes since last version.
+GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: New element in
gnutls_certificate_import_flags
* Version 3.0.0 (released 2011-07-29)
diff --git a/README b/README
index 36c3f78..537f10f 100644
--- a/README
+++ b/README
@@ -34,16 +34,15 @@ and libgnutls-extra.a), the shared object (libgnutls.so and
libgnutls-extra.so), and additional binaries such as certtool and
gnutls-cli.
-The library depends on libnettle OR libgcrypt (but never both). GnuTLS
-currently uses libnettle as the default cryptographic library. Versions
+The library depends on libnettle and p11-kit. Versions
2.10.3 and prior used libgcrypt as the default cryptographic library.
Nettle can be found at http://www.gnu.org/software/nettle/, while
-libgcrypt can be found at <ftp://ftp.gnupg.org/pub/gcrypt/libgcrypt/>.
+p11-kit can be found at <http://p11-glue.freedesktop.org/p11-kit.html>.
To configure libnettle for installation and use by GnuTLS, a typical
command sequence would be:
- cd nettle-2.1
+ cd nettle-2.2
./configure --prefix=/usr --disable-openssl --enable-shared
make
sudo make install
diff --git a/README-alpha b/README-alpha
index 470f8fa..69e970d 100644
--- a/README-alpha
+++ b/README-alpha
@@ -26,6 +26,7 @@ We require several tools to build the software, including:
- Guile <http://www.gnu.org/software/guile/>
- Gaa <http://gaa.sf.net> (optional)
- libtasn1 <http://josefsson.org/libtasn1/> (optional)
+- p11-kit <http://p11-glue.freedesktop.org/p11-kit.html>
- datefudge <packages.debian.org/datefudge> (optional)
The required software is typically distributed with your operating
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 053e317..242f478 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -1108,7 +1108,7 @@ cleanup:
return ret;
recv_error:
- if (gnutls_error_is_fatal (ret) == 0)
+ if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
return ret;
if (IS_DTLS(session))
diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h
index 3fb2305..41f6425 100644
--- a/lib/gnutls_str.h
+++ b/lib/gnutls_str.h
@@ -97,6 +97,7 @@ int _gnutls_hex2bin (const opaque * hex_data, int hex_size,
opaque * bin_data,
int _gnutls_hostname_compare (const char *certname, size_t certnamesize,
const char *hostname, int level);
#define MAX_CN 256
+#define MAX_DN 1024
#define BUFFER_APPEND(b, x, s) { \
ret = _gnutls_buffer_append_data(b, x, s); \
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index fd3537b..1ec822c 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -795,8 +795,8 @@ gnutls_certificate_set_x509_key_mem
(gnutls_certificate_credentials_t res,
static int check_if_sorted(gnutls_pcert_st * crt, int nr)
{
gnutls_x509_crt_t x509;
-char prev_dn[MAX_CN];
-char dn[MAX_CN];
+char prev_dn[MAX_DN];
+char dn[MAX_DN];
size_t prev_dn_size, dn_size;
int i, ret;
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 5220ab8..02bc4dd 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -2,7 +2,7 @@
* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
* 2009, 2010, 2011 Free Software Foundation, Inc.
*
- * Author: Nikos Mavroyanopoulos
+ * Author: Nikos Mavrogiannopoulos
*
* This file is part of GnuTLS.
*
@@ -399,7 +399,7 @@ extern "C"
* @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
* @GNUTLS_HANDSHAKE_FINISHED: Finished.
* @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
- * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spe.ec
+ * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec
* @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
*
* Enumeration of different TLS handshake packets.
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index ca893b9..5f4d3c5 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -57,7 +57,7 @@ typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
* load = /lib/yyy-pkcs11.so
*/
-int gnutls_pkcs11_init (unsigned int flags, const char *configfile);
+int gnutls_pkcs11_init (unsigned int flags, const char
*deprecated_config_file);
void gnutls_pkcs11_deinit (void);
void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
void *userdata);
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index f6bfdd8..09d2609 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -92,12 +92,16 @@ extern "C"
* @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the
* certificates in the buffer are more than the space allocated for
* certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER.
+ * @GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: Fail if the certificates
+ * in the buffer are not ordered starting from subject to issuer.
+ * The error code will be %GNUTLS_E_CERTIFICATE_LIST_UNSORTED.
*
* Enumeration of different certificate import flags.
*/
typedef enum gnutls_certificate_import_flags
{
- GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1,
+ GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2
} gnutls_certificate_import_flags;
int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index a444417..47b1af2 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -418,13 +418,15 @@ static int init = 0;
/* tries to load modules from /etc/gnutls/pkcs11.conf if it exists
*/
-static void _pkcs11_compat_init(void)
+static void _pkcs11_compat_init(const char* configfile)
{
FILE *fp;
int ret;
char line[512];
const char *library;
-const char* configfile = "/etc/gnutls/pkcs11.conf";
+
+ if (configfile == NULL)
+ configfile = "/etc/gnutls/pkcs11.conf";
fp = fopen (configfile, "r");
if (fp == NULL)
@@ -462,13 +464,49 @@ const char* configfile = "/etc/gnutls/pkcs11.conf";
return;
}
+static int
+initialize_automatic_p11_kit (void)
+{
+ struct ck_function_list **modules;
+ const char *name;
+ ck_rv_t rv;
+ int i, ret;
+
+ rv = p11_kit_initialize_registered ();
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Cannot initialize registered module: %s\n",
+ p11_kit_strerror (rv));
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ initialized_registered = 1;
+
+ modules = p11_kit_registered_modules ();
+ for (i = 0; modules[i] != NULL; i++)
+ {
+ name = p11_kit_registered_module_to_name (modules[i]);
+ ret = pkcs11_add_module (name, modules[i]);
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Cannot add registered module: %s\n", name);
+ }
+ }
+
+ free (modules);
+ return 0;
+}
+
/**
* gnutls_pkcs11_init:
* @flags: %GNUTLS_PKCS11_FLAG_MANUAL or %GNUTLS_PKCS11_FLAG_AUTO
- * @configfile: either NULL or the location of a configuration file
+ * @deprecated_config_file: either NULL or the location of a deprecated
+ * configuration file
*
* This function will initialize the PKCS 11 subsystem in gnutls. It will
- * read a configuration file if %GNUTLS_PKCS11_FLAG_AUTO is used or allow
+ * read configuration files if %GNUTLS_PKCS11_FLAG_AUTO is used or allow
* you to independently load PKCS 11 modules using gnutls_pkcs11_add_provider()
* if %GNUTLS_PKCS11_FLAG_MANUAL is specified.
*
@@ -480,12 +518,9 @@ const char* configfile = "/etc/gnutls/pkcs11.conf";
* negative error value.
**/
int
-gnutls_pkcs11_init (unsigned int flags, const char *configfile)
+gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file)
{
- struct ck_function_list **modules;
- const char *name;
- ck_rv_t rv;
- int i, ret;
+ int ret = 0;
if (init != 0)
{
@@ -498,33 +533,14 @@ gnutls_pkcs11_init (unsigned int flags, const char
*configfile)
return 0;
else if (flags == GNUTLS_PKCS11_FLAG_AUTO)
{
- rv = p11_kit_initialize_registered ();
- if (rv != CKR_OK)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot initialize registered module: %s\n",
- p11_kit_strerror (rv));
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ if (deprecated_config_file == NULL)
+ ret = initialize_automatic_p11_kit ();
- initialized_registered = 1;
+ _pkcs11_compat_init(deprecated_config_file);
- modules = p11_kit_registered_modules ();
- for (i = 0; modules[i] != NULL; i++)
- {
- name = p11_kit_registered_module_to_name (modules[i]);
- ret = pkcs11_add_module (name, modules[i]);
- if (ret != 0)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Cannot add registered module: %s\n", name);
- }
- }
- free (modules);
-
- _pkcs11_compat_init();
+ return ret;
}
-
+
return 0;
}
@@ -1857,6 +1873,7 @@ int
pkcs11_login (struct ck_function_list * module, ck_session_handle_t pks,
const struct token_info *tokinfo, struct p11_kit_uri *info, int
so)
{
+ struct ck_session_info session_info;
int attempt = 0, ret;
ck_user_type_t user_type;
ck_rv_t rv;
@@ -1895,6 +1912,15 @@ pkcs11_login (struct ck_function_list * module,
ck_session_handle_t pks,
memcpy (&tinfo, &tokinfo->tinfo, sizeof(tinfo));
+ /* Check whether the session is already logged in, and if so, just skip
*/
+ rv = (module)->C_GetSessionInfo (pks, &session_info);
+ if (rv == CKR_OK && (session_info.state == CKS_RO_USER_FUNCTIONS ||
+ session_info.state == CKS_RW_USER_FUNCTIONS))
+ {
+ ret = 0;
+ goto cleanup;
+ }
+
/* If login has been attempted once already, check the token
* status again, the flags might change. */
if (attempt)
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index e1eea0f..d19732c 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -135,10 +135,11 @@ gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t
pkey,
rret = pkcs11_call_token_func (key->info,
retries++); \
if (rret == 0) continue; \
} \
- gnutls_assert(); \
- return ret; \
- } \
- } while (ret < 0);
+ return gnutls_assert_val(ret); \
+ } else if (ret < 0) { \
+ return gnutls_assert_val(ret); \
+ } \
+ } while (0);
/*-
* _gnutls_pkcs11_privkey_sign_hash:
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 692b314..3e1ef99 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3075,6 +3075,52 @@ int ret;
return 0;
}
+static int check_if_sorted(gnutls_x509_crt_t * crt, int nr)
+{
+char prev_dn[MAX_DN];
+char dn[MAX_DN];
+size_t prev_dn_size, dn_size;
+int i, ret;
+
+ /* check if the X.509 list is ordered */
+ if (nr > 1)
+ {
+
+ for (i=0;i<nr;i++)
+ {
+ if (i>0)
+ {
+ dn_size = sizeof(dn);
+ ret = gnutls_x509_crt_get_dn(crt[i], dn, &dn_size);
+ if (ret < 0)
+ {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+
+ if (dn_size != prev_dn_size || memcmp(dn, prev_dn, dn_size) != 0)
+ {
+ ret = gnutls_assert_val(GNUTLS_E_CERTIFICATE_LIST_UNSORTED);
+ goto cleanup;
+ }
+ }
+
+ prev_dn_size = sizeof(prev_dn);
+ ret = gnutls_x509_crt_get_issuer_dn(crt[i], prev_dn, &prev_dn_size);
+ if (ret < 0)
+ {
+ ret = gnutls_assert_val(ret);
+ goto cleanup;
+ }
+ }
+ }
+
+ ret = 0;
+
+cleanup:
+ return ret;
+}
+
/**
* gnutls_x509_crt_list_import:
@@ -3088,6 +3134,12 @@ int ret;
* to the native gnutls_x509_crt_t format. The output will be stored
* in @certs. They will be automatically initialized.
*
+ * The flag %GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED will cause
+ * import to fail if the certificates in the provided buffer are more
+ * than the available structures. The %GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED
+ * flag will cause the function to fail if the provided list is not
+ * sorted from subject to issuer.
+ *
* If the Certificate is PEM encoded it should have a header of "X509
* CERTIFICATE", or "CERTIFICATE".
*
@@ -3207,6 +3259,16 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
*cert_max = count;
+ if (flags & GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED)
+ {
+ ret = check_if_sorted(certs, *cert_max);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto error;
+ }
+ }
+
if (nocopy == 0)
return count;
else
diff --git a/tests/x509cert.c b/tests/x509cert.c
index 6007b95..2b7c8e8 100644
--- a/tests/x509cert.c
+++ b/tests/x509cert.c
@@ -80,7 +80,19 @@ static unsigned char cert_pem[] =
"+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n"
"jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n"
"U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
- "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n";
+ "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n"
+ "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n"
+ "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n"
+ "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n"
+ "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n"
+ "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n"
+ "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n"
+ "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n"
+ "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n"
+ "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t cert = { cert_pem, sizeof (cert_pem) };
static unsigned char key_pem[] =
@@ -142,15 +154,17 @@ const gnutls_datum_t server_key = { server_key_pem,
sizeof (server_key_pem)
};
-
+#define LIST_SIZE 3
void
doit (void)
{
gnutls_certificate_credentials_t x509_cred;
- int ret;
- gnutls_x509_crt_t crt, issuer;
+ int ret, i;
+ gnutls_x509_crt_t issuer;
+ gnutls_x509_crt_t list[LIST_SIZE];
char dn[128];
size_t dn_size;
+ unsigned int list_size;
/* this must be called once in the program
*/
@@ -167,12 +181,13 @@ doit (void)
GNUTLS_X509_FMT_PEM);
/* test for gnutls_certificate_get_issuer() */
- gnutls_x509_crt_init(&crt);
- ret = gnutls_x509_crt_import(crt, &cert, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- fail("gnutls_x509_crt_import");
- ret = gnutls_certificate_get_issuer(x509_cred, crt, &issuer, 0);
+ list_size = LIST_SIZE;
+ ret = gnutls_x509_crt_list_import(list, &list_size, &cert,
GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED);
+ if (ret < 0)
+ fail("gnutls_x509_crt_list_import");
+
+ ret = gnutls_certificate_get_issuer(x509_cred, list[0], &issuer, 0);
if (ret < 0)
fail("gnutls_certificate_get_isser");
@@ -182,7 +197,8 @@ doit (void)
fail("gnutls_certificate_get_isser");
fprintf(stderr, "Issuer's DN: %s\n", dn);
- gnutls_x509_crt_deinit(crt);
+ for (i=0;i<list_size;i++)
+ gnutls_x509_crt_deinit(list[i]);
gnutls_certificate_free_credentials(x509_cred);
success("success");
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-14-g16b5528,
Nikos Mavrogiannopoulos <=