[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-26-g0ad7654
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-26-g0ad7654 |
|
Date: |
Mon, 09 Jan 2012 23:46:12 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=0ad7654f3b06d4ef2810a46289d032e6cd1509b0
The branch, master has been updated
via 0ad7654f3b06d4ef2810a46289d032e6cd1509b0 (commit)
via 009593680ab18c42bc6b80766285ddacde10c01a (commit)
from aea85eb5bf997f03c896b01b3839f6eb33ae41e6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0ad7654f3b06d4ef2810a46289d032e6cd1509b0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Jan 10 00:49:27 2012 +0100
gnutls_x509_dn_oid_name() was extended with a flags option that accepts
currently GNUTLS_X509_DN_OID_RETURN_OID or 0.
commit 009593680ab18c42bc6b80766285ddacde10c01a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Jan 10 00:38:54 2012 +0100
Added discussion of distinguished names.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-bib.texi | 5 +++++
doc/cha-cert-auth.texi | 29 +++++++++++++++++++++++++++++
doc/latex/gnutls.bib | 9 +++++++++
lib/includes/gnutls/compat.h | 2 +-
lib/includes/gnutls/x509.h | 3 ++-
lib/x509/common.c | 11 ++++++++---
lib/x509/crl.c | 8 ++++----
lib/x509/dn.c | 24 ++++--------------------
lib/x509/x509.c | 16 ++++++++--------
9 files changed, 70 insertions(+), 37 deletions(-)
diff --git a/doc/cha-bib.texi b/doc/cha-bib.texi
index b9791df..40848db 100644
--- a/doc/cha-bib.texi
+++ b/doc/cha-bib.texi
@@ -27,6 +27,11 @@ Tim Dierks and Christopher Allen, "The TLS Protocol Version
1.0",
January 1999, Available from
@url{http://www.ietf.org/rfc/rfc2246.txt}.
address@hidden @anchor{RFC4514}[RFC4514]
+Kurt D. Zeilenga, "Lightweight Directory Access Protocol (LDAP): String
Representation of Distinguished Names",
+June 2006, Available from
address@hidden://www.ietf.org/rfc/rfc4513.txt}.
+
@item @anchor{RFC4346}[RFC4346]
Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match
2006, Available from @url{http://www.ietf.org/rfc/rfc4346.txt}.
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 03748bc..8dcb6e9 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -35,6 +35,7 @@ acceptable. The framework is illustrated on @ref{fig:x509}.
@menu
* X.509 certificate structure::
+* X.509 distinguished names::
* Verifying X.509 certificate paths::
* Verifying a certificate in the context of TLS session::
@end menu
@@ -143,6 +144,34 @@ their prototypes in @file{gnutls/x509.h}. An example
program to
demonstrate the @acronym{X.509} parsing capabilities can be found at
@ref{ex:x509-info}.
address@hidden X.509 distinguished names
address@hidden X.509 distinguished names
address@hidden X.509 distinguished name
+
+The ``subject'' of an X.509 certificate is not described by
+a single name, but rather with a distinguished name. This in
+X.509 terminology is a list of strings each associated an object
+identifier. To make things simple GnuTLS provides
@funcref{gnutls_x509_crt_get_dn}
+which follows the rules in @xcite{RFC4514} and returns a single
+string. Access to each string by individual object identifiers
+can be accessed using @funcref{gnutls_x509_crt_get_dn_by_oid}.
+
address@hidden
address@hidden
address@hidden
+
+The more powerful @funcref{gnutls_x509_crt_get_subject} and
address@hidden provide efficient access
+to the contents of the distinguished name structure.
+
address@hidden
address@hidden
+
+Similar functions exist to access the distinguished name
+of the issuer of the certificate.
+
address@hidden,gnutls_x509_crt_get_issuer_dn_by_oid,gnutls_x509_crt_get_issuer_dn_oid,gnutls_x509_crt_get_issuer}
+
@node Verifying X.509 certificate paths
@subsection Verifying @acronym{X.509} certificate paths
@cindex verifying certificate paths
diff --git a/doc/latex/gnutls.bib b/doc/latex/gnutls.bib
index a0c9f63..1eac296 100644
--- a/doc/latex/gnutls.bib
+++ b/doc/latex/gnutls.bib
@@ -7,6 +7,15 @@
url = "http://www.ietf.org/rfc/rfc2246.txt";
}
address@hidden RFC4514,
+ author = "Kurt D. Zeilenga",
+ title = "{Lightweight Directory Access Protocol (LDAP): String
Representation of Distinguished Names}",
+ month = "June",
+ year = "2006",
+ note = "Available from \url{http://www.ietf.org/rfc/rfc4514.txt}";,
+ url = "http://www.ietf.org/rfc/rfc4514.txt";
+}
+
@misc{RFC3820,
author="Steven Tuecke and Von Welch and Doug Engert and Laura Pearlman and
Mary Thompson",
title="Internet {X.509} Public Key Infrastructure {(PKI)} Proxy Certificate
Profile",
diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index d18424b..58d55ef 100644
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -192,7 +192,7 @@ void
func) _GNUTLS_GCC_ATTR_DEPRECATED;
/* External signing callback. No longer supported because it
- * was deprecated by the PKCS #11 API and gnutls_privkey_t. */
+ * was deprecated by the PKCS #11 API or gnutls_privkey_import_ext. */
typedef int (*gnutls_sign_func) (gnutls_session_t session,
void *userdata,
gnutls_certificate_type_t cert_type,
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index e34f372..5b20bef 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -295,7 +295,8 @@ extern "C"
int gnutls_x509_dn_oid_known (const char *oid);
- const char* gnutls_x509_dn_oid_name (const char *oid);
+#define GNUTLS_X509_DN_OID_RETURN_OID 1
+ const char* gnutls_x509_dn_oid_name (const char *oid, unsigned int flags);
/* Read extensions by OID. */
int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
diff --git a/lib/x509/common.c b/lib/x509/common.c
index ce84d37..0bed0e7 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -174,15 +174,19 @@ _gnutls_x509_oid_data_choice (const char *oid)
/**
* gnutls_x509_dn_oid_name:
* @oid: holds an Object Identifier in a null terminated string
+ * @flags: 0 or %GNUTLS_X509_DN_OID_*
*
- * This function will return the name of a known DN OID.
+ * This function will return the name of a known DN OID. If
+ * %GNUTLS_X509_DN_OID_RETURN_OID is specified this function
+ * will return the given OID if no descriptive name has been
+ * found.
*
* Returns: A null terminated string or NULL otherwise.
*
* Since: 3.0.0
**/
const char*
-gnutls_x509_dn_oid_name (const char *oid)
+gnutls_x509_dn_oid_name (const char *oid, unsigned int flags)
{
int i = 0;
@@ -194,7 +198,8 @@ gnutls_x509_dn_oid_name (const char *oid)
}
while (_oid2str[i].oid != NULL);
- return NULL;
+ if (flags & GNUTLS_X509_DN_OID_RETURN_OID) return oid;
+ else return NULL;
}
const char *
diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index d8056d3..895addd 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -168,7 +168,7 @@ cleanup:
*
* This function will copy the name of the CRL issuer in the provided
* buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
- * described in RFC2253. The output string will be ASCII or UTF-8
+ * described in RFC4514. The output string will be ASCII or UTF-8
* encoded, depending on the certificate data.
*
* If buf is %NULL then only the size will be filled.
@@ -204,13 +204,13 @@ gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t
crl, char *buf,
*
* This function will extract the part of the name of the CRL issuer
* specified by the given OID. The output will be encoded as described
- * in RFC2253. The output string will be ASCII or UTF-8 encoded,
+ * in RFC4514. The output string will be ASCII or UTF-8 encoded,
* depending on the certificate data.
*
* Some helper macros with popular OIDs can be found in gnutls/x509.h
* If raw flag is (0), this function will only return known OIDs as
- * text. Other OIDs will be DER encoded, as described in RFC2253 -- in
- * hex format with a '\#' prefix. You can check about known OIDs
+ * text. Other OIDs will be DER encoded, as described in RFC4514 -- in
+ * hex format with a '#' prefix. You can check about known OIDs
* using gnutls_x509_dn_oid_known().
*
* If buf is null then only the size will be filled.
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index fd9052e..bf349c9 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -34,23 +34,7 @@
* Name (you need a parser just to read a name in the X.509 protoocols!!!)
*/
-/* Converts the given OID to an ldap acceptable string or
- * a dotted OID.
- */
-static const char *
-oid2ldap_string (const char *oid)
-{
- const char *ret;
-
- ret = gnutls_x509_dn_oid_name (oid);
- if (ret)
- return ret;
-
- /* else return the OID in dotted format */
- return oid;
-}
-
-/* Escapes a string following the rules from RFC2253.
+/* Escapes a string following the rules from RFC4514.
*/
static char *
str_escape (char *str, char *buffer, unsigned int buffer_size)
@@ -236,7 +220,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
}
}
- ldap_desc = oid2ldap_string (oid);
+ ldap_desc = gnutls_x509_dn_oid_name (oid,
GNUTLS_X509_DN_OID_RETURN_OID);
printable = _gnutls_x509_oid_data_printable (oid);
/* leading #, hex encoded value and terminating NULL */
@@ -1030,7 +1014,7 @@ gnutls_x509_dn_deinit (gnutls_x509_dn_t dn)
*
* This function will return the name of the given RDN sequence. The
* name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in
- * RFC2253.
+ * RFC4514.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or
* %GNUTLS_E_SHORT_MEMORY_BUFFER is returned and address@hidden is
@@ -1090,7 +1074,7 @@ gnutls_x509_rdn_get (const gnutls_datum_t * idn,
*
* This function will return the name of the given Object identifier,
* of the RDN sequence. The name will be encoded using the rules
- * from RFC2253.
+ * from RFC4514.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or
* %GNUTLS_E_SHORT_MEMORY_BUFFER is returned and address@hidden is
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 9ed1764..0d61c1a 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -254,7 +254,7 @@ cleanup:
*
* This function will copy the name of the Certificate issuer in the
* provided buffer. The name will be in the form
- * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
+ * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC4514. The output string
* will be ASCII or UTF-8 encoded, depending on the certificate data.
*
* If @buf is null then only the size will be filled.
@@ -289,13 +289,13 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert,
char *buf,
*
* This function will extract the part of the name of the Certificate
* issuer specified by the given OID. The output, if the raw flag is not
- * used, will be encoded as described in RFC2253. Thus a string that is
+ * used, will be encoded as described in RFC4514. Thus a string that is
* ASCII or UTF-8 encoded, depending on the certificate data.
*
* Some helper macros with popular OIDs can be found in gnutls/x509.h
* If raw flag is (0), this function will only return known OIDs as
- * text. Other OIDs will be DER encoded, as described in RFC2253 --
- * in hex format with a '\#' prefix. You can check about known OIDs
+ * text. Other OIDs will be DER encoded, as described in RFC4514 --
+ * in hex format with a '#' prefix. You can check about known OIDs
* using gnutls_x509_dn_oid_known().
*
* If @buf is null then only the size will be filled. If the @raw_flag
@@ -364,7 +364,7 @@ gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
*
* This function will copy the name of the Certificate in the provided
* buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
- * described in RFC2253. The output string will be ASCII or UTF-8
+ * described in RFC4514. The output string will be ASCII or UTF-8
* encoded, depending on the certificate data.
*
* If @buf is null then only the size will be filled.
@@ -399,13 +399,13 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
*
* This function will extract the part of the name of the Certificate
* subject specified by the given OID. The output, if the raw flag is
- * not used, will be encoded as described in RFC2253. Thus a string
+ * not used, will be encoded as described in RFC4514. Thus a string
* that is ASCII or UTF-8 encoded, depending on the certificate data.
*
* Some helper macros with popular OIDs can be found in gnutls/x509.h
* If raw flag is (0), this function will only return known OIDs as
- * text. Other OIDs will be DER encoded, as described in RFC2253 --
- * in hex format with a '\#' prefix. You can check about known OIDs
+ * text. Other OIDs will be DER encoded, as described in RFC4514 --
+ * in hex format with a '#' prefix. You can check about known OIDs
* using gnutls_x509_dn_oid_known().
*
* If @buf is null then only the size will be filled. If the @raw_flag
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-26-g0ad7654,
Nikos Mavrogiannopoulos <=