[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-23-g598d
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-23-g598d454 |
|
Date: |
Wed, 23 May 2012 22:18:43 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=598d454cf236721b872a5daf74673e8d61d2be50
The branch, gnutls_3_0_x-2 has been updated
via 598d454cf236721b872a5daf74673e8d61d2be50 (commit)
via ed04727e480a4204a465325d607689bf67918690 (commit)
via 5196786c494cd8378adb26d7d6692260d1f7a0ab (commit)
from 01524ab20afe877304a23bd812ab66fb8acf06b7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 598d454cf236721b872a5daf74673e8d61d2be50
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu May 24 00:17:08 2012 +0200
no need for netinet/ip.h
commit ed04727e480a4204a465325d607689bf67918690
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed May 23 21:11:26 2012 +0200
no need for default_ca_file
commit 5196786c494cd8378adb26d7d6692260d1f7a0ab
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed May 23 20:58:11 2012 +0200
When checking for an issuer check for a match in the key identifiers.
-----------------------------------------------------------------------
Summary of changes:
lib/x509/verify.c | 40 ++++++++++++++++++++++++++++++++++++----
src/cli.c | 2 --
src/common.h | 1 -
3 files changed, 36 insertions(+), 7 deletions(-)
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 23bdcf7..0133e88 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -218,9 +218,12 @@ cleanup:
static int
is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer_cert)
{
- gnutls_datum_t dn1 = { NULL, 0 }, dn2 =
- {
- NULL, 0};
+ gnutls_datum_t dn1 = { NULL, 0 },
+ dn2 = { NULL, 0};
+ uint8_t id1[512];
+ uint8_t id2[512];
+ size_t id1_size;
+ size_t id2_size;
int ret;
ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn1);
@@ -238,6 +241,34 @@ is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t
issuer_cert)
}
ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
+
+ if (ret != 0)
+ {
+ /* check if the authority key identifier matches the subject key
identifier
+ * of the isser */
+ id1_size = sizeof(id1);
+
+ ret = gnutls_x509_crt_get_authority_key_id(cert, id1, &id1_size, NULL);
+ if (ret < 0)
+ {
+ ret = 1;
+ goto cleanup;
+ }
+
+ id2_size = sizeof(id2);
+ ret = gnutls_x509_crt_get_subject_key_id(issuer_cert, id2, &id2_size,
NULL);
+ if (ret < 0)
+ {
+ ret = 1;
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if (id1_size == id2_size && memcmp(id1, id2, id1_size) == 0)
+ ret = 1;
+ else
+ ret = 0;
+ }
cleanup:
_gnutls_free_datum (&dn1);
@@ -525,7 +556,8 @@ cleanup:
* @issuer: is the certificate of a possible issuer
*
* This function will check if the given certificate was issued by the
- * given issuer.
+ * given issuer. It checks the DN fields and the authority
+ * key identifier and subject key identifier fields match.
*
* Returns: It will return true (1) if the given certificate is issued
* by the given issuer, and false (0) if not. A negative error code is
diff --git a/src/cli.c b/src/cli.c
index b5363a7..b9368dc 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -73,8 +73,6 @@ int crlf;
unsigned int verbose = 0;
int print_cert;
-#define DEFAULT_CA_FILE "/etc/ssl/certs/ca-certificates.crt"
-
const char *srp_passwd = NULL;
const char *srp_username = NULL;
const char *pgp_keyfile = NULL;
diff --git a/src/common.h b/src/common.h
index 0495bdb..09f1933 100644
--- a/src/common.h
+++ b/src/common.h
@@ -28,7 +28,6 @@
#include <unistd.h>
#ifndef _WIN32
# include <netinet/in.h>
-# include <netinet/ip.h>
#endif
#include <signal.h>
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-23-g598d454,
Nikos Mavrogiannopoulos <=