[PATCH] add gnutls_certificate_find

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] add gnutls_certificate_find_issuer

From:	Joe Orton
Subject:	[PATCH] add gnutls_certificate_find_issuer
Date:	Fri, 15 Feb 2008 10:21:50 +0000
User-agent:	Mutt/1.5.17 (2007-11-01)

This patch adds a function which finds the issuer of a given certificate 
within a credentials structure.  This is useful so that clients can 
easily recreate the complete server cert chain given only the single 
cert returned by the peer.

(e.g. in the case where gnutls_certificate_set_x509_trust_file() is 
used, the client doesn't have the individual issuer cert structures to 
compare against directly.)

This and the previously submitted patch allow the two remaining failures 
in neon's SSL test suite to be fixed :)

diff -up ./includes/gnutls/gnutls.h.findissuer ./includes/gnutls/gnutls.h
--- ./includes/gnutls/gnutls.h.findissuer       2008-02-15 10:06:48.000000000 
+0000
+++ ./includes/gnutls/gnutls.h  2008-02-15 09:39:56.000000000 +0000
@@ -717,6 +717,10 @@ extern "C"
                                       gnutls_x509_crl_t * crl_list,
                                       int crl_list_size);
 
+    gnutls_x509_crt_t 
+    gnutls_certificate_find_issuer (gnutls_certificate_credentials_t cred,
+                                    gnutls_x509_crt_t crt);
+
 /* global state functions
  */
   int gnutls_global_init (void);
diff -up ./lib/gnutls_cert.c.findissuer ./lib/gnutls_cert.c
--- ./lib/gnutls_cert.c.findissuer      2007-12-17 11:12:04.000000000 +0000
+++ ./lib/gnutls_cert.c 2008-02-15 10:09:04.000000000 +0000
@@ -593,6 +593,31 @@ gnutls_certificate_verify_peers (gnutls_
 }
 
 /**
+  * gnutls_certificate_find_issuer - This function finds an issuer certificate
+  * @sc: is an #gnutls_certificate_credentials_t structure.
+  * @cert: should contain a #gnutls_x509_crt_t structure
+  *
+  * This function returns the issuer certificate of @cert, if it can
+  * be found in the listed of trusted X.509 certificates in @cred.
+  * If no issuer is found, then NULL is returned.
+  *
+  **/
+gnutls_x509_crt_t 
+gnutls_certificate_find_issuer (gnutls_certificate_credentials_t cred,
+                                gnutls_x509_crt_t cert)
+{
+  unsigned n;
+  
+  for (n = 0; n < cred->x509_ncas; n++) 
+    {
+      if (gnutls_x509_crt_check_issuer (crt, cred->x509_ca_list[n]) == 1)
+        return cred->x509_ca_list[n];
+    }
+  
+  return NULL;
+}
+
+/**
   * gnutls_certificate_expiration_time_peers - This function returns the 
peer's certificate expiration time
   * @session: is a gnutls session
   *

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] add gnutls_certificate_find_issuer, Joe Orton <=
- Re: [PATCH] add gnutls_certificate_find_issuer, Joe Orton, 2008/02/19
  - Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/19
    - Re: [PATCH] add gnutls_certificate_find_issuer, Joe Orton, 2008/02/19
    - Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/20
    - Re: [PATCH] add gnutls_certificate_find_issuer, Joe Orton, 2008/02/20
    - Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/20
    - Re: [PATCH] add gnutls_certificate_find_issuer, Simon Josefsson, 2008/02/21
    - Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/21
    - Re: [PATCH] add gnutls_certificate_find_issuer, Simon Josefsson, 2008/02/21

Prev by Date: [PATCH] add DN import function
Next by Date: gnutls-serv doesn't work with popular web browsers
Previous by thread: [PATCH] add DN import function
Next by thread: Re: [PATCH] add gnutls_certificate_find_issuer
Index(es):
- Date
- Thread