[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "known in advance" public key authentication?
From: |
Ivan Shmakov |
Subject: |
Re: "known in advance" public key authentication? |
Date: |
Wed, 14 Nov 2012 03:01:31 +0700 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) |
>>>>> Nikos Mavrogiannopoulos <address@hidden> writes:
[…]
> You'll have to sign it using gnutls_x509_crt_privkey_sign (). It is
> better the check the certtool source for other possible options.
ACK, thanks.
So, I've ended up with the code MIME'd. Then, however,
gnutls_handshake () fails with GNUTLS_E_PK_SIG_VERIFY_FAILED.
Do I understand it correctly that such an error points to some
bug in the certificate signing part?
--
FSF associate member #7257 np. emphutured.mod
gnutls_x509_crt_t crt;
{
/* craft a dummy certificate */
int ra
= gnutls_x509_crt_init (&crt);
assert (ra == 0);
int rb
= gnutls_x509_crt_set_key (crt, priv);
assert (rb == 0);
/* NB: doesn't accept empty strings */
int rc
= gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
0, "Foo!", 4);
assert (rc == 0);
char ser[]
= { 0, 0x0f, 0x00 };
int rd
= gnutls_x509_crt_set_serial (crt, ser, sizeof (ser));
assert (rd == 0);
int re
= gnutls_x509_crt_set_pubkey (crt, pubk);
assert (re == 0);
int rf
= gnutls_x509_crt_set_activation_time (crt, 0);
assert (rf == 0);
int rg
= gnutls_x509_crt_set_expiration_time (crt, 0x7fffffff);
assert (rg == 0);
}
{
/* self-sign the certificate */
gnutls_privkey_t pkey;
int ra
= gnutls_privkey_init (&pkey);
assert (ra == 0);
int rb
= gnutls_privkey_import_x509 (pkey, priv, 0);
assert (rb == 0);
int rc
= gnutls_x509_crt_privkey_sign (crt, crt, pkey,
GNUTLS_DIG_SHA256, 0);
assert (rc == 0);
gnutls_privkey_deinit (pkey);
}
- "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
- Re: "known in advance" public key authentication?, Graham Murray, 2012/11/07
- Re: "known in advance" public key authentication?, Daniel Kahn Gillmor, 2012/11/07
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
- Re: "known in advance" public key authentication?, Daniel Kahn Gillmor, 2012/11/07
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/07
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/11
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/13
- Re: "known in advance" public key authentication?,
Ivan Shmakov <=
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/14
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/19
Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
Re: "known in advance" public key authentication?, Ilari Liusvaara, 2012/11/07
Re: "known in advance" public key authentication?, Florian Weimer, 2012/11/07
Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07