[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch updated: New function gnutls_x509_crq_get_key_id

From: Simon Josefsson
Subject: Re: Patch updated: New function gnutls_x509_crq_get_key_id
Date: Thu, 11 Dec 2008 09:02:37 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux)

Simon Josefsson <address@hidden> writes:

> "David Marín Carreño" <address@hidden> writes:
>> +  if (pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
>> +    {
>> +      /* This is for compatibility with what GnuTLS has printed for
>> +         RSA/DSA before the code below was added.  The code below is
>> +         applicable to all types, and it would probably be a better
>> +         idea to use it for RSA/DSA too, but doing so would break
>> +         backwards compatibility.  */
>> +      return rsadsa_crq_get_key_id (crq, pk, output_data, output_data_size);
>> +    }
> Is there a particular reason you need this?  The function you copied
> this code from needed it for backwards compatibility reasons, but there
> are no such considerations for a new function.
> I would consider removing the code quoted above, and the entire
> rsadsa_crq_get_key_id function.  What do you think?

Never mind, that would make the key id for a certificate request be
different from the key id for the certificate with the same public key,
which seems like a bad idea...

Btw, I've made 'certtool --crq-info' print the public key id using your
new function.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]