[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] nsm 01/02: (gnutls_certificate_details): Return the public
|
From: |
Lars Ingebrigtsen |
|
Subject: |
[Emacs-diffs] nsm 01/02: (gnutls_certificate_details): Return the public key fingerprint |
|
Date: |
Wed, 19 Nov 2014 14:16:06 +0000 |
branch: nsm
commit 6857d210ef3422c98249c3cdcf28b2e01522a82e
Author: Lars Magne Ingebrigtsen <address@hidden>
Date: Wed Nov 19 15:11:17 2014 +0100
(gnutls_certificate_details): Return the public key fingerprint
* gnutls.c (gnutls_certificate_details): Also return the public
key fingerprint.
(Fgnutls_peer_status): Don't return the certificate fingerprint.
---
src/ChangeLog | 6 +++++
src/gnutls.c | 60 ++++++++++++++++++++++++++++++++++----------------------
2 files changed, 42 insertions(+), 24 deletions(-)
diff --git a/src/ChangeLog b/src/ChangeLog
index 7245205..407fa07 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2014-11-19 Lars Magne Ingebrigtsen <address@hidden>
+
+ * gnutls.c (gnutls_certificate_details): Also return the public
+ key fingerprint.
+ (Fgnutls_peer_status): Don't return the certificate fingerprint.
+
2014-11-18 Lars Magne Ingebrigtsen <address@hidden>
* gnutls.c (Fgnutls_peer_status): SIGNER_NOT_FOUND probably means
diff --git a/src/gnutls.c b/src/gnutls.c
index 2286afb..b7f396c 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -867,6 +867,40 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
}
}
+ /* Public key ID. */
+ {
+ size_t buf_size = 0;
+
+ err = gnutls_x509_crt_get_key_id (cert, 0, NULL, &buf_size);
+ if (err == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ unsigned char *buf = malloc (buf_size);
+ err = gnutls_x509_crt_get_key_id (cert, 0, buf, &buf_size);
+ if (err >= GNUTLS_E_SUCCESS)
+ res = nconc2 (res, list2 (intern (":public-key-id"),
+ gnutls_hex_string ((char *)buf,
+ buf_size, "sha1:")));
+ free (buf);
+ }
+ }
+
+ /* Public key ID. */
+ {
+ size_t buf_size = 0;
+
+ err = fn_gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
+ NULL, &buf_size);
+ if (err == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ unsigned char *buf = malloc (buf_size);
+ err = fn_gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
+ buf, &buf_size);
+ if (err >= GNUTLS_E_SUCCESS)
+ res = nconc2 (res, list2 (intern (":certificate-id"),
+ gnutls_hex_string ((char *)buf,
+ buf_size, "sha1:")));
+ free (buf);
+ }
+ }
+
return res;
}
@@ -875,10 +909,7 @@ DEFUN ("gnutls-peer-status", Fgnutls_peer_status,
Sgnutls_peer_status, 1, 1, 0,
The return value is a property list. */)
(Lisp_Object proc)
{
- int ret;
- char *buffer;
- size_t size = 0;
- Lisp_Object hash, warnings = Qnil, result = Qnil;
+ Lisp_Object warnings = Qnil, result = Qnil;
unsigned int verification;
CHECK_PROCESS (proc);
@@ -886,23 +917,6 @@ The return value is a property list. */)
if (XPROCESS (proc)->gnutls_p == 0)
return Qnil;
- /* First get the fingerprint of the certificate. */
- ret = fn_gnutls_x509_crt_get_fingerprint (XPROCESS
(proc)->gnutls_certificate,
- GNUTLS_DIG_SHA1, NULL, &size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- return gnutls_make_error (ret);
-
- buffer = malloc (size);
- ret = fn_gnutls_x509_crt_get_fingerprint (XPROCESS
(proc)->gnutls_certificate,
- GNUTLS_DIG_SHA1, buffer, &size);
- if (ret < GNUTLS_E_SUCCESS) {
- free (buffer);
- return gnutls_make_error (ret);
- }
-
- hash = gnutls_hex_string (buffer, size, "sha1:");
- free (buffer);
-
/* Then collect any warnings already computed by the handshake. */
verification = XPROCESS (proc)->gnutls_peer_verification;
@@ -947,10 +961,8 @@ The return value is a property list. */)
build_string("certificate host does not match
hostname")),
warnings);
- result = list2 (intern (":fingerprint"), hash);
-
if (!NILP (warnings))
- result = nconc2 (result, list2 (intern (":warnings"), warnings));
+ result = list2 (intern (":warnings"), warnings);
result = nconc2 (result, list2
(intern (":certificate"),