[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-108-g1b4f857
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-108-g1b4f857 |
Date: |
Sun, 03 Jun 2012 11:17:05 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=1b4f8572ee689066d203a6f2b4dbbc7658dd4d18
The branch, master has been updated
via 1b4f8572ee689066d203a6f2b4dbbc7658dd4d18 (commit)
from afe08175096b8c4770893b7aa6db1b863abf6133 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1b4f8572ee689066d203a6f2b4dbbc7658dd4d18
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jun 3 13:13:12 2012 +0200
Differentiate between signature failure and generic errors, by introducing
the verification flag GNUTLS_CERT_SIGNATURE_FAILURE. Suggested by David
Woodhouse.
-----------------------------------------------------------------------
Summary of changes:
lib/includes/gnutls/gnutls.h.in | 4 +++-
lib/x509/verify-high.c | 2 +-
lib/x509/verify.c | 4 ++--
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index c61b408..1a58a53 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -426,6 +426,7 @@ extern "C"
* gnutls_certificate_status_t:
* @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
* known authorities or the signature is invalid.
+ * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
* @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509
this will be
* set only if CRLs are checked.
* @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
@@ -451,7 +452,8 @@ extern "C"
GNUTLS_CERT_SIGNER_NOT_CA = 128,
GNUTLS_CERT_INSECURE_ALGORITHM = 256,
GNUTLS_CERT_NOT_ACTIVATED = 512,
- GNUTLS_CERT_EXPIRED = 1024
+ GNUTLS_CERT_EXPIRED = 1024,
+ GNUTLS_CERT_SIGNATURE_FAILURE = 2048
} gnutls_certificate_status_t;
/**
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index b9572b2..eb16716 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -590,7 +590,7 @@
gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list,
_gnutls_free_datum(&dn);
- *verify = GNUTLS_CERT_INVALID;
+ *verify = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND;
for (i = 0; i < list->node[hash].named_cert_size; i++) {
if (check_if_same_cert(cert, list->node[hash].named_certs[i].cert) ==
0) { /* check if name matches */
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 1cf5dc5..497f4dd 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -485,7 +485,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
{
gnutls_assert ();
- out |= GNUTLS_CERT_INVALID;
+ out |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
/* error. ignore it */
if (output)
*output |= out;
@@ -1044,7 +1044,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
gnutls_assert ();
/* error. ignore it */
if (output)
- *output |= GNUTLS_CERT_INVALID;
+ *output |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
result = 0;
}
else if (result < 0)
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-108-g1b4f857,
Nikos Mavrogiannopoulos <=