gnutls-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-108-g1b4f857

From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-108-g1b4f857
Date: Sun, 03 Jun 2012 11:17:05 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=1b4f8572ee689066d203a6f2b4dbbc7658dd4d18

The branch, master has been updated
       via  1b4f8572ee689066d203a6f2b4dbbc7658dd4d18 (commit)
      from  afe08175096b8c4770893b7aa6db1b863abf6133 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1b4f8572ee689066d203a6f2b4dbbc7658dd4d18
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Jun 3 13:13:12 2012 +0200

    Differentiate between signature failure and generic errors, by introducing 
the verification flag GNUTLS_CERT_SIGNATURE_FAILURE. Suggested by David 
Woodhouse.

-----------------------------------------------------------------------

Summary of changes:
 lib/includes/gnutls/gnutls.h.in |    4 +++-
 lib/x509/verify-high.c          |    2 +-
 lib/x509/verify.c               |    4 ++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index c61b408..1a58a53 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -426,6 +426,7 @@ extern "C"
  * gnutls_certificate_status_t:
  * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
  *   known authorities or the signature is invalid.
+ * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
  * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority.  In X.509 
this will be
  *   set only if CRLs are checked.
  * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known. 
@@ -451,7 +452,8 @@ extern "C"
     GNUTLS_CERT_SIGNER_NOT_CA = 128,
     GNUTLS_CERT_INSECURE_ALGORITHM = 256,
     GNUTLS_CERT_NOT_ACTIVATED = 512,
-    GNUTLS_CERT_EXPIRED = 1024
+    GNUTLS_CERT_EXPIRED = 1024,
+    GNUTLS_CERT_SIGNATURE_FAILURE = 2048
   } gnutls_certificate_status_t;
 
 /**
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index b9572b2..eb16716 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -590,7 +590,7 @@ 
gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list,
 
     _gnutls_free_datum(&dn);
 
-    *verify = GNUTLS_CERT_INVALID;
+    *verify = GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND;
 
     for (i = 0; i < list->node[hash].named_cert_size; i++) {
         if (check_if_same_cert(cert, list->node[hash].named_certs[i].cert) == 
0) {      /* check if name matches */
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 1cf5dc5..497f4dd 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -485,7 +485,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
   if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
     {
       gnutls_assert ();
-      out |= GNUTLS_CERT_INVALID;
+      out |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
       /* error. ignore it */
       if (output)
         *output |= out;
@@ -1044,7 +1044,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
       gnutls_assert ();
       /* error. ignore it */
       if (output)
-        *output |= GNUTLS_CERT_INVALID;
+        *output |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
       result = 0;
     }
   else if (result < 0)


hooks/post-receive
-- 
GNU gnutls
reply via email to
[Prev in Thread] Current Thread [Next in Thread]