[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-110-g2c8889e
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-110-g2c8889e |
|
Date: |
Sun, 03 Jun 2012 11:42:47 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2c8889e401f04870f3a51649abdbcffdf0001b7a
The branch, master has been updated
via 2c8889e401f04870f3a51649abdbcffdf0001b7a (commit)
via 591ed53d5e0bf0437a04bc5de2145cf5ce180daf (commit)
from 1b4f8572ee689066d203a6f2b4dbbc7658dd4d18 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2c8889e401f04870f3a51649abdbcffdf0001b7a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jun 3 13:34:39 2012 +0200
updated news entries
commit 591ed53d5e0bf0437a04bc5de2145cf5ce180daf
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jun 3 13:30:26 2012 +0200
Verification in openpgp changed to ressemble the X.509 behavior.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 13 +++++++++++++
doc/Makefile.am | 1 +
doc/manpages/Makefile.am | 1 +
lib/openpgp/pgpverify.c | 15 ++++++---------
4 files changed, 21 insertions(+), 9 deletions(-)
diff --git a/NEWS b/NEWS
index 235d154..64bba00 100644
--- a/NEWS
+++ b/NEWS
@@ -16,11 +16,24 @@ by David Smith.
** libgnutls: introduce gnutls_certificate_set_x509_system_trust
which imports the trusted root CA's from a compile time defined location.
+** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between
+generic errors and signature verification errors in the verification
+functions.
+
+** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function
+to simplify parsing in most PKCS #12 use cases.
+
+** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds
+the whole certificate chain (if any) to the credentials structure, instead
+of only the end-user certificate.
+
** libgnutlsxx: Added session::set_transport_vec_push_function. Patch
by Alexandre Bique.
** API and ABI modifications:
+GNUTLS_CERT_SIGNATURE_FAILURE: Added
gnutls_pubkey_verify_hash2: Added
+gnutls_pkcs12_simple_parse: Added
gnutls_certificate_set_x509_system_trust: Added
gnutls_pkcs11_obj_list_import_url2: Added
gnutls_x509_trust_list_add_system_trust: Added
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 31b4982..c7346f5 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -974,6 +974,7 @@ FUNCS += functions/gnutls_pkcs12_generate_mac
FUNCS += functions/gnutls_pkcs12_verify_mac
FUNCS += functions/gnutls_pkcs12_bag_decrypt
FUNCS += functions/gnutls_pkcs12_bag_encrypt
+FUNCS += functions/gnutls_pkcs12_simple_parse
FUNCS += functions/gnutls_pkcs12_bag_get_type
FUNCS += functions/gnutls_pkcs12_bag_get_data
FUNCS += functions/gnutls_pkcs12_bag_set_data
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 13e9d15..694bb4d 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -571,6 +571,7 @@ APIMANS += gnutls_pkcs12_generate_mac.3
APIMANS += gnutls_pkcs12_verify_mac.3
APIMANS += gnutls_pkcs12_bag_decrypt.3
APIMANS += gnutls_pkcs12_bag_encrypt.3
+APIMANS += gnutls_pkcs12_simple_parse.3
APIMANS += gnutls_pkcs12_bag_get_type.3
APIMANS += gnutls_pkcs12_bag_get_data.3
APIMANS += gnutls_pkcs12_bag_set_data.3
diff --git a/lib/openpgp/pgpverify.c b/lib/openpgp/pgpverify.c
index 4835462..2a9ce48 100644
--- a/lib/openpgp/pgpverify.c
+++ b/lib/openpgp/pgpverify.c
@@ -43,10 +43,6 @@
* or more of the #gnutls_certificate_status_t enumerated elements
* bitwise or'd.
*
- * %GNUTLS_CERT_INVALID: A signature on the key is invalid.
- *
- * %GNUTLS_CERT_REVOKED: The key has been revoked.
- *
* Note that this function does not verify using any "web of trust".
* You may use GnuPG for that purpose, or any other external PGP
* application.
@@ -87,7 +83,7 @@ gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
_gnutls_debug_log ("status: %x\n", status);
if (status & CDK_KEY_INVALID)
- *verify |= GNUTLS_CERT_INVALID;
+ *verify |= GNUTLS_CERT_SIGNATURE_FAILURE;
if (status & CDK_KEY_REVOKED)
*verify |= GNUTLS_CERT_REVOKED;
if (status & CDK_KEY_NOSIGNER)
@@ -106,9 +102,12 @@ gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
rc = gnutls_openpgp_keyring_check_id (keyring, id, 0);
/* If it exists in the keyring don't treat it as unknown. */
if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND)
- *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND;
+ *verify &= ~GNUTLS_CERT_SIGNER_NOT_FOUND;
}
+ if (*verify != 0)
+ *verify |= GNUTLS_CERT_INVALID;
+
return 0;
}
@@ -123,8 +122,6 @@ gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
* output will be put in @verify and will be one or more of the
* gnutls_certificate_status_t enumerated elements bitwise or'd.
*
- * %GNUTLS_CERT_INVALID: The self signature on the key is invalid.
- *
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
**/
int
@@ -138,7 +135,7 @@ gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
rc = cdk_pk_check_self_sig (key->knode, &status);
if (rc || status != CDK_KEY_VALID)
- *verify |= GNUTLS_CERT_INVALID;
+ *verify |= GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE;
else
*verify = 0;
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-110-g2c8889e,
Nikos Mavrogiannopoulos <=