[SCM] GNU gnutls branch, master, updated. gnutls_3_0

gnutls-commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-163-g8db3a62

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-163-g8db3a62
Date:	Mon, 25 Jun 2012 19:16:09 +0000
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=8db3a62d989479d9d2d52423724886185f2d708c

The branch, master has been updated
       via  8db3a62d989479d9d2d52423724886185f2d708c (commit)
       via  73af1ccd9c26425305749008f7a505996ed4f7c1 (commit)
       via  2045918365458b1f2e4ed0e1720ddd710d8dcc26 (commit)
       via  5c6ef1a99df671877f5d51ea2425037e808e38dd (commit)
       via  8b6d6bcf6977f32360396d4d4deb797f4ed8050d (commit)
       via  451680971317d571b6df8eb284b45655a445a83b (commit)
      from  4fcc3470021eebb9faa5955963907d7ec112def7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8db3a62d989479d9d2d52423724886185f2d708c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jun 25 21:15:52 2012 +0200

    Splitted Lucas' contribution to allow incorporation.

commit 73af1ccd9c26425305749008f7a505996ed4f7c1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jun 25 19:39:43 2012 +0200

    Dot require load-privkey for to-p12

commit 2045918365458b1f2e4ed0e1720ddd710d8dcc26
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Jun 24 20:56:43 2012 +0200

    document limitations

commit 5c6ef1a99df671877f5d51ea2425037e808e38dd
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Jun 24 20:30:59 2012 +0200

    Updated Lucas' patch

commit 8b6d6bcf6977f32360396d4d4deb797f4ed8050d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Jun 24 20:25:45 2012 +0200

    updated doc

commit 451680971317d571b6df8eb284b45655a445a83b
Author: Lucas Fisher <address@hidden>
Date:   Sat Jun 23 17:50:52 2012 -0400

    Certtool exports multiple keys in PKCS12 file
    
    Update certtool to export multiple keys in a PKCS12 file so multiple
    certificate/key pairs may be included in one file.
    
    - Add load_privkey_list() so that --load-privkey loads multiple keys
    
    - Change generate_pkcs12() to add multiple keys to the PKCS12 file
    
    Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>

-----------------------------------------------------------------------

Summary of changes:
 NEWS                   |    3 +++
 THANKS                 |    1 +
 lib/gnutls_ui.c        |    3 ++-
 lib/x509/verify-high.c |    2 ++
 src/Makefile.am        |    4 ++--
 src/certtool-args.c    |    5 ++---
 src/certtool-args.def  |    1 -
 src/certtool-args.h    |    2 +-
 src/certtool-common.c  |    1 +
 src/certtool-common.h  |    4 ++++
 src/certtool.c         |   15 ++++++++-------
 11 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/NEWS b/NEWS
index d505f3c..bbb2929 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ See the end for copying conditions.
 ** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx
 and --benchmark-tls-ciphers
 
+** certtool: generated PKCS #12 structures may hold more than one
+private key. Patch by Lucas Fisher.
+
 ** libgnutls: Added support for an old version of the DTLS protocol
 used by openconnect vpn client for compatibility with Cisco's AnyConnect 
 SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols
diff --git a/THANKS b/THANKS
index 123c733..b204b80 100644
--- a/THANKS
+++ b/THANKS
@@ -128,6 +128,7 @@ Eli Zaretskii                   *eliz [at] gnu.org*
 Patrick Pelletier               *code [at] funwithsoftware.org*
 Sean Buckheister                *s_buckhe [at] cs.uni-kl.de*
 Matthew Hall                    *mhall [at] mhcomputing.net*
+Lucas Fisher                    *lucas.fisher [at] gmail.com*
 
 ----------------------------------------------------------------------
 Copying and distribution of this file, with or without modification,
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 7f51333..b5c0eb9 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -742,7 +742,8 @@ gnutls_anon_set_params_function 
(gnutls_anon_server_credentials_t res,
  * @filename: the name of the file to load
  * @data: Where the file will be stored
  *
- * This function will load a file into a datum.
+ * This function will load a file into a datum. The data are
+ * zero terminated but the terminating null is not included in length.
  * The returned data are allocated using gnutls_malloc().
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index eb16716..83b3cf0 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -460,6 +460,8 @@ int 
gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list,
  * This function will try to verify the given certificate and return
  * its status.
  *
+ * Limitation: Pathlen constraints or key usage flags are not consulted.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  *
diff --git a/src/Makefile.am b/src/Makefile.am
index 8b3b578..48f3286 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -120,7 +120,7 @@ libcmd_cli_debug_la_SOURCES = cli-debug-args.def 
cli-debug-args.c cli-debug-args
 
 #certtool
 
-certtool_SOURCES = certtool.c dh.c certtool-common.c $(PKCS11_SRCS)
+certtool_SOURCES = certtool.c dh.c certtool-common.c certtool-extras.c 
$(PKCS11_SRCS)
 certtool_LDADD = ../lib/libgnutls.la 
 certtool_LDADD += libcmd-certtool.la ../gl/libgnu.la
 
@@ -136,7 +136,7 @@ libcmd_certtool_la_LIBADD += ../gl/libgnu.la 
$(INET_PTON_LIB)
 # p11 tool
 if ENABLE_PKCS11
 
-p11tool_SOURCES = p11tool-args.def p11tool.c pkcs11.c certtool-common.c 
p11tool.h $(PKCS11_SRCS)
+p11tool_SOURCES = p11tool-args.def p11tool.c pkcs11.c certtool-common.c 
certtool-extras.c p11tool.h $(PKCS11_SRCS)
 p11tool_LDADD = ../lib/libgnutls.la $(LIBOPTS_LDADD) $(LTLIBINTL)
 p11tool_LDADD += libcmd-p11tool.la ../gl/libgnu.la
 
diff --git a/src/certtool-args.c b/src/certtool-args.c
index 7ba47d2..58e045f 100644
--- a/src/certtool-args.c
+++ b/src/certtool-args.c
@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (certtool-args.c)
  *  
- *  It has been AutoGen-ed  May 14, 2012 at 05:25:37 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  June 25, 2012 at 07:39:02 PM by AutoGen 5.16
  *  From the definitions    certtool-args.def
  *  and the template file   options
  *
@@ -581,8 +581,7 @@ static int const aVerify_CrlMustList[] = {
 #define TO_P12_NAME      (certtool_opt_strs+3284)
 #define TO_P12_name      (certtool_opt_strs+3291)
 static int const aTo_P12MustList[] = {
-    INDEX_OPT_LOAD_CERTIFICATE,
-    INDEX_OPT_LOAD_PRIVKEY, NO_EQUIVALENT };
+    INDEX_OPT_LOAD_CERTIFICATE, NO_EQUIVALENT };
 #define TO_P12_FLAGS     (OPTST_DISABLED)
 
 /*
diff --git a/src/certtool-args.def b/src/certtool-args.def
index a43ff09..57cac19 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -242,7 +242,6 @@ flag = {
     descrip   = "Generate a PKCS #12 structure";
     doc = "It requires a certificate, a private key and possibly a CA 
certificate to be specified.";
     flags-must = load-certificate;
-    flags-must = load-privkey;
 };
 
 flag = {
diff --git a/src/certtool-args.h b/src/certtool-args.h
index 49e7b11..2e8d3d6 100644
--- a/src/certtool-args.h
+++ b/src/certtool-args.h
@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (certtool-args.h)
  *  
- *  It has been AutoGen-ed  May 14, 2012 at 05:25:36 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  June 25, 2012 at 07:39:01 PM by AutoGen 5.16
  *  From the definitions    certtool-args.def
  *  and the template file   options
  *
diff --git a/src/certtool-common.c b/src/certtool-common.c
index e2fdab9..13aee71 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -346,6 +346,7 @@ load_x509_private_key (int mand, common_info_st * info)
   return key;
 }
 
+
 /* Loads the certificate
  * If mand is non zero then a certificate is mandatory. Otherwise
  * null will be returned if the certificate loading fails.
diff --git a/src/certtool-common.h b/src/certtool-common.h
index dbd69e5..deb3853 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -55,6 +55,8 @@ typedef struct common_info
 gnutls_pubkey_t load_public_key_or_import(int mand, gnutls_privkey_t privkey, 
common_info_st * info);
 gnutls_privkey_t load_private_key (int mand, common_info_st * info);
 gnutls_x509_privkey_t load_x509_private_key (int mand, common_info_st * info);
+gnutls_x509_privkey_t *load_privkey_list (int mand, size_t * privkey_size,
+                                           common_info_st * info);
 gnutls_x509_crq_t load_request (common_info_st * info);
 gnutls_privkey_t load_ca_private_key (common_info_st * info);
 gnutls_x509_crt_t load_ca_cert (common_info_st * info);
@@ -70,6 +72,8 @@ gnutls_sec_param_t str_to_sec_param (const char *str);
 int generate_prime (int how, common_info_st * info);
 void dh_info (common_info_st * ci);
 
+gnutls_x509_privkey_t * load_privkey_list (int mand, size_t * privkey_size, 
common_info_st * info);
+
 FILE *safe_open_rw (const char *file, int privkey_op);
 
 extern unsigned char buffer[];
diff --git a/src/certtool.c b/src/certtool.c
index 8876d09..62262b7 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -2406,7 +2406,7 @@ generate_pkcs12 (common_info_st * cinfo)
 {
   gnutls_pkcs12_t pkcs12;
   gnutls_x509_crt_t *crts;
-  gnutls_x509_privkey_t key;
+  gnutls_x509_privkey_t *keys;
   int result;
   size_t size;
   gnutls_datum_t data;
@@ -2417,10 +2417,11 @@ generate_pkcs12 (common_info_st * cinfo)
   unsigned char _key_id[32];
   int indx;
   size_t ncrts;
+  size_t nkeys;
 
   fprintf (stderr, "Generating a PKCS #12 structure...\n");
 
-  key = load_x509_private_key (0, cinfo);
+  keys = load_privkey_list (0, &nkeys, cinfo);
   crts = load_cert_list (0, &ncrts, cinfo);
 
   name = get_pkcs12_key_name ();
@@ -2489,7 +2490,7 @@ generate_pkcs12 (common_info_st * cinfo)
         error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result));
     }
 
-  if (key)
+  for (i = 0; i < nkeys; i++)
     {
       gnutls_pkcs12_bag_t kbag;
 
@@ -2501,10 +2502,10 @@ generate_pkcs12 (common_info_st * cinfo)
 
       size = buffer_size;
       result =
-        gnutls_x509_privkey_export_pkcs8 (key, GNUTLS_X509_FMT_DER,
+        gnutls_x509_privkey_export_pkcs8 (keys[i], GNUTLS_X509_FMT_DER,
                                           pass, flags, buffer, &size);
       if (result < 0)
-        error (EXIT_FAILURE, 0, "key_export: %s", gnutls_strerror (result));
+        error (EXIT_FAILURE, 0, "key_export[%d]: %s", i, gnutls_strerror 
(result));
 
       data.data = buffer;
       data.size = size;
@@ -2522,9 +2523,9 @@ generate_pkcs12 (common_info_st * cinfo)
                gnutls_strerror (result));
 
       size = sizeof (_key_id);
-      result = gnutls_x509_privkey_get_key_id (key, 0, _key_id, &size);
+      result = gnutls_x509_privkey_get_key_id (keys[i], 0, _key_id, &size);
       if (result < 0)
-        error (EXIT_FAILURE, 0, "key_id: %s", gnutls_strerror (result));
+        error (EXIT_FAILURE, 0, "key_id[%d]: %s", i, gnutls_strerror (result));
 
       key_id.data = _key_id;
       key_id.size = size;


hooks/post-receive
-- 
GNU gnutls
[Prev in Thread]
Current Thread
[Next in Thread]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-163-g8db3a62, Nikos Mavrogiannopoulos <=
Prev by Date: [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_20-18-g756cfa4
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-164-gc83354f
Previous by thread: [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_20-18-g756cfa4
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-164-gc83354f
Index(es):
- Date
- Thread