[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help required for CSR validation
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Help required for CSR validation |
Date: |
Sat, 28 Nov 2009 00:50:41 +0200 |
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Boyan Kasarov wrote:
> Soory for the short answer. Without the patch both RSA and DSA fail.
> With the patch RSA works, but DSA still doesn't.
It should be now fixed with this patch. This patch removed some optional
parameters that were added for DSA. It seems that verisign didn't like
them to be there.
best regards,
Nikos
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index dc18eaa..aad7312 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -380,14 +380,14 @@ _gnutls_x509_write_rsa_params (bigint_t * params, int
params_size,
return _gnutls_asn2err (result);
}
- result = _gnutls_x509_write_int (spk, "modulus", params[0], 0);
+ result = _gnutls_x509_write_int (spk, "modulus", params[0], 1);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- result = _gnutls_x509_write_int (spk, "publicExponent", params[1], 0);
+ result = _gnutls_x509_write_int (spk, "publicExponent", params[1], 1);
if (result < 0)
{
gnutls_assert ();
@@ -448,36 +448,15 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char
*dst_name,
_gnutls_str_cpy (name, sizeof (name), dst_name);
_gnutls_str_cat (name, sizeof (name), ".parameters");
- if (pk_algorithm == GNUTLS_PK_DSA)
- {
- result = _gnutls_x509_write_dsa_params (params, params_size, &der);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ result = asn1_write_value (dst, name, NULL, 0);
- result = asn1_write_value (dst, name, der.data, der.size);
- _gnutls_free_datum (&der);
-
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
- }
- else
- { /* RSA */
- result = asn1_write_value (dst, name, NULL, 0);
-
- if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
- {
- /* Here we ignore the element not found error, since this
- * may have been disabled before.
- */
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
+ if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
+ {
+ /* Here we ignore the element not found error, since this
+ * may have been disabled before.
+ */
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
}
return 0;
@@ -514,21 +493,21 @@ _gnutls_x509_write_dsa_params (bigint_t * params, int
params_size,
return _gnutls_asn2err (result);
}
- result = _gnutls_x509_write_int (spk, "p", params[0], 0);
+ result = _gnutls_x509_write_int (spk, "p", params[0], 1);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- result = _gnutls_x509_write_int (spk, "q", params[1], 0);
+ result = _gnutls_x509_write_int (spk, "q", params[1], 1);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- result = _gnutls_x509_write_int (spk, "g", params[2], 0);
+ result = _gnutls_x509_write_int (spk, "g", params[2], 1);
if (result < 0)
{
gnutls_assert ();
@@ -580,7 +559,7 @@ _gnutls_x509_write_dsa_public_key (bigint_t * params, int
params_size,
return _gnutls_asn2err (result);
}
- result = _gnutls_x509_write_int (spk, "", params[3], 0);
+ result = _gnutls_x509_write_int (spk, "", params[3], 1);
if (result < 0)
{
gnutls_assert ();
- Re: Help required for CSR validation, (continued)
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/21
- RE: Help required for CSR validation, Wilankar, Trupti, 2009/11/23
- Re: Help required for CSR validation, Daniel Kahn Gillmor, 2009/11/23
- RE: Help required for CSR validation, Wilankar, Trupti, 2009/11/24
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/24
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/24
- Re: Help required for CSR validation, Boyan Kasarov, 2009/11/24
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/24
- Re: Help required for CSR validation, Boyan Kasarov, 2009/11/24
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/26
- Re: Help required for CSR validation,
Nikos Mavrogiannopoulos <=
- RE: Help required for CSR validation, Wilankar, Trupti, 2009/11/25