[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-136-ge1388b
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-136-ge1388b9 |
|
Date: |
Wed, 17 Aug 2011 14:47:56 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=e1388b9af9872b5edebb0982fcd8ce1f47fc58fd
The branch, gnutls_3_0_x has been updated
via e1388b9af9872b5edebb0982fcd8ce1f47fc58fd (commit)
via 7657cf1cae558288631c793b7102ff52fa53e2f2 (commit)
via a8ef3bd75912e374cff57a3db0019514f63f9d17 (commit)
via abc8e1d0874e3a2046a5c69193946220edc4d051 (commit)
via e1b836027640829f8a1956eb52b4acf42b169395 (commit)
from 30fced68fd71feed5a542cf782a8b85144e2fa48 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e1388b9af9872b5edebb0982fcd8ce1f47fc58fd
Merge: 30fced6 7657cf1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Aug 17 16:47:51 2011 +0200
Merge branch 'master' into gnutls_3_0_x
-----------------------------------------------------------------------
Summary of changes:
NEWS | 16 +++-
lib/auth/cert.c | 88 ++++++++++++++++++-----
lib/auth/cert.h | 23 ++----
lib/gnutls_cert.c | 15 ++--
lib/gnutls_state.c | 2 +-
lib/gnutls_ui.c | 2 +-
lib/gnutls_x509.c | 99 +++++++++++++++++++------
lib/openpgp/gnutls_openpgp.c | 7 ++-
lib/x509/x509.c | 166 ++++++++++++++++++++++++------------------
9 files changed, 275 insertions(+), 143 deletions(-)
diff --git a/NEWS b/NEWS
index 35de9df..c00064c 100644
--- a/NEWS
+++ b/NEWS
@@ -4,14 +4,18 @@ See the end for copying conditions.
* Version 3.0.1 (unreleased)
+** libgnutls: gnutls_certificate_set_x509_key_file() and
+friends support server name indication. If multiple
+certificates are set using these functions the proper one
+will be selected during a handshake, with the limitation
+of a single name per certificate.
+
** libgnutls: Added AES-256-GCM which was left out from
the previous release. Reported by Benjamin Hof.
-** libgnutls: When asking for a PIN multiple times, the
-flags in the callback were not being updated to reflect
-for PIN low count or final try.
-
-** crywrap: Added to the distribution
+** libgnutls: When asking for a PKCS# 11 PIN multiple
+times, the flags in the callback were not being updated
+to reflect for PIN low count or final try.
** libgnutls: Do not allow second instances of PKCS #11
modules.
@@ -29,6 +33,8 @@ according to TLS specification (from subject to issuer).
gnutls_x509_crt_list_import. It checks whether the list to be
imported is properly sorted.
+** crywrap: Added to the distribution
+
** doc: Many GTK-DOC improvements.
** i18n: Translations were updated.
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 46ceba7..6aa37b9 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -238,10 +238,10 @@ _find_x509_cert (const gnutls_certificate_credentials_t
cred,
for (i = 0; i < cred->ncerts; i++)
{
- for (j = 0; j < cred->cert_list_length[i]; j++)
+ for (j = 0; j < cred->certs[i].cert_list_length; j++)
{
if ((result =
- _gnutls_cert_get_issuer_dn (&cred->cert_list[i][j],
+ _gnutls_cert_get_issuer_dn (&cred->certs[i].cert_list[j],
&odn)) < 0)
{
gnutls_assert ();
@@ -256,7 +256,7 @@ _find_x509_cert (const gnutls_certificate_credentials_t
cred,
* the cert is our cert!
*/
cert_pk =
- gnutls_pubkey_get_pk_algorithm (cred->cert_list[i][0].pubkey,
+ gnutls_pubkey_get_pk_algorithm
(cred->certs[i].cert_list[0].pubkey,
NULL);
if ((memcmp (odn.data, data, size) == 0) &&
@@ -298,7 +298,7 @@ _find_openpgp_cert (const gnutls_certificate_credentials_t
cred,
for (i = 0; i < cred->ncerts; i++)
{
- for (j = 0; j < cred->cert_list_length[i]; j++)
+ for (j = 0; j < cred->certs[i].cert_list_length; j++)
{
/* If the *_SIGN algorithm matches
@@ -306,9 +306,9 @@ _find_openpgp_cert (const gnutls_certificate_credentials_t
cred,
*/
if ((_gnutls_check_pk_algo_in_list
(pk_algos, pk_algos_length,
- gnutls_pubkey_get_pk_algorithm (cred->cert_list[i][0].pubkey,
+ gnutls_pubkey_get_pk_algorithm
(cred->certs[i].cert_list[0].pubkey,
NULL)) == 0)
- && (cred->cert_list[i][0].type == GNUTLS_CRT_OPENPGP))
+ && (cred->certs[i].cert_list[0].type == GNUTLS_CRT_OPENPGP))
{
*indx = i;
break;
@@ -757,8 +757,8 @@ _select_client_cert (gnutls_session_t session,
if (indx >= 0)
{
_gnutls_selected_certs_set (session,
- &cred->cert_list[indx][0],
- cred->cert_list_length[indx],
+ &cred->certs[indx].cert_list[0],
+ cred->certs[indx].cert_list_length,
cred->pkey[indx], 0);
}
else
@@ -2073,6 +2073,25 @@ _gnutls_selected_certs_set (gnutls_session_t session,
}
+static void get_server_name(gnutls_session_t session, uint8_t* name, size_t
max_name_size)
+{
+int ret, i;
+size_t max_name;
+unsigned int type;
+
+ ret = 0;
+ for (i=0; !(ret<0);i++)
+ {
+ max_name = max_name_size;
+ ret = gnutls_server_name_get (session, name, &max_name, &type, i);
+ if (ret >= 0 && type == GNUTLS_NAME_DNS)
+ return;
+ }
+
+ name[0] = 0;
+
+ return;
+}
/* finds the most appropriate certificate in the cert list.
* The 'appropriate' is defined by the user.
@@ -2092,6 +2111,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
unsigned i, j;
int idx, ret;
gnutls_certificate_credentials_t cred;
+ char server_name[MAX_CN];
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
@@ -2114,9 +2134,43 @@ _gnutls_server_select_cert (gnutls_session_t session,
}
/* Otherwise... */
+
+ get_server_name(session, server_name, sizeof(server_name));
idx = -1; /* default is use no certificate */
+ /* find certificates that match the requested server_name
+ */
+
+ if (server_name[0] != 0)
+ {
+ for (i = 0; i < cred->ncerts; i++)
+ {
+fprintf(stderr, "\n*** name[i]: %s, req: %s\n\n", cred->certs[i].name,
server_name);
+ if (cred->certs[i].name != NULL && strcasecmp(cred->certs[i].name,
server_name) == 0)
+ {
+ /* if requested algorithms are also compatible select it */
+ gnutls_pk_algorithm pk =
+ gnutls_pubkey_get_pk_algorithm
(cred->certs[i].cert_list[0].pubkey,
+ NULL);
+
+ _gnutls_handshake_log("HSK[%p]: Requested server name: '%s',
ctype: %s (%d)", session, server_name,
+ gnutls_certificate_type_get_name
(session->security_parameters.cert_type),
+ session->security_parameters.cert_type);
+
+ if (session->security_parameters.cert_type ==
cred->certs[i].cert_list[0].type)
+ {
+ for (j = 0; j < pk_algos_size; j++)
+ if (pk_algos[j] == pk)
+ {
+ idx = i;
+ goto finished;
+ }
+ }
+ }
+ }
+ }
+
for (j = 0; j < pk_algos_size; j++)
{
_gnutls_handshake_log
@@ -2129,42 +2183,40 @@ _gnutls_server_select_cert (gnutls_session_t session,
for (i = 0; i < cred->ncerts; i++)
{
gnutls_pk_algorithm pk =
- gnutls_pubkey_get_pk_algorithm (cred->cert_list[i][0].pubkey,
+ gnutls_pubkey_get_pk_algorithm (cred->certs[i].cert_list[0].pubkey,
NULL);
/* find one compatible certificate
*/
_gnutls_handshake_log
("HSK[%p]: certificate[%d] PK algorithm: %s (%d) - ctype: %s
(%d)\n",
session, i, gnutls_pk_get_name (pk), pk,
- gnutls_certificate_type_get_name (cred->cert_list[i][0].type),
- cred->cert_list[i][0].type);
+ gnutls_certificate_type_get_name
(cred->certs[i].cert_list[0].type),
+ cred->certs[i].cert_list[0].type);
if (pk_algos[j] == pk)
{
/* if cert type matches
*/
/* *INDENT-OFF* */
- if (session->security_parameters.cert_type ==
cred->cert_list[i][0].type)
+ if (session->security_parameters.cert_type ==
cred->certs[i].cert_list[0].type)
{
idx = i;
- break;
+ goto finished;
}
/* *INDENT-ON* */
}
}
-
- if (idx != -1)
- break;
}
/* store the certificate pointer for future use, in the handshake.
* (This will allow not calling this callback again.)
*/
+finished:
if (idx >= 0)
{
_gnutls_selected_certs_set (session,
- &cred->cert_list[idx][0],
- cred->cert_list_length[idx],
+ &cred->certs[idx].cert_list[0],
+ cred->certs[idx].cert_list_length,
cred->pkey[idx], 0);
}
else
diff --git a/lib/auth/cert.h b/lib/auth/cert.h
index bb18915..5b0d15f 100644
--- a/lib/auth/cert.h
+++ b/lib/auth/cert.h
@@ -29,6 +29,12 @@
#include <gnutls/abstract.h>
#include <gnutls/compat.h>
+typedef struct {
+ gnutls_pcert_st * cert_list; /* a certificate chain */
+ unsigned int cert_list_length; /* its length */
+ char* name; /* the name of the first certificate - only 1 allowed*/
+} certs_st;
+
/* This structure may be complex, but it's the only way to
* support a server that has multiple certificates
*/
@@ -41,19 +47,8 @@ typedef struct gnutls_certificate_credentials_st
*/
gnutls_params_function *params_func;
- gnutls_pcert_st **cert_list;
- /* contains a list of a list of certificates.
- * eg (X509): [0] certificate1, certificate11, certificate111
- * (if more than one, one certificate certifies the one before)
- * [1] certificate2, certificate22, ...
- */
- unsigned *cert_list_length;
- /* contains the number of the certificates in a
- * row (should be 1 for OpenPGP keys).
- */
- unsigned ncerts; /* contains the number of columns in cert_list.
- * This is the same with the number of pkeys.
- */
+ certs_st *certs;
+ unsigned ncerts; /* the number of certs */
gnutls_privkey_t *pkey;
/* private keys. It contains ncerts private
@@ -158,7 +153,7 @@ int _gnutls_get_auth_info_pcert (gnutls_pcert_st* gcert,
cert_auth_info_t info);
int certificate_credential_append_crt_list (gnutls_certificate_credentials_t
- res, gnutls_pcert_st* crt, int nr);
+ res, const char* name,
gnutls_pcert_st* crt, int nr);
int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
gnutls_privkey_t pkey);
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 8fba58d..c5a872f 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -58,18 +58,16 @@ gnutls_certificate_free_keys
(gnutls_certificate_credentials_t sc)
for (i = 0; i < sc->ncerts; i++)
{
- for (j = 0; j < sc->cert_list_length[i]; j++)
+ for (j = 0; j < sc->certs[i].cert_list_length; j++)
{
- gnutls_pcert_deinit (&sc->cert_list[i][j]);
+ gnutls_pcert_deinit (&sc->certs[i].cert_list[j]);
}
- gnutls_free (sc->cert_list[i]);
+ gnutls_free (sc->certs[i].cert_list);
+ gnutls_free (sc->certs[i].name);
}
- gnutls_free (sc->cert_list_length);
- sc->cert_list_length = NULL;
-
- gnutls_free (sc->cert_list);
- sc->cert_list = NULL;
+ gnutls_free (sc->certs);
+ sc->certs = NULL;
for (i = 0; i < sc->ncerts; i++)
{
@@ -80,7 +78,6 @@ gnutls_certificate_free_keys
(gnutls_certificate_credentials_t sc)
sc->pkey = NULL;
sc->ncerts = 0;
-
}
/**
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index d4106df..e1b3ac5 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -193,7 +193,7 @@ _gnutls_session_cert_type_supported (gnutls_session_t
session,
{
for (i = 0; i < cred->ncerts; i++)
{
- if (cred->cert_list[i][0].type == cert_type)
+ if (cred->certs[i].cert_list[0].type == cert_type)
{
cert_found = 1;
break;
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index a7dfb32..7268467 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -468,7 +468,7 @@ gnutls_certificate_get_ours (gnutls_session_t session)
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
- if (cred == NULL || cred->cert_list == NULL)
+ if (cred == NULL || cred->certs == NULL)
{
gnutls_assert ();
return NULL;
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index a80ec0c..774454a 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -196,7 +196,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session,
static int
_gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
{
- unsigned int pk = gnutls_pubkey_get_pk_algorithm(res->cert_list[res->ncerts
- 1][0].pubkey, NULL);
+ unsigned int pk =
gnutls_pubkey_get_pk_algorithm(res->certs[res->ncerts-1].cert_list[0].pubkey,
NULL);
if (gnutls_privkey_get_pk_algorithm (res->pkey[res->ncerts - 1], NULL) !=
pk)
@@ -208,6 +208,55 @@ _gnutls_check_key_cert_match
(gnutls_certificate_credentials_t res)
return 0;
}
+/* Returns the name of the certificate of a null name
+ */
+static void get_x509_name(gnutls_x509_crt_t crt, char* name, size_t
max_name_size)
+{
+size_t max_size;
+int i, ret = 0;
+
+ name[0] = 0;
+
+ for (i = 0; !(ret < 0); i++)
+ {
+ max_size = max_name_size;
+
+ ret = gnutls_x509_crt_get_subject_alt_name(crt, 0, name, &max_size,
NULL);
+ if (ret == GNUTLS_SAN_DNSNAME)
+ return;
+ }
+
+ max_size = max_name_size;
+ gnutls_x509_crt_get_dn_by_oid (crt, OID_X520_COMMON_NAME, 0, 0, name,
&max_size);
+}
+
+static void get_x509_name_raw(gnutls_datum_t *raw, gnutls_x509_crt_fmt_t type,
char* name, size_t max_name_size)
+{
+int ret;
+gnutls_x509_crt_t crt;
+
+ name[0] = 0;
+
+ ret = gnutls_x509_crt_init (&crt);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return;
+ }
+
+ ret = gnutls_x509_crt_import (crt, raw, type);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crt_deinit (crt);
+ return;
+ }
+
+ get_x509_name(crt, name, max_name_size);
+ gnutls_x509_crt_deinit (crt);
+ return;
+}
+
/* Reads a DER encoded certificate list from memory and stores it to a
* gnutls_cert structure. Returns the number of certificates parsed.
*/
@@ -219,6 +268,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
gnutls_x509_crt_t crt;
gnutls_pcert_st *ccert;
int ret;
+ char name[MAX_CN];
ccert = gnutls_malloc (sizeof (*ccert));
if (ccert == NULL)
@@ -245,6 +295,8 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
goto cleanup;
}
+ get_x509_name(crt, name, sizeof(name));
+
ret = gnutls_pcert_import_x509 (ccert, crt, 0);
gnutls_x509_crt_deinit (crt);
@@ -254,7 +306,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
goto cleanup;
}
- ret = certificate_credential_append_crt_list (res, ccert, 1);
+ ret = certificate_credential_append_crt_list (res, name, ccert, 1);
if (ret < 0)
{
gnutls_assert ();
@@ -280,6 +332,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
gnutls_datum_t tmp;
int ret, count, i;
gnutls_pcert_st *certs = NULL;
+ char name[MAX_CN];
/* move to the certificate
*/
@@ -312,6 +365,8 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
tmp.data = (void*)ptr;
tmp.size = size;
+ if (count == 0) get_x509_name_raw(&tmp, GNUTLS_X509_FMT_PEM, name,
sizeof(name));
+
ret = gnutls_pcert_import_x509_raw (&certs[count], &tmp,
GNUTLS_X509_FMT_PEM, 0);
if (ret < 0)
{
@@ -345,7 +400,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
}
while (ptr != NULL);
- ret = certificate_credential_append_crt_list (res, certs, count);
+ ret = certificate_credential_append_crt_list (res, name, certs, count);
if (ret < 0)
{
gnutls_assert ();
@@ -620,6 +675,7 @@ read_cert_url (gnutls_certificate_credentials_t res, const
char *url)
int ret;
gnutls_x509_crt_t crt;
gnutls_pcert_st *ccert;
+ char name[MAX_CN];
ccert = gnutls_malloc (sizeof (*ccert));
if (ccert == NULL)
@@ -650,6 +706,8 @@ read_cert_url (gnutls_certificate_credentials_t res, const
char *url)
return ret;
}
+ get_x509_name(crt, name, sizeof(name));
+
ret = gnutls_pcert_import_x509 (ccert, crt, 0);
gnutls_x509_crt_deinit (crt);
@@ -660,7 +718,7 @@ read_cert_url (gnutls_certificate_credentials_t res, const
char *url)
return ret;
}
- ret = certificate_credential_append_crt_list (res, ccert, 1);
+ ret = certificate_credential_append_crt_list (res, name, ccert, 1);
if (ret < 0)
{
gnutls_assert ();
@@ -855,7 +913,7 @@ cleanup:
int
certificate_credential_append_crt_list (gnutls_certificate_credentials_t res,
- gnutls_pcert_st * crt, int nr)
+ const char* name, gnutls_pcert_st *
crt, int nr)
{
int ret;
@@ -863,27 +921,21 @@ int ret;
if (ret < 0)
return gnutls_assert_val(ret);
- res->cert_list = gnutls_realloc_fast (res->cert_list,
- (1 +
- res->ncerts) *
- sizeof (gnutls_pcert_st *));
- if (res->cert_list == NULL)
+ res->certs = gnutls_realloc_fast (res->certs,
+ (1 + res->ncerts) *
+ sizeof (certs_st));
+ if (res->certs == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- res->cert_list_length = gnutls_realloc_fast (res->cert_list_length,
- (1 +
- res->ncerts) * sizeof (int));
- if (res->cert_list_length == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- res->cert_list[res->ncerts] = crt;
- res->cert_list_length[res->ncerts] = nr;
+ res->certs[res->ncerts].cert_list = crt;
+ res->certs[res->ncerts].cert_list_length = nr;
+ if (name[0] != 0)
+ res->certs[res->ncerts].name = gnutls_strdup(name);
+ else
+ res->certs[res->ncerts].name = NULL;
return 0;
@@ -935,6 +987,7 @@ gnutls_certificate_set_x509_key
(gnutls_certificate_credentials_t res,
int ret, i;
gnutls_privkey_t pkey;
gnutls_pcert_st *pcerts = NULL;
+ char name[MAX_CN];
/* this should be first
*/
@@ -967,6 +1020,8 @@ gnutls_certificate_set_x509_key
(gnutls_certificate_credentials_t res,
return GNUTLS_E_MEMORY_ERROR;
}
+ get_x509_name(cert_list[0], name, sizeof(name));
+
for (i = 0; i < cert_list_size; i++)
{
ret = gnutls_pcert_import_x509 (&pcerts[i], cert_list[i], 0);
@@ -977,7 +1032,7 @@ gnutls_certificate_set_x509_key
(gnutls_certificate_credentials_t res,
}
}
- ret = certificate_credential_append_crt_list (res, pcerts, cert_list_size);
+ ret = certificate_credential_append_crt_list (res, name, pcerts,
cert_list_size);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index 44ba47b..9696e67 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -90,6 +90,8 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
int ret;
gnutls_privkey_t privkey;
gnutls_pcert_st *ccert;
+ char name[MAX_CN];
+ size_t name_size = sizeof(name);
/* this should be first */
@@ -110,6 +112,9 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
return ret;
}
+ ret = gnutls_openpgp_crt_get_name(crt, 0, name, &name_size);
+ if (ret < 0)
+ name[0] = 0;
ccert = gnutls_calloc (1, sizeof (gnutls_pcert_st));
if (ccert == NULL)
@@ -130,7 +135,7 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
ret = certificate_credentials_append_pkey (res, privkey);
if (ret >= 0)
- ret = certificate_credential_append_crt_list (res, ccert, 1);
+ ret = certificate_credential_append_crt_list (res, name, ccert, 1);
if (ret < 0)
{
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 4fc5def..e752e97 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -252,22 +252,24 @@ cleanup:
* gnutls_x509_crt_get_issuer_dn:
* @cert: should contain a #gnutls_x509_crt_t structure
* @buf: a pointer to a structure to hold the name (may be null)
- * @sizeof_buf: initially holds the size of @buf
+ * @buf_size: initially holds the size of @buf
*
* This function will copy the name of the Certificate issuer in the
* provided buffer. The name will be in the form
* "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
* will be ASCII or UTF-8 encoded, depending on the certificate data.
*
- * If @buf is null then only the size will be filled.
+ * If @buf is null then only the size will be filled. If the @raw_flag
+ * is not specified the output is always null terminated, although the
+ * @buf_size will not include the null character.
*
* Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_buf will be updated with
+ * long enough, and in that case the @buf_size will be updated with
* the required size. On success 0 is returned.
**/
int
gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * sizeof_buf)
+ size_t * buf_size)
{
if (cert == NULL)
{
@@ -277,7 +279,7 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char
*buf,
return _gnutls_x509_parse_dn (cert->cert,
"tbsCertificate.issuer.rdnSequence", buf,
- sizeof_buf);
+ buf_size);
}
/**
@@ -287,7 +289,7 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char
*buf,
* @indx: In case multiple same OIDs exist in the RDN, this specifies which to
send. Use (0) to get the first one.
* @raw_flag: If non (0) returns the raw DER data of the DN part.
* @buf: a pointer to a structure to hold the name (may be null)
- * @sizeof_buf: initially holds the size of @buf
+ * @buf_size: initially holds the size of @buf
*
* This function will extract the part of the name of the Certificate
* issuer specified by the given OID. The output, if the raw flag is not
@@ -300,17 +302,19 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert,
char *buf,
* in hex format with a '\#' prefix. You can check about known OIDs
* using gnutls_x509_dn_oid_known().
*
- * If @buf is null then only the size will be filled.
+ * If @buf is null then only the size will be filled. If the @raw_flag
+ * is not specified the output is always null terminated, although the
+ * @buf_size will not include the null character.
*
* Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_buf will be updated
+ * long enough, and in that case the @buf_size will be updated
* with the required size. On success 0 is returned.
**/
int
gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
const char *oid, int indx,
unsigned int raw_flag, void *buf,
- size_t * sizeof_buf)
+ size_t * buf_size)
{
if (cert == NULL)
{
@@ -320,7 +324,7 @@ gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t
cert,
return _gnutls_x509_parse_dn_oid (cert->cert,
"tbsCertificate.issuer.rdnSequence",
- oid, indx, raw_flag, buf, sizeof_buf);
+ oid, indx, raw_flag, buf, buf_size);
}
/**
@@ -328,20 +332,22 @@ gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t
cert,
* @cert: should contain a #gnutls_x509_crt_t structure
* @indx: This specifies which OID to return. Use (0) to get the first one.
* @oid: a pointer to a buffer to hold the OID (may be null)
- * @sizeof_oid: initially holds the size of @oid
+ * @oid_size: initially holds the size of @oid
*
* This function will extract the OIDs of the name of the Certificate
* issuer specified by the given index.
*
- * If @oid is null then only the size will be filled.
+ * If @oid is null then only the size will be filled. If the @raw_flag
+ * is not specified the output is always null terminated, although the
+ * @oid_size will not include the null character.
*
* Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_oid will be updated
+ * long enough, and in that case the @oid_size will be updated
* with the required size. On success 0 is returned.
**/
int
gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
+ int indx, void *oid, size_t * oid_size)
{
if (cert == NULL)
{
@@ -351,29 +357,31 @@ gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
return _gnutls_x509_get_dn_oid (cert->cert,
"tbsCertificate.issuer.rdnSequence",
- indx, oid, sizeof_oid);
+ indx, oid, oid_size);
}
/**
* gnutls_x509_crt_get_dn:
* @cert: should contain a #gnutls_x509_crt_t structure
* @buf: a pointer to a structure to hold the name (may be null)
- * @sizeof_buf: initially holds the size of @buf
+ * @buf_size: initially holds the size of @buf
*
* This function will copy the name of the Certificate in the provided
* buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
* described in RFC2253. The output string will be ASCII or UTF-8
* encoded, depending on the certificate data.
*
- * If @buf is null then only the size will be filled.
+ * If @buf is null then only the size will be filled. If the @raw_flag
+ * is not specified the output is always null terminated, although the
+ * @buf_size will not include the null character.
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_buf will be updated
+ * long enough, and in that case the @buf_size will be updated
* with the required size. On success 0 is returned.
**/
int
gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
- size_t * sizeof_buf)
+ size_t * buf_size)
{
if (cert == NULL)
{
@@ -383,7 +391,7 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
return _gnutls_x509_parse_dn (cert->cert,
"tbsCertificate.subject.rdnSequence", buf,
- sizeof_buf);
+ buf_size);
}
/**
@@ -393,7 +401,7 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
* @indx: In case multiple same OIDs exist in the RDN, this specifies which to
send. Use (0) to get the first one.
* @raw_flag: If non (0) returns the raw DER data of the DN part.
* @buf: a pointer where the DN part will be copied (may be null).
- * @sizeof_buf: initially holds the size of @buf
+ * @buf_size: initially holds the size of @buf
*
* This function will extract the part of the name of the Certificate
* subject specified by the given OID. The output, if the raw flag is
@@ -406,16 +414,18 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
* in hex format with a '\#' prefix. You can check about known OIDs
* using gnutls_x509_dn_oid_known().
*
- * If @buf is null then only the size will be filled.
+ * If @buf is null then only the size will be filled. If the @raw_flag
+ * is not specified the output is always null terminated, although the
+ * @buf_size will not include the null character.
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
- * not long enough, and in that case the *sizeof_buf will be updated
+ * not long enough, and in that case the *buf_size will be updated
* with the required size. On success 0 is returned.
**/
int
gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid,
int indx, unsigned int raw_flag,
- void *buf, size_t * sizeof_buf)
+ void *buf, size_t * buf_size)
{
if (cert == NULL)
{
@@ -425,7 +435,7 @@ gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
const char *oid,
return _gnutls_x509_parse_dn_oid (cert->cert,
"tbsCertificate.subject.rdnSequence",
- oid, indx, raw_flag, buf, sizeof_buf);
+ oid, indx, raw_flag, buf, buf_size);
}
/**
@@ -433,20 +443,22 @@ gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
const char *oid,
* @cert: should contain a #gnutls_x509_crt_t structure
* @indx: This specifies which OID to return. Use (0) to get the first one.
* @oid: a pointer to a buffer to hold the OID (may be null)
- * @sizeof_oid: initially holds the size of @oid
+ * @oid_size: initially holds the size of @oid
*
* This function will extract the OIDs of the name of the Certificate
* subject specified by the given index.
*
- * If oid is null then only the size will be filled.
+ * If @oid is null then only the size will be filled. If the @raw_flag
+ * is not specified the output is always null terminated, although the
+ * @oid_size will not include the null character.
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
- * not long enough, and in that case the *sizeof_oid will be updated
+ * not long enough, and in that case the @oid_size will be updated
* with the required size. On success 0 is returned.
**/
int
gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid)
+ int indx, void *oid, size_t * oid_size)
{
if (cert == NULL)
{
@@ -456,7 +468,7 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
return _gnutls_x509_get_dn_oid (cert->cert,
"tbsCertificate.subject.rdnSequence",
- indx, oid, sizeof_oid);
+ indx, oid, oid_size);
}
/**
@@ -1314,8 +1326,8 @@ gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t
cert,
* gnutls_x509_crt_get_subject_alt_othername_oid:
* @cert: should contain a #gnutls_x509_crt_t structure
* @seq: specifies the sequence number of the alt name (0 for the first one, 1
for the second etc.)
- * @ret: is the place where the otherName OID will be copied to
- * @ret_size: holds the size of ret.
+ * @oid: is the place where the otherName OID will be copied to
+ * @oid_size: holds the size of ret.
*
* This function will extract the type OID of an otherName Subject
* Alternative Name, contained in the given certificate, and return
@@ -1325,6 +1337,10 @@ gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t
cert,
* gnutls_x509_crt_get_subject_alt_name() returned
* %GNUTLS_SAN_OTHERNAME.
*
+ * If @oid is null then only the size will be filled. If the @raw_flag
+ * is not specified the output is always null terminated, although the
+ * @oid_size will not include the null character.
+ *
* Returns: the alternative subject name type on success, one of the
* enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it
* will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
@@ -1339,9 +1355,9 @@ gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t
cert,
int
gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
unsigned int seq,
- void *ret, size_t * ret_size)
+ void *oid, size_t * oid_size)
{
- return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, NULL, NULL, 1);
+ return get_alt_name (cert, "2.5.29.17", seq, oid, oid_size, NULL, NULL, 1);
}
/**
@@ -1355,6 +1371,10 @@ gnutls_x509_crt_get_subject_alt_othername_oid
(gnutls_x509_crt_t cert,
* Alternative Name, contained in the given certificate, and return
* the type as an enumerated element.
*
+ * If @oid is null then only the size will be filled. If the @raw_flag
+ * is not specified the output is always null terminated, although the
+ * @oid_size will not include the null character.
+ *
* This function is only useful if
* gnutls_x509_crt_get_issuer_alt_name() returned
* %GNUTLS_SAN_OTHERNAME.
@@ -1601,7 +1621,7 @@ gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
* @oid: holds an Object Identified in null terminated string
* @indx: In case multiple same OIDs exist in the extensions, this specifies
which to send. Use (0) to get the first one.
* @buf: a pointer to a structure to hold the name (may be null)
- * @sizeof_buf: initially holds the size of @buf
+ * @buf_size: initially holds the size of @buf
* @critical: will be non (0) if the extension is marked as critical
*
* This function will return the extension specified by the OID in the
@@ -1616,7 +1636,7 @@ gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
int
gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
const char *oid, int indx,
- void *buf, size_t * sizeof_buf,
+ void *buf, size_t * buf_size,
unsigned int *critical)
{
int result;
@@ -1642,14 +1662,14 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t
cert,
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- if (output.size > (unsigned int) *sizeof_buf)
+ if (output.size > (unsigned int) *buf_size)
{
- *sizeof_buf = output.size;
+ *buf_size = output.size;
_gnutls_free_datum (&output);
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- *sizeof_buf = output.size;
+ *buf_size = output.size;
if (buf)
memcpy (buf, output.data, output.size);
@@ -1665,7 +1685,7 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t
cert,
* @cert: should contain a #gnutls_x509_crt_t structure
* @indx: Specifies which extension OID to send. Use (0) to get the first one.
* @oid: a pointer to a structure to hold the OID (may be null)
- * @sizeof_oid: initially holds the size of @oid
+ * @oid_size: initially holds the size of @oid
*
* This function will return the requested extension OID in the certificate.
* The extension OID will be stored as a string in the provided buffer.
@@ -1677,7 +1697,7 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t
cert,
**/
int
gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * sizeof_oid)
+ void *oid, size_t * oid_size)
{
int result;
@@ -1687,7 +1707,7 @@ gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t
cert, int indx,
return GNUTLS_E_INVALID_REQUEST;
}
- result = _gnutls_x509_crt_get_extension_oid (cert, indx, oid, sizeof_oid);
+ result = _gnutls_x509_crt_get_extension_oid (cert, indx, oid, oid_size);
if (result < 0)
{
return result;
@@ -1702,7 +1722,7 @@ gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t
cert, int indx,
* @cert: should contain a #gnutls_x509_crt_t structure
* @indx: Specifies which extension OID to send. Use (0) to get the first one.
* @oid: a pointer to a structure to hold the OID
- * @sizeof_oid: initially holds the maximum size of @oid, on return
+ * @oid_size: initially holds the maximum size of @oid, on return
* holds actual size of @oid.
* @critical: output variable with critical flag, may be NULL.
*
@@ -1712,7 +1732,7 @@ gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t
cert, int indx,
* gnutls_x509_crt_get_extension_data() to extract the data.
*
* If the buffer provided is not long enough to hold the output, then
- * address@hidden is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will be
+ * address@hidden is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will be
* returned.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
@@ -1722,7 +1742,7 @@ gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t
cert, int indx,
**/
int
gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
- void *oid, size_t * sizeof_oid,
+ void *oid, size_t * oid_size,
int *critical)
{
int result;
@@ -1739,9 +1759,9 @@ gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t
cert, int indx,
snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID",
indx + 1);
- len = *sizeof_oid;
+ len = *oid_size;
result = asn1_read_value (cert->cert, name, oid, &len);
- *sizeof_oid = len;
+ *oid_size = len;
if (result == ASN1_ELEMENT_NOT_FOUND)
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
@@ -2072,7 +2092,7 @@ gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
* @cert: should contain a #gnutls_x509_crt_t structure
* @algo: is a digest algorithm
* @buf: a pointer to a structure to hold the fingerprint (may be null)
- * @sizeof_buf: initially holds the size of @buf
+ * @buf_size: initially holds the size of @buf
*
* This function will calculate and copy the certificate's fingerprint
* in the provided buffer.
@@ -2080,20 +2100,20 @@ gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
* If the buffer is null then only the size will be filled.
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
- * not long enough, and in that case the *sizeof_buf will be updated
+ * not long enough, and in that case the *buf_size will be updated
* with the required size. On success 0 is returned.
**/
int
gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
gnutls_digest_algorithm_t algo,
- void *buf, size_t * sizeof_buf)
+ void *buf, size_t * buf_size)
{
opaque *cert_buf;
int cert_buf_size;
int result;
gnutls_datum_t tmp;
- if (sizeof_buf == 0 || cert == NULL)
+ if (buf_size == 0 || cert == NULL)
{
return GNUTLS_E_INVALID_REQUEST;
}
@@ -2120,7 +2140,7 @@ gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
tmp.data = cert_buf;
tmp.size = cert_buf_size;
- result = gnutls_fingerprint (algo, &tmp, buf, sizeof_buf);
+ result = gnutls_fingerprint (algo, &tmp, buf, buf_size);
gnutls_free (cert_buf);
return result;
@@ -2770,7 +2790,7 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t
cert,
* @cert: should contain a #gnutls_x509_crt_t structure
* @indx: This specifies which OID to return. Use (0) to get the first one.
* @oid: a pointer to a buffer to hold the OID (may be null)
- * @sizeof_oid: initially holds the size of @oid
+ * @oid_size: initially holds the size of @oid
* @critical: output flag to indicate criticality of extension
*
* This function will extract the key purpose OIDs of the Certificate
@@ -2778,15 +2798,17 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t
cert,
* Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for
* human readable names.
*
- * If @oid is null then only the size will be filled.
+ * If @oid is null then only the size will be filled. If the @raw_flag
+ * is not specified the output is always null terminated, although the
+ * @oid_size will not include the null character.
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
- * not long enough, and in that case the *sizeof_oid will be updated
+ * not long enough, and in that case the *oid_size will be updated
* with the required size. On success 0 is returned.
**/
int
gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
- int indx, void *oid, size_t * sizeof_oid,
+ int indx, void *oid, size_t * oid_size,
unsigned int *critical)
{
char tmpstr[ASN1_MAX_NAME_SIZE];
@@ -2801,9 +2823,9 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t
cert,
}
if (oid)
- memset (oid, 0, *sizeof_oid);
+ memset (oid, 0, *oid_size);
else
- *sizeof_oid = 0;
+ *oid_size = 0;
if ((result =
_gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id,
@@ -2842,10 +2864,10 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t
cert,
*/
snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
- len = *sizeof_oid;
+ len = *oid_size;
result = asn1_read_value (c2, tmpstr, oid, &len);
- *sizeof_oid = len;
+ *oid_size = len;
asn1_delete_structure (&c2);
if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
@@ -3284,7 +3306,7 @@ error:
* gnutls_x509_crt_get_subject_unique_id:
* @crt: Holds the certificate
* @buf: user allocated memory buffer, will hold the unique id
- * @sizeof_buf: size of user allocated memory buffer (on input), will hold
+ * @buf_size: size of user allocated memory buffer (on input), will hold
* actual size of the unique ID on return.
*
* This function will extract the subjectUniqueID value (if present) for
@@ -3292,13 +3314,13 @@ error:
*
* If the user allocated memory buffer is not large enough to hold the
* full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be
- * returned, and sizeof_buf will be set to the actual length.
+ * returned, and buf_size will be set to the actual length.
*
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
**/
int
gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * sizeof_buf)
+ size_t * buf_size)
{
int result;
gnutls_datum_t datum = { NULL, 0 };
@@ -3307,15 +3329,15 @@ gnutls_x509_crt_get_subject_unique_id
(gnutls_x509_crt_t crt, char *buf,
_gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID",
&datum, 2);
- if (datum.size > *sizeof_buf)
+ if (datum.size > *buf_size)
{ /* then we're not going to fit */
- *sizeof_buf = datum.size;
+ *buf_size = datum.size;
buf[0] = '\0';
result = GNUTLS_E_SHORT_MEMORY_BUFFER;
}
else
{
- *sizeof_buf = datum.size;
+ *buf_size = datum.size;
memcpy (buf, datum.data, datum.size);
}
@@ -3328,7 +3350,7 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t
crt, char *buf,
* gnutls_x509_crt_get_issuer_unique_id:
* @crt: Holds the certificate
* @buf: user allocated memory buffer, will hold the unique id
- * @sizeof_buf: size of user allocated memory buffer (on input), will hold
+ * @buf_size: size of user allocated memory buffer (on input), will hold
* actual size of the unique ID on return.
*
* This function will extract the issuerUniqueID value (if present) for
@@ -3336,7 +3358,7 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t
crt, char *buf,
*
* If the user allocated memory buffer is not large enough to hold the
* full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be
- * returned, and sizeof_buf will be set to the actual length.
+ * returned, and buf_size will be set to the actual length.
*
* Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
*
@@ -3344,7 +3366,7 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t
crt, char *buf,
**/
int
gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
- size_t * sizeof_buf)
+ size_t * buf_size)
{
int result;
gnutls_datum_t datum = { NULL, 0 };
@@ -3353,15 +3375,15 @@ gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t
crt, char *buf,
_gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID",
&datum, 2);
- if (datum.size > *sizeof_buf)
+ if (datum.size > *buf_size)
{ /* then we're not going to fit */
- *sizeof_buf = datum.size;
+ *buf_size = datum.size;
buf[0] = '\0';
result = GNUTLS_E_SHORT_MEMORY_BUFFER;
}
else
{
- *sizeof_buf = datum.size;
+ *buf_size = datum.size;
memcpy (buf, datum.data, datum.size);
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x, updated. gnutls_3_0_0-136-ge1388b9,
Nikos Mavrogiannopoulos <=