[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_21

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_21_real-9-g

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_21_real-9-gb4222f5
Date:	Wed, 01 Aug 2012 23:21:44 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=b4222f5db3a8dc197068cce867f458ed333b5dec

The branch, gnutls_3_0_x-2 has been updated
       via  b4222f5db3a8dc197068cce867f458ed333b5dec (commit)
       via  7a7921a3d127a7d0b75fa2c8376e1fd683ef9e12 (commit)
      from  4e3dde7d1324efc0f7db722e2f78fc9b5572a060 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b4222f5db3a8dc197068cce867f458ed333b5dec
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Thu Aug 2 01:22:51 2012 +0200

    documented update

commit 7a7921a3d127a7d0b75fa2c8376e1fd683ef9e12
Author: Petr PÃsaÅ <address@hidden>
Date:   Thu Jul 26 16:18:44 2012 +0200

    Respect certtool --hash when signing request and CRL
    
    The certtool hard-codes the digest algorithm despite '--hash' option exists.
    This patch allows user to choose the algorithm when signing certificate
    request or certificate revocation list.
    
    Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>

-----------------------------------------------------------------------

Summary of changes:
 NEWS           |    9 +++++++++
 src/certtool.c |   39 ++++++++++++++++++++++++---------------
 2 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/NEWS b/NEWS
index 33a0563..01435ff 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,15 @@ GnuTLS NEWS -- History of user-visible changes.                
-*- outline -*-
 Copyright (C) 2000-2012 Free Software Foundation, Inc.
 See the end for copying conditions.
 
+* Version 3.0.22 (unreleased)
+
+** certtool: Allow the user to choose the hash algorithm
+when signing certificate request or certificate revocation list.
+
+** API and ABI modifications:
+No changes since last version.
+
+
 * Version 3.0.21 (released 2012-07-02)
 
 ** libgnutls: fixed bug in gnutls_x509_privkey_import() 
diff --git a/src/certtool.c b/src/certtool.c
index 59d6155..7cc88d5 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -49,8 +49,6 @@
 #include "certtool-args.h"
 #include "certtool-common.h"
 
-#define SIGN_HASH GNUTLS_DIG_SHA256
-
 static void privkey_info_int (common_info_st*, gnutls_x509_privkey_t key);
 static void print_crl_info (gnutls_x509_crl_t crl, FILE * out);
 void pkcs7_info (void);
@@ -727,12 +725,32 @@ generate_crl (gnutls_x509_crt_t ca_crt, common_info_st * 
cinfo)
 }
 
 static gnutls_digest_algorithm_t
+get_dig_for_pub (gnutls_pubkey_t pubkey)
+{
+  gnutls_digest_algorithm_t dig;
+  int result;
+  unsigned int mand;
+
+  result = gnutls_pubkey_get_preferred_hash_algorithm (pubkey, &dig, &mand);
+  if (result < 0)
+    {
+      error (EXIT_FAILURE, 0, "crt_get_preferred_hash_algorithm: %s",
+             gnutls_strerror (result));
+    }
+
+  /* if algorithm allows alternatives */
+  if (mand == 0 && default_dig != GNUTLS_DIG_UNKNOWN)
+    dig = default_dig;
+
+  return dig;
+}
+
+static gnutls_digest_algorithm_t
 get_dig (gnutls_x509_crt_t crt)
 {
   gnutls_digest_algorithm_t dig;
   gnutls_pubkey_t pubkey;
   int result;
-  unsigned int mand;
 
   gnutls_pubkey_init(&pubkey);
 
@@ -743,19 +761,10 @@ get_dig (gnutls_x509_crt_t crt)
              gnutls_strerror (result));
     }
 
-  result = gnutls_pubkey_get_preferred_hash_algorithm (pubkey, &dig, &mand);
-  if (result < 0)
-    {
-      error (EXIT_FAILURE, 0, "crt_get_preferred_hash_algorithm: %s",
-             gnutls_strerror (result));
-    }
+  dig = get_dig_for_pub (pubkey);
 
   gnutls_pubkey_deinit(pubkey);
 
-  /* if algorithm allows alternatives */
-  if (mand == 0 && default_dig != GNUTLS_DIG_UNKNOWN)
-    dig = default_dig;
-
   return dig;
 }
 
@@ -899,7 +908,7 @@ generate_signed_crl (common_info_st * cinfo)
   crl = generate_crl (ca_crt, cinfo);
 
   fprintf (stderr, "\n");
-  result = gnutls_x509_crl_privkey_sign(crl, ca_crt, ca_key, SIGN_HASH, 0);
+  result = gnutls_x509_crl_privkey_sign(crl, ca_crt, ca_key, get_dig (ca_crt), 
0);
   if (result < 0)
     error (EXIT_FAILURE, 0, "crl_privkey_sign: %s", gnutls_strerror (result));
 
@@ -1973,7 +1982,7 @@ generate_request (common_info_st * cinfo)
   if (ret < 0)
     error (EXIT_FAILURE, 0, "set_key: %s", gnutls_strerror (ret));
 
-  ret = gnutls_x509_crq_privkey_sign (crq, pkey, SIGN_HASH, 0);
+  ret = gnutls_x509_crq_privkey_sign (crq, pkey, get_dig_for_pub (pubkey), 0);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "sign: %s", gnutls_strerror (ret));
 


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_21_real-9-gb4222f5, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-81-g23f504a
Next by Date: [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_21_real-11-g4ef1ee7
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_21-81-g23f504a
Next by thread: [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_21_real-11-g4ef1ee7
Index(es):
- Date
- Thread