[SCM] GNU gnutls branch, master, updated. gnutls_3_1

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-69-g5ad723c

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-69-g5ad723c
Date:	Sat, 15 Sep 2012 18:14:34 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5ad723cfd66c2dbb0dcb22010ca14af4f21ee710

The branch, master has been updated
       via  5ad723cfd66c2dbb0dcb22010ca14af4f21ee710 (commit)
      from  2cc740eb52abac318176c49f8e8358666c8457cd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5ad723cfd66c2dbb0dcb22010ca14af4f21ee710
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat Sep 15 20:13:39 2012 +0200

    Do not ask unnecessary questions when signing a certificate (request).

-----------------------------------------------------------------------

Summary of changes:
 src/certtool.c |   30 +++++++++++++++++++-----------
 1 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/src/certtool.c b/src/certtool.c
index 1040bdc..c2952a2 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -421,9 +421,8 @@ generate_certificate (gnutls_privkey_t * ret_key,
 
           pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
 
-          if (pk != GNUTLS_PK_DSA)
-            {                   /* DSA keys can only sign.
-                                 */
+          if (pk == GNUTLS_PK_RSA)
+            { /* DSA and ECDSA keys can only sign. */
               result = get_sign_status (server);
               if (result)
                 usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
@@ -1734,7 +1733,7 @@ generate_request (common_info_st * cinfo)
   gnutls_x509_privkey_t xkey;
   gnutls_pubkey_t pubkey;
   gnutls_privkey_t pkey;
-  int ret, ca_status, path_len;
+  int ret, ca_status, path_len, pk;
   const char *pass;
   unsigned int usage = 0;
 
@@ -1765,6 +1764,8 @@ generate_request (common_info_st * cinfo)
 
   pubkey = load_public_key_or_import (1, pkey, cinfo);
 
+  pk = gnutls_pubkey_get_pk_algorithm (pubkey, NULL);
+
   /* Set the DN.
    */
   get_country_crq_set (crq);
@@ -1804,14 +1805,21 @@ generate_request (common_info_st * cinfo)
         error (EXIT_FAILURE, 0, "set_basic_constraints: %s",
                gnutls_strerror (ret));
 
-      ret = get_sign_status (1);
-      if (ret)
-        usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+      if (pk == GNUTLS_PK_RSA)
+        {
+          ret = get_sign_status (1);
+          if (ret)
+            usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
 
-      ret = get_encrypt_status (1);
-      if (ret)
-        usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
-      else
+          /* Only ask for an encryption certificate
+           * if it is an RSA one */
+          ret = get_encrypt_status (1);
+          if (ret)
+            usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+          else
+            usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+        }
+      else /* DSA and ECDSA are always signing */
         usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
 
       if (ca_status)


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-69-g5ad723c, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, gnutls_3_1_x, updated. gnutls_3_1_1-15-gcc24cc4
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-70-g4d92572
Previous by thread: [SCM] GNU gnutls branch, gnutls_3_1_x, updated. gnutls_3_1_1-15-gcc24cc4
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-70-g4d92572
Index(es):
- Date
- Thread