[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-4-g3d98785
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-4-g3d98785 |
|
Date: |
Sun, 11 Nov 2012 19:45:56 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=3d98785df958a2061dd9056bb38cc318be202b33
The branch, master has been updated
via 3d98785df958a2061dd9056bb38cc318be202b33 (commit)
via e146798cb567e3a2f74d824b042c9911364b404c (commit)
via 34fcb3496a7b713514f28dddf728db3e7fc2f08d (commit)
from 832c4d6898f7fcc1ae15e293229f4d1be80fa919 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3d98785df958a2061dd9056bb38cc318be202b33
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 11 20:40:38 2012 +0100
The pubkey-info option can be combined with the load-privkey to extract the
public key of a private key.
commit e146798cb567e3a2f74d824b042c9911364b404c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 11 19:07:39 2012 +0100
corrected verification examples
commit 34fcb3496a7b713514f28dddf728db3e7fc2f08d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Nov 10 21:46:54 2012 +0100
removed OCSP extension from TODO
-----------------------------------------------------------------------
Summary of changes:
NEWS | 10 ++++++++++
doc/TODO | 1 -
doc/examples/ex-client-x509.c | 3 +++
doc/examples/ex-verify-ssh.c | 3 +++
doc/examples/verify.c | 3 +++
doc/invoke-certtool.texi | 7 ++++++-
src/certtool-args.c | 2 +-
src/certtool-args.def | 2 +-
src/certtool-args.h | 2 +-
src/certtool.c | 22 +++++++++++++++++-----
10 files changed, 45 insertions(+), 10 deletions(-)
diff --git a/NEWS b/NEWS
index 06ed439..f5c11ae 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,16 @@ GnuTLS NEWS -- History of user-visible changes.
-*- outline -*-
Copyright (C) 2000-2012 Free Software Foundation, Inc.
See the end for copying conditions.
+* Version 3.1.5 (unreleased)
+
+** certtool: The --pubkey-info option can be combined with the
+--load-privkey in order to print the corresponding public key of a private
+key.
+
+** API and ABI modifications:
+No changes since last version.
+
+
* Version 3.1.4 (released 2012-11-10)
** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on
diff --git a/doc/TODO b/doc/TODO
index bcb3199..13764a8 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -5,7 +5,6 @@ in order to avoid having people working on the same thing.
Current list:
* When importing a PKCS #11 certificate, check for its issuers to generate a
chain (e.g. use the DN to retrieve possible signers).
-* Added support for Certificate Status Request (OCSP) extension (RFC6066)
* Improve AES assembly. AES in nettle can be improved in x86, arm and
x86-64.
* Add support for RSA-PSS. This signature algorithm is seen in some
diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c
index 6e38a15..e4a5293 100644
--- a/doc/examples/ex-client-x509.c
+++ b/doc/examples/ex-client-x509.c
@@ -172,6 +172,9 @@ _verify_certificate_callback (gnutls_session_t session)
gnutls_free(out.data);
+ if (status != 0) /* Certificate is not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+
/* notify gnutls to continue handshake normally */
return 0;
}
diff --git a/doc/examples/ex-verify-ssh.c b/doc/examples/ex-verify-ssh.c
index 9251b78..474a3e6 100644
--- a/doc/examples/ex-verify-ssh.c
+++ b/doc/examples/ex-verify-ssh.c
@@ -52,6 +52,9 @@ _ssh_verify_certificate_callback (gnutls_session_t session)
gnutls_free(out.data);
+ if (status != 0) /* Certificate is not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+
/* Do SSH verification */
cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
if (cert_list == NULL)
diff --git a/doc/examples/verify.c b/doc/examples/verify.c
index 8fd5931..bee8e6b 100644
--- a/doc/examples/verify.c
+++ b/doc/examples/verify.c
@@ -43,6 +43,9 @@ int verify_certificate_callback (gnutls_session_t session)
gnutls_free(out.data);
+ if (status != 0) /* Certificate is not trusted */
+ return GNUTLS_E_CERTIFICATE_ERROR;
+
/* notify gnutls to continue handshake normally */
return 0;
}
diff --git a/doc/invoke-certtool.texi b/doc/invoke-certtool.texi
index b72286a..329c26d 100644
--- a/doc/invoke-certtool.texi
+++ b/doc/invoke-certtool.texi
@@ -6,7 +6,7 @@
#
# DO NOT EDIT THIS FILE (invoke-certtool.texi)
#
-# It has been AutoGen-ed November 8, 2012 at 11:40:17 PM by AutoGen 5.16
+# It has been AutoGen-ed November 11, 2012 at 08:40:03 PM by AutoGen 5.16
# From the definitions ../src/certtool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@@ -204,6 +204,11 @@ This can be either a file or a PKCS #11 URL
This is the ``enforce a null password'' option.
This option enforces a NULL password. This may be different than the empty
password in some schemas.
address@hidden pubkey-info}
address@hidden pubkey-info option
+
+This is the ``print information on a public key'' option.
+The option combined with --load-pubkey, --load-privkey and --load-certificate
will extract the public key of the object in question.
@anchor{certtool to-p12}
@subheading to-p12 option
diff --git a/src/certtool-args.c b/src/certtool-args.c
index 016c786..26d78f9 100644
--- a/src/certtool-args.c
+++ b/src/certtool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (certtool-args.c)
*
- * It has been AutoGen-ed November 8, 2012 at 11:35:51 PM by AutoGen 5.16
+ * It has been AutoGen-ed November 11, 2012 at 08:37:40 PM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
diff --git a/src/certtool-args.def b/src/certtool-args.def
index 23c9d4f..480c16e 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -235,7 +235,7 @@ flag = {
flag = {
name = pubkey-info;
descrip = "Print information on a public key";
- doc = "";
+ doc = "The option combined with --load-pubkey, --load-privkey and
--load-certificate will extract the public key of the object in question.";
};
flag = {
diff --git a/src/certtool-args.h b/src/certtool-args.h
index d10c14d..6c0b944 100644
--- a/src/certtool-args.h
+++ b/src/certtool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (certtool-args.h)
*
- * It has been AutoGen-ed November 8, 2012 at 11:35:51 PM by AutoGen 5.16
+ * It has been AutoGen-ed November 11, 2012 at 08:37:40 PM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
diff --git a/src/certtool.c b/src/certtool.c
index c9506a1..7ec33a9 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -2705,6 +2705,7 @@ void
pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo)
{
gnutls_pubkey_t pubkey;
+ gnutls_privkey_t privkey;
int ret;
size_t size;
@@ -2723,14 +2724,25 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st *
cinfo)
{
ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
if (ret < 0)
- {
- error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
- gnutls_strerror (ret));
- }
+ error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
+ gnutls_strerror (ret));
}
else
{
- pubkey = load_pubkey (1, cinfo);
+ privkey = load_private_key (0, cinfo);
+
+ if (privkey != NULL)
+ {
+ ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "pubkey_import_privkey: %s",
+ gnutls_strerror (ret));
+ }
+ else
+ {
+ gnutls_pubkey_deinit(pubkey);
+ pubkey = load_pubkey (1, cinfo);
+ }
}
if (outcert_format == GNUTLS_X509_FMT_DER)
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-4-g3d98785,
Nikos Mavrogiannopoulos <=