[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] add gnutls_certificate_find_issuer
From: |
Joe Orton |
Subject: |
[PATCH] add gnutls_certificate_find_issuer |
Date: |
Fri, 15 Feb 2008 10:21:50 +0000 |
User-agent: |
Mutt/1.5.17 (2007-11-01) |
This patch adds a function which finds the issuer of a given certificate
within a credentials structure. This is useful so that clients can
easily recreate the complete server cert chain given only the single
cert returned by the peer.
(e.g. in the case where gnutls_certificate_set_x509_trust_file() is
used, the client doesn't have the individual issuer cert structures to
compare against directly.)
This and the previously submitted patch allow the two remaining failures
in neon's SSL test suite to be fixed :)
diff -up ./includes/gnutls/gnutls.h.findissuer ./includes/gnutls/gnutls.h
--- ./includes/gnutls/gnutls.h.findissuer 2008-02-15 10:06:48.000000000
+0000
+++ ./includes/gnutls/gnutls.h 2008-02-15 09:39:56.000000000 +0000
@@ -717,6 +717,10 @@ extern "C"
gnutls_x509_crl_t * crl_list,
int crl_list_size);
+ gnutls_x509_crt_t
+ gnutls_certificate_find_issuer (gnutls_certificate_credentials_t cred,
+ gnutls_x509_crt_t crt);
+
/* global state functions
*/
int gnutls_global_init (void);
diff -up ./lib/gnutls_cert.c.findissuer ./lib/gnutls_cert.c
--- ./lib/gnutls_cert.c.findissuer 2007-12-17 11:12:04.000000000 +0000
+++ ./lib/gnutls_cert.c 2008-02-15 10:09:04.000000000 +0000
@@ -593,6 +593,31 @@ gnutls_certificate_verify_peers (gnutls_
}
/**
+ * gnutls_certificate_find_issuer - This function finds an issuer certificate
+ * @sc: is an #gnutls_certificate_credentials_t structure.
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ *
+ * This function returns the issuer certificate of @cert, if it can
+ * be found in the listed of trusted X.509 certificates in @cred.
+ * If no issuer is found, then NULL is returned.
+ *
+ **/
+gnutls_x509_crt_t
+gnutls_certificate_find_issuer (gnutls_certificate_credentials_t cred,
+ gnutls_x509_crt_t cert)
+{
+ unsigned n;
+
+ for (n = 0; n < cred->x509_ncas; n++)
+ {
+ if (gnutls_x509_crt_check_issuer (crt, cred->x509_ca_list[n]) == 1)
+ return cred->x509_ca_list[n];
+ }
+
+ return NULL;
+}
+
+/**
* gnutls_certificate_expiration_time_peers - This function returns the
peer's certificate expiration time
* @session: is a gnutls session
*
- [PATCH] add gnutls_certificate_find_issuer,
Joe Orton <=
- Re: [PATCH] add gnutls_certificate_find_issuer, Joe Orton, 2008/02/19
- Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/19
- Re: [PATCH] add gnutls_certificate_find_issuer, Joe Orton, 2008/02/19
- Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/20
- Re: [PATCH] add gnutls_certificate_find_issuer, Joe Orton, 2008/02/20
- Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/20
- Re: [PATCH] add gnutls_certificate_find_issuer, Simon Josefsson, 2008/02/21
- Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/21
- Re: [PATCH] add gnutls_certificate_find_issuer, Simon Josefsson, 2008/02/21