[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] add gnutls_certificate_find_issuer
From: |
Joe Orton |
Subject: |
Re: [PATCH] add gnutls_certificate_find_issuer |
Date: |
Tue, 19 Feb 2008 20:56:55 +0000 |
User-agent: |
Mutt/1.5.17 (2007-11-01) |
On Fri, Feb 15, 2008 at 10:21:50AM +0000, Joe Orton wrote:
> This patch adds a function which finds the issuer of a given certificate
> within a credentials structure. This is useful so that clients can
> easily recreate the complete server cert chain given only the single
> cert returned by the peer.
>
> (e.g. in the case where gnutls_certificate_set_x509_trust_file() is
> used, the client doesn't have the individual issuer cert structures to
> compare against directly.)
>
> This and the previously submitted patch allow the two remaining failures
> in neon's SSL test suite to be fixed :)
The patch submitted for this had a typo and wouldn't compile; here's an
updated version:
diff -up ./includes/gnutls/gnutls.h.findissuer ./includes/gnutls/gnutls.h
--- ./includes/gnutls/gnutls.h.findissuer
+++ ./includes/gnutls/gnutls.h
@@ -717,6 +717,10 @@ extern "C"
gnutls_x509_crl_t * crl_list,
int crl_list_size);
+ gnutls_x509_crt_t
+ gnutls_certificate_find_issuer (gnutls_certificate_credentials_t cred,
+ gnutls_x509_crt_t cert);
+
/* global state functions
*/
int gnutls_global_init (void);
diff -up ./lib/gnutls_cert.c.findissuer ./lib/gnutls_cert.c
--- ./lib/gnutls_cert.c.findissuer
+++ ./lib/gnutls_cert.c
@@ -593,6 +593,31 @@ gnutls_certificate_verify_peers (gnutls_
}
/**
+ * gnutls_certificate_find_issuer - This function finds an issuer certificate
+ * @sc: is an #gnutls_certificate_credentials_t structure.
+ * @cert: should contain a gnutls_x509_crt_t structure
+ *
+ * This function returns the issuer certificate of @cert, if it can
+ * be found in the listed of trusted X.509 certificates in @cred.
+ * If no issuer is found, then NULL is returned.
+ *
+ **/
+gnutls_x509_crt_t
+gnutls_certificate_find_issuer (gnutls_certificate_credentials_t cred,
+ gnutls_x509_crt_t cert)
+{
+ unsigned n;
+
+ for (n = 0; n < cred->x509_ncas; n++)
+ {
+ if (gnutls_x509_crt_check_issuer (cert, cred->x509_ca_list[n]) == 1)
+ return cred->x509_ca_list[n];
+ }
+
+ return NULL;
+}
+
+/**
* gnutls_certificate_expiration_time_peers - This function returns the
peer's certificate expiration time
* @session: is a gnutls session
*
- [PATCH] add gnutls_certificate_find_issuer, Joe Orton, 2008/02/15
- Re: [PATCH] add gnutls_certificate_find_issuer,
Joe Orton <=
- Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/19
- Re: [PATCH] add gnutls_certificate_find_issuer, Joe Orton, 2008/02/19
- Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/20
- Re: [PATCH] add gnutls_certificate_find_issuer, Joe Orton, 2008/02/20
- Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/20
- Re: [PATCH] add gnutls_certificate_find_issuer, Simon Josefsson, 2008/02/21
- Re: [PATCH] add gnutls_certificate_find_issuer, Nikos Mavrogiannopoulos, 2008/02/21
- Re: [PATCH] add gnutls_certificate_find_issuer, Simon Josefsson, 2008/02/21