[SCM] GNU gnutls branch, master, updated. gnutls_2_9

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-295-g37689ff

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-295-g37689ff
Date:	Mon, 05 Jul 2010 06:32:22 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=37689ff93340703204cfaa8b44ebe398677d88d5

The branch, master has been updated
       via  37689ff93340703204cfaa8b44ebe398677d88d5 (commit)
       via  0d004a210db5d220c896456a165c81264fa4454a (commit)
      from  b422230d1b846155b64a9e8cdcf8ed2563f442cc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 37689ff93340703204cfaa8b44ebe398677d88d5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jul 5 08:32:00 2010 +0200

    Do not crash if input is redirected from /dev/null.

commit 0d004a210db5d220c896456a165c81264fa4454a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jul 5 08:21:07 2010 +0200

    Changed the default pkcs-cipher to AES-128. Allowed specifying the 
3des-pkcs12
    cipher with the --pkcs-cipher option.

-----------------------------------------------------------------------

Summary of changes:
 NEWS               |    5 ++++-
 src/certtool-cfg.c |    4 ++++
 src/certtool-gaa.c |    4 ++--
 src/certtool.c     |    8 ++++++++
 src/certtool.gaa   |    4 ++--
 5 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/NEWS b/NEWS
index 89fcf94..32702d8 100644
--- a/NEWS
+++ b/NEWS
@@ -57,6 +57,10 @@ sizes for private keys using a human understandable scale.
 --pkcs11-list-all-certs, --pkcs11-list-trusted, --pkcs11-list-certs,
 --pkcs11-delete-url, --pkcs11-write
 
+certtool: The --pkcs-cipher is taken into account when generating a
+private key. The default cipher used now is aes-128. The old behavior can
+be simulated by specifying "--pkcs-cipher 3des-pkcs12".
+
 ** gnutls-cli/gnutls-serv: --x509cafile, --x509certfile and --x509keyfile
 can now accept a PKCS #11 URL in addition to a file. This will allow for
 example to use the Gnome-keyring trusted certificate list to verify
@@ -142,7 +146,6 @@ gnutls_pkcs11_copy_x509_crt: ADDED
 gnutls_pkcs11_copy_x509_privkey: ADDED
 gnutls_pkcs11_delete_url: ADDED
 
-
 * Version 2.9.10 (released 2010-04-22)
 
 ** libgnutls: Time verification extended to trusted certificate list.
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index d6988ec..41bcc17 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -250,6 +250,10 @@ read_int_with_default (const char *input_str, int def)
 
   printf (input_str, def);
   in = readline ("");
+  if (in == NULL)
+    {
+      return def;
+    }
 
   l = strtol (in, &endptr, 0);
 
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index 3d5bda8..17fd5f6 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -177,7 +177,7 @@ void gaa_help(void)
        __gaa_helpsingle(0, "outfile", "FILE ", "Output file.");
        __gaa_helpsingle(0, "infile", "FILE ", "Input file.");
        __gaa_helpsingle(0, "template", "FILE ", "Template file to use for non 
interactive operation.");
-       __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs 
operations (3des,aes-128,aes-192,aes-256,rc2-40).");
+       __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs 
operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour).");
        __gaa_helpsingle(0, "pkcs11-provider", "Library ", "Specify the pkcs11 
provider library");
        __gaa_helpsingle(0, "pkcs11-export-url", "URL ", "Export data specified 
a pkcs11 URL");
        __gaa_helpsingle(0, "pkcs11-list-certs", "", "List certificates that 
have a private key specified by a PKCS#11 URL");
@@ -1459,7 +1459,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
        gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; 
gaaval->outfile = NULL; gaaval->cert = NULL; 
        gaaval->incert_format = 0; gaaval->outcert_format = 0; 
gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
        gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; 
gaaval->fix_key = 0; gaaval->quick_random=1; 
-       gaaval->privkey_op = 0; gaaval->pkcs_cipher = "3des"; 
gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL;
+       gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; 
gaaval->crq_extensions=1; gaaval->pkcs11_provider= NULL;
        gaaval->pkcs11_url = NULL; gaaval->pkcs11_type = PKCS11_TYPE_PK; 
gaaval->pubkey=NULL; gaaval->pkcs11_label = NULL; 
        gaaval->pkcs11_trusted=0; gaaval->sec_param = NULL; 
gaaval->pkcs11_login = 0; ;};
 
diff --git a/src/certtool.c b/src/certtool.c
index dcca2fa..8a5c79e 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -267,6 +267,14 @@ cipher_to_flags (const char *cipher)
     {
       return GNUTLS_PKCS_USE_PBES2_3DES;
     }
+  else if (strcasecmp (cipher, "3des-pkcs12") == 0)
+    {
+      return GNUTLS_PKCS_USE_PKCS12_3DES;
+    }
+  else if (strcasecmp (cipher, "arcfour") == 0)
+    {
+      return GNUTLS_PKCS_USE_PKCS12_ARCFOUR;
+    }
   else if (strcasecmp (cipher, "aes-128") == 0)
     {
       return GNUTLS_PKCS_USE_PBES2_AES_128;
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 1fcdc20..28dcf29 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -133,7 +133,7 @@ option (infile) STR "FILE" { $infile = $1 } "Input file."
 option (template) STR "FILE" { $template = $1 } "Template file to use for non 
interactive operation."
 
 #char *pkcs_cipher;
-option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for 
pkcs operations (3des,aes-128,aes-192,aes-256,rc2-40)."
+option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for 
pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)."
 
 #char* pkcs11_provider;
 option (pkcs11-provider) STR "Library" { $pkcs11_provider = $1 } "Specify the 
pkcs11 provider library"
@@ -171,6 +171,6 @@ init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL; 
$ca_privkey = NULL;
        $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = 
NULL; 
        $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; 
$v1_cert = 0;
        $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; 
$quick_random=1; 
-       $privkey_op = 0; $pkcs_cipher = "3des"; $crq_extensions=1; 
$pkcs11_provider= NULL;
+       $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; 
$pkcs11_provider= NULL;
        $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; 
$pkcs11_label = NULL; 
        $pkcs11_trusted=0; $sec_param = NULL; $pkcs11_login = 0; }


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-295-g37689ff, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_0-6-g1a5729e
Next by Date: [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_0-7-g1e338d7
Previous by thread: [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_0-6-g1a5729e
Next by thread: [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_0-7-g1e338d7
Index(es):
- Date
- Thread