[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-18-g16d5
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-18-g16d59e2 |
Date: |
Thu, 17 May 2012 12:01:53 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=16d59e276e39c4d71a825d17a46f7fe7387ae070
The branch, gnutls_3_0_x-2 has been updated
via 16d59e276e39c4d71a825d17a46f7fe7387ae070 (commit)
via 3fea6560caf3ed5530363e7fe119102904794595 (commit)
from 162e146a56bb692a5190a709224cc4b0e6abdd04 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 16d59e276e39c4d71a825d17a46f7fe7387ae070
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed May 16 19:40:45 2012 +0200
Be more conservative with examples.
gnutls_certificate_set_x509_system_trust() returns
GNUTLS_E_UNIMPLEMENTED_FEATURE on systems that do not have a (known) default
trust store.
commit 3fea6560caf3ed5530363e7fe119102904794595
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed May 16 19:28:34 2012 +0200
Revert "updated examples"
This reverts commit 559614fc7a288bf6eaf36ebe696e07b150c96be5.
-----------------------------------------------------------------------
Summary of changes:
doc/examples/ex-client-dtls.c | 3 ++-
doc/examples/ex-client-resume.c | 3 ++-
doc/examples/ex-client-srp.c | 5 +++--
doc/examples/ex-client-x509.c | 10 ++++------
doc/examples/ex-serv-x509.c | 1 +
lib/gnutls_x509.c | 14 ++++++++++++--
6 files changed, 24 insertions(+), 12 deletions(-)
diff --git a/doc/examples/ex-client-dtls.c b/doc/examples/ex-client-dtls.c
index 377c42e..21e7244 100644
--- a/doc/examples/ex-client-dtls.c
+++ b/doc/examples/ex-client-dtls.c
@@ -18,6 +18,7 @@
*/
#define MAX_BUF 1024
+#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
extern int udp_connect (void);
@@ -39,7 +40,7 @@ main (void)
gnutls_certificate_allocate_credentials (&xcred);
/* sets the trusted cas file */
- gnutls_certificate_set_x509_system_trust(xcred);
+ gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_function (xcred, verify_certificate_callback);
/* Initialize TLS session */
diff --git a/doc/examples/ex-client-resume.c b/doc/examples/ex-client-resume.c
index cfa3aad..c094950 100644
--- a/doc/examples/ex-client-resume.c
+++ b/doc/examples/ex-client-resume.c
@@ -16,6 +16,7 @@ extern int tcp_connect (void);
extern void tcp_close (int sd);
#define MAX_BUF 1024
+#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
int
@@ -38,7 +39,7 @@ main (void)
/* X509 stuff */
gnutls_certificate_allocate_credentials (&xcred);
- gnutls_certificate_set_x509_system_trust(xcred);
+ gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
for (t = 0; t < 2; t++)
{ /* connect 2 times to the server */
diff --git a/doc/examples/ex-client-srp.c b/doc/examples/ex-client-srp.c
index 172c152..7784075 100644
--- a/doc/examples/ex-client-srp.c
+++ b/doc/examples/ex-client-srp.c
@@ -18,6 +18,7 @@ extern void tcp_close (int sd);
#define MAX_BUF 1024
#define USERNAME "user"
#define PASSWORD "pass"
+#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
int
@@ -35,8 +36,8 @@ main (void)
gnutls_srp_allocate_client_credentials (&srp_cred);
gnutls_certificate_allocate_credentials (&cert_cred);
- gnutls_certificate_set_x509_system_trust(cert_cred);
-
+ gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
gnutls_srp_set_client_credentials (srp_cred, USERNAME, PASSWORD);
/* connects to server
diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c
index e442886..c914ba7 100644
--- a/doc/examples/ex-client-x509.c
+++ b/doc/examples/ex-client-x509.c
@@ -17,7 +17,7 @@
*/
#define MAX_BUF 1024
-/* #define CAFILE "/etc/ssl/certs/ca-certificates.crt" */
+#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
#define MSG "GET / HTTP/1.0\r\n\r\n"
extern int tcp_connect (void);
@@ -37,12 +37,10 @@ int main (void)
/* X509 stuff */
gnutls_certificate_allocate_credentials (&xcred);
- /* sets the trusted cas to be the system ones
+ /* sets the trusted cas file
*/
- gnutls_certificate_set_x509_system_trust(xcred);
- /* gnutls_certificate_set_x509_trust_file (xcred, CAFILE,
GNUTLS_X509_FMT_PEM);
- */
-
+ /* gnutls_certificate_set_x509_system_trust(xcred); */
+ gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_function (xcred, _verify_certificate_callback);
/* If client holds a certificate it can be set using the following:
diff --git a/doc/examples/ex-serv-x509.c b/doc/examples/ex-serv-x509.c
index dedd1a1..a8dc20e 100644
--- a/doc/examples/ex-serv-x509.c
+++ b/doc/examples/ex-serv-x509.c
@@ -84,6 +84,7 @@ main (void)
gnutls_global_init ();
gnutls_certificate_allocate_credentials (&x509_cred);
+ /* gnutls_certificate_set_x509_system_trust(xcred); */
gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
GNUTLS_X509_FMT_PEM);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index e859a1f..4f15ea1 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -1590,7 +1590,7 @@ gnutls_certificate_set_x509_trust_file
(gnutls_certificate_credentials_t cred,
#ifdef DEFAULT_TRUST_STORE_FILE
static int
-_gnutls_certificate_set_x509_system_trust_file
(gnutls_certificate_credentials_t cred)
+set_x509_system_trust_file (gnutls_certificate_credentials_t cred)
{
int ret;
gnutls_datum_t cas;
@@ -1625,6 +1625,9 @@ _gnutls_certificate_set_x509_system_trust_file
(gnutls_certificate_credentials_t
* This function adds the system's default trusted CAs in order to
* verify client or server certificates.
*
+ * In the case the system is currently unsupported
%GNUTLS_E_UNIMPLEMENTED_FEATURE
+ * is returned.
+ *
* Returns: the number of certificates processed or a negative error code
* on error.
*
@@ -1633,17 +1636,24 @@ _gnutls_certificate_set_x509_system_trust_file
(gnutls_certificate_credentials_t
int
gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t
cred)
{
+#if !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE)
+ int r = GNUTLS_E_UNIMPLEMENTED_FEATURE;
+#else
int ret, r = 0;
+#endif
+
#if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11)
ret = read_cas_url (cred, DEFAULT_TRUST_STORE_PKCS11);
if (ret > 0)
r += ret;
#endif
+
#ifdef DEFAULT_TRUST_STORE_FILE
- ret = _gnutls_certificate_set_x509_system_trust_file(cred);
+ ret = set_x509_system_trust_file(cred);
if (ret > 0)
r += ret;
#endif
+
return r;
}
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_19-18-g16d59e2,
Nikos Mavrogiannopoulos <=