diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-01 09:36:48 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-01 09:36:48 +0000 |
commit | 1ddd294bfcde6a5797793e64460d38346fc12d62 (patch) | |
tree | 1a5db321be0540aaeb8fc9ca43e983676d3b7f6f | |
parent | 4bc0b54ec7dc30f5d213f717630b60359706dba4 (diff) | |
download | gnutls-1ddd294bfcde6a5797793e64460d38346fc12d62.tar.gz |
*** empty log message ***
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | lib/x509/verify.c | 14 | ||||
-rw-r--r-- | libextra/openpgp/verify.c | 3 | ||||
-rw-r--r-- | src/certtool-gaa.c | 2 | ||||
-rw-r--r-- | src/certtool.gaa | 2 | ||||
-rw-r--r-- | tests/test25.pem | 56 |
6 files changed, 12 insertions, 67 deletions
@@ -2,6 +2,8 @@ Version 0.9.95 - Improved the verification functions. Added new verification output flags and removed the unused and redundant ones. - Improved the OpenPGP key support. +- The prime utility was removed, and its functionality was moved + to certtool. Version 0.9.94 (30/10/2003) - Added manpages for the included programs. diff --git a/lib/x509/verify.c b/lib/x509/verify.c index b63d81a278..e1faf005cf 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -534,25 +534,25 @@ int ret, issuer_params_size, i; * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. * @verify: will hold the certificate verification output. * - * This function will try to verify the given certificate list and return its status (TRUSTED, REVOKED etc.). - * The return value (status) should be one or more of the gnutls_certificate_status - * enumerated elements bitwise or'd. Note that expiration and activation dates are not checked + * This function will try to verify the given certificate list and return its status. + * Note that expiration and activation dates are not checked * by this function, you should check them using the appropriate functions. * * If no flags are specified (0), this function will use the * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate * authority is allowed to sign a certificate. * - * However you must also check the peer's name in order to check if the verified + * You must also check the peer's name in order to check if the verified * certificate belongs to the actual peer. * - * * The certificate verification output will be put in 'verify' and will be * one or more of the gnutls_certificate_status enumerated elements bitwise or'd. + * For a more detailed verification status use gnutls_x509_crt_verify() per list + * element. * - * GNUTLS_CERT_INVALID\: the peer's certificate is not valid. + * GNUTLS_CERT_INVALID\: the certificate chain is not valid. * - * GNUTLS_CERT_REVOKED\: the certificate has been revoked. + * GNUTLS_CERT_REVOKED\: a certificate in the chain has been revoked. * * Returns 0 on success and a negative value in case of an error. * diff --git a/libextra/openpgp/verify.c b/libextra/openpgp/verify.c index 9df5957971..bddf9a60e1 100644 --- a/libextra/openpgp/verify.c +++ b/libextra/openpgp/verify.c @@ -139,8 +139,7 @@ int gnutls_openpgp_key_verify_ring( gnutls_openpgp_key key, * @verify: will hold the certificate verification output. * * Checks if the key is revoked or disabled, in the trustdb. - * - * The certificate verification output will be put in 'verify' and will be + * The verification output will be put in 'verify' and will be * one or more of the gnutls_certificate_status enumerated elements bitwise or'd. * * GNUTLS_CERT_INVALID\: A signature on the key is invalid. diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c index a76d11895e..1d9d361e90 100644 --- a/src/certtool-gaa.c +++ b/src/certtool-gaa.c @@ -129,7 +129,7 @@ void gaa_help(void) __gaa_helpsingle(0, "load-certificate", "FILE ", "Certificate file to use."); __gaa_helpsingle(0, "load-ca-privkey", "FILE ", "Certificate authority's private key file to use."); __gaa_helpsingle(0, "load-ca-certificate", "FILE ", "Certificate authority's certificate file to use."); - __gaa_helpsingle(0, "password", "FILE ", "Password to use."); + __gaa_helpsingle(0, "password", "PASSWORD ", "Password to use."); __gaa_helpsingle('i', "certificate-info", "", "Print information on a certificate."); __gaa_helpsingle(0, "p12-info", "", "Print information on a PKCS #12 structure."); __gaa_helpsingle('k', "key-info", "", "Print information on a private key."); diff --git a/src/certtool.gaa b/src/certtool.gaa index 67ee216aab..24460820b9 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -31,7 +31,7 @@ option (load-ca-privkey) STR "FILE" { $ca_privkey = $1 } "Certificate authority' option (load-ca-certificate) STR "FILE" { $ca = $1 } "Certificate authority's certificate file to use." #char *pass; -option (password) STR "FILE" { $pass = $1 } "Password to use." +option (password) STR "PASSWORD" { $pass = $1 } "Password to use." option (i, certificate-info) { $action = 2; } "Print information on a certificate." diff --git a/tests/test25.pem b/tests/test25.pem index d3ba3ba1ea..72220a4f26 100644 --- a/tests/test25.pem +++ b/tests/test25.pem @@ -180,59 +180,3 @@ CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 99999 (0x1869f) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Validity - Not Before: Jan 1 12:01:00 1999 GMT - Not After : Jan 1 12:01:00 2048 GMT - Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c: - 79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e: - 4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a: - cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95: - 57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04: - 4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa: - f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f: - 17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78: - 1d:ba:f3:18:84:2a:82:2b:47 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - AB:9A:EB:F9:C2:E7:54:8F - X509v3 Basic Constraints: - CA:TRUE - X509v3 Authority Key Identifier: - keyid:AB:9A:EB:F9:C2:E7:54:8F - - Signature Algorithm: sha1WithRSAEncryption - 16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1: - 3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0: - 82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a: - 6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70: - 26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a: - bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec: - 27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7: - 5a:45 ------BEGIN CERTIFICATE----- -MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT -MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE -CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw -MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g -R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD -VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz -ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4 -X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31 -JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK -BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G -CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt -7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27 -Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF ------END CERTIFICATE----- |