diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-10-30 08:22:29 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-10-30 08:22:29 +0000 |
commit | cd6df99b20c085ca063162542d4b5ba9f8eb3f9e (patch) | |
tree | 4675f02df65f596201a22daa83d3e19a9b373818 | |
parent | 5cc8ad7541f88b4242ceccf66671f417500933a8 (diff) | |
download | gnutls-cd6df99b20c085ca063162542d4b5ba9f8eb3f9e.tar.gz |
some fixes.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | doc/tex/programs.tex | 7 | ||||
-rw-r--r-- | lib/x509/common.c | 7 | ||||
-rw-r--r-- | lib/x509_b64.c | 9 | ||||
-rw-r--r-- | src/certtool.c | 11 |
6 files changed, 26 insertions, 12 deletions
@@ -1,4 +1,4 @@ -Version 0.9.94 +Version 0.9.94 (30/10/2003) - Added manpages for the included programs. - Documented and improved the certtool utility. - Added PKCS #12 support to certtool utility. diff --git a/configure.in b/configure.in index 93a0f9c815..8539c19ef6 100644 --- a/configure.in +++ b/configure.in @@ -12,7 +12,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os", [OS name]) dnl Gnutls Version GNUTLS_MAJOR_VERSION=0 GNUTLS_MINOR_VERSION=9 -GNUTLS_MICRO_VERSION=93 +GNUTLS_MICRO_VERSION=94 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION", [version of gnutls]) diff --git a/doc/tex/programs.tex b/doc/tex/programs.tex index 3db81bd8cf..702eab0981 100644 --- a/doc/tex/programs.tex +++ b/doc/tex/programs.tex @@ -108,7 +108,8 @@ How to use certtool: \item To create a self signed certificate, use the command: \begin{verbatim} -$ certtool --generate-self-signed --outfile ca.pem +$ certtool --generate-privkey --outfile ca-key.pem +$ certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca-cert.pem \end{verbatim} Note that a self-signed certificate usually belongs to a certificate authority, that signs other certificates. @@ -126,7 +127,7 @@ $ certtool --generate-request --load-privkey key.pem --outfile request.pem \item To generate a certificate using the previous request, use the command: \begin{verbatim} $ certtool --generate-certificate --load-request request.pem --outfile cert.pem \ - --load-ca-certificate ca.pem --load-ca-privkey ca.pem + --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem \end{verbatim} \item To view the certificate information, use: @@ -134,7 +135,7 @@ $ certtool --generate-certificate --load-request request.pem --outfile cert.pem $ certtool --certificate-info --infile cert.pem \end{verbatim} -\item To generate a PKCS #12 structure using the previous key and certificate, use the command: +\item To generate a PKCS \#12 structure using the previous key and certificate, use the command: \begin{verbatim} $ certtool --load-certificate cert.pem --load-privkey key.pem --to-p12 \ --outder --outfile key.p12 diff --git a/lib/x509/common.c b/lib/x509/common.c index a414d967fd..4daf9e02b5 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -647,7 +647,7 @@ int _gnutls_x509_export_int( ASN1_TYPE asn1_data, return GNUTLS_E_INTERNAL_ERROR; } - if ((uint)result + 1 > *output_data_size) { + if ((uint)result > *output_data_size) { gnutls_assert(); gnutls_free(out); *output_data_size = result; @@ -658,7 +658,10 @@ int _gnutls_x509_export_int( ASN1_TYPE asn1_data, if (output_data) { memcpy( output_data, out, result); - output_data[result] = 0; + + /* do not include the null character into output size. + */ + *output_data_size = result - 1; } gnutls_free( out); diff --git a/lib/x509_b64.c b/lib/x509_b64.c index 196bd1b70d..f6316618c4 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -233,7 +233,7 @@ int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size, } strcat(*result, bottom); /* Flawfinder: ignore */ - return ret; + return strlen(*result) + 1; } /** @@ -246,6 +246,9 @@ int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size, * This function will convert the given data to printable data, using the base64 * encoding. This is the encoding used in PEM messages. If the provided * buffer is not long enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. + * + * The output string will be null terminated, although the size will not include + * the terminating null. * **/ int gnutls_pem_base64_encode( const char* msg, const gnutls_datum *data, char* result, int* result_size) { @@ -263,7 +266,7 @@ int size; } else { memcpy( result, ret, size); gnutls_free(ret); - *result_size = size; + *result_size = size - 1; } return 0; @@ -296,7 +299,7 @@ int size; return size; result->data = ret; - result->size = size; + result->size = size - 1; return 0; } diff --git a/src/certtool.c b/src/certtool.c index d461a9cfd6..9f07c68152 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -223,10 +223,15 @@ gnutls_x509_crt generate_certificate( gnutls_x509_privkey *ret_key) crq = load_request(); if (crq == NULL) { - fprintf(stderr, "Please enter the details of the certificate's distinguished name. " - "Just press enter to ignore a field.\n"); key = load_private_key(); + if (key==NULL) { + fprintf(stderr, "Could not load private key.\n"); + exit(1); + } + + fprintf(stderr, "Please enter the details of the certificate's distinguished name. " + "Just press enter to ignore a field.\n"); read_crt_set( crt, "Country name (2 chars): ", GNUTLS_OID_X520_COUNTRY_NAME); read_crt_set( crt, "Organization name: ", GNUTLS_OID_X520_ORGANIZATION_NAME); @@ -787,6 +792,8 @@ int ret; gnutls_datum dat; size_t size; + if (!info.privkey) return NULL; + fd = fopen(info.privkey, "r"); if (fd == NULL) { fprintf(stderr, "File %s does not exist.\n", info.privkey); |