diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-04 16:04:03 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-04 16:25:52 +0200 |
commit | c03bec83ebb563788e4ea50140a0b2b82164a9aa (patch) | |
tree | 17e2da15eab4a0d1241ec56d5b334925c1fa9645 | |
parent | d8148dd0278af3290633fee7b1dbbd9350e85463 (diff) | |
download | gnutls-c03bec83ebb563788e4ea50140a0b2b82164a9aa.tar.gz |
The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag is specific to p11-kit trust modules.
-rw-r--r-- | lib/pkcs11.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 8b43792142..1827b57622 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -2947,6 +2947,14 @@ find_cert(struct pkcs11_session_info *sinfo, return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } + /* the DISTRUSTED flag is p11-kit module specific */ + if (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED) { + if (memcmp(lib_info->manufacturer_id, "PKCS#11 Kit", 11) != 0) { + gnutls_assert(); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + } + if (priv->dn.size == 0 && priv->key_id.size == 0 && priv->issuer_dn.size == 0 && priv->serial.size == 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -3229,6 +3237,9 @@ int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert, * will be searched. To restrict the modules to the marked as trusted in p11-kit * use the %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag. * + * Note that the flag %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is + * specific to p11-kit trust modules. + * * Returns: If the certificate exists non-zero is returned, otherwise zero. * * Since: 3.2.9 |