diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-10-15 16:21:43 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-10-15 17:24:51 +0200 |
commit | 532d13c85d0c5280149b3fbd7c73c3e663271870 (patch) | |
tree | dfbbda367709505fbd8fa0c6b6b042b685ac5379 | |
parent | df1f2778b2e81c170c3773c2d4ac53afeaf2777e (diff) | |
download | gnutls-532d13c85d0c5280149b3fbd7c73c3e663271870.tar.gz |
pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate
That allows NSS to read and use the written certificate.
Resolves #43
-rw-r--r-- | lib/pkcs11_write.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 8dd94c4658..b8d1d6c83b 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -52,10 +52,11 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url, int ret; struct p11_kit_uri *info = NULL; ck_rv_t rv; - size_t der_size, id_size; + size_t der_size, id_size, serial_size; uint8_t *der = NULL; + uint8_t serial[128]; uint8_t id[20]; - struct ck_attribute a[16]; + struct ck_attribute a[24]; ck_object_class_t class = CKO_CERTIFICATE; ck_certificate_type_t type = CKC_X_509; ck_object_handle_t obj; @@ -144,6 +145,19 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url, a[a_val].value_len = crt->raw_dn.size; a_val++; + a[a_val].type = CKA_ISSUER; + a[a_val].value = crt->raw_issuer_dn.data; + a[a_val].value_len = crt->raw_issuer_dn.size; + a_val++; + + serial_size = sizeof(serial); + if (gnutls_x509_crt_get_serial(crt, serial, &serial_size) >= 0) { + a[a_val].type = CKA_SERIAL_NUMBER; + a[a_val].value = (void *) serial; + a[a_val].value_len = serial_size; + a_val++; + } + if (label) { a[a_val].type = CKA_LABEL; a[a_val].value = (void *) label; |