diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-12-01 16:41:55 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-12-01 16:43:42 +0100 |
commit | 9582ccdd8da96ecf5b24332ce79d535bab545a0c (patch) | |
tree | 424d742d68d3ac718c63ad6ab1af8295fb50e2c7 | |
parent | 30cc17e13ea61f1866d76487057f380f14a23961 (diff) | |
download | gnutls-tmp-crl-verify-update.tar.gz |
doc: document the fact that certificates and CRLs are unusable after generationtmp-crl-verify-update
They must be exported and re-imported if intended to be used for
signing or verification.
-rw-r--r-- | lib/x509/crl_write.c | 8 | ||||
-rw-r--r-- | lib/x509/x509_write.c | 8 |
2 files changed, 16 insertions, 0 deletions
diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index 2cc1a75694..e17a8e60a8 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -86,6 +86,10 @@ gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, unsigned int version) * This must be the last step in a certificate CRL since all * the previously set parameters are now signed. * + * A known bug of this function is, that a newly-signed CRL will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -455,6 +459,10 @@ gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, * This must be the last step in a certificate CRL since all * the previously set parameters are now signed. * + * A known bug of this function is, that a newly-signed CRL will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index c2293dac93..8ca1690b2b 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -1066,6 +1066,10 @@ gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt, * This must be the last step in a certificate generation since all * the previously set parameters are now signed. * + * A known bug of this function is, that a newly-signed certificate will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ @@ -1714,6 +1718,10 @@ gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, * This must be the last step in a certificate generation since all * the previously set parameters are now signed. * + * A known bug of this function is, that a newly-signed certificate will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ |