diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-12-01 16:41:55 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-12-01 21:36:19 +0100 |
| commit | 726ced923f54f0cd30b8f3303410e59ea7f1a1c3 (patch) | |
| tree | e96b0127de872f56208d39a517a49795847c1b15 | |
| parent | 30cc17e13ea61f1866d76487057f380f14a23961 (diff) | |
| download | gnutls-726ced923f54f0cd30b8f3303410e59ea7f1a1c3.tar.gz | |
doc: document the fact that certificates and CRLs are unusable after generation
They must be exported and re-imported if intended to be used for
signing or verification.
| -rw-r--r-- | lib/x509/crl_write.c | 9 | ||||
| -rw-r--r-- | lib/x509/x509_write.c | 9 |
2 files changed, 18 insertions, 0 deletions
diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index 2cc1a75694..0d46835ad6 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2003-2012 Free Software Foundation, Inc. + * Copyright (C) 2016 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -86,6 +87,10 @@ gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, unsigned int version) * This must be the last step in a certificate CRL since all * the previously set parameters are now signed. * + * A known limitation of this function is, that a newly-signed CRL will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -455,6 +460,10 @@ gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, * This must be the last step in a certificate CRL since all * the previously set parameters are now signed. * + * A known limitation of this function is, that a newly-signed CRL will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index c2293dac93..3e466bd102 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2003-2016 Free Software Foundation, Inc. + * Copyright (C) 2016 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -1066,6 +1067,10 @@ gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt, * This must be the last step in a certificate generation since all * the previously set parameters are now signed. * + * A known limitation of this function is, that a newly-signed certificate will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ @@ -1714,6 +1719,10 @@ gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, * This must be the last step in a certificate generation since all * the previously set parameters are now signed. * + * A known limitation of this function is, that a newly-signed certificate will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ |