diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-07 15:51:57 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-08 09:42:16 +0200 |
| commit | 1c6dd01525ab5e75af0a3bbf4b9ade4803c7929d (patch) | |
| tree | 94cc7ac5d04fbff3d579ab84a5b18a79f57ba6c8 | |
| parent | 36f769bdc1b8cc429c9cd74a085590745c7f9307 (diff) | |
| download | gnutls-tmp-sign-with-default-algo.tar.gz | |
crq: doc updatetmp-sign-with-default-algo
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/x509/crq.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 8d1ecbcd55..3c3a6d0a7b 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -865,7 +865,7 @@ gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, * gnutls_x509_crq_sign2: * @crq: should contain a #gnutls_x509_crq_t type * @key: holds a private key - * @dig: The message digest to use, i.e., %GNUTLS_DIG_SHA1 + * @dig: The message digest to use, i.e., %GNUTLS_DIG_SHA256 * @flags: must be 0 * * This function will sign the certificate request with a private key. @@ -876,6 +876,10 @@ gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, * This must be the last step in a certificate request generation * since all the previously set parameters are now signed. * + * A known limitation of this function is, that a newly-signed request will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. + * * After GnuTLS 3.6.1 the value of @dig may be %GNUTLS_DIG_UNKNOWN, * and in that case, a suitable but reasonable for the key algorithm will be selected. * @@ -929,7 +933,13 @@ gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, * @key: holds a private key * * This function is the same a gnutls_x509_crq_sign2() with no flags, - * and SHA1 as the hash algorithm. + * and an appropriate hash algorithm. The hash algorithm used may + * vary between versions of GnuTLS, and it is tied to the security + * level of the issuer's public key. + * + * A known limitation of this function is, that a newly-signed request will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. @@ -2542,6 +2552,10 @@ gnutls_x509_crq_get_key_id(gnutls_x509_crq_t crq, unsigned int flags, * This must be the last step in a certificate request generation * since all the previously set parameters are now signed. * + * A known limitation of this function is, that a newly-signed request will not + * be fully functional (e.g., for signature verification), until it + * is exported an re-imported. + * * After GnuTLS 3.6.1 the value of @dig may be %GNUTLS_DIG_UNKNOWN, * and in that case, a suitable but reasonable for the key algorithm will be selected. * |