diff options
author | Simon Josefsson <simon@josefsson.org> | 2007-08-10 15:20:40 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2007-08-10 15:20:40 +0200 |
commit | 4431c4369db575dc8ecd8ec3622bc2dfc9bee725 (patch) | |
tree | 00edcc793ad683e774bf21e2f3befe1ab6c5e16e /lib/auth_rsa_export.c | |
parent | 12aaffb7aaa04b48a988b68449c64cc3c2b2d0d3 (diff) | |
download | gnutls-4431c4369db575dc8ecd8ec3622bc2dfc9bee725.tar.gz |
External signing callback interface.
* includes/gnutls/gnutls.h.in (gnutls_sign_func): New type.
(gnutls_sign_callback_set): New function.
* includes/gnutls/x509.h (gnutls_x509_privkey_sign_hash): New
function.
* lib/gnutls_x509.c (gnutls_certificate_set_x509_key_mem): Handle
NULL key. Doc fix.
* lib/gnutls_sig.c (_gnutls_tls_sign_hdata): Pass session to
_gnutls_tls_sign.
(_gnutls_tls_sign_params): Likewise.
(_gnutls_tls_sign): Add new parameter 'session'. Call sign
callback if appropriate.
(gnutls_sign_callback_set): New function.
* lib/gnutls_x509.c (read_key_mem): Support a NULL key.
* lib/gnutls_int.h (internals_st): Add sign_func,
sign_func_userdata.
* lib/auth_dhe.c (gen_dhe_server_kx): Use length of certificate
list to decide wheter to sign, not presence of private key.
* lib/auth_cert.c (_gnutls_gen_cert_client_cert_vrfy): Likewise.
* lib/auth_rsa_export.c (gen_rsa_export_server_kx): Likewise.
* lib/auth_cert.c(_gnutls_get_selected_cert): Don't require that
private key is present.
* lib/auth_rsa_export.c (gen_rsa_export_server_kx): Don't check
key size when key is not present, assume it is > 512 bits.
* lib/x509/privkey.c (gnutls_x509_privkey_sign_hash): New
function.
* tests/Makefile.am: Add x509signself.
Diffstat (limited to 'lib/auth_rsa_export.c')
-rw-r--r-- | lib/auth_rsa_export.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index a16ed17f3f..a1b867a94a 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -100,7 +100,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) /* abort sending this message if we have a certificate * of 512 bits or less. */ - if (_gnutls_mpi_get_nbits (apr_pkey->params[0]) <= 512) + if (apr_pkey && _gnutls_mpi_get_nbits (apr_pkey->params[0]) <= 512) { gnutls_assert (); return GNUTLS_E_INT_RET_0; @@ -153,7 +153,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) ddata.data = *data; ddata.size = data_size; - if (apr_pkey != NULL) + if (apr_cert_list_length > 0) { if ((ret = _gnutls_tls_sign_params (session, &apr_cert_list[0], |