diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-10-15 16:21:43 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-10-15 16:23:37 +0200 |
| commit | 38e396f3247cb56174f6807a96ba5c8a62df7f3b (patch) | |
| tree | 4692fd8c4c669e23826232b62264a6fd500d57c7 /lib/pkcs11_write.c | |
| parent | 2b69c0253b03d3f0f25233e56273a6a801a47639 (diff) | |
| download | gnutls-38e396f3247cb56174f6807a96ba5c8a62df7f3b.tar.gz | |
pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate
That allows NSS to read and use the written certificate.
Relates #43
Diffstat (limited to 'lib/pkcs11_write.c')
| -rw-r--r-- | lib/pkcs11_write.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 7b949530c5..cd63101891 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -31,7 +31,7 @@ static const ck_bool_t tval = 1; static const ck_bool_t fval = 0; -#define MAX_ASIZE 16 +#define MAX_ASIZE 24 static void mark_flags(unsigned flags, struct ck_attribute *a, unsigned *a_val) { @@ -96,8 +96,9 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, int ret; struct p11_kit_uri *info = NULL; ck_rv_t rv; - size_t der_size, id_size; + size_t der_size, id_size, serial_size; uint8_t *der = NULL; + uint8_t serial[128]; uint8_t id[20]; struct ck_attribute a[MAX_ASIZE]; ck_object_class_t class = CKO_CERTIFICATE; @@ -193,6 +194,19 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, a[a_val].value_len = crt->raw_dn.size; a_val++; + a[a_val].type = CKA_ISSUER; + a[a_val].value = crt->raw_issuer_dn.data; + a[a_val].value_len = crt->raw_issuer_dn.size; + a_val++; + + serial_size = sizeof(serial); + if (gnutls_x509_crt_get_serial(crt, serial, &serial_size) >= 0) { + a[a_val].type = CKA_SERIAL_NUMBER; + a[a_val].value = (void *) serial; + a[a_val].value_len = serial_size; + a_val++; + } + if (label) { a[a_val].type = CKA_LABEL; a[a_val].value = (void *) label; |