diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-01-21 17:27:40 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-01-21 17:27:40 +0000 |
| commit | e86c2c999b47e79f6df5c90874b7d138350f252b (patch) | |
| tree | a42ee087073cd0fe2990571ab97024ae800b53b8 /lib/x509/crl_write.c | |
| parent | 4cd13ed6913afac69263655e3dfc8beb4119c101 (diff) | |
| download | gnutls-e86c2c999b47e79f6df5c90874b7d138350f252b.tar.gz | |
introduced gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and
gnutls_x509_crl_sign2(). Also added the --hash option to certtool in order
to be able to generate certificates signed with different hash algorithms.
Diffstat (limited to 'lib/x509/crl_write.c')
| -rw-r--r-- | lib/x509/crl_write.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index e5c9fe3a39..3572a7f1ee 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -80,10 +80,12 @@ int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, } /** - * gnutls_x509_crl_sign - This function will sign a CRL with a key + * gnutls_x509_crl_sign2 - This function will sign a CRL with a key * @crl: should contain a gnutls_x509_crl_t structure * @issuer: is the certificate of the certificate issuer * @issuer_key: holds the issuer's private key + * @dig: The message digest to use. GNUTLS_DIG_SHA is the safe choice unless you know what you're doing. + * @flags: must be 0 * * This function will sign the CRL with the issuer's private key, and * will copy the issuer's information into the CRL. @@ -94,8 +96,8 @@ int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, * Returns 0 on success. * **/ -int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key) +int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags) { int result; @@ -108,8 +110,8 @@ int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, */ disable_optional_stuff(crl); - result = _gnutls_x509_pkix_sign(crl->crl, "tbsCertList", issuer, - issuer_key); + result = _gnutls_x509_pkix_sign(crl->crl, "tbsCertList", + dig, issuer, issuer_key); if (result < 0) { gnutls_assert(); return result; @@ -119,6 +121,24 @@ int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, } /** + * gnutls_x509_crl_sign - This function will sign a CRL with a key + * @crl: should contain a gnutls_x509_crl_t structure + * @issuer: is the certificate of the certificate issuer + * @issuer_key: holds the issuer's private key + * + * This function is the same a gnutls_x509_crl_sign2() with no flags, and + * SHA1 as the hash algorithm. + * + * Returns 0 on success. + * + **/ +int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key) +{ + return gnutls_x509_crl_sign2( crl, issuer, issuer_key, GNUTLS_MAC_SHA, 0); +} + +/** * gnutls_x509_crl_set_this_update - This function will set the CRL's issuing time * @crl: should contain a gnutls_x509_crl_t structure * @act_time: The actual time |