diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-31 16:07:44 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-06-14 14:42:33 +0200 |
commit | fe4edb2058d17c59c6149133ea436bf9ae859b72 (patch) | |
tree | dd3b0db5c5c647f4757a03a8cd6e2494d41bfb93 /lib/x509/x509_write.c | |
parent | 580fb7d8bb382a96f6bdf5ecc6b7b62e1e4d1d7f (diff) | |
download | gnutls-fe4edb2058d17c59c6149133ea436bf9ae859b72.tar.gz |
During PKIX chain verification check the TLSFeatures compliance
This verifies whether a chain complies with RFC7366 p.4.2.2 requirements.
That is whether the issuer's features are a superset of the certificate
under verification.
This enhances gnutls_x509_crt_get_tlsfeatures() to allow appending
of TLSFeatures, and introduces gnutls_x509_tlsfeatures_check_crt().
Diffstat (limited to 'lib/x509/x509_write.c')
-rw-r--r-- | lib/x509/x509_write.c | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index e9c6259094..8f971071d8 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -1907,44 +1907,3 @@ gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, return ret; } -/** - * gnutls_x509_crt_set_tlsfeatures: - * @crt: A X.509 certificate - * @features: If the function succeeds, the - * features will be added to the certificate. - * - * This function will set the certificates - * X.509 TLS extention from the given structure. - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, - * otherwise a negative error value. - * - * Since: 3.5.1 - **/ -int gnutls_x509_crt_set_tlsfeatures(gnutls_x509_crt_t crt, - gnutls_x509_tlsfeatures_t features) -{ - int ret; - gnutls_datum_t der; - - if (crt == NULL || features == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = gnutls_x509_ext_export_tlsfeatures(features, &der); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = _gnutls_x509_crt_set_extension(crt, GNUTLS_X509EXT_OID_TLSFEATURES, &der, 0); - - _gnutls_free_datum(&der); - - if (ret < 0) { - gnutls_assert(); - } - - return ret; -} |