diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-10-08 17:07:09 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-10-08 17:07:15 +0200 |
commit | 130c6598286058c4e362e609fdb2ac4005b5131d (patch) | |
tree | 2322f7e851e9611d4ab046fbe467d42a223b1313 /src | |
parent | 68be536de1bad4d224f4db6b40f6bdf1e7341445 (diff) | |
download | gnutls-130c6598286058c4e362e609fdb2ac4005b5131d.tar.gz |
Certtool generates DANE entries with selector 0 (X.509 certificate).
Diffstat (limited to 'src')
-rw-r--r-- | src/certtool.c | 45 |
1 files changed, 24 insertions, 21 deletions
diff --git a/src/certtool.c b/src/certtool.c index 9e238f5010..ce71b202ba 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1109,42 +1109,45 @@ static void dane_info(const char* host, const char* proto, unsigned int port, port = 443; crt = load_cert (0, cinfo); - - ret = gnutls_pubkey_init (&pubkey); - if (ret < 0) - { - error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret)); - } - if (crt != NULL) { - ret = gnutls_pubkey_import_x509 (pubkey, crt, 0); + selector = 0; /* X.509 */ + + size = buffer_size; + ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, buffer, &size); if (ret < 0) - { - error (EXIT_FAILURE, 0, "pubkey_import_x509: %s", - gnutls_strerror (ret)); - } + error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); + + gnutls_x509_crt_deinit (crt); } else { - pubkey = load_pubkey (1, cinfo); - } + selector = 1; - size = buffer_size; - ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size); - if (ret < 0) - error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); + ret = gnutls_pubkey_init (&pubkey); + if (ret < 0) + error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret)); - gnutls_pubkey_deinit (pubkey); + pubkey = load_pubkey (1, cinfo); + + size = buffer_size; + ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size); + if (ret < 0) + error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); + + gnutls_pubkey_deinit (pubkey); + } if (default_dig != GNUTLS_DIG_SHA256 && default_dig != GNUTLS_DIG_SHA512) - default_dig = GNUTLS_DIG_SHA256; + { + fprintf(stderr, "Unsupported digest. Assuming SHA256.\n"); + default_dig = GNUTLS_DIG_SHA256; + } ret = gnutls_hash_fast(default_dig, buffer, size, digest); if (ret < 0) error (EXIT_FAILURE, 0, "hash error: %s", gnutls_strerror (ret)); - selector = 1; if (default_dig == GNUTLS_DIG_SHA256) type = 1; else type = 2; |