Certtool generates DANE entries with selector 0 (X.509 certificate).

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-10-08 17:07:09 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2012-10-08 17:07:15 +0200
commit: 130c6598286058c4e362e609fdb2ac4005b5131d (patch)
tree: 2322f7e851e9611d4ab046fbe467d42a223b1313 /src
parent: 68be536de1bad4d224f4db6b40f6bdf1e7341445 (diff)
download: gnutls-130c6598286058c4e362e609fdb2ac4005b5131d.tar.gz
1 files changed, 24 insertions, 21 deletions
diff --git a/src/certtool.c b/src/certtool.c
index 9e238f5010..ce71b202ba 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1109,42 +1109,45 @@ static void dane_info(const char* host, const char* proto, unsigned int port,
     port = 443;
     
   crt = load_cert (0, cinfo);
-
-  ret = gnutls_pubkey_init (&pubkey);
-  if (ret < 0)
-    {
-      error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret));
-    }
-
   if (crt != NULL)
     {
-      ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
+      selector = 0; /* X.509 */
+
+      size = buffer_size;
+      ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, buffer, &size);
       if (ret < 0)
-        {
-          error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
-                 gnutls_strerror (ret));
-        }
+        error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+
+      gnutls_x509_crt_deinit (crt);
     }
   else
     {
-      pubkey = load_pubkey (1, cinfo);
-    }
+      selector = 1;
 
-  size = buffer_size;
-  ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size);
-  if (ret < 0)
-    error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+      ret = gnutls_pubkey_init (&pubkey);
+      if (ret < 0)
+        error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret));
 
-  gnutls_pubkey_deinit (pubkey);
+      pubkey = load_pubkey (1, cinfo);
+
+      size = buffer_size;
+      ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size);
+      if (ret < 0)
+        error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+    
+      gnutls_pubkey_deinit (pubkey);
+    }
  
   if (default_dig != GNUTLS_DIG_SHA256 && default_dig != GNUTLS_DIG_SHA512)
-    default_dig = GNUTLS_DIG_SHA256;
+    {
+      fprintf(stderr, "Unsupported digest. Assuming SHA256.\n");
+      default_dig = GNUTLS_DIG_SHA256;
+    }
   
   ret = gnutls_hash_fast(default_dig, buffer, size, digest);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "hash error: %s", gnutls_strerror (ret));
 
-  selector = 1;
   if (default_dig == GNUTLS_DIG_SHA256)
     type = 1;
   else type = 2;
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-10-08 17:07:09 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2012-10-08 17:07:15 +0200
commit	130c6598286058c4e362e609fdb2ac4005b5131d (patch)
tree	2322f7e851e9611d4ab046fbe467d42a223b1313 /src
parent	68be536de1bad4d224f4db6b40f6bdf1e7341445 (diff)
download	gnutls-130c6598286058c4e362e609fdb2ac4005b5131d.tar.gz