diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-02-10 12:30:23 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-02-10 12:31:40 +0100 |
commit | 5196d292991628627e4ef7cc977b84f1273fe233 (patch) | |
tree | a96dee61a78ee9c160083b6a152574101ca0f20e /src | |
parent | 38f9998e9aaee0e8a486cad3f715fad4558a88df (diff) | |
download | gnutls-5196d292991628627e4ef7cc977b84f1273fe233.tar.gz |
gnutls_verify_stored_pubkey() and gnutls_store_pubkey() allow for alternative storage back-end.
Diffstat (limited to 'src')
-rw-r--r-- | src/cli-args.def | 6 | ||||
-rw-r--r-- | src/cli.c | 10 |
2 files changed, 8 insertions, 8 deletions
diff --git a/src/cli-args.def b/src/cli-args.def index 7f18026315..c0d29a6b9a 100644 --- a/src/cli-args.def +++ b/src/cli-args.def @@ -37,11 +37,11 @@ flag = { }; flag = { - name = ssh; - descrip = "Enable SSH-style authentication"; + name = tofu; + descrip = "Enable trust on first use (SSH-style) authentication"; disabled; disable = "no"; - doc = "This option will, in addition to certificate authentication, perform authentication based on stored public keys."; + doc = "This option will, in addition to certificate authentication, perform authentication based on previously seen public keys."; }; flag = { @@ -475,7 +475,7 @@ cert_verify_callback (gnutls_session_t session) { int rc; unsigned int status = 0; - int ssh = ENABLED_OPT(SSH); + int ssh = ENABLED_OPT(TOFU); const char* txt_service; if (!x509_cafile && !pgp_keyring) @@ -515,8 +515,8 @@ cert_verify_callback (gnutls_session_t session) return -1; } - rc = gnutls_verify_stored_pubkey(NULL, hostname, txt_service, GNUTLS_CRT_X509, - cert, 0); + rc = gnutls_verify_stored_pubkey(NULL, NULL, hostname, txt_service, + GNUTLS_CRT_X509, cert, 0); if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND) { print_cert_info_compact(session); @@ -548,8 +548,8 @@ cert_verify_callback (gnutls_session_t session) if (rc != 0) { - rc = gnutls_store_pubkey(NULL, hostname, txt_service, GNUTLS_CRT_X509, - cert, 0, 0); + rc = gnutls_store_pubkey(NULL, NULL, hostname, txt_service, + GNUTLS_CRT_X509, cert, 0, 0); if (rc < 0) fprintf(stderr, "Could not store key: %s\n", gnutls_strerror(rc)); } |