diff options
Diffstat (limited to 'lib/x509.c')
-rw-r--r-- | lib/x509.c | 81 |
1 files changed, 63 insertions, 18 deletions
diff --git a/lib/x509.c b/lib/x509.c index 9dcef3b65d..aa5ea5177c 100644 --- a/lib/x509.c +++ b/lib/x509.c @@ -57,6 +57,13 @@ * some x509 certificate parsing functions. */ +#define CRED_RET_SUCCESS(cred) \ + if (cred->flags & GNUTLS_CERTIFICATE_API_V2) { \ + return cred->ncerts-1; \ + } else { \ + return 0; \ + } + /* fifteen days */ #define MAX_OCSP_VALIDITY_SECS (15*60*60*24) #ifdef ENABLE_OCSP @@ -986,7 +993,12 @@ read_key_file(gnutls_certificate_credentials_t res, * The @key may be %NULL if you are using a sign callback, see * gnutls_sign_callback_set(). * - * Returns: An index of the inserted certificate chain on success (greater or equal to zero), or a negative error code. + * Note that, this function by default returns zero on success and a negative value on error. + * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set on the credentials structure + * it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + * + * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + * **/ int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t res, @@ -1022,7 +1034,11 @@ gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t res, * The @key may be %NULL if you are using a sign callback, see * gnutls_sign_callback_set(). * - * Returns: An index of the inserted certificate chain on success (greater or equal to zero), or a negative error code. + * Note that, this function by default returns zero on success and a negative value on error. + * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set on the credentials structure + * it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + * + * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). **/ int gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t res, @@ -1052,8 +1068,7 @@ gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t res, return ret; } - /* return the index of the chain */ - return res->ncerts-1; + CRED_RET_SUCCESS(res); } int @@ -1115,7 +1130,11 @@ certificate_credentials_append_pkey(gnutls_certificate_credentials_t res, * If that function fails to load the @res type is at an undefined state, it must * not be reused to load other keys or certificates. * - * Returns: An index of the inserted certificate chain on success (greater or equal to zero), or a negative error code. + * Note that, this function by default returns zero on success and a negative value on error. + * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set on the credentials structure + * it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + * + * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). * * Since: 2.4.0 **/ @@ -1197,7 +1216,7 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, return ret; } - return res->ncerts-1; + CRED_RET_SUCCESS(res); cleanup: gnutls_free(pcerts); @@ -1219,11 +1238,12 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, * gnutls_certificate_set_x509_key_mem2(). The returned key must be deallocated * with gnutls_x509_privkey_deinit() when no longer needed. * + * The @index matches the return value of gnutls_certificate_set_x509_key() and friends + * functions, when the %GNUTLS_CERTIFICATE_API_V2 flag is set. + * * If there is no key with the given index, * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. If the key with the * given index is not a X.509 key, %GNUTLS_E_INVALID_REQUEST is returned. - * The @index matches the value gnutls_certificate_set_x509_key() and friends - * functions. * * Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code. * @@ -1258,8 +1278,10 @@ gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res, * certificate list must be deallocated with gnutls_x509_crt_deinit(), and the * list itself must be freed with gnutls_free(). * - * The @index matches the value gnutls_certificate_set_x509_key() and friends - * functions. If there is no certificate with the given index, + * The @index matches the return value of gnutls_certificate_set_x509_key() and friends + * functions, when the %GNUTLS_CERTIFICATE_API_V2 flag is set. + * + * If there is no certificate with the given index, * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. If the certificate * with the given index is not a X.509 certificate, %GNUTLS_E_INVALID_REQUEST * is returned. The returned certificates must be deinitialized after @@ -1329,7 +1351,11 @@ gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res, * If that function fails to load the @res structure is at an undefined state, it must * not be reused to load other keys or certificates. * - * Returns: An index of the inserted certificate chain on success (greater or equal to zero), or a negative error code. + * Note that, this function by default returns zero on success and a negative value on error. + * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set on the credentials structure + * it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + * + * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). * * Since: 3.0 **/ @@ -1421,7 +1447,7 @@ gnutls_certificate_set_key(gnutls_certificate_credentials_t res, goto cleanup; } - return res->ncerts-1; + CRED_RET_SUCCESS(res); cleanup: _gnutls_str_array_clear(&str_names); @@ -1502,7 +1528,11 @@ gnutls_certificate_get_trust_list(gnutls_certificate_credentials_t res, * If that function fails to load the @res structure is at an undefined state, it must * not be reused to load other keys or certificates. * - * Returns: An index of the inserted certificate chain on success (greater or equal to zero), or a negative error code. + * Note that, this function by default returns zero on success and a negative value on error. + * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set on the credentials structure + * it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + * + * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). * * Since: 3.1.11 **/ @@ -1550,7 +1580,11 @@ gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t res, * If that function fails to load the @res structure is at an undefined state, it must * not be reused to load other keys or certificates. * - * Returns: An index of the inserted certificate chain on success (greater or equal to zero), or a negative error code. + * Note that, this function by default returns zero on success and a negative value on error. + * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set on the credentials structure + * it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + * + * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). * **/ int @@ -1580,7 +1614,7 @@ gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t res, return ret; } - return res->ncerts-1; + CRED_RET_SUCCESS(res); } /* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this @@ -1972,7 +2006,11 @@ int ret; * complexity that would make it harder to use this functionality at * all. * - * Returns: An index of the inserted certificate chain on success (greater or equal to zero), or a negative error code. + * Note that, this function by default returns zero on success and a negative value on error. + * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set on the credentials structure + * it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + * + * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). * **/ int @@ -2028,7 +2066,11 @@ int * complexity that would make it harder to use this functionality at * all. * - * Returns: An index of the inserted certificate chain on success (greater or equal to zero), or a negative error code. + * Note that, this function by default returns zero on success and a negative value on error. + * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set on the credentials structure + * it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + * + * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). * * Since: 2.8.0 **/ @@ -2098,7 +2140,10 @@ int } } - ret = idx; + if (res->flags & GNUTLS_CERTIFICATE_API_V2) + ret = idx; + else + ret = 0; done: if (chain) { |