]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Added gnutls_certificate_update_verify_flags() to allow setting new flags without...
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 30 Oct 2012 14:49:44 +0000 (15:49 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 30 Oct 2012 14:49:44 +0000 (15:49 +0100)
NEWS
doc/cha-cert-auth.texi
lib/gnutls_ui.c
lib/includes/gnutls/gnutls.h.in
lib/libgnutls.map

diff --git a/NEWS b/NEWS
index b7301b3f1138a7772f368438beefd45676ad032b..1363fc965e3e4fb1a3ae6c9269f652d03da34544 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ the available revocation data validity.
 
 ** API and ABI modifications:
 gnutls_session_get_id2: Added
+gnutls_certificate_update_verify_flags: Added
 GNUTLS_CERT_REVOCATION_DATA_TOO_OLD: Added.
 GNUTLS_CERT_REVOCATION_DATA_INVALID: Added.
 
index cb395cbd1002cb2d1351f70d6b6e4d45c9cd33a6..72b9919e0d9955e7e92a4dc59ca585b9b3dd3c41 100644 (file)
@@ -625,6 +625,7 @@ of the signature.
 
 If you are using @funcref{gnutls_certificate_verify_peers2} to verify the
 certificate chain, you can call
+@funcref{gnutls_certificate_update_verify_flags} or
 @funcref{gnutls_certificate_set_verify_flags} with the flags:
 @itemize
 @item @code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2}
@@ -633,11 +634,11 @@ certificate chain, you can call
 as in the following example:
 
 @example
-  gnutls_certificate_set_verify_flags (x509cred,
+  gnutls_certificate_update_verify_flags (x509cred,
                                        GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5);
 @end example
 
-This will tell the verifier algorithm to enable @code{RSA-MD5} when
+This will signal the verifier algorithm to enable @code{RSA-MD5} when
 verifying the certificates.
 
 If you are using @funcref{gnutls_x509_crt_verify} or
index 1cd53f273cf4927d262d3952c5a0547558ca1655..8b157e76d69f9ec5ef62e220356e25fc73ffa374 100644 (file)
@@ -684,10 +684,9 @@ gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res,
  * @res: is a gnutls_certificate_credentials_t structure
  * @flags: are the flags
  *
- * This function will set the flags to be used at verification of the
- * certificates.  Flags must be OR of the
- * #gnutls_certificate_verify_flags enumerations. The default
- * for TLS sessions is GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN.
+ * This function will set the flags to be used for verification 
+ * of certificates and override any defaults.  The provided flags must be an OR of the
+ * #gnutls_certificate_verify_flags enumerations. 
  *
  **/
 void
@@ -697,6 +696,24 @@ gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
   res->verify_flags = flags;
 }
 
+/**
+ * gnutls_certificate_update_verify_flags:
+ * @res: is a gnutls_certificate_credentials_t structure
+ * @flags: are the new flags
+ *
+ * This function will update the default flags to be used for verification 
+ * of certificates.  The provided flags must be an OR of the
+ * #gnutls_certificate_verify_flags enumerations. The default
+ * for TLS sessions is GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN.
+ *
+ **/
+void
+gnutls_certificate_update_verify_flags (gnutls_certificate_credentials_t
+                                     res, unsigned int flags)
+{
+  res->verify_flags |= flags;
+}
+
 /**
  * gnutls_certificate_set_verify_limits:
  * @res: is a gnutls_certificate_credentials structure
index e60914e68681c279d0ac976bb22e03b6aab4c03c..1b8c1d8f7ac61eb6542d0f8ae7a16d64a52b7491 100644 (file)
@@ -1152,6 +1152,8 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
                                          gnutls_dh_params_t dh_params);
   void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
                                             res, unsigned int flags);
+  void gnutls_certificate_update_verify_flags (gnutls_certificate_credentials_t
+                                            res, unsigned int flags);
   void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
                                              res, unsigned int max_bits,
                                              unsigned int max_depth);
index 751e49b7be3b0cbd819e727599e44fa8f7b5921b..3cee073e51aa18e8ebbf1b185b7ccfcf9e66798c 100644 (file)
@@ -858,6 +858,7 @@ GNUTLS_3_1_0 {
        gnutls_pubkey_import_x509_raw;
        gnutls_certificate_get_peers_subkey_id;
        gnutls_session_get_id2;
+       gnutls_certificate_update_verify_flags;
 } GNUTLS_3_0_0;
 
 GNUTLS_PRIVATE {