From: Nikos Mavrogiannopoulos Date: Thu, 15 Oct 2015 14:21:43 +0000 (+0200) Subject: pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate X-Git-Tag: gnutls_3_5_0~641 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38e396f3247cb56174f6807a96ba5c8a62df7f3b;p=thirdparty%2Fgnutls.git pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate That allows NSS to read and use the written certificate. Relates #43 --- diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 7b949530c5..cd63101891 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -31,7 +31,7 @@ static const ck_bool_t tval = 1; static const ck_bool_t fval = 0; -#define MAX_ASIZE 16 +#define MAX_ASIZE 24 static void mark_flags(unsigned flags, struct ck_attribute *a, unsigned *a_val) { @@ -96,8 +96,9 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, int ret; struct p11_kit_uri *info = NULL; ck_rv_t rv; - size_t der_size, id_size; + size_t der_size, id_size, serial_size; uint8_t *der = NULL; + uint8_t serial[128]; uint8_t id[20]; struct ck_attribute a[MAX_ASIZE]; ck_object_class_t class = CKO_CERTIFICATE; @@ -193,6 +194,19 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, a[a_val].value_len = crt->raw_dn.size; a_val++; + a[a_val].type = CKA_ISSUER; + a[a_val].value = crt->raw_issuer_dn.data; + a[a_val].value_len = crt->raw_issuer_dn.size; + a_val++; + + serial_size = sizeof(serial); + if (gnutls_x509_crt_get_serial(crt, serial, &serial_size) >= 0) { + a[a_val].type = CKA_SERIAL_NUMBER; + a[a_val].value = (void *) serial; + a[a_val].value_len = serial_size; + a_val++; + } + if (label) { a[a_val].type = CKA_LABEL; a[a_val].value = (void *) label;