]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Added flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA.
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 16 Jun 2014 09:25:26 +0000 (11:25 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 16 Jun 2014 09:25:26 +0000 (11:25 +0200)
That flag allows to mark a certificate in the token as a CA (category==CA)

lib/includes/gnutls/pkcs11.h
lib/pkcs11_write.c

index f4efd9ccd479948abb6d9ccb158e50190a90e7d9..93f3c45d25120ee58cdd8b88328550fba3ceb6da 100644 (file)
@@ -103,6 +103,7 @@ void gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj,
 #define GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED (1<<8) /* The object must be marked as distrusted */
 #define GNUTLS_PKCS11_OBJ_FLAG_COMPARE (1<<9) /* The object must be fully compared */
 #define GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE (1<<10) /* The object must be present in a marked as trusted module */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_CA (1<<11) /* object marked as CA */
 
 /**
  * gnutls_pkcs11_url_type_t:
index 9bc211d20b7ebec2f770cbe69235ef593931a0d1..e507215c9204ef610608cae69ffe190633ecd743 100644 (file)
@@ -60,6 +60,7 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url,
        ck_certificate_type_t type = CKC_X_509;
        ck_object_handle_t obj;
        int a_val;
+       unsigned long category;
        struct pkcs11_session_info sinfo;
        
        PKCS11_CHECK_INIT;
@@ -150,6 +151,14 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url,
                a_val++;
        }
 
+       if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_CA) {
+               category = 2;
+               a[a_val].type = CKA_CERTIFICATE_CATEGORY;
+               a[a_val].value = (void *) &category;
+               a[a_val].value_len = sizeof(category);
+               a_val++;
+       }
+
        if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) {
                a[a_val].type = CKA_TRUSTED;
                a[a_val].value = (void *) &tval;