gnutls_datum_t id =
{ a[1].value, a[1].value_len };
+ if (i > 0 && priv->key_id.size > 0 &&
+ !_gnutls_check_subject_key_id2(&priv->key_id, &data)) {
+ gnutls_assert();
+ continue;
+ }
+
if (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_COMPARE) {
if (priv->crt == NULL) {
gnutls_assert();
return ret;
}
+
+bool
+_gnutls_check_subject_key_id2(gnutls_datum_t *key_id,
+ gnutls_datum_t *certbin)
+{
+ uint8_t id[MAX_KEY_ID_SIZE];
+ size_t id_size;
+ gnutls_x509_crt_t cert;
+ bool result = 0;
+
+ if (gnutls_x509_crt_init(&cert) < 0) {
+ gnutls_assert();
+ return 0;
+ }
+
+ if (gnutls_x509_crt_import(cert, certbin, GNUTLS_X509_FMT_DER) < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ if (gnutls_x509_crt_get_subject_key_id(cert, id, &id_size, NULL) < 0) {
+ gnutls_assert();
+ goto out;
+ }
+
+ if (id_size == key_id->size && !memcmp(id, key_id->data, id_size))
+ result = 1;
+
+ out:
+ gnutls_x509_crt_deinit(cert);
+ return result;
+}
_gnutls_check_if_same_key2(gnutls_x509_crt_t cert1,
gnutls_datum_t *cert2bin);
+bool
+_gnutls_check_subject_key_id2(gnutls_datum_t *key_id,
+ gnutls_datum_t *certbin);
+
bool
_gnutls_check_if_same_cert(gnutls_x509_crt_t cert1,
gnutls_x509_crt_t cert2);