From: Nikos Mavrogiannopoulos Date: Mon, 16 Jun 2014 09:25:26 +0000 (+0200) Subject: Added flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA. X-Git-Tag: gnutls_3_3_5~29 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=154b44fe0552ffad33291f73a06f9cde52af99da;p=thirdparty%2Fgnutls.git Added flag GNUTLS_PKCS11_OBJ_FLAG_MARK_CA. That flag allows to mark a certificate in the token as a CA (category==CA) --- diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index f4efd9ccd4..93f3c45d25 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -103,6 +103,7 @@ void gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj, #define GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED (1<<8) /* The object must be marked as distrusted */ #define GNUTLS_PKCS11_OBJ_FLAG_COMPARE (1<<9) /* The object must be fully compared */ #define GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE (1<<10) /* The object must be present in a marked as trusted module */ +#define GNUTLS_PKCS11_OBJ_FLAG_MARK_CA (1<<11) /* object marked as CA */ /** * gnutls_pkcs11_url_type_t: diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 9bc211d20b..e507215c92 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -60,6 +60,7 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url, ck_certificate_type_t type = CKC_X_509; ck_object_handle_t obj; int a_val; + unsigned long category; struct pkcs11_session_info sinfo; PKCS11_CHECK_INIT; @@ -150,6 +151,14 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url, a_val++; } + if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_CA) { + category = 2; + a[a_val].type = CKA_CERTIFICATE_CATEGORY; + a[a_val].value = (void *) &category; + a[a_val].value_len = sizeof(category); + a_val++; + } + if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) { a[a_val].type = CKA_TRUSTED; a[a_val].value = (void *) &tval;