[glib-networking/tls-database] gnutls: Fix to match changes in gio GTlsDatabase
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/tls-database] gnutls: Fix to match changes in gio GTlsDatabase
- Date: Fri, 24 Dec 2010 16:13:07 +0000 (UTC)
commit 5931b5b310c7b0065ff17bbfdef39e72b9716e19
Author: Stef Walter <stefw collabora co uk>
Date: Tue Dec 21 17:27:59 2010 +0000
gnutls: Fix to match changes in gio GTlsDatabase
* No longer cram all different lookup types into a single
virtual method.
* Reimplement lookup_issuer()
tls/gnutls/gtlsdatabase-gnutls.c | 60 ++--------------------------------
tls/gnutls/gtlsfiledatabase-gnutls.c | 41 +++++++++++++----------
2 files changed, 26 insertions(+), 75 deletions(-)
---
diff --git a/tls/gnutls/gtlsdatabase-gnutls.c b/tls/gnutls/gtlsdatabase-gnutls.c
index 75181dd..b492823 100644
--- a/tls/gnutls/gtlsdatabase-gnutls.c
+++ b/tls/gnutls/gtlsdatabase-gnutls.c
@@ -47,62 +47,6 @@ g_tls_database_gnutls_init (GTlsDatabaseGnutls *self)
}
-static GList*
-list_unref_free (GList *list)
-{
- GList *l;
- for (l = list; l; l = g_list_next (l))
- g_object_unref (l->data);
- g_list_free (list);
- return NULL;
-}
-
-static GTlsCertificate*
-lookup_best_issuer (GTlsDatabaseGnutls *self,
- GTlsCertificateGnutls *certificate,
- GCancellable *cancellable,
- GError **error)
-{
- GTlsCertificate *result;
- gnutls_datum_t dn = { NULL, 0 };
- gnutls_x509_crt_t cert;
- GList *list;
- int gerr;
-
- g_assert (error);
- g_assert (!*error);
-
- /* Dig out the issuer of this certificate */
- cert = g_tls_certificate_gnutls_get_cert (certificate);
- gerr = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn);
- if (gerr < 0)
- {
- g_warning ("failed to get issuer of certificate: %s", gnutls_strerror (gerr));
- return NULL;
- }
-
- list = g_tls_database_lookup_certificates (G_TLS_DATABASE (self),
- G_TLS_DATABASE_LOOKUP_ISSUER,
- dn.data,
- dn.size,
- cancellable,
- error);
-
- gnutls_free (dn.data);
-
- if (*error)
- return NULL;
-
- /*
- * TODO: For now we just select the first in the list, but do we need
- * to select the best issuer based on notBefore/notAfter date, and
- * perhaps the signature. Need to check RFC 5280
- */
- result = list ? list->data : NULL;
- list_unref_free (list);
- return result;
-}
-
static gboolean
is_self_signed (GTlsCertificateGnutls *certificate)
{
@@ -169,7 +113,9 @@ build_certificate_chain (GTlsDatabaseGnutls *self,
/* Search for the next certificate in chain */
else
{
- issuer = lookup_best_issuer (self, certificate, cancellable, error);
+ issuer = g_tls_database_lookup_issuer (G_TLS_DATABASE (self),
+ G_TLS_CERTIFICATE (certificate),
+ cancellable, error);
if (*error)
return STATUS_FAILURE;
else if (!issuer)
diff --git a/tls/gnutls/gtlsfiledatabase-gnutls.c b/tls/gnutls/gtlsfiledatabase-gnutls.c
index 8aadd65..12bda9b 100644
--- a/tls/gnutls/gtlsfiledatabase-gnutls.c
+++ b/tls/gnutls/gtlsfiledatabase-gnutls.c
@@ -278,31 +278,36 @@ g_tls_file_database_gnutls_lookup_assertion (GTlsDatabaseGnutls *databa
return contains;
}
-static GList*
-g_tls_file_database_gnutls_lookup_certificates (GTlsDatabase *database,
- GTlsDatabaseLookupType lookup_type,
- gconstpointer identifier,
- gsize identifier_length,
- GCancellable *cancellable,
- GError **error)
+static GTlsCertificate*
+g_tls_file_database_gnutls_lookup_issuer (GTlsDatabase *database,
+ GTlsCertificate *certificate,
+ GCancellable *cancellable,
+ GError **error)
{
GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (database);
+ gnutls_datum_t dn = { NULL, 0 };
GByteArray *subject, *der;
GHashTable *anchors;
gnutls_datum_t datum;
- GList *results = NULL;
+ GTlsCertificate *issuer = NULL;
+ gnutls_x509_crt_t cert;
+ int gerr;
g_return_val_if_fail (!error || !*error, NULL);
+ g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (certificate), NULL);
- /* We can only perform lookups for issuer */
- if (lookup_type != G_TLS_DATABASE_LOOKUP_ISSUER)
- return NULL;
+ /* Dig out the issuer of this certificate */
+ cert = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (certificate));
+ gerr = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn);
+ if (gerr < 0)
+ {
+ g_warning ("failed to get issuer of certificate: %s", gnutls_strerror (gerr));
+ return NULL;
+ }
- /* The value is the subject DN of the issuer */
- g_return_val_if_fail (identifier, NULL);
- g_return_val_if_fail (identifier_length, NULL);
subject = g_byte_array_new ();
- g_byte_array_append (subject, identifier, identifier_length);
+ g_byte_array_append (subject, dn.data, dn.size);
+ gnutls_free (dn.data);
/* Find the full DER value of the certificate */
anchors = ensure_and_ref_anchors (self);
@@ -314,11 +319,11 @@ g_tls_file_database_gnutls_lookup_certificates (GTlsDatabase *database,
{
datum.data = der->data;
datum.size = der->len;
- results = g_list_append (results, g_tls_certificate_gnutls_new (&datum, NULL));
+ issuer = g_tls_certificate_gnutls_new (&datum, NULL);
}
g_hash_table_unref (anchors);
- return results;
+ return issuer;
}
static void
@@ -334,7 +339,7 @@ g_tls_file_database_gnutls_class_init (GTlsFileDatabaseGnutlsClass *klass)
gobject_class->set_property = g_tls_file_database_gnutls_set_property;
gobject_class->finalize = g_tls_file_database_gnutls_finalize;
- database_class->lookup_certificates = g_tls_file_database_gnutls_lookup_certificates;
+ database_class->lookup_issuer = g_tls_file_database_gnutls_lookup_issuer;
gnutls_class->lookup_assertion = g_tls_file_database_gnutls_lookup_assertion;
g_object_class_install_property (gobject_class, PROP_ANCHOR_FILENAME,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
