[xmlsec] add crls support
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] add crls support
- Date: Tue, 25 May 2010 03:05:01 +0000 (UTC)
commit 42c1c90a0261ae623a679e11a5ab4f2d844a128a
Author: Aleksey Sanin <aleksey aleksey com>
Date: Mon May 24 19:04:43 2010 -0700
add crls support
include/xmlsec/gnutls/x509.h | 11 ++
src/gnutls/x509.c | 308 ++++++++++++++++++++++++++++++++++++++--
src/gnutls/x509utils.c | 321 +++++++++++++++++++++++++++++++++++++++++-
src/gnutls/x509utils.h | 34 +++++-
src/gnutls/x509vfy.c | 49 ++++++-
tests/testDSig.sh | 18 ++--
6 files changed, 715 insertions(+), 26 deletions(-)
---
diff --git a/include/xmlsec/gnutls/x509.h b/include/xmlsec/gnutls/x509.h
index f18a864..c5c811a 100644
--- a/include/xmlsec/gnutls/x509.h
+++ b/include/xmlsec/gnutls/x509.h
@@ -37,14 +37,24 @@ extern "C" {
xmlSecGnuTLSKeyDataX509GetKlass()
XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataX509GetKlass (void);
+
XMLSEC_CRYPTO_EXPORT gnutls_x509_crt_t xmlSecGnuTLSKeyDataX509GetKeyCert (xmlSecKeyDataPtr data);
XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataX509AdoptKeyCert (xmlSecKeyDataPtr data,
gnutls_x509_crt_t cert);
+
XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataX509AdoptCert (xmlSecKeyDataPtr data,
gnutls_x509_crt_t cert);
XMLSEC_CRYPTO_EXPORT gnutls_x509_crt_t xmlSecGnuTLSKeyDataX509GetCert (xmlSecKeyDataPtr data,
xmlSecSize pos);
XMLSEC_CRYPTO_EXPORT xmlSecSize xmlSecGnuTLSKeyDataX509GetCertsSize (xmlSecKeyDataPtr data);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataX509AdoptCrl (xmlSecKeyDataPtr data,
+ gnutls_x509_crl_t crl);
+XMLSEC_CRYPTO_EXPORT gnutls_x509_crl_t xmlSecGnuTLSKeyDataX509GetCrl (xmlSecKeyDataPtr data,
+ xmlSecSize pos);
+XMLSEC_CRYPTO_EXPORT xmlSecSize xmlSecGnuTLSKeyDataX509GetCrlsSize (xmlSecKeyDataPtr data);
+
+
XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecGnuTLSX509CertGetKey (gnutls_x509_crt_t cert);
/**************************************************************************
@@ -82,6 +92,7 @@ XMLSEC_CRYPTO_EXPORT gnutls_x509_crt_t xmlSecGnuTLSX509StoreFindCert (const x
const xmlSecKeyInfoCtx* keyInfoCtx);
XMLSEC_CRYPTO_EXPORT gnutls_x509_crt_t xmlSecGnuTLSX509StoreVerify (xmlSecKeyDataStorePtr store,
xmlSecPtrListPtr certs,
+ xmlSecPtrListPtr crls,
const xmlSecKeyInfoCtx* keyInfoCtx);
XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSX509StoreAdoptCert (xmlSecKeyDataStorePtr store,
gnutls_x509_crt_t cert,
diff --git a/src/gnutls/x509.c b/src/gnutls/x509.c
index 71e4a50..52d46ab 100644
--- a/src/gnutls/x509.c
+++ b/src/gnutls/x509.c
@@ -69,6 +69,12 @@ static int xmlSecGnuTLSX509SKINodeRead (xmlSecKeyDataPt
static int xmlSecGnuTLSX509SKINodeWrite (gnutls_x509_crt_t cert,
xmlNodePtr node,
xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509CRLNodeWrite (gnutls_x509_crl_t crl,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
static int xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
xmlSecKeyPtr key,
xmlSecKeyInfoCtxPtr keyInfoCtx);
@@ -83,6 +89,7 @@ typedef struct _xmlSecGnuTLSX509DataCtx xmlSecGnuTLSX509
struct _xmlSecGnuTLSX509DataCtx {
gnutls_x509_crt_t keyCert;
xmlSecPtrList certsList;
+ xmlSecPtrList crlsList;
};
@@ -374,6 +381,82 @@ xmlSecGnuTLSKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
return(xmlSecPtrListGetSize(&(ctx->certsList)));
}
+/**
+ * xmlSecGnuTLSKeyDataX509AdoptCrl:
+ * @data: the pointer to X509 key data.
+ * @crl: the pointer to GnuTLS X509 crl.
+ *
+ * Adds crl to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, gnutls_x509_crl_t crl) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(crl != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecPtrListAdd(&(ctx->crlsList), crl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetCrl:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired crl position.
+ *
+ * Gets a crl from X509 key data.
+ *
+ * Returns: the pointer to crl or NULL if @pos is larger than the
+ * number of crls in @data or an error occurs.
+ */
+gnutls_x509_crl_t
+xmlSecGnuTLSKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(xmlSecPtrListGetItem(&(ctx->crlsList), pos));
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetCrlsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of crls in @data.
+ *
+ * Returns: te number of crls in @data.
+ */
+xmlSecSize
+xmlSecGnuTLSKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), 0);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(xmlSecPtrListGetSize(&(ctx->crlsList)));
+}
+
+
static int
xmlSecGnuTLSKeyDataX509Initialize(xmlSecKeyDataPtr data) {
xmlSecGnuTLSX509DataCtxPtr ctx;
@@ -396,6 +479,16 @@ xmlSecGnuTLSKeyDataX509Initialize(xmlSecKeyDataPtr data) {
return(-1);
}
+ ret = xmlSecPtrListInitialize(&(ctx->crlsList), xmlSecGnuTLSX509CrlListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "crlsList");
+ return(-1);
+ }
+
return(0);
}
@@ -442,6 +535,17 @@ xmlSecGnuTLSKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
return(-1);
}
+ /* copy crlsList if exists */
+ xmlSecPtrListEmpty(&(ctxDst->crlsList));
+ ret = xmlSecPtrListCopy(&(ctxDst->crlsList), &(ctxSrc->crlsList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "crlsList");
+ return(-1);
+ }
/* done */
return(0);
}
@@ -455,6 +559,7 @@ xmlSecGnuTLSKeyDataX509Finalize(xmlSecKeyDataPtr data) {
ctx = xmlSecGnuTLSX509DataGetCtx(data);
xmlSecAssert(ctx != NULL);
+ xmlSecPtrListFinalize(&(ctx->crlsList));
xmlSecPtrListFinalize(&(ctx->certsList));
if(ctx->keyCert != NULL) {
gnutls_x509_crt_deinit(ctx->keyCert);
@@ -512,6 +617,7 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
gnutls_x509_crt_t cert;
+ gnutls_x509_crl_t crl;
xmlSecSize size, pos;
int content;
int ret;
@@ -603,6 +709,33 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
}
}
+ /* write crls if needed */
+ if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
+ size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSX509CRLNodeWrite(crl, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509CRLNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ /* done */
return(0);
}
@@ -625,21 +758,29 @@ xmlSecGnuTLSKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) {
static void
xmlSecGnuTLSKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
- gnutls_x509_crt_t cert;
xmlSecSize size, pos;
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
xmlSecAssert(output != NULL);
fprintf(output, "=== X509 Data:\n");
- cert = xmlSecGnuTLSKeyDataX509GetKeyCert(data);
- if(cert != NULL) {
- fprintf(output, "==== Key Certificate:\n");
- xmlSecGnuTLSX509CertDebugDump(cert, output);
+
+ /* key cert */
+ {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "==== Key Certificate:\n");
+ xmlSecGnuTLSX509CertDebugDump(cert, output);
+ }
}
+ /* other certs */
size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crt_t cert;
+
cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
if(cert == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -653,27 +794,51 @@ xmlSecGnuTLSKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecGnuTLSX509CertDebugDump(cert, output);
}
- /* we don't print out crls */
+ /* crls */
+ size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crl_t crl;
+
+ crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Crl:\n");
+ xmlSecGnuTLSX509CrlDebugDump(crl, output);
+ }
}
static void
xmlSecGnuTLSKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
- gnutls_x509_crt_t cert;
xmlSecSize size, pos;
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
xmlSecAssert(output != NULL);
fprintf(output, "<X509Data>\n");
- cert = xmlSecGnuTLSKeyDataX509GetKeyCert(data);
- if(cert != NULL) {
- fprintf(output, "<KeyCertificate>\n");
- xmlSecGnuTLSX509CertDebugXmlDump(cert, output);
- fprintf(output, "</KeyCertificate>\n");
+
+ /* key cert */
+ {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "<KeyCertificate>\n");
+ xmlSecGnuTLSX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</KeyCertificate>\n");
+ }
}
+ /* other certs */
size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crt_t cert;
+
cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
if(cert == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -688,6 +853,25 @@ xmlSecGnuTLSKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
fprintf(output, "</Certificate>\n");
}
+ /* other crls */
+ size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crl_t crl;
+
+ crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<CRL>\n");
+ xmlSecGnuTLSX509CrlDebugXmlDump(crl, output);
+ fprintf(output, "</CRL>\n");
+ }
+
/* we don't print out crls */
fprintf(output, "</X509Data>\n");
}
@@ -714,6 +898,8 @@ xmlSecGnuTLSX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn
ret = xmlSecGnuTLSX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
ret = xmlSecGnuTLSX509SKINodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509CRLNodeRead(data, cur, keyInfoCtx);
} else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
/* laxi schema validation: ignore unknown nodes */
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -828,6 +1014,8 @@ xmlSecGnuTLSX509CertificateNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xm
return(0);
}
+
+
#define XMLSEC_GNUTLS_IS_SPACE(ch) \
(((ch) == ' ') || ((ch) == '\r') || ((ch) == '\n'))
@@ -1322,6 +1510,100 @@ xmlSecGnuTLSX509SKINodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyI
}
static int
+xmlSecGnuTLSX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ gnutls_x509_crl_t crl;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ crl = xmlSecGnuTLSX509CrlBase64DerRead(content);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCrl(data, crl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crl_deinit(crl);
+ xmlFree(content);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509CRLNodeWrite(gnutls_x509_crl_t crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(crl != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecGnuTLSX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ xmlFree(buf);
+ return(-1);
+ }
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+
+static int
xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecGnuTLSX509DataCtxPtr ctx;
@@ -1349,7 +1631,7 @@ xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr k
if((ctx->keyCert == NULL) && (xmlSecPtrListGetSize(&(ctx->certsList)) > 0) && (xmlSecKeyGetValue(key) == NULL)) {
gnutls_x509_crt_t cert;
- cert = xmlSecGnuTLSX509StoreVerify(x509Store, &(ctx->certsList), keyInfoCtx);
+ cert = xmlSecGnuTLSX509StoreVerify(x509Store, &(ctx->certsList), &(ctx->crlsList), keyInfoCtx);
if(cert != NULL) {
xmlSecKeyDataPtr keyValue;
diff --git a/src/gnutls/x509utils.c b/src/gnutls/x509utils.c
index 6812e8a..0dc7000 100644
--- a/src/gnutls/x509utils.c
+++ b/src/gnutls/x509utils.c
@@ -100,9 +100,65 @@ xmlSecGnuTLSX509CrtListDebugXmlDumpItem(xmlSecPtr ptr, FILE* output) {
xmlSecGnuTLSX509CertDebugXmlDump((gnutls_x509_crt_t)ptr, output);
}
+/**************************************************************************
+ *
+ * X509 crl list
+ *
+ *****************************************************************************/
+static xmlSecPtr xmlSecGnuTLSX509CrlListDuplicateItem (xmlSecPtr ptr);
+static void xmlSecGnuTLSX509CrlListDestroyItem (xmlSecPtr ptr);
+static void xmlSecGnuTLSX509CrlListDebugDumpItem (xmlSecPtr ptr,
+ FILE* output);
+static void xmlSecGnuTLSX509CrlListDebugXmlDumpItem (xmlSecPtr ptr,
+ FILE* output);
+
+static xmlSecPtrListKlass xmlSecGnuTLSX509CrlListKlass = {
+ BAD_CAST "gnutls-x509-crl-list",
+ xmlSecGnuTLSX509CrlListDuplicateItem, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ xmlSecGnuTLSX509CrlListDestroyItem, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ xmlSecGnuTLSX509CrlListDebugDumpItem, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ xmlSecGnuTLSX509CrlListDebugXmlDumpItem, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+xmlSecPtrListId
+xmlSecGnuTLSX509CrlListGetKlass(void) {
+ return(&xmlSecGnuTLSX509CrlListKlass);
+}
+
+static xmlSecPtr
+xmlSecGnuTLSX509CrlListDuplicateItem(xmlSecPtr ptr) {
+ xmlSecAssert2(ptr != NULL, NULL);
+
+ return xmlSecGnuTLSX509CrlDup((gnutls_x509_crl_t)ptr);
+}
+
+static void
+xmlSecGnuTLSX509CrlListDestroyItem(xmlSecPtr ptr) {
+ xmlSecAssert(ptr != NULL);
+
+ gnutls_x509_crl_deinit((gnutls_x509_crl_t)ptr);
+}
+
+static void
+xmlSecGnuTLSX509CrlListDebugDumpItem(xmlSecPtr ptr, FILE* output) {
+ xmlSecAssert(ptr != NULL);
+ xmlSecAssert(output != NULL);
+
+ xmlSecGnuTLSX509CrlDebugDump((gnutls_x509_crl_t)ptr, output);
+}
+
+
+static void
+xmlSecGnuTLSX509CrlListDebugXmlDumpItem(xmlSecPtr ptr, FILE* output) {
+ xmlSecAssert(ptr != NULL);
+ xmlSecAssert(output != NULL);
+
+ xmlSecGnuTLSX509CrlDebugXmlDump((gnutls_x509_crl_t)ptr, output);
+}
+
/*************************************************************************
*
- * Utils/helpers
+ * x509 certs utils/helpers
*
************************************************************************/
@@ -555,6 +611,266 @@ xmlSecGnuTLSX509CertDebugXmlDump(gnutls_x509_crt_t cert, FILE* output) {
}
}
+/*************************************************************************
+ *
+ * x509 crls utils/helpers
+ *
+ ************************************************************************/
+
+/* HACK: gnutls doesn't have crl duplicate function, so we simply
+ write crl out and then read it back */
+gnutls_x509_crl_t
+xmlSecGnuTLSX509CrlDup(gnutls_x509_crl_t src) {
+ xmlChar * buf = NULL;
+ gnutls_x509_crl_t res = NULL;
+
+ xmlSecAssert2(src != NULL, NULL);
+
+ buf = xmlSecGnuTLSX509CrlBase64DerWrite(src, 0);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ res = xmlSecGnuTLSX509CrlBase64DerRead(buf);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return (NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return (res);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CrlGetIssuerDN(gnutls_x509_crl_t crl) {
+ char* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(crl != NULL, NULL);
+
+ /* get issuer size */
+ err = gnutls_x509_crl_get_issuer_dn(crl, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_get_issuer_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (char *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* finally write it out */
+ err = gnutls_x509_crl_get_issuer_dn(crl, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_get_issuer_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ return(BAD_CAST buf);
+}
+
+gnutls_x509_crl_t
+xmlSecGnuTLSX509CrlBase64DerRead(xmlChar* buf) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecGnuTLSX509CrlRead((const xmlSecByte*)buf, ret, xmlSecKeyDataFormatCertDer));
+}
+
+gnutls_x509_crl_t
+xmlSecGnuTLSX509CrlRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFormat format) {
+ gnutls_x509_crl_t crl = NULL;
+ gnutls_x509_crt_fmt_t fmt;
+ gnutls_datum_t data;
+ int err;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ /* figure out format */
+ switch(format) {
+ case xmlSecKeyDataFormatPem:
+ case xmlSecKeyDataFormatCertPem:
+ fmt = GNUTLS_X509_FMT_PEM;
+ break;
+ case xmlSecKeyDataFormatDer:
+ case xmlSecKeyDataFormatCertDer:
+ fmt = GNUTLS_X509_FMT_DER;
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ /* read crl */
+ err = gnutls_x509_crl_init(&crl);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ data.data = (unsigned char*)buf;
+ data.size = size;
+ err = gnutls_x509_crl_import(crl, &data, fmt);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_import",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ gnutls_x509_crl_deinit(crl);
+ return(NULL);
+ }
+
+ return(crl);
+}
+
+xmlChar*
+xmlSecGnuTLSX509CrlBase64DerWrite(gnutls_x509_crl_t crl, int base64LineWrap) {
+ xmlChar * res = NULL;
+ xmlSecByte* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(crl != NULL, NULL);
+
+ /* get size */
+ err = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_DER, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (xmlSecByte *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* write it out */
+ err = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_DER, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* convert to string */
+ res = xmlSecBase64Encode(buf, bufSize, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return(res);
+}
+
+void
+xmlSecGnuTLSX509CrlDebugDump(gnutls_x509_crl_t crl, FILE* output) {
+ xmlChar * buf;
+
+ xmlSecAssert(crl != NULL);
+ xmlSecAssert(output != NULL);
+
+ buf = xmlSecGnuTLSX509CrlGetIssuerDN(crl);
+ if(buf != NULL) {
+ fprintf(output, "==== Issuer Name: %s\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "==== Issuer Name: unknown\n");
+ }
+}
+
+void
+xmlSecGnuTLSX509CrlDebugXmlDump(gnutls_x509_crl_t crl, FILE* output) {
+ xmlChar * buf;
+
+ xmlSecAssert(crl != NULL);
+ xmlSecAssert(output != NULL);
+
+ buf = xmlSecGnuTLSX509CrlGetIssuerDN(crl);
+ if(buf != NULL) {
+ fprintf(output, "<IssuerName>%s</IssuerName>\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "<IssuerName>unknown</IssuerName>\n");
+ }
+}
+
+/*************************************************************************
+ *
+ * Misc. utils/helpers
+ *
+ ************************************************************************/
xmlChar*
xmlSecGnuTLSASN1IntegerWrite(const unsigned char * data, size_t len) {
xmlChar *res = NULL;
@@ -1366,3 +1682,6 @@ done:
#endif /* XMLSEC_NO_X509 */
+
+
+
diff --git a/src/gnutls/x509utils.h b/src/gnutls/x509utils.h
index e570e88..b939b24 100644
--- a/src/gnutls/x509utils.h
+++ b/src/gnutls/x509utils.h
@@ -31,10 +31,18 @@ extern "C" {
xmlSecGnuTLSX509CrtListGetKlass()
xmlSecPtrListId xmlSecGnuTLSX509CrtListGetKlass (void);
+/**************************************************************************
+ *
+ * X509 crls list
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSX509CrlListId \
+ xmlSecGnuTLSX509CrlListGetKlass()
+xmlSecPtrListId xmlSecGnuTLSX509CrlListGetKlass (void);
/*************************************************************************
*
- * x509 utils/helpers
+ * x509 certs utils/helpers
*
************************************************************************/
gnutls_x509_crt_t xmlSecGnuTLSX509CertDup (gnutls_x509_crt_t src);
@@ -52,6 +60,30 @@ void xmlSecGnuTLSX509CertDebugDump (gnutls_x509_crt
FILE* output);
void xmlSecGnuTLSX509CertDebugXmlDump (gnutls_x509_crt_t cert,
FILE* output);
+
+/*************************************************************************
+ *
+ * x509 crls utils/helpers
+ *
+ ************************************************************************/
+gnutls_x509_crl_t xmlSecGnuTLSX509CrlDup (gnutls_x509_crl_t src);
+xmlChar * xmlSecGnuTLSX509CrLGetIssuerDN (gnutls_x509_crl_t crl);
+gnutls_x509_crl_t xmlSecGnuTLSX509CrlRead (const xmlSecByte* buf,
+ xmlSecSize size,
+ xmlSecKeyDataFormat format);
+gnutls_x509_crl_t xmlSecGnuTLSX509CrlBase64DerRead (xmlChar* buf);
+xmlChar* xmlSecGnuTLSX509CrlBase64DerWrite (gnutls_x509_crl_t crl,
+ int base64LineWrap);
+void xmlSecGnuTLSX509CrlDebugDump (gnutls_x509_crl_t crl,
+ FILE* output);
+void xmlSecGnuTLSX509CrlDebugXmlDump (gnutls_x509_crl_t crl,
+ FILE* output);
+
+/*************************************************************************
+ *
+ * Misc. utils/helpers
+ *
+ ************************************************************************/
xmlChar* xmlSecGnuTLSASN1IntegerWrite (const unsigned char * data,
size_t len);
diff --git a/src/gnutls/x509vfy.c b/src/gnutls/x509vfy.c
index 27f83f0..fd15c5a 100644
--- a/src/gnutls/x509vfy.c
+++ b/src/gnutls/x509vfy.c
@@ -202,7 +202,8 @@ xmlSecGnuTLSX509CheckTime(const gnutls_x509_crt_t * cert_list,
/**
* xmlSecGnuTLSX509StoreVerify:
* @store: the pointer to X509 key data store klass.
- * @certs: the untrusted certificates stack.
+ * @certs: the untrusted certificates.
+ * @crls: the crls.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Verifies @certs list.
@@ -212,12 +213,15 @@ xmlSecGnuTLSX509CheckTime(const gnutls_x509_crt_t * cert_list,
gnutls_x509_crt_t
xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store,
xmlSecPtrListPtr certs,
+ xmlSecPtrListPtr crls,
const xmlSecKeyInfoCtx* keyInfoCtx) {
xmlSecGnuTLSX509StoreCtxPtr ctx;
gnutls_x509_crt_t res = NULL;
xmlSecSize certs_size = 0;
gnutls_x509_crt_t * cert_list = NULL;
xmlSecSize cert_list_length;
+ gnutls_x509_crl_t * crl_list = NULL;
+ xmlSecSize crl_list_length;
gnutls_x509_crt_t * ca_list = NULL;
xmlSecSize ca_list_length;
time_t verification_time;
@@ -228,6 +232,7 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store,
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), NULL);
xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(crls != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
certs_size = xmlSecPtrListGetSize(certs);
@@ -252,6 +257,30 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store,
goto done;
}
}
+ crl_list_length = xmlSecPtrListGetSize(crls);
+ if(crl_list_length > 0) {
+ crl_list = (gnutls_x509_crl_t *)xmlMalloc(sizeof(gnutls_x509_crl_t) * crl_list_length);
+ if(crl_list == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(sizeof(gnutls_x509_crl_t) * crl_list_length));
+ goto done;
+ }
+ for(ii = 0; ii < crl_list_length; ++ii) {
+ crl_list[ii] = xmlSecPtrListGetItem(crls, ii);
+ if(crl_list[ii] == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListGetItem(crls)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ }
+
ca_list_length = xmlSecPtrListGetSize(&(ctx->certsTrusted));
if(ca_list_length > 0) {
ca_list = (gnutls_x509_crt_t *)xmlMalloc(sizeof(gnutls_x509_crt_t) * ca_list_length);
@@ -283,6 +312,11 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store,
time(0);
flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) {
+ flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2;
+ flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
+ }
+
/* We are going to build all possible cert chains and try to verify them */
for(ii = 0; (ii < certs_size) && (res == NULL); ++ii) {
gnutls_x509_crt_t cert, cert2;
@@ -326,7 +360,7 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store,
err = gnutls_x509_crt_list_verify(
cert_list, (int)cert_list_cur_length, /* certs chain */
ca_list, (int)ca_list_length, /* trusted cas */
- NULL, 0, /* crls */
+ crl_list, (int)crl_list_length, /* crls */
flags, /* flags */
&verify);
if(err != GNUTLS_E_SUCCESS) {
@@ -337,6 +371,14 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store,
XMLSEC_GNUTLS_REPORT_ERROR(err));
/* don't stop, continue! */
continue;
+ } else if(verify != 0){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_list_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Verification failed: verify=%u", verify);
+ /* don't stop, continue! */
+ continue;
}
/* gnutls doesn't allow to specify "verification" timestamp so
@@ -361,6 +403,9 @@ done:
if(ca_list != NULL) {
xmlFree(ca_list);
}
+ if(crl_list != NULL) {
+ xmlFree(crl_list);
+ }
if(cert_list != NULL) {
xmlFree(cert_list);
}
diff --git a/tests/testDSig.sh b/tests/testDSig.sh
index 0e8707b..2af870a 100755
--- a/tests/testDSig.sh
+++ b/tests/testDSig.sh
@@ -689,63 +689,63 @@ execDSigTest $res_success \
"signature-rsa-detached-b64-transform" \
"base64 sha1 rsa-sha1" \
"rsa x509" \
- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached" \
"sha1 rsa-sha1" \
"rsa x509" \
- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-xpath-transform" \
"xpath sha1 rsa-sha1" \
"rsa x509" \
- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-xslt-transform-retrieval-method" \
"xslt sha1 rsa-sha1" \
"rsa x509" \
- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-xslt-transform" \
"xslt sha1 rsa-sha1" \
"rsa x509" \
- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-enveloped" \
"enveloped-signature sha1 rsa-sha1" \
"rsa x509" \
- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-enveloping" \
"sha1 rsa-sha1" \
"rsa x509" \
- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-cert-chain" \
"sha1 rsa-sha1" \
"rsa x509" \
- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-cert" \
"sha1 rsa-sha1" \
"rsa x509" \
- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks"
execDSigTest $res_success \
"phaos-xmldsig-three" \
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
