[glib-networking/wip/tingping/pkcs11-2] fixup! WIP: Add PKCS #11 support
- From: Patrick Griffis <pgriffis src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/wip/tingping/pkcs11-2] fixup! WIP: Add PKCS #11 support
- Date: Thu, 8 Aug 2019 19:56:03 +0000 (UTC)
commit 0b08a1b2f350a8a8a8934da5a9a62da137341ee1
Author: Patrick Griffis <pgriffis igalia com>
Date: Thu Aug 8 12:55:55 2019 -0700
fixup! WIP: Add PKCS #11 support
tls/gnutls/gtlscertificate-gnutls.c | 11 ++++++++---
tls/gnutls/gtlsconnection-gnutls.c | 9 +++++----
2 files changed, 13 insertions(+), 7 deletions(-)
---
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index e32a6b5..1ab5825 100644
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -273,10 +273,14 @@ g_tls_certificate_gnutls_set_property (GObject *object,
break;
g_return_if_fail (gnutls->have_cert == FALSE);
g_return_if_fail (gnutls->pkcs11_cert_uri == NULL);
+
gnutls->pkcs11_cert_uri = g_strdup (string);
+
status = gnutls_x509_crt_import_url (gnutls->cert, string, GNUTLS_PKCS11_OBJ_FLAG_CRT);
if (status == GNUTLS_E_SUCCESS)
- gnutls->have_cert = TRUE;
+ {
+ gnutls->have_cert = TRUE;
+ }
else if (!gnutls->construct_error)
{
gnutls->construct_error =
@@ -520,12 +524,13 @@ g_tls_certificate_gnutls_copy (GTlsCertificateGnutls *gnutls,
gnutls_privkey_import_x509 (*pkey, x509_privkey, GNUTLS_PRIVKEY_IMPORT_COPY);
gnutls_x509_privkey_deinit (x509_privkey);
}
- else if (gnutls->pkcs11_key_uri != NULL)
+ else if (!gnutls->pkcs11_key_uri)
{
int status;
status = gnutls_privkey_import_pkcs11_url (*pkey, gnutls->pkcs11_key_uri);
- g_debug ("Copying PKCS #11 private key result: %s", gnutls_strerror (status));
+ if (status != GNUTLS_E_SUCCESS)
+ g_warning ("Failed to copy PKCS #11 private key: %s", gnutls_strerror (status));
}
else
{
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 2e61f42..8f683b5 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -298,7 +298,7 @@ on_pin_request (void *userdata,
gchar *description;
int ret = -1;
- if (interaction == NULL)
+ if (!interaction)
return -1;
// FIXME: Mock module isn't triggering this codepath?
@@ -326,7 +326,7 @@ on_pin_request (void *userdata,
break;
case G_TLS_INTERACTION_HANDLED:
{
- size_t password_size;
+ gsize password_size;
const guchar *password_data = g_tls_password_get_value (password, &password_size);
if (password_size > pin_max)
g_warning ("PIN is larger than max PIN size");
@@ -357,10 +357,11 @@ g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls,
if (cert)
{
- /* Send along a pre-initialized privkey so we can handle the callback here */
+ /* Send along a pre-initialized privkey so we can handle the callback here. */
gnutls_privkey_t privkey;
gnutls_privkey_init (&privkey);
- gnutls_privkey_set_pin_function (privkey, on_pin_request, gnutls); // FXIME: Ensure gnutls is a valid
object
+ /* NOTE: The gnutls object should be valid as long as this connection is. */
+ gnutls_privkey_set_pin_function (privkey, on_pin_request, gnutls);
g_tls_certificate_gnutls_copy (G_TLS_CERTIFICATE_GNUTLS (cert),
priv->interaction_id,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
