Patch updated: New function gnutls_x509_crq_get_key_id
Simon Josefsson
simon at josefsson.org
Thu Dec 11 09:02:37 CET 2008
Simon Josefsson <simon at josefsson.org> writes:
> "David Marín Carreño" <davefx at gmail.com> writes:
>
>> + if (pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
>> + {
>> + /* This is for compatibility with what GnuTLS has printed for
>> + RSA/DSA before the code below was added. The code below is
>> + applicable to all types, and it would probably be a better
>> + idea to use it for RSA/DSA too, but doing so would break
>> + backwards compatibility. */
>> + return rsadsa_crq_get_key_id (crq, pk, output_data, output_data_size);
>> + }
>
> Is there a particular reason you need this? The function you copied
> this code from needed it for backwards compatibility reasons, but there
> are no such considerations for a new function.
>
> I would consider removing the code quoted above, and the entire
> rsadsa_crq_get_key_id function. What do you think?
Never mind, that would make the key id for a certificate request be
different from the key id for the certificate with the same public key,
which seems like a bad idea...
Btw, I've made 'certtool --crq-info' print the public key id using your
new function.
/Simon
More information about the Gnutls-devel
mailing list