[PATCH] Provide a gnutls_x509_crt_verify_hash
Simon Josefsson
simon at josefsson.org
Fri Apr 17 09:42:39 CEST 2009
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> Cedric BAIL wrote:
>> Hi,
>>
>> I am currently using gnutls_x509_crt_verify_data to check the
>> signature of a file generated with a GNUTLS_DIG_SHA1. After that I
>> compare the SHA1 of the file in a database. So with the current API I
>> wasn't able to find a way to do SHA1 computation only one time.
>> I finally decided to implement gnutls_x509_crt_get_hash_algorithm
>> and gnutls_x509_crt_verify_hash for this usecase on top of
>> gnutls-2.7.6. So as I would like to solve this case in mainline, I
>> would appreciate any comment to work on this goal.
>
> I like it. I have only renamed gnutls_x509_crt_get_hash_algorithm() to
> gnutls_x509_crt_get_sig_algorithm().
The function 'gnutls_x509_crt_get_signature_algorithm' already exist,
isn't that new name confusing? How about
gnutls_x509_crt_get_verify_algorithm instead? That would be more
consistent with the internal naming (e.g.,
gnutls_x509_verify_algorithm).
Btw, there is some problem in the code:
verify.c: In function '_pkcs1_rsa_verify_sig':
verify.c:667: error: assignment from incompatible pointer type
/Simon
More information about the Gnutls-devel
mailing list