[gnutls-devel] GnuTLS | RFC7250 Raw public keys (!650)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Nov 27 14:13:15 CET 2018


Nikos Mavrogiannopoulos started a new discussion on lib/cert-cred-rawpk.c:

> + * @cred: is a #gnutls_certificate_credentials_t type.
> + * @subject_public_key_info: contains a raw public key in
> + *   PKIX.SubjectPublicKeyInfo format.
> + * @pkey: contains a raw private key.
> + * @format: encoding of the keys. DER or PEM.
> + * @pass: an optional password to unlock the private key pkey.
> + * @key_usage: An ORed sequence of %GNUTLS_KEY_* flags.
> + * @names: is an array of DNS names belonging to the public-key (NULL if none).
> + * @names_length: holds the length of the names list.
> + * @flags: an ORed sequence of #gnutls_pkcs_encrypt_flags_t.
> + *   These apply to the private key pkey.
> + *
> + * This function sets a public/private keypair in the
> + * #gnutls_certificate_credentials_t type to be used for authentication
> + * and/or encryption. @subject_public_key_info and @privkey should match
> + * otherwise set signatures cannot be validated. This function should

The text about matching is incorrect. If they key/pubkey pair don't match this function will fail with a specific error code. If we are to mention about this, it should be below, when we document the error codes returned.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_120406752
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181127/c2d7bb9a/attachment.html>


More information about the Gnutls-devel mailing list