[gnutls-devel] GnuTLS | WIP: AIA callback to retrieve missing chain certificates (!1262)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri May 29 06:28:56 CEST 2020
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1262 was reviewed by Daiki Ueno
--
Daiki Ueno started a new discussion on lib/cert-cred.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_351492112
> + *
> + * If the callback function is provided then gnutls will call it, in the
> + * certificate verification procedure in verify_crt().
As `verify_crt()` is an internal function, it doesn't make much sense to mention it in the public API documentation.
--
Daiki Ueno started a new discussion on lib/cert-cred.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_351492115
> + * The callback function should return 0 if the missing issuer certificate
> + * for 'crt' was properly polulated in 'issuer' or non-zero to continue
> + * the certificate list verification but with issuer as NULL.
`%NULL`
--
Daiki Ueno started a new discussion on lib/libgnutls.map: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_351492116
> gnutls_ext_get_name2;
> gnutls_pkcs7_print_signature_info;
> + gnutls_x509_trust_list_set_getissuer_function;
indent
--
Daiki Ueno started a new discussion on lib/x509/verify-high.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_351492118
> char* pkcs11_token;
> +
> + /* set this callback if the issuer in the certificate
indent
--
Daiki Ueno started a new discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_351492119
> issuer = find_issuer(cert, trusted_cas, tcas_size);
>
> + if (issuer == NULL) {
In this block, indentation is messed up.
--
Daiki Ueno started a new discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_351492121
> + if (issuer == NULL) {
> + if (tlist != NULL && tlist->issuer_callback != NULL) {
> + _gnutls_debug_log("Missing issuer callback set. \n");
Remove ` ` after `.`.
--
Daiki Ueno started a new discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_351492123
> + ret = gnutls_x509_crt_init(&issuer);
> + if (ret < 0) {
> + _gnutls_debug_log("gnutls_x509_crt_init: %s\n",gnutls_strerror(ret));
Add ` ` after `,`.
--
Daiki Ueno started a new discussion on lib/x509/verify.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_351492124
> unsigned int
> -_gnutls_verify_crt_status(const gnutls_x509_crt_t * certificate_list,
> +_gnutls_verify_crt_status(gnutls_x509_trust_list_t list,
Wouldn't it be a little more consistent to name the argument `tlist` instead of `list`?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200529/6041172c/attachment-0001.html>
More information about the Gnutls-devel
mailing list