>>>>> Nikos Mavrogiannopoulos <[email protected]> writes:
[…]
> You'll have to sign it using gnutls_x509_crt_privkey_sign (). It is
> better the check the certtool source for other possible options.
ACK, thanks.
So, I've ended up with the code MIME'd. Then, however,
gnutls_handshake () fails with GNUTLS_E_PK_SIG_VERIFY_FAILED.
Do I understand it correctly that such an error points to some
bug in the certificate signing part?
--
FSF associate member #7257 np. emphutured.mod
gnutls_x509_crt_t crt;
{
/* craft a dummy certificate */
int ra
= gnutls_x509_crt_init (&crt);
assert (ra == 0);
int rb
= gnutls_x509_crt_set_key (crt, priv);
assert (rb == 0);
/* NB: doesn't accept empty strings */
int rc
= gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME,
0, "Foo!", 4);
assert (rc == 0);
char ser[]
= { 0, 0x0f, 0x00 };
int rd
= gnutls_x509_crt_set_serial (crt, ser, sizeof (ser));
assert (rd == 0);
int re
= gnutls_x509_crt_set_pubkey (crt, pubk);
assert (re == 0);
int rf
= gnutls_x509_crt_set_activation_time (crt, 0);
assert (rf == 0);
int rg
= gnutls_x509_crt_set_expiration_time (crt, 0x7fffffff);
assert (rg == 0);
}
{
/* self-sign the certificate */
gnutls_privkey_t pkey;
int ra
= gnutls_privkey_init (&pkey);
assert (ra == 0);
int rb
= gnutls_privkey_import_x509 (pkey, priv, 0);
assert (rb == 0);
int rc
= gnutls_x509_crt_privkey_sign (crt, crt, pkey,
GNUTLS_DIG_SHA256, 0);
assert (rc == 0);
gnutls_privkey_deinit (pkey);
}
_______________________________________________
Help-gnutls mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-gnutls
