File gnutls-1.4.4-sign-callback.patch of Package gnutls
--- gnutls-1.4.4/includes/gnutls/gnutls.h.in~ 2007-03-06 10:58:32.000000000 -0500
+++ gnutls-1.4.4/includes/gnutls/gnutls.h.in 2007-03-08 14:59:14.000000000 -0500
@@ -970,6 +970,14 @@ extern "C"
(gnutls_certificate_credentials_t cred,
gnutls_certificate_server_retrieve_function * func);
+ typedef int gnutls_certificate_client_sign_function (gnutls_datum_t * cert,
+ gnutls_certificate_type_t cert_type,
+ const gnutls_datum_t *hash_concat,
+ gnutls_datum_t * signature);
+ void gnutls_certificate_client_set_sign_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_client_sign_function * func);
+
void gnutls_certificate_server_set_request (gnutls_session_t session,
gnutls_certificate_request_t
req);
--- gnutls-1.4.4/lib/auth_cert.h~ 2006-03-08 05:44:59.000000000 -0500
+++ gnutls-1.4.4/lib/auth_cert.h 2007-03-08 14:37:10.000000000 -0500
@@ -95,6 +95,7 @@ typedef struct gnutls_certificate_creden
gnutls_certificate_client_retrieve_function *client_get_cert_callback;
gnutls_certificate_server_retrieve_function *server_get_cert_callback;
+ gnutls_certificate_client_sign_function *client_sign_callback;
} certificate_credentials_st;
typedef struct rsa_info_st
--- gnutls-1.4.4/lib/gnutls_cert.c~ 2006-03-21 11:11:25.000000000 -0500
+++ gnutls-1.4.4/lib/gnutls_cert.c 2007-03-08 15:13:28.000000000 -0500
@@ -363,6 +363,12 @@ void gnutls_certificate_server_set_retri
cred->server_get_cert_callback = func;
}
+void gnutls_certificate_client_set_sign_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_client_sign_function * func)
+{
+ cred->client_sign_callback = func;
+}
/* These are set by the gnutls_extra library's initialization function.
*/
--- gnutls-1.4.4/lib/auth_cert.c~ 2006-06-28 05:06:09.000000000 -0400
+++ gnutls-1.4.4/lib/auth_cert.c 2007-03-08 15:01:28.000000000 -0500
@@ -1301,20 +1301,25 @@ _gnutls_gen_cert_client_cert_vrfy (gnutl
return ret;
}
- if (apr_pkey != NULL)
+ if (apr_pkey == NULL)
{
- if ((ret =
- _gnutls_tls_sign_hdata (session,
- &apr_cert_list[0],
- apr_pkey, &signature)) < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- else
+ gnutls_certificate_credentials_t cred;
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+
+ if (cred == NULL || cred->client_sign_callback == NULL)
+ {
+ return 0;
+ }
+ }
+
+ if ((ret =
+ _gnutls_tls_sign_hdata (session,
+ &apr_cert_list[0],
+ apr_pkey, &signature)) < 0)
{
- return 0;
+ gnutls_assert ();
+ return ret;
}
*data = gnutls_malloc (signature.size + 2);
--- gnutls-1.4.4/lib/gnutls_sig.c~ 2006-03-08 05:44:59.000000000 -0500
+++ gnutls-1.4.4/lib/gnutls_sig.c 2007-03-08 15:06:52.000000000 -0500
@@ -57,6 +57,7 @@ _gnutls_tls_sign_hdata (gnutls_session_t
mac_hd_t td_md5;
mac_hd_t td_sha;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ gnutls_certificate_credentials_t cred;
td_sha = _gnutls_hash_copy (session->internals.handshake_mac_handle_sha);
if (td_sha == NULL)
@@ -111,7 +112,15 @@ _gnutls_tls_sign_hdata (gnutls_session_t
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
- ret = _gnutls_tls_sign (cert, pkey, &dconcat, signature);
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+
+ if (cred != NULL && cred->client_sign_callback != NULL)
+ ret = cred->client_sign_callback (&cert->raw, cert->cert_type, &dconcat, signature);
+ else
+ ret = _gnutls_tls_sign (cert, pkey, &dconcat, signature);
+
if (ret < 0)
{
gnutls_assert ();
--- gnutls-1.4.4/includes/gnutls/gnutls.h.in~ 2007-03-09 12:48:09.000000000 -0500
+++ gnutls-1.4.4/includes/gnutls/gnutls.h.in 2007-03-09 12:48:48.000000000 -0500
@@ -970,7 +970,8 @@ extern "C"
(gnutls_certificate_credentials_t cred,
gnutls_certificate_server_retrieve_function * func);
- typedef int gnutls_certificate_client_sign_function (gnutls_datum_t * cert,
+ typedef int gnutls_certificate_client_sign_function (gnutls_session_t session,
+ gnutls_datum_t * cert,
gnutls_certificate_type_t cert_type,
const gnutls_datum_t *hash_concat,
gnutls_datum_t * signature);
--- gnutls-1.4.4/lib/gnutls_sig.c~ 2007-03-09 12:50:46.000000000 -0500
+++ gnutls-1.4.4/lib/gnutls_sig.c 2007-03-09 12:51:15.000000000 -0500
@@ -117,7 +117,9 @@ _gnutls_tls_sign_hdata (gnutls_session_t
_gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred != NULL && cred->client_sign_callback != NULL)
- ret = cred->client_sign_callback (&cert->raw, cert->cert_type, &dconcat, signature);
+ ret = cred->client_sign_callback (session,
+ &cert->raw, cert->cert_type,
+ &dconcat, signature);
else
ret = _gnutls_tls_sign (cert, pkey, &dconcat, signature);
--- gnutls-1.4.4/lib/auth_cert.c~ 2007-03-12 12:48:09.000000000 -0400
+++ gnutls-1.4.4/lib/auth_cert.c 2007-03-13 14:52:42.000000000 -0400
@@ -1301,6 +1301,11 @@ _gnutls_gen_cert_client_cert_vrfy (gnutl
return ret;
}
+ if (apr_cert_list_length == 0)
+ {
+ return 0;
+ }
+
if (apr_pkey == NULL)
{
gnutls_certificate_credentials_t cred;
