Patch updated: New function gnutls_x509_crq_get_key_id

Simon Josefsson simon at
Thu Dec 11 09:02:37 CET 2008

Simon Josefsson <simon at> writes:

> "David Marín Carreño" <davefx at> writes:
>> +  if (pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
>> +    {
>> +      /* This is for compatibility with what GnuTLS has printed for
>> +         RSA/DSA before the code below was added.  The code below is
>> +         applicable to all types, and it would probably be a better
>> +         idea to use it for RSA/DSA too, but doing so would break
>> +         backwards compatibility.  */
>> +      return rsadsa_crq_get_key_id (crq, pk, output_data, output_data_size);
>> +    }
> Is there a particular reason you need this?  The function you copied
> this code from needed it for backwards compatibility reasons, but there
> are no such considerations for a new function.
> I would consider removing the code quoted above, and the entire
> rsadsa_crq_get_key_id function.  What do you think?

Never mind, that would make the key id for a certificate request be
different from the key id for the certificate with the same public key,
which seems like a bad idea...

Btw, I've made 'certtool --crq-info' print the public key id using your
new function.


More information about the Gnutls-devel mailing list