[PATCH] add gnutls_certificate_find_issuer
jorton at redhat.com
Fri Feb 15 11:21:50 CET 2008
This patch adds a function which finds the issuer of a given certificate
within a credentials structure. This is useful so that clients can
easily recreate the complete server cert chain given only the single
cert returned by the peer.
(e.g. in the case where gnutls_certificate_set_x509_trust_file() is
used, the client doesn't have the individual issuer cert structures to
compare against directly.)
This and the previously submitted patch allow the two remaining failures
in neon's SSL test suite to be fixed :)
diff -up ./includes/gnutls/gnutls.h.findissuer ./includes/gnutls/gnutls.h
--- ./includes/gnutls/gnutls.h.findissuer 2008-02-15 10:06:48.000000000 +0000
+++ ./includes/gnutls/gnutls.h 2008-02-15 09:39:56.000000000 +0000
@@ -717,6 +717,10 @@ extern "C"
gnutls_x509_crl_t * crl_list,
+ gnutls_certificate_find_issuer (gnutls_certificate_credentials_t cred,
+ gnutls_x509_crt_t crt);
/* global state functions
int gnutls_global_init (void);
diff -up ./lib/gnutls_cert.c.findissuer ./lib/gnutls_cert.c
--- ./lib/gnutls_cert.c.findissuer 2007-12-17 11:12:04.000000000 +0000
+++ ./lib/gnutls_cert.c 2008-02-15 10:09:04.000000000 +0000
@@ -593,6 +593,31 @@ gnutls_certificate_verify_peers (gnutls_
+ * gnutls_certificate_find_issuer - This function finds an issuer certificate
+ * @sc: is an #gnutls_certificate_credentials_t structure.
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * This function returns the issuer certificate of @cert, if it can
+ * be found in the listed of trusted X.509 certificates in @cred.
+ * If no issuer is found, then NULL is returned.
+gnutls_certificate_find_issuer (gnutls_certificate_credentials_t cred,
+ gnutls_x509_crt_t cert)
+ unsigned n;
+ for (n = 0; n < cred->x509_ncas; n++)
+ if (gnutls_x509_crt_check_issuer (crt, cred->x509_ca_list[n]) == 1)
+ return cred->x509_ca_list[n];
+ return NULL;
* gnutls_certificate_expiration_time_peers - This function returns the peer's certificate expiration time
* @session: is a gnutls session
More information about the Gnutls-devel