From 9ffddfaf6a983378358eef7d33f32b9da49662f7 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 10 Oct 2012 08:16:34 +0200 Subject: [PATCH] The high level functions accept sflags and vflags as separate options. --- libdane/dane.c | 16 ++++++++++------ libdane/includes/gnutls/dane.h | 6 ++++-- src/cli.c | 2 +- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/libdane/dane.c b/libdane/dane.c index 4f4569a59..0596f8ee1 100644 --- a/libdane/dane.c +++ b/libdane/dane.c @@ -436,7 +436,8 @@ cleanup: * @hostname: The hostname associated with the chain * @proto: The protocol of the service connecting (e.g. tcp) * @port: The port of the service connecting (e.g. 443) - * @flags: should be zero + * @sflags: Flags for the the initialization of @s (if NULL) + * @vflags: Verification flags; should be zero * @verify: An OR'ed list of %dane_verify_status_t. * * This function will verify the given certificate chain against the @@ -460,7 +461,8 @@ int dane_verify_crt (dane_state_t s, const gnutls_datum_t *chain, unsigned chain_size, gnutls_certificate_type_t chain_type, const char * hostname, const char* proto, unsigned int port, - unsigned int flags, unsigned int *verify) + unsigned int sflags, unsigned int vflags, + unsigned int *verify) { dane_state_t _s = NULL; dane_query_t r = NULL; @@ -474,7 +476,7 @@ gnutls_datum_t data; *verify = 0; if (s == NULL) { - ret = dane_state_init(&_s, flags); + ret = dane_state_init(&_s, sflags); if (ret < 0) { return ret; } @@ -523,7 +525,8 @@ cleanup: * @hostname: The hostname associated with the chain * @proto: The protocol of the service connecting (e.g. tcp) * @port: The port of the service connecting (e.g. 443) - * @flags: should be zero. + * @sflags: Flags for the the initialization of @s (if NULL) + * @vflags: Verification flags; should be zero * @verify: An OR'ed list of %dane_verify_status_t. * * This function will verify session's certificate chain against the @@ -538,7 +541,8 @@ int dane_verify_session_crt ( dane_state_t s, gnutls_session_t session, const char * hostname, const char* proto, unsigned int port, - unsigned int flags, unsigned int *verify) + unsigned int sflags, unsigned int vflags, + unsigned int *verify) { const gnutls_datum_t *cert_list; unsigned int cert_list_size = 0; @@ -551,5 +555,5 @@ unsigned int type; type = gnutls_certificate_type_get(session); - return dane_verify_crt(s, cert_list, cert_list_size, type, hostname, proto, port, flags, verify); + return dane_verify_crt(s, cert_list, cert_list_size, type, hostname, proto, port, sflags, vflags, verify); } diff --git a/libdane/includes/gnutls/dane.h b/libdane/includes/gnutls/dane.h index 74a28f9bd..59392dac2 100644 --- a/libdane/includes/gnutls/dane.h +++ b/libdane/includes/gnutls/dane.h @@ -136,13 +136,15 @@ int dane_verify_crt (dane_state_t s, const gnutls_datum_t *chain, unsigned chain_size, gnutls_certificate_type_t chain_type, const char * hostname, const char* proto, unsigned int port, - unsigned int flags, unsigned int *verify); + unsigned int sflags, unsigned int vflags, + unsigned int *verify); int dane_verify_session_crt ( dane_state_t s, gnutls_session_t session, const char * hostname, const char* proto, unsigned int port, - unsigned int flags, unsigned int *verify); + unsigned int sflags, unsigned int vflags, + unsigned int *verify); const char * dane_strerror (int error); diff --git a/src/cli.c b/src/cli.c index 8dad5484d..a4bcc4656 100644 --- a/src/cli.c +++ b/src/cli.c @@ -485,7 +485,7 @@ cert_verify_callback (gnutls_session_t session) if (dane) /* try DANE auth */ { rc = dane_verify_session_crt( NULL, session, hostname, udp?"udp":"tcp", atoi(service), - DANE_F_IGNORE_LOCAL_RESOLVER, &status); + DANE_F_IGNORE_LOCAL_RESOLVER, 0, &status); if (rc < 0) { fprintf(stderr, "*** DANE verification error: %s\n", dane_strerror(rc)); -- 2.11.4.GIT