[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patch updated: New function gnutls_x509_crq_get_key_id
From: |
Simon Josefsson |
Subject: |
Re: Patch updated: New function gnutls_x509_crq_get_key_id |
Date: |
Thu, 11 Dec 2008 09:02:37 +0100 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux) |
Simon Josefsson <address@hidden> writes:
> "David Marín Carreño" <address@hidden> writes:
>
>> + if (pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
>> + {
>> + /* This is for compatibility with what GnuTLS has printed for
>> + RSA/DSA before the code below was added. The code below is
>> + applicable to all types, and it would probably be a better
>> + idea to use it for RSA/DSA too, but doing so would break
>> + backwards compatibility. */
>> + return rsadsa_crq_get_key_id (crq, pk, output_data, output_data_size);
>> + }
>
> Is there a particular reason you need this? The function you copied
> this code from needed it for backwards compatibility reasons, but there
> are no such considerations for a new function.
>
> I would consider removing the code quoted above, and the entire
> rsadsa_crq_get_key_id function. What do you think?
Never mind, that would make the key id for a certificate request be
different from the key id for the certificate with the same public key,
which seems like a bad idea...
Btw, I've made 'certtool --crq-info' print the public key id using your
new function.
/Simon