Re: [PATCH] Provide a gnutls_x509_crt_verify_hash

[Simon Josefsson]

Nikos Mavrogiannopoulos <address@hidden> writes:

> Cedric BAIL wrote:
>> Hi,
>> 
>>    I am currently using gnutls_x509_crt_verify_data to check the
>> signature of a file generated with a GNUTLS_DIG_SHA1. After that I
>> compare the SHA1 of the file in a database. So with the current API I
>> wasn't able to find a way to do SHA1 computation only one time.
>>    I finally decided to implement gnutls_x509_crt_get_hash_algorithm
>> and gnutls_x509_crt_verify_hash for this usecase on top of
>> gnutls-2.7.6. So as I would like to solve this case in mainline, I
>> would appreciate any comment to work on this goal.
>
> I like it. I have only renamed gnutls_x509_crt_get_hash_algorithm() to
> gnutls_x509_crt_get_sig_algorithm().

The function 'gnutls_x509_crt_get_signature_algorithm' already exist,
isn't that new name confusing?  How about
gnutls_x509_crt_get_verify_algorithm instead?  That would be more
consistent with the internal naming (e.g.,
gnutls_x509_verify_algorithm).

Btw, there is some problem in the code:

verify.c: In function '_pkcs1_rsa_verify_sig':
verify.c:667: error: assignment from incompatible pointer type

/Simon