combined gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags

That was done in an API-backwards compatible way. That introduces gnutls_pkcs11_obj_list_import_url3() and gnutls_pkcs11_obj_list_import_url4().
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-12-22 11:43:49 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-12-22 11:44:28 +0200
commit: cd4876433f3579093659fe4956bfa15b97b7f0a0 (patch)
tree: 088ce87950bfeb66afe9a8b3ea4977ddedf58801 /lib
parent: 853722becfd214dad05d7d7ca38fb3d8a31a77e3 (diff)
download: gnutls-cd4876433f3579093659fe4956bfa15b97b7f0a0.tar.gz
5 files changed, 81 insertions, 76 deletions
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index 1fdfc02801..10494c497e 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -93,27 +93,33 @@ void gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj,
 
 /**
  * gnutls_pkcs11_obj_flags:
- * @GNUTLS_PKCS11_OBJ_FLAG_LOGIN: Force login in the token for the operation.
- * @GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED: object marked as trusted.
- * @GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE: object marked as sensitive (unexportable).
- * @GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO: force login as a security officer in the token for the operation.
- * @GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: marked as private (requires PIN to access).
- * @GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: marked as not private.
- * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY: When retrieving an object, do not set any requirements.
- * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED: When retrieving an object, only retrieve the marked as trusted.
+ * @GNUTLS_PKCS11_OBJ_FLAG_LOGIN: Force login in the token for the operation (seek+store). 
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED: object marked as trusted (seek+store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE: object marked as sensitive -unexportable (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO: force login as a security officer in the token for the operation (seek+store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: marked as private -requires PIN to access (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: marked as not private (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY: When retrieving an object, do not set any requirements (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED: When retrieving an object, only retrieve the marked as trusted (alias to %GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED).
  *   In gnutls_pkcs11_crt_is_known() it implies %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_COMPARE if %GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is not given.
- * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED: When retrieving an object, only retrieve the marked as distrusted.
- * @GNUTLS_PKCS11_OBJ_FLAG_COMPARE: When checking an object's presence, fully compare it before returning any result.
- * @GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY: When checking an object's presence, compare the key before returning any result.
- * @GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE: The object must be present in a marked as trusted module.
- * @GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Mark the object as a CA.
- * @GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP: Mark the generated key pair as wrapping and unwrapping keys.
- * @GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT: When an issuer is requested, override its extensions with the ones present in the trust module.
- * @GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH: Mark the key pair as requiring authentication (pin entry) before every operation.
- * @GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE: Mark the key pair as being extractable (insecure).
- * @GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE: If set, the object was never marked as extractable.
+ * @GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED: When retrieving an object, only retrieve the marked as distrusted (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_COMPARE: When checking an object's presence, fully compare it before returning any result (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY: When checking an object's presence, compare the key before returning any result (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE: The object must be present in a marked as trusted module (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Mark the object as a CA (seek+store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP: Mark the generated key pair as wrapping and unwrapping keys (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT: When an issuer is requested, override its extensions with the ones present in the trust module (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH: Mark the key pair as requiring authentication (pin entry) before every operation (seek+store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE: Mark the key pair as being extractable (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE: If set, the object was never marked as extractable (store).
+ * @GNUTLS_PKCS11_OBJ_FLAG_CRT: When searching, restrict to certificates only (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_PUBKEY: When searching, restrict to public key objects only (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY: When searching, restrict to private key objects only (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY: When searching, restrict to objects which have a corresponding private key (seek).
  *
- * Enumeration of different PKCS #11 object flags.
+ * Enumeration of different PKCS #11 object flags. Some flags are used
+ * to mark objects when storing, while others are also used while seeking
+ * or retrieving objects.
  */
 typedef enum gnutls_pkcs11_obj_flags {
 	GNUTLS_PKCS11_OBJ_FLAG_LOGIN = (1<<0),
@@ -123,7 +129,7 @@ typedef enum gnutls_pkcs11_obj_flags {
 	GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE = (1<<4),
 	GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE = (1<<5),
 	GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY = (1<<6),
-	GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED = (1<<7),
+	GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED = GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED,
 	GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED = (1<<8),
 	GNUTLS_PKCS11_OBJ_FLAG_COMPARE = (1<<9),
 	GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE = (1<<10),
@@ -133,9 +139,15 @@ typedef enum gnutls_pkcs11_obj_flags {
 	GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT = (1<<14),
 	GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH = (1<<15),
 	GNUTLS_PKCS11_OBJ_FLAG_MARK_EXTRACTABLE = (1<<16),
-	GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE = (1<<17)
+	GNUTLS_PKCS11_OBJ_FLAG_NEVER_EXTRACTABLE = (1<<17),
+	GNUTLS_PKCS11_OBJ_FLAG_CRT = (1<<18),
+	GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY = (1<<19),
+	GNUTLS_PKCS11_OBJ_FLAG_PUBKEY = (1<<20),
+	GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY = (1<<21),
 } gnutls_pkcs11_obj_flags;
 
+#define gnutls_pkcs11_obj_attr_t gnutls_pkcs11_obj_flags
+
 /**
  * gnutls_pkcs11_url_type_t:
  * @GNUTLS_PKCS11_URL_GENERIC: A generic-purpose URL.
@@ -235,32 +247,14 @@ int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt,
 			       gnutls_pkcs11_obj_info_t itype,
 			       void *output, size_t * output_size);
 
-/**
- * gnutls_pkcs11_obj_attr_t:
- * @GNUTLS_PKCS11_OBJ_ATTR_CRT: Specify all certificates in the specified token.
- * @GNUTLS_PKCS11_OBJ_ATTR_PUBKEY: Specify all public keys in the specified token.
- * @GNUTLS_PKCS11_OBJ_ATTR_MARKED_TRUSTED: Restrict to objects which are marked as trusted
- * @GNUTLS_PKCS11_OBJ_ATTR_MARKED_CA: Restrict to certificates which are marked as CA
- * @GNUTLS_PKCS11_OBJ_ATTR_WITH_PRIVKEY: Restrict to objects which have a corresponding private key
- *
- * This a list of flags to be used in combination with each other (since GnuTLS 3.4.0). They
- * are used for matching and obtaining a list of objects.
- */
-typedef enum {
-	GNUTLS_PKCS11_OBJ_ATTR_CRT = 1,	/* all certificates */
-	GNUTLS_PKCS11_OBJ_ATTR_MARKED_TRUSTED = 1<<1,	/* certificates marked as trusted */
-	GNUTLS_PKCS11_OBJ_ATTR_WITH_PRIVKEY = 1<<2,	/* certificates with corresponding private key */
-	GNUTLS_PKCS11_OBJ_ATTR_PUBKEY = 1<<3,	/* public keys */
-	GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY = 1<<4,	/* private keys */
-	GNUTLS_PKCS11_OBJ_ATTR_MARKED_CA = 1<<5,	/* CAs */
-} gnutls_pkcs11_obj_attr_t;
-
-#define GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL GNUTLS_PKCS11_OBJ_ATTR_CRT
+#define GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL GNUTLS_PKCS11_OBJ_FLAG_CRT
 #define GNUTLS_PKCS11_OBJ_ATTR_MATCH 0 /* always match the given URL */
 #define GNUTLS_PKCS11_OBJ_ATTR_ALL 0 /* match everything! */
-#define GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED (GNUTLS_PKCS11_OBJ_ATTR_CRT|GNUTLS_PKCS11_OBJ_ATTR_MARKED_TRUSTED)
-#define GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY (GNUTLS_PKCS11_OBJ_ATTR_CRT|GNUTLS_PKCS11_OBJ_ATTR_WITH_PRIVKEY)
-#define GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA (GNUTLS_PKCS11_OBJ_ATTR_CRT|GNUTLS_PKCS11_OBJ_ATTR_MARKED_TRUSTED|GNUTLS_PKCS11_OBJ_ATTR_MARKED_CA)
+#define GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
+#define GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY)
+#define GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
+#define GNUTLS_PKCS11_OBJ_ATTR_PUBKEY GNUTLS_PKCS11_OBJ_FLAG_PUBKEY
+#define GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY
 
 /**
  * gnutls_pkcs11_token_info_t:
@@ -323,19 +317,20 @@ int gnutls_pkcs11_token_get_info(const char *url,
 #define GNUTLS_PKCS11_TOKEN_TRUSTED (1<<1) /* p11-kit trusted */
 int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags);
 
-int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
+#define gnutls_pkcs11_obj_list_import_url(p_list, n_list, url, attrs, flags) gnutls_pkcs11_obj_list_import_url3(p_list, n_list, url, attrs|flags)
+#define gnutls_pkcs11_obj_list_import_url2(p_list, n_list, url, attrs, flags) gnutls_pkcs11_obj_list_import_url4(p_list, n_list, url, attrs|flags)
+
+int gnutls_pkcs11_obj_list_import_url3(gnutls_pkcs11_obj_t * p_list,
 				      unsigned int *const n_list,
 				      const char *url,
-				      gnutls_pkcs11_obj_attr_t
-				      attrs, unsigned int flags
+				      unsigned int flags
 				      /* GNUTLS_PKCS11_OBJ_FLAG_* */
     );
 
 int
-gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list,
+gnutls_pkcs11_obj_list_import_url4(gnutls_pkcs11_obj_t ** p_list,
 				   unsigned int *n_list,
 				   const char *url,
-				   gnutls_pkcs11_obj_attr_t attrs,
 				   unsigned int flags
 				   /* GNUTLS_PKCS11_OBJ_FLAG_* */
     );
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 3b72ed1013..33f2c78201 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -537,7 +537,7 @@ GNUTLS_3_4
 	gnutls_pkcs11_obj_import_url;
 	gnutls_pkcs11_obj_export_url;
 	gnutls_pkcs11_obj_deinit;
-	gnutls_pkcs11_obj_list_import_url;
+	gnutls_pkcs11_obj_list_import_url3;
 	gnutls_x509_crt_import_pkcs11;
 	gnutls_pkcs11_obj_get_type;
 	gnutls_x509_crt_list_import_pkcs11;
@@ -734,7 +734,7 @@ GNUTLS_3_4
 	gnutls_session_set_premaster;
 	gnutls_ocsp_resp_check_crt;
 	gnutls_pkcs11_get_pin_function;
-	gnutls_pkcs11_obj_list_import_url2;
+	gnutls_pkcs11_obj_list_import_url4;
 	gnutls_x509_trust_list_add_system_trust;
 	gnutls_x509_trust_list_add_trust_file;
 	gnutls_x509_trust_list_add_trust_mem;
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 7c0389adaa..d58c5bdd28 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -69,7 +69,7 @@ struct find_url_data_st {
 struct find_obj_data_st {
 	gnutls_pkcs11_obj_t *p_list;
 	unsigned int current;
-	gnutls_pkcs11_obj_attr_t flags;
+	unsigned int flags;
 	struct p11_kit_uri *info;
 };
 
@@ -2462,7 +2462,7 @@ find_objs_cb(struct pkcs11_session_info *sinfo,
 
 	memset(&plist, 0, sizeof(plist));
 
-	if (find_data->flags & GNUTLS_PKCS11_OBJ_ATTR_WITH_PRIVKEY) {
+	if (find_data->flags & GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY) {
 		ret = find_privkeys(sinfo, tinfo, &plist);
 		if (ret < 0) {
 			gnutls_assert();
@@ -2486,7 +2486,7 @@ find_objs_cb(struct pkcs11_session_info *sinfo,
 	}
 
 
-	if (find_data->flags & GNUTLS_PKCS11_OBJ_ATTR_CRT) {
+	if (find_data->flags & GNUTLS_PKCS11_OBJ_FLAG_CRT) {
 		class = CKO_CERTIFICATE;
 
 		a[tot_values].type = CKA_CLASS;
@@ -2503,7 +2503,7 @@ find_objs_cb(struct pkcs11_session_info *sinfo,
 		_gnutls_assert_log("p11 attrs: CKA_CLASS (CERT), CKA_CERTIFICATE_TYPE\n");
 	}
 
-	if (find_data->flags & GNUTLS_PKCS11_OBJ_ATTR_PUBKEY) {
+	if (find_data->flags & GNUTLS_PKCS11_OBJ_FLAG_PUBKEY) {
 		class = CKO_PUBLIC_KEY;
 
 		a[tot_values].type = CKA_CLASS;
@@ -2514,7 +2514,7 @@ find_objs_cb(struct pkcs11_session_info *sinfo,
 		_gnutls_assert_log("p11 attrs: CKA_CLASS (PUBLIC KEY)\n");
 	}
 
-	if (find_data->flags & GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) {
+	if (find_data->flags & GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY) {
 		class = CKO_PRIVATE_KEY;
 
 		a[tot_values].type = CKA_CLASS;
@@ -2525,7 +2525,7 @@ find_objs_cb(struct pkcs11_session_info *sinfo,
 		_gnutls_assert_log("p11 attrs: CKA_CLASS (PRIVATE KEY)\n");
 	}
 
-	if (find_data->flags & GNUTLS_PKCS11_OBJ_ATTR_MARKED_TRUSTED) {
+	if (find_data->flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) {
 		trusted = 1;
 		a[tot_values].type = CKA_TRUSTED;
 		a[tot_values].value = &trusted;
@@ -2534,7 +2534,7 @@ find_objs_cb(struct pkcs11_session_info *sinfo,
 		_gnutls_assert_log("p11 attrs: CKA_TRUSTED\n");
 	}
 
-	if (find_data->flags & GNUTLS_PKCS11_OBJ_ATTR_MARKED_CA) {
+	if (find_data->flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_CA) {
 		category = 2;
 		a[tot_values].type = CKA_CERTIFICATE_CATEGORY;
 		a[tot_values].value = &category;
@@ -2622,7 +2622,7 @@ find_objs_cb(struct pkcs11_session_info *sinfo,
 				}
 			}
 
-			if (find_data->flags & GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) {
+			if (find_data->flags & GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY) {
 				for (i = 0; i < plist.key_ids_size; i++) {
 					if (plist.key_ids[i].length !=
 					    id.size
@@ -2683,26 +2683,30 @@ find_objs_cb(struct pkcs11_session_info *sinfo,
 }
 
 /**
- * gnutls_pkcs11_obj_list_import_url:
+ * gnutls_pkcs11_obj_list_import_url3:
  * @p_list: An uninitialized object list (may be NULL)
  * @n_list: initially should hold the maximum size of the list. Will contain the actual size.
  * @url: A PKCS 11 url identifying a set of objects
- * @attrs: Attributes of type #gnutls_pkcs11_obj_attr_t that can be used to limit output
  * @flags: Or sequence of GNUTLS_PKCS11_OBJ_* flags
  *
  * This function will initialize and set values to an object list
  * by using all objects identified by a PKCS 11 URL.
  *
+ * The supported in this function @flags are %GNUTLS_PKCS11_OBJ_FLAG_LOGIN,
+ * %GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO, %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE,
+ * %GNUTLS_PKCS11_OBJ_FLAG_CRT, %GNUTLS_PKCS11_OBJ_FLAG_PUBKEY, %GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY,
+ * %GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY, %GNUTLS_PKCS11_OBJ_FLAG_MARK_CA,
+ * %GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  *
- * Since: 2.12.0
+ * Since: 3.4.0
  **/
 int
-gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
+gnutls_pkcs11_obj_list_import_url3(gnutls_pkcs11_obj_t * p_list,
 				  unsigned int *n_list,
 				  const char *url,
-				  gnutls_pkcs11_obj_attr_t attrs,
 				  unsigned int flags)
 {
 	int ret;
@@ -2714,7 +2718,7 @@ gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
 	memset(&priv, 0, sizeof(priv));
 
 	/* fill in the find data structure */
-	priv.flags = attrs;
+	priv.flags = flags;
 
 	if (url == NULL || url[0] == 0) {
 		url = "pkcs11:";
@@ -2757,11 +2761,10 @@ gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
 }
 
 /**
- * gnutls_pkcs11_obj_list_import_url2:
+ * gnutls_pkcs11_obj_list_import_url4:
  * @p_list: An uninitialized object list (may be NULL)
  * @n_list: It will contain the size of the list.
  * @url: A PKCS 11 url identifying a set of objects
- * @attrs: Attributes of type #gnutls_pkcs11_obj_attr_t that can be used to limit output
  * @flags: Or sequence of GNUTLS_PKCS11_OBJ_* flags
  *
  * This function will initialize and set values to an object list
@@ -2771,16 +2774,21 @@ gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list,
  * All returned objects must be deinitialized using gnutls_pkcs11_obj_deinit(),
  * and @p_list must be free'd using gnutls_free().
  *
+ * The supported in this function @flags are %GNUTLS_PKCS11_OBJ_FLAG_LOGIN,
+ * %GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO, %GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE,
+ * %GNUTLS_PKCS11_OBJ_FLAG_CRT, %GNUTLS_PKCS11_OBJ_FLAG_PUBKEY, %GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY,
+ * %GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY, %GNUTLS_PKCS11_OBJ_FLAG_MARK_CA,
+ * %GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  *
- * Since: 3.1.0
+ * Since: 3.4.0
  **/
 int
-gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list,
+gnutls_pkcs11_obj_list_import_url4(gnutls_pkcs11_obj_t ** p_list,
 				   unsigned int *n_list,
 				   const char *url,
-				   gnutls_pkcs11_obj_attr_t attrs,
 				   unsigned int flags)
 {
 	int ret;
@@ -2791,7 +2799,7 @@ gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list,
 	memset(&priv, 0, sizeof(priv));
 
 	/* fill in the find data structure */
-	priv.flags = attrs;
+	priv.flags = flags;
 
 	if (url == NULL || url[0] == 0) {
 		url = "pkcs11:";
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 7d754d1c47..96d61a81ac 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -367,7 +367,7 @@ advance_iter(gnutls_x509_trust_list_t list,
 	if (list->pkcs11_token != NULL) {
 		if (iter->pkcs11_list == NULL) {
 			ret = gnutls_pkcs11_obj_list_import_url2(&iter->pkcs11_list, &iter->pkcs11_size,
-			    list->pkcs11_token, GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
+			    list->pkcs11_token, (GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED), 0);
 			if (ret < 0)
 				return gnutls_assert_val(ret);
 
diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c
index dda1b131a5..09eefd4000 100644
--- a/lib/x509/verify-high2.c
+++ b/lib/x509/verify-high2.c
@@ -191,7 +191,7 @@ int add_trust_list_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *
 	ret =
 	    gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size,
 					       url,
-					       GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL|GNUTLS_PKCS11_OBJ_ATTR_MARKED_TRUSTED,
+					       GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED,
 					       0);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
@@ -239,7 +239,7 @@ int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url)
 	ret =
 	    gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size,
 					       url,
-					       GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL|GNUTLS_PKCS11_OBJ_ATTR_MARKED_TRUSTED,
+					       GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED,
 					       0);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
@@ -330,7 +330,9 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
 
 				/* enumerate the certificates */
 				ret = gnutls_pkcs11_obj_list_import_url(NULL, &pcrt_list_size,
-					ca_file, GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0);
+					ca_file, 
+					(GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED),
+					0);
 				if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
 					return gnutls_assert_val(ret);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-12-22 11:43:49 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-12-22 11:44:28 +0200
commit	cd4876433f3579093659fe4956bfa15b97b7f0a0 (patch)
tree	088ce87950bfeb66afe9a8b3ea4977ddedf58801 /lib
parent	853722becfd214dad05d7d7ca38fb3d8a31a77e3 (diff)
download	gnutls-cd4876433f3579093659fe4956bfa15b97b7f0a0.tar.gz