GNU bug report logs -
#64043
[PATCH] Export SHA-256 digest of a public key
Previous Next
Reported by: Łukasz Stelmach <stlman <at> poczta.fm>
Date: Tue, 13 Jun 2023 11:36:01 UTC
Severity: normal
Tags: patch
Done: Eli Zaretskii <eliz <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#64043: [PATCH] Export SHA-256 digest of a public key
which was filed against the emacs package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 64043 <at> debbugs.gnu.org.
--
64043: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=64043
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
> Cc: Łukasz Stelmach <stlman <at> poczta.fm>
> From: Łukasz Stelmach <stlman <at> poczta.fm>
> Date: Tue, 13 Jun 2023 13:26:39 +0200
>
> * lisp/net/nsm.el (nsm-format-certificate): Show public key
> digest (SHA-256 if available). Displaying the digest enables users
> to verify the certificate with other tools like gnutls-cli(1)
> which present much more detailed information.
>
> * src/gnutls (emacs_gnutls_certificate_details): Export SHA-256 public
> key digest if supported by GnuTLS.
Thanks, installed on the master branch, and closing the bug.
[Message part 3 (message/rfc822, inline)]
* lisp/net/nsm.el (nsm-format-certificate): Show public key
digest (SHA-256 if available). Displaying the digest enables users
to verify the certificate with other tools like gnutls-cli(1)
which present much more detailed information.
* src/gnutls (emacs_gnutls_certificate_details): Export SHA-256 public
key digest if supported by GnuTLS.
---
lisp/net/nsm.el | 8 ++++++--
src/gnutls.c | 21 +++++++++++++++++++++
2 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/lisp/net/nsm.el b/lisp/net/nsm.el
index dc04bf50c24..7cbeb48f5be 100644
--- a/lisp/net/nsm.el
+++ b/lisp/net/nsm.el
@@ -1030,10 +1030,14 @@ nsm-format-certificate
" Hostname:"
(nsm-certificate-part (plist-get cert :subject) "CN" t) "\n")
(when (and (plist-get cert :public-key-algorithm)
- (plist-get cert :signature-algorithm))
+ (plist-get cert :signature-algorithm)
+ (or (plist-get cert :public-key-id-sha256)
+ (plist-get cert :public-key-id)))
(insert
" Public key:" (plist-get cert :public-key-algorithm)
- ", signature: " (plist-get cert :signature-algorithm) "\n"))
+ ", signature: " (plist-get cert :signature-algorithm) "\n"
+ " Public key ID:" (or (plist-get cert :public-key-id-sha256)
+ (plist-get cert :public-key-id)) "\n"))
(when (and (plist-get status :key-exchange)
(plist-get status :cipher)
(plist-get status :mac)
diff --git a/src/gnutls.c b/src/gnutls.c
index 8f0e2d01703..e3f1093d977 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -51,6 +51,10 @@
# define HAVE_GNUTLS_ETM_STATUS
# endif
+# if GNUTLS_VERSION_NUMBER >= 0x030401
+# define HAVE_GNUTLS_KEYID_USE_SHA256
+# endif
+
# if GNUTLS_VERSION_NUMBER < 0x030600
# define HAVE_GNUTLS_COMPRESSION_GET
# endif
@@ -1278,6 +1282,23 @@ emacs_gnutls_certificate_details (gnutls_x509_crt_t cert)
xfree (buf);
}
+#ifdef HAVE_GNUTLS_KEYID_USE_SHA256
+ /* Public key ID, SHA-256 version. */
+ buf_size = 0;
+ err = gnutls_x509_crt_get_key_id (cert, GNUTLS_KEYID_USE_SHA256, NULL, &buf_size);
+ check_memory_full (err);
+ if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ void *buf = xmalloc (buf_size);
+ err = gnutls_x509_crt_get_key_id (cert, GNUTLS_KEYID_USE_SHA256, buf, &buf_size);
+ check_memory_full (err);
+ if (err >= GNUTLS_E_SUCCESS)
+ res = nconc2 (res, list2 (intern (":public-key-id-sha256"),
+ gnutls_hex_string (buf, buf_size, "sha256:")));
+ xfree (buf);
+ }
+#endif
+
/* Certificate fingerprint. */
buf_size = 0;
err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
--
2.30.2
This bug report was last modified 2 years and 3 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.