diff options
| author | Rob Austein <sra@hactrn.net> | 2008-03-15 20:51:55 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-03-15 20:51:55 +0000 |
| commit | f29c3f1933d5fce35a7193859c77ba563473f963 (patch) | |
| tree | 7e8bb172861ff4ca019906c47325e9451b93bbe7 | |
| parent | c54235ccc8d48b44307c629600318b1ffd0d76f6 (diff) | |
Ok, try adding optional no_certs arg to PKCS7.sign()
svn path=/docs/rpki-db-schema.sql; revision=1557
| -rw-r--r-- | docs/rpki-db-schema.sql | 12 | ||||
| -rw-r--r-- | pow/POW-0.7/POW.c | 21 |
2 files changed, 20 insertions, 13 deletions
diff --git a/docs/rpki-db-schema.sql b/docs/rpki-db-schema.sql index 17fa1541..90dbb5fd 100644 --- a/docs/rpki-db-schema.sql +++ b/docs/rpki-db-schema.sql @@ -123,6 +123,17 @@ CREATE TABLE ca_detail ( FOREIGN KEY (ca_id) REFERENCES ca ); +DROP TABLE IF EXISTS revoked; + +CREATE TABLE revoked ( + revoked_id SERIAL NOT NULL, + serial BIGINT unsigned NOT NULL, + expires DATETIME NOT NULL, + ca_detail_id BIGINT unsigned NOT NULL, + PRIMARY KEY (revoked_id), + FOREIGN KEY (ca_detail_id) REFERENCES ca_detail +); + DROP TABLE IF EXISTS child; CREATE TABLE child ( @@ -141,7 +152,6 @@ CREATE TABLE child_cert ( child_cert_id SERIAL NOT NULL, cert LONGBLOB NOT NULL, ski TINYBLOB NOT NULL, - revoked DATETIME, child_id BIGINT unsigned NOT NULL, ca_detail_id BIGINT unsigned NOT NULL, PRIMARY KEY (child_cert_id), diff --git a/pow/POW-0.7/POW.c b/pow/POW-0.7/POW.c index 96732484..8e159b7e 100644 --- a/pow/POW-0.7/POW.c +++ b/pow/POW-0.7/POW.c @@ -802,7 +802,7 @@ static char X509_object_sign__doc__[] = " <memberof>X509</memberof>\n" " <name>sign</name>\n" " <parameter>key</parameter>\n" -" <parameter>digest=MD5_DIGEST</parameter>\n" +" <optional><parameter>digest=MD5_DIGEST</parameter></optional>\n" " </header>\n" " <body>\n" " <para>\n" @@ -6310,6 +6310,7 @@ static char PKCS7_object_sign__doc__[] = " <parameter>key</parameter>\n" " <parameter>certs</parameter>\n" " <parameter>data</parameter>\n" +" <optional><parameter>no_certs</parameter></optional>\n" " </header>\n" " <body>\n" " <para>\n" @@ -6331,18 +6332,16 @@ PKCS7_object_sign(pkcs7_object *self, PyObject *args) int len, size = 0, i, flags = PKCS7_BINARY | PKCS7_NOATTR; BIO *bio = NULL; PKCS7 *p7 = NULL; - X509 *x509 = NULL; + PyObject *no_certs = Py_True; - if (!PyArg_ParseTuple(args, "OO!Os#", - &signcert, + if (!PyArg_ParseTuple(args, "O!O!Os#|O", + &x509type, &signcert, &asymmetrictype, &signkey, &x509_sequence, - &buf, &len)) + &buf, &len, + no_certs)) goto error; - if ( !X_X509_Check( signcert ) && (PyObject *) signcert != Py_None) - { PyErr_SetString( PyExc_TypeError, "inapropriate type" ); goto error; } - if (signkey->key_type != RSA_PRIVATE_KEY) { PyErr_SetString( SSLErrorObject, "unsupported key type" ); goto error; } @@ -6377,12 +6376,10 @@ PKCS7_object_sign(pkcs7_object *self, PyObject *args) if ( !(bio = BIO_new_mem_buf(buf, len))) goto error; - if ( (PyObject *) signcert == Py_None ) + if ( PyBool_Check(no_certs) ) flags |= PKCS7_NOCERTS; - else - x509 = signcert->x509; - if ( !(p7 = PKCS7_sign(x509, pkey, x509_stack, bio, flags))) + if ( !(p7 = PKCS7_sign(signcert->x509, pkey, x509_stack, bio, flags))) { set_openssl_pyerror( "could not sign PKCS7 message" ); goto error; } if (self->pkcs7) |