After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 681116 - gtlscertificate: Add g_tls_certificate_equal() function
gtlscertificate: Add g_tls_certificate_equal() function
Status: RESOLVED FIXED
Product: glib
Classification: Platform
Component: gio
unspecified
Other All
: Normal normal
: ---
Assigned To: gtkdev
gtkdev
Depends on:
Blocks:
 
 
Reported: 2012-08-03 09:45 UTC by Stef Walter
Modified: 2012-08-03 17:01 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
gtlscertificate: Add g_tls_certificate_equal() function (3.22 KB, patch)
2012-08-03 09:45 UTC, Stef Walter
needs-work Details | Review
gtlscertificate: Add g_tls_certificate_is_same() function (3.43 KB, patch)
2012-08-03 16:55 UTC, Stef Walter
committed Details | Review

Description Stef Walter 2012-08-03 09:45:00 UTC
Needed for some glib-networking refactoring, and  figured wuoldn't want
to rewrite this function all over the place.
Comment 1 Stef Walter 2012-08-03 09:45:02 UTC
Created attachment 220215 [details] [review]
gtlscertificate: Add g_tls_certificate_equal() function

 * Certificate equality in PKIX in general is equality between
   the DER encoding of the certificates.
Comment 2 Dan Winship 2012-08-03 14:31:54 UTC
Comment on attachment 220215 [details] [review]
gtlscertificate: Add g_tls_certificate_equal() function

>+ * Check if two #GTlsCertificate objects represent the same certificate.
>+ * The raw DER byte data of the two certificates are checked for equality.

Might be worth explicitly noting that two certificates can compare equal even if (a) one has #GTlsCertificate::issuer set and the other doesn't, or (b) one includes a private key and the other doesn't.

>+  b1 = g_byte_array_free_to_bytes (d1);
>+  b2 = g_byte_array_free_to_bytes (d2);

This works with GTlsCertificateGnutls because it constructs a new GByteArray each time, but it's not safe in general. And it's heavierweight than you need anyway; just compare d1->len to d2->len and then memcmp d1->data and d2->data.
Comment 3 Dan Winship 2012-08-03 14:49:13 UTC
Comment on attachment 220215 [details] [review]
gtlscertificate: Add g_tls_certificate_equal() function


> 
>+gboolean              g_tls_certificate_equal              (GTlsCertificate     *cert_one,

prefix with GLIB_AVAILABLE_IN_2_34
Comment 4 Stef Walter 2012-08-03 16:55:40 UTC
Created attachment 220268 [details] [review]
gtlscertificate: Add g_tls_certificate_is_same() function

Good catch about the free_to_bytes(). Duh.

I also renamed the function so it doesn't look like all the other _equal()
functions in glib.
Comment 5 Dan Winship 2012-08-03 16:57:07 UTC
Comment on attachment 220268 [details] [review]
gtlscertificate: Add g_tls_certificate_is_same() function

>+ * Return value: whether thet same or not

good other than that
Comment 6 Stef Walter 2012-08-03 17:01:24 UTC
Attachment 220268 [details] pushed as 6ddf40f - gtlscertificate: Add g_tls_certificate_is_same() function