[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r7900 - in libmicrohttpd/src/daemon/https: . minitasn1 tls
From: |
gnunet |
Subject: |
[GNUnet-SVN] r7900 - in libmicrohttpd/src/daemon/https: . minitasn1 tls x509 |
Date: |
Sat, 15 Nov 2008 22:28:37 -0700 (MST) |
Author: grothoff
Date: 2008-11-15 22:28:37 -0700 (Sat, 15 Nov 2008)
New Revision: 7900
Removed:
libmicrohttpd/src/daemon/https/x509/x509-api.texi
Modified:
libmicrohttpd/src/daemon/https/gnutls.h
libmicrohttpd/src/daemon/https/minitasn1/libtasn1.h
libmicrohttpd/src/daemon/https/minitasn1/structure.c
libmicrohttpd/src/daemon/https/tls/gnutls_x509.c
libmicrohttpd/src/daemon/https/x509/common.c
libmicrohttpd/src/daemon/https/x509/common.h
libmicrohttpd/src/daemon/https/x509/x509.c
libmicrohttpd/src/daemon/https/x509/x509.h
Log:
dce
Modified: libmicrohttpd/src/daemon/https/gnutls.h
===================================================================
--- libmicrohttpd/src/daemon/https/gnutls.h 2008-11-16 05:13:26 UTC (rev
7899)
+++ libmicrohttpd/src/daemon/https/gnutls.h 2008-11-16 05:28:37 UTC (rev
7900)
@@ -459,28 +459,6 @@
void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc);
void MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc);
- int MHD__gnutls_certificate_set_x509_trust_file (MHD_gtls_cert_credentials_t
- res, const char *CAFILE,
- MHD_gnutls_x509_crt_fmt_t
- type);
- int MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t
- res,
- const MHD_gnutls_datum_t *
- CA,
- MHD_gnutls_x509_crt_fmt_t
- type);
-
- int MHD__gnutls_certificate_set_x509_crl_file (MHD_gtls_cert_credentials_t
- res, const char *crlfile,
- MHD_gnutls_x509_crt_fmt_t
- type);
- int MHD__gnutls_certificate_set_x509_crl_mem (MHD_gtls_cert_credentials_t
- res,
- const MHD_gnutls_datum_t *
- CRL,
- MHD_gnutls_x509_crt_fmt_t
- type);
-
/*
* CERTFILE is an x509 certificate in PEM form.
* KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
Modified: libmicrohttpd/src/daemon/https/minitasn1/libtasn1.h
===================================================================
--- libmicrohttpd/src/daemon/https/minitasn1/libtasn1.h 2008-11-16 05:13:26 UTC
(rev 7899)
+++ libmicrohttpd/src/daemon/https/minitasn1/libtasn1.h 2008-11-16 05:28:37 UTC
(rev 7900)
@@ -163,9 +163,6 @@
MHD__asn1_retCode MHD__asn1_read_value (ASN1_TYPE root, const char *name,
void *ivalue, int *len);
- MHD__asn1_retCode MHD__asn1_number_of_elements (ASN1_TYPE element,
- const char *name, int *num);
-
MHD__asn1_retCode MHD__asn1_der_coding (ASN1_TYPE element, const char *name,
void *ider, int *len,
char *ErrorDescription);
@@ -180,9 +177,6 @@
const char *name_element,
int *start, int *end);
- const char *MHD__asn1_find_structure_from_oid (ASN1_TYPE definitions,
- const char *oidValue);
-
/* DER utility functions. */
int MHD__asn1_get_tag_der (const unsigned char *der, int der_len,
Modified: libmicrohttpd/src/daemon/https/minitasn1/structure.c
===================================================================
--- libmicrohttpd/src/daemon/https/minitasn1/structure.c 2008-11-16
05:13:26 UTC (rev 7899)
+++ libmicrohttpd/src/daemon/https/minitasn1/structure.c 2008-11-16
05:28:37 UTC (rev 7900)
@@ -583,107 +583,3 @@
return res;
}
-
-
-/**
- * MHD__asn1_number_of_elements - Counts the number of elements of a
structure.
- * @element: pointer to the root of an ASN1 structure.
- * @name: the name of a sub-structure of ROOT.
- * @num: pointer to an integer where the result will be stored
- *
- * Counts the number of elements of a sub-structure called NAME with
- * names equal to "?1","?2", ...
- *
- * Returns:
- *
- * ASN1_SUCCESS: Creation OK.
- *
- * ASN1_ELEMENT_NOT_FOUND: NAME isn't known.
- *
- * ASN1_GENERIC_ERROR: Pointer num equal to NULL.
- *
- **/
-MHD__asn1_retCode
-MHD__asn1_number_of_elements (ASN1_TYPE element, const char *name, int *num)
-{
- node_asn *node, *p;
-
- if (num == NULL)
- return ASN1_GENERIC_ERROR;
-
- *num = 0;
-
- node = MHD__asn1_find_node (element, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node->down;
-
- while (p)
- {
- if ((p->name) && (p->name[0] == '?'))
- (*num)++;
- p = p->right;
- }
-
- return ASN1_SUCCESS;
-}
-
-
-/**
- * MHD__asn1_find_structure_from_oid - Locate structure defined by a specific
OID.
- * @definitions: ASN1 definitions
- * @oidValue: value of the OID to search (e.g. "1.2.3.4").
- *
- * Search the structure that is defined just after an OID definition.
- *
- * Returns: NULL when OIDVALUE not found, otherwise the pointer to a
- * constant string that contains the element name defined just
- * after the OID.
- *
- **/
-const char *
-MHD__asn1_find_structure_from_oid (ASN1_TYPE definitions,
- const char *oidValue)
-{
- char definitionsName[MAX_NAME_SIZE], name[2 * MAX_NAME_SIZE + 1];
- char value[MAX_NAME_SIZE];
- ASN1_TYPE p;
- int len;
- MHD__asn1_retCode result;
-
- if ((definitions == ASN1_TYPE_EMPTY) || (oidValue == NULL))
- return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
-
-
- strcpy (definitionsName, definitions->name);
- strcat (definitionsName, ".");
-
- /* search the OBJECT_ID into definitions */
- p = definitions->down;
- while (p)
- {
- if ((type_field (p->type) == TYPE_OBJECT_ID) &&
- (p->type & CONST_ASSIGN))
- {
- strcpy (name, definitionsName);
- strcat (name, p->name);
-
- len = MAX_NAME_SIZE;
- result = MHD__asn1_read_value (definitions, name, value, &len);
-
- if ((result == ASN1_SUCCESS) && (!strcmp (oidValue, value)))
- {
- p = p->right;
- if (p == NULL) /* reach the end of ASN1 definitions */
- return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
-
- return p->name;
- }
- }
- p = p->right;
- }
-
- return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
-}
-
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_x509.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_x509.c 2008-11-16 05:13:26 UTC
(rev 7899)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_x509.c 2008-11-16 05:28:37 UTC
(rev 7900)
@@ -546,69 +546,6 @@
return 0;
}
-static int
-generate_rdn_seq (MHD_gtls_cert_credentials_t res)
-{
- MHD_gnutls_datum_t tmp;
- int ret;
- unsigned size, i;
- opaque *pdata;
-
- /* Generate the RDN sequence
- * This will be sent to clients when a certificate
- * request message is sent.
- */
-
- /* FIXME: in case of a client it is not needed
- * to do that. This would save time and memory.
- * However we don't have that information available
- * here.
- */
-
- size = 0;
- for (i = 0; i < res->x509_ncas; i++)
- {
- if ((ret =
- MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- size += (2 + tmp.size);
- MHD__gnutls_free_datum (&tmp);
- }
-
- if (res->x509_rdn_sequence.data != NULL)
- MHD_gnutls_free (res->x509_rdn_sequence.data);
-
- res->x509_rdn_sequence.data = MHD_gnutls_malloc (size);
- if (res->x509_rdn_sequence.data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- res->x509_rdn_sequence.size = size;
-
- pdata = res->x509_rdn_sequence.data;
-
- for (i = 0; i < res->x509_ncas; i++)
- {
- if ((ret =
- MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0)
- {
- MHD__gnutls_free_datum (&res->x509_rdn_sequence);
- MHD_gnutls_assert ();
- return ret;
- }
-
- MHD_gtls_write_datum16 (pdata, tmp);
- pdata += (2 + tmp.size);
- MHD__gnutls_free_datum (&tmp);
- }
-
- return 0;
-}
-
/* Returns 0 if it's ok to use the enum MHD_GNUTLS_KeyExchangeAlgorithm with
this
* certificate (uses the KeyUsage field).
*/
@@ -668,187 +605,3 @@
-static int
-parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
- const opaque * input_cert, int input_cert_size)
-{
- int i, size;
- const opaque *ptr;
- MHD_gnutls_datum_t tmp;
- int ret, count;
-
- /* move to the certificate
- */
- ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr == NULL)
- ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
-
- if (ptr == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
- size = input_cert_size - (ptr - input_cert);
-
- i = *ncerts + 1;
- count = 0;
-
- do
- {
-
- *cert_list =
- (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list,
- i *
- sizeof
-
(MHD_gnutls_x509_crt_t));
-
- if (*cert_list == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = MHD_gnutls_x509_crt_init (&cert_list[0][i - 1]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- tmp.data = (opaque *) ptr;
- tmp.size = size;
-
- ret =
- MHD_gnutls_x509_crt_import (cert_list[0][i - 1],
- &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- /* now we move ptr after the pem header
- */
- ptr++;
- size--;
- /* find the next certificate (if any)
- */
-
- if (size > 0)
- {
- char *ptr3;
-
- ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr3 == NULL)
- ptr3 = memmem (ptr, size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
-
- ptr = (const opaque *) ptr3;
- size = input_cert_size - (ptr - input_cert);
- }
- else
- ptr = NULL;
-
- i++;
- count++;
-
- }
- while (ptr != NULL);
-
- *ncerts = i - 1;
-
- return count;
-}
-
-/* Reads a DER encoded certificate list from memory and stores it to
- * a MHD_gnutls_cert structure.
- * returns the number of certificates parsed.
- */
-static int
-parse_der_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
- const void *input_cert, int input_cert_size)
-{
- int i;
- MHD_gnutls_datum_t tmp;
- int ret;
-
- i = *ncerts + 1;
-
- *cert_list =
- (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list,
- i *
- sizeof
- (MHD_gnutls_x509_crt_t));
-
- if (*cert_list == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- tmp.data = (opaque *) input_cert;
- tmp.size = input_cert_size;
-
- ret = MHD_gnutls_x509_crt_init (&cert_list[0][i - 1]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- ret =
- MHD_gnutls_x509_crt_import (cert_list[0][i - 1], &tmp,
- GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- *ncerts = i;
-
- return 1; /* one certificate parsed */
-}
-
-/**
- * MHD__gnutls_certificate_set_x509_trust_mem - Used to add trusted CAs in a
MHD_gtls_cert_credentials_t structure
- * @res: is an #MHD_gtls_cert_credentials_t structure.
- * @ca: is a list of trusted CAs or a DER certificate
- * @type: is DER or PEM
- *
- * This function adds the trusted CAs in order to verify client or
- * server certificates. In case of a client this is not required to
- * be called if the certificates are not verified using
- * MHD_gtls_certificate_verify_peers2(). This function may be called
- * multiple times.
- *
- * In case of a server the CAs set here will be sent to the client if
- * a certificate request is sent. This can be disabled using
- * MHD__gnutls_certificate_send_x509_rdn_sequence().
- *
- * Returns: the number of certificates processed or a negative value
- * on error.
- **/
-int
-MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t
- res,
- const MHD_gnutls_datum_t * ca,
- MHD_gnutls_x509_crt_fmt_t type)
-{
- int ret, ret2;
-
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas,
- ca->data, ca->size);
- else
- ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas,
- ca->data, ca->size);
-
- if ((ret2 = generate_rdn_seq (res)) < 0)
- return ret2;
-
- return ret;
-}
-
Modified: libmicrohttpd/src/daemon/https/x509/common.c
===================================================================
--- libmicrohttpd/src/daemon/https/x509/common.c 2008-11-16 05:13:26 UTC
(rev 7899)
+++ libmicrohttpd/src/daemon/https/x509/common.c 2008-11-16 05:28:37 UTC
(rev 7900)
@@ -446,108 +446,3 @@
return algo;
}
-/* Reads the DER signed data from the certificate and allocates space and
- * returns them into signed_data.
- */
-int
-MHD__gnutls_x509_get_signed_data (ASN1_TYPE src,
- const char *src_name,
- MHD_gnutls_datum_t * signed_data)
-{
- MHD_gnutls_datum_t der;
- int start, end, result;
-
- result = MHD__gnutls_x509_der_encode (src, "", &der, 0);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- /* Get the signed data
- */
- result = MHD__asn1_der_decoding_startEnd (src, der.data, der.size, src_name,
- &start, &end);
- if (result != ASN1_SUCCESS)
- {
- result = MHD_gtls_asn2err (result);
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- result =
- MHD__gnutls_set_datum (signed_data, &der.data[start], end - start + 1);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:MHD__gnutls_free_datum (&der);
-
- return result;
-}
-
-/* Reads the DER signature from the certificate and allocates space and
- * returns them into signed_data.
- */
-int
-MHD__gnutls_x509_get_signature (ASN1_TYPE src,
- const char *src_name,
- MHD_gnutls_datum_t * signature)
-{
- int bits, result, len;
-
- signature->data = NULL;
- signature->size = 0;
-
- /* Read the signature
- */
- bits = 0;
- result = MHD__asn1_read_value (src, src_name, NULL, &bits);
-
- if (result != ASN1_MEM_ERROR)
- {
- result = MHD_gtls_asn2err (result);
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- if (bits % 8 != 0)
- {
- MHD_gnutls_assert ();
- result = GNUTLS_E_CERTIFICATE_ERROR;
- goto cleanup;
- }
-
- len = bits / 8;
-
- signature->data = MHD_gnutls_malloc (len);
- if (signature->data == NULL)
- {
- MHD_gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- return result;
- }
-
- /* read the bit string of the signature
- */
- bits = len;
- result = MHD__asn1_read_value (src, src_name, signature->data, &bits);
-
- if (result != ASN1_SUCCESS)
- {
- result = MHD_gtls_asn2err (result);
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- signature->size = len;
-
- return 0;
-
-cleanup:return result;
-}
Modified: libmicrohttpd/src/daemon/https/x509/common.h
===================================================================
--- libmicrohttpd/src/daemon/https/x509/common.h 2008-11-16 05:13:26 UTC
(rev 7899)
+++ libmicrohttpd/src/daemon/https/x509/common.h 2008-11-16 05:28:37 UTC
(rev 7900)
@@ -81,9 +81,4 @@
int MHD__gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
ASN1_TYPE src, const char *src_name);
-int MHD__gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
- MHD_gnutls_datum_t * signed_data);
-int MHD__gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
- MHD_gnutls_datum_t * signature);
-
#endif
Deleted: libmicrohttpd/src/daemon/https/x509/x509-api.texi
===================================================================
--- libmicrohttpd/src/daemon/https/x509/x509-api.texi 2008-11-16 05:13:26 UTC
(rev 7899)
+++ libmicrohttpd/src/daemon/https/x509/x509-api.texi 2008-11-16 05:28:37 UTC
(rev 7900)
@@ -1,2943 +0,0 @@
-
address@hidden gnutls_x509_crl_init
address@hidden
address@hidden {int} {gnutls_x509_crl_init} (gnutls_x509_crl_t * @var{crl})
address@hidden: The structure to be initialized
-
-This function will initialize a CRL structure. CRL stands for
-Certificate Revocation List. A revocation list usually contains
-lists of certificate serial numbers that have been revoked
-by an Authority. The revocation lists are always signed with
-the authority's private key.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_deinit
address@hidden
address@hidden {void} {gnutls_x509_crl_deinit} (gnutls_x509_crl_t @var{crl})
address@hidden: The structure to be initialized
-
-This function will deinitialize a CRL structure.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_import
address@hidden
address@hidden {int} {gnutls_x509_crl_import} (gnutls_x509_crl_t @var{crl},
const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
address@hidden: The structure to store the parsed CRL.
-
address@hidden: The DER or PEM encoded CRL.
-
address@hidden: One of DER or PEM
-
-This function will convert the given DER or PEM encoded CRL
-to the native gnutls_x509_crl_t format. The output will be stored in 'crl'.
-
-If the CRL is PEM encoded it should have a header of "X509 CRL".
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_get_issuer_dn
address@hidden
address@hidden {int} {gnutls_x509_crl_get_issuer_dn} (const gnutls_x509_crl_t
@var{crl}, char * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: a pointer to a structure to hold the peer's name (may be null)
-
address@hidden: initially holds the size of @code{buf}
-
-This function will copy the name of the CRL issuer in the provided buffer. The
name
-will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output
-string will be ASCII or UTF-8 encoded, depending on the certificate data.
-
-If buf is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long
enough, and
-in that case the sizeof_buf will be updated with the required size, and
-0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_get_issuer_dn_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t
@var{crl}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag},
void * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: holds an Object Identified in null terminated string
-
address@hidden: In case multiple same OIDs exist in the RDN, this specifies
which to send. Use zero to get the first one.
-
address@hidden: If non zero returns the raw DER data of the DN part.
-
address@hidden: a pointer to a structure to hold the peer's name (may be null)
-
address@hidden: initially holds the size of @code{buf}
-
-This function will extract the part of the name of the CRL issuer specified
-by the given OID. The output will be encoded as described in RFC2253. The
output
-string will be ASCII or UTF-8 encoded, depending on the certificate data.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-If raw flag is zero, this function will only return known OIDs as text. Other
OIDs
-will be DER encoded, as described in RFC2253 -- in hex format with a '\#'
prefix.
-You can check about known OIDs using @code{gnutls_x509_dn_oid_known()}.
-
-If buf is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long
enough, and
-in that case the sizeof_buf will be updated with the required size,
-and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_get_dn_oid
address@hidden
address@hidden {int} {gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl},
int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: Specifies which DN OID to send. Use zero to get the first one.
-
address@hidden: a pointer to a structure to hold the name (may be null)
-
address@hidden: initially holds the size of 'oid'
-
-This function will extract the requested OID of the name of the CRL issuer,
specified
-by the given index.
-
-If oid is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long
enough, and
-in that case the sizeof_oid will be updated with the required size.
-On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_get_signature_algorithm
address@hidden
address@hidden {int} {gnutls_x509_crl_get_signature_algorithm}
(gnutls_x509_crl_t @var{crl})
address@hidden: should contain a gnutls_x509_crl_t structure
-
-This function will return a value of the gnutls_sign_algorithm_t enumeration
that
-is the signature algorithm.
-
-Returns a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_get_signature
address@hidden
address@hidden {int} {gnutls_x509_crl_get_signature} (gnutls_x509_crl_t
@var{crl}, char * @var{sig}, size_t * @var{sizeof_sig})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: a pointer where the signature part will be copied (may be null).
-
address@hidden: initially holds the size of @code{sig}
-
-This function will extract the signature field of a CRL.
-
-Returns 0 on success, and a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_get_version
address@hidden
address@hidden {int} {gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl})
address@hidden: should contain a gnutls_x509_crl_t structure
-
-This function will return the version of the specified CRL.
-
-Returns a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_get_this_update
address@hidden
address@hidden {time_t} {gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t
@var{crl})
address@hidden: should contain a gnutls_x509_crl_t structure
-
-This function will return the time this CRL was issued.
-
-Returns (time_t)-1 on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_get_next_update
address@hidden
address@hidden {time_t} {gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t
@var{crl})
address@hidden: should contain a gnutls_x509_crl_t structure
-
-This function will return the time the next CRL will be issued.
-This field is optional in a CRL so it might be normal to get
-an error instead.
-
-Returns (time_t)-1 on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_get_crt_count
address@hidden
address@hidden {int} {gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t
@var{crl})
address@hidden: should contain a gnutls_x509_crl_t structure
-
-This function will return the number of revoked certificates in the
-given CRL.
-
-Returns a negative value on failure.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_get_crt_serial
address@hidden
address@hidden {int} {gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t
@var{crl}, int @var{indx}, unsigned char * @var{serial}, size_t *
@var{serial_size}, time_t * @var{t})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: the index of the certificate to extract (starting from 0)
-
address@hidden: where the serial number will be copied
-
address@hidden: initially holds the size of serial
-
address@hidden: if non null, will hold the time this certificate was revoked
-
-This function will return the serial number of the specified, by
-the index, revoked certificate.
-
-Returns a negative value on failure.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_export
address@hidden
address@hidden {int} {gnutls_x509_crl_export} (gnutls_x509_crl_t @var{crl},
gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t *
@var{output_data_size})
address@hidden: Holds the revocation list
-
address@hidden: the format of output params. One of PEM or DER.
-
address@hidden: will contain a private key PEM or DER encoded
-
address@hidden: holds the size of output_data (and will be replaced by the
actual size of parameters)
-
-This function will export the revocation list to DER or PEM format.
-
-If the buffer provided is not long enough to hold the output, then
-GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN X509 CRL".
-
-Returns 0 on success, and a negative value on failure.
address@hidden deftypefun
-
address@hidden gnutls_x509_rdn_get
address@hidden
address@hidden {int} {gnutls_x509_rdn_get} (const gnutls_datum_t * @var{idn},
char * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a DER encoded RDN sequence
-
address@hidden: a pointer to a structure to hold the peer's name
-
address@hidden: holds the size of @code{buf}
-
-This function will return the name of the given RDN sequence. The
-name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in
-RFC2253.
-
-If the provided buffer is not long enough, returns
-GNUTLS_E_SHORT_MEMORY_BUFFER and *sizeof_buf will be updated. On
-success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_rdn_get_by_oid
address@hidden
address@hidden {int} {gnutls_x509_rdn_get_by_oid} (const gnutls_datum_t *
@var{idn}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag},
void * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a DER encoded RDN sequence
-
address@hidden: an Object Identifier
-
address@hidden: In case multiple same OIDs exist in the RDN indicates which
-to send. Use 0 for the first one.
-
address@hidden: If non zero then the raw DER data are returned.
-
address@hidden: a pointer to a structure to hold the peer's name
-
address@hidden: holds the size of @code{buf}
-
-This function will return the name of the given Object identifier,
-of the RDN sequence. The name will be encoded using the rules
-from RFC2253.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER and updates *sizeof_buf if
-the provided buffer is not long enough, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_rdn_get_oid
address@hidden
address@hidden {int} {gnutls_x509_rdn_get_oid} (const gnutls_datum_t *
@var{idn}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a DER encoded RDN sequence
-
address@hidden: Indicates which OID to return. Use 0 for the first one.
-
-This function will return the specified Object identifier, of the
-RDN sequence.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER and updates *sizeof_buf if
-the provided buffer is not long enough, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_dn_oid_known
address@hidden
address@hidden {int} {gnutls_x509_dn_oid_known} (const char * @var{oid})
address@hidden: holds an Object Identifier in a null terminated string
-
-This function will inform about known DN OIDs. This is useful since functions
-like @code{gnutls_x509_crt_set_dn_by_oid()} use the information on known
-OIDs to properly encode their input. Object Identifiers that are not
-known are not encoded by these functions, and their input is stored directly
-into the ASN.1 structure. In that case of unknown OIDs, you have
-the responsibility of DER encoding your data.
-
-Returns 1 on known OIDs and 0 otherwise.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_init
address@hidden
address@hidden {int} {gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert})
address@hidden: The structure to be initialized
-
-This function will initialize an X.509 certificate structure.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_deinit
address@hidden
address@hidden {void} {gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert})
address@hidden: The structure to be initialized
-
-This function will deinitialize a CRL structure.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_import
address@hidden
address@hidden {int} {gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert},
const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
address@hidden: The structure to store the parsed certificate.
-
address@hidden: The DER or PEM encoded certificate.
-
address@hidden: One of DER or PEM
-
-This function will convert the given DER or PEM encoded Certificate
-to the native gnutls_x509_crt_t format. The output will be stored in
@code{cert}.
-
-If the Certificate is PEM encoded it should have a header of "X509
CERTIFICATE", or
-"CERTIFICATE".
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_issuer_dn
address@hidden
address@hidden {int} {gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t
@var{cert}, char * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: a pointer to a structure to hold the name (may be null)
-
address@hidden: initially holds the size of @code{buf}
-
-This function will copy the name of the Certificate issuer in the
-provided buffer. The name will be in the form
-"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
-will be ASCII or UTF-8 encoded, depending on the certificate data.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_issuer_dn_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t
@var{cert}, const char * @var{oid}, int @var{indx}, unsigned int
@var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: holds an Object Identified in null terminated string
-
address@hidden: In case multiple same OIDs exist in the RDN, this specifies
which to send. Use zero to get the first one.
-
address@hidden: If non zero returns the raw DER data of the DN part.
-
address@hidden: a pointer to a structure to hold the name (may be null)
-
address@hidden: initially holds the size of @code{buf}
-
-This function will extract the part of the name of the Certificate
-issuer specified by the given OID. The output, if the raw flag is not
-used, will be encoded as described in RFC2253. Thus a string that is
-ASCII or UTF-8 encoded, depending on the certificate data.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-If raw flag is zero, this function will only return known OIDs as
-text. Other OIDs will be DER encoded, as described in RFC2253 --
-in hex format with a '\#' prefix. You can check about known OIDs
-using @code{gnutls_x509_dn_oid_known()}.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_issuer_dn_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t
@var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: This specifies which OID to return. Use zero to get the first
one.
-
address@hidden: a pointer to a buffer to hold the OID (may be null)
-
address@hidden: initially holds the size of @code{oid}
-
-This function will extract the OIDs of the name of the Certificate
-issuer specified by the given index.
-
-If @code{oid} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_oid will be updated with
-the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_dn
address@hidden
address@hidden {int} {gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert},
char * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: a pointer to a structure to hold the name (may be null)
-
address@hidden: initially holds the size of @code{buf}
-
-This function will copy the name of the Certificate in the
-provided buffer. The name will be in the form
-"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
-will be ASCII or UTF-8 encoded, depending on the certificate data.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_dn_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t
@var{cert}, const char * @var{oid}, int @var{indx}, unsigned int
@var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: holds an Object Identified in null terminated string
-
address@hidden: In case multiple same OIDs exist in the RDN, this specifies
which to send. Use zero to get the first one.
-
address@hidden: If non zero returns the raw DER data of the DN part.
-
address@hidden: a pointer where the DN part will be copied (may be null).
-
address@hidden: initially holds the size of @code{buf}
-
-This function will extract the part of the name of the Certificate
-subject specified by the given OID. The output, if the raw flag is not
-used, will be encoded as described in RFC2253. Thus a string that is
-ASCII or UTF-8 encoded, depending on the certificate data.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-If raw flag is zero, this function will only return known OIDs as
-text. Other OIDs will be DER encoded, as described in RFC2253 --
-in hex format with a '\#' prefix. You can check about known OIDs
-using @code{gnutls_x509_dn_oid_known()}.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_dn_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t
@var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: This specifies which OID to return. Use zero to get the first
one.
-
address@hidden: a pointer to a buffer to hold the OID (may be null)
-
address@hidden: initially holds the size of @code{oid}
-
-This function will extract the OIDs of the name of the Certificate
-subject specified by the given index.
-
-If oid is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_oid will be updated with
-the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_signature_algorithm
address@hidden
address@hidden {int} {gnutls_x509_crt_get_signature_algorithm}
(gnutls_x509_crt_t @var{cert})
address@hidden: should contain a gnutls_x509_crt_t structure
-
-This function will return a value of the gnutls_sign_algorithm_t enumeration
that
-is the signature algorithm.
-
-Returns a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_signature
address@hidden
address@hidden {int} {gnutls_x509_crt_get_signature} (gnutls_x509_crt_t
@var{cert}, char * @var{sig}, size_t * @var{sizeof_sig})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: a pointer where the signature part will be copied (may be null).
-
address@hidden: initially holds the size of @code{sig}
-
-This function will extract the signature field of a certificate.
-
-Returns 0 on success, and a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_version
address@hidden
address@hidden {int} {gnutls_x509_crt_get_version} (gnutls_x509_crt_t
@var{cert})
address@hidden: should contain a gnutls_x509_crt_t structure
-
-This function will return the version of the specified Certificate.
-
-Returns a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_activation_time
address@hidden
address@hidden {time_t} {gnutls_x509_crt_get_activation_time}
(gnutls_x509_crt_t @var{cert})
address@hidden: should contain a gnutls_x509_crt_t structure
-
-This function will return the time this Certificate was or will be activated.
-
-Returns (time_t)-1 on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_expiration_time
address@hidden
address@hidden {time_t} {gnutls_x509_crt_get_expiration_time}
(gnutls_x509_crt_t @var{cert})
address@hidden: should contain a gnutls_x509_crt_t structure
-
-This function will return the time this Certificate was or will be expired.
-
-Returns (time_t)-1 on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_serial
address@hidden
address@hidden {int} {gnutls_x509_crt_get_serial} (gnutls_x509_crt_t
@var{cert}, void * @var{result}, size_t * @var{result_size})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: The place where the serial number will be copied
-
address@hidden: Holds the size of the result field.
-
-This function will return the X.509 certificate's serial number.
-This is obtained by the X509 Certificate serialNumber
-field. Serial is not always a 32 or 64bit number. Some CAs use
-large serial numbers, thus it may be wise to handle it as something
-opaque.
-
-Returns 0 on success and a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_subject_key_id
address@hidden
address@hidden {int} {gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t
@var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int *
@var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: The place where the identifier will be copied
-
address@hidden: Holds the size of the result field.
-
address@hidden: will be non zero if the extension is marked as critical (may be
null)
-
-This function will return the X.509v3 certificate's subject key identifier.
-This is obtained by the X.509 Subject Key identifier extension
-field (2.5.29.14).
-
-Returns 0 on success and a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_authority_key_id
address@hidden
address@hidden {int} {gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t
@var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int *
@var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: will be non zero if the extension is marked as critical (may be
null)
-
-This function will return the X.509v3 certificate authority's key identifier.
-This is obtained by the X.509 Authority Key identifier extension
-field (2.5.29.35). Note that this function only returns the keyIdentifier
-field of the extension.
-
-Returns 0 on success and a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_pk_algorithm
address@hidden
address@hidden {int} {gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t
@var{cert}, unsigned int * @var{bits})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: if bits is non null it will hold the size of the parameters' in
bits
-
-This function will return the public key algorithm of an X.509
-certificate.
-
-If bits is non null, it should have enough size to hold the parameters
-size in bits. For RSA the bits returned is the modulus.
-For DSA the bits returned are of the public
-exponent.
-
-Returns a member of the gnutls_pk_algorithm_t enumeration on success,
-or a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_subject_alt_name
address@hidden
address@hidden {int} {gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t
@var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size},
unsigned int * @var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: specifies the sequence number of the alt name (0 for the first
one, 1 for the second etc.)
-
address@hidden: is the place where the alternative name will be copied to
-
address@hidden: holds the size of ret.
-
address@hidden: will be non zero if the extension is marked as critical (may be
null)
-
-This function will return the alternative names, contained in the
-given certificate.
-
-This is specified in X509v3 Certificate Extensions. GNUTLS will
-return the Alternative name (2.5.29.17), or a negative error code.
-
-When the SAN type is otherName, it will extract the data in the
-otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned.
-You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get
-the corresponding OID and the "virtual" SAN types (e.g.,
address@hidden).
-
-If an otherName OID is known, the data will be decoded. Otherwise
-the returned data will be DER encoded, and you will have to decode
-it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is
-recognized.
-
-Returns the alternative subject name type on success. The type is
-one of the enumerated gnutls_x509_subject_alt_name_t. It will
-return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large
-enough to hold the value. In that case @code{ret_size} will be updated
-with the required size. If the certificate does not have an
-Alternative name with the specified sequence number then
address@hidden is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_subject_alt_name2
address@hidden
address@hidden {int} {gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t
@var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size},
unsigned int* @var{ret_type}, unsigned int * @var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: specifies the sequence number of the alt name (0 for the first
one, 1 for the second etc.)
-
address@hidden: is the place where the alternative name will be copied to
-
address@hidden: holds the size of ret.
-
address@hidden: holds the type of the alternative name (one of
gnutls_x509_subject_alt_name_t).
-
address@hidden: will be non zero if the extension is marked as critical (may be
null)
-
-This function will return the alternative names, contained in the
-given certificate. It is the same as
@code{gnutls_x509_crt_get_subject_alt_name()}
-except for the fact that it will return the type of the alternative
-name in @code{ret_type} even if the function fails for some reason (i.e.
-the buffer provided is not enough).
-
-The return values are the same as with
@code{gnutls_x509_crt_get_subject_alt_name()}.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_subject_alt_othername_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_get_subject_alt_othername_oid}
(gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t
* @var{ret_size})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: specifies the sequence number of the alt name (0 for the first
one, 1 for the second etc.)
-
address@hidden: is the place where the otherName OID will be copied to
-
address@hidden: holds the size of ret.
-
-This function will extract the type OID of an otherName Subject
-Alternative Name, contained in the given certificate, and return
-the type as an enumerated element.
-
-This function is only useful if
address@hidden()} returned
address@hidden
-
-Returns the alternative subject name type on success. The type is
-one of the enumerated gnutls_x509_subject_alt_name_t. For
-supported OIDs, it will return one of the virtual
-(GNUTLS_SAN_OTHERNAME_*) types, e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP},
-and @code{GNUTLS_SAN_OTHERNAME} for unknown OIDs. It will return
address@hidden if @code{ret_size} is not large enough to
-hold the value. In that case @code{ret_size} will be updated with the
-required size. If the certificate does not have an Alternative
-name with the specified sequence number and with the otherName type
-then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_basic_constraints
address@hidden
address@hidden {int} {gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t
@var{cert}, unsigned int * @var{critical}, int * @var{ca}, int * @var{pathlen})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: will be non zero if the extension is marked as critical
-
address@hidden: pointer to output integer indicating CA status, may be NULL,
-value is 1 if the certificate CA flag is set, 0 otherwise.
-
address@hidden: pointer to output integer indicating path length (may be
-NULL), non-negative values indicate a present pathLenConstraint
-field and the actual value, -1 indicate that the field is absent.
-
-This function will read the certificate's basic constraints, and
-return the certificates CA status. It reads the basicConstraints
-X.509 extension (2.5.29.19).
-
address@hidden value:} If the certificate is a CA a positive value will be
-returned, or zero if the certificate does not have CA flag set. A
-negative value may be returned in case of errors. If the
-certificate does not contain the basicConstraints extension
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_ca_status
address@hidden
address@hidden {int} {gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t
@var{cert}, unsigned int * @var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: will be non zero if the extension is marked as critical
-
-This function will return certificates CA status, by reading the
-basicConstraints X.509 extension (2.5.29.19). If the certificate is
-a CA a positive value will be returned, or zero if the certificate
-does not have CA flag set.
-
-Use @code{gnutls_x509_crt_get_basic_constraints()} if you want to read the
-pathLenConstraint field too.
-
-A negative value may be returned in case of parsing error.
-If the certificate does not contain the basicConstraints extension
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_key_usage
address@hidden
address@hidden {int} {gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t
@var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: where the key usage bits will be stored
-
address@hidden: will be non zero if the extension is marked as critical
-
-This function will return certificate's key usage, by reading the
-keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of
the:
-GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION,
-GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT,
-GNUTLS_KEY_KEY_AGREEMENT, GNUTLS_KEY_KEY_CERT_SIGN,
-GNUTLS_KEY_CRL_SIGN, GNUTLS_KEY_ENCIPHER_ONLY,
-GNUTLS_KEY_DECIPHER_ONLY.
-
-A negative value may be returned in case of parsing error.
-If the certificate does not contain the keyUsage extension
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_proxy
address@hidden
address@hidden {int} {gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert},
unsigned int * @var{critical}, int * @var{pathlen}, char **
@var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: will be non zero if the extension is marked as critical
-
address@hidden: pointer to output integer indicating path length (may be
-NULL), non-negative values indicate a present pCPathLenConstraint
-field and the actual value, -1 indicate that the field is absent.
-
-This function will read the certificate's basic constraints, and
-return the certificates CA status. It reads the basicConstraints
-X.509 extension (2.5.29.19).
-
address@hidden value:} If the certificate is a CA a positive value will be
-returned, or zero if the certificate does not have CA flag set. A
-negative value may be returned in case of errors. If the
-certificate does not contain the basicConstraints extension
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_extension_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t
@var{cert}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t *
@var{sizeof_buf}, unsigned int * @var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: holds an Object Identified in null terminated string
-
address@hidden: In case multiple same OIDs exist in the extensions, this
specifies which to send. Use zero to get the first one.
-
address@hidden: a pointer to a structure to hold the name (may be null)
-
address@hidden: initially holds the size of @code{buf}
-
address@hidden: will be non zero if the extension is marked as critical
-
-This function will return the extension specified by the OID in the
certificate.
-The extensions will be returned as binary data DER encoded, in the provided
-buffer.
-
-A negative value may be returned in case of parsing error.
-If the certificate does not contain the specified extension
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_extension_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t
@var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: Specifies which extension OID to send. Use zero to get the
first one.
-
address@hidden: a pointer to a structure to hold the OID (may be null)
-
address@hidden: initially holds the size of @code{oid}
-
-This function will return the requested extension OID in the certificate.
-The extension OID will be stored as a string in the provided buffer.
-
-A negative value may be returned in case of parsing error.
-If your have reached the last extension available
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_extension_info
address@hidden
address@hidden {int} {gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t
@var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, int *
@var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: Specifies which extension OID to send. Use zero to get the
first one.
-
address@hidden: a pointer to a structure to hold the OID
-
address@hidden: initially holds the size of @code{oid}
-
address@hidden: output variable with critical flag, may be NULL.
-
-This function will return the requested extension OID in the
-certificate, and the critical flag for it. The extension OID will
-be stored as a string in the provided buffer. Use
address@hidden()} to extract the data.
-
-Return 0 on success. A negative value may be returned in case of
-parsing error. If you have reached the last extension available
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_extension_data
address@hidden
address@hidden {int} {gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t
@var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: Specifies which extension OID to send. Use zero to get the
first one.
-
address@hidden: a pointer to a structure to hold the data (may be null)
-
address@hidden: initially holds the size of @code{oid}
-
-This function will return the requested extension data in the
-certificate. The extension data will be stored as a string in the
-provided buffer.
-
-Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID and
-critical flag. Use @code{gnutls_x509_crt_get_extension_by_oid()} instead,
-if you want to get data indexed by the extension OID rather than
-sequence.
-
-Return 0 on success. A negative value may be returned in case of
-parsing error. If you have reached the last extension available
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_raw_issuer_dn
address@hidden
address@hidden {int} {gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t
@var{cert}, gnutls_datum_t * @var{start})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: will hold the starting point of the DN
-
-This function will return a pointer to the DER encoded DN structure
-and the length.
-
-Returns 0 on success or a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_raw_dn
address@hidden
address@hidden {int} {gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t
@var{cert}, gnutls_datum_t * @var{start})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: will hold the starting point of the DN
-
-This function will return a pointer to the DER encoded DN structure and
-the length.
-
-Returns 0 on success, or a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_subject
address@hidden
address@hidden {int} {gnutls_x509_crt_get_subject} (gnutls_x509_crt_t
@var{cert}, gnutls_x509_dn_t * @var{dn})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: output variable with pointer to opaque DN.
-
-Return the Certificate's Subject DN as an opaque data type. You
-may use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN.
-
address@hidden:} Returns 0 on success, or an error code.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_issuer
address@hidden
address@hidden {int} {gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t
@var{cert}, gnutls_x509_dn_t * @var{dn})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: output variable with pointer to opaque DN
-
-Return the Certificate's Issuer DN as an opaque data type. You may
-use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN.
-
-Note that @code{dn} points into the @code{cert} object, and thus you may not
-deallocate @code{cert} and continue to access @code{dn}.
-
address@hidden:} Returns 0 on success, or an error code.
address@hidden deftypefun
-
address@hidden gnutls_x509_dn_get_rdn_ava
address@hidden
address@hidden {int} {gnutls_x509_dn_get_rdn_ava} (gnutls_x509_dn_t @var{dn},
int @var{irdn}, int @var{iava}, gnutls_x509_ava_st * @var{ava})
address@hidden: input variable with opaque DN pointer
-
address@hidden: index of RDN
-
address@hidden: index of AVA.
-
address@hidden: Pointer to structure which will hold output information.
-
-Get pointers to data within the DN.
-
-Note that @code{ava} will contain pointers into the @code{dn} structure, so you
-should not modify any data or deallocate it. Note also that the DN
-in turn points into the original certificate structure, and thus
-you may not deallocate the certificate and continue to access @code{dn}.
-
address@hidden:} Returns 0 on success, or an error code.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_fingerprint
address@hidden
address@hidden {int} {gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t
@var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t *
@var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: is a digest algorithm
-
address@hidden: a pointer to a structure to hold the fingerprint (may be null)
-
address@hidden: initially holds the size of @code{buf}
-
-This function will calculate and copy the certificate's fingerprint
-in the provided buffer.
-
-If the buffer is null then only the size will be filled.
-
address@hidden:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
-not long enough, and in that case the *sizeof_buf will be updated
-with the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_export
address@hidden
address@hidden {int} {gnutls_x509_crt_export} (gnutls_x509_crt_t @var{cert},
gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t *
@var{output_data_size})
address@hidden: Holds the certificate
-
address@hidden: the format of output params. One of PEM or DER.
-
address@hidden: will contain a certificate PEM or DER encoded
-
address@hidden: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the certificate to DER or PEM format.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN CERTIFICATE".
-
address@hidden value:} In case of failure a negative value will be
-returned, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_key_id
address@hidden
address@hidden {int} {gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt},
unsigned int @var{flags}, unsigned char * @var{output_data}, size_t *
@var{output_data_size})
address@hidden: Holds the certificate
-
address@hidden: should be 0 for now
-
address@hidden: will contain the key ID
-
address@hidden: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will return a unique ID the depends on the public
-key parameters. This ID can be used in checking whether a
-certificate corresponds to the given private key.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned. The output will normally be a SHA-1 hash output,
-which is 20 bytes.
-
address@hidden value:} In case of failure a negative value will be
-returned, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_check_revocation
address@hidden
address@hidden {int} {gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t
@var{cert}, const gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_length})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: should contain a list of gnutls_x509_crl_t structures
-
address@hidden: the length of the crl_list
-
-This function will return check if the given certificate is
-revoked. It is assumed that the CRLs have been verified before.
-
address@hidden:} 0 if the certificate is NOT revoked, and 1 if it is. A
-negative value is returned on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_verify_data
address@hidden
address@hidden {int} {gnutls_x509_crt_verify_data} (gnutls_x509_crt_t
@var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const
gnutls_datum_t * @var{signature})
address@hidden: Holds the certificate
-
address@hidden: should be 0 for now
-
address@hidden: holds the data to be signed
-
address@hidden: contains the signature
-
-This function will verify the given signed data, using the
-parameters from the certificate.
-
address@hidden:} In case of a verification failure 0 is returned, and 1 on
-success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_crl_dist_points
address@hidden
address@hidden {int} {gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t
@var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size},
unsigned int * @var{reason_flags}, unsigned int * @var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: specifies the sequence number of the distribution point (0 for
the first one, 1 for the second etc.)
-
address@hidden: is the place where the distribution point will be copied to
-
address@hidden: holds the size of ret.
-
address@hidden: Revocation reasons flags.
-
address@hidden: will be non zero if the extension is marked as critical (may be
null)
-
-This function will return the CRL distribution points (2.5.29.31),
-contained in the given certificate.
-
address@hidden should be an ORed sequence of
-GNUTLS_CRL_REASON_UNUSED, GNUTLS_CRL_REASON_KEY_COMPROMISE,
-GNUTLS_CRL_REASON_CA_COMPROMISE,
-GNUTLS_CRL_REASON_AFFILIATION_CHANGED,
-GNUTLS_CRL_REASON_SUPERSEEDED,
-GNUTLS_CRL_REASON_CESSATION_OF_OPERATION,
-GNUTLS_CRL_REASON_CERTIFICATE_HOLD,
-GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN,
-GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons.
-
-This is specified in X509v3 Certificate Extensions. GNUTLS will
-return the distribution point type, or a negative error code on
-error.
-
-Returns @code{GNUTLS_E_SHORT_MEMORY_BUFFER} and updates &@code{ret_size} if
-&@code{ret_size} is not enough to hold the distribution point, or the
-type of the distribution point if everything was ok. The type is
-one of the enumerated @code{gnutls_x509_subject_alt_name_t}. If the
-certificate does not have an Alternative name with the specified
-sequence number then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is
-returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_key_purpose_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t
@var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid},
unsigned int * @var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: This specifies which OID to return. Use zero to get the first
one.
-
address@hidden: a pointer to a buffer to hold the OID (may be null)
-
address@hidden: initially holds the size of @code{oid}
-
-This function will extract the key purpose OIDs of the Certificate
-specified by the given index. These are stored in the Extended Key
-Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for
-human readable names.
-
-If @code{oid} is null then only the size will be filled.
-
address@hidden:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
-not long enough, and in that case the *sizeof_oid will be updated
-with the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_pk_rsa_raw
address@hidden
address@hidden {int} {gnutls_x509_crt_get_pk_rsa_raw} (gnutls_x509_crt_t
@var{crt}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e})
address@hidden: Holds the certificate
-
address@hidden: will hold the modulus
-
address@hidden: will hold the public exponent
-
-This function will export the RSA public key's parameters found in
-the given structure. The new parameters will be allocated using
address@hidden()} and will be stored in the appropriate datum.
-
address@hidden:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_get_pk_dsa_raw
address@hidden
address@hidden {int} {gnutls_x509_crt_get_pk_dsa_raw} (gnutls_x509_crt_t
@var{crt}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t *
@var{g}, gnutls_datum_t * @var{y})
address@hidden: Holds the certificate
-
address@hidden: will hold the p
-
address@hidden: will hold the q
-
address@hidden: will hold the g
-
address@hidden: will hold the y
-
-This function will export the DSA public key's parameters found in
-the given certificate. The new parameters will be allocated using
address@hidden()} and will be stored in the appropriate datum.
-
address@hidden:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_list_import
address@hidden
address@hidden {int} {gnutls_x509_crt_list_import} (gnutls_x509_crt_t *
@var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data},
gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
address@hidden: The structures to store the parsed certificate. Must not be
initialized.
-
address@hidden: Initially must hold the maximum number of certs. It will be
updated with the number of certs available.
-
address@hidden: The PEM encoded certificate.
-
address@hidden: One of DER or PEM.
-
address@hidden: must be zero or an OR'd sequence of
gnutls_certificate_import_flags.
-
-This function will convert the given PEM encoded certificate list
-to the native gnutls_x509_crt_t format. The output will be stored
-in @code{certs}. They will be automatically initialized.
-
-If the Certificate is PEM encoded it should have a header of "X509
-CERTIFICATE", or "CERTIFICATE".
-
address@hidden:} the number of certificates read or a negative error value.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_check_hostname
address@hidden
address@hidden {int} {gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t
@var{cert}, const char * @var{hostname})
address@hidden: should contain an gnutls_x509_crt_t structure
-
address@hidden: A null terminated string that contains a DNS name
-
-This function will check if the given certificate's subject
-matches the given hostname. This is a basic implementation of the
-matching described in RFC2818 (HTTPS), which takes into account
-wildcards, and the DNSName/IPAddress subject alternative name PKIX
-extension.
-
-Returns non zero for a successful match, and zero on failure.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_check_issuer
address@hidden
address@hidden {int} {gnutls_x509_crt_check_issuer} (gnutls_x509_crt_t
@var{cert}, gnutls_x509_crt_t @var{issuer})
address@hidden: is the certificate to be checked
-
address@hidden: is the certificate of a possible issuer
-
-This function will check if the given certificate was issued by the
-given issuer. It will return true (1) if the given certificate is issued
-by the given issuer, and false (0) if not.
-
-A negative value is returned in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_list_verify
address@hidden
address@hidden {int} {gnutls_x509_crt_list_verify} (const gnutls_x509_crt_t *
@var{cert_list}, int @var{cert_list_length}, const gnutls_x509_crt_t *
@var{CA_list}, int @var{CA_list_length}, const gnutls_x509_crl_t *
@var{CRL_list}, int @var{CRL_list_length}, unsigned int @var{flags}, unsigned
int * @var{verify})
address@hidden: is the certificate list to be verified
-
address@hidden: holds the number of certificate in cert_list
-
address@hidden: is the CA list which will be used in verification
-
address@hidden: holds the number of CA certificate in CA_list
-
address@hidden: holds a list of CRLs.
-
address@hidden: the length of CRL list.
-
address@hidden: Flags that may be used to change the verification algorithm.
Use OR of the gnutls_certificate_verify_flags enumerations.
-
address@hidden: will hold the certificate verification output.
-
-This function will try to verify the given certificate list and return its
status.
-Note that expiration and activation dates are not checked
-by this function, you should check them using the appropriate functions.
-
-If no flags are specified (0), this function will use the
-basicConstraints (2.5.29.19) PKIX extension. This means that only a
certificate
-authority is allowed to sign a certificate.
-
-You must also check the peer's name in order to check if the verified
-certificate belongs to the actual peer.
-
-The certificate verification output will be put in @code{verify} and will be
-one or more of the gnutls_certificate_status_t enumerated elements bitwise
or'd.
-For a more detailed verification status use @code{gnutls_x509_crt_verify()}
per list
-element.
-
address@hidden:} the certificate chain is not valid.
-
address@hidden:} a certificate in the chain has been revoked.
-
-Returns 0 on success and a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_verify
address@hidden
address@hidden {int} {gnutls_x509_crt_verify} (gnutls_x509_crt_t @var{cert},
const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int
@var{flags}, unsigned int * @var{verify})
address@hidden: is the certificate to be verified
-
address@hidden: is one certificate that is considered to be trusted one
-
address@hidden: holds the number of CA certificate in CA_list
-
address@hidden: Flags that may be used to change the verification algorithm.
Use OR of the gnutls_certificate_verify_flags enumerations.
-
address@hidden: will hold the certificate verification output.
-
-This function will try to verify the given certificate and return its status.
-The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID.
-
-Returns 0 on success and a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_check_issuer
address@hidden
address@hidden {int} {gnutls_x509_crl_check_issuer} (gnutls_x509_crl_t
@var{cert}, gnutls_x509_crt_t @var{issuer})
address@hidden: is the certificate of a possible issuer
-
-This function will check if the given CRL was issued by the
-given issuer certificate. It will return true (1) if the given CRL was issued
-by the given issuer, and false (0) if not.
-
-A negative value is returned in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_verify
address@hidden
address@hidden {int} {gnutls_x509_crl_verify} (gnutls_x509_crl_t @var{crl},
const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int
@var{flags}, unsigned int * @var{verify})
address@hidden: is the crl to be verified
-
address@hidden: is a certificate list that is considered to be trusted one
-
address@hidden: holds the number of CA certificates in CA_list
-
address@hidden: Flags that may be used to change the verification algorithm.
Use OR of the gnutls_certificate_verify_flags enumerations.
-
address@hidden: will hold the crl verification output.
-
-This function will try to verify the given crl and return its status.
-See @code{gnutls_x509_crt_list_verify()} for a detailed description of
-return values.
-
-Returns 0 on success and a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_init
address@hidden
address@hidden {int} {gnutls_x509_privkey_init} (gnutls_x509_privkey_t *
@var{key})
address@hidden: The structure to be initialized
-
-This function will initialize an private key structure.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_deinit
address@hidden
address@hidden {void} {gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t
@var{key})
address@hidden: The structure to be initialized
-
-This function will deinitialize a private key structure.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_cpy
address@hidden
address@hidden {int} {gnutls_x509_privkey_cpy} (gnutls_x509_privkey_t
@var{dst}, gnutls_x509_privkey_t @var{src})
address@hidden: The destination key, which should be initialized.
-
address@hidden: The source key
-
-This function will copy a private key from source to destination key.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_import
address@hidden
address@hidden {int} {gnutls_x509_privkey_import} (gnutls_x509_privkey_t
@var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t
@var{format})
address@hidden: The structure to store the parsed key
-
address@hidden: The DER or PEM encoded certificate.
-
address@hidden: One of DER or PEM
-
-This function will convert the given DER or PEM encoded key
-to the native gnutls_x509_privkey_t format. The output will be stored in
@code{key} .
-
-If the key is PEM encoded it should have a header of "RSA PRIVATE KEY", or
-"DSA PRIVATE KEY".
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_import_rsa_raw
address@hidden
address@hidden {int} {gnutls_x509_privkey_import_rsa_raw}
(gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const
gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t
* @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u})
address@hidden: The structure to store the parsed key
-
address@hidden: holds the modulus
-
address@hidden: holds the public exponent
-
address@hidden: holds the private exponent
-
address@hidden: holds the first prime (p)
-
address@hidden: holds the second prime (q)
-
address@hidden: holds the coefficient
-
-This function will convert the given RSA raw parameters
-to the native gnutls_x509_privkey_t format. The output will be stored in
@code{key}.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_import_dsa_raw
address@hidden
address@hidden {int} {gnutls_x509_privkey_import_dsa_raw}
(gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const
gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t
* @var{y}, const gnutls_datum_t * @var{x})
address@hidden: The structure to store the parsed key
-
address@hidden: holds the p
-
address@hidden: holds the q
-
address@hidden: holds the g
-
address@hidden: holds the y
-
address@hidden: holds the x
-
-This function will convert the given DSA raw parameters
-to the native gnutls_x509_privkey_t format. The output will be stored in
@code{key}.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_get_pk_algorithm
address@hidden
address@hidden {int} {gnutls_x509_privkey_get_pk_algorithm}
(gnutls_x509_privkey_t @var{key})
address@hidden: should contain a gnutls_x509_privkey_t structure
-
-This function will return the public key algorithm of a private
-key.
-
-Returns a member of the gnutls_pk_algorithm_t enumeration on success,
-or a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_export
address@hidden
address@hidden {int} {gnutls_x509_privkey_export} (gnutls_x509_privkey_t
@var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t
* @var{output_data_size})
address@hidden: Holds the key
-
address@hidden: the format of output params. One of PEM or DER.
-
address@hidden: will contain a private key PEM or DER encoded
-
address@hidden: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the private key to a PKCS1 structure for
-RSA keys, or an integer sequence for DSA keys. The DSA keys are in
-the same format with the parameters used by openssl.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN RSA PRIVATE KEY".
-
address@hidden value:} In case of failure a negative value will be
-returned, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_export_rsa_raw
address@hidden
address@hidden {int} {gnutls_x509_privkey_export_rsa_raw}
(gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t *
@var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t *
@var{q}, gnutls_datum_t * @var{u})
address@hidden: a structure that holds the rsa parameters
-
address@hidden: will hold the modulus
-
address@hidden: will hold the public exponent
-
address@hidden: will hold the private exponent
-
address@hidden: will hold the first prime (p)
-
address@hidden: will hold the second prime (q)
-
address@hidden: will hold the coefficient
-
-This function will export the RSA private key's parameters found in the given
-structure. The new parameters will be allocated using
address@hidden()} and will be stored in the appropriate datum.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_export_dsa_raw
address@hidden
address@hidden {int} {gnutls_x509_privkey_export_dsa_raw}
(gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t *
@var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t *
@var{x})
address@hidden: will hold the p
-
address@hidden: will hold the q
-
address@hidden: will hold the g
-
address@hidden: will hold the y
-
address@hidden: will hold the x
-
-This function will export the DSA private key's parameters found in the given
-structure. The new parameters will be allocated using
address@hidden()} and will be stored in the appropriate datum.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_generate
address@hidden
address@hidden {int} {gnutls_x509_privkey_generate} (gnutls_x509_privkey_t
@var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned
int @var{flags})
address@hidden: should contain a gnutls_x509_privkey_t structure
-
address@hidden: is one of RSA or DSA.
-
address@hidden: the size of the modulus
-
address@hidden: unused for now. Must be 0.
-
-This function will generate a random private key. Note that
-this function must be called on an empty private key.
-
-Returns 0 on success or a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_get_key_id
address@hidden
address@hidden {int} {gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t
@var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t
* @var{output_data_size})
address@hidden: Holds the key
-
address@hidden: should be 0 for now
-
address@hidden: will contain the key ID
-
address@hidden: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will return a unique ID the depends on the public key
-parameters. This ID can be used in checking whether a certificate
-corresponds to the given key.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned. The output will normally be a SHA-1 hash output,
-which is 20 bytes.
-
address@hidden value:} In case of failure a negative value will be
-returned, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_sign_data
address@hidden
address@hidden {int} {gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t
@var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags},
const gnutls_datum_t * @var{data}, void * @var{signature}, size_t *
@var{signature_size})
address@hidden: Holds the key
-
address@hidden: should be MD5 or SHA1
-
address@hidden: should be 0 for now
-
address@hidden: holds the data to be signed
-
address@hidden: will contain the signature
-
address@hidden: holds the size of signature (and will be replaced
-by the new size)
-
-This function will sign the given data using a signature algorithm
-supported by the private key. Signature algorithms are always used
-together with a hash functions. Different hash functions may be
-used for the RSA algorithm, but only SHA-1 for the DSA keys.
-
-If the buffer provided is not long enough to hold the output, then
-*signature_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned.
-
-In case of failure a negative value will be returned, and
-0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_sign_hash
address@hidden
address@hidden {int} {gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t
@var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature})
address@hidden: Holds the key
-
address@hidden: holds the data to be signed
-
address@hidden: will contain newly allocated signature
-
-This function will sign the given hash using the private key.
-
address@hidden value:} In case of failure a negative value will be returned,
-and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_verify_data
address@hidden
address@hidden {int} {gnutls_x509_privkey_verify_data} (gnutls_x509_privkey_t
@var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const
gnutls_datum_t * @var{signature})
address@hidden: Holds the key
-
address@hidden: should be 0 for now
-
address@hidden: holds the data to be signed
-
address@hidden: contains the signature
-
-This function will verify the given signed data, using the parameters in the
-private key.
-
-In case of a verification failure 0 is returned, and
-1 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_fix
address@hidden
address@hidden {int} {gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key})
address@hidden: Holds the key
-
-This function will recalculate the secondary parameters in a key.
-In RSA keys, this can be the coefficient and exponent1,2.
-
address@hidden value:} In case of failure a negative value will be
-returned, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_init
address@hidden
address@hidden {int} {gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7})
address@hidden: The structure to be initialized
-
-This function will initialize a PKCS7 structure. PKCS7 structures
-usually contain lists of X.509 Certificates and X.509 Certificate
-revocation lists.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_deinit
address@hidden
address@hidden {void} {gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7})
address@hidden: The structure to be initialized
-
-This function will deinitialize a PKCS7 structure.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_import
address@hidden
address@hidden {int} {gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const
gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
address@hidden: The structure to store the parsed PKCS7.
-
address@hidden: The DER or PEM encoded PKCS7.
-
address@hidden: One of DER or PEM
-
-This function will convert the given DER or PEM encoded PKCS7
-to the native gnutls_pkcs7_t format. The output will be stored in 'pkcs7'.
-
-If the PKCS7 is PEM encoded it should have a header of "PKCS7".
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_get_crt_raw
address@hidden
address@hidden {int} {gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7},
int @var{indx}, void * @var{certificate}, size_t * @var{certificate_size})
address@hidden: contains the index of the certificate to extract
-
address@hidden: the contents of the certificate will be copied there (may be
null)
-
address@hidden: should hold the size of the certificate
-
-This function will return a certificate of the PKCS7 or RFC2630 certificate
set.
-Returns 0 on success. If the provided buffer is not long enough,
-then @code{certificate_size} is updated and GNUTLS_E_SHORT_MEMORY_BUFFER is
returned.
-
-After the last certificate has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
-will be returned.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_get_crt_count
address@hidden
address@hidden {int} {gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7})
-This function will return the number of certifcates in the PKCS7 or
-RFC2630 certificate set.
-
-Returns a negative value on failure.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_export
address@hidden
address@hidden {int} {gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7},
gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t *
@var{output_data_size})
address@hidden: Holds the pkcs7 structure
-
address@hidden: the format of output params. One of PEM or DER.
-
address@hidden: will contain a structure PEM or DER encoded
-
address@hidden: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the pkcs7 structure to DER or PEM format.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN PKCS7".
-
address@hidden value:} In case of failure a negative value will be
-returned, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_set_crt_raw
address@hidden
address@hidden {int} {gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7},
const gnutls_datum_t * @var{crt})
address@hidden: the DER encoded certificate to be added
-
-This function will add a certificate to the PKCS7 or RFC2630 certificate set.
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_set_crt
address@hidden
address@hidden {int} {gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7},
gnutls_x509_crt_t @var{crt})
address@hidden: the certificate to be copied.
-
-This function will add a parsed certificate to the PKCS7 or RFC2630
certificate set.
-This is a wrapper function over @code{gnutls_pkcs7_set_crt_raw()} .
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_delete_crt
address@hidden
address@hidden {int} {gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int
@var{indx})
address@hidden: the index of the certificate to delete
-
-This function will delete a certificate from a PKCS7 or RFC2630 certificate
set.
-Index starts from 0. Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_get_crl_raw
address@hidden
address@hidden {int} {gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7},
int @var{indx}, void * @var{crl}, size_t * @var{crl_size})
address@hidden: contains the index of the crl to extract
-
address@hidden: the contents of the crl will be copied there (may be null)
-
address@hidden: should hold the size of the crl
-
-This function will return a crl of the PKCS7 or RFC2630 crl set.
-Returns 0 on success. If the provided buffer is not long enough,
-then @code{crl_size} is updated and GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
-
-After the last crl has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
-will be returned.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_get_crl_count
address@hidden
address@hidden {int} {gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7})
-This function will return the number of certifcates in the PKCS7 or
-RFC2630 crl set.
-
-Returns a negative value on failure.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_set_crl_raw
address@hidden
address@hidden {int} {gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7},
const gnutls_datum_t * @var{crl})
address@hidden: the DER encoded crl to be added
-
-This function will add a crl to the PKCS7 or RFC2630 crl set.
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_set_crl
address@hidden
address@hidden {int} {gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7},
gnutls_x509_crl_t @var{crl})
address@hidden: the DER encoded crl to be added
-
-This function will add a parsed crl to the PKCS7 or RFC2630 crl set.
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs7_delete_crl
address@hidden
address@hidden {int} {gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int
@var{indx})
address@hidden: the index of the crl to delete
-
-This function will delete a crl from a PKCS7 or RFC2630 crl set.
-Index starts from 0. Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_init
address@hidden
address@hidden {int} {gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq})
address@hidden: The structure to be initialized
-
-This function will initialize a PKCS10 certificate request structure.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_deinit
address@hidden
address@hidden {void} {gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq})
address@hidden: The structure to be initialized
-
-This function will deinitialize a CRL structure.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_import
address@hidden
address@hidden {int} {gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq},
const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
address@hidden: The structure to store the parsed certificate request.
-
address@hidden: The DER or PEM encoded certificate.
-
address@hidden: One of DER or PEM
-
-This function will convert the given DER or PEM encoded Certificate
-to the native gnutls_x509_crq_t format. The output will be stored in
@code{cert}.
-
-If the Certificate is PEM encoded it should have a header of "NEW CERTIFICATE
REQUEST".
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_get_dn
address@hidden
address@hidden {int} {gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq},
char * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: a pointer to a structure to hold the name (may be null)
-
address@hidden: initially holds the size of @code{buf}
-
-This function will copy the name of the Certificate request
-subject in the provided buffer. The name will be in the form
-"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
-will be ASCII or UTF-8 encoded, depending on the certificate data.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_get_dn_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t
@var{crq}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag},
void * @var{buf}, size_t * @var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: holds an Object Identified in null terminated string
-
address@hidden: In case multiple same OIDs exist in the RDN, this specifies
-which to send. Use zero to get the first one.
-
address@hidden: If non zero returns the raw DER data of the DN part.
-
address@hidden: a pointer to a structure to hold the name (may be null)
-
address@hidden: initially holds the size of @code{buf}
-
-This function will extract the part of the name of the Certificate
-request subject, specified by the given OID. The output will be
-encoded as described in RFC2253. The output string will be ASCII
-or UTF-8 encoded, depending on the certificate data.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-If raw flag is zero, this function will only return known OIDs as
-text. Other OIDs will be DER encoded, as described in RFC2253 --
-in hex format with a '\#' prefix. You can check about known OIDs
-using @code{gnutls_x509_dn_oid_known()}.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_get_dn_oid
address@hidden
address@hidden {int} {gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq},
int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: Specifies which DN OID to send. Use zero to get the first one.
-
address@hidden: a pointer to a structure to hold the name (may be null)
-
address@hidden: initially holds the size of @code{oid}
-
-This function will extract the requested OID of the name of the
-Certificate request subject, specified by the given index.
-
-If oid is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_oid will be updated with
-the required size. On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_get_challenge_password
address@hidden
address@hidden {int} {gnutls_x509_crq_get_challenge_password}
(gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{sizeof_pass})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: will hold a null terminated password
-
address@hidden: Initially holds the size of @code{pass}.
-
-This function will return the challenge password in the
-request.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_set_attribute_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t
@var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: holds an Object Identified in null terminated string
-
address@hidden: a pointer to a structure that holds the attribute data
-
address@hidden: holds the size of @code{buf}
-
-This function will set the attribute in the certificate request specified
-by the given Object ID. The attribute must be be DER encoded.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_get_attribute_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t
@var{crq}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t *
@var{sizeof_buf})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: holds an Object Identified in null terminated string
-
address@hidden: In case multiple same OIDs exist in the attribute list, this
specifies
-which to send. Use zero to get the first one.
-
address@hidden: a pointer to a structure to hold the attribute data (may be
null)
-
address@hidden: initially holds the size of @code{buf}
-
-This function will return the attribute in the certificate request specified
-by the given Object ID. The attribute will be DER encoded.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_set_dn_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t
@var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void *
@var{data}, unsigned int @var{sizeof_data})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: holds an Object Identifier in a null terminated string
-
address@hidden: must be 0, or 1 if the data are DER encoded
-
address@hidden: a pointer to the input data
-
address@hidden: holds the size of @code{data}
-
-This function will set the part of the name of the Certificate request
subject, specified
-by the given OID. The input string should be ASCII or UTF-8 encoded.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-With this function you can only set the known OIDs. You can test
-for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are
-not known (by gnutls) you should properly DER encode your data, and
-call this function with raw_flag set.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_set_version
address@hidden
address@hidden {int} {gnutls_x509_crq_set_version} (gnutls_x509_crq_t
@var{crq}, unsigned int @var{version})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: holds the version number. For v1 Requests must be 1.
-
-This function will set the version of the certificate request. For
-version 1 requests this must be one.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_get_version
address@hidden
address@hidden {int} {gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq})
address@hidden: should contain a gnutls_x509_crq_t structure
-
-This function will return the version of the specified Certificate request.
-
-Returns a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_set_key
address@hidden
address@hidden {int} {gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq},
gnutls_x509_privkey_t @var{key})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: holds a private key
-
-This function will set the public parameters from the given private key to the
-request. Only RSA keys are currently supported.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_set_challenge_password
address@hidden
address@hidden {int} {gnutls_x509_crq_set_challenge_password}
(gnutls_x509_crq_t @var{crq}, const char * @var{pass})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: holds a null terminated password
-
-This function will set a challenge password to be used when revoking the
request.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_sign2
address@hidden
address@hidden {int} {gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq},
gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned
int @var{flags})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: holds a private key
-
address@hidden: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice
unless you know what you're doing.
-
address@hidden: must be 0
-
-This function will sign the certificate request with a private key.
-This must be the same key as the one used in @code{gnutls_x509_crt_set_key()}
since a
-certificate request is self signed.
-
-This must be the last step in a certificate request generation since all
-the previously set parameters are now signed.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_sign
address@hidden
address@hidden {int} {gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq},
gnutls_x509_privkey_t @var{key})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: holds a private key
-
-This function is the same a @code{gnutls_x509_crq_sign2()} with no flags, and
-SHA1 as the hash algorithm.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_export
address@hidden
address@hidden {int} {gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq},
gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t *
@var{output_data_size})
address@hidden: Holds the request
-
address@hidden: the format of output params. One of PEM or DER.
-
address@hidden: will contain a certificate request PEM or DER encoded
-
address@hidden: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the certificate request to a PKCS10
-
-If the buffer provided is not long enough to hold the output, then
-GNUTLS_E_SHORT_MEMORY_BUFFER will be returned and
-*output_data_size will be updated.
-
-If the structure is PEM encoded, it will have a header of "BEGIN
-NEW CERTIFICATE REQUEST".
-
address@hidden value:} In case of failure a negative value will be
-returned, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crq_get_pk_algorithm
address@hidden
address@hidden {int} {gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t
@var{crq}, unsigned int * @var{bits})
address@hidden: should contain a gnutls_x509_crq_t structure
-
address@hidden: if bits is non null it will hold the size of the parameters' in
bits
-
-This function will return the public key algorithm of a PKCS address@hidden
-certificate request.
-
-If bits is non null, it should have enough size to hold the parameters
-size in bits. For RSA the bits returned is the modulus.
-For DSA the bits returned are of the public
-exponent.
-
-Returns a member of the gnutls_pk_algorithm_t enumeration on success,
-or a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_export_pkcs8
address@hidden
address@hidden {int} {gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t
@var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password},
unsigned int @var{flags}, void * @var{output_data}, size_t *
@var{output_data_size})
address@hidden: Holds the key
-
address@hidden: the format of output params. One of PEM or DER.
-
address@hidden: the password that will be used to encrypt the key.
-
address@hidden: an ORed sequence of gnutls_pkcs_encrypt_flags_t
-
address@hidden: will contain a private key PEM or DER encoded
-
address@hidden: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the private key to a PKCS8 structure.
-Both RSA and DSA keys can be exported. For DSA keys we use
-PKCS @code{11} definitions. If the flags do not specify the encryption
-cipher, then the default 3DES (PBES2) will be used.
-
-The @code{password} can be either ASCII or UTF-8 in the default PBES2
-encryption schemas, or ASCII for the PKCS12 schemas.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
-encryption is not used.
-
address@hidden value:} In case of failure a negative value will be
-returned, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_privkey_import_pkcs8
address@hidden
address@hidden {int} {gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t
@var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t
@var{format}, const char * @var{password}, unsigned int @var{flags})
address@hidden: The structure to store the parsed key
-
address@hidden: The DER or PEM encoded key.
-
address@hidden: One of DER or PEM
-
address@hidden: the password to decrypt the key (if it is encrypted).
-
address@hidden: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
-
-This function will convert the given DER or PEM encoded PKCS8 2.0 encrypted key
-to the native gnutls_x509_privkey_t format. The output will be stored in
@code{key}.
-Both RSA and DSA keys can be imported, and flags can only be used to indicate
-an unencrypted key.
-
-The @code{password} can be either ASCII or UTF-8 in the default PBES2
-encryption schemas, or ASCII for the PKCS12 schemas.
-
-If the Certificate is PEM encoded it should have a header of "ENCRYPTED
PRIVATE KEY",
-or "PRIVATE KEY". You only need to specify the flags if the key is DER
encoded, since
-in that case the encryption status cannot be auto-detected.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_init
address@hidden
address@hidden {int} {gnutls_pkcs12_init} (gnutls_pkcs12_t * @var{pkcs12})
address@hidden: The structure to be initialized
-
-This function will initialize a PKCS12 structure. PKCS12 structures
-usually contain lists of X.509 Certificates and X.509 Certificate
-revocation lists.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_deinit
address@hidden
address@hidden {void} {gnutls_pkcs12_deinit} (gnutls_pkcs12_t @var{pkcs12})
address@hidden: The structure to be initialized
-
-This function will deinitialize a PKCS12 structure.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_import
address@hidden
address@hidden {int} {gnutls_pkcs12_import} (gnutls_pkcs12_t @var{pkcs12},
const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned
int @var{flags})
address@hidden: The structure to store the parsed PKCS12.
-
address@hidden: The DER or PEM encoded PKCS12.
-
address@hidden: One of DER or PEM
-
address@hidden: an ORed sequence of gnutls_privkey_pkcs8_flags
-
-This function will convert the given DER or PEM encoded PKCS12
-to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'.
-
-If the PKCS12 is PEM encoded it should have a header of "PKCS12".
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_export
address@hidden
address@hidden {int} {gnutls_pkcs12_export} (gnutls_pkcs12_t @var{pkcs12},
gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t *
@var{output_data_size})
address@hidden: Holds the pkcs12 structure
-
address@hidden: the format of output params. One of PEM or DER.
-
address@hidden: will contain a structure PEM or DER encoded
-
address@hidden: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the pkcs12 structure to DER or PEM format.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER
-will be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN PKCS12".
-
address@hidden value:} In case of failure a negative value will be
-returned, and 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_get_bag
address@hidden
address@hidden {int} {gnutls_pkcs12_get_bag} (gnutls_pkcs12_t @var{pkcs12}, int
@var{indx}, gnutls_pkcs12_bag_t @var{bag})
address@hidden: should contain a gnutls_pkcs12_t structure
-
address@hidden: contains the index of the bag to extract
-
address@hidden: An initialized bag, where the contents of the bag will be copied
-
-This function will return a Bag from the PKCS12 structure.
-Returns 0 on success.
-
-After the last Bag has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
-will be returned.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_set_bag
address@hidden
address@hidden {int} {gnutls_pkcs12_set_bag} (gnutls_pkcs12_t @var{pkcs12},
gnutls_pkcs12_bag_t @var{bag})
address@hidden: should contain a gnutls_pkcs12_t structure
-
address@hidden: An initialized bag
-
-This function will insert a Bag into the PKCS12 structure.
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_generate_mac
address@hidden
address@hidden {int} {gnutls_pkcs12_generate_mac} (gnutls_pkcs12_t
@var{pkcs12}, const char * @var{pass})
address@hidden: should contain a gnutls_pkcs12_t structure
-
address@hidden: The password for the MAC
-
-This function will generate a MAC for the PKCS12 structure.
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_verify_mac
address@hidden
address@hidden {int} {gnutls_pkcs12_verify_mac} (gnutls_pkcs12_t @var{pkcs12},
const char * @var{pass})
address@hidden: should contain a gnutls_pkcs12_t structure
-
address@hidden: The password for the MAC
-
-This function will verify the MAC for the PKCS12 structure.
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_init
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_init} (gnutls_pkcs12_bag_t * @var{bag})
address@hidden: The structure to be initialized
-
-This function will initialize a PKCS12 bag structure. PKCS12 Bags
-usually contain private keys, lists of X.509 Certificates and X.509 Certificate
-revocation lists.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_deinit
address@hidden
address@hidden {void} {gnutls_pkcs12_bag_deinit} (gnutls_pkcs12_bag_t @var{bag})
address@hidden: The structure to be initialized
-
-This function will deinitialize a PKCS12 Bag structure.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_get_type
address@hidden
address@hidden {gnutls_pkcs12_bag_type_t} {gnutls_pkcs12_bag_get_type}
(gnutls_pkcs12_bag_t @var{bag}, int @var{indx})
address@hidden: The bag
-
address@hidden: The element of the bag to get the type
-
-This function will return the bag's type. One of the gnutls_pkcs12_bag_type_t
-enumerations.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_get_count
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_get_count} (gnutls_pkcs12_bag_t
@var{bag})
address@hidden: The bag
-
-This function will return the number of the elements withing the bag.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_get_data
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_get_data} (gnutls_pkcs12_bag_t
@var{bag}, int @var{indx}, gnutls_datum_t * @var{data})
address@hidden: The bag
-
address@hidden: The element of the bag to get the data from
-
address@hidden: where the bag's data will be. Should be treated as constant.
-
-This function will return the bag's data. The data is a constant
-that is stored into the bag. Should not be accessed after the bag
-is deleted.
-
-Returns 0 on success and a negative error code on error.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_set_data
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_set_data} (gnutls_pkcs12_bag_t
@var{bag}, gnutls_pkcs12_bag_type_t @var{type}, const gnutls_datum_t *
@var{data})
address@hidden: The bag
-
address@hidden: The data's type
-
address@hidden: the data to be copied.
-
-This function will insert the given data of the given type into the
-bag.
-
-Returns the index of the added bag on success, or a negative
-value on error.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_set_crt
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_set_crt} (gnutls_pkcs12_bag_t
@var{bag}, gnutls_x509_crt_t @var{crt})
address@hidden: The bag
-
address@hidden: the certificate to be copied.
-
-This function will insert the given certificate into the
-bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()}.
-
-Returns the index of the added bag on success, or a negative
-value on failure.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_set_crl
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_set_crl} (gnutls_pkcs12_bag_t
@var{bag}, gnutls_x509_crl_t @var{crl})
address@hidden: The bag
-
address@hidden: the CRL to be copied.
-
-This function will insert the given CRL into the
-bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()}.
-
-Returns the index of the added bag on success, or a negative
-value on failure.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_set_key_id
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_set_key_id} (gnutls_pkcs12_bag_t
@var{bag}, int @var{indx}, const gnutls_datum_t * @var{id})
address@hidden: The bag
-
address@hidden: The bag's element to add the id
-
address@hidden: the ID
-
-This function will add the given key ID, to the specified, by the index, bag
-element. The key ID will be encoded as a 'Local key identifier' bag attribute,
-which is usually used to distinguish the local private key and the certificate
pair.
-
-Returns 0 on success, or a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_get_key_id
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_get_key_id} (gnutls_pkcs12_bag_t
@var{bag}, int @var{indx}, gnutls_datum_t * @var{id})
address@hidden: The bag
-
address@hidden: The bag's element to add the id
-
address@hidden: where the ID will be copied (to be treated as const)
-
-This function will return the key ID, of the specified bag element.
-The key ID is usually used to distinguish the local private key and the
certificate pair.
-
-Returns 0 on success, or a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_get_friendly_name
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_get_friendly_name} (gnutls_pkcs12_bag_t
@var{bag}, int @var{indx}, char ** @var{name})
address@hidden: The bag
-
address@hidden: The bag's element to add the id
-
address@hidden: will hold a pointer to the name (to be treated as const)
-
-This function will return the friendly name, of the specified bag element.
-The key ID is usually used to distinguish the local private key and the
certificate pair.
-
-Returns 0 on success, or a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_set_friendly_name
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_set_friendly_name} (gnutls_pkcs12_bag_t
@var{bag}, int @var{indx}, const char * @var{name})
address@hidden: The bag
-
address@hidden: The bag's element to add the id
-
address@hidden: the name
-
-This function will add the given key friendly name, to the specified, by the
index, bag
-element. The name will be encoded as a 'Friendly name' bag attribute,
-which is usually used to set a user name to the local private key and the
certificate pair.
-
-Returns 0 on success, or a negative value on error.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_decrypt
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_decrypt} (gnutls_pkcs12_bag_t
@var{bag}, const char * @var{pass})
address@hidden: The bag
-
address@hidden: The password used for encryption. This can only be ASCII.
-
-This function will decrypt the given encrypted bag and return 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_pkcs12_bag_encrypt
address@hidden
address@hidden {int} {gnutls_pkcs12_bag_encrypt} (gnutls_pkcs12_bag_t
@var{bag}, const char * @var{pass}, unsigned int @var{flags})
address@hidden: The bag
-
address@hidden: The password used for encryption. This can only be ASCII.
-
address@hidden: should be one of gnutls_pkcs_encrypt_flags_t elements bitwise
or'd
-
-This function will encrypt the given bag and return 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_dn_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_set_dn_by_oid} (gnutls_x509_crt_t
@var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void *
@var{name}, unsigned int @var{sizeof_name})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: holds an Object Identifier in a null terminated string
-
address@hidden: must be 0, or 1 if the data are DER encoded
-
address@hidden: a pointer to the name
-
address@hidden: holds the size of @code{name}
-
-This function will set the part of the name of the Certificate subject,
specified
-by the given OID. The input string should be ASCII or UTF-8 encoded.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-With this function you can only set the known OIDs. You can test
-for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are
-not known (by gnutls) you should properly DER encode your data, and
-call this function with raw_flag set.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_issuer_dn_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_set_issuer_dn_by_oid} (gnutls_x509_crt_t
@var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void *
@var{name}, unsigned int @var{sizeof_name})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: holds an Object Identifier in a null terminated string
-
address@hidden: must be 0, or 1 if the data are DER encoded
-
address@hidden: a pointer to the name
-
address@hidden: holds the size of @code{name}
-
-This function will set the part of the name of the Certificate issuer,
specified
-by the given OID. The input string should be ASCII or UTF-8 encoded.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-With this function you can only set the known OIDs. You can test
-for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are
-not known (by gnutls) you should properly DER encode your data, and
-call this function with raw_flag set.
-
-Normally you do not need to call this function, since the signing
-operation will copy the signer's name as the issuer of the certificate.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_proxy_dn
address@hidden
address@hidden {int} {gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t
@var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const
void * @var{name}, unsigned int @var{sizeof_name})
address@hidden: a gnutls_x509_crt_t structure with the new proxy cert
-
address@hidden: the end entity certificate that will be issuing the proxy
-
address@hidden: must be 0, or 1 if the CN is DER encoded
-
address@hidden: a pointer to the CN name, may be NULL (but MUST then be added
later)
-
address@hidden: holds the size of @code{name}
-
-This function will set the subject in @code{crt} to the end entity's
address@hidden subject name, and add a single Common Name component @code{name}
-of size @code{sizeof_name}. This corresponds to the required proxy
-certificate naming style. Note that if @code{name} is @code{NULL}, you MUST
-set it later by using @code{gnutls_x509_crt_set_dn_by_oid()} or similar.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_version
address@hidden
address@hidden {int} {gnutls_x509_crt_set_version} (gnutls_x509_crt_t
@var{crt}, unsigned int @var{version})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: holds the version number. For X.509v1 certificates must be 1.
-
-This function will set the version of the certificate. This must
-be one for X.509 version 1, and so on. Plain certificates without
-extensions must have version set to one.
-
-To create well-formed certificates, you must specify version 3 if
-you use any certificate extensions. Extensions are created by
-functions such as gnutls_x509_crt_set_subject_alternative_name or
-gnutls_x509_crt_set_key_usage.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_key
address@hidden
address@hidden {int} {gnutls_x509_crt_set_key} (gnutls_x509_crt_t @var{crt},
gnutls_x509_privkey_t @var{key})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: holds a private key
-
-This function will set the public parameters from the given private key to the
-certificate. Only RSA keys are currently supported.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_crq
address@hidden
address@hidden {int} {gnutls_x509_crt_set_crq} (gnutls_x509_crt_t @var{crt},
gnutls_x509_crq_t @var{crq})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: holds a certificate request
-
-This function will set the name and public parameters from the given
certificate request to the
-certificate. Only RSA keys are currently supported.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_extension_by_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_set_extension_by_oid} (gnutls_x509_crt_t
@var{crt}, const char * @var{oid}, const void * @var{buf}, size_t
@var{sizeof_buf}, unsigned int @var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: holds an Object Identified in null terminated string
-
address@hidden: a pointer to a DER encoded data
-
address@hidden: holds the size of @code{buf}
-
address@hidden: should be non zero if the extension is to be marked as critical
-
-This function will set an the extension, by the specified OID, in the
certificate.
-The extension data should be binary data DER encoded.
-
-Returns 0 on success and a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_basic_constraints
address@hidden
address@hidden {int} {gnutls_x509_crt_set_basic_constraints} (gnutls_x509_crt_t
@var{crt}, unsigned int @var{ca}, int @var{pathLenConstraint})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: true(1) or false(0). Depending on the Certificate authority
status.
-
address@hidden: non-negative values indicate maximum length of path,
-and negative values indicate that the pathLenConstraints field should
-not be present.
-
-This function will set the basicConstraints certificate extension.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_ca_status
address@hidden
address@hidden {int} {gnutls_x509_crt_set_ca_status} (gnutls_x509_crt_t
@var{crt}, unsigned int @var{ca})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: true(1) or false(0). Depending on the Certificate authority
status.
-
-This function will set the basicConstraints certificate extension.
-Use @code{gnutls_x509_crt_set_basic_constraints()} if you want to control
-the pathLenConstraint field too.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_key_usage
address@hidden
address@hidden {int} {gnutls_x509_crt_set_key_usage} (gnutls_x509_crt_t
@var{crt}, unsigned int @var{usage})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: an ORed sequence of the GNUTLS_KEY_* elements.
-
-This function will set the keyUsage certificate extension.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_subject_alternative_name
address@hidden
address@hidden {int} {gnutls_x509_crt_set_subject_alternative_name}
(gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t
@var{type}, const char * @var{data_string})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: is one of the gnutls_x509_subject_alt_name_t enumerations
-
address@hidden: The data to be set
-
-This function will set the subject alternative name certificate extension.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_proxy
address@hidden
address@hidden {int} {gnutls_x509_crt_set_proxy} (gnutls_x509_crt_t @var{crt},
int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char *
@var{policy}, size_t @var{sizeof_policy})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: non-negative values indicate maximum length of path,
-and negative values indicate that the pathLenConstraints field should
-not be present.
-
address@hidden: OID describing the language of @code{policy}.
-
address@hidden: opaque byte array with policy language, can be @code{NULL}
-
address@hidden: size of @code{policy}.
-
-This function will set the proxyCertInfo extension.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_sign2
address@hidden
address@hidden {int} {gnutls_x509_crt_sign2} (gnutls_x509_crt_t @var{crt},
gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key},
gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: is the certificate of the certificate issuer
-
address@hidden: holds the issuer's private key
-
address@hidden: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice
unless you know what you're doing.
-
address@hidden: must be 0
-
-This function will sign the certificate with the issuer's private key, and
-will copy the issuer's information into the certificate.
-
-This must be the last step in a certificate generation since all
-the previously set parameters are now signed.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_sign
address@hidden
address@hidden {int} {gnutls_x509_crt_sign} (gnutls_x509_crt_t @var{crt},
gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: is the certificate of the certificate issuer
-
address@hidden: holds the issuer's private key
-
-This function is the same a @code{gnutls_x509_crt_sign2()} with no flags, and
-SHA1 as the hash algorithm.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_activation_time
address@hidden
address@hidden {int} {gnutls_x509_crt_set_activation_time} (gnutls_x509_crt_t
@var{cert}, time_t @var{act_time})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: The actual time
-
-This function will set the time this Certificate was or will be activated.
-
-Returns 0 on success, or a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_expiration_time
address@hidden
address@hidden {int} {gnutls_x509_crt_set_expiration_time} (gnutls_x509_crt_t
@var{cert}, time_t @var{exp_time})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: The actual time
-
-This function will set the time this Certificate will expire.
-
-Returns 0 on success, or a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_serial
address@hidden
address@hidden {int} {gnutls_x509_crt_set_serial} (gnutls_x509_crt_t
@var{cert}, const void * @var{serial}, size_t @var{serial_size})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: The serial number
-
address@hidden: Holds the size of the serial field.
-
-This function will set the X.509 certificate's serial number.
-Serial is not always a 32 or 64bit number. Some CAs use
-large serial numbers, thus it may be wise to handle it as something
-opaque.
-
-Returns 0 on success, or a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_crl_dist_points
address@hidden
address@hidden {int} {gnutls_x509_crt_set_crl_dist_points} (gnutls_x509_crt_t
@var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void *
@var{data_string}, unsigned int @var{reason_flags})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: is one of the gnutls_x509_subject_alt_name_t enumerations
-
address@hidden: The data to be set
-
address@hidden: revocation reasons
-
-This function will set the CRL distribution points certificate extension.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_cpy_crl_dist_points
address@hidden
address@hidden {int} {gnutls_x509_crt_cpy_crl_dist_points} (gnutls_x509_crt_t
@var{dst}, gnutls_x509_crt_t @var{src})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: the certificate where the dist points will be copied from
-
-This function will copy the CRL distribution points certificate
-extension, from the source to the destination certificate.
-This may be useful to copy from a CA certificate to issued ones.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_subject_key_id
address@hidden
address@hidden {int} {gnutls_x509_crt_set_subject_key_id} (gnutls_x509_crt_t
@var{cert}, const void * @var{id}, size_t @var{id_size})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: The key ID
-
address@hidden: Holds the size of the serial field.
-
-This function will set the X.509 certificate's subject key ID extension.
-
-Returns 0 on success, or a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_authority_key_id
address@hidden
address@hidden {int} {gnutls_x509_crt_set_authority_key_id} (gnutls_x509_crt_t
@var{cert}, const void * @var{id}, size_t @var{id_size})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: The key ID
-
address@hidden: Holds the size of the serial field.
-
-This function will set the X.509 certificate's authority key ID extension.
-Only the keyIdentifier field can be set with this function.
-
-Returns 0 on success, or a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_set_key_purpose_oid
address@hidden
address@hidden {int} {gnutls_x509_crt_set_key_purpose_oid} (gnutls_x509_crt_t
@var{cert}, const void * @var{oid}, unsigned int @var{critical})
address@hidden: should contain a gnutls_x509_crt_t structure
-
address@hidden: a pointer to a null terminated string that holds the OID
-
address@hidden: Whether this extension will be critical or not
-
-This function will set the key purpose OIDs of the Certificate.
-These are stored in the Extended Key Usage extension (2.5.29.37)
-See the GNUTLS_KP_* definitions for human readable names.
-
-Subsequent calls to this function will append OIDs to the OID list.
-
-On success 0 is returned.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_set_version
address@hidden
address@hidden {int} {gnutls_x509_crl_set_version} (gnutls_x509_crl_t
@var{crl}, unsigned int @var{version})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: holds the version number. For CRLv1 crls must be 1.
-
-This function will set the version of the CRL. This
-must be one for CRL version 1, and so on. The CRLs generated
-by gnutls should have a version number of 2.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_sign2
address@hidden
address@hidden {int} {gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl},
gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key},
gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: is the certificate of the certificate issuer
-
address@hidden: holds the issuer's private key
-
address@hidden: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice
unless you know what you're doing.
-
address@hidden: must be 0
-
-This function will sign the CRL with the issuer's private key, and
-will copy the issuer's information into the CRL.
-
-This must be the last step in a certificate CRL since all
-the previously set parameters are now signed.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_sign
address@hidden
address@hidden {int} {gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl},
gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: is the certificate of the certificate issuer
-
address@hidden: holds the issuer's private key
-
-This function is the same a @code{gnutls_x509_crl_sign2()} with no flags, and
-SHA1 as the hash algorithm.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_set_this_update
address@hidden
address@hidden {int} {gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t
@var{crl}, time_t @var{act_time})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: The actual time
-
-This function will set the time this CRL was issued.
-
-Returns 0 on success, or a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_set_next_update
address@hidden
address@hidden {int} {gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t
@var{crl}, time_t @var{exp_time})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: The actual time
-
-This function will set the time this CRL will be updated.
-
-Returns 0 on success, or a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_set_crt_serial
address@hidden
address@hidden {int} {gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t
@var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t
@var{revocation_time})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: The revoked certificate's serial number
-
address@hidden: Holds the size of the serial field.
-
address@hidden: The time this certificate was revoked
-
-This function will set a revoked certificate's serial number to the CRL.
-
-Returns 0 on success, or a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_set_crt
address@hidden
address@hidden {int} {gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl},
gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time})
address@hidden: should contain a gnutls_x509_crl_t structure
-
address@hidden: should contain a gnutls_x509_crt_t structure with the revoked
certificate
-
address@hidden: The time this certificate was revoked
-
-This function will set a revoked certificate's serial number to the CRL.
-
-Returns 0 on success, or a negative value in case of an error.
address@hidden deftypefun
-
address@hidden gnutls_x509_crt_print
address@hidden
address@hidden {int} {gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert},
gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
address@hidden: The structure to be printed
-
address@hidden: Indicate the format to use
-
address@hidden: Newly allocated datum with zero terminated string.
-
-This function will pretty print a X.509 certificate, suitable for
-display to a human.
-
-If the format is @code{GNUTLS_X509_CRT_FULL} then all fields of the
-certificate will be output, on multiple lines. The
address@hidden format will generate one line with some
-selected fields, which is useful for logging purposes.
-
-The output @code{out} needs to be deallocate using @code{gnutls_free()}.
-
-Returns 0 on success.
address@hidden deftypefun
-
address@hidden gnutls_x509_crl_print
address@hidden
address@hidden {int} {gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl},
gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
address@hidden: The structure to be printed
-
address@hidden: Indicate the format to use
-
address@hidden: Newly allocated datum with zero terminated string.
-
-This function will pretty print a X.509 certificate revocation
-list, suitable for display to a human.
-
-The output @code{out} needs to be deallocate using @code{gnutls_free()}.
-
-Returns 0 on success.
address@hidden deftypefun
-
Modified: libmicrohttpd/src/daemon/https/x509/x509.c
===================================================================
--- libmicrohttpd/src/daemon/https/x509/x509.c 2008-11-16 05:13:26 UTC (rev
7899)
+++ libmicrohttpd/src/daemon/https/x509/x509.c 2008-11-16 05:28:37 UTC (rev
7900)
@@ -328,88 +328,7 @@
}
-static int
-MHD__gnutls_x509_crt_get_raw_dn2 (MHD_gnutls_x509_crt_t cert,
- const char *whom,
- MHD_gnutls_datum_t * start)
-{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len1;
- int start1, end1;
- MHD_gnutls_datum_t signed_data = { NULL,
- 0
- };
-
- /* get the issuer of 'cert'
- */
- if ((result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (),
- "PKIX1.TBSCertificate",
- &c2)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
- &signed_data);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- result =
- MHD__asn1_der_decoding (&c2, signed_data.data, signed_data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&c2);
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- result =
- MHD__asn1_der_decoding_startEnd (c2, signed_data.data, signed_data.size,
- whom, &start1, &end1);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- len1 = end1 - start1 + 1;
-
- MHD__gnutls_set_datum (start, &signed_data.data[start1], len1);
-
- result = 0;
-
-cleanup:MHD__asn1_delete_structure (&c2);
- MHD__gnutls_free_datum (&signed_data);
- return result;
-}
-
/**
- * MHD_gnutls_x509_crt_get_raw_dn - This function returns the subject's DN DER
encoded
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @start: will hold the starting point of the DN
- *
- * This function will return a pointer to the DER encoded DN structure and
- * the length.
- *
- * Returns 0 on success, or a negative value on error.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_raw_dn (MHD_gnutls_x509_crt_t cert,
- MHD_gnutls_datum_t * start)
-{
- return MHD__gnutls_x509_crt_get_raw_dn2 (cert, "subject", start);
-}
-
-/**
* MHD_gnutls_x509_crt_export - This function will export the certificate
* @cert: Holds the certificate
* @format: the format of output params. One of PEM or DER.
Modified: libmicrohttpd/src/daemon/https/x509/x509.h
===================================================================
--- libmicrohttpd/src/daemon/https/x509/x509.h 2008-11-16 05:13:26 UTC (rev
7899)
+++ libmicrohttpd/src/daemon/https/x509/x509.h 2008-11-16 05:28:37 UTC (rev
7900)
@@ -193,8 +193,6 @@
format, MHD_gnutls_datum_t * out);
/* Access to internal Certificate fields.
*/
- int MHD_gnutls_x509_crt_get_raw_dn (MHD_gnutls_x509_crt_t cert,
- MHD_gnutls_datum_t * start);
typedef void *MHD_gnutls_x509_dn_t;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r7900 - in libmicrohttpd/src/daemon/https: . minitasn1 tls x509,
gnunet <=