commit 3e1bc57a79987fd7b39670f3dab340561cc5397f
parent cf9ed7910a034b8b38f982a499af0cd7a53754fc
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 16 Nov 2008 05:28:37 +0000
dce
Diffstat:
9 files changed, 0 insertions(+), 3515 deletions(-)
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
@@ -459,28 +459,6 @@ extern "C"
void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc);
void MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc);
- int MHD__gnutls_certificate_set_x509_trust_file (MHD_gtls_cert_credentials_t
- res, const char *CAFILE,
- MHD_gnutls_x509_crt_fmt_t
- type);
- int MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t
- res,
- const MHD_gnutls_datum_t *
- CA,
- MHD_gnutls_x509_crt_fmt_t
- type);
-
- int MHD__gnutls_certificate_set_x509_crl_file (MHD_gtls_cert_credentials_t
- res, const char *crlfile,
- MHD_gnutls_x509_crt_fmt_t
- type);
- int MHD__gnutls_certificate_set_x509_crl_mem (MHD_gtls_cert_credentials_t
- res,
- const MHD_gnutls_datum_t *
- CRL,
- MHD_gnutls_x509_crt_fmt_t
- type);
-
/*
* CERTFILE is an x509 certificate in PEM form.
* KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
diff --git a/src/daemon/https/minitasn1/libtasn1.h b/src/daemon/https/minitasn1/libtasn1.h
@@ -163,9 +163,6 @@ extern "C"
MHD__asn1_retCode MHD__asn1_read_value (ASN1_TYPE root, const char *name,
void *ivalue, int *len);
- MHD__asn1_retCode MHD__asn1_number_of_elements (ASN1_TYPE element,
- const char *name, int *num);
-
MHD__asn1_retCode MHD__asn1_der_coding (ASN1_TYPE element, const char *name,
void *ider, int *len,
char *ErrorDescription);
@@ -180,9 +177,6 @@ extern "C"
const char *name_element,
int *start, int *end);
- const char *MHD__asn1_find_structure_from_oid (ASN1_TYPE definitions,
- const char *oidValue);
-
/* DER utility functions. */
int MHD__asn1_get_tag_der (const unsigned char *der, int der_len,
diff --git a/src/daemon/https/minitasn1/structure.c b/src/daemon/https/minitasn1/structure.c
@@ -583,107 +583,3 @@ MHD__asn1_create_element (ASN1_TYPE definitions, const char *source_name,
return res;
}
-
-
-/**
- * MHD__asn1_number_of_elements - Counts the number of elements of a structure.
- * @element: pointer to the root of an ASN1 structure.
- * @name: the name of a sub-structure of ROOT.
- * @num: pointer to an integer where the result will be stored
- *
- * Counts the number of elements of a sub-structure called NAME with
- * names equal to "?1","?2", ...
- *
- * Returns:
- *
- * ASN1_SUCCESS: Creation OK.
- *
- * ASN1_ELEMENT_NOT_FOUND: NAME isn't known.
- *
- * ASN1_GENERIC_ERROR: Pointer num equal to NULL.
- *
- **/
-MHD__asn1_retCode
-MHD__asn1_number_of_elements (ASN1_TYPE element, const char *name, int *num)
-{
- node_asn *node, *p;
-
- if (num == NULL)
- return ASN1_GENERIC_ERROR;
-
- *num = 0;
-
- node = MHD__asn1_find_node (element, name);
- if (node == NULL)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p = node->down;
-
- while (p)
- {
- if ((p->name) && (p->name[0] == '?'))
- (*num)++;
- p = p->right;
- }
-
- return ASN1_SUCCESS;
-}
-
-
-/**
- * MHD__asn1_find_structure_from_oid - Locate structure defined by a specific OID.
- * @definitions: ASN1 definitions
- * @oidValue: value of the OID to search (e.g. "1.2.3.4").
- *
- * Search the structure that is defined just after an OID definition.
- *
- * Returns: NULL when OIDVALUE not found, otherwise the pointer to a
- * constant string that contains the element name defined just
- * after the OID.
- *
- **/
-const char *
-MHD__asn1_find_structure_from_oid (ASN1_TYPE definitions,
- const char *oidValue)
-{
- char definitionsName[MAX_NAME_SIZE], name[2 * MAX_NAME_SIZE + 1];
- char value[MAX_NAME_SIZE];
- ASN1_TYPE p;
- int len;
- MHD__asn1_retCode result;
-
- if ((definitions == ASN1_TYPE_EMPTY) || (oidValue == NULL))
- return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
-
-
- strcpy (definitionsName, definitions->name);
- strcat (definitionsName, ".");
-
- /* search the OBJECT_ID into definitions */
- p = definitions->down;
- while (p)
- {
- if ((type_field (p->type) == TYPE_OBJECT_ID) &&
- (p->type & CONST_ASSIGN))
- {
- strcpy (name, definitionsName);
- strcat (name, p->name);
-
- len = MAX_NAME_SIZE;
- result = MHD__asn1_read_value (definitions, name, value, &len);
-
- if ((result == ASN1_SUCCESS) && (!strcmp (oidValue, value)))
- {
- p = p->right;
- if (p == NULL) /* reach the end of ASN1 definitions */
- return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
-
- return p->name;
- }
- }
- p = p->right;
- }
-
- return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
-}
-
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c
@@ -546,69 +546,6 @@ MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t
return 0;
}
-static int
-generate_rdn_seq (MHD_gtls_cert_credentials_t res)
-{
- MHD_gnutls_datum_t tmp;
- int ret;
- unsigned size, i;
- opaque *pdata;
-
- /* Generate the RDN sequence
- * This will be sent to clients when a certificate
- * request message is sent.
- */
-
- /* FIXME: in case of a client it is not needed
- * to do that. This would save time and memory.
- * However we don't have that information available
- * here.
- */
-
- size = 0;
- for (i = 0; i < res->x509_ncas; i++)
- {
- if ((ret =
- MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- size += (2 + tmp.size);
- MHD__gnutls_free_datum (&tmp);
- }
-
- if (res->x509_rdn_sequence.data != NULL)
- MHD_gnutls_free (res->x509_rdn_sequence.data);
-
- res->x509_rdn_sequence.data = MHD_gnutls_malloc (size);
- if (res->x509_rdn_sequence.data == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
- res->x509_rdn_sequence.size = size;
-
- pdata = res->x509_rdn_sequence.data;
-
- for (i = 0; i < res->x509_ncas; i++)
- {
- if ((ret =
- MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0)
- {
- MHD__gnutls_free_datum (&res->x509_rdn_sequence);
- MHD_gnutls_assert ();
- return ret;
- }
-
- MHD_gtls_write_datum16 (pdata, tmp);
- pdata += (2 + tmp.size);
- MHD__gnutls_free_datum (&tmp);
- }
-
- return 0;
-}
-
/* Returns 0 if it's ok to use the enum MHD_GNUTLS_KeyExchangeAlgorithm with this
* certificate (uses the KeyUsage field).
*/
@@ -668,187 +605,3 @@ MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert,
-static int
-parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
- const opaque * input_cert, int input_cert_size)
-{
- int i, size;
- const opaque *ptr;
- MHD_gnutls_datum_t tmp;
- int ret, count;
-
- /* move to the certificate
- */
- ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr == NULL)
- ptr = memmem (input_cert, input_cert_size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
-
- if (ptr == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
- size = input_cert_size - (ptr - input_cert);
-
- i = *ncerts + 1;
- count = 0;
-
- do
- {
-
- *cert_list =
- (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list,
- i *
- sizeof
- (MHD_gnutls_x509_crt_t));
-
- if (*cert_list == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = MHD_gnutls_x509_crt_init (&cert_list[0][i - 1]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- tmp.data = (opaque *) ptr;
- tmp.size = size;
-
- ret =
- MHD_gnutls_x509_crt_import (cert_list[0][i - 1],
- &tmp, GNUTLS_X509_FMT_PEM);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- /* now we move ptr after the pem header
- */
- ptr++;
- size--;
- /* find the next certificate (if any)
- */
-
- if (size > 0)
- {
- char *ptr3;
-
- ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
- if (ptr3 == NULL)
- ptr3 = memmem (ptr, size,
- PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
-
- ptr = (const opaque *) ptr3;
- size = input_cert_size - (ptr - input_cert);
- }
- else
- ptr = NULL;
-
- i++;
- count++;
-
- }
- while (ptr != NULL);
-
- *ncerts = i - 1;
-
- return count;
-}
-
-/* Reads a DER encoded certificate list from memory and stores it to
- * a MHD_gnutls_cert structure.
- * returns the number of certificates parsed.
- */
-static int
-parse_der_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
- const void *input_cert, int input_cert_size)
-{
- int i;
- MHD_gnutls_datum_t tmp;
- int ret;
-
- i = *ncerts + 1;
-
- *cert_list =
- (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list,
- i *
- sizeof
- (MHD_gnutls_x509_crt_t));
-
- if (*cert_list == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- tmp.data = (opaque *) input_cert;
- tmp.size = input_cert_size;
-
- ret = MHD_gnutls_x509_crt_init (&cert_list[0][i - 1]);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- ret =
- MHD_gnutls_x509_crt_import (cert_list[0][i - 1], &tmp,
- GNUTLS_X509_FMT_DER);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- *ncerts = i;
-
- return 1; /* one certificate parsed */
-}
-
-/**
- * MHD__gnutls_certificate_set_x509_trust_mem - Used to add trusted CAs in a MHD_gtls_cert_credentials_t structure
- * @res: is an #MHD_gtls_cert_credentials_t structure.
- * @ca: is a list of trusted CAs or a DER certificate
- * @type: is DER or PEM
- *
- * This function adds the trusted CAs in order to verify client or
- * server certificates. In case of a client this is not required to
- * be called if the certificates are not verified using
- * MHD_gtls_certificate_verify_peers2(). This function may be called
- * multiple times.
- *
- * In case of a server the CAs set here will be sent to the client if
- * a certificate request is sent. This can be disabled using
- * MHD__gnutls_certificate_send_x509_rdn_sequence().
- *
- * Returns: the number of certificates processed or a negative value
- * on error.
- **/
-int
-MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t
- res,
- const MHD_gnutls_datum_t * ca,
- MHD_gnutls_x509_crt_fmt_t type)
-{
- int ret, ret2;
-
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas,
- ca->data, ca->size);
- else
- ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas,
- ca->data, ca->size);
-
- if ((ret2 = generate_rdn_seq (res)) < 0)
- return ret2;
-
- return ret;
-}
-
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c
@@ -446,108 +446,3 @@ MHD__gnutls_x509_get_pk_algorithm (ASN1_TYPE src,
return algo;
}
-/* Reads the DER signed data from the certificate and allocates space and
- * returns them into signed_data.
- */
-int
-MHD__gnutls_x509_get_signed_data (ASN1_TYPE src,
- const char *src_name,
- MHD_gnutls_datum_t * signed_data)
-{
- MHD_gnutls_datum_t der;
- int start, end, result;
-
- result = MHD__gnutls_x509_der_encode (src, "", &der, 0);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- /* Get the signed data
- */
- result = MHD__asn1_der_decoding_startEnd (src, der.data, der.size, src_name,
- &start, &end);
- if (result != ASN1_SUCCESS)
- {
- result = MHD_gtls_asn2err (result);
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- result =
- MHD__gnutls_set_datum (signed_data, &der.data[start], end - start + 1);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:MHD__gnutls_free_datum (&der);
-
- return result;
-}
-
-/* Reads the DER signature from the certificate and allocates space and
- * returns them into signed_data.
- */
-int
-MHD__gnutls_x509_get_signature (ASN1_TYPE src,
- const char *src_name,
- MHD_gnutls_datum_t * signature)
-{
- int bits, result, len;
-
- signature->data = NULL;
- signature->size = 0;
-
- /* Read the signature
- */
- bits = 0;
- result = MHD__asn1_read_value (src, src_name, NULL, &bits);
-
- if (result != ASN1_MEM_ERROR)
- {
- result = MHD_gtls_asn2err (result);
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- if (bits % 8 != 0)
- {
- MHD_gnutls_assert ();
- result = GNUTLS_E_CERTIFICATE_ERROR;
- goto cleanup;
- }
-
- len = bits / 8;
-
- signature->data = MHD_gnutls_malloc (len);
- if (signature->data == NULL)
- {
- MHD_gnutls_assert ();
- result = GNUTLS_E_MEMORY_ERROR;
- return result;
- }
-
- /* read the bit string of the signature
- */
- bits = len;
- result = MHD__asn1_read_value (src, src_name, signature->data, &bits);
-
- if (result != ASN1_SUCCESS)
- {
- result = MHD_gtls_asn2err (result);
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- signature->size = len;
-
- return 0;
-
-cleanup:return result;
-}
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h
@@ -81,9 +81,4 @@ int MHD__gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
int MHD__gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
ASN1_TYPE src, const char *src_name);
-int MHD__gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
- MHD_gnutls_datum_t * signed_data);
-int MHD__gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
- MHD_gnutls_datum_t * signature);
-
#endif
diff --git a/src/daemon/https/x509/x509-api.texi b/src/daemon/https/x509/x509-api.texi
@@ -1,2943 +0,0 @@
-
-@subheading gnutls_x509_crl_init
-@anchor{gnutls_x509_crl_init}
-@deftypefun {int} {gnutls_x509_crl_init} (gnutls_x509_crl_t * @var{crl})
-@var{crl}: The structure to be initialized
-
-This function will initialize a CRL structure. CRL stands for
-Certificate Revocation List. A revocation list usually contains
-lists of certificate serial numbers that have been revoked
-by an Authority. The revocation lists are always signed with
-the authority's private key.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crl_deinit
-@anchor{gnutls_x509_crl_deinit}
-@deftypefun {void} {gnutls_x509_crl_deinit} (gnutls_x509_crl_t @var{crl})
-@var{crl}: The structure to be initialized
-
-This function will deinitialize a CRL structure.
-@end deftypefun
-
-@subheading gnutls_x509_crl_import
-@anchor{gnutls_x509_crl_import}
-@deftypefun {int} {gnutls_x509_crl_import} (gnutls_x509_crl_t @var{crl}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
-@var{crl}: The structure to store the parsed CRL.
-
-@var{data}: The DER or PEM encoded CRL.
-
-@var{format}: One of DER or PEM
-
-This function will convert the given DER or PEM encoded CRL
-to the native gnutls_x509_crl_t format. The output will be stored in 'crl'.
-
-If the CRL is PEM encoded it should have a header of "X509 CRL".
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crl_get_issuer_dn
-@anchor{gnutls_x509_crl_get_issuer_dn}
-@deftypefun {int} {gnutls_x509_crl_get_issuer_dn} (const gnutls_x509_crl_t @var{crl}, char * @var{buf}, size_t * @var{sizeof_buf})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{buf}: a pointer to a structure to hold the peer's name (may be null)
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-This function will copy the name of the CRL issuer in the provided buffer. The name
-will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output
-string will be ASCII or UTF-8 encoded, depending on the certificate data.
-
-If buf is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and
-in that case the sizeof_buf will be updated with the required size, and
-0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crl_get_issuer_dn_by_oid
-@anchor{gnutls_x509_crl_get_issuer_dn_by_oid}
-@deftypefun {int} {gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t @var{crl}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{oid}: holds an Object Identified in null terminated string
-
-@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
-
-@var{raw_flag}: If non zero returns the raw DER data of the DN part.
-
-@var{buf}: a pointer to a structure to hold the peer's name (may be null)
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-This function will extract the part of the name of the CRL issuer specified
-by the given OID. The output will be encoded as described in RFC2253. The output
-string will be ASCII or UTF-8 encoded, depending on the certificate data.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-If raw flag is zero, this function will only return known OIDs as text. Other OIDs
-will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix.
-You can check about known OIDs using @code{gnutls_x509_dn_oid_known()}.
-
-If buf is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and
-in that case the sizeof_buf will be updated with the required size,
-and 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crl_get_dn_oid
-@anchor{gnutls_x509_crl_get_dn_oid}
-@deftypefun {int} {gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{indx}: Specifies which DN OID to send. Use zero to get the first one.
-
-@var{oid}: a pointer to a structure to hold the name (may be null)
-
-@var{sizeof_oid}: initially holds the size of 'oid'
-
-This function will extract the requested OID of the name of the CRL issuer, specified
-by the given index.
-
-If oid is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and
-in that case the sizeof_oid will be updated with the required size.
-On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crl_get_signature_algorithm
-@anchor{gnutls_x509_crl_get_signature_algorithm}
-@deftypefun {int} {gnutls_x509_crl_get_signature_algorithm} (gnutls_x509_crl_t @var{crl})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-This function will return a value of the gnutls_sign_algorithm_t enumeration that
-is the signature algorithm.
-
-Returns a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_crl_get_signature
-@anchor{gnutls_x509_crl_get_signature}
-@deftypefun {int} {gnutls_x509_crl_get_signature} (gnutls_x509_crl_t @var{crl}, char * @var{sig}, size_t * @var{sizeof_sig})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{sig}: a pointer where the signature part will be copied (may be null).
-
-@var{sizeof_sig}: initially holds the size of @code{sig}
-
-This function will extract the signature field of a CRL.
-
-Returns 0 on success, and a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_crl_get_version
-@anchor{gnutls_x509_crl_get_version}
-@deftypefun {int} {gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-This function will return the version of the specified CRL.
-
-Returns a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_crl_get_this_update
-@anchor{gnutls_x509_crl_get_this_update}
-@deftypefun {time_t} {gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t @var{crl})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-This function will return the time this CRL was issued.
-
-Returns (time_t)-1 on error.
-@end deftypefun
-
-@subheading gnutls_x509_crl_get_next_update
-@anchor{gnutls_x509_crl_get_next_update}
-@deftypefun {time_t} {gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t @var{crl})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-This function will return the time the next CRL will be issued.
-This field is optional in a CRL so it might be normal to get
-an error instead.
-
-Returns (time_t)-1 on error.
-@end deftypefun
-
-@subheading gnutls_x509_crl_get_crt_count
-@anchor{gnutls_x509_crl_get_crt_count}
-@deftypefun {int} {gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t @var{crl})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-This function will return the number of revoked certificates in the
-given CRL.
-
-Returns a negative value on failure.
-@end deftypefun
-
-@subheading gnutls_x509_crl_get_crt_serial
-@anchor{gnutls_x509_crl_get_crt_serial}
-@deftypefun {int} {gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t @var{crl}, int @var{indx}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{indx}: the index of the certificate to extract (starting from 0)
-
-@var{serial}: where the serial number will be copied
-
-@var{serial_size}: initially holds the size of serial
-
-@var{t}: if non null, will hold the time this certificate was revoked
-
-This function will return the serial number of the specified, by
-the index, revoked certificate.
-
-Returns a negative value on failure.
-@end deftypefun
-
-@subheading gnutls_x509_crl_export
-@anchor{gnutls_x509_crl_export}
-@deftypefun {int} {gnutls_x509_crl_export} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
-@var{crl}: Holds the revocation list
-
-@var{format}: the format of output params. One of PEM or DER.
-
-@var{output_data}: will contain a private key PEM or DER encoded
-
-@var{output_data_size}: holds the size of output_data (and will be replaced by the actual size of parameters)
-
-This function will export the revocation list to DER or PEM format.
-
-If the buffer provided is not long enough to hold the output, then
-GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN X509 CRL".
-
-Returns 0 on success, and a negative value on failure.
-@end deftypefun
-
-@subheading gnutls_x509_rdn_get
-@anchor{gnutls_x509_rdn_get}
-@deftypefun {int} {gnutls_x509_rdn_get} (const gnutls_datum_t * @var{idn}, char * @var{buf}, size_t * @var{sizeof_buf})
-@var{idn}: should contain a DER encoded RDN sequence
-
-@var{buf}: a pointer to a structure to hold the peer's name
-
-@var{sizeof_buf}: holds the size of @code{buf}
-
-This function will return the name of the given RDN sequence. The
-name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in
-RFC2253.
-
-If the provided buffer is not long enough, returns
-GNUTLS_E_SHORT_MEMORY_BUFFER and *sizeof_buf will be updated. On
-success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_rdn_get_by_oid
-@anchor{gnutls_x509_rdn_get_by_oid}
-@deftypefun {int} {gnutls_x509_rdn_get_by_oid} (const gnutls_datum_t * @var{idn}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
-@var{idn}: should contain a DER encoded RDN sequence
-
-@var{oid}: an Object Identifier
-
-@var{indx}: In case multiple same OIDs exist in the RDN indicates which
-to send. Use 0 for the first one.
-
-@var{raw_flag}: If non zero then the raw DER data are returned.
-
-@var{buf}: a pointer to a structure to hold the peer's name
-
-@var{sizeof_buf}: holds the size of @code{buf}
-
-This function will return the name of the given Object identifier,
-of the RDN sequence. The name will be encoded using the rules
-from RFC2253.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER and updates *sizeof_buf if
-the provided buffer is not long enough, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_rdn_get_oid
-@anchor{gnutls_x509_rdn_get_oid}
-@deftypefun {int} {gnutls_x509_rdn_get_oid} (const gnutls_datum_t * @var{idn}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf})
-@var{idn}: should contain a DER encoded RDN sequence
-
-@var{indx}: Indicates which OID to return. Use 0 for the first one.
-
-This function will return the specified Object identifier, of the
-RDN sequence.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER and updates *sizeof_buf if
-the provided buffer is not long enough, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_dn_oid_known
-@anchor{gnutls_x509_dn_oid_known}
-@deftypefun {int} {gnutls_x509_dn_oid_known} (const char * @var{oid})
-@var{oid}: holds an Object Identifier in a null terminated string
-
-This function will inform about known DN OIDs. This is useful since functions
-like @code{gnutls_x509_crt_set_dn_by_oid()} use the information on known
-OIDs to properly encode their input. Object Identifiers that are not
-known are not encoded by these functions, and their input is stored directly
-into the ASN.1 structure. In that case of unknown OIDs, you have
-the responsibility of DER encoding your data.
-
-Returns 1 on known OIDs and 0 otherwise.
-@end deftypefun
-
-@subheading gnutls_x509_crt_init
-@anchor{gnutls_x509_crt_init}
-@deftypefun {int} {gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert})
-@var{cert}: The structure to be initialized
-
-This function will initialize an X.509 certificate structure.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_deinit
-@anchor{gnutls_x509_crt_deinit}
-@deftypefun {void} {gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert})
-@var{cert}: The structure to be initialized
-
-This function will deinitialize a CRL structure.
-@end deftypefun
-
-@subheading gnutls_x509_crt_import
-@anchor{gnutls_x509_crt_import}
-@deftypefun {int} {gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
-@var{cert}: The structure to store the parsed certificate.
-
-@var{data}: The DER or PEM encoded certificate.
-
-@var{format}: One of DER or PEM
-
-This function will convert the given DER or PEM encoded Certificate
-to the native gnutls_x509_crt_t format. The output will be stored in @code{cert}.
-
-If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or
-"CERTIFICATE".
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_issuer_dn
-@anchor{gnutls_x509_crt_get_issuer_dn}
-@deftypefun {int} {gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{sizeof_buf})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{buf}: a pointer to a structure to hold the name (may be null)
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-This function will copy the name of the Certificate issuer in the
-provided buffer. The name will be in the form
-"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
-will be ASCII or UTF-8 encoded, depending on the certificate data.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_issuer_dn_by_oid
-@anchor{gnutls_x509_crt_get_issuer_dn_by_oid}
-@deftypefun {int} {gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{oid}: holds an Object Identified in null terminated string
-
-@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
-
-@var{raw_flag}: If non zero returns the raw DER data of the DN part.
-
-@var{buf}: a pointer to a structure to hold the name (may be null)
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-This function will extract the part of the name of the Certificate
-issuer specified by the given OID. The output, if the raw flag is not
-used, will be encoded as described in RFC2253. Thus a string that is
-ASCII or UTF-8 encoded, depending on the certificate data.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-If raw flag is zero, this function will only return known OIDs as
-text. Other OIDs will be DER encoded, as described in RFC2253 --
-in hex format with a '\#' prefix. You can check about known OIDs
-using @code{gnutls_x509_dn_oid_known()}.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_issuer_dn_oid
-@anchor{gnutls_x509_crt_get_issuer_dn_oid}
-@deftypefun {int} {gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{indx}: This specifies which OID to return. Use zero to get the first one.
-
-@var{oid}: a pointer to a buffer to hold the OID (may be null)
-
-@var{sizeof_oid}: initially holds the size of @code{oid}
-
-This function will extract the OIDs of the name of the Certificate
-issuer specified by the given index.
-
-If @code{oid} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_oid will be updated with
-the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_dn
-@anchor{gnutls_x509_crt_get_dn}
-@deftypefun {int} {gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{sizeof_buf})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{buf}: a pointer to a structure to hold the name (may be null)
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-This function will copy the name of the Certificate in the
-provided buffer. The name will be in the form
-"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
-will be ASCII or UTF-8 encoded, depending on the certificate data.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_dn_by_oid
-@anchor{gnutls_x509_crt_get_dn_by_oid}
-@deftypefun {int} {gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{oid}: holds an Object Identified in null terminated string
-
-@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
-
-@var{raw_flag}: If non zero returns the raw DER data of the DN part.
-
-@var{buf}: a pointer where the DN part will be copied (may be null).
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-This function will extract the part of the name of the Certificate
-subject specified by the given OID. The output, if the raw flag is not
-used, will be encoded as described in RFC2253. Thus a string that is
-ASCII or UTF-8 encoded, depending on the certificate data.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-If raw flag is zero, this function will only return known OIDs as
-text. Other OIDs will be DER encoded, as described in RFC2253 --
-in hex format with a '\#' prefix. You can check about known OIDs
-using @code{gnutls_x509_dn_oid_known()}.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_dn_oid
-@anchor{gnutls_x509_crt_get_dn_oid}
-@deftypefun {int} {gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{indx}: This specifies which OID to return. Use zero to get the first one.
-
-@var{oid}: a pointer to a buffer to hold the OID (may be null)
-
-@var{sizeof_oid}: initially holds the size of @code{oid}
-
-This function will extract the OIDs of the name of the Certificate
-subject specified by the given index.
-
-If oid is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_oid will be updated with
-the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_signature_algorithm
-@anchor{gnutls_x509_crt_get_signature_algorithm}
-@deftypefun {int} {gnutls_x509_crt_get_signature_algorithm} (gnutls_x509_crt_t @var{cert})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-This function will return a value of the gnutls_sign_algorithm_t enumeration that
-is the signature algorithm.
-
-Returns a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_signature
-@anchor{gnutls_x509_crt_get_signature}
-@deftypefun {int} {gnutls_x509_crt_get_signature} (gnutls_x509_crt_t @var{cert}, char * @var{sig}, size_t * @var{sizeof_sig})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{sig}: a pointer where the signature part will be copied (may be null).
-
-@var{sizeof_sig}: initially holds the size of @code{sig}
-
-This function will extract the signature field of a certificate.
-
-Returns 0 on success, and a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_version
-@anchor{gnutls_x509_crt_get_version}
-@deftypefun {int} {gnutls_x509_crt_get_version} (gnutls_x509_crt_t @var{cert})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-This function will return the version of the specified Certificate.
-
-Returns a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_activation_time
-@anchor{gnutls_x509_crt_get_activation_time}
-@deftypefun {time_t} {gnutls_x509_crt_get_activation_time} (gnutls_x509_crt_t @var{cert})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-This function will return the time this Certificate was or will be activated.
-
-Returns (time_t)-1 on error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_expiration_time
-@anchor{gnutls_x509_crt_get_expiration_time}
-@deftypefun {time_t} {gnutls_x509_crt_get_expiration_time} (gnutls_x509_crt_t @var{cert})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-This function will return the time this Certificate was or will be expired.
-
-Returns (time_t)-1 on error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_serial
-@anchor{gnutls_x509_crt_get_serial}
-@deftypefun {int} {gnutls_x509_crt_get_serial} (gnutls_x509_crt_t @var{cert}, void * @var{result}, size_t * @var{result_size})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{result}: The place where the serial number will be copied
-
-@var{result_size}: Holds the size of the result field.
-
-This function will return the X.509 certificate's serial number.
-This is obtained by the X509 Certificate serialNumber
-field. Serial is not always a 32 or 64bit number. Some CAs use
-large serial numbers, thus it may be wise to handle it as something
-opaque.
-
-Returns 0 on success and a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_subject_key_id
-@anchor{gnutls_x509_crt_get_subject_key_id}
-@deftypefun {int} {gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{ret}: The place where the identifier will be copied
-
-@var{ret_size}: Holds the size of the result field.
-
-@var{critical}: will be non zero if the extension is marked as critical (may be null)
-
-This function will return the X.509v3 certificate's subject key identifier.
-This is obtained by the X.509 Subject Key identifier extension
-field (2.5.29.14).
-
-Returns 0 on success and a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_authority_key_id
-@anchor{gnutls_x509_crt_get_authority_key_id}
-@deftypefun {int} {gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{critical}: will be non zero if the extension is marked as critical (may be null)
-
-This function will return the X.509v3 certificate authority's key identifier.
-This is obtained by the X.509 Authority Key identifier extension
-field (2.5.29.35). Note that this function only returns the keyIdentifier
-field of the extension.
-
-Returns 0 on success and a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_pk_algorithm
-@anchor{gnutls_x509_crt_get_pk_algorithm}
-@deftypefun {int} {gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{bits})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{bits}: if bits is non null it will hold the size of the parameters' in bits
-
-This function will return the public key algorithm of an X.509
-certificate.
-
-If bits is non null, it should have enough size to hold the parameters
-size in bits. For RSA the bits returned is the modulus.
-For DSA the bits returned are of the public
-exponent.
-
-Returns a member of the gnutls_pk_algorithm_t enumeration on success,
-or a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_subject_alt_name
-@anchor{gnutls_x509_crt_get_subject_alt_name}
-@deftypefun {int} {gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
-
-@var{ret}: is the place where the alternative name will be copied to
-
-@var{ret_size}: holds the size of ret.
-
-@var{critical}: will be non zero if the extension is marked as critical (may be null)
-
-This function will return the alternative names, contained in the
-given certificate.
-
-This is specified in X509v3 Certificate Extensions. GNUTLS will
-return the Alternative name (2.5.29.17), or a negative error code.
-
-When the SAN type is otherName, it will extract the data in the
-otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned.
-You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get
-the corresponding OID and the "virtual" SAN types (e.g.,
-@code{GNUTLS_SAN_OTHERNAME_XMPP}).
-
-If an otherName OID is known, the data will be decoded. Otherwise
-the returned data will be DER encoded, and you will have to decode
-it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is
-recognized.
-
-Returns the alternative subject name type on success. The type is
-one of the enumerated gnutls_x509_subject_alt_name_t. It will
-return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large
-enough to hold the value. In that case @code{ret_size} will be updated
-with the required size. If the certificate does not have an
-Alternative name with the specified sequence number then
-@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_subject_alt_name2
-@anchor{gnutls_x509_crt_get_subject_alt_name2}
-@deftypefun {int} {gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int* @var{ret_type}, unsigned int * @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
-
-@var{ret}: is the place where the alternative name will be copied to
-
-@var{ret_size}: holds the size of ret.
-
-@var{ret_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).
-
-@var{critical}: will be non zero if the extension is marked as critical (may be null)
-
-This function will return the alternative names, contained in the
-given certificate. It is the same as @code{gnutls_x509_crt_get_subject_alt_name()}
-except for the fact that it will return the type of the alternative
-name in @code{ret_type} even if the function fails for some reason (i.e.
-the buffer provided is not enough).
-
-The return values are the same as with @code{gnutls_x509_crt_get_subject_alt_name()}.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_subject_alt_othername_oid
-@anchor{gnutls_x509_crt_get_subject_alt_othername_oid}
-@deftypefun {int} {gnutls_x509_crt_get_subject_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
-
-@var{ret}: is the place where the otherName OID will be copied to
-
-@var{ret_size}: holds the size of ret.
-
-This function will extract the type OID of an otherName Subject
-Alternative Name, contained in the given certificate, and return
-the type as an enumerated element.
-
-This function is only useful if
-@code{gnutls_x509_crt_get_subject_alt_name()} returned
-@code{GNUTLS_SAN_OTHERNAME}.
-
-Returns the alternative subject name type on success. The type is
-one of the enumerated gnutls_x509_subject_alt_name_t. For
-supported OIDs, it will return one of the virtual
-(GNUTLS_SAN_OTHERNAME_*) types, e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP},
-and @code{GNUTLS_SAN_OTHERNAME} for unknown OIDs. It will return
-@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough to
-hold the value. In that case @code{ret_size} will be updated with the
-required size. If the certificate does not have an Alternative
-name with the specified sequence number and with the otherName type
-then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_basic_constraints
-@anchor{gnutls_x509_crt_get_basic_constraints}
-@deftypefun {int} {gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{ca}, int * @var{pathlen})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{critical}: will be non zero if the extension is marked as critical
-
-@var{ca}: pointer to output integer indicating CA status, may be NULL,
-value is 1 if the certificate CA flag is set, 0 otherwise.
-
-@var{pathlen}: pointer to output integer indicating path length (may be
-NULL), non-negative values indicate a present pathLenConstraint
-field and the actual value, -1 indicate that the field is absent.
-
-This function will read the certificate's basic constraints, and
-return the certificates CA status. It reads the basicConstraints
-X.509 extension (2.5.29.19).
-
-@strong{Return value:} If the certificate is a CA a positive value will be
-returned, or zero if the certificate does not have CA flag set. A
-negative value may be returned in case of errors. If the
-certificate does not contain the basicConstraints extension
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_ca_status
-@anchor{gnutls_x509_crt_get_ca_status}
-@deftypefun {int} {gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{critical}: will be non zero if the extension is marked as critical
-
-This function will return certificates CA status, by reading the
-basicConstraints X.509 extension (2.5.29.19). If the certificate is
-a CA a positive value will be returned, or zero if the certificate
-does not have CA flag set.
-
-Use @code{gnutls_x509_crt_get_basic_constraints()} if you want to read the
-pathLenConstraint field too.
-
-A negative value may be returned in case of parsing error.
-If the certificate does not contain the basicConstraints extension
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_key_usage
-@anchor{gnutls_x509_crt_get_key_usage}
-@deftypefun {int} {gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{key_usage}: where the key usage bits will be stored
-
-@var{critical}: will be non zero if the extension is marked as critical
-
-This function will return certificate's key usage, by reading the
-keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the:
-GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION,
-GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT,
-GNUTLS_KEY_KEY_AGREEMENT, GNUTLS_KEY_KEY_CERT_SIGN,
-GNUTLS_KEY_CRL_SIGN, GNUTLS_KEY_ENCIPHER_ONLY,
-GNUTLS_KEY_DECIPHER_ONLY.
-
-A negative value may be returned in case of parsing error.
-If the certificate does not contain the keyUsage extension
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_proxy
-@anchor{gnutls_x509_crt_get_proxy}
-@deftypefun {int} {gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{critical}: will be non zero if the extension is marked as critical
-
-@var{pathlen}: pointer to output integer indicating path length (may be
-NULL), non-negative values indicate a present pCPathLenConstraint
-field and the actual value, -1 indicate that the field is absent.
-
-This function will read the certificate's basic constraints, and
-return the certificates CA status. It reads the basicConstraints
-X.509 extension (2.5.29.19).
-
-@strong{Return value:} If the certificate is a CA a positive value will be
-returned, or zero if the certificate does not have CA flag set. A
-negative value may be returned in case of errors. If the
-certificate does not contain the basicConstraints extension
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_extension_by_oid
-@anchor{gnutls_x509_crt_get_extension_by_oid}
-@deftypefun {int} {gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf}, unsigned int * @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{oid}: holds an Object Identified in null terminated string
-
-@var{indx}: In case multiple same OIDs exist in the extensions, this specifies which to send. Use zero to get the first one.
-
-@var{buf}: a pointer to a structure to hold the name (may be null)
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-@var{critical}: will be non zero if the extension is marked as critical
-
-This function will return the extension specified by the OID in the certificate.
-The extensions will be returned as binary data DER encoded, in the provided
-buffer.
-
-A negative value may be returned in case of parsing error.
-If the certificate does not contain the specified extension
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_extension_oid
-@anchor{gnutls_x509_crt_get_extension_oid}
-@deftypefun {int} {gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{indx}: Specifies which extension OID to send. Use zero to get the first one.
-
-@var{oid}: a pointer to a structure to hold the OID (may be null)
-
-@var{sizeof_oid}: initially holds the size of @code{oid}
-
-This function will return the requested extension OID in the certificate.
-The extension OID will be stored as a string in the provided buffer.
-
-A negative value may be returned in case of parsing error.
-If your have reached the last extension available
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_extension_info
-@anchor{gnutls_x509_crt_get_extension_info}
-@deftypefun {int} {gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, int * @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{indx}: Specifies which extension OID to send. Use zero to get the first one.
-
-@var{oid}: a pointer to a structure to hold the OID
-
-@var{sizeof_oid}: initially holds the size of @code{oid}
-
-@var{critical}: output variable with critical flag, may be NULL.
-
-This function will return the requested extension OID in the
-certificate, and the critical flag for it. The extension OID will
-be stored as a string in the provided buffer. Use
-@code{gnutls_x509_crt_get_extension_data()} to extract the data.
-
-Return 0 on success. A negative value may be returned in case of
-parsing error. If you have reached the last extension available
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_extension_data
-@anchor{gnutls_x509_crt_get_extension_data}
-@deftypefun {int} {gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{indx}: Specifies which extension OID to send. Use zero to get the first one.
-
-@var{data}: a pointer to a structure to hold the data (may be null)
-
-@var{sizeof_data}: initially holds the size of @code{oid}
-
-This function will return the requested extension data in the
-certificate. The extension data will be stored as a string in the
-provided buffer.
-
-Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID and
-critical flag. Use @code{gnutls_x509_crt_get_extension_by_oid()} instead,
-if you want to get data indexed by the extension OID rather than
-sequence.
-
-Return 0 on success. A negative value may be returned in case of
-parsing error. If you have reached the last extension available
-GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_raw_issuer_dn
-@anchor{gnutls_x509_crt_get_raw_issuer_dn}
-@deftypefun {int} {gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{start})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{start}: will hold the starting point of the DN
-
-This function will return a pointer to the DER encoded DN structure
-and the length.
-
-Returns 0 on success or a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_raw_dn
-@anchor{gnutls_x509_crt_get_raw_dn}
-@deftypefun {int} {gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{start})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{start}: will hold the starting point of the DN
-
-This function will return a pointer to the DER encoded DN structure and
-the length.
-
-Returns 0 on success, or a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_subject
-@anchor{gnutls_x509_crt_get_subject}
-@deftypefun {int} {gnutls_x509_crt_get_subject} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{dn}: output variable with pointer to opaque DN.
-
-Return the Certificate's Subject DN as an opaque data type. You
-may use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN.
-
-@strong{Returns:} Returns 0 on success, or an error code.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_issuer
-@anchor{gnutls_x509_crt_get_issuer}
-@deftypefun {int} {gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{dn}: output variable with pointer to opaque DN
-
-Return the Certificate's Issuer DN as an opaque data type. You may
-use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN.
-
-Note that @code{dn} points into the @code{cert} object, and thus you may not
-deallocate @code{cert} and continue to access @code{dn}.
-
-@strong{Returns:} Returns 0 on success, or an error code.
-@end deftypefun
-
-@subheading gnutls_x509_dn_get_rdn_ava
-@anchor{gnutls_x509_dn_get_rdn_ava}
-@deftypefun {int} {gnutls_x509_dn_get_rdn_ava} (gnutls_x509_dn_t @var{dn}, int @var{irdn}, int @var{iava}, gnutls_x509_ava_st * @var{ava})
-@var{dn}: input variable with opaque DN pointer
-
-@var{irdn}: index of RDN
-
-@var{iava}: index of AVA.
-
-@var{ava}: Pointer to structure which will hold output information.
-
-Get pointers to data within the DN.
-
-Note that @code{ava} will contain pointers into the @code{dn} structure, so you
-should not modify any data or deallocate it. Note also that the DN
-in turn points into the original certificate structure, and thus
-you may not deallocate the certificate and continue to access @code{dn}.
-
-@strong{Returns:} Returns 0 on success, or an error code.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_fingerprint
-@anchor{gnutls_x509_crt_get_fingerprint}
-@deftypefun {int} {gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t @var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t * @var{sizeof_buf})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{algo}: is a digest algorithm
-
-@var{buf}: a pointer to a structure to hold the fingerprint (may be null)
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-This function will calculate and copy the certificate's fingerprint
-in the provided buffer.
-
-If the buffer is null then only the size will be filled.
-
-@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
-not long enough, and in that case the *sizeof_buf will be updated
-with the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_export
-@anchor{gnutls_x509_crt_export}
-@deftypefun {int} {gnutls_x509_crt_export} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
-@var{cert}: Holds the certificate
-
-@var{format}: the format of output params. One of PEM or DER.
-
-@var{output_data}: will contain a certificate PEM or DER encoded
-
-@var{output_data_size}: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the certificate to DER or PEM format.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN CERTIFICATE".
-
-@strong{Return value:} In case of failure a negative value will be
-returned, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_key_id
-@anchor{gnutls_x509_crt_get_key_id}
-@deftypefun {int} {gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})
-@var{crt}: Holds the certificate
-
-@var{flags}: should be 0 for now
-
-@var{output_data}: will contain the key ID
-
-@var{output_data_size}: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will return a unique ID the depends on the public
-key parameters. This ID can be used in checking whether a
-certificate corresponds to the given private key.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned. The output will normally be a SHA-1 hash output,
-which is 20 bytes.
-
-@strong{Return value:} In case of failure a negative value will be
-returned, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_check_revocation
-@anchor{gnutls_x509_crt_check_revocation}
-@deftypefun {int} {gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_length})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{crl_list}: should contain a list of gnutls_x509_crl_t structures
-
-@var{crl_list_length}: the length of the crl_list
-
-This function will return check if the given certificate is
-revoked. It is assumed that the CRLs have been verified before.
-
-@strong{Returns:} 0 if the certificate is NOT revoked, and 1 if it is. A
-negative value is returned on error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_verify_data
-@anchor{gnutls_x509_crt_verify_data}
-@deftypefun {int} {gnutls_x509_crt_verify_data} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature})
-@var{crt}: Holds the certificate
-
-@var{flags}: should be 0 for now
-
-@var{data}: holds the data to be signed
-
-@var{signature}: contains the signature
-
-This function will verify the given signed data, using the
-parameters from the certificate.
-
-@strong{Returns:} In case of a verification failure 0 is returned, and 1 on
-success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_crl_dist_points
-@anchor{gnutls_x509_crt_get_crl_dist_points}
-@deftypefun {int} {gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{reason_flags}, unsigned int * @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.)
-
-@var{ret}: is the place where the distribution point will be copied to
-
-@var{ret_size}: holds the size of ret.
-
-@var{reason_flags}: Revocation reasons flags.
-
-@var{critical}: will be non zero if the extension is marked as critical (may be null)
-
-This function will return the CRL distribution points (2.5.29.31),
-contained in the given certificate.
-
-@code{reason_flags} should be an ORed sequence of
-GNUTLS_CRL_REASON_UNUSED, GNUTLS_CRL_REASON_KEY_COMPROMISE,
-GNUTLS_CRL_REASON_CA_COMPROMISE,
-GNUTLS_CRL_REASON_AFFILIATION_CHANGED,
-GNUTLS_CRL_REASON_SUPERSEEDED,
-GNUTLS_CRL_REASON_CESSATION_OF_OPERATION,
-GNUTLS_CRL_REASON_CERTIFICATE_HOLD,
-GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN,
-GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons.
-
-This is specified in X509v3 Certificate Extensions. GNUTLS will
-return the distribution point type, or a negative error code on
-error.
-
-Returns @code{GNUTLS_E_SHORT_MEMORY_BUFFER} and updates &@code{ret_size} if
-&@code{ret_size} is not enough to hold the distribution point, or the
-type of the distribution point if everything was ok. The type is
-one of the enumerated @code{gnutls_x509_subject_alt_name_t}. If the
-certificate does not have an Alternative name with the specified
-sequence number then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is
-returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_key_purpose_oid
-@anchor{gnutls_x509_crt_get_key_purpose_oid}
-@deftypefun {int} {gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{indx}: This specifies which OID to return. Use zero to get the first one.
-
-@var{oid}: a pointer to a buffer to hold the OID (may be null)
-
-@var{sizeof_oid}: initially holds the size of @code{oid}
-
-This function will extract the key purpose OIDs of the Certificate
-specified by the given index. These are stored in the Extended Key
-Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for
-human readable names.
-
-If @code{oid} is null then only the size will be filled.
-
-@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
-not long enough, and in that case the *sizeof_oid will be updated
-with the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_pk_rsa_raw
-@anchor{gnutls_x509_crt_get_pk_rsa_raw}
-@deftypefun {int} {gnutls_x509_crt_get_pk_rsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e})
-@var{crt}: Holds the certificate
-
-@var{m}: will hold the modulus
-
-@var{e}: will hold the public exponent
-
-This function will export the RSA public key's parameters found in
-the given structure. The new parameters will be allocated using
-@code{gnutls_malloc()} and will be stored in the appropriate datum.
-
-@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_get_pk_dsa_raw
-@anchor{gnutls_x509_crt_get_pk_dsa_raw}
-@deftypefun {int} {gnutls_x509_crt_get_pk_dsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y})
-@var{crt}: Holds the certificate
-
-@var{p}: will hold the p
-
-@var{q}: will hold the q
-
-@var{g}: will hold the g
-
-@var{y}: will hold the y
-
-This function will export the DSA public key's parameters found in
-the given certificate. The new parameters will be allocated using
-@code{gnutls_malloc()} and will be stored in the appropriate datum.
-
-@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_list_import
-@anchor{gnutls_x509_crt_list_import}
-@deftypefun {int} {gnutls_x509_crt_list_import} (gnutls_x509_crt_t * @var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
-@var{certs}: The structures to store the parsed certificate. Must not be initialized.
-
-@var{cert_max}: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
-
-@var{data}: The PEM encoded certificate.
-
-@var{format}: One of DER or PEM.
-
-@var{flags}: must be zero or an OR'd sequence of gnutls_certificate_import_flags.
-
-This function will convert the given PEM encoded certificate list
-to the native gnutls_x509_crt_t format. The output will be stored
-in @code{certs}. They will be automatically initialized.
-
-If the Certificate is PEM encoded it should have a header of "X509
-CERTIFICATE", or "CERTIFICATE".
-
-@strong{Returns:} the number of certificates read or a negative error value.
-@end deftypefun
-
-@subheading gnutls_x509_crt_check_hostname
-@anchor{gnutls_x509_crt_check_hostname}
-@deftypefun {int} {gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname})
-@var{cert}: should contain an gnutls_x509_crt_t structure
-
-@var{hostname}: A null terminated string that contains a DNS name
-
-This function will check if the given certificate's subject
-matches the given hostname. This is a basic implementation of the
-matching described in RFC2818 (HTTPS), which takes into account
-wildcards, and the DNSName/IPAddress subject alternative name PKIX
-extension.
-
-Returns non zero for a successful match, and zero on failure.
-@end deftypefun
-
-@subheading gnutls_x509_crt_check_issuer
-@anchor{gnutls_x509_crt_check_issuer}
-@deftypefun {int} {gnutls_x509_crt_check_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t @var{issuer})
-@var{cert}: is the certificate to be checked
-
-@var{issuer}: is the certificate of a possible issuer
-
-This function will check if the given certificate was issued by the
-given issuer. It will return true (1) if the given certificate is issued
-by the given issuer, and false (0) if not.
-
-A negative value is returned in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_list_verify
-@anchor{gnutls_x509_crt_list_verify}
-@deftypefun {int} {gnutls_x509_crt_list_verify} (const gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_length}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, const gnutls_x509_crl_t * @var{CRL_list}, int @var{CRL_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})
-@var{cert_list}: is the certificate list to be verified
-
-@var{cert_list_length}: holds the number of certificate in cert_list
-
-@var{CA_list}: is the CA list which will be used in verification
-
-@var{CA_list_length}: holds the number of CA certificate in CA_list
-
-@var{CRL_list}: holds a list of CRLs.
-
-@var{CRL_list_length}: the length of CRL list.
-
-@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
-
-@var{verify}: will hold the certificate verification output.
-
-This function will try to verify the given certificate list and return its status.
-Note that expiration and activation dates are not checked
-by this function, you should check them using the appropriate functions.
-
-If no flags are specified (0), this function will use the
-basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate
-authority is allowed to sign a certificate.
-
-You must also check the peer's name in order to check if the verified
-certificate belongs to the actual peer.
-
-The certificate verification output will be put in @code{verify} and will be
-one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd.
-For a more detailed verification status use @code{gnutls_x509_crt_verify()} per list
-element.
-
-@strong{GNUTLS_CERT_INVALID:} the certificate chain is not valid.
-
-@strong{GNUTLS_CERT_REVOKED:} a certificate in the chain has been revoked.
-
-Returns 0 on success and a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_verify
-@anchor{gnutls_x509_crt_verify}
-@deftypefun {int} {gnutls_x509_crt_verify} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})
-@var{cert}: is the certificate to be verified
-
-@var{CA_list}: is one certificate that is considered to be trusted one
-
-@var{CA_list_length}: holds the number of CA certificate in CA_list
-
-@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
-
-@var{verify}: will hold the certificate verification output.
-
-This function will try to verify the given certificate and return its status.
-The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID.
-
-Returns 0 on success and a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crl_check_issuer
-@anchor{gnutls_x509_crl_check_issuer}
-@deftypefun {int} {gnutls_x509_crl_check_issuer} (gnutls_x509_crl_t @var{cert}, gnutls_x509_crt_t @var{issuer})
-@var{issuer}: is the certificate of a possible issuer
-
-This function will check if the given CRL was issued by the
-given issuer certificate. It will return true (1) if the given CRL was issued
-by the given issuer, and false (0) if not.
-
-A negative value is returned in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crl_verify
-@anchor{gnutls_x509_crl_verify}
-@deftypefun {int} {gnutls_x509_crl_verify} (gnutls_x509_crl_t @var{crl}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})
-@var{crl}: is the crl to be verified
-
-@var{CA_list}: is a certificate list that is considered to be trusted one
-
-@var{CA_list_length}: holds the number of CA certificates in CA_list
-
-@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
-
-@var{verify}: will hold the crl verification output.
-
-This function will try to verify the given crl and return its status.
-See @code{gnutls_x509_crt_list_verify()} for a detailed description of
-return values.
-
-Returns 0 on success and a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_init
-@anchor{gnutls_x509_privkey_init}
-@deftypefun {int} {gnutls_x509_privkey_init} (gnutls_x509_privkey_t * @var{key})
-@var{key}: The structure to be initialized
-
-This function will initialize an private key structure.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_deinit
-@anchor{gnutls_x509_privkey_deinit}
-@deftypefun {void} {gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t @var{key})
-@var{key}: The structure to be initialized
-
-This function will deinitialize a private key structure.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_cpy
-@anchor{gnutls_x509_privkey_cpy}
-@deftypefun {int} {gnutls_x509_privkey_cpy} (gnutls_x509_privkey_t @var{dst}, gnutls_x509_privkey_t @var{src})
-@var{dst}: The destination key, which should be initialized.
-
-@var{src}: The source key
-
-This function will copy a private key from source to destination key.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_import
-@anchor{gnutls_x509_privkey_import}
-@deftypefun {int} {gnutls_x509_privkey_import} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
-@var{key}: The structure to store the parsed key
-
-@var{data}: The DER or PEM encoded certificate.
-
-@var{format}: One of DER or PEM
-
-This function will convert the given DER or PEM encoded key
-to the native gnutls_x509_privkey_t format. The output will be stored in @code{key} .
-
-If the key is PEM encoded it should have a header of "RSA PRIVATE KEY", or
-"DSA PRIVATE KEY".
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_import_rsa_raw
-@anchor{gnutls_x509_privkey_import_rsa_raw}
-@deftypefun {int} {gnutls_x509_privkey_import_rsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u})
-@var{key}: The structure to store the parsed key
-
-@var{m}: holds the modulus
-
-@var{e}: holds the public exponent
-
-@var{d}: holds the private exponent
-
-@var{p}: holds the first prime (p)
-
-@var{q}: holds the second prime (q)
-
-@var{u}: holds the coefficient
-
-This function will convert the given RSA raw parameters
-to the native gnutls_x509_privkey_t format. The output will be stored in @code{key}.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_import_dsa_raw
-@anchor{gnutls_x509_privkey_import_dsa_raw}
-@deftypefun {int} {gnutls_x509_privkey_import_dsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x})
-@var{key}: The structure to store the parsed key
-
-@var{p}: holds the p
-
-@var{q}: holds the q
-
-@var{g}: holds the g
-
-@var{y}: holds the y
-
-@var{x}: holds the x
-
-This function will convert the given DSA raw parameters
-to the native gnutls_x509_privkey_t format. The output will be stored in @code{key}.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_get_pk_algorithm
-@anchor{gnutls_x509_privkey_get_pk_algorithm}
-@deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm} (gnutls_x509_privkey_t @var{key})
-@var{key}: should contain a gnutls_x509_privkey_t structure
-
-This function will return the public key algorithm of a private
-key.
-
-Returns a member of the gnutls_pk_algorithm_t enumeration on success,
-or a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_export
-@anchor{gnutls_x509_privkey_export}
-@deftypefun {int} {gnutls_x509_privkey_export} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
-@var{key}: Holds the key
-
-@var{format}: the format of output params. One of PEM or DER.
-
-@var{output_data}: will contain a private key PEM or DER encoded
-
-@var{output_data_size}: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the private key to a PKCS1 structure for
-RSA keys, or an integer sequence for DSA keys. The DSA keys are in
-the same format with the parameters used by openssl.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN RSA PRIVATE KEY".
-
-@strong{Return value:} In case of failure a negative value will be
-returned, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_export_rsa_raw
-@anchor{gnutls_x509_privkey_export_rsa_raw}
-@deftypefun {int} {gnutls_x509_privkey_export_rsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u})
-@var{key}: a structure that holds the rsa parameters
-
-@var{m}: will hold the modulus
-
-@var{e}: will hold the public exponent
-
-@var{d}: will hold the private exponent
-
-@var{p}: will hold the first prime (p)
-
-@var{q}: will hold the second prime (q)
-
-@var{u}: will hold the coefficient
-
-This function will export the RSA private key's parameters found in the given
-structure. The new parameters will be allocated using
-@code{gnutls_malloc()} and will be stored in the appropriate datum.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_export_dsa_raw
-@anchor{gnutls_x509_privkey_export_dsa_raw}
-@deftypefun {int} {gnutls_x509_privkey_export_dsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x})
-@var{p}: will hold the p
-
-@var{q}: will hold the q
-
-@var{g}: will hold the g
-
-@var{y}: will hold the y
-
-@var{x}: will hold the x
-
-This function will export the DSA private key's parameters found in the given
-structure. The new parameters will be allocated using
-@code{gnutls_malloc()} and will be stored in the appropriate datum.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_generate
-@anchor{gnutls_x509_privkey_generate}
-@deftypefun {int} {gnutls_x509_privkey_generate} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags})
-@var{key}: should contain a gnutls_x509_privkey_t structure
-
-@var{algo}: is one of RSA or DSA.
-
-@var{bits}: the size of the modulus
-
-@var{flags}: unused for now. Must be 0.
-
-This function will generate a random private key. Note that
-this function must be called on an empty private key.
-
-Returns 0 on success or a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_get_key_id
-@anchor{gnutls_x509_privkey_get_key_id}
-@deftypefun {int} {gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})
-@var{key}: Holds the key
-
-@var{flags}: should be 0 for now
-
-@var{output_data}: will contain the key ID
-
-@var{output_data_size}: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will return a unique ID the depends on the public key
-parameters. This ID can be used in checking whether a certificate
-corresponds to the given key.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned. The output will normally be a SHA-1 hash output,
-which is 20 bytes.
-
-@strong{Return value:} In case of failure a negative value will be
-returned, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_sign_data
-@anchor{gnutls_x509_privkey_sign_data}
-@deftypefun {int} {gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, void * @var{signature}, size_t * @var{signature_size})
-@var{key}: Holds the key
-
-@var{digest}: should be MD5 or SHA1
-
-@var{flags}: should be 0 for now
-
-@var{data}: holds the data to be signed
-
-@var{signature}: will contain the signature
-
-@var{signature_size}: holds the size of signature (and will be replaced
-by the new size)
-
-This function will sign the given data using a signature algorithm
-supported by the private key. Signature algorithms are always used
-together with a hash functions. Different hash functions may be
-used for the RSA algorithm, but only SHA-1 for the DSA keys.
-
-If the buffer provided is not long enough to hold the output, then
-*signature_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned.
-
-In case of failure a negative value will be returned, and
-0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_sign_hash
-@anchor{gnutls_x509_privkey_sign_hash}
-@deftypefun {int} {gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature})
-@var{key}: Holds the key
-
-@var{hash}: holds the data to be signed
-
-@var{signature}: will contain newly allocated signature
-
-This function will sign the given hash using the private key.
-
-@strong{Return value:} In case of failure a negative value will be returned,
-and 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_verify_data
-@anchor{gnutls_x509_privkey_verify_data}
-@deftypefun {int} {gnutls_x509_privkey_verify_data} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature})
-@var{key}: Holds the key
-
-@var{flags}: should be 0 for now
-
-@var{data}: holds the data to be signed
-
-@var{signature}: contains the signature
-
-This function will verify the given signed data, using the parameters in the
-private key.
-
-In case of a verification failure 0 is returned, and
-1 on success.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_fix
-@anchor{gnutls_x509_privkey_fix}
-@deftypefun {int} {gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key})
-@var{key}: Holds the key
-
-This function will recalculate the secondary parameters in a key.
-In RSA keys, this can be the coefficient and exponent1,2.
-
-@strong{Return value:} In case of failure a negative value will be
-returned, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs7_init
-@anchor{gnutls_pkcs7_init}
-@deftypefun {int} {gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7})
-@var{pkcs7}: The structure to be initialized
-
-This function will initialize a PKCS7 structure. PKCS7 structures
-usually contain lists of X.509 Certificates and X.509 Certificate
-revocation lists.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs7_deinit
-@anchor{gnutls_pkcs7_deinit}
-@deftypefun {void} {gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7})
-@var{pkcs7}: The structure to be initialized
-
-This function will deinitialize a PKCS7 structure.
-@end deftypefun
-
-@subheading gnutls_pkcs7_import
-@anchor{gnutls_pkcs7_import}
-@deftypefun {int} {gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
-@var{pkcs7}: The structure to store the parsed PKCS7.
-
-@var{data}: The DER or PEM encoded PKCS7.
-
-@var{format}: One of DER or PEM
-
-This function will convert the given DER or PEM encoded PKCS7
-to the native gnutls_pkcs7_t format. The output will be stored in 'pkcs7'.
-
-If the PKCS7 is PEM encoded it should have a header of "PKCS7".
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs7_get_crt_raw
-@anchor{gnutls_pkcs7_get_crt_raw}
-@deftypefun {int} {gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{certificate}, size_t * @var{certificate_size})
-@var{indx}: contains the index of the certificate to extract
-
-@var{certificate}: the contents of the certificate will be copied there (may be null)
-
-@var{certificate_size}: should hold the size of the certificate
-
-This function will return a certificate of the PKCS7 or RFC2630 certificate set.
-Returns 0 on success. If the provided buffer is not long enough,
-then @code{certificate_size} is updated and GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
-
-After the last certificate has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
-will be returned.
-@end deftypefun
-
-@subheading gnutls_pkcs7_get_crt_count
-@anchor{gnutls_pkcs7_get_crt_count}
-@deftypefun {int} {gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7})
-This function will return the number of certifcates in the PKCS7 or
-RFC2630 certificate set.
-
-Returns a negative value on failure.
-@end deftypefun
-
-@subheading gnutls_pkcs7_export
-@anchor{gnutls_pkcs7_export}
-@deftypefun {int} {gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
-@var{pkcs7}: Holds the pkcs7 structure
-
-@var{format}: the format of output params. One of PEM or DER.
-
-@var{output_data}: will contain a structure PEM or DER encoded
-
-@var{output_data_size}: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the pkcs7 structure to DER or PEM format.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN PKCS7".
-
-@strong{Return value:} In case of failure a negative value will be
-returned, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs7_set_crt_raw
-@anchor{gnutls_pkcs7_set_crt_raw}
-@deftypefun {int} {gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt})
-@var{crt}: the DER encoded certificate to be added
-
-This function will add a certificate to the PKCS7 or RFC2630 certificate set.
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs7_set_crt
-@anchor{gnutls_pkcs7_set_crt}
-@deftypefun {int} {gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt})
-@var{crt}: the certificate to be copied.
-
-This function will add a parsed certificate to the PKCS7 or RFC2630 certificate set.
-This is a wrapper function over @code{gnutls_pkcs7_set_crt_raw()} .
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs7_delete_crt
-@anchor{gnutls_pkcs7_delete_crt}
-@deftypefun {int} {gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx})
-@var{indx}: the index of the certificate to delete
-
-This function will delete a certificate from a PKCS7 or RFC2630 certificate set.
-Index starts from 0. Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs7_get_crl_raw
-@anchor{gnutls_pkcs7_get_crl_raw}
-@deftypefun {int} {gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{crl}, size_t * @var{crl_size})
-@var{indx}: contains the index of the crl to extract
-
-@var{crl}: the contents of the crl will be copied there (may be null)
-
-@var{crl_size}: should hold the size of the crl
-
-This function will return a crl of the PKCS7 or RFC2630 crl set.
-Returns 0 on success. If the provided buffer is not long enough,
-then @code{crl_size} is updated and GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
-
-After the last crl has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
-will be returned.
-@end deftypefun
-
-@subheading gnutls_pkcs7_get_crl_count
-@anchor{gnutls_pkcs7_get_crl_count}
-@deftypefun {int} {gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7})
-This function will return the number of certifcates in the PKCS7 or
-RFC2630 crl set.
-
-Returns a negative value on failure.
-@end deftypefun
-
-@subheading gnutls_pkcs7_set_crl_raw
-@anchor{gnutls_pkcs7_set_crl_raw}
-@deftypefun {int} {gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl})
-@var{crl}: the DER encoded crl to be added
-
-This function will add a crl to the PKCS7 or RFC2630 crl set.
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs7_set_crl
-@anchor{gnutls_pkcs7_set_crl}
-@deftypefun {int} {gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl})
-@var{crl}: the DER encoded crl to be added
-
-This function will add a parsed crl to the PKCS7 or RFC2630 crl set.
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs7_delete_crl
-@anchor{gnutls_pkcs7_delete_crl}
-@deftypefun {int} {gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx})
-@var{indx}: the index of the crl to delete
-
-This function will delete a crl from a PKCS7 or RFC2630 crl set.
-Index starts from 0. Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_init
-@anchor{gnutls_x509_crq_init}
-@deftypefun {int} {gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq})
-@var{crq}: The structure to be initialized
-
-This function will initialize a PKCS10 certificate request structure.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_deinit
-@anchor{gnutls_x509_crq_deinit}
-@deftypefun {void} {gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq})
-@var{crq}: The structure to be initialized
-
-This function will deinitialize a CRL structure.
-@end deftypefun
-
-@subheading gnutls_x509_crq_import
-@anchor{gnutls_x509_crq_import}
-@deftypefun {int} {gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
-@var{crq}: The structure to store the parsed certificate request.
-
-@var{data}: The DER or PEM encoded certificate.
-
-@var{format}: One of DER or PEM
-
-This function will convert the given DER or PEM encoded Certificate
-to the native gnutls_x509_crq_t format. The output will be stored in @code{cert}.
-
-If the Certificate is PEM encoded it should have a header of "NEW CERTIFICATE REQUEST".
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_get_dn
-@anchor{gnutls_x509_crq_get_dn}
-@deftypefun {int} {gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq}, char * @var{buf}, size_t * @var{sizeof_buf})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{buf}: a pointer to a structure to hold the name (may be null)
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-This function will copy the name of the Certificate request
-subject in the provided buffer. The name will be in the form
-"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
-will be ASCII or UTF-8 encoded, depending on the certificate data.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crq_get_dn_by_oid
-@anchor{gnutls_x509_crq_get_dn_by_oid}
-@deftypefun {int} {gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{oid}: holds an Object Identified in null terminated string
-
-@var{indx}: In case multiple same OIDs exist in the RDN, this specifies
-which to send. Use zero to get the first one.
-
-@var{raw_flag}: If non zero returns the raw DER data of the DN part.
-
-@var{buf}: a pointer to a structure to hold the name (may be null)
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-This function will extract the part of the name of the Certificate
-request subject, specified by the given OID. The output will be
-encoded as described in RFC2253. The output string will be ASCII
-or UTF-8 encoded, depending on the certificate data.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-If raw flag is zero, this function will only return known OIDs as
-text. Other OIDs will be DER encoded, as described in RFC2253 --
-in hex format with a '\#' prefix. You can check about known OIDs
-using @code{gnutls_x509_dn_oid_known()}.
-
-If @code{buf} is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_buf will be updated with
-the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crq_get_dn_oid
-@anchor{gnutls_x509_crq_get_dn_oid}
-@deftypefun {int} {gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{indx}: Specifies which DN OID to send. Use zero to get the first one.
-
-@var{oid}: a pointer to a structure to hold the name (may be null)
-
-@var{sizeof_oid}: initially holds the size of @code{oid}
-
-This function will extract the requested OID of the name of the
-Certificate request subject, specified by the given index.
-
-If oid is null then only the size will be filled.
-
-Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
-long enough, and in that case the *sizeof_oid will be updated with
-the required size. On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crq_get_challenge_password
-@anchor{gnutls_x509_crq_get_challenge_password}
-@deftypefun {int} {gnutls_x509_crq_get_challenge_password} (gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{sizeof_pass})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{pass}: will hold a null terminated password
-
-@var{sizeof_pass}: Initially holds the size of @code{pass}.
-
-This function will return the challenge password in the
-request.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_set_attribute_by_oid
-@anchor{gnutls_x509_crq_set_attribute_by_oid}
-@deftypefun {int} {gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{sizeof_buf})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{oid}: holds an Object Identified in null terminated string
-
-@var{buf}: a pointer to a structure that holds the attribute data
-
-@var{sizeof_buf}: holds the size of @code{buf}
-
-This function will set the attribute in the certificate request specified
-by the given Object ID. The attribute must be be DER encoded.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_get_attribute_by_oid
-@anchor{gnutls_x509_crq_get_attribute_by_oid}
-@deftypefun {int} {gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{oid}: holds an Object Identified in null terminated string
-
-@var{indx}: In case multiple same OIDs exist in the attribute list, this specifies
-which to send. Use zero to get the first one.
-
-@var{buf}: a pointer to a structure to hold the attribute data (may be null)
-
-@var{sizeof_buf}: initially holds the size of @code{buf}
-
-This function will return the attribute in the certificate request specified
-by the given Object ID. The attribute will be DER encoded.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_set_dn_by_oid
-@anchor{gnutls_x509_crq_set_dn_by_oid}
-@deftypefun {int} {gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{data}, unsigned int @var{sizeof_data})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{oid}: holds an Object Identifier in a null terminated string
-
-@var{raw_flag}: must be 0, or 1 if the data are DER encoded
-
-@var{data}: a pointer to the input data
-
-@var{sizeof_data}: holds the size of @code{data}
-
-This function will set the part of the name of the Certificate request subject, specified
-by the given OID. The input string should be ASCII or UTF-8 encoded.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-With this function you can only set the known OIDs. You can test
-for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are
-not known (by gnutls) you should properly DER encode your data, and
-call this function with raw_flag set.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_set_version
-@anchor{gnutls_x509_crq_set_version}
-@deftypefun {int} {gnutls_x509_crq_set_version} (gnutls_x509_crq_t @var{crq}, unsigned int @var{version})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{version}: holds the version number. For v1 Requests must be 1.
-
-This function will set the version of the certificate request. For
-version 1 requests this must be one.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_get_version
-@anchor{gnutls_x509_crq_get_version}
-@deftypefun {int} {gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-This function will return the version of the specified Certificate request.
-
-Returns a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_crq_set_key
-@anchor{gnutls_x509_crq_set_key}
-@deftypefun {int} {gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{key}: holds a private key
-
-This function will set the public parameters from the given private key to the
-request. Only RSA keys are currently supported.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_set_challenge_password
-@anchor{gnutls_x509_crq_set_challenge_password}
-@deftypefun {int} {gnutls_x509_crq_set_challenge_password} (gnutls_x509_crq_t @var{crq}, const char * @var{pass})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{pass}: holds a null terminated password
-
-This function will set a challenge password to be used when revoking the request.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_sign2
-@anchor{gnutls_x509_crq_sign2}
-@deftypefun {int} {gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{key}: holds a private key
-
-@var{dig}: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
-
-@var{flags}: must be 0
-
-This function will sign the certificate request with a private key.
-This must be the same key as the one used in @code{gnutls_x509_crt_set_key()} since a
-certificate request is self signed.
-
-This must be the last step in a certificate request generation since all
-the previously set parameters are now signed.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_sign
-@anchor{gnutls_x509_crq_sign}
-@deftypefun {int} {gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{key}: holds a private key
-
-This function is the same a @code{gnutls_x509_crq_sign2()} with no flags, and
-SHA1 as the hash algorithm.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_export
-@anchor{gnutls_x509_crq_export}
-@deftypefun {int} {gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
-@var{crq}: Holds the request
-
-@var{format}: the format of output params. One of PEM or DER.
-
-@var{output_data}: will contain a certificate request PEM or DER encoded
-
-@var{output_data_size}: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the certificate request to a PKCS10
-
-If the buffer provided is not long enough to hold the output, then
-GNUTLS_E_SHORT_MEMORY_BUFFER will be returned and
-*output_data_size will be updated.
-
-If the structure is PEM encoded, it will have a header of "BEGIN
-NEW CERTIFICATE REQUEST".
-
-@strong{Return value:} In case of failure a negative value will be
-returned, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crq_get_pk_algorithm
-@anchor{gnutls_x509_crq_get_pk_algorithm}
-@deftypefun {int} {gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{bits})
-@var{crq}: should contain a gnutls_x509_crq_t structure
-
-@var{bits}: if bits is non null it will hold the size of the parameters' in bits
-
-This function will return the public key algorithm of a PKCS \@code{10}
-certificate request.
-
-If bits is non null, it should have enough size to hold the parameters
-size in bits. For RSA the bits returned is the modulus.
-For DSA the bits returned are of the public
-exponent.
-
-Returns a member of the gnutls_pk_algorithm_t enumeration on success,
-or a negative value on error.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_export_pkcs8
-@anchor{gnutls_x509_privkey_export_pkcs8}
-@deftypefun {int} {gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, void * @var{output_data}, size_t * @var{output_data_size})
-@var{key}: Holds the key
-
-@var{format}: the format of output params. One of PEM or DER.
-
-@var{password}: the password that will be used to encrypt the key.
-
-@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t
-
-@var{output_data}: will contain a private key PEM or DER encoded
-
-@var{output_data_size}: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the private key to a PKCS8 structure.
-Both RSA and DSA keys can be exported. For DSA keys we use
-PKCS @code{11} definitions. If the flags do not specify the encryption
-cipher, then the default 3DES (PBES2) will be used.
-
-The @code{password} can be either ASCII or UTF-8 in the default PBES2
-encryption schemas, or ASCII for the PKCS12 schemas.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
-be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
-encryption is not used.
-
-@strong{Return value:} In case of failure a negative value will be
-returned, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_privkey_import_pkcs8
-@anchor{gnutls_x509_privkey_import_pkcs8}
-@deftypefun {int} {gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags})
-@var{key}: The structure to store the parsed key
-
-@var{data}: The DER or PEM encoded key.
-
-@var{format}: One of DER or PEM
-
-@var{password}: the password to decrypt the key (if it is encrypted).
-
-@var{flags}: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
-
-This function will convert the given DER or PEM encoded PKCS8 2.0 encrypted key
-to the native gnutls_x509_privkey_t format. The output will be stored in @code{key}.
-Both RSA and DSA keys can be imported, and flags can only be used to indicate
-an unencrypted key.
-
-The @code{password} can be either ASCII or UTF-8 in the default PBES2
-encryption schemas, or ASCII for the PKCS12 schemas.
-
-If the Certificate is PEM encoded it should have a header of "ENCRYPTED PRIVATE KEY",
-or "PRIVATE KEY". You only need to specify the flags if the key is DER encoded, since
-in that case the encryption status cannot be auto-detected.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs12_init
-@anchor{gnutls_pkcs12_init}
-@deftypefun {int} {gnutls_pkcs12_init} (gnutls_pkcs12_t * @var{pkcs12})
-@var{pkcs12}: The structure to be initialized
-
-This function will initialize a PKCS12 structure. PKCS12 structures
-usually contain lists of X.509 Certificates and X.509 Certificate
-revocation lists.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs12_deinit
-@anchor{gnutls_pkcs12_deinit}
-@deftypefun {void} {gnutls_pkcs12_deinit} (gnutls_pkcs12_t @var{pkcs12})
-@var{pkcs12}: The structure to be initialized
-
-This function will deinitialize a PKCS12 structure.
-@end deftypefun
-
-@subheading gnutls_pkcs12_import
-@anchor{gnutls_pkcs12_import}
-@deftypefun {int} {gnutls_pkcs12_import} (gnutls_pkcs12_t @var{pkcs12}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
-@var{pkcs12}: The structure to store the parsed PKCS12.
-
-@var{data}: The DER or PEM encoded PKCS12.
-
-@var{format}: One of DER or PEM
-
-@var{flags}: an ORed sequence of gnutls_privkey_pkcs8_flags
-
-This function will convert the given DER or PEM encoded PKCS12
-to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'.
-
-If the PKCS12 is PEM encoded it should have a header of "PKCS12".
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs12_export
-@anchor{gnutls_pkcs12_export}
-@deftypefun {int} {gnutls_pkcs12_export} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
-@var{pkcs12}: Holds the pkcs12 structure
-
-@var{format}: the format of output params. One of PEM or DER.
-
-@var{output_data}: will contain a structure PEM or DER encoded
-
-@var{output_data_size}: holds the size of output_data (and will be
-replaced by the actual size of parameters)
-
-This function will export the pkcs12 structure to DER or PEM format.
-
-If the buffer provided is not long enough to hold the output, then
-*output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER
-will be returned.
-
-If the structure is PEM encoded, it will have a header
-of "BEGIN PKCS12".
-
-@strong{Return value:} In case of failure a negative value will be
-returned, and 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs12_get_bag
-@anchor{gnutls_pkcs12_get_bag}
-@deftypefun {int} {gnutls_pkcs12_get_bag} (gnutls_pkcs12_t @var{pkcs12}, int @var{indx}, gnutls_pkcs12_bag_t @var{bag})
-@var{pkcs12}: should contain a gnutls_pkcs12_t structure
-
-@var{indx}: contains the index of the bag to extract
-
-@var{bag}: An initialized bag, where the contents of the bag will be copied
-
-This function will return a Bag from the PKCS12 structure.
-Returns 0 on success.
-
-After the last Bag has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
-will be returned.
-@end deftypefun
-
-@subheading gnutls_pkcs12_set_bag
-@anchor{gnutls_pkcs12_set_bag}
-@deftypefun {int} {gnutls_pkcs12_set_bag} (gnutls_pkcs12_t @var{pkcs12}, gnutls_pkcs12_bag_t @var{bag})
-@var{pkcs12}: should contain a gnutls_pkcs12_t structure
-
-@var{bag}: An initialized bag
-
-This function will insert a Bag into the PKCS12 structure.
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs12_generate_mac
-@anchor{gnutls_pkcs12_generate_mac}
-@deftypefun {int} {gnutls_pkcs12_generate_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass})
-@var{pkcs12}: should contain a gnutls_pkcs12_t structure
-
-@var{pass}: The password for the MAC
-
-This function will generate a MAC for the PKCS12 structure.
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs12_verify_mac
-@anchor{gnutls_pkcs12_verify_mac}
-@deftypefun {int} {gnutls_pkcs12_verify_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass})
-@var{pkcs12}: should contain a gnutls_pkcs12_t structure
-
-@var{pass}: The password for the MAC
-
-This function will verify the MAC for the PKCS12 structure.
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_init
-@anchor{gnutls_pkcs12_bag_init}
-@deftypefun {int} {gnutls_pkcs12_bag_init} (gnutls_pkcs12_bag_t * @var{bag})
-@var{bag}: The structure to be initialized
-
-This function will initialize a PKCS12 bag structure. PKCS12 Bags
-usually contain private keys, lists of X.509 Certificates and X.509 Certificate
-revocation lists.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_deinit
-@anchor{gnutls_pkcs12_bag_deinit}
-@deftypefun {void} {gnutls_pkcs12_bag_deinit} (gnutls_pkcs12_bag_t @var{bag})
-@var{bag}: The structure to be initialized
-
-This function will deinitialize a PKCS12 Bag structure.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_get_type
-@anchor{gnutls_pkcs12_bag_get_type}
-@deftypefun {gnutls_pkcs12_bag_type_t} {gnutls_pkcs12_bag_get_type} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx})
-@var{bag}: The bag
-
-@var{indx}: The element of the bag to get the type
-
-This function will return the bag's type. One of the gnutls_pkcs12_bag_type_t
-enumerations.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_get_count
-@anchor{gnutls_pkcs12_bag_get_count}
-@deftypefun {int} {gnutls_pkcs12_bag_get_count} (gnutls_pkcs12_bag_t @var{bag})
-@var{bag}: The bag
-
-This function will return the number of the elements withing the bag.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_get_data
-@anchor{gnutls_pkcs12_bag_get_data}
-@deftypefun {int} {gnutls_pkcs12_bag_get_data} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, gnutls_datum_t * @var{data})
-@var{bag}: The bag
-
-@var{indx}: The element of the bag to get the data from
-
-@var{data}: where the bag's data will be. Should be treated as constant.
-
-This function will return the bag's data. The data is a constant
-that is stored into the bag. Should not be accessed after the bag
-is deleted.
-
-Returns 0 on success and a negative error code on error.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_set_data
-@anchor{gnutls_pkcs12_bag_set_data}
-@deftypefun {int} {gnutls_pkcs12_bag_set_data} (gnutls_pkcs12_bag_t @var{bag}, gnutls_pkcs12_bag_type_t @var{type}, const gnutls_datum_t * @var{data})
-@var{bag}: The bag
-
-@var{type}: The data's type
-
-@var{data}: the data to be copied.
-
-This function will insert the given data of the given type into the
-bag.
-
-Returns the index of the added bag on success, or a negative
-value on error.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_set_crt
-@anchor{gnutls_pkcs12_bag_set_crt}
-@deftypefun {int} {gnutls_pkcs12_bag_set_crt} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crt_t @var{crt})
-@var{bag}: The bag
-
-@var{crt}: the certificate to be copied.
-
-This function will insert the given certificate into the
-bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()}.
-
-Returns the index of the added bag on success, or a negative
-value on failure.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_set_crl
-@anchor{gnutls_pkcs12_bag_set_crl}
-@deftypefun {int} {gnutls_pkcs12_bag_set_crl} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crl_t @var{crl})
-@var{bag}: The bag
-
-@var{crl}: the CRL to be copied.
-
-This function will insert the given CRL into the
-bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()}.
-
-Returns the index of the added bag on success, or a negative
-value on failure.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_set_key_id
-@anchor{gnutls_pkcs12_bag_set_key_id}
-@deftypefun {int} {gnutls_pkcs12_bag_set_key_id} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, const gnutls_datum_t * @var{id})
-@var{bag}: The bag
-
-@var{indx}: The bag's element to add the id
-
-@var{id}: the ID
-
-This function will add the given key ID, to the specified, by the index, bag
-element. The key ID will be encoded as a 'Local key identifier' bag attribute,
-which is usually used to distinguish the local private key and the certificate pair.
-
-Returns 0 on success, or a negative value on error.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_get_key_id
-@anchor{gnutls_pkcs12_bag_get_key_id}
-@deftypefun {int} {gnutls_pkcs12_bag_get_key_id} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, gnutls_datum_t * @var{id})
-@var{bag}: The bag
-
-@var{indx}: The bag's element to add the id
-
-@var{id}: where the ID will be copied (to be treated as const)
-
-This function will return the key ID, of the specified bag element.
-The key ID is usually used to distinguish the local private key and the certificate pair.
-
-Returns 0 on success, or a negative value on error.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_get_friendly_name
-@anchor{gnutls_pkcs12_bag_get_friendly_name}
-@deftypefun {int} {gnutls_pkcs12_bag_get_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, char ** @var{name})
-@var{bag}: The bag
-
-@var{indx}: The bag's element to add the id
-
-@var{name}: will hold a pointer to the name (to be treated as const)
-
-This function will return the friendly name, of the specified bag element.
-The key ID is usually used to distinguish the local private key and the certificate pair.
-
-Returns 0 on success, or a negative value on error.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_set_friendly_name
-@anchor{gnutls_pkcs12_bag_set_friendly_name}
-@deftypefun {int} {gnutls_pkcs12_bag_set_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, const char * @var{name})
-@var{bag}: The bag
-
-@var{indx}: The bag's element to add the id
-
-@var{name}: the name
-
-This function will add the given key friendly name, to the specified, by the index, bag
-element. The name will be encoded as a 'Friendly name' bag attribute,
-which is usually used to set a user name to the local private key and the certificate pair.
-
-Returns 0 on success, or a negative value on error.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_decrypt
-@anchor{gnutls_pkcs12_bag_decrypt}
-@deftypefun {int} {gnutls_pkcs12_bag_decrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass})
-@var{bag}: The bag
-
-@var{pass}: The password used for encryption. This can only be ASCII.
-
-This function will decrypt the given encrypted bag and return 0 on success.
-@end deftypefun
-
-@subheading gnutls_pkcs12_bag_encrypt
-@anchor{gnutls_pkcs12_bag_encrypt}
-@deftypefun {int} {gnutls_pkcs12_bag_encrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}, unsigned int @var{flags})
-@var{bag}: The bag
-
-@var{pass}: The password used for encryption. This can only be ASCII.
-
-@var{flags}: should be one of gnutls_pkcs_encrypt_flags_t elements bitwise or'd
-
-This function will encrypt the given bag and return 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_dn_by_oid
-@anchor{gnutls_x509_crt_set_dn_by_oid}
-@deftypefun {int} {gnutls_x509_crt_set_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{oid}: holds an Object Identifier in a null terminated string
-
-@var{raw_flag}: must be 0, or 1 if the data are DER encoded
-
-@var{name}: a pointer to the name
-
-@var{sizeof_name}: holds the size of @code{name}
-
-This function will set the part of the name of the Certificate subject, specified
-by the given OID. The input string should be ASCII or UTF-8 encoded.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-With this function you can only set the known OIDs. You can test
-for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are
-not known (by gnutls) you should properly DER encode your data, and
-call this function with raw_flag set.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_issuer_dn_by_oid
-@anchor{gnutls_x509_crt_set_issuer_dn_by_oid}
-@deftypefun {int} {gnutls_x509_crt_set_issuer_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{oid}: holds an Object Identifier in a null terminated string
-
-@var{raw_flag}: must be 0, or 1 if the data are DER encoded
-
-@var{name}: a pointer to the name
-
-@var{sizeof_name}: holds the size of @code{name}
-
-This function will set the part of the name of the Certificate issuer, specified
-by the given OID. The input string should be ASCII or UTF-8 encoded.
-
-Some helper macros with popular OIDs can be found in gnutls/x509.h
-With this function you can only set the known OIDs. You can test
-for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are
-not known (by gnutls) you should properly DER encode your data, and
-call this function with raw_flag set.
-
-Normally you do not need to call this function, since the signing
-operation will copy the signer's name as the issuer of the certificate.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_proxy_dn
-@anchor{gnutls_x509_crt_set_proxy_dn}
-@deftypefun {int} {gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})
-@var{crt}: a gnutls_x509_crt_t structure with the new proxy cert
-
-@var{eecrt}: the end entity certificate that will be issuing the proxy
-
-@var{raw_flag}: must be 0, or 1 if the CN is DER encoded
-
-@var{name}: a pointer to the CN name, may be NULL (but MUST then be added later)
-
-@var{sizeof_name}: holds the size of @code{name}
-
-This function will set the subject in @code{crt} to the end entity's
-@code{eecrt} subject name, and add a single Common Name component @code{name}
-of size @code{sizeof_name}. This corresponds to the required proxy
-certificate naming style. Note that if @code{name} is @code{NULL}, you MUST
-set it later by using @code{gnutls_x509_crt_set_dn_by_oid()} or similar.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_version
-@anchor{gnutls_x509_crt_set_version}
-@deftypefun {int} {gnutls_x509_crt_set_version} (gnutls_x509_crt_t @var{crt}, unsigned int @var{version})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{version}: holds the version number. For X.509v1 certificates must be 1.
-
-This function will set the version of the certificate. This must
-be one for X.509 version 1, and so on. Plain certificates without
-extensions must have version set to one.
-
-To create well-formed certificates, you must specify version 3 if
-you use any certificate extensions. Extensions are created by
-functions such as gnutls_x509_crt_set_subject_alternative_name or
-gnutls_x509_crt_set_key_usage.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_key
-@anchor{gnutls_x509_crt_set_key}
-@deftypefun {int} {gnutls_x509_crt_set_key} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{key})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{key}: holds a private key
-
-This function will set the public parameters from the given private key to the
-certificate. Only RSA keys are currently supported.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_crq
-@anchor{gnutls_x509_crt_set_crq}
-@deftypefun {int} {gnutls_x509_crt_set_crq} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{crq}: holds a certificate request
-
-This function will set the name and public parameters from the given certificate request to the
-certificate. Only RSA keys are currently supported.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_extension_by_oid
-@anchor{gnutls_x509_crt_set_extension_by_oid}
-@deftypefun {int} {gnutls_x509_crt_set_extension_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{oid}: holds an Object Identified in null terminated string
-
-@var{buf}: a pointer to a DER encoded data
-
-@var{sizeof_buf}: holds the size of @code{buf}
-
-@var{critical}: should be non zero if the extension is to be marked as critical
-
-This function will set an the extension, by the specified OID, in the certificate.
-The extension data should be binary data DER encoded.
-
-Returns 0 on success and a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_basic_constraints
-@anchor{gnutls_x509_crt_set_basic_constraints}
-@deftypefun {int} {gnutls_x509_crt_set_basic_constraints} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}, int @var{pathLenConstraint})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{ca}: true(1) or false(0). Depending on the Certificate authority status.
-
-@var{pathLenConstraint}: non-negative values indicate maximum length of path,
-and negative values indicate that the pathLenConstraints field should
-not be present.
-
-This function will set the basicConstraints certificate extension.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_ca_status
-@anchor{gnutls_x509_crt_set_ca_status}
-@deftypefun {int} {gnutls_x509_crt_set_ca_status} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{ca}: true(1) or false(0). Depending on the Certificate authority status.
-
-This function will set the basicConstraints certificate extension.
-Use @code{gnutls_x509_crt_set_basic_constraints()} if you want to control
-the pathLenConstraint field too.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_key_usage
-@anchor{gnutls_x509_crt_set_key_usage}
-@deftypefun {int} {gnutls_x509_crt_set_key_usage} (gnutls_x509_crt_t @var{crt}, unsigned int @var{usage})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements.
-
-This function will set the keyUsage certificate extension.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_subject_alternative_name
-@anchor{gnutls_x509_crt_set_subject_alternative_name}
-@deftypefun {int} {gnutls_x509_crt_set_subject_alternative_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const char * @var{data_string})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations
-
-@var{data_string}: The data to be set
-
-This function will set the subject alternative name certificate extension.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_proxy
-@anchor{gnutls_x509_crt_set_proxy}
-@deftypefun {int} {gnutls_x509_crt_set_proxy} (gnutls_x509_crt_t @var{crt}, int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{pathLenConstraint}: non-negative values indicate maximum length of path,
-and negative values indicate that the pathLenConstraints field should
-not be present.
-
-@var{policyLanguage}: OID describing the language of @code{policy}.
-
-@var{policy}: opaque byte array with policy language, can be @code{NULL}
-
-@var{sizeof_policy}: size of @code{policy}.
-
-This function will set the proxyCertInfo extension.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_sign2
-@anchor{gnutls_x509_crt_sign2}
-@deftypefun {int} {gnutls_x509_crt_sign2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{issuer}: is the certificate of the certificate issuer
-
-@var{issuer_key}: holds the issuer's private key
-
-@var{dig}: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
-
-@var{flags}: must be 0
-
-This function will sign the certificate with the issuer's private key, and
-will copy the issuer's information into the certificate.
-
-This must be the last step in a certificate generation since all
-the previously set parameters are now signed.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_sign
-@anchor{gnutls_x509_crt_sign}
-@deftypefun {int} {gnutls_x509_crt_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{issuer}: is the certificate of the certificate issuer
-
-@var{issuer_key}: holds the issuer's private key
-
-This function is the same a @code{gnutls_x509_crt_sign2()} with no flags, and
-SHA1 as the hash algorithm.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_activation_time
-@anchor{gnutls_x509_crt_set_activation_time}
-@deftypefun {int} {gnutls_x509_crt_set_activation_time} (gnutls_x509_crt_t @var{cert}, time_t @var{act_time})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{act_time}: The actual time
-
-This function will set the time this Certificate was or will be activated.
-
-Returns 0 on success, or a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_expiration_time
-@anchor{gnutls_x509_crt_set_expiration_time}
-@deftypefun {int} {gnutls_x509_crt_set_expiration_time} (gnutls_x509_crt_t @var{cert}, time_t @var{exp_time})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{exp_time}: The actual time
-
-This function will set the time this Certificate will expire.
-
-Returns 0 on success, or a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_serial
-@anchor{gnutls_x509_crt_set_serial}
-@deftypefun {int} {gnutls_x509_crt_set_serial} (gnutls_x509_crt_t @var{cert}, const void * @var{serial}, size_t @var{serial_size})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{serial}: The serial number
-
-@var{serial_size}: Holds the size of the serial field.
-
-This function will set the X.509 certificate's serial number.
-Serial is not always a 32 or 64bit number. Some CAs use
-large serial numbers, thus it may be wise to handle it as something
-opaque.
-
-Returns 0 on success, or a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_crl_dist_points
-@anchor{gnutls_x509_crt_set_crl_dist_points}
-@deftypefun {int} {gnutls_x509_crt_set_crl_dist_points} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data_string}, unsigned int @var{reason_flags})
-@var{crt}: should contain a gnutls_x509_crt_t structure
-
-@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations
-
-@var{data_string}: The data to be set
-
-@var{reason_flags}: revocation reasons
-
-This function will set the CRL distribution points certificate extension.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_cpy_crl_dist_points
-@anchor{gnutls_x509_crt_cpy_crl_dist_points}
-@deftypefun {int} {gnutls_x509_crt_cpy_crl_dist_points} (gnutls_x509_crt_t @var{dst}, gnutls_x509_crt_t @var{src})
-@var{dst}: should contain a gnutls_x509_crt_t structure
-
-@var{src}: the certificate where the dist points will be copied from
-
-This function will copy the CRL distribution points certificate
-extension, from the source to the destination certificate.
-This may be useful to copy from a CA certificate to issued ones.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_subject_key_id
-@anchor{gnutls_x509_crt_set_subject_key_id}
-@deftypefun {int} {gnutls_x509_crt_set_subject_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{id}: The key ID
-
-@var{id_size}: Holds the size of the serial field.
-
-This function will set the X.509 certificate's subject key ID extension.
-
-Returns 0 on success, or a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_authority_key_id
-@anchor{gnutls_x509_crt_set_authority_key_id}
-@deftypefun {int} {gnutls_x509_crt_set_authority_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{id}: The key ID
-
-@var{id_size}: Holds the size of the serial field.
-
-This function will set the X.509 certificate's authority key ID extension.
-Only the keyIdentifier field can be set with this function.
-
-Returns 0 on success, or a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_set_key_purpose_oid
-@anchor{gnutls_x509_crt_set_key_purpose_oid}
-@deftypefun {int} {gnutls_x509_crt_set_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, const void * @var{oid}, unsigned int @var{critical})
-@var{cert}: should contain a gnutls_x509_crt_t structure
-
-@var{oid}: a pointer to a null terminated string that holds the OID
-
-@var{critical}: Whether this extension will be critical or not
-
-This function will set the key purpose OIDs of the Certificate.
-These are stored in the Extended Key Usage extension (2.5.29.37)
-See the GNUTLS_KP_* definitions for human readable names.
-
-Subsequent calls to this function will append OIDs to the OID list.
-
-On success 0 is returned.
-@end deftypefun
-
-@subheading gnutls_x509_crl_set_version
-@anchor{gnutls_x509_crl_set_version}
-@deftypefun {int} {gnutls_x509_crl_set_version} (gnutls_x509_crl_t @var{crl}, unsigned int @var{version})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{version}: holds the version number. For CRLv1 crls must be 1.
-
-This function will set the version of the CRL. This
-must be one for CRL version 1, and so on. The CRLs generated
-by gnutls should have a version number of 2.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crl_sign2
-@anchor{gnutls_x509_crl_sign2}
-@deftypefun {int} {gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{issuer}: is the certificate of the certificate issuer
-
-@var{issuer_key}: holds the issuer's private key
-
-@var{dig}: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
-
-@var{flags}: must be 0
-
-This function will sign the CRL with the issuer's private key, and
-will copy the issuer's information into the CRL.
-
-This must be the last step in a certificate CRL since all
-the previously set parameters are now signed.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crl_sign
-@anchor{gnutls_x509_crl_sign}
-@deftypefun {int} {gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{issuer}: is the certificate of the certificate issuer
-
-@var{issuer_key}: holds the issuer's private key
-
-This function is the same a @code{gnutls_x509_crl_sign2()} with no flags, and
-SHA1 as the hash algorithm.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crl_set_this_update
-@anchor{gnutls_x509_crl_set_this_update}
-@deftypefun {int} {gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t @var{crl}, time_t @var{act_time})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{act_time}: The actual time
-
-This function will set the time this CRL was issued.
-
-Returns 0 on success, or a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crl_set_next_update
-@anchor{gnutls_x509_crl_set_next_update}
-@deftypefun {int} {gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t @var{crl}, time_t @var{exp_time})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{exp_time}: The actual time
-
-This function will set the time this CRL will be updated.
-
-Returns 0 on success, or a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crl_set_crt_serial
-@anchor{gnutls_x509_crl_set_crt_serial}
-@deftypefun {int} {gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t @var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t @var{revocation_time})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{serial}: The revoked certificate's serial number
-
-@var{serial_size}: Holds the size of the serial field.
-
-@var{revocation_time}: The time this certificate was revoked
-
-This function will set a revoked certificate's serial number to the CRL.
-
-Returns 0 on success, or a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crl_set_crt
-@anchor{gnutls_x509_crl_set_crt}
-@deftypefun {int} {gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time})
-@var{crl}: should contain a gnutls_x509_crl_t structure
-
-@var{crt}: should contain a gnutls_x509_crt_t structure with the revoked certificate
-
-@var{revocation_time}: The time this certificate was revoked
-
-This function will set a revoked certificate's serial number to the CRL.
-
-Returns 0 on success, or a negative value in case of an error.
-@end deftypefun
-
-@subheading gnutls_x509_crt_print
-@anchor{gnutls_x509_crt_print}
-@deftypefun {int} {gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
-@var{cert}: The structure to be printed
-
-@var{format}: Indicate the format to use
-
-@var{out}: Newly allocated datum with zero terminated string.
-
-This function will pretty print a X.509 certificate, suitable for
-display to a human.
-
-If the format is @code{GNUTLS_X509_CRT_FULL} then all fields of the
-certificate will be output, on multiple lines. The
-@code{GNUTLS_X509_CRT_ONELINE} format will generate one line with some
-selected fields, which is useful for logging purposes.
-
-The output @code{out} needs to be deallocate using @code{gnutls_free()}.
-
-Returns 0 on success.
-@end deftypefun
-
-@subheading gnutls_x509_crl_print
-@anchor{gnutls_x509_crl_print}
-@deftypefun {int} {gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
-@var{crl}: The structure to be printed
-
-@var{format}: Indicate the format to use
-
-@var{out}: Newly allocated datum with zero terminated string.
-
-This function will pretty print a X.509 certificate revocation
-list, suitable for display to a human.
-
-The output @code{out} needs to be deallocate using @code{gnutls_free()}.
-
-Returns 0 on success.
-@end deftypefun
-
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c
@@ -328,87 +328,6 @@ MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert,
}
-static int
-MHD__gnutls_x509_crt_get_raw_dn2 (MHD_gnutls_x509_crt_t cert,
- const char *whom,
- MHD_gnutls_datum_t * start)
-{
- ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
- int result, len1;
- int start1, end1;
- MHD_gnutls_datum_t signed_data = { NULL,
- 0
- };
-
- /* get the issuer of 'cert'
- */
- if ((result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (),
- "PKIX1.TBSCertificate",
- &c2)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
- &signed_data);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- result =
- MHD__asn1_der_decoding (&c2, signed_data.data, signed_data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&c2);
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- result =
- MHD__asn1_der_decoding_startEnd (c2, signed_data.data, signed_data.size,
- whom, &start1, &end1);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- len1 = end1 - start1 + 1;
-
- MHD__gnutls_set_datum (start, &signed_data.data[start1], len1);
-
- result = 0;
-
-cleanup:MHD__asn1_delete_structure (&c2);
- MHD__gnutls_free_datum (&signed_data);
- return result;
-}
-
-/**
- * MHD_gnutls_x509_crt_get_raw_dn - This function returns the subject's DN DER encoded
- * @cert: should contain a MHD_gnutls_x509_crt_t structure
- * @start: will hold the starting point of the DN
- *
- * This function will return a pointer to the DER encoded DN structure and
- * the length.
- *
- * Returns 0 on success, or a negative value on error.
- *
- **/
-int
-MHD_gnutls_x509_crt_get_raw_dn (MHD_gnutls_x509_crt_t cert,
- MHD_gnutls_datum_t * start)
-{
- return MHD__gnutls_x509_crt_get_raw_dn2 (cert, "subject", start);
-}
-
/**
* MHD_gnutls_x509_crt_export - This function will export the certificate
* @cert: Holds the certificate
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h
@@ -193,8 +193,6 @@ extern "C"
format, MHD_gnutls_datum_t * out);
/* Access to internal Certificate fields.
*/
- int MHD_gnutls_x509_crt_get_raw_dn (MHD_gnutls_x509_crt_t cert,
- MHD_gnutls_datum_t * start);
typedef void *MHD_gnutls_x509_dn_t;
