diff options
Diffstat (limited to 'src/daemon/https/x509/x509-api.texi')
-rw-r--r-- | src/daemon/https/x509/x509-api.texi | 2943 |
1 files changed, 0 insertions, 2943 deletions
diff --git a/src/daemon/https/x509/x509-api.texi b/src/daemon/https/x509/x509-api.texi deleted file mode 100644 index f4dd35b9..00000000 --- a/src/daemon/https/x509/x509-api.texi +++ /dev/null | |||
@@ -1,2943 +0,0 @@ | |||
1 | |||
2 | @subheading gnutls_x509_crl_init | ||
3 | @anchor{gnutls_x509_crl_init} | ||
4 | @deftypefun {int} {gnutls_x509_crl_init} (gnutls_x509_crl_t * @var{crl}) | ||
5 | @var{crl}: The structure to be initialized | ||
6 | |||
7 | This function will initialize a CRL structure. CRL stands for | ||
8 | Certificate Revocation List. A revocation list usually contains | ||
9 | lists of certificate serial numbers that have been revoked | ||
10 | by an Authority. The revocation lists are always signed with | ||
11 | the authority's private key. | ||
12 | |||
13 | Returns 0 on success. | ||
14 | @end deftypefun | ||
15 | |||
16 | @subheading gnutls_x509_crl_deinit | ||
17 | @anchor{gnutls_x509_crl_deinit} | ||
18 | @deftypefun {void} {gnutls_x509_crl_deinit} (gnutls_x509_crl_t @var{crl}) | ||
19 | @var{crl}: The structure to be initialized | ||
20 | |||
21 | This function will deinitialize a CRL structure. | ||
22 | @end deftypefun | ||
23 | |||
24 | @subheading gnutls_x509_crl_import | ||
25 | @anchor{gnutls_x509_crl_import} | ||
26 | @deftypefun {int} {gnutls_x509_crl_import} (gnutls_x509_crl_t @var{crl}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) | ||
27 | @var{crl}: The structure to store the parsed CRL. | ||
28 | |||
29 | @var{data}: The DER or PEM encoded CRL. | ||
30 | |||
31 | @var{format}: One of DER or PEM | ||
32 | |||
33 | This function will convert the given DER or PEM encoded CRL | ||
34 | to the native gnutls_x509_crl_t format. The output will be stored in 'crl'. | ||
35 | |||
36 | If the CRL is PEM encoded it should have a header of "X509 CRL". | ||
37 | |||
38 | Returns 0 on success. | ||
39 | @end deftypefun | ||
40 | |||
41 | @subheading gnutls_x509_crl_get_issuer_dn | ||
42 | @anchor{gnutls_x509_crl_get_issuer_dn} | ||
43 | @deftypefun {int} {gnutls_x509_crl_get_issuer_dn} (const gnutls_x509_crl_t @var{crl}, char * @var{buf}, size_t * @var{sizeof_buf}) | ||
44 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
45 | |||
46 | @var{buf}: a pointer to a structure to hold the peer's name (may be null) | ||
47 | |||
48 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
49 | |||
50 | This function will copy the name of the CRL issuer in the provided buffer. The name | ||
51 | will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output | ||
52 | string will be ASCII or UTF-8 encoded, depending on the certificate data. | ||
53 | |||
54 | If buf is null then only the size will be filled. | ||
55 | |||
56 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and | ||
57 | in that case the sizeof_buf will be updated with the required size, and | ||
58 | 0 on success. | ||
59 | @end deftypefun | ||
60 | |||
61 | @subheading gnutls_x509_crl_get_issuer_dn_by_oid | ||
62 | @anchor{gnutls_x509_crl_get_issuer_dn_by_oid} | ||
63 | @deftypefun {int} {gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t @var{crl}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf}) | ||
64 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
65 | |||
66 | @var{oid}: holds an Object Identified in null terminated string | ||
67 | |||
68 | @var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. | ||
69 | |||
70 | @var{raw_flag}: If non zero returns the raw DER data of the DN part. | ||
71 | |||
72 | @var{buf}: a pointer to a structure to hold the peer's name (may be null) | ||
73 | |||
74 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
75 | |||
76 | This function will extract the part of the name of the CRL issuer specified | ||
77 | by the given OID. The output will be encoded as described in RFC2253. The output | ||
78 | string will be ASCII or UTF-8 encoded, depending on the certificate data. | ||
79 | |||
80 | Some helper macros with popular OIDs can be found in gnutls/x509.h | ||
81 | If raw flag is zero, this function will only return known OIDs as text. Other OIDs | ||
82 | will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. | ||
83 | You can check about known OIDs using @code{gnutls_x509_dn_oid_known()}. | ||
84 | |||
85 | If buf is null then only the size will be filled. | ||
86 | |||
87 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and | ||
88 | in that case the sizeof_buf will be updated with the required size, | ||
89 | and 0 on success. | ||
90 | @end deftypefun | ||
91 | |||
92 | @subheading gnutls_x509_crl_get_dn_oid | ||
93 | @anchor{gnutls_x509_crl_get_dn_oid} | ||
94 | @deftypefun {int} {gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) | ||
95 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
96 | |||
97 | @var{indx}: Specifies which DN OID to send. Use zero to get the first one. | ||
98 | |||
99 | @var{oid}: a pointer to a structure to hold the name (may be null) | ||
100 | |||
101 | @var{sizeof_oid}: initially holds the size of 'oid' | ||
102 | |||
103 | This function will extract the requested OID of the name of the CRL issuer, specified | ||
104 | by the given index. | ||
105 | |||
106 | If oid is null then only the size will be filled. | ||
107 | |||
108 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and | ||
109 | in that case the sizeof_oid will be updated with the required size. | ||
110 | On success 0 is returned. | ||
111 | @end deftypefun | ||
112 | |||
113 | @subheading gnutls_x509_crl_get_signature_algorithm | ||
114 | @anchor{gnutls_x509_crl_get_signature_algorithm} | ||
115 | @deftypefun {int} {gnutls_x509_crl_get_signature_algorithm} (gnutls_x509_crl_t @var{crl}) | ||
116 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
117 | |||
118 | This function will return a value of the gnutls_sign_algorithm_t enumeration that | ||
119 | is the signature algorithm. | ||
120 | |||
121 | Returns a negative value on error. | ||
122 | @end deftypefun | ||
123 | |||
124 | @subheading gnutls_x509_crl_get_signature | ||
125 | @anchor{gnutls_x509_crl_get_signature} | ||
126 | @deftypefun {int} {gnutls_x509_crl_get_signature} (gnutls_x509_crl_t @var{crl}, char * @var{sig}, size_t * @var{sizeof_sig}) | ||
127 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
128 | |||
129 | @var{sig}: a pointer where the signature part will be copied (may be null). | ||
130 | |||
131 | @var{sizeof_sig}: initially holds the size of @code{sig} | ||
132 | |||
133 | This function will extract the signature field of a CRL. | ||
134 | |||
135 | Returns 0 on success, and a negative value on error. | ||
136 | @end deftypefun | ||
137 | |||
138 | @subheading gnutls_x509_crl_get_version | ||
139 | @anchor{gnutls_x509_crl_get_version} | ||
140 | @deftypefun {int} {gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl}) | ||
141 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
142 | |||
143 | This function will return the version of the specified CRL. | ||
144 | |||
145 | Returns a negative value on error. | ||
146 | @end deftypefun | ||
147 | |||
148 | @subheading gnutls_x509_crl_get_this_update | ||
149 | @anchor{gnutls_x509_crl_get_this_update} | ||
150 | @deftypefun {time_t} {gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t @var{crl}) | ||
151 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
152 | |||
153 | This function will return the time this CRL was issued. | ||
154 | |||
155 | Returns (time_t)-1 on error. | ||
156 | @end deftypefun | ||
157 | |||
158 | @subheading gnutls_x509_crl_get_next_update | ||
159 | @anchor{gnutls_x509_crl_get_next_update} | ||
160 | @deftypefun {time_t} {gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t @var{crl}) | ||
161 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
162 | |||
163 | This function will return the time the next CRL will be issued. | ||
164 | This field is optional in a CRL so it might be normal to get | ||
165 | an error instead. | ||
166 | |||
167 | Returns (time_t)-1 on error. | ||
168 | @end deftypefun | ||
169 | |||
170 | @subheading gnutls_x509_crl_get_crt_count | ||
171 | @anchor{gnutls_x509_crl_get_crt_count} | ||
172 | @deftypefun {int} {gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t @var{crl}) | ||
173 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
174 | |||
175 | This function will return the number of revoked certificates in the | ||
176 | given CRL. | ||
177 | |||
178 | Returns a negative value on failure. | ||
179 | @end deftypefun | ||
180 | |||
181 | @subheading gnutls_x509_crl_get_crt_serial | ||
182 | @anchor{gnutls_x509_crl_get_crt_serial} | ||
183 | @deftypefun {int} {gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t @var{crl}, int @var{indx}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) | ||
184 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
185 | |||
186 | @var{indx}: the index of the certificate to extract (starting from 0) | ||
187 | |||
188 | @var{serial}: where the serial number will be copied | ||
189 | |||
190 | @var{serial_size}: initially holds the size of serial | ||
191 | |||
192 | @var{t}: if non null, will hold the time this certificate was revoked | ||
193 | |||
194 | This function will return the serial number of the specified, by | ||
195 | the index, revoked certificate. | ||
196 | |||
197 | Returns a negative value on failure. | ||
198 | @end deftypefun | ||
199 | |||
200 | @subheading gnutls_x509_crl_export | ||
201 | @anchor{gnutls_x509_crl_export} | ||
202 | @deftypefun {int} {gnutls_x509_crl_export} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) | ||
203 | @var{crl}: Holds the revocation list | ||
204 | |||
205 | @var{format}: the format of output params. One of PEM or DER. | ||
206 | |||
207 | @var{output_data}: will contain a private key PEM or DER encoded | ||
208 | |||
209 | @var{output_data_size}: holds the size of output_data (and will be replaced by the actual size of parameters) | ||
210 | |||
211 | This function will export the revocation list to DER or PEM format. | ||
212 | |||
213 | If the buffer provided is not long enough to hold the output, then | ||
214 | GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. | ||
215 | |||
216 | If the structure is PEM encoded, it will have a header | ||
217 | of "BEGIN X509 CRL". | ||
218 | |||
219 | Returns 0 on success, and a negative value on failure. | ||
220 | @end deftypefun | ||
221 | |||
222 | @subheading gnutls_x509_rdn_get | ||
223 | @anchor{gnutls_x509_rdn_get} | ||
224 | @deftypefun {int} {gnutls_x509_rdn_get} (const gnutls_datum_t * @var{idn}, char * @var{buf}, size_t * @var{sizeof_buf}) | ||
225 | @var{idn}: should contain a DER encoded RDN sequence | ||
226 | |||
227 | @var{buf}: a pointer to a structure to hold the peer's name | ||
228 | |||
229 | @var{sizeof_buf}: holds the size of @code{buf} | ||
230 | |||
231 | This function will return the name of the given RDN sequence. The | ||
232 | name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in | ||
233 | RFC2253. | ||
234 | |||
235 | If the provided buffer is not long enough, returns | ||
236 | GNUTLS_E_SHORT_MEMORY_BUFFER and *sizeof_buf will be updated. On | ||
237 | success 0 is returned. | ||
238 | @end deftypefun | ||
239 | |||
240 | @subheading gnutls_x509_rdn_get_by_oid | ||
241 | @anchor{gnutls_x509_rdn_get_by_oid} | ||
242 | @deftypefun {int} {gnutls_x509_rdn_get_by_oid} (const gnutls_datum_t * @var{idn}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf}) | ||
243 | @var{idn}: should contain a DER encoded RDN sequence | ||
244 | |||
245 | @var{oid}: an Object Identifier | ||
246 | |||
247 | @var{indx}: In case multiple same OIDs exist in the RDN indicates which | ||
248 | to send. Use 0 for the first one. | ||
249 | |||
250 | @var{raw_flag}: If non zero then the raw DER data are returned. | ||
251 | |||
252 | @var{buf}: a pointer to a structure to hold the peer's name | ||
253 | |||
254 | @var{sizeof_buf}: holds the size of @code{buf} | ||
255 | |||
256 | This function will return the name of the given Object identifier, | ||
257 | of the RDN sequence. The name will be encoded using the rules | ||
258 | from RFC2253. | ||
259 | |||
260 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER and updates *sizeof_buf if | ||
261 | the provided buffer is not long enough, and 0 on success. | ||
262 | @end deftypefun | ||
263 | |||
264 | @subheading gnutls_x509_rdn_get_oid | ||
265 | @anchor{gnutls_x509_rdn_get_oid} | ||
266 | @deftypefun {int} {gnutls_x509_rdn_get_oid} (const gnutls_datum_t * @var{idn}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf}) | ||
267 | @var{idn}: should contain a DER encoded RDN sequence | ||
268 | |||
269 | @var{indx}: Indicates which OID to return. Use 0 for the first one. | ||
270 | |||
271 | This function will return the specified Object identifier, of the | ||
272 | RDN sequence. | ||
273 | |||
274 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER and updates *sizeof_buf if | ||
275 | the provided buffer is not long enough, and 0 on success. | ||
276 | @end deftypefun | ||
277 | |||
278 | @subheading gnutls_x509_dn_oid_known | ||
279 | @anchor{gnutls_x509_dn_oid_known} | ||
280 | @deftypefun {int} {gnutls_x509_dn_oid_known} (const char * @var{oid}) | ||
281 | @var{oid}: holds an Object Identifier in a null terminated string | ||
282 | |||
283 | This function will inform about known DN OIDs. This is useful since functions | ||
284 | like @code{gnutls_x509_crt_set_dn_by_oid()} use the information on known | ||
285 | OIDs to properly encode their input. Object Identifiers that are not | ||
286 | known are not encoded by these functions, and their input is stored directly | ||
287 | into the ASN.1 structure. In that case of unknown OIDs, you have | ||
288 | the responsibility of DER encoding your data. | ||
289 | |||
290 | Returns 1 on known OIDs and 0 otherwise. | ||
291 | @end deftypefun | ||
292 | |||
293 | @subheading gnutls_x509_crt_init | ||
294 | @anchor{gnutls_x509_crt_init} | ||
295 | @deftypefun {int} {gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert}) | ||
296 | @var{cert}: The structure to be initialized | ||
297 | |||
298 | This function will initialize an X.509 certificate structure. | ||
299 | |||
300 | Returns 0 on success. | ||
301 | @end deftypefun | ||
302 | |||
303 | @subheading gnutls_x509_crt_deinit | ||
304 | @anchor{gnutls_x509_crt_deinit} | ||
305 | @deftypefun {void} {gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert}) | ||
306 | @var{cert}: The structure to be initialized | ||
307 | |||
308 | This function will deinitialize a CRL structure. | ||
309 | @end deftypefun | ||
310 | |||
311 | @subheading gnutls_x509_crt_import | ||
312 | @anchor{gnutls_x509_crt_import} | ||
313 | @deftypefun {int} {gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) | ||
314 | @var{cert}: The structure to store the parsed certificate. | ||
315 | |||
316 | @var{data}: The DER or PEM encoded certificate. | ||
317 | |||
318 | @var{format}: One of DER or PEM | ||
319 | |||
320 | This function will convert the given DER or PEM encoded Certificate | ||
321 | to the native gnutls_x509_crt_t format. The output will be stored in @code{cert}. | ||
322 | |||
323 | If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or | ||
324 | "CERTIFICATE". | ||
325 | |||
326 | Returns 0 on success. | ||
327 | @end deftypefun | ||
328 | |||
329 | @subheading gnutls_x509_crt_get_issuer_dn | ||
330 | @anchor{gnutls_x509_crt_get_issuer_dn} | ||
331 | @deftypefun {int} {gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{sizeof_buf}) | ||
332 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
333 | |||
334 | @var{buf}: a pointer to a structure to hold the name (may be null) | ||
335 | |||
336 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
337 | |||
338 | This function will copy the name of the Certificate issuer in the | ||
339 | provided buffer. The name will be in the form | ||
340 | "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string | ||
341 | will be ASCII or UTF-8 encoded, depending on the certificate data. | ||
342 | |||
343 | If @code{buf} is null then only the size will be filled. | ||
344 | |||
345 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
346 | long enough, and in that case the *sizeof_buf will be updated with | ||
347 | the required size. On success 0 is returned. | ||
348 | @end deftypefun | ||
349 | |||
350 | @subheading gnutls_x509_crt_get_issuer_dn_by_oid | ||
351 | @anchor{gnutls_x509_crt_get_issuer_dn_by_oid} | ||
352 | @deftypefun {int} {gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf}) | ||
353 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
354 | |||
355 | @var{oid}: holds an Object Identified in null terminated string | ||
356 | |||
357 | @var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. | ||
358 | |||
359 | @var{raw_flag}: If non zero returns the raw DER data of the DN part. | ||
360 | |||
361 | @var{buf}: a pointer to a structure to hold the name (may be null) | ||
362 | |||
363 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
364 | |||
365 | This function will extract the part of the name of the Certificate | ||
366 | issuer specified by the given OID. The output, if the raw flag is not | ||
367 | used, will be encoded as described in RFC2253. Thus a string that is | ||
368 | ASCII or UTF-8 encoded, depending on the certificate data. | ||
369 | |||
370 | Some helper macros with popular OIDs can be found in gnutls/x509.h | ||
371 | If raw flag is zero, this function will only return known OIDs as | ||
372 | text. Other OIDs will be DER encoded, as described in RFC2253 -- | ||
373 | in hex format with a '\#' prefix. You can check about known OIDs | ||
374 | using @code{gnutls_x509_dn_oid_known()}. | ||
375 | |||
376 | If @code{buf} is null then only the size will be filled. | ||
377 | |||
378 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
379 | long enough, and in that case the *sizeof_buf will be updated with | ||
380 | the required size. On success 0 is returned. | ||
381 | @end deftypefun | ||
382 | |||
383 | @subheading gnutls_x509_crt_get_issuer_dn_oid | ||
384 | @anchor{gnutls_x509_crt_get_issuer_dn_oid} | ||
385 | @deftypefun {int} {gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) | ||
386 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
387 | |||
388 | @var{indx}: This specifies which OID to return. Use zero to get the first one. | ||
389 | |||
390 | @var{oid}: a pointer to a buffer to hold the OID (may be null) | ||
391 | |||
392 | @var{sizeof_oid}: initially holds the size of @code{oid} | ||
393 | |||
394 | This function will extract the OIDs of the name of the Certificate | ||
395 | issuer specified by the given index. | ||
396 | |||
397 | If @code{oid} is null then only the size will be filled. | ||
398 | |||
399 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
400 | long enough, and in that case the *sizeof_oid will be updated with | ||
401 | the required size. On success 0 is returned. | ||
402 | @end deftypefun | ||
403 | |||
404 | @subheading gnutls_x509_crt_get_dn | ||
405 | @anchor{gnutls_x509_crt_get_dn} | ||
406 | @deftypefun {int} {gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{sizeof_buf}) | ||
407 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
408 | |||
409 | @var{buf}: a pointer to a structure to hold the name (may be null) | ||
410 | |||
411 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
412 | |||
413 | This function will copy the name of the Certificate in the | ||
414 | provided buffer. The name will be in the form | ||
415 | "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string | ||
416 | will be ASCII or UTF-8 encoded, depending on the certificate data. | ||
417 | |||
418 | If @code{buf} is null then only the size will be filled. | ||
419 | |||
420 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
421 | long enough, and in that case the *sizeof_buf will be updated with | ||
422 | the required size. On success 0 is returned. | ||
423 | @end deftypefun | ||
424 | |||
425 | @subheading gnutls_x509_crt_get_dn_by_oid | ||
426 | @anchor{gnutls_x509_crt_get_dn_by_oid} | ||
427 | @deftypefun {int} {gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf}) | ||
428 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
429 | |||
430 | @var{oid}: holds an Object Identified in null terminated string | ||
431 | |||
432 | @var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. | ||
433 | |||
434 | @var{raw_flag}: If non zero returns the raw DER data of the DN part. | ||
435 | |||
436 | @var{buf}: a pointer where the DN part will be copied (may be null). | ||
437 | |||
438 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
439 | |||
440 | This function will extract the part of the name of the Certificate | ||
441 | subject specified by the given OID. The output, if the raw flag is not | ||
442 | used, will be encoded as described in RFC2253. Thus a string that is | ||
443 | ASCII or UTF-8 encoded, depending on the certificate data. | ||
444 | |||
445 | Some helper macros with popular OIDs can be found in gnutls/x509.h | ||
446 | If raw flag is zero, this function will only return known OIDs as | ||
447 | text. Other OIDs will be DER encoded, as described in RFC2253 -- | ||
448 | in hex format with a '\#' prefix. You can check about known OIDs | ||
449 | using @code{gnutls_x509_dn_oid_known()}. | ||
450 | |||
451 | If @code{buf} is null then only the size will be filled. | ||
452 | |||
453 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
454 | long enough, and in that case the *sizeof_buf will be updated with | ||
455 | the required size. On success 0 is returned. | ||
456 | @end deftypefun | ||
457 | |||
458 | @subheading gnutls_x509_crt_get_dn_oid | ||
459 | @anchor{gnutls_x509_crt_get_dn_oid} | ||
460 | @deftypefun {int} {gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) | ||
461 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
462 | |||
463 | @var{indx}: This specifies which OID to return. Use zero to get the first one. | ||
464 | |||
465 | @var{oid}: a pointer to a buffer to hold the OID (may be null) | ||
466 | |||
467 | @var{sizeof_oid}: initially holds the size of @code{oid} | ||
468 | |||
469 | This function will extract the OIDs of the name of the Certificate | ||
470 | subject specified by the given index. | ||
471 | |||
472 | If oid is null then only the size will be filled. | ||
473 | |||
474 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
475 | long enough, and in that case the *sizeof_oid will be updated with | ||
476 | the required size. On success 0 is returned. | ||
477 | @end deftypefun | ||
478 | |||
479 | @subheading gnutls_x509_crt_get_signature_algorithm | ||
480 | @anchor{gnutls_x509_crt_get_signature_algorithm} | ||
481 | @deftypefun {int} {gnutls_x509_crt_get_signature_algorithm} (gnutls_x509_crt_t @var{cert}) | ||
482 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
483 | |||
484 | This function will return a value of the gnutls_sign_algorithm_t enumeration that | ||
485 | is the signature algorithm. | ||
486 | |||
487 | Returns a negative value on error. | ||
488 | @end deftypefun | ||
489 | |||
490 | @subheading gnutls_x509_crt_get_signature | ||
491 | @anchor{gnutls_x509_crt_get_signature} | ||
492 | @deftypefun {int} {gnutls_x509_crt_get_signature} (gnutls_x509_crt_t @var{cert}, char * @var{sig}, size_t * @var{sizeof_sig}) | ||
493 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
494 | |||
495 | @var{sig}: a pointer where the signature part will be copied (may be null). | ||
496 | |||
497 | @var{sizeof_sig}: initially holds the size of @code{sig} | ||
498 | |||
499 | This function will extract the signature field of a certificate. | ||
500 | |||
501 | Returns 0 on success, and a negative value on error. | ||
502 | @end deftypefun | ||
503 | |||
504 | @subheading gnutls_x509_crt_get_version | ||
505 | @anchor{gnutls_x509_crt_get_version} | ||
506 | @deftypefun {int} {gnutls_x509_crt_get_version} (gnutls_x509_crt_t @var{cert}) | ||
507 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
508 | |||
509 | This function will return the version of the specified Certificate. | ||
510 | |||
511 | Returns a negative value on error. | ||
512 | @end deftypefun | ||
513 | |||
514 | @subheading gnutls_x509_crt_get_activation_time | ||
515 | @anchor{gnutls_x509_crt_get_activation_time} | ||
516 | @deftypefun {time_t} {gnutls_x509_crt_get_activation_time} (gnutls_x509_crt_t @var{cert}) | ||
517 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
518 | |||
519 | This function will return the time this Certificate was or will be activated. | ||
520 | |||
521 | Returns (time_t)-1 on error. | ||
522 | @end deftypefun | ||
523 | |||
524 | @subheading gnutls_x509_crt_get_expiration_time | ||
525 | @anchor{gnutls_x509_crt_get_expiration_time} | ||
526 | @deftypefun {time_t} {gnutls_x509_crt_get_expiration_time} (gnutls_x509_crt_t @var{cert}) | ||
527 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
528 | |||
529 | This function will return the time this Certificate was or will be expired. | ||
530 | |||
531 | Returns (time_t)-1 on error. | ||
532 | @end deftypefun | ||
533 | |||
534 | @subheading gnutls_x509_crt_get_serial | ||
535 | @anchor{gnutls_x509_crt_get_serial} | ||
536 | @deftypefun {int} {gnutls_x509_crt_get_serial} (gnutls_x509_crt_t @var{cert}, void * @var{result}, size_t * @var{result_size}) | ||
537 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
538 | |||
539 | @var{result}: The place where the serial number will be copied | ||
540 | |||
541 | @var{result_size}: Holds the size of the result field. | ||
542 | |||
543 | This function will return the X.509 certificate's serial number. | ||
544 | This is obtained by the X509 Certificate serialNumber | ||
545 | field. Serial is not always a 32 or 64bit number. Some CAs use | ||
546 | large serial numbers, thus it may be wise to handle it as something | ||
547 | opaque. | ||
548 | |||
549 | Returns 0 on success and a negative value in case of an error. | ||
550 | @end deftypefun | ||
551 | |||
552 | @subheading gnutls_x509_crt_get_subject_key_id | ||
553 | @anchor{gnutls_x509_crt_get_subject_key_id} | ||
554 | @deftypefun {int} {gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) | ||
555 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
556 | |||
557 | @var{ret}: The place where the identifier will be copied | ||
558 | |||
559 | @var{ret_size}: Holds the size of the result field. | ||
560 | |||
561 | @var{critical}: will be non zero if the extension is marked as critical (may be null) | ||
562 | |||
563 | This function will return the X.509v3 certificate's subject key identifier. | ||
564 | This is obtained by the X.509 Subject Key identifier extension | ||
565 | field (2.5.29.14). | ||
566 | |||
567 | Returns 0 on success and a negative value in case of an error. | ||
568 | @end deftypefun | ||
569 | |||
570 | @subheading gnutls_x509_crt_get_authority_key_id | ||
571 | @anchor{gnutls_x509_crt_get_authority_key_id} | ||
572 | @deftypefun {int} {gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) | ||
573 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
574 | |||
575 | @var{critical}: will be non zero if the extension is marked as critical (may be null) | ||
576 | |||
577 | This function will return the X.509v3 certificate authority's key identifier. | ||
578 | This is obtained by the X.509 Authority Key identifier extension | ||
579 | field (2.5.29.35). Note that this function only returns the keyIdentifier | ||
580 | field of the extension. | ||
581 | |||
582 | Returns 0 on success and a negative value in case of an error. | ||
583 | @end deftypefun | ||
584 | |||
585 | @subheading gnutls_x509_crt_get_pk_algorithm | ||
586 | @anchor{gnutls_x509_crt_get_pk_algorithm} | ||
587 | @deftypefun {int} {gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{bits}) | ||
588 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
589 | |||
590 | @var{bits}: if bits is non null it will hold the size of the parameters' in bits | ||
591 | |||
592 | This function will return the public key algorithm of an X.509 | ||
593 | certificate. | ||
594 | |||
595 | If bits is non null, it should have enough size to hold the parameters | ||
596 | size in bits. For RSA the bits returned is the modulus. | ||
597 | For DSA the bits returned are of the public | ||
598 | exponent. | ||
599 | |||
600 | Returns a member of the gnutls_pk_algorithm_t enumeration on success, | ||
601 | or a negative value on error. | ||
602 | @end deftypefun | ||
603 | |||
604 | @subheading gnutls_x509_crt_get_subject_alt_name | ||
605 | @anchor{gnutls_x509_crt_get_subject_alt_name} | ||
606 | @deftypefun {int} {gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) | ||
607 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
608 | |||
609 | @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) | ||
610 | |||
611 | @var{ret}: is the place where the alternative name will be copied to | ||
612 | |||
613 | @var{ret_size}: holds the size of ret. | ||
614 | |||
615 | @var{critical}: will be non zero if the extension is marked as critical (may be null) | ||
616 | |||
617 | This function will return the alternative names, contained in the | ||
618 | given certificate. | ||
619 | |||
620 | This is specified in X509v3 Certificate Extensions. GNUTLS will | ||
621 | return the Alternative name (2.5.29.17), or a negative error code. | ||
622 | |||
623 | When the SAN type is otherName, it will extract the data in the | ||
624 | otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned. | ||
625 | You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get | ||
626 | the corresponding OID and the "virtual" SAN types (e.g., | ||
627 | @code{GNUTLS_SAN_OTHERNAME_XMPP}). | ||
628 | |||
629 | If an otherName OID is known, the data will be decoded. Otherwise | ||
630 | the returned data will be DER encoded, and you will have to decode | ||
631 | it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is | ||
632 | recognized. | ||
633 | |||
634 | Returns the alternative subject name type on success. The type is | ||
635 | one of the enumerated gnutls_x509_subject_alt_name_t. It will | ||
636 | return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large | ||
637 | enough to hold the value. In that case @code{ret_size} will be updated | ||
638 | with the required size. If the certificate does not have an | ||
639 | Alternative name with the specified sequence number then | ||
640 | @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. | ||
641 | @end deftypefun | ||
642 | |||
643 | @subheading gnutls_x509_crt_get_subject_alt_name2 | ||
644 | @anchor{gnutls_x509_crt_get_subject_alt_name2} | ||
645 | @deftypefun {int} {gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int* @var{ret_type}, unsigned int * @var{critical}) | ||
646 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
647 | |||
648 | @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) | ||
649 | |||
650 | @var{ret}: is the place where the alternative name will be copied to | ||
651 | |||
652 | @var{ret_size}: holds the size of ret. | ||
653 | |||
654 | @var{ret_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). | ||
655 | |||
656 | @var{critical}: will be non zero if the extension is marked as critical (may be null) | ||
657 | |||
658 | This function will return the alternative names, contained in the | ||
659 | given certificate. It is the same as @code{gnutls_x509_crt_get_subject_alt_name()} | ||
660 | except for the fact that it will return the type of the alternative | ||
661 | name in @code{ret_type} even if the function fails for some reason (i.e. | ||
662 | the buffer provided is not enough). | ||
663 | |||
664 | The return values are the same as with @code{gnutls_x509_crt_get_subject_alt_name()}. | ||
665 | @end deftypefun | ||
666 | |||
667 | @subheading gnutls_x509_crt_get_subject_alt_othername_oid | ||
668 | @anchor{gnutls_x509_crt_get_subject_alt_othername_oid} | ||
669 | @deftypefun {int} {gnutls_x509_crt_get_subject_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) | ||
670 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
671 | |||
672 | @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) | ||
673 | |||
674 | @var{ret}: is the place where the otherName OID will be copied to | ||
675 | |||
676 | @var{ret_size}: holds the size of ret. | ||
677 | |||
678 | This function will extract the type OID of an otherName Subject | ||
679 | Alternative Name, contained in the given certificate, and return | ||
680 | the type as an enumerated element. | ||
681 | |||
682 | This function is only useful if | ||
683 | @code{gnutls_x509_crt_get_subject_alt_name()} returned | ||
684 | @code{GNUTLS_SAN_OTHERNAME}. | ||
685 | |||
686 | Returns the alternative subject name type on success. The type is | ||
687 | one of the enumerated gnutls_x509_subject_alt_name_t. For | ||
688 | supported OIDs, it will return one of the virtual | ||
689 | (GNUTLS_SAN_OTHERNAME_*) types, e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP}, | ||
690 | and @code{GNUTLS_SAN_OTHERNAME} for unknown OIDs. It will return | ||
691 | @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough to | ||
692 | hold the value. In that case @code{ret_size} will be updated with the | ||
693 | required size. If the certificate does not have an Alternative | ||
694 | name with the specified sequence number and with the otherName type | ||
695 | then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. | ||
696 | @end deftypefun | ||
697 | |||
698 | @subheading gnutls_x509_crt_get_basic_constraints | ||
699 | @anchor{gnutls_x509_crt_get_basic_constraints} | ||
700 | @deftypefun {int} {gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{ca}, int * @var{pathlen}) | ||
701 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
702 | |||
703 | @var{critical}: will be non zero if the extension is marked as critical | ||
704 | |||
705 | @var{ca}: pointer to output integer indicating CA status, may be NULL, | ||
706 | value is 1 if the certificate CA flag is set, 0 otherwise. | ||
707 | |||
708 | @var{pathlen}: pointer to output integer indicating path length (may be | ||
709 | NULL), non-negative values indicate a present pathLenConstraint | ||
710 | field and the actual value, -1 indicate that the field is absent. | ||
711 | |||
712 | This function will read the certificate's basic constraints, and | ||
713 | return the certificates CA status. It reads the basicConstraints | ||
714 | X.509 extension (2.5.29.19). | ||
715 | |||
716 | @strong{Return value:} If the certificate is a CA a positive value will be | ||
717 | returned, or zero if the certificate does not have CA flag set. A | ||
718 | negative value may be returned in case of errors. If the | ||
719 | certificate does not contain the basicConstraints extension | ||
720 | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
721 | @end deftypefun | ||
722 | |||
723 | @subheading gnutls_x509_crt_get_ca_status | ||
724 | @anchor{gnutls_x509_crt_get_ca_status} | ||
725 | @deftypefun {int} {gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}) | ||
726 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
727 | |||
728 | @var{critical}: will be non zero if the extension is marked as critical | ||
729 | |||
730 | This function will return certificates CA status, by reading the | ||
731 | basicConstraints X.509 extension (2.5.29.19). If the certificate is | ||
732 | a CA a positive value will be returned, or zero if the certificate | ||
733 | does not have CA flag set. | ||
734 | |||
735 | Use @code{gnutls_x509_crt_get_basic_constraints()} if you want to read the | ||
736 | pathLenConstraint field too. | ||
737 | |||
738 | A negative value may be returned in case of parsing error. | ||
739 | If the certificate does not contain the basicConstraints extension | ||
740 | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
741 | @end deftypefun | ||
742 | |||
743 | @subheading gnutls_x509_crt_get_key_usage | ||
744 | @anchor{gnutls_x509_crt_get_key_usage} | ||
745 | @deftypefun {int} {gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) | ||
746 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
747 | |||
748 | @var{key_usage}: where the key usage bits will be stored | ||
749 | |||
750 | @var{critical}: will be non zero if the extension is marked as critical | ||
751 | |||
752 | This function will return certificate's key usage, by reading the | ||
753 | keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the: | ||
754 | GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION, | ||
755 | GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT, | ||
756 | GNUTLS_KEY_KEY_AGREEMENT, GNUTLS_KEY_KEY_CERT_SIGN, | ||
757 | GNUTLS_KEY_CRL_SIGN, GNUTLS_KEY_ENCIPHER_ONLY, | ||
758 | GNUTLS_KEY_DECIPHER_ONLY. | ||
759 | |||
760 | A negative value may be returned in case of parsing error. | ||
761 | If the certificate does not contain the keyUsage extension | ||
762 | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
763 | @end deftypefun | ||
764 | |||
765 | @subheading gnutls_x509_crt_get_proxy | ||
766 | @anchor{gnutls_x509_crt_get_proxy} | ||
767 | @deftypefun {int} {gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy}) | ||
768 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
769 | |||
770 | @var{critical}: will be non zero if the extension is marked as critical | ||
771 | |||
772 | @var{pathlen}: pointer to output integer indicating path length (may be | ||
773 | NULL), non-negative values indicate a present pCPathLenConstraint | ||
774 | field and the actual value, -1 indicate that the field is absent. | ||
775 | |||
776 | This function will read the certificate's basic constraints, and | ||
777 | return the certificates CA status. It reads the basicConstraints | ||
778 | X.509 extension (2.5.29.19). | ||
779 | |||
780 | @strong{Return value:} If the certificate is a CA a positive value will be | ||
781 | returned, or zero if the certificate does not have CA flag set. A | ||
782 | negative value may be returned in case of errors. If the | ||
783 | certificate does not contain the basicConstraints extension | ||
784 | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
785 | @end deftypefun | ||
786 | |||
787 | @subheading gnutls_x509_crt_get_extension_by_oid | ||
788 | @anchor{gnutls_x509_crt_get_extension_by_oid} | ||
789 | @deftypefun {int} {gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf}, unsigned int * @var{critical}) | ||
790 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
791 | |||
792 | @var{oid}: holds an Object Identified in null terminated string | ||
793 | |||
794 | @var{indx}: In case multiple same OIDs exist in the extensions, this specifies which to send. Use zero to get the first one. | ||
795 | |||
796 | @var{buf}: a pointer to a structure to hold the name (may be null) | ||
797 | |||
798 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
799 | |||
800 | @var{critical}: will be non zero if the extension is marked as critical | ||
801 | |||
802 | This function will return the extension specified by the OID in the certificate. | ||
803 | The extensions will be returned as binary data DER encoded, in the provided | ||
804 | buffer. | ||
805 | |||
806 | A negative value may be returned in case of parsing error. | ||
807 | If the certificate does not contain the specified extension | ||
808 | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
809 | @end deftypefun | ||
810 | |||
811 | @subheading gnutls_x509_crt_get_extension_oid | ||
812 | @anchor{gnutls_x509_crt_get_extension_oid} | ||
813 | @deftypefun {int} {gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) | ||
814 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
815 | |||
816 | @var{indx}: Specifies which extension OID to send. Use zero to get the first one. | ||
817 | |||
818 | @var{oid}: a pointer to a structure to hold the OID (may be null) | ||
819 | |||
820 | @var{sizeof_oid}: initially holds the size of @code{oid} | ||
821 | |||
822 | This function will return the requested extension OID in the certificate. | ||
823 | The extension OID will be stored as a string in the provided buffer. | ||
824 | |||
825 | A negative value may be returned in case of parsing error. | ||
826 | If your have reached the last extension available | ||
827 | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
828 | @end deftypefun | ||
829 | |||
830 | @subheading gnutls_x509_crt_get_extension_info | ||
831 | @anchor{gnutls_x509_crt_get_extension_info} | ||
832 | @deftypefun {int} {gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, int * @var{critical}) | ||
833 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
834 | |||
835 | @var{indx}: Specifies which extension OID to send. Use zero to get the first one. | ||
836 | |||
837 | @var{oid}: a pointer to a structure to hold the OID | ||
838 | |||
839 | @var{sizeof_oid}: initially holds the size of @code{oid} | ||
840 | |||
841 | @var{critical}: output variable with critical flag, may be NULL. | ||
842 | |||
843 | This function will return the requested extension OID in the | ||
844 | certificate, and the critical flag for it. The extension OID will | ||
845 | be stored as a string in the provided buffer. Use | ||
846 | @code{gnutls_x509_crt_get_extension_data()} to extract the data. | ||
847 | |||
848 | Return 0 on success. A negative value may be returned in case of | ||
849 | parsing error. If you have reached the last extension available | ||
850 | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
851 | @end deftypefun | ||
852 | |||
853 | @subheading gnutls_x509_crt_get_extension_data | ||
854 | @anchor{gnutls_x509_crt_get_extension_data} | ||
855 | @deftypefun {int} {gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) | ||
856 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
857 | |||
858 | @var{indx}: Specifies which extension OID to send. Use zero to get the first one. | ||
859 | |||
860 | @var{data}: a pointer to a structure to hold the data (may be null) | ||
861 | |||
862 | @var{sizeof_data}: initially holds the size of @code{oid} | ||
863 | |||
864 | This function will return the requested extension data in the | ||
865 | certificate. The extension data will be stored as a string in the | ||
866 | provided buffer. | ||
867 | |||
868 | Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID and | ||
869 | critical flag. Use @code{gnutls_x509_crt_get_extension_by_oid()} instead, | ||
870 | if you want to get data indexed by the extension OID rather than | ||
871 | sequence. | ||
872 | |||
873 | Return 0 on success. A negative value may be returned in case of | ||
874 | parsing error. If you have reached the last extension available | ||
875 | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
876 | @end deftypefun | ||
877 | |||
878 | @subheading gnutls_x509_crt_get_raw_issuer_dn | ||
879 | @anchor{gnutls_x509_crt_get_raw_issuer_dn} | ||
880 | @deftypefun {int} {gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{start}) | ||
881 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
882 | |||
883 | @var{start}: will hold the starting point of the DN | ||
884 | |||
885 | This function will return a pointer to the DER encoded DN structure | ||
886 | and the length. | ||
887 | |||
888 | Returns 0 on success or a negative value on error. | ||
889 | @end deftypefun | ||
890 | |||
891 | @subheading gnutls_x509_crt_get_raw_dn | ||
892 | @anchor{gnutls_x509_crt_get_raw_dn} | ||
893 | @deftypefun {int} {gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{start}) | ||
894 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
895 | |||
896 | @var{start}: will hold the starting point of the DN | ||
897 | |||
898 | This function will return a pointer to the DER encoded DN structure and | ||
899 | the length. | ||
900 | |||
901 | Returns 0 on success, or a negative value on error. | ||
902 | @end deftypefun | ||
903 | |||
904 | @subheading gnutls_x509_crt_get_subject | ||
905 | @anchor{gnutls_x509_crt_get_subject} | ||
906 | @deftypefun {int} {gnutls_x509_crt_get_subject} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) | ||
907 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
908 | |||
909 | @var{dn}: output variable with pointer to opaque DN. | ||
910 | |||
911 | Return the Certificate's Subject DN as an opaque data type. You | ||
912 | may use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN. | ||
913 | |||
914 | @strong{Returns:} Returns 0 on success, or an error code. | ||
915 | @end deftypefun | ||
916 | |||
917 | @subheading gnutls_x509_crt_get_issuer | ||
918 | @anchor{gnutls_x509_crt_get_issuer} | ||
919 | @deftypefun {int} {gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) | ||
920 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
921 | |||
922 | @var{dn}: output variable with pointer to opaque DN | ||
923 | |||
924 | Return the Certificate's Issuer DN as an opaque data type. You may | ||
925 | use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN. | ||
926 | |||
927 | Note that @code{dn} points into the @code{cert} object, and thus you may not | ||
928 | deallocate @code{cert} and continue to access @code{dn}. | ||
929 | |||
930 | @strong{Returns:} Returns 0 on success, or an error code. | ||
931 | @end deftypefun | ||
932 | |||
933 | @subheading gnutls_x509_dn_get_rdn_ava | ||
934 | @anchor{gnutls_x509_dn_get_rdn_ava} | ||
935 | @deftypefun {int} {gnutls_x509_dn_get_rdn_ava} (gnutls_x509_dn_t @var{dn}, int @var{irdn}, int @var{iava}, gnutls_x509_ava_st * @var{ava}) | ||
936 | @var{dn}: input variable with opaque DN pointer | ||
937 | |||
938 | @var{irdn}: index of RDN | ||
939 | |||
940 | @var{iava}: index of AVA. | ||
941 | |||
942 | @var{ava}: Pointer to structure which will hold output information. | ||
943 | |||
944 | Get pointers to data within the DN. | ||
945 | |||
946 | Note that @code{ava} will contain pointers into the @code{dn} structure, so you | ||
947 | should not modify any data or deallocate it. Note also that the DN | ||
948 | in turn points into the original certificate structure, and thus | ||
949 | you may not deallocate the certificate and continue to access @code{dn}. | ||
950 | |||
951 | @strong{Returns:} Returns 0 on success, or an error code. | ||
952 | @end deftypefun | ||
953 | |||
954 | @subheading gnutls_x509_crt_get_fingerprint | ||
955 | @anchor{gnutls_x509_crt_get_fingerprint} | ||
956 | @deftypefun {int} {gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t @var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t * @var{sizeof_buf}) | ||
957 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
958 | |||
959 | @var{algo}: is a digest algorithm | ||
960 | |||
961 | @var{buf}: a pointer to a structure to hold the fingerprint (may be null) | ||
962 | |||
963 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
964 | |||
965 | This function will calculate and copy the certificate's fingerprint | ||
966 | in the provided buffer. | ||
967 | |||
968 | If the buffer is null then only the size will be filled. | ||
969 | |||
970 | @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is | ||
971 | not long enough, and in that case the *sizeof_buf will be updated | ||
972 | with the required size. On success 0 is returned. | ||
973 | @end deftypefun | ||
974 | |||
975 | @subheading gnutls_x509_crt_export | ||
976 | @anchor{gnutls_x509_crt_export} | ||
977 | @deftypefun {int} {gnutls_x509_crt_export} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) | ||
978 | @var{cert}: Holds the certificate | ||
979 | |||
980 | @var{format}: the format of output params. One of PEM or DER. | ||
981 | |||
982 | @var{output_data}: will contain a certificate PEM or DER encoded | ||
983 | |||
984 | @var{output_data_size}: holds the size of output_data (and will be | ||
985 | replaced by the actual size of parameters) | ||
986 | |||
987 | This function will export the certificate to DER or PEM format. | ||
988 | |||
989 | If the buffer provided is not long enough to hold the output, then | ||
990 | *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
991 | be returned. | ||
992 | |||
993 | If the structure is PEM encoded, it will have a header | ||
994 | of "BEGIN CERTIFICATE". | ||
995 | |||
996 | @strong{Return value:} In case of failure a negative value will be | ||
997 | returned, and 0 on success. | ||
998 | @end deftypefun | ||
999 | |||
1000 | @subheading gnutls_x509_crt_get_key_id | ||
1001 | @anchor{gnutls_x509_crt_get_key_id} | ||
1002 | @deftypefun {int} {gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) | ||
1003 | @var{crt}: Holds the certificate | ||
1004 | |||
1005 | @var{flags}: should be 0 for now | ||
1006 | |||
1007 | @var{output_data}: will contain the key ID | ||
1008 | |||
1009 | @var{output_data_size}: holds the size of output_data (and will be | ||
1010 | replaced by the actual size of parameters) | ||
1011 | |||
1012 | This function will return a unique ID the depends on the public | ||
1013 | key parameters. This ID can be used in checking whether a | ||
1014 | certificate corresponds to the given private key. | ||
1015 | |||
1016 | If the buffer provided is not long enough to hold the output, then | ||
1017 | *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
1018 | be returned. The output will normally be a SHA-1 hash output, | ||
1019 | which is 20 bytes. | ||
1020 | |||
1021 | @strong{Return value:} In case of failure a negative value will be | ||
1022 | returned, and 0 on success. | ||
1023 | @end deftypefun | ||
1024 | |||
1025 | @subheading gnutls_x509_crt_check_revocation | ||
1026 | @anchor{gnutls_x509_crt_check_revocation} | ||
1027 | @deftypefun {int} {gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_length}) | ||
1028 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
1029 | |||
1030 | @var{crl_list}: should contain a list of gnutls_x509_crl_t structures | ||
1031 | |||
1032 | @var{crl_list_length}: the length of the crl_list | ||
1033 | |||
1034 | This function will return check if the given certificate is | ||
1035 | revoked. It is assumed that the CRLs have been verified before. | ||
1036 | |||
1037 | @strong{Returns:} 0 if the certificate is NOT revoked, and 1 if it is. A | ||
1038 | negative value is returned on error. | ||
1039 | @end deftypefun | ||
1040 | |||
1041 | @subheading gnutls_x509_crt_verify_data | ||
1042 | @anchor{gnutls_x509_crt_verify_data} | ||
1043 | @deftypefun {int} {gnutls_x509_crt_verify_data} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) | ||
1044 | @var{crt}: Holds the certificate | ||
1045 | |||
1046 | @var{flags}: should be 0 for now | ||
1047 | |||
1048 | @var{data}: holds the data to be signed | ||
1049 | |||
1050 | @var{signature}: contains the signature | ||
1051 | |||
1052 | This function will verify the given signed data, using the | ||
1053 | parameters from the certificate. | ||
1054 | |||
1055 | @strong{Returns:} In case of a verification failure 0 is returned, and 1 on | ||
1056 | success. | ||
1057 | @end deftypefun | ||
1058 | |||
1059 | @subheading gnutls_x509_crt_get_crl_dist_points | ||
1060 | @anchor{gnutls_x509_crt_get_crl_dist_points} | ||
1061 | @deftypefun {int} {gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{reason_flags}, unsigned int * @var{critical}) | ||
1062 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
1063 | |||
1064 | @var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.) | ||
1065 | |||
1066 | @var{ret}: is the place where the distribution point will be copied to | ||
1067 | |||
1068 | @var{ret_size}: holds the size of ret. | ||
1069 | |||
1070 | @var{reason_flags}: Revocation reasons flags. | ||
1071 | |||
1072 | @var{critical}: will be non zero if the extension is marked as critical (may be null) | ||
1073 | |||
1074 | This function will return the CRL distribution points (2.5.29.31), | ||
1075 | contained in the given certificate. | ||
1076 | |||
1077 | @code{reason_flags} should be an ORed sequence of | ||
1078 | GNUTLS_CRL_REASON_UNUSED, GNUTLS_CRL_REASON_KEY_COMPROMISE, | ||
1079 | GNUTLS_CRL_REASON_CA_COMPROMISE, | ||
1080 | GNUTLS_CRL_REASON_AFFILIATION_CHANGED, | ||
1081 | GNUTLS_CRL_REASON_SUPERSEEDED, | ||
1082 | GNUTLS_CRL_REASON_CESSATION_OF_OPERATION, | ||
1083 | GNUTLS_CRL_REASON_CERTIFICATE_HOLD, | ||
1084 | GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN, | ||
1085 | GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons. | ||
1086 | |||
1087 | This is specified in X509v3 Certificate Extensions. GNUTLS will | ||
1088 | return the distribution point type, or a negative error code on | ||
1089 | error. | ||
1090 | |||
1091 | Returns @code{GNUTLS_E_SHORT_MEMORY_BUFFER} and updates &@code{ret_size} if | ||
1092 | &@code{ret_size} is not enough to hold the distribution point, or the | ||
1093 | type of the distribution point if everything was ok. The type is | ||
1094 | one of the enumerated @code{gnutls_x509_subject_alt_name_t}. If the | ||
1095 | certificate does not have an Alternative name with the specified | ||
1096 | sequence number then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is | ||
1097 | returned. | ||
1098 | @end deftypefun | ||
1099 | |||
1100 | @subheading gnutls_x509_crt_get_key_purpose_oid | ||
1101 | @anchor{gnutls_x509_crt_get_key_purpose_oid} | ||
1102 | @deftypefun {int} {gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) | ||
1103 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
1104 | |||
1105 | @var{indx}: This specifies which OID to return. Use zero to get the first one. | ||
1106 | |||
1107 | @var{oid}: a pointer to a buffer to hold the OID (may be null) | ||
1108 | |||
1109 | @var{sizeof_oid}: initially holds the size of @code{oid} | ||
1110 | |||
1111 | This function will extract the key purpose OIDs of the Certificate | ||
1112 | specified by the given index. These are stored in the Extended Key | ||
1113 | Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for | ||
1114 | human readable names. | ||
1115 | |||
1116 | If @code{oid} is null then only the size will be filled. | ||
1117 | |||
1118 | @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is | ||
1119 | not long enough, and in that case the *sizeof_oid will be updated | ||
1120 | with the required size. On success 0 is returned. | ||
1121 | @end deftypefun | ||
1122 | |||
1123 | @subheading gnutls_x509_crt_get_pk_rsa_raw | ||
1124 | @anchor{gnutls_x509_crt_get_pk_rsa_raw} | ||
1125 | @deftypefun {int} {gnutls_x509_crt_get_pk_rsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) | ||
1126 | @var{crt}: Holds the certificate | ||
1127 | |||
1128 | @var{m}: will hold the modulus | ||
1129 | |||
1130 | @var{e}: will hold the public exponent | ||
1131 | |||
1132 | This function will export the RSA public key's parameters found in | ||
1133 | the given structure. The new parameters will be allocated using | ||
1134 | @code{gnutls_malloc()} and will be stored in the appropriate datum. | ||
1135 | |||
1136 | @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error. | ||
1137 | @end deftypefun | ||
1138 | |||
1139 | @subheading gnutls_x509_crt_get_pk_dsa_raw | ||
1140 | @anchor{gnutls_x509_crt_get_pk_dsa_raw} | ||
1141 | @deftypefun {int} {gnutls_x509_crt_get_pk_dsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) | ||
1142 | @var{crt}: Holds the certificate | ||
1143 | |||
1144 | @var{p}: will hold the p | ||
1145 | |||
1146 | @var{q}: will hold the q | ||
1147 | |||
1148 | @var{g}: will hold the g | ||
1149 | |||
1150 | @var{y}: will hold the y | ||
1151 | |||
1152 | This function will export the DSA public key's parameters found in | ||
1153 | the given certificate. The new parameters will be allocated using | ||
1154 | @code{gnutls_malloc()} and will be stored in the appropriate datum. | ||
1155 | |||
1156 | @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error. | ||
1157 | @end deftypefun | ||
1158 | |||
1159 | @subheading gnutls_x509_crt_list_import | ||
1160 | @anchor{gnutls_x509_crt_list_import} | ||
1161 | @deftypefun {int} {gnutls_x509_crt_list_import} (gnutls_x509_crt_t * @var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) | ||
1162 | @var{certs}: The structures to store the parsed certificate. Must not be initialized. | ||
1163 | |||
1164 | @var{cert_max}: Initially must hold the maximum number of certs. It will be updated with the number of certs available. | ||
1165 | |||
1166 | @var{data}: The PEM encoded certificate. | ||
1167 | |||
1168 | @var{format}: One of DER or PEM. | ||
1169 | |||
1170 | @var{flags}: must be zero or an OR'd sequence of gnutls_certificate_import_flags. | ||
1171 | |||
1172 | This function will convert the given PEM encoded certificate list | ||
1173 | to the native gnutls_x509_crt_t format. The output will be stored | ||
1174 | in @code{certs}. They will be automatically initialized. | ||
1175 | |||
1176 | If the Certificate is PEM encoded it should have a header of "X509 | ||
1177 | CERTIFICATE", or "CERTIFICATE". | ||
1178 | |||
1179 | @strong{Returns:} the number of certificates read or a negative error value. | ||
1180 | @end deftypefun | ||
1181 | |||
1182 | @subheading gnutls_x509_crt_check_hostname | ||
1183 | @anchor{gnutls_x509_crt_check_hostname} | ||
1184 | @deftypefun {int} {gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}) | ||
1185 | @var{cert}: should contain an gnutls_x509_crt_t structure | ||
1186 | |||
1187 | @var{hostname}: A null terminated string that contains a DNS name | ||
1188 | |||
1189 | This function will check if the given certificate's subject | ||
1190 | matches the given hostname. This is a basic implementation of the | ||
1191 | matching described in RFC2818 (HTTPS), which takes into account | ||
1192 | wildcards, and the DNSName/IPAddress subject alternative name PKIX | ||
1193 | extension. | ||
1194 | |||
1195 | Returns non zero for a successful match, and zero on failure. | ||
1196 | @end deftypefun | ||
1197 | |||
1198 | @subheading gnutls_x509_crt_check_issuer | ||
1199 | @anchor{gnutls_x509_crt_check_issuer} | ||
1200 | @deftypefun {int} {gnutls_x509_crt_check_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t @var{issuer}) | ||
1201 | @var{cert}: is the certificate to be checked | ||
1202 | |||
1203 | @var{issuer}: is the certificate of a possible issuer | ||
1204 | |||
1205 | This function will check if the given certificate was issued by the | ||
1206 | given issuer. It will return true (1) if the given certificate is issued | ||
1207 | by the given issuer, and false (0) if not. | ||
1208 | |||
1209 | A negative value is returned in case of an error. | ||
1210 | @end deftypefun | ||
1211 | |||
1212 | @subheading gnutls_x509_crt_list_verify | ||
1213 | @anchor{gnutls_x509_crt_list_verify} | ||
1214 | @deftypefun {int} {gnutls_x509_crt_list_verify} (const gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_length}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, const gnutls_x509_crl_t * @var{CRL_list}, int @var{CRL_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) | ||
1215 | @var{cert_list}: is the certificate list to be verified | ||
1216 | |||
1217 | @var{cert_list_length}: holds the number of certificate in cert_list | ||
1218 | |||
1219 | @var{CA_list}: is the CA list which will be used in verification | ||
1220 | |||
1221 | @var{CA_list_length}: holds the number of CA certificate in CA_list | ||
1222 | |||
1223 | @var{CRL_list}: holds a list of CRLs. | ||
1224 | |||
1225 | @var{CRL_list_length}: the length of CRL list. | ||
1226 | |||
1227 | @var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. | ||
1228 | |||
1229 | @var{verify}: will hold the certificate verification output. | ||
1230 | |||
1231 | This function will try to verify the given certificate list and return its status. | ||
1232 | Note that expiration and activation dates are not checked | ||
1233 | by this function, you should check them using the appropriate functions. | ||
1234 | |||
1235 | If no flags are specified (0), this function will use the | ||
1236 | basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate | ||
1237 | authority is allowed to sign a certificate. | ||
1238 | |||
1239 | You must also check the peer's name in order to check if the verified | ||
1240 | certificate belongs to the actual peer. | ||
1241 | |||
1242 | The certificate verification output will be put in @code{verify} and will be | ||
1243 | one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. | ||
1244 | For a more detailed verification status use @code{gnutls_x509_crt_verify()} per list | ||
1245 | element. | ||
1246 | |||
1247 | @strong{GNUTLS_CERT_INVALID:} the certificate chain is not valid. | ||
1248 | |||
1249 | @strong{GNUTLS_CERT_REVOKED:} a certificate in the chain has been revoked. | ||
1250 | |||
1251 | Returns 0 on success and a negative value in case of an error. | ||
1252 | @end deftypefun | ||
1253 | |||
1254 | @subheading gnutls_x509_crt_verify | ||
1255 | @anchor{gnutls_x509_crt_verify} | ||
1256 | @deftypefun {int} {gnutls_x509_crt_verify} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) | ||
1257 | @var{cert}: is the certificate to be verified | ||
1258 | |||
1259 | @var{CA_list}: is one certificate that is considered to be trusted one | ||
1260 | |||
1261 | @var{CA_list_length}: holds the number of CA certificate in CA_list | ||
1262 | |||
1263 | @var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. | ||
1264 | |||
1265 | @var{verify}: will hold the certificate verification output. | ||
1266 | |||
1267 | This function will try to verify the given certificate and return its status. | ||
1268 | The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID. | ||
1269 | |||
1270 | Returns 0 on success and a negative value in case of an error. | ||
1271 | @end deftypefun | ||
1272 | |||
1273 | @subheading gnutls_x509_crl_check_issuer | ||
1274 | @anchor{gnutls_x509_crl_check_issuer} | ||
1275 | @deftypefun {int} {gnutls_x509_crl_check_issuer} (gnutls_x509_crl_t @var{cert}, gnutls_x509_crt_t @var{issuer}) | ||
1276 | @var{issuer}: is the certificate of a possible issuer | ||
1277 | |||
1278 | This function will check if the given CRL was issued by the | ||
1279 | given issuer certificate. It will return true (1) if the given CRL was issued | ||
1280 | by the given issuer, and false (0) if not. | ||
1281 | |||
1282 | A negative value is returned in case of an error. | ||
1283 | @end deftypefun | ||
1284 | |||
1285 | @subheading gnutls_x509_crl_verify | ||
1286 | @anchor{gnutls_x509_crl_verify} | ||
1287 | @deftypefun {int} {gnutls_x509_crl_verify} (gnutls_x509_crl_t @var{crl}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) | ||
1288 | @var{crl}: is the crl to be verified | ||
1289 | |||
1290 | @var{CA_list}: is a certificate list that is considered to be trusted one | ||
1291 | |||
1292 | @var{CA_list_length}: holds the number of CA certificates in CA_list | ||
1293 | |||
1294 | @var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. | ||
1295 | |||
1296 | @var{verify}: will hold the crl verification output. | ||
1297 | |||
1298 | This function will try to verify the given crl and return its status. | ||
1299 | See @code{gnutls_x509_crt_list_verify()} for a detailed description of | ||
1300 | return values. | ||
1301 | |||
1302 | Returns 0 on success and a negative value in case of an error. | ||
1303 | @end deftypefun | ||
1304 | |||
1305 | @subheading gnutls_x509_privkey_init | ||
1306 | @anchor{gnutls_x509_privkey_init} | ||
1307 | @deftypefun {int} {gnutls_x509_privkey_init} (gnutls_x509_privkey_t * @var{key}) | ||
1308 | @var{key}: The structure to be initialized | ||
1309 | |||
1310 | This function will initialize an private key structure. | ||
1311 | |||
1312 | Returns 0 on success. | ||
1313 | @end deftypefun | ||
1314 | |||
1315 | @subheading gnutls_x509_privkey_deinit | ||
1316 | @anchor{gnutls_x509_privkey_deinit} | ||
1317 | @deftypefun {void} {gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t @var{key}) | ||
1318 | @var{key}: The structure to be initialized | ||
1319 | |||
1320 | This function will deinitialize a private key structure. | ||
1321 | @end deftypefun | ||
1322 | |||
1323 | @subheading gnutls_x509_privkey_cpy | ||
1324 | @anchor{gnutls_x509_privkey_cpy} | ||
1325 | @deftypefun {int} {gnutls_x509_privkey_cpy} (gnutls_x509_privkey_t @var{dst}, gnutls_x509_privkey_t @var{src}) | ||
1326 | @var{dst}: The destination key, which should be initialized. | ||
1327 | |||
1328 | @var{src}: The source key | ||
1329 | |||
1330 | This function will copy a private key from source to destination key. | ||
1331 | @end deftypefun | ||
1332 | |||
1333 | @subheading gnutls_x509_privkey_import | ||
1334 | @anchor{gnutls_x509_privkey_import} | ||
1335 | @deftypefun {int} {gnutls_x509_privkey_import} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) | ||
1336 | @var{key}: The structure to store the parsed key | ||
1337 | |||
1338 | @var{data}: The DER or PEM encoded certificate. | ||
1339 | |||
1340 | @var{format}: One of DER or PEM | ||
1341 | |||
1342 | This function will convert the given DER or PEM encoded key | ||
1343 | to the native gnutls_x509_privkey_t format. The output will be stored in @code{key} . | ||
1344 | |||
1345 | If the key is PEM encoded it should have a header of "RSA PRIVATE KEY", or | ||
1346 | "DSA PRIVATE KEY". | ||
1347 | |||
1348 | Returns 0 on success. | ||
1349 | @end deftypefun | ||
1350 | |||
1351 | @subheading gnutls_x509_privkey_import_rsa_raw | ||
1352 | @anchor{gnutls_x509_privkey_import_rsa_raw} | ||
1353 | @deftypefun {int} {gnutls_x509_privkey_import_rsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}) | ||
1354 | @var{key}: The structure to store the parsed key | ||
1355 | |||
1356 | @var{m}: holds the modulus | ||
1357 | |||
1358 | @var{e}: holds the public exponent | ||
1359 | |||
1360 | @var{d}: holds the private exponent | ||
1361 | |||
1362 | @var{p}: holds the first prime (p) | ||
1363 | |||
1364 | @var{q}: holds the second prime (q) | ||
1365 | |||
1366 | @var{u}: holds the coefficient | ||
1367 | |||
1368 | This function will convert the given RSA raw parameters | ||
1369 | to the native gnutls_x509_privkey_t format. The output will be stored in @code{key}. | ||
1370 | @end deftypefun | ||
1371 | |||
1372 | @subheading gnutls_x509_privkey_import_dsa_raw | ||
1373 | @anchor{gnutls_x509_privkey_import_dsa_raw} | ||
1374 | @deftypefun {int} {gnutls_x509_privkey_import_dsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) | ||
1375 | @var{key}: The structure to store the parsed key | ||
1376 | |||
1377 | @var{p}: holds the p | ||
1378 | |||
1379 | @var{q}: holds the q | ||
1380 | |||
1381 | @var{g}: holds the g | ||
1382 | |||
1383 | @var{y}: holds the y | ||
1384 | |||
1385 | @var{x}: holds the x | ||
1386 | |||
1387 | This function will convert the given DSA raw parameters | ||
1388 | to the native gnutls_x509_privkey_t format. The output will be stored in @code{key}. | ||
1389 | @end deftypefun | ||
1390 | |||
1391 | @subheading gnutls_x509_privkey_get_pk_algorithm | ||
1392 | @anchor{gnutls_x509_privkey_get_pk_algorithm} | ||
1393 | @deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm} (gnutls_x509_privkey_t @var{key}) | ||
1394 | @var{key}: should contain a gnutls_x509_privkey_t structure | ||
1395 | |||
1396 | This function will return the public key algorithm of a private | ||
1397 | key. | ||
1398 | |||
1399 | Returns a member of the gnutls_pk_algorithm_t enumeration on success, | ||
1400 | or a negative value on error. | ||
1401 | @end deftypefun | ||
1402 | |||
1403 | @subheading gnutls_x509_privkey_export | ||
1404 | @anchor{gnutls_x509_privkey_export} | ||
1405 | @deftypefun {int} {gnutls_x509_privkey_export} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) | ||
1406 | @var{key}: Holds the key | ||
1407 | |||
1408 | @var{format}: the format of output params. One of PEM or DER. | ||
1409 | |||
1410 | @var{output_data}: will contain a private key PEM or DER encoded | ||
1411 | |||
1412 | @var{output_data_size}: holds the size of output_data (and will be | ||
1413 | replaced by the actual size of parameters) | ||
1414 | |||
1415 | This function will export the private key to a PKCS1 structure for | ||
1416 | RSA keys, or an integer sequence for DSA keys. The DSA keys are in | ||
1417 | the same format with the parameters used by openssl. | ||
1418 | |||
1419 | If the buffer provided is not long enough to hold the output, then | ||
1420 | *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
1421 | be returned. | ||
1422 | |||
1423 | If the structure is PEM encoded, it will have a header | ||
1424 | of "BEGIN RSA PRIVATE KEY". | ||
1425 | |||
1426 | @strong{Return value:} In case of failure a negative value will be | ||
1427 | returned, and 0 on success. | ||
1428 | @end deftypefun | ||
1429 | |||
1430 | @subheading gnutls_x509_privkey_export_rsa_raw | ||
1431 | @anchor{gnutls_x509_privkey_export_rsa_raw} | ||
1432 | @deftypefun {int} {gnutls_x509_privkey_export_rsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}) | ||
1433 | @var{key}: a structure that holds the rsa parameters | ||
1434 | |||
1435 | @var{m}: will hold the modulus | ||
1436 | |||
1437 | @var{e}: will hold the public exponent | ||
1438 | |||
1439 | @var{d}: will hold the private exponent | ||
1440 | |||
1441 | @var{p}: will hold the first prime (p) | ||
1442 | |||
1443 | @var{q}: will hold the second prime (q) | ||
1444 | |||
1445 | @var{u}: will hold the coefficient | ||
1446 | |||
1447 | This function will export the RSA private key's parameters found in the given | ||
1448 | structure. The new parameters will be allocated using | ||
1449 | @code{gnutls_malloc()} and will be stored in the appropriate datum. | ||
1450 | @end deftypefun | ||
1451 | |||
1452 | @subheading gnutls_x509_privkey_export_dsa_raw | ||
1453 | @anchor{gnutls_x509_privkey_export_dsa_raw} | ||
1454 | @deftypefun {int} {gnutls_x509_privkey_export_dsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) | ||
1455 | @var{p}: will hold the p | ||
1456 | |||
1457 | @var{q}: will hold the q | ||
1458 | |||
1459 | @var{g}: will hold the g | ||
1460 | |||
1461 | @var{y}: will hold the y | ||
1462 | |||
1463 | @var{x}: will hold the x | ||
1464 | |||
1465 | This function will export the DSA private key's parameters found in the given | ||
1466 | structure. The new parameters will be allocated using | ||
1467 | @code{gnutls_malloc()} and will be stored in the appropriate datum. | ||
1468 | @end deftypefun | ||
1469 | |||
1470 | @subheading gnutls_x509_privkey_generate | ||
1471 | @anchor{gnutls_x509_privkey_generate} | ||
1472 | @deftypefun {int} {gnutls_x509_privkey_generate} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) | ||
1473 | @var{key}: should contain a gnutls_x509_privkey_t structure | ||
1474 | |||
1475 | @var{algo}: is one of RSA or DSA. | ||
1476 | |||
1477 | @var{bits}: the size of the modulus | ||
1478 | |||
1479 | @var{flags}: unused for now. Must be 0. | ||
1480 | |||
1481 | This function will generate a random private key. Note that | ||
1482 | this function must be called on an empty private key. | ||
1483 | |||
1484 | Returns 0 on success or a negative value on error. | ||
1485 | @end deftypefun | ||
1486 | |||
1487 | @subheading gnutls_x509_privkey_get_key_id | ||
1488 | @anchor{gnutls_x509_privkey_get_key_id} | ||
1489 | @deftypefun {int} {gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) | ||
1490 | @var{key}: Holds the key | ||
1491 | |||
1492 | @var{flags}: should be 0 for now | ||
1493 | |||
1494 | @var{output_data}: will contain the key ID | ||
1495 | |||
1496 | @var{output_data_size}: holds the size of output_data (and will be | ||
1497 | replaced by the actual size of parameters) | ||
1498 | |||
1499 | This function will return a unique ID the depends on the public key | ||
1500 | parameters. This ID can be used in checking whether a certificate | ||
1501 | corresponds to the given key. | ||
1502 | |||
1503 | If the buffer provided is not long enough to hold the output, then | ||
1504 | *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
1505 | be returned. The output will normally be a SHA-1 hash output, | ||
1506 | which is 20 bytes. | ||
1507 | |||
1508 | @strong{Return value:} In case of failure a negative value will be | ||
1509 | returned, and 0 on success. | ||
1510 | @end deftypefun | ||
1511 | |||
1512 | @subheading gnutls_x509_privkey_sign_data | ||
1513 | @anchor{gnutls_x509_privkey_sign_data} | ||
1514 | @deftypefun {int} {gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, void * @var{signature}, size_t * @var{signature_size}) | ||
1515 | @var{key}: Holds the key | ||
1516 | |||
1517 | @var{digest}: should be MD5 or SHA1 | ||
1518 | |||
1519 | @var{flags}: should be 0 for now | ||
1520 | |||
1521 | @var{data}: holds the data to be signed | ||
1522 | |||
1523 | @var{signature}: will contain the signature | ||
1524 | |||
1525 | @var{signature_size}: holds the size of signature (and will be replaced | ||
1526 | by the new size) | ||
1527 | |||
1528 | This function will sign the given data using a signature algorithm | ||
1529 | supported by the private key. Signature algorithms are always used | ||
1530 | together with a hash functions. Different hash functions may be | ||
1531 | used for the RSA algorithm, but only SHA-1 for the DSA keys. | ||
1532 | |||
1533 | If the buffer provided is not long enough to hold the output, then | ||
1534 | *signature_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
1535 | be returned. | ||
1536 | |||
1537 | In case of failure a negative value will be returned, and | ||
1538 | 0 on success. | ||
1539 | @end deftypefun | ||
1540 | |||
1541 | @subheading gnutls_x509_privkey_sign_hash | ||
1542 | @anchor{gnutls_x509_privkey_sign_hash} | ||
1543 | @deftypefun {int} {gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) | ||
1544 | @var{key}: Holds the key | ||
1545 | |||
1546 | @var{hash}: holds the data to be signed | ||
1547 | |||
1548 | @var{signature}: will contain newly allocated signature | ||
1549 | |||
1550 | This function will sign the given hash using the private key. | ||
1551 | |||
1552 | @strong{Return value:} In case of failure a negative value will be returned, | ||
1553 | and 0 on success. | ||
1554 | @end deftypefun | ||
1555 | |||
1556 | @subheading gnutls_x509_privkey_verify_data | ||
1557 | @anchor{gnutls_x509_privkey_verify_data} | ||
1558 | @deftypefun {int} {gnutls_x509_privkey_verify_data} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) | ||
1559 | @var{key}: Holds the key | ||
1560 | |||
1561 | @var{flags}: should be 0 for now | ||
1562 | |||
1563 | @var{data}: holds the data to be signed | ||
1564 | |||
1565 | @var{signature}: contains the signature | ||
1566 | |||
1567 | This function will verify the given signed data, using the parameters in the | ||
1568 | private key. | ||
1569 | |||
1570 | In case of a verification failure 0 is returned, and | ||
1571 | 1 on success. | ||
1572 | @end deftypefun | ||
1573 | |||
1574 | @subheading gnutls_x509_privkey_fix | ||
1575 | @anchor{gnutls_x509_privkey_fix} | ||
1576 | @deftypefun {int} {gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key}) | ||
1577 | @var{key}: Holds the key | ||
1578 | |||
1579 | This function will recalculate the secondary parameters in a key. | ||
1580 | In RSA keys, this can be the coefficient and exponent1,2. | ||
1581 | |||
1582 | @strong{Return value:} In case of failure a negative value will be | ||
1583 | returned, and 0 on success. | ||
1584 | @end deftypefun | ||
1585 | |||
1586 | @subheading gnutls_pkcs7_init | ||
1587 | @anchor{gnutls_pkcs7_init} | ||
1588 | @deftypefun {int} {gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7}) | ||
1589 | @var{pkcs7}: The structure to be initialized | ||
1590 | |||
1591 | This function will initialize a PKCS7 structure. PKCS7 structures | ||
1592 | usually contain lists of X.509 Certificates and X.509 Certificate | ||
1593 | revocation lists. | ||
1594 | |||
1595 | Returns 0 on success. | ||
1596 | @end deftypefun | ||
1597 | |||
1598 | @subheading gnutls_pkcs7_deinit | ||
1599 | @anchor{gnutls_pkcs7_deinit} | ||
1600 | @deftypefun {void} {gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7}) | ||
1601 | @var{pkcs7}: The structure to be initialized | ||
1602 | |||
1603 | This function will deinitialize a PKCS7 structure. | ||
1604 | @end deftypefun | ||
1605 | |||
1606 | @subheading gnutls_pkcs7_import | ||
1607 | @anchor{gnutls_pkcs7_import} | ||
1608 | @deftypefun {int} {gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) | ||
1609 | @var{pkcs7}: The structure to store the parsed PKCS7. | ||
1610 | |||
1611 | @var{data}: The DER or PEM encoded PKCS7. | ||
1612 | |||
1613 | @var{format}: One of DER or PEM | ||
1614 | |||
1615 | This function will convert the given DER or PEM encoded PKCS7 | ||
1616 | to the native gnutls_pkcs7_t format. The output will be stored in 'pkcs7'. | ||
1617 | |||
1618 | If the PKCS7 is PEM encoded it should have a header of "PKCS7". | ||
1619 | |||
1620 | Returns 0 on success. | ||
1621 | @end deftypefun | ||
1622 | |||
1623 | @subheading gnutls_pkcs7_get_crt_raw | ||
1624 | @anchor{gnutls_pkcs7_get_crt_raw} | ||
1625 | @deftypefun {int} {gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{certificate}, size_t * @var{certificate_size}) | ||
1626 | @var{indx}: contains the index of the certificate to extract | ||
1627 | |||
1628 | @var{certificate}: the contents of the certificate will be copied there (may be null) | ||
1629 | |||
1630 | @var{certificate_size}: should hold the size of the certificate | ||
1631 | |||
1632 | This function will return a certificate of the PKCS7 or RFC2630 certificate set. | ||
1633 | Returns 0 on success. If the provided buffer is not long enough, | ||
1634 | then @code{certificate_size} is updated and GNUTLS_E_SHORT_MEMORY_BUFFER is returned. | ||
1635 | |||
1636 | After the last certificate has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE | ||
1637 | will be returned. | ||
1638 | @end deftypefun | ||
1639 | |||
1640 | @subheading gnutls_pkcs7_get_crt_count | ||
1641 | @anchor{gnutls_pkcs7_get_crt_count} | ||
1642 | @deftypefun {int} {gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7}) | ||
1643 | This function will return the number of certifcates in the PKCS7 or | ||
1644 | RFC2630 certificate set. | ||
1645 | |||
1646 | Returns a negative value on failure. | ||
1647 | @end deftypefun | ||
1648 | |||
1649 | @subheading gnutls_pkcs7_export | ||
1650 | @anchor{gnutls_pkcs7_export} | ||
1651 | @deftypefun {int} {gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) | ||
1652 | @var{pkcs7}: Holds the pkcs7 structure | ||
1653 | |||
1654 | @var{format}: the format of output params. One of PEM or DER. | ||
1655 | |||
1656 | @var{output_data}: will contain a structure PEM or DER encoded | ||
1657 | |||
1658 | @var{output_data_size}: holds the size of output_data (and will be | ||
1659 | replaced by the actual size of parameters) | ||
1660 | |||
1661 | This function will export the pkcs7 structure to DER or PEM format. | ||
1662 | |||
1663 | If the buffer provided is not long enough to hold the output, then | ||
1664 | *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
1665 | be returned. | ||
1666 | |||
1667 | If the structure is PEM encoded, it will have a header | ||
1668 | of "BEGIN PKCS7". | ||
1669 | |||
1670 | @strong{Return value:} In case of failure a negative value will be | ||
1671 | returned, and 0 on success. | ||
1672 | @end deftypefun | ||
1673 | |||
1674 | @subheading gnutls_pkcs7_set_crt_raw | ||
1675 | @anchor{gnutls_pkcs7_set_crt_raw} | ||
1676 | @deftypefun {int} {gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt}) | ||
1677 | @var{crt}: the DER encoded certificate to be added | ||
1678 | |||
1679 | This function will add a certificate to the PKCS7 or RFC2630 certificate set. | ||
1680 | Returns 0 on success. | ||
1681 | @end deftypefun | ||
1682 | |||
1683 | @subheading gnutls_pkcs7_set_crt | ||
1684 | @anchor{gnutls_pkcs7_set_crt} | ||
1685 | @deftypefun {int} {gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt}) | ||
1686 | @var{crt}: the certificate to be copied. | ||
1687 | |||
1688 | This function will add a parsed certificate to the PKCS7 or RFC2630 certificate set. | ||
1689 | This is a wrapper function over @code{gnutls_pkcs7_set_crt_raw()} . | ||
1690 | |||
1691 | Returns 0 on success. | ||
1692 | @end deftypefun | ||
1693 | |||
1694 | @subheading gnutls_pkcs7_delete_crt | ||
1695 | @anchor{gnutls_pkcs7_delete_crt} | ||
1696 | @deftypefun {int} {gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) | ||
1697 | @var{indx}: the index of the certificate to delete | ||
1698 | |||
1699 | This function will delete a certificate from a PKCS7 or RFC2630 certificate set. | ||
1700 | Index starts from 0. Returns 0 on success. | ||
1701 | @end deftypefun | ||
1702 | |||
1703 | @subheading gnutls_pkcs7_get_crl_raw | ||
1704 | @anchor{gnutls_pkcs7_get_crl_raw} | ||
1705 | @deftypefun {int} {gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{crl}, size_t * @var{crl_size}) | ||
1706 | @var{indx}: contains the index of the crl to extract | ||
1707 | |||
1708 | @var{crl}: the contents of the crl will be copied there (may be null) | ||
1709 | |||
1710 | @var{crl_size}: should hold the size of the crl | ||
1711 | |||
1712 | This function will return a crl of the PKCS7 or RFC2630 crl set. | ||
1713 | Returns 0 on success. If the provided buffer is not long enough, | ||
1714 | then @code{crl_size} is updated and GNUTLS_E_SHORT_MEMORY_BUFFER is returned. | ||
1715 | |||
1716 | After the last crl has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE | ||
1717 | will be returned. | ||
1718 | @end deftypefun | ||
1719 | |||
1720 | @subheading gnutls_pkcs7_get_crl_count | ||
1721 | @anchor{gnutls_pkcs7_get_crl_count} | ||
1722 | @deftypefun {int} {gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7}) | ||
1723 | This function will return the number of certifcates in the PKCS7 or | ||
1724 | RFC2630 crl set. | ||
1725 | |||
1726 | Returns a negative value on failure. | ||
1727 | @end deftypefun | ||
1728 | |||
1729 | @subheading gnutls_pkcs7_set_crl_raw | ||
1730 | @anchor{gnutls_pkcs7_set_crl_raw} | ||
1731 | @deftypefun {int} {gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl}) | ||
1732 | @var{crl}: the DER encoded crl to be added | ||
1733 | |||
1734 | This function will add a crl to the PKCS7 or RFC2630 crl set. | ||
1735 | Returns 0 on success. | ||
1736 | @end deftypefun | ||
1737 | |||
1738 | @subheading gnutls_pkcs7_set_crl | ||
1739 | @anchor{gnutls_pkcs7_set_crl} | ||
1740 | @deftypefun {int} {gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl}) | ||
1741 | @var{crl}: the DER encoded crl to be added | ||
1742 | |||
1743 | This function will add a parsed crl to the PKCS7 or RFC2630 crl set. | ||
1744 | Returns 0 on success. | ||
1745 | @end deftypefun | ||
1746 | |||
1747 | @subheading gnutls_pkcs7_delete_crl | ||
1748 | @anchor{gnutls_pkcs7_delete_crl} | ||
1749 | @deftypefun {int} {gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) | ||
1750 | @var{indx}: the index of the crl to delete | ||
1751 | |||
1752 | This function will delete a crl from a PKCS7 or RFC2630 crl set. | ||
1753 | Index starts from 0. Returns 0 on success. | ||
1754 | @end deftypefun | ||
1755 | |||
1756 | @subheading gnutls_x509_crq_init | ||
1757 | @anchor{gnutls_x509_crq_init} | ||
1758 | @deftypefun {int} {gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq}) | ||
1759 | @var{crq}: The structure to be initialized | ||
1760 | |||
1761 | This function will initialize a PKCS10 certificate request structure. | ||
1762 | |||
1763 | Returns 0 on success. | ||
1764 | @end deftypefun | ||
1765 | |||
1766 | @subheading gnutls_x509_crq_deinit | ||
1767 | @anchor{gnutls_x509_crq_deinit} | ||
1768 | @deftypefun {void} {gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq}) | ||
1769 | @var{crq}: The structure to be initialized | ||
1770 | |||
1771 | This function will deinitialize a CRL structure. | ||
1772 | @end deftypefun | ||
1773 | |||
1774 | @subheading gnutls_x509_crq_import | ||
1775 | @anchor{gnutls_x509_crq_import} | ||
1776 | @deftypefun {int} {gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) | ||
1777 | @var{crq}: The structure to store the parsed certificate request. | ||
1778 | |||
1779 | @var{data}: The DER or PEM encoded certificate. | ||
1780 | |||
1781 | @var{format}: One of DER or PEM | ||
1782 | |||
1783 | This function will convert the given DER or PEM encoded Certificate | ||
1784 | to the native gnutls_x509_crq_t format. The output will be stored in @code{cert}. | ||
1785 | |||
1786 | If the Certificate is PEM encoded it should have a header of "NEW CERTIFICATE REQUEST". | ||
1787 | |||
1788 | Returns 0 on success. | ||
1789 | @end deftypefun | ||
1790 | |||
1791 | @subheading gnutls_x509_crq_get_dn | ||
1792 | @anchor{gnutls_x509_crq_get_dn} | ||
1793 | @deftypefun {int} {gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq}, char * @var{buf}, size_t * @var{sizeof_buf}) | ||
1794 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1795 | |||
1796 | @var{buf}: a pointer to a structure to hold the name (may be null) | ||
1797 | |||
1798 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
1799 | |||
1800 | This function will copy the name of the Certificate request | ||
1801 | subject in the provided buffer. The name will be in the form | ||
1802 | "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string | ||
1803 | will be ASCII or UTF-8 encoded, depending on the certificate data. | ||
1804 | |||
1805 | If @code{buf} is null then only the size will be filled. | ||
1806 | |||
1807 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
1808 | long enough, and in that case the *sizeof_buf will be updated with | ||
1809 | the required size. On success 0 is returned. | ||
1810 | @end deftypefun | ||
1811 | |||
1812 | @subheading gnutls_x509_crq_get_dn_by_oid | ||
1813 | @anchor{gnutls_x509_crq_get_dn_by_oid} | ||
1814 | @deftypefun {int} {gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf}) | ||
1815 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1816 | |||
1817 | @var{oid}: holds an Object Identified in null terminated string | ||
1818 | |||
1819 | @var{indx}: In case multiple same OIDs exist in the RDN, this specifies | ||
1820 | which to send. Use zero to get the first one. | ||
1821 | |||
1822 | @var{raw_flag}: If non zero returns the raw DER data of the DN part. | ||
1823 | |||
1824 | @var{buf}: a pointer to a structure to hold the name (may be null) | ||
1825 | |||
1826 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
1827 | |||
1828 | This function will extract the part of the name of the Certificate | ||
1829 | request subject, specified by the given OID. The output will be | ||
1830 | encoded as described in RFC2253. The output string will be ASCII | ||
1831 | or UTF-8 encoded, depending on the certificate data. | ||
1832 | |||
1833 | Some helper macros with popular OIDs can be found in gnutls/x509.h | ||
1834 | If raw flag is zero, this function will only return known OIDs as | ||
1835 | text. Other OIDs will be DER encoded, as described in RFC2253 -- | ||
1836 | in hex format with a '\#' prefix. You can check about known OIDs | ||
1837 | using @code{gnutls_x509_dn_oid_known()}. | ||
1838 | |||
1839 | If @code{buf} is null then only the size will be filled. | ||
1840 | |||
1841 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
1842 | long enough, and in that case the *sizeof_buf will be updated with | ||
1843 | the required size. On success 0 is returned. | ||
1844 | @end deftypefun | ||
1845 | |||
1846 | @subheading gnutls_x509_crq_get_dn_oid | ||
1847 | @anchor{gnutls_x509_crq_get_dn_oid} | ||
1848 | @deftypefun {int} {gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) | ||
1849 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1850 | |||
1851 | @var{indx}: Specifies which DN OID to send. Use zero to get the first one. | ||
1852 | |||
1853 | @var{oid}: a pointer to a structure to hold the name (may be null) | ||
1854 | |||
1855 | @var{sizeof_oid}: initially holds the size of @code{oid} | ||
1856 | |||
1857 | This function will extract the requested OID of the name of the | ||
1858 | Certificate request subject, specified by the given index. | ||
1859 | |||
1860 | If oid is null then only the size will be filled. | ||
1861 | |||
1862 | Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
1863 | long enough, and in that case the *sizeof_oid will be updated with | ||
1864 | the required size. On success 0 is returned. | ||
1865 | @end deftypefun | ||
1866 | |||
1867 | @subheading gnutls_x509_crq_get_challenge_password | ||
1868 | @anchor{gnutls_x509_crq_get_challenge_password} | ||
1869 | @deftypefun {int} {gnutls_x509_crq_get_challenge_password} (gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{sizeof_pass}) | ||
1870 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1871 | |||
1872 | @var{pass}: will hold a null terminated password | ||
1873 | |||
1874 | @var{sizeof_pass}: Initially holds the size of @code{pass}. | ||
1875 | |||
1876 | This function will return the challenge password in the | ||
1877 | request. | ||
1878 | |||
1879 | Returns 0 on success. | ||
1880 | @end deftypefun | ||
1881 | |||
1882 | @subheading gnutls_x509_crq_set_attribute_by_oid | ||
1883 | @anchor{gnutls_x509_crq_set_attribute_by_oid} | ||
1884 | @deftypefun {int} {gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{sizeof_buf}) | ||
1885 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1886 | |||
1887 | @var{oid}: holds an Object Identified in null terminated string | ||
1888 | |||
1889 | @var{buf}: a pointer to a structure that holds the attribute data | ||
1890 | |||
1891 | @var{sizeof_buf}: holds the size of @code{buf} | ||
1892 | |||
1893 | This function will set the attribute in the certificate request specified | ||
1894 | by the given Object ID. The attribute must be be DER encoded. | ||
1895 | |||
1896 | Returns 0 on success. | ||
1897 | @end deftypefun | ||
1898 | |||
1899 | @subheading gnutls_x509_crq_get_attribute_by_oid | ||
1900 | @anchor{gnutls_x509_crq_get_attribute_by_oid} | ||
1901 | @deftypefun {int} {gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf}) | ||
1902 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1903 | |||
1904 | @var{oid}: holds an Object Identified in null terminated string | ||
1905 | |||
1906 | @var{indx}: In case multiple same OIDs exist in the attribute list, this specifies | ||
1907 | which to send. Use zero to get the first one. | ||
1908 | |||
1909 | @var{buf}: a pointer to a structure to hold the attribute data (may be null) | ||
1910 | |||
1911 | @var{sizeof_buf}: initially holds the size of @code{buf} | ||
1912 | |||
1913 | This function will return the attribute in the certificate request specified | ||
1914 | by the given Object ID. The attribute will be DER encoded. | ||
1915 | |||
1916 | Returns 0 on success. | ||
1917 | @end deftypefun | ||
1918 | |||
1919 | @subheading gnutls_x509_crq_set_dn_by_oid | ||
1920 | @anchor{gnutls_x509_crq_set_dn_by_oid} | ||
1921 | @deftypefun {int} {gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{data}, unsigned int @var{sizeof_data}) | ||
1922 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1923 | |||
1924 | @var{oid}: holds an Object Identifier in a null terminated string | ||
1925 | |||
1926 | @var{raw_flag}: must be 0, or 1 if the data are DER encoded | ||
1927 | |||
1928 | @var{data}: a pointer to the input data | ||
1929 | |||
1930 | @var{sizeof_data}: holds the size of @code{data} | ||
1931 | |||
1932 | This function will set the part of the name of the Certificate request subject, specified | ||
1933 | by the given OID. The input string should be ASCII or UTF-8 encoded. | ||
1934 | |||
1935 | Some helper macros with popular OIDs can be found in gnutls/x509.h | ||
1936 | With this function you can only set the known OIDs. You can test | ||
1937 | for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are | ||
1938 | not known (by gnutls) you should properly DER encode your data, and | ||
1939 | call this function with raw_flag set. | ||
1940 | |||
1941 | Returns 0 on success. | ||
1942 | @end deftypefun | ||
1943 | |||
1944 | @subheading gnutls_x509_crq_set_version | ||
1945 | @anchor{gnutls_x509_crq_set_version} | ||
1946 | @deftypefun {int} {gnutls_x509_crq_set_version} (gnutls_x509_crq_t @var{crq}, unsigned int @var{version}) | ||
1947 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1948 | |||
1949 | @var{version}: holds the version number. For v1 Requests must be 1. | ||
1950 | |||
1951 | This function will set the version of the certificate request. For | ||
1952 | version 1 requests this must be one. | ||
1953 | |||
1954 | Returns 0 on success. | ||
1955 | @end deftypefun | ||
1956 | |||
1957 | @subheading gnutls_x509_crq_get_version | ||
1958 | @anchor{gnutls_x509_crq_get_version} | ||
1959 | @deftypefun {int} {gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq}) | ||
1960 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1961 | |||
1962 | This function will return the version of the specified Certificate request. | ||
1963 | |||
1964 | Returns a negative value on error. | ||
1965 | @end deftypefun | ||
1966 | |||
1967 | @subheading gnutls_x509_crq_set_key | ||
1968 | @anchor{gnutls_x509_crq_set_key} | ||
1969 | @deftypefun {int} {gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) | ||
1970 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1971 | |||
1972 | @var{key}: holds a private key | ||
1973 | |||
1974 | This function will set the public parameters from the given private key to the | ||
1975 | request. Only RSA keys are currently supported. | ||
1976 | |||
1977 | Returns 0 on success. | ||
1978 | @end deftypefun | ||
1979 | |||
1980 | @subheading gnutls_x509_crq_set_challenge_password | ||
1981 | @anchor{gnutls_x509_crq_set_challenge_password} | ||
1982 | @deftypefun {int} {gnutls_x509_crq_set_challenge_password} (gnutls_x509_crq_t @var{crq}, const char * @var{pass}) | ||
1983 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1984 | |||
1985 | @var{pass}: holds a null terminated password | ||
1986 | |||
1987 | This function will set a challenge password to be used when revoking the request. | ||
1988 | |||
1989 | Returns 0 on success. | ||
1990 | @end deftypefun | ||
1991 | |||
1992 | @subheading gnutls_x509_crq_sign2 | ||
1993 | @anchor{gnutls_x509_crq_sign2} | ||
1994 | @deftypefun {int} {gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) | ||
1995 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
1996 | |||
1997 | @var{key}: holds a private key | ||
1998 | |||
1999 | @var{dig}: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing. | ||
2000 | |||
2001 | @var{flags}: must be 0 | ||
2002 | |||
2003 | This function will sign the certificate request with a private key. | ||
2004 | This must be the same key as the one used in @code{gnutls_x509_crt_set_key()} since a | ||
2005 | certificate request is self signed. | ||
2006 | |||
2007 | This must be the last step in a certificate request generation since all | ||
2008 | the previously set parameters are now signed. | ||
2009 | |||
2010 | Returns 0 on success. | ||
2011 | @end deftypefun | ||
2012 | |||
2013 | @subheading gnutls_x509_crq_sign | ||
2014 | @anchor{gnutls_x509_crq_sign} | ||
2015 | @deftypefun {int} {gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) | ||
2016 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
2017 | |||
2018 | @var{key}: holds a private key | ||
2019 | |||
2020 | This function is the same a @code{gnutls_x509_crq_sign2()} with no flags, and | ||
2021 | SHA1 as the hash algorithm. | ||
2022 | |||
2023 | Returns 0 on success. | ||
2024 | @end deftypefun | ||
2025 | |||
2026 | @subheading gnutls_x509_crq_export | ||
2027 | @anchor{gnutls_x509_crq_export} | ||
2028 | @deftypefun {int} {gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) | ||
2029 | @var{crq}: Holds the request | ||
2030 | |||
2031 | @var{format}: the format of output params. One of PEM or DER. | ||
2032 | |||
2033 | @var{output_data}: will contain a certificate request PEM or DER encoded | ||
2034 | |||
2035 | @var{output_data_size}: holds the size of output_data (and will be | ||
2036 | replaced by the actual size of parameters) | ||
2037 | |||
2038 | This function will export the certificate request to a PKCS10 | ||
2039 | |||
2040 | If the buffer provided is not long enough to hold the output, then | ||
2041 | GNUTLS_E_SHORT_MEMORY_BUFFER will be returned and | ||
2042 | *output_data_size will be updated. | ||
2043 | |||
2044 | If the structure is PEM encoded, it will have a header of "BEGIN | ||
2045 | NEW CERTIFICATE REQUEST". | ||
2046 | |||
2047 | @strong{Return value:} In case of failure a negative value will be | ||
2048 | returned, and 0 on success. | ||
2049 | @end deftypefun | ||
2050 | |||
2051 | @subheading gnutls_x509_crq_get_pk_algorithm | ||
2052 | @anchor{gnutls_x509_crq_get_pk_algorithm} | ||
2053 | @deftypefun {int} {gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{bits}) | ||
2054 | @var{crq}: should contain a gnutls_x509_crq_t structure | ||
2055 | |||
2056 | @var{bits}: if bits is non null it will hold the size of the parameters' in bits | ||
2057 | |||
2058 | This function will return the public key algorithm of a PKCS \@code{10} | ||
2059 | certificate request. | ||
2060 | |||
2061 | If bits is non null, it should have enough size to hold the parameters | ||
2062 | size in bits. For RSA the bits returned is the modulus. | ||
2063 | For DSA the bits returned are of the public | ||
2064 | exponent. | ||
2065 | |||
2066 | Returns a member of the gnutls_pk_algorithm_t enumeration on success, | ||
2067 | or a negative value on error. | ||
2068 | @end deftypefun | ||
2069 | |||
2070 | @subheading gnutls_x509_privkey_export_pkcs8 | ||
2071 | @anchor{gnutls_x509_privkey_export_pkcs8} | ||
2072 | @deftypefun {int} {gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, void * @var{output_data}, size_t * @var{output_data_size}) | ||
2073 | @var{key}: Holds the key | ||
2074 | |||
2075 | @var{format}: the format of output params. One of PEM or DER. | ||
2076 | |||
2077 | @var{password}: the password that will be used to encrypt the key. | ||
2078 | |||
2079 | @var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t | ||
2080 | |||
2081 | @var{output_data}: will contain a private key PEM or DER encoded | ||
2082 | |||
2083 | @var{output_data_size}: holds the size of output_data (and will be | ||
2084 | replaced by the actual size of parameters) | ||
2085 | |||
2086 | This function will export the private key to a PKCS8 structure. | ||
2087 | Both RSA and DSA keys can be exported. For DSA keys we use | ||
2088 | PKCS @code{11} definitions. If the flags do not specify the encryption | ||
2089 | cipher, then the default 3DES (PBES2) will be used. | ||
2090 | |||
2091 | The @code{password} can be either ASCII or UTF-8 in the default PBES2 | ||
2092 | encryption schemas, or ASCII for the PKCS12 schemas. | ||
2093 | |||
2094 | If the buffer provided is not long enough to hold the output, then | ||
2095 | *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
2096 | be returned. | ||
2097 | |||
2098 | If the structure is PEM encoded, it will have a header | ||
2099 | of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if | ||
2100 | encryption is not used. | ||
2101 | |||
2102 | @strong{Return value:} In case of failure a negative value will be | ||
2103 | returned, and 0 on success. | ||
2104 | @end deftypefun | ||
2105 | |||
2106 | @subheading gnutls_x509_privkey_import_pkcs8 | ||
2107 | @anchor{gnutls_x509_privkey_import_pkcs8} | ||
2108 | @deftypefun {int} {gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) | ||
2109 | @var{key}: The structure to store the parsed key | ||
2110 | |||
2111 | @var{data}: The DER or PEM encoded key. | ||
2112 | |||
2113 | @var{format}: One of DER or PEM | ||
2114 | |||
2115 | @var{password}: the password to decrypt the key (if it is encrypted). | ||
2116 | |||
2117 | @var{flags}: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted. | ||
2118 | |||
2119 | This function will convert the given DER or PEM encoded PKCS8 2.0 encrypted key | ||
2120 | to the native gnutls_x509_privkey_t format. The output will be stored in @code{key}. | ||
2121 | Both RSA and DSA keys can be imported, and flags can only be used to indicate | ||
2122 | an unencrypted key. | ||
2123 | |||
2124 | The @code{password} can be either ASCII or UTF-8 in the default PBES2 | ||
2125 | encryption schemas, or ASCII for the PKCS12 schemas. | ||
2126 | |||
2127 | If the Certificate is PEM encoded it should have a header of "ENCRYPTED PRIVATE KEY", | ||
2128 | or "PRIVATE KEY". You only need to specify the flags if the key is DER encoded, since | ||
2129 | in that case the encryption status cannot be auto-detected. | ||
2130 | |||
2131 | Returns 0 on success. | ||
2132 | @end deftypefun | ||
2133 | |||
2134 | @subheading gnutls_pkcs12_init | ||
2135 | @anchor{gnutls_pkcs12_init} | ||
2136 | @deftypefun {int} {gnutls_pkcs12_init} (gnutls_pkcs12_t * @var{pkcs12}) | ||
2137 | @var{pkcs12}: The structure to be initialized | ||
2138 | |||
2139 | This function will initialize a PKCS12 structure. PKCS12 structures | ||
2140 | usually contain lists of X.509 Certificates and X.509 Certificate | ||
2141 | revocation lists. | ||
2142 | |||
2143 | Returns 0 on success. | ||
2144 | @end deftypefun | ||
2145 | |||
2146 | @subheading gnutls_pkcs12_deinit | ||
2147 | @anchor{gnutls_pkcs12_deinit} | ||
2148 | @deftypefun {void} {gnutls_pkcs12_deinit} (gnutls_pkcs12_t @var{pkcs12}) | ||
2149 | @var{pkcs12}: The structure to be initialized | ||
2150 | |||
2151 | This function will deinitialize a PKCS12 structure. | ||
2152 | @end deftypefun | ||
2153 | |||
2154 | @subheading gnutls_pkcs12_import | ||
2155 | @anchor{gnutls_pkcs12_import} | ||
2156 | @deftypefun {int} {gnutls_pkcs12_import} (gnutls_pkcs12_t @var{pkcs12}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) | ||
2157 | @var{pkcs12}: The structure to store the parsed PKCS12. | ||
2158 | |||
2159 | @var{data}: The DER or PEM encoded PKCS12. | ||
2160 | |||
2161 | @var{format}: One of DER or PEM | ||
2162 | |||
2163 | @var{flags}: an ORed sequence of gnutls_privkey_pkcs8_flags | ||
2164 | |||
2165 | This function will convert the given DER or PEM encoded PKCS12 | ||
2166 | to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'. | ||
2167 | |||
2168 | If the PKCS12 is PEM encoded it should have a header of "PKCS12". | ||
2169 | |||
2170 | Returns 0 on success. | ||
2171 | @end deftypefun | ||
2172 | |||
2173 | @subheading gnutls_pkcs12_export | ||
2174 | @anchor{gnutls_pkcs12_export} | ||
2175 | @deftypefun {int} {gnutls_pkcs12_export} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) | ||
2176 | @var{pkcs12}: Holds the pkcs12 structure | ||
2177 | |||
2178 | @var{format}: the format of output params. One of PEM or DER. | ||
2179 | |||
2180 | @var{output_data}: will contain a structure PEM or DER encoded | ||
2181 | |||
2182 | @var{output_data_size}: holds the size of output_data (and will be | ||
2183 | replaced by the actual size of parameters) | ||
2184 | |||
2185 | This function will export the pkcs12 structure to DER or PEM format. | ||
2186 | |||
2187 | If the buffer provided is not long enough to hold the output, then | ||
2188 | *output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER | ||
2189 | will be returned. | ||
2190 | |||
2191 | If the structure is PEM encoded, it will have a header | ||
2192 | of "BEGIN PKCS12". | ||
2193 | |||
2194 | @strong{Return value:} In case of failure a negative value will be | ||
2195 | returned, and 0 on success. | ||
2196 | @end deftypefun | ||
2197 | |||
2198 | @subheading gnutls_pkcs12_get_bag | ||
2199 | @anchor{gnutls_pkcs12_get_bag} | ||
2200 | @deftypefun {int} {gnutls_pkcs12_get_bag} (gnutls_pkcs12_t @var{pkcs12}, int @var{indx}, gnutls_pkcs12_bag_t @var{bag}) | ||
2201 | @var{pkcs12}: should contain a gnutls_pkcs12_t structure | ||
2202 | |||
2203 | @var{indx}: contains the index of the bag to extract | ||
2204 | |||
2205 | @var{bag}: An initialized bag, where the contents of the bag will be copied | ||
2206 | |||
2207 | This function will return a Bag from the PKCS12 structure. | ||
2208 | Returns 0 on success. | ||
2209 | |||
2210 | After the last Bag has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE | ||
2211 | will be returned. | ||
2212 | @end deftypefun | ||
2213 | |||
2214 | @subheading gnutls_pkcs12_set_bag | ||
2215 | @anchor{gnutls_pkcs12_set_bag} | ||
2216 | @deftypefun {int} {gnutls_pkcs12_set_bag} (gnutls_pkcs12_t @var{pkcs12}, gnutls_pkcs12_bag_t @var{bag}) | ||
2217 | @var{pkcs12}: should contain a gnutls_pkcs12_t structure | ||
2218 | |||
2219 | @var{bag}: An initialized bag | ||
2220 | |||
2221 | This function will insert a Bag into the PKCS12 structure. | ||
2222 | Returns 0 on success. | ||
2223 | @end deftypefun | ||
2224 | |||
2225 | @subheading gnutls_pkcs12_generate_mac | ||
2226 | @anchor{gnutls_pkcs12_generate_mac} | ||
2227 | @deftypefun {int} {gnutls_pkcs12_generate_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) | ||
2228 | @var{pkcs12}: should contain a gnutls_pkcs12_t structure | ||
2229 | |||
2230 | @var{pass}: The password for the MAC | ||
2231 | |||
2232 | This function will generate a MAC for the PKCS12 structure. | ||
2233 | Returns 0 on success. | ||
2234 | @end deftypefun | ||
2235 | |||
2236 | @subheading gnutls_pkcs12_verify_mac | ||
2237 | @anchor{gnutls_pkcs12_verify_mac} | ||
2238 | @deftypefun {int} {gnutls_pkcs12_verify_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) | ||
2239 | @var{pkcs12}: should contain a gnutls_pkcs12_t structure | ||
2240 | |||
2241 | @var{pass}: The password for the MAC | ||
2242 | |||
2243 | This function will verify the MAC for the PKCS12 structure. | ||
2244 | Returns 0 on success. | ||
2245 | @end deftypefun | ||
2246 | |||
2247 | @subheading gnutls_pkcs12_bag_init | ||
2248 | @anchor{gnutls_pkcs12_bag_init} | ||
2249 | @deftypefun {int} {gnutls_pkcs12_bag_init} (gnutls_pkcs12_bag_t * @var{bag}) | ||
2250 | @var{bag}: The structure to be initialized | ||
2251 | |||
2252 | This function will initialize a PKCS12 bag structure. PKCS12 Bags | ||
2253 | usually contain private keys, lists of X.509 Certificates and X.509 Certificate | ||
2254 | revocation lists. | ||
2255 | |||
2256 | Returns 0 on success. | ||
2257 | @end deftypefun | ||
2258 | |||
2259 | @subheading gnutls_pkcs12_bag_deinit | ||
2260 | @anchor{gnutls_pkcs12_bag_deinit} | ||
2261 | @deftypefun {void} {gnutls_pkcs12_bag_deinit} (gnutls_pkcs12_bag_t @var{bag}) | ||
2262 | @var{bag}: The structure to be initialized | ||
2263 | |||
2264 | This function will deinitialize a PKCS12 Bag structure. | ||
2265 | @end deftypefun | ||
2266 | |||
2267 | @subheading gnutls_pkcs12_bag_get_type | ||
2268 | @anchor{gnutls_pkcs12_bag_get_type} | ||
2269 | @deftypefun {gnutls_pkcs12_bag_type_t} {gnutls_pkcs12_bag_get_type} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}) | ||
2270 | @var{bag}: The bag | ||
2271 | |||
2272 | @var{indx}: The element of the bag to get the type | ||
2273 | |||
2274 | This function will return the bag's type. One of the gnutls_pkcs12_bag_type_t | ||
2275 | enumerations. | ||
2276 | @end deftypefun | ||
2277 | |||
2278 | @subheading gnutls_pkcs12_bag_get_count | ||
2279 | @anchor{gnutls_pkcs12_bag_get_count} | ||
2280 | @deftypefun {int} {gnutls_pkcs12_bag_get_count} (gnutls_pkcs12_bag_t @var{bag}) | ||
2281 | @var{bag}: The bag | ||
2282 | |||
2283 | This function will return the number of the elements withing the bag. | ||
2284 | @end deftypefun | ||
2285 | |||
2286 | @subheading gnutls_pkcs12_bag_get_data | ||
2287 | @anchor{gnutls_pkcs12_bag_get_data} | ||
2288 | @deftypefun {int} {gnutls_pkcs12_bag_get_data} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, gnutls_datum_t * @var{data}) | ||
2289 | @var{bag}: The bag | ||
2290 | |||
2291 | @var{indx}: The element of the bag to get the data from | ||
2292 | |||
2293 | @var{data}: where the bag's data will be. Should be treated as constant. | ||
2294 | |||
2295 | This function will return the bag's data. The data is a constant | ||
2296 | that is stored into the bag. Should not be accessed after the bag | ||
2297 | is deleted. | ||
2298 | |||
2299 | Returns 0 on success and a negative error code on error. | ||
2300 | @end deftypefun | ||
2301 | |||
2302 | @subheading gnutls_pkcs12_bag_set_data | ||
2303 | @anchor{gnutls_pkcs12_bag_set_data} | ||
2304 | @deftypefun {int} {gnutls_pkcs12_bag_set_data} (gnutls_pkcs12_bag_t @var{bag}, gnutls_pkcs12_bag_type_t @var{type}, const gnutls_datum_t * @var{data}) | ||
2305 | @var{bag}: The bag | ||
2306 | |||
2307 | @var{type}: The data's type | ||
2308 | |||
2309 | @var{data}: the data to be copied. | ||
2310 | |||
2311 | This function will insert the given data of the given type into the | ||
2312 | bag. | ||
2313 | |||
2314 | Returns the index of the added bag on success, or a negative | ||
2315 | value on error. | ||
2316 | @end deftypefun | ||
2317 | |||
2318 | @subheading gnutls_pkcs12_bag_set_crt | ||
2319 | @anchor{gnutls_pkcs12_bag_set_crt} | ||
2320 | @deftypefun {int} {gnutls_pkcs12_bag_set_crt} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crt_t @var{crt}) | ||
2321 | @var{bag}: The bag | ||
2322 | |||
2323 | @var{crt}: the certificate to be copied. | ||
2324 | |||
2325 | This function will insert the given certificate into the | ||
2326 | bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()}. | ||
2327 | |||
2328 | Returns the index of the added bag on success, or a negative | ||
2329 | value on failure. | ||
2330 | @end deftypefun | ||
2331 | |||
2332 | @subheading gnutls_pkcs12_bag_set_crl | ||
2333 | @anchor{gnutls_pkcs12_bag_set_crl} | ||
2334 | @deftypefun {int} {gnutls_pkcs12_bag_set_crl} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crl_t @var{crl}) | ||
2335 | @var{bag}: The bag | ||
2336 | |||
2337 | @var{crl}: the CRL to be copied. | ||
2338 | |||
2339 | This function will insert the given CRL into the | ||
2340 | bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()}. | ||
2341 | |||
2342 | Returns the index of the added bag on success, or a negative | ||
2343 | value on failure. | ||
2344 | @end deftypefun | ||
2345 | |||
2346 | @subheading gnutls_pkcs12_bag_set_key_id | ||
2347 | @anchor{gnutls_pkcs12_bag_set_key_id} | ||
2348 | @deftypefun {int} {gnutls_pkcs12_bag_set_key_id} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, const gnutls_datum_t * @var{id}) | ||
2349 | @var{bag}: The bag | ||
2350 | |||
2351 | @var{indx}: The bag's element to add the id | ||
2352 | |||
2353 | @var{id}: the ID | ||
2354 | |||
2355 | This function will add the given key ID, to the specified, by the index, bag | ||
2356 | element. The key ID will be encoded as a 'Local key identifier' bag attribute, | ||
2357 | which is usually used to distinguish the local private key and the certificate pair. | ||
2358 | |||
2359 | Returns 0 on success, or a negative value on error. | ||
2360 | @end deftypefun | ||
2361 | |||
2362 | @subheading gnutls_pkcs12_bag_get_key_id | ||
2363 | @anchor{gnutls_pkcs12_bag_get_key_id} | ||
2364 | @deftypefun {int} {gnutls_pkcs12_bag_get_key_id} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, gnutls_datum_t * @var{id}) | ||
2365 | @var{bag}: The bag | ||
2366 | |||
2367 | @var{indx}: The bag's element to add the id | ||
2368 | |||
2369 | @var{id}: where the ID will be copied (to be treated as const) | ||
2370 | |||
2371 | This function will return the key ID, of the specified bag element. | ||
2372 | The key ID is usually used to distinguish the local private key and the certificate pair. | ||
2373 | |||
2374 | Returns 0 on success, or a negative value on error. | ||
2375 | @end deftypefun | ||
2376 | |||
2377 | @subheading gnutls_pkcs12_bag_get_friendly_name | ||
2378 | @anchor{gnutls_pkcs12_bag_get_friendly_name} | ||
2379 | @deftypefun {int} {gnutls_pkcs12_bag_get_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, char ** @var{name}) | ||
2380 | @var{bag}: The bag | ||
2381 | |||
2382 | @var{indx}: The bag's element to add the id | ||
2383 | |||
2384 | @var{name}: will hold a pointer to the name (to be treated as const) | ||
2385 | |||
2386 | This function will return the friendly name, of the specified bag element. | ||
2387 | The key ID is usually used to distinguish the local private key and the certificate pair. | ||
2388 | |||
2389 | Returns 0 on success, or a negative value on error. | ||
2390 | @end deftypefun | ||
2391 | |||
2392 | @subheading gnutls_pkcs12_bag_set_friendly_name | ||
2393 | @anchor{gnutls_pkcs12_bag_set_friendly_name} | ||
2394 | @deftypefun {int} {gnutls_pkcs12_bag_set_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, const char * @var{name}) | ||
2395 | @var{bag}: The bag | ||
2396 | |||
2397 | @var{indx}: The bag's element to add the id | ||
2398 | |||
2399 | @var{name}: the name | ||
2400 | |||
2401 | This function will add the given key friendly name, to the specified, by the index, bag | ||
2402 | element. The name will be encoded as a 'Friendly name' bag attribute, | ||
2403 | which is usually used to set a user name to the local private key and the certificate pair. | ||
2404 | |||
2405 | Returns 0 on success, or a negative value on error. | ||
2406 | @end deftypefun | ||
2407 | |||
2408 | @subheading gnutls_pkcs12_bag_decrypt | ||
2409 | @anchor{gnutls_pkcs12_bag_decrypt} | ||
2410 | @deftypefun {int} {gnutls_pkcs12_bag_decrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}) | ||
2411 | @var{bag}: The bag | ||
2412 | |||
2413 | @var{pass}: The password used for encryption. This can only be ASCII. | ||
2414 | |||
2415 | This function will decrypt the given encrypted bag and return 0 on success. | ||
2416 | @end deftypefun | ||
2417 | |||
2418 | @subheading gnutls_pkcs12_bag_encrypt | ||
2419 | @anchor{gnutls_pkcs12_bag_encrypt} | ||
2420 | @deftypefun {int} {gnutls_pkcs12_bag_encrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}, unsigned int @var{flags}) | ||
2421 | @var{bag}: The bag | ||
2422 | |||
2423 | @var{pass}: The password used for encryption. This can only be ASCII. | ||
2424 | |||
2425 | @var{flags}: should be one of gnutls_pkcs_encrypt_flags_t elements bitwise or'd | ||
2426 | |||
2427 | This function will encrypt the given bag and return 0 on success. | ||
2428 | @end deftypefun | ||
2429 | |||
2430 | @subheading gnutls_x509_crt_set_dn_by_oid | ||
2431 | @anchor{gnutls_x509_crt_set_dn_by_oid} | ||
2432 | @deftypefun {int} {gnutls_x509_crt_set_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) | ||
2433 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2434 | |||
2435 | @var{oid}: holds an Object Identifier in a null terminated string | ||
2436 | |||
2437 | @var{raw_flag}: must be 0, or 1 if the data are DER encoded | ||
2438 | |||
2439 | @var{name}: a pointer to the name | ||
2440 | |||
2441 | @var{sizeof_name}: holds the size of @code{name} | ||
2442 | |||
2443 | This function will set the part of the name of the Certificate subject, specified | ||
2444 | by the given OID. The input string should be ASCII or UTF-8 encoded. | ||
2445 | |||
2446 | Some helper macros with popular OIDs can be found in gnutls/x509.h | ||
2447 | With this function you can only set the known OIDs. You can test | ||
2448 | for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are | ||
2449 | not known (by gnutls) you should properly DER encode your data, and | ||
2450 | call this function with raw_flag set. | ||
2451 | |||
2452 | Returns 0 on success. | ||
2453 | @end deftypefun | ||
2454 | |||
2455 | @subheading gnutls_x509_crt_set_issuer_dn_by_oid | ||
2456 | @anchor{gnutls_x509_crt_set_issuer_dn_by_oid} | ||
2457 | @deftypefun {int} {gnutls_x509_crt_set_issuer_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) | ||
2458 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2459 | |||
2460 | @var{oid}: holds an Object Identifier in a null terminated string | ||
2461 | |||
2462 | @var{raw_flag}: must be 0, or 1 if the data are DER encoded | ||
2463 | |||
2464 | @var{name}: a pointer to the name | ||
2465 | |||
2466 | @var{sizeof_name}: holds the size of @code{name} | ||
2467 | |||
2468 | This function will set the part of the name of the Certificate issuer, specified | ||
2469 | by the given OID. The input string should be ASCII or UTF-8 encoded. | ||
2470 | |||
2471 | Some helper macros with popular OIDs can be found in gnutls/x509.h | ||
2472 | With this function you can only set the known OIDs. You can test | ||
2473 | for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are | ||
2474 | not known (by gnutls) you should properly DER encode your data, and | ||
2475 | call this function with raw_flag set. | ||
2476 | |||
2477 | Normally you do not need to call this function, since the signing | ||
2478 | operation will copy the signer's name as the issuer of the certificate. | ||
2479 | |||
2480 | Returns 0 on success. | ||
2481 | @end deftypefun | ||
2482 | |||
2483 | @subheading gnutls_x509_crt_set_proxy_dn | ||
2484 | @anchor{gnutls_x509_crt_set_proxy_dn} | ||
2485 | @deftypefun {int} {gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) | ||
2486 | @var{crt}: a gnutls_x509_crt_t structure with the new proxy cert | ||
2487 | |||
2488 | @var{eecrt}: the end entity certificate that will be issuing the proxy | ||
2489 | |||
2490 | @var{raw_flag}: must be 0, or 1 if the CN is DER encoded | ||
2491 | |||
2492 | @var{name}: a pointer to the CN name, may be NULL (but MUST then be added later) | ||
2493 | |||
2494 | @var{sizeof_name}: holds the size of @code{name} | ||
2495 | |||
2496 | This function will set the subject in @code{crt} to the end entity's | ||
2497 | @code{eecrt} subject name, and add a single Common Name component @code{name} | ||
2498 | of size @code{sizeof_name}. This corresponds to the required proxy | ||
2499 | certificate naming style. Note that if @code{name} is @code{NULL}, you MUST | ||
2500 | set it later by using @code{gnutls_x509_crt_set_dn_by_oid()} or similar. | ||
2501 | |||
2502 | Returns 0 on success. | ||
2503 | @end deftypefun | ||
2504 | |||
2505 | @subheading gnutls_x509_crt_set_version | ||
2506 | @anchor{gnutls_x509_crt_set_version} | ||
2507 | @deftypefun {int} {gnutls_x509_crt_set_version} (gnutls_x509_crt_t @var{crt}, unsigned int @var{version}) | ||
2508 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2509 | |||
2510 | @var{version}: holds the version number. For X.509v1 certificates must be 1. | ||
2511 | |||
2512 | This function will set the version of the certificate. This must | ||
2513 | be one for X.509 version 1, and so on. Plain certificates without | ||
2514 | extensions must have version set to one. | ||
2515 | |||
2516 | To create well-formed certificates, you must specify version 3 if | ||
2517 | you use any certificate extensions. Extensions are created by | ||
2518 | functions such as gnutls_x509_crt_set_subject_alternative_name or | ||
2519 | gnutls_x509_crt_set_key_usage. | ||
2520 | |||
2521 | Returns 0 on success. | ||
2522 | @end deftypefun | ||
2523 | |||
2524 | @subheading gnutls_x509_crt_set_key | ||
2525 | @anchor{gnutls_x509_crt_set_key} | ||
2526 | @deftypefun {int} {gnutls_x509_crt_set_key} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{key}) | ||
2527 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2528 | |||
2529 | @var{key}: holds a private key | ||
2530 | |||
2531 | This function will set the public parameters from the given private key to the | ||
2532 | certificate. Only RSA keys are currently supported. | ||
2533 | |||
2534 | Returns 0 on success. | ||
2535 | @end deftypefun | ||
2536 | |||
2537 | @subheading gnutls_x509_crt_set_crq | ||
2538 | @anchor{gnutls_x509_crt_set_crq} | ||
2539 | @deftypefun {int} {gnutls_x509_crt_set_crq} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}) | ||
2540 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2541 | |||
2542 | @var{crq}: holds a certificate request | ||
2543 | |||
2544 | This function will set the name and public parameters from the given certificate request to the | ||
2545 | certificate. Only RSA keys are currently supported. | ||
2546 | |||
2547 | Returns 0 on success. | ||
2548 | @end deftypefun | ||
2549 | |||
2550 | @subheading gnutls_x509_crt_set_extension_by_oid | ||
2551 | @anchor{gnutls_x509_crt_set_extension_by_oid} | ||
2552 | @deftypefun {int} {gnutls_x509_crt_set_extension_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical}) | ||
2553 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2554 | |||
2555 | @var{oid}: holds an Object Identified in null terminated string | ||
2556 | |||
2557 | @var{buf}: a pointer to a DER encoded data | ||
2558 | |||
2559 | @var{sizeof_buf}: holds the size of @code{buf} | ||
2560 | |||
2561 | @var{critical}: should be non zero if the extension is to be marked as critical | ||
2562 | |||
2563 | This function will set an the extension, by the specified OID, in the certificate. | ||
2564 | The extension data should be binary data DER encoded. | ||
2565 | |||
2566 | Returns 0 on success and a negative value in case of an error. | ||
2567 | @end deftypefun | ||
2568 | |||
2569 | @subheading gnutls_x509_crt_set_basic_constraints | ||
2570 | @anchor{gnutls_x509_crt_set_basic_constraints} | ||
2571 | @deftypefun {int} {gnutls_x509_crt_set_basic_constraints} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}, int @var{pathLenConstraint}) | ||
2572 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2573 | |||
2574 | @var{ca}: true(1) or false(0). Depending on the Certificate authority status. | ||
2575 | |||
2576 | @var{pathLenConstraint}: non-negative values indicate maximum length of path, | ||
2577 | and negative values indicate that the pathLenConstraints field should | ||
2578 | not be present. | ||
2579 | |||
2580 | This function will set the basicConstraints certificate extension. | ||
2581 | |||
2582 | Returns 0 on success. | ||
2583 | @end deftypefun | ||
2584 | |||
2585 | @subheading gnutls_x509_crt_set_ca_status | ||
2586 | @anchor{gnutls_x509_crt_set_ca_status} | ||
2587 | @deftypefun {int} {gnutls_x509_crt_set_ca_status} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}) | ||
2588 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2589 | |||
2590 | @var{ca}: true(1) or false(0). Depending on the Certificate authority status. | ||
2591 | |||
2592 | This function will set the basicConstraints certificate extension. | ||
2593 | Use @code{gnutls_x509_crt_set_basic_constraints()} if you want to control | ||
2594 | the pathLenConstraint field too. | ||
2595 | |||
2596 | Returns 0 on success. | ||
2597 | @end deftypefun | ||
2598 | |||
2599 | @subheading gnutls_x509_crt_set_key_usage | ||
2600 | @anchor{gnutls_x509_crt_set_key_usage} | ||
2601 | @deftypefun {int} {gnutls_x509_crt_set_key_usage} (gnutls_x509_crt_t @var{crt}, unsigned int @var{usage}) | ||
2602 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2603 | |||
2604 | @var{usage}: an ORed sequence of the GNUTLS_KEY_* elements. | ||
2605 | |||
2606 | This function will set the keyUsage certificate extension. | ||
2607 | |||
2608 | Returns 0 on success. | ||
2609 | @end deftypefun | ||
2610 | |||
2611 | @subheading gnutls_x509_crt_set_subject_alternative_name | ||
2612 | @anchor{gnutls_x509_crt_set_subject_alternative_name} | ||
2613 | @deftypefun {int} {gnutls_x509_crt_set_subject_alternative_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const char * @var{data_string}) | ||
2614 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2615 | |||
2616 | @var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations | ||
2617 | |||
2618 | @var{data_string}: The data to be set | ||
2619 | |||
2620 | This function will set the subject alternative name certificate extension. | ||
2621 | |||
2622 | Returns 0 on success. | ||
2623 | @end deftypefun | ||
2624 | |||
2625 | @subheading gnutls_x509_crt_set_proxy | ||
2626 | @anchor{gnutls_x509_crt_set_proxy} | ||
2627 | @deftypefun {int} {gnutls_x509_crt_set_proxy} (gnutls_x509_crt_t @var{crt}, int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy}) | ||
2628 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2629 | |||
2630 | @var{pathLenConstraint}: non-negative values indicate maximum length of path, | ||
2631 | and negative values indicate that the pathLenConstraints field should | ||
2632 | not be present. | ||
2633 | |||
2634 | @var{policyLanguage}: OID describing the language of @code{policy}. | ||
2635 | |||
2636 | @var{policy}: opaque byte array with policy language, can be @code{NULL} | ||
2637 | |||
2638 | @var{sizeof_policy}: size of @code{policy}. | ||
2639 | |||
2640 | This function will set the proxyCertInfo extension. | ||
2641 | |||
2642 | Returns 0 on success. | ||
2643 | @end deftypefun | ||
2644 | |||
2645 | @subheading gnutls_x509_crt_sign2 | ||
2646 | @anchor{gnutls_x509_crt_sign2} | ||
2647 | @deftypefun {int} {gnutls_x509_crt_sign2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) | ||
2648 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2649 | |||
2650 | @var{issuer}: is the certificate of the certificate issuer | ||
2651 | |||
2652 | @var{issuer_key}: holds the issuer's private key | ||
2653 | |||
2654 | @var{dig}: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing. | ||
2655 | |||
2656 | @var{flags}: must be 0 | ||
2657 | |||
2658 | This function will sign the certificate with the issuer's private key, and | ||
2659 | will copy the issuer's information into the certificate. | ||
2660 | |||
2661 | This must be the last step in a certificate generation since all | ||
2662 | the previously set parameters are now signed. | ||
2663 | |||
2664 | Returns 0 on success. | ||
2665 | @end deftypefun | ||
2666 | |||
2667 | @subheading gnutls_x509_crt_sign | ||
2668 | @anchor{gnutls_x509_crt_sign} | ||
2669 | @deftypefun {int} {gnutls_x509_crt_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) | ||
2670 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2671 | |||
2672 | @var{issuer}: is the certificate of the certificate issuer | ||
2673 | |||
2674 | @var{issuer_key}: holds the issuer's private key | ||
2675 | |||
2676 | This function is the same a @code{gnutls_x509_crt_sign2()} with no flags, and | ||
2677 | SHA1 as the hash algorithm. | ||
2678 | |||
2679 | Returns 0 on success. | ||
2680 | @end deftypefun | ||
2681 | |||
2682 | @subheading gnutls_x509_crt_set_activation_time | ||
2683 | @anchor{gnutls_x509_crt_set_activation_time} | ||
2684 | @deftypefun {int} {gnutls_x509_crt_set_activation_time} (gnutls_x509_crt_t @var{cert}, time_t @var{act_time}) | ||
2685 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
2686 | |||
2687 | @var{act_time}: The actual time | ||
2688 | |||
2689 | This function will set the time this Certificate was or will be activated. | ||
2690 | |||
2691 | Returns 0 on success, or a negative value in case of an error. | ||
2692 | @end deftypefun | ||
2693 | |||
2694 | @subheading gnutls_x509_crt_set_expiration_time | ||
2695 | @anchor{gnutls_x509_crt_set_expiration_time} | ||
2696 | @deftypefun {int} {gnutls_x509_crt_set_expiration_time} (gnutls_x509_crt_t @var{cert}, time_t @var{exp_time}) | ||
2697 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
2698 | |||
2699 | @var{exp_time}: The actual time | ||
2700 | |||
2701 | This function will set the time this Certificate will expire. | ||
2702 | |||
2703 | Returns 0 on success, or a negative value in case of an error. | ||
2704 | @end deftypefun | ||
2705 | |||
2706 | @subheading gnutls_x509_crt_set_serial | ||
2707 | @anchor{gnutls_x509_crt_set_serial} | ||
2708 | @deftypefun {int} {gnutls_x509_crt_set_serial} (gnutls_x509_crt_t @var{cert}, const void * @var{serial}, size_t @var{serial_size}) | ||
2709 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
2710 | |||
2711 | @var{serial}: The serial number | ||
2712 | |||
2713 | @var{serial_size}: Holds the size of the serial field. | ||
2714 | |||
2715 | This function will set the X.509 certificate's serial number. | ||
2716 | Serial is not always a 32 or 64bit number. Some CAs use | ||
2717 | large serial numbers, thus it may be wise to handle it as something | ||
2718 | opaque. | ||
2719 | |||
2720 | Returns 0 on success, or a negative value in case of an error. | ||
2721 | @end deftypefun | ||
2722 | |||
2723 | @subheading gnutls_x509_crt_set_crl_dist_points | ||
2724 | @anchor{gnutls_x509_crt_set_crl_dist_points} | ||
2725 | @deftypefun {int} {gnutls_x509_crt_set_crl_dist_points} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data_string}, unsigned int @var{reason_flags}) | ||
2726 | @var{crt}: should contain a gnutls_x509_crt_t structure | ||
2727 | |||
2728 | @var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations | ||
2729 | |||
2730 | @var{data_string}: The data to be set | ||
2731 | |||
2732 | @var{reason_flags}: revocation reasons | ||
2733 | |||
2734 | This function will set the CRL distribution points certificate extension. | ||
2735 | |||
2736 | Returns 0 on success. | ||
2737 | @end deftypefun | ||
2738 | |||
2739 | @subheading gnutls_x509_crt_cpy_crl_dist_points | ||
2740 | @anchor{gnutls_x509_crt_cpy_crl_dist_points} | ||
2741 | @deftypefun {int} {gnutls_x509_crt_cpy_crl_dist_points} (gnutls_x509_crt_t @var{dst}, gnutls_x509_crt_t @var{src}) | ||
2742 | @var{dst}: should contain a gnutls_x509_crt_t structure | ||
2743 | |||
2744 | @var{src}: the certificate where the dist points will be copied from | ||
2745 | |||
2746 | This function will copy the CRL distribution points certificate | ||
2747 | extension, from the source to the destination certificate. | ||
2748 | This may be useful to copy from a CA certificate to issued ones. | ||
2749 | |||
2750 | Returns 0 on success. | ||
2751 | @end deftypefun | ||
2752 | |||
2753 | @subheading gnutls_x509_crt_set_subject_key_id | ||
2754 | @anchor{gnutls_x509_crt_set_subject_key_id} | ||
2755 | @deftypefun {int} {gnutls_x509_crt_set_subject_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) | ||
2756 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
2757 | |||
2758 | @var{id}: The key ID | ||
2759 | |||
2760 | @var{id_size}: Holds the size of the serial field. | ||
2761 | |||
2762 | This function will set the X.509 certificate's subject key ID extension. | ||
2763 | |||
2764 | Returns 0 on success, or a negative value in case of an error. | ||
2765 | @end deftypefun | ||
2766 | |||
2767 | @subheading gnutls_x509_crt_set_authority_key_id | ||
2768 | @anchor{gnutls_x509_crt_set_authority_key_id} | ||
2769 | @deftypefun {int} {gnutls_x509_crt_set_authority_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) | ||
2770 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
2771 | |||
2772 | @var{id}: The key ID | ||
2773 | |||
2774 | @var{id_size}: Holds the size of the serial field. | ||
2775 | |||
2776 | This function will set the X.509 certificate's authority key ID extension. | ||
2777 | Only the keyIdentifier field can be set with this function. | ||
2778 | |||
2779 | Returns 0 on success, or a negative value in case of an error. | ||
2780 | @end deftypefun | ||
2781 | |||
2782 | @subheading gnutls_x509_crt_set_key_purpose_oid | ||
2783 | @anchor{gnutls_x509_crt_set_key_purpose_oid} | ||
2784 | @deftypefun {int} {gnutls_x509_crt_set_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, const void * @var{oid}, unsigned int @var{critical}) | ||
2785 | @var{cert}: should contain a gnutls_x509_crt_t structure | ||
2786 | |||
2787 | @var{oid}: a pointer to a null terminated string that holds the OID | ||
2788 | |||
2789 | @var{critical}: Whether this extension will be critical or not | ||
2790 | |||
2791 | This function will set the key purpose OIDs of the Certificate. | ||
2792 | These are stored in the Extended Key Usage extension (2.5.29.37) | ||
2793 | See the GNUTLS_KP_* definitions for human readable names. | ||
2794 | |||
2795 | Subsequent calls to this function will append OIDs to the OID list. | ||
2796 | |||
2797 | On success 0 is returned. | ||
2798 | @end deftypefun | ||
2799 | |||
2800 | @subheading gnutls_x509_crl_set_version | ||
2801 | @anchor{gnutls_x509_crl_set_version} | ||
2802 | @deftypefun {int} {gnutls_x509_crl_set_version} (gnutls_x509_crl_t @var{crl}, unsigned int @var{version}) | ||
2803 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
2804 | |||
2805 | @var{version}: holds the version number. For CRLv1 crls must be 1. | ||
2806 | |||
2807 | This function will set the version of the CRL. This | ||
2808 | must be one for CRL version 1, and so on. The CRLs generated | ||
2809 | by gnutls should have a version number of 2. | ||
2810 | |||
2811 | Returns 0 on success. | ||
2812 | @end deftypefun | ||
2813 | |||
2814 | @subheading gnutls_x509_crl_sign2 | ||
2815 | @anchor{gnutls_x509_crl_sign2} | ||
2816 | @deftypefun {int} {gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) | ||
2817 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
2818 | |||
2819 | @var{issuer}: is the certificate of the certificate issuer | ||
2820 | |||
2821 | @var{issuer_key}: holds the issuer's private key | ||
2822 | |||
2823 | @var{dig}: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing. | ||
2824 | |||
2825 | @var{flags}: must be 0 | ||
2826 | |||
2827 | This function will sign the CRL with the issuer's private key, and | ||
2828 | will copy the issuer's information into the CRL. | ||
2829 | |||
2830 | This must be the last step in a certificate CRL since all | ||
2831 | the previously set parameters are now signed. | ||
2832 | |||
2833 | Returns 0 on success. | ||
2834 | @end deftypefun | ||
2835 | |||
2836 | @subheading gnutls_x509_crl_sign | ||
2837 | @anchor{gnutls_x509_crl_sign} | ||
2838 | @deftypefun {int} {gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) | ||
2839 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
2840 | |||
2841 | @var{issuer}: is the certificate of the certificate issuer | ||
2842 | |||
2843 | @var{issuer_key}: holds the issuer's private key | ||
2844 | |||
2845 | This function is the same a @code{gnutls_x509_crl_sign2()} with no flags, and | ||
2846 | SHA1 as the hash algorithm. | ||
2847 | |||
2848 | Returns 0 on success. | ||
2849 | @end deftypefun | ||
2850 | |||
2851 | @subheading gnutls_x509_crl_set_this_update | ||
2852 | @anchor{gnutls_x509_crl_set_this_update} | ||
2853 | @deftypefun {int} {gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t @var{crl}, time_t @var{act_time}) | ||
2854 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
2855 | |||
2856 | @var{act_time}: The actual time | ||
2857 | |||
2858 | This function will set the time this CRL was issued. | ||
2859 | |||
2860 | Returns 0 on success, or a negative value in case of an error. | ||
2861 | @end deftypefun | ||
2862 | |||
2863 | @subheading gnutls_x509_crl_set_next_update | ||
2864 | @anchor{gnutls_x509_crl_set_next_update} | ||
2865 | @deftypefun {int} {gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t @var{crl}, time_t @var{exp_time}) | ||
2866 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
2867 | |||
2868 | @var{exp_time}: The actual time | ||
2869 | |||
2870 | This function will set the time this CRL will be updated. | ||
2871 | |||
2872 | Returns 0 on success, or a negative value in case of an error. | ||
2873 | @end deftypefun | ||
2874 | |||
2875 | @subheading gnutls_x509_crl_set_crt_serial | ||
2876 | @anchor{gnutls_x509_crl_set_crt_serial} | ||
2877 | @deftypefun {int} {gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t @var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t @var{revocation_time}) | ||
2878 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
2879 | |||
2880 | @var{serial}: The revoked certificate's serial number | ||
2881 | |||
2882 | @var{serial_size}: Holds the size of the serial field. | ||
2883 | |||
2884 | @var{revocation_time}: The time this certificate was revoked | ||
2885 | |||
2886 | This function will set a revoked certificate's serial number to the CRL. | ||
2887 | |||
2888 | Returns 0 on success, or a negative value in case of an error. | ||
2889 | @end deftypefun | ||
2890 | |||
2891 | @subheading gnutls_x509_crl_set_crt | ||
2892 | @anchor{gnutls_x509_crl_set_crt} | ||
2893 | @deftypefun {int} {gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time}) | ||
2894 | @var{crl}: should contain a gnutls_x509_crl_t structure | ||
2895 | |||
2896 | @var{crt}: should contain a gnutls_x509_crt_t structure with the revoked certificate | ||
2897 | |||
2898 | @var{revocation_time}: The time this certificate was revoked | ||
2899 | |||
2900 | This function will set a revoked certificate's serial number to the CRL. | ||
2901 | |||
2902 | Returns 0 on success, or a negative value in case of an error. | ||
2903 | @end deftypefun | ||
2904 | |||
2905 | @subheading gnutls_x509_crt_print | ||
2906 | @anchor{gnutls_x509_crt_print} | ||
2907 | @deftypefun {int} {gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) | ||
2908 | @var{cert}: The structure to be printed | ||
2909 | |||
2910 | @var{format}: Indicate the format to use | ||
2911 | |||
2912 | @var{out}: Newly allocated datum with zero terminated string. | ||
2913 | |||
2914 | This function will pretty print a X.509 certificate, suitable for | ||
2915 | display to a human. | ||
2916 | |||
2917 | If the format is @code{GNUTLS_X509_CRT_FULL} then all fields of the | ||
2918 | certificate will be output, on multiple lines. The | ||
2919 | @code{GNUTLS_X509_CRT_ONELINE} format will generate one line with some | ||
2920 | selected fields, which is useful for logging purposes. | ||
2921 | |||
2922 | The output @code{out} needs to be deallocate using @code{gnutls_free()}. | ||
2923 | |||
2924 | Returns 0 on success. | ||
2925 | @end deftypefun | ||
2926 | |||
2927 | @subheading gnutls_x509_crl_print | ||
2928 | @anchor{gnutls_x509_crl_print} | ||
2929 | @deftypefun {int} {gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) | ||
2930 | @var{crl}: The structure to be printed | ||
2931 | |||
2932 | @var{format}: Indicate the format to use | ||
2933 | |||
2934 | @var{out}: Newly allocated datum with zero terminated string. | ||
2935 | |||
2936 | This function will pretty print a X.509 certificate revocation | ||
2937 | list, suitable for display to a human. | ||
2938 | |||
2939 | The output @code{out} needs to be deallocate using @code{gnutls_free()}. | ||
2940 | |||
2941 | Returns 0 on success. | ||
2942 | @end deftypefun | ||
2943 | |||