~ubuntu-branches/ubuntu/raring/gnutls26/raring

@deftypefun {int} {gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t @var{crl}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})

@var{crl}: should contain a gnutls_x509_crl_t structure

@var{oid}: holds an Object Identified in null terminated string

@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.

@var{raw_flag}: If non zero returns the raw DER data of the DN part.

@var{buf}: a pointer to a structure to hold the peer's name (may be null)

@var{sizeof_buf}: initially holds the size of @code{buf}

This function will extract the part of the name of the CRL issuer

specified by the given OID. The output will be encoded as described

in RFC2253. The output string will be ASCII or UTF-8 encoded,

depending on the certificate data.

100

Some helper macros with popular OIDs can be found in gnutls/x509.h

101

If raw flag is zero, this function will only return known OIDs as

102

text. Other OIDs will be DER encoded, as described in RFC2253 -- in

103

hex format with a '\#' prefix. You can check about known OIDs

104

using @code{gnutls_x509_dn_oid_known()}.

105

106

If buf is null then only the size will be filled.

107

108

@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is

109

not long enough, and in that case the sizeof_buf will be updated

110

with the required size, and 0 on success.

111

@end deftypefun

112

113

@subheading gnutls_x509_crl_get_dn_oid

114

@anchor{gnutls_x509_crl_get_dn_oid}

115

@deftypefun {int} {gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})

116

@var{crl}: should contain a gnutls_x509_crl_t structure

117

118

@var{indx}: Specifies which DN OID to send. Use zero to get the first one.

119

120

@var{oid}: a pointer to a structure to hold the name (may be null)

121

122

@var{sizeof_oid}: initially holds the size of 'oid'

123

124

This function will extract the requested OID of the name of the CRL

125

issuer, specified by the given index.

126

127

If oid is null then only the size will be filled.

128

129

@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is

130

not long enough, and in that case the sizeof_oid will be updated

131

with the required size. On success 0 is returned.

132

@end deftypefun

133

134

@subheading gnutls_x509_crl_get_signature_algorithm

135

@anchor{gnutls_x509_crl_get_signature_algorithm}

136

@deftypefun {int} {gnutls_x509_crl_get_signature_algorithm} (gnutls_x509_crl_t @var{crl})

137

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

138

139

This function will return a value of the @code{gnutls_sign_algorithm_t}

140

enumeration that is the signature algorithm.

141

142

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

143

negative error value.

144

@end deftypefun

145

146

@subheading gnutls_x509_crl_get_signature

147

@anchor{gnutls_x509_crl_get_signature}

148

@deftypefun {int} {gnutls_x509_crl_get_signature} (gnutls_x509_crl_t @var{crl}, char * @var{sig}, size_t * @var{sizeof_sig})

149

@var{crl}: should contain a gnutls_x509_crl_t structure

150

151

@var{sig}: a pointer where the signature part will be copied (may be null).

152

153

@var{sizeof_sig}: initially holds the size of @code{sig}

154

155

This function will extract the signature field of a CRL.

156

157

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

158

negative error value. and a negative value on error.

159

@end deftypefun

160

161

@subheading gnutls_x509_crl_get_version

162

@anchor{gnutls_x509_crl_get_version}

163

@deftypefun {int} {gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl})

164

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

165

166

This function will return the version of the specified CRL.

167

168

@strong{Returns:} The version number, or a negative value on error.

169

@end deftypefun

170

171

@subheading gnutls_x509_crl_get_this_update

172

@anchor{gnutls_x509_crl_get_this_update}

173

@deftypefun {time_t} {gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t @var{crl})

174

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

175

176

This function will return the time this CRL was issued.

177

178

@strong{Returns:} when the CRL was issued, or (time_t)-1 on error.

179

@end deftypefun

180

181

@subheading gnutls_x509_crl_get_next_update

182

@anchor{gnutls_x509_crl_get_next_update}

183

@deftypefun {time_t} {gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t @var{crl})

184

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

185

186

This function will return the time the next CRL will be issued.

187

This field is optional in a CRL so it might be normal to get an

188

error instead.

189

190

@strong{Returns:} when the next CRL will be issued, or (time_t)-1 on error.

191

@end deftypefun

192

193

@subheading gnutls_x509_crl_get_crt_count

194

@anchor{gnutls_x509_crl_get_crt_count}

195

@deftypefun {int} {gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t @var{crl})

196

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

197

198

This function will return the number of revoked certificates in the

199

given CRL.

200

201

@strong{Returns:} number of certificates, a negative value on failure.

202

@end deftypefun

203

204

@subheading gnutls_x509_crl_get_crt_serial

205

@anchor{gnutls_x509_crl_get_crt_serial}

206

@deftypefun {int} {gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t @var{crl}, int @var{indx}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t})

207

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

208

209

@var{indx}: the index of the certificate to extract (starting from 0)

210

211

@var{serial}: where the serial number will be copied

212

213

@var{serial_size}: initially holds the size of serial

214

215

@var{t}: if non null, will hold the time this certificate was revoked

216

217

This function will retrieve the serial number of the specified, by

218

the index, revoked certificate.

219

220

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

221

negative error value. and a negative value on error.

222

@end deftypefun

223

224

@subheading gnutls_x509_crl_export

225

@anchor{gnutls_x509_crl_export}

226

@deftypefun {int} {gnutls_x509_crl_export} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})

227

@var{crl}: Holds the revocation list

228

229

@var{format}: the format of output params. One of PEM or DER.

230

231

@var{output_data}: will contain a private key PEM or DER encoded

232

233

@var{output_data_size}: holds the size of output_data (and will

234

be replaced by the actual size of parameters)

235

236

This function will export the revocation list to DER or PEM format.

237

238

If the buffer provided is not long enough to hold the output, then

239

¤GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.

240

241

If the structure is PEM encoded, it will have a header

242

of "BEGIN X509 CRL".

243

244

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

245

negative error value. and a negative value on failure.

246

@end deftypefun

247

248

@subheading gnutls_x509_crl_get_authority_key_id

249

@anchor{gnutls_x509_crl_get_authority_key_id}

250

@deftypefun {int} {gnutls_x509_crl_get_authority_key_id} (gnutls_x509_crl_t @var{crl}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})

251

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

252

253

@var{ret}: The place where the identifier will be copied

254

255

@var{ret_size}: Holds the size of the result field.

256

257

@var{critical}: will be non zero if the extension is marked as critical

258

(may be null)

259

260

This function will return the CRL authority's key identifier. This

261

is obtained by the X.509 Authority Key identifier extension field

262

(2.5.29.35). Note that this function only returns the

263

keyIdentifier field of the extension.

264

265

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

266

negative value in case of an error.

267

268

@strong{Since:} 2.8.0

269

@end deftypefun

270

271

@subheading gnutls_x509_crl_get_number

272

@anchor{gnutls_x509_crl_get_number}

273

@deftypefun {int} {gnutls_x509_crl_get_number} (gnutls_x509_crl_t @var{crl}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})

274

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

275

276

@var{ret}: The place where the number will be copied

277

278

@var{ret_size}: Holds the size of the result field.

279

280

@var{critical}: will be non zero if the extension is marked as critical

281

(may be null)

282

283

This function will return the CRL number extension. This is

284

obtained by the CRL Number extension field (2.5.29.20).

285

286

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

287

negative value in case of an error.

288

289

@strong{Since:} 2.8.0

290

@end deftypefun

291

292

@subheading gnutls_x509_crl_get_extension_oid

293

@anchor{gnutls_x509_crl_get_extension_oid}

294

@deftypefun {int} {gnutls_x509_crl_get_extension_oid} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})

295

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

296

297

@var{indx}: Specifies which extension OID to send, use zero to get the first one.

298

299

@var{oid}: a pointer to a structure to hold the OID (may be null)

300

301

@var{sizeof_oid}: initially holds the size of @code{oid}

302

303

This function will return the requested extension OID in the CRL.

304

The extension OID will be stored as a string in the provided

305

buffer.

306

307

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

308

negative value in case of an error. If your have reached the

309

last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}

310

will be returned.

311

312

@strong{Since:} 2.8.0

313

@end deftypefun

314

315

@subheading gnutls_x509_crl_get_extension_info

316

@anchor{gnutls_x509_crl_get_extension_info}

317

@deftypefun {int} {gnutls_x509_crl_get_extension_info} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, int * @var{critical})

318

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

319

320

@var{indx}: Specifies which extension OID to send, use zero to get the first one.

321

322

@var{oid}: a pointer to a structure to hold the OID

323

324

@var{sizeof_oid}: initially holds the maximum size of @code{oid}, on return

325

holds actual size of @code{oid}.

326

327

@var{critical}: output variable with critical flag, may be NULL.

328

329

This function will return the requested extension OID in the CRL,

330

and the critical flag for it. The extension OID will be stored as

331

a string in the provided buffer. Use

332

@code{gnutls_x509_crl_get_extension_data()} to extract the data.

333

334

If the buffer provided is not long enough to hold the output, then

335

*@code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be

336

returned.

337

338

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

339

negative value in case of an error. If your have reached the

340

last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}

341

will be returned.

342

343

@strong{Since:} 2.8.0

344

@end deftypefun

345

346

@subheading gnutls_x509_crl_get_extension_data

347

@anchor{gnutls_x509_crl_get_extension_data}

348

@deftypefun {int} {gnutls_x509_crl_get_extension_data} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})

349

@var{crl}: should contain a @code{gnutls_x509_crl_t} structure

350

351

@var{indx}: Specifies which extension OID to send. Use zero to get the first one.

352

353

@var{data}: a pointer to a structure to hold the data (may be null)

354

355

@var{sizeof_data}: initially holds the size of @code{oid}

356

357

This function will return the requested extension data in the CRL.

358

The extension data will be stored as a string in the provided

359

buffer.

360

361

Use @code{gnutls_x509_crl_get_extension_info()} to extract the OID and

362

critical flag. Use @code{gnutls_x509_crl_get_extension_by_oid()} instead,

363

if you want to get data indexed by the extension OID rather than

364

sequence.

365

366

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

367

negative value in case of an error. If your have reached the

368

last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}

369

will be returned.

370

371

@strong{Since:} 2.8.0

372

@end deftypefun

373

374

@subheading gnutls_x509_crl_set_version

375

@anchor{gnutls_x509_crl_set_version}

376

@deftypefun {int} {gnutls_x509_crl_set_version} (gnutls_x509_crl_t @var{crl}, unsigned int @var{version})

377

@var{crl}: should contain a gnutls_x509_crl_t structure

378

379

@var{version}: holds the version number. For CRLv1 crls must be 1.

380

381

This function will set the version of the CRL. This

382

must be one for CRL version 1, and so on. The CRLs generated

383

by gnutls should have a version number of 2.

384

385

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

386

negative error value.

387

@end deftypefun

388

389

@subheading gnutls_x509_crl_sign2

390

@anchor{gnutls_x509_crl_sign2}

391

@deftypefun {int} {gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})

392

@var{crl}: should contain a gnutls_x509_crl_t structure

393

394

@var{issuer}: is the certificate of the certificate issuer

395

396

@var{issuer_key}: holds the issuer's private key

397

398

@var{dig}: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.

399

400

@var{flags}: must be 0

401

402

This function will sign the CRL with the issuer's private key, and

403

will copy the issuer's information into the CRL.

404

405

This must be the last step in a certificate CRL since all

406

the previously set parameters are now signed.

407

408

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

409

negative error value.

410

@end deftypefun

411

412

@subheading gnutls_x509_crl_sign

413

@anchor{gnutls_x509_crl_sign}

414

@deftypefun {int} {gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key})

415

@var{crl}: should contain a gnutls_x509_crl_t structure

416

417

@var{issuer}: is the certificate of the certificate issuer

418

419

@var{issuer_key}: holds the issuer's private key

420

421

This function is the same a @code{gnutls_x509_crl_sign2()} with no flags, and

422

SHA1 as the hash algorithm.

423

424

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

425

negative error value.

426

@end deftypefun

427

428

@subheading gnutls_x509_crl_set_this_update

429

@anchor{gnutls_x509_crl_set_this_update}

430

@deftypefun {int} {gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t @var{crl}, time_t @var{act_time})

431

@var{crl}: should contain a gnutls_x509_crl_t structure

432

433

@var{act_time}: The actual time

434

435

This function will set the time this CRL was issued.

436

437

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

438

negative error value.

439

@end deftypefun

440

441

@subheading gnutls_x509_crl_set_next_update

442

@anchor{gnutls_x509_crl_set_next_update}

443

@deftypefun {int} {gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t @var{crl}, time_t @var{exp_time})

444

@var{crl}: should contain a gnutls_x509_crl_t structure

445

446

@var{exp_time}: The actual time

447

448

This function will set the time this CRL will be updated.

449

450

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

451

negative error value.

452

@end deftypefun

453

454

@subheading gnutls_x509_crl_set_crt_serial

455

@anchor{gnutls_x509_crl_set_crt_serial}

456

@deftypefun {int} {gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t @var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t @var{revocation_time})

457

@var{crl}: should contain a gnutls_x509_crl_t structure

458

459

@var{serial}: The revoked certificate's serial number

460

461

@var{serial_size}: Holds the size of the serial field.

462

463

@var{revocation_time}: The time this certificate was revoked

464

465

This function will set a revoked certificate's serial number to the CRL.

466

467

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

468

negative error value.

469

@end deftypefun

470

471

@subheading gnutls_x509_crl_set_crt

472

@anchor{gnutls_x509_crl_set_crt}

473

@deftypefun {int} {gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time})

474

@var{crl}: should contain a gnutls_x509_crl_t structure

475

476

@var{crt}: a certificate of type @code{gnutls_x509_crt_t} with the revoked certificate

477

478

@var{revocation_time}: The time this certificate was revoked

479

480

This function will set a revoked certificate's serial number to the CRL.

481

482

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

483

negative error value.

484

@end deftypefun

485

486

@subheading gnutls_x509_crl_set_authority_key_id

487

@anchor{gnutls_x509_crl_set_authority_key_id}

488

@deftypefun {int} {gnutls_x509_crl_set_authority_key_id} (gnutls_x509_crl_t @var{crl}, const void * @var{id}, size_t @var{id_size})

489

@var{crl}: a CRL of type @code{gnutls_x509_crl_t}

490

491

@var{id}: The key ID

492

493

@var{id_size}: Holds the size of the serial field.

494

495

This function will set the CRL's authority key ID extension. Only

496

the keyIdentifier field can be set with this function.

497

498

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

499

negative error value.

500

501

@strong{Since:} 2.8.0

502

@end deftypefun

503

504

@subheading gnutls_x509_crl_set_number

505

@anchor{gnutls_x509_crl_set_number}

506

@deftypefun {int} {gnutls_x509_crl_set_number} (gnutls_x509_crl_t @var{crl}, const void * @var{nr}, size_t @var{nr_size})

507

@var{crl}: a CRL of type @code{gnutls_x509_crl_t}

508

509

@var{nr}: The CRL number

510

511

@var{nr_size}: Holds the size of the nr field.

512

513

This function will set the CRL's number extension.

514

515

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

516

negative error value.

517

518

@strong{Since:} 2.8.0

519

@end deftypefun

520

521

@subheading gnutls_x509_crq_init

522

@anchor{gnutls_x509_crq_init}

523

@deftypefun {int} {gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq})

524

@var{crq}: The structure to be initialized

525

526

This function will initialize a PKCS10 certificate request structure.

527

528

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

529

negative error value.

530

@end deftypefun

531

532

@subheading gnutls_x509_crq_deinit

533

@anchor{gnutls_x509_crq_deinit}

534

@deftypefun {void} {gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq})

535

@var{crq}: The structure to be initialized

536

537

This function will deinitialize a CRL structure.

538

@end deftypefun

539

540

@subheading gnutls_x509_crq_import

541

@anchor{gnutls_x509_crq_import}

542

@deftypefun {int} {gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})

543

@var{crq}: The structure to store the parsed certificate request.

544

545

@var{data}: The DER or PEM encoded certificate.

546

547

@var{format}: One of DER or PEM

548

549

This function will convert the given DER or PEM encoded Certificate

550

to the native gnutls_x509_crq_t format. The output will be stored in @code{cert}.

551

552

If the Certificate is PEM encoded it should have a header of "NEW CERTIFICATE REQUEST".

553

554

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

555

negative error value.

556

@end deftypefun

557

558

@subheading gnutls_x509_crq_get_dn

559

@anchor{gnutls_x509_crq_get_dn}

560

@deftypefun {int} {gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq}, char * @var{buf}, size_t * @var{sizeof_buf})

561

@var{crq}: should contain a gnutls_x509_crq_t structure

562

563

@var{buf}: a pointer to a structure to hold the name (may be null)

564

565

@var{sizeof_buf}: initially holds the size of @code{buf}

566

567

This function will copy the name of the Certificate request

568

subject in the provided buffer. The name will be in the form

569

"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string

570

will be ASCII or UTF-8 encoded, depending on the certificate data.

571

572

If @code{buf} is null then only the size will be filled.

573

574

@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not

575

long enough, and in that case the *sizeof_buf will be updated with

576

the required size. On success 0 is returned.

577

@end deftypefun

578

579

@subheading gnutls_x509_crq_get_dn_by_oid

580

@anchor{gnutls_x509_crq_get_dn_by_oid}

581

@deftypefun {int} {gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})

582

@var{crq}: should contain a gnutls_x509_crq_t structure

583

584

@var{oid}: holds an Object Identified in null terminated string

585

586

@var{indx}: In case multiple same OIDs exist in the RDN, this specifies

587

which to send. Use zero to get the first one.

588

589

@var{raw_flag}: If non zero returns the raw DER data of the DN part.

590

591

@var{buf}: a pointer to a structure to hold the name (may be null)

592

593

@var{sizeof_buf}: initially holds the size of @code{buf}

594

595

This function will extract the part of the name of the Certificate

596

request subject, specified by the given OID. The output will be

597

encoded as described in RFC2253. The output string will be ASCII

598

or UTF-8 encoded, depending on the certificate data.

599

600

Some helper macros with popular OIDs can be found in gnutls/x509.h

601

If raw flag is zero, this function will only return known OIDs as

602

text. Other OIDs will be DER encoded, as described in RFC2253 --

603

in hex format with a '\#' prefix. You can check about known OIDs

604

using @code{gnutls_x509_dn_oid_known()}.

605

606

If @code{buf} is null then only the size will be filled.

607

608

@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not

609

long enough, and in that case the *sizeof_buf will be updated with

610

the required size. On success 0 is returned.

611

@end deftypefun

612

613

@subheading gnutls_x509_crq_get_dn_oid

614

@anchor{gnutls_x509_crq_get_dn_oid}

615

@deftypefun {int} {gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})

616

@var{crq}: should contain a gnutls_x509_crq_t structure

617

618

@var{indx}: Specifies which DN OID to send. Use zero to get the first one.

619

620

@var{oid}: a pointer to a structure to hold the name (may be null)

621

622

@var{sizeof_oid}: initially holds the size of @code{oid}

623

624

This function will extract the requested OID of the name of the

625

Certificate request subject, specified by the given index.

626

627

If oid is null then only the size will be filled.

628

629

@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not

630

long enough, and in that case the *sizeof_oid will be updated with

631

the required size. On success 0 is returned.

632

@end deftypefun

633

634

@subheading gnutls_x509_crq_get_challenge_password

635

@anchor{gnutls_x509_crq_get_challenge_password}

636

@deftypefun {int} {gnutls_x509_crq_get_challenge_password} (gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{sizeof_pass})

637

@var{crq}: should contain a gnutls_x509_crq_t structure

638

639

@var{pass}: will hold a null terminated password

640

641

@var{sizeof_pass}: Initially holds the size of @code{pass}.

642

643

This function will return the challenge password in the

644

request.

645

646

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

647

negative error value.

648

@end deftypefun

649

650

@subheading gnutls_x509_crq_set_attribute_by_oid

651

@anchor{gnutls_x509_crq_set_attribute_by_oid}

652

@deftypefun {int} {gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{sizeof_buf})

653

@var{crq}: should contain a gnutls_x509_crq_t structure

654

655

@var{oid}: holds an Object Identified in null terminated string

656

657

@var{buf}: a pointer to a structure that holds the attribute data

658

659

@var{sizeof_buf}: holds the size of @code{buf}

660

661

This function will set the attribute in the certificate request specified

662

by the given Object ID. The attribute must be be DER encoded.

663

664

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

665

negative error value.

666

@end deftypefun

667

668

@subheading gnutls_x509_crq_get_attribute_by_oid

669

@anchor{gnutls_x509_crq_get_attribute_by_oid}

670

@deftypefun {int} {gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf})

671

@var{crq}: should contain a gnutls_x509_crq_t structure

672

673

@var{oid}: holds an Object Identified in null terminated string

674

675

@var{indx}: In case multiple same OIDs exist in the attribute list, this specifies

676

which to send. Use zero to get the first one.

677

678

@var{buf}: a pointer to a structure to hold the attribute data (may be null)

679

680

@var{sizeof_buf}: initially holds the size of @code{buf}

681

682

This function will return the attribute in the certificate request specified

683

by the given Object ID. The attribute will be DER encoded.

684

685

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

686

negative error value.

687

@end deftypefun

688

689

@subheading gnutls_x509_crq_set_dn_by_oid

690

@anchor{gnutls_x509_crq_set_dn_by_oid}

691

@deftypefun {int} {gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{data}, unsigned int @var{sizeof_data})

692

@var{crq}: should contain a gnutls_x509_crq_t structure

693

694

@var{oid}: holds an Object Identifier in a null terminated string

695

696

@var{raw_flag}: must be 0, or 1 if the data are DER encoded

697

698

@var{data}: a pointer to the input data

699

700

@var{sizeof_data}: holds the size of @code{data}

701

702

This function will set the part of the name of the Certificate

703

request subject, specified by the given OID. The input string

704

should be ASCII or UTF-8 encoded.

705

706

Some helper macros with popular OIDs can be found in gnutls/x509.h

707

With this function you can only set the known OIDs. You can test

708

for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are

709

not known (by gnutls) you should properly DER encode your data,

710

and call this function with raw_flag set.

711

712

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

713

negative error value.

714

@end deftypefun

715

716

@subheading gnutls_x509_crq_set_version

717

@anchor{gnutls_x509_crq_set_version}

718

@deftypefun {int} {gnutls_x509_crq_set_version} (gnutls_x509_crq_t @var{crq}, unsigned int @var{version})

719

@var{crq}: should contain a gnutls_x509_crq_t structure

720

721

@var{version}: holds the version number. For v1 Requests must be 1.

722

723

This function will set the version of the certificate request. For

724

version 1 requests this must be one.

725

726

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

727

negative error value.

728

@end deftypefun

729

730

@subheading gnutls_x509_crq_get_version

731

@anchor{gnutls_x509_crq_get_version}

732

@deftypefun {int} {gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq})

733

@var{crq}: should contain a gnutls_x509_crq_t structure

734

735

This function will return the version of the specified Certificate request.

736

737

@strong{Returns:} version of certificate request, or a negative value on

738

error.

739

@end deftypefun

740

741

@subheading gnutls_x509_crq_set_key

742

@anchor{gnutls_x509_crq_set_key}

743

@deftypefun {int} {gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key})

744

@var{crq}: should contain a gnutls_x509_crq_t structure

745

746

@var{key}: holds a private key

747

748

This function will set the public parameters from the given private key to the

749

request. Only RSA keys are currently supported.

750

751

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

752

negative error value.

753

@end deftypefun

754

755

@subheading gnutls_x509_crq_get_key_rsa_raw

756

@anchor{gnutls_x509_crq_get_key_rsa_raw}

757

@deftypefun {int} {gnutls_x509_crq_get_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e})

758

@var{crq}: Holds the certificate

759

760

@var{m}: will hold the modulus

761

762

@var{e}: will hold the public exponent

763

764

This function will export the RSA public key's parameters found in

765

the given structure. The new parameters will be allocated using

766

@code{gnutls_malloc()} and will be stored in the appropriate datum.

767

768

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

769

negative error value.

770

771

@strong{Since:} 2.8.0

772

@end deftypefun

773

774

@subheading gnutls_x509_crq_set_key_rsa_raw

775

@anchor{gnutls_x509_crq_set_key_rsa_raw}

776

@deftypefun {int} {gnutls_x509_crq_set_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e})

777

@var{crq}: should contain a @code{gnutls_x509_crq_t} structure

778

779

@var{m}: holds the modulus

780

781

@var{e}: holds the public exponent

782

783

This function will set the public parameters from the given private

784

key to the request. Only RSA keys are currently supported.

785

786

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

787

negative error value.

788

789

@strong{Since:} 2.6.0

790

@end deftypefun

791

792

@subheading gnutls_x509_crq_set_challenge_password

793

@anchor{gnutls_x509_crq_set_challenge_password}

794

@deftypefun {int} {gnutls_x509_crq_set_challenge_password} (gnutls_x509_crq_t @var{crq}, const char * @var{pass})

795

@var{crq}: should contain a gnutls_x509_crq_t structure

796

797

@var{pass}: holds a null terminated password

798

799

This function will set a challenge password to be used when revoking the request.

800

801

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

802

negative error value.

803

@end deftypefun

804

805

@subheading gnutls_x509_crq_sign2

806

@anchor{gnutls_x509_crq_sign2}

807

@deftypefun {int} {gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})

808

@var{crq}: should contain a @code{gnutls_x509_crq_t} structure

809

810

@var{key}: holds a private key

811

812

@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA1} is the safe choice unless you know what you're doing.

813

814

@var{flags}: must be 0

815

816

This function will sign the certificate request with a private key.

817

This must be the same key as the one used in

818

@code{gnutls_x509_crt_set_key()} since a certificate request is self

819

signed.

820

821

This must be the last step in a certificate request generation

822

since all the previously set parameters are now signed.

823

824

@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error.

825

@code{GNUTLS_E_ASN1_VALUE_NOT_FOUND} is returned if you didn't set all

826

information in the certificate request (e.g., the version using

827

@code{gnutls_x509_crq_set_version()}).

828

@end deftypefun

829

830

@subheading gnutls_x509_crq_sign

831

@anchor{gnutls_x509_crq_sign}

832

@deftypefun {int} {gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key})

833

@var{crq}: should contain a gnutls_x509_crq_t structure

834

835

@var{key}: holds a private key

836

837

This function is the same a @code{gnutls_x509_crq_sign2()} with no flags, and

838

SHA1 as the hash algorithm.

839

840

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

841

negative error value.

842

@end deftypefun

843

844

@subheading gnutls_x509_crq_export

845

@anchor{gnutls_x509_crq_export}

846

@deftypefun {int} {gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})

847

@var{crq}: Holds the request

848

849

@var{format}: the format of output params. One of PEM or DER.

850

851

@var{output_data}: will contain a certificate request PEM or DER encoded

852

853

@var{output_data_size}: holds the size of output_data (and will be

854

replaced by the actual size of parameters)

855

856

This function will export the certificate request to a PKCS10

857

858

If the buffer provided is not long enough to hold the output, then

859

GNUTLS_E_SHORT_MEMORY_BUFFER will be returned and

860

*output_data_size will be updated.

861

862

If the structure is PEM encoded, it will have a header of "BEGIN

863

NEW CERTIFICATE REQUEST".

864

865

@strong{Return value:} In case of failure a negative value will be

866

returned, and 0 on success.

867

@end deftypefun

868

869

@subheading gnutls_x509_crq_get_pk_algorithm

870

@anchor{gnutls_x509_crq_get_pk_algorithm}

871

@deftypefun {int} {gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{bits})

872

@var{crq}: should contain a gnutls_x509_crq_t structure

873

874

@var{bits}: if bits is non null it will hold the size of the parameters' in bits

875

876

This function will return the public key algorithm of a PKCS \@code{10}

877

certificate request.

878

879

If bits is non null, it should have enough size to hold the parameters

880

size in bits. For RSA the bits returned is the modulus.

881

For DSA the bits returned are of the public

882

exponent.

883

884

@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on

885

success, or a negative value on error.

886

@end deftypefun

887

888

@subheading gnutls_x509_crq_get_attribute_info

889

@anchor{gnutls_x509_crq_get_attribute_info}

890

@deftypefun {int} {gnutls_x509_crq_get_attribute_info} (gnutls_x509_crq_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})

891

@var{cert}: should contain a @code{gnutls_x509_crq_t} structure

892

893

@var{indx}: Specifies which attribute OID to send. Use zero to get the first one.

894

895

@var{oid}: a pointer to a structure to hold the OID

896

897

@var{sizeof_oid}: initially holds the maximum size of @code{oid}, on return

898

holds actual size of @code{oid}.

899

900

This function will return the requested attribute OID in the

901

certificate, and the critical flag for it. The attribute OID will

902

be stored as a string in the provided buffer. Use

903

@code{gnutls_x509_crq_get_attribute_data()} to extract the data.

904

905

If the buffer provided is not long enough to hold the output, then

906

*@code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be

907

returned.

908

909

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

910

negative value in case of an error. If your have reached the

911

last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}

912

will be returned.

913

914

@strong{Since:} 2.8.0

915

@end deftypefun

916

917

@subheading gnutls_x509_crq_get_attribute_data

918

@anchor{gnutls_x509_crq_get_attribute_data}

919

@deftypefun {int} {gnutls_x509_crq_get_attribute_data} (gnutls_x509_crq_t @var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})

920

@var{cert}: should contain a @code{gnutls_x509_crq_t} structure

921

922

@var{indx}: Specifies which attribute OID to send. Use zero to get the first one.

923

924

@var{data}: a pointer to a structure to hold the data (may be null)

925

926

@var{sizeof_data}: initially holds the size of @code{oid}

927

928

This function will return the requested attribute data in the

929

certificate request. The attribute data will be stored as a string in the

930

provided buffer.

931

932

Use @code{gnutls_x509_crq_get_attribute_info()} to extract the OID.

933

Use @code{gnutls_x509_crq_get_attribute_by_oid()} instead,

934

if you want to get data indexed by the attribute OID rather than

935

sequence.

936

937

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

938

negative value in case of an error. If your have reached the

939

last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}

940

will be returned.

941

942

@strong{Since:} 2.8.0

943

@end deftypefun

944

945

@subheading gnutls_x509_crq_get_extension_info

946

@anchor{gnutls_x509_crq_get_extension_info}

947

@deftypefun {int} {gnutls_x509_crq_get_extension_info} (gnutls_x509_crq_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, int * @var{critical})

948

@var{cert}: should contain a @code{gnutls_x509_crq_t} structure

949

950

@var{indx}: Specifies which extension OID to send. Use zero to get the first one.

951

952

@var{oid}: a pointer to a structure to hold the OID

953

954

@var{sizeof_oid}: initially holds the maximum size of @code{oid}, on return

955

holds actual size of @code{oid}.

956

957

@var{critical}: output variable with critical flag, may be NULL.

958

959

This function will return the requested extension OID in the

960

certificate, and the critical flag for it. The extension OID will

961

be stored as a string in the provided buffer. Use

962

@code{gnutls_x509_crq_get_extension_data()} to extract the data.

963

964

If the buffer provided is not long enough to hold the output, then

965

*@code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be

966

returned.

967

968

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

969

negative value in case of an error. If your have reached the

970

last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}

971

will be returned.

972

973

@strong{Since:} 2.8.0

974

@end deftypefun

975

976

@subheading gnutls_x509_crq_get_extension_data

977

@anchor{gnutls_x509_crq_get_extension_data}

978

@deftypefun {int} {gnutls_x509_crq_get_extension_data} (gnutls_x509_crq_t @var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})

979

@var{cert}: should contain a @code{gnutls_x509_crq_t} structure

980

981

@var{indx}: Specifies which extension OID to send. Use zero to get the first one.

982

983

@var{data}: a pointer to a structure to hold the data (may be null)

984

985

@var{sizeof_data}: initially holds the size of @code{oid}

986

987

This function will return the requested extension data in the

988

certificate. The extension data will be stored as a string in the

989

provided buffer.

990

991

Use @code{gnutls_x509_crq_get_extension_info()} to extract the OID and

992

critical flag. Use @code{gnutls_x509_crq_get_extension_by_oid()} instead,

993

if you want to get data indexed by the extension OID rather than

994

sequence.

995

996

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

997

negative value in case of an error. If your have reached the

998

last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}

999

will be returned.

1000

1001

@strong{Since:} 2.8.0

1002

@end deftypefun

1003

1004

@subheading gnutls_x509_crq_get_key_usage

1005

@anchor{gnutls_x509_crq_get_key_usage}

1006

@deftypefun {int} {gnutls_x509_crq_get_key_usage} (gnutls_x509_crq_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical})

1007

@var{cert}: should contain a @code{gnutls_x509_crq_t} structure

1008

1009

@var{key_usage}: where the key usage bits will be stored

1010

1011

@var{critical}: will be non zero if the extension is marked as critical

1012

1013

This function will return certificate's key usage, by reading the

1014

keyUsage X.509 extension (2.5.29.15). The key usage value will

1015

1016

@strong{ORed values of the:} @code{GNUTLS_KEY_DIGITAL_SIGNATURE},

1017

@code{GNUTLS_KEY_NON_REPUDIATION}, @code{GNUTLS_KEY_KEY_ENCIPHERMENT},

1018

@code{GNUTLS_KEY_DATA_ENCIPHERMENT}, @code{GNUTLS_KEY_KEY_AGREEMENT},

1019

@code{GNUTLS_KEY_KEY_CERT_SIGN}, @code{GNUTLS_KEY_CRL_SIGN},

1020

@code{GNUTLS_KEY_ENCIPHER_ONLY}, @code{GNUTLS_KEY_DECIPHER_ONLY}.

1021

1022

@strong{Returns:} the certificate key usage, or a negative value in case of

1023

parsing error. If the certificate does not contain the keyUsage

1024

extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be

1025

returned.

1026

1027

@strong{Since:} 2.8.0

1028

@end deftypefun

1029

1030

@subheading gnutls_x509_crq_get_basic_constraints

1031

@anchor{gnutls_x509_crq_get_basic_constraints}

1032

@deftypefun {int} {gnutls_x509_crq_get_basic_constraints} (gnutls_x509_crq_t @var{cert}, unsigned int * @var{critical}, int * @var{ca}, int * @var{pathlen})

1033

@var{cert}: should contain a @code{gnutls_x509_crq_t} structure

1034

1035

@var{critical}: will be non zero if the extension is marked as critical

1036

1037

@var{ca}: pointer to output integer indicating CA status, may be NULL,

1038

value is 1 if the certificate CA flag is set, 0 otherwise.

1039

1040

@var{pathlen}: pointer to output integer indicating path length (may be

1041

NULL), non-negative values indicate a present pathLenConstraint

1042

field and the actual value, -1 indicate that the field is absent.

1043

1044

This function will read the certificate's basic constraints, and

1045

return the certificates CA status. It reads the basicConstraints

1046

X.509 extension (2.5.29.19).

1047

1048

@strong{Return value:} If the certificate is a CA a positive value will be

1049

returned, or zero if the certificate does not have CA flag set.

1050

A negative value may be returned in case of errors. If the

1051

certificate does not contain the basicConstraints extension

1052

@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.

1053

1054

@strong{Since:} 2.8.0

1055

@end deftypefun

1056

1057

@subheading gnutls_x509_crq_get_subject_alt_name

1058

@anchor{gnutls_x509_crq_get_subject_alt_name}

1059

@deftypefun {int} {gnutls_x509_crq_get_subject_alt_name} (gnutls_x509_crq_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{ret_type}, unsigned int * @var{critical})

1060

@var{cert}: should contain a @code{gnutls_x509_crq_t} structure

1061

1062

@var{seq}: specifies the sequence number of the alt name, 0 for the

1063

first one, 1 for the second etc.

1064

1065

@var{ret}: is the place where the alternative name will be copied to

1066

1067

@var{ret_size}: holds the size of ret.

1068

1069

@var{ret_type}: holds the @code{gnutls_x509_subject_alt_name_t} name type

1070

1071

@var{critical}: will be non zero if the extension is marked as critical

1072

(may be null)

1073

1074

This function will return the alternative names, contained in the

1075

given certificate. It is the same as

1076

@code{gnutls_x509_crq_get_subject_alt_name()} except for the fact that it

1077

will return the type of the alternative name in @code{ret_type} even if

1078

the function fails for some reason (i.e. the buffer provided is

1079

not enough).

1080

1081

@strong{Returns:} the alternative subject name type on success, one of the

1082

enumerated @code{gnutls_x509_subject_alt_name_t}. It will return

1083

@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough to

1084

hold the value. In that case @code{ret_size} will be updated with the

1085

required size. If the certificate request does not have an

1086

Alternative name with the specified sequence number then

1087

@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.

1088

1089

@strong{Since:} 2.8.0

1090

@end deftypefun

1091

1092

@subheading gnutls_x509_crq_get_subject_alt_othername_oid

1093

@anchor{gnutls_x509_crq_get_subject_alt_othername_oid}

1094

@deftypefun {int} {gnutls_x509_crq_get_subject_alt_othername_oid} (gnutls_x509_crq_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size})

1095

@var{cert}: should contain a @code{gnutls_x509_crq_t} structure

1096

1097

@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)

1098

1099

@var{ret}: is the place where the otherName OID will be copied to

1100

1101

@var{ret_size}: holds the size of ret.

1102

1103

This function will extract the type OID of an otherName Subject

1104

Alternative Name, contained in the given certificate, and return

1105

the type as an enumerated element.

1106

1107

This function is only useful if

1108

@code{gnutls_x509_crq_get_subject_alt_name()} returned

1109

@code{GNUTLS_SAN_OTHERNAME}.

1110

1111

@strong{Returns:} the alternative subject name type on success, one of the

1112

enumerated gnutls_x509_subject_alt_name_t. For supported OIDs,

1113

it will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,

1114

e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP}, and @code{GNUTLS_SAN_OTHERNAME} for

1115

unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if

1116

@code{ret_size} is not large enough to hold the value. In that case

1117

@code{ret_size} will be updated with the required size. If the

1118

certificate does not have an Alternative name with the specified

1119

sequence number and with the otherName type then

1120

@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.

1121

1122

@strong{Since:} 2.8.0

1123

@end deftypefun

1124

1125

@subheading gnutls_x509_crq_get_extension_by_oid

1126

@anchor{gnutls_x509_crq_get_extension_by_oid}

1127

@deftypefun {int} {gnutls_x509_crq_get_extension_by_oid} (gnutls_x509_crq_t @var{cert}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf}, unsigned int * @var{critical})

1128

@var{cert}: should contain a @code{gnutls_x509_crq_t} structure

1129

1130

@var{oid}: holds an Object Identified in null terminated string

1131

1132

@var{indx}: In case multiple same OIDs exist in the extensions, this

1133

specifies which to send. Use zero to get the first one.

1134

1135

@var{buf}: a pointer to a structure to hold the name (may be null)

1136

1137

@var{sizeof_buf}: initially holds the size of @code{buf}

1138

1139

@var{critical}: will be non zero if the extension is marked as critical

1140

1141

This function will return the extension specified by the OID in

1142

the certificate. The extensions will be returned as binary data

1143

DER encoded, in the provided buffer.

1144

1145

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1146

negative value in case of an error. If the certificate does not

1147

contain the specified extension

1148

@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.

1149

1150

@strong{Since:} 2.8.0

1151

@end deftypefun

1152

1153

@subheading gnutls_x509_crq_set_subject_alt_name

1154

@anchor{gnutls_x509_crq_set_subject_alt_name}

1155

@deftypefun {int} {gnutls_x509_crq_set_subject_alt_name} (gnutls_x509_crq_t @var{crq}, gnutls_x509_subject_alt_name_t @var{nt}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags})

1156

@var{crq}: a certificate of type @code{gnutls_x509_crq_t}

1157

1158

@var{nt}: is one of the @code{gnutls_x509_subject_alt_name_t} enumerations

1159

1160

@var{data}: The data to be set

1161

1162

@var{data_size}: The size of data to be set

1163

1164

@var{flags}: @code{GNUTLS_FSAN_SET} to clear previous data or

1165

@code{GNUTLS_FSAN_APPEND} to append.

1166

1167

This function will set the subject alternative name certificate

1168

extension. It can set the following types:

1169

1170

&GNUTLS_SAN_DNSNAME: as a text string

1171

1172

&GNUTLS_SAN_RFC822NAME: as a text string

1173

1174

&GNUTLS_SAN_URI: as a text string

1175

1176

&GNUTLS_SAN_IPADDRESS: as a binary IP address (4 or 16 bytes)

1177

1178

Other values can be set as binary values with the proper DER encoding.

1179

1180

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1181

negative error value.

1182

1183

@strong{Since:} 2.8.0

1184

@end deftypefun

1185

1186

@subheading gnutls_x509_crq_set_basic_constraints

1187

@anchor{gnutls_x509_crq_set_basic_constraints}

1188

@deftypefun {int} {gnutls_x509_crq_set_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int @var{ca}, int @var{pathLenConstraint})

1189

@var{crq}: a certificate of type @code{gnutls_x509_crq_t}

1190

1191

@var{ca}: true(1) or false(0). Depending on the Certificate authority status.

1192

1193

@var{pathLenConstraint}: non-negative values indicate maximum length of path,

1194

and negative values indicate that the pathLenConstraints field should

1195

not be present.

1196

1197

This function will set the basicConstraints certificate extension.

1198

1199

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1200

negative error value.

1201

1202

@strong{Since:} 2.8.0

1203

@end deftypefun

1204

1205

@subheading gnutls_x509_crq_set_key_usage

1206

@anchor{gnutls_x509_crq_set_key_usage}

1207

@deftypefun {int} {gnutls_x509_crq_set_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int @var{usage})

1208

@var{crq}: a certificate of type @code{gnutls_x509_crq_t}

1209

1210

@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements.

1211

1212

This function will set the keyUsage certificate extension.

1213

1214

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1215

negative error value.

1216

1217

@strong{Since:} 2.8.0

1218

@end deftypefun

1219

1220

@subheading gnutls_x509_crq_get_key_purpose_oid

1221

@anchor{gnutls_x509_crq_get_key_purpose_oid}

1222

@deftypefun {int} {gnutls_x509_crq_get_key_purpose_oid} (gnutls_x509_crq_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical})

1223

@var{cert}: should contain a @code{gnutls_x509_crq_t} structure

1224

1225

@var{indx}: This specifies which OID to return. Use zero to get the first one.

1226

1227

@var{oid}: a pointer to a buffer to hold the OID (may be null)

1228

1229

@var{sizeof_oid}: initially holds the size of @code{oid}

1230

1231

@var{critical}: output variable with critical flag, may be NULL.

1232

1233

This function will extract the key purpose OIDs of the Certificate

1234

specified by the given index. These are stored in the Extended

1235

Key Usage extension (2.5.29.37). See the GNUTLS_KP_* definitions

1236

for human readable names.

1237

1238

If @code{oid} is null then only the size will be filled.

1239

1240

@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is

1241

not long enough, and in that case the *sizeof_oid will be

1242

updated with the required size. On success 0 is returned.

1243

1244

@strong{Since:} 2.8.0

1245

@end deftypefun

1246

1247

@subheading gnutls_x509_crq_set_key_purpose_oid

1248

@anchor{gnutls_x509_crq_set_key_purpose_oid}

1249

@deftypefun {int} {gnutls_x509_crq_set_key_purpose_oid} (gnutls_x509_crq_t @var{cert}, const void * @var{oid}, unsigned int @var{critical})

1250

@var{cert}: a certificate of type @code{gnutls_x509_crq_t}

1251

1252

@var{oid}: a pointer to a null terminated string that holds the OID

1253

1254

@var{critical}: Whether this extension will be critical or not

1255

1256

This function will set the key purpose OIDs of the Certificate.

1257

These are stored in the Extended Key Usage extension (2.5.29.37)

1258

See the GNUTLS_KP_* definitions for human readable names.

1259

1260

Subsequent calls to this function will append OIDs to the OID list.

1261

1262

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1263

negative error value.

1264

1265

@strong{Since:} 2.8.0

1266

@end deftypefun

1267

1268

@subheading gnutls_x509_crq_get_key_id

1269

@anchor{gnutls_x509_crq_get_key_id}

1270

@deftypefun {int} {gnutls_x509_crq_get_key_id} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})

1271

@var{crq}: Holds the certificate signing request

1272

1273

@var{flags}: should be 0 for now

1274

1275

@var{output_data}: will contain the key ID

1276

1277

@var{output_data_size}: holds the size of output_data (and will be

1278

replaced by the actual size of parameters)

1279

1280

This function will return a unique ID the depends on the public

1281

key parameters. This ID can be used in checking whether a

1282

certificate corresponds to the given private key.

1283

1284

If the buffer provided is not long enough to hold the output, then

1285

*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will

1286

be returned. The output will normally be a SHA-1 hash output,

1287

which is 20 bytes.

1288

1289

@strong{Return value:} In case of failure a negative value will be

1290

returned, and 0 on success.

1291

1292

@strong{Since:} 2.8.0

1293

@end deftypefun

1294

1295

@subheading gnutls_x509_dn_init

1296

@anchor{gnutls_x509_dn_init}

1297

@deftypefun {int} {gnutls_x509_dn_init} (gnutls_x509_dn_t * @var{dn})

1298

@var{dn}: the object to be initialized

1299

1300

This function initializes a @code{gnutls_x509_dn_t} structure.

1301

1302

The object returned must be deallocated using

1303

@code{gnutls_x509_dn_deinit()}.

1304

1305

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1306

negative error value.

1307

1308

@strong{Since:} 2.4.0

1309

@end deftypefun

1310

1311

@subheading gnutls_x509_dn_import

1312

@anchor{gnutls_x509_dn_import}

1313

@deftypefun {int} {gnutls_x509_dn_import} (gnutls_x509_dn_t @var{dn}, const gnutls_datum_t * @var{data})

1314

@var{dn}: the structure that will hold the imported DN

1315

1316

@var{data}: should contain a DER encoded RDN sequence

1317

1318

This function parses an RDN sequence and stores the result to a

1319

@code{gnutls_x509_dn_t} structure. The structure must have been initialized

1320

with @code{gnutls_x509_dn_init()}. You may use @code{gnutls_x509_dn_get_rdn_ava()} to

1321

decode the DN.

1322

1323

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1324

negative error value.

1325

1326

@strong{Since:} 2.4.0

1327

@end deftypefun

1328

1329

@subheading gnutls_x509_dn_deinit

1330

@anchor{gnutls_x509_dn_deinit}

1331

@deftypefun {void} {gnutls_x509_dn_deinit} (gnutls_x509_dn_t @var{dn})

1332

@var{dn}: a DN opaque object pointer.

1333

1334

This function deallocates the DN object as returned by

1335

@code{gnutls_x509_dn_import()}.

1336

1337

@strong{Since:} 2.4.0

1338

@end deftypefun

1339

1340

@subheading gnutls_x509_rdn_get

1341

@anchor{gnutls_x509_rdn_get}

1342

@deftypefun {int} {gnutls_x509_rdn_get} (const gnutls_datum_t * @var{idn}, char * @var{buf}, size_t * @var{sizeof_buf})

1343

@var{idn}: should contain a DER encoded RDN sequence

1344

1345

@var{buf}: a pointer to a structure to hold the peer's name

1346

1347

@var{sizeof_buf}: holds the size of @code{buf}

1348

1349

This function will return the name of the given RDN sequence. The

1350

name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in

1351

RFC2253.

1352

1353

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, or

1354

@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and *@code{sizeof_buf} is

1355

updated if the provided buffer is not long enough, otherwise a

1356

negative error value.

1357

@end deftypefun

1358

1359

@subheading gnutls_x509_rdn_get_by_oid

1360

@anchor{gnutls_x509_rdn_get_by_oid}

1361

@deftypefun {int} {gnutls_x509_rdn_get_by_oid} (const gnutls_datum_t * @var{idn}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})

1362

@var{idn}: should contain a DER encoded RDN sequence

1363

1364

@var{oid}: an Object Identifier

1365

1366

@var{indx}: In case multiple same OIDs exist in the RDN indicates which

1367

to send. Use 0 for the first one.

1368

1369

@var{raw_flag}: If non zero then the raw DER data are returned.

1370

1371

@var{buf}: a pointer to a structure to hold the peer's name

1372

1373

@var{sizeof_buf}: holds the size of @code{buf}

1374

1375

This function will return the name of the given Object identifier,

1376

of the RDN sequence. The name will be encoded using the rules

1377

from RFC2253.

1378

1379

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, or

1380

@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and *@code{sizeof_buf} is

1381

updated if the provided buffer is not long enough, otherwise a

1382

negative error value.

1383

@end deftypefun

1384

1385

@subheading gnutls_x509_rdn_get_oid

1386

@anchor{gnutls_x509_rdn_get_oid}

1387

@deftypefun {int} {gnutls_x509_rdn_get_oid} (const gnutls_datum_t * @var{idn}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf})

1388

@var{idn}: should contain a DER encoded RDN sequence

1389

1390

@var{indx}: Indicates which OID to return. Use 0 for the first one.

1391

1392

@var{buf}: a pointer to a structure to hold the peer's name OID

1393

1394

@var{sizeof_buf}: holds the size of @code{buf}

1395

1396

This function will return the specified Object identifier, of the

1397

RDN sequence.

1398

1399

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, or

1400

@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and *@code{sizeof_buf} is

1401

updated if the provided buffer is not long enough, otherwise a

1402

negative error value.

1403

1404

@strong{Since:} 2.4.0

1405

@end deftypefun

1406

1407

@subheading gnutls_x509_dn_export

1408

@anchor{gnutls_x509_dn_export}

1409

@deftypefun {int} {gnutls_x509_dn_export} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})

1410

@var{dn}: Holds the opaque DN object

1411

1412

@var{format}: the format of output params. One of PEM or DER.

1413

1414

@var{output_data}: will contain a DN PEM or DER encoded

1415

1416

@var{output_data_size}: holds the size of output_data (and will be

1417

replaced by the actual size of parameters)

1418

1419

This function will export the DN to DER or PEM format.

1420

1421

If the buffer provided is not long enough to hold the output, then

1422

*@code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}

1423

will be returned.

1424

1425

If the structure is PEM encoded, it will have a header

1426

of "BEGIN NAME".

1427

1428

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1429

negative error value.

1430

@end deftypefun

1431

1432

@subheading gnutls_x509_crt_print

1433

@anchor{gnutls_x509_crt_print}

1434

@deftypefun {int} {gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})

1435

@var{cert}: The structure to be printed

1436

1437

@var{format}: Indicate the format to use

1438

1439

@var{out}: Newly allocated datum with zero terminated string.

1440

1441

This function will pretty print a X.509 certificate, suitable for

1442

display to a human.

1443

1444

If the format is @code{GNUTLS_CRT_PRINT_FULL} then all fields of the

1445

certificate will be output, on multiple lines. The

1446

@code{GNUTLS_CRT_PRINT_ONELINE} format will generate one line with some

1447

selected fields, which is useful for logging purposes.

1448

1449

The output @code{out} needs to be deallocate using @code{gnutls_free()}.

1450

1451

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1452

negative error value.

1453

@end deftypefun

1454

1455

@subheading gnutls_x509_crl_print

1456

@anchor{gnutls_x509_crl_print}

1457

@deftypefun {int} {gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})

1458

@var{crl}: The structure to be printed

1459

1460

@var{format}: Indicate the format to use

1461

1462

@var{out}: Newly allocated datum with zero terminated string.

1463

1464

This function will pretty print a X.509 certificate revocation

1465

list, suitable for display to a human.

1466

1467

The output @code{out} needs to be deallocate using @code{gnutls_free()}.

1468

1469

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1470

negative error value.

1471

@end deftypefun

1472

1473

@subheading gnutls_x509_crq_print

1474

@anchor{gnutls_x509_crq_print}

1475

@deftypefun {int} {gnutls_x509_crq_print} (gnutls_x509_crq_t @var{crq}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})

1476

@var{crq}: The structure to be printed

1477

1478

@var{format}: Indicate the format to use

1479

1480

@var{out}: Newly allocated datum with zero terminated string.

1481

1482

This function will pretty print a certificate request, suitable for

1483

display to a human.

1484

1485

The output @code{out} needs to be deallocate using @code{gnutls_free()}.

1486

1487

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1488

negative error value.

1489

1490

@strong{Since:} 2.8.0

1491

@end deftypefun

1492

1493

@subheading gnutls_pkcs12_init

1494

@anchor{gnutls_pkcs12_init}

1495

@deftypefun {int} {gnutls_pkcs12_init} (gnutls_pkcs12_t * @var{pkcs12})

1496

@var{pkcs12}: The structure to be initialized

1497

1498

This function will initialize a PKCS12 structure. PKCS12 structures

1499

usually contain lists of X.509 Certificates and X.509 Certificate

1500

revocation lists.

1501

1502

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1503

negative error value.

1504

@end deftypefun

1505

1506

@subheading gnutls_pkcs12_deinit

1507

@anchor{gnutls_pkcs12_deinit}

1508

@deftypefun {void} {gnutls_pkcs12_deinit} (gnutls_pkcs12_t @var{pkcs12})

1509

@var{pkcs12}: The structure to be initialized

1510

1511

This function will deinitialize a PKCS12 structure.

1512

@end deftypefun

1513

1514

@subheading gnutls_pkcs12_import

1515

@anchor{gnutls_pkcs12_import}

1516

@deftypefun {int} {gnutls_pkcs12_import} (gnutls_pkcs12_t @var{pkcs12}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})

1517

@var{pkcs12}: The structure to store the parsed PKCS12.

1518

1519

@var{data}: The DER or PEM encoded PKCS12.

1520

1521

@var{format}: One of DER or PEM

1522

1523

@var{flags}: an ORed sequence of gnutls_privkey_pkcs8_flags

1524

1525

This function will convert the given DER or PEM encoded PKCS12

1526

to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'.

1527

1528

If the PKCS12 is PEM encoded it should have a header of "PKCS12".

1529

1530

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1531

negative error value.

1532

@end deftypefun

1533

1534

@subheading gnutls_pkcs12_export

1535

@anchor{gnutls_pkcs12_export}

1536

@deftypefun {int} {gnutls_pkcs12_export} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})

1537

@var{pkcs12}: Holds the pkcs12 structure

1538

1539

@var{format}: the format of output params. One of PEM or DER.

1540

1541

@var{output_data}: will contain a structure PEM or DER encoded

1542

1543

@var{output_data_size}: holds the size of output_data (and will be

1544

replaced by the actual size of parameters)

1545

1546

This function will export the pkcs12 structure to DER or PEM format.

1547

1548

If the buffer provided is not long enough to hold the output, then

1549

*output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER

1550

will be returned.

1551

1552

If the structure is PEM encoded, it will have a header

1553

of "BEGIN PKCS12".

1554

1555

@strong{Return value:} In case of failure a negative value will be

1556

returned, and 0 on success.

1557

@end deftypefun

1558

1559

@subheading gnutls_pkcs12_get_bag

1560

@anchor{gnutls_pkcs12_get_bag}

1561

@deftypefun {int} {gnutls_pkcs12_get_bag} (gnutls_pkcs12_t @var{pkcs12}, int @var{indx}, gnutls_pkcs12_bag_t @var{bag})

1562

@var{pkcs12}: should contain a gnutls_pkcs12_t structure

1563

1564

@var{indx}: contains the index of the bag to extract

1565

1566

@var{bag}: An initialized bag, where the contents of the bag will be copied

1567

1568

This function will return a Bag from the PKCS12 structure.

1569

1570

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1571

negative error value.

1572

1573

After the last Bag has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE

1574

will be returned.

1575

@end deftypefun

1576

1577

@subheading gnutls_pkcs12_set_bag

1578

@anchor{gnutls_pkcs12_set_bag}

1579

@deftypefun {int} {gnutls_pkcs12_set_bag} (gnutls_pkcs12_t @var{pkcs12}, gnutls_pkcs12_bag_t @var{bag})

1580

@var{pkcs12}: should contain a gnutls_pkcs12_t structure

1581

1582

@var{bag}: An initialized bag

1583

1584

This function will insert a Bag into the PKCS12 structure.

1585

1586

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1587

negative error value.

1588

@end deftypefun

1589

1590

@subheading gnutls_pkcs12_generate_mac

1591

@anchor{gnutls_pkcs12_generate_mac}

1592

@deftypefun {int} {gnutls_pkcs12_generate_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass})

1593

@var{pkcs12}: should contain a gnutls_pkcs12_t structure

1594

1595

@var{pass}: The password for the MAC

1596

1597

This function will generate a MAC for the PKCS12 structure.

1598

1599

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1600

negative error value.

1601

@end deftypefun

1602

1603

@subheading gnutls_pkcs12_verify_mac

1604

@anchor{gnutls_pkcs12_verify_mac}

1605

@deftypefun {int} {gnutls_pkcs12_verify_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass})

1606

@var{pkcs12}: should contain a gnutls_pkcs12_t structure

1607

1608

@var{pass}: The password for the MAC

1609

1610

This function will verify the MAC for the PKCS12 structure.

1611

1612

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1613

negative error value.

1614

@end deftypefun

1615

1616

@subheading gnutls_pkcs12_bag_init

1617

@anchor{gnutls_pkcs12_bag_init}

1618

@deftypefun {int} {gnutls_pkcs12_bag_init} (gnutls_pkcs12_bag_t * @var{bag})

1619

@var{bag}: The structure to be initialized

1620

1621

This function will initialize a PKCS12 bag structure. PKCS12 Bags

1622

usually contain private keys, lists of X.509 Certificates and X.509 Certificate

1623

revocation lists.

1624

1625

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1626

negative error value.

1627

@end deftypefun

1628

1629

@subheading gnutls_pkcs12_bag_deinit

1630

@anchor{gnutls_pkcs12_bag_deinit}

1631

@deftypefun {void} {gnutls_pkcs12_bag_deinit} (gnutls_pkcs12_bag_t @var{bag})

1632

@var{bag}: The structure to be initialized

1633

1634

This function will deinitialize a PKCS12 Bag structure.

1635

@end deftypefun

1636

1637

@subheading gnutls_pkcs12_bag_get_type

1638

@anchor{gnutls_pkcs12_bag_get_type}

1639

@deftypefun {gnutls_pkcs12_bag_type_t} {gnutls_pkcs12_bag_get_type} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx})

1640

@var{bag}: The bag

1641

1642

@var{indx}: The element of the bag to get the type

1643

1644

This function will return the bag's type.

1645

1646

@strong{Returns:} One of the @code{gnutls_pkcs12_bag_type_t} enumerations.

1647

@end deftypefun

1648

1649

@subheading gnutls_pkcs12_bag_get_count

1650

@anchor{gnutls_pkcs12_bag_get_count}

1651

@deftypefun {int} {gnutls_pkcs12_bag_get_count} (gnutls_pkcs12_bag_t @var{bag})

1652

@var{bag}: The bag

1653

1654

This function will return the number of the elements withing the bag.

1655

1656

@strong{Returns:} Number of elements in bag, or an negative error code on

1657

error.

1658

@end deftypefun

1659

1660

@subheading gnutls_pkcs12_bag_get_data

1661

@anchor{gnutls_pkcs12_bag_get_data}

1662

@deftypefun {int} {gnutls_pkcs12_bag_get_data} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, gnutls_datum_t * @var{data})

1663

@var{bag}: The bag

1664

1665

@var{indx}: The element of the bag to get the data from

1666

1667

@var{data}: where the bag's data will be. Should be treated as constant.

1668

1669

This function will return the bag's data. The data is a constant

1670

that is stored into the bag. Should not be accessed after the bag

1671

is deleted.

1672

1673

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1674

negative error value.and a negative error code on error.

1675

@end deftypefun

1676

1677

@subheading gnutls_pkcs12_bag_set_data

1678

@anchor{gnutls_pkcs12_bag_set_data}

1679

@deftypefun {int} {gnutls_pkcs12_bag_set_data} (gnutls_pkcs12_bag_t @var{bag}, gnutls_pkcs12_bag_type_t @var{type}, const gnutls_datum_t * @var{data})

1680

@var{bag}: The bag

1681

1682

@var{type}: The data's type

1683

1684

@var{data}: the data to be copied.

1685

1686

This function will insert the given data of the given type into

1687

the bag.

1688

1689

@strong{Returns:} the index of the added bag on success, or a negative

1690

value on error.

1691

@end deftypefun

1692

1693

@subheading gnutls_pkcs12_bag_set_crt

1694

@anchor{gnutls_pkcs12_bag_set_crt}

1695

@deftypefun {int} {gnutls_pkcs12_bag_set_crt} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crt_t @var{crt})

1696

@var{bag}: The bag

1697

1698

@var{crt}: the certificate to be copied.

1699

1700

This function will insert the given certificate into the

1701

bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()}.

1702

1703

@strong{Returns:} the index of the added bag on success, or a negative

1704

value on failure.

1705

@end deftypefun

1706

1707

@subheading gnutls_pkcs12_bag_set_crl

1708

@anchor{gnutls_pkcs12_bag_set_crl}

1709

@deftypefun {int} {gnutls_pkcs12_bag_set_crl} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crl_t @var{crl})

1710

@var{bag}: The bag

1711

1712

@var{crl}: the CRL to be copied.

1713

1714

This function will insert the given CRL into the

1715

bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()}.

1716

1717

@strong{Returns:} the index of the added bag on success, or a negative value

1718

on failure.

1719

@end deftypefun

1720

1721

@subheading gnutls_pkcs12_bag_set_key_id

1722

@anchor{gnutls_pkcs12_bag_set_key_id}

1723

@deftypefun {int} {gnutls_pkcs12_bag_set_key_id} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, const gnutls_datum_t * @var{id})

1724

@var{bag}: The bag

1725

1726

@var{indx}: The bag's element to add the id

1727

1728

@var{id}: the ID

1729

1730

This function will add the given key ID, to the specified, by the index, bag

1731

element. The key ID will be encoded as a 'Local key identifier' bag attribute,

1732

which is usually used to distinguish the local private key and the certificate pair.

1733

1734

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1735

negative error value. or a negative value on error.

1736

@end deftypefun

1737

1738

@subheading gnutls_pkcs12_bag_get_key_id

1739

@anchor{gnutls_pkcs12_bag_get_key_id}

1740

@deftypefun {int} {gnutls_pkcs12_bag_get_key_id} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, gnutls_datum_t * @var{id})

1741

@var{bag}: The bag

1742

1743

@var{indx}: The bag's element to add the id

1744

1745

@var{id}: where the ID will be copied (to be treated as const)

1746

1747

This function will return the key ID, of the specified bag element.

1748

The key ID is usually used to distinguish the local private key and the certificate pair.

1749

1750

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1751

negative error value. or a negative value on error.

1752

@end deftypefun

1753

1754

@subheading gnutls_pkcs12_bag_get_friendly_name

1755

@anchor{gnutls_pkcs12_bag_get_friendly_name}

1756

@deftypefun {int} {gnutls_pkcs12_bag_get_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, char ** @var{name})

1757

@var{bag}: The bag

1758

1759

@var{indx}: The bag's element to add the id

1760

1761

@var{name}: will hold a pointer to the name (to be treated as const)

1762

1763

This function will return the friendly name, of the specified bag element.

1764

The key ID is usually used to distinguish the local private key and the certificate pair.

1765

1766

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1767

negative error value. or a negative value on error.

1768

@end deftypefun

1769

1770

@subheading gnutls_pkcs12_bag_set_friendly_name

1771

@anchor{gnutls_pkcs12_bag_set_friendly_name}

1772

@deftypefun {int} {gnutls_pkcs12_bag_set_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, const char * @var{name})

1773

@var{bag}: The bag

1774

1775

@var{indx}: The bag's element to add the id

1776

1777

@var{name}: the name

1778

1779

This function will add the given key friendly name, to the specified, by the index, bag

1780

element. The name will be encoded as a 'Friendly name' bag attribute,

1781

which is usually used to set a user name to the local private key and the certificate pair.

1782

1783

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1784

negative error value. or a negative value on error.

1785

@end deftypefun

1786

1787

@subheading gnutls_pkcs12_bag_decrypt

1788

@anchor{gnutls_pkcs12_bag_decrypt}

1789

@deftypefun {int} {gnutls_pkcs12_bag_decrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass})

1790

@var{bag}: The bag

1791

1792

@var{pass}: The password used for encryption, must be ASCII.

1793

1794

This function will decrypt the given encrypted bag and return 0 on

1795

success.

1796

1797

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,

1798

otherwise an error code is returned.

1799

@end deftypefun

1800

1801

@subheading gnutls_pkcs12_bag_encrypt

1802

@anchor{gnutls_pkcs12_bag_encrypt}

1803

@deftypefun {int} {gnutls_pkcs12_bag_encrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}, unsigned int @var{flags})

1804

@var{bag}: The bag

1805

1806

@var{pass}: The password used for encryption, must be ASCII

1807

1808

@var{flags}: should be one of @code{gnutls_pkcs_encrypt_flags_t} elements bitwise or'd

1809

1810

This function will encrypt the given bag.

1811

1812

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,

1813

otherwise an error code is returned.

1814

@end deftypefun

1815

1816

@subheading gnutls_pkcs7_init

1817

@anchor{gnutls_pkcs7_init}

1818

@deftypefun {int} {gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7})

1819

@var{pkcs7}: The structure to be initialized

1820

1821

This function will initialize a PKCS7 structure. PKCS7 structures

1822

usually contain lists of X.509 Certificates and X.509 Certificate

1823

revocation lists.

1824

1825

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1826

negative error value.

1827

@end deftypefun

1828

1829

@subheading gnutls_pkcs7_deinit

1830

@anchor{gnutls_pkcs7_deinit}

1831

@deftypefun {void} {gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7})

1832

@var{pkcs7}: The structure to be initialized

1833

1834

This function will deinitialize a PKCS7 structure.

1835

@end deftypefun

1836

1837

@subheading gnutls_pkcs7_import

1838

@anchor{gnutls_pkcs7_import}

1839

@deftypefun {int} {gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})

1840

@var{pkcs7}: The structure to store the parsed PKCS7.

1841

1842

@var{data}: The DER or PEM encoded PKCS7.

1843

1844

@var{format}: One of DER or PEM

1845

1846

This function will convert the given DER or PEM encoded PKCS7 to

1847

the native @code{gnutls_pkcs7_t} format. The output will be stored in

1848

'pkcs7'.

1849

1850

If the PKCS7 is PEM encoded it should have a header of "PKCS7".

1851

1852

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1853

negative error value.

1854

@end deftypefun

1855

1856

@subheading gnutls_pkcs7_get_crt_raw

1857

@anchor{gnutls_pkcs7_get_crt_raw}

1858

@deftypefun {int} {gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{certificate}, size_t * @var{certificate_size})

1859

@var{pkcs7}: should contain a gnutls_pkcs7_t structure

1860

1861

@var{indx}: contains the index of the certificate to extract

1862

1863

@var{certificate}: the contents of the certificate will be copied

1864

there (may be null)

1865

1866

@var{certificate_size}: should hold the size of the certificate

1867

1868

This function will return a certificate of the PKCS7 or RFC2630

1869

certificate set.

1870

1871

After the last certificate has been read

1872

@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.

1873

1874

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1875

negative error value. If the provided buffer is not long enough,

1876

then @code{certificate_size} is updated and

1877

@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned.

1878

@end deftypefun

1879

1880

@subheading gnutls_pkcs7_get_crt_count

1881

@anchor{gnutls_pkcs7_get_crt_count}

1882

@deftypefun {int} {gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7})

1883

@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure

1884

1885

This function will return the number of certifcates in the PKCS7

1886

or RFC2630 certificate set.

1887

1888

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1889

negative error value.

1890

@end deftypefun

1891

1892

@subheading gnutls_pkcs7_export

1893

@anchor{gnutls_pkcs7_export}

1894

@deftypefun {int} {gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})

1895

@var{pkcs7}: Holds the pkcs7 structure

1896

1897

@var{format}: the format of output params. One of PEM or DER.

1898

1899

@var{output_data}: will contain a structure PEM or DER encoded

1900

1901

@var{output_data_size}: holds the size of output_data (and will be

1902

replaced by the actual size of parameters)

1903

1904

This function will export the pkcs7 structure to DER or PEM format.

1905

1906

If the buffer provided is not long enough to hold the output, then

1907

*@code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}

1908

will be returned.

1909

1910

If the structure is PEM encoded, it will have a header

1911

of "BEGIN PKCS7".

1912

1913

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1914

negative error value.

1915

@end deftypefun

1916

1917

@subheading gnutls_pkcs7_set_crt_raw

1918

@anchor{gnutls_pkcs7_set_crt_raw}

1919

@deftypefun {int} {gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt})

1920

@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure

1921

1922

@var{crt}: the DER encoded certificate to be added

1923

1924

This function will add a certificate to the PKCS7 or RFC2630

1925

certificate set.

1926

1927

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1928

negative error value.

1929

@end deftypefun

1930

1931

@subheading gnutls_pkcs7_set_crt

1932

@anchor{gnutls_pkcs7_set_crt}

1933

@deftypefun {int} {gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt})

1934

@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure

1935

1936

@var{crt}: the certificate to be copied.

1937

1938

This function will add a parsed certificate to the PKCS7 or

1939

RFC2630 certificate set. This is a wrapper function over

1940

@code{gnutls_pkcs7_set_crt_raw()} .

1941

1942

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1943

negative error value.

1944

@end deftypefun

1945

1946

@subheading gnutls_pkcs7_delete_crt

1947

@anchor{gnutls_pkcs7_delete_crt}

1948

@deftypefun {int} {gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx})

1949

@var{pkcs7}: should contain a gnutls_pkcs7_t structure

1950

1951

@var{indx}: the index of the certificate to delete

1952

1953

This function will delete a certificate from a PKCS7 or RFC2630

1954

certificate set. Index starts from 0. Returns 0 on success.

1955

1956

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1957

negative error value.

1958

@end deftypefun

1959

1960

@subheading gnutls_pkcs7_get_crl_raw

1961

@anchor{gnutls_pkcs7_get_crl_raw}

1962

@deftypefun {int} {gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{crl}, size_t * @var{crl_size})

1963

@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure

1964

1965

@var{indx}: contains the index of the crl to extract

1966

1967

@var{crl}: the contents of the crl will be copied there (may be null)

1968

1969

@var{crl_size}: should hold the size of the crl

1970

1971

This function will return a crl of the PKCS7 or RFC2630 crl set.

1972

1973

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1974

negative error value. If the provided buffer is not long enough,

1975

then @code{crl_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} is

1976

returned. After the last crl has been read

1977

@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.

1978

@end deftypefun

1979

1980

@subheading gnutls_pkcs7_get_crl_count

1981

@anchor{gnutls_pkcs7_get_crl_count}

1982

@deftypefun {int} {gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7})

1983

@var{pkcs7}: should contain a gnutls_pkcs7_t structure

1984

1985

This function will return the number of certifcates in the PKCS7

1986

or RFC2630 crl set.

1987

1988

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

1989

negative error value.

1990

@end deftypefun

1991

1992

@subheading gnutls_pkcs7_set_crl_raw

1993

@anchor{gnutls_pkcs7_set_crl_raw}

1994

@deftypefun {int} {gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl})

1995

@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure

1996

1997

@var{crl}: the DER encoded crl to be added

1998

1999

This function will add a crl to the PKCS7 or RFC2630 crl set.

2000

2001

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2002

negative error value.

2003

@end deftypefun

2004

2005

@subheading gnutls_pkcs7_set_crl

2006

@anchor{gnutls_pkcs7_set_crl}

2007

@deftypefun {int} {gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl})

2008

@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure

2009

2010

@var{crl}: the DER encoded crl to be added

2011

2012

This function will add a parsed CRL to the PKCS7 or RFC2630 crl

2013

set.

2014

2015

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2016

negative error value.

2017

@end deftypefun

2018

2019

@subheading gnutls_pkcs7_delete_crl

2020

@anchor{gnutls_pkcs7_delete_crl}

2021

@deftypefun {int} {gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx})

2022

@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure

2023

2024

@var{indx}: the index of the crl to delete

2025

2026

This function will delete a crl from a PKCS7 or RFC2630 crl set.

2027

Index starts from 0. Returns 0 on success.

2028

2029

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2030

negative error value.

2031

@end deftypefun

2032

2033

@subheading gnutls_x509_privkey_init

2034

@anchor{gnutls_x509_privkey_init}

2035

@deftypefun {int} {gnutls_x509_privkey_init} (gnutls_x509_privkey_t * @var{key})

2036

@var{key}: The structure to be initialized

2037

2038

This function will initialize an private key structure.

2039

2040

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2041

negative error value.

2042

@end deftypefun

2043

2044

@subheading gnutls_x509_privkey_deinit

2045

@anchor{gnutls_x509_privkey_deinit}

2046

@deftypefun {void} {gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t @var{key})

2047

@var{key}: The structure to be initialized

2048

2049

This function will deinitialize a private key structure.

2050

@end deftypefun

2051

2052

@subheading gnutls_x509_privkey_cpy

2053

@anchor{gnutls_x509_privkey_cpy}

2054

@deftypefun {int} {gnutls_x509_privkey_cpy} (gnutls_x509_privkey_t @var{dst}, gnutls_x509_privkey_t @var{src})

2055

@var{dst}: The destination key, which should be initialized.

2056

2057

@var{src}: The source key

2058

2059

This function will copy a private key from source to destination

2060

key.

2061

2062

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2063

negative error value.

2064

@end deftypefun

2065

2066

@subheading gnutls_x509_privkey_import

2067

@anchor{gnutls_x509_privkey_import}

2068

@deftypefun {int} {gnutls_x509_privkey_import} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})

2069

@var{key}: The structure to store the parsed key

2070

2071

@var{data}: The DER or PEM encoded certificate.

2072

2073

@var{format}: One of DER or PEM

2074

2075

This function will convert the given DER or PEM encoded key to the

2076

native @code{gnutls_x509_privkey_t} format. The output will be stored in

2077

@code{key} .

2078

2079

If the key is PEM encoded it should have a header of "RSA PRIVATE

2080

KEY", or "DSA PRIVATE KEY".

2081

2082

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2083

negative error value.

2084

@end deftypefun

2085

2086

@subheading gnutls_x509_privkey_import_rsa_raw

2087

@anchor{gnutls_x509_privkey_import_rsa_raw}

2088

@deftypefun {int} {gnutls_x509_privkey_import_rsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u})

2089

@var{key}: The structure to store the parsed key

2090

2091

@var{m}: holds the modulus

2092

2093

@var{e}: holds the public exponent

2094

2095

@var{d}: holds the private exponent

2096

2097

@var{p}: holds the first prime (p)

2098

2099

@var{q}: holds the second prime (q)

2100

2101

@var{u}: holds the coefficient

2102

2103

This function will convert the given RSA raw parameters to the

2104

native @code{gnutls_x509_privkey_t} format. The output will be stored in

2105

@code{key}.

2106

2107

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2108

negative error value.

2109

@end deftypefun

2110

2111

@subheading gnutls_x509_privkey_import_dsa_raw

2112

@anchor{gnutls_x509_privkey_import_dsa_raw}

2113

@deftypefun {int} {gnutls_x509_privkey_import_dsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x})

2114

@var{key}: The structure to store the parsed key

2115

2116

@var{p}: holds the p

2117

2118

@var{q}: holds the q

2119

2120

@var{g}: holds the g

2121

2122

@var{y}: holds the y

2123

2124

@var{x}: holds the x

2125

2126

This function will convert the given DSA raw parameters to the

2127

native @code{gnutls_x509_privkey_t} format. The output will be stored

2128

in @code{key}.

2129

2130

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2131

negative error value.

2132

@end deftypefun

2133

2134

@subheading gnutls_x509_privkey_get_pk_algorithm

2135

@anchor{gnutls_x509_privkey_get_pk_algorithm}

2136

@deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm} (gnutls_x509_privkey_t @var{key})

2137

@var{key}: should contain a @code{gnutls_x509_privkey_t} structure

2138

2139

This function will return the public key algorithm of a private

2140

key.

2141

2142

@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on

2143

success, or a negative value on error.

2144

@end deftypefun

2145

2146

@subheading gnutls_x509_privkey_export

2147

@anchor{gnutls_x509_privkey_export}

2148

@deftypefun {int} {gnutls_x509_privkey_export} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})

2149

@var{key}: Holds the key

2150

2151

@var{format}: the format of output params. One of PEM or DER.

2152

2153

@var{output_data}: will contain a private key PEM or DER encoded

2154

2155

@var{output_data_size}: holds the size of output_data (and will be

2156

replaced by the actual size of parameters)

2157

2158

This function will export the private key to a PKCS1 structure for

2159

RSA keys, or an integer sequence for DSA keys. The DSA keys are in

2160

the same format with the parameters used by openssl.

2161

2162

If the buffer provided is not long enough to hold the output, then

2163

*@code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}

2164

will be returned.

2165

2166

If the structure is PEM encoded, it will have a header

2167

of "BEGIN RSA PRIVATE KEY".

2168

2169

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2170

negative error value.

2171

@end deftypefun

2172

2173

@subheading gnutls_x509_privkey_export_rsa_raw

2174

@anchor{gnutls_x509_privkey_export_rsa_raw}

2175

@deftypefun {int} {gnutls_x509_privkey_export_rsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u})

2176

@var{key}: a structure that holds the rsa parameters

2177

2178

@var{m}: will hold the modulus

2179

2180

@var{e}: will hold the public exponent

2181

2182

@var{d}: will hold the private exponent

2183

2184

@var{p}: will hold the first prime (p)

2185

2186

@var{q}: will hold the second prime (q)

2187

2188

@var{u}: will hold the coefficient

2189

2190

This function will export the RSA private key's parameters found

2191

in the given structure. The new parameters will be allocated using

2192

@code{gnutls_malloc()} and will be stored in the appropriate datum.

2193

2194

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2195

negative error value.

2196

@end deftypefun

2197

2198

@subheading gnutls_x509_privkey_export_dsa_raw

2199

@anchor{gnutls_x509_privkey_export_dsa_raw}

2200

@deftypefun {int} {gnutls_x509_privkey_export_dsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x})

2201

@var{key}: a structure that holds the DSA parameters

2202

2203

@var{p}: will hold the p

2204

2205

@var{q}: will hold the q

2206

2207

@var{g}: will hold the g

2208

2209

@var{y}: will hold the y

2210

2211

@var{x}: will hold the x

2212

2213

This function will export the DSA private key's parameters found

2214

in the given structure. The new parameters will be allocated using

2215

@code{gnutls_malloc()} and will be stored in the appropriate datum.

2216

2217

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2218

negative error value.

2219

@end deftypefun

2220

2221

@subheading gnutls_x509_privkey_generate

2222

@anchor{gnutls_x509_privkey_generate}

2223

@deftypefun {int} {gnutls_x509_privkey_generate} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags})

2224

@var{key}: should contain a @code{gnutls_x509_privkey_t} structure

2225

2226

@var{algo}: is one of RSA or DSA.

2227

2228

@var{bits}: the size of the modulus

2229

2230

@var{flags}: unused for now. Must be 0.

2231

2232

This function will generate a random private key. Note that this

2233

function must be called on an empty private key.

2234

2235

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2236

negative error value.

2237

@end deftypefun

2238

2239

@subheading gnutls_x509_privkey_get_key_id

2240

@anchor{gnutls_x509_privkey_get_key_id}

2241

@deftypefun {int} {gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})

2242

@var{key}: Holds the key

2243

2244

@var{flags}: should be 0 for now

2245

2246

@var{output_data}: will contain the key ID

2247

2248

@var{output_data_size}: holds the size of output_data (and will be

2249

replaced by the actual size of parameters)

2250

2251

This function will return a unique ID the depends on the public key

2252

parameters. This ID can be used in checking whether a certificate

2253

corresponds to the given key.

2254

2255

If the buffer provided is not long enough to hold the output, then

2256

*@code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will

2257

be returned. The output will normally be a SHA-1 hash output,

2258

which is 20 bytes.

2259

2260

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2261

negative error value.

2262

@end deftypefun

2263

2264

@subheading gnutls_x509_privkey_sign_data

2265

@anchor{gnutls_x509_privkey_sign_data}

2266

@deftypefun {int} {gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, void * @var{signature}, size_t * @var{signature_size})

2267

@var{key}: Holds the key

2268

2269

@var{digest}: should be MD5 or SHA1

2270

2271

@var{flags}: should be 0 for now

2272

2273

@var{data}: holds the data to be signed

2274

2275

@var{signature}: will contain the signature

2276

2277

@var{signature_size}: holds the size of signature (and will be replaced

2278

by the new size)

2279

2280

This function will sign the given data using a signature algorithm

2281

supported by the private key. Signature algorithms are always used

2282

together with a hash functions. Different hash functions may be

2283

used for the RSA algorithm, but only SHA-1 for the DSA keys.

2284

2285

If the buffer provided is not long enough to hold the output, then

2286

*@code{signature_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will

2287

be returned.

2288

2289

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2290

negative error value.

2291

@end deftypefun

2292

2293

@subheading gnutls_x509_privkey_sign_hash

2294

@anchor{gnutls_x509_privkey_sign_hash}

2295

@deftypefun {int} {gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature})

2296

@var{key}: Holds the key

2297

2298

@var{hash}: holds the data to be signed

2299

2300

@var{signature}: will contain newly allocated signature

2301

2302

This function will sign the given hash using the private key. Do not

2303

use this function directly unless you know what it is. Typical signing

2304

requires the data to be hashed and stored in special formats

2305

(e.g. BER Digest-Info for RSA).

2306

2307

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2308

negative error value.

2309

@end deftypefun

2310

2311

@subheading gnutls_x509_privkey_verify_data

2312

@anchor{gnutls_x509_privkey_verify_data}

2313

@deftypefun {int} {gnutls_x509_privkey_verify_data} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature})

2314

@var{key}: Holds the key

2315

2316

@var{flags}: should be 0 for now

2317

2318

@var{data}: holds the data to be signed

2319

2320

@var{signature}: contains the signature

2321

2322

This function will verify the given signed data, using the

2323

parameters in the private key.

2324

2325

@strong{Returns:} In case of a verification failure 0 is returned, and 1 on

2326

success.

2327

@end deftypefun

2328

2329

@subheading gnutls_x509_privkey_fix

2330

@anchor{gnutls_x509_privkey_fix}

2331

@deftypefun {int} {gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key})

2332

@var{key}: Holds the key

2333

2334

This function will recalculate the secondary parameters in a key.

2335

In RSA keys, this can be the coefficient and exponent1,2.

2336

2337

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2338

negative error value.

2339

@end deftypefun

2340

2341

@subheading gnutls_x509_privkey_export_pkcs8

2342

@anchor{gnutls_x509_privkey_export_pkcs8}

2343

@deftypefun {int} {gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, void * @var{output_data}, size_t * @var{output_data_size})

2344

@var{key}: Holds the key

2345

2346

@var{format}: the format of output params. One of PEM or DER.

2347

2348

@var{password}: the password that will be used to encrypt the key.

2349

2350

@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t

2351

2352

@var{output_data}: will contain a private key PEM or DER encoded

2353

2354

@var{output_data_size}: holds the size of output_data (and will be

2355

replaced by the actual size of parameters)

2356

2357

This function will export the private key to a PKCS8 structure.

2358

Both RSA and DSA keys can be exported. For DSA keys we use

2359

PKCS @code{11} definitions. If the flags do not specify the encryption

2360

cipher, then the default 3DES (PBES2) will be used.

2361

2362

The @code{password} can be either ASCII or UTF-8 in the default PBES2

2363

encryption schemas, or ASCII for the PKCS12 schemas.

2364

2365

If the buffer provided is not long enough to hold the output, then

2366

*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will

2367

be returned.

2368

2369

If the structure is PEM encoded, it will have a header

2370

of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if

2371

encryption is not used.

2372

2373

@strong{Return value:} In case of failure a negative value will be

2374

returned, and 0 on success.

2375

@end deftypefun

2376

2377

@subheading gnutls_x509_privkey_import_pkcs8

2378

@anchor{gnutls_x509_privkey_import_pkcs8}

2379

@deftypefun {int} {gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags})

2380

@var{key}: The structure to store the parsed key

2381

2382

@var{data}: The DER or PEM encoded key.

2383

2384

@var{format}: One of DER or PEM

2385

2386

@var{password}: the password to decrypt the key (if it is encrypted).

2387

2388

@var{flags}: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.

2389

2390

This function will convert the given DER or PEM encoded PKCS8 2.0 encrypted key

2391

to the native gnutls_x509_privkey_t format. The output will be stored in @code{key}.

2392

Both RSA and DSA keys can be imported, and flags can only be used to indicate

2393

an unencrypted key.

2394

2395

The @code{password} can be either ASCII or UTF-8 in the default PBES2

2396

encryption schemas, or ASCII for the PKCS12 schemas.

2397

2398

If the Certificate is PEM encoded it should have a header of "ENCRYPTED PRIVATE KEY",

2399

or "PRIVATE KEY". You only need to specify the flags if the key is DER encoded, since

2400

in that case the encryption status cannot be auto-detected.

2401

2402

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2403

negative error value.

2404

@end deftypefun

2405

2406

@subheading gnutls_x509_crt_check_hostname

2407

@anchor{gnutls_x509_crt_check_hostname}

2408

@deftypefun {int} {gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname})

2409

@var{cert}: should contain an gnutls_x509_crt_t structure

2410

2411

@var{hostname}: A null terminated string that contains a DNS name

2412

2413

This function will check if the given certificate's subject matches

2414

the given hostname. This is a basic implementation of the matching

2415

described in RFC2818 (HTTPS), which takes into account wildcards,

2416

and the DNSName/IPAddress subject alternative name PKIX extension.

2417

2418

@strong{Returns:} non zero for a successful match, and zero on failure.

2419

@end deftypefun

2420

2421

@subheading gnutls_x509_crt_check_issuer

2422

@anchor{gnutls_x509_crt_check_issuer}

2423

@deftypefun {int} {gnutls_x509_crt_check_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t @var{issuer})

2424

@var{cert}: is the certificate to be checked

2425

2426

@var{issuer}: is the certificate of a possible issuer

2427

2428

This function will check if the given certificate was issued by the

2429

given issuer.

2430

2431

@strong{Returns:} It will return true (1) if the given certificate is issued

2432

by the given issuer, and false (0) if not. A negative value is

2433

returned in case of an error.

2434

@end deftypefun

2435

2436

@subheading gnutls_x509_crt_list_verify

2437

@anchor{gnutls_x509_crt_list_verify}

2438

@deftypefun {int} {gnutls_x509_crt_list_verify} (const gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_length}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, const gnutls_x509_crl_t * @var{CRL_list}, int @var{CRL_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})

2439

@var{cert_list}: is the certificate list to be verified

2440

2441

@var{cert_list_length}: holds the number of certificate in cert_list

2442

2443

@var{CA_list}: is the CA list which will be used in verification

2444

2445

@var{CA_list_length}: holds the number of CA certificate in CA_list

2446

2447

@var{CRL_list}: holds a list of CRLs.

2448

2449

@var{CRL_list_length}: the length of CRL list.

2450

2451

@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.

2452

2453

@var{verify}: will hold the certificate verification output.

2454

2455

This function will try to verify the given certificate list and return its status.

2456

If no flags are specified (0), this function will use the

2457

basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate

2458

authority is allowed to sign a certificate.

2459

2460

You must also check the peer's name in order to check if the verified

2461

certificate belongs to the actual peer.

2462

2463

The certificate verification output will be put in @code{verify} and will be

2464

one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd.

2465

For a more detailed verification status use @code{gnutls_x509_crt_verify()} per list

2466

element.

2467

2468

@strong{GNUTLS_CERT_INVALID:} the certificate chain is not valid.

2469

2470

@strong{GNUTLS_CERT_REVOKED:} a certificate in the chain has been revoked.

2471

2472

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2473

negative error value.and a negative value in case of an error.

2474

@end deftypefun

2475

2476

@subheading gnutls_x509_crt_verify

2477

@anchor{gnutls_x509_crt_verify}

2478

@deftypefun {int} {gnutls_x509_crt_verify} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})

2479

@var{cert}: is the certificate to be verified

2480

2481

@var{CA_list}: is one certificate that is considered to be trusted one

2482

2483

@var{CA_list_length}: holds the number of CA certificate in CA_list

2484

2485

@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.

2486

2487

@var{verify}: will hold the certificate verification output.

2488

2489

This function will try to verify the given certificate and return its status.

2490

The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID.

2491

2492

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2493

negative error value.and a negative value in case of an error.

2494

@end deftypefun

2495

2496

@subheading gnutls_x509_crl_check_issuer

2497

@anchor{gnutls_x509_crl_check_issuer}

2498

@deftypefun {int} {gnutls_x509_crl_check_issuer} (gnutls_x509_crl_t @var{cert}, gnutls_x509_crt_t @var{issuer})

2499

@var{issuer}: is the certificate of a possible issuer

2500

2501

This function will check if the given CRL was issued by the given

2502

issuer certificate. It will return true (1) if the given CRL was

2503

issued by the given issuer, and false (0) if not.

2504

2505

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2506

negative error value.

2507

@end deftypefun

2508

2509

@subheading gnutls_x509_crl_verify

2510

@anchor{gnutls_x509_crl_verify}

2511

@deftypefun {int} {gnutls_x509_crl_verify} (gnutls_x509_crl_t @var{crl}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})

2512

@var{crl}: is the crl to be verified

2513

2514

@var{CA_list}: is a certificate list that is considered to be trusted one

2515

2516

@var{CA_list_length}: holds the number of CA certificates in CA_list

2517

2518

@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.

2519

2520

@var{verify}: will hold the crl verification output.

2521

2522

This function will try to verify the given crl and return its status.

2523

See @code{gnutls_x509_crt_list_verify()} for a detailed description of

2524

return values.

2525

2526

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2527

negative error value.

2528

@end deftypefun

2529

2530

@subheading gnutls_x509_crt_init

2531

@anchor{gnutls_x509_crt_init}

2532

@deftypefun {int} {gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert})

2533

@var{cert}: The structure to be initialized

2534

2535

This function will initialize an X.509 certificate structure.

2536

2537

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2538

negative error value.

2539

@end deftypefun

2540

2541

@subheading gnutls_x509_crt_deinit

2542

@anchor{gnutls_x509_crt_deinit}

2543

@deftypefun {void} {gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert})

2544

@var{cert}: The structure to be initialized

2545

2546

This function will deinitialize a CRL structure.

2547

@end deftypefun

2548

2549

@subheading gnutls_x509_crt_import

2550

@anchor{gnutls_x509_crt_import}

2551

@deftypefun {int} {gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})

2552

@var{cert}: The structure to store the parsed certificate.

2553

2554

@var{data}: The DER or PEM encoded certificate.

2555

2556

@var{format}: One of DER or PEM

2557

2558

This function will convert the given DER or PEM encoded Certificate

2559

to the native gnutls_x509_crt_t format. The output will be stored in @code{cert}.

2560

2561

If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or

2562

"CERTIFICATE".

2563

2564

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2565

negative error value.

2566

@end deftypefun

2567

2568

@subheading gnutls_x509_crt_get_issuer_dn

2569

@anchor{gnutls_x509_crt_get_issuer_dn}

2570

@deftypefun {int} {gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{sizeof_buf})

2571

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2572

2573

@var{buf}: a pointer to a structure to hold the name (may be null)

2574

2575

@var{sizeof_buf}: initially holds the size of @code{buf}

2576

2577

This function will copy the name of the Certificate issuer in the

2578

provided buffer. The name will be in the form

2579

"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string

2580

will be ASCII or UTF-8 encoded, depending on the certificate data.

2581

2582

If @code{buf} is null then only the size will be filled.

2583

2584

@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not

2585

long enough, and in that case the *sizeof_buf will be updated with

2586

the required size. On success 0 is returned.

2587

@end deftypefun

2588

2589

@subheading gnutls_x509_crt_get_issuer_dn_by_oid

2590

@anchor{gnutls_x509_crt_get_issuer_dn_by_oid}

2591

@deftypefun {int} {gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})

2592

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2593

2594

@var{oid}: holds an Object Identified in null terminated string

2595

2596

@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.

2597

2598

@var{raw_flag}: If non zero returns the raw DER data of the DN part.

2599

2600

@var{buf}: a pointer to a structure to hold the name (may be null)

2601

2602

@var{sizeof_buf}: initially holds the size of @code{buf}

2603

2604

This function will extract the part of the name of the Certificate

2605

issuer specified by the given OID. The output, if the raw flag is not

2606

used, will be encoded as described in RFC2253. Thus a string that is

2607

ASCII or UTF-8 encoded, depending on the certificate data.

2608

2609

Some helper macros with popular OIDs can be found in gnutls/x509.h

2610

If raw flag is zero, this function will only return known OIDs as

2611

text. Other OIDs will be DER encoded, as described in RFC2253 --

2612

in hex format with a '\#' prefix. You can check about known OIDs

2613

using @code{gnutls_x509_dn_oid_known()}.

2614

2615

If @code{buf} is null then only the size will be filled.

2616

2617

@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not

2618

long enough, and in that case the *sizeof_buf will be updated with

2619

the required size. On success 0 is returned.

2620

@end deftypefun

2621

2622

@subheading gnutls_x509_crt_get_issuer_dn_oid

2623

@anchor{gnutls_x509_crt_get_issuer_dn_oid}

2624

@deftypefun {int} {gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})

2625

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2626

2627

@var{indx}: This specifies which OID to return. Use zero to get the first one.

2628

2629

@var{oid}: a pointer to a buffer to hold the OID (may be null)

2630

2631

@var{sizeof_oid}: initially holds the size of @code{oid}

2632

2633

This function will extract the OIDs of the name of the Certificate

2634

issuer specified by the given index.

2635

2636

If @code{oid} is null then only the size will be filled.

2637

2638

@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not

2639

long enough, and in that case the *sizeof_oid will be updated with

2640

the required size. On success 0 is returned.

2641

@end deftypefun

2642

2643

@subheading gnutls_x509_crt_get_dn

2644

@anchor{gnutls_x509_crt_get_dn}

2645

@deftypefun {int} {gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{sizeof_buf})

2646

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2647

2648

@var{buf}: a pointer to a structure to hold the name (may be null)

2649

2650

@var{sizeof_buf}: initially holds the size of @code{buf}

2651

2652

This function will copy the name of the Certificate in the

2653

provided buffer. The name will be in the form

2654

"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string

2655

will be ASCII or UTF-8 encoded, depending on the certificate data.

2656

2657

If @code{buf} is null then only the size will be filled.

2658

2659

@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not

2660

long enough, and in that case the *sizeof_buf will be updated with

2661

the required size. On success 0 is returned.

2662

@end deftypefun

2663

2664

@subheading gnutls_x509_crt_get_dn_by_oid

2665

@anchor{gnutls_x509_crt_get_dn_by_oid}

2666

@deftypefun {int} {gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})

2667

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2668

2669

@var{oid}: holds an Object Identified in null terminated string

2670

2671

@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.

2672

2673

@var{raw_flag}: If non zero returns the raw DER data of the DN part.

2674

2675

@var{buf}: a pointer where the DN part will be copied (may be null).

2676

2677

@var{sizeof_buf}: initially holds the size of @code{buf}

2678

2679

This function will extract the part of the name of the Certificate

2680

subject specified by the given OID. The output, if the raw flag is not

2681

used, will be encoded as described in RFC2253. Thus a string that is

2682

ASCII or UTF-8 encoded, depending on the certificate data.

2683

2684

Some helper macros with popular OIDs can be found in gnutls/x509.h

2685

If raw flag is zero, this function will only return known OIDs as

2686

text. Other OIDs will be DER encoded, as described in RFC2253 --

2687

in hex format with a '\#' prefix. You can check about known OIDs

2688

using @code{gnutls_x509_dn_oid_known()}.

2689

2690

If @code{buf} is null then only the size will be filled.

2691

2692

@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not

2693

long enough, and in that case the *sizeof_buf will be updated with

2694

the required size. On success 0 is returned.

2695

@end deftypefun

2696

2697

@subheading gnutls_x509_crt_get_dn_oid

2698

@anchor{gnutls_x509_crt_get_dn_oid}

2699

@deftypefun {int} {gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})

2700

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2701

2702

@var{indx}: This specifies which OID to return. Use zero to get the first one.

2703

2704

@var{oid}: a pointer to a buffer to hold the OID (may be null)

2705

2706

@var{sizeof_oid}: initially holds the size of @code{oid}

2707

2708

This function will extract the OIDs of the name of the Certificate

2709

subject specified by the given index.

2710

2711

If oid is null then only the size will be filled.

2712

2713

@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not

2714

long enough, and in that case the *sizeof_oid will be updated with

2715

the required size. On success 0 is returned.

2716

@end deftypefun

2717

2718

@subheading gnutls_x509_crt_get_signature_algorithm

2719

@anchor{gnutls_x509_crt_get_signature_algorithm}

2720

@deftypefun {int} {gnutls_x509_crt_get_signature_algorithm} (gnutls_x509_crt_t @var{cert})

2721

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2722

2723

This function will return a value of the @code{gnutls_sign_algorithm_t}

2724

enumeration that is the signature algorithm.

2725

2726

@strong{Returns:} a @code{gnutls_sign_algorithm_t} value, or a negative value on

2727

error.

2728

@end deftypefun

2729

2730

@subheading gnutls_x509_crt_get_signature

2731

@anchor{gnutls_x509_crt_get_signature}

2732

@deftypefun {int} {gnutls_x509_crt_get_signature} (gnutls_x509_crt_t @var{cert}, char * @var{sig}, size_t * @var{sizeof_sig})

2733

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2734

2735

@var{sig}: a pointer where the signature part will be copied (may be null).

2736

2737

@var{sizeof_sig}: initially holds the size of @code{sig}

2738

2739

This function will extract the signature field of a certificate.

2740

2741

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2742

negative error value. and a negative value on error.

2743

@end deftypefun

2744

2745

@subheading gnutls_x509_crt_get_version

2746

@anchor{gnutls_x509_crt_get_version}

2747

@deftypefun {int} {gnutls_x509_crt_get_version} (gnutls_x509_crt_t @var{cert})

2748

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2749

2750

This function will return the version of the specified Certificate.

2751

2752

@strong{Returns:} version of certificate, or a negative value on error.

2753

@end deftypefun

2754

2755

@subheading gnutls_x509_crt_get_activation_time

2756

@anchor{gnutls_x509_crt_get_activation_time}

2757

@deftypefun {time_t} {gnutls_x509_crt_get_activation_time} (gnutls_x509_crt_t @var{cert})

2758

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2759

2760

This function will return the time this Certificate was or will be

2761

activated.

2762

2763

@strong{Returns:} activation time, or (time_t)-1 on error.

2764

@end deftypefun

2765

2766

@subheading gnutls_x509_crt_get_expiration_time

2767

@anchor{gnutls_x509_crt_get_expiration_time}

2768

@deftypefun {time_t} {gnutls_x509_crt_get_expiration_time} (gnutls_x509_crt_t @var{cert})

2769

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2770

2771

This function will return the time this Certificate was or will be

2772

expired.

2773

2774

@strong{Returns:} expiration time, or (time_t)-1 on error.

2775

@end deftypefun

2776

2777

@subheading gnutls_x509_crt_get_serial

2778

@anchor{gnutls_x509_crt_get_serial}

2779

@deftypefun {int} {gnutls_x509_crt_get_serial} (gnutls_x509_crt_t @var{cert}, void * @var{result}, size_t * @var{result_size})

2780

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2781

2782

@var{result}: The place where the serial number will be copied

2783

2784

@var{result_size}: Holds the size of the result field.

2785

2786

This function will return the X.509 certificate's serial number.

2787

This is obtained by the X509 Certificate serialNumber

2788

field. Serial is not always a 32 or 64bit number. Some CAs use

2789

large serial numbers, thus it may be wise to handle it as something

2790

opaque.

2791

2792

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2793

negative error value.and a negative value in case of an error.

2794

@end deftypefun

2795

2796

@subheading gnutls_x509_crt_get_subject_key_id

2797

@anchor{gnutls_x509_crt_get_subject_key_id}

2798

@deftypefun {int} {gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})

2799

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2800

2801

@var{ret}: The place where the identifier will be copied

2802

2803

@var{ret_size}: Holds the size of the result field.

2804

2805

@var{critical}: will be non zero if the extension is marked as critical (may be null)

2806

2807

This function will return the X.509v3 certificate's subject key identifier.

2808

This is obtained by the X.509 Subject Key identifier extension

2809

field (2.5.29.14).

2810

2811

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2812

negative error value.and a negative value in case of an error.

2813

@end deftypefun

2814

2815

@subheading gnutls_x509_crt_get_authority_key_id

2816

@anchor{gnutls_x509_crt_get_authority_key_id}

2817

@deftypefun {int} {gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})

2818

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2819

2820

@var{ret}: The place where the identifier will be copied

2821

2822

@var{ret_size}: Holds the size of the result field.

2823

2824

@var{critical}: will be non zero if the extension is marked as critical (may be null)

2825

2826

This function will return the X.509v3 certificate authority's key

2827

identifier. This is obtained by the X.509 Authority Key

2828

identifier extension field (2.5.29.35). Note that this function

2829

only returns the keyIdentifier field of the extension.

2830

2831

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

2832

negative error value.and a negative value in case of an error.

2833

@end deftypefun

2834

2835

@subheading gnutls_x509_crt_get_pk_algorithm

2836

@anchor{gnutls_x509_crt_get_pk_algorithm}

2837

@deftypefun {int} {gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{bits})

2838

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2839

2840

@var{bits}: if bits is non null it will hold the size of the parameters' in bits

2841

2842

This function will return the public key algorithm of an X.509

2843

certificate.

2844

2845

If bits is non null, it should have enough size to hold the parameters

2846

size in bits. For RSA the bits returned is the modulus.

2847

For DSA the bits returned are of the public

2848

exponent.

2849

2850

@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on

2851

success, or a negative value on error.

2852

@end deftypefun

2853

2854

@subheading gnutls_x509_crt_get_subject_alt_name

2855

@anchor{gnutls_x509_crt_get_subject_alt_name}

2856

@deftypefun {int} {gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})

2857

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2858

2859

@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)

2860

2861

@var{ret}: is the place where the alternative name will be copied to

2862

2863

@var{ret_size}: holds the size of ret.

2864

2865

@var{critical}: will be non zero if the extension is marked as critical (may be null)

2866

2867

This function will return the alternative names, contained in the

2868

given certificate.

2869

2870

This is specified in X509v3 Certificate Extensions. GNUTLS will

2871

return the Alternative name (2.5.29.17), or a negative error code.

2872

2873

When the SAN type is otherName, it will extract the data in the

2874

otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned.

2875

You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get

2876

the corresponding OID and the "virtual" SAN types (e.g.,

2877

@code{GNUTLS_SAN_OTHERNAME_XMPP}).

2878

2879

If an otherName OID is known, the data will be decoded. Otherwise

2880

the returned data will be DER encoded, and you will have to decode

2881

it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is

2882

recognized.

2883

2884

@strong{Returns:} the alternative subject name type on success, one of the

2885

enumerated @code{gnutls_x509_subject_alt_name_t}. It will return

2886

@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough

2887

to hold the value. In that case @code{ret_size} will be updated with

2888

the required size. If the certificate does not have an

2889

Alternative name with the specified sequence number then

2890

@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.

2891

@end deftypefun

2892

2893

@subheading gnutls_x509_crt_get_subject_alt_name2

2894

@anchor{gnutls_x509_crt_get_subject_alt_name2}

2895

@deftypefun {int} {gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{ret_type}, unsigned int * @var{critical})

2896

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2897

2898

@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)

2899

2900

@var{ret}: is the place where the alternative name will be copied to

2901

2902

@var{ret_size}: holds the size of ret.

2903

2904

@var{ret_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).

2905

2906

@var{critical}: will be non zero if the extension is marked as critical (may be null)

2907

2908

This function will return the alternative names, contained in the

2909

given certificate. It is the same as

2910

@code{gnutls_x509_crt_get_subject_alt_name()} except for the fact that it

2911

will return the type of the alternative name in @code{ret_type} even if

2912

the function fails for some reason (i.e. the buffer provided is

2913

not enough).

2914

2915

@strong{Returns:} the alternative subject name type on success, one of the

2916

enumerated @code{gnutls_x509_subject_alt_name_t}. It will return

2917

@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough

2918

to hold the value. In that case @code{ret_size} will be updated with

2919

the required size. If the certificate does not have an

2920

Alternative name with the specified sequence number then

2921

@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.

2922

@end deftypefun

2923

2924

@subheading gnutls_x509_crt_get_subject_alt_othername_oid

2925

@anchor{gnutls_x509_crt_get_subject_alt_othername_oid}

2926

@deftypefun {int} {gnutls_x509_crt_get_subject_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size})

2927

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2928

2929

@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)

2930

2931

@var{ret}: is the place where the otherName OID will be copied to

2932

2933

@var{ret_size}: holds the size of ret.

2934

2935

This function will extract the type OID of an otherName Subject

2936

Alternative Name, contained in the given certificate, and return

2937

the type as an enumerated element.

2938

2939

This function is only useful if

2940

@code{gnutls_x509_crt_get_subject_alt_name()} returned

2941

@code{GNUTLS_SAN_OTHERNAME}.

2942

2943

@strong{Returns:} the alternative subject name type on success, one of the

2944

enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it

2945

will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,

2946

e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP}, and @code{GNUTLS_SAN_OTHERNAME} for

2947

unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if

2948

@code{ret_size} is not large enough to hold the value. In that case

2949

@code{ret_size} will be updated with the required size. If the

2950

certificate does not have an Alternative name with the specified

2951

sequence number and with the otherName type then

2952

@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.

2953

@end deftypefun

2954

2955

@subheading gnutls_x509_crt_get_basic_constraints

2956

@anchor{gnutls_x509_crt_get_basic_constraints}

2957

@deftypefun {int} {gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{ca}, int * @var{pathlen})

2958

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2959

2960

@var{critical}: will be non zero if the extension is marked as critical

2961

2962

@var{ca}: pointer to output integer indicating CA status, may be NULL,

2963

value is 1 if the certificate CA flag is set, 0 otherwise.

2964

2965

@var{pathlen}: pointer to output integer indicating path length (may be

2966

NULL), non-negative values indicate a present pathLenConstraint

2967

field and the actual value, -1 indicate that the field is absent.

2968

2969

This function will read the certificate's basic constraints, and

2970

return the certificates CA status. It reads the basicConstraints

2971

X.509 extension (2.5.29.19).

2972

2973

@strong{Return value:} If the certificate is a CA a positive value will be

2974

returned, or zero if the certificate does not have CA flag set. A

2975

negative value may be returned in case of errors. If the

2976

certificate does not contain the basicConstraints extension

2977

GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.

2978

@end deftypefun

2979

2980

@subheading gnutls_x509_crt_get_ca_status

2981

@anchor{gnutls_x509_crt_get_ca_status}

2982

@deftypefun {int} {gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical})

2983

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

2984

2985

@var{critical}: will be non zero if the extension is marked as critical

2986

2987

This function will return certificates CA status, by reading the

2988

basicConstraints X.509 extension (2.5.29.19). If the certificate is

2989

a CA a positive value will be returned, or zero if the certificate

2990

does not have CA flag set.

2991

2992

Use @code{gnutls_x509_crt_get_basic_constraints()} if you want to read the

2993

pathLenConstraint field too.

2994

2995

@strong{Returns:} A negative value may be returned in case of parsing error.

2996

If the certificate does not contain the basicConstraints extension

2997

@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.

2998

@end deftypefun

2999

3000

@subheading gnutls_x509_crt_get_key_usage

3001

@anchor{gnutls_x509_crt_get_key_usage}

3002

@deftypefun {int} {gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical})

3003

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3004

3005

@var{key_usage}: where the key usage bits will be stored

3006

3007

@var{critical}: will be non zero if the extension is marked as critical

3008

3009

This function will return certificate's key usage, by reading the

3010

keyUsage X.509 extension (2.5.29.15). The key usage value will

3011

3012

@strong{ORed values of the:} @code{GNUTLS_KEY_DIGITAL_SIGNATURE},

3013

@code{GNUTLS_KEY_NON_REPUDIATION}, @code{GNUTLS_KEY_KEY_ENCIPHERMENT},

3014

@code{GNUTLS_KEY_DATA_ENCIPHERMENT}, @code{GNUTLS_KEY_KEY_AGREEMENT},

3015

@code{GNUTLS_KEY_KEY_CERT_SIGN}, @code{GNUTLS_KEY_CRL_SIGN},

3016

@code{GNUTLS_KEY_ENCIPHER_ONLY}, @code{GNUTLS_KEY_DECIPHER_ONLY}.

3017

3018

@strong{Returns:} the certificate key usage, or a negative value in case of

3019

parsing error. If the certificate does not contain the keyUsage

3020

extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.

3021

@end deftypefun

3022

3023

@subheading gnutls_x509_crt_get_proxy

3024

@anchor{gnutls_x509_crt_get_proxy}

3025

@deftypefun {int} {gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy})

3026

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3027

3028

@var{critical}: will be non zero if the extension is marked as critical

3029

3030

@var{pathlen}: pointer to output integer indicating path length (may be

3031

NULL), non-negative values indicate a present pCPathLenConstraint

3032

field and the actual value, -1 indicate that the field is absent.

3033

3034

@var{policyLanguage}: output variable with OID of policy language

3035

3036

@var{policy}: output variable with policy data

3037

3038

@var{sizeof_policy}: output variable size of policy data

3039

3040

This function will get information from a proxy certificate. It

3041

reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14).

3042

3043

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,

3044

otherwise an error code is returned.

3045

@end deftypefun

3046

3047

@subheading gnutls_x509_crt_get_extension_by_oid

3048

@anchor{gnutls_x509_crt_get_extension_by_oid}

3049

@deftypefun {int} {gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf}, unsigned int * @var{critical})

3050

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3051

3052

@var{oid}: holds an Object Identified in null terminated string

3053

3054

@var{indx}: In case multiple same OIDs exist in the extensions, this specifies which to send. Use zero to get the first one.

3055

3056

@var{buf}: a pointer to a structure to hold the name (may be null)

3057

3058

@var{sizeof_buf}: initially holds the size of @code{buf}

3059

3060

@var{critical}: will be non zero if the extension is marked as critical

3061

3062

This function will return the extension specified by the OID in the

3063

certificate. The extensions will be returned as binary data DER

3064

encoded, in the provided buffer.

3065

3066

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,

3067

otherwise an error code is returned. If the certificate does not

3068

contain the specified extension

3069

GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.

3070

@end deftypefun

3071

3072

@subheading gnutls_x509_crt_get_extension_oid

3073

@anchor{gnutls_x509_crt_get_extension_oid}

3074

@deftypefun {int} {gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})

3075

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3076

3077

@var{indx}: Specifies which extension OID to send. Use zero to get the first one.

3078

3079

@var{oid}: a pointer to a structure to hold the OID (may be null)

3080

3081

@var{sizeof_oid}: initially holds the size of @code{oid}

3082

3083

This function will return the requested extension OID in the certificate.

3084

The extension OID will be stored as a string in the provided buffer.

3085

3086

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,

3087

otherwise an error code is returned. If you have reached the

3088

last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}

3089

will be returned.

3090

@end deftypefun

3091

3092

@subheading gnutls_x509_crt_get_extension_info

3093

@anchor{gnutls_x509_crt_get_extension_info}

3094

@deftypefun {int} {gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, int * @var{critical})

3095

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3096

3097

@var{indx}: Specifies which extension OID to send. Use zero to get the first one.

3098

3099

@var{oid}: a pointer to a structure to hold the OID

3100

3101

@var{sizeof_oid}: initially holds the maximum size of @code{oid}, on return

3102

holds actual size of @code{oid}.

3103

3104

@var{critical}: output variable with critical flag, may be NULL.

3105

3106

This function will return the requested extension OID in the

3107

certificate, and the critical flag for it. The extension OID will

3108

be stored as a string in the provided buffer. Use

3109

@code{gnutls_x509_crt_get_extension_data()} to extract the data.

3110

3111

If the buffer provided is not long enough to hold the output, then

3112

*@code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be

3113

returned.

3114

3115

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,

3116

otherwise an error code is returned. If you have reached the

3117

last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}

3118

will be returned.

3119

@end deftypefun

3120

3121

@subheading gnutls_x509_crt_get_extension_data

3122

@anchor{gnutls_x509_crt_get_extension_data}

3123

@deftypefun {int} {gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})

3124

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3125

3126

@var{indx}: Specifies which extension OID to send. Use zero to get the first one.

3127

3128

@var{data}: a pointer to a structure to hold the data (may be null)

3129

3130

@var{sizeof_data}: initially holds the size of @code{oid}

3131

3132

This function will return the requested extension data in the

3133

certificate. The extension data will be stored as a string in the

3134

provided buffer.

3135

3136

Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID and

3137

critical flag. Use @code{gnutls_x509_crt_get_extension_by_oid()} instead,

3138

if you want to get data indexed by the extension OID rather than

3139

sequence.

3140

3141

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,

3142

otherwise an error code is returned. If you have reached the

3143

last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}

3144

will be returned.

3145

@end deftypefun

3146

3147

@subheading gnutls_x509_crt_get_raw_issuer_dn

3148

@anchor{gnutls_x509_crt_get_raw_issuer_dn}

3149

@deftypefun {int} {gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{start})

3150

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3151

3152

@var{start}: will hold the starting point of the DN

3153

3154

This function will return a pointer to the DER encoded DN structure

3155

and the length.

3156

3157

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3158

negative error value.or a negative value on error.

3159

@end deftypefun

3160

3161

@subheading gnutls_x509_crt_get_raw_dn

3162

@anchor{gnutls_x509_crt_get_raw_dn}

3163

@deftypefun {int} {gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{start})

3164

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3165

3166

@var{start}: will hold the starting point of the DN

3167

3168

This function will return a pointer to the DER encoded DN structure and

3169

the length.

3170

3171

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3172

negative error value. or a negative value on error.

3173

@end deftypefun

3174

3175

@subheading gnutls_x509_crt_get_subject

3176

@anchor{gnutls_x509_crt_get_subject}

3177

@deftypefun {int} {gnutls_x509_crt_get_subject} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn})

3178

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3179

3180

@var{dn}: output variable with pointer to opaque DN.

3181

3182

Return the Certificate's Subject DN as an opaque data type. You

3183

may use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN.

3184

3185

Note that @code{dn} should be treated as constant. Because points

3186

into the @code{cert} object, you may not deallocate @code{cert}

3187

and continue to access @code{dn}.

3188

3189

@strong{Returns:} Returns 0 on success, or an error code.

3190

@end deftypefun

3191

3192

@subheading gnutls_x509_crt_get_issuer

3193

@anchor{gnutls_x509_crt_get_issuer}

3194

@deftypefun {int} {gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn})

3195

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3196

3197

@var{dn}: output variable with pointer to opaque DN

3198

3199

Return the Certificate's Issuer DN as an opaque data type. You may

3200

use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN.

3201

3202

Note that @code{dn} should be treated as constant. Because points

3203

into the @code{cert} object, you may not deallocate @code{cert}

3204

and continue to access @code{dn}.

3205

3206

@strong{Returns:} Returns 0 on success, or an error code.

3207

@end deftypefun

3208

3209

@subheading gnutls_x509_dn_get_rdn_ava

3210

@anchor{gnutls_x509_dn_get_rdn_ava}

3211

@deftypefun {int} {gnutls_x509_dn_get_rdn_ava} (gnutls_x509_dn_t @var{dn}, int @var{irdn}, int @var{iava}, gnutls_x509_ava_st * @var{ava})

3212

@var{dn}: input variable with opaque DN pointer

3213

3214

@var{irdn}: index of RDN

3215

3216

@var{iava}: index of AVA.

3217

3218

@var{ava}: Pointer to structure which will hold output information.

3219

3220

Get pointers to data within the DN.

3221

3222

Note that @code{ava} will contain pointers into the @code{dn} structure, so you

3223

should not modify any data or deallocate it. Note also that the DN

3224

in turn points into the original certificate structure, and thus

3225

you may not deallocate the certificate and continue to access @code{dn}.

3226

3227

@strong{Returns:} Returns 0 on success, or an error code.

3228

@end deftypefun

3229

3230

@subheading gnutls_x509_crt_get_fingerprint

3231

@anchor{gnutls_x509_crt_get_fingerprint}

3232

@deftypefun {int} {gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t @var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t * @var{sizeof_buf})

3233

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3234

3235

@var{algo}: is a digest algorithm

3236

3237

@var{buf}: a pointer to a structure to hold the fingerprint (may be null)

3238

3239

@var{sizeof_buf}: initially holds the size of @code{buf}

3240

3241

This function will calculate and copy the certificate's fingerprint

3242

in the provided buffer.

3243

3244

If the buffer is null then only the size will be filled.

3245

3246

@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is

3247

not long enough, and in that case the *sizeof_buf will be updated

3248

with the required size. On success 0 is returned.

3249

@end deftypefun

3250

3251

@subheading gnutls_x509_crt_export

3252

@anchor{gnutls_x509_crt_export}

3253

@deftypefun {int} {gnutls_x509_crt_export} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})

3254

@var{cert}: Holds the certificate

3255

3256

@var{format}: the format of output params. One of PEM or DER.

3257

3258

@var{output_data}: will contain a certificate PEM or DER encoded

3259

3260

@var{output_data_size}: holds the size of output_data (and will be

3261

replaced by the actual size of parameters)

3262

3263

This function will export the certificate to DER or PEM format.

3264

3265

If the buffer provided is not long enough to hold the output, then

3266

*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will

3267

be returned.

3268

3269

If the structure is PEM encoded, it will have a header

3270

of "BEGIN CERTIFICATE".

3271

3272

@strong{Return value:} In case of failure a negative value will be

3273

returned, and 0 on success.

3274

@end deftypefun

3275

3276

@subheading gnutls_x509_crt_get_key_id

3277

@anchor{gnutls_x509_crt_get_key_id}

3278

@deftypefun {int} {gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})

3279

@var{crt}: Holds the certificate

3280

3281

@var{flags}: should be 0 for now

3282

3283

@var{output_data}: will contain the key ID

3284

3285

@var{output_data_size}: holds the size of output_data (and will be

3286

replaced by the actual size of parameters)

3287

3288

This function will return a unique ID the depends on the public

3289

key parameters. This ID can be used in checking whether a

3290

certificate corresponds to the given private key.

3291

3292

If the buffer provided is not long enough to hold the output, then

3293

*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will

3294

be returned. The output will normally be a SHA-1 hash output,

3295

which is 20 bytes.

3296

3297

@strong{Return value:} In case of failure a negative value will be

3298

returned, and 0 on success.

3299

@end deftypefun

3300

3301

@subheading gnutls_x509_crt_check_revocation

3302

@anchor{gnutls_x509_crt_check_revocation}

3303

@deftypefun {int} {gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_length})

3304

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3305

3306

@var{crl_list}: should contain a list of gnutls_x509_crl_t structures

3307

3308

@var{crl_list_length}: the length of the crl_list

3309

3310

This function will return check if the given certificate is

3311

revoked. It is assumed that the CRLs have been verified before.

3312

3313

@strong{Returns:} 0 if the certificate is NOT revoked, and 1 if it is. A

3314

negative value is returned on error.

3315

@end deftypefun

3316

3317

@subheading gnutls_x509_crt_get_verify_algorithm

3318

@anchor{gnutls_x509_crt_get_verify_algorithm}

3319

@deftypefun {int} {gnutls_x509_crt_get_verify_algorithm} (gnutls_x509_crt_t @var{crt}, const gnutls_datum_t * @var{signature}, gnutls_digest_algorithm_t * @var{hash})

3320

@var{crt}: Holds the certificate

3321

3322

@var{signature}: contains the signature

3323

3324

@var{hash}: The result of the call with the hash algorithm used for signature

3325

3326

This function will read the certifcate and the signed data to

3327

determine the hash algorithm used to generate the signature.

3328

3329

@strong{Returns:} the 0 if the hash algorithm is found. A negative value is

3330

returned on error.

3331

3332

@strong{Since:} 2.8.0

3333

@end deftypefun

3334

3335

@subheading gnutls_x509_crt_verify_data

3336

@anchor{gnutls_x509_crt_verify_data}

3337

@deftypefun {int} {gnutls_x509_crt_verify_data} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature})

3338

@var{crt}: Holds the certificate

3339

3340

@var{flags}: should be 0 for now

3341

3342

@var{data}: holds the data to be signed

3343

3344

@var{signature}: contains the signature

3345

3346

This function will verify the given signed data, using the

3347

parameters from the certificate.

3348

3349

@strong{Returns:} In case of a verification failure 0 is returned, and 1 on

3350

success.

3351

@end deftypefun

3352

3353

@subheading gnutls_x509_crt_verify_hash

3354

@anchor{gnutls_x509_crt_verify_hash}

3355

@deftypefun {int} {gnutls_x509_crt_verify_hash} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature})

3356

@var{crt}: Holds the certificate

3357

3358

@var{flags}: should be 0 for now

3359

3360

@var{hash}: holds the hash digest to be verified

3361

3362

@var{signature}: contains the signature

3363

3364

This function will verify the given signed digest, using the

3365

parameters from the certificate.

3366

3367

@strong{Returns:} In case of a verification failure 0 is returned, and 1 on

3368

success.

3369

@end deftypefun

3370

3371

@subheading gnutls_x509_crt_get_crl_dist_points

3372

@anchor{gnutls_x509_crt_get_crl_dist_points}

3373

@deftypefun {int} {gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{reason_flags}, unsigned int * @var{critical})

3374

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3375

3376

@var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.)

3377

3378

@var{ret}: is the place where the distribution point will be copied to

3379

3380

@var{ret_size}: holds the size of ret.

3381

3382

@var{reason_flags}: Revocation reasons flags.

3383

3384

@var{critical}: will be non zero if the extension is marked as critical (may be null)

3385

3386

This function will return the CRL distribution points (2.5.29.31),

3387

contained in the given certificate.

3388

3389

@code{reason_flags} should be an ORed sequence of

3390

GNUTLS_CRL_REASON_UNUSED, GNUTLS_CRL_REASON_KEY_COMPROMISE,

3391

GNUTLS_CRL_REASON_CA_COMPROMISE,

3392

GNUTLS_CRL_REASON_AFFILIATION_CHANGED,

3393

GNUTLS_CRL_REASON_SUPERSEEDED,

3394

GNUTLS_CRL_REASON_CESSATION_OF_OPERATION,

3395

GNUTLS_CRL_REASON_CERTIFICATE_HOLD,

3396

GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN,

3397

GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons.

3398

3399

This is specified in X509v3 Certificate Extensions. GNUTLS will

3400

return the distribution point type, or a negative error code on

3401

error.

3402

3403

@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} and updates &@code{ret_size} if

3404

&@code{ret_size} is not enough to hold the distribution point, or the

3405

type of the distribution point if everything was ok. The type is

3406

one of the enumerated @code{gnutls_x509_subject_alt_name_t}. If the

3407

certificate does not have an Alternative name with the specified

3408

sequence number then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is

3409

returned.

3410

@end deftypefun

3411

3412

@subheading gnutls_x509_crt_get_key_purpose_oid

3413

@anchor{gnutls_x509_crt_get_key_purpose_oid}

3414

@deftypefun {int} {gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical})

3415

@var{cert}: should contain a @code{gnutls_x509_crt_t} structure

3416

3417

@var{indx}: This specifies which OID to return. Use zero to get the first one.

3418

3419

@var{oid}: a pointer to a buffer to hold the OID (may be null)

3420

3421

@var{sizeof_oid}: initially holds the size of @code{oid}

3422

3423

@var{critical}: output flag to indicate criticality of extension

3424

3425

This function will extract the key purpose OIDs of the Certificate

3426

specified by the given index. These are stored in the Extended

3427

Key Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions

3428

for human readable names.

3429

3430

If @code{oid} is null then only the size will be filled.

3431

3432

@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is

3433

not long enough, and in that case the *sizeof_oid will be

3434

updated with the required size. On success 0 is returned.

3435

@end deftypefun

3436

3437

@subheading gnutls_x509_crt_get_pk_rsa_raw

3438

@anchor{gnutls_x509_crt_get_pk_rsa_raw}

3439

@deftypefun {int} {gnutls_x509_crt_get_pk_rsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e})

3440

@var{crt}: Holds the certificate

3441

3442

@var{m}: will hold the modulus

3443

3444

@var{e}: will hold the public exponent

3445

3446

This function will export the RSA public key's parameters found in

3447

the given structure. The new parameters will be allocated using

3448

@code{gnutls_malloc()} and will be stored in the appropriate datum.

3449

3450

@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error.

3451

@end deftypefun

3452

3453

@subheading gnutls_x509_crt_get_pk_dsa_raw

3454

@anchor{gnutls_x509_crt_get_pk_dsa_raw}

3455

@deftypefun {int} {gnutls_x509_crt_get_pk_dsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y})

3456

@var{crt}: Holds the certificate

3457

3458

@var{p}: will hold the p

3459

3460

@var{q}: will hold the q

3461

3462

@var{g}: will hold the g

3463

3464

@var{y}: will hold the y

3465

3466

This function will export the DSA public key's parameters found in

3467

the given certificate. The new parameters will be allocated using

3468

@code{gnutls_malloc()} and will be stored in the appropriate datum.

3469

3470

@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error.

3471

@end deftypefun

3472

3473

@subheading gnutls_x509_crt_list_import

3474

@anchor{gnutls_x509_crt_list_import}

3475

@deftypefun {int} {gnutls_x509_crt_list_import} (gnutls_x509_crt_t * @var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})

3476

@var{certs}: The structures to store the parsed certificate. Must not be initialized.

3477

3478

@var{cert_max}: Initially must hold the maximum number of certs. It will be updated with the number of certs available.

3479

3480

@var{data}: The PEM encoded certificate.

3481

3482

@var{format}: One of DER or PEM.

3483

3484

@var{flags}: must be zero or an OR'd sequence of gnutls_certificate_import_flags.

3485

3486

This function will convert the given PEM encoded certificate list

3487

to the native gnutls_x509_crt_t format. The output will be stored

3488

in @code{certs}. They will be automatically initialized.

3489

3490

If the Certificate is PEM encoded it should have a header of "X509

3491

CERTIFICATE", or "CERTIFICATE".

3492

3493

@strong{Returns:} the number of certificates read or a negative error value.

3494

@end deftypefun

3495

3496

@subheading gnutls_x509_crt_set_dn_by_oid

3497

@anchor{gnutls_x509_crt_set_dn_by_oid}

3498

@deftypefun {int} {gnutls_x509_crt_set_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})

3499

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3500

3501

@var{oid}: holds an Object Identifier in a null terminated string

3502

3503

@var{raw_flag}: must be 0, or 1 if the data are DER encoded

3504

3505

@var{name}: a pointer to the name

3506

3507

@var{sizeof_name}: holds the size of @code{name}

3508

3509

This function will set the part of the name of the Certificate

3510

subject, specified by the given OID. The input string should be

3511

ASCII or UTF-8 encoded.

3512

3513

Some helper macros with popular OIDs can be found in gnutls/x509.h

3514

With this function you can only set the known OIDs. You can test

3515

for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are

3516

not known (by gnutls) you should properly DER encode your data,

3517

and call this function with @code{raw_flag} set.

3518

3519

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3520

negative error value.

3521

@end deftypefun

3522

3523

@subheading gnutls_x509_crt_set_issuer_dn_by_oid

3524

@anchor{gnutls_x509_crt_set_issuer_dn_by_oid}

3525

@deftypefun {int} {gnutls_x509_crt_set_issuer_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})

3526

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3527

3528

@var{oid}: holds an Object Identifier in a null terminated string

3529

3530

@var{raw_flag}: must be 0, or 1 if the data are DER encoded

3531

3532

@var{name}: a pointer to the name

3533

3534

@var{sizeof_name}: holds the size of @code{name}

3535

3536

This function will set the part of the name of the Certificate

3537

issuer, specified by the given OID. The input string should be

3538

ASCII or UTF-8 encoded.

3539

3540

Some helper macros with popular OIDs can be found in gnutls/x509.h

3541

With this function you can only set the known OIDs. You can test

3542

for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are

3543

not known (by gnutls) you should properly DER encode your data,

3544

and call this function with @code{raw_flag} set.

3545

3546

Normally you do not need to call this function, since the signing

3547

operation will copy the signer's name as the issuer of the

3548

certificate.

3549

3550

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3551

negative error value.

3552

@end deftypefun

3553

3554

@subheading gnutls_x509_crt_set_proxy_dn

3555

@anchor{gnutls_x509_crt_set_proxy_dn}

3556

@deftypefun {int} {gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})

3557

@var{crt}: a gnutls_x509_crt_t structure with the new proxy cert

3558

3559

@var{eecrt}: the end entity certificate that will be issuing the proxy

3560

3561

@var{raw_flag}: must be 0, or 1 if the CN is DER encoded

3562

3563

@var{name}: a pointer to the CN name, may be NULL (but MUST then be added later)

3564

3565

@var{sizeof_name}: holds the size of @code{name}

3566

3567

This function will set the subject in @code{crt} to the end entity's

3568

@code{eecrt} subject name, and add a single Common Name component @code{name}

3569

of size @code{sizeof_name}. This corresponds to the required proxy

3570

certificate naming style. Note that if @code{name} is @code{NULL}, you MUST

3571

set it later by using @code{gnutls_x509_crt_set_dn_by_oid()} or similar.

3572

3573

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3574

negative error value.

3575

@end deftypefun

3576

3577

@subheading gnutls_x509_crt_set_version

3578

@anchor{gnutls_x509_crt_set_version}

3579

@deftypefun {int} {gnutls_x509_crt_set_version} (gnutls_x509_crt_t @var{crt}, unsigned int @var{version})

3580

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3581

3582

@var{version}: holds the version number. For X.509v1 certificates must be 1.

3583

3584

This function will set the version of the certificate. This must

3585

be one for X.509 version 1, and so on. Plain certificates without

3586

extensions must have version set to one.

3587

3588

To create well-formed certificates, you must specify version 3 if

3589

you use any certificate extensions. Extensions are created by

3590

functions such as @code{gnutls_x509_crt_set_subject_alt_name()}

3591

or @code{gnutls_x509_crt_set_key_usage()}.

3592

3593

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3594

negative error value.

3595

@end deftypefun

3596

3597

@subheading gnutls_x509_crt_set_key

3598

@anchor{gnutls_x509_crt_set_key}

3599

@deftypefun {int} {gnutls_x509_crt_set_key} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{key})

3600

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3601

3602

@var{key}: holds a private key

3603

3604

This function will set the public parameters from the given

3605

private key to the certificate. Only RSA keys are currently

3606

supported.

3607

3608

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3609

negative error value.

3610

@end deftypefun

3611

3612

@subheading gnutls_x509_crt_set_crq

3613

@anchor{gnutls_x509_crt_set_crq}

3614

@deftypefun {int} {gnutls_x509_crt_set_crq} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq})

3615

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3616

3617

@var{crq}: holds a certificate request

3618

3619

This function will set the name and public parameters as well as

3620

the extensions from the given certificate request to the certificate.

3621

Only RSA keys are currently supported.

3622

3623

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3624

negative error value.

3625

@end deftypefun

3626

3627

@subheading gnutls_x509_crt_set_crq_extensions

3628

@anchor{gnutls_x509_crt_set_crq_extensions}

3629

@deftypefun {int} {gnutls_x509_crt_set_crq_extensions} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq})

3630

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3631

3632

@var{crq}: holds a certificate request

3633

3634

This function will set extensions from the given request to the

3635

certificate.

3636

3637

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3638

negative error value.

3639

3640

@strong{Since:} 2.8.0

3641

@end deftypefun

3642

3643

@subheading gnutls_x509_crt_set_extension_by_oid

3644

@anchor{gnutls_x509_crt_set_extension_by_oid}

3645

@deftypefun {int} {gnutls_x509_crt_set_extension_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical})

3646

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3647

3648

@var{oid}: holds an Object Identified in null terminated string

3649

3650

@var{buf}: a pointer to a DER encoded data

3651

3652

@var{sizeof_buf}: holds the size of @code{buf}

3653

3654

@var{critical}: should be non zero if the extension is to be marked as critical

3655

3656

This function will set an the extension, by the specified OID, in

3657

the certificate. The extension data should be binary data DER

3658

encoded.

3659

3660

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3661

negative error value.and a negative value in case of an error.

3662

@end deftypefun

3663

3664

@subheading gnutls_x509_crt_set_basic_constraints

3665

@anchor{gnutls_x509_crt_set_basic_constraints}

3666

@deftypefun {int} {gnutls_x509_crt_set_basic_constraints} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}, int @var{pathLenConstraint})

3667

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3668

3669

@var{ca}: true(1) or false(0). Depending on the Certificate authority status.

3670

3671

@var{pathLenConstraint}: non-negative values indicate maximum length of path,

3672

and negative values indicate that the pathLenConstraints field should

3673

not be present.

3674

3675

This function will set the basicConstraints certificate extension.

3676

3677

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3678

negative error value.

3679

@end deftypefun

3680

3681

@subheading gnutls_x509_crt_set_ca_status

3682

@anchor{gnutls_x509_crt_set_ca_status}

3683

@deftypefun {int} {gnutls_x509_crt_set_ca_status} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca})

3684

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3685

3686

@var{ca}: true(1) or false(0). Depending on the Certificate authority status.

3687

3688

This function will set the basicConstraints certificate extension.

3689

Use @code{gnutls_x509_crt_set_basic_constraints()} if you want to control

3690

the pathLenConstraint field too.

3691

3692

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3693

negative error value.

3694

@end deftypefun

3695

3696

@subheading gnutls_x509_crt_set_key_usage

3697

@anchor{gnutls_x509_crt_set_key_usage}

3698

@deftypefun {int} {gnutls_x509_crt_set_key_usage} (gnutls_x509_crt_t @var{crt}, unsigned int @var{usage})

3699

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3700

3701

@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements.

3702

3703

This function will set the keyUsage certificate extension.

3704

3705

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3706

negative error value.

3707

@end deftypefun

3708

3709

@subheading gnutls_x509_crt_set_subject_alternative_name

3710

@anchor{gnutls_x509_crt_set_subject_alternative_name}

3711

@deftypefun {int} {gnutls_x509_crt_set_subject_alternative_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const char * @var{data_string})

3712

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3713

3714

@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations

3715

3716

@var{data_string}: The data to be set, a zero terminated string

3717

3718

This function will set the subject alternative name certificate

3719

extension. This function assumes that data can be expressed as a null

3720

terminated string.

3721

3722

The name of the function is unfortunate since it is incosistent with

3723

@code{gnutls_x509_crt_get_subject_alt_name()}.

3724

3725

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3726

negative error value.

3727

@end deftypefun

3728

3729

@subheading gnutls_x509_crt_set_subject_alt_name

3730

@anchor{gnutls_x509_crt_set_subject_alt_name}

3731

@deftypefun {int} {gnutls_x509_crt_set_subject_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags})

3732

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3733

3734

@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations

3735

3736

@var{data}: The data to be set

3737

3738

@var{data_size}: The size of data to be set

3739

3740

@var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append.

3741

3742

This function will set the subject alternative name certificate

3743

extension. It can set the following types:

3744

3745

&GNUTLS_SAN_DNSNAME: as a text string

3746

3747

&GNUTLS_SAN_RFC822NAME: as a text string

3748

3749

&GNUTLS_SAN_URI: as a text string

3750

3751

&GNUTLS_SAN_IPADDRESS: as a binary IP address (4 or 16 bytes)

3752

3753

Other values can be set as binary values with the proper DER encoding.

3754

3755

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3756

negative error value.

3757

3758

@strong{Since:} 2.6.0

3759

@end deftypefun

3760

3761

@subheading gnutls_x509_crt_set_proxy

3762

@anchor{gnutls_x509_crt_set_proxy}

3763

@deftypefun {int} {gnutls_x509_crt_set_proxy} (gnutls_x509_crt_t @var{crt}, int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy})

3764

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3765

3766

@var{pathLenConstraint}: non-negative values indicate maximum length of path,

3767

and negative values indicate that the pathLenConstraints field should

3768

not be present.

3769

3770

@var{policyLanguage}: OID describing the language of @code{policy}.

3771

3772

@var{policy}: opaque byte array with policy language, can be @code{NULL}

3773

3774

@var{sizeof_policy}: size of @code{policy}.

3775

3776

This function will set the proxyCertInfo extension.

3777

3778

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3779

negative error value.

3780

@end deftypefun

3781

3782

@subheading gnutls_x509_crt_sign2

3783

@anchor{gnutls_x509_crt_sign2}

3784

@deftypefun {int} {gnutls_x509_crt_sign2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})

3785

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3786

3787

@var{issuer}: is the certificate of the certificate issuer

3788

3789

@var{issuer_key}: holds the issuer's private key

3790

3791

@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA1} is a safe choice

3792

3793

@var{flags}: must be 0

3794

3795

This function will sign the certificate with the issuer's private key, and

3796

will copy the issuer's information into the certificate.

3797

3798

This must be the last step in a certificate generation since all

3799

the previously set parameters are now signed.

3800

3801

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3802

negative error value.

3803

@end deftypefun

3804

3805

@subheading gnutls_x509_crt_sign

3806

@anchor{gnutls_x509_crt_sign}

3807

@deftypefun {int} {gnutls_x509_crt_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key})

3808

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3809

3810

@var{issuer}: is the certificate of the certificate issuer

3811

3812

@var{issuer_key}: holds the issuer's private key

3813

3814

This function is the same a @code{gnutls_x509_crt_sign2()} with no flags,

3815

and SHA1 as the hash algorithm.

3816

3817

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3818

negative error value.

3819

@end deftypefun

3820

3821

@subheading gnutls_x509_crt_set_activation_time

3822

@anchor{gnutls_x509_crt_set_activation_time}

3823

@deftypefun {int} {gnutls_x509_crt_set_activation_time} (gnutls_x509_crt_t @var{cert}, time_t @var{act_time})

3824

@var{cert}: a certificate of type @code{gnutls_x509_crt_t}

3825

3826

@var{act_time}: The actual time

3827

3828

This function will set the time this Certificate was or will be

3829

activated.

3830

3831

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3832

negative error value.

3833

@end deftypefun

3834

3835

@subheading gnutls_x509_crt_set_expiration_time

3836

@anchor{gnutls_x509_crt_set_expiration_time}

3837

@deftypefun {int} {gnutls_x509_crt_set_expiration_time} (gnutls_x509_crt_t @var{cert}, time_t @var{exp_time})

3838

@var{cert}: a certificate of type @code{gnutls_x509_crt_t}

3839

3840

@var{exp_time}: The actual time

3841

3842

This function will set the time this Certificate will expire.

3843

3844

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3845

negative error value.

3846

@end deftypefun

3847

3848

@subheading gnutls_x509_crt_set_serial

3849

@anchor{gnutls_x509_crt_set_serial}

3850

@deftypefun {int} {gnutls_x509_crt_set_serial} (gnutls_x509_crt_t @var{cert}, const void * @var{serial}, size_t @var{serial_size})

3851

@var{cert}: a certificate of type @code{gnutls_x509_crt_t}

3852

3853

@var{serial}: The serial number

3854

3855

@var{serial_size}: Holds the size of the serial field.

3856

3857

This function will set the X.509 certificate's serial number.

3858

Serial is not always a 32 or 64bit number. Some CAs use large

3859

serial numbers, thus it may be wise to handle it as something

3860

opaque.

3861

3862

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3863

negative error value.

3864

@end deftypefun

3865

3866

@subheading gnutls_x509_crt_set_crl_dist_points

3867

@anchor{gnutls_x509_crt_set_crl_dist_points}

3868

@deftypefun {int} {gnutls_x509_crt_set_crl_dist_points} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data_string}, unsigned int @var{reason_flags})

3869

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3870

3871

@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations

3872

3873

@var{data_string}: The data to be set

3874

3875

@var{reason_flags}: revocation reasons

3876

3877

This function will set the CRL distribution points certificate extension.

3878

3879

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3880

negative error value.

3881

@end deftypefun

3882

3883

@subheading gnutls_x509_crt_set_crl_dist_points2

3884

@anchor{gnutls_x509_crt_set_crl_dist_points2}

3885

@deftypefun {int} {gnutls_x509_crt_set_crl_dist_points2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{reason_flags})

3886

@var{crt}: a certificate of type @code{gnutls_x509_crt_t}

3887

3888

@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations

3889

3890

@var{data}: The data to be set

3891

3892

@var{data_size}: The data size

3893

3894

@var{reason_flags}: revocation reasons

3895

3896

This function will set the CRL distribution points certificate extension.

3897

3898

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3899

negative error value.

3900

3901

@strong{Since:} 2.6.0

3902

@end deftypefun

3903

3904

@subheading gnutls_x509_crt_cpy_crl_dist_points

3905

@anchor{gnutls_x509_crt_cpy_crl_dist_points}

3906

@deftypefun {int} {gnutls_x509_crt_cpy_crl_dist_points} (gnutls_x509_crt_t @var{dst}, gnutls_x509_crt_t @var{src})

3907

@var{dst}: a certificate of type @code{gnutls_x509_crt_t}

3908

3909

@var{src}: the certificate where the dist points will be copied from

3910

3911

This function will copy the CRL distribution points certificate

3912

extension, from the source to the destination certificate.

3913

This may be useful to copy from a CA certificate to issued ones.

3914

3915

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3916

negative error value.

3917

@end deftypefun

3918

3919

@subheading gnutls_x509_crt_set_subject_key_id

3920

@anchor{gnutls_x509_crt_set_subject_key_id}

3921

@deftypefun {int} {gnutls_x509_crt_set_subject_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size})

3922

@var{cert}: a certificate of type @code{gnutls_x509_crt_t}

3923

3924

@var{id}: The key ID

3925

3926

@var{id_size}: Holds the size of the serial field.

3927

3928

This function will set the X.509 certificate's subject key ID

3929

extension.

3930

3931

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3932

negative error value.

3933

@end deftypefun

3934

3935

@subheading gnutls_x509_crt_set_authority_key_id

3936

@anchor{gnutls_x509_crt_set_authority_key_id}

3937

@deftypefun {int} {gnutls_x509_crt_set_authority_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size})

3938

@var{cert}: a certificate of type @code{gnutls_x509_crt_t}

3939

3940

@var{id}: The key ID

3941

3942

@var{id_size}: Holds the size of the serial field.

3943

3944

This function will set the X.509 certificate's authority key ID extension.

3945

Only the keyIdentifier field can be set with this function.

3946

3947

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a

3948

negative error value.

3949

@end deftypefun

3950

3951

@subheading gnutls_x509_crt_set_key_purpose_oid

3952

@anchor{gnutls_x509_crt_set_key_purpose_oid}

3953

@deftypefun {int} {gnutls_x509_crt_set_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, const void * @var{oid}, unsigned int @var{critical})

3954

@var{cert}: a certificate of type @code{gnutls_x509_crt_t}

3955

3956

@var{oid}: a pointer to a null terminated string that holds the OID

3957

3958

@var{critical}: Whether this extension will be critical or not

3959

3960

This function will set the key purpose OIDs of the Certificate.

3961

These are stored in the Extended Key Usage extension (2.5.29.37)

3962

See the GNUTLS_KP_* definitions for human readable names.

3963

3964

Subsequent calls to this function will append OIDs to the OID list.

3965

3966

@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,

3967

otherwise an error code is returned.

3968

@end deftypefun

3969

Older »