2
@subheading gnutls_x509_dn_oid_known
3
@anchor{gnutls_x509_dn_oid_known}
4
@deftypefun {int} {gnutls_x509_dn_oid_known} (const char * @var{oid})
5
@var{oid}: holds an Object Identifier in a null terminated string
7
This function will inform about known DN OIDs. This is useful since
8
functions like @code{gnutls_x509_crt_set_dn_by_oid()} use the information
9
on known OIDs to properly encode their input. Object Identifiers
10
that are not known are not encoded by these functions, and their
11
input is stored directly into the ASN.1 structure. In that case of
12
unknown OIDs, you have the responsibility of DER encoding your
15
@strong{Returns:} 1 on known OIDs and 0 otherwise.
18
@subheading gnutls_x509_crl_init
19
@anchor{gnutls_x509_crl_init}
20
@deftypefun {int} {gnutls_x509_crl_init} (gnutls_x509_crl_t * @var{crl})
21
@var{crl}: The structure to be initialized
23
This function will initialize a CRL structure. CRL stands for
24
Certificate Revocation List. A revocation list usually contains
25
lists of certificate serial numbers that have been revoked by an
26
Authority. The revocation lists are always signed with the
27
authority's private key.
29
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
33
@subheading gnutls_x509_crl_deinit
34
@anchor{gnutls_x509_crl_deinit}
35
@deftypefun {void} {gnutls_x509_crl_deinit} (gnutls_x509_crl_t @var{crl})
36
@var{crl}: The structure to be initialized
38
This function will deinitialize a CRL structure.
41
@subheading gnutls_x509_crl_import
42
@anchor{gnutls_x509_crl_import}
43
@deftypefun {int} {gnutls_x509_crl_import} (gnutls_x509_crl_t @var{crl}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
44
@var{crl}: The structure to store the parsed CRL.
46
@var{data}: The DER or PEM encoded CRL.
48
@var{format}: One of DER or PEM
50
This function will convert the given DER or PEM encoded CRL
51
to the native @code{gnutls_x509_crl_t} format. The output will be stored in 'crl'.
53
If the CRL is PEM encoded it should have a header of "X509 CRL".
55
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
59
@subheading gnutls_x509_crl_get_issuer_dn
60
@anchor{gnutls_x509_crl_get_issuer_dn}
61
@deftypefun {int} {gnutls_x509_crl_get_issuer_dn} (const gnutls_x509_crl_t @var{crl}, char * @var{buf}, size_t * @var{sizeof_buf})
62
@var{crl}: should contain a gnutls_x509_crl_t structure
64
@var{buf}: a pointer to a structure to hold the peer's name (may be null)
66
@var{sizeof_buf}: initially holds the size of @code{buf}
68
This function will copy the name of the CRL issuer in the provided
69
buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
70
described in RFC2253. The output string will be ASCII or UTF-8
71
encoded, depending on the certificate data.
73
If buf is @code{NULL} then only the size will be filled.
75
@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
76
not long enough, and in that case the sizeof_buf will be updated
77
with the required size, and 0 on success.
80
@subheading gnutls_x509_crl_get_issuer_dn_by_oid
81
@anchor{gnutls_x509_crl_get_issuer_dn_by_oid}
82
@deftypefun {int} {gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t @var{crl}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
83
@var{crl}: should contain a gnutls_x509_crl_t structure
85
@var{oid}: holds an Object Identified in null terminated string
87
@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
89
@var{raw_flag}: If non zero returns the raw DER data of the DN part.
91
@var{buf}: a pointer to a structure to hold the peer's name (may be null)
93
@var{sizeof_buf}: initially holds the size of @code{buf}
95
This function will extract the part of the name of the CRL issuer
96
specified by the given OID. The output will be encoded as described
97
in RFC2253. The output string will be ASCII or UTF-8 encoded,
98
depending on the certificate data.
100
Some helper macros with popular OIDs can be found in gnutls/x509.h
101
If raw flag is zero, this function will only return known OIDs as
102
text. Other OIDs will be DER encoded, as described in RFC2253 -- in
103
hex format with a '\#' prefix. You can check about known OIDs
104
using @code{gnutls_x509_dn_oid_known()}.
106
If buf is null then only the size will be filled.
108
@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
109
not long enough, and in that case the sizeof_buf will be updated
110
with the required size, and 0 on success.
113
@subheading gnutls_x509_crl_get_dn_oid
114
@anchor{gnutls_x509_crl_get_dn_oid}
115
@deftypefun {int} {gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
116
@var{crl}: should contain a gnutls_x509_crl_t structure
118
@var{indx}: Specifies which DN OID to send. Use zero to get the first one.
120
@var{oid}: a pointer to a structure to hold the name (may be null)
122
@var{sizeof_oid}: initially holds the size of 'oid'
124
This function will extract the requested OID of the name of the CRL
125
issuer, specified by the given index.
127
If oid is null then only the size will be filled.
129
@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
130
not long enough, and in that case the sizeof_oid will be updated
131
with the required size. On success 0 is returned.
134
@subheading gnutls_x509_crl_get_signature_algorithm
135
@anchor{gnutls_x509_crl_get_signature_algorithm}
136
@deftypefun {int} {gnutls_x509_crl_get_signature_algorithm} (gnutls_x509_crl_t @var{crl})
137
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
139
This function will return a value of the @code{gnutls_sign_algorithm_t}
140
enumeration that is the signature algorithm.
142
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
143
negative error value.
146
@subheading gnutls_x509_crl_get_signature
147
@anchor{gnutls_x509_crl_get_signature}
148
@deftypefun {int} {gnutls_x509_crl_get_signature} (gnutls_x509_crl_t @var{crl}, char * @var{sig}, size_t * @var{sizeof_sig})
149
@var{crl}: should contain a gnutls_x509_crl_t structure
151
@var{sig}: a pointer where the signature part will be copied (may be null).
153
@var{sizeof_sig}: initially holds the size of @code{sig}
155
This function will extract the signature field of a CRL.
157
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
158
negative error value. and a negative value on error.
161
@subheading gnutls_x509_crl_get_version
162
@anchor{gnutls_x509_crl_get_version}
163
@deftypefun {int} {gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl})
164
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
166
This function will return the version of the specified CRL.
168
@strong{Returns:} The version number, or a negative value on error.
171
@subheading gnutls_x509_crl_get_this_update
172
@anchor{gnutls_x509_crl_get_this_update}
173
@deftypefun {time_t} {gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t @var{crl})
174
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
176
This function will return the time this CRL was issued.
178
@strong{Returns:} when the CRL was issued, or (time_t)-1 on error.
181
@subheading gnutls_x509_crl_get_next_update
182
@anchor{gnutls_x509_crl_get_next_update}
183
@deftypefun {time_t} {gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t @var{crl})
184
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
186
This function will return the time the next CRL will be issued.
187
This field is optional in a CRL so it might be normal to get an
190
@strong{Returns:} when the next CRL will be issued, or (time_t)-1 on error.
193
@subheading gnutls_x509_crl_get_crt_count
194
@anchor{gnutls_x509_crl_get_crt_count}
195
@deftypefun {int} {gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t @var{crl})
196
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
198
This function will return the number of revoked certificates in the
201
@strong{Returns:} number of certificates, a negative value on failure.
204
@subheading gnutls_x509_crl_get_crt_serial
205
@anchor{gnutls_x509_crl_get_crt_serial}
206
@deftypefun {int} {gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t @var{crl}, int @var{indx}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t})
207
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
209
@var{indx}: the index of the certificate to extract (starting from 0)
211
@var{serial}: where the serial number will be copied
213
@var{serial_size}: initially holds the size of serial
215
@var{t}: if non null, will hold the time this certificate was revoked
217
This function will retrieve the serial number of the specified, by
218
the index, revoked certificate.
220
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
221
negative error value. and a negative value on error.
224
@subheading gnutls_x509_crl_export
225
@anchor{gnutls_x509_crl_export}
226
@deftypefun {int} {gnutls_x509_crl_export} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
227
@var{crl}: Holds the revocation list
229
@var{format}: the format of output params. One of PEM or DER.
231
@var{output_data}: will contain a private key PEM or DER encoded
233
@var{output_data_size}: holds the size of output_data (and will
234
be replaced by the actual size of parameters)
236
This function will export the revocation list to DER or PEM format.
238
If the buffer provided is not long enough to hold the output, then
239
¤GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
241
If the structure is PEM encoded, it will have a header
244
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
245
negative error value. and a negative value on failure.
248
@subheading gnutls_x509_crl_get_authority_key_id
249
@anchor{gnutls_x509_crl_get_authority_key_id}
250
@deftypefun {int} {gnutls_x509_crl_get_authority_key_id} (gnutls_x509_crl_t @var{crl}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})
251
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
253
@var{ret}: The place where the identifier will be copied
255
@var{ret_size}: Holds the size of the result field.
257
@var{critical}: will be non zero if the extension is marked as critical
260
This function will return the CRL authority's key identifier. This
261
is obtained by the X.509 Authority Key identifier extension field
262
(2.5.29.35). Note that this function only returns the
263
keyIdentifier field of the extension.
265
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
266
negative value in case of an error.
268
@strong{Since:} 2.8.0
271
@subheading gnutls_x509_crl_get_number
272
@anchor{gnutls_x509_crl_get_number}
273
@deftypefun {int} {gnutls_x509_crl_get_number} (gnutls_x509_crl_t @var{crl}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})
274
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
276
@var{ret}: The place where the number will be copied
278
@var{ret_size}: Holds the size of the result field.
280
@var{critical}: will be non zero if the extension is marked as critical
283
This function will return the CRL number extension. This is
284
obtained by the CRL Number extension field (2.5.29.20).
286
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
287
negative value in case of an error.
289
@strong{Since:} 2.8.0
292
@subheading gnutls_x509_crl_get_extension_oid
293
@anchor{gnutls_x509_crl_get_extension_oid}
294
@deftypefun {int} {gnutls_x509_crl_get_extension_oid} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
295
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
297
@var{indx}: Specifies which extension OID to send, use zero to get the first one.
299
@var{oid}: a pointer to a structure to hold the OID (may be null)
301
@var{sizeof_oid}: initially holds the size of @code{oid}
303
This function will return the requested extension OID in the CRL.
304
The extension OID will be stored as a string in the provided
307
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
308
negative value in case of an error. If your have reached the
309
last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
312
@strong{Since:} 2.8.0
315
@subheading gnutls_x509_crl_get_extension_info
316
@anchor{gnutls_x509_crl_get_extension_info}
317
@deftypefun {int} {gnutls_x509_crl_get_extension_info} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, int * @var{critical})
318
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
320
@var{indx}: Specifies which extension OID to send, use zero to get the first one.
322
@var{oid}: a pointer to a structure to hold the OID
324
@var{sizeof_oid}: initially holds the maximum size of @code{oid}, on return
325
holds actual size of @code{oid}.
327
@var{critical}: output variable with critical flag, may be NULL.
329
This function will return the requested extension OID in the CRL,
330
and the critical flag for it. The extension OID will be stored as
331
a string in the provided buffer. Use
332
@code{gnutls_x509_crl_get_extension_data()} to extract the data.
334
If the buffer provided is not long enough to hold the output, then
335
*@code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be
338
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
339
negative value in case of an error. If your have reached the
340
last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
343
@strong{Since:} 2.8.0
346
@subheading gnutls_x509_crl_get_extension_data
347
@anchor{gnutls_x509_crl_get_extension_data}
348
@deftypefun {int} {gnutls_x509_crl_get_extension_data} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})
349
@var{crl}: should contain a @code{gnutls_x509_crl_t} structure
351
@var{indx}: Specifies which extension OID to send. Use zero to get the first one.
353
@var{data}: a pointer to a structure to hold the data (may be null)
355
@var{sizeof_data}: initially holds the size of @code{oid}
357
This function will return the requested extension data in the CRL.
358
The extension data will be stored as a string in the provided
361
Use @code{gnutls_x509_crl_get_extension_info()} to extract the OID and
362
critical flag. Use @code{gnutls_x509_crl_get_extension_by_oid()} instead,
363
if you want to get data indexed by the extension OID rather than
366
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
367
negative value in case of an error. If your have reached the
368
last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
371
@strong{Since:} 2.8.0
374
@subheading gnutls_x509_crl_set_version
375
@anchor{gnutls_x509_crl_set_version}
376
@deftypefun {int} {gnutls_x509_crl_set_version} (gnutls_x509_crl_t @var{crl}, unsigned int @var{version})
377
@var{crl}: should contain a gnutls_x509_crl_t structure
379
@var{version}: holds the version number. For CRLv1 crls must be 1.
381
This function will set the version of the CRL. This
382
must be one for CRL version 1, and so on. The CRLs generated
383
by gnutls should have a version number of 2.
385
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
386
negative error value.
389
@subheading gnutls_x509_crl_sign2
390
@anchor{gnutls_x509_crl_sign2}
391
@deftypefun {int} {gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
392
@var{crl}: should contain a gnutls_x509_crl_t structure
394
@var{issuer}: is the certificate of the certificate issuer
396
@var{issuer_key}: holds the issuer's private key
398
@var{dig}: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
400
@var{flags}: must be 0
402
This function will sign the CRL with the issuer's private key, and
403
will copy the issuer's information into the CRL.
405
This must be the last step in a certificate CRL since all
406
the previously set parameters are now signed.
408
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
409
negative error value.
412
@subheading gnutls_x509_crl_sign
413
@anchor{gnutls_x509_crl_sign}
414
@deftypefun {int} {gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key})
415
@var{crl}: should contain a gnutls_x509_crl_t structure
417
@var{issuer}: is the certificate of the certificate issuer
419
@var{issuer_key}: holds the issuer's private key
421
This function is the same a @code{gnutls_x509_crl_sign2()} with no flags, and
422
SHA1 as the hash algorithm.
424
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
425
negative error value.
428
@subheading gnutls_x509_crl_set_this_update
429
@anchor{gnutls_x509_crl_set_this_update}
430
@deftypefun {int} {gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t @var{crl}, time_t @var{act_time})
431
@var{crl}: should contain a gnutls_x509_crl_t structure
433
@var{act_time}: The actual time
435
This function will set the time this CRL was issued.
437
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
438
negative error value.
441
@subheading gnutls_x509_crl_set_next_update
442
@anchor{gnutls_x509_crl_set_next_update}
443
@deftypefun {int} {gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t @var{crl}, time_t @var{exp_time})
444
@var{crl}: should contain a gnutls_x509_crl_t structure
446
@var{exp_time}: The actual time
448
This function will set the time this CRL will be updated.
450
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
451
negative error value.
454
@subheading gnutls_x509_crl_set_crt_serial
455
@anchor{gnutls_x509_crl_set_crt_serial}
456
@deftypefun {int} {gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t @var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t @var{revocation_time})
457
@var{crl}: should contain a gnutls_x509_crl_t structure
459
@var{serial}: The revoked certificate's serial number
461
@var{serial_size}: Holds the size of the serial field.
463
@var{revocation_time}: The time this certificate was revoked
465
This function will set a revoked certificate's serial number to the CRL.
467
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
468
negative error value.
471
@subheading gnutls_x509_crl_set_crt
472
@anchor{gnutls_x509_crl_set_crt}
473
@deftypefun {int} {gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time})
474
@var{crl}: should contain a gnutls_x509_crl_t structure
476
@var{crt}: a certificate of type @code{gnutls_x509_crt_t} with the revoked certificate
478
@var{revocation_time}: The time this certificate was revoked
480
This function will set a revoked certificate's serial number to the CRL.
482
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
483
negative error value.
486
@subheading gnutls_x509_crl_set_authority_key_id
487
@anchor{gnutls_x509_crl_set_authority_key_id}
488
@deftypefun {int} {gnutls_x509_crl_set_authority_key_id} (gnutls_x509_crl_t @var{crl}, const void * @var{id}, size_t @var{id_size})
489
@var{crl}: a CRL of type @code{gnutls_x509_crl_t}
493
@var{id_size}: Holds the size of the serial field.
495
This function will set the CRL's authority key ID extension. Only
496
the keyIdentifier field can be set with this function.
498
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
499
negative error value.
501
@strong{Since:} 2.8.0
504
@subheading gnutls_x509_crl_set_number
505
@anchor{gnutls_x509_crl_set_number}
506
@deftypefun {int} {gnutls_x509_crl_set_number} (gnutls_x509_crl_t @var{crl}, const void * @var{nr}, size_t @var{nr_size})
507
@var{crl}: a CRL of type @code{gnutls_x509_crl_t}
509
@var{nr}: The CRL number
511
@var{nr_size}: Holds the size of the nr field.
513
This function will set the CRL's number extension.
515
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
516
negative error value.
518
@strong{Since:} 2.8.0
521
@subheading gnutls_x509_crq_init
522
@anchor{gnutls_x509_crq_init}
523
@deftypefun {int} {gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq})
524
@var{crq}: The structure to be initialized
526
This function will initialize a PKCS10 certificate request structure.
528
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
529
negative error value.
532
@subheading gnutls_x509_crq_deinit
533
@anchor{gnutls_x509_crq_deinit}
534
@deftypefun {void} {gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq})
535
@var{crq}: The structure to be initialized
537
This function will deinitialize a CRL structure.
540
@subheading gnutls_x509_crq_import
541
@anchor{gnutls_x509_crq_import}
542
@deftypefun {int} {gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
543
@var{crq}: The structure to store the parsed certificate request.
545
@var{data}: The DER or PEM encoded certificate.
547
@var{format}: One of DER or PEM
549
This function will convert the given DER or PEM encoded Certificate
550
to the native gnutls_x509_crq_t format. The output will be stored in @code{cert}.
552
If the Certificate is PEM encoded it should have a header of "NEW CERTIFICATE REQUEST".
554
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
555
negative error value.
558
@subheading gnutls_x509_crq_get_dn
559
@anchor{gnutls_x509_crq_get_dn}
560
@deftypefun {int} {gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq}, char * @var{buf}, size_t * @var{sizeof_buf})
561
@var{crq}: should contain a gnutls_x509_crq_t structure
563
@var{buf}: a pointer to a structure to hold the name (may be null)
565
@var{sizeof_buf}: initially holds the size of @code{buf}
567
This function will copy the name of the Certificate request
568
subject in the provided buffer. The name will be in the form
569
"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
570
will be ASCII or UTF-8 encoded, depending on the certificate data.
572
If @code{buf} is null then only the size will be filled.
574
@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
575
long enough, and in that case the *sizeof_buf will be updated with
576
the required size. On success 0 is returned.
579
@subheading gnutls_x509_crq_get_dn_by_oid
580
@anchor{gnutls_x509_crq_get_dn_by_oid}
581
@deftypefun {int} {gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
582
@var{crq}: should contain a gnutls_x509_crq_t structure
584
@var{oid}: holds an Object Identified in null terminated string
586
@var{indx}: In case multiple same OIDs exist in the RDN, this specifies
587
which to send. Use zero to get the first one.
589
@var{raw_flag}: If non zero returns the raw DER data of the DN part.
591
@var{buf}: a pointer to a structure to hold the name (may be null)
593
@var{sizeof_buf}: initially holds the size of @code{buf}
595
This function will extract the part of the name of the Certificate
596
request subject, specified by the given OID. The output will be
597
encoded as described in RFC2253. The output string will be ASCII
598
or UTF-8 encoded, depending on the certificate data.
600
Some helper macros with popular OIDs can be found in gnutls/x509.h
601
If raw flag is zero, this function will only return known OIDs as
602
text. Other OIDs will be DER encoded, as described in RFC2253 --
603
in hex format with a '\#' prefix. You can check about known OIDs
604
using @code{gnutls_x509_dn_oid_known()}.
606
If @code{buf} is null then only the size will be filled.
608
@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
609
long enough, and in that case the *sizeof_buf will be updated with
610
the required size. On success 0 is returned.
613
@subheading gnutls_x509_crq_get_dn_oid
614
@anchor{gnutls_x509_crq_get_dn_oid}
615
@deftypefun {int} {gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
616
@var{crq}: should contain a gnutls_x509_crq_t structure
618
@var{indx}: Specifies which DN OID to send. Use zero to get the first one.
620
@var{oid}: a pointer to a structure to hold the name (may be null)
622
@var{sizeof_oid}: initially holds the size of @code{oid}
624
This function will extract the requested OID of the name of the
625
Certificate request subject, specified by the given index.
627
If oid is null then only the size will be filled.
629
@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
630
long enough, and in that case the *sizeof_oid will be updated with
631
the required size. On success 0 is returned.
634
@subheading gnutls_x509_crq_get_challenge_password
635
@anchor{gnutls_x509_crq_get_challenge_password}
636
@deftypefun {int} {gnutls_x509_crq_get_challenge_password} (gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{sizeof_pass})
637
@var{crq}: should contain a gnutls_x509_crq_t structure
639
@var{pass}: will hold a null terminated password
641
@var{sizeof_pass}: Initially holds the size of @code{pass}.
643
This function will return the challenge password in the
646
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
647
negative error value.
650
@subheading gnutls_x509_crq_set_attribute_by_oid
651
@anchor{gnutls_x509_crq_set_attribute_by_oid}
652
@deftypefun {int} {gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{sizeof_buf})
653
@var{crq}: should contain a gnutls_x509_crq_t structure
655
@var{oid}: holds an Object Identified in null terminated string
657
@var{buf}: a pointer to a structure that holds the attribute data
659
@var{sizeof_buf}: holds the size of @code{buf}
661
This function will set the attribute in the certificate request specified
662
by the given Object ID. The attribute must be be DER encoded.
664
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
665
negative error value.
668
@subheading gnutls_x509_crq_get_attribute_by_oid
669
@anchor{gnutls_x509_crq_get_attribute_by_oid}
670
@deftypefun {int} {gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf})
671
@var{crq}: should contain a gnutls_x509_crq_t structure
673
@var{oid}: holds an Object Identified in null terminated string
675
@var{indx}: In case multiple same OIDs exist in the attribute list, this specifies
676
which to send. Use zero to get the first one.
678
@var{buf}: a pointer to a structure to hold the attribute data (may be null)
680
@var{sizeof_buf}: initially holds the size of @code{buf}
682
This function will return the attribute in the certificate request specified
683
by the given Object ID. The attribute will be DER encoded.
685
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
686
negative error value.
689
@subheading gnutls_x509_crq_set_dn_by_oid
690
@anchor{gnutls_x509_crq_set_dn_by_oid}
691
@deftypefun {int} {gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{data}, unsigned int @var{sizeof_data})
692
@var{crq}: should contain a gnutls_x509_crq_t structure
694
@var{oid}: holds an Object Identifier in a null terminated string
696
@var{raw_flag}: must be 0, or 1 if the data are DER encoded
698
@var{data}: a pointer to the input data
700
@var{sizeof_data}: holds the size of @code{data}
702
This function will set the part of the name of the Certificate
703
request subject, specified by the given OID. The input string
704
should be ASCII or UTF-8 encoded.
706
Some helper macros with popular OIDs can be found in gnutls/x509.h
707
With this function you can only set the known OIDs. You can test
708
for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are
709
not known (by gnutls) you should properly DER encode your data,
710
and call this function with raw_flag set.
712
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
713
negative error value.
716
@subheading gnutls_x509_crq_set_version
717
@anchor{gnutls_x509_crq_set_version}
718
@deftypefun {int} {gnutls_x509_crq_set_version} (gnutls_x509_crq_t @var{crq}, unsigned int @var{version})
719
@var{crq}: should contain a gnutls_x509_crq_t structure
721
@var{version}: holds the version number. For v1 Requests must be 1.
723
This function will set the version of the certificate request. For
724
version 1 requests this must be one.
726
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
727
negative error value.
730
@subheading gnutls_x509_crq_get_version
731
@anchor{gnutls_x509_crq_get_version}
732
@deftypefun {int} {gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq})
733
@var{crq}: should contain a gnutls_x509_crq_t structure
735
This function will return the version of the specified Certificate request.
737
@strong{Returns:} version of certificate request, or a negative value on
741
@subheading gnutls_x509_crq_set_key
742
@anchor{gnutls_x509_crq_set_key}
743
@deftypefun {int} {gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key})
744
@var{crq}: should contain a gnutls_x509_crq_t structure
746
@var{key}: holds a private key
748
This function will set the public parameters from the given private key to the
749
request. Only RSA keys are currently supported.
751
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
752
negative error value.
755
@subheading gnutls_x509_crq_get_key_rsa_raw
756
@anchor{gnutls_x509_crq_get_key_rsa_raw}
757
@deftypefun {int} {gnutls_x509_crq_get_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e})
758
@var{crq}: Holds the certificate
760
@var{m}: will hold the modulus
762
@var{e}: will hold the public exponent
764
This function will export the RSA public key's parameters found in
765
the given structure. The new parameters will be allocated using
766
@code{gnutls_malloc()} and will be stored in the appropriate datum.
768
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
769
negative error value.
771
@strong{Since:} 2.8.0
774
@subheading gnutls_x509_crq_set_key_rsa_raw
775
@anchor{gnutls_x509_crq_set_key_rsa_raw}
776
@deftypefun {int} {gnutls_x509_crq_set_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e})
777
@var{crq}: should contain a @code{gnutls_x509_crq_t} structure
779
@var{m}: holds the modulus
781
@var{e}: holds the public exponent
783
This function will set the public parameters from the given private
784
key to the request. Only RSA keys are currently supported.
786
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
787
negative error value.
789
@strong{Since:} 2.6.0
792
@subheading gnutls_x509_crq_set_challenge_password
793
@anchor{gnutls_x509_crq_set_challenge_password}
794
@deftypefun {int} {gnutls_x509_crq_set_challenge_password} (gnutls_x509_crq_t @var{crq}, const char * @var{pass})
795
@var{crq}: should contain a gnutls_x509_crq_t structure
797
@var{pass}: holds a null terminated password
799
This function will set a challenge password to be used when revoking the request.
801
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
802
negative error value.
805
@subheading gnutls_x509_crq_sign2
806
@anchor{gnutls_x509_crq_sign2}
807
@deftypefun {int} {gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
808
@var{crq}: should contain a @code{gnutls_x509_crq_t} structure
810
@var{key}: holds a private key
812
@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA1} is the safe choice unless you know what you're doing.
814
@var{flags}: must be 0
816
This function will sign the certificate request with a private key.
817
This must be the same key as the one used in
818
@code{gnutls_x509_crt_set_key()} since a certificate request is self
821
This must be the last step in a certificate request generation
822
since all the previously set parameters are now signed.
824
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error.
825
@code{GNUTLS_E_ASN1_VALUE_NOT_FOUND} is returned if you didn't set all
826
information in the certificate request (e.g., the version using
827
@code{gnutls_x509_crq_set_version()}).
830
@subheading gnutls_x509_crq_sign
831
@anchor{gnutls_x509_crq_sign}
832
@deftypefun {int} {gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key})
833
@var{crq}: should contain a gnutls_x509_crq_t structure
835
@var{key}: holds a private key
837
This function is the same a @code{gnutls_x509_crq_sign2()} with no flags, and
838
SHA1 as the hash algorithm.
840
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
841
negative error value.
844
@subheading gnutls_x509_crq_export
845
@anchor{gnutls_x509_crq_export}
846
@deftypefun {int} {gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
847
@var{crq}: Holds the request
849
@var{format}: the format of output params. One of PEM or DER.
851
@var{output_data}: will contain a certificate request PEM or DER encoded
853
@var{output_data_size}: holds the size of output_data (and will be
854
replaced by the actual size of parameters)
856
This function will export the certificate request to a PKCS10
858
If the buffer provided is not long enough to hold the output, then
859
GNUTLS_E_SHORT_MEMORY_BUFFER will be returned and
860
*output_data_size will be updated.
862
If the structure is PEM encoded, it will have a header of "BEGIN
863
NEW CERTIFICATE REQUEST".
865
@strong{Return value:} In case of failure a negative value will be
866
returned, and 0 on success.
869
@subheading gnutls_x509_crq_get_pk_algorithm
870
@anchor{gnutls_x509_crq_get_pk_algorithm}
871
@deftypefun {int} {gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{bits})
872
@var{crq}: should contain a gnutls_x509_crq_t structure
874
@var{bits}: if bits is non null it will hold the size of the parameters' in bits
876
This function will return the public key algorithm of a PKCS \@code{10}
879
If bits is non null, it should have enough size to hold the parameters
880
size in bits. For RSA the bits returned is the modulus.
881
For DSA the bits returned are of the public
884
@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on
885
success, or a negative value on error.
888
@subheading gnutls_x509_crq_get_attribute_info
889
@anchor{gnutls_x509_crq_get_attribute_info}
890
@deftypefun {int} {gnutls_x509_crq_get_attribute_info} (gnutls_x509_crq_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
891
@var{cert}: should contain a @code{gnutls_x509_crq_t} structure
893
@var{indx}: Specifies which attribute OID to send. Use zero to get the first one.
895
@var{oid}: a pointer to a structure to hold the OID
897
@var{sizeof_oid}: initially holds the maximum size of @code{oid}, on return
898
holds actual size of @code{oid}.
900
This function will return the requested attribute OID in the
901
certificate, and the critical flag for it. The attribute OID will
902
be stored as a string in the provided buffer. Use
903
@code{gnutls_x509_crq_get_attribute_data()} to extract the data.
905
If the buffer provided is not long enough to hold the output, then
906
*@code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be
909
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
910
negative value in case of an error. If your have reached the
911
last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
914
@strong{Since:} 2.8.0
917
@subheading gnutls_x509_crq_get_attribute_data
918
@anchor{gnutls_x509_crq_get_attribute_data}
919
@deftypefun {int} {gnutls_x509_crq_get_attribute_data} (gnutls_x509_crq_t @var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})
920
@var{cert}: should contain a @code{gnutls_x509_crq_t} structure
922
@var{indx}: Specifies which attribute OID to send. Use zero to get the first one.
924
@var{data}: a pointer to a structure to hold the data (may be null)
926
@var{sizeof_data}: initially holds the size of @code{oid}
928
This function will return the requested attribute data in the
929
certificate request. The attribute data will be stored as a string in the
932
Use @code{gnutls_x509_crq_get_attribute_info()} to extract the OID.
933
Use @code{gnutls_x509_crq_get_attribute_by_oid()} instead,
934
if you want to get data indexed by the attribute OID rather than
937
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
938
negative value in case of an error. If your have reached the
939
last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
942
@strong{Since:} 2.8.0
945
@subheading gnutls_x509_crq_get_extension_info
946
@anchor{gnutls_x509_crq_get_extension_info}
947
@deftypefun {int} {gnutls_x509_crq_get_extension_info} (gnutls_x509_crq_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, int * @var{critical})
948
@var{cert}: should contain a @code{gnutls_x509_crq_t} structure
950
@var{indx}: Specifies which extension OID to send. Use zero to get the first one.
952
@var{oid}: a pointer to a structure to hold the OID
954
@var{sizeof_oid}: initially holds the maximum size of @code{oid}, on return
955
holds actual size of @code{oid}.
957
@var{critical}: output variable with critical flag, may be NULL.
959
This function will return the requested extension OID in the
960
certificate, and the critical flag for it. The extension OID will
961
be stored as a string in the provided buffer. Use
962
@code{gnutls_x509_crq_get_extension_data()} to extract the data.
964
If the buffer provided is not long enough to hold the output, then
965
*@code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be
968
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
969
negative value in case of an error. If your have reached the
970
last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
973
@strong{Since:} 2.8.0
976
@subheading gnutls_x509_crq_get_extension_data
977
@anchor{gnutls_x509_crq_get_extension_data}
978
@deftypefun {int} {gnutls_x509_crq_get_extension_data} (gnutls_x509_crq_t @var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})
979
@var{cert}: should contain a @code{gnutls_x509_crq_t} structure
981
@var{indx}: Specifies which extension OID to send. Use zero to get the first one.
983
@var{data}: a pointer to a structure to hold the data (may be null)
985
@var{sizeof_data}: initially holds the size of @code{oid}
987
This function will return the requested extension data in the
988
certificate. The extension data will be stored as a string in the
991
Use @code{gnutls_x509_crq_get_extension_info()} to extract the OID and
992
critical flag. Use @code{gnutls_x509_crq_get_extension_by_oid()} instead,
993
if you want to get data indexed by the extension OID rather than
996
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
997
negative value in case of an error. If your have reached the
998
last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
1001
@strong{Since:} 2.8.0
1004
@subheading gnutls_x509_crq_get_key_usage
1005
@anchor{gnutls_x509_crq_get_key_usage}
1006
@deftypefun {int} {gnutls_x509_crq_get_key_usage} (gnutls_x509_crq_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical})
1007
@var{cert}: should contain a @code{gnutls_x509_crq_t} structure
1009
@var{key_usage}: where the key usage bits will be stored
1011
@var{critical}: will be non zero if the extension is marked as critical
1013
This function will return certificate's key usage, by reading the
1014
keyUsage X.509 extension (2.5.29.15). The key usage value will
1016
@strong{ORed values of the:} @code{GNUTLS_KEY_DIGITAL_SIGNATURE},
1017
@code{GNUTLS_KEY_NON_REPUDIATION}, @code{GNUTLS_KEY_KEY_ENCIPHERMENT},
1018
@code{GNUTLS_KEY_DATA_ENCIPHERMENT}, @code{GNUTLS_KEY_KEY_AGREEMENT},
1019
@code{GNUTLS_KEY_KEY_CERT_SIGN}, @code{GNUTLS_KEY_CRL_SIGN},
1020
@code{GNUTLS_KEY_ENCIPHER_ONLY}, @code{GNUTLS_KEY_DECIPHER_ONLY}.
1022
@strong{Returns:} the certificate key usage, or a negative value in case of
1023
parsing error. If the certificate does not contain the keyUsage
1024
extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be
1027
@strong{Since:} 2.8.0
1030
@subheading gnutls_x509_crq_get_basic_constraints
1031
@anchor{gnutls_x509_crq_get_basic_constraints}
1032
@deftypefun {int} {gnutls_x509_crq_get_basic_constraints} (gnutls_x509_crq_t @var{cert}, unsigned int * @var{critical}, int * @var{ca}, int * @var{pathlen})
1033
@var{cert}: should contain a @code{gnutls_x509_crq_t} structure
1035
@var{critical}: will be non zero if the extension is marked as critical
1037
@var{ca}: pointer to output integer indicating CA status, may be NULL,
1038
value is 1 if the certificate CA flag is set, 0 otherwise.
1040
@var{pathlen}: pointer to output integer indicating path length (may be
1041
NULL), non-negative values indicate a present pathLenConstraint
1042
field and the actual value, -1 indicate that the field is absent.
1044
This function will read the certificate's basic constraints, and
1045
return the certificates CA status. It reads the basicConstraints
1046
X.509 extension (2.5.29.19).
1048
@strong{Return value:} If the certificate is a CA a positive value will be
1049
returned, or zero if the certificate does not have CA flag set.
1050
A negative value may be returned in case of errors. If the
1051
certificate does not contain the basicConstraints extension
1052
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
1054
@strong{Since:} 2.8.0
1057
@subheading gnutls_x509_crq_get_subject_alt_name
1058
@anchor{gnutls_x509_crq_get_subject_alt_name}
1059
@deftypefun {int} {gnutls_x509_crq_get_subject_alt_name} (gnutls_x509_crq_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{ret_type}, unsigned int * @var{critical})
1060
@var{cert}: should contain a @code{gnutls_x509_crq_t} structure
1062
@var{seq}: specifies the sequence number of the alt name, 0 for the
1063
first one, 1 for the second etc.
1065
@var{ret}: is the place where the alternative name will be copied to
1067
@var{ret_size}: holds the size of ret.
1069
@var{ret_type}: holds the @code{gnutls_x509_subject_alt_name_t} name type
1071
@var{critical}: will be non zero if the extension is marked as critical
1074
This function will return the alternative names, contained in the
1075
given certificate. It is the same as
1076
@code{gnutls_x509_crq_get_subject_alt_name()} except for the fact that it
1077
will return the type of the alternative name in @code{ret_type} even if
1078
the function fails for some reason (i.e. the buffer provided is
1081
@strong{Returns:} the alternative subject name type on success, one of the
1082
enumerated @code{gnutls_x509_subject_alt_name_t}. It will return
1083
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough to
1084
hold the value. In that case @code{ret_size} will be updated with the
1085
required size. If the certificate request does not have an
1086
Alternative name with the specified sequence number then
1087
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
1089
@strong{Since:} 2.8.0
1092
@subheading gnutls_x509_crq_get_subject_alt_othername_oid
1093
@anchor{gnutls_x509_crq_get_subject_alt_othername_oid}
1094
@deftypefun {int} {gnutls_x509_crq_get_subject_alt_othername_oid} (gnutls_x509_crq_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size})
1095
@var{cert}: should contain a @code{gnutls_x509_crq_t} structure
1097
@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
1099
@var{ret}: is the place where the otherName OID will be copied to
1101
@var{ret_size}: holds the size of ret.
1103
This function will extract the type OID of an otherName Subject
1104
Alternative Name, contained in the given certificate, and return
1105
the type as an enumerated element.
1107
This function is only useful if
1108
@code{gnutls_x509_crq_get_subject_alt_name()} returned
1109
@code{GNUTLS_SAN_OTHERNAME}.
1111
@strong{Returns:} the alternative subject name type on success, one of the
1112
enumerated gnutls_x509_subject_alt_name_t. For supported OIDs,
1113
it will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
1114
e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP}, and @code{GNUTLS_SAN_OTHERNAME} for
1115
unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if
1116
@code{ret_size} is not large enough to hold the value. In that case
1117
@code{ret_size} will be updated with the required size. If the
1118
certificate does not have an Alternative name with the specified
1119
sequence number and with the otherName type then
1120
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
1122
@strong{Since:} 2.8.0
1125
@subheading gnutls_x509_crq_get_extension_by_oid
1126
@anchor{gnutls_x509_crq_get_extension_by_oid}
1127
@deftypefun {int} {gnutls_x509_crq_get_extension_by_oid} (gnutls_x509_crq_t @var{cert}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf}, unsigned int * @var{critical})
1128
@var{cert}: should contain a @code{gnutls_x509_crq_t} structure
1130
@var{oid}: holds an Object Identified in null terminated string
1132
@var{indx}: In case multiple same OIDs exist in the extensions, this
1133
specifies which to send. Use zero to get the first one.
1135
@var{buf}: a pointer to a structure to hold the name (may be null)
1137
@var{sizeof_buf}: initially holds the size of @code{buf}
1139
@var{critical}: will be non zero if the extension is marked as critical
1141
This function will return the extension specified by the OID in
1142
the certificate. The extensions will be returned as binary data
1143
DER encoded, in the provided buffer.
1145
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1146
negative value in case of an error. If the certificate does not
1147
contain the specified extension
1148
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
1150
@strong{Since:} 2.8.0
1153
@subheading gnutls_x509_crq_set_subject_alt_name
1154
@anchor{gnutls_x509_crq_set_subject_alt_name}
1155
@deftypefun {int} {gnutls_x509_crq_set_subject_alt_name} (gnutls_x509_crq_t @var{crq}, gnutls_x509_subject_alt_name_t @var{nt}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags})
1156
@var{crq}: a certificate of type @code{gnutls_x509_crq_t}
1158
@var{nt}: is one of the @code{gnutls_x509_subject_alt_name_t} enumerations
1160
@var{data}: The data to be set
1162
@var{data_size}: The size of data to be set
1164
@var{flags}: @code{GNUTLS_FSAN_SET} to clear previous data or
1165
@code{GNUTLS_FSAN_APPEND} to append.
1167
This function will set the subject alternative name certificate
1168
extension. It can set the following types:
1170
&GNUTLS_SAN_DNSNAME: as a text string
1172
&GNUTLS_SAN_RFC822NAME: as a text string
1174
&GNUTLS_SAN_URI: as a text string
1176
&GNUTLS_SAN_IPADDRESS: as a binary IP address (4 or 16 bytes)
1178
Other values can be set as binary values with the proper DER encoding.
1180
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1181
negative error value.
1183
@strong{Since:} 2.8.0
1186
@subheading gnutls_x509_crq_set_basic_constraints
1187
@anchor{gnutls_x509_crq_set_basic_constraints}
1188
@deftypefun {int} {gnutls_x509_crq_set_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int @var{ca}, int @var{pathLenConstraint})
1189
@var{crq}: a certificate of type @code{gnutls_x509_crq_t}
1191
@var{ca}: true(1) or false(0). Depending on the Certificate authority status.
1193
@var{pathLenConstraint}: non-negative values indicate maximum length of path,
1194
and negative values indicate that the pathLenConstraints field should
1197
This function will set the basicConstraints certificate extension.
1199
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1200
negative error value.
1202
@strong{Since:} 2.8.0
1205
@subheading gnutls_x509_crq_set_key_usage
1206
@anchor{gnutls_x509_crq_set_key_usage}
1207
@deftypefun {int} {gnutls_x509_crq_set_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int @var{usage})
1208
@var{crq}: a certificate of type @code{gnutls_x509_crq_t}
1210
@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements.
1212
This function will set the keyUsage certificate extension.
1214
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1215
negative error value.
1217
@strong{Since:} 2.8.0
1220
@subheading gnutls_x509_crq_get_key_purpose_oid
1221
@anchor{gnutls_x509_crq_get_key_purpose_oid}
1222
@deftypefun {int} {gnutls_x509_crq_get_key_purpose_oid} (gnutls_x509_crq_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical})
1223
@var{cert}: should contain a @code{gnutls_x509_crq_t} structure
1225
@var{indx}: This specifies which OID to return. Use zero to get the first one.
1227
@var{oid}: a pointer to a buffer to hold the OID (may be null)
1229
@var{sizeof_oid}: initially holds the size of @code{oid}
1231
@var{critical}: output variable with critical flag, may be NULL.
1233
This function will extract the key purpose OIDs of the Certificate
1234
specified by the given index. These are stored in the Extended
1235
Key Usage extension (2.5.29.37). See the GNUTLS_KP_* definitions
1236
for human readable names.
1238
If @code{oid} is null then only the size will be filled.
1240
@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
1241
not long enough, and in that case the *sizeof_oid will be
1242
updated with the required size. On success 0 is returned.
1244
@strong{Since:} 2.8.0
1247
@subheading gnutls_x509_crq_set_key_purpose_oid
1248
@anchor{gnutls_x509_crq_set_key_purpose_oid}
1249
@deftypefun {int} {gnutls_x509_crq_set_key_purpose_oid} (gnutls_x509_crq_t @var{cert}, const void * @var{oid}, unsigned int @var{critical})
1250
@var{cert}: a certificate of type @code{gnutls_x509_crq_t}
1252
@var{oid}: a pointer to a null terminated string that holds the OID
1254
@var{critical}: Whether this extension will be critical or not
1256
This function will set the key purpose OIDs of the Certificate.
1257
These are stored in the Extended Key Usage extension (2.5.29.37)
1258
See the GNUTLS_KP_* definitions for human readable names.
1260
Subsequent calls to this function will append OIDs to the OID list.
1262
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1263
negative error value.
1265
@strong{Since:} 2.8.0
1268
@subheading gnutls_x509_crq_get_key_id
1269
@anchor{gnutls_x509_crq_get_key_id}
1270
@deftypefun {int} {gnutls_x509_crq_get_key_id} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})
1271
@var{crq}: Holds the certificate signing request
1273
@var{flags}: should be 0 for now
1275
@var{output_data}: will contain the key ID
1277
@var{output_data_size}: holds the size of output_data (and will be
1278
replaced by the actual size of parameters)
1280
This function will return a unique ID the depends on the public
1281
key parameters. This ID can be used in checking whether a
1282
certificate corresponds to the given private key.
1284
If the buffer provided is not long enough to hold the output, then
1285
*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
1286
be returned. The output will normally be a SHA-1 hash output,
1289
@strong{Return value:} In case of failure a negative value will be
1290
returned, and 0 on success.
1292
@strong{Since:} 2.8.0
1295
@subheading gnutls_x509_dn_init
1296
@anchor{gnutls_x509_dn_init}
1297
@deftypefun {int} {gnutls_x509_dn_init} (gnutls_x509_dn_t * @var{dn})
1298
@var{dn}: the object to be initialized
1300
This function initializes a @code{gnutls_x509_dn_t} structure.
1302
The object returned must be deallocated using
1303
@code{gnutls_x509_dn_deinit()}.
1305
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1306
negative error value.
1308
@strong{Since:} 2.4.0
1311
@subheading gnutls_x509_dn_import
1312
@anchor{gnutls_x509_dn_import}
1313
@deftypefun {int} {gnutls_x509_dn_import} (gnutls_x509_dn_t @var{dn}, const gnutls_datum_t * @var{data})
1314
@var{dn}: the structure that will hold the imported DN
1316
@var{data}: should contain a DER encoded RDN sequence
1318
This function parses an RDN sequence and stores the result to a
1319
@code{gnutls_x509_dn_t} structure. The structure must have been initialized
1320
with @code{gnutls_x509_dn_init()}. You may use @code{gnutls_x509_dn_get_rdn_ava()} to
1323
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1324
negative error value.
1326
@strong{Since:} 2.4.0
1329
@subheading gnutls_x509_dn_deinit
1330
@anchor{gnutls_x509_dn_deinit}
1331
@deftypefun {void} {gnutls_x509_dn_deinit} (gnutls_x509_dn_t @var{dn})
1332
@var{dn}: a DN opaque object pointer.
1334
This function deallocates the DN object as returned by
1335
@code{gnutls_x509_dn_import()}.
1337
@strong{Since:} 2.4.0
1340
@subheading gnutls_x509_rdn_get
1341
@anchor{gnutls_x509_rdn_get}
1342
@deftypefun {int} {gnutls_x509_rdn_get} (const gnutls_datum_t * @var{idn}, char * @var{buf}, size_t * @var{sizeof_buf})
1343
@var{idn}: should contain a DER encoded RDN sequence
1345
@var{buf}: a pointer to a structure to hold the peer's name
1347
@var{sizeof_buf}: holds the size of @code{buf}
1349
This function will return the name of the given RDN sequence. The
1350
name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in
1353
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, or
1354
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and *@code{sizeof_buf} is
1355
updated if the provided buffer is not long enough, otherwise a
1356
negative error value.
1359
@subheading gnutls_x509_rdn_get_by_oid
1360
@anchor{gnutls_x509_rdn_get_by_oid}
1361
@deftypefun {int} {gnutls_x509_rdn_get_by_oid} (const gnutls_datum_t * @var{idn}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
1362
@var{idn}: should contain a DER encoded RDN sequence
1364
@var{oid}: an Object Identifier
1366
@var{indx}: In case multiple same OIDs exist in the RDN indicates which
1367
to send. Use 0 for the first one.
1369
@var{raw_flag}: If non zero then the raw DER data are returned.
1371
@var{buf}: a pointer to a structure to hold the peer's name
1373
@var{sizeof_buf}: holds the size of @code{buf}
1375
This function will return the name of the given Object identifier,
1376
of the RDN sequence. The name will be encoded using the rules
1379
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, or
1380
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and *@code{sizeof_buf} is
1381
updated if the provided buffer is not long enough, otherwise a
1382
negative error value.
1385
@subheading gnutls_x509_rdn_get_oid
1386
@anchor{gnutls_x509_rdn_get_oid}
1387
@deftypefun {int} {gnutls_x509_rdn_get_oid} (const gnutls_datum_t * @var{idn}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf})
1388
@var{idn}: should contain a DER encoded RDN sequence
1390
@var{indx}: Indicates which OID to return. Use 0 for the first one.
1392
@var{buf}: a pointer to a structure to hold the peer's name OID
1394
@var{sizeof_buf}: holds the size of @code{buf}
1396
This function will return the specified Object identifier, of the
1399
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, or
1400
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and *@code{sizeof_buf} is
1401
updated if the provided buffer is not long enough, otherwise a
1402
negative error value.
1404
@strong{Since:} 2.4.0
1407
@subheading gnutls_x509_dn_export
1408
@anchor{gnutls_x509_dn_export}
1409
@deftypefun {int} {gnutls_x509_dn_export} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
1410
@var{dn}: Holds the opaque DN object
1412
@var{format}: the format of output params. One of PEM or DER.
1414
@var{output_data}: will contain a DN PEM or DER encoded
1416
@var{output_data_size}: holds the size of output_data (and will be
1417
replaced by the actual size of parameters)
1419
This function will export the DN to DER or PEM format.
1421
If the buffer provided is not long enough to hold the output, then
1422
*@code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}
1425
If the structure is PEM encoded, it will have a header
1428
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1429
negative error value.
1432
@subheading gnutls_x509_crt_print
1433
@anchor{gnutls_x509_crt_print}
1434
@deftypefun {int} {gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
1435
@var{cert}: The structure to be printed
1437
@var{format}: Indicate the format to use
1439
@var{out}: Newly allocated datum with zero terminated string.
1441
This function will pretty print a X.509 certificate, suitable for
1444
If the format is @code{GNUTLS_CRT_PRINT_FULL} then all fields of the
1445
certificate will be output, on multiple lines. The
1446
@code{GNUTLS_CRT_PRINT_ONELINE} format will generate one line with some
1447
selected fields, which is useful for logging purposes.
1449
The output @code{out} needs to be deallocate using @code{gnutls_free()}.
1451
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1452
negative error value.
1455
@subheading gnutls_x509_crl_print
1456
@anchor{gnutls_x509_crl_print}
1457
@deftypefun {int} {gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
1458
@var{crl}: The structure to be printed
1460
@var{format}: Indicate the format to use
1462
@var{out}: Newly allocated datum with zero terminated string.
1464
This function will pretty print a X.509 certificate revocation
1465
list, suitable for display to a human.
1467
The output @code{out} needs to be deallocate using @code{gnutls_free()}.
1469
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1470
negative error value.
1473
@subheading gnutls_x509_crq_print
1474
@anchor{gnutls_x509_crq_print}
1475
@deftypefun {int} {gnutls_x509_crq_print} (gnutls_x509_crq_t @var{crq}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
1476
@var{crq}: The structure to be printed
1478
@var{format}: Indicate the format to use
1480
@var{out}: Newly allocated datum with zero terminated string.
1482
This function will pretty print a certificate request, suitable for
1485
The output @code{out} needs to be deallocate using @code{gnutls_free()}.
1487
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1488
negative error value.
1490
@strong{Since:} 2.8.0
1493
@subheading gnutls_pkcs12_init
1494
@anchor{gnutls_pkcs12_init}
1495
@deftypefun {int} {gnutls_pkcs12_init} (gnutls_pkcs12_t * @var{pkcs12})
1496
@var{pkcs12}: The structure to be initialized
1498
This function will initialize a PKCS12 structure. PKCS12 structures
1499
usually contain lists of X.509 Certificates and X.509 Certificate
1502
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1503
negative error value.
1506
@subheading gnutls_pkcs12_deinit
1507
@anchor{gnutls_pkcs12_deinit}
1508
@deftypefun {void} {gnutls_pkcs12_deinit} (gnutls_pkcs12_t @var{pkcs12})
1509
@var{pkcs12}: The structure to be initialized
1511
This function will deinitialize a PKCS12 structure.
1514
@subheading gnutls_pkcs12_import
1515
@anchor{gnutls_pkcs12_import}
1516
@deftypefun {int} {gnutls_pkcs12_import} (gnutls_pkcs12_t @var{pkcs12}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
1517
@var{pkcs12}: The structure to store the parsed PKCS12.
1519
@var{data}: The DER or PEM encoded PKCS12.
1521
@var{format}: One of DER or PEM
1523
@var{flags}: an ORed sequence of gnutls_privkey_pkcs8_flags
1525
This function will convert the given DER or PEM encoded PKCS12
1526
to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'.
1528
If the PKCS12 is PEM encoded it should have a header of "PKCS12".
1530
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1531
negative error value.
1534
@subheading gnutls_pkcs12_export
1535
@anchor{gnutls_pkcs12_export}
1536
@deftypefun {int} {gnutls_pkcs12_export} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
1537
@var{pkcs12}: Holds the pkcs12 structure
1539
@var{format}: the format of output params. One of PEM or DER.
1541
@var{output_data}: will contain a structure PEM or DER encoded
1543
@var{output_data_size}: holds the size of output_data (and will be
1544
replaced by the actual size of parameters)
1546
This function will export the pkcs12 structure to DER or PEM format.
1548
If the buffer provided is not long enough to hold the output, then
1549
*output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER
1552
If the structure is PEM encoded, it will have a header
1555
@strong{Return value:} In case of failure a negative value will be
1556
returned, and 0 on success.
1559
@subheading gnutls_pkcs12_get_bag
1560
@anchor{gnutls_pkcs12_get_bag}
1561
@deftypefun {int} {gnutls_pkcs12_get_bag} (gnutls_pkcs12_t @var{pkcs12}, int @var{indx}, gnutls_pkcs12_bag_t @var{bag})
1562
@var{pkcs12}: should contain a gnutls_pkcs12_t structure
1564
@var{indx}: contains the index of the bag to extract
1566
@var{bag}: An initialized bag, where the contents of the bag will be copied
1568
This function will return a Bag from the PKCS12 structure.
1570
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1571
negative error value.
1573
After the last Bag has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
1577
@subheading gnutls_pkcs12_set_bag
1578
@anchor{gnutls_pkcs12_set_bag}
1579
@deftypefun {int} {gnutls_pkcs12_set_bag} (gnutls_pkcs12_t @var{pkcs12}, gnutls_pkcs12_bag_t @var{bag})
1580
@var{pkcs12}: should contain a gnutls_pkcs12_t structure
1582
@var{bag}: An initialized bag
1584
This function will insert a Bag into the PKCS12 structure.
1586
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1587
negative error value.
1590
@subheading gnutls_pkcs12_generate_mac
1591
@anchor{gnutls_pkcs12_generate_mac}
1592
@deftypefun {int} {gnutls_pkcs12_generate_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass})
1593
@var{pkcs12}: should contain a gnutls_pkcs12_t structure
1595
@var{pass}: The password for the MAC
1597
This function will generate a MAC for the PKCS12 structure.
1599
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1600
negative error value.
1603
@subheading gnutls_pkcs12_verify_mac
1604
@anchor{gnutls_pkcs12_verify_mac}
1605
@deftypefun {int} {gnutls_pkcs12_verify_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass})
1606
@var{pkcs12}: should contain a gnutls_pkcs12_t structure
1608
@var{pass}: The password for the MAC
1610
This function will verify the MAC for the PKCS12 structure.
1612
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1613
negative error value.
1616
@subheading gnutls_pkcs12_bag_init
1617
@anchor{gnutls_pkcs12_bag_init}
1618
@deftypefun {int} {gnutls_pkcs12_bag_init} (gnutls_pkcs12_bag_t * @var{bag})
1619
@var{bag}: The structure to be initialized
1621
This function will initialize a PKCS12 bag structure. PKCS12 Bags
1622
usually contain private keys, lists of X.509 Certificates and X.509 Certificate
1625
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1626
negative error value.
1629
@subheading gnutls_pkcs12_bag_deinit
1630
@anchor{gnutls_pkcs12_bag_deinit}
1631
@deftypefun {void} {gnutls_pkcs12_bag_deinit} (gnutls_pkcs12_bag_t @var{bag})
1632
@var{bag}: The structure to be initialized
1634
This function will deinitialize a PKCS12 Bag structure.
1637
@subheading gnutls_pkcs12_bag_get_type
1638
@anchor{gnutls_pkcs12_bag_get_type}
1639
@deftypefun {gnutls_pkcs12_bag_type_t} {gnutls_pkcs12_bag_get_type} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx})
1642
@var{indx}: The element of the bag to get the type
1644
This function will return the bag's type.
1646
@strong{Returns:} One of the @code{gnutls_pkcs12_bag_type_t} enumerations.
1649
@subheading gnutls_pkcs12_bag_get_count
1650
@anchor{gnutls_pkcs12_bag_get_count}
1651
@deftypefun {int} {gnutls_pkcs12_bag_get_count} (gnutls_pkcs12_bag_t @var{bag})
1654
This function will return the number of the elements withing the bag.
1656
@strong{Returns:} Number of elements in bag, or an negative error code on
1660
@subheading gnutls_pkcs12_bag_get_data
1661
@anchor{gnutls_pkcs12_bag_get_data}
1662
@deftypefun {int} {gnutls_pkcs12_bag_get_data} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, gnutls_datum_t * @var{data})
1665
@var{indx}: The element of the bag to get the data from
1667
@var{data}: where the bag's data will be. Should be treated as constant.
1669
This function will return the bag's data. The data is a constant
1670
that is stored into the bag. Should not be accessed after the bag
1673
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1674
negative error value.and a negative error code on error.
1677
@subheading gnutls_pkcs12_bag_set_data
1678
@anchor{gnutls_pkcs12_bag_set_data}
1679
@deftypefun {int} {gnutls_pkcs12_bag_set_data} (gnutls_pkcs12_bag_t @var{bag}, gnutls_pkcs12_bag_type_t @var{type}, const gnutls_datum_t * @var{data})
1682
@var{type}: The data's type
1684
@var{data}: the data to be copied.
1686
This function will insert the given data of the given type into
1689
@strong{Returns:} the index of the added bag on success, or a negative
1693
@subheading gnutls_pkcs12_bag_set_crt
1694
@anchor{gnutls_pkcs12_bag_set_crt}
1695
@deftypefun {int} {gnutls_pkcs12_bag_set_crt} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crt_t @var{crt})
1698
@var{crt}: the certificate to be copied.
1700
This function will insert the given certificate into the
1701
bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()}.
1703
@strong{Returns:} the index of the added bag on success, or a negative
1707
@subheading gnutls_pkcs12_bag_set_crl
1708
@anchor{gnutls_pkcs12_bag_set_crl}
1709
@deftypefun {int} {gnutls_pkcs12_bag_set_crl} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crl_t @var{crl})
1712
@var{crl}: the CRL to be copied.
1714
This function will insert the given CRL into the
1715
bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()}.
1717
@strong{Returns:} the index of the added bag on success, or a negative value
1721
@subheading gnutls_pkcs12_bag_set_key_id
1722
@anchor{gnutls_pkcs12_bag_set_key_id}
1723
@deftypefun {int} {gnutls_pkcs12_bag_set_key_id} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, const gnutls_datum_t * @var{id})
1726
@var{indx}: The bag's element to add the id
1730
This function will add the given key ID, to the specified, by the index, bag
1731
element. The key ID will be encoded as a 'Local key identifier' bag attribute,
1732
which is usually used to distinguish the local private key and the certificate pair.
1734
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1735
negative error value. or a negative value on error.
1738
@subheading gnutls_pkcs12_bag_get_key_id
1739
@anchor{gnutls_pkcs12_bag_get_key_id}
1740
@deftypefun {int} {gnutls_pkcs12_bag_get_key_id} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, gnutls_datum_t * @var{id})
1743
@var{indx}: The bag's element to add the id
1745
@var{id}: where the ID will be copied (to be treated as const)
1747
This function will return the key ID, of the specified bag element.
1748
The key ID is usually used to distinguish the local private key and the certificate pair.
1750
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1751
negative error value. or a negative value on error.
1754
@subheading gnutls_pkcs12_bag_get_friendly_name
1755
@anchor{gnutls_pkcs12_bag_get_friendly_name}
1756
@deftypefun {int} {gnutls_pkcs12_bag_get_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, char ** @var{name})
1759
@var{indx}: The bag's element to add the id
1761
@var{name}: will hold a pointer to the name (to be treated as const)
1763
This function will return the friendly name, of the specified bag element.
1764
The key ID is usually used to distinguish the local private key and the certificate pair.
1766
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1767
negative error value. or a negative value on error.
1770
@subheading gnutls_pkcs12_bag_set_friendly_name
1771
@anchor{gnutls_pkcs12_bag_set_friendly_name}
1772
@deftypefun {int} {gnutls_pkcs12_bag_set_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, int @var{indx}, const char * @var{name})
1775
@var{indx}: The bag's element to add the id
1777
@var{name}: the name
1779
This function will add the given key friendly name, to the specified, by the index, bag
1780
element. The name will be encoded as a 'Friendly name' bag attribute,
1781
which is usually used to set a user name to the local private key and the certificate pair.
1783
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1784
negative error value. or a negative value on error.
1787
@subheading gnutls_pkcs12_bag_decrypt
1788
@anchor{gnutls_pkcs12_bag_decrypt}
1789
@deftypefun {int} {gnutls_pkcs12_bag_decrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass})
1792
@var{pass}: The password used for encryption, must be ASCII.
1794
This function will decrypt the given encrypted bag and return 0 on
1797
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,
1798
otherwise an error code is returned.
1801
@subheading gnutls_pkcs12_bag_encrypt
1802
@anchor{gnutls_pkcs12_bag_encrypt}
1803
@deftypefun {int} {gnutls_pkcs12_bag_encrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}, unsigned int @var{flags})
1806
@var{pass}: The password used for encryption, must be ASCII
1808
@var{flags}: should be one of @code{gnutls_pkcs_encrypt_flags_t} elements bitwise or'd
1810
This function will encrypt the given bag.
1812
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,
1813
otherwise an error code is returned.
1816
@subheading gnutls_pkcs7_init
1817
@anchor{gnutls_pkcs7_init}
1818
@deftypefun {int} {gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7})
1819
@var{pkcs7}: The structure to be initialized
1821
This function will initialize a PKCS7 structure. PKCS7 structures
1822
usually contain lists of X.509 Certificates and X.509 Certificate
1825
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1826
negative error value.
1829
@subheading gnutls_pkcs7_deinit
1830
@anchor{gnutls_pkcs7_deinit}
1831
@deftypefun {void} {gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7})
1832
@var{pkcs7}: The structure to be initialized
1834
This function will deinitialize a PKCS7 structure.
1837
@subheading gnutls_pkcs7_import
1838
@anchor{gnutls_pkcs7_import}
1839
@deftypefun {int} {gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
1840
@var{pkcs7}: The structure to store the parsed PKCS7.
1842
@var{data}: The DER or PEM encoded PKCS7.
1844
@var{format}: One of DER or PEM
1846
This function will convert the given DER or PEM encoded PKCS7 to
1847
the native @code{gnutls_pkcs7_t} format. The output will be stored in
1850
If the PKCS7 is PEM encoded it should have a header of "PKCS7".
1852
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1853
negative error value.
1856
@subheading gnutls_pkcs7_get_crt_raw
1857
@anchor{gnutls_pkcs7_get_crt_raw}
1858
@deftypefun {int} {gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{certificate}, size_t * @var{certificate_size})
1859
@var{pkcs7}: should contain a gnutls_pkcs7_t structure
1861
@var{indx}: contains the index of the certificate to extract
1863
@var{certificate}: the contents of the certificate will be copied
1866
@var{certificate_size}: should hold the size of the certificate
1868
This function will return a certificate of the PKCS7 or RFC2630
1871
After the last certificate has been read
1872
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
1874
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1875
negative error value. If the provided buffer is not long enough,
1876
then @code{certificate_size} is updated and
1877
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned.
1880
@subheading gnutls_pkcs7_get_crt_count
1881
@anchor{gnutls_pkcs7_get_crt_count}
1882
@deftypefun {int} {gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7})
1883
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
1885
This function will return the number of certifcates in the PKCS7
1886
or RFC2630 certificate set.
1888
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1889
negative error value.
1892
@subheading gnutls_pkcs7_export
1893
@anchor{gnutls_pkcs7_export}
1894
@deftypefun {int} {gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
1895
@var{pkcs7}: Holds the pkcs7 structure
1897
@var{format}: the format of output params. One of PEM or DER.
1899
@var{output_data}: will contain a structure PEM or DER encoded
1901
@var{output_data_size}: holds the size of output_data (and will be
1902
replaced by the actual size of parameters)
1904
This function will export the pkcs7 structure to DER or PEM format.
1906
If the buffer provided is not long enough to hold the output, then
1907
*@code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}
1910
If the structure is PEM encoded, it will have a header
1913
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1914
negative error value.
1917
@subheading gnutls_pkcs7_set_crt_raw
1918
@anchor{gnutls_pkcs7_set_crt_raw}
1919
@deftypefun {int} {gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt})
1920
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
1922
@var{crt}: the DER encoded certificate to be added
1924
This function will add a certificate to the PKCS7 or RFC2630
1927
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1928
negative error value.
1931
@subheading gnutls_pkcs7_set_crt
1932
@anchor{gnutls_pkcs7_set_crt}
1933
@deftypefun {int} {gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt})
1934
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
1936
@var{crt}: the certificate to be copied.
1938
This function will add a parsed certificate to the PKCS7 or
1939
RFC2630 certificate set. This is a wrapper function over
1940
@code{gnutls_pkcs7_set_crt_raw()} .
1942
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1943
negative error value.
1946
@subheading gnutls_pkcs7_delete_crt
1947
@anchor{gnutls_pkcs7_delete_crt}
1948
@deftypefun {int} {gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx})
1949
@var{pkcs7}: should contain a gnutls_pkcs7_t structure
1951
@var{indx}: the index of the certificate to delete
1953
This function will delete a certificate from a PKCS7 or RFC2630
1954
certificate set. Index starts from 0. Returns 0 on success.
1956
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1957
negative error value.
1960
@subheading gnutls_pkcs7_get_crl_raw
1961
@anchor{gnutls_pkcs7_get_crl_raw}
1962
@deftypefun {int} {gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{crl}, size_t * @var{crl_size})
1963
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
1965
@var{indx}: contains the index of the crl to extract
1967
@var{crl}: the contents of the crl will be copied there (may be null)
1969
@var{crl_size}: should hold the size of the crl
1971
This function will return a crl of the PKCS7 or RFC2630 crl set.
1973
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1974
negative error value. If the provided buffer is not long enough,
1975
then @code{crl_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} is
1976
returned. After the last crl has been read
1977
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
1980
@subheading gnutls_pkcs7_get_crl_count
1981
@anchor{gnutls_pkcs7_get_crl_count}
1982
@deftypefun {int} {gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7})
1983
@var{pkcs7}: should contain a gnutls_pkcs7_t structure
1985
This function will return the number of certifcates in the PKCS7
1988
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
1989
negative error value.
1992
@subheading gnutls_pkcs7_set_crl_raw
1993
@anchor{gnutls_pkcs7_set_crl_raw}
1994
@deftypefun {int} {gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl})
1995
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
1997
@var{crl}: the DER encoded crl to be added
1999
This function will add a crl to the PKCS7 or RFC2630 crl set.
2001
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2002
negative error value.
2005
@subheading gnutls_pkcs7_set_crl
2006
@anchor{gnutls_pkcs7_set_crl}
2007
@deftypefun {int} {gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl})
2008
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
2010
@var{crl}: the DER encoded crl to be added
2012
This function will add a parsed CRL to the PKCS7 or RFC2630 crl
2015
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2016
negative error value.
2019
@subheading gnutls_pkcs7_delete_crl
2020
@anchor{gnutls_pkcs7_delete_crl}
2021
@deftypefun {int} {gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx})
2022
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
2024
@var{indx}: the index of the crl to delete
2026
This function will delete a crl from a PKCS7 or RFC2630 crl set.
2027
Index starts from 0. Returns 0 on success.
2029
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2030
negative error value.
2033
@subheading gnutls_x509_privkey_init
2034
@anchor{gnutls_x509_privkey_init}
2035
@deftypefun {int} {gnutls_x509_privkey_init} (gnutls_x509_privkey_t * @var{key})
2036
@var{key}: The structure to be initialized
2038
This function will initialize an private key structure.
2040
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2041
negative error value.
2044
@subheading gnutls_x509_privkey_deinit
2045
@anchor{gnutls_x509_privkey_deinit}
2046
@deftypefun {void} {gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t @var{key})
2047
@var{key}: The structure to be initialized
2049
This function will deinitialize a private key structure.
2052
@subheading gnutls_x509_privkey_cpy
2053
@anchor{gnutls_x509_privkey_cpy}
2054
@deftypefun {int} {gnutls_x509_privkey_cpy} (gnutls_x509_privkey_t @var{dst}, gnutls_x509_privkey_t @var{src})
2055
@var{dst}: The destination key, which should be initialized.
2057
@var{src}: The source key
2059
This function will copy a private key from source to destination
2062
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2063
negative error value.
2066
@subheading gnutls_x509_privkey_import
2067
@anchor{gnutls_x509_privkey_import}
2068
@deftypefun {int} {gnutls_x509_privkey_import} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
2069
@var{key}: The structure to store the parsed key
2071
@var{data}: The DER or PEM encoded certificate.
2073
@var{format}: One of DER or PEM
2075
This function will convert the given DER or PEM encoded key to the
2076
native @code{gnutls_x509_privkey_t} format. The output will be stored in
2079
If the key is PEM encoded it should have a header of "RSA PRIVATE
2080
KEY", or "DSA PRIVATE KEY".
2082
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2083
negative error value.
2086
@subheading gnutls_x509_privkey_import_rsa_raw
2087
@anchor{gnutls_x509_privkey_import_rsa_raw}
2088
@deftypefun {int} {gnutls_x509_privkey_import_rsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u})
2089
@var{key}: The structure to store the parsed key
2091
@var{m}: holds the modulus
2093
@var{e}: holds the public exponent
2095
@var{d}: holds the private exponent
2097
@var{p}: holds the first prime (p)
2099
@var{q}: holds the second prime (q)
2101
@var{u}: holds the coefficient
2103
This function will convert the given RSA raw parameters to the
2104
native @code{gnutls_x509_privkey_t} format. The output will be stored in
2107
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2108
negative error value.
2111
@subheading gnutls_x509_privkey_import_dsa_raw
2112
@anchor{gnutls_x509_privkey_import_dsa_raw}
2113
@deftypefun {int} {gnutls_x509_privkey_import_dsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x})
2114
@var{key}: The structure to store the parsed key
2116
@var{p}: holds the p
2118
@var{q}: holds the q
2120
@var{g}: holds the g
2122
@var{y}: holds the y
2124
@var{x}: holds the x
2126
This function will convert the given DSA raw parameters to the
2127
native @code{gnutls_x509_privkey_t} format. The output will be stored
2130
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2131
negative error value.
2134
@subheading gnutls_x509_privkey_get_pk_algorithm
2135
@anchor{gnutls_x509_privkey_get_pk_algorithm}
2136
@deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm} (gnutls_x509_privkey_t @var{key})
2137
@var{key}: should contain a @code{gnutls_x509_privkey_t} structure
2139
This function will return the public key algorithm of a private
2142
@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on
2143
success, or a negative value on error.
2146
@subheading gnutls_x509_privkey_export
2147
@anchor{gnutls_x509_privkey_export}
2148
@deftypefun {int} {gnutls_x509_privkey_export} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
2149
@var{key}: Holds the key
2151
@var{format}: the format of output params. One of PEM or DER.
2153
@var{output_data}: will contain a private key PEM or DER encoded
2155
@var{output_data_size}: holds the size of output_data (and will be
2156
replaced by the actual size of parameters)
2158
This function will export the private key to a PKCS1 structure for
2159
RSA keys, or an integer sequence for DSA keys. The DSA keys are in
2160
the same format with the parameters used by openssl.
2162
If the buffer provided is not long enough to hold the output, then
2163
*@code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}
2166
If the structure is PEM encoded, it will have a header
2167
of "BEGIN RSA PRIVATE KEY".
2169
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2170
negative error value.
2173
@subheading gnutls_x509_privkey_export_rsa_raw
2174
@anchor{gnutls_x509_privkey_export_rsa_raw}
2175
@deftypefun {int} {gnutls_x509_privkey_export_rsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u})
2176
@var{key}: a structure that holds the rsa parameters
2178
@var{m}: will hold the modulus
2180
@var{e}: will hold the public exponent
2182
@var{d}: will hold the private exponent
2184
@var{p}: will hold the first prime (p)
2186
@var{q}: will hold the second prime (q)
2188
@var{u}: will hold the coefficient
2190
This function will export the RSA private key's parameters found
2191
in the given structure. The new parameters will be allocated using
2192
@code{gnutls_malloc()} and will be stored in the appropriate datum.
2194
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2195
negative error value.
2198
@subheading gnutls_x509_privkey_export_dsa_raw
2199
@anchor{gnutls_x509_privkey_export_dsa_raw}
2200
@deftypefun {int} {gnutls_x509_privkey_export_dsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x})
2201
@var{key}: a structure that holds the DSA parameters
2203
@var{p}: will hold the p
2205
@var{q}: will hold the q
2207
@var{g}: will hold the g
2209
@var{y}: will hold the y
2211
@var{x}: will hold the x
2213
This function will export the DSA private key's parameters found
2214
in the given structure. The new parameters will be allocated using
2215
@code{gnutls_malloc()} and will be stored in the appropriate datum.
2217
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2218
negative error value.
2221
@subheading gnutls_x509_privkey_generate
2222
@anchor{gnutls_x509_privkey_generate}
2223
@deftypefun {int} {gnutls_x509_privkey_generate} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags})
2224
@var{key}: should contain a @code{gnutls_x509_privkey_t} structure
2226
@var{algo}: is one of RSA or DSA.
2228
@var{bits}: the size of the modulus
2230
@var{flags}: unused for now. Must be 0.
2232
This function will generate a random private key. Note that this
2233
function must be called on an empty private key.
2235
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2236
negative error value.
2239
@subheading gnutls_x509_privkey_get_key_id
2240
@anchor{gnutls_x509_privkey_get_key_id}
2241
@deftypefun {int} {gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})
2242
@var{key}: Holds the key
2244
@var{flags}: should be 0 for now
2246
@var{output_data}: will contain the key ID
2248
@var{output_data_size}: holds the size of output_data (and will be
2249
replaced by the actual size of parameters)
2251
This function will return a unique ID the depends on the public key
2252
parameters. This ID can be used in checking whether a certificate
2253
corresponds to the given key.
2255
If the buffer provided is not long enough to hold the output, then
2256
*@code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will
2257
be returned. The output will normally be a SHA-1 hash output,
2260
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2261
negative error value.
2264
@subheading gnutls_x509_privkey_sign_data
2265
@anchor{gnutls_x509_privkey_sign_data}
2266
@deftypefun {int} {gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, void * @var{signature}, size_t * @var{signature_size})
2267
@var{key}: Holds the key
2269
@var{digest}: should be MD5 or SHA1
2271
@var{flags}: should be 0 for now
2273
@var{data}: holds the data to be signed
2275
@var{signature}: will contain the signature
2277
@var{signature_size}: holds the size of signature (and will be replaced
2280
This function will sign the given data using a signature algorithm
2281
supported by the private key. Signature algorithms are always used
2282
together with a hash functions. Different hash functions may be
2283
used for the RSA algorithm, but only SHA-1 for the DSA keys.
2285
If the buffer provided is not long enough to hold the output, then
2286
*@code{signature_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will
2289
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2290
negative error value.
2293
@subheading gnutls_x509_privkey_sign_hash
2294
@anchor{gnutls_x509_privkey_sign_hash}
2295
@deftypefun {int} {gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature})
2296
@var{key}: Holds the key
2298
@var{hash}: holds the data to be signed
2300
@var{signature}: will contain newly allocated signature
2302
This function will sign the given hash using the private key. Do not
2303
use this function directly unless you know what it is. Typical signing
2304
requires the data to be hashed and stored in special formats
2305
(e.g. BER Digest-Info for RSA).
2307
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2308
negative error value.
2311
@subheading gnutls_x509_privkey_verify_data
2312
@anchor{gnutls_x509_privkey_verify_data}
2313
@deftypefun {int} {gnutls_x509_privkey_verify_data} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature})
2314
@var{key}: Holds the key
2316
@var{flags}: should be 0 for now
2318
@var{data}: holds the data to be signed
2320
@var{signature}: contains the signature
2322
This function will verify the given signed data, using the
2323
parameters in the private key.
2325
@strong{Returns:} In case of a verification failure 0 is returned, and 1 on
2329
@subheading gnutls_x509_privkey_fix
2330
@anchor{gnutls_x509_privkey_fix}
2331
@deftypefun {int} {gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key})
2332
@var{key}: Holds the key
2334
This function will recalculate the secondary parameters in a key.
2335
In RSA keys, this can be the coefficient and exponent1,2.
2337
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2338
negative error value.
2341
@subheading gnutls_x509_privkey_export_pkcs8
2342
@anchor{gnutls_x509_privkey_export_pkcs8}
2343
@deftypefun {int} {gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, void * @var{output_data}, size_t * @var{output_data_size})
2344
@var{key}: Holds the key
2346
@var{format}: the format of output params. One of PEM or DER.
2348
@var{password}: the password that will be used to encrypt the key.
2350
@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t
2352
@var{output_data}: will contain a private key PEM or DER encoded
2354
@var{output_data_size}: holds the size of output_data (and will be
2355
replaced by the actual size of parameters)
2357
This function will export the private key to a PKCS8 structure.
2358
Both RSA and DSA keys can be exported. For DSA keys we use
2359
PKCS @code{11} definitions. If the flags do not specify the encryption
2360
cipher, then the default 3DES (PBES2) will be used.
2362
The @code{password} can be either ASCII or UTF-8 in the default PBES2
2363
encryption schemas, or ASCII for the PKCS12 schemas.
2365
If the buffer provided is not long enough to hold the output, then
2366
*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
2369
If the structure is PEM encoded, it will have a header
2370
of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
2371
encryption is not used.
2373
@strong{Return value:} In case of failure a negative value will be
2374
returned, and 0 on success.
2377
@subheading gnutls_x509_privkey_import_pkcs8
2378
@anchor{gnutls_x509_privkey_import_pkcs8}
2379
@deftypefun {int} {gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags})
2380
@var{key}: The structure to store the parsed key
2382
@var{data}: The DER or PEM encoded key.
2384
@var{format}: One of DER or PEM
2386
@var{password}: the password to decrypt the key (if it is encrypted).
2388
@var{flags}: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
2390
This function will convert the given DER or PEM encoded PKCS8 2.0 encrypted key
2391
to the native gnutls_x509_privkey_t format. The output will be stored in @code{key}.
2392
Both RSA and DSA keys can be imported, and flags can only be used to indicate
2395
The @code{password} can be either ASCII or UTF-8 in the default PBES2
2396
encryption schemas, or ASCII for the PKCS12 schemas.
2398
If the Certificate is PEM encoded it should have a header of "ENCRYPTED PRIVATE KEY",
2399
or "PRIVATE KEY". You only need to specify the flags if the key is DER encoded, since
2400
in that case the encryption status cannot be auto-detected.
2402
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2403
negative error value.
2406
@subheading gnutls_x509_crt_check_hostname
2407
@anchor{gnutls_x509_crt_check_hostname}
2408
@deftypefun {int} {gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname})
2409
@var{cert}: should contain an gnutls_x509_crt_t structure
2411
@var{hostname}: A null terminated string that contains a DNS name
2413
This function will check if the given certificate's subject matches
2414
the given hostname. This is a basic implementation of the matching
2415
described in RFC2818 (HTTPS), which takes into account wildcards,
2416
and the DNSName/IPAddress subject alternative name PKIX extension.
2418
@strong{Returns:} non zero for a successful match, and zero on failure.
2421
@subheading gnutls_x509_crt_check_issuer
2422
@anchor{gnutls_x509_crt_check_issuer}
2423
@deftypefun {int} {gnutls_x509_crt_check_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t @var{issuer})
2424
@var{cert}: is the certificate to be checked
2426
@var{issuer}: is the certificate of a possible issuer
2428
This function will check if the given certificate was issued by the
2431
@strong{Returns:} It will return true (1) if the given certificate is issued
2432
by the given issuer, and false (0) if not. A negative value is
2433
returned in case of an error.
2436
@subheading gnutls_x509_crt_list_verify
2437
@anchor{gnutls_x509_crt_list_verify}
2438
@deftypefun {int} {gnutls_x509_crt_list_verify} (const gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_length}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, const gnutls_x509_crl_t * @var{CRL_list}, int @var{CRL_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})
2439
@var{cert_list}: is the certificate list to be verified
2441
@var{cert_list_length}: holds the number of certificate in cert_list
2443
@var{CA_list}: is the CA list which will be used in verification
2445
@var{CA_list_length}: holds the number of CA certificate in CA_list
2447
@var{CRL_list}: holds a list of CRLs.
2449
@var{CRL_list_length}: the length of CRL list.
2451
@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
2453
@var{verify}: will hold the certificate verification output.
2455
This function will try to verify the given certificate list and return its status.
2456
If no flags are specified (0), this function will use the
2457
basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate
2458
authority is allowed to sign a certificate.
2460
You must also check the peer's name in order to check if the verified
2461
certificate belongs to the actual peer.
2463
The certificate verification output will be put in @code{verify} and will be
2464
one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd.
2465
For a more detailed verification status use @code{gnutls_x509_crt_verify()} per list
2468
@strong{GNUTLS_CERT_INVALID:} the certificate chain is not valid.
2470
@strong{GNUTLS_CERT_REVOKED:} a certificate in the chain has been revoked.
2472
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2473
negative error value.and a negative value in case of an error.
2476
@subheading gnutls_x509_crt_verify
2477
@anchor{gnutls_x509_crt_verify}
2478
@deftypefun {int} {gnutls_x509_crt_verify} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})
2479
@var{cert}: is the certificate to be verified
2481
@var{CA_list}: is one certificate that is considered to be trusted one
2483
@var{CA_list_length}: holds the number of CA certificate in CA_list
2485
@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
2487
@var{verify}: will hold the certificate verification output.
2489
This function will try to verify the given certificate and return its status.
2490
The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID.
2492
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2493
negative error value.and a negative value in case of an error.
2496
@subheading gnutls_x509_crl_check_issuer
2497
@anchor{gnutls_x509_crl_check_issuer}
2498
@deftypefun {int} {gnutls_x509_crl_check_issuer} (gnutls_x509_crl_t @var{cert}, gnutls_x509_crt_t @var{issuer})
2499
@var{issuer}: is the certificate of a possible issuer
2501
This function will check if the given CRL was issued by the given
2502
issuer certificate. It will return true (1) if the given CRL was
2503
issued by the given issuer, and false (0) if not.
2505
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2506
negative error value.
2509
@subheading gnutls_x509_crl_verify
2510
@anchor{gnutls_x509_crl_verify}
2511
@deftypefun {int} {gnutls_x509_crl_verify} (gnutls_x509_crl_t @var{crl}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})
2512
@var{crl}: is the crl to be verified
2514
@var{CA_list}: is a certificate list that is considered to be trusted one
2516
@var{CA_list_length}: holds the number of CA certificates in CA_list
2518
@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
2520
@var{verify}: will hold the crl verification output.
2522
This function will try to verify the given crl and return its status.
2523
See @code{gnutls_x509_crt_list_verify()} for a detailed description of
2526
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2527
negative error value.
2530
@subheading gnutls_x509_crt_init
2531
@anchor{gnutls_x509_crt_init}
2532
@deftypefun {int} {gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert})
2533
@var{cert}: The structure to be initialized
2535
This function will initialize an X.509 certificate structure.
2537
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2538
negative error value.
2541
@subheading gnutls_x509_crt_deinit
2542
@anchor{gnutls_x509_crt_deinit}
2543
@deftypefun {void} {gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert})
2544
@var{cert}: The structure to be initialized
2546
This function will deinitialize a CRL structure.
2549
@subheading gnutls_x509_crt_import
2550
@anchor{gnutls_x509_crt_import}
2551
@deftypefun {int} {gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
2552
@var{cert}: The structure to store the parsed certificate.
2554
@var{data}: The DER or PEM encoded certificate.
2556
@var{format}: One of DER or PEM
2558
This function will convert the given DER or PEM encoded Certificate
2559
to the native gnutls_x509_crt_t format. The output will be stored in @code{cert}.
2561
If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or
2564
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2565
negative error value.
2568
@subheading gnutls_x509_crt_get_issuer_dn
2569
@anchor{gnutls_x509_crt_get_issuer_dn}
2570
@deftypefun {int} {gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{sizeof_buf})
2571
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2573
@var{buf}: a pointer to a structure to hold the name (may be null)
2575
@var{sizeof_buf}: initially holds the size of @code{buf}
2577
This function will copy the name of the Certificate issuer in the
2578
provided buffer. The name will be in the form
2579
"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
2580
will be ASCII or UTF-8 encoded, depending on the certificate data.
2582
If @code{buf} is null then only the size will be filled.
2584
@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
2585
long enough, and in that case the *sizeof_buf will be updated with
2586
the required size. On success 0 is returned.
2589
@subheading gnutls_x509_crt_get_issuer_dn_by_oid
2590
@anchor{gnutls_x509_crt_get_issuer_dn_by_oid}
2591
@deftypefun {int} {gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
2592
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2594
@var{oid}: holds an Object Identified in null terminated string
2596
@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
2598
@var{raw_flag}: If non zero returns the raw DER data of the DN part.
2600
@var{buf}: a pointer to a structure to hold the name (may be null)
2602
@var{sizeof_buf}: initially holds the size of @code{buf}
2604
This function will extract the part of the name of the Certificate
2605
issuer specified by the given OID. The output, if the raw flag is not
2606
used, will be encoded as described in RFC2253. Thus a string that is
2607
ASCII or UTF-8 encoded, depending on the certificate data.
2609
Some helper macros with popular OIDs can be found in gnutls/x509.h
2610
If raw flag is zero, this function will only return known OIDs as
2611
text. Other OIDs will be DER encoded, as described in RFC2253 --
2612
in hex format with a '\#' prefix. You can check about known OIDs
2613
using @code{gnutls_x509_dn_oid_known()}.
2615
If @code{buf} is null then only the size will be filled.
2617
@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
2618
long enough, and in that case the *sizeof_buf will be updated with
2619
the required size. On success 0 is returned.
2622
@subheading gnutls_x509_crt_get_issuer_dn_oid
2623
@anchor{gnutls_x509_crt_get_issuer_dn_oid}
2624
@deftypefun {int} {gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
2625
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2627
@var{indx}: This specifies which OID to return. Use zero to get the first one.
2629
@var{oid}: a pointer to a buffer to hold the OID (may be null)
2631
@var{sizeof_oid}: initially holds the size of @code{oid}
2633
This function will extract the OIDs of the name of the Certificate
2634
issuer specified by the given index.
2636
If @code{oid} is null then only the size will be filled.
2638
@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
2639
long enough, and in that case the *sizeof_oid will be updated with
2640
the required size. On success 0 is returned.
2643
@subheading gnutls_x509_crt_get_dn
2644
@anchor{gnutls_x509_crt_get_dn}
2645
@deftypefun {int} {gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{sizeof_buf})
2646
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2648
@var{buf}: a pointer to a structure to hold the name (may be null)
2650
@var{sizeof_buf}: initially holds the size of @code{buf}
2652
This function will copy the name of the Certificate in the
2653
provided buffer. The name will be in the form
2654
"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
2655
will be ASCII or UTF-8 encoded, depending on the certificate data.
2657
If @code{buf} is null then only the size will be filled.
2659
@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
2660
long enough, and in that case the *sizeof_buf will be updated with
2661
the required size. On success 0 is returned.
2664
@subheading gnutls_x509_crt_get_dn_by_oid
2665
@anchor{gnutls_x509_crt_get_dn_by_oid}
2666
@deftypefun {int} {gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
2667
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2669
@var{oid}: holds an Object Identified in null terminated string
2671
@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
2673
@var{raw_flag}: If non zero returns the raw DER data of the DN part.
2675
@var{buf}: a pointer where the DN part will be copied (may be null).
2677
@var{sizeof_buf}: initially holds the size of @code{buf}
2679
This function will extract the part of the name of the Certificate
2680
subject specified by the given OID. The output, if the raw flag is not
2681
used, will be encoded as described in RFC2253. Thus a string that is
2682
ASCII or UTF-8 encoded, depending on the certificate data.
2684
Some helper macros with popular OIDs can be found in gnutls/x509.h
2685
If raw flag is zero, this function will only return known OIDs as
2686
text. Other OIDs will be DER encoded, as described in RFC2253 --
2687
in hex format with a '\#' prefix. You can check about known OIDs
2688
using @code{gnutls_x509_dn_oid_known()}.
2690
If @code{buf} is null then only the size will be filled.
2692
@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
2693
long enough, and in that case the *sizeof_buf will be updated with
2694
the required size. On success 0 is returned.
2697
@subheading gnutls_x509_crt_get_dn_oid
2698
@anchor{gnutls_x509_crt_get_dn_oid}
2699
@deftypefun {int} {gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
2700
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2702
@var{indx}: This specifies which OID to return. Use zero to get the first one.
2704
@var{oid}: a pointer to a buffer to hold the OID (may be null)
2706
@var{sizeof_oid}: initially holds the size of @code{oid}
2708
This function will extract the OIDs of the name of the Certificate
2709
subject specified by the given index.
2711
If oid is null then only the size will be filled.
2713
@strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
2714
long enough, and in that case the *sizeof_oid will be updated with
2715
the required size. On success 0 is returned.
2718
@subheading gnutls_x509_crt_get_signature_algorithm
2719
@anchor{gnutls_x509_crt_get_signature_algorithm}
2720
@deftypefun {int} {gnutls_x509_crt_get_signature_algorithm} (gnutls_x509_crt_t @var{cert})
2721
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2723
This function will return a value of the @code{gnutls_sign_algorithm_t}
2724
enumeration that is the signature algorithm.
2726
@strong{Returns:} a @code{gnutls_sign_algorithm_t} value, or a negative value on
2730
@subheading gnutls_x509_crt_get_signature
2731
@anchor{gnutls_x509_crt_get_signature}
2732
@deftypefun {int} {gnutls_x509_crt_get_signature} (gnutls_x509_crt_t @var{cert}, char * @var{sig}, size_t * @var{sizeof_sig})
2733
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2735
@var{sig}: a pointer where the signature part will be copied (may be null).
2737
@var{sizeof_sig}: initially holds the size of @code{sig}
2739
This function will extract the signature field of a certificate.
2741
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2742
negative error value. and a negative value on error.
2745
@subheading gnutls_x509_crt_get_version
2746
@anchor{gnutls_x509_crt_get_version}
2747
@deftypefun {int} {gnutls_x509_crt_get_version} (gnutls_x509_crt_t @var{cert})
2748
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2750
This function will return the version of the specified Certificate.
2752
@strong{Returns:} version of certificate, or a negative value on error.
2755
@subheading gnutls_x509_crt_get_activation_time
2756
@anchor{gnutls_x509_crt_get_activation_time}
2757
@deftypefun {time_t} {gnutls_x509_crt_get_activation_time} (gnutls_x509_crt_t @var{cert})
2758
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2760
This function will return the time this Certificate was or will be
2763
@strong{Returns:} activation time, or (time_t)-1 on error.
2766
@subheading gnutls_x509_crt_get_expiration_time
2767
@anchor{gnutls_x509_crt_get_expiration_time}
2768
@deftypefun {time_t} {gnutls_x509_crt_get_expiration_time} (gnutls_x509_crt_t @var{cert})
2769
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2771
This function will return the time this Certificate was or will be
2774
@strong{Returns:} expiration time, or (time_t)-1 on error.
2777
@subheading gnutls_x509_crt_get_serial
2778
@anchor{gnutls_x509_crt_get_serial}
2779
@deftypefun {int} {gnutls_x509_crt_get_serial} (gnutls_x509_crt_t @var{cert}, void * @var{result}, size_t * @var{result_size})
2780
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2782
@var{result}: The place where the serial number will be copied
2784
@var{result_size}: Holds the size of the result field.
2786
This function will return the X.509 certificate's serial number.
2787
This is obtained by the X509 Certificate serialNumber
2788
field. Serial is not always a 32 or 64bit number. Some CAs use
2789
large serial numbers, thus it may be wise to handle it as something
2792
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2793
negative error value.and a negative value in case of an error.
2796
@subheading gnutls_x509_crt_get_subject_key_id
2797
@anchor{gnutls_x509_crt_get_subject_key_id}
2798
@deftypefun {int} {gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})
2799
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2801
@var{ret}: The place where the identifier will be copied
2803
@var{ret_size}: Holds the size of the result field.
2805
@var{critical}: will be non zero if the extension is marked as critical (may be null)
2807
This function will return the X.509v3 certificate's subject key identifier.
2808
This is obtained by the X.509 Subject Key identifier extension
2811
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2812
negative error value.and a negative value in case of an error.
2815
@subheading gnutls_x509_crt_get_authority_key_id
2816
@anchor{gnutls_x509_crt_get_authority_key_id}
2817
@deftypefun {int} {gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})
2818
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2820
@var{ret}: The place where the identifier will be copied
2822
@var{ret_size}: Holds the size of the result field.
2824
@var{critical}: will be non zero if the extension is marked as critical (may be null)
2826
This function will return the X.509v3 certificate authority's key
2827
identifier. This is obtained by the X.509 Authority Key
2828
identifier extension field (2.5.29.35). Note that this function
2829
only returns the keyIdentifier field of the extension.
2831
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
2832
negative error value.and a negative value in case of an error.
2835
@subheading gnutls_x509_crt_get_pk_algorithm
2836
@anchor{gnutls_x509_crt_get_pk_algorithm}
2837
@deftypefun {int} {gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{bits})
2838
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2840
@var{bits}: if bits is non null it will hold the size of the parameters' in bits
2842
This function will return the public key algorithm of an X.509
2845
If bits is non null, it should have enough size to hold the parameters
2846
size in bits. For RSA the bits returned is the modulus.
2847
For DSA the bits returned are of the public
2850
@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on
2851
success, or a negative value on error.
2854
@subheading gnutls_x509_crt_get_subject_alt_name
2855
@anchor{gnutls_x509_crt_get_subject_alt_name}
2856
@deftypefun {int} {gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})
2857
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2859
@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
2861
@var{ret}: is the place where the alternative name will be copied to
2863
@var{ret_size}: holds the size of ret.
2865
@var{critical}: will be non zero if the extension is marked as critical (may be null)
2867
This function will return the alternative names, contained in the
2870
This is specified in X509v3 Certificate Extensions. GNUTLS will
2871
return the Alternative name (2.5.29.17), or a negative error code.
2873
When the SAN type is otherName, it will extract the data in the
2874
otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned.
2875
You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get
2876
the corresponding OID and the "virtual" SAN types (e.g.,
2877
@code{GNUTLS_SAN_OTHERNAME_XMPP}).
2879
If an otherName OID is known, the data will be decoded. Otherwise
2880
the returned data will be DER encoded, and you will have to decode
2881
it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is
2884
@strong{Returns:} the alternative subject name type on success, one of the
2885
enumerated @code{gnutls_x509_subject_alt_name_t}. It will return
2886
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough
2887
to hold the value. In that case @code{ret_size} will be updated with
2888
the required size. If the certificate does not have an
2889
Alternative name with the specified sequence number then
2890
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
2893
@subheading gnutls_x509_crt_get_subject_alt_name2
2894
@anchor{gnutls_x509_crt_get_subject_alt_name2}
2895
@deftypefun {int} {gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{ret_type}, unsigned int * @var{critical})
2896
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2898
@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
2900
@var{ret}: is the place where the alternative name will be copied to
2902
@var{ret_size}: holds the size of ret.
2904
@var{ret_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).
2906
@var{critical}: will be non zero if the extension is marked as critical (may be null)
2908
This function will return the alternative names, contained in the
2909
given certificate. It is the same as
2910
@code{gnutls_x509_crt_get_subject_alt_name()} except for the fact that it
2911
will return the type of the alternative name in @code{ret_type} even if
2912
the function fails for some reason (i.e. the buffer provided is
2915
@strong{Returns:} the alternative subject name type on success, one of the
2916
enumerated @code{gnutls_x509_subject_alt_name_t}. It will return
2917
@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough
2918
to hold the value. In that case @code{ret_size} will be updated with
2919
the required size. If the certificate does not have an
2920
Alternative name with the specified sequence number then
2921
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
2924
@subheading gnutls_x509_crt_get_subject_alt_othername_oid
2925
@anchor{gnutls_x509_crt_get_subject_alt_othername_oid}
2926
@deftypefun {int} {gnutls_x509_crt_get_subject_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size})
2927
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2929
@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
2931
@var{ret}: is the place where the otherName OID will be copied to
2933
@var{ret_size}: holds the size of ret.
2935
This function will extract the type OID of an otherName Subject
2936
Alternative Name, contained in the given certificate, and return
2937
the type as an enumerated element.
2939
This function is only useful if
2940
@code{gnutls_x509_crt_get_subject_alt_name()} returned
2941
@code{GNUTLS_SAN_OTHERNAME}.
2943
@strong{Returns:} the alternative subject name type on success, one of the
2944
enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it
2945
will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
2946
e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP}, and @code{GNUTLS_SAN_OTHERNAME} for
2947
unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if
2948
@code{ret_size} is not large enough to hold the value. In that case
2949
@code{ret_size} will be updated with the required size. If the
2950
certificate does not have an Alternative name with the specified
2951
sequence number and with the otherName type then
2952
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
2955
@subheading gnutls_x509_crt_get_basic_constraints
2956
@anchor{gnutls_x509_crt_get_basic_constraints}
2957
@deftypefun {int} {gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{ca}, int * @var{pathlen})
2958
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2960
@var{critical}: will be non zero if the extension is marked as critical
2962
@var{ca}: pointer to output integer indicating CA status, may be NULL,
2963
value is 1 if the certificate CA flag is set, 0 otherwise.
2965
@var{pathlen}: pointer to output integer indicating path length (may be
2966
NULL), non-negative values indicate a present pathLenConstraint
2967
field and the actual value, -1 indicate that the field is absent.
2969
This function will read the certificate's basic constraints, and
2970
return the certificates CA status. It reads the basicConstraints
2971
X.509 extension (2.5.29.19).
2973
@strong{Return value:} If the certificate is a CA a positive value will be
2974
returned, or zero if the certificate does not have CA flag set. A
2975
negative value may be returned in case of errors. If the
2976
certificate does not contain the basicConstraints extension
2977
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
2980
@subheading gnutls_x509_crt_get_ca_status
2981
@anchor{gnutls_x509_crt_get_ca_status}
2982
@deftypefun {int} {gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical})
2983
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2985
@var{critical}: will be non zero if the extension is marked as critical
2987
This function will return certificates CA status, by reading the
2988
basicConstraints X.509 extension (2.5.29.19). If the certificate is
2989
a CA a positive value will be returned, or zero if the certificate
2990
does not have CA flag set.
2992
Use @code{gnutls_x509_crt_get_basic_constraints()} if you want to read the
2993
pathLenConstraint field too.
2995
@strong{Returns:} A negative value may be returned in case of parsing error.
2996
If the certificate does not contain the basicConstraints extension
2997
@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
3000
@subheading gnutls_x509_crt_get_key_usage
3001
@anchor{gnutls_x509_crt_get_key_usage}
3002
@deftypefun {int} {gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical})
3003
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3005
@var{key_usage}: where the key usage bits will be stored
3007
@var{critical}: will be non zero if the extension is marked as critical
3009
This function will return certificate's key usage, by reading the
3010
keyUsage X.509 extension (2.5.29.15). The key usage value will
3012
@strong{ORed values of the:} @code{GNUTLS_KEY_DIGITAL_SIGNATURE},
3013
@code{GNUTLS_KEY_NON_REPUDIATION}, @code{GNUTLS_KEY_KEY_ENCIPHERMENT},
3014
@code{GNUTLS_KEY_DATA_ENCIPHERMENT}, @code{GNUTLS_KEY_KEY_AGREEMENT},
3015
@code{GNUTLS_KEY_KEY_CERT_SIGN}, @code{GNUTLS_KEY_CRL_SIGN},
3016
@code{GNUTLS_KEY_ENCIPHER_ONLY}, @code{GNUTLS_KEY_DECIPHER_ONLY}.
3018
@strong{Returns:} the certificate key usage, or a negative value in case of
3019
parsing error. If the certificate does not contain the keyUsage
3020
extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
3023
@subheading gnutls_x509_crt_get_proxy
3024
@anchor{gnutls_x509_crt_get_proxy}
3025
@deftypefun {int} {gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy})
3026
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3028
@var{critical}: will be non zero if the extension is marked as critical
3030
@var{pathlen}: pointer to output integer indicating path length (may be
3031
NULL), non-negative values indicate a present pCPathLenConstraint
3032
field and the actual value, -1 indicate that the field is absent.
3034
@var{policyLanguage}: output variable with OID of policy language
3036
@var{policy}: output variable with policy data
3038
@var{sizeof_policy}: output variable size of policy data
3040
This function will get information from a proxy certificate. It
3041
reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14).
3043
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,
3044
otherwise an error code is returned.
3047
@subheading gnutls_x509_crt_get_extension_by_oid
3048
@anchor{gnutls_x509_crt_get_extension_by_oid}
3049
@deftypefun {int} {gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf}, unsigned int * @var{critical})
3050
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3052
@var{oid}: holds an Object Identified in null terminated string
3054
@var{indx}: In case multiple same OIDs exist in the extensions, this specifies which to send. Use zero to get the first one.
3056
@var{buf}: a pointer to a structure to hold the name (may be null)
3058
@var{sizeof_buf}: initially holds the size of @code{buf}
3060
@var{critical}: will be non zero if the extension is marked as critical
3062
This function will return the extension specified by the OID in the
3063
certificate. The extensions will be returned as binary data DER
3064
encoded, in the provided buffer.
3066
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,
3067
otherwise an error code is returned. If the certificate does not
3068
contain the specified extension
3069
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
3072
@subheading gnutls_x509_crt_get_extension_oid
3073
@anchor{gnutls_x509_crt_get_extension_oid}
3074
@deftypefun {int} {gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
3075
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3077
@var{indx}: Specifies which extension OID to send. Use zero to get the first one.
3079
@var{oid}: a pointer to a structure to hold the OID (may be null)
3081
@var{sizeof_oid}: initially holds the size of @code{oid}
3083
This function will return the requested extension OID in the certificate.
3084
The extension OID will be stored as a string in the provided buffer.
3086
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,
3087
otherwise an error code is returned. If you have reached the
3088
last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
3092
@subheading gnutls_x509_crt_get_extension_info
3093
@anchor{gnutls_x509_crt_get_extension_info}
3094
@deftypefun {int} {gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, int * @var{critical})
3095
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3097
@var{indx}: Specifies which extension OID to send. Use zero to get the first one.
3099
@var{oid}: a pointer to a structure to hold the OID
3101
@var{sizeof_oid}: initially holds the maximum size of @code{oid}, on return
3102
holds actual size of @code{oid}.
3104
@var{critical}: output variable with critical flag, may be NULL.
3106
This function will return the requested extension OID in the
3107
certificate, and the critical flag for it. The extension OID will
3108
be stored as a string in the provided buffer. Use
3109
@code{gnutls_x509_crt_get_extension_data()} to extract the data.
3111
If the buffer provided is not long enough to hold the output, then
3112
*@code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be
3115
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,
3116
otherwise an error code is returned. If you have reached the
3117
last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
3121
@subheading gnutls_x509_crt_get_extension_data
3122
@anchor{gnutls_x509_crt_get_extension_data}
3123
@deftypefun {int} {gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})
3124
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3126
@var{indx}: Specifies which extension OID to send. Use zero to get the first one.
3128
@var{data}: a pointer to a structure to hold the data (may be null)
3130
@var{sizeof_data}: initially holds the size of @code{oid}
3132
This function will return the requested extension data in the
3133
certificate. The extension data will be stored as a string in the
3136
Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID and
3137
critical flag. Use @code{gnutls_x509_crt_get_extension_by_oid()} instead,
3138
if you want to get data indexed by the extension OID rather than
3141
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,
3142
otherwise an error code is returned. If you have reached the
3143
last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
3147
@subheading gnutls_x509_crt_get_raw_issuer_dn
3148
@anchor{gnutls_x509_crt_get_raw_issuer_dn}
3149
@deftypefun {int} {gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{start})
3150
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3152
@var{start}: will hold the starting point of the DN
3154
This function will return a pointer to the DER encoded DN structure
3157
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3158
negative error value.or a negative value on error.
3161
@subheading gnutls_x509_crt_get_raw_dn
3162
@anchor{gnutls_x509_crt_get_raw_dn}
3163
@deftypefun {int} {gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{start})
3164
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3166
@var{start}: will hold the starting point of the DN
3168
This function will return a pointer to the DER encoded DN structure and
3171
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3172
negative error value. or a negative value on error.
3175
@subheading gnutls_x509_crt_get_subject
3176
@anchor{gnutls_x509_crt_get_subject}
3177
@deftypefun {int} {gnutls_x509_crt_get_subject} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn})
3178
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3180
@var{dn}: output variable with pointer to opaque DN.
3182
Return the Certificate's Subject DN as an opaque data type. You
3183
may use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN.
3185
Note that @code{dn} should be treated as constant. Because points
3186
into the @code{cert} object, you may not deallocate @code{cert}
3187
and continue to access @code{dn}.
3189
@strong{Returns:} Returns 0 on success, or an error code.
3192
@subheading gnutls_x509_crt_get_issuer
3193
@anchor{gnutls_x509_crt_get_issuer}
3194
@deftypefun {int} {gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn})
3195
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3197
@var{dn}: output variable with pointer to opaque DN
3199
Return the Certificate's Issuer DN as an opaque data type. You may
3200
use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN.
3202
Note that @code{dn} should be treated as constant. Because points
3203
into the @code{cert} object, you may not deallocate @code{cert}
3204
and continue to access @code{dn}.
3206
@strong{Returns:} Returns 0 on success, or an error code.
3209
@subheading gnutls_x509_dn_get_rdn_ava
3210
@anchor{gnutls_x509_dn_get_rdn_ava}
3211
@deftypefun {int} {gnutls_x509_dn_get_rdn_ava} (gnutls_x509_dn_t @var{dn}, int @var{irdn}, int @var{iava}, gnutls_x509_ava_st * @var{ava})
3212
@var{dn}: input variable with opaque DN pointer
3214
@var{irdn}: index of RDN
3216
@var{iava}: index of AVA.
3218
@var{ava}: Pointer to structure which will hold output information.
3220
Get pointers to data within the DN.
3222
Note that @code{ava} will contain pointers into the @code{dn} structure, so you
3223
should not modify any data or deallocate it. Note also that the DN
3224
in turn points into the original certificate structure, and thus
3225
you may not deallocate the certificate and continue to access @code{dn}.
3227
@strong{Returns:} Returns 0 on success, or an error code.
3230
@subheading gnutls_x509_crt_get_fingerprint
3231
@anchor{gnutls_x509_crt_get_fingerprint}
3232
@deftypefun {int} {gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t @var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t * @var{sizeof_buf})
3233
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3235
@var{algo}: is a digest algorithm
3237
@var{buf}: a pointer to a structure to hold the fingerprint (may be null)
3239
@var{sizeof_buf}: initially holds the size of @code{buf}
3241
This function will calculate and copy the certificate's fingerprint
3242
in the provided buffer.
3244
If the buffer is null then only the size will be filled.
3246
@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
3247
not long enough, and in that case the *sizeof_buf will be updated
3248
with the required size. On success 0 is returned.
3251
@subheading gnutls_x509_crt_export
3252
@anchor{gnutls_x509_crt_export}
3253
@deftypefun {int} {gnutls_x509_crt_export} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
3254
@var{cert}: Holds the certificate
3256
@var{format}: the format of output params. One of PEM or DER.
3258
@var{output_data}: will contain a certificate PEM or DER encoded
3260
@var{output_data_size}: holds the size of output_data (and will be
3261
replaced by the actual size of parameters)
3263
This function will export the certificate to DER or PEM format.
3265
If the buffer provided is not long enough to hold the output, then
3266
*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
3269
If the structure is PEM encoded, it will have a header
3270
of "BEGIN CERTIFICATE".
3272
@strong{Return value:} In case of failure a negative value will be
3273
returned, and 0 on success.
3276
@subheading gnutls_x509_crt_get_key_id
3277
@anchor{gnutls_x509_crt_get_key_id}
3278
@deftypefun {int} {gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})
3279
@var{crt}: Holds the certificate
3281
@var{flags}: should be 0 for now
3283
@var{output_data}: will contain the key ID
3285
@var{output_data_size}: holds the size of output_data (and will be
3286
replaced by the actual size of parameters)
3288
This function will return a unique ID the depends on the public
3289
key parameters. This ID can be used in checking whether a
3290
certificate corresponds to the given private key.
3292
If the buffer provided is not long enough to hold the output, then
3293
*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
3294
be returned. The output will normally be a SHA-1 hash output,
3297
@strong{Return value:} In case of failure a negative value will be
3298
returned, and 0 on success.
3301
@subheading gnutls_x509_crt_check_revocation
3302
@anchor{gnutls_x509_crt_check_revocation}
3303
@deftypefun {int} {gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_length})
3304
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3306
@var{crl_list}: should contain a list of gnutls_x509_crl_t structures
3308
@var{crl_list_length}: the length of the crl_list
3310
This function will return check if the given certificate is
3311
revoked. It is assumed that the CRLs have been verified before.
3313
@strong{Returns:} 0 if the certificate is NOT revoked, and 1 if it is. A
3314
negative value is returned on error.
3317
@subheading gnutls_x509_crt_get_verify_algorithm
3318
@anchor{gnutls_x509_crt_get_verify_algorithm}
3319
@deftypefun {int} {gnutls_x509_crt_get_verify_algorithm} (gnutls_x509_crt_t @var{crt}, const gnutls_datum_t * @var{signature}, gnutls_digest_algorithm_t * @var{hash})
3320
@var{crt}: Holds the certificate
3322
@var{signature}: contains the signature
3324
@var{hash}: The result of the call with the hash algorithm used for signature
3326
This function will read the certifcate and the signed data to
3327
determine the hash algorithm used to generate the signature.
3329
@strong{Returns:} the 0 if the hash algorithm is found. A negative value is
3332
@strong{Since:} 2.8.0
3335
@subheading gnutls_x509_crt_verify_data
3336
@anchor{gnutls_x509_crt_verify_data}
3337
@deftypefun {int} {gnutls_x509_crt_verify_data} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature})
3338
@var{crt}: Holds the certificate
3340
@var{flags}: should be 0 for now
3342
@var{data}: holds the data to be signed
3344
@var{signature}: contains the signature
3346
This function will verify the given signed data, using the
3347
parameters from the certificate.
3349
@strong{Returns:} In case of a verification failure 0 is returned, and 1 on
3353
@subheading gnutls_x509_crt_verify_hash
3354
@anchor{gnutls_x509_crt_verify_hash}
3355
@deftypefun {int} {gnutls_x509_crt_verify_hash} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature})
3356
@var{crt}: Holds the certificate
3358
@var{flags}: should be 0 for now
3360
@var{hash}: holds the hash digest to be verified
3362
@var{signature}: contains the signature
3364
This function will verify the given signed digest, using the
3365
parameters from the certificate.
3367
@strong{Returns:} In case of a verification failure 0 is returned, and 1 on
3371
@subheading gnutls_x509_crt_get_crl_dist_points
3372
@anchor{gnutls_x509_crt_get_crl_dist_points}
3373
@deftypefun {int} {gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{reason_flags}, unsigned int * @var{critical})
3374
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3376
@var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.)
3378
@var{ret}: is the place where the distribution point will be copied to
3380
@var{ret_size}: holds the size of ret.
3382
@var{reason_flags}: Revocation reasons flags.
3384
@var{critical}: will be non zero if the extension is marked as critical (may be null)
3386
This function will return the CRL distribution points (2.5.29.31),
3387
contained in the given certificate.
3389
@code{reason_flags} should be an ORed sequence of
3390
GNUTLS_CRL_REASON_UNUSED, GNUTLS_CRL_REASON_KEY_COMPROMISE,
3391
GNUTLS_CRL_REASON_CA_COMPROMISE,
3392
GNUTLS_CRL_REASON_AFFILIATION_CHANGED,
3393
GNUTLS_CRL_REASON_SUPERSEEDED,
3394
GNUTLS_CRL_REASON_CESSATION_OF_OPERATION,
3395
GNUTLS_CRL_REASON_CERTIFICATE_HOLD,
3396
GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN,
3397
GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons.
3399
This is specified in X509v3 Certificate Extensions. GNUTLS will
3400
return the distribution point type, or a negative error code on
3403
@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} and updates &@code{ret_size} if
3404
&@code{ret_size} is not enough to hold the distribution point, or the
3405
type of the distribution point if everything was ok. The type is
3406
one of the enumerated @code{gnutls_x509_subject_alt_name_t}. If the
3407
certificate does not have an Alternative name with the specified
3408
sequence number then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is
3412
@subheading gnutls_x509_crt_get_key_purpose_oid
3413
@anchor{gnutls_x509_crt_get_key_purpose_oid}
3414
@deftypefun {int} {gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical})
3415
@var{cert}: should contain a @code{gnutls_x509_crt_t} structure
3417
@var{indx}: This specifies which OID to return. Use zero to get the first one.
3419
@var{oid}: a pointer to a buffer to hold the OID (may be null)
3421
@var{sizeof_oid}: initially holds the size of @code{oid}
3423
@var{critical}: output flag to indicate criticality of extension
3425
This function will extract the key purpose OIDs of the Certificate
3426
specified by the given index. These are stored in the Extended
3427
Key Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions
3428
for human readable names.
3430
If @code{oid} is null then only the size will be filled.
3432
@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
3433
not long enough, and in that case the *sizeof_oid will be
3434
updated with the required size. On success 0 is returned.
3437
@subheading gnutls_x509_crt_get_pk_rsa_raw
3438
@anchor{gnutls_x509_crt_get_pk_rsa_raw}
3439
@deftypefun {int} {gnutls_x509_crt_get_pk_rsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e})
3440
@var{crt}: Holds the certificate
3442
@var{m}: will hold the modulus
3444
@var{e}: will hold the public exponent
3446
This function will export the RSA public key's parameters found in
3447
the given structure. The new parameters will be allocated using
3448
@code{gnutls_malloc()} and will be stored in the appropriate datum.
3450
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error.
3453
@subheading gnutls_x509_crt_get_pk_dsa_raw
3454
@anchor{gnutls_x509_crt_get_pk_dsa_raw}
3455
@deftypefun {int} {gnutls_x509_crt_get_pk_dsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y})
3456
@var{crt}: Holds the certificate
3458
@var{p}: will hold the p
3460
@var{q}: will hold the q
3462
@var{g}: will hold the g
3464
@var{y}: will hold the y
3466
This function will export the DSA public key's parameters found in
3467
the given certificate. The new parameters will be allocated using
3468
@code{gnutls_malloc()} and will be stored in the appropriate datum.
3470
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise an error.
3473
@subheading gnutls_x509_crt_list_import
3474
@anchor{gnutls_x509_crt_list_import}
3475
@deftypefun {int} {gnutls_x509_crt_list_import} (gnutls_x509_crt_t * @var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
3476
@var{certs}: The structures to store the parsed certificate. Must not be initialized.
3478
@var{cert_max}: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
3480
@var{data}: The PEM encoded certificate.
3482
@var{format}: One of DER or PEM.
3484
@var{flags}: must be zero or an OR'd sequence of gnutls_certificate_import_flags.
3486
This function will convert the given PEM encoded certificate list
3487
to the native gnutls_x509_crt_t format. The output will be stored
3488
in @code{certs}. They will be automatically initialized.
3490
If the Certificate is PEM encoded it should have a header of "X509
3491
CERTIFICATE", or "CERTIFICATE".
3493
@strong{Returns:} the number of certificates read or a negative error value.
3496
@subheading gnutls_x509_crt_set_dn_by_oid
3497
@anchor{gnutls_x509_crt_set_dn_by_oid}
3498
@deftypefun {int} {gnutls_x509_crt_set_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})
3499
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3501
@var{oid}: holds an Object Identifier in a null terminated string
3503
@var{raw_flag}: must be 0, or 1 if the data are DER encoded
3505
@var{name}: a pointer to the name
3507
@var{sizeof_name}: holds the size of @code{name}
3509
This function will set the part of the name of the Certificate
3510
subject, specified by the given OID. The input string should be
3511
ASCII or UTF-8 encoded.
3513
Some helper macros with popular OIDs can be found in gnutls/x509.h
3514
With this function you can only set the known OIDs. You can test
3515
for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are
3516
not known (by gnutls) you should properly DER encode your data,
3517
and call this function with @code{raw_flag} set.
3519
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3520
negative error value.
3523
@subheading gnutls_x509_crt_set_issuer_dn_by_oid
3524
@anchor{gnutls_x509_crt_set_issuer_dn_by_oid}
3525
@deftypefun {int} {gnutls_x509_crt_set_issuer_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})
3526
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3528
@var{oid}: holds an Object Identifier in a null terminated string
3530
@var{raw_flag}: must be 0, or 1 if the data are DER encoded
3532
@var{name}: a pointer to the name
3534
@var{sizeof_name}: holds the size of @code{name}
3536
This function will set the part of the name of the Certificate
3537
issuer, specified by the given OID. The input string should be
3538
ASCII or UTF-8 encoded.
3540
Some helper macros with popular OIDs can be found in gnutls/x509.h
3541
With this function you can only set the known OIDs. You can test
3542
for known OIDs using @code{gnutls_x509_dn_oid_known()}. For OIDs that are
3543
not known (by gnutls) you should properly DER encode your data,
3544
and call this function with @code{raw_flag} set.
3546
Normally you do not need to call this function, since the signing
3547
operation will copy the signer's name as the issuer of the
3550
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3551
negative error value.
3554
@subheading gnutls_x509_crt_set_proxy_dn
3555
@anchor{gnutls_x509_crt_set_proxy_dn}
3556
@deftypefun {int} {gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})
3557
@var{crt}: a gnutls_x509_crt_t structure with the new proxy cert
3559
@var{eecrt}: the end entity certificate that will be issuing the proxy
3561
@var{raw_flag}: must be 0, or 1 if the CN is DER encoded
3563
@var{name}: a pointer to the CN name, may be NULL (but MUST then be added later)
3565
@var{sizeof_name}: holds the size of @code{name}
3567
This function will set the subject in @code{crt} to the end entity's
3568
@code{eecrt} subject name, and add a single Common Name component @code{name}
3569
of size @code{sizeof_name}. This corresponds to the required proxy
3570
certificate naming style. Note that if @code{name} is @code{NULL}, you MUST
3571
set it later by using @code{gnutls_x509_crt_set_dn_by_oid()} or similar.
3573
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3574
negative error value.
3577
@subheading gnutls_x509_crt_set_version
3578
@anchor{gnutls_x509_crt_set_version}
3579
@deftypefun {int} {gnutls_x509_crt_set_version} (gnutls_x509_crt_t @var{crt}, unsigned int @var{version})
3580
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3582
@var{version}: holds the version number. For X.509v1 certificates must be 1.
3584
This function will set the version of the certificate. This must
3585
be one for X.509 version 1, and so on. Plain certificates without
3586
extensions must have version set to one.
3588
To create well-formed certificates, you must specify version 3 if
3589
you use any certificate extensions. Extensions are created by
3590
functions such as @code{gnutls_x509_crt_set_subject_alt_name()}
3591
or @code{gnutls_x509_crt_set_key_usage()}.
3593
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3594
negative error value.
3597
@subheading gnutls_x509_crt_set_key
3598
@anchor{gnutls_x509_crt_set_key}
3599
@deftypefun {int} {gnutls_x509_crt_set_key} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{key})
3600
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3602
@var{key}: holds a private key
3604
This function will set the public parameters from the given
3605
private key to the certificate. Only RSA keys are currently
3608
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3609
negative error value.
3612
@subheading gnutls_x509_crt_set_crq
3613
@anchor{gnutls_x509_crt_set_crq}
3614
@deftypefun {int} {gnutls_x509_crt_set_crq} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq})
3615
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3617
@var{crq}: holds a certificate request
3619
This function will set the name and public parameters as well as
3620
the extensions from the given certificate request to the certificate.
3621
Only RSA keys are currently supported.
3623
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3624
negative error value.
3627
@subheading gnutls_x509_crt_set_crq_extensions
3628
@anchor{gnutls_x509_crt_set_crq_extensions}
3629
@deftypefun {int} {gnutls_x509_crt_set_crq_extensions} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq})
3630
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3632
@var{crq}: holds a certificate request
3634
This function will set extensions from the given request to the
3637
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3638
negative error value.
3640
@strong{Since:} 2.8.0
3643
@subheading gnutls_x509_crt_set_extension_by_oid
3644
@anchor{gnutls_x509_crt_set_extension_by_oid}
3645
@deftypefun {int} {gnutls_x509_crt_set_extension_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical})
3646
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3648
@var{oid}: holds an Object Identified in null terminated string
3650
@var{buf}: a pointer to a DER encoded data
3652
@var{sizeof_buf}: holds the size of @code{buf}
3654
@var{critical}: should be non zero if the extension is to be marked as critical
3656
This function will set an the extension, by the specified OID, in
3657
the certificate. The extension data should be binary data DER
3660
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3661
negative error value.and a negative value in case of an error.
3664
@subheading gnutls_x509_crt_set_basic_constraints
3665
@anchor{gnutls_x509_crt_set_basic_constraints}
3666
@deftypefun {int} {gnutls_x509_crt_set_basic_constraints} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}, int @var{pathLenConstraint})
3667
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3669
@var{ca}: true(1) or false(0). Depending on the Certificate authority status.
3671
@var{pathLenConstraint}: non-negative values indicate maximum length of path,
3672
and negative values indicate that the pathLenConstraints field should
3675
This function will set the basicConstraints certificate extension.
3677
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3678
negative error value.
3681
@subheading gnutls_x509_crt_set_ca_status
3682
@anchor{gnutls_x509_crt_set_ca_status}
3683
@deftypefun {int} {gnutls_x509_crt_set_ca_status} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca})
3684
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3686
@var{ca}: true(1) or false(0). Depending on the Certificate authority status.
3688
This function will set the basicConstraints certificate extension.
3689
Use @code{gnutls_x509_crt_set_basic_constraints()} if you want to control
3690
the pathLenConstraint field too.
3692
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3693
negative error value.
3696
@subheading gnutls_x509_crt_set_key_usage
3697
@anchor{gnutls_x509_crt_set_key_usage}
3698
@deftypefun {int} {gnutls_x509_crt_set_key_usage} (gnutls_x509_crt_t @var{crt}, unsigned int @var{usage})
3699
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3701
@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements.
3703
This function will set the keyUsage certificate extension.
3705
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3706
negative error value.
3709
@subheading gnutls_x509_crt_set_subject_alternative_name
3710
@anchor{gnutls_x509_crt_set_subject_alternative_name}
3711
@deftypefun {int} {gnutls_x509_crt_set_subject_alternative_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const char * @var{data_string})
3712
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3714
@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations
3716
@var{data_string}: The data to be set, a zero terminated string
3718
This function will set the subject alternative name certificate
3719
extension. This function assumes that data can be expressed as a null
3722
The name of the function is unfortunate since it is incosistent with
3723
@code{gnutls_x509_crt_get_subject_alt_name()}.
3725
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3726
negative error value.
3729
@subheading gnutls_x509_crt_set_subject_alt_name
3730
@anchor{gnutls_x509_crt_set_subject_alt_name}
3731
@deftypefun {int} {gnutls_x509_crt_set_subject_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags})
3732
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3734
@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations
3736
@var{data}: The data to be set
3738
@var{data_size}: The size of data to be set
3740
@var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append.
3742
This function will set the subject alternative name certificate
3743
extension. It can set the following types:
3745
&GNUTLS_SAN_DNSNAME: as a text string
3747
&GNUTLS_SAN_RFC822NAME: as a text string
3749
&GNUTLS_SAN_URI: as a text string
3751
&GNUTLS_SAN_IPADDRESS: as a binary IP address (4 or 16 bytes)
3753
Other values can be set as binary values with the proper DER encoding.
3755
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3756
negative error value.
3758
@strong{Since:} 2.6.0
3761
@subheading gnutls_x509_crt_set_proxy
3762
@anchor{gnutls_x509_crt_set_proxy}
3763
@deftypefun {int} {gnutls_x509_crt_set_proxy} (gnutls_x509_crt_t @var{crt}, int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy})
3764
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3766
@var{pathLenConstraint}: non-negative values indicate maximum length of path,
3767
and negative values indicate that the pathLenConstraints field should
3770
@var{policyLanguage}: OID describing the language of @code{policy}.
3772
@var{policy}: opaque byte array with policy language, can be @code{NULL}
3774
@var{sizeof_policy}: size of @code{policy}.
3776
This function will set the proxyCertInfo extension.
3778
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3779
negative error value.
3782
@subheading gnutls_x509_crt_sign2
3783
@anchor{gnutls_x509_crt_sign2}
3784
@deftypefun {int} {gnutls_x509_crt_sign2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
3785
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3787
@var{issuer}: is the certificate of the certificate issuer
3789
@var{issuer_key}: holds the issuer's private key
3791
@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA1} is a safe choice
3793
@var{flags}: must be 0
3795
This function will sign the certificate with the issuer's private key, and
3796
will copy the issuer's information into the certificate.
3798
This must be the last step in a certificate generation since all
3799
the previously set parameters are now signed.
3801
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3802
negative error value.
3805
@subheading gnutls_x509_crt_sign
3806
@anchor{gnutls_x509_crt_sign}
3807
@deftypefun {int} {gnutls_x509_crt_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key})
3808
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3810
@var{issuer}: is the certificate of the certificate issuer
3812
@var{issuer_key}: holds the issuer's private key
3814
This function is the same a @code{gnutls_x509_crt_sign2()} with no flags,
3815
and SHA1 as the hash algorithm.
3817
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3818
negative error value.
3821
@subheading gnutls_x509_crt_set_activation_time
3822
@anchor{gnutls_x509_crt_set_activation_time}
3823
@deftypefun {int} {gnutls_x509_crt_set_activation_time} (gnutls_x509_crt_t @var{cert}, time_t @var{act_time})
3824
@var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3826
@var{act_time}: The actual time
3828
This function will set the time this Certificate was or will be
3831
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3832
negative error value.
3835
@subheading gnutls_x509_crt_set_expiration_time
3836
@anchor{gnutls_x509_crt_set_expiration_time}
3837
@deftypefun {int} {gnutls_x509_crt_set_expiration_time} (gnutls_x509_crt_t @var{cert}, time_t @var{exp_time})
3838
@var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3840
@var{exp_time}: The actual time
3842
This function will set the time this Certificate will expire.
3844
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3845
negative error value.
3848
@subheading gnutls_x509_crt_set_serial
3849
@anchor{gnutls_x509_crt_set_serial}
3850
@deftypefun {int} {gnutls_x509_crt_set_serial} (gnutls_x509_crt_t @var{cert}, const void * @var{serial}, size_t @var{serial_size})
3851
@var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3853
@var{serial}: The serial number
3855
@var{serial_size}: Holds the size of the serial field.
3857
This function will set the X.509 certificate's serial number.
3858
Serial is not always a 32 or 64bit number. Some CAs use large
3859
serial numbers, thus it may be wise to handle it as something
3862
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3863
negative error value.
3866
@subheading gnutls_x509_crt_set_crl_dist_points
3867
@anchor{gnutls_x509_crt_set_crl_dist_points}
3868
@deftypefun {int} {gnutls_x509_crt_set_crl_dist_points} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data_string}, unsigned int @var{reason_flags})
3869
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3871
@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations
3873
@var{data_string}: The data to be set
3875
@var{reason_flags}: revocation reasons
3877
This function will set the CRL distribution points certificate extension.
3879
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3880
negative error value.
3883
@subheading gnutls_x509_crt_set_crl_dist_points2
3884
@anchor{gnutls_x509_crt_set_crl_dist_points2}
3885
@deftypefun {int} {gnutls_x509_crt_set_crl_dist_points2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{reason_flags})
3886
@var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3888
@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations
3890
@var{data}: The data to be set
3892
@var{data_size}: The data size
3894
@var{reason_flags}: revocation reasons
3896
This function will set the CRL distribution points certificate extension.
3898
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3899
negative error value.
3901
@strong{Since:} 2.6.0
3904
@subheading gnutls_x509_crt_cpy_crl_dist_points
3905
@anchor{gnutls_x509_crt_cpy_crl_dist_points}
3906
@deftypefun {int} {gnutls_x509_crt_cpy_crl_dist_points} (gnutls_x509_crt_t @var{dst}, gnutls_x509_crt_t @var{src})
3907
@var{dst}: a certificate of type @code{gnutls_x509_crt_t}
3909
@var{src}: the certificate where the dist points will be copied from
3911
This function will copy the CRL distribution points certificate
3912
extension, from the source to the destination certificate.
3913
This may be useful to copy from a CA certificate to issued ones.
3915
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3916
negative error value.
3919
@subheading gnutls_x509_crt_set_subject_key_id
3920
@anchor{gnutls_x509_crt_set_subject_key_id}
3921
@deftypefun {int} {gnutls_x509_crt_set_subject_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size})
3922
@var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3924
@var{id}: The key ID
3926
@var{id_size}: Holds the size of the serial field.
3928
This function will set the X.509 certificate's subject key ID
3931
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3932
negative error value.
3935
@subheading gnutls_x509_crt_set_authority_key_id
3936
@anchor{gnutls_x509_crt_set_authority_key_id}
3937
@deftypefun {int} {gnutls_x509_crt_set_authority_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size})
3938
@var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3940
@var{id}: The key ID
3942
@var{id_size}: Holds the size of the serial field.
3944
This function will set the X.509 certificate's authority key ID extension.
3945
Only the keyIdentifier field can be set with this function.
3947
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} is returned, otherwise a
3948
negative error value.
3951
@subheading gnutls_x509_crt_set_key_purpose_oid
3952
@anchor{gnutls_x509_crt_set_key_purpose_oid}
3953
@deftypefun {int} {gnutls_x509_crt_set_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, const void * @var{oid}, unsigned int @var{critical})
3954
@var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3956
@var{oid}: a pointer to a null terminated string that holds the OID
3958
@var{critical}: Whether this extension will be critical or not
3960
This function will set the key purpose OIDs of the Certificate.
3961
These are stored in the Extended Key Usage extension (2.5.29.37)
3962
See the GNUTLS_KP_* definitions for human readable names.
3964
Subsequent calls to this function will append OIDs to the OID list.
3966
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (zero) is returned,
3967
otherwise an error code is returned.