updated documentation

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-01-04 12:05:51 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2002-01-04 12:05:51 +0000
commit: faa84bc98ead2485c5ff7e57d9b7e208a8816364 (patch)
tree: 8413d914f1691ecc19d90e12ca9049f66fc95fcd
parent: 78fcf46acfef31b49960d2a7fee7c172a1116bf0 (diff)
download: gnutls-faa84bc98ead2485c5ff7e57d9b7e208a8816364.tar.gz
3 files changed, 121 insertions, 56 deletions
diff --git a/NEWS b/NEWS
index 3f26416443..215a9b3acc 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ Version ?.?.?
 - Added gnutls_fingerprint()
 - Added gnutls_x509pki_extract_certificate_serial()
 - Corrected behaviour in version advertizing
+- Updated documentation
 
 Version 0.3.1 (21/12/2001)
 - Corrections in the configuration files
diff --git a/doc/tex/ex3.tex b/doc/tex/ex3.tex
index 4af335ed07..226fcdfdb7 100644
--- a/doc/tex/ex3.tex
+++ b/doc/tex/ex3.tex
@@ -1,87 +1,130 @@
 \begin{verbatim}
 
 #define PRINTX(x,y) if (y[0]!=0) printf(" -   %s %s\n", x, y)
-#define PRINT_DN(X) PRINTX( "CN:", X->common_name); \
-	PRINTX( "OU:", X->organizational_unit_name); \
-	PRINTX( "O:", X->organization); \
-	PRINTX( "L:", X->locality_name); \
-	PRINTX( "S:", X->state_or_province_name); \
-	PRINTX( "C:", X->country); \
-	PRINTX( "E:", X->email)
-
+#define PRINT_DN(X) PRINTX( "CN:", X.common_name); \
+        PRINTX( "OU:", X.organizational_unit_name); \
+        PRINTX( "O:", X.organization); \
+        PRINTX( "L:", X.locality_name); \
+        PRINTX( "S:", X.state_or_province_name); \
+        PRINTX( "C:", X.country); \
+        PRINTX( "E:", X.email)
+
+/* This function will print some details of the
+ * given state.
+ */
 int print_info(GNUTLS_STATE state)
 {
    const char *tmp;
+   GNUTLS_CredType cred;
+   gnutls_DN dn;
+   const gnutls_datum *cert_list;
+   GNUTLS_CertificateStatus status;
+   int cert_list_size = 0;
+   GNUTLS_KXAlgorithm kx;
+
 
    /* print the key exchange's algorithm name
     */
-   tmp = gnutls_kx_get_name( gnutls_kx_get_algo( state));
+   kx = gnutls_kx_get_algo(state);
+   tmp = gnutls_kx_get_name(kx);
    printf("- Key Exchange: %s\n", tmp);
 
-   /* in case of X509 PKI
-    */
-   if (gnutls_auth_get_type(state) == GNUTLS_X509PKI) {
-      const gnutls_DN* dn;
-      const gnutls_datum* cert_list;
-      int cert_list_size = 0;
-      CertificateStatus status;
-      KXAlgorithm kx;
-
-      kx = gnutls_kx_get_algo(state);
+   cred = gnutls_auth_get_type(state);
+   switch (cred) {
+   case GNUTLS_ANON:
+      printf("- Anonymous DH using prime of %d bits\n",
+             gnutls_anon_client_get_dh_bits(state));
+      break;
+   case GNUTLS_X509PKI:
+      /* in case of X509 PKI
+       */
+      cert_list = gnutls_x509pki_client_get_peer_certificate_list(state, &cert_list_size);
+      status = gnutls_x509pki_client_get_peer_certificate_status(state);
+
+      switch (status) {
+      case GNUTLS_CERT_NOT_TRUSTED:
+         printf("- Peer's X509 Certificate was NOT verified\n");
+         break;
+      case GNUTLS_CERT_EXPIRED:
+         printf("- Peer's X509 Certificate was verified but is expired\n");
+         break;
+      case GNUTLS_CERT_TRUSTED:
+         printf("- Peer's X509 Certificate was verified\n");
+         break;
+      case GNUTLS_CERT_NONE:
+         printf("- Peer did not send any X509 Certificate.\n");
+         break;
+      case GNUTLS_CERT_INVALID:
+         printf("- Peer's X509 Certificate was invalid\n");
+         break;
+      }
 
       /* Check if we have been using ephemeral Diffie Hellman.
        */
       if (kx == GNUTLS_KX_X509PKI_DHE_RSA || kx == GNUTLS_KX_X509PKI_DHE_DSS) {
          printf("\n- Ephemeral DH using prime of %d bits\n",
-            gnutls_x509pki_server_get_dh_bits( state));
+                gnutls_x509pki_server_get_dh_bits(state));
       }
 
-
-      status = gnutls_x509pki_client_get_peer_certificate_status( state);
-      cert_list = gnutls_x509pki_client_get_peer_certificate_list( state, &cert_list_size);
-
-      switch( status) {
-         case GNUTLS_CERT_NOT_TRUSTED:
-           printf("- Peer's X509 Certificate was NOT verified\n");
-           break;
-         case GNUTLS_CERT_EXPIRED:
-           printf("- Peer's X509 Certificate was verified but is expired\n");
-           break;
-         case GNUTLS_CERT_TRUSTED:
-           printf("- Peer's X509 Certificate was verified\n");
-           break;
-         case GNUTLS_CERT_NONE:
-           printf("- Peer did not send any certificate.\n");
-           break;
-         case GNUTLS_CERT_INVALID:
-           printf("- Peer's X509 Certificate was invalid\n");
-           break;
-      }
-		
-      if ( cert_list_size > 0) {
+      /* if the certificate list is available, then
+       * print some information about it.
+       */
+      if (cert_list_size > 0) {
+         char digest[20];
+         char serial[40];
+         int digest_size = sizeof(digest), i;
+         int serial_size = sizeof(serial);
+         char printable[120];
+         char *print;
 
          printf(" - Certificate info:\n");
-         printf(" - Certificate version: #%d\n", gnutls_x509pki_extract_certificate_version( &cert_list[0]));
 
-         gnutls_x509pki_extract_certificate_dn( &cert_list[0], &dn);
-         PRINT_DN( dn);
+         /* Print the fingerprint of the certificate
+          */
+         if (gnutls_fingerprint(GNUTLS_DIG_MD5, &cert_list[0], digest, &digest_size) >= 0) {
+            print = printable;
+            for (i = 0; i < digest_size; i++) {
+               sprintf(print, "%.2x ", (unsigned char) digest[i]);
+               print += 3;
+            }
+            printf(" - Certificate fingerprint: %s\n", printable);
+         }
+
+         /* Print the serial number of the certificate.
+          */
+         if (gnutls_x509pki_extract_certificate_serial(&cert_list[0], serial, &serial_size) >= 0) {
+            print = printable;
+            for (i = 0; i < serial_size; i++) {
+               sprintf(print, "%.2x ", (unsigned char) serial[i]);
+               print += 3;
+            }
+            printf(" - Certificate serial number: %s\n", printable);
+         }
+
+         /* Print the version of the X.509 
+          * certificate.
+          */
+         printf(" - Certificate version: #%d\n", gnutls_x509pki_extract_certificate_version(&cert_list[0]));
+
+         gnutls_x509pki_extract_certificate_dn(&cert_list[0], &dn);
+         PRINT_DN(dn);
 
-         gnutls_x509pki_extract_certificate_issuer_dn( &cert_list[0], &dn);
+         gnutls_x509pki_extract_certificate_issuer_dn(&cert_list[0], &dn);
          printf(" - Certificate Issuer's info:\n");
          PRINT_DN(dn);
       }
    }
 
-   tmp = gnutls_protocol_get_name( gnutls_protocol_get_version( state));
+   tmp = gnutls_protocol_get_name(gnutls_protocol_get_version(state));
    printf("- Version: %s\n", tmp);
 
-   tmp = gnutls_compression_get_name( gnutls_compression_get_algo( state));
+   tmp = gnutls_compression_get_name(gnutls_compression_get_algo(state));
    printf("- Compression: %s\n", tmp);
 
-   tmp = gnutls_cipher_get_name( gnutls_cipher_get_algo( state));
+   tmp = gnutls_cipher_get_name(gnutls_cipher_get_algo(state));
    printf("- Cipher: %s\n", tmp);
 
-   tmp = gnutls_mac_get_name(gnutls_mac_get_algo( state));
+   tmp = gnutls_mac_get_name(gnutls_mac_get_algo(state));
    printf("- MAC: %s\n", tmp);
 
    return 0;
diff --git a/src/common.h b/src/common.h
index cc616c2494..9d2aee344f 100644
--- a/src/common.h
+++ b/src/common.h
@@ -12,13 +12,18 @@
 
 static int print_info( GNUTLS_STATE state) {
 const char *tmp;
-CredType cred;
+GNUTLS_CredType cred;
 gnutls_DN dn;
 const gnutls_datum* cert_list;
-CertificateStatus status;
+GNUTLS_CertificateStatus status;
 int cert_list_size = 0;
+GNUTLS_KXAlgorithm kx;
 
-	tmp = gnutls_kx_get_name(gnutls_kx_get_algo( state));
+
+	/* print the key exchange's algorithm name
+    	 */
+	kx = gnutls_kx_get_algo(state);
+	tmp = gnutls_kx_get_name( kx);
 	printf("- Key Exchange: %s\n", tmp);
 
 	cred = gnutls_auth_get_type(state);
@@ -28,6 +33,8 @@ int cert_list_size = 0;
 			       gnutls_anon_client_get_dh_bits( state));
 			break;
 		case GNUTLS_X509PKI:
+		   /* in case of X509 PKI
+		    */
 			cert_list = gnutls_x509pki_client_get_peer_certificate_list( state, &cert_list_size);
 			status = gnutls_x509pki_client_get_peer_certificate_status( state);
 			
@@ -48,7 +55,14 @@ int cert_list_size = 0;
 				printf("- Peer's X509 Certificate was invalid\n");
 				break;
 			}
-			
+
+			/* Check if we have been using ephemeral Diffie Hellman.
+			 */
+		        if (kx == GNUTLS_KX_X509PKI_DHE_RSA || kx == GNUTLS_KX_X509PKI_DHE_DSS) {
+		         printf("\n- Ephemeral DH using prime of %d bits\n",
+        		    gnutls_x509pki_server_get_dh_bits( state));
+      			}
+
 			if (cert_list_size > 0) {
 				char digest[20];
 				char serial[40];
@@ -59,6 +73,8 @@ int cert_list_size = 0;
 
 				printf(" - Certificate info:\n");
 				
+				/* Print the fingerprint of the certificate
+				 */
 				if ( gnutls_fingerprint( GNUTLS_DIG_MD5, &cert_list[0], digest, &digest_size) >= 0) {
 					print = printable;
 					for (i=0;i<digest_size;i++) {
@@ -67,7 +83,9 @@ int cert_list_size = 0;
 					}
 					printf(" - Certificate fingerprint: %s\n", printable);
 				}
-
+				
+				/* Print the serial number of the certificate.
+				 */
 				if ( gnutls_x509pki_extract_certificate_serial( &cert_list[0], serial, &serial_size) >= 0) {
 					print = printable;
 					for (i=0;i<serial_size;i++) {
@@ -77,6 +95,9 @@ int cert_list_size = 0;
 					printf(" - Certificate serial number: %s\n", printable);
 				}
 
+				/* Print the version of the X.509 
+				 * certificate.
+				 */
 				printf(" - Certificate version: #%d\n", gnutls_x509pki_extract_certificate_version( &cert_list[0]));
 
 				gnutls_x509pki_extract_certificate_dn( &cert_list[0], &dn);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-01-04 12:05:51 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2002-01-04 12:05:51 +0000
commit	faa84bc98ead2485c5ff7e57d9b7e208a8816364 (patch)
tree	8413d914f1691ecc19d90e12ca9049f66fc95fcd
parent	78fcf46acfef31b49960d2a7fee7c172a1116bf0 (diff)
download	gnutls-faa84bc98ead2485c5ff7e57d9b7e208a8816364.tar.gz