diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-09-05 19:03:01 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-09-05 19:03:01 +0000 |
commit | f0706c4772bd6eca67cc90b33623655409fefb20 (patch) | |
tree | ad6522a397355a4be45b85f1640e00e0a96c286c | |
parent | 76afe325010c5a56b1b777ae9fdd697023722c55 (diff) | |
download | gnutls-f0706c4772bd6eca67cc90b33623655409fefb20.tar.gz |
*** empty log message ***
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | doc/TODO | 2 | ||||
-rw-r--r-- | doc/tex/Makefile.am | 3 | ||||
-rw-r--r-- | doc/tex/certificate.tex | 11 | ||||
-rw-r--r-- | doc/tex/x509-1.eps | 251 | ||||
-rw-r--r-- | lib/gnutls_global.h | 1 |
6 files changed, 266 insertions, 6 deletions
@@ -1,9 +1,11 @@ Version 0.5.6 - Corrected bugs in SRP implementation, which prevented gnutls - to interoperate with other implementations. + to interoperate with other implementations. (interoperability testing + was done by David Taylor) - Corrected bug in cert_type extension. - Corrected extension type checks which used an 8 bit extension size, instead of 16 bits. +- Removed the X.509 test suite. Version 0.5.5 (3/09/2002) - Updated the SRP implementation to the latest draft. The blowfish @@ -4,13 +4,13 @@ in order to avoid having people working on the same thing. Current list: + Add ability to read PKCS-12 structures (certificate and private key) +* Add support for the certificate authenticated SRP cipher suites * Add option to read the SRP parameters using a callback (server side) * Convert documentation to texinfo format * Merge common stuff in DHE and DHA key exchange * Add support for certificate CRLs in certificate verification * Audit the code * Add GPGSM certificate manager support -- Add support for the certificate authenticated SRP cipher suites - Add Kerberos support (+) Means high priority diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am index e51a3c9a51..682c9d6783 100644 --- a/doc/tex/Makefile.am +++ b/doc/tex/Makefile.am @@ -1,6 +1,7 @@ EXTRA_DIST = gnutls.tex gnutls.ps \ ex1.tex ex2.tex ex3.tex srp1.tex serv1.tex ex4.tex \ - fdl.tex cover.tex.in gnutls-logo.ps layers.eps pgp-fig1.eps + fdl.tex cover.tex.in gnutls-logo.ps layers.eps pgp-fig1.eps \ + x509-1.eps TEX_OBJECTS = gnutls.tex ../../lib/gnutls-api.tex serv1.tex ex1.tex ex2.tex ex3.tex fdl.tex \ macros.tex cover.tex ciphersuites.tex handshake.tex translayer.tex \ diff --git a/doc/tex/certificate.tex b/doc/tex/certificate.tex index ec3ce0055a..6b955f6e1f 100644 --- a/doc/tex/certificate.tex +++ b/doc/tex/certificate.tex @@ -1,6 +1,6 @@ \chapter{More on certificate authentication} -\section{The X.509 trust model} +\section{The X.509\index{X.509 certificates} trust model} \label{x509:trust} The X.509 protocols rely on a hierarchical trust model. In this trust model @@ -10,7 +10,12 @@ authorities may certify other authorities to issue certificates as well, following a hierachical model. One needs to trust one or more CAs for his secure communications. In that case only the certificates issued by the trusted -authorities are acceptable. +authorities are acceptable. See figure \ref{fig:x509-1} for a typical example. + +\begin{figure}[hbtp] +\includegraphics[height=9.5cm,width=9cm]{x509-1} +\label{fig:x509-1} +\end{figure} \par The use of X.509 certificates requires some functions which will assist in parsing them. \gnutls{} includes functions which extract @@ -43,7 +48,7 @@ Note that \gnutls{} is not a generic purpose X.509 toolkit\footnote{Aegypten is in order to use the TLS ciphersuites which depend on X.509 certificates. -\section{The OpenPGP trust model} +\section{The OpenPGP\index{OpenPGP keys} trust model} \label{pgp:trust} The OpenPGP key authentication relies on a distributed trust model, called diff --git a/doc/tex/x509-1.eps b/doc/tex/x509-1.eps new file mode 100644 index 0000000000..5129adb383 --- /dev/null +++ b/doc/tex/x509-1.eps @@ -0,0 +1,251 @@ +%!PS-Adobe-2.0 EPSF-2.0 +%%Title: tree1 +%%Creator: Dia v0.90 +%%CreationDate: Thu Sep 5 21:44:57 2002 +%%For: a user +%%Magnification: 1.0000 +%%Orientation: Portrait +%%BoundingBox: 0 0 470 617 +%%Pages: 1 +%%EndComments +%%BeginProlog +/cp {closepath} bind def +/c {curveto} bind def +/f {fill} bind def +/a {arc} bind def +/ef {eofill} bind def +/ex {exch} bind def +/gr {grestore} bind def +/gs {gsave} bind def +/sa {save} bind def +/rs {restore} bind def +/l {lineto} bind def +/m {moveto} bind def +/rm {rmoveto} bind def +/n {newpath} bind def +/s {stroke} bind def +/sh {show} bind def +/slc {setlinecap} bind def +/slj {setlinejoin} bind def +/slw {setlinewidth} bind def +/srgb {setrgbcolor} bind def +/rot {rotate} bind def +/sc {scale} bind def +/sd {setdash} bind def +/ff {findfont} bind def +/sf {setfont} bind def +/scf {scalefont} bind def +/sw {stringwidth pop} bind def +/tr {translate} bind def + +/ellipsedict 8 dict def +ellipsedict /mtrx matrix put +/ellipse +{ ellipsedict begin + /endangle exch def + /startangle exch def + /yrad exch def + /xrad exch def + /y exch def + /x exch def /savematrix mtrx currentmatrix def + x y tr xrad yrad sc + 0 0 1 startangle endangle arc + savematrix setmatrix + end +} def + +/mergeprocs { +dup length +3 -1 roll +dup +length +dup +5 1 roll +3 -1 roll +add +array cvx +dup +3 -1 roll +0 exch +putinterval +dup +4 2 roll +putinterval +} bind def +%%EndProlog + +%%BeginSetup +%%EndSetup +28.346000 -28.346000 scale +-0.000000 -21.685957 translate + +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 2.600000 13.250000 0.300000 0.300000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 2.600000 13.250000 0.300000 0.300000 0 360 ellipse cp s +n 1.400000 13.850000 m 3.800000 13.850000 l s +n 2.600000 13.550000 m 2.600000 15.050000 l s +n 2.600000 15.050000 m 1.400000 16.350000 l s +n 2.600000 15.050000 m 3.800000 16.350000 l s + [ /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /A /l /i /c /e /B /o /b /xi /xi /R /t /space /C /I /W + /S /r /v /T /w /y /p /a /X /period /five /zero /nine /f /n /h + /s /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi + /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi +] /e0 exch def +/Courier-Bold_e0 undefinefont +/Courier-Bold_e0 + /Courier-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding e0 def + currentdict end +definefont pop +/Courier-Bold_e0 ff 0.800000 scf sf +( !"#$) sw +2 div 2.600000 ex sub 17.555217 m ( !"#$) + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 7.200000 13.450000 0.300000 0.300000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 7.200000 13.450000 0.300000 0.300000 0 360 ellipse cp s +n 6.000000 14.050000 m 8.400000 14.050000 l s +n 7.200000 13.750000 m 7.200000 15.250000 l s +n 7.200000 15.250000 m 6.000000 16.550000 l s +n 7.200000 15.250000 m 8.400000 16.550000 l s +/Courier-Bold_e0 ff 0.800000 scf sf +(%&') sw +2 div 7.200000 ex sub 17.755217 m (%&') + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 6.952400 3.067467 3.052400 1.017467 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 6.952400 3.067467 3.052400 1.017467 0 360 ellipse cp s +/Courier-Bold_e0 ff 0.800000 scf sf +(*&&+,- ) sw +2 div 6.952400 ex sub 3.272684 m (*&&+,- ) + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 3.365200 8.200000 2.015200 1.000000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 3.365200 8.200000 2.015200 1.000000 0 360 ellipse cp s +/Courier-Bold_e0 ff 0.800000 scf sf +(- ,.) sw +2 div 3.365200 ex sub 8.405217 m (- ,.) + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 11.671600 8.100000 2.471600 1.000000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 11.671600 8.100000 2.471600 1.000000 0 360 ellipse cp s +/Courier-Bold_e0 ff 0.800000 scf sf +(- ,..) sw +2 div 11.671600 ex sub 8.305217 m (- ,..) + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 10.400000 11.650000 m 10.400000 13.450000 l 16.037600 13.450000 l 16.037600 11.650000 l f +0.000000 0.000000 0.000000 srgb +n 10.400000 11.650000 m 10.400000 13.450000 l 16.037600 13.450000 l 16.037600 11.650000 l cp s +/Helvetica_e0 undefinefont +/Helvetica_e0 + /Helvetica findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding e0 def + currentdict end +definefont pop +/Helvetica_e0 ff 0.800000 scf sf +(/$',0$12$1) sw +2 div 13.218800 ex sub 12.762903 m (/$',0$12$1) + gs 1 -1 sc sh gr +0.050000 slw +n 10.900000 12.950000 m 15.537600 12.950000 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +0 slj +0 slc +0 slj +[] 0 sd +n 0.050000 0.000000 m 16.500000 0.000000 l s +0 slc +0 slj +[] 0 sd +n 0.050000 19.950000 m 16.500000 19.950000 l s +0 slc +0 slj +[] 0 sd +n 0.050000 0.000000 m 0.050000 19.950000 l s +0 slc +0 slj +[] 0 sd +n 16.500000 0.000000 m 16.500000 19.950000 l s +0.100000 slw +0 slc +[] 0 sd +n 3.489200 7.200000 m 6.896800 4.050000 l s +0 slj +n 3.906952 6.473376 m 3.489200 7.200000 l 4.246356 6.840534 l f +0.100000 slw +0 slc +[] 0 sd +n 11.712000 7.100000 m 6.896800 4.050000 l s +0 slj +n 10.902394 6.883118 m 11.712000 7.100000 l 11.169943 6.460724 l f +0.100000 slw +0 slc +[] 0 sd +n 2.600000 12.350000 m 3.489200 9.200000 l s +0 slj +n 2.576738 11.512170 m 2.600000 12.350000 l 3.057933 11.648005 l f +0.100000 slw +0 slc +[] 0 sd +n 13.141200 11.650000 m 11.712000 9.100000 l s +0 slj +n 12.531985 11.074364 m 13.141200 11.650000 l 12.968150 10.829906 l f +0.100000 slw +0 slc +[] 0 sd +n 7.200000 12.550000 m 11.712000 9.100000 l s +0 slj +n 7.683658 11.865474 m 7.200000 12.550000 l 7.987363 12.262668 l f +/Courier_e0 undefinefont +/Courier_e0 + /Courier findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding e0 def + currentdict end +definefont pop +/Courier_e0 ff 0.800000 scf sf +(34&,+56"#7!,89:;<,-$1+"="#7+"&>) sw +2 div 8.307760 ex sub 20.703100 m (34&,+56"#7!,89:;<,-$1+"="#7+"&>) + gs 1 -1 sc sh gr +(67+?@) sw +2 div 8.307760 ex sub 21.503100 m (67+?@) + gs 1 -1 sc sh gr +showpage diff --git a/lib/gnutls_global.h b/lib/gnutls_global.h index 684a63e3e0..a877c90ff9 100644 --- a/lib/gnutls_global.h +++ b/lib/gnutls_global.h @@ -3,6 +3,7 @@ #include <libtasn1.h> +int gnutls_global_init( void); int gnutls_is_secure_memory(const void* mem); ASN1_TYPE _gnutls_get_gnutls_asn(void); ASN1_TYPE _gnutls_get_pkix(void); |