added an example about certificate request and private key generation.gnutls_0_9_2

4 files changed, 158 insertions, 11 deletions

diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am
index 6fc8dcca04..e754fceb00 100644
--- a/doc/examples/Makefile.am
+++ b/doc/examples/Makefile.am
@@ -1,3 +1,4 @@
 EXTRA_DIST = ex-alert.c ex-client-resume.c ex-client-srp.c ex-client1.c \
 	ex-client2.c ex-info.c ex-rfc2818.c ex-serv-export.c ex-serv-pgp.c \
-	ex-serv-srp.c ex-serv1.c ex-pgp-keyserver.c ex-cert-select.c
+	ex-serv-srp.c ex-serv1.c ex-pgp-keyserver.c ex-cert-select.c \
+	ex-crq.c
diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am
index 9b1b93fda0..9bac61517a 100644
--- a/doc/tex/Makefile.am
+++ b/doc/tex/Makefile.am
@@ -7,7 +7,8 @@ EXTRA_DIST = gnutls.tex gnutls.ps \
 EXAMPLE_OBJECTS = ex-alert.tex ex-client-srp.tex ex-serv-export.tex \
 	ex-client1.tex ex-client2.tex ex-info.tex ex-rfc2818.tex \
 	ex-serv1.tex ex-client-resume.tex ex-serv-srp.tex \
-	ex-serv-pgp.tex ex-pgp-keyserver.tex ex-cert-select.tex
+	ex-serv-pgp.tex ex-pgp-keyserver.tex ex-cert-select.tex \
+	ex-crq.tex
 
 TEX_OBJECTS = gnutls.tex ../../lib/gnutls-api.tex fdl.tex ../../lib/x509/x509-api.tex \
 	macros.tex cover.tex ciphersuites.tex handshake.tex translayer.tex \
diff --git a/doc/tex/ex-crq.tex b/doc/tex/ex-crq.tex
new file mode 100644
index 0000000000..2fce84a2be
--- /dev/null
+++ b/doc/tex/ex-crq.tex
@@ -0,0 +1,132 @@
+\begin{verbatim}
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <time.h>
+
+/* This example will generate a private key and a certificate
+ * request.
+ */
+
+int main()
+{
+   gnutls_x509_crq crq;
+   gnutls_x509_privkey key;
+   unsigned char buffer[10*1024];
+   int buffer_size = sizeof(buffer);
+   int ret;
+
+   gnutls_global_init();
+
+   /* Initialize an empty certificate request, and
+    * an empty private key.
+    */
+   ret = gnutls_x509_crq_init(&crq);
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+   ret = gnutls_x509_privkey_init(&key);
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+   /* Generate a 1024 bit RSA private key.
+    */
+   ret = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, 1024, 0);
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+
+   /* Add stuff to the distinguished name
+    */
+   ret =
+       gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COUNTRY_NAME,
+				     "GR", 2);
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+   ret =
+       gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME,
+				     "Nikos", strlen("Nikos"));
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+   /* Set the request version.
+    */
+   ret = gnutls_x509_crq_set_version(crq, 0);
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+   /* Set a challenge password.
+    */
+   ret = gnutls_x509_crq_set_challenge_password(crq, "fuck you");
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+   /* Associate the request with the private key
+    */
+   ret = gnutls_x509_crq_set_key(crq, key);
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+   /* Self sign the certificate request.
+    */
+   ret = gnutls_x509_crq_sign(crq, key);
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+   /* Export the PEM encoded certificate request, and
+    * display it.
+    */
+   ret =
+       gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buffer,
+			      &buffer_size);
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+   printf("Certificate Request: \n%s", buffer);
+
+
+   /* Export the PEM encoded private key, and
+    * display it.
+    */
+   buffer_size = sizeof(buffer);
+   ret =
+       gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer,
+				  &buffer_size);
+   if (ret < 0) {
+      fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+      exit(1);
+   }
+
+   printf("\n\nPrivate key: \n%s", buffer);
+
+   gnutls_x509_crq_deinit(crq);
+   gnutls_x509_privkey_deinit(key);
+
+   return 0;
+
+}
+
+\end{verbatim}
diff --git a/doc/tex/examples.tex b/doc/tex/examples.tex
index aca1cdbacf..fa041e64f5 100644
--- a/doc/tex/examples.tex
+++ b/doc/tex/examples.tex
@@ -26,15 +26,6 @@ The following function is an example on how to verify a certificate.
 
 \input{ex-rfc2818}
 
-\subsection{Parsing peer's certificate, and obtaining session information}
-The following function reads the peer's certificate,
-and prints some information about the certificate and the current session.
-\par
-This function should be called after a successful
-\printfunc{gnutls_handshake}{gnutls\_handshake}
-
-\input{ex-info}
-
 \subsection{Using a callback to select the certificate to use}
 There are cases where a client holds several certificate and key pairs,
 and may want to choose the appropriate to send in the current session.
@@ -94,4 +85,26 @@ This is a function that checks if an alert has been received
 in the current session.
 \input{ex-alert}
 
+% CERTIFICATE STUFF
+
+\section{Certificate API examples}
+This section contains examples that make use of the \gnutls{} certificate API.
+
+
+\subsection{Parsing peer's certificate, and obtaining session information}
+The following function reads the peer's certificate,
+and prints some information about the certificate and the current session.
+\par
+This function should be called after a successful
+\printfunc{gnutls_handshake}{gnutls\_handshake}
+
+\input{ex-info}
+
+\subsection{Generating a certificate request}
+The following example is about generating a certificate request, and
+a private key. A certificate request can be later be processed by a CA,
+which should return a signed certificate.
+
+\input{ex-crq}
+
 \input{openssl}