diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-25 12:31:00 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-25 12:31:00 +0000 |
commit | 102f1908f1da62ebfcbf2479348b37e98dca834b (patch) | |
tree | 986247c4f922620865fccd1400b9372359d07e9d | |
parent | 51e213dad1deb800ed9986eab6911a7e3a2aee8a (diff) | |
download | gnutls-102f1908f1da62ebfcbf2479348b37e98dca834b.tar.gz |
Some documentation fixes. Changed gnutls_x509_*_set_version() to have a compatible input with gnutls_x509_*_get_version().
-rw-r--r-- | doc/tex/certificate.tex | 11 | ||||
-rw-r--r-- | doc/tex/ex-crq.tex | 2 | ||||
-rw-r--r-- | doc/tex/gnutls.bib | 4 | ||||
-rw-r--r-- | doc/tex/openssl.tex | 6 | ||||
-rw-r--r-- | lib/x509/crq.c | 20 | ||||
-rw-r--r-- | lib/x509/x509_write.c | 11 | ||||
-rw-r--r-- | src/certtool.c | 8 |
7 files changed, 35 insertions, 27 deletions
diff --git a/doc/tex/certificate.tex b/doc/tex/certificate.tex index 4b178962d0..2f5067bc3c 100644 --- a/doc/tex/certificate.tex +++ b/doc/tex/certificate.tex @@ -82,11 +82,14 @@ owner is the one you expect. See section \ref{ex:rfc2818} on page \pageref{ex:rf for an example. -\subsection{PKCS \#10 certificate requests} -A certificate request is a structure, defined in PKCS \#10, which +\subsection{PKCS \#10 certificate requests\index{Certificate requests}\index +{PKCS \#10}} +A certificate request is a structure, which is contains information about an applicant of a certificate service. It usually contains a private key, a distinguished name and secondary -data such as a challenge password. +data such as a challenge password. \gnutls{} supports the requests +defined in PKCS \#10. Other certificate request's format such as +PKIX's RFC2511 are not currently supported. \par The following example is about generating a certificate request, and a private key. A certificate request can be later be processed by a CA, @@ -94,7 +97,7 @@ which should return a signed certificate. \input{ex-crq} -\subsection{PKCS \#12 structures} +\subsection{PKCS \#12 structures\index{PKCS \#12}} A PKCS \#12 structure usually contains a user's private keys and certificates. It is commonly used in browsers to export and import the user's identities. diff --git a/doc/tex/ex-crq.tex b/doc/tex/ex-crq.tex index b498ec51d9..55eb85cea7 100644 --- a/doc/tex/ex-crq.tex +++ b/doc/tex/ex-crq.tex @@ -41,7 +41,7 @@ int main() /* Set the request version. */ - gnutls_x509_crq_set_version(crq, 0); + gnutls_x509_crq_set_version(crq, 1); /* Set a challenge password. */ diff --git a/doc/tex/gnutls.bib b/doc/tex/gnutls.bib index a90829121d..3f0d803d92 100644 --- a/doc/tex/gnutls.bib +++ b/doc/tex/gnutls.bib @@ -57,8 +57,8 @@ title = "Transport Layer Security Protocol Compression Methods", month = "May", year = {2003}, - note = "Internet draft, work in progress. Available from http://www.normos.org/ietf/draft/draft-ietf-tls-compression-05.txt", - url = "http://www.normos.org/ietf/draft/draft-ietf-tls-compression-05.txt" + note = "Internet draft, work in progress. Available from http://www.normos.org/ietf/draft/draft-ietf-tls-compression-06.txt", + url = "http://www.normos.org/ietf/draft/draft-ietf-tls-compression-06.txt" } @Misc{CBCATT, diff --git a/doc/tex/openssl.tex b/doc/tex/openssl.tex index d78a0bdb32..f44af5e603 100644 --- a/doc/tex/openssl.tex +++ b/doc/tex/openssl.tex @@ -6,9 +6,9 @@ library. This compatibility layer is not complete and it is not intended to completely reimplement the OpenSSL API with \gnutls{}. It only provides source-level compatibility. There is currently no attempt to make it binary-compatible with OpenSSL. - -Prototypes for the compatibility functions are found in the -``gnutls/openssl.h'' header file. +\par +The prototypes for the compatibility functions are in the +``gnutls/openssl.h'' header file. Current limitations imposed by the compatibility layer include: diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 1f71c4547f..292b26ae63 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -93,7 +93,7 @@ void gnutls_x509_crq_deinit(gnutls_x509_crq crq) * @format: One of DER or PEM * * This function will convert the given DER or PEM encoded Certificate - * to the native gnutls_x509_crq format. The output will be stored in 'cert'. + * to the native gnutls_x509_crq format. The output will be stored in @cert. * * If the Certificate is PEM encoded it should have a header of "NEW CERTIFICATE REQUEST". * @@ -161,7 +161,7 @@ int gnutls_x509_crq_import(gnutls_x509_crq crq, const gnutls_datum * data, * gnutls_x509_crq_get_dn - This function returns the Certificate request subject's distinguished name * @crq: should contain a gnutls_x509_crq structure * @buf: a pointer to a structure to hold the name (may be null) - * @sizeof_buf: initialy holds the size of 'buf' + * @sizeof_buf: initialy holds the size of @buf * * This function will copy the name of the Certificate request subject in the provided buffer. The name * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output @@ -193,7 +193,7 @@ int gnutls_x509_crq_get_dn(gnutls_x509_crq crq, char *buf, * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. * @raw_flag: If non zero returns the raw DER data of the DN part. * @buf: a pointer to a structure to hold the name (may be null) - * @sizeof_buf: initialy holds the size of 'buf' + * @sizeof_buf: initialy holds the size of @buf * * This function will extract the part of the name of the Certificate request subject, specified * by the given OID. The output will be encoded as described in RFC2253. The output @@ -228,7 +228,7 @@ int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq crq, const char* oid, * @crq: should contain a gnutls_x509_crq structure * @indx: Specifies which DN OID to send. Use zero to get the first one. * @oid: a pointer to a structure to hold the name (may be null) - * @sizeof_oid: initialy holds the size of 'oid' + * @sizeof_oid: initialy holds the size of @oid * * This function will extract the requested OID of the name of the Certificate request subject, specified * by the given index. @@ -421,7 +421,7 @@ int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq crq, * @oid: holds an Object Identifier in a null terminated string * @raw_flag: must be 0, or 1 if the data are DER encoded * @data: a pointer to the input data - * @sizeof_data: holds the size of 'data' + * @sizeof_data: holds the size of @data * * This function will set the part of the name of the Certificate request subject, specified * by the given OID. The input string should be ASCII or UTF-8 encoded. @@ -449,10 +449,10 @@ int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq crq, const char* oid, /** * gnutls_x509_crq_set_version - This function will set the Certificate request version * @crq: should contain a gnutls_x509_crq structure - * @version: holds the version number. For v1 Requests must be 0. + * @version: holds the version number. For v1 Requests must be 1. * - * This function will set the version of the certificate request. This - * must be zero. + * This function will set the version of the certificate request. For + * version 1 requests this must be one. * * Returns 0 on success. * @@ -460,8 +460,10 @@ int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq crq, const char* oid, int gnutls_x509_crq_set_version(gnutls_x509_crq crq, unsigned int version) { int result; -uint8 null = version; +char null = version - 1; + if (null < 0) null = 0; + if (crq==NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index db1fff8b2a..dff142b3a1 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -110,10 +110,11 @@ int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt crt, const char* oid, /** * gnutls_x509_crt_set_version - This function will set the Certificate request version * @crt: should contain a gnutls_x509_crt structure - * @version: holds the version number. For X509v1 certificates must be 0. + * @version: holds the version number. For X.509v1 certificates must be 1. * - * This function will set the version of the certificate request. This - * must be zero. + * This function will set the version of the certificate. This + * must be one for X.509 version 1, and so on. Plain certificates without + * extensions must have version set to one. * * Returns 0 on success. * @@ -121,7 +122,9 @@ int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt crt, const char* oid, int gnutls_x509_crt_set_version(gnutls_x509_crt crt, unsigned int version) { int result; -uint8 null = version; +char null = version - 1; + + if (null < 0) null = 0; result = asn1_write_value( crt->cert, "tbsCertificate.version", &null, 1); if (result != ASN1_SUCCESS) { diff --git a/src/certtool.c b/src/certtool.c index 4449b9ad62..0201e41bb5 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -274,7 +274,7 @@ gnutls_x509_crt generate_certificate( gnutls_x509_privkey *ret_key) int size, serial; int days, result, ca_status; const char* str; - int vers = 0; /* the default version in the certificate + int vers = 1; /* the default version in the certificate */ gnutls_x509_crq crq; /* request */ @@ -359,7 +359,7 @@ gnutls_x509_crt generate_certificate( gnutls_x509_privkey *ret_key) if (result != 0) { str = read_str( "Enter the dnsName of the subject of the certificate: "); if (str != NULL) { - vers = 2; /* only version 3 certificates, can + vers = 3; /* only version 3 certificates, can * have extensions. */ result = gnutls_x509_crt_set_subject_alternative_name( crt, GNUTLS_SAN_DNSNAME, str); @@ -373,7 +373,7 @@ gnutls_x509_crt generate_certificate( gnutls_x509_privkey *ret_key) str = read_str( "Enter the e-mail of the subject of the certificate: "); if (str != NULL) { - vers = 2; + vers = 3; result = gnutls_x509_crt_set_subject_alternative_name( crt, GNUTLS_SAN_RFC822NAME, str); if (result < 0) { fprintf(stderr, "subject_alt_name: %s\n", gnutls_strerror(result)); @@ -1398,7 +1398,7 @@ void generate_request(void) read_crq_set( crq, "State or province name: ", GNUTLS_OID_X520_LOCALITY_NAME); read_crq_set( crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME); - ret = gnutls_x509_crq_set_version( crq, 0); + ret = gnutls_x509_crq_set_version( crq, 1); if (ret < 0) { fprintf(stderr, "set_version: %s\n", gnutls_strerror(ret)); exit(1); |