Some documentation fixes. Changed gnutls_x509_*_set_version() to have a compatible input with gnutls_x509_*_get_version().

7 files changed, 35 insertions, 27 deletions

diff --git a/doc/tex/certificate.tex b/doc/tex/certificate.tex
index 4b178962d0..2f5067bc3c 100644
--- a/doc/tex/certificate.tex
+++ b/doc/tex/certificate.tex
@@ -82,11 +82,14 @@ owner is the one you expect. See section \ref{ex:rfc2818} on page \pageref{ex:rf
 for an example.
 
 
-\subsection{PKCS \#10 certificate requests}
-A certificate request is a structure, defined in PKCS \#10, which
+\subsection{PKCS \#10 certificate requests\index{Certificate requests}\index
+{PKCS \#10}}
+A certificate request is a structure, which
 is contains information about an applicant of a certificate service.
 It usually contains a private key, a distinguished name and secondary
-data such as a challenge password.
+data such as a challenge password. \gnutls{} supports the requests
+defined in PKCS \#10. Other certificate request's format such as
+PKIX's RFC2511 are not currently supported.
 \par
 The following example is about generating a certificate request, and
 a private key. A certificate request can be later be processed by a CA,
@@ -94,7 +97,7 @@ which should return a signed certificate.
 
 \input{ex-crq}
 
-\subsection{PKCS \#12 structures}
+\subsection{PKCS \#12 structures\index{PKCS \#12}}
 A PKCS \#12 structure usually contains a user's private keys and
 certificates. It is commonly used in browsers to export and import
 the user's identities.
diff --git a/doc/tex/ex-crq.tex b/doc/tex/ex-crq.tex
index b498ec51d9..55eb85cea7 100644
--- a/doc/tex/ex-crq.tex
+++ b/doc/tex/ex-crq.tex
@@ -41,7 +41,7 @@ int main()
 
    /* Set the request version.
     */
-   gnutls_x509_crq_set_version(crq, 0);
+   gnutls_x509_crq_set_version(crq, 1);
 
    /* Set a challenge password.
     */
diff --git a/doc/tex/gnutls.bib b/doc/tex/gnutls.bib
index a90829121d..3f0d803d92 100644
--- a/doc/tex/gnutls.bib
+++ b/doc/tex/gnutls.bib
@@ -57,8 +57,8 @@
   title =        "Transport Layer Security Protocol Compression Methods",
   month =        "May",
   year =         {2003},
-  note =         "Internet draft, work in progress. Available from http://www.normos.org/ietf/draft/draft-ietf-tls-compression-05.txt",
-  url =          "http://www.normos.org/ietf/draft/draft-ietf-tls-compression-05.txt"
+  note =         "Internet draft, work in progress. Available from http://www.normos.org/ietf/draft/draft-ietf-tls-compression-06.txt",
+  url =          "http://www.normos.org/ietf/draft/draft-ietf-tls-compression-06.txt"
 }
 
 @Misc{CBCATT,
diff --git a/doc/tex/openssl.tex b/doc/tex/openssl.tex
index d78a0bdb32..f44af5e603 100644
--- a/doc/tex/openssl.tex
+++ b/doc/tex/openssl.tex
@@ -6,9 +6,9 @@ library. This compatibility layer is not complete and it is not
 intended to completely reimplement the OpenSSL API with \gnutls{}.
 It only provides source-level compatibility. There is currently no
 attempt to make it binary-compatible with OpenSSL.
-
-Prototypes for the compatibility functions are found in the 
-``gnutls/openssl.h'' header file.
+\par
+The prototypes for the compatibility functions are in the 
+``gnutls/openssl.h'' header file. 
 
 Current limitations imposed by the compatibility layer include:
 
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 1f71c4547f..292b26ae63 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -93,7 +93,7 @@ void gnutls_x509_crq_deinit(gnutls_x509_crq crq)
   * @format: One of DER or PEM
   *
   * This function will convert the given DER or PEM encoded Certificate
-  * to the native gnutls_x509_crq format. The output will be stored in 'cert'.
+  * to the native gnutls_x509_crq format. The output will be stored in @cert.
   *
   * If the Certificate is PEM encoded it should have a header of "NEW CERTIFICATE REQUEST".
   *
@@ -161,7 +161,7 @@ int gnutls_x509_crq_import(gnutls_x509_crq crq, const gnutls_datum * data,
   * gnutls_x509_crq_get_dn - This function returns the Certificate request subject's distinguished name
   * @crq: should contain a gnutls_x509_crq structure
   * @buf: a pointer to a structure to hold the name (may be null)
-  * @sizeof_buf: initialy holds the size of 'buf'
+  * @sizeof_buf: initialy holds the size of @buf
   *
   * This function will copy the name of the Certificate request subject in the provided buffer. The name 
   * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output
@@ -193,7 +193,7 @@ int gnutls_x509_crq_get_dn(gnutls_x509_crq crq, char *buf,
   * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
   * @raw_flag: If non zero returns the raw DER data of the DN part.
   * @buf: a pointer to a structure to hold the name (may be null)
-  * @sizeof_buf: initialy holds the size of 'buf'
+  * @sizeof_buf: initialy holds the size of @buf
   *
   * This function will extract the part of the name of the Certificate request subject, specified
   * by the given OID. The output will be encoded as described in RFC2253. The output
@@ -228,7 +228,7 @@ int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq crq, const char* oid,
   * @crq: should contain a gnutls_x509_crq structure
   * @indx: Specifies which DN OID to send. Use zero to get the first one.
   * @oid: a pointer to a structure to hold the name (may be null)
-  * @sizeof_oid: initialy holds the size of 'oid'
+  * @sizeof_oid: initialy holds the size of @oid
   *
   * This function will extract the requested OID of the name of the Certificate request subject, specified
   * by the given index. 
@@ -421,7 +421,7 @@ int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq crq,
   * @oid: holds an Object Identifier in a null terminated string
   * @raw_flag: must be 0, or 1 if the data are DER encoded
   * @data: a pointer to the input data
-  * @sizeof_data: holds the size of 'data'
+  * @sizeof_data: holds the size of @data
   *
   * This function will set the part of the name of the Certificate request subject, specified
   * by the given OID. The input string should be ASCII or UTF-8 encoded.
@@ -449,10 +449,10 @@ int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq crq, const char* oid,
 /**
   * gnutls_x509_crq_set_version - This function will set the Certificate request version
   * @crq: should contain a gnutls_x509_crq structure
-  * @version: holds the version number. For v1 Requests must be 0.
+  * @version: holds the version number. For v1 Requests must be 1.
   *
-  * This function will set the version of the certificate request. This
-  * must be zero.
+  * This function will set the version of the certificate request. For
+  * version 1 requests this must be one.
   *
   * Returns 0 on success.
   *
@@ -460,8 +460,10 @@ int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq crq, const char* oid,
 int gnutls_x509_crq_set_version(gnutls_x509_crq crq, unsigned int version)
 {
 int result;
-uint8 null = version;
+char null = version - 1;
 
+	if (null < 0) null = 0;
+	
 	if (crq==NULL) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index db1fff8b2a..dff142b3a1 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -110,10 +110,11 @@ int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt crt, const char* oid,
 /**
   * gnutls_x509_crt_set_version - This function will set the Certificate request version
   * @crt: should contain a gnutls_x509_crt structure
-  * @version: holds the version number. For X509v1 certificates must be 0.
+  * @version: holds the version number. For X.509v1 certificates must be 1.
   *
-  * This function will set the version of the certificate request. This
-  * must be zero.
+  * This function will set the version of the certificate. This
+  * must be one for X.509 version 1, and so on. Plain certificates without
+  * extensions must have version set to one.
   *
   * Returns 0 on success.
   *
@@ -121,7 +122,9 @@ int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt crt, const char* oid,
 int gnutls_x509_crt_set_version(gnutls_x509_crt crt, unsigned int version)
 {
 int result;
-uint8 null = version;
+char null = version - 1;
+
+	if (null < 0) null = 0;
 
 	result = asn1_write_value( crt->cert, "tbsCertificate.version", &null, 1);
 	if (result != ASN1_SUCCESS) {
diff --git a/src/certtool.c b/src/certtool.c
index 4449b9ad62..0201e41bb5 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -274,7 +274,7 @@ gnutls_x509_crt generate_certificate( gnutls_x509_privkey *ret_key)
 	int size, serial;
 	int days, result, ca_status;
 	const char* str;
-	int vers = 0; /* the default version in the certificate 
+	int vers = 1; /* the default version in the certificate 
 	               */
 	gnutls_x509_crq crq; /* request */
 
@@ -359,7 +359,7 @@ gnutls_x509_crt generate_certificate( gnutls_x509_privkey *ret_key)
 	if (result != 0) {
 		str = read_str( "Enter the dnsName of the subject of the certificate: ");
 		if (str != NULL) {
-			vers = 2; /* only version 3 certificates, can
+			vers = 3; /* only version 3 certificates, can
 			           * have extensions.
 			           */
 			result = gnutls_x509_crt_set_subject_alternative_name( crt, GNUTLS_SAN_DNSNAME, str);
@@ -373,7 +373,7 @@ gnutls_x509_crt generate_certificate( gnutls_x509_privkey *ret_key)
 		str = read_str( "Enter the e-mail of the subject of the certificate: ");
 	
 		if (str != NULL) {
-			vers = 2;
+			vers = 3;
 			result = gnutls_x509_crt_set_subject_alternative_name( crt, GNUTLS_SAN_RFC822NAME, str);
 			if (result < 0) {
 				fprintf(stderr, "subject_alt_name: %s\n", gnutls_strerror(result));
@@ -1398,7 +1398,7 @@ void generate_request(void)
 	read_crq_set( crq, "State or province name: ", GNUTLS_OID_X520_LOCALITY_NAME);
 	read_crq_set( crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
 
-	ret = gnutls_x509_crq_set_version( crq, 0);
+	ret = gnutls_x509_crq_set_version( crq, 1);
 	if (ret < 0) {
 		fprintf(stderr, "set_version: %s\n", gnutls_strerror(ret));
 		exit(1);