diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-28 12:40:42 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-28 12:40:42 +0000 |
commit | ff4c7c67a36b23114cbb9175820826ee048f5edb (patch) | |
tree | 00133592ef6f23eccc5cc119a6175bec8b223bc2 /doc/tex | |
parent | f627cf89380aebc3d14fe7974a4fba9c0987a30f (diff) | |
download | gnutls-ff4c7c67a36b23114cbb9175820826ee048f5edb.tar.gz |
Added gnutls_x509_crt_cpy_crl_dist_points()
Diffstat (limited to 'doc/tex')
-rw-r--r-- | doc/tex/cert_auth.tex | 19 | ||||
-rw-r--r-- | doc/tex/certificate.tex | 8 | ||||
-rw-r--r-- | doc/tex/ex-x509-info.tex | 26 |
3 files changed, 32 insertions, 21 deletions
diff --git a/doc/tex/cert_auth.tex b/doc/tex/cert_auth.tex index 8e71417c7f..f950321a1f 100644 --- a/doc/tex/cert_auth.tex +++ b/doc/tex/cert_auth.tex @@ -37,14 +37,19 @@ in a certificate credentials structure. This should be done by using \printfunc{gnutls_certificate_set_x509_key_file}{gnutls\_certificate\_set\_x509\_key\_file} or \printfunc{gnutls_certificate_set_openpgp_key_file}{gnutls\_certificate\_set\_openpgp\_key\_file} -depending on the certificate type. As an alternative, a callback may be used -so the server or the client set the certificate at the handshake time. -That callback can be set using -\printfunc{gnutls_certificate_server_set_retrieve_function}{gnutls\_certificate\_server\_set\_retrieve\_function} -or -\printfunc{gnutls_certificate_client_set_retrieve_function}{gnutls\_certificate\_client\_set\_retrieve\_function} -in case of a client. +depending on the certificate type. +In the X.509 case, the functions will also accept and use a certificate list +that leads to a trusted authority. The certificate list must be ordered in such +way that every certificate certifies the one before it. The trusted authority's +certificate need not to be included, since the peer should possess it already. \par +As an alternative, a callback may be used +so the server or the client specify the certificate and the key at the handshake time. +That callback can be set using the functions: +\begin{itemize} +\item \printfunc{gnutls_certificate_server_set_retrieve_function}{gnutls\_certificate\_server\_set\_retrieve\_function} +\item \printfunc{gnutls_certificate_client_set_retrieve_function}{gnutls\_certificate\_client\_set\_retrieve\_function} +\end{itemize} Certificate verification is possible by loading the trusted authorities into the credentials structure by using \printfunc{gnutls_certificate_set_x509_trust_file}{gnutls\_certificate\_set\_x509\_trust\_file} diff --git a/doc/tex/certificate.tex b/doc/tex/certificate.tex index b4608b9c3a..75740ae3fd 100644 --- a/doc/tex/certificate.tex +++ b/doc/tex/certificate.tex @@ -28,7 +28,8 @@ on page \pageref{sec:x509api}. Some examples are listed below. \subsection{X.509 certificates} An X.509 certificate usually contains information about the certificate holder, the signer, a unique serial number, expiration dates and several other -fields\cite{RFC3280}. Some functions of \gnutls{}' API for certificate parsing are: +fields\cite{RFC3280}. Several functions exist to generate and handle X.509 +certificates, all listed in \emph{gnutls/x509.h}. Some of them are: \begin{itemize} \item \printfunc{gnutls_x509_crt_init}{gnutls\_x509\_crt\_init} \item \printfunc{gnutls_x509_crt_import}{gnutls\_x509\_crt\_import} @@ -38,9 +39,8 @@ fields\cite{RFC3280}. Some functions of \gnutls{}' API for certificate parsing a \end{itemize} \par -An example program that reads the peer's certificate, -and prints some information about the peer's certificate in a TLS session, -is listed below. +To demonstrate the X.509 parsing capabilities an example program is listed below. +That program reads the peer's certificate, and prints information about it. \input{ex-x509-info} diff --git a/doc/tex/ex-x509-info.tex b/doc/tex/ex-x509-info.tex index d7712861a7..b6740081a5 100644 --- a/doc/tex/ex-x509-info.tex +++ b/doc/tex/ex-x509-info.tex @@ -35,31 +35,37 @@ static void print_x509_certificate_info(gnutls_session session) int cert_list_size = 0; gnutls_x509_crt cert; + /* This function only works for X.509 certificates. + */ + if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) + return; + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); - if (cert_list_size > 0 - && gnutls_certificate_type_get(session) == GNUTLS_CRT_X509) { + printf("Peer provided %d certificates.\n", cert_list_size); + + if (cert_list_size > 0) { - /* no error checking + /* we only print information about the first certificate. */ gnutls_x509_crt_init( &cert); gnutls_x509_crt_import( cert, &cert_list[0]); - printf(" - Certificate info:\n"); + printf("Certificate info:\n"); expiration_time = gnutls_x509_crt_get_expiration_time( cert); activation_time = gnutls_x509_crt_get_activation_time( cert); - printf(" - Certificate is valid since: %s", ctime(&activation_time)); - printf(" - Certificate expires: %s", ctime(&expiration_time)); + printf("\tCertificate is valid since: %s", ctime(&activation_time)); + printf("\tCertificate expires: %s", ctime(&expiration_time)); /* Print the serial number of the certificate. */ size = sizeof(serial); gnutls_x509_crt_get_serial(cert, serial, &size); - printf(" - Certificate serial number: %s\n", + printf("\tCertificate serial number: %s\n", bin2hex( serial, serial_size)); /* Extract some of the public key algorithm's parameters @@ -82,16 +88,16 @@ static void print_x509_certificate_info(gnutls_session session) /* Print the version of the X.509 * certificate. */ - printf(" - Certificate version: #%d\n", + printf("\tCertificate version: #%d\n", gnutls_x509_crt_get_version( cert)); size = sizeof(dn); gnutls_x509_crt_get_dn( cert, dn, &size); - printf(" - DN: %s\n", dn); + printf("\tDN: %s\n", dn); size = sizeof(dn); gnutls_x509_crt_get_issuer_dn( cert, dn, &size); - printf(" - Certificate Issuer's DN: %s\n", dn); + printf("\tIssuer's DN: %s\n", dn); gnutls_x509_crt_deinit( cert); |