Added gnutls_x509_crt_cpy_crl_dist_points()

3 files changed, 32 insertions, 21 deletions

diff --git a/doc/tex/cert_auth.tex b/doc/tex/cert_auth.tex
index 8e71417c7f..f950321a1f 100644
--- a/doc/tex/cert_auth.tex
+++ b/doc/tex/cert_auth.tex
@@ -37,14 +37,19 @@ in a certificate credentials structure. This should be done by using
 \printfunc{gnutls_certificate_set_x509_key_file}{gnutls\_certificate\_set\_x509\_key\_file}
 or
 \printfunc{gnutls_certificate_set_openpgp_key_file}{gnutls\_certificate\_set\_openpgp\_key\_file}
-depending on the certificate type. As an alternative, a callback may be used
-so the server or the client set the certificate at the handshake time.
-That callback can be set using
-\printfunc{gnutls_certificate_server_set_retrieve_function}{gnutls\_certificate\_server\_set\_retrieve\_function}
-or
-\printfunc{gnutls_certificate_client_set_retrieve_function}{gnutls\_certificate\_client\_set\_retrieve\_function}
-in case of a client.
+depending on the certificate type. 
+In the X.509 case, the functions will also accept and use a certificate list 
+that leads to a trusted authority. The certificate list must be ordered in such
+way that every certificate certifies the one before it. The trusted authority's
+certificate need not to be included, since the peer should possess it already.
 \par
+As an alternative, a callback may be used
+so the server or the client specify the certificate and the key at the handshake time.
+That callback can be set using the functions:
+\begin{itemize}
+\item \printfunc{gnutls_certificate_server_set_retrieve_function}{gnutls\_certificate\_server\_set\_retrieve\_function}
+\item \printfunc{gnutls_certificate_client_set_retrieve_function}{gnutls\_certificate\_client\_set\_retrieve\_function}
+\end{itemize}
 Certificate verification is possible by loading the trusted authorities
 into the credentials structure by using
 \printfunc{gnutls_certificate_set_x509_trust_file}{gnutls\_certificate\_set\_x509\_trust\_file}
diff --git a/doc/tex/certificate.tex b/doc/tex/certificate.tex
index b4608b9c3a..75740ae3fd 100644
--- a/doc/tex/certificate.tex
+++ b/doc/tex/certificate.tex
@@ -28,7 +28,8 @@ on page \pageref{sec:x509api}. Some examples are listed below.
 \subsection{X.509 certificates}
 An X.509 certificate usually contains information about the certificate
 holder, the signer, a unique serial number, expiration dates and several other 
-fields\cite{RFC3280}. Some functions of \gnutls{}' API for certificate parsing are:
+fields\cite{RFC3280}. Several functions exist to generate and handle X.509
+certificates, all listed in \emph{gnutls/x509.h}. Some of them are:
 \begin{itemize}
 \item \printfunc{gnutls_x509_crt_init}{gnutls\_x509\_crt\_init}
 \item \printfunc{gnutls_x509_crt_import}{gnutls\_x509\_crt\_import}
@@ -38,9 +39,8 @@ fields\cite{RFC3280}. Some functions of \gnutls{}' API for certificate parsing a
 \end{itemize}
 
 \par
-An example program that reads the peer's certificate,
-and prints some information about the peer's certificate in a TLS session,
-is listed below.
+To demonstrate the X.509 parsing capabilities an example program is listed below.
+That program reads the peer's certificate, and prints information about it.
 
 \input{ex-x509-info}
 
diff --git a/doc/tex/ex-x509-info.tex b/doc/tex/ex-x509-info.tex
index d7712861a7..b6740081a5 100644
--- a/doc/tex/ex-x509-info.tex
+++ b/doc/tex/ex-x509-info.tex
@@ -35,31 +35,37 @@ static void print_x509_certificate_info(gnutls_session session)
    int cert_list_size = 0;
    gnutls_x509_crt cert;
 
+   /* This function only works for X.509 certificates.
+    */
+   if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+      return;
+
    cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
 
-   if (cert_list_size > 0
-       && gnutls_certificate_type_get(session) == GNUTLS_CRT_X509) {
+   printf("Peer provided %d certificates.\n", cert_list_size);
+
+   if (cert_list_size > 0) {
 
-      /* no error checking
+      /* we only print information about the first certificate.
        */
       gnutls_x509_crt_init( &cert);
 
       gnutls_x509_crt_import( cert, &cert_list[0]);
 
-      printf(" - Certificate info:\n");
+      printf("Certificate info:\n");
 
       expiration_time = gnutls_x509_crt_get_expiration_time( cert);
       activation_time = gnutls_x509_crt_get_activation_time( cert);
 
-      printf(" - Certificate is valid since: %s", ctime(&activation_time));
-      printf(" - Certificate expires: %s", ctime(&expiration_time));
+      printf("\tCertificate is valid since: %s", ctime(&activation_time));
+      printf("\tCertificate expires: %s", ctime(&expiration_time));
 
       /* Print the serial number of the certificate.
        */
       size = sizeof(serial);
       gnutls_x509_crt_get_serial(cert, serial, &size);
 
-      printf(" - Certificate serial number: %s\n", 
+      printf("\tCertificate serial number: %s\n", 
          bin2hex( serial, serial_size));
 
       /* Extract some of the public key algorithm's parameters
@@ -82,16 +88,16 @@ static void print_x509_certificate_info(gnutls_session session)
       /* Print the version of the X.509 
        * certificate.
        */
-      printf(" - Certificate version: #%d\n",
+      printf("\tCertificate version: #%d\n",
              gnutls_x509_crt_get_version( cert));
 
       size = sizeof(dn);
       gnutls_x509_crt_get_dn( cert, dn, &size);
-      printf(" - DN: %s\n", dn);
+      printf("\tDN: %s\n", dn);
 
       size = sizeof(dn);
       gnutls_x509_crt_get_issuer_dn( cert, dn, &size);
-      printf(" - Certificate Issuer's DN: %s\n", dn);
+      printf("\tIssuer's DN: %s\n", dn);
 
       gnutls_x509_crt_deinit( cert);