diff options
| -rw-r--r-- | doc/examples/Makefile.am | 3 | ||||
| -rw-r--r-- | doc/tex/Makefile.am | 3 | ||||
| -rw-r--r-- | doc/tex/ex-crq.tex | 132 | ||||
| -rw-r--r-- | doc/tex/examples.tex | 31 |
4 files changed, 158 insertions, 11 deletions
diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am index 6fc8dcca04..e754fceb00 100644 --- a/doc/examples/Makefile.am +++ b/doc/examples/Makefile.am @@ -1,3 +1,4 @@ EXTRA_DIST = ex-alert.c ex-client-resume.c ex-client-srp.c ex-client1.c \ ex-client2.c ex-info.c ex-rfc2818.c ex-serv-export.c ex-serv-pgp.c \ - ex-serv-srp.c ex-serv1.c ex-pgp-keyserver.c ex-cert-select.c + ex-serv-srp.c ex-serv1.c ex-pgp-keyserver.c ex-cert-select.c \ + ex-crq.c diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am index 9b1b93fda0..9bac61517a 100644 --- a/doc/tex/Makefile.am +++ b/doc/tex/Makefile.am @@ -7,7 +7,8 @@ EXTRA_DIST = gnutls.tex gnutls.ps \ EXAMPLE_OBJECTS = ex-alert.tex ex-client-srp.tex ex-serv-export.tex \ ex-client1.tex ex-client2.tex ex-info.tex ex-rfc2818.tex \ ex-serv1.tex ex-client-resume.tex ex-serv-srp.tex \ - ex-serv-pgp.tex ex-pgp-keyserver.tex ex-cert-select.tex + ex-serv-pgp.tex ex-pgp-keyserver.tex ex-cert-select.tex \ + ex-crq.tex TEX_OBJECTS = gnutls.tex ../../lib/gnutls-api.tex fdl.tex ../../lib/x509/x509-api.tex \ macros.tex cover.tex ciphersuites.tex handshake.tex translayer.tex \ diff --git a/doc/tex/ex-crq.tex b/doc/tex/ex-crq.tex new file mode 100644 index 0000000000..2fce84a2be --- /dev/null +++ b/doc/tex/ex-crq.tex @@ -0,0 +1,132 @@ +\begin{verbatim} + +#include <stdio.h> +#include <stdlib.h> +#include <gnutls/gnutls.h> +#include <gnutls/x509.h> +#include <time.h> + +/* This example will generate a private key and a certificate + * request. + */ + +int main() +{ + gnutls_x509_crq crq; + gnutls_x509_privkey key; + unsigned char buffer[10*1024]; + int buffer_size = sizeof(buffer); + int ret; + + gnutls_global_init(); + + /* Initialize an empty certificate request, and + * an empty private key. + */ + ret = gnutls_x509_crq_init(&crq); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Generate a 1024 bit RSA private key. + */ + ret = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, 1024, 0); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + + /* Add stuff to the distinguished name + */ + ret = + gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COUNTRY_NAME, + "GR", 2); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, + "Nikos", strlen("Nikos")); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Set the request version. + */ + ret = gnutls_x509_crq_set_version(crq, 0); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Set a challenge password. + */ + ret = gnutls_x509_crq_set_challenge_password(crq, "fuck you"); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Associate the request with the private key + */ + ret = gnutls_x509_crq_set_key(crq, key); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Self sign the certificate request. + */ + ret = gnutls_x509_crq_sign(crq, key); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Export the PEM encoded certificate request, and + * display it. + */ + ret = + gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buffer, + &buffer_size); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + printf("Certificate Request: \n%s", buffer); + + + /* Export the PEM encoded private key, and + * display it. + */ + buffer_size = sizeof(buffer); + ret = + gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer, + &buffer_size); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + exit(1); + } + + printf("\n\nPrivate key: \n%s", buffer); + + gnutls_x509_crq_deinit(crq); + gnutls_x509_privkey_deinit(key); + + return 0; + +} + +\end{verbatim} diff --git a/doc/tex/examples.tex b/doc/tex/examples.tex index aca1cdbacf..fa041e64f5 100644 --- a/doc/tex/examples.tex +++ b/doc/tex/examples.tex @@ -26,15 +26,6 @@ The following function is an example on how to verify a certificate. \input{ex-rfc2818} -\subsection{Parsing peer's certificate, and obtaining session information} -The following function reads the peer's certificate, -and prints some information about the certificate and the current session. -\par -This function should be called after a successful -\printfunc{gnutls_handshake}{gnutls\_handshake} - -\input{ex-info} - \subsection{Using a callback to select the certificate to use} There are cases where a client holds several certificate and key pairs, and may want to choose the appropriate to send in the current session. @@ -94,4 +85,26 @@ This is a function that checks if an alert has been received in the current session. \input{ex-alert} +% CERTIFICATE STUFF + +\section{Certificate API examples} +This section contains examples that make use of the \gnutls{} certificate API. + + +\subsection{Parsing peer's certificate, and obtaining session information} +The following function reads the peer's certificate, +and prints some information about the certificate and the current session. +\par +This function should be called after a successful +\printfunc{gnutls_handshake}{gnutls\_handshake} + +\input{ex-info} + +\subsection{Generating a certificate request} +The following example is about generating a certificate request, and +a private key. A certificate request can be later be processed by a CA, +which should return a signed certificate. + +\input{ex-crq} + \input{openssl} |