diff options
| -rw-r--r-- | doc/tex/programs.tex | 113 | ||||
| -rw-r--r-- | lib/gnutls_state.c | 6 | ||||
| -rw-r--r-- | lib/libgnutls.m4 | 2 |
3 files changed, 115 insertions, 6 deletions
diff --git a/doc/tex/programs.tex b/doc/tex/programs.tex index d0a0d43467..922d0ba933 100644 --- a/doc/tex/programs.tex +++ b/doc/tex/programs.tex @@ -1,6 +1,6 @@ \chapter{Included programs} -\section{The ``srptool'' program} +\section{The ``srptool'' program\index{srptool}} \label{srptool} The ``srptool'' is a very simple program that emulates the programs in the @@ -41,7 +41,7 @@ $ srptool --passwd /etc/tpasswd \ -\section{The ``gnutls-cli-debug'' program} +\section{The ``gnutls-cli-debug'' program\index{gnutls-cli-debug}} This program was created to assist in debugging \gnutls{}, but it might be useful to extract a \tls{} server's capabilities. @@ -96,14 +96,14 @@ Checking for OpenPGP authentication support (TLS extension)... no \end{verbatim} -\section{The ``certtool'' program} +\section{The ``certtool'' program\index{certtool}} This is a program to generate X.509 certificates, certificate requests, CRLs and private keys. The program can be used interactively or non interactively by specifying the \emph{--template} command line option. See \emph{doc/certtool.cfg}, in the distribution, for an example of a template file. -How to use certtool: +How to use certtool interactively: \begin{itemize} @@ -144,4 +144,109 @@ $ certtool --load-certificate cert.pem --load-privkey key.pem --to-p12 \ \end{itemize} +\par +Certtool's template file format: + +\begin{itemize} +\item Firstly create a file named 'cert.cfg' that contains the information +about the certificate. An example file is listed below. +\item Then execute +\begin{verbatim} +$ certtool --generate-certificate cert.pem --load-privkey key.pem \ + --template cert.cfg \ + --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem +\end{verbatim} +\end{itemize} +\par +An example certtool template file: + +\begin{verbatim} +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +#uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal" +# This is deprecated and should not be used in new +# certificates. +# pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 007 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 700 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +#dns_name = "www.none.org" + +# An IP address in case of a server. +#ip_address = "192.168.1.1" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +#crl_dist_points = "http://www.getcrl.crl/getcrl/" + +# Whether this is a CA certificate or not +#ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is prefered to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +#cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +#ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key +\end{verbatim} diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 459007ed22..390e11b65a 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -372,7 +372,11 @@ void _gnutls_deinit(gnutls_session session) } gnutls_free( session->internals.srp_username); - gnutls_free( session->internals.srp_password); + if (session->internals.srp_password) { + memset( session->internals.srp_password, 0, + strlen(session->internals.srp_password)); + gnutls_free( session->internals.srp_password); + } memset( session, 0, sizeof(struct gnutls_session_int)); gnutls_free(session); diff --git a/lib/libgnutls.m4 b/lib/libgnutls.m4 index 684322d8fa..99f0aa27e6 100644 --- a/lib/libgnutls.m4 +++ b/lib/libgnutls.m4 @@ -9,7 +9,7 @@ dnl $id$ dnl AM_PATH_LIBGNUTLS([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libgnutls, and define LIBGNUTLS_CFLAGS and LIBGNUTLS_LIBS dnl -AC_DEFUN(AM_PATH_LIBGNUTLS, +AC_DEFUN([AM_PATH_LIBGNUTLS], [dnl dnl Get the cflags and libraries from the libgnutls-config script dnl |