summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/examples/Makefile.am3
-rw-r--r--doc/tex/Makefile.am3
-rw-r--r--doc/tex/ex-crq.tex132
-rw-r--r--doc/tex/examples.tex31
4 files changed, 158 insertions, 11 deletions
diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am
index 6fc8dcca04..e754fceb00 100644
--- a/doc/examples/Makefile.am
+++ b/doc/examples/Makefile.am
@@ -1,3 +1,4 @@
EXTRA_DIST = ex-alert.c ex-client-resume.c ex-client-srp.c ex-client1.c \
ex-client2.c ex-info.c ex-rfc2818.c ex-serv-export.c ex-serv-pgp.c \
- ex-serv-srp.c ex-serv1.c ex-pgp-keyserver.c ex-cert-select.c
+ ex-serv-srp.c ex-serv1.c ex-pgp-keyserver.c ex-cert-select.c \
+ ex-crq.c
diff --git a/doc/tex/Makefile.am b/doc/tex/Makefile.am
index 9b1b93fda0..9bac61517a 100644
--- a/doc/tex/Makefile.am
+++ b/doc/tex/Makefile.am
@@ -7,7 +7,8 @@ EXTRA_DIST = gnutls.tex gnutls.ps \
EXAMPLE_OBJECTS = ex-alert.tex ex-client-srp.tex ex-serv-export.tex \
ex-client1.tex ex-client2.tex ex-info.tex ex-rfc2818.tex \
ex-serv1.tex ex-client-resume.tex ex-serv-srp.tex \
- ex-serv-pgp.tex ex-pgp-keyserver.tex ex-cert-select.tex
+ ex-serv-pgp.tex ex-pgp-keyserver.tex ex-cert-select.tex \
+ ex-crq.tex
TEX_OBJECTS = gnutls.tex ../../lib/gnutls-api.tex fdl.tex ../../lib/x509/x509-api.tex \
macros.tex cover.tex ciphersuites.tex handshake.tex translayer.tex \
diff --git a/doc/tex/ex-crq.tex b/doc/tex/ex-crq.tex
new file mode 100644
index 0000000000..2fce84a2be
--- /dev/null
+++ b/doc/tex/ex-crq.tex
@@ -0,0 +1,132 @@
+\begin{verbatim}
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <time.h>
+
+/* This example will generate a private key and a certificate
+ * request.
+ */
+
+int main()
+{
+ gnutls_x509_crq crq;
+ gnutls_x509_privkey key;
+ unsigned char buffer[10*1024];
+ int buffer_size = sizeof(buffer);
+ int ret;
+
+ gnutls_global_init();
+
+ /* Initialize an empty certificate request, and
+ * an empty private key.
+ */
+ ret = gnutls_x509_crq_init(&crq);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret = gnutls_x509_privkey_init(&key);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ /* Generate a 1024 bit RSA private key.
+ */
+ ret = gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, 1024, 0);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+
+ /* Add stuff to the distinguished name
+ */
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COUNTRY_NAME,
+ "GR", 2);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ ret =
+ gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME,
+ "Nikos", strlen("Nikos"));
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ /* Set the request version.
+ */
+ ret = gnutls_x509_crq_set_version(crq, 0);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ /* Set a challenge password.
+ */
+ ret = gnutls_x509_crq_set_challenge_password(crq, "fuck you");
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ /* Associate the request with the private key
+ */
+ ret = gnutls_x509_crq_set_key(crq, key);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ /* Self sign the certificate request.
+ */
+ ret = gnutls_x509_crq_sign(crq, key);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ /* Export the PEM encoded certificate request, and
+ * display it.
+ */
+ ret =
+ gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buffer,
+ &buffer_size);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ printf("Certificate Request: \n%s", buffer);
+
+
+ /* Export the PEM encoded private key, and
+ * display it.
+ */
+ buffer_size = sizeof(buffer);
+ ret =
+ gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer,
+ &buffer_size);
+ if (ret < 0) {
+ fprintf(stderr, "ret: %s\n", gnutls_strerror(ret));
+ exit(1);
+ }
+
+ printf("\n\nPrivate key: \n%s", buffer);
+
+ gnutls_x509_crq_deinit(crq);
+ gnutls_x509_privkey_deinit(key);
+
+ return 0;
+
+}
+
+\end{verbatim}
diff --git a/doc/tex/examples.tex b/doc/tex/examples.tex
index aca1cdbacf..fa041e64f5 100644
--- a/doc/tex/examples.tex
+++ b/doc/tex/examples.tex
@@ -26,15 +26,6 @@ The following function is an example on how to verify a certificate.
\input{ex-rfc2818}
-\subsection{Parsing peer's certificate, and obtaining session information}
-The following function reads the peer's certificate,
-and prints some information about the certificate and the current session.
-\par
-This function should be called after a successful
-\printfunc{gnutls_handshake}{gnutls\_handshake}
-
-\input{ex-info}
-
\subsection{Using a callback to select the certificate to use}
There are cases where a client holds several certificate and key pairs,
and may want to choose the appropriate to send in the current session.
@@ -94,4 +85,26 @@ This is a function that checks if an alert has been received
in the current session.
\input{ex-alert}
+% CERTIFICATE STUFF
+
+\section{Certificate API examples}
+This section contains examples that make use of the \gnutls{} certificate API.
+
+
+\subsection{Parsing peer's certificate, and obtaining session information}
+The following function reads the peer's certificate,
+and prints some information about the certificate and the current session.
+\par
+This function should be called after a successful
+\printfunc{gnutls_handshake}{gnutls\_handshake}
+
+\input{ex-info}
+
+\subsection{Generating a certificate request}
+The following example is about generating a certificate request, and
+a private key. A certificate request can be later be processed by a CA,
+which should return a signed certificate.
+
+\input{ex-crq}
+
\input{openssl}