diff options
Diffstat (limited to 'manual/html_node/Verification-using-PKCS11.html')
-rw-r--r-- | manual/html_node/Verification-using-PKCS11.html | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/manual/html_node/Verification-using-PKCS11.html b/manual/html_node/Verification-using-PKCS11.html new file mode 100644 index 0000000000..47be86d6e6 --- /dev/null +++ b/manual/html_node/Verification-using-PKCS11.html @@ -0,0 +1,189 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<!-- This manual is last updated 29 July 2014 for version +3.3.7 of GnuTLS. + +Copyright (C) 2001-2013 Free Software Foundation, Inc.\\ +Copyright (C) 2001-2013 Nikos Mavrogiannopoulos + +Permission is granted to copy, distribute and/or modify this document +under the terms of the GNU Free Documentation License, Version 1.3 or +any later version published by the Free Software Foundation; with no +Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A +copy of the license is included in the section entitled "GNU Free +Documentation License". --> +<!-- Created by GNU Texinfo 5.2, http://www.gnu.org/software/texinfo/ --> +<head> +<title>GnuTLS 3.3.7: Verification using PKCS11</title> + +<meta name="description" content="GnuTLS 3.3.7: Verification using PKCS11"> +<meta name="keywords" content="GnuTLS 3.3.7: Verification using PKCS11"> +<meta name="resource-type" content="document"> +<meta name="distribution" content="global"> +<meta name="Generator" content="makeinfo"> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link href="index.html#Top" rel="start" title="Top"> +<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index"> +<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents"> +<link href="X_002e509-certificates.html#X_002e509-certificates" rel="up" title="X.509 certificates"> +<link href="OpenPGP-certificates.html#OpenPGP-certificates" rel="next" title="OpenPGP certificates"> +<link href="Verifying-a-certificate-in-the-context-of-TLS-session.html#Verifying-a-certificate-in-the-context-of-TLS-session" rel="prev" title="Verifying a certificate in the context of TLS session"> +<style type="text/css"> +<!-- +a.summary-letter {text-decoration: none} +blockquote.smallquotation {font-size: smaller} +div.display {margin-left: 3.2em} +div.example {margin-left: 3.2em} +div.indentedblock {margin-left: 3.2em} +div.lisp {margin-left: 3.2em} +div.smalldisplay {margin-left: 3.2em} +div.smallexample {margin-left: 3.2em} +div.smallindentedblock {margin-left: 3.2em; font-size: smaller} +div.smalllisp {margin-left: 3.2em} +kbd {font-style:oblique} +pre.display {font-family: inherit} +pre.format {font-family: inherit} +pre.menu-comment {font-family: serif} +pre.menu-preformatted {font-family: serif} +pre.smalldisplay {font-family: inherit; font-size: smaller} +pre.smallexample {font-size: smaller} +pre.smallformat {font-family: inherit; font-size: smaller} +pre.smalllisp {font-size: smaller} +span.nocodebreak {white-space:nowrap} +span.nolinebreak {white-space:nowrap} +span.roman {font-family:serif; font-weight:normal} +span.sansserif {font-family:sans-serif; font-weight:normal} +ul.no-bullet {list-style: none} +body { + margin: 2%; + padding: 0 5%; + background: #ffffff; +} +h1,h2,h3,h4,h5 { + font-weight: bold; + padding: 5px 5px 5px 5px; + background-color: #c2e0ff; + color: #336699; +} +h1 { + padding: 2em 2em 2em 5%; + color: white; + background: #336699; + text-align: center; + letter-spacing: 3px; +} +h2 { text-decoration: underline; } +pre { + margin: 0 5%; + padding: 0.5em; +} +pre.example,pre.verbatim { + padding-bottom: 1em; + + border: solid #c2e0ff; + background: #f0faff; + border-width: 1px 1px 1px 5px; + margin: 1em auto; + width: 90%; +} + +div.node { + margin: 0 -5% 0 -2%; + padding: 0.5em 0.5em; + margin-top: 0.5em; + margin-bottom: 0.5em; + font-weight: bold; +} +dd, li { + padding-top: 0.1em; + padding-bottom: 0.1em; +} +div.float { + + margin-bottom: 0.5em; + text-align: center; +} + +table { + text-align: left; + margin-left:auto; + margin-right:auto; + width: 50%; +} + +th { + padding: 0; + color: #336699; + background-color: #c2e0ff; + border: solid #000000; + border-width: 0px; + margin: 1em auto; + text-align: center; + margin-left:auto; + margin-right:auto; +} + +td { + padding: 0; + border: solid #000000; + background-color: #f0faff; + border-width: 0px; + margin: 1em auto; + text-align: left; + margin-left:auto; + margin-right:auto; + padding-left: 1em; +} + +dl { + text-align: left; + margin-left:auto; + margin-right:auto; + width: 50%; + + padding-left: 1em; + border: solid #c2e0ff; + background: #f0faff; + border-width: 5px 1px 1px 1px; + margin: 1em auto; +} + +--> +</style> + + +</head> + +<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000"> +<a name="Verification-using-PKCS11"></a> +<div class="header"> +<p> +Previous: <a href="Verifying-a-certificate-in-the-context-of-TLS-session.html#Verifying-a-certificate-in-the-context-of-TLS-session" accesskey="p" rel="prev">Verifying a certificate in the context of TLS session</a>, Up: <a href="X_002e509-certificates.html#X_002e509-certificates" accesskey="u" rel="up">X.509 certificates</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> +</div> +<hr> +<a name="Verifying-a-certificate-using-PKCS-_002311"></a> +<h4 class="subsubsection">4.1.1.8 Verifying a certificate using PKCS #11</h4> +<a name="index-verifying-certificate-with-pkcs11"></a> + +<p>Some systems provide a system wide trusted certificate storage accessible using +PKCS #11. That is, the trusted certificates are queried and accessed using the +PKCS #11 API. One example is the p11-kit trust module<a name="DOCF6" href="#FOOT6"><sup>6</sup></a>. +</p> +<p>These special PKCS #11 modules can be used for GnuTLS certificate verification if marked as trust +policy modules, i.e., with <code>trust-policy: yes</code> in the p11-kit module file. +The way to use them is by specifying to the file verification function (e.g., <a href="Core-TLS-API.html#gnutls_005fcertificate_005fset_005fx509_005ftrust_005ffile">gnutls_certificate_set_x509_trust_file</a>), +a pkcs11 URL, or simply <code>pkcs11:</code> to use all the marked with trust policy modules. +</p> + +<div class="footnote"> +<hr> +<h4 class="footnotes-heading">Footnotes</h4> + +<h3><a name="FOOT6" href="#DOCF6">(6)</a></h3> +<p>see <a href="http://p11-glue.freedesktop.org/trust-module.html">http://p11-glue.freedesktop.org/trust-module.html</a>.</p> +</div> + + + +</body> +</html> |