diff options
Diffstat (limited to 'manual/html_node/X509-certificate-API.html')
| -rw-r--r-- | manual/html_node/X509-certificate-API.html | 376 |
1 files changed, 110 insertions, 266 deletions
diff --git a/manual/html_node/X509-certificate-API.html b/manual/html_node/X509-certificate-API.html index fa746a6df5..8af14a9a1b 100644 --- a/manual/html_node/X509-certificate-API.html +++ b/manual/html_node/X509-certificate-API.html @@ -1,7 +1,7 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <!-- This manual is last updated 4 March 2015 for version -3.4.1 of GnuTLS. +3.4.2 of GnuTLS. Copyright (C) 2001-2015 Free Software Foundation, Inc.\\ Copyright (C) 2001-2015 Nikos Mavrogiannopoulos @@ -14,10 +14,10 @@ copy of the license is included in the section entitled "GNU Free Documentation License". --> <!-- Created by GNU Texinfo 5.2, http://www.gnu.org/software/texinfo/ --> <head> -<title>GnuTLS 3.4.1: X509 certificate API</title> +<title>GnuTLS 3.4.2: X509 certificate API</title> -<meta name="description" content="GnuTLS 3.4.1: X509 certificate API"> -<meta name="keywords" content="GnuTLS 3.4.1: X509 certificate API"> +<meta name="description" content="GnuTLS 3.4.2: X509 certificate API"> +<meta name="keywords" content="GnuTLS 3.4.2: X509 certificate API"> <meta name="resource-type" content="document"> <meta name="distribution" content="global"> <meta name="Generator" content="makeinfo"> @@ -26,7 +26,7 @@ Documentation License". --> <link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index"> <link href="index.html#SEC_Contents" rel="contents" title="Table of Contents"> <link href="API-reference.html#API-reference" rel="up" title="API reference"> -<link href="OCSP-API.html#OCSP-API" rel="next" title="OCSP API"> +<link href="PKCS-7-API.html#PKCS-7-API" rel="next" title="PKCS 7 API"> <link href="Datagram-TLS-API.html#Datagram-TLS-API" rel="prev" title="Datagram TLS API"> <style type="text/css"> <!-- @@ -159,7 +159,7 @@ dl { <a name="X509-certificate-API"></a> <div class="header"> <p> -Next: <a href="OCSP-API.html#OCSP-API" accesskey="n" rel="next">OCSP API</a>, Previous: <a href="Datagram-TLS-API.html#Datagram-TLS-API" accesskey="p" rel="prev">Datagram TLS API</a>, Up: <a href="API-reference.html#API-reference" accesskey="u" rel="up">API reference</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> +Next: <a href="PKCS-7-API.html#PKCS-7-API" accesskey="n" rel="next">PKCS 7 API</a>, Previous: <a href="Datagram-TLS-API.html#Datagram-TLS-API" accesskey="p" rel="prev">Datagram TLS API</a>, Up: <a href="API-reference.html#API-reference" accesskey="u" rel="up">API reference</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> </div> <hr> <a name="X_002e509-certificate-API"></a> @@ -207,260 +207,6 @@ when the <code>res</code> structure is deinitialized. <p><strong>Since:</strong> 3.2.2 </p></dd></dl> -<a name="gnutls_005fpkcs7_005fdeinit-1"></a> -<h4 class="subheading">gnutls_pkcs7_deinit</h4> -<a name="gnutls_005fpkcs7_005fdeinit"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fdeinit"></a>Function: <em>void</em> <strong>gnutls_pkcs7_deinit</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>)</em></dt> -<dd><p><var>pkcs7</var>: the type to be deinitialized -</p> -<p>This function will deinitialize a PKCS7 type. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fdelete_005fcrl-1"></a> -<h4 class="subheading">gnutls_pkcs7_delete_crl</h4> -<a name="gnutls_005fpkcs7_005fdelete_005fcrl"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fdelete_005fcrl"></a>Function: <em>int</em> <strong>gnutls_pkcs7_delete_crl</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, int <var>indx</var>)</em></dt> -<dd><p><var>pkcs7</var>: The pkcs7 type -</p> -<p><var>indx</var>: the index of the crl to delete -</p> -<p>This function will delete a crl from a PKCS7 or RFC2630 crl set. -Index starts from 0. Returns 0 on success. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fdelete_005fcrt-1"></a> -<h4 class="subheading">gnutls_pkcs7_delete_crt</h4> -<a name="gnutls_005fpkcs7_005fdelete_005fcrt"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fdelete_005fcrt"></a>Function: <em>int</em> <strong>gnutls_pkcs7_delete_crt</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, int <var>indx</var>)</em></dt> -<dd><p><var>pkcs7</var>: The pkcs7 type -</p> -<p><var>indx</var>: the index of the certificate to delete -</p> -<p>This function will delete a certificate from a PKCS7 or RFC2630 -certificate set. Index starts from 0. Returns 0 on success. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fexport-1"></a> -<h4 class="subheading">gnutls_pkcs7_export</h4> -<a name="gnutls_005fpkcs7_005fexport"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fexport"></a>Function: <em>int</em> <strong>gnutls_pkcs7_export</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, gnutls_x509_crt_fmt_t <var>format</var>, void * <var>output_data</var>, size_t * <var>output_data_size</var>)</em></dt> -<dd><p><var>pkcs7</var>: The pkcs7 type -</p> -<p><var>format</var>: the format of output params. One of PEM or DER. -</p> -<p><var>output_data</var>: will contain a structure PEM or DER encoded -</p> -<p><var>output_data_size</var>: holds the size of output_data (and will be -replaced by the actual size of parameters) -</p> -<p>This function will export the pkcs7 structure to DER or PEM format. -</p> -<p>If the buffer provided is not long enough to hold the output, then -* <code>output_data_size</code> is updated and <code>GNUTLS_E_SHORT_MEMORY_BUFFER</code> -will be returned. -</p> -<p>If the structure is PEM encoded, it will have a header -of "BEGIN PKCS7". -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fexport2-1"></a> -<h4 class="subheading">gnutls_pkcs7_export2</h4> -<a name="gnutls_005fpkcs7_005fexport2"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fexport2"></a>Function: <em>int</em> <strong>gnutls_pkcs7_export2</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, gnutls_x509_crt_fmt_t <var>format</var>, gnutls_datum_t * <var>out</var>)</em></dt> -<dd><p><var>pkcs7</var>: The pkcs7 type -</p> -<p><var>format</var>: the format of output params. One of PEM or DER. -</p> -<p><var>out</var>: will contain a structure PEM or DER encoded -</p> -<p>This function will export the pkcs7 structure to DER or PEM format. -</p> -<p>The output buffer is allocated using <code>gnutls_malloc()</code> . -</p> -<p>If the structure is PEM encoded, it will have a header -of "BEGIN PKCS7". -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p> -<p><strong>Since:</strong> 3.1.3 -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fget_005fcrl_005fcount-1"></a> -<h4 class="subheading">gnutls_pkcs7_get_crl_count</h4> -<a name="gnutls_005fpkcs7_005fget_005fcrl_005fcount"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fget_005fcrl_005fcount"></a>Function: <em>int</em> <strong>gnutls_pkcs7_get_crl_count</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>)</em></dt> -<dd><p><var>pkcs7</var>: The pkcs7 type -</p> -<p>This function will return the number of certifcates in the PKCS7 -or RFC2630 crl set. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fget_005fcrl_005fraw-1"></a> -<h4 class="subheading">gnutls_pkcs7_get_crl_raw</h4> -<a name="gnutls_005fpkcs7_005fget_005fcrl_005fraw"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fget_005fcrl_005fraw"></a>Function: <em>int</em> <strong>gnutls_pkcs7_get_crl_raw</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, int <var>indx</var>, void * <var>crl</var>, size_t * <var>crl_size</var>)</em></dt> -<dd><p><var>pkcs7</var>: The pkcs7 type -</p> -<p><var>indx</var>: contains the index of the crl to extract -</p> -<p><var>crl</var>: the contents of the crl will be copied there (may be null) -</p> -<p><var>crl_size</var>: should hold the size of the crl -</p> -<p>This function will return a crl of the PKCS7 or RFC2630 crl set. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. If the provided buffer is not long enough, -then <code>crl_size</code> is updated and <code>GNUTLS_E_SHORT_MEMORY_BUFFER</code> is -returned. After the last crl has been read -<code>GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE</code> will be returned. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fget_005fcrt_005fcount-1"></a> -<h4 class="subheading">gnutls_pkcs7_get_crt_count</h4> -<a name="gnutls_005fpkcs7_005fget_005fcrt_005fcount"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fget_005fcrt_005fcount"></a>Function: <em>int</em> <strong>gnutls_pkcs7_get_crt_count</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>)</em></dt> -<dd><p><var>pkcs7</var>: should contain a <code>gnutls_pkcs7_t</code> type -</p> -<p>This function will return the number of certifcates in the PKCS7 -or RFC2630 certificate set. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fget_005fcrt_005fraw-1"></a> -<h4 class="subheading">gnutls_pkcs7_get_crt_raw</h4> -<a name="gnutls_005fpkcs7_005fget_005fcrt_005fraw"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fget_005fcrt_005fraw"></a>Function: <em>int</em> <strong>gnutls_pkcs7_get_crt_raw</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, int <var>indx</var>, void * <var>certificate</var>, size_t * <var>certificate_size</var>)</em></dt> -<dd><p><var>pkcs7</var>: should contain a gnutls_pkcs7_t type -</p> -<p><var>indx</var>: contains the index of the certificate to extract -</p> -<p><var>certificate</var>: the contents of the certificate will be copied -there (may be null) -</p> -<p><var>certificate_size</var>: should hold the size of the certificate -</p> -<p>This function will return a certificate of the PKCS7 or RFC2630 -certificate set. -</p> -<p>After the last certificate has been read -<code>GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE</code> will be returned. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. If the provided buffer is not long enough, -then <code>certificate_size</code> is updated and -<code>GNUTLS_E_SHORT_MEMORY_BUFFER</code> is returned. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fimport-1"></a> -<h4 class="subheading">gnutls_pkcs7_import</h4> -<a name="gnutls_005fpkcs7_005fimport"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fimport"></a>Function: <em>int</em> <strong>gnutls_pkcs7_import</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, const gnutls_datum_t * <var>data</var>, gnutls_x509_crt_fmt_t <var>format</var>)</em></dt> -<dd><p><var>pkcs7</var>: The data to store the parsed PKCS7. -</p> -<p><var>data</var>: The DER or PEM encoded PKCS7. -</p> -<p><var>format</var>: One of DER or PEM -</p> -<p>This function will convert the given DER or PEM encoded PKCS7 to -the native <code>gnutls_pkcs7_t</code> format. The output will be stored in - <code>pkcs7</code> . -</p> -<p>If the PKCS7 is PEM encoded it should have a header of "PKCS7". -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005finit-1"></a> -<h4 class="subheading">gnutls_pkcs7_init</h4> -<a name="gnutls_005fpkcs7_005finit"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005finit"></a>Function: <em>int</em> <strong>gnutls_pkcs7_init</strong> <em>(gnutls_pkcs7_t * <var>pkcs7</var>)</em></dt> -<dd><p><var>pkcs7</var>: A pointer to the type to be initialized -</p> -<p>This function will initialize a PKCS7 structure. PKCS7 structures -usually contain lists of X.509 Certificates and X.509 Certificate -revocation lists. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fset_005fcrl-1"></a> -<h4 class="subheading">gnutls_pkcs7_set_crl</h4> -<a name="gnutls_005fpkcs7_005fset_005fcrl"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fset_005fcrl"></a>Function: <em>int</em> <strong>gnutls_pkcs7_set_crl</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, gnutls_x509_crl_t <var>crl</var>)</em></dt> -<dd><p><var>pkcs7</var>: The pkcs7 type -</p> -<p><var>crl</var>: the DER encoded crl to be added -</p> -<p>This function will add a parsed CRL to the PKCS7 or RFC2630 crl -set. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fset_005fcrl_005fraw-1"></a> -<h4 class="subheading">gnutls_pkcs7_set_crl_raw</h4> -<a name="gnutls_005fpkcs7_005fset_005fcrl_005fraw"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fset_005fcrl_005fraw"></a>Function: <em>int</em> <strong>gnutls_pkcs7_set_crl_raw</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, const gnutls_datum_t * <var>crl</var>)</em></dt> -<dd><p><var>pkcs7</var>: The pkcs7 type -</p> -<p><var>crl</var>: the DER encoded crl to be added -</p> -<p>This function will add a crl to the PKCS7 or RFC2630 crl set. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fset_005fcrt-1"></a> -<h4 class="subheading">gnutls_pkcs7_set_crt</h4> -<a name="gnutls_005fpkcs7_005fset_005fcrt"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fset_005fcrt"></a>Function: <em>int</em> <strong>gnutls_pkcs7_set_crt</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, gnutls_x509_crt_t <var>crt</var>)</em></dt> -<dd><p><var>pkcs7</var>: The pkcs7 type -</p> -<p><var>crt</var>: the certificate to be copied. -</p> -<p>This function will add a parsed certificate to the PKCS7 or -RFC2630 certificate set. This is a wrapper function over -<code>gnutls_pkcs7_set_crt_raw()</code> . -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - -<a name="gnutls_005fpkcs7_005fset_005fcrt_005fraw-1"></a> -<h4 class="subheading">gnutls_pkcs7_set_crt_raw</h4> -<a name="gnutls_005fpkcs7_005fset_005fcrt_005fraw"></a><dl> -<dt><a name="index-gnutls_005fpkcs7_005fset_005fcrt_005fraw"></a>Function: <em>int</em> <strong>gnutls_pkcs7_set_crt_raw</strong> <em>(gnutls_pkcs7_t <var>pkcs7</var>, const gnutls_datum_t * <var>crt</var>)</em></dt> -<dd><p><var>pkcs7</var>: The pkcs7 type -</p> -<p><var>crt</var>: the DER encoded certificate to be added -</p> -<p>This function will add a certificate to the PKCS7 or RFC2630 -certificate set. -</p> -<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. -</p></dd></dl> - <a name="gnutls_005fpkcs8_005finfo-1"></a> <h4 class="subheading">gnutls_pkcs8_info</h4> <a name="gnutls_005fpkcs8_005finfo"></a><dl> @@ -3041,7 +2787,7 @@ described in RFC4514. The output string will be ASCII or UTF-8 encoded, depending on the certificate data. </p> <p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. and a negative error code on error. +negative error value. </p> <p><strong>Since:</strong> 3.1.10 </p></dd></dl> @@ -3465,7 +3211,7 @@ described in RFC4514. The output string will be ASCII or UTF-8 encoded, depending on the certificate data. </p> <p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. and a negative error code on error. +negative error value. </p> <p><strong>Since:</strong> 3.1.10 </p></dd></dl> @@ -3871,7 +3617,7 @@ negative error value. <p>This function will extract the signature field of a certificate. </p> <p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a -negative error value. and a negative error code on error. +negative error value. </p></dd></dl> <a name="gnutls_005fx509_005fcrt_005fget_005fsignature_005falgorithm-1"></a> @@ -4905,6 +4651,29 @@ as in <code>gnutls_x509_trust_list_verify_crt2()</code> . negative error value. </p></dd></dl> +<a name="gnutls_005fx509_005fcrt_005fverify_005fdata2-1"></a> +<h4 class="subheading">gnutls_x509_crt_verify_data2</h4> +<a name="gnutls_005fx509_005fcrt_005fverify_005fdata2"></a><dl> +<dt><a name="index-gnutls_005fx509_005fcrt_005fverify_005fdata2"></a>Function: <em>int</em> <strong>gnutls_x509_crt_verify_data2</strong> <em>(gnutls_x509_crt_t <var>crt</var>, gnutls_sign_algorithm_t <var>algo</var>, unsigned int <var>flags</var>, const gnutls_datum_t * <var>data</var>, const gnutls_datum_t * <var>signature</var>)</em></dt> +<dd><p><var>crt</var>: Holds the certificate to verify with +</p> +<p><var>algo</var>: The signature algorithm used +</p> +<p><var>flags</var>: Zero or an OR list of <code>gnutls_certificate_verify_flags</code> +</p> +<p><var>data</var>: holds the signed data +</p> +<p><var>signature</var>: contains the signature +</p> +<p>This function will verify the given signed data, using the +parameters from the certificate. +</p> +<p><strong>Returns:</strong> In case of a verification failure <code>GNUTLS_E_PK_SIG_VERIFY_FAILED</code> +is returned, and zero or positive code on success. +</p> +<p><strong>Since:</strong> 3.4.0 +</p></dd></dl> + <a name="gnutls_005fx509_005fdn_005fdeinit-1"></a> <h4 class="subheading">gnutls_x509_dn_deinit</h4> <a name="gnutls_005fx509_005fdn_005fdeinit"></a><dl> @@ -5000,6 +4769,25 @@ value conversions when necessary (e.g. from UCS-2). <p><strong>Returns:</strong> Returns 0 on success, or an error code. </p></dd></dl> +<a name="gnutls_005fx509_005fdn_005fget_005fstr-1"></a> +<h4 class="subheading">gnutls_x509_dn_get_str</h4> +<a name="gnutls_005fx509_005fdn_005fget_005fstr"></a><dl> +<dt><a name="index-gnutls_005fx509_005fdn_005fget_005fstr"></a>Function: <em>int</em> <strong>gnutls_x509_dn_get_str</strong> <em>(gnutls_x509_dn_t <var>dn</var>, gnutls_datum_t * <var>str</var>)</em></dt> +<dd><p><var>dn</var>: a pointer to DN +</p> +<p><var>str</var>: a datum that will hold the name +</p> +<p>This function will allocate buffer and copy the name in the provided DN. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. +</p> +<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a +negative error value. +</p> +<p><strong>Since:</strong> 3.4.2 +</p></dd></dl> + <a name="gnutls_005fx509_005fdn_005fimport-1"></a> <h4 class="subheading">gnutls_x509_dn_import</h4> <a name="gnutls_005fx509_005fdn_005fimport"></a><dl> @@ -6492,6 +6280,39 @@ the global function set using <code>gnutls_pkcs11_set_pin_function()</code> . <p><strong>Since:</strong> 3.4.0 </p></dd></dl> +<a name="gnutls_005fx509_005fprivkey_005fsign_005fdata-1"></a> +<h4 class="subheading">gnutls_x509_privkey_sign_data</h4> +<a name="gnutls_005fx509_005fprivkey_005fsign_005fdata"></a><dl> +<dt><a name="index-gnutls_005fx509_005fprivkey_005fsign_005fdata"></a>Function: <em>int</em> <strong>gnutls_x509_privkey_sign_data</strong> <em>(gnutls_x509_privkey_t <var>key</var>, gnutls_digest_algorithm_t <var>digest</var>, unsigned int <var>flags</var>, const gnutls_datum_t * <var>data</var>, void * <var>signature</var>, size_t * <var>signature_size</var>)</em></dt> +<dd><p><var>key</var>: a key +</p> +<p><var>digest</var>: should be MD5 or SHA1 +</p> +<p><var>flags</var>: should be 0 for now +</p> +<p><var>data</var>: holds the data to be signed +</p> +<p><var>signature</var>: will contain the signature +</p> +<p><var>signature_size</var>: holds the size of signature (and will be replaced +by the new size) +</p> +<p>This function will sign the given data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only SHA-1 for the DSA keys. +</p> +<p>If the buffer provided is not long enough to hold the output, then +* <code>signature_size</code> is updated and <code>GNUTLS_E_SHORT_MEMORY_BUFFER</code> will +be returned. +</p> +<p>Use <code>gnutls_x509_crt_get_preferred_hash_algorithm()</code> to determine +the hash algorithm. +</p> +<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a +negative error value. +</p></dd></dl> + <a name="gnutls_005fx509_005fprivkey_005fverify_005fparams-1"></a> <h4 class="subheading">gnutls_x509_privkey_verify_params</h4> <a name="gnutls_005fx509_005fprivkey_005fverify_005fparams"></a><dl> @@ -6805,11 +6626,11 @@ negative error value. </p> <p><var>dn</var>: is the issuer’s DN </p> -<p><var>issuer</var>: Will hold the issuer if any. Should be treated as constant. +<p><var>issuer</var>: Will hold the issuer if any. Should be deallocated after use. </p> <p><var>flags</var>: Use zero </p> -<p>This function will find the issuer of the given certificate, and +<p>This function will find the issuer with the given name, and return a copy of the issuer, which must be freed using <code>gnutls_x509_crt_deinit()</code> . </p> <p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a @@ -6818,6 +6639,29 @@ negative error value. <p><strong>Since:</strong> 3.4.0 </p></dd></dl> +<a name="gnutls_005fx509_005ftrust_005flist_005fget_005fissuer_005fby_005fsubject_005fkey_005fid-1"></a> +<h4 class="subheading">gnutls_x509_trust_list_get_issuer_by_subject_key_id</h4> +<a name="gnutls_005fx509_005ftrust_005flist_005fget_005fissuer_005fby_005fsubject_005fkey_005fid"></a><dl> +<dt><a name="index-gnutls_005fx509_005ftrust_005flist_005fget_005fissuer_005fby_005fsubject_005fkey_005fid"></a>Function: <em>int</em> <strong>gnutls_x509_trust_list_get_issuer_by_subject_key_id</strong> <em>(gnutls_x509_trust_list_t <var>list</var>, const gnutls_datum_t * <var>dn</var>, const gnutls_datum_t * <var>spki</var>, gnutls_x509_crt_t * <var>issuer</var>, unsigned int <var>flags</var>)</em></dt> +<dd><p><var>list</var>: The list +</p> +<p><var>dn</var>: is the issuer’s DN (may be <code>NULL</code> ) +</p> +<p><var>spki</var>: is the subject key ID +</p> +<p><var>issuer</var>: Will hold the issuer if any. Should be deallocated after use. +</p> +<p><var>flags</var>: Use zero +</p> +<p>This function will find the issuer with the given name and subject key ID, and +return a copy of the issuer, which must be freed using <code>gnutls_x509_crt_deinit()</code> . +</p> +<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a +negative error value. +</p> +<p><strong>Since:</strong> 3.4.2 +</p></dd></dl> + <a name="gnutls_005fx509_005ftrust_005flist_005finit-1"></a> <h4 class="subheading">gnutls_x509_trust_list_init</h4> <a name="gnutls_005fx509_005ftrust_005flist_005finit"></a><dl> @@ -7057,7 +6901,7 @@ negative error value. <hr> <div class="header"> <p> -Next: <a href="OCSP-API.html#OCSP-API" accesskey="n" rel="next">OCSP API</a>, Previous: <a href="Datagram-TLS-API.html#Datagram-TLS-API" accesskey="p" rel="prev">Datagram TLS API</a>, Up: <a href="API-reference.html#API-reference" accesskey="u" rel="up">API reference</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> +Next: <a href="PKCS-7-API.html#PKCS-7-API" accesskey="n" rel="next">PKCS 7 API</a>, Previous: <a href="Datagram-TLS-API.html#Datagram-TLS-API" accesskey="p" rel="prev">Datagram TLS API</a>, Up: <a href="API-reference.html#API-reference" accesskey="u" rel="up">API reference</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> </div> |