www.gitorious.org Git - gnutls:gnutls.git/blob

1 /*

3 *

4 * Author: Nikos Mavrogiannopoulos

5 *

6 * This file is part of GnuTLS.

7 *

8 * The GnuTLS is free software; you can redistribute it and/or

9 * modify it under the terms of the GNU Lesser General Public License

10 * as published by the Free Software Foundation; either version 2.1 of

11 * the License, or (at your option) any later version.

12 *

13 * This library is distributed in the hope that it will be useful, but

14 * WITHOUT ANY WARRANTY; without even the implied warranty of

15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

16 * Lesser General Public License for more details.

17 *

18 * You should have received a copy of the GNU Lesser General Public License

19 * along with this program. If not, see <http://www.gnu.org/licenses/>

20 *

21 */

22

23 /* This file contains the types and prototypes for the X.509

24 * certificate and CRL handling functions.

25 */

26

27 #ifndef GNUTLS_X509_H

28 #define GNUTLS_X509_H

29

30 #include <gnutls/gnutls.h>

31

32 #ifdef __cplusplus

33 extern "C"

34 {

35 #endif

36

37 /* Some OIDs usually found in Distinguished names, or

38 * in Subject Directory Attribute extensions.

39 */

40 #define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6"

41 #define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10"

42 #define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"

43 #define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3"

44 #define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7"

45 #define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"

46

47 #define GNUTLS_OID_X520_INITIALS "2.5.4.43"

48 #define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44"

49 #define GNUTLS_OID_X520_SURNAME "2.5.4.4"

50 #define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42"

51 #define GNUTLS_OID_X520_TITLE "2.5.4.12"

52 #define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46"

53 #define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65"

54 #define GNUTLS_OID_X520_POSTALCODE "2.5.4.17"

55 #define GNUTLS_OID_X520_NAME "2.5.4.41"

56

57 #define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25"

58 #define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1"

59

60 /* The following should not be included in DN.

61 */

62 #define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"

63

64 #define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1"

65 #define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2"

66 #define GNUTLS_OID_PKIX_GENDER "1.3.6.1.5.5.7.9.3"

67 #define GNUTLS_OID_PKIX_COUNTRY_OF_CITIZENSHIP "1.3.6.1.5.5.7.9.4"

68 #define GNUTLS_OID_PKIX_COUNTRY_OF_RESIDENCE "1.3.6.1.5.5.7.9.5"

69

70 /* Key purpose Object Identifiers.

71 */

72 #define GNUTLS_KP_TLS_WWW_SERVER "1.3.6.1.5.5.7.3.1"

73 #define GNUTLS_KP_TLS_WWW_CLIENT "1.3.6.1.5.5.7.3.2"

74 #define GNUTLS_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3"

75 #define GNUTLS_KP_MS_SMART_CARD_LOGON "1.3.6.1.4.1.311.20.2.2"

76 #define GNUTLS_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4"

77 #define GNUTLS_KP_TIME_STAMPING "1.3.6.1.5.5.7.3.8"

78 #define GNUTLS_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9"

79 #define GNUTLS_KP_IPSEC_IKE "1.3.6.1.5.5.7.3.17"

80 #define GNUTLS_KP_ANY "2.5.29.37.0"

81

82 #define GNUTLS_OID_AIA "1.3.6.1.5.5.7.1.1"

83 #define GNUTLS_OID_AD_OCSP "1.3.6.1.5.5.7.48.1"

84 #define GNUTLS_OID_AD_CAISSUERS "1.3.6.1.5.5.7.48.2"

85

86 #define GNUTLS_FSAN_SET 0

87 #define GNUTLS_FSAN_APPEND 1

88

89 /* Certificate handling functions.

90 */

91

92 /**

93 * gnutls_certificate_import_flags:

94 * @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the

95 * certificates in the buffer are more than the space allocated for

96 * certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER.

97 * @GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: Fail if the certificates

98 * in the buffer are not ordered starting from subject to issuer.

99 * The error code will be %GNUTLS_E_CERTIFICATE_LIST_UNSORTED.

100 *

101 * Enumeration of different certificate import flags.

102 */

103 typedef enum gnutls_certificate_import_flags

104 {

105 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1,

106 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2

107 } gnutls_certificate_import_flags;

108

109 int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);

110 void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);

111 int gnutls_x509_crt_import (gnutls_x509_crt_t cert,

112 const gnutls_datum_t * data,

113 gnutls_x509_crt_fmt_t format);

114 int gnutls_x509_crt_list_import2 (gnutls_x509_crt_t ** certs,

115 unsigned int * size,

116 const gnutls_datum_t * data,

117 gnutls_x509_crt_fmt_t format, unsigned int flags);

118 int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,

119 unsigned int *cert_max,

120 const gnutls_datum_t * data,

121 gnutls_x509_crt_fmt_t format,

122 unsigned int flags);

123 int gnutls_x509_crt_export (gnutls_x509_crt_t cert,

124 gnutls_x509_crt_fmt_t format,

125 void *output_data, size_t * output_data_size);

126 int gnutls_x509_crt_export2 (gnutls_x509_crt_t cert,

127 gnutls_x509_crt_fmt_t format,

128 gnutls_datum_t* out);

129 int gnutls_x509_crt_get_private_key_usage_period (gnutls_x509_crt_t cert, time_t* activation, time_t* expiration,

130 unsigned int *critical);

131

132 int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,

133 size_t * buf_size);

134 int gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn);

135 int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx,

136 void *oid, size_t * oid_size);

137 int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,

138 const char *oid, int indx,

139 unsigned int raw_flag,

140 void *buf, size_t * buf_size);

141 int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,

142 size_t * buf_size);

143 int gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn);

144 int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx,

145 void *oid, size_t * oid_size);

146 int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,

147 const char *oid, int indx,

148 unsigned int raw_flag, void *buf,

149 size_t * buf_size);

150 int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert,

151 const char *hostname);

152

153 int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);

154 int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,

155 char *sig, size_t * sizeof_sig);

156 int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);

157 int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,

158 unsigned int flags,

159 unsigned char *output_data,

160 size_t * output_data_size);

161

162 int gnutls_x509_crt_set_private_key_usage_period (gnutls_x509_crt_t crt,

163 time_t activation,

164 time_t expiration);

165 int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,

166 const void *id, size_t id_size);

167 int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,

168 void *id, size_t * id_size,

169 unsigned int *critical);

170 int gnutls_x509_crt_get_authority_key_gn_serial (gnutls_x509_crt_t cert,

171 unsigned int seq,

172 void *alt,

173 size_t * alt_size,

174 unsigned int *alt_type,

175 void* serial,

176 size_t *serial_size,

177 unsigned int *critical);

178

179 int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,

180 void *ret, size_t * ret_size,

181 unsigned int *critical);

182

183 int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,

184 size_t * buf_size);

185

186 int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,

187 size_t * buf_size);

188

189 void gnutls_x509_crt_set_pin_function (gnutls_x509_crt_t crt,

190 gnutls_pin_callback_t fn, void *userdata);

191

192 /**

193 * gnutls_info_access_what_t:

194 * @GNUTLS_IA_ACCESSMETHOD_OID: Get accessMethod OID.

195 * @GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE: Get accessLocation name type.

196 * @GNUTLS_IA_URI: Get accessLocation URI value.

197 * @GNUTLS_IA_OCSP_URI: get accessLocation URI value for OCSP.

198 * @GNUTLS_IA_CAISSUERS_URI: get accessLocation URI value for caIssuers.

199 *

200 * Enumeration of types for the @what parameter of

201 * gnutls_x509_crt_get_authority_info_access().

202 */

203 typedef enum gnutls_info_access_what_t

204 {

205 GNUTLS_IA_ACCESSMETHOD_OID = 1,

206 GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE = 2,

207 /* use 100-108 for the generalName types, populate as needed */

208 GNUTLS_IA_URI = 106,

209 /* quick-access variants that match both OID and name type. */

210 GNUTLS_IA_OCSP_URI = 10006,

211 GNUTLS_IA_CAISSUERS_URI = 10106

212 } gnutls_info_access_what_t;

213

214 int gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,

215 unsigned int seq,

216 int what,

217 gnutls_datum_t * data,

218 unsigned int *critical);

219

220 #define GNUTLS_CRL_REASON_SUPERSEEDED GNUTLS_CRL_REASON_SUPERSEDED,

221 /**

222 * gnutls_x509_crl_reason_flags_t:

223 * @GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN: The privileges were withdrawn from the owner.

224 * @GNUTLS_CRL_REASON_CERTIFICATE_HOLD: The certificate is on hold.

225 * @GNUTLS_CRL_REASON_CESSATION_OF_OPERATION: The end-entity is no longer operating.

226 * @GNUTLS_CRL_REASON_SUPERSEDED: There is a newer certificate of the owner.

227 * @GNUTLS_CRL_REASON_AFFILIATION_CHANGED: The end-entity affiliation has changed.

228 * @GNUTLS_CRL_REASON_CA_COMPROMISE: The CA was compromised.

229 * @GNUTLS_CRL_REASON_KEY_COMPROMISE: The certificate's key was compromised.

230 * @GNUTLS_CRL_REASON_UNUSED: The key was never used.

231 * @GNUTLS_CRL_REASON_AA_COMPROMISE: AA compromised.

232 *

233 * Enumeration of types for the CRL revocation reasons.

234 */

235 typedef enum gnutls_x509_crl_reason_flags_t

236 {

237 GNUTLS_CRL_REASON_UNSPECIFIED=0,

238 GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN=1,

239 GNUTLS_CRL_REASON_CERTIFICATE_HOLD=2,

240 GNUTLS_CRL_REASON_CESSATION_OF_OPERATION=4,

241 GNUTLS_CRL_REASON_SUPERSEDED=8,

242 GNUTLS_CRL_REASON_AFFILIATION_CHANGED=16,

243 GNUTLS_CRL_REASON_CA_COMPROMISE=32,

244 GNUTLS_CRL_REASON_KEY_COMPROMISE=64,

245 GNUTLS_CRL_REASON_UNUSED=128,

246 GNUTLS_CRL_REASON_AA_COMPROMISE=32768

247 } gnutls_x509_crl_reason_flags_t;

248

249 int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,

250 unsigned int seq, void *ret,

251 size_t * ret_size,

252 unsigned int *reason_flags,

253 unsigned int *critical);

254 int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,

255 gnutls_x509_subject_alt_name_t

256 type, const void *data,

257 unsigned int data_size,

258 unsigned int reason_flags);

259 int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,

260 gnutls_x509_subject_alt_name_t

261 type, const void *data_string,

262 unsigned int reason_flags);

263 int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,

264 gnutls_x509_crt_t src);

265

266 int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl,

267 gnutls_x509_crt_t issuer,

268 gnutls_x509_privkey_t issuer_key,

269 gnutls_digest_algorithm_t dig,

270 unsigned int flags);

271

272 time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert);

273 time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert);

274 int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,

275 size_t * result_size);

276

277 int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,

278 unsigned int *bits);

279 int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,

280 gnutls_datum_t * m, gnutls_datum_t * e);

281 int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,

282 gnutls_datum_t * p,

283 gnutls_datum_t * q,

284 gnutls_datum_t * g, gnutls_datum_t * y);

285

286 int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,

287 unsigned int seq, void *san,

288 size_t * san_size,

289 unsigned int *critical);

290 int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,

291 unsigned int seq, void *san,

292 size_t * san_size,

293 unsigned int *san_type,

294 unsigned int *critical);

295

296 int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,

297 unsigned int seq,

298 void *oid,

299 size_t * oid_size);

300

301 int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,

302 unsigned int seq, void *ian,

303 size_t * ian_size,

304 unsigned int *critical);

305 int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,

306 unsigned int seq, void *ian,

307 size_t * ian_size,

308 unsigned int *ian_type,

309 unsigned int *critical);

310

311 int gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,

312 unsigned int seq,

313 void *ret,

314 size_t * ret_size);

315

316 int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,

317 unsigned int *critical);

318 int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,

319 unsigned int *critical,

320 unsigned int *ca, int *pathlen);

321

322 /* The key_usage flags are defined in gnutls.h. They are the

323 * GNUTLS_KEY_* definitions.

324 */

325 int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,

326 unsigned int *key_usage,

327 unsigned int *critical);

328 int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt,

329 unsigned int usage);

330 int gnutls_x509_crt_set_authority_info_access (gnutls_x509_crt_t crt,

331 int what,

332 gnutls_datum_t * data);

333

334 int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,

335 unsigned int *critical,

336 int *pathlen,

337 char **policyLanguage,

338 char **policy, size_t * sizeof_policy);

339

340 #define GNUTLS_MAX_QUALIFIERS 8

341

342 /**

343 * gnutls_x509_qualifier_t:

344 * @GNUTLS_X509_QUALIFIER_UNKNOWN: Unknown qualifier.

345 * @GNUTLS_X509_QUALIFIER_URI: A URL

346 * @GNUTLS_X509_QUALIFIER_NOICE: A text notice.

347 *

348 * Enumeration of types for the X.509 qualifiers, of the certificate policy extension.

349 */

350 typedef enum gnutls_x509_qualifier_t

351 {

352 GNUTLS_X509_QUALIFIER_UNKNOWN = 0, GNUTLS_X509_QUALIFIER_URI,

353 GNUTLS_X509_QUALIFIER_NOTICE

354 } gnutls_x509_qualifier_t;

355

356 typedef struct gnutls_x509_policy_st

357 {

358 char* oid;

359 unsigned int qualifiers;

360 struct {

361 gnutls_x509_qualifier_t type;

362 char* data;

363 unsigned int size;

364 } qualifier[GNUTLS_MAX_QUALIFIERS];

365 } gnutls_x509_policy_st;

366

367 void gnutls_x509_policy_release(struct gnutls_x509_policy_st* policy);

368 int gnutls_x509_crt_get_policy (gnutls_x509_crt_t crt, int indx,

369 struct gnutls_x509_policy_st* policy,

370 unsigned int * critical);

371 int gnutls_x509_crt_set_policy (gnutls_x509_crt_t crt, struct gnutls_x509_policy_st* policy,

372 unsigned int critical);

373

374 int gnutls_x509_dn_oid_known (const char *oid);

375

376 #define GNUTLS_X509_DN_OID_RETURN_OID 1

377 const char* gnutls_x509_dn_oid_name (const char *oid, unsigned int flags);

378

379 /* Read extensions by OID. */

380 int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,

381 void *oid, size_t * oid_size);

382 int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,

383 const char *oid, int indx,

384 void *buf, size_t * buf_size,

385 unsigned int *critical);

386

387 /* Read extensions by sequence number. */

388 int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,

389 void *oid, size_t * oid_size,

390 unsigned int *critical);

391 int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,

392 void *data, size_t * sizeof_data);

393

394 int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,

395 const char *oid,

396 const void *buf,

397 size_t sizeof_buf,

398 unsigned int critical);

399

400 /* X.509 Certificate writing.

401 */

402 int gnutls_x509_crt_set_dn (gnutls_x509_crt_t crt, const char *dn, const char** err);

403

404 int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt,

405 const char *oid,

406 unsigned int raw_flag,

407 const void *name,

408 unsigned int sizeof_name);

409 int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,

410 const char *oid,

411 unsigned int raw_flag,

412 const void *name,

413 unsigned int sizeof_name);

414 int gnutls_x509_crt_set_issuer_dn (gnutls_x509_crt_t crt, const char *dn, const char** err);

415

416 int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt,

417 unsigned int version);

418 int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt,

419 gnutls_x509_privkey_t key);

420 int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca);

421 int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,

422 unsigned int ca,

423 int pathLenConstraint);

424 int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,

425 gnutls_x509_subject_alt_name_t

426 type,

427 const char *data_string);

428 int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt,

429 gnutls_x509_subject_alt_name_t

430 type, const void *data,

431 unsigned int data_size,

432 unsigned int flags);

433 int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,

434 gnutls_x509_privkey_t issuer_key);

435 int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,

436 gnutls_x509_privkey_t issuer_key,

437 gnutls_digest_algorithm_t dig,

438 unsigned int flags);

439 int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert,

440 time_t act_time);

441 int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert,

442 time_t exp_time);

443 int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial,

444 size_t serial_size);

445

446 int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,

447 const void *id, size_t id_size);

448

449 int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt,

450 gnutls_x509_crt_t eecrt,

451 unsigned int raw_flag,

452 const void *name,

453 unsigned int sizeof_name);

454 int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,

455 int pathLenConstraint,

456 const char *policyLanguage,

457 const char *policy, size_t sizeof_policy);

458

459 int gnutls_x509_crt_print (gnutls_x509_crt_t cert,

460 gnutls_certificate_print_formats_t format,

461 gnutls_datum_t * out);

462 int gnutls_x509_crl_print (gnutls_x509_crl_t crl,

463 gnutls_certificate_print_formats_t format,

464 gnutls_datum_t * out);

465

466 /* Access to internal Certificate fields.

467 */

468 int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,

469 gnutls_datum_t * start);

470 int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert,

471 gnutls_datum_t * start);

472

473 /* RDN handling.

474 */

475 int gnutls_x509_rdn_get (const gnutls_datum_t * idn,

476 char *buf, size_t * sizeof_buf);

477 int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,

478 int indx, void *buf, size_t * sizeof_buf);

479

480 int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn,

481 const char *oid, int indx,

482 unsigned int raw_flag, void *buf,

483 size_t * sizeof_buf);

484

485 typedef void *gnutls_x509_dn_t;

486

487 typedef struct gnutls_x509_ava_st

488 {

489 gnutls_datum_t oid;

490 gnutls_datum_t value;

491 unsigned long value_tag;

492 } gnutls_x509_ava_st;

493

494 int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert,

495 gnutls_x509_dn_t * dn);

496 int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert,

497 gnutls_x509_dn_t * dn);

498 int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn,

499 int iava, gnutls_x509_ava_st * ava);

500

501 int gnutls_x509_dn_init (gnutls_x509_dn_t * dn);

502

503 int gnutls_x509_dn_import (gnutls_x509_dn_t dn,

504 const gnutls_datum_t * data);

505

506 int gnutls_x509_dn_export (gnutls_x509_dn_t dn,

507 gnutls_x509_crt_fmt_t format, void *output_data,

508 size_t * output_data_size);

509 int gnutls_x509_dn_export2 (gnutls_x509_dn_t dn,

510 gnutls_x509_crt_fmt_t format,

511 gnutls_datum_t * out);

512

513 void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn);

514

515

516 /* CRL handling functions.

517 */

518 int gnutls_x509_crl_init (gnutls_x509_crl_t * crl);

519 void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);

520

521 int gnutls_x509_crl_import (gnutls_x509_crl_t crl,

522 const gnutls_datum_t * data,

523 gnutls_x509_crt_fmt_t format);

524 int gnutls_x509_crl_export (gnutls_x509_crl_t crl,

525 gnutls_x509_crt_fmt_t format,

526 void *output_data, size_t * output_data_size);

527 int gnutls_x509_crl_export2 (gnutls_x509_crl_t crl,

528 gnutls_x509_crt_fmt_t format,

529 gnutls_datum_t *out);

530

531 int

532 gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,

533 gnutls_datum_t * dn);

534

535 int gnutls_x509_crl_get_issuer_dn (gnutls_x509_crl_t crl,

536 char *buf, size_t * sizeof_buf);

537 int gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t* dn);

538 int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,

539 const char *oid, int indx,

540 unsigned int raw_flag,

541 void *buf, size_t * sizeof_buf);

542 int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx,

543 void *oid, size_t * sizeof_oid);

544

545 int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl);

546 int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,

547 char *sig, size_t * sizeof_sig);

548 int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl);

549

550 time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl);

551 time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl);

552

553 int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);

554 int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,

555 unsigned char *serial,

556 size_t * serial_size, time_t * t);

557 #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count

558 #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial

559

560 int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,

561 gnutls_x509_crt_t issuer);

562

563 int gnutls_x509_crl_list_import2 (gnutls_x509_crl_t ** crls,

564 unsigned int * size,

565 const gnutls_datum_t * data,

566 gnutls_x509_crt_fmt_t format, unsigned int flags);

567

568 int gnutls_x509_crl_list_import (gnutls_x509_crl_t * crls,

569 unsigned int *crl_max,

570 const gnutls_datum_t * data,

571 gnutls_x509_crt_fmt_t format,

572 unsigned int flags);

573 /* CRL writing.

574 */

575 int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl,

576 unsigned int version);

577 int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl,

578 time_t act_time);

579 int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl,

580 time_t exp_time);

581 int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,

582 const void *serial,

583 size_t serial_size,

584 time_t revocation_time);

585 int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl,

586 gnutls_x509_crt_t crt, time_t revocation_time);

587

588 int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *id,

589 size_t * id_size,

590 unsigned int *critical);

591 int gnutls_x509_crl_get_authority_key_gn_serial (gnutls_x509_crl_t crl,

592 unsigned int seq,

593 void *alt,

594 size_t * alt_size,

595 unsigned int *alt_type,

596 void* serial,

597 size_t *serial_size,

598 unsigned int *critical);

599

600 int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,

601 size_t * ret_size, unsigned int *critical);

602

603 int gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,

604 void *oid, size_t * sizeof_oid);

605

606 int gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,

607 void *oid, size_t * sizeof_oid,

608 unsigned int *critical);

609

610 int gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,

611 void *data, size_t * sizeof_data);

612

613 int gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,

614 const void *id, size_t id_size);

615

616 int gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,

617 const void *nr, size_t nr_size);

618

619

620 /* PKCS7 structures handling

621 */

622 struct gnutls_pkcs7_int;

623 typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;

624

625 int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7);

626 void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7);

627 int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7,

628 const gnutls_datum_t * data,

629 gnutls_x509_crt_fmt_t format);

630 int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,

631 gnutls_x509_crt_fmt_t format,

632 void *output_data, size_t * output_data_size);

633 int gnutls_pkcs7_export2 (gnutls_pkcs7_t pkcs7,

634 gnutls_x509_crt_fmt_t format,

635 gnutls_datum_t *out);

636

637 int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7);

638 int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx,

639 void *certificate, size_t * certificate_size);

640

641 int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7,

642 const gnutls_datum_t * crt);

643 int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);

644 int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx);

645

646 int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,

647 int indx, void *crl, size_t * crl_size);

648 int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7);

649

650 int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7,

651 const gnutls_datum_t * crl);

652 int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);

653 int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx);

654

655 /* X.509 Certificate verification functions.

656 */

657

658 /**

659 * gnutls_certificate_verify_flags:

660 * @GNUTLS_VERIFY_DISABLE_CA_SIGN: If set a signer does not have to be

661 * a certificate authority. This flag should normaly be disabled,

662 * unless you know what this means.

663 * @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trusted

664 * list is never checked for expiration or activation.

665 * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA certificates

666 * with version 1. This is safer than %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT,

667 * and should be used instead. That way only signers in your trusted list

668 * will be allowed to have certificates of version 1. This is the default.

669 * @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA

670 * certificates that have version 1. This option is to be used

671 * to deprecate all certificates of version 1.

672 * @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by

673 * anyone trusted but exists in the trusted CA list do not treat it

674 * as trusted.

675 * @GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN: A certificate chain is tolerated

676 * if unsorted (the case with many TLS servers out there). This is the

677 * default since GnuTLS 3.1.4.

678 * @GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Do not tolerate an unsorted

679 * certificate chain.

680 * @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that

681 * have version 1 (both root and intermediate). This might be

682 * dangerous since those haven't the basicConstraints

683 * extension. Must be used in combination with

684 * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.

685 * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed

686 * using the broken MD2 algorithm.

687 * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed

688 * using the broken MD5 algorithm.

689 * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation

690 * and expiration validity periods of certificate chains. Don't set

691 * this unless you understand the security implications.

692 * @GNUTLS_VERIFY_DISABLE_CRL_CHECKS: Disable checking for validity

693 * using certificate revocation lists or the available OCSP data.

694 *

695 * Enumeration of different certificate verify flags.

696 */

697 typedef enum gnutls_certificate_verify_flags

698 {

699 GNUTLS_VERIFY_DISABLE_CA_SIGN = 1<<0,

700 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 1<<1,

701 GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1<<2,

702 GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1<<3,

703 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1<<4,

704 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1<<5,

705 GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1<<6,

706 GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1<<7,

707 GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1<<8,

708 GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1<<9,

709 GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1<<10,

710 GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1<<11,

711 } gnutls_certificate_verify_flags;

712

713 int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,

714 gnutls_x509_crt_t issuer);

715

716 int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,

717 int cert_list_length,

718 const gnutls_x509_crt_t * CA_list,

719 int CA_list_length,

720 const gnutls_x509_crl_t * CRL_list,

721 int CRL_list_length,

722 unsigned int flags, unsigned int *verify);

723

724 int gnutls_x509_crt_verify (gnutls_x509_crt_t cert,

725 const gnutls_x509_crt_t * CA_list,

726 int CA_list_length, unsigned int flags,

727 unsigned int *verify);

728 int gnutls_x509_crl_verify (gnutls_x509_crl_t crl,

729 const gnutls_x509_crt_t * CA_list,

730 int CA_list_length, unsigned int flags,

731 unsigned int *verify);

732

733 int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,

734 const gnutls_x509_crl_t *

735 crl_list, int crl_list_length);

736

737 int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,

738 gnutls_digest_algorithm_t algo,

739 void *buf, size_t * buf_size);

740

741 int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,

742 int indx, void *oid,

743 size_t * oid_size,

744 unsigned int *critical);

745 int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,

746 const void *oid,

747 unsigned int critical);

748

749 /* Private key handling.

750 */

751

752 /* Flags for the gnutls_x509_privkey_export_pkcs8() function.

753 */

754

755 #define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN

756 #define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES

757 #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR

758 #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40

759

760 /**

761 * gnutls_pkcs_encrypt_flags_t:

762 * @GNUTLS_PKCS_PLAIN: Unencrypted private key.

763 * @GNUTLS_PKCS_NULL_PASSWORD: Some schemas distinguish between an empty and a NULL password.

764 * @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES.

765 * @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR.

766 * @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40.

767 * @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES.

768 * @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128.

769 * @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192.

770 * @GNUTLS_PKCS_USE_PBES2_AES_256: PBES2 AES-256.

771 *

772 * Enumeration of different PKCS encryption flags.

773 */

774 typedef enum gnutls_pkcs_encrypt_flags_t

775 {

776 GNUTLS_PKCS_PLAIN = 1,

777 GNUTLS_PKCS_USE_PKCS12_3DES = 2,

778 GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,

779 GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,

780 GNUTLS_PKCS_USE_PBES2_3DES = 16,

781 GNUTLS_PKCS_USE_PBES2_AES_128 = 32,

782 GNUTLS_PKCS_USE_PBES2_AES_192 = 64,

783 GNUTLS_PKCS_USE_PBES2_AES_256 = 128,

784 GNUTLS_PKCS_NULL_PASSWORD = 256

785 } gnutls_pkcs_encrypt_flags_t;

786

787 int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);

788 void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);

789 gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t

790 key);

791 int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,

792 gnutls_x509_privkey_t src);

793 int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,

794 const gnutls_datum_t * data,

795 gnutls_x509_crt_fmt_t format);

796 int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,

797 const gnutls_datum_t * data,

798 gnutls_x509_crt_fmt_t format,

799 const char *password,

800 unsigned int flags);

801 int gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key,

802 const gnutls_datum_t *data,

803 const char* password);

804

805 int gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,

806 const gnutls_datum_t * data,

807 gnutls_x509_crt_fmt_t format,

808 const char* password, unsigned int flags);

809

810 int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,

811 const gnutls_datum_t * m,

812 const gnutls_datum_t * e,

813 const gnutls_datum_t * d,

814 const gnutls_datum_t * p,

815 const gnutls_datum_t * q,

816 const gnutls_datum_t * u);

817 int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,

818 const gnutls_datum_t * m,

819 const gnutls_datum_t * e,

820 const gnutls_datum_t * d,

821 const gnutls_datum_t * p,

822 const gnutls_datum_t * q,

823 const gnutls_datum_t * u,

824 const gnutls_datum_t * e1,

825 const gnutls_datum_t * e2);

826 int gnutls_x509_privkey_import_ecc_raw (gnutls_x509_privkey_t key,

827 gnutls_ecc_curve_t curve,

828 const gnutls_datum_t * x,

829 const gnutls_datum_t * y,

830 const gnutls_datum_t * k);

831

832 int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key);

833

834 int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,

835 gnutls_datum_t * p,

836 gnutls_datum_t * q,

837 gnutls_datum_t * g,

838 gnutls_datum_t * y,

839 gnutls_datum_t * x);

840 int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,

841 const gnutls_datum_t * p,

842 const gnutls_datum_t * q,

843 const gnutls_datum_t * g,

844 const gnutls_datum_t * y,

845 const gnutls_datum_t * x);

846

847 int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);

848 int gnutls_x509_privkey_get_pk_algorithm2 (gnutls_x509_privkey_t key, unsigned int *bits);

849 int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,

850 unsigned int flags,

851 unsigned char *output_data,

852 size_t * output_data_size);

853

854 int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,

855 gnutls_pk_algorithm_t algo,

856 unsigned int bits, unsigned int flags);

857 int gnutls_x509_privkey_verify_params (gnutls_x509_privkey_t key);

858

859 int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,

860 gnutls_x509_crt_fmt_t format,

861 void *output_data,

862 size_t * output_data_size);

863 int gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key,

864 gnutls_x509_crt_fmt_t format,

865 gnutls_datum_t * out);

866 int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,

867 gnutls_x509_crt_fmt_t format,

868 const char *password,

869 unsigned int flags,

870 void *output_data,

871 size_t * output_data_size);

872 int gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,

873 gnutls_x509_crt_fmt_t format,

874 const char *password,

875 unsigned int flags,

876 gnutls_datum_t * out);

877 int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,

878 gnutls_datum_t * m,

879 gnutls_datum_t * e,

880 gnutls_datum_t * d,

881 gnutls_datum_t * p,

882 gnutls_datum_t * q,

883 gnutls_datum_t * u,

884 gnutls_datum_t * e1,

885 gnutls_datum_t * e2);

886 int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,

887 gnutls_datum_t * m,

888 gnutls_datum_t * e,

889 gnutls_datum_t * d,

890 gnutls_datum_t * p,

891 gnutls_datum_t * q,

892 gnutls_datum_t * u);

893 int gnutls_x509_privkey_export_ecc_raw (gnutls_x509_privkey_t key,

894 gnutls_ecc_curve_t *curve,

895 gnutls_datum_t * x, gnutls_datum_t * y,

896 gnutls_datum_t* k);

897 /* Certificate request stuff.

898 */

899

900 int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq,

901 gnutls_x509_privkey_t key,

902 gnutls_digest_algorithm_t dig,

903 unsigned int flags);

904

905 int gnutls_x509_crq_print (gnutls_x509_crq_t crq,

906 gnutls_certificate_print_formats_t format,

907 gnutls_datum_t * out);

908

909 int gnutls_x509_crq_verify (gnutls_x509_crq_t crq, unsigned int flags);

910

911 int gnutls_x509_crq_init (gnutls_x509_crq_t * crq);

912 void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq);

913 int gnutls_x509_crq_import (gnutls_x509_crq_t crq,

914 const gnutls_datum_t * data,

915 gnutls_x509_crt_fmt_t format);

916

917 int gnutls_x509_crq_get_private_key_usage_period (gnutls_x509_crq_t cert, time_t* activation, time_t* expiration,

918 unsigned int *critical);

919

920 int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf,

921 size_t * sizeof_buf);

922 int gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t* dn);

923 int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx,

924 void *oid, size_t * sizeof_oid);

925 int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,

926 const char *oid, int indx,

927 unsigned int raw_flag, void *buf,

928 size_t * sizeof_buf);

929 int gnutls_x509_crq_set_dn (gnutls_x509_crq_t crq, const char *dn, const char** err);

930 int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq,

931 const char *oid,

932 unsigned int raw_flag,

933 const void *data,

934 unsigned int sizeof_data);

935 int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq,

936 unsigned int version);

937 int gnutls_x509_crq_get_version (gnutls_x509_crq_t crq);

938 int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq,

939 gnutls_x509_privkey_t key);

940

941 int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,

942 const char *pass);

943 int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,

944 char *pass,

945 size_t * sizeof_pass);

946

947 int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,

948 const char *oid, void *buf,

949 size_t sizeof_buf);

950 int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,

951 const char *oid, int indx,

952 void *buf, size_t * sizeof_buf);

953

954 int gnutls_x509_crq_export (gnutls_x509_crq_t crq,

955 gnutls_x509_crt_fmt_t format,

956 void *output_data, size_t * output_data_size);

957 int gnutls_x509_crq_export2 (gnutls_x509_crq_t crq,

958 gnutls_x509_crt_fmt_t format,

959 gnutls_datum_t * out);

960

961 int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);

962 int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,

963 gnutls_x509_crq_t crq);

964

965 int gnutls_x509_crq_set_private_key_usage_period (gnutls_x509_crq_t crq,

966 time_t activation,

967 time_t expiration);

968 int gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,

969 const gnutls_datum_t * m,

970 const gnutls_datum_t * e);

971 int gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq,

972 gnutls_x509_subject_alt_name_t nt,

973 const void *data,

974 unsigned int data_size,

975 unsigned int flags);

976

977 int gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq,

978 unsigned int usage);

979 int gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,

980 unsigned int ca,

981 int pathLenConstraint);

982 int gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,

983 const void *oid,

984 unsigned int critical);

985 int gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, int indx,

986 void *oid, size_t * sizeof_oid,

987 unsigned int *critical);

988

989 int gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,

990 void *data, size_t * sizeof_data);

991 int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,

992 void *oid, size_t * sizeof_oid,

993 unsigned int *critical);

994 int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,

995 void *data, size_t * sizeof_data);

996 int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,

997 void *oid, size_t * sizeof_oid);

998 int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq,

999 unsigned int *bits);

1000

1001 int gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,

1002 unsigned char *output_data,

1003 size_t * output_data_size);

1004 int gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq,

1005 gnutls_datum_t * m,

1006 gnutls_datum_t * e);

1007

1008 int gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,

1009 unsigned int *key_usage,

1010 unsigned int *critical);

1011 int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,

1012 unsigned int *critical,

1013 unsigned int *ca, int *pathlen);

1014 int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,

1015 unsigned int seq, void *ret,

1016 size_t * ret_size,

1017 unsigned int *ret_type,

1018 unsigned int *critical);

1019 int gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,

1020 unsigned int seq,

1021 void *ret,

1022 size_t * ret_size);

1023

1024 int gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,

1025 const char *oid, int indx,

1026 void *buf, size_t * sizeof_buf,

1027 unsigned int *critical);

1028

1029 typedef struct gnutls_x509_trust_list_st *gnutls_x509_trust_list_t;

1030

1031 int

1032 gnutls_x509_trust_list_init (gnutls_x509_trust_list_t * list, unsigned int size);

1033

1034 void

1035 gnutls_x509_trust_list_deinit (gnutls_x509_trust_list_t list, unsigned int all);

1036

1037 int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list,

1038 gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags);

1039

1040 int

1041 gnutls_x509_trust_list_add_cas (gnutls_x509_trust_list_t list,

1042 const gnutls_x509_crt_t * clist, int clist_size, unsigned int flags);

1043 int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list,

1044 const gnutls_x509_crt_t * clist,

1045 int clist_size);

1046

1047 int gnutls_x509_trust_list_add_named_crt (gnutls_x509_trust_list_t list,

1048 gnutls_x509_crt_t cert, const void* name, size_t name_size, unsigned int flags);

1049

1050 #define GNUTLS_TL_VERIFY_CRL 1

1051 int

1052 gnutls_x509_trust_list_add_crls (gnutls_x509_trust_list_t list,

1053 const gnutls_x509_crl_t * crl_list, int crl_size, unsigned int flags,

1054 unsigned int verification_flags);

1055

1056 typedef int gnutls_verify_output_function (

1057 gnutls_x509_crt_t cert,

1058 gnutls_x509_crt_t issuer, /* The issuer if verification failed

1059 * because of him. might be null.

1060 */

1061 gnutls_x509_crl_t crl, /* The CRL that caused verification failure

1062 * if any. Might be null.

1063 */

1064 unsigned int verification_output);

1065

1066 int gnutls_x509_trust_list_verify_named_crt (

1067 gnutls_x509_trust_list_t list,

1068 gnutls_x509_crt_t cert,

1069 const void * name, size_t name_size,

1070 unsigned int flags,

1071 unsigned int *verify,

1072 gnutls_verify_output_function func);

1073

1074 int

1075 gnutls_x509_trust_list_verify_crt (

1076 gnutls_x509_trust_list_t list,

1077 gnutls_x509_crt_t *cert_list,

1078 unsigned int cert_list_size,

1079 unsigned int flags,

1080 unsigned int *verify,

1081 gnutls_verify_output_function func);

1082

1083 /* trust list convenience functions */

1084 int

1085 gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list,

1086 const gnutls_datum_t * cas,

1087 const gnutls_datum_t * crls,

1088 gnutls_x509_crt_fmt_t type,

1089 unsigned int tl_flags,

1090 unsigned int tl_vflags);

1091

1092 int

1093 gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,

1094 const char* ca_file,

1095 const char* crl_file,

1096 gnutls_x509_crt_fmt_t type,

1097 unsigned int tl_flags,

1098 unsigned int tl_vflags);

1099

1100 int

1101 gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list,

1102 const char* ca_file,

1103 gnutls_x509_crt_fmt_t type);

1104

1105 int

1106 gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list,

1107 const gnutls_datum_t * cas,

1108 gnutls_x509_crt_fmt_t type);

1109

1110 int

1111 gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,

1112 unsigned int tl_flags, unsigned int tl_vflags);

1113 #ifdef __cplusplus

1114 }

1115 #endif

1116

1117 #endif /* GNUTLS_X509_H */