2 @subheading gnutls_pkcs7_deinit
3 @anchor{gnutls_pkcs7_deinit}
4 @deftypefun {void} {gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7})
5 @var{pkcs7}: The structure to be initialized
7 This function will deinitialize a PKCS7 structure.
10 @subheading gnutls_pkcs7_delete_crl
11 @anchor{gnutls_pkcs7_delete_crl}
12 @deftypefun {int} {gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx})
13 @var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
15 @var{indx}: the index of the crl to delete
17 This function will delete a crl from a PKCS7 or RFC2630 crl set.
18 Index starts from 0. Returns 0 on success.
20 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
24 @subheading gnutls_pkcs7_delete_crt
25 @anchor{gnutls_pkcs7_delete_crt}
26 @deftypefun {int} {gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx})
27 @var{pkcs7}: should contain a gnutls_pkcs7_t structure
29 @var{indx}: the index of the certificate to delete
31 This function will delete a certificate from a PKCS7 or RFC2630
32 certificate set. Index starts from 0. Returns 0 on success.
34 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
38 @subheading gnutls_pkcs7_export
39 @anchor{gnutls_pkcs7_export}
40 @deftypefun {int} {gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
41 @var{pkcs7}: Holds the pkcs7 structure
43 @var{format}: the format of output params. One of PEM or DER.
45 @var{output_data}: will contain a structure PEM or DER encoded
47 @var{output_data_size}: holds the size of output_data (and will be
48 replaced by the actual size of parameters)
50 This function will export the pkcs7 structure to DER or PEM format.
52 If the buffer provided is not long enough to hold the output, then
53 * @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}
56 If the structure is PEM encoded, it will have a header
59 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
63 @subheading gnutls_pkcs7_get_crl_count
64 @anchor{gnutls_pkcs7_get_crl_count}
65 @deftypefun {int} {gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7})
66 @var{pkcs7}: should contain a gnutls_pkcs7_t structure
68 This function will return the number of certifcates in the PKCS7
71 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
75 @subheading gnutls_pkcs7_get_crl_raw
76 @anchor{gnutls_pkcs7_get_crl_raw}
77 @deftypefun {int} {gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{crl}, size_t * @var{crl_size})
78 @var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
80 @var{indx}: contains the index of the crl to extract
82 @var{crl}: the contents of the crl will be copied there (may be null)
84 @var{crl_size}: should hold the size of the crl
86 This function will return a crl of the PKCS7 or RFC2630 crl set.
88 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
89 negative error value. If the provided buffer is not long enough,
90 then @code{crl_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} is
91 returned. After the last crl has been read
92 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
95 @subheading gnutls_pkcs7_get_crt_count
96 @anchor{gnutls_pkcs7_get_crt_count}
97 @deftypefun {int} {gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7})
98 @var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
100 This function will return the number of certifcates in the PKCS7
101 or RFC2630 certificate set.
103 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
104 negative error value.
107 @subheading gnutls_pkcs7_get_crt_raw
108 @anchor{gnutls_pkcs7_get_crt_raw}
109 @deftypefun {int} {gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}, void * @var{certificate}, size_t * @var{certificate_size})
110 @var{pkcs7}: should contain a gnutls_pkcs7_t structure
112 @var{indx}: contains the index of the certificate to extract
114 @var{certificate}: the contents of the certificate will be copied
117 @var{certificate_size}: should hold the size of the certificate
119 This function will return a certificate of the PKCS7 or RFC2630
122 After the last certificate has been read
123 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
125 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
126 negative error value. If the provided buffer is not long enough,
127 then @code{certificate_size} is updated and
128 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned.
131 @subheading gnutls_pkcs7_import
132 @anchor{gnutls_pkcs7_import}
133 @deftypefun {int} {gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
134 @var{pkcs7}: The structure to store the parsed PKCS7.
136 @var{data}: The DER or PEM encoded PKCS7.
138 @var{format}: One of DER or PEM
140 This function will convert the given DER or PEM encoded PKCS7 to
141 the native @code{gnutls_pkcs7_t} format. The output will be stored in
144 If the PKCS7 is PEM encoded it should have a header of "PKCS7".
146 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
147 negative error value.
150 @subheading gnutls_pkcs7_init
151 @anchor{gnutls_pkcs7_init}
152 @deftypefun {int} {gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7})
153 @var{pkcs7}: The structure to be initialized
155 This function will initialize a PKCS7 structure. PKCS7 structures
156 usually contain lists of X.509 Certificates and X.509 Certificate
159 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
160 negative error value.
163 @subheading gnutls_pkcs7_set_crl
164 @anchor{gnutls_pkcs7_set_crl}
165 @deftypefun {int} {gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl})
166 @var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
168 @var{crl}: the DER encoded crl to be added
170 This function will add a parsed CRL to the PKCS7 or RFC2630 crl
173 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
174 negative error value.
177 @subheading gnutls_pkcs7_set_crl_raw
178 @anchor{gnutls_pkcs7_set_crl_raw}
179 @deftypefun {int} {gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl})
180 @var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
182 @var{crl}: the DER encoded crl to be added
184 This function will add a crl to the PKCS7 or RFC2630 crl set.
186 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
187 negative error value.
190 @subheading gnutls_pkcs7_set_crt
191 @anchor{gnutls_pkcs7_set_crt}
192 @deftypefun {int} {gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt})
193 @var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
195 @var{crt}: the certificate to be copied.
197 This function will add a parsed certificate to the PKCS7 or
198 RFC2630 certificate set. This is a wrapper function over
199 @code{gnutls_pkcs7_set_crt_raw()} .
201 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
202 negative error value.
205 @subheading gnutls_pkcs7_set_crt_raw
206 @anchor{gnutls_pkcs7_set_crt_raw}
207 @deftypefun {int} {gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt})
208 @var{pkcs7}: should contain a @code{gnutls_pkcs7_t} structure
210 @var{crt}: the DER encoded certificate to be added
212 This function will add a certificate to the PKCS7 or RFC2630
215 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
216 negative error value.
219 @subheading gnutls_x509_crl_check_issuer
220 @anchor{gnutls_x509_crl_check_issuer}
221 @deftypefun {int} {gnutls_x509_crl_check_issuer} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer})
222 @var{crl}: is the CRL to be checked
224 @var{issuer}: is the certificate of a possible issuer
226 This function will check if the given CRL was issued by the given
227 issuer certificate. It will return true (1) if the given CRL was
228 issued by the given issuer, and false (0) if not.
230 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
231 negative error value.
234 @subheading gnutls_x509_crl_deinit
235 @anchor{gnutls_x509_crl_deinit}
236 @deftypefun {void} {gnutls_x509_crl_deinit} (gnutls_x509_crl_t @var{crl})
237 @var{crl}: The structure to be initialized
239 This function will deinitialize a CRL structure.
242 @subheading gnutls_x509_crl_export
243 @anchor{gnutls_x509_crl_export}
244 @deftypefun {int} {gnutls_x509_crl_export} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
245 @var{crl}: Holds the revocation list
247 @var{format}: the format of output params. One of PEM or DER.
249 @var{output_data}: will contain a private key PEM or DER encoded
251 @var{output_data_size}: holds the size of output_data (and will
252 be replaced by the actual size of parameters)
254 This function will export the revocation list to DER or PEM format.
256 If the buffer provided is not long enough to hold the output, then
257 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned.
259 If the structure is PEM encoded, it will have a header
262 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
263 negative error value. and a negative error code on failure.
266 @subheading gnutls_x509_crl_get_authority_key_gn_serial
267 @anchor{gnutls_x509_crl_get_authority_key_gn_serial}
268 @deftypefun {int} {gnutls_x509_crl_get_authority_key_gn_serial} (gnutls_x509_crl_t @var{crl}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void* @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical})
269 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
271 @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
273 @var{alt}: is the place where the alternative name will be copied to
275 @var{alt_size}: holds the size of alt.
277 @var{alt_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).
279 @var{serial}: buffer to store the serial number (may be null)
281 @var{serial_size}: Holds the size of the serial field (may be null)
283 @var{critical}: will be non (0) if the extension is marked as critical (may be null)
285 This function will return the X.509 authority key
286 identifier when stored as a general name (authorityCertIssuer)
289 Because more than one general names might be stored
290 @code{seq} can be used as a counter to request them all until
291 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
293 @strong{Returns:} Returns 0 on success, or an error code.
298 @subheading gnutls_x509_crl_get_authority_key_id
299 @anchor{gnutls_x509_crl_get_authority_key_id}
300 @deftypefun {int} {gnutls_x509_crl_get_authority_key_id} (gnutls_x509_crl_t @var{crl}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical})
301 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
303 @var{id}: The place where the identifier will be copied
305 @var{id_size}: Holds the size of the result field.
307 @var{critical}: will be non (0) if the extension is marked as critical
310 This function will return the CRL authority's key identifier. This
311 is obtained by the X.509 Authority Key identifier extension field
312 (2.5.29.35). Note that this function
313 only returns the keyIdentifier field of the extension and
314 @code{GNUTLS_E_X509_UNSUPPORTED_EXTENSION} , if the extension contains
315 the name and serial number of the certificate. In that case
316 @code{gnutls_x509_crl_get_authority_key_gn_serial()} may be used.
318 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
319 negative error code in case of an error.
321 @strong{Since:} 2.8.0
324 @subheading gnutls_x509_crl_get_crt_count
325 @anchor{gnutls_x509_crl_get_crt_count}
326 @deftypefun {int} {gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t @var{crl})
327 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
329 This function will return the number of revoked certificates in the
332 @strong{Returns:} number of certificates, a negative error code on failure.
335 @subheading gnutls_x509_crl_get_crt_serial
336 @anchor{gnutls_x509_crl_get_crt_serial}
337 @deftypefun {int} {gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t @var{crl}, int @var{indx}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t})
338 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
340 @var{indx}: the index of the certificate to extract (starting from 0)
342 @var{serial}: where the serial number will be copied
344 @var{serial_size}: initially holds the size of serial
346 @var{t}: if non null, will hold the time this certificate was revoked
348 This function will retrieve the serial number of the specified, by
349 the index, revoked certificate.
351 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
352 negative error value. and a negative error code on error.
355 @subheading gnutls_x509_crl_get_dn_oid
356 @anchor{gnutls_x509_crl_get_dn_oid}
357 @deftypefun {int} {gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
358 @var{crl}: should contain a gnutls_x509_crl_t structure
360 @var{indx}: Specifies which DN OID to send. Use (0) to get the first one.
362 @var{oid}: a pointer to a structure to hold the name (may be null)
364 @var{sizeof_oid}: initially holds the size of 'oid'
366 This function will extract the requested OID of the name of the CRL
367 issuer, specified by the given index.
369 If oid is null then only the size will be filled.
371 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
372 not long enough, and in that case the sizeof_oid will be updated
373 with the required size. On success 0 is returned.
376 @subheading gnutls_x509_crl_get_extension_data
377 @anchor{gnutls_x509_crl_get_extension_data}
378 @deftypefun {int} {gnutls_x509_crl_get_extension_data} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})
379 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
381 @var{indx}: Specifies which extension OID to send. Use (0) to get the first one.
383 @var{data}: a pointer to a structure to hold the data (may be null)
385 @var{sizeof_data}: initially holds the size of @code{oid}
387 This function will return the requested extension data in the CRL.
388 The extension data will be stored as a string in the provided
391 Use @code{gnutls_x509_crl_get_extension_info()} to extract the OID and
392 critical flag. Use @code{gnutls_x509_crl_get_extension_info()} instead,
393 if you want to get data indexed by the extension OID rather than
396 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
397 negative error code in case of an error. If your have reached the
398 last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
401 @strong{Since:} 2.8.0
404 @subheading gnutls_x509_crl_get_extension_info
405 @anchor{gnutls_x509_crl_get_extension_info}
406 @deftypefun {int} {gnutls_x509_crl_get_extension_info} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical})
407 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
409 @var{indx}: Specifies which extension OID to send, use (0) to get the first one.
411 @var{oid}: a pointer to a structure to hold the OID
413 @var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return
414 holds actual size of @code{oid} .
416 @var{critical}: output variable with critical flag, may be NULL.
418 This function will return the requested extension OID in the CRL,
419 and the critical flag for it. The extension OID will be stored as
420 a string in the provided buffer. Use
421 @code{gnutls_x509_crl_get_extension_data()} to extract the data.
423 If the buffer provided is not long enough to hold the output, then
424 * @code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be
427 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
428 negative error code in case of an error. If your have reached the
429 last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
432 @strong{Since:} 2.8.0
435 @subheading gnutls_x509_crl_get_extension_oid
436 @anchor{gnutls_x509_crl_get_extension_oid}
437 @deftypefun {int} {gnutls_x509_crl_get_extension_oid} (gnutls_x509_crl_t @var{crl}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
438 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
440 @var{indx}: Specifies which extension OID to send, use (0) to get the first one.
442 @var{oid}: a pointer to a structure to hold the OID (may be null)
444 @var{sizeof_oid}: initially holds the size of @code{oid}
446 This function will return the requested extension OID in the CRL.
447 The extension OID will be stored as a string in the provided
450 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
451 negative error code in case of an error. If your have reached the
452 last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
455 @strong{Since:} 2.8.0
458 @subheading gnutls_x509_crl_get_issuer_dn
459 @anchor{gnutls_x509_crl_get_issuer_dn}
460 @deftypefun {int} {gnutls_x509_crl_get_issuer_dn} (const gnutls_x509_crl_t @var{crl}, char * @var{buf}, size_t * @var{sizeof_buf})
461 @var{crl}: should contain a gnutls_x509_crl_t structure
463 @var{buf}: a pointer to a structure to hold the peer's name (may be null)
465 @var{sizeof_buf}: initially holds the size of @code{buf}
467 This function will copy the name of the CRL issuer in the provided
468 buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
469 described in RFC4514. The output string will be ASCII or UTF-8
470 encoded, depending on the certificate data.
472 If buf is @code{NULL} then only the size will be filled.
474 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
475 not long enough, and in that case the sizeof_buf will be updated
476 with the required size, and 0 on success.
479 @subheading gnutls_x509_crl_get_issuer_dn_by_oid
480 @anchor{gnutls_x509_crl_get_issuer_dn_by_oid}
481 @deftypefun {int} {gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t @var{crl}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
482 @var{crl}: should contain a gnutls_x509_crl_t structure
484 @var{oid}: holds an Object Identified in null terminated string
486 @var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one.
488 @var{raw_flag}: If non (0) returns the raw DER data of the DN part.
490 @var{buf}: a pointer to a structure to hold the peer's name (may be null)
492 @var{sizeof_buf}: initially holds the size of @code{buf}
494 This function will extract the part of the name of the CRL issuer
495 specified by the given OID. The output will be encoded as described
496 in RFC4514. The output string will be ASCII or UTF-8 encoded,
497 depending on the certificate data.
499 Some helper macros with popular OIDs can be found in gnutls/x509.h
500 If raw flag is (0), this function will only return known OIDs as
501 text. Other OIDs will be DER encoded, as described in RFC4514 -- in
502 hex format with a '#' prefix. You can check about known OIDs
503 using @code{gnutls_x509_dn_oid_known()} .
505 If buf is null then only the size will be filled.
507 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
508 not long enough, and in that case the sizeof_buf will be updated
509 with the required size, and 0 on success.
512 @subheading gnutls_x509_crl_get_next_update
513 @anchor{gnutls_x509_crl_get_next_update}
514 @deftypefun {time_t} {gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t @var{crl})
515 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
517 This function will return the time the next CRL will be issued.
518 This field is optional in a CRL so it might be normal to get an
521 @strong{Returns:} when the next CRL will be issued, or (time_t)-1 on error.
524 @subheading gnutls_x509_crl_get_number
525 @anchor{gnutls_x509_crl_get_number}
526 @deftypefun {int} {gnutls_x509_crl_get_number} (gnutls_x509_crl_t @var{crl}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})
527 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
529 @var{ret}: The place where the number will be copied
531 @var{ret_size}: Holds the size of the result field.
533 @var{critical}: will be non (0) if the extension is marked as critical
536 This function will return the CRL number extension. This is
537 obtained by the CRL Number extension field (2.5.29.20).
539 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
540 negative error code in case of an error.
542 @strong{Since:} 2.8.0
545 @subheading gnutls_x509_crl_get_raw_issuer_dn
546 @anchor{gnutls_x509_crl_get_raw_issuer_dn}
547 @deftypefun {int} {gnutls_x509_crl_get_raw_issuer_dn} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn})
548 @var{crl}: should contain a gnutls_x509_crl_t structure
550 @var{dn}: will hold the starting point of the DN
552 This function will return a pointer to the DER encoded DN structure
555 @strong{Returns:} a negative error code on error, and (0) on success.
557 @strong{Since:} 2.12.0
560 @subheading gnutls_x509_crl_get_signature
561 @anchor{gnutls_x509_crl_get_signature}
562 @deftypefun {int} {gnutls_x509_crl_get_signature} (gnutls_x509_crl_t @var{crl}, char * @var{sig}, size_t * @var{sizeof_sig})
563 @var{crl}: should contain a gnutls_x509_crl_t structure
565 @var{sig}: a pointer where the signature part will be copied (may be null).
567 @var{sizeof_sig}: initially holds the size of @code{sig}
569 This function will extract the signature field of a CRL.
571 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
572 negative error value. and a negative error code on error.
575 @subheading gnutls_x509_crl_get_signature_algorithm
576 @anchor{gnutls_x509_crl_get_signature_algorithm}
577 @deftypefun {int} {gnutls_x509_crl_get_signature_algorithm} (gnutls_x509_crl_t @var{crl})
578 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
580 This function will return a value of the @code{gnutls_sign_algorithm_t}
581 enumeration that is the signature algorithm.
583 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
584 negative error value.
587 @subheading gnutls_x509_crl_get_this_update
588 @anchor{gnutls_x509_crl_get_this_update}
589 @deftypefun {time_t} {gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t @var{crl})
590 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
592 This function will return the time this CRL was issued.
594 @strong{Returns:} when the CRL was issued, or (time_t)-1 on error.
597 @subheading gnutls_x509_crl_get_version
598 @anchor{gnutls_x509_crl_get_version}
599 @deftypefun {int} {gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl})
600 @var{crl}: should contain a @code{gnutls_x509_crl_t} structure
602 This function will return the version of the specified CRL.
604 @strong{Returns:} The version number, or a negative error code on error.
607 @subheading gnutls_x509_crl_import
608 @anchor{gnutls_x509_crl_import}
609 @deftypefun {int} {gnutls_x509_crl_import} (gnutls_x509_crl_t @var{crl}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
610 @var{crl}: The structure to store the parsed CRL.
612 @var{data}: The DER or PEM encoded CRL.
614 @var{format}: One of DER or PEM
616 This function will convert the given DER or PEM encoded CRL
617 to the native @code{gnutls_x509_crl_t} format. The output will be stored in 'crl'.
619 If the CRL is PEM encoded it should have a header of "X509 CRL".
621 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
622 negative error value.
625 @subheading gnutls_x509_crl_init
626 @anchor{gnutls_x509_crl_init}
627 @deftypefun {int} {gnutls_x509_crl_init} (gnutls_x509_crl_t * @var{crl})
628 @var{crl}: The structure to be initialized
630 This function will initialize a CRL structure. CRL stands for
631 Certificate Revocation List. A revocation list usually contains
632 lists of certificate serial numbers that have been revoked by an
633 Authority. The revocation lists are always signed with the
634 authority's private key.
636 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
637 negative error value.
640 @subheading gnutls_x509_crl_list_import
641 @anchor{gnutls_x509_crl_list_import}
642 @deftypefun {int} {gnutls_x509_crl_list_import} (gnutls_x509_crl_t * @var{crls}, unsigned int * @var{crl_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
643 @var{crls}: The structures to store the parsed CRLs. Must not be initialized.
645 @var{crl_max}: Initially must hold the maximum number of crls. It will be updated with the number of crls available.
647 @var{data}: The PEM encoded CRLs
649 @var{format}: One of DER or PEM.
651 @var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
653 This function will convert the given PEM encoded CRL list
654 to the native gnutls_x509_crl_t format. The output will be stored
655 in @code{crls} . They will be automatically initialized.
657 If the Certificate is PEM encoded it should have a header of "X509 CRL".
659 @strong{Returns:} the number of certificates read or a negative error value.
664 @subheading gnutls_x509_crl_list_import2
665 @anchor{gnutls_x509_crl_list_import2}
666 @deftypefun {int} {gnutls_x509_crl_list_import2} (gnutls_x509_crl_t ** @var{crls}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
667 @var{crls}: The structures to store the parsed crl list. Must not be initialized.
669 @var{size}: It will contain the size of the list.
671 @var{data}: The PEM encoded CRL.
673 @var{format}: One of DER or PEM.
675 @var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
677 This function will convert the given PEM encoded CRL list
678 to the native gnutls_x509_crl_t format. The output will be stored
679 in @code{crls} . They will be automatically initialized.
681 If the Certificate is PEM encoded it should have a header of "X509
684 @strong{Returns:} the number of certificates read or a negative error value.
689 @subheading gnutls_x509_crl_print
690 @anchor{gnutls_x509_crl_print}
691 @deftypefun {int} {gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
692 @var{crl}: The structure to be printed
694 @var{format}: Indicate the format to use
696 @var{out}: Newly allocated datum with (0) terminated string.
698 This function will pretty print a X.509 certificate revocation
699 list, suitable for display to a human.
701 The output @code{out} needs to be deallocate using @code{gnutls_free()} .
703 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
704 negative error value.
707 @subheading gnutls_x509_crl_set_authority_key_id
708 @anchor{gnutls_x509_crl_set_authority_key_id}
709 @deftypefun {int} {gnutls_x509_crl_set_authority_key_id} (gnutls_x509_crl_t @var{crl}, const void * @var{id}, size_t @var{id_size})
710 @var{crl}: a CRL of type @code{gnutls_x509_crl_t}
714 @var{id_size}: Holds the size of the serial field.
716 This function will set the CRL's authority key ID extension. Only
717 the keyIdentifier field can be set with this function. This may
718 be used by an authority that holds multiple private keys, to distinguish
721 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
722 negative error value.
724 @strong{Since:} 2.8.0
727 @subheading gnutls_x509_crl_set_crt
728 @anchor{gnutls_x509_crl_set_crt}
729 @deftypefun {int} {gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time})
730 @var{crl}: should contain a gnutls_x509_crl_t structure
732 @var{crt}: a certificate of type @code{gnutls_x509_crt_t} with the revoked certificate
734 @var{revocation_time}: The time this certificate was revoked
736 This function will set a revoked certificate's serial number to the CRL.
738 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
739 negative error value.
742 @subheading gnutls_x509_crl_set_crt_serial
743 @anchor{gnutls_x509_crl_set_crt_serial}
744 @deftypefun {int} {gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t @var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t @var{revocation_time})
745 @var{crl}: should contain a gnutls_x509_crl_t structure
747 @var{serial}: The revoked certificate's serial number
749 @var{serial_size}: Holds the size of the serial field.
751 @var{revocation_time}: The time this certificate was revoked
753 This function will set a revoked certificate's serial number to the CRL.
755 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
756 negative error value.
759 @subheading gnutls_x509_crl_set_next_update
760 @anchor{gnutls_x509_crl_set_next_update}
761 @deftypefun {int} {gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t @var{crl}, time_t @var{exp_time})
762 @var{crl}: should contain a gnutls_x509_crl_t structure
764 @var{exp_time}: The actual time
766 This function will set the time this CRL will be updated.
768 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
769 negative error value.
772 @subheading gnutls_x509_crl_set_number
773 @anchor{gnutls_x509_crl_set_number}
774 @deftypefun {int} {gnutls_x509_crl_set_number} (gnutls_x509_crl_t @var{crl}, const void * @var{nr}, size_t @var{nr_size})
775 @var{crl}: a CRL of type @code{gnutls_x509_crl_t}
777 @var{nr}: The CRL number
779 @var{nr_size}: Holds the size of the nr field.
781 This function will set the CRL's number extension. This
782 is to be used as a unique and monotonic number assigned to
783 the CRL by the authority.
785 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
786 negative error value.
788 @strong{Since:} 2.8.0
791 @subheading gnutls_x509_crl_set_this_update
792 @anchor{gnutls_x509_crl_set_this_update}
793 @deftypefun {int} {gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t @var{crl}, time_t @var{act_time})
794 @var{crl}: should contain a gnutls_x509_crl_t structure
796 @var{act_time}: The actual time
798 This function will set the time this CRL was issued.
800 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
801 negative error value.
804 @subheading gnutls_x509_crl_set_version
805 @anchor{gnutls_x509_crl_set_version}
806 @deftypefun {int} {gnutls_x509_crl_set_version} (gnutls_x509_crl_t @var{crl}, unsigned int @var{version})
807 @var{crl}: should contain a gnutls_x509_crl_t structure
809 @var{version}: holds the version number. For CRLv1 crls must be 1.
811 This function will set the version of the CRL. This
812 must be one for CRL version 1, and so on. The CRLs generated
813 by gnutls should have a version number of 2.
815 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
816 negative error value.
819 @subheading gnutls_x509_crl_sign2
820 @anchor{gnutls_x509_crl_sign2}
821 @deftypefun {int} {gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
822 @var{crl}: should contain a gnutls_x509_crl_t structure
824 @var{issuer}: is the certificate of the certificate issuer
826 @var{issuer_key}: holds the issuer's private key
828 @var{dig}: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
830 @var{flags}: must be 0
832 This function will sign the CRL with the issuer's private key, and
833 will copy the issuer's information into the CRL.
835 This must be the last step in a certificate CRL since all
836 the previously set parameters are now signed.
838 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
839 negative error value.
842 @subheading gnutls_x509_crl_verify
843 @anchor{gnutls_x509_crl_verify}
844 @deftypefun {int} {gnutls_x509_crl_verify} (gnutls_x509_crl_t @var{crl}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})
845 @var{crl}: is the crl to be verified
847 @var{CA_list}: is a certificate list that is considered to be trusted one
849 @var{CA_list_length}: holds the number of CA certificates in CA_list
851 @var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
853 @var{verify}: will hold the crl verification output.
855 This function will try to verify the given crl and return its status.
856 See @code{gnutls_x509_crt_list_verify()} for a detailed description of
859 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
860 negative error value.
863 @subheading gnutls_x509_crq_deinit
864 @anchor{gnutls_x509_crq_deinit}
865 @deftypefun {void} {gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq})
866 @var{crq}: The structure to be initialized
868 This function will deinitialize a PKCS@code{10} certificate request
872 @subheading gnutls_x509_crq_export
873 @anchor{gnutls_x509_crq_export}
874 @deftypefun {int} {gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
875 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
877 @var{format}: the format of output params. One of PEM or DER.
879 @var{output_data}: will contain a certificate request PEM or DER encoded
881 @var{output_data_size}: holds the size of output_data (and will be
882 replaced by the actual size of parameters)
884 This function will export the certificate request to a PEM or DER
885 encoded PKCS10 structure.
887 If the buffer provided is not long enough to hold the output, then
888 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned and
889 * @code{output_data_size} will be updated.
891 If the structure is PEM encoded, it will have a header of "BEGIN
892 NEW CERTIFICATE REQUEST".
894 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
895 negative error value.
898 @subheading gnutls_x509_crq_get_attribute_by_oid
899 @anchor{gnutls_x509_crq_get_attribute_by_oid}
900 @deftypefun {int} {gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf})
901 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
903 @var{oid}: holds an Object Identified in (0)-terminated string
905 @var{indx}: In case multiple same OIDs exist in the attribute list, this
906 specifies which to send, use (0) to get the first one
908 @var{buf}: a pointer to a structure to hold the attribute data (may be @code{NULL} )
910 @var{sizeof_buf}: initially holds the size of @code{buf}
912 This function will return the attribute in the certificate request
913 specified by the given Object ID. The attribute will be DER
916 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
917 negative error value.
920 @subheading gnutls_x509_crq_get_attribute_data
921 @anchor{gnutls_x509_crq_get_attribute_data}
922 @deftypefun {int} {gnutls_x509_crq_get_attribute_data} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})
923 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
925 @var{indx}: Specifies which attribute OID to send. Use (0) to get the first one.
927 @var{data}: a pointer to a structure to hold the data (may be null)
929 @var{sizeof_data}: initially holds the size of @code{oid}
931 This function will return the requested attribute data in the
932 certificate request. The attribute data will be stored as a string in the
935 Use @code{gnutls_x509_crq_get_attribute_info()} to extract the OID.
936 Use @code{gnutls_x509_crq_get_attribute_by_oid()} instead,
937 if you want to get data indexed by the attribute OID rather than
940 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
941 negative error code in case of an error. If your have reached the
942 last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
945 @strong{Since:} 2.8.0
948 @subheading gnutls_x509_crq_get_attribute_info
949 @anchor{gnutls_x509_crq_get_attribute_info}
950 @deftypefun {int} {gnutls_x509_crq_get_attribute_info} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
951 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
953 @var{indx}: Specifies which attribute OID to send. Use (0) to get the first one.
955 @var{oid}: a pointer to a structure to hold the OID
957 @var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return
958 holds actual size of @code{oid} .
960 This function will return the requested attribute OID in the
961 certificate, and the critical flag for it. The attribute OID will
962 be stored as a string in the provided buffer. Use
963 @code{gnutls_x509_crq_get_attribute_data()} to extract the data.
965 If the buffer provided is not long enough to hold the output, then
966 * @code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be
969 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
970 negative error code in case of an error. If your have reached the
971 last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
974 @strong{Since:} 2.8.0
977 @subheading gnutls_x509_crq_get_basic_constraints
978 @anchor{gnutls_x509_crq_get_basic_constraints}
979 @deftypefun {int} {gnutls_x509_crq_get_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen})
980 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
982 @var{critical}: will be non (0) if the extension is marked as critical
984 @var{ca}: pointer to output integer indicating CA status, may be NULL,
985 value is 1 if the certificate CA flag is set, 0 otherwise.
987 @var{pathlen}: pointer to output integer indicating path length (may be
988 NULL), non-negative error codes indicate a present pathLenConstraint
989 field and the actual value, -1 indicate that the field is absent.
991 This function will read the certificate's basic constraints, and
992 return the certificates CA status. It reads the basicConstraints
993 X.509 extension (2.5.29.19).
995 @strong{Returns:} If the certificate is a CA a positive value will be
996 returned, or (0) if the certificate does not have CA flag set.
997 A negative error code may be returned in case of errors. If the
998 certificate does not contain the basicConstraints extension
999 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
1001 @strong{Since:} 2.8.0
1004 @subheading gnutls_x509_crq_get_challenge_password
1005 @anchor{gnutls_x509_crq_get_challenge_password}
1006 @deftypefun {int} {gnutls_x509_crq_get_challenge_password} (gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{sizeof_pass})
1007 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1009 @var{pass}: will hold a (0)-terminated password string
1011 @var{sizeof_pass}: Initially holds the size of @code{pass} .
1013 This function will return the challenge password in the request.
1014 The challenge password is intended to be used for requesting a
1015 revocation of the certificate.
1017 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1018 negative error value.
1021 @subheading gnutls_x509_crq_get_dn
1022 @anchor{gnutls_x509_crq_get_dn}
1023 @deftypefun {int} {gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq}, char * @var{buf}, size_t * @var{sizeof_buf})
1024 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1026 @var{buf}: a pointer to a structure to hold the name (may be @code{NULL} )
1028 @var{sizeof_buf}: initially holds the size of @code{buf}
1030 This function will copy the name of the Certificate request subject
1031 to the provided buffer. The name will be in the form
1032 "C=xxxx,O=yyyy,CN=zzzz" as described in RFC 2253. The output string
1033 @code{buf} will be ASCII or UTF-8 encoded, depending on the certificate
1036 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not
1037 long enough, and in that case the * @code{sizeof_buf} will be updated with
1038 the required size. On success 0 is returned.
1041 @subheading gnutls_x509_crq_get_dn_by_oid
1042 @anchor{gnutls_x509_crq_get_dn_by_oid}
1043 @deftypefun {int} {gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
1044 @var{crq}: should contain a gnutls_x509_crq_t structure
1046 @var{oid}: holds an Object Identified in null terminated string
1048 @var{indx}: In case multiple same OIDs exist in the RDN, this specifies
1049 which to send. Use (0) to get the first one.
1051 @var{raw_flag}: If non (0) returns the raw DER data of the DN part.
1053 @var{buf}: a pointer to a structure to hold the name (may be @code{NULL} )
1055 @var{sizeof_buf}: initially holds the size of @code{buf}
1057 This function will extract the part of the name of the Certificate
1058 request subject, specified by the given OID. The output will be
1059 encoded as described in RFC2253. The output string will be ASCII
1060 or UTF-8 encoded, depending on the certificate data.
1062 Some helper macros with popular OIDs can be found in gnutls/x509.h
1063 If raw flag is (0), this function will only return known OIDs as
1064 text. Other OIDs will be DER encoded, as described in RFC2253 --
1065 in hex format with a '\#' prefix. You can check about known OIDs
1066 using @code{gnutls_x509_dn_oid_known()} .
1068 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
1069 not long enough, and in that case the * @code{sizeof_buf} will be
1070 updated with the required size. On success 0 is returned.
1073 @subheading gnutls_x509_crq_get_dn_oid
1074 @anchor{gnutls_x509_crq_get_dn_oid}
1075 @deftypefun {int} {gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid})
1076 @var{crq}: should contain a gnutls_x509_crq_t structure
1078 @var{indx}: Specifies which DN OID to send. Use (0) to get the first one.
1080 @var{oid}: a pointer to a structure to hold the name (may be @code{NULL} )
1082 @var{sizeof_oid}: initially holds the size of @code{oid}
1084 This function will extract the requested OID of the name of the
1085 certificate request subject, specified by the given index.
1087 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
1088 not long enough, and in that case the * @code{sizeof_oid} will be
1089 updated with the required size. On success 0 is returned.
1092 @subheading gnutls_x509_crq_get_extension_by_oid
1093 @anchor{gnutls_x509_crq_get_extension_by_oid}
1094 @deftypefun {int} {gnutls_x509_crq_get_extension_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf}, unsigned int * @var{critical})
1095 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1097 @var{oid}: holds an Object Identified in null terminated string
1099 @var{indx}: In case multiple same OIDs exist in the extensions, this
1100 specifies which to send. Use (0) to get the first one.
1102 @var{buf}: a pointer to a structure to hold the name (may be null)
1104 @var{sizeof_buf}: initially holds the size of @code{buf}
1106 @var{critical}: will be non (0) if the extension is marked as critical
1108 This function will return the extension specified by the OID in
1109 the certificate. The extensions will be returned as binary data
1110 DER encoded, in the provided buffer.
1112 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1113 negative error code in case of an error. If the certificate does not
1114 contain the specified extension
1115 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
1117 @strong{Since:} 2.8.0
1120 @subheading gnutls_x509_crq_get_extension_data
1121 @anchor{gnutls_x509_crq_get_extension_data}
1122 @deftypefun {int} {gnutls_x509_crq_get_extension_data} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})
1123 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1125 @var{indx}: Specifies which extension OID to send. Use (0) to get the first one.
1127 @var{data}: a pointer to a structure to hold the data (may be null)
1129 @var{sizeof_data}: initially holds the size of @code{oid}
1131 This function will return the requested extension data in the
1132 certificate. The extension data will be stored as a string in the
1135 Use @code{gnutls_x509_crq_get_extension_info()} to extract the OID and
1136 critical flag. Use @code{gnutls_x509_crq_get_extension_by_oid()} instead,
1137 if you want to get data indexed by the extension OID rather than
1140 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1141 negative error code in case of an error. If your have reached the
1142 last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
1145 @strong{Since:} 2.8.0
1148 @subheading gnutls_x509_crq_get_extension_info
1149 @anchor{gnutls_x509_crq_get_extension_info}
1150 @deftypefun {int} {gnutls_x509_crq_get_extension_info} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical})
1151 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1153 @var{indx}: Specifies which extension OID to send. Use (0) to get the first one.
1155 @var{oid}: a pointer to a structure to hold the OID
1157 @var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return
1158 holds actual size of @code{oid} .
1160 @var{critical}: output variable with critical flag, may be NULL.
1162 This function will return the requested extension OID in the
1163 certificate, and the critical flag for it. The extension OID will
1164 be stored as a string in the provided buffer. Use
1165 @code{gnutls_x509_crq_get_extension_data()} to extract the data.
1167 If the buffer provided is not long enough to hold the output, then
1168 * @code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be
1171 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1172 negative error code in case of an error. If your have reached the
1173 last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
1176 @strong{Since:} 2.8.0
1179 @subheading gnutls_x509_crq_get_key_id
1180 @anchor{gnutls_x509_crq_get_key_id}
1181 @deftypefun {int} {gnutls_x509_crq_get_key_id} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})
1182 @var{crq}: a certificate of type @code{gnutls_x509_crq_t}
1184 @var{flags}: should be 0 for now
1186 @var{output_data}: will contain the key ID
1188 @var{output_data_size}: holds the size of output_data (and will be
1189 replaced by the actual size of parameters)
1191 This function will return a unique ID the depends on the public key
1192 parameters. This ID can be used in checking whether a certificate
1193 corresponds to the given private key.
1195 If the buffer provided is not long enough to hold the output, then
1196 * @code{output_data_size} is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
1197 be returned. The output will normally be a SHA-1 hash output,
1200 @strong{Returns:} In case of failure a negative error code will be
1201 returned, and 0 on success.
1203 @strong{Since:} 2.8.0
1206 @subheading gnutls_x509_crq_get_key_purpose_oid
1207 @anchor{gnutls_x509_crq_get_key_purpose_oid}
1208 @deftypefun {int} {gnutls_x509_crq_get_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, int @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical})
1209 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1211 @var{indx}: This specifies which OID to return, use (0) to get the first one
1213 @var{oid}: a pointer to a buffer to hold the OID (may be @code{NULL} )
1215 @var{sizeof_oid}: initially holds the size of @code{oid}
1217 @var{critical}: output variable with critical flag, may be @code{NULL} .
1219 This function will extract the key purpose OIDs of the Certificate
1220 specified by the given index. These are stored in the Extended Key
1221 Usage extension (2.5.29.37). See the GNUTLS_KP_* definitions for
1222 human readable names.
1224 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
1225 not long enough, and in that case the * @code{sizeof_oid} will be
1226 updated with the required size. On success 0 is returned.
1228 @strong{Since:} 2.8.0
1231 @subheading gnutls_x509_crq_get_key_rsa_raw
1232 @anchor{gnutls_x509_crq_get_key_rsa_raw}
1233 @deftypefun {int} {gnutls_x509_crq_get_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e})
1234 @var{crq}: Holds the certificate
1236 @var{m}: will hold the modulus
1238 @var{e}: will hold the public exponent
1240 This function will export the RSA public key's parameters found in
1241 the given structure. The new parameters will be allocated using
1242 @code{gnutls_malloc()} and will be stored in the appropriate datum.
1244 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1245 negative error value.
1247 @strong{Since:} 2.8.0
1250 @subheading gnutls_x509_crq_get_key_usage
1251 @anchor{gnutls_x509_crq_get_key_usage}
1252 @deftypefun {int} {gnutls_x509_crq_get_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{key_usage}, unsigned int * @var{critical})
1253 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1255 @var{key_usage}: where the key usage bits will be stored
1257 @var{critical}: will be non (0) if the extension is marked as critical
1259 This function will return certificate's key usage, by reading the
1260 keyUsage X.509 extension (2.5.29.15). The key usage value will
1261 ORed values of the: @code{GNUTLS_KEY_DIGITAL_SIGNATURE} ,
1262 @code{GNUTLS_KEY_NON_REPUDIATION} , @code{GNUTLS_KEY_KEY_ENCIPHERMENT} ,
1263 @code{GNUTLS_KEY_DATA_ENCIPHERMENT} , @code{GNUTLS_KEY_KEY_AGREEMENT} ,
1264 @code{GNUTLS_KEY_KEY_CERT_SIGN} , @code{GNUTLS_KEY_CRL_SIGN} ,
1265 @code{GNUTLS_KEY_ENCIPHER_ONLY} , @code{GNUTLS_KEY_DECIPHER_ONLY} .
1267 @strong{Returns:} the certificate key usage, or a negative error code in case of
1268 parsing error. If the certificate does not contain the keyUsage
1269 extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be
1272 @strong{Since:} 2.8.0
1275 @subheading gnutls_x509_crq_get_pk_algorithm
1276 @anchor{gnutls_x509_crq_get_pk_algorithm}
1277 @deftypefun {int} {gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{bits})
1278 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1280 @var{bits}: if bits is non-@code{NULL} it will hold the size of the parameters' in bits
1282 This function will return the public key algorithm of a PKCS@code{10}
1283 certificate request.
1285 If bits is non-@code{NULL} , it should have enough size to hold the
1286 parameters size in bits. For RSA the bits returned is the modulus.
1287 For DSA the bits returned are of the public exponent.
1289 @strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on
1290 success, or a negative error code on error.
1293 @subheading gnutls_x509_crq_get_private_key_usage_period
1294 @anchor{gnutls_x509_crq_get_private_key_usage_period}
1295 @deftypefun {int} {gnutls_x509_crq_get_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t* @var{activation}, time_t* @var{expiration}, unsigned int * @var{critical})
1296 @var{crq}: -- undescribed --
1298 @var{activation}: The activation time
1300 @var{expiration}: The expiration time
1302 @var{critical}: the extension status
1304 This function will return the expiration and activation
1305 times of the private key of the certificate.
1307 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
1308 if the extension is not present, otherwise a negative error value.
1311 @subheading gnutls_x509_crq_get_subject_alt_name
1312 @anchor{gnutls_x509_crq_get_subject_alt_name}
1313 @deftypefun {int} {gnutls_x509_crq_get_subject_alt_name} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{ret_type}, unsigned int * @var{critical})
1314 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1316 @var{seq}: specifies the sequence number of the alt name, 0 for the
1317 first one, 1 for the second etc.
1319 @var{ret}: is the place where the alternative name will be copied to
1321 @var{ret_size}: holds the size of ret.
1323 @var{ret_type}: holds the @code{gnutls_x509_subject_alt_name_t} name type
1325 @var{critical}: will be non (0) if the extension is marked as critical
1328 This function will return the alternative names, contained in the
1329 given certificate. It is the same as
1330 @code{gnutls_x509_crq_get_subject_alt_name()} except for the fact that it
1331 will return the type of the alternative name in @code{ret_type} even if
1332 the function fails for some reason (i.e. the buffer provided is
1335 @strong{Returns:} the alternative subject name type on success, one of the
1336 enumerated @code{gnutls_x509_subject_alt_name_t} . It will return
1337 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough to
1338 hold the value. In that case @code{ret_size} will be updated with the
1339 required size. If the certificate request does not have an
1340 Alternative name with the specified sequence number then
1341 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
1343 @strong{Since:} 2.8.0
1346 @subheading gnutls_x509_crq_get_subject_alt_othername_oid
1347 @anchor{gnutls_x509_crq_get_subject_alt_othername_oid}
1348 @deftypefun {int} {gnutls_x509_crq_get_subject_alt_othername_oid} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size})
1349 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1351 @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
1353 @var{ret}: is the place where the otherName OID will be copied to
1355 @var{ret_size}: holds the size of ret.
1357 This function will extract the type OID of an otherName Subject
1358 Alternative Name, contained in the given certificate, and return
1359 the type as an enumerated element.
1361 This function is only useful if
1362 @code{gnutls_x509_crq_get_subject_alt_name()} returned
1363 @code{GNUTLS_SAN_OTHERNAME} .
1365 @strong{Returns:} the alternative subject name type on success, one of the
1366 enumerated gnutls_x509_subject_alt_name_t. For supported OIDs,
1367 it will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
1368 e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP} , and @code{GNUTLS_SAN_OTHERNAME} for
1369 unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if
1370 @code{ret_size} is not large enough to hold the value. In that case
1371 @code{ret_size} will be updated with the required size. If the
1372 certificate does not have an Alternative name with the specified
1373 sequence number and with the otherName type then
1374 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
1376 @strong{Since:} 2.8.0
1379 @subheading gnutls_x509_crq_get_version
1380 @anchor{gnutls_x509_crq_get_version}
1381 @deftypefun {int} {gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq})
1382 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1384 This function will return the version of the specified Certificate
1387 @strong{Returns:} version of certificate request, or a negative error code on
1391 @subheading gnutls_x509_crq_import
1392 @anchor{gnutls_x509_crq_import}
1393 @deftypefun {int} {gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
1394 @var{crq}: The structure to store the parsed certificate request.
1396 @var{data}: The DER or PEM encoded certificate.
1398 @var{format}: One of DER or PEM
1400 This function will convert the given DER or PEM encoded certificate
1401 request to a @code{gnutls_x509_crq_t} structure. The output will be
1402 stored in @code{crq} .
1404 If the Certificate is PEM encoded it should have a header of "NEW
1405 CERTIFICATE REQUEST".
1407 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1408 negative error value.
1411 @subheading gnutls_x509_crq_init
1412 @anchor{gnutls_x509_crq_init}
1413 @deftypefun {int} {gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq})
1414 @var{crq}: The structure to be initialized
1416 This function will initialize a PKCS@code{10} certificate request
1419 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1420 negative error value.
1423 @subheading gnutls_x509_crq_print
1424 @anchor{gnutls_x509_crq_print}
1425 @deftypefun {int} {gnutls_x509_crq_print} (gnutls_x509_crq_t @var{crq}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
1426 @var{crq}: The structure to be printed
1428 @var{format}: Indicate the format to use
1430 @var{out}: Newly allocated datum with (0) terminated string.
1432 This function will pretty print a certificate request, suitable for
1435 The output @code{out} needs to be deallocate using @code{gnutls_free()} .
1437 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1438 negative error value.
1440 @strong{Since:} 2.8.0
1443 @subheading gnutls_x509_crq_set_attribute_by_oid
1444 @anchor{gnutls_x509_crq_set_attribute_by_oid}
1445 @deftypefun {int} {gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{sizeof_buf})
1446 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1448 @var{oid}: holds an Object Identified in (0)-terminated string
1450 @var{buf}: a pointer to a structure that holds the attribute data
1452 @var{sizeof_buf}: holds the size of @code{buf}
1454 This function will set the attribute in the certificate request
1455 specified by the given Object ID. The attribute must be be DER
1458 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1459 negative error value.
1462 @subheading gnutls_x509_crq_set_basic_constraints
1463 @anchor{gnutls_x509_crq_set_basic_constraints}
1464 @deftypefun {int} {gnutls_x509_crq_set_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int @var{ca}, int @var{pathLenConstraint})
1465 @var{crq}: a certificate request of type @code{gnutls_x509_crq_t}
1467 @var{ca}: true(1) or false(0) depending on the Certificate authority status.
1469 @var{pathLenConstraint}: non-negative error codes indicate maximum length of path,
1470 and negative error codes indicate that the pathLenConstraints field should
1473 This function will set the basicConstraints certificate extension.
1475 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1476 negative error value.
1478 @strong{Since:} 2.8.0
1481 @subheading gnutls_x509_crq_set_challenge_password
1482 @anchor{gnutls_x509_crq_set_challenge_password}
1483 @deftypefun {int} {gnutls_x509_crq_set_challenge_password} (gnutls_x509_crq_t @var{crq}, const char * @var{pass})
1484 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1486 @var{pass}: holds a (0)-terminated password
1488 This function will set a challenge password to be used when
1489 revoking the request.
1491 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1492 negative error value.
1495 @subheading gnutls_x509_crq_set_dn_by_oid
1496 @anchor{gnutls_x509_crq_set_dn_by_oid}
1497 @deftypefun {int} {gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{data}, unsigned int @var{sizeof_data})
1498 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1500 @var{oid}: holds an Object Identifier in a (0)-terminated string
1502 @var{raw_flag}: must be 0, or 1 if the data are DER encoded
1504 @var{data}: a pointer to the input data
1506 @var{sizeof_data}: holds the size of @code{data}
1508 This function will set the part of the name of the Certificate
1509 request subject, specified by the given OID. The input string
1510 should be ASCII or UTF-8 encoded.
1512 Some helper macros with popular OIDs can be found in gnutls/x509.h
1513 With this function you can only set the known OIDs. You can test
1514 for known OIDs using @code{gnutls_x509_dn_oid_known()} . For OIDs that are
1515 not known (by gnutls) you should properly DER encode your data, and
1516 call this function with raw_flag set.
1518 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1519 negative error value.
1522 @subheading gnutls_x509_crq_set_key
1523 @anchor{gnutls_x509_crq_set_key}
1524 @deftypefun {int} {gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key})
1525 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1527 @var{key}: holds a private key
1529 This function will set the public parameters from the given private
1532 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1533 negative error value.
1536 @subheading gnutls_x509_crq_set_key_purpose_oid
1537 @anchor{gnutls_x509_crq_set_key_purpose_oid}
1538 @deftypefun {int} {gnutls_x509_crq_set_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, const void * @var{oid}, unsigned int @var{critical})
1539 @var{crq}: a certificate of type @code{gnutls_x509_crq_t}
1541 @var{oid}: a pointer to a (0)-terminated string that holds the OID
1543 @var{critical}: Whether this extension will be critical or not
1545 This function will set the key purpose OIDs of the Certificate.
1546 These are stored in the Extended Key Usage extension (2.5.29.37)
1547 See the GNUTLS_KP_* definitions for human readable names.
1549 Subsequent calls to this function will append OIDs to the OID list.
1551 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1552 negative error value.
1554 @strong{Since:} 2.8.0
1557 @subheading gnutls_x509_crq_set_key_rsa_raw
1558 @anchor{gnutls_x509_crq_set_key_rsa_raw}
1559 @deftypefun {int} {gnutls_x509_crq_set_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e})
1560 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1562 @var{m}: holds the modulus
1564 @var{e}: holds the public exponent
1566 This function will set the public parameters from the given private
1567 key to the request. Only RSA keys are currently supported.
1569 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1570 negative error value.
1572 @strong{Since:} 2.6.0
1575 @subheading gnutls_x509_crq_set_key_usage
1576 @anchor{gnutls_x509_crq_set_key_usage}
1577 @deftypefun {int} {gnutls_x509_crq_set_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int @var{usage})
1578 @var{crq}: a certificate request of type @code{gnutls_x509_crq_t}
1580 @var{usage}: an ORed sequence of the GNUTLS_KEY_* elements.
1582 This function will set the keyUsage certificate extension.
1584 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1585 negative error value.
1587 @strong{Since:} 2.8.0
1590 @subheading gnutls_x509_crq_set_private_key_usage_period
1591 @anchor{gnutls_x509_crq_set_private_key_usage_period}
1592 @deftypefun {int} {gnutls_x509_crq_set_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t @var{activation}, time_t @var{expiration})
1593 @var{crq}: a certificate of type @code{gnutls_x509_crq_t}
1595 @var{activation}: The activation time
1597 @var{expiration}: The expiration time
1599 This function will set the private key usage period extension (2.5.29.16).
1601 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1602 negative error value.
1605 @subheading gnutls_x509_crq_set_subject_alt_name
1606 @anchor{gnutls_x509_crq_set_subject_alt_name}
1607 @deftypefun {int} {gnutls_x509_crq_set_subject_alt_name} (gnutls_x509_crq_t @var{crq}, gnutls_x509_subject_alt_name_t @var{nt}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags})
1608 @var{crq}: a certificate request of type @code{gnutls_x509_crq_t}
1610 @var{nt}: is one of the @code{gnutls_x509_subject_alt_name_t} enumerations
1612 @var{data}: The data to be set
1614 @var{data_size}: The size of data to be set
1616 @var{flags}: @code{GNUTLS_FSAN_SET} to clear previous data or
1617 @code{GNUTLS_FSAN_APPEND} to append.
1619 This function will set the subject alternative name certificate
1620 extension. It can set the following types:
1622 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1623 negative error value.
1625 @strong{Since:} 2.8.0
1628 @subheading gnutls_x509_crq_set_version
1629 @anchor{gnutls_x509_crq_set_version}
1630 @deftypefun {int} {gnutls_x509_crq_set_version} (gnutls_x509_crq_t @var{crq}, unsigned int @var{version})
1631 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1633 @var{version}: holds the version number, for v1 Requests must be 1
1635 This function will set the version of the certificate request. For
1636 version 1 requests this must be one.
1638 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1639 negative error value.
1642 @subheading gnutls_x509_crq_sign2
1643 @anchor{gnutls_x509_crq_sign2}
1644 @deftypefun {int} {gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
1645 @var{crq}: should contain a @code{gnutls_x509_crq_t} structure
1647 @var{key}: holds a private key
1649 @var{dig}: The message digest to use, i.e., @code{GNUTLS_DIG_SHA1}
1651 @var{flags}: must be 0
1653 This function will sign the certificate request with a private key.
1654 This must be the same key as the one used in
1655 @code{gnutls_x509_crt_set_key()} since a certificate request is self
1658 This must be the last step in a certificate request generation
1659 since all the previously set parameters are now signed.
1661 @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
1662 @code{GNUTLS_E_ASN1_VALUE_NOT_FOUND} is returned if you didn't set all
1663 information in the certificate request (e.g., the version using
1664 @code{gnutls_x509_crq_set_version()} ).
1667 @subheading gnutls_x509_crq_verify
1668 @anchor{gnutls_x509_crq_verify}
1669 @deftypefun {int} {gnutls_x509_crq_verify} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags})
1670 @var{crq}: is the crq to be verified
1672 @var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
1674 This function will verify self signature in the certificate
1675 request and return its status.
1677 @strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED}
1678 is returned, and zero or positive code on success.
1683 @subheading gnutls_x509_crt_check_hostname
1684 @anchor{gnutls_x509_crt_check_hostname}
1685 @deftypefun {int} {gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname})
1686 @var{cert}: should contain an gnutls_x509_crt_t structure
1688 @var{hostname}: A null terminated string that contains a DNS name
1690 This function will check if the given certificate's subject matches
1691 the given hostname. This is a basic implementation of the matching
1692 described in RFC2818 (HTTPS), which takes into account wildcards,
1693 and the DNSName/IPAddress subject alternative name PKIX extension.
1695 @strong{Returns:} non (0) for a successful match, and (0) on failure.
1698 @subheading gnutls_x509_crt_check_issuer
1699 @anchor{gnutls_x509_crt_check_issuer}
1700 @deftypefun {int} {gnutls_x509_crt_check_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t @var{issuer})
1701 @var{cert}: is the certificate to be checked
1703 @var{issuer}: is the certificate of a possible issuer
1705 This function will check if the given certificate was issued by the
1706 given issuer. It checks the DN fields and the authority
1707 key identifier and subject key identifier fields match.
1709 @strong{Returns:} It will return true (1) if the given certificate is issued
1710 by the given issuer, and false (0) if not. A negative error code is
1711 returned in case of an error.
1714 @subheading gnutls_x509_crt_check_revocation
1715 @anchor{gnutls_x509_crt_check_revocation}
1716 @deftypefun {int} {gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_length})
1717 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
1719 @var{crl_list}: should contain a list of gnutls_x509_crl_t structures
1721 @var{crl_list_length}: the length of the crl_list
1723 This function will return check if the given certificate is
1724 revoked. It is assumed that the CRLs have been verified before.
1726 @strong{Returns:} 0 if the certificate is NOT revoked, and 1 if it is. A
1727 negative error code is returned on error.
1730 @subheading gnutls_x509_crt_cpy_crl_dist_points
1731 @anchor{gnutls_x509_crt_cpy_crl_dist_points}
1732 @deftypefun {int} {gnutls_x509_crt_cpy_crl_dist_points} (gnutls_x509_crt_t @var{dst}, gnutls_x509_crt_t @var{src})
1733 @var{dst}: a certificate of type @code{gnutls_x509_crt_t}
1735 @var{src}: the certificate where the dist points will be copied from
1737 This function will copy the CRL distribution points certificate
1738 extension, from the source to the destination certificate.
1739 This may be useful to copy from a CA certificate to issued ones.
1741 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
1742 negative error value.
1745 @subheading gnutls_x509_crt_deinit
1746 @anchor{gnutls_x509_crt_deinit}
1747 @deftypefun {void} {gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert})
1748 @var{cert}: The structure to be deinitialized
1750 This function will deinitialize a certificate structure.
1753 @subheading gnutls_x509_crt_export
1754 @anchor{gnutls_x509_crt_export}
1755 @deftypefun {int} {gnutls_x509_crt_export} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
1756 @var{cert}: Holds the certificate
1758 @var{format}: the format of output params. One of PEM or DER.
1760 @var{output_data}: will contain a certificate PEM or DER encoded
1762 @var{output_data_size}: holds the size of output_data (and will be
1763 replaced by the actual size of parameters)
1765 This function will export the certificate to DER or PEM format.
1767 If the buffer provided is not long enough to hold the output, then
1768 *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
1771 If the structure is PEM encoded, it will have a header
1772 of "BEGIN CERTIFICATE".
1774 @strong{Returns:} In case of failure a negative error code will be
1775 returned, and 0 on success.
1778 @subheading gnutls_x509_crt_get_activation_time
1779 @anchor{gnutls_x509_crt_get_activation_time}
1780 @deftypefun {time_t} {gnutls_x509_crt_get_activation_time} (gnutls_x509_crt_t @var{cert})
1781 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
1783 This function will return the time this Certificate was or will be
1786 @strong{Returns:} activation time, or (time_t)-1 on error.
1789 @subheading gnutls_x509_crt_get_authority_info_access
1790 @anchor{gnutls_x509_crt_get_authority_info_access}
1791 @deftypefun {int} {gnutls_x509_crt_get_authority_info_access} (gnutls_x509_crt_t @var{crt}, unsigned int @var{seq}, int @var{what}, gnutls_datum_t * @var{data}, unsigned int * @var{critical})
1792 @var{crt}: Holds the certificate
1794 @var{seq}: specifies the sequence number of the access descriptor (0 for the first one, 1 for the second etc.)
1796 @var{what}: what data to get, a @code{gnutls_info_access_what_t} type.
1798 @var{data}: output data to be freed with @code{gnutls_free()} .
1800 @var{critical}: pointer to output integer that is set to non-0 if the extension is marked as critical (may be @code{NULL} )
1802 This function extracts the Authority Information Access (AIA)
1803 extension, see RFC 5280 section 4.2.2.1 for more information. The
1804 AIA extension holds a sequence of AccessDescription (AD) data:
1806 <informalexample><programlisting>
1807 AuthorityInfoAccessSyntax ::=
1808 SEQUENCE SIZE (1..MAX) OF AccessDescription
1810 AccessDescription ::= SEQUENCE @{
1811 accessMethod OBJECT IDENTIFIER,
1812 accessLocation GeneralName @}
1813 </programlisting></informalexample>
1815 The @code{seq} input parameter is used to indicate which member of the
1816 sequence the caller is interested in. The first member is 0, the
1817 second member 1 and so on. When the @code{seq} value is out of bounds,
1818 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
1820 The type of data returned in @code{data} is specified via @code{what} which
1821 should be @code{gnutls_info_access_what_t} values.
1823 If @code{what} is @code{GNUTLS_IA_ACCESSMETHOD_OID} then @code{data} will hold the
1824 accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1").
1826 If @code{what} is @code{GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE} , @code{data} will
1827 hold the accessLocation GeneralName type (e.g.,
1828 "uniformResourceIdentifier").
1830 If @code{what} is @code{GNUTLS_IA_URI} , @code{data} will hold the accessLocation URI
1831 data. Requesting this @code{what} value leads to an error if the
1832 accessLocation is not of the "uniformResourceIdentifier" type.
1834 If @code{what} is @code{GNUTLS_IA_OCSP_URI} , @code{data} will hold the OCSP URI.
1835 Requesting this @code{what} value leads to an error if the accessMethod
1836 is not 1.3.6.1.5.5.7.48.1 aka OSCP, or if accessLocation is not of
1837 the "uniformResourceIdentifier" type.
1839 If @code{what} is @code{GNUTLS_IA_CAISSUERS_URI} , @code{data} will hold the caIssuers
1840 URI. Requesting this @code{what} value leads to an error if the
1841 accessMethod is not 1.3.6.1.5.5.7.48.2 aka caIssuers, or if
1842 accessLocation is not of the "uniformResourceIdentifier" type.
1844 More @code{what} values may be allocated in the future as needed.
1846 If @code{data} is NULL, the function does the same without storing the
1847 output data, that is, it will set @code{critical} and do error checking
1850 The value of the critical flag is returned in * @code{critical} . Supply a
1851 NULL @code{critical} if you want the function to make sure the extension
1852 is non-critical, as required by RFC 5280.
1854 @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, @code{GNUTLS_E_INVALID_REQUEST} on
1855 invalid @code{crt} , @code{GNUTLS_E_CONSTRAINT_ERROR} if the extension is
1856 incorrectly marked as critical (use a non-NULL @code{critical} to
1857 override), @code{GNUTLS_E_UNKNOWN_ALGORITHM} if the requested OID does
1858 not match (e.g., when using @code{GNUTLS_IA_OCSP_URI} ), otherwise a
1859 negative error code.
1864 @subheading gnutls_x509_crt_get_authority_key_gn_serial
1865 @anchor{gnutls_x509_crt_get_authority_key_gn_serial}
1866 @deftypefun {int} {gnutls_x509_crt_get_authority_key_gn_serial} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void* @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical})
1867 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
1869 @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
1871 @var{alt}: is the place where the alternative name will be copied to
1873 @var{alt_size}: holds the size of alt.
1875 @var{alt_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).
1877 @var{serial}: buffer to store the serial number (may be null)
1879 @var{serial_size}: Holds the size of the serial field (may be null)
1881 @var{critical}: will be non (0) if the extension is marked as critical (may be null)
1883 This function will return the X.509 authority key
1884 identifier when stored as a general name (authorityCertIssuer)
1887 Because more than one general names might be stored
1888 @code{seq} can be used as a counter to request them all until
1889 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
1891 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
1892 if the extension is not present, otherwise a negative error value.
1897 @subheading gnutls_x509_crt_get_authority_key_id
1898 @anchor{gnutls_x509_crt_get_authority_key_id}
1899 @deftypefun {int} {gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical})
1900 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
1902 @var{id}: The place where the identifier will be copied
1904 @var{id_size}: Holds the size of the id field.
1906 @var{critical}: will be non (0) if the extension is marked as critical (may be null)
1908 This function will return the X.509v3 certificate authority's key
1909 identifier. This is obtained by the X.509 Authority Key
1910 identifier extension field (2.5.29.35). Note that this function
1911 only returns the keyIdentifier field of the extension and
1912 @code{GNUTLS_E_X509_UNSUPPORTED_EXTENSION} , if the extension contains
1913 the name and serial number of the certificate. In that case
1914 @code{gnutls_x509_crt_get_authority_key_gn_serial()} may be used.
1916 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
1917 if the extension is not present, otherwise a negative error value.
1920 @subheading gnutls_x509_crt_get_basic_constraints
1921 @anchor{gnutls_x509_crt_get_basic_constraints}
1922 @deftypefun {int} {gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen})
1923 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
1925 @var{critical}: will be non (0) if the extension is marked as critical
1927 @var{ca}: pointer to output integer indicating CA status, may be NULL,
1928 value is 1 if the certificate CA flag is set, 0 otherwise.
1930 @var{pathlen}: pointer to output integer indicating path length (may be
1931 NULL), non-negative error codes indicate a present pathLenConstraint
1932 field and the actual value, -1 indicate that the field is absent.
1934 This function will read the certificate's basic constraints, and
1935 return the certificates CA status. It reads the basicConstraints
1936 X.509 extension (2.5.29.19).
1938 @strong{Returns:} If the certificate is a CA a positive value will be
1939 returned, or (0) if the certificate does not have CA flag set. A
1940 negative error code may be returned in case of errors. If the
1941 certificate does not contain the basicConstraints extension
1942 GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1945 @subheading gnutls_x509_crt_get_ca_status
1946 @anchor{gnutls_x509_crt_get_ca_status}
1947 @deftypefun {int} {gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical})
1948 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
1950 @var{critical}: will be non (0) if the extension is marked as critical
1952 This function will return certificates CA status, by reading the
1953 basicConstraints X.509 extension (2.5.29.19). If the certificate is
1954 a CA a positive value will be returned, or (0) if the certificate
1955 does not have CA flag set.
1957 Use @code{gnutls_x509_crt_get_basic_constraints()} if you want to read the
1958 pathLenConstraint field too.
1960 @strong{Returns:} A negative error code may be returned in case of parsing error.
1961 If the certificate does not contain the basicConstraints extension
1962 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned.
1965 @subheading gnutls_x509_crt_get_crl_dist_points
1966 @anchor{gnutls_x509_crt_get_crl_dist_points}
1967 @deftypefun {int} {gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{reason_flags}, unsigned int * @var{critical})
1968 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
1970 @var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.)
1972 @var{ret}: is the place where the distribution point will be copied to
1974 @var{ret_size}: holds the size of ret.
1976 @var{reason_flags}: Revocation reasons flags.
1978 @var{critical}: will be non (0) if the extension is marked as critical (may be null)
1980 This function retrieves the CRL distribution points (2.5.29.31),
1981 contained in the given certificate in the X509v3 Certificate
1984 @code{reason_flags} should be an ORed sequence of
1985 @code{GNUTLS_CRL_REASON_UNUSED} , @code{GNUTLS_CRL_REASON_KEY_COMPROMISE} ,
1986 @code{GNUTLS_CRL_REASON_CA_COMPROMISE} ,
1987 @code{GNUTLS_CRL_REASON_AFFILIATION_CHANGED} ,
1988 @code{GNUTLS_CRL_REASON_SUPERSEEDED} ,
1989 @code{GNUTLS_CRL_REASON_CESSATION_OF_OPERATION} ,
1990 @code{GNUTLS_CRL_REASON_CERTIFICATE_HOLD} ,
1991 @code{GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN} ,
1992 @code{GNUTLS_CRL_REASON_AA_COMPROMISE} , or (0) for all possible reasons.
1994 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} and updates @code{ret_size} if
1995 @code{ret_size} is not enough to hold the distribution point, or the
1996 type of the distribution point if everything was ok. The type is
1997 one of the enumerated @code{gnutls_x509_subject_alt_name_t} . If the
1998 certificate does not have an Alternative name with the specified
1999 sequence number then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is
2003 @subheading gnutls_x509_crt_get_dn
2004 @anchor{gnutls_x509_crt_get_dn}
2005 @deftypefun {int} {gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size})
2006 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2008 @var{buf}: a pointer to a structure to hold the name (may be null)
2010 @var{buf_size}: initially holds the size of @code{buf}
2012 This function will copy the name of the Certificate in the provided
2013 buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
2014 described in RFC4514. The output string will be ASCII or UTF-8
2015 encoded, depending on the certificate data.
2017 If @code{buf} is null then only the size will be filled.
2019 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not
2020 long enough, and in that case the @code{buf_size} will be updated
2021 with the required size. On success 0 is returned.
2024 @subheading gnutls_x509_crt_get_dn_by_oid
2025 @anchor{gnutls_x509_crt_get_dn_by_oid}
2026 @deftypefun {int} {gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size})
2027 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2029 @var{oid}: holds an Object Identified in null terminated string
2031 @var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one.
2033 @var{raw_flag}: If non (0) returns the raw DER data of the DN part.
2035 @var{buf}: a pointer where the DN part will be copied (may be null).
2037 @var{buf_size}: initially holds the size of @code{buf}
2039 This function will extract the part of the name of the Certificate
2040 subject specified by the given OID. The output, if the raw flag is
2041 not used, will be encoded as described in RFC4514. Thus a string
2042 that is ASCII or UTF-8 encoded, depending on the certificate data.
2044 Some helper macros with popular OIDs can be found in gnutls/x509.h
2045 If raw flag is (0), this function will only return known OIDs as
2046 text. Other OIDs will be DER encoded, as described in RFC4514 --
2047 in hex format with a '#' prefix. You can check about known OIDs
2048 using @code{gnutls_x509_dn_oid_known()} .
2050 If @code{buf} is null then only the size will be filled. If the @code{raw_flag} is not specified the output is always null terminated, although the
2051 @code{buf_size} will not include the null character.
2053 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
2054 not long enough, and in that case the *buf_size will be updated
2055 with the required size. On success 0 is returned.
2058 @subheading gnutls_x509_crt_get_dn_oid
2059 @anchor{gnutls_x509_crt_get_dn_oid}
2060 @deftypefun {int} {gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{oid_size})
2061 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2063 @var{indx}: This specifies which OID to return. Use (0) to get the first one.
2065 @var{oid}: a pointer to a buffer to hold the OID (may be null)
2067 @var{oid_size}: initially holds the size of @code{oid}
2069 This function will extract the OIDs of the name of the Certificate
2070 subject specified by the given index.
2072 If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not
2073 account for the trailing null.
2075 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
2076 not long enough, and in that case the @code{oid_size} will be updated
2077 with the required size. On success 0 is returned.
2080 @subheading gnutls_x509_crt_get_expiration_time
2081 @anchor{gnutls_x509_crt_get_expiration_time}
2082 @deftypefun {time_t} {gnutls_x509_crt_get_expiration_time} (gnutls_x509_crt_t @var{cert})
2083 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2085 This function will return the time this Certificate was or will be
2088 @strong{Returns:} expiration time, or (time_t)-1 on error.
2091 @subheading gnutls_x509_crt_get_extension_by_oid
2092 @anchor{gnutls_x509_crt_get_extension_by_oid}
2093 @deftypefun {int} {gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical})
2094 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2096 @var{oid}: holds an Object Identified in null terminated string
2098 @var{indx}: In case multiple same OIDs exist in the extensions, this specifies which to send. Use (0) to get the first one.
2100 @var{buf}: a pointer to a structure to hold the name (may be null)
2102 @var{buf_size}: initially holds the size of @code{buf}
2104 @var{critical}: will be non (0) if the extension is marked as critical
2106 This function will return the extension specified by the OID in the
2107 certificate. The extensions will be returned as binary data DER
2108 encoded, in the provided buffer.
2110 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned,
2111 otherwise a negative error code is returned. If the certificate does not
2112 contain the specified extension
2113 GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
2116 @subheading gnutls_x509_crt_get_extension_data
2117 @anchor{gnutls_x509_crt_get_extension_data}
2118 @deftypefun {int} {gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{data}, size_t * @var{sizeof_data})
2119 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2121 @var{indx}: Specifies which extension OID to send. Use (0) to get the first one.
2123 @var{data}: a pointer to a structure to hold the data (may be null)
2125 @var{sizeof_data}: initially holds the size of @code{oid}
2127 This function will return the requested extension data in the
2128 certificate. The extension data will be stored as a string in the
2131 Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID and
2132 critical flag. Use @code{gnutls_x509_crt_get_extension_by_oid()} instead,
2133 if you want to get data indexed by the extension OID rather than
2136 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned,
2137 otherwise a negative error code is returned. If you have reached the
2138 last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
2142 @subheading gnutls_x509_crt_get_extension_info
2143 @anchor{gnutls_x509_crt_get_extension_info}
2144 @deftypefun {int} {gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical})
2145 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2147 @var{indx}: Specifies which extension OID to send. Use (0) to get the first one.
2149 @var{oid}: a pointer to a structure to hold the OID
2151 @var{oid_size}: initially holds the maximum size of @code{oid} , on return
2152 holds actual size of @code{oid} .
2154 @var{critical}: output variable with critical flag, may be NULL.
2156 This function will return the requested extension OID in the
2157 certificate, and the critical flag for it. The extension OID will
2158 be stored as a string in the provided buffer. Use
2159 @code{gnutls_x509_crt_get_extension_data()} to extract the data.
2161 If the buffer provided is not long enough to hold the output, then
2162 @code{oid_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be
2163 returned. The @code{oid} returned will be null terminated, although
2164 @code{oid_size} will not account for the trailing null.
2166 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned,
2167 otherwise a negative error code is returned. If you have reached the
2168 last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
2172 @subheading gnutls_x509_crt_get_extension_oid
2173 @anchor{gnutls_x509_crt_get_extension_oid}
2174 @deftypefun {int} {gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{oid_size})
2175 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2177 @var{indx}: Specifies which extension OID to send. Use (0) to get the first one.
2179 @var{oid}: a pointer to a structure to hold the OID (may be null)
2181 @var{oid_size}: initially holds the size of @code{oid}
2183 This function will return the requested extension OID in the certificate.
2184 The extension OID will be stored as a string in the provided buffer.
2186 The @code{oid} returned will be null terminated, although @code{oid_size} will not
2187 account for the trailing null.
2189 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned,
2190 otherwise a negative error code is returned. If you have reached the
2191 last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
2195 @subheading gnutls_x509_crt_get_fingerprint
2196 @anchor{gnutls_x509_crt_get_fingerprint}
2197 @deftypefun {int} {gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t @var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t * @var{buf_size})
2198 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2200 @var{algo}: is a digest algorithm
2202 @var{buf}: a pointer to a structure to hold the fingerprint (may be null)
2204 @var{buf_size}: initially holds the size of @code{buf}
2206 This function will calculate and copy the certificate's fingerprint
2207 in the provided buffer.
2209 If the buffer is null then only the size will be filled.
2211 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
2212 not long enough, and in that case the *buf_size will be updated
2213 with the required size. On success 0 is returned.
2216 @subheading gnutls_x509_crt_get_issuer
2217 @anchor{gnutls_x509_crt_get_issuer}
2218 @deftypefun {int} {gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn})
2219 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2221 @var{dn}: output variable with pointer to uint8_t DN
2223 Return the Certificate's Issuer DN as an uint8_t data type. You may
2224 use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN.
2226 Note that @code{dn} should be treated as constant. Because points
2227 into the @code{cert} object, you may not deallocate @code{cert} and continue to access @code{dn} .
2229 @strong{Returns:} Returns 0 on success, or an error code.
2232 @subheading gnutls_x509_crt_get_issuer_alt_name
2233 @anchor{gnutls_x509_crt_get_issuer_alt_name}
2234 @deftypefun {int} {gnutls_x509_crt_get_issuer_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{critical})
2235 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2237 @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
2239 @var{ian}: is the place where the alternative name will be copied to
2241 @var{ian_size}: holds the size of ian.
2243 @var{critical}: will be non (0) if the extension is marked as critical (may be null)
2245 This function retrieves the Issuer Alternative Name (2.5.29.18),
2246 contained in the given certificate in the X509v3 Certificate
2249 When the SAN type is otherName, it will extract the data in the
2250 otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned.
2251 You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get
2252 the corresponding OID and the "virtual" SAN types (e.g.,
2253 @code{GNUTLS_SAN_OTHERNAME_XMPP} ).
2255 If an otherName OID is known, the data will be decoded. Otherwise
2256 the returned data will be DER encoded, and you will have to decode
2257 it yourself. Currently, only the RFC 3920 id-on-xmppAddr Issuer
2258 AltName is recognized.
2260 @strong{Returns:} the alternative issuer name type on success, one of the
2261 enumerated @code{gnutls_x509_subject_alt_name_t} . It will return
2262 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ian_size} is not large enough
2263 to hold the value. In that case @code{ian_size} will be updated with
2264 the required size. If the certificate does not have an
2265 Alternative name with the specified sequence number then
2266 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
2268 @strong{Since:} 2.10.0
2271 @subheading gnutls_x509_crt_get_issuer_alt_name2
2272 @anchor{gnutls_x509_crt_get_issuer_alt_name2}
2273 @deftypefun {int} {gnutls_x509_crt_get_issuer_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{ian_type}, unsigned int * @var{critical})
2274 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2276 @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
2278 @var{ian}: is the place where the alternative name will be copied to
2280 @var{ian_size}: holds the size of ret.
2282 @var{ian_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).
2284 @var{critical}: will be non (0) if the extension is marked as critical (may be null)
2286 This function will return the alternative names, contained in the
2287 given certificate. It is the same as
2288 @code{gnutls_x509_crt_get_issuer_alt_name()} except for the fact that it
2289 will return the type of the alternative name in @code{ian_type} even if
2290 the function fails for some reason (i.e. the buffer provided is
2293 @strong{Returns:} the alternative issuer name type on success, one of the
2294 enumerated @code{gnutls_x509_subject_alt_name_t} . It will return
2295 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ian_size} is not large enough
2296 to hold the value. In that case @code{ian_size} will be updated with
2297 the required size. If the certificate does not have an
2298 Alternative name with the specified sequence number then
2299 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
2301 @strong{Since:} 2.10.0
2304 @subheading gnutls_x509_crt_get_issuer_alt_othername_oid
2305 @anchor{gnutls_x509_crt_get_issuer_alt_othername_oid}
2306 @deftypefun {int} {gnutls_x509_crt_get_issuer_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size})
2307 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2309 @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
2311 @var{ret}: is the place where the otherName OID will be copied to
2313 @var{ret_size}: holds the size of ret.
2315 This function will extract the type OID of an otherName Subject
2316 Alternative Name, contained in the given certificate, and return
2317 the type as an enumerated element.
2319 If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not
2320 account for the trailing null.
2322 This function is only useful if
2323 @code{gnutls_x509_crt_get_issuer_alt_name()} returned
2324 @code{GNUTLS_SAN_OTHERNAME} .
2326 @strong{Returns:} the alternative issuer name type on success, one of the
2327 enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it
2328 will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
2329 e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP} , and @code{GNUTLS_SAN_OTHERNAME} for
2330 unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if
2331 @code{ret_size} is not large enough to hold the value. In that case
2332 @code{ret_size} will be updated with the required size. If the
2333 certificate does not have an Alternative name with the specified
2334 sequence number and with the otherName type then
2335 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
2337 @strong{Since:} 2.10.0
2340 @subheading gnutls_x509_crt_get_issuer_dn
2341 @anchor{gnutls_x509_crt_get_issuer_dn}
2342 @deftypefun {int} {gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size})
2343 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2345 @var{buf}: a pointer to a structure to hold the name (may be null)
2347 @var{buf_size}: initially holds the size of @code{buf}
2349 This function will copy the name of the Certificate issuer in the
2350 provided buffer. The name will be in the form
2351 "C=xxxx,O=yyyy,CN=zzzz" as described in RFC4514. The output string
2352 will be ASCII or UTF-8 encoded, depending on the certificate data.
2354 If @code{buf} is null then only the size will be filled.
2356 @strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
2357 long enough, and in that case the @code{buf_size} will be updated with
2358 the required size. On success 0 is returned.
2361 @subheading gnutls_x509_crt_get_issuer_dn_by_oid
2362 @anchor{gnutls_x509_crt_get_issuer_dn_by_oid}
2363 @deftypefun {int} {gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size})
2364 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2366 @var{oid}: holds an Object Identified in null terminated string
2368 @var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one.
2370 @var{raw_flag}: If non (0) returns the raw DER data of the DN part.
2372 @var{buf}: a pointer to a structure to hold the name (may be null)
2374 @var{buf_size}: initially holds the size of @code{buf}
2376 This function will extract the part of the name of the Certificate
2377 issuer specified by the given OID. The output, if the raw flag is not
2378 used, will be encoded as described in RFC4514. Thus a string that is
2379 ASCII or UTF-8 encoded, depending on the certificate data.
2381 Some helper macros with popular OIDs can be found in gnutls/x509.h
2382 If raw flag is (0), this function will only return known OIDs as
2383 text. Other OIDs will be DER encoded, as described in RFC4514 --
2384 in hex format with a '#' prefix. You can check about known OIDs
2385 using @code{gnutls_x509_dn_oid_known()} .
2387 If @code{buf} is null then only the size will be filled. If the @code{raw_flag} is not specified the output is always null terminated, although the
2388 @code{buf_size} will not include the null character.
2390 @strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
2391 long enough, and in that case the @code{buf_size} will be updated
2392 with the required size. On success 0 is returned.
2395 @subheading gnutls_x509_crt_get_issuer_dn_oid
2396 @anchor{gnutls_x509_crt_get_issuer_dn_oid}
2397 @deftypefun {int} {gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{oid_size})
2398 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2400 @var{indx}: This specifies which OID to return. Use (0) to get the first one.
2402 @var{oid}: a pointer to a buffer to hold the OID (may be null)
2404 @var{oid_size}: initially holds the size of @code{oid}
2406 This function will extract the OIDs of the name of the Certificate
2407 issuer specified by the given index.
2409 If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not
2410 account for the trailing null.
2412 @strong{Returns:} GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
2413 long enough, and in that case the @code{oid_size} will be updated
2414 with the required size. On success 0 is returned.
2417 @subheading gnutls_x509_crt_get_issuer_unique_id
2418 @anchor{gnutls_x509_crt_get_issuer_unique_id}
2419 @deftypefun {int} {gnutls_x509_crt_get_issuer_unique_id} (gnutls_x509_crt_t @var{crt}, char * @var{buf}, size_t * @var{buf_size})
2420 @var{crt}: Holds the certificate
2422 @var{buf}: user allocated memory buffer, will hold the unique id
2424 @var{buf_size}: size of user allocated memory buffer (on input), will hold
2425 actual size of the unique ID on return.
2427 This function will extract the issuerUniqueID value (if present) for
2428 the given certificate.
2430 If the user allocated memory buffer is not large enough to hold the
2431 full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be
2432 returned, and buf_size will be set to the actual length.
2434 @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
2436 @strong{Since:} 2.12.0
2439 @subheading gnutls_x509_crt_get_key_id
2440 @anchor{gnutls_x509_crt_get_key_id}
2441 @deftypefun {int} {gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})
2442 @var{crt}: Holds the certificate
2444 @var{flags}: should be 0 for now
2446 @var{output_data}: will contain the key ID
2448 @var{output_data_size}: holds the size of output_data (and will be
2449 replaced by the actual size of parameters)
2451 This function will return a unique ID the depends on the public
2452 key parameters. This ID can be used in checking whether a
2453 certificate corresponds to the given private key.
2455 If the buffer provided is not long enough to hold the output, then
2456 *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
2457 be returned. The output will normally be a SHA-1 hash output,
2460 @strong{Returns:} In case of failure a negative error code will be
2461 returned, and 0 on success.
2464 @subheading gnutls_x509_crt_get_key_purpose_oid
2465 @anchor{gnutls_x509_crt_get_key_purpose_oid}
2466 @deftypefun {int} {gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, int @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical})
2467 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2469 @var{indx}: This specifies which OID to return. Use (0) to get the first one.
2471 @var{oid}: a pointer to a buffer to hold the OID (may be null)
2473 @var{oid_size}: initially holds the size of @code{oid}
2475 @var{critical}: output flag to indicate criticality of extension
2477 This function will extract the key purpose OIDs of the Certificate
2478 specified by the given index. These are stored in the Extended Key
2479 Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for
2480 human readable names.
2482 If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not
2483 account for the trailing null.
2485 @strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is
2486 not long enough, and in that case the *oid_size will be updated
2487 with the required size. On success 0 is returned.
2490 @subheading gnutls_x509_crt_get_key_usage
2491 @anchor{gnutls_x509_crt_get_key_usage}
2492 @deftypefun {int} {gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical})
2493 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2495 @var{key_usage}: where the key usage bits will be stored
2497 @var{critical}: will be non (0) if the extension is marked as critical
2499 This function will return certificate's key usage, by reading the
2500 keyUsage X.509 extension (2.5.29.15). The key usage value will ORed
2501 values of the: @code{GNUTLS_KEY_DIGITAL_SIGNATURE} ,
2502 @code{GNUTLS_KEY_NON_REPUDIATION} , @code{GNUTLS_KEY_KEY_ENCIPHERMENT} ,
2503 @code{GNUTLS_KEY_DATA_ENCIPHERMENT} , @code{GNUTLS_KEY_KEY_AGREEMENT} ,
2504 @code{GNUTLS_KEY_KEY_CERT_SIGN} , @code{GNUTLS_KEY_CRL_SIGN} ,
2505 @code{GNUTLS_KEY_ENCIPHER_ONLY} , @code{GNUTLS_KEY_DECIPHER_ONLY} .
2507 @strong{Returns:} the certificate key usage, or a negative error code in case of
2508 parsing error. If the certificate does not contain the keyUsage
2509 extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be
2513 @subheading gnutls_x509_crt_get_pk_algorithm
2514 @anchor{gnutls_x509_crt_get_pk_algorithm}
2515 @deftypefun {int} {gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{bits})
2516 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2518 @var{bits}: if bits is non null it will hold the size of the parameters' in bits
2520 This function will return the public key algorithm of an X.509
2523 If bits is non null, it should have enough size to hold the parameters
2524 size in bits. For RSA the bits returned is the modulus.
2525 For DSA the bits returned are of the public
2528 @strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on
2529 success, or a negative error code on error.
2532 @subheading gnutls_x509_crt_get_pk_dsa_raw
2533 @anchor{gnutls_x509_crt_get_pk_dsa_raw}
2534 @deftypefun {int} {gnutls_x509_crt_get_pk_dsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y})
2535 @var{crt}: Holds the certificate
2537 @var{p}: will hold the p
2539 @var{q}: will hold the q
2541 @var{g}: will hold the g
2543 @var{y}: will hold the y
2545 This function will export the DSA public key's parameters found in
2546 the given certificate. The new parameters will be allocated using
2547 @code{gnutls_malloc()} and will be stored in the appropriate datum.
2549 @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
2552 @subheading gnutls_x509_crt_get_pk_rsa_raw
2553 @anchor{gnutls_x509_crt_get_pk_rsa_raw}
2554 @deftypefun {int} {gnutls_x509_crt_get_pk_rsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e})
2555 @var{crt}: Holds the certificate
2557 @var{m}: will hold the modulus
2559 @var{e}: will hold the public exponent
2561 This function will export the RSA public key's parameters found in
2562 the given structure. The new parameters will be allocated using
2563 @code{gnutls_malloc()} and will be stored in the appropriate datum.
2565 @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
2568 @subheading gnutls_x509_crt_get_private_key_usage_period
2569 @anchor{gnutls_x509_crt_get_private_key_usage_period}
2570 @deftypefun {int} {gnutls_x509_crt_get_private_key_usage_period} (gnutls_x509_crt_t @var{cert}, time_t* @var{activation}, time_t* @var{expiration}, unsigned int * @var{critical})
2571 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2573 @var{activation}: The activation time
2575 @var{expiration}: The expiration time
2577 @var{critical}: the extension status
2579 This function will return the expiration and activation
2580 times of the private key of the certificate. It relies on
2581 the PKIX extension 2.5.29.16 being present.
2583 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
2584 if the extension is not present, otherwise a negative error value.
2587 @subheading gnutls_x509_crt_get_proxy
2588 @anchor{gnutls_x509_crt_get_proxy}
2589 @deftypefun {int} {gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy})
2590 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2592 @var{critical}: will be non (0) if the extension is marked as critical
2594 @var{pathlen}: pointer to output integer indicating path length (may be
2595 NULL), non-negative error codes indicate a present pCPathLenConstraint
2596 field and the actual value, -1 indicate that the field is absent.
2598 @var{policyLanguage}: output variable with OID of policy language
2600 @var{policy}: output variable with policy data
2602 @var{sizeof_policy}: output variable size of policy data
2604 This function will get information from a proxy certificate. It
2605 reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14).
2607 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned,
2608 otherwise a negative error code is returned.
2611 @subheading gnutls_x509_crt_get_raw_dn
2612 @anchor{gnutls_x509_crt_get_raw_dn}
2613 @deftypefun {int} {gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{start})
2614 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2616 @var{start}: will hold the starting point of the DN
2618 This function will return a pointer to the DER encoded DN structure and
2619 the length. This points to allocated data that must be free'd using @code{gnutls_free()} .
2621 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
2622 negative error value. or a negative error code on error.
2625 @subheading gnutls_x509_crt_get_raw_issuer_dn
2626 @anchor{gnutls_x509_crt_get_raw_issuer_dn}
2627 @deftypefun {int} {gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{start})
2628 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2630 @var{start}: will hold the starting point of the DN
2632 This function will return a pointer to the DER encoded DN structure
2633 and the length. This points to allocated data that must be free'd using @code{gnutls_free()} .
2635 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
2636 negative error value.or a negative error code on error.
2639 @subheading gnutls_x509_crt_get_serial
2640 @anchor{gnutls_x509_crt_get_serial}
2641 @deftypefun {int} {gnutls_x509_crt_get_serial} (gnutls_x509_crt_t @var{cert}, void * @var{result}, size_t * @var{result_size})
2642 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2644 @var{result}: The place where the serial number will be copied
2646 @var{result_size}: Holds the size of the result field.
2648 This function will return the X.509 certificate's serial number.
2649 This is obtained by the X509 Certificate serialNumber field. Serial
2650 is not always a 32 or 64bit number. Some CAs use large serial
2651 numbers, thus it may be wise to handle it as something uint8_t.
2653 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
2654 negative error value.
2657 @subheading gnutls_x509_crt_get_signature
2658 @anchor{gnutls_x509_crt_get_signature}
2659 @deftypefun {int} {gnutls_x509_crt_get_signature} (gnutls_x509_crt_t @var{cert}, char * @var{sig}, size_t * @var{sizeof_sig})
2660 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2662 @var{sig}: a pointer where the signature part will be copied (may be null).
2664 @var{sizeof_sig}: initially holds the size of @code{sig}
2666 This function will extract the signature field of a certificate.
2668 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
2669 negative error value. and a negative error code on error.
2672 @subheading gnutls_x509_crt_get_signature_algorithm
2673 @anchor{gnutls_x509_crt_get_signature_algorithm}
2674 @deftypefun {int} {gnutls_x509_crt_get_signature_algorithm} (gnutls_x509_crt_t @var{cert})
2675 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2677 This function will return a value of the @code{gnutls_sign_algorithm_t}
2678 enumeration that is the signature algorithm that has been used to
2679 sign this certificate.
2681 @strong{Returns:} a @code{gnutls_sign_algorithm_t} value, or a negative error code on
2685 @subheading gnutls_x509_crt_get_subject
2686 @anchor{gnutls_x509_crt_get_subject}
2687 @deftypefun {int} {gnutls_x509_crt_get_subject} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn})
2688 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2690 @var{dn}: output variable with pointer to uint8_t DN.
2692 Return the Certificate's Subject DN as an uint8_t data type. You
2693 may use @code{gnutls_x509_dn_get_rdn_ava()} to decode the DN.
2695 Note that @code{dn} should be treated as constant. Because points
2696 into the @code{cert} object, you may not deallocate @code{cert} and continue to access @code{dn} .
2698 @strong{Returns:} Returns 0 on success, or an error code.
2701 @subheading gnutls_x509_crt_get_subject_alt_name
2702 @anchor{gnutls_x509_crt_get_subject_alt_name}
2703 @deftypefun {int} {gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{critical})
2704 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2706 @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
2708 @var{san}: is the place where the alternative name will be copied to
2710 @var{san_size}: holds the size of san.
2712 @var{critical}: will be non (0) if the extension is marked as critical (may be null)
2714 This function retrieves the Alternative Name (2.5.29.17), contained
2715 in the given certificate in the X509v3 Certificate Extensions.
2717 When the SAN type is otherName, it will extract the data in the
2718 otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned.
2719 You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get
2720 the corresponding OID and the "virtual" SAN types (e.g.,
2721 @code{GNUTLS_SAN_OTHERNAME_XMPP} ).
2723 If an otherName OID is known, the data will be decoded. Otherwise
2724 the returned data will be DER encoded, and you will have to decode
2725 it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is
2728 @strong{Returns:} the alternative subject name type on success, one of the
2729 enumerated @code{gnutls_x509_subject_alt_name_t} . It will return
2730 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{san_size} is not large enough to
2731 hold the value. In that case @code{san_size} will be updated with the
2732 required size. If the certificate does not have an Alternative
2733 name with the specified sequence number then
2734 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
2737 @subheading gnutls_x509_crt_get_subject_alt_name2
2738 @anchor{gnutls_x509_crt_get_subject_alt_name2}
2739 @deftypefun {int} {gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{san_type}, unsigned int * @var{critical})
2740 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2742 @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
2744 @var{san}: is the place where the alternative name will be copied to
2746 @var{san_size}: holds the size of ret.
2748 @var{san_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).
2750 @var{critical}: will be non (0) if the extension is marked as critical (may be null)
2752 This function will return the alternative names, contained in the
2753 given certificate. It is the same as
2754 @code{gnutls_x509_crt_get_subject_alt_name()} except for the fact that it
2755 will return the type of the alternative name in @code{san_type} even if
2756 the function fails for some reason (i.e. the buffer provided is
2759 @strong{Returns:} the alternative subject name type on success, one of the
2760 enumerated @code{gnutls_x509_subject_alt_name_t} . It will return
2761 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{san_size} is not large enough
2762 to hold the value. In that case @code{san_size} will be updated with
2763 the required size. If the certificate does not have an
2764 Alternative name with the specified sequence number then
2765 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
2768 @subheading gnutls_x509_crt_get_subject_alt_othername_oid
2769 @anchor{gnutls_x509_crt_get_subject_alt_othername_oid}
2770 @deftypefun {int} {gnutls_x509_crt_get_subject_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{oid}, size_t * @var{oid_size})
2771 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2773 @var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
2775 @var{oid}: is the place where the otherName OID will be copied to
2777 @var{oid_size}: holds the size of ret.
2779 This function will extract the type OID of an otherName Subject
2780 Alternative Name, contained in the given certificate, and return
2781 the type as an enumerated element.
2783 This function is only useful if
2784 @code{gnutls_x509_crt_get_subject_alt_name()} returned
2785 @code{GNUTLS_SAN_OTHERNAME} .
2787 If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not
2788 account for the trailing null.
2790 @strong{Returns:} the alternative subject name type on success, one of the
2791 enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it
2792 will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
2793 e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP} , and @code{GNUTLS_SAN_OTHERNAME} for
2794 unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if
2795 @code{ian_size} is not large enough to hold the value. In that case
2796 @code{ian_size} will be updated with the required size. If the
2797 certificate does not have an Alternative name with the specified
2798 sequence number and with the otherName type then
2799 @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned.
2802 @subheading gnutls_x509_crt_get_subject_key_id
2803 @anchor{gnutls_x509_crt_get_subject_key_id}
2804 @deftypefun {int} {gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical})
2805 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2807 @var{ret}: The place where the identifier will be copied
2809 @var{ret_size}: Holds the size of the result field.
2811 @var{critical}: will be non (0) if the extension is marked as critical (may be null)
2813 This function will return the X.509v3 certificate's subject key
2814 identifier. This is obtained by the X.509 Subject Key identifier
2815 extension field (2.5.29.14).
2817 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE}
2818 if the extension is not present, otherwise a negative error value.
2821 @subheading gnutls_x509_crt_get_subject_unique_id
2822 @anchor{gnutls_x509_crt_get_subject_unique_id}
2823 @deftypefun {int} {gnutls_x509_crt_get_subject_unique_id} (gnutls_x509_crt_t @var{crt}, char * @var{buf}, size_t * @var{buf_size})
2824 @var{crt}: Holds the certificate
2826 @var{buf}: user allocated memory buffer, will hold the unique id
2828 @var{buf_size}: size of user allocated memory buffer (on input), will hold
2829 actual size of the unique ID on return.
2831 This function will extract the subjectUniqueID value (if present) for
2832 the given certificate.
2834 If the user allocated memory buffer is not large enough to hold the
2835 full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be
2836 returned, and buf_size will be set to the actual length.
2838 @strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code.
2841 @subheading gnutls_x509_crt_get_version
2842 @anchor{gnutls_x509_crt_get_version}
2843 @deftypefun {int} {gnutls_x509_crt_get_version} (gnutls_x509_crt_t @var{cert})
2844 @var{cert}: should contain a @code{gnutls_x509_crt_t} structure
2846 This function will return the version of the specified Certificate.
2848 @strong{Returns:} version of certificate, or a negative error code on error.
2851 @subheading gnutls_x509_crt_import
2852 @anchor{gnutls_x509_crt_import}
2853 @deftypefun {int} {gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
2854 @var{cert}: The structure to store the parsed certificate.
2856 @var{data}: The DER or PEM encoded certificate.
2858 @var{format}: One of DER or PEM
2860 This function will convert the given DER or PEM encoded Certificate
2861 to the native gnutls_x509_crt_t format. The output will be stored
2864 If the Certificate is PEM encoded it should have a header of "X509
2865 CERTIFICATE", or "CERTIFICATE".
2867 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
2868 negative error value.
2871 @subheading gnutls_x509_crt_init
2872 @anchor{gnutls_x509_crt_init}
2873 @deftypefun {int} {gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert})
2874 @var{cert}: The structure to be initialized
2876 This function will initialize an X.509 certificate structure.
2878 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
2879 negative error value.
2882 @subheading gnutls_x509_crt_list_import
2883 @anchor{gnutls_x509_crt_list_import}
2884 @deftypefun {int} {gnutls_x509_crt_list_import} (gnutls_x509_crt_t * @var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
2885 @var{certs}: The structures to store the parsed certificate. Must not be initialized.
2887 @var{cert_max}: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
2889 @var{data}: The PEM encoded certificate.
2891 @var{format}: One of DER or PEM.
2893 @var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
2895 This function will convert the given PEM encoded certificate list
2896 to the native gnutls_x509_crt_t format. The output will be stored
2897 in @code{certs} . They will be automatically initialized.
2899 The flag @code{GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED} will cause
2900 import to fail if the certificates in the provided buffer are more
2901 than the available structures. The @code{GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED}
2902 flag will cause the function to fail if the provided list is not
2903 sorted from subject to issuer.
2905 If the Certificate is PEM encoded it should have a header of "X509
2906 CERTIFICATE", or "CERTIFICATE".
2908 @strong{Returns:} the number of certificates read or a negative error value.
2911 @subheading gnutls_x509_crt_list_import2
2912 @anchor{gnutls_x509_crt_list_import2}
2913 @deftypefun {int} {gnutls_x509_crt_list_import2} (gnutls_x509_crt_t ** @var{certs}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags})
2914 @var{certs}: The structures to store the parsed certificate. Must not be initialized.
2916 @var{size}: It will contain the size of the list.
2918 @var{data}: The PEM encoded certificate.
2920 @var{format}: One of DER or PEM.
2922 @var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags.
2924 This function will convert the given PEM encoded certificate list
2925 to the native gnutls_x509_crt_t format. The output will be stored
2926 in @code{certs} . They will be automatically initialized.
2928 If the Certificate is PEM encoded it should have a header of "X509
2929 CERTIFICATE", or "CERTIFICATE".
2931 @strong{Returns:} the number of certificates read or a negative error value.
2936 @subheading gnutls_x509_crt_list_verify
2937 @anchor{gnutls_x509_crt_list_verify}
2938 @deftypefun {int} {gnutls_x509_crt_list_verify} (const gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_length}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, const gnutls_x509_crl_t * @var{CRL_list}, int @var{CRL_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})
2939 @var{cert_list}: is the certificate list to be verified
2941 @var{cert_list_length}: holds the number of certificate in cert_list
2943 @var{CA_list}: is the CA list which will be used in verification
2945 @var{CA_list_length}: holds the number of CA certificate in CA_list
2947 @var{CRL_list}: holds a list of CRLs.
2949 @var{CRL_list_length}: the length of CRL list.
2951 @var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
2953 @var{verify}: will hold the certificate verification output.
2955 This function will try to verify the given certificate list and
2956 return its status. If no flags are specified (0), this function
2957 will use the basicConstraints (2.5.29.19) PKIX extension. This
2958 means that only a certificate authority is allowed to sign a
2961 You must also check the peer's name in order to check if the verified
2962 certificate belongs to the actual peer.
2964 The certificate verification output will be put in @code{verify} and will
2965 be one or more of the gnutls_certificate_status_t enumerated
2966 elements bitwise or'd. For a more detailed verification status use
2967 @code{gnutls_x509_crt_verify()} per list element.
2969 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
2970 negative error value.
2973 @subheading gnutls_x509_crt_print
2974 @anchor{gnutls_x509_crt_print}
2975 @deftypefun {int} {gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out})
2976 @var{cert}: The structure to be printed
2978 @var{format}: Indicate the format to use
2980 @var{out}: Newly allocated datum with (0) terminated string.
2982 This function will pretty print a X.509 certificate, suitable for
2985 If the format is @code{GNUTLS_CRT_PRINT_FULL} then all fields of the
2986 certificate will be output, on multiple lines. The
2987 @code{GNUTLS_CRT_PRINT_ONELINE} format will generate one line with some
2988 selected fields, which is useful for logging purposes.
2990 The output @code{out} needs to be deallocate using @code{gnutls_free()} .
2992 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
2993 negative error value.
2996 @subheading gnutls_x509_crt_set_activation_time
2997 @anchor{gnutls_x509_crt_set_activation_time}
2998 @deftypefun {int} {gnutls_x509_crt_set_activation_time} (gnutls_x509_crt_t @var{cert}, time_t @var{act_time})
2999 @var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3001 @var{act_time}: The actual time
3003 This function will set the time this Certificate was or will be
3006 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3007 negative error value.
3010 @subheading gnutls_x509_crt_set_authority_info_access
3011 @anchor{gnutls_x509_crt_set_authority_info_access}
3012 @deftypefun {int} {gnutls_x509_crt_set_authority_info_access} (gnutls_x509_crt_t @var{crt}, int @var{what}, gnutls_datum_t * @var{data})
3013 @var{crt}: Holds the certificate
3015 @var{what}: what data to get, a @code{gnutls_info_access_what_t} type.
3017 @var{data}: output data to be freed with @code{gnutls_free()} .
3019 This function sets the Authority Information Access (AIA)
3020 extension, see RFC 5280 section 4.2.2.1 for more information.
3022 The type of data stored in @code{data} is specified via @code{what} which
3023 should be @code{gnutls_info_access_what_t} values.
3025 If @code{what} is @code{GNUTLS_IA_OCSP_URI} , @code{data} will hold the OCSP URI.
3026 If @code{what} is @code{GNUTLS_IA_CAISSUERS_URI} , @code{data} will hold the caIssuers
3029 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3030 negative error value.
3035 @subheading gnutls_x509_crt_set_authority_key_id
3036 @anchor{gnutls_x509_crt_set_authority_key_id}
3037 @deftypefun {int} {gnutls_x509_crt_set_authority_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size})
3038 @var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3040 @var{id}: The key ID
3042 @var{id_size}: Holds the size of the serial field.
3044 This function will set the X.509 certificate's authority key ID extension.
3045 Only the keyIdentifier field can be set with this function.
3047 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3048 negative error value.
3051 @subheading gnutls_x509_crt_set_basic_constraints
3052 @anchor{gnutls_x509_crt_set_basic_constraints}
3053 @deftypefun {int} {gnutls_x509_crt_set_basic_constraints} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}, int @var{pathLenConstraint})
3054 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3056 @var{ca}: true(1) or false(0). Depending on the Certificate authority status.
3058 @var{pathLenConstraint}: non-negative error codes indicate maximum length of path,
3059 and negative error codes indicate that the pathLenConstraints field should
3062 This function will set the basicConstraints certificate extension.
3064 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3065 negative error value.
3068 @subheading gnutls_x509_crt_set_ca_status
3069 @anchor{gnutls_x509_crt_set_ca_status}
3070 @deftypefun {int} {gnutls_x509_crt_set_ca_status} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca})
3071 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3073 @var{ca}: true(1) or false(0). Depending on the Certificate authority status.
3075 This function will set the basicConstraints certificate extension.
3076 Use @code{gnutls_x509_crt_set_basic_constraints()} if you want to control
3077 the pathLenConstraint field too.
3079 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3080 negative error value.
3083 @subheading gnutls_x509_crt_set_crl_dist_points
3084 @anchor{gnutls_x509_crt_set_crl_dist_points}
3085 @deftypefun {int} {gnutls_x509_crt_set_crl_dist_points} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data_string}, unsigned int @var{reason_flags})
3086 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3088 @var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations
3090 @var{data_string}: The data to be set
3092 @var{reason_flags}: revocation reasons
3094 This function will set the CRL distribution points certificate extension.
3096 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3097 negative error value.
3100 @subheading gnutls_x509_crt_set_crl_dist_points2
3101 @anchor{gnutls_x509_crt_set_crl_dist_points2}
3102 @deftypefun {int} {gnutls_x509_crt_set_crl_dist_points2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{reason_flags})
3103 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3105 @var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations
3107 @var{data}: The data to be set
3109 @var{data_size}: The data size
3111 @var{reason_flags}: revocation reasons
3113 This function will set the CRL distribution points certificate extension.
3115 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3116 negative error value.
3118 @strong{Since:} 2.6.0
3121 @subheading gnutls_x509_crt_set_crq
3122 @anchor{gnutls_x509_crt_set_crq}
3123 @deftypefun {int} {gnutls_x509_crt_set_crq} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq})
3124 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3126 @var{crq}: holds a certificate request
3128 This function will set the name and public parameters as well as
3129 the extensions from the given certificate request to the certificate.
3130 Only RSA keys are currently supported.
3132 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3133 negative error value.
3136 @subheading gnutls_x509_crt_set_crq_extensions
3137 @anchor{gnutls_x509_crt_set_crq_extensions}
3138 @deftypefun {int} {gnutls_x509_crt_set_crq_extensions} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq})
3139 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3141 @var{crq}: holds a certificate request
3143 This function will set extensions from the given request to the
3146 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3147 negative error value.
3149 @strong{Since:} 2.8.0
3152 @subheading gnutls_x509_crt_set_dn_by_oid
3153 @anchor{gnutls_x509_crt_set_dn_by_oid}
3154 @deftypefun {int} {gnutls_x509_crt_set_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})
3155 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3157 @var{oid}: holds an Object Identifier in a null terminated string
3159 @var{raw_flag}: must be 0, or 1 if the data are DER encoded
3161 @var{name}: a pointer to the name
3163 @var{sizeof_name}: holds the size of @code{name}
3165 This function will set the part of the name of the Certificate
3166 subject, specified by the given OID. The input string should be
3167 ASCII or UTF-8 encoded.
3169 Some helper macros with popular OIDs can be found in gnutls/x509.h
3170 With this function you can only set the known OIDs. You can test
3171 for known OIDs using @code{gnutls_x509_dn_oid_known()} . For OIDs that are
3172 not known (by gnutls) you should properly DER encode your data,
3173 and call this function with @code{raw_flag} set.
3175 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3176 negative error value.
3179 @subheading gnutls_x509_crt_set_expiration_time
3180 @anchor{gnutls_x509_crt_set_expiration_time}
3181 @deftypefun {int} {gnutls_x509_crt_set_expiration_time} (gnutls_x509_crt_t @var{cert}, time_t @var{exp_time})
3182 @var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3184 @var{exp_time}: The actual time
3186 This function will set the time this Certificate will expire.
3188 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3189 negative error value.
3192 @subheading gnutls_x509_crt_set_extension_by_oid
3193 @anchor{gnutls_x509_crt_set_extension_by_oid}
3194 @deftypefun {int} {gnutls_x509_crt_set_extension_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical})
3195 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3197 @var{oid}: holds an Object Identified in null terminated string
3199 @var{buf}: a pointer to a DER encoded data
3201 @var{sizeof_buf}: holds the size of @code{buf}
3203 @var{critical}: should be non (0) if the extension is to be marked as critical
3205 This function will set an the extension, by the specified OID, in
3206 the certificate. The extension data should be binary data DER
3209 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3210 negative error value.
3213 @subheading gnutls_x509_crt_set_issuer_dn_by_oid
3214 @anchor{gnutls_x509_crt_set_issuer_dn_by_oid}
3215 @deftypefun {int} {gnutls_x509_crt_set_issuer_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})
3216 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3218 @var{oid}: holds an Object Identifier in a null terminated string
3220 @var{raw_flag}: must be 0, or 1 if the data are DER encoded
3222 @var{name}: a pointer to the name
3224 @var{sizeof_name}: holds the size of @code{name}
3226 This function will set the part of the name of the Certificate
3227 issuer, specified by the given OID. The input string should be
3228 ASCII or UTF-8 encoded.
3230 Some helper macros with popular OIDs can be found in gnutls/x509.h
3231 With this function you can only set the known OIDs. You can test
3232 for known OIDs using @code{gnutls_x509_dn_oid_known()} . For OIDs that are
3233 not known (by gnutls) you should properly DER encode your data,
3234 and call this function with @code{raw_flag} set.
3236 Normally you do not need to call this function, since the signing
3237 operation will copy the signer's name as the issuer of the
3240 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3241 negative error value.
3244 @subheading gnutls_x509_crt_set_key
3245 @anchor{gnutls_x509_crt_set_key}
3246 @deftypefun {int} {gnutls_x509_crt_set_key} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{key})
3247 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3249 @var{key}: holds a private key
3251 This function will set the public parameters from the given
3252 private key to the certificate. Only RSA keys are currently
3255 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3256 negative error value.
3259 @subheading gnutls_x509_crt_set_key_purpose_oid
3260 @anchor{gnutls_x509_crt_set_key_purpose_oid}
3261 @deftypefun {int} {gnutls_x509_crt_set_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, const void * @var{oid}, unsigned int @var{critical})
3262 @var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3264 @var{oid}: a pointer to a null terminated string that holds the OID
3266 @var{critical}: Whether this extension will be critical or not
3268 This function will set the key purpose OIDs of the Certificate.
3269 These are stored in the Extended Key Usage extension (2.5.29.37)
3270 See the GNUTLS_KP_* definitions for human readable names.
3272 Subsequent calls to this function will append OIDs to the OID list.
3274 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned,
3275 otherwise a negative error code is returned.
3278 @subheading gnutls_x509_crt_set_key_usage
3279 @anchor{gnutls_x509_crt_set_key_usage}
3280 @deftypefun {int} {gnutls_x509_crt_set_key_usage} (gnutls_x509_crt_t @var{crt}, unsigned int @var{usage})
3281 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3283 @var{usage}: an ORed sequence of the GNUTLS_KEY_* elements.
3285 This function will set the keyUsage certificate extension.
3287 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3288 negative error value.
3291 @subheading gnutls_x509_crt_set_private_key_usage_period
3292 @anchor{gnutls_x509_crt_set_private_key_usage_period}
3293 @deftypefun {int} {gnutls_x509_crt_set_private_key_usage_period} (gnutls_x509_crt_t @var{crt}, time_t @var{activation}, time_t @var{expiration})
3294 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3296 @var{activation}: The activation time
3298 @var{expiration}: The expiration time
3300 This function will set the private key usage period extension (2.5.29.16).
3302 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3303 negative error value.
3306 @subheading gnutls_x509_crt_set_proxy
3307 @anchor{gnutls_x509_crt_set_proxy}
3308 @deftypefun {int} {gnutls_x509_crt_set_proxy} (gnutls_x509_crt_t @var{crt}, int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy})
3309 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3311 @var{pathLenConstraint}: non-negative error codes indicate maximum length of path,
3312 and negative error codes indicate that the pathLenConstraints field should
3315 @var{policyLanguage}: OID describing the language of @code{policy} .
3317 @var{policy}: uint8_t byte array with policy language, can be @code{NULL}
3319 @var{sizeof_policy}: size of @code{policy} .
3321 This function will set the proxyCertInfo extension.
3323 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3324 negative error value.
3327 @subheading gnutls_x509_crt_set_proxy_dn
3328 @anchor{gnutls_x509_crt_set_proxy_dn}
3329 @deftypefun {int} {gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name})
3330 @var{crt}: a gnutls_x509_crt_t structure with the new proxy cert
3332 @var{eecrt}: the end entity certificate that will be issuing the proxy
3334 @var{raw_flag}: must be 0, or 1 if the CN is DER encoded
3336 @var{name}: a pointer to the CN name, may be NULL (but MUST then be added later)
3338 @var{sizeof_name}: holds the size of @code{name}
3340 This function will set the subject in @code{crt} to the end entity's
3341 @code{eecrt} subject name, and add a single Common Name component @code{name} of size @code{sizeof_name} . This corresponds to the required proxy
3342 certificate naming style. Note that if @code{name} is @code{NULL} , you MUST
3343 set it later by using @code{gnutls_x509_crt_set_dn_by_oid()} or similar.
3345 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3346 negative error value.
3349 @subheading gnutls_x509_crt_set_serial
3350 @anchor{gnutls_x509_crt_set_serial}
3351 @deftypefun {int} {gnutls_x509_crt_set_serial} (gnutls_x509_crt_t @var{cert}, const void * @var{serial}, size_t @var{serial_size})
3352 @var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3354 @var{serial}: The serial number
3356 @var{serial_size}: Holds the size of the serial field.
3358 This function will set the X.509 certificate's serial number.
3359 Serial is not always a 32 or 64bit number. Some CAs use large
3360 serial numbers, thus it may be wise to handle it as something
3363 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3364 negative error value.
3367 @subheading gnutls_x509_crt_set_subject_alt_name
3368 @anchor{gnutls_x509_crt_set_subject_alt_name}
3369 @deftypefun {int} {gnutls_x509_crt_set_subject_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags})
3370 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3372 @var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations
3374 @var{data}: The data to be set
3376 @var{data_size}: The size of data to be set
3378 @var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append.
3380 This function will set the subject alternative name certificate
3381 extension. It can set the following types:
3383 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3384 negative error value.
3386 @strong{Since:} 2.6.0
3389 @subheading gnutls_x509_crt_set_subject_alternative_name
3390 @anchor{gnutls_x509_crt_set_subject_alternative_name}
3391 @deftypefun {int} {gnutls_x509_crt_set_subject_alternative_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const char * @var{data_string})
3392 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3394 @var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations
3396 @var{data_string}: The data to be set, a (0) terminated string
3398 This function will set the subject alternative name certificate
3399 extension. This function assumes that data can be expressed as a null
3402 The name of the function is unfortunate since it is incosistent with
3403 @code{gnutls_x509_crt_get_subject_alt_name()} .
3405 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3406 negative error value.
3409 @subheading gnutls_x509_crt_set_subject_key_id
3410 @anchor{gnutls_x509_crt_set_subject_key_id}
3411 @deftypefun {int} {gnutls_x509_crt_set_subject_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size})
3412 @var{cert}: a certificate of type @code{gnutls_x509_crt_t}
3414 @var{id}: The key ID
3416 @var{id_size}: Holds the size of the serial field.
3418 This function will set the X.509 certificate's subject key ID
3421 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3422 negative error value.
3425 @subheading gnutls_x509_crt_set_version
3426 @anchor{gnutls_x509_crt_set_version}
3427 @deftypefun {int} {gnutls_x509_crt_set_version} (gnutls_x509_crt_t @var{crt}, unsigned int @var{version})
3428 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3430 @var{version}: holds the version number. For X.509v1 certificates must be 1.
3432 This function will set the version of the certificate. This must
3433 be one for X.509 version 1, and so on. Plain certificates without
3434 extensions must have version set to one.
3436 To create well-formed certificates, you must specify version 3 if
3437 you use any certificate extensions. Extensions are created by
3438 functions such as @code{gnutls_x509_crt_set_subject_alt_name()}
3439 or @code{gnutls_x509_crt_set_key_usage()} .
3441 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3442 negative error value.
3445 @subheading gnutls_x509_crt_sign
3446 @anchor{gnutls_x509_crt_sign}
3447 @deftypefun {int} {gnutls_x509_crt_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key})
3448 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3450 @var{issuer}: is the certificate of the certificate issuer
3452 @var{issuer_key}: holds the issuer's private key
3454 This function is the same a @code{gnutls_x509_crt_sign2()} with no flags,
3455 and SHA1 as the hash algorithm.
3457 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3458 negative error value.
3461 @subheading gnutls_x509_crt_sign2
3462 @anchor{gnutls_x509_crt_sign2}
3463 @deftypefun {int} {gnutls_x509_crt_sign2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags})
3464 @var{crt}: a certificate of type @code{gnutls_x509_crt_t}
3466 @var{issuer}: is the certificate of the certificate issuer
3468 @var{issuer_key}: holds the issuer's private key
3470 @var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA1} is a safe choice
3472 @var{flags}: must be 0
3474 This function will sign the certificate with the issuer's private key, and
3475 will copy the issuer's information into the certificate.
3477 This must be the last step in a certificate generation since all
3478 the previously set parameters are now signed.
3480 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3481 negative error value.
3484 @subheading gnutls_x509_crt_verify
3485 @anchor{gnutls_x509_crt_verify}
3486 @deftypefun {int} {gnutls_x509_crt_verify} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crt_t * @var{CA_list}, int @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify})
3487 @var{cert}: is the certificate to be verified
3489 @var{CA_list}: is one certificate that is considered to be trusted one
3491 @var{CA_list_length}: holds the number of CA certificate in CA_list
3493 @var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
3495 @var{verify}: will hold the certificate verification output.
3497 This function will try to verify the given certificate and return
3500 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3501 negative error value.
3504 @subheading gnutls_x509_dn_deinit
3505 @anchor{gnutls_x509_dn_deinit}
3506 @deftypefun {void} {gnutls_x509_dn_deinit} (gnutls_x509_dn_t @var{dn})
3507 @var{dn}: a DN uint8_t object pointer.
3509 This function deallocates the DN object as returned by
3510 @code{gnutls_x509_dn_import()} .
3512 @strong{Since:} 2.4.0
3515 @subheading gnutls_x509_dn_export
3516 @anchor{gnutls_x509_dn_export}
3517 @deftypefun {int} {gnutls_x509_dn_export} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
3518 @var{dn}: Holds the uint8_t DN object
3520 @var{format}: the format of output params. One of PEM or DER.
3522 @var{output_data}: will contain a DN PEM or DER encoded
3524 @var{output_data_size}: holds the size of output_data (and will be
3525 replaced by the actual size of parameters)
3527 This function will export the DN to DER or PEM format.
3529 If the buffer provided is not long enough to hold the output, then
3530 * @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}
3533 If the structure is PEM encoded, it will have a header
3536 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3537 negative error value.
3540 @subheading gnutls_x509_dn_get_rdn_ava
3541 @anchor{gnutls_x509_dn_get_rdn_ava}
3542 @deftypefun {int} {gnutls_x509_dn_get_rdn_ava} (gnutls_x509_dn_t @var{dn}, int @var{irdn}, int @var{iava}, gnutls_x509_ava_st * @var{ava})
3543 @var{dn}: input variable with uint8_t DN pointer
3545 @var{irdn}: index of RDN
3547 @var{iava}: index of AVA.
3549 @var{ava}: Pointer to structure which will hold output information.
3551 Get pointers to data within the DN.
3553 Note that @code{ava} will contain pointers into the @code{dn} structure, so you
3554 should not modify any data or deallocate it. Note also that the DN
3555 in turn points into the original certificate structure, and thus
3556 you may not deallocate the certificate and continue to access @code{dn} .
3558 @strong{Returns:} Returns 0 on success, or an error code.
3561 @subheading gnutls_x509_dn_import
3562 @anchor{gnutls_x509_dn_import}
3563 @deftypefun {int} {gnutls_x509_dn_import} (gnutls_x509_dn_t @var{dn}, const gnutls_datum_t * @var{data})
3564 @var{dn}: the structure that will hold the imported DN
3566 @var{data}: should contain a DER encoded RDN sequence
3568 This function parses an RDN sequence and stores the result to a
3569 @code{gnutls_x509_dn_t} structure. The structure must have been initialized
3570 with @code{gnutls_x509_dn_init()} . You may use @code{gnutls_x509_dn_get_rdn_ava()} to
3573 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3574 negative error value.
3576 @strong{Since:} 2.4.0
3579 @subheading gnutls_x509_dn_init
3580 @anchor{gnutls_x509_dn_init}
3581 @deftypefun {int} {gnutls_x509_dn_init} (gnutls_x509_dn_t * @var{dn})
3582 @var{dn}: the object to be initialized
3584 This function initializes a @code{gnutls_x509_dn_t} structure.
3586 The object returned must be deallocated using
3587 @code{gnutls_x509_dn_deinit()} .
3589 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3590 negative error value.
3592 @strong{Since:} 2.4.0
3595 @subheading gnutls_x509_dn_oid_known
3596 @anchor{gnutls_x509_dn_oid_known}
3597 @deftypefun {int} {gnutls_x509_dn_oid_known} (const char * @var{oid})
3598 @var{oid}: holds an Object Identifier in a null terminated string
3600 This function will inform about known DN OIDs. This is useful since
3601 functions like @code{gnutls_x509_crt_set_dn_by_oid()} use the information
3602 on known OIDs to properly encode their input. Object Identifiers
3603 that are not known are not encoded by these functions, and their
3604 input is stored directly into the ASN.1 structure. In that case of
3605 unknown OIDs, you have the responsibility of DER encoding your
3608 @strong{Returns:} 1 on known OIDs and 0 otherwise.
3611 @subheading gnutls_x509_dn_oid_name
3612 @anchor{gnutls_x509_dn_oid_name}
3613 @deftypefun {const char*} {gnutls_x509_dn_oid_name} (const char * @var{oid}, unsigned int @var{flags})
3614 @var{oid}: holds an Object Identifier in a null terminated string
3616 @var{flags}: 0 or @code{GNUTLS_X509_DN_OID_} *
3618 This function will return the name of a known DN OID. If
3619 @code{GNUTLS_X509_DN_OID_RETURN_OID} is specified this function
3620 will return the given OID if no descriptive name has been
3623 @strong{Returns:} A null terminated string or NULL otherwise.
3628 @subheading gnutls_x509_privkey_cpy
3629 @anchor{gnutls_x509_privkey_cpy}
3630 @deftypefun {int} {gnutls_x509_privkey_cpy} (gnutls_x509_privkey_t @var{dst}, gnutls_x509_privkey_t @var{src})
3631 @var{dst}: The destination key, which should be initialized.
3633 @var{src}: The source key
3635 This function will copy a private key from source to destination
3636 key. Destination has to be initialized.
3638 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3639 negative error value.
3642 @subheading gnutls_x509_privkey_deinit
3643 @anchor{gnutls_x509_privkey_deinit}
3644 @deftypefun {void} {gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t @var{key})
3645 @var{key}: The structure to be deinitialized
3647 This function will deinitialize a private key structure.
3650 @subheading gnutls_x509_privkey_export
3651 @anchor{gnutls_x509_privkey_export}
3652 @deftypefun {int} {gnutls_x509_privkey_export} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size})
3653 @var{key}: Holds the key
3655 @var{format}: the format of output params. One of PEM or DER.
3657 @var{output_data}: will contain a private key PEM or DER encoded
3659 @var{output_data_size}: holds the size of output_data (and will be
3660 replaced by the actual size of parameters)
3662 This function will export the private key to a PKCS1 structure for
3663 RSA keys, or an integer sequence for DSA keys. The DSA keys are in
3664 the same format with the parameters used by openssl.
3666 If the buffer provided is not long enough to hold the output, then
3667 * @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER}
3670 If the structure is PEM encoded, it will have a header
3671 of "BEGIN RSA PRIVATE KEY".
3673 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3674 negative error value.
3677 @subheading gnutls_x509_privkey_export_dsa_raw
3678 @anchor{gnutls_x509_privkey_export_dsa_raw}
3679 @deftypefun {int} {gnutls_x509_privkey_export_dsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x})
3680 @var{key}: a structure that holds the DSA parameters
3682 @var{p}: will hold the p
3684 @var{q}: will hold the q
3686 @var{g}: will hold the g
3688 @var{y}: will hold the y
3690 @var{x}: will hold the x
3692 This function will export the DSA private key's parameters found
3693 in the given structure. The new parameters will be allocated using
3694 @code{gnutls_malloc()} and will be stored in the appropriate datum.
3696 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3697 negative error value.
3700 @subheading gnutls_x509_privkey_export_ecc_raw
3701 @anchor{gnutls_x509_privkey_export_ecc_raw}
3702 @deftypefun {int} {gnutls_x509_privkey_export_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t* @var{k})
3703 @var{key}: a structure that holds the rsa parameters
3705 @var{curve}: will hold the curve
3707 @var{x}: will hold the x coordinate
3709 @var{y}: will hold the y coordinate
3711 @var{k}: will hold the private key
3713 This function will export the ECC private key's parameters found
3714 in the given structure. The new parameters will be allocated using
3715 @code{gnutls_malloc()} and will be stored in the appropriate datum.
3717 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3718 negative error value.
3723 @subheading gnutls_x509_privkey_export_pkcs8
3724 @anchor{gnutls_x509_privkey_export_pkcs8}
3725 @deftypefun {int} {gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, void * @var{output_data}, size_t * @var{output_data_size})
3726 @var{key}: Holds the key
3728 @var{format}: the format of output params. One of PEM or DER.
3730 @var{password}: the password that will be used to encrypt the key.
3732 @var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t
3734 @var{output_data}: will contain a private key PEM or DER encoded
3736 @var{output_data_size}: holds the size of output_data (and will be
3737 replaced by the actual size of parameters)
3739 This function will export the private key to a PKCS8 structure.
3740 Both RSA and DSA keys can be exported. For DSA keys we use
3741 PKCS @code{11} definitions. If the flags do not specify the encryption
3742 cipher, then the default 3DES (PBES2) will be used.
3744 The @code{password} can be either ASCII or UTF-8 in the default PBES2
3745 encryption schemas, or ASCII for the PKCS12 schemas.
3747 If the buffer provided is not long enough to hold the output, then
3748 *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
3751 If the structure is PEM encoded, it will have a header
3752 of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
3753 encryption is not used.
3755 @strong{Returns:} In case of failure a negative error code will be
3756 returned, and 0 on success.
3759 @subheading gnutls_x509_privkey_export_rsa_raw
3760 @anchor{gnutls_x509_privkey_export_rsa_raw}
3761 @deftypefun {int} {gnutls_x509_privkey_export_rsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u})
3762 @var{key}: a structure that holds the rsa parameters
3764 @var{m}: will hold the modulus
3766 @var{e}: will hold the public exponent
3768 @var{d}: will hold the private exponent
3770 @var{p}: will hold the first prime (p)
3772 @var{q}: will hold the second prime (q)
3774 @var{u}: will hold the coefficient
3776 This function will export the RSA private key's parameters found
3777 in the given structure. The new parameters will be allocated using
3778 @code{gnutls_malloc()} and will be stored in the appropriate datum.
3780 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3781 negative error value.
3784 @subheading gnutls_x509_privkey_export_rsa_raw2
3785 @anchor{gnutls_x509_privkey_export_rsa_raw2}
3786 @deftypefun {int} {gnutls_x509_privkey_export_rsa_raw2} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2})
3787 @var{key}: a structure that holds the rsa parameters
3789 @var{m}: will hold the modulus
3791 @var{e}: will hold the public exponent
3793 @var{d}: will hold the private exponent
3795 @var{p}: will hold the first prime (p)
3797 @var{q}: will hold the second prime (q)
3799 @var{u}: will hold the coefficient
3801 @var{e1}: will hold e1 = d mod (p-1)
3803 @var{e2}: will hold e2 = d mod (q-1)
3805 This function will export the RSA private key's parameters found
3806 in the given structure. The new parameters will be allocated using
3807 @code{gnutls_malloc()} and will be stored in the appropriate datum.
3809 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3810 negative error value.
3812 @strong{Since:} 2.12.0
3815 @subheading gnutls_x509_privkey_fix
3816 @anchor{gnutls_x509_privkey_fix}
3817 @deftypefun {int} {gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key})
3818 @var{key}: Holds the key
3820 This function will recalculate the secondary parameters in a key.
3821 In RSA keys, this can be the coefficient and exponent1,2.
3823 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3824 negative error value.
3827 @subheading gnutls_x509_privkey_generate
3828 @anchor{gnutls_x509_privkey_generate}
3829 @deftypefun {int} {gnutls_x509_privkey_generate} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags})
3830 @var{key}: should contain a @code{gnutls_x509_privkey_t} structure
3832 @var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} .
3834 @var{bits}: the size of the modulus
3836 @var{flags}: unused for now. Must be 0.
3838 This function will generate a random private key. Note that this
3839 function must be called on an empty private key.
3841 Do not set the number of bits directly, use @code{gnutls_sec_param_to_pk_bits()} .
3843 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3844 negative error value.
3847 @subheading gnutls_x509_privkey_get_key_id
3848 @anchor{gnutls_x509_privkey_get_key_id}
3849 @deftypefun {int} {gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size})
3850 @var{key}: Holds the key
3852 @var{flags}: should be 0 for now
3854 @var{output_data}: will contain the key ID
3856 @var{output_data_size}: holds the size of output_data (and will be
3857 replaced by the actual size of parameters)
3859 This function will return a unique ID the depends on the public key
3860 parameters. This ID can be used in checking whether a certificate
3861 corresponds to the given key.
3863 If the buffer provided is not long enough to hold the output, then
3864 * @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will
3865 be returned. The output will normally be a SHA-1 hash output,
3868 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3869 negative error value.
3872 @subheading gnutls_x509_privkey_get_pk_algorithm
3873 @anchor{gnutls_x509_privkey_get_pk_algorithm}
3874 @deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm} (gnutls_x509_privkey_t @var{key})
3875 @var{key}: should contain a @code{gnutls_x509_privkey_t} structure
3877 This function will return the public key algorithm of a private
3880 @strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on
3881 success, or a negative error code on error.
3884 @subheading gnutls_x509_privkey_import
3885 @anchor{gnutls_x509_privkey_import}
3886 @deftypefun {int} {gnutls_x509_privkey_import} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format})
3887 @var{key}: The structure to store the parsed key
3889 @var{data}: The DER or PEM encoded certificate.
3891 @var{format}: One of DER or PEM
3893 This function will convert the given DER or PEM encoded key to the
3894 native @code{gnutls_x509_privkey_t} format. The output will be stored in
3897 If the key is PEM encoded it should have a header that contains "PRIVATE
3898 KEY". Note that this function falls back to PKCS @code{8} decoding without
3899 password, if the default format fails to import.
3901 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3902 negative error value.
3905 @subheading gnutls_x509_privkey_import_dsa_raw
3906 @anchor{gnutls_x509_privkey_import_dsa_raw}
3907 @deftypefun {int} {gnutls_x509_privkey_import_dsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x})
3908 @var{key}: The structure to store the parsed key
3910 @var{p}: holds the p
3912 @var{q}: holds the q
3914 @var{g}: holds the g
3916 @var{y}: holds the y
3918 @var{x}: holds the x
3920 This function will convert the given DSA raw parameters to the
3921 native @code{gnutls_x509_privkey_t} format. The output will be stored
3924 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3925 negative error value.
3928 @subheading gnutls_x509_privkey_import_ecc_raw
3929 @anchor{gnutls_x509_privkey_import_ecc_raw}
3930 @deftypefun {int} {gnutls_x509_privkey_import_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k})
3931 @var{key}: The structure to store the parsed key
3933 @var{curve}: holds the curve
3935 @var{x}: holds the x
3937 @var{y}: holds the y
3939 @var{k}: holds the k
3941 This function will convert the given elliptic curve parameters to the
3942 native @code{gnutls_x509_privkey_t} format. The output will be stored
3945 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3946 negative error value.
3951 @subheading gnutls_x509_privkey_import_pkcs8
3952 @anchor{gnutls_x509_privkey_import_pkcs8}
3953 @deftypefun {int} {gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags})
3954 @var{key}: The structure to store the parsed key
3956 @var{data}: The DER or PEM encoded key.
3958 @var{format}: One of DER or PEM
3960 @var{password}: the password to decrypt the key (if it is encrypted).
3962 @var{flags}: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
3964 This function will convert the given DER or PEM encoded PKCS8 2.0
3965 encrypted key to the native gnutls_x509_privkey_t format. The
3966 output will be stored in @code{key} . Both RSA and DSA keys can be
3967 imported, and flags can only be used to indicate an unencrypted
3970 The @code{password} can be either ASCII or UTF-8 in the default PBES2
3971 encryption schemas, or ASCII for the PKCS12 schemas.
3973 If the Certificate is PEM encoded it should have a header of
3974 "ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to
3975 specify the flags if the key is DER encoded, since in that case
3976 the encryption status cannot be auto-detected.
3978 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
3979 negative error value.
3982 @subheading gnutls_x509_privkey_import_rsa_raw
3983 @anchor{gnutls_x509_privkey_import_rsa_raw}
3984 @deftypefun {int} {gnutls_x509_privkey_import_rsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u})
3985 @var{key}: The structure to store the parsed key
3987 @var{m}: holds the modulus
3989 @var{e}: holds the public exponent
3991 @var{d}: holds the private exponent
3993 @var{p}: holds the first prime (p)
3995 @var{q}: holds the second prime (q)
3997 @var{u}: holds the coefficient
3999 This function will convert the given RSA raw parameters to the
4000 native @code{gnutls_x509_privkey_t} format. The output will be stored in
4003 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
4004 negative error value.
4007 @subheading gnutls_x509_privkey_import_rsa_raw2
4008 @anchor{gnutls_x509_privkey_import_rsa_raw2}
4009 @deftypefun {int} {gnutls_x509_privkey_import_rsa_raw2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2})
4010 @var{key}: The structure to store the parsed key
4012 @var{m}: holds the modulus
4014 @var{e}: holds the public exponent
4016 @var{d}: holds the private exponent
4018 @var{p}: holds the first prime (p)
4020 @var{q}: holds the second prime (q)
4022 @var{u}: holds the coefficient
4024 @var{e1}: holds e1 = d mod (p-1)
4026 @var{e2}: holds e2 = d mod (q-1)
4028 This function will convert the given RSA raw parameters to the
4029 native @code{gnutls_x509_privkey_t} format. The output will be stored in
4032 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
4033 negative error value.
4036 @subheading gnutls_x509_privkey_init
4037 @anchor{gnutls_x509_privkey_init}
4038 @deftypefun {int} {gnutls_x509_privkey_init} (gnutls_x509_privkey_t * @var{key})
4039 @var{key}: The structure to be initialized
4041 This function will initialize an private key structure.
4043 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
4044 negative error value.
4047 @subheading gnutls_x509_privkey_sec_param
4048 @anchor{gnutls_x509_privkey_sec_param}
4049 @deftypefun {gnutls_sec_param_t} {gnutls_x509_privkey_sec_param} (gnutls_x509_privkey_t @var{key})
4050 @var{key}: a key structure
4052 This function will return the security parameter appropriate with
4055 @strong{Returns:} On success, a valid security parameter is returned otherwise
4056 @code{GNUTLS_SEC_PARAM_UNKNOWN} is returned.
4058 @strong{Since:} 2.12.0
4061 @subheading gnutls_x509_privkey_verify_params
4062 @anchor{gnutls_x509_privkey_verify_params}
4063 @deftypefun {int} {gnutls_x509_privkey_verify_params} (gnutls_x509_privkey_t @var{key})
4064 @var{key}: should contain a @code{gnutls_x509_privkey_t} structure
4066 This function will verify the private key parameters.
4068 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
4069 negative error value.
4072 @subheading gnutls_x509_rdn_get
4073 @anchor{gnutls_x509_rdn_get}
4074 @deftypefun {int} {gnutls_x509_rdn_get} (const gnutls_datum_t * @var{idn}, char * @var{buf}, size_t * @var{sizeof_buf})
4075 @var{idn}: should contain a DER encoded RDN sequence
4077 @var{buf}: a pointer to a structure to hold the peer's name
4079 @var{sizeof_buf}: holds the size of @code{buf}
4081 This function will return the name of the given RDN sequence. The
4082 name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in
4085 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or
4086 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{sizeof_buf} is
4087 updated if the provided buffer is not long enough, otherwise a
4088 negative error value.
4091 @subheading gnutls_x509_rdn_get_by_oid
4092 @anchor{gnutls_x509_rdn_get_by_oid}
4093 @deftypefun {int} {gnutls_x509_rdn_get_by_oid} (const gnutls_datum_t * @var{idn}, const char * @var{oid}, int @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf})
4094 @var{idn}: should contain a DER encoded RDN sequence
4096 @var{oid}: an Object Identifier
4098 @var{indx}: In case multiple same OIDs exist in the RDN indicates which
4099 to send. Use 0 for the first one.
4101 @var{raw_flag}: If non (0) then the raw DER data are returned.
4103 @var{buf}: a pointer to a structure to hold the peer's name
4105 @var{sizeof_buf}: holds the size of @code{buf}
4107 This function will return the name of the given Object identifier,
4108 of the RDN sequence. The name will be encoded using the rules
4111 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or
4112 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{sizeof_buf} is
4113 updated if the provided buffer is not long enough, otherwise a
4114 negative error value.
4117 @subheading gnutls_x509_rdn_get_oid
4118 @anchor{gnutls_x509_rdn_get_oid}
4119 @deftypefun {int} {gnutls_x509_rdn_get_oid} (const gnutls_datum_t * @var{idn}, int @var{indx}, void * @var{buf}, size_t * @var{sizeof_buf})
4120 @var{idn}: should contain a DER encoded RDN sequence
4122 @var{indx}: Indicates which OID to return. Use 0 for the first one.
4124 @var{buf}: a pointer to a structure to hold the peer's name OID
4126 @var{sizeof_buf}: holds the size of @code{buf}
4128 This function will return the specified Object identifier, of the
4131 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or
4132 @code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{sizeof_buf} is
4133 updated if the provided buffer is not long enough, otherwise a
4134 negative error value.
4136 @strong{Since:} 2.4.0
4139 @subheading gnutls_x509_trust_list_add_cas
4140 @anchor{gnutls_x509_trust_list_add_cas}
4141 @deftypefun {int} {gnutls_x509_trust_list_add_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, int @var{clist_size}, unsigned int @var{flags})
4142 @var{list}: The structure of the list
4144 @var{clist}: A list of CAs
4146 @var{clist_size}: The length of the CA list
4148 @var{flags}: should be 0.
4150 This function will add the given certificate authorities
4151 to the trusted list. The list of CAs must not be deinitialized
4152 during this structure's lifetime.
4154 @strong{Returns:} The number of added elements is returned.
4159 @subheading gnutls_x509_trust_list_add_crls
4160 @anchor{gnutls_x509_trust_list_add_crls}
4161 @deftypefun {int} {gnutls_x509_trust_list_add_crls} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crl_t * @var{crl_list}, int @var{crl_size}, unsigned int @var{flags}, unsigned int @var{verification_flags})
4162 @var{list}: The structure of the list
4164 @var{crl_list}: A list of CRLs
4166 @var{crl_size}: The length of the CRL list
4168 @var{flags}: if GNUTLS_TL_VERIFY_CRL is given the CRLs will be verified before being added.
4170 @var{verification_flags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL
4172 This function will add the given certificate revocation lists
4173 to the trusted list. The list of CRLs must not be deinitialized
4174 during this structure's lifetime.
4176 This function must be called after @code{gnutls_x509_trust_list_add_cas()}
4177 to allow verifying the CRLs for validity.
4179 @strong{Returns:} The number of added elements is returned.
4184 @subheading gnutls_x509_trust_list_add_named_crt
4185 @anchor{gnutls_x509_trust_list_add_named_crt}
4186 @deftypefun {int} {gnutls_x509_trust_list_add_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags})
4187 @var{list}: The structure of the list
4189 @var{cert}: A certificate
4191 @var{name}: An identifier for the certificate
4193 @var{name_size}: The size of the identifier
4195 @var{flags}: should be 0.
4197 This function will add the given certificate to the trusted
4198 list and associate it with a name. The certificate will not be
4199 be used for verification with @code{gnutls_x509_trust_list_verify_crt()}
4200 but only with @code{gnutls_x509_trust_list_verify_named_crt()} .
4202 In principle this function can be used to set individual "server"
4203 certificates that are trusted by the user for that specific server
4204 but for no other purposes.
4206 The certificate must not be deinitialized during the lifetime
4207 of the trusted list.
4209 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
4210 negative error value.
4215 @subheading gnutls_x509_trust_list_deinit
4216 @anchor{gnutls_x509_trust_list_deinit}
4217 @deftypefun {void} {gnutls_x509_trust_list_deinit} (gnutls_x509_trust_list_t @var{list}, unsigned int @var{all})
4218 @var{list}: The structure to be deinitialized
4220 @var{all}: if non-(0) it will deinitialize all the certificates and CRLs contained in the structure.
4222 This function will deinitialize a trust list.
4227 @subheading gnutls_x509_trust_list_get_issuer
4228 @anchor{gnutls_x509_trust_list_get_issuer}
4229 @deftypefun {int} {gnutls_x509_trust_list_get_issuer} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags})
4230 @var{list}: The structure of the list
4232 @var{cert}: is the certificate to find issuer for
4234 @var{issuer}: Will hold the issuer if any. Should be treated as constant.
4236 @var{flags}: Use (0).
4238 This function will attempt to find the issuer of the
4241 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
4242 negative error value.
4247 @subheading gnutls_x509_trust_list_init
4248 @anchor{gnutls_x509_trust_list_init}
4249 @deftypefun {int} {gnutls_x509_trust_list_init} (gnutls_x509_trust_list_t * @var{list}, unsigned int @var{size})
4250 @var{list}: The structure to be initialized
4252 @var{size}: The size of the internal hash table. Use (0) for default size.
4254 This function will initialize an X.509 trust list structure.
4256 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
4257 negative error value.
4262 @subheading gnutls_x509_trust_list_verify_crt
4263 @anchor{gnutls_x509_trust_list_verify_crt}
4264 @deftypefun {int} {gnutls_x509_trust_list_verify_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, unsigned int @var{flags}, unsigned int * @var{verify}, gnutls_verify_output_function @var{func})
4265 @var{list}: The structure of the list
4267 @var{cert_list}: is the certificate list to be verified
4269 @var{cert_list_size}: is the certificate list size
4271 @var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
4273 @var{verify}: will hold the certificate verification output.
4275 @var{func}: If non-null will be called on each chain element verification with the output.
4277 This function will try to verify the given certificate and return
4280 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
4281 negative error value.
4286 @subheading gnutls_x509_trust_list_verify_named_crt
4287 @anchor{gnutls_x509_trust_list_verify_named_crt}
4288 @deftypefun {int} {gnutls_x509_trust_list_verify_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}, unsigned int * @var{verify}, gnutls_verify_output_function @var{func})
4289 @var{list}: The structure of the list
4291 @var{cert}: is the certificate to be verified
4293 @var{name}: is the certificate's name
4295 @var{name_size}: is the certificate's name size
4297 @var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
4299 @var{verify}: will hold the certificate verification output.
4301 @var{func}: If non-null will be called on each chain element verification with the output.
4303 This function will try to find a matching named certificate. If a
4304 match is found the certificate is considered valid. In addition to that
4305 this function will also check CRLs.
4307 @strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
4308 negative error value.