2 * Copyright (C) 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
4 * Author: Simon Josefsson
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25 /* Functions for printing X.509 Certificate structures
28 #include <gnutls_int.h>
30 #include <gnutls_x509.h>
32 #include <gnutls_num.h>
33 #include <gnutls_errors.h>
36 /* I18n of error codes. */
38 #define _(String) dgettext (PACKAGE, String)
40 #define addf _gnutls_buffer_append_printf
41 #define adds _gnutls_buffer_append_str
43 #define ERROR_STR (char*) "(error)"
46 hexdump (gnutls_buffer_st * str, const char *data, size_t len,
53 for (j = 0; j < len; j++)
55 if (((j + 1) % 16) == 0)
57 addf (str, "%.2x\n", (unsigned char) data[j]);
58 if (spc && j != (len - 1))
61 else if (j == (len - 1))
62 addf (str, "%.2x", (unsigned char) data[j]);
64 addf (str, "%.2x:", (unsigned char) data[j]);
71 hexprint (gnutls_buffer_st * str, const char *data, size_t len)
79 for (j = 0; j < len; j++)
80 addf (str, "%.2x", (unsigned char) data[j]);
86 asciiprint (gnutls_buffer_st * str, const char *data, size_t len)
90 for (j = 0; j < len; j++)
91 if (c_isprint (data[j]))
92 addf (str, "%c", (unsigned char) data[j]);
98 ip_to_string (void *_ip, int ip_size, char *string, int string_size)
102 if (ip_size != 4 && ip_size != 16)
108 if (ip_size == 4 && string_size < 16)
114 if (ip_size == 16 && string_size < 48)
124 snprintf (string, string_size, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
127 snprintf (string, string_size, "%x:%x:%x:%x:%x:%x:%x:%x",
128 (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3],
129 (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7],
130 (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11],
131 (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]);
139 print_proxy (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
142 char *policyLanguage;
147 err = gnutls_x509_crt_get_proxy (cert, NULL,
148 &pathlen, &policyLanguage,
152 addf (str, "error: get_proxy: %s\n", gnutls_strerror (err));
157 addf (str, _("\t\t\tPath Length Constraint: %d\n"), pathlen);
158 addf (str, _("\t\t\tPolicy Language: %s"), policyLanguage);
159 if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
160 adds (str, " (id-ppl-inheritALL)\n");
161 else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
162 adds (str, " (id-ppl-independent)\n");
167 adds (str, _("\t\t\tPolicy:\n\t\t\t\tASCII: "));
168 asciiprint (str, policy, npolicy);
169 adds (str, _("\n\t\t\t\tHexdump: "));
170 hexprint (str, policy, npolicy);
176 print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
182 err = gnutls_x509_crt_get_subject_key_id (cert, buffer, &size, NULL);
183 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
185 addf (str, "error: get_subject_key_id: %s\n", gnutls_strerror (err));
189 buffer = gnutls_malloc (size);
192 addf (str, "error: malloc: %s\n",
193 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
197 err = gnutls_x509_crt_get_subject_key_id (cert, buffer, &size, NULL);
200 gnutls_free (buffer);
201 addf (str, "error: get_subject_key_id2: %s\n", gnutls_strerror (err));
205 adds (str, "\t\t\t");
206 hexprint (str, buffer, size);
209 gnutls_free (buffer);
216 #define TYPE_CRT_SAN TYPE_CRT
217 #define TYPE_CRQ_SAN TYPE_CRQ
218 #define TYPE_CRT_IAN 4
222 gnutls_x509_crt_t crt;
223 gnutls_x509_crq_t crq;
224 gnutls_x509_crl_t crl;
228 print_aki (gnutls_buffer_st * str, int type, cert_type_t cert)
234 if (type == TYPE_CRT)
236 gnutls_x509_crt_get_authority_key_id (cert.crt, buffer, &size, NULL);
237 else if (type == TYPE_CRL)
239 gnutls_x509_crl_get_authority_key_id (cert.crl, buffer, &size, NULL);
246 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
248 addf (str, "error: get_authority_key_id: %s\n", gnutls_strerror (err));
252 buffer = gnutls_malloc (size);
255 addf (str, "error: malloc: %s\n",
256 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
260 if (type == TYPE_CRT)
262 gnutls_x509_crt_get_authority_key_id (cert.crt, buffer, &size, NULL);
265 gnutls_x509_crl_get_authority_key_id (cert.crl, buffer, &size, NULL);
269 gnutls_free (buffer);
270 addf (str, "error: get_authority_key_id2: %s\n", gnutls_strerror (err));
274 adds (str, "\t\t\t");
275 hexprint (str, buffer, size);
278 gnutls_free (buffer);
282 print_key_usage (gnutls_buffer_st * str, const char *prefix, int type,
285 unsigned int key_usage;
288 if (type == TYPE_CRT)
289 err = gnutls_x509_crt_get_key_usage (cert.crt, &key_usage, NULL);
290 else if (type == TYPE_CRQ)
291 err = gnutls_x509_crq_get_key_usage (cert.crq, &key_usage, NULL);
297 addf (str, "error: get_key_usage: %s\n", gnutls_strerror (err));
301 if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
302 addf (str, _("%s\t\t\tDigital signature.\n"), prefix);
303 if (key_usage & GNUTLS_KEY_NON_REPUDIATION)
304 addf (str, _("%s\t\t\tNon repudiation.\n"), prefix);
305 if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
306 addf (str, _("%s\t\t\tKey encipherment.\n"), prefix);
307 if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
308 addf (str, _("%s\t\t\tData encipherment.\n"), prefix);
309 if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
310 addf (str, _("%s\t\t\tKey agreement.\n"), prefix);
311 if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
312 addf (str, _("%s\t\t\tCertificate signing.\n"), prefix);
313 if (key_usage & GNUTLS_KEY_CRL_SIGN)
314 addf (str, _("%s\t\t\tCRL signing.\n"), prefix);
315 if (key_usage & GNUTLS_KEY_ENCIPHER_ONLY)
316 addf (str, _("%s\t\t\tKey encipher only.\n"), prefix);
317 if (key_usage & GNUTLS_KEY_DECIPHER_ONLY)
318 addf (str, _("%s\t\t\tKey decipher only.\n"), prefix);
324 print_crldist (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
333 for (indx = 0;; indx++)
336 err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
338 if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
340 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
342 addf (str, "error: get_crl_dist_points: %s\n",
343 gnutls_strerror (err));
347 buffer = gnutls_malloc (size);
350 addf (str, "error: malloc: %s\n",
351 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
355 err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
359 gnutls_free (buffer);
360 addf (str, "error: get_crl_dist_points2: %s\n",
361 gnutls_strerror (err));
365 if ((err == GNUTLS_SAN_DNSNAME
366 || err == GNUTLS_SAN_RFC822NAME
367 || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
369 adds (str, _("warning: distributionPoint contains an embedded NUL, "
370 "replacing with '!'\n"));
371 while (strlen (buffer) < size)
372 buffer[strlen (buffer)] = '!';
377 case GNUTLS_SAN_DNSNAME:
378 addf (str, "\t\t\tDNSname: %.*s\n", (int) size, buffer);
381 case GNUTLS_SAN_RFC822NAME:
382 addf (str, "\t\t\tRFC822name: %.*s\n", (int) size, buffer);
386 addf (str, "\t\t\tURI: %.*s\n", (int) size, buffer);
389 case GNUTLS_SAN_IPADDRESS:
390 p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
393 addf (str, "\t\t\tIPAddress: %s\n", p);
397 addf (str, "\t\t\tdirectoryName: %.*s\n", (int) size, buffer);
401 addf (str, "error: unknown SAN\n");
404 gnutls_free (buffer);
409 print_key_purpose (gnutls_buffer_st * str, const char *prefix, int type,
417 for (indx = 0;; indx++)
420 if (type == TYPE_CRT)
421 err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
423 else if (type == TYPE_CRQ)
424 err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
429 if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
431 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
433 addf (str, "error: get_key_purpose_oid: %s\n",
434 gnutls_strerror (err));
438 buffer = gnutls_malloc (size);
441 addf (str, "error: malloc: %s\n",
442 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
446 if (type == TYPE_CRT)
447 err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
450 err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
455 gnutls_free (buffer);
456 addf (str, "error: get_key_purpose_oid2: %s\n",
457 gnutls_strerror (err));
461 if (strcmp (buffer, GNUTLS_KP_TLS_WWW_SERVER) == 0)
462 addf (str, _("%s\t\t\tTLS WWW Server.\n"), prefix);
463 else if (strcmp (buffer, GNUTLS_KP_TLS_WWW_CLIENT) == 0)
464 addf (str, _("%s\t\t\tTLS WWW Client.\n"), prefix);
465 else if (strcmp (buffer, GNUTLS_KP_CODE_SIGNING) == 0)
466 addf (str, _("%s\t\t\tCode signing.\n"), prefix);
467 else if (strcmp (buffer, GNUTLS_KP_EMAIL_PROTECTION) == 0)
468 addf (str, _("%s\t\t\tEmail protection.\n"), prefix);
469 else if (strcmp (buffer, GNUTLS_KP_TIME_STAMPING) == 0)
470 addf (str, _("%s\t\t\tTime stamping.\n"), prefix);
471 else if (strcmp (buffer, GNUTLS_KP_OCSP_SIGNING) == 0)
472 addf (str, _("%s\t\t\tOCSP signing.\n"), prefix);
473 else if (strcmp (buffer, GNUTLS_KP_IPSEC_IKE) == 0)
474 addf (str, _("%s\t\t\tIpsec IKE.\n"), prefix);
475 else if (strcmp (buffer, GNUTLS_KP_ANY) == 0)
476 addf (str, _("%s\t\t\tAny purpose.\n"), prefix);
478 addf (str, "%s\t\t\t%s\n", prefix, buffer);
480 gnutls_free (buffer);
487 print_basic (gnutls_buffer_st * str, const char *prefix, int type,
493 if (type == TYPE_CRT)
495 gnutls_x509_crt_get_basic_constraints (cert.crt, NULL, NULL, &pathlen);
496 else if (type == TYPE_CRQ)
498 gnutls_x509_crq_get_basic_constraints (cert.crq, NULL, NULL, &pathlen);
504 addf (str, "error: get_basic_constraints: %s\n", gnutls_strerror (err));
509 addf (str, _("%s\t\t\tCertificate Authority (CA): FALSE\n"), prefix);
511 addf (str, _("%s\t\t\tCertificate Authority (CA): TRUE\n"), prefix);
514 addf (str, _("%s\t\t\tPath Length Constraint: %d\n"), prefix, pathlen);
519 print_altname (gnutls_buffer_st * str, const char *prefix, int altname_type,
522 unsigned int altname_idx;
526 for (altname_idx = 0;; altname_idx++)
532 if (altname_type == TYPE_CRT_SAN)
534 gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
536 else if (altname_type == TYPE_CRQ_SAN)
538 gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
540 else if (altname_type == TYPE_CRT_IAN)
542 gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx, buffer,
547 if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
549 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
551 addf (str, "error: get_subject/issuer_alt_name: %s\n",
552 gnutls_strerror (err));
556 buffer = gnutls_malloc (size);
559 addf (str, "error: malloc: %s\n",
560 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
564 if (altname_type == TYPE_CRT_SAN)
566 gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
568 else if (altname_type == TYPE_CRQ_SAN)
570 gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
572 else if (altname_type == TYPE_CRT_IAN)
573 err = gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx,
574 buffer, &size, NULL);
578 gnutls_free (buffer);
579 addf (str, "error: get_subject/issuer_alt_name2: %s\n",
580 gnutls_strerror (err));
584 if ((err == GNUTLS_SAN_DNSNAME
585 || err == GNUTLS_SAN_RFC822NAME
586 || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
588 adds (str, _("warning: altname contains an embedded NUL, "
589 "replacing with '!'\n"));
590 while (strlen (buffer) < size)
591 buffer[strlen (buffer)] = '!';
596 case GNUTLS_SAN_DNSNAME:
597 addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) size, buffer);
600 case GNUTLS_SAN_RFC822NAME:
601 addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) size,
606 addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) size, buffer);
609 case GNUTLS_SAN_IPADDRESS:
610 p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
613 addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
617 addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
621 case GNUTLS_SAN_OTHERNAME:
627 if (altname_type == TYPE_CRT_SAN)
628 err = gnutls_x509_crt_get_subject_alt_othername_oid
629 (cert.crt, altname_idx, oid, &oidsize);
630 else if (altname_type == TYPE_CRQ_SAN)
631 err = gnutls_x509_crq_get_subject_alt_othername_oid
632 (cert.crq, altname_idx, oid, &oidsize);
633 else if (altname_type == TYPE_CRT_IAN)
634 err = gnutls_x509_crt_get_issuer_alt_othername_oid
635 (cert.crt, altname_idx, oid, &oidsize);
637 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
639 gnutls_free (buffer);
641 "error: get_subject/issuer_alt_othername_oid: %s\n",
642 gnutls_strerror (err));
646 oid = gnutls_malloc (oidsize);
649 gnutls_free (buffer);
650 addf (str, "error: malloc: %s\n",
651 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
655 if (altname_type == TYPE_CRT_SAN)
656 err = gnutls_x509_crt_get_subject_alt_othername_oid
657 (cert.crt, altname_idx, oid, &oidsize);
658 else if (altname_type == TYPE_CRQ_SAN)
659 err = gnutls_x509_crq_get_subject_alt_othername_oid
660 (cert.crq, altname_idx, oid, &oidsize);
661 else if (altname_type == TYPE_CRT_IAN)
662 err = gnutls_x509_crt_get_issuer_alt_othername_oid
663 (cert.crt, altname_idx, oid, &oidsize);
667 gnutls_free (buffer);
669 addf (str, "error: get_subject_alt_othername_oid2: %s\n",
670 gnutls_strerror (err));
674 if (err == GNUTLS_SAN_OTHERNAME_XMPP)
676 if (strlen (buffer) != size)
678 adds (str, _("warning: altname contains an embedded NUL, "
679 "replacing with '!'\n"));
680 while (strlen (buffer) < size)
681 buffer[strlen (buffer)] = '!';
684 addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix,
689 addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix,
691 addf (str, _("%s\t\t\totherName DER: "), prefix);
692 hexprint (str, buffer, size);
693 addf (str, _("\n%s\t\t\totherName ASCII: "), prefix);
694 asciiprint (str, buffer, size);
702 addf (str, "error: unknown altname\n");
706 gnutls_free (buffer);
711 guiddump (gnutls_buffer_st * str, const char *data, size_t len,
719 addf (str, "%.2X", (unsigned char) data[3]);
720 addf (str, "%.2X", (unsigned char) data[2]);
721 addf (str, "%.2X", (unsigned char) data[1]);
722 addf (str, "%.2X", (unsigned char) data[0]);
724 addf (str, "%.2X", (unsigned char) data[5]);
725 addf (str, "%.2X", (unsigned char) data[4]);
727 addf (str, "%.2X", (unsigned char) data[7]);
728 addf (str, "%.2X", (unsigned char) data[6]);
730 addf (str, "%.2X", (unsigned char) data[8]);
731 addf (str, "%.2X", (unsigned char) data[9]);
733 for (j = 10; j < 16; j++)
735 addf (str, "%.2X", (unsigned char) data[j]);
741 print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
744 char buf[256]; /* if its longer, we won't bother to print it */
745 size_t buf_size = 256;
747 result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size);
750 addf (str, ("\t\tIssuer Unique ID:\n"));
751 hexdump (str, buf, buf_size, "\t\t\t");
753 { /* this could be a GUID */
754 guiddump (str, buf, buf_size, "\t\t\t");
759 result = gnutls_x509_crt_get_subject_unique_id (cert, buf, &buf_size);
762 addf (str, ("\t\tSubject Unique ID:\n"));
763 hexdump (str, buf, buf_size, "\t\t\t");
765 { /* this could be a GUID */
766 guiddump (str, buf, buf_size, "\t\t\t");
772 print_extensions (gnutls_buffer_st * str, const char *prefix, int type,
780 int keyusage_idx = 0;
781 int keypurpose_idx = 0;
788 char oid[MAX_OID_SIZE] = "";
789 size_t sizeof_oid = sizeof (oid);
792 if (type == TYPE_CRT)
793 err = gnutls_x509_crt_get_extension_info (cert.crt, i,
797 else if (type == TYPE_CRQ)
798 err = gnutls_x509_crq_get_extension_info (cert.crq, i,
809 if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
811 addf (str, "error: get_extension_info: %s\n",
812 gnutls_strerror (err));
817 addf (str, _("%s\tExtensions:\n"), prefix);
819 if (strcmp (oid, "2.5.29.19") == 0)
823 addf (str, "error: more than one basic constraint\n");
827 addf (str, _("%s\t\tBasic Constraints (%s):\n"), prefix,
828 critical ? _("critical") : _("not critical"));
830 print_basic (str, prefix, type, cert);
834 else if (strcmp (oid, "2.5.29.14") == 0)
838 addf (str, "error: more than one SKI extension\n");
842 addf (str, _("%s\t\tSubject Key Identifier (%s):\n"), prefix,
843 critical ? _("critical") : _("not critical"));
845 if (type == TYPE_CRT)
846 print_ski (str, cert.crt);
850 else if (strcmp (oid, "2.5.29.35") == 0)
855 addf (str, "error: more than one AKI extension\n");
859 addf (str, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix,
860 critical ? _("critical") : _("not critical"));
862 if (type == TYPE_CRT)
863 print_aki (str, TYPE_CRT, cert);
867 else if (strcmp (oid, "2.5.29.15") == 0)
871 addf (str, "error: more than one key usage extension\n");
875 addf (str, _("%s\t\tKey Usage (%s):\n"), prefix,
876 critical ? _("critical") : _("not critical"));
878 print_key_usage (str, prefix, type, cert);
882 else if (strcmp (oid, "2.5.29.37") == 0)
886 addf (str, "error: more than one key purpose extension\n");
890 addf (str, _("%s\t\tKey Purpose (%s):\n"), prefix,
891 critical ? _("critical") : _("not critical"));
894 print_key_purpose (str, prefix, type, cert);
899 else if (strcmp (oid, "2.5.29.17") == 0)
903 addf (str, "error: more than one SKI extension\n");
907 addf (str, _("%s\t\tSubject Alternative Name (%s):\n"), prefix,
908 critical ? _("critical") : _("not critical"));
910 print_altname (str, prefix, type, cert);
914 else if (strcmp (oid, "2.5.29.18") == 0)
918 addf (str, "error: more than one Issuer AltName extension\n");
922 addf (str, _("%s\t\tIssuer Alternative Name (%s):\n"), prefix,
923 critical ? _("critical") : _("not critical"));
925 print_altname (str, prefix, TYPE_CRT_IAN, cert);
929 else if (strcmp (oid, "2.5.29.31") == 0)
933 addf (str, "error: more than one CRL distribution point\n");
937 addf (str, _("%s\t\tCRL Distribution points (%s):\n"), prefix,
938 critical ? _("critical") : _("not critical"));
941 if (type == TYPE_CRT)
942 print_crldist (str, cert.crt);
947 else if (strcmp (oid, "1.3.6.1.5.5.7.1.14") == 0)
951 addf (str, "error: more than one proxy extension\n");
955 addf (str, _("%s\t\tProxy Certificate Information (%s):\n"), prefix,
956 critical ? _("critical") : _("not critical"));
958 if (type == TYPE_CRT)
959 print_proxy (str, cert.crt);
968 addf (str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid,
969 critical ? _("critical") : _("not critical"));
971 if (type == TYPE_CRT)
973 gnutls_x509_crt_get_extension_data (cert.crt, i, NULL, &extlen);
974 else if (type == TYPE_CRQ)
976 gnutls_x509_crq_get_extension_data (cert.crq, i, NULL, &extlen);
985 addf (str, "error: get_extension_data: %s\n",
986 gnutls_strerror (err));
990 buffer = gnutls_malloc (extlen);
993 addf (str, "error: malloc: %s\n",
994 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
998 if (type == TYPE_CRT)
1000 gnutls_x509_crt_get_extension_data (cert.crt, i, buffer,
1002 else if (type == TYPE_CRQ)
1004 gnutls_x509_crq_get_extension_data (cert.crq, i, buffer,
1009 gnutls_free (buffer);
1010 addf (str, "error: get_extension_data2: %s\n",
1011 gnutls_strerror (err));
1015 addf (str, _("%s\t\t\tASCII: "), prefix);
1016 asciiprint (str, buffer, extlen);
1019 addf (str, _("%s\t\t\tHexdump: "), prefix);
1020 hexprint (str, buffer, extlen);
1023 gnutls_free (buffer);
1029 print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned)
1033 int version = gnutls_x509_crt_get_version (cert);
1035 addf (str, "error: get_version: %s\n", gnutls_strerror (version));
1037 addf (str, _("\tVersion: %d\n"), version);
1043 size_t serial_size = sizeof (serial);
1046 err = gnutls_x509_crt_get_serial (cert, serial, &serial_size);
1048 addf (str, "error: get_serial: %s\n", gnutls_strerror (err));
1051 adds (str, _("\tSerial Number (hex): "));
1052 hexprint (str, serial, serial_size);
1064 err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &dn_size);
1065 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
1066 addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
1069 dn = gnutls_malloc (dn_size);
1071 addf (str, "error: malloc (%d): %s\n", (int) dn_size,
1072 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
1075 err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
1077 addf (str, "error: get_issuer_dn: %s\n",
1078 gnutls_strerror (err));
1080 addf (str, _("\tIssuer: %s\n"), dn);
1090 adds (str, _("\tValidity:\n"));
1092 tim = gnutls_x509_crt_get_activation_time (cert);
1095 size_t max = sizeof (s);
1098 if (gmtime_r (&tim, &t) == NULL)
1099 addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
1100 else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
1101 addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
1103 addf (str, _("\t\tNot Before: %s\n"), s);
1106 tim = gnutls_x509_crt_get_expiration_time (cert);
1109 size_t max = sizeof (s);
1112 if (gmtime_r (&tim, &t) == NULL)
1113 addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
1114 else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
1115 addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
1117 addf (str, _("\t\tNot After: %s\n"), s);
1127 err = gnutls_x509_crt_get_dn (cert, NULL, &dn_size);
1128 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
1129 addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
1132 dn = gnutls_malloc (dn_size);
1134 addf (str, "error: malloc (%d): %s\n", (int) dn_size,
1135 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
1138 err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
1140 addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
1142 addf (str, _("\tSubject: %s\n"), dn);
1148 /* SubjectPublicKeyInfo. */
1153 err = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
1155 addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
1158 const char *name = gnutls_pk_algorithm_get_name (err);
1160 name = _("unknown");
1162 addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
1163 addf (str, _("\tCertificate Security Level: %s\n"),
1164 gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
1172 gnutls_datum_t m, e;
1174 err = gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e);
1176 addf (str, "error: get_pk_rsa_raw: %s\n",
1177 gnutls_strerror (err));
1180 addf (str, _("\t\tModulus (bits %d):\n"), bits);
1181 hexdump (str, m.data, m.size, "\t\t\t");
1182 addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8);
1183 hexdump (str, e.data, e.size, "\t\t\t");
1185 gnutls_free (m.data);
1186 gnutls_free (e.data);
1194 gnutls_datum_t p, q, g, y;
1196 err = gnutls_x509_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
1198 addf (str, "error: get_pk_dsa_raw: %s\n",
1199 gnutls_strerror (err));
1202 addf (str, _("\t\tPublic key (bits %d):\n"), bits);
1203 hexdump (str, y.data, y.size, "\t\t\t");
1204 adds (str, _("\t\tP:\n"));
1205 hexdump (str, p.data, p.size, "\t\t\t");
1206 adds (str, _("\t\tQ:\n"));
1207 hexdump (str, q.data, q.size, "\t\t\t");
1208 adds (str, _("\t\tG:\n"));
1209 hexdump (str, g.data, g.size, "\t\t\t");
1211 gnutls_free (p.data);
1212 gnutls_free (q.data);
1213 gnutls_free (g.data);
1214 gnutls_free (y.data);
1227 print_unique_ids (str, cert);
1230 if (gnutls_x509_crt_get_version (cert) >= 3)
1235 print_extensions (str, "", TYPE_CRT, ccert);
1243 char *buffer = NULL;
1245 err = gnutls_x509_crt_get_signature_algorithm (cert);
1247 addf (str, "error: get_signature_algorithm: %s\n",
1248 gnutls_strerror (err));
1251 const char *name = gnutls_sign_algorithm_get_name (err);
1253 name = _("unknown");
1254 addf (str, _("\tSignature Algorithm: %s\n"), name);
1256 if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
1258 adds (str, _("warning: signed using a broken signature "
1259 "algorithm that can be forged.\n"));
1262 err = gnutls_x509_crt_get_signature (cert, buffer, &size);
1263 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
1265 addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
1269 buffer = gnutls_malloc (size);
1272 addf (str, "error: malloc: %s\n",
1273 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
1277 err = gnutls_x509_crt_get_signature (cert, buffer, &size);
1280 gnutls_free (buffer);
1281 addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
1285 adds (str, _("\tSignature:\n"));
1286 hexdump (str, buffer, size, "\t\t");
1288 gnutls_free (buffer);
1293 print_fingerprint (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
1294 gnutls_digest_algorithm_t algo)
1297 char buffer[MAX_HASH_SIZE];
1298 size_t size = sizeof (buffer);
1300 err = gnutls_x509_crt_get_fingerprint (cert, algo, buffer, &size);
1303 addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
1307 if (algo == GNUTLS_DIG_MD5)
1308 adds (str, _("\tMD5 fingerprint:\n\t\t"));
1310 adds (str, _("\tSHA-1 fingerprint:\n\t\t"));
1311 hexprint (str, buffer, size);
1316 print_keyid (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
1322 err = gnutls_x509_crt_get_key_id (cert, 0, buffer, &size);
1325 addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
1329 adds (str, _("\tPublic Key Id:\n\t\t"));
1330 hexprint (str, buffer, size);
1335 print_other (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned)
1339 print_fingerprint (str, cert, GNUTLS_DIG_MD5);
1340 print_fingerprint (str, cert, GNUTLS_DIG_SHA1);
1342 print_keyid (str, cert);
1346 print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
1354 err = gnutls_x509_crt_get_dn (cert, NULL, &dn_size);
1355 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
1356 addf (str, "unknown subject (%s), ", gnutls_strerror (err));
1359 dn = gnutls_malloc (dn_size);
1361 addf (str, "unknown subject (%s), ",
1362 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
1365 err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
1367 addf (str, "unknown subject (%s), ", gnutls_strerror (err));
1369 addf (str, "subject `%s', ", dn);
1381 err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &dn_size);
1382 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
1383 addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
1386 dn = gnutls_malloc (dn_size);
1388 addf (str, "unknown issuer (%s), ",
1389 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
1392 err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
1394 addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
1396 addf (str, "issuer `%s', ", dn);
1402 /* Key algorithm and size. */
1405 const char *name = gnutls_pk_algorithm_get_name
1406 (gnutls_x509_crt_get_pk_algorithm (cert, &bits));
1409 addf (str, "%s key %d bits, ", name, bits);
1412 /* Signature Algorithm. */
1416 err = gnutls_x509_crt_get_signature_algorithm (cert);
1418 addf (str, "unknown signature algorithm (%s), ", gnutls_strerror (err));
1421 const char *name = gnutls_sign_algorithm_get_name (err);
1423 name = _("unknown");
1424 if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
1425 addf (str, _("signed using %s (broken!), "), name);
1427 addf (str, _("signed using %s, "), name);
1435 tim = gnutls_x509_crt_get_activation_time (cert);
1438 size_t max = sizeof (s);
1441 if (gmtime_r (&tim, &t) == NULL)
1442 addf (str, "unknown activation (%ld), ", (unsigned long) tim);
1443 else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
1444 addf (str, "failed activation (%ld), ", (unsigned long) tim);
1446 addf (str, "activated `%s', ", s);
1449 tim = gnutls_x509_crt_get_expiration_time (cert);
1452 size_t max = sizeof (s);
1455 if (gmtime_r (&tim, &t) == NULL)
1456 addf (str, "unknown expiry (%ld), ", (unsigned long) tim);
1457 else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
1458 addf (str, "failed expiry (%ld), ", (unsigned long) tim);
1460 addf (str, "expires `%s', ", s);
1466 char *policyLanguage;
1469 err = gnutls_x509_crt_get_proxy (cert, NULL,
1470 &pathlen, &policyLanguage, NULL, NULL);
1473 addf (str, "proxy certificate (policy=");
1474 if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
1475 addf (str, "id-ppl-inheritALL");
1476 else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
1477 addf (str, "id-ppl-independent");
1479 addf (str, "%s", policyLanguage);
1481 addf (str, ", pathlen=%d), ", pathlen);
1484 gnutls_free (policyLanguage);
1490 size_t size = sizeof (buffer);
1493 err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
1497 addf (str, "unknown fingerprint (%s)", gnutls_strerror (err));
1501 addf (str, "SHA-1 fingerprint `");
1502 hexprint (str, buffer, size);
1510 * gnutls_x509_crt_print:
1511 * @cert: The structure to be printed
1512 * @format: Indicate the format to use
1513 * @out: Newly allocated datum with zero terminated string.
1515 * This function will pretty print a X.509 certificate, suitable for
1516 * display to a human.
1518 * If the format is %GNUTLS_CRT_PRINT_FULL then all fields of the
1519 * certificate will be output, on multiple lines. The
1520 * %GNUTLS_CRT_PRINT_ONELINE format will generate one line with some
1521 * selected fields, which is useful for logging purposes.
1523 * The output @out needs to be deallocate using gnutls_free().
1525 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1526 * negative error value.
1529 gnutls_x509_crt_print (gnutls_x509_crt_t cert,
1530 gnutls_certificate_print_formats_t format,
1531 gnutls_datum_t * out)
1533 gnutls_buffer_st str;
1535 if (format == GNUTLS_CRT_PRINT_FULL
1536 || format == GNUTLS_CRT_PRINT_UNSIGNED_FULL)
1538 _gnutls_buffer_init (&str);
1540 _gnutls_buffer_append_str (&str, _("X.509 Certificate Information:\n"));
1542 print_cert (&str, cert, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
1544 _gnutls_buffer_append_str (&str, _("Other Information:\n"));
1546 print_other (&str, cert, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
1548 _gnutls_buffer_append_data (&str, "\0", 1);
1549 out->data = str.data;
1550 out->size = strlen (str.data);
1552 else if (format == GNUTLS_CRT_PRINT_ONELINE)
1554 _gnutls_buffer_init (&str);
1556 print_oneline (&str, cert);
1558 _gnutls_buffer_append_data (&str, "\0", 1);
1559 out->data = str.data;
1560 out->size = strlen (str.data);
1565 return GNUTLS_E_INVALID_REQUEST;
1574 print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned)
1578 int version = gnutls_x509_crl_get_version (crl);
1579 if (version == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
1580 adds (str, _("\tVersion: 1 (default)\n"));
1581 else if (version < 0)
1582 addf (str, "error: get_version: %s\n", gnutls_strerror (version));
1584 addf (str, _("\tVersion: %d\n"), version);
1594 err = gnutls_x509_crl_get_issuer_dn (crl, NULL, &dn_size);
1595 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
1596 addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
1599 dn = gnutls_malloc (dn_size);
1601 addf (str, "error: malloc (%d): %s\n", (int) dn_size,
1602 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
1605 err = gnutls_x509_crl_get_issuer_dn (crl, dn, &dn_size);
1607 addf (str, "error: get_issuer_dn: %s\n",
1608 gnutls_strerror (err));
1610 addf (str, _("\tIssuer: %s\n"), dn);
1620 adds (str, _("\tUpdate dates:\n"));
1622 tim = gnutls_x509_crl_get_this_update (crl);
1625 size_t max = sizeof (s);
1628 if (gmtime_r (&tim, &t) == NULL)
1629 addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
1630 else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
1631 addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
1633 addf (str, _("\t\tIssued: %s\n"), s);
1636 tim = gnutls_x509_crl_get_next_update (crl);
1639 size_t max = sizeof (s);
1643 addf (str, "\t\tNo next update time.\n");
1644 else if (gmtime_r (&tim, &t) == NULL)
1645 addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
1646 else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
1647 addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
1649 addf (str, _("\t\tNext at: %s\n"), s);
1654 if (gnutls_x509_crl_get_version (crl) >= 2)
1663 char oid[MAX_OID_SIZE] = "";
1664 size_t sizeof_oid = sizeof (oid);
1667 err = gnutls_x509_crl_get_extension_info (crl, i,
1672 if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
1674 addf (str, "error: get_extension_info: %s\n",
1675 gnutls_strerror (err));
1680 adds (str, _("\tExtensions:\n"));
1682 if (strcmp (oid, "2.5.29.20") == 0)
1685 size_t nr_size = sizeof (nr);
1689 addf (str, "error: more than one CRL number\n");
1693 err = gnutls_x509_crl_get_number (crl, nr, &nr_size, &critical);
1695 addf (str, _("\t\tCRL Number (%s): "),
1696 critical ? _("critical") : _("not critical"));
1699 addf (str, "error: get_number: %s\n", gnutls_strerror (err));
1702 hexprint (str, nr, nr_size);
1708 else if (strcmp (oid, "2.5.29.35") == 0)
1714 addf (str, "error: more than one AKI extension\n");
1718 addf (str, _("\t\tAuthority Key Identifier (%s):\n"),
1719 critical ? _("critical") : _("not critical"));
1722 print_aki (str, TYPE_CRL, ccert);
1731 addf (str, _("\t\tUnknown extension %s (%s):\n"), oid,
1732 critical ? _("critical") : _("not critical"));
1734 err = gnutls_x509_crl_get_extension_data (crl, i,
1738 addf (str, "error: get_extension_data: %s\n",
1739 gnutls_strerror (err));
1743 buffer = gnutls_malloc (extlen);
1746 addf (str, "error: malloc: %s\n",
1747 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
1751 err = gnutls_x509_crl_get_extension_data (crl, i,
1755 gnutls_free (buffer);
1756 addf (str, "error: get_extension_data2: %s\n",
1757 gnutls_strerror (err));
1761 adds (str, _("\t\t\tASCII: "));
1762 asciiprint (str, buffer, extlen);
1765 adds (str, _("\t\t\tHexdump: "));
1766 hexprint (str, buffer, extlen);
1769 gnutls_free (buffer);
1775 /* Revoked certificates. */
1777 int num = gnutls_x509_crl_get_crt_count (crl);
1781 addf (str, _("\tRevoked certificates (%d):\n"), num);
1783 adds (str, _("\tNo revoked certificates.\n"));
1785 for (j = 0; j < num; j++)
1788 size_t serial_size = sizeof (serial);
1792 err = gnutls_x509_crl_get_crt_serial (crl, j, serial,
1793 &serial_size, &tim);
1795 addf (str, "error: get_crt_serial: %s\n", gnutls_strerror (err));
1799 size_t max = sizeof (s);
1802 adds (str, _("\t\tSerial Number (hex): "));
1803 hexprint (str, serial, serial_size);
1806 if (gmtime_r (&tim, &t) == NULL)
1807 addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
1808 else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
1809 addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
1811 addf (str, _("\t\tRevoked at: %s\n"), s);
1821 char *buffer = NULL;
1823 err = gnutls_x509_crl_get_signature_algorithm (crl);
1825 addf (str, "error: get_signature_algorithm: %s\n",
1826 gnutls_strerror (err));
1829 const char *name = gnutls_sign_algorithm_get_name (err);
1831 name = _("unknown");
1832 addf (str, _("\tSignature Algorithm: %s\n"), name);
1834 if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
1836 adds (str, _("warning: signed using a broken signature "
1837 "algorithm that can be forged.\n"));
1840 err = gnutls_x509_crl_get_signature (crl, buffer, &size);
1841 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
1843 addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
1847 buffer = gnutls_malloc (size);
1850 addf (str, "error: malloc: %s\n",
1851 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
1855 err = gnutls_x509_crl_get_signature (crl, buffer, &size);
1858 gnutls_free (buffer);
1859 addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
1863 adds (str, _("\tSignature:\n"));
1864 hexdump (str, buffer, size, "\t\t");
1866 gnutls_free (buffer);
1871 * gnutls_x509_crl_print:
1872 * @crl: The structure to be printed
1873 * @format: Indicate the format to use
1874 * @out: Newly allocated datum with zero terminated string.
1876 * This function will pretty print a X.509 certificate revocation
1877 * list, suitable for display to a human.
1879 * The output @out needs to be deallocate using gnutls_free().
1881 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1882 * negative error value.
1885 gnutls_x509_crl_print (gnutls_x509_crl_t crl,
1886 gnutls_certificate_print_formats_t format,
1887 gnutls_datum_t * out)
1889 gnutls_buffer_st str;
1891 _gnutls_buffer_init (&str);
1893 _gnutls_buffer_append_str
1894 (&str, _("X.509 Certificate Revocation List Information:\n"));
1896 print_crl (&str, crl, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
1898 _gnutls_buffer_append_data (&str, "\0", 1);
1899 out->data = str.data;
1900 out->size = strlen (str.data);
1906 print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert)
1910 int version = gnutls_x509_crq_get_version (cert);
1912 addf (str, "error: get_version: %s\n", gnutls_strerror (version));
1914 addf (str, _("\tVersion: %d\n"), version);
1923 err = gnutls_x509_crq_get_dn (cert, NULL, &dn_size);
1924 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
1925 addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
1928 dn = gnutls_malloc (dn_size);
1930 addf (str, "error: malloc (%d): %s\n", (int) dn_size,
1931 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
1934 err = gnutls_x509_crq_get_dn (cert, dn, &dn_size);
1936 addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
1938 addf (str, _("\tSubject: %s\n"), dn);
1944 /* SubjectPublicKeyInfo. */
1949 err = gnutls_x509_crq_get_pk_algorithm (cert, &bits);
1951 addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
1954 const char *name = gnutls_pk_algorithm_get_name (err);
1956 name = _("unknown");
1958 addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
1963 gnutls_datum_t m, e;
1965 err = gnutls_x509_crq_get_key_rsa_raw (cert, &m, &e);
1967 addf (str, "error: get_pk_rsa_raw: %s\n",
1968 gnutls_strerror (err));
1971 addf (str, _("\t\tModulus (bits %d):\n"), bits);
1972 hexdump (str, m.data, m.size, "\t\t\t");
1973 adds (str, _("\t\tExponent:\n"));
1974 hexdump (str, e.data, e.size, "\t\t\t");
1976 gnutls_free (m.data);
1977 gnutls_free (e.data);
1982 #if 0 /* not implemented yet */
1985 gnutls_datum_t p, q, g, y;
1987 err = gnutls_x509_crq_get_key_dsa_raw (cert, &p, &q, &g, &y);
1989 addf (str, "error: get_pk_dsa_raw: %s\n",
1990 gnutls_strerror (err));
1993 addf (str, _("\t\tPublic key (bits %d):\n"), bits);
1994 hexdump (str, y.data, y.size, "\t\t\t");
1995 addf (str, _("\t\tP:\n"));
1996 hexdump (str, p.data, p.size, "\t\t\t");
1997 addf (str, _("\t\tQ:\n"));
1998 hexdump (str, q.data, q.size, "\t\t\t");
1999 addf (str, _("\t\tG:\n"));
2000 hexdump (str, g.data, g.size, "\t\t\t");
2002 gnutls_free (p.data);
2003 gnutls_free (q.data);
2004 gnutls_free (g.data);
2005 gnutls_free (y.data);
2017 /* parse attributes */
2026 char oid[MAX_OID_SIZE] = "";
2027 size_t sizeof_oid = sizeof (oid);
2029 err = gnutls_x509_crq_get_attribute_info (cert, i, oid, &sizeof_oid);
2032 if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
2034 addf (str, "error: get_extension_info: %s\n",
2035 gnutls_strerror (err));
2040 adds (str, _("\tAttributes:\n"));
2042 if (strcmp (oid, "1.2.840.113549.1.9.14") == 0)
2048 addf (str, "error: more than one extensionsRequest\n");
2053 print_extensions (str, "\t", TYPE_CRQ, ccert);
2057 else if (strcmp (oid, "1.2.840.113549.1.9.7") == 0)
2065 "error: more than one Challenge password attribute\n");
2069 err = gnutls_x509_crq_get_challenge_password (cert, NULL, &size);
2072 addf (str, "error: get_challenge_password: %s\n",
2073 gnutls_strerror (err));
2079 pass = gnutls_malloc (size);
2082 addf (str, "error: malloc: %s\n",
2083 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
2087 err = gnutls_x509_crq_get_challenge_password (cert, pass, &size);
2089 addf (str, "error: get_challenge_password: %s\n",
2090 gnutls_strerror (err));
2092 addf (str, _("\t\tChallenge password: %s\n"), pass);
2103 addf (str, _("\t\tUnknown attribute %s:\n"), oid);
2105 err = gnutls_x509_crq_get_attribute_data (cert, i, NULL, &extlen);
2108 addf (str, "error: get_attribute_data: %s\n",
2109 gnutls_strerror (err));
2113 buffer = gnutls_malloc (extlen);
2116 addf (str, "error: malloc: %s\n",
2117 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
2121 err = gnutls_x509_crq_get_attribute_data (cert, i,
2125 gnutls_free (buffer);
2126 addf (str, "error: get_attribute_data2: %s\n",
2127 gnutls_strerror (err));
2131 adds (str, _("\t\t\tASCII: "));
2132 asciiprint (str, buffer, extlen);
2135 adds (str, _("\t\t\tHexdump: "));
2136 hexprint (str, buffer, extlen);
2139 gnutls_free (buffer);
2146 print_crq_other (gnutls_buffer_st * str, gnutls_x509_crq_t crq)
2150 char *buffer = NULL;
2152 err = gnutls_x509_crq_get_key_id (crq, 0, buffer, &size);
2153 if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
2155 addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
2159 buffer = gnutls_malloc (size);
2162 addf (str, "error: malloc: %s\n",
2163 gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
2167 err = gnutls_x509_crq_get_key_id (crq, 0, buffer, &size);
2170 gnutls_free (buffer);
2171 addf (str, "error: get_key_id2: %s\n", gnutls_strerror (err));
2175 adds (str, _("\tPublic Key Id:\n\t\t"));
2176 hexprint (str, buffer, size);
2179 gnutls_free (buffer);
2183 * gnutls_x509_crq_print:
2184 * @crq: The structure to be printed
2185 * @format: Indicate the format to use
2186 * @out: Newly allocated datum with zero terminated string.
2188 * This function will pretty print a certificate request, suitable for
2189 * display to a human.
2191 * The output @out needs to be deallocate using gnutls_free().
2193 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
2194 * negative error value.
2199 gnutls_x509_crq_print (gnutls_x509_crq_t crq,
2200 gnutls_certificate_print_formats_t format,
2201 gnutls_datum_t * out)
2203 gnutls_buffer_st str;
2205 _gnutls_buffer_init (&str);
2207 _gnutls_buffer_append_str
2208 (&str, _("PKCS #10 Certificate Request Information:\n"));
2210 print_crq (&str, crq);
2212 _gnutls_buffer_append_str (&str, _("Other Information:\n"));
2214 print_crq_other (&str, crq);
2216 _gnutls_buffer_append_data (&str, "\0", 1);
2217 out->data = str.data;
2218 out->size = strlen (str.data);
2223 #endif /* ENABLE_PKI */