|
Packit Service |
991b93 |
This is gnutls.info, produced by makeinfo version 6.7 from gnutls.texi.
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
This manual is last updated 1 June 2020 for version 3.6.14 of GnuTLS.
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
Copyright (C) 2001-2020 Free Software Foundation, Inc.\\ Copyright (C)
|
|
Packit Service |
991b93 |
2001-2020 Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Permission is granted to copy, distribute and/or modify this
|
|
Packit |
aea12f |
document under the terms of the GNU Free Documentation License,
|
|
Packit |
aea12f |
Version 1.3 or any later version published by the Free Software
|
|
Packit |
aea12f |
Foundation; with no Invariant Sections, no Front-Cover Texts, and
|
|
Packit |
aea12f |
no Back-Cover Texts. A copy of the license is included in the
|
|
Packit |
aea12f |
section entitled "GNU Free Documentation License".
|
|
Packit |
aea12f |
INFO-DIR-SECTION Software libraries
|
|
Packit |
aea12f |
START-INFO-DIR-ENTRY
|
|
Packit |
aea12f |
* GnuTLS: (gnutls). GNU Transport Layer Security Library.
|
|
Packit |
aea12f |
END-INFO-DIR-ENTRY
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INFO-DIR-SECTION System Administration
|
|
Packit |
aea12f |
START-INFO-DIR-ENTRY
|
|
Packit |
aea12f |
* certtool: (gnutls)certtool Invocation. Manipulate certificates and keys.
|
|
Packit |
aea12f |
* gnutls-serv: (gnutls)gnutls-serv Invocation. GnuTLS test server.
|
|
Packit |
aea12f |
* gnutls-cli: (gnutls)gnutls-cli Invocation. GnuTLS test client.
|
|
Packit |
aea12f |
* gnutls-cli-debug: (gnutls)gnutls-cli-debug Invocation. GnuTLS debug client.
|
|
Packit |
aea12f |
* psktool: (gnutls)psktool Invocation. Simple TLS-Pre-Shared-Keys manager.
|
|
Packit |
aea12f |
* srptool: (gnutls)srptool Invocation. Simple SRP password tool.
|
|
Packit |
aea12f |
END-INFO-DIR-ENTRY
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
?
|
|
Packit |
aea12f |
File: gnutls.info, Node: PKCS 7 API, Next: OCSP API, Prev: X509 certificate API, Up: API reference
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
E.4 PKCS 7 API
|
|
Packit |
aea12f |
==============
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The following functions are to be used for PKCS 7 structures handling.
|
|
Packit |
aea12f |
Their prototypes lie in 'gnutls/pkcs7.h'.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_add_attr
|
|
Packit |
aea12f |
---------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_add_attr (gnutls_pkcs7_attrs_t * LIST,
|
|
Packit |
aea12f |
const char * OID, gnutls_datum_t * DATA, unsigned FLAGS)
|
|
Packit |
aea12f |
LIST: A list of existing attributes or pointer to 'NULL' for the
|
|
Packit |
aea12f |
first one
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OID: the OID of the attribute to be set
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: the raw (DER-encoded) data of the attribute to be set
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FLAGS: zero or 'GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will set a PKCS '7' attribute in the provided list.
|
|
Packit |
aea12f |
If this function fails, the previous list would be deallocated.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that any attributes set with this function must either be DER
|
|
Packit |
aea12f |
or BER encoded, unless a special flag is present.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, the new list head, otherwise 'NULL' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_attrs_deinit
|
|
Packit |
aea12f |
-------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: void gnutls_pkcs7_attrs_deinit (gnutls_pkcs7_attrs_t LIST)
|
|
Packit |
aea12f |
LIST: A list of existing attributes
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will clear a PKCS '7' attribute list.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_deinit
|
|
Packit |
aea12f |
-------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: void gnutls_pkcs7_deinit (gnutls_pkcs7_t PKCS7)
|
|
Packit |
aea12f |
PKCS7: the type to be deinitialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will deinitialize a PKCS7 type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_delete_crl
|
|
Packit |
aea12f |
-----------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t PKCS7, int
|
|
Packit |
aea12f |
INDX)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: the index of the crl to delete
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will delete a crl from a PKCS7 or RFC2630 crl set.
|
|
Packit |
aea12f |
Index starts from 0. Returns 0 on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_delete_crt
|
|
Packit |
aea12f |
-----------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t PKCS7, int
|
|
Packit |
aea12f |
INDX)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: the index of the certificate to delete
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will delete a certificate from a PKCS7 or RFC2630
|
|
Packit |
aea12f |
certificate set. Index starts from 0. Returns 0 on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_export
|
|
Packit |
aea12f |
-------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_export (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
gnutls_x509_crt_fmt_t FORMAT, void * OUTPUT_DATA, size_t *
|
|
Packit |
aea12f |
OUTPUT_DATA_SIZE)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FORMAT: the format of output params. One of PEM or DER.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OUTPUT_DATA: will contain a structure PEM or DER encoded
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OUTPUT_DATA_SIZE: holds the size of output_data (and will be
|
|
Packit |
aea12f |
replaced by the actual size of parameters)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the pkcs7 structure to DER or PEM format.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the buffer provided is not long enough to hold the output, then
|
|
Packit |
aea12f |
* 'output_data_size' is updated and 'GNUTLS_E_SHORT_MEMORY_BUFFER'
|
|
Packit |
aea12f |
will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the structure is PEM encoded, it will have a header of "BEGIN
|
|
Packit |
aea12f |
PKCS7".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_export2
|
|
Packit |
aea12f |
--------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_export2 (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
gnutls_x509_crt_fmt_t FORMAT, gnutls_datum_t * OUT)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FORMAT: the format of output params. One of PEM or DER.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OUT: will contain a structure PEM or DER encoded
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the pkcs7 structure to DER or PEM format.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The output buffer is allocated using 'gnutls_malloc()' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the structure is PEM encoded, it will have a header of "BEGIN
|
|
Packit |
aea12f |
PKCS7".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.1.3
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_attr
|
|
Packit |
aea12f |
---------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_get_attr (gnutls_pkcs7_attrs_t LIST,
|
|
Packit |
aea12f |
unsigned IDX, char ** OID, gnutls_datum_t * DATA, unsigned
|
|
Packit |
aea12f |
FLAGS)
|
|
Packit |
aea12f |
LIST: A list of existing attributes or 'NULL' for the first one
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
IDX: the index of the attribute to get
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OID: the OID of the attribute (read-only)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: the raw data of the attribute
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FLAGS: zero or 'GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will get a PKCS '7' attribute from the provided list.
|
|
Packit |
aea12f |
The OID is a constant string, but data will be allocated and must
|
|
Packit |
aea12f |
be deinitialized by the caller.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' is returned if there are no
|
|
Packit |
aea12f |
data in the current index.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_crl_count
|
|
Packit |
aea12f |
--------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t PKCS7)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the number of certificates in the PKCS7
|
|
Packit |
aea12f |
or RFC2630 crl set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_crl_raw
|
|
Packit |
aea12f |
------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
unsigned INDX, void * CRL, size_t * CRL_SIZE)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: contains the index of the crl to extract
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRL: the contents of the crl will be copied there (may be null)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRL_SIZE: should hold the size of the crl
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return a crl of the PKCS7 or RFC2630 crl set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value. If the provided buffer is not
|
|
Packit |
aea12f |
long enough, then 'crl_size' is updated and
|
|
Packit |
aea12f |
'GNUTLS_E_SHORT_MEMORY_BUFFER' is returned. After the last crl has
|
|
Packit |
aea12f |
been read 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_crl_raw2
|
|
Packit |
aea12f |
-------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_get_crl_raw2 (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
unsigned INDX, gnutls_datum_t * CRL)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: contains the index of the crl to extract
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRL: will contain the contents of the CRL in an allocated buffer
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return a DER encoded CRL of the PKCS7 or RFC2630
|
|
Packit |
aea12f |
crl set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value. After the last crl has been read
|
|
Packit |
aea12f |
'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_crt_count
|
|
Packit |
aea12f |
--------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t PKCS7)
|
|
Packit |
aea12f |
PKCS7: should contain a 'gnutls_pkcs7_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the number of certificates in the PKCS7
|
|
Packit |
aea12f |
or RFC2630 certificate set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, a positive number is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_crt_raw
|
|
Packit |
aea12f |
------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
unsigned INDX, void * CERTIFICATE, size_t * CERTIFICATE_SIZE)
|
|
Packit |
aea12f |
PKCS7: should contain a gnutls_pkcs7_t type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: contains the index of the certificate to extract
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CERTIFICATE: the contents of the certificate will be copied there
|
|
Packit |
aea12f |
(may be null)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CERTIFICATE_SIZE: should hold the size of the certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return a certificate of the PKCS7 or RFC2630
|
|
Packit |
aea12f |
certificate set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
After the last certificate has been read
|
|
Packit |
aea12f |
'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value. If the provided buffer is not
|
|
Packit |
aea12f |
long enough, then 'certificate_size' is updated and
|
|
Packit |
aea12f |
'GNUTLS_E_SHORT_MEMORY_BUFFER' is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_crt_raw2
|
|
Packit |
aea12f |
-------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_get_crt_raw2 (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
unsigned INDX, gnutls_datum_t * CERT)
|
|
Packit |
aea12f |
PKCS7: should contain a gnutls_pkcs7_t type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: contains the index of the certificate to extract
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CERT: will hold the contents of the certificate; must be
|
|
Packit |
aea12f |
deallocated with 'gnutls_free()'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return a certificate of the PKCS7 or RFC2630
|
|
Packit |
aea12f |
certificate set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
After the last certificate has been read
|
|
Packit |
aea12f |
'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value. If the provided buffer is not
|
|
Packit |
aea12f |
long enough, then 'certificate_size' is updated and
|
|
Packit |
aea12f |
'GNUTLS_E_SHORT_MEMORY_BUFFER' is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_embedded_data
|
|
Packit |
aea12f |
------------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_get_embedded_data (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
unsigned FLAGS, gnutls_datum_t * DATA)
|
|
Packit |
aea12f |
PKCS7: should contain a gnutls_pkcs7_t type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FLAGS: must be zero or 'GNUTLS_PKCS7_EDATA_GET_RAW'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: will hold the embedded data in the provided structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the data embedded in the signature of the
|
|
Packit |
aea12f |
PKCS7 structure. If no data are available then
|
|
Packit |
aea12f |
'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The returned data must be de-allocated using 'gnutls_free()' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note, that this function returns the exact same data that are
|
|
Packit |
aea12f |
authenticated. If the 'GNUTLS_PKCS7_EDATA_GET_RAW' flag is
|
|
Packit |
aea12f |
provided, the returned data will be including the wrapping
|
|
Packit |
aea12f |
tag/value as they are encoded in the structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.8
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_embedded_data_oid
|
|
Packit |
aea12f |
----------------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: const char * gnutls_pkcs7_get_embedded_data_oid
|
|
Packit |
aea12f |
(gnutls_pkcs7_t PKCS7)
|
|
Packit |
aea12f |
PKCS7: should contain a gnutls_pkcs7_t type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the OID of the data embedded in the
|
|
Packit |
aea12f |
signature of the PKCS7 structure. If no data are available then
|
|
Packit |
aea12f |
'NULL' will be returned. The returned value will be valid during
|
|
Packit |
aea12f |
the lifetime of the 'pkcs7' structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, a pointer to an OID string, 'NULL' on error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.5.5
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_signature_count
|
|
Packit |
aea12f |
--------------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_get_signature_count (gnutls_pkcs7_t
|
|
Packit |
aea12f |
PKCS7)
|
|
Packit |
aea12f |
PKCS7: should contain a 'gnutls_pkcs7_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the number of signatures in the PKCS7
|
|
Packit |
aea12f |
structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, a positive number is returned, otherwise a
|
|
Packit |
aea12f |
negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.3
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_get_signature_info
|
|
Packit |
aea12f |
-------------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_get_signature_info (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
unsigned IDX, gnutls_pkcs7_signature_info_st * INFO)
|
|
Packit |
aea12f |
PKCS7: should contain a 'gnutls_pkcs7_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
IDX: the index of the signature info to check
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INFO: will contain the output signature
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return information about the signature
|
|
Packit |
aea12f |
identified by idx in the provided PKCS '7' structure. The
|
|
Packit |
aea12f |
information should be deinitialized using
|
|
Packit |
aea12f |
'gnutls_pkcs7_signature_info_deinit()' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_import
|
|
Packit |
aea12f |
-------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_import (gnutls_pkcs7_t PKCS7, const
|
|
Packit |
aea12f |
gnutls_datum_t * DATA, gnutls_x509_crt_fmt_t FORMAT)
|
|
Packit |
aea12f |
PKCS7: The data to store the parsed PKCS7.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: The DER or PEM encoded PKCS7.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FORMAT: One of DER or PEM
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given DER or PEM encoded PKCS7 to
|
|
Packit |
aea12f |
the native 'gnutls_pkcs7_t' format. The output will be stored in
|
|
Packit |
aea12f |
'pkcs7' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the PKCS7 is PEM encoded it should have a header of "PKCS7".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_init
|
|
Packit |
aea12f |
-----------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_init (gnutls_pkcs7_t * PKCS7)
|
|
Packit |
aea12f |
PKCS7: A pointer to the type to be initialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will initialize a PKCS7 structure. PKCS7 structures
|
|
Packit |
aea12f |
usually contain lists of X.509 Certificates and X.509 Certificate
|
|
Packit |
aea12f |
revocation lists.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_print
|
|
Packit |
aea12f |
------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_print (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
gnutls_certificate_print_formats_t FORMAT, gnutls_datum_t *
|
|
Packit |
aea12f |
OUT)
|
|
Packit |
aea12f |
PKCS7: The PKCS7 struct to be printed
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FORMAT: Indicate the format to use
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OUT: Newly allocated datum with null terminated string.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will pretty print a signed PKCS '7' structure,
|
|
Packit |
aea12f |
suitable for display to a human.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Currently the supported formats are 'GNUTLS_CRT_PRINT_FULL' and
|
|
Packit |
aea12f |
'GNUTLS_CRT_PRINT_COMPACT' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The output 'out' needs to be deallocated using 'gnutls_free()' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
gnutls_pkcs7_print_signature_info
|
|
Packit Service |
991b93 |
---------------------------------
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_pkcs7_print_signature_info
|
|
Packit Service |
991b93 |
(gnutls_pkcs7_signature_info_st * INFO,
|
|
Packit Service |
991b93 |
gnutls_certificate_print_formats_t FORMAT, gnutls_datum_t *
|
|
Packit Service |
991b93 |
OUT)
|
|
Packit Service |
991b93 |
INFO: The PKCS7 signature info struct to be printed
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
FORMAT: Indicate the format to use
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
OUT: Newly allocated datum with null terminated string.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
This function will pretty print a PKCS '7' signature info
|
|
Packit Service |
991b93 |
structure, suitable for display to a human.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
Currently the supported formats are 'GNUTLS_CRT_PRINT_FULL' and
|
|
Packit Service |
991b93 |
'GNUTLS_CRT_PRINT_COMPACT' .
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
The output 'out' needs to be deallocated using 'gnutls_free()' .
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit Service |
991b93 |
otherwise a negative error value.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
*Since:* 3.6.14
|
|
Packit Service |
991b93 |
|
|
Packit |
aea12f |
gnutls_pkcs7_set_crl
|
|
Packit |
aea12f |
--------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_set_crl (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
gnutls_x509_crl_t CRL)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRL: the DER encoded crl to be added
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add a parsed CRL to the PKCS7 or RFC2630 crl
|
|
Packit |
aea12f |
set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_set_crl_raw
|
|
Packit |
aea12f |
------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t PKCS7, const
|
|
Packit |
aea12f |
gnutls_datum_t * CRL)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRL: the DER encoded crl to be added
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add a crl to the PKCS7 or RFC2630 crl set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_set_crt
|
|
Packit |
aea12f |
--------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_set_crt (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
gnutls_x509_crt_t CRT)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRT: the certificate to be copied.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add a parsed certificate to the PKCS7 or RFC2630
|
|
Packit |
aea12f |
certificate set. This is a wrapper function over
|
|
Packit |
aea12f |
'gnutls_pkcs7_set_crt_raw()' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_set_crt_raw
|
|
Packit |
aea12f |
------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t PKCS7, const
|
|
Packit |
aea12f |
gnutls_datum_t * CRT)
|
|
Packit |
aea12f |
PKCS7: The pkcs7 type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRT: the DER encoded certificate to be added
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add a certificate to the PKCS7 or RFC2630
|
|
Packit |
aea12f |
certificate set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_sign
|
|
Packit |
aea12f |
-----------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_sign (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
gnutls_x509_crt_t SIGNER, gnutls_privkey_t SIGNER_KEY, const
|
|
Packit |
aea12f |
gnutls_datum_t * DATA, gnutls_pkcs7_attrs_t SIGNED_ATTRS,
|
|
Packit |
aea12f |
gnutls_pkcs7_attrs_t UNSIGNED_ATTRS, gnutls_digest_algorithm_t
|
|
Packit |
aea12f |
DIG, unsigned FLAGS)
|
|
Packit |
aea12f |
PKCS7: should contain a 'gnutls_pkcs7_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SIGNER: the certificate to sign the structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SIGNER_KEY: the key to sign the structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: The data to be signed or 'NULL' if the data are already
|
|
Packit |
aea12f |
embedded
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SIGNED_ATTRS: Any additional attributes to be included in the
|
|
Packit |
aea12f |
signed ones (or 'NULL' )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
UNSIGNED_ATTRS: Any additional attributes to be included in the
|
|
Packit |
aea12f |
unsigned ones (or 'NULL' )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DIG: The digest algorithm to use for signing
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FLAGS: Should be zero or one of 'GNUTLS_PKCS7' flags
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add a signature in the provided PKCS '7'
|
|
Packit |
aea12f |
structure for the provided data. Multiple signatures can be made
|
|
Packit |
aea12f |
with different signers.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The available flags are: 'GNUTLS_PKCS7_EMBED_DATA' ,
|
|
Packit |
aea12f |
'GNUTLS_PKCS7_INCLUDE_TIME' , 'GNUTLS_PKCS7_INCLUDE_CERT' , and
|
|
Packit |
aea12f |
'GNUTLS_PKCS7_WRITE_SPKI' . They are explained in the
|
|
Packit |
aea12f |
'gnutls_pkcs7_sign_flags' definition.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_signature_info_deinit
|
|
Packit |
aea12f |
----------------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: void gnutls_pkcs7_signature_info_deinit
|
|
Packit |
aea12f |
(gnutls_pkcs7_signature_info_st * INFO)
|
|
Packit |
aea12f |
INFO: should point to a 'gnutls_pkcs7_signature_info_st' structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will deinitialize any allocated value in the provided
|
|
Packit |
aea12f |
'gnutls_pkcs7_signature_info_st' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_verify
|
|
Packit |
aea12f |
-------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_verify (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
gnutls_x509_trust_list_t TL, gnutls_typed_vdata_st * VDATA,
|
|
Packit |
aea12f |
unsigned int VDATA_SIZE, unsigned IDX, const gnutls_datum_t *
|
|
Packit |
aea12f |
DATA, unsigned FLAGS)
|
|
Packit |
aea12f |
PKCS7: should contain a 'gnutls_pkcs7_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
TL: A list of trusted certificates
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
VDATA: an array of typed data
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
VDATA_SIZE: the number of data elements
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
IDX: the index of the signature info to check
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: The data to be verified or 'NULL'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FLAGS: Zero or an OR list of 'gnutls_certificate_verify_flags'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will verify the provided data against the signature
|
|
Packit |
aea12f |
present in the SignedData of the PKCS '7' structure. If the data
|
|
Packit |
aea12f |
provided are NULL then the data in the encapsulatedContent field
|
|
Packit |
aea12f |
will be used instead.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value. A verification error results to
|
|
Packit |
aea12f |
a 'GNUTLS_E_PK_SIG_VERIFY_FAILED' and the lack of encapsulated data
|
|
Packit |
aea12f |
to verify to a 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_pkcs7_verify_direct
|
|
Packit |
aea12f |
--------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_pkcs7_verify_direct (gnutls_pkcs7_t PKCS7,
|
|
Packit |
aea12f |
gnutls_x509_crt_t SIGNER, unsigned IDX, const gnutls_datum_t *
|
|
Packit |
aea12f |
DATA, unsigned FLAGS)
|
|
Packit |
aea12f |
PKCS7: should contain a 'gnutls_pkcs7_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SIGNER: the certificate believed to have signed the structure
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
IDX: the index of the signature info to check
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: The data to be verified or 'NULL'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FLAGS: Zero or an OR list of 'gnutls_certificate_verify_flags'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will verify the provided data against the signature
|
|
Packit |
aea12f |
present in the SignedData of the PKCS '7' structure. If the data
|
|
Packit |
aea12f |
provided are NULL then the data in the encapsulatedContent field
|
|
Packit |
aea12f |
will be used instead.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that, unlike 'gnutls_pkcs7_verify()' this function does not
|
|
Packit |
aea12f |
verify the key purpose of the signer. It is expected for the
|
|
Packit |
aea12f |
caller to verify the intended purpose of the 'signer' -e.g., via
|
|
Packit |
aea12f |
'gnutls_x509_crt_get_key_purpose_oid()' , or
|
|
Packit |
aea12f |
'gnutls_x509_crt_check_key_purpose()' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note also, that since GnuTLS 3.5.6 this function introduces checks
|
|
Packit |
aea12f |
in the end certificate ( 'signer' ), including time checks and key
|
|
Packit |
aea12f |
usage checks.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value. A verification error results to
|
|
Packit |
aea12f |
a 'GNUTLS_E_PK_SIG_VERIFY_FAILED' and the lack of encapsulated data
|
|
Packit |
aea12f |
to verify to a 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.4.2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
?
|
|
Packit |
aea12f |
File: gnutls.info, Node: OCSP API, Next: PKCS 12 API, Prev: PKCS 7 API, Up: API reference
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
E.5 OCSP API
|
|
Packit |
aea12f |
============
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The following functions are for OCSP certificate status checking. Their
|
|
Packit |
aea12f |
prototypes lie in 'gnutls/ocsp.h'.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_add_cert
|
|
Packit |
aea12f |
------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_req_add_cert (gnutls_ocsp_req_t REQ,
|
|
Packit |
aea12f |
gnutls_digest_algorithm_t DIGEST, gnutls_x509_crt_t ISSUER,
|
|
Packit |
aea12f |
gnutls_x509_crt_t CERT)
|
|
Packit |
aea12f |
REQ: should contain a 'gnutls_ocsp_req_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DIGEST: hash algorithm, a 'gnutls_digest_algorithm_t' value
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ISSUER: issuer of 'subject' certificate
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CERT: certificate to request status for
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add another request to the OCSP request for a
|
|
Packit |
aea12f |
particular certificate. The issuer name hash, issuer key hash, and
|
|
Packit |
aea12f |
serial number fields is populated as follows. The issuer name and
|
|
Packit |
aea12f |
the serial number is taken from 'cert' . The issuer key is taken
|
|
Packit |
aea12f |
from 'issuer' . The hashed values will be hashed using the
|
|
Packit |
aea12f |
'digest' algorithm, normally 'GNUTLS_DIG_SHA1' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_add_cert_id
|
|
Packit |
aea12f |
---------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_req_add_cert_id (gnutls_ocsp_req_t REQ,
|
|
Packit |
aea12f |
gnutls_digest_algorithm_t DIGEST, const gnutls_datum_t *
|
|
Packit |
aea12f |
ISSUER_NAME_HASH, const gnutls_datum_t * ISSUER_KEY_HASH,
|
|
Packit |
aea12f |
const gnutls_datum_t * SERIAL_NUMBER)
|
|
Packit |
aea12f |
REQ: should contain a 'gnutls_ocsp_req_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DIGEST: hash algorithm, a 'gnutls_digest_algorithm_t' value
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ISSUER_NAME_HASH: hash of issuer's DN
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ISSUER_KEY_HASH: hash of issuer's public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SERIAL_NUMBER: serial number of certificate to check
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add another request to the OCSP request for a
|
|
Packit |
aea12f |
particular certificate having the issuer name hash of
|
|
Packit |
aea12f |
'issuer_name_hash' and issuer key hash of 'issuer_key_hash' (both
|
|
Packit |
aea12f |
hashed using 'digest' ) and serial number 'serial_number' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The information needed corresponds to the CertID structure:
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
<informalexample><programlisting> CertID ::= SEQUENCE {
|
|
Packit |
aea12f |
hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -
|
|
Packit |
aea12f |
Hash of Issuer's DN issuerKeyHash OCTET STRING, - Hash of Issuers
|
|
Packit |
aea12f |
public key serialNumber CertificateSerialNumber }
|
|
Packit |
aea12f |
</programlisting></informalexample>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_deinit
|
|
Packit |
aea12f |
----------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: void gnutls_ocsp_req_deinit (gnutls_ocsp_req_t REQ)
|
|
Packit |
aea12f |
REQ: The data to be deinitialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will deinitialize a OCSP request structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_export
|
|
Packit |
aea12f |
----------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_req_export (gnutls_ocsp_req_const_t REQ,
|
|
Packit |
aea12f |
gnutls_datum_t * DATA)
|
|
Packit |
aea12f |
REQ: Holds the OCSP request
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: newly allocate buffer holding DER encoded OCSP request
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the OCSP request to DER format.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* In case of failure a negative error code will be
|
|
Packit |
aea12f |
returned, and 0 on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_get_cert_id
|
|
Packit |
aea12f |
---------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_req_get_cert_id (gnutls_ocsp_req_const_t
|
|
Packit Service |
991b93 |
REQ, unsigned INDX, gnutls_digest_algorithm_t * DIGEST,
|
|
Packit |
aea12f |
gnutls_datum_t * ISSUER_NAME_HASH, gnutls_datum_t *
|
|
Packit |
aea12f |
ISSUER_KEY_HASH, gnutls_datum_t * SERIAL_NUMBER)
|
|
Packit |
aea12f |
REQ: should contain a 'gnutls_ocsp_req_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: Specifies which extension OID to get. Use (0) to get the
|
|
Packit |
aea12f |
first one.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DIGEST: output variable with 'gnutls_digest_algorithm_t' hash
|
|
Packit |
aea12f |
algorithm
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ISSUER_NAME_HASH: output buffer with hash of issuer's DN
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ISSUER_KEY_HASH: output buffer with hash of issuer's public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SERIAL_NUMBER: output buffer with serial number of certificate to
|
|
Packit |
aea12f |
check
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the certificate information of the 'indx'
|
|
Packit |
aea12f |
'ed request in the OCSP request. The information returned
|
|
Packit |
aea12f |
corresponds to the CertID structure:
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
<informalexample><programlisting> CertID ::= SEQUENCE {
|
|
Packit |
aea12f |
hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -
|
|
Packit |
aea12f |
Hash of Issuer's DN issuerKeyHash OCTET STRING, - Hash of Issuers
|
|
Packit |
aea12f |
public key serialNumber CertificateSerialNumber }
|
|
Packit |
aea12f |
</programlisting></informalexample>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Each of the pointers to output variables may be NULL to indicate
|
|
Packit |
aea12f |
that the caller is not interested in that value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned. If you have reached
|
|
Packit |
aea12f |
the last CertID available 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE'
|
|
Packit |
aea12f |
will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_get_extension
|
|
Packit |
aea12f |
-----------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_req_get_extension (gnutls_ocsp_req_const_t
|
|
Packit Service |
991b93 |
REQ, unsigned INDX, gnutls_datum_t * OID, unsigned int *
|
|
Packit Service |
991b93 |
CRITICAL, gnutls_datum_t * DATA)
|
|
Packit |
aea12f |
REQ: should contain a 'gnutls_ocsp_req_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: Specifies which extension OID to get. Use (0) to get the
|
|
Packit |
aea12f |
first one.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OID: will hold newly allocated buffer with OID of extension, may be
|
|
Packit |
aea12f |
NULL
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRITICAL: output variable with critical flag, may be NULL.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: will hold newly allocated buffer with extension data, may be
|
|
Packit |
aea12f |
NULL
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return all information about the requested
|
|
Packit |
aea12f |
extension in the OCSP request. The information returned is the
|
|
Packit |
aea12f |
OID, the critical flag, and the data itself. The extension OID
|
|
Packit |
aea12f |
will be stored as a string. Any of 'oid' , 'critical' , and 'data'
|
|
Packit |
aea12f |
may be NULL which means that the caller is not interested in
|
|
Packit |
aea12f |
getting that information back.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The caller needs to deallocate memory by calling 'gnutls_free()' on
|
|
Packit |
aea12f |
'oid' ->data and 'data' ->data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned. If you have reached
|
|
Packit |
aea12f |
the last extension available
|
|
Packit |
aea12f |
'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_get_nonce
|
|
Packit |
aea12f |
-------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_req_get_nonce (gnutls_ocsp_req_const_t
|
|
Packit Service |
991b93 |
REQ, unsigned int * CRITICAL, gnutls_datum_t * NONCE)
|
|
Packit |
aea12f |
REQ: should contain a 'gnutls_ocsp_req_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRITICAL: whether nonce extension is marked critical, or NULL
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
NONCE: will hold newly allocated buffer with nonce data
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the OCSP request nonce extension data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The caller needs to deallocate memory by calling 'gnutls_free()' on
|
|
Packit |
aea12f |
'nonce' ->data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_get_version
|
|
Packit |
aea12f |
---------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_req_get_version (gnutls_ocsp_req_const_t
|
|
Packit Service |
991b93 |
REQ)
|
|
Packit |
aea12f |
REQ: should contain a 'gnutls_ocsp_req_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the version of the OCSP request.
|
|
Packit |
aea12f |
Typically this is always 1 indicating version 1.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* version of OCSP request, or a negative error code on
|
|
Packit |
aea12f |
error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_import
|
|
Packit |
aea12f |
----------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_req_import (gnutls_ocsp_req_t REQ, const
|
|
Packit |
aea12f |
gnutls_datum_t * DATA)
|
|
Packit |
aea12f |
REQ: The data to store the parsed request.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: DER encoded OCSP request.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given DER encoded OCSP request to
|
|
Packit |
aea12f |
the native 'gnutls_ocsp_req_t' format. The output will be stored
|
|
Packit |
aea12f |
in 'req' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_init
|
|
Packit |
aea12f |
--------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_req_init (gnutls_ocsp_req_t * REQ)
|
|
Packit |
aea12f |
REQ: A pointer to the type to be initialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will initialize an OCSP request structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_print
|
|
Packit |
aea12f |
---------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_req_print (gnutls_ocsp_req_const_t REQ,
|
|
Packit |
aea12f |
gnutls_ocsp_print_formats_t FORMAT, gnutls_datum_t * OUT)
|
|
Packit |
aea12f |
REQ: The data to be printed
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FORMAT: Indicate the format to use
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OUT: Newly allocated datum with (0) terminated string.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will pretty print a OCSP request, suitable for
|
|
Packit |
aea12f |
display to a human.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the format is 'GNUTLS_OCSP_PRINT_FULL' then all fields of the
|
|
Packit |
aea12f |
request will be output, on multiple lines.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The output 'out' ->data needs to be deallocate using
|
|
Packit |
aea12f |
'gnutls_free()' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_randomize_nonce
|
|
Packit |
aea12f |
-------------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_req_randomize_nonce (gnutls_ocsp_req_t
|
|
Packit |
aea12f |
REQ)
|
|
Packit |
aea12f |
REQ: should contain a 'gnutls_ocsp_req_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add or update an nonce extension to the OCSP
|
|
Packit |
aea12f |
request with a newly generated random value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_set_extension
|
|
Packit |
aea12f |
-----------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t REQ,
|
|
Packit |
aea12f |
const char * OID, unsigned int CRITICAL, const gnutls_datum_t
|
|
Packit |
aea12f |
* DATA)
|
|
Packit |
aea12f |
REQ: should contain a 'gnutls_ocsp_req_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OID: buffer with OID of extension as a string.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRITICAL: critical flag, normally false.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: the extension data
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add an extension to the OCSP request. Calling
|
|
Packit |
aea12f |
this function multiple times for the same OID will overwrite values
|
|
Packit |
aea12f |
from earlier calls.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_req_set_nonce
|
|
Packit |
aea12f |
-------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_req_set_nonce (gnutls_ocsp_req_t REQ,
|
|
Packit |
aea12f |
unsigned int CRITICAL, const gnutls_datum_t * NONCE)
|
|
Packit |
aea12f |
REQ: should contain a 'gnutls_ocsp_req_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRITICAL: critical flag, normally false.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
NONCE: the nonce data
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will add an nonce extension to the OCSP request.
|
|
Packit |
aea12f |
Calling this function multiple times will overwrite values from
|
|
Packit |
aea12f |
earlier calls.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_check_crt
|
|
Packit |
aea12f |
--------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_check_crt (gnutls_ocsp_resp_const_t
|
|
Packit Service |
991b93 |
RESP, unsigned int INDX, gnutls_x509_crt_t CRT)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: Specifies response number to get. Use (0) to get the first
|
|
Packit |
aea12f |
one.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRT: The certificate to check
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will check whether the OCSP response is about the
|
|
Packit |
aea12f |
provided certificate.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.1.3
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_deinit
|
|
Packit |
aea12f |
-----------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: void gnutls_ocsp_resp_deinit (gnutls_ocsp_resp_t RESP)
|
|
Packit |
aea12f |
RESP: The data to be deinitialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will deinitialize a OCSP response structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_export
|
|
Packit |
aea12f |
-----------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_export (gnutls_ocsp_resp_const_t
|
|
Packit Service |
991b93 |
RESP, gnutls_datum_t * DATA)
|
|
Packit |
aea12f |
RESP: Holds the OCSP response
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: newly allocate buffer holding DER encoded OCSP response
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the OCSP response to DER format.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* In case of failure a negative error code will be
|
|
Packit |
aea12f |
returned, and 0 on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_export2
|
|
Packit |
aea12f |
------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_export2 (gnutls_ocsp_resp_const_t
|
|
Packit Service |
991b93 |
RESP, gnutls_datum_t * DATA, gnutls_x509_crt_fmt_t FMT)
|
|
Packit |
aea12f |
RESP: Holds the OCSP response
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: newly allocate buffer holding DER or PEM encoded OCSP
|
|
Packit |
aea12f |
response
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FMT: DER or PEM
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will export the OCSP response to DER or PEM format.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* In case of failure a negative error code will be
|
|
Packit |
aea12f |
returned, and 0 on success.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.6.3
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_certs
|
|
Packit |
aea12f |
--------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_get_certs (gnutls_ocsp_resp_const_t
|
|
Packit Service |
991b93 |
RESP, gnutls_x509_crt_t ** CERTS, size_t * NCERTS)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CERTS: newly allocated array with 'gnutls_x509_crt_t' certificates
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
NCERTS: output variable with number of allocated certs.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will extract the X.509 certificates found in the
|
|
Packit |
aea12f |
Basic OCSP Response. The 'certs' output variable will hold a newly
|
|
Packit |
aea12f |
allocated zero-terminated array with X.509 certificates.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Every certificate in the array needs to be de-allocated with
|
|
Packit |
aea12f |
'gnutls_x509_crt_deinit()' and the array itself must be freed using
|
|
Packit |
aea12f |
'gnutls_free()' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Both the 'certs' and 'ncerts' variables may be NULL. Then the
|
|
Packit |
aea12f |
function will work as normal but will not return the NULL:d
|
|
Packit |
aea12f |
information. This can be used to get the number of certificates
|
|
Packit |
aea12f |
only, or to just get the certificate array without its size.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_extension
|
|
Packit |
aea12f |
------------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_get_extension
|
|
Packit Service |
991b93 |
(gnutls_ocsp_resp_const_t RESP, unsigned INDX, gnutls_datum_t
|
|
Packit Service |
991b93 |
* OID, unsigned int * CRITICAL, gnutls_datum_t * DATA)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: Specifies which extension OID to get. Use (0) to get the
|
|
Packit |
aea12f |
first one.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OID: will hold newly allocated buffer with OID of extension, may be
|
|
Packit |
aea12f |
NULL
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRITICAL: output variable with critical flag, may be NULL.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: will hold newly allocated buffer with extension data, may be
|
|
Packit |
aea12f |
NULL
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return all information about the requested
|
|
Packit |
aea12f |
extension in the OCSP response. The information returned is the
|
|
Packit |
aea12f |
OID, the critical flag, and the data itself. The extension OID
|
|
Packit |
aea12f |
will be stored as a string. Any of 'oid' , 'critical' , and 'data'
|
|
Packit |
aea12f |
may be NULL which means that the caller is not interested in
|
|
Packit |
aea12f |
getting that information back.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The caller needs to deallocate memory by calling 'gnutls_free()' on
|
|
Packit |
aea12f |
'oid' ->data and 'data' ->data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned. If you have reached
|
|
Packit |
aea12f |
the last extension available
|
|
Packit |
aea12f |
'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_nonce
|
|
Packit |
aea12f |
--------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_get_nonce (gnutls_ocsp_resp_const_t
|
|
Packit Service |
991b93 |
RESP, unsigned int * CRITICAL, gnutls_datum_t * NONCE)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CRITICAL: whether nonce extension is marked critical
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
NONCE: will hold newly allocated buffer with nonce data
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the Basic OCSP Response nonce extension
|
|
Packit |
aea12f |
data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The caller needs to deallocate memory by calling 'gnutls_free()' on
|
|
Packit |
aea12f |
'nonce' ->data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_produced
|
|
Packit |
aea12f |
-----------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: time_t gnutls_ocsp_resp_get_produced
|
|
Packit Service |
991b93 |
(gnutls_ocsp_resp_const_t RESP)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the time when the OCSP response was
|
|
Packit |
aea12f |
signed.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* signing time, or (time_t)-1 on error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_responder
|
|
Packit |
aea12f |
------------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_get_responder
|
|
Packit Service |
991b93 |
(gnutls_ocsp_resp_const_t RESP, gnutls_datum_t * DN)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DN: newly allocated buffer with name
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will extract the name of the Basic OCSP Response in
|
|
Packit |
aea12f |
the provided buffer. The name will be in the form
|
|
Packit |
aea12f |
"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
|
|
Packit |
aea12f |
will be ASCII or UTF-8 encoded, depending on the certificate data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the responder ID is not a name but a hash, this function will
|
|
Packit |
aea12f |
return zero and the 'dn' elements will be set to 'NULL' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The caller needs to deallocate memory by calling 'gnutls_free()' on
|
|
Packit |
aea12f |
'dn' ->data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function does not output a fully RFC4514 compliant string, if
|
|
Packit |
aea12f |
that is required see 'gnutls_ocsp_resp_get_responder2()' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned. When no data exist it
|
|
Packit |
aea12f |
will return success and set 'dn' elements to zero.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_responder2
|
|
Packit |
aea12f |
-------------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_get_responder2
|
|
Packit Service |
991b93 |
(gnutls_ocsp_resp_const_t RESP, gnutls_datum_t * DN, unsigned
|
|
Packit Service |
991b93 |
FLAGS)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DN: newly allocated buffer with name
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FLAGS: zero or 'GNUTLS_X509_DN_FLAG_COMPAT'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will extract the name of the Basic OCSP Response in
|
|
Packit |
aea12f |
the provided buffer. The name will be in the form
|
|
Packit |
aea12f |
"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
|
|
Packit |
aea12f |
will be ASCII or UTF-8 encoded, depending on the certificate data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the responder ID is not a name but a hash, this function will
|
|
Packit |
aea12f |
return zero and the 'dn' elements will be set to 'NULL' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The caller needs to deallocate memory by calling 'gnutls_free()' on
|
|
Packit |
aea12f |
'dn' ->data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
When the flag 'GNUTLS_X509_DN_FLAG_COMPAT' is specified, the output
|
|
Packit |
aea12f |
format will match the format output by previous to 3.5.6 versions
|
|
Packit |
aea12f |
of GnuTLS which was not not fully RFC4514-compliant.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned. When no data exist it
|
|
Packit |
aea12f |
will return 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_responder_raw_id
|
|
Packit |
aea12f |
-------------------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_resp_get_responder_raw_id
|
|
Packit Service |
991b93 |
(gnutls_ocsp_resp_const_t RESP, unsigned TYPE, gnutls_datum_t
|
|
Packit Service |
991b93 |
* RAW)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
TYPE: should be 'GNUTLS_OCSP_RESP_ID_KEY' or
|
|
Packit |
aea12f |
'GNUTLS_OCSP_RESP_ID_DN'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
RAW: newly allocated buffer with the raw ID
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will extract the raw key (or DN) ID of the Basic OCSP
|
|
Packit |
aea12f |
Response in the provided buffer. If the responder ID is not a key
|
|
Packit |
aea12f |
ID then this function will return
|
|
Packit |
aea12f |
'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The caller needs to deallocate memory by calling 'gnutls_free()' on
|
|
Packit |
aea12f |
'dn' ->data.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_response
|
|
Packit |
aea12f |
-----------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_get_response
|
|
Packit Service |
991b93 |
(gnutls_ocsp_resp_const_t RESP, gnutls_datum_t *
|
|
Packit Service |
991b93 |
RESPONSE_TYPE_OID, gnutls_datum_t * RESPONSE)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
RESPONSE_TYPE_OID: newly allocated output buffer with response type
|
|
Packit |
aea12f |
OID
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
RESPONSE: newly allocated output buffer with DER encoded response
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will extract the response type OID in and the
|
|
Packit |
aea12f |
response data from an OCSP response. Normally the
|
|
Packit |
aea12f |
'response_type_oid' is always "1.3.6.1.5.5.7.48.1.1" which means
|
|
Packit |
aea12f |
the 'response' should be decoded as a Basic OCSP Response, but
|
|
Packit |
aea12f |
technically other response types could be used.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function is typically only useful when you want to extract the
|
|
Packit |
aea12f |
response type OID of an response for diagnostic purposes.
|
|
Packit |
aea12f |
Otherwise 'gnutls_ocsp_resp_import()' will decode the basic OCSP
|
|
Packit |
aea12f |
response part and the caller need not worry about that aspect.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_signature
|
|
Packit |
aea12f |
------------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_get_signature
|
|
Packit Service |
991b93 |
(gnutls_ocsp_resp_const_t RESP, gnutls_datum_t * SIG)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SIG: newly allocated output buffer with signature data
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will extract the signature field of a OCSP response.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_signature_algorithm
|
|
Packit |
aea12f |
----------------------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_resp_get_signature_algorithm
|
|
Packit Service |
991b93 |
(gnutls_ocsp_resp_const_t RESP)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return a value of the 'gnutls_sign_algorithm_t'
|
|
Packit |
aea12f |
enumeration that is the signature algorithm that has been used to
|
|
Packit |
aea12f |
sign the OCSP response.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* a 'gnutls_sign_algorithm_t' value, or a negative error
|
|
Packit |
aea12f |
code on error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_single
|
|
Packit |
aea12f |
---------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_const_t
|
|
Packit Service |
991b93 |
RESP, unsigned INDX, gnutls_digest_algorithm_t * DIGEST,
|
|
Packit |
aea12f |
gnutls_datum_t * ISSUER_NAME_HASH, gnutls_datum_t *
|
|
Packit |
aea12f |
ISSUER_KEY_HASH, gnutls_datum_t * SERIAL_NUMBER, unsigned int
|
|
Packit |
aea12f |
* CERT_STATUS, time_t * THIS_UPDATE, time_t * NEXT_UPDATE,
|
|
Packit |
aea12f |
time_t * REVOCATION_TIME, unsigned int * REVOCATION_REASON)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
INDX: Specifies response number to get. Use (0) to get the first
|
|
Packit |
aea12f |
one.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DIGEST: output variable with 'gnutls_digest_algorithm_t' hash
|
|
Packit |
aea12f |
algorithm
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ISSUER_NAME_HASH: output buffer with hash of issuer's DN
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ISSUER_KEY_HASH: output buffer with hash of issuer's public key
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SERIAL_NUMBER: output buffer with serial number of certificate to
|
|
Packit |
aea12f |
check
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
CERT_STATUS: a certificate status, a 'gnutls_ocsp_cert_status_t'
|
|
Packit |
aea12f |
enum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
THIS_UPDATE: time at which the status is known to be correct.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
NEXT_UPDATE: when newer information will be available, or
|
|
Packit |
aea12f |
(time_t)-1 if unspecified
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
REVOCATION_TIME: when 'cert_status' is 'GNUTLS_OCSP_CERT_REVOKED' ,
|
|
Packit |
aea12f |
holds time of revocation.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
REVOCATION_REASON: revocation reason, a 'gnutls_x509_crl_reason_t'
|
|
Packit |
aea12f |
enum.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the certificate information of the 'indx'
|
|
Packit |
aea12f |
'ed response in the Basic OCSP Response 'resp' . The information
|
|
Packit |
aea12f |
returned corresponds to the OCSP SingleResponse structure except
|
|
Packit |
aea12f |
the final singleExtensions.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Each of the pointers to output variables may be NULL to indicate
|
|
Packit |
aea12f |
that the caller is not interested in that value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error code is returned. If you have reached
|
|
Packit |
aea12f |
the last CertID available 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE'
|
|
Packit |
aea12f |
will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_status
|
|
Packit |
aea12f |
---------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_get_status (gnutls_ocsp_resp_const_t
|
|
Packit Service |
991b93 |
RESP)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the status of a OCSP response, an
|
|
Packit |
aea12f |
'gnutls_ocsp_resp_status_t' enumeration.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* status of OCSP request as a 'gnutls_ocsp_resp_status_t'
|
|
Packit |
aea12f |
, or a negative error code on error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_get_version
|
|
Packit |
aea12f |
----------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_get_version (gnutls_ocsp_resp_const_t
|
|
Packit Service |
991b93 |
RESP)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will return the version of the Basic OCSP Response.
|
|
Packit |
aea12f |
Typically this is always 1 indicating version 1.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* version of Basic OCSP response, or a negative error code
|
|
Packit |
aea12f |
on error.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_import
|
|
Packit |
aea12f |
-----------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_resp_import (gnutls_ocsp_resp_t RESP,
|
|
Packit |
aea12f |
const gnutls_datum_t * DATA)
|
|
Packit |
aea12f |
RESP: The data to store the parsed response.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: DER encoded OCSP response.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given DER encoded OCSP response to
|
|
Packit |
aea12f |
the native 'gnutls_ocsp_resp_t' format. It also decodes the Basic
|
|
Packit |
aea12f |
OCSP Response part, if any. The output will be stored in 'resp' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_import2
|
|
Packit |
aea12f |
------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_resp_import2 (gnutls_ocsp_resp_t RESP,
|
|
Packit |
aea12f |
const gnutls_datum_t * DATA, gnutls_x509_crt_fmt_t FMT)
|
|
Packit |
aea12f |
RESP: The data to store the parsed response.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
DATA: DER or PEM encoded OCSP response.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FMT: DER or PEM
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given OCSP response to the native
|
|
Packit |
aea12f |
'gnutls_ocsp_resp_t' format. It also decodes the Basic OCSP
|
|
Packit |
aea12f |
Response part, if any. The output will be stored in 'resp' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.6.3
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_init
|
|
Packit |
aea12f |
---------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_resp_init (gnutls_ocsp_resp_t * RESP)
|
|
Packit |
aea12f |
RESP: A pointer to the type to be initialized
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will initialize an OCSP response structure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_list_import2
|
|
Packit |
aea12f |
-----------------------------
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
-- Function: int gnutls_ocsp_resp_list_import2 (gnutls_ocsp_resp_t **
|
|
Packit |
aea12f |
OCSPS, unsigned int * SIZE, const gnutls_datum_t * RESP_DATA,
|
|
Packit |
aea12f |
gnutls_x509_crt_fmt_t FORMAT, unsigned int FLAGS)
|
|
Packit |
aea12f |
OCSPS: Will hold the parsed OCSP response list.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
SIZE: It will contain the size of the list.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
RESP_DATA: The PEM encoded OCSP list.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FORMAT: One of 'GNUTLS_X509_FMT_PEM' or 'GNUTLS_X509_FMT_DER'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FLAGS: must be (0) or an OR'd sequence of
|
|
Packit |
aea12f |
gnutls_certificate_import_flags.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will convert the given PEM encoded OCSP response list
|
|
Packit |
aea12f |
to the native gnutls_ocsp_resp_t format. The output will be stored
|
|
Packit |
aea12f |
in 'ocsps' which will be allocated and initialized.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The OCSP responses should have a header of "OCSP RESPONSE".
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
To deinitialize responses, you need to deinitialize each
|
|
Packit |
aea12f |
'gnutls_ocsp_resp_t' structure independently, and use
|
|
Packit |
aea12f |
'gnutls_free()' at 'ocsps' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In PEM files, when no OCSP responses are detected
|
|
Packit |
aea12f |
'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* the number of responses read or a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Since:* 3.6.3
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_print
|
|
Packit |
aea12f |
----------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_print (gnutls_ocsp_resp_const_t RESP,
|
|
Packit |
aea12f |
gnutls_ocsp_print_formats_t FORMAT, gnutls_datum_t * OUT)
|
|
Packit |
aea12f |
RESP: The data to be printed
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FORMAT: Indicate the format to use
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
OUT: Newly allocated datum with (0) terminated string.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will pretty print a OCSP response, suitable for
|
|
Packit |
aea12f |
display to a human.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the format is 'GNUTLS_OCSP_PRINT_FULL' then all fields of the
|
|
Packit |
aea12f |
response will be output, on multiple lines.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The output 'out' ->data needs to be deallocate using
|
|
Packit |
aea12f |
'gnutls_free()' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_verify
|
|
Packit |
aea12f |
-----------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_const_t
|
|
Packit Service |
991b93 |
RESP, gnutls_x509_trust_list_t TRUSTLIST, unsigned int *
|
|
Packit Service |
991b93 |
VERIFY, unsigned int FLAGS)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
TRUSTLIST: trust anchors as a 'gnutls_x509_trust_list_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
VERIFY: output variable with verification status, an
|
|
Packit |
aea12f |
'gnutls_ocsp_verify_reason_t'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FLAGS: verification flags from 'gnutls_certificate_verify_flags'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Verify signature of the Basic OCSP Response against the public key
|
|
Packit |
aea12f |
in the certificate of a trusted signer. The 'trustlist' should be
|
|
Packit |
aea12f |
populated with trust anchors. The function will extract the signer
|
|
Packit |
aea12f |
certificate from the Basic OCSP Response and will verify it against
|
|
Packit |
aea12f |
the 'trustlist' . A trusted signer is a certificate that is either
|
|
Packit |
aea12f |
in 'trustlist' , or it is signed directly by a certificate in
|
|
Packit |
aea12f |
'trustlist' and has the id-ad-ocspSigning Extended Key Usage bit
|
|
Packit |
aea12f |
set.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The output 'verify' variable will hold verification status codes
|
|
Packit |
aea12f |
(e.g., 'GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND' ,
|
|
Packit |
aea12f |
'GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM' ) which are only valid if
|
|
Packit |
aea12f |
the function returned 'GNUTLS_E_SUCCESS' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that the function returns 'GNUTLS_E_SUCCESS' even when
|
|
Packit |
aea12f |
verification failed. The caller must always inspect the 'verify'
|
|
Packit |
aea12f |
variable to find out the verification status.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The 'flags' variable should be 0 for now.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_ocsp_resp_verify_direct
|
|
Packit |
aea12f |
------------------------------
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
-- Function: int gnutls_ocsp_resp_verify_direct
|
|
Packit Service |
991b93 |
(gnutls_ocsp_resp_const_t RESP, gnutls_x509_crt_t ISSUER,
|
|
Packit Service |
991b93 |
unsigned int * VERIFY, unsigned int FLAGS)
|
|
Packit |
aea12f |
RESP: should contain a 'gnutls_ocsp_resp_t' type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ISSUER: certificate believed to have signed the response
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
VERIFY: output variable with verification status, an
|
|
Packit |
aea12f |
'gnutls_ocsp_verify_reason_t'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
FLAGS: verification flags from 'gnutls_certificate_verify_flags'
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Verify signature of the Basic OCSP Response against the public key
|
|
Packit |
aea12f |
in the 'issuer' certificate.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The output 'verify' variable will hold verification status codes
|
|
Packit |
aea12f |
(e.g., 'GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND' ,
|
|
Packit |
aea12f |
'GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM' ) which are only valid if
|
|
Packit |
aea12f |
the function returned 'GNUTLS_E_SUCCESS' .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Note that the function returns 'GNUTLS_E_SUCCESS' even when
|
|
Packit |
aea12f |
verification failed. The caller must always inspect the 'verify'
|
|
Packit |
aea12f |
variable to find out the verification status.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The 'flags' variable should be 0 for now.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
*Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
|
|
Packit |
aea12f |
otherwise a negative error value.
|
|
Packit |
aea12f |
|