projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[OLEACC]
[reactos.git] / reactos / include / reactos / libs / gnutls / gnutls / x509.h
1 /*
2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 /* This file contains the types and prototypes for the X.509
24 * certificate and CRL handling functions.
25 */
26
27 #ifndef GNUTLS_X509_H
28 #define GNUTLS_X509_H
29
30 #include <gnutls/gnutls.h>
31
32 /* *INDENT-OFF* */
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 /* *INDENT-ON* */
37
38 /* Some OIDs usually found in Distinguished names, or
39 * in Subject Directory Attribute extensions.
40 */
41 #define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6"
42 #define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10"
43 #define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
44 #define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3"
45 #define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7"
46 #define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
47
48 #define GNUTLS_OID_X520_INITIALS "2.5.4.43"
49 #define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44"
50 #define GNUTLS_OID_X520_SURNAME "2.5.4.4"
51 #define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42"
52 #define GNUTLS_OID_X520_TITLE "2.5.4.12"
53 #define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46"
54 #define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65"
55 #define GNUTLS_OID_X520_POSTALCODE "2.5.4.17"
56 #define GNUTLS_OID_X520_NAME "2.5.4.41"
57
58 #define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25"
59 #define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1"
60
61 /* The following should not be included in DN.
62 */
63 #define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
64
65 #define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1"
66 #define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2"
67 #define GNUTLS_OID_PKIX_GENDER "1.3.6.1.5.5.7.9.3"
68 #define GNUTLS_OID_PKIX_COUNTRY_OF_CITIZENSHIP "1.3.6.1.5.5.7.9.4"
69 #define GNUTLS_OID_PKIX_COUNTRY_OF_RESIDENCE "1.3.6.1.5.5.7.9.5"
70
71 /* Key purpose Object Identifiers.
72 */
73 #define GNUTLS_KP_TLS_WWW_SERVER "1.3.6.1.5.5.7.3.1"
74 #define GNUTLS_KP_TLS_WWW_CLIENT "1.3.6.1.5.5.7.3.2"
75 #define GNUTLS_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3"
76 #define GNUTLS_KP_MS_SMART_CARD_LOGON "1.3.6.1.4.1.311.20.2.2"
77 #define GNUTLS_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4"
78 #define GNUTLS_KP_TIME_STAMPING "1.3.6.1.5.5.7.3.8"
79 #define GNUTLS_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9"
80 #define GNUTLS_KP_IPSEC_IKE "1.3.6.1.5.5.7.3.17"
81 #define GNUTLS_KP_ANY "2.5.29.37.0"
82
83 #define GNUTLS_OID_AIA "1.3.6.1.5.5.7.1.1"
84 #define GNUTLS_OID_AD_OCSP "1.3.6.1.5.5.7.48.1"
85 #define GNUTLS_OID_AD_CAISSUERS "1.3.6.1.5.5.7.48.2"
86
87 #define GNUTLS_FSAN_SET 0
88 #define GNUTLS_FSAN_APPEND 1
89
90 /* Certificate handling functions.
91 */
92
93 /**
94 * gnutls_certificate_import_flags:
95 * @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the
96 * certificates in the buffer are more than the space allocated for
97 * certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER.
98 * @GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: Fail if the certificates
99 * in the buffer are not ordered starting from subject to issuer.
100 * The error code will be %GNUTLS_E_CERTIFICATE_LIST_UNSORTED.
101 *
102 * Enumeration of different certificate import flags.
103 */
104 typedef enum gnutls_certificate_import_flags {
105 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1,
106 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2
107 } gnutls_certificate_import_flags;
108
109 int gnutls_x509_crt_init(gnutls_x509_crt_t * cert);
110 void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert);
111 int gnutls_x509_crt_import(gnutls_x509_crt_t cert,
112 const gnutls_datum_t * data,
113 gnutls_x509_crt_fmt_t format);
114 int gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs,
115 unsigned int *size,
116 const gnutls_datum_t * data,
117 gnutls_x509_crt_fmt_t format,
118 unsigned int flags);
119 int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs,
120 unsigned int *cert_max,
121 const gnutls_datum_t * data,
122 gnutls_x509_crt_fmt_t format,
123 unsigned int flags);
124 int gnutls_x509_crt_export(gnutls_x509_crt_t cert,
125 gnutls_x509_crt_fmt_t format,
126 void *output_data, size_t * output_data_size);
127 int gnutls_x509_crt_export2(gnutls_x509_crt_t cert,
128 gnutls_x509_crt_fmt_t format,
129 gnutls_datum_t * out);
130 int gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t
131 cert,
132 time_t *
133 activation,
134 time_t *
135 expiration, unsigned int
136 *critical);
137
138 int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert,
139 char *buf, size_t * buf_size);
140 int gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert,
141 gnutls_datum_t * dn);
142 int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert,
143 int indx, void *oid,
144 size_t * oid_size);
145 int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert,
146 const char *oid, int indx,
147 unsigned int raw_flag,
148 void *buf, size_t * buf_size);
149 int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf,
150 size_t * buf_size);
151 int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, gnutls_datum_t * dn);
152 int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, int indx,
153 void *oid, size_t * oid_size);
154 int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert,
155 const char *oid, int indx,
156 unsigned int raw_flag, void *buf,
157 size_t * buf_size);
158 int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert,
159 const char *hostname);
160
161 int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert);
162 int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert,
163 char *sig, size_t * sizeof_sig);
164 int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert);
165 int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt,
166 unsigned int flags,
167 unsigned char *output_data,
168 size_t * output_data_size);
169
170 int gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t
171 crt,
172 time_t activation,
173 time_t expiration);
174 int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert,
175 const void *id, size_t id_size);
176 int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert,
177 void *id,
178 size_t * id_size,
179 unsigned int *critical);
180 int gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t
181 cert,
182 unsigned int seq,
183 void *alt,
184 size_t * alt_size,
185 unsigned int
186 *alt_type,
187 void *serial,
188 size_t *
189 serial_size, unsigned int
190 *critical);
191
192 int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert,
193 void *ret,
194 size_t * ret_size,
195 unsigned int *critical);
196
197 int gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t crt,
198 char *buf, size_t * buf_size);
199
200 int gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t crt,
201 char *buf, size_t * buf_size);
202
203 void gnutls_x509_crt_set_pin_function(gnutls_x509_crt_t crt,
204 gnutls_pin_callback_t fn,
205 void *userdata);
206
207 /**
208 * gnutls_info_access_what_t:
209 * @GNUTLS_IA_ACCESSMETHOD_OID: Get accessMethod OID.
210 * @GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE: Get accessLocation name type.
211 * @GNUTLS_IA_URI: Get accessLocation URI value.
212 * @GNUTLS_IA_OCSP_URI: get accessLocation URI value for OCSP.
213 * @GNUTLS_IA_CAISSUERS_URI: get accessLocation URI value for caIssuers.
214 *
215 * Enumeration of types for the @what parameter of
216 * gnutls_x509_crt_get_authority_info_access().
217 */
218 typedef enum gnutls_info_access_what_t {
219 GNUTLS_IA_ACCESSMETHOD_OID = 1,
220 GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE = 2,
221 /* use 100-108 for the generalName types, populate as needed */
222 GNUTLS_IA_URI = 106,
223 /* quick-access variants that match both OID and name type. */
224 GNUTLS_IA_OCSP_URI = 10006,
225 GNUTLS_IA_CAISSUERS_URI = 10106
226 } gnutls_info_access_what_t;
227
228 int gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t
229 crt,
230 unsigned int seq,
231 int what,
232 gnutls_datum_t *
233 data, unsigned int
234 *critical);
235
236 #define GNUTLS_CRL_REASON_SUPERSEEDED GNUTLS_CRL_REASON_SUPERSEDED,
237 /**
238 * gnutls_x509_crl_reason_flags_t:
239 * @GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN: The privileges were withdrawn from the owner.
240 * @GNUTLS_CRL_REASON_CERTIFICATE_HOLD: The certificate is on hold.
241 * @GNUTLS_CRL_REASON_CESSATION_OF_OPERATION: The end-entity is no longer operating.
242 * @GNUTLS_CRL_REASON_SUPERSEDED: There is a newer certificate of the owner.
243 * @GNUTLS_CRL_REASON_AFFILIATION_CHANGED: The end-entity affiliation has changed.
244 * @GNUTLS_CRL_REASON_CA_COMPROMISE: The CA was compromised.
245 * @GNUTLS_CRL_REASON_KEY_COMPROMISE: The certificate's key was compromised.
246 * @GNUTLS_CRL_REASON_UNUSED: The key was never used.
247 * @GNUTLS_CRL_REASON_AA_COMPROMISE: AA compromised.
248 *
249 * Enumeration of types for the CRL revocation reasons.
250 */
251 typedef enum gnutls_x509_crl_reason_flags_t {
252 GNUTLS_CRL_REASON_UNSPECIFIED = 0,
253 GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN = 1,
254 GNUTLS_CRL_REASON_CERTIFICATE_HOLD = 2,
255 GNUTLS_CRL_REASON_CESSATION_OF_OPERATION = 4,
256 GNUTLS_CRL_REASON_SUPERSEDED = 8,
257 GNUTLS_CRL_REASON_AFFILIATION_CHANGED = 16,
258 GNUTLS_CRL_REASON_CA_COMPROMISE = 32,
259 GNUTLS_CRL_REASON_KEY_COMPROMISE = 64,
260 GNUTLS_CRL_REASON_UNUSED = 128,
261 GNUTLS_CRL_REASON_AA_COMPROMISE = 32768
262 } gnutls_x509_crl_reason_flags_t;
263
264 int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert,
265 unsigned int seq,
266 void *ret,
267 size_t * ret_size,
268 unsigned int *reason_flags,
269 unsigned int *critical);
270 int gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt,
271 gnutls_x509_subject_alt_name_t
272 type, const void *data,
273 unsigned int data_size,
274 unsigned int reason_flags);
275 int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt,
276 gnutls_x509_subject_alt_name_t
277 type,
278 const void *data_string,
279 unsigned int reason_flags);
280 int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst,
281 gnutls_x509_crt_t src);
282
283 int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl,
284 gnutls_x509_crt_t issuer,
285 gnutls_x509_privkey_t issuer_key,
286 gnutls_digest_algorithm_t dig,
287 unsigned int flags);
288
289 time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert);
290
291 #define GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION ((time_t)4294197631)
292
293 time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert);
294 int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert,
295 void *result, size_t * result_size);
296
297 int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert,
298 unsigned int *bits);
299 int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt,
300 gnutls_datum_t * m, gnutls_datum_t * e);
301 int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt,
302 gnutls_datum_t * p,
303 gnutls_datum_t * q,
304 gnutls_datum_t * g, gnutls_datum_t * y);
305
306 int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert,
307 unsigned int seq,
308 void *san,
309 size_t * san_size,
310 unsigned int *critical);
311 int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert,
312 unsigned int seq,
313 void *san,
314 size_t * san_size,
315 unsigned int *san_type,
316 unsigned int *critical);
317
318 int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t
319 cert,
320 unsigned int seq,
321 void *oid,
322 size_t * oid_size);
323
324 int gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert,
325 unsigned int seq,
326 void *ian,
327 size_t * ian_size,
328 unsigned int *critical);
329 int gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t cert,
330 unsigned int seq,
331 void *ian,
332 size_t * ian_size,
333 unsigned int *ian_type,
334 unsigned int *critical);
335
336 int gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t
337 cert,
338 unsigned int seq,
339 void *ret,
340 size_t * ret_size);
341
342 int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert,
343 unsigned int *critical);
344 int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert,
345 unsigned int *critical,
346 unsigned int *ca, int *pathlen);
347
348 /* The key_usage flags are defined in gnutls.h. They are the
349 * GNUTLS_KEY_* definitions.
350 */
351 int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert,
352 unsigned int *key_usage,
353 unsigned int *critical);
354 int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt,
355 unsigned int usage);
356 int gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t
357 crt, int what,
358 gnutls_datum_t * data);
359
360 int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert,
361 unsigned int *critical,
362 int *pathlen,
363 char **policyLanguage,
364 char **policy, size_t * sizeof_policy);
365
366 #define GNUTLS_MAX_QUALIFIERS 8
367
368 /**
369 * gnutls_x509_qualifier_t:
370 * @GNUTLS_X509_QUALIFIER_UNKNOWN: Unknown qualifier.
371 * @GNUTLS_X509_QUALIFIER_URI: A URL
372 * @GNUTLS_X509_QUALIFIER_NOICE: A text notice.
373 *
374 * Enumeration of types for the X.509 qualifiers, of the certificate policy extension.
375 */
376 typedef enum gnutls_x509_qualifier_t {
377 GNUTLS_X509_QUALIFIER_UNKNOWN = 0, GNUTLS_X509_QUALIFIER_URI,
378 GNUTLS_X509_QUALIFIER_NOTICE
379 } gnutls_x509_qualifier_t;
380
381 typedef struct gnutls_x509_policy_st {
382 char *oid;
383 unsigned int qualifiers;
384 struct {
385 gnutls_x509_qualifier_t type;
386 char *data;
387 unsigned int size;
388 } qualifier[GNUTLS_MAX_QUALIFIERS];
389 } gnutls_x509_policy_st;
390
391 void gnutls_x509_policy_release(struct gnutls_x509_policy_st
392 *policy);
393 int gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, int indx, struct gnutls_x509_policy_st
394 *policy, unsigned int *critical);
395 int gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, struct gnutls_x509_policy_st
396 *policy, unsigned int critical);
397
398 int gnutls_x509_dn_oid_known(const char *oid);
399
400 #define GNUTLS_X509_DN_OID_RETURN_OID 1
401 const char *gnutls_x509_dn_oid_name(const char *oid, unsigned int flags);
402
403 /* Read extensions by OID. */
404 int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
405 int indx, void *oid,
406 size_t * oid_size);
407 int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert,
408 const char *oid, int indx,
409 void *buf,
410 size_t * buf_size,
411 unsigned int *critical);
412
413 /* Read extensions by sequence number. */
414 int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert,
415 int indx, void *oid,
416 size_t * oid_size,
417 unsigned int *critical);
418 int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert,
419 int indx, void *data,
420 size_t * sizeof_data);
421
422 int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt,
423 const char *oid,
424 const void *buf,
425 size_t sizeof_buf,
426 unsigned int critical);
427
428 /* X.509 Certificate writing.
429 */
430 int gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn,
431 const char **err);
432
433 int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt,
434 const char *oid,
435 unsigned int raw_flag,
436 const void *name,
437 unsigned int sizeof_name);
438 int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt,
439 const char *oid,
440 unsigned int raw_flag,
441 const void *name,
442 unsigned int sizeof_name);
443 int gnutls_x509_crt_set_issuer_dn(gnutls_x509_crt_t crt,
444 const char *dn, const char **err);
445
446 int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt,
447 unsigned int version);
448 int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt,
449 gnutls_x509_privkey_t key);
450 int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, unsigned int ca);
451 int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt,
452 unsigned int ca,
453 int pathLenConstraint);
454 int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t
455 crt,
456 gnutls_x509_subject_alt_name_t
457 type, const char
458 *data_string);
459 int gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt,
460 gnutls_x509_subject_alt_name_t
461 type, const void *data,
462 unsigned int data_size,
463 unsigned int flags);
464 int gnutls_x509_crt_sign(gnutls_x509_crt_t crt,
465 gnutls_x509_crt_t issuer,
466 gnutls_x509_privkey_t issuer_key);
467 int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt,
468 gnutls_x509_crt_t issuer,
469 gnutls_x509_privkey_t issuer_key,
470 gnutls_digest_algorithm_t dig,
471 unsigned int flags);
472 int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert,
473 time_t act_time);
474 int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert,
475 time_t exp_time);
476 int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert,
477 const void *serial, size_t serial_size);
478
479 int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert,
480 const void *id, size_t id_size);
481
482 int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt,
483 gnutls_x509_crt_t eecrt,
484 unsigned int raw_flag,
485 const void *name,
486 unsigned int sizeof_name);
487 int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt,
488 int pathLenConstraint,
489 const char *policyLanguage,
490 const char *policy, size_t sizeof_policy);
491
492 int gnutls_x509_crt_print(gnutls_x509_crt_t cert,
493 gnutls_certificate_print_formats_t
494 format, gnutls_datum_t * out);
495 int gnutls_x509_crl_print(gnutls_x509_crl_t crl,
496 gnutls_certificate_print_formats_t
497 format, gnutls_datum_t * out);
498
499 /* Access to internal Certificate fields.
500 */
501 int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert,
502 gnutls_datum_t * start);
503 int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert,
504 gnutls_datum_t * start);
505
506 /* RDN handling.
507 */
508 int gnutls_x509_rdn_get(const gnutls_datum_t * idn,
509 char *buf, size_t * sizeof_buf);
510 int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn,
511 int indx, void *buf, size_t * sizeof_buf);
512
513 int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn,
514 const char *oid, int indx,
515 unsigned int raw_flag, void *buf,
516 size_t * sizeof_buf);
517
518 typedef void *gnutls_x509_dn_t;
519
520 typedef struct gnutls_x509_ava_st {
521 gnutls_datum_t oid;
522 gnutls_datum_t value;
523 unsigned long value_tag;
524 } gnutls_x509_ava_st;
525
526 int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert,
527 gnutls_x509_dn_t * dn);
528 int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert,
529 gnutls_x509_dn_t * dn);
530 int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, int irdn,
531 int iava, gnutls_x509_ava_st * ava);
532
533 int gnutls_x509_dn_init(gnutls_x509_dn_t * dn);
534
535 int gnutls_x509_dn_import(gnutls_x509_dn_t dn,
536 const gnutls_datum_t * data);
537
538 int gnutls_x509_dn_export(gnutls_x509_dn_t dn,
539 gnutls_x509_crt_fmt_t format,
540 void *output_data, size_t * output_data_size);
541 int gnutls_x509_dn_export2(gnutls_x509_dn_t dn,
542 gnutls_x509_crt_fmt_t format,
543 gnutls_datum_t * out);
544
545 void gnutls_x509_dn_deinit(gnutls_x509_dn_t dn);
546
547
548 /* CRL handling functions.
549 */
550 int gnutls_x509_crl_init(gnutls_x509_crl_t * crl);
551 void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl);
552
553 int gnutls_x509_crl_import(gnutls_x509_crl_t crl,
554 const gnutls_datum_t * data,
555 gnutls_x509_crt_fmt_t format);
556 int gnutls_x509_crl_export(gnutls_x509_crl_t crl,
557 gnutls_x509_crt_fmt_t format,
558 void *output_data, size_t * output_data_size);
559 int gnutls_x509_crl_export2(gnutls_x509_crl_t crl,
560 gnutls_x509_crt_fmt_t format,
561 gnutls_datum_t * out);
562
563 int
564 gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
565 gnutls_datum_t * dn);
566
567 int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl_t crl,
568 char *buf, size_t * sizeof_buf);
569 int gnutls_x509_crl_get_issuer_dn2(gnutls_x509_crl_t crl,
570 gnutls_datum_t * dn);
571 int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl,
572 const char *oid, int indx,
573 unsigned int raw_flag,
574 void *buf, size_t * sizeof_buf);
575 int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, int indx,
576 void *oid, size_t * sizeof_oid);
577
578 int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl);
579 int gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl,
580 char *sig, size_t * sizeof_sig);
581 int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl);
582
583 time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl);
584 time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl);
585
586 int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl);
587 int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int indx,
588 unsigned char *serial,
589 size_t * serial_size, time_t * t);
590 #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count
591 #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial
592
593 int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl,
594 gnutls_x509_crt_t issuer);
595
596 int gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** crls,
597 unsigned int *size,
598 const gnutls_datum_t * data,
599 gnutls_x509_crt_fmt_t format,
600 unsigned int flags);
601
602 int gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls,
603 unsigned int *crl_max,
604 const gnutls_datum_t * data,
605 gnutls_x509_crt_fmt_t format,
606 unsigned int flags);
607 /* CRL writing.
608 */
609 int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl,
610 unsigned int version);
611 int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl,
612 time_t act_time);
613 int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl,
614 time_t exp_time);
615 int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl,
616 const void *serial,
617 size_t serial_size,
618 time_t revocation_time);
619 int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl,
620 gnutls_x509_crt_t crt, time_t revocation_time);
621
622 int gnutls_x509_crl_get_authority_key_id(gnutls_x509_crl_t crl,
623 void *id,
624 size_t * id_size,
625 unsigned int *critical);
626 int gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t
627 crl,
628 unsigned int seq,
629 void *alt,
630 size_t * alt_size,
631 unsigned int
632 *alt_type,
633 void *serial,
634 size_t *
635 serial_size, unsigned int
636 *critical);
637
638 int gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret,
639 size_t * ret_size, unsigned int *critical);
640
641 int gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl,
642 int indx, void *oid,
643 size_t * sizeof_oid);
644
645 int gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl,
646 int indx, void *oid,
647 size_t * sizeof_oid,
648 unsigned int *critical);
649
650 int gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl,
651 int indx, void *data,
652 size_t * sizeof_data);
653
654 int gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl,
655 const void *id, size_t id_size);
656
657 int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl,
658 const void *nr, size_t nr_size);
659
660
661 /* PKCS7 structures handling
662 */
663 struct gnutls_pkcs7_int;
664 typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
665
666 int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7);
667 void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7);
668 int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7,
669 const gnutls_datum_t * data,
670 gnutls_x509_crt_fmt_t format);
671 int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7,
672 gnutls_x509_crt_fmt_t format,
673 void *output_data, size_t * output_data_size);
674 int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7,
675 gnutls_x509_crt_fmt_t format,
676 gnutls_datum_t * out);
677
678 int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7);
679 int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, int indx,
680 void *certificate, size_t * certificate_size);
681
682 int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7,
683 const gnutls_datum_t * crt);
684 int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
685 int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx);
686
687 int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7,
688 int indx, void *crl, size_t * crl_size);
689 int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7);
690
691 int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7,
692 const gnutls_datum_t * crl);
693 int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
694 int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx);
695
696 /* X.509 Certificate verification functions.
697 */
698
699 /**
700 * gnutls_certificate_verify_flags:
701 * @GNUTLS_VERIFY_DISABLE_CA_SIGN: If set a signer does not have to be
702 * a certificate authority. This flag should normally be disabled,
703 * unless you know what this means.
704 * @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trusted
705 * list is never checked for expiration or activation.
706 * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA certificates
707 * with version 1. This is safer than %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT,
708 * and should be used instead. That way only signers in your trusted list
709 * will be allowed to have certificates of version 1. This is the default.
710 * @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA
711 * certificates that have version 1. This option is to be used
712 * to deprecate all certificates of version 1.
713 * @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by
714 * anyone trusted but exists in the trusted CA list do not treat it
715 * as trusted.
716 * @GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN: A certificate chain is tolerated
717 * if unsorted (the case with many TLS servers out there). This is the
718 * default since GnuTLS 3.1.4.
719 * @GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Do not tolerate an unsorted
720 * certificate chain.
721 * @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that
722 * have version 1 (both root and intermediate). This might be
723 * dangerous since those haven't the basicConstraints
724 * extension. Must be used in combination with
725 * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
726 * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed
727 * using the broken MD2 algorithm.
728 * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed
729 * using the broken MD5 algorithm.
730 * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation
731 * and expiration validity periods of certificate chains. Don't set
732 * this unless you understand the security implications.
733 * @GNUTLS_VERIFY_DISABLE_CRL_CHECKS: Disable checking for validity
734 * using certificate revocation lists or the available OCSP data.
735 *
736 * Enumeration of different certificate verify flags.
737 */
738 typedef enum gnutls_certificate_verify_flags {
739 GNUTLS_VERIFY_DISABLE_CA_SIGN = 1 << 0,
740 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 1 << 1,
741 GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1 << 2,
742 GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1 << 3,
743 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1 << 4,
744 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1 << 5,
745 GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1 << 6,
746 GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1 << 7,
747 GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1 << 8,
748 GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1 << 9,
749 GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10,
750 GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11,
751 } gnutls_certificate_verify_flags;
752
753 int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert,
754 gnutls_x509_crt_t issuer);
755
756 int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t *
757 cert_list, int cert_list_length,
758 const gnutls_x509_crt_t * CA_list,
759 int CA_list_length,
760 const gnutls_x509_crl_t * CRL_list,
761 int CRL_list_length,
762 unsigned int flags, unsigned int *verify);
763
764 int gnutls_x509_crt_verify(gnutls_x509_crt_t cert,
765 const gnutls_x509_crt_t * CA_list,
766 int CA_list_length, unsigned int flags,
767 unsigned int *verify);
768 int gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
769 const gnutls_x509_crt_t * CA_list,
770 int CA_list_length, unsigned int flags,
771 unsigned int *verify);
772
773 int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
774 const gnutls_x509_crl_t *
775 crl_list, int crl_list_length);
776
777 int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert,
778 gnutls_digest_algorithm_t algo,
779 void *buf, size_t * buf_size);
780
781 int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert,
782 int indx, void *oid,
783 size_t * oid_size,
784 unsigned int *critical);
785 int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert,
786 const void *oid,
787 unsigned int critical);
788
789 /* Private key handling.
790 */
791
792 /* Flags for the gnutls_x509_privkey_export_pkcs8() function.
793 */
794
795 #define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN
796 #define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES
797 #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR
798 #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40
799
800 /**
801 * gnutls_pkcs_encrypt_flags_t:
802 * @GNUTLS_PKCS_PLAIN: Unencrypted private key.
803 * @GNUTLS_PKCS_NULL_PASSWORD: Some schemas distinguish between an empty and a NULL password.
804 * @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES.
805 * @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR.
806 * @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40.
807 * @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES.
808 * @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128.
809 * @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192.
810 * @GNUTLS_PKCS_USE_PBES2_AES_256: PBES2 AES-256.
811 *
812 * Enumeration of different PKCS encryption flags.
813 */
814 typedef enum gnutls_pkcs_encrypt_flags_t {
815 GNUTLS_PKCS_PLAIN = 1,
816 GNUTLS_PKCS_USE_PKCS12_3DES = 2,
817 GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
818 GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
819 GNUTLS_PKCS_USE_PBES2_3DES = 16,
820 GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
821 GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
822 GNUTLS_PKCS_USE_PBES2_AES_256 = 128,
823 GNUTLS_PKCS_NULL_PASSWORD = 256
824 } gnutls_pkcs_encrypt_flags_t;
825
826 int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key);
827 void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key);
828 gnutls_sec_param_t
829 gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key);
830 int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst,
831 gnutls_x509_privkey_t src);
832 int gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
833 const gnutls_datum_t * data,
834 gnutls_x509_crt_fmt_t format);
835 int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key,
836 const gnutls_datum_t * data,
837 gnutls_x509_crt_fmt_t format,
838 const char *password,
839 unsigned int flags);
840 int gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key,
841 const gnutls_datum_t * data,
842 const char *password);
843
844 int gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
845 const gnutls_datum_t * data,
846 gnutls_x509_crt_fmt_t format,
847 const char *password, unsigned int flags);
848
849 int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key,
850 const gnutls_datum_t * m,
851 const gnutls_datum_t * e,
852 const gnutls_datum_t * d,
853 const gnutls_datum_t * p,
854 const gnutls_datum_t * q,
855 const gnutls_datum_t * u);
856 int gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
857 const gnutls_datum_t * m,
858 const gnutls_datum_t * e,
859 const gnutls_datum_t * d,
860 const gnutls_datum_t * p,
861 const gnutls_datum_t * q,
862 const gnutls_datum_t * u,
863 const gnutls_datum_t * e1,
864 const gnutls_datum_t * e2);
865 int gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key,
866 gnutls_ecc_curve_t curve,
867 const gnutls_datum_t * x,
868 const gnutls_datum_t * y,
869 const gnutls_datum_t * k);
870
871 int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key);
872
873 int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key,
874 gnutls_datum_t * p,
875 gnutls_datum_t * q,
876 gnutls_datum_t * g,
877 gnutls_datum_t * y,
878 gnutls_datum_t * x);
879 int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
880 const gnutls_datum_t * p,
881 const gnutls_datum_t * q,
882 const gnutls_datum_t * g,
883 const gnutls_datum_t * y,
884 const gnutls_datum_t * x);
885
886 int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key);
887 int gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t
888 key, unsigned int *bits);
889 int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key,
890 unsigned int flags,
891 unsigned char *output_data,
892 size_t * output_data_size);
893
894 int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,
895 gnutls_pk_algorithm_t algo,
896 unsigned int bits, unsigned int flags);
897 int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t key);
898
899 int gnutls_x509_privkey_export(gnutls_x509_privkey_t key,
900 gnutls_x509_crt_fmt_t format,
901 void *output_data,
902 size_t * output_data_size);
903 int gnutls_x509_privkey_export2(gnutls_x509_privkey_t key,
904 gnutls_x509_crt_fmt_t format,
905 gnutls_datum_t * out);
906 int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key,
907 gnutls_x509_crt_fmt_t format,
908 const char *password,
909 unsigned int flags,
910 void *output_data,
911 size_t * output_data_size);
912 int gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key,
913 gnutls_x509_crt_fmt_t format,
914 const char *password,
915 unsigned int flags,
916 gnutls_datum_t * out);
917 int gnutls_x509_privkey_export_rsa_raw2(gnutls_x509_privkey_t key,
918 gnutls_datum_t * m,
919 gnutls_datum_t * e,
920 gnutls_datum_t * d,
921 gnutls_datum_t * p,
922 gnutls_datum_t * q,
923 gnutls_datum_t * u,
924 gnutls_datum_t * e1,
925 gnutls_datum_t * e2);
926 int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key,
927 gnutls_datum_t * m,
928 gnutls_datum_t * e,
929 gnutls_datum_t * d,
930 gnutls_datum_t * p,
931 gnutls_datum_t * q,
932 gnutls_datum_t * u);
933 int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key,
934 gnutls_ecc_curve_t * curve,
935 gnutls_datum_t * x,
936 gnutls_datum_t * y,
937 gnutls_datum_t * k);
938 /* Certificate request stuff.
939 */
940
941 int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq,
942 gnutls_x509_privkey_t key,
943 gnutls_digest_algorithm_t dig,
944 unsigned int flags);
945
946 int gnutls_x509_crq_print(gnutls_x509_crq_t crq,
947 gnutls_certificate_print_formats_t
948 format, gnutls_datum_t * out);
949
950 int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags);
951
952 int gnutls_x509_crq_init(gnutls_x509_crq_t * crq);
953 void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq);
954 int gnutls_x509_crq_import(gnutls_x509_crq_t crq,
955 const gnutls_datum_t * data,
956 gnutls_x509_crt_fmt_t format);
957
958 int gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t
959 cert,
960 time_t *
961 activation,
962 time_t *
963 expiration, unsigned int
964 *critical);
965
966 int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf,
967 size_t * sizeof_buf);
968 int gnutls_x509_crq_get_dn2(gnutls_x509_crq_t crq, gnutls_datum_t * dn);
969 int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, int indx,
970 void *oid, size_t * sizeof_oid);
971 int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq,
972 const char *oid, int indx,
973 unsigned int raw_flag, void *buf,
974 size_t * sizeof_buf);
975 int gnutls_x509_crq_set_dn(gnutls_x509_crq_t crq, const char *dn,
976 const char **err);
977 int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq,
978 const char *oid,
979 unsigned int raw_flag,
980 const void *data,
981 unsigned int sizeof_data);
982 int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq,
983 unsigned int version);
984 int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq);
985 int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq,
986 gnutls_x509_privkey_t key);
987
988 int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq,
989 const char *pass);
990 int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq,
991 char *pass,
992 size_t * sizeof_pass);
993
994 int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq,
995 const char *oid,
996 void *buf, size_t sizeof_buf);
997 int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq,
998 const char *oid, int indx,
999 void *buf, size_t * sizeof_buf);
1000
1001 int gnutls_x509_crq_export(gnutls_x509_crq_t crq,
1002 gnutls_x509_crt_fmt_t format,
1003 void *output_data, size_t * output_data_size);
1004 int gnutls_x509_crq_export2(gnutls_x509_crq_t crq,
1005 gnutls_x509_crt_fmt_t format,
1006 gnutls_datum_t * out);
1007
1008 int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
1009 int gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt,
1010 gnutls_x509_crq_t crq);
1011
1012 int gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t
1013 crq,
1014 time_t activation,
1015 time_t expiration);
1016 int gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq,
1017 const gnutls_datum_t * m,
1018 const gnutls_datum_t * e);
1019 int gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq,
1020 gnutls_x509_subject_alt_name_t
1021 nt, const void *data,
1022 unsigned int data_size,
1023 unsigned int flags);
1024
1025 int gnutls_x509_crq_set_key_usage(gnutls_x509_crq_t crq,
1026 unsigned int usage);
1027 int gnutls_x509_crq_set_basic_constraints(gnutls_x509_crq_t crq,
1028 unsigned int ca,
1029 int pathLenConstraint);
1030 int gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq,
1031 const void *oid,
1032 unsigned int critical);
1033 int gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq,
1034 int indx, void *oid,
1035 size_t * sizeof_oid,
1036 unsigned int *critical);
1037
1038 int gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq,
1039 int indx, void *data,
1040 size_t * sizeof_data);
1041 int gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq,
1042 int indx, void *oid,
1043 size_t * sizeof_oid,
1044 unsigned int *critical);
1045 int gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq,
1046 int indx, void *data,
1047 size_t * sizeof_data);
1048 int gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq,
1049 int indx, void *oid,
1050 size_t * sizeof_oid);
1051 int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq,
1052 unsigned int *bits);
1053
1054 int gnutls_x509_crq_get_key_id(gnutls_x509_crq_t crq,
1055 unsigned int flags,
1056 unsigned char *output_data,
1057 size_t * output_data_size);
1058 int gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t crq,
1059 gnutls_datum_t * m,
1060 gnutls_datum_t * e);
1061
1062 int gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t crq,
1063 unsigned int *key_usage,
1064 unsigned int *critical);
1065 int gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq,
1066 unsigned int *critical,
1067 unsigned int *ca, int *pathlen);
1068 int gnutls_x509_crq_get_subject_alt_name(gnutls_x509_crq_t crq,
1069 unsigned int seq,
1070 void *ret,
1071 size_t * ret_size,
1072 unsigned int *ret_type,
1073 unsigned int *critical);
1074 int gnutls_x509_crq_get_subject_alt_othername_oid(gnutls_x509_crq_t
1075 crq,
1076 unsigned int seq,
1077 void *ret,
1078 size_t * ret_size);
1079
1080 int gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq,
1081 const char *oid, int indx,
1082 void *buf,
1083 size_t * sizeof_buf,
1084 unsigned int *critical);
1085
1086 typedef struct gnutls_x509_trust_list_st *gnutls_x509_trust_list_t;
1087
1088 int
1089 gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list,
1090 unsigned int size);
1091
1092 void
1093 gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list,
1094 unsigned int all);
1095
1096 int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t
1097 list, gnutls_x509_crt_t cert,
1098 gnutls_x509_crt_t * issuer,
1099 unsigned int flags);
1100
1101 int
1102 gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list,
1103 const gnutls_x509_crt_t * clist,
1104 int clist_size, unsigned int flags);
1105 int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t
1106 list,
1107 const gnutls_x509_crt_t *
1108 clist, int clist_size);
1109
1110 int gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t
1111 list,
1112 gnutls_x509_crt_t cert,
1113 const void *name,
1114 size_t name_size,
1115 unsigned int flags);
1116
1117 #define GNUTLS_TL_VERIFY_CRL 1
1118 int
1119 gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list,
1120 const gnutls_x509_crl_t *
1121 crl_list, int crl_size,
1122 unsigned int flags,
1123 unsigned int verification_flags);
1124
1125 typedef int gnutls_verify_output_function(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, /* The issuer if verification failed
1126 * because of him. might be null.
1127 */
1128 gnutls_x509_crl_t crl, /* The CRL that caused verification failure
1129 * if any. Might be null.
1130 */
1131 unsigned int
1132 verification_output);
1133
1134 int gnutls_x509_trust_list_verify_named_crt
1135 (gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert,
1136 const void *name, size_t name_size, unsigned int flags,
1137 unsigned int *verify, gnutls_verify_output_function func);
1138
1139 int
1140 gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
1141 gnutls_x509_crt_t * cert_list,
1142 unsigned int cert_list_size,
1143 unsigned int flags,
1144 unsigned int *verify,
1145 gnutls_verify_output_function func);
1146
1147 /* trust list convenience functions */
1148 int
1149 gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t
1150 list,
1151 const gnutls_datum_t * cas,
1152 const gnutls_datum_t * crls,
1153 gnutls_x509_crt_fmt_t type,
1154 unsigned int tl_flags,
1155 unsigned int tl_vflags);
1156
1157 int
1158 gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t
1159 list, const char *ca_file,
1160 const char *crl_file,
1161 gnutls_x509_crt_fmt_t type,
1162 unsigned int tl_flags,
1163 unsigned int tl_vflags);
1164
1165 int
1166 gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t
1167 list,
1168 const char *ca_file,
1169 gnutls_x509_crt_fmt_t type);
1170
1171 int
1172 gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t
1173 list,
1174 const gnutls_datum_t *
1175 cas, gnutls_x509_crt_fmt_t type);
1176
1177 int
1178 gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t
1179 list,
1180 unsigned int tl_flags,
1181 unsigned int tl_vflags);
1182
1183 void gnutls_certificate_set_trust_list
1184 (gnutls_certificate_credentials_t res,
1185 gnutls_x509_trust_list_t tlist, unsigned flags);
1186
1187 /* *INDENT-OFF* */
1188 #ifdef __cplusplus
1189 }
1190 #endif
1191 /* *INDENT-ON* */
1192 #endif /* GNUTLS_X509_H */
A free Windows-compatible Operating System