]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
indented code.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 19 Jun 2011 07:46:56 +0000 (09:46 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 19 Jun 2011 07:59:32 +0000 (09:59 +0200)
Corrected PKCS #11 example.

doc/cha-cert-auth.texi
doc/examples/Makefile.am
doc/examples/ex-cert-select.c
doc/examples/ex-client-udp.c
doc/examples/ex-crq.c
doc/examples/ex-pkcs11-list.c [new file with mode: 0644]
doc/examples/ex-session-info.c
doc/examples/ex-verify.c

index a18b63f110f9b5eaaf3b6399c359e8483c08ee09..b51a3edacca8532a6959cca133ca8bb91f4be1da 100644 (file)
@@ -496,56 +496,25 @@ char* url;
 
 gnutls_global_init();
 
-for (i=0;;i++) {
-       ret = gnutls_pkcs11_token_get_url(i, &url);
-       if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
-               break;
-
-       if (ret < 0)
-               exit(1);
+for (i=0;;i++) 
+  {
+    ret = gnutls_pkcs11_token_get_url(i, &url);
+    if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+      break;
+
+    if (ret < 0)
+      exit(1);
                
-       fprintf(stdout, "Token[%d]: URL: %s\n", i, url);
-       gnutls_free(url);
-}
+    fprintf(stdout, "Token[%d]: URL: %s\n", i, url);
+    gnutls_free(url);
+  }
 gnutls_global_deinit();
 @end verbatim
 
 
 The next one will list all certificates in a token, that have a corresponding
 private key:
-@verbatim
-gnutls_pkcs11_obj_t *obj_list;
-unsigned int obj_list_size = 0;
-gnutls_datum_t cinfo;
-int i;
-
-obj_list_size = 0;
-ret = gnutls_pkcs11_obj_list_import_url( obj_list, NULL, url, \
-                       GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY);
-if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
-       exit(1);
-
-/* no error checking from now on */
-obj_list = malloc(sizeof(*obj_list)*obj_list_size);
-
-gnutls_pkcs11_obj_list_import_url( obj_list, &obj_list_size, url, flags);
-
-/* now all certificates are in obj_list */
-for (i=0;i<obj_list_size;i++) {
-
-       gnutls_x509_crt_init(&xcrt);
-
-       gnutls_x509_crt_import_pkcs11(xcrt, obj_list[i]);
-               
-       gnutls_x509_crt_print (xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo);
-
-       fprintf(stdout, "cert[%d]:\n %s\n\n", cinfo.data);
-
-       gnutls_free(cinfo.data);
-       gnutls_x509_crt_deinit(&xcrt);
-}
-@end verbatim
-
+@verbatiminclude examples/ex-pkcs11-list.c
 
 @subsection Writing Objects
 
index 112614fe700e69c9a3dba8e3c677a1d2e747b2dd..692ac6b3a07cee6307f1218e8cfbea3b55fa2d1f 100644 (file)
@@ -81,4 +81,4 @@ noinst_LTLIBRARIES = libexamples.la
 
 libexamples_la_SOURCES = examples.h ex-alert.c ex-pkcs12.c             \
        ex-session-info.c ex-x509-info.c ex-verify.c    \
-       tcp.c udp.c
+       tcp.c udp.c ex-pkcs11-list.c
index 461820cb4e66e53de4269329ae4fafee1e2984e2..43f666fda87ba41deec6039dfe9f3e98b6cb649b 100644 (file)
@@ -35,8 +35,8 @@ static int
 cert_callback (gnutls_session_t session,
                const gnutls_datum_t * req_ca_rdn, int nreqs,
                const gnutls_pk_algorithm_t * sign_algos,
-               int sign_algos_length, gnutls_pcert_st** pcert,
-               unsigned int *pcert_length, gnutls_privkey_t* pkey);
+               int sign_algos_length, gnutls_pcert_st ** pcert,
+               unsigned int *pcert_length, gnutls_privkey_t * pkey);
 
 gnutls_pcert_st crt;
 gnutls_privkey_t key;
@@ -88,8 +88,8 @@ load_keys (void)
       fprintf (stderr, "*** Error loading certificate file.\n");
       exit (1);
     }
-  
-  ret = gnutls_pcert_import_x509_raw(&crt, &data, GNUTLS_X509_FMT_PEM, 0);
+
+  ret = gnutls_pcert_import_x509_raw (&crt, &data, GNUTLS_X509_FMT_PEM, 0);
   if (ret < 0)
     {
       fprintf (stderr, "*** Error loading certificate file: %s\n",
@@ -118,10 +118,12 @@ load_keys (void)
 
   gnutls_privkey_init (&key);
 
-  ret = gnutls_privkey_import_x509(key, x509_key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+  ret =
+    gnutls_privkey_import_x509 (key, x509_key,
+                                GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
   if (ret < 0)
     {
-      fprintf (stderr, "*** Error importing key: %s\n", 
+      fprintf (stderr, "*** Error importing key: %s\n",
                gnutls_strerror (ret));
       exit (1);
     }
@@ -237,8 +239,8 @@ static int
 cert_callback (gnutls_session_t session,
                const gnutls_datum_t * req_ca_rdn, int nreqs,
                const gnutls_pk_algorithm_t * sign_algos,
-               int sign_algos_length, gnutls_pcert_st** pcert,
-               unsigned int *pcert_length, gnutls_privkey_t* pkey)
+               int sign_algos_length, gnutls_pcert_st ** pcert,
+               unsigned int *pcert_length, gnutls_privkey_t * pkey)
 {
   char issuer_dn[256];
   int i, ret;
index f49d3d28ca5a422743e87f58f956d3cc91d14efc..a2e6cccad6be6c382cc6695700708d1d0243772d 100644 (file)
@@ -42,7 +42,7 @@ main (void)
   gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
 
   /* Initialize TLS session */
-  gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM);
+  gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
 
   /* Use default priorities */
   ret = gnutls_priority_set_direct (session, "NORMAL", &err);
@@ -62,7 +62,7 @@ main (void)
   sd = udp_connect ();
 
   gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
-  
+
   /* set the connection MTU */
   gnutls_dtls_set_mtu (session, 1000);
 
index 4b5f337d132e244c05e34be57ccac169bd85ad8b..6f92f113e1caa26a9970ffe8b4c0b0021c1a00ca 100644 (file)
@@ -21,7 +21,7 @@ main (void)
 {
   gnutls_x509_crq_t crq;
   gnutls_x509_privkey_t key;
-  gnutls_privkey_t pkey; /* object used for signing */
+  gnutls_privkey_t pkey;        /* object used for signing */
   unsigned char buffer[10 * 1024];
   size_t buffer_size = sizeof (buffer);
   unsigned int bits;
@@ -63,7 +63,7 @@ main (void)
 
   /* Self sign the certificate request.
    */
-  gnutls_privkey_import_x509pkey, key, 0);
+  gnutls_privkey_import_x509 (pkey, key, 0);
   gnutls_x509_crq_privkey_sign (crq, pkey, GNUTLS_DIG_SHA1, 0);
 
   /* Export the PEM encoded certificate request, and
diff --git a/doc/examples/ex-pkcs11-list.c b/doc/examples/ex-pkcs11-list.c
new file mode 100644 (file)
index 0000000..2f222bc
--- /dev/null
@@ -0,0 +1,48 @@
+#include <gnutls/gnutls.h>
+#include <gnutls/pkcs11.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define URL "pkcs11:URL"
+
+int
+main ()
+{
+  gnutls_pkcs11_obj_t *obj_list;
+  gnutls_x509_crt_t xcrt;
+  unsigned int obj_list_size = 0;
+  gnutls_datum_t cinfo;
+  int i, ret;
+
+  obj_list_size = 0;
+  ret = gnutls_pkcs11_obj_list_import_url (NULL, &obj_list_size, URL,
+                                           GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY,
+                                           0);
+  if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+    return -1;
+
+/* no error checking from now on */
+  obj_list = malloc (sizeof (*obj_list) * obj_list_size);
+
+  gnutls_pkcs11_obj_list_import_url (obj_list, &obj_list_size, URL,
+                                     GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY,
+                                     0);
+
+/* now all certificates are in obj_list */
+  for (i = 0; i < obj_list_size; i++)
+    {
+
+      gnutls_x509_crt_init (&xcrt);
+
+      gnutls_x509_crt_import_pkcs11 (xcrt, obj_list[i]);
+
+      gnutls_x509_crt_print (xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo);
+
+      fprintf (stdout, "cert[%d]:\n %s\n\n", i, cinfo.data);
+
+      gnutls_free (cinfo.data);
+      gnutls_x509_crt_deinit (xcrt);
+    }
+
+  return 0;
+}
index 19fe5f91adaebbceac955f8b43af81c3c8a8487d..e5f0b545e7ca98c3c3747aaf8f8fae708d17fd74 100644 (file)
@@ -68,7 +68,7 @@ print_info (gnutls_session_t session)
 
     case GNUTLS_CRD_ANON:      /* anonymous authentication */
 
-      printf("- Anonymous authentication.\n");
+      printf ("- Anonymous authentication.\n");
       if (kx == GNUTLS_KX_ANON_ECDH)
         ecdh = 1;
       else if (kx == GNUTLS_KX_ANON_DH)
@@ -92,8 +92,8 @@ print_info (gnutls_session_t session)
     }                           /* switch */
 
   if (ecdh != 0)
-    printf("- Ephemeral ECDH using curve %s\n", 
-           gnutls_ecc_curve_get_name(gnutls_ecc_curve_get(session)));
+    printf ("- Ephemeral ECDH using curve %s\n",
+            gnutls_ecc_curve_get_name (gnutls_ecc_curve_get (session)));
   else if (dhe != 0)
     printf ("- Ephemeral DH using prime of %d bits\n",
             gnutls_dh_get_prime_bits (session));
index 5d349216d7b22e3d65377eff9183b9bfab74b89d..0d52429e3a73302b520d941136ff0ab51684d585 100644 (file)
@@ -22,9 +22,10 @@ int crl_list_size;
 gnutls_x509_crt_t *ca_list;
 int ca_list_size;
 
-static int print_details_func(gnutls_x509_crt_t cert,
-    gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl, 
-    unsigned int verification_output);
+static int print_details_func (gnutls_x509_crt_t cert,
+                               gnutls_x509_crt_t issuer,
+                               gnutls_x509_crl_t crl,
+                               unsigned int verification_output);
 
 /* This function will try to verify the peer's certificate chain, and
  * also check if the hostname matches.
@@ -37,18 +38,18 @@ verify_certificate_chain (const char *hostname,
   int i;
   gnutls_x509_trust_list_t tlist;
   gnutls_x509_crt_t *cert;
-  
+
   unsigned int output;
 
   /* Initialize the trusted certificate list. This should be done
    * once on initialization. gnutls_x509_crt_list_import2() and
    * gnutls_x509_crl_list_import2() can be used to load them.
    */
-  gnutls_x509_trust_list_init(&tlist, 0);
+  gnutls_x509_trust_list_init (&tlist, 0);
 
-  gnutls_x509_trust_list_add_cas(tlist, ca_list, ca_list_size, 0);
-  gnutls_x509_trust_list_add_crls(tlist, crl_list, crl_list_size, 
-    GNUTLS_TL_VERIFY_CRL, 0);
+  gnutls_x509_trust_list_add_cas (tlist, ca_list, ca_list_size, 0);
+  gnutls_x509_trust_list_add_crls (tlist, crl_list, crl_list_size,
+                                   GNUTLS_TL_VERIFY_CRL, 0);
 
   cert = malloc (sizeof (*cert) * cert_chain_length);
 
@@ -61,15 +62,17 @@ verify_certificate_chain (const char *hostname,
       gnutls_x509_crt_import (cert[i], &cert_chain[i], GNUTLS_X509_FMT_DER);
     }
 
-  gnutls_x509_trust_list_verify_named_crt(tlist, cert[0], hostname, strlen(hostname), 
-    GNUTLS_VERIFY_DISABLE_CRL_CHECKS, &output, print_details_func);
+  gnutls_x509_trust_list_verify_named_crt (tlist, cert[0], hostname,
+                                           strlen (hostname),
+                                           GNUTLS_VERIFY_DISABLE_CRL_CHECKS,
+                                           &output, print_details_func);
 
   /* if this certificate is not explicitly trusted verify against CAs 
    */
   if (output != 0)
     {
-      gnutls_x509_trust_list_verify_crt(tlist, cert, cert_chain_length, 0, 
-        &output, print_details_func);
+      gnutls_x509_trust_list_verify_crt (tlist, cert, cert_chain_length, 0,
+                                         &output, print_details_func);
     }
 
   if (output & GNUTLS_CERT_INVALID)
@@ -98,14 +101,15 @@ verify_certificate_chain (const char *hostname,
               hostname);
     }
 
-  gnutls_x509_trust_list_deinit(tlist, 1);
+  gnutls_x509_trust_list_deinit (tlist, 1);
 
   return;
 }
 
-static int print_details_func(gnutls_x509_crt_t cert,
-    gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl, 
-    unsigned int verification_output)
+static int
+print_details_func (gnutls_x509_crt_t cert,
+                    gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl,
+                    unsigned int verification_output)
 {
   char name[512];
   char issuer_name[512];