** libgnutls-dane: Updated DANE verification options.
** API and ABI modifications:
-No changes since last version.
+gnutls_x509_crt_get_issuer_dn2: Added
+gnutls_x509_crt_get_dn2: Added
+gnutls_x509_crl_get_issuer_dn2: Added
+gnutls_x509_crq_get_dn2: Added
* Version 3.1.9 (released 2013-02-27)
int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
size_t * buf_size);
+ int gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn);
int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx,
void *oid, size_t * oid_size);
int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
void *buf, size_t * buf_size);
int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
size_t * buf_size);
+ int gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn);
int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx,
void *oid, size_t * oid_size);
int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
gnutls_datum_t * dn);
- int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl,
+ int gnutls_x509_crl_get_issuer_dn (gnutls_x509_crl_t crl,
char *buf, size_t * sizeof_buf);
+ int gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t* dn);
int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
const char *oid, int indx,
unsigned int raw_flag,
int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf,
size_t * sizeof_buf);
+ int gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t* dn);
int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx,
void *oid, size_t * sizeof_oid);
int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,
gnutls_transport_get_int2;
gnutls_transport_get_int;
gnutls_pkcs11_privkey_status;
+ gnutls_x509_crt_get_issuer_dn2;
+ gnutls_x509_crt_get_dn2;
+ gnutls_x509_crl_get_issuer_dn2;
+ gnutls_x509_crq_get_dn2;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {
oid, sizeof_oid);
}
+/**
+ * gnutls_x509_crl_get_issuer_dn2:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @dn: a pointer to a structure to hold the name
+ *
+ * This function will allocate buffer and copy the name of the CRL issuer.
+ * The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC4514. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value. and a negative error code on error.
+ *
+ * Since: 3.1.10
+ **/
+int
+gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t * dn)
+{
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn (crl->crl,
+ "tbsCertList.issuer.rdnSequence", dn);
+}
/**
* gnutls_x509_crl_get_signature_algorithm:
buf, buf_size);
}
+/**
+ * gnutls_x509_crq_get_dn2:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @dn: a pointer to a structure to hold the name
+ *
+ * This function will allocate buffer and copy the name of the Certificate
+ * request. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC4514. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value. and a negative error code on error.
+ *
+ * Since: 3.1.10
+ **/
+int
+gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t * dn)
+{
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn (crq->crq,
+ "certificationRequestInfo.subject.rdnSequence", dn);
+}
+
/**
* gnutls_x509_crq_get_dn_by_oid:
* @crq: should contain a gnutls_x509_crq_t structure
return ret;
}
+int
+_gnutls_x509_get_dn (ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, gnutls_datum_t * dn)
+{
+char * buf;
+size_t buf_size;
+int ret;
+
+ buf_size = 384;
+ buf = gnutls_malloc(buf_size);
+ if (buf == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret = _gnutls_x509_parse_dn (asn1_struct,
+ asn1_rdn_name, buf, &buf_size);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ buf = gnutls_realloc_fast(buf, buf_size);
+ if (buf == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret = _gnutls_x509_parse_dn (asn1_struct,
+ asn1_rdn_name, buf, &buf_size);
+ }
+
+ if (ret < 0)
+ {
+ gnutls_free(buf);
+ return gnutls_assert_val(ret);
+ }
+
+ dn->data = (void*)buf;
+ dn->size = buf_size;
+
+ return ret;
+}
+
+
/* Parses an X509 DN in the asn1_struct, and puts the output into
* the string buf. The output is an LDAP encoded DN.
*
buf_size);
}
+/**
+ * gnutls_x509_crt_get_issuer_dn2:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @dn: a pointer to a structure to hold the name
+ *
+ * This function will allocate buffer and copy the name of issuer of the Certificate.
+ * The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC4514. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value. and a negative error code on error.
+ *
+ * Since: 3.1.10
+ **/
+int
+gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn (cert->cert,
+ "tbsCertificate.issuer.rdnSequence", dn);
+}
+
/**
* gnutls_x509_crt_get_issuer_dn_by_oid:
* @cert: should contain a #gnutls_x509_crt_t structure
buf_size);
}
+/**
+ * gnutls_x509_crt_get_dn2:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @dn: a pointer to a structure to hold the name
+ *
+ * This function will allocate buffer and copy the name of the Certificate.
+ * The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC4514. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value. and a negative error code on error.
+ *
+ * Since: 3.1.10
+ **/
+int
+gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn (cert->cert,
+ "tbsCertificate.subject.rdnSequence", dn);
+}
+
/**
* gnutls_x509_crt_get_dn_by_oid:
* @cert: should contain a #gnutls_x509_crt_t structure
const char *asn1_rdn_name, char *buf,
size_t * sizeof_buf);
+int
+_gnutls_x509_get_dn (ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, gnutls_datum_t * dn);
+
int
_gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
const char *asn1_rdn_name,