diff options
Diffstat (limited to 'doc/doxyout/hx509/man')
172 files changed, 3562 insertions, 0 deletions
diff --git a/doc/doxyout/hx509/man/man3/hx509.3 b/doc/doxyout/hx509/man/man3/hx509.3 new file mode 100644 index 000000000000..7fe04c71f6bf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509.3 @@ -0,0 +1,45 @@ +.TH "hx509 library" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 library \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_context_init\fP (hx509_context *context)" +.br +.ti -1c +.RI "void \fBhx509_context_free\fP (hx509_context *context)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_context_free (hx509_context * context)" +.PP +Free the context allocated by \fBhx509_context_init()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP context to be freed. +.RE +.PP + +.SS "int hx509_context_init (hx509_context * context)" +.PP +Creates a hx509 context that most functions in the library uses. The context is only allowed to be used by one thread at each moment. Free the context with \fBhx509_context_free()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP Returns a pointer to new hx509 context. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_bitstring_print.3 b/doc/doxyout/hx509/man/man3/hx509_bitstring_print.3 new file mode 100644 index 000000000000..2577d70ee906 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_bitstring_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca.3 b/doc/doxyout/hx509/man/man3/hx509_ca.3 new file mode 100644 index 000000000000..3f0c947cbfd3 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca.3 @@ -0,0 +1,573 @@ +.TH "hx509 CA functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 CA functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_ca_tbs_init\fP (hx509_context context, hx509_ca_tbs *tbs)" +.br +.ti -1c +.RI "void \fBhx509_ca_tbs_free\fP (hx509_ca_tbs *tbs)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_notBefore\fP (hx509_context context, hx509_ca_tbs tbs, time_t t)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_notAfter\fP (hx509_context context, hx509_ca_tbs tbs, time_t t)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_notAfter_lifetime\fP (hx509_context context, hx509_ca_tbs tbs, time_t delta)" +.br +.ti -1c +.RI "struct units * \fBhx509_ca_tbs_template_units\fP (void)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_template\fP (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_ca\fP (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_proxy\fP (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_domaincontroller\fP (hx509_context context, hx509_ca_tbs tbs)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_spki\fP (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo *spki)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_serialnumber\fP (hx509_context context, hx509_ca_tbs tbs, const heim_integer *serialNumber)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_eku\fP (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_crl_dp_uri\fP (hx509_context context, hx509_ca_tbs tbs, const char *uri, hx509_name issuername)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_otherName\fP (hx509_context context, hx509_ca_tbs tbs, const heim_oid *oid, const heim_octet_string *os)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_pkinit\fP (hx509_context context, hx509_ca_tbs tbs, const char *principal)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_ms_upn\fP (hx509_context context, hx509_ca_tbs tbs, const char *principal)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_jid\fP (hx509_context context, hx509_ca_tbs tbs, const char *jid)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_hostname\fP (hx509_context context, hx509_ca_tbs tbs, const char *dnsname)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_add_san_rfc822name\fP (hx509_context context, hx509_ca_tbs tbs, const char *rfc822Name)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_subject\fP (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_set_unique\fP (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string *subjectUniqueID, const heim_bit_string *issuerUniqueID)" +.br +.ti -1c +.RI "int \fBhx509_ca_tbs_subject_expand\fP (hx509_context context, hx509_ca_tbs tbs, hx509_env env)" +.br +.ti -1c +.RI "int \fBhx509_ca_sign\fP (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert *certificate)" +.br +.ti -1c +.RI "int \fBhx509_ca_sign_self\fP (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert *certificate)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBHx509 CA functions\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_ca_sign (hx509_context context, hx509_ca_tbs tbs, hx509_cert signer, hx509_cert * certificate)" +.PP +Sign a to-be-signed certificate object with a issuer certificate. +.PP +The caller needs to at least have called the following functions on the to-be-signed certificate object: +.IP "\(bu" 2 +\fBhx509_ca_tbs_init()\fP +.IP "\(bu" 2 +\fBhx509_ca_tbs_set_subject()\fP +.IP "\(bu" 2 +\fBhx509_ca_tbs_set_spki()\fP +.PP +.PP +When done the to-be-signed certificate object should be freed with \fBhx509_ca_tbs_free()\fP. +.PP +When creating self-signed certificate use \fBhx509_ca_sign_self()\fP instead. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIsigner\fP the CA certificate object to sign with (need private key). +.br +\fIcertificate\fP return cerificate, free with \fBhx509_cert_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_sign_self (hx509_context context, hx509_ca_tbs tbs, hx509_private_key signer, hx509_cert * certificate)" +.PP +Work just like \fBhx509_ca_sign()\fP but signs it-self. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIsigner\fP private key to sign with. +.br +\fIcertificate\fP return cerificate, free with \fBhx509_cert_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_crl_dp_uri (hx509_context context, hx509_ca_tbs tbs, const char * uri, hx509_name issuername)" +.PP +Add CRL distribution point URI to the to-be-signed certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIuri\fP uri to the CRL. +.br +\fIissuername\fP name of the issuer. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.PP +issuername not supported +.SS "int hx509_ca_tbs_add_eku (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid)" +.PP +An an extended key usage to the to-be-signed certificate object. Duplicates will detected and not added. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIoid\fP extended key usage to add. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_hostname (hx509_context context, hx509_ca_tbs tbs, const char * dnsname)" +.PP +Add a Subject Alternative Name hostname to to-be-signed certificate object. A domain match starts with ., an exact match does not. +.PP +Example of a an domain match: .domain.se matches the hostname host.domain.se. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIdnsname\fP a hostame. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_jid (hx509_context context, hx509_ca_tbs tbs, const char * jid)" +.PP +Add a Jabber/XMPP jid Subject Alternative Name to the to-be-signed certificate object. The jid is an UTF8 string. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIjid\fP string of an a jabber id in UTF8. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_ms_upn (hx509_context context, hx509_ca_tbs tbs, const char * principal)" +.PP +Add Microsoft UPN Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIprincipal\fP Microsoft UPN string. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_otherName (hx509_context context, hx509_ca_tbs tbs, const heim_oid * oid, const heim_octet_string * os)" +.PP +Add Subject Alternative Name otherName to the to-be-signed certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIoid\fP the oid of the OtherName. +.br +\fIos\fP data in the other name. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_pkinit (hx509_context context, hx509_ca_tbs tbs, const char * principal)" +.PP +Add Kerberos Subject Alternative Name to the to-be-signed certificate object. The principal string is a UTF8 string. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIprincipal\fP Kerberos principal to add to the certificate. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_add_san_rfc822name (hx509_context context, hx509_ca_tbs tbs, const char * rfc822Name)" +.PP +Add a Subject Alternative Name rfc822 (email address) to to-be-signed certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIrfc822Name\fP a string to a email address. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_ca_tbs_free (hx509_ca_tbs * tbs)" +.PP +Free an To Be Signed object. +.PP +\fBParameters:\fP +.RS 4 +\fItbs\fP object to free. +.RE +.PP + +.SS "int hx509_ca_tbs_init (hx509_context context, hx509_ca_tbs * tbs)" +.PP +Allocate an to-be-signed certificate object that will be converted into an certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP returned to-be-signed certicate object, free with \fBhx509_ca_tbs_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_ca (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +.PP +Make the to-be-signed certificate object a CA certificate. If the pathLenConstraint is negative path length constraint is used. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIpathLenConstraint\fP path length constraint, negative, no constraint. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_domaincontroller (hx509_context context, hx509_ca_tbs tbs)" +.PP +Make the to-be-signed certificate object a windows domain controller certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_notAfter (hx509_context context, hx509_ca_tbs tbs, time_t t)" +.PP +Set the absolute time when the certificate is valid to. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIt\fP time when the certificate will expire +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_notAfter_lifetime (hx509_context context, hx509_ca_tbs tbs, time_t delta)" +.PP +Set the relative time when the certificiate is going to expire. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIdelta\fP seconds to the certificate is going to expire. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_notBefore (hx509_context context, hx509_ca_tbs tbs, time_t t)" +.PP +Set the absolute time when the certificate is valid from. If not set the current time will be used. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIt\fP time the certificated will start to be valid +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_proxy (hx509_context context, hx509_ca_tbs tbs, int pathLenConstraint)" +.PP +Make the to-be-signed certificate object a proxy certificate. If the pathLenConstraint is negative path length constraint is used. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIpathLenConstraint\fP path length constraint, negative, no constraint. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_serialnumber (hx509_context context, hx509_ca_tbs tbs, const heim_integer * serialNumber)" +.PP +Set the serial number to use for to-be-signed certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIserialNumber\fP serial number to use for the to-be-signed certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_spki (hx509_context context, hx509_ca_tbs tbs, const SubjectPublicKeyInfo * spki)" +.PP +Set the subject public key info (SPKI) in the to-be-signed certificate object. SPKI is the public key and key related parameters in the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIspki\fP subject public key info to use for the to-be-signed certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_subject (hx509_context context, hx509_ca_tbs tbs, hx509_name subject)" +.PP +Set the subject name of a to-be-signed certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIsubject\fP the name to set a subject. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_template (hx509_context context, hx509_ca_tbs tbs, int flags, hx509_cert cert)" +.PP +Initialize the to-be-signed certificate object from a template certifiate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIflags\fP bit field selecting what to copy from the template certifiate. +.br +\fIcert\fP template certificate. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_set_unique (hx509_context context, hx509_ca_tbs tbs, const heim_bit_string * subjectUniqueID, const heim_bit_string * issuerUniqueID)" +.PP +Set the issuerUniqueID and subjectUniqueID +.PP +These are only supposed to be used considered with version 2 certificates, replaced by the two extensions SubjectKeyIdentifier and IssuerKeyIdentifier. This function is to allow application using legacy protocol to issue them. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIissuerUniqueID\fP to be set +.br +\fIsubjectUniqueID\fP to be set +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ca_tbs_subject_expand (hx509_context context, hx509_ca_tbs tbs, hx509_env env)" +.PP +Expand the the subject name in the to-be-signed certificate object using \fBhx509_name_expand()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fItbs\fP object to be signed. +.br +\fIenv\fP enviroment variable to expand variables in the subject name, see hx509_env_init(). +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "struct units* hx509_ca_tbs_template_units (void)\fC [read]\fP" +.PP +Make of template units, use to build flags argument to \fBhx509_ca_tbs_set_template()\fP with parse_units(). +.PP +\fBReturns:\fP +.RS 4 +an units structure. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_sign.3 b/doc/doxyout/hx509/man/man3/hx509_ca_sign.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_sign.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_sign_self.3 b/doc/doxyout/hx509/man/man3/hx509_ca_sign_self.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_sign_self.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_crl_dp_uri.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_crl_dp_uri.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_crl_dp_uri.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_eku.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_eku.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_eku.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_hostname.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_hostname.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_hostname.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_jid.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_jid.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_jid.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_ms_upn.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_ms_upn.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_ms_upn.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_otherName.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_otherName.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_otherName.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_pkinit.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_pkinit.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_pkinit.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_rfc822name.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_rfc822name.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_add_san_rfc822name.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_free.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_free.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_free.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_init.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_init.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_init.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_ca.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_ca.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_ca.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_domaincontroller.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_domaincontroller.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_domaincontroller.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter_lifetime.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter_lifetime.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notAfter_lifetime.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notBefore.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notBefore.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_notBefore.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_proxy.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_proxy.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_proxy.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_serialnumber.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_serialnumber.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_serialnumber.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_spki.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_spki.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_spki.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_subject.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_subject.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_subject.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_template.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_template.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_template.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_unique.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_unique.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_set_unique.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_subject_expand.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_subject_expand.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_subject_expand.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ca_tbs_template_units.3 b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_template_units.3 new file mode 100644 index 000000000000..8b46f5ce9b89 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ca_tbs_template_units.3 @@ -0,0 +1 @@ +.so man3/hx509_ca.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert.3 b/doc/doxyout/hx509/man/man3/hx509_cert.3 new file mode 100644 index 000000000000..8ecd598cb7d4 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert.3 @@ -0,0 +1,700 @@ +.TH "hx509 certificate functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 certificate functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_cert_init\fP (hx509_context context, const Certificate *c, hx509_cert *cert)" +.br +.ti -1c +.RI "int \fBhx509_cert_init_data\fP (hx509_context context, const void *ptr, size_t len, hx509_cert *cert)" +.br +.ti -1c +.RI "void \fBhx509_cert_free\fP (hx509_cert cert)" +.br +.ti -1c +.RI "hx509_cert \fBhx509_cert_ref\fP (hx509_cert cert)" +.br +.ti -1c +.RI "void \fBhx509_verify_ctx_f_allow_default_trustanchors\fP (hx509_verify_ctx ctx, int boolean)" +.br +.ti -1c +.RI "int \fBhx509_cert_find_subjectAltName_otherName\fP (hx509_context context, hx509_cert cert, const heim_oid *oid, hx509_octet_string_list *list)" +.br +.ti -1c +.RI "int \fBhx509_cert_cmp\fP (hx509_cert p, hx509_cert q)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_issuer\fP (hx509_cert p, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_subject\fP (hx509_cert p, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_base_subject\fP (hx509_context context, hx509_cert c, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_serialnumber\fP (hx509_cert p, heim_integer *i)" +.br +.ti -1c +.RI "time_t \fBhx509_cert_get_notBefore\fP (hx509_cert p)" +.br +.ti -1c +.RI "time_t \fBhx509_cert_get_notAfter\fP (hx509_cert p)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_SPKI\fP (hx509_context context, hx509_cert p, SubjectPublicKeyInfo *spki)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_SPKI_AlgorithmIdentifier\fP (hx509_context context, hx509_cert p, AlgorithmIdentifier *alg)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_issuer_unique_id\fP (hx509_context context, hx509_cert p, heim_bit_string *issuer)" +.br +.ti -1c +.RI "int \fBhx509_cert_get_subject_unique_id\fP (hx509_context context, hx509_cert p, heim_bit_string *subject)" +.br +.ti -1c +.RI "int \fBhx509_verify_hostname\fP (hx509_context context, const hx509_cert cert, int flags, hx509_hostname_type type, const char *hostname, const struct sockaddr *sa, int sa_size)" +.br +.ti -1c +.RI "hx509_cert_attribute \fBhx509_cert_get_attribute\fP (hx509_cert cert, const heim_oid *oid)" +.br +.ti -1c +.RI "int \fBhx509_cert_set_friendly_name\fP (hx509_cert cert, const char *name)" +.br +.ti -1c +.RI "const char * \fBhx509_cert_get_friendly_name\fP (hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_query_alloc\fP (hx509_context context, hx509_query **q)" +.br +.ti -1c +.RI "void \fBhx509_query_match_option\fP (hx509_query *q, hx509_query_option option)" +.br +.ti -1c +.RI "int \fBhx509_query_match_issuer_serial\fP (hx509_query *q, const Name *issuer, const heim_integer *serialNumber)" +.br +.ti -1c +.RI "int \fBhx509_query_match_friendly_name\fP (hx509_query *q, const char *name)" +.br +.ti -1c +.RI "int \fBhx509_query_match_eku\fP (hx509_query *q, const heim_oid *eku)" +.br +.ti -1c +.RI "int \fBhx509_query_match_cmp_func\fP (hx509_query *q, int(*func)(hx509_context, hx509_cert, void *), void *ctx)" +.br +.ti -1c +.RI "void \fBhx509_query_free\fP (hx509_context context, hx509_query *q)" +.br +.ti -1c +.RI "void \fBhx509_query_statistic_file\fP (hx509_context context, const char *fn)" +.br +.ti -1c +.RI "void \fBhx509_query_unparse_stats\fP (hx509_context context, int printtype, FILE *out)" +.br +.ti -1c +.RI "int \fBhx509_cert_check_eku\fP (hx509_context context, hx509_cert cert, const heim_oid *eku, int allow_any_eku)" +.br +.ti -1c +.RI "int \fBhx509_cert_binary\fP (hx509_context context, hx509_cert c, heim_octet_string *os)" +.br +.ti -1c +.RI "int \fBhx509_print_cert\fP (hx509_context context, hx509_cert cert, FILE *out)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBThe basic certificate\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_cert_binary (hx509_context context, hx509_cert c, heim_octet_string * os)" +.PP +Encodes the hx509 certificate as a DER encode binary. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIc\fP the certificate to encode. +.br +\fIos\fP the encode certificate, set to NULL, 0 on case of error. Free the os->data with \fBhx509_xfree()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_check_eku (hx509_context context, hx509_cert cert, const heim_oid * eku, int allow_any_eku)" +.PP +Check the extended key usage on the hx509 certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIcert\fP A hx509 context. +.br +\fIeku\fP the EKU to check for +.br +\fIallow_any_eku\fP if the any EKU is set, allow that to be a substitute. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_cmp (hx509_cert p, hx509_cert q)" +.PP +Compare to hx509 certificate object, useful for sorting. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.br +\fIq\fP a hx509 certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 the objects are the same, returns > 0 is p is 'larger' then q, < 0 if p is 'smaller' then q. +.RE +.PP + +.SS "int hx509_cert_find_subjectAltName_otherName (hx509_context context, hx509_cert cert, const heim_oid * oid, hx509_octet_string_list * list)" +.PP +Return a list of subjectAltNames specified by oid in the certificate. On error the +.PP +The returned list of octet string should be freed with \fBhx509_free_octet_string_list()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIcert\fP a hx509 certificate object. +.br +\fIoid\fP an oid to for SubjectAltName. +.br +\fIlist\fP list of matching SubjectAltName. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_cert_free (hx509_cert cert)" +.PP +Free reference to the hx509 certificate object, if the refcounter reaches 0, the object if freed. Its allowed to pass in NULL. +.PP +\fBParameters:\fP +.RS 4 +\fIcert\fP the cert to free. +.RE +.PP + +.SS "hx509_cert_attribute hx509_cert_get_attribute (hx509_cert cert, const heim_oid * oid)" +.PP +Get an external attribute for the certificate, examples are friendly name and id. +.PP +\fBParameters:\fP +.RS 4 +\fIcert\fP hx509 certificate object to search +.br +\fIoid\fP an oid to search for. +.RE +.PP +\fBReturns:\fP +.RS 4 +an hx509_cert_attribute, only valid as long as the certificate is referenced. +.RE +.PP + +.SS "int hx509_cert_get_base_subject (hx509_context context, hx509_cert c, hx509_name * name)" +.PP +Return the name of the base subject of the hx509 certificate. If the certiicate is a verified proxy certificate, the this function return the base certificate (root of the proxy chain). If the proxy certificate is not verified with the base certificate HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED is returned. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIc\fP a hx509 certificate object. +.br +\fIname\fP a pointer to a hx509 name, should be freed by \fBhx509_name_free()\fP. See also \fBhx509_cert_get_subject()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "const char* hx509_cert_get_friendly_name (hx509_cert cert)" +.PP +Get friendly name of the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcert\fP cert to get the friendly name from. +.RE +.PP +\fBReturns:\fP +.RS 4 +an friendly name or NULL if there is. The friendly name is only valid as long as the certificate is referenced. +.RE +.PP + +.SS "int hx509_cert_get_issuer (hx509_cert p, hx509_name * name)" +.PP +Return the name of the issuer of the hx509 certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.br +\fIname\fP a pointer to a hx509 name, should be freed by \fBhx509_name_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_get_issuer_unique_id (hx509_context context, hx509_cert p, heim_bit_string * issuer)" +.PP +Get a copy of the Issuer Unique ID +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509_context +.br +\fIp\fP a hx509 certificate +.br +\fIissuer\fP the issuer id returned, free with der_free_bit_string() +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. The error code HX509_EXTENSION_NOT_FOUND is returned if the certificate doesn't have a issuerUniqueID +.RE +.PP + +.SS "time_t hx509_cert_get_notAfter (hx509_cert p)" +.PP +Get notAfter time of the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +return not after time. +.RE +.PP + +.SS "time_t hx509_cert_get_notBefore (hx509_cert p)" +.PP +Get notBefore time of the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +return not before time +.RE +.PP + +.SS "int hx509_cert_get_serialnumber (hx509_cert p, heim_integer * i)" +.PP +Get serial number of the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.br +\fIi\fP serial number, should be freed ith der_free_heim_integer(). +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_get_SPKI (hx509_context context, hx509_cert p, SubjectPublicKeyInfo * spki)" +.PP +Get the SubjectPublicKeyInfo structure from the hx509 certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIp\fP a hx509 certificate object. +.br +\fIspki\fP SubjectPublicKeyInfo, should be freed with free_SubjectPublicKeyInfo(). +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_get_SPKI_AlgorithmIdentifier (hx509_context context, hx509_cert p, AlgorithmIdentifier * alg)" +.PP +Get the AlgorithmIdentifier from the hx509 certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIp\fP a hx509 certificate object. +.br +\fIalg\fP AlgorithmIdentifier, should be freed with free_AlgorithmIdentifier(). The algorithmidentifier is typicly rsaEncryption, or id-ecPublicKey, or some other public key mechanism. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_get_subject (hx509_cert p, hx509_name * name)" +.PP +Return the name of the subject of the hx509 certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIp\fP a hx509 certificate object. +.br +\fIname\fP a pointer to a hx509 name, should be freed by \fBhx509_name_free()\fP. See also \fBhx509_cert_get_base_subject()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_cert_get_subject_unique_id (hx509_context context, hx509_cert p, heim_bit_string * subject)" +.PP +Get a copy of the Subect Unique ID +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509_context +.br +\fIp\fP a hx509 certificate +.br +\fIsubject\fP the subject id returned, free with der_free_bit_string() +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. The error code HX509_EXTENSION_NOT_FOUND is returned if the certificate doesn't have a subjectUniqueID +.RE +.PP + +.SS "int hx509_cert_init (hx509_context context, const Certificate * c, hx509_cert * cert)" +.PP +Allocate and init an hx509 certificate object from the decoded certificate `c´. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIc\fP +.br +\fIcert\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_cert_init_data (hx509_context context, const void * ptr, size_t len, hx509_cert * cert)" +.PP +Just like \fBhx509_cert_init()\fP, but instead of a decode certificate takes an pointer and length to a memory region that contains a DER/BER encoded certificate. +.PP +If the memory region doesn't contain just the certificate and nothing more the function will fail with HX509_EXTRA_DATA_AFTER_STRUCTURE. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIptr\fP pointer to memory region containing encoded certificate. +.br +\fIlen\fP length of memory region. +.br +\fIcert\fP a return pointer to a hx509 certificate object, will contain NULL on error. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "hx509_cert hx509_cert_ref (hx509_cert cert)" +.PP +Add a reference to a hx509 certificate object. +.PP +\fBParameters:\fP +.RS 4 +\fIcert\fP a pointer to an hx509 certificate object. +.RE +.PP +\fBReturns:\fP +.RS 4 +the same object as is passed in. +.RE +.PP + +.SS "int hx509_cert_set_friendly_name (hx509_cert cert, const char * name)" +.PP +Set the friendly name on the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcert\fP The certificate to set the friendly name on +.br +\fIname\fP Friendly name. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_print_cert (hx509_context context, hx509_cert cert, FILE * out)" +.PP +Print a simple representation of a certificate +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context, can be NULL +.br +\fIcert\fP certificate to print +.br +\fIout\fP the stdio output stream, if NULL, stdout is used +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code +.RE +.PP + +.SS "int hx509_query_alloc (hx509_context context, hx509_query ** q)" +.PP +Allocate an query controller. Free using \fBhx509_query_free()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIq\fP return pointer to a hx509_query. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_query_free (hx509_context context, hx509_query * q)" +.PP +Free the query controller. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIq\fP a pointer to the query controller. +.RE +.PP + +.SS "int hx509_query_match_cmp_func (hx509_query * q, int(*)(hx509_context, hx509_cert, void *) func, void * ctx)" +.PP +Set the query controller to match using a specific match function. +.PP +\fBParameters:\fP +.RS 4 +\fIq\fP a hx509 query controller. +.br +\fIfunc\fP function to use for matching, if the argument is NULL, the match function is removed. +.br +\fIctx\fP context passed to the function. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_query_match_eku (hx509_query * q, const heim_oid * eku)" +.PP +Set the query controller to require an one specific EKU (extended key usage). Any previous EKU matching is overwitten. If NULL is passed in as the eku, the EKU requirement is reset. +.PP +\fBParameters:\fP +.RS 4 +\fIq\fP a hx509 query controller. +.br +\fIeku\fP an EKU to match on. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_query_match_friendly_name (hx509_query * q, const char * name)" +.PP +Set the query controller to match on a friendly name +.PP +\fBParameters:\fP +.RS 4 +\fIq\fP a hx509 query controller. +.br +\fIname\fP a friendly name to match on +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_query_match_issuer_serial (hx509_query * q, const Name * issuer, const heim_integer * serialNumber)" +.PP +Set the issuer and serial number of match in the query controller. The function make copies of the isser and serial number. +.PP +\fBParameters:\fP +.RS 4 +\fIq\fP a hx509 query controller +.br +\fIissuer\fP issuer to search for +.br +\fIserialNumber\fP the serialNumber of the issuer. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_query_match_option (hx509_query * q, hx509_query_option option)" +.PP +Set match options for the hx509 query controller. +.PP +\fBParameters:\fP +.RS 4 +\fIq\fP query controller. +.br +\fIoption\fP options to control the query controller. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_query_statistic_file (hx509_context context, const char * fn)" +.PP +Set a statistic file for the query statistics. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIfn\fP statistics file name +.RE +.PP + +.SS "void hx509_query_unparse_stats (hx509_context context, int printtype, FILE * out)" +.PP +Unparse the statistics file and print the result on a FILE descriptor. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIprinttype\fP tyep to print +.br +\fIout\fP the FILE to write the data on. +.RE +.PP + +.SS "void hx509_verify_ctx_f_allow_default_trustanchors (hx509_verify_ctx ctx, int boolean)" +.PP +Allow using the operating system builtin trust anchors if no other trust anchors are configured. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIboolean\fP if non zero, useing the operating systems builtin trust anchors. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_verify_hostname (hx509_context context, const hx509_cert cert, int flags, hx509_hostname_type type, const char * hostname, const struct sockaddr * sa, int sa_size)" +.PP +Verify that the certificate is allowed to be used for the hostname and address. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIcert\fP the certificate to match with +.br +\fIflags\fP Flags to modify the behavior: +.IP "\(bu" 2 +HX509_VHN_F_ALLOW_NO_MATCH no match is ok +.PP +.br +\fItype\fP type of hostname: +.IP "\(bu" 2 +HX509_HN_HOSTNAME for plain hostname. +.IP "\(bu" 2 +HX509_HN_DNSSRV for DNS SRV names. +.PP +.br +\fIhostname\fP the hostname to check +.br +\fIsa\fP address of the host +.br +\fIsa_size\fP length of address +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_binary.3 b/doc/doxyout/hx509/man/man3/hx509_cert_binary.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_binary.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_check_eku.3 b/doc/doxyout/hx509/man/man3/hx509_cert_check_eku.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_check_eku.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_cmp.3 b/doc/doxyout/hx509/man/man3/hx509_cert_cmp.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_cmp.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_find_subjectAltName_otherName.3 b/doc/doxyout/hx509/man/man3/hx509_cert_find_subjectAltName_otherName.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_find_subjectAltName_otherName.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_free.3 b/doc/doxyout/hx509/man/man3/hx509_cert_free.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_free.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI_AlgorithmIdentifier.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI_AlgorithmIdentifier.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_SPKI_AlgorithmIdentifier.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_attribute.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_attribute.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_attribute.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_base_subject.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_base_subject.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_base_subject.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_friendly_name.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_friendly_name.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_friendly_name.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer_unique_id.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer_unique_id.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_issuer_unique_id.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_notAfter.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_notAfter.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_notAfter.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_notBefore.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_notBefore.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_notBefore.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_serialnumber.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_serialnumber.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_serialnumber.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_subject.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_subject.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_subject.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_get_subject_unique_id.3 b/doc/doxyout/hx509/man/man3/hx509_cert_get_subject_unique_id.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_get_subject_unique_id.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_init.3 b/doc/doxyout/hx509/man/man3/hx509_cert_init.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_init.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_init_data.3 b/doc/doxyout/hx509/man/man3/hx509_cert_init_data.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_init_data.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_keyusage_print.3 b/doc/doxyout/hx509/man/man3/hx509_cert_keyusage_print.3 new file mode 100644 index 000000000000..2577d70ee906 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_keyusage_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_ref.3 b/doc/doxyout/hx509/man/man3/hx509_cert_ref.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_ref.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cert_set_friendly_name.3 b/doc/doxyout/hx509/man/man3/hx509_cert_set_friendly_name.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cert_set_friendly_name.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_add.3 b/doc/doxyout/hx509/man/man3/hx509_certs_add.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_add.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_append.3 b/doc/doxyout/hx509/man/man3/hx509_certs_append.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_append.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_end_seq.3 b/doc/doxyout/hx509/man/man3/hx509_certs_end_seq.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_end_seq.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_filter.3 b/doc/doxyout/hx509/man/man3/hx509_certs_filter.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_filter.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_find.3 b/doc/doxyout/hx509/man/man3/hx509_certs_find.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_find.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_free.3 b/doc/doxyout/hx509/man/man3/hx509_certs_free.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_free.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_info.3 b/doc/doxyout/hx509/man/man3/hx509_certs_info.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_info.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_init.3 b/doc/doxyout/hx509/man/man3/hx509_certs_init.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_init.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_iter_f.3 b/doc/doxyout/hx509/man/man3/hx509_certs_iter_f.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_iter_f.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_merge.3 b/doc/doxyout/hx509/man/man3/hx509_certs_merge.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_merge.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_next_cert.3 b/doc/doxyout/hx509/man/man3/hx509_certs_next_cert.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_next_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_start_seq.3 b/doc/doxyout/hx509/man/man3/hx509_certs_start_seq.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_start_seq.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_certs_store.3 b/doc/doxyout/hx509/man/man3/hx509_certs_store.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_certs_store.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ci_print_names.3 b/doc/doxyout/hx509/man/man3/hx509_ci_print_names.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ci_print_names.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_clear_error_string.3 b/doc/doxyout/hx509/man/man3/hx509_clear_error_string.3 new file mode 100644 index 000000000000..191f0f0843f0 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_clear_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cms.3 b/doc/doxyout/hx509/man/man3/hx509_cms.3 new file mode 100644 index 000000000000..77d681708c82 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cms.3 @@ -0,0 +1,206 @@ +.TH "hx509 CMS/pkcs7 functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 CMS/pkcs7 functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_cms_wrap_ContentInfo\fP (const heim_oid *oid, const heim_octet_string *buf, heim_octet_string *res)" +.br +.ti -1c +.RI "int \fBhx509_cms_unwrap_ContentInfo\fP (const heim_octet_string *in, heim_oid *oid, heim_octet_string *out, int *have_data)" +.br +.ti -1c +.RI "int \fBhx509_cms_unenvelope\fP (hx509_context context, hx509_certs certs, int flags, const void *data, size_t length, const heim_octet_string *encryptedContent, time_t time_now, heim_oid *contentType, heim_octet_string *content)" +.br +.ti -1c +.RI "int \fBhx509_cms_envelope_1\fP (hx509_context context, int flags, hx509_cert cert, const void *data, size_t length, const heim_oid *encryption_type, const heim_oid *contentType, heim_octet_string *content)" +.br +.ti -1c +.RI "int \fBhx509_cms_verify_signed\fP (hx509_context context, hx509_verify_ctx ctx, unsigned int flags, const void *data, size_t length, const heim_octet_string *signedContent, hx509_certs pool, heim_oid *contentType, heim_octet_string *content, hx509_certs *signer_certs)" +.br +.ti -1c +.RI "int \fBhx509_cms_create_signed_1\fP (hx509_context context, int flags, const heim_oid *eContentType, const void *data, size_t length, const AlgorithmIdentifier *digest_alg, hx509_cert cert, hx509_peer_info peer, hx509_certs anchors, hx509_certs pool, heim_octet_string *signed_data)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBCMS/PKCS7 message functions.\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_cms_create_signed_1 (hx509_context context, int flags, const heim_oid * eContentType, const void * data, size_t length, const AlgorithmIdentifier * digest_alg, hx509_cert cert, hx509_peer_info peer, hx509_certs anchors, hx509_certs pool, heim_octet_string * signed_data)" +.PP +Decode SignedData and verify that the signature is correct. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIflags\fP +.br +\fIeContentType\fP the type of the data. +.br +\fIdata\fP data to sign +.br +\fIlength\fP length of the data that data point to. +.br +\fIdigest_alg\fP digest algorithm to use, use NULL to get the default or the peer determined algorithm. +.br +\fIcert\fP certificate to use for sign the data. +.br +\fIpeer\fP info about the peer the message to send the message to, like what digest algorithm to use. +.br +\fIanchors\fP trust anchors that the client will use, used to polulate the certificates included in the message +.br +\fIpool\fP certificates to use in try to build the path to the trust anchors. +.br +\fIsigned_data\fP the output of the function, free with der_free_octet_string(). +.RE +.PP + +.SS "int hx509_cms_envelope_1 (hx509_context context, int flags, hx509_cert cert, const void * data, size_t length, const heim_oid * encryption_type, const heim_oid * contentType, heim_octet_string * content)" +.PP +Encrypt end encode EnvelopedData. +.PP +Encrypt and encode EnvelopedData. The data is encrypted with a random key and the the random key is encrypted with the certificates private key. This limits what private key type can be used to RSA. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIflags\fP flags to control the behavior. +.IP "\(bu" 2 +HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate +.IP "\(bu" 2 +HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo +.IP "\(bu" 2 +HX509_CMS_EV_ID_NAME - prefer issuer name and serial number +.PP +.br +\fIcert\fP Certificate to encrypt the EnvelopedData encryption key with. +.br +\fIdata\fP pointer the data to encrypt. +.br +\fIlength\fP length of the data that data point to. +.br +\fIencryption_type\fP Encryption cipher to use for the bulk data, use NULL to get default. +.br +\fIcontentType\fP type of the data that is encrypted +.br +\fIcontent\fP the output of the function, free with der_free_octet_string(). +.RE +.PP + +.SS "int hx509_cms_unenvelope (hx509_context context, hx509_certs certs, int flags, const void * data, size_t length, const heim_octet_string * encryptedContent, time_t time_now, heim_oid * contentType, heim_octet_string * content)" +.PP +Decode and unencrypt EnvelopedData. +.PP +Extract data and parameteres from from the EnvelopedData. Also supports using detached EnvelopedData. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIcerts\fP Certificate that can decrypt the EnvelopedData encryption key. +.br +\fIflags\fP HX509_CMS_UE flags to control the behavior. +.br +\fIdata\fP pointer the structure the contains the DER/BER encoded EnvelopedData stucture. +.br +\fIlength\fP length of the data that data point to. +.br +\fIencryptedContent\fP in case of detached signature, this contains the actual encrypted data, othersize its should be NULL. +.br +\fItime_now\fP set the current time, if zero the library uses now as the date. +.br +\fIcontentType\fP output type oid, should be freed with der_free_oid(). +.br +\fIcontent\fP the data, free with der_free_octet_string(). +.RE +.PP + +.SS "int hx509_cms_unwrap_ContentInfo (const heim_octet_string * in, heim_oid * oid, heim_octet_string * out, int * have_data)" +.PP +Decode an ContentInfo and unwrap data and oid it. +.PP +\fBParameters:\fP +.RS 4 +\fIin\fP the encoded buffer. +.br +\fIoid\fP type of the content. +.br +\fIout\fP data to be wrapped. +.br +\fIhave_data\fP since the data is optional, this flags show dthe diffrence between no data and the zero length data. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_cms_verify_signed (hx509_context context, hx509_verify_ctx ctx, unsigned int flags, const void * data, size_t length, const heim_octet_string * signedContent, hx509_certs pool, heim_oid * contentType, heim_octet_string * content, hx509_certs * signer_certs)" +.PP +Decode SignedData and verify that the signature is correct. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP a hx509 verify context. +.br +\fIflags\fP to control the behaivor of the function. +.IP "\(bu" 2 +HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage +.IP "\(bu" 2 +HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch +.IP "\(bu" 2 +HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below. +.PP +.br +\fIdata\fP pointer to CMS SignedData encoded data. +.br +\fIlength\fP length of the data that data point to. +.br +\fIsignedContent\fP external data used for signature. +.br +\fIpool\fP certificate pool to build certificates paths. +.br +\fIcontentType\fP free with der_free_oid(). +.br +\fIcontent\fP the output of the function, free with der_free_octet_string(). +.br +\fIsigner_certs\fP list of the cerficates used to sign this request, free with \fBhx509_certs_free()\fP. +.RE +.PP + +.PP +If HX509_CMS_VS_NO_KU_CHECK is set, allow more liberal search for matching certificates by not considering KeyUsage bits on the certificates. +.PP +If HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH, allow encapContentInfo mismatch with the oid in signedAttributes (or if no signedAttributes where use, pkcs7-data oid). This is only needed to work with broken CMS implementations that doesn't follow CMS signedAttributes rules. +.PP +If HX509_CMS_VS_NO_VALIDATE flags is set, do not verify the signing certificates and leave that up to the caller. +.PP +If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty SignerInfo (no signatures). If SignedData have no signatures, the function will return 0 with signer_certs set to NULL. Zero signers is allowed by the standard, but since its only useful in corner cases, it make into a flag that the caller have to turn on. +.SS "int hx509_cms_wrap_ContentInfo (const heim_oid * oid, const heim_octet_string * buf, heim_octet_string * res)" +.PP +Wrap data and oid in a ContentInfo and encode it. +.PP +\fBParameters:\fP +.RS 4 +\fIoid\fP type of the content. +.br +\fIbuf\fP data to be wrapped. If a NULL pointer is passed in, the optional content field in the ContentInfo is not going be filled in. +.br +\fIres\fP the encoded buffer, the result should be freed with der_free_octet_string(). +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_cms_create_signed_1.3 b/doc/doxyout/hx509/man/man3/hx509_cms_create_signed_1.3 new file mode 100644 index 000000000000..ce2803ea99dc --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cms_create_signed_1.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cms_envelope_1.3 b/doc/doxyout/hx509/man/man3/hx509_cms_envelope_1.3 new file mode 100644 index 000000000000..ce2803ea99dc --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cms_envelope_1.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cms_unenvelope.3 b/doc/doxyout/hx509/man/man3/hx509_cms_unenvelope.3 new file mode 100644 index 000000000000..ce2803ea99dc --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cms_unenvelope.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cms_unwrap_ContentInfo.3 b/doc/doxyout/hx509/man/man3/hx509_cms_unwrap_ContentInfo.3 new file mode 100644 index 000000000000..ce2803ea99dc --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cms_unwrap_ContentInfo.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cms_verify_signed.3 b/doc/doxyout/hx509/man/man3/hx509_cms_verify_signed.3 new file mode 100644 index 000000000000..ce2803ea99dc --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cms_verify_signed.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_cms_wrap_ContentInfo.3 b/doc/doxyout/hx509/man/man3/hx509_cms_wrap_ContentInfo.3 new file mode 100644 index 000000000000..ce2803ea99dc --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_cms_wrap_ContentInfo.3 @@ -0,0 +1 @@ +.so man3/hx509_cms.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_context_free.3 b/doc/doxyout/hx509/man/man3/hx509_context_free.3 new file mode 100644 index 000000000000..19c5e816ac65 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_context_free.3 @@ -0,0 +1 @@ +.so man3/hx509.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_context_init.3 b/doc/doxyout/hx509/man/man3/hx509_context_init.3 new file mode 100644 index 000000000000..19c5e816ac65 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_context_init.3 @@ -0,0 +1 @@ +.so man3/hx509.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_context_set_missing_revoke.3 b/doc/doxyout/hx509/man/man3/hx509_context_set_missing_revoke.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_context_set_missing_revoke.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_crl_add_revoked_certs.3 b/doc/doxyout/hx509/man/man3/hx509_crl_add_revoked_certs.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_crl_add_revoked_certs.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_crl_alloc.3 b/doc/doxyout/hx509/man/man3/hx509_crl_alloc.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_crl_alloc.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_crl_free.3 b/doc/doxyout/hx509/man/man3/hx509_crl_free.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_crl_free.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_crl_lifetime.3 b/doc/doxyout/hx509/man/man3/hx509_crl_lifetime.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_crl_lifetime.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_crl_sign.3 b/doc/doxyout/hx509/man/man3/hx509_crl_sign.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_crl_sign.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_crypto.3 b/doc/doxyout/hx509/man/man3/hx509_crypto.3 new file mode 100644 index 000000000000..7b9cdfc12c6d --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_crypto.3 @@ -0,0 +1,40 @@ +.TH "hx509 crypto functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 crypto functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_verify_signature\fP (hx509_context context, const hx509_cert signer, const AlgorithmIdentifier *alg, const heim_octet_string *data, const heim_octet_string *sig)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int hx509_verify_signature (hx509_context context, const hx509_cert signer, const AlgorithmIdentifier * alg, const heim_octet_string * data, const heim_octet_string * sig)" +.PP +Verify a signature made using the private key of an certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIsigner\fP the certificate that made the signature. +.br +\fIalg\fP algorthm that was used to sign the data. +.br +\fIdata\fP the data that was signed. +.br +\fIsig\fP the sigature to verify. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_env.3 b/doc/doxyout/hx509/man/man3/hx509_env.3 new file mode 100644 index 000000000000..eae0146c4251 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_env.3 @@ -0,0 +1,143 @@ +.TH "hx509 enviroment functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 enviroment functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_env_add\fP (hx509_context context, hx509_env *env, const char *key, const char *value)" +.br +.ti -1c +.RI "int \fBhx509_env_add_binding\fP (hx509_context context, hx509_env *env, const char *key, hx509_env list)" +.br +.ti -1c +.RI "const char * \fBhx509_env_lfind\fP (hx509_context context, hx509_env env, const char *key, size_t len)" +.br +.ti -1c +.RI "const char * \fBhx509_env_find\fP (hx509_context context, hx509_env env, const char *key)" +.br +.ti -1c +.RI "hx509_env \fBhx509_env_find_binding\fP (hx509_context context, hx509_env env, const char *key)" +.br +.ti -1c +.RI "void \fBhx509_env_free\fP (hx509_env *env)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int hx509_env_add (hx509_context context, hx509_env * env, const char * key, const char * value)" +.PP +Add a new key/value pair to the hx509_env. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIenv\fP enviroment to add the enviroment variable too. +.br +\fIkey\fP key to add +.br +\fIvalue\fP value to add +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_env_add_binding (hx509_context context, hx509_env * env, const char * key, hx509_env list)" +.PP +Add a new key/binding pair to the hx509_env. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIenv\fP enviroment to add the enviroment variable too. +.br +\fIkey\fP key to add +.br +\fIlist\fP binding list to add +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "const char* hx509_env_find (hx509_context context, hx509_env env, const char * key)" +.PP +Search the hx509_env for a key. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIenv\fP enviroment to add the enviroment variable too. +.br +\fIkey\fP key to search for. +.RE +.PP +\fBReturns:\fP +.RS 4 +the value if the key is found, NULL otherwise. +.RE +.PP + +.SS "hx509_env hx509_env_find_binding (hx509_context context, hx509_env env, const char * key)" +.PP +Search the hx509_env for a binding. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIenv\fP enviroment to add the enviroment variable too. +.br +\fIkey\fP key to search for. +.RE +.PP +\fBReturns:\fP +.RS 4 +the binding if the key is found, NULL if not found. +.RE +.PP + +.SS "void hx509_env_free (hx509_env * env)" +.PP +Free an hx509_env enviroment context. +.PP +\fBParameters:\fP +.RS 4 +\fIenv\fP the enviroment to free. +.RE +.PP + +.SS "const char* hx509_env_lfind (hx509_context context, hx509_env env, const char * key, size_t len)" +.PP +Search the hx509_env for a length based key. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIenv\fP enviroment to add the enviroment variable too. +.br +\fIkey\fP key to search for. +.br +\fIlen\fP length of key. +.RE +.PP +\fBReturns:\fP +.RS 4 +the value if the key is found, NULL otherwise. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_env_add.3 b/doc/doxyout/hx509/man/man3/hx509_env_add.3 new file mode 100644 index 000000000000..cdf891871adf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_env_add.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_env_add_binding.3 b/doc/doxyout/hx509/man/man3/hx509_env_add_binding.3 new file mode 100644 index 000000000000..cdf891871adf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_env_add_binding.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_env_find.3 b/doc/doxyout/hx509/man/man3/hx509_env_find.3 new file mode 100644 index 000000000000..cdf891871adf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_env_find.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_env_find_binding.3 b/doc/doxyout/hx509/man/man3/hx509_env_find_binding.3 new file mode 100644 index 000000000000..cdf891871adf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_env_find_binding.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_env_free.3 b/doc/doxyout/hx509/man/man3/hx509_env_free.3 new file mode 100644 index 000000000000..cdf891871adf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_env_free.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_env_lfind.3 b/doc/doxyout/hx509/man/man3/hx509_env_lfind.3 new file mode 100644 index 000000000000..cdf891871adf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_env_lfind.3 @@ -0,0 +1 @@ +.so man3/hx509_env.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_err.3 b/doc/doxyout/hx509/man/man3/hx509_err.3 new file mode 100644 index 000000000000..191f0f0843f0 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_err.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_error.3 b/doc/doxyout/hx509/man/man3/hx509_error.3 new file mode 100644 index 000000000000..20f544ec431c --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_error.3 @@ -0,0 +1,129 @@ +.TH "hx509 error functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 error functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_clear_error_string\fP (hx509_context context)" +.br +.ti -1c +.RI "void \fBhx509_set_error_stringv\fP (hx509_context context, int flags, int code, const char *fmt, va_list ap)" +.br +.ti -1c +.RI "void \fBhx509_set_error_string\fP (hx509_context context, int flags, int code, const char *fmt,...)" +.br +.ti -1c +.RI "char * \fBhx509_get_error_string\fP (hx509_context context, int error_code)" +.br +.ti -1c +.RI "void \fBhx509_free_error_string\fP (char *str)" +.br +.ti -1c +.RI "void \fBhx509_err\fP (hx509_context context, int exit_code, int error_code, const char *fmt,...)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBHx509 error reporting functions\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "void hx509_clear_error_string (hx509_context context)" +.PP +Resets the error strings the hx509 context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.RE +.PP + +.SS "void hx509_err (hx509_context context, int exit_code, int error_code, const char * fmt, ...)" +.PP +Print error message and fatally exit from error code +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIexit_code\fP exit() code from process. +.br +\fIerror_code\fP Error code for the reason to exit. +.br +\fIfmt\fP format string with the exit message. +.br +\fI...\fP argument to format string. +.RE +.PP + +.SS "void hx509_free_error_string (char * str)" +.PP +Free error string returned by \fBhx509_get_error_string()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIstr\fP error string to free. +.RE +.PP + +.SS "char* hx509_get_error_string (hx509_context context, int error_code)" +.PP +Get an error string from context associated with error_code. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIerror_code\fP Get error message for this error code. +.RE +.PP +\fBReturns:\fP +.RS 4 +error string, free with \fBhx509_free_error_string()\fP. +.RE +.PP + +.SS "void hx509_set_error_string (hx509_context context, int flags, int code, const char * fmt, ...)" +.PP +See \fBhx509_set_error_stringv()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIflags\fP +.IP "\(bu" 2 +HX509_ERROR_APPEND appends the error string to the old messages (code is updated). +.PP +.br +\fIcode\fP error code related to error message +.br +\fIfmt\fP error message format +.br +\fI...\fP arguments to error message format +.RE +.PP + +.SS "void hx509_set_error_stringv (hx509_context context, int flags, int code, const char * fmt, va_list ap)" +.PP +Add an error message to the hx509 context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIflags\fP +.IP "\(bu" 2 +HX509_ERROR_APPEND appends the error string to the old messages (code is updated). +.PP +.br +\fIcode\fP error code related to error message +.br +\fIfmt\fP error message format +.br +\fIap\fP arguments to error message format +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_free_error_string.3 b/doc/doxyout/hx509/man/man3/hx509_free_error_string.3 new file mode 100644 index 000000000000..191f0f0843f0 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_free_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_free_octet_string_list.3 b/doc/doxyout/hx509/man/man3/hx509_free_octet_string_list.3 new file mode 100644 index 000000000000..f58308e8cd15 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_free_octet_string_list.3 @@ -0,0 +1 @@ +.so man3/hx509_misc.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_general_name_unparse.3 b/doc/doxyout/hx509/man/man3/hx509_general_name_unparse.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_general_name_unparse.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_get_error_string.3 b/doc/doxyout/hx509/man/man3/hx509_get_error_string.3 new file mode 100644 index 000000000000..191f0f0843f0 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_get_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_get_one_cert.3 b/doc/doxyout/hx509/man/man3/hx509_get_one_cert.3 new file mode 100644 index 000000000000..4543cfc8ff9a --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_get_one_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_keyset.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_keyset.3 b/doc/doxyout/hx509/man/man3/hx509_keyset.3 new file mode 100644 index 000000000000..aff48bbd5044 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_keyset.3 @@ -0,0 +1,373 @@ +.TH "hx509 certificate store functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 certificate store functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_certs_init\fP (hx509_context context, const char *name, int flags, hx509_lock lock, hx509_certs *certs)" +.br +.ti -1c +.RI "int \fBhx509_certs_store\fP (hx509_context context, hx509_certs certs, int flags, hx509_lock lock)" +.br +.ti -1c +.RI "void \fBhx509_certs_free\fP (hx509_certs *certs)" +.br +.ti -1c +.RI "int \fBhx509_certs_start_seq\fP (hx509_context context, hx509_certs certs, hx509_cursor *cursor)" +.br +.ti -1c +.RI "int \fBhx509_certs_next_cert\fP (hx509_context context, hx509_certs certs, hx509_cursor cursor, hx509_cert *cert)" +.br +.ti -1c +.RI "int \fBhx509_certs_end_seq\fP (hx509_context context, hx509_certs certs, hx509_cursor cursor)" +.br +.ti -1c +.RI "int \fBhx509_certs_iter_f\fP (hx509_context context, hx509_certs certs, int(*func)(hx509_context, void *, hx509_cert), void *ctx)" +.br +.ti -1c +.RI "int \fBhx509_ci_print_names\fP (hx509_context context, void *ctx, hx509_cert c)" +.br +.ti -1c +.RI "int \fBhx509_certs_add\fP (hx509_context context, hx509_certs certs, hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_certs_find\fP (hx509_context context, hx509_certs certs, const hx509_query *q, hx509_cert *r)" +.br +.ti -1c +.RI "int \fBhx509_certs_filter\fP (hx509_context context, hx509_certs certs, const hx509_query *q, hx509_certs *result)" +.br +.ti -1c +.RI "int \fBhx509_certs_merge\fP (hx509_context context, hx509_certs to, hx509_certs from)" +.br +.ti -1c +.RI "int \fBhx509_certs_append\fP (hx509_context context, hx509_certs to, hx509_lock lock, const char *name)" +.br +.ti -1c +.RI "int \fBhx509_get_one_cert\fP (hx509_context context, hx509_certs certs, hx509_cert *c)" +.br +.ti -1c +.RI "int \fBhx509_certs_info\fP (hx509_context context, hx509_certs certs, int(*func)(void *, const char *), void *ctx)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBCertificate store operations\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_certs_add (hx509_context context, hx509_certs certs, hx509_cert cert)" +.PP +Add a certificate to the certificiate store. +.PP +The receiving keyset certs will either increase reference counter of the cert or make a deep copy, either way, the caller needs to free the cert itself. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to add the certificate to. +.br +\fIcert\fP certificate to add. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_append (hx509_context context, hx509_certs to, hx509_lock lock, const char * name)" +.PP +Same a \fBhx509_certs_merge()\fP but use a lock and name to describe the from source. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIto\fP the store to merge into. +.br +\fIlock\fP a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see \fBLocking and unlocking certificates and encrypted data.\fP). +.br +\fIname\fP name of the source store +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_end_seq (hx509_context context, hx509_certs certs, hx509_cursor cursor)" +.PP +End the iteration over certificates. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to iterate over. +.br +\fIcursor\fP cursor that will keep track of progress, freed. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_filter (hx509_context context, hx509_certs certs, const hx509_query * q, hx509_certs * result)" +.PP +Filter certificate matching the query. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to search. +.br +\fIq\fP query allocated with \fBhx509 query functions\fP functions. +.br +\fIresult\fP the filtered certificate store, caller must free with \fBhx509_certs_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.PP +Return HX509_CERT_NOT_FOUND if no certificate in certs matched the query. +.SS "int hx509_certs_find (hx509_context context, hx509_certs certs, const hx509_query * q, hx509_cert * r)" +.PP +Find a certificate matching the query. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to search. +.br +\fIq\fP query allocated with \fBhx509 query functions\fP functions. +.br +\fIr\fP return certificate (or NULL on error), should be freed with \fBhx509_cert_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.PP +Return HX509_CERT_NOT_FOUND if no certificate in certs matched the query. +.SS "void hx509_certs_free (hx509_certs * certs)" +.PP +Free a certificate store. +.PP +\fBParameters:\fP +.RS 4 +\fIcerts\fP certificate store to free. +.RE +.PP + +.SS "int hx509_certs_info (hx509_context context, hx509_certs certs, int(*)(void *, const char *) func, void * ctx)" +.PP +Print some info about the certificate store. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to print information about. +.br +\fIfunc\fP function that will get each line of the information, if NULL is used the data is printed on a FILE descriptor that should be passed in ctx, if ctx also is NULL, stdout is used. +.br +\fIctx\fP parameter to func. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_init (hx509_context context, const char * name, int flags, hx509_lock lock, hx509_certs * certs)" +.PP +Open or creates a new hx509 certificate store. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context +.br +\fIname\fP name of the store, format is TYPE:type-specific-string, if NULL is used the MEMORY store is used. +.br +\fIflags\fP list of flags: +.IP "\(bu" 2 +HX509_CERTS_CREATE create a new keystore of the specific TYPE. +.IP "\(bu" 2 +HX509_CERTS_UNPROTECT_ALL fails if any private key failed to be extracted. +.PP +.br +\fIlock\fP a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see \fBLocking and unlocking certificates and encrypted data.\fP). +.br +\fIcerts\fP return pointer, free with \fBhx509_certs_free()\fP. +.RE +.PP + +.SS "int hx509_certs_iter_f (hx509_context context, hx509_certs certs, int(*)(hx509_context, void *, hx509_cert) func, void * ctx)" +.PP +Iterate over all certificates in a keystore and call an function for each fo them. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to iterate over. +.br +\fIfunc\fP function to call for each certificate. The function should return non-zero to abort the iteration, that value is passed back to the caller of \fBhx509_certs_iter_f()\fP. +.br +\fIctx\fP context variable that will passed to the function. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_merge (hx509_context context, hx509_certs to, hx509_certs from)" +.PP +Merge a certificate store into another. The from store is keep intact. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIto\fP the store to merge into. +.br +\fIfrom\fP the store to copy the object from. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_next_cert (hx509_context context, hx509_certs certs, hx509_cursor cursor, hx509_cert * cert)" +.PP +Get next ceritificate from the certificate keystore pointed out by cursor. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to iterate over. +.br +\fIcursor\fP cursor that keeps track of progress. +.br +\fIcert\fP return certificate next in store, NULL if the store contains no more certificates. Free with \fBhx509_cert_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_certs_start_seq (hx509_context context, hx509_certs certs, hx509_cursor * cursor)" +.PP +Start the integration +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to iterate over +.br +\fIcursor\fP cursor that will keep track of progress, free with \fBhx509_certs_end_seq()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION is returned if the certificate store doesn't support the iteration operation. +.RE +.PP + +.SS "int hx509_certs_store (hx509_context context, hx509_certs certs, int flags, hx509_lock lock)" +.PP +Write the certificate store to stable storage. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIcerts\fP a certificate store to store. +.br +\fIflags\fP currently unused, use 0. +.br +\fIlock\fP a lock that unlocks the certificates store, use NULL to select no password/certifictes/prompt lock (see \fBLocking and unlocking certificates and encrypted data.\fP). +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. HX509_UNSUPPORTED_OPERATION if the certificate store doesn't support the store operation. +.RE +.PP + +.SS "int hx509_ci_print_names (hx509_context context, void * ctx, hx509_cert c)" +.PP +Iterate over all certificates in a keystore and call an function for each fo them. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP certificate store to iterate over. +.br +\fIfunc\fP function to call for each certificate. The function should return non-zero to abort the iteration, that value is passed back to the caller of hx509_certs_iter(). +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. Function to use to \fBhx509_certs_iter_f()\fP as a function argument, the ctx variable to \fBhx509_certs_iter_f()\fP should be a FILE file descriptor. +.RE +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIctx\fP used by \fBhx509_certs_iter_f()\fP. +.br +\fIc\fP a certificate +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + +.SS "int hx509_get_one_cert (hx509_context context, hx509_certs certs, hx509_cert * c)" +.PP +Get one random certificate from the certificate store. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcerts\fP a certificate store to get the certificate from. +.br +\fIc\fP return certificate, should be freed with \fBhx509_cert_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +Returns an hx509 error code. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_lock.3 b/doc/doxyout/hx509/man/man3/hx509_lock.3 new file mode 100644 index 000000000000..07461fd35ec2 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_lock.3 @@ -0,0 +1,5 @@ +.TH "hx509 lock functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 lock functions \- See the \fBLocking and unlocking certificates and encrypted data.\fP for description and examples. diff --git a/doc/doxyout/hx509/man/man3/hx509_misc.3 b/doc/doxyout/hx509/man/man3/hx509_misc.3 new file mode 100644 index 000000000000..4c1fec567edc --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_misc.3 @@ -0,0 +1,40 @@ +.TH "hx509 misc functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 misc functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_free_octet_string_list\fP (hx509_octet_string_list *list)" +.br +.ti -1c +.RI "void \fBhx509_xfree\fP (void *ptr)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_free_octet_string_list (hx509_octet_string_list * list)" +.PP +Free a list of octet strings returned by another hx509 library function. +.PP +\fBParameters:\fP +.RS 4 +\fIlist\fP list to be freed. +.RE +.PP + +.SS "void hx509_xfree (void * ptr)" +.PP +Free a data element allocated in the library. +.PP +\fBParameters:\fP +.RS 4 +\fIptr\fP data to be freed. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_name.3 b/doc/doxyout/hx509/man/man3/hx509_name.3 new file mode 100644 index 000000000000..141eab0d8057 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_name.3 @@ -0,0 +1,235 @@ +.TH "hx509 name functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 name functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_name_to_string\fP (const hx509_name name, char **str)" +.br +.ti -1c +.RI "int \fBhx509_name_cmp\fP (hx509_name n1, hx509_name n2)" +.br +.ti -1c +.RI "int \fBhx509_parse_name\fP (hx509_context context, const char *str, hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_name_copy\fP (hx509_context context, const hx509_name from, hx509_name *to)" +.br +.ti -1c +.RI "int \fBhx509_name_to_Name\fP (const hx509_name from, Name *to)" +.br +.ti -1c +.RI "int \fBhx509_name_expand\fP (hx509_context context, hx509_name name, hx509_env env)" +.br +.ti -1c +.RI "void \fBhx509_name_free\fP (hx509_name *name)" +.br +.ti -1c +.RI "int \fBhx509_unparse_der_name\fP (const void *data, size_t length, char **str)" +.br +.ti -1c +.RI "int \fBhx509_name_binary\fP (const hx509_name name, heim_octet_string *os)" +.br +.ti -1c +.RI "int \fBhx509_name_is_null_p\fP (const hx509_name name)" +.br +.ti -1c +.RI "int \fBhx509_general_name_unparse\fP (GeneralName *name, char **str)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBPKIX/X.509 Names\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_general_name_unparse (GeneralName * name, char ** str)" +.PP +Unparse the hx509 name in name into a string. +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP the name to print +.br +\fIstr\fP an allocated string returns the name in string form +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_name_binary (const hx509_name name, heim_octet_string * os)" +.PP +Convert a hx509_name object to DER encoded name. +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP name to concert +.br +\fIos\fP data to a DER encoded name, free the resulting octet string with hx509_xfree(os->data). +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_name_cmp (hx509_name n1, hx509_name n2)" +.PP +Compare to hx509 name object, useful for sorting. +.PP +\fBParameters:\fP +.RS 4 +\fIn1\fP a hx509 name object. +.br +\fIn2\fP a hx509 name object. +.RE +.PP +\fBReturns:\fP +.RS 4 +0 the objects are the same, returns > 0 is n2 is 'larger' then n2, < 0 if n1 is 'smaller' then n2. +.RE +.PP + +.SS "int hx509_name_copy (hx509_context context, const hx509_name from, hx509_name * to)" +.PP +Copy a hx509 name object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 cotext. +.br +\fIfrom\fP the name to copy from +.br +\fIto\fP the name to copy to +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_name_expand (hx509_context context, hx509_name name, hx509_env env)" +.PP +Expands variables in the name using env. Variables are on the form ${name}. Useful when dealing with certificate templates. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 cotext. +.br +\fIname\fP the name to expand. +.br +\fIenv\fP environment variable to expand. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.PP +Only UTF8String rdnSequence names are allowed +.SS "void hx509_name_free (hx509_name * name)" +.PP +Free a hx509 name object, upond return *name will be NULL. +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP a hx509 name object to be freed. +.RE +.PP + +.SS "int hx509_name_is_null_p (const hx509_name name)" +.PP +Unparse the hx509 name in name into a string. +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP the name to check if its empty/null. +.RE +.PP +\fBReturns:\fP +.RS 4 +non zero if the name is empty/null. +.RE +.PP + +.SS "int hx509_name_to_Name (const hx509_name from, Name * to)" +.PP +Convert a hx509_name into a Name. +.PP +\fBParameters:\fP +.RS 4 +\fIfrom\fP the name to copy from +.br +\fIto\fP the name to copy to +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_name_to_string (const hx509_name name, char ** str)" +.PP +Convert the hx509 name object into a printable string. The resulting string should be freed with free(). +.PP +\fBParameters:\fP +.RS 4 +\fIname\fP name to print +.br +\fIstr\fP the string to return +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_parse_name (hx509_context context, const char * str, hx509_name * name)" +.PP +Parse a string into a hx509 name object. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIstr\fP a string to parse. +.br +\fIname\fP the resulting object, NULL in case of error. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_unparse_der_name (const void * data, size_t length, char ** str)" +.PP +Convert a DER encoded name info a string. +.PP +\fBParameters:\fP +.RS 4 +\fIdata\fP data to a DER/BER encoded name +.br +\fIlength\fP length of data +.br +\fIstr\fP the resulting string, is NULL on failure. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_name_binary.3 b/doc/doxyout/hx509/man/man3/hx509_name_binary.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_name_binary.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_name_cmp.3 b/doc/doxyout/hx509/man/man3/hx509_name_cmp.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_name_cmp.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_name_copy.3 b/doc/doxyout/hx509/man/man3/hx509_name_copy.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_name_copy.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_name_expand.3 b/doc/doxyout/hx509/man/man3/hx509_name_expand.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_name_expand.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_name_free.3 b/doc/doxyout/hx509/man/man3/hx509_name_free.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_name_free.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_name_is_null_p.3 b/doc/doxyout/hx509/man/man3/hx509_name_is_null_p.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_name_is_null_p.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_name_to_Name.3 b/doc/doxyout/hx509/man/man3/hx509_name_to_Name.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_name_to_Name.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_name_to_string.3 b/doc/doxyout/hx509/man/man3/hx509_name_to_string.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_name_to_string.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ocsp_request.3 b/doc/doxyout/hx509/man/man3/hx509_ocsp_request.3 new file mode 100644 index 000000000000..d7d6ccf0d939 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ocsp_request.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_ocsp_verify.3 b/doc/doxyout/hx509/man/man3/hx509_ocsp_verify.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_ocsp_verify.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_oid_print.3 b/doc/doxyout/hx509/man/man3/hx509_oid_print.3 new file mode 100644 index 000000000000..2577d70ee906 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_oid_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_oid_sprint.3 b/doc/doxyout/hx509/man/man3/hx509_oid_sprint.3 new file mode 100644 index 000000000000..2577d70ee906 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_oid_sprint.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_parse_name.3 b/doc/doxyout/hx509/man/man3/hx509_parse_name.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_parse_name.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_peer.3 b/doc/doxyout/hx509/man/man3/hx509_peer.3 new file mode 100644 index 000000000000..3132594ba50f --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_peer.3 @@ -0,0 +1,113 @@ +.TH "hx509 certificate selecting functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 certificate selecting functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_peer_info_alloc\fP (hx509_context context, hx509_peer_info *peer)" +.br +.ti -1c +.RI "void \fBhx509_peer_info_free\fP (hx509_peer_info peer)" +.br +.ti -1c +.RI "int \fBhx509_peer_info_set_cert\fP (hx509_peer_info peer, hx509_cert cert)" +.br +.ti -1c +.RI "int \fBhx509_peer_info_add_cms_alg\fP (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier *val)" +.br +.ti -1c +.RI "int \fBhx509_peer_info_set_cms_algs\fP (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier *val, size_t len)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "int hx509_peer_info_add_cms_alg (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier * val)" +.PP +Add an additional algorithm that the peer supports. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIpeer\fP the peer to set the new algorithms for +.br +\fIval\fP an AlgorithmsIdentier to add +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_peer_info_alloc (hx509_context context, hx509_peer_info * peer)" +.PP +Allocate a new peer info structure an init it to default values. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIpeer\fP return an allocated peer, free with \fBhx509_peer_info_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_peer_info_free (hx509_peer_info peer)" +.PP +Free a peer info structure. +.PP +\fBParameters:\fP +.RS 4 +\fIpeer\fP peer info to be freed. +.RE +.PP + +.SS "int hx509_peer_info_set_cert (hx509_peer_info peer, hx509_cert cert)" +.PP +Set the certificate that remote peer is using. +.PP +\fBParameters:\fP +.RS 4 +\fIpeer\fP peer info to update +.br +\fIcert\fP cerificate of the remote peer. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_peer_info_set_cms_algs (hx509_context context, hx509_peer_info peer, const AlgorithmIdentifier * val, size_t len)" +.PP +Set the algorithms that the peer supports. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIpeer\fP the peer to set the new algorithms for +.br +\fIval\fP array of supported AlgorithmsIdentiers +.br +\fIlen\fP length of array val. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_peer_info_add_cms_alg.3 b/doc/doxyout/hx509/man/man3/hx509_peer_info_add_cms_alg.3 new file mode 100644 index 000000000000..b6a9f0fae0b9 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_peer_info_add_cms_alg.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_peer_info_alloc.3 b/doc/doxyout/hx509/man/man3/hx509_peer_info_alloc.3 new file mode 100644 index 000000000000..b6a9f0fae0b9 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_peer_info_alloc.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_peer_info_free.3 b/doc/doxyout/hx509/man/man3/hx509_peer_info_free.3 new file mode 100644 index 000000000000..b6a9f0fae0b9 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_peer_info_free.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cert.3 b/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cert.3 new file mode 100644 index 000000000000..b6a9f0fae0b9 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cms_algs.3 b/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cms_algs.3 new file mode 100644 index 000000000000..b6a9f0fae0b9 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_peer_info_set_cms_algs.3 @@ -0,0 +1 @@ +.so man3/hx509_peer.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_print.3 b/doc/doxyout/hx509/man/man3/hx509_print.3 new file mode 100644 index 000000000000..e615502bb477 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_print.3 @@ -0,0 +1,211 @@ +.TH "hx509 printing functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 printing functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_print_stdout\fP (void *ctx, const char *fmt, va_list va)" +.br +.ti -1c +.RI "int \fBhx509_oid_sprint\fP (const heim_oid *oid, char **str)" +.br +.ti -1c +.RI "void \fBhx509_oid_print\fP (const heim_oid *oid, hx509_vprint_func func, void *ctx)" +.br +.ti -1c +.RI "void \fBhx509_bitstring_print\fP (const heim_bit_string *b, hx509_vprint_func func, void *ctx)" +.br +.ti -1c +.RI "int \fBhx509_cert_keyusage_print\fP (hx509_context context, hx509_cert c, char **s)" +.br +.ti -1c +.RI "int \fBhx509_validate_ctx_init\fP (hx509_context context, hx509_validate_ctx *ctx)" +.br +.ti -1c +.RI "void \fBhx509_validate_ctx_set_print\fP (hx509_validate_ctx ctx, hx509_vprint_func func, void *c)" +.br +.ti -1c +.RI "void \fBhx509_validate_ctx_add_flags\fP (hx509_validate_ctx ctx, int flags)" +.br +.ti -1c +.RI "void \fBhx509_validate_ctx_free\fP (hx509_validate_ctx ctx)" +.br +.ti -1c +.RI "int \fBhx509_validate_cert\fP (hx509_context context, hx509_validate_ctx ctx, hx509_cert cert)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_bitstring_print (const heim_bit_string * b, hx509_vprint_func func, void * ctx)" +.PP +Print a bitstring using a hx509_vprint_func function. To print to stdout use \fBhx509_print_stdout()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIb\fP bit string to print. +.br +\fIfunc\fP hx509_vprint_func to print with. +.br +\fIctx\fP context variable to hx509_vprint_func function. +.RE +.PP + +.SS "int hx509_cert_keyusage_print (hx509_context context, hx509_cert c, char ** s)" +.PP +Print certificate usage for a certificate to a string. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIc\fP a certificate print the keyusage for. +.br +\fIs\fP the return string with the keysage printed in to, free with \fBhx509_xfree()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_oid_print (const heim_oid * oid, hx509_vprint_func func, void * ctx)" +.PP +Print a oid using a hx509_vprint_func function. To print to stdout use \fBhx509_print_stdout()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIoid\fP oid to print +.br +\fIfunc\fP hx509_vprint_func to print with. +.br +\fIctx\fP context variable to hx509_vprint_func function. +.RE +.PP + +.SS "int hx509_oid_sprint (const heim_oid * oid, char ** str)" +.PP +Print a oid to a string. +.PP +\fBParameters:\fP +.RS 4 +\fIoid\fP oid to print +.br +\fIstr\fP allocated string, free with \fBhx509_xfree()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_print_stdout (void * ctx, const char * fmt, va_list va)" +.PP +Helper function to print on stdout for: +.IP "\(bu" 2 +\fBhx509_oid_print()\fP, +.IP "\(bu" 2 +\fBhx509_bitstring_print()\fP, +.IP "\(bu" 2 +\fBhx509_validate_ctx_set_print()\fP. +.PP +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the context to the print function. If the ctx is NULL, stdout is used. +.br +\fIfmt\fP the printing format. +.br +\fIva\fP the argumet list. +.RE +.PP + +.SS "int hx509_validate_cert (hx509_context context, hx509_validate_ctx ctx, hx509_cert cert)" +.PP +Validate/Print the status of the certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP A hx509 validation context. +.br +\fIcert\fP the cerificate to validate/print. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_validate_ctx_add_flags (hx509_validate_ctx ctx, int flags)" +.PP +Add flags to control the behaivor of the \fBhx509_validate_cert()\fP function. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP A hx509 validation context. +.br +\fIflags\fP flags to add to the validation context. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_validate_ctx_free (hx509_validate_ctx ctx)" +.PP +Free an hx509 validate context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the hx509 validate context to free. +.RE +.PP + +.SS "int hx509_validate_ctx_init (hx509_context context, hx509_validate_ctx * ctx)" +.PP +Allocate a hx509 validation/printing context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP a new allocated hx509 validation context, free with \fBhx509_validate_ctx_free()\fP. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_validate_ctx_set_print (hx509_validate_ctx ctx, hx509_vprint_func func, void * c)" +.PP +Set the printing functions for the validation context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a hx509 valication context. +.br +\fIfunc\fP the printing function to usea. +.br +\fIc\fP the context variable to the printing function. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_print_cert.3 b/doc/doxyout/hx509/man/man3/hx509_print_cert.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_print_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_print_stdout.3 b/doc/doxyout/hx509/man/man3/hx509_print_stdout.3 new file mode 100644 index 000000000000..2577d70ee906 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_print_stdout.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_query.3 b/doc/doxyout/hx509/man/man3/hx509_query.3 new file mode 100644 index 000000000000..1cba6304302f --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_query.3 @@ -0,0 +1,5 @@ +.TH "hx509 query functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 query functions \- diff --git a/doc/doxyout/hx509/man/man3/hx509_query_alloc.3 b/doc/doxyout/hx509/man/man3/hx509_query_alloc.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_query_alloc.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_query_free.3 b/doc/doxyout/hx509/man/man3/hx509_query_free.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_query_free.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_query_match_cmp_func.3 b/doc/doxyout/hx509/man/man3/hx509_query_match_cmp_func.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_query_match_cmp_func.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_query_match_eku.3 b/doc/doxyout/hx509/man/man3/hx509_query_match_eku.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_query_match_eku.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_query_match_friendly_name.3 b/doc/doxyout/hx509/man/man3/hx509_query_match_friendly_name.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_query_match_friendly_name.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_query_match_issuer_serial.3 b/doc/doxyout/hx509/man/man3/hx509_query_match_issuer_serial.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_query_match_issuer_serial.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_query_match_option.3 b/doc/doxyout/hx509/man/man3/hx509_query_match_option.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_query_match_option.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_query_statistic_file.3 b/doc/doxyout/hx509/man/man3/hx509_query_statistic_file.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_query_statistic_file.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_query_unparse_stats.3 b/doc/doxyout/hx509/man/man3/hx509_query_unparse_stats.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_query_unparse_stats.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_revoke.3 b/doc/doxyout/hx509/man/man3/hx509_revoke.3 new file mode 100644 index 000000000000..7f18739e7ab3 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_revoke.3 @@ -0,0 +1,171 @@ +.TH "hx509 revokation checking functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 revokation checking functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "int \fBhx509_revoke_init\fP (hx509_context context, hx509_revoke_ctx *ctx)" +.br +.ti -1c +.RI "void \fBhx509_revoke_free\fP (hx509_revoke_ctx *ctx)" +.br +.ti -1c +.RI "int \fBhx509_revoke_add_ocsp\fP (hx509_context context, hx509_revoke_ctx ctx, const char *path)" +.br +.ti -1c +.RI "int \fBhx509_revoke_add_crl\fP (hx509_context context, hx509_revoke_ctx ctx, const char *path)" +.br +.ti -1c +.RI "int \fBhx509_revoke_verify\fP (hx509_context context, hx509_revoke_ctx ctx, hx509_certs certs, time_t now, hx509_cert cert, hx509_cert parent_cert)" +.br +.ti -1c +.RI "int \fBhx509_ocsp_request\fP (hx509_context context, hx509_certs reqcerts, hx509_certs pool, hx509_cert signer, const AlgorithmIdentifier *digest, heim_octet_string *request, heim_octet_string *nonce)" +.br +.ti -1c +.RI "int \fBhx509_revoke_ocsp_print\fP (hx509_context context, const char *path, FILE *out)" +.br +.in -1c +.SH "Detailed Description" +.PP +See the \fBRevocation methods\fP for description and examples. +.SH "Function Documentation" +.PP +.SS "int hx509_ocsp_request (hx509_context context, hx509_certs reqcerts, hx509_certs pool, hx509_cert signer, const AlgorithmIdentifier * digest, heim_octet_string * request, heim_octet_string * nonce)" +.PP +Create an OCSP request for a set of certificates. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context +.br +\fIreqcerts\fP list of certificates to request ocsp data for +.br +\fIpool\fP certificate pool to use when signing +.br +\fIsigner\fP certificate to use to sign the request +.br +\fIdigest\fP the signing algorithm in the request, if NULL use the default signature algorithm, +.br +\fIrequest\fP the encoded request, free with free_heim_octet_string(). +.br +\fInonce\fP nonce in the request, free with free_heim_octet_string(). +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_revoke_add_crl (hx509_context context, hx509_revoke_ctx ctx, const char * path)" +.PP +Add a CRL file to the revokation context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP hx509 context +.br +\fIctx\fP hx509 revokation context +.br +\fIpath\fP path to file that is going to be added to the context. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_revoke_add_ocsp (hx509_context context, hx509_revoke_ctx ctx, const char * path)" +.PP +Add a OCSP file to the revokation context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP hx509 context +.br +\fIctx\fP hx509 revokation context +.br +\fIpath\fP path to file that is going to be added to the context. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_revoke_free (hx509_revoke_ctx * ctx)" +.PP +Free a hx509 revokation context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP context to be freed +.RE +.PP + +.SS "int hx509_revoke_init (hx509_context context, hx509_revoke_ctx * ctx)" +.PP +Allocate a revokation context. Free with \fBhx509_revoke_free()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP returns a newly allocated revokation context. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_revoke_ocsp_print (hx509_context context, const char * path, FILE * out)" +.PP +Print the OCSP reply stored in a file. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context +.br +\fIpath\fP path to a file with a OCSP reply +.br +\fIout\fP the out FILE descriptor to print the reply on +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_revoke_verify (hx509_context context, hx509_revoke_ctx ctx, hx509_certs certs, time_t now, hx509_cert cert, hx509_cert parent_cert)" +.PP +Check that a certificate is not expired according to a revokation context. Also need the parent certificte to the check OCSP parent identifier. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP hx509 context +.br +\fIctx\fP hx509 revokation context +.br +\fIcerts\fP +.br +\fInow\fP +.br +\fIcert\fP +.br +\fIparent_cert\fP +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_revoke_add_crl.3 b/doc/doxyout/hx509/man/man3/hx509_revoke_add_crl.3 new file mode 100644 index 000000000000..d7d6ccf0d939 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_revoke_add_crl.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_revoke_add_ocsp.3 b/doc/doxyout/hx509/man/man3/hx509_revoke_add_ocsp.3 new file mode 100644 index 000000000000..d7d6ccf0d939 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_revoke_add_ocsp.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_revoke_free.3 b/doc/doxyout/hx509/man/man3/hx509_revoke_free.3 new file mode 100644 index 000000000000..d7d6ccf0d939 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_revoke_free.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_revoke_init.3 b/doc/doxyout/hx509/man/man3/hx509_revoke_init.3 new file mode 100644 index 000000000000..d7d6ccf0d939 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_revoke_init.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_revoke_ocsp_print.3 b/doc/doxyout/hx509/man/man3/hx509_revoke_ocsp_print.3 new file mode 100644 index 000000000000..d7d6ccf0d939 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_revoke_ocsp_print.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_revoke_verify.3 b/doc/doxyout/hx509/man/man3/hx509_revoke_verify.3 new file mode 100644 index 000000000000..d7d6ccf0d939 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_revoke_verify.3 @@ -0,0 +1 @@ +.so man3/hx509_revoke.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_set_error_string.3 b/doc/doxyout/hx509/man/man3/hx509_set_error_string.3 new file mode 100644 index 000000000000..191f0f0843f0 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_set_error_string.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_set_error_stringv.3 b/doc/doxyout/hx509/man/man3/hx509_set_error_stringv.3 new file mode 100644 index 000000000000..191f0f0843f0 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_set_error_stringv.3 @@ -0,0 +1 @@ +.so man3/hx509_error.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_unparse_der_name.3 b/doc/doxyout/hx509/man/man3/hx509_unparse_der_name.3 new file mode 100644 index 000000000000..926e21e01aaf --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_unparse_der_name.3 @@ -0,0 +1 @@ +.so man3/hx509_name.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_validate_cert.3 b/doc/doxyout/hx509/man/man3/hx509_validate_cert.3 new file mode 100644 index 000000000000..2577d70ee906 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_validate_cert.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_validate_ctx_add_flags.3 b/doc/doxyout/hx509/man/man3/hx509_validate_ctx_add_flags.3 new file mode 100644 index 000000000000..2577d70ee906 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_validate_ctx_add_flags.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_validate_ctx_free.3 b/doc/doxyout/hx509/man/man3/hx509_validate_ctx_free.3 new file mode 100644 index 000000000000..2577d70ee906 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_validate_ctx_free.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_validate_ctx_init.3 b/doc/doxyout/hx509/man/man3/hx509_validate_ctx_init.3 new file mode 100644 index 000000000000..2577d70ee906 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_validate_ctx_init.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_validate_ctx_set_print.3 b/doc/doxyout/hx509/man/man3/hx509_validate_ctx_set_print.3 new file mode 100644 index 000000000000..2577d70ee906 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_validate_ctx_set_print.3 @@ -0,0 +1 @@ +.so man3/hx509_print.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify.3 b/doc/doxyout/hx509/man/man3/hx509_verify.3 new file mode 100644 index 000000000000..a9fe40ddae48 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify.3 @@ -0,0 +1,309 @@ +.TH "hx509 verification functions" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +hx509 verification functions \- +.SS "Functions" + +.in +1c +.ti -1c +.RI "void \fBhx509_context_set_missing_revoke\fP (hx509_context context, int flag)" +.br +.ti -1c +.RI "int \fBhx509_verify_init_ctx\fP (hx509_context context, hx509_verify_ctx *ctx)" +.br +.ti -1c +.RI "void \fBhx509_verify_destroy_ctx\fP (hx509_verify_ctx ctx)" +.br +.ti -1c +.RI "void \fBhx509_verify_attach_anchors\fP (hx509_verify_ctx ctx, hx509_certs set)" +.br +.ti -1c +.RI "void \fBhx509_verify_attach_revoke\fP (hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_time\fP (hx509_verify_ctx ctx, time_t t)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_max_depth\fP (hx509_verify_ctx ctx, unsigned int max_depth)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_proxy_certificate\fP (hx509_verify_ctx ctx, int boolean)" +.br +.ti -1c +.RI "void \fBhx509_verify_set_strict_rfc3280_verification\fP (hx509_verify_ctx ctx, int boolean)" +.br +.ti -1c +.RI "int \fBhx509_verify_path\fP (hx509_context context, hx509_verify_ctx ctx, hx509_cert cert, hx509_certs pool)" +.br +.ti -1c +.RI "int \fBhx509_ocsp_verify\fP (hx509_context context, time_t now, hx509_cert cert, int flags, const void *data, size_t length, time_t *expiration)" +.br +.ti -1c +.RI "int \fBhx509_crl_alloc\fP (hx509_context context, hx509_crl *crl)" +.br +.ti -1c +.RI "int \fBhx509_crl_add_revoked_certs\fP (hx509_context context, hx509_crl crl, hx509_certs certs)" +.br +.ti -1c +.RI "int \fBhx509_crl_lifetime\fP (hx509_context context, hx509_crl crl, int delta)" +.br +.ti -1c +.RI "void \fBhx509_crl_free\fP (hx509_context context, hx509_crl *crl)" +.br +.ti -1c +.RI "int \fBhx509_crl_sign\fP (hx509_context context, hx509_cert signer, hx509_crl crl, heim_octet_string *os)" +.br +.in -1c +.SH "Detailed Description" +.PP + +.SH "Function Documentation" +.PP +.SS "void hx509_context_set_missing_revoke (hx509_context context, int flag)" +.PP +Selects if the \fBhx509_revoke_verify()\fP function is going to require the existans of a revokation method (OCSP, CRL) or not. Note that \fBhx509_verify_path()\fP, \fBhx509_cms_verify_signed()\fP, and other function call \fBhx509_revoke_verify()\fP. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP hx509 context to change the flag for. +.br +\fIflag\fP zero, revokation method required, non zero missing revokation method ok +.RE +.PP + +.SS "int hx509_crl_add_revoked_certs (hx509_context context, hx509_crl crl, hx509_certs certs)" +.PP +Add revoked certificate to an CRL context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcrl\fP the CRL to add the revoked certificate to. +.br +\fIcerts\fP keyset of certificate to revoke. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_crl_alloc (hx509_context context, hx509_crl * crl)" +.PP +Create a CRL context. Use \fBhx509_crl_free()\fP to free the CRL context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcrl\fP return pointer to a newly allocated CRL context. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_crl_free (hx509_context context, hx509_crl * crl)" +.PP +Free a CRL context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcrl\fP a CRL context to free. +.RE +.PP + +.SS "int hx509_crl_lifetime (hx509_context context, hx509_crl crl, int delta)" +.PP +Set the lifetime of a CRL context. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIcrl\fP a CRL context +.br +\fIdelta\fP delta time the certificate is valid, library adds the current time to this. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_crl_sign (hx509_context context, hx509_cert signer, hx509_crl crl, heim_octet_string * os)" +.PP +Sign a CRL and return an encode certificate. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context. +.br +\fIsigner\fP certificate to sign the CRL with +.br +\fIcrl\fP the CRL to sign +.br +\fIos\fP return the signed and encoded CRL, free with free_heim_octet_string() +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_ocsp_verify (hx509_context context, time_t now, hx509_cert cert, int flags, const void * data, size_t length, time_t * expiration)" +.PP +Verify that the certificate is part of the OCSP reply and it's not expired. Doesn't verify signature the OCSP reply or it's done by a authorized sender, that is assumed to be already done. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP a hx509 context +.br +\fInow\fP the time right now, if 0, use the current time. +.br +\fIcert\fP the certificate to verify +.br +\fIflags\fP flags control the behavior +.br +\fIdata\fP pointer to the encode ocsp reply +.br +\fIlength\fP the length of the encode ocsp reply +.br +\fIexpiration\fP return the time the OCSP will expire and need to be rechecked. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_verify_attach_anchors (hx509_verify_ctx ctx, hx509_certs set)" +.PP +Set the trust anchors in the verification context, makes an reference to the keyset, so the consumer can free the keyset independent of the destruction of the verification context (ctx). If there already is a keyset attached, it's released. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIset\fP a keyset containing the trust anchors. +.RE +.PP + +.SS "void hx509_verify_attach_revoke (hx509_verify_ctx ctx, hx509_revoke_ctx revoke_ctx)" +.PP +Attach an revocation context to the verfication context, , makes an reference to the revoke context, so the consumer can free the revoke context independent of the destruction of the verification context. If there is no revoke context, the verification process is NOT going to check any verification status. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context. +.br +\fIrevoke_ctx\fP a revoke context. +.RE +.PP + +.SS "void hx509_verify_destroy_ctx (hx509_verify_ctx ctx)" +.PP +Free an hx509 verification context. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP the context to be freed. +.RE +.PP + +.SS "int hx509_verify_init_ctx (hx509_context context, hx509_verify_ctx * ctx)" +.PP +Allocate an verification context that is used fo control the verification process. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP returns a pointer to a hx509_verify_ctx object. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "int hx509_verify_path (hx509_context context, hx509_verify_ctx ctx, hx509_cert cert, hx509_certs pool)" +.PP +Build and verify the path for the certificate to the trust anchor specified in the verify context. The path is constructed from the certificate, the pool and the trust anchors. +.PP +\fBParameters:\fP +.RS 4 +\fIcontext\fP A hx509 context. +.br +\fIctx\fP A hx509 verification context. +.br +\fIcert\fP the certificate to build the path from. +.br +\fIpool\fP A keyset of certificates to build the chain from. +.RE +.PP +\fBReturns:\fP +.RS 4 +An hx509 error code, see \fBhx509_get_error_string()\fP. +.RE +.PP + +.SS "void hx509_verify_set_max_depth (hx509_verify_ctx ctx, unsigned int max_depth)" +.PP +Set the maximum depth of the certificate chain that the path builder is going to try. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context +.br +\fImax_depth\fP maxium depth of the certificate chain, include trust anchor. +.RE +.PP + +.SS "void hx509_verify_set_proxy_certificate (hx509_verify_ctx ctx, int boolean)" +.PP +Allow or deny the use of proxy certificates +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIboolean\fP if non zero, allow proxy certificates. +.RE +.PP + +.SS "void hx509_verify_set_strict_rfc3280_verification (hx509_verify_ctx ctx, int boolean)" +.PP +Select strict RFC3280 verification of certificiates. This means checking key usage on CA certificates, this will make version 1 certificiates unuseable. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context +.br +\fIboolean\fP if non zero, use strict verification. +.RE +.PP + +.SS "void hx509_verify_set_time (hx509_verify_ctx ctx, time_t t)" +.PP +Set the clock time the the verification process is going to use. Used to check certificate in the past and future time. If not set the current time will be used. +.PP +\fBParameters:\fP +.RS 4 +\fIctx\fP a verification context. +.br +\fIt\fP the time the verifiation is using. +.RE +.PP + diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_attach_anchors.3 b/doc/doxyout/hx509/man/man3/hx509_verify_attach_anchors.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_attach_anchors.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_attach_revoke.3 b/doc/doxyout/hx509/man/man3/hx509_verify_attach_revoke.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_attach_revoke.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_ctx_f_allow_default_trustanchors.3 b/doc/doxyout/hx509/man/man3/hx509_verify_ctx_f_allow_default_trustanchors.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_ctx_f_allow_default_trustanchors.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_destroy_ctx.3 b/doc/doxyout/hx509/man/man3/hx509_verify_destroy_ctx.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_destroy_ctx.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_hostname.3 b/doc/doxyout/hx509/man/man3/hx509_verify_hostname.3 new file mode 100644 index 000000000000..d65a4b6b4f63 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_hostname.3 @@ -0,0 +1 @@ +.so man3/hx509_cert.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_init_ctx.3 b/doc/doxyout/hx509/man/man3/hx509_verify_init_ctx.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_init_ctx.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_path.3 b/doc/doxyout/hx509/man/man3/hx509_verify_path.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_path.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_set_max_depth.3 b/doc/doxyout/hx509/man/man3/hx509_verify_set_max_depth.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_set_max_depth.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_set_proxy_certificate.3 b/doc/doxyout/hx509/man/man3/hx509_verify_set_proxy_certificate.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_set_proxy_certificate.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_set_strict_rfc3280_verification.3 b/doc/doxyout/hx509/man/man3/hx509_verify_set_strict_rfc3280_verification.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_set_strict_rfc3280_verification.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_set_time.3 b/doc/doxyout/hx509/man/man3/hx509_verify_set_time.3 new file mode 100644 index 000000000000..e52f771b5297 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_set_time.3 @@ -0,0 +1 @@ +.so man3/hx509_verify.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_verify_signature.3 b/doc/doxyout/hx509/man/man3/hx509_verify_signature.3 new file mode 100644 index 000000000000..67b1f7fa6ea6 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_verify_signature.3 @@ -0,0 +1 @@ +.so man3/hx509_crypto.3 diff --git a/doc/doxyout/hx509/man/man3/hx509_xfree.3 b/doc/doxyout/hx509/man/man3/hx509_xfree.3 new file mode 100644 index 000000000000..f58308e8cd15 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/hx509_xfree.3 @@ -0,0 +1 @@ +.so man3/hx509_misc.3 diff --git a/doc/doxyout/hx509/man/man3/page_ca.3 b/doc/doxyout/hx509/man/man3/page_ca.3 new file mode 100644 index 000000000000..98401fb6ca57 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_ca.3 @@ -0,0 +1,6 @@ +.TH "page_ca" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_ca \- Hx509 CA functions +See the library functions here: \fBhx509 CA functions\fP diff --git a/doc/doxyout/hx509/man/man3/page_cert.3 b/doc/doxyout/hx509/man/man3/page_cert.3 new file mode 100644 index 000000000000..412edb3c0840 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_cert.3 @@ -0,0 +1,10 @@ +.TH "page_cert" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_cert \- The basic certificate +The basic hx509 cerificate object in hx509 is hx509_cert. The hx509_cert object is representing one X509/PKIX certificate and associated attributes; like private key, friendly name, etc. +.PP +A hx509_cert object is usully found via the keyset interfaces (\fBCertificate store operations\fP), but its also possible to create a certificate directly from a parsed object with \fBhx509_cert_init()\fP and \fBhx509_cert_init_data()\fP. +.PP +See the library functions here: \fBhx509 certificate functions\fP diff --git a/doc/doxyout/hx509/man/man3/page_cms.3 b/doc/doxyout/hx509/man/man3/page_cms.3 new file mode 100644 index 000000000000..bd19fc53c2a2 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_cms.3 @@ -0,0 +1,18 @@ +.TH "page_cms" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_cms \- CMS/PKCS7 message functions. +CMS is defined in RFC 3369 and is an continuation of the RSA Labs standard PKCS7. The basic messages in CMS is +.PP +.IP "\(bu" 2 +SignedData Data signed with private key (RSA, DSA, ECDSA) or secret (symmetric) key +.IP "\(bu" 2 +EnvelopedData Data encrypted with private key (RSA) +.IP "\(bu" 2 +EncryptedData Data encrypted with secret (symmetric) key. +.IP "\(bu" 2 +ContentInfo Wrapper structure including type and data. +.PP +.PP +See the library functions here: \fBhx509 CMS/pkcs7 functions\fP diff --git a/doc/doxyout/hx509/man/man3/page_env.3 b/doc/doxyout/hx509/man/man3/page_env.3 new file mode 100644 index 000000000000..8aff024935f2 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_env.3 @@ -0,0 +1,6 @@ +.TH "page_env" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_env \- Hx509 enviroment functions +See the library functions here: \fBhx509 enviroment functions\fP diff --git a/doc/doxyout/hx509/man/man3/page_error.3 b/doc/doxyout/hx509/man/man3/page_error.3 new file mode 100644 index 000000000000..5407c406bff7 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_error.3 @@ -0,0 +1,6 @@ +.TH "page_error" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_error \- Hx509 error reporting functions +See the library functions here: \fBhx509 error functions\fP diff --git a/doc/doxyout/hx509/man/man3/page_keyset.3 b/doc/doxyout/hx509/man/man3/page_keyset.3 new file mode 100644 index 000000000000..f0ea3a617f4c --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_keyset.3 @@ -0,0 +1,25 @@ +.TH "page_keyset" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_keyset \- Certificate store operations +Type of certificates store: +.IP "\(bu" 2 +MEMORY In memory based format. Doesnt support storing. +.IP "\(bu" 2 +FILE FILE supports raw DER certicates and PEM certicates. When PEM is used the file can contain may certificates and match private keys. Support storing the certificates. DER format only supports on certificate and no private key. +.IP "\(bu" 2 +PEM-FILE Same as FILE, defaulting to PEM encoded certificates. +.IP "\(bu" 2 +PEM-FILE Same as FILE, defaulting to DER encoded certificates. +.IP "\(bu" 2 +PKCS11 +.IP "\(bu" 2 +PKCS12 +.IP "\(bu" 2 +DIR +.IP "\(bu" 2 +KEYCHAIN Apple Mac OS X KeyChain backed keychain object. +.PP +.PP +See the library functions here: \fBhx509 certificate store functions\fP diff --git a/doc/doxyout/hx509/man/man3/page_lock.3 b/doc/doxyout/hx509/man/man3/page_lock.3 new file mode 100644 index 000000000000..95b30d4e6c10 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_lock.3 @@ -0,0 +1,6 @@ +.TH "page_lock" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_lock \- Locking and unlocking certificates and encrypted data. +See the library functions here: \fBhx509 lock functions\fP diff --git a/doc/doxyout/hx509/man/man3/page_name.3 b/doc/doxyout/hx509/man/man3/page_name.3 new file mode 100644 index 000000000000..e0cd007b07fb --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_name.3 @@ -0,0 +1,18 @@ +.TH "page_name" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_name \- PKIX/X.509 Names +There are several names in PKIX/X.509, GeneralName and Name. +.PP +A Name consists of an ordered list of Relative Distinguished Names (RDN). Each RDN consists of an unordered list of typed strings. The types are defined by OID and have long and short description. For example id-at-commonName (2.5.4.3) have the long name CommonName and short name CN. The string itself can be of several encoding, UTF8, UTF16, Teltex string, etc. The type limit what encoding should be used. +.PP +GeneralName is a broader nametype that can contains al kind of stuff like Name, IP addresses, partial Name, etc. +.PP +Name is mapped into a hx509_name object. +.PP +Parse and string name into a hx509_name object with \fBhx509_parse_name()\fP, make it back into string representation with \fBhx509_name_to_string()\fP. +.PP +Name string are defined rfc2253, rfc1779 and X.501. +.PP +See the library functions here: \fBhx509 name functions\fP diff --git a/doc/doxyout/hx509/man/man3/page_peer.3 b/doc/doxyout/hx509/man/man3/page_peer.3 new file mode 100644 index 000000000000..a58a0620e3bd --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_peer.3 @@ -0,0 +1,8 @@ +.TH "page_peer" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_peer \- Hx509 crypto selecting functions +Peer info structures are used togeter with hx509_crypto_select() to select the best avaible crypto algorithm to use. +.PP +See the library functions here: \fBhx509 certificate selecting functions\fP diff --git a/doc/doxyout/hx509/man/man3/page_print.3 b/doc/doxyout/hx509/man/man3/page_print.3 new file mode 100644 index 000000000000..1558729e9131 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_print.3 @@ -0,0 +1,6 @@ +.TH "page_print" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_print \- Hx509 printing functions +See the library functions here: \fBhx509 printing functions\fP diff --git a/doc/doxyout/hx509/man/man3/page_revoke.3 b/doc/doxyout/hx509/man/man3/page_revoke.3 new file mode 100644 index 000000000000..c432de3a5d96 --- /dev/null +++ b/doc/doxyout/hx509/man/man3/page_revoke.3 @@ -0,0 +1,10 @@ +.TH "page_revoke" 3 "30 Jul 2011" "Version 1.5" "Heimdalx509library" \" -*- nroff -*- +.ad l +.nh +.SH NAME +page_revoke \- Revocation methods +There are two revocation method for PKIX/X.509: CRL and OCSP. Revocation is needed if the private key is lost and stolen. Depending on how picky you are, you might want to make revocation for destroyed private keys too (smartcard broken), but that should not be a problem. +.PP +CRL is a list of certifiates that have expired. +.PP +OCSP is an online checking method where the requestor sends a list of certificates to the OCSP server to return a signed reply if they are valid or not. Some services sends a OCSP reply as part of the hand-shake to make the revoktion decision simpler/faster for the client. |