| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
4.1.1.3 X.509 distinguished names
The “subject” of an X.509 certificate is not described by a single name, but rather with a distinguished name. This in X.509 terminology is a list of strings each associated an object identifier. To make things simple GnuTLS provides gnutls_x509_crt_get_dn2 which follows the rules in [RFC4514] and returns a single string. Access to each string by individual object identifiers can be accessed using gnutls_x509_crt_get_dn_by_oid.
- Function: int gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)
cert: should contain a
gnutls_x509_crt_tstructuredn: a pointer to a structure to hold the name
This function will allocate buffer and copy the name of the Certificate. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC4514. The output string will be ASCII or UTF-8 encoded, depending on the certificate data.
Returns: On success,
GNUTLS_E_SUCCESS(0) is returned, otherwise a negative error value. and a negative error code on error.Since: 3.1.10
int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char * buf, size_t * buf_size)int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char * oid, int indx, unsigned int raw_flag, void * buf, size_t * buf_size)int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx, void * oid, size_t * oid_size)
Similar functions exist to access the distinguished name of the issuer of the certificate.
int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char * buf, size_t * buf_size)int gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t * dn)int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, const char * oid, int indx, unsigned int raw_flag, void * buf, size_t * buf_size)int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx, void * oid, size_t * oid_size)int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
The more powerful gnutls_x509_crt_get_subject and gnutls_x509_dn_get_rdn_ava provide efficient but low-level access to the contents of the distinguished name structure.
int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
- Function: int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn, int iava, gnutls_x509_ava_st * ava)
dn: a pointer to DN
irdn: index of RDN
iava: index of AVA.
ava: Pointer to structure which will hold output information.
Get pointers to data within the DN. The format of the
avastructure is shown below.struct gnutls_x509_ava_st { gnutls_datum_t oid; gnutls_datum_t value; unsigned long value_tag; };
The X.509 distinguished name is a sequence of sequences of strings and this is what the
irdnandiavaindexes model.Note that
avawill contain pointers into thednstructure which in turns points to the original certificate. Thus you should not modify any data or deallocate any of those.This is a low-level function that requires the caller to do the value conversions when necessary (e.g. from UCS-2).
Returns: Returns 0 on success, or an error code.
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on May 31, 2014 using texi2html 5.0.