Next: Verifying X.509 certificate paths, Previous: X.509 certificate structure, Up: X.509 certificates [Contents][Index]
The “subject” of an X.509 certificate is not described by a single name, but rather with a distinguished name. This in X.509 terminology is a list of strings each associated an object identifier. To make things simple GnuTLS provides gnutls_x509_crt_get_dn which follows the rules in [RFC4514] and returns a single string. Access to each string by individual object identifiers can be accessed using gnutls_x509_crt_get_dn_by_oid.
cert: should contain a gnutls_x509_crt_t structure
buf: a pointer to a structure to hold the name (may be null)
buf_size: initially holds the size of buf
This function will copy the name of the Certificate in the provided buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC4514. The output string will be ASCII or UTF-8 encoded, depending on the certificate data.
If buf is null then only the size will be filled.
Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
long enough, and in that case the buf_size will be updated
with the required size. On success 0 is returned.
cert: should contain a gnutls_x509_crt_t structure
oid: holds an Object Identified in null terminated string
indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one.
raw_flag: If non (0) returns the raw DER data of the DN part.
buf: a pointer where the DN part will be copied (may be null).
buf_size: initially holds the size of buf
This function will extract the part of the name of the Certificate subject specified by the given OID. The output, if the raw flag is not used, will be encoded as described in RFC4514. Thus a string that is ASCII or UTF-8 encoded, depending on the certificate data.
Some helper macros with popular OIDs can be found in gnutls/x509.h
If raw flag is (0), this function will only return known OIDs as
text. Other OIDs will be DER encoded, as described in RFC4514 –
in hex format with a ’#’ prefix. You can check about known OIDs
using gnutls_x509_dn_oid_known() .
If buf is null then only the size will be filled. If the raw_flag is not specified the output is always null terminated, although the
buf_size will not include the null character.
Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
not long enough, and in that case the *buf_size will be updated
with the required size. On success 0 is returned.
cert: should contain a gnutls_x509_crt_t structure
indx: This specifies which OID to return. Use (0) to get the first one.
oid: a pointer to a buffer to hold the OID (may be null)
oid_size: initially holds the size of oid
This function will extract the OIDs of the name of the Certificate subject specified by the given index.
If oid is null then only the size will be filled. The oid returned will be null terminated, although oid_size will not
account for the trailing null.
Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
not long enough, and in that case the oid_size will be updated
with the required size. On success 0 is returned.
The more powerful gnutls_x509_crt_get_subject and gnutls_x509_dn_get_rdn_ava provide efficient access to the contents of the distinguished name structure.
cert: should contain a gnutls_x509_crt_t structure
dn: output variable with pointer to uint8_t DN.
Return the Certificate’s Subject DN as an uint8_t data type. You
may use gnutls_x509_dn_get_rdn_ava() to decode the DN.
Note that dn should be treated as constant. Because points
into the cert object, you may not deallocate cert and continue to access dn .
Returns: Returns 0 on success, or an error code.
dn: input variable with uint8_t DN pointer
irdn: index of RDN
iava: index of AVA.
ava: Pointer to structure which will hold output information.
Get pointers to data within the DN.
Note that ava will contain pointers into the dn structure, so you
should not modify any data or deallocate it. Note also that the DN
in turn points into the original certificate structure, and thus
you may not deallocate the certificate and continue to access dn .
Returns: Returns 0 on success, or an error code.
Similar functions exist to access the distinguished name of the issuer of the certificate.
gnutls_x509_crt_get_issuer_dngnutls_x509_crt_get_issuer_dn_by_oidgnutls_x509_crt_get_issuer_dn_oidgnutls_x509_crt_get_issuerNext: Verifying X.509 certificate paths, Previous: X.509 certificate structure, Up: X.509 certificates [Contents][Index]