static gnutls_x509_crq generate_certificate_request(requiem_client_profile_t *cp,
requiem_connection_permission_t permission,
gnutls_x509_privkey key, unsigned char *buf, size_t *size)
{
int ret;
gnutls_x509_crq crq;
ret = gnutls_x509_crq_init(&crq);
if ( ret < 0 ) {
fprintf(stderr, "error creating certificate request: %s.\n", gnutls_strerror(ret));
return NULL;
}
ret = gnutls_x509_crq_set_key(crq, key);
if ( ret < 0 ) {
fprintf(stderr, "error setting certificate request key: %s.\n", gnutls_strerror(ret));
gnutls_x509_crq_deinit(crq);
return NULL;
}
if ( permission ) {
ret = snprintf((char *) buf, *size, "%d", (int) permission);
ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, 0, buf, ret);
if ( ret < 0 ) {
fprintf(stderr, "error setting common name: %s.\n", gnutls_strerror(ret));
return NULL;
}
}
gnutls_x509_crq_set_version(crq, 3);
ret = snprintf((char*) buf, *size, "%" REQUIEM_PRIu64, requiem_client_profile_get_analyzerid(cp));
ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_DN_QUALIFIER, 0, buf, ret);
if ( ret < 0 ) {
fprintf(stderr, "error setting common name: %s.\n", gnutls_strerror(ret));
return NULL;
}
ret = gnutls_x509_crq_sign(crq, key);
if ( ret < 0 ) {
fprintf(stderr, "error signing certificate request: %s.\n", gnutls_strerror(ret));
gnutls_x509_crq_deinit(crq);
return NULL;
}
ret = gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buf, size);
if ( ret < 0 ) {
fprintf(stderr, "error exporting certificate request: %s.\n", gnutls_strerror(ret));
gnutls_x509_crq_deinit(crq);
return NULL;
}
return crq;
}
void
doit (void)
{
gnutls_x509_privkey_t pkey;
gnutls_privkey_t abs_pkey;
gnutls_x509_crq_t crq;
size_t pkey_key_id_len;
unsigned char *pkey_key_id = NULL;
size_t crq_key_id_len;
unsigned char *crq_key_id = NULL;
gnutls_pk_algorithm_t algorithm;
int ret;
ret = global_init ();
if (ret < 0)
fail ("global_init: %d\n", ret);
gnutls_global_set_log_function (tls_log_func);
if (debug)
gnutls_global_set_log_level (4711);
for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_DSA; algorithm++)
{
ret = gnutls_x509_crq_init (&crq);
if (ret < 0)
fail ("gnutls_x509_crq_init: %d\n", ret);
ret = gnutls_x509_privkey_init (&pkey);
if (ret < 0)
{
fail ("gnutls_x509_privkey_init: %d\n", ret);
}
ret = gnutls_privkey_init (&abs_pkey);
if (ret < 0)
{
fail ("gnutls_privkey_init: %d\n", ret);
}
ret = gnutls_x509_privkey_generate (pkey, algorithm, 1024, 0);
if (ret < 0)
{
fail ("gnutls_x509_privkey_generate (rsa): %d\n", ret);
}
else if (debug)
{
success ("Key[%s] generation ok: %d\n",
gnutls_pk_algorithm_get_name (algorithm), ret);
}
pkey_key_id_len = 0;
ret = gnutls_x509_privkey_get_key_id (pkey, 0, pkey_key_id,
&pkey_key_id_len);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
{
fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n",
ret);
}
pkey_key_id = malloc (sizeof (unsigned char) * pkey_key_id_len);
ret = gnutls_x509_privkey_get_key_id (pkey, 0, pkey_key_id,
&pkey_key_id_len);
if (ret != GNUTLS_E_SUCCESS)
{
fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n",
ret);
}
ret = gnutls_x509_crq_set_version (crq, 1);
if (ret < 0)
{
fail ("gnutls_x509_crq_set_version: %d\n", ret);
}
ret = gnutls_x509_crq_set_key (crq, pkey);
if (ret < 0)
{
fail ("gnutls_x509_crq_set_key: %d\n", ret);
}
ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
0, "CN-Test", 7);
if (ret < 0)
{
fail ("gnutls_x509_crq_set_dn_by_oid: %d\n", ret);
}
ret = gnutls_privkey_import_x509( abs_pkey, pkey, 0);
if (ret < 0)
{
fail ("gnutls_privkey_import_x509: %d\n", ret);
}
ret = gnutls_x509_crq_privkey_sign (crq, abs_pkey, GNUTLS_DIG_SHA1, 0);
if (ret < 0)
{
fail ("gnutls_x509_crq_sign: %d\n", ret);
}
ret = gnutls_x509_crq_verify (crq, 0);
if (ret < 0)
{
fail ("gnutls_x509_crq_verify: %d\n", ret);
}
crq_key_id_len = 0;
ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
{
fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret);
}
crq_key_id = malloc (sizeof (unsigned char) * crq_key_id_len);
ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len);
if (ret != GNUTLS_E_SUCCESS)
{
fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret);
}
if (crq_key_id_len == pkey_key_id_len)
{
ret = memcmp (crq_key_id, pkey_key_id, crq_key_id_len);
if (ret == 0)
{
if (debug)
success ("Key ids are identical. OK.\n");
}
else
{
fail ("Key ids differ incorrectly: %d\n", ret);
}
}
else
{
fail ("Key_id lengths differ incorrectly: %d - %d\n",
(int) crq_key_id_len, (int) pkey_key_id_len);
}
if (pkey_key_id)
{
free (pkey_key_id);
pkey_key_id = NULL;
}
if (crq_key_id)
{
free (crq_key_id);
crq_key_id = NULL;
}
gnutls_x509_crq_deinit (crq);
gnutls_x509_privkey_deinit (pkey);
gnutls_privkey_deinit (abs_pkey);
}
gnutls_global_deinit ();
}
void
doit (void)
{
gnutls_x509_privkey_t pkey;
gnutls_x509_crt_t crt;
gnutls_x509_crq_t crq;
gnutls_datum_t out;
size_t s = 0;
char smallbuf[10];
int ret;
ret = gnutls_global_init ();
if (ret < 0)
fail ("gnutls_global_init\n");
gnutls_global_set_log_function (tls_log_func);
if (debug)
gnutls_global_set_log_level (4711);
ret = gnutls_x509_crq_init (&crq);
if (ret != 0)
fail ("gnutls_x509_crq_init\n");
ret = gnutls_x509_privkey_init (&pkey);
if (ret != 0)
fail ("gnutls_x509_privkey_init\n");
ret = gnutls_x509_crt_init (&crt);
if (ret != 0)
fail ("gnutls_x509_crt_init\n");
ret = gnutls_x509_privkey_import (pkey, &key, GNUTLS_X509_FMT_PEM);
if (ret != 0)
fail ("gnutls_x509_privkey_import\n");
ret = gnutls_x509_crq_set_version (crq, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_version\n");
ret = gnutls_x509_crq_set_key (crq, pkey);
if (ret != 0)
fail ("gnutls_x509_crq_set_key\n");
s = 0;
ret = gnutls_x509_crq_get_extension_info (crq, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail ("gnutls_x509_crq_get_extension_info\n");
ret = gnutls_x509_crq_set_basic_constraints (crq, 0, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_basic_constraints %d\n", ret);
ret = gnutls_x509_crq_set_key_usage (crq, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_key_usage %d\n", ret);
ret = gnutls_x509_crq_get_challenge_password (crq, NULL, &s);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail ("gnutls_x509_crq_get_challenge_password %d\n", ret);
ret = gnutls_x509_crq_set_challenge_password (crq, "foo");
if (ret != 0)
fail ("gnutls_x509_crq_set_challenge_password %d\n", ret);
s = 0;
ret = gnutls_x509_crq_get_challenge_password (crq, NULL, &s);
if (ret != 0 || s != 3)
fail ("gnutls_x509_crq_get_challenge_password2 %d/%d\n", ret, (int) s);
s = 10;
ret = gnutls_x509_crq_get_challenge_password (crq, smallbuf, &s);
if (ret != 0 || s != 3 || strcmp (smallbuf, "foo") != 0)
fail ("gnutls_x509_crq_get_challenge_password3 %d/%d/%s\n",
ret, (int) s, smallbuf);
s = 0;
ret = gnutls_x509_crq_get_extension_info (crq, 0, NULL, &s, NULL);
if (ret != 0)
fail ("gnutls_x509_crq_get_extension_info2\n");
s = 0;
ret = gnutls_x509_crq_get_extension_data (crq, 0, NULL, &s);
if (ret != 0)
fail ("gnutls_x509_crq_get_extension_data\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
"foo", 3, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
"bar", 3, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
"apa", 3, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME,
"foo", 3, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_subject_alt_name\n");
s = 0;
ret = gnutls_x509_crq_get_key_purpose_oid (crq, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail ("gnutls_x509_crq_get_key_purpose_oid %d\n", ret);
s = 0;
ret =
gnutls_x509_crq_set_key_purpose_oid (crq, GNUTLS_KP_TLS_WWW_SERVER, 0);
if (ret != 0)
fail ("gnutls_x509_crq_set_key_purpose_oid %d\n", ret);
s = 0;
ret = gnutls_x509_crq_get_key_purpose_oid (crq, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
fail ("gnutls_x509_crq_get_key_purpose_oid %d\n", ret);
s = 0;
ret =
gnutls_x509_crq_set_key_purpose_oid (crq, GNUTLS_KP_TLS_WWW_CLIENT, 1);
if (ret != 0)
fail ("gnutls_x509_crq_set_key_purpose_oid2 %d\n", ret);
ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &out);
if (ret != 0)
fail ("gnutls_x509_crq_print\n");
if (debug)
printf ("crq: %.*s\n", out.size, out.data);
gnutls_free (out.data);
ret = gnutls_x509_crt_set_version (crt, 3);
if (ret != 0)
fail ("gnutls_x509_crt_set_version\n");
ret = gnutls_x509_crt_set_crq_extensions (crt, crq);
if (ret != 0)
fail ("gnutls_x509_crt_set_crq_extensions\n");
ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &out);
if (ret != 0)
fail ("gnutls_x509_crt_print\n");
if (debug)
printf ("crt: %.*s\n", out.size, out.data);
gnutls_free (out.data);
gnutls_x509_crq_deinit (crq);
gnutls_x509_crt_deinit (crt);
gnutls_x509_privkey_deinit (pkey);
gnutls_global_deinit ();
}
static void
inf_test_certificate_request_notify_status_cb(GObject* object,
GParamSpec* pspec,
gpointer user_data)
{
InfTestCertificateRequest* test;
InfBrowserStatus status;
gnutls_x509_crq_t crq;
InfRequest* request;
GError* error;
int res;
test = (InfTestCertificateRequest*)user_data;
g_object_get(G_OBJECT(test->browser), "status", &status, NULL);
if(status == INF_BROWSER_OPEN)
{
fprintf(stderr, "Connection established, creating key... (4096 bit)\n");
/* TODO: Some error checking here */
gnutls_x509_privkey_init(&test->key);
gnutls_x509_privkey_generate(test->key, GNUTLS_PK_RSA, 4096, 0);
fprintf(stderr, "Done, sending the certificate request\n");
gnutls_x509_crq_init(&crq);
gnutls_x509_crq_set_key(crq, test->key);
gnutls_x509_crq_set_key_usage(crq, GNUTLS_KEY_DIGITAL_SIGNATURE);
gnutls_x509_crq_set_version(crq, 3);
gnutls_x509_crq_set_dn_by_oid(
crq,
GNUTLS_OID_X520_COMMON_NAME,
0,
"Armin Burgmeier",
strlen("Armin Burgmeier")
);
/* TODO: gnutls_x509_crq_sign2 is deprecated in favour of
* gnutls_x509_crq_privkey_sign, but the latter returns the error code
* GNUTLS_E_UNIMPLEMENTED_FEATURE, so we keep using the deprecated
* version here. */
/*gnutls_x509_crq_privkey_sign(crq, key, GNUTLS_DIG_SHA1, 0);*/
gnutls_x509_crq_sign2(crq, test->key, GNUTLS_DIG_SHA1, 0);
error = NULL;
request = inf_browser_create_acl_account(
INF_BROWSER(object),
crq,
inf_test_certificate_request_finished_cb,
test
);
gnutls_x509_crq_deinit(crq);
}
if(status == INF_BROWSER_CLOSED)
{
if(inf_standalone_io_loop_running(test->io))
inf_standalone_io_loop_quit(test->io);
}
}
static gnutls_x509_crq_t generate_crq(void)
{
gnutls_x509_crq_t crq;
gnutls_x509_privkey_t pkey;
const char *err;
int ret;
size_t s = 0;
char smallbuf[10];
gnutls_datum_t out;
unsigned crit;
ret = gnutls_x509_privkey_init(&pkey);
if (ret != 0)
fail("gnutls_x509_privkey_init\n");
ret = gnutls_x509_privkey_import(pkey, &key, GNUTLS_X509_FMT_PEM);
if (ret != 0)
fail("gnutls_x509_privkey_import\n");
ret = gnutls_x509_crq_init(&crq);
if (ret != 0)
fail("gnutls_x509_crq_init\n");
ret = gnutls_x509_crq_set_version(crq, 0);
if (ret != 0)
fail("gnutls_x509_crq_set_version\n");
ret = gnutls_x509_crq_set_key(crq, pkey);
if (ret != 0)
fail("gnutls_x509_crq_set_key\n");
s = 0;
ret = gnutls_x509_crq_get_extension_info(crq, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail("gnutls_x509_crq_get_extension_info\n");
ret = gnutls_x509_crq_set_basic_constraints(crq, 0, 0);
if (ret != 0)
fail("gnutls_x509_crq_set_basic_constraints %d\n", ret);
ret = gnutls_x509_crq_set_key_usage(crq, 0);
if (ret != 0)
fail("gnutls_x509_crq_set_key_usage %d\n", ret);
ret = gnutls_x509_crq_get_challenge_password(crq, NULL, &s);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail("%d: gnutls_x509_crq_get_challenge_password %d: %s\n",
__LINE__, ret, gnutls_strerror(ret));
ret = gnutls_x509_crq_set_dn(crq, "o = none to\\, mention,cn = nikos", &err);
if (ret < 0) {
fail("gnutls_x509_crq_set_dn: %s, %s\n", gnutls_strerror(ret), err);
}
ret = gnutls_x509_crq_set_challenge_password(crq, "foo");
if (ret != 0)
fail("gnutls_x509_crq_set_challenge_password %d\n", ret);
s = 0;
ret = gnutls_x509_crq_get_challenge_password(crq, NULL, &s);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER || s != 4)
fail("%d: gnutls_x509_crq_get_challenge_password %d: %s (passlen: %d)\n", __LINE__, ret, gnutls_strerror(ret), (int) s);
s = 10;
ret = gnutls_x509_crq_get_challenge_password(crq, smallbuf, &s);
if (ret != 0 || s != 3 || strcmp(smallbuf, "foo") != 0)
fail("%d: gnutls_x509_crq_get_challenge_password3 %d/%d/%s\n", __LINE__, ret, (int) s, smallbuf);
s = 0;
ret = gnutls_x509_crq_get_extension_info(crq, 0, NULL, &s, NULL);
if (ret != 0)
fail("gnutls_x509_crq_get_extension_info2\n");
s = 0;
ret = gnutls_x509_crq_get_extension_data(crq, 0, NULL, &s);
if (ret != 0)
fail("gnutls_x509_crq_get_extension_data\n");
ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME,
"foo", 3, 1);
if (ret != 0)
fail("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME,
"bar", 3, 1);
if (ret != 0)
fail("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME,
"apa", 3, 0);
if (ret != 0)
fail("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME,
"foo", 3, 1);
if (ret != 0)
fail("gnutls_x509_crq_set_subject_alt_name\n");
ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME,
"νίκο.com", strlen("νίκο.com"), GNUTLS_FSAN_APPEND);
if (ret != 0)
fail("gnutls_x509_crq_set_subject_alt_name\n");
s = 0;
ret = gnutls_x509_crq_get_key_purpose_oid(crq, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
fail("gnutls_x509_crq_get_key_purpose_oid %d\n", ret);
s = 0;
ret =
gnutls_x509_crq_set_key_purpose_oid(crq,
GNUTLS_KP_TLS_WWW_SERVER,
0);
if (ret != 0)
fail("gnutls_x509_crq_set_key_purpose_oid %d\n", ret);
s = 0;
ret = gnutls_x509_crq_get_key_purpose_oid(crq, 0, NULL, &s, NULL);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
fail("gnutls_x509_crq_get_key_purpose_oid %d\n", ret);
s = 0;
ret =
gnutls_x509_crq_set_key_purpose_oid(crq,
GNUTLS_KP_TLS_WWW_CLIENT,
1);
if (ret != 0)
fail("gnutls_x509_crq_set_key_purpose_oid2 %d\n", ret);
#define EXT_ID1 "1.2.3.4.5"
#define EXT_ID2 "1.5.3.555555991.5"
#define EXT_DATA1 "\xCA\xFE\xFF"
#define EXT_DATA2 "\xCA\xFE\xFF\xFA\xFE"
/* test writing arbitrary extensions */
ret = gnutls_x509_crq_set_extension_by_oid(crq, EXT_ID1, EXT_DATA1, sizeof(EXT_DATA1)-1, 0);
if (ret != 0)
fail("gnutls_x509_crq_set_extension_by_oid %s\n", gnutls_strerror(ret));
ret = gnutls_x509_crq_set_extension_by_oid(crq, EXT_ID2, EXT_DATA2, sizeof(EXT_DATA2)-1, 1);
if (ret != 0)
fail("gnutls_x509_crq_set_extension_by_oid %s\n", gnutls_strerror(ret));
ret = gnutls_x509_crq_print(crq, GNUTLS_CRT_PRINT_FULL, &out);
if (ret != 0)
fail("gnutls_x509_crq_print\n");
if (debug)
printf("crq: %.*s\n", out.size, out.data);
gnutls_free(out.data);
ret = gnutls_x509_crq_sign2(crq, pkey, GNUTLS_DIG_SHA256, 0);
if (ret < 0)
fail("gnutls_x509_crq_sign2: %s\n", gnutls_strerror(ret));
gnutls_x509_privkey_deinit(pkey);
/* test reading the arb. extensions */
crit = -1;
ret = gnutls_x509_crq_get_extension_by_oid2(crq, EXT_ID1, 0, &out, &crit);
if (ret < 0)
fail("gnutls_x509_crq_get_extension_by_oid2: %s\n", gnutls_strerror(ret));
if (out.size != sizeof(EXT_DATA1)-1 || memcmp(out.data, EXT_DATA1, out.size) != 0) {
fail("ext1 doesn't match\n");
}
if (crit != 0) {
fail("ext1 crit flag doesn't match\n");
}
gnutls_free(out.data);
crit = -1;
ret = gnutls_x509_crq_get_extension_by_oid2(crq, EXT_ID2, 0, &out, &crit);
if (ret < 0)
fail("gnutls_x509_crq_get_extension_by_oid2: %s\n", gnutls_strerror(ret));
if (out.size != sizeof(EXT_DATA2)-1 || memcmp(out.data, EXT_DATA2, out.size) != 0) {
fail("ext2 doesn't match\n");
}
if (crit != 1) {
fail("ext2 crit flag doesn't match\n");
}
gnutls_free(out.data);
return crq;
}
int
main (void)
{
gnutls_x509_crq_t crq;
gnutls_x509_privkey_t key;
unsigned char buffer[10 * 1024];
size_t buffer_size = sizeof (buffer);
unsigned int bits;
gnutls_global_init ();
/* Initialize an empty certificate request, and
* an empty private key.
*/
gnutls_x509_crq_init (&crq);
gnutls_x509_privkey_init (&key);
/* Generate an RSA key of moderate security.
*/
bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_NORMAL);
gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, bits, 0);
/* Add stuff to the distinguished name
*/
gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COUNTRY_NAME,
0, "GR", 2);
gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME,
0, "Nikos", strlen ("Nikos"));
/* Set the request version.
*/
gnutls_x509_crq_set_version (crq, 1);
/* Set a challenge password.
*/
gnutls_x509_crq_set_challenge_password (crq, "something to remember here");
/* Associate the request with the private key
*/
gnutls_x509_crq_set_key (crq, key);
/* Self sign the certificate request.
*/
gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0);
/* Export the PEM encoded certificate request, and
* display it.
*/
gnutls_x509_crq_export (crq, GNUTLS_X509_FMT_PEM, buffer, &buffer_size);
printf ("Certificate Request: \n%s", buffer);
/* Export the PEM encoded private key, and
* display it.
*/
buffer_size = sizeof (buffer);
gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &buffer_size);
printf ("\n\nPrivate key: \n%s", buffer);
gnutls_x509_crq_deinit (crq);
gnutls_x509_privkey_deinit (key);
return 0;
}
