static gnutls_x509_crq generate_certificate_request(requiem_client_profile_t *cp, requiem_connection_permission_t permission, gnutls_x509_privkey key, unsigned char *buf, size_t *size) { int ret; gnutls_x509_crq crq; ret = gnutls_x509_crq_init(&crq); if ( ret < 0 ) { fprintf(stderr, "error creating certificate request: %s.\n", gnutls_strerror(ret)); return NULL; } ret = gnutls_x509_crq_set_key(crq, key); if ( ret < 0 ) { fprintf(stderr, "error setting certificate request key: %s.\n", gnutls_strerror(ret)); gnutls_x509_crq_deinit(crq); return NULL; } if ( permission ) { ret = snprintf((char *) buf, *size, "%d", (int) permission); ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, 0, buf, ret); if ( ret < 0 ) { fprintf(stderr, "error setting common name: %s.\n", gnutls_strerror(ret)); return NULL; } } gnutls_x509_crq_set_version(crq, 3); ret = snprintf((char*) buf, *size, "%" REQUIEM_PRIu64, requiem_client_profile_get_analyzerid(cp)); ret = gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_DN_QUALIFIER, 0, buf, ret); if ( ret < 0 ) { fprintf(stderr, "error setting common name: %s.\n", gnutls_strerror(ret)); return NULL; } ret = gnutls_x509_crq_sign(crq, key); if ( ret < 0 ) { fprintf(stderr, "error signing certificate request: %s.\n", gnutls_strerror(ret)); gnutls_x509_crq_deinit(crq); return NULL; } ret = gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buf, size); if ( ret < 0 ) { fprintf(stderr, "error exporting certificate request: %s.\n", gnutls_strerror(ret)); gnutls_x509_crq_deinit(crq); return NULL; } return crq; }
int main (void) { gnutls_x509_crq_t crq; gnutls_x509_privkey_t key; unsigned char buffer[10 * 1024]; size_t buffer_size = sizeof (buffer); unsigned int bits; gnutls_global_init (); /* Initialize an empty certificate request, and * an empty private key. */ gnutls_x509_crq_init (&crq); gnutls_x509_privkey_init (&key); /* Generate an RSA key of moderate security. */ bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_NORMAL); gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, bits, 0); /* Add stuff to the distinguished name */ gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COUNTRY_NAME, 0, "GR", 2); gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME, 0, "Nikos", strlen ("Nikos")); /* Set the request version. */ gnutls_x509_crq_set_version (crq, 1); /* Set a challenge password. */ gnutls_x509_crq_set_challenge_password (crq, "something to remember here"); /* Associate the request with the private key */ gnutls_x509_crq_set_key (crq, key); /* Self sign the certificate request. */ gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0); /* Export the PEM encoded certificate request, and * display it. */ gnutls_x509_crq_export (crq, GNUTLS_X509_FMT_PEM, buffer, &buffer_size); printf ("Certificate Request: \n%s", buffer); /* Export the PEM encoded private key, and * display it. */ buffer_size = sizeof (buffer); gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &buffer_size); printf ("\n\nPrivate key: \n%s", buffer); gnutls_x509_crq_deinit (crq); gnutls_x509_privkey_deinit (key); return 0; }