This function will create an \textit{i/o handler} from the authentication
context. This handler shall be passed to all I/O-related functions.
\begin{itemize}
- \item param cc - the \textit{autehentication context}
+ \item param cc - the \textit{authentication context}
\item param io - return an initialized \textit{i/o context},
or NULL if it did not succeed.
\item return - \CANL error code
be reused by another connection. It is safe to call this
function on an io object which was connected.
\begin{itemize}
- \item param cc - The \textit{autehentication context}
+ \item param cc - The \textit{authentication context}
\item param io - The \textit{i/o context}
\item return - \textit{canl error code}
\end{itemize}
This function will try to connect to a server object,
doing authentication (if not forbidden)
\begin{itemize}
- \item param cc - The \textit{autehentication context}
+ \item param cc - The \textit{authentication context}
\item param io - The \textit{i/o context}
\item param host - The server to which to connect
\item param service - TODO DK
setup a server to accept connections from clients, doing
authentication (if not forbidden)
\begin{itemize}
- \item param cc - The \textit{autehentication context}
+ \item param cc - The \textit{authentication context}
\item param io - The \textit{i/o context}
\item param fd - \TODO
\item param port - The port on which the server is listening
\textit{context}. These credentials will become the default ones
for all API calls depending on this \textit{context}.
\begin{itemize}
- \item param cc - The \textit{autehentication context}
+ \item param cc - The \textit{authentication context}
\item param cert - The certificate to be set
\item param key - Its private key
\item param proxy - The proxy certificate to be set
\item param clb - A callback function which should return
the password to the private key, if needed.
\item param pass - User specified data that will be passed
- as is to the callvack function. Note that the content of this
+ as is to the callback function. Note that the content of this
pointer will not be copied internally, and will be passed
directly to the callback. This means that altering the
data pointed by it will have
- a direct effect on the behaviour of the function. User specified
- data that will be passed as is to the callvack function. Note that
+ a direct effect on the behavior of the function. User specified
+ data that will be passed as is to the callback function. Note that
the content of this pointer will not be copied internally, and
will be passed
directly to the callback. This means that altering the data
- pointed by it will have a direct effect on the behaviour of the function.
+ pointed by it will have a direct effect on the behavior of the function.
\item return - \textit{canl error code}
\end{itemize}
\item \verb'canl_err_code'
Set certficate authority directory (openssl ca directory structure)
\begin{itemize}
- \item param cc - The \textit{autehentication context}
+ \item param cc - The \textit{authentication context}
\item ca\_dir - The path that will be set. It will not be
checked whether this path actually contains the CAs or not.
\item return - \textit{canl error code}
\item \verb'canl_err_code'
\verb'canl_ctx_set_crl_dir(canl_ctx cc, const char *crl_dir)'
\begin{itemize}
- \item param cc - The \textit{autehentication context}
+ \item param cc - The \textit{authentication context}
\item crl\_dir - The path that will be set. It will not be
checked whether this path actually contains the CRLs or not.
\item return - \textit{canl error code}
\end{itemize}
\subsection{Secure Client-Server Connection Example}
-We give an xample of a caNl client that use \textit{Main API}
+We give an example of a caNl client that use \textit{Main API}
with openssl. We do not define variables in this example, unless
their type is \CANL defined. For complete sample see
{\tt canl\_samples\_server.c} in
connection with one or both sides authenticated, send or receive data.
As will be described in~\ref{s:cs-auth-conn}, most of the \textit{Main API}
is not directly dependent on cryptography toolkit (SSL implementation) It is
-also internaly plugin-based and therefore other secutity mechanisms support can
+also internally plugin-based and therefore other security mechanisms support can
be added in future.
\item \textit{\CANL Certificate API} allows certificate and proxy management \eg
proxy creation, signing, etc. We may think of \textit{Certificate API} as the
(even though pointers are used as a help)
are dynamically allocated, so proper functions to free the allocated
memory has to be called. e.g. \verb'canl_free_ctx()'
-deallocates members of the stucture.
+deallocates members of the structure.
\marginpar{Opaque types}%
Almost all types used in caNl are \textit{Opaque types}- i.e. their structure is
functions declarations. \\
canl\_ssl.h & Declaration of functions that use X509 certificates
based authentication mechanism (pretty much dependent on
-openssl library funcions).\\
+openssl library functions).\\
canl\_cred.h & Definition of context objects of the
\textit{Certificate API} and functions declarations.\\
\end{tabularx}
There is one opaque data structure representing \CANL
\textit{Certificate API} context: {\tt canl\_cred}.
It must only be initialized before function calls
-that use this context as a parametr.
+that use this context as a parameter.
\begin{lstlisting}
#include <canl.h>
#include <canl_cred.h>
canl_err_code canl_cred_new(canl_ctx, canl_cred *cred)\end{verbatim}
This function creates new structure (context) to hold credentials.
\begin{itemize}
- \item param cred - new object will be retured to this pointer after
+ \item param cred - new object will be returned to this pointer after
success.
\end{itemize}
\item \begin{verbatim}
\end{itemize}
\item \verb'canl_cred_load_chain(canl_ctx, canl_cred cred,'
\verb' STACK_OF(X509) *chain)'
- This funcion loads certificate chain out of an openssl structure. The
- chain usualy
+ This function loads certificate chain out of an openssl structure. The
+ chain usually
consist of a proxy certificate and certificates forming
chain of trust
\begin{itemize}
\item param cred - credentials context to set chain to
- \item param chain - openssl structre to load certificate chain from.
+ \item param chain - openssl structure to load certificate chain from.
\end{itemize}
\item \verb'canl_cred_load_chain_file(canl_ctx, canl_cred cred,'
\verb' const char * file)'
- This funcion loads certificate chain out of a file. The chain usualy
- consist of a proxy certificate and certificates forming
+ This function loads certificate chain out of a file. The chain usually
+ consists of a proxy certificate and certificates forming
chain of trust
\begin{itemize}
\item param cred - credentials which save certificate chain to
\end{itemize}
\item \begin{verbatim}
canl_err_code canl_cred_load_cert(canl_ctx, canl_cred cred, X509 *cert)\end{verbatim}
- This funcion loads user certificate out of an openssl structure.
+ This function loads user certificate out of an openssl structure.
\begin{itemize}
\item param cred - credentials context to set certificate to
\item param cert - openssl structure to load certificate from.
\item \begin{verbatim}
canl_err_code canl_cred_load_cert_file(canl_ctx, canl_cred cred,
const char *file)\end{verbatim}
- This funcion loads user certificate out of a file.
+ This function loads user certificate out of a file.
\begin{itemize}
\item param cred - credentials which save certificate to
\item param file - file to load certificate from.
\item param signer - credentials context which holds signer's certificate
and key.
\item param proxy - credentials context with a certificate
- signing request, public key and user certifice; optionally lifetime,
+ signing request, public key and user certificate; optionally lifetime,
certificate type and extensions.
\end{itemize}
\item \begin{verbatim}
cases as well.
For complete sample see \TODO source
-Include nesessary header files:
+Include necessary header files:
\begin{lstlisting}
#include <canl.h>
#include <canl_cred.h>
ret = canl_cred_new_req(ctx, proxy, bits);
\end{lstlisting}
-(Optional) Set cert. creation parametrs
+(Optional) Set cert. creation parameters
\begin{lstlisting}
ret = canl_cred_set_lifetime(ctx, proxy, lifetime);
ret = canl_cred_set_cert_type(ctx, proxy, CANL_RFC);
git://scientific.zcu.cz / jra1mw.git / commitdiff