From: Marcel Poul Date: Sun, 3 Feb 2013 14:34:57 +0000 (+0000) Subject: ssl_set_flags added (OCSP on/off) X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=d7f3da2a14088895cc059eb4c781be6f37c34df6;p=jra1mw.git ssl_set_flags added (OCSP on/off) --- diff --git a/emi.canl.canl-c/doc/src/canl-cs-auth-connection.tex b/emi.canl.canl-c/doc/src/canl-cs-auth-connection.tex index 423e6ef..1fa22cb 100644 --- a/emi.canl.canl-c/doc/src/canl-cs-auth-connection.tex +++ b/emi.canl.canl-c/doc/src/canl-cs-auth-connection.tex @@ -36,7 +36,7 @@ use \textit{openssl API} calls or variable types directly This function returns an initialized \textit{authentication context} object - \item \verb'void CANL_CALLCONV canl_free_ctx(canl_ctx cc)' + \item \verb'void canl_free_ctx(canl_ctx cc)' This function will free the \textit{authentication context}, releasing all associated information. The context must not be used after this call. @@ -75,14 +75,15 @@ const char *host, const char *service, int port, gss_OID_set auth_mechs, \item param cc -- the \textit{authentication context} \item param io -- the \textit{i/o context} \item param host -- the server to which to connect - \item param service -- \TODO DK + \item param service -- the service on the server - usually NULL \item param port -- the port on which the server is listening \item param auth\_mechs -- authentication mechanism to use - \item flags -- TODO + \item flags -- for future usage \item param timeout -- the timeout after which to drop the connect attempt \item return -- \textit{canl error code} \end{itemize} - \item \begin{verbatim}canl_io_accept(canl_ctx cc, canl_io_handler io,int fd, + \item \begin{verbatim}canl_err_code canl_io_accept(canl_ctx cc, + canl_io_handler io,int fd, struct sockaddr s_addr, int flags,canl_principal *peer, struct timeval *timeout)\end{verbatim} This function will @@ -91,8 +92,9 @@ const char *host, const char *service, int port, gss_OID_set auth_mechs, \begin{itemize} \item param cc -- the \textit{authentication context} \item param io -- the \textit{i/o context} - \item param fd -- \TODO this param? + \item param fd -- file descriptor to use \item param port -- the port on which the server is listening + \item return -- \textit{canl error code} \end{itemize} \end{itemize} @@ -139,6 +141,16 @@ char *proxy, canl_password_callback clb, void *pass)\end{verbatim} \item return -- \textit{canl error code} \end{itemize} + \item \begin{verbatim}canl_err_code canl_ctx_set_ssl_flags(canl_ctx cc, unsigned int flags) \end{verbatim} + Set SSL specific flags. This function can turn OCSP check ON. + (OFF by default) + \begin{itemize} + \item param cc -- the \textit{authentication context} + \item param flags -- one of the canl\_ctx\_ssl\_flags in canl\_ssl.h (e.g. + CANL\_SSL\_OCSP\_VERIFY\_ALL) + \item return -- \textit{canl error code} + \end{itemize} + \end{itemize} \subsection{Secure Client-Server Connection Example} We give an example of a caNl client that use \textit{Main API} diff --git a/emi.canl.canl-c/doc/src/canl-introduction.tex b/emi.canl.canl-c/doc/src/canl-introduction.tex index 95d4b4f..bdd6aee 100644 --- a/emi.canl.canl-c/doc/src/canl-introduction.tex +++ b/emi.canl.canl-c/doc/src/canl-introduction.tex @@ -78,7 +78,6 @@ The return type of most of the API functions is {\tt canl\_err\_code} which in most cases can be interpreted as int. Unless specified otherwise, zero return value means success, non-zero failure. Standard error codes from {\tt errno.h} are used as much as possible. -TODO openssl mapping Few API functions return {\tt char *}. In such a~case {\tt NULL} indicates an error, non-null value means success. diff --git a/emi.canl.canl-c/doc/src/canl-proxy-cert.tex b/emi.canl.canl-c/doc/src/canl-proxy-cert.tex index daf45c1..44a2c77 100644 --- a/emi.canl.canl-c/doc/src/canl-proxy-cert.tex +++ b/emi.canl.canl-c/doc/src/canl-proxy-cert.tex @@ -120,7 +120,7 @@ const enum canl_cert_type type)\end{verbatim} which is going to be created. \begin{itemize} \item param cred -- the credentials context - \item param type -- a \CANL enum type ...\TODO type + \item param type -- a canl\_cert\_type in canl\_cred.h \end{itemize} \item \begin{verbatim} canl_err_code canl_cred_sign_proxy(canl_ctx, canl_cred signer, @@ -192,7 +192,7 @@ We give an example of a proxy certificate creation. We do not define variables in this example, unless their type is \CANL defined. We do not check return values in most cases as well. -For complete sample see \TODO source +For complete sample see example sources. Include necessary header files: \begin{lstlisting}