1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
3 <!-- This manual is last updated 10 May 2012 for version
6 Copyright (C) 2001-2012 Free Software Foundation, Inc.
8 Permission is granted to copy, distribute and/or modify this document
9 under the terms of the GNU Free Documentation License, Version 1.3 or
10 any later version published by the Free Software Foundation; with no
11 Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
12 copy of the license is included in the section entitled "GNU Free
13 Documentation License". -->
14 <!-- Created by GNU Texinfo 4.13.90, http://www.gnu.org/software/texinfo/ -->
16 <title>GnuTLS-Guile 3.0.21</title>
18 <meta name="description" content="GnuTLS-Guile 3.0.21">
19 <meta name="keywords" content="GnuTLS-Guile 3.0.21">
20 <meta name="resource-type" content="document">
21 <meta name="distribution" content="global">
22 <meta name="Generator" content="makeinfo">
23 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
24 <link href="#Top" rel="start" title="Top">
25 <link href="#SEC_Contents" rel="contents" title="Table of Contents">
26 <link href="dir.html#Top" rel="up" title="(dir)">
27 <style type="text/css">
29 a.summary-letter {text-decoration: none}
30 blockquote.smallquotation {font-size: smaller}
31 div.display {margin-left: 3.2em}
32 div.example {margin-left: 3.2em}
33 div.lisp {margin-left: 3.2em}
34 div.smalldisplay {margin-left: 3.2em}
35 div.smallexample {margin-left: 3.2em}
36 div.smalllisp {margin-left: 3.2em}
37 pre.display {font-family: serif}
38 pre.format {font-family: serif}
39 pre.menu-comment {font-family: serif}
40 pre.menu-preformatted {font-family: serif}
41 pre.smalldisplay {font-family: serif; font-size: smaller}
42 pre.smallexample {font-size: smaller}
43 pre.smallformat {font-family: serif; font-size: smaller}
44 pre.smalllisp {font-size: smaller}
45 span.nocodebreak {white-space:pre}
46 span.nolinebreak {white-space:pre}
47 span.roman {font-family:serif; font-weight:normal}
48 span.sansserif {font-family:sans-serif; font-weight:normal}
49 ul.no-bullet {list-style: none}
57 padding: 5px 5px 5px 5px;
58 background-color: #c2e0ff;
62 padding: 2em 2em 2em 5%;
68 h2 { text-decoration: underline; }
73 pre.example,pre.verbatim {
76 border: solid #c2e0ff;
78 border-width: 1px 1px 1px 5px;
92 padding-bottom: 0.1em;
110 background-color: #c2e0ff;
111 border: solid #000000;
121 border: solid #000000;
122 background-color: #f0faff;
138 border: solid #c2e0ff;
140 border-width: 5px 1px 1px 1px;
150 <body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
151 <h1 class="settitle" align="center">GnuTLS-Guile 3.0.21</h1>
159 <a name="SEC_Contents"></a>
160 <h2 class="contents-heading">Table of Contents</h2>
162 <div class="contents">
164 <ul class="no-bullet">
165 <li><a name="toc-Preface-1" href="#Preface">1 Preface</a></li>
166 <li><a name="toc-Guile-Preparations-1" href="#Guile-Preparations">2 Guile Preparations</a></li>
167 <li><a name="toc-Guile-API-Conventions-1" href="#Guile-API-Conventions">3 Guile API Conventions</a>
168 <ul class="no-bullet">
169 <li><a name="toc-Enumerates-and-Constants-1" href="#Enumerates-and-Constants">3.1 Enumerates and Constants</a></li>
170 <li><a name="toc-Procedure-Names-1" href="#Procedure-Names">3.2 Procedure Names</a></li>
171 <li><a name="toc-Representation-of-Binary-Data-1" href="#Representation-of-Binary-Data">3.3 Representation of Binary Data</a></li>
172 <li><a name="toc-Input-and-Output-1" href="#Input-and-Output">3.4 Input and Output</a></li>
173 <li><a name="toc-Exception-Handling-1" href="#Exception-Handling">3.5 Exception Handling</a></li>
175 <li><a name="toc-Guile-Examples-1" href="#Guile-Examples">4 Guile Examples</a>
176 <ul class="no-bullet">
177 <li><a name="toc-Anonymous-Authentication-Guile-Example-1" href="#Anonymous-Authentication-Guile-Example">4.1 Anonymous Authentication Guile Example</a></li>
178 <li><a name="toc-OpenPGP-Authentication-Guile-Example-1" href="#OpenPGP-Authentication-Guile-Example">4.2 OpenPGP Authentication Guile Example</a></li>
179 <li><a name="toc-Importing-OpenPGP-Keys-Guile-Example-1" href="#Importing-OpenPGP-Keys-Guile-Example">4.3 Importing OpenPGP Keys Guile Example</a></li>
181 <li><a name="toc-Guile-Reference-1" href="#Guile-Reference">5 Guile Reference</a></li>
182 <li><a name="toc-Copying-Information-1" href="#Copying-Information">Appendix A Copying Information</a></li>
190 Next: <a href="#Preface" accesskey="n" rel="next">Preface</a>, Up: <a href="dir.html#Top" accesskey="u" rel="up">(dir)</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
192 <a name="GnuTLS_002dGuile"></a>
193 <h1 class="top">GnuTLS-Guile</h1>
195 <p>This manual is last updated 10 May 2012 for version
198 <p>Copyright © 2001-2012 Free Software Foundation, Inc.
201 <p>Permission is granted to copy, distribute and/or modify this document
202 under the terms of the GNU Free Documentation License, Version 1.3 or
203 any later version published by the Free Software Foundation; with no
204 Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
205 copy of the license is included in the section entitled “GNU Free
206 Documentation License”.
210 <table class="menu" border="0" cellspacing="0">
211 <tr><td align="left" valign="top">• <a href="#Preface" accesskey="1">Preface</a>:</td><td> </td><td align="left" valign="top">Preface.
213 <tr><td align="left" valign="top">• <a href="#Guile-Preparations" accesskey="2">Guile Preparations</a>:</td><td> </td><td align="left" valign="top">Note on installation and environment.
215 <tr><td align="left" valign="top">• <a href="#Guile-API-Conventions" accesskey="3">Guile API Conventions</a>:</td><td> </td><td align="left" valign="top">Naming conventions and other idiosyncrasies.
217 <tr><td align="left" valign="top">• <a href="#Guile-Examples" accesskey="4">Guile Examples</a>:</td><td> </td><td align="left" valign="top">Quick start.
219 <tr><td align="left" valign="top">• <a href="#Guile-Reference" accesskey="5">Guile Reference</a>:</td><td> </td><td align="left" valign="top">The Scheme GnuTLS programming interface.
221 <tr><td align="left" valign="top">• <a href="#Copying-Information" accesskey="6">Copying Information</a>:</td><td> </td><td align="left" valign="top">Copying information.
226 <a name="Preface"></a>
229 Next: <a href="#Guile-Preparations" accesskey="n" rel="next">Guile Preparations</a>, Previous: <a href="#Top" accesskey="p" rel="previous">Top</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
231 <a name="Preface-1"></a>
232 <h2 class="chapter">1 Preface</h2>
234 <p>This manual describes the <a href="http://www.gnu.org/software/guile/">GNU Guile</a> Scheme programming interface to GnuTLS. The reader is
235 assumed to have basic knowledge of the protocol and library. Details
236 missing from this chapter may be found in Function reference,
237 of the C API reference.
239 <p>At this stage, not all the C functions are available from Scheme, but
240 a large subset thereof is available.
243 <a name="Guile-Preparations"></a>
246 Next: <a href="#Guile-API-Conventions" accesskey="n" rel="next">Guile API Conventions</a>, Previous: <a href="#Preface" accesskey="p" rel="previous">Preface</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
248 <a name="Guile-Preparations-1"></a>
249 <h2 class="chapter">2 Guile Preparations</h2>
251 <p>The GnuTLS Guile bindings are available for both the 1.8 and 2.0 stable
254 <p>By default they are installed under the GnuTLS installation directory,
255 typically ‘<tt>/usr/local/share/guile/site/</tt>’). Normally Guile
256 will not find the module there without help. You may experience
259 <div class="example">
260 <pre class="example">$ guile
261 guile> (use-modules (gnutls))
262 <unnamed port>: no code for module (gnutls)
266 <p>There are two ways to solve this. The first is to make sure that when
267 building GnuTLS, the Guile bindings will be installed in the same
268 place where Guile looks. You may do this by using the
269 <code>--with-guile-site-dir</code> parameter as follows:
271 <div class="example">
272 <pre class="example">$ ./configure --with-guile-site-dir=no
275 <p>This will instruct GnuTLS to attempt to install the Guile bindings
276 where Guile will look for them. It will use <code>guile-config info
277 pkgdatadir</code> to learn the path to use.
279 <p>If Guile was installed into <code>/usr</code>, you may also install GnuTLS
280 using the same prefix:
282 <div class="example">
283 <pre class="example">$ ./configure --prefix=/usr
286 <p>If you want to specify the path to install the Guile bindings you can
287 also specify the path directly:
289 <div class="example">
290 <pre class="example">$ ./configure --with-guile-site-dir=/opt/guile/share/guile/site
293 <p>The second solution requires some more work but may be easier to use
294 if you do not have system administrator rights to your machine. You
295 need to instruct Guile so that it finds the GnuTLS Guile bindings.
296 Either use the <code>GUILE_LOAD_PATH</code> environment variable as follows:
298 <div class="example">
299 <pre class="example">$ GUILE_LOAD_PATH="/usr/local/share/guile/site:$GUILE_LOAD_PATH" guile
300 guile> (use-modules (gnutls))
304 <p>Alternatively, you can modify Guile’s <code>%load-path</code> variable
305 (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Build-Config">Guile’s run-time options</a> in <cite>The GNU Guile
306 Reference Manual</cite>).
308 <p>At this point, you might get an error regarding
309 ‘<tt>libguile-gnutls-v-0</tt>’ similar to:
311 <div class="example">
312 <pre class="example">gnutls.scm:361:1: In procedure dynamic-link in expression (load-extension "libguile-gnutls-v-0" "scm_init_gnutls"):
313 gnutls.scm:361:1: file: "libguile-gnutls-v-0", message: "libguile-gnutls-v-0.so: cannot open shared object file: No such file or directory"
316 <p>In this case, you will need to modify the run-time linker path, for
319 <div class="example">
320 <pre class="example">$ LD_LIBRARY_PATH=/usr/local/lib GUILE_LOAD_PATH=/usr/local/share/guile/site guile
321 guile> (use-modules (gnutls))
325 <p>To check that you got the intended GnuTLS library version, you may
326 print the version number of the loaded library as follows:
328 <div class="example">
329 <pre class="example">$ guile
330 guile> (use-modules (gnutls))
331 guile> (gnutls-version)
338 <a name="Guile-API-Conventions"></a>
341 Next: <a href="#Guile-Examples" accesskey="n" rel="next">Guile Examples</a>, Previous: <a href="#Guile-Preparations" accesskey="p" rel="previous">Guile Preparations</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
343 <a name="Guile-API-Conventions-1"></a>
344 <h2 class="chapter">3 Guile API Conventions</h2>
346 <p>This chapter details the conventions used by Guile API, as well as
347 specificities of the mapping of the C API to Scheme.
349 <table class="menu" border="0" cellspacing="0">
350 <tr><td align="left" valign="top">• <a href="#Enumerates-and-Constants" accesskey="1">Enumerates and Constants</a>:</td><td> </td><td align="left" valign="top">Representation of C-side constants.
352 <tr><td align="left" valign="top">• <a href="#Procedure-Names" accesskey="2">Procedure Names</a>:</td><td> </td><td align="left" valign="top">Naming conventions.
354 <tr><td align="left" valign="top">• <a href="#Representation-of-Binary-Data" accesskey="3">Representation of Binary Data</a>:</td><td> </td><td align="left" valign="top">Binary data buffers.
356 <tr><td align="left" valign="top">• <a href="#Input-and-Output" accesskey="4">Input and Output</a>:</td><td> </td><td align="left" valign="top">Input and output.
358 <tr><td align="left" valign="top">• <a href="#Exception-Handling" accesskey="5">Exception Handling</a>:</td><td> </td><td align="left" valign="top">Exceptions.
363 <a name="Enumerates-and-Constants"></a>
366 Next: <a href="#Procedure-Names" accesskey="n" rel="next">Procedure Names</a>, Up: <a href="#Guile-API-Conventions" accesskey="u" rel="up">Guile API Conventions</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
368 <a name="Enumerates-and-Constants-1"></a>
369 <h3 class="section">3.1 Enumerates and Constants</h3>
371 <a name="index-enumerate"></a>
372 <a name="index-constant"></a>
374 <p>Lots of enumerates and constants are used in the GnuTLS C API. For
375 each C enumerate type, a disjoint Scheme type is used—thus,
376 enumerate values and constants are not represented by Scheme symbols
377 nor by integers. This makes it impossible to use an enumerate value
378 of the wrong type on the Scheme side: such errors are automatically
379 detected by type-checking.
381 <p>The enumerate values are bound to variables exported by the
382 <code>(gnutls)</code> module. These variables
383 are named according to the following convention:
386 <li> All variable names are lower-case; the underscore <code>_</code>
387 character used in the C API is replaced by hyphen <code>-</code>.
388 </li><li> All variable names are prepended by the name of the enumerate
389 type and the slash <code>/</code> character.
390 </li><li> In some cases, the variable name is made more explicit than the
391 one of the C API, e.g., by avoid abbreviations.
394 <p>Consider for instance this C-side enumerate:
396 <div class="example">
397 <pre class="example">typedef enum
399 GNUTLS_CRD_CERTIFICATE = 1,
403 } gnutls_credentials_type_t;
406 <p>The corresponding Scheme values are bound to the following variables
407 exported by the <code>(gnutls)</code> module:
409 <div class="example">
410 <pre class="example">credentials/certificate
411 credentials/anonymous
416 <p>Hopefully, most variable names can be deduced from this convention.
418 <p>Scheme-side “enumerate” values can be compared using <code>eq?</code>
419 (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Equality">equality predicates</a> in <cite>The GNU Guile Reference
420 Manual</cite>). Consider the following example:
422 <a name="index-session_002dcipher"></a>
424 <div class="example">
425 <pre class="example">(let ((session (make-session connection-end/client)))
431 ;; Check the ciphering algorithm currently used by SESSION.
432 (if (eq? cipher/arcfour (session-cipher session))
433 (format #t "We're using the ARCFOUR algorithm")))
436 <p>In addition, all enumerate values can be converted to a human-readable
437 string, in a type-specific way. For instance, <code>(cipher->string
438 cipher/arcfour)</code> yields <code>"ARCFOUR 128"</code>, while
439 <code>(key-usage->string key-usage/digital-signature)</code> yields
440 <code>"digital-signature"</code>. Note that these strings may not be
441 sufficient for use in a user interface since they are fairly concise
442 and not internationalized.
446 <a name="Procedure-Names"></a>
449 Next: <a href="#Representation-of-Binary-Data" accesskey="n" rel="next">Representation of Binary Data</a>, Previous: <a href="#Enumerates-and-Constants" accesskey="p" rel="previous">Enumerates and Constants</a>, Up: <a href="#Guile-API-Conventions" accesskey="u" rel="up">Guile API Conventions</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
451 <a name="Procedure-Names-1"></a>
452 <h3 class="section">3.2 Procedure Names</h3>
454 <p>Unlike C functions in GnuTLS, the corresponding Scheme procedures are
455 named in a way that is close to natural English. Abbreviations are
456 also avoided. For instance, the Scheme procedure corresponding to
457 <code>gnutls_certificate_set_dh_params</code> is named
458 <code>set-certificate-credentials-dh-parameters!</code>. The <code>gnutls_</code>
459 prefix is always omitted from variable names since a similar effect
460 can be achieved using Guile’s nifty binding renaming facilities,
461 should it be needed (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Using-Guile-Modules">Using Guile Modules</a> in <cite>The GNU
462 Guile Reference Manual</cite>).
464 <p>Often Scheme procedure names differ from C function names in a way
465 that makes it clearer what objects they operate on. For example, the
466 Scheme procedure named <code>set-session-transport-port!</code> corresponds
467 to <code>gnutls_transport_set_ptr</code>, making it clear that this
468 procedure applies to session.
471 <a name="Representation-of-Binary-Data"></a>
474 Next: <a href="#Input-and-Output" accesskey="n" rel="next">Input and Output</a>, Previous: <a href="#Procedure-Names" accesskey="p" rel="previous">Procedure Names</a>, Up: <a href="#Guile-API-Conventions" accesskey="u" rel="up">Guile API Conventions</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
476 <a name="Representation-of-Binary-Data-1"></a>
477 <h3 class="section">3.3 Representation of Binary Data</h3>
479 <p>Many procedures operate on binary data. For instance,
480 <code>pkcs3-import-dh-parameters</code> expects binary data as input and,
481 similarly, procedures like <code>pkcs1-export-rsa-parameters</code> return
484 <a name="index-SRFI_002d4"></a>
485 <a name="index-homogeneous-vector"></a>
487 <p>Binary data is represented on the Scheme side using SRFI-4 homogeneous
488 vectors (see <a href="http://www.gnu.org/software/guile/manual/guile.html#SRFI_002d4">SRFI-4</a> in <cite>The GNU Guile Reference Manual</cite>).
489 Although any type of homogeneous vector may be used, <code>u8vector</code>s
490 (i.e., vectors of bytes) are highly recommended.
492 <p>As an example, generating and then exporting RSA parameters in the PEM
493 format can be done as follows:
495 <a name="index-make_002drsa_002dparameters"></a>
496 <a name="index-pkcs1_002dexport_002drsa_002dparameters"></a>
497 <a name="index-x509_002dcertificate_002dformat_002fpem"></a>
499 <div class="example">
500 <pre class="example">(let* ((rsa-params (make-rsa-parameters 1024))
502 (pkcs1-export-rsa-parameters rsa-params
503 x509-certificate-format/pem)))
504 (uniform-vector-write raw-data (open-output-file "some-file.pem")))
507 <p>For an example of OpenPGP key import from a file, see <a href="#Importing-OpenPGP-Keys-Guile-Example">Importing
508 OpenPGP Keys Guile Example</a>.
512 <a name="Input-and-Output"></a>
515 Next: <a href="#Exception-Handling" accesskey="n" rel="next">Exception Handling</a>, Previous: <a href="#Representation-of-Binary-Data" accesskey="p" rel="previous">Representation of Binary Data</a>, Up: <a href="#Guile-API-Conventions" accesskey="u" rel="up">Guile API Conventions</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
517 <a name="Input-and-Output-1"></a>
518 <h3 class="section">3.4 Input and Output</h3>
520 <a name="index-set_002dsession_002dtransport_002dport_0021"></a>
521 <a name="index-set_002dsession_002dtransport_002dfd_0021"></a>
523 <p>The underlying transport of a TLS session can be any Scheme
524 input/output port (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Ports-and-File-Descriptors">Ports and File Descriptors</a> in <cite>The GNU
525 Guile Reference Manual</cite>). This has to be specified using
526 <code>set-session-transport-port!</code>.
528 <p>However, for better performance, a raw file descriptor can be
529 specified, using <code>set-session-transport-fd!</code>. For instance, if
530 the transport layer is a socket port over an OS-provided socket, you
531 can use the <code>port->fdes</code> or <code>fileno</code> procedure to obtain the
532 underlying file descriptor and pass it to
533 <code>set-session-transport-fd!</code> (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Ports-and-File-Descriptors"><code>port->fdes</code> and <code>fileno</code></a> in <cite>The GNU Guile Reference
534 Manual</cite>). This would work as follows:
536 <div class="example">
537 <pre class="example">(let ((socket (socket PF_INET SOCK_STREAM 0))
538 (session (make-session connection-end/client)))
541 ;; Establish a TCP connection...
544 ;; Use the file descriptor that underlies SOCKET.
545 (set-session-transport-fd! session (fileno socket)))
548 <a name="index-session_002drecord_002dport"></a>
550 <p>Once a TLS session is established, data can be communicated through it
551 (i.e., <em>via</em> the TLS record layer) using the port returned by
552 <code>session-record-port</code>:
554 <div class="example">
555 <pre class="example">(let ((session (make-session connection-end/client)))
558 ;; Initialize the various parameters of SESSION, set up
559 ;; a network connection, etc...
562 (let ((i/o (session-record-port session)))
563 (write "Hello peer!" i/o)
564 (let ((greetings (read i/o)))
568 (bye session close-request/rdwr))))
571 <a name="index-record_002dsend"></a>
572 <a name="index-record_002dreceive_0021"></a>
574 <p>A lower-level I/O API is provided by <code>record-send</code> and
575 <code>record-receive!</code> which take an SRFI-4 vector to represent the
576 data sent or received. While it might improve performance, it is much
577 less convenient than the above and should rarely be needed.
581 <a name="Exception-Handling"></a>
584 Previous: <a href="#Input-and-Output" accesskey="p" rel="previous">Input and Output</a>, Up: <a href="#Guile-API-Conventions" accesskey="u" rel="up">Guile API Conventions</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
586 <a name="Exception-Handling-1"></a>
587 <h3 class="section">3.5 Exception Handling</h3>
589 <a name="index-exceptions"></a>
590 <a name="index-errors"></a>
591 <a name="index-gnutls_002derror"></a>
592 <a name="index-error_002d_003estring"></a>
594 <p>GnuTLS errors are implemented as Scheme exceptions (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Exceptions">exceptions in Guile</a> in <cite>The GNU Guile Reference Manual</cite>). Each
595 time a GnuTLS function returns an error, an exception with key
596 <code>gnutls-error</code> is raised. The additional arguments that are
597 thrown include an error code and the name of the GnuTLS procedure that
598 raised the exception. The error code is pretty much like an enumerate
599 value: it is one of the <code>error/</code> variables exported by the
600 <code>(gnutls)</code> module (see <a href="#Enumerates-and-Constants">Enumerates and Constants</a>). Exceptions
601 can be turned into error messages using the <code>error->string</code>
604 <p>The following examples illustrates how GnuTLS exceptions can be
607 <div class="example">
608 <pre class="example">(let ((session (make-session connection-end/server)))
617 (lambda (key err function . currently-unused)
618 (format (current-error-port)
619 "a GnuTLS error was raised by `~a': ~a~%"
620 function (error->string err)))))
623 <p>Again, error values can be compared using <code>eq?</code>:
625 <div class="example">
626 <pre class="example"> ;; `gnutls-error' handler.
627 (lambda (key err function . currently-unused)
628 (if (eq? err error/fatal-alert-received)
629 (format (current-error-port)
630 "a fatal alert was caught!~%")
631 (format (current-error-port)
632 "something bad happened: ~a~%"
633 (error->string err))))
636 <p>Note that the <code>catch</code> handler is currently passed only 3
637 arguments but future versions might provide it with additional
638 arguments. Thus, it must be prepared to handle more than 3 arguments,
643 <a name="Guile-Examples"></a>
646 Next: <a href="#Guile-Reference" accesskey="n" rel="next">Guile Reference</a>, Previous: <a href="#Guile-API-Conventions" accesskey="p" rel="previous">Guile API Conventions</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
648 <a name="Guile-Examples-1"></a>
649 <h2 class="chapter">4 Guile Examples</h2>
651 <p>This chapter provides examples that illustrate common use cases.
653 <table class="menu" border="0" cellspacing="0">
654 <tr><td align="left" valign="top">• <a href="#Anonymous-Authentication-Guile-Example" accesskey="1">Anonymous Authentication Guile Example</a>:</td><td> </td><td align="left" valign="top">Simplest client and server.
656 <tr><td align="left" valign="top">• <a href="#OpenPGP-Authentication-Guile-Example" accesskey="2">OpenPGP Authentication Guile Example</a>:</td><td> </td><td align="left" valign="top">Using OpenPGP-based authentication.
658 <tr><td align="left" valign="top">• <a href="#Importing-OpenPGP-Keys-Guile-Example" accesskey="3">Importing OpenPGP Keys Guile Example</a>:</td><td> </td><td align="left" valign="top">Importing keys from files.
663 <a name="Anonymous-Authentication-Guile-Example"></a>
666 Next: <a href="#OpenPGP-Authentication-Guile-Example" accesskey="n" rel="next">OpenPGP Authentication Guile Example</a>, Up: <a href="#Guile-Examples" accesskey="u" rel="up">Guile Examples</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
668 <a name="Anonymous-Authentication-Guile-Example-1"></a>
669 <h3 class="section">4.1 Anonymous Authentication Guile Example</h3>
671 <p><em>Anonymous authentication</em> is very easy to use. No certificates
672 are needed by the communicating parties. Yet, it allows them to
673 benefit from end-to-end encryption and integrity checks.
675 <p>The client-side code would look like this (assuming <var>some-socket</var>
676 is bound to an open socket port):
678 <a name="index-connection_002dend_002fclient"></a>
679 <a name="index-kx_002fanon_002ddh"></a>
680 <a name="index-close_002drequest_002frdwr"></a>
682 <div class="example">
683 <pre class="example">;; Client-side.
685 (let ((client (make-session connection-end/client)))
686 ;; Use the default settings.
687 (set-session-default-priority! client)
689 ;; Don't use certificate-based authentication.
690 (set-session-certificate-type-priority! client '())
692 ;; Request the "anonymous Diffie-Hellman" key exchange method.
693 (set-session-kx-priority! client (list kx/anon-dh))
695 ;; Specify the underlying socket.
696 (set-session-transport-fd! client (fileno some-socket))
698 ;; Create anonymous credentials.
699 (set-session-credentials! client
700 (make-anonymous-client-credentials))
702 ;; Perform the TLS handshake with the server.
705 ;; Send data over the TLS record layer.
706 (write "hello, world!" (session-record-port client))
708 ;; Terminate the TLS session.
709 (bye client close-request/rdwr))
712 <p>The corresponding server would look like this (again, assuming
713 <var>some-socket</var> is bound to a socket port):
715 <a name="index-connection_002dend_002fserver"></a>
717 <div class="example">
718 <pre class="example">;; Server-side.
720 (let ((server (make-session connection-end/server)))
721 (set-session-default-priority! server)
722 (set-session-certificate-type-priority! server '())
723 (set-session-kx-priority! server (list kx/anon-dh))
725 ;; Specify the underlying transport socket.
726 (set-session-transport-fd! server (fileno some-socket))
728 ;; Create anonymous credentials.
729 (let ((cred (make-anonymous-server-credentials))
730 (dh-params (make-dh-parameters 1024)))
731 ;; Note: DH parameter generation can take some time.
732 (set-anonymous-server-dh-parameters! cred dh-params)
733 (set-session-credentials! server cred))
735 ;; Perform the TLS handshake with the client.
738 ;; Receive data over the TLS record layer.
739 (let ((message (read (session-record-port server))))
740 (format #t "received the following message: ~a~%"
743 (bye server close-request/rdwr)))
750 <a name="OpenPGP-Authentication-Guile-Example"></a>
753 Next: <a href="#Importing-OpenPGP-Keys-Guile-Example" accesskey="n" rel="next">Importing OpenPGP Keys Guile Example</a>, Previous: <a href="#Anonymous-Authentication-Guile-Example" accesskey="p" rel="previous">Anonymous Authentication Guile Example</a>, Up: <a href="#Guile-Examples" accesskey="u" rel="up">Guile Examples</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
755 <a name="OpenPGP-Authentication-Guile-Example-1"></a>
756 <h3 class="section">4.2 OpenPGP Authentication Guile Example</h3>
758 <p>GnuTLS allows users to authenticate using OpenPGP certificates.
759 Using OpenPGP-based authentication is not more complicated than using
760 anonymous authentication. It requires a bit of extra work, though, to
761 import the OpenPGP public and private key of the client/server. Key
762 import is omitted here and is left as an exercise to the reader
763 (see <a href="#Importing-OpenPGP-Keys-Guile-Example">Importing OpenPGP Keys Guile Example</a>).
765 <p>Assuming <var>some-socket</var> is bound to an open socket port and
766 <var>pub</var> and <var>sec</var> are bound to the client’s OpenPGP public and
767 secret key, respectively, client-side code would look like this:
769 <a name="index-certificate_002dtype_002fopenpgp"></a>
771 <div class="example">
772 <pre class="example">;; Client-side.
774 (define %certs (list certificate-type/openpgp))
776 (let ((client (make-session connection-end/client))
777 (cred (make-certificate-credentials)))
778 (set-session-default-priority! client)
780 ;; Choose OpenPGP certificates.
781 (set-session-certificate-type-priority! client %certs)
783 ;; Prepare appropriate client credentials.
784 (set-certificate-credentials-openpgp-keys! cred pub sec)
785 (set-session-credentials! client cred)
787 ;; Specify the underlying transport socket.
788 (set-session-transport-fd! client (fileno some-socket))
791 (write "hello, world!" (session-record-port client))
792 (bye client close-request/rdwr))
795 <p>Similarly, server-side code would be along these lines:
797 <div class="example">
798 <pre class="example">;; Server-side.
800 (define %certs (list certificate-type/openpgp))
802 (let ((server (make-session connection-end/server))
803 (rsa (make-rsa-parameters 1024))
804 (dh (make-dh-parameters 1024)))
805 (set-session-default-priority! server)
807 ;; Choose OpenPGP certificates.
808 (set-session-certificate-type-priority! server %certs)
810 (let ((cred (make-certificate-credentials)))
811 ;; Prepare credentials with RSA and Diffie-Hellman parameters.
812 (set-certificate-credentials-dh-parameters! cred dh)
813 (set-certificate-credentials-rsa-export-parameters! cred rsa)
814 (set-certificate-credentials-openpgp-keys! cred pub sec)
815 (set-session-credentials! server cred))
817 (set-session-transport-fd! server (fileno some-socket))
820 (let ((msg (read (session-record-port server))))
821 (format #t "received: ~a~%" msg)
823 (bye server close-request/rdwr)))
826 <p>In practice, generating RSA parameters (and Diffie-Hellman parameters)
827 can time a long time. Thus, you may want to generate them once and
828 store them in a file for future re-use (see <a href="#Guile-Reference"><code>pkcs1-export-rsa-parameters</code> and <code>pkcs1-import-rsa-parameters</code></a>).
831 <a name="Importing-OpenPGP-Keys-Guile-Example"></a>
834 Previous: <a href="#OpenPGP-Authentication-Guile-Example" accesskey="p" rel="previous">OpenPGP Authentication Guile Example</a>, Up: <a href="#Guile-Examples" accesskey="u" rel="up">Guile Examples</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
836 <a name="Importing-OpenPGP-Keys-Guile-Example-1"></a>
837 <h3 class="section">4.3 Importing OpenPGP Keys Guile Example</h3>
839 <p>The following example provides a simple way of importing
840 “ASCII-armored” OpenPGP keys from files, using the
841 <code>import-openpgp-certificate</code> and <code>import-openpgp-private-key</code>
844 <a name="index-openpgp_002dcertificate_002dformat_002fbase64"></a>
845 <a name="index-openpgp_002dcertificate_002dformat_002fraw"></a>
847 <div class="example">
848 <pre class="example">(use-modules (srfi srfi-4)
851 (define (import-key-from-file import-proc file)
852 ;; Import OpenPGP key from FILE using IMPORT-PROC.
854 ;; Prepare a u8vector large enough to hold the raw
856 (let* ((size (stat:size (stat path)))
857 (raw (make-u8vector size)))
859 ;; Fill in the u8vector with the contents of FILE.
860 (uniform-vector-read! raw (open-input-file file))
862 ;; Pass the u8vector to the import procedure.
863 (import-proc raw openpgp-certificate-format/base64)))
866 (define (import-public-key-from-file file)
867 (import-key-from-file import-openpgp-certificate file))
869 (define (import-private-key-from-file file)
870 (import-key-from-file import-openpgp-private-key file))
873 <p>The procedures <code>import-public-key-from-file</code> and
874 <code>import-private-key-from-file</code> can be passed a file name. They
875 return an OpenPGP public key and private key object, respectively
876 (see <a href="#Guile-Reference">OpenPGP key objects</a>).
880 <a name="Guile-Reference"></a>
883 Next: <a href="#Copying-Information" accesskey="n" rel="next">Copying Information</a>, Previous: <a href="#Guile-Examples" accesskey="p" rel="previous">Guile Examples</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
885 <a name="Guile-Reference-1"></a>
886 <h2 class="chapter">5 Guile Reference</h2>
888 <p>This chapter lists the GnuTLS Scheme procedures exported by the
889 <code>(gnutls)</code> module (see <a href="http://www.gnu.org/software/guile/manual/guile.html#The-Guile-module-system">The Guile module system</a> in <cite>The
890 GNU Guile Reference Manual</cite>).
894 <dt><a name="index-set_002dlog_002dlevel_0021"></a>Scheme Procedure: <strong>set-log-level!</strong> <em>level</em></dt>
895 <dd><p>Enable GnuTLS logging up to <var>level</var> (an integer).
899 <dt><a name="index-set_002dlog_002dprocedure_0021"></a>Scheme Procedure: <strong>set-log-procedure!</strong> <em>proc</em></dt>
900 <dd><p>Use <var>proc</var> (a two-argument procedure) as the global GnuTLS log procedure.
904 <dt><a name="index-set_002dcertificate_002dcredentials_002dopenpgp_002dkeys_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-openpgp-keys!</strong> <em>cred pub sec</em></dt>
905 <dd><p>Use certificate <var>pub</var> and secret key <var>sec</var> in certificate credentials <var>cred</var>.
909 <dt><a name="index-openpgp_002dkeyring_002dcontains_002dkey_002did_003f"></a>Scheme Procedure: <strong>openpgp-keyring-contains-key-id?</strong> <em>keyring id</em></dt>
910 <dd><p>Return <code>#f</code> if key ID <var>id</var> is in <var>keyring</var>, <code>#f</code> otherwise.
914 <dt><a name="index-import_002dopenpgp_002dkeyring"></a>Scheme Procedure: <strong>import-openpgp-keyring</strong> <em>data format</em></dt>
915 <dd><p>Import <var>data</var> (a u8vector) according to <var>format</var> and return the imported keyring.
919 <dt><a name="index-openpgp_002dcertificate_002dusage"></a>Scheme Procedure: <strong>openpgp-certificate-usage</strong> <em>key</em></dt>
920 <dd><p>Return a list of values denoting the key usage of <var>key</var>.
924 <dt><a name="index-openpgp_002dcertificate_002dversion"></a>Scheme Procedure: <strong>openpgp-certificate-version</strong> <em>key</em></dt>
925 <dd><p>Return the version of the OpenPGP message format (RFC2440) honored by <var>key</var>.
929 <dt><a name="index-openpgp_002dcertificate_002dalgorithm"></a>Scheme Procedure: <strong>openpgp-certificate-algorithm</strong> <em>key</em></dt>
930 <dd><p>Return two values: the certificate algorithm used by <var>key</var> and the number of bits used.
934 <dt><a name="index-openpgp_002dcertificate_002dnames"></a>Scheme Procedure: <strong>openpgp-certificate-names</strong> <em>key</em></dt>
935 <dd><p>Return the list of names for <var>key</var>.
939 <dt><a name="index-openpgp_002dcertificate_002dname"></a>Scheme Procedure: <strong>openpgp-certificate-name</strong> <em>key index</em></dt>
940 <dd><p>Return the <var>index</var>th name of <var>key</var>.
944 <dt><a name="index-openpgp_002dcertificate_002dfingerprint"></a>Scheme Procedure: <strong>openpgp-certificate-fingerprint</strong> <em>key</em></dt>
945 <dd><p>Return a new u8vector denoting the fingerprint of <var>key</var>.
949 <dt><a name="index-openpgp_002dcertificate_002dfingerprint_0021"></a>Scheme Procedure: <strong>openpgp-certificate-fingerprint!</strong> <em>key fpr</em></dt>
950 <dd><p>Store in <var>fpr</var> (a u8vector) the fingerprint of <var>key</var>. Return the number of bytes stored in <var>fpr</var>.
954 <dt><a name="index-openpgp_002dcertificate_002did_0021"></a>Scheme Procedure: <strong>openpgp-certificate-id!</strong> <em>key id</em></dt>
955 <dd><p>Store the ID (an 8 byte sequence) of certificate <var>key</var> in <var>id</var> (a u8vector).
959 <dt><a name="index-openpgp_002dcertificate_002did"></a>Scheme Procedure: <strong>openpgp-certificate-id</strong> <em>key</em></dt>
960 <dd><p>Return the ID (an 8-element u8vector) of certificate <var>key</var>.
964 <dt><a name="index-import_002dopenpgp_002dprivate_002dkey"></a>Scheme Procedure: <strong>import-openpgp-private-key</strong> <em>data format [pass]</em></dt>
965 <dd><p>Return a new OpenPGP private key object resulting from the import of <var>data</var> (a uniform array) according to <var>format</var>. Optionally, a passphrase may be provided.
969 <dt><a name="index-import_002dopenpgp_002dcertificate"></a>Scheme Procedure: <strong>import-openpgp-certificate</strong> <em>data format</em></dt>
970 <dd><p>Return a new OpenPGP certificate object resulting from the import of <var>data</var> (a uniform array) according to <var>format</var>.
974 <dt><a name="index-x509_002dcertificate_002dsubject_002dalternative_002dname"></a>Scheme Procedure: <strong>x509-certificate-subject-alternative-name</strong> <em>cert index</em></dt>
975 <dd><p>Return two values: the alternative name type for <var>cert</var> (i.e., one of the <code>x509-subject-alternative-name/</code> values) and the actual subject alternative name (a string) at <var>index</var>. Both values are <code>#f</code> if no alternative name is available at <var>index</var>.
979 <dt><a name="index-x509_002dcertificate_002dsubject_002dkey_002did"></a>Scheme Procedure: <strong>x509-certificate-subject-key-id</strong> <em>cert</em></dt>
980 <dd><p>Return the subject key ID (a u8vector) for <var>cert</var>.
984 <dt><a name="index-x509_002dcertificate_002dauthority_002dkey_002did"></a>Scheme Procedure: <strong>x509-certificate-authority-key-id</strong> <em>cert</em></dt>
985 <dd><p>Return the key ID (a u8vector) of the X.509 certificate authority of <var>cert</var>.
989 <dt><a name="index-x509_002dcertificate_002dkey_002did"></a>Scheme Procedure: <strong>x509-certificate-key-id</strong> <em>cert</em></dt>
990 <dd><p>Return a statistically unique ID (a u8vector) for <var>cert</var> that depends on its public key parameters. This is normally a 20-byte SHA-1 hash.
994 <dt><a name="index-x509_002dcertificate_002dversion"></a>Scheme Procedure: <strong>x509-certificate-version</strong> <em>cert</em></dt>
995 <dd><p>Return the version of <var>cert</var>.
999 <dt><a name="index-x509_002dcertificate_002dkey_002dusage"></a>Scheme Procedure: <strong>x509-certificate-key-usage</strong> <em>cert</em></dt>
1000 <dd><p>Return the key usage of <var>cert</var> (i.e., a list of <code>key-usage/</code> values), or the empty list if <var>cert</var> does not contain such information.
1004 <dt><a name="index-x509_002dcertificate_002dpublic_002dkey_002dalgorithm"></a>Scheme Procedure: <strong>x509-certificate-public-key-algorithm</strong> <em>cert</em></dt>
1005 <dd><p>Return two values: the public key algorithm (i.e., one of the <code>pk-algorithm/</code> values) of <var>cert</var> and the number of bits used.
1009 <dt><a name="index-x509_002dcertificate_002dsignature_002dalgorithm"></a>Scheme Procedure: <strong>x509-certificate-signature-algorithm</strong> <em>cert</em></dt>
1010 <dd><p>Return the signature algorithm used by <var>cert</var> (i.e., one of the <code>sign-algorithm/</code> values).
1014 <dt><a name="index-x509_002dcertificate_002dmatches_002dhostname_003f"></a>Scheme Procedure: <strong>x509-certificate-matches-hostname?</strong> <em>cert hostname</em></dt>
1015 <dd><p>Return true if <var>cert</var> matches <var>hostname</var>, a string denoting a DNS host name. This is the basic implementation of <a href="http://tools.ietf.org/html/rfc2818">RFC 2818</a> (aka. HTTPS).
1019 <dt><a name="index-x509_002dcertificate_002dissuer_002ddn_002doid"></a>Scheme Procedure: <strong>x509-certificate-issuer-dn-oid</strong> <em>cert index</em></dt>
1020 <dd><p>Return the OID (a string) at <var>index</var> from <var>cert</var>’s issuer DN. Return <code>#f</code> if no OID is available at <var>index</var>.
1024 <dt><a name="index-x509_002dcertificate_002ddn_002doid"></a>Scheme Procedure: <strong>x509-certificate-dn-oid</strong> <em>cert index</em></dt>
1025 <dd><p>Return OID (a string) at <var>index</var> from <var>cert</var>. Return <code>#f</code> if no OID is available at <var>index</var>.
1029 <dt><a name="index-x509_002dcertificate_002dissuer_002ddn"></a>Scheme Procedure: <strong>x509-certificate-issuer-dn</strong> <em>cert</em></dt>
1030 <dd><p>Return the distinguished name (DN) of X.509 certificate <var>cert</var>.
1034 <dt><a name="index-x509_002dcertificate_002ddn"></a>Scheme Procedure: <strong>x509-certificate-dn</strong> <em>cert</em></dt>
1035 <dd><p>Return the distinguished name (DN) of X.509 certificate <var>cert</var>. The form of the DN is as described in <a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>.
1039 <dt><a name="index-pkcs8_002dimport_002dx509_002dprivate_002dkey"></a>Scheme Procedure: <strong>pkcs8-import-x509-private-key</strong> <em>data format [pass [encrypted]]</em></dt>
1040 <dd><p>Return a new X.509 private key object resulting from the import of <var>data</var> (a uniform array) according to <var>format</var>. Optionally, if <var>pass</var> is not <code>#f</code>, it should be a string denoting a passphrase. <var>encrypted</var> tells whether the private key is encrypted (<code>#t</code> by default).
1044 <dt><a name="index-import_002dx509_002dprivate_002dkey"></a>Scheme Procedure: <strong>import-x509-private-key</strong> <em>data format</em></dt>
1045 <dd><p>Return a new X.509 private key object resulting from the import of <var>data</var> (a uniform array) according to <var>format</var>.
1049 <dt><a name="index-import_002dx509_002dcertificate"></a>Scheme Procedure: <strong>import-x509-certificate</strong> <em>data format</em></dt>
1050 <dd><p>Return a new X.509 certificate object resulting from the import of <var>data</var> (a uniform array) according to <var>format</var>.
1054 <dt><a name="index-server_002dsession_002dpsk_002dusername"></a>Scheme Procedure: <strong>server-session-psk-username</strong> <em>session</em></dt>
1055 <dd><p>Return the username associated with PSK server session <var>session</var>.
1059 <dt><a name="index-set_002dpsk_002dclient_002dcredentials_0021"></a>Scheme Procedure: <strong>set-psk-client-credentials!</strong> <em>cred username key key-format</em></dt>
1060 <dd><p>Set the client credentials for <var>cred</var>, a PSK client credentials object.
1064 <dt><a name="index-make_002dpsk_002dclient_002dcredentials"></a>Scheme Procedure: <strong>make-psk-client-credentials</strong></dt>
1065 <dd><p>Return a new PSK client credentials object.
1069 <dt><a name="index-set_002dpsk_002dserver_002dcredentials_002dfile_0021"></a>Scheme Procedure: <strong>set-psk-server-credentials-file!</strong> <em>cred file</em></dt>
1070 <dd><p>Use <var>file</var> as the password file for PSK server credentials <var>cred</var>.
1074 <dt><a name="index-make_002dpsk_002dserver_002dcredentials"></a>Scheme Procedure: <strong>make-psk-server-credentials</strong></dt>
1075 <dd><p>Return new PSK server credentials.
1079 <dt><a name="index-peer_002dcertificate_002dstatus"></a>Scheme Procedure: <strong>peer-certificate-status</strong> <em>session</em></dt>
1080 <dd><p>Verify the peer certificate for <var>session</var> and return a list of <code>certificate-status</code> values (such as <code>certificate-status/revoked</code>), or the empty list if the certificate is valid.
1084 <dt><a name="index-set_002dcertificate_002dcredentials_002dverify_002dflags_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-verify-flags!</strong> <em>cred [flags...]</em></dt>
1085 <dd><p>Set the certificate verification flags to <var>flags</var>, a series of <code>certificate-verify</code> values.
1089 <dt><a name="index-set_002dcertificate_002dcredentials_002dverify_002dlimits_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-verify-limits!</strong> <em>cred max-bits max-depth</em></dt>
1090 <dd><p>Set the verification limits of <code>peer-certificate-status</code> for certificate credentials <var>cred</var> to <var>max_bits</var> bits for an acceptable certificate and <var>max_depth</var> as the maximum depth of a certificate chain.
1094 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dkeys_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-keys!</strong> <em>cred certs privkey</em></dt>
1095 <dd><p>Have certificate credentials <var>cred</var> use the X.509 certificates listed in <var>certs</var> and X.509 private key <var>privkey</var>.
1099 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dkey_002ddata_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-key-data!</strong> <em>cred cert key format</em></dt>
1100 <dd><p>Use X.509 certificate <var>cert</var> and private key <var>key</var>, both uniform arrays containing the X.509 certificate and key in format <var>format</var>, for certificate credentials <var>cred</var>.
1104 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dcrl_002ddata_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-crl-data!</strong> <em>cred data format</em></dt>
1105 <dd><p>Use <var>data</var> (a uniform array) as the X.509 CRL (certificate revocation list) database for <var>cred</var>. On success, return the number of CRLs processed.
1109 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dtrust_002ddata_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-trust-data!</strong> <em>cred data format</em></dt>
1110 <dd><p>Use <var>data</var> (a uniform array) as the X.509 trust database for <var>cred</var>. On success, return the number of certificates processed.
1114 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dcrl_002dfile_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-crl-file!</strong> <em>cred file format</em></dt>
1115 <dd><p>Use <var>file</var> as the X.509 CRL (certificate revocation list) file for certificate credentials <var>cred</var>. On success, return the number of CRLs processed.
1119 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dtrust_002dfile_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-trust-file!</strong> <em>cred file format</em></dt>
1120 <dd><p>Use <var>file</var> as the X.509 trust file for certificate credentials <var>cred</var>. On success, return the number of certificates processed.
1124 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dkey_002dfiles_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-key-files!</strong> <em>cred cert-file key-file format</em></dt>
1125 <dd><p>Use <var>file</var> as the password file for PSK server credentials <var>cred</var>.
1129 <dt><a name="index-set_002dcertificate_002dcredentials_002drsa_002dexport_002dparameters_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-rsa-export-parameters!</strong> <em>cred rsa-params</em></dt>
1130 <dd><p>Use RSA parameters <var>rsa_params</var> for certificate credentials <var>cred</var>.
1134 <dt><a name="index-set_002dcertificate_002dcredentials_002ddh_002dparameters_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-dh-parameters!</strong> <em>cred dh-params</em></dt>
1135 <dd><p>Use Diffie-Hellman parameters <var>dh_params</var> for certificate credentials <var>cred</var>.
1139 <dt><a name="index-make_002dcertificate_002dcredentials"></a>Scheme Procedure: <strong>make-certificate-credentials</strong></dt>
1140 <dd><p>Return new certificate credentials (i.e., for use with either X.509 or OpenPGP certificates.
1144 <dt><a name="index-pkcs1_002dexport_002drsa_002dparameters-1"></a>Scheme Procedure: <strong>pkcs1-export-rsa-parameters</strong> <em>rsa-params format</em></dt>
1145 <dd><p>Export Diffie-Hellman parameters <var>rsa_params</var> in PKCS1 format according for <var>format</var> (an <code>x509-certificate-format</code> value). Return a <code>u8vector</code> containing the result.
1149 <dt><a name="index-pkcs1_002dimport_002drsa_002dparameters"></a>Scheme Procedure: <strong>pkcs1-import-rsa-parameters</strong> <em>array format</em></dt>
1150 <dd><p>Import Diffie-Hellman parameters in PKCS1 format (further specified by <var>format</var>, an <code>x509-certificate-format</code> value) from <var>array</var> (a homogeneous array) and return a new <code>rsa-params</code> object.
1154 <dt><a name="index-make_002drsa_002dparameters-1"></a>Scheme Procedure: <strong>make-rsa-parameters</strong> <em>bits</em></dt>
1155 <dd><p>Return new RSA parameters.
1159 <dt><a name="index-set_002danonymous_002dserver_002ddh_002dparameters_0021"></a>Scheme Procedure: <strong>set-anonymous-server-dh-parameters!</strong> <em>cred dh-params</em></dt>
1160 <dd><p>Set the Diffie-Hellman parameters of anonymous server credentials <var>cred</var>.
1164 <dt><a name="index-make_002danonymous_002dclient_002dcredentials"></a>Scheme Procedure: <strong>make-anonymous-client-credentials</strong></dt>
1165 <dd><p>Return anonymous client credentials.
1169 <dt><a name="index-make_002danonymous_002dserver_002dcredentials"></a>Scheme Procedure: <strong>make-anonymous-server-credentials</strong></dt>
1170 <dd><p>Return anonymous server credentials.
1174 <dt><a name="index-set_002dsession_002ddh_002dprime_002dbits_0021"></a>Scheme Procedure: <strong>set-session-dh-prime-bits!</strong> <em>session bits</em></dt>
1175 <dd><p>Use <var>bits</var> DH prime bits for <var>session</var>.
1179 <dt><a name="index-pkcs3_002dexport_002ddh_002dparameters"></a>Scheme Procedure: <strong>pkcs3-export-dh-parameters</strong> <em>dh-params format</em></dt>
1180 <dd><p>Export Diffie-Hellman parameters <var>dh_params</var> in PKCS3 format according for <var>format</var> (an <code>x509-certificate-format</code> value). Return a <code>u8vector</code> containing the result.
1184 <dt><a name="index-pkcs3_002dimport_002ddh_002dparameters"></a>Scheme Procedure: <strong>pkcs3-import-dh-parameters</strong> <em>array format</em></dt>
1185 <dd><p>Import Diffie-Hellman parameters in PKCS3 format (further specified by <var>format</var>, an <code>x509-certificate-format</code> value) from <var>array</var> (a homogeneous array) and return a new <code>dh-params</code> object.
1189 <dt><a name="index-make_002ddh_002dparameters"></a>Scheme Procedure: <strong>make-dh-parameters</strong> <em>bits</em></dt>
1190 <dd><p>Return new Diffie-Hellman parameters.
1194 <dt><a name="index-set_002dsession_002dtransport_002dport_0021-1"></a>Scheme Procedure: <strong>set-session-transport-port!</strong> <em>session port</em></dt>
1195 <dd><p>Use <var>port</var> as the input/output port for <var>session</var>.
1199 <dt><a name="index-set_002dsession_002dtransport_002dfd_0021-1"></a>Scheme Procedure: <strong>set-session-transport-fd!</strong> <em>session fd</em></dt>
1200 <dd><p>Use file descriptor <var>fd</var> as the underlying transport for <var>session</var>.
1204 <dt><a name="index-session_002drecord_002dport-1"></a>Scheme Procedure: <strong>session-record-port</strong> <em>session</em></dt>
1205 <dd><p>Return a read-write port that may be used to communicate over <var>session</var>. All invocations of <code>session-port</code> on a given session return the same object (in the sense of <code>eq?</code>).
1209 <dt><a name="index-record_002dreceive_0021-1"></a>Scheme Procedure: <strong>record-receive!</strong> <em>session array</em></dt>
1210 <dd><p>Receive data from <var>session</var> into <var>array</var>, a uniform homogeneous array. Return the number of bytes actually received.
1214 <dt><a name="index-record_002dsend-1"></a>Scheme Procedure: <strong>record-send</strong> <em>session array</em></dt>
1215 <dd><p>Send the record constituted by <var>array</var> through <var>session</var>.
1219 <dt><a name="index-set_002dsession_002dcredentials_0021"></a>Scheme Procedure: <strong>set-session-credentials!</strong> <em>session cred</em></dt>
1220 <dd><p>Use <var>cred</var> as <var>session</var>’s credentials.
1224 <dt><a name="index-cipher_002dsuite_002d_003estring"></a>Scheme Procedure: <strong>cipher-suite->string</strong> <em>kx cipher mac</em></dt>
1225 <dd><p>Return the name of the given cipher suite.
1229 <dt><a name="index-set_002dsession_002dpriorities_0021"></a>Scheme Procedure: <strong>set-session-priorities!</strong> <em>session priorities</em></dt>
1230 <dd><p>Have <var>session</var> use the given <var>priorities</var> for the ciphers, key exchange methods, MACs and compression methods. <var>priorities</var> must be a string (see Priority Strings). When <var>priorities</var> cannot be parsed, an <code>error/invalid-request</code> error is raised, with an extra argument indication the position of the error.
1235 <dt><a name="index-set_002dsession_002ddefault_002dexport_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-default-export-priority!</strong> <em>session</em></dt>
1236 <dd><p>Have <var>session</var> use the default export priorities.
1240 <dt><a name="index-set_002dsession_002ddefault_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-default-priority!</strong> <em>session</em></dt>
1241 <dd><p>Have <var>session</var> use the default priorities.
1245 <dt><a name="index-set_002dsession_002dcertificate_002dtype_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-certificate-type-priority!</strong> <em>session items</em></dt>
1246 <dd><p>Use <var>items</var> (a list) as the list of preferred certificate-type for <var>session</var>.
1250 <dt><a name="index-set_002dsession_002dprotocol_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-protocol-priority!</strong> <em>session items</em></dt>
1251 <dd><p>Use <var>items</var> (a list) as the list of preferred protocol for <var>session</var>.
1255 <dt><a name="index-set_002dsession_002dkx_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-kx-priority!</strong> <em>session items</em></dt>
1256 <dd><p>Use <var>items</var> (a list) as the list of preferred kx for <var>session</var>.
1260 <dt><a name="index-set_002dsession_002dcompression_002dmethod_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-compression-method-priority!</strong> <em>session items</em></dt>
1261 <dd><p>Use <var>items</var> (a list) as the list of preferred compression-method for <var>session</var>.
1265 <dt><a name="index-set_002dsession_002dmac_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-mac-priority!</strong> <em>session items</em></dt>
1266 <dd><p>Use <var>items</var> (a list) as the list of preferred mac for <var>session</var>.
1270 <dt><a name="index-set_002dsession_002dcipher_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-cipher-priority!</strong> <em>session items</em></dt>
1271 <dd><p>Use <var>items</var> (a list) as the list of preferred cipher for <var>session</var>.
1275 <dt><a name="index-set_002dserver_002dsession_002dcertificate_002drequest_0021"></a>Scheme Procedure: <strong>set-server-session-certificate-request!</strong> <em>session request</em></dt>
1276 <dd><p>Tell how <var>session</var>, a server-side session, should deal with certificate requests. <var>request</var> should be either <code>certificate-request/request</code> or <code>certificate-request/require</code>.
1280 <dt><a name="index-session_002dour_002dcertificate_002dchain"></a>Scheme Procedure: <strong>session-our-certificate-chain</strong> <em>session</em></dt>
1281 <dd><p>Return our certificate chain for <var>session</var> (as sent to the peer) in raw format (a u8vector). In the case of OpenPGP there is exactly one certificate. Return the empty list if no certificate was used.
1285 <dt><a name="index-session_002dpeer_002dcertificate_002dchain"></a>Scheme Procedure: <strong>session-peer-certificate-chain</strong> <em>session</em></dt>
1286 <dd><p>Return the a list of certificates in raw format (u8vectors) where the first one is the peer’s certificate. In the case of OpenPGP, there is always exactly one certificate. In the case of X.509, subsequent certificates indicate form a certificate chain. Return the empty list if no certificate was sent.
1290 <dt><a name="index-session_002dclient_002dauthentication_002dtype"></a>Scheme Procedure: <strong>session-client-authentication-type</strong> <em>session</em></dt>
1291 <dd><p>Return the client authentication type (a <code>credential-type</code> value) used in <var>session</var>.
1295 <dt><a name="index-session_002dserver_002dauthentication_002dtype"></a>Scheme Procedure: <strong>session-server-authentication-type</strong> <em>session</em></dt>
1296 <dd><p>Return the server authentication type (a <code>credential-type</code> value) used in <var>session</var>.
1300 <dt><a name="index-session_002dauthentication_002dtype"></a>Scheme Procedure: <strong>session-authentication-type</strong> <em>session</em></dt>
1301 <dd><p>Return the authentication type (a <code>credential-type</code> value) used by <var>session</var>.
1305 <dt><a name="index-session_002dprotocol"></a>Scheme Procedure: <strong>session-protocol</strong> <em>session</em></dt>
1306 <dd><p>Return the protocol used by <var>session</var>.
1310 <dt><a name="index-session_002dcertificate_002dtype"></a>Scheme Procedure: <strong>session-certificate-type</strong> <em>session</em></dt>
1311 <dd><p>Return <var>session</var>’s certificate type.
1315 <dt><a name="index-session_002dcompression_002dmethod"></a>Scheme Procedure: <strong>session-compression-method</strong> <em>session</em></dt>
1316 <dd><p>Return <var>session</var>’s compression method.
1320 <dt><a name="index-session_002dmac"></a>Scheme Procedure: <strong>session-mac</strong> <em>session</em></dt>
1321 <dd><p>Return <var>session</var>’s MAC.
1325 <dt><a name="index-session_002dkx"></a>Scheme Procedure: <strong>session-kx</strong> <em>session</em></dt>
1326 <dd><p>Return <var>session</var>’s kx.
1330 <dt><a name="index-session_002dcipher-1"></a>Scheme Procedure: <strong>session-cipher</strong> <em>session</em></dt>
1331 <dd><p>Return <var>session</var>’s cipher.
1335 <dt><a name="index-alert_002dsend"></a>Scheme Procedure: <strong>alert-send</strong> <em>session level alert</em></dt>
1336 <dd><p>Send <var>alert</var> via <var>session</var>.
1340 <dt><a name="index-alert_002dget"></a>Scheme Procedure: <strong>alert-get</strong> <em>session</em></dt>
1341 <dd><p>Get an aleter from <var>session</var>.
1345 <dt><a name="index-rehandshake"></a>Scheme Procedure: <strong>rehandshake</strong> <em>session</em></dt>
1346 <dd><p>Perform a re-handshaking for <var>session</var>.
1350 <dt><a name="index-handshake"></a>Scheme Procedure: <strong>handshake</strong> <em>session</em></dt>
1351 <dd><p>Perform a handshake for <var>session</var>.
1355 <dt><a name="index-bye"></a>Scheme Procedure: <strong>bye</strong> <em>session how</em></dt>
1356 <dd><p>Close <var>session</var> according to <var>how</var>.
1360 <dt><a name="index-make_002dsession"></a>Scheme Procedure: <strong>make-session</strong> <em>end</em></dt>
1361 <dd><p>Return a new session for connection end <var>end</var>, either <code>connection-end/server</code> or <code>connection-end/client</code>.
1365 <dt><a name="index-gnutls_002dversion"></a>Scheme Procedure: <strong>gnutls-version</strong></dt>
1366 <dd><p>Return a string denoting the version number of the underlying GnuTLS library, e.g., <code>"1.7.2"</code>.
1370 <dt><a name="index-openpgp_002dkeyring_003f"></a>Scheme Procedure: <strong>openpgp-keyring?</strong> <em>obj</em></dt>
1371 <dd><p>Return true if <var>obj</var> is of type <code>openpgp-keyring</code>.
1375 <dt><a name="index-openpgp_002dprivate_002dkey_003f"></a>Scheme Procedure: <strong>openpgp-private-key?</strong> <em>obj</em></dt>
1376 <dd><p>Return true if <var>obj</var> is of type <code>openpgp-private-key</code>.
1380 <dt><a name="index-openpgp_002dcertificate_003f"></a>Scheme Procedure: <strong>openpgp-certificate?</strong> <em>obj</em></dt>
1381 <dd><p>Return true if <var>obj</var> is of type <code>openpgp-certificate</code>.
1385 <dt><a name="index-x509_002dprivate_002dkey_003f"></a>Scheme Procedure: <strong>x509-private-key?</strong> <em>obj</em></dt>
1386 <dd><p>Return true if <var>obj</var> is of type <code>x509-private-key</code>.
1390 <dt><a name="index-x509_002dcertificate_003f"></a>Scheme Procedure: <strong>x509-certificate?</strong> <em>obj</em></dt>
1391 <dd><p>Return true if <var>obj</var> is of type <code>x509-certificate</code>.
1395 <dt><a name="index-psk_002dclient_002dcredentials_003f"></a>Scheme Procedure: <strong>psk-client-credentials?</strong> <em>obj</em></dt>
1396 <dd><p>Return true if <var>obj</var> is of type <code>psk-client-credentials</code>.
1400 <dt><a name="index-psk_002dserver_002dcredentials_003f"></a>Scheme Procedure: <strong>psk-server-credentials?</strong> <em>obj</em></dt>
1401 <dd><p>Return true if <var>obj</var> is of type <code>psk-server-credentials</code>.
1405 <dt><a name="index-srp_002dclient_002dcredentials_003f"></a>Scheme Procedure: <strong>srp-client-credentials?</strong> <em>obj</em></dt>
1406 <dd><p>Return true if <var>obj</var> is of type <code>srp-client-credentials</code>.
1410 <dt><a name="index-srp_002dserver_002dcredentials_003f"></a>Scheme Procedure: <strong>srp-server-credentials?</strong> <em>obj</em></dt>
1411 <dd><p>Return true if <var>obj</var> is of type <code>srp-server-credentials</code>.
1415 <dt><a name="index-certificate_002dcredentials_003f"></a>Scheme Procedure: <strong>certificate-credentials?</strong> <em>obj</em></dt>
1416 <dd><p>Return true if <var>obj</var> is of type <code>certificate-credentials</code>.
1420 <dt><a name="index-rsa_002dparameters_003f"></a>Scheme Procedure: <strong>rsa-parameters?</strong> <em>obj</em></dt>
1421 <dd><p>Return true if <var>obj</var> is of type <code>rsa-parameters</code>.
1425 <dt><a name="index-dh_002dparameters_003f"></a>Scheme Procedure: <strong>dh-parameters?</strong> <em>obj</em></dt>
1426 <dd><p>Return true if <var>obj</var> is of type <code>dh-parameters</code>.
1430 <dt><a name="index-anonymous_002dserver_002dcredentials_003f"></a>Scheme Procedure: <strong>anonymous-server-credentials?</strong> <em>obj</em></dt>
1431 <dd><p>Return true if <var>obj</var> is of type <code>anonymous-server-credentials</code>.
1435 <dt><a name="index-anonymous_002dclient_002dcredentials_003f"></a>Scheme Procedure: <strong>anonymous-client-credentials?</strong> <em>obj</em></dt>
1436 <dd><p>Return true if <var>obj</var> is of type <code>anonymous-client-credentials</code>.
1440 <dt><a name="index-session_003f"></a>Scheme Procedure: <strong>session?</strong> <em>obj</em></dt>
1441 <dd><p>Return true if <var>obj</var> is of type <code>session</code>.
1445 <dt><a name="index-openpgp_002dcertificate_002dformat_002d_003estring"></a>Scheme Procedure: <strong>openpgp-certificate-format->string</strong> <em>enumval</em></dt>
1446 <dd><p>Return a string describing <var>enumval</var>, a <code>openpgp-certificate-format</code> value.
1450 <dt><a name="index-error_002d_003estring-1"></a>Scheme Procedure: <strong>error->string</strong> <em>enumval</em></dt>
1451 <dd><p>Return a string describing <var>enumval</var>, a <code>error</code> value.
1455 <dt><a name="index-certificate_002dverify_002d_003estring"></a>Scheme Procedure: <strong>certificate-verify->string</strong> <em>enumval</em></dt>
1456 <dd><p>Return a string describing <var>enumval</var>, a <code>certificate-verify</code> value.
1460 <dt><a name="index-key_002dusage_002d_003estring"></a>Scheme Procedure: <strong>key-usage->string</strong> <em>enumval</em></dt>
1461 <dd><p>Return a string describing <var>enumval</var>, a <code>key-usage</code> value.
1465 <dt><a name="index-psk_002dkey_002dformat_002d_003estring"></a>Scheme Procedure: <strong>psk-key-format->string</strong> <em>enumval</em></dt>
1466 <dd><p>Return a string describing <var>enumval</var>, a <code>psk-key-format</code> value.
1470 <dt><a name="index-sign_002dalgorithm_002d_003estring"></a>Scheme Procedure: <strong>sign-algorithm->string</strong> <em>enumval</em></dt>
1471 <dd><p>Return a string describing <var>enumval</var>, a <code>sign-algorithm</code> value.
1475 <dt><a name="index-pk_002dalgorithm_002d_003estring"></a>Scheme Procedure: <strong>pk-algorithm->string</strong> <em>enumval</em></dt>
1476 <dd><p>Return a string describing <var>enumval</var>, a <code>pk-algorithm</code> value.
1480 <dt><a name="index-x509_002dsubject_002dalternative_002dname_002d_003estring"></a>Scheme Procedure: <strong>x509-subject-alternative-name->string</strong> <em>enumval</em></dt>
1481 <dd><p>Return a string describing <var>enumval</var>, a <code>x509-subject-alternative-name</code> value.
1485 <dt><a name="index-x509_002dcertificate_002dformat_002d_003estring"></a>Scheme Procedure: <strong>x509-certificate-format->string</strong> <em>enumval</em></dt>
1486 <dd><p>Return a string describing <var>enumval</var>, a <code>x509-certificate-format</code> value.
1490 <dt><a name="index-certificate_002dtype_002d_003estring"></a>Scheme Procedure: <strong>certificate-type->string</strong> <em>enumval</em></dt>
1491 <dd><p>Return a string describing <var>enumval</var>, a <code>certificate-type</code> value.
1495 <dt><a name="index-protocol_002d_003estring"></a>Scheme Procedure: <strong>protocol->string</strong> <em>enumval</em></dt>
1496 <dd><p>Return a string describing <var>enumval</var>, a <code>protocol</code> value.
1500 <dt><a name="index-close_002drequest_002d_003estring"></a>Scheme Procedure: <strong>close-request->string</strong> <em>enumval</em></dt>
1501 <dd><p>Return a string describing <var>enumval</var>, a <code>close-request</code> value.
1505 <dt><a name="index-certificate_002drequest_002d_003estring"></a>Scheme Procedure: <strong>certificate-request->string</strong> <em>enumval</em></dt>
1506 <dd><p>Return a string describing <var>enumval</var>, a <code>certificate-request</code> value.
1510 <dt><a name="index-certificate_002dstatus_002d_003estring"></a>Scheme Procedure: <strong>certificate-status->string</strong> <em>enumval</em></dt>
1511 <dd><p>Return a string describing <var>enumval</var>, a <code>certificate-status</code> value.
1515 <dt><a name="index-handshake_002ddescription_002d_003estring"></a>Scheme Procedure: <strong>handshake-description->string</strong> <em>enumval</em></dt>
1516 <dd><p>Return a string describing <var>enumval</var>, a <code>handshake-description</code> value.
1520 <dt><a name="index-alert_002ddescription_002d_003estring"></a>Scheme Procedure: <strong>alert-description->string</strong> <em>enumval</em></dt>
1521 <dd><p>Return a string describing <var>enumval</var>, a <code>alert-description</code> value.
1525 <dt><a name="index-alert_002dlevel_002d_003estring"></a>Scheme Procedure: <strong>alert-level->string</strong> <em>enumval</em></dt>
1526 <dd><p>Return a string describing <var>enumval</var>, a <code>alert-level</code> value.
1530 <dt><a name="index-connection_002dend_002d_003estring"></a>Scheme Procedure: <strong>connection-end->string</strong> <em>enumval</em></dt>
1531 <dd><p>Return a string describing <var>enumval</var>, a <code>connection-end</code> value.
1535 <dt><a name="index-compression_002dmethod_002d_003estring"></a>Scheme Procedure: <strong>compression-method->string</strong> <em>enumval</em></dt>
1536 <dd><p>Return a string describing <var>enumval</var>, a <code>compression-method</code> value.
1540 <dt><a name="index-digest_002d_003estring"></a>Scheme Procedure: <strong>digest->string</strong> <em>enumval</em></dt>
1541 <dd><p>Return a string describing <var>enumval</var>, a <code>digest</code> value.
1545 <dt><a name="index-mac_002d_003estring"></a>Scheme Procedure: <strong>mac->string</strong> <em>enumval</em></dt>
1546 <dd><p>Return a string describing <var>enumval</var>, a <code>mac</code> value.
1550 <dt><a name="index-credentials_002d_003estring"></a>Scheme Procedure: <strong>credentials->string</strong> <em>enumval</em></dt>
1551 <dd><p>Return a string describing <var>enumval</var>, a <code>credentials</code> value.
1555 <dt><a name="index-params_002d_003estring"></a>Scheme Procedure: <strong>params->string</strong> <em>enumval</em></dt>
1556 <dd><p>Return a string describing <var>enumval</var>, a <code>params</code> value.
1560 <dt><a name="index-kx_002d_003estring"></a>Scheme Procedure: <strong>kx->string</strong> <em>enumval</em></dt>
1561 <dd><p>Return a string describing <var>enumval</var>, a <code>kx</code> value.
1565 <dt><a name="index-cipher_002d_003estring"></a>Scheme Procedure: <strong>cipher->string</strong> <em>enumval</em></dt>
1566 <dd><p>Return a string describing <var>enumval</var>, a <code>cipher</code> value.
1571 <a name="Copying-Information"></a>
1572 <div class="header">
1574 Previous: <a href="#Guile-Reference" accesskey="p" rel="previous">Guile Reference</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
1576 <a name="Copying-Information-1"></a>
1577 <h2 class="appendix">Appendix A Copying Information</h2>
1578 <a name="index-FDL_002c-GNU-Free-Documentation-License"></a>
1580 <a name="GNU-Free-Documentation-License"></a>
1581 <h3 class="heading">GNU Free Documentation License</h3>
1583 <div align="center">Version 1.3, 3 November 2008
1586 <div class="display">
1587 <pre class="display">Copyright © 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
1588 <a href="http://fsf.org/">http://fsf.org/</a>
1590 Everyone is permitted to copy and distribute verbatim copies
1591 of this license document, but changing it is not allowed.
1597 <p>The purpose of this License is to make a manual, textbook, or other
1598 functional and useful document <em>free</em> in the sense of freedom: to
1599 assure everyone the effective freedom to copy and redistribute it,
1600 with or without modifying it, either commercially or noncommercially.
1601 Secondarily, this License preserves for the author and publisher a way
1602 to get credit for their work, while not being considered responsible
1603 for modifications made by others.
1605 <p>This License is a kind of “copyleft”, which means that derivative
1606 works of the document must themselves be free in the same sense. It
1607 complements the GNU General Public License, which is a copyleft
1608 license designed for free software.
1610 <p>We have designed this License in order to use it for manuals for free
1611 software, because free software needs free documentation: a free
1612 program should come with manuals providing the same freedoms that the
1613 software does. But this License is not limited to software manuals;
1614 it can be used for any textual work, regardless of subject matter or
1615 whether it is published as a printed book. We recommend this License
1616 principally for works whose purpose is instruction or reference.
1618 </li><li> APPLICABILITY AND DEFINITIONS
1620 <p>This License applies to any manual or other work, in any medium, that
1621 contains a notice placed by the copyright holder saying it can be
1622 distributed under the terms of this License. Such a notice grants a
1623 world-wide, royalty-free license, unlimited in duration, to use that
1624 work under the conditions stated herein. The “Document”, below,
1625 refers to any such manual or work. Any member of the public is a
1626 licensee, and is addressed as “you”. You accept the license if you
1627 copy, modify or distribute the work in a way requiring permission
1628 under copyright law.
1630 <p>A “Modified Version” of the Document means any work containing the
1631 Document or a portion of it, either copied verbatim, or with
1632 modifications and/or translated into another language.
1634 <p>A “Secondary Section” is a named appendix or a front-matter section
1635 of the Document that deals exclusively with the relationship of the
1636 publishers or authors of the Document to the Document’s overall
1637 subject (or to related matters) and contains nothing that could fall
1638 directly within that overall subject. (Thus, if the Document is in
1639 part a textbook of mathematics, a Secondary Section may not explain
1640 any mathematics.) The relationship could be a matter of historical
1641 connection with the subject or with related matters, or of legal,
1642 commercial, philosophical, ethical or political position regarding
1645 <p>The “Invariant Sections” are certain Secondary Sections whose titles
1646 are designated, as being those of Invariant Sections, in the notice
1647 that says that the Document is released under this License. If a
1648 section does not fit the above definition of Secondary then it is not
1649 allowed to be designated as Invariant. The Document may contain zero
1650 Invariant Sections. If the Document does not identify any Invariant
1651 Sections then there are none.
1653 <p>The “Cover Texts” are certain short passages of text that are listed,
1654 as Front-Cover Texts or Back-Cover Texts, in the notice that says that
1655 the Document is released under this License. A Front-Cover Text may
1656 be at most 5 words, and a Back-Cover Text may be at most 25 words.
1658 <p>A “Transparent” copy of the Document means a machine-readable copy,
1659 represented in a format whose specification is available to the
1660 general public, that is suitable for revising the document
1661 straightforwardly with generic text editors or (for images composed of
1662 pixels) generic paint programs or (for drawings) some widely available
1663 drawing editor, and that is suitable for input to text formatters or
1664 for automatic translation to a variety of formats suitable for input
1665 to text formatters. A copy made in an otherwise Transparent file
1666 format whose markup, or absence of markup, has been arranged to thwart
1667 or discourage subsequent modification by readers is not Transparent.
1668 An image format is not Transparent if used for any substantial amount
1669 of text. A copy that is not “Transparent” is called “Opaque”.
1671 <p>Examples of suitable formats for Transparent copies include plain
1672 ASCII without markup, Texinfo input format, LaTeX input
1673 format, SGML or XML using a publicly available
1674 DTD, and standard-conforming simple HTML,
1675 PostScript or PDF designed for human modification. Examples
1676 of transparent image formats include PNG, XCF and
1677 JPG. Opaque formats include proprietary formats that can be
1678 read and edited only by proprietary word processors, SGML or
1679 XML for which the DTD and/or processing tools are
1680 not generally available, and the machine-generated HTML,
1681 PostScript or PDF produced by some word processors for
1682 output purposes only.
1684 <p>The “Title Page” means, for a printed book, the title page itself,
1685 plus such following pages as are needed to hold, legibly, the material
1686 this License requires to appear in the title page. For works in
1687 formats which do not have any title page as such, “Title Page” means
1688 the text near the most prominent appearance of the work’s title,
1689 preceding the beginning of the body of the text.
1691 <p>The “publisher” means any person or entity that distributes copies
1692 of the Document to the public.
1694 <p>A section “Entitled XYZ” means a named subunit of the Document whose
1695 title either is precisely XYZ or contains XYZ in parentheses following
1696 text that translates XYZ in another language. (Here XYZ stands for a
1697 specific section name mentioned below, such as “Acknowledgements”,
1698 “Dedications”, “Endorsements”, or “History”.) To “Preserve the Title”
1699 of such a section when you modify the Document means that it remains a
1700 section “Entitled XYZ” according to this definition.
1702 <p>The Document may include Warranty Disclaimers next to the notice which
1703 states that this License applies to the Document. These Warranty
1704 Disclaimers are considered to be included by reference in this
1705 License, but only as regards disclaiming warranties: any other
1706 implication that these Warranty Disclaimers may have is void and has
1707 no effect on the meaning of this License.
1709 </li><li> VERBATIM COPYING
1711 <p>You may copy and distribute the Document in any medium, either
1712 commercially or noncommercially, provided that this License, the
1713 copyright notices, and the license notice saying this License applies
1714 to the Document are reproduced in all copies, and that you add no other
1715 conditions whatsoever to those of this License. You may not use
1716 technical measures to obstruct or control the reading or further
1717 copying of the copies you make or distribute. However, you may accept
1718 compensation in exchange for copies. If you distribute a large enough
1719 number of copies you must also follow the conditions in section 3.
1721 <p>You may also lend copies, under the same conditions stated above, and
1722 you may publicly display copies.
1724 </li><li> COPYING IN QUANTITY
1726 <p>If you publish printed copies (or copies in media that commonly have
1727 printed covers) of the Document, numbering more than 100, and the
1728 Document’s license notice requires Cover Texts, you must enclose the
1729 copies in covers that carry, clearly and legibly, all these Cover
1730 Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on
1731 the back cover. Both covers must also clearly and legibly identify
1732 you as the publisher of these copies. The front cover must present
1733 the full title with all words of the title equally prominent and
1734 visible. You may add other material on the covers in addition.
1735 Copying with changes limited to the covers, as long as they preserve
1736 the title of the Document and satisfy these conditions, can be treated
1737 as verbatim copying in other respects.
1739 <p>If the required texts for either cover are too voluminous to fit
1740 legibly, you should put the first ones listed (as many as fit
1741 reasonably) on the actual cover, and continue the rest onto adjacent
1744 <p>If you publish or distribute Opaque copies of the Document numbering
1745 more than 100, you must either include a machine-readable Transparent
1746 copy along with each Opaque copy, or state in or with each Opaque copy
1747 a computer-network location from which the general network-using
1748 public has access to download using public-standard network protocols
1749 a complete Transparent copy of the Document, free of added material.
1750 If you use the latter option, you must take reasonably prudent steps,
1751 when you begin distribution of Opaque copies in quantity, to ensure
1752 that this Transparent copy will remain thus accessible at the stated
1753 location until at least one year after the last time you distribute an
1754 Opaque copy (directly or through your agents or retailers) of that
1755 edition to the public.
1757 <p>It is requested, but not required, that you contact the authors of the
1758 Document well before redistributing any large number of copies, to give
1759 them a chance to provide you with an updated version of the Document.
1761 </li><li> MODIFICATIONS
1763 <p>You may copy and distribute a Modified Version of the Document under
1764 the conditions of sections 2 and 3 above, provided that you release
1765 the Modified Version under precisely this License, with the Modified
1766 Version filling the role of the Document, thus licensing distribution
1767 and modification of the Modified Version to whoever possesses a copy
1768 of it. In addition, you must do these things in the Modified Version:
1771 <li> Use in the Title Page (and on the covers, if any) a title distinct
1772 from that of the Document, and from those of previous versions
1773 (which should, if there were any, be listed in the History section
1774 of the Document). You may use the same title as a previous version
1775 if the original publisher of that version gives permission.
1777 </li><li> List on the Title Page, as authors, one or more persons or entities
1778 responsible for authorship of the modifications in the Modified
1779 Version, together with at least five of the principal authors of the
1780 Document (all of its principal authors, if it has fewer than five),
1781 unless they release you from this requirement.
1783 </li><li> State on the Title page the name of the publisher of the
1784 Modified Version, as the publisher.
1786 </li><li> Preserve all the copyright notices of the Document.
1788 </li><li> Add an appropriate copyright notice for your modifications
1789 adjacent to the other copyright notices.
1791 </li><li> Include, immediately after the copyright notices, a license notice
1792 giving the public permission to use the Modified Version under the
1793 terms of this License, in the form shown in the Addendum below.
1795 </li><li> Preserve in that license notice the full lists of Invariant Sections
1796 and required Cover Texts given in the Document’s license notice.
1798 </li><li> Include an unaltered copy of this License.
1800 </li><li> Preserve the section Entitled “History”, Preserve its Title, and add
1801 to it an item stating at least the title, year, new authors, and
1802 publisher of the Modified Version as given on the Title Page. If
1803 there is no section Entitled “History” in the Document, create one
1804 stating the title, year, authors, and publisher of the Document as
1805 given on its Title Page, then add an item describing the Modified
1806 Version as stated in the previous sentence.
1808 </li><li> Preserve the network location, if any, given in the Document for
1809 public access to a Transparent copy of the Document, and likewise
1810 the network locations given in the Document for previous versions
1811 it was based on. These may be placed in the “History” section.
1812 You may omit a network location for a work that was published at
1813 least four years before the Document itself, or if the original
1814 publisher of the version it refers to gives permission.
1816 </li><li> For any section Entitled “Acknowledgements” or “Dedications”, Preserve
1817 the Title of the section, and preserve in the section all the
1818 substance and tone of each of the contributor acknowledgements and/or
1819 dedications given therein.
1821 </li><li> Preserve all the Invariant Sections of the Document,
1822 unaltered in their text and in their titles. Section numbers
1823 or the equivalent are not considered part of the section titles.
1825 </li><li> Delete any section Entitled “Endorsements”. Such a section
1826 may not be included in the Modified Version.
1828 </li><li> Do not retitle any existing section to be Entitled “Endorsements” or
1829 to conflict in title with any Invariant Section.
1831 </li><li> Preserve any Warranty Disclaimers.
1834 <p>If the Modified Version includes new front-matter sections or
1835 appendices that qualify as Secondary Sections and contain no material
1836 copied from the Document, you may at your option designate some or all
1837 of these sections as invariant. To do this, add their titles to the
1838 list of Invariant Sections in the Modified Version’s license notice.
1839 These titles must be distinct from any other section titles.
1841 <p>You may add a section Entitled “Endorsements”, provided it contains
1842 nothing but endorsements of your Modified Version by various
1843 parties—for example, statements of peer review or that the text has
1844 been approved by an organization as the authoritative definition of a
1847 <p>You may add a passage of up to five words as a Front-Cover Text, and a
1848 passage of up to 25 words as a Back-Cover Text, to the end of the list
1849 of Cover Texts in the Modified Version. Only one passage of
1850 Front-Cover Text and one of Back-Cover Text may be added by (or
1851 through arrangements made by) any one entity. If the Document already
1852 includes a cover text for the same cover, previously added by you or
1853 by arrangement made by the same entity you are acting on behalf of,
1854 you may not add another; but you may replace the old one, on explicit
1855 permission from the previous publisher that added the old one.
1857 <p>The author(s) and publisher(s) of the Document do not by this License
1858 give permission to use their names for publicity for or to assert or
1859 imply endorsement of any Modified Version.
1861 </li><li> COMBINING DOCUMENTS
1863 <p>You may combine the Document with other documents released under this
1864 License, under the terms defined in section 4 above for modified
1865 versions, provided that you include in the combination all of the
1866 Invariant Sections of all of the original documents, unmodified, and
1867 list them all as Invariant Sections of your combined work in its
1868 license notice, and that you preserve all their Warranty Disclaimers.
1870 <p>The combined work need only contain one copy of this License, and
1871 multiple identical Invariant Sections may be replaced with a single
1872 copy. If there are multiple Invariant Sections with the same name but
1873 different contents, make the title of each such section unique by
1874 adding at the end of it, in parentheses, the name of the original
1875 author or publisher of that section if known, or else a unique number.
1876 Make the same adjustment to the section titles in the list of
1877 Invariant Sections in the license notice of the combined work.
1879 <p>In the combination, you must combine any sections Entitled “History”
1880 in the various original documents, forming one section Entitled
1881 “History”; likewise combine any sections Entitled “Acknowledgements”,
1882 and any sections Entitled “Dedications”. You must delete all
1883 sections Entitled “Endorsements.”
1885 </li><li> COLLECTIONS OF DOCUMENTS
1887 <p>You may make a collection consisting of the Document and other documents
1888 released under this License, and replace the individual copies of this
1889 License in the various documents with a single copy that is included in
1890 the collection, provided that you follow the rules of this License for
1891 verbatim copying of each of the documents in all other respects.
1893 <p>You may extract a single document from such a collection, and distribute
1894 it individually under this License, provided you insert a copy of this
1895 License into the extracted document, and follow this License in all
1896 other respects regarding verbatim copying of that document.
1898 </li><li> AGGREGATION WITH INDEPENDENT WORKS
1900 <p>A compilation of the Document or its derivatives with other separate
1901 and independent documents or works, in or on a volume of a storage or
1902 distribution medium, is called an “aggregate” if the copyright
1903 resulting from the compilation is not used to limit the legal rights
1904 of the compilation’s users beyond what the individual works permit.
1905 When the Document is included in an aggregate, this License does not
1906 apply to the other works in the aggregate which are not themselves
1907 derivative works of the Document.
1909 <p>If the Cover Text requirement of section 3 is applicable to these
1910 copies of the Document, then if the Document is less than one half of
1911 the entire aggregate, the Document’s Cover Texts may be placed on
1912 covers that bracket the Document within the aggregate, or the
1913 electronic equivalent of covers if the Document is in electronic form.
1914 Otherwise they must appear on printed covers that bracket the whole
1917 </li><li> TRANSLATION
1919 <p>Translation is considered a kind of modification, so you may
1920 distribute translations of the Document under the terms of section 4.
1921 Replacing Invariant Sections with translations requires special
1922 permission from their copyright holders, but you may include
1923 translations of some or all Invariant Sections in addition to the
1924 original versions of these Invariant Sections. You may include a
1925 translation of this License, and all the license notices in the
1926 Document, and any Warranty Disclaimers, provided that you also include
1927 the original English version of this License and the original versions
1928 of those notices and disclaimers. In case of a disagreement between
1929 the translation and the original version of this License or a notice
1930 or disclaimer, the original version will prevail.
1932 <p>If a section in the Document is Entitled “Acknowledgements”,
1933 “Dedications”, or “History”, the requirement (section 4) to Preserve
1934 its Title (section 1) will typically require changing the actual
1937 </li><li> TERMINATION
1939 <p>You may not copy, modify, sublicense, or distribute the Document
1940 except as expressly provided under this License. Any attempt
1941 otherwise to copy, modify, sublicense, or distribute it is void, and
1942 will automatically terminate your rights under this License.
1944 <p>However, if you cease all violation of this License, then your license
1945 from a particular copyright holder is reinstated (a) provisionally,
1946 unless and until the copyright holder explicitly and finally
1947 terminates your license, and (b) permanently, if the copyright holder
1948 fails to notify you of the violation by some reasonable means prior to
1949 60 days after the cessation.
1951 <p>Moreover, your license from a particular copyright holder is
1952 reinstated permanently if the copyright holder notifies you of the
1953 violation by some reasonable means, this is the first time you have
1954 received notice of violation of this License (for any work) from that
1955 copyright holder, and you cure the violation prior to 30 days after
1956 your receipt of the notice.
1958 <p>Termination of your rights under this section does not terminate the
1959 licenses of parties who have received copies or rights from you under
1960 this License. If your rights have been terminated and not permanently
1961 reinstated, receipt of a copy of some or all of the same material does
1962 not give you any rights to use it.
1964 </li><li> FUTURE REVISIONS OF THIS LICENSE
1966 <p>The Free Software Foundation may publish new, revised versions
1967 of the GNU Free Documentation License from time to time. Such new
1968 versions will be similar in spirit to the present version, but may
1969 differ in detail to address new problems or concerns. See
1970 <a href="http://www.gnu.org/copyleft/">http://www.gnu.org/copyleft/</a>.
1972 <p>Each version of the License is given a distinguishing version number.
1973 If the Document specifies that a particular numbered version of this
1974 License “or any later version” applies to it, you have the option of
1975 following the terms and conditions either of that specified version or
1976 of any later version that has been published (not as a draft) by the
1977 Free Software Foundation. If the Document does not specify a version
1978 number of this License, you may choose any version ever published (not
1979 as a draft) by the Free Software Foundation. If the Document
1980 specifies that a proxy can decide which future versions of this
1981 License can be used, that proxy’s public statement of acceptance of a
1982 version permanently authorizes you to choose that version for the
1985 </li><li> RELICENSING
1987 <p>“Massive Multiauthor Collaboration Site” (or “MMC Site”) means any
1988 World Wide Web server that publishes copyrightable works and also
1989 provides prominent facilities for anybody to edit those works. A
1990 public wiki that anybody can edit is an example of such a server. A
1991 “Massive Multiauthor Collaboration” (or “MMC”) contained in the
1992 site means any set of copyrightable works thus published on the MMC
1995 <p>“CC-BY-SA” means the Creative Commons Attribution-Share Alike 3.0
1996 license published by Creative Commons Corporation, a not-for-profit
1997 corporation with a principal place of business in San Francisco,
1998 California, as well as future copyleft versions of that license
1999 published by that same organization.
2001 <p>“Incorporate” means to publish or republish a Document, in whole or
2002 in part, as part of another Document.
2004 <p>An MMC is “eligible for relicensing” if it is licensed under this
2005 License, and if all works that were first published under this License
2006 somewhere other than this MMC, and subsequently incorporated in whole
2007 or in part into the MMC, (1) had no cover texts or invariant sections,
2008 and (2) were thus incorporated prior to November 1, 2008.
2010 <p>The operator of an MMC Site may republish an MMC contained in the site
2011 under CC-BY-SA on the same site at any time before August 1, 2009,
2012 provided the MMC is eligible for relicensing.
2016 <a name="ADDENDUM_003a-How-to-use-this-License-for-your-documents"></a>
2017 <h3 class="heading">ADDENDUM: How to use this License for your documents</h3>
2019 <p>To use this License in a document you have written, include a copy of
2020 the License in the document and put the following copyright and
2021 license notices just after the title page:
2023 <div class="example">
2024 <pre class="example"> Copyright (C) <var>year</var> <var>your name</var>.
2025 Permission is granted to copy, distribute and/or modify this document
2026 under the terms of the GNU Free Documentation License, Version 1.3
2027 or any later version published by the Free Software Foundation;
2028 with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
2029 Texts. A copy of the license is included in the section entitled ``GNU
2030 Free Documentation License''.
2033 <p>If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts,
2034 replace the “with…Texts.” line with this:
2036 <div class="example">
2037 <pre class="example"> with the Invariant Sections being <var>list their titles</var>, with
2038 the Front-Cover Texts being <var>list</var>, and with the Back-Cover Texts
2039 being <var>list</var>.
2042 <p>If you have Invariant Sections without Cover Texts, or some other
2043 combination of the three, merge those two alternatives to suit the
2046 <p>If your document contains nontrivial examples of program code, we
2047 recommend releasing these examples in parallel under your choice of
2048 free software license, such as the GNU General Public License,
2049 to permit their use in free software.