1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
3 <!-- This manual is last updated 10 May 2012 for version
6 Copyright (C) 2001-2012 Free Software Foundation, Inc.
8 Permission is granted to copy, distribute and/or modify this document
9 under the terms of the GNU Free Documentation License, Version 1.3 or
10 any later version published by the Free Software Foundation; with no
11 Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
12 copy of the license is included in the section entitled "GNU Free
13 Documentation License". -->
14 <!-- Created by GNU Texinfo 4.13.90, http://www.gnu.org/software/texinfo/ -->
16 <title>GnuTLS-Guile 3.0.30</title>
18 <meta name="description" content="GnuTLS-Guile 3.0.30">
19 <meta name="keywords" content="GnuTLS-Guile 3.0.30">
20 <meta name="resource-type" content="document">
21 <meta name="distribution" content="global">
22 <meta name="Generator" content="makeinfo">
23 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
24 <link href="#Top" rel="start" title="Top">
25 <link href="#SEC_Contents" rel="contents" title="Table of Contents">
26 <link href="dir.html#Top" rel="up" title="(dir)">
27 <style type="text/css">
29 a.summary-letter {text-decoration: none}
30 blockquote.smallquotation {font-size: smaller}
31 div.display {margin-left: 3.2em}
32 div.example {margin-left: 3.2em}
33 div.indentedblock {margin-left: 3.2em}
34 div.lisp {margin-left: 3.2em}
35 div.smalldisplay {margin-left: 3.2em}
36 div.smallexample {margin-left: 3.2em}
37 div.smallindentedblock {margin-left: 3.2em; font-size: smaller}
38 div.smalllisp {margin-left: 3.2em}
39 kbd {font-style:oblique}
40 pre.display {font-family: inherit}
41 pre.format {font-family: inherit}
42 pre.menu-comment {font-family: serif}
43 pre.menu-preformatted {font-family: serif}
44 pre.smalldisplay {font-family: inherit; font-size: smaller}
45 pre.smallexample {font-size: smaller}
46 pre.smallformat {font-family: inherit; font-size: smaller}
47 pre.smalllisp {font-size: smaller}
48 span.nocodebreak {white-space:nowrap}
49 span.nolinebreak {white-space:nowrap}
50 span.roman {font-family:serif; font-weight:normal}
51 span.sansserif {font-family:sans-serif; font-weight:normal}
52 ul.no-bullet {list-style: none}
60 padding: 5px 5px 5px 5px;
61 background-color: #c2e0ff;
65 padding: 2em 2em 2em 5%;
71 h2 { text-decoration: underline; }
76 pre.example,pre.verbatim {
79 border: solid #c2e0ff;
81 border-width: 1px 1px 1px 5px;
95 padding-bottom: 0.1em;
113 background-color: #c2e0ff;
114 border: solid #000000;
124 border: solid #000000;
125 background-color: #f0faff;
141 border: solid #c2e0ff;
143 border-width: 5px 1px 1px 1px;
153 <body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
154 <h1 class="settitle" align="center">GnuTLS-Guile 3.0.30</h1>
162 <a name="SEC_Contents"></a>
163 <h2 class="contents-heading">Table of Contents</h2>
165 <div class="contents">
167 <ul class="no-bullet">
168 <li><a name="toc-Preface-1" href="#Preface">1 Preface</a></li>
169 <li><a name="toc-Guile-Preparations-1" href="#Guile-Preparations">2 Guile Preparations</a></li>
170 <li><a name="toc-Guile-API-Conventions-1" href="#Guile-API-Conventions">3 Guile API Conventions</a>
171 <ul class="no-bullet">
172 <li><a name="toc-Enumerates-and-Constants-1" href="#Enumerates-and-Constants">3.1 Enumerates and Constants</a></li>
173 <li><a name="toc-Procedure-Names-1" href="#Procedure-Names">3.2 Procedure Names</a></li>
174 <li><a name="toc-Representation-of-Binary-Data-1" href="#Representation-of-Binary-Data">3.3 Representation of Binary Data</a></li>
175 <li><a name="toc-Input-and-Output-1" href="#Input-and-Output">3.4 Input and Output</a></li>
176 <li><a name="toc-Exception-Handling-1" href="#Exception-Handling">3.5 Exception Handling</a></li>
178 <li><a name="toc-Guile-Examples-1" href="#Guile-Examples">4 Guile Examples</a>
179 <ul class="no-bullet">
180 <li><a name="toc-Anonymous-Authentication-Guile-Example-1" href="#Anonymous-Authentication-Guile-Example">4.1 Anonymous Authentication Guile Example</a></li>
181 <li><a name="toc-OpenPGP-Authentication-Guile-Example-1" href="#OpenPGP-Authentication-Guile-Example">4.2 OpenPGP Authentication Guile Example</a></li>
182 <li><a name="toc-Importing-OpenPGP-Keys-Guile-Example-1" href="#Importing-OpenPGP-Keys-Guile-Example">4.3 Importing OpenPGP Keys Guile Example</a></li>
184 <li><a name="toc-Guile-Reference-1" href="#Guile-Reference">5 Guile Reference</a></li>
185 <li><a name="toc-Copying-Information-1" href="#Copying-Information">Appendix A Copying Information</a></li>
193 Next: <a href="#Preface" accesskey="n" rel="next">Preface</a>, Up: <a href="dir.html#Top" accesskey="u" rel="up">(dir)</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
195 <a name="GnuTLS_002dGuile"></a>
196 <h1 class="top">GnuTLS-Guile</h1>
198 <p>This manual is last updated 10 May 2012 for version
201 <p>Copyright © 2001-2012 Free Software Foundation, Inc.
204 <p>Permission is granted to copy, distribute and/or modify this document
205 under the terms of the GNU Free Documentation License, Version 1.3 or
206 any later version published by the Free Software Foundation; with no
207 Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
208 copy of the license is included in the section entitled “GNU Free
209 Documentation License”.
213 <table class="menu" border="0" cellspacing="0">
214 <tr><td align="left" valign="top">• <a href="#Preface" accesskey="1">Preface</a>:</td><td> </td><td align="left" valign="top">Preface.
216 <tr><td align="left" valign="top">• <a href="#Guile-Preparations" accesskey="2">Guile Preparations</a>:</td><td> </td><td align="left" valign="top">Note on installation and environment.
218 <tr><td align="left" valign="top">• <a href="#Guile-API-Conventions" accesskey="3">Guile API Conventions</a>:</td><td> </td><td align="left" valign="top">Naming conventions and other idiosyncrasies.
220 <tr><td align="left" valign="top">• <a href="#Guile-Examples" accesskey="4">Guile Examples</a>:</td><td> </td><td align="left" valign="top">Quick start.
222 <tr><td align="left" valign="top">• <a href="#Guile-Reference" accesskey="5">Guile Reference</a>:</td><td> </td><td align="left" valign="top">The Scheme GnuTLS programming interface.
224 <tr><td align="left" valign="top">• <a href="#Copying-Information" accesskey="6">Copying Information</a>:</td><td> </td><td align="left" valign="top">Copying information.
229 <a name="Preface"></a>
232 Next: <a href="#Guile-Preparations" accesskey="n" rel="next">Guile Preparations</a>, Previous: <a href="#Top" accesskey="p" rel="previous">Top</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
234 <a name="Preface-1"></a>
235 <h2 class="chapter">1 Preface</h2>
237 <p>This manual describes the <a href="http://www.gnu.org/software/guile/">GNU Guile</a> Scheme programming interface to GnuTLS. The reader is
238 assumed to have basic knowledge of the protocol and library. Details
239 missing from this chapter may be found in Function reference,
240 of the C API reference.
242 <p>At this stage, not all the C functions are available from Scheme, but
243 a large subset thereof is available.
246 <a name="Guile-Preparations"></a>
249 Next: <a href="#Guile-API-Conventions" accesskey="n" rel="next">Guile API Conventions</a>, Previous: <a href="#Preface" accesskey="p" rel="previous">Preface</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
251 <a name="Guile-Preparations-1"></a>
252 <h2 class="chapter">2 Guile Preparations</h2>
254 <p>The GnuTLS Guile bindings are available for both the 1.8 and 2.0 stable
257 <p>By default they are installed under the GnuTLS installation directory,
258 typically <samp>/usr/local/share/guile/site/</samp>). Normally Guile
259 will not find the module there without help. You may experience
262 <div class="example">
263 <pre class="example">$ guile
264 guile> (use-modules (gnutls))
265 <unnamed port>: no code for module (gnutls)
269 <p>There are two ways to solve this. The first is to make sure that when
270 building GnuTLS, the Guile bindings will be installed in the same
271 place where Guile looks. You may do this by using the
272 <code>--with-guile-site-dir</code> parameter as follows:
274 <div class="example">
275 <pre class="example">$ ./configure --with-guile-site-dir=no
278 <p>This will instruct GnuTLS to attempt to install the Guile bindings
279 where Guile will look for them. It will use <code>guile-config info
280 pkgdatadir</code> to learn the path to use.
282 <p>If Guile was installed into <code>/usr</code>, you may also install GnuTLS
283 using the same prefix:
285 <div class="example">
286 <pre class="example">$ ./configure --prefix=/usr
289 <p>If you want to specify the path to install the Guile bindings you can
290 also specify the path directly:
292 <div class="example">
293 <pre class="example">$ ./configure --with-guile-site-dir=/opt/guile/share/guile/site
296 <p>The second solution requires some more work but may be easier to use
297 if you do not have system administrator rights to your machine. You
298 need to instruct Guile so that it finds the GnuTLS Guile bindings.
299 Either use the <code>GUILE_LOAD_PATH</code> environment variable as follows:
301 <div class="example">
302 <pre class="example">$ GUILE_LOAD_PATH="/usr/local/share/guile/site:$GUILE_LOAD_PATH" guile
303 guile> (use-modules (gnutls))
307 <p>Alternatively, you can modify Guile’s <code>%load-path</code> variable
308 (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Build-Config">Guile’s run-time options</a> in <cite>The GNU Guile
309 Reference Manual</cite>).
311 <p>At this point, you might get an error regarding
312 <samp>libguile-gnutls-v-0</samp> similar to:
314 <div class="example">
315 <pre class="example">gnutls.scm:361:1: In procedure dynamic-link in expression (load-extension "libguile-gnutls-v-0" "scm_init_gnutls"):
316 gnutls.scm:361:1: file: "libguile-gnutls-v-0", message: "libguile-gnutls-v-0.so: cannot open shared object file: No such file or directory"
319 <p>In this case, you will need to modify the run-time linker path, for
322 <div class="example">
323 <pre class="example">$ LD_LIBRARY_PATH=/usr/local/lib GUILE_LOAD_PATH=/usr/local/share/guile/site guile
324 guile> (use-modules (gnutls))
328 <p>To check that you got the intended GnuTLS library version, you may
329 print the version number of the loaded library as follows:
331 <div class="example">
332 <pre class="example">$ guile
333 guile> (use-modules (gnutls))
334 guile> (gnutls-version)
341 <a name="Guile-API-Conventions"></a>
344 Next: <a href="#Guile-Examples" accesskey="n" rel="next">Guile Examples</a>, Previous: <a href="#Guile-Preparations" accesskey="p" rel="previous">Guile Preparations</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
346 <a name="Guile-API-Conventions-1"></a>
347 <h2 class="chapter">3 Guile API Conventions</h2>
349 <p>This chapter details the conventions used by Guile API, as well as
350 specificities of the mapping of the C API to Scheme.
352 <table class="menu" border="0" cellspacing="0">
353 <tr><td align="left" valign="top">• <a href="#Enumerates-and-Constants" accesskey="1">Enumerates and Constants</a>:</td><td> </td><td align="left" valign="top">Representation of C-side constants.
355 <tr><td align="left" valign="top">• <a href="#Procedure-Names" accesskey="2">Procedure Names</a>:</td><td> </td><td align="left" valign="top">Naming conventions.
357 <tr><td align="left" valign="top">• <a href="#Representation-of-Binary-Data" accesskey="3">Representation of Binary Data</a>:</td><td> </td><td align="left" valign="top">Binary data buffers.
359 <tr><td align="left" valign="top">• <a href="#Input-and-Output" accesskey="4">Input and Output</a>:</td><td> </td><td align="left" valign="top">Input and output.
361 <tr><td align="left" valign="top">• <a href="#Exception-Handling" accesskey="5">Exception Handling</a>:</td><td> </td><td align="left" valign="top">Exceptions.
366 <a name="Enumerates-and-Constants"></a>
369 Next: <a href="#Procedure-Names" accesskey="n" rel="next">Procedure Names</a>, Up: <a href="#Guile-API-Conventions" accesskey="u" rel="up">Guile API Conventions</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
371 <a name="Enumerates-and-Constants-1"></a>
372 <h3 class="section">3.1 Enumerates and Constants</h3>
374 <a name="index-enumerate"></a>
375 <a name="index-constant"></a>
377 <p>Lots of enumerates and constants are used in the GnuTLS C API. For
378 each C enumerate type, a disjoint Scheme type is used—thus,
379 enumerate values and constants are not represented by Scheme symbols
380 nor by integers. This makes it impossible to use an enumerate value
381 of the wrong type on the Scheme side: such errors are automatically
382 detected by type-checking.
384 <p>The enumerate values are bound to variables exported by the
385 <code>(gnutls)</code> module. These variables
386 are named according to the following convention:
389 <li> All variable names are lower-case; the underscore <code>_</code>
390 character used in the C API is replaced by hyphen <code>-</code>.
391 </li><li> All variable names are prepended by the name of the enumerate
392 type and the slash <code>/</code> character.
393 </li><li> In some cases, the variable name is made more explicit than the
394 one of the C API, e.g., by avoid abbreviations.
397 <p>Consider for instance this C-side enumerate:
399 <div class="example">
400 <pre class="example">typedef enum
402 GNUTLS_CRD_CERTIFICATE = 1,
406 } gnutls_credentials_type_t;
409 <p>The corresponding Scheme values are bound to the following variables
410 exported by the <code>(gnutls)</code> module:
412 <div class="example">
413 <pre class="example">credentials/certificate
414 credentials/anonymous
419 <p>Hopefully, most variable names can be deduced from this convention.
421 <p>Scheme-side “enumerate” values can be compared using <code>eq?</code>
422 (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Equality">equality predicates</a> in <cite>The GNU Guile Reference
423 Manual</cite>). Consider the following example:
425 <a name="index-session_002dcipher"></a>
427 <div class="example">
428 <pre class="example">(let ((session (make-session connection-end/client)))
434 ;; Check the ciphering algorithm currently used by SESSION.
435 (if (eq? cipher/arcfour (session-cipher session))
436 (format #t "We're using the ARCFOUR algorithm")))
439 <p>In addition, all enumerate values can be converted to a human-readable
440 string, in a type-specific way. For instance, <code>(cipher->string
441 cipher/arcfour)</code> yields <code>"ARCFOUR 128"</code>, while
442 <code>(key-usage->string key-usage/digital-signature)</code> yields
443 <code>"digital-signature"</code>. Note that these strings may not be
444 sufficient for use in a user interface since they are fairly concise
445 and not internationalized.
449 <a name="Procedure-Names"></a>
452 Next: <a href="#Representation-of-Binary-Data" accesskey="n" rel="next">Representation of Binary Data</a>, Previous: <a href="#Enumerates-and-Constants" accesskey="p" rel="previous">Enumerates and Constants</a>, Up: <a href="#Guile-API-Conventions" accesskey="u" rel="up">Guile API Conventions</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
454 <a name="Procedure-Names-1"></a>
455 <h3 class="section">3.2 Procedure Names</h3>
457 <p>Unlike C functions in GnuTLS, the corresponding Scheme procedures are
458 named in a way that is close to natural English. Abbreviations are
459 also avoided. For instance, the Scheme procedure corresponding to
460 <code>gnutls_certificate_set_dh_params</code> is named
461 <code>set-certificate-credentials-dh-parameters!</code>. The <code>gnutls_</code>
462 prefix is always omitted from variable names since a similar effect
463 can be achieved using Guile’s nifty binding renaming facilities,
464 should it be needed (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Using-Guile-Modules">Using Guile Modules</a> in <cite>The GNU
465 Guile Reference Manual</cite>).
467 <p>Often Scheme procedure names differ from C function names in a way
468 that makes it clearer what objects they operate on. For example, the
469 Scheme procedure named <code>set-session-transport-port!</code> corresponds
470 to <code>gnutls_transport_set_ptr</code>, making it clear that this
471 procedure applies to session.
474 <a name="Representation-of-Binary-Data"></a>
477 Next: <a href="#Input-and-Output" accesskey="n" rel="next">Input and Output</a>, Previous: <a href="#Procedure-Names" accesskey="p" rel="previous">Procedure Names</a>, Up: <a href="#Guile-API-Conventions" accesskey="u" rel="up">Guile API Conventions</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
479 <a name="Representation-of-Binary-Data-1"></a>
480 <h3 class="section">3.3 Representation of Binary Data</h3>
482 <p>Many procedures operate on binary data. For instance,
483 <code>pkcs3-import-dh-parameters</code> expects binary data as input and,
484 similarly, procedures like <code>pkcs1-export-rsa-parameters</code> return
487 <a name="index-SRFI_002d4"></a>
488 <a name="index-homogeneous-vector"></a>
490 <p>Binary data is represented on the Scheme side using SRFI-4 homogeneous
491 vectors (see <a href="http://www.gnu.org/software/guile/manual/guile.html#SRFI_002d4">SRFI-4</a> in <cite>The GNU Guile Reference Manual</cite>).
492 Although any type of homogeneous vector may be used, <code>u8vector</code>s
493 (i.e., vectors of bytes) are highly recommended.
495 <p>As an example, generating and then exporting RSA parameters in the PEM
496 format can be done as follows:
498 <a name="index-make_002drsa_002dparameters"></a>
499 <a name="index-pkcs1_002dexport_002drsa_002dparameters"></a>
500 <a name="index-x509_002dcertificate_002dformat_002fpem"></a>
502 <div class="example">
503 <pre class="example">(let* ((rsa-params (make-rsa-parameters 1024))
505 (pkcs1-export-rsa-parameters rsa-params
506 x509-certificate-format/pem)))
507 (uniform-vector-write raw-data (open-output-file "some-file.pem")))
510 <p>For an example of OpenPGP key import from a file, see <a href="#Importing-OpenPGP-Keys-Guile-Example">Importing OpenPGP Keys Guile Example</a>.
514 <a name="Input-and-Output"></a>
517 Next: <a href="#Exception-Handling" accesskey="n" rel="next">Exception Handling</a>, Previous: <a href="#Representation-of-Binary-Data" accesskey="p" rel="previous">Representation of Binary Data</a>, Up: <a href="#Guile-API-Conventions" accesskey="u" rel="up">Guile API Conventions</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
519 <a name="Input-and-Output-1"></a>
520 <h3 class="section">3.4 Input and Output</h3>
522 <a name="index-set_002dsession_002dtransport_002dport_0021"></a>
523 <a name="index-set_002dsession_002dtransport_002dfd_0021"></a>
525 <p>The underlying transport of a TLS session can be any Scheme
526 input/output port (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Ports-and-File-Descriptors">Ports and File Descriptors</a> in <cite>The GNU
527 Guile Reference Manual</cite>). This has to be specified using
528 <code>set-session-transport-port!</code>.
530 <p>However, for better performance, a raw file descriptor can be
531 specified, using <code>set-session-transport-fd!</code>. For instance, if
532 the transport layer is a socket port over an OS-provided socket, you
533 can use the <code>port->fdes</code> or <code>fileno</code> procedure to obtain the
534 underlying file descriptor and pass it to
535 <code>set-session-transport-fd!</code> (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Ports-and-File-Descriptors"><code>port->fdes</code> and <code>fileno</code></a> in <cite>The GNU Guile Reference
536 Manual</cite>). This would work as follows:
538 <div class="example">
539 <pre class="example">(let ((socket (socket PF_INET SOCK_STREAM 0))
540 (session (make-session connection-end/client)))
543 ;; Establish a TCP connection...
546 ;; Use the file descriptor that underlies SOCKET.
547 (set-session-transport-fd! session (fileno socket)))
550 <a name="index-session_002drecord_002dport"></a>
552 <p>Once a TLS session is established, data can be communicated through it
553 (i.e., <em>via</em> the TLS record layer) using the port returned by
554 <code>session-record-port</code>:
556 <div class="example">
557 <pre class="example">(let ((session (make-session connection-end/client)))
560 ;; Initialize the various parameters of SESSION, set up
561 ;; a network connection, etc...
564 (let ((i/o (session-record-port session)))
565 (write "Hello peer!" i/o)
566 (let ((greetings (read i/o)))
570 (bye session close-request/rdwr))))
573 <a name="index-record_002dsend"></a>
574 <a name="index-record_002dreceive_0021"></a>
576 <p>A lower-level I/O API is provided by <code>record-send</code> and
577 <code>record-receive!</code> which take an SRFI-4 vector to represent the
578 data sent or received. While it might improve performance, it is much
579 less convenient than the above and should rarely be needed.
583 <a name="Exception-Handling"></a>
586 Previous: <a href="#Input-and-Output" accesskey="p" rel="previous">Input and Output</a>, Up: <a href="#Guile-API-Conventions" accesskey="u" rel="up">Guile API Conventions</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
588 <a name="Exception-Handling-1"></a>
589 <h3 class="section">3.5 Exception Handling</h3>
591 <a name="index-exceptions"></a>
592 <a name="index-errors"></a>
593 <a name="index-gnutls_002derror"></a>
594 <a name="index-error_002d_003estring"></a>
596 <p>GnuTLS errors are implemented as Scheme exceptions (see <a href="http://www.gnu.org/software/guile/manual/guile.html#Exceptions">exceptions in Guile</a> in <cite>The GNU Guile Reference Manual</cite>). Each
597 time a GnuTLS function returns an error, an exception with key
598 <code>gnutls-error</code> is raised. The additional arguments that are
599 thrown include an error code and the name of the GnuTLS procedure that
600 raised the exception. The error code is pretty much like an enumerate
601 value: it is one of the <code>error/</code> variables exported by the
602 <code>(gnutls)</code> module (see <a href="#Enumerates-and-Constants">Enumerates and Constants</a>). Exceptions
603 can be turned into error messages using the <code>error->string</code>
606 <p>The following examples illustrates how GnuTLS exceptions can be
609 <div class="example">
610 <pre class="example">(let ((session (make-session connection-end/server)))
619 (lambda (key err function . currently-unused)
620 (format (current-error-port)
621 "a GnuTLS error was raised by `~a': ~a~%"
622 function (error->string err)))))
625 <p>Again, error values can be compared using <code>eq?</code>:
627 <div class="example">
628 <pre class="example"> ;; `gnutls-error' handler.
629 (lambda (key err function . currently-unused)
630 (if (eq? err error/fatal-alert-received)
631 (format (current-error-port)
632 "a fatal alert was caught!~%")
633 (format (current-error-port)
634 "something bad happened: ~a~%"
635 (error->string err))))
638 <p>Note that the <code>catch</code> handler is currently passed only 3
639 arguments but future versions might provide it with additional
640 arguments. Thus, it must be prepared to handle more than 3 arguments,
645 <a name="Guile-Examples"></a>
648 Next: <a href="#Guile-Reference" accesskey="n" rel="next">Guile Reference</a>, Previous: <a href="#Guile-API-Conventions" accesskey="p" rel="previous">Guile API Conventions</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
650 <a name="Guile-Examples-1"></a>
651 <h2 class="chapter">4 Guile Examples</h2>
653 <p>This chapter provides examples that illustrate common use cases.
655 <table class="menu" border="0" cellspacing="0">
656 <tr><td align="left" valign="top">• <a href="#Anonymous-Authentication-Guile-Example" accesskey="1">Anonymous Authentication Guile Example</a>:</td><td> </td><td align="left" valign="top">Simplest client and server.
658 <tr><td align="left" valign="top">• <a href="#OpenPGP-Authentication-Guile-Example" accesskey="2">OpenPGP Authentication Guile Example</a>:</td><td> </td><td align="left" valign="top">Using OpenPGP-based authentication.
660 <tr><td align="left" valign="top">• <a href="#Importing-OpenPGP-Keys-Guile-Example" accesskey="3">Importing OpenPGP Keys Guile Example</a>:</td><td> </td><td align="left" valign="top">Importing keys from files.
665 <a name="Anonymous-Authentication-Guile-Example"></a>
668 Next: <a href="#OpenPGP-Authentication-Guile-Example" accesskey="n" rel="next">OpenPGP Authentication Guile Example</a>, Up: <a href="#Guile-Examples" accesskey="u" rel="up">Guile Examples</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
670 <a name="Anonymous-Authentication-Guile-Example-1"></a>
671 <h3 class="section">4.1 Anonymous Authentication Guile Example</h3>
673 <p><em>Anonymous authentication</em> is very easy to use. No certificates
674 are needed by the communicating parties. Yet, it allows them to
675 benefit from end-to-end encryption and integrity checks.
677 <p>The client-side code would look like this (assuming <var>some-socket</var>
678 is bound to an open socket port):
680 <a name="index-connection_002dend_002fclient"></a>
681 <a name="index-kx_002fanon_002ddh"></a>
682 <a name="index-close_002drequest_002frdwr"></a>
684 <div class="example">
685 <pre class="example">;; Client-side.
687 (let ((client (make-session connection-end/client)))
688 ;; Use the default settings.
689 (set-session-default-priority! client)
691 ;; Don't use certificate-based authentication.
692 (set-session-certificate-type-priority! client '())
694 ;; Request the "anonymous Diffie-Hellman" key exchange method.
695 (set-session-kx-priority! client (list kx/anon-dh))
697 ;; Specify the underlying socket.
698 (set-session-transport-fd! client (fileno some-socket))
700 ;; Create anonymous credentials.
701 (set-session-credentials! client
702 (make-anonymous-client-credentials))
704 ;; Perform the TLS handshake with the server.
707 ;; Send data over the TLS record layer.
708 (write "hello, world!" (session-record-port client))
710 ;; Terminate the TLS session.
711 (bye client close-request/rdwr))
714 <p>The corresponding server would look like this (again, assuming
715 <var>some-socket</var> is bound to a socket port):
717 <a name="index-connection_002dend_002fserver"></a>
719 <div class="example">
720 <pre class="example">;; Server-side.
722 (let ((server (make-session connection-end/server)))
723 (set-session-default-priority! server)
724 (set-session-certificate-type-priority! server '())
725 (set-session-kx-priority! server (list kx/anon-dh))
727 ;; Specify the underlying transport socket.
728 (set-session-transport-fd! server (fileno some-socket))
730 ;; Create anonymous credentials.
731 (let ((cred (make-anonymous-server-credentials))
732 (dh-params (make-dh-parameters 1024)))
733 ;; Note: DH parameter generation can take some time.
734 (set-anonymous-server-dh-parameters! cred dh-params)
735 (set-session-credentials! server cred))
737 ;; Perform the TLS handshake with the client.
740 ;; Receive data over the TLS record layer.
741 (let ((message (read (session-record-port server))))
742 (format #t "received the following message: ~a~%"
745 (bye server close-request/rdwr)))
752 <a name="OpenPGP-Authentication-Guile-Example"></a>
755 Next: <a href="#Importing-OpenPGP-Keys-Guile-Example" accesskey="n" rel="next">Importing OpenPGP Keys Guile Example</a>, Previous: <a href="#Anonymous-Authentication-Guile-Example" accesskey="p" rel="previous">Anonymous Authentication Guile Example</a>, Up: <a href="#Guile-Examples" accesskey="u" rel="up">Guile Examples</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
757 <a name="OpenPGP-Authentication-Guile-Example-1"></a>
758 <h3 class="section">4.2 OpenPGP Authentication Guile Example</h3>
760 <p>GnuTLS allows users to authenticate using OpenPGP certificates.
761 Using OpenPGP-based authentication is not more complicated than using
762 anonymous authentication. It requires a bit of extra work, though, to
763 import the OpenPGP public and private key of the client/server. Key
764 import is omitted here and is left as an exercise to the reader
765 (see <a href="#Importing-OpenPGP-Keys-Guile-Example">Importing OpenPGP Keys Guile Example</a>).
767 <p>Assuming <var>some-socket</var> is bound to an open socket port and
768 <var>pub</var> and <var>sec</var> are bound to the client’s OpenPGP public and
769 secret key, respectively, client-side code would look like this:
771 <a name="index-certificate_002dtype_002fopenpgp"></a>
773 <div class="example">
774 <pre class="example">;; Client-side.
776 (define %certs (list certificate-type/openpgp))
778 (let ((client (make-session connection-end/client))
779 (cred (make-certificate-credentials)))
780 (set-session-default-priority! client)
782 ;; Choose OpenPGP certificates.
783 (set-session-certificate-type-priority! client %certs)
785 ;; Prepare appropriate client credentials.
786 (set-certificate-credentials-openpgp-keys! cred pub sec)
787 (set-session-credentials! client cred)
789 ;; Specify the underlying transport socket.
790 (set-session-transport-fd! client (fileno some-socket))
793 (write "hello, world!" (session-record-port client))
794 (bye client close-request/rdwr))
797 <p>Similarly, server-side code would be along these lines:
799 <div class="example">
800 <pre class="example">;; Server-side.
802 (define %certs (list certificate-type/openpgp))
804 (let ((server (make-session connection-end/server))
805 (rsa (make-rsa-parameters 1024))
806 (dh (make-dh-parameters 1024)))
807 (set-session-default-priority! server)
809 ;; Choose OpenPGP certificates.
810 (set-session-certificate-type-priority! server %certs)
812 (let ((cred (make-certificate-credentials)))
813 ;; Prepare credentials with RSA and Diffie-Hellman parameters.
814 (set-certificate-credentials-dh-parameters! cred dh)
815 (set-certificate-credentials-rsa-export-parameters! cred rsa)
816 (set-certificate-credentials-openpgp-keys! cred pub sec)
817 (set-session-credentials! server cred))
819 (set-session-transport-fd! server (fileno some-socket))
822 (let ((msg (read (session-record-port server))))
823 (format #t "received: ~a~%" msg)
825 (bye server close-request/rdwr)))
828 <p>In practice, generating RSA parameters (and Diffie-Hellman parameters)
829 can time a long time. Thus, you may want to generate them once and
830 store them in a file for future re-use (see <a href="#Guile-Reference"><code>pkcs1-export-rsa-parameters</code> and <code>pkcs1-import-rsa-parameters</code></a>).
833 <a name="Importing-OpenPGP-Keys-Guile-Example"></a>
836 Previous: <a href="#OpenPGP-Authentication-Guile-Example" accesskey="p" rel="previous">OpenPGP Authentication Guile Example</a>, Up: <a href="#Guile-Examples" accesskey="u" rel="up">Guile Examples</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
838 <a name="Importing-OpenPGP-Keys-Guile-Example-1"></a>
839 <h3 class="section">4.3 Importing OpenPGP Keys Guile Example</h3>
841 <p>The following example provides a simple way of importing
842 “ASCII-armored” OpenPGP keys from files, using the
843 <code>import-openpgp-certificate</code> and <code>import-openpgp-private-key</code>
846 <a name="index-openpgp_002dcertificate_002dformat_002fbase64"></a>
847 <a name="index-openpgp_002dcertificate_002dformat_002fraw"></a>
849 <div class="example">
850 <pre class="example">(use-modules (srfi srfi-4)
853 (define (import-key-from-file import-proc file)
854 ;; Import OpenPGP key from FILE using IMPORT-PROC.
856 ;; Prepare a u8vector large enough to hold the raw
858 (let* ((size (stat:size (stat path)))
859 (raw (make-u8vector size)))
861 ;; Fill in the u8vector with the contents of FILE.
862 (uniform-vector-read! raw (open-input-file file))
864 ;; Pass the u8vector to the import procedure.
865 (import-proc raw openpgp-certificate-format/base64)))
868 (define (import-public-key-from-file file)
869 (import-key-from-file import-openpgp-certificate file))
871 (define (import-private-key-from-file file)
872 (import-key-from-file import-openpgp-private-key file))
875 <p>The procedures <code>import-public-key-from-file</code> and
876 <code>import-private-key-from-file</code> can be passed a file name. They
877 return an OpenPGP public key and private key object, respectively
878 (see <a href="#Guile-Reference">OpenPGP key objects</a>).
882 <a name="Guile-Reference"></a>
885 Next: <a href="#Copying-Information" accesskey="n" rel="next">Copying Information</a>, Previous: <a href="#Guile-Examples" accesskey="p" rel="previous">Guile Examples</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
887 <a name="Guile-Reference-1"></a>
888 <h2 class="chapter">5 Guile Reference</h2>
890 <p>This chapter lists the GnuTLS Scheme procedures exported by the
891 <code>(gnutls)</code> module (see <a href="http://www.gnu.org/software/guile/manual/guile.html#The-Guile-module-system">The Guile module system</a> in <cite>The
892 GNU Guile Reference Manual</cite>).
896 <dt><a name="index-set_002dlog_002dlevel_0021"></a>Scheme Procedure: <strong>set-log-level!</strong> <em>level</em></dt>
897 <dd><p>Enable GnuTLS logging up to <var>level</var> (an integer).
901 <dt><a name="index-set_002dlog_002dprocedure_0021"></a>Scheme Procedure: <strong>set-log-procedure!</strong> <em>proc</em></dt>
902 <dd><p>Use <var>proc</var> (a two-argument procedure) as the global GnuTLS log procedure.
906 <dt><a name="index-set_002dcertificate_002dcredentials_002dopenpgp_002dkeys_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-openpgp-keys!</strong> <em>cred pub sec</em></dt>
907 <dd><p>Use certificate <var>pub</var> and secret key <var>sec</var> in certificate credentials <var>cred</var>.
911 <dt><a name="index-openpgp_002dkeyring_002dcontains_002dkey_002did_003f"></a>Scheme Procedure: <strong>openpgp-keyring-contains-key-id?</strong> <em>keyring id</em></dt>
912 <dd><p>Return <code>#f</code> if key ID <var>id</var> is in <var>keyring</var>, <code>#f</code> otherwise.
916 <dt><a name="index-import_002dopenpgp_002dkeyring"></a>Scheme Procedure: <strong>import-openpgp-keyring</strong> <em>data format</em></dt>
917 <dd><p>Import <var>data</var> (a u8vector) according to <var>format</var> and return the imported keyring.
921 <dt><a name="index-openpgp_002dcertificate_002dusage"></a>Scheme Procedure: <strong>openpgp-certificate-usage</strong> <em>key</em></dt>
922 <dd><p>Return a list of values denoting the key usage of <var>key</var>.
926 <dt><a name="index-openpgp_002dcertificate_002dversion"></a>Scheme Procedure: <strong>openpgp-certificate-version</strong> <em>key</em></dt>
927 <dd><p>Return the version of the OpenPGP message format (RFC2440) honored by <var>key</var>.
931 <dt><a name="index-openpgp_002dcertificate_002dalgorithm"></a>Scheme Procedure: <strong>openpgp-certificate-algorithm</strong> <em>key</em></dt>
932 <dd><p>Return two values: the certificate algorithm used by <var>key</var> and the number of bits used.
936 <dt><a name="index-openpgp_002dcertificate_002dnames"></a>Scheme Procedure: <strong>openpgp-certificate-names</strong> <em>key</em></dt>
937 <dd><p>Return the list of names for <var>key</var>.
941 <dt><a name="index-openpgp_002dcertificate_002dname"></a>Scheme Procedure: <strong>openpgp-certificate-name</strong> <em>key index</em></dt>
942 <dd><p>Return the <var>index</var>th name of <var>key</var>.
946 <dt><a name="index-openpgp_002dcertificate_002dfingerprint"></a>Scheme Procedure: <strong>openpgp-certificate-fingerprint</strong> <em>key</em></dt>
947 <dd><p>Return a new u8vector denoting the fingerprint of <var>key</var>.
951 <dt><a name="index-openpgp_002dcertificate_002dfingerprint_0021"></a>Scheme Procedure: <strong>openpgp-certificate-fingerprint!</strong> <em>key fpr</em></dt>
952 <dd><p>Store in <var>fpr</var> (a u8vector) the fingerprint of <var>key</var>. Return the number of bytes stored in <var>fpr</var>.
956 <dt><a name="index-openpgp_002dcertificate_002did_0021"></a>Scheme Procedure: <strong>openpgp-certificate-id!</strong> <em>key id</em></dt>
957 <dd><p>Store the ID (an 8 byte sequence) of certificate <var>key</var> in <var>id</var> (a u8vector).
961 <dt><a name="index-openpgp_002dcertificate_002did"></a>Scheme Procedure: <strong>openpgp-certificate-id</strong> <em>key</em></dt>
962 <dd><p>Return the ID (an 8-element u8vector) of certificate <var>key</var>.
966 <dt><a name="index-import_002dopenpgp_002dprivate_002dkey"></a>Scheme Procedure: <strong>import-openpgp-private-key</strong> <em>data format [pass]</em></dt>
967 <dd><p>Return a new OpenPGP private key object resulting from the import of <var>data</var> (a uniform array) according to <var>format</var>. Optionally, a passphrase may be provided.
971 <dt><a name="index-import_002dopenpgp_002dcertificate"></a>Scheme Procedure: <strong>import-openpgp-certificate</strong> <em>data format</em></dt>
972 <dd><p>Return a new OpenPGP certificate object resulting from the import of <var>data</var> (a uniform array) according to <var>format</var>.
976 <dt><a name="index-x509_002dcertificate_002dsubject_002dalternative_002dname"></a>Scheme Procedure: <strong>x509-certificate-subject-alternative-name</strong> <em>cert index</em></dt>
977 <dd><p>Return two values: the alternative name type for <var>cert</var> (i.e., one of the <code>x509-subject-alternative-name/</code> values) and the actual subject alternative name (a string) at <var>index</var>. Both values are <code>#f</code> if no alternative name is available at <var>index</var>.
981 <dt><a name="index-x509_002dcertificate_002dsubject_002dkey_002did"></a>Scheme Procedure: <strong>x509-certificate-subject-key-id</strong> <em>cert</em></dt>
982 <dd><p>Return the subject key ID (a u8vector) for <var>cert</var>.
986 <dt><a name="index-x509_002dcertificate_002dauthority_002dkey_002did"></a>Scheme Procedure: <strong>x509-certificate-authority-key-id</strong> <em>cert</em></dt>
987 <dd><p>Return the key ID (a u8vector) of the X.509 certificate authority of <var>cert</var>.
991 <dt><a name="index-x509_002dcertificate_002dkey_002did"></a>Scheme Procedure: <strong>x509-certificate-key-id</strong> <em>cert</em></dt>
992 <dd><p>Return a statistically unique ID (a u8vector) for <var>cert</var> that depends on its public key parameters. This is normally a 20-byte SHA-1 hash.
996 <dt><a name="index-x509_002dcertificate_002dversion"></a>Scheme Procedure: <strong>x509-certificate-version</strong> <em>cert</em></dt>
997 <dd><p>Return the version of <var>cert</var>.
1001 <dt><a name="index-x509_002dcertificate_002dkey_002dusage"></a>Scheme Procedure: <strong>x509-certificate-key-usage</strong> <em>cert</em></dt>
1002 <dd><p>Return the key usage of <var>cert</var> (i.e., a list of <code>key-usage/</code> values), or the empty list if <var>cert</var> does not contain such information.
1006 <dt><a name="index-x509_002dcertificate_002dpublic_002dkey_002dalgorithm"></a>Scheme Procedure: <strong>x509-certificate-public-key-algorithm</strong> <em>cert</em></dt>
1007 <dd><p>Return two values: the public key algorithm (i.e., one of the <code>pk-algorithm/</code> values) of <var>cert</var> and the number of bits used.
1011 <dt><a name="index-x509_002dcertificate_002dsignature_002dalgorithm"></a>Scheme Procedure: <strong>x509-certificate-signature-algorithm</strong> <em>cert</em></dt>
1012 <dd><p>Return the signature algorithm used by <var>cert</var> (i.e., one of the <code>sign-algorithm/</code> values).
1016 <dt><a name="index-x509_002dcertificate_002dmatches_002dhostname_003f"></a>Scheme Procedure: <strong>x509-certificate-matches-hostname?</strong> <em>cert hostname</em></dt>
1017 <dd><p>Return true if <var>cert</var> matches <var>hostname</var>, a string denoting a DNS host name. This is the basic implementation of <a href="http://tools.ietf.org/html/rfc2818">RFC 2818</a> (aka. HTTPS).
1021 <dt><a name="index-x509_002dcertificate_002dissuer_002ddn_002doid"></a>Scheme Procedure: <strong>x509-certificate-issuer-dn-oid</strong> <em>cert index</em></dt>
1022 <dd><p>Return the OID (a string) at <var>index</var> from <var>cert</var>’s issuer DN. Return <code>#f</code> if no OID is available at <var>index</var>.
1026 <dt><a name="index-x509_002dcertificate_002ddn_002doid"></a>Scheme Procedure: <strong>x509-certificate-dn-oid</strong> <em>cert index</em></dt>
1027 <dd><p>Return OID (a string) at <var>index</var> from <var>cert</var>. Return <code>#f</code> if no OID is available at <var>index</var>.
1031 <dt><a name="index-x509_002dcertificate_002dissuer_002ddn"></a>Scheme Procedure: <strong>x509-certificate-issuer-dn</strong> <em>cert</em></dt>
1032 <dd><p>Return the distinguished name (DN) of X.509 certificate <var>cert</var>.
1036 <dt><a name="index-x509_002dcertificate_002ddn"></a>Scheme Procedure: <strong>x509-certificate-dn</strong> <em>cert</em></dt>
1037 <dd><p>Return the distinguished name (DN) of X.509 certificate <var>cert</var>. The form of the DN is as described in <a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>.
1041 <dt><a name="index-pkcs8_002dimport_002dx509_002dprivate_002dkey"></a>Scheme Procedure: <strong>pkcs8-import-x509-private-key</strong> <em>data format [pass [encrypted]]</em></dt>
1042 <dd><p>Return a new X.509 private key object resulting from the import of <var>data</var> (a uniform array) according to <var>format</var>. Optionally, if <var>pass</var> is not <code>#f</code>, it should be a string denoting a passphrase. <var>encrypted</var> tells whether the private key is encrypted (<code>#t</code> by default).
1046 <dt><a name="index-import_002dx509_002dprivate_002dkey"></a>Scheme Procedure: <strong>import-x509-private-key</strong> <em>data format</em></dt>
1047 <dd><p>Return a new X.509 private key object resulting from the import of <var>data</var> (a uniform array) according to <var>format</var>.
1051 <dt><a name="index-import_002dx509_002dcertificate"></a>Scheme Procedure: <strong>import-x509-certificate</strong> <em>data format</em></dt>
1052 <dd><p>Return a new X.509 certificate object resulting from the import of <var>data</var> (a uniform array) according to <var>format</var>.
1056 <dt><a name="index-server_002dsession_002dpsk_002dusername"></a>Scheme Procedure: <strong>server-session-psk-username</strong> <em>session</em></dt>
1057 <dd><p>Return the username associated with PSK server session <var>session</var>.
1061 <dt><a name="index-set_002dpsk_002dclient_002dcredentials_0021"></a>Scheme Procedure: <strong>set-psk-client-credentials!</strong> <em>cred username key key-format</em></dt>
1062 <dd><p>Set the client credentials for <var>cred</var>, a PSK client credentials object.
1066 <dt><a name="index-make_002dpsk_002dclient_002dcredentials"></a>Scheme Procedure: <strong>make-psk-client-credentials</strong></dt>
1067 <dd><p>Return a new PSK client credentials object.
1071 <dt><a name="index-set_002dpsk_002dserver_002dcredentials_002dfile_0021"></a>Scheme Procedure: <strong>set-psk-server-credentials-file!</strong> <em>cred file</em></dt>
1072 <dd><p>Use <var>file</var> as the password file for PSK server credentials <var>cred</var>.
1076 <dt><a name="index-make_002dpsk_002dserver_002dcredentials"></a>Scheme Procedure: <strong>make-psk-server-credentials</strong></dt>
1077 <dd><p>Return new PSK server credentials.
1081 <dt><a name="index-peer_002dcertificate_002dstatus"></a>Scheme Procedure: <strong>peer-certificate-status</strong> <em>session</em></dt>
1082 <dd><p>Verify the peer certificate for <var>session</var> and return a list of <code>certificate-status</code> values (such as <code>certificate-status/revoked</code>), or the empty list if the certificate is valid.
1086 <dt><a name="index-set_002dcertificate_002dcredentials_002dverify_002dflags_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-verify-flags!</strong> <em>cred [flags...]</em></dt>
1087 <dd><p>Set the certificate verification flags to <var>flags</var>, a series of <code>certificate-verify</code> values.
1091 <dt><a name="index-set_002dcertificate_002dcredentials_002dverify_002dlimits_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-verify-limits!</strong> <em>cred max-bits max-depth</em></dt>
1092 <dd><p>Set the verification limits of <code>peer-certificate-status</code> for certificate credentials <var>cred</var> to <var>max_bits</var> bits for an acceptable certificate and <var>max_depth</var> as the maximum depth of a certificate chain.
1096 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dkeys_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-keys!</strong> <em>cred certs privkey</em></dt>
1097 <dd><p>Have certificate credentials <var>cred</var> use the X.509 certificates listed in <var>certs</var> and X.509 private key <var>privkey</var>.
1101 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dkey_002ddata_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-key-data!</strong> <em>cred cert key format</em></dt>
1102 <dd><p>Use X.509 certificate <var>cert</var> and private key <var>key</var>, both uniform arrays containing the X.509 certificate and key in format <var>format</var>, for certificate credentials <var>cred</var>.
1106 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dcrl_002ddata_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-crl-data!</strong> <em>cred data format</em></dt>
1107 <dd><p>Use <var>data</var> (a uniform array) as the X.509 CRL (certificate revocation list) database for <var>cred</var>. On success, return the number of CRLs processed.
1111 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dtrust_002ddata_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-trust-data!</strong> <em>cred data format</em></dt>
1112 <dd><p>Use <var>data</var> (a uniform array) as the X.509 trust database for <var>cred</var>. On success, return the number of certificates processed.
1116 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dcrl_002dfile_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-crl-file!</strong> <em>cred file format</em></dt>
1117 <dd><p>Use <var>file</var> as the X.509 CRL (certificate revocation list) file for certificate credentials <var>cred</var>. On success, return the number of CRLs processed.
1121 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dtrust_002dfile_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-trust-file!</strong> <em>cred file format</em></dt>
1122 <dd><p>Use <var>file</var> as the X.509 trust file for certificate credentials <var>cred</var>. On success, return the number of certificates processed.
1126 <dt><a name="index-set_002dcertificate_002dcredentials_002dx509_002dkey_002dfiles_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-x509-key-files!</strong> <em>cred cert-file key-file format</em></dt>
1127 <dd><p>Use <var>file</var> as the password file for PSK server credentials <var>cred</var>.
1131 <dt><a name="index-set_002dcertificate_002dcredentials_002drsa_002dexport_002dparameters_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-rsa-export-parameters!</strong> <em>cred rsa-params</em></dt>
1132 <dd><p>Use RSA parameters <var>rsa_params</var> for certificate credentials <var>cred</var>.
1136 <dt><a name="index-set_002dcertificate_002dcredentials_002ddh_002dparameters_0021"></a>Scheme Procedure: <strong>set-certificate-credentials-dh-parameters!</strong> <em>cred dh-params</em></dt>
1137 <dd><p>Use Diffie-Hellman parameters <var>dh_params</var> for certificate credentials <var>cred</var>.
1141 <dt><a name="index-make_002dcertificate_002dcredentials"></a>Scheme Procedure: <strong>make-certificate-credentials</strong></dt>
1142 <dd><p>Return new certificate credentials (i.e., for use with either X.509 or OpenPGP certificates.
1146 <dt><a name="index-pkcs1_002dexport_002drsa_002dparameters-1"></a>Scheme Procedure: <strong>pkcs1-export-rsa-parameters</strong> <em>rsa-params format</em></dt>
1147 <dd><p>Export Diffie-Hellman parameters <var>rsa_params</var> in PKCS1 format according for <var>format</var> (an <code>x509-certificate-format</code> value). Return a <code>u8vector</code> containing the result.
1151 <dt><a name="index-pkcs1_002dimport_002drsa_002dparameters"></a>Scheme Procedure: <strong>pkcs1-import-rsa-parameters</strong> <em>array format</em></dt>
1152 <dd><p>Import Diffie-Hellman parameters in PKCS1 format (further specified by <var>format</var>, an <code>x509-certificate-format</code> value) from <var>array</var> (a homogeneous array) and return a new <code>rsa-params</code> object.
1156 <dt><a name="index-make_002drsa_002dparameters-1"></a>Scheme Procedure: <strong>make-rsa-parameters</strong> <em>bits</em></dt>
1157 <dd><p>Return new RSA parameters.
1161 <dt><a name="index-set_002danonymous_002dserver_002ddh_002dparameters_0021"></a>Scheme Procedure: <strong>set-anonymous-server-dh-parameters!</strong> <em>cred dh-params</em></dt>
1162 <dd><p>Set the Diffie-Hellman parameters of anonymous server credentials <var>cred</var>.
1166 <dt><a name="index-make_002danonymous_002dclient_002dcredentials"></a>Scheme Procedure: <strong>make-anonymous-client-credentials</strong></dt>
1167 <dd><p>Return anonymous client credentials.
1171 <dt><a name="index-make_002danonymous_002dserver_002dcredentials"></a>Scheme Procedure: <strong>make-anonymous-server-credentials</strong></dt>
1172 <dd><p>Return anonymous server credentials.
1176 <dt><a name="index-set_002dsession_002ddh_002dprime_002dbits_0021"></a>Scheme Procedure: <strong>set-session-dh-prime-bits!</strong> <em>session bits</em></dt>
1177 <dd><p>Use <var>bits</var> DH prime bits for <var>session</var>.
1181 <dt><a name="index-pkcs3_002dexport_002ddh_002dparameters"></a>Scheme Procedure: <strong>pkcs3-export-dh-parameters</strong> <em>dh-params format</em></dt>
1182 <dd><p>Export Diffie-Hellman parameters <var>dh_params</var> in PKCS3 format according for <var>format</var> (an <code>x509-certificate-format</code> value). Return a <code>u8vector</code> containing the result.
1186 <dt><a name="index-pkcs3_002dimport_002ddh_002dparameters"></a>Scheme Procedure: <strong>pkcs3-import-dh-parameters</strong> <em>array format</em></dt>
1187 <dd><p>Import Diffie-Hellman parameters in PKCS3 format (further specified by <var>format</var>, an <code>x509-certificate-format</code> value) from <var>array</var> (a homogeneous array) and return a new <code>dh-params</code> object.
1191 <dt><a name="index-make_002ddh_002dparameters"></a>Scheme Procedure: <strong>make-dh-parameters</strong> <em>bits</em></dt>
1192 <dd><p>Return new Diffie-Hellman parameters.
1196 <dt><a name="index-set_002dsession_002dtransport_002dport_0021-1"></a>Scheme Procedure: <strong>set-session-transport-port!</strong> <em>session port</em></dt>
1197 <dd><p>Use <var>port</var> as the input/output port for <var>session</var>.
1201 <dt><a name="index-set_002dsession_002dtransport_002dfd_0021-1"></a>Scheme Procedure: <strong>set-session-transport-fd!</strong> <em>session fd</em></dt>
1202 <dd><p>Use file descriptor <var>fd</var> as the underlying transport for <var>session</var>.
1206 <dt><a name="index-session_002drecord_002dport-1"></a>Scheme Procedure: <strong>session-record-port</strong> <em>session</em></dt>
1207 <dd><p>Return a read-write port that may be used to communicate over <var>session</var>. All invocations of <code>session-port</code> on a given session return the same object (in the sense of <code>eq?</code>).
1211 <dt><a name="index-record_002dreceive_0021-1"></a>Scheme Procedure: <strong>record-receive!</strong> <em>session array</em></dt>
1212 <dd><p>Receive data from <var>session</var> into <var>array</var>, a uniform homogeneous array. Return the number of bytes actually received.
1216 <dt><a name="index-record_002dsend-1"></a>Scheme Procedure: <strong>record-send</strong> <em>session array</em></dt>
1217 <dd><p>Send the record constituted by <var>array</var> through <var>session</var>.
1221 <dt><a name="index-set_002dsession_002dcredentials_0021"></a>Scheme Procedure: <strong>set-session-credentials!</strong> <em>session cred</em></dt>
1222 <dd><p>Use <var>cred</var> as <var>session</var>’s credentials.
1226 <dt><a name="index-cipher_002dsuite_002d_003estring"></a>Scheme Procedure: <strong>cipher-suite->string</strong> <em>kx cipher mac</em></dt>
1227 <dd><p>Return the name of the given cipher suite.
1231 <dt><a name="index-set_002dsession_002dpriorities_0021"></a>Scheme Procedure: <strong>set-session-priorities!</strong> <em>session priorities</em></dt>
1232 <dd><p>Have <var>session</var> use the given <var>priorities</var> for the ciphers, key exchange methods, MACs and compression methods. <var>priorities</var> must be a string (see Priority Strings). When <var>priorities</var> cannot be parsed, an <code>error/invalid-request</code> error is raised, with an extra argument indication the position of the error.
1237 <dt><a name="index-set_002dsession_002ddefault_002dexport_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-default-export-priority!</strong> <em>session</em></dt>
1238 <dd><p>Have <var>session</var> use the default export priorities.
1242 <dt><a name="index-set_002dsession_002ddefault_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-default-priority!</strong> <em>session</em></dt>
1243 <dd><p>Have <var>session</var> use the default priorities.
1247 <dt><a name="index-set_002dsession_002dcertificate_002dtype_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-certificate-type-priority!</strong> <em>session items</em></dt>
1248 <dd><p>Use <var>items</var> (a list) as the list of preferred certificate-type for <var>session</var>.
1252 <dt><a name="index-set_002dsession_002dprotocol_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-protocol-priority!</strong> <em>session items</em></dt>
1253 <dd><p>Use <var>items</var> (a list) as the list of preferred protocol for <var>session</var>.
1257 <dt><a name="index-set_002dsession_002dkx_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-kx-priority!</strong> <em>session items</em></dt>
1258 <dd><p>Use <var>items</var> (a list) as the list of preferred kx for <var>session</var>.
1262 <dt><a name="index-set_002dsession_002dcompression_002dmethod_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-compression-method-priority!</strong> <em>session items</em></dt>
1263 <dd><p>Use <var>items</var> (a list) as the list of preferred compression-method for <var>session</var>.
1267 <dt><a name="index-set_002dsession_002dmac_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-mac-priority!</strong> <em>session items</em></dt>
1268 <dd><p>Use <var>items</var> (a list) as the list of preferred mac for <var>session</var>.
1272 <dt><a name="index-set_002dsession_002dcipher_002dpriority_0021"></a>Scheme Procedure: <strong>set-session-cipher-priority!</strong> <em>session items</em></dt>
1273 <dd><p>Use <var>items</var> (a list) as the list of preferred cipher for <var>session</var>.
1277 <dt><a name="index-set_002dserver_002dsession_002dcertificate_002drequest_0021"></a>Scheme Procedure: <strong>set-server-session-certificate-request!</strong> <em>session request</em></dt>
1278 <dd><p>Tell how <var>session</var>, a server-side session, should deal with certificate requests. <var>request</var> should be either <code>certificate-request/request</code> or <code>certificate-request/require</code>.
1282 <dt><a name="index-session_002dour_002dcertificate_002dchain"></a>Scheme Procedure: <strong>session-our-certificate-chain</strong> <em>session</em></dt>
1283 <dd><p>Return our certificate chain for <var>session</var> (as sent to the peer) in raw format (a u8vector). In the case of OpenPGP there is exactly one certificate. Return the empty list if no certificate was used.
1287 <dt><a name="index-session_002dpeer_002dcertificate_002dchain"></a>Scheme Procedure: <strong>session-peer-certificate-chain</strong> <em>session</em></dt>
1288 <dd><p>Return the a list of certificates in raw format (u8vectors) where the first one is the peer’s certificate. In the case of OpenPGP, there is always exactly one certificate. In the case of X.509, subsequent certificates indicate form a certificate chain. Return the empty list if no certificate was sent.
1292 <dt><a name="index-session_002dclient_002dauthentication_002dtype"></a>Scheme Procedure: <strong>session-client-authentication-type</strong> <em>session</em></dt>
1293 <dd><p>Return the client authentication type (a <code>credential-type</code> value) used in <var>session</var>.
1297 <dt><a name="index-session_002dserver_002dauthentication_002dtype"></a>Scheme Procedure: <strong>session-server-authentication-type</strong> <em>session</em></dt>
1298 <dd><p>Return the server authentication type (a <code>credential-type</code> value) used in <var>session</var>.
1302 <dt><a name="index-session_002dauthentication_002dtype"></a>Scheme Procedure: <strong>session-authentication-type</strong> <em>session</em></dt>
1303 <dd><p>Return the authentication type (a <code>credential-type</code> value) used by <var>session</var>.
1307 <dt><a name="index-session_002dprotocol"></a>Scheme Procedure: <strong>session-protocol</strong> <em>session</em></dt>
1308 <dd><p>Return the protocol used by <var>session</var>.
1312 <dt><a name="index-session_002dcertificate_002dtype"></a>Scheme Procedure: <strong>session-certificate-type</strong> <em>session</em></dt>
1313 <dd><p>Return <var>session</var>’s certificate type.
1317 <dt><a name="index-session_002dcompression_002dmethod"></a>Scheme Procedure: <strong>session-compression-method</strong> <em>session</em></dt>
1318 <dd><p>Return <var>session</var>’s compression method.
1322 <dt><a name="index-session_002dmac"></a>Scheme Procedure: <strong>session-mac</strong> <em>session</em></dt>
1323 <dd><p>Return <var>session</var>’s MAC.
1327 <dt><a name="index-session_002dkx"></a>Scheme Procedure: <strong>session-kx</strong> <em>session</em></dt>
1328 <dd><p>Return <var>session</var>’s kx.
1332 <dt><a name="index-session_002dcipher-1"></a>Scheme Procedure: <strong>session-cipher</strong> <em>session</em></dt>
1333 <dd><p>Return <var>session</var>’s cipher.
1337 <dt><a name="index-alert_002dsend"></a>Scheme Procedure: <strong>alert-send</strong> <em>session level alert</em></dt>
1338 <dd><p>Send <var>alert</var> via <var>session</var>.
1342 <dt><a name="index-alert_002dget"></a>Scheme Procedure: <strong>alert-get</strong> <em>session</em></dt>
1343 <dd><p>Get an aleter from <var>session</var>.
1347 <dt><a name="index-rehandshake"></a>Scheme Procedure: <strong>rehandshake</strong> <em>session</em></dt>
1348 <dd><p>Perform a re-handshaking for <var>session</var>.
1352 <dt><a name="index-handshake"></a>Scheme Procedure: <strong>handshake</strong> <em>session</em></dt>
1353 <dd><p>Perform a handshake for <var>session</var>.
1357 <dt><a name="index-bye"></a>Scheme Procedure: <strong>bye</strong> <em>session how</em></dt>
1358 <dd><p>Close <var>session</var> according to <var>how</var>.
1362 <dt><a name="index-make_002dsession"></a>Scheme Procedure: <strong>make-session</strong> <em>end</em></dt>
1363 <dd><p>Return a new session for connection end <var>end</var>, either <code>connection-end/server</code> or <code>connection-end/client</code>.
1367 <dt><a name="index-gnutls_002dversion"></a>Scheme Procedure: <strong>gnutls-version</strong></dt>
1368 <dd><p>Return a string denoting the version number of the underlying GnuTLS library, e.g., <code>"1.7.2"</code>.
1372 <dt><a name="index-openpgp_002dkeyring_003f"></a>Scheme Procedure: <strong>openpgp-keyring?</strong> <em>obj</em></dt>
1373 <dd><p>Return true if <var>obj</var> is of type <code>openpgp-keyring</code>.
1377 <dt><a name="index-openpgp_002dprivate_002dkey_003f"></a>Scheme Procedure: <strong>openpgp-private-key?</strong> <em>obj</em></dt>
1378 <dd><p>Return true if <var>obj</var> is of type <code>openpgp-private-key</code>.
1382 <dt><a name="index-openpgp_002dcertificate_003f"></a>Scheme Procedure: <strong>openpgp-certificate?</strong> <em>obj</em></dt>
1383 <dd><p>Return true if <var>obj</var> is of type <code>openpgp-certificate</code>.
1387 <dt><a name="index-x509_002dprivate_002dkey_003f"></a>Scheme Procedure: <strong>x509-private-key?</strong> <em>obj</em></dt>
1388 <dd><p>Return true if <var>obj</var> is of type <code>x509-private-key</code>.
1392 <dt><a name="index-x509_002dcertificate_003f"></a>Scheme Procedure: <strong>x509-certificate?</strong> <em>obj</em></dt>
1393 <dd><p>Return true if <var>obj</var> is of type <code>x509-certificate</code>.
1397 <dt><a name="index-psk_002dclient_002dcredentials_003f"></a>Scheme Procedure: <strong>psk-client-credentials?</strong> <em>obj</em></dt>
1398 <dd><p>Return true if <var>obj</var> is of type <code>psk-client-credentials</code>.
1402 <dt><a name="index-psk_002dserver_002dcredentials_003f"></a>Scheme Procedure: <strong>psk-server-credentials?</strong> <em>obj</em></dt>
1403 <dd><p>Return true if <var>obj</var> is of type <code>psk-server-credentials</code>.
1407 <dt><a name="index-srp_002dclient_002dcredentials_003f"></a>Scheme Procedure: <strong>srp-client-credentials?</strong> <em>obj</em></dt>
1408 <dd><p>Return true if <var>obj</var> is of type <code>srp-client-credentials</code>.
1412 <dt><a name="index-srp_002dserver_002dcredentials_003f"></a>Scheme Procedure: <strong>srp-server-credentials?</strong> <em>obj</em></dt>
1413 <dd><p>Return true if <var>obj</var> is of type <code>srp-server-credentials</code>.
1417 <dt><a name="index-certificate_002dcredentials_003f"></a>Scheme Procedure: <strong>certificate-credentials?</strong> <em>obj</em></dt>
1418 <dd><p>Return true if <var>obj</var> is of type <code>certificate-credentials</code>.
1422 <dt><a name="index-rsa_002dparameters_003f"></a>Scheme Procedure: <strong>rsa-parameters?</strong> <em>obj</em></dt>
1423 <dd><p>Return true if <var>obj</var> is of type <code>rsa-parameters</code>.
1427 <dt><a name="index-dh_002dparameters_003f"></a>Scheme Procedure: <strong>dh-parameters?</strong> <em>obj</em></dt>
1428 <dd><p>Return true if <var>obj</var> is of type <code>dh-parameters</code>.
1432 <dt><a name="index-anonymous_002dserver_002dcredentials_003f"></a>Scheme Procedure: <strong>anonymous-server-credentials?</strong> <em>obj</em></dt>
1433 <dd><p>Return true if <var>obj</var> is of type <code>anonymous-server-credentials</code>.
1437 <dt><a name="index-anonymous_002dclient_002dcredentials_003f"></a>Scheme Procedure: <strong>anonymous-client-credentials?</strong> <em>obj</em></dt>
1438 <dd><p>Return true if <var>obj</var> is of type <code>anonymous-client-credentials</code>.
1442 <dt><a name="index-session_003f"></a>Scheme Procedure: <strong>session?</strong> <em>obj</em></dt>
1443 <dd><p>Return true if <var>obj</var> is of type <code>session</code>.
1447 <dt><a name="index-openpgp_002dcertificate_002dformat_002d_003estring"></a>Scheme Procedure: <strong>openpgp-certificate-format->string</strong> <em>enumval</em></dt>
1448 <dd><p>Return a string describing <var>enumval</var>, a <code>openpgp-certificate-format</code> value.
1452 <dt><a name="index-error_002d_003estring-1"></a>Scheme Procedure: <strong>error->string</strong> <em>enumval</em></dt>
1453 <dd><p>Return a string describing <var>enumval</var>, a <code>error</code> value.
1457 <dt><a name="index-certificate_002dverify_002d_003estring"></a>Scheme Procedure: <strong>certificate-verify->string</strong> <em>enumval</em></dt>
1458 <dd><p>Return a string describing <var>enumval</var>, a <code>certificate-verify</code> value.
1462 <dt><a name="index-key_002dusage_002d_003estring"></a>Scheme Procedure: <strong>key-usage->string</strong> <em>enumval</em></dt>
1463 <dd><p>Return a string describing <var>enumval</var>, a <code>key-usage</code> value.
1467 <dt><a name="index-psk_002dkey_002dformat_002d_003estring"></a>Scheme Procedure: <strong>psk-key-format->string</strong> <em>enumval</em></dt>
1468 <dd><p>Return a string describing <var>enumval</var>, a <code>psk-key-format</code> value.
1472 <dt><a name="index-sign_002dalgorithm_002d_003estring"></a>Scheme Procedure: <strong>sign-algorithm->string</strong> <em>enumval</em></dt>
1473 <dd><p>Return a string describing <var>enumval</var>, a <code>sign-algorithm</code> value.
1477 <dt><a name="index-pk_002dalgorithm_002d_003estring"></a>Scheme Procedure: <strong>pk-algorithm->string</strong> <em>enumval</em></dt>
1478 <dd><p>Return a string describing <var>enumval</var>, a <code>pk-algorithm</code> value.
1482 <dt><a name="index-x509_002dsubject_002dalternative_002dname_002d_003estring"></a>Scheme Procedure: <strong>x509-subject-alternative-name->string</strong> <em>enumval</em></dt>
1483 <dd><p>Return a string describing <var>enumval</var>, a <code>x509-subject-alternative-name</code> value.
1487 <dt><a name="index-x509_002dcertificate_002dformat_002d_003estring"></a>Scheme Procedure: <strong>x509-certificate-format->string</strong> <em>enumval</em></dt>
1488 <dd><p>Return a string describing <var>enumval</var>, a <code>x509-certificate-format</code> value.
1492 <dt><a name="index-certificate_002dtype_002d_003estring"></a>Scheme Procedure: <strong>certificate-type->string</strong> <em>enumval</em></dt>
1493 <dd><p>Return a string describing <var>enumval</var>, a <code>certificate-type</code> value.
1497 <dt><a name="index-protocol_002d_003estring"></a>Scheme Procedure: <strong>protocol->string</strong> <em>enumval</em></dt>
1498 <dd><p>Return a string describing <var>enumval</var>, a <code>protocol</code> value.
1502 <dt><a name="index-close_002drequest_002d_003estring"></a>Scheme Procedure: <strong>close-request->string</strong> <em>enumval</em></dt>
1503 <dd><p>Return a string describing <var>enumval</var>, a <code>close-request</code> value.
1507 <dt><a name="index-certificate_002drequest_002d_003estring"></a>Scheme Procedure: <strong>certificate-request->string</strong> <em>enumval</em></dt>
1508 <dd><p>Return a string describing <var>enumval</var>, a <code>certificate-request</code> value.
1512 <dt><a name="index-certificate_002dstatus_002d_003estring"></a>Scheme Procedure: <strong>certificate-status->string</strong> <em>enumval</em></dt>
1513 <dd><p>Return a string describing <var>enumval</var>, a <code>certificate-status</code> value.
1517 <dt><a name="index-handshake_002ddescription_002d_003estring"></a>Scheme Procedure: <strong>handshake-description->string</strong> <em>enumval</em></dt>
1518 <dd><p>Return a string describing <var>enumval</var>, a <code>handshake-description</code> value.
1522 <dt><a name="index-alert_002ddescription_002d_003estring"></a>Scheme Procedure: <strong>alert-description->string</strong> <em>enumval</em></dt>
1523 <dd><p>Return a string describing <var>enumval</var>, a <code>alert-description</code> value.
1527 <dt><a name="index-alert_002dlevel_002d_003estring"></a>Scheme Procedure: <strong>alert-level->string</strong> <em>enumval</em></dt>
1528 <dd><p>Return a string describing <var>enumval</var>, a <code>alert-level</code> value.
1532 <dt><a name="index-connection_002dend_002d_003estring"></a>Scheme Procedure: <strong>connection-end->string</strong> <em>enumval</em></dt>
1533 <dd><p>Return a string describing <var>enumval</var>, a <code>connection-end</code> value.
1537 <dt><a name="index-compression_002dmethod_002d_003estring"></a>Scheme Procedure: <strong>compression-method->string</strong> <em>enumval</em></dt>
1538 <dd><p>Return a string describing <var>enumval</var>, a <code>compression-method</code> value.
1542 <dt><a name="index-digest_002d_003estring"></a>Scheme Procedure: <strong>digest->string</strong> <em>enumval</em></dt>
1543 <dd><p>Return a string describing <var>enumval</var>, a <code>digest</code> value.
1547 <dt><a name="index-mac_002d_003estring"></a>Scheme Procedure: <strong>mac->string</strong> <em>enumval</em></dt>
1548 <dd><p>Return a string describing <var>enumval</var>, a <code>mac</code> value.
1552 <dt><a name="index-credentials_002d_003estring"></a>Scheme Procedure: <strong>credentials->string</strong> <em>enumval</em></dt>
1553 <dd><p>Return a string describing <var>enumval</var>, a <code>credentials</code> value.
1557 <dt><a name="index-params_002d_003estring"></a>Scheme Procedure: <strong>params->string</strong> <em>enumval</em></dt>
1558 <dd><p>Return a string describing <var>enumval</var>, a <code>params</code> value.
1562 <dt><a name="index-kx_002d_003estring"></a>Scheme Procedure: <strong>kx->string</strong> <em>enumval</em></dt>
1563 <dd><p>Return a string describing <var>enumval</var>, a <code>kx</code> value.
1567 <dt><a name="index-cipher_002d_003estring"></a>Scheme Procedure: <strong>cipher->string</strong> <em>enumval</em></dt>
1568 <dd><p>Return a string describing <var>enumval</var>, a <code>cipher</code> value.
1573 <a name="Copying-Information"></a>
1574 <div class="header">
1576 Previous: <a href="#Guile-Reference" accesskey="p" rel="previous">Guile Reference</a>, Up: <a href="#Top" accesskey="u" rel="up">Top</a> [<a href="#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
1578 <a name="Copying-Information-1"></a>
1579 <h2 class="appendix">Appendix A Copying Information</h2>
1580 <a name="index-FDL_002c-GNU-Free-Documentation-License"></a>
1582 <a name="GNU-Free-Documentation-License"></a>
1583 <h3 class="heading">GNU Free Documentation License</h3>
1585 <div align="center">Version 1.3, 3 November 2008
1588 <div class="display">
1589 <pre class="display">Copyright © 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
1590 <a href="http://fsf.org/">http://fsf.org/</a>
1592 Everyone is permitted to copy and distribute verbatim copies
1593 of this license document, but changing it is not allowed.
1599 <p>The purpose of this License is to make a manual, textbook, or other
1600 functional and useful document <em>free</em> in the sense of freedom: to
1601 assure everyone the effective freedom to copy and redistribute it,
1602 with or without modifying it, either commercially or noncommercially.
1603 Secondarily, this License preserves for the author and publisher a way
1604 to get credit for their work, while not being considered responsible
1605 for modifications made by others.
1607 <p>This License is a kind of “copyleft”, which means that derivative
1608 works of the document must themselves be free in the same sense. It
1609 complements the GNU General Public License, which is a copyleft
1610 license designed for free software.
1612 <p>We have designed this License in order to use it for manuals for free
1613 software, because free software needs free documentation: a free
1614 program should come with manuals providing the same freedoms that the
1615 software does. But this License is not limited to software manuals;
1616 it can be used for any textual work, regardless of subject matter or
1617 whether it is published as a printed book. We recommend this License
1618 principally for works whose purpose is instruction or reference.
1620 </li><li> APPLICABILITY AND DEFINITIONS
1622 <p>This License applies to any manual or other work, in any medium, that
1623 contains a notice placed by the copyright holder saying it can be
1624 distributed under the terms of this License. Such a notice grants a
1625 world-wide, royalty-free license, unlimited in duration, to use that
1626 work under the conditions stated herein. The “Document”, below,
1627 refers to any such manual or work. Any member of the public is a
1628 licensee, and is addressed as “you”. You accept the license if you
1629 copy, modify or distribute the work in a way requiring permission
1630 under copyright law.
1632 <p>A “Modified Version” of the Document means any work containing the
1633 Document or a portion of it, either copied verbatim, or with
1634 modifications and/or translated into another language.
1636 <p>A “Secondary Section” is a named appendix or a front-matter section
1637 of the Document that deals exclusively with the relationship of the
1638 publishers or authors of the Document to the Document’s overall
1639 subject (or to related matters) and contains nothing that could fall
1640 directly within that overall subject. (Thus, if the Document is in
1641 part a textbook of mathematics, a Secondary Section may not explain
1642 any mathematics.) The relationship could be a matter of historical
1643 connection with the subject or with related matters, or of legal,
1644 commercial, philosophical, ethical or political position regarding
1647 <p>The “Invariant Sections” are certain Secondary Sections whose titles
1648 are designated, as being those of Invariant Sections, in the notice
1649 that says that the Document is released under this License. If a
1650 section does not fit the above definition of Secondary then it is not
1651 allowed to be designated as Invariant. The Document may contain zero
1652 Invariant Sections. If the Document does not identify any Invariant
1653 Sections then there are none.
1655 <p>The “Cover Texts” are certain short passages of text that are listed,
1656 as Front-Cover Texts or Back-Cover Texts, in the notice that says that
1657 the Document is released under this License. A Front-Cover Text may
1658 be at most 5 words, and a Back-Cover Text may be at most 25 words.
1660 <p>A “Transparent” copy of the Document means a machine-readable copy,
1661 represented in a format whose specification is available to the
1662 general public, that is suitable for revising the document
1663 straightforwardly with generic text editors or (for images composed of
1664 pixels) generic paint programs or (for drawings) some widely available
1665 drawing editor, and that is suitable for input to text formatters or
1666 for automatic translation to a variety of formats suitable for input
1667 to text formatters. A copy made in an otherwise Transparent file
1668 format whose markup, or absence of markup, has been arranged to thwart
1669 or discourage subsequent modification by readers is not Transparent.
1670 An image format is not Transparent if used for any substantial amount
1671 of text. A copy that is not “Transparent” is called “Opaque”.
1673 <p>Examples of suitable formats for Transparent copies include plain
1674 ASCII without markup, Texinfo input format, LaTeX input
1675 format, SGML or XML using a publicly available
1676 DTD, and standard-conforming simple HTML,
1677 PostScript or PDF designed for human modification. Examples
1678 of transparent image formats include PNG, XCF and
1679 JPG. Opaque formats include proprietary formats that can be
1680 read and edited only by proprietary word processors, SGML or
1681 XML for which the DTD and/or processing tools are
1682 not generally available, and the machine-generated HTML,
1683 PostScript or PDF produced by some word processors for
1684 output purposes only.
1686 <p>The “Title Page” means, for a printed book, the title page itself,
1687 plus such following pages as are needed to hold, legibly, the material
1688 this License requires to appear in the title page. For works in
1689 formats which do not have any title page as such, “Title Page” means
1690 the text near the most prominent appearance of the work’s title,
1691 preceding the beginning of the body of the text.
1693 <p>The “publisher” means any person or entity that distributes copies
1694 of the Document to the public.
1696 <p>A section “Entitled XYZ” means a named subunit of the Document whose
1697 title either is precisely XYZ or contains XYZ in parentheses following
1698 text that translates XYZ in another language. (Here XYZ stands for a
1699 specific section name mentioned below, such as “Acknowledgements”,
1700 “Dedications”, “Endorsements”, or “History”.) To “Preserve the Title”
1701 of such a section when you modify the Document means that it remains a
1702 section “Entitled XYZ” according to this definition.
1704 <p>The Document may include Warranty Disclaimers next to the notice which
1705 states that this License applies to the Document. These Warranty
1706 Disclaimers are considered to be included by reference in this
1707 License, but only as regards disclaiming warranties: any other
1708 implication that these Warranty Disclaimers may have is void and has
1709 no effect on the meaning of this License.
1711 </li><li> VERBATIM COPYING
1713 <p>You may copy and distribute the Document in any medium, either
1714 commercially or noncommercially, provided that this License, the
1715 copyright notices, and the license notice saying this License applies
1716 to the Document are reproduced in all copies, and that you add no other
1717 conditions whatsoever to those of this License. You may not use
1718 technical measures to obstruct or control the reading or further
1719 copying of the copies you make or distribute. However, you may accept
1720 compensation in exchange for copies. If you distribute a large enough
1721 number of copies you must also follow the conditions in section 3.
1723 <p>You may also lend copies, under the same conditions stated above, and
1724 you may publicly display copies.
1726 </li><li> COPYING IN QUANTITY
1728 <p>If you publish printed copies (or copies in media that commonly have
1729 printed covers) of the Document, numbering more than 100, and the
1730 Document’s license notice requires Cover Texts, you must enclose the
1731 copies in covers that carry, clearly and legibly, all these Cover
1732 Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on
1733 the back cover. Both covers must also clearly and legibly identify
1734 you as the publisher of these copies. The front cover must present
1735 the full title with all words of the title equally prominent and
1736 visible. You may add other material on the covers in addition.
1737 Copying with changes limited to the covers, as long as they preserve
1738 the title of the Document and satisfy these conditions, can be treated
1739 as verbatim copying in other respects.
1741 <p>If the required texts for either cover are too voluminous to fit
1742 legibly, you should put the first ones listed (as many as fit
1743 reasonably) on the actual cover, and continue the rest onto adjacent
1746 <p>If you publish or distribute Opaque copies of the Document numbering
1747 more than 100, you must either include a machine-readable Transparent
1748 copy along with each Opaque copy, or state in or with each Opaque copy
1749 a computer-network location from which the general network-using
1750 public has access to download using public-standard network protocols
1751 a complete Transparent copy of the Document, free of added material.
1752 If you use the latter option, you must take reasonably prudent steps,
1753 when you begin distribution of Opaque copies in quantity, to ensure
1754 that this Transparent copy will remain thus accessible at the stated
1755 location until at least one year after the last time you distribute an
1756 Opaque copy (directly or through your agents or retailers) of that
1757 edition to the public.
1759 <p>It is requested, but not required, that you contact the authors of the
1760 Document well before redistributing any large number of copies, to give
1761 them a chance to provide you with an updated version of the Document.
1763 </li><li> MODIFICATIONS
1765 <p>You may copy and distribute a Modified Version of the Document under
1766 the conditions of sections 2 and 3 above, provided that you release
1767 the Modified Version under precisely this License, with the Modified
1768 Version filling the role of the Document, thus licensing distribution
1769 and modification of the Modified Version to whoever possesses a copy
1770 of it. In addition, you must do these things in the Modified Version:
1773 <li> Use in the Title Page (and on the covers, if any) a title distinct
1774 from that of the Document, and from those of previous versions
1775 (which should, if there were any, be listed in the History section
1776 of the Document). You may use the same title as a previous version
1777 if the original publisher of that version gives permission.
1779 </li><li> List on the Title Page, as authors, one or more persons or entities
1780 responsible for authorship of the modifications in the Modified
1781 Version, together with at least five of the principal authors of the
1782 Document (all of its principal authors, if it has fewer than five),
1783 unless they release you from this requirement.
1785 </li><li> State on the Title page the name of the publisher of the
1786 Modified Version, as the publisher.
1788 </li><li> Preserve all the copyright notices of the Document.
1790 </li><li> Add an appropriate copyright notice for your modifications
1791 adjacent to the other copyright notices.
1793 </li><li> Include, immediately after the copyright notices, a license notice
1794 giving the public permission to use the Modified Version under the
1795 terms of this License, in the form shown in the Addendum below.
1797 </li><li> Preserve in that license notice the full lists of Invariant Sections
1798 and required Cover Texts given in the Document’s license notice.
1800 </li><li> Include an unaltered copy of this License.
1802 </li><li> Preserve the section Entitled “History”, Preserve its Title, and add
1803 to it an item stating at least the title, year, new authors, and
1804 publisher of the Modified Version as given on the Title Page. If
1805 there is no section Entitled “History” in the Document, create one
1806 stating the title, year, authors, and publisher of the Document as
1807 given on its Title Page, then add an item describing the Modified
1808 Version as stated in the previous sentence.
1810 </li><li> Preserve the network location, if any, given in the Document for
1811 public access to a Transparent copy of the Document, and likewise
1812 the network locations given in the Document for previous versions
1813 it was based on. These may be placed in the “History” section.
1814 You may omit a network location for a work that was published at
1815 least four years before the Document itself, or if the original
1816 publisher of the version it refers to gives permission.
1818 </li><li> For any section Entitled “Acknowledgements” or “Dedications”, Preserve
1819 the Title of the section, and preserve in the section all the
1820 substance and tone of each of the contributor acknowledgements and/or
1821 dedications given therein.
1823 </li><li> Preserve all the Invariant Sections of the Document,
1824 unaltered in their text and in their titles. Section numbers
1825 or the equivalent are not considered part of the section titles.
1827 </li><li> Delete any section Entitled “Endorsements”. Such a section
1828 may not be included in the Modified Version.
1830 </li><li> Do not retitle any existing section to be Entitled “Endorsements” or
1831 to conflict in title with any Invariant Section.
1833 </li><li> Preserve any Warranty Disclaimers.
1836 <p>If the Modified Version includes new front-matter sections or
1837 appendices that qualify as Secondary Sections and contain no material
1838 copied from the Document, you may at your option designate some or all
1839 of these sections as invariant. To do this, add their titles to the
1840 list of Invariant Sections in the Modified Version’s license notice.
1841 These titles must be distinct from any other section titles.
1843 <p>You may add a section Entitled “Endorsements”, provided it contains
1844 nothing but endorsements of your Modified Version by various
1845 parties—for example, statements of peer review or that the text has
1846 been approved by an organization as the authoritative definition of a
1849 <p>You may add a passage of up to five words as a Front-Cover Text, and a
1850 passage of up to 25 words as a Back-Cover Text, to the end of the list
1851 of Cover Texts in the Modified Version. Only one passage of
1852 Front-Cover Text and one of Back-Cover Text may be added by (or
1853 through arrangements made by) any one entity. If the Document already
1854 includes a cover text for the same cover, previously added by you or
1855 by arrangement made by the same entity you are acting on behalf of,
1856 you may not add another; but you may replace the old one, on explicit
1857 permission from the previous publisher that added the old one.
1859 <p>The author(s) and publisher(s) of the Document do not by this License
1860 give permission to use their names for publicity for or to assert or
1861 imply endorsement of any Modified Version.
1863 </li><li> COMBINING DOCUMENTS
1865 <p>You may combine the Document with other documents released under this
1866 License, under the terms defined in section 4 above for modified
1867 versions, provided that you include in the combination all of the
1868 Invariant Sections of all of the original documents, unmodified, and
1869 list them all as Invariant Sections of your combined work in its
1870 license notice, and that you preserve all their Warranty Disclaimers.
1872 <p>The combined work need only contain one copy of this License, and
1873 multiple identical Invariant Sections may be replaced with a single
1874 copy. If there are multiple Invariant Sections with the same name but
1875 different contents, make the title of each such section unique by
1876 adding at the end of it, in parentheses, the name of the original
1877 author or publisher of that section if known, or else a unique number.
1878 Make the same adjustment to the section titles in the list of
1879 Invariant Sections in the license notice of the combined work.
1881 <p>In the combination, you must combine any sections Entitled “History”
1882 in the various original documents, forming one section Entitled
1883 “History”; likewise combine any sections Entitled “Acknowledgements”,
1884 and any sections Entitled “Dedications”. You must delete all
1885 sections Entitled “Endorsements.”
1887 </li><li> COLLECTIONS OF DOCUMENTS
1889 <p>You may make a collection consisting of the Document and other documents
1890 released under this License, and replace the individual copies of this
1891 License in the various documents with a single copy that is included in
1892 the collection, provided that you follow the rules of this License for
1893 verbatim copying of each of the documents in all other respects.
1895 <p>You may extract a single document from such a collection, and distribute
1896 it individually under this License, provided you insert a copy of this
1897 License into the extracted document, and follow this License in all
1898 other respects regarding verbatim copying of that document.
1900 </li><li> AGGREGATION WITH INDEPENDENT WORKS
1902 <p>A compilation of the Document or its derivatives with other separate
1903 and independent documents or works, in or on a volume of a storage or
1904 distribution medium, is called an “aggregate” if the copyright
1905 resulting from the compilation is not used to limit the legal rights
1906 of the compilation’s users beyond what the individual works permit.
1907 When the Document is included in an aggregate, this License does not
1908 apply to the other works in the aggregate which are not themselves
1909 derivative works of the Document.
1911 <p>If the Cover Text requirement of section 3 is applicable to these
1912 copies of the Document, then if the Document is less than one half of
1913 the entire aggregate, the Document’s Cover Texts may be placed on
1914 covers that bracket the Document within the aggregate, or the
1915 electronic equivalent of covers if the Document is in electronic form.
1916 Otherwise they must appear on printed covers that bracket the whole
1919 </li><li> TRANSLATION
1921 <p>Translation is considered a kind of modification, so you may
1922 distribute translations of the Document under the terms of section 4.
1923 Replacing Invariant Sections with translations requires special
1924 permission from their copyright holders, but you may include
1925 translations of some or all Invariant Sections in addition to the
1926 original versions of these Invariant Sections. You may include a
1927 translation of this License, and all the license notices in the
1928 Document, and any Warranty Disclaimers, provided that you also include
1929 the original English version of this License and the original versions
1930 of those notices and disclaimers. In case of a disagreement between
1931 the translation and the original version of this License or a notice
1932 or disclaimer, the original version will prevail.
1934 <p>If a section in the Document is Entitled “Acknowledgements”,
1935 “Dedications”, or “History”, the requirement (section 4) to Preserve
1936 its Title (section 1) will typically require changing the actual
1939 </li><li> TERMINATION
1941 <p>You may not copy, modify, sublicense, or distribute the Document
1942 except as expressly provided under this License. Any attempt
1943 otherwise to copy, modify, sublicense, or distribute it is void, and
1944 will automatically terminate your rights under this License.
1946 <p>However, if you cease all violation of this License, then your license
1947 from a particular copyright holder is reinstated (a) provisionally,
1948 unless and until the copyright holder explicitly and finally
1949 terminates your license, and (b) permanently, if the copyright holder
1950 fails to notify you of the violation by some reasonable means prior to
1951 60 days after the cessation.
1953 <p>Moreover, your license from a particular copyright holder is
1954 reinstated permanently if the copyright holder notifies you of the
1955 violation by some reasonable means, this is the first time you have
1956 received notice of violation of this License (for any work) from that
1957 copyright holder, and you cure the violation prior to 30 days after
1958 your receipt of the notice.
1960 <p>Termination of your rights under this section does not terminate the
1961 licenses of parties who have received copies or rights from you under
1962 this License. If your rights have been terminated and not permanently
1963 reinstated, receipt of a copy of some or all of the same material does
1964 not give you any rights to use it.
1966 </li><li> FUTURE REVISIONS OF THIS LICENSE
1968 <p>The Free Software Foundation may publish new, revised versions
1969 of the GNU Free Documentation License from time to time. Such new
1970 versions will be similar in spirit to the present version, but may
1971 differ in detail to address new problems or concerns. See
1972 <a href="http://www.gnu.org/copyleft/">http://www.gnu.org/copyleft/</a>.
1974 <p>Each version of the License is given a distinguishing version number.
1975 If the Document specifies that a particular numbered version of this
1976 License “or any later version” applies to it, you have the option of
1977 following the terms and conditions either of that specified version or
1978 of any later version that has been published (not as a draft) by the
1979 Free Software Foundation. If the Document does not specify a version
1980 number of this License, you may choose any version ever published (not
1981 as a draft) by the Free Software Foundation. If the Document
1982 specifies that a proxy can decide which future versions of this
1983 License can be used, that proxy’s public statement of acceptance of a
1984 version permanently authorizes you to choose that version for the
1987 </li><li> RELICENSING
1989 <p>“Massive Multiauthor Collaboration Site” (or “MMC Site”) means any
1990 World Wide Web server that publishes copyrightable works and also
1991 provides prominent facilities for anybody to edit those works. A
1992 public wiki that anybody can edit is an example of such a server. A
1993 “Massive Multiauthor Collaboration” (or “MMC”) contained in the
1994 site means any set of copyrightable works thus published on the MMC
1997 <p>“CC-BY-SA” means the Creative Commons Attribution-Share Alike 3.0
1998 license published by Creative Commons Corporation, a not-for-profit
1999 corporation with a principal place of business in San Francisco,
2000 California, as well as future copyleft versions of that license
2001 published by that same organization.
2003 <p>“Incorporate” means to publish or republish a Document, in whole or
2004 in part, as part of another Document.
2006 <p>An MMC is “eligible for relicensing” if it is licensed under this
2007 License, and if all works that were first published under this License
2008 somewhere other than this MMC, and subsequently incorporated in whole
2009 or in part into the MMC, (1) had no cover texts or invariant sections,
2010 and (2) were thus incorporated prior to November 1, 2008.
2012 <p>The operator of an MMC Site may republish an MMC contained in the site
2013 under CC-BY-SA on the same site at any time before August 1, 2009,
2014 provided the MMC is eligible for relicensing.
2018 <a name="ADDENDUM_003a-How-to-use-this-License-for-your-documents"></a>
2019 <h3 class="heading">ADDENDUM: How to use this License for your documents</h3>
2021 <p>To use this License in a document you have written, include a copy of
2022 the License in the document and put the following copyright and
2023 license notices just after the title page:
2025 <div class="example">
2026 <pre class="example"> Copyright (C) <var>year</var> <var>your name</var>.
2027 Permission is granted to copy, distribute and/or modify this document
2028 under the terms of the GNU Free Documentation License, Version 1.3
2029 or any later version published by the Free Software Foundation;
2030 with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
2031 Texts. A copy of the license is included in the section entitled ``GNU
2032 Free Documentation License''.
2035 <p>If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts,
2036 replace the “with…Texts.” line with this:
2038 <div class="example">
2039 <pre class="example"> with the Invariant Sections being <var>list their titles</var>, with
2040 the Front-Cover Texts being <var>list</var>, and with the Back-Cover Texts
2041 being <var>list</var>.
2044 <p>If you have Invariant Sections without Cover Texts, or some other
2045 combination of the three, merge those two alternatives to suit the
2048 <p>If your document contains nontrivial examples of program code, we
2049 recommend releasing these examples in parallel under your choice of
2050 free software license, such as the GNU General Public License,
2051 to permit their use in free software.
projects / platform / upstream / gnutls.git / blob