Tizen 2.0 Release

[external/libgnutls26.git] / doc / gnutls.info-3

This is gnutls.info, produced by makeinfo version 4.13.90 from
gnutls.texi.

This manual is last updated 6 January 2012 for version 2.12.20 of
GnuTLS.

Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Free Software Foundation, Inc.

     Permission is granted to copy, distribute and/or modify this
     document under the terms of the GNU Free Documentation License,
     Version 1.3 or any later version published by the Free Software
     Foundation; with no Invariant Sections, no Front-Cover Texts, and
     no Back-Cover Texts.  A copy of the license is included in the
     section entitled "GNU Free Documentation License".
INFO-DIR-SECTION Software libraries
START-INFO-DIR-ENTRY
* GnuTLS: (gnutls).             GNU Transport Layer Security Library.
END-INFO-DIR-ENTRY

INFO-DIR-SECTION System Administration
START-INFO-DIR-ENTRY
* certtool: (gnutls)Invoking certtool.  Manipulate certificates and keys.
* gnutls-serv: (gnutls)Invoking gnutls-serv.    GnuTLS test server.
* gnutls-cli: (gnutls)Invoking gnutls-cli.      GnuTLS test client.
* gnutls-cli-debug: (gnutls)Invoking gnutls-cli-debug.  GnuTLS debug client.
* psktool: (gnutls)Invoking psktool.    Simple TLS-Pre-Shared-Keys manager.
* srptool: (gnutls)Invoking srptool.    Simple SRP password tool.
END-INFO-DIR-ENTRY


\1f
File: gnutls.info,  Node: GnuTLS-extra functions,  Next: OpenPGP functions,  Prev: X.509 certificate functions,  Up: Function reference

9.3 GnuTLS-extra Functions
==========================

These functions are only available in the GPLv3+ version of the library
called 'gnutls-extra'.  The prototypes for this library lie in
'gnutls/extra.h'.

gnutls_extra_check_version
--------------------------

 -- Function: const char * gnutls_extra_check_version (const char *
          REQ_VERSION)
     REQ_VERSION: version string to compare with, or 'NULL'.

     Check GnuTLS Extra Library version.

     See 'GNUTLS_EXTRA_VERSION' for a suitable 'req_version' string.

     *Return value:* Check that the version of the library is at minimum
     the one given as a string in 'req_version' and return the actual
     version string of the library; return 'NULL' if the condition is
     not met.  If 'NULL' is passed to this function no check is done and
     only the version string is returned.

gnutls_global_init_extra
------------------------

 -- Function: int gnutls_global_init_extra ( VOID)

     This function initializes the global state of gnutls-extra library
     to defaults.

     Note that 'gnutls_global_init()' has to be called before this
     function.  If this function is not called then the gnutls-extra
     library will not be usable.

     This function is not thread safe, see the discussion for
     'gnutls_global_init()' on how to deal with that.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' (zero) is returned,
     otherwise an error code is returned.

\1f
File: gnutls.info,  Node: OpenPGP functions,  Next: TLS Inner Application (TLS/IA) functions,  Prev: GnuTLS-extra functions,  Up: Function reference

9.4 OpenPGP Functions
=====================

The following functions are to be used for OpenPGP certificate handling.
Their prototypes lie in 'gnutls/openpgp.h'.

gnutls_certificate_set_openpgp_key_file2
----------------------------------------

 -- Function: int gnutls_certificate_set_openpgp_key_file2
          (gnutls_certificate_credentials_t RES, const char * CERTFILE,
          const char * KEYFILE, const char * SUBKEY_ID,
          gnutls_openpgp_crt_fmt_t FORMAT)
     RES: the destination context to save the data.

     CERTFILE: the file that contains the public key.

     KEYFILE: the file that contains the secret key.

     SUBKEY_ID: a hex encoded subkey id

     FORMAT: the format of the keys

     This funtion is used to load OpenPGP keys into the GnuTLS
     credential structure.  The file should contain at least one valid
     non encrypted subkey.

     The special keyword "auto" is also accepted as 'subkey_id'.  In
     that case the 'gnutls_openpgp_crt_get_auth_subkey()' will be used
     to retrieve the subkey.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
     negative error value.

     *Since:* 2.4.0

gnutls_certificate_set_openpgp_key_file
---------------------------------------

 -- Function: int gnutls_certificate_set_openpgp_key_file
          (gnutls_certificate_credentials_t RES, const char * CERTFILE,
          const char * KEYFILE, gnutls_openpgp_crt_fmt_t FORMAT)
     RES: the destination context to save the data.

     CERTFILE: the file that contains the public key.

     KEYFILE: the file that contains the secret key.

     FORMAT: the format of the keys

     This funtion is used to load OpenPGP keys into the GnuTLS
     credentials structure.  The file should contain at least one valid
     non encrypted subkey.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
     negative error value.

gnutls_certificate_set_openpgp_key_mem2
---------------------------------------

 -- Function: int gnutls_certificate_set_openpgp_key_mem2
          (gnutls_certificate_credentials_t RES, const gnutls_datum_t *
          CERT, const gnutls_datum_t * KEY, const char * SUBKEY_ID,
          gnutls_openpgp_crt_fmt_t FORMAT)
     RES: the destination context to save the data.

     CERT: the datum that contains the public key.

     KEY: the datum that contains the secret key.

     SUBKEY_ID: a hex encoded subkey id

     FORMAT: the format of the keys

     This funtion is used to load OpenPGP keys into the GnuTLS
     credentials structure.  The datum should contain at least one valid
     non encrypted subkey.

     The special keyword "auto" is also accepted as 'subkey_id'.  In
     that case the 'gnutls_openpgp_crt_get_auth_subkey()' will be used
     to retrieve the subkey.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
     negative error value.

     *Since:* 2.4.0

gnutls_certificate_set_openpgp_key_mem
--------------------------------------

 -- Function: int gnutls_certificate_set_openpgp_key_mem
          (gnutls_certificate_credentials_t RES, const gnutls_datum_t *
          CERT, const gnutls_datum_t * KEY, gnutls_openpgp_crt_fmt_t
          FORMAT)
     RES: the destination context to save the data.

     CERT: the datum that contains the public key.

     KEY: the datum that contains the secret key.

     FORMAT: the format of the keys

     This funtion is used to load OpenPGP keys into the GnuTLS
     credential structure.  The datum should contain at least one valid
     non encrypted subkey.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
     negative error value.

gnutls_certificate_set_openpgp_keyring_file
-------------------------------------------

 -- Function: int gnutls_certificate_set_openpgp_keyring_file
          (gnutls_certificate_credentials_t C, const char * FILE,
          gnutls_openpgp_crt_fmt_t FORMAT)
     C: A certificate credentials structure

     FILE: filename of the keyring.

     FORMAT: format of keyring.

     The function is used to set keyrings that will be used internally
     by various OpenPGP functions.  For example to find a key when it is
     needed for an operations.  The keyring will also be used at the
     verification functions.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
     negative error value.

gnutls_certificate_set_openpgp_keyring_mem
------------------------------------------

 -- Function: int gnutls_certificate_set_openpgp_keyring_mem
          (gnutls_certificate_credentials_t C, const opaque * DATA,
          size_t DLEN, gnutls_openpgp_crt_fmt_t FORMAT)
     C: A certificate credentials structure

     DATA: buffer with keyring data.

     DLEN: length of data buffer.

     FORMAT: the format of the keyring

     The function is used to set keyrings that will be used internally
     by various OpenPGP functions.  For example to find a key when it is
     needed for an operations.  The keyring will also be used at the
     verification functions.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
     negative error value.

gnutls_certificate_set_openpgp_key
----------------------------------

 -- Function: int gnutls_certificate_set_openpgp_key
          (gnutls_certificate_credentials_t RES, gnutls_openpgp_crt_t
          CRT, gnutls_openpgp_privkey_t PKEY)
     RES: is a 'gnutls_certificate_credentials_t' structure.

     PKEY: is an openpgp private key

     This function sets a certificate/private key pair in the
     gnutls_certificate_credentials_t structure.  This function may be
     called more than once (in case multiple keys/certificates exist for
     the server).

     Note that this function requires that the preferred key ids have
     been set and be used.  See
     'gnutls_openpgp_crt_set_preferred_key_id()'.  Otherwise the master
     key will be used.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' (zero) is returned,
     otherwise an error code is returned.

gnutls_openpgp_crt_check_hostname
---------------------------------

 -- Function: int gnutls_openpgp_crt_check_hostname
          (gnutls_openpgp_crt_t KEY, const char * HOSTNAME)
     KEY: should contain a 'gnutls_openpgp_crt_t' structure

     HOSTNAME: A null terminated string that contains a DNS name

     This function will check if the given key's owner matches the given
     hostname.  This is a basic implementation of the matching described
     in RFC2818 (HTTPS), which takes into account wildcards.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_crt_deinit
-------------------------

 -- Function: void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t KEY)
     KEY: The structure to be initialized

     This function will deinitialize a key structure.

gnutls_openpgp_crt_export
-------------------------

 -- Function: int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t KEY,
          gnutls_openpgp_crt_fmt_t FORMAT, void * OUTPUT_DATA, size_t *
          OUTPUT_DATA_SIZE)
     KEY: Holds the key.

     FORMAT: One of gnutls_openpgp_crt_fmt_t elements.

     OUTPUT_DATA: will contain the key base64 encoded or raw

     OUTPUT_DATA_SIZE: holds the size of output_data (and will be
     replaced by the actual size of parameters)

     This function will convert the given key to RAW or Base64 format.
     If the buffer provided is not long enough to hold the output, then
     'GNUTLS_E_SHORT_MEMORY_BUFFER' will be returned.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_crt_get_auth_subkey
----------------------------------

 -- Function: int gnutls_openpgp_crt_get_auth_subkey
          (gnutls_openpgp_crt_t CRT, gnutls_openpgp_keyid_t KEYID,
          unsigned int FLAG)
     CRT: the structure that contains the OpenPGP public key.

     KEYID: the struct to save the keyid.

     FLAG: Non zero indicates that a valid subkey is always returned.

     Returns the 64-bit keyID of the first valid OpenPGP subkey marked
     for authentication.  If flag is non zero and no authentication
     subkey exists, then a valid subkey will be returned even if it is
     not marked for authentication.  Returns the 64-bit keyID of the
     first valid OpenPGP subkey marked for authentication.  If flag is
     non zero and no authentication subkey exists, then a valid subkey
     will be returned even if it is not marked for authentication.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_crt_get_creation_time
------------------------------------

 -- Function: time_t gnutls_openpgp_crt_get_creation_time
          (gnutls_openpgp_crt_t KEY)
     KEY: the structure that contains the OpenPGP public key.

     Get key creation time.

     *Returns:* the timestamp when the OpenPGP key was created.

gnutls_openpgp_crt_get_expiration_time
--------------------------------------

 -- Function: time_t gnutls_openpgp_crt_get_expiration_time
          (gnutls_openpgp_crt_t KEY)
     KEY: the structure that contains the OpenPGP public key.

     Get key expiration time.  A value of '0' means that the key doesn't
     expire at all.

     *Returns:* the time when the OpenPGP key expires.

gnutls_openpgp_crt_get_fingerprint
----------------------------------

 -- Function: int gnutls_openpgp_crt_get_fingerprint
          (gnutls_openpgp_crt_t KEY, void * FPR, size_t * FPRLEN)
     KEY: the raw data that contains the OpenPGP public key.

     FPR: the buffer to save the fingerprint, must hold at least 20
     bytes.

     FPRLEN: the integer to save the length of the fingerprint.

     Get key fingerprint.  Depending on the algorithm, the fingerprint
     can be 16 or 20 bytes.

     *Returns:* On success, 0 is returned.  Otherwise, an error code.

gnutls_openpgp_crt_get_key_id
-----------------------------

 -- Function: int gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t
          KEY, gnutls_openpgp_keyid_t KEYID)
     KEY: the structure that contains the OpenPGP public key.

     KEYID: the buffer to save the keyid.

     Get key id string.

     *Returns:* the 64-bit keyID of the OpenPGP key.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_key_usage
--------------------------------

 -- Function: int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t
          KEY, unsigned int * KEY_USAGE)
     KEY: should contain a gnutls_openpgp_crt_t structure

     KEY_USAGE: where the key usage bits will be stored

     This function will return certificate's key usage, by checking the
     key algorithm.  The key usage value will ORed values of the:
     'GNUTLS_KEY_DIGITAL_SIGNATURE', 'GNUTLS_KEY_KEY_ENCIPHERMENT'.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_crt_get_name
---------------------------

 -- Function: int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t KEY,
          int IDX, char * BUF, size_t * SIZEOF_BUF)
     KEY: the structure that contains the OpenPGP public key.

     IDX: the index of the ID to extract

     BUF: a pointer to a structure to hold the name, may be 'NULL' to
     only get the 'sizeof_buf'.

     SIZEOF_BUF: holds the maximum size of 'buf', on return hold the
     actual/required size of 'buf'.

     Extracts the userID from the parsed OpenPGP key.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, and if the index of the
     ID does not exist 'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE', or an
     error code.

gnutls_openpgp_crt_get_pk_algorithm
-----------------------------------

 -- Function: gnutls_pk_algorithm_t gnutls_openpgp_crt_get_pk_algorithm
          (gnutls_openpgp_crt_t KEY, unsigned int * BITS)
     KEY: is an OpenPGP key

     BITS: if bits is non null it will hold the size of the parameters'
     in bits

     This function will return the public key algorithm of an OpenPGP
     certificate.

     If bits is non null, it should have enough size to hold the
     parameters size in bits.  For RSA the bits returned is the modulus.
     For DSA the bits returned are of the public exponent.

     *Returns:* a member of the 'gnutls_pk_algorithm_t' enumeration on
     success, or GNUTLS_PK_UNKNOWN on error.

gnutls_openpgp_crt_get_pk_dsa_raw
---------------------------------

 -- Function: int gnutls_openpgp_crt_get_pk_dsa_raw
          (gnutls_openpgp_crt_t CRT, gnutls_datum_t * P, gnutls_datum_t
          * Q, gnutls_datum_t * G, gnutls_datum_t * Y)
     CRT: Holds the certificate

     P: will hold the p

     Q: will hold the q

     G: will hold the g

     Y: will hold the y

     This function will export the DSA public key's parameters found in
     the given certificate.  The new parameters will be allocated using
     'gnutls_malloc()' and will be stored in the appropriate datum.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_pk_rsa_raw
---------------------------------

 -- Function: int gnutls_openpgp_crt_get_pk_rsa_raw
          (gnutls_openpgp_crt_t CRT, gnutls_datum_t * M, gnutls_datum_t
          * E)
     CRT: Holds the certificate

     M: will hold the modulus

     E: will hold the public exponent

     This function will export the RSA public key's parameters found in
     the given structure.  The new parameters will be allocated using
     'gnutls_malloc()' and will be stored in the appropriate datum.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_preferred_key_id
---------------------------------------

 -- Function: int gnutls_openpgp_crt_get_preferred_key_id
          (gnutls_openpgp_crt_t KEY, gnutls_openpgp_keyid_t KEYID)
     KEY: the structure that contains the OpenPGP public key.

     KEYID: the struct to save the keyid.

     Get preferred key id.  If it hasn't been set it returns
     'GNUTLS_E_INVALID_REQUEST'.

     *Returns:* the 64-bit preferred keyID of the OpenPGP key.

gnutls_openpgp_crt_get_revoked_status
-------------------------------------

 -- Function: int gnutls_openpgp_crt_get_revoked_status
          (gnutls_openpgp_crt_t KEY)
     KEY: the structure that contains the OpenPGP public key.

     Get revocation status of key.

     *Returns:* true (1) if the key has been revoked, or false (0) if it
     has not.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_subkey_count
-----------------------------------

 -- Function: int gnutls_openpgp_crt_get_subkey_count
          (gnutls_openpgp_crt_t KEY)
     KEY: is an OpenPGP key

     This function will return the number of subkeys present in the
     given OpenPGP certificate.

     *Returns:* the number of subkeys, or a negative value on error.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_subkey_creation_time
-------------------------------------------

 -- Function: time_t gnutls_openpgp_crt_get_subkey_creation_time
          (gnutls_openpgp_crt_t KEY, unsigned int IDX)
     KEY: the structure that contains the OpenPGP public key.

     IDX: the subkey index

     Get subkey creation time.

     *Returns:* the timestamp when the OpenPGP sub-key was created.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_subkey_expiration_time
---------------------------------------------

 -- Function: time_t gnutls_openpgp_crt_get_subkey_expiration_time
          (gnutls_openpgp_crt_t KEY, unsigned int IDX)
     KEY: the structure that contains the OpenPGP public key.

     IDX: the subkey index

     Get subkey expiration time.  A value of '0' means that the key
     doesn't expire at all.

     *Returns:* the time when the OpenPGP key expires.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_subkey_fingerprint
-----------------------------------------

 -- Function: int gnutls_openpgp_crt_get_subkey_fingerprint
          (gnutls_openpgp_crt_t KEY, unsigned int IDX, void * FPR,
          size_t * FPRLEN)
     KEY: the raw data that contains the OpenPGP public key.

     IDX: the subkey index

     FPR: the buffer to save the fingerprint, must hold at least 20
     bytes.

     FPRLEN: the integer to save the length of the fingerprint.

     Get key fingerprint of a subkey.  Depending on the algorithm, the
     fingerprint can be 16 or 20 bytes.

     *Returns:* On success, 0 is returned.  Otherwise, an error code.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_subkey_idx
---------------------------------

 -- Function: int gnutls_openpgp_crt_get_subkey_idx
          (gnutls_openpgp_crt_t KEY, const gnutls_openpgp_keyid_t KEYID)
     KEY: the structure that contains the OpenPGP public key.

     KEYID: the keyid.

     Get subkey's index.

     *Returns:* the index of the subkey or a negative error value.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_subkey_id
--------------------------------

 -- Function: int gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t
          KEY, unsigned int IDX, gnutls_openpgp_keyid_t KEYID)
     KEY: the structure that contains the OpenPGP public key.

     IDX: the subkey index

     KEYID: the buffer to save the keyid.

     Get the subkey's key-id.

     *Returns:* the 64-bit keyID of the OpenPGP key.

gnutls_openpgp_crt_get_subkey_pk_algorithm
------------------------------------------

 -- Function: gnutls_pk_algorithm_t
          gnutls_openpgp_crt_get_subkey_pk_algorithm
          (gnutls_openpgp_crt_t KEY, unsigned int IDX, unsigned int *
          BITS)
     KEY: is an OpenPGP key

     IDX: is the subkey index

     BITS: if bits is non null it will hold the size of the parameters'
     in bits

     This function will return the public key algorithm of a subkey of
     an OpenPGP certificate.

     If bits is non null, it should have enough size to hold the
     parameters size in bits.  For RSA the bits returned is the modulus.
     For DSA the bits returned are of the public exponent.

     *Returns:* a member of the 'gnutls_pk_algorithm_t' enumeration on
     success, or GNUTLS_PK_UNKNOWN on error.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_subkey_pk_dsa_raw
----------------------------------------

 -- Function: int gnutls_openpgp_crt_get_subkey_pk_dsa_raw
          (gnutls_openpgp_crt_t CRT, unsigned int IDX, gnutls_datum_t *
          P, gnutls_datum_t * Q, gnutls_datum_t * G, gnutls_datum_t * Y)
     CRT: Holds the certificate

     IDX: Is the subkey index

     P: will hold the p

     Q: will hold the q

     G: will hold the g

     Y: will hold the y

     This function will export the DSA public key's parameters found in
     the given certificate.  The new parameters will be allocated using
     'gnutls_malloc()' and will be stored in the appropriate datum.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_subkey_pk_rsa_raw
----------------------------------------

 -- Function: int gnutls_openpgp_crt_get_subkey_pk_rsa_raw
          (gnutls_openpgp_crt_t CRT, unsigned int IDX, gnutls_datum_t *
          M, gnutls_datum_t * E)
     CRT: Holds the certificate

     IDX: Is the subkey index

     M: will hold the modulus

     E: will hold the public exponent

     This function will export the RSA public key's parameters found in
     the given structure.  The new parameters will be allocated using
     'gnutls_malloc()' and will be stored in the appropriate datum.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_subkey_revoked_status
--------------------------------------------

 -- Function: int gnutls_openpgp_crt_get_subkey_revoked_status
          (gnutls_openpgp_crt_t KEY, unsigned int IDX)
     KEY: the structure that contains the OpenPGP public key.

     IDX: is the subkey index

     Get subkey revocation status.  A negative value indicates an error.

     *Returns:* true (1) if the key has been revoked, or false (0) if it
     has not.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_subkey_usage
-----------------------------------

 -- Function: int gnutls_openpgp_crt_get_subkey_usage
          (gnutls_openpgp_crt_t KEY, unsigned int IDX, unsigned int *
          KEY_USAGE)
     KEY: should contain a gnutls_openpgp_crt_t structure

     IDX: the subkey index

     KEY_USAGE: where the key usage bits will be stored

     This function will return certificate's key usage, by checking the
     key algorithm.  The key usage value will ORed values of
     'GNUTLS_KEY_DIGITAL_SIGNATURE' or 'GNUTLS_KEY_KEY_ENCIPHERMENT'.

     A negative value may be returned in case of parsing error.

     *Returns:* key usage value.

     *Since:* 2.4.0

gnutls_openpgp_crt_get_version
------------------------------

 -- Function: int gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t
          KEY)
     KEY: the structure that contains the OpenPGP public key.

     Extract the version of the OpenPGP key.

     *Returns:* the version number is returned, or a negative value on
     errors.

gnutls_openpgp_crt_import
-------------------------

 -- Function: int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t KEY,
          const gnutls_datum_t * DATA, gnutls_openpgp_crt_fmt_t FORMAT)
     KEY: The structure to store the parsed key.

     DATA: The RAW or BASE64 encoded key.

     FORMAT: One of gnutls_openpgp_crt_fmt_t elements.

     This function will convert the given RAW or Base64 encoded key to
     the native 'gnutls_openpgp_crt_t' format.  The output will be
     stored in 'key'.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_crt_init
-----------------------

 -- Function: int gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * KEY)
     KEY: The structure to be initialized

     This function will initialize an OpenPGP key structure.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_crt_print
------------------------

 -- Function: int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t CERT,
          gnutls_certificate_print_formats_t FORMAT, gnutls_datum_t *
          OUT)
     CERT: The structure to be printed

     FORMAT: Indicate the format to use

     OUT: Newly allocated datum with zero terminated string.

     This function will pretty print an OpenPGP certificate, suitable
     for display to a human.

     The format should be zero for future compatibility.

     The output 'out' needs to be deallocate using 'gnutls_free()'.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_crt_set_preferred_key_id
---------------------------------------

 -- Function: int gnutls_openpgp_crt_set_preferred_key_id
          (gnutls_openpgp_crt_t KEY, const gnutls_openpgp_keyid_t KEYID)
     KEY: the structure that contains the OpenPGP public key.

     KEYID: the selected keyid

     This allows setting a preferred key id for the given certificate.
     This key will be used by functions that involve key handling.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' (zero) is returned,
     otherwise an error code is returned.

gnutls_openpgp_crt_verify_ring
------------------------------

 -- Function: int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t
          KEY, gnutls_openpgp_keyring_t KEYRING, unsigned int FLAGS,
          unsigned int * VERIFY)
     KEY: the structure that holds the key.

     KEYRING: holds the keyring to check against

     FLAGS: unused (should be 0)

     VERIFY: will hold the certificate verification output.

     Verify all signatures in the key, using the given set of keys
     (keyring).

     The key verification output will be put in 'verify' and will be one
     or more of the 'gnutls_certificate_status_t' enumerated elements
     bitwise or'd.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_crt_verify_self
------------------------------

 -- Function: int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t
          KEY, unsigned int FLAGS, unsigned int * VERIFY)
     KEY: the structure that holds the key.

     FLAGS: unused (should be 0)

     VERIFY: will hold the key verification output.

     Verifies the self signature in the key.  The key verification
     output will be put in 'verify' and will be one or more of the
     gnutls_certificate_status_t enumerated elements bitwise or'd.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_keyring_check_id
-------------------------------

 -- Function: int gnutls_openpgp_keyring_check_id
          (gnutls_openpgp_keyring_t RING, const gnutls_openpgp_keyid_t
          KEYID, unsigned int FLAGS)
     RING: holds the keyring to check against

     KEYID: will hold the keyid to check for.

     FLAGS: unused (should be 0)

     Check if a given key ID exists in the keyring.

     *Returns:* 'GNUTLS_E_SUCCESS' on success (if keyid exists) and a
     negative error code on failure.

gnutls_openpgp_keyring_deinit
-----------------------------

 -- Function: void gnutls_openpgp_keyring_deinit
          (gnutls_openpgp_keyring_t KEYRING)
     KEYRING: The structure to be initialized

     This function will deinitialize a keyring structure.

gnutls_openpgp_keyring_get_crt_count
------------------------------------

 -- Function: int gnutls_openpgp_keyring_get_crt_count
          (gnutls_openpgp_keyring_t RING)
     RING: is an OpenPGP key ring

     This function will return the number of OpenPGP certificates
     present in the given keyring.

     *Returns:* the number of subkeys, or a negative value on error.

gnutls_openpgp_keyring_get_crt
------------------------------

 -- Function: int gnutls_openpgp_keyring_get_crt
          (gnutls_openpgp_keyring_t RING, unsigned int IDX,
          gnutls_openpgp_crt_t * CERT)
     RING: Holds the keyring.

     IDX: the index of the certificate to export

     CERT: An uninitialized 'gnutls_openpgp_crt_t' structure

     This function will extract an OpenPGP certificate from the given
     keyring.  If the index given is out of range
     'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE' will be returned.  The
     returned structure needs to be deinited.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_keyring_import
-----------------------------

 -- Function: int gnutls_openpgp_keyring_import
          (gnutls_openpgp_keyring_t KEYRING, const gnutls_datum_t *
          DATA, gnutls_openpgp_crt_fmt_t FORMAT)
     KEYRING: The structure to store the parsed key.

     DATA: The RAW or BASE64 encoded keyring.

     FORMAT: One of 'gnutls_openpgp_keyring_fmt' elements.

     This function will convert the given RAW or Base64 encoded keyring
     to the native 'gnutls_openpgp_keyring_t' format.  The output will
     be stored in 'keyring'.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_keyring_init
---------------------------

 -- Function: int gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t
          * KEYRING)
     KEYRING: The structure to be initialized

     This function will initialize an keyring structure.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_privkey_deinit
-----------------------------

 -- Function: void gnutls_openpgp_privkey_deinit
          (gnutls_openpgp_privkey_t KEY)
     KEY: The structure to be initialized

     This function will deinitialize a key structure.

gnutls_openpgp_privkey_export_dsa_raw
-------------------------------------

 -- Function: int gnutls_openpgp_privkey_export_dsa_raw
          (gnutls_openpgp_privkey_t PKEY, gnutls_datum_t * P,
          gnutls_datum_t * Q, gnutls_datum_t * G, gnutls_datum_t * Y,
          gnutls_datum_t * X)
     PKEY: Holds the certificate

     P: will hold the p

     Q: will hold the q

     G: will hold the g

     Y: will hold the y

     X: will hold the x

     This function will export the DSA private key's parameters found in
     the given certificate.  The new parameters will be allocated using
     'gnutls_malloc()' and will be stored in the appropriate datum.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.

     *Since:* 2.4.0

gnutls_openpgp_privkey_export_rsa_raw
-------------------------------------

 -- Function: int gnutls_openpgp_privkey_export_rsa_raw
          (gnutls_openpgp_privkey_t PKEY, gnutls_datum_t * M,
          gnutls_datum_t * E, gnutls_datum_t * D, gnutls_datum_t * P,
          gnutls_datum_t * Q, gnutls_datum_t * U)
     PKEY: Holds the certificate

     M: will hold the modulus

     E: will hold the public exponent

     D: will hold the private exponent

     P: will hold the first prime (p)

     Q: will hold the second prime (q)

     U: will hold the coefficient

     This function will export the RSA private key's parameters found in
     the given structure.  The new parameters will be allocated using
     'gnutls_malloc()' and will be stored in the appropriate datum.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.

     *Since:* 2.4.0

gnutls_openpgp_privkey_export_subkey_dsa_raw
--------------------------------------------

 -- Function: int gnutls_openpgp_privkey_export_subkey_dsa_raw
          (gnutls_openpgp_privkey_t PKEY, unsigned int IDX,
          gnutls_datum_t * P, gnutls_datum_t * Q, gnutls_datum_t * G,
          gnutls_datum_t * Y, gnutls_datum_t * X)
     PKEY: Holds the certificate

     IDX: Is the subkey index

     P: will hold the p

     Q: will hold the q

     G: will hold the g

     Y: will hold the y

     X: will hold the x

     This function will export the DSA private key's parameters found in
     the given certificate.  The new parameters will be allocated using
     'gnutls_malloc()' and will be stored in the appropriate datum.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.

     *Since:* 2.4.0

gnutls_openpgp_privkey_export_subkey_rsa_raw
--------------------------------------------

 -- Function: int gnutls_openpgp_privkey_export_subkey_rsa_raw
          (gnutls_openpgp_privkey_t PKEY, unsigned int IDX,
          gnutls_datum_t * M, gnutls_datum_t * E, gnutls_datum_t * D,
          gnutls_datum_t * P, gnutls_datum_t * Q, gnutls_datum_t * U)
     PKEY: Holds the certificate

     IDX: Is the subkey index

     M: will hold the modulus

     E: will hold the public exponent

     D: will hold the private exponent

     P: will hold the first prime (p)

     Q: will hold the second prime (q)

     U: will hold the coefficient

     This function will export the RSA private key's parameters found in
     the given structure.  The new parameters will be allocated using
     'gnutls_malloc()' and will be stored in the appropriate datum.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, otherwise an error.

     *Since:* 2.4.0

gnutls_openpgp_privkey_export
-----------------------------

 -- Function: int gnutls_openpgp_privkey_export
          (gnutls_openpgp_privkey_t KEY, gnutls_openpgp_crt_fmt_t
          FORMAT, const char * PASSWORD, unsigned int FLAGS, void *
          OUTPUT_DATA, size_t * OUTPUT_DATA_SIZE)
     KEY: Holds the key.

     FORMAT: One of gnutls_openpgp_crt_fmt_t elements.

     PASSWORD: the password that will be used to encrypt the key.
     (unused for now)

     FLAGS: zero for future compatibility

     OUTPUT_DATA: will contain the key base64 encoded or raw

     OUTPUT_DATA_SIZE: holds the size of output_data (and will be
     replaced by the actual size of parameters)

     This function will convert the given key to RAW or Base64 format.
     If the buffer provided is not long enough to hold the output, then
     GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_fingerprint
--------------------------------------

 -- Function: int gnutls_openpgp_privkey_get_fingerprint
          (gnutls_openpgp_privkey_t KEY, void * FPR, size_t * FPRLEN)
     KEY: the raw data that contains the OpenPGP secret key.

     FPR: the buffer to save the fingerprint, must hold at least 20
     bytes.

     FPRLEN: the integer to save the length of the fingerprint.

     Get the fingerprint of the OpenPGP key.  Depends on the algorithm,
     the fingerprint can be 16 or 20 bytes.

     *Returns:* On success, 0 is returned, or an error code.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_key_id
---------------------------------

 -- Function: int gnutls_openpgp_privkey_get_key_id
          (gnutls_openpgp_privkey_t KEY, gnutls_openpgp_keyid_t KEYID)
     KEY: the structure that contains the OpenPGP secret key.

     KEYID: the buffer to save the keyid.

     Get key-id.

     *Returns:* the 64-bit keyID of the OpenPGP key.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_pk_algorithm
---------------------------------------

 -- Function: gnutls_pk_algorithm_t
          gnutls_openpgp_privkey_get_pk_algorithm
          (gnutls_openpgp_privkey_t KEY, unsigned int * BITS)
     KEY: is an OpenPGP key

     BITS: if bits is non null it will hold the size of the parameters'
     in bits

     This function will return the public key algorithm of an OpenPGP
     certificate.

     If bits is non null, it should have enough size to hold the
     parameters size in bits.  For RSA the bits returned is the modulus.
     For DSA the bits returned are of the public exponent.

     *Returns:* a member of the 'gnutls_pk_algorithm_t' enumeration on
     success, or a negative value on error.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_preferred_key_id
-------------------------------------------

 -- Function: int gnutls_openpgp_privkey_get_preferred_key_id
          (gnutls_openpgp_privkey_t KEY, gnutls_openpgp_keyid_t KEYID)
     KEY: the structure that contains the OpenPGP public key.

     KEYID: the struct to save the keyid.

     Get the preferred key-id for the key.

     *Returns:* the 64-bit preferred keyID of the OpenPGP key, or if it
     hasn't been set it returns 'GNUTLS_E_INVALID_REQUEST'.

gnutls_openpgp_privkey_get_revoked_status
-----------------------------------------

 -- Function: int gnutls_openpgp_privkey_get_revoked_status
          (gnutls_openpgp_privkey_t KEY)
     KEY: the structure that contains the OpenPGP private key.

     Get revocation status of key.

     *Returns:* true (1) if the key has been revoked, or false (0) if it
     has not, or a negative value indicates an error.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_subkey_count
---------------------------------------

 -- Function: int gnutls_openpgp_privkey_get_subkey_count
          (gnutls_openpgp_privkey_t KEY)
     KEY: is an OpenPGP key

     This function will return the number of subkeys present in the
     given OpenPGP certificate.

     *Returns:* the number of subkeys, or a negative value on error.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_subkey_creation_time
-----------------------------------------------

 -- Function: time_t gnutls_openpgp_privkey_get_subkey_creation_time
          (gnutls_openpgp_privkey_t KEY, unsigned int IDX)
     KEY: the structure that contains the OpenPGP private key.

     IDX: the subkey index

     Get subkey creation time.

     *Returns:* the timestamp when the OpenPGP key was created.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_subkey_expiration_time
-------------------------------------------------

 -- Function: time_t gnutls_openpgp_privkey_get_subkey_expiration_time
          (gnutls_openpgp_privkey_t KEY, unsigned int IDX)
     KEY: the structure that contains the OpenPGP private key.

     IDX: the subkey index

     Get subkey expiration time.  A value of '0' means that the key
     doesn't expire at all.

     *Returns:* the time when the OpenPGP key expires.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_subkey_fingerprint
---------------------------------------------

 -- Function: int gnutls_openpgp_privkey_get_subkey_fingerprint
          (gnutls_openpgp_privkey_t KEY, unsigned int IDX, void * FPR,
          size_t * FPRLEN)
     KEY: the raw data that contains the OpenPGP secret key.

     IDX: the subkey index

     FPR: the buffer to save the fingerprint, must hold at least 20
     bytes.

     FPRLEN: the integer to save the length of the fingerprint.

     Get the fingerprint of an OpenPGP subkey.  Depends on the
     algorithm, the fingerprint can be 16 or 20 bytes.

     *Returns:* On success, 0 is returned, or an error code.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_subkey_idx
-------------------------------------

 -- Function: int gnutls_openpgp_privkey_get_subkey_idx
          (gnutls_openpgp_privkey_t KEY, const gnutls_openpgp_keyid_t
          KEYID)
     KEY: the structure that contains the OpenPGP private key.

     KEYID: the keyid.

     Get index of subkey.

     *Returns:* the index of the subkey or a negative error value.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_subkey_id
------------------------------------

 -- Function: int gnutls_openpgp_privkey_get_subkey_id
          (gnutls_openpgp_privkey_t KEY, unsigned int IDX,
          gnutls_openpgp_keyid_t KEYID)
     KEY: the structure that contains the OpenPGP secret key.

     IDX: the subkey index

     KEYID: the buffer to save the keyid.

     Get the key-id for the subkey.

     *Returns:* the 64-bit keyID of the OpenPGP key.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_subkey_pk_algorithm
----------------------------------------------

 -- Function: gnutls_pk_algorithm_t
          gnutls_openpgp_privkey_get_subkey_pk_algorithm
          (gnutls_openpgp_privkey_t KEY, unsigned int IDX, unsigned int
          * BITS)
     KEY: is an OpenPGP key

     IDX: is the subkey index

     BITS: if bits is non null it will hold the size of the parameters'
     in bits

     This function will return the public key algorithm of a subkey of
     an OpenPGP certificate.

     If bits is non null, it should have enough size to hold the
     parameters size in bits.  For RSA the bits returned is the modulus.
     For DSA the bits returned are of the public exponent.

     *Returns:* a member of the 'gnutls_pk_algorithm_t' enumeration on
     success, or a negative value on error.

     *Since:* 2.4.0

gnutls_openpgp_privkey_get_subkey_revoked_status
------------------------------------------------

 -- Function: int gnutls_openpgp_privkey_get_subkey_revoked_status
          (gnutls_openpgp_privkey_t KEY, unsigned int IDX)
     KEY: the structure that contains the OpenPGP private key.

     IDX: is the subkey index

     Get revocation status of key.

     *Returns:* true (1) if the key has been revoked, or false (0) if it
     has not, or a negative value indicates an error.

     *Since:* 2.4.0

gnutls_openpgp_privkey_import
-----------------------------

 -- Function: int gnutls_openpgp_privkey_import
          (gnutls_openpgp_privkey_t KEY, const gnutls_datum_t * DATA,
          gnutls_openpgp_crt_fmt_t FORMAT, const char * PASSWORD,
          unsigned int FLAGS)
     KEY: The structure to store the parsed key.

     DATA: The RAW or BASE64 encoded key.

     FORMAT: One of 'gnutls_openpgp_crt_fmt_t' elements.

     PASSWORD: not used for now

     FLAGS: should be zero

     This function will convert the given RAW or Base64 encoded key to
     the native gnutls_openpgp_privkey_t format.  The output will be
     stored in 'key'.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_privkey_init
---------------------------

 -- Function: int gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t
          * KEY)
     KEY: The structure to be initialized

     This function will initialize an OpenPGP key structure.

     *Returns:* 'GNUTLS_E_SUCCESS' on success, or an error code.

gnutls_openpgp_privkey_sec_param
--------------------------------

 -- Function: gnutls_sec_param_t gnutls_openpgp_privkey_sec_param
          (gnutls_openpgp_privkey_t KEY)
     KEY: a key structure

     This function will return the security parameter appropriate with
     this private key.

     *Returns:* On success, a valid security parameter is returned
     otherwise 'GNUTLS_SEC_PARAM_UNKNOWN' is returned.

gnutls_openpgp_privkey_set_preferred_key_id
-------------------------------------------

 -- Function: int gnutls_openpgp_privkey_set_preferred_key_id
          (gnutls_openpgp_privkey_t KEY, const gnutls_openpgp_keyid_t
          KEYID)
     KEY: the structure that contains the OpenPGP public key.

     KEYID: the selected keyid

     This allows setting a preferred key id for the given certificate.
     This key will be used by functions that involve key handling.

     *Returns:* On success, 0 is returned, or an error code.

gnutls_openpgp_privkey_sign_hash
--------------------------------

 -- Function: int gnutls_openpgp_privkey_sign_hash
          (gnutls_openpgp_privkey_t KEY, const gnutls_datum_t * HASH,
          gnutls_datum_t * SIGNATURE)
     KEY: Holds the key

     HASH: holds the data to be signed

     SIGNATURE: will contain newly allocated signature

     This function will sign the given hash using the private key.  You
     should use 'gnutls_openpgp_privkey_set_preferred_key_id()' before
     calling this function to set the subkey to use.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' is returned, otherwise a
     negative error value.

     *Deprecated:* Use 'gnutls_privkey_sign_hash()' instead.

gnutls_openpgp_set_recv_key_function
------------------------------------

 -- Function: void gnutls_openpgp_set_recv_key_function
          (gnutls_session_t SESSION, gnutls_openpgp_recv_key_func FUNC)
     SESSION: a TLS session

     FUNC: the callback

     This funtion will set a key retrieval function for OpenPGP keys.
     This callback is only useful in server side, and will be used if
     the peer sent a key fingerprint instead of a full key.

\1f
File: gnutls.info,  Node: TLS Inner Application (TLS/IA) functions,  Next: Error codes and descriptions,  Prev: OpenPGP functions,  Up: Function reference

9.5 TLS Inner Application (TLS/IA) Functions
============================================

The following functions are used for TLS Inner Application (TLS/IA).
Their prototypes lie in 'gnutls/extra.h'.  You need to link with
'libgnutls-extra' to be able to use these functions (*note GnuTLS-extra
functions::).

The typical control flow in an TLS/IA client (that would not require an
Application Phase for resumed sessions) would be similar to the
following:

     int client_avp (gnuls_session_t *session, void *ptr,
                     const char *last, size_t lastlen,
                char **new, size_t *newlen)
     {
     ...
     }
     ...
     int main ()
     {
       gnutls_ia_client_credentials_t iacred;
     ...
       gnutls_init (&session, GNUTLS_CLIENT);
     ...
       /* Enable TLS/IA. */
       gnutls_ia_allocate_client_credentials(&iacred);
       gnutls_ia_set_client_avp_function(iacred, client_avp);
       gnutls_credentials_set (session, GNUTLS_CRD_IA, iacred);
     ...
       ret = gnutls_handshake (session);
       // Error handling...
     ...
       if (gnutls_ia_handshake_p (session))
         {
           ret = gnutls_ia_handshake (session);
           // Error handling...
     ...

See below for detailed descriptions of all the functions used above.

The function 'client_avp' would have to be implemented by your
application.  The function is responsible for handling the AVP data.
See 'gnutls_ia_set_client_avp_function' below for more information on
how that function should be implemented.

The control flow in a typical server is similar to the above, use
'gnutls_ia_server_credentials_t' instead of
'gnutls_ia_client_credentials_t', and replace the call to the client
functions with the corresponding server functions.

gnutls_ia_allocate_client_credentials
-------------------------------------

 -- Function: int gnutls_ia_allocate_client_credentials
          (gnutls_ia_client_credentials_t * SC)
     SC: is a pointer to a 'gnutls_ia_server_credentials_t' structure.

     This structure is complex enough to manipulate directly thus this
     helper function is provided in order to allocate it.

     Adding this credential to a session will enable TLS/IA, and will
     require an Application Phase after the TLS handshake (if the server
     support TLS/IA). Use 'gnutls_ia_enable()' to toggle the TLS/IA
     mode.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
     otherwise an error code is returned.

gnutls_ia_allocate_server_credentials
-------------------------------------

 -- Function: int gnutls_ia_allocate_server_credentials
          (gnutls_ia_server_credentials_t * SC)
     SC: is a pointer to a 'gnutls_ia_server_credentials_t' structure.

     This structure is complex enough to manipulate directly thus this
     helper function is provided in order to allocate it.

     Adding this credential to a session will enable TLS/IA, and will
     require an Application Phase after the TLS handshake (if the client
     support TLS/IA). Use 'gnutls_ia_enable()' to toggle the TLS/IA
     mode.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' (0) is returned,
     otherwise an error code is returned.

gnutls_ia_enable
----------------

 -- Function: void gnutls_ia_enable (gnutls_session_t SESSION, int
          ALLOW_SKIP_ON_RESUME)
     SESSION: is a 'gnutls_session_t' structure.

     ALLOW_SKIP_ON_RESUME: non-zero if local party allows one to skip
     the TLS/IA application phases for a resumed session.

     Specify whether we must advertise support for the TLS/IA extension
     during the handshake.

     At the client side, we always advertise TLS/IA if gnutls_ia_enable
     was called before the handshake; at the server side, we also
     require that the client has advertised that it wants to run TLS/IA
     before including the advertisement, as required by the protocol.

     Similarly, at the client side we always advertise that we allow
     TLS/IA to be skipped for resumed sessions if 'allow_skip_on_resume'
     is non-zero; at the server side, we also require that the session
     is indeed resumable and that the client has also advertised that it
     allows TLS/IA to be skipped for resumed sessions.

     After the TLS handshake, call 'gnutls_ia_handshake_p()' to find out
     whether both parties agreed to do a TLS/IA handshake, before
     calling 'gnutls_ia_handshake()' or one of the lower level
     gnutls_ia_* functions.

gnutls_ia_endphase_send
-----------------------

 -- Function: int gnutls_ia_endphase_send (gnutls_session_t SESSION, int
          FINAL_P)
     SESSION: is a 'gnutls_session_t' structure.

     FINAL_P: Set iff this should signal the final phase.

     Send a TLS/IA end phase message.

     In the client, this should only be used to acknowledge an end phase
     message sent by the server.

     In the server, this can be called instead of 'gnutls_ia_send()' if
     the server wishes to end an application phase.

     *Return value:* Return 0 on success, or an error code.

gnutls_ia_extract_inner_secret
------------------------------

 -- Function: void gnutls_ia_extract_inner_secret (gnutls_session_t
          SESSION, char * BUFFER)
     SESSION: is a 'gnutls_session_t' structure.

     BUFFER: pre-allocated buffer to hold 48 bytes of inner secret.

     Copy the 48 bytes large inner secret into the specified buffer

     This function is typically used after the TLS/IA handshake has
     concluded.  The TLS/IA inner secret can be used as input to a PRF
     to derive session keys.  Do not use the inner secret directly as a
     session key, because for a resumed session that does not include an
     application phase, the inner secret will be identical to the inner
     secret in the original session.  It is important to include, for
     example, the client and server randomness when deriving a sesssion
     key from the inner secret.

gnutls_ia_free_client_credentials
---------------------------------

 -- Function: void gnutls_ia_free_client_credentials
          (gnutls_ia_client_credentials_t SC)
     SC: is a 'gnutls_ia_client_credentials_t' structure.

     This structure is complex enough to manipulate directly thus this
     helper function is provided in order to free (deallocate) it.

gnutls_ia_free_server_credentials
---------------------------------

 -- Function: void gnutls_ia_free_server_credentials
          (gnutls_ia_server_credentials_t SC)
     SC: is a 'gnutls_ia_server_credentials_t' structure.

     This structure is complex enough to manipulate directly thus this
     helper function is provided in order to free (deallocate) it.

gnutls_ia_generate_challenge
----------------------------

 -- Function: int gnutls_ia_generate_challenge (gnutls_session_t
          SESSION, size_t BUFFER_SIZE, char * BUFFER)
     SESSION: is a 'gnutls_session_t' structure.

     BUFFER_SIZE: size of output buffer.

     BUFFER: pre-allocated buffer to contain 'buffer_size' bytes of
     output.

     Generate an application challenge that the client cannot control or
     predict, based on the TLS/IA inner secret.

     *Return value:* Returns 0 on success, or an negative error code.

gnutls_ia_get_client_avp_ptr
----------------------------

 -- Function: void * gnutls_ia_get_client_avp_ptr
          (gnutls_ia_client_credentials_t CRED)
     CRED: is a 'gnutls_ia_client_credentials_t' structure.

     Returns the pointer that will be provided to the TLS/IA callback
     function as the first argument.

     *Returns:* The client callback data pointer.

gnutls_ia_get_server_avp_ptr
----------------------------

 -- Function: void * gnutls_ia_get_server_avp_ptr
          (gnutls_ia_server_credentials_t CRED)
     CRED: is a 'gnutls_ia_client_credentials_t' structure.

     Returns the pointer that will be provided to the TLS/IA callback
     function as the first argument.

     *Returns:* The server callback data pointer.

gnutls_ia_handshake_p
---------------------

 -- Function: int gnutls_ia_handshake_p (gnutls_session_t SESSION)
     SESSION: is a 'gnutls_session_t' structure.

     Predicate to be used after 'gnutls_handshake()' to decide whether
     to invoke 'gnutls_ia_handshake()'.  Usable by both clients and
     servers.

     *Return value:* non-zero if TLS/IA handshake is expected, zero
     otherwise.

gnutls_ia_handshake
-------------------

 -- Function: int gnutls_ia_handshake (gnutls_session_t SESSION)
     SESSION: is a 'gnutls_session_t' structure.

     Perform a TLS/IA handshake.  This should be called after
     'gnutls_handshake()' iff 'gnutls_ia_handshake_p()'.

     *Returns:* On success, 'GNUTLS_E_SUCCESS' (zero) is returned,
     otherwise an error code is returned.

gnutls_ia_permute_inner_secret
------------------------------

 -- Function: int gnutls_ia_permute_inner_secret (gnutls_session_t
          SESSION, size_t SESSION_KEYS_SIZE, const char * SESSION_KEYS)
     SESSION: is a 'gnutls_session_t' structure.

     SESSION_KEYS_SIZE: Size of generated session keys (0 if none).

     SESSION_KEYS: Generated session keys, used to permute inner secret
     (NULL if none).

     Permute the inner secret using the generated session keys.

     This can be called in the TLS/IA AVP callback to mix any generated
     session keys with the TLS/IA inner secret.

     *Return value:* Return zero on success, or a negative error code.

gnutls_ia_recv
--------------

 -- Function: ssize_t gnutls_ia_recv (gnutls_session_t SESSION, char *
          DATA, size_t SIZEOFDATA)
     SESSION: is a 'gnutls_session_t' structure.

     DATA: the buffer that the data will be read into, must hold >= 12
     bytes.

     SIZEOFDATA: the number of requested bytes, must be >= 12.

     Receive TLS/IA data.  This function has the similar semantics with
     'recv()'.  The only difference is that it accepts a GnuTLS session,
     and uses different error codes.

     If the server attempt to finish an application phase, this function
     will return 'GNUTLS_E_WARNING_IA_IPHF_RECEIVED' or
     'GNUTLS_E_WARNING_IA_FPHF_RECEIVED'.  The caller should then invoke
     'gnutls_ia_verify_endphase()', and if it runs the client side, also
     send an endphase message of its own using gnutls_ia_endphase_send.

     If EINTR is returned by the internal push function (the default is
     'code'{'recv()'}) then GNUTLS_E_INTERRUPTED will be returned.  If
     GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN is returned, you must call
     this function again, with the same parameters; alternatively you
     could provide a NULL pointer for data, and 0 for size.

     *Returns:* The number of bytes received.  A negative error code is
     returned in case of an error.  The
     'GNUTLS_E_WARNING_IA_IPHF_RECEIVED' and
     'GNUTLS_E_WARNING_IA_FPHF_RECEIVED' errors are returned when an
     application phase finished message has been sent by the server.

gnutls_ia_send
--------------

 -- Function: ssize_t gnutls_ia_send (gnutls_session_t SESSION, const
          char * DATA, size_t SIZEOFDATA)
     SESSION: is a 'gnutls_session_t' structure.

     DATA: contains the data to send

     SIZEOFDATA: is the length of the data

     Send TLS/IA application payload data.  This function has the
     similar semantics with 'send()'.  The only difference is that it
     accepts a GnuTLS session, and uses different error codes.

     The TLS/IA protocol is synchronous, so you cannot send more than
     one packet at a time.  The client always send the first packet.

     To finish an application phase in the server, use
     'gnutls_ia_endphase_send()'.  The client cannot end an application
     phase unilaterally; rather, a client is required to respond with an
     endphase of its own if gnutls_ia_recv indicates that the server has
     sent one.

     If the EINTR is returned by the internal push function (the default
     is 'send()'} then 'GNUTLS_E_INTERRUPTED' will be returned.  If
     'GNUTLS_E_INTERRUPTED' or 'GNUTLS_E_AGAIN' is returned, you must
     call this function again, with the same parameters; alternatively
     you could provide a 'NULL' pointer for data, and 0 for size.

     *Returns:* The number of bytes sent, or a negative error code.

gnutls_ia_set_client_avp_function
---------------------------------

 -- Function: void gnutls_ia_set_client_avp_function
          (gnutls_ia_client_credentials_t CRED, gnutls_ia_avp_func
          AVP_FUNC)
     CRED: is a 'gnutls_ia_client_credentials_t' structure.

     AVP_FUNC: is the callback function

     Set the TLS/IA AVP callback handler used for the session.

     The AVP callback is called to process AVPs received from the
     server, and to get a new AVP to send to the server.

     The callback's function form is: int (*avp_func) (gnutls_session_t
     session, void *ptr, const char *last, size_t lastlen, char **next,
     size_t *nextlen);

     The 'session' parameter is the 'gnutls_session_t' structure
     corresponding to the current session.  The 'ptr' parameter is the
     application hook pointer, set through
     'gnutls_ia_set_client_avp_ptr()'.  The AVP received from the server
     is present in 'last' of 'lastlen' size, which will be 'NULL' on the
     first invocation.  The newly allocated output AVP to send to the
     server should be placed in *'next' of *'nextlen' size.

     The callback may invoke 'gnutls_ia_permute_inner_secret()' to mix
     any generated session keys with the TLS/IA inner secret.

     Return 0 ('GNUTLS_IA_APPLICATION_PAYLOAD') on success, or a
     negative error code to abort the TLS/IA handshake.

     Note that the callback must use allocate the 'next' parameter using
     'gnutls_malloc()', because it is released via 'gnutls_free()' by
     the TLS/IA handshake function.

gnutls_ia_set_client_avp_ptr
----------------------------

 -- Function: void gnutls_ia_set_client_avp_ptr
          (gnutls_ia_client_credentials_t CRED, void * PTR)
     CRED: is a 'gnutls_ia_client_credentials_t' structure.

     PTR: is the pointer

     Sets the pointer that will be provided to the TLS/IA callback
     function as the first argument.

gnutls_ia_set_server_avp_function
---------------------------------

 -- Function: void gnutls_ia_set_server_avp_function
          (gnutls_ia_server_credentials_t CRED, gnutls_ia_avp_func
          AVP_FUNC)
     CRED: is a 'gnutls_ia_server_credentials_t' structure.

     Set the TLS/IA AVP callback handler used for the session.

     The callback's function form is: int (*avp_func) (gnutls_session_t
     session, void *ptr, const char *last, size_t lastlen, char **next,
     size_t *nextlen);

     The 'session' parameter is the 'gnutls_session_t' structure
     corresponding to the current session.  The 'ptr' parameter is the
     application hook pointer, set through
     'gnutls_ia_set_server_avp_ptr()'.  The AVP received from the client
     is present in 'last' of 'lastlen' size.  The newly allocated output
     AVP to send to the client should be placed in *'next' of *'nextlen'
     size.

     The AVP callback is called to process incoming AVPs from the
     client, and to get a new AVP to send to the client.  It can also be
     used to instruct the TLS/IA handshake to do go into the
     Intermediate or Final phases.  It return a negative error code, or
     a 'gnutls_ia_apptype_t' message type.

     The callback may invoke 'gnutls_ia_permute_inner_secret()' to mix
     any generated session keys with the TLS/IA inner secret.

     Specifically, return 'GNUTLS_IA_APPLICATION_PAYLOAD' (0) to send
     another AVP to the client, return
     'GNUTLS_IA_INTERMEDIATE_PHASE_FINISHED' (1) to indicate that an
     IntermediatePhaseFinished message should be sent, and return
     'GNUTLS_IA_FINAL_PHASE_FINISHED' (2) to indicate that an
     FinalPhaseFinished message should be sent.  In the last two cases,
     the contents of the 'next' and 'nextlen' parameter is not used.

     Note that the callback must use allocate the 'next' parameter using
     'gnutls_malloc()', because it is released via 'gnutls_free()' by
     the TLS/IA handshake function.

gnutls_ia_set_server_avp_ptr
----------------------------

 -- Function: void gnutls_ia_set_server_avp_ptr
          (gnutls_ia_server_credentials_t CRED, void * PTR)
     CRED: is a 'gnutls_ia_client_credentials_t' structure.

     PTR: is the pointer

     Sets the pointer that will be provided to the TLS/IA callback
     function as the first argument.

gnutls_ia_verify_endphase
-------------------------

 -- Function: int gnutls_ia_verify_endphase (gnutls_session_t SESSION,
          const char * CHECKSUM)
     SESSION: is a 'gnutls_session_t' structure.

     CHECKSUM: 12-byte checksum data, received from 'gnutls_ia_recv()'.

     Verify TLS/IA end phase checksum data.  If verification fails, the
     'GNUTLS_A_INNER_APPLICATION_VERIFICATION' alert is sent to the
     other sie.

     This function is called when 'gnutls_ia_recv()' return
     'GNUTLS_E_WARNING_IA_IPHF_RECEIVED' or
     'GNUTLS_E_WARNING_IA_FPHF_RECEIVED'.

     *Return value:* Return 0 on successful verification, or an error
     code.  If the checksum verification of the end phase message fails,
     'GNUTLS_E_IA_VERIFY_FAILED' is returned.

\1f
File: gnutls.info,  Node: Error codes and descriptions,  Prev: TLS Inner Application (TLS/IA) functions,  Up: Function reference

9.6 Error Codes and Descriptions
================================

The error codes used throughout the library are described below.  The
return code 'GNUTLS_E_SUCCESS' indicate successful operation, and is
guaranteed to have the value 0, so you can use it in logical
expressions.

'GNUTLS_E_AGAIN:'
     Resource temporarily unavailable, try again.

'GNUTLS_E_ASN1_DER_ERROR:'
     ASN1 parser: Error in DER parsing.

'GNUTLS_E_ASN1_DER_OVERFLOW:'
     ASN1 parser: Overflow in DER parsing.

'GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:'
     ASN1 parser: Element was not found.

'GNUTLS_E_ASN1_GENERIC_ERROR:'
     ASN1 parser: Generic parsing error.

'GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:'
     ASN1 parser: Identifier was not found

'GNUTLS_E_ASN1_SYNTAX_ERROR:'
     ASN1 parser: Syntax error.

'GNUTLS_E_ASN1_TAG_ERROR:'
     ASN1 parser: Error in TAG.

'GNUTLS_E_ASN1_TAG_IMPLICIT:'
     ASN1 parser: error in implicit tag

'GNUTLS_E_ASN1_TYPE_ANY_ERROR:'
     ASN1 parser: Error in type 'ANY'.

'GNUTLS_E_ASN1_VALUE_NOT_FOUND:'
     ASN1 parser: Value was not found.

'GNUTLS_E_ASN1_VALUE_NOT_VALID:'
     ASN1 parser: Value is not valid.

'GNUTLS_E_BASE64_DECODING_ERROR:'
     Base64 decoding error.

'GNUTLS_E_BASE64_ENCODING_ERROR:'
     Base64 encoding error.

'GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR:'
     Base64 unexpected header error.

'GNUTLS_E_CERTIFICATE_ERROR:'
     Error in the certificate.

'GNUTLS_E_CERTIFICATE_KEY_MISMATCH:'
     The certificate and the given key do not match.

'GNUTLS_E_CERTIFICATE_LIST_UNSORTED:'
     The provided X.509 certificate list is not sorted (in subject to
     issuer order)

'GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE:'
     Channel binding data not available

'GNUTLS_E_COMPRESSION_FAILED:'
     Compression of the TLS record packet has failed.

'GNUTLS_E_CONSTRAINT_ERROR:'
     Some constraint limits were reached.

'GNUTLS_E_CRYPTODEV_DEVICE_ERROR:'
     Error opening /dev/crypto

'GNUTLS_E_CRYPTODEV_IOCTL_ERROR:'
     Error interfacing with /dev/crypto

'GNUTLS_E_CRYPTO_ALREADY_REGISTERED:'
     There is already a crypto algorithm with lower priority.

'GNUTLS_E_CRYPTO_INIT_FAILED:'
     The initialization of crypto backend has failed.

'GNUTLS_E_DB_ERROR:'
     Error in Database backend.

'GNUTLS_E_DECOMPRESSION_FAILED:'
     Decompression of the TLS record packet has failed.

'GNUTLS_E_DECRYPTION_FAILED:'
     Decryption has failed.

'GNUTLS_E_DH_PRIME_UNACCEPTABLE:'
     The Diffie-Hellman prime sent by the server is not acceptable (not
     long enough).

'GNUTLS_E_ENCRYPTION_FAILED:'
     Encryption has failed.

'GNUTLS_E_ERROR_IN_FINISHED_PACKET:'
     An error was encountered at the TLS Finished packet calculation.

'GNUTLS_E_EXPIRED:'
     The requested session has expired.

'GNUTLS_E_FATAL_ALERT_RECEIVED:'
     A TLS fatal alert has been received.

'GNUTLS_E_FILE_ERROR:'
     Error while reading file.

'GNUTLS_E_GOT_APPLICATION_DATA:'
     TLS Application data were received, while expecting handshake data.

'GNUTLS_E_HANDSHAKE_TOO_LARGE:'
     The handshake data size is too large (DoS?), check
     gnutls_handshake_set_max_packet_length().

'GNUTLS_E_HASH_FAILED:'
     Hashing has failed.

'GNUTLS_E_IA_VERIFY_FAILED:'
     Verifying TLS/IA phase checksum failed

'GNUTLS_E_ILLEGAL_SRP_USERNAME:'
     The SRP username supplied is illegal.

'GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY:'
     The gcrypt library version is too old.

'GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY:'
     The tasn1 library version is too old.

'GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:'
     The given DSA key is incompatible with the selected TLS protocol.

'GNUTLS_E_INIT_LIBEXTRA:'
     The initialization of GnuTLS-extra has failed.

'GNUTLS_E_INSUFFICIENT_CREDENTIALS:'
     Insufficient credentials for that request.

'GNUTLS_E_INTERNAL_ERROR:'
     GnuTLS internal error.

'GNUTLS_E_INTERRUPTED:'
     Function was interrupted.

'GNUTLS_E_INVALID_PASSWORD:'
     The given password contains invalid characters.

'GNUTLS_E_INVALID_REQUEST:'
     The request is invalid.

'GNUTLS_E_INVALID_SESSION:'
     The specified session has been invalidated for some reason.

'GNUTLS_E_KEY_USAGE_VIOLATION:'
     Key usage violation in certificate has been detected.

'GNUTLS_E_LARGE_PACKET:'
     A large TLS record packet was received.

'GNUTLS_E_LIBRARY_VERSION_MISMATCH:'
     The GnuTLS library version does not match the GnuTLS-extra library
     version.

'GNUTLS_E_LOCKING_ERROR:'
     Thread locking error

'GNUTLS_E_LZO_INIT_FAILED:'
     The initialization of LZO has failed.

'GNUTLS_E_MAC_VERIFY_FAILED:'
     The Message Authentication Code verification failed.

'GNUTLS_E_MEMORY_ERROR:'
     Internal error in memory allocation.

'GNUTLS_E_MPI_PRINT_FAILED:'
     Could not export a large integer.

'GNUTLS_E_MPI_SCAN_FAILED:'
     The scanning of a large integer has failed.

'GNUTLS_E_NO_CERTIFICATE_FOUND:'
     The peer did not send any certificate.

'GNUTLS_E_NO_CIPHER_SUITES:'
     No supported cipher suites have been found.

'GNUTLS_E_NO_COMPRESSION_ALGORITHMS:'
     No supported compression algorithms have been found.

'GNUTLS_E_NO_TEMPORARY_DH_PARAMS:'
     No temporary DH parameters were found.

'GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:'
     No temporary RSA parameters were found.

'GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED:'
     The OpenPGP fingerprint is not supported.

'GNUTLS_E_OPENPGP_GETKEY_FAILED:'
     Could not get OpenPGP key.

'GNUTLS_E_OPENPGP_KEYRING_ERROR:'
     Error loading the keyring.

'GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR:'
     The OpenPGP key has not a preferred key set.

'GNUTLS_E_OPENPGP_SUBKEY_ERROR:'
     Could not find OpenPGP subkey.

'GNUTLS_E_OPENPGP_UID_REVOKED:'
     The OpenPGP User ID is revoked.

'GNUTLS_E_PARSING_ERROR:'
     Error in parsing.

'GNUTLS_E_PKCS11_ATTRIBUTE_ERROR:'
     PKCS #11 error in attribute

'GNUTLS_E_PKCS11_DATA_ERROR:'
     PKCS #11 error in data

'GNUTLS_E_PKCS11_DEVICE_ERROR:'
     PKCS #11 error in device

'GNUTLS_E_PKCS11_ERROR:'
     PKCS #11 error.

'GNUTLS_E_PKCS11_KEY_ERROR:'
     PKCS #11 error in key

'GNUTLS_E_PKCS11_LOAD_ERROR:'
     PKCS #11 initialization error.

'GNUTLS_E_PKCS11_PIN_ERROR:'
     PKCS #11 error in PIN.

'GNUTLS_E_PKCS11_PIN_EXPIRED:'
     PKCS #11 PIN expired

'GNUTLS_E_PKCS11_PIN_LOCKED:'
     PKCS #11 PIN locked

'GNUTLS_E_PKCS11_SESSION_ERROR:'
     PKCS #11 error in session

'GNUTLS_E_PKCS11_SIGNATURE_ERROR:'
     PKCS #11 error in signature

'GNUTLS_E_PKCS11_SLOT_ERROR:'
     PKCS #11 error in slot

'GNUTLS_E_PKCS11_TOKEN_ERROR:'
     PKCS #11 error in token

'GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR:'
     PKCS #11 unsupported feature

'GNUTLS_E_PKCS11_USER_ERROR:'
     PKCS #11 user error

'GNUTLS_E_PKCS1_WRONG_PAD:'
     Wrong padding in PKCS1 packet.

'GNUTLS_E_PK_DECRYPTION_FAILED:'
     Public key decryption has failed.

'GNUTLS_E_PK_ENCRYPTION_FAILED:'
     Public key encryption has failed.

'GNUTLS_E_PK_SIGN_FAILED:'
     Public key signing has failed.

'GNUTLS_E_PK_SIG_VERIFY_FAILED:'
     Public key signature verification has failed.

'GNUTLS_E_PULL_ERROR:'
     Error in the pull function.

'GNUTLS_E_PUSH_ERROR:'
     Error in the push function.

'GNUTLS_E_RANDOM_FAILED:'
     Failed to acquire random data.

'GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:'
     An illegal TLS extension was received.

'GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:'
     An illegal parameter has been received.

'GNUTLS_E_RECORD_LIMIT_REACHED:'
     The upper limit of record packet sequence numbers has been reached.
     Wow!

'GNUTLS_E_REHANDSHAKE:'
     Rehandshake was requested by the peer.

'GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:'
     The requested data were not available.

'GNUTLS_E_SAFE_RENEGOTIATION_FAILED:'
     Safe renegotiation failed.

'GNUTLS_E_SHORT_MEMORY_BUFFER:'
     The given memory buffer is too short to hold parameters.

'GNUTLS_E_SRP_PWD_ERROR:'
     Error in password file.

'GNUTLS_E_SRP_PWD_PARSING_ERROR:'
     Parsing error in password file.

'GNUTLS_E_SUCCESS:'
     Success.

'GNUTLS_E_TOO_MANY_EMPTY_PACKETS:'
     Too many empty record packets have been received.

'GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET:'
     An unexpected TLS handshake packet was received.

'GNUTLS_E_UNEXPECTED_PACKET:'
     An unexpected TLS packet was received.

'GNUTLS_E_UNEXPECTED_PACKET_LENGTH:'
     A TLS packet with unexpected length was received.

'GNUTLS_E_UNKNOWN_ALGORITHM:'
     The specified algorithm or protocol is unknown.

'GNUTLS_E_UNKNOWN_CIPHER_SUITE:'
     Could not negotiate a supported cipher suite.

'GNUTLS_E_UNKNOWN_CIPHER_TYPE:'
     The cipher type is unsupported.

'GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:'
     Could not negotiate a supported compression method.

'GNUTLS_E_UNKNOWN_HASH_ALGORITHM:'
     The hash algorithm is unknown.

'GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE:'
     The PKCS structure's bag type is unknown.

'GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE:'
     The PKCS structure's content type is unknown.

'GNUTLS_E_UNKNOWN_PK_ALGORITHM:'
     An unknown public key algorithm was encountered.

'GNUTLS_E_UNKNOWN_SRP_USERNAME:'
     The SRP username supplied is unknown.

'GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED:'
     Unsafe renegotiation denied.

'GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:'
     The certificate type is not supported.

'GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM:'
     The signature algorithm is not supported.

'GNUTLS_E_UNSUPPORTED_VERSION_PACKET:'
     A record packet with illegal version was received.

'GNUTLS_E_UNWANTED_ALGORITHM:'
     An algorithm that is not enabled was negotiated.

'GNUTLS_E_WARNING_ALERT_RECEIVED:'
     A TLS warning alert has been received.

'GNUTLS_E_WARNING_IA_FPHF_RECEIVED:'
     Received a TLS/IA Final Phase Finished message

'GNUTLS_E_WARNING_IA_IPHF_RECEIVED:'
     Received a TLS/IA Intermediate Phase Finished message

'GNUTLS_E_X509_UNKNOWN_SAN:'
     Unknown Subject Alternative name in X.509 certificate.

'GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE:'
     The certificate has unsupported attributes.

'GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION:'
     Unsupported critical extension in X.509 certificate.

'GNUTLS_E_X509_UNSUPPORTED_OID:'
     The OID is not supported.

\1f
File: gnutls.info,  Node: All the supported ciphersuites in GnuTLS,  Next: Guile Bindings,  Prev: Function reference,  Up: Top

10 All the Supported Ciphersuites in GnuTLS
*******************************************

Available cipher suites:
TLS_ANON_DH_ARCFOUR_MD5                     0x00 0x18      SSL3.0
TLS_ANON_DH_3DES_EDE_CBC_SHA1               0x00 0x1b      SSL3.0
TLS_ANON_DH_AES_128_CBC_SHA1                0x00 0x34      SSL3.0
TLS_ANON_DH_AES_256_CBC_SHA1                0x00 0x3a      SSL3.0
TLS_ANON_DH_CAMELLIA_128_CBC_SHA1           0x00 0x46      TLS1.0
TLS_ANON_DH_CAMELLIA_256_CBC_SHA1           0x00 0x89      TLS1.0
TLS_ANON_DH_AES_128_CBC_SHA256              0x00 0x6c      TLS1.2
TLS_ANON_DH_AES_256_CBC_SHA256              0x00 0x6d      TLS1.2
TLS_PSK_SHA_ARCFOUR_SHA1                    0x00 0x8a      TLS1.0
TLS_PSK_SHA_3DES_EDE_CBC_SHA1               0x00 0x8b      TLS1.0
TLS_PSK_SHA_AES_128_CBC_SHA1                0x00 0x8c      TLS1.0
TLS_PSK_SHA_AES_256_CBC_SHA1                0x00 0x8d      TLS1.0
TLS_DHE_PSK_SHA_ARCFOUR_SHA1                0x00 0x8e      TLS1.0
TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1           0x00 0x8f      TLS1.0
TLS_DHE_PSK_SHA_AES_128_CBC_SHA1            0x00 0x90      TLS1.0
TLS_DHE_PSK_SHA_AES_256_CBC_SHA1            0x00 0x91      TLS1.0
TLS_SRP_SHA_3DES_EDE_CBC_SHA1               0xc0 0x1a      TLS1.0
TLS_SRP_SHA_AES_128_CBC_SHA1                0xc0 0x1d      TLS1.0
TLS_SRP_SHA_AES_256_CBC_SHA1                0xc0 0x20      TLS1.0
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1           0xc0 0x1c      TLS1.0
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1           0xc0 0x1b      TLS1.0
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1            0xc0 0x1f      TLS1.0
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1            0xc0 0x1e      TLS1.0
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1            0xc0 0x22      TLS1.0
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1            0xc0 0x21      TLS1.0
TLS_DHE_DSS_ARCFOUR_SHA1                    0x00 0x66      TLS1.0
TLS_DHE_DSS_3DES_EDE_CBC_SHA1               0x00 0x13      SSL3.0
TLS_DHE_DSS_AES_128_CBC_SHA1                0x00 0x32      SSL3.0
TLS_DHE_DSS_AES_256_CBC_SHA1                0x00 0x38      SSL3.0
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1           0x00 0x44      TLS1.0
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1           0x00 0x87      TLS1.0
TLS_DHE_DSS_AES_128_CBC_SHA256              0x00 0x40      TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256              0x00 0x6a      TLS1.2
TLS_DHE_RSA_3DES_EDE_CBC_SHA1               0x00 0x16      SSL3.0
TLS_DHE_RSA_AES_128_CBC_SHA1                0x00 0x33      SSL3.0
TLS_DHE_RSA_AES_256_CBC_SHA1                0x00 0x39      SSL3.0
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1           0x00 0x45      TLS1.0
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1           0x00 0x88      TLS1.0
TLS_DHE_RSA_AES_128_CBC_SHA256              0x00 0x67      TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256              0x00 0x6b      TLS1.2
TLS_RSA_NULL_MD5                            0x00 0x01      SSL3.0
TLS_RSA_NULL_SHA1                           0x00 0x02      SSL3.0
TLS_RSA_NULL_SHA256                         0x00 0x3b      TLS1.2
TLS_RSA_EXPORT_ARCFOUR_40_MD5               0x00 0x03      SSL3.0
TLS_RSA_ARCFOUR_SHA1                        0x00 0x05      SSL3.0
TLS_RSA_ARCFOUR_MD5                         0x00 0x04      SSL3.0
TLS_RSA_3DES_EDE_CBC_SHA1                   0x00 0x0a      SSL3.0
TLS_RSA_AES_128_CBC_SHA1                    0x00 0x2f      SSL3.0
TLS_RSA_AES_256_CBC_SHA1                    0x00 0x35      SSL3.0
TLS_RSA_CAMELLIA_128_CBC_SHA1               0x00 0x41      TLS1.0
TLS_RSA_CAMELLIA_256_CBC_SHA1               0x00 0x84      TLS1.0
TLS_RSA_AES_128_CBC_SHA256                  0x00 0x3c      TLS1.2
TLS_RSA_AES_256_CBC_SHA256                  0x00 0x3d      TLS1.2

Available certificate types:
   * X.509
   * OPENPGP

Available protocols:
   * SSL3.0
   * TLS1.0
   * TLS1.1
   * TLS1.2

Available ciphers:
   * AES-256-CBC
   * AES-128-CBC
   * 3DES-CBC
   * DES-CBC
   * ARCFOUR-128
   * ARCFOUR-40
   * RC2-40
   * CAMELLIA-256-CBC
   * CAMELLIA-128-CBC
   * NULL

Available MAC algorithms:
   * SHA1
   * MD5
   * SHA256
   * SHA384
   * SHA512
   * MD2
   * RIPEMD160
   * MAC-NULL

Available key exchange methods:
   * ANON-DH
   * RSA
   * RSA-EXPORT
   * DHE-RSA
   * DHE-DSS
   * SRP-DSS
   * SRP-RSA
   * SRP
   * PSK
   * DHE-PSK

Available public key algorithms:
   * RSA
   * DSA

Available public key signature algorithms:
   * RSA-SHA1
   * RSA-SHA224
   * RSA-SHA256
   * RSA-SHA384
   * RSA-SHA512
   * RSA-RMD160
   * DSA-SHA1
   * DSA-SHA224
   * DSA-SHA256
   * RSA-MD5
   * RSA-MD2

Available compression methods:
   * DEFLATE
   * NULL

Some additional information regarding some of the algorithms:

'RSA'
     RSA is public key cryptosystem designed by Ronald Rivest, Adi
     Shamir and Leonard Adleman.  It can be used with any hash
     functions.

'DSA'
     DSA is the USA's Digital Signature Standard.  It uses only the
     SHA-1 hash algorithm.

'MD2'
     MD2 is a cryptographic hash algorithm designed by Ron Rivest.  It
     is optimized for 8-bit processors.  Outputs 128 bits of data.
     There are several known weaknesses of this algorithm and it should
     not be used.

'MD5'
     MD5 is a cryptographic hash algorithm designed by Ron Rivest.
     Outputs 128 bits of data.  It is considered to be broken.

'SHA-1'
     SHA is a cryptographic hash algorithm designed by NSA. Outputs 160
     bits of data.  It is also considered to be broken, though no
     practical attacks have been found.

'RMD160'
     RIPEMD is a cryptographic hash algorithm developed in the framework
     of the EU project RIPE. Outputs 160 bits of data.

\1f
File: gnutls.info,  Node: Guile Bindings,  Next: Internal architecture of GnuTLS,  Prev: All the supported ciphersuites in GnuTLS,  Up: Top

11 Guile Bindings
*****************

This chapter describes the GNU Guile
(http://www.gnu.org/software/guile/) Scheme programming interface to
GnuTLS. The reader is assumed to have basic knowledge of the protocol
and library.  Details missing from this chapter may be found in *note
the C API reference: Function reference.

At this stage, not all the C functions are available from Scheme, but a
large subset thereof is available.

* Menu:

* Guile Preparations::          Note on installation and environment.
* Guile API Conventions::       Naming conventions and other idiosyncrasies.
* Guile Examples::              Quick start.
* Guile Reference::             The Scheme GnuTLS programming interface.

\1f
File: gnutls.info,  Node: Guile Preparations,  Next: Guile API Conventions,  Up: Guile Bindings

11.1 Guile Preparations
=======================

The GnuTLS Guile bindings are by default installed under the GnuTLS
installation directory (e.g., typically '/usr/local/share/guile/site/').
Normally Guile will not find the module there without help.  You may
experience something like this:

     $ guile
     guile> (use-modules (gnutls))
     <unnamed port>: no code for module (gnutls)
     guile>

There are two ways to solve this.  The first is to make sure that when
building GnuTLS, the Guile bindings will be installed in the same place
where Guile looks.  You may do this by using the '--with-guile-site-dir'
parameter as follows:

     $ ./configure --with-guile-site-dir=no

This will instruct GnuTLS to attempt to install the Guile bindings where
Guile will look for them.  It will use 'guile-config info pkgdatadir' to
learn the path to use.

If Guile was installed into '/usr', you may also install GnuTLS using
the same prefix:

     $ ./configure --prefix=/usr

If you want to specify the path to install the Guile bindings you can
also specify the path directly:

     $ ./configure --with-guile-site-dir=/opt/guile/share/guile/site

The second solution requires some more work but may be easier to use if
you do not have system administrator rights to your machine.  You need
to instruct Guile so that it finds the GnuTLS Guile bindings.  Either
use the 'GUILE_LOAD_PATH' environment variable as follows:

     $ GUILE_LOAD_PATH="/usr/local/share/guile/site:$GUILE_LOAD_PATH" guile
     guile> (use-modules (gnutls))
     guile>

Alternatively, you can modify Guile's '%load-path' variable (*note
Guile's run-time options: (guile)Build Config.).

At this point, you might get an error regarding 'libguile-gnutls-v-0'
similar to:

     gnutls.scm:361:1: In procedure dynamic-link in expression (load-extension "libguile-gnutls-v-0" "scm_init_gnutls"):
     gnutls.scm:361:1: file: "libguile-gnutls-v-0", message: "libguile-gnutls-v-0.so: cannot open shared object file: No such file or directory"

In this case, you will need to modify the run-time linker path, for
example as follows:

     $ LD_LIBRARY_PATH=/usr/local/lib GUILE_LOAD_PATH=/usr/local/share/guile/site guile
     guile> (use-modules (gnutls))
     guile>

To check that you got the intended GnuTLS library version, you may print
the version number of the loaded library as follows:

     $ guile
     guile> (use-modules (gnutls))
     guile> (gnutls-version)
     "2.12.20"
     guile>

\1f
File: gnutls.info,  Node: Guile API Conventions,  Next: Guile Examples,  Prev: Guile Preparations,  Up: Guile Bindings

11.2 Guile API Conventions
==========================

This chapter details the conventions used by Guile API, as well as
specificities of the mapping of the C API to Scheme.

* Menu:

* Enumerates and Constants::      Representation of C-side constants.
* Procedure Names::               Naming conventions.
* Representation of Binary Data:: Binary data buffers.
* Input and Output::              Input and output.
* Exception Handling::            Exceptions.

\1f
File: gnutls.info,  Node: Enumerates and Constants,  Next: Procedure Names,  Up: Guile API Conventions

11.2.1 Enumerates and Constants
-------------------------------

Lots of enumerates and constants are used in the GnuTLS C API. For each
C enumerate type, a disjoint Scheme type is used--thus, enumerate values
and constants are not represented by Scheme symbols nor by integers.
This makes it impossible to use an enumerate value of the wrong type on
the Scheme side: such errors are automatically detected by
type-checking.

The enumerate values are bound to variables exported by the '(gnutls)'
and '(gnutls extra)' modules.  These variables are named according to
the following convention:

   * All variable names are lower-case; the underscore '_' character
     used in the C API is replaced by hyphen '-'.
   * All variable names are prepended by the name of the enumerate type
     and the slash '/' character.
   * In some cases, the variable name is made more explicit than the one
     of the C API, e.g., by avoid abbreviations.

Consider for instance this C-side enumerate:

     typedef enum
     {
       GNUTLS_CRD_CERTIFICATE = 1,
       GNUTLS_CRD_ANON,
       GNUTLS_CRD_SRP,
       GNUTLS_CRD_PSK,
       GNUTLS_CRD_IA
     } gnutls_credentials_type_t;

The corresponding Scheme values are bound to the following variables
exported by the '(gnutls)' module:

     credentials/certificate
     credentials/anonymous
     credentials/srp
     credentials/psk
     credentials/ia

Hopefully, most variable names can be deduced from this convention.

Scheme-side "enumerate" values can be compared using 'eq?' (*note
equality predicates: (guile)Equality.).  Consider the following example:

     (let ((session (make-session connection-end/client)))

       ;;
       ;; ...
       ;;

       ;; Check the ciphering algorithm currently used by SESSION.
       (if (eq? cipher/arcfour (session-cipher session))
           (format #t "We're using the ARCFOUR algorithm")))

In addition, all enumerate values can be converted to a human-readable
string, in a type-specific way.  For instance, '(cipher->string
cipher/arcfour)' yields '"ARCFOUR 128"', while '(key-usage->string
key-usage/digital-signature)' yields '"digital-signature"'.  Note that
these strings may not be sufficient for use in a user interface since
they are fairly concise and not internationalized.

\1f
File: gnutls.info,  Node: Procedure Names,  Next: Representation of Binary Data,  Prev: Enumerates and Constants,  Up: Guile API Conventions

11.2.2 Procedure Names
----------------------

Unlike C functions in GnuTLS, the corresponding Scheme procedures are
named in a way that is close to natural English.  Abbreviations are also
avoided.  For instance, the Scheme procedure corresponding to
'gnutls_certificate_set_dh_params' is named
'set-certificate-credentials-dh-parameters!'.  The 'gnutls_' prefix is
always omitted from variable names since a similar effect can be
achieved using Guile's nifty binding renaming facilities, should it be
needed (*note (guile)Using Guile Modules::).

Often Scheme procedure names differ from C function names in a way that
makes it clearer what objects they operate on.  For example, the Scheme
procedure named 'set-session-transport-port!' corresponds to
'gnutls_transport_set_ptr', making it clear that this procedure applies
to session.

\1f
File: gnutls.info,  Node: Representation of Binary Data,  Next: Input and Output,  Prev: Procedure Names,  Up: Guile API Conventions

11.2.3 Representation of Binary Data
------------------------------------

Many procedures operate on binary data.  For instance,
'pkcs3-import-dh-parameters' expects binary data as input and,
similarly, procedures like 'pkcs1-export-rsa-parameters' return binary
data.

Binary data is represented on the Scheme side using SRFI-4 homogeneous
vectors (*note (guile)SRFI-4::).  Although any type of homogeneous
vector may be used, 'u8vector's (i.e., vectors of bytes) are highly
recommended.

As an example, generating and then exporting RSA parameters in the PEM
format can be done as follows:

     (let* ((rsa-params (make-rsa-parameters 1024))
            (raw-data
             (pkcs1-export-rsa-parameters rsa-params
                                          x509-certificate-format/pem)))
       (uniform-vector-write raw-data (open-output-file "some-file.pem")))

For an example of OpenPGP key import from a file, see *note Importing
OpenPGP Keys Guile Example::.

\1f
File: gnutls.info,  Node: Input and Output,  Next: Exception Handling,  Prev: Representation of Binary Data,  Up: Guile API Conventions

11.2.4 Input and Output
-----------------------

The underlying transport of a TLS session can be any Scheme input/output
port (*note (guile)Ports and File Descriptors::).  This has to be
specified using 'set-session-transport-port!'.

However, for better performance, a raw file descriptor can be specified,
using 'set-session-transport-fd!'.  For instance, if the transport layer
is a socket port over an OS-provided socket, you can use the
'port->fdes' or 'fileno' procedure to obtain the underlying file
descriptor and pass it to 'set-session-transport-fd!' (*note
'port->fdes' and 'fileno': (guile)Ports and File Descriptors.).  This
would work as follows:

     (let ((socket (socket PF_INET SOCK_STREAM 0))
           (session (make-session connection-end/client)))

       ;;
       ;; Establish a TCP connection...
       ;;

       ;; Use the file descriptor that underlies SOCKET.
       (set-session-transport-fd! session (fileno socket)))

Once a TLS session is established, data can be communicated through it
(i.e., _via_ the TLS record layer) using the port returned by
'session-record-port':

     (let ((session (make-session connection-end/client)))

       ;;
       ;; Initialize the various parameters of SESSION, set up
       ;; a network connection, etc...
       ;;

       (let ((i/o (session-record-port session)))
         (write "Hello peer!" i/o)
         (let ((greetings (read i/o)))

           ;; ...

           (bye session close-request/rdwr))))

A lower-level I/O API is provided by 'record-send' and 'record-receive!'
which take an SRFI-4 vector to represent the data sent or received.
While it might improve performance, it is much less convenient than the
above and should rarely be needed.

\1f
File: gnutls.info,  Node: Exception Handling,  Prev: Input and Output,  Up: Guile API Conventions

11.2.5 Exception Handling
-------------------------

GnuTLS errors are implemented as Scheme exceptions (*note exceptions in
Guile: (guile)Exceptions.).  Each time a GnuTLS function returns an
error, an exception with key 'gnutls-error' is raised.  The additional
arguments that are thrown include an error code and the name of the
GnuTLS procedure that raised the exception.  The error code is pretty
much like an enumerate value: it is one of the 'error/' variables
exported by the '(gnutls)' module (*note Enumerates and Constants::).
Exceptions can be turned into error messages using the 'error->string'
procedure.

The following examples illustrates how GnuTLS exceptions can be handled:

     (let ((session (make-session connection-end/server)))

       ;;
       ;; ...
       ;;

       (catch 'gnutls-error
         (lambda ()
           (handshake session))
         (lambda (key err function . currently-unused)
           (format (current-error-port)
                   "a GnuTLS error was raised by `~a': ~a~%"
                   function (error->string err)))))

Again, error values can be compared using 'eq?':

         ;; `gnutls-error' handler.
         (lambda (key err function . currently-unused)
           (if (eq? err error/fatal-alert-received)
               (format (current-error-port)
                       "a fatal alert was caught!~%")
               (format (current-error-port)
                       "something bad happened: ~a~%"
                       (error->string err))))

Note that the 'catch' handler is currently passed only 3 arguments but
future versions might provide it with additional arguments.  Thus, it
must be prepared to handle more than 3 arguments, as in this example.

\1f
File: gnutls.info,  Node: Guile Examples,  Next: Guile Reference,  Prev: Guile API Conventions,  Up: Guile Bindings

11.3 Guile Examples
===================

This chapter provides examples that illustrate common use cases.

* Menu:

* Anonymous Authentication Guile Example::    Simplest client and server.
* OpenPGP Authentication Guile Example::      Using OpenPGP-based authentication.
* Importing OpenPGP Keys Guile Example::      Importing keys from files.

\1f
File: gnutls.info,  Node: Anonymous Authentication Guile Example,  Next: OpenPGP Authentication Guile Example,  Up: Guile Examples

11.3.1 Anonymous Authentication Guile Example
---------------------------------------------

"Anonymous authentication" is very easy to use.  No certificates are
needed by the communicating parties.  Yet, it allows them to benefit
from end-to-end encryption and integrity checks.

The client-side code would look like this (assuming SOME-SOCKET is bound
to an open socket port):

     ;; Client-side.

     (let ((client (make-session connection-end/client)))
       ;; Use the default settings.
       (set-session-default-priority! client)

       ;; Don't use certificate-based authentication.
       (set-session-certificate-type-priority! client '())

       ;; Request the "anonymous Diffie-Hellman" key exchange method.
       (set-session-kx-priority! client (list kx/anon-dh))

       ;; Specify the underlying socket.
       (set-session-transport-fd! client (fileno some-socket))

       ;; Create anonymous credentials.
       (set-session-credentials! client
                                 (make-anonymous-client-credentials))

       ;; Perform the TLS handshake with the server.
       (handshake client)

       ;; Send data over the TLS record layer.
       (write "hello, world!" (session-record-port client))

       ;; Terminate the TLS session.
       (bye client close-request/rdwr))

The corresponding server would look like this (again, assuming
SOME-SOCKET is bound to a socket port):

     ;; Server-side.

     (let ((server (make-session connection-end/server)))
       (set-session-default-priority! server)
       (set-session-certificate-type-priority! server '())
       (set-session-kx-priority! server (list kx/anon-dh))

       ;; Specify the underlying transport socket.
       (set-session-transport-fd! server (fileno some-socket))

       ;; Create anonymous credentials.
       (let ((cred (make-anonymous-server-credentials))
             (dh-params (make-dh-parameters 1024)))
         ;; Note: DH parameter generation can take some time.
         (set-anonymous-server-dh-parameters! cred dh-params)
         (set-session-credentials! server cred))

       ;; Perform the TLS handshake with the client.
       (handshake server)

       ;; Receive data over the TLS record layer.
       (let ((message (read (session-record-port server))))
         (format #t "received the following message: ~a~%"
                 message)

         (bye server close-request/rdwr)))

This is it!

\1f
File: gnutls.info,  Node: OpenPGP Authentication Guile Example,  Next: Importing OpenPGP Keys Guile Example,  Prev: Anonymous Authentication Guile Example,  Up: Guile Examples

11.3.2 OpenPGP Authentication Guile Example
-------------------------------------------

GnuTLS allows users to authenticate using OpenPGP certificates.  The
relevant procedures are provided by the '(gnutls extra)' module.  Using
OpenPGP-based authentication is not more complicated than using
anonymous authentication.  It requires a bit of extra work, though, to
import the OpenPGP public and private key of the client/server.  Key
import is omitted here and is left as an exercise to the reader (*note
Importing OpenPGP Keys Guile Example::).

Assuming SOME-SOCKET is bound to an open socket port and PUB and SEC are
bound to the client's OpenPGP public and secret key, respectively,
client-side code would look like this:

     ;; Client-side.

     (define %certs (list certificate-type/openpgp))

     (let ((client (make-session connection-end/client))
           (cred   (make-certificate-credentials)))
       (set-session-default-priority! client)

       ;; Choose OpenPGP certificates.
       (set-session-certificate-type-priority! client %certs)

       ;; Prepare appropriate client credentials.
       (set-certificate-credentials-openpgp-keys! cred pub sec)
       (set-session-credentials! client cred)

       ;; Specify the underlying transport socket.
       (set-session-transport-fd! client (fileno some-socket))

       (handshake client)
       (write "hello, world!" (session-record-port client))
       (bye client close-request/rdwr))

Similarly, server-side code would be along these lines:

     ;; Server-side.

     (define %certs (list certificate-type/openpgp))

     (let ((server (make-session connection-end/server))
           (rsa    (make-rsa-parameters 1024))
           (dh     (make-dh-parameters 1024)))
       (set-session-default-priority! server)

       ;; Choose OpenPGP certificates.
       (set-session-certificate-type-priority! server %certs)

       (let ((cred (make-certificate-credentials)))
         ;; Prepare credentials with RSA and Diffie-Hellman parameters.
         (set-certificate-credentials-dh-parameters! cred dh)
         (set-certificate-credentials-rsa-export-parameters! cred rsa)
         (set-certificate-credentials-openpgp-keys! cred pub sec)
         (set-session-credentials! server cred))

       (set-session-transport-fd! server (fileno some-socket))

       (handshake server)
       (let ((msg (read (session-record-port server))))
         (format #t "received: ~a~%" msg)

         (bye server close-request/rdwr)))

In practice, generating RSA parameters (and Diffie-Hellman parameters)
can time a long time.  Thus, you may want to generate them once and
store them in a file for future re-use (*note
'pkcs1-export-rsa-parameters' and 'pkcs1-import-rsa-parameters': Core
Interface.).

\1f
File: gnutls.info,  Node: Importing OpenPGP Keys Guile Example,  Prev: OpenPGP Authentication Guile Example,  Up: Guile Examples

11.3.3 Importing OpenPGP Keys Guile Example
-------------------------------------------

The following example provides a simple way of importing "ASCII-armored"
OpenPGP keys from files, using the 'import-openpgp-certificate' and
'import-openpgp-private-key' procedures provided by the '(gnutls extra)'
module.

     (use-modules (srfi srfi-4)
                  (gnutls extra))

     (define (import-key-from-file import-proc file)
       ;; Import OpenPGP key from FILE using IMPORT-PROC.

       ;; Prepare a u8vector large enough to hold the raw
       ;; key contents.
       (let* ((size (stat:size (stat path)))
              (raw  (make-u8vector size)))

         ;; Fill in the u8vector with the contents of FILE.
         (uniform-vector-read! raw (open-input-file file))

         ;; Pass the u8vector to the import procedure.
         (import-proc raw openpgp-certificate-format/base64)))


     (define (import-public-key-from-file file)
       (import-key-from-file import-openpgp-certificate file))

     (define (import-private-key-from-file file)
       (import-key-from-file import-openpgp-private-key file))

The procedures 'import-public-key-from-file' and
'import-private-key-from-file' can be passed a file name.  They return
an OpenPGP public key and private key object, respectively (*note
OpenPGP key objects: Extra Interface.).

\1f
File: gnutls.info,  Node: Guile Reference,  Prev: Guile Examples,  Up: Guile Bindings

11.4 Guile Reference
====================

This chapter documents GnuTLS Scheme procedures available to Guile
programmers.

* Menu:

* Core Interface::              Bindings for core GnuTLS.
* Extra Interface::             Bindings for GnuTLS-Extra.

\1f
File: gnutls.info,  Node: Core Interface,  Next: Extra Interface,  Up: Guile Reference

11.4.1 Core Interface
---------------------

This section lists the Scheme procedures exported by the '(gnutls)'
module (*note (guile)The Guile module system::).  This module is
licenced under the GNU Lesser General Public Licence, version 2.1 or
later.

 -- Scheme Procedure: set-log-level! level
     Enable GnuTLS logging up to LEVEL (an integer).

 -- Scheme Procedure: set-log-procedure! proc
     Use PROC (a two-argument procedure) as the global GnuTLS log
     procedure.

 -- Scheme Procedure: x509-certificate-subject-alternative-name cert
          index
     Return two values: the alternative name type for CERT (i.e., one of
     the 'x509-subject-alternative-name/' values) and the actual subject
     alternative name (a string) at INDEX.  Both values are '#f' if no
     alternative name is available at INDEX.

 -- Scheme Procedure: x509-certificate-subject-key-id cert
     Return the subject key ID (a u8vector) for CERT.

 -- Scheme Procedure: x509-certificate-authority-key-id cert
     Return the key ID (a u8vector) of the X.509 certificate authority
     of CERT.

 -- Scheme Procedure: x509-certificate-key-id cert
     Return a statistically unique ID (a u8vector) for CERT that depends
     on its public key parameters.  This is normally a 20-byte SHA-1
     hash.

 -- Scheme Procedure: x509-certificate-version cert
     Return the version of CERT.

 -- Scheme Procedure: x509-certificate-key-usage cert
     Return the key usage of CERT (i.e., a list of 'key-usage/' values),
     or the empty list if CERT does not contain such information.

 -- Scheme Procedure: x509-certificate-public-key-algorithm cert
     Return two values: the public key algorithm (i.e., one of the
     'pk-algorithm/' values) of CERT and the number of bits used.

 -- Scheme Procedure: x509-certificate-signature-algorithm cert
     Return the signature algorithm used by CERT (i.e., one of the
     'sign-algorithm/' values).

 -- Scheme Procedure: x509-certificate-matches-hostname? cert hostname
     Return true if CERT matches HOSTNAME, a string denoting a DNS host
     name.  This is the basic implementation of RFC 2818
     (http://tools.ietf.org/html/rfc2818) (aka.  HTTPS).

 -- Scheme Procedure: x509-certificate-issuer-dn-oid cert index
     Return the OID (a string) at INDEX from CERT's issuer DN. Return
     '#f' if no OID is available at INDEX.

 -- Scheme Procedure: x509-certificate-dn-oid cert index
     Return OID (a string) at INDEX from CERT.  Return '#f' if no OID is
     available at INDEX.

 -- Scheme Procedure: x509-certificate-issuer-dn cert
     Return the distinguished name (DN) of X.509 certificate CERT.

 -- Scheme Procedure: x509-certificate-dn cert
     Return the distinguished name (DN) of X.509 certificate CERT.  The
     form of the DN is as described in RFC 2253
     (http://tools.ietf.org/html/rfc2253).

 -- Scheme Procedure: pkcs8-import-x509-private-key data format [pass
          [encrypted]]
     Return a new X.509 private key object resulting from the import of
     DATA (a uniform array) according to FORMAT.  Optionally, if PASS is
     not '#f', it should be a string denoting a passphrase.  ENCRYPTED
     tells whether the private key is encrypted ('#t' by default).

 -- Scheme Procedure: import-x509-private-key data format
     Return a new X.509 private key object resulting from the import of
     DATA (a uniform array) according to FORMAT.

 -- Scheme Procedure: import-x509-certificate data format
     Return a new X.509 certificate object resulting from the import of
     DATA (a uniform array) according to FORMAT.

 -- Scheme Procedure: server-session-psk-username session
     Return the username associated with PSK server session SESSION.

 -- Scheme Procedure: set-psk-client-credentials! cred username key
          key-format
     Set the client credentials for CRED, a PSK client credentials
     object.

 -- Scheme Procedure: make-psk-client-credentials
     Return a new PSK client credentials object.

 -- Scheme Procedure: set-psk-server-credentials-file! cred file
     Use FILE as the password file for PSK server credentials CRED.

 -- Scheme Procedure: make-psk-server-credentials
     Return new PSK server credentials.

 -- Scheme Procedure: peer-certificate-status session
     Verify the peer certificate for SESSION and return a list of
     'certificate-status' values (such as 'certificate-status/revoked'),
     or the empty list if the certificate is valid.

 -- Scheme Procedure: set-certificate-credentials-verify-flags! cred
          [flags...]
     Set the certificate verification flags to FLAGS, a series of
     'certificate-verify' values.

 -- Scheme Procedure: set-certificate-credentials-verify-limits! cred
          max-bits max-depth
     Set the verification limits of 'peer-certificate-status' for
     certificate credentials CRED to MAX_BITS bits for an acceptable
     certificate and MAX_DEPTH as the maximum depth of a certificate
     chain.

 -- Scheme Procedure: set-certificate-credentials-x509-keys! cred certs
          privkey
     Have certificate credentials CRED use the X.509 certificates listed
     in CERTS and X.509 private key PRIVKEY.

 -- Scheme Procedure: set-certificate-credentials-x509-key-data! cred
          cert key format
     Use X.509 certificate CERT and private key KEY, both uniform arrays
     containing the X.509 certificate and key in format FORMAT, for
     certificate credentials CRED.

 -- Scheme Procedure: set-certificate-credentials-x509-crl-data! cred
          data format
     Use DATA (a uniform array) as the X.509 CRL (certificate revocation
     list) database for CRED.  On success, return the number of CRLs
     processed.

 -- Scheme Procedure: set-certificate-credentials-x509-trust-data! cred
          data format
     Use DATA (a uniform array) as the X.509 trust database for CRED.
     On success, return the number of certificates processed.

 -- Scheme Procedure: set-certificate-credentials-x509-crl-file! cred
          file format
     Use FILE as the X.509 CRL (certificate revocation list) file for
     certificate credentials CRED.  On success, return the number of
     CRLs processed.

 -- Scheme Procedure: set-certificate-credentials-x509-trust-file! cred
          file format
     Use FILE as the X.509 trust file for certificate credentials CRED.
     On success, return the number of certificates processed.

 -- Scheme Procedure: set-certificate-credentials-x509-key-files! cred
          cert-file key-file format
     Use FILE as the password file for PSK server credentials CRED.

 -- Scheme Procedure: set-certificate-credentials-rsa-export-parameters!
          cred rsa-params
     Use RSA parameters RSA_PARAMS for certificate credentials CRED.

 -- Scheme Procedure: set-certificate-credentials-dh-parameters! cred
          dh-params
     Use Diffie-Hellman parameters DH_PARAMS for certificate credentials
     CRED.

 -- Scheme Procedure: make-certificate-credentials
     Return new certificate credentials (i.e., for use with either X.509
     or OpenPGP certificates.

 -- Scheme Procedure: pkcs1-export-rsa-parameters rsa-params format
     Export Diffie-Hellman parameters RSA_PARAMS in PKCS1 format
     according for FORMAT (an 'x509-certificate-format' value).  Return
     a 'u8vector' containing the result.

 -- Scheme Procedure: pkcs1-import-rsa-parameters array format
     Import Diffie-Hellman parameters in PKCS1 format (further specified
     by FORMAT, an 'x509-certificate-format' value) from ARRAY (a
     homogeneous array) and return a new 'rsa-params' object.

 -- Scheme Procedure: make-rsa-parameters bits
     Return new RSA parameters.

 -- Scheme Procedure: set-anonymous-server-dh-parameters! cred dh-params
     Set the Diffie-Hellman parameters of anonymous server credentials
     CRED.

 -- Scheme Procedure: make-anonymous-client-credentials
     Return anonymous client credentials.

 -- Scheme Procedure: make-anonymous-server-credentials
     Return anonymous server credentials.

 -- Scheme Procedure: set-session-dh-prime-bits! session bits
     Use BITS DH prime bits for SESSION.

 -- Scheme Procedure: pkcs3-export-dh-parameters dh-params format
     Export Diffie-Hellman parameters DH_PARAMS in PKCS3 format
     according for FORMAT (an 'x509-certificate-format' value).  Return
     a 'u8vector' containing the result.

 -- Scheme Procedure: pkcs3-import-dh-parameters array format
     Import Diffie-Hellman parameters in PKCS3 format (further specified
     by FORMAT, an 'x509-certificate-format' value) from ARRAY (a
     homogeneous array) and return a new 'dh-params' object.

 -- Scheme Procedure: make-dh-parameters bits
     Return new Diffie-Hellman parameters.

 -- Scheme Procedure: set-session-transport-port! session port
     Use PORT as the input/output port for SESSION.

 -- Scheme Procedure: set-session-transport-fd! session fd
     Use file descriptor FD as the underlying transport for SESSION.

 -- Scheme Procedure: session-record-port session
     Return a read-write port that may be used to communicate over
     SESSION.  All invocations of 'session-port' on a given session
     return the same object (in the sense of 'eq?').

 -- Scheme Procedure: record-receive! session array
     Receive data from SESSION into ARRAY, a uniform homogeneous array.
     Return the number of bytes actually received.

 -- Scheme Procedure: record-send session array
     Send the record constituted by ARRAY through SESSION.

 -- Scheme Procedure: set-session-credentials! session cred
     Use CRED as SESSION's credentials.

 -- Scheme Procedure: cipher-suite->string kx cipher mac
     Return the name of the given cipher suite.

 -- Scheme Procedure: set-session-default-export-priority! session
     Have SESSION use the default export priorities.

 -- Scheme Procedure: set-session-default-priority! session
     Have SESSION use the default priorities.

 -- Scheme Procedure: set-session-certificate-type-priority! session
          items
     Use ITEMS (a list) as the list of preferred certificate-type for
     SESSION.

 -- Scheme Procedure: set-session-protocol-priority! session items
     Use ITEMS (a list) as the list of preferred protocol for SESSION.

 -- Scheme Procedure: set-session-kx-priority! session items
     Use ITEMS (a list) as the list of preferred kx for SESSION.

 -- Scheme Procedure: set-session-compression-method-priority! session
          items
     Use ITEMS (a list) as the list of preferred compression-method for
     SESSION.

 -- Scheme Procedure: set-session-mac-priority! session items
     Use ITEMS (a list) as the list of preferred mac for SESSION.

 -- Scheme Procedure: set-session-cipher-priority! session items
     Use ITEMS (a list) as the list of preferred cipher for SESSION.

 -- Scheme Procedure: set-server-session-certificate-request! session
          request
     Tell how SESSION, a server-side session, should deal with
     certificate requests.  REQUEST should be either
     'certificate-request/request' or 'certificate-request/require'.

 -- Scheme Procedure: session-our-certificate-chain session
     Return our certificate chain for SESSION (as sent to the peer) in
     raw format (a u8vector).  In the case of OpenPGP there is exactly
     one certificate.  Return the empty list if no certificate was used.

 -- Scheme Procedure: session-peer-certificate-chain session
     Return the a list of certificates in raw format (u8vectors) where
     the first one is the peer's certificate.  In the case of OpenPGP,
     there is always exactly one certificate.  In the case of X.509,
     subsequent certificates indicate form a certificate chain.  Return
     the empty list if no certificate was sent.

 -- Scheme Procedure: session-client-authentication-type session
     Return the client authentication type (a 'credential-type' value)
     used in SESSION.

 -- Scheme Procedure: session-server-authentication-type session
     Return the server authentication type (a 'credential-type' value)
     used in SESSION.

 -- Scheme Procedure: session-authentication-type session
     Return the authentication type (a 'credential-type' value) used by
     SESSION.

 -- Scheme Procedure: session-protocol session
     Return the protocol used by SESSION.

 -- Scheme Procedure: session-certificate-type session
     Return SESSION's certificate type.

 -- Scheme Procedure: session-compression-method session
     Return SESSION's compression method.

 -- Scheme Procedure: session-mac session
     Return SESSION's MAC.

 -- Scheme Procedure: session-kx session
     Return SESSION's kx.

 -- Scheme Procedure: session-cipher session
     Return SESSION's cipher.

 -- Scheme Procedure: alert-send session level alert
     Send ALERT via SESSION.

 -- Scheme Procedure: alert-get session
     Get an aleter from SESSION.

 -- Scheme Procedure: rehandshake session
     Perform a re-handshaking for SESSION.

 -- Scheme Procedure: handshake session
     Perform a handshake for SESSION.

 -- Scheme Procedure: bye session how
     Close SESSION according to HOW.

 -- Scheme Procedure: make-session end
     Return a new session for connection end END, either
     'connection-end/server' or 'connection-end/client'.

 -- Scheme Procedure: gnutls-version
     Return a string denoting the version number of the underlying
     GnuTLS library, e.g., '"1.7.2"'.

 -- Scheme Procedure: x509-private-key? obj
     Return true if OBJ is of type 'x509-private-key'.

 -- Scheme Procedure: x509-certificate? obj
     Return true if OBJ is of type 'x509-certificate'.

 -- Scheme Procedure: psk-client-credentials? obj
     Return true if OBJ is of type 'psk-client-credentials'.

 -- Scheme Procedure: psk-server-credentials? obj
     Return true if OBJ is of type 'psk-server-credentials'.

 -- Scheme Procedure: srp-client-credentials? obj
     Return true if OBJ is of type 'srp-client-credentials'.

 -- Scheme Procedure: srp-server-credentials? obj
     Return true if OBJ is of type 'srp-server-credentials'.

 -- Scheme Procedure: certificate-credentials? obj
     Return true if OBJ is of type 'certificate-credentials'.

 -- Scheme Procedure: rsa-parameters? obj
     Return true if OBJ is of type 'rsa-parameters'.

 -- Scheme Procedure: dh-parameters? obj
     Return true if OBJ is of type 'dh-parameters'.

 -- Scheme Procedure: anonymous-server-credentials? obj
     Return true if OBJ is of type 'anonymous-server-credentials'.

 -- Scheme Procedure: anonymous-client-credentials? obj
     Return true if OBJ is of type 'anonymous-client-credentials'.

 -- Scheme Procedure: session? obj
     Return true if OBJ is of type 'session'.

 -- Scheme Procedure: error->string enumval
     Return a string describing ENUMVAL, a 'error' value.

 -- Scheme Procedure: certificate-verify->string enumval
     Return a string describing ENUMVAL, a 'certificate-verify' value.

 -- Scheme Procedure: key-usage->string enumval
     Return a string describing ENUMVAL, a 'key-usage' value.

 -- Scheme Procedure: psk-key-format->string enumval
     Return a string describing ENUMVAL, a 'psk-key-format' value.

 -- Scheme Procedure: sign-algorithm->string enumval
     Return a string describing ENUMVAL, a 'sign-algorithm' value.

 -- Scheme Procedure: pk-algorithm->string enumval
     Return a string describing ENUMVAL, a 'pk-algorithm' value.

 -- Scheme Procedure: x509-subject-alternative-name->string enumval
     Return a string describing ENUMVAL, a
     'x509-subject-alternative-name' value.

 -- Scheme Procedure: x509-certificate-format->string enumval
     Return a string describing ENUMVAL, a 'x509-certificate-format'
     value.

 -- Scheme Procedure: certificate-type->string enumval
     Return a string describing ENUMVAL, a 'certificate-type' value.

 -- Scheme Procedure: protocol->string enumval
     Return a string describing ENUMVAL, a 'protocol' value.

 -- Scheme Procedure: close-request->string enumval
     Return a string describing ENUMVAL, a 'close-request' value.

 -- Scheme Procedure: certificate-request->string enumval
     Return a string describing ENUMVAL, a 'certificate-request' value.

 -- Scheme Procedure: certificate-status->string enumval
     Return a string describing ENUMVAL, a 'certificate-status' value.

 -- Scheme Procedure: handshake-description->string enumval
     Return a string describing ENUMVAL, a 'handshake-description'
     value.

 -- Scheme Procedure: alert-description->string enumval
     Return a string describing ENUMVAL, a 'alert-description' value.

 -- Scheme Procedure: alert-level->string enumval
     Return a string describing ENUMVAL, a 'alert-level' value.

 -- Scheme Procedure: connection-end->string enumval
     Return a string describing ENUMVAL, a 'connection-end' value.

 -- Scheme Procedure: compression-method->string enumval
     Return a string describing ENUMVAL, a 'compression-method' value.

 -- Scheme Procedure: digest->string enumval
     Return a string describing ENUMVAL, a 'digest' value.

 -- Scheme Procedure: mac->string enumval
     Return a string describing ENUMVAL, a 'mac' value.

 -- Scheme Procedure: credentials->string enumval
     Return a string describing ENUMVAL, a 'credentials' value.

 -- Scheme Procedure: params->string enumval
     Return a string describing ENUMVAL, a 'params' value.

 -- Scheme Procedure: kx->string enumval
     Return a string describing ENUMVAL, a 'kx' value.

 -- Scheme Procedure: cipher->string enumval
     Return a string describing ENUMVAL, a 'cipher' value.

\1f
File: gnutls.info,  Node: Extra Interface,  Prev: Core Interface,  Up: Guile Reference

11.4.2 Extra Interface
----------------------

This section lists the Scheme procedures exported by the '(gnutls
extra)' module.  This module is licenced under the GNU General Public
Licence, version 3 or later.

 -- Scheme Procedure: set-certificate-credentials-openpgp-keys! cred pub
          sec
     Use certificate PUB and secret key SEC in certificate credentials
     CRED.

 -- Scheme Procedure: openpgp-keyring-contains-key-id? keyring id
     Return '#f' if key ID ID is in KEYRING, '#f' otherwise.

 -- Scheme Procedure: import-openpgp-keyring data format
     Import DATA (a u8vector) according to FORMAT and return the
     imported keyring.

 -- Scheme Procedure: openpgp-certificate-usage key
     Return a list of values denoting the key usage of KEY.

 -- Scheme Procedure: openpgp-certificate-version key
     Return the version of the OpenPGP message format (RFC2440) honored
     by KEY.

 -- Scheme Procedure: openpgp-certificate-algorithm key
     Return two values: the certificate algorithm used by KEY and the
     number of bits used.

 -- Scheme Procedure: openpgp-certificate-names key
     Return the list of names for KEY.

 -- Scheme Procedure: openpgp-certificate-name key index
     Return the INDEXth name of KEY.

 -- Scheme Procedure: openpgp-certificate-fingerprint key
     Return a new u8vector denoting the fingerprint of KEY.

 -- Scheme Procedure: openpgp-certificate-fingerprint! key fpr
     Store in FPR (a u8vector) the fingerprint of KEY.  Return the
     number of bytes stored in FPR.

 -- Scheme Procedure: openpgp-certificate-id! key id
     Store the ID (an 8 byte sequence) of certificate KEY in ID (a
     u8vector).

 -- Scheme Procedure: openpgp-certificate-id key
     Return the ID (an 8-element u8vector) of certificate KEY.

 -- Scheme Procedure: import-openpgp-private-key data format [pass]
     Return a new OpenPGP private key object resulting from the import
     of DATA (a uniform array) according to FORMAT.  Optionally, a
     passphrase may be provided.

 -- Scheme Procedure: import-openpgp-certificate data format
     Return a new OpenPGP certificate object resulting from the import
     of DATA (a uniform array) according to FORMAT.

 -- Scheme Procedure: openpgp-certificate-format->string enumval
     Return a string describing ENUMVAL, a 'openpgp-certificate-format'
     value.

 -- Scheme Procedure: openpgp-keyring? obj
     Return true if OBJ is of type 'openpgp-keyring'.

 -- Scheme Procedure: openpgp-private-key? obj
     Return true if OBJ is of type 'openpgp-private-key'.

 -- Scheme Procedure: openpgp-certificate? obj
     Return true if OBJ is of type 'openpgp-certificate'.

\1f
File: gnutls.info,  Node: Internal architecture of GnuTLS,  Next: Copying Information,  Prev: Guile Bindings,  Up: Top

12 Internal Architecture of GnuTLS
**********************************

This chapter is to give a brief description of the way GnuTLS works.
The focus is to give an idea to potential developers and those who want
to know what happens inside the black box.

* Menu:

* The TLS Protocol::
* TLS Handshake Protocol::
* TLS Authentication Methods::
* TLS Extension Handling::
* Certificate Handling::
* Cryptographic Backend::

\1f
File: gnutls.info,  Node: The TLS Protocol,  Next: TLS Handshake Protocol,  Up: Internal architecture of GnuTLS

12.1 The TLS Protocol
=====================

The main needs for the TLS protocol to be used are shown in the image
below.

\0\b[image src="gnutls-client-server-use-case.png"\0\b]

This is being accomplished by the following object diagram.  Note that
since GnuTLS is being developed in C object are just structures with
attributes.  The operations listed are functions that require the first
parameter to be that object. \0\b[image src="gnutls-objects.png"\0\b]

\1f
File: gnutls.info,  Node: TLS Handshake Protocol,  Next: TLS Authentication Methods,  Prev: The TLS Protocol,  Up: Internal architecture of GnuTLS

12.2 TLS Handshake Protocol
===========================

The GnuTLS handshake protocol is implemented as a state machine that
waits for input or returns immediately when the non-blocking transport
layer functions are used.  The main idea is shown in the following
figure.

\0\b[image src="gnutls-handshake-state.png"\0\b]

Also the way the input is processed varies per ciphersuite.  Several
implementations of the internal handlers are available and *note
gnutls_handshake:: only multiplexes the input to the appropriate
handler.  For example a PSK ciphersuite has a different implementation
of the 'process_client_key_exchange' than a certificate ciphersuite.

\0\b[image src="gnutls-handshake-sequence.png"\0\b]

\1f
File: gnutls.info,  Node: TLS Authentication Methods,  Next: TLS Extension Handling,  Prev: TLS Handshake Protocol,  Up: Internal architecture of GnuTLS

12.3 TLS Authentication Methods
===============================

In GnuTLS authentication methods can be implemented quite easily.  Since
the required changes to add a new authentication method affect only the
handshake protocol, a simple interface is used.  An authentication
method needs only to implement the functions as seen in the figure
below.

\0\b[image src="gnutls-mod_auth_st.png"\0\b]

The functions that need to be implemented are the ones responsible for
interpreting the handshake protocol messages.  It is common for such
functions to read data from one or more 'credentials_t' structures(1)
and write data, such as certificates, usernames etc.  to 'auth_info_t'
structures.

Simple examples of existing authentication methods can be seen in
'auth_psk.c' for PSK ciphersuites and 'auth_srp.c' for SRP ciphersuites.
After implementing these functions the structure holding its pointers
has to be registered in 'gnutls_algorithms.c' in the
'_gnutls_kx_algorithms' structure.

   ---------- Footnotes ----------

   (1) such as the 'gnutls_certificate_credentials_t' structures

\1f
File: gnutls.info,  Node: TLS Extension Handling,  Next: Certificate Handling,  Prev: TLS Authentication Methods,  Up: Internal architecture of GnuTLS

12.4 TLS Extension Handling
===========================

As with authentication methods, the TLS extensions handlers can be
implemented using the following interface.

\0\b[image src="gnutls-extensions_st.png"\0\b]

Here there are two functions, one for receiving the extension data and
one for sending.  These functions have to check internally whether they
operate in client or server side.

A simple example of an extension handler can be seen in 'ext_srp.c'
After implementing these functions, together with the extension number
they handle, they have to be registered in 'gnutls_extensions.c' in the
'_gnutls_extensions' structure.

12.4.1 Adding a New TLS Extension
---------------------------------

Adding support for a new TLS extension is done from time to time, and
the process to do so is not difficult.  Here are the steps you need to
follow if you wish to do this yourself.  For sake of discussion, let's
consider adding support for the hypothetical TLS extension 'foobar'.

  1. Add 'configure' option like '--enable-foobar' or
     '--disable-foobar'.

     This step is useful when the extension code is large and it might
     be desirable to disable the extension under some circumstances.
     Otherwise it can be safely skipped.

     Whether to chose enable or disable depends on whether you intend to
     make the extension be enabled by default.  Look at existing checks
     (i.e., SRP, authz) for how to model the code.  For example:

          AC_MSG_CHECKING([whether to disable foobar support])
          AC_ARG_ENABLE(foobar,
                AS_HELP_STRING([--disable-foobar],
                        [disable foobar support]),
                ac_enable_foobar=no)
          if test x$ac_enable_foobar != xno; then
           AC_MSG_RESULT(no)
           AC_DEFINE(ENABLE_FOOBAR, 1, [enable foobar])
          else
           ac_full=0
           AC_MSG_RESULT(yes)
          fi
          AM_CONDITIONAL(ENABLE_FOOBAR, test "$ac_enable_foobar" != "no")

     These lines should go in 'lib/m4/hooks.m4'.

  2. Add IANA extension value to 'extensions_t' in 'gnutls_int.h'.

     A good name for the value would be GNUTLS_EXTENSION_FOOBAR. Check
     with 'http://www.iana.org/assignments/tls-extensiontype-values' for
     allocated values.  For experiments, you could pick a number but
     remember that some consider it a bad idea to deploy such modified
     version since it will lead to interoperability problems in the
     future when the IANA allocates that number to someone else, or when
     the foobar protocol is allocated another number.

  3. Add an entry to '_gnutls_extensions' in 'gnutls_extensions.c'.

     A typical entry would be:

            int ret;

            /* ...
             */

          #if ENABLE_FOOBAR

            ret = _gnutls_ext_register (&foobar_ext);
            if (ret != GNUTLS_E_SUCCESS)
              return ret;
          #endif

     Most likely you'll need to add an '#include "ext_foobar.h"', that
     will contain something like like:
            extension_entry_st foobar_ext = {
              .name = "FOOBAR",
              .type = GNUTLS_EXTENSION_FOOBAR,
              .parse_type = GNUTLS_EXT_TLS,
              .recv_func = _foobar_recv_params,
              .send_func = _foobar_send_params,
              .pack_func = _foobar_pack,
              .unpack_func = _foobar_unpack,
              .deinit_func = NULL
            }

     The GNUTLS_EXTENSION_FOOBAR is the integer value you added to
     'gnutls_int.h' earlier.  In this structure you specify the
     functions to read the extension from the hello message, the
     function to send the reply to, and two more functions to pack and
     unpack from stored session data (e.g.  when resumming a session).
     The 'deinit' function will be called to deinitialize the
     extension's private parameters, if any.

     Note that the conditional 'ENABLE_FOOBAR' definition should only be
     used if step 1 with the 'configure' options has taken place.

  4. Add new files 'ext_foobar.c' and 'ext_foobar.h' that implement the
     extension.

     The functions you are responsible to add are those mentioned in the
     previous step.  As a starter, you could add this:

          int
          _foobar_recv_params (gnutls_session_t session,
                                      const opaque * data,
                                      size_t data_size)
          {
            return 0;
          }

          int
          _foobar_send_params (gnutls_session_t session,
                                      opaque * data,
                                      size_t _data_size)
          {
            return 0;
          }

          int
          _foobar_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
          {
             /* Append the extension's internal state to buffer */
             return 0;
          }

          int
          _foobar_unpack (gnutls_buffer_st * ps, extension_priv_data_t * epriv)
          {
             /* Read the internal state from buffer */
             return 0;
          }

     The '_foobar_recv_params' function is responsible for parsing
     incoming extension data (both in the client and server).

     The '_foobar_send_params' function is responsible for sending
     extension data (both in the client and server).

     The '_foobar_pack' function is responsible for packing internal
     extension data to save them in the session storage.

     The '_foobar_unpack' function is responsible for restoring session
     data from the session storage.

     If you receive length fields that doesn't match, return
     'GNUTLS_E_UNEXPECTED_PACKET_LENGTH'.  If you receive invalid data,
     return 'GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER'.  You can use other
     error codes too.  Return 0 on success.

     The function could store some information in the 'session' variable
     for later usage.  That can be done using the functions
     '_gnutls_ext_set_session_data' and '_gnutls_ext_get_session_data'.
     You can check simple examples at 'ext_max_record.c' and
     'ext_server_name.c' extensions.

     Recall that both the client and server both send and receives
     parameters, and your code most likely will need to do different
     things depending on which mode it is in.  It may be useful to make
     this distinction explicit in the code.  Thus, for example, a better
     template than above would be:

          int
          _gnutls_foobar_recv_params (gnutls_session_t session,
                                      const opaque * data,
                                      size_t data_size)
          {
            if (session->security_parameters.entity == GNUTLS_CLIENT)
              return foobar_recv_client (session, data, data_size);
            else
              return foobar_recv_server (session, data, data_size);
          }

          int
          _gnutls_foobar_send_params (gnutls_session_t session,
                                      opaque * data,
                                      size_t data_size)
          {
            if (session->security_parameters.entity == GNUTLS_CLIENT)
              return foobar_send_client (session, data, data_size);
            else
              return foobar_send_server (session, data, data_size);
          }

     The functions used would be declared as 'static' functions, of the
     appropriate prototype, in the same file.

     When adding the files, you'll need to add them to 'Makefile.am' as
     well, for example:

          if ENABLE_FOOBAR
          COBJECTS += ext_foobar.c
          HFILES += ext_foobar.h
          endif

  5. Add API functions to enable/disable the extension.

     Normally the client will have one API to request use of the
     extension, and setting some extension specific data.  The server
     will have one API to let the library know that it is willing to
     accept the extension, often this is implemented through a callback
     but it doesn't have to.

     The APIs need to be added to 'includes/gnutls/gnutls.h' or
     'includes/gnutls/extra.h' as appropriate.  It is recommended that
     if you don't have a requirement to use the LGPLv2.1+ license for
     your extension, that you place your work under the GPLv3+ license
     and thus in the libgnutls-extra library.

     You can implement the API function in the 'ext_foobar.c' file, or
     if that file ends up becoming rather larger, add a
     'gnutls_foobar.c' file.

     To make the API available in the shared library you need to add the
     symbol in 'lib/libgnutls.map' or 'libextra/libgnutls-extra.map' as
     appropriate, so that the symbol is exported properly.

     When writing GTK-DOC style documentation for your new APIs, don't
     forget to add 'Since:' tags to indicate the GnuTLS version the API
     was introduced in.

\1f
File: gnutls.info,  Node: Certificate Handling,  Next: Cryptographic Backend,  Prev: TLS Extension Handling,  Up: Internal architecture of GnuTLS

12.5 Certificate Handling
=========================

What is provided by the certificate handling functions is summarized in
the following diagram.

\0\b[image src="gnutls-certificate-user-use-case.png"\0\b]

\1f
File: gnutls.info,  Node: Cryptographic Backend,  Prev: Certificate Handling,  Up: Internal architecture of GnuTLS

12.6 Cryptographic Backend
==========================

Today most new processors, either for embedded or desktop systems
include either instructions intended to speed up cryptographic
operations, or a co-processor with cryptographic capabilities.  Taking
advantage of those is a challenging task for every cryptographic
application or library.  Unfortunately the cryptographic libraries that
GnuTLS is based on take no advantage of these properties.  For this
reason GnuTLS handles this internally by following a layered approach to
accessing cryptographic operations as in the following figure.

\0\b[image src="gnutls-crypto-layers.png"\0\b]

The TLS layer uses a cryptographic provider layer, that will in turn
either use the default crypto provider - a crypto library, or use an
external crypto provider, if available.

12.6.1 Cryptographic Library layer
----------------------------------

The Cryptographic Library layer, can currently be used either with
libgcrypt or libnettle, each of one has its advantages and some
disadvantages.  Libgcrypt is a self-contained library, pretty broad in
scope that supports many algorithms.  In some processors like VIA, it
will also use the available crypto instruction set hence providing
performance benefit comparing to plain software implementation.
Libnettle provides only software implementation of the basic algorithms
required in TLS, and is on average 30% faster that libgcrypt on almost
all algorithms.  For this reason libnettle is library used by default in
GnuTLS.

12.6.2 External cryptography provider
-------------------------------------

Systems that include a cryptographic co-processor, typically come with
kernel drivers to utilize the operations from software.  For this reason
GnuTLS provides a layer where each individual algorithm used can be
replaced by another implementation, i.e.  the one provided by the
driver.  The FreeBSD, OpenBSD and Linux kernels(1) include already a
number of hardware assisted implementations, and also provide an
interface to access them, called '/dev/crypto'.  GnuTLS will take
advantage of this interface if compiled with special options.  That is
because in most systems where hardware-assisted cryptographic operations
are not available, using this interface might actually reduce
performance.

It is possible to override parts of crypto backend both at runtime and
compile time.  Here we discuss the runtime possibility.  The API
available for this functionality is in 'gnutls/crypto.h' header file.

12.6.2.1 Override specific algorithms
.....................................

When an optimized implementation of a single algorithm is available, say
a hardware assisted version of AES-CBC then the following functions can
be used to register those algorithms.

   * *note gnutls_crypto_single_cipher_register2:: To register a cipher
     algorithm.

     *note gnutls_crypto_single_digest_register2:: To register a hash
     (digest) or MAC algorithm.

Those registration functions will only replace the specified algorithm
and leave the rest of subsystem intact.

12.6.2.2 Override parts of the backend
......................................

In some systems, such as embedded ones, it might be desirable to
override big parts of the cryptographic backend, or even all of them.
For this reason the following functions are provided.

   * *note gnutls_crypto_cipher_register2:: To override the
     cryptographic algorithms backend.

   * *note gnutls_crypto_digest_register2:: To override the digest
     algorithms backend.

   * *note gnutls_crypto_rnd_register2:: To override the random number
     generator backend.

   * *note gnutls_crypto_bigint_register2:: To override the big number
     number operations backend.

   * *note gnutls_crypto_pk_register2:: To override the public key
     encryption backend.  This is tight to the big number operations so
     either both of them should be updated or care must be taken to use
     the same format.

If all of them are used then GnuTLS will no longer use libgcrypt.

   ---------- Footnotes ----------

   (1) Check 'http://home.gna.org/cryptodev-linux/' for the Linux kernel
implementation of '/dev/crypto'.

\1f
File: gnutls.info,  Node: Copying Information,  Next: Bibliography,  Prev: Internal architecture of GnuTLS,  Up: Top

Appendix A Copying Information
******************************

* Menu:

* GNU Free Documentation License::   License for copying this manual.
* GNU LGPL::                     License for copying the core GnuTLS library.
* GNU GPL::                      License for copying GnuTLS-extra and tools.

\1f
File: gnutls.info,  Node: GNU Free Documentation License,  Next: GNU LGPL,  Up: Copying Information

A.1 GNU Free Documentation License
==================================

                     Version 1.3, 3 November 2008

     Copyright (C) 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
     'http://fsf.org/'

     Everyone is permitted to copy and distribute verbatim copies
     of this license document, but changing it is not allowed.

  0. PREAMBLE

     The purpose of this License is to make a manual, textbook, or other
     functional and useful document "free" in the sense of freedom: to
     assure everyone the effective freedom to copy and redistribute it,
     with or without modifying it, either commercially or
     noncommercially.  Secondarily, this License preserves for the
     author and publisher a way to get credit for their work, while not
     being considered responsible for modifications made by others.

     This License is a kind of "copyleft", which means that derivative
     works of the document must themselves be free in the same sense.
     It complements the GNU General Public License, which is a copyleft
     license designed for free software.

     We have designed this License in order to use it for manuals for
     free software, because free software needs free documentation: a
     free program should come with manuals providing the same freedoms
     that the software does.  But this License is not limited to
     software manuals; it can be used for any textual work, regardless
     of subject matter or whether it is published as a printed book.  We
     recommend this License principally for works whose purpose is
     instruction or reference.

  1. APPLICABILITY AND DEFINITIONS

     This License applies to any manual or other work, in any medium,
     that contains a notice placed by the copyright holder saying it can
     be distributed under the terms of this License.  Such a notice
     grants a world-wide, royalty-free license, unlimited in duration,
     to use that work under the conditions stated herein.  The
     "Document", below, refers to any such manual or work.  Any member
     of the public is a licensee, and is addressed as "you".  You accept
     the license if you copy, modify or distribute the work in a way
     requiring permission under copyright law.

     A "Modified Version" of the Document means any work containing the
     Document or a portion of it, either copied verbatim, or with
     modifications and/or translated into another language.

     A "Secondary Section" is a named appendix or a front-matter section
     of the Document that deals exclusively with the relationship of the
     publishers or authors of the Document to the Document's overall
     subject (or to related matters) and contains nothing that could
     fall directly within that overall subject.  (Thus, if the Document
     is in part a textbook of mathematics, a Secondary Section may not
     explain any mathematics.)  The relationship could be a matter of
     historical connection with the subject or with related matters, or
     of legal, commercial, philosophical, ethical or political position
     regarding them.

     The "Invariant Sections" are certain Secondary Sections whose
     titles are designated, as being those of Invariant Sections, in the
     notice that says that the Document is released under this License.
     If a section does not fit the above definition of Secondary then it
     is not allowed to be designated as Invariant.  The Document may
     contain zero Invariant Sections.  If the Document does not identify
     any Invariant Sections then there are none.

     The "Cover Texts" are certain short passages of text that are
     listed, as Front-Cover Texts or Back-Cover Texts, in the notice
     that says that the Document is released under this License.  A
     Front-Cover Text may be at most 5 words, and a Back-Cover Text may
     be at most 25 words.

     A "Transparent" copy of the Document means a machine-readable copy,
     represented in a format whose specification is available to the
     general public, that is suitable for revising the document
     straightforwardly with generic text editors or (for images composed
     of pixels) generic paint programs or (for drawings) some widely
     available drawing editor, and that is suitable for input to text
     formatters or for automatic translation to a variety of formats
     suitable for input to text formatters.  A copy made in an otherwise
     Transparent file format whose markup, or absence of markup, has
     been arranged to thwart or discourage subsequent modification by
     readers is not Transparent.  An image format is not Transparent if
     used for any substantial amount of text.  A copy that is not
     "Transparent" is called "Opaque".

     Examples of suitable formats for Transparent copies include plain
     ASCII without markup, Texinfo input format, LaTeX input format,
     SGML or XML using a publicly available DTD, and standard-conforming
     simple HTML, PostScript or PDF designed for human modification.
     Examples of transparent image formats include PNG, XCF and JPG.
     Opaque formats include proprietary formats that can be read and
     edited only by proprietary word processors, SGML or XML for which
     the DTD and/or processing tools are not generally available, and
     the machine-generated HTML, PostScript or PDF produced by some word
     processors for output purposes only.

     The "Title Page" means, for a printed book, the title page itself,
     plus such following pages as are needed to hold, legibly, the
     material this License requires to appear in the title page.  For
     works in formats which do not have any title page as such, "Title
     Page" means the text near the most prominent appearance of the
     work's title, preceding the beginning of the body of the text.

     The "publisher" means any person or entity that distributes copies
     of the Document to the public.

     A section "Entitled XYZ" means a named subunit of the Document
     whose title either is precisely XYZ or contains XYZ in parentheses
     following text that translates XYZ in another language.  (Here XYZ
     stands for a specific section name mentioned below, such as
     "Acknowledgements", "Dedications", "Endorsements", or "History".)
     To "Preserve the Title" of such a section when you modify the
     Document means that it remains a section "Entitled XYZ" according
     to this definition.

     The Document may include Warranty Disclaimers next to the notice
     which states that this License applies to the Document.  These
     Warranty Disclaimers are considered to be included by reference in
     this License, but only as regards disclaiming warranties: any other
     implication that these Warranty Disclaimers may have is void and
     has no effect on the meaning of this License.

  2. VERBATIM COPYING

     You may copy and distribute the Document in any medium, either
     commercially or noncommercially, provided that this License, the
     copyright notices, and the license notice saying this License
     applies to the Document are reproduced in all copies, and that you
     add no other conditions whatsoever to those of this License.  You
     may not use technical measures to obstruct or control the reading
     or further copying of the copies you make or distribute.  However,
     you may accept compensation in exchange for copies.  If you
     distribute a large enough number of copies you must also follow the
     conditions in section 3.

     You may also lend copies, under the same conditions stated above,
     and you may publicly display copies.

  3. COPYING IN QUANTITY

     If you publish printed copies (or copies in media that commonly
     have printed covers) of the Document, numbering more than 100, and
     the Document's license notice requires Cover Texts, you must
     enclose the copies in covers that carry, clearly and legibly, all
     these Cover Texts: Front-Cover Texts on the front cover, and
     Back-Cover Texts on the back cover.  Both covers must also clearly
     and legibly identify you as the publisher of these copies.  The
     front cover must present the full title with all words of the title
     equally prominent and visible.  You may add other material on the
     covers in addition.  Copying with changes limited to the covers, as
     long as they preserve the title of the Document and satisfy these
     conditions, can be treated as verbatim copying in other respects.

     If the required texts for either cover are too voluminous to fit
     legibly, you should put the first ones listed (as many as fit
     reasonably) on the actual cover, and continue the rest onto
     adjacent pages.

     If you publish or distribute Opaque copies of the Document
     numbering more than 100, you must either include a machine-readable
     Transparent copy along with each Opaque copy, or state in or with
     each Opaque copy a computer-network location from which the general
     network-using public has access to download using public-standard
     network protocols a complete Transparent copy of the Document, free
     of added material.  If you use the latter option, you must take
     reasonably prudent steps, when you begin distribution of Opaque
     copies in quantity, to ensure that this Transparent copy will
     remain thus accessible at the stated location until at least one
     year after the last time you distribute an Opaque copy (directly or
     through your agents or retailers) of that edition to the public.

     It is requested, but not required, that you contact the authors of
     the Document well before redistributing any large number of copies,
     to give them a chance to provide you with an updated version of the
     Document.

  4. MODIFICATIONS

     You may copy and distribute a Modified Version of the Document
     under the conditions of sections 2 and 3 above, provided that you
     release the Modified Version under precisely this License, with the
     Modified Version filling the role of the Document, thus licensing
     distribution and modification of the Modified Version to whoever
     possesses a copy of it.  In addition, you must do these things in
     the Modified Version:

       A. Use in the Title Page (and on the covers, if any) a title
          distinct from that of the Document, and from those of previous
          versions (which should, if there were any, be listed in the
          History section of the Document).  You may use the same title
          as a previous version if the original publisher of that
          version gives permission.

       B. List on the Title Page, as authors, one or more persons or
          entities responsible for authorship of the modifications in
          the Modified Version, together with at least five of the
          principal authors of the Document (all of its principal
          authors, if it has fewer than five), unless they release you
          from this requirement.

       C. State on the Title page the name of the publisher of the
          Modified Version, as the publisher.

       D. Preserve all the copyright notices of the Document.

       E. Add an appropriate copyright notice for your modifications
          adjacent to the other copyright notices.

       F. Include, immediately after the copyright notices, a license
          notice giving the public permission to use the Modified
          Version under the terms of this License, in the form shown in
          the Addendum below.

       G. Preserve in that license notice the full lists of Invariant
          Sections and required Cover Texts given in the Document's
          license notice.

       H. Include an unaltered copy of this License.

       I. Preserve the section Entitled "History", Preserve its Title,
          and add to it an item stating at least the title, year, new
          authors, and publisher of the Modified Version as given on the
          Title Page.  If there is no section Entitled "History" in the
          Document, create one stating the title, year, authors, and
          publisher of the Document as given on its Title Page, then add
          an item describing the Modified Version as stated in the
          previous sentence.

       J. Preserve the network location, if any, given in the Document
          for public access to a Transparent copy of the Document, and
          likewise the network locations given in the Document for
          previous versions it was based on.  These may be placed in the
          "History" section.  You may omit a network location for a work
          that was published at least four years before the Document
          itself, or if the original publisher of the version it refers
          to gives permission.

       K. For any section Entitled "Acknowledgements" or "Dedications",
          Preserve the Title of the section, and preserve in the section
          all the substance and tone of each of the contributor
          acknowledgements and/or dedications given therein.

       L. Preserve all the Invariant Sections of the Document, unaltered
          in their text and in their titles.  Section numbers or the
          equivalent are not considered part of the section titles.

       M. Delete any section Entitled "Endorsements".  Such a section
          may not be included in the Modified Version.

       N. Do not retitle any existing section to be Entitled
          "Endorsements" or to conflict in title with any Invariant
          Section.

       O. Preserve any Warranty Disclaimers.

     If the Modified Version includes new front-matter sections or
     appendices that qualify as Secondary Sections and contain no
     material copied from the Document, you may at your option designate
     some or all of these sections as invariant.  To do this, add their
     titles to the list of Invariant Sections in the Modified Version's
     license notice.  These titles must be distinct from any other
     section titles.

     You may add a section Entitled "Endorsements", provided it contains
     nothing but endorsements of your Modified Version by various
     parties--for example, statements of peer review or that the text
     has been approved by an organization as the authoritative
     definition of a standard.

     You may add a passage of up to five words as a Front-Cover Text,
     and a passage of up to 25 words as a Back-Cover Text, to the end of
     the list of Cover Texts in the Modified Version.  Only one passage
     of Front-Cover Text and one of Back-Cover Text may be added by (or
     through arrangements made by) any one entity.  If the Document
     already includes a cover text for the same cover, previously added
     by you or by arrangement made by the same entity you are acting on
     behalf of, you may not add another; but you may replace the old
     one, on explicit permission from the previous publisher that added
     the old one.

     The author(s) and publisher(s) of the Document do not by this
     License give permission to use their names for publicity for or to
     assert or imply endorsement of any Modified Version.

  5. COMBINING DOCUMENTS

     You may combine the Document with other documents released under
     this License, under the terms defined in section 4 above for
     modified versions, provided that you include in the combination all
     of the Invariant Sections of all of the original documents,
     unmodified, and list them all as Invariant Sections of your
     combined work in its license notice, and that you preserve all
     their Warranty Disclaimers.

     The combined work need only contain one copy of this License, and
     multiple identical Invariant Sections may be replaced with a single
     copy.  If there are multiple Invariant Sections with the same name
     but different contents, make the title of each such section unique
     by adding at the end of it, in parentheses, the name of the
     original author or publisher of that section if known, or else a
     unique number.  Make the same adjustment to the section titles in
     the list of Invariant Sections in the license notice of the
     combined work.

     In the combination, you must combine any sections Entitled
     "History" in the various original documents, forming one section
     Entitled "History"; likewise combine any sections Entitled
     "Acknowledgements", and any sections Entitled "Dedications".  You
     must delete all sections Entitled "Endorsements."

  6. COLLECTIONS OF DOCUMENTS

     You may make a collection consisting of the Document and other
     documents released under this License, and replace the individual
     copies of this License in the various documents with a single copy
     that is included in the collection, provided that you follow the
     rules of this License for verbatim copying of each of the documents
     in all other respects.

     You may extract a single document from such a collection, and
     distribute it individually under this License, provided you insert
     a copy of this License into the extracted document, and follow this
     License in all other respects regarding verbatim copying of that
     document.

  7. AGGREGATION WITH INDEPENDENT WORKS

     A compilation of the Document or its derivatives with other
     separate and independent documents or works, in or on a volume of a
     storage or distribution medium, is called an "aggregate" if the
     copyright resulting from the compilation is not used to limit the
     legal rights of the compilation's users beyond what the individual
     works permit.  When the Document is included in an aggregate, this
     License does not apply to the other works in the aggregate which
     are not themselves derivative works of the Document.

     If the Cover Text requirement of section 3 is applicable to these
     copies of the Document, then if the Document is less than one half
     of the entire aggregate, the Document's Cover Texts may be placed
     on covers that bracket the Document within the aggregate, or the
     electronic equivalent of covers if the Document is in electronic
     form.  Otherwise they must appear on printed covers that bracket
     the whole aggregate.

  8. TRANSLATION

     Translation is considered a kind of modification, so you may
     distribute translations of the Document under the terms of section
     4.  Replacing Invariant Sections with translations requires special
     permission from their copyright holders, but you may include
     translations of some or all Invariant Sections in addition to the
     original versions of these Invariant Sections.  You may include a
     translation of this License, and all the license notices in the
     Document, and any Warranty Disclaimers, provided that you also
     include the original English version of this License and the
     original versions of those notices and disclaimers.  In case of a
     disagreement between the translation and the original version of
     this License or a notice or disclaimer, the original version will
     prevail.

     If a section in the Document is Entitled "Acknowledgements",
     "Dedications", or "History", the requirement (section 4) to
     Preserve its Title (section 1) will typically require changing the
     actual title.

  9. TERMINATION

     You may not copy, modify, sublicense, or distribute the Document
     except as expressly provided under this License.  Any attempt
     otherwise to copy, modify, sublicense, or distribute it is void,
     and will automatically terminate your rights under this License.

     However, if you cease all violation of this License, then your
     license from a particular copyright holder is reinstated (a)
     provisionally, unless and until the copyright holder explicitly and
     finally terminates your license, and (b) permanently, if the
     copyright holder fails to notify you of the violation by some
     reasonable means prior to 60 days after the cessation.

     Moreover, your license from a particular copyright holder is
     reinstated permanently if the copyright holder notifies you of the
     violation by some reasonable means, this is the first time you have
     received notice of violation of this License (for any work) from
     that copyright holder, and you cure the violation prior to 30 days
     after your receipt of the notice.

     Termination of your rights under this section does not terminate
     the licenses of parties who have received copies or rights from you
     under this License.  If your rights have been terminated and not
     permanently reinstated, receipt of a copy of some or all of the
     same material does not give you any rights to use it.

  10. FUTURE REVISIONS OF THIS LICENSE

     The Free Software Foundation may publish new, revised versions of
     the GNU Free Documentation License from time to time.  Such new
     versions will be similar in spirit to the present version, but may
     differ in detail to address new problems or concerns.  See
     'http://www.gnu.org/copyleft/'.

     Each version of the License is given a distinguishing version
     number.  If the Document specifies that a particular numbered
     version of this License "or any later version" applies to it, you
     have the option of following the terms and conditions either of
     that specified version or of any later version that has been
     published (not as a draft) by the Free Software Foundation.  If the
     Document does not specify a version number of this License, you may
     choose any version ever published (not as a draft) by the Free
     Software Foundation.  If the Document specifies that a proxy can
     decide which future versions of this License can be used, that
     proxy's public statement of acceptance of a version permanently
     authorizes you to choose that version for the Document.

  11. RELICENSING

     "Massive Multiauthor Collaboration Site" (or "MMC Site") means any
     World Wide Web server that publishes copyrightable works and also
     provides prominent facilities for anybody to edit those works.  A
     public wiki that anybody can edit is an example of such a server.
     A "Massive Multiauthor Collaboration" (or "MMC") contained in the
     site means any set of copyrightable works thus published on the MMC
     site.

     "CC-BY-SA" means the Creative Commons Attribution-Share Alike 3.0
     license published by Creative Commons Corporation, a not-for-profit
     corporation with a principal place of business in San Francisco,
     California, as well as future copyleft versions of that license
     published by that same organization.

     "Incorporate" means to publish or republish a Document, in whole or
     in part, as part of another Document.

     An MMC is "eligible for relicensing" if it is licensed under this
     License, and if all works that were first published under this
     License somewhere other than this MMC, and subsequently
     incorporated in whole or in part into the MMC, (1) had no cover
     texts or invariant sections, and (2) were thus incorporated prior
     to November 1, 2008.

     The operator of an MMC Site may republish an MMC contained in the
     site under CC-BY-SA on the same site at any time before August 1,
     2009, provided the MMC is eligible for relicensing.

ADDENDUM: How to use this License for your documents
====================================================

To use this License in a document you have written, include a copy of
the License in the document and put the following copyright and license
notices just after the title page:

       Copyright (C)  YEAR  YOUR NAME.
       Permission is granted to copy, distribute and/or modify this document
       under the terms of the GNU Free Documentation License, Version 1.3
       or any later version published by the Free Software Foundation;
       with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
       Texts.  A copy of the license is included in the section entitled ``GNU
       Free Documentation License''.

If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts,
replace the "with...Texts." line with this:

         with the Invariant Sections being LIST THEIR TITLES, with
         the Front-Cover Texts being LIST, and with the Back-Cover Texts
         being LIST.

If you have Invariant Sections without Cover Texts, or some other
combination of the three, merge those two alternatives to suit the
situation.

If your document contains nontrivial examples of program code, we
recommend releasing these examples in parallel under your choice of free
software license, such as the GNU General Public License, to permit
their use in free software.

\1f
File: gnutls.info,  Node: GNU LGPL,  Next: GNU GPL,  Prev: GNU Free Documentation License,  Up: Copying Information

A.2 GNU Lesser General Public License
=====================================

                      Version 2.1, February 1999

     Copyright (C) 1991, 1999 Free Software Foundation, Inc.
     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA

     Everyone is permitted to copy and distribute verbatim copies
     of this license document, but changing it is not allowed.

     [This is the first released version of the Lesser GPL.  It also counts
     as the successor of the GNU Library Public License, version 2, hence the
     version number 2.1.]

Preamble
--------

The licenses for most software are designed to take away your freedom to
share and change it.  By contrast, the GNU General Public Licenses are
intended to guarantee your freedom to share and change free software--to
make sure the software is free for all its users.

This license, the Lesser General Public License, applies to some
specially designated software--typically libraries--of the Free Software
Foundation and other authors who decide to use it.  You can use it too,
but we suggest you first think carefully about whether this license or
the ordinary General Public License is the better strategy to use in any
particular case, based on the explanations below.

When we speak of free software, we are referring to freedom of use, not
price.  Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish); that you receive source code or can get it if
you want it; that you can change the software and use pieces of it in
new free programs; and that you are informed that you can do these
things.

To protect your rights, we need to make restrictions that forbid
distributors to deny you these rights or to ask you to surrender these
rights.  These restrictions translate to certain responsibilities for
you if you distribute copies of the library or if you modify it.

For example, if you distribute copies of the library, whether gratis or
for a fee, you must give the recipients all the rights that we gave you.
You must make sure that they, too, receive or can get the source code.
If you link other code with the library, you must provide complete
object files to the recipients, so that they can relink them with the
library after making changes to the library and recompiling it.  And you
must show them these terms so they know their rights.

We protect your rights with a two-step method: (1) we copyright the
library, and (2) we offer you this license, which gives you legal
permission to copy, distribute and/or modify the library.

To protect each distributor, we want to make it very clear that there is
no warranty for the free library.  Also, if the library is modified by
someone else and passed on, the recipients should know that what they
have is not the original version, so that the original author's
reputation will not be affected by problems that might be introduced by
others.

Finally, software patents pose a constant threat to the existence of any
free program.  We wish to make sure that a company cannot effectively
restrict the users of a free program by obtaining a restrictive license
from a patent holder.  Therefore, we insist that any patent license
obtained for a version of the library must be consistent with the full
freedom of use specified in this license.

Most GNU software, including some libraries, is covered by the ordinary
GNU General Public License.  This license, the GNU Lesser General Public
License, applies to certain designated libraries, and is quite different
from the ordinary General Public License.  We use this license for
certain libraries in order to permit linking those libraries into
non-free programs.

When a program is linked with a library, whether statically or using a
shared library, the combination of the two is legally speaking a
combined work, a derivative of the original library.  The ordinary
General Public License therefore permits such linking only if the entire
combination fits its criteria of freedom.  The Lesser General Public
License permits more lax criteria for linking other code with the
library.

We call this license the "Lesser" General Public License because it does
_Less_ to protect the user's freedom than the ordinary General Public
License.  It also provides other free software developers Less of an
advantage over competing non-free programs.  These disadvantages are the
reason we use the ordinary General Public License for many libraries.
However, the Lesser license provides advantages in certain special
circumstances.

For example, on rare occasions, there may be a special need to encourage
the widest possible use of a certain library, so that it becomes a
de-facto standard.  To achieve this, non-free programs must be allowed
to use the library.  A more frequent case is that a free library does
the same job as widely used non-free libraries.  In this case, there is
little to gain by limiting the free library to free software only, so we
use the Lesser General Public License.

In other cases, permission to use a particular library in non-free
programs enables a greater number of people to use a large body of free
software.  For example, permission to use the GNU C Library in non-free
programs enables many more people to use the whole GNU operating system,
as well as its variant, the GNU/Linux operating system.

Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is linked
with the Library has the freedom and the wherewithal to run that program
using a modified version of the Library.

The precise terms and conditions for copying, distribution and
modification follow.  Pay close attention to the difference between a
"work based on the library" and a "work that uses the library".  The
former contains code derived from the library, whereas the latter must
be combined with the library in order to run.

TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
---------------------------------------------------------------

  0. This License Agreement applies to any software library or other
     program which contains a notice placed by the copyright holder or
     other authorized party saying it may be distributed under the terms
     of this Lesser General Public License (also called "this License").
     Each licensee is addressed as "you".

     A "library" means a collection of software functions and/or data
     prepared so as to be conveniently linked with application programs
     (which use some of those functions and data) to form executables.

     The "Library", below, refers to any such software library or work
     which has been distributed under these terms.  A "work based on the
     Library" means either the Library or any derivative work under
     copyright law: that is to say, a work containing the Library or a
     portion of it, either verbatim or with modifications and/or
     translated straightforwardly into another language.  (Hereinafter,
     translation is included without limitation in the term
     "modification".)

     "Source code" for a work means the preferred form of the work for
     making modifications to it.  For a library, complete source code
     means all the source code for all modules it contains, plus any
     associated interface definition files, plus the scripts used to
     control compilation and installation of the library.

     Activities other than copying, distribution and modification are
     not covered by this License; they are outside its scope.  The act
     of running a program using the Library is not restricted, and
     output from such a program is covered only if its contents
     constitute a work based on the Library (independent of the use of
     the Library in a tool for writing it).  Whether that is true
     depends on what the Library does and what the program that uses the
     Library does.

  1. You may copy and distribute verbatim copies of the Library's
     complete source code as you receive it, in any medium, provided
     that you conspicuously and appropriately publish on each copy an
     appropriate copyright notice and disclaimer of warranty; keep
     intact all the notices that refer to this License and to the
     absence of any warranty; and distribute a copy of this License
     along with the Library.

     You may charge a fee for the physical act of transferring a copy,
     and you may at your option offer warranty protection in exchange
     for a fee.

  2. You may modify your copy or copies of the Library or any portion of
     it, thus forming a work based on the Library, and copy and
     distribute such modifications or work under the terms of Section 1
     above, provided that you also meet all of these conditions:

       a. The modified work must itself be a software library.

       b. You must cause the files modified to carry prominent notices
          stating that you changed the files and the date of any change.

       c. You must cause the whole of the work to be licensed at no
          charge to all third parties under the terms of this License.

       d. If a facility in the modified Library refers to a function or
          a table of data to be supplied by an application program that
          uses the facility, other than as an argument passed when the
          facility is invoked, then you must make a good faith effort to
          ensure that, in the event an application does not supply such
          function or table, the facility still operates, and performs
          whatever part of its purpose remains meaningful.

          (For example, a function in a library to compute square roots
          has a purpose that is entirely well-defined independent of the
          application.  Therefore, Subsection 2d requires that any
          application-supplied function or table used by this function
          must be optional: if the application does not supply it, the
          square root function must still compute square roots.)

     These requirements apply to the modified work as a whole.  If
     identifiable sections of that work are not derived from the
     Library, and can be reasonably considered independent and separate
     works in themselves, then this License, and its terms, do not apply
     to those sections when you distribute them as separate works.  But
     when you distribute the same sections as part of a whole which is a
     work based on the Library, the distribution of the whole must be on
     the terms of this License, whose permissions for other licensees
     extend to the entire whole, and thus to each and every part
     regardless of who wrote it.

     Thus, it is not the intent of this section to claim rights or
     contest your rights to work written entirely by you; rather, the
     intent is to exercise the right to control the distribution of
     derivative or collective works based on the Library.

     In addition, mere aggregation of another work not based on the
     Library with the Library (or with a work based on the Library) on a
     volume of a storage or distribution medium does not bring the other
     work under the scope of this License.

  3. You may opt to apply the terms of the ordinary GNU General Public
     License instead of this License to a given copy of the Library.  To
     do this, you must alter all the notices that refer to this License,
     so that they refer to the ordinary GNU General Public License,
     version 2, instead of to this License.  (If a newer version than
     version 2 of the ordinary GNU General Public License has appeared,
     then you can specify that version instead if you wish.)  Do not
     make any other change in these notices.

     Once this change is made in a given copy, it is irreversible for
     that copy, so the ordinary GNU General Public License applies to
     all subsequent copies and derivative works made from that copy.

     This option is useful when you wish to copy part of the code of the
     Library into a program that is not a library.

  4. You may copy and distribute the Library (or a portion or derivative
     of it, under Section 2) in object code or executable form under the
     terms of Sections 1 and 2 above provided that you accompany it with
     the complete corresponding machine-readable source code, which must
     be distributed under the terms of Sections 1 and 2 above on a
     medium customarily used for software interchange.

     If distribution of object code is made by offering access to copy
     from a designated place, then offering equivalent access to copy
     the source code from the same place satisfies the requirement to
     distribute the source code, even though third parties are not
     compelled to copy the source along with the object code.

  5. A program that contains no derivative of any portion of the
     Library, but is designed to work with the Library by being compiled
     or linked with it, is called a "work that uses the Library".  Such
     a work, in isolation, is not a derivative work of the Library, and
     therefore falls outside the scope of this License.

     However, linking a "work that uses the Library" with the Library
     creates an executable that is a derivative of the Library (because
     it contains portions of the Library), rather than a "work that uses
     the library".  The executable is therefore covered by this License.
     Section 6 states terms for distribution of such executables.

     When a "work that uses the Library" uses material from a header
     file that is part of the Library, the object code for the work may
     be a derivative work of the Library even though the source code is
     not.  Whether this is true is especially significant if the work
     can be linked without the Library, or if the work is itself a
     library.  The threshold for this to be true is not precisely
     defined by law.

     If such an object file uses only numerical parameters, data
     structure layouts and accessors, and small macros and small inline
     functions (ten lines or less in length), then the use of the object
     file is unrestricted, regardless of whether it is legally a
     derivative work.  (Executables containing this object code plus
     portions of the Library will still fall under Section 6.)

     Otherwise, if the work is a derivative of the Library, you may
     distribute the object code for the work under the terms of Section
     6.  Any executables containing that work also fall under Section 6,
     whether or not they are linked directly with the Library itself.

  6. As an exception to the Sections above, you may also combine or link
     a "work that uses the Library" with the Library to produce a work
     containing portions of the Library, and distribute that work under
     terms of your choice, provided that the terms permit modification
     of the work for the customer's own use and reverse engineering for
     debugging such modifications.

     You must give prominent notice with each copy of the work that the
     Library is used in it and that the Library and its use are covered
     by this License.  You must supply a copy of this License.  If the
     work during execution displays copyright notices, you must include
     the copyright notice for the Library among them, as well as a
     reference directing the user to the copy of this License.  Also,
     you must do one of these things:

       a. Accompany the work with the complete corresponding
          machine-readable source code for the Library including
          whatever changes were used in the work (which must be
          distributed under Sections 1 and 2 above); and, if the work is
          an executable linked with the Library, with the complete
          machine-readable "work that uses the Library", as object code
          and/or source code, so that the user can modify the Library
          and then relink to produce a modified executable containing
          the modified Library.  (It is understood that the user who
          changes the contents of definitions files in the Library will
          not necessarily be able to recompile the application to use
          the modified definitions.)

       b. Use a suitable shared library mechanism for linking with the
          Library.  A suitable mechanism is one that (1) uses at run
          time a copy of the library already present on the user's
          computer system, rather than copying library functions into
          the executable, and (2) will operate properly with a modified
          version of the library, if the user installs one, as long as
          the modified version is interface-compatible with the version
          that the work was made with.

       c. Accompany the work with a written offer, valid for at least
          three years, to give the same user the materials specified in
          Subsection 6a, above, for a charge no more than the cost of
          performing this distribution.

       d. If distribution of the work is made by offering access to copy
          from a designated place, offer equivalent access to copy the
          above specified materials from the same place.

       e. Verify that the user has already received a copy of these
          materials or that you have already sent this user a copy.

     For an executable, the required form of the "work that uses the
     Library" must include any data and utility programs needed for
     reproducing the executable from it.  However, as a special
     exception, the materials to be distributed need not include
     anything that is normally distributed (in either source or binary
     form) with the major components (compiler, kernel, and so on) of
     the operating system on which the executable runs, unless that
     component itself accompanies the executable.

     It may happen that this requirement contradicts the license
     restrictions of other proprietary libraries that do not normally
     accompany the operating system.  Such a contradiction means you
     cannot use both them and the Library together in an executable that
     you distribute.

  7. You may place library facilities that are a work based on the
     Library side-by-side in a single library together with other
     library facilities not covered by this License, and distribute such
     a combined library, provided that the separate distribution of the
     work based on the Library and of the other library facilities is
     otherwise permitted, and provided that you do these two things:

       a. Accompany the combined library with a copy of the same work
          based on the Library, uncombined with any other library
          facilities.  This must be distributed under the terms of the
          Sections above.

       b. Give prominent notice with the combined library of the fact
          that part of it is a work based on the Library, and explaining
          where to find the accompanying uncombined form of the same
          work.

  8. You may not copy, modify, sublicense, link with, or distribute the
     Library except as expressly provided under this License.  Any
     attempt otherwise to copy, modify, sublicense, link with, or
     distribute the Library is void, and will automatically terminate
     your rights under this License.  However, parties who have received
     copies, or rights, from you under this License will not have their
     licenses terminated so long as such parties remain in full
     compliance.

  9. You are not required to accept this License, since you have not
     signed it.  However, nothing else grants you permission to modify
     or distribute the Library or its derivative works.  These actions
     are prohibited by law if you do not accept this License.
     Therefore, by modifying or distributing the Library (or any work
     based on the Library), you indicate your acceptance of this License
     to do so, and all its terms and conditions for copying,
     distributing or modifying the Library or works based on it.

  10. Each time you redistribute the Library (or any work based on the
     Library), the recipient automatically receives a license from the
     original licensor to copy, distribute, link with or modify the
     Library subject to these terms and conditions.  You may not impose
     any further restrictions on the recipients' exercise of the rights
     granted herein.  You are not responsible for enforcing compliance
     by third parties with this License.

  11. If, as a consequence of a court judgment or allegation of patent
     infringement or for any other reason (not limited to patent
     issues), conditions are imposed on you (whether by court order,
     agreement or otherwise) that contradict the conditions of this
     License, they do not excuse you from the conditions of this
     License.  If you cannot distribute so as to satisfy simultaneously
     your obligations under this License and any other pertinent
     obligations, then as a consequence you may not distribute the
     Library at all.  For example, if a patent license would not permit
     royalty-free redistribution of the Library by all those who receive
     copies directly or indirectly through you, then the only way you
     could satisfy both it and this License would be to refrain entirely
     from distribution of the Library.

     If any portion of this section is held invalid or unenforceable
     under any particular circumstance, the balance of the section is
     intended to apply, and the section as a whole is intended to apply
     in other circumstances.

     It is not the purpose of this section to induce you to infringe any
     patents or other property right claims or to contest validity of
     any such claims; this section has the sole purpose of protecting
     the integrity of the free software distribution system which is
     implemented by public license practices.  Many people have made
     generous contributions to the wide range of software distributed
     through that system in reliance on consistent application of that
     system; it is up to the author/donor to decide if he or she is
     willing to distribute software through any other system and a
     licensee cannot impose that choice.

     This section is intended to make thoroughly clear what is believed
     to be a consequence of the rest of this License.

  12. If the distribution and/or use of the Library is restricted in
     certain countries either by patents or by copyrighted interfaces,
     the original copyright holder who places the Library under this
     License may add an explicit geographical distribution limitation
     excluding those countries, so that distribution is permitted only
     in or among countries not thus excluded.  In such case, this
     License incorporates the limitation as if written in the body of
     this License.

  13. The Free Software Foundation may publish revised and/or new
     versions of the Lesser General Public License from time to time.
     Such new versions will be similar in spirit to the present version,
     but may differ in detail to address new problems or concerns.

     Each version is given a distinguishing version number.  If the
     Library specifies a version number of this License which applies to
     it and "any later version", you have the option of following the
     terms and conditions either of that version or of any later version
     published by the Free Software Foundation.  If the Library does not
     specify a license version number, you may choose any version ever
     published by the Free Software Foundation.

  14. If you wish to incorporate parts of the Library into other free
     programs whose distribution conditions are incompatible with these,
     write to the author to ask for permission.  For software which is
     copyrighted by the Free Software Foundation, write to the Free
     Software Foundation; we sometimes make exceptions for this.  Our
     decision will be guided by the two goals of preserving the free
     status of all derivatives of our free software and of promoting the
     sharing and reuse of software generally.

                              NO WARRANTY

  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
     WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE
     LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS
     AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY
     OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
     LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
     FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
     PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE
     DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR
     OR CORRECTION.

  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
     WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY
     MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE
     LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
     INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
     INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF
     DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU
     OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY
     OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
     ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

END OF TERMS AND CONDITIONS
---------------------------

How to Apply These Terms to Your New Libraries
----------------------------------------------

If you develop a new library, and you want it to be of the greatest
possible use to the public, we recommend making it free software that
everyone can redistribute and change.  You can do so by permitting
redistribution under these terms (or, alternatively, under the terms of
the ordinary General Public License).

To apply these terms, attach the following notices to the library.  It
is safest to attach them to the start of each source file to most
effectively convey the exclusion of warranty; and each file should have
at least the "copyright" line and a pointer to where the full notice is
found.

     ONE LINE TO GIVE THE LIBRARY'S NAME AND AN IDEA OF WHAT IT DOES.
     Copyright (C) YEAR  NAME OF AUTHOR

     This library is free software; you can redistribute it and/or modify it
     under the terms of the GNU Lesser General Public License as published by
     the Free Software Foundation; either version 2.1 of the License, or (at
     your option) any later version.

     This library is distributed in the hope that it will be useful, but
     WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     Lesser General Public License for more details.

     You should have received a copy of the GNU Lesser General Public
     License along with this library; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
     USA.

Also add information on how to contact you by electronic and paper mail.

You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the library, if
necessary.  Here is a sample; alter the names:

     Yoyodyne, Inc., hereby disclaims all copyright interest in the library
     `Frob' (a library for tweaking knobs) written by James Random Hacker.

     SIGNATURE OF TY COON, 1 April 1990
     Ty Coon, President of Vice

That's all there is to it!

\1f
File: gnutls.info,  Node: GNU GPL,  Prev: GNU LGPL,  Up: Copying Information

A.3 GNU General Public License
==============================

                        Version 3, 29 June 2007

     Copyright (C) 2007 Free Software Foundation, Inc. 'http://fsf.org/'

     Everyone is permitted to copy and distribute verbatim copies of this
     license document, but changing it is not allowed.

Preamble
========

The GNU General Public License is a free, copyleft license for software
and other kinds of works.

The licenses for most software and other practical works are designed to
take away your freedom to share and change the works.  By contrast, the
GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.  We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors.  You can apply it to
your programs, too.

When we speak of free software, we are referring to freedom, not price.
Our General Public Licenses are designed to make sure that you have the
freedom to distribute copies of free software (and charge for them if
you wish), that you receive source code or can get it if you want it,
that you can change the software or use pieces of it in new free
programs, and that you know you can do these things.

To protect your rights, we need to prevent others from denying you these
rights or asking you to surrender the rights.  Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.

For example, if you distribute copies of such a program, whether gratis
or for a fee, you must pass on to the recipients the same freedoms that
you received.  You must make sure that they, too, receive or can get the
source code.  And you must show them these terms so they know their
rights.

Developers that use the GNU GPL protect your rights with two steps: (1)
assert copyright on the software, and (2) offer you this License giving
you legal permission to copy, distribute and/or modify it.

For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software.  For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.

Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so.  This is fundamentally incompatible with the aim of
protecting users' freedom to change the software.  The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable.  Therefore, we
have designed this version of the GPL to prohibit the practice for those
products.  If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.

Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary.  To prevent this, the GPL assures that
patents cannot be used to render the program non-free.

The precise terms and conditions for copying, distribution and
modification follow.

TERMS AND CONDITIONS
====================

  0. Definitions.

     "This License" refers to version 3 of the GNU General Public
     License.

     "Copyright" also means copyright-like laws that apply to other
     kinds of works, such as semiconductor masks.

     "The Program" refers to any copyrightable work licensed under this
     License.  Each licensee is addressed as "you".  "Licensees" and
     "recipients" may be individuals or organizations.

     To "modify" a work means to copy from or adapt all or part of the
     work in a fashion requiring copyright permission, other than the
     making of an exact copy.  The resulting work is called a "modified
     version" of the earlier work or a work "based on" the earlier work.

     A "covered work" means either the unmodified Program or a work
     based on the Program.

     To "propagate" a work means to do anything with it that, without
     permission, would make you directly or secondarily liable for
     infringement under applicable copyright law, except executing it on
     a computer or modifying a private copy.  Propagation includes
     copying, distribution (with or without modification), making
     available to the public, and in some countries other activities as
     well.

     To "convey" a work means any kind of propagation that enables other
     parties to make or receive copies.  Mere interaction with a user
     through a computer network, with no transfer of a copy, is not
     conveying.

     An interactive user interface displays "Appropriate Legal Notices"
     to the extent that it includes a convenient and prominently visible
     feature that (1) displays an appropriate copyright notice, and (2)
     tells the user that there is no warranty for the work (except to
     the extent that warranties are provided), that licensees may convey
     the work under this License, and how to view a copy of this
     License.  If the interface presents a list of user commands or
     options, such as a menu, a prominent item in the list meets this
     criterion.

  1. Source Code.

     The "source code" for a work means the preferred form of the work
     for making modifications to it.  "Object code" means any non-source
     form of a work.

     A "Standard Interface" means an interface that either is an
     official standard defined by a recognized standards body, or, in
     the case of interfaces specified for a particular programming
     language, one that is widely used among developers working in that
     language.

     The "System Libraries" of an executable work include anything,
     other than the work as a whole, that (a) is included in the normal
     form of packaging a Major Component, but which is not part of that
     Major Component, and (b) serves only to enable use of the work with
     that Major Component, or to implement a Standard Interface for
     which an implementation is available to the public in source code
     form.  A "Major Component", in this context, means a major
     essential component (kernel, window system, and so on) of the
     specific operating system (if any) on which the executable work
     runs, or a compiler used to produce the work, or an object code
     interpreter used to run it.

     The "Corresponding Source" for a work in object code form means all
     the source code needed to generate, install, and (for an executable
     work) run the object code and to modify the work, including scripts
     to control those activities.  However, it does not include the
     work's System Libraries, or general-purpose tools or generally
     available free programs which are used unmodified in performing
     those activities but which are not part of the work.  For example,
     Corresponding Source includes interface definition files associated
     with source files for the work, and the source code for shared
     libraries and dynamically linked subprograms that the work is
     specifically designed to require, such as by intimate data
     communication or control flow between those subprograms and other
     parts of the work.

     The Corresponding Source need not include anything that users can
     regenerate automatically from other parts of the Corresponding
     Source.

     The Corresponding Source for a work in source code form is that
     same work.

  2. Basic Permissions.

     All rights granted under this License are granted for the term of
     copyright on the Program, and are irrevocable provided the stated
     conditions are met.  This License explicitly affirms your unlimited
     permission to run the unmodified Program.  The output from running
     a covered work is covered by this License only if the output, given
     its content, constitutes a covered work.  This License acknowledges
     your rights of fair use or other equivalent, as provided by
     copyright law.

     You may make, run and propagate covered works that you do not
     convey, without conditions so long as your license otherwise
     remains in force.  You may convey covered works to others for the
     sole purpose of having them make modifications exclusively for you,
     or provide you with facilities for running those works, provided
     that you comply with the terms of this License in conveying all
     material for which you do not control copyright.  Those thus making
     or running the covered works for you must do so exclusively on your
     behalf, under your direction and control, on terms that prohibit
     them from making any copies of your copyrighted material outside
     their relationship with you.

     Conveying under any other circumstances is permitted solely under
     the conditions stated below.  Sublicensing is not allowed; section
     10 makes it unnecessary.

  3. Protecting Users' Legal Rights From Anti-Circumvention Law.

     No covered work shall be deemed part of an effective technological
     measure under any applicable law fulfilling obligations under
     article 11 of the WIPO copyright treaty adopted on 20 December
     1996, or similar laws prohibiting or restricting circumvention of
     such measures.

     When you convey a covered work, you waive any legal power to forbid
     circumvention of technological measures to the extent such
     circumvention is effected by exercising rights under this License
     with respect to the covered work, and you disclaim any intention to
     limit operation or modification of the work as a means of
     enforcing, against the work's users, your or third parties' legal
     rights to forbid circumvention of technological measures.

  4. Conveying Verbatim Copies.

     You may convey verbatim copies of the Program's source code as you
     receive it, in any medium, provided that you conspicuously and
     appropriately publish on each copy an appropriate copyright notice;
     keep intact all notices stating that this License and any
     non-permissive terms added in accord with section 7 apply to the
     code; keep intact all notices of the absence of any warranty; and
     give all recipients a copy of this License along with the Program.

     You may charge any price or no price for each copy that you convey,
     and you may offer support or warranty protection for a fee.

  5. Conveying Modified Source Versions.

     You may convey a work based on the Program, or the modifications to
     produce it from the Program, in the form of source code under the
     terms of section 4, provided that you also meet all of these
     conditions:

       a. The work must carry prominent notices stating that you
          modified it, and giving a relevant date.

       b. The work must carry prominent notices stating that it is
          released under this License and any conditions added under
          section 7.  This requirement modifies the requirement in
          section 4 to "keep intact all notices".

       c. You must license the entire work, as a whole, under this
          License to anyone who comes into possession of a copy.  This
          License will therefore apply, along with any applicable
          section 7 additional terms, to the whole of the work, and all
          its parts, regardless of how they are packaged.  This License
          gives no permission to license the work in any other way, but
          it does not invalidate such permission if you have separately
          received it.

       d. If the work has interactive user interfaces, each must display
          Appropriate Legal Notices; however, if the Program has
          interactive interfaces that do not display Appropriate Legal
          Notices, your work need not make them do so.

     A compilation of a covered work with other separate and independent
     works, which are not by their nature extensions of the covered
     work, and which are not combined with it such as to form a larger
     program, in or on a volume of a storage or distribution medium, is
     called an "aggregate" if the compilation and its resulting
     copyright are not used to limit the access or legal rights of the
     compilation's users beyond what the individual works permit.
     Inclusion of a covered work in an aggregate does not cause this
     License to apply to the other parts of the aggregate.

  6. Conveying Non-Source Forms.

     You may convey a covered work in object code form under the terms
     of sections 4 and 5, provided that you also convey the
     machine-readable Corresponding Source under the terms of this
     License, in one of these ways:

       a. Convey the object code in, or embodied in, a physical product
          (including a physical distribution medium), accompanied by the
          Corresponding Source fixed on a durable physical medium
          customarily used for software interchange.

       b. Convey the object code in, or embodied in, a physical product
          (including a physical distribution medium), accompanied by a
          written offer, valid for at least three years and valid for as
          long as you offer spare parts or customer support for that
          product model, to give anyone who possesses the object code
          either (1) a copy of the Corresponding Source for all the
          software in the product that is covered by this License, on a
          durable physical medium customarily used for software
          interchange, for a price no more than your reasonable cost of
          physically performing this conveying of source, or (2) access
          to copy the Corresponding Source from a network server at no
          charge.

       c. Convey individual copies of the object code with a copy of the
          written offer to provide the Corresponding Source.  This
          alternative is allowed only occasionally and noncommercially,
          and only if you received the object code with such an offer,
          in accord with subsection 6b.

       d. Convey the object code by offering access from a designated
          place (gratis or for a charge), and offer equivalent access to
          the Corresponding Source in the same way through the same
          place at no further charge.  You need not require recipients
          to copy the Corresponding Source along with the object code.
          If the place to copy the object code is a network server, the
          Corresponding Source may be on a different server (operated by
          you or a third party) that supports equivalent copying
          facilities, provided you maintain clear directions next to the
          object code saying where to find the Corresponding Source.
          Regardless of what server hosts the Corresponding Source, you
          remain obligated to ensure that it is available for as long as
          needed to satisfy these requirements.

       e. Convey the object code using peer-to-peer transmission,
          provided you inform other peers where the object code and
          Corresponding Source of the work are being offered to the
          general public at no charge under subsection 6d.

     A separable portion of the object code, whose source code is
     excluded from the Corresponding Source as a System Library, need
     not be included in conveying the object code work.

     A "User Product" is either (1) a "consumer product", which means
     any tangible personal property which is normally used for personal,
     family, or household purposes, or (2) anything designed or sold for
     incorporation into a dwelling.  In determining whether a product is
     a consumer product, doubtful cases shall be resolved in favor of
     coverage.  For a particular product received by a particular user,
     "normally used" refers to a typical or common use of that class of
     product, regardless of the status of the particular user or of the
     way in which the particular user actually uses, or expects or is
     expected to use, the product.  A product is a consumer product
     regardless of whether the product has substantial commercial,
     industrial or non-consumer uses, unless such uses represent the
     only significant mode of use of the product.

     "Installation Information" for a User Product means any methods,
     procedures, authorization keys, or other information required to
     install and execute modified versions of a covered work in that
     User Product from a modified version of its Corresponding Source.
     The information must suffice to ensure that the continued
     functioning of the modified object code is in no case prevented or
     interfered with solely because modification has been made.

     If you convey an object code work under this section in, or with,
     or specifically for use in, a User Product, and the conveying
     occurs as part of a transaction in which the right of possession
     and use of the User Product is transferred to the recipient in
     perpetuity or for a fixed term (regardless of how the transaction
     is characterized), the Corresponding Source conveyed under this
     section must be accompanied by the Installation Information.  But
     this requirement does not apply if neither you nor any third party
     retains the ability to install modified object code on the User
     Product (for example, the work has been installed in ROM).

     The requirement to provide Installation Information does not
     include a requirement to continue to provide support service,
     warranty, or updates for a work that has been modified or installed
     by the recipient, or for the User Product in which it has been
     modified or installed.  Access to a network may be denied when the
     modification itself materially and adversely affects the operation
     of the network or violates the rules and protocols for
     communication across the network.

     Corresponding Source conveyed, and Installation Information
     provided, in accord with this section must be in a format that is
     publicly documented (and with an implementation available to the
     public in source code form), and must require no special password
     or key for unpacking, reading or copying.

  7. Additional Terms.

     "Additional permissions" are terms that supplement the terms of
     this License by making exceptions from one or more of its
     conditions.  Additional permissions that are applicable to the
     entire Program shall be treated as though they were included in
     this License, to the extent that they are valid under applicable
     law.  If additional permissions apply only to part of the Program,
     that part may be used separately under those permissions, but the
     entire Program remains governed by this License without regard to
     the additional permissions.

     When you convey a copy of a covered work, you may at your option
     remove any additional permissions from that copy, or from any part
     of it.  (Additional permissions may be written to require their own
     removal in certain cases when you modify the work.)  You may place
     additional permissions on material, added by you to a covered work,
     for which you have or can give appropriate copyright permission.

     Notwithstanding any other provision of this License, for material
     you add to a covered work, you may (if authorized by the copyright
     holders of that material) supplement the terms of this License with
     terms:

       a. Disclaiming warranty or limiting liability differently from
          the terms of sections 15 and 16 of this License; or

       b. Requiring preservation of specified reasonable legal notices
          or author attributions in that material or in the Appropriate
          Legal Notices displayed by works containing it; or

       c. Prohibiting misrepresentation of the origin of that material,
          or requiring that modified versions of such material be marked
          in reasonable ways as different from the original version; or

       d. Limiting the use for publicity purposes of names of licensors
          or authors of the material; or

       e. Declining to grant rights under trademark law for use of some
          trade names, trademarks, or service marks; or

       f. Requiring indemnification of licensors and authors of that
          material by anyone who conveys the material (or modified
          versions of it) with contractual assumptions of liability to
          the recipient, for any liability that these contractual
          assumptions directly impose on those licensors and authors.

     All other non-permissive additional terms are considered "further
     restrictions" within the meaning of section 10.  If the Program as
     you received it, or any part of it, contains a notice stating that
     it is governed by this License along with a term that is a further
     restriction, you may remove that term.  If a license document
     contains a further restriction but permits relicensing or conveying
     under this License, you may add to a covered work material governed
     by the terms of that license document, provided that the further
     restriction does not survive such relicensing or conveying.

     If you add terms to a covered work in accord with this section, you
     must place, in the relevant source files, a statement of the
     additional terms that apply to those files, or a notice indicating
     where to find the applicable terms.

     Additional terms, permissive or non-permissive, may be stated in
     the form of a separately written license, or stated as exceptions;
     the above requirements apply either way.

  8. Termination.

     You may not propagate or modify a covered work except as expressly
     provided under this License.  Any attempt otherwise to propagate or
     modify it is void, and will automatically terminate your rights
     under this License (including any patent licenses granted under the
     third paragraph of section 11).

     However, if you cease all violation of this License, then your
     license from a particular copyright holder is reinstated (a)
     provisionally, unless and until the copyright holder explicitly and
     finally terminates your license, and (b) permanently, if the
     copyright holder fails to notify you of the violation by some
     reasonable means prior to 60 days after the cessation.

     Moreover, your license from a particular copyright holder is
     reinstated permanently if the copyright holder notifies you of the
     violation by some reasonable means, this is the first time you have
     received notice of violation of this License (for any work) from
     that copyright holder, and you cure the violation prior to 30 days
     after your receipt of the notice.

     Termination of your rights under this section does not terminate
     the licenses of parties who have received copies or rights from you
     under this License.  If your rights have been terminated and not
     permanently reinstated, you do not qualify to receive new licenses
     for the same material under section 10.

  9. Acceptance Not Required for Having Copies.

     You are not required to accept this License in order to receive or
     run a copy of the Program.  Ancillary propagation of a covered work
     occurring solely as a consequence of using peer-to-peer
     transmission to receive a copy likewise does not require
     acceptance.  However, nothing other than this License grants you
     permission to propagate or modify any covered work.  These actions
     infringe copyright if you do not accept this License.  Therefore,
     by modifying or propagating a covered work, you indicate your
     acceptance of this License to do so.

  10. Automatic Licensing of Downstream Recipients.

     Each time you convey a covered work, the recipient automatically
     receives a license from the original licensors, to run, modify and
     propagate that work, subject to this License.  You are not
     responsible for enforcing compliance by third parties with this
     License.

     An "entity transaction" is a transaction transferring control of an
     organization, or substantially all assets of one, or subdividing an
     organization, or merging organizations.  If propagation of a
     covered work results from an entity transaction, each party to that
     transaction who receives a copy of the work also receives whatever
     licenses to the work the party's predecessor in interest had or
     could give under the previous paragraph, plus a right to possession
     of the Corresponding Source of the work from the predecessor in
     interest, if the predecessor has it or can get it with reasonable
     efforts.

     You may not impose any further restrictions on the exercise of the
     rights granted or affirmed under this License.  For example, you
     may not impose a license fee, royalty, or other charge for exercise
     of rights granted under this License, and you may not initiate
     litigation (including a cross-claim or counterclaim in a lawsuit)
     alleging that any patent claim is infringed by making, using,
     selling, offering for sale, or importing the Program or any portion
     of it.

  11. Patents.

     A "contributor" is a copyright holder who authorizes use under this
     License of the Program or a work on which the Program is based.
     The work thus licensed is called the contributor's "contributor
     version".

     A contributor's "essential patent claims" are all patent claims
     owned or controlled by the contributor, whether already acquired or
     hereafter acquired, that would be infringed by some manner,
     permitted by this License, of making, using, or selling its
     contributor version, but do not include claims that would be
     infringed only as a consequence of further modification of the
     contributor version.  For purposes of this definition, "control"
     includes the right to grant patent sublicenses in a manner
     consistent with the requirements of this License.

     Each contributor grants you a non-exclusive, worldwide,
     royalty-free patent license under the contributor's essential
     patent claims, to make, use, sell, offer for sale, import and
     otherwise run, modify and propagate the contents of its contributor
     version.

     In the following three paragraphs, a "patent license" is any
     express agreement or commitment, however denominated, not to
     enforce a patent (such as an express permission to practice a
     patent or covenant not to sue for patent infringement).  To "grant"
     such a patent license to a party means to make such an agreement or
     commitment not to enforce a patent against the party.

     If you convey a covered work, knowingly relying on a patent
     license, and the Corresponding Source of the work is not available
     for anyone to copy, free of charge and under the terms of this
     License, through a publicly available network server or other
     readily accessible means, then you must either (1) cause the
     Corresponding Source to be so available, or (2) arrange to deprive
     yourself of the benefit of the patent license for this particular
     work, or (3) arrange, in a manner consistent with the requirements
     of this License, to extend the patent license to downstream
     recipients.  "Knowingly relying" means you have actual knowledge
     that, but for the patent license, your conveying the covered work
     in a country, or your recipient's use of the covered work in a
     country, would infringe one or more identifiable patents in that
     country that you have reason to believe are valid.

     If, pursuant to or in connection with a single transaction or
     arrangement, you convey, or propagate by procuring conveyance of, a
     covered work, and grant a patent license to some of the parties
     receiving the covered work authorizing them to use, propagate,
     modify or convey a specific copy of the covered work, then the
     patent license you grant is automatically extended to all
     recipients of the covered work and works based on it.

     A patent license is "discriminatory" if it does not include within
     the scope of its coverage, prohibits the exercise of, or is
     conditioned on the non-exercise of one or more of the rights that
     are specifically granted under this License.  You may not convey a
     covered work if you are a party to an arrangement with a third
     party that is in the business of distributing software, under which
     you make payment to the third party based on the extent of your
     activity of conveying the work, and under which the third party
     grants, to any of the parties who would receive the covered work
     from you, a discriminatory patent license (a) in connection with
     copies of the covered work conveyed by you (or copies made from
     those copies), or (b) primarily for and in connection with specific
     products or compilations that contain the covered work, unless you
     entered into that arrangement, or that patent license was granted,
     prior to 28 March 2007.

     Nothing in this License shall be construed as excluding or limiting
     any implied license or other defenses to infringement that may
     otherwise be available to you under applicable patent law.

  12. No Surrender of Others' Freedom.

     If conditions are imposed on you (whether by court order, agreement
     or otherwise) that contradict the conditions of this License, they
     do not excuse you from the conditions of this License.  If you
     cannot convey a covered work so as to satisfy simultaneously your
     obligations under this License and any other pertinent obligations,
     then as a consequence you may not convey it at all.  For example,
     if you agree to terms that obligate you to collect a royalty for
     further conveying from those to whom you convey the Program, the
     only way you could satisfy both those terms and this License would
     be to refrain entirely from conveying the Program.

  13. Use with the GNU Affero General Public License.

     Notwithstanding any other provision of this License, you have
     permission to link or combine any covered work with a work licensed
     under version 3 of the GNU Affero General Public License into a
     single combined work, and to convey the resulting work.  The terms
     of this License will continue to apply to the part which is the
     covered work, but the special requirements of the GNU Affero
     General Public License, section 13, concerning interaction through
     a network will apply to the combination as such.

  14. Revised Versions of this License.

     The Free Software Foundation may publish revised and/or new
     versions of the GNU General Public License from time to time.  Such
     new versions will be similar in spirit to the present version, but
     may differ in detail to address new problems or concerns.

     Each version is given a distinguishing version number.  If the
     Program specifies that a certain numbered version of the GNU
     General Public License "or any later version" applies to it, you
     have the option of following the terms and conditions either of
     that numbered version or of any later version published by the Free
     Software Foundation.  If the Program does not specify a version
     number of the GNU General Public License, you may choose any
     version ever published by the Free Software Foundation.

     If the Program specifies that a proxy can decide which future
     versions of the GNU General Public License can be used, that
     proxy's public statement of acceptance of a version permanently
     authorizes you to choose that version for the Program.

     Later license versions may give you additional or different
     permissions.  However, no additional obligations are imposed on any
     author or copyright holder as a result of your choosing to follow a
     later version.

  15. Disclaimer of Warranty.

     THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
     APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE
     COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
     WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
     INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE
     RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.
     SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
     NECESSARY SERVICING, REPAIR OR CORRECTION.

  16. Limitation of Liability.

     IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
     WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES
     AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR
     DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
     CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE
     THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA
     BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
     PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
     PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF
     THE POSSIBILITY OF SUCH DAMAGES.

  17. Interpretation of Sections 15 and 16.

     If the disclaimer of warranty and limitation of liability provided
     above cannot be given local legal effect according to their terms,
     reviewing courts shall apply local law that most closely
     approximates an absolute waiver of all civil liability in
     connection with the Program, unless a warranty or assumption of
     liability accompanies a copy of the Program in return for a fee.

END OF TERMS AND CONDITIONS
===========================

How to Apply These Terms to Your New Programs
=============================================

If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these
terms.

To do so, attach the following notices to the program.  It is safest to
attach them to the start of each source file to most effectively state
the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.

     ONE LINE TO GIVE THE PROGRAM'S NAME AND A BRIEF IDEA OF WHAT IT DOES.
     Copyright (C) YEAR NAME OF AUTHOR

     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
     the Free Software Foundation, either version 3 of the License, or (at
     your option) any later version.

     This program is distributed in the hope that it will be useful, but
     WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     General Public License for more details.

     You should have received a copy of the GNU General Public License
     along with this program.  If not, see 'http://www.gnu.org/licenses/'.

Also add information on how to contact you by electronic and paper mail.

If the program does terminal interaction, make it output a short notice
like this when it starts in an interactive mode:

     PROGRAM Copyright (C) YEAR NAME OF AUTHOR
     This program comes with ABSOLUTELY NO WARRANTY; for details type 'show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type 'show c' for details.

The hypothetical commands 'show w' and 'show c' should show the
appropriate parts of the General Public License.  Of course, your
program's commands might be different; for a GUI interface, you would
use an "about box".

You should also get your employer (if you work as a programmer) or
school, if any, to sign a "copyright disclaimer" for the program, if
necessary.  For more information on this, and how to apply and follow
the GNU GPL, see 'http://www.gnu.org/licenses/'.

The GNU General Public License does not permit incorporating your
program into proprietary programs.  If your program is a subroutine
library, you may consider it more useful to permit linking proprietary
applications with the library.  If this is what you want to do, use the
GNU Lesser General Public License instead of this License.  But first,
please read 'http://www.gnu.org/philosophy/why-not-lgpl.html'.

\1f
File: gnutls.info,  Node: Bibliography,  Next: Function and Data Index,  Prev: Copying Information,  Up: Top

Bibliography
************

[CBCATT]
     Bodo Moeller, "Security of CBC Ciphersuites in SSL/TLS: Problems
     and Countermeasures", 2002, available from
     'http://www.openssl.org/~bodo/tls-cbc.txt'.

[GPGH]
     Mike Ashley, "The GNU Privacy Handbook", 2002, available from
     'http://www.gnupg.org/gph/en/manual.pdf'.

[GUTPKI]
     Peter Gutmann, "Everything you never wanted to know about PKI but
     were forced to find out", Available from
     'http://www.cs.auckland.ac.nz/~pgut001/'.

[NISTSP80057]
     NIST Special Publication 800-57, "Recommendation for Key Management
     - Part 1: General (Revised)", March 2007, available from
     'http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf'.

[RFC2246]
     Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0",
     January 1999, Available from 'http://www.ietf.org/rfc/rfc2246.txt'.

[RFC4346]
     Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match
     2006, Available from 'http://www.ietf.org/rfc/rfc4346.txt'.

[RFC2440]
     Jon Callas, Lutz Donnerhacke, Hal Finney and Rodney Thayer,
     "OpenPGP Message Format", November 1998, Available from
     'http://www.ietf.org/rfc/rfc2440.txt'.

[RFC4880]
     Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw and Rodney
     Thayer, "OpenPGP Message Format", November 2007, Available from
     'http://www.ietf.org/rfc/rfc4880.txt'.

[RFC4211]
     J. Schaad, "Internet X.509 Public Key Infrastructure Certificate
     Request Message Format (CRMF)", September 2005, Available from
     'http://www.ietf.org/rfc/rfc4211.txt'.

[RFC2817]
     Rohit Khare and Scott Lawrence, "Upgrading to TLS Within HTTP/1.1",
     May 2000, Available from 'http://www.ietf.org/rfc/rfc2817.txt'

[RFC2818]
     Eric Rescorla, "HTTP Over TLS", May 2000, Available from
     'http://www.ietf/rfc/rfc2818.txt'.

[RFC2945]
     Tom Wu, "The SRP Authentication and Key Exchange System", September
     2000, Available from 'http://www.ietf.org/rfc/rfc2945.txt'.

[RFC2986]
     Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification
     Request Syntax Specification", November 2000, Available from
     'http://www.ietf.org/rfc/rfc2986.txt'.

[PKIX]
     D. Cooper, S. Santesson, S. Farrel, S. Boeyen, R. Housley, W. Polk,
     "Internet X.509 Public Key Infrastructure Certificate and
     Certificate Revocation List (CRL) Profile", May 2008, available
     from 'http://www.ietf.org/rfc/rfc5280.txt'.

[RFC3749]
     Scott Hollenbeck, "Transport Layer Security Protocol Compression
     Methods", May 2004, available from
     'http://www.ietf.org/rfc/rfc3749.txt'.

[RFC3820]
     Steven Tuecke, Von Welch, Doug Engert, Laura Pearlman, and Mary
     Thompson, "Internet X.509 Public Key Infrastructure (PKI) Proxy
     Certificate Profile", June 2004, available from
     'http://www.ietf.org/rfc/rfc3820'.

[RFC5746]
     E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer
     Security (TLS) Renegotiation Indication Extension", February 2010,
     available from 'http://www.ietf.org/rfc/rfc5746'.

[TLSTKT]
     Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig,
     "Transport Layer Security (TLS) Session Resumption without
     Server-Side State", January 2008, available from
     'http://www.ietf.org/rfc/rfc5077'.

[PKCS12]
     RSA Laboratories, "PKCS 12 v1.0: Personal Information Exchange
     Syntax", June 1999, Available from 'http://www.rsa.com'.

[PKCS11]
     RSA Laboratories, "PKCS #11 Base Functionality v2.30: Cryptoki –
     Draft 4", July 2009, Available from 'http://www.rsa.com'.

[RESCORLA]
     Eric Rescorla, "SSL and TLS: Designing and Building Secure
     Systems", 2001

[SELKEY]
     Arjen Lenstra and Eric Verheul, "Selecting Cryptographic Key
     Sizes", 2003, available from
     'http://www.win.tue.nl/~klenstra/key.pdf'.

[SSL3]
     Alan Freier, Philip Karlton and Paul Kocher, "The SSL Protocol
     Version 3.0", November 1996, Available from
     'http://wp.netscape.com/eng/ssl3/draft302.txt'.

[STEVENS]
     Richard Stevens, "UNIX Network Programming, Volume 1", Prentice
     Hall PTR, January 1998

[TLSEXT]
     Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen
     and Tim Wright, "Transport Layer Security (TLS) Extensions", June
     2003, Available from 'http://www.ietf.org/rfc/rfc3546.txt'.

[TLSPGP]
     Nikos Mavrogiannopoulos, "Using OpenPGP keys for TLS
     authentication", January 2011.  Available from
     'http://www.ietf.org/rfc/rfc6091.txt'.

[TLSSRP]
     David Taylor, Trevor Perrin, Tom Wu and Nikos Mavrogiannopoulos,
     "Using SRP for TLS Authentication", November 2007.  Available from
     'http://www.ietf.org/rfc/rfc5054.txt'.

[TLSPSK]
     Pasi Eronen and Hannes Tschofenig, "Pre-shared key Ciphersuites for
     TLS", December 2005, Available from
     'http://www.ietf.org/rfc/rfc4279.txt'.

[TOMSRP]
     Tom Wu, "The Stanford SRP Authentication Project", Available at
     'http://srp.stanford.edu/'.

[WEGER]
     Arjen Lenstra and Xiaoyun Wang and Benne de Weger, "Colliding X.509
     Certificates", Cryptology ePrint Archive, Report 2005/067,
     Available at 'http://eprint.iacr.org/'.

[ECRYPT]
     European Network of Excellence in Cryptology II, "ECRYPT II Yearly
     Report on Algorithms and Keysizes (2009-2010)", Available at
     'http://www.ecrypt.eu.org/documents/D.SPA.13.pdf'.

[RFC5056]
     N. Williams, "On the Use of Channel Bindings to Secure Channels",
     November 2007, available from 'http://www.ietf.org/rfc/rfc5056'.

[RFC5929]
     J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July
     2010, available from 'http://www.ietf.org/rfc/rfc5929'.

\1f
File: gnutls.info,  Node: Function and Data Index,  Next: Concept Index,  Prev: Bibliography,  Up: Top

Function and Data Index
***********************

\0\b[index\0\b]
* Menu:

* alert-description->string:             Core Interface.     (line  415)
* alert-get:                             Core Interface.     (line  314)
* alert-level->string:                   Core Interface.     (line  418)
* alert-send:                            Core Interface.     (line  311)
* anonymous-client-credentials?:         Core Interface.     (line  364)
* anonymous-server-credentials?:         Core Interface.     (line  361)
* bye:                                   Core Interface.     (line  323)
* certificate-credentials?:              Core Interface.     (line  352)
* certificate-request->string:           Core Interface.     (line  405)
* certificate-status->string:            Core Interface.     (line  408)
* certificate-type->string:              Core Interface.     (line  396)
* certificate-verify->string:            Core Interface.     (line  373)
* cipher->string:                        Core Interface.     (line  442)
* cipher-suite->string:                  Core Interface.     (line  232)
* close-request->string:                 Core Interface.     (line  402)
* compression-method->string:            Core Interface.     (line  424)
* connection-end->string:                Core Interface.     (line  421)
* credentials->string:                   Core Interface.     (line  433)
* dh-parameters?:                        Core Interface.     (line  358)
* digest->string:                        Core Interface.     (line  427)
* error->string:                         Exception Handling. (line    6)
* error->string <1>:                     Core Interface.     (line  370)
* gnutls-version:                        Core Interface.     (line  330)
* gnutls_alert_get:                      Core functions.     (line   24)
* gnutls_alert_get_name:                 Core functions.     (line   11)
* gnutls_alert_send:                     Core functions.     (line   65)
* gnutls_alert_send_appropriate:         Core functions.     (line   42)
* gnutls_anon_allocate_client_credentials: Core functions.   (line   89)
* gnutls_anon_allocate_server_credentials: Core functions.   (line  101)
* gnutls_anon_free_client_credentials:   Core functions.     (line  113)
* gnutls_anon_free_server_credentials:   Core functions.     (line  123)
* gnutls_anon_set_params_function:       Core functions.     (line  133)
* gnutls_anon_set_server_dh_params:      Core functions.     (line  147)
* gnutls_anon_set_server_params_function: Core functions.    (line  161)
* gnutls_auth_client_get_type:           Core functions.     (line  175)
* gnutls_auth_get_type:                  Core functions.     (line  189)
* gnutls_auth_server_get_type:           Core functions.     (line  207)
* gnutls_bye:                            Core functions.     (line  221)
* gnutls_certificate_activation_time_peers: Core functions.  (line  258)
* gnutls_certificate_allocate_credentials: Core functions.   (line  273)
* gnutls_certificate_client_get_request_status: Core functions.
                                                             (line  286)
* gnutls_certificate_client_set_retrieve_function: Core functions.
                                                             (line  299)
* gnutls_certificate_expiration_time_peers: Core functions.  (line  338)
* gnutls_certificate_free_cas:           Core functions.     (line  369)
* gnutls_certificate_free_ca_names:      Core functions.     (line  352)
* gnutls_certificate_free_credentials:   Core functions.     (line  381)
* gnutls_certificate_free_crls:          Core functions.     (line  395)
* gnutls_certificate_free_keys:          Core functions.     (line  405)
* gnutls_certificate_get_issuer:         Core functions.     (line  417)
* gnutls_certificate_get_openpgp_keyring: Core functions.    (line  437)
* gnutls_certificate_get_ours:           Core functions.     (line  452)
* gnutls_certificate_get_peers:          Core functions.     (line  467)
* gnutls_certificate_get_x509_cas:       Core functions.     (line  489)
* gnutls_certificate_get_x509_crls:      Core functions.     (line  507)
* gnutls_certificate_send_x509_rdn_sequence: Core functions. (line  525)
* gnutls_certificate_server_set_request: Core functions.     (line  543)
* gnutls_certificate_server_set_retrieve_function: Core functions.
                                                             (line  558)
* gnutls_certificate_set_dh_params:      Core functions.     (line  584)
* gnutls_certificate_set_openpgp_key:    OpenPGP functions.  (line  157)
* gnutls_certificate_set_openpgp_keyring_file: OpenPGP functions.
                                                             (line  115)
* gnutls_certificate_set_openpgp_keyring_mem: OpenPGP functions.
                                                             (line  135)
* gnutls_certificate_set_openpgp_key_file: OpenPGP functions.
                                                             (line   42)
* gnutls_certificate_set_openpgp_key_file2: OpenPGP functions.
                                                             (line   12)
* gnutls_certificate_set_openpgp_key_mem: OpenPGP functions. (line   93)
* gnutls_certificate_set_openpgp_key_mem2: OpenPGP functions.
                                                             (line   63)
* gnutls_certificate_set_params_function: Core functions.    (line  601)
* gnutls_certificate_set_retrieve_function: Core functions.  (line  615)
* gnutls_certificate_set_rsa_export_params: Core functions.  (line  656)
* gnutls_certificate_set_verify_flags:   Core functions.     (line  670)
* gnutls_certificate_set_verify_function: Core functions.    (line  683)
* gnutls_certificate_set_verify_limits:  Core functions.     (line  712)
* gnutls_certificate_set_x509_crl:       Core functions.     (line  773)
* gnutls_certificate_set_x509_crl_file:  Core functions.     (line  731)
* gnutls_certificate_set_x509_crl_mem:   Core functions.     (line  752)
* gnutls_certificate_set_x509_key:       Core functions.     (line  866)
* gnutls_certificate_set_x509_key_file:  Core functions.     (line  796)
* gnutls_certificate_set_x509_key_mem:   Core functions.     (line  827)
* gnutls_certificate_set_x509_simple_pkcs12_file: Core functions.
                                                             (line  892)
* gnutls_certificate_set_x509_simple_pkcs12_mem: Core functions.
                                                             (line  932)
* gnutls_certificate_set_x509_trust:     Core functions.     (line 1028)
* gnutls_certificate_set_x509_trust_file: Core functions.    (line  974)
* gnutls_certificate_set_x509_trust_mem: Core functions.     (line 1003)
* gnutls_certificate_type_get:           Core functions.     (line 1078)
* gnutls_certificate_type_get_id:        Core functions.     (line 1054)
* gnutls_certificate_type_get_name:      Core functions.     (line 1066)
* gnutls_certificate_type_list:          Core functions.     (line 1091)
* gnutls_certificate_type_set_priority:  Core functions.     (line 1104)
* gnutls_certificate_verify_flags:       Verifying X.509 certificate paths.
                                                             (line   43)
* gnutls_certificate_verify_peers:       Core functions.     (line 1147)
* gnutls_certificate_verify_peers2:      Core functions.     (line 1122)
* gnutls_check_version:                  Core functions.     (line 1166)
* gnutls_cipher_decrypt:                 Core functions.     (line 1206)
* gnutls_cipher_decrypt2:                Core functions.     (line 1183)
* gnutls_cipher_deinit:                  Core functions.     (line 1224)
* gnutls_cipher_encrypt:                 Core functions.     (line 1258)
* gnutls_cipher_encrypt2:                Core functions.     (line 1235)
* gnutls_cipher_get:                     Core functions.     (line 1325)
* gnutls_cipher_get_block_size:          Core functions.     (line 1276)
* gnutls_cipher_get_id:                  Core functions.     (line 1289)
* gnutls_cipher_get_key_size:            Core functions.     (line 1301)
* gnutls_cipher_get_name:                Core functions.     (line 1313)
* gnutls_cipher_init:                    Core functions.     (line 1337)
* gnutls_cipher_list:                    Core functions.     (line 1360)
* gnutls_cipher_set_priority:            Core functions.     (line 1374)
* gnutls_cipher_suite_get_name:          Core functions.     (line 1391)
* gnutls_cipher_suite_info:              Core functions.     (line 1409)
* gnutls_compression_get:                Core functions.     (line 1460)
* gnutls_compression_get_id:             Core functions.     (line 1436)
* gnutls_compression_get_name:           Core functions.     (line 1448)
* gnutls_compression_list:               Core functions.     (line 1472)
* gnutls_compression_set_priority:       Core functions.     (line 1485)
* gnutls_credentials_clear:              Core functions.     (line 1508)
* gnutls_credentials_set:                Core functions.     (line 1516)
* gnutls_crypto_bigint_register2:        Core functions.     (line 1551)
* gnutls_crypto_cipher_register2:        Core functions.     (line 1580)
* gnutls_crypto_digest_register2:        Core functions.     (line 1606)
* gnutls_crypto_mac_register2:           Core functions.     (line 1632)
* gnutls_crypto_pk_register2:            Core functions.     (line 1657)
* gnutls_crypto_rnd_register2:           Core functions.     (line 1686)
* gnutls_crypto_single_cipher_register2: Core functions.     (line 1712)
* gnutls_crypto_single_digest_register2: Core functions.     (line 1741)
* gnutls_crypto_single_mac_register2:    Core functions.     (line 1770)
* gnutls_db_check_entry:                 Core functions.     (line 1798)
* gnutls_db_get_ptr:                     Core functions.     (line 1814)
* gnutls_db_remove_session:              Core functions.     (line 1825)
* gnutls_db_set_cache_expiration:        Core functions.     (line 1839)
* gnutls_db_set_ptr:                     Core functions.     (line 1851)
* gnutls_db_set_remove_function:         Core functions.     (line 1863)
* gnutls_db_set_retrieve_function:       Core functions.     (line 1878)
* gnutls_db_set_store_function:          Core functions.     (line 1898)
* gnutls_deinit:                         Core functions.     (line 1913)
* gnutls_dh_get_group:                   Core functions.     (line 1923)
* gnutls_dh_get_peers_public_bits:       Core functions.     (line 1943)
* gnutls_dh_get_prime_bits:              Core functions.     (line 1956)
* gnutls_dh_get_pubkey:                  Core functions.     (line 1972)
* gnutls_dh_get_secret_bits:             Core functions.     (line 1989)
* gnutls_dh_params_cpy:                  Core functions.     (line 2002)
* gnutls_dh_params_deinit:               Core functions.     (line 2017)
* gnutls_dh_params_export_pkcs3:         Core functions.     (line 2026)
* gnutls_dh_params_export_raw:           Core functions.     (line 2053)
* gnutls_dh_params_generate2:            Core functions.     (line 2075)
* gnutls_dh_params_import_pkcs3:         Core functions.     (line 2098)
* gnutls_dh_params_import_raw:           Core functions.     (line 2120)
* gnutls_dh_params_init:                 Core functions.     (line 2139)
* gnutls_dh_set_prime_bits:              Core functions.     (line 2150)
* gnutls_error_is_fatal:                 Core functions.     (line 2170)
* gnutls_error_to_alert:                 Core functions.     (line 2188)
* gnutls_extra_check_version:            GnuTLS-extra functions.
                                                             (line   13)
* gnutls_ext_register:                   Core functions.     (line 2207)
* gnutls_fingerprint:                    Core functions.     (line 2229)
* gnutls_free:                           Core functions.     (line 2256)
* gnutls_global_deinit:                  Core functions.     (line 2265)
* gnutls_global_init:                    Core functions.     (line 2276)
* gnutls_global_init_extra:              GnuTLS-extra functions.
                                                             (line   30)
* gnutls_global_set_log_function:        Core functions.     (line 2307)
* gnutls_global_set_log_level:           Core functions.     (line 2322)
* gnutls_global_set_mem_functions:       Core functions.     (line 2335)
* gnutls_global_set_mutex:               Core functions.     (line 2367)
* gnutls_global_set_time_function:       Core functions.     (line 2390)
* gnutls_handshake:                      Core functions.     (line 2501)
* gnutls_handshake_get_last_in:          Core functions.     (line 2403)
* gnutls_handshake_get_last_out:         Core functions.     (line 2420)
* gnutls_handshake_set_max_packet_length: Core functions.    (line 2437)
* gnutls_handshake_set_post_client_hello_function: Core functions.
                                                             (line 2455)
* gnutls_handshake_set_private_extensions: Core functions.   (line 2481)
* gnutls_hash:                           Core functions.     (line 2610)
* gnutls_hash_deinit:                    Core functions.     (line 2531)
* gnutls_hash_fast:                      Core functions.     (line 2545)
* gnutls_hash_get_len:                   Core functions.     (line 2565)
* gnutls_hash_init:                      Core functions.     (line 2579)
* gnutls_hash_output:                    Core functions.     (line 2597)
* gnutls_hex2bin:                        Core functions.     (line 2628)
* gnutls_hex_decode:                     Core functions.     (line 2648)
* gnutls_hex_encode:                     Core functions.     (line 2667)
* gnutls_hmac:                           Core functions.     (line 2772)
* gnutls_hmac_deinit:                    Core functions.     (line 2684)
* gnutls_hmac_fast:                      Core functions.     (line 2698)
* gnutls_hmac_get_len:                   Core functions.     (line 2723)
* gnutls_hmac_init:                      Core functions.     (line 2736)
* gnutls_hmac_output:                    Core functions.     (line 2759)
* gnutls_ia_allocate_client_credentials: TLS Inner Application (TLS/IA) functions.
                                                             (line   57)
* gnutls_ia_allocate_server_credentials: TLS Inner Application (TLS/IA) functions.
                                                             (line   75)
* gnutls_ia_enable:                      TLS Inner Application (TLS/IA) functions.
                                                             (line   93)
* gnutls_ia_endphase_send:               TLS Inner Application (TLS/IA) functions.
                                                             (line  122)
* gnutls_ia_extract_inner_secret:        TLS Inner Application (TLS/IA) functions.
                                                             (line  141)
* gnutls_ia_free_client_credentials:     TLS Inner Application (TLS/IA) functions.
                                                             (line  161)
* gnutls_ia_free_server_credentials:     TLS Inner Application (TLS/IA) functions.
                                                             (line  171)
* gnutls_ia_generate_challenge:          TLS Inner Application (TLS/IA) functions.
                                                             (line  181)
* gnutls_ia_get_client_avp_ptr:          TLS Inner Application (TLS/IA) functions.
                                                             (line  198)
* gnutls_ia_get_server_avp_ptr:          TLS Inner Application (TLS/IA) functions.
                                                             (line  210)
* gnutls_ia_handshake:                   TLS Inner Application (TLS/IA) functions.
                                                             (line  235)
* gnutls_ia_handshake_p:                 TLS Inner Application (TLS/IA) functions.
                                                             (line  222)
* gnutls_ia_permute_inner_secret:        TLS Inner Application (TLS/IA) functions.
                                                             (line  247)
* gnutls_ia_recv:                        TLS Inner Application (TLS/IA) functions.
                                                             (line  266)
* gnutls_ia_send:                        TLS Inner Application (TLS/IA) functions.
                                                             (line  300)
* gnutls_ia_set_client_avp_function:     TLS Inner Application (TLS/IA) functions.
                                                             (line  332)
* gnutls_ia_set_client_avp_ptr:          TLS Inner Application (TLS/IA) functions.
                                                             (line  369)
* gnutls_ia_set_server_avp_function:     TLS Inner Application (TLS/IA) functions.
                                                             (line  381)
* gnutls_ia_set_server_avp_ptr:          TLS Inner Application (TLS/IA) functions.
                                                             (line  424)
* gnutls_ia_verify_endphase:             TLS Inner Application (TLS/IA) functions.
                                                             (line  436)
* gnutls_init:                           Core functions.     (line 2790)
* gnutls_kx_get:                         Core functions.     (line 2833)
* gnutls_kx_get_id:                      Core functions.     (line 2809)
* gnutls_kx_get_name:                    Core functions.     (line 2821)
* gnutls_kx_list:                        Core functions.     (line 2845)
* gnutls_kx_set_priority:                Core functions.     (line 2855)
* gnutls_mac_get:                        Core functions.     (line 2910)
* gnutls_mac_get_id:                     Core functions.     (line 2873)
* gnutls_mac_get_key_size:               Core functions.     (line 2886)
* gnutls_mac_get_name:                   Core functions.     (line 2898)
* gnutls_mac_list:                       Core functions.     (line 2922)
* gnutls_mac_set_priority:               Core functions.     (line 2935)
* gnutls_malloc:                         Core functions.     (line 2953)
* gnutls_openpgp_crt_check_hostname:     OpenPGP functions.  (line  180)
* gnutls_openpgp_crt_deinit:             OpenPGP functions.  (line  195)
* gnutls_openpgp_crt_export:             OpenPGP functions.  (line  203)
* gnutls_openpgp_crt_get_auth_subkey:    OpenPGP functions.  (line  224)
* gnutls_openpgp_crt_get_creation_time:  OpenPGP functions.  (line  246)
* gnutls_openpgp_crt_get_expiration_time: OpenPGP functions. (line  257)
* gnutls_openpgp_crt_get_fingerprint:    OpenPGP functions.  (line  269)
* gnutls_openpgp_crt_get_key_id:         OpenPGP functions.  (line  286)
* gnutls_openpgp_crt_get_key_usage:      OpenPGP functions.  (line  301)
* gnutls_openpgp_crt_get_name:           OpenPGP functions.  (line  316)
* gnutls_openpgp_crt_get_pk_algorithm:   OpenPGP functions.  (line  337)
* gnutls_openpgp_crt_get_pk_dsa_raw:     OpenPGP functions.  (line  357)
* gnutls_openpgp_crt_get_pk_rsa_raw:     OpenPGP functions.  (line  381)
* gnutls_openpgp_crt_get_preferred_key_id: OpenPGP functions.
                                                             (line  401)
* gnutls_openpgp_crt_get_revoked_status: OpenPGP functions.  (line  415)
* gnutls_openpgp_crt_get_subkey_count:   OpenPGP functions.  (line  429)
* gnutls_openpgp_crt_get_subkey_creation_time: OpenPGP functions.
                                                             (line  443)
* gnutls_openpgp_crt_get_subkey_expiration_time: OpenPGP functions.
                                                             (line  458)
* gnutls_openpgp_crt_get_subkey_fingerprint: OpenPGP functions.
                                                             (line  474)
* gnutls_openpgp_crt_get_subkey_id:      OpenPGP functions.  (line  511)
* gnutls_openpgp_crt_get_subkey_idx:     OpenPGP functions.  (line  496)
* gnutls_openpgp_crt_get_subkey_pk_algorithm: OpenPGP functions.
                                                             (line  526)
* gnutls_openpgp_crt_get_subkey_pk_dsa_raw: OpenPGP functions.
                                                             (line  552)
* gnutls_openpgp_crt_get_subkey_pk_rsa_raw: OpenPGP functions.
                                                             (line  578)
* gnutls_openpgp_crt_get_subkey_revoked_status: OpenPGP functions.
                                                             (line  600)
* gnutls_openpgp_crt_get_subkey_usage:   OpenPGP functions.  (line  616)
* gnutls_openpgp_crt_get_version:        OpenPGP functions.  (line  638)
* gnutls_openpgp_crt_import:             OpenPGP functions.  (line  650)
* gnutls_openpgp_crt_init:               OpenPGP functions.  (line  667)
* gnutls_openpgp_crt_print:              OpenPGP functions.  (line  677)
* gnutls_openpgp_crt_set_preferred_key_id: OpenPGP functions.
                                                             (line  698)
* gnutls_openpgp_crt_verify_ring:        OpenPGP functions.  (line  713)
* gnutls_openpgp_crt_verify_self:        OpenPGP functions.  (line  736)
* gnutls_openpgp_keyring_check_id:       OpenPGP functions.  (line  753)
* gnutls_openpgp_keyring_deinit:         OpenPGP functions.  (line  770)
* gnutls_openpgp_keyring_get_crt:        OpenPGP functions.  (line  791)
* gnutls_openpgp_keyring_get_crt_count:  OpenPGP functions.  (line  779)
* gnutls_openpgp_keyring_import:         OpenPGP functions.  (line  810)
* gnutls_openpgp_keyring_init:           OpenPGP functions.  (line  828)
* gnutls_openpgp_privkey_deinit:         OpenPGP functions.  (line  839)
* gnutls_openpgp_privkey_export:         OpenPGP functions.  (line  964)
* gnutls_openpgp_privkey_export_dsa_raw: OpenPGP functions.  (line  848)
* gnutls_openpgp_privkey_export_rsa_raw: OpenPGP functions.  (line  875)
* gnutls_openpgp_privkey_export_subkey_dsa_raw: OpenPGP functions.
                                                             (line  904)
* gnutls_openpgp_privkey_export_subkey_rsa_raw: OpenPGP functions.
                                                             (line  933)
* gnutls_openpgp_privkey_get_fingerprint: OpenPGP functions. (line  993)
* gnutls_openpgp_privkey_get_key_id:     OpenPGP functions.  (line 1012)
* gnutls_openpgp_privkey_get_pk_algorithm: OpenPGP functions.
                                                             (line 1027)
* gnutls_openpgp_privkey_get_preferred_key_id: OpenPGP functions.
                                                             (line 1050)
* gnutls_openpgp_privkey_get_revoked_status: OpenPGP functions.
                                                             (line 1064)
* gnutls_openpgp_privkey_get_subkey_count: OpenPGP functions.
                                                             (line 1078)
* gnutls_openpgp_privkey_get_subkey_creation_time: OpenPGP functions.
                                                             (line 1092)
* gnutls_openpgp_privkey_get_subkey_expiration_time: OpenPGP functions.
                                                             (line 1107)
* gnutls_openpgp_privkey_get_subkey_fingerprint: OpenPGP functions.
                                                             (line 1123)
* gnutls_openpgp_privkey_get_subkey_id:  OpenPGP functions.  (line 1161)
* gnutls_openpgp_privkey_get_subkey_idx: OpenPGP functions.  (line 1145)
* gnutls_openpgp_privkey_get_subkey_pk_algorithm: OpenPGP functions.
                                                             (line 1179)
* gnutls_openpgp_privkey_get_subkey_revoked_status: OpenPGP functions.
                                                             (line 1205)
* gnutls_openpgp_privkey_import:         OpenPGP functions.  (line 1221)
* gnutls_openpgp_privkey_init:           OpenPGP functions.  (line 1244)
* gnutls_openpgp_privkey_sec_param:      OpenPGP functions.  (line 1255)
* gnutls_openpgp_privkey_set_preferred_key_id: OpenPGP functions.
                                                             (line 1268)
* gnutls_openpgp_privkey_sign_hash:      OpenPGP functions.  (line 1283)
* gnutls_openpgp_send_cert:              Core functions.     (line 2964)
* gnutls_openpgp_set_recv_key_function:  OpenPGP functions.  (line 1304)
* gnutls_pem_base64_decode:              Core functions.     (line 3001)
* gnutls_pem_base64_decode_alloc:        Core functions.     (line 2979)
* gnutls_pem_base64_encode:              Core functions.     (line 3046)
* gnutls_pem_base64_encode_alloc:        Core functions.     (line 3025)
* gnutls_perror:                         Core functions.     (line 3069)
* gnutls_pkcs11_add_provider:            Core functions.     (line 3146)
* gnutls_pkcs11_copy_secret_key:         Core functions.     (line 3162)
* gnutls_pkcs11_copy_x509_crt:           Core functions.     (line 3185)
* gnutls_pkcs11_copy_x509_privkey:       Core functions.     (line 3205)
* gnutls_pkcs11_deinit:                  Core functions.     (line 3229)
* gnutls_pkcs11_delete_url:              Core functions.     (line 3236)
* gnutls_pkcs11_init:                    Core functions.     (line 3250)
* gnutls_pkcs11_obj_deinit:              Core functions.     (line 3277)
* gnutls_pkcs11_obj_export:              Core functions.     (line 3301)
* gnutls_pkcs11_obj_export_url:          Core functions.     (line 3285)
* gnutls_pkcs11_obj_get_info:            Core functions.     (line 3327)
* gnutls_pkcs11_obj_get_type:            Core functions.     (line 3350)
* gnutls_pkcs11_obj_import_url:          Core functions.     (line 3360)
* gnutls_pkcs11_obj_init:                Core functions.     (line 3380)
* gnutls_pkcs11_obj_list_import_url:     Core functions.     (line 3391)
* gnutls_pkcs11_privkey_deinit:          Core functions.     (line 3415)
* gnutls_pkcs11_privkey_export_url:      Core functions.     (line 3424)
* gnutls_pkcs11_privkey_get_info:        Core functions.     (line 3441)
* gnutls_pkcs11_privkey_get_pk_algorithm: Core functions.    (line 3463)
* gnutls_pkcs11_privkey_import_url:      Core functions.     (line 3476)
* gnutls_pkcs11_privkey_init:            Core functions.     (line 3496)
* gnutls_pkcs11_reinit:                  Core functions.     (line 3508)
* gnutls_pkcs11_set_pin_function:        Core functions.     (line 3522)
* gnutls_pkcs11_set_token_function:      Core functions.     (line 3554)
* gnutls_pkcs11_token_get_flags:         Core functions.     (line 3569)
* gnutls_pkcs11_token_get_info:          Core functions.     (line 3583)
* gnutls_pkcs11_token_get_mechanism:     Core functions.     (line 3604)
* gnutls_pkcs11_token_get_url:           Core functions.     (line 3621)
* gnutls_pkcs11_token_init:              Core functions.     (line 3639)
* gnutls_pkcs11_token_set_pin:           Core functions.     (line 3658)
* gnutls_pkcs12_bag_decrypt:             X.509 certificate functions.
                                                             (line   12)
* gnutls_pkcs12_bag_deinit:              X.509 certificate functions.
                                                             (line   27)
* gnutls_pkcs12_bag_encrypt:             X.509 certificate functions.
                                                             (line   35)
* gnutls_pkcs12_bag_get_count:           X.509 certificate functions.
                                                             (line   52)
* gnutls_pkcs12_bag_get_data:            X.509 certificate functions.
                                                             (line   64)
* gnutls_pkcs12_bag_get_friendly_name:   X.509 certificate functions.
                                                             (line   82)
* gnutls_pkcs12_bag_get_key_id:          X.509 certificate functions.
                                                             (line  100)
* gnutls_pkcs12_bag_get_type:            X.509 certificate functions.
                                                             (line  118)
* gnutls_pkcs12_bag_init:                X.509 certificate functions.
                                                             (line  131)
* gnutls_pkcs12_bag_set_crl:             X.509 certificate functions.
                                                             (line  144)
* gnutls_pkcs12_bag_set_crt:             X.509 certificate functions.
                                                             (line  159)
* gnutls_pkcs12_bag_set_data:            X.509 certificate functions.
                                                             (line  174)
* gnutls_pkcs12_bag_set_friendly_name:   X.509 certificate functions.
                                                             (line  191)
* gnutls_pkcs12_bag_set_key_id:          X.509 certificate functions.
                                                             (line  210)
* gnutls_pkcs12_deinit:                  X.509 certificate functions.
                                                             (line  229)
* gnutls_pkcs12_export:                  X.509 certificate functions.
                                                             (line  237)
* gnutls_pkcs12_generate_mac:            X.509 certificate functions.
                                                             (line  265)
* gnutls_pkcs12_get_bag:                 X.509 certificate functions.
                                                             (line  279)
* gnutls_pkcs12_import:                  X.509 certificate functions.
                                                             (line  299)
* gnutls_pkcs12_init:                    X.509 certificate functions.
                                                             (line  322)
* gnutls_pkcs12_set_bag:                 X.509 certificate functions.
                                                             (line  335)
* gnutls_pkcs12_verify_mac:              X.509 certificate functions.
                                                             (line  349)
* gnutls_pkcs7_deinit:                   X.509 certificate functions.
                                                             (line  363)
* gnutls_pkcs7_delete_crl:               X.509 certificate functions.
                                                             (line  371)
* gnutls_pkcs7_delete_crt:               X.509 certificate functions.
                                                             (line  386)
* gnutls_pkcs7_export:                   X.509 certificate functions.
                                                             (line  401)
* gnutls_pkcs7_get_crl_count:            X.509 certificate functions.
                                                             (line  428)
* gnutls_pkcs7_get_crl_raw:              X.509 certificate functions.
                                                             (line  440)
* gnutls_pkcs7_get_crt_count:            X.509 certificate functions.
                                                             (line  461)
* gnutls_pkcs7_get_crt_raw:              X.509 certificate functions.
                                                             (line  473)
* gnutls_pkcs7_import:                   X.509 certificate functions.
                                                             (line  498)
* gnutls_pkcs7_init:                     X.509 certificate functions.
                                                             (line  518)
* gnutls_pkcs7_set_crl:                  X.509 certificate functions.
                                                             (line  545)
* gnutls_pkcs7_set_crl_raw:              X.509 certificate functions.
                                                             (line  531)
* gnutls_pkcs7_set_crt:                  X.509 certificate functions.
                                                             (line  575)
* gnutls_pkcs7_set_crt_raw:              X.509 certificate functions.
                                                             (line  560)
* gnutls_pk_algorithm_get_name:          Core functions.     (line 3078)
* gnutls_pk_bits_to_sec_param:           Core functions.     (line 3090)
* gnutls_pk_get_id:                      Core functions.     (line 3105)
* gnutls_pk_get_name:                    Core functions.     (line 3120)
* gnutls_pk_list:                        Core functions.     (line 3134)
* gnutls_prf:                            Core functions.     (line 3717)
* gnutls_prf_raw:                        Core functions.     (line 3678)
* gnutls_priority_deinit:                Core functions.     (line 3759)
* gnutls_priority_init:                  Core functions.     (line 3768)
* gnutls_priority_set:                   Core functions.     (line 3853)
* gnutls_priority_set_direct:            Core functions.     (line 3833)
* gnutls_privkey_decrypt_data:           Core functions.     (line 3867)
* gnutls_privkey_deinit:                 Core functions.     (line 3888)
* gnutls_privkey_get_pk_algorithm:       Core functions.     (line 3896)
* gnutls_privkey_get_type:               Core functions.     (line 3913)
* gnutls_privkey_import_openpgp:         Core functions.     (line 3926)
* gnutls_privkey_import_pkcs11:          Core functions.     (line 3947)
* gnutls_privkey_import_x509:            Core functions.     (line 3967)
* gnutls_privkey_init:                   Core functions.     (line 3987)
* gnutls_privkey_sign_data:              Core functions.     (line 3998)
* gnutls_privkey_sign_hash:              Core functions.     (line 4025)
* gnutls_protocol_get_id:                Core functions.     (line 4055)
* gnutls_protocol_get_name:              Core functions.     (line 4067)
* gnutls_protocol_get_version:           Core functions.     (line 4079)
* gnutls_protocol_list:                  Core functions.     (line 4090)
* gnutls_protocol_set_priority:          Core functions.     (line 4100)
* gnutls_psk_allocate_client_credentials: Core functions.    (line 4115)
* gnutls_psk_allocate_server_credentials: Core functions.    (line 4127)
* gnutls_psk_client_get_hint:            Core functions.     (line 4139)
* gnutls_psk_free_client_credentials:    Core functions.     (line 4155)
* gnutls_psk_free_server_credentials:    Core functions.     (line 4165)
* gnutls_psk_netconf_derive_key:         Core functions.     (line 4175)
* gnutls_psk_server_get_username:        Core functions.     (line 4201)
* gnutls_psk_set_client_credentials:     Core functions.     (line 4237)
* gnutls_psk_set_client_credentials_function: Core functions.
                                                             (line 4213)
* gnutls_psk_set_params_function:        Core functions.     (line 4258)
* gnutls_psk_set_server_credentials_file: Core functions.    (line 4272)
* gnutls_psk_set_server_credentials_function: Core functions.
                                                             (line 4288)
* gnutls_psk_set_server_credentials_hint: Core functions.    (line 4313)
* gnutls_psk_set_server_dh_params:       Core functions.     (line 4331)
* gnutls_psk_set_server_params_function: Core functions.     (line 4345)
* gnutls_pubkey_deinit:                  Core functions.     (line 4359)
* gnutls_pubkey_export:                  Core functions.     (line 4367)
* gnutls_pubkey_get_key_id:              Core functions.     (line 4394)
* gnutls_pubkey_get_key_usage:           Core functions.     (line 4421)
* gnutls_pubkey_get_pk_algorithm:        Core functions.     (line 4436)
* gnutls_pubkey_get_pk_dsa_raw:          Core functions.     (line 4453)
* gnutls_pubkey_get_pk_rsa_raw:          Core functions.     (line 4475)
* gnutls_pubkey_get_preferred_hash_algorithm: Core functions.
                                                             (line 4492)
* gnutls_pubkey_get_verify_algorithm:    Core functions.     (line 4516)
* gnutls_pubkey_import:                  Core functions.     (line 4666)
* gnutls_pubkey_import_dsa_raw:          Core functions.     (line 4535)
* gnutls_pubkey_import_openpgp:          Core functions.     (line 4558)
* gnutls_pubkey_import_pkcs11:           Core functions.     (line 4593)
* gnutls_pubkey_import_pkcs11_url:       Core functions.     (line 4576)
* gnutls_pubkey_import_privkey:          Core functions.     (line 4610)
* gnutls_pubkey_import_rsa_raw:          Core functions.     (line 4631)
* gnutls_pubkey_import_x509:             Core functions.     (line 4649)
* gnutls_pubkey_init:                    Core functions.     (line 4685)
* gnutls_pubkey_set_key_usage:           Core functions.     (line 4696)
* gnutls_pubkey_verify_data:             Core functions.     (line 4712)
* gnutls_pubkey_verify_hash:             Core functions.     (line 4735)
* gnutls_record_check_pending:           Core functions.     (line 4756)
* gnutls_record_disable_padding:         Core functions.     (line 4768)
* gnutls_record_get_direction:           Core functions.     (line 4783)
* gnutls_record_get_max_size:            Core functions.     (line 4803)
* gnutls_record_recv:                    Core functions.     (line 4815)
* gnutls_record_send:                    Core functions.     (line 4850)
* gnutls_record_set_max_size:            Core functions.     (line 4883)
* gnutls_rehandshake:                    Core functions.     (line 4907)
* gnutls_rnd:                            Core functions.     (line 4937)
* gnutls_rsa_export_get_modulus_bits:    Core functions.     (line 4953)
* gnutls_rsa_export_get_pubkey:          Core functions.     (line 4965)
* gnutls_rsa_params_cpy:                 Core functions.     (line 4983)
* gnutls_rsa_params_deinit:              Core functions.     (line 4998)
* gnutls_rsa_params_export_pkcs1:        Core functions.     (line 5007)
* gnutls_rsa_params_export_raw:          Core functions.     (line 5034)
* gnutls_rsa_params_generate2:           Core functions.     (line 5064)
* gnutls_rsa_params_import_pkcs1:        Core functions.     (line 5085)
* gnutls_rsa_params_import_raw:          Core functions.     (line 5107)
* gnutls_rsa_params_init:                Core functions.     (line 5135)
* gnutls_safe_renegotiation_status:      Core functions.     (line 5148)
* gnutls_sec_param_get_name:             Core functions.     (line 5163)
* gnutls_sec_param_to_pk_bits:           Core functions.     (line 5175)
* gnutls_server_name_get:                Core functions.     (line 5192)
* gnutls_server_name_set:                Core functions.     (line 5229)
* gnutls_session_channel_binding:        Core functions.     (line 5256)
* gnutls_session_enable_compatibility_mode: Core functions.  (line 5277)
* gnutls_session_get_data:               Core functions.     (line 5313)
* gnutls_session_get_data2:              Core functions.     (line 5291)
* gnutls_session_get_id:                 Core functions.     (line 5337)
* gnutls_session_get_ptr:                Core functions.     (line 5361)
* gnutls_session_is_resumed:             Core functions.     (line 5373)
* gnutls_session_set_data:               Core functions.     (line 5384)
* gnutls_session_set_ptr:                Core functions.     (line 5407)
* gnutls_session_ticket_enable_client:   Core functions.     (line 5420)
* gnutls_session_ticket_enable_server:   Core functions.     (line 5435)
* gnutls_session_ticket_key_generate:    Core functions.     (line 5453)
* gnutls_set_default_export_priority:    Core functions.     (line 5469)
* gnutls_set_default_priority:           Core functions.     (line 5491)
* gnutls_sign_algorithm_get_name:        Core functions.     (line 5511)
* gnutls_sign_algorithm_get_requested:   Core functions.     (line 5523)
* gnutls_sign_callback_get:              Core functions.     (line 5550)
* gnutls_sign_callback_set:              Core functions.     (line 5566)
* gnutls_sign_get_id:                    Core functions.     (line 5590)
* gnutls_sign_get_name:                  Core functions.     (line 5602)
* gnutls_sign_list:                      Core functions.     (line 5616)
* gnutls_srp_allocate_client_credentials: Core functions.    (line 5626)
* gnutls_srp_allocate_server_credentials: Core functions.    (line 5639)
* gnutls_srp_base64_decode:              Core functions.     (line 5672)
* gnutls_srp_base64_decode_alloc:        Core functions.     (line 5652)
* gnutls_srp_base64_encode:              Core functions.     (line 5715)
* gnutls_srp_base64_encode_alloc:        Core functions.     (line 5694)
* gnutls_srp_free_client_credentials:    Core functions.     (line 5737)
* gnutls_srp_free_server_credentials:    Core functions.     (line 5747)
* gnutls_srp_server_get_username:        Core functions.     (line 5757)
* gnutls_srp_set_client_credentials:     Core functions.     (line 5800)
* gnutls_srp_set_client_credentials_function: Core functions.
                                                             (line 5770)
* gnutls_srp_set_prime_bits:             Core functions.     (line 5821)
* gnutls_srp_set_server_credentials_file: Core functions.    (line 5842)
* gnutls_srp_set_server_credentials_function: Core functions.
                                                             (line 5862)
* gnutls_srp_verifier:                   Core functions.     (line 5896)
* gnutls_strerror:                       Core functions.     (line 5942)
* gnutls_strerror_name:                  Core functions.     (line 5927)
* gnutls_supplemental_get_name:          Core functions.     (line 5956)
* gnutls_transport_get_ptr:              Core functions.     (line 5985)
* gnutls_transport_get_ptr2:             Core functions.     (line 5969)
* gnutls_transport_set_errno:            Core functions.     (line 6014)
* gnutls_transport_set_errno_function:   Core functions.     (line 5998)
* gnutls_transport_set_global_errno:     Core functions.     (line 6038)
* gnutls_transport_set_lowat:            Core functions.     (line 6060)
* gnutls_transport_set_ptr:              Core functions.     (line 6092)
* gnutls_transport_set_ptr2:             Core functions.     (line 6075)
* gnutls_transport_set_pull_function:    Core functions.     (line 6105)
* gnutls_transport_set_push_function:    Core functions.     (line 6121)
* gnutls_transport_set_vec_push_function: Core functions.    (line 6139)
* gnutls_x509_crl_check_issuer:          X.509 certificate functions.
                                                             (line  591)
* gnutls_x509_crl_deinit:                X.509 certificate functions.
                                                             (line  605)
* gnutls_x509_crl_export:                X.509 certificate functions.
                                                             (line  613)
* gnutls_x509_crl_get_authority_key_id:  X.509 certificate functions.
                                                             (line  639)
* gnutls_x509_crl_get_crt_count:         X.509 certificate functions.
                                                             (line  664)
* gnutls_x509_crl_get_crt_serial:        X.509 certificate functions.
                                                             (line  675)
* gnutls_x509_crl_get_dn_oid:            X.509 certificate functions.
                                                             (line  697)
* gnutls_x509_crl_get_extension_data:    X.509 certificate functions.
                                                             (line  720)
* gnutls_x509_crl_get_extension_info:    X.509 certificate functions.
                                                             (line  750)
* gnutls_x509_crl_get_extension_oid:     X.509 certificate functions.
                                                             (line  784)
* gnutls_x509_crl_get_issuer_dn:         X.509 certificate functions.
                                                             (line  845)
* gnutls_x509_crl_get_issuer_dn_by_oid:  X.509 certificate functions.
                                                             (line  809)
* gnutls_x509_crl_get_next_update:       X.509 certificate functions.
                                                             (line  867)
* gnutls_x509_crl_get_number:            X.509 certificate functions.
                                                             (line  881)
* gnutls_x509_crl_get_raw_issuer_dn:     X.509 certificate functions.
                                                             (line  903)
* gnutls_x509_crl_get_signature:         X.509 certificate functions.
                                                             (line  932)
* gnutls_x509_crl_get_signature_algorithm: X.509 certificate functions.
                                                             (line  919)
* gnutls_x509_crl_get_this_update:       X.509 certificate functions.
                                                             (line  949)
* gnutls_x509_crl_get_version:           X.509 certificate functions.
                                                             (line  960)
* gnutls_x509_crl_import:                X.509 certificate functions.
                                                             (line  970)
* gnutls_x509_crl_init:                  X.509 certificate functions.
                                                             (line  990)
* gnutls_x509_crl_print:                 X.509 certificate functions.
                                                             (line 1005)
* gnutls_x509_crl_privkey_sign:          X.509 certificate functions.
                                                             (line 1025)
* gnutls_x509_crl_set_authority_key_id:  X.509 certificate functions.
                                                             (line 1051)
* gnutls_x509_crl_set_crt:               X.509 certificate functions.
                                                             (line 1090)
* gnutls_x509_crl_set_crt_serial:        X.509 certificate functions.
                                                             (line 1070)
* gnutls_x509_crl_set_next_update:       X.509 certificate functions.
                                                             (line 1108)
* gnutls_x509_crl_set_number:            X.509 certificate functions.
                                                             (line 1122)
* gnutls_x509_crl_set_this_update:       X.509 certificate functions.
                                                             (line 1140)
* gnutls_x509_crl_set_version:           X.509 certificate functions.
                                                             (line 1154)
* gnutls_x509_crl_sign:                  X.509 certificate functions.
                                                             (line 1198)
* gnutls_x509_crl_sign2:                 X.509 certificate functions.
                                                             (line 1170)
* gnutls_x509_crl_verify:                X.509 certificate functions.
                                                             (line 1217)
* gnutls_x509_crq_deinit:                X.509 certificate functions.
                                                             (line 1241)
* gnutls_x509_crq_export:                X.509 certificate functions.
                                                             (line 1250)
* gnutls_x509_crq_get_attribute_by_oid:  X.509 certificate functions.
                                                             (line 1278)
* gnutls_x509_crq_get_attribute_data:    X.509 certificate functions.
                                                             (line 1303)
* gnutls_x509_crq_get_attribute_info:    X.509 certificate functions.
                                                             (line 1332)
* gnutls_x509_crq_get_basic_constraints: X.509 certificate functions.
                                                             (line 1363)
* gnutls_x509_crq_get_challenge_password: X.509 certificate functions.
                                                             (line 1392)
* gnutls_x509_crq_get_dn:                X.509 certificate functions.
                                                             (line 1465)
* gnutls_x509_crq_get_dn_by_oid:         X.509 certificate functions.
                                                             (line 1410)
* gnutls_x509_crq_get_dn_oid:            X.509 certificate functions.
                                                             (line 1444)
* gnutls_x509_crq_get_extension_by_oid:  X.509 certificate functions.
                                                             (line 1486)
* gnutls_x509_crq_get_extension_data:    X.509 certificate functions.
                                                             (line 1516)
* gnutls_x509_crq_get_extension_info:    X.509 certificate functions.
                                                             (line 1546)
* gnutls_x509_crq_get_key_id:            X.509 certificate functions.
                                                             (line 1580)
* gnutls_x509_crq_get_key_purpose_oid:   X.509 certificate functions.
                                                             (line 1609)
* gnutls_x509_crq_get_key_rsa_raw:       X.509 certificate functions.
                                                             (line 1637)
* gnutls_x509_crq_get_key_usage:         X.509 certificate functions.
                                                             (line 1657)
* gnutls_x509_crq_get_pk_algorithm:      X.509 certificate functions.
                                                             (line 1683)
* gnutls_x509_crq_get_subject_alt_name:  X.509 certificate functions.
                                                             (line 1703)
* gnutls_x509_crq_get_subject_alt_othername_oid: X.509 certificate functions.
                                                             (line 1740)
* gnutls_x509_crq_get_version:           X.509 certificate functions.
                                                             (line 1776)
* gnutls_x509_crq_import:                X.509 certificate functions.
                                                             (line 1788)
* gnutls_x509_crq_init:                  X.509 certificate functions.
                                                             (line 1809)
* gnutls_x509_crq_print:                 X.509 certificate functions.
                                                             (line 1821)
* gnutls_x509_crq_privkey_sign:          X.509 certificate functions.
                                                             (line 1843)
* gnutls_x509_crq_set_attribute_by_oid:  X.509 certificate functions.
                                                             (line 1870)
* gnutls_x509_crq_set_basic_constraints: X.509 certificate functions.
                                                             (line 1891)
* gnutls_x509_crq_set_challenge_password: X.509 certificate functions.
                                                             (line 1913)
* gnutls_x509_crq_set_dn_by_oid:         X.509 certificate functions.
                                                             (line 1928)
* gnutls_x509_crq_set_key:               X.509 certificate functions.
                                                             (line 2014)
* gnutls_x509_crq_set_key_purpose_oid:   X.509 certificate functions.
                                                             (line 1957)
* gnutls_x509_crq_set_key_rsa_raw:       X.509 certificate functions.
                                                             (line 1979)
* gnutls_x509_crq_set_key_usage:         X.509 certificate functions.
                                                             (line 1998)
* gnutls_x509_crq_set_pubkey:            Core functions.     (line 6157)
* gnutls_x509_crq_set_subject_alt_name:  X.509 certificate functions.
                                                             (line 2029)
* gnutls_x509_crq_set_version:           X.509 certificate functions.
                                                             (line 2065)
* gnutls_x509_crq_sign:                  X.509 certificate functions.
                                                             (line 2109)
* gnutls_x509_crq_sign2:                 X.509 certificate functions.
                                                             (line 2080)
* gnutls_x509_crq_verify:                X.509 certificate functions.
                                                             (line 2126)
* gnutls_x509_crt_check_hostname:        X.509 certificate functions.
                                                             (line 2143)
* gnutls_x509_crt_check_issuer:          X.509 certificate functions.
                                                             (line 2159)
* gnutls_x509_crt_check_revocation:      X.509 certificate functions.
                                                             (line 2176)
* gnutls_x509_crt_cpy_crl_dist_points:   X.509 certificate functions.
                                                             (line 2193)
* gnutls_x509_crt_deinit:                X.509 certificate functions.
                                                             (line 2209)
* gnutls_x509_crt_export:                X.509 certificate functions.
                                                             (line 2217)
* gnutls_x509_crt_get_activation_time:   X.509 certificate functions.
                                                             (line 2244)
* gnutls_x509_crt_get_authority_key_id:  X.509 certificate functions.
                                                             (line 2256)
* gnutls_x509_crt_get_basic_constraints: X.509 certificate functions.
                                                             (line 2279)
* gnutls_x509_crt_get_ca_status:         X.509 certificate functions.
                                                             (line 2306)
* gnutls_x509_crt_get_crl_dist_points:   X.509 certificate functions.
                                                             (line 2327)
* gnutls_x509_crt_get_dn:                X.509 certificate functions.
                                                             (line 2429)
* gnutls_x509_crt_get_dn_by_oid:         X.509 certificate functions.
                                                             (line 2370)
* gnutls_x509_crt_get_dn_oid:            X.509 certificate functions.
                                                             (line 2406)
* gnutls_x509_crt_get_expiration_time:   X.509 certificate functions.
                                                             (line 2451)
* gnutls_x509_crt_get_extension_by_oid:  X.509 certificate functions.
                                                             (line 2463)
* gnutls_x509_crt_get_extension_data:    X.509 certificate functions.
                                                             (line 2491)
* gnutls_x509_crt_get_extension_info:    X.509 certificate functions.
                                                             (line 2519)
* gnutls_x509_crt_get_extension_oid:     X.509 certificate functions.
                                                             (line 2551)
* gnutls_x509_crt_get_fingerprint:       X.509 certificate functions.
                                                             (line 2574)
* gnutls_x509_crt_get_issuer:            X.509 certificate functions.
                                                             (line 2816)
* gnutls_x509_crt_get_issuer_alt_name:   X.509 certificate functions.
                                                             (line 2635)
* gnutls_x509_crt_get_issuer_alt_name2:  X.509 certificate functions.
                                                             (line 2597)
* gnutls_x509_crt_get_issuer_alt_othername_oid: X.509 certificate functions.
                                                             (line 2678)
* gnutls_x509_crt_get_issuer_dn:         X.509 certificate functions.
                                                             (line 2773)
* gnutls_x509_crt_get_issuer_dn_by_oid:  X.509 certificate functions.
                                                             (line 2714)
* gnutls_x509_crt_get_issuer_dn_oid:     X.509 certificate functions.
                                                             (line 2750)
* gnutls_x509_crt_get_issuer_unique_id:  X.509 certificate functions.
                                                             (line 2795)
* gnutls_x509_crt_get_key_id:            X.509 certificate functions.
                                                             (line 2834)
* gnutls_x509_crt_get_key_purpose_oid:   X.509 certificate functions.
                                                             (line 2861)
* gnutls_x509_crt_get_key_usage:         X.509 certificate functions.
                                                             (line 2889)
* gnutls_x509_crt_get_pk_algorithm:      X.509 certificate functions.
                                                             (line 2912)
* gnutls_x509_crt_get_pk_dsa_raw:        X.509 certificate functions.
                                                             (line 2932)
* gnutls_x509_crt_get_pk_rsa_raw:        X.509 certificate functions.
                                                             (line 2954)
* gnutls_x509_crt_get_preferred_hash_algorithm: X.509 certificate functions.
                                                             (line 2971)
* gnutls_x509_crt_get_proxy:             X.509 certificate functions.
                                                             (line 2998)
* gnutls_x509_crt_get_raw_dn:            X.509 certificate functions.
                                                             (line 3024)
* gnutls_x509_crt_get_raw_issuer_dn:     X.509 certificate functions.
                                                             (line 3039)
* gnutls_x509_crt_get_serial:            X.509 certificate functions.
                                                             (line 3054)
* gnutls_x509_crt_get_signature:         X.509 certificate functions.
                                                             (line 3088)
* gnutls_x509_crt_get_signature_algorithm: X.509 certificate functions.
                                                             (line 3074)
* gnutls_x509_crt_get_subject:           X.509 certificate functions.
                                                             (line 3257)
* gnutls_x509_crt_get_subject_alt_name:  X.509 certificate functions.
                                                             (line 3141)
* gnutls_x509_crt_get_subject_alt_name2: X.509 certificate functions.
                                                             (line 3105)
* gnutls_x509_crt_get_subject_alt_othername_oid: X.509 certificate functions.
                                                             (line 3181)
* gnutls_x509_crt_get_subject_key_id:    X.509 certificate functions.
                                                             (line 3215)
* gnutls_x509_crt_get_subject_unique_id: X.509 certificate functions.
                                                             (line 3236)
* gnutls_x509_crt_get_verify_algorithm:  X.509 certificate functions.
                                                             (line 3275)
* gnutls_x509_crt_get_version:           X.509 certificate functions.
                                                             (line 3298)
* gnutls_x509_crt_import:                X.509 certificate functions.
                                                             (line 3308)
* gnutls_x509_crt_import_pkcs11:         Core functions.     (line 6190)
* gnutls_x509_crt_import_pkcs11_url:     Core functions.     (line 6172)
* gnutls_x509_crt_init:                  X.509 certificate functions.
                                                             (line 3329)
* gnutls_x509_crt_list_import:           X.509 certificate functions.
                                                             (line 3340)
* gnutls_x509_crt_list_import_pkcs11:    Core functions.     (line 6205)
* gnutls_x509_crt_list_verify:           X.509 certificate functions.
                                                             (line 3376)
* gnutls_x509_crt_print:                 X.509 certificate functions.
                                                             (line 3422)
* gnutls_x509_crt_privkey_sign:          X.509 certificate functions.
                                                             (line 3447)
* gnutls_x509_crt_set_activation_time:   X.509 certificate functions.
                                                             (line 3472)
* gnutls_x509_crt_set_authority_key_id:  X.509 certificate functions.
                                                             (line 3487)
* gnutls_x509_crt_set_basic_constraints: X.509 certificate functions.
                                                             (line 3505)
* gnutls_x509_crt_set_ca_status:         X.509 certificate functions.
                                                             (line 3525)
* gnutls_x509_crt_set_crl_dist_points:   X.509 certificate functions.
                                                             (line 3567)
* gnutls_x509_crt_set_crl_dist_points2:  X.509 certificate functions.
                                                             (line 3542)
* gnutls_x509_crt_set_crq:               X.509 certificate functions.
                                                             (line 3604)
* gnutls_x509_crt_set_crq_extensions:    X.509 certificate functions.
                                                             (line 3587)
* gnutls_x509_crt_set_dn_by_oid:         X.509 certificate functions.
                                                             (line 3620)
* gnutls_x509_crt_set_expiration_time:   X.509 certificate functions.
                                                             (line 3649)
* gnutls_x509_crt_set_extension_by_oid:  X.509 certificate functions.
                                                             (line 3663)
* gnutls_x509_crt_set_issuer_dn_by_oid:  X.509 certificate functions.
                                                             (line 3687)
* gnutls_x509_crt_set_key:               X.509 certificate functions.
                                                             (line 3754)
* gnutls_x509_crt_set_key_purpose_oid:   X.509 certificate functions.
                                                             (line 3720)
* gnutls_x509_crt_set_key_usage:         X.509 certificate functions.
                                                             (line 3740)
* gnutls_x509_crt_set_proxy:             X.509 certificate functions.
                                                             (line 3795)
* gnutls_x509_crt_set_proxy_dn:          X.509 certificate functions.
                                                             (line 3769)
* gnutls_x509_crt_set_pubkey:            Core functions.     (line 6225)
* gnutls_x509_crt_set_serial:            X.509 certificate functions.
                                                             (line 3818)
* gnutls_x509_crt_set_subject_alternative_name: X.509 certificate functions.
                                                             (line 3873)
* gnutls_x509_crt_set_subject_alt_name:  X.509 certificate functions.
                                                             (line 3837)
* gnutls_x509_crt_set_subject_key_id:    X.509 certificate functions.
                                                             (line 3895)
* gnutls_x509_crt_set_version:           X.509 certificate functions.
                                                             (line 3912)
* gnutls_x509_crt_sign:                  X.509 certificate functions.
                                                             (line 3959)
* gnutls_x509_crt_sign2:                 X.509 certificate functions.
                                                             (line 3934)
* gnutls_x509_crt_verify:                X.509 certificate functions.
                                                             (line 4022)
* gnutls_x509_crt_verify_data:           X.509 certificate functions.
                                                             (line 3976)
* gnutls_x509_crt_verify_hash:           X.509 certificate functions.
                                                             (line 3999)
* gnutls_x509_dn_deinit:                 X.509 certificate functions.
                                                             (line 4045)
* gnutls_x509_dn_export:                 X.509 certificate functions.
                                                             (line 4056)
* gnutls_x509_dn_get_rdn_ava:            X.509 certificate functions.
                                                             (line 4083)
* gnutls_x509_dn_import:                 X.509 certificate functions.
                                                             (line 4106)
* gnutls_x509_dn_init:                   X.509 certificate functions.
                                                             (line 4125)
* gnutls_x509_dn_oid_known:              X.509 certificate functions.
                                                             (line 4141)
* gnutls_x509_privkey_cpy:               X.509 certificate functions.
                                                             (line 4157)
* gnutls_x509_privkey_deinit:            X.509 certificate functions.
                                                             (line 4172)
* gnutls_x509_privkey_export:            X.509 certificate functions.
                                                             (line 4307)
* gnutls_x509_privkey_export_dsa_raw:    X.509 certificate functions.
                                                             (line 4181)
* gnutls_x509_privkey_export_pkcs8:      X.509 certificate functions.
                                                             (line 4207)
* gnutls_x509_privkey_export_rsa_raw:    X.509 certificate functions.
                                                             (line 4279)
* gnutls_x509_privkey_export_rsa_raw2:   X.509 certificate functions.
                                                             (line 4246)
* gnutls_x509_privkey_fix:               X.509 certificate functions.
                                                             (line 4336)
* gnutls_x509_privkey_generate:          X.509 certificate functions.
                                                             (line 4348)
* gnutls_x509_privkey_get_key_id:        X.509 certificate functions.
                                                             (line 4371)
* gnutls_x509_privkey_get_pk_algorithm:  X.509 certificate functions.
                                                             (line 4398)
* gnutls_x509_privkey_import:            X.509 certificate functions.
                                                             (line 4534)
* gnutls_x509_privkey_import_dsa_raw:    X.509 certificate functions.
                                                             (line 4411)
* gnutls_x509_privkey_import_pkcs8:      X.509 certificate functions.
                                                             (line 4437)
* gnutls_x509_privkey_import_rsa_raw:    X.509 certificate functions.
                                                             (line 4505)
* gnutls_x509_privkey_import_rsa_raw2:   X.509 certificate functions.
                                                             (line 4471)
* gnutls_x509_privkey_init:              X.509 certificate functions.
                                                             (line 4555)
* gnutls_x509_privkey_sec_param:         X.509 certificate functions.
                                                             (line 4566)
* gnutls_x509_privkey_sign_data:         X.509 certificate functions.
                                                             (line 4579)
* gnutls_x509_privkey_sign_hash:         X.509 certificate functions.
                                                             (line 4616)
* gnutls_x509_privkey_verify_data:       X.509 certificate functions.
                                                             (line 4637)
* gnutls_x509_rdn_get:                   X.509 certificate functions.
                                                             (line 4711)
* gnutls_x509_rdn_get_by_oid:            X.509 certificate functions.
                                                             (line 4660)
* gnutls_x509_rdn_get_oid:               X.509 certificate functions.
                                                             (line 4688)
* handshake:                             Core Interface.     (line  320)
* handshake-description->string:         Core Interface.     (line  411)
* import-openpgp-certificate:            Extra Interface.    (line   58)
* import-openpgp-keyring:                Extra Interface.    (line   18)
* import-openpgp-private-key:            Extra Interface.    (line   53)
* import-x509-certificate:               Core Interface.     (line   84)
* import-x509-private-key:               Core Interface.     (line   80)
* key-usage->string:                     Core Interface.     (line  376)
* kx->string:                            Core Interface.     (line  439)
* mac->string:                           Core Interface.     (line  430)
* make-anonymous-client-credentials:     Core Interface.     (line  189)
* make-anonymous-server-credentials:     Core Interface.     (line  192)
* make-certificate-credentials:          Core Interface.     (line  168)
* make-dh-parameters:                    Core Interface.     (line  208)
* make-psk-client-credentials:           Core Interface.     (line   96)
* make-psk-server-credentials:           Core Interface.     (line  102)
* make-rsa-parameters:                   Representation of Binary Data.
                                                             (line   19)
* make-rsa-parameters <1>:               Core Interface.     (line  182)
* make-session:                          Core Interface.     (line  326)
* openpgp-certificate-algorithm:         Extra Interface.    (line   29)
* openpgp-certificate-fingerprint:       Extra Interface.    (line   39)
* openpgp-certificate-fingerprint!:      Extra Interface.    (line   42)
* openpgp-certificate-format->string:    Extra Interface.    (line   62)
* openpgp-certificate-id:                Extra Interface.    (line   50)
* openpgp-certificate-id!:               Extra Interface.    (line   46)
* openpgp-certificate-name:              Extra Interface.    (line   36)
* openpgp-certificate-names:             Extra Interface.    (line   33)
* openpgp-certificate-usage:             Extra Interface.    (line   22)
* openpgp-certificate-version:           Extra Interface.    (line   25)
* openpgp-certificate?:                  Extra Interface.    (line   72)
* openpgp-keyring-contains-key-id?:      Extra Interface.    (line   15)
* openpgp-keyring?:                      Extra Interface.    (line   66)
* openpgp-private-key?:                  Extra Interface.    (line   69)
* params->string:                        Core Interface.     (line  436)
* peer-certificate-status:               Core Interface.     (line  105)
* pk-algorithm->string:                  Core Interface.     (line  385)
* pkcs1-export-rsa-parameters:           Representation of Binary Data.
                                                             (line   19)
* pkcs1-export-rsa-parameters <1>:       Core Interface.     (line  172)
* pkcs1-import-rsa-parameters:           Core Interface.     (line  177)
* pkcs3-export-dh-parameters:            Core Interface.     (line  198)
* pkcs3-import-dh-parameters:            Core Interface.     (line  203)
* pkcs8-import-x509-private-key:         Core Interface.     (line   73)
* protocol->string:                      Core Interface.     (line  399)
* psk-client-credentials?:               Core Interface.     (line  340)
* psk-key-format->string:                Core Interface.     (line  379)
* psk-server-credentials?:               Core Interface.     (line  343)
* record-receive!:                       Input and Output.   (line   47)
* record-receive! <1>:                   Core Interface.     (line  222)
* record-send:                           Input and Output.   (line   47)
* record-send <1>:                       Core Interface.     (line  226)
* rehandshake:                           Core Interface.     (line  317)
* rsa-parameters?:                       Core Interface.     (line  355)
* server-session-psk-username:           Core Interface.     (line   88)
* session-authentication-type:           Core Interface.     (line  289)
* session-certificate-type:              Core Interface.     (line  296)
* session-cipher:                        Enumerates and Constants.
                                                             (line   49)
* session-cipher <1>:                    Core Interface.     (line  308)
* session-client-authentication-type:    Core Interface.     (line  281)
* session-compression-method:            Core Interface.     (line  299)
* session-kx:                            Core Interface.     (line  305)
* session-mac:                           Core Interface.     (line  302)
* session-our-certificate-chain:         Core Interface.     (line  269)
* session-peer-certificate-chain:        Core Interface.     (line  274)
* session-protocol:                      Core Interface.     (line  293)
* session-record-port:                   Input and Output.   (line   28)
* session-record-port <1>:               Core Interface.     (line  217)
* session-server-authentication-type:    Core Interface.     (line  285)
* session?:                              Core Interface.     (line  367)
* set-anonymous-server-dh-parameters!:   Core Interface.     (line  185)
* set-certificate-credentials-dh-parameters!: Core Interface.
                                                             (line  163)
* set-certificate-credentials-openpgp-keys!: Extra Interface.
                                                             (line   10)
* set-certificate-credentials-rsa-export-parameters!: Core Interface.
                                                             (line  159)
* set-certificate-credentials-verify-flags!: Core Interface. (line  110)
* set-certificate-credentials-verify-limits!: Core Interface.
                                                             (line  115)
* set-certificate-credentials-x509-crl-data!: Core Interface.
                                                             (line  133)
* set-certificate-credentials-x509-crl-file!: Core Interface.
                                                             (line  144)
* set-certificate-credentials-x509-key-data!: Core Interface.
                                                             (line  127)
* set-certificate-credentials-x509-key-files!: Core Interface.
                                                             (line  155)
* set-certificate-credentials-x509-keys!: Core Interface.    (line  122)
* set-certificate-credentials-x509-trust-data!: Core Interface.
                                                             (line  139)
* set-certificate-credentials-x509-trust-file!: Core Interface.
                                                             (line  150)
* set-log-level!:                        Core Interface.     (line   11)
* set-log-procedure!:                    Core Interface.     (line   14)
* set-psk-client-credentials!:           Core Interface.     (line   91)
* set-psk-server-credentials-file!:      Core Interface.     (line   99)
* set-server-session-certificate-request!: Core Interface.   (line  263)
* set-session-certificate-type-priority!: Core Interface.    (line  241)
* set-session-cipher-priority!:          Core Interface.     (line  260)
* set-session-compression-method-priority!: Core Interface.  (line  252)
* set-session-credentials!:              Core Interface.     (line  229)
* set-session-default-export-priority!:  Core Interface.     (line  235)
* set-session-default-priority!:         Core Interface.     (line  238)
* set-session-dh-prime-bits!:            Core Interface.     (line  195)
* set-session-kx-priority!:              Core Interface.     (line  249)
* set-session-mac-priority!:             Core Interface.     (line  257)
* set-session-protocol-priority!:        Core Interface.     (line  246)
* set-session-transport-fd!:             Input and Output.   (line    6)
* set-session-transport-fd! <1>:         Core Interface.     (line  214)
* set-session-transport-port!:           Input and Output.   (line    6)
* set-session-transport-port! <1>:       Core Interface.     (line  211)
* sign-algorithm->string:                Core Interface.     (line  382)
* srp-client-credentials?:               Core Interface.     (line  346)
* srp-server-credentials?:               Core Interface.     (line  349)
* x509-certificate-authority-key-id:     Core Interface.     (line   28)
* x509-certificate-dn:                   Core Interface.     (line   68)
* x509-certificate-dn-oid:               Core Interface.     (line   61)
* x509-certificate-format->string:       Core Interface.     (line  392)
* x509-certificate-issuer-dn:            Core Interface.     (line   65)
* x509-certificate-issuer-dn-oid:        Core Interface.     (line   57)
* x509-certificate-key-id:               Core Interface.     (line   32)
* x509-certificate-key-usage:            Core Interface.     (line   40)
* x509-certificate-matches-hostname?:    Core Interface.     (line   52)
* x509-certificate-public-key-algorithm: Core Interface.     (line   44)
* x509-certificate-signature-algorithm:  Core Interface.     (line   48)
* x509-certificate-subject-alternative-name: Core Interface. (line   18)
* x509-certificate-subject-key-id:       Core Interface.     (line   25)
* x509-certificate-version:              Core Interface.     (line   37)
* x509-certificate?:                     Core Interface.     (line  337)
* x509-private-key?:                     Core Interface.     (line  334)
* x509-subject-alternative-name->string: Core Interface.     (line  388)